opro 0.0.1.pre

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+## 0.0.1
+
+Initial Release

data/Gemfile

@@ -0,0 +1,39 @@
+source "http://rubygems.org"
+
+gem "activesupport" , ">= 3.0.7"
+gem "rails"         , ">= 3.0.7"
+
+
+gem 'bluecloth'
+
+group :development, :test do
+  gem 'jeweler',  "~> 1.6.4"
+  gem "bundler",  ">= 1.1.3"
+
+
+  gem "capybara", ">= 0.4.0"
+  gem "sqlite3"
+  gem "launchy"
+end
+
+
+group :test, :development do
+  gem 'devise'
+end
+
+
+platforms :mri_18 do
+  group :development, :test do
+    gem "rcov"
+  end
+end
+
+platforms :mri_19 do
+  group :development, :test do
+    gem "simplecov"
+  end
+end
+
+# To use debugger (ruby-debug for Ruby 1.8.7+, ruby-debug19 for Ruby 1.9.2+)
+# gem 'ruby-debug'
+# gem 'ruby-debug19'

data/Gemfile.lock

@@ -0,0 +1,138 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.3)
+      actionpack (= 3.2.3)
+      mail (~> 2.4.4)
+    actionpack (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.2)
+    activemodel (3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+    activerecord (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+    activesupport (3.2.3)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    addressable (2.2.7)
+    arel (3.0.2)
+    bcrypt-ruby (3.0.1)
+    bluecloth (2.2.0)
+    builder (3.0.0)
+    capybara (1.1.2)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (~> 2.0)
+      xpath (~> 0.1.4)
+    childprocess (0.3.1)
+      ffi (~> 1.0.6)
+    devise (2.0.4)
+      bcrypt-ruby (~> 3.0)
+      orm_adapter (~> 0.0.3)
+      railties (~> 3.1)
+      warden (~> 1.1.1)
+    erubis (2.7.0)
+    ffi (1.0.11)
+    git (1.2.5)
+    hike (1.2.1)
+    i18n (0.6.0)
+    jeweler (1.6.4)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+    journey (1.0.3)
+    json (1.6.6)
+    launchy (2.1.0)
+      addressable (~> 2.2.6)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.18)
+    multi_json (1.2.0)
+    nokogiri (1.5.2)
+    orm_adapter (0.0.7)
+    polyglot (0.3.3)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.2.3)
+      actionmailer (= 3.2.3)
+      actionpack (= 3.2.3)
+      activerecord (= 3.2.3)
+      activeresource (= 3.2.3)
+      activesupport (= 3.2.3)
+      bundler (~> 1.0)
+      railties (= 3.2.3)
+    railties (3.2.3)
+      actionpack (= 3.2.3)
+      activesupport (= 3.2.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rcov (1.0.0)
+    rdoc (3.12)
+      json (~> 1.4)
+    rubyzip (0.9.7)
+    selenium-webdriver (2.20.0)
+      childprocess (>= 0.2.5)
+      ffi (~> 1.0)
+      multi_json (~> 1.0)
+      rubyzip
+    simplecov (0.6.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
+    sprockets (2.1.2)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.5)
+    thor (0.14.6)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+    warden (1.1.1)
+      rack (>= 1.0)
+    xpath (0.1.4)
+      nokogiri (~> 1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport (>= 3.0.7)
+  bluecloth
+  bundler (>= 1.1.3)
+  capybara (>= 0.4.0)
+  devise
+  jeweler (~> 1.6.4)
+  launchy
+  rails (>= 3.0.7)
+  rcov
+  simplecov
+  sqlite3

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2011 Schneems
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,90 @@
+## Stop, Read This
+
+This is my first time writing and Oauth Provider, so there may be buggy or insecure code. If you want to use this, do so at your own risk. I'm vetting it on some development and production applications, when it is ready for consumption and contribution, i'll remove this. If you want to be notified when that happens let me know [@schneems](http://twitter.com/schneems). For now this should be considered a toy, and enjoyed as such :)
+
+## Opro
+
+A Rails Engine that turns your app into an [Oauth](http://oauth.net/2/) Provider.
+
+
+## What is an Oauth Provider
+
+Oauth is used all over the web by apps that need to authenticate users or restrict access to information in a secure fashion. Twitter and Facebook are the best known Oauth Providers. Users click "connect to Twitter" in an iPhone app, then they're sent over to Twitter's site where they can accept or deny access. From there they're sent back to the iPhone app where they can do anything through the API that they would be allowed to do in the website.
+
+Most users understand the flow pretty well, it's a fairly standard process, and is secure. While there are plenty of Oauth client libraries unfortunately it's not super easy to implement from a provider standpoint. Since I hate writing code twice, I decided to take an Oauth Provider and turn it into a Rails Engine so anyone could implement an Oauth Provider on their site.
+
+## Why would I use this?
+
+Lets say you've built a Rails app, awesome. Now you want to build a mobile app on say, the iPhone; cool. You start throwing around `#to_json` like nobody's business, but then you realize you need to authenticate users somehow. "Basic Auth!!", you exclaim, but then you realize that's not the most secure solution. You also realize that some users already signed up with Facebook & Twitter so they don't have a username/password combo. What ever shall you do?
+
+Wouldn't it be great if we could have a token exchange where the user goes to a mobile web view and grants permission, and then we return back an auth token just like the big boys (Facebook, Twitter, *cough* Foursquare *cough*). With Opro, we can add this functionality pretty easily. We'll use your existing authentication strategy and provide some end integration points for your clients to use out of the box.
+
+## Sounds Hard
+
+It's not, just follow the directions below. I'll add a screencast and example app when I get time. Any questions, open an issue or ping me on Twitter.
+
+## Install
+
+Gemfile
+
+```ruby
+  gem 'opro'
+```
+
+```shell
+  $ bundle install
+```
+
+```shell
+  $ opro:install
+```
+
+This will put a file in `initializers/opro.rb` and generate some migrations.
+
+Go to `initializers/opro.rb` and configure your app for your authentication scheme.
+
+```ruby
+  Opro.setup do |config|
+    config.auth_strategy = :devise
+  end
+```
+
+If you're not using devise you can manually configure your own auth strategy. In the future I plan on adding more auth strategies, ping me or submit a pull request for your desired authentication scheme.
+
+```ruby
+  Opro.setup do |config|
+    config.login_method             { |controller, current_user| controller.sign_in(current_user, :bypass => true) }
+    config.logout_method            { |controller, current_user| controller.sign_out(current_user) }
+    config.authenticate_user_method { |controller| controller.authenticate_user! }
+  end
+```
+
+Now we're ready to migrate the database
+
+```shell
+  $ rake db:migrate
+````
+
+
+
+That should be all you need to do to get setup, congrats you're now able to authenticate users using OAuth!!
+
+
+## Use it
+
+Opro comes with built in documentation, so if you start your server you can view them at `/docs/oauth`. If you're reading this on Github you can jump right to the [Quick Start](/app/views/docs/markdown/quick_start.md) guide. This guide will walk you through creating your first Oauth client application, giving access to that app as a logged in user, getting an access token for that user, and using that token to access the server as an authenticated user!
+
+
+## Assumptions
+
+* You have a user model and that is what your authenticating
+* You're using Active::Record
+
+If you submit a _good_ pull request for other adapters, or for generalizing the resource we're authenticating, you'll make me pretty happy.
+
+
+## About
+
+If you have a question file an issue or, find me on the Twitters [@schneems](http://twitter.com/schneems).
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,50 @@
+# encoding: UTF-8
+require 'rubygems'
+require 'bundler'
+
+begin
+  Bundler.setup(:default, :development, :test)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+
+require 'rake'
+require 'rdoc/task'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task :default => :test
+
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Opro'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name        = "opro"
+  gem.homepage    = "http://github.com/schneems/opro"
+  gem.license     = "MIT"
+  gem.summary     = %Q{ Opro turns your Rails application into an OAuth Provider }
+  gem.description = %Q{ Enable oauth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you}
+  gem.email       = "richard.schneeman@gmail.com"
+  gem.authors     = ["schneems"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+

data/VERSION

@@ -0,0 +1 @@
+0.0.1.pre

data/app/controllers/oauth/auth_controller.rb

@@ -0,0 +1,74 @@
+class Oauth::AuthController < ApplicationController
+  before_filter      :opro_authenticate_user!,    :except => [:access_token]
+  skip_before_filter :verify_authenticity_token,  :only => [:access_token, :user]
+  before_filter      :ask_user!,                  :only => :authorize
+
+  def new
+    @redirect_uri = params[:redirect_uri]
+    @client_app   = Oauth::ClientApplication.find_by_app_id(params[:client_id])
+  end
+
+  def authorize
+    application  =   Oauth::ClientApplication.find_by_app_id(params[:client_id])
+    access_grant =   Oauth::AccessGrant.where( :user_id => current_user.id, :application_id => application.id).first
+    access_grant ||= Oauth::AccessGrant.create(:user => current_user,       :application => application)
+    redirect_to access_grant.redirect_uri_for(params[:redirect_uri])
+  end
+
+  def access_token
+    application = Oauth::ClientApplication.authenticate(params[:client_id], params[:client_secret])
+
+    if application.nil?
+      render :json => {:error => "Could not find application"}
+      return
+    end
+
+    access_grant = Oauth::AccessGrant.authenticate(params[:code], application.id)
+
+    if access_grant.nil?
+      render :json => {:error => "Could not authenticate access code"}
+      return
+    end
+
+    access_grant.start_expiry_period!
+    render :json => {:access_token => access_grant.access_token, :refresh_token => access_grant.refresh_token, :expires_in => access_grant.access_token_expires_at}
+  end
+
+  # When a user is sent to authorize an application they must first accept the authorization
+  # if they've already authed the app, they skip this section
+  def ask_user!
+    if user_granted_access_before?(current_user, params)
+      # Re-Authorize the application, do not ask the user
+      return true
+    elsif user_authorizes_the_request?(request)
+      # Authorize the application, do not ask the user
+      return true
+    else
+      # if the request did not come from a form within the application, render the user form
+      @redirect_uri ||= params[:redirect_uri]
+      @client_app   ||= Oauth::ClientApplication.find_by_app_id(params[:client_id])
+      redirect_to oauth_new_path(params)
+    end
+  end
+
+  private
+  def user_granted_access_before?(user, params)
+    @client_app ||= Oauth::ClientApplication.find_by_app_id(params[:client_id])
+    Oauth::AccessGrant.where(:application_id => @client_app.id, :user_id => user.id).present?
+  end
+
+
+  # We're verifying that a post was made from our own site, indicating a user confirmed via form
+  def user_authorizes_the_request?(request)
+    request.post? && referrer_is_self?(request)
+  end
+
+  # Ensures that the referrer is also the current host, to prevent spoofing
+  def referrer_is_self?(request)
+    return false if request.referrer.blank?
+    referrer_host = URI.parse(request.referrer).host
+    self_host     = URI.parse(request.url).host
+    referrer_host == self_host
+  end
+
+end

data/app/controllers/oauth/client_application_controller.rb

@@ -0,0 +1,15 @@
+class Oauth::ClientApplicationController < ApplicationController
+  before_filter :opro_authenticate_user!
+
+  def new
+    @client_app = Oauth::ClientApplication.new
+  end
+
+  def create
+    @client_app = Oauth::ClientApplication.create_with_user_and_name(current_user, params[:oauth_client_application][:name])
+  end
+
+  def index
+    @client_apps = Oauth::ClientApplication.where(:user_id => current_user.id)
+  end
+end

data/app/controllers/oauth/docs_controller.rb

@@ -0,0 +1,36 @@
+require 'erb'
+OPRO_MD_ROOT=File.join(File.dirname(__FILE__), '../../views/oauth/docs/markdown/')
+
+
+class Oauth::DocsController < ApplicationController
+  helper_method :render_doc
+
+  def index
+  end
+
+  def show
+    @doc = params[:id]
+  end
+
+  def render_doc(name)
+    str = read_file(name.to_s)
+    str = parse_erb(str)
+    str = parse_markdown(str)
+    str.html_safe
+  end
+
+  private
+
+  def parse_erb(str)
+    ERB.new(str).result(binding)
+  end
+
+  def parse_markdown(str)
+    BlueCloth.new(str).to_html
+  end
+
+  def read_file(name)
+    name = OPRO_MD_ROOT + name
+    File.open(name + '.md.erb' ).read.to_s
+  end
+end