opro 0.0.1.pre1.0.1 → 0.0.1.pre1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/app/controllers/oauth/client_application_controller.rb +7 -1
- data/app/controllers/oauth/docs_controller.rb +2 -0
- data/app/models/oauth/access_grant.rb +2 -0
- data/app/views/oauth/client_application/create.html.erb +8 -4
- data/app/views/oauth/client_application/new.html.erb +3 -2
- data/app/views/oauth/docs/markdown/curl.md.erb +39 -3
- data/app/views/oauth/docs/markdown/oauth.md.erb +27 -2
- data/app/views/oauth/docs/markdown/quick_start.md.erb +3 -4
- data/app/views/oauth/docs/show.html.erb +3 -1
- data/app/views/oauth/tests/index.html.erb +2 -10
- data/opro.gemspec +2 -2
- metadata +25 -25
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0.1.pre1.0.
|
|
1
|
+
0.0.1.pre1.0.2
|
|
@@ -6,7 +6,13 @@ class Oauth::ClientApplicationController < ApplicationController
|
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def create
|
|
9
|
-
@client_app = Oauth::ClientApplication.
|
|
9
|
+
@client_app = Oauth::ClientApplication.find_by_user_id_and_name(current_user.id, params[:oauth_client_application][:name])
|
|
10
|
+
@client_app ||= Oauth::ClientApplication.create_with_user_and_name(current_user, params[:oauth_client_application][:name])
|
|
11
|
+
if @client_app.save
|
|
12
|
+
# do nothing
|
|
13
|
+
else
|
|
14
|
+
render :new
|
|
15
|
+
end
|
|
10
16
|
end
|
|
11
17
|
|
|
12
18
|
def index
|
|
@@ -1,11 +1,15 @@
|
|
|
1
|
-
<h2>Success! Here is your
|
|
1
|
+
<h2>Success! Here is your OAuth Client's Credentials</h2>
|
|
2
|
+
<p>Copy these credentials down for use in your application</p>
|
|
2
3
|
<table>
|
|
3
4
|
<tr><td>Name: </td><td><%= @client_app.name %></td></tr>
|
|
4
5
|
<tr><td>Client Id: </td><td><%= @client_app.app_id %></td></tr>
|
|
5
6
|
<tr><td>Secret:</td><td><%= @client_app.app_secret %></td></tr>
|
|
6
7
|
</table>
|
|
7
8
|
|
|
8
|
-
<
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
<hr />
|
|
10
|
+
<p>
|
|
11
|
+
Read the
|
|
12
|
+
<%= link_to 'Quick Start Documentation', oauth_doc_path(:quick_start) %> or
|
|
13
|
+
<%= link_to 'Register Another Oauth Client App', new_oauth_client_application_path %>
|
|
14
|
+
</p>
|
|
11
15
|
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
-
<h2>Create An App</h2>
|
|
1
|
+
<h2>Create An OAuth Client App</h2>
|
|
2
2
|
<div>
|
|
3
3
|
<%= form_for @client_app do |f| %>
|
|
4
|
-
<%= f.label :name
|
|
4
|
+
<%= f.label :name %>
|
|
5
5
|
<%= f.text_field :name, :placeholder => 'App Name' %>
|
|
6
6
|
<%= f.submit 'Create OAuth Client', :id => 'submitApp' %>
|
|
7
|
+
<p>(you can change this name later)</p>
|
|
7
8
|
<%- end -%>
|
|
8
9
|
</div>
|
|
9
10
|
|
|
@@ -1,6 +1,42 @@
|
|
|
1
|
-
|
|
1
|
+
# Curl
|
|
2
|
+
|
|
3
|
+
[Curl](http://curl.haxx.se/) is a command line tool for transfering data with a url syntax. Most systems should have curl installed. Open up terminal on OS X or command prompt on windows and type in `curl`. There are parts of the OAuth process that were not intended for direct human interaction such as exchanging the code from the Provider for an access_token. Because of this, it can be easier to use `curl` to talk to a server directly instead of using a web browser.
|
|
4
|
+
|
|
5
|
+
## What is it good for?
|
|
6
|
+
|
|
7
|
+
With curl we're able to arbitrarily add parameters to our requests and to send using arbitrary HTTP status codes (GET/POST/DELETE) that are difficult to simulate in the browser. If you need to `POST` data to a url doing so with curl is much easier than constructing a form for testing.
|
|
8
|
+
|
|
9
|
+
## How do I use it?
|
|
10
|
+
|
|
11
|
+
On the command line you should be able to get get help by typing `man curl` if your system supports man pages. Below are some simple and common use cases
|
|
12
|
+
|
|
13
|
+
### Get Webpage
|
|
14
|
+
|
|
15
|
+
You can get the entire contents of a web document by simply issuing curl to that url
|
|
16
|
+
|
|
17
|
+
$ curl https://www.google.com
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
### Get Headers
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
You can ask for the headers of a request by adding the `-I` flag to a curl command
|
|
24
|
+
|
|
25
|
+
$ curl https://www.google.com -I
|
|
26
|
+
HTTP/1.1 200 OK
|
|
27
|
+
Expires: -1
|
|
28
|
+
Cache-Control: private, max-age=0
|
|
29
|
+
Content-Type: text/html; charset=ISO-8859-1
|
|
30
|
+
Server: gws
|
|
31
|
+
X-XSS-Protection: 1; mode=block
|
|
32
|
+
X-Frame-Options: SAMEORIGIN
|
|
33
|
+
Transfer-Encoding: chunked
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
# Hurl
|
|
38
|
+
|
|
39
|
+
[Hurl](http://hurl.it/) is an open sourced browser based `curl` implementation. If you're going to do quite a few curl requests, using it can be easier than the command line.
|
|
2
40
|
|
|
3
|
-
TODO
|
|
4
41
|
|
|
5
42
|
|
|
6
|
-
In the future I would love to include Hurl in this project. If that interests you, submit a pull request ;)
|
|
@@ -1,3 +1,28 @@
|
|
|
1
|
-
|
|
1
|
+
## Opro Oauth
|
|
2
|
+
|
|
3
|
+
OAuth comes in a few different flavors, the implementation of OAuth comes from <%= link_to "Facebook's Server Side OAuth Authentication", 'http://developers.facebook.com/docs/authentication/server-side/'%>.
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
## What is It?
|
|
7
|
+
|
|
8
|
+
OAuth is a secure way to grant authorization without having to transfer passwords to third parties. If you've used an iPhone or Android app to access Twitter or Facebook you've likely used OAuth.
|
|
9
|
+
|
|
10
|
+
The flow is simple, it is started when a user clicks on an authorization button, they are then directed to the OAuth provider's website, such as Facebook. They are then prompted to confirm with the OAuth provider that they are who they say they are by logging in. The user is then given the opportunity to grant authorization to the OAuth client (where the request was initiated, such as the iPhone). After returning to the client, a code is sent that can be exchanged for a secure token. This secure token can be used to authenticate as the user. This way an iPhone client can ask for personalized content to show to the user, such as a friend list, or messages. This is the mechanism that drives most of the web.
|
|
11
|
+
|
|
12
|
+
## Not just Mobile
|
|
13
|
+
|
|
14
|
+
Client and server side web applications can use this type of authorization to add features to their service such as posting things to a timeline, or adding personalization.
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
## Alternatives
|
|
18
|
+
|
|
19
|
+
OAuth is simple in concept, but can be tricky to implement right. Many services also support basic auth. With basic auth you send a user's username and password along with every request. While this is fairly simple it means that the client application has access to your password, which is not very secure. There are other standards such as xAuth, and likely more to come in the future
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
## Clients
|
|
23
|
+
|
|
24
|
+
This website is an OAuth Provider, and you can create an OAuth client to access this website as a logged in user for select url's.
|
|
25
|
+
|
|
26
|
+
To get started getting your first OAuth token follow the <%= view_context.link_to 'quick start guide', oauth_doc_path(:quick_start) %>.
|
|
27
|
+
|
|
2
28
|
|
|
3
|
-
<%= link_to "Facebook's Server Side OAuth Authentication", 'http://developers.facebook.com/docs/authentication/server-side/'%>
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
## Quick Start Guide
|
|
2
2
|
|
|
3
|
-
This site is providing OAuth through [Opro](http://github.com/schneems/opro). If this is your first time using Oauth, please visit [What is Oauth]() or follow along with this guide.
|
|
3
|
+
This site is providing OAuth through [Opro](http://github.com/schneems/opro). If this is your first time using Oauth, please visit [What is Oauth](<%= oauth_doc_path(:oauth) %>) or follow along with this guide.
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
## Step 1: Register your Application
|
|
@@ -28,14 +28,14 @@ Once you grant your application permission, you will be redirected back to the u
|
|
|
28
28
|
|
|
29
29
|
Once redirected to the home page, take a look in the address bar, we should see a `code` parameter. Copy this for use later:
|
|
30
30
|
|
|
31
|
-
<%= "#{request.base_url}
|
|
31
|
+
<%= "#{request.base_url}" %>?code=4857goldfish827423
|
|
32
32
|
|
|
33
33
|
In the url above the `code` would be `4857goldfish827423`. This code can be used to obtain an access token for the user. Once you have a user's access token, you can perform actions for the user as if they were logged in. If you accidentally close this page, don't worry just visit first url and we'll show you the code again.
|
|
34
34
|
|
|
35
35
|
|
|
36
36
|
## Step 3: Get AccessToken for User with Curl
|
|
37
37
|
|
|
38
|
-
We'll be using [Curl]() to go through the process of getting an access for our first user, you'll likely use http client libraries in your actual applications, but most systems come with curl and it is a fairly easy way to get started. If you've never used it before read our [curl documentation]()
|
|
38
|
+
We'll be using [Curl](<%= oauth_doc_path(:curl) %>) to go through the process of getting an access for our first user, you'll likely use http client libraries in your actual applications, but most systems come with curl and it is a fairly easy way to get started. If you've never used it before read our [curl documentation](<%= oauth_doc_path(:curl) %>)
|
|
39
39
|
|
|
40
40
|
(Note in all code examples the $ character indicates we are on the command line, it does not need to be coppied)
|
|
41
41
|
|
|
@@ -68,4 +68,3 @@ You should see a successful result ( again don't forget to replace the example a
|
|
|
68
68
|
Don't share your client application's secret or any user's access_token with unknown or untrusted parties. Always use https when available and don't write any of these values to your application's logs.
|
|
69
69
|
|
|
70
70
|
|
|
71
|
-
<%= view_context.link_to ' ← back', oauth_docs_path %>
|
|
@@ -7,11 +7,7 @@
|
|
|
7
7
|
<p>
|
|
8
8
|
If you send a valid OAuth request to any oauth_test url such as <%= link_to oauth_test_path(:show_me_the_money), oauth_test_path(:show_me_the_money) %> you should see a response like this
|
|
9
9
|
</p>
|
|
10
|
-
<pre>
|
|
11
|
-
<code>
|
|
12
|
-
<%= {:status => 200, :message => 'Oauth Worked!! ', :params => {:id => 'show_me_the_money', :access_token => '3948fuAlo10gnsu'} }.to_json %>
|
|
13
|
-
</code>
|
|
14
|
-
</pre>
|
|
10
|
+
<pre><code><%= {:status => 200, :message => 'Oauth Worked!! ', :params => {:id => 'show_me_the_money', :access_token => '3948fuAlo10gnsu'} }.to_json %></code></pre>
|
|
15
11
|
<p>
|
|
16
12
|
If the request is not valid you will receive a message detailing the errors.
|
|
17
13
|
</p>
|
|
@@ -20,11 +16,7 @@
|
|
|
20
16
|
<p>
|
|
21
17
|
If you send a valid OAuth request using the 'DELETE' HTTP method to <%= oauth_test_path(:show_me_the_money) %> you should see a response like below.</p>
|
|
22
18
|
<%= button_to oauth_test_path(:show_me_the_money), oauth_test_path(:show_me_the_money), :method => :delete %>
|
|
23
|
-
<pre>
|
|
24
|
-
<code>
|
|
25
|
-
<%= {:status => 401, :message => 'Oauth is Disabled on this Action, this is the correct result!', :params => {:id => 'show_me_the_money', :access_token => '3948fuAlo10gnsu'}}.to_json %>
|
|
26
|
-
</code>
|
|
27
|
-
</pre>
|
|
19
|
+
<pre><code><%= {:status => 401, :message => 'Oauth is Disabled on this Action, this is the correct result!', :params => {:id => 'show_me_the_money', :access_token => '3948fuAlo10gnsu'}}.to_json %></code></pre>
|
|
28
20
|
|
|
29
21
|
<p>
|
|
30
22
|
If you get a 200 result, then there is something configured incorrectly on the server, please contact the administrator.
|
data/opro.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = "opro"
|
|
8
|
-
s.version = "0.0.1.pre1.0.
|
|
8
|
+
s.version = "0.0.1.pre1.0.2"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["schneems"]
|
|
12
|
-
s.date = "2012-04-
|
|
12
|
+
s.date = "2012-04-13"
|
|
13
13
|
s.description = " Enable OAuth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you"
|
|
14
14
|
s.email = "richard.schneeman@gmail.com"
|
|
15
15
|
s.extra_rdoc_files = [
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: opro
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.1.pre1.0.
|
|
4
|
+
version: 0.0.1.pre1.0.2
|
|
5
5
|
prerelease: 6
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,11 +9,11 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-04-
|
|
12
|
+
date: 2012-04-13 00:00:00.000000000Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70160889026080 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 3.0.7
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70160889026080
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: rails
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70160889025500 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: 3.0.7
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70160889025500
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: bluecloth
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70160889024900 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
@@ -43,10 +43,10 @@ dependencies:
|
|
|
43
43
|
version: '0'
|
|
44
44
|
type: :runtime
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70160889024900
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: jeweler
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &70160889024280 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - ~>
|
|
@@ -54,10 +54,10 @@ dependencies:
|
|
|
54
54
|
version: 1.6.4
|
|
55
55
|
type: :development
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *70160889024280
|
|
58
58
|
- !ruby/object:Gem::Dependency
|
|
59
59
|
name: bundler
|
|
60
|
-
requirement: &
|
|
60
|
+
requirement: &70160889023620 !ruby/object:Gem::Requirement
|
|
61
61
|
none: false
|
|
62
62
|
requirements:
|
|
63
63
|
- - ! '>='
|
|
@@ -65,10 +65,10 @@ dependencies:
|
|
|
65
65
|
version: 1.1.3
|
|
66
66
|
type: :development
|
|
67
67
|
prerelease: false
|
|
68
|
-
version_requirements: *
|
|
68
|
+
version_requirements: *70160889023620
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: capybara
|
|
71
|
-
requirement: &
|
|
71
|
+
requirement: &70160889023000 !ruby/object:Gem::Requirement
|
|
72
72
|
none: false
|
|
73
73
|
requirements:
|
|
74
74
|
- - ! '>='
|
|
@@ -76,10 +76,10 @@ dependencies:
|
|
|
76
76
|
version: 0.4.0
|
|
77
77
|
type: :development
|
|
78
78
|
prerelease: false
|
|
79
|
-
version_requirements: *
|
|
79
|
+
version_requirements: *70160889023000
|
|
80
80
|
- !ruby/object:Gem::Dependency
|
|
81
81
|
name: sqlite3
|
|
82
|
-
requirement: &
|
|
82
|
+
requirement: &70160889003480 !ruby/object:Gem::Requirement
|
|
83
83
|
none: false
|
|
84
84
|
requirements:
|
|
85
85
|
- - ! '>='
|
|
@@ -87,10 +87,10 @@ dependencies:
|
|
|
87
87
|
version: '0'
|
|
88
88
|
type: :development
|
|
89
89
|
prerelease: false
|
|
90
|
-
version_requirements: *
|
|
90
|
+
version_requirements: *70160889003480
|
|
91
91
|
- !ruby/object:Gem::Dependency
|
|
92
92
|
name: launchy
|
|
93
|
-
requirement: &
|
|
93
|
+
requirement: &70160889002560 !ruby/object:Gem::Requirement
|
|
94
94
|
none: false
|
|
95
95
|
requirements:
|
|
96
96
|
- - ! '>='
|
|
@@ -98,10 +98,10 @@ dependencies:
|
|
|
98
98
|
version: '0'
|
|
99
99
|
type: :development
|
|
100
100
|
prerelease: false
|
|
101
|
-
version_requirements: *
|
|
101
|
+
version_requirements: *70160889002560
|
|
102
102
|
- !ruby/object:Gem::Dependency
|
|
103
103
|
name: devise
|
|
104
|
-
requirement: &
|
|
104
|
+
requirement: &70160889001680 !ruby/object:Gem::Requirement
|
|
105
105
|
none: false
|
|
106
106
|
requirements:
|
|
107
107
|
- - ! '>='
|
|
@@ -109,10 +109,10 @@ dependencies:
|
|
|
109
109
|
version: '0'
|
|
110
110
|
type: :development
|
|
111
111
|
prerelease: false
|
|
112
|
-
version_requirements: *
|
|
112
|
+
version_requirements: *70160889001680
|
|
113
113
|
- !ruby/object:Gem::Dependency
|
|
114
114
|
name: rcov
|
|
115
|
-
requirement: &
|
|
115
|
+
requirement: &70160889000620 !ruby/object:Gem::Requirement
|
|
116
116
|
none: false
|
|
117
117
|
requirements:
|
|
118
118
|
- - ! '>='
|
|
@@ -120,10 +120,10 @@ dependencies:
|
|
|
120
120
|
version: '0'
|
|
121
121
|
type: :development
|
|
122
122
|
prerelease: false
|
|
123
|
-
version_requirements: *
|
|
123
|
+
version_requirements: *70160889000620
|
|
124
124
|
- !ruby/object:Gem::Dependency
|
|
125
125
|
name: simplecov
|
|
126
|
-
requirement: &
|
|
126
|
+
requirement: &70160888999860 !ruby/object:Gem::Requirement
|
|
127
127
|
none: false
|
|
128
128
|
requirements:
|
|
129
129
|
- - ! '>='
|
|
@@ -131,7 +131,7 @@ dependencies:
|
|
|
131
131
|
version: '0'
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
|
-
version_requirements: *
|
|
134
|
+
version_requirements: *70160888999860
|
|
135
135
|
description: ! ' Enable OAuth clients (iphone, android, web sites, etc.) to access
|
|
136
136
|
and use your Rails application, what you do with it is up to you'
|
|
137
137
|
email: richard.schneeman@gmail.com
|
|
@@ -237,7 +237,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
237
237
|
version: '0'
|
|
238
238
|
segments:
|
|
239
239
|
- 0
|
|
240
|
-
hash: -
|
|
240
|
+
hash: -3455292628874218809
|
|
241
241
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
242
242
|
none: false
|
|
243
243
|
requirements:
|