opro 0.4.2 → 0.4.3

data/CHANGELOG.md

@@ -1,5 +1,8 @@
 ## master
 
+## 0.4.3
+- [#20] Bugfix: expires_in not correctly recalculated after auth_grant refreshed (@nvh)
+
 ## 0.4.2
 - Fix jRuby compatibility in `Opro.convert_to_lambda`
 

data/VERSION

@@ -1 +1 @@
-0.4.2
+0.4.3

data/app/controllers/opro/oauth/tests_controller.rb

@@ -7,15 +7,10 @@ class Opro::Oauth::TestsController < OproController
   end
 
   def show
-    result = if valid_oauth?
-      {:status => 200, :message => 'OAuth worked!', :params => params, :user_id => oauth_user.id }
-    else
-      {:status => :unauthorized, :message => "OAuth did not work :(  #{generate_oauth_error_message!}", :params => params}
-    end
-
+    result = oauth_result(params)
     respond_to do |format|
       format.html do
-        render :text => result.to_json,   :status => result[:status], :layout => true
+        render :text => result.to_json, :status => result[:status], :layout => true
       end
       format.json do
         render :json => result, :status => result[:status]
@@ -24,15 +19,10 @@ class Opro::Oauth::TestsController < OproController
   end
 
   def create
-    result = if valid_oauth?
-      {:status => 200, :message => 'OAuth worked!', :params => params, :user_id => oauth_user.id }
-    else
-      {:status => :unauthorized, :message => "OAuth did not work :(  #{generate_oauth_error_message!}", :params => params}
-    end
-
+    result = oauth_result(params)
     respond_to do |format|
       format.html do
-        render :text => result.to_json,   :status => result[:status], :layout => true
+        render :text => result.to_json, :status => result[:status], :layout => true
       end
       format.json do
         render :json => result, :status => result[:status]
@@ -56,4 +46,14 @@ class Opro::Oauth::TestsController < OproController
       end
     end
   end
+
+  private
+
+  def oauth_result(options)
+    if valid_oauth?
+      {:status => 200, :message => 'OAuth worked!', :params => options, :user_id => oauth_user.id }
+    else
+      {:status => :unauthorized, :message => "OAuth did not work :(  #{generate_oauth_error_message!}", :params => params}
+    end
+  end
 end

data/app/controllers/opro/oauth/token_controller.rb

@@ -11,33 +11,40 @@ class Opro::Oauth::TokenController < OproController
     application = Opro::Oauth::ClientApp.authenticate(params[:client_id], params[:client_secret])
 
     if application.nil?
-      render :json => {:error => "Could not find application based on client_id=#{params[:client_id]}
-                                  and client_secret=#{params[:client_secret]}"}, :status => :unauthorized
-      return
+      render :json => {:error => app_not_found_error(params)}, :status => :unauthorized and return
     end
 
     if params[:code]
       auth_grant = Opro::Oauth::AuthGrant.auth_with_code!(params[:code], application.id)
     elsif params[:refresh_token]
-      auth_grant = Opro::Oauth::AuthGrant.refresh_tokens!(params[:refresh_token], application.id)
+      auth_grant = Opro::Oauth::AuthGrant.find_for_refresh(params[:refresh_token], application.id)
     elsif params[:password].present? || params[:grant_type] == "password"|| params[:grant_type] == "bearer"
       user       = ::Opro.find_user_for_all_auths!(self, params) if Opro.password_exchange_enabled? && oauth_valid_password_auth?(params[:client_id], params[:client_secret])
       auth_grant = Opro::Oauth::AuthGrant.auth_with_user!(user, application.id) if user.present?
     end
 
     if auth_grant.blank?
-      msg = "Could not find a user that belongs to this application"
-      msg << " & has a refresh_token=#{params[:refresh_token]}" if params[:refresh_token]
-      msg << " & has been granted a code=#{params[:code]}"      if params[:code]
-      msg << " using username and password"                     if params[:password]
-      render :json => {:error => msg }, :status => :unauthorized
-      return
+      render :json => {:error => debug_error_msg(params) }, :status => :unauthorized and return
     end
 
-    auth_grant.generate_expires_at!
+    auth_grant.refresh!
     render :json => { :access_token   => auth_grant.access_token,
                       :refresh_token  => auth_grant.refresh_token,
                       :expires_in     => auth_grant.expires_in }
   end
 
+  private
+
+  def debug_error_msg(options)
+    msg = "Could not find a user that belongs to this application"
+    msg << " & has a refresh_token=#{options[:refresh_token]}" if options[:refresh_token]
+    msg << " & has been granted a code=#{options[:code]}"      if options[:code]
+    msg << " using username and password"                      if options[:password]
+    msg
+  end
+
+  def app_not_found_error(options)
+    "Could not find application based on client_id=#{options[:client_id]} and client_secret=#{options[:client_secret]}"
+  end
+
 end

data/app/models/opro/oauth/auth_grant.rb

@@ -12,7 +12,7 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
   validates :code,           :uniqueness => true
   validates :access_token,   :uniqueness => true
 
-  before_create :generate_tokens!, :generate_expires_at!
+  before_create :refresh
 
   alias_attribute :token, :access_token
 
@@ -60,29 +60,21 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
     auth_grant
   end
 
-  def self.refresh_tokens!(refresh_token, application_id)
-    auth_grant = self.where("refresh_token = ? AND application_id = ?", refresh_token, application_id).first
-    if auth_grant.present?
-      auth_grant.generate_tokens!
-      auth_grant.generate_expires_at!
-      auth_grant.save!
-    end
-    auth_grant
+  def self.find_for_refresh(refresh_token, application_id)
+    self.where("refresh_token = ? AND application_id = ?", refresh_token, application_id).first
   end
 
-  def generate_expires_at!
-    if ::Opro.require_refresh_within.present?
-      self.access_token_expires_at = Time.now + ::Opro.require_refresh_within
-    else
-      self.access_token_expires_at = nil
-    end
-    true
+  # generates tokens, expires_at and saves
+  def refresh!
+    refresh
+    save!
   end
 
-  def generate_tokens!
-    self.code          = unique_token_for(:code)
-    self.access_token  = unique_token_for(:access_token)
-    self.refresh_token = unique_token_for(:refresh_token)
+  # generates tokens, expires_at
+  def refresh
+    generate_tokens!
+    generate_expires_at!
+    self
   end
 
   # used to guarantee that we are generating unique codes, access_tokens and refresh_tokens
@@ -102,4 +94,22 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
     redirect_uri << "&state=#{state}" if state.present?
     redirect_uri
   end
+
+  private
+  # use refresh instead
+  def generate_expires_at!
+    if ::Opro.require_refresh_within.present?
+      self.access_token_expires_at = Time.now + ::Opro.require_refresh_within
+    else
+      self.access_token_expires_at = nil
+    end
+    true
+  end
+
+  # use refresh instead
+  def generate_tokens!
+    self.code          = unique_token_for(:code)
+    self.access_token  = unique_token_for(:access_token)
+    self.refresh_token = unique_token_for(:refresh_token)
+  end
 end

data/lib/opro/rails/routes.rb

@@ -6,7 +6,8 @@ module ActionDispatch::Routing
       skip_routes = options[:except].is_a?(Array) ? options[:except] : [options[:except]]
       controllers = options[:controllers] || {}
 
-      match 'oauth/new'          => 'opro/oauth/auth#new',          :as => 'oauth_new'
+      oauth_new_controller = controllers[:oauth_new] || 'opro/oauth/auth'
+      match 'oauth/new'          => "#{oauth_new_controller}#new",  :as => 'oauth_new'
       match 'oauth/authorize'    => 'opro/oauth/auth#create',       :as => 'oauth_authorize'
       match 'oauth/token'        => 'opro/oauth/token#create',      :as => 'oauth_token'
 
@@ -25,4 +26,3 @@ module ActionDispatch::Routing
     end
   end
 end
-

data/opro.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "opro"
-  s.version = "0.4.2"
+  s.version = "0.4.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["schneems"]
-  s.date = "2012-11-07"
+  s.date = "2012-11-17"
   s.description = " Enable OAuth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you"
   s.email = "richard.schneeman@gmail.com"
   s.extra_rdoc_files = [
@@ -124,7 +124,7 @@ Gem::Specification.new do |s|
   s.homepage = "http://github.com/schneems/opro"
   s.licenses = ["MIT"]
   s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.24"
+  s.rubygems_version = "1.8.10"
   s.summary = "oPRO turns your Rails application into an OAuth Provider"
 
   if s.respond_to? :specification_version then

data/test/integration/action_dispatch/oauth_flow_test.rb

@@ -23,10 +23,10 @@ class OauthTokenTest < ActionDispatch::IntegrationTest
 
     json_hash = JSON.parse(response.body)
     assert json_hash["access_token"]
-    assert_equal json_hash["access_token"], auth_grant.access_token
+    assert_equal json_hash["access_token"], auth_grant.reload.access_token
 
     assert json_hash["refresh_token"]
-    assert_equal json_hash["refresh_token"], auth_grant.refresh_token
+    assert_equal json_hash["refresh_token"], auth_grant.reload.refresh_token
   end
 
 

data/test/integration/action_dispatch/refresh_token_test.rb

@@ -25,7 +25,8 @@ class RefreshTokenTest < ActionDispatch::IntegrationTest
     params = {:client_id      => @client_app.client_id ,
               :client_secret  => @client_app.client_secret,
               :code           => @auth_grant.code}
-    as_user(@user).post oauth_token_path(params)
+
+    post oauth_token_path(params)
     json_hash = JSON.parse(response.body)
     assert_equal json_hash['expires_in'], @auth_grant.expires_in
   end
@@ -37,7 +38,7 @@ class RefreshTokenTest < ActionDispatch::IntegrationTest
 
     Timecop.travel(2.days.from_now)
 
-    as_user(@user).post oauth_token_path(params)
+    post oauth_token_path(params)
 
     json_hash = JSON.parse(response.body)
     refute_equal json_hash['access_token'],   @auth_grant.access_token
@@ -51,4 +52,37 @@ class RefreshTokenTest < ActionDispatch::IntegrationTest
     assert_equal json_hash['expires_in'],     auth_grant.expires_in
   end
 
+  test "after expires in period, access_token is no longer valid" do
+    Timecop.freeze(@client_app.created_at)
+    params = {:client_id      => @client_app.client_id ,
+              :client_secret  => @client_app.client_secret,
+              :code           => @auth_grant.code}
+
+    post oauth_token_path(params)
+    json_hash    = JSON.parse(response.body)
+    expires_in   = json_hash['expires_in']
+    access_token = json_hash['access_token']
+
+    # should be valid
+    Timecop.travel(expires_in.seconds.from_now - 1.second)
+    get oauth_test_path(:show_me_the_money, access_token: access_token)
+    assert_equal 200, response.status
+
+    # should not be valid
+    Timecop.travel(expires_in.seconds.from_now + 1.second)
+    get oauth_test_path(:show_me_the_money, access_token: access_token)
+    refute_equal 200, response.status
+
+
+    params = {:client_id      => @client_app.client_id ,
+              :client_secret  => @client_app.client_secret,
+              :refresh_token  => @auth_grant.reload.refresh_token}
+
+    # make it valid again by refreshing the token
+    post oauth_token_path(params)
+    access_token = JSON.parse(response.body)['access_token']
+    get oauth_test_path(:show_me_the_money, access_token: access_token)
+    assert_equal 200, response.status
+  end
+
 end

metadata

@@ -1,240 +1,159 @@
 --- !ruby/object:Gem::Specification
 name: opro
 version: !ruby/object:Gem::Version
-  prerelease:
-  version: 0.4.2
+  version: 0.4.3
+  prerelease: 
 platform: ruby
 authors:
 - schneems
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-07 00:00:00.000000000 Z
+date: 2012-11-17 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 3.1.0
+  requirement: &70297244933200 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.1.0
-    none: false
-  prerelease: false
   type: :runtime
+  prerelease: false
+  version_requirements: *70297244933200
 - !ruby/object:Gem::Dependency
   name: rails
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 3.1.0
+  requirement: &70297244932520 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 3.1.0
-    none: false
-  prerelease: false
   type: :runtime
+  prerelease: false
+  version_requirements: *70297244932520
 - !ruby/object:Gem::Dependency
   name: kramdown
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244931780 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :runtime
+  prerelease: false
+  version_requirements: *70297244931780
 - !ruby/object:Gem::Dependency
   name: mocha
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244931120 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :development
+  prerelease: false
+  version_requirements: *70297244931120
 - !ruby/object:Gem::Dependency
   name: timecop
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244930600 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :development
+  prerelease: false
+  version_requirements: *70297244930600
 - !ruby/object:Gem::Dependency
   name: jeweler
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 1.6.4
+  requirement: &70297244930000 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.6.4
-    none: false
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *70297244930000
 - !ruby/object:Gem::Dependency
   name: bundler
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 1.1.3
+  requirement: &70297244929400 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 1.1.3
-    none: false
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *70297244929400
 - !ruby/object:Gem::Dependency
   name: capybara
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: 0.4.0
+  requirement: &70297244928580 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.4.0
-    none: false
-  prerelease: false
   type: :development
+  prerelease: false
+  version_requirements: *70297244928580
 - !ruby/object:Gem::Dependency
   name: launchy
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244927960 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :development
+  prerelease: false
+  version_requirements: *70297244927960
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244927220 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :development
+  prerelease: false
+  version_requirements: *70297244927220
 - !ruby/object:Gem::Dependency
   name: activerecord-jdbcsqlite3-adapter
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244926520 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :development
+  prerelease: false
+  version_requirements: *70297244926520
 - !ruby/object:Gem::Dependency
   name: jdbc-sqlite3
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244925900 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :development
+  prerelease: false
+  version_requirements: *70297244925900
 - !ruby/object:Gem::Dependency
   name: devise
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
+  requirement: &70297244925300 !ruby/object:Gem::Requirement
     none: false
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: !binary |-
-          MA==
-    none: false
-  prerelease: false
+        version: '0'
   type: :development
+  prerelease: false
+  version_requirements: *70297244925300
 description: ! ' Enable OAuth clients (iphone, android, web sites, etc.) to access
   and use your Rails application, what you do with it is up to you'
 email: richard.schneeman@gmail.com
@@ -350,32 +269,29 @@ files:
 homepage: http://github.com/schneems/opro
 licenses:
 - MIT
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
+      version: '0'
       segments:
       - 0
-      hash: 2
-      version: !binary |-
-        MA==
-  none: false
+      hash: -2443235425097345828
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
-      version: !binary |-
-        MA==
-  none: false
+      version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 1.8.24
-signing_key:
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
 specification_version: 3
 summary: oPRO turns your Rails application into an OAuth Provider
 test_files: []
-...