oxd-ruby 0.1.8 → 0.1.9

data/demosite/app/controllers/application_controller.rb

@@ -7,9 +7,40 @@ class ApplicationController < ActionController::Base
   	protect_from_forgery with: :exception
 
  	before_filter :set_oxd_commands_instance
+
+  # method to set the client attributes taken from user
+  # It should be called before adding, updating and deleting client settings 
+  def set_oxd_config_values(op_host, authorization_redirect_uri, post_logout_redirect_uri, client_name, connection_type, connection_type_value, client_id, client_secret)
+    @oxdConfig.op_host = op_host if(!op_host.nil?)
+    @oxdConfig.authorization_redirect_uri = authorization_redirect_uri if(!op_host.nil?)
+    @oxdConfig.post_logout_redirect_uri = post_logout_redirect_uri if(!post_logout_redirect_uri.nil?)
+    @oxdConfig.client_name = client_name if(!client_name.nil?)    
+    @oxdConfig.connection_type = connection_type if(!connection_type.nil?)
+    @oxdConfig.oxd_host = connection_type_value if(!connection_type_value.nil?)   
+    @oxdConfig.client_id = client_id if(!client_id.nil?)    
+    @oxdConfig.client_secret = client_secret if(!client_secret.nil?)    
+  end
+
+  # @return [Boolean] type for openID Provider type, True for dynamic and False for static openID provider
+  # method to know static or dynamic openID Provider
+  # This should be called after getting the URI of the OpenID Provider, Client Redirect URI, Post logout URI, oxd port values from user
+  def check_openid_type(op_host)
+    op_host = op_host+"/.well-known/openid-configuration"
+    uri = URI.parse(op_host)
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    request = Net::HTTP::Get.new(uri.request_uri)
+    response = http.request(request)
+    ophost_data = response.body
+    @oxdConfig.dynamic_registration = (!JSON.parse(ophost_data).key?("registration_endpoint"))? false : true
+    @oxdConfig.scope = ["openid", "profile", "email"] if(@oxdConfig.dynamic_registration == false)
+  end 
+
 	protected
 		def set_oxd_commands_instance
       @oxd_command = Oxd::ClientOxdCommands.new
 			@uma_command = Oxd::UMACommands.new
-		end  
+      @oxdConfig = @oxd_command.oxdConfig
+		end
 end

data/demosite/app/controllers/home_controller.rb

@@ -1,24 +1,47 @@
 class HomeController < ApplicationController
-	skip_before_filter :verify_authenticity_token  
+	skip_before_filter :verify_authenticity_token
 
-	def index	
+	def index		
+	end
+
+	def setup_client
+		unless(@oxdConfig.oxd_id.present?)			
+			check_openid_type(@oxdConfig.op_host)
+
+			if(@oxdConfig.dynamic_registration == false && (@oxdConfig.client_id.nil? && @oxdConfig.client_secret.nil?))				
+				flash[:info] = 'Enter client ID and client Secret in oxd_config.rb file'
+			else
+				@oxd_command.setup_client
+			end			
+		end
+		flash[:success] = 'Client is registered with Oxd ID : '+@oxdConfig.oxd_id
+		redirect_to root_path
+	end
+
+	def get_client_token
+		@oxd_command.get_client_token # Fetch protection_access_token
+		redirect_to root_path
 	end
 
 	def register_site		
-		if(!@oxd_command.getOxdId.present?)			
+		if(!@oxdConfig.oxd_id.present?)			
 			@oxd_command.register_site # Register site and store the returned oxd_id in config
-	    end
-	    authorization_url = @oxd_command.get_authorization_url
+	    end	    
+	    authorization_url = @oxd_command.get_authorization_url([],[], {"param1" => "value1","param2" => "value2"})
 	    redirect_to authorization_url # redirect user to obtained authorization_url to authenticate
 	end
 
 	def login
-		if(@oxd_command.getOxdId.present?)
+		if(@oxdConfig.oxd_id.present?)
 			if (params[:code].present?)
 				# pass the parameters obtained from callback url to get access_token
 				@access_token = @oxd_command.get_tokens_by_code( params[:code], params[:state]) 
     		end
 	        session.delete('oxd_access_token') if(session[:oxd_access_token].present?)
+
+	        if(@oxdConfig.dynamic_registration == true)
+	        	@access_token = @oxd_command.get_access_token_by_refresh_token
+	        end
         	session[:oxd_access_token] = @access_token
         	session[:state] = params[:state]
         	session[:session_state] = params[:session_state]
@@ -27,6 +50,16 @@ class HomeController < ApplicationController
 		end
 	end
 
+	def update_registration
+		@oxdConfig.client_name = "ClienName 2"
+		if(@oxd_command.update_site_registration)
+			flash[:success] = 'Client settings are updated successfully!!'
+		else
+			flash[:error] = 'There was some error in updating Client settings'
+		end
+		redirect_to root_path
+	end
+
 	def logout
 		# get logout url and redirect user that URL to logout from OP
 		if(session[:oxd_access_token])
@@ -34,4 +67,13 @@ class HomeController < ApplicationController
 			redirect_to @logout_url
 		end	    
 	end
+
+	def clear_data
+		@oxdConfig.oxd_id = ""
+		@oxdConfig.client_id = "";
+    	@oxdConfig.client_secret = "";
+    	@oxdConfig.client_name = "";
+    	@oxdConfig.protection_access_token = "";
+		redirect_to root_path    	
+	end
 end

data/demosite/app/controllers/uma_controller.rb

@@ -2,24 +2,30 @@ class UmaController < ApplicationController
 	skip_before_filter :verify_authenticity_token  
 	require 'json'
 
-    def index        
+    def index       
+    end
+
+    def get_client_token
+        @oxd_command.get_client_token
+        redirect_to uma_index_path
     end
 
     def protect_resources
-        condition1_for_path1 = {:httpMethods => ["GET"], :scopes => ["http://photoz.example.com/dev/actions/view"]}
-        condition2_for_path1 = {:httpMethods => ["PUT", "POST"], :scopes => ["http://photoz.example.com/dev/actions/all","http://photoz.example.com/dev/actions/add"], :ticketScopes => ["http://photoz.example.com/dev/actions/add"]}
+        condition1_for_path1 = {:httpMethods => ["GET"], :scopes => ["https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1/view"]}
+        condition2_for_path1 = {:httpMethods => ["PUT", "POST"], :scopes => ["https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1/all","https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1/add"], :ticketScopes => ["https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1/add"]}
 
-        condition1_for_path2 = {:httpMethods => ["GET"], :scopes => ["http://photoz.example.com/dev/actions/view"]}
+        condition1_for_path2 = {:httpMethods => ["GET"], :scopes => ["https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1/all"]}
 
         @uma_command.uma_add_resource("/photo", condition1_for_path1, condition2_for_path1) # Add Resource#1
         @uma_command.uma_add_resource("/document", condition1_for_path2) # Add Resource#2
+
         response = @uma_command.uma_rs_protect # Register above resources with UMA RS
         render :template => "uma/index", :locals => { :protect_resources_response => response } 
     end
 
     def get_rpt
-        rpt = @uma_command.uma_rp_get_rpt('false') # Get RPT
-        render :template => "uma/index", :locals => { :rpt => rpt } 
+        response = @uma_command.uma_rp_get_rpt
+        render :template => "uma/index", :locals => { :get_rpt_response => response } 
     end
 
     def check_access
@@ -27,14 +33,8 @@ class UmaController < ApplicationController
         render :template => "uma/index", :locals => { :check_access_response => response } 
     end
 
-    def authorize_rpt
-        response = @uma_command.uma_rp_authorize_rpt # Authorize RPT
-        render :template => "uma/index", :locals => { :authorize_rpt_response => response }
+    def get_claims_gathering_url
+        response = @uma_command.uma_rp_get_claims_gathering_url('/photo')
+        render :template => "uma/index", :locals => { :get_claims_gathering_url_response => response } 
     end
-
-	def get_gat 
-        scopes = ["http://photoz.example.com/dev/actions/add","http://photoz.example.com/dev/actions/view","http://photoz.example.com/dev/actions/edit"]
-		gat = @uma_command.uma_rp_get_gat(scopes) # Pass scopes array to get GAT
-        render :template => "uma/index", :locals => { :gat => gat } 
-	end
 end

data/demosite/app/views/home/index.html.erb

@@ -2,48 +2,70 @@
     <h2>Ruby on Rails demo Site for OxD Ruby Library</h2>
     <p>This is a demo site showcasing the usage of OxD Ruby Library. The demo site is written in Ruby on Rails and shows that the library can be used to perform OpenID based authentication.</p>
 </div>
+
+<% flash.each do |key, value| %>
+  <div class="alert alert-<%= key %>"><%= value %></div>
+<% end %>
+
 <div class="row">
     <div class="col-md-6">
-        <h3>Configuration File</h3>
-        <p>Website specific configuration information is stored in a config file. This is necessary for storing persistant information like Oxd ID generated during the site registration with the Open ID provider.
-        The <code>oxd_config.rb</code> shows the config file used for this demo app. The complete documentation about the config file can be obtained <a href="https://github.com/GluuFederation/oxd-ruby">here in Github</a>
-        </p>
+	   <h3>Setup Client</h3>
+       <p>
+            In order to use an OpenID Connect Provider (OP) for login, you need to setup your client application at the OP. During setup oxd will dynamically register the OpenID Connect client and save its configuration. Upon successful setup a unique identifier will be issued by the oxd server by assigning a specific oxd id. Along with oxd Id oxd server will also return client Id and client secret. This client Id and client secret can be used for <code>get_client_token</code> method. The Setup Client method is a one time task to configure a client in the oxd server and OP.
+       </p>
+       <b>Note:</b> If your OpenID Connect Provider does not support dynamic registration (like Google), you will need to obtain a ClientID and Client Secret which can be set in <code>oxd_config.rb</code> initializer file.
+       <hr>
+        <% if @oxdConfig.oxd_id.present? %>
+            <div class="alert alert-success">
+                Client is registered with Oxd ID : <%= @oxdConfig.oxd_id %>
+            </div>
+            <p><strong> Clear Saved Client configuration - </strong><a class="btn btn-primary" href="<%= clear_data_path %>" >Clear data</a></p>
+        <% else %>
+            <p><strong> Live demo - </strong><a class="btn btn-primary" href="<%= setup_client_path %>" >Setup Client</a></p>
+        <% end %>
     </div>
     <div class="col-md-6">
-        <h3>oxd_config.rb</h3>
-        <pre class="prettyprint">
-Oxd.configure do |config|
-    config.oxd_host_ip                          = '127.0.0.1'
-    config.oxd_host_port                        = 8099
-    config.op_host                              = "https://ce-dev2.gluu.org"
-    config.authorization_redirect_uri           = "https://oxd-rails.com/login"
-    config.logout_redirect_uri                  = "https://oxd-rails.com/logout"
-    config.post_logout_redirect_uri             = "https://oxd-rails.com/"
-    config.scope                                = [ "openid", "profile" ]
-    config.application_type                     = "web"
-    config.client_jwks_uri                      = ""
-    config.client_token_endpoint_auth_method    = ""
-    config.client_request_uris                  = []
-    config.contacts                             = ["example-email@gmail.com"]
-    config.grant_types                          = []
-    config.response_types                       = ["code"]
-    config.acr_values                           = ["basic"]
-    config.client_logout_uris                   = ['https://oxd-rails.com/logout']
+    <pre class="prettyprint">
+def setup_client
+    unless(@oxdConfig.oxd_id.present?)          
+        check_openid_type(@oxdConfig.op_host)
+
+        if(@oxdConfig.dynamic_registration == false && (@oxdConfig.client_id.nil? && @oxdConfig.client_secret.nil?))                
+            flash[:info] = 'Enter client ID and client Secret in oxd_config.rb file'
+        else
+            @oxd_command.setup_client
+        end         
+    end
+    flash[:success] = 'Client is registered with Oxd ID : '+@oxdConfig.oxd_id
+    redirect_to root_path
 end
-        </pre>
+    </pre>
     </div>
 </div>
 <div class="row">
     <div class="col-md-6">
-        <h3>Registration and Fetching Auth URL</h3>
-        <p>The first step is to register the client with the OP. Once the client is registered, then the user data can be fetched upon user authorization.
-        oxD Ruby performs client registration automatically when you request for an authorization url. Redirect the user to the authorization url to get user
-        consent.</p>
+        <h3>Get Client Token and Login to Open Id</h3>
+        <p>Once the client is registered, then the user data can be fetched upon user authorization. <code>get_client_token</code> command must be invoked to use all other methods of API when the <code>protect_commands_with_access_token</code> is enabled in oxd-server.
+        oxD Ruby performs client registration automatically when you request for an authorization url. Redirect the user to the authorization url to get user consent.</p>
         <hr>
-        <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%=  register_site_path %>">Go to Authorization Page</a></p>
+        <% if @oxdConfig.oxd_id.present? %>            
+             <% if @oxdConfig.protection_access_token.present? %>
+                <div class="alert alert-success">
+                    Obtained protection access token is : <%= @oxdConfig.protection_access_token %>
+                </div>
+                <p><strong>Login with Open ID Live demo - </strong><a class="btn btn-primary" href="<%= register_site_path %>" >Login with Open ID</a></p>
+            <% else %>
+                <p><strong>Get Client Token Live demo - </strong><a class="btn btn-primary" href="<%= get_client_token_path %>" >Get Client Token</a></p>
+            <% end %>
+        <% end %>
     </div>
     <div class="col-md-6">
     <pre class="prettyprint">
+def get_client_token
+    @oxd_command.get_client_token
+    redirect_to root_path
+end        
+
 def register_site
     if(!@oxd_command.getOxdId.present?)
         @oxd_command.register_site
@@ -57,22 +79,27 @@ end
 <div class="row">
     <div class="col-md-6">
     <h3>Get user information</h3>
-    <p>Once the user authorizes the website to use the information from the OP, the OP calls back the website with code and scopes for accessing the user data in the registered callback <code>authorization_redirect_uri</code> in the config file. Then an access token is obtained from the OP using which user claims can be requested.</p>
+    <p>Once the user authorizes the website to use the information from the OP, the OP calls back the website with code and scopes for accessing the user data in the registered callback <code>authorization_redirect_uri</code> in the config file. Then an access token is obtained from the OP using <code>get_tokens_by_code</code> command with which user claims can be requested.</p>
+    <p>The <code>get_access_token_by_refresh_token</code> method can be used to get a fresh access token and refresh token by using the refresh token which is obtained from <code>get_tokens_by_code</code> method. The newly obtained access token can be used with <code>get_user_info</code> command to fetch user claims.
+    </p>
     </div>
     <div class="col-md-6">
         <pre class="prettyprint">
 def login
-    if(@oxd_command.getOxdId.present?)
+    if(@oxdConfig.oxd_id.present?)
         if (params[:code].present?)
-            @access_token = @oxd_command.get_tokens_by_code( params[:code],params[:state])
+            @access_token = @oxd_command.get_tokens_by_code( params[:code], params[:state]) 
         end
         session.delete('oxd_access_token') if(session[:oxd_access_token].present?)
+        if(@oxdConfig.dynamic_registration == true)
+            @access_token = @oxd_command.get_access_token_by_refresh_token
+        end
         session[:oxd_access_token] = @access_token
         session[:state] = params[:state]
         session[:session_state] = params[:session_state]
-        @user = @oxd_command.get_user_info(session[:oxd_access_token])  
-        render :template => "home/index", :locals => { :user => @user }     
-    end
+        @user = @oxd_command.get_user_info(session[:oxd_access_token]) # pass access_token get user information from OP
+        render :template => "home/index", :locals => { :user => @user }             
+        end
 end
         </pre>
     </div>
@@ -106,11 +133,39 @@ end
         </pre>
     </div>
 </div>
+<div class="row">
+    <div class="col-md-6">
+        <h3>Update webiste registration</h3>
+        <p>The <code>update_site_registration</code> method can be used to update an existing client in the OpenID Connect Provider (OP). Fields like Authorization Redirect URL, Post Logout URL, Scope, Client Secret and other fields can be updated using this method.</p>
+        <% if(@oxdConfig.oxd_id.present? && @oxdConfig.protection_access_token.present?) %>
+            <p><strong>Update webiste registration Live demo. </strong><a class="btn btn-primary" href="<%= update_registration_path %>">Update</a></p>
+        <% else %>
+            <div class="alert alert-warning">No business card for you. Obtain OxdID and Protection Access Token first</div>
+        <% end %>
+    </div>
+    <div class="col-md-6">
+    <pre class="prettyprint">
+def update_registration
+    @oxdConfig.client_name = "ClienName 2"
+    if(@oxd_command.update_site_registration)
+        flash[:success] = 'Client settings are updated successfully!!'
+    else
+        flash[:error] = 'There was some error in updating Client settings'
+    end
+    redirect_to root_path   
+end
+    </pre>
+    </div>
+</div>
 <div class="row">
     <div class="col-md-6">
         <h3>UMA Demo</h3>
         <p>UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties.Once the website has been registered and authorized with OP you can register protection document with UMA.</p>
-       <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= uma_index_path %>" target="_blank">Go to UMA demo page</a></p>
+        <% if(@oxdConfig.oxd_id.present? && @oxdConfig.protection_access_token.present?) %>
+            <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= uma_index_path %>" target="_blank">Go to UMA demo page</a></p>
+        <% else %>
+            <div class="alert alert-warning">No business card for you. Obtain OxdID and Protection Access Token first</div>
+        <% end %>
     </div>
 </div>
 <div class="row">
@@ -129,4 +184,27 @@ def logout
 end
     </pre>
     </div>
-</div>
+</div>
+
+<script type="text/javascript">
+    $(document).ready(function() {
+        
+        <% if @oxdConfig.oxd_id.present? %>
+            $('.disabled').attr('disabled',true);
+            <% if @oxdConfig.dynamic_registration == true %>
+                $('.dynamic_registration_disabled').attr('disabled',true);
+            <% end %>
+        <% end %>
+
+        $('input[name=connection_type]').on('change', function(){
+            var checked_btn = $(this).val();
+            $('.connection_type_value').addClass('hidden');
+            $('.'+checked_btn+'_connection_type').removeClass('hidden');
+        });
+
+        $('#login').on('click', function(evt){
+            evt.preventDefault();
+            window.location = '<%= register_site_path %>';
+        });
+    });
+</script>

data/demosite/app/views/uma/index.html.erb

@@ -1,7 +1,25 @@
 <div class="jumbotron">
     <h2>UMA RS and UMA RP Demo page for OxD Ruby Library</h2>
 </div>
-
+<div class="row">
+    <div class="col-md-6">
+        <h3>Get Client Token</h3>
+        <p><code>get_client_token</code> command must be invoked to use all other methods of API when the <code>protect_commands_with_access_token</code> is enabled in oxd-server.</p>
+        <hr>
+        <div class="alert alert-success">
+            Obtained protection access token is : <%= @oxdConfig.protection_access_token %>
+        </div>
+        <p><strong>Get Client Token Live demo - </strong><a class="btn btn-primary" href="<%= get_client_token_uma_index_path %>" >Get Client Token</a></p>
+    </div>
+    <div class="col-md-6">
+    <pre class="prettyprint">
+def get_client_token
+    @oxd_command.get_client_token
+    redirect_to uma_index_path
+end
+    </pre>
+    </div>
+</div>
 <div class="row">
     <div class="col-md-6">
         <h3>UMA RS Protect resources</h3>
@@ -31,19 +49,19 @@ end
 <div class="row">
     <div class="col-md-6">
         <h3>UMA RP - Get RPT</h3>
-        <p>To gain access to protected resources at the UMA resource server, you must first obtain RPT (Requesting Party Token) using <code>uma_rp_get_rpt(force_new)</code> call.</p>
+        <p>To gain access to protected resources at the UMA resource server, you must first obtain RPT (Requesting Party Token) using <code>uma_rp_get_rpt</code> call.</p>
         <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%=  get_rpt_uma_index_path %>">Get RPT</a></p>        
-        <% if defined?(rpt) %>
+        <% if defined?(get_rpt_response) %>
         <div class="alert alert-success">
-            <%= "Response RPT is: #{rpt}" %>
+            <%= "Response is: #{get_rpt_response}" %>
         </div>
         <% end %>
     </div>
     <div class="col-md-6">
         <pre class="prettyprint">
 def get_rpt
-    rpt = @uma_command.uma_rp_get_rpt(false)
-    render :template => "uma/index", :locals => { :rpt => rpt } 
+    response = @uma_command.uma_rp_get_rpt
+    render :template => "uma/index", :locals => { :get_rpt_response => response } 
 end
         </pre>
     </div>
@@ -76,46 +94,30 @@ end
 		</pre>
     </div>
 </div>
-<hr>
 <div class="row">
     <div class="col-md-6">
-        <h3>UMA RP - Authorize RPT</h3>
-        <p>You must first get RPT (refer to 'Get RPT' section) before authorizing. If you have already obtained the RPT, use <code>uma_rp_authorize_rpt</code> method provided by oxd-ruby library to authorize RPT.</p>
-       <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%=  authorize_rpt_uma_index_path %>">Authorize RPT</a></p>
-       <% if defined?(authorize_rpt_response) %>
-        <div class="alert alert-success">
-            <%= "Response Oxd ID: #{authorize_rpt_response}" %>
-        </div>
-        <% end %>
+    <h3>UMA RP - Get Claims-Gathering URL</h3>
+    <p>After being redirected to the Claims Gathering URL the user goes through the claims gathering flow. If successful, the user is redirected back to claims_redirect_uri with a new ticket</p>
+    <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= get_claims_gathering_url_uma_index_path %>">Get Claims-Gathering URL</a></p>
+    <% if defined?(get_claims_gathering_url_response) %>
+        <% if get_claims_gathering_url_response['access'] == 'denied' %>
+            <div class="alert alert-warning">
+                <%= "Response : access #{get_claims_gathering_url_response['access']}" %><br>
+                <%= "Response ticket : #{get_claims_gathering_url_response['ticket']}" if get_claims_gathering_url_response['ticket'].present? %>
+            </div>
+        <% else %>
+            <div class="alert alert-success">
+                <%= "Response : #{get_claims_gathering_url_response}" %>
+            </div>
+        <% end %>    
+    <% end %>
     </div>
     <div class="col-md-6">
         <pre class="prettyprint">
-def authorize_rpt
-    response = @uma_command.uma_rp_authorize_rpt
-    render :template => "uma/index", :locals => { :authorize_rpt_response => response }
+def get_claims_gathering_url
+    response = @uma_command.uma_rp_get_claims_gathering_url('/photo')
+    render :template => "uma/index", :locals => { :get_claims_gathering_url_response => response } 
 end
         </pre>
     </div>
-</div>
-<hr>
-<div class="row">
-    <div class="col-md-6">
-        <h3>UMA RP - Get GAT</h3>
-        <p>To obtain GAT(Gluu Access Token) call to <code>uma_rp_get_gat(scopes)</code> method with scopes as parameter.</p>
-        <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%=  get_gat_uma_index_path %>">Get GAT</a></p>
-        <% if defined?(gat) %>
-        <div class="alert alert-success">
-            <%= "Response GAT is: #{gat}" %>
-        </div>
-        <% end %>
-    </div>
-   <div class="col-md-6">
-    <pre class="prettyprint">
-def get_gat 
-    scopes = ["http://photoz.example.com/dev/actions/add","http://photoz.example.com/dev/actions/view","http://photoz.example.com/dev/actions/edit"]
-    gat = @uma_command.uma_rp_get_gat(scopes)
-    render :template => "uma/index", :locals => { :gat => gat } 
-end
-    </pre>
-    </div>
 </div>