panjiva-oauth-plugin 0.4.1

data/generators/oauth_provider/templates/oauth_token_test.rb

@@ -0,0 +1,57 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class RequestTokenTest < ActiveSupport::TestCase
+
+  fixtures :client_applications, :users, :oauth_tokens
+
+  def setup
+    @token = RequestToken.create :client_application=>client_applications(:one)
+  end
+
+  def test_should_be_valid
+    assert @token.valid?
+  end
+
+  def test_should_not_have_errors
+    assert @token.errors.empty?
+  end
+
+  def test_should_have_a_token
+    assert_not_nil @token.token
+  end
+
+  def test_should_have_a_secret
+    assert_not_nil @token.secret
+  end
+
+  def test_should_not_be_authorized
+    assert !@token.authorized?
+  end
+
+  def test_should_not_be_invalidated
+    assert !@token.invalidated?
+  end
+
+  def test_should_authorize_request
+    @token.authorize!(users(:quentin))
+    assert @token.authorized?
+    assert_not_nil @token.authorized_at
+    assert_equal users(:quentin), @token.user
+  end
+
+  def test_should_not_exchange_without_approval
+    assert_equal false, @token.exchange!
+    assert_equal false, @token.invalidated?
+  end
+
+  def test_should_not_exchange_without_approval
+    @token.authorize!(users(:quentin))
+    @access = @token.exchange!
+    assert_not_equal false, @access
+    assert @token.invalidated?
+
+    assert_equal users(:quentin), @access.user
+    assert @access.authorized?
+  end
+
+end

data/generators/oauth_provider/templates/oauth_tokens.yml

@@ -0,0 +1,17 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+one:
+  id: 1
+  user_id: 1
+  client_application_id: 1
+  token: one
+  secret: MyString
+  created_at: 2007-11-19 07:31:46
+  updated_at: 2007-11-19 07:31:46
+two:
+  id: 2
+  user_id: 1
+  client_application_id: 1
+  token: two
+  secret: MyString
+  created_at: 2007-11-19 07:31:46
+  updated_at: 2007-11-19 07:31:46

data/generators/oauth_provider/templates/request_token.rb

@@ -0,0 +1,40 @@
+class RequestToken < OauthToken
+
+  attr_accessor :provided_oauth_verifier
+
+  def authorize!(user)
+    return false if authorized?
+    self.user = user
+    self.authorized_at = Time.now
+    self.verifier=OAuth::Helper.generate_key(20)[0,20] unless oauth10?
+    self.save
+  end
+
+  def exchange!
+    return false unless authorized?
+    return false unless oauth10? || verifier==provided_oauth_verifier
+
+    RequestToken.transaction do
+      access_token = AccessToken.create(:user => user, :client_application => client_application)
+      invalidate!
+      access_token
+    end
+  end
+
+  def to_query
+    if oauth10?
+      super
+    else
+      "#{super}&oauth_callback_confirmed=true"
+    end
+  end
+
+  def oob?
+    callback_url.nil? || callback_url.downcase == 'oob'
+  end
+
+  def oauth10?
+    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+  end
+
+end

data/generators/oauth_provider/templates/show.html.erb

@@ -0,0 +1,27 @@
+<h1>OAuth details for <%%=@client_application.name %></h1>
+<p>
+  <strong>Consumer Key:</strong>
+  <code><%%=@client_application.key %></code>
+</p>
+<p>
+  <strong>Consumer Secret:</strong>
+  <code><%%=@client_application.secret %></code>
+</p>
+<p>
+  <strong>Request Token URL</strong>
+  <code>http<%%='s' if request.ssl? %>://<%%= request.host_with_port %><%%=@client_application.oauth_server.request_token_path %></code>
+</p>
+<p>
+  <strong>Access Token URL</strong>
+  <code>http<%%='s' if request.ssl? %>://<%%= request.host_with_port %><%%=@client_application.oauth_server.access_token_path %></code>
+</p>
+<p>
+  <strong>Authorize URL</strong>
+  <code>http<%%='s' if request.ssl? %>://<%%= request.host_with_port %><%%=@client_application.oauth_server.authorize_path %></code>
+</p>
+
+<p>
+  We support hmac-sha1 (recommended) as well as plain text in ssl mode.
+</p>
+<%%= link_to 'Edit', edit_oauth_client_path(@client_application) %> |
+<%%= link_to 'Back', oauth_clients_path %>

data/generators/oauth_provider/templates/show.html.haml

@@ -0,0 +1,30 @@
+%h1
+  OAuth details for
+  =@client_application.name
+%p
+  %strong Consumer Key:
+  %code=@client_application.key
+%p
+  %strong Consumer Secret:
+  %code=@client_application.secret
+
+%p
+  %strong Request Token URL
+  %code
+    ="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.request_token_path}"
+
+%p
+  %strong Access Token URL
+  %code
+    ="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.access_token_path}"
+
+%p
+  %strong Authorize URL
+  %code
+    ="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.authorize_path}"
+
+%p
+  We support hmac-sha1 (recommended) as well as plain text in ssl mode.
+
+= link_to 'Edit', edit_oauth_client_path(@client_application)
+= link_to 'Back', oauth_clients_path

data/init.rb

@@ -0,0 +1 @@
+require File.dirname(__FILE__) + "/rails/init"

data/install.rb

@@ -0,0 +1,2 @@
+#should we do any text formatting?
+puts IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))

data/lib/generators/active_record/oauth_consumer_generator.rb

@@ -0,0 +1,33 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class OauthConsumerGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.expand_path('../oauth_consumer_templates', __FILE__)
+
+      # Implement the required interface for Rails::Generators::Migration.
+      def self.next_migration_number(dirname) #:nodoc:
+        next_migration_number = current_migration_number(dirname) + 1
+        if ActiveRecord::Base.timestamped_migrations
+          [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
+        else
+          "%.3d" % next_migration_number
+        end
+      end
+
+      def check_class_collisions
+        class_collisions '', %w(ConsumerToken)
+      end
+
+      def copy_models
+        template 'consumer_token.rb', File.join('app/models', 'consumer_token.rb')
+      end
+
+      def copy_migration
+        migration_template 'migration.rb', 'db/migrate/create_oauth_consumer_tokens'
+      end
+    end
+  end
+end

data/lib/generators/active_record/oauth_consumer_templates/consumer_token.rb

@@ -0,0 +1,11 @@
+require 'oauth/models/consumers/token'
+class ConsumerToken < ActiveRecord::Base
+  include Oauth::Models::Consumers::Token
+
+  # You can safely remove this callback if you don't allow login from any of your services
+  before_create :create_user
+
+  # Modify this with class_name etc to match your application
+  belongs_to :user
+
+end

data/lib/generators/active_record/oauth_consumer_templates/migration.rb

@@ -0,0 +1,20 @@
+class CreateOauthConsumerTokens < ActiveRecord::Migration
+  def self.up
+
+    create_table :consumer_tokens do |t|
+      t.integer :user_id
+      t.string :type, :limit => 30
+      t.string :token, :limit => 1024 # This has to be huge because of Yahoo's excessively large tokens
+      t.string :secret
+      t.timestamps
+    end
+
+    add_index :consumer_tokens, :token, :unique => true, :length => 100
+
+  end
+
+  def self.down
+    drop_table :consumer_tokens
+  end
+
+end

data/lib/generators/active_record/oauth_provider_generator.rb

@@ -0,0 +1,39 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class OauthProviderGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.expand_path('../oauth_provider_templates', __FILE__)
+
+      # Implement the required interface for Rails::Generators::Migration.
+      def self.next_migration_number(dirname) #:nodoc:
+        next_migration_number = current_migration_number(dirname) + 1
+        if ActiveRecord::Base.timestamped_migrations
+          [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
+        else
+          "%.3d" % next_migration_number
+        end
+      end
+
+      def check_class_collisions
+        class_collisions '', %w(ClientApplication OauthNonce RequestToken AccessToken OauthToken)
+      end
+
+      def copy_models
+        template 'client_application.rb', File.join('app/models', 'client_application.rb')
+        template 'oauth_token.rb',        File.join('app/models', 'oauth_token.rb')
+        template 'request_token.rb',      File.join('app/models', 'request_token.rb')
+        template 'access_token.rb',       File.join('app/models', 'access_token.rb')
+        template 'oauth2_token.rb',       File.join('app/models', 'oauth2_token.rb')
+        template 'oauth2_verifier.rb',    File.join('app/models', 'oauth2_verifier.rb')
+        template 'oauth_nonce.rb',        File.join('app/models', 'oauth_nonce.rb')
+      end
+
+      def copy_migration
+        migration_template 'migration.rb', 'db/migrate/create_oauth_tables'
+      end
+    end
+  end
+end

data/lib/generators/active_record/oauth_provider_templates/access_token.rb

@@ -0,0 +1,16 @@
+class AccessToken < OauthToken
+  validates_presence_of :user, :secret
+  before_create :set_authorized_at
+
+  # Implement this to return a hash or array of the capabilities the access token has
+  # This is particularly useful if you have implemented user defined permissions.
+  # def capabilities
+  #   {:invalidate=>"/oauth/invalidate",:capabilities=>"/oauth/capabilities"}
+  # end
+
+  protected
+
+  def set_authorized_at
+    self.authorized_at = Time.now
+  end
+end

data/lib/generators/active_record/oauth_provider_templates/client_application.rb

@@ -0,0 +1,57 @@
+require 'oauth'
+class ClientApplication < ActiveRecord::Base
+  belongs_to :user
+  has_many :tokens, :class_name => "OauthToken"
+  has_many :access_tokens
+  has_many :oauth2_verifiers
+  has_many :oauth_tokens
+  validates_presence_of :name, :url, :key, :secret
+  validates_uniqueness_of :key
+  before_validation :generate_keys, :on => :create
+
+  validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
+  validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+  validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+
+  attr_accessor :token_callback_url
+
+  def self.find_token(token_key)
+    token = OauthToken.find_by_token(token_key, :include => :client_application)
+    if token && token.authorized?
+      token
+    else
+      nil
+    end
+  end
+
+  def self.verify_request(request, options = {}, &block)
+    begin
+      signature = OAuth::Signature.build(request, options, &block)
+      return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
+      value = signature.verify
+      value
+    rescue OAuth::Signature::UnknownSignatureMethod => e
+      false
+    end
+  end
+
+  def oauth_server
+    @oauth_server ||= OAuth::Server.new("http://your.site")
+  end
+
+  def credentials
+    @oauth_client ||= OAuth::Consumer.new(key, secret)
+  end
+
+  # If your application requires passing in extra parameters handle it here
+  def create_request_token(params={})
+    RequestToken.create :client_application => self, :callback_url=>self.token_callback_url
+  end
+
+protected
+
+  def generate_keys
+    self.key = OAuth::Helper.generate_key(40)[0,40]
+    self.secret = OAuth::Helper.generate_key(40)[0,40]
+  end
+end

data/lib/generators/active_record/oauth_provider_templates/migration.rb

@@ -0,0 +1,47 @@
+class CreateOauthTables < ActiveRecord::Migration
+  def self.up
+    create_table :client_applications do |t|
+      t.string :name
+      t.string :url
+      t.string :support_url
+      t.string :callback_url
+      t.string :key, :limit => 40
+      t.string :secret, :limit => 40
+      t.integer :user_id
+
+      t.timestamps
+    end
+    add_index :client_applications, :key, :unique => true
+
+    create_table :oauth_tokens do |t|
+      t.integer :user_id
+      t.string :type, :limit => 20
+      t.integer :client_application_id
+      t.string :token, :limit => 40
+      t.string :secret, :limit => 40
+      t.string :callback_url
+      t.string :verifier, :limit => 20
+      t.string :scope
+      t.timestamp :authorized_at, :invalidated_at, :expires_at
+      t.timestamps
+    end
+
+    add_index :oauth_tokens, :token, :unique => true
+
+    create_table :oauth_nonces do |t|
+      t.string :nonce
+      t.integer :timestamp
+
+      t.timestamps
+    end
+    add_index :oauth_nonces,[:nonce, :timestamp], :unique => true
+
+  end
+
+  def self.down
+    drop_table :client_applications
+    drop_table :oauth_tokens
+    drop_table :oauth_nonces
+  end
+
+end

data/lib/generators/active_record/oauth_provider_templates/oauth2_token.rb

@@ -0,0 +1,20 @@
+class Oauth2Token < AccessToken
+  attr_accessor :state
+  def as_json(options={})
+    d = {:access_token=>token, :token_type => 'bearer'}
+    d[:expires_in] = expires_in if expires_at
+    d
+  end
+
+  def to_query
+    q = "access_token=#{token}&token_type=bearer"
+    q << "&state=#{URI.escape(state)}" if @state
+    q << "&expires_in=#{expires_in}" if expires_at
+    q << "&scope=#{URI.escape(scope)}" if scope
+    q
+  end
+
+  def expires_in
+    expires_at.to_i - Time.now.to_i
+  end
+end

data/lib/generators/active_record/oauth_provider_templates/oauth2_verifier.rb

@@ -0,0 +1,35 @@
+class Oauth2Verifier < OauthToken
+  validates_presence_of :user
+  attr_accessor :state
+
+  def exchange!(params={})
+    OauthToken.transaction do
+      token = Oauth2Token.create! :user=>user,:client_application=>client_application, :scope => scope
+      invalidate!
+      token
+    end
+  end
+
+  def code
+    token
+  end
+
+  def redirect_url
+    callback_url
+  end
+
+  def to_query
+    q = "code=#{token}"
+    q << "&state=#{URI.escape(state)}" if @state
+    q
+  end
+
+  protected
+
+  def generate_keys
+    self.token = OAuth::Helper.generate_key(20)[0,20]
+    self.expires_at = 10.minutes.from_now
+    self.authorized_at = Time.now
+  end
+
+end