panjiva-oauth-plugin 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/.gitignore +12 -0
- data/CHANGELOG +178 -0
- data/Gemfile +27 -0
- data/Guardfile +8 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +531 -0
- data/Rakefile +2 -0
- data/UPGRADE.rdoc +21 -0
- data/generators/oauth_consumer/USAGE +10 -0
- data/generators/oauth_consumer/oauth_consumer_generator.rb +50 -0
- data/generators/oauth_consumer/templates/consumer_token.rb +11 -0
- data/generators/oauth_consumer/templates/controller.rb +27 -0
- data/generators/oauth_consumer/templates/index.html.erb +29 -0
- data/generators/oauth_consumer/templates/index.html.haml +18 -0
- data/generators/oauth_consumer/templates/migration.rb +20 -0
- data/generators/oauth_consumer/templates/oauth_config.rb +73 -0
- data/generators/oauth_consumer/templates/show.html.erb +7 -0
- data/generators/oauth_consumer/templates/show.html.haml +8 -0
- data/generators/oauth_provider/USAGE +20 -0
- data/generators/oauth_provider/lib/insert_routes.rb +67 -0
- data/generators/oauth_provider/oauth_provider_generator.rb +127 -0
- data/generators/oauth_provider/templates/_form.html.erb +17 -0
- data/generators/oauth_provider/templates/_form.html.haml +21 -0
- data/generators/oauth_provider/templates/access_token.rb +16 -0
- data/generators/oauth_provider/templates/authorize.html.erb +14 -0
- data/generators/oauth_provider/templates/authorize.html.haml +16 -0
- data/generators/oauth_provider/templates/authorize_failure.html.erb +1 -0
- data/generators/oauth_provider/templates/authorize_failure.html.haml +1 -0
- data/generators/oauth_provider/templates/authorize_success.html.erb +1 -0
- data/generators/oauth_provider/templates/authorize_success.html.haml +1 -0
- data/generators/oauth_provider/templates/client_application.rb +57 -0
- data/generators/oauth_provider/templates/client_application_spec.rb +29 -0
- data/generators/oauth_provider/templates/client_application_test.rb +42 -0
- data/generators/oauth_provider/templates/client_applications.yml +23 -0
- data/generators/oauth_provider/templates/clients_controller.rb +52 -0
- data/generators/oauth_provider/templates/clients_controller_spec.rb +176 -0
- data/generators/oauth_provider/templates/clients_controller_test.rb +280 -0
- data/generators/oauth_provider/templates/controller.rb +23 -0
- data/generators/oauth_provider/templates/edit.html.erb +7 -0
- data/generators/oauth_provider/templates/edit.html.haml +4 -0
- data/generators/oauth_provider/templates/index.html.erb +43 -0
- data/generators/oauth_provider/templates/index.html.haml +39 -0
- data/generators/oauth_provider/templates/migration.rb +47 -0
- data/generators/oauth_provider/templates/new.html.erb +5 -0
- data/generators/oauth_provider/templates/new.html.haml +5 -0
- data/generators/oauth_provider/templates/oauth2_authorize.html.erb +16 -0
- data/generators/oauth_provider/templates/oauth2_authorize.html.haml +17 -0
- data/generators/oauth_provider/templates/oauth2_token.rb +20 -0
- data/generators/oauth_provider/templates/oauth2_token_spec.rb +52 -0
- data/generators/oauth_provider/templates/oauth2_verifier.rb +35 -0
- data/generators/oauth_provider/templates/oauth2_verifier_spec.rb +44 -0
- data/generators/oauth_provider/templates/oauth_nonce.rb +13 -0
- data/generators/oauth_provider/templates/oauth_nonce_spec.rb +24 -0
- data/generators/oauth_provider/templates/oauth_nonce_test.rb +26 -0
- data/generators/oauth_provider/templates/oauth_nonces.yml +13 -0
- data/generators/oauth_provider/templates/oauth_token.rb +30 -0
- data/generators/oauth_provider/templates/oauth_token_spec.rb +309 -0
- data/generators/oauth_provider/templates/oauth_token_test.rb +57 -0
- data/generators/oauth_provider/templates/oauth_tokens.yml +17 -0
- data/generators/oauth_provider/templates/request_token.rb +40 -0
- data/generators/oauth_provider/templates/show.html.erb +27 -0
- data/generators/oauth_provider/templates/show.html.haml +30 -0
- data/init.rb +1 -0
- data/install.rb +2 -0
- data/lib/generators/active_record/oauth_consumer_generator.rb +33 -0
- data/lib/generators/active_record/oauth_consumer_templates/consumer_token.rb +11 -0
- data/lib/generators/active_record/oauth_consumer_templates/migration.rb +20 -0
- data/lib/generators/active_record/oauth_provider_generator.rb +39 -0
- data/lib/generators/active_record/oauth_provider_templates/access_token.rb +16 -0
- data/lib/generators/active_record/oauth_provider_templates/client_application.rb +57 -0
- data/lib/generators/active_record/oauth_provider_templates/migration.rb +47 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth2_token.rb +20 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth2_verifier.rb +35 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth_nonce.rb +13 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth_token.rb +30 -0
- data/lib/generators/active_record/oauth_provider_templates/request_token.rb +40 -0
- data/lib/generators/erb/oauth_consumer_generator.rb +14 -0
- data/lib/generators/erb/oauth_consumer_templates/index.html.erb +29 -0
- data/lib/generators/erb/oauth_consumer_templates/show.html.erb +7 -0
- data/lib/generators/erb/oauth_provider_generator.rb +23 -0
- data/lib/generators/erb/oauth_provider_templates/_form.html.erb +17 -0
- data/lib/generators/erb/oauth_provider_templates/authorize.html.erb +14 -0
- data/lib/generators/erb/oauth_provider_templates/authorize_failure.html.erb +1 -0
- data/lib/generators/erb/oauth_provider_templates/authorize_success.html.erb +1 -0
- data/lib/generators/erb/oauth_provider_templates/edit.html.erb +7 -0
- data/lib/generators/erb/oauth_provider_templates/index.html.erb +43 -0
- data/lib/generators/erb/oauth_provider_templates/new.html.erb +5 -0
- data/lib/generators/erb/oauth_provider_templates/oauth2_authorize.html.erb +16 -0
- data/lib/generators/erb/oauth_provider_templates/show.html.erb +27 -0
- data/lib/generators/haml/oauth_consumer_generator.rb +21 -0
- data/lib/generators/haml/oauth_consumer_templates/index.html.haml +18 -0
- data/lib/generators/haml/oauth_consumer_templates/show.html.haml +8 -0
- data/lib/generators/haml/oauth_provider_generator.rb +28 -0
- data/lib/generators/haml/oauth_provider_templates/_form.html.haml +21 -0
- data/lib/generators/haml/oauth_provider_templates/authorize.html.haml +16 -0
- data/lib/generators/haml/oauth_provider_templates/authorize_failure.html.haml +1 -0
- data/lib/generators/haml/oauth_provider_templates/authorize_success.html.haml +1 -0
- data/lib/generators/haml/oauth_provider_templates/edit.html.haml +4 -0
- data/lib/generators/haml/oauth_provider_templates/index.html.haml +39 -0
- data/lib/generators/haml/oauth_provider_templates/new.html.haml +5 -0
- data/lib/generators/haml/oauth_provider_templates/oauth2_authorize.html.haml +17 -0
- data/lib/generators/haml/oauth_provider_templates/show.html.haml +30 -0
- data/lib/generators/mongoid/oauth_consumer_generator.rb +15 -0
- data/lib/generators/mongoid/oauth_consumer_templates/consumer_token.rb +41 -0
- data/lib/generators/mongoid/oauth_provider_generator.rb +21 -0
- data/lib/generators/mongoid/oauth_provider_templates/access_token.rb +16 -0
- data/lib/generators/mongoid/oauth_provider_templates/client_application.rb +71 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth2_token.rb +20 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth2_verifier.rb +35 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth_nonce.rb +24 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth_token.rb +44 -0
- data/lib/generators/mongoid/oauth_provider_templates/request_token.rb +36 -0
- data/lib/generators/oauth_consumer/USAGE +11 -0
- data/lib/generators/oauth_consumer/oauth_consumer_generator.rb +31 -0
- data/lib/generators/oauth_consumer/templates/controller.rb +59 -0
- data/lib/generators/oauth_consumer/templates/oauth_config.rb +68 -0
- data/lib/generators/oauth_inflections.rb +6 -0
- data/lib/generators/oauth_plugin.rb +0 -0
- data/lib/generators/oauth_provider/USAGE +18 -0
- data/lib/generators/oauth_provider/oauth_provider_generator.rb +37 -0
- data/lib/generators/oauth_provider/templates/clients_controller.rb +52 -0
- data/lib/generators/oauth_provider/templates/controller.rb +23 -0
- data/lib/generators/rspec/oauth_provider_generator.rb +35 -0
- data/lib/generators/rspec/templates/client_application_spec.rb +29 -0
- data/lib/generators/rspec/templates/client_applications.yml +23 -0
- data/lib/generators/rspec/templates/clients_controller_spec.rb +176 -0
- data/lib/generators/rspec/templates/oauth2_token_spec.rb +52 -0
- data/lib/generators/rspec/templates/oauth2_verifier_spec.rb +44 -0
- data/lib/generators/rspec/templates/oauth_nonce_spec.rb +24 -0
- data/lib/generators/rspec/templates/oauth_nonces.yml +13 -0
- data/lib/generators/rspec/templates/oauth_token_spec.rb +309 -0
- data/lib/generators/rspec/templates/oauth_tokens.yml +17 -0
- data/lib/generators/test_unit/oauth_provider_generator.rb +33 -0
- data/lib/generators/test_unit/templates/client_application_test.rb +42 -0
- data/lib/generators/test_unit/templates/client_applications.yml +23 -0
- data/lib/generators/test_unit/templates/clients_controller_test.rb +280 -0
- data/lib/generators/test_unit/templates/oauth_nonce_test.rb +26 -0
- data/lib/generators/test_unit/templates/oauth_nonces.yml +13 -0
- data/lib/generators/test_unit/templates/oauth_token_test.rb +57 -0
- data/lib/generators/test_unit/templates/oauth_tokens.yml +17 -0
- data/lib/oauth-plugin.rb +24 -0
- data/lib/oauth-plugin/version.rb +5 -0
- data/lib/oauth/controllers/application_controller_methods.rb +136 -0
- data/lib/oauth/controllers/consumer_controller.rb +150 -0
- data/lib/oauth/controllers/provider_controller.rb +181 -0
- data/lib/oauth/models/consumers/service_loader.rb +28 -0
- data/lib/oauth/models/consumers/services/agree2_token.rb +15 -0
- data/lib/oauth/models/consumers/services/fireeagle_token.rb +39 -0
- data/lib/oauth/models/consumers/services/google_token.rb +21 -0
- data/lib/oauth/models/consumers/services/oauth2_token.rb +27 -0
- data/lib/oauth/models/consumers/services/opentransact_token.rb +15 -0
- data/lib/oauth/models/consumers/services/picomoney_token.rb +17 -0
- data/lib/oauth/models/consumers/services/twitter_token.rb +24 -0
- data/lib/oauth/models/consumers/simple_client.rb +50 -0
- data/lib/oauth/models/consumers/token.rb +93 -0
- data/lib/oauth/provider/authorizer.rb +83 -0
- data/lib/oauth/rack/oauth_filter.rb +93 -0
- data/oauth-plugin.gemspec +39 -0
- data/rails/init.rb +1 -0
- data/spec/dummy_provider_models.rb +53 -0
- data/spec/oauth/provider/authorizer_spec.rb +202 -0
- data/spec/rack/oauth_filter_spec.rb +244 -0
- data/spec/spec_helper.rb +3 -0
- data/tasks/oauth_tasks.rake +4 -0
- data/uninstall.rb +1 -0
- metadata +362 -0
@@ -0,0 +1,39 @@
|
|
1
|
+
.flash= flash[:notice]
|
2
|
+
%h1 OAuth Client Applications
|
3
|
+
- unless @tokens.empty?
|
4
|
+
|
5
|
+
%p
|
6
|
+
The following tokens have been issued to applications in your name
|
7
|
+
|
8
|
+
%table
|
9
|
+
%tr
|
10
|
+
%th Application
|
11
|
+
%th Issued
|
12
|
+
%th
|
13
|
+
- @tokens.each do |token|
|
14
|
+
- content_tag_for :tr, token do
|
15
|
+
%td= link_to token.client_application.name, token.client_application.url
|
16
|
+
%td= token.authorized_at
|
17
|
+
%td
|
18
|
+
- form_tag :controller => 'oauth', :action => 'revoke' do
|
19
|
+
= hidden_field_tag 'token', token.token
|
20
|
+
= submit_tag "Revoke!"
|
21
|
+
|
22
|
+
%h3 Application Developers
|
23
|
+
|
24
|
+
- if @client_applications.empty?
|
25
|
+
%p
|
26
|
+
Do you have an application you would like to register for use with us using the <a href="http://oauth.net">OAuth</a> standard?
|
27
|
+
You must register your web application before it can make OAuth requests to this service
|
28
|
+
- else
|
29
|
+
%p
|
30
|
+
You have the following client applications registered:
|
31
|
+
|
32
|
+
- @client_applications.each do |client|
|
33
|
+
- div_for client do
|
34
|
+
= link_to client.name, :action => :show, :id => client.id
|
35
|
+
= link_to 'Edit', edit_oauth_client_path(client)
|
36
|
+
= link_to 'Delete', oauth_client_path(client), :confirm => "Are you sure?", :method => :delete
|
37
|
+
%br
|
38
|
+
%h3
|
39
|
+
= link_to "Register your application", :action => :new
|
@@ -0,0 +1,17 @@
|
|
1
|
+
%h1 Authorize access to your account
|
2
|
+
%p
|
3
|
+
Would you like to authorize
|
4
|
+
= link_to @client_application.name,@client_application.url
|
5
|
+
(
|
6
|
+
= link_to @client_application.url,@client_application.url
|
7
|
+
) to access your account?
|
8
|
+
= form_tag authorize_url do
|
9
|
+
= hidden_field_tag "response_type", params[:response_type]
|
10
|
+
= hidden_field_tag "client_id", params[:client_id]
|
11
|
+
= hidden_field_tag "redirect_uri", params[:redirect_uri]
|
12
|
+
= hidden_field_tag "state", params[:state]
|
13
|
+
= hidden_field_tag "scope", params[:scope]
|
14
|
+
= check_box_tag 'authorize'
|
15
|
+
authorize access
|
16
|
+
%p
|
17
|
+
= submit_tag
|
@@ -0,0 +1,30 @@
|
|
1
|
+
%h1
|
2
|
+
OAuth details for
|
3
|
+
=@client_application.name
|
4
|
+
%p
|
5
|
+
%strong Consumer Key:
|
6
|
+
%code=@client_application.key
|
7
|
+
%p
|
8
|
+
%strong Consumer Secret:
|
9
|
+
%code=@client_application.secret
|
10
|
+
|
11
|
+
%p
|
12
|
+
%strong Request Token URL
|
13
|
+
%code
|
14
|
+
="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.request_token_path}"
|
15
|
+
|
16
|
+
%p
|
17
|
+
%strong Access Token URL
|
18
|
+
%code
|
19
|
+
="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.access_token_path}"
|
20
|
+
|
21
|
+
%p
|
22
|
+
%strong Authorize URL
|
23
|
+
%code
|
24
|
+
="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.authorize_path}"
|
25
|
+
|
26
|
+
%p
|
27
|
+
We support hmac-sha1 (recommended) as well as plain text in ssl mode.
|
28
|
+
|
29
|
+
= link_to 'Edit', edit_oauth_client_path(@client_application)
|
30
|
+
= link_to 'Back', oauth_clients_path
|
@@ -0,0 +1,15 @@
|
|
1
|
+
module Mongoid
|
2
|
+
module Generators
|
3
|
+
class OauthConsumerGenerator < Rails::Generators::Base
|
4
|
+
source_root File.expand_path('../oauth_consumer_templates', __FILE__)
|
5
|
+
|
6
|
+
def check_class_collisions
|
7
|
+
class_collisions '', %w(ConsumerToken)
|
8
|
+
end
|
9
|
+
|
10
|
+
def copy_models
|
11
|
+
template 'consumer_token.rb', File.join('app/models', 'consumer_token.rb')
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'oauth/models/consumers/token'
|
2
|
+
class ConsumerToken
|
3
|
+
include Mongoid::Document
|
4
|
+
include Mongoid::Timestamps
|
5
|
+
include Oauth::Models::Consumers::Token
|
6
|
+
|
7
|
+
# You can safely remove this callback if you don't allow login from any of your services
|
8
|
+
before_create :create_user
|
9
|
+
|
10
|
+
field :token, :type => String
|
11
|
+
field :secret, :type => String
|
12
|
+
|
13
|
+
index :token
|
14
|
+
|
15
|
+
# Add the following to your user model:
|
16
|
+
#
|
17
|
+
# embeds_many :consumer_tokens
|
18
|
+
# index "consumer_tokens.token"
|
19
|
+
#
|
20
|
+
embedded_in :user, :inverse_of => :consumer_tokens
|
21
|
+
|
22
|
+
def self.find_or_create_from_access_token(user,access_token)
|
23
|
+
secret = access_token.respond_to?(:secret) ? access_token.secret : nil
|
24
|
+
|
25
|
+
if user
|
26
|
+
user.consumer_tokens.where(:_type=>self.to_s,:token=>access_token.token).first ||
|
27
|
+
self.create!(:_type=>self.to_s,:token=>access_token.token, :secret=>secret, :user=>user)
|
28
|
+
else
|
29
|
+
user = User.where("consumer_tokens._type"=>self.to_s,"consumer_tokens.token"=>access_token.token).first
|
30
|
+
if user
|
31
|
+
user.consumer_tokens.detect{|t| t.token==access_token.token && t.is_a?(self)}
|
32
|
+
else
|
33
|
+
user = User.new
|
34
|
+
self.create!(:_type=>self.to_s,:token=>access_token.token, :secret=>secret, :user=>user)
|
35
|
+
user.save!
|
36
|
+
user.consumer_tokens.last
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module Mongoid
|
2
|
+
module Generators
|
3
|
+
class OauthProviderGenerator < Rails::Generators::Base
|
4
|
+
source_root File.expand_path('../oauth_provider_templates', __FILE__)
|
5
|
+
|
6
|
+
def check_class_collisions
|
7
|
+
class_collisions '', %w(ClientApplication OauthNonce RequestToken AccessToken OauthToken)
|
8
|
+
end
|
9
|
+
|
10
|
+
def copy_models
|
11
|
+
template 'client_application.rb', File.join('app/models', 'client_application.rb')
|
12
|
+
template 'oauth_token.rb', File.join('app/models', 'oauth_token.rb')
|
13
|
+
template 'request_token.rb', File.join('app/models', 'request_token.rb')
|
14
|
+
template 'access_token.rb', File.join('app/models', 'access_token.rb')
|
15
|
+
template 'oauth2_token.rb', File.join('app/models', 'oauth2_token.rb')
|
16
|
+
template 'oauth2_verifier.rb', File.join('app/models', 'oauth2_verifier.rb')
|
17
|
+
template 'oauth_nonce.rb', File.join('app/models', 'oauth_nonce.rb')
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class AccessToken < OauthToken
|
2
|
+
validates_presence_of :user, :secret
|
3
|
+
before_create :set_authorized_at
|
4
|
+
|
5
|
+
# Implement this to return a hash or array of the capabilities the access token has
|
6
|
+
# This is particularly useful if you have implemented user defined permissions.
|
7
|
+
# def capabilities
|
8
|
+
# {:invalidate=>"/oauth/invalidate",:capabilities=>"/oauth/capabilities"}
|
9
|
+
# end
|
10
|
+
|
11
|
+
protected
|
12
|
+
|
13
|
+
def set_authorized_at
|
14
|
+
self.authorized_at = Time.now
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
require 'oauth'
|
2
|
+
|
3
|
+
class ClientApplication
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
|
7
|
+
field :name, :type => String
|
8
|
+
field :url, :type => String
|
9
|
+
field :support_url, :type => String
|
10
|
+
field :callback_url, :type => String
|
11
|
+
field :key, :type => String
|
12
|
+
field :secret, :type => String
|
13
|
+
field :secret, :type => String
|
14
|
+
|
15
|
+
index :key, :unique => true
|
16
|
+
|
17
|
+
referenced_in :user
|
18
|
+
references_many :tokens, :class_name => 'OauthToken'
|
19
|
+
references_many :access_tokens
|
20
|
+
references_many :oauth2_verifiers
|
21
|
+
references_many :oauth_tokens
|
22
|
+
|
23
|
+
validates_presence_of :name, :url, :key, :secret
|
24
|
+
validates_uniqueness_of :key
|
25
|
+
before_validation :generate_keys, :on => :create
|
26
|
+
|
27
|
+
validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
|
28
|
+
validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
|
29
|
+
validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
|
30
|
+
|
31
|
+
attr_accessor :token_callback_url
|
32
|
+
|
33
|
+
def self.find_token(token_key)
|
34
|
+
token = OauthToken.where(:token => token_key)
|
35
|
+
if token && token.authorized?
|
36
|
+
token
|
37
|
+
else
|
38
|
+
nil
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.verify_request(request, options = {}, &block)
|
43
|
+
begin
|
44
|
+
signature = OAuth::Signature.build(request, options, &block)
|
45
|
+
return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
|
46
|
+
value = signature.verify
|
47
|
+
value
|
48
|
+
rescue OAuth::Signature::UnknownSignatureMethod => e
|
49
|
+
false
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def oauth_server
|
54
|
+
@oauth_server ||= OAuth::Server.new("http://your.site")
|
55
|
+
end
|
56
|
+
|
57
|
+
def credentials
|
58
|
+
@oauth_client ||= OAuth::Consumer.new(key, secret)
|
59
|
+
end
|
60
|
+
|
61
|
+
# If your application requires passing in extra parameters handle it here
|
62
|
+
def create_request_token(params={})
|
63
|
+
RequestToken.create :client_application => self, :callback_url=>self.token_callback_url
|
64
|
+
end
|
65
|
+
|
66
|
+
protected
|
67
|
+
def generate_keys
|
68
|
+
self.key = OAuth::Helper.generate_key(40)[0,40]
|
69
|
+
self.secret = OAuth::Helper.generate_key(40)[0,40]
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
class Oauth2Token < AccessToken
|
2
|
+
attr_accessor :state
|
3
|
+
def as_json(options={})
|
4
|
+
d = {:access_token=>token, :token_type => 'bearer'}
|
5
|
+
d[:expires_in] = expires_in if expires_at
|
6
|
+
d
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_query
|
10
|
+
q = "access_token=#{token}&token_type=bearer"
|
11
|
+
q << "&state=#{URI.escape(state)}" if @state
|
12
|
+
q << "&expires_in=#{expires_in}" if expires_at
|
13
|
+
q << "&scope=#{URI.escape(scope)}" if scope
|
14
|
+
q
|
15
|
+
end
|
16
|
+
|
17
|
+
def expires_in
|
18
|
+
expires_at.to_i - Time.now.to_i
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
class Oauth2Verifier < OauthToken
|
2
|
+
validates_presence_of :user
|
3
|
+
attr_accessor :state
|
4
|
+
|
5
|
+
def exchange!(params={})
|
6
|
+
OauthToken.transaction do
|
7
|
+
token = Oauth2Token.create! :user=>user,:client_application=>client_application, :scope => scope
|
8
|
+
invalidate!
|
9
|
+
token
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def code
|
14
|
+
token
|
15
|
+
end
|
16
|
+
|
17
|
+
def redirect_url
|
18
|
+
callback_url
|
19
|
+
end
|
20
|
+
|
21
|
+
def to_query
|
22
|
+
q = "code=#{token}"
|
23
|
+
q << "&state=#{URI.escape(state)}" if @state
|
24
|
+
q
|
25
|
+
end
|
26
|
+
|
27
|
+
protected
|
28
|
+
|
29
|
+
def generate_keys
|
30
|
+
self.token = OAuth::Helper.generate_key(20)[0,20]
|
31
|
+
self.expires_at = 10.minutes.from_now
|
32
|
+
self.authorized_at = Time.now
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
|
2
|
+
# Thus you can use the same nonce with a different timestamp and viceversa.
|
3
|
+
class OauthNonce
|
4
|
+
include Mongoid::Document
|
5
|
+
include Mongoid::Timestamps
|
6
|
+
|
7
|
+
field :nonce, :type => String
|
8
|
+
field :timestamp, :type => Integer
|
9
|
+
|
10
|
+
index [
|
11
|
+
[:nonce, Mongo::ASCENDING],
|
12
|
+
[:timestamp, Mongo::ASCENDING]
|
13
|
+
], :unique => true
|
14
|
+
|
15
|
+
validates_presence_of :nonce, :timestamp
|
16
|
+
validates_uniqueness_of :nonce, :scope => :timestamp
|
17
|
+
|
18
|
+
# Remembers a nonce and it's associated timestamp. It returns false if it has already been used
|
19
|
+
def self.remember(nonce, timestamp)
|
20
|
+
oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
|
21
|
+
return false if oauth_nonce.new_record?
|
22
|
+
oauth_nonce
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
class OauthToken
|
2
|
+
include Mongoid::Document
|
3
|
+
include Mongoid::Timestamps
|
4
|
+
|
5
|
+
field :token, :type => String
|
6
|
+
field :secret, :type => String
|
7
|
+
field :callback_url, :type => String
|
8
|
+
field :verifier, :type => String
|
9
|
+
field :scope, :type => String
|
10
|
+
field :authorized_at, :type => Time
|
11
|
+
field :invalidated_at, :type => Time
|
12
|
+
field :expires_at, :type => Time
|
13
|
+
|
14
|
+
index :token, :unique => true
|
15
|
+
|
16
|
+
referenced_in :user
|
17
|
+
referenced_in :client_application
|
18
|
+
|
19
|
+
validates_uniqueness_of :token
|
20
|
+
validates_presence_of :client_application, :token
|
21
|
+
before_validation :generate_keys, :on => :create
|
22
|
+
|
23
|
+
def invalidated?
|
24
|
+
!invalidated_at.nil?
|
25
|
+
end
|
26
|
+
|
27
|
+
def invalidate!
|
28
|
+
update_attribute(:invalidated_at, Time.now)
|
29
|
+
end
|
30
|
+
|
31
|
+
def authorized?
|
32
|
+
!authorized_at.nil? && !invalidated?
|
33
|
+
end
|
34
|
+
|
35
|
+
def to_query
|
36
|
+
"oauth_token=#{token}&oauth_token_secret=#{secret}"
|
37
|
+
end
|
38
|
+
|
39
|
+
protected
|
40
|
+
def generate_keys
|
41
|
+
self.token = OAuth::Helper.generate_key(40)[0,40]
|
42
|
+
self.secret = OAuth::Helper.generate_key(40)[0,40]
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
class RequestToken < OauthToken
|
2
|
+
attr_accessor :provided_oauth_verifier
|
3
|
+
|
4
|
+
def authorize!(user)
|
5
|
+
return false if authorized?
|
6
|
+
self.user = user
|
7
|
+
self.authorized_at = Time.now
|
8
|
+
self.verifier = OAuth::Helper.generate_key(20)[0,20] unless oauth10?
|
9
|
+
self.save
|
10
|
+
end
|
11
|
+
|
12
|
+
def exchange!
|
13
|
+
return false unless authorized?
|
14
|
+
return false unless oauth10? || verifier == provided_oauth_verifier
|
15
|
+
|
16
|
+
AccessToken.create(:user => user, :client_application => client_application).tap do
|
17
|
+
invalidate!
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def to_query
|
22
|
+
if oauth10?
|
23
|
+
super
|
24
|
+
else
|
25
|
+
"#{super}&oauth_callback_confirmed=true"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def oob?
|
30
|
+
callback_url.nil? || callback_url.downcase == 'oob'
|
31
|
+
end
|
32
|
+
|
33
|
+
def oauth10?
|
34
|
+
(defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
This creates an OAuth Consumer controller as well as requisite models.
|
2
|
+
|
3
|
+
It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication that provides the methods "login_required" and "current_user".
|
4
|
+
|
5
|
+
See comments in generated controller for more info about overriding these.
|
6
|
+
|
7
|
+
If you generated the migration file (true by default), make sure you run
|
8
|
+
|
9
|
+
rake db:migrate
|
10
|
+
|
11
|
+
See README.rdoc for more.
|