panjiva-oauth-plugin 0.4.1

data/lib/generators/haml/oauth_provider_templates/index.html.haml

@@ -0,0 +1,39 @@
+.flash= flash[:notice]
+%h1 OAuth Client Applications
+- unless @tokens.empty?
+
+  %p
+    The following tokens have been issued to applications in your name
+
+  %table
+    %tr
+      %th Application
+      %th Issued
+      %th  
+    - @tokens.each do |token|
+      - content_tag_for :tr, token do
+        %td= link_to token.client_application.name, token.client_application.url
+        %td= token.authorized_at
+        %td
+          - form_tag :controller => 'oauth', :action => 'revoke' do
+            = hidden_field_tag 'token', token.token
+            = submit_tag "Revoke!"
+
+%h3 Application Developers
+
+- if @client_applications.empty?
+  %p
+    Do you have an application you would like to register for use with us using the <a href="http://oauth.net">OAuth</a> standard?
+    You must register your web application before it can make OAuth requests to this service
+- else
+  %p
+    You have the following client applications registered:
+
+  - @client_applications.each do |client|
+    - div_for client do
+      = link_to client.name, :action => :show, :id => client.id
+      = link_to 'Edit', edit_oauth_client_path(client)
+      = link_to 'Delete', oauth_client_path(client), :confirm => "Are you sure?", :method => :delete
+%br
+%h3
+  = link_to "Register your application", :action => :new

data/lib/generators/haml/oauth_provider_templates/new.html.haml

@@ -0,0 +1,5 @@
+%h1 Register a new application
+
+= form_for :client_application, :url => { :action => :create } do |f|
+  = render :partial => "form", :locals => { :f => f }
+  = submit_tag "Register"

data/lib/generators/haml/oauth_provider_templates/oauth2_authorize.html.haml

@@ -0,0 +1,17 @@
+%h1 Authorize access to your account
+%p
+  Would you like to authorize
+  = link_to @client_application.name,@client_application.url
+  (
+  = link_to @client_application.url,@client_application.url
+  ) to access your account?
+= form_tag authorize_url do
+  = hidden_field_tag "response_type", params[:response_type]
+  = hidden_field_tag "client_id", params[:client_id]
+  = hidden_field_tag "redirect_uri", params[:redirect_uri]
+  = hidden_field_tag "state", params[:state]
+  = hidden_field_tag "scope", params[:scope]
+  = check_box_tag 'authorize'
+  authorize access
+  %p
+    = submit_tag

data/lib/generators/haml/oauth_provider_templates/show.html.haml

@@ -0,0 +1,30 @@
+%h1
+  OAuth details for
+  =@client_application.name
+%p
+  %strong Consumer Key:
+  %code=@client_application.key
+%p
+  %strong Consumer Secret:
+  %code=@client_application.secret
+
+%p
+  %strong Request Token URL
+  %code
+    ="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.request_token_path}"
+
+%p
+  %strong Access Token URL
+  %code
+    ="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.access_token_path}"
+
+%p
+  %strong Authorize URL
+  %code
+    ="http#{'s' if request.ssl?}://#{request.host_with_port}#{@client_application.oauth_server.authorize_path}"
+
+%p
+  We support hmac-sha1 (recommended) as well as plain text in ssl mode.
+
+= link_to 'Edit', edit_oauth_client_path(@client_application)
+= link_to 'Back', oauth_clients_path

data/lib/generators/mongoid/oauth_consumer_generator.rb

@@ -0,0 +1,15 @@
+module Mongoid
+  module Generators
+    class OauthConsumerGenerator < Rails::Generators::Base
+      source_root File.expand_path('../oauth_consumer_templates', __FILE__)
+
+      def check_class_collisions
+        class_collisions '', %w(ConsumerToken)
+      end
+
+      def copy_models
+        template 'consumer_token.rb', File.join('app/models', 'consumer_token.rb')
+      end
+    end
+  end
+end

data/lib/generators/mongoid/oauth_consumer_templates/consumer_token.rb

@@ -0,0 +1,41 @@
+require 'oauth/models/consumers/token'
+class ConsumerToken
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Oauth::Models::Consumers::Token
+
+  # You can safely remove this callback if you don't allow login from any of your services
+  before_create :create_user
+
+  field :token, :type => String
+  field :secret, :type => String
+
+  index :token
+
+  # Add the following to your user model:
+  #
+  #   embeds_many :consumer_tokens
+  #   index "consumer_tokens.token"
+  #
+  embedded_in :user, :inverse_of => :consumer_tokens
+
+  def self.find_or_create_from_access_token(user,access_token)
+    secret = access_token.respond_to?(:secret) ? access_token.secret : nil
+
+    if user
+      user.consumer_tokens.where(:_type=>self.to_s,:token=>access_token.token).first ||
+        self.create!(:_type=>self.to_s,:token=>access_token.token, :secret=>secret, :user=>user)
+    else
+      user = User.where("consumer_tokens._type"=>self.to_s,"consumer_tokens.token"=>access_token.token).first
+      if user
+        user.consumer_tokens.detect{|t| t.token==access_token.token && t.is_a?(self)}
+      else
+        user = User.new
+        self.create!(:_type=>self.to_s,:token=>access_token.token, :secret=>secret, :user=>user)
+        user.save!
+        user.consumer_tokens.last
+      end
+    end
+  end
+
+end

data/lib/generators/mongoid/oauth_provider_generator.rb

@@ -0,0 +1,21 @@
+module Mongoid
+  module Generators
+    class OauthProviderGenerator < Rails::Generators::Base
+      source_root File.expand_path('../oauth_provider_templates', __FILE__)
+
+      def check_class_collisions
+        class_collisions '', %w(ClientApplication OauthNonce RequestToken AccessToken OauthToken)
+      end
+
+      def copy_models
+        template 'client_application.rb', File.join('app/models', 'client_application.rb')
+        template 'oauth_token.rb',        File.join('app/models', 'oauth_token.rb')
+        template 'request_token.rb',      File.join('app/models', 'request_token.rb')
+        template 'access_token.rb',       File.join('app/models', 'access_token.rb')
+        template 'oauth2_token.rb',       File.join('app/models', 'oauth2_token.rb')
+        template 'oauth2_verifier.rb',    File.join('app/models', 'oauth2_verifier.rb')
+        template 'oauth_nonce.rb',        File.join('app/models', 'oauth_nonce.rb')
+      end
+    end
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/access_token.rb

@@ -0,0 +1,16 @@
+class AccessToken < OauthToken
+  validates_presence_of :user, :secret
+  before_create :set_authorized_at
+
+  # Implement this to return a hash or array of the capabilities the access token has
+  # This is particularly useful if you have implemented user defined permissions.
+  # def capabilities
+  #   {:invalidate=>"/oauth/invalidate",:capabilities=>"/oauth/capabilities"}
+  # end
+
+  protected
+
+  def set_authorized_at
+    self.authorized_at = Time.now
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/client_application.rb

@@ -0,0 +1,71 @@
+require 'oauth'
+
+class ClientApplication
+  include Mongoid::Document
+  include Mongoid::Timestamps
+
+  field :name,          :type => String
+  field :url,           :type => String
+  field :support_url,   :type => String
+  field :callback_url,  :type => String
+  field :key,           :type => String
+  field :secret,        :type => String
+  field :secret,        :type => String
+
+  index :key, :unique => true
+
+  referenced_in :user
+  references_many :tokens, :class_name => 'OauthToken'
+  references_many :access_tokens
+  references_many :oauth2_verifiers
+  references_many :oauth_tokens
+
+  validates_presence_of :name, :url, :key, :secret
+  validates_uniqueness_of :key
+  before_validation :generate_keys, :on => :create
+
+  validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
+  validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+  validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+
+  attr_accessor :token_callback_url
+
+  def self.find_token(token_key)
+    token = OauthToken.where(:token => token_key)
+    if token && token.authorized?
+      token
+    else
+      nil
+    end
+  end
+
+  def self.verify_request(request, options = {}, &block)
+    begin
+      signature = OAuth::Signature.build(request, options, &block)
+      return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
+      value = signature.verify
+      value
+    rescue OAuth::Signature::UnknownSignatureMethod => e
+      false
+    end
+  end
+
+  def oauth_server
+    @oauth_server ||= OAuth::Server.new("http://your.site")
+  end
+
+  def credentials
+    @oauth_client ||= OAuth::Consumer.new(key, secret)
+  end
+
+  # If your application requires passing in extra parameters handle it here
+  def create_request_token(params={})
+    RequestToken.create :client_application => self, :callback_url=>self.token_callback_url
+  end
+
+  protected
+  def generate_keys
+    self.key = OAuth::Helper.generate_key(40)[0,40]
+    self.secret = OAuth::Helper.generate_key(40)[0,40]
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/oauth2_token.rb

@@ -0,0 +1,20 @@
+class Oauth2Token < AccessToken
+  attr_accessor :state
+  def as_json(options={})
+    d = {:access_token=>token, :token_type => 'bearer'}
+    d[:expires_in] = expires_in if expires_at
+    d
+  end
+
+  def to_query
+    q = "access_token=#{token}&token_type=bearer"
+    q << "&state=#{URI.escape(state)}" if @state
+    q << "&expires_in=#{expires_in}" if expires_at
+    q << "&scope=#{URI.escape(scope)}" if scope
+    q
+  end
+
+  def expires_in
+    expires_at.to_i - Time.now.to_i
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/oauth2_verifier.rb

@@ -0,0 +1,35 @@
+class Oauth2Verifier < OauthToken
+  validates_presence_of :user
+  attr_accessor :state
+
+  def exchange!(params={})
+    OauthToken.transaction do
+      token = Oauth2Token.create! :user=>user,:client_application=>client_application, :scope => scope
+      invalidate!
+      token
+    end
+  end
+
+  def code
+    token
+  end
+
+  def redirect_url
+    callback_url
+  end
+
+  def to_query
+    q = "code=#{token}"
+    q << "&state=#{URI.escape(state)}" if @state
+    q
+  end
+
+  protected
+
+  def generate_keys
+    self.token = OAuth::Helper.generate_key(20)[0,20]
+    self.expires_at = 10.minutes.from_now
+    self.authorized_at = Time.now
+  end
+
+end

data/lib/generators/mongoid/oauth_provider_templates/oauth_nonce.rb

@@ -0,0 +1,24 @@
+# Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
+# Thus you can use the same nonce with a different timestamp and viceversa.
+class OauthNonce
+  include Mongoid::Document
+  include Mongoid::Timestamps
+
+  field :nonce,     :type => String
+  field :timestamp, :type => Integer
+
+  index [
+    [:nonce, Mongo::ASCENDING],
+    [:timestamp, Mongo::ASCENDING]
+  ], :unique => true
+
+  validates_presence_of :nonce, :timestamp
+  validates_uniqueness_of :nonce, :scope => :timestamp
+
+  # Remembers a nonce and it's associated timestamp. It returns false if it has already been used
+  def self.remember(nonce, timestamp)
+    oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
+    return false if oauth_nonce.new_record?
+    oauth_nonce
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/oauth_token.rb

@@ -0,0 +1,44 @@
+class OauthToken
+  include Mongoid::Document
+  include Mongoid::Timestamps
+
+  field :token, :type => String
+  field :secret, :type => String
+  field :callback_url, :type => String
+  field :verifier, :type => String
+  field :scope, :type => String
+  field :authorized_at, :type => Time
+  field :invalidated_at, :type => Time
+  field :expires_at, :type => Time
+
+  index :token, :unique => true
+
+  referenced_in :user
+  referenced_in :client_application
+
+  validates_uniqueness_of :token
+  validates_presence_of :client_application, :token
+  before_validation :generate_keys, :on => :create
+
+  def invalidated?
+    !invalidated_at.nil?
+  end
+
+  def invalidate!
+    update_attribute(:invalidated_at, Time.now)
+  end
+
+  def authorized?
+    !authorized_at.nil? && !invalidated?
+  end
+
+  def to_query
+    "oauth_token=#{token}&oauth_token_secret=#{secret}"
+  end
+
+  protected
+  def generate_keys
+    self.token = OAuth::Helper.generate_key(40)[0,40]
+    self.secret = OAuth::Helper.generate_key(40)[0,40]
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/request_token.rb

@@ -0,0 +1,36 @@
+class RequestToken < OauthToken
+  attr_accessor :provided_oauth_verifier
+
+  def authorize!(user)
+    return false if authorized?
+    self.user           = user
+    self.authorized_at  = Time.now
+    self.verifier       = OAuth::Helper.generate_key(20)[0,20] unless oauth10?
+    self.save
+  end
+
+  def exchange!
+    return false unless authorized?
+    return false unless oauth10? || verifier == provided_oauth_verifier
+
+    AccessToken.create(:user => user, :client_application => client_application).tap do
+      invalidate!
+    end
+  end
+
+  def to_query
+    if oauth10?
+      super
+    else
+      "#{super}&oauth_callback_confirmed=true"
+    end
+  end
+
+  def oob?
+    callback_url.nil? || callback_url.downcase == 'oob'
+  end
+
+  def oauth10?
+    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+  end
+end

data/lib/generators/oauth_consumer/USAGE

@@ -0,0 +1,11 @@
+This creates an OAuth Consumer controller as well as requisite models.
+
+It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication that provides the methods "login_required" and "current_user".
+
+See comments in generated controller for more info about overriding these.
+
+If you generated the migration file (true by default), make sure you run
+
+  rake db:migrate
+
+See README.rdoc for more.