passport 0.0.1 → 0.1.1

data/lib/passport/core/settings.rb

@@ -0,0 +1,75 @@
+module Passport
+  class SettingsError < StandardError; end
+    
+  module Settings
+    def self.included(base)
+      base.extend ClassMethods
+    end
+    
+    module ClassMethods
+      KEY = "services" unless defined?(KEY)
+      
+      attr_accessor :config, :adapter, :root
+      
+      def configure(value)
+        self.config = (value.is_a?(String) ? YAML.load_file(value) : value).recursively_symbolize_keys!
+        if self.config.has_key?(:connect)
+          self.config[:services] = self.config.delete(:connect)
+          puts "[Deprecation] change 'connect' to 'services' in Passport configuration"
+        end
+        self.config[:adapter] ||= "object"
+        self.adapter = config[:adapter]
+        
+        install
+        
+        self.config
+      end
+      
+      def adapter=(string)
+        valid_adapters = %w(object active_record mongo)
+        unless valid_adapters.include?(string)
+          raise SettingsError.new("Adapter can only be 'object', 'active_record', or 'mongo'")
+        end
+        @adapter = string
+      end
+      
+      def key(path)
+        result = self.config
+        path.to_s.split(".").each { |node| result = result[node.to_sym] if result }
+        result
+      end
+      
+      def credentials(service)
+        result = key("#{KEY}.#{service.to_s}")
+        unless result && result.has_key?(:key) && result.has_key?(:secret)
+          raise SettingsError.new("Please specify both a key and secret for ':#{service}'")
+        end
+        result
+      end
+      
+      def services
+        key(KEY)
+      end
+    
+      def service_names
+        services.keys.collect(&:to_s)
+      end
+    
+      def include?(service)
+        !credentials(service).nil?
+      end
+      
+      def token(key, throw_error = true)
+        unless Passport.include?(key) and !key.to_s.empty?
+          raise SettingsError.new("can't find key '#{key.to_s}' in Passport.config" ) if throw_error
+        else
+          "#{key.to_s.camelcase}Token".constantize
+        end
+      end
+      
+      def consumer(key)
+        token(key).consumer
+      end
+    end
+  end
+end

data/lib/passport/core/state.rb

@@ -0,0 +1,37 @@
+module Passport
+  module State
+    def self.included(base)
+      base.extend ClassMethods
+    end
+    
+    module ClassMethods
+      def key?(key)
+        Rack::Context.key?(key)
+      end
+      
+      def session_key?(key)
+        Rack::Context.session_key?(key)
+      end
+      
+      def params_key?(key)
+        Rack::Context.params_key?(key)
+      end
+      
+      def params?
+        !params.blank?
+      end
+      
+      def session?
+        !session.blank?
+      end
+      
+      def active?
+        Passport::Oauth::Protocol.active? || Passport::Oauth::Protocol.active?
+      end
+      
+      def authenticating?(type)
+        authentication_type == type.to_s
+      end
+    end
+  end
+end

data/lib/passport/core/user.rb

@@ -0,0 +1,63 @@
+module Passport
+  module User
+  
+    def self.included(base)
+      base.validate :validate_passport, :if => lambda { Passport.authenticating?(:user) }
+      base.send :include, InstanceMethods
+    end
+    
+    module InstanceMethods
+      
+      def self.included(base)
+        base.class_eval do
+          has_many :access_tokens, :as => :user, :class_name => "AccessToken", :dependent => :destroy
+          accepts_nested_attributes_for :access_tokens
+        end
+      end
+      
+      def save(options = {}, &block)
+        block = nil if block_given? && Passport.process?
+        options[:validate] = true unless options.has_key?(:validate)
+        result = super(options, &block)
+        yield(result) unless block.nil?
+        result
+      end
+      
+      def validate_passport
+        Passport.authenticate(self) do |token|
+          if token
+            access_tokens << token
+          else
+            errors.add("Passport validation error")
+          end
+        end
+      end
+      
+      def update_attributes(attributes, &block)
+        self.attributes = attributes
+        save(:validate => true, &block)
+      end
+      
+      def access_token(service)
+        self.access_tokens.detect { |token| token.service == service.to_s }
+      end
+      
+      def access_token?(service)
+        access_token(service).blank?
+      end
+      
+      # user.facebook_token
+      # user.facebook_token?
+      def method_missing(meth, *args, &block)
+        if meth.to_s =~ /(\w+)_token(\?)?/
+          service = $1
+          return access_token?(service) unless $2.blank?
+          return access_token(service)
+        end
+
+        super(meth, *args, &block)
+      end
+      
+    end
+  end
+end

data/lib/passport/engine.rb

@@ -0,0 +1,15 @@
+module Passport
+  class Engine < Rails::Engine
+    
+    initializer "passport.authentication_hook" do |app|
+      app.middleware.use Rack::Context
+      app.middleware.use Passport::Filter
+      app.middleware.use OpenIdAuthentication
+    end
+    
+    initializer "passport.finalize", :after => "passport.authentication_hook" do |app|
+      OpenID::Util.logger = Rails.logger
+      ActionController::Base.send :include, OpenIdAuthentication
+    end
+  end
+end

data/lib/passport/helpers/core.rb

@@ -0,0 +1,85 @@
+# these are extensions I've found useful for this project
+class String
+  # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
+  def normalize_identifier
+    # clean up whitespace
+    identifier = self.dup.strip
+
+    # if an XRI has a prefix, strip it.
+    identifier.gsub!(/xri:\/\//i, '')
+
+    # dodge XRIs -- TODO: validate, don't just skip.
+    unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
+      # does it begin with http?  if not, add it.
+      identifier = "http://#{identifier}" unless identifier =~ /^http/i
+
+      # strip any fragments
+      identifier.gsub!(/\#(.*)$/, '')
+
+      begin
+        uri = URI.parse(identifier)
+        uri.scheme = uri.scheme.downcase  # URI should do this
+        identifier = uri.normalize.to_s
+      rescue URI::InvalidURIError
+        raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
+      end
+    end
+
+    return identifier
+  end
+end
+
+class Hash
+  def recursively_symbolize_keys!
+    self.symbolize_keys!
+    self.values.each do |v|
+      if v.is_a? Hash
+        v.recursively_symbolize_keys!
+      elsif v.is_a? Array
+        v.recursively_symbolize_keys!
+      end
+    end
+    self
+  end
+end
+
+class Array
+  def recursively_symbolize_keys!
+    self.each do |item|
+      if item.is_a? Hash
+        item.recursively_symbolize_keys!
+      elsif item.is_a? Array
+        item.recursively_symbolize_keys!
+      end
+    end
+  end
+end
+
+if defined?(ActionController::Base)
+  ActionController::Base.class_eval do
+    prepend_before_filter :set_rails_context
+    
+    def set_rails_context
+      Thread.current[:rails_context] = self
+    end
+  end
+end
+
+# Rails 3beta4 backport
+if defined?(ActiveSupport::HashWithIndifferentAccess)
+  ActiveSupport::HashWithIndifferentAccess.class_eval do
+    unless respond_to?(:symbolize_keys!)
+      def symbolize_keys!
+        symbolize_keys
+      end
+    end
+  end
+end
+
+Object.class_eval do
+  unless respond_to?(:symbolize_keys!)
+    def symbolize_keys!
+      symbolize_keys
+    end
+  end
+end

data/lib/passport/helpers/filter.rb

@@ -0,0 +1,28 @@
+# http://github.com/manveru/innate/blob/master/lib/innate/current.rb
+module Passport
+  class Filter
+    METHODS = %w(get head put post delete options)
+    
+    def initialize(app)
+      @app = app
+    end
+    
+    # this intercepts how the browser interprets the url.
+    # so we override it and say,
+    # "if we've stored a variable in the session called :auth_callback_method,
+    # then convert that into a POST call so we re-call the original method"
+    def call(env)
+      if env["rack.session"].nil?
+        raise "Make sure you are setting the session in Rack too!  Place this in config/application.rb"
+      end
+      
+      unless env["rack.session"][:auth_callback_method].blank?
+        method = env["rack.session"].delete(:auth_callback_method).to_s.downcase
+        method = "get" unless METHODS.include?(method)
+        env["REQUEST_METHOD"] = method.upcase
+      end
+      
+      @app.call(env)
+    end
+  end
+end

data/lib/passport/helpers/mixin.rb

@@ -0,0 +1,15 @@
+module Passport
+  module Mixin
+    def self.included(base)
+      base.extend ClassMethods
+    end
+    
+    module ClassMethods
+      def has_passport
+        include Passport::User
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send(:include, Passport::Mixin) if defined?(ActiveRecord::Base)

data/lib/passport/helpers/rack-context.rb

@@ -0,0 +1,72 @@
+module Rack
+  class Context
+    def initialize(app)
+      @app = app
+    end
+    
+    def call(env)
+      Thread.current[:rack_context] = Rack::Request.new(env)
+      @app.call(env)
+    end
+    
+    class << self
+      def request
+        Thread.current[:rack_context]
+      end
+      
+      def session
+        request.nil? ? nil : request.session
+      end
+      
+      def params
+        request.nil? ? nil : request.params
+      end
+      
+      def env
+        request.nil? ? nil : request.env
+      end
+      
+      def find(key)
+        params_key(key) || session_key(key)
+      end
+      
+      def key?(key)
+        !find(key).blank?
+      end
+      
+      def session_key(key)
+        return nil if session.blank?
+        string = key.to_s
+        symbol = key.to_sym
+        return session[string] unless session[string].blank?
+        return session[symbol] unless session[symbol].blank?
+      end
+      
+      def session_key?(key)
+        !session_key(key).blank?
+      end
+      
+      def params_key(key)
+        return nil if params.blank?
+        string = key.to_s
+        symbol = key.to_sym
+        return params[string] unless params[string].blank?
+        return params[symbol] unless params[symbol].blank?
+      end
+      
+      def params_key?(key)
+        !params_key(key).blank?
+      end
+      
+      def find_pair(attribute)
+        
+      end
+      
+      def delete_session_key(key)
+        return if session.blank?
+        keys = key.is_a?(Symbol) ? [key, key.to_s] : [key, key.to_sym]
+        keys.each { |k| session.delete(k) }
+      end
+    end
+  end
+end

data/lib/passport/oauth.rb

@@ -0,0 +1,8 @@
+this = File.expand_path(File.dirname(__FILE__)) + '/oauth'
+requirements = Dir["#{this}/client/*"] + Dir["#{this}/protocol/*"]
+requirements += ["#{this}/oauth_token", "#{this}/protocol", "#{this}/helper"]
+requirements += Dir["#{this}/tokens/*"]
+
+requirements.each do |file|
+  require file
+end

data/lib/passport/oauth/client/authorizable.rb

@@ -0,0 +1,84 @@
+module Passport
+  module Oauth
+    module Authorizable
+      def self.included(base)
+        base.extend ClassMethods
+        base.send :include, InstanceMethods
+      end
+      
+      module ClassMethods
+        # first part in the sequece.
+        # returns a <Hash>:
+        #   {:url => "x", :token => "y", :secret => "z"}
+        # if it's using Oauth 1.0, token and secret will be present.
+        # if it's using Oauth 2.0, token and secret are not present.
+        # for Oauth 1.0, save the token/secret in the session to use
+        # after the redirect.
+        def authorize(callback_url, options = {})
+          result = {}
+
+          if version == 1.0
+            options.reverse_merge!(:scope => consumer_settings[:scope]) if consumer_settings[:scope]
+            request = consumer.get_request_token({:oauth_callback => callback_url}, options)
+            result[:token] = request.token
+            result[:secret] = request.secret
+            result[:url] = request.authorize_url
+          else
+            options.merge!(:redirect_uri => callback_url)
+            result[:url] = consumer.web_server.authorize_url(options)
+          end
+          
+          result
+        end
+        
+        # get the access token
+        def access(options)
+          if version == 1.0
+            access_token = OAuth::RequestToken.new(consumer, options[:token], options[:secret]).get_access_token(:oauth_verifier => options[:oauth_verifier])
+            result = {:token => access_token.token.to_s, :secret => access_token.secret.to_s}
+          else
+            access_token = consumer.web_server.get_access_token(options[:secret], :redirect_uri => options[:callback_url])
+            result = {:token => access_token.token.to_s, :secret => options[:secret].to_s}
+          end
+          
+          result[:key] = identify(access_token) unless options[:identify] == false
+          
+          result
+        end
+        
+        def credentials
+          @credentials ||= Passport.credentials(service)
+        end
+      end
+      
+      module InstanceMethods
+        # key is a way to 100% uniquely identify a user, even if token or secret change
+        # "token" passed from provider
+        # oauth "secret" passed from provider
+        
+        attr_accessor :authorize_url
+
+        def authorize(callback_url, options = {})
+          hash = self.class.authorize(callback_url, options)
+          self.authorize_url = hash[:url]
+          self.token         = hash[:token]
+          self.secret        = hash[:secret]
+          hash
+        end
+        
+        def access(options)
+          options = {:token => self.token, :secret => self.secret}.merge(options)
+          hash = self.class.access(options)
+          self.key           = hash[:key]
+          self.token         = hash[:token]
+          self.secret        = hash[:secret]
+          hash
+        end
+        
+        def credentials
+          self.class.credentials
+        end
+      end
+    end
+  end
+end