playlyfe 0.1.1 → 0.2.0

data/lib/access_token.rb

@@ -0,0 +1,173 @@
+module OAuth2
+  class AccessToken
+    attr_reader :client, :token, :expires_in, :expires_at, :params
+    attr_accessor :options, :refresh_token
+
+    class << self
+      # Initializes an AccessToken from a Hash
+      #
+      # @param [Client] the OAuth2::Client instance
+      # @param [Hash] a hash of AccessToken property values
+      # @return [AccessToken] the initalized AccessToken
+      def from_hash(client, hash)
+        new(client, hash.delete('access_token') || hash.delete(:access_token), hash)
+      end
+
+      # Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
+      #
+      # @param [Client] client the OAuth2::Client instance
+      # @param [String] kvform the application/x-www-form-urlencoded string
+      # @return [AccessToken] the initalized AccessToken
+      def from_kvform(client, kvform)
+        from_hash(client, Rack::Utils.parse_query(kvform))
+      end
+    end
+
+    # Initalize an AccessToken
+    #
+    # @param [Client] client the OAuth2::Client instance
+    # @param [String] token the Access Token value
+    # @param [Hash] opts the options to create the Access Token with
+    # @option opts [String] :refresh_token (nil) the refresh_token value
+    # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
+    # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
+    # @option opts [Symbol] :mode (:header) the transmission mode of the Access Token parameter value
+    # one of :header, :body or :query
+    # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header
+    # @option opts [String] :param_name ('access_token') the parameter name to use for transmission of the
+    # Access Token value in :body or :query transmission mode
+    def initialize(client, token, opts = {})
+      @client = client
+      @token = token.to_s
+      [:refresh_token, :expires_in, :expires_at].each do |arg|
+        instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
+      end
+      @expires_in ||= opts.delete('expires')
+      @expires_in &&= @expires_in.to_i
+      @expires_at &&= @expires_at.to_i
+      @expires_at ||= Time.now.to_i + @expires_in if @expires_in
+      @options = {:mode => opts.delete(:mode) || :header,
+                  :header_format => opts.delete(:header_format) || 'Bearer %s',
+                  :param_name => opts.delete(:param_name) || 'access_token'}
+      @params = opts
+    end
+
+    # Indexer to additional params present in token response
+    #
+    # @param [String] key entry key to Hash
+    def [](key)
+      @params[key]
+    end
+
+    # Whether or not the token expires
+    #
+    # @return [Boolean]
+    def expires?
+      !!@expires_at # rubocop:disable DoubleNegation
+    end
+
+    # Whether or not the token is expired
+    #
+    # @return [Boolean]
+    def expired?
+      expires? && (expires_at < Time.now.to_i)
+    end
+
+    # Refreshes the current Access Token
+    #
+    # @return [AccessToken] a new AccessToken
+    # @note options should be carried over to the new AccessToken
+    def refresh!(params = {})
+      fail('A refresh_token is not available') unless refresh_token
+      params.merge!(:client_id => @client.id,
+                    :client_secret => @client.secret,
+                    :grant_type => 'refresh_token',
+                    :refresh_token => refresh_token)
+      new_token = @client.get_token(params)
+      new_token.options = options
+      new_token.refresh_token = refresh_token unless new_token.refresh_token
+      new_token
+    end
+
+    # Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash
+    #
+    # @return [Hash] a hash of AccessToken property values
+    def to_hash
+      params.merge(:access_token => token, :refresh_token => refresh_token, :expires_at => expires_at)
+    end
+
+    # Make a request with the Access Token
+    #
+    # @param [Symbol] verb the HTTP request method
+    # @param [String] path the HTTP URL path of the request
+    # @param [Hash] opts the options to make the request with
+    # @see Client#request
+    def request(verb, path, opts = {}, &block)
+      self.token = opts
+      @client.request(verb, path, opts, &block)
+    end
+
+    # Make a GET request with the Access Token
+    #
+    # @see AccessToken#request
+    def get(path, opts = {}, &block)
+      request(:get, path, opts, &block)
+    end
+
+    # Make a POST request with the Access Token
+    #
+    # @see AccessToken#request
+    def post(path, opts = {}, &block)
+      request(:post, path, opts, &block)
+    end
+
+    # Make a PUT request with the Access Token
+    #
+    # @see AccessToken#request
+    def put(path, opts = {}, &block)
+      request(:put, path, opts, &block)
+    end
+
+    # Make a PATCH request with the Access Token
+    #
+    # @see AccessToken#request
+    def patch(path, opts = {}, &block)
+      request(:patch, path, opts, &block)
+    end
+
+    # Make a DELETE request with the Access Token
+    #
+    # @see AccessToken#request
+    def delete(path, opts = {}, &block)
+      request(:delete, path, opts, &block)
+    end
+
+    # Get the headers hash (includes Authorization token)
+    def headers
+      {'Authorization' => options[:header_format] % token}
+    end
+
+  private
+
+    def token=(opts) # rubocop:disable MethodLength
+      case options[:mode]
+      when :header
+        opts[:headers] ||= {}
+        opts[:headers].merge!(headers)
+      when :query
+        opts[:params] ||= {}
+        opts[:params][options[:param_name]] = token
+      when :body
+        opts[:body] ||= {}
+        if opts[:body].is_a?(Hash)
+          opts[:body][options[:param_name]] = token
+        else
+          opts[:body] << "&#{options[:param_name]}=#{token}"
+        end
+        # @todo support for multi-part (file uploads)
+      else
+        fail("invalid :mode option of #{options[:mode]}")
+      end
+    end
+  end
+end

data/lib/base.rb

@@ -0,0 +1,16 @@
+module OAuth2
+  module Strategy
+    class Base
+      def initialize(client)
+        @client = client
+      end
+
+      # The OAuth client_id and client_secret
+      #
+      # @return [Hash]
+      def client_params
+        {'client_id' => @client.id, 'client_secret' => @client.secret}
+      end
+    end
+  end
+end

data/lib/client.rb

@@ -0,0 +1,151 @@
+require 'faraday'
+require 'logger'
+
+module OAuth2
+  # The OAuth2::Client class
+  class Client
+    attr_reader :id, :secret, :site
+    attr_accessor :options
+    attr_writer :connection
+
+    # Instantiate a new OAuth 2.0 client using the
+    # Client ID and Client Secret registered to your
+    # application.
+    #
+    # @param [String] client_id the client_id value
+    # @param [String] client_secret the client_secret value
+    # @param [Hash] opts the options to create the client with
+    # @option opts [String] :site the OAuth2 provider site host
+    # @option opts [String] :authorize_url ('/oauth/authorize') absolute or relative URL path to the Authorization endpoint
+    # @option opts [String] :token_url ('/oauth/token') absolute or relative URL path to the Token endpoint
+    # @option opts [Symbol] :token_method (:post) HTTP method to use to request token (:get or :post)
+    # @option opts [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday with
+    # @option opts [FixNum] :max_redirects (5) maximum number of redirects to follow
+    # @option opts [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error
+    # on responses with 400+ status codes
+    # @yield [builder] The Faraday connection builder
+    def initialize(client_id, client_secret, options = {}, &block)
+      opts = options.dup
+      @id = client_id
+      @secret = client_secret
+      @site = opts.delete(:site)
+      ssl = opts.delete(:ssl)
+      @options = {:authorize_url => '/oauth/authorize',
+                  :token_url => '/oauth/token',
+                  :token_method => :post,
+                  :connection_opts => {},
+                  :connection_build => block,
+                  :max_redirects => 5,
+                  :raise_errors => true}.merge(opts)
+      @options[:connection_opts][:ssl] = ssl if ssl
+    end
+
+    # Set the site host
+    #
+    # @param [String] the OAuth2 provider site host
+    def site=(value)
+      @connection = nil
+      @site = value
+    end
+
+    # The Faraday connection object
+    def connection
+      @connection ||= begin
+        conn = Faraday.new(site, options[:connection_opts])
+        conn.build do |b|
+          options[:connection_build].call(b)
+        end if options[:connection_build]
+        conn
+      end
+    end
+
+    # The authorize endpoint URL of the OAuth2 provider
+    #
+    # @param [Hash] params additional query parameters
+    def authorize_url(params = nil)
+      connection.build_url(options[:authorize_url], params).to_s
+    end
+
+    # The token endpoint URL of the OAuth2 provider
+    #
+    # @param [Hash] params additional query parameters
+    def token_url(params = nil)
+      connection.build_url(options[:token_url], params).to_s
+    end
+
+    # Makes a request relative to the specified site root.
+    #
+    # @param [Symbol] verb one of :get, :post, :put, :delete
+    # @param [String] url URL path of request
+    # @param [Hash] opts the options to make the request with
+    # @option opts [Hash] :params additional query parameters for the URL of the request
+    # @option opts [Hash, String] :body the body of the request
+    # @option opts [Hash] :headers http request headers
+    # @option opts [Boolean] :raise_errors whether or not to raise an OAuth2::Error on 400+ status
+    # code response for this request. Will default to client option
+    # @option opts [Symbol] :parse @see Response::initialize
+    # @yield [req] The Faraday request
+    def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength
+      connection.response :logger, ::Logger.new($stdout) if ENV['OAUTH_DEBUG'] == 'true'
+
+      url = connection.build_url(url, opts[:params]).to_s
+
+      response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req|
+        yield(req) if block_given?
+      end
+      response = Response.new(response, :parse => opts[:parse])
+
+      case response.status
+      when 301, 302, 303, 307
+        opts[:redirect_count] ||= 0
+        opts[:redirect_count] += 1
+        return response if opts[:redirect_count] > options[:max_redirects]
+        if response.status == 303
+          verb = :get
+          opts.delete(:body)
+        end
+        request(verb, response.headers['location'], opts)
+      when 200..299, 300..399
+        # on non-redirecting 3xx statuses, just return the response
+        response
+      when 400..599
+        error = Error.new(response)
+        fail(error) if opts.fetch(:raise_errors, options[:raise_errors])
+        response.error = error
+        response
+      else
+        error = Error.new(response)
+        fail(error, "Unhandled status code value of #{response.status}")
+      end
+    end
+
+    # Initializes an AccessToken by making a request to the token endpoint
+    #
+    # @param [Hash] params a Hash of params for the token endpoint
+    # @param [Hash] access token options, to pass to the AccessToken object
+    # @param [Class] class of access token for easier subclassing OAuth2::AccessToken
+    # @return [AccessToken] the initalized AccessToken
+    def get_token(params, access_token_opts = {}, access_token_class = AccessToken)
+      opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
+      if options[:token_method] == :post
+        headers = params.delete(:headers)
+        opts[:body] = params
+        opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
+        opts[:headers].merge!(headers) if headers
+      else
+        opts[:params] = params
+      end
+      response = request(options[:token_method], token_url, opts)
+      error = Error.new(response)
+      fail(error) if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
+      access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
+    end
+
+    # The Client Credentials strategy
+    #
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.4
+    def client_credentials
+      @client_credentials ||= OAuth2::Strategy::ClientCredentials.new(self)
+    end
+  end
+end

data/lib/client_credentials.rb

@@ -0,0 +1,37 @@
+require 'base64'
+
+module OAuth2
+  module Strategy
+    # The Client Credentials Strategy
+    #
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.4
+    class ClientCredentials < Base
+      # Not used for this strategy
+      #
+      # @raise [NotImplementedError]
+      def authorize_url
+        fail(NotImplementedError, 'The authorization endpoint is not used in this strategy')
+      end
+
+      # Retrieve an access token given the specified client.
+      #
+      # @param [Hash] params additional params
+      # @param [Hash] opts options
+      def get_token(params = {}, opts = {})
+        request_body = opts.delete('auth_scheme') == 'request_body'
+        params.merge!('grant_type' => 'client_credentials')
+        params.merge!(request_body ? client_params : {:headers => {'Authorization' => authorization(client_params['client_id'], client_params['client_secret'])}})
+        @client.get_token(params, opts.merge('refresh_token' => nil))
+      end
+
+      # Returns the Authorization header value for Basic Authentication
+      #
+      # @param [String] The client ID
+      # @param [String] the client secret
+      def authorization(client_id, client_secret)
+        'Basic ' + Base64.encode64(client_id + ':' + client_secret).gsub("\n", '')
+      end
+    end
+  end
+end
+

data/lib/error.rb

@@ -0,0 +1,24 @@
+module OAuth2
+  class Error < StandardError
+    attr_reader :response, :code, :description
+
+    # standard error values include:
+    # :invalid_request, :invalid_client, :invalid_token, :invalid_grant, :unsupported_grant_type, :invalid_scope
+    def initialize(response)
+      response.error = self
+      @response = response
+
+      message = []
+
+      if response.parsed.is_a?(Hash)
+        @code = response.parsed['error']
+        @description = response.parsed['error_description']
+        message << "#{@code}: #{@description}"
+      end
+
+      message << response.body
+
+      super(message.join("\n"))
+    end
+  end
+end

data/lib/playlyfe.rb

@@ -1,5 +1,11 @@
-require 'oauth2'
 require 'json'
+require 'error'
+require 'client'
+require 'base'
+require 'strategy'
+require 'client_credentials'
+require 'access_token'
+require 'response'
 
 class Playlyfe
   @@client = nil
@@ -64,6 +70,7 @@ class Playlyfe
   end
 
   def self.post(options = {})
+    options[:player] ||= ''
     opts = {}
     opts[:headers] ||= {'Content-Type' => 'application/json'}
     opts[:body] = JSON.generate(options[:body])

data/lib/response.rb

@@ -0,0 +1,81 @@
+module OAuth2
+  # OAuth2::Response class
+  class Response
+    attr_reader :response
+    attr_accessor :error, :options
+
+    # Adds a new content type parser.
+    #
+    # @param [Symbol] key A descriptive symbol key such as :json or :query.
+    # @param [Array] One or more mime types to which this parser applies.
+    # @yield [String] A block returning parsed content.
+    def self.register_parser(key, mime_types, &block)
+      key = key.to_sym
+      PARSERS[key] = block
+      Array(mime_types).each do |mime_type|
+        CONTENT_TYPES[mime_type] = key
+      end
+    end
+
+    # Initializes a Response instance
+    #
+    # @param [Faraday::Response] response The Faraday response instance
+    # @param [Hash] opts options in which to initialize the instance
+    # @option opts [Symbol] :parse (:automatic) how to parse the response body. one of :query (for x-www-form-urlencoded),
+    # :json, or :automatic (determined by Content-Type response header)
+    def initialize(response, opts = {})
+      @response = response
+      @options = {:parse => :automatic}.merge(opts)
+    end
+
+    # The HTTP response headers
+    def headers
+      response.headers
+    end
+
+    # The HTTP response status code
+    def status
+      response.status
+    end
+
+    # The HTTP response body
+    def body
+      response.body || ''
+    end
+
+    # Procs that, when called, will parse a response body according
+    # to the specified format.
+    PARSERS = {
+      :json => lambda { |body| JSON.parse(body) rescue body }, # rubocop:disable RescueModifier
+      #:query => lambda { |body| Rack::Utils.parse_query(body) },
+      :text => lambda { |body| body }
+    }
+
+    # Content type assignments for various potential HTTP content types.
+    CONTENT_TYPES = {
+      'application/json' => :json,
+      'text/javascript' => :json,
+      'application/x-www-form-urlencoded' => :query,
+      'text/plain' => :text
+    }
+
+    # The parsed response body.
+    # Will attempt to parse application/x-www-form-urlencoded and
+    # application/json Content-Type response bodies
+    def parsed
+      return nil unless PARSERS.key?(parser)
+      @parsed ||= PARSERS[parser].call(body)
+    end
+
+    # Attempts to determine the content type of the response.
+    def content_type
+      ((response.headers.values_at('content-type', 'Content-Type').compact.first || '').split(';').first || '').strip
+    end
+
+    # Determines the parser that will be used to supply the content of #parsed
+    def parser
+      return options[:parse].to_sym if PARSERS.key?(options[:parse])
+      CONTENT_TYPES[content_type]
+    end
+  end
+end

data/lib/strategy.rb

@@ -0,0 +1,73 @@
+require 'jwt'
+
+module OAuth2
+  module Strategy
+    # The Client Assertion Strategy
+    #
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.1.3
+    #
+    # Sample usage:
+    # client = OAuth2::Client.new(client_id, client_secret,
+    # :site => 'http://localhost:8080')
+    #
+    # params = {:hmac_secret => "some secret",
+    # # or :private_key => "private key string",
+    # :iss => "http://localhost:3001",
+    # :prn => "me@here.com",
+    # :exp => Time.now.utc.to_i + 3600}
+    #
+    # access = client.assertion.get_token(params)
+    # access.token # actual access_token string
+    # access.get("/api/stuff") # making api calls with access token in header
+    #
+    class Assertion < Base
+      # Not used for this strategy
+      #
+      # @raise [NotImplementedError]
+      def authorize_url
+        fail(NotImplementedError, 'The authorization endpoint is not used in this strategy')
+      end
+
+      # Retrieve an access token given the specified client.
+      #
+      # @param [Hash] params assertion params
+      # pass either :hmac_secret or :private_key, but not both.
+      #
+      # params :hmac_secret, secret string.
+      # params :private_key, private key string.
+      #
+      # params :iss, issuer
+      # params :aud, audience, optional
+      # params :prn, principal, current user
+      # params :exp, expired at, in seconds, like Time.now.utc.to_i + 3600
+      #
+      # @param [Hash] opts options
+      def get_token(params = {}, opts = {})
+        hash = build_request(params)
+        @client.get_token(hash, opts.merge('refresh_token' => nil))
+      end
+
+      def build_request(params)
+        assertion = build_assertion(params)
+        {:grant_type => 'assertion',
+         :assertion_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+         :assertion => assertion,
+         :scope => params[:scope]
+        }.merge(client_params)
+      end
+
+      def build_assertion(params)
+        claims = {:iss => params[:iss],
+                  :aud => params[:aud],
+                  :prn => params[:prn],
+                  :exp => params[:exp]
+                 }
+        if params[:hmac_secret]
+          JWT.encode(claims, params[:hmac_secret], 'HS256')
+        elsif params[:private_key]
+          JWT.encode(claims, params[:private_key], 'RS256')
+        end
+      end
+    end
+  end
+end

data/test/test.rb

@@ -5,8 +5,8 @@ class PlaylyfeTest < Test::Unit::TestCase
 
   def test_start
     Playlyfe.start(
-      client_id: "MTQ5MDFiODAtYzYzNS00OTMyLTg4NDktYjliNzE0ZmZiZDBl",
-      client_secret: "ZjI0YmNlNzgtNzU2ZC00NWU0LWIwZTItNjg1YjU4MTljNDRlODA4MDkyYzAtZTg3ZS0xMWUzLWE5ZTMtMzViZDM4NGNiMjQw"
+      client_id: "NjZlZWFiMWEtN2ZiOC00YmVmLTk2YWMtNDEyYTNmMjQ5NDBl",
+      client_secret: "NGRhMWJlYzUtODJiNS00ZTdkLTgzNTctMTQyMGEzNTljN2MwMTU2MGM3NTAtZjZiZS0xMWUzLTgxZjYtNmZhMGYyMzRkZGU3"
     )
     puts Playlyfe.token
 
@@ -14,17 +14,18 @@ class PlaylyfeTest < Test::Unit::TestCase
     assert_not_nil players["data"]
     assert_not_nil players["data"][0]
 
-    player = Playlyfe.get(url: '/player', player: 'goku')
-    assert_equal player["id"], "goku"
-    assert_equal player["alias"], "goku"
+    player_id = 'student1'
+    player = Playlyfe.get(url: '/player', player: player_id)
+    assert_equal player["id"], "student1"
+    assert_equal player["alias"], "Student1"
     assert_equal player["enabled"], true
 
     no_player = Playlyfe.get(url: '/player')
     assert_nil no_player
 
-    Playlyfe.get(url: "/definitions/processes", player: 'goku')
-    Playlyfe.get(url: "/definitions/teams", player: 'goku')
-    Playlyfe.get(url: "/processes", player: 'goku')
-    Playlyfe.get(url: "/teams", player: 'goku')
+    Playlyfe.get(url: "/definitions/processes", player: player_id)
+    Playlyfe.get(url: "/definitions/teams", player: player_id)
+    Playlyfe.get(url: "/processes", player: player_id)
+    Playlyfe.get(url: "/teams", player: player_id)
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: playlyfe
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,30 +9,46 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-17 00:00:00.000000000 Z
+date: 2014-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: oauth2
+  name: faraday
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: 0.9.4
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: 0.9.4
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
         version: 1.8.1
   type: :runtime
@@ -40,7 +56,7 @@ dependencies:
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - '='
       - !ruby/object:Gem::Version
         version: 1.8.1
 description: This gem can be used to interact with the playlyfe gamification platform
@@ -52,6 +68,13 @@ extra_rdoc_files: []
 files:
 - Rakefile
 - lib/playlyfe.rb
+- lib/access_token.rb
+- lib/base.rb
+- lib/client.rb
+- lib/client_credentials.rb
+- lib/error.rb
+- lib/response.rb
+- lib/strategy.rb
 - test/test.rb
 homepage: https://github.com/pyros2097/playlyfe-ruby-sdk
 licenses:
@@ -80,3 +103,4 @@ specification_version: 3
 summary: The playlyfe ruby sdk
 test_files:
 - test/test.rb
+has_rdoc: