rack-oauth2-revibe 1.0.7

data/lib/rack/oauth2/server/abstract/handler.rb

@@ -0,0 +1,20 @@
+module Rack
+  module OAuth2
+    module Server
+      module Abstract
+        class Handler
+          attr_accessor :authenticator, :request, :response
+
+          def initialize(&authenticator)
+            @authenticator = authenticator
+          end
+
+          def call(env)
+            @authenticator.call(@request, @response) if @authenticator
+            @response
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/abstract/request.rb

@@ -0,0 +1,29 @@
+module Rack
+  module OAuth2
+    module Server
+      module Abstract
+        class Request < Rack::Request
+          include AttrRequired, AttrOptional
+          attr_required :client_id
+          attr_optional :scope
+
+          def initialize(env)
+            super
+            @client_id ||= params['client_id']
+            @scope = Array(params['scope'].to_s.split(' '))
+          end
+
+          def attr_missing_with_error_handling!
+            if params['client_id'].present? && @client_id != params['client_id']
+              invalid_request! 'Multiple client credentials are provided.'
+            end
+            attr_missing_without_error_handling!
+          rescue AttrRequired::AttrMissing => e
+            invalid_request! e.message, :state => @state, :redirect_uri => @redirect_uri
+          end
+          alias_method_chain :attr_missing!, :error_handling
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/abstract/response.rb

@@ -0,0 +1,15 @@
+module Rack
+  module OAuth2
+    module Server
+      module Abstract
+        class Response < Rack::Response
+          include AttrRequired, AttrOptional
+
+          def initialize(request)
+            super([], 200, {})
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize.rb

@@ -0,0 +1,117 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize < Abstract::Handler
+        def call(env)
+          request = Request.new(env)
+          response_type_for(request).new(&@authenticator).call(env).finish
+        rescue Rack::OAuth2::Server::Abstract::Error => e
+          e.finish
+        end
+
+        private
+
+        def response_type_for(request)
+          response_type = request.params['response_type'].to_s
+          case response_type
+          when 'code'
+            Code
+          when 'token'
+            Token
+          when ''
+            request.attr_missing!
+          else
+            extensions.detect do |extension|
+              extension.response_type_for? response_type
+            end || request.unsupported_response_type!
+          end
+        end
+
+        def extensions
+          Extension.constants.sort.collect do |key|
+            Extension.const_get key
+          end
+        end
+
+        class Request < Abstract::Request
+          attr_required :response_type
+          attr_optional :redirect_uri, :state
+          attr_accessor :verified_redirect_uri
+
+          def initialize(env)
+            super
+            # NOTE: Raise before redirect_uri is saved not to redirect back to unverified redirect_uri.
+            bad_request! if client_id.blank?
+            @redirect_uri = Util.parse_uri(params['redirect_uri']) if params['redirect_uri']
+            @state = params['state']
+          end
+
+          def verify_redirect_uri!(pre_registered, allow_partial_match = false)
+            @verified_redirect_uri = if redirect_uri.present?
+              verified = Array(pre_registered).any? do |_pre_registered_|
+                if allow_partial_match
+                  Util.uri_match?(_pre_registered_, redirect_uri)
+                else
+                  _pre_registered_.to_s == redirect_uri.to_s
+                end
+              end
+              if verified
+                redirect_uri
+              else
+                bad_request!
+              end
+            elsif pre_registered.present? && Array(pre_registered).size == 1 && !allow_partial_match
+              Array(pre_registered).first
+            else
+              bad_request!
+            end
+            self.verified_redirect_uri.to_s
+          end
+
+          def error_params_location
+            nil # => All errors are raised immediately and no error response are returned to client.
+          end
+        end
+
+        class Response < Abstract::Response
+          attr_required :redirect_uri
+          attr_optional :state, :approval
+
+          def initialize(request)
+            @state = request.state
+            super
+          end
+
+          def approved?
+            @approval
+          end
+
+          def approve!
+            @approval = true
+          end
+
+          def protocol_params
+            {:state => state}
+          end
+
+          def redirect_uri_with_credentials
+            Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
+          end
+
+          def finish
+            if approved?
+              attr_missing!
+              redirect redirect_uri_with_credentials
+            end
+            super
+          end
+        end
+      end
+    end
+  end
+end
+
+require 'rack/oauth2/server/authorize/code'
+require 'rack/oauth2/server/authorize/token'
+require 'rack/oauth2/server/authorize/extension'
+require 'rack/oauth2/server/authorize/error'

data/lib/rack/oauth2/server/authorize/code.rb

@@ -0,0 +1,39 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        class Code < Abstract::Handler
+          def call(env)
+            @request  = Request.new env
+            @response = Response.new request
+            super
+          end
+
+          class Request < Authorize::Request
+            def initialize(env)
+              super
+              @response_type = :code
+              attr_missing!
+            end
+
+            def error_params_location
+              :query
+            end
+          end
+
+          class Response < Authorize::Response
+            attr_required :code
+
+            def protocol_params
+              super.merge(:code => code)
+            end
+
+            def protocol_params_location
+              :query
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/error.rb

@@ -0,0 +1,71 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module ErrorHandler
+          def self.included(klass)
+            klass.send :attr_accessor, :redirect_uri, :state, :protocol_params_location
+          end
+
+          def protocol_params
+            super.merge(:state => state)
+          end
+
+          def finish
+            if redirect_uri.present? && protocol_params_location.present?
+              super do |response|
+                response.redirect Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
+              end
+            else
+              raise self
+            end
+          end
+        end
+
+        class BadRequest < Abstract::BadRequest
+          include ErrorHandler
+        end
+
+        class ServerError < Abstract::ServerError
+          include ErrorHandler
+        end
+
+        class TemporarilyUnavailable < Abstract::TemporarilyUnavailable
+          include ErrorHandler
+        end
+
+        module ErrorMethods
+          DEFAULT_DESCRIPTION = {
+            :invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed.",
+            :unauthorized_client => "The client is not authorized to use the requested response type.",
+            :access_denied => "The end-user or authorization server denied the request.",
+            :unsupported_response_type => "The requested response type is not supported by the authorization server.",
+            :invalid_scope => "The requested scope is invalid, unknown, or malformed.",
+            :server_error => "Internal Server Error",
+            :temporarily_unavailable => "Service Unavailable"
+          }
+
+          def self.included(klass)
+            DEFAULT_DESCRIPTION.each do |error, default_description|
+              klass.class_eval <<-ERROR
+                def #{error}!(description = "#{default_description}", options = {})
+                  bad_request! :#{error}, description, options
+                end
+              ERROR
+            end
+          end
+
+          def bad_request!(error = :bad_request, description = nil, options = {})
+            exception = BadRequest.new error, description, options
+            exception.protocol_params_location = error_params_location
+            exception.state = state
+            exception.redirect_uri = verified_redirect_uri
+            raise exception
+          end
+        end
+
+        Request.send :include, ErrorMethods
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/extension.rb

@@ -0,0 +1,12 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module Extension
+          # Define your extension in this namespace and load it explicitly.
+          # extension/code_and_token.rb would be good example for you.
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/extension/code_and_token.rb

@@ -0,0 +1,39 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module Extension
+          class CodeAndToken < Abstract::Handler
+            class << self
+              def response_type_for?(response_type)
+                response_type.split.sort == ['code', 'token']
+              end
+            end
+
+            def call(env)
+              @request  = Request.new env
+              @response = Response.new request
+              super
+            end
+
+            class Request < Authorize::Token::Request
+              def initialize(env)
+                super
+                @response_type = [:code, :token]
+                attr_missing!
+              end
+            end
+
+            class Response < Authorize::Token::Response
+              attr_required :code
+
+              def protocol_params
+                super.merge(:code => code)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/token.rb

@@ -0,0 +1,43 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        class Token < Abstract::Handler
+          def call(env)
+            @request  = Request.new env
+            @response = Response.new request
+            super
+          end
+
+          class Request < Authorize::Request
+            def initialize(env)
+              super
+              @response_type = :token
+              attr_missing!
+            end
+
+            def error_params_location
+              :fragment
+            end
+          end
+
+          class Response < Authorize::Response
+            attr_required :access_token
+
+            def protocol_params
+              super.merge(
+                access_token.token_response.delete_if do |k, v|
+                  k == :refresh_token
+                end
+              )
+            end
+
+            def protocol_params_location
+              :fragment
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/resource.rb

@@ -0,0 +1,55 @@
+module Rack
+  module OAuth2
+    module Server
+      class Resource < Abstract::Handler
+        ACCESS_TOKEN = 'rack.oauth2.access_token'
+        DEFAULT_REALM = 'Protected by OAuth 2.0'
+        attr_accessor :realm, :request
+
+        def initialize(app, realm = nil, &authenticator)
+          @app = app
+          @realm = realm
+          super &authenticator
+        end
+
+        def call(env)
+          if request.oauth2?
+            access_token = authenticate! request.setup!
+            env[ACCESS_TOKEN] = access_token
+          end
+          @app.call(env)
+        rescue Rack::OAuth2::Server::Abstract::Error => e
+          e.realm ||= realm
+          e.finish
+        end
+
+        private
+
+        def authenticate!(request)
+          @authenticator.call(request)
+        end
+
+        class Request < Rack::Request
+          attr_reader :access_token
+
+          def initialize(env)
+            @env = env
+            @auth_header = Rack::Auth::AbstractRequest.new(env)
+          end
+
+          def setup!
+            raise 'Define me!'
+          end
+
+          def oauth2?
+            raise 'Define me!'
+          end
+        end
+      end
+    end
+  end
+end
+
+require 'rack/oauth2/server/resource/error'
+require 'rack/oauth2/server/resource/bearer'
+require 'rack/oauth2/server/resource/mac'