rack-oauth2-revibe 1.0.7

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: eb673ece85c217f808219e25cb844b64e9acfa1c
+  data.tar.gz: 447b5a4aeec11412d93b313815a698c7337af582
+SHA512:
+  metadata.gz: e199c1ef254aa41a17177c9fc46b8c5883fc4c551316e59cc8936c7c5283bc7932ae117f8777a96b18f0909ce42dc95b2f4989a68a1eb5d245400fd24b8c91ab
+  data.tar.gz: 24a55fd879d6246141877c335771c222aee501ae20d774fba2b0ed87f712c79719aeae6dde2ae372dfd1106db2f0fa83b25230c53b46d9a18adceb3365dfc6f1

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,22 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage*
+rdoc
+pkg
+Gemfile.lock
+
+## PROJECT::SPECIFIC

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format=documentation

data/.travis.yml

@@ -0,0 +1,3 @@
+rvm:
+  - 1.9.3
+  - 2.0.0

data/Gemfile

@@ -0,0 +1,7 @@
+source 'http://rubygems.org'
+
+platforms :jruby do
+  gem 'jruby-openssl', '>= 0.7'
+end
+
+gemspec

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 nov matake
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,78 @@
+= rack-oauth2
+
+OAuth 2.0 Server & Client Library.
+Both Bearer and MAC token type are supported.
+
+{<img src="https://secure.travis-ci.org/nov/rack-oauth2.png" />}[http://travis-ci.org/nov/rack-oauth2]
+
+The OAuth 2.0 Authorization Framework (RFC 6749)
+http://www.rfc-editor.org/rfc/rfc6749.txt
+
+The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)
+http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06
+
+HTTP Authentication: MAC Access Authentication (draft 01)
+http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
+
+== Installation
+
+  gem install rack-oauth2
+
+== Resources
+
+* View Source on GitHub (https://github.com/nov/rack-oauth2)
+* Report Issues on GitHub (https://github.com/nov/rack-oauth2/issues)
+* Subscribe Update Info (https://www.facebook.com/rackoauth2)
+* Q&A on Google Groups (https://groups.google.com/group/rack-oauth2)
+
+== Sample Server Application (Rails3)
+
+=== Bearer
+
+Running on Heroku
+https://rack-oauth2-sample.heroku.com
+
+Source on GitHub
+https://github.com/nov/rack-oauth2-sample
+
+=== MAC
+
+Running on Heroku
+https://rack-oauth2-sample-mac.heroku.com
+
+Source on GitHub
+https://github.com/nov/rack-oauth2-sample-mac
+
+== Sample Client
+
+=== Common between Bearer and MAC
+
+Authorization Request (request_type: 'code' and 'token')
+https://gist.github.com/862393
+
+Token Request (grant_type: 'client_credentials', 'password', 'authorization_code' and 'refresh_token')
+https://gist.github.com/883541
+
+=== Bearer
+
+Resource Request (request both for resource owner resource and for client resource)
+https://gist.github.com/883575
+
+=== MAC
+
+Resource Request (request both for resource owner resource and for client resource)
+https://gist.github.com/933885
+
+== Note on Patches/Pull Requests
+
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 nov matake. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,25 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+if RUBY_VERSION >= '1.9'
+  namespace :cover_me do
+    desc "Generates and opens code coverage report."
+    task :report do
+      require 'cover_me'
+      CoverMe.complete!
+    end
+  end
+  task :spec do
+    Rake::Task['cover_me:report'].invoke unless ENV['TRAVIS_RUBY_VERSION']
+  end
+else
+  RSpec::Core::RakeTask.new(:rcov) do |spec|
+    spec.rcov = true
+    spec.rcov_opts = ['-Ilib -Ispec --exclude spec,gems']
+  end
+end
+
+task :default => :spec

data/VERSION

@@ -0,0 +1 @@
+1.0.7

data/lib/rack/oauth2.rb

@@ -0,0 +1,67 @@
+require 'rack'
+require 'multi_json'
+require 'httpclient'
+require 'logger'
+require 'active_support/core_ext'
+require 'attr_required'
+require 'attr_optional'
+
+module Rack
+  module OAuth2
+    VERSION = ::File.read(
+      ::File.join(::File.dirname(__FILE__), '../../VERSION')
+    )
+
+    def self.logger
+      @@logger
+    end
+    def self.logger=(logger)
+      @@logger = logger
+    end
+    self.logger = ::Logger.new(STDOUT)
+    self.logger.progname = 'Rack::OAuth2'
+
+    def self.debugging?
+      @@debugging
+    end
+    def self.debugging=(boolean)
+      @@debugging = boolean
+    end
+    def self.debug!
+      self.debugging = true
+    end
+    def self.debug(&block)
+      original = self.debugging?
+      self.debugging = true
+      yield
+    ensure
+      self.debugging = original
+    end
+    self.debugging = false
+
+    def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_config)
+      _http_client_ = HTTPClient.new(
+        :agent_name => agent_name
+      )
+      http_config.try(:call, _http_client_)
+      local_http_config.try(:call, _http_client_) unless local_http_config.nil?
+      _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
+      _http_client_
+    end
+
+    def self.http_config(&block)
+      @@http_config ||= block
+    end
+
+    def self.reset_http_config!
+      @@http_config = nil
+    end
+
+  end
+end
+
+require 'rack/oauth2/util'
+require 'rack/oauth2/server'
+require 'rack/oauth2/client'
+require 'rack/oauth2/access_token'
+require 'rack/oauth2/debugger'

data/lib/rack/oauth2/access_token.rb

@@ -0,0 +1,36 @@
+module Rack
+  module OAuth2
+    class AccessToken
+      include AttrRequired, AttrOptional
+      attr_required :access_token, :token_type, :httpclient
+      attr_optional :refresh_token, :expires_in, :scope
+      delegate :get, :post, :put, :delete, :to => :httpclient
+
+      def initialize(attributes = {})
+        (required_attributes + optional_attributes).each do |key|
+          self.send :"#{key}=", attributes[key]
+        end
+        @token_type = self.class.name.demodulize.underscore.to_sym
+        @httpclient = Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |config|
+          config.request_filter << Authenticator.new(self)
+        end
+        attr_missing!
+      end
+
+      def token_response(options = {})
+        {
+          :access_token => access_token,
+          :refresh_token => refresh_token,
+          :token_type => token_type,
+          :expires_in => expires_in,
+          :scope => Array(scope).join(' ')
+        }
+      end
+    end
+  end
+end
+
+require 'rack/oauth2/access_token/authenticator'
+require 'rack/oauth2/access_token/bearer'
+require 'rack/oauth2/access_token/mac'
+require 'rack/oauth2/access_token/legacy'

data/lib/rack/oauth2/access_token/authenticator.rb

@@ -0,0 +1,24 @@
+module Rack
+  module OAuth2
+    class AccessToken
+      class Authenticator
+        def initialize(token)
+          @token = token
+        end
+
+        # Callback called in HTTPClient (before sending a request)
+        # request:: HTTP::Message
+        def filter_request(request)
+          @token.authenticate(request)
+        end
+
+        # Callback called in HTTPClient (after received a response)
+        # response:: HTTP::Message
+        # request::  HTTP::Message
+        def filter_response(response, request)
+          # nothing to do
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/access_token/bearer.rb

@@ -0,0 +1,11 @@
+module Rack
+  module OAuth2
+    class AccessToken
+      class Bearer < AccessToken
+        def authenticate(request)
+          request.header["Authorization"] = "Bearer #{access_token}"
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/access_token/legacy.rb

@@ -0,0 +1,23 @@
+module Rack
+  module OAuth2
+    class AccessToken
+      class Legacy < AccessToken
+        def initialize(attributes = {})
+          super
+          self.expires_in = (
+            self.expires_in ||
+            attributes[:expires]
+          ).try(:to_i)
+        end
+
+        def to_s # This is for fb_graph
+          self.access_token
+        end
+
+        def authenticate(request)
+          request.header["Authorization"] = "OAuth #{access_token}"
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/access_token/mac.rb

@@ -0,0 +1,103 @@
+module Rack
+  module OAuth2
+    class AccessToken
+      class MAC < AccessToken
+        attr_required :mac_key, :mac_algorithm
+        attr_optional :ts, :ext_verifier, :ts_expires_in
+        attr_reader :nonce, :signature, :ext
+
+        def initialize(attributes = {})
+          super(attributes)
+          @issued_at = Time.now.utc
+          @ts_expires_in ||= 5.minutes
+        end
+
+        def token_response
+          super.merge(
+            :mac_key => mac_key,
+            :mac_algorithm => mac_algorithm
+          )
+        end
+
+        def verify!(request)          
+          if self.ext_verifier.present?
+            body = request.body.read
+            request.body.rewind # for future use
+
+            self.ext_verifier.new(
+              :raw_body => body,
+              :algorithm => self.mac_algorithm
+            ).verify!(request.ext)
+          end
+
+          now = Time.now.utc.to_i
+          now = @ts.to_i if @ts.present?
+                    
+          raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i
+
+          Signature.new(
+            :secret      => self.mac_key,
+            :algorithm   => self.mac_algorithm,
+            :nonce       => request.nonce,
+            :method      => request.request_method,
+            :request_uri => request.fullpath,
+            :host        => request.host,
+            :port        => request.port,
+            :ts          => request.ts,
+            :ext         => request.ext
+          ).verify!(request.signature)
+        rescue Verifier::VerificationFailed => e
+          request.invalid_token! e.message
+        end
+
+        def authenticate(request)
+          @nonce = generate_nonce
+          @ts_generated = @ts || Time.now.utc
+
+          if self.ext_verifier.present?
+            @ext = self.ext_verifier.new(
+              :raw_body => request.body,
+              :algorithm => self.mac_algorithm
+            ).calculate
+          end
+
+          @signature = Signature.new(
+            :secret      => self.mac_key,
+            :algorithm   => self.mac_algorithm,
+            :nonce       => self.nonce,
+            :method      => request.header.request_method,
+            :request_uri => request.header.create_query_uri,
+            :host        => request.header.request_uri.host,
+            :port        => request.header.request_uri.port,
+            :ts          => @ts_generated,
+            :ext         => @ext
+          ).calculate
+
+          request.header['Authorization'] = authorization_header
+        end
+
+        private
+
+        def authorization_header
+          header = "MAC id=\"#{access_token}\""
+          header << ", nonce=\"#{nonce}\""
+          header << ", ts=\"#{@ts_generated.to_i}\""
+          header << ", mac=\"#{signature}\""
+          header << ", ext=\"#{ext}\"" if @ext.present?
+          header
+        end
+
+        def generate_nonce
+          [
+            (Time.now.utc - @issued_at).to_i,
+            SecureRandom.hex
+          ].join(':')
+        end
+      end
+    end
+  end
+end
+
+require 'rack/oauth2/access_token/mac/verifier'
+require 'rack/oauth2/access_token/mac/sha256_hex_verifier'
+require 'rack/oauth2/access_token/mac/signature'