rack-oauth2-server 1.4.2 → 1.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +7 -0
- data/README.rdoc +7 -7
- data/VERSION +1 -1
- data/bin/oauth2-server +6 -6
- data/lib/rack/oauth2/admin.rb +224 -0
- data/lib/rack/oauth2/server.rb +4 -1
- data/test/rails/log/test.log +5236 -0
- data/test/setup.rb +1 -2
- metadata +5 -5
- data/lib/rack/oauth2/server/admin.rb +0 -227
data/test/setup.rb
CHANGED
@@ -8,7 +8,6 @@ require "ap"
|
|
8
8
|
require "json"
|
9
9
|
$: << File.dirname(__FILE__) + "/../lib"
|
10
10
|
require "rack/oauth2/server"
|
11
|
-
require "rack/oauth2/server/admin"
|
12
11
|
|
13
12
|
|
14
13
|
ENV["RACK_ENV"] = "test"
|
@@ -26,7 +25,7 @@ when "sinatra", nil
|
|
26
25
|
class Test::Unit::TestCase
|
27
26
|
def app
|
28
27
|
Rack::Builder.new do
|
29
|
-
map("/oauth/admin") { run Rack::OAuth2::
|
28
|
+
map("/oauth/admin") { run Rack::OAuth2::Admin }
|
30
29
|
map("/") { run MyApp }
|
31
30
|
end
|
32
31
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2-server
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 1
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 4
|
9
|
-
-
|
10
|
-
version: 1.4.
|
9
|
+
- 3
|
10
|
+
version: 1.4.3
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Assaf Arkin
|
@@ -102,13 +102,13 @@ files:
|
|
102
102
|
- lib/rack/oauth2/admin/views/edit.tmpl
|
103
103
|
- lib/rack/oauth2/admin/views/index.html
|
104
104
|
- lib/rack/oauth2/admin/views/no_access.tmpl
|
105
|
+
- lib/rack/oauth2/admin.rb
|
105
106
|
- lib/rack/oauth2/models/access_grant.rb
|
106
107
|
- lib/rack/oauth2/models/access_token.rb
|
107
108
|
- lib/rack/oauth2/models/auth_request.rb
|
108
109
|
- lib/rack/oauth2/models/client.rb
|
109
110
|
- lib/rack/oauth2/models.rb
|
110
111
|
- lib/rack/oauth2/rails.rb
|
111
|
-
- lib/rack/oauth2/server/admin.rb
|
112
112
|
- lib/rack/oauth2/server/errors.rb
|
113
113
|
- lib/rack/oauth2/server/helper.rb
|
114
114
|
- lib/rack/oauth2/server/utils.rb
|
@@ -144,7 +144,7 @@ licenses: []
|
|
144
144
|
post_install_message: To get started, run the command oauth2-server
|
145
145
|
rdoc_options:
|
146
146
|
- --title
|
147
|
-
- rack-oauth2-server 1.4.
|
147
|
+
- rack-oauth2-server 1.4.3
|
148
148
|
- --main
|
149
149
|
- README.rdoc
|
150
150
|
- --webcvs
|
@@ -1,227 +0,0 @@
|
|
1
|
-
require "sinatra/base"
|
2
|
-
require "json"
|
3
|
-
require "rack/oauth2/sinatra"
|
4
|
-
|
5
|
-
module Rack
|
6
|
-
module OAuth2
|
7
|
-
class Server
|
8
|
-
class Admin < ::Sinatra::Base
|
9
|
-
|
10
|
-
class << self
|
11
|
-
|
12
|
-
# Rack module that mounts the specified class on the specified path,
|
13
|
-
# and passes all other request to the application.
|
14
|
-
class Mount
|
15
|
-
class << self
|
16
|
-
def mount(klass, path)
|
17
|
-
@klass = klass
|
18
|
-
@path = path
|
19
|
-
@match = /^#{Regexp.escape(path)}(\/.*|$)?/
|
20
|
-
end
|
21
|
-
|
22
|
-
attr_reader :klass, :path, :match
|
23
|
-
end
|
24
|
-
|
25
|
-
def initialize(app)
|
26
|
-
@pass = app
|
27
|
-
@admin = self.class.klass.new
|
28
|
-
end
|
29
|
-
|
30
|
-
def call(env)
|
31
|
-
path = env["PATH_INFO"].to_s
|
32
|
-
script_name = env['SCRIPT_NAME']
|
33
|
-
if path =~ self.class.match && rest = $1
|
34
|
-
env.merge! "SCRIPT_NAME"=>(script_name + self.class.path), "PATH_INFO"=>rest
|
35
|
-
return @admin.call(env)
|
36
|
-
else
|
37
|
-
return @pass.call(env)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
# Returns Rack handle that mounts Admin on the specified path, and
|
43
|
-
# forwards all other requests back to the application.
|
44
|
-
#
|
45
|
-
# @param [String, nil] path The path to mount on, defaults to
|
46
|
-
# /oauth/admin
|
47
|
-
# @return [Object] Rack module
|
48
|
-
#
|
49
|
-
# @example To include admin console in Rails 2.x app
|
50
|
-
# config.middleware.use Rack::OAuth2::Server::Admin.mount
|
51
|
-
def mount(path = "/oauth/admin")
|
52
|
-
mount = Class.new(Mount)
|
53
|
-
mount.mount Admin, "/oauth/admin"
|
54
|
-
mount
|
55
|
-
end
|
56
|
-
|
57
|
-
end
|
58
|
-
|
59
|
-
# Need client ID to get access token to access this console.
|
60
|
-
set :client_id, nil
|
61
|
-
# Need client secret to get access token to access this console.
|
62
|
-
set :client_secret, nil
|
63
|
-
# Use this URL to authorize access to this console. If not set, goes to
|
64
|
-
# /oauth/authorize.
|
65
|
-
set :authorize, nil
|
66
|
-
# Map access token identity to URL on your application, by replacing
|
67
|
-
# "{id}" with the token identity (e.g. "http://example.com/user/{id}")
|
68
|
-
set :template_url, nil
|
69
|
-
|
70
|
-
# Number of tokens to return in each page.
|
71
|
-
set :tokens_per_page, 100
|
72
|
-
set :public, ::File.dirname(__FILE__) + "/../admin"
|
73
|
-
set :method_override, true
|
74
|
-
mime_type :js, "text/javascript"
|
75
|
-
mime_type :tmpl, "text/x-jquery-template"
|
76
|
-
|
77
|
-
|
78
|
-
helpers Rack::OAuth2::Sinatra::Helpers
|
79
|
-
extend Rack::OAuth2::Sinatra
|
80
|
-
use Rack::OAuth2::Server
|
81
|
-
|
82
|
-
# Force HTTPS except for development environment.
|
83
|
-
before do
|
84
|
-
redirect request.url.sub(/^http:/, "https:") unless request.scheme == "https"
|
85
|
-
end unless development?
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
# -- Static content --
|
90
|
-
|
91
|
-
# It's a single-page app, this is that single page.
|
92
|
-
get "/" do
|
93
|
-
send_file settings.public + "/views/index.html"
|
94
|
-
end
|
95
|
-
|
96
|
-
# Service JavaScript, CSS and jQuery templates from the gem.
|
97
|
-
%w{js css views}.each do |path|
|
98
|
-
get "/#{path}/:name" do
|
99
|
-
send_file settings.public + "/#{path}/" + params[:name]
|
100
|
-
end
|
101
|
-
end
|
102
|
-
|
103
|
-
|
104
|
-
# -- Getting an access token --
|
105
|
-
|
106
|
-
# To get an OAuth token, you need client ID and secret, two values we
|
107
|
-
# didn't pass on to the JavaScript code, so it has no way to request
|
108
|
-
# authorization directly. Instead, it redirects to this URL which in turn
|
109
|
-
# redirects to the authorization endpoint. This redirect does accept the
|
110
|
-
# state parameter, which will be returned after authorization.
|
111
|
-
get "/authorize" do
|
112
|
-
redirect_uri = "#{request.scheme}://#{request.host}:#{request.port}#{request.script_name}"
|
113
|
-
query = { :client_id=>settings.client_id, :client_secret=>settings.client_secret, :state=>params[:state],
|
114
|
-
:response_type=>"token", :scope=>"oauth-admin", :redirect_uri=>redirect_uri }
|
115
|
-
auth_url = settings.authorize || "#{request.scheme}://#{request.host}:#{request.port}/oauth/authorize"
|
116
|
-
redirect "#{auth_url}?#{Rack::Utils.build_query(query)}"
|
117
|
-
end
|
118
|
-
|
119
|
-
|
120
|
-
# -- API --
|
121
|
-
|
122
|
-
oauth_required "/api/clients", "/api/client/:id", "/api/client/:id/revoke", "/api/token/:token/revoke", :scope=>"oauth-admin"
|
123
|
-
|
124
|
-
get "/api/clients" do
|
125
|
-
content_type "application/json"
|
126
|
-
json = { :list=>Server::Client.all.map { |client| client_as_json(client) },
|
127
|
-
:tokens=>{ :total=>Server::AccessToken.count, :week=>Server::AccessToken.count(:days=>7),
|
128
|
-
:revoked=>Server::AccessToken.count(:days=>7, :revoked=>true) } }
|
129
|
-
json.to_json
|
130
|
-
end
|
131
|
-
|
132
|
-
post "/api/clients" do
|
133
|
-
begin
|
134
|
-
client = Server::Client.create(validate_params(params))
|
135
|
-
redirect "#{request.script_name}/api/client/#{client.id}"
|
136
|
-
rescue
|
137
|
-
halt 400, $!.message
|
138
|
-
end
|
139
|
-
end
|
140
|
-
|
141
|
-
get "/api/client/:id" do
|
142
|
-
content_type "application/json"
|
143
|
-
client = Server::Client.find(params[:id])
|
144
|
-
json = client_as_json(client, true)
|
145
|
-
|
146
|
-
page = [params[:page].to_i, 1].max
|
147
|
-
offset = (page - 1) * settings.tokens_per_page
|
148
|
-
total = Server::AccessToken.count(:client_id=>client.id)
|
149
|
-
tokens = Server::AccessToken.for_client(params[:id], offset, settings.tokens_per_page)
|
150
|
-
json[:tokens] = { :list=>tokens.map { |token| token_as_json(token) } }
|
151
|
-
json[:tokens][:total] = total
|
152
|
-
json[:tokens][:page] = page
|
153
|
-
json[:tokens][:next] = "#{request.script_name}/client/#{params[:id]}?page=#{page + 1}" if total > page * settings.tokens_per_page
|
154
|
-
json[:tokens][:previous] = "#{request.script_name}/client/#{params[:id]}?page=#{page - 1}" if page > 1
|
155
|
-
json[:tokens][:total] = Server::AccessToken.count(:client_id=>client.id)
|
156
|
-
json[:tokens][:week] = Server::AccessToken.count(:client_id=>client.id, :days=>7)
|
157
|
-
json[:tokens][:revoked] = Server::AccessToken.count(:client_id=>client.id, :days=>7, :revoked=>true)
|
158
|
-
|
159
|
-
json.to_json
|
160
|
-
end
|
161
|
-
|
162
|
-
put "/api/client/:id" do
|
163
|
-
client = Server::Client.find(params[:id])
|
164
|
-
begin
|
165
|
-
client.update validate_params(params)
|
166
|
-
redirect "#{request.script_name}/api/client/#{client.id}"
|
167
|
-
rescue
|
168
|
-
halt 400, $!.message
|
169
|
-
end
|
170
|
-
end
|
171
|
-
|
172
|
-
delete "/api/client/:id" do
|
173
|
-
Server::Client.delete(params[:id])
|
174
|
-
200
|
175
|
-
end
|
176
|
-
|
177
|
-
post "/api/client/:id/revoke" do
|
178
|
-
client = Server::Client.find(params[:id])
|
179
|
-
client.revoke!
|
180
|
-
200
|
181
|
-
end
|
182
|
-
|
183
|
-
post "/api/token/:token/revoke" do
|
184
|
-
token = Server::AccessToken.from_token(params[:token])
|
185
|
-
token.revoke!
|
186
|
-
200
|
187
|
-
end
|
188
|
-
|
189
|
-
helpers do
|
190
|
-
def validate_params(params)
|
191
|
-
display_name = params[:displayName].to_s.strip
|
192
|
-
halt 400, "Missing display name" if display_name.empty?
|
193
|
-
link = URI.parse(params[:link].to_s.strip).normalize rescue nil
|
194
|
-
halt 400, "Link is not a URL (must be http://....)" unless link
|
195
|
-
halt 400, "Link must be an absolute URL with HTTP/S scheme" unless link.absolute? && %{http https}.include?(link.scheme)
|
196
|
-
redirect_uri = URI.parse(params[:redirectUri].to_s.strip).normalize rescue nil
|
197
|
-
halt 400, "Redirect URL is not a URL (must be http://....)" unless redirect_uri
|
198
|
-
halt 400, "Redirect URL must be an absolute URL with HTTP/S scheme" unless
|
199
|
-
redirect_uri.absolute? && %{http https}.include?(redirect_uri.scheme)
|
200
|
-
unless params[:imageUrl].nil? || params[:imageUrl].to_s.empty?
|
201
|
-
image_url = URI.parse(params[:imageUrl].to_s.strip).normalize rescue nil
|
202
|
-
halt 400, "Image URL must be an absolute URL with HTTP/S scheme" unless
|
203
|
-
image_url.absolute? && %{http https}.include?(image_url.scheme)
|
204
|
-
end
|
205
|
-
{ :display_name=>display_name, :link=>link.to_s, :image_url=>image_url.to_s, :redirect_uri=>redirect_uri.to_s }
|
206
|
-
end
|
207
|
-
|
208
|
-
def client_as_json(client, with_stats = false)
|
209
|
-
{ "id"=>client.id.to_s, "secret"=>client.secret, :redirectUri=>client.redirect_uri,
|
210
|
-
:displayName=>client.display_name, :link=>client.link, :imageUrl=>client.image_url,
|
211
|
-
:url=>"#{request.script_name}/api/client/#{client.id}",
|
212
|
-
:revoke=>"#{request.script_name}/api/client/#{client.id}/revoke",
|
213
|
-
:created=>client.created_at, :revoked=>client.revoked }
|
214
|
-
end
|
215
|
-
|
216
|
-
def token_as_json(token)
|
217
|
-
{ :token=>token.token, :identity=>token.identity, :scope=>token.scope, :created=>token.created_at,
|
218
|
-
:expired=>token.expires_at, :revoked=>token.revoked,
|
219
|
-
:link=>settings.template_url && settings.template_url.gsub("{id}", token.identity),
|
220
|
-
:revoke=>"#{request.script_name}/api/token/#{token.token}/revoke" }
|
221
|
-
end
|
222
|
-
end
|
223
|
-
|
224
|
-
end
|
225
|
-
end
|
226
|
-
end
|
227
|
-
end
|