rack-oauth2 0.0.9 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data/README.rdoc +32 -2
  2. data/Rakefile +1 -1
  3. data/VERSION +1 -1
  4. data/example/server/authorize.rb +8 -6
  5. data/example/server/oauth2_controller.rb +88 -12
  6. data/rack-oauth2.gemspec +3 -3
  7. metadata +5 -5
data/README.rdoc CHANGED
@@ -1,9 +1,39 @@
1
1
  = rack-oauth2
2
2
 
3
- Currently working on OAuth Authorization/Resource Server implementation based on draft v.10
3
+ Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.
4
+
5
+ This gem is based on OAuth 2.0 draft v.10
4
6
  http://tools.ietf.org/html/draft-ietf-oauth-v2-10
5
7
 
6
- == Note on Patches/Pull Requests
8
+ == Installation
9
+
10
+ gem install fb_graph
11
+
12
+ == Resources
13
+
14
+ * View RDoc on RDoc.info (http://rdoc.info/github/nov/rack-oauth2)
15
+ * View Source on GitHub (http://github.com/nov/rack-oauth2)
16
+ * Report Issues on GitHub (http://github.com/nov/rack-oauth2/issues)
17
+
18
+ == Usage
19
+
20
+ See examples
21
+
22
+ === End User Authorization Endpoint
23
+
24
+ * example/server/oauth2_controller.rb (Rails)
25
+ * example/server/authorize.rb (Sinatra)
26
+
27
+ === Token Endpoint
28
+
29
+ * example/server/oauth2_controller.rb (Rails)
30
+ * example/server/token.rb (Sinatra)
31
+
32
+ === Protected Resource Endpoint
33
+
34
+ TODO:
35
+
36
+ === Note on Patches/Pull Requests
7
37
 
8
38
  * Fork the project.
9
39
  * Make your feature addition or bug fix.
data/Rakefile CHANGED
@@ -6,7 +6,7 @@ begin
6
6
  Jeweler::Tasks.new do |gem|
7
7
  gem.name = 'rack-oauth2'
8
8
  gem.summary = %Q{Rack Middleware for OAuth2 Client & Server}
9
- gem.description = %Q{Rack Middleware for OAuth2 Client & Server, currently working on server code first.}
9
+ gem.description = %Q{Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.}
10
10
  gem.email = 'nov@matake.jp'
11
11
  gem.homepage = 'http://github.com/nov/rack-oauth2'
12
12
  gem.authors = ['nov matake']
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.9
1
+ 0.1.0
data/example/server/authorize.rb CHANGED
@@ -7,7 +7,8 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
7
7
  require 'rack/oauth2'
8
8
 
9
9
  get '/oauth/authorize' do
10
- authorization_endpoint = Rack::OAuth2::Server::Authorize.new(self)
10
+ # set realm as server.example.com
11
+ authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com")
11
12
  response = authorization_endpoint.call(env)
12
13
  case response.first
13
14
  when 200
@@ -30,20 +31,21 @@ get '/oauth/authorize' do
30
31
  </form>
31
32
  HTML
32
33
  else
34
+ # redirect response with error message
33
35
  response
34
36
  end
35
37
  end
36
38
 
37
39
  post '/oauth/authorize' do
38
- authorization_endpoint = Rack::OAuth2::Server::Authorize.new(self) do |request, response|
39
- # allow everything
40
+ # set realm as server.example.com
41
+ authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com") do |request, response|
40
42
  params = env['rack.request.form_hash']
41
43
  if params['approved']
42
44
  response.approve!
43
- case request
44
- when Rack::OAuth2::Server::Authorization::Code::Request
45
+ case request.response_type
46
+ when :code
45
47
  response.code = 'code'
46
- when Rack::OAuth2::Server::Authorization::Token::Request
48
+ when :token
47
49
  response.access_token = 'access_token'
48
50
  response.expires_in = 3600
49
51
  end
data/example/server/oauth2_controller.rb CHANGED
@@ -1,24 +1,100 @@
1
+ # = Usage
2
+ #
3
+ # == Pre-required models (define by yourself)
4
+ #
5
+ # * Oauth2::Client
6
+ # * Oauth2::AccessToken
7
+ # * Oauth2::RefreshToken
8
+ # * Oauth2::AuthorizationCode
9
+
1
10
  class Oauth2Controller < ApplicationController
11
+ before_filter :require_authentication, :only => :authorize
2
12
 
3
13
  def authorize
4
- authorization_endpoint = Rack::OAuth2::Server::Authorization.new(self) do |req, res|
5
- # TODO
6
- end
7
- status, header, body = authorization_endpoint.call(request.env)
8
- case status
9
- when 302
10
- redirect_to header['Location']
14
+ if request.post?
15
+ status, header, response = authorization_endpoint_authenticator.call(request.env)
16
+ case status
17
+ when 302
18
+ redirect_to header['Location']
19
+ else
20
+ render :status => status, :json => response.body
21
+ end
11
22
  else
12
- render :status => status, :json => body
23
+ # render approval page to the resource owner
13
24
  end
14
25
  end
15
26
 
16
27
  def token
17
- token_endpoint = Rack::OAuth2::Server::Token.new(self) do |req, res|
18
- # TODO
28
+ status, header, res = token_endpoint_authenticator.call(request.env)
29
+ response.headers.merge!(header)
30
+ render :status => status, :text => res.body
31
+ end
32
+
33
+ private
34
+
35
+ def authorization_endpoint_authenticator
36
+ # set realm as server.example.com
37
+ Rack::OAuth2::Server::Authorization.new('server.example.com') do |req, res|
38
+ client = Oauth2::Client.find_by_identifier(req.client_id)
39
+ raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
40
+ if params[:approve]
41
+ res.authorize!
42
+ case req.response_type
43
+ when :code
44
+ authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
45
+ res.code = authorization_code.code
46
+ when :token
47
+ access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
48
+ res.access_token = access_token.token
49
+ res.expires_in = access_token.expires_in
50
+ when :code_and_token
51
+ authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
52
+ access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
53
+ res.code = authorization_code.code
54
+ res.access_token = access_token.token
55
+ res.expires_in = access_token.expires_in
56
+ end
57
+ else
58
+ raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => req.redirect_uri, :state => req.state)
59
+ end
60
+ end
61
+ end
62
+
63
+ def token_endpoint_authenticator
64
+ # set realm as server.example.com
65
+ Rack::OAuth2::Server::Token.new('server.example.com') do |req, res|
66
+ case req.grant_type
67
+ when :authorization_code
68
+ begin
69
+ @user, @client = Oauth2::AuthorizationCode.authenticate!(req.code)
70
+ rescue Oauth2::AuthorizationCode::InvalidCode
71
+ raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
72
+ end
73
+ when :refresh_token
74
+ begin
75
+ @user, @client = Oauth2::RefreshToken.authenticate!(req.refresh_token)
76
+ rescue Oauth2::AuthorizationCode::InvalidToken
77
+ raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
78
+ end
79
+ when :password
80
+ begin
81
+ @user = User.authenticate!(req.username, req.password)
82
+ @client = Oauth2::Client.find_by_identifier(req.client_id)
83
+ raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
84
+ rescue User::InvalidCredentials
85
+ raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource ownwer credentials.')
86
+ end
87
+ when :assertion
88
+ # I'm not familiar with SAML, so raise error for now.
89
+ raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "SAML is out of the Rails.")
90
+ else
91
+ raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "'#{req.grant_type}' isn't supported.")
92
+ end
93
+ access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
94
+ res.access_token = access_token.token
95
+ res.expires_in = access_token.expires_in
19
96
  end
20
- status, header, body = token_endpoint.call(request.env)
21
- render :status => status, :json => body
22
97
  end
23
98
 
24
99
  end
100
+
data/rack-oauth2.gemspec CHANGED
@@ -5,12 +5,12 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{rack-oauth2}
8
- s.version = "0.0.9"
8
+ s.version = "0.1.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["nov matake"]
12
- s.date = %q{2010-09-17}
13
- s.description = %q{Rack Middleware for OAuth2 Client & Server, currently working on server code first.}
12
+ s.date = %q{2010-09-18}
13
+ s.description = %q{Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.}
14
14
  s.email = %q{nov@matake.jp}
15
15
  s.extra_rdoc_files = [
16
16
  "LICENSE",
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- hash: 13
4
+ hash: 27
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
+ - 1
8
9
  - 0
9
- - 9
10
- version: 0.0.9
10
+ version: 0.1.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - nov matake
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-09-17 00:00:00 +09:00
18
+ date: 2010-09-18 00:00:00 +09:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -62,7 +62,7 @@ dependencies:
62
62
  version: 1.2.9
63
63
  type: :development
64
64
  version_requirements: *id003
65
- description: Rack Middleware for OAuth2 Client & Server, currently working on server code first.
65
+ description: Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.
66
66
  email: nov@matake.jp
67
67
  executables: []
68
68