rack-oauth2 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +15 -11
- data/Rakefile +2 -1
- data/VERSION +1 -1
- data/lib/rack/oauth2/server/abstract/request.rb +13 -7
- data/lib/rack/oauth2/server/authorize.rb +3 -1
- data/lib/rack/oauth2/server/error.rb +18 -18
- data/lib/rack/oauth2/server/error/authorize.rb +54 -0
- data/lib/rack/oauth2/server/error/resource.rb +50 -0
- data/lib/rack/oauth2/server/error/token.rb +59 -0
- data/lib/rack/oauth2/server/resource.rb +14 -11
- data/lib/rack/oauth2/server/token.rb +16 -5
- data/rack-oauth2.gemspec +14 -6
- data/spec/rack/oauth2/server/authorize/code_and_token_spec.rb +14 -4
- data/spec/rack/oauth2/server/authorize/code_spec.rb +14 -4
- data/spec/rack/oauth2/server/authorize/token_spec.rb +14 -4
- data/spec/rack/oauth2/server/error/authorize_spec.rb +103 -0
- data/spec/rack/oauth2/server/error/resource_spec.rb +69 -0
- data/spec/rack/oauth2/server/error/token_spec.rb +115 -0
- data/spec/rack/oauth2/server/error_spec.rb +35 -5
- data/spec/rack/oauth2/server/resource_spec.rb +36 -6
- data/spec/rack/oauth2/server/token/assertion_spec.rb +9 -6
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +60 -18
- data/spec/rack/oauth2/server/token/password_spec.rb +9 -6
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +9 -6
- data/spec/rack/oauth2/server/util_spec.rb +26 -0
- metadata +16 -8
- data/example/server/authorize.rb +0 -57
- data/example/server/oauth2_controller.rb +0 -100
- data/example/server/token.rb +0 -20
data/example/server/authorize.rb
DELETED
@@ -1,57 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'sinatra'
|
3
|
-
|
4
|
-
use Rack::Session::Cookie
|
5
|
-
|
6
|
-
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
|
7
|
-
require 'rack/oauth2'
|
8
|
-
|
9
|
-
get '/oauth/authorize' do
|
10
|
-
# set realm as server.example.com
|
11
|
-
authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com")
|
12
|
-
response = authorization_endpoint.call(env)
|
13
|
-
case response.first
|
14
|
-
when 200
|
15
|
-
request = env['rack.oauth2.request']
|
16
|
-
# output form
|
17
|
-
<<-HTML
|
18
|
-
<form action="/oauth/authorize" method="post">
|
19
|
-
<input type="hidden" name="client_id" value="#{request.client_id}" />
|
20
|
-
<input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
|
21
|
-
<input type="hidden" name="response_type" value="#{request.response_type}" />
|
22
|
-
<input type="hidden" name="approved" value="true" />
|
23
|
-
<input type="submit" value="allow">
|
24
|
-
</form>
|
25
|
-
<form action="/oauth/authorize" method="post">
|
26
|
-
<input type="hidden" name="client_id" value="#{request.client_id}" />
|
27
|
-
<input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
|
28
|
-
<input type="hidden" name="response_type" value="#{request.response_type}" />
|
29
|
-
<input type="hidden" name="response_type" value="code" />
|
30
|
-
<input type="submit" value="deny">
|
31
|
-
</form>
|
32
|
-
HTML
|
33
|
-
else
|
34
|
-
# redirect response with error message
|
35
|
-
response
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
post '/oauth/authorize' do
|
40
|
-
# set realm as server.example.com
|
41
|
-
authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com") do |request, response|
|
42
|
-
params = env['rack.request.form_hash']
|
43
|
-
if params['approved']
|
44
|
-
response.approve!
|
45
|
-
case request.response_type
|
46
|
-
when :code
|
47
|
-
response.code = 'code'
|
48
|
-
when :token
|
49
|
-
response.access_token = 'access_token'
|
50
|
-
response.expires_in = 3600
|
51
|
-
end
|
52
|
-
else
|
53
|
-
raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri, :state => request.state)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
authorization_endpoint.call(env)
|
57
|
-
end
|
@@ -1,100 +0,0 @@
|
|
1
|
-
# = Usage
|
2
|
-
#
|
3
|
-
# == Pre-required models (define by yourself)
|
4
|
-
#
|
5
|
-
# * Oauth2::Client
|
6
|
-
# * Oauth2::AccessToken
|
7
|
-
# * Oauth2::RefreshToken
|
8
|
-
# * Oauth2::AuthorizationCode
|
9
|
-
|
10
|
-
class Oauth2Controller < ApplicationController
|
11
|
-
before_filter :require_authentication, :only => :authorize
|
12
|
-
|
13
|
-
def authorize
|
14
|
-
if request.post?
|
15
|
-
status, header, response = authorization_endpoint_authenticator.call(request.env)
|
16
|
-
case status
|
17
|
-
when 302
|
18
|
-
redirect_to header['Location']
|
19
|
-
else
|
20
|
-
render :status => status, :json => response.body
|
21
|
-
end
|
22
|
-
else
|
23
|
-
# render approval page to the resource owner
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
def token
|
28
|
-
status, header, res = token_endpoint_authenticator.call(request.env)
|
29
|
-
response.headers.merge!(header)
|
30
|
-
render :status => status, :text => res.body
|
31
|
-
end
|
32
|
-
|
33
|
-
private
|
34
|
-
|
35
|
-
def authorization_endpoint_authenticator
|
36
|
-
# set realm as server.example.com
|
37
|
-
Rack::OAuth2::Server::Authorization.new('server.example.com') do |req, res|
|
38
|
-
client = Oauth2::Client.find_by_identifier(req.client_id)
|
39
|
-
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
|
40
|
-
if params[:approve]
|
41
|
-
res.authorize!
|
42
|
-
case req.response_type
|
43
|
-
when :code
|
44
|
-
authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
|
45
|
-
res.code = authorization_code.code
|
46
|
-
when :token
|
47
|
-
access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
|
48
|
-
res.access_token = access_token.token
|
49
|
-
res.expires_in = access_token.expires_in
|
50
|
-
when :code_and_token
|
51
|
-
authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
|
52
|
-
access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
|
53
|
-
res.code = authorization_code.code
|
54
|
-
res.access_token = access_token.token
|
55
|
-
res.expires_in = access_token.expires_in
|
56
|
-
end
|
57
|
-
else
|
58
|
-
raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => req.redirect_uri, :state => req.state)
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
def token_endpoint_authenticator
|
64
|
-
# set realm as server.example.com
|
65
|
-
Rack::OAuth2::Server::Token.new('server.example.com') do |req, res|
|
66
|
-
case req.grant_type
|
67
|
-
when :authorization_code
|
68
|
-
begin
|
69
|
-
@user, @client = Oauth2::AuthorizationCode.authenticate!(req.code)
|
70
|
-
rescue Oauth2::AuthorizationCode::InvalidCode
|
71
|
-
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
|
72
|
-
end
|
73
|
-
when :refresh_token
|
74
|
-
begin
|
75
|
-
@user, @client = Oauth2::RefreshToken.authenticate!(req.refresh_token)
|
76
|
-
rescue Oauth2::AuthorizationCode::InvalidToken
|
77
|
-
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
|
78
|
-
end
|
79
|
-
when :password
|
80
|
-
begin
|
81
|
-
@user = User.authenticate!(req.username, req.password)
|
82
|
-
@client = Oauth2::Client.find_by_identifier(req.client_id)
|
83
|
-
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
|
84
|
-
rescue User::InvalidCredentials
|
85
|
-
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource ownwer credentials.')
|
86
|
-
end
|
87
|
-
when :assertion
|
88
|
-
# I'm not familiar with SAML, so raise error for now.
|
89
|
-
raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "SAML is out of the Rails.")
|
90
|
-
else
|
91
|
-
raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "'#{req.grant_type}' isn't supported.")
|
92
|
-
end
|
93
|
-
access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
|
94
|
-
res.access_token = access_token.token
|
95
|
-
res.expires_in = access_token.expires_in
|
96
|
-
end
|
97
|
-
end
|
98
|
-
|
99
|
-
end
|
100
|
-
|
data/example/server/token.rb
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'sinatra'
|
3
|
-
|
4
|
-
use Rack::Session::Cookie
|
5
|
-
|
6
|
-
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
|
7
|
-
require 'rack/oauth2'
|
8
|
-
|
9
|
-
use Rack::OAuth2::Server::Token do |request, response|
|
10
|
-
# allow everything
|
11
|
-
response.access_token = 'access_token'
|
12
|
-
response.expires_in = 3600
|
13
|
-
response.refresh_token = 'refresh_token'
|
14
|
-
end
|
15
|
-
|
16
|
-
get '/oauth/token' do
|
17
|
-
end
|
18
|
-
|
19
|
-
post '/oauth/token' do
|
20
|
-
end
|