rack-oauth2 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,57 +0,0 @@
1
- require 'rubygems'
2
- require 'sinatra'
3
-
4
- use Rack::Session::Cookie
5
-
6
- $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
7
- require 'rack/oauth2'
8
-
9
- get '/oauth/authorize' do
10
- # set realm as server.example.com
11
- authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com")
12
- response = authorization_endpoint.call(env)
13
- case response.first
14
- when 200
15
- request = env['rack.oauth2.request']
16
- # output form
17
- <<-HTML
18
- <form action="/oauth/authorize" method="post">
19
- <input type="hidden" name="client_id" value="#{request.client_id}" />
20
- <input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
21
- <input type="hidden" name="response_type" value="#{request.response_type}" />
22
- <input type="hidden" name="approved" value="true" />
23
- <input type="submit" value="allow">
24
- </form>
25
- <form action="/oauth/authorize" method="post">
26
- <input type="hidden" name="client_id" value="#{request.client_id}" />
27
- <input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
28
- <input type="hidden" name="response_type" value="#{request.response_type}" />
29
- <input type="hidden" name="response_type" value="code" />
30
- <input type="submit" value="deny">
31
- </form>
32
- HTML
33
- else
34
- # redirect response with error message
35
- response
36
- end
37
- end
38
-
39
- post '/oauth/authorize' do
40
- # set realm as server.example.com
41
- authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com") do |request, response|
42
- params = env['rack.request.form_hash']
43
- if params['approved']
44
- response.approve!
45
- case request.response_type
46
- when :code
47
- response.code = 'code'
48
- when :token
49
- response.access_token = 'access_token'
50
- response.expires_in = 3600
51
- end
52
- else
53
- raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri, :state => request.state)
54
- end
55
- end
56
- authorization_endpoint.call(env)
57
- end
@@ -1,100 +0,0 @@
1
- # = Usage
2
- #
3
- # == Pre-required models (define by yourself)
4
- #
5
- # * Oauth2::Client
6
- # * Oauth2::AccessToken
7
- # * Oauth2::RefreshToken
8
- # * Oauth2::AuthorizationCode
9
-
10
- class Oauth2Controller < ApplicationController
11
- before_filter :require_authentication, :only => :authorize
12
-
13
- def authorize
14
- if request.post?
15
- status, header, response = authorization_endpoint_authenticator.call(request.env)
16
- case status
17
- when 302
18
- redirect_to header['Location']
19
- else
20
- render :status => status, :json => response.body
21
- end
22
- else
23
- # render approval page to the resource owner
24
- end
25
- end
26
-
27
- def token
28
- status, header, res = token_endpoint_authenticator.call(request.env)
29
- response.headers.merge!(header)
30
- render :status => status, :text => res.body
31
- end
32
-
33
- private
34
-
35
- def authorization_endpoint_authenticator
36
- # set realm as server.example.com
37
- Rack::OAuth2::Server::Authorization.new('server.example.com') do |req, res|
38
- client = Oauth2::Client.find_by_identifier(req.client_id)
39
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
40
- if params[:approve]
41
- res.authorize!
42
- case req.response_type
43
- when :code
44
- authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
45
- res.code = authorization_code.code
46
- when :token
47
- access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
48
- res.access_token = access_token.token
49
- res.expires_in = access_token.expires_in
50
- when :code_and_token
51
- authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
52
- access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
53
- res.code = authorization_code.code
54
- res.access_token = access_token.token
55
- res.expires_in = access_token.expires_in
56
- end
57
- else
58
- raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => req.redirect_uri, :state => req.state)
59
- end
60
- end
61
- end
62
-
63
- def token_endpoint_authenticator
64
- # set realm as server.example.com
65
- Rack::OAuth2::Server::Token.new('server.example.com') do |req, res|
66
- case req.grant_type
67
- when :authorization_code
68
- begin
69
- @user, @client = Oauth2::AuthorizationCode.authenticate!(req.code)
70
- rescue Oauth2::AuthorizationCode::InvalidCode
71
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
72
- end
73
- when :refresh_token
74
- begin
75
- @user, @client = Oauth2::RefreshToken.authenticate!(req.refresh_token)
76
- rescue Oauth2::AuthorizationCode::InvalidToken
77
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
78
- end
79
- when :password
80
- begin
81
- @user = User.authenticate!(req.username, req.password)
82
- @client = Oauth2::Client.find_by_identifier(req.client_id)
83
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
84
- rescue User::InvalidCredentials
85
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource ownwer credentials.')
86
- end
87
- when :assertion
88
- # I'm not familiar with SAML, so raise error for now.
89
- raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "SAML is out of the Rails.")
90
- else
91
- raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "'#{req.grant_type}' isn't supported.")
92
- end
93
- access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
94
- res.access_token = access_token.token
95
- res.expires_in = access_token.expires_in
96
- end
97
- end
98
-
99
- end
100
-
@@ -1,20 +0,0 @@
1
- require 'rubygems'
2
- require 'sinatra'
3
-
4
- use Rack::Session::Cookie
5
-
6
- $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
7
- require 'rack/oauth2'
8
-
9
- use Rack::OAuth2::Server::Token do |request, response|
10
- # allow everything
11
- response.access_token = 'access_token'
12
- response.expires_in = 3600
13
- response.refresh_token = 'refresh_token'
14
- end
15
-
16
- get '/oauth/token' do
17
- end
18
-
19
- post '/oauth/token' do
20
- end