rack-oauth2 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (29) hide show
  1. data/README.rdoc +15 -11
  2. data/Rakefile +2 -1
  3. data/VERSION +1 -1
  4. data/lib/rack/oauth2/server/abstract/request.rb +13 -7
  5. data/lib/rack/oauth2/server/authorize.rb +3 -1
  6. data/lib/rack/oauth2/server/error.rb +18 -18
  7. data/lib/rack/oauth2/server/error/authorize.rb +54 -0
  8. data/lib/rack/oauth2/server/error/resource.rb +50 -0
  9. data/lib/rack/oauth2/server/error/token.rb +59 -0
  10. data/lib/rack/oauth2/server/resource.rb +14 -11
  11. data/lib/rack/oauth2/server/token.rb +16 -5
  12. data/rack-oauth2.gemspec +14 -6
  13. data/spec/rack/oauth2/server/authorize/code_and_token_spec.rb +14 -4
  14. data/spec/rack/oauth2/server/authorize/code_spec.rb +14 -4
  15. data/spec/rack/oauth2/server/authorize/token_spec.rb +14 -4
  16. data/spec/rack/oauth2/server/error/authorize_spec.rb +103 -0
  17. data/spec/rack/oauth2/server/error/resource_spec.rb +69 -0
  18. data/spec/rack/oauth2/server/error/token_spec.rb +115 -0
  19. data/spec/rack/oauth2/server/error_spec.rb +35 -5
  20. data/spec/rack/oauth2/server/resource_spec.rb +36 -6
  21. data/spec/rack/oauth2/server/token/assertion_spec.rb +9 -6
  22. data/spec/rack/oauth2/server/token/authorization_code_spec.rb +60 -18
  23. data/spec/rack/oauth2/server/token/password_spec.rb +9 -6
  24. data/spec/rack/oauth2/server/token/refresh_token_spec.rb +9 -6
  25. data/spec/rack/oauth2/server/util_spec.rb +26 -0
  26. metadata +16 -8
  27. data/example/server/authorize.rb +0 -57
  28. data/example/server/oauth2_controller.rb +0 -100
  29. data/example/server/token.rb +0 -20
data/example/server/authorize.rb DELETED
@@ -1,57 +0,0 @@
1
- require 'rubygems'
2
- require 'sinatra'
3
-
4
- use Rack::Session::Cookie
5
-
6
- $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
7
- require 'rack/oauth2'
8
-
9
- get '/oauth/authorize' do
10
- # set realm as server.example.com
11
- authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com")
12
- response = authorization_endpoint.call(env)
13
- case response.first
14
- when 200
15
- request = env['rack.oauth2.request']
16
- # output form
17
- <<-HTML
18
- <form action="/oauth/authorize" method="post">
19
- <input type="hidden" name="client_id" value="#{request.client_id}" />
20
- <input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
21
- <input type="hidden" name="response_type" value="#{request.response_type}" />
22
- <input type="hidden" name="approved" value="true" />
23
- <input type="submit" value="allow">
24
- </form>
25
- <form action="/oauth/authorize" method="post">
26
- <input type="hidden" name="client_id" value="#{request.client_id}" />
27
- <input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
28
- <input type="hidden" name="response_type" value="#{request.response_type}" />
29
- <input type="hidden" name="response_type" value="code" />
30
- <input type="submit" value="deny">
31
- </form>
32
- HTML
33
- else
34
- # redirect response with error message
35
- response
36
- end
37
- end
38
-
39
- post '/oauth/authorize' do
40
- # set realm as server.example.com
41
- authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com") do |request, response|
42
- params = env['rack.request.form_hash']
43
- if params['approved']
44
- response.approve!
45
- case request.response_type
46
- when :code
47
- response.code = 'code'
48
- when :token
49
- response.access_token = 'access_token'
50
- response.expires_in = 3600
51
- end
52
- else
53
- raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri, :state => request.state)
54
- end
55
- end
56
- authorization_endpoint.call(env)
57
- end
data/example/server/oauth2_controller.rb DELETED
@@ -1,100 +0,0 @@
1
- # = Usage
2
- #
3
- # == Pre-required models (define by yourself)
4
- #
5
- # * Oauth2::Client
6
- # * Oauth2::AccessToken
7
- # * Oauth2::RefreshToken
8
- # * Oauth2::AuthorizationCode
9
-
10
- class Oauth2Controller < ApplicationController
11
- before_filter :require_authentication, :only => :authorize
12
-
13
- def authorize
14
- if request.post?
15
- status, header, response = authorization_endpoint_authenticator.call(request.env)
16
- case status
17
- when 302
18
- redirect_to header['Location']
19
- else
20
- render :status => status, :json => response.body
21
- end
22
- else
23
- # render approval page to the resource owner
24
- end
25
- end
26
-
27
- def token
28
- status, header, res = token_endpoint_authenticator.call(request.env)
29
- response.headers.merge!(header)
30
- render :status => status, :text => res.body
31
- end
32
-
33
- private
34
-
35
- def authorization_endpoint_authenticator
36
- # set realm as server.example.com
37
- Rack::OAuth2::Server::Authorization.new('server.example.com') do |req, res|
38
- client = Oauth2::Client.find_by_identifier(req.client_id)
39
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
40
- if params[:approve]
41
- res.authorize!
42
- case req.response_type
43
- when :code
44
- authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
45
- res.code = authorization_code.code
46
- when :token
47
- access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
48
- res.access_token = access_token.token
49
- res.expires_in = access_token.expires_in
50
- when :code_and_token
51
- authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
52
- access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
53
- res.code = authorization_code.code
54
- res.access_token = access_token.token
55
- res.expires_in = access_token.expires_in
56
- end
57
- else
58
- raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => req.redirect_uri, :state => req.state)
59
- end
60
- end
61
- end
62
-
63
- def token_endpoint_authenticator
64
- # set realm as server.example.com
65
- Rack::OAuth2::Server::Token.new('server.example.com') do |req, res|
66
- case req.grant_type
67
- when :authorization_code
68
- begin
69
- @user, @client = Oauth2::AuthorizationCode.authenticate!(req.code)
70
- rescue Oauth2::AuthorizationCode::InvalidCode
71
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
72
- end
73
- when :refresh_token
74
- begin
75
- @user, @client = Oauth2::RefreshToken.authenticate!(req.refresh_token)
76
- rescue Oauth2::AuthorizationCode::InvalidToken
77
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
78
- end
79
- when :password
80
- begin
81
- @user = User.authenticate!(req.username, req.password)
82
- @client = Oauth2::Client.find_by_identifier(req.client_id)
83
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
84
- rescue User::InvalidCredentials
85
- raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource ownwer credentials.')
86
- end
87
- when :assertion
88
- # I'm not familiar with SAML, so raise error for now.
89
- raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "SAML is out of the Rails.")
90
- else
91
- raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "'#{req.grant_type}' isn't supported.")
92
- end
93
- access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
94
- res.access_token = access_token.token
95
- res.expires_in = access_token.expires_in
96
- end
97
- end
98
-
99
- end
100
-
data/example/server/token.rb DELETED
@@ -1,20 +0,0 @@
1
- require 'rubygems'
2
- require 'sinatra'
3
-
4
- use Rack::Session::Cookie
5
-
6
- $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
7
- require 'rack/oauth2'
8
-
9
- use Rack::OAuth2::Server::Token do |request, response|
10
- # allow everything
11
- response.access_token = 'access_token'
12
- response.expires_in = 3600
13
- response.refresh_token = 'refresh_token'
14
- end
15
-
16
- get '/oauth/token' do
17
- end
18
-
19
- post '/oauth/token' do
20
- end