rack-oauth2 0.0.0

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 nov matake
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,18 @@
+= rack-oauth2
+
+Currently working on OAuth Authorization/Resource Server implementation based on draft v.10
+http://tools.ietf.org/html/draft-ietf-oauth-v2-10
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 nov matake. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,46 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = 'rack-oauth2'
+    gem.summary = %Q{Rack Middleware for OAuth2 Client & Server}
+    gem.description = %Q{Rack Middleware for OAuth2 Client & Server, currently working on server code first.}
+    gem.email = 'nov@matake.jp'
+    gem.homepage = 'http://github.com/nov/rack-oauth2'
+    gem.authors = ['nov matake']
+    gem.add_dependency 'json'
+    gem.add_development_dependency 'rspec', '>= 1.2.9'
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts 'Jeweler (or a dependency) not available. Install it with: gem install jeweler'
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ''
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = 'rack-oauth2 #{version}'
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.0

data/example/server/authorize.rb

@@ -0,0 +1,55 @@
+require 'rubygems'
+require 'sinatra'
+
+use Rack::Session::Cookie
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
+require 'rack/oauth2'
+
+get '/oauth/authorize' do
+  authorization_endpoint = Rack::OAuth2::Server::Authorization.new(self)
+  response = authorization_endpoint.call(env)
+  case response.first
+  when 200
+    request = env['rack.oauth2.request']
+    # output form
+    <<-HTML
+    <form action="/oauth/authorize" method="post">
+      <input type="hidden" name="client_id" value="#{request.client_id}" />
+      <input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
+      <input type="hidden" name="response_type" value="#{request.response_type}" />
+      <input type="hidden" name="approved" value="true" />
+      <input type="submit" value="allow">
+    </form>
+    <form action="/oauth/authorize" method="post">
+      <input type="hidden" name="client_id" value="#{request.client_id}" />
+      <input type="hidden" name="redirect_uri" value="#{request.redirect_uri}" />
+      <input type="hidden" name="response_type" value="#{request.response_type}" />
+      <input type="hidden" name="response_type" value="code" />
+      <input type="submit" value="deny">
+    </form>
+    HTML
+  else
+    response
+  end
+end
+
+post '/oauth/authorize' do
+  authorization_endpoint = Rack::OAuth2::Server::Authorization.new(self) do |request, response|
+    # allow everything
+    params = env['rack.request.form_hash']
+    if params['approved']
+      response.approve!
+      case request
+      when Rack::OAuth2::Server::Authorization::Code::Request
+        response.code = 'code'
+      when Rack::OAuth2::Server::Authorization::Token::Request
+        response.access_token = 'access_token'
+        response.expires_in = 3600
+      end
+    else
+      raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.')
+    end
+  end
+  authorization_endpoint.call(env)
+end

data/example/server/token.rb

@@ -0,0 +1,21 @@
+require 'rubygems'
+require 'sinatra'
+
+use Rack::Session::Cookie
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
+require 'rack/oauth2'
+
+use Rack::OAuth2::Server::Token do |request, response|
+  p request, request.required_params
+  # allow everything
+  response.access_token = 'access_token'
+  response.expires_in = 3600
+  response.refresh_token = 'refresh_token'
+end
+
+get '/oauth/token' do
+end
+
+post '/oauth/token' do
+end

data/lib/rack/oauth2.rb

@@ -0,0 +1,2 @@
+require 'json'
+require 'rack/oauth2/server'

data/lib/rack/oauth2/server.rb

@@ -0,0 +1,4 @@
+require 'rack/oauth2/server/error'
+require 'rack/oauth2/server/abstract'
+require 'rack/oauth2/server/authorization'
+require 'rack/oauth2/server/token'

data/lib/rack/oauth2/server/abstract.rb

@@ -0,0 +1,3 @@
+require 'rack/oauth2/server/abstract/handler'
+require 'rack/oauth2/server/abstract/request'
+require 'rack/oauth2/server/abstract/response'

data/lib/rack/oauth2/server/abstract/handler.rb

@@ -0,0 +1,20 @@
+require 'rack/auth/abstract/handler'
+
+module Rack
+  module OAuth2
+    module Server
+      module Abstract
+        class Handler < Rack::Auth::AbstractHandler
+          attr_accessor :request, :response
+
+          def call(env)
+            @authenticator.call(@request, @response) if @authenticator
+            env['rack.oauth2.request'] = @request
+            env['rack.oauth2.response'] = @response
+            @response
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/abstract/request.rb

@@ -0,0 +1,28 @@
+module Rack
+  module OAuth2
+    module Server
+      module Abstract
+        class Request < Rack::Request
+          def initialize(env)
+            super
+            verify_required_params!
+          end
+
+          def required_params
+            raise "Implement verify_required_params! in #{self.class}"
+          end
+
+          def verify_required_params!
+            missing_params = []
+            required_params.each do |key|
+              missing_params << key unless params[key.to_s]
+            end
+            unless missing_params.empty?
+              raise BadRequest.new(:invalid_request, "'#{missing_params.join('\', \'')}' required")
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/abstract/response.rb

@@ -0,0 +1,13 @@
+module Rack
+  module OAuth2
+    module Server
+      module Abstract
+        class Response < Rack::Response
+          def initialize(request)
+            super([], 200, {})
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorization.rb

@@ -0,0 +1,66 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorization < Abstract::Handler
+
+        def call(env)
+          request = Request.new(env)
+          request.profile.new(@app, @realm, &@authenticator).call(env).finish
+        rescue Error => e
+          e.finish
+        end
+
+        class Request < Abstract::Request
+          attr_accessor :response_type, :client_id, :redirect_uri, :scope, :state
+
+          def initialize(env)
+            super
+            @client_id    = params['client_id']
+            @redirect_uri = URI.parse(params['redirect_uri']) rescue nil
+            @scope        = Array(params['scope'].to_s.split(' '))
+            @state        = params['state']
+          end
+
+          def required_params
+            [:response_type, :client_id, :redirect_uri]
+          end
+
+          def profile
+            case params['response_type']
+            when 'code'
+              Code
+            when 'token'
+              Token
+            when 'token_and_code'
+              CodeAndToken
+            else
+              raise BadRequest.new(:unsupported_response_type, "'#{params['response_type']}' isn't supported.")
+            end
+          end
+        end
+
+        class Response < Abstract::Response
+          attr_accessor :redirect_uri, :state, :approved
+
+          def initialize(request)
+            @redirect_uri = request.redirect_uri
+            @state = request.state
+            super
+          end
+
+          def approved?
+            @approved
+          end
+
+          def approve!
+            @approved = true
+          end
+        end
+
+      end
+    end
+  end
+end
+
+require 'rack/oauth2/server/authorization/code'
+require 'rack/oauth2/server/authorization/token'

data/lib/rack/oauth2/server/authorization/code.rb

@@ -0,0 +1,39 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorization
+        class Code < Abstract::Handler
+
+          def call(env)
+            @request  = Request.new(env)
+            @response = Response.new(request)
+            super
+          end
+
+          class Request < Authorization::Request
+            def initialize(env)
+              super
+              @response_type = 'code'
+            end
+          end
+
+          class Response < Authorization::Response
+            attr_accessor :code
+
+            def finish
+              if approved?
+                query_params = Array(redirect_uri.query)
+                query_params << "code=#{URI.encode code}"
+                query_params << "state=#{URI.encode state}" if state
+                redirect_uri.query = query_params.join('&')
+                redirect redirect_uri.to_s
+              end
+              super
+            end
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorization/code_and_token.rb

@@ -0,0 +1,37 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorization
+        class CodeAndToken < Abstract::Handler
+
+          def call(env)
+            @request  = Request.new(env)
+            @response = Response.new(request)
+            super
+          end
+
+          class Request < Authorization::Request
+            def initialize(env)
+              super
+              # TODO
+            end
+
+            def requred_params
+              # TODO
+            end
+          end
+
+          class Response < Authorization::Response
+            def finish
+              if approved?
+                # TODO
+              end
+              super
+            end
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorization/token.rb

@@ -0,0 +1,41 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorization
+        class Token < Abstract::Handler
+
+          def call(env)
+            @request  = Request.new(env)
+            @response = Response.new(request)
+            super
+          end
+
+          class Request < Authorization::Request
+            def initialize(env)
+              super
+              @response_type = 'token'
+            end
+          end
+
+          class Response < Authorization::Response
+            attr_accessor :access_token, :expires_in, :scope
+
+            def finish
+              if approved?
+                fragment = Array(redirect_uri.fragment)
+                fragment << "access_token=#{URI.encode access_token}"
+                fragment << "expires_in=#{URI.encode expires_in.to_s}" if expires_in
+                fragment << "scope=#{URI.encode Array(scope).join(' ')}" if scope
+                query_params << "state=#{URI.encode state}" if state
+                redirect_uri.fragment = fragment.join('&')
+                redirect redirect_uri.to_s
+              end
+              super
+            end
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/error.rb

@@ -0,0 +1,43 @@
+module Rack
+  module OAuth2
+    module Server
+
+      class Error < StandardError
+        attr_accessor :code, :error, :description, :uri, :state
+
+        def initialize(code, error, description, options = {})
+          @code = code
+          @error = error
+          @description = description
+          @uri = options[:uri]
+          @state = options[:state]
+        end
+
+        def finish
+          [code, {'Content-Type' => 'application/json'}, response.to_json]
+        end
+
+        def response
+          response = {:error => error}
+          response[:error_description] = description if description
+          response[:error_uri] = uri if uri
+          response[:state] = state if state
+          response
+        end
+      end
+
+      class Unauthorized < Error
+        def initialize(error, description, options = {})
+          super(401, error, description, options)
+        end
+      end
+
+      class BadRequest < Error
+        def initialize(error, description, options = {})
+          super(400, error, description, options)
+        end
+      end
+
+    end
+  end
+end

data/lib/rack/oauth2/server/token.rb

@@ -0,0 +1,64 @@
+module Rack
+  module OAuth2
+    module Server
+      class Token < Abstract::Handler
+        attr_accessor :grant_type, :optional_authentication
+
+        def call(env)
+          request = Request.new(env)
+          request.profile.new(@app, @realm, &@authenticator).call(env).finish
+        rescue Error => e
+          e.finish
+        end
+
+        class Request < Abstract::Request
+          attr_accessor :client_id, :client_secret, :code, :redirect_uri, :scope
+
+          def initialize(env)
+            super
+            @client_id     = params['client_id']
+            @client_secret = params['client_secret']
+            @scope         = Array(params['scope'].to_s.split(' '))
+          end
+
+          def required_params
+            [:grant_type, :client_id]
+          end
+
+          def profile(allow_no_profile = false)
+            case params['grant_type']
+            when 'authorization_code'
+              AuthorizationCode
+            when 'password'
+              Password
+            when 'assertion'
+              Assertion
+            when 'refresh_token'
+              RefreshToken
+            else
+              raise BadRequest.new(:unsupported_grant_type, "'#{params['invalid_grant']}' isn't supported.")
+            end
+          end
+        end
+
+        class Response < Abstract::Response
+          attr_accessor :access_token, :expires_in, :refresh_token, :scope
+
+          def finish
+            response = {:access_token => access_token}
+            response[:expires_in] = expires_in if expires_in
+            response[:refresh_token] = refresh_token if refresh_token
+            response[:scope] = Array(scope).join(' ') if scope
+            [200, {'Content-Type' => "application/json"}, response.to_json]
+          end
+        end
+
+      end
+    end
+  end
+end
+
+require 'rack/oauth2/server/token/authorization_code'
+require 'rack/oauth2/server/token/password'
+require 'rack/oauth2/server/token/assertion'
+require 'rack/oauth2/server/token/refresh_token'

data/lib/rack/oauth2/server/token/assertion.rb

@@ -0,0 +1,30 @@
+module Rack
+  module OAuth2
+    module Server
+      class Token
+        class Assertion < Abstract::Handler
+
+          def call(env)
+            @request  = Request.new(env)
+            @response = Response.new(request)
+            super
+          end
+
+          class Request < Token::Request
+            def initialize(env)
+              # TODO
+            end
+
+            def required_params
+              # TODO
+            end
+          end
+
+          class Response < Token::Response
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/token/authorization_code.rb

@@ -0,0 +1,36 @@
+module Rack
+  module OAuth2
+    module Server
+      class Token
+        class AuthorizationCode < Abstract::Handler
+
+          def call(env)
+            @request  = Request.new(env)
+            @response = Response.new(request)
+            super
+          end
+
+          class Request < Token::Request
+            attr_accessor :client_id, :client_secret, :code, :redirect_uri, :scope
+
+            def initialize(env)
+              super
+              @grant_type   = 'authorization_code'
+              @code         = params['code']
+              @redirect_uri = URI.parse(params['redirect_uri']) rescue nil
+              @scope        = Array(params['scope'].to_s.split(' '))
+            end
+
+            def required_params
+              super + [:code, :redirect_uri]
+            end
+          end
+
+          class Response < Token::Response
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/token/password.rb

@@ -0,0 +1,35 @@
+module Rack
+  module OAuth2
+    module Server
+      class Token
+        class Password < Abstract::Handler
+
+          def call(env)
+            @request  = Request.new(env)
+            @response = Response.new(request)
+            super
+          end
+
+          class Request < Token::Request
+            attr_reader :username, :password
+
+            def initialize(env)
+              super
+              @grant_type = 'password'
+              @username   = params['username']
+              @password   = params['password']
+            end
+
+            def required_params
+              super + [:username, :password]
+            end
+          end
+
+          class Response < Token::Response
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/token/refresh_token.rb

@@ -0,0 +1,30 @@
+module Rack
+  module OAuth2
+    module Server
+      class Token
+        class RefreshToken < Abstract::Handler
+
+          def call(env)
+            @request  = Request.new(env)
+            @response = Response.new(request)
+            super
+          end
+
+          class Request < Token::Request
+            def initialize(env)
+              # TODO
+            end
+
+            def required_params
+              # TODO
+            end
+          end
+
+          class Response < Token::Response
+          end
+
+        end
+      end
+    end
+  end
+end

data/spec/rack/oauth2_spec.rb

@@ -0,0 +1,7 @@
+require File.join(File.dirname(__FILE__), '../spec_helper')
+
+describe Rack::OAuth2 do
+  it "fails" do
+    fail "hey buddy, you should probably rename this file and start specing for real"
+  end
+end

data/spec/spec.opts

@@ -0,0 +1 @@
+--color

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/oauth2'
+require 'spec'
+require 'spec/autorun'
+
+Spec::Runner.configure do |config|
+  
+end

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification 
+name: rack-oauth2
+version: !ruby/object:Gem::Version 
+  hash: 31
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 0
+  version: 0.0.0
+platform: ruby
+authors: 
+- nov matake
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-13 00:00:00 +09:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: json
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 13
+        segments: 
+        - 1
+        - 2
+        - 9
+        version: 1.2.9
+  type: :development
+  version_requirements: *id002
+description: Rack Middleware for OAuth2 Client & Server, currently working on server code first.
+email: nov@matake.jp
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- example/server/authorize.rb
+- example/server/token.rb
+- lib/rack/oauth2.rb
+- lib/rack/oauth2/server.rb
+- lib/rack/oauth2/server/abstract.rb
+- lib/rack/oauth2/server/abstract/handler.rb
+- lib/rack/oauth2/server/abstract/request.rb
+- lib/rack/oauth2/server/abstract/response.rb
+- lib/rack/oauth2/server/authorization.rb
+- lib/rack/oauth2/server/authorization/code.rb
+- lib/rack/oauth2/server/authorization/code_and_token.rb
+- lib/rack/oauth2/server/authorization/token.rb
+- lib/rack/oauth2/server/error.rb
+- lib/rack/oauth2/server/token.rb
+- lib/rack/oauth2/server/token/assertion.rb
+- lib/rack/oauth2/server/token/authorization_code.rb
+- lib/rack/oauth2/server/token/password.rb
+- lib/rack/oauth2/server/token/refresh_token.rb
+- spec/rack/oauth2_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/nov/rack-oauth2
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Rack Middleware for OAuth2 Client & Server
+test_files: 
+- spec/rack/oauth2_spec.rb
+- spec/spec_helper.rb