rack-oauth2 0.0.9 → 0.1.0

data/README.rdoc

@@ -1,9 +1,39 @@
 = rack-oauth2
 
-Currently working on OAuth Authorization/Resource Server implementation based on draft v.10
+Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.
+
+This gem is based on OAuth 2.0 draft v.10
 http://tools.ietf.org/html/draft-ietf-oauth-v2-10
 
-== Note on Patches/Pull Requests
+== Installation
+
+  gem install fb_graph
+
+== Resources
+
+* View RDoc on RDoc.info (http://rdoc.info/github/nov/rack-oauth2)
+* View Source on GitHub (http://github.com/nov/rack-oauth2)
+* Report Issues on GitHub (http://github.com/nov/rack-oauth2/issues)
+
+== Usage
+
+See examples
+
+=== End User Authorization Endpoint
+
+* example/server/oauth2_controller.rb (Rails)
+* example/server/authorize.rb (Sinatra)
+
+=== Token Endpoint
+
+* example/server/oauth2_controller.rb (Rails)
+* example/server/token.rb (Sinatra)
+
+=== Protected Resource Endpoint
+
+TODO:
+
+=== Note on Patches/Pull Requests
  
 * Fork the project.
 * Make your feature addition or bug fix.

data/Rakefile

@@ -6,7 +6,7 @@ begin
   Jeweler::Tasks.new do |gem|
     gem.name = 'rack-oauth2'
     gem.summary = %Q{Rack Middleware for OAuth2 Client & Server}
-    gem.description = %Q{Rack Middleware for OAuth2 Client & Server, currently working on server code first.}
+    gem.description = %Q{Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.}
     gem.email = 'nov@matake.jp'
     gem.homepage = 'http://github.com/nov/rack-oauth2'
     gem.authors = ['nov matake']

data/VERSION

@@ -1 +1 @@
-0.0.9
+0.1.0

data/example/server/authorize.rb

@@ -7,7 +7,8 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
 require 'rack/oauth2'
 
 get '/oauth/authorize' do
-  authorization_endpoint = Rack::OAuth2::Server::Authorize.new(self)
+  # set realm as server.example.com
+  authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com")
   response = authorization_endpoint.call(env)
   case response.first
   when 200
@@ -30,20 +31,21 @@ get '/oauth/authorize' do
     </form>
     HTML
   else
+    # redirect response with error message
     response
   end
 end
 
 post '/oauth/authorize' do
-  authorization_endpoint = Rack::OAuth2::Server::Authorize.new(self) do |request, response|
-    # allow everything
+  # set realm as server.example.com
+  authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com") do |request, response|
     params = env['rack.request.form_hash']
     if params['approved']
       response.approve!
-      case request
-      when Rack::OAuth2::Server::Authorization::Code::Request
+      case request.response_type
+      when :code
         response.code = 'code'
-      when Rack::OAuth2::Server::Authorization::Token::Request
+      when :token
         response.access_token = 'access_token'
         response.expires_in = 3600
       end

data/example/server/oauth2_controller.rb

@@ -1,24 +1,100 @@
+# = Usage
+# 
+# == Pre-required models (define by yourself)
+# 
+# * Oauth2::Client
+# * Oauth2::AccessToken
+# * Oauth2::RefreshToken
+# * Oauth2::AuthorizationCode
+
 class Oauth2Controller < ApplicationController
+  before_filter :require_authentication, :only => :authorize
 
   def authorize
-    authorization_endpoint = Rack::OAuth2::Server::Authorization.new(self) do |req, res|
-      # TODO
-    end
-    status, header, body = authorization_endpoint.call(request.env)
-    case status
-    when 302
-      redirect_to header['Location']
+    if request.post?
+      status, header, response = authorization_endpoint_authenticator.call(request.env)
+      case status
+      when 302
+        redirect_to header['Location']
+      else
+        render :status => status, :json => response.body
+      end
     else
-      render :status => status, :json => body
+      # render approval page to the resource owner
     end
   end
 
   def token
-    token_endpoint = Rack::OAuth2::Server::Token.new(self) do |req, res|
-      # TODO
+    status, header, res = token_endpoint_authenticator.call(request.env)
+    response.headers.merge!(header)
+    render :status => status, :text => res.body
+  end
+
+  private
+
+  def authorization_endpoint_authenticator
+    # set realm as server.example.com
+    Rack::OAuth2::Server::Authorization.new('server.example.com') do |req, res|
+      client = Oauth2::Client.find_by_identifier(req.client_id)
+      raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
+      if params[:approve]
+        res.authorize!
+        case req.response_type
+        when :code
+          authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
+          res.code = authorization_code.code
+        when :token
+          access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
+          res.access_token = access_token.token
+          res.expires_in = access_token.expires_in
+        when :code_and_token
+          authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
+          access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
+          res.code = authorization_code.code
+          res.access_token = access_token.token
+          res.expires_in = access_token.expires_in
+        end
+      else
+        raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => req.redirect_uri, :state => req.state)
+      end
+    end
+  end
+
+  def token_endpoint_authenticator
+    # set realm as server.example.com
+    Rack::OAuth2::Server::Token.new('server.example.com') do |req, res|
+      case req.grant_type
+      when :authorization_code
+        begin
+          @user, @client = Oauth2::AuthorizationCode.authenticate!(req.code)
+        rescue Oauth2::AuthorizationCode::InvalidCode
+          raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
+        end
+      when :refresh_token
+        begin
+          @user, @client = Oauth2::RefreshToken.authenticate!(req.refresh_token)
+        rescue Oauth2::AuthorizationCode::InvalidToken
+          raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
+        end
+      when :password
+        begin
+          @user = User.authenticate!(req.username, req.password)
+          @client = Oauth2::Client.find_by_identifier(req.client_id)
+          raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
+        rescue User::InvalidCredentials
+          raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource ownwer credentials.')
+        end
+      when :assertion
+        # I'm not familiar with SAML, so raise error for now.
+        raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "SAML is out of the Rails.")
+      else
+        raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "'#{req.grant_type}' isn't supported.")
+      end
+      access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
+      res.access_token = access_token.token
+      res.expires_in = access_token.expires_in
     end
-    status, header, body = token_endpoint.call(request.env)
-    render :status => status, :json => body
   end
 
 end
+

data/rack-oauth2.gemspec

@@ -5,12 +5,12 @@
 
 Gem::Specification.new do |s|
   s.name = %q{rack-oauth2}
-  s.version = "0.0.9"
+  s.version = "0.1.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["nov matake"]
-  s.date = %q{2010-09-17}
-  s.description = %q{Rack Middleware for OAuth2 Client & Server, currently working on server code first.}
+  s.date = %q{2010-09-18}
+  s.description = %q{Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.}
   s.email = %q{nov@matake.jp}
   s.extra_rdoc_files = [
     "LICENSE",

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-oauth2
 version: !ruby/object:Gem::Version 
-  hash: 13
+  hash: 27
   prerelease: false
   segments: 
   - 0
+  - 1
   - 0
-  - 9
-  version: 0.0.9
+  version: 0.1.0
 platform: ruby
 authors: 
 - nov matake
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-17 00:00:00 +09:00
+date: 2010-09-18 00:00:00 +09:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -62,7 +62,7 @@ dependencies:
         version: 1.2.9
   type: :development
   version_requirements: *id003
-description: Rack Middleware for OAuth2 Client & Server, currently working on server code first.
+description: Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.
 email: nov@matake.jp
 executables: []