rack-oauth2 0.0.9 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +32 -2
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/example/server/authorize.rb +8 -6
- data/example/server/oauth2_controller.rb +88 -12
- data/rack-oauth2.gemspec +3 -3
- metadata +5 -5
data/README.rdoc
CHANGED
@@ -1,9 +1,39 @@
|
|
1
1
|
= rack-oauth2
|
2
2
|
|
3
|
-
|
3
|
+
Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.
|
4
|
+
|
5
|
+
This gem is based on OAuth 2.0 draft v.10
|
4
6
|
http://tools.ietf.org/html/draft-ietf-oauth-v2-10
|
5
7
|
|
6
|
-
==
|
8
|
+
== Installation
|
9
|
+
|
10
|
+
gem install fb_graph
|
11
|
+
|
12
|
+
== Resources
|
13
|
+
|
14
|
+
* View RDoc on RDoc.info (http://rdoc.info/github/nov/rack-oauth2)
|
15
|
+
* View Source on GitHub (http://github.com/nov/rack-oauth2)
|
16
|
+
* Report Issues on GitHub (http://github.com/nov/rack-oauth2/issues)
|
17
|
+
|
18
|
+
== Usage
|
19
|
+
|
20
|
+
See examples
|
21
|
+
|
22
|
+
=== End User Authorization Endpoint
|
23
|
+
|
24
|
+
* example/server/oauth2_controller.rb (Rails)
|
25
|
+
* example/server/authorize.rb (Sinatra)
|
26
|
+
|
27
|
+
=== Token Endpoint
|
28
|
+
|
29
|
+
* example/server/oauth2_controller.rb (Rails)
|
30
|
+
* example/server/token.rb (Sinatra)
|
31
|
+
|
32
|
+
=== Protected Resource Endpoint
|
33
|
+
|
34
|
+
TODO:
|
35
|
+
|
36
|
+
=== Note on Patches/Pull Requests
|
7
37
|
|
8
38
|
* Fork the project.
|
9
39
|
* Make your feature addition or bug fix.
|
data/Rakefile
CHANGED
@@ -6,7 +6,7 @@ begin
|
|
6
6
|
Jeweler::Tasks.new do |gem|
|
7
7
|
gem.name = 'rack-oauth2'
|
8
8
|
gem.summary = %Q{Rack Middleware for OAuth2 Client & Server}
|
9
|
-
gem.description = %Q{Rack Middleware for OAuth2
|
9
|
+
gem.description = %Q{Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.}
|
10
10
|
gem.email = 'nov@matake.jp'
|
11
11
|
gem.homepage = 'http://github.com/nov/rack-oauth2'
|
12
12
|
gem.authors = ['nov matake']
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0
|
1
|
+
0.1.0
|
data/example/server/authorize.rb
CHANGED
@@ -7,7 +7,8 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '../../lib'))
|
|
7
7
|
require 'rack/oauth2'
|
8
8
|
|
9
9
|
get '/oauth/authorize' do
|
10
|
-
|
10
|
+
# set realm as server.example.com
|
11
|
+
authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com")
|
11
12
|
response = authorization_endpoint.call(env)
|
12
13
|
case response.first
|
13
14
|
when 200
|
@@ -30,20 +31,21 @@ get '/oauth/authorize' do
|
|
30
31
|
</form>
|
31
32
|
HTML
|
32
33
|
else
|
34
|
+
# redirect response with error message
|
33
35
|
response
|
34
36
|
end
|
35
37
|
end
|
36
38
|
|
37
39
|
post '/oauth/authorize' do
|
38
|
-
|
39
|
-
|
40
|
+
# set realm as server.example.com
|
41
|
+
authorization_endpoint = Rack::OAuth2::Server::Authorize.new("server.example.com") do |request, response|
|
40
42
|
params = env['rack.request.form_hash']
|
41
43
|
if params['approved']
|
42
44
|
response.approve!
|
43
|
-
case request
|
44
|
-
when
|
45
|
+
case request.response_type
|
46
|
+
when :code
|
45
47
|
response.code = 'code'
|
46
|
-
when
|
48
|
+
when :token
|
47
49
|
response.access_token = 'access_token'
|
48
50
|
response.expires_in = 3600
|
49
51
|
end
|
@@ -1,24 +1,100 @@
|
|
1
|
+
# = Usage
|
2
|
+
#
|
3
|
+
# == Pre-required models (define by yourself)
|
4
|
+
#
|
5
|
+
# * Oauth2::Client
|
6
|
+
# * Oauth2::AccessToken
|
7
|
+
# * Oauth2::RefreshToken
|
8
|
+
# * Oauth2::AuthorizationCode
|
9
|
+
|
1
10
|
class Oauth2Controller < ApplicationController
|
11
|
+
before_filter :require_authentication, :only => :authorize
|
2
12
|
|
3
13
|
def authorize
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
14
|
+
if request.post?
|
15
|
+
status, header, response = authorization_endpoint_authenticator.call(request.env)
|
16
|
+
case status
|
17
|
+
when 302
|
18
|
+
redirect_to header['Location']
|
19
|
+
else
|
20
|
+
render :status => status, :json => response.body
|
21
|
+
end
|
11
22
|
else
|
12
|
-
render
|
23
|
+
# render approval page to the resource owner
|
13
24
|
end
|
14
25
|
end
|
15
26
|
|
16
27
|
def token
|
17
|
-
|
18
|
-
|
28
|
+
status, header, res = token_endpoint_authenticator.call(request.env)
|
29
|
+
response.headers.merge!(header)
|
30
|
+
render :status => status, :text => res.body
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def authorization_endpoint_authenticator
|
36
|
+
# set realm as server.example.com
|
37
|
+
Rack::OAuth2::Server::Authorization.new('server.example.com') do |req, res|
|
38
|
+
client = Oauth2::Client.find_by_identifier(req.client_id)
|
39
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
|
40
|
+
if params[:approve]
|
41
|
+
res.authorize!
|
42
|
+
case req.response_type
|
43
|
+
when :code
|
44
|
+
authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
|
45
|
+
res.code = authorization_code.code
|
46
|
+
when :token
|
47
|
+
access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
|
48
|
+
res.access_token = access_token.token
|
49
|
+
res.expires_in = access_token.expires_in
|
50
|
+
when :code_and_token
|
51
|
+
authorization_code = Oauth2::AuthorizationCode.create(:user => current_user, :client => client)
|
52
|
+
access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
|
53
|
+
res.code = authorization_code.code
|
54
|
+
res.access_token = access_token.token
|
55
|
+
res.expires_in = access_token.expires_in
|
56
|
+
end
|
57
|
+
else
|
58
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => req.redirect_uri, :state => req.state)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def token_endpoint_authenticator
|
64
|
+
# set realm as server.example.com
|
65
|
+
Rack::OAuth2::Server::Token.new('server.example.com') do |req, res|
|
66
|
+
case req.grant_type
|
67
|
+
when :authorization_code
|
68
|
+
begin
|
69
|
+
@user, @client = Oauth2::AuthorizationCode.authenticate!(req.code)
|
70
|
+
rescue Oauth2::AuthorizationCode::InvalidCode
|
71
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
|
72
|
+
end
|
73
|
+
when :refresh_token
|
74
|
+
begin
|
75
|
+
@user, @client = Oauth2::RefreshToken.authenticate!(req.refresh_token)
|
76
|
+
rescue Oauth2::AuthorizationCode::InvalidToken
|
77
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
|
78
|
+
end
|
79
|
+
when :password
|
80
|
+
begin
|
81
|
+
@user = User.authenticate!(req.username, req.password)
|
82
|
+
@client = Oauth2::Client.find_by_identifier(req.client_id)
|
83
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.') unless client
|
84
|
+
rescue User::InvalidCredentials
|
85
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource ownwer credentials.')
|
86
|
+
end
|
87
|
+
when :assertion
|
88
|
+
# I'm not familiar with SAML, so raise error for now.
|
89
|
+
raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "SAML is out of the Rails.")
|
90
|
+
else
|
91
|
+
raise Rack::OAuth2::Server::BadRequest.new(:unsupported_grant_type, "'#{req.grant_type}' isn't supported.")
|
92
|
+
end
|
93
|
+
access_token = Oauth2::AccessToken.create(:user => @user, :client => @client)
|
94
|
+
res.access_token = access_token.token
|
95
|
+
res.expires_in = access_token.expires_in
|
19
96
|
end
|
20
|
-
status, header, body = token_endpoint.call(request.env)
|
21
|
-
render :status => status, :json => body
|
22
97
|
end
|
23
98
|
|
24
99
|
end
|
100
|
+
|
data/rack-oauth2.gemspec
CHANGED
@@ -5,12 +5,12 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{rack-oauth2}
|
8
|
-
s.version = "0.0
|
8
|
+
s.version = "0.1.0"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["nov matake"]
|
12
|
-
s.date = %q{2010-09-
|
13
|
-
s.description = %q{Rack Middleware for OAuth2
|
12
|
+
s.date = %q{2010-09-18}
|
13
|
+
s.description = %q{Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.}
|
14
14
|
s.email = %q{nov@matake.jp}
|
15
15
|
s.extra_rdoc_files = [
|
16
16
|
"LICENSE",
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 27
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
+
- 1
|
8
9
|
- 0
|
9
|
-
|
10
|
-
version: 0.0.9
|
10
|
+
version: 0.1.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- nov matake
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-09-
|
18
|
+
date: 2010-09-18 00:00:00 +09:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -62,7 +62,7 @@ dependencies:
|
|
62
62
|
version: 1.2.9
|
63
63
|
type: :development
|
64
64
|
version_requirements: *id003
|
65
|
-
description: Rack Middleware for OAuth2
|
65
|
+
description: Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.
|
66
66
|
email: nov@matake.jp
|
67
67
|
executables: []
|
68
68
|
|