rack-oauth2 0.2.3 → 0.3.0.alpha

data/Gemfile

@@ -1 +1,2 @@
+source 'http://rubygems.org'
 gemspec

data/README.rdoc

@@ -14,6 +14,7 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-10
 * View RDoc on RDoc.info (http://rdoc.info/github/nov/rack-oauth2)
 * View Source on GitHub (http://github.com/nov/rack-oauth2)
 * Report Issues on GitHub (http://github.com/nov/rack-oauth2/issues)
+* Facebook Page (http://www.facebook.com/pages/RackOAuth2/141477809244105)
 
 == Usage
 

data/VERSION

@@ -1 +1 @@
-0.2.3
+0.3.0.alpha

data/lib/rack/oauth2.rb

@@ -3,10 +3,4 @@ require 'json'
 require 'active_support/core_ext'
 require 'attr_required'
 require 'attr_optional'
-require 'rack/oauth2/server'
-
-module Rack
-  module OAuth2
-    ACCESS_TOKEN = "rack.oauth2.oauth_token"
-  end
-end
+require 'rack/oauth2/server'

data/lib/rack/oauth2/server.rb

@@ -1,5 +1,4 @@
 require 'rack/oauth2/server/util'
-require 'rack/oauth2/server/error'
 require 'rack/oauth2/server/abstract'
 require 'rack/oauth2/server/authorize'
 require 'rack/oauth2/server/token'

data/lib/rack/oauth2/server/abstract.rb

@@ -1,3 +1,4 @@
 require 'rack/oauth2/server/abstract/handler'
 require 'rack/oauth2/server/abstract/request'
-require 'rack/oauth2/server/abstract/response'
+require 'rack/oauth2/server/abstract/response'
+require 'rack/oauth2/server/abstract/error'

data/lib/rack/oauth2/server/abstract/error.rb

@@ -0,0 +1,55 @@
+module Rack
+  module OAuth2
+    module Server
+      module Abstract
+        class Error < StandardError
+          attr_accessor :status, :error, :description, :uri
+
+          def initialize(status, error, description = nil, options = {})
+            @status      = status
+            @error       = error
+            @description = description
+            @uri         = options[:uri]
+          end
+
+          def protocol_params
+            {
+              :error             => error,
+              :error_description => description,
+              :error_uri         => uri
+            }
+          end
+
+          def finish
+            response = Rack::Response.new
+            response.status = status
+            yield response if block_given?
+            unless response.redirect?
+              response.header['Content-Type'] = 'application/json'
+              response.write Util.compact_hash(protocol_params).to_json
+            end
+            response.finish
+          end
+        end
+
+        class BadRequest < Error
+          def initialize(error = :bad_request, description = nil, options = {})
+            super 400, error, description, options
+          end
+        end
+
+        class Unauthorized < Error
+          def initialize(error = :unauthorized, description = nil, options = {})
+            super 401, error, description, options
+          end
+        end
+
+        class Forbidden < Error
+          def initialize(error = :forbidden, description = nil, options = {})
+            super 403, error, description, options
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/abstract/handler.rb

@@ -3,10 +3,9 @@ module Rack
     module Server
       module Abstract
         class Handler
-          attr_accessor :realm, :authenticator, :request, :response
+          attr_accessor :authenticator, :request, :response
 
-          def initialize(realm = nil, &authenticator)
-            @realm = realm
+          def initialize(&authenticator)
             @authenticator = authenticator
           end
 

data/lib/rack/oauth2/server/abstract/request.rb

@@ -15,14 +15,13 @@ module Rack
 
           def attr_missing_with_error_handling!
             if params['client_id'].present? && @client_id != params['client_id']
-              invalid_client!("Multiple client credentials are provided.")
+              invalid_request! 'Multiple client credentials are provided.'
             end
             attr_missing_without_error_handling!
           rescue AttrRequired::AttrMissing => e
-            invalid_request!(e.message, :state => @state, :redirect_uri => @redirect_uri)
+            invalid_request! e.message, :state => @state, :redirect_uri => @redirect_uri
           end
           alias_method_chain :attr_missing!, :error_handling
-
         end
       end
     end

data/lib/rack/oauth2/server/abstract/response.rb

@@ -8,11 +8,6 @@ module Rack
           def initialize(request)
             super([], 200, {})
           end
-
-          def finish
-            attr_missing!
-            super
-          end
         end
       end
     end

data/lib/rack/oauth2/server/authorize.rb

@@ -2,16 +2,14 @@ module Rack
   module OAuth2
     module Server
       class Authorize < Abstract::Handler
-
         def call(env)
           request = Request.new(env)
-          request.profile.new(@realm, &@authenticator).call(env).finish
-        rescue Error => e
+          request.profile.new(&@authenticator).call(env).finish
+        rescue Rack::OAuth2::Server::Abstract::Error => e
           e.finish
         end
 
         class Request < Abstract::Request
-          include Error::Authorize
           attr_required :response_type
           attr_optional :redirect_uri, :state
 
@@ -27,36 +25,43 @@ module Rack
               Code
             when 'token'
               Token
-            when 'code_and_token'
-              CodeAndToken
             when ''
               attr_missing!
             else
-              unsupported_response_type!("'#{params['response_type']}' isn't supported.")
+              unsupported_response_type! "#{CGI.escape params['response_type']} isn't supported."
             end
           end
-
         end
 
         class Response < Abstract::Response
           attr_required :redirect_uri
-          attr_optional :state, :approved
+          attr_optional :state, :approval
 
           def initialize(request)
             @state = request.state
-            @redirect_uri = Util.parse_uri(request.redirect_uri) if request.redirect_uri
             super
           end
 
           def approved?
-            @approved
+            @approval
           end
 
           def approve!
-            @approved = true
+            @approval = true
+          end
+
+          def protocol_params
+            {:state => state}
           end
-        end
 
+          def finish
+            if approved?
+              attr_missing!
+              redirect Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
+            end
+            super
+          end
+        end
       end
     end
   end
@@ -64,4 +69,4 @@ end
 
 require 'rack/oauth2/server/authorize/code'
 require 'rack/oauth2/server/authorize/token'
-require 'rack/oauth2/server/authorize/code_and_token'
+require 'rack/oauth2/server/authorize/error'

data/lib/rack/oauth2/server/authorize/code.rb

@@ -5,8 +5,8 @@ module Rack
         class Code < Abstract::Handler
 
           def call(env)
-            @request  = Request.new(env)
-            @response = Response.new(request)
+            @request  = Request.new env
+            @response = Response.new request
             super
           end
 
@@ -21,25 +21,14 @@ module Rack
           class Response < Authorize::Response
             attr_required :code
 
-            def finish
-              if approved?
-                params = {
-                  :code => code,
-                  :state => state
-                }.delete_if do |key, value|
-                  value.blank?
-                end
-                redirect_uri.query = if redirect_uri.query
-                  [redirect_uri.query, params.to_query].join('&')
-                else
-                  params.to_query
-                end
-                redirect redirect_uri.to_s
-              end
-              super
+            def protocol_params
+              super.merge(:code => code)
             end
-          end
 
+            def protocol_params_location
+              :query
+            end
+          end
         end
       end
     end

data/lib/rack/oauth2/server/authorize/error.rb

@@ -0,0 +1,60 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        class BadRequest < Abstract::BadRequest
+          attr_accessor :redirect_uri, :state, :protocol_params_location
+
+          def protocol_params
+            super.merge(:state => state)
+          end
+
+          def finish
+            if redirect_uri.present? && protocol_params_location.present?
+              super do |response|
+                response.redirect Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
+              end
+            else
+              raise self
+            end
+          end
+        end
+
+        module ErrorMethods
+          DEFAULT_DESCRIPTION = {
+            :invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed.",
+            :unauthorized_client => "The client is not authorized to use the requested response type.",
+            :access_denied => "The end-user or authorization server denied the request.",
+            :unsupported_response_type => "The requested response type is not supported by the authorization server.",
+            :invalid_scope => "The requested scope is invalid, unknown, or malformed."
+          }
+
+          def self.included(klass)
+            DEFAULT_DESCRIPTION.each do |error, default_description|
+              klass.class_eval <<-ERROR
+                def #{error}!(description = "#{default_description}", options = {})
+                  bad_request! :#{error}, description, options.merge(:redirect => true)
+                end
+              ERROR
+            end
+          end
+
+          def bad_request!(error = :bad_request, description = nil, options = {})
+            exception = BadRequest.new error, description, options
+            exception.protocol_params_location = case response_type
+            when :code
+              :query
+            when :token
+              :fragment
+            end
+            exception.state = state
+            exception.redirect_uri = redirect_uri if options[:redirect]
+            raise exception
+          end
+        end
+
+        Request.send :include, ErrorMethods
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/token.rb

@@ -3,10 +3,9 @@ module Rack
     module Server
       class Authorize
         class Token < Abstract::Handler
-
           def call(env)
-            @request  = Request.new(env)
-            @response = Response.new(request)
+            @request  = Request.new env
+            @response = Response.new request
             super
           end
 
@@ -19,30 +18,22 @@ module Rack
           end
 
           class Response < Authorize::Response
-            attr_required :access_token
-            attr_optional :expires_in, :scope
+            attr_required :access_token, :token_type
+            attr_optional :refresh_token, :expires_in, :scope
 
-            def finish
-              if approved?
-                params = {
-                  :access_token => access_token,
-                  :expires_in => expires_in,
-                  :scope => Array(scope).join(' '),
-                  :state => state
-                }.delete_if do |key, value|
-                  value.blank?
-                end
-                redirect_uri.fragment = if redirect_uri.fragment
-                  [redirect_uri.fragment, params.to_query].join('&')
-                else
-                  params.to_query
-                end
-                redirect redirect_uri.to_s
-              end
-              super
+            def protocol_params
+              super.merge(
+                :access_token => access_token,
+                :expires_in => expires_in,
+                :refresh_token => refresh_token,
+                :scope => Array(scope).join(' ')
+              )
             end
-          end
 
+            def protocol_params_location
+              :fragment
+            end
+          end
         end
       end
     end

data/lib/rack/oauth2/server/resource.rb

@@ -1,79 +1 @@
-require 'rack/auth/abstract/request'
-
-module Rack
-  module OAuth2
-    module Server
-      class Resource < Abstract::Handler
-
-        def initialize(app, realm = nil, &authenticator)
-          @app = app
-          super(realm, &authenticator)
-        end
-
-        def call(env)
-          request = Request.new(env, realm)
-          if request.oauth2?
-            authenticate!(request)
-            env[ACCESS_TOKEN] = request.access_token
-          end
-          @app.call(env)
-        rescue Error => e
-          e.realm = realm
-          e.finish
-        end
-
-        private
-
-        def authenticate!(request)
-          @authenticator.call(request)
-        end
-
-        class Request < Rack::Request
-          include Error::Resource
-
-          attr_accessor :realm
-
-          def initialize(env, realm = nil)
-            @env = env
-            @realm = realm
-            @auth_header = Rack::Auth::AbstractRequest.new(env)
-          end
-
-          def oauth2?
-            access_token.present?
-          end
-
-          def access_token
-            tokens = [access_token_in_haeder, access_token_in_payload].compact
-            case Array(tokens).size
-            when 0
-              nil
-            when 1
-              tokens.first
-            else
-              invalid_request!('Both Authorization header and payload includes oauth_token.', :realm => realm)
-            end
-          end
-
-          def access_token_in_haeder
-            if @auth_header.provided? && @auth_header.scheme == :oauth && @auth_header.params !~ /oauth_signature_method/
-              @auth_header.params
-            else
-              nil
-            end
-          end
-
-          def access_token_in_payload
-            if params['oauth_token'] && !params['oauth_signature_method']
-              params['oauth_token']
-            else
-              nil # This is OAuth1 request
-            end
-          end
-
-        end
-
-      end
-    end
-  end
-end
+require 'rack/oauth2/server/resource/bearer'