rack-oauth2 1.3.0 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3156ef7d62d479a2dc6440483abe7b39c85e9821
-  data.tar.gz: 790fb2e44712d9f7ec357aa5a1b8046e3ef8e8d6
+  metadata.gz: 3c9ef17a769a22815156fa9a794447925496fe4c
+  data.tar.gz: d613d947f2a001b1c5b172919a7c118e678e4682
 SHA512:
-  metadata.gz: 9e371dbbf23d56d48e72c2c6b185667a9b9b2db2cf1094551f05c1d6b655e25944a8fbcd08d64ec2b32d8e820665351687e3a878399cc90490c012f0b2dd8e58
-  data.tar.gz: 1d847249e2170350d1d303a16332a01cbe8fb902476dbd097e848d78094b82bbfa178e3d8475543de20024b2d7a1bb820b9bb086e85607366a781ff57c4ae611
+  metadata.gz: ec69d172bb0cfaa870990b0752c4488cd006328b5ccc8dddb282034a49b7915a6c0e3658340ff59c7fce17f2cab95ba61de25403682cc9704dc6587acaf312b2
+  data.tar.gz: 74a77e9be5eb7e8778e0c7b077eb22a2fc72555d2a076fdf9dde3c4c7f18f5c87e5594db54d7316de69f8b03770a5132b918f105b2eb3c323e022d1a6de9b774

data/VERSION

@@ -1 +1 @@
-1.3.0
+1.3.1

data/lib/rack/oauth2.rb

@@ -61,6 +61,7 @@ module Rack
   end
 end
 
+require 'rack/oauth2/urn'
 require 'rack/oauth2/util'
 require 'rack/oauth2/server'
 require 'rack/oauth2/client'

data/lib/rack/oauth2/client.rb

@@ -57,6 +57,13 @@ module Rack
         )
       end
 
+      def subject_token=(subject_token, subject_token_type = URN::TokenType::JWT)
+        @grant = Grant::TokenExchange.new(
+          subject_token: subject_token,
+          subject_token_type: subject_token_type
+        )
+      end
+
       def access_token!(*args)
         headers, params = {}, @grant.as_json
 

data/lib/rack/oauth2/client/grant.rb

@@ -32,4 +32,5 @@ require 'rack/oauth2/client/grant/password'
 require 'rack/oauth2/client/grant/client_credentials'
 require 'rack/oauth2/client/grant/refresh_token'
 require 'rack/oauth2/client/grant/jwt_bearer'
-require 'rack/oauth2/client/grant/saml2_bearer'
+require 'rack/oauth2/client/grant/saml2_bearer'
+require 'rack/oauth2/client/grant/token_exchange'

data/lib/rack/oauth2/client/grant/jwt_bearer.rb

@@ -6,7 +6,7 @@ module Rack
           attr_required :assertion
 
           def grant_type
-            'urn:ietf:params:oauth:grant-type:jwt-bearer'
+            URN::GrantType::JWT_BEARER
           end
         end
       end

data/lib/rack/oauth2/client/grant/saml2_bearer.rb

@@ -6,7 +6,7 @@ module Rack
           attr_required :assertion
 
           def grant_type
-            'urn:ietf:params:oauth:grant-type:saml2-bearer'
+            URN::GrantType::SAML2_BEARER
           end
         end
       end

data/lib/rack/oauth2/client/grant/token_exchange.rb

@@ -0,0 +1,15 @@
+module Rack
+  module OAuth2
+    class Client
+      class Grant
+        class TokenExchange < Grant
+          attr_required :subject_token, :subject_token_type
+
+          def grant_type
+            URN::GrantType::TOKEN_EXCHANGE
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server.rb

@@ -1,4 +1,5 @@
 require 'rack/oauth2/server/abstract'
 require 'rack/oauth2/server/authorize'
 require 'rack/oauth2/server/token'
-require 'rack/oauth2/server/resource'
+require 'rack/oauth2/server/resource'
+require 'rack/oauth2/server/rails'

data/lib/rack/oauth2/server/authorize/error.rb

@@ -11,8 +11,13 @@ module Rack
             super.merge(state: state)
           end
 
+          def redirect?
+            redirect_uri.present? &&
+            protocol_params_location.present?
+          end
+
           def finish
-            if redirect_uri.present? && protocol_params_location.present?
+            if redirect?
               super do |response|
                 response.redirect Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
               end

data/lib/rack/oauth2/server/rails.rb

@@ -0,0 +1,14 @@
+module Rack
+  module OAuth2
+    module Server
+      module Rails
+        REQUEST  = 'rack_oauth2.request'
+        RESPONSE = 'rack_oauth2.response'
+        ERROR    = 'rack_oauth2.error'
+      end
+    end
+  end
+end
+
+require 'rack/oauth2/server/rails/response_ext'
+require 'rack/oauth2/server/rails/authorize'

data/lib/rack/oauth2/server/rails/authorize.rb

@@ -0,0 +1,44 @@
+module Rack
+  module OAuth2
+    module Server
+      module Rails
+        class Authorize < Server::Authorize
+          def initialize(app)
+            super()
+            @app = app
+          end
+
+          def call(env)
+            prepare_oauth_env env
+            @app.call env
+          rescue Rack::OAuth2::Server::Abstract::Error => e
+            e.finish
+          end
+
+          private
+
+          def prepare_oauth_env(env)
+            response_type = response_type_for(
+              Server::Authorize::Request.new(env)
+            ).new
+            response_type.call(env)
+            response_type.response.extend ResponseExt
+            env[REQUEST]  = response_type.request
+            env[RESPONSE] = response_type.response
+          rescue Rack::OAuth2::Server::Abstract::Error => e
+            env[ERROR] = e
+          end
+
+          module ResponseExt
+            include Rails::ResponseExt
+
+            def approve!
+              super
+              finish
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/rails/response_ext.rb

@@ -0,0 +1,49 @@
+module Rack
+  module OAuth2
+    module Server
+      module Rails
+        module ResponseExt
+          def redirect?
+            ensure_finish do
+              @response.redirect?
+            end
+          end
+
+          def location
+            ensure_finish do
+              super
+            end
+          end
+
+          def json
+            ensure_finish do
+              @response.body
+            end
+          end
+
+          def header
+            ensure_finish do
+              @header
+            end
+          end
+
+          def finish
+            @finished = true
+            super
+          end
+
+          private
+
+          def finished?
+            !!@finished
+          end
+
+          def ensure_finish
+            @status, @header, @response = finish unless finished?
+            yield
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/token.rb

@@ -23,9 +23,9 @@ module Rack
             ClientCredentials
           when 'refresh_token'
             RefreshToken
-          when 'urn:ietf:params:oauth:grant-type:jwt-bearer'
+          when URN::GrantType::JWT_BEARER
             JWTBearer
-          when 'urn:ietf:params:oauth:grant-type:saml2-bearer'
+          when URN::GrantType::SAML2_BEARER
             SAML2Bearer
           when ''
             request.attr_missing!

data/lib/rack/oauth2/server/token/jwt_bearer.rb

@@ -15,7 +15,7 @@ module Rack
 
             def initialize(env)
               super
-              @grant_type = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
+              @grant_type = URN::GrantType::JWT_BEARER
               @assertion = params['assertion']
               attr_missing!
             end

data/lib/rack/oauth2/server/token/saml2_bearer.rb

@@ -15,7 +15,7 @@ module Rack
 
             def initialize(env)
               super
-              @grant_type = 'urn:ietf:params:oauth:grant-type:saml2-bearer'
+              @grant_type = URN::GrantType::SAML2_BEARER
               @assertion = params['assertion']
               attr_missing!
             end

data/lib/rack/oauth2/urn.rb

@@ -0,0 +1,22 @@
+module Rack
+  module OAuth2
+    module URN
+      module TokenType
+        JWT           = 'urn:ietf:params:oauth:token-type:jwt'           # RFC7519
+        ACCESS_TOKEN  = 'urn:ietf:params:oauth:token-type:access-token'  # draft-ietf-oauth-token-exchange
+        REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh-token' # draft-ietf-oauth-token-exchange
+      end
+
+      module GrantType
+        JWT_BEARER     = 'urn:ietf:params:oauth:grant-type:jwt-bearer'     # RFC7523
+        SAML2_BEARER   = 'urn:ietf:params:oauth:grant-type:saml2-bearer'   # RFC7522
+        TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' # draft-ietf-oauth-token-exchange
+      end
+
+      module ClientAssertionType
+        JWT_BEARER   = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'   # RFC7523
+        SAML2_BEARER = 'urn:ietf:params:oauth:client-assertion-type:saml2-bearer' # RFC7522
+      end
+    end
+  end
+end

data/rack-oauth2.gemspec

@@ -23,5 +23,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency "simplecov"
   s.add_development_dependency "rspec"
   s.add_development_dependency "rspec-its"
-  s.add_development_dependency "webmock"
+  s.add_development_dependency "webmock", "< 1.24"
 end

data/spec/rack/oauth2/util_spec.rb

@@ -79,7 +79,7 @@ describe Rack::OAuth2::Util do
       end
     end
 
-    context 'when exactry same' do
+    context 'when exactly same' do
       it { util.uri_match?(uri, uri).should == true }
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-16 00:00:00.000000000 Z
+date: 2016-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -140,16 +140,16 @@ dependencies:
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.24'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.24'
 description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are
   supported.
 email: nov@matake.jp
@@ -186,6 +186,7 @@ files:
 - lib/rack/oauth2/client/grant/password.rb
 - lib/rack/oauth2/client/grant/refresh_token.rb
 - lib/rack/oauth2/client/grant/saml2_bearer.rb
+- lib/rack/oauth2/client/grant/token_exchange.rb
 - lib/rack/oauth2/debugger.rb
 - lib/rack/oauth2/debugger/request_filter.rb
 - lib/rack/oauth2/server.rb
@@ -200,6 +201,9 @@ files:
 - lib/rack/oauth2/server/authorize/extension.rb
 - lib/rack/oauth2/server/authorize/extension/code_and_token.rb
 - lib/rack/oauth2/server/authorize/token.rb
+- lib/rack/oauth2/server/rails.rb
+- lib/rack/oauth2/server/rails/authorize.rb
+- lib/rack/oauth2/server/rails/response_ext.rb
 - lib/rack/oauth2/server/resource.rb
 - lib/rack/oauth2/server/resource/bearer.rb
 - lib/rack/oauth2/server/resource/bearer/error.rb
@@ -216,6 +220,7 @@ files:
 - lib/rack/oauth2/server/token/password.rb
 - lib/rack/oauth2/server/token/refresh_token.rb
 - lib/rack/oauth2/server/token/saml2_bearer.rb
+- lib/rack/oauth2/urn.rb
 - lib/rack/oauth2/util.rb
 - rack-oauth2.gemspec
 - spec/helpers/time.rb