RubyGems - rack-oauth2_utils - Versions diffs - 0.0.1 - Mend

rack-oauth2_utils 0.0.1

Files changed (13) hide show

data/.gitignore +5 -0
data/Gemfile +28 -0
data/README.mkd +52 -0
data/Rakefile +7 -0
data/lib/rack-oauth2_utils/middleware.rb +45 -0
data/lib/rack-oauth2_utils/oauth_request.rb +41 -0
data/lib/rack-oauth2_utils/test_store.rb +39 -0
data/lib/rack-oauth2_utils/version.rb +5 -0
data/lib/rack-oauth2_utils.rb +10 -0
data/rack-oauth2_utils.gemspec +25 -0
data/test/middleware_test.rb +136 -0
data/test/test_helper.rb +14 -0
metadata +101 -0

data/.gitignore ADDED Viewed

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+.rvmrc

data/Gemfile ADDED Viewed

@@ -0,0 +1,28 @@
+source "http://rubygems.org"
+# Specify your gem's dependencies in rack-oauth2_utils.gemspec
+#gemspec
+gem 'rack'
+group :test do
+  gem 'minitest'
+  gem "rack-test"
+end
+# use Rack::OAuth2::Access::Middleware, :store => Rack::OAuth2::Access::MemoryStore
+#
+#
+# run App
+#
+# before do
+#
+# end
+#
+# Rack::OAuth2::Access::AppHelpers
+#
+# before do
+#   account = Account.find(oauth.identity)
+# end
+#
+# get '/' do

data/README.mkd ADDED Viewed

@@ -0,0 +1,52 @@
+# Rack OAuth Utils
+Simple Rack middleware that catches OAuth2 access tokens and validates identity
+This gem only covers the simple use of "using a token". You must implement the authorization and "getting a token" part in your app.
+## USAGE
+    class API < Sinatra::Base
+      use Rack::OAuth2Utils::Middleware, :store => SomeKeyValueStore
+      helpers do
+        def authorized?
+          !!identity
+        end
+        def identity
+         requets.env['oauth.identity']
+        end
+        def current_account
+         Account.find(identity) if authorized?
+        end
+      end
+      get '/private' do
+        if authorized?
+          content_type 'application/json'
+          current_account.to_json
+        else
+          halt 403, 'Access forbidden'
+        end
+      end
+    end
+:store is anything that responds to [], []= and delete. Can be Redis, PStore, some ORM wrapper, etc.
+Store is expected to store access_tokens mapped to some identity string (for example account IDs).
+There is a test store based on PStore (filesystem. Do no use in production):
+    store = Rack::OAuth2Utils::TestStore.new('tmp/access_tokens.store')
+    store['some_access_token'] = 'some_account_id'
+It is up to you how you store tokens and identities.
+See test/middlewate_test.rb for details

data/Rakefile ADDED Viewed

@@ -0,0 +1,7 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+desc 'Load everything'
+task :console do
+  system "irb -I lib -r rack-oauth2_utils.rb"
+end

data/lib/rack-oauth2_utils/middleware.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module Rack
+  module OAuth2Utils
+    class Middleware
+      attr_reader :store
+      def initialize(app, options = {})
+        @app = app
+        @store = options[:store] || {}
+        @realm = options[:realm]
+        @logger = options[:logger]
+      end
+      def call(env)
+        request = OAuthRequest.new(env)
+        logger = @logger || env["rack.logger"]
+        # If not oauth header / param, leave it up to the app.
+        return @app.call(env) unless request.oauth?
+        # Fetch identity
+        if identity = store[request.access_token] # identity found, forward to backend
+          env["oauth.identity"] = identity
+          logger.info "RO2U: Authorized #{identity}" if logger
+        else # invalid token
+          logger.info "RO2U: Invalid token" if logger
+          return unauthorized(request)
+        end
+        @app.call(env)
+      end
+      protected
+      # Returns WWW-Authenticate header.
+      def unauthorized(request)
+        challenge = 'OAuth realm="%s"' % (@realm || request.host)
+        challenge << ', error="invalid_token", error_description="The access token is invalid."'
+        return [401, { "WWW-Authenticate" => challenge, 'Content-Type' => 'text/plain' }, ['The access token is invalid.']]
+      end
+    end
+  end
+end

data/lib/rack-oauth2_utils/oauth_request.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# Wraps Rack::Request to expose Basic and OAuth authentication
+# credentials.
+# Borrowed from https://github.com/flowtown/rack-oauth2-server
+#
+module Rack
+  module OAuth2Utils
+    class OAuthRequest < Rack::Request
+      AUTHORIZATION_KEYS = %w{HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION}
+      # Returns authorization header.
+      def authorization_header
+        @authorization_header ||= (
+          h = AUTHORIZATION_KEYS.inject(nil) { |auth, key| auth || @env[key] }
+          if h && h[/^oauth/i]
+            h.gsub(/\n/, "").split[1]
+          else
+            nil
+          end
+        )
+      end
+      def authorization_param
+        @authorization_param ||= self.GET['oauth_token']
+      end
+      # True if authentication scheme is OAuth.
+      def oauth?
+        authorization_header || authorization_param
+      end
+      # If OAuth, returns access token.
+      #
+      def access_token
+        @access_token ||= oauth?
+      end
+    end
+  end
+end

data/lib/rack-oauth2_utils/test_store.rb ADDED Viewed

@@ -0,0 +1,39 @@
+require 'pstore'
+module Rack
+  module OAuth2Utils
+    # Test persistent store. Stores to FS using PStore
+    # Not meant for production!
+    #
+    class TestStore
+      def initialize(file_path = '.')
+        @store = PStore.new(file_path)
+      end
+      def []=(key, value)
+        @store.transaction do
+          @store[key] = value
+        end
+      end
+      def [](key)
+        @store.transaction do
+          @store[key]
+        end
+      end
+      def delete(key)
+        @store.transaction do
+          @store.delete(key)
+        end
+      end
+      def roots
+        @store.transaction do
+          @store.roots
+        end
+      end
+    end
+  end
+end

data/lib/rack-oauth2_utils/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Rack
+  module OAuth2Utils
+    VERSION = "0.0.1"
+  end
+end

data/lib/rack-oauth2_utils.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require 'rack'
+require 'rack-oauth2_utils/middleware'
+require 'rack-oauth2_utils/oauth_request'
+require 'rack-oauth2_utils/test_store'
+module Rack
+  module OAuth2Utils
+    # Your code goes here...
+  end
+end

data/rack-oauth2_utils.gemspec ADDED Viewed

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "rack-oauth2_utils/version"
+Gem::Specification.new do |s|
+  s.name        = "rack-oauth2_utils"
+  s.version     = Rack::OAuth2Utils::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Ismael Celis"]
+  s.email       = ["ismaelct@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{Middleware for catching OAuth2 access tokens in Rack apps}
+  s.description = %q{Simple Rack middleware that catches OAuth2 access tokens and validates identity}
+  s.rubyforge_project = "rack-oauth2_utils"
+  s.add_dependency 'rack', ">= 1.2.2"
+  s.add_development_dependency "bundler", ">= 1.0.0"
+  s.add_development_dependency "minitest"
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/test/middleware_test.rb ADDED Viewed

@@ -0,0 +1,136 @@
+require File.expand_path(File.dirname(__FILE__) + '/test_helper')
+describe Rack::OAuth2Utils::Middleware do
+  include Rack::Test::Methods
+  OK_RESPONSE = [200, {'Content-Type' => 'text/plain'}, ['Hello world']]
+  FORBIDDEN_RESPONSE = [403, {'Content-Type' => 'text/plain'}, ['Nono']]
+  def app
+    @app ||= Rack::Builder.new do
+      # Simple token / identity store
+      use Rack::OAuth2Utils::Middleware, :store => {
+        # token      # identity
+        'aaaaa'   => 'ismasan',
+        'bbbbb'   => 'sachi'
+      }
+      # Public endpoint
+      map('/public'){
+        run lambda {|env| OK_RESPONSE }
+      }
+      # Private, o auth protected
+      map('/private'){
+        run lambda {|env|
+          if env['oauth.identity']
+            OK_RESPONSE
+          else
+            FORBIDDEN_RESPONSE
+          end
+        }
+      }
+    end
+  end
+  describe "no token" do
+    describe 'public resource' do
+      before {get '/public'}
+      it 'should return 200 Ok' do
+        last_response.status.must_equal 200
+      end
+      it 'should return body' do
+        last_response.body.must_equal 'Hello world'
+      end
+    end
+    describe 'private resource' do
+      before {get '/private'}
+      it 'should return 200 Ok' do
+        last_response.status.must_equal 403
+      end
+      it 'should return body' do
+        last_response.body.must_equal 'Nono'
+      end
+    end
+  end
+  describe 'with invalid token' do
+    before {
+      header "Authorization", "OAuth invalidtoken"
+    }
+    describe 'public resource' do
+      before {get '/public'}
+      it 'should return 401 Unauthorized' do
+        last_response.status.must_equal 401
+      end
+      it 'should return WWW-Authenticate header with realm and error info' do
+        last_response.headers['WWW-Authenticate'].must_equal "OAuth realm=\"example.org\", error=\"invalid_token\", error_description=\"The access token is invalid.\""
+      end
+    end
+    describe 'private resource' do
+      before {get '/private'}
+      it 'should return 401 Unauthorized' do
+        last_response.status.must_equal 401
+      end
+      it 'should return WWW-Authenticate header with realm and error info' do
+        last_response.headers['WWW-Authenticate'].must_equal "OAuth realm=\"example.org\", error=\"invalid_token\", error_description=\"The access token is invalid.\""
+      end
+    end
+  end
+  describe 'with valid token' do
+    before {
+      header "Authorization", "OAuth aaaaa"
+    }
+    describe 'public resource' do
+      before {get '/public'}
+      it 'should return 200 Ok' do
+        last_response.status.must_equal 200
+      end
+      it 'should return body' do
+        last_response.body.must_equal 'Hello world'
+      end
+    end
+    describe 'private resource' do
+      before {get '/private'}
+      it 'should return 200 Ok' do
+        last_response.status.must_equal 200
+      end
+      it 'should return body' do
+        last_response.body.must_equal 'Hello world'
+      end
+    end
+  end
+  describe 'with valid token as query param' do
+    before {get '/private', 'oauth_token' => 'aaaaa'}
+    it 'should return 200 Ok' do
+      last_response.status.must_equal 200
+    end
+    it 'should return body' do
+      last_response.body.must_equal 'Hello world'
+    end
+  end
+end

data/test/test_helper.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'rubygems'
+require 'bundler'
+Bundler.setup :default, :test
+ENV["RACK_ENV"] = "test"
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack-oauth2_utils'
+require "rack/test"
+require 'minitest/autorun'

metadata ADDED Viewed

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: rack-oauth2_utils
+version: !ruby/object:Gem::Version
+  prerelease:
+  version: 0.0.1
+platform: ruby
+authors:
+- Ismael Celis
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2011-07-07 00:00:00 +01:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.2
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
+  name: bundler
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency
+  name: minitest
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: "0"
+  type: :development
+  version_requirements: *id003
+description: Simple Rack middleware that catches OAuth2 access tokens and validates identity
+email:
+- ismaelct@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.mkd
+- Rakefile
+- lib/rack-oauth2_utils.rb
+- lib/rack-oauth2_utils/middleware.rb
+- lib/rack-oauth2_utils/oauth_request.rb
+- lib/rack-oauth2_utils/test_store.rb
+- lib/rack-oauth2_utils/version.rb
+- rack-oauth2_utils.gemspec
+- test/middleware_test.rb
+- test/test_helper.rb
+has_rdoc: true
+homepage: ""
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+requirements: []
+rubyforge_project: rack-oauth2_utils
+rubygems_version: 1.6.2
+signing_key:
+specification_version: 3
+summary: Middleware for catching OAuth2 access tokens in Rack apps
+test_files:
+- test/middleware_test.rb
+- test/test_helper.rb