rack-oauth_proxy 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5834c55b2217ffe7ab3ef9808613717e03c3d30e
+  data.tar.gz: 3920d54037d98faa67ae7dfe68374ee75f16a458
+SHA512:
+  metadata.gz: 1fc62efb3ba2b9a55ee38a495277011d867d2dae4295cce6e7c3258f09b987ae82bb8b24769eb9321ee70c35bc570e4cb1708144c178f1e974367c7878e4ef62
+  data.tar.gz: 58eb2bc1b1e0c95a5093bbcec332fa5054661961399933befefe24472f2ccbb82efbd08e598b6c10af53c1711367ce9095f32986cbfe9dce93257fea08197145

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rack-oauth_proxy.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Ryo Nakamura
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,11 @@
+# Rack::OauthProxy
+Delegates OAuth authentication to other authentication server.
+
+## Usage
+For Rails example:
+
+```ruby
+class ApplicationController < ActionController::Base
+  use Rack::OauthProxy, url: "http://auth.example.com/oauth/token"
+end
+```

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/rack-oauth_proxy.rb

@@ -0,0 +1 @@
+require "rack/oauth_proxy"

data/lib/rack/oauth_proxy.rb

@@ -0,0 +1,27 @@
+require "rack/oauth_proxy/access_tokens/base"
+require "rack/oauth_proxy/access_tokens/invalid"
+require "rack/oauth_proxy/access_tokens/valid"
+require "rack/oauth_proxy/client"
+require "rack/oauth_proxy/client/request"
+require "rack/oauth_proxy/client/response"
+require "rack/oauth_proxy/version"
+
+module Rack
+  class OauthProxy
+    def initialize(app, options = {})
+      @app = app
+      @options = options
+    end
+
+    def call(env)
+      env["rack-oauth_proxy.access_token"] = client.fetch(env)
+      @app.call(env)
+    end
+
+    private
+
+    def client
+      @client ||= Client.new(@options)
+    end
+  end
+end

data/lib/rack/oauth_proxy/access_tokens/base.rb

@@ -0,0 +1,39 @@
+module Rack
+  class OauthProxy
+    module AccessTokens
+      class Base
+        ATTRIBUTE_NAMES = %w[
+          application_id
+          expired_at
+          refresh_token
+          resource_owner_id
+          scope
+          token
+          token_type
+        ]
+
+        ATTRIBUTE_NAMES.each {|name| attr_accessor name }
+
+        def initialize(attributes)
+          raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+        end
+
+        def accessible?
+          raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+        end
+
+        def revoked?
+          raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+        end
+
+        def expired?
+          raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+        end
+
+        def scopes
+          scope.split(" ") if scope
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth_proxy/access_tokens/invalid.rb

@@ -0,0 +1,22 @@
+module Rack
+  class OauthProxy
+    module AccessTokens
+      class Invalid < Base
+        def initialize(attributes = nil)
+        end
+
+        def accessible?
+          false
+        end
+
+        def revoked?
+          false
+        end
+
+        def expired?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth_proxy/access_tokens/valid.rb

@@ -0,0 +1,23 @@
+module Rack
+  class OauthProxy
+    module AccessTokens
+      class Valid < Base
+        def initialize(attributes)
+          ATTRIBUTE_NAMES.each {|name| send("#{name}=", attributes[name]) }
+        end
+
+        def accessible?
+          true
+        end
+
+        def revoked?
+          false
+        end
+
+        def expired?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth_proxy/client.rb

@@ -0,0 +1,63 @@
+require "net/http"
+
+module Rack
+  class OauthProxy
+    class Client
+      READ_TIMEOUT = 1
+      OPEN_TIMEOUT = 1
+
+      def initialize(options = {})
+        @options = options
+      end
+
+      def fetch(env)
+        request = Request.new(env)
+        if request.has_any_valid_credentials?
+          path = "#{uri.path}"
+          path << "?#{request.to_query}" if request.to_query.present?
+          header = {
+            "Authorization" => request.authorization,
+            "Host" => host,
+            "Resource-Owner-Id" => request.resource_owner_id,
+            "Scopes" => request.scopes,
+          }.reject {|key, value| value.nil? }
+          raw_response = http_client.get(path, header)
+          response = Response.new(raw_response)
+          if response.valid_as_access_token?
+            AccessTokens::Valid.new(response.to_hash)
+          else
+            AccessTokens::Invalid.new
+          end
+        else
+          AccessTokens::Invalid.new
+        end
+      rescue Timeout::Error
+        AccessTokens::Invalid.new
+      end
+
+      private
+
+      def uri
+        @uri ||= URI.parse(url)
+      end
+
+      def http_client
+        client = Net::HTTP.new(uri.host, uri.port)
+        client.read_timeout = READ_TIMEOUT
+        client.open_timeout = OPEN_TIMEOUT
+        client
+      end
+
+      def url
+        @options[:url] or raise NoUrlError
+      end
+
+      def host
+        @options[:host]
+      end
+
+      class NoUrlError < StandardError
+      end
+    end
+  end
+end

data/lib/rack/oauth_proxy/client/request.rb

@@ -0,0 +1,42 @@
+require "active_support/core_ext/hash/slice"
+require "active_support/core_ext/object/blank"
+require "active_support/core_ext/object/to_query"
+require "rack"
+
+module Rack
+  class OauthProxy
+    class Client
+      class Request
+        def initialize(env)
+          @env = env
+        end
+
+        def has_any_valid_credentials?
+          authorization.present? ||
+            rack_request.params[:access_token].present? ||
+            rack_request.params[:bearer_token].present?
+        end
+
+        def rack_request
+          @rack_request ||= Rack::Request.new(@env)
+        end
+
+        def to_query
+          rack_request.params.slice("access_token", "bearer_token").to_query
+        end
+
+        def authorization
+          @env["HTTP_AUTHORIZATION"]
+        end
+
+        def resource_owner_id
+          @env["HTTP_RESOURCE_OWNER_ID"]
+        end
+
+        def scopes
+          @env["HTTP_SCOPES"]
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth_proxy/client/response.rb

@@ -0,0 +1,42 @@
+require "json"
+
+module Rack
+  class OauthProxy
+    class Client
+      class Response
+        def initialize(raw)
+          @raw = raw
+        end
+
+        def valid_as_access_token?
+          ok? && json? && hash?
+        end
+
+        def to_hash
+          parsed_body
+        end
+
+        private
+
+        def ok?
+          @raw.code == "200"
+        end
+
+        def json?
+          parsed_body
+          true
+        rescue JSON::ParserError
+          false
+        end
+
+        def hash?
+          parsed_body.is_a?(Hash)
+        end
+
+        def parsed_body
+          @parsed_body ||= JSON.parse(@raw.body)
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth_proxy/version.rb

@@ -0,0 +1,5 @@
+module Rack
+  class OauthProxy
+    VERSION = "0.0.1"
+  end
+end

data/rack-oauth_proxy.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "rack/oauth_proxy/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "rack-oauth_proxy"
+  spec.version       = Rack::OauthProxy::VERSION
+  spec.authors       = ["Ryo Nakamura"]
+  spec.email         = ["r7kamura@gmail.com"]
+  spec.summary       = "Delegates OAuth authentication to other authentication server"
+  spec.homepage      = "https://github.com/r7kamura/rack-oauth_proxy"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport"
+  spec.add_dependency "rack"
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec", "2.14.1"
+  spec.add_development_dependency "webmock"
+end

data/spec/rack/oauth_proxy/client_spec.rb

@@ -0,0 +1,55 @@
+require "spec_helper"
+require "stringio"
+
+describe Rack::OauthProxy::Client do
+  let(:client) do
+    described_class.new(url: url)
+  end
+
+  let(:url) do
+    "http://example.com/oauth/token"
+  end
+
+  let(:env) do
+    {
+      "HTTP_AUTHORIZATION" => "Bearer #{token}",
+      "rack.input" => StringIO.new,
+    }
+  end
+
+  let(:token) do
+    SecureRandom.hex(32)
+  end
+
+  context "#fetch" do
+    context "when authentication succeeded" do
+      before do
+        stub_request(:get, url).to_return(status: 200, body: {}.to_json)
+      end
+
+      it "returns valid access token" do
+        client.fetch(env).should be_a Rack::OauthProxy::AccessTokens::Valid
+      end
+    end
+
+    context "without no credentials in request" do
+      before do
+        env.delete("HTTP_AUTHORIZATION")
+      end
+
+      it "returns invalid access token" do
+        client.fetch(env).should be_a Rack::OauthProxy::AccessTokens::Invalid
+      end
+    end
+
+    context "when authentication failed" do
+      before do
+        stub_request(:get, url).to_return(status: 401, body: {}.to_json)
+      end
+
+      it "returns invalid access token" do
+        client.fetch(env).should be_a Rack::OauthProxy::AccessTokens::Invalid
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+$LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
+require "rack/oauth_proxy"
+require "webmock/rspec"
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+end

metadata

@@ -0,0 +1,147 @@
+--- !ruby/object:Gem::Specification
+name: rack-oauth_proxy
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Ryo Nakamura
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.14.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.14.1
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- r7kamura@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/rack-oauth_proxy.rb
+- lib/rack/oauth_proxy.rb
+- lib/rack/oauth_proxy/access_tokens/base.rb
+- lib/rack/oauth_proxy/access_tokens/invalid.rb
+- lib/rack/oauth_proxy/access_tokens/valid.rb
+- lib/rack/oauth_proxy/client.rb
+- lib/rack/oauth_proxy/client/request.rb
+- lib/rack/oauth_proxy/client/response.rb
+- lib/rack/oauth_proxy/version.rb
+- rack-oauth_proxy.gemspec
+- spec/rack/oauth_proxy/client_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/r7kamura/rack-oauth_proxy
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Delegates OAuth authentication to other authentication server
+test_files:
+- spec/rack/oauth_proxy/client_spec.rb
+- spec/spec_helper.rb