rails_api_auth 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b165743edc12371fd7870892ad34aacf10bfe984
+  data.tar.gz: ced13aee635701bb2385267b33b952237602217a
+SHA512:
+  metadata.gz: 70632344b8bdec1043b8f5899e98166426301af14aaddd5dcea1322454a53e00e8f28a43f4c115ec00ec17fa1a396c8ded1393abcc98a0c6a00e1f05bea36649
+  data.tar.gz: 2bc812bf057509fe0df986881be6446fe2fe9430c6268dbfca3d7e7ea2589be3fa695d2a055abb0112558bed86446c3b163f18781070d0783d9f5d52dc755d64

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 simplabs GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

data/README.md

@@ -0,0 +1,3 @@
+= RailsApiAuth
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,20 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc 'Run all specs in spec directory (excluding plugin specs)'
+RSpec::Core::RakeTask.new(spec: 'app:db:test:prepare')
+
+task default: :spec

data/app/controllers/oauth2_controller.rb

@@ -0,0 +1,54 @@
+require 'login_not_found'
+
+class FacebookApiError < StandardError; end
+
+class Oauth2Controller < ApplicationController
+
+  def create
+    case params[:grant_type]
+    when 'password'
+      authenticate_with_credentials(params[:username], params[:password])
+    when 'facebook_auth_code'
+      authenticate_with_facebook(params[:auth_code])
+    else
+      oauth2_error('unsupported_grant_type')
+    end
+  end
+
+  def destroy
+    oauth2_error('unsupported_token_type') && return unless params[:token_type_hint] == 'access_token'
+
+    login = Login.find_by(oauth2_token: params[:token]) || LoginNotFound.new
+    login.refresh_oauth2_token!
+
+    head 200
+  end
+
+  private
+
+    def authenticate_with_credentials(email, password)
+      login = Login.find_by(email: email) || LoginNotFound.new
+
+      if login.authenticate(password)
+        render json: { access_token: login.oauth2_token }
+      else
+        oauth2_error('invalid_grant')
+      end
+    end
+
+    def authenticate_with_facebook(auth_code)
+      oauth2_error('no_authorization_code') && return unless auth_code.present?
+
+      login = FacebookAuthenticator.new(auth_code).authenticate
+
+      render json: { access_token: login.oauth2_token }
+
+    rescue FacebookApiError
+      render nothing: true, status: 500
+    end
+
+    def oauth2_error(error)
+      render json: { error: error }, status: 400
+    end
+
+end

data/app/controllers/rails_api_auth/application_controller.rb

@@ -0,0 +1,7 @@
+module RailsApiAuth
+
+  class ApplicationController < ActionController::Base
+
+  end
+
+end

data/app/lib/login_not_found.rb

@@ -0,0 +1,9 @@
+class LoginNotFound
+
+  def authenticate(_)
+    false
+  end
+
+  def refresh_oauth2_token!; end
+
+end

data/app/models/login.rb

@@ -0,0 +1,47 @@
+require 'email_validator'
+
+class Login < ActiveRecord::Base
+
+  class AlreadyVerifiedError < StandardError; end
+  class InvalidSingleUseOAuth2Token < StandardError; end
+
+  has_secure_password validations: false
+
+  validates :email, presence: true, email: true
+  validates :oauth2_token, presence: true
+  validates :single_use_oauth2_token, presence: true
+  validates :password, length: { maximum: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED }, confirmation: true
+  validate :password_or_facebook_uid_present
+
+  before_validation :ensure_oauth2_token
+  before_validation :refresh_single_use_oauth2_token
+
+  def refresh_oauth2_token!
+    ensure_oauth2_token(true)
+    save!
+  end
+
+  def consume_single_use_oauth2_token!(token)
+    raise InvalidSingleUseOAuth2Token.new if token != single_use_oauth2_token
+    refresh_single_use_oauth2_token
+    save!
+  end
+
+  private
+
+    def password_or_facebook_uid_present
+      if password_digest.blank? && facebook_uid.blank?
+        errors.add :base, 'either password_digest or facebook_uid must be present'
+      end
+    end
+
+    def ensure_oauth2_token(force = false)
+      set_token = oauth2_token.blank? || force
+      self.oauth2_token = SecureRandom.hex(125) if set_token
+    end
+
+    def refresh_single_use_oauth2_token
+      self.single_use_oauth2_token = SecureRandom.hex(125)
+    end
+
+end

data/app/services/facebook_authenticator.rb

@@ -0,0 +1,64 @@
+require 'httparty'
+
+class FacebookAuthenticator
+
+  def initialize(auth_code)
+    @auth_code = auth_code
+  end
+
+  def authenticate
+    if login.present?
+      connect_login_to_fb_account
+    else
+      create_login_from_fb_account
+    end
+
+    login
+  end
+
+  private
+
+    def login
+      @login ||= Login.find_by(email: facebook_user[:email])
+    end
+
+    def connect_login_to_fb_account
+      login.update_attributes!(facebook_uid: facebook_user[:id])
+    end
+
+    def create_login_from_fb_account
+      login_attributes = {
+        email: facebook_user[:email],
+        facebook_uid: facebook_user[:id]
+      }
+
+      @login = Login.create!(login_attributes)
+    end
+
+    def facebook_user
+      @facebook_user ||= begin
+        access_token = facebook_request(fb_token_url).parsed_response['access_token']
+        facebook_request(fb_user_url(access_token)).parsed_response.symbolize_keys
+      end
+    end
+
+    def facebook_request(url)
+      response = HTTParty.get(url)
+      raise FacebookApiError.new if response.code != 200
+      response
+    end
+
+    def fb_token_url
+      "#{Rails.application.config.x.facebook.graph_url}/oauth/access_token".tap do |url|
+        url << "?client_id=#{Rails.application.config.x.facebook.app_id}"
+        url << "&redirect_uri=#{Rails.application.config.x.facebook.redirect_uri}"
+        url << "&client_secret=#{Rails.application.config.x.facebook.app_secret}"
+        url << "&code=#{@auth_code}"
+      end
+    end
+
+    def fb_user_url(access_token)
+      "#{Rails.application.config.x.facebook.graph_url}/me?access_token=#{access_token}"
+    end
+
+end

data/config/initializers/facebook.rb

@@ -0,0 +1,6 @@
+Rails.application.config.x.facebook.tap do |facebook|
+  facebook.app_id       = ENV['FB_APP_ID']
+  facebook.app_secret   = ENV['FB_APP_SECRET']
+  facebook.graph_url    = 'https://graph.facebook.com/v2.3'
+  facebook.redirect_uri = 'http://localhost:4200/login'
+end

data/config/routes.rb

@@ -0,0 +1,4 @@
+Rails.application.routes.draw do
+  post 'token', to: 'oauth2#create'
+  post 'revoke', to: 'oauth2#destroy'
+end

data/db/migrate/20150709221755_create_logins.rb

@@ -0,0 +1,16 @@
+class CreateLogins < ActiveRecord::Migration
+
+  def change
+    create_table :logins do |t|
+      t.string :email,           null: false
+      t.string :password_digest, null: true
+      t.string :oauth2_token,    null: false
+      t.string :facebook_uid
+      t.string :single_use_oauth2_token
+      t.references :user
+
+      t.timestamps
+    end
+  end
+
+end

data/lib/rails_api_auth.rb

@@ -0,0 +1,5 @@
+require 'rails_api_auth/engine'
+
+module RailsApiAuth
+
+end

data/lib/rails_api_auth/authentication.rb

@@ -0,0 +1,32 @@
+module RailsApiAuth
+
+  module Authentication
+
+    class RequestForbidden < StandardError; end
+
+    extend ActiveSupport::Concern
+
+    included do
+      attr_reader :current_login
+
+      rescue_from RequestForbidden, with: :deny_access
+
+      private
+
+        def deny_access
+          head 403
+        end
+
+        def authenticate!
+          auth_header = request.headers[:authorization]
+          token = auth_header ? auth_header.split(' ').last : ''
+          @current_login ||= Login.find_by!(oauth2_token: token)
+
+        rescue ActiveRecord::RecordNotFound
+          head 401
+        end
+    end
+
+  end
+
+end

data/lib/rails_api_auth/engine.rb

@@ -0,0 +1,19 @@
+module RailsApiAuth
+
+  class Engine < ::Rails::Engine
+
+    initializer :append_migrations do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths['db/migrate'].expanded.each do |expanded_path|
+          app.config.paths['db/migrate'] << expanded_path
+        end
+      end
+    end
+
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+
+  end
+
+end

data/lib/rails_api_auth/version.rb

@@ -0,0 +1,5 @@
+module RailsApiAuth
+
+  VERSION = '0.0.2'
+
+end

data/lib/tasks/rails_api_auth_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :rails_api_auth do
+#   # Task goes here
+# end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,7 @@
+class ApplicationController < ActionController::Base
+
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+
+end

data/spec/dummy/app/controllers/authenticated_controller.rb

@@ -0,0 +1,13 @@
+require 'rails_api_auth/authentication'
+
+class AuthenticatedController < ApplicationController
+
+  include RailsApiAuth::Authentication
+
+  before_action :authenticate!
+
+  def index
+    render text: 'zuper content'
+  end
+
+end