rails_api_auth 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +22 -0
- data/README.md +3 -0
- data/Rakefile +20 -0
- data/app/controllers/oauth2_controller.rb +54 -0
- data/app/controllers/rails_api_auth/application_controller.rb +7 -0
- data/app/lib/login_not_found.rb +9 -0
- data/app/models/login.rb +47 -0
- data/app/services/facebook_authenticator.rb +64 -0
- data/config/initializers/facebook.rb +6 -0
- data/config/routes.rb +4 -0
- data/db/migrate/20150709221755_create_logins.rb +16 -0
- data/lib/rails_api_auth.rb +5 -0
- data/lib/rails_api_auth/authentication.rb +32 -0
- data/lib/rails_api_auth/engine.rb +19 -0
- data/lib/rails_api_auth/version.rb +5 -0
- data/lib/tasks/rails_api_auth_tasks.rake +4 -0
- data/spec/dummy/README.rdoc +28 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/javascripts/application.js +13 -0
- data/spec/dummy/app/assets/stylesheets/application.css +15 -0
- data/spec/dummy/app/controllers/application_controller.rb +7 -0
- data/spec/dummy/app/controllers/authenticated_controller.rb +13 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/bin/setup +29 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +18 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +38 -0
- data/spec/dummy/config/environments/production.rb +79 -0
- data/spec/dummy/config/environments/test.rb +37 -0
- data/spec/dummy/config/initializers/assets.rb +11 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +4 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/en.yml +23 -0
- data/spec/dummy/config/routes.rb +3 -0
- data/spec/dummy/config/secrets.yml +22 -0
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/db/migrate/20150709221900_create_users.rb +11 -0
- data/spec/dummy/db/production.sqlite3 +0 -0
- data/spec/dummy/db/schema.rb +34 -0
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/log/development.log +16 -0
- data/spec/dummy/log/test.log +8350 -0
- data/spec/dummy/public/404.html +67 -0
- data/spec/dummy/public/422.html +67 -0
- data/spec/dummy/public/500.html +66 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/factories/logins.rb +11 -0
- data/spec/models/login_spec.rb +69 -0
- data/spec/requests/authenticated_spec.rb +47 -0
- data/spec/requests/oauth2_spec.rb +187 -0
- data/spec/services/facebook_authenticator_spec.rb +54 -0
- data/spec/spec_helper.rb +19 -0
- data/spec/support/factory_girl.rb +3 -0
- metadata +233 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: b165743edc12371fd7870892ad34aacf10bfe984
|
4
|
+
data.tar.gz: ced13aee635701bb2385267b33b952237602217a
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 70632344b8bdec1043b8f5899e98166426301af14aaddd5dcea1322454a53e00e8f28a43f4c115ec00ec17fa1a396c8ded1393abcc98a0c6a00e1f05bea36649
|
7
|
+
data.tar.gz: 2bc812bf057509fe0df986881be6446fe2fe9430c6268dbfca3d7e7ea2589be3fa695d2a055abb0112558bed86446c3b163f18781070d0783d9f5d52dc755d64
|
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2015 simplabs GmbH
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
22
|
+
|
data/README.md
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__)
|
8
|
+
load 'rails/tasks/engine.rake'
|
9
|
+
|
10
|
+
load 'rails/tasks/statistics.rake'
|
11
|
+
|
12
|
+
Bundler::GemHelper.install_tasks
|
13
|
+
|
14
|
+
require 'rspec/core'
|
15
|
+
require 'rspec/core/rake_task'
|
16
|
+
|
17
|
+
desc 'Run all specs in spec directory (excluding plugin specs)'
|
18
|
+
RSpec::Core::RakeTask.new(spec: 'app:db:test:prepare')
|
19
|
+
|
20
|
+
task default: :spec
|
@@ -0,0 +1,54 @@
|
|
1
|
+
require 'login_not_found'
|
2
|
+
|
3
|
+
class FacebookApiError < StandardError; end
|
4
|
+
|
5
|
+
class Oauth2Controller < ApplicationController
|
6
|
+
|
7
|
+
def create
|
8
|
+
case params[:grant_type]
|
9
|
+
when 'password'
|
10
|
+
authenticate_with_credentials(params[:username], params[:password])
|
11
|
+
when 'facebook_auth_code'
|
12
|
+
authenticate_with_facebook(params[:auth_code])
|
13
|
+
else
|
14
|
+
oauth2_error('unsupported_grant_type')
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def destroy
|
19
|
+
oauth2_error('unsupported_token_type') && return unless params[:token_type_hint] == 'access_token'
|
20
|
+
|
21
|
+
login = Login.find_by(oauth2_token: params[:token]) || LoginNotFound.new
|
22
|
+
login.refresh_oauth2_token!
|
23
|
+
|
24
|
+
head 200
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def authenticate_with_credentials(email, password)
|
30
|
+
login = Login.find_by(email: email) || LoginNotFound.new
|
31
|
+
|
32
|
+
if login.authenticate(password)
|
33
|
+
render json: { access_token: login.oauth2_token }
|
34
|
+
else
|
35
|
+
oauth2_error('invalid_grant')
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def authenticate_with_facebook(auth_code)
|
40
|
+
oauth2_error('no_authorization_code') && return unless auth_code.present?
|
41
|
+
|
42
|
+
login = FacebookAuthenticator.new(auth_code).authenticate
|
43
|
+
|
44
|
+
render json: { access_token: login.oauth2_token }
|
45
|
+
|
46
|
+
rescue FacebookApiError
|
47
|
+
render nothing: true, status: 500
|
48
|
+
end
|
49
|
+
|
50
|
+
def oauth2_error(error)
|
51
|
+
render json: { error: error }, status: 400
|
52
|
+
end
|
53
|
+
|
54
|
+
end
|
data/app/models/login.rb
ADDED
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'email_validator'
|
2
|
+
|
3
|
+
class Login < ActiveRecord::Base
|
4
|
+
|
5
|
+
class AlreadyVerifiedError < StandardError; end
|
6
|
+
class InvalidSingleUseOAuth2Token < StandardError; end
|
7
|
+
|
8
|
+
has_secure_password validations: false
|
9
|
+
|
10
|
+
validates :email, presence: true, email: true
|
11
|
+
validates :oauth2_token, presence: true
|
12
|
+
validates :single_use_oauth2_token, presence: true
|
13
|
+
validates :password, length: { maximum: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED }, confirmation: true
|
14
|
+
validate :password_or_facebook_uid_present
|
15
|
+
|
16
|
+
before_validation :ensure_oauth2_token
|
17
|
+
before_validation :refresh_single_use_oauth2_token
|
18
|
+
|
19
|
+
def refresh_oauth2_token!
|
20
|
+
ensure_oauth2_token(true)
|
21
|
+
save!
|
22
|
+
end
|
23
|
+
|
24
|
+
def consume_single_use_oauth2_token!(token)
|
25
|
+
raise InvalidSingleUseOAuth2Token.new if token != single_use_oauth2_token
|
26
|
+
refresh_single_use_oauth2_token
|
27
|
+
save!
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def password_or_facebook_uid_present
|
33
|
+
if password_digest.blank? && facebook_uid.blank?
|
34
|
+
errors.add :base, 'either password_digest or facebook_uid must be present'
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def ensure_oauth2_token(force = false)
|
39
|
+
set_token = oauth2_token.blank? || force
|
40
|
+
self.oauth2_token = SecureRandom.hex(125) if set_token
|
41
|
+
end
|
42
|
+
|
43
|
+
def refresh_single_use_oauth2_token
|
44
|
+
self.single_use_oauth2_token = SecureRandom.hex(125)
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
require 'httparty'
|
2
|
+
|
3
|
+
class FacebookAuthenticator
|
4
|
+
|
5
|
+
def initialize(auth_code)
|
6
|
+
@auth_code = auth_code
|
7
|
+
end
|
8
|
+
|
9
|
+
def authenticate
|
10
|
+
if login.present?
|
11
|
+
connect_login_to_fb_account
|
12
|
+
else
|
13
|
+
create_login_from_fb_account
|
14
|
+
end
|
15
|
+
|
16
|
+
login
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def login
|
22
|
+
@login ||= Login.find_by(email: facebook_user[:email])
|
23
|
+
end
|
24
|
+
|
25
|
+
def connect_login_to_fb_account
|
26
|
+
login.update_attributes!(facebook_uid: facebook_user[:id])
|
27
|
+
end
|
28
|
+
|
29
|
+
def create_login_from_fb_account
|
30
|
+
login_attributes = {
|
31
|
+
email: facebook_user[:email],
|
32
|
+
facebook_uid: facebook_user[:id]
|
33
|
+
}
|
34
|
+
|
35
|
+
@login = Login.create!(login_attributes)
|
36
|
+
end
|
37
|
+
|
38
|
+
def facebook_user
|
39
|
+
@facebook_user ||= begin
|
40
|
+
access_token = facebook_request(fb_token_url).parsed_response['access_token']
|
41
|
+
facebook_request(fb_user_url(access_token)).parsed_response.symbolize_keys
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def facebook_request(url)
|
46
|
+
response = HTTParty.get(url)
|
47
|
+
raise FacebookApiError.new if response.code != 200
|
48
|
+
response
|
49
|
+
end
|
50
|
+
|
51
|
+
def fb_token_url
|
52
|
+
"#{Rails.application.config.x.facebook.graph_url}/oauth/access_token".tap do |url|
|
53
|
+
url << "?client_id=#{Rails.application.config.x.facebook.app_id}"
|
54
|
+
url << "&redirect_uri=#{Rails.application.config.x.facebook.redirect_uri}"
|
55
|
+
url << "&client_secret=#{Rails.application.config.x.facebook.app_secret}"
|
56
|
+
url << "&code=#{@auth_code}"
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def fb_user_url(access_token)
|
61
|
+
"#{Rails.application.config.x.facebook.graph_url}/me?access_token=#{access_token}"
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
data/config/routes.rb
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
class CreateLogins < ActiveRecord::Migration
|
2
|
+
|
3
|
+
def change
|
4
|
+
create_table :logins do |t|
|
5
|
+
t.string :email, null: false
|
6
|
+
t.string :password_digest, null: true
|
7
|
+
t.string :oauth2_token, null: false
|
8
|
+
t.string :facebook_uid
|
9
|
+
t.string :single_use_oauth2_token
|
10
|
+
t.references :user
|
11
|
+
|
12
|
+
t.timestamps
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module RailsApiAuth
|
2
|
+
|
3
|
+
module Authentication
|
4
|
+
|
5
|
+
class RequestForbidden < StandardError; end
|
6
|
+
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
attr_reader :current_login
|
11
|
+
|
12
|
+
rescue_from RequestForbidden, with: :deny_access
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def deny_access
|
17
|
+
head 403
|
18
|
+
end
|
19
|
+
|
20
|
+
def authenticate!
|
21
|
+
auth_header = request.headers[:authorization]
|
22
|
+
token = auth_header ? auth_header.split(' ').last : ''
|
23
|
+
@current_login ||= Login.find_by!(oauth2_token: token)
|
24
|
+
|
25
|
+
rescue ActiveRecord::RecordNotFound
|
26
|
+
head 401
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module RailsApiAuth
|
2
|
+
|
3
|
+
class Engine < ::Rails::Engine
|
4
|
+
|
5
|
+
initializer :append_migrations do |app|
|
6
|
+
unless app.root.to_s.match root.to_s
|
7
|
+
config.paths['db/migrate'].expanded.each do |expanded_path|
|
8
|
+
app.config.paths['db/migrate'] << expanded_path
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
config.generators do |g|
|
14
|
+
g.test_framework :rspec
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
== README
|
2
|
+
|
3
|
+
This README would normally document whatever steps are necessary to get the
|
4
|
+
application up and running.
|
5
|
+
|
6
|
+
Things you may want to cover:
|
7
|
+
|
8
|
+
* Ruby version
|
9
|
+
|
10
|
+
* System dependencies
|
11
|
+
|
12
|
+
* Configuration
|
13
|
+
|
14
|
+
* Database creation
|
15
|
+
|
16
|
+
* Database initialization
|
17
|
+
|
18
|
+
* How to run the test suite
|
19
|
+
|
20
|
+
* Services (job queues, cache servers, search engines, etc.)
|
21
|
+
|
22
|
+
* Deployment instructions
|
23
|
+
|
24
|
+
* ...
|
25
|
+
|
26
|
+
|
27
|
+
Please feel free to use a different markup language if you do not plan to run
|
28
|
+
<tt>rake doc:app</tt>.
|
data/spec/dummy/Rakefile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,15 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the bottom of the
|
9
|
+
* compiled file so the styles you add here take precedence over styles defined in any styles
|
10
|
+
* defined in the other CSS/SCSS files in this directory. It is generally better to create a new
|
11
|
+
* file per style scope.
|
12
|
+
*
|
13
|
+
*= require_tree .
|
14
|
+
*= require_self
|
15
|
+
*/
|