rails_api_auth 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: af65e9fe685271c6e68587e74a3e2c33f35dc12c
-  data.tar.gz: 2e55c5fb7ca6be0c2362769e744df99a8a5d9f11
+  metadata.gz: 3dbff8f6350acb5554f8d582e5a79f0c1250e24c
+  data.tar.gz: 9377a8dffd3962280a540da62f6d33bf3f8c0cb1
 SHA512:
-  metadata.gz: 50e2055e18d2f4ab5c28b0735446113a567d9f65a0a4877f5ebd09a9d210f45f96a0b76aa5b675108d40fef6e04f57e98ab6cd16e3c4c54631d2717f54099636
-  data.tar.gz: 83f495155e33db882ca560daeaa0db2b21c00fdda8a6e5b838a93fd93b7cbb280ac3d90680c29b228214799ca87c32f4fdf06c1432b1ce23741d4dbc55dfd06f
+  metadata.gz: fc7e7e108167bfa18c20c730e3e0f10177b35fce04ccbebb1ce554fbf559c8959de147ec2b7a65ecc0f56bf2ab59a1cf254a938c1dda5b4cfb31febd08e9f1f9
+  data.tar.gz: e7febed892fa651de9c67bba6e586db365bbd431d29688c082d27d16a724af16c073b18b0b823c4cd97526e706ebc4ebb3e32514bf27806fd7b5a0c93997cac2

data/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 simplabs GmbH
+Copyright (c) 2015-2016 simplabs GmbH
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -5,20 +5,23 @@
 Rails API Auth is a lightweight Rails Engine that __implements the _"Resource
 Owner Password Credentials Grant"_ OAuth 2.0 flow
 ([RFC 6749](http://tools.ietf.org/html/rfc6749#section-4.3)) as well as
-Facebook authentication for API projects__.
+Facebook and Google authentication for API projects__.
 
 It uses __Bearer tokens__ ([RFC 6750](http://tools.ietf.org/html/rfc6750)) to
 authorize requests coming in from clients.
 
 ## Installation
 
-To install the engine simply add
+To install the engine simply add to the application's `Gemfile`
 
 ```ruby
-gem 'rails_auth_api'
+gem 'rails_api_auth'
 ```
 
-to the application's `Gemfile` and run `bundle install`.
+ and run:
+```bash
+bundle install
+```
 
 __Rails API Auth also adds a migration__ to the application so run
 
@@ -54,7 +57,7 @@ class UsersController < ApplicationController
   def create
     user = User.new(user_params)
     if user.save && user.create_login(login_params)
-      head 201
+      head 200
     else
       head 422 # you'd actually want to return validation errors here
     end
@@ -136,6 +139,8 @@ end
 
 ```
 
+See the [demo project](https://github.com/simplabs/rails_api_auth-demo) for further details.
+
 ## Configuration
 
 The Engine can be configured by simply setting some attributes on its main
@@ -145,10 +150,16 @@ module:
 RailsApiAuth.tap do |raa|
   raa.user_model_relation = :account # this will set up the belongs_to relation from the Login model to the Account model automatically (of course if your application uses a User model this would be :user)
 
+  # Facebook configurations
   raa.facebook_app_id       = '<your Facebook app id>'
   raa.facebook_app_secret   = '<your Facebook app secret>'
-  raa.facebook_graph_url    = 'https://graph.facebook.com'
   raa.facebook_redirect_uri = '<your Facebook app redirect uri>'
+
+  # Google configurations
+  raa.google_client_id = '<your Google client id>'
+  raa.google_client_secret = '<your Google client secret>'
+  raa.google_redirect_uri = '<your app redirect uri>'
+
 end
 
 ```

data/app/controllers/oauth2_controller.rb

@@ -11,6 +11,8 @@ class Oauth2Controller < ApplicationController
       authenticate_with_credentials(params[:username], params[:password])
     when 'facebook_auth_code'
       authenticate_with_facebook(params[:auth_code])
+    when 'google_auth_code'
+      authenticate_with_google(params[:auth_code])
     else
       oauth2_error('unsupported_grant_type')
     end
@@ -47,6 +49,16 @@ class Oauth2Controller < ApplicationController
       render nothing: true, status: 502
     end
 
+    def authenticate_with_google(auth_code)
+      oauth2_error('no_authorization_code') && return unless auth_code.present?
+
+      login = GoogleAuthenticator.new(auth_code).authenticate!
+
+      render json: { access_token: login.oauth2_token }
+    rescue GoogleAuthenticator::ApiError
+      render nothing: true, status: 502
+    end
+
     def oauth2_error(error)
       render json: { error: error }, status: 400
     end

data/app/models/login.rb

@@ -6,15 +6,15 @@
 # The __`Login` model has `identification` and `password` attributes__ (in fact
 # it uses Rails'
 # [`has_secure_password`](http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password))
-# __as well as a `facebook_uid`__ (if it represents a Facebook login)
+# __as well as a `uid`__ (a Facebook uid or Google sub)
 # attribute. As opposed to the standard `has_secure_password` behavior it
 # doesn't validate that the password must be present but instead validates that
-# __either__ the `password` or the `facebook_uid` are present as no password is
-# required in the case that Facebook is used for authentication.
+# __either__ the `password` or the `uid` are present as no password is
+# required in the case that Facebook or Google is used for authentication.
 #
 # The `Login` model also stores the Bearer token in the `oauth2_token`
 # attribute. The model also stores an additional Bearer token, the
-# `single_use_oauth2_token`, that can be used for implementing thinks like
+# `single_use_oauth2_token`, that can be used for implementing things like
 # password reset where you need to make sure that the provided token can only
 # be used once.
 class Login < ActiveRecord::Base
@@ -37,12 +37,12 @@ class Login < ActiveRecord::Base
   validates :oauth2_token, presence: true
   validates :single_use_oauth2_token, presence: true
   validates :password, length: { maximum: 72 }, confirmation: true
-  validate :password_or_facebook_uid_present
+  validate :password_or_uid_present
 
   before_validation :ensure_oauth2_token
-  before_validation :refresh_single_use_oauth2_token
+  before_validation :assign_single_use_oauth2_token
 
-  # Refreshes the Bearer token. This will effectively log out all clients that
+  # Refreshes the random token. This will effectively log out all clients that
   # possess the previous token.
   #
   # @raise [ActiveRecord::RecordInvalid] if the model is invalid
@@ -51,17 +51,11 @@ class Login < ActiveRecord::Base
     save!
   end
 
-  # This validates the passed single use Bearer token and assigns a new one. It
-  # will raise an exception if the token is not valid or has already been
-  # consumed.
+  # Refreshes the single use Oauth 2.0 token.
   #
-  # @param token [String] the single use token to consume
-  # @raise [InvalidOAuth2Token] if the token is not valid or has already been
-  #   consumed
   # @raise [ActiveRecord::RecordInvalid] if the model is invalid
-  def consume_single_use_oauth2_token!(token)
-    raise InvalidOAuth2Token.new if token != single_use_oauth2_token
-    refresh_single_use_oauth2_token
+  def refresh_single_use_oauth2_token!
+    assign_single_use_oauth2_token
     save!
   end
 
@@ -76,19 +70,23 @@ class Login < ActiveRecord::Base
 
   private
 
-    def password_or_facebook_uid_present
-      if password_digest.blank? && facebook_uid.blank?
-        errors.add :base, 'either password_digest or facebook_uid must be present'
+    def password_or_uid_present
+      if password_digest.blank? && uid.blank?
+        errors.add :base, 'either password_digest or uid must be present'
       end
     end
 
     def ensure_oauth2_token(force = false)
       set_token = oauth2_token.blank? || force
-      self.oauth2_token = SecureRandom.hex(125) if set_token
+      self.oauth2_token = generate_token if set_token
     end
 
-    def refresh_single_use_oauth2_token
-      self.single_use_oauth2_token = SecureRandom.hex(125)
+    def assign_single_use_oauth2_token
+      self.single_use_oauth2_token = generate_token
+    end
+
+    def generate_token
+      SecureRandom.hex(125)
     end
 
 end

data/app/services/base_authenticator.rb

@@ -0,0 +1,38 @@
+class BaseAuthenticator
+
+  class ApiError < StandardError; end
+
+  def initialize(auth_code)
+    @auth_code = auth_code
+  end
+
+  def authenticate!
+    user = get_user(access_token)
+    login = find_login(user)
+
+    if login.present?
+      connect_login_to_account(login, user)
+    else
+      login = create_login_from_account(user)
+    end
+
+    login
+  end
+
+  private
+
+    def find_login(user)
+      Login.where(identification: user[:email]).first
+    end
+
+    def get_request(url)
+      response = HTTParty.get(url)
+      unless response.code == 200
+        Rails.logger.warn "#{self.class::PROVIDER} API request failed with status #{response.code}."
+        Rails.logger.debug "#{self.class::PROVIDER} API error response was:\n#{response.body}"
+        raise ApiError.new
+      end
+      response
+    end
+
+end

data/app/services/facebook_authenticator.rb

@@ -1,69 +1,50 @@
 require 'httparty'
+require 'pry'
 
 # Handles Facebook authentication
 #
 # @!visibility private
-class FacebookAuthenticator
+class FacebookAuthenticator < BaseAuthenticator
 
-  class ApiError < StandardError; end
-
-  def initialize(auth_code)
-    @auth_code = auth_code
-  end
-
-  def authenticate!
-    if login.present?
-      connect_login_to_fb_account
-    else
-      create_login_from_fb_account
-    end
-
-    login
-  end
+  PROVIDER = 'facebook'.freeze
+  TOKEN_URL = 'https://graph.facebook.com/v2.4/oauth/access_token?client_id=%{client_id}&client_secret=%{client_secret}&code=%{auth_code}&redirect_uri=%{redirect_uri}'.freeze
+  PROFILE_URL = 'https://graph.facebook.com/v2.4/me?fields=email,name&access_token=%{access_token}'.freeze
 
   private
 
-    def login
-      @login ||= Login.where(identification: facebook_user[:email]).first
-    end
-
-    def connect_login_to_fb_account
-      login.update_attributes!(facebook_uid: facebook_user[:id])
+    def connect_login_to_account(login, user)
+      login.update_attributes!(uid: user[:id], provider: PROVIDER)
     end
 
-    def create_login_from_fb_account
+    def create_login_from_account(user)
       login_attributes = {
-        identification: facebook_user[:email],
-        facebook_uid:   facebook_user[:id]
+        identification: user[:email],
+        uid: user[:id],
+        provider: PROVIDER
       }
 
-      @login = Login.create!(login_attributes)
+      Login.create!(login_attributes)
     end
 
-    def facebook_user
-      @facebook_user ||= begin
-        access_token = facebook_request(fb_token_url).parsed_response['access_token']
-        facebook_request(fb_user_url(access_token)).parsed_response.symbolize_keys
-      end
+    def access_token
+      response = get_request(token_url)
+      response.parsed_response.symbolize_keys[:access_token]
     end
 
-    def facebook_request(url)
-      response = HTTParty.get(url)
-      raise ApiError.new if response.code != 200
-      response
+    def get_user(access_token)
+      @facebook_user ||= begin
+        parsed_response = get_request(user_url(access_token)).parsed_response
+        parsed_response.symbolize_keys
+      end
     end
 
-    def fb_token_url
-      "#{RailsApiAuth.facebook_graph_url}/oauth/access_token".tap do |url|
-        url << "?client_id=#{RailsApiAuth.facebook_app_id}"
-        url << "&redirect_uri=#{RailsApiAuth.facebook_redirect_uri}"
-        url << "&client_secret=#{RailsApiAuth.facebook_app_secret}"
-        url << "&code=#{@auth_code}"
-      end
+    def token_url
+      url_options = { client_id: RailsApiAuth.facebook_app_id, client_secret: RailsApiAuth.facebook_app_secret, auth_code: @auth_code, redirect_uri: RailsApiAuth.facebook_redirect_uri }
+      TOKEN_URL % url_options
     end
 
-    def fb_user_url(access_token)
-      "#{RailsApiAuth.facebook_graph_url}/me?access_token=#{access_token}"
+    def user_url(access_token)
+      PROFILE_URL % { access_token: access_token }
     end
 
 end

data/app/services/google_authenticator.rb

@@ -0,0 +1,55 @@
+require 'httparty'
+
+# Handles Google authentication
+#
+# @!visibility private
+class GoogleAuthenticator < BaseAuthenticator
+
+  PROVIDER = 'google'.freeze
+  TOKEN_URL = 'https://www.googleapis.com/oauth2/v3/token'.freeze
+  PROFILE_URL = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect?access_token=%{access_token}'.freeze
+
+  private
+
+    def connect_login_to_account(login, user)
+      login.update_attributes!(uid: user[:sub], provider: PROVIDER)
+    end
+
+    def create_login_from_account(user)
+      login_attributes = {
+        identification: user[:email],
+        uid: user[:sub],
+        provider: PROVIDER
+      }
+
+      Login.create!(login_attributes)
+    end
+
+    def access_token
+      response = HTTParty.post(TOKEN_URL, token_options)
+      response.parsed_response['access_token']
+    end
+
+    def get_user(access_token)
+      @google_user ||= begin
+        get_request(user_url(access_token)).parsed_response.symbolize_keys
+      end
+    end
+
+    def user_url(access_token)
+      PROFILE_URL % { access_token: access_token }
+    end
+
+    def token_options
+      @token_options ||= {
+        body: {
+          code: @auth_code,
+          client_id: RailsApiAuth.google_client_id,
+          client_secret: RailsApiAuth.google_client_secret,
+          redirect_uri: RailsApiAuth.google_redirect_uri,
+          grant_type: 'authorization_code'
+        }
+      }
+    end
+
+end

data/db/migrate/20150709221755_create_logins.rb

@@ -1,17 +1,23 @@
 class CreateLogins < ActiveRecord::Migration
 
   def change
-    create_table :logins do |t|
+    create_table :logins, primary_key_options(:id) do |t|
       t.string :identification,  null: false
       t.string :password_digest, null: true
       t.string :oauth2_token,    null: false
       t.string :facebook_uid
       t.string :single_use_oauth2_token
 
-      t.references :user
+      t.references :user, primary_key_options(:type)
 
       t.timestamps
     end
   end
 
+  private
+
+    def primary_key_options(option_name)
+      RailsApiAuth.primary_key_type ? { option_name => RailsApiAuth.primary_key_type } : {}
+    end
+
 end

data/db/migrate/20150904110438_add_provider_to_login.rb

@@ -0,0 +1,8 @@
+class AddProviderToLogin < ActiveRecord::Migration
+
+  def change
+    add_column :logins, :provider, :string
+    rename_column :logins, :facebook_uid, :uid
+  end
+
+end

data/lib/rails_api_auth.rb

@@ -20,12 +20,25 @@ module RailsApiAuth
   # The Facebook App secret.
   mattr_accessor :facebook_app_secret
 
-  # @!attribute [rw] facebook_graph_url
-  # The Facebook grahp URL.
-  mattr_accessor :facebook_graph_url
-
   # @!attribute [rw] facebook_redirect_uri
   # The Facebook App's redirect URI.
   mattr_accessor :facebook_redirect_uri
 
+  # @!attribute [rw] google_client_id
+  # The Google client ID.
+  mattr_accessor :google_client_id
+
+  # @!attribute [rw] google_client_secret
+  # The Google client secret.
+  mattr_accessor :google_client_secret
+
+  # @!attribute [rw] google_redirect_uri
+  # The Google App's redirect URI.
+  mattr_accessor :google_redirect_uri
+
+  # @!attribute [rw] primary_key_type
+  # Configures database column type used for primary keys,
+  # currently only accepts :uuid
+  mattr_accessor :primary_key_type
+
 end