rockauth 0.0.1.pre2

data/app/serializers/rockauth/authentication_serializer.rb

@@ -0,0 +1,24 @@
+module Rockauth
+  class AuthenticationSerializer < BaseSerializer
+    attributes(*%i(id token token_id expiration client_version device_identifier device_os device_os_version device_description))
+
+    has_one Rockauth::Configuration.resource_owner_class.model_name.element.to_sym
+    has_one :provider_authentication
+
+    def include_token_id
+      object.token.present?
+    end
+
+    def include_jwt?
+      object.token.present?
+    end
+
+    define_method Rockauth::Configuration.resource_owner_class.model_name.element do
+      object.resource_owner
+    end
+
+    define_method(:"include_#{Rockauth::Configuration.resource_owner_class.model_name.element}?") do
+      !scope.try(:include_authentication?)
+    end
+  end
+end

data/app/serializers/rockauth/base_serializer.rb

@@ -0,0 +1,6 @@
+require 'active_model_serializers'
+module Rockauth
+  class BaseSerializer < ActiveModel::Serializer
+    # embed :ids, include: true
+  end
+end

data/app/serializers/rockauth/error_serializer.rb

@@ -0,0 +1,5 @@
+module Rockauth
+  class ErrorSerializer < BaseSerializer
+    attributes(*%i(status_code message validation_errors))
+  end
+end

data/app/serializers/rockauth/provider_authentication_serializer.rb

@@ -0,0 +1,5 @@
+module Rockauth
+  class ProviderAuthenticationSerializer < BaseSerializer
+    attributes :id, :provider, :provider_user_id
+  end
+end

data/app/serializers/rockauth/user_serializer.rb

@@ -0,0 +1,23 @@
+module Rockauth
+  class UserSerializer < BaseSerializer
+    attributes :id, :email, :first_name, :last_name
+
+    has_one :authentication
+    has_many :provider_authentications
+
+    def authentication
+      object.authentications.first
+    end
+
+    def include_authentication?
+      current_resource_owner? && scope.try(:include_authentication?)
+    end
+
+    def current_resource_owner?
+      scope.try(:current_resource_owner) == object
+    end
+
+    alias :include_provider_authentications? :current_resource_owner?
+    alias :include_email? :current_resource_owner?
+  end
+end

data/app/views/layouts/rockauth/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Rockauth</title>
+  <%= stylesheet_link_tag    "rockauth/application", media: "all" %>
+  <%= javascript_include_tag "rockauth/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/locales/en.yml

@@ -0,0 +1,12 @@
+en:
+  errors:
+    messages:
+      rockauth_cannot_be_changed: "cannot be changed"
+  rockauth:
+    errors:
+      unauthorized: "You must be logged in to continue."
+      authentication_failed: "Authentication failure."
+      server_error: "Something went wrong."
+      create_error: "%{resource} could not be created."
+      update_error: "%{resource} could not be updated."
+      destroy_error: "%{resource} could not be destroyed."

data/config/routes.rb

@@ -0,0 +1,9 @@
+Rockauth::Engine.routes.draw do
+  get    :authentications, controller: 'rockauth/authentications', action: 'index'
+  post   :authentications, controller: 'rockauth/authentications', action: 'authenticate'
+  delete :authentications, controller: 'rockauth/authentications', action: 'destroy'
+  delete 'authentications/:id', controller: 'rockauth/authentications', action: 'destroy'
+
+  resource :me, only: [:show, :create, :update, :destroy], controller: 'rockauth/me'
+  resources :provider_authentications, controller: 'rockauth/provider_authentications'
+end

data/db/migrate/20150709065335_create_rockauth_users.rb

@@ -0,0 +1,16 @@
+class CreateRockauthUsers < ActiveRecord::Migration
+  def up
+    create_table :users do |t|
+      t.string :first_name
+      t.string :last_name
+      t.string :email
+      t.string :password_digest
+      t.timestamps null: false
+    end
+    execute "CREATE UNIQUE INDEX index_users_on_lower_email ON users (lower(email))"
+  end
+
+  def down
+    drop_table :users
+  end
+end

data/db/migrate/20150709071113_create_rockauth_provider_authentications.rb

@@ -0,0 +1,16 @@
+class CreateRockauthProviderAuthentications < ActiveRecord::Migration
+  def change
+    create_table :provider_authentications do |t|
+      t.references :resource_owner, polymorphic: true
+      t.string :provider, null: false
+      t.string :provider_user_id, null: false, index: true
+      t.string :provider_access_token, null: false
+      t.string :provider_access_token_secret
+
+      t.timestamps null: false
+    end
+
+    add_index :provider_authentications, [:provider, :provider_user_id], unique: true
+    add_index :provider_authentications, [:resource_owner_id, :resource_owner_type], name: 'index_provider_authentications_on_resource_owner'
+  end
+end

data/db/migrate/20150709084233_create_rockauth_authentications.rb

@@ -0,0 +1,23 @@
+class CreateRockauthAuthentications < ActiveRecord::Migration
+  def change
+    create_table :authentications do |t|
+      t.references :resource_owner, polymorphic: true
+      t.references :provider_authentication, index: true, foreign_key: true
+      t.integer :expiration
+      t.integer :issued_at
+      t.string :hashed_token_id
+      t.string :auth_type, null: false
+      t.string :client_id, null: false
+      t.string :client_version
+      t.string :device_identifier
+      t.string :device_description
+      t.string :device_os
+      t.string :device_os_version
+
+      t.timestamps null: false
+    end
+
+    add_index :authentications, [:resource_owner_id, :resource_owner_type], name: 'index_authentications_on_resource_owner'
+    add_index :authentications, :hashed_token_id
+  end
+end

data/lib/generators/rockauth/client_generator.rb

@@ -0,0 +1,33 @@
+require 'securerandom'
+
+module Rockauth
+  class ClientGenerator < Rails::Generators::NamedBase
+    source_root File.expand_path('../../templates', __FILE__)
+    desc "Generate a rockauth client"
+
+    class_option :environment,  default: 'production',       desc: 'Environment for the client'
+
+    def generate_client
+      client_id = SecureRandom.urlsafe_base64(16)
+      client_secret = SecureRandom.urlsafe_base64(32)
+
+      file_path = Rails.root.join("config/rockauth_clients.yml")
+      environments = {}
+
+      if File.exists?(file_path)
+        environments = YAML.load_file(file_path)
+      end
+
+      environments[options[:environment]] ||= []
+      environments[options[:environment]] << {
+        'client_id' => client_id,
+        'client_title' => name,
+        'client_secret' => client_secret
+      }
+
+      File.open(file_path, 'wb') do |file|
+        file.write environments.stringify_keys.to_yaml(cannonical: false).gsub(/\A---\n/, '')
+      end
+    end
+  end
+end

data/lib/generators/rockauth/install_generator.rb

@@ -0,0 +1,59 @@
+require_relative './client_generator.rb'
+module Rockauth
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path('../../templates', __FILE__)
+
+    desc 'Installs Rockauth'
+
+    def copy_initializer
+      template 'rockauth_full_initializer.rb', 'config/initializers/rockauth.rb'
+    end
+
+    def copy_locales
+      copy_file '../../../config/locales/en.yml', 'config/locales/rockauth.en.yml'
+    end
+
+    def copy_clients
+      copy_file 'rockauth_clients.yml', 'config/rockauth_clients.yml'
+    end
+
+    def generate_models
+      invoke 'rockauth:models'
+    end
+
+    def generate_migrations
+      invoke 'rockauth:migrations'
+    end
+
+    def generate_serializers
+      puts File.expand_path('../../../app/serializers/rockauth/*.rb', File.dirname(__FILE__))
+      Dir[File.expand_path('../../../app/serializers/rockauth/*.rb', File.dirname(__FILE__))].each do |f|
+        basename = File.basename(f)
+        copy_file f, "app/serializers/#{basename}"
+        gsub_file "app/serializers/#{basename}", 'module Rockauth', ''
+        gsub_file "app/serializers/#{basename}", /^end$/, ''
+        gsub_file "app/serializers/#{basename}", /^\s\s/, ''
+      end
+    end
+
+    def install_route
+      route <<ROUTE
+namespace :api do
+    mount Rockauth::Engine => '/'
+  end
+ROUTE
+    end
+
+    def generate_development_client
+      invoke 'rockauth:client', ['Default Client'], environment: 'development'
+    end
+
+    def declare_dependencies
+      gem 'fb_graph2'
+      gem 'twitter'
+      gem 'google_plus'
+      gem 'instagram'
+      gem 'active_model_serializers', '~> 0.8.3'
+    end
+  end
+end

data/lib/generators/rockauth/migrations_generator.rb

@@ -0,0 +1,9 @@
+module Rockauth
+  class MigrationsGenerator < Rails::Generators::Base
+    def install_migrations
+      Dir[File.expand_path("../../../../db/migrate/*.rb", __FILE__)].each do |file|
+        copy_file file, "db/migrate/#{File.basename(file)}"
+      end
+    end
+  end
+end

data/lib/generators/rockauth/models_generator.rb

@@ -0,0 +1,11 @@
+module Rockauth
+  class ModelsGenerator < Rails::Generators::Base
+    source_root File.expand_path('../../templates', __FILE__)
+
+    def install_models
+      template 'user.rb', 'app/models/user.rb'
+      template 'provider_authentication.rb', 'app/models/provider_authentication.rb'
+      template 'authentication.rb', 'app/models/authentication.rb'
+    end
+  end
+end

data/lib/generators/templates/authentication.rb

@@ -0,0 +1,4 @@
+class Authentication < ActiveRecord::Base
+  include Rockauth::Models::Authentication
+  rockauth_authentication provider_authentication_class_name: "::ProviderAuthentication"
+end

data/lib/generators/templates/provider_authentication.rb

@@ -0,0 +1,5 @@
+class ProviderAuthentication < ActiveRecord::Base
+  include Rockauth::Models::ProviderValidation
+  include Rockauth::Models::ProviderAuthentication
+  provider_authentication authentication_class_name: '::Authentication'
+end

data/lib/generators/templates/rockauth_clients.yml

@@ -0,0 +1,9 @@
+# List Rockauth clients for each environment here.
+production:
+#- client_id:     random string
+#  client_secret: secret string
+#  client_title:  iOS Client
+
+development:
+
+test:

data/lib/generators/templates/rockauth_full_initializer.rb

@@ -0,0 +1,41 @@
+Rockauth.configure do |config|
+  # config.allowed_password_length = 8..72
+  # config.email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
+  # config.token_time_to_live = 365 * 24 * 60 * 60
+  # config.clients = []
+  # config.resource_owner_class = 'Rockauth::User'
+  # config.warn_missing_social_auth_gems = true
+  # config.jwt.issuer = ''
+  # config.jwt.signing_method = 'HS256'
+
+  config.jwt.secret              = '<%= SecureRandom.base64(32) %>'
+  config.resource_owner_class    = '::User'
+
+  config.serializers.user                    = '::UserSerializer'
+  config.serializers.authentication          = '::AuthenticationSerializer'
+  config.serializers.provider_authentication = '::ProviderAuthenticationSerializer'
+  config.serializers.error                   = '::ErrorSerializer'
+
+  # config.generate_active_admin_resources = nil # nil decides based on whether active_admin is loaded
+  # config.active_admin_menu_name = 'User Authentication'
+
+  begin
+    Array(YAML.load_file(Rails.root.join('config/rockauth_clients.yml'))[Rails.env]).each do |client_config|
+      config.clients << Rockauth::Client.new(*(%w(id secret title).map { |k| client_config["client_#{k}"] }))
+    end
+  rescue Errno::ENOENT
+    warn 'Could not load Rockauth clients from config/rockauth_clients.yml'
+  end
+
+  begin
+    parsed_json = JSON.parse(File.read(Rails.root.join('config/rockauth_providers.json')))[Rails.env] || {}
+    OpenStruct.new(parsed_json.with_indifferent_access)
+  rescue Errno::ENOENT
+    warn 'Could not load Rockauth providers from config/rockauth_providers.json'
+  end
+
+  Instagram.configure do |instagram_config|
+    instagram_config.client_id     = config.providers.instagram[:client_id]
+    instagram_config.client_secret = config.providers.instagram[:client_secret]
+  end
+end

data/lib/generators/templates/rockauth_providers.json

@@ -0,0 +1,50 @@
+{
+  "development": {
+    "twitter": {
+      "consumer_key": "",
+      "consumer_secret": ""
+    },
+    "instagram": {
+      "client_id": "",
+      "client_secret": ""
+    },
+    "twitter": {},
+    "google_plus": {}
+  },
+  "qa": {
+    "twitter": {
+      "consumer_key": "",
+      "consumer_secret": ""
+    },
+    "instagram": {
+      "client_id": "",
+      "client_secret": ""
+    },
+    "twitter": {},
+    "google_plus": {}
+  },
+  "staging": {
+    "twitter": {
+      "consumer_key": "",
+      "consumer_secret": ""
+    },
+    "instagram": {
+      "client_id": "",
+      "client_secret": ""
+    },
+    "twitter": {},
+    "google_plus": {}
+  },
+  "production": {
+    "twitter": {
+      "consumer_key": "",
+      "consumer_secret": ""
+    },
+    "instagram": {
+      "client_id": "",
+      "client_secret": ""
+    },
+    "twitter": {},
+    "google_plus": {}
+  }
+}

data/lib/generators/templates/user.rb

@@ -0,0 +1,7 @@
+class User < ActiveRecord::Base
+  include Rockauth::Models::ResourceOwner
+
+  resource_owner provider_authentication_class_name: '::ProviderAuthentication', authentication_class_name: '::Authentication'
+
+  include Rockauth::Models::User
+end

data/lib/rockauth.rb

@@ -0,0 +1,15 @@
+require 'rails'
+require 'active_support'
+module Rockauth
+  extend ActiveSupport::Autoload
+  autoload :Authenticator
+  autoload :Client
+  autoload :Configuration
+  autoload :Controllers
+  autoload :Engine
+  autoload :Errors
+  autoload :Models
+  autoload :ProviderUserInformation
+end
+require 'rockauth/configuration'
+require 'rockauth/engine'

data/lib/rockauth/authenticator.rb

@@ -0,0 +1,51 @@
+module Rockauth
+  class Authenticator
+    autoload :Response, 'rockauth/authenticator/response'
+    attr_accessor :request
+    attr_accessor :controller
+    attr_accessor :response
+
+    delegate :params, to: :controller
+
+    def self.default_resource_owner_class
+      Rockauth::Configuration.resource_owner_class
+    end
+
+    def self.verified_authentication_for_request request, controller
+      bearer, token = request.env['HTTP_AUTHORIZATION'].to_s.split(' ')
+      if bearer.to_s.downcase == "bearer" && token.present?
+        default_resource_owner_class.authentication_class.for_token(token)
+      else
+        nil
+      end
+    end
+
+    def self.authentication_request request, controller
+      instance = new request, controller
+
+      resource_owner_class = controller.try(:resource_owner_class) || default_resource_owner_class
+
+      instance.authenticate resource_owner_class
+      instance.response
+    end
+
+    def initialize request, controller
+      self.request = request
+      self.controller = controller
+    end
+
+    def authenticate resource_owner_class=self.class.default_resource_owner_class
+      self.response = Response.new false
+      authentication_params = params.permit(authentication: authentication_permitted_params).fetch(:authentication, {}).merge(resource_owner_class: resource_owner_class)
+      if authentication_params.has_key? :provider_authentication
+        authentication_params[:provider_authentication_attributes] = authentication_params.delete(:provider_authentication)
+      end
+      response.authentication = resource_owner_class.authentication_class.new((controller.try(:authentication_options) || {}).merge(authentication_params))
+      response.apply
+    end
+
+    def authentication_permitted_params
+      [*%i(auth_type client_id client_secret username password client_version device_identifier device_description device_os device_os_version), provider_authentication: %i(provider provider_access_token provider_access_token_secret)]
+    end
+  end
+end