rodauth-oauth 0.0.4 → 0.3.0

data/lib/rodauth/oauth/database_extensions.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Rodauth
+  module OAuth
+    # rubocop:disable Naming/MethodName, Metrics/ParameterLists
+    def self.ExtendDatabase(db)
+      Module.new do
+        dataset = db.dataset
+
+        if dataset.supports_returning?(:insert)
+          def __insert_and_return__(dataset, _pkey, params)
+            dataset.returning.insert(params).first
+          end
+        else
+          def __insert_and_return__(dataset, pkey, params)
+            id = dataset.insert(params)
+            dataset.where(pkey => id).first
+          end
+        end
+
+        if dataset.supports_returning?(:update)
+          def __update_and_return__(dataset, params)
+            dataset.returning.update(params).first
+          end
+        else
+          def __update_and_return__(dataset, params)
+            dataset.update(params)
+            dataset.first
+          end
+        end
+
+        if dataset.respond_to?(:supports_insert_conflict?) && dataset.supports_insert_conflict?
+          def __insert_or_update_and_return__(dataset, pkey, unique_columns, params, conds = nil, exclude_on_update = nil)
+            to_update = params.keys - unique_columns
+            to_update -= exclude_on_update if exclude_on_update
+
+            dataset = dataset.insert_conflict(
+              target: unique_columns,
+              update: Hash[ to_update.map { |attribute| [attribute, Sequel[:excluded][attribute]] } ],
+              update_where: conds
+            )
+
+            __insert_and_return__(dataset, pkey, params)
+          end
+        else
+          def __insert_or_update_and_return__(dataset, pkey, unique_columns, params, conds = nil, exclude_on_update = nil)
+            find_params, update_params = params.partition { |key, _| unique_columns.include?(key) }.map { |h| Hash[h] }
+
+            dataset_where = dataset.where(find_params)
+            record = if conds
+                       dataset_where_conds = dataset_where.where(conds)
+
+                       # this means that there's still a valid entry there, so return early
+                       return if dataset_where.count != dataset_where_conds.count
+
+                       dataset_where_conds.first
+                     else
+                       dataset_where.first
+                     end
+
+            if record
+              update_params.reject! { |k, _v| exclude_on_update.include?(k) } if exclude_on_update
+              __update_and_return__(dataset_where, update_params)
+            else
+              __insert_and_return__(dataset, pkey, params)
+            end
+          end
+        end
+      end
+    end
+    # rubocop:enable Naming/MethodName, Metrics/ParameterLists
+  end
+end

data/lib/rodauth/oauth/ttl_store.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+#
+# The TTL store is a data structure which keeps data by a key, and with a time-to-live.
+# It is specifically designed for data which is static, i.e. for a certain key in a
+# sufficiently large span, the value will be the same.
+#
+# Because of that, synchronizations around reads do not exist, while write synchronizations
+# will be short-circuited by a read.
+#
+class Rodauth::OAuth::TtlStore
+  DEFAULT_TTL = 60 * 60 * 24 # default TTL is one day
+
+  def initialize
+    @store_mutex = Mutex.new
+    @store = Hash.new {}
+  end
+
+  def [](key)
+    lookup(key, now)
+  end
+
+  def set(key, &block)
+    @store_mutex.synchronize do
+      # short circuit
+      return @store[key][:payload] if @store[key] && @store[key][:ttl] < now
+
+      payload, ttl = block.call
+      @store[key] = { payload: payload, ttl: (ttl || (now + DEFAULT_TTL)) }
+
+      @store[key][:payload]
+    end
+  end
+
+  def uncache(key)
+    @store_mutex.synchronize do
+      @store.delete(key)
+    end
+  end
+
+  private
+
+  def now
+    Process.clock_gettime(Process::CLOCK_MONOTONIC)
+  end
+
+  # do not use directly!
+  def lookup(key, ttl)
+    return unless @store.key?(key)
+
+    value = @store[key]
+
+    return if value.empty?
+
+    return unless value[:ttl] > ttl
+
+    value[:payload]
+  end
+end

data/lib/rodauth/oauth/version.rb

@@ -2,6 +2,6 @@
 
 module Rodauth
   module OAuth
-    VERSION = "0.0.4"
+    VERSION = "0.3.0"
   end
 end

data/templates/authorize.str

@@ -0,0 +1,33 @@
+<form method="post" class="form-horizontal" role="form" id="authorize-form">
+  #{csrf_tag(rodauth.authorize_path) if respond_to?(:csrf_tag)}
+  <p class="lead">The application #{rodauth.oauth_application[rodauth.oauth_applications_name_column]} would like to access your data.</p>
+
+  <div class="form-group">
+    <h1 class="display-6">#{rodauth.scopes_label}</h1>
+
+    #{
+      rodauth.scopes.map do |scope|
+        <<-HTML
+         	<div class="form-check">
+            <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" #{"checked disabled" if scope == rodauth.oauth_application_default_scope}>
+            <label class="form-check-label" for="#{scope}">#{scope}</label>
+          </div>
+        HTML
+      end.join
+    }
+
+    <input type="hidden" name="client_id" value="#{rodauth.param("client_id")}"/>
+
+    #{"<input type=\"hidden\" name=\"access_type\" value=\"#{rodauth.param("access_type")}\"/>" if rodauth.param_or_nil("access_type")}
+    #{"<input type=\"hidden\" name=\"response_type\" value=\"#{rodauth.param("response_type")}\"/>" if rodauth.param_or_nil("response_type")}
+    #{"<input type=\"hidden\" name=\"state\" value=\"#{rodauth.param("state")}\"/>" if rodauth.param_or_nil("state")}
+    #{"<input type=\"hidden\" name=\"nonce\" value=\"#{rodauth.param("nonce")}\"/>" if rodauth.param_or_nil("nonce")}
+    #{"<input type=\"hidden\" name=\"redirect_uri\" value=\"#{rodauth.redirect_uri}\"/>" if rodauth.param_or_nil("redirect_uri")}
+    #{"<input type=\"hidden\" name=\"code_challenge\" value=\"#{rodauth.param("code_challenge")}\"/>" if rodauth.param_or_nil("code_challenge")}
+    #{"<input type=\"hidden\" name=\"code_challenge_method\" value=\"#{rodauth.param("code_challenge_method")}\"/>" if rodauth.param_or_nil("code_challenge_method")}
+  </div>
+  <p class="text-center">
+    <input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
+    <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">Cancel</a>
+  </p>
+</form>

data/templates/client_secret_field.str

@@ -0,0 +1,4 @@
+<div class="form-group">
+  <label for="client_secret">#{rodauth.client_secret_label}#{rodauth.input_field_label_suffix}</label>
+  #{rodauth.input_field_string(rodauth.oauth_application_client_secret_param, "client_secret", :type=>"text")}
+</div>

data/templates/description_field.str

@@ -0,0 +1,4 @@
+<div class="form-group">
+  <label for="description">#{rodauth.description_label}#{rodauth.input_field_label_suffix}</label>
+  #{rodauth.input_field_string(rodauth.oauth_application_description_param, "description", :type=>"text", :required => false)}
+</div>

data/templates/homepage_url_field.str

@@ -0,0 +1,4 @@
+<div class="form-group">
+  <label for="homepage_url">#{rodauth.homepage_url_label}#{rodauth.input_field_label_suffix}</label>
+  #{rodauth.input_field_string(rodauth.oauth_application_homepage_url_param, "homepage_url", :type=>"text")}
+</div>

data/templates/name_field.str

@@ -0,0 +1,4 @@
+<div class="form-group">
+  <label for="name">#{rodauth.name_label}#{rodauth.input_field_label_suffix}</label>
+  #{rodauth.input_field_string(rodauth.oauth_application_name_param, "name", :type=>"text")}
+</div>

data/templates/new_oauth_application.str

@@ -0,0 +1,10 @@
+<form method="post" action="#{rodauth.oauth_applications_path}" class="rodauth" role="form" id="oauth-application-form">
+  #{rodauth.csrf_tag}
+  #{rodauth.render('name_field')}
+  #{rodauth.render('description_field')}
+  #{rodauth.render('homepage_url_field')}
+  #{rodauth.render('redirect_uri_field')}
+  #{rodauth.render('client_secret_field')}
+  #{rodauth.render('scope_field')}
+  #{rodauth.button(rodauth.oauth_application_button)}
+</form>

data/templates/oauth_application.str

@@ -0,0 +1,11 @@
+<div id="oauth-application">
+  <dl>
+    #{
+      (rodauth.oauth_application_required_params + %w[client_id] - %w[client_secret]).map do |param|
+        "<dt class=\"#{param}\">#{rodauth.send(:"#{param}_label")}</dt>" +
+        "<dd class=\"#{param}\">#{@oauth_application[rodauth.send(:"oauth_applications_#{param}_column")]}</dd>"
+      end.join
+    }
+  </dl>
+  <a href="/#{"#{rodauth.oauth_applications_path}/#{@oauth_application[:id]}/#{rodauth.oauth_tokens_path}"}" class="btn btn-outline-secondary">Oauth Tokens</a>
+</div>

data/templates/oauth_applications.str

@@ -0,0 +1,14 @@
+<div id="oauth-applications">
+  <a class="btn btn-outline-primary" href="/oauth-applications/new">Register new Oauth Application</a>
+  #{
+    if @oauth_applications.count.zero?
+      "<p>No oauth applications yet!</p>"
+    else
+      "<ul class=\"list-group\">" + 
+        @oauth_applications.map do |application|
+          "<li class=\"list-group-item\"><a href=\"/oauth-applications/#{application[:id]}\">#{application[:name]}</a></li>"
+        end.join +
+      "</ul>"
+    end
+  }
+</div>

data/templates/oauth_tokens.str

@@ -0,0 +1,49 @@
+<div id="oauth-tokens">
+  #{
+    if @oauth_tokens.count.zero?
+      "<p>No oauth tokens yet!</p>"
+    else
+      <<-HTML
+        <table class="table">
+          <thead>
+            <tr>
+              <th scope="col">Token</th>
+              <th scope="col">Refresh Token</th>
+              <th scope="col">Expires in</th>
+              <th scope="col">Revoke</th>
+              <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_tokens.count}</span>
+            </tr>
+          </thead>
+          <tbody>
+            #{
+              @oauth_tokens.map do |oauth_token|
+                <<-HTML
+                  <tr>
+                    <td>#{oauth_token[rodauth.oauth_tokens_token_column]}</td>
+                    <td>#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</td>
+                    <td>#{rodauth.convert_timestamp(oauth_token[rodauth.oauth_tokens_expires_in_column])}</td>
+                    <td>#{rodauth.convert_timestamp(oauth_token[rodauth.oauth_tokens_revoked_at_column])}</td>
+                    <td>
+                      #{
+                        if !oauth_token[rodauth.oauth_tokens_revoked_at_param] && !oauth_token[rodauth.oauth_tokens_token_hash_column]
+                          <<-HTML
+                            <form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
+                              #{csrf_tag(rodauth.oauth_revoke_path) if respond_to?(:csrf_tag)}
+                              #{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
+                              #{rodauth.input_field_string("token", "revoke-token", :value => oauth_token[rodauth.oauth_tokens_token_column], :type=>"hidden")}
+                              #{rodauth.button(rodauth.oauth_token_revoke_button)}
+                            </form>
+                          HTML
+                        end
+                      }
+                    </td>
+                  </tr>
+                HTML
+              end.join
+            }
+          </tbody>
+        </table>
+      HTML
+    end
+  }
+</div>

data/templates/redirect_uri_field.str

@@ -0,0 +1,4 @@
+<div class="form-group">
+  <label for="redirect_uri">#{rodauth.redirect_uri_label}#{rodauth.input_field_label_suffix}</label>
+  #{rodauth.input_field_string(rodauth.oauth_application_redirect_uri_param, "redirect_uri", :type=>"text")}
+</div>

data/templates/scope_field.str

@@ -0,0 +1,10 @@
+<fieldset class="form-group">
+  #{
+    rodauth.oauth_application_scopes.map do |scope|
+      "<div class=\"form-check checkbox\">" +
+      "<input id=\"#{scope}\" type=\"checkbox\" name=\"#{rodauth.oauth_application_scopes_param}[]\" value=\"#{scope}\">" +
+      "<label for=\"#{scope}\">#{scope}</label>" +
+      "</div>"
+    end.join
+  }
+</fieldset>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-oauth
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.3.0
 platform: ruby
 authors:
 - Tiago Cardoso
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-13 00:00:00.000000000 Z
+date: 2020-10-08 00:00:00.000000000 Z
 dependencies: []
 description: Implementation of the OAuth 2.0 protocol on top of rodauth.
 email:
@@ -32,16 +32,31 @@ files:
 - lib/rodauth/features/oauth.rb
 - lib/rodauth/features/oauth_http_mac.rb
 - lib/rodauth/features/oauth_jwt.rb
+- lib/rodauth/features/oauth_saml.rb
+- lib/rodauth/features/oidc.rb
 - lib/rodauth/oauth.rb
+- lib/rodauth/oauth/database_extensions.rb
 - lib/rodauth/oauth/railtie.rb
+- lib/rodauth/oauth/ttl_store.rb
 - lib/rodauth/oauth/version.rb
-homepage: https://gitlab.com/honeyryderchuck/roda-oauth
+- templates/authorize.str
+- templates/client_secret_field.str
+- templates/description_field.str
+- templates/homepage_url_field.str
+- templates/name_field.str
+- templates/new_oauth_application.str
+- templates/oauth_application.str
+- templates/oauth_applications.str
+- templates/oauth_tokens.str
+- templates/redirect_uri_field.str
+- templates/scope_field.str
+homepage: https://gitlab.com/honeyryderchuck/rodauth-oauth
 licenses: []
 metadata:
-  homepage_uri: https://gitlab.com/honeyryderchuck/roda-oauth
-  source_code_uri: https://gitlab.com/honeyryderchuck/roda-oauth
-  changelog_uri: https://gitlab.com/honeyryderchuck/roda-oauth/-/blob/master/CHANGELOG.md
-post_install_message: 
+  homepage_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth
+  source_code_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth
+  changelog_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth/-/blob/master/CHANGELOG.md
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -57,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.2
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Implementation of the OAuth 2.0 protocol on top of rodauth.
 test_files: []