rodauth-oauth 0.10.4 → 1.0.0.pre.beta2

data/lib/rodauth/features/oauth_http_mac.rb

@@ -1,86 +0,0 @@
-# frozen_string_literal: true
-
-require "rodauth/oauth/refinements"
-
-module Rodauth
-  Feature.define(:oauth_http_mac, :OauthHttpMac) do
-    using PrefixExtensions
-
-    depends :oauth
-
-    auth_value_method :oauth_token_type, "mac"
-    auth_value_method :oauth_mac_algorithm, "hmac-sha-256" # hmac-sha-256, hmac-sha-1
-    auth_value_method :oauth_tokens_mac_key_column, :mac_key
-
-    def authorization_token
-      return @authorization_token if defined?(@authorization_token)
-
-      @authorization_token = begin
-        value = request.get_header("HTTP_AUTHORIZATION").to_s
-
-        scheme, token = value.split(/ +/, 2)
-
-        return unless scheme == "MAC"
-
-        mac_attributes = parse_mac_authorization_header_props(token)
-
-        oauth_token = oauth_token_by_token(mac_attributes["id"])
-
-        return unless oauth_token && mac_signature_matches?(oauth_token, mac_attributes)
-
-        oauth_token
-
-        # TODO: set new MAC-KEY for the next request
-      end
-    end
-
-    private
-
-    def generate_oauth_token(params = {}, *args)
-      super({ oauth_tokens_mac_key_column => oauth_unique_id_generator }.merge(params), *args)
-    end
-
-    def json_access_token_payload(oauth_token)
-      payload = super
-
-      payload["mac_key"] = oauth_token[oauth_tokens_mac_key_column]
-      payload["mac_algorithm"] = oauth_mac_algorithm
-
-      payload
-    end
-
-    def mac_signature_matches?(oauth_token, mac_attributes)
-      nonce = mac_attributes["nonce"]
-      uri = URI(request.url)
-
-      request_signature = [
-        nonce,
-        request.request_method,
-        uri.request_uri,
-        uri.host,
-        uri.port
-      ].join("\n") + ("\n" * 3)
-
-      mac_algorithm = case oauth_mac_algorithm
-                      when "hmac-sha-256"
-                        OpenSSL::Digest::SHA256
-                      when "hmac-sha-1"
-                        OpenSSL::Digest::SHA1
-                      else
-                        raise ArgumentError, "Unsupported algorithm"
-                      end
-
-      mac_signature = Base64.strict_encode64 \
-        OpenSSL::HMAC.digest(mac_algorithm.new, oauth_token[oauth_tokens_mac_key_column], request_signature)
-
-      mac_signature == mac_attributes["mac"]
-    end
-
-    def parse_mac_authorization_header_props(token)
-      @mac_authorization_header_props = token.split(/ *, */).each_with_object({}) do |prop, props|
-        field, value = prop.split(/ *= */, 2)
-        props[field] = value.delete_prefix("\"").delete_suffix("\"")
-      end
-    end
-  end
-end

data/lib/rodauth/features/oauth_token_management.rb

@@ -1,81 +0,0 @@
-# frozen_string_literal: true
-
-require "rodauth/oauth/refinements"
-
-module Rodauth
-  Feature.define(:oauth_token_management, :OauthTokenManagement) do
-    using RegexpExtensions
-
-    depends :oauth_management_base, :oauth_token_revocation
-
-    view "oauth_tokens", "My Oauth Tokens", "oauth_tokens"
-
-    button "Revoke", "oauth_token_revoke"
-
-    auth_value_method :oauth_tokens_path, "oauth-tokens"
-
-    %w[token refresh_token expires_in revoked_at].each do |param|
-      translatable_method :"oauth_tokens_#{param}_label", param.gsub("_", " ").capitalize
-    end
-
-    auth_value_method :oauth_tokens_route, "oauth-tokens"
-    auth_value_method :oauth_tokens_id_pattern, Integer
-    auth_value_method :oauth_tokens_per_page, 20
-
-    auth_value_methods(
-      :oauth_token_path
-    )
-
-    def oauth_tokens_path(opts = {})
-      route_path(oauth_tokens_route, opts)
-    end
-
-    def oauth_tokens_url(opts = {})
-      route_url(oauth_tokens_route, opts)
-    end
-
-    def oauth_token_path(id)
-      "#{oauth_tokens_path}/#{id}"
-    end
-
-    def oauth_tokens
-      request.on(oauth_tokens_route) do
-        require_account
-
-        request.get do
-          page = Integer(param_or_nil("page") || 1)
-          per_page = per_page_param(oauth_tokens_per_page)
-
-          scope.instance_variable_set(:@oauth_tokens, db[oauth_tokens_table]
-            .select(Sequel[oauth_tokens_table].*, Sequel[oauth_applications_table][oauth_applications_name_column])
-            .join(oauth_applications_table, Sequel[oauth_tokens_table][oauth_tokens_oauth_application_id_column] =>
-              Sequel[oauth_applications_table][oauth_applications_id_column])
-            .where(Sequel[oauth_tokens_table][oauth_tokens_account_id_column] => account_id)
-            .where(oauth_tokens_revoked_at_column => nil)
-            .order(Sequel.desc(oauth_tokens_id_column))
-            .paginate(page, per_page))
-          oauth_tokens_view
-        end
-
-        request.post(oauth_tokens_id_pattern) do |id|
-          db[oauth_tokens_table]
-            .where(oauth_tokens_id_column => id)
-            .where(oauth_tokens_account_id_column => account_id)
-            .update(oauth_tokens_revoked_at_column => Sequel::CURRENT_TIMESTAMP)
-
-          set_notice_flash revoke_oauth_token_notice_flash
-          redirect oauth_tokens_path || "/"
-        end
-      end
-    end
-
-    def check_csrf?
-      case request.path
-      when oauth_tokens_path
-        only_json? ? false : super
-      else
-        super
-      end
-    end
-  end
-end

data/lib/rodauth/oauth/refinements.rb

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-
-module Rodauth
-  module PrefixExtensions
-    unless String.method_defined?(:delete_prefix)
-      refine(String) do
-        def delete_suffix(suffix)
-          suffix = suffix.to_s
-          len = suffix.length
-          return dup unless len.positive? && index(suffix, -len)
-
-          self[0...-len]
-        end
-
-        def delete_prefix(prefix)
-          prefix = prefix.to_s
-          return dup unless rindex(prefix, 0)
-
-          self[prefix.length..-1]
-        end
-      end
-    end
-
-    unless String.method_defined?(:delete_suffix!)
-      refine(String) do
-        def delete_suffix!(suffix)
-          suffix = suffix.to_s
-          chomp! if frozen?
-          len = suffix.length
-          return unless len.positive? && index(suffix, -len)
-
-          self[-len..-1] = ""
-          self
-        end
-      end
-    end
-  end
-
-  module RegexpExtensions
-    unless Regexp.method_defined?(:match?)
-      refine(Regexp) do
-        def match?(*args)
-          !match(*args).nil?
-        end
-      end
-    end
-  end
-end

data/templates/jwt_public_key_field.str

@@ -1,4 +0,0 @@
-<div class="form-group">
-  <label for="name">#{rodauth.oauth_applications_jwt_public_key_label}#{rodauth.input_field_label_suffix}</label>
-  #{rodauth.input_field_string(rodauth.oauth_application_jwt_public_key_param, "jwt_public_key", :type=>"text", :required=>false)}
-</div>

data/templates/oauth_application_oauth_tokens.str

@@ -1,52 +0,0 @@
-<div id="oauth-tokens">
-  #{
-    if @oauth_tokens.count.zero?
-      "<p>No oauth tokens yet!</p>"
-    else
-      <<-HTML
-        <table class="table">
-          <thead>
-            <tr>
-              <th scope="col">#{rodauth.oauth_tokens_token_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_refresh_token_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_expires_in_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_revoked_at_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_scopes_label}</th>
-              <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_tokens.count}</span>
-            </tr>
-          </thead>
-          <tbody>
-            #{
-              @oauth_tokens.map do |oauth_token|
-                <<-HTML
-                  <tr>
-                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_token_column]}</code></td>
-                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</code></td>
-                    <td>#{oauth_token[rodauth.oauth_tokens_expires_in_column]}</td>
-                    <td>#{oauth_token[rodauth.oauth_tokens_revoked_at_column]}</td>
-                    <td>#{oauth_token[rodauth.oauth_tokens_scopes_column]}</td>
-                    <td>
-                      #{
-                        if !oauth_token[rodauth.oauth_tokens_revoked_at_column] && !oauth_token[rodauth.oauth_tokens_token_hash_column]
-                          <<-HTML
-                            <form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
-                              #{csrf_tag(rodauth.revoke_path) if respond_to?(:csrf_tag)}
-                              #{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
-                              #{rodauth.input_field_string("token", "revoke-token", :value => oauth_token[rodauth.oauth_tokens_token_column], :type=>"hidden")}
-                              #{rodauth.button(rodauth.oauth_token_revoke_button)}
-                            </form>
-                          HTML
-                        end
-                      }
-                    </td>
-                  </tr>
-                HTML
-              end.join
-            }
-          </tbody>
-        </table>
-        #{rodauth.oauth_management_pagination_links(@oauth_tokens)}
-      HTML
-    end
-  }
-</div>

data/templates/oauth_tokens.str

@@ -1,50 +0,0 @@
-<div id="oauth-tokens">
-  #{
-    if @oauth_tokens.count.zero?
-      "<p>No oauth tokens yet!</p>"
-    else
-      <<-HTML
-        <table class="table">
-          <thead>
-            <tr>
-            <th scope="col">#{rodauth.oauth_applications_name_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_token_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_refresh_token_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_expires_in_label}</th>
-              <th scope="col">#{rodauth.oauth_tokens_scopes_label}</th>
-              <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_tokens.count}</span>
-            </tr>
-          </thead>
-          <tbody>
-            #{
-              @oauth_tokens.map do |oauth_token|
-                <<-HTML
-                  <tr>
-                    <td>#{oauth_token[rodauth.oauth_applications_name_column]}</td>
-                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_token_column]}</code></td>
-                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</code></td>
-                    <td>#{oauth_token[rodauth.oauth_tokens_expires_in_column]}</td>
-                    <td>#{oauth_token[rodauth.oauth_tokens_scopes_column]}</td>
-                    <td>
-                      #{
-                        if !oauth_token[rodauth.oauth_tokens_token_hash_column]
-                          <<-HTML
-                            <form method="post" action="#{rodauth.oauth_token_path(oauth_token[rodauth.oauth_tokens_id_column])}" class="form-horizontal" role="form" id="token-revoke-form">
-                              #{csrf_tag(rodauth.oauth_token_path(oauth_token[rodauth.oauth_tokens_id_column])) if respond_to?(:csrf_tag)}
-                              #{rodauth.button(rodauth.oauth_token_revoke_button)}
-                            </form>
-                          HTML
-                        end
-                      }
-                    </td>
-                  </tr>
-                HTML
-              end.join
-            }
-          </tbody>
-        </table>
-        #{rodauth.oauth_management_pagination_links(@oauth_tokens)}
-      HTML
-    end
-  }
-</div>