rodauth-oauth 0.7.0 → 0.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +51 -1
- data/README.md +1 -1
- data/lib/generators/rodauth/oauth/install_generator.rb +1 -1
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb +29 -0
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb +38 -0
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb +17 -0
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb +29 -0
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb +38 -0
- data/lib/generators/rodauth/oauth/views_generator.rb +9 -4
- data/lib/rodauth/features/oauth.rb +40 -9
- data/lib/rodauth/oauth/version.rb +1 -1
- data/lib/rodauth/oauth.rb +0 -2
- data/locales/en.yml +2 -1
- data/templates/authorize.str +18 -8
- data/templates/oauth_application.str +2 -2
- data/templates/oauth_tokens.str +10 -8
- metadata +29 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cbc2a014ad242752b436e810b24df8839c00c7a066b860e4cf418c16f19cfbad
|
|
4
|
+
data.tar.gz: e8c27858547f1df38662608cf74f6f75f48b438ec29137bfffd820320077b185
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d8cabdea042eb26aaf1941ff9881f4cce9ffa4eb35557d7105d3c2195ced323f860654be7d161e56c85d91f7312fd041a39379516b97d6df47cf1637f273fb1f
|
|
7
|
+
data.tar.gz: d45c638c97f34705ddfe0ab124da3ed143188513454192aae65c4227d5e255ed0e5223fd3b3273418e2cc12896a7c175ce4786ecc20d6e611a1e4a3b28e412ca
|
data/CHANGELOG.md
CHANGED
|
@@ -2,11 +2,61 @@
|
|
|
2
2
|
|
|
3
3
|
## master
|
|
4
4
|
|
|
5
|
+
### 0.7.4 (15/01/2022)
|
|
6
|
+
|
|
7
|
+
#### Bugfixes
|
|
8
|
+
|
|
9
|
+
* including missing erb templates in the package.
|
|
10
|
+
|
|
11
|
+
## 0.7.3 (14/01/2022)
|
|
12
|
+
|
|
13
|
+
#### Bugfixes
|
|
14
|
+
|
|
15
|
+
* fixed generator declarations and views generator, in orderto copy templates and rewrite paths accordingly.
|
|
16
|
+
* update view templates to not use "%%".
|
|
17
|
+
|
|
18
|
+
#### Chore
|
|
19
|
+
|
|
20
|
+
* `rodauth` is now declared as a dependency, with minimum version set `2.0`.
|
|
21
|
+
|
|
22
|
+
### 0.7.2 (14/12/2021)
|
|
23
|
+
|
|
24
|
+
#### Features
|
|
25
|
+
|
|
26
|
+
* Revoking tokens from the OAuth Application management interface (@muellerj)
|
|
27
|
+
|
|
28
|
+
Token revocation was only possible when using the client ID and Secret, to aid "logout" functionality from client applications. Although the admin interface (available via `r.oauth_applications`) displayed a "Revoke" button alongside tokens in the list page, this was not working. The RFC does allow for the use case of application administrators being able to manually revoke tokens (as a result of client support, for example), so this functionality was enabled (only for the oauth application owner, for now).
|
|
29
|
+
|
|
30
|
+
#### Bugfixes
|
|
31
|
+
|
|
32
|
+
Default scope usage related bugfixes:
|
|
33
|
+
|
|
34
|
+
* Improved default scope conversion to avoid nested arrays (@muellerj);
|
|
35
|
+
* Authorize form shows a disabled checkbox and POST's no scope when default scope is to be used (@muellerj);
|
|
36
|
+
* example default scope fixed for example authorization server (should be string) (@muellerj);
|
|
37
|
+
* several param fixes in view templates (@muellerj);
|
|
38
|
+
|
|
39
|
+
OAuth Applications Management fixes:
|
|
40
|
+
|
|
41
|
+
* Access to OAuth Application page is now restricted to app owner;
|
|
42
|
+
* OAuth Applications page now lists the **only** the applications owned by the logged in user;
|
|
43
|
+
|
|
44
|
+
### 0.7.1 (05/12/2021)
|
|
45
|
+
|
|
46
|
+
#### Improvements
|
|
47
|
+
|
|
48
|
+
* Adapted the `rodauth-i18n` configuration to comply with the guidelines for `v0.2.0` (which is the defacto minimmal supported version).
|
|
49
|
+
|
|
50
|
+
#### Bugfixes
|
|
51
|
+
|
|
52
|
+
* `convert_timestamp` was removed from the templates, as it's private API.
|
|
53
|
+
* Several missing or wrong URLs in templates fixed (authorize form was wrongly processing scopes when none was selected).
|
|
54
|
+
|
|
5
55
|
### 0.7.0 (02/12/2021)
|
|
6
56
|
|
|
7
57
|
#### Features
|
|
8
58
|
|
|
9
|
-
* Internationalization (i18n) support by hooking on [rodauth-
|
|
59
|
+
* Internationalization (i18n) support by hooking on [rodauth-i18n](https://github.com/janko/rodauth-i18n).
|
|
10
60
|
* Sets all text using `translatable_method`.
|
|
11
61
|
* Provides english translations for all `rodauth-oauth` related user facing text.
|
|
12
62
|
|
data/README.md
CHANGED
|
@@ -173,7 +173,7 @@ puts payload #=> {"access_token" => "awr23f3h8f9d2h89...", "token_type" => "Bear
|
|
|
173
173
|
|
|
174
174
|
#### Revoking tokens
|
|
175
175
|
|
|
176
|
-
Token revocation can be done both by the
|
|
176
|
+
Token revocation can be done both by the identity owner or the application owner, and can therefore be done either online (browser-based form) or server-to-server. Here's an example using server-to-server:
|
|
177
177
|
|
|
178
178
|
```ruby
|
|
179
179
|
require "httpx"
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
<%= form_tag rodauth.authorize_path, method: :post do %>
|
|
2
|
+
<p class="lead">The application <%= rodauth.oauth_application[rodauth.oauth_applications_name_column] %> would like to access your data.</p>
|
|
3
|
+
|
|
4
|
+
<div class="form-group">
|
|
5
|
+
<h1 class="display-6"><%= rodauth.scopes_label %></h1>
|
|
6
|
+
|
|
7
|
+
<% rodauth.scopes.each do |scope| %>
|
|
8
|
+
<% is_default = scope == rodauth.oauth_application_default_scope %>
|
|
9
|
+
<div class="form-check">
|
|
10
|
+
<%= check_box_tag "scope[]", scope, is_default, disabled: is_default, id: scope, class: "form-check-input" %>
|
|
11
|
+
<%= label_tag scope, scope, class: "form-check-label" %>
|
|
12
|
+
<%= hidden_field_tag "scope[]", scope if is_default %>
|
|
13
|
+
</div>
|
|
14
|
+
<% end %>
|
|
15
|
+
<%= hidden_field_tag :client_id, params[:client_id] %>
|
|
16
|
+
<% %i[access_type response_type state nonce redirect_uri code_challenge code_challenge_method].each do |oauth_param| %>
|
|
17
|
+
<% if params[oauth_param] %>
|
|
18
|
+
<%= hidden_field_tag oauth_param, params[oauth_param] %>
|
|
19
|
+
<% end %>
|
|
20
|
+
<% end %>
|
|
21
|
+
<% if params[:response_mode] %>
|
|
22
|
+
<%= hidden_field_tag :response_mode, params[:response_mode] %>
|
|
23
|
+
<% end %>
|
|
24
|
+
</div>
|
|
25
|
+
<p class="text-center">
|
|
26
|
+
<%= submit_tag "Authorize", class: "btn btn-outline-primary" %>
|
|
27
|
+
<%= link_to "Cancel", "#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{"&state=\#{rodauth.state}" if params[:state] }", class: "btn btn-outline-danger" %>
|
|
28
|
+
</p>
|
|
29
|
+
<% end %>
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
<%= form_tag rodauth.oauth_applications_path, method: :post, class: "form-horizontal" do %>
|
|
2
|
+
<h2>Register Oauth Application</h2>
|
|
3
|
+
<%= rodauth.field_error('scope') %>
|
|
4
|
+
<div class="form-group">
|
|
5
|
+
<%= label_tag "name", "Name" %>
|
|
6
|
+
<%= text_field_tag "name", rodauth.param('name'), class: "form-control#{' is-invalid' if rodauth.field_error('name')}" %>
|
|
7
|
+
<%= rodauth.field_error('name') %>
|
|
8
|
+
</div>
|
|
9
|
+
<div class="form-group">
|
|
10
|
+
<%= label_tag "description", "Description" %>
|
|
11
|
+
<%= text_field_tag "description", rodauth.param('description'), class: "form-control#{' is-invalid' if rodauth.field_error('description')}" %>
|
|
12
|
+
<%= rodauth.field_error('description') %>
|
|
13
|
+
</div>
|
|
14
|
+
<div class="form-group">
|
|
15
|
+
<%= label_tag "homepage_url", "Homepage URL" %>
|
|
16
|
+
<%= text_field_tag "homepage_url", rodauth.param('homepage_url'), class: "form-control#{' is-invalid' if rodauth.field_error('homepage_url')}" %>
|
|
17
|
+
<%= rodauth.field_error('homepage_url') %>
|
|
18
|
+
</div>
|
|
19
|
+
<div class="form-group">
|
|
20
|
+
<%= label_tag "redirect_uri", "Redirect URL" %>
|
|
21
|
+
<%= text_field_tag "redirect_uri", rodauth.param('redirect_uri'), class: "form-control#{' is-invalid' if rodauth.field_error('redirect_uri')}" %>
|
|
22
|
+
<%= rodauth.field_error('redirect_uri') %>
|
|
23
|
+
</div>
|
|
24
|
+
<div class="form-group">
|
|
25
|
+
<%= label_tag "client_secret", "Secret (make it random and at least 32 character-long)" %>
|
|
26
|
+
<%= text_field_tag "client_secret", rodauth.param('client_secret'), class: "form-control#{' is-invalid' if rodauth.field_error('client_secret')}" %>
|
|
27
|
+
<%= rodauth.field_error('client_secret') %>
|
|
28
|
+
</div>
|
|
29
|
+
<% rodauth.oauth_application_scopes.each do |scope| %>
|
|
30
|
+
<div class="form-check">
|
|
31
|
+
<%= check_box_tag "scopes[]", scope, scope == rodauth.oauth_application_default_scope, id: scope, class: "form-check-input" %>
|
|
32
|
+
<%= scope %>
|
|
33
|
+
</div>
|
|
34
|
+
<% end %>
|
|
35
|
+
<div class="form-group">
|
|
36
|
+
<%= submit_tag "Register", class: "btn btn-primary" %>
|
|
37
|
+
</div>
|
|
38
|
+
<% end %>
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
<% oauth_application = rodauth.scope.instance_variable_get(:@oauth_application) %>
|
|
2
|
+
<div>
|
|
3
|
+
<h2><%= oauth_application[rodauth.oauth_applications_name_column] %></h2>
|
|
4
|
+
|
|
5
|
+
<dl>
|
|
6
|
+
<dt>Description: </dt>
|
|
7
|
+
<dd><%= oauth_application[rodauth.oauth_applications_description_column] %></dd>
|
|
8
|
+
<dt>Homepage URL: </dt>
|
|
9
|
+
<dd><%= oauth_application[rodauth.oauth_applications_homepage_url_column] %></dd>
|
|
10
|
+
<dt>Client ID: </dt>
|
|
11
|
+
<dd><%= oauth_application[rodauth.oauth_applications_client_id_column] %></dd>
|
|
12
|
+
<dt>Redirect URL: </dt>
|
|
13
|
+
<dd><%= oauth_application[rodauth.oauth_applications_redirect_uri_column] %></dd>
|
|
14
|
+
<dt>Scopes: </dt>
|
|
15
|
+
<dd><%= oauth_application[rodauth.oauth_applications_scopes_column] %></dd>
|
|
16
|
+
</dl>
|
|
17
|
+
</div>
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
<% oauth_applications_ds = rodauth.scope.instance_variable_get(:@oauth_applications) %>
|
|
2
|
+
<% apps_count = oauth_applications_ds.count %>
|
|
3
|
+
<div class="btn-group" role="group" aria-label="Buttons">
|
|
4
|
+
<%= link_to "New Oauth Application", "#{rodauth.oauth_applications_path}/new", class: "btn btn-secondary" %>
|
|
5
|
+
</div>
|
|
6
|
+
<% if apps_count.zero? %>
|
|
7
|
+
<p>No oauth applications yet!</p>
|
|
8
|
+
<% else %>
|
|
9
|
+
<table class="table">
|
|
10
|
+
<thead>
|
|
11
|
+
<tr>
|
|
12
|
+
<th scope="col">Client ID (<%= apps_count %>)</th>
|
|
13
|
+
<th scope="col">Name</th>
|
|
14
|
+
<th scope="col">Homepage</th>
|
|
15
|
+
<th scope="col"></th>
|
|
16
|
+
</tr>
|
|
17
|
+
</thead>
|
|
18
|
+
<tbody>
|
|
19
|
+
<% oauth_applications_ds.each do |application| %>
|
|
20
|
+
<tr>
|
|
21
|
+
<td><%= application[rodauth.oauth_applications_client_id_column] %></td>
|
|
22
|
+
<td><%= application[rodauth.oauth_applications_name_column] %></td>
|
|
23
|
+
<td><%= application[rodauth.oauth_applications_homepage_url_column] %></td>
|
|
24
|
+
<td><%= link_to "Show", rodauth.oauth_application_path(application[rodauth.oauth_applications_id_column]) %></td>
|
|
25
|
+
</tr>
|
|
26
|
+
<% end %>
|
|
27
|
+
</tbody>
|
|
28
|
+
</table>
|
|
29
|
+
<% end %>
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
<% oauth_tokens_ds = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
|
|
2
|
+
<% tokens_count = oauth_tokens_ds.count %>
|
|
3
|
+
<% if tokens_count.zero? %>
|
|
4
|
+
<p>No oauth tokens yet!</p>
|
|
5
|
+
<% else %>
|
|
6
|
+
<table class="table">
|
|
7
|
+
<thead>
|
|
8
|
+
<tr>
|
|
9
|
+
<th scope="col">Token</th>
|
|
10
|
+
<th scope="col">Refresh Token</th>
|
|
11
|
+
<th scope="col">Expires in</th>
|
|
12
|
+
<th scope="col">Revoked at</th>
|
|
13
|
+
<th scope="col">Scopes</th>
|
|
14
|
+
<th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
|
|
15
|
+
</tr>
|
|
16
|
+
</thead>
|
|
17
|
+
<tbody>
|
|
18
|
+
<% oauth_tokens_ds.each do |application| %>
|
|
19
|
+
<tr>
|
|
20
|
+
<td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
|
|
21
|
+
<td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
|
|
22
|
+
<td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
|
|
23
|
+
<td><%= oauth_token[rodauth.oauth_tokens_revoked_at_column] %></td>
|
|
24
|
+
<td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
|
|
25
|
+
<td>
|
|
26
|
+
<% if !oauth_token[rodauth.oauth_tokens_revoked_at_column] %>
|
|
27
|
+
<%= form_tag rodauth.revoke_path, method: :post do %>
|
|
28
|
+
<%= hidden_field_tag :token_type_hint, "access_token" %>
|
|
29
|
+
<%= hidden_field_tag :token, oauth_token[rodauth.oauth_tokens_token_column] %>
|
|
30
|
+
<%= submit_tag "Revoke", class: "btn btn-danger" %>
|
|
31
|
+
<% end %>
|
|
32
|
+
<% end %>
|
|
33
|
+
</td>
|
|
34
|
+
</tr>
|
|
35
|
+
<% end %>
|
|
36
|
+
</tbody>
|
|
37
|
+
</table>
|
|
38
|
+
<% end %>
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "rails/generators
|
|
3
|
+
require "rails/generators"
|
|
4
4
|
|
|
5
5
|
module Rodauth::OAuth
|
|
6
6
|
module Rails
|
|
@@ -8,6 +8,7 @@ module Rodauth::OAuth
|
|
|
8
8
|
class ViewsGenerator < ::Rails::Generators::Base
|
|
9
9
|
source_root "#{__dir__}/templates"
|
|
10
10
|
namespace "rodauth:oauth:views"
|
|
11
|
+
desc "Generate db migrations for rodauth-oauth in your application."
|
|
11
12
|
|
|
12
13
|
DEFAULT = %w[authorize].freeze
|
|
13
14
|
VIEWS = {
|
|
@@ -31,16 +32,20 @@ module Rodauth::OAuth
|
|
|
31
32
|
default: "rodauth"
|
|
32
33
|
|
|
33
34
|
def create_views
|
|
34
|
-
features = options[:all] ? VIEWS.keys : (
|
|
35
|
+
features = options[:all] ? VIEWS.keys : (%i[oauth_authorize] + options[:features]).map(&:to_sym).uniq
|
|
35
36
|
|
|
36
37
|
views = features.inject([]) do |list, feature|
|
|
37
38
|
list |= VIEWS[feature] || []
|
|
38
39
|
list |= VIEWS[DEPENDENCIES[feature]] || []
|
|
39
40
|
end
|
|
40
41
|
|
|
42
|
+
directory = options[:directory].underscore
|
|
41
43
|
views.each do |view|
|
|
42
|
-
|
|
43
|
-
"app/views/#{
|
|
44
|
+
copy_file "app/views/rodauth/#{view}.html.erb",
|
|
45
|
+
"app/views/#{directory}/#{view}.html.erb" do |content|
|
|
46
|
+
content = content.gsub("rodauth/", "#{directory}/")
|
|
47
|
+
content
|
|
48
|
+
end
|
|
44
49
|
end
|
|
45
50
|
end
|
|
46
51
|
end
|
|
@@ -66,6 +66,7 @@ module Rodauth
|
|
|
66
66
|
notice_flash "Your oauth application has been registered", "create_oauth_application"
|
|
67
67
|
|
|
68
68
|
notice_flash "The oauth token has been revoked", "revoke_oauth_token"
|
|
69
|
+
error_flash "You are not authorized to revoke this token", "revoke_unauthorized_account"
|
|
69
70
|
|
|
70
71
|
view "authorize", "Authorize", "authorize"
|
|
71
72
|
view "oauth_applications", "Oauth Applications", "oauth_applications"
|
|
@@ -279,7 +280,13 @@ module Rodauth
|
|
|
279
280
|
next unless is_authorization_server?
|
|
280
281
|
|
|
281
282
|
before_revoke_route
|
|
282
|
-
|
|
283
|
+
|
|
284
|
+
if logged_in?
|
|
285
|
+
require_account
|
|
286
|
+
require_oauth_application_from_account
|
|
287
|
+
else
|
|
288
|
+
require_oauth_application
|
|
289
|
+
end
|
|
283
290
|
|
|
284
291
|
r.post do
|
|
285
292
|
catch_error do
|
|
@@ -386,7 +393,10 @@ module Rodauth
|
|
|
386
393
|
end
|
|
387
394
|
|
|
388
395
|
request.on(oauth_applications_id_pattern) do |id|
|
|
389
|
-
oauth_application = db[oauth_applications_table]
|
|
396
|
+
oauth_application = db[oauth_applications_table]
|
|
397
|
+
.where(oauth_applications_id_column => id)
|
|
398
|
+
.where(oauth_applications_account_id_column => account_id)
|
|
399
|
+
.first
|
|
390
400
|
next unless oauth_application
|
|
391
401
|
|
|
392
402
|
scope.instance_variable_set(:@oauth_application, oauth_application)
|
|
@@ -407,7 +417,8 @@ module Rodauth
|
|
|
407
417
|
end
|
|
408
418
|
|
|
409
419
|
request.get do
|
|
410
|
-
scope.instance_variable_set(:@oauth_applications, db[oauth_applications_table]
|
|
420
|
+
scope.instance_variable_set(:@oauth_applications, db[oauth_applications_table]
|
|
421
|
+
.where(oauth_applications_account_id_column => account_id))
|
|
411
422
|
oauth_applications_view
|
|
412
423
|
end
|
|
413
424
|
|
|
@@ -474,7 +485,7 @@ module Rodauth
|
|
|
474
485
|
when String
|
|
475
486
|
scope.split(" ")
|
|
476
487
|
when nil
|
|
477
|
-
|
|
488
|
+
Array(oauth_application_default_scope)
|
|
478
489
|
end
|
|
479
490
|
end
|
|
480
491
|
|
|
@@ -570,6 +581,8 @@ module Rodauth
|
|
|
570
581
|
end
|
|
571
582
|
|
|
572
583
|
self.class.send(:define_method, :__one_oauth_token_per_account) { one_oauth_token_per_account }
|
|
584
|
+
|
|
585
|
+
i18n_register(File.expand_path(File.join(__dir__, "..", "..", "..", "locales"))) if features.include?(:i18n)
|
|
573
586
|
end
|
|
574
587
|
|
|
575
588
|
def use_date_arithmetic?
|
|
@@ -682,6 +695,20 @@ module Rodauth
|
|
|
682
695
|
authorization_required unless @oauth_application && secret_matches?(@oauth_application, client_secret)
|
|
683
696
|
end
|
|
684
697
|
|
|
698
|
+
def require_oauth_application_from_account
|
|
699
|
+
ds = db[oauth_applications_table]
|
|
700
|
+
.join(oauth_tokens_table, Sequel[oauth_tokens_table][oauth_tokens_oauth_application_id_column] =>
|
|
701
|
+
Sequel[oauth_applications_table][oauth_applications_id_column])
|
|
702
|
+
.where(oauth_token_by_token_ds(param("token")).opts.fetch(:where, true))
|
|
703
|
+
.where(Sequel[oauth_applications_table][oauth_applications_account_id_column] => account_id)
|
|
704
|
+
|
|
705
|
+
@oauth_application = ds.qualify.first
|
|
706
|
+
return if @oauth_application
|
|
707
|
+
|
|
708
|
+
set_redirect_error_flash revoke_unauthorized_account_error_flash
|
|
709
|
+
redirect request.referer || "/"
|
|
710
|
+
end
|
|
711
|
+
|
|
685
712
|
def secret_matches?(oauth_application, secret)
|
|
686
713
|
BCrypt::Password.new(oauth_application[oauth_applications_client_secret_column]) == secret
|
|
687
714
|
end
|
|
@@ -772,17 +799,21 @@ module Rodauth
|
|
|
772
799
|
end
|
|
773
800
|
end
|
|
774
801
|
|
|
775
|
-
def
|
|
802
|
+
def oauth_token_by_token_ds(token)
|
|
776
803
|
ds = db[oauth_tokens_table]
|
|
777
804
|
|
|
778
805
|
ds = if oauth_tokens_token_hash_column
|
|
779
|
-
ds.where(oauth_tokens_token_hash_column => generate_token_hash(token))
|
|
806
|
+
ds.where(Sequel[oauth_tokens_table][oauth_tokens_token_hash_column] => generate_token_hash(token))
|
|
780
807
|
else
|
|
781
|
-
ds.where(oauth_tokens_token_column => token)
|
|
808
|
+
ds.where(Sequel[oauth_tokens_table][oauth_tokens_token_column] => token)
|
|
782
809
|
end
|
|
783
810
|
|
|
784
|
-
ds.where(Sequel[oauth_tokens_expires_in_column] >= Sequel::CURRENT_TIMESTAMP)
|
|
785
|
-
.where(oauth_tokens_revoked_at_column => nil)
|
|
811
|
+
ds.where(Sequel[oauth_tokens_table][oauth_tokens_expires_in_column] >= Sequel::CURRENT_TIMESTAMP)
|
|
812
|
+
.where(Sequel[oauth_tokens_table][oauth_tokens_revoked_at_column] => nil)
|
|
813
|
+
end
|
|
814
|
+
|
|
815
|
+
def oauth_token_by_token(token)
|
|
816
|
+
oauth_token_by_token_ds(token).first
|
|
786
817
|
end
|
|
787
818
|
|
|
788
819
|
def oauth_token_by_refresh_token(token, revoked: false)
|
data/lib/rodauth/oauth.rb
CHANGED
data/locales/en.yml
CHANGED
|
@@ -3,6 +3,7 @@ en:
|
|
|
3
3
|
require_authorization_error_flash: "Please authorize to continue"
|
|
4
4
|
create_oauth_application_error_flash: "There was an error registering your oauth application"
|
|
5
5
|
create_oauth_application_notice_flash: "Your oauth application has been registered"
|
|
6
|
+
revoke_unauthorized_account_error_flash: "You are not authorized to revoke this token"
|
|
6
7
|
revoke_oauth_token_notice_flash: "The oauth token has been revoked"
|
|
7
8
|
oauth_authorize_title: "Authorize"
|
|
8
9
|
oauth_oauth_applications_page_title: "Oauth Applications"
|
|
@@ -31,4 +32,4 @@ en:
|
|
|
31
32
|
unsupported_transform_algorithm_message: "transform algorithm not supported"
|
|
32
33
|
request_uri_not_supported_message: "request uri is unsupported"
|
|
33
34
|
invalid_request_object_message: "request object is invalid"
|
|
34
|
-
invalid_scope_message: "The Access Token expired"
|
|
35
|
+
invalid_scope_message: "The Access Token expired"
|
data/templates/authorize.str
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
<form method="post" class="form-horizontal" role="form" id="authorize-form">
|
|
1
|
+
<form method="post" action="#{rodauth.authorize_path}" class="form-horizontal" role="form" id="authorize-form">
|
|
2
2
|
#{csrf_tag(rodauth.authorize_path) if respond_to?(:csrf_tag)}
|
|
3
3
|
<p class="lead">The application #{rodauth.oauth_application[rodauth.oauth_applications_name_column]} would like to access your data.</p>
|
|
4
4
|
|
|
@@ -7,12 +7,22 @@
|
|
|
7
7
|
|
|
8
8
|
#{
|
|
9
9
|
rodauth.scopes.map do |scope|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
<
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
10
|
+
if scope == rodauth.oauth_application_default_scope
|
|
11
|
+
<<-HTML
|
|
12
|
+
<div class="form-check">
|
|
13
|
+
<input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" checked disabled>
|
|
14
|
+
<label class="form-check-label" for="#{scope}">#{scope}</label>
|
|
15
|
+
<input type="hidden" name="scope[]" value="#{scope}">
|
|
16
|
+
</div>
|
|
17
|
+
HTML
|
|
18
|
+
else
|
|
19
|
+
<<-HTML
|
|
20
|
+
<div class="form-check">
|
|
21
|
+
<input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}">
|
|
22
|
+
<label class="form-check-label" for="#{scope}">#{scope}</label>
|
|
23
|
+
</div>
|
|
24
|
+
HTML
|
|
25
|
+
end
|
|
16
26
|
end.join
|
|
17
27
|
}
|
|
18
28
|
|
|
@@ -31,4 +41,4 @@
|
|
|
31
41
|
<input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
|
|
32
42
|
<a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">Cancel</a>
|
|
33
43
|
</p>
|
|
34
|
-
</form>
|
|
44
|
+
</form>
|
|
@@ -7,5 +7,5 @@
|
|
|
7
7
|
end.join
|
|
8
8
|
}
|
|
9
9
|
</dl>
|
|
10
|
-
<a href="
|
|
11
|
-
</div>
|
|
10
|
+
<a href="#{rodauth.oauth_applications_path}/#{@oauth_application[:id]}/#{rodauth.oauth_tokens_path}" class="btn btn-outline-secondary">Oauth Tokens</a>
|
|
11
|
+
</div>
|
data/templates/oauth_tokens.str
CHANGED
|
@@ -10,7 +10,8 @@
|
|
|
10
10
|
<th scope="col">Token</th>
|
|
11
11
|
<th scope="col">Refresh Token</th>
|
|
12
12
|
<th scope="col">Expires in</th>
|
|
13
|
-
<th scope="col">
|
|
13
|
+
<th scope="col">Revoked at</th>
|
|
14
|
+
<th scope="col">Scopes</th>
|
|
14
15
|
<th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_tokens.count}</span>
|
|
15
16
|
</tr>
|
|
16
17
|
</thead>
|
|
@@ -19,16 +20,17 @@
|
|
|
19
20
|
@oauth_tokens.map do |oauth_token|
|
|
20
21
|
<<-HTML
|
|
21
22
|
<tr>
|
|
22
|
-
<td>#{oauth_token[rodauth.oauth_tokens_token_column]}</td>
|
|
23
|
-
<td>#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</td>
|
|
24
|
-
<td>#{
|
|
25
|
-
<td>#{
|
|
23
|
+
<td><code class="token">#{oauth_token[rodauth.oauth_tokens_token_column]}</code></td>
|
|
24
|
+
<td><code class="token">#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</code></td>
|
|
25
|
+
<td>#{oauth_token[rodauth.oauth_tokens_expires_in_column]}</td>
|
|
26
|
+
<td>#{oauth_token[rodauth.oauth_tokens_revoked_at_column]}</td>
|
|
27
|
+
<td>#{oauth_token[rodauth.oauth_tokens_scopes_column]}</td>
|
|
26
28
|
<td>
|
|
27
29
|
#{
|
|
28
|
-
if !oauth_token[rodauth.
|
|
30
|
+
if !oauth_token[rodauth.oauth_tokens_revoked_at_column] && !oauth_token[rodauth.oauth_tokens_token_hash_column]
|
|
29
31
|
<<-HTML
|
|
30
32
|
<form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
|
|
31
|
-
#{csrf_tag(rodauth.
|
|
33
|
+
#{csrf_tag(rodauth.revoke_path) if respond_to?(:csrf_tag)}
|
|
32
34
|
#{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
|
|
33
35
|
#{rodauth.input_field_string("token", "revoke-token", :value => oauth_token[rodauth.oauth_tokens_token_column], :type=>"hidden")}
|
|
34
36
|
#{rodauth.button(rodauth.oauth_token_revoke_button)}
|
|
@@ -46,4 +48,4 @@
|
|
|
46
48
|
HTML
|
|
47
49
|
end
|
|
48
50
|
}
|
|
49
|
-
</div>
|
|
51
|
+
</div>
|
metadata
CHANGED
|
@@ -1,15 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth-oauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tiago Cardoso
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
-
dependencies:
|
|
11
|
+
date: 2022-01-14 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rodauth
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '2.0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '2.0'
|
|
13
27
|
description: Implementation of the OAuth 2.0 protocol on top of rodauth.
|
|
14
28
|
email:
|
|
15
29
|
- cardoso_tiago@hotmail.com
|
|
@@ -27,6 +41,11 @@ files:
|
|
|
27
41
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_application.rb
|
|
28
42
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_grant.rb
|
|
29
43
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb
|
|
44
|
+
- lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb
|
|
45
|
+
- lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb
|
|
46
|
+
- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb
|
|
47
|
+
- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb
|
|
48
|
+
- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb
|
|
30
49
|
- lib/generators/rodauth/oauth/templates/db/migrate/create_rodauth_oauth.rb
|
|
31
50
|
- lib/generators/rodauth/oauth/views_generator.rb
|
|
32
51
|
- lib/rodauth/features/oauth.rb
|
|
@@ -52,11 +71,15 @@ files:
|
|
|
52
71
|
- templates/redirect_uri_field.str
|
|
53
72
|
- templates/scope_field.str
|
|
54
73
|
homepage: https://gitlab.com/honeyryderchuck/rodauth-oauth
|
|
55
|
-
licenses:
|
|
74
|
+
licenses:
|
|
75
|
+
- Apache-2.0
|
|
56
76
|
metadata:
|
|
57
|
-
homepage_uri: https://gitlab.
|
|
77
|
+
homepage_uri: https://honeyryderchuck.gitlab.io/rodauth-oauth/
|
|
78
|
+
documentation_uri: https://honeyryderchuck.gitlab.io/rodauth-oauth/rdoc/
|
|
79
|
+
bug_tracker_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth/issues
|
|
58
80
|
source_code_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth
|
|
59
81
|
changelog_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth/-/blob/master/CHANGELOG.md
|
|
82
|
+
rubygems_mfa_required: 'true'
|
|
60
83
|
post_install_message:
|
|
61
84
|
rdoc_options: []
|
|
62
85
|
require_paths:
|
|
@@ -72,7 +95,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
72
95
|
- !ruby/object:Gem::Version
|
|
73
96
|
version: '0'
|
|
74
97
|
requirements: []
|
|
75
|
-
rubygems_version: 3.2.
|
|
98
|
+
rubygems_version: 3.2.32
|
|
76
99
|
signing_key:
|
|
77
100
|
specification_version: 4
|
|
78
101
|
summary: Implementation of the OAuth 2.0 protocol on top of rodauth.
|