RubyGems - social_stream-oauth2_server - Versions diffs - 2.0.0.beta1 - Page 2 - Diffend - OSS supply chain security and management platform

social_stream-oauth2_server 2.0.0.beta1

Files changed (69) hide show

data/app/assets/stylesheets/social_stream/oauth2_server/show/responsive/_responsive-1200px-min.css.sass ADDED

@@ -0,0 +1,7 @@
+//
+// Responsive: Large desktop and up
+// --------------------------------------------------
+@media (min-width: 1200px)

data/app/assets/stylesheets/social_stream/oauth2_server/show/responsive/_responsive-767px-max.css.sass ADDED

@@ -0,0 +1,16 @@
+//
+// Responsive: Landscape phone to desktop/tablet
+// --------------------------------------------------
+@media (max-width: 767px)
+// UP TO LANDSCAPE PHONE
+// ---------------------
+@media (max-width: 480px)

data/app/assets/stylesheets/social_stream/oauth2_server/show/responsive/_responsive-768px-979px.css.sass ADDED

@@ -0,0 +1,8 @@
+//
+// Responsive: Tablet to desktop
+// --------------------------------------------------
+@media (min-width: 768px) and (max-width: 1119px)

data/app/controllers/authorizations_controller.rb ADDED

@@ -0,0 +1,67 @@
+class AuthorizationsController < ApplicationController
+  before_filter :authenticate_user!
+  rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
+    @error = e
+    render :error, :status => e.status
+  end
+  def new
+    respond *authorize_endpoint.call(request.env)
+  end
+  def create
+    respond *authorize_endpoint(:allow_approval).call(request.env)
+  end
+  private
+  def respond(status, header, response)
+    ["WWW-Authenticate"].each do |key|
+      headers[key] = header[key] if header[key].present?
+    end
+    if response.redirect?
+      redirect_to header['Location']
+    else
+      render :new
+    end
+  end
+  def authorize_endpoint(allow_approval = false)
+    Rack::OAuth2::Server::Authorize.new do |req, res|
+      @client = Site::Client.find(req.client_id) || req.bad_request!
+      res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.callback_url)
+      if allow_approval
+        if params[:accept]
+          current_user.client_authorize!(@client)
+          approve!(req, res, @client)
+        else
+          req.access_denied!
+        end
+      else
+        if current_user.client_authorized?(@client)
+          approve!(req, res, @client)
+        else
+          @response_type = req.response_type
+          @state = req.state
+        end
+      end
+    end
+  end
+  def approve!(req, res, client)
+    case req.response_type
+    when :code
+      authorization_code = current_user.authorization_codes.create!(:client => client, :redirect_uri => res.redirect_uri)
+      res.code = authorization_code.token
+    when :token
+      res.access_token = current_user.access_tokens.create!(:client => client).to_bearer_token
+    end
+    res.approve!
+  end
+end

data/app/controllers/site/clients_controller.rb ADDED

@@ -0,0 +1,39 @@
+class Site::ClientsController < ApplicationController
+  before_filter :authenticate_user!
+  before_filter :set_author_ids, only: [ :create, :update ]
+  def index
+    @developer_clients = current_subject.developer_site_clients
+  end
+  def show
+    @client = Site::Client.find params[:id]
+  end
+  def new
+    @client = Site::Client.new
+  end
+  def create
+    @client = Site::Client.new params[:site_client]
+    if @client.save
+      respond_to do |format|
+        format.html { redirect_to @client }
+      end
+    else
+      respond_to do |format|
+        format.html { render :new }
+      end
+    end
+  end
+  private
+  def set_author_ids
+    params[:site_client][:author_id]      = current_subject.actor_id
+    params[:site_client][:user_author_id] = current_user.actor_id
+    params[:site_client][:owner_id]       = current_subject.actor_id
+  end
+end

data/app/decorators/social_stream/base/actor_decorator.rb ADDED

@@ -0,0 +1,3 @@
+Actor.class_eval do
+  include SocialStream::Oauth2Server::Models::Actor
+end

data/app/decorators/social_stream/base/user_decorator.rb ADDED

@@ -0,0 +1,3 @@
+User.class_eval do
+  include SocialStream::Oauth2Server::Models::User
+end

data/app/helpers/site_client_helper.rb ADDED

@@ -0,0 +1,17 @@
+module SiteClientHelper
+  # Extract {Site::Client} id form Devise's redirect_to
+  def redirect_to_site_client_id
+    uri = URI.parse session["user_return_to"]
+    Rack::Utils.parse_query(uri.query)["client_id"]
+  rescue
+  end
+  def redirect_to_site_client?
+    redirect_to_site_client_id.present?
+  end
+  def redirecting_site_client
+    Site::Client.find redirect_to_site_client_id
+  end
+end

data/app/models/oauth2_token.rb ADDED

@@ -0,0 +1,33 @@
+class Oauth2Token < ActiveRecord::Base
+  cattr_accessor :default_lifetime
+  self.default_lifetime = 1.minute
+  belongs_to :user
+  belongs_to :client,
+             class_name: "Site::Client",
+             foreign_key: :site_id
+  validates :client, :expires_at, presence: true
+  validates :token, presence: true, uniqueness: true
+  before_validation :setup, on: :create
+  scope :valid, lambda {
+    where('expires_at >= ?', Time.now.utc)
+  }
+  def expires_in
+    (expires_at - Time.now.utc).to_i
+  end
+  def expire!
+    update_attribute(:expires_at, Time.now.utc) || raise(ActiveRecord::RecordInvalid)
+  end
+  protected
+  def setup
+    self.token = SecureRandom.base64(64)
+    self.expires_at ||= default_lifetime.from_now
+  end
+end

data/app/models/oauth2_token/access_token.rb ADDED

@@ -0,0 +1,32 @@
+class Oauth2Token::AccessToken < Oauth2Token
+  self.default_lifetime = 15.minutes
+  belongs_to :refresh_token,
+             class_name: "Oauth2Token::RefreshToken"
+  def to_bearer_token(with_refresh_token = false)
+    bearer_token = Rack::OAuth2::AccessToken::Bearer.new(
+      access_token: token,
+      expires_in:   expires_in
+    )
+    if with_refresh_token
+      bearer_token.refresh_token = create_refresh_token!(
+        user: user,
+        client: client
+      ).token
+    end
+    bearer_token
+  end
+  def setup
+    super
+    if refresh_token
+      self.user       = refresh_token.user
+      self.client     = refresh_token.client
+      self.expires_at = [ expires_at, refresh_token.expires_at ].min
+    end
+  end
+end

data/app/models/oauth2_token/authorization_code.rb ADDED

@@ -0,0 +1,5 @@
+class Oauth2Token::AuthorizationCode < Oauth2Token
+  def access_token
+    @access_token ||= expire! && user.access_tokens.create!(client: client)
+  end
+end

data/app/models/oauth2_token/refresh_token.rb ADDED

@@ -0,0 +1,7 @@
+class Oauth2Token::RefreshToken < Oauth2Token
+  self.default_lifetime = 1.month
+  has_many :access_tokens,
+           class_name: 'Oauth2Token::AccessToken'
+end

data/app/models/relation/admin.rb ADDED

@@ -0,0 +1,9 @@
+# Administer client sites
+class Relation::Admin < Relation::Single
+  class << self
+    def create_activity?
+      false
+    end
+  end
+end

data/app/models/relation/auth.rb ADDED

@@ -0,0 +1,8 @@
+# Authorize a {Site::Client} to access data
+class Relation::Auth < Relation::Single
+  class << self
+    def create_activity?
+      false
+    end
+  end
+end

data/app/models/site/client.rb ADDED

@@ -0,0 +1,38 @@
+class Site::Client < Site
+  validates_presence_of :url, :callback_url, :secret
+  before_validation :set_secret,
+                    on: :create
+  after_create :set_admin
+  scope :administered_by, lambda { |actor|
+    joins(actor: :sent_ties).
+      merge(Contact.received_by(actor)).
+      merge(Tie.related_by(Relation::Admin.instance))
+  }
+  %w{ url callback_url secret }.each do |m|
+    define_method m do
+      config[m]
+    end
+    define_method "#{ m }=" do |arg|
+      config[m] = arg
+    end
+  end
+  def to_param
+    id
+  end
+  private
+  def set_secret
+    self.secret = SecureRandom.hex(64)
+  end
+  def set_admin
+    contact_to!(author).relation_ids = [ Relation::Admin.instance.id ]
+  end
+end

data/app/overrides/frontpage/_presentation/client_site_presentation.html.erb.deface ADDED

@@ -0,0 +1,8 @@
+<!-- surround_contents '#presentation' -->
+<% if redirect_to_site_client? %>
+  <%= render partial: 'site/clients/presentation',
+             locals: { client: redirecting_site_client } %>
+<% else %>
+  <%= render_original %>
+<% end %>

data/app/overrides/layouts/_header_dropdown_menu/applications_entry.html.erb.deface ADDED

@@ -0,0 +1,4 @@
+<!-- insert_after "code[erb-loud]:contains('header_dropdown_menu_sessions')" -->
+<li>
+  <%= link_to t('account.applications'), site_clients_path %>
+</li>

data/app/views/authorizations/error.html.erb ADDED

@@ -0,0 +1,4 @@
+<h2>Invalid Authorization Request</h2>
+<h3><%= @error.error %></h3>
+<p><%= @error.description %></p>

data/app/views/authorizations/new.html.erb ADDED

@@ -0,0 +1,27 @@
+<article class="authorization">
+  <h2>
+    <%= t 'authorization.new.title', client: @client.name %>
+  </h2>
+  <%= raw t('authorization.new.permission.title', client: link_to(@client.name, @client.url)) %>
+  <ul>
+    <li>
+      &#8226&#32<%= t 'permission.public_info' %>
+    </li>
+  </ul>
+  <%= form_tag authorizations_path do %>
+    <%= hidden_field_tag :client_id,     @client.id %>
+    <%= hidden_field_tag :response_type, @response_type %>
+    <%= hidden_field_tag :redirect_uri,  @redirect_uri %>
+    <%= hidden_field_tag :state,         @state %>
+    <%= button_tag class: "btn btn-danger", name: "cancel" do %>
+      <%= t 'authorization.form.cancel' %>
+    <% end %>
+    <%= button_tag class: "btn btn-success", name: "accept" do %>
+      <%= t 'authorization.form.accept' %>
+    <% end %>
+  <% end %>
+</article>

data/app/views/site/clients/_form.html.erb ADDED

@@ -0,0 +1,39 @@
+<article>
+  <%= form_for(@client || Site::Client.new) do |f| %>
+    <% if f.object.errors.any? %>
+      <div id="error_explanation" class="alert alert-error">
+        <h2><%= pluralize(f.object.errors.count, "error") %> prohibited this client site from being saved:</h2>
+        <ul>
+          <% f.object.errors.full_messages.each do |msg| %>
+            <li><%= msg %></li>
+          <% end %>
+        </ul>
+      </div>
+    <% end %>
+    <article id="new_application">
+      <section class="name">
+        <%= f.label :name %>
+        <%= f.text_field :name %>
+      </section>
+      <section class="description">
+        <%= f.label :description %>
+        <%= f.text_area :description %>
+      </section>
+      <section class="url">
+        <%= f.label :url %>
+        <%= f.text_area :url %>
+      </section>
+      <section class="callback_url">
+        <%= f.label :callback_url %>
+        <%= f.text_area :callback_url %>
+      </section>
+      <%= f.submit :class => "btn pull-right" %>
+    </article>
+  <% end %>
+</article>

data/app/views/site/clients/_new.modal.html.erb ADDED

@@ -0,0 +1,9 @@
+<div id="new_site_client-modal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="new_site_client-modal-title" aria-hidden="true">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
+    <h3 id="new_site_client-modal-title"><%= t 'site.client.new.title' %></h3>
+  </div>
+  <div class="modal-body">
+    <%= render partial: 'form' %>
+  </div>
+</div>

data/app/views/site/clients/_presentation.html.erb ADDED

@@ -0,0 +1,13 @@
+<article class="media">
+  <%= link_to client.url, class: 'pull-left' do %>
+    <%= image_tag client.logo.url(:small), style: "width: 70px; height: 70px;" %>
+  <% end %>
+  <div class="media-body">
+    <h2 class="media-heading">
+      <%= client.name %>
+    </h2>
+    <%= client.description %>
+  </div>
+</article>

data/app/views/site/clients/index.html.erb ADDED

@@ -0,0 +1,42 @@
+<section id="site_clients" class="first-img">
+  <%= render partial: 'toolbar/home' %>
+  <section class="site_clients">
+    <header>
+      <h1>
+        <%= t 'site.client.added' %>
+      </h1>
+      <%= link_to t('site.client.new.link'), new_site_client_path, class: "btn new_site_client-modal-link", 'data-toggle' => 'modal'  %>
+      <%= render partial: 'new.modal' %>
+      <hr class="soften">
+    </header>
+    <% @developer_clients.each do |client| %>
+      <%= image_tag client.logo.url(:small), style: "width: 40px; height: 40px;" %>
+      <div class="name">
+        <%= link_to client.name, client %>
+      </div>
+      <div class="url">
+        <%= link_to client.url, client.url, target: '_blank' %>
+      </div>
+      <div class="users">
+        <span>
+          5
+        </span>
+        users
+      </div>
+    <hr class="soften">
+    <% end %>
+    <%= javascript_tag do %>
+      SocialStream.SiteClient.index();
+    <% end %>
+  </section>
+</section>