social_stream-oauth2_server 2.0.0.beta1

data/app/views/site/clients/new.html.erb

@@ -0,0 +1,10 @@
+<section id="new_site_client">
+  <%= render partial: 'toolbar/home' %>
+
+  <section class="new_site_client">
+    <h1><%= t 'site.client.new.title' %></h1>
+
+    <%= render partial: 'form' %>
+  </section>
+</section>
+

data/app/views/site/clients/show.html.erb

@@ -0,0 +1,44 @@
+<%= render partial: 'toolbar/home' %>
+
+<section id="oauth2_server">  
+  <h1>
+    <%= @client.name %>
+  </h1>
+
+  <hr class="soften">
+  <div class="content">
+    <a class="pull-left" href="#">
+        <img class="media-object" alt="application image" style="width: 100px; height: 100px;" src="assets/user.png">
+    </a>
+    <article  class="media box">
+      <div class="media-body">
+        <h4>
+          <%= Site::Client.human_attribute_name :url %>
+        </h4>
+        <div class="result">
+          <%= link_to @client.url, @client.url%>
+        </div>
+        <h4>
+          <%= Site::Client.human_attribute_name :callback_url %>
+        </h4>
+        <div class="result">
+          <%= @client.callback_url %>
+        </div>
+        <h4>
+          <%= Site::Client.human_attribute_name :id %>
+        </h4>
+        <div class="result">
+          <%= @client.id %>
+        </div>
+        <h4>
+          <%= Site::Client.human_attribute_name :secret %>
+        </h4>
+        <div class="result client_secret">
+          <p>
+            <%= @client.secret %>
+          </p>
+        </div>
+      </div>
+    </article>
+  </div>
+</section>

data/config/locales/en.yml

@@ -0,0 +1,29 @@
+en:
+  account:
+    applications: "Applications"
+  activerecord:
+    attributes:
+      site/client:
+        callback_url: "Callback URL"
+        id: "Client ID"
+        name: "Name"
+        secret: "Client Secret"
+        url: "URL"
+  authorization:
+    form:
+      accept: "Accept"
+      cancel: "Cancel"
+    new:
+      title: "Authorize %{client}?"
+      permission:
+        title: "The site %{client} will be able to:"
+  permission:
+    public_info: "Read your public information"
+  site:
+    client:
+      added: "Added sites"
+      index:
+        title: "Client sites"
+      new:
+        link: "Add site"
+        title: "Register new client site"

data/config/locales/es.yml

@@ -0,0 +1,29 @@
+es:
+  account:
+    applications: "Aplicaciones"
+  activerecord:
+    attributes:
+      site/client:
+        callback_url: "Callback URL"
+        id: "Client ID"
+        name: "Nombre"
+        secret: "Client Secret"
+        url: "URL"
+  authorizations:
+    form:
+      accept: "Aceptar"
+      cancel: "Cancelar"
+    new:
+      title: "¿Autorizar %{client}?"
+      permission:
+        title: "El sitio %{client} será capaz de:"
+  permission:
+    public_info: "Acceder a tu información pública"
+  site:
+    client:
+      added: "Sitios añadidos"
+      index:
+        title: "Sitios"
+      new:
+        link: "Añadir sitio"
+        title: "Registrar nuevo sitio"

data/config/routes.rb

@@ -0,0 +1,10 @@
+Rails.application.routes.draw do
+  match 'oauth2/authorize', to: 'authorizations#new'
+  post  'oauth2/token', to: proc { |env| SocialStream::Oauth2Server::TokenEndpoint.new.call(env) }
+
+  resources :authorizations, only: :create
+
+  namespace "site" do
+    resources :clients
+  end
+end

data/db/migrate/20130115102300_create_social_stream_oauth2_server.rb

@@ -0,0 +1,25 @@
+class CreateSocialStreamOauth2Server < ActiveRecord::Migration
+  def change
+    create_table :oauth2_tokens do |t|
+      t.string :type
+
+      t.integer :user_id
+      t.integer :site_id
+      t.string  :token
+
+      t.string  :redirect_uri
+      t.integer :refresh_token_id
+
+      t.timestamps
+      t.datetime :expires_at
+    end
+
+    add_index "oauth2_tokens", :user_id, :name => "index_oauth2_tokens_on_user_id"
+    add_index "oauth2_tokens", :site_id, :name => "index_oauth2_tokens_on_site_id"
+    add_index "oauth2_tokens", :token,   :name => "index_oauth2_tokens_on_token"
+    add_index "oauth2_tokens", :refresh_token_id, :name => "index_oauth2_tokens_on_refresh_token_id"
+
+    add_foreign_key "oauth2_tokens", "sites", :name => "index_oauth2_tokens_on_site_id"
+    add_foreign_key "oauth2_tokens", "users", :name => "index_oauth2_tokens_on_user_id"
+  end
+end

data/lib/generators/social_stream/oauth2_server/install_generator.rb

@@ -0,0 +1,23 @@
+class SocialStream::Oauth2Server::InstallGenerator < Rails::Generators::Base
+  include Rails::Generators::Migration
+  
+  source_root File.expand_path('../templates', __FILE__)
+
+  def create_migration_file
+    require 'rake'
+    Rails.application.load_tasks
+    Rake::Task['railties:install:migrations'].reenable
+    Rake::Task['social_stream_oauth2_server_engine:install:migrations'].invoke
+  end
+
+  def require_javascripts
+    inject_into_file 'app/assets/javascripts/application.js',
+                     "//= require social_stream-oauth2_server\n",
+                     :before => '//= require_tree .'
+  end
+
+  def require_stylesheets
+    append_file 'app/assets/stylesheets/social_stream.css.sass',
+                "@import social_stream-oauth2_server\n"
+  end
+end

data/lib/social_stream-oauth2_server.rb

@@ -0,0 +1,19 @@
+require 'social_stream-base'
+
+require 'rack/oauth2'
+
+module SocialStream
+  module Oauth2Server
+    module Controllers
+      autoload :Helpers,  'social_stream/oauth2_server/controllers/helpers'
+    end
+
+    module Models
+      autoload :Actor, 'social_stream/oauth2_server/models/actor'
+      autoload :User, 'social_stream/oauth2_server/models/user'
+    end
+    autoload :TokenEndpoint, 'social_stream/oauth2_server/token_endpoint'
+  end
+end
+
+require 'social_stream/oauth2_server/engine'

data/lib/social_stream/migrations/oauth2_server.rb

@@ -0,0 +1,8 @@
+require 'social_stream/migrations/components'
+
+module SocialStream
+  module Migrations
+    class Oauth2Server < Components
+    end
+  end
+end

data/lib/social_stream/oauth2_server.rb

@@ -0,0 +1,5 @@
+# Bundler 1.2 tries to load this file instead of the gem name,
+# so we delegate to it
+#
+# We will probably change this in the future
+require 'social_stream-oauth2_server'

data/lib/social_stream/oauth2_server/controllers/helpers.rb

@@ -0,0 +1,41 @@
+module SocialStream
+  module Oauth2Server
+    module Controllers
+      # Common methods added to ApplicationController
+      module Helpers
+        extend ActiveSupport::Concern
+
+        def authenticate_user!(opts = {})
+          oauth2_token? || super
+        end
+
+        def current_subject
+          super ||
+            @current_subject ||=
+              current_from_oauth_token(:client)
+        end
+
+        def current_user
+          super ||
+            @current_user ||=
+              current_from_oauth_token(:user)
+        end
+
+        def current_from_oauth_token(type)
+          return unless oauth2_token?
+
+          oauth2_token.__send__(type)
+        end
+
+        def oauth2_token
+          @oauth2_token ||=
+            request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
+        end
+
+        def oauth2_token?
+          oauth2_token.present?
+        end
+      end
+    end
+  end
+end

data/lib/social_stream/oauth2_server/engine.rb

@@ -0,0 +1,21 @@
+module SocialStream
+  module Oauth2Server
+    class Engine < Rails::Engine
+      config.app_middleware.use Rack::OAuth2::Server::Resource::Bearer, 'Social Stream OAuth2' do |req|
+        Oauth2Token::AccessToken.valid.find_by_token(req.access_token) || req.invalid_token!
+      end
+
+      initializer "social_stream-oauth2_server.controller.helpers",
+                  after: "social_stream-base.controller.helpers" do
+        ActiveSupport.on_load(:action_controller) do
+          include SocialStream::Oauth2Server::Controllers::Helpers
+        end
+      end
+
+      initializer "social_stream-oauth2_server.add_filters" do |app|
+        app.config.filter_parameters += [:secret]
+        app.config.filter_parameters.uniq
+      end
+    end
+  end
+end

data/lib/social_stream/oauth2_server/models/actor.rb

@@ -0,0 +1,11 @@
+module SocialStream
+  module Oauth2Server
+    module Models
+      module Actor
+        def developer_site_clients
+          Site::Client.administered_by(self)
+        end
+      end
+    end
+  end
+end

data/lib/social_stream/oauth2_server/models/user.rb

@@ -0,0 +1,35 @@
+module SocialStream
+  module Oauth2Server
+    module Models
+      module User
+        extend ActiveSupport::Concern
+
+        included do
+          has_many :oauth2_tokens,
+                   dependent: :destroy
+
+          has_many :authorization_codes,
+                   class_name: 'Oauth2Token::AuthorizationCode'
+
+          has_many :access_tokens,
+                   class_name: 'Oauth2Token::AccessToken'
+
+          has_many :refresh_tokens,
+                   class_name: 'Oauth2Token::RefreshToken'
+        end
+
+        # Is {#client} authorized by this {User}
+        def client_authorized?(client)
+          contact_to!(client).relation_ids.include? Relation::Auth.instance.id
+        end
+
+        # Create a new tie to {Site::Client}
+        def client_authorize!(client)
+          unless contact_to!(client).relation_ids.include?(Relation::Auth.instance.id)
+            contact_to!(client).relation_ids += [ Relation::Auth.instance.id ]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/social_stream/oauth2_server/token_endpoint.rb

@@ -0,0 +1,41 @@
+module SocialStream
+  module Oauth2Server
+    class TokenEndpoint
+      def call(env)
+        authenticator.call(env)
+      end
+
+      private
+
+      def authenticator
+        Rack::OAuth2::Server::Token.new do |req, res|
+        client = Site::Client.find(req.client_id) || req.invalid_client!
+        client.secret == req.client_secret || req.invalid_client!
+
+        case req.grant_type
+        when :authorization_code
+          code = Oauth2Token::AuthorizationCode.valid.find_by_token(req.code)
+          req.invalid_grant! if code.blank? || code.redirect_uri != req.redirect_uri
+
+          res.access_token = code.access_token.to_bearer_token(:with_refresh_token)
+        when :password
+          # TODO
+          account = Account.find_by_username_and_password(req.username, req.password) || req.invalid_grant!
+          res.access_token = account.access_tokens.create(:client => client).to_bearer_token(:with_refresh_token)
+        when :client_credentials
+          # NOTE: client is already authenticated here.
+          res.access_token = client.access_tokens.create!.to_bearer_token
+        when :refresh_token
+          refresh_token = client.refresh_tokens.valid.find_by_token(req.refresh_token)
+          req.invalid_grant! unless refresh_token
+          res.access_token = refresh_token.access_tokens.create!.to_bearer_token
+        else
+          # NOTE: extended assertion grant_types are not supported yet.
+          req.unsupported_grant_type!
+        end
+        end
+      end
+    end
+  end
+end
+

data/lib/social_stream/oauth2_server/version.rb

@@ -0,0 +1,5 @@
+module SocialStream
+  module Oauth2Server
+    VERSION = "2.0.0.beta1".freeze
+  end
+end

data/lib/tasks/db/populate.rake

@@ -0,0 +1,37 @@
+namespace :db do
+  namespace :populate do
+    desc "Create populate data with client sites"
+    task create: 'create:site_clients'
+
+    namespace :create do
+      desc "Add client sites populate data"
+      task site_clients: :read_environment do
+        puts 'Site Client population (Dummy and 9 clients more)'
+
+        start = Time.now
+
+        # Create dummy site
+        aid = Actor.find_by_slug('demo').id
+
+        s = Site::Client.create! name: 'Dummy',
+                                 description: "Social Stream's spec/dummy application",
+                                 url: 'http://localhost:3000',
+                                 callback_url: 'http://localhost:3000/users/auth/socialstream/callback',
+                                 author_id: aid
+        
+        s.update_attributes! secret: "f9974ce87c455544f61cc960b58cf833eb039875ef27029449408857879a1e87283c86558e46fa431d37a3c5590ba92612c51dfd0872ccff35cbecf3910eaa02"
+
+        9.times do
+          domain = Forgery::Internet.domain_name 
+          Site::Client.create! name: Forgery::Name.company_name,
+                               description: Forgery::LoremIpsum.sentence(random: true),
+                               url: "https://#{ domain }",
+                               callback_url: "https://#{ domain }/callback",
+                               author: User.all[rand(User.all.size)]
+        end
+
+        puts "   -> #{ (Time.now - start).round(4) }s"
+      end
+    end
+  end
+end

data/social_stream-oauth2_server.gemspec

@@ -0,0 +1,19 @@
+# encoding: UTF-8
+require File.join(File.dirname(__FILE__), 'lib', 'social_stream', 'oauth2_server', 'version')
+
+Gem::Specification.new do |s|
+  s.name = "social_stream-oauth2_server"
+  s.version = SocialStream::Oauth2Server::VERSION.dup
+  s.authors = ["Antonio Tapiador", "GING - DIT - UPM"]
+  s.summary = "OAuth2 server support for Social Stream, the framework for building social network websites"
+  s.description = "Social Stream is a Ruby on Rails engine providing your application with social networking features and activity streams.\n\nThis gem supplies with OAuth2 server support"
+  s.email = "social-stream@dit.upm.es"
+  s.homepage = "http://github.com/ging/social_stream-oauth2_server"
+  s.files = `git ls-files`.split("\n")
+
+  # Gem dependencies
+  s.add_runtime_dependency('social_stream-base', '~> 2.0.0.beta1')
+  s.add_runtime_dependency('rack-oauth2', '~> 1.0.0')
+
+  s.add_development_dependency('rspec-rails', '~> 2.8.0')
+end

data/spec/controllers/authorizations_controller_spec.rb

@@ -0,0 +1,179 @@
+require 'spec_helper'
+
+describe AuthorizationsController do
+  let(:redirect_uri) { "https://test.host/callback" }
+  let(:token) { "token" }
+
+  let(:authorization_code) { double :authorization_code, token: token }
+  let(:user) { double :user, language: :en }
+  let(:client) { double :client, callback_url: redirect_uri }
+
+  context "#new" do
+    context "without authentication" do
+      it "should redirect to login" do
+        get :new
+
+        response.should redirect_to(:new_user_session)
+      end
+    end
+
+    context "with authentication" do
+      before do
+        controller.stub(:authenticate_user!)
+        controller.stub(:current_user) { user }
+      end
+
+      context "without client_id" do
+        it "should respond with bad request" do
+          get :new
+
+          response.should be_bad_request
+          assigns(:error).to_s.should eq('bad_request')
+        end
+      end
+
+      context "with client_id" do
+        before :each do
+          @params = { client_id: 7 }
+        end
+
+        it "should return bad request" do
+          get :new, @params
+
+          response.should be_bad_request
+          assigns(:error).to_s.should eq("invalid_request :: 'response_type' required.")
+        end
+
+        context "with response code" do
+          before :each do
+            @params.merge! response_type: 'code'
+          end
+
+          it "should raise RecordNotFound" do
+            lambda { get :new, @params }.should raise_error(ActiveRecord::RecordNotFound)
+          end
+
+          context "with valid client" do
+            before do
+              Site::Client.should_receive(:find).with("7") { client }
+            end
+
+            context "not authorized" do
+              before do
+                user.stub(:client_authorized?) { false }
+              end
+
+              it "should render new" do
+                get :new, @params
+
+                response.should be_success
+                response.should render_template('new')
+              end
+            end
+
+            context "authorized" do
+              before do
+                user.stub(:client_authorized?) { true }
+
+                codes = double(:codes)
+
+                user.stub(:authorization_codes) { codes }
+
+                codes.should_receive(:create!).with(client: client, redirect_uri: redirect_uri) { authorization_code }
+              end
+
+              it "should render new" do
+                get :new, @params
+
+                response.should redirect_to("#{ redirect_uri }?code=#{ token }")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+
+  describe "#create" do 
+    context "without authentication" do
+      it "should redirect to login" do
+        post :create
+
+        response.should redirect_to(:new_user_session)
+      end
+    end
+
+    describe "with authentication" do
+      before do
+        controller.stub(:authenticate_user!)
+        controller.stub(:current_user) { user }
+      end
+
+      context "without client_id" do
+        it "should respond with bad request" do
+          post :create
+
+          response.should be_bad_request
+          assigns(:error).to_s.should eq('bad_request')
+        end
+      end
+
+      context "with client_id" do
+        before :each do
+          @params = { client_id: 7 }
+        end
+
+        it "should return bad request" do
+          post :create, @params
+
+          response.should be_bad_request
+          assigns(:error).to_s.should eq("invalid_request :: 'response_type' required.")
+        end
+
+        context "with response code" do
+          before :each do
+            @params.merge! response_type: 'code'
+          end
+
+          it "should raise RecordNotFound" do
+            lambda { post :create, @params }.should raise_error(ActiveRecord::RecordNotFound)
+          end
+
+          context "with valid client" do
+            before do
+              Site::Client.should_receive(:find).with("7") { client }
+            end
+
+            context "not accepted" do
+              it "should redirect" do
+                post :create, @params
+
+                response.should redirect_to("#{ redirect_uri }?error=access_denied&error_description=The+end-user+or+authorization+server+denied+the+request.")
+              end
+            end
+
+            context "accepted" do
+              before do
+                @params.merge!(accept: "true")
+
+                user.should_receive(:client_authorize!).with(client)
+
+                codes = double(:codes)
+
+                user.stub(:authorization_codes) { codes }
+
+                codes.should_receive(:create!).with(client: client, redirect_uri: redirect_uri) { authorization_code }
+              end
+
+              it "should respond with test" do
+                post :create, @params
+
+                response.should redirect_to("#{ redirect_uri }?code=#{ token }")
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end