songkick-oauth2-provider 0.10.2 → 0.10.3

data/lib/songkick/oauth2/provider/error.rb

@@ -1,21 +1,21 @@
 module Songkick
   module OAuth2
     class Provider
-      
+
       class Error
         def initialize(message = nil)
           @message = message
         end
-        
+
         def error
           INVALID_REQUEST
         end
-        
+
         def error_description
           'Bad request' + (@message ? ": #{@message}" : '')
         end
       end
-      
+
     end
   end
 end

data/lib/songkick/oauth2/provider/exchange.rb

@@ -1,43 +1,43 @@
 module Songkick
   module OAuth2
     class Provider
-      
+
       class Exchange
         attr_reader :client, :error, :error_description
-        
+
         REQUIRED_PARAMS    = [CLIENT_ID, CLIENT_SECRET, GRANT_TYPE]
         VALID_GRANT_TYPES  = [AUTHORIZATION_CODE, PASSWORD, ASSERTION, REFRESH_TOKEN]
-        
+
         REQUIRED_PASSWORD_PARAMS  = [USERNAME, PASSWORD]
         REQUIRED_ASSERTION_PARAMS = [ASSERTION_TYPE, ASSERTION]
-        
+
         RESPONSE_HEADERS = {
           'Cache-Control' => 'no-store',
           'Content-Type'  => 'application/json'
         }
-        
+
         def initialize(resource_owner, params, transport_error = nil)
           @params     = params
           @scope      = params[SCOPE]
           @grant_type = @params[GRANT_TYPE]
-          
+
           @transport_error = transport_error
-          
+
           validate!
         end
-        
+
         def owner
           @authorization && @authorization.owner
         end
-        
+
         def redirect?
           false
         end
-        
+
         def response_body
           return jsonize(ERROR, ERROR_DESCRIPTION) unless valid?
           update_authorization
-          
+
           response = {}
           [ACCESS_TOKEN, REFRESH_TOKEN, SCOPE].each do |key|
             value = @authorization.__send__(key)
@@ -46,18 +46,18 @@ module Songkick
           if expiry = @authorization.expires_in
             response[EXPIRES_IN] = expiry
           end
-          
+
           JSON.unparse(response)
         end
-        
+
         def response_headers
           RESPONSE_HEADERS
         end
-        
+
         def response_status
           valid? ? 200 : 400
         end
-        
+
         def scopes
           scopes = @scope ? @scope.split(/\s+/).delete_if { |s| s.empty? } : []
           Set.new(scopes)
@@ -68,41 +68,41 @@ module Songkick
           @authorization.exchange!
           @already_updated = true
         end
-        
+
         def valid?
           @error.nil?
         end
-        
+
       private
-        
+
         def jsonize(*ivars)
           hash = {}
           ivars.each { |key| hash[key] = instance_variable_get("@#{key}") }
           JSON.unparse(hash)
         end
-        
+
         def validate!
           if @transport_error
             @error = @transport_error.error
             @error_description = @transport_error.error_description
             return
           end
-          
+
           validate_required_params
-          
+
           return if @error
           validate_client
-          
+
           unless VALID_GRANT_TYPES.include?(@grant_type)
             @error = UNSUPPORTED_GRANT_TYPE
             @error_description = "The grant type #{@grant_type} is not recognized"
           end
           return if @error
-          
+
           __send__("validate_#{@grant_type}")
           validate_scope
         end
-        
+
         def validate_required_params
           REQUIRED_PARAMS.each do |param|
             next if @params.has_key?(param)
@@ -110,72 +110,72 @@ module Songkick
             @error_description = "Missing required parameter #{param}"
           end
         end
-        
+
         def validate_client
           @client = Model::Client.find_by_client_id(@params[CLIENT_ID])
           unless @client
             @error = INVALID_CLIENT
             @error_description = "Unknown client ID #{@params[CLIENT_ID]}"
           end
-          
+
           if @client and not @client.valid_client_secret?(@params[CLIENT_SECRET])
             @error = INVALID_CLIENT
             @error_description = 'Parameter client_secret does not match'
           end
         end
-        
+
         def validate_scope
           if @authorization and not @authorization.in_scope?(scopes)
             @error = INVALID_SCOPE
             @error_description = 'The request scope was never granted by the user'
           end
         end
-        
+
         def validate_authorization_code
           unless @params[CODE]
             @error = INVALID_REQUEST
             @error_description = "Missing required parameter code"
           end
-          
+
           if @client.redirect_uri and @client.redirect_uri != @params[REDIRECT_URI]
             @error = REDIRECT_MISMATCH
             @error_description = "Parameter redirect_uri does not match registered URI"
           end
-          
+
           unless @params.has_key?(REDIRECT_URI)
             @error = INVALID_REQUEST
             @error_description = "Missing required parameter redirect_uri"
           end
-          
+
           return if @error
-          
+
           @authorization = @client.authorizations.find_by_code(@params[CODE])
           validate_authorization
         end
-        
+
         def validate_password
           REQUIRED_PASSWORD_PARAMS.each do |param|
             next if @params.has_key?(param)
             @error = INVALID_REQUEST
             @error_description = "Missing required parameter #{param}"
           end
-          
+
           return if @error
-          
+
           @authorization = Provider.handle_password(@client, @params[USERNAME], @params[PASSWORD], scopes)
           return validate_authorization if @authorization
-          
+
           @error = INVALID_GRANT
           @error_description = 'The access grant you supplied is invalid'
         end
-        
+
         def validate_assertion
           REQUIRED_ASSERTION_PARAMS.each do |param|
             next if @params.has_key?(param)
             @error = INVALID_REQUEST
             @error_description = "Missing required parameter #{param}"
           end
-          
+
           if @params[ASSERTION_TYPE]
             uri = URI.parse(@params[ASSERTION_TYPE]) rescue nil
             unless uri and uri.absolute?
@@ -183,36 +183,36 @@ module Songkick
               @error_description = 'Parameter assertion_type must be an absolute URI'
             end
           end
-          
+
           return if @error
-          
+
           assertion = Assertion.new(@params)
           @authorization = Provider.handle_assertion(@client, assertion, scopes)
           return validate_authorization if @authorization
-          
+
           @error = UNAUTHORIZED_CLIENT
           @error_description = 'Client cannot use the given assertion type'
         end
-        
+
         def validate_refresh_token
           refresh_token_hash = Songkick::OAuth2.hashify(@params[REFRESH_TOKEN])
           @authorization = @client.authorizations.find_by_refresh_token_hash(refresh_token_hash)
           validate_authorization
         end
-        
+
         def validate_authorization
           unless @authorization
             @error = INVALID_GRANT
             @error_description = 'The access grant you supplied is invalid'
           end
-          
+
           if @authorization and @authorization.expired?
             @error = INVALID_GRANT
             @error_description = 'The access grant you supplied is invalid'
           end
         end
       end
-      
+
       class Assertion
         attr_reader :type, :value
         def initialize(params)
@@ -220,7 +220,7 @@ module Songkick
           @value = params[ASSERTION]
         end
       end
-      
+
     end
   end
 end

data/lib/songkick/oauth2/router.rb

@@ -1,25 +1,25 @@
 module Songkick
   module OAuth2
     class Router
-      
+
       # Public methods in the namespace take either Rack env objects, or Request
       # objects from Rails/Sinatra and an optional params hash which it then
       # coerces to Rack requests. This is for backward compatibility; originally
       # it only took request objects.
-      
+
       class << self
         def parse(resource_owner, env)
           error   = detect_transport_error(env)
           request = request_from(env)
           params  = request.params
           auth    = auth_params(env)
-          
+
           if auth[CLIENT_ID] and auth[CLIENT_ID] != params[CLIENT_ID]
             error ||= Provider::Error.new("#{CLIENT_ID} from Basic Auth and request body do not match")
           end
-          
+
           params = params.merge(auth)
-          
+
           if params[GRANT_TYPE]
             error ||= Provider::Error.new('must be a POST request') unless request.post?
             Provider::Exchange.new(resource_owner, params, error)
@@ -27,7 +27,7 @@ module Songkick
             Provider::Authorization.new(resource_owner, params, error)
           end
         end
-        
+
         def access_token(resource_owner, scopes, env)
           access_token = access_token_from_request(env)
           Provider::AccessToken.new(resource_owner,
@@ -40,30 +40,30 @@ module Songkick
           request = request_from(env)
           params  = request.params
           header  = request.env['HTTP_AUTHORIZATION']
-          
+
           header && header =~ /^OAuth\s+/ ?
               header.gsub(/^OAuth\s+/, '') :
               params[OAUTH_TOKEN]
         end
-        
+
       private
-        
+
         def request_from(env_or_request)
           env = env_or_request.respond_to?(:env) ? env_or_request.env : env_or_request
           env = Rack::MockRequest.env_for(env['REQUEST_URI'] || '', :input => env['RAW_POST_DATA']).merge(env)
           Rack::Request.new(env)
         end
-        
+
         def auth_params(env)
           return {} unless basic = env['HTTP_AUTHORIZATION']
           parts = basic.split(/\s+/)
           username, password = Base64.decode64(parts.last).split(':')
           {CLIENT_ID => username, CLIENT_SECRET => password}
         end
-        
+
         def detect_transport_error(env)
           request = request_from(env)
-          
+
           if Provider.enforce_ssl and not request.ssl?
             Provider::Error.new('must make requests using HTTPS')
           elsif request.GET['client_secret']
@@ -71,7 +71,7 @@ module Songkick
           end
         end
       end
-      
+
     end
   end
 end

data/lib/songkick/oauth2/schema.rb

@@ -1,6 +1,6 @@
 module Songkick
   module OAuth2
-    
+
     class Schema
       def self.migrate
         ActiveRecord::Base.logger ||= Logger.new(StringIO.new)
@@ -9,12 +9,20 @@ module Songkick
       class << self
         alias :up :migrate
       end
-      
+
+      def self.rollback
+        ActiveRecord::Base.logger ||= Logger.new(StringIO.new)
+        ActiveRecord::Migrator.down(migrations_path)
+      end
+      class << self
+        alias :down :rollback
+      end
+
       def self.migrations_path
         File.expand_path('../schema', __FILE__)
       end
     end
-    
+
   end
 end
 

data/lib/songkick/oauth2/schema/20120828112156_songkick_oauth2_schema_original_schema.rb

@@ -10,7 +10,7 @@ class SongkickOauth2SchemaOriginalSchema < ActiveRecord::Migration
       t.string     :redirect_uri
     end
     add_index :oauth2_clients, [:client_id]
-    
+
     create_table :oauth2_authorizations do |t|
       t.timestamps
       t.string     :oauth2_resource_owner_type
@@ -27,7 +27,7 @@ class SongkickOauth2SchemaOriginalSchema < ActiveRecord::Migration
     add_index :oauth2_authorizations, [:client_id, :access_token_hash]
     add_index :oauth2_authorizations, [:client_id, :refresh_token_hash]
   end
-  
+
   def self.down
     drop_table :oauth2_clients
     drop_table :oauth2_authorizations

data/lib/songkick/oauth2/schema/20121024180930_songkick_oauth2_schema_add_authorization_index.rb

@@ -1,13 +1,13 @@
 class SongkickOauth2SchemaAddAuthorizationIndex < ActiveRecord::Migration
   INDEX_NAME = 'index_owner_client_pairs'
-  
+
   def self.up
     remove_index :oauth2_authorizations, [:client_id, :access_token_hash]
     add_index :oauth2_authorizations, [:client_id, :oauth2_resource_owner_type, :oauth2_resource_owner_id], :name => INDEX_NAME, :unique => true
   end
-  
+
   def self.down
-    remove_index :oauth2_authorizations, INDEX_NAME
+    remove_index :oauth2_authorizations, :name => INDEX_NAME
     add_index :oauth2_authorizations, [:client_id, :access_token_hash]
   end
 end

data/lib/songkick/oauth2/schema/20121025180447_songkick_oauth2_schema_add_unique_indexes.rb

@@ -1,6 +1,6 @@
 class SongkickOauth2SchemaAddUniqueIndexes < ActiveRecord::Migration
   FIELDS = [:code, :refresh_token_hash]
-  
+
   def self.up
     FIELDS.each do |field|
       remove_index :oauth2_authorizations, [:client_id, field]
@@ -8,13 +8,13 @@ class SongkickOauth2SchemaAddUniqueIndexes < ActiveRecord::Migration
     end
     remove_index :oauth2_authorizations, [:access_token_hash]
     add_index :oauth2_authorizations, [:access_token_hash], :unique => true
-    
+
     remove_index :oauth2_clients, [:client_id]
     add_index :oauth2_clients, [:client_id], :unique => true
-    
+
     add_index :oauth2_clients, [:name], :unique => true
   end
-  
+
   def self.down
     FIELDS.each do |field|
       remove_index :oauth2_authorizations, [:client_id, field]
@@ -22,11 +22,11 @@ class SongkickOauth2SchemaAddUniqueIndexes < ActiveRecord::Migration
     end
     remove_index :oauth2_authorizations, [:access_token_hash]
     add_index :oauth2_authorizations, [:access_token_hash]
-    
+
     remove_index :oauth2_clients, [:client_id]
     add_index :oauth2_clients, [:client_id]
-    
-    remove_clients :oauth2_clients, [:name]
+
+    remove_index :oauth2_clients, [:name]
   end
 end