songkick-oauth2-provider 0.10.2 → 0.10.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9b0ad668ae50fbc3a9b425ec63dd98663b7cb67b
+  data.tar.gz: 1243ea91a6236236493d7c98fd55ef0b4be46008
+SHA512:
+  metadata.gz: 11235193ecb2927f87b4adf3c2f70007c65f6af0367773eb705d2fb5f7e257ca31b217bce9cd2ea6693b2fee17d0c6ea60e98c0b69885853e415a5d95bc13c54
+  data.tar.gz: dacea0ec9c18b48a30f5a9e0f7e5706471fbf63242598efc924e9fd902fcb75c031c993f61db92513cf549edcba88f558dbe8aadef1844869e76ea5fa1987f7c

data/History.txt

@@ -1,3 +1,10 @@
+=== 0.10.3 / 2017-10-24
+
+* Add support for query strings in the client redirect uri
+* Do not allow the user arg for Provider.access_token() to be nil
+  (Use `:implicit` for implicit user lookup)
+
+
 === 0.10.2 / 2012-10-31
 
 * Stop Model::Authorization#scope being set to an empty string and returned as

data/README.rdoc

@@ -17,6 +17,11 @@ framework-specific request objects, though you can pass those in and their
 It stores the clients and authorizations using ActiveRecord.
 
 
+=== Installation
+
+  gem install songkick-oauth2-provider
+
+
 === A note on versioning
 
 This library is based on draft-10[http://tools.ietf.org/html/draft-ietf-oauth-v2-10],
@@ -108,6 +113,8 @@ the gem's migrations that have not yet been applied to your database.
      -> 0.0009s
   ...
 
+To rollback migrations, use <tt>Songkick::OAuth2::Model::Schema.rollback</tt>.
+
 
 === Model Mixins
 
@@ -196,14 +203,14 @@ the client:
     __send__ method, '/oauth/authorize' do
       @owner  = User.find_by_id(session[:user_id])
       @oauth2 = Songkick::OAuth2::Provider.parse(@owner, env)
-      
+
       if @oauth2.redirect?
         redirect @oauth2.redirect_uri, @oauth2.response_status
       end
-          
+
       headers @oauth2.response_headers
       status  @oauth2.response_status
-      
+
       if body = @oauth2.response_body
         body
       elsif @oauth2.valid?
@@ -228,7 +235,7 @@ You may also want to use scopes to provide granular access to your domain using
 asked for so you can display them to the user:
 
   <p>The application <%= @oauth2.client.name %> wants the following permissions:</p>
-  
+
   <ul>
     <% @oauth2.scopes.each do |scope| %>
       <li><%= PERMISSION_UI_STRINGS[scope] %></li>
@@ -251,7 +258,7 @@ user checks a box before posting a form to indicate their intent:
   post '/oauth/allow' do
     @user = User.find_by_id(session[:user_id])
     @auth = Songkick::OAuth2::Provider::Authorization.new(@user, params)
-    
+
     if params['allow'] == '1'
       @auth.grant_access!
     else
@@ -311,10 +318,10 @@ requested scopes.
   Songkick::OAuth2::Provider.handle_assertions 'https://graph.facebook.com/me' do |client, assertion, scopes|
     facebook = URI.parse('https://graph.facebook.com/me?access_token=' + assertion)
     response = Net::HTTP.get_response(facebook)
-    
+
     user_data = JSON.parse(response.body)
     account   = User.from_facebook_data(user_data)
-    
+
     account.grant_access!(client, :scopes => scopes)
   end
 
@@ -337,10 +344,10 @@ simple, for example a call to get a user's notes:
   get '/user/:username/notes' do
     user  = User.find_by_username(params[:username])
     token = Songkick::OAuth2::Provider.access_token(user, ['read_notes'], env)
-    
+
     headers token.response_headers
     status  token.response_status
-    
+
     if token.valid?
       JSON.unparse('notes' => user.notes)
     else
@@ -357,10 +364,10 @@ determine whether to serve the request or not.
 
 It is also common to provide a dynamic resource for getting some basic data
 about a user by supplying their access token. This can be done by passing
-<tt>nil</tt> as the resource owner:
+<tt>:implicit</tt> as the resource owner:
 
   get '/me' do
-    token = Songkick::OAuth2::Provider.access_token(nil, [], env)
+    token = Songkick::OAuth2::Provider.access_token(:implicit, [], env)
     if token.valid?
       JSON.unparse('username' => token.owner.username)
     else

data/example/README.rdoc

@@ -4,7 +4,7 @@ To get up and running:
 
   # in parent directory
   bundle install
-  
+
   cd example/
   ruby schema.rb
   rackup config.ru

data/example/application.rb

@@ -65,14 +65,14 @@ end
   __send__ method, '/oauth/authorize' do
     @user = User.find_by_id(session[:user_id])
     @oauth2 = Songkick::OAuth2::Provider.parse(@user, env)
-    
+
     if @oauth2.redirect?
       redirect @oauth2.redirect_uri, @oauth2.response_status
     end
-    
+
     headers @oauth2.response_headers
     status  @oauth2.response_status
-    
+
     if body = @oauth2.response_body
       body
     elsif @oauth2.valid?
@@ -105,10 +105,10 @@ end
 # Domain API
 
 get '/me' do
-  authorization = Songkick::OAuth2::Provider.access_token(nil, [], env)
+  authorization = Songkick::OAuth2::Provider.access_token(:implicit, [], env)
   headers authorization.response_headers
   status  authorization.response_status
-  
+
   if authorization.valid?
     user = authorization.owner
     JSON.unparse('username' => user.username)
@@ -141,15 +141,15 @@ helpers do
   def verify_access(scope)
     user  = User.find_by_username(params[:username])
     token = Songkick::OAuth2::Provider.access_token(user, [scope.to_s], env)
-    
+
     headers token.response_headers
     status  token.response_status
-    
+
     return ERROR_RESPONSE unless token.valid?
-    
+
     yield user
   end
-  
+
   #================================================================
   # Return the full app domain
   def host

data/example/schema.rb

@@ -10,7 +10,7 @@ ActiveRecord::Schema.define do |version|
     t.timestamps
     t.string :username
   end
-  
+
   create_table :notes, :force => true do |t|
     t.timestamps
     t.belongs_to :user

data/example/views/authorize.erb

@@ -15,12 +15,12 @@
     <input type="hidden" name="<%= key %>" value="<%= value %>">
   <% end %>
   <input type="hidden" name="user_id" value="<%= @user.id %>">
-  
+
   <fieldset>
     <input type="checkbox" name="allow" id="allow" value="1">
     <label for="allow">Allow this application</label>
   </fieldset>
-  
+
   <fieldset>
     <input type="submit" value="Go!">
   </fieldset>

data/example/views/layout.erb

@@ -6,20 +6,20 @@
     <link rel="stylesheet" href="/style.css">
   </head>
   <body>
-    
+
     <div class="header"><div class="sub">
       <h1>OAuth 2.0 demo</h1>
       <h2>Steal my notes, why don&rsquo;t you</h2>
     </div></div>
-    
+
     <div class="content"><div class="sub">
       <%= yield %>
     </div></div>
-    
+
     <div class="footer"><div class="sub">
       <p>Copyright &copy; 2010 Songkick.com</p>
     </div></div>
-    
+
   </body>
 </html>
 

data/example/views/login.erb

@@ -7,12 +7,12 @@
   <% @oauth2.params.each do |key, value| %>
     <input type="hidden" name="<%= key %>" value="<%= value %>">
   <% end %>
-  
+
   <fieldset>
     <label for="username">Username</label>
     <input type="text" name="username" id="username">
   </fieldset>
-  
+
   <fieldset>
     <input type="submit" value="Sign in">
   </fieldset>

data/example/views/new_client.erb

@@ -17,7 +17,7 @@
     <label for="redirect_uri">Callback URI</label>
     <input type="text" name="redirect_uri" id="redirect_uri">
   </fieldset>
-  
+
   <fieldset>
     <input type="submit" value="Register">
   </fieldset>

data/example/views/new_user.erb

@@ -13,7 +13,7 @@
     <label for="name">Username</label>
     <input type="text" name="username" id="username">
   </fieldset>
-  
+
   <fieldset>
     <input type="submit" value="Register">
   </fieldset>

data/lib/songkick/oauth2/model.rb

@@ -3,34 +3,36 @@ require 'active_record'
 module Songkick
   module OAuth2
     module Model
+      autoload :Helpers,       ROOT + '/oauth2/model/helpers'
       autoload :ClientOwner,   ROOT + '/oauth2/model/client_owner'
       autoload :ResourceOwner, ROOT + '/oauth2/model/resource_owner'
       autoload :Hashing,       ROOT + '/oauth2/model/hashing'
       autoload :Authorization, ROOT + '/oauth2/model/authorization'
       autoload :Client,        ROOT + '/oauth2/model/client'
-      
+
       Schema = Songkick::OAuth2::Schema
-      
+
       DUPLICATE_RECORD_ERRORS = [
         /^Mysql::Error:\s+Duplicate\s+entry\b/,
         /^PG::Error:\s+ERROR:\s+duplicate\s+key\b/,
         /\bConstraintException\b/
       ]
-      
+
       # ActiveRecord::RecordNotUnique was introduced in Rails 3.0 so referring
       # to it while running earlier versions will raise an error. The above
       # error strings should match PostgreSQL, MySQL and SQLite errors on
       # Rails 2. If you're running a different adapter, add a suitable regex to
       # the list:
-      # 
+      #
       #     Songkick::OAuth2::Model::DUPLICATE_RECORD_ERRORS << /DB2 found a dup/
-      # 
+      #
       def self.duplicate_record_error?(error)
         error.class.name == 'ActiveRecord::RecordNotUnique' or
         DUPLICATE_RECORD_ERRORS.any? { |re| re =~ error.message }
       end
-      
+
       def self.find_access_token(access_token)
+        return nil if access_token.nil?
         Authorization.find_by_access_token_hash(Songkick::OAuth2.hashify(access_token))
       end
     end

data/lib/songkick/oauth2/model/authorization.rb

@@ -1,64 +1,64 @@
 module Songkick
   module OAuth2
     module Model
-      
+
       class Authorization < ActiveRecord::Base
         self.table_name = :oauth2_authorizations
-        
+
         belongs_to :oauth2_resource_owner, :polymorphic => true
         alias :owner  :oauth2_resource_owner
         alias :owner= :oauth2_resource_owner=
-        
+
         belongs_to :client, :class_name => 'Songkick::OAuth2::Model::Client'
-        
+
         validates_presence_of :client, :owner
-        
+
         validates_uniqueness_of :code,               :scope => :client_id, :allow_nil => true
         validates_uniqueness_of :refresh_token_hash, :scope => :client_id, :allow_nil => true
         validates_uniqueness_of :access_token_hash,                        :allow_nil => true
-        
+
         attr_accessible nil
-        
+
         class << self
           private :create, :new
         end
-        
+
         extend Hashing
         hashes_attributes :access_token, :refresh_token
-        
+
         def self.create_code(client)
           Songkick::OAuth2.generate_id do |code|
-            client.authorizations.count(:conditions => {:code => code}).zero?
+            Helpers.count(client.authorizations, :code => code).zero?
           end
         end
-        
+
         def self.create_access_token
           Songkick::OAuth2.generate_id do |token|
             hash = Songkick::OAuth2.hashify(token)
-            count(:conditions => {:access_token_hash => hash}).zero?
+            Helpers.count(self, :access_token_hash => hash).zero?
           end
         end
-        
+
         def self.create_refresh_token(client)
           Songkick::OAuth2.generate_id do |refresh_token|
             hash = Songkick::OAuth2.hashify(refresh_token)
-            client.authorizations.count(:conditions => {:refresh_token_hash => hash}).zero?
+            Helpers.count(client.authorizations, :refresh_token_hash => hash).zero?
           end
         end
-        
+
         def self.for(owner, client, attributes = {})
           return nil unless owner and client
-          
+
           unless client.is_a?(Client)
             raise ArgumentError, "The argument should be a #{Client}, instead it was a #{client.class}"
           end
-          
+
           instance = owner.oauth2_authorization_for(client) ||
                      new do |authorization|
                        authorization.owner  = owner
                        authorization.client = client
                      end
-          
+
           case attributes[:response_type]
             when CODE
               instance.code ||= create_code(client)
@@ -70,19 +70,19 @@ module Songkick
               instance.access_token  ||= create_access_token
               instance.refresh_token ||= create_refresh_token(client)
           end
-          
+
           if attributes[:duration]
             instance.expires_at = Time.now + attributes[:duration].to_i
           else
             instance.expires_at = nil
           end
-          
+
           scopes = instance.scopes + (attributes[:scopes] || [])
           scopes += attributes[:scope].split(/\s+/) if attributes[:scope]
           instance.scope = scopes.empty? ? nil : scopes.entries.join(' ')
-          
+
           instance.save && instance
-          
+
         rescue Object => error
           if Model.duplicate_record_error?(error)
             retry
@@ -90,47 +90,47 @@ module Songkick
             raise error
           end
         end
-        
+
         def exchange!
           self.code          = nil
           self.access_token  = self.class.create_access_token
           self.refresh_token = nil
           save!
         end
-        
+
         def expired?
           return false unless expires_at
           expires_at < Time.now
         end
-        
+
         def expires_in
           expires_at && (expires_at - Time.now).ceil
         end
-        
+
         def generate_code
           self.code ||= self.class.create_code(client)
           save && code
         end
-        
+
         def generate_access_token
           self.access_token ||= self.class.create_access_token
           save && access_token
         end
-        
+
         def grants_access?(user, *scopes)
           not expired? and user == owner and in_scope?(scopes)
         end
-        
+
         def in_scope?(request_scope)
           [*request_scope].all?(&scopes.method(:include?))
         end
-        
+
         def scopes
           scopes = scope ? scope.split(/\s+/) : []
           Set.new(scopes)
         end
       end
-      
+
     end
   end
 end