vidibus-oauth2_server 0.0.0 → 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +8 -6
- data/README.rdoc +73 -9
- data/Rakefile +0 -4
- data/VERSION +1 -1
- data/app/controllers/oauth2/authentication_controller.rb +102 -0
- data/app/controllers/oauth2/users_controller.rb +20 -0
- data/config/routes.rb +3 -2
- data/lib/vidibus/oauth2_server/extensions/controller.rb +7 -2
- data/vidibus-oauth2_server.gemspec +38 -21
- metadata +111 -23
- data/.gitignore +0 -22
- data/app/controllers/oauth2_controller.rb +0 -100
data/Gemfile
CHANGED
@@ -6,9 +6,11 @@ gem "vidibus-core_extensions"
|
|
6
6
|
gem "vidibus-uuid"
|
7
7
|
|
8
8
|
# Development dependecies
|
9
|
-
|
10
|
-
gem "
|
11
|
-
gem "
|
12
|
-
gem "
|
13
|
-
gem "
|
14
|
-
gem "
|
9
|
+
group :development do
|
10
|
+
gem "jeweler"
|
11
|
+
gem "rake"
|
12
|
+
gem "rspec", "~> 2.0.0.beta.20"
|
13
|
+
gem "rr"
|
14
|
+
gem "relevance-rcov"
|
15
|
+
gem "webmock"
|
16
|
+
end
|
data/README.rdoc
CHANGED
@@ -16,26 +16,90 @@ Add the dependency to the Gemfile of your application:
|
|
16
16
|
Then call bundle install on your console.
|
17
17
|
|
18
18
|
|
19
|
-
===
|
19
|
+
=== Routes
|
20
20
|
|
21
|
-
|
21
|
+
Two routes will be added to your application. If you use a catch-all route, you will have to define these routes manually:
|
22
22
|
|
23
|
-
|
23
|
+
get "oauth/authorize" => "oauth2#authorize"
|
24
|
+
post "oauth/access_token" => "oauth2#access_token"
|
25
|
+
|
26
|
+
|
27
|
+
=== ApplicationController
|
28
|
+
|
29
|
+
In ApplicationController of your OAuth server application you have to define two methods in order to perform OAuth authentication.
|
30
|
+
|
31
|
+
The first method performs a sign in of the current user. If you use Devise for authentication, this method already exists and works. This is an example that works with Authlogic:
|
32
|
+
|
33
|
+
# Calls authentication method.
|
34
|
+
def authenticate_user!
|
35
|
+
logged_in? or login_required
|
36
|
+
end
|
37
|
+
|
38
|
+
The second method returns a client object with given id. This is an example for usage with vidibus-service gem:
|
24
39
|
|
25
40
|
# Returns Service with given id.
|
26
|
-
# This method is called from Vidibus'
|
27
|
-
|
28
|
-
|
41
|
+
# This method is called from Vidibus' OauthServer gem.
|
42
|
+
# The given client_id comprises the requesting service's
|
43
|
+
# uuid and realm, concatenated by -
|
44
|
+
def oauth2_client(client_id)
|
45
|
+
Service(*client_id.split("-"))
|
46
|
+
end
|
47
|
+
|
48
|
+
|
49
|
+
=== User model
|
50
|
+
|
51
|
+
Your user model has to provide an unique UUID. If you use Mongoid, add the following:
|
52
|
+
|
53
|
+
field :uuid
|
54
|
+
|
55
|
+
If you have an ActiveRecord model, add a migration like this:
|
56
|
+
|
57
|
+
require "uuid"
|
58
|
+
class AddUuidToUsers < ActiveRecord::Migration
|
59
|
+
def self.up
|
60
|
+
add_column :users, :uuid, :string, :null => false
|
61
|
+
add_index :users, :uuid
|
62
|
+
User.all.each do |user|
|
63
|
+
uuid = UUID.new.generate(:compact)
|
64
|
+
user.update_attribute(:uuid, uuid)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
def self.down
|
69
|
+
remove_column :users, :uuid
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
|
74
|
+
=== User controller
|
75
|
+
|
76
|
+
This gem will an action to obtain data of the currently logged in user. The following route will be added:
|
77
|
+
|
78
|
+
get "/oauth/user" => "oauth2/users#show"
|
79
|
+
|
80
|
+
You may overwrite the Oauth2::UsersController class to adjust it to your needs. However, if you want to use the default controller, you'll need a method on your ApplicationController to obtain a user by a given UUID.
|
81
|
+
|
82
|
+
For a typical ActiveRecord model this would be:
|
83
|
+
|
84
|
+
# Returns user matching given uuid
|
85
|
+
def find_user_by_uuid(uuid)
|
86
|
+
User.first(:conditions => {:uuid => uuid})
|
87
|
+
end
|
88
|
+
|
89
|
+
The default #show method delivers a JSON string including name, email and UUID of the current user:
|
90
|
+
|
91
|
+
def show
|
92
|
+
render :json => @user.attributes.only(*%w[name email uuid])
|
29
93
|
end
|
30
94
|
|
31
95
|
|
32
|
-
===
|
96
|
+
=== Client model
|
33
97
|
|
34
|
-
Provide
|
98
|
+
Provide a #domain method to your OAuth client model that returns the domain name of the client. This method is used to validate the redirect_url.
|
35
99
|
|
36
100
|
Before issuing a token, the Oauth2Controller will ensure that the given client_secret is valid. In order to perform this validation, a method #valid_oauth2_secret? must be given on your client model.
|
37
101
|
|
38
|
-
|
102
|
+
If you use the vidibus-service gem, you'll get this method on the service model:
|
39
103
|
|
40
104
|
# Returns true if given client_secret matches signature.
|
41
105
|
def valid_oauth2_secret?(client_secret)
|
data/Rakefile
CHANGED
@@ -10,10 +10,6 @@ begin
|
|
10
10
|
gem.email = "andre@vidibus.com"
|
11
11
|
gem.homepage = "http://github.com/vidibus/vidibus-oauth2_server"
|
12
12
|
gem.authors = ["Andre Pankratz"]
|
13
|
-
gem.add_dependency "rails", "~> 3.0.0"
|
14
|
-
gem.add_dependency "mongoid", "~> 2.0.0.beta.20"
|
15
|
-
gem.add_dependency "vidibus-core_extensions"
|
16
|
-
gem.add_dependency "vidibus-uuid"
|
17
13
|
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
18
14
|
end
|
19
15
|
Jeweler::GemcutterTasks.new
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.1
|
@@ -0,0 +1,102 @@
|
|
1
|
+
module Oauth2
|
2
|
+
class AuthenticationController < ApplicationController
|
3
|
+
skip_before_filter :verify_authenticity_token
|
4
|
+
|
5
|
+
around_filter :oauth2_error_handler
|
6
|
+
|
7
|
+
before_filter :validate_oauth2_type!
|
8
|
+
before_filter :validate_oauth2_client_id!
|
9
|
+
before_filter :validate_oauth2_redirect_url!
|
10
|
+
|
11
|
+
before_filter :authenticate_user!, :only => :authorize
|
12
|
+
before_filter :validate_oauth2_client_secret!, :only => :access_token
|
13
|
+
|
14
|
+
def authorize
|
15
|
+
args = params.slice(:client_id, :redirect_url)
|
16
|
+
args[:user_id] = current_user.uuid
|
17
|
+
token = Oauth2Token.create!(args)
|
18
|
+
uri_params = { :code => token.code }
|
19
|
+
uri_params[:state] = params[:state] if params.has_key?(:state)
|
20
|
+
uri = build_uri(params[:redirect_url], uri_params)
|
21
|
+
redirect_to(uri)
|
22
|
+
end
|
23
|
+
|
24
|
+
def access_token
|
25
|
+
token = Oauth2Token.find!(params)
|
26
|
+
render :text => { :access_token => token.token }.to_uri, :type => :url_encoded_form, :status => :ok
|
27
|
+
end
|
28
|
+
|
29
|
+
protected
|
30
|
+
|
31
|
+
# Ensures that the type of flow is supported
|
32
|
+
def validate_oauth2_type!
|
33
|
+
type = params[:type]
|
34
|
+
raise Vidibus::Oauth2Server::MissingTypeError if type.blank?
|
35
|
+
raise Vidibus::Oauth2Server::UnsupportedTypeError unless Vidibus::Oauth2Server::FLOWS.include?(type)
|
36
|
+
end
|
37
|
+
|
38
|
+
# Ensures that given client id is valid
|
39
|
+
def validate_oauth2_client_id!
|
40
|
+
raise Vidibus::Oauth2Server::MissingClientIdError if params[:client_id].blank?
|
41
|
+
@oauth2_client = oauth2_client(params[:client_id])
|
42
|
+
raise Vidibus::Oauth2Server::InvalidClientIdError unless @oauth2_client
|
43
|
+
end
|
44
|
+
|
45
|
+
# Ensures that redirect_url is valid for given client.
|
46
|
+
def validate_oauth2_redirect_url!
|
47
|
+
redirect_url = params[:redirect_url]
|
48
|
+
raise Vidibus::Oauth2Server::MissingRedirectUrlError if redirect_url.blank?
|
49
|
+
raise Vidibus::Oauth2Server::MalformedRedirectUrlError unless valid_uri?(redirect_url)
|
50
|
+
unless redirect_url.match(/^https?:\/\/([a-z0-9]+\.)?#{@oauth2_client.domain}/) # allow subdomains but ensure host of client application
|
51
|
+
raise Vidibus::Oauth2Server::InvalidRedirectUrlError
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
# Ensures that given client_secret is valid for given client.
|
56
|
+
def validate_oauth2_client_secret!
|
57
|
+
raise Vidibus::Oauth2Server::InvalidClientSecretError unless @oauth2_client.valid_oauth2_secret?(params[:client_secret])
|
58
|
+
end
|
59
|
+
|
60
|
+
# Returns error message for given exception.
|
61
|
+
def oauth2_error_handler
|
62
|
+
begin
|
63
|
+
yield
|
64
|
+
rescue Vidibus::Oauth2Server::MissingTypeError
|
65
|
+
error = "missing_type"
|
66
|
+
rescue Vidibus::Oauth2Server::UnsupportedTypeError
|
67
|
+
error = "unsupported_type"
|
68
|
+
rescue Vidibus::Oauth2Server::MissingClientIdError
|
69
|
+
error = "missing_client_id"
|
70
|
+
rescue Vidibus::Oauth2Server::InvalidClientIdError
|
71
|
+
error = "invalid_client_id"
|
72
|
+
rescue Vidibus::Oauth2Server::InvalidClientSecretError
|
73
|
+
error = "invalid_client_secret"
|
74
|
+
rescue Vidibus::Oauth2Server::MissingRedirectUrlError
|
75
|
+
error = "missing_redirect_url"
|
76
|
+
rescue Vidibus::Oauth2Server::MalformedRedirectUrlError
|
77
|
+
error = "malformed_redirect_url"
|
78
|
+
rescue Vidibus::Oauth2Server::InvalidRedirectUrlError
|
79
|
+
error = "invalid_redirect_url"
|
80
|
+
rescue Vidibus::Oauth2Server::MissingCodeError
|
81
|
+
error = "missing_code"
|
82
|
+
rescue Vidibus::Oauth2Server::InvalidCodeError
|
83
|
+
error = "invalid_code"
|
84
|
+
rescue Vidibus::Oauth2Server::ExpiredCodeError
|
85
|
+
error = "expired_code"
|
86
|
+
rescue Vidibus::Oauth2Server::InvalidTokenError
|
87
|
+
error = "invalid_token"
|
88
|
+
rescue Vidibus::Oauth2Server::ExpiredTokenError
|
89
|
+
error = "expired_token"
|
90
|
+
ensure
|
91
|
+
if error
|
92
|
+
status ||= :bad_request
|
93
|
+
render :text => I18n.t("oauth2_server.errors.#{error}"), :status => status
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
# Autorization error?
|
98
|
+
# :status => :unauthorized # The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.
|
99
|
+
# :status => :forbidden # Maybe better?
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Oauth2
|
2
|
+
class UsersController < ApplicationController
|
3
|
+
before_filter :ensure_token!
|
4
|
+
before_filter :find_user
|
5
|
+
|
6
|
+
def show
|
7
|
+
render :json => @user.attributes.only(*%w[name email uuid])
|
8
|
+
end
|
9
|
+
|
10
|
+
protected
|
11
|
+
|
12
|
+
def find_user
|
13
|
+
@user = find_user_by_uuid(@access_token.user_id) or render(:nothing => true, :status => :bad_request)
|
14
|
+
end
|
15
|
+
|
16
|
+
def ensure_token!
|
17
|
+
@access_token = Oauth2Token.find!(:token => params[:access_token])
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
data/config/routes.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
Rails.application.routes.draw do
|
2
|
-
|
3
|
-
|
2
|
+
get "/oauth/authorize" => "oauth2/authentication#authorize"
|
3
|
+
post "/oauth/access_token" => "oauth2/authentication#access_token"
|
4
|
+
get "/oauth/user" => "oauth2/users#show"
|
4
5
|
end
|
@@ -7,12 +7,17 @@ module Vidibus
|
|
7
7
|
|
8
8
|
# Authenticates user.
|
9
9
|
def authenticate_user!
|
10
|
-
raise "Add a method authenticate_user! to your ApplicationController that authenticates the user
|
10
|
+
raise "Add a method #authenticate_user! to your ApplicationController that authenticates the user."
|
11
|
+
end
|
12
|
+
|
13
|
+
# Returns user with matching uuid.
|
14
|
+
def find_user_by_uuid(uuid)
|
15
|
+
raise "Add a method #find_user_by_uuid to your ApplicationController to return a user with matching uuid."
|
11
16
|
end
|
12
17
|
|
13
18
|
# Returns Oauth2 client application matching given id.
|
14
19
|
def oauth2_client(id)
|
15
|
-
raise "Add a method oauth2_client to your ApplicationController that returns the OAuth client application for given id."
|
20
|
+
raise "Add a method #oauth2_client to your ApplicationController that returns the OAuth client application for given id."
|
16
21
|
end
|
17
22
|
end
|
18
23
|
end
|
@@ -1,42 +1,41 @@
|
|
1
1
|
# Generated by jeweler
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{vidibus-oauth2_server}
|
8
|
-
s.version = "0.0.
|
8
|
+
s.version = "0.0.1"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Andre Pankratz"]
|
12
|
-
s.date = %q{
|
12
|
+
s.date = %q{2011-01-14}
|
13
13
|
s.description = %q{OAuth2 server for Rails 3 with Mongoid.}
|
14
14
|
s.email = %q{andre@vidibus.com}
|
15
15
|
s.extra_rdoc_files = [
|
16
16
|
"LICENSE",
|
17
|
-
|
17
|
+
"README.rdoc"
|
18
18
|
]
|
19
19
|
s.files = [
|
20
20
|
".document",
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
21
|
+
"Gemfile",
|
22
|
+
"Gemfile.lock",
|
23
|
+
"LICENSE",
|
24
|
+
"README.rdoc",
|
25
|
+
"Rakefile",
|
26
|
+
"VERSION",
|
27
|
+
"app/controllers/oauth2/authentication_controller.rb",
|
28
|
+
"app/controllers/oauth2/users_controller.rb",
|
29
|
+
"app/models/oauth2_token.rb",
|
30
|
+
"config/locales/en.yml",
|
31
|
+
"config/routes.rb",
|
32
|
+
"lib/vidibus-oauth2_server.rb",
|
33
|
+
"lib/vidibus/oauth2_server.rb",
|
34
|
+
"lib/vidibus/oauth2_server/extensions.rb",
|
35
|
+
"lib/vidibus/oauth2_server/extensions/controller.rb",
|
36
|
+
"vidibus-oauth2_server.gemspec"
|
37
37
|
]
|
38
38
|
s.homepage = %q{http://github.com/vidibus/vidibus-oauth2_server}
|
39
|
-
s.rdoc_options = ["--charset=UTF-8"]
|
40
39
|
s.require_paths = ["lib"]
|
41
40
|
s.rubygems_version = %q{1.3.7}
|
42
41
|
s.summary = %q{OAuth2 server for Rails 3 with Mongoid.}
|
@@ -50,17 +49,35 @@ Gem::Specification.new do |s|
|
|
50
49
|
s.add_runtime_dependency(%q<mongoid>, ["~> 2.0.0.beta.20"])
|
51
50
|
s.add_runtime_dependency(%q<vidibus-core_extensions>, [">= 0"])
|
52
51
|
s.add_runtime_dependency(%q<vidibus-uuid>, [">= 0"])
|
52
|
+
s.add_development_dependency(%q<jeweler>, [">= 0"])
|
53
|
+
s.add_development_dependency(%q<rake>, [">= 0"])
|
54
|
+
s.add_development_dependency(%q<rspec>, ["~> 2.0.0.beta.20"])
|
55
|
+
s.add_development_dependency(%q<rr>, [">= 0"])
|
56
|
+
s.add_development_dependency(%q<relevance-rcov>, [">= 0"])
|
57
|
+
s.add_development_dependency(%q<webmock>, [">= 0"])
|
53
58
|
else
|
54
59
|
s.add_dependency(%q<rails>, ["~> 3.0.0"])
|
55
60
|
s.add_dependency(%q<mongoid>, ["~> 2.0.0.beta.20"])
|
56
61
|
s.add_dependency(%q<vidibus-core_extensions>, [">= 0"])
|
57
62
|
s.add_dependency(%q<vidibus-uuid>, [">= 0"])
|
63
|
+
s.add_dependency(%q<jeweler>, [">= 0"])
|
64
|
+
s.add_dependency(%q<rake>, [">= 0"])
|
65
|
+
s.add_dependency(%q<rspec>, ["~> 2.0.0.beta.20"])
|
66
|
+
s.add_dependency(%q<rr>, [">= 0"])
|
67
|
+
s.add_dependency(%q<relevance-rcov>, [">= 0"])
|
68
|
+
s.add_dependency(%q<webmock>, [">= 0"])
|
58
69
|
end
|
59
70
|
else
|
60
71
|
s.add_dependency(%q<rails>, ["~> 3.0.0"])
|
61
72
|
s.add_dependency(%q<mongoid>, ["~> 2.0.0.beta.20"])
|
62
73
|
s.add_dependency(%q<vidibus-core_extensions>, [">= 0"])
|
63
74
|
s.add_dependency(%q<vidibus-uuid>, [">= 0"])
|
75
|
+
s.add_dependency(%q<jeweler>, [">= 0"])
|
76
|
+
s.add_dependency(%q<rake>, [">= 0"])
|
77
|
+
s.add_dependency(%q<rspec>, ["~> 2.0.0.beta.20"])
|
78
|
+
s.add_dependency(%q<rr>, [">= 0"])
|
79
|
+
s.add_dependency(%q<relevance-rcov>, [">= 0"])
|
80
|
+
s.add_dependency(%q<webmock>, [">= 0"])
|
64
81
|
end
|
65
82
|
end
|
66
83
|
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vidibus-oauth2_server
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 29
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 1
|
10
|
+
version: 0.0.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Andre Pankratz
|
@@ -15,13 +15,14 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date:
|
18
|
+
date: 2011-01-14 00:00:00 +01:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
22
|
-
|
22
|
+
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
|
24
|
+
name: rails
|
25
|
+
version_requirements: &id001 !ruby/object:Gem::Requirement
|
25
26
|
none: false
|
26
27
|
requirements:
|
27
28
|
- - ~>
|
@@ -32,12 +33,12 @@ dependencies:
|
|
32
33
|
- 0
|
33
34
|
- 0
|
34
35
|
version: 3.0.0
|
35
|
-
|
36
|
-
version_requirements: *id001
|
36
|
+
requirement: *id001
|
37
37
|
- !ruby/object:Gem::Dependency
|
38
|
-
|
38
|
+
type: :runtime
|
39
39
|
prerelease: false
|
40
|
-
|
40
|
+
name: mongoid
|
41
|
+
version_requirements: &id002 !ruby/object:Gem::Requirement
|
41
42
|
none: false
|
42
43
|
requirements:
|
43
44
|
- - ~>
|
@@ -50,12 +51,12 @@ dependencies:
|
|
50
51
|
- beta
|
51
52
|
- 20
|
52
53
|
version: 2.0.0.beta.20
|
53
|
-
|
54
|
-
version_requirements: *id002
|
54
|
+
requirement: *id002
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
|
56
|
+
type: :runtime
|
57
57
|
prerelease: false
|
58
|
-
|
58
|
+
name: vidibus-core_extensions
|
59
|
+
version_requirements: &id003 !ruby/object:Gem::Requirement
|
59
60
|
none: false
|
60
61
|
requirements:
|
61
62
|
- - ">="
|
@@ -64,12 +65,26 @@ dependencies:
|
|
64
65
|
segments:
|
65
66
|
- 0
|
66
67
|
version: "0"
|
67
|
-
|
68
|
-
version_requirements: *id003
|
68
|
+
requirement: *id003
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
|
+
type: :runtime
|
71
|
+
prerelease: false
|
70
72
|
name: vidibus-uuid
|
73
|
+
version_requirements: &id004 !ruby/object:Gem::Requirement
|
74
|
+
none: false
|
75
|
+
requirements:
|
76
|
+
- - ">="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
hash: 3
|
79
|
+
segments:
|
80
|
+
- 0
|
81
|
+
version: "0"
|
82
|
+
requirement: *id004
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
type: :development
|
71
85
|
prerelease: false
|
72
|
-
|
86
|
+
name: jeweler
|
87
|
+
version_requirements: &id005 !ruby/object:Gem::Requirement
|
73
88
|
none: false
|
74
89
|
requirements:
|
75
90
|
- - ">="
|
@@ -78,8 +93,81 @@ dependencies:
|
|
78
93
|
segments:
|
79
94
|
- 0
|
80
95
|
version: "0"
|
81
|
-
|
82
|
-
|
96
|
+
requirement: *id005
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
type: :development
|
99
|
+
prerelease: false
|
100
|
+
name: rake
|
101
|
+
version_requirements: &id006 !ruby/object:Gem::Requirement
|
102
|
+
none: false
|
103
|
+
requirements:
|
104
|
+
- - ">="
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
hash: 3
|
107
|
+
segments:
|
108
|
+
- 0
|
109
|
+
version: "0"
|
110
|
+
requirement: *id006
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
type: :development
|
113
|
+
prerelease: false
|
114
|
+
name: rspec
|
115
|
+
version_requirements: &id007 !ruby/object:Gem::Requirement
|
116
|
+
none: false
|
117
|
+
requirements:
|
118
|
+
- - ~>
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
hash: 62196427
|
121
|
+
segments:
|
122
|
+
- 2
|
123
|
+
- 0
|
124
|
+
- 0
|
125
|
+
- beta
|
126
|
+
- 20
|
127
|
+
version: 2.0.0.beta.20
|
128
|
+
requirement: *id007
|
129
|
+
- !ruby/object:Gem::Dependency
|
130
|
+
type: :development
|
131
|
+
prerelease: false
|
132
|
+
name: rr
|
133
|
+
version_requirements: &id008 !ruby/object:Gem::Requirement
|
134
|
+
none: false
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
hash: 3
|
139
|
+
segments:
|
140
|
+
- 0
|
141
|
+
version: "0"
|
142
|
+
requirement: *id008
|
143
|
+
- !ruby/object:Gem::Dependency
|
144
|
+
type: :development
|
145
|
+
prerelease: false
|
146
|
+
name: relevance-rcov
|
147
|
+
version_requirements: &id009 !ruby/object:Gem::Requirement
|
148
|
+
none: false
|
149
|
+
requirements:
|
150
|
+
- - ">="
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
hash: 3
|
153
|
+
segments:
|
154
|
+
- 0
|
155
|
+
version: "0"
|
156
|
+
requirement: *id009
|
157
|
+
- !ruby/object:Gem::Dependency
|
158
|
+
type: :development
|
159
|
+
prerelease: false
|
160
|
+
name: webmock
|
161
|
+
version_requirements: &id010 !ruby/object:Gem::Requirement
|
162
|
+
none: false
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
hash: 3
|
167
|
+
segments:
|
168
|
+
- 0
|
169
|
+
version: "0"
|
170
|
+
requirement: *id010
|
83
171
|
description: OAuth2 server for Rails 3 with Mongoid.
|
84
172
|
email: andre@vidibus.com
|
85
173
|
executables: []
|
@@ -91,14 +179,14 @@ extra_rdoc_files:
|
|
91
179
|
- README.rdoc
|
92
180
|
files:
|
93
181
|
- .document
|
94
|
-
- .gitignore
|
95
182
|
- Gemfile
|
96
183
|
- Gemfile.lock
|
97
184
|
- LICENSE
|
98
185
|
- README.rdoc
|
99
186
|
- Rakefile
|
100
187
|
- VERSION
|
101
|
-
- app/controllers/
|
188
|
+
- app/controllers/oauth2/authentication_controller.rb
|
189
|
+
- app/controllers/oauth2/users_controller.rb
|
102
190
|
- app/models/oauth2_token.rb
|
103
191
|
- config/locales/en.yml
|
104
192
|
- config/routes.rb
|
@@ -112,8 +200,8 @@ homepage: http://github.com/vidibus/vidibus-oauth2_server
|
|
112
200
|
licenses: []
|
113
201
|
|
114
202
|
post_install_message:
|
115
|
-
rdoc_options:
|
116
|
-
|
203
|
+
rdoc_options: []
|
204
|
+
|
117
205
|
require_paths:
|
118
206
|
- lib
|
119
207
|
required_ruby_version: !ruby/object:Gem::Requirement
|
data/.gitignore
DELETED
@@ -1,100 +0,0 @@
|
|
1
|
-
class Oauth2Controller < ApplicationController
|
2
|
-
skip_before_filter :verify_authenticity_token
|
3
|
-
|
4
|
-
around_filter :oauth2_error_handler
|
5
|
-
|
6
|
-
before_filter :validate_oauth2_type!
|
7
|
-
before_filter :validate_oauth2_client_id!
|
8
|
-
before_filter :validate_oauth2_redirect_url!
|
9
|
-
|
10
|
-
before_filter :authenticate_user!, :only => :authorize
|
11
|
-
before_filter :validate_oauth2_client_secret!, :only => :access_token
|
12
|
-
|
13
|
-
def authorize
|
14
|
-
args = params.slice(:client_id, :redirect_url)
|
15
|
-
args[:user_id] = current_user.uuid
|
16
|
-
token = Oauth2Token.create!(args)
|
17
|
-
uri_params = { :code => token.code }
|
18
|
-
uri_params[:state] = params[:state] if params.has_key?(:state)
|
19
|
-
uri = build_uri(params[:redirect_url], uri_params)
|
20
|
-
redirect_to(uri)
|
21
|
-
end
|
22
|
-
|
23
|
-
def access_token
|
24
|
-
token = Oauth2Token.find!(params)
|
25
|
-
render :text => { :access_token => token.token }.to_uri, :type => :url_encoded_form, :status => :ok
|
26
|
-
end
|
27
|
-
|
28
|
-
protected
|
29
|
-
|
30
|
-
# Ensures that the type of flow is supported
|
31
|
-
def validate_oauth2_type!
|
32
|
-
type = params[:type]
|
33
|
-
raise Vidibus::Oauth2Server::MissingTypeError if type.blank?
|
34
|
-
raise Vidibus::Oauth2Server::UnsupportedTypeError unless Vidibus::Oauth2Server::FLOWS.include?(type)
|
35
|
-
end
|
36
|
-
|
37
|
-
# Ensures that given client id is valid
|
38
|
-
def validate_oauth2_client_id!
|
39
|
-
raise Vidibus::Oauth2Server::MissingClientIdError if params[:client_id].blank?
|
40
|
-
@oauth2_client = oauth2_client(params[:client_id])
|
41
|
-
raise Vidibus::Oauth2Server::InvalidClientIdError unless @oauth2_client
|
42
|
-
end
|
43
|
-
|
44
|
-
# Ensures that redirect_url is valid for given client.
|
45
|
-
def validate_oauth2_redirect_url!
|
46
|
-
redirect_url = params[:redirect_url]
|
47
|
-
raise Vidibus::Oauth2Server::MissingRedirectUrlError if redirect_url.blank?
|
48
|
-
raise Vidibus::Oauth2Server::MalformedRedirectUrlError unless valid_uri?(redirect_url)
|
49
|
-
unless redirect_url.match(/^https?:\/\/([a-z0-9]+\.)?#{@oauth2_client.domain}/) # allow subdomains but ensure host of client application
|
50
|
-
raise Vidibus::Oauth2Server::InvalidRedirectUrlError
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
# Ensures that given client_secret is valid for given client.
|
55
|
-
def validate_oauth2_client_secret!
|
56
|
-
raise Vidibus::Oauth2Server::InvalidClientSecretError unless @oauth2_client.valid_oauth2_secret?(params[:client_secret])
|
57
|
-
end
|
58
|
-
|
59
|
-
# Returns error message for given exception.
|
60
|
-
def oauth2_error_handler
|
61
|
-
begin
|
62
|
-
yield
|
63
|
-
rescue Vidibus::Oauth2Server::MissingTypeError
|
64
|
-
error = "missing_type"
|
65
|
-
rescue Vidibus::Oauth2Server::UnsupportedTypeError
|
66
|
-
error = "unsupported_type"
|
67
|
-
rescue Vidibus::Oauth2Server::MissingClientIdError
|
68
|
-
error = "missing_client_id"
|
69
|
-
rescue Vidibus::Oauth2Server::InvalidClientIdError
|
70
|
-
error = "invalid_client_id"
|
71
|
-
rescue Vidibus::Oauth2Server::InvalidClientSecretError
|
72
|
-
error = "invalid_client_secret"
|
73
|
-
rescue Vidibus::Oauth2Server::MissingRedirectUrlError
|
74
|
-
error = "missing_redirect_url"
|
75
|
-
rescue Vidibus::Oauth2Server::MalformedRedirectUrlError
|
76
|
-
error = "malformed_redirect_url"
|
77
|
-
rescue Vidibus::Oauth2Server::InvalidRedirectUrlError
|
78
|
-
error = "invalid_redirect_url"
|
79
|
-
rescue Vidibus::Oauth2Server::MissingCodeError
|
80
|
-
error = "missing_code"
|
81
|
-
rescue Vidibus::Oauth2Server::InvalidCodeError
|
82
|
-
error = "invalid_code"
|
83
|
-
rescue Vidibus::Oauth2Server::ExpiredCodeError
|
84
|
-
error = "expired_code"
|
85
|
-
rescue Vidibus::Oauth2Server::InvalidTokenError
|
86
|
-
error = "invalid_token"
|
87
|
-
rescue Vidibus::Oauth2Server::ExpiredTokenError
|
88
|
-
error = "expired_token"
|
89
|
-
ensure
|
90
|
-
if error
|
91
|
-
status ||= :bad_request
|
92
|
-
render :text => I18n.t("oauth2_server.errors.#{error}"), :status => status
|
93
|
-
end
|
94
|
-
end
|
95
|
-
|
96
|
-
# Autorization error?
|
97
|
-
# :status => :unauthorized # The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.
|
98
|
-
# :status => :forbidden # Maybe better?
|
99
|
-
end
|
100
|
-
end
|