wine_bouncer 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 33c8d82f673d5c4f4354784ebcab2081d5562b25
+  data.tar.gz: 271ef498942ca797c4102849fdb9f9b2ed6885f4
+SHA512:
+  metadata.gz: 24fff99dcf71fcc75aea4765bb7f7f2b8c3b63d14cde019cca8161792dbfd0bbcafe1a4a7f92dda4e9d0475cbee74f82a27f4b983d8524aeb95b384f39f7f41d
+  data.tar.gz: 2470e61c6cb6f4321808105b006a6138c88f3860637327588de6c6cff0082d547ff0d6d41acece1af02904766fb80951a7b5cb112747752de910fad8322122d5

data/.gitignore

@@ -0,0 +1,21 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.idea/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+.rvmrc
+.DS_Store
+log/*.log
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,13 @@
+before_install:
+  - gem update bundler
+  - bundle --version
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0
+  - 2.1
+env:
+  - rails=3.1.12
+  - rails=3.2.18
+  - rails=4.0.5
+  - rails=4.1.1

data/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+
+gem 'rails', ENV['rails']
+
+gem 'activerecord'
+
+
+# Specify your gem's dependencies in wine_bouncer.gemspec
+gemspec
+
+

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Antek Drzewiecki
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,34 @@
+# WineBouncer
+
+[![Build Status](https://travis-ci.org/Antek-drzewiecki/wine_bouncer.svg?branch=master)](https://travis-ci.org/Antek-drzewiecki/wine_bouncer)
+
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'wine_bouncer'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install wine_bouncer
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/wine_bouncer/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,12 @@
+require "bundler/gem_tasks"
+
+require 'rspec/core/rake_task'
+
+
+desc 'Default: Run all specs.'
+task :default => :spec
+
+desc "Run all specs"
+RSpec::Core::RakeTask.new(:spec)
+
+Bundler::GemHelper.install_tasks

data/lib/wine_bouncer/auth_methods/auth_methods.rb

@@ -0,0 +1,25 @@
+module WineBouncer
+  module AuthMethods
+    attr_accessor :doorkeeper_access_token
+
+    def current_user
+      User.find(doorkeeper_access_token.resource_owner_id) if doorkeeper_access_token
+    end
+
+    def doorkeeper_access_token
+      @_doorkeeper_access_token
+    end
+
+    def doorkeeper_access_token=(token)
+      @_doorkeeper_access_token = token
+    end
+
+    def has_doorkeeper_token?
+      !!@_doorkeeper_access_token
+    end
+
+    def has_resource_owner?
+      has_doorkeeper_token? && !!doorkeeper_access_token.resource_owner_id
+    end
+  end
+end

data/lib/wine_bouncer/errors.rb

@@ -0,0 +1,6 @@
+module WineBouncer
+  module Errors
+    class OAuthUnauthorizedError < StandardError; end
+    class OAuthForbiddenError < StandardError; end
+  end
+end

data/lib/wine_bouncer/oauth2.rb

@@ -0,0 +1,115 @@
+module WineBouncer
+  class OAuth2 < Grape::Middleware::Base
+
+    ###
+    # returns the api context
+    ###
+    def context
+      env['api.endpoint']
+    end
+
+    ###
+    # DoorKeeper stuff.
+    ###
+
+    ###
+    # Sets and converts a rack request to a ActionDispatch request, which is required for DoorKeeper to function.
+    ###
+    def doorkeeper_request=(env)
+      @_doorkeeper_request = ActionDispatch::Request.new(env)
+    end
+
+
+    ###
+    # Returns the request context.
+    ###
+    def doorkeeper_request
+      @_doorkeeper_request
+    end
+
+    ###
+    # Authenticates from a request and returns a valid or invalid token.
+    ###
+    def doorkeeper_token
+      @_doorkeeper_token ||= Doorkeeper.authenticate(doorkeeper_request,Doorkeeper.configuration.access_token_methods)
+    end
+
+    ###
+    # Returns true if the doorkeeper token is valid, false otherwise.
+    ###
+    def valid_doorkeeper_token?(*scopes)
+      doorkeeper_token && doorkeeper_token.acceptable?(scopes)
+    end
+
+    ###
+    # Authorization control.
+    ###
+
+    ###
+    # Returns true if the Api endpoint, method is configured as an protected method, false otherwise.
+    ###
+    def has_authorizations?
+      context && context.options && context.options[:route_options] && endpoint_authorizations
+    end
+
+    ###
+    # Returns the endpoint authorizations hash.
+    # This hash contains all authorization methods.
+    ###
+    def endpoint_authorizations
+      @_authorizations ||= context.options[:route_options][:authorizations]
+    end
+
+    ###
+    # returns true if the endpoint is protected, otherwise false
+    # Currently it only accepts oauth2.
+    ###
+    def endpoint_protected?
+      has_authorizations? && !!endpoint_authorizations[:oauth2]
+    end
+
+    ###
+    # Returns all auth scopes from an protected endpoint.
+    # [ nil ] if none, otherwise an array of [ :scopes ]
+    ###
+    def auth_scopes
+      return *nil if endpoint_authorizations[:oauth2].empty?
+      endpoint_authorizations[:oauth2].map{|hash| hash[:scope].to_sym}
+    end
+
+    ###
+    # This method handles the authorization, raises errors if authorization has failed.
+    ###
+    def doorkeeper_authorize!(*scopes)
+      scopes = Doorkeeper.configuration.default_scopes if scopes.empty?
+      unless valid_doorkeeper_token?(*scopes)
+        if !doorkeeper_token || !doorkeeper_token.accessible?
+          error = Doorkeeper::OAuth::InvalidTokenResponse.from_access_token(doorkeeper_token)
+          raise WineBouncer::Errors::OAuthUnauthorizedError, 'unauthorized'
+        else
+          error = Doorkeeper::OAuth::ForbiddenTokenResponse.from_scopes(scopes)
+          raise WineBouncer::Errors::OAuthForbiddenError, "missing permissions"
+        end
+
+        # headers.merge!(error.headers.reject { |k| ['Content-Type'].include? k })
+        # doorkeeper_error_renderer(error, options)
+      end
+    end
+
+    ###
+    # Grape middleware methods
+    ###
+
+    ###
+    # Before do.
+    ###
+    def before
+      return unless endpoint_protected?
+      self.doorkeeper_request= env # set request for later use.
+      doorkeeper_authorize! *auth_scopes
+      env['api.endpoint'].extend(WineBouncer::AuthMethods)
+      env['api.endpoint'].doorkeeper_access_token = doorkeeper_token
+    end
+
+  end
+end

data/lib/wine_bouncer/version.rb

@@ -0,0 +1,3 @@
+module WineBouncer
+  VERSION = "0.0.1"
+end

data/lib/wine_bouncer.rb

@@ -0,0 +1,9 @@
+require 'grape'
+require 'doorkeeper'
+require 'wine_bouncer/version'
+require 'wine_bouncer/errors'
+require 'wine_bouncer/oauth2'
+require 'wine_bouncer/auth_methods/auth_methods'
+
+module WineBouncer
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/spec/dummy/app/api/api.rb

@@ -0,0 +1,35 @@
+module Api
+
+  ###
+  # Api under test, default doorkeeper scope is 'account'
+  ##
+  class MountedApiUnderTest < Grape::API
+    desc 'Document root', authorizations: { oauth2: [{ scope: 'public', description: 'anything' }] }
+    get '/protected' do
+      { hello: 'world' }
+    end
+    desc 'Document root', authorizations: { oauth2: [{ scope: 'private', description: 'anything' }] }
+    get '/protected_with_private_scope' do
+      { hello: 'scoped world' }
+    end
+    get '/unprotected' do
+      { hello: 'unprotected world' }
+    end
+    desc 'Document root', authorizations: { oauth2: [{ scope: 'public', description: 'anything' }] }
+    get '/protected_user' do
+      { hello: current_user.name }
+    end
+    desc 'Document root', authorizations: { oauth2: [] }
+    get '/protected_without_scope' do
+      { hello: 'protected unscoped world' }
+    end
+  end
+
+  class ApiUnderTest < Grape::API
+    default_format :json
+    format :json
+    use ::WineBouncer::OAuth2
+    mount MountedApiUnderTest
+  end
+
+end

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,2 @@
+class User < ActiveRecord::Base
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/config/application.rb

@@ -0,0 +1,31 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "action_view/railtie"
+require "sprockets/railtie"
+
+# require "rails/test_unit/railtie"
+
+Bundler.require(*Rails.groups)
+require 'doorkeeper'
+require "wine_bouncer"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,5 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+#
+default: &default
+  adapter: sqlite3
+  pool: 5
+  timeout: 5000
+
+development:
+  <<: *default
+  database: db/development.sqlite3
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  <<: *default
+  database: ":memory:"
+
+production:
+  <<: *default
+  database: db/production.sqlite3

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,37 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+
+  # Adds additional error checking when serving assets at runtime.
+  # Checks for improperly declared sprockets dependencies.
+  # Raises helpful error messages.
+  config.assets.raise_runtime_errors = true
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,78 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this).
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # Generate digests for assets URLs.
+  config.assets.digest = true
+
+  # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Set to :debug to see everything in the log.
+  config.log_level = :info
+
+  # Prepend all log lines with the following tags.
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups.
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Disable automatic flushing of the log to improve performance.
+  # config.autoflush_log = false
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+end