app/controllers/api_controller.rb app/controllers/oauth_controller.rb app/helpers/api_helper.rb app/helpers/oauth_helper.rb app/models/oauth_access_token.rb app/models/oauth_consumer.rb app/models/oauth_request_token.rb app/models/oauth_token.rb app/models/user.rb config/initializers/oauth.rb db/migrate/001_create_oauth_tokens.rb db/migrate/002_create_oauth_consumers.rb db/migrate/003_create_users.rb db/migrate/004_create_default_consumer.rb test/fixtures/oauth_consumers.yml test/fixtures/oauth_tokens.yml test/fixtures/users.yml test/functional/api_controller_test.rb test/functional/oauth_controller_test.rb test/unit/oauth_consumer_test.rb test/unit/oauth_token_test.rb test/unit/user_test.rb @@ -1,206 +1 @@ -== Welcome to Rails - -Rails is a web-application and persistence framework that includes everything -needed to create database-backed web-applications according to the -Model-View-Control pattern of separation. This pattern splits the view (also -called the presentation) into "dumb" templates that are primarily responsible -for inserting pre-built data in between HTML tags. The model contains the -"smart" domain objects (such as Account, Product, Person, Post) that holds all -the business logic and knows how to persist themselves to a database. The -controller handles the incoming requests (such as Save New Account, Update -Product, Show Post) by manipulating the model and directing data to the view. - -In Rails, the model is handled by what's called an object-relational mapping -layer entitled Active Record. This layer allows you to present the data from -database rows as objects and embellish these data objects with business logic -methods. You can read more about Active Record in -link:files/vendor/rails/activerecord/README.html. - -The controller and view are handled by the Action Pack, which handles both -layers by its two parts: Action View and Action Controller. These two layers -are bundled in a single package due to their heavy interdependence. This is -unlike the relationship between the Active Record and Action Pack that is much -more separate. Each of these packages can be used independently outside of -Rails. You can read more about Action Pack in -link:files/vendor/rails/actionpack/README.html. - - -== Getting Started - -1. At the command prompt, start a new Rails application using the <tt>rails</tt> command - and your application name. Ex: rails myapp - (If you've downloaded Rails in a complete tgz or zip, this step is already done) -2. Change directory into myapp and start the web server: <tt>script/server</tt> (run with --help for options) -3. Go to http://localhost:3000/ and get "Welcome aboard: You’re riding the Rails!" -4. Follow the guidelines to start developing your application - - -== Web Servers - -By default, Rails will try to use Mongrel and lighttpd if they are installed, otherwise -Rails will use WEBrick, the webserver that ships with Ruby. When you run script/server, -Rails will check if Mongrel exists, then lighttpd and finally fall back to WEBrick. This ensures -that you can always get up and running quickly. - -Mongrel is a Ruby-based webserver with a C component (which requires compilation) that is -suitable for development and deployment of Rails applications. If you have Ruby Gems installed, -getting up and running with mongrel is as easy as: <tt>gem install mongrel</tt>. -More info at: http://mongrel.rubyforge.org - -If Mongrel is not installed, Rails will look for lighttpd. It's considerably faster than -Mongrel and WEBrick and also suited for production use, but requires additional -installation and currently only works well on OS X/Unix (Windows users are encouraged -to start with Mongrel). We recommend version 1.4.11 and higher. You can download it from -http://www.lighttpd.net. - -And finally, if neither Mongrel or lighttpd are installed, Rails will use the built-in Ruby -web server, WEBrick. WEBrick is a small Ruby web server suitable for development, but not -for production. - -But of course its also possible to run Rails on any platform that supports FCGI. -Apache, LiteSpeed, IIS are just a few. For more information on FCGI, -please visit: http://wiki.rubyonrails.com/rails/pages/FastCGI - - -== Debugging Rails - -Sometimes your application goes wrong. Fortunately there are a lot of tools that -will help you debug it and get it back on the rails. - -First area to check is the application log files. Have "tail -f" commands running -on the server.log and development.log. Rails will automatically display debugging -and runtime information to these files. Debugging info will also be shown in the -browser on requests from 127.0.0.1. - -You can also log your own messages directly into the log file from your code using -the Ruby logger class from inside your controllers. Example: - - class WeblogController < ActionController::Base - def destroy - @weblog = Weblog.find(params[:id]) - @weblog.destroy - logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!") - end - end - -The result will be a message in your log file along the lines of: - - Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1 - -More information on how to use the logger is at http://www.ruby-doc.org/core/ - -Also, Ruby documentation can be found at http://www.ruby-lang.org/ including: - -* The Learning Ruby (Pickaxe) Book: http://www.ruby-doc.org/docs/ProgrammingRuby/ -* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide) - -These two online (and free) books will bring you up to speed on the Ruby language -and also on programming in general. - - -== Debugger - -Debugger support is available through the debugger command when you start your Mongrel or -Webrick server with --debugger. This means that you can break out of execution at any point -in the code, investigate and change the model, AND then resume execution! Example: - - class WeblogController < ActionController::Base - def index - @posts = Post.find(:all) - debugger - end - end - -So the controller will accept the action, run the first line, then present you -with a IRB prompt in the server window. Here you can do things like: - - >> @posts.inspect - => "[#<Post:0x14a6be8 @attributes={\"title\"=>nil, \"body\"=>nil, \"id\"=>\"1\"}>, - #<Post:0x14a6620 @attributes={\"title\"=>\"Rails you know!\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]" - >> @posts.first.title = "hello from a debugger" - => "hello from a debugger" - -...and even better is that you can examine how your runtime objects actually work: - - >> f = @posts.first - => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}> - >> f. - Display all 152 possibilities? (y or n) - -Finally, when you're ready to resume execution, you enter "cont" - - -== Console - -You can interact with the domain model by starting the console through <tt>script/console</tt>. -Here you'll have all parts of the application configured, just like it is when the -application is running. You can inspect domain models, change values, and save to the -database. Starting the script without arguments will launch it in the development environment. -Passing an argument will specify a different environment, like <tt>script/console production</tt>. - -To reload your controllers and models after launching the console run <tt>reload!</tt> - - -== Description of Contents - -app - Holds all the code that's specific to this particular application. - -app/controllers - Holds controllers that should be named like weblogs_controller.rb for - automated URL mapping. All controllers should descend from ApplicationController - which itself descends from ActionController::Base. - -app/models - Holds models that should be named like post.rb. - Most models will descend from ActiveRecord::Base. - -app/views - Holds the template files for the view that should be named like - weblogs/index.erb for the WeblogsController#index action. All views use eRuby - syntax. - -app/views/layouts - Holds the template files for layouts to be used with views. This models the common - header/footer method of wrapping views. In your views, define a layout using the - <tt>layout :default</tt> and create a file named default.erb. Inside default.erb, - call <% yield %> to render the view using this layout. - -app/helpers - Holds view helpers that should be named like weblogs_helper.rb. These are generated - for you automatically when using script/generate for controllers. Helpers can be used to - wrap functionality for your views into methods. - -config - Configuration files for the Rails environment, the routing map, the database, and other dependencies. - -components - Self-contained mini-applications that can bundle together controllers, models, and views. - -db - Contains the database schema in schema.rb. db/migrate contains all - the sequence of Migrations for your schema. - -doc - This directory is where your application documentation will be stored when generated - using <tt>rake doc:app</tt> - -lib - Application specific libraries. Basically, any kind of custom code that doesn't - belong under controllers, models, or helpers. This directory is in the load path. - -public - The directory available for the web server. Contains subdirectories for images, stylesheets, - and javascripts. Also contains the dispatchers and the default HTML files. This should be - set as the DOCUMENT_ROOT of your web server. - -script - Helper scripts for automation and generation. - -test - Unit and functional tests along with fixtures. When using the script/generate scripts, template - test files will be generated for you and placed in this directory. - -vendor - External libraries that the application depends on. Also includes the plugins subdirectory. - This directory is in the load path. +I am a sample OAuth provider built against a vanilla Rails 2.0.x app that does not use acts_as_authenticated. It merely shows how your application could be OAuth-enabled and does not validate tokens or do anything particularly fancy with them. README @@ -6,5 +6,60 @@ class ApplicationController < ActionController::Base # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you're not using the cookie session store - protect_from_forgery # :secret => 'ad75db004db8be3d15ac543d38b3323a' + # protect_from_forgery # :secret => '5d2393a228686e4193613dbcdf32883c' + +protected + + # # Log a user in based on their oauth token (acts_as_authenticated-style) + # def log_user_in + # current_user = oauth_token.user if oauth_token + # end + + ## OAuth implementation + + def oauth_consumer + @oauth_consumer + end + + def oauth_token + @oauth_token + end + + # verifies a request token request + def verify_oauth_consumer_signature + valid = OAuth::Signature.verify(request) do |token, consumer_key| + @oauth_consumer = OauthConsumer.find_by_key(consumer_key) + + # return the token secret and the consumer secret + [nil, oauth_consumer.secret] + end + + # TODO catch different tyes of errors + # rescue OAuth::UnknownSignatureMethod + + render :text => "Invalid OAuth Request", :status => 401 unless valid + end + + def verify_oauth_request + verify_oauth_signature && oauth_token.is_a?(OauthAccessToken) + end + + def verify_oauth_request_token + verify_oauth_signature && oauth_token.is_a?(OauthRequestToken) + end + +private + + # Implement this for your own application using app-specific models + def verify_oauth_signature + valid = OAuth::Signature.verify(request) do |token| + @oauth_token = OauthToken.find_by_token(token, :include => :consumer) + @oauth_consumer = @oauth_token.consumer + + # return the token secret and the consumer secret + [oauth_token.secret, oauth_consumer.secret] + end + + render :text => "Invalid OAuth Request", :status => 401 unless valid + end end \ No newline at end of file app/controllers/application.rb @@ -28,6 +28,7 @@ ActionController::Routing::Routes.draw do |map| # map.root :controller => "welcome" # See how all your routes lay out with "rake routes" + map.oauth_request_token "oauth/request_token", :controller => "oauth", :action => "request_token" # Install the default routes as the lowest priority. map.connect ':controller/:action/:id' config/routes.rb @@ -1,6 +1,7 @@ ENV["RAILS_ENV"] = "test" require File.expand_path(File.dirname(__FILE__) + "/../config/environment") require 'test_help' +require 'mocha' class Test::Unit::TestCase # Transactional fixtures accelerate your tests by wrapping each test method @@ -33,4 +34,21 @@ class Test::Unit::TestCase fixtures :all # Add more helper methods to be used by all tests here... + + def stub_oauth! + # stub out OAuth signature verification + @controller.stubs(:verify_oauth_consumer_signature).returns(true) + @controller.stubs(:verify_oauth_signature).returns(true) + end + + # Make an OAuth request with a specified token. + def with_oauth_token(token, &block) + oauth_token = token.is_a?(Symbol) ? oauth_tokens(token) : token + + # oauth-provided attributes are used to retrieve data, so stub them + @controller.stubs(:oauth_token).returns(oauth_token) + @controller.stubs(:oauth_consumer).returns(oauth_token.app) + + yield [oauth_token, oauth_token.app] + end end \ No newline at end of file test/test_helper.rb 46043939ad31b793b9b33cf2ea044b702b9d1726 seth@mojodna.net seth@mojodna.net http://github.com/mojodna/sample-oauth-provider/commit/6d3d7d1edccb780db672bd1d16a33aad7cfb2b2b 6d3d7d1edccb780db672bd1d16a33aad7cfb2b2b 2009-05-26T21:53:28-07:00 2007-11-27T15:33:33-08:00 sample OAuth provider implementation 7f0c841ca18bdd3b05869154fcb6ee510da1ee14 Seth Fitzsimmons seth@mojodna.net