Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

DESTRUCTIVE COMMIT

  - cleaned-up the house for draft 09 code
  • Loading branch information...
commit bba05bc4fa70d80b76ded0ec79ba12b846945b54 1 parent 9bd745c
DBA authored
6 Gemfile
View
@@ -1,4 +1,8 @@
source :gemcutter
-gem 'rspec', '>= 2.0.0.beta'
gem 'activesupport', '>= 3.0.0.beta'
+
+group :test do
+ gem 'ruby-debug19'
+ gem 'rspec', '>= 2.0.0.beta'
+end
2  MIT-LICENSE
View
@@ -1,4 +1,4 @@
-Copyright (c) 2010 Alexander Flatter
+Copyright (c) 2010 Alexander Flatter, Diogo Almeida and Miguel Teixeira
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
19 oauth2-server/LICENSE
View
@@ -0,0 +1,19 @@
+Copyright (c) 2010 Alexander Flatter, Diogo Almeida and Miguel Teixeira
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
12 oauth2-server/lib/oauth2/server.rb
View
@@ -1,11 +1,11 @@
require 'oauth2/core'
module OAuth2
-
+
module Server
- autoload :Flows, 'oauth2/server/flows'
- autoload :Rails, 'oauth2/server/rails'
- autoload :Request, 'oauth2/server/request'
+ # autoload :Flows, 'oauth2/server/flows'
+ # autoload :Rails, 'oauth2/server/rails'
+ # autoload :Request, 'oauth2/server/request'
end
-
-end
+
+end
13 oauth2-server/lib/oauth2/server/flows.rb
View
@@ -1,13 +0,0 @@
-module OAuth2
-
- module Server
-
- module Flows
-
- autoload :WebServer, 'oauth2/server/flows/web_server'
-
- end
-
- end
-
-end
78 oauth2-server/lib/oauth2/server/flows/web_server.rb
View
@@ -1,78 +0,0 @@
-require 'oauth2/attributes'
-
-module OAuth2
-
- module Server
-
- module Flows
-
- #
- # = Attributes
- #
- # == verify_resource_owner
- # If the resource owner is logged in, we can proceed. If he's not, start
- # the login procedure. Basic example:
- # <code>
- # def verify_resource_owner
- # redirect_to login_path unless logged_in?
- # end
- # </code>
- # FIXME: This example does not save the oauth2 query parameters which are
- # needed after a user has just logged in.
- #
- # == authorize
- # Asks the user if he wants to authorize the client. Usually, this would
- # show some kind of form which calls #grant_authorization on submission.
- # <code>
- # def authorize
- # render 'authorize'
- # end
- # </code>
- # <code>
- # <form action="/oauth2/grant_authorization" method="post">
- # <input type="hidden" name="mode" value="flow_web_server" />
- # <input type="hidden" name="oauth_client_identifier" value="<%= params[:oauth_client_identifier]" />
- # <input type="hidden" name="oauth_callback_url" value = "<%= params[:oauth_callback_url]" />
- # <input type="submit" name="submit" value="Allow" />
- # <input type="submit" name="submit" value="Deny" />
- # </form>
- class WebServer
-
- include OAuth2::Attributes
-
- attributes :verify_resource_owner,
- :render_authorize_form
-
- # This method try to identify and verify the resource owner.
- # It displays the authorization form on success.
- def request_authorization
- assert_equal params[:mode], 'flow_web_server'
-
- verify_resource_owner or return
- authorize
- end
-
- attributes :create_verification_code,
- :authorized?,
- :redirect_back
-
- # If the user authorized the client, we create a verification code.
- # Then we redirect back with the verification code or an error message.
- def grant_authorization
- create_verification_code if authorized?
- redirect_back
- end
-
- # TODO
- def access_token
- # TODO: verify that type == "web_sever"
- # TODO: verify that redirect_uri == ticket.redirect_uri
- end
-
- end
-
- end
-
- end
-
-end
141 oauth2-server/lib/oauth2/server/request.rb
View
@@ -1,141 +0,0 @@
-require 'openssl'
-require 'oauth2/attributes'
-require 'active_support/base64'
-
-module OAuth2
-
- module Server
-
- class Request
-
- include OAuth2::Attributes
-
- attributes :host, :realm, :algorithms, :method,
- :request_header, :request_uri,
- :host_with_port, :secret, :access_token,
- :access_token_expired?
-
- class << self
-
- def validate(*args)
- request = new(*args)
- request.validate
- request
- end
-
- end
-
- def initialize(attributes = {}, &block)
- self.attributes.merge!(attributes)
- yield self if block_given?
- end
-
- def errors
- @errors ||= []
- end
-
- alias_method :original_request_header, :request_header
-
- # Overwrite attribute reader #request_header
- # See OAuth2::Core::Attributes
- def request_header(&block)
- value = original_request_header(&block)
-
- if value.is_a?(String)
- value = Headers::Authorization.parse(value)
- end
-
- value
- end
-
- def type
- return :bearer if bearer?
- return :cryptographic if cryptographic?
-
- :unknown
- end
-
- def bearer?
- if request_header.attributes.values.compact.size != 1
- return false
- end
-
- not request_header.token.nil?
- end
-
- def cryptographic?
- required_attributes = %w{token nonce timestamp algorithm signature}
- required_attributes.map! do |attribute|
- request_header.send(attribute.to_sym).nil?
- end
-
- required_attributes.uniq == [false]
- end
-
- # Calculates the header signature as described on:
- # http://tools.ietf.org/html/draft-hammer-oauth2-00#section-5.3.1
- def calculate_signature
- normalized_string = [
- request_header.timestamp,
- request_header.nonce,
- request_header.algorithm,
- method.upcase,
- host_with_port,
- request_uri
- ].join(',')
-
- ActiveSupport::Base64.encode64s(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), secret, normalized_string))
- end
-
- def validate_signature
- if calculate_signature != request_header.signature
- errors << :signature_invalid
- return false
- end
-
- true
- end
-
- def validate_access_token
- unless access_token
- errors << :access_token_invalid
- return false
- end
-
- if access_token_expired?
- errors << :access_token_expired
- return false
- end
-
- true
- end
-
- def validate_request_header
- unless request_header
- errors << :missing_authorization_header
- return false
- end
-
- true
- end
-
- def validate
- errors.clear
-
- if validate_request_header
- validate_access_token
- validate_signature if type == :cryptographic
- end
-
- @valid = errors.empty?
- end
-
- def valid?
- @valid
- end
-
- end
-
- end
-
-end
18 oauth2-server/oauth2-server.gemspec
View
@@ -1,23 +1,23 @@
# -*- encoding: utf-8 -*-
lib = File.expand_path('../lib/', __FILE__)
$:.unshift lib unless $:.include?(lib)
-
+
Gem::Specification.new do |s|
s.name = "oauth2-server"
- s.version = '0.1.4'
+ s.version = '1.0.0.beta.1'
s.platform = Gem::Platform::RUBY
- s.authors = ["Alexander Flatter"]
- s.email = ["aflatter@farbenmeer.net"]
- s.homepage = "http://github.com/aflatter/oauth2-ruby"
+ s.authors = ["Alexander Flatter", "Diogo Almeida", "Miguel Teixeira"]
+ s.email = ["aflatter@farbenmeer.net", "diogo.almeida@gnomeslab.com", "miguel.teixeira@gnomeslab.com"]
+ s.homepage = ["http://github.com/aflatter/oauth2-ruby", "http://gnomeslab.com/"]
s.summary = ""
s.description = ""
-
+
s.required_rubygems_version = ">= 1.3.6"
-
+
s.add_dependency(%q<oauth2-core>, [">= 0.1.4"])
-
+
s.add_development_dependency "rspec"
-
+
s.files = Dir.glob("{bin,lib}/**/*") + %w(LICENSE README.md)
s.require_path = 'lib'
end
60 oauth2-server/spec/server/flows/web_server_spec.rb
View
@@ -1,60 +0,0 @@
-require 'spec_helper'
-
-shared_examples_for "an object that uses web server flow" do
-
- it "should implement #resource_owner"
-
- it "should implement #verify_resource_owner"
-
- it "should implement #redirect_back"
-
- it "should implement #ticket"
- it "should implement #create_ticket"
-
- it "should implement #render_authorize_form"
-
- it "should implement #authorized?"
-
- it "should implement #create_verification_code"
-
-end
-
-describe OAuth2::Server::Flows::WebServer do
-
- context "#request_authorization" do
-
- it "should render authorize form if resource owner is identified" do
- subject.should_receive(:create_ticket).once.with(no_args).ordered
- subject.should_receive(:verify_resource_owner).once.with(no_args).ordered.and_return("Foo")
- subject.should_receive(:render_authorize_form).once.with(no_args).ordered
- subject.request_authorization
- end
-
- it "should verify identity and return if resource owner is not identified" do
- subject.should_receive(:create_ticket).once.with(no_args).ordered
- subject.should_receive(:verify_resource_owner).once.with(no_args).ordered
- subject.should_not_receive(:render_authorize_form)
- subject.request_authorization
- end
-
- end
-
- context "#grant_authorization" do
-
- it "should create verification code if authorized" do
- subject.should_receive(:authorized?).once.with(no_args).ordered.and_return(true)
- subject.should_receive(:create_verification_code).once.with(no_args).ordered
- subject.should_receive(:redirect_back).once.with(no_args).ordered
- subject.grant_authorization
- end
-
- it "should not create verification code without authorization" do
- subject.should_receive(:authorized?).once.with(no_args).ordered.and_return(false)
- subject.should_not_receive(:create_verification_code)
- subject.should_receive(:redirect_back).once.with(no_args).ordered
- subject.grant_authorization
- end
-
- end
-
-end
139 oauth2-server/spec/server/request_spec.rb
View
@@ -1,139 +0,0 @@
-require 'spec_helper'
-
-describe OAuth2::Server::Request do
-
- describe "class" do
-
- subject { OAuth2::Server::Request }
-
- it "instantiates a request, then validates and returns it" do
- attributes = {:foo => :bar}
- request = subject.new(attributes)
-
- subject.should_receive(:new).with(attributes).
- once.and_return(request)
- request.should_receive(:validate).with(no_args).once.and_return(true)
-
- subject.validate(attributes).should == request
- end
-
- it "#initialize takes a block and yields itself" do
- called = false
-
- subject.new(:realm => "foo") do |req|
- called = true
- req.realm.should == "foo"
- end
-
- called.should be_true
- end
-
- end
-
- subject { OAuth2::Server::Request.new }
-
- it { should have_attribute(:request_uri) }
- it { should have_attribute(:host_with_port) }
- it { should have_attribute(:realm) }
- it { should have_attribute(:algorithms) }
- it { should have_attribute(:request_header) }
-
- it { should respond_to(:errors) }
-
- it "overwrites #request_header to automatically parse strings" do
- subject.request_header = 'foo'
-
- OAuth2::Headers::Authorization.should_receive(:parse).with('foo').and_return("bar")
- subject.request_header.should == "bar"
- end
-
- it "overwritten #request_header behaves like the original method" do
- block = lambda { :foo }
- subject.request_header(&block).should == nil
- subject.attributes[:request_header].should == block
- subject.request_header.should == :foo
- end
-
- # @fixme: This example cries.
- it "calculates signature" do
- header = stub("Authorization header")
-
- [:timestamp, :nonce, :algorithm].each do |attribute|
- header.should_receive(attribute).once.with(no_args).and_return(attribute.to_s)
- end
-
- normalized_string = [
- :timestamp, :nonce, :algorithm, "GET",
- "server.example.com:80", "http://example.com/resource"
- ].join(',')
-
- subject.should_receive(:host_with_port).once.and_return("server.example.com:80")
- subject.should_receive(:request_uri).once.and_return("http://example.com/resource")
- subject.should_receive(:method).once.with(no_args).and_return("get")
- subject.should_receive(:request_header).exactly(3).times.with(no_args).and_return(header)
- subject.should_receive(:secret).once.and_return("secret")
-
- OpenSSL::HMAC.should_receive(:digest).once.
- with(OpenSSL::Digest::Digest.new('sha256'), "secret", normalized_string).
- and_return("digest")
-
- ActiveSupport::Base64.should_receive(:encode64s).
- with("digest").
- and_return("signature")
-
- subject.calculate_signature.should == "signature"
- end
-
- it "re-calculates and then validates the request signature" do
- header = stub("Authorization header")
- header.should_receive(:signature).once.with(no_args).and_return("signed")
- subject.should_receive(:calculate_signature).once.with(no_args).and_return("signed")
- subject.should_receive(:request_header).once.with(no_args).and_return(header)
- subject.validate_signature.should be_true
- end
-
- it "sets request type" do
- header = OAuth2::Headers::Authorization.new
-
- subject.request_header = header
-
- header.token = 'foo'
- subject.type.should == :bearer
-
- %w{nonce timestamp algorithm}.each do |attribute|
- header.send("#{attribute}=".to_sym, attribute)
- end
- subject.type.should == :unknown
-
- header.signature = "signature"
- subject.type.should == :cryptographic
- end
-
- it "works on a real world cryptographic example" do
- subject.request_header = <<-EOS
- Token token="vF9dft4qmT",
- nonce="s8djwd",
- timestamp="137131200",
- algorithm="hmac-sha256",
- signature="ZSPk4B37TjHu3/yyu31LD7/agpzPjhYQEszZk7GdEfs="
- EOS
- subject.realm = "my little farm"
- subject.algorithms = 'hmac-sha256'
- subject.access_token = "my_token"
- subject.secret = "secret"
- subject.method = "GET"
- subject.host_with_port = "example.com:80"
- subject.request_uri = "http://example.com/protected"
- subject.access_token_expired? { false }
- subject.validate.should be_true
- end
-
- it "works on a real world bearer example" do
- subject.request_header = 'Token token="vF9dft4qmT"'
- subject.realm = "my little farm"
- subject.algorithms = 'hmac-sha256'
- subject.access_token = 'vF9dft4qmT'
- subject.access_token_expired? { false }
- subject.validate.should be_true
- end
-end
4 oauth2-server/spec/server_spec.rb
View
@@ -0,0 +1,4 @@
+require 'spec_helper.rb'
+
+describe OAuth2::Server do
+end
18 oauth2-server/spec/spec_helper.rb
View
@@ -1,6 +1,6 @@
$LOAD_PATH.unshift(File.expand_path(
- File.join('..', '..', 'oauth2-core', 'lib'),
- File.dirname(__FILE__)
+ File.join('..', '..', 'oauth2-core', 'lib'),
+ File.dirname(__FILE__)
))
require "rubygems"
@@ -9,7 +9,7 @@
require "bundler"
Bundler.setup
rescue LoadError => e
- puts 'Bundler not found. Please install bundler with the command gem install bundler'
+ puts 'Bundler not found. Please install bundler with the command gem install bundler'
end
begin
@@ -19,12 +19,6 @@
puts 'RSpec not found. Please install rspec with command bundle install'
end
-begin
- require 'openssl'
-rescue LoadError => e
- puts 'OpenSSL not present. Please check your Ruby installation and make sure it includes the OpenSSL libraries'
-end
-
require 'oauth2/server'
Dir.glob(File.dirname(__FILE__) + "/support/**/*.rb").each do |file|
@@ -32,6 +26,8 @@
end
Rspec.configure do |config|
+ config.debug = true
+
# == Mock Framework
#
# If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
@@ -40,6 +36,4 @@
# config.mock_with :flexmock
# config.mock_with :rr
# config.mock_with :rspec
-
- config.include OAuth2::Matchers
-end
+end
54 oauth2-server/spec/support/matchers/attributes.rb
View
@@ -1,54 +0,0 @@
-module OAuth2
- module Matchers
-
- class Attributes #:nodoc:
- def initialize(*names)
- @names = names
- @missing_names = []
- end
-
- def matches?(actual)
- @actual = actual
- @names.each do |name|
- @missing_names << name unless actual.attribute_names.include?(name)
- end
- return @missing_names.empty?
- end
-
- def failure_message_for_should
- "expected #{@actual.inspect} to have attributes " +
- "#{@missing_names.collect {|name| name.inspect }.join(', ')}"
- end
-
- def failure_message_for_should_not
- "expected #{@actual.inspect} not to have attributes " +
- "#{@names.collect {|name| name.inspect }.join(', ')}"
- end
-
- def description
- "have oauth2 attributes #{@names.inspect}"
- end
-
- def argument
- self
- end
-
- alias :arguments :argument
- end
-
- # :call-seq:
- # should haveoauth2_attribute_names(*names)
- # should_not haveoauth2_attribute_names(*names)
- #
- # Matches if the target object has all of the
- # attributes provided.
- #
- # == Examples
- #
- def have_attributes(*names)
- Matchers::Attributes.new(*names)
- end
-
- alias :have_attribute :have_attributes
- end
-end
Please sign in to comment.
Something went wrong with that request. Please try again.