Permalink
Browse files

wip

  • Loading branch information...
maxwell committed May 17, 2012
1 parent b55c2ab commit 69d81951a5ccc43ee89c864ffc5ad7c5e8dd0fa3
View
@@ -66,7 +66,6 @@ gem 'carrierwave', '0.5.8'
gem 'fog'
gem 'fastercsv', '1.5.4', :require => false
gem 'mini_magick', '3.4'
-gem 'rest-client', '1.6.7'
# JSON and API
@@ -136,7 +135,6 @@ gem 'jquery-rails'
gem 'faraday'
gem 'faraday_middleware'
-gem 'em-synchrony', '1.0.0', :platforms => :ruby_19
gem 'jasmine', :git => 'git://github.com/pivotal/jasmine-gem.git'
@@ -148,7 +146,6 @@ group :test do
gem 'capybara', '~> 1.1.2'
gem 'cucumber-rails', '1.3.0', :require => false
gem 'database_cleaner', '0.7.1'
- gem 'diaspora-client', :git => 'git://github.com/diaspora/diaspora-client.git'
gem 'timecop'
#"0.1.0", #:path => '~/workspace/diaspora-client'
@@ -1,58 +0,0 @@
-# Copyright (c) 2010-2011, Diaspora Inc. This file is
-# licensed under the Affero General Public License version 3 or later. See
-# the COPYRIGHT file.
-
-class ActivityStreams::PhotosController < ApplicationController
- class AuthenticationFilter
- def initialize(scope = nil)
- @scope = scope
- end
-
- def filter(controller, &block)
- if controller.params[:auth_token]
- if controller.current_user
- yield
- else
- controller.fail!
- end
- else
- controller.request.env['oauth2'].authenticate_request! :scope => @scope do |*args|
- controller.sign_in controller.request.env['oauth2'].resource_owner
- block.call(*args)
- end
- end
- end
- end
-
- around_filter AuthenticationFilter.new, :only => :create
- skip_before_filter :verify_authenticity_token, :only => :create
-
- respond_to :json
- respond_to :html, :only => [:show]
-
- def create
- @photo = ActivityStreams::Photo.from_activity(params[:activity])
- @photo.author = current_user.person
- @photo.public = true
-
- if @photo.save
- Rails.logger.info("event=create type=activitystreams_photo")
-
- current_user.add_to_streams(@photo, current_user.aspects)
- current_user.dispatch_post(@photo, :url => post_url(@photo))
-
- render :nothing => true, :status => 201
- else
- render :nothing => true, :status => 422
- end
- end
-
- def show
- @photo = current_user.find_visible_shareable_by_id(Photo, params[:id])
- respond_with @photo
- end
-
- def fail!
- render :nothing => true, :status => 401
- end
-end
@@ -1,20 +0,0 @@
-class ApisController < ApplicationController
- authenticate_with_oauth
- before_filter :set_user_from_oauth
- respond_to :json
-
- def me
-# debugger
- @person = @user.person
- render :json => {
- :birthday => @person.profile.birthday,
- :name => @person.name,
- :uid => @user.username
- }
- end
-
- private
- def set_user_from_oauth
- @user = request.env['oauth2'].resource_owner
- end
-end
@@ -1,9 +0,0 @@
-class AppsController < ApplicationController
- def show
- @app = 'cubbies'
- @posts = ActivityStreams::Photo.where(:public => true).for_a_stream(max_time, 'created_at')
- @commenting_disabled = true
- @people = []
- @people_count = 0
- end
-end
@@ -1,152 +0,0 @@
-require File.join(Rails.root, "app", "models", "oauth2_provider_models_activerecord_authorization")
-require File.join(Rails.root, "app", "models", "oauth2_provider_models_activerecord_client")
-
-class AuthorizationsController < ApplicationController
- include OAuth2::Provider::Rack::AuthorizationCodesSupport
- before_filter :authenticate_user!, :except => :token
- before_filter :redirect_or_block_invalid_authorization_code_requests, :except => [:token, :index, :destroy]
-
- skip_before_filter :verify_authenticity_token, :only => :token
-
- def new
- if params[:uid].present? && params[:uid] != current_user.username
- sign_out current_user
- redirect_to url_with_prefilled_session_form
- else
- @requested_scopes = params["scope"].split(',')
- @client = oauth2_authorization_request.client
-
- if authorization = current_user.authorizations.where(:client_id => @client.id).first
- ac = authorization.authorization_codes.create(:redirect_uri => params[:redirect_uri])
- redirect_to "#{params[:redirect_uri]}&code=#{ac.code}"
- end
- end
- end
-
- # When diaspora detects that a user is trying to authorize to an application
- # as someone other than the logged in user, we want to log out current_user,
- # and prefill the session form with the user that is trying to authorize
- def url_with_prefilled_session_form
- redirect_url = Addressable::URI.parse(request.url)
- query_values = redirect_url.query_values
- query_values.delete("uid")
- query_values.merge!("username" => params[:uid])
- redirect_url.query_values = query_values
- redirect_url.to_s
- end
-
- def create
- if params['confirm']
- grant_authorization_code(current_user)
- else
- deny_authorization_code
- end
- end
-
- def token
- require 'jwt'
-
- signed_string = Base64.decode64(params[:signed_string])
- app_url = signed_string.split(';')[0]
-
- if (!params[:type] == 'client_associate' && !app_url)
- render :text => "bad request: #{params.inspect}", :status => 403
- return
- end
-
- begin
- packaged_manifest = JSON.parse(RestClient.get("#{app_url}manifest.json").body)
- public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
- manifest = JWT.decode(packaged_manifest['jwt'], public_key)
- rescue => e
- puts "DIASPORA_CONNECT there was a problem with getting a token for the following diaspora id"
- puts "DIASPORA_CONNECT #{app_url}, #{public_key.to_s} #{manifest.to_s}"
- raise e
- end
-
- message = verify(signed_string, Base64.decode64(params[:signature]), public_key, manifest)
- if not (message =='ok')
- render :text => message, :status => 403
- elsif manifest["application_base_url"].match(/^https?:\/\/(localhost|chubbi\.es|www\.cubbi\.es|cubbi\.es)(:\d+)?\/$/).nil?
- # This will only be temporary (less than a month) while we iron out the kinks in Diaspora Connect. Essentially,
- # whatever we release people will try to work off of and it sucks to build things on top of non-stable things.
- # We also started writing a gem that we'll release (around the same time) that makes becoming a Diaspora enabled
- # ruby project a breeze.
-
- render :text => "Domain (#{manifest["application_base_url"]}) currently not authorized for Diaspora OAuth", :status => 403
- else
- client = OAuth2::Provider.client_class.find_or_create_from_manifest!(manifest, public_key)
-
- json = {:client_id => client.oauth_identifier,
- :client_secret => client.oauth_secret,
- :expires_in => 0,
- :flows_supported => ""}
-
- if params[:code]
- code = client.authorization_codes.claim(params[:code],
- params[:redirect_uri])
- json.merge!(
- :access_token => code.access_token,
- :refresh_token => code.refresh_token
- )
- end
-
- render :json => json
- end
- end
-
- def index
- @authorizations = current_user.authorizations
- @applications = current_user.applications
- end
-
- def destroy
- ## ID is actually the id of the client
- auth = current_user.authorizations.where(:client_id => params[:id]).first
- auth.revoke
- redirect_to authorizations_path
- end
-
- # @param [String] enc_signed_string A Base64 encoded string with app_url;pod_url;time;nonce
- # @param [String] sig A Base64 encoded signature of the decoded signed_string with public_key.
- # @param [OpenSSL::PKey::RSA] public_key The application's public key to verify sig with.
- # @return [String] 'ok' or an error message.
- def verify( signed_string, sig, public_key, manifest)
- split = signed_string.split(';')
- app_url = split[0]
- time = split[2]
- nonce = split[3]
-
- return 'blank public key' if public_key.n.nil?
- return "the app url in the manifest (#{manifest['application_base_url']}) does not match the url passed in the parameters (#{app_url})." if manifest["application_base_url"] != app_url
- return 'key too small, use at least 2048 bits' if public_key.n.num_bits < 2048
- return "invalid time" unless valid_time?(time)
- return 'invalid nonce' unless valid_nonce?(nonce)
- return 'invalid signature' unless verify_signature(signed_string, sig, public_key)
- 'ok'
- end
-
- def verify_signature(challenge, signature, public_key)
- public_key.verify(OpenSSL::Digest::SHA256.new, signature, challenge)
- end
-
- def valid_time?(time)
- time.to_i > (Time.now - 5.minutes).to_i
- end
-
- def valid_nonce?(nonce)
- !OAuth2::Provider.client_class.exists?(:nonce => nonce)
- end
-
- def redirect_or_block_invalid_authorization_code_requests
- begin
- block_invalid_authorization_code_requests
- rescue OAuth2::Provider::Rack::InvalidRequest => e
- if e.message == "client_id is invalid"
- redirect_to params[:redirect_uri]+"&error=invalid_client"
- else
- raise
- end
- end
- end
-end
@@ -1,6 +0,0 @@
-class TokensController < ApplicationController
- before_filter :authenticate_user!
- def show
- end
-end
-
View
View
@@ -1,8 +0,0 @@
-This is a (very very) simple OAuth2 client, designed to work with the Diaspora tests. To get it running, cd to the client folder, then run:
-
-1) bundle install
-2) bundle exec rackup
-
-This should start the client on port 9292
-
-Assuming an example server is running (such as the one in examples/rails3-example), visit http://localhost:9292. To read content from the server you'll be asked to login (tomafro/secret) and then authorize the client. Finally some very simple content from the server will be shown.
Oops, something went wrong.

0 comments on commit 69d8195

Please sign in to comment.