Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Breaking change. use keyword-params.

Some cleanups (as I learn more clojure)
  • Loading branch information...
commit 60bf83b93c9779e6da3142674d08723783eb549c 1 parent adec65e
@pelle authored
View
2  README.md
@@ -23,7 +23,7 @@ The following bearer tokens are implemented:
Add the following dependency to your `project.clj` file:
- [clauth "1.0.0-beta2"]
+ [clauth "1.0.0-beta3"]
## Usage
View
2  project.clj
@@ -1,4 +1,4 @@
-(defproject clauth "1.0.0-beta2"
+(defproject clauth "1.0.0-beta3"
:description "OAuth2 based authentication library for Ring"
:url "http://github.com/pelle/clauth"
View
4 src/clauth/client.clj
@@ -1,6 +1,6 @@
(ns clauth.client
- (:use [clauth.token])
- (:use [clauth.store]))
+ (:use [clauth.token]
+ [clauth.store]))
(defonce client-store (atom (create-memory-store)))
View
28 src/clauth/demo.clj
@@ -1,18 +1,19 @@
(ns clauth.demo
- (:use [clauth.middleware])
- (:use [clauth.endpoints])
- (:use [clauth.client])
- (:use [clauth.token])
- (:use [clauth.store.redis])
(:require [redis.core :as redis])
- (:use [ring.adapter.jetty])
- (:use [ring.middleware.cookies])
- (:use [ring.middleware.session])
- (:use [ring.middleware.params])
- (:use [hiccup.bootstrap.middleware])
- (:use [hiccup.bootstrap.page])
- (:use [hiccup.page])
- (:use [hiccup.element]))
+ (:use [clauth.middleware]
+ [clauth.endpoints]
+ [clauth.client]
+ [clauth.token]
+ [clauth.store.redis]
+ [ring.adapter.jetty]
+ [ring.middleware.cookies]
+ [ring.middleware.session]
+ [ring.middleware.params]
+ [ring.middleware.keyword-params]
+ [hiccup.bootstrap.middleware]
+ [hiccup.bootstrap.page]
+ [hiccup.page]
+ [hiccup.element]))
(defn nav-menu [req]
(if (logged-in? req)
@@ -104,6 +105,7 @@
(println "http://127.0.0.1:3000/login")
(run-jetty (-> (routes client)
+ (wrap-keyword-params)
(wrap-params)
(wrap-cookies)
(wrap-session)
View
42 src/clauth/endpoints.clj
@@ -1,12 +1,12 @@
(ns clauth.endpoints
- (:use [clauth.token])
- (:use [clauth.client])
- (:use [clauth.user])
- (:use [clauth.middleware :only [csrf-protect! require-user-session!]])
- (:use [clauth.views :only [login-form-handler authorization-form-handler error-page]])
- (:use [hiccup.util :only [url-encode]])
- (:use [ring.util.response])
- (:use [cheshire.core])
+ (:use [clauth.token]
+ [clauth.client]
+ [clauth.user]
+ [clauth.middleware :only [csrf-protect! require-user-session!]]
+ [clauth.views :only [login-form-handler authorization-form-handler error-page]]
+ [hiccup.util :only [url-encode]]
+ [ring.util.response]
+ [cheshire.core])
(:import [org.apache.commons.codec.binary Base64]))
@@ -59,8 +59,8 @@
If authenticate-client returns a client map it runs success function with the request and the client."
[req authenticator success]
(let [ basic (basic-authentication-credentials req)
- client_id (if basic (first basic) ((req :params ) "client_id"))
- client_secret (if basic (last basic) ((req :params) "client_secret"))
+ client_id (if basic (first basic) ((req :params ) :client_id))
+ client_secret (if basic (last basic) ((req :params) :client_secret))
client (authenticator client_id client_secret)]
(if client
(success req client)
@@ -68,7 +68,7 @@
(defn grant-type
"extract grant type from request"
- [req _ _] ((req :params) "grant_type"))
+ [req _ _] ((req :params) :grant_type))
(defmulti token-request-handler grant-type)
@@ -82,7 +82,7 @@
(client-authenticated-request
req
client-authenticator
- (fn [req client] (if-let [user (user-authenticator ((req :params) "username") ((req :params) "password"))]
+ (fn [req client] (if-let [user (user-authenticator ((req :params) :username) ((req :params) :password))]
(respond-with-new-token client client)
(error-response "invalid_grant")))))
@@ -109,7 +109,7 @@
(fn [req]
(if (= :get (req :request-method))
(login-form req)
- (if-let [user (user-authenticator ((req :params) "username") ((req :params) "password"))]
+ (if-let [user (user-authenticator ((req :params) :username) ((req :params) :password))]
(let
[ destination ((req :session {}) :return-to "/")
session ( dissoc (assoc (req :session) :access_token (:token (create-token client user))) :return-to )
@@ -139,24 +139,24 @@
(defn response-type
"extract grant type from request"
- [req] ((req :params) "response_type"))
+ [req] ((req :params) :response_type))
(defn authorization-response
"Create a proper redirection response depending on response_type"
[req response_params ]
(let [ params (req :params)
- redirect_uri (params "redirect_uri")]
+ redirect_uri (params :redirect_uri)]
(redirect (str redirect_uri
- (if (= (params "response_type") "token")
+ (if (= (params :response_type) "token")
"#"
"?")
- (url-encode (merge response_params (filter val (select-keys (req :params) ["state"]))))
+ (url-encode (merge response_params (filter val (select-keys (req :params) [:state]))))
))))
(defn authorization-error-response
"redirect to client with error code"
[req error]
- (if ((req :params) "redirect_uri")
+ (if ((req :params) :redirect_uri)
(authorization-response req { "error" error })
(error-page error)))
@@ -164,7 +164,7 @@
(defmethod authorization-request-handler "token" [req]
(let [ params (req :params)
- client (fetch-client (params "client_id"))
+ client (fetch-client (params :client_id))
user ( :subject (fetch-token (:access_token (req :session))))
token (create-token client user)]
(authorization-response req {:access_token (:token token) :token_type "bearer"})))
@@ -181,9 +181,9 @@
(csrf-protect!
(fn [req]
(let [params (req :params)]
- (if (and (params "response_type") (params "client_id"))
+ (if (and (params :response_type) (params :client_id))
- (if (= (params "response_type") "token")
+ (if (= (params :response_type) "token")
(if (= :get (req :request-method))
(authorization-form-handler req)
(authorization-request-handler req)
View
7 src/clauth/middleware.clj
@@ -1,6 +1,6 @@
(ns clauth.middleware
- (:use [clauth.token])
- (:use [ring.util.response :only [redirect]]))
+ (:use [clauth.token]
+ [ring.util.response :only [redirect]]))
(defn wrap-bearer-token
"Wrap request with a OAuth2 bearer token as defined in http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08.
@@ -24,6 +24,7 @@
(let [auth ((:headers req {}) "authorization")
token (or (last
(re-find #"^Bearer (.*)$" (str auth)))
+ ((:params req {}) :access_token)
((:params req {}) "access_token")
((:session req {}) :access_token)
(((:cookies req {}) "access_token" {}) :value )
@@ -88,7 +89,7 @@
session (req :session)]
(if (or
(= (:request-method req) :get)
- (= token ((req :params {}) "csrf-token")))
+ (= token ((req :params {}) :csrf-token)))
(let [response (app req)
session (assoc (response :session (req :session)) :csrf-token token)]
(assoc response :session session))
View
4 src/clauth/store/redis.clj
@@ -1,7 +1,7 @@
(ns clauth.store.redis
(:use [clauth.store])
- (:require [redis.core :as redis])
- (:require [cheshire.core]))
+ (:require [redis.core :as redis]
+ [cheshire.core]))
(defn namespaced-keys
View
6 src/clauth/token.clj
@@ -1,8 +1,8 @@
(ns clauth.token
(:use [clauth.store])
- (:require [crypto.random])
- (:require [clj-time.core :as time])
- (:require [cheshire.core]))
+ (:require [crypto.random]
+ [clj-time.core :as time]
+ [cheshire.core]))
(defprotocol Expirable
"Check if object is valid"
View
8 src/clauth/views.clj
@@ -1,8 +1,8 @@
(ns clauth.views
- (:use ring.util.response)
- (:use [clauth.middleware :only [csrf-token]])
- (:use hiccup.core)
- (:use hiccup.form))
+ (:use [ring.util.response]
+ [clauth.middleware :only [csrf-token]]
+ [hiccup.core]
+ [hiccup.form]))
(defn csrf-field
"hidden form field containing csrf-token"
View
4 test/clauth/test/client.clj
@@ -1,6 +1,6 @@
(ns clauth.test.client
- (:use [clauth.client])
- (:use [clojure.test]))
+ (:use [clauth.client]
+ [clojure.test]))
(deftest client-registration
(reset-client-store!)
View
108 test/clauth/test/endpoints.clj
@@ -1,8 +1,8 @@
(ns clauth.test.endpoints
- (:use [clauth.endpoints])
- (:use [clauth.token])
- (:use [clojure.test])
- (:use [hiccup.util])
+ (:use [clauth.endpoints]
+ [clauth.token]
+ [clojure.test]
+ [hiccup.util])
(:import [org.apache.commons.codec.binary Base64]))
(deftest token-decoration
@@ -32,15 +32,15 @@
(is (= (handler {
:params {
- "grant_type" "client_credentials"
- "client_id" (:client-id client )
- "client_secret" (:client-secret client)}})
+ :grant_type "client_credentials"
+ :client_id (:client-id client )
+ :client_secret (:client-secret client)}})
{ :status 200
:headers {"Content-Type" "application/json"}
:body (str "{\"access_token\":\"" ( :token (first (tokens))) "\",\"token_type\":\"bearer\"}") }) "url form encoded client credentials")
(is (= (handler {
- :params { "grant_type" "client_credentials" }
+ :params { :grant_type "client_credentials" }
:headers {"authorization"
(str "Basic " (.encodeAsString (Base64.) (.getBytes (str (:client-id client ) ":" (:client-secret client )))))}})
{ :status 200
@@ -50,14 +50,14 @@
(is (= (handler {
:params {
- "grant_type" "client_credentials"
- "client_id" "bad"
- "client_secret" "client"}})
+ :grant_type "client_credentials"
+ :client_id "bad"
+ :client_secret "client"}})
{ :status 400
:headers {"Content-Type" "application/json"}
:body "{\"error\":\"invalid_client\"}"}) "should fail on bad client authentication")
- (is (= (handler { :params { "grant_type" "client_credentials"}})
+ (is (= (handler { :params { :grant_type "client_credentials"}})
{ :status 400
:headers {"Content-Type" "application/json"}
:body "{\"error\":\"invalid_client\"}"}) "should fail with missing client authentication") ))
@@ -72,19 +72,19 @@
(is (= (handler {
:params {
- "grant_type" "password"
- "username" "john@example.com"
- "password" "password"
- "client_id" (:client-id client )
- "client_secret" (:client-secret client)}})
+ :grant_type "password"
+ :username "john@example.com"
+ :password "password"
+ :client_id (:client-id client )
+ :client_secret (:client-secret client)}})
{ :status 200
:headers {"Content-Type" "application/json"}
:body (str "{\"access_token\":\"" ( :token (first (tokens))) "\",\"token_type\":\"bearer\"}") }) "url form encoded client credentials")
(is (= (handler {
- :params { "grant_type" "password"
- "username" "john@example.com"
- "password" "password"}
+ :params { :grant_type "password"
+ :username "john@example.com"
+ :password "password"}
:headers {"authorization"
(str "Basic " (.encodeAsString (Base64.) (.getBytes (str (:client-id client ) ":" (:client-secret client )))))}})
{ :status 200
@@ -93,18 +93,18 @@
(is (= (handler {
:params {
- "grant_type" "password"
- "username" "john@example.com"
- "password" "not my password"
- "client_id" (:client-id client )
- "client_secret" (:client-secret client)}})
+ :grant_type "password"
+ :username "john@example.com"
+ :password "not my password"
+ :client_id (:client-id client )
+ :client_secret (:client-secret client)}})
{ :status 400
:headers {"Content-Type" "application/json"}
:body "{\"error\":\"invalid_grant\"}"}) "should fail on bad client authentication")
- (is (= (handler { :params { "grant_type" "password"
- "client_id" (:client-id client )
- "client_secret" (:client-secret client)}})
+ (is (= (handler { :params { :grant_type "password"
+ :client_id (:client-id client )
+ :client_secret (:client-secret client)}})
{ :status 400
:headers {"Content-Type" "application/json"}
@@ -113,16 +113,16 @@
(is (= (handler {
:params {
- "grant_type" "password"
- "username" "john@example.com"
- "password" "password"
- "client_id" "bad"
- "client_secret" "client"}})
+ :grant_type "password"
+ :username "john@example.com"
+ :password "password"
+ :client_id "bad"
+ :client_secret "client"}})
{ :status 400
:headers {"Content-Type" "application/json"}
:body "{\"error\":\"invalid_client\"}"}) "should fail on bad client authentication")
- (is (= (handler { :params { "grant_type" "password"}})
+ (is (= (handler { :params { :grant_type "password"}})
{ :status 400
:headers {"Content-Type" "application/json"}
:body "{\"error\":\"invalid_client\"}"}) "should fail with missing client authentication") ))
@@ -138,11 +138,11 @@
redirect_uri "http://test.com"
uri "/authorize"
params {
- "response_type" "token"
- "client_id" ( :client-id client )
- "redirect_uri" redirect_uri
- "state" "abcde"
- "scope" "calendar"}
+ :response_type "token"
+ :client_id ( :client-id client )
+ :redirect_uri redirect_uri
+ :state "abcde"
+ :scope "calendar"}
query-string (url-encode params)]
(let [ session_token (create-token client user)
@@ -169,7 +169,7 @@
(let [ session_token (create-token client user)
response (handler {
:request-method :get
- :params (dissoc params "response_type")
+ :params (dissoc params :response_type)
:uri uri
:query-string query-string
:session { :access_token ( :token session_token )}})]
@@ -179,7 +179,7 @@
(let [ session_token (create-token client user)
response (handler {
:request-method :get
- :params (dissoc params "client_id")
+ :params (dissoc params :client_id)
:uri uri
:query-string query-string
:session { :access_token ( :token session_token )}})]
@@ -189,7 +189,7 @@
(let [ session_token (create-token client user)
response (handler {
:request-method :get
- :params (dissoc params "client_id" "state")
+ :params (dissoc params :client_id :state)
:uri uri
:query-string query-string
:session { :access_token ( :token session_token )}})]
@@ -199,7 +199,7 @@
(let [ session_token (create-token client user)
response (handler {
:request-method :get
- :params (assoc params "response_type" "unsupported")
+ :params (assoc params :response_type "unsupported")
:uri uri
:query-string query-string
:session { :access_token ( :token session_token )}})]
@@ -208,7 +208,7 @@
(let [ session_token (create-token client user)
- params (assoc params "csrf-token" "csrftoken")
+ params (assoc params :csrf-token "csrftoken")
response (handler {
:request-method :post
:params params
@@ -232,7 +232,7 @@
(let [ handler (token-handler)
client (clauth.client/register-client)]
- (is (= (handler { :params { "grant_type" "telepathy"}})
+ (is (= (handler { :params { :grant_type "telepathy"}})
{ :status 400
:headers {"Content-Type" "application/json"}
:body "{\"error\":\"unsupported_grant_type\"}"}) "should fail with unsupported grant type")
@@ -255,9 +255,9 @@
:request-method :post
:session {:csrf-token "csrftoken"}
:params {
- "username" "john@example.com"
- "password" "password"
- "csrf-token" "csrftoken"}})
+ :username "john@example.com"
+ :password "password"
+ :csrf-token "csrftoken"}})
session (response :session)
token-string (session :access_token)
token (fetch-token token-string)]
@@ -270,9 +270,9 @@
:request-method :post
:session {:csrf-token "csrftoken" :return-to "/authorization"}
:params {
- "username" "john@example.com"
- "password" "password"
- "csrf-token" "csrftoken"}})
+ :username "john@example.com"
+ :password "password"
+ :csrf-token "csrftoken"}})
session (response :session)
token-string (session :access_token)
token (fetch-token token-string)]
@@ -290,9 +290,9 @@
:request-method :post
:session {:csrf-token "csrftoken"}
:params {
- "username" "john@example.com"
- "password" "wrong"
- "csrf-token" "csrftoken"}})]
+ :username "john@example.com"
+ :password "wrong"
+ :csrf-token "csrftoken"}})]
(is (= (response :body) "login form") "should show login form for wrong password"))))
View
14 test/clauth/test/middleware.clj
@@ -1,6 +1,6 @@
(ns clauth.test.middleware
- (:use [clauth.middleware])
- (:use [clojure.test]))
+ (:use [clauth.middleware]
+ [clojure.test]))
(deftest bearer-token-from-header
@@ -28,12 +28,12 @@
(is (= "secrettoken" (:access-token
((wrap-bearer-token (fn [req] req)
#{"secrettoken"})
- {:params {"access_token" "secrettoken"}}))) "find matching token")
+ {:params {:access_token "secrettoken"}}))) "find matching token")
(is (nil? (:access-token
((wrap-bearer-token (fn [req] req)
#{"secrettoken"})
- { :params {"access_token" "wrongtoken"}}))) "should only return matching token")
+ { :params {:access_token "wrongtoken"}}))) "should only return matching token")
(is (nil? (:access-token
((wrap-bearer-token (fn [req] req)
@@ -126,7 +126,7 @@
(is (= 403 (:status
((require-user-session! (fn [req] {:status 200} )
#{"secrettoken"})
- {:params {"access_token" "secrettoken"}}))) "Disallow from params"))
+ {:params {:access_token "secrettoken"}}))) "Disallow from params"))
@@ -169,11 +169,11 @@
(is (= 200 (:status
(handler { :request-method :post
:session {:csrf-token "secrettoken"}
- :params {"csrf-token" "secrettoken"} }))))
+ :params {:csrf-token "secrettoken"} }))))
(is (= 403 (:status
(handler { :request-method :post
:session {:csrf-token "secrettoken"}
- :params {"csrf-token" "badtoken"} }))))
+ :params {:csrf-token "badtoken"} }))))
(is (= 403 (:status
(handler { :request-method :post
:session {csrf-token "secrettoken"}}))))
View
6 test/clauth/test/store.clj
@@ -1,7 +1,7 @@
(ns clauth.test.store
- (:use [clauth.store])
- (:use [clojure.test])
- )
+ (:use [clauth.store]
+ [clojure.test]))
+
(deftest memory-store-implementaiton
View
13 test/clauth/test/store/redis.clj
@@ -1,12 +1,11 @@
(ns clauth.test.store.redis
- (:use [clauth.store])
- (:use [clauth.token])
- (:use [clauth.client])
- (:use [clauth.user])
- (:use [clauth.store.redis])
(:require [redis.core :as redis])
- (:use [clojure.test])
- )
+ (:use [clauth.store]
+ [clauth.token]
+ [clauth.client]
+ [clauth.user]
+ [clauth.store.redis]
+ [clojure.test]))
(deftest redis-store-implementaiton
View
4 test/clauth/test/token.clj
@@ -1,6 +1,6 @@
(ns clauth.test.token
- (:use [clauth.token])
- (:use [clojure.test])
+ (:use [clauth.token]
+ [clojure.test])
(:require [clj-time.core :as time]))
(deftest token-records
View
4 test/clauth/test/user.clj
@@ -1,6 +1,6 @@
(ns clauth.test.user
- (:use [clauth.user])
- (:use [clojure.test]))
+ (:use [clauth.user]
+ [clojure.test]))
(deftest user-registration
(reset-user-store!)
Please sign in to comment.
Something went wrong with that request. Please try again.