change oauth-plugin to oauth2-provider gem.

tobi · Jul 18, 2011 · 3b30d20 · 3b30d20
1 parent 1c853d8
commit 3b30d20
Show file tree

Hide file tree

Showing 24 changed files with 1,109 additions and 41 deletions.
diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb
@@ -1,9 +1,29 @@
-require 'oauth/controllers/provider_controller'
 class OauthController < ApplicationController
-  # oauth plugin使用了login_required方法
-  alias :logged_in? :user_signed_in?
-  alias :login_required :authenticate_user!
-  include OAuth::Controllers::ProviderController
+  prepend_before_filter :authenticate_user!, except: :access_token
+
+  expose(:shop) { current_user.shop }
+
+  def authorize # 返回authorize_code
+    @oauth2 = OAuth2::Provider.parse(shop, request)
+    #response.headers = @oauth2.response_headers
+    #response.status = @oauth2.response_status
+    redirect_to @oauth2.redirect_uri  if @oauth2.redirect?
+  end
+
+  def access_token # 返回access_token
+    @oauth2 = OAuth2::Provider.parse(nil, request)
+    render text: @oauth2.response_body
+  end
+
+  def allow
+    @auth = OAuth2::Provider::Authorization.new(shop, params)
+    if params['allow'] == '1'
+      @auth.grant_access!
+    else
+      @auth.deny_access!
+    end
+    redirect_to @auth.redirect_uri
+  end
 
   protected
   # Override this to match your authorization page form

diff --git a/app/controllers/shops_controller.rb b/app/controllers/shops_controller.rb
@@ -1,6 +1,6 @@
 # encoding: utf-8
 class ShopsController < ApplicationController
-  prepend_before_filter :authenticate_user!
+  prepend_before_filter :authenticate_user!, except: :me
   layout 'admin', only: :edit
 
   expose(:shop) { current_user.shop }
@@ -16,4 +16,15 @@ def update
     end
   end
 
+  def me
+    authorization = OAuth2::Provider.access_token(nil, [], request)
+    result = if authorization.valid?
+      shop = authorization.owner
+      shop.as_json
+    else
+      {error: 'No soup for you!'}
+    end
+    render json: result.to_json
+  end
+
 end
diff --git a/app/controllers/themes_controller.rb b/app/controllers/themes_controller.rb
@@ -27,13 +27,14 @@ def show
       end.to_json
     end
 
-    def download
-      access_token = client.web_server.get_access_token( params[:code], :redirect_uri => oauth_callback_url)
+    def download # 确认切换主题
+      access_token = client.web_server.get_access_token params[:code], redirect_uri: oauth_callback_url
+      me = access_token.get('/api/me')
+      #ap me
+      render :text => access_token
+    end
 
-      user_json = access_token.get('/me')
-      # in reality you would at this point store the access_token.token value as well as 
-      # any user info you wanted
-      render :json => user_json
+    def apply # 切换主题
     end
 
     def login # 未登录时提示用户登录或者注册(如果直接跳转至登录页面则对未注册用户不友好)
@@ -86,7 +87,9 @@ def delete_preset # 删除预设
   protected
   def client
     @client ||= OAuth2::Client.new(
-      'ow0lvGeMEUmjrLh8SIFhxzGVfCZK5flWbI8AMIKu', 'Y1KgbKUkd12kU3hoVJ3rnCp2IQTckVlOFjqsPPdq', :site => 'http://lvh.me:4001'
+      '4rvacrldtx5w5utihdp50i328',
+      '5lvh1ml1ategg8v6udc1n99rd',
+      site: 'http://lvh.me:4001'
     )
   end
 

diff --git a/app/models/shop.rb b/app/models/shop.rb
@@ -1,5 +1,7 @@
 # encoding: utf-8
 class Shop < ActiveRecord::Base
+  include OAuth2::Model::ClientOwner
+  include OAuth2::Model::ResourceOwner
   has_many :users             , dependent: :destroy
   has_many :products          , dependent: :destroy                      , order: :id.desc
   has_many :variants          , class_name: 'ProductVariant' #冗余shop_id
@@ -16,8 +18,6 @@ class Shop < ActiveRecord::Base
   has_many :carts             , dependent: :destroy
   has_many :subscribes        , dependent: :destroy
   has_one  :theme             , dependent: :destroy                      , class_name: 'ShopTheme'
-  has_many :clients           , dependent: :destroy                      , class_name: 'ClientApplication'
-  has_many :tokens            , dependent: :destroy                      , class_name: 'OauthToken'
 
   has_many :types             , dependent: :destroy                      , class_name: 'ShopProductType'
   has_many :vendors           , dependent: :destroy                      , class_name: 'ShopProductVendor'

diff --git a/app/views/oauth/authorize.html.haml b/app/views/oauth/authorize.html.haml
@@ -1,16 +1,19 @@
-%h1 Authorize access to your account
+%h3 Authorize OAuth client
 %p
-  Would you like to authorize
-  = link_to @token.client_application.name,@token.client_application.url
-  (
-  = link_to @token.client_application.url,@token.client_application.url
-  ) to access your account?
-- form_tag authorize_url do
-  = hidden_field_tag "oauth_token", @token.token
-  - if params[:oauth_callback]
-    = hidden_field_tag "oauth_callback", params[:oauth_callback]
-  %p
-    = check_box_tag 'authorize'
-    authorize access
-  %p
-    = submit_tag
+  This application
+  %b=@oauth2.client.name
+  wants
+  the following permissions:
+%ul
+  -@oauth2.scopes.each do |scope|
+    -next unless PERMISSIONS[scope]
+    %li=PERMISSIONS[scope]
+=form_tag oauth_allow_path do
+  - @oauth2.params.each do |key, value|
+    %input{:name => "#{key}", :type => "hidden", :value => "#{value}"}
+  -#%input{:name => "user_id", :type => "hidden", :value => "#{@user.id}"}
+  %fieldset
+    %input#allow{:name => "allow", :type => "checkbox", :value => "1"}
+    %label{:for => "allow"} Allow this application
+  %fieldset
+    %input{:type => "submit", :value => "Go!"}/
diff --git a/app/views/themes/apply.html.haml b/app/views/themes/apply.html.haml
@@ -0,0 +1,17 @@
+=content_for :login do
+  %li
+    以
+    %a(href="http://test.myshopqi.com") test
+    身份登录
+    (
+    %a(href="/logout")> log out
+    )
+
+.message-box
+  %h2 您的主题正在更换...
+  %p
+    完成主题更换可能需要一两分钟的时间。您可以检查
+    %a(href="http://medhurst-shields-and-kunde7896.myshopify.com") 您的商店
+    看看是否已经更新为新的主题或者返回
+    =succeed "." do
+      %a(href="/") 主题商店
diff --git a/config/application.rb b/config/application.rb
@@ -61,9 +61,6 @@ class Application < Rails::Application
       :entitystore => "file:#{Rails.root}/tmp/dragonfly/cache/body"
     }
 
-    require 'oauth/rack/oauth_filter' # oauth plugin
-    config.middleware.use OAuth::Rack::OAuthFilter
-
     #config.middleware.use ::Rack::PerftoolsProfiler, :default_printer => 'gif', :bundler => true, :mode => :walltime
   end
 end
diff --git a/config/initializers/oauth2.rb b/config/initializers/oauth2.rb
@@ -0,0 +1,3 @@
+# encoding: utf-8
+require 'oauth2/provider'
+OAuth2::Provider.realm = 'ShopQi'
diff --git a/config/routes.rb b/config/routes.rb
@@ -2,13 +2,15 @@
 #include Rails.application.routes.url_helpers #在console中调用orders_path等
 Shopqi::Application.routes.draw do
 
-  resources :oauth_clients
-  match '/oauth/test_request',  :to => 'oauth#test_request',  :as => :test_request
-  match '/oauth/token',         :to => 'oauth#token',         :as => :token
-  match '/oauth/access_token',  :to => 'oauth#access_token',  :as => :access_token
-  match '/oauth/request_token', :to => 'oauth#request_token', :as => :request_token
-  match '/oauth/authorize',     :to => 'oauth#authorize',     :as => :authorize
-  match '/oauth',               :to => 'oauth#index',         :as => :oauth
+  begin 'oauth2'
+    get '/oauth/authorize', :to => 'oauth#authorize', :as => :authorize
+    post '/oauth/access_token', :to => 'oauth#access_token', :as => :access_token
+    match '/oauth/allow'   , :to => 'oauth#allow'    , :as => :oauth_allow
+  end
+
+  scope "/api" do # 供oauth2调用
+    get '/me' => 'shops#me', as: :api_me
+  end
 
   devise_for :user, controllers: {registrations: "users/registrations"} do
     get "signup", to: "users/registrations#new"
@@ -21,6 +23,7 @@
     get '/themes/filter' => 'themes#filter'
     get '/themes/:name/styles/:style' => 'themes#show'
     get '/themes/:name/styles/:style/download' => 'themes#download'
+    get '/themes/:name/styles/:style/apply' => 'themes#apply'
   end
 
   constraints(Subdomain) do # 前台商店

diff --git a/db/migrate/20110717022034_create_oauth2_provider.rb b/db/migrate/20110717022034_create_oauth2_provider.rb
@@ -0,0 +1,35 @@
+class CreateOauth2Provider < ActiveRecord::Migration
+  def self.up
+    create_table :oauth2_clients, force: true do |t|
+      t.string     :oauth2_client_owner_type
+      t.integer    :oauth2_client_owner_id
+      t.string     :name
+      t.string     :client_id
+      t.string     :client_secret_hash
+      t.string     :redirect_uri
+      t.timestamps
+    end
+    add_index :oauth2_clients, :client_id
+
+    create_table :oauth2_authorizations, force: true do |t|
+      t.string     :oauth2_resource_owner_type
+      t.integer    :oauth2_resource_owner_id
+      t.belongs_to :client
+      t.string     :scope
+      t.string     :code,               limit: 40
+      t.string     :access_token_hash,  limit: 40
+      t.string     :refresh_token_hash, limit: 40
+      t.datetime   :expires_at
+      t.timestamps
+    end
+    add_index :oauth2_authorizations, [:client_id, :code]
+    add_index :oauth2_authorizations, [:access_token_hash]
+    add_index :oauth2_authorizations, [:client_id, :access_token_hash]
+    add_index :oauth2_authorizations, [:client_id, :refresh_token_hash]
+  end
+
+  def self.down
+    drop_table :oauth2_clients
+    drop_table :oauth2_authorizations
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20110716012829) do
+ActiveRecord::Schema.define(:version => 20110717022034) do
 
   create_table "articles", :force => true do |t|
     t.integer  "shop_id"
@@ -220,6 +220,37 @@
 
   add_index "links", ["link_list_id"], :name => "index_links_on_link_list_id"
 
+  create_table "oauth2_authorizations", :force => true do |t|
+    t.string   "oauth2_resource_owner_type"
+    t.integer  "oauth2_resource_owner_id"
+    t.integer  "client_id"
+    t.string   "scope"
+    t.string   "code",                       :limit => 40
+    t.string   "access_token_hash",          :limit => 40
+    t.string   "refresh_token_hash",         :limit => 40
+    t.datetime "expires_at"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "oauth2_authorizations", ["access_token_hash"], :name => "index_oauth2_authorizations_on_access_token_hash"
+  add_index "oauth2_authorizations", ["client_id", "access_token_hash"], :name => "index_oauth2_authorizations_on_client_id_and_access_token_hash"
+  add_index "oauth2_authorizations", ["client_id", "code"], :name => "index_oauth2_authorizations_on_client_id_and_code"
+  add_index "oauth2_authorizations", ["client_id", "refresh_token_hash"], :name => "index_oauth2_authorizations_on_client_id_and_refresh_token_hash"
+
+  create_table "oauth2_clients", :force => true do |t|
+    t.string   "oauth2_client_owner_type"
+    t.integer  "oauth2_client_owner_id"
+    t.string   "name"
+    t.string   "client_id"
+    t.string   "client_secret_hash"
+    t.string   "redirect_uri"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "oauth2_clients", ["client_id"], :name => "index_oauth2_clients_on_client_id"
+
   create_table "oauth_nonces", :force => true do |t|
     t.string   "nonce"
     t.integer  "timestamp"

diff --git a/lib/oauth2/model.rb b/lib/oauth2/model.rb
@@ -0,0 +1,17 @@
+require 'active_record'
+
+module OAuth2
+  module Model
+    autoload :ClientOwner,   ROOT + '/oauth2/model/client_owner'
+    autoload :ResourceOwner, ROOT + '/oauth2/model/resource_owner'
+    autoload :Hashing,       ROOT + '/oauth2/model/hashing'
+    autoload :Authorization, ROOT + '/oauth2/model/authorization'
+    autoload :Client,        ROOT + '/oauth2/model/client'
+    autoload :Schema,        ROOT + '/oauth2/model/schema'
+
+    def self.find_access_token(access_token)
+      Authorization.find_by_access_token_hash(OAuth2.hashify(access_token))
+    end
+  end
+end
+