cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adding initial version of the OAuth token authentication method. This adds basic OAuth support for registering apps, getting and revoking keys, etc... The tokens come with 6 separate permissions bits; read/write user preferences, write diaries, write API and read/write GPS traces. Needs more tests.

Browse source
This commit is contained in:
Matt Amos 2009-06-22 16:54:37 +00:00
parent 2ad330d642
commit b8f6dbd403
85 changed files with 3277 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

24
vendor/plugins/oauth-plugin/generators/oauth_provider/USAGE vendored Normal file
View file

@ -0,0 +1,24 @@
./script/generate oauth_provider
This creates an OAuth Provider controller as well as the requisite models.
It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication.
If you generated the migration file (true by default), make sure you run
rake db:migrate
You need to add the following routes to your config/routes.rb file:
map.resources :oauth_clients
map.oauth '/oauth',:controller=>'oauth',:action=>'index'
map.authorize '/oauth/authorize',:controller=>'oauth',:action=>'authorize'
map.request_token '/oauth/request_token',:controller=>'oauth',:action=>'request_token'
map.access_token '/oauth/access_token',:controller=>'oauth',:action=>'access_token'
map.test_request '/oauth/test_request',:controller=>'oauth',:action=>'test_request'
include the following in your user.rb
has_many :client_applications
has_many :tokens, :class_name=>"OauthToken",:order=>"authorized_at desc",:include=>[:client_application]

116
vendor/plugins/oauth-plugin/generators/oauth_provider/oauth_provider_generator.rb vendored Normal file
View file

@ -0,0 +1,116 @@
class OauthProviderGenerator < Rails::Generator::Base
default_options :skip_migration => false
attr_reader :class_path,
:controller_name,
:controller_class_path,
:controller_file_path,
:controller_class_name,
:controller_singular_name,
:controller_plural_name
alias_method :controller_file_name, :controller_singular_name
def initialize(runtime_args, runtime_options = {})
super
@controller_name = args.shift || 'oauth'
@controller_singular_name = 'oauth'
@controller_plural_name = 'oauth'
@controller_file_name = 'oauth'
@controller_class_name="Oauth"
@class_path=''
@controller_class_path=''
end
def manifest
record do |m|
# Check for class naming collisions.
# Check for class naming collisions.
m.class_collisions controller_class_path, "#{controller_class_name}Controller", # Oauth Controller
"#{controller_class_name}Helper",
"#{controller_class_name}ClientsController",
"#{controller_class_name}ClientsHelper"
m.class_collisions class_path, "ClientApplication","OauthNonce","RequestToken","AccessToken","OauthToken"
# Controller, helper, views, and test directories.
m.directory File.join('app/models', class_path)
m.directory File.join('app/controllers', controller_class_path)
m.directory File.join('app/helpers', controller_class_path)
m.directory File.join('app/views', controller_class_path, controller_file_name)
m.directory File.join('app/views', controller_class_path, 'oauth_clients')
m.template 'client_application.rb',File.join('app/models',"client_application.rb")
m.template 'oauth_token.rb', File.join('app/models',"oauth_token.rb")
m.template 'request_token.rb', File.join('app/models',"request_token.rb")
m.template 'access_token.rb', File.join('app/models',"access_token.rb")
m.template 'oauth_nonce.rb', File.join('app/models',"oauth_nonce.rb")
m.template 'controller.rb',File.join('app/controllers',controller_class_path,"#{controller_file_name}_controller.rb")
m.template 'helper.rb',File.join('app/helpers',controller_class_path,"#{controller_file_name}_helper.rb")
m.template 'clients_controller.rb',File.join('app/controllers',controller_class_path,"#{controller_file_name}_clients_controller.rb")
m.template 'clients_helper.rb',File.join('app/helpers',controller_class_path,"#{controller_file_name}_clients_helper.rb")
if !options[:test_unit]
m.directory File.join('spec')
m.directory File.join('spec/models')
m.directory File.join('spec/fixtures', class_path)
m.directory File.join('spec/controllers', controller_class_path)
m.template 'client_application_spec.rb',File.join('spec/models',"client_application_spec.rb")
m.template 'oauth_token_spec.rb', File.join('spec/models',"oauth_token_spec.rb")
m.template 'oauth_nonce_spec.rb', File.join('spec/models',"oauth_nonce_spec.rb")
m.template 'client_applications.yml',File.join('spec/fixtures',"client_applications.yml")
m.template 'oauth_tokens.yml', File.join('spec/fixtures',"oauth_tokens.yml")
m.template 'oauth_nonces.yml', File.join('spec/fixtures',"oauth_nonces.yml")
m.template 'controller_spec_helper.rb', File.join('spec/controllers', controller_class_path,"#{controller_file_name}_controller_spec_helper.rb")
m.template 'controller_spec.rb',File.join('spec/controllers',controller_class_path,"#{controller_file_name}_controller_spec.rb")
m.template 'clients_controller_spec.rb',File.join('spec/controllers',controller_class_path,"#{controller_file_name}_clients_controller_spec.rb")
else
m.directory File.join('test')
m.directory File.join('test/unit')
m.directory File.join('test/fixtures', class_path)
m.directory File.join('test/functional', controller_class_path)
m.template 'client_application_test.rb',File.join('test/unit',"client_application_test.rb")
m.template 'oauth_token_test.rb', File.join('test/unit',"oauth_token_test.rb")
m.template 'oauth_nonce_test.rb', File.join('test/unit',"oauth_nonce_test.rb")
m.template 'client_applications.yml',File.join('test/fixtures',"client_applications.yml")
m.template 'oauth_tokens.yml', File.join('test/fixtures',"oauth_tokens.yml")
m.template 'oauth_nonces.yml', File.join('test/fixtures',"oauth_nonces.yml")
m.template 'controller_test_helper.rb', File.join('test', controller_class_path,"#{controller_file_name}_controller_test_helper.rb")
m.template 'controller_test.rb',File.join('test/functional',controller_class_path,"#{controller_file_name}_controller_test.rb")
m.template 'clients_controller_test.rb',File.join('test/functional',controller_class_path,"#{controller_file_name}_clients_controller_test.rb")
end
m.template '_form.html.erb', File.join('app/views', controller_class_path, 'oauth_clients', "_form.html.erb")
m.template 'new.html.erb', File.join('app/views', controller_class_path, 'oauth_clients', "new.html.erb")
m.template 'index.html.erb', File.join('app/views', controller_class_path, 'oauth_clients', "index.html.erb")
m.template 'show.html.erb', File.join('app/views', controller_class_path, 'oauth_clients', "show.html.erb")
m.template 'edit.html.erb', File.join('app/views', controller_class_path, 'oauth_clients', "edit.html.erb")
m.template 'authorize.html.erb', File.join('app/views', controller_class_path, controller_file_name, "authorize.html.erb")
m.template 'authorize_success.html.erb', File.join('app/views', controller_class_path, controller_file_name, "authorize_success.html.erb")
m.template 'authorize_failure.html.erb', File.join('app/views', controller_class_path, controller_file_name, "authorize_failure.html.erb")
unless options[:skip_migration]
m.migration_template 'migration.rb', 'db/migrate', :assigns => {
:migration_name => "CreateOauthTables"
}, :migration_file_name => "create_oauth_tables"
end
end
end
protected
def banner
"Usage: #{$0} #{spec.name}"
end
def add_options!(opt)
opt.separator ''
opt.separator 'Options:'
opt.on("--skip-migration",
"Don't generate a migration file") { |v| options[:skip_migration] = v }
opt.on("--test-unit",
"Generate the Test::Unit compatible tests instead of RSpec") { |v| options[:test_unit] = v }
end
end

16
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/_form.html.erb vendored Normal file
View file

@ -0,0 +1,16 @@
<div class="field">
<label for="client_application_name">Name*</label><br/>
<%%= f.text_field :name %>
</div>
<div class="field">
<label for="client_application_url">Main Application URL*</label><br/>
<%%= f.text_field :url %>
</div>
<div class="field">
<label for="client_application_callback_url">Callback URL*</label><br/>
<%%= f.text_field :callback_url %>
</div>
<div class="field">
<label for="client_application_support_url">Support URL</label><br/>
<%%= f.text_field :support_url %>
</div>

10
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/access_token.rb vendored Normal file
View file

@ -0,0 +1,10 @@
class AccessToken<OauthToken
validates_presence_of :user
before_create :set_authorized_at
protected
def set_authorized_at
self.authorized_at = Time.now
end
end

14
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/authorize.html.erb vendored Normal file
View file

@ -0,0 +1,14 @@
<h1>Authorize access to your account</h1>
<p>Would you like to authorize <%%= link_to @token.client_application.name,@token.client_application.url %> (<%%= link_to @token.client_application.url,@token.client_application.url %>) to access your account?</p>
<%% form_tag authorize_url do %>
<%%= hidden_field_tag "oauth_token", @token.token %>
<%%- if params[:oauth_callback] -%>
<%%= hidden_field_tag "oauth_callback", params[:oauth_callback] %>
<%%- end -%>
<p>
<%%= check_box_tag 'authorize' %> authorize access
</p>
<p>
<%%= submit_tag %>
</p>
<%% end %>

1
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/authorize_failure.html.erb vendored Normal file
View file

@ -0,0 +1 @@
<h1>You have disallowed this request</h1>

1
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/authorize_success.html.erb vendored Normal file
View file

@ -0,0 +1 @@
<h1>You have allowed this request</h1>

54
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/client_application.rb vendored Normal file
View file

@ -0,0 +1,54 @@
require 'oauth'
class ClientApplication < ActiveRecord::Base
belongs_to :user
has_many :tokens, :class_name => "OauthToken"
validates_presence_of :name, :url, :key, :secret
validates_uniqueness_of :key
before_validation_on_create :generate_keys
def self.find_token(token_key)
token = OauthToken.find_by_token(token_key, :include => :client_application)
if token && token.authorized?
logger.info "Loaded #{token.token} which was authorized by (user_id=#{token.user_id}) on the #{token.authorized_at}"
token
else
nil
end
end
def self.verify_request(request, options = {}, &block)
begin
signature = OAuth::Signature.build(request, options, &block)
logger.info "Signature Base String: #{signature.signature_base_string}"
logger.info "Consumer: #{signature.send :consumer_key}"
logger.info "Token: #{signature.send :token}"
return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
value = signature.verify
logger.info "Signature verification returned: #{value.to_s}"
value
rescue OAuth::Signature::UnknownSignatureMethod => e
logger.info "ERROR"+e.to_s
false
end
end
def oauth_server
@oauth_server ||= OAuth::Server.new("http://your.site")
end
def credentials
@oauth_client ||= OAuth::Consumer.new(key, secret)
end
def create_request_token
RequestToken.create :client_application => self
end
protected
def generate_keys
@oauth_client = oauth_server.generate_consumer_credentials
self.key = @oauth_client.key
self.secret = @oauth_client.secret
end
end

60
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/client_application_spec.rb vendored Normal file
View file

@ -0,0 +1,60 @@
require File.dirname(__FILE__) + '/../spec_helper'
module OAuthSpecHelpers
def create_consumer
@consumer = OAuth::Consumer.new(@application.key,@application.secret,
{
:site => @application.oauth_server.base_url
})
end
def create_test_request
end
def create_oauth_request
@token = AccessToken.create :client_application => @application, :user => users(:quentin)
@request = @consumer.create_signed_request(:get, "/hello", @token)
end
def create_request_token_request
@request = @consumer.create_signed_request(:get, @application.oauth_server.request_token_path, @token)
end
def create_access_token_request
@token = RequestToken.create :client_application => @application
@request = @consumer.create_signed_request(:get, @application.oauth_server.request_token_path, @token)
end
end
describe ClientApplication do #, :shared => true do
include OAuthSpecHelpers
fixtures :users, :client_applications, :oauth_tokens
before(:each) do
@application = ClientApplication.create :name => "Agree2", :url => "http://agree2.com", :user => users(:quentin)
create_consumer
end
it "should be valid" do
@application.should be_valid
end
it "should not have errors" do
@application.errors.full_messages.should == []
end
it "should have key and secret" do
@application.key.should_not be_nil
@application.secret.should_not be_nil
end
it "should have credentials" do
@application.credentials.should_not be_nil
@application.credentials.key.should == @application.key
@application.credentials.secret.should == @application.secret
end
end

42
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/client_application_test.rb vendored Normal file
View file

@ -0,0 +1,42 @@
require File.dirname(__FILE__) + '/../test_helper'
module OAuthHelpers
def create_consumer
@consumer=OAuth::Consumer.new(@application.key,@application.secret,
{
:site=>@application.oauth_server.base_url
})
end
end
class ClientApplicationTest < ActiveSupport::TestCase
include OAuthHelpers
fixtures :users,:client_applications,:oauth_tokens
def setup
@application = ClientApplication.create :name=>"Agree2",:url=>"http://agree2.com",:user=>users(:quentin)
create_consumer
end
def test_should_be_valid
assert @application.valid?
end
def test_should_not_have_errors
assert_equal [], @application.errors.full_messages
end
def test_should_have_key_and_secret
assert_not_nil @application.key
assert_not_nil @application.secret
end
def test_should_have_credentials
assert_not_nil @application.credentials
assert_equal @application.key, @application.credentials.key
assert_equal @application.secret, @application.credentials.secret
end
end

23
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/client_applications.yml vendored Normal file
View file

@ -0,0 +1,23 @@
# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
one:
id: 1
name: MyString
url: MyString
support_url: MyString
callback_url: MyString
key: one_key
secret: MyString
user_id: 1
created_at: 2007-11-17 16:56:51
updated_at: 2007-11-17 16:56:51
two:
id: 2
name: MyString
url: MyString
support_url: MyString
callback_url: MyString
key: two_key
secret: MyString
user_id: 1
created_at: 2007-11-17 16:56:51
updated_at: 2007-11-17 16:56:51

47
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/clients_controller.rb vendored Normal file
View file

@ -0,0 +1,47 @@
class OauthClientsController < ApplicationController
before_filter :login_required
def index
@client_applications = current_user.client_applications
@tokens = current_user.tokens.find :all, :conditions => 'oauth_tokens.invalidated_at is null and oauth_tokens.authorized_at is not null'
end
def new
@client_application = ClientApplication.new
end
def create
@client_application = current_user.client_applications.build(params[:client_application])
if @client_application.save
flash[:notice] = "Registered the information successfully"
redirect_to :action => "show", :id => @client_application.id
else
render :action => "new"
end
end
def show
@client_application = current_user.client_applications.find(params[:id])
end
def edit
@client_application = current_user.client_applications.find(params[:id])
end
def update
@client_application = current_user.client_applications.find(params[:id])
if @client_application.update_attributes(params[:client_application])
flash[:notice] = "Updated the client information successfully"
redirect_to :action => "show", :id => @client_application.id
else
render :action => "edit"
end
end
def destroy
@client_application = current_user.client_applications.find(params[:id])
@client_application.destroy
flash[:notice] = "Destroyed the client application registration"
redirect_to :action => "index"
end
end

239
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/clients_controller_spec.rb vendored Normal file
View file

@ -0,0 +1,239 @@
require File.dirname(__FILE__) + '/../spec_helper'
require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
require 'oauth/client/action_controller_request'
describe OauthClientsController, "index" do
include OAuthControllerSpecHelper
before(:each) do
login_as_application_owner
end
def do_get
get :index
end
it "should be successful" do
do_get
response.should be_success
end
it "should query current_users client applications" do
@user.should_receive(:client_applications).and_return(@client_applications)
do_get
end
it "should assign client_applications" do
do_get
assigns[:client_applications].should equal(@client_applications)
end
it "should render index template" do
do_get
response.should render_template('index')
end
end
describe OauthClientsController, "show" do
include OAuthControllerSpecHelper
before(:each) do
login_as_application_owner
end
def do_get
get :show, :id => '3'
end
it "should be successful" do
do_get
response.should be_success
end
it "should query current_users client applications" do
@user.should_receive(:client_applications).and_return(@client_applications)
@client_applications.should_receive(:find).with('3').and_return(@client_application)
do_get
end
it "should assign client_applications" do
do_get
assigns[:client_application].should equal(@client_application)
end
it "should render show template" do
do_get
response.should render_template('show')
end
end
describe OauthClientsController, "new" do
include OAuthControllerSpecHelper
before(:each) do
login_as_application_owner
ClientApplication.stub!(:new).and_return(@client_application)
end
def do_get
get :new
end
it "should be successful" do
do_get
response.should be_success
end
it "should assign client_applications" do
do_get
assigns[:client_application].should equal(@client_application)
end
it "should render show template" do
do_get
response.should render_template('new')
end
end
describe OauthClientsController, "edit" do
include OAuthControllerSpecHelper
before(:each) do
login_as_application_owner
end
def do_get
get :edit, :id => '3'
end
it "should be successful" do
do_get
response.should be_success
end
it "should query current_users client applications" do
@user.should_receive(:client_applications).and_return(@client_applications)
@client_applications.should_receive(:find).with('3').and_return(@client_application)
do_get
end
it "should assign client_applications" do
do_get
assigns[:client_application].should equal(@client_application)
end
it "should render edit template" do
do_get
response.should render_template('edit')
end
end
describe OauthClientsController, "create" do
include OAuthControllerSpecHelper
before(:each) do
login_as_application_owner
@client_applications.stub!(:build).and_return(@client_application)
@client_application.stub!(:save).and_return(true)
end
def do_valid_post
@client_application.should_receive(:save).and_return(true)
post :create, 'client_application'=>{'name' => 'my site'}
end
def do_invalid_post
@client_application.should_receive(:save).and_return(false)
post :create, :client_application=>{:name => 'my site'}
end
it "should query current_users client applications" do
@client_applications.should_receive(:build).and_return(@client_application)
do_valid_post
end
it "should redirect to new client_application" do
do_valid_post
response.should be_redirect
response.should redirect_to(:action => "show", :id => @client_application.id)
end
it "should assign client_applications" do
do_invalid_post
assigns[:client_application].should equal(@client_application)
end
it "should render show template" do
do_invalid_post
response.should render_template('new')
end
end
describe OauthClientsController, "destroy" do
include OAuthControllerSpecHelper
before(:each) do
login_as_application_owner
@client_application.stub!(:destroy)
end
def do_delete
delete :destroy, :id => '3'
end
it "should query current_users client applications" do
@user.should_receive(:client_applications).and_return(@client_applications)
@client_applications.should_receive(:find).with('3').and_return(@client_application)
do_delete
end
it "should destroy client applications" do
@client_application.should_receive(:destroy)
do_delete
end
it "should redirect to list" do
do_delete
response.should be_redirect
response.should redirect_to(:action => 'index')
end
end
describe OauthClientsController, "update" do
include OAuthControllerSpecHelper
before(:each) do
login_as_application_owner
end
def do_valid_update
@client_application.should_receive(:update_attributes).and_return(true)
put :update, :id => '1', 'client_application'=>{'name' => 'my site'}
end
def do_invalid_update
@client_application.should_receive(:update_attributes).and_return(false)
put :update, :id => '1', 'client_application'=>{'name' => 'my site'}
end
it "should query current_users client applications" do
@user.should_receive(:client_applications).and_return(@client_applications)
@client_applications.should_receive(:find).with('1').and_return(@client_application)
do_valid_update
end
it "should redirect to new client_application" do
do_valid_update
response.should be_redirect
response.should redirect_to(:action => "show", :id => @client_application.id)
end
it "should assign client_applications" do
do_invalid_update
assigns[:client_application].should equal(@client_application)
end
it "should render show template" do
do_invalid_update
response.should render_template('edit')
end
end

280
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/clients_controller_test.rb vendored Normal file
View file

@ -0,0 +1,280 @@
require File.dirname(__FILE__) + '/../test_helper'
require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
require 'oauth/client/action_controller_request'
class OauthClientsController; def rescue_action(e) raise e end; end
class OauthClientsControllerIndexTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthClientsController
def setup
@controller = OauthClientsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
login_as_application_owner
end
def do_get
get :index
end
def test_should_be_successful
do_get
assert @response.success?
end
def test_should_query_current_users_client_applications
@user.expects(:client_applications).returns(@client_applications)
do_get
end
def test_should_assign_client_applications
do_get
assert_equal @client_applications, assigns(:client_applications)
end
def test_should_render_index_template
do_get
assert_template 'index'
end
end
class OauthClientsControllerShowTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthClientsController
def setup
@controller = OauthClientsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
login_as_application_owner
end
def do_get
get :show, :id=>'3'
end
def test_should_be_successful
do_get
assert @response.success?
end
def test_should_query_current_users_client_applications
@user.expects(:client_applications).returns(@client_applications)
@client_applications.expects(:find).with('3').returns(@client_application)
do_get
end
def test_should_assign_client_applications
do_get
assert_equal @client_application, assigns(:client_application)
end
def test_should_render_show_template
do_get
assert_template 'show'
end
end
class OauthClientsControllerNewTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthClientsController
def setup
@controller = OauthClientsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
login_as_application_owner
ClientApplication.stubs(:new).returns(@client_application)
end
def do_get
get :new
end
def test_should_be_successful
do_get
assert @response.success?
end
def test_should_assign_client_applications
do_get
assert_equal @client_application, assigns(:client_application)
end
def test_should_render_show_template
do_get
assert_template 'new'
end
end
class OauthClientsControllerEditTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthClientsController
def setup
@controller = OauthClientsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
login_as_application_owner
end
def do_get
get :edit, :id=>'3'
end
def test_should_be_successful
do_get
assert @response.success?
end
def test_should_query_current_users_client_applications
@user.expects(:client_applications).returns(@client_applications)
@client_applications.expects(:find).with('3').returns(@client_application)
do_get
end
def test_should_assign_client_applications
do_get
assert_equal @client_application, assigns(:client_application)
end
def test_should_render_edit_template
do_get
assert_template 'edit'
end
end
class OauthClientsControllerCreateTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthClientsController
def setup
@controller = OauthClientsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
login_as_application_owner
@client_applications.stubs(:build).returns(@client_application)
@client_application.stubs(:save).returns(true)
end
def do_valid_post
@client_application.expects(:save).returns(true)
post :create,'client_application'=>{'name'=>'my site'}
end
def do_invalid_post
@client_application.expects(:save).returns(false)
post :create,:client_application=>{:name=>'my site'}
end
def test_should_query_current_users_client_applications
@client_applications.expects(:build).returns(@client_application)
do_valid_post
end
def test_should_redirect_to_new_client_application
do_valid_post
assert_response :redirect
assert_redirected_to(:action => "show", :id => @client_application.id)
end
def test_should_assign_client_applications
do_invalid_post
assert_equal @client_application, assigns(:client_application)
end
def test_should_render_show_template
do_invalid_post
assert_template('new')
end
end
class OauthClientsControllerDestroyTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthClientsController
def setup
@controller = OauthClientsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
login_as_application_owner
@client_application.stubs(:destroy)
end
def do_delete
delete :destroy,:id=>'3'
end
def test_should_query_current_users_client_applications
@user.expects(:client_applications).returns(@client_applications)
@client_applications.expects(:find).with('3').returns(@client_application)
do_delete
end
def test_should_destroy_client_applications
@client_application.expects(:destroy)
do_delete
end
def test_should_redirect_to_list
do_delete
assert_response :redirect
assert_redirected_to :action => 'index'
end
end
class OauthClientsControllerUpdateTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthClientsController
def setup
@controller = OauthClientsController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
login_as_application_owner
end
def do_valid_update
@client_application.expects(:update_attributes).returns(true)
put :update, :id => '1', 'client_application' => {'name'=>'my site'}
end
def do_invalid_update
@client_application.expects(:update_attributes).returns(false)
put :update, :id=>'1', 'client_application' => {'name'=>'my site'}
end
def test_should_query_current_users_client_applications
@user.expects(:client_applications).returns(@client_applications)
@client_applications.expects(:find).with('1').returns(@client_application)
do_valid_update
end
def test_should_redirect_to_new_client_application
do_valid_update
assert_response :redirect
assert_redirected_to :action => "show", :id => @client_application.id
end
def test_should_assign_client_applications
do_invalid_update
assert_equal @client_application, assigns(:client_application)
end
def test_should_render_show_template
do_invalid_update
assert_template('edit')
end
end

2
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/clients_helper.rb vendored Normal file
View file

@ -0,0 +1,2 @@
module OauthClientsHelper
end

62
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller.rb vendored Normal file
View file

@ -0,0 +1,62 @@
class OauthController < ApplicationController
before_filter :login_required, :except => [:request_token, :access_token, :test_request]
before_filter :login_or_oauth_required, :only => [:test_request]
before_filter :verify_oauth_consumer_signature, :only => [:request_token]
before_filter :verify_oauth_request_token, :only => [:access_token]
# Uncomment the following if you are using restful_open_id_authentication
# skip_before_filter :verify_authenticity_token
def request_token
@token = current_client_application.create_request_token
if @token
render :text => @token.to_query
else
render :nothing => true, :status => 401
end
end
def access_token
@token = current_token && current_token.exchange!
if @token
render :text => @token.to_query
else
render :nothing => true, :status => 401
end
end
def test_request
render :text => params.collect{|k,v|"#{k}=#{v}"}.join("&")
end
def authorize
@token = RequestToken.find_by_token params[:oauth_token]
unless @token.invalidated?
if request.post?
if params[:authorize] == '1'
@token.authorize!(current_user)
redirect_url = params[:oauth_callback] || @token.client_application.callback_url
if redirect_url
redirect_to "#{redirect_url}?oauth_token=#{@token.token}"
else
render :action => "authorize_success"
end
elsif params[:authorize] == "0"
@token.invalidate!
render :action => "authorize_failure"
end
end
else
render :action => "authorize_failure"
end
end
def revoke
@token = current_user.tokens.find_by_token params[:token]
if @token
@token.invalidate!
flash[:notice] = "You've revoked the token for #{@token.client_application.name}"
end
redirect_to oauth_clients_url
end
end

296
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller_spec.rb vendored Normal file
View file

@ -0,0 +1,296 @@
require File.dirname(__FILE__) + '/../spec_helper'
require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
require 'oauth/client/action_controller_request'
describe OauthController, "getting a request token" do
include OAuthControllerSpecHelper
before(:each) do
setup_oauth
sign_request_with_oauth
@client_application.stub!(:create_request_token).and_return(@request_token)
end
def do_get
get :request_token
end
it "should be successful" do
do_get
response.should be_success
end
it "should query for client_application" do
ClientApplication.should_receive(:find_by_key).with('key').and_return(@client_application)
do_get
end
it "should request token from client_application" do
@client_application.should_receive(:create_request_token).and_return(@request_token)
do_get
end
it "should return token string" do
do_get
response.body.should == @request_token_string
end
end
describe OauthController, "token authorization" do
include OAuthControllerSpecHelper
before(:each) do
login
setup_oauth
RequestToken.stub!(:find_by_token).and_return(@request_token)
end
def do_get
get :authorize, :oauth_token => @request_token.token
end
def do_post
@request_token.should_receive(:authorize!).with(@user)
post :authorize, :oauth_token => @request_token.token, :authorize => "1"
end
def do_post_without_user_authorization
@request_token.should_receive(:invalidate!)
post :authorize, :oauth_token => @request_token.token, :authorize => "0"
end
def do_post_with_callback
@request_token.should_receive(:authorize!).with(@user)
post :authorize, :oauth_token => @request_token.token, :oauth_callback => "http://application/alternative", :authorize => "1"
end
def do_post_with_no_application_callback
@request_token.should_receive(:authorize!).with(@user)
@client_application.stub!(:callback_url).and_return(nil)
post :authorize, :oauth_token => @request_token.token, :authorize => "1"
end
it "should be successful" do
do_get
response.should be_success
end
it "should query for client_application" do
RequestToken.should_receive(:find_by_token).and_return(@request_token)
do_get
end
it "should assign token" do
do_get
assigns[:token].should equal(@request_token)
end
it "should render authorize template" do
do_get
response.should render_template('authorize')
end
it "should redirect to default callback" do
do_post
response.should be_redirect
response.should redirect_to("http://application/callback?oauth_token=#{@request_token.token}")
end
it "should redirect to callback in query" do
do_post_with_callback
response.should be_redirect
response.should redirect_to("http://application/alternative?oauth_token=#{@request_token.token}")
end
it "should be successful on authorize without any application callback" do
do_post_with_no_application_callback
response.should be_success
end
it "should be successful on authorize without any application callback" do
do_post_with_no_application_callback
response.should render_template('authorize_success')
end
it "should render failure screen on user invalidation" do
do_post_without_user_authorization
response.should render_template('authorize_failure')
end
it "should render failure screen if token is invalidated" do
@request_token.should_receive(:invalidated?).and_return(true)
do_get
response.should render_template('authorize_failure')
end
end
describe OauthController, "getting an access token" do
include OAuthControllerSpecHelper
before(:each) do
setup_oauth
sign_request_with_oauth @request_token
@request_token.stub!(:exchange!).and_return(@access_token)
end
def do_get
get :access_token
end
it "should be successful" do
do_get
response.should be_success
end
it "should query for client_application" do
ClientApplication.should_receive(:find_token).with(@request_token.token).and_return(@request_token)
do_get
end
it "should request token from client_application" do
@request_token.should_receive(:exchange!).and_return(@access_token)
do_get
end
it "should return token string" do
do_get
response.body.should == @access_token_string
end
end
class OauthorizedController<ApplicationController
before_filter :login_or_oauth_required, :only => :both
before_filter :login_required, :only => :interactive
before_filter :oauth_required, :only => :token_only
def interactive
end
def token_only
end
def both
end
end
describe OauthorizedController, " access control" do
include OAuthControllerSpecHelper
before(:each) do
end
it "should have access_token set up correctly" do
setup_to_authorize_request
@access_token.is_a?(AccessToken).should == true
@access_token.should be_authorized
@access_token.should_not be_invalidated
@access_token.user.should == @user
@access_token.client_application.should == @client_application
end
it "should return false for oauth? by default" do
controller.send(:oauth?).should == false
end
it "should return nil for current_token by default" do
controller.send(:current_token).should be_nil
end
it "should allow oauth when using login_or_oauth_required" do
setup_to_authorize_request
sign_request_with_oauth(@access_token)
ClientApplication.should_receive(:find_token).with(@access_token.token).and_return(@access_token)
get :both
controller.send(:current_token).should == @access_token
controller.send(:current_token).is_a?(AccessToken).should == true
controller.send(:current_user).should == @user
controller.send(:current_client_application).should == @client_application
response.code.should == '200'
response.should be_success
end
it "should allow interactive when using login_or_oauth_required" do
login
get :both
response.should be_success
controller.send(:current_user).should == @user
controller.send(:current_token).should be_nil
end
it "should allow oauth when using oauth_required" do
setup_to_authorize_request
sign_request_with_oauth(@access_token)
ClientApplication.should_receive(:find_token).with(@access_token.token).and_return(@access_token)
get :token_only
controller.send(:current_token).should == @access_token
controller.send(:current_client_application).should == @client_application
controller.send(:current_user).should == @user
response.code.should == '200'
response.should be_success
end
it "should disallow oauth using RequestToken when using oauth_required" do
setup_to_authorize_request
ClientApplication.should_receive(:find_token).with(@request_token.token).and_return(@request_token)
sign_request_with_oauth(@request_token)
get :token_only
response.code.should == '401'
end
it "should disallow interactive when using oauth_required" do
login
get :token_only
response.code.should == '401'
controller.send(:current_user).should == @user
controller.send(:current_token).should be_nil
end
it "should disallow oauth when using login_required" do
setup_to_authorize_request
sign_request_with_oauth(@access_token)
get :interactive
response.code.should == "302"
controller.send(:current_user).should be_nil
controller.send(:current_token).should be_nil
end
it "should allow interactive when using login_required" do
login
get :interactive
response.should be_success
controller.send(:current_user).should == @user
controller.send(:current_token).should be_nil
end
end
describe OauthController, "revoke" do
include OAuthControllerSpecHelper
before(:each) do
setup_oauth_for_user
@request_token.stub!(:invalidate!)
end
def do_post
post :revoke, :token => "TOKEN STRING"
end
it "should redirect to index" do
do_post
response.should be_redirect
response.should redirect_to('http://test.host/oauth_clients')
end
it "should query current_users tokens" do
@tokens.should_receive(:find_by_token).and_return(@request_token)
do_post
end
it "should call invalidate on token" do
@request_token.should_receive(:invalidate!)
do_post
end
end

74
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller_spec_helper.rb vendored Normal file
View file

@ -0,0 +1,74 @@
module OAuthControllerSpecHelper
def login
controller.stub!(:local_request?).and_return(true)
@user = mock_model(User)
controller.stub!(:current_user).and_return(@user)
@tokens = []
@tokens.stub!(:find).and_return(@tokens)
@user.stub!(:tokens).and_return(@tokens)
User.stub!(:find_by_id).and_return(@user)
end
def login_as_application_owner
login
@client_application = mock_model(ClientApplication)
@client_applications = [@client_application]
@user.stub!(:client_applications).and_return(@client_applications)
@client_applications.stub!(:find).and_return(@client_application)
end
def setup_oauth
controller.stub!(:local_request?).and_return(true)
@user||=mock_model(User)
User.stub!(:find_by_id).and_return(@user)
@server = OAuth::Server.new "http://test.host"
@consumer = OAuth::Consumer.new('key', 'secret',{:site => "http://test.host"})
@client_application = mock_model(ClientApplication)
controller.stub!(:current_client_application).and_return(@client_application)
ClientApplication.stub!(:find_by_key).and_return(@client_application)
@client_application.stub!(:key).and_return(@consumer.key)
@client_application.stub!(:secret).and_return(@consumer.secret)
@client_application.stub!(:name).and_return("Client Application name")
@client_application.stub!(:callback_url).and_return("http://application/callback")
@request_token = mock_model(RequestToken, :token => 'request_token', :client_application => @client_application, :secret => "request_secret", :user => @user)
@request_token.stub!(:invalidated?).and_return(false)
ClientApplication.stub!(:find_token).and_return(@request_token)
@request_token_string = "oauth_token = request_token&oauth_token_secret = request_secret"
@request_token.stub!(:to_query).and_return(@request_token_string)
@access_token = mock_model(AccessToken, :token => 'access_token', :client_application => @client_application, :secret => "access_secret", :user => @user)
@access_token.stub!(:invalidated?).and_return(false)
@access_token.stub!(:authorized?).and_return(true)
@access_token_string = "oauth_token = access_token&oauth_token_secret = access_secret"
@access_token.stub!(:to_query).and_return(@access_token_string)
@client_application.stub!(:authorize_request?).and_return(true)
# @client_application.stub!(:sign_request_with_oauth_token).and_return(@request_token)
@client_application.stub!(:exchange_for_access_token).and_return(@access_token)
end
def setup_oauth_for_user
login
setup_oauth
@tokens = [@request_token]
@tokens.stub!(:find).and_return(@tokens)
@tokens.stub!(:find_by_token).and_return(@request_token)
@user.stub!(:tokens).and_return(@tokens)
end
def sign_request_with_oauth(token = nil)
ActionController::TestRequest.use_oauth = true
@request.configure_oauth(@consumer,token)
end
def setup_to_authorize_request
setup_oauth
OauthToken.stub!(:find_by_token).with( @access_token.token).and_return(@access_token)
@access_token.stub!(:is_a?).and_return(true)
end
end

310
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller_test.rb vendored Normal file
View file

@ -0,0 +1,310 @@
require File.dirname(__FILE__) + '/../test_helper'
require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
require 'oauth/client/action_controller_request'
class OauthController; def rescue_action(e) raise e end; end
class OauthControllerRequestTokenTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthController
def setup
@controller = OauthController.new
setup_oauth
sign_request_with_oauth
@client_application.stubs(:create_request_token).returns(@request_token)
end
def do_get
get :request_token
end
def test_should_be_successful
do_get
assert @response.success?
end
def test_should_query_for_client_application
ClientApplication.expects(:find_by_key).with('key').returns(@client_application)
do_get
end
def test_should_request_token_from_client_application
@client_application.expects(:create_request_token).returns(@request_token)
do_get
end
def test_should_return_token_string
do_get
assert_equal @request_token_string, @response.body
end
end
class OauthControllerTokenAuthorizationTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthController
def setup
@controller = OauthController.new
login
setup_oauth
RequestToken.stubs(:find_by_token).returns(@request_token)
end
def do_get
get :authorize, :oauth_token => @request_token.token
end
def do_post
@request_token.expects(:authorize!).with(@user)
post :authorize,:oauth_token=>@request_token.token,:authorize=>"1"
end
def do_post_without_user_authorization
@request_token.expects(:invalidate!)
post :authorize,:oauth_token=>@request_token.token,:authorize=>"0"
end
def do_post_with_callback
@request_token.expects(:authorize!).with(@user)
post :authorize,:oauth_token=>@request_token.token,:oauth_callback=>"http://application/alternative",:authorize=>"1"
end
def do_post_with_no_application_callback
@request_token.expects(:authorize!).with(@user)
@client_application.stubs(:callback_url).returns(nil)
post :authorize, :oauth_token => @request_token.token, :authorize=>"1"
end
def test_should_be_successful
do_get
assert @response.success?
end
def test_should_query_for_client_application
RequestToken.expects(:find_by_token).returns(@request_token)
do_get
end
def test_should_assign_token
do_get
assert_equal @request_token, assigns(:token)
end
def test_should_render_authorize_template
do_get
assert_template('authorize')
end
def test_should_redirect_to_default_callback
do_post
assert_response :redirect
assert_redirected_to("http://application/callback?oauth_token=#{@request_token.token}")
end
def test_should_redirect_to_callback_in_query
do_post_with_callback
assert_response :redirect
assert_redirected_to("http://application/alternative?oauth_token=#{@request_token.token}")
end
def test_should_be_successful_on_authorize_without_any_application_callback
do_post_with_no_application_callback
assert @response.success?
assert_template('authorize_success')
end
def test_should_render_failure_screen_on_user_invalidation
do_post_without_user_authorization
assert_template('authorize_failure')
end
def test_should_render_failure_screen_if_token_is_invalidated
@request_token.expects(:invalidated?).returns(true)
do_get
assert_template('authorize_failure')
end
end
class OauthControllerGetAccessTokenTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthController
def setup
@controller = OauthController.new
setup_oauth
sign_request_with_oauth @request_token
@request_token.stubs(:exchange!).returns(@access_token)
end
def do_get
get :access_token
end
def test_should_be_successful
do_get
assert @response.success?
end
def test_should_query_for_client_application
ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
do_get
end
def test_should_request_token_from_client_application
@request_token.expects(:exchange!).returns(@access_token)
do_get
end
def test_should__return_token_string
do_get
assert_equal @access_token_string, @response.body
end
end
class OauthorizedController < ApplicationController
before_filter :login_or_oauth_required,:only=>:both
before_filter :login_required,:only=>:interactive
before_filter :oauth_required,:only=>:token_only
def interactive
render :text => "interactive"
end
def token_only
render :text => "token"
end
def both
render :text => "both"
end
end
class OauthControllerAccessControlTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthorizedController
def setup
@controller = OauthorizedController.new
end
def test_should__have_access_token_set_up_correctly
setup_to_authorize_request
assert @access_token.is_a?(AccessToken)
assert @access_token.authorized?
assert !@access_token.invalidated?
assert_equal @user, @access_token.user
assert_equal @client_application, @access_token.client_application
end
def test_should_return_false_for_oauth_by_default
assert_equal false, @controller.send(:oauth?)
end
def test_should_return_nil_for_current_token_by_default
assert_nil @controller.send(:current_token)
end
def test_should_allow_oauth_when_using_login_or_oauth_required
setup_to_authorize_request
sign_request_with_oauth(@access_token)
ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
get :both
assert_equal @access_token, @controller.send(:current_token)
assert @controller.send(:current_token).is_a?(AccessToken)
assert_equal @user, @controller.send(:current_user)
assert_equal @client_application, @controller.send(:current_client_application)
assert_equal '200', @response.code
assert @response.success?
end
def test_should_allow_interactive_when_using_login_or_oauth_required
login
get :both
assert @response.success?
assert_equal @user, @controller.send(:current_user)
assert_nil @controller.send(:current_token)
end
def test_should_allow_oauth_when_using_oauth_required
setup_to_authorize_request
sign_request_with_oauth(@access_token)
ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
get :token_only
assert_equal @access_token, @controller.send(:current_token)
assert_equal @client_application, @controller.send(:current_client_application)
assert_equal @user, @controller.send(:current_user)
assert_equal '200', @response.code
assert @response.success?
end
def test_should_disallow_oauth_using_request_token_when_using_oauth_required
setup_to_authorize_request
ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
sign_request_with_oauth(@request_token)
get :token_only
assert_equal '401', @response.code
end
def test_should_disallow_interactive_when_using_oauth_required
login
get :token_only
assert_equal '401', @response.code
assert_equal @user, @controller.send(:current_user)
assert_nil @controller.send(:current_token)
end
def test_should_disallow_oauth_when_using_login_required
setup_to_authorize_request
sign_request_with_oauth(@access_token)
get :interactive
assert_equal "302",@response.code
assert_nil @controller.send(:current_user)
assert_nil @controller.send(:current_token)
end
def test_should_allow_interactive_when_using_login_required
login
get :interactive
assert @response.success?
assert_equal @user, @controller.send(:current_user)
assert_nil @controller.send(:current_token)
end
end
class OauthControllerRevokeTest < ActionController::TestCase
include OAuthControllerTestHelper
tests OauthController
def setup
@controller = OauthController.new
setup_oauth_for_user
@request_token.stubs(:invalidate!)
end
def do_post
post :revoke, :token => "TOKEN STRING"
end
def test_should_redirect_to_index
do_post
assert_response :redirect
assert_redirected_to('http://test.host/oauth_clients')
end
def test_should_query_current_users_tokens
@tokens.expects(:find_by_token).returns(@request_token)
do_post
end
def test_should_call_invalidate_on_token
@request_token.expects(:invalidate!)
do_post
end
end

115
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller_test_helper.rb vendored Normal file
View file

@ -0,0 +1,115 @@
require "mocha"
module OAuthControllerTestHelper
# Some custom stuff since we're using Mocha
def mock_model(model_class, options_and_stubs = {})
id = rand(10000)
options_and_stubs.reverse_merge! :id => id,
:to_param => id.to_s,
:new_record? => false,
:errors => stub("errors", :count => 0)
m = stub("#{model_class.name}_#{options_and_stubs[:id]}", options_and_stubs)
m.instance_eval <<-CODE
def is_a?(other)
#{model_class}.ancestors.include?(other)
end
def kind_of?(other)
#{model_class}.ancestors.include?(other)
end
def instance_of?(other)
other == #{model_class}
end
def class
#{model_class}
end
CODE
yield m if block_given?
m
end
def mock_full_client_application
mock_model(ClientApplication,
:name => "App1",
:url => "http://app.com",
:callback_url => "http://app.com/callback",
:support_url => "http://app.com/support",
:key => "asd23423yy",
:secret => "secret",
:oauth_server => OAuth::Server.new("http://kowabunga.com")
)
end
def login
@controller.stubs(:local_request?).returns(true)
@user = mock_model(User, :login => "ron")
@controller.stubs(:current_user).returns(@user)
@tokens=[]
@tokens.stubs(:find).returns(@tokens)
@user.stubs(:tokens).returns(@tokens)
User.stubs(:find_by_id).returns(@user)
end
def login_as_application_owner
login
@client_application = mock_full_client_application
@client_applications = [@client_application]
@user.stubs(:client_applications).returns(@client_applications)
@client_applications.stubs(:find).returns(@client_application)
end
def setup_oauth
@controller.stubs(:local_request?).returns(true)
@user||=mock_model(User)
User.stubs(:find_by_id).returns(@user)
@server=OAuth::Server.new "http://test.host"
@consumer=OAuth::Consumer.new('key','secret',{:site=>"http://test.host"})
@client_application = mock_full_client_application
@controller.stubs(:current_client_application).returns(@client_application)
ClientApplication.stubs(:find_by_key).returns(@client_application)
@client_application.stubs(:key).returns(@consumer.key)
@client_application.stubs(:secret).returns(@consumer.secret)
@client_application.stubs(:name).returns("Client Application name")
@client_application.stubs(:callback_url).returns("http://application/callback")
@request_token=mock_model(RequestToken,:token=>'request_token',:client_application=>@client_application,:secret=>"request_secret",:user=>@user)
@request_token.stubs(:invalidated?).returns(false)
ClientApplication.stubs(:find_token).returns(@request_token)
@request_token_string="oauth_token=request_token&oauth_token_secret=request_secret"
@request_token.stubs(:to_query).returns(@request_token_string)
@access_token=mock_model(AccessToken,:token=>'access_token',:client_application=>@client_application,:secret=>"access_secret",:user=>@user)
@access_token.stubs(:invalidated?).returns(false)
@access_token.stubs(:authorized?).returns(true)
@access_token_string="oauth_token=access_token&oauth_token_secret=access_secret"
@access_token.stubs(:to_query).returns(@access_token_string)
@client_application.stubs(:authorize_request?).returns(true)
# @client_application.stubs(:sign_request_with_oauth_token).returns(@request_token)
@client_application.stubs(:exchange_for_access_token).returns(@access_token)
end
def setup_oauth_for_user
login
setup_oauth
@tokens=[@request_token]
@tokens.stubs(:find).returns(@tokens)
@tokens.stubs(:find_by_token).returns(@request_token)
@user.stubs(:tokens).returns(@tokens)
end
def sign_request_with_oauth(token=nil)
ActionController::TestRequest.use_oauth=true
@request.configure_oauth(@consumer, token)
end
def setup_to_authorize_request
setup_oauth
OauthToken.stubs(:find_by_token).with( @access_token.token).returns(@access_token)
@access_token.stubs(:is_a?).returns(true)
end
end

5
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/edit.html.erb vendored Normal file
View file

@ -0,0 +1,5 @@
<h1>Edit your application</h1>
<%% form_for :client_application do |f| %>
<%%= render :partial => "form", :locals => { :f => f } %>
<%%= submit_tag "Edit" %>
<%% end %>

2
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/helper.rb vendored Normal file
View file

@ -0,0 +1,2 @@
module OauthHelper
end

40
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/index.html.erb vendored Normal file
View file

@ -0,0 +1,40 @@
<div class="flash"><%%= flash[:notice] %></div>
<h1>OAuth Client Applications</h1>
<%% unless @tokens.empty? %>
<p>The following tokens have been issued to applications in your name</p>
<table>
<tr><th>Application</th><th>Issued</th><th>&nbsp;</th></tr>
<%% @tokens.each do |token|%>
<%% content_tag_for :tr, token do %>
<td><%%= link_to token.client_application.name, token.client_application.url %></td>
<td><%%= token.authorized_at %></td>
<td>
<%% form_tag :controller => 'oauth', :action => 'revoke' do %>
<%%= hidden_field_tag 'token', token.token %>
<%%= submit_tag "Revoke!" %>
<%% end %>
</td>
<%% end %>
<%% end %>
</table>
<%% end %>
<h3>Application Developers</h3>
<%% if @client_applications.empty? %>
<p>
Do you have an application you would like to register for use with us using the <a href="http://oauth.net">OAuth</a> standard?
</p>
<p>
You must register your web application before it can make OAuth requests to this service
</p>
<%% else %>
<p>
You have the following client applications registered:
</p>
<%% @client_applications.each do |client|%>
<%% div_for client do %>
<%%= link_to client.name, :action => :show, :id => client.id %>
<%% end %>
<%% end %>
<%% end %>
<h3><%%= link_to "Register your application", :action => :new %></h3>

44
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/migration.rb vendored Normal file
View file

@ -0,0 +1,44 @@
class CreateOauthTables < ActiveRecord::Migration
def self.up
create_table :client_applications do |t|
t.string :name
t.string :url
t.string :support_url
t.string :callback_url
t.string :key, :limit => 50
t.string :secret, :limit => 50
t.integer :user_id
t.timestamps
end
add_index :client_applications, :key, :unique
create_table :oauth_tokens do |t|
t.integer :user_id
t.string :type, :limit => 20
t.integer :client_application_id
t.string :token, :limit => 50
t.string :secret, :limit => 50
t.timestamp :authorized_at, :invalidated_at
t.timestamps
end
add_index :oauth_tokens, :token, :unique
create_table :oauth_nonces do |t|
t.string :nonce
t.integer :timestamp
t.timestamps
end
add_index :oauth_nonces,[:nonce, :timestamp], :unique
end
def self.down
drop_table :client_applications
drop_table :oauth_tokens
drop_table :oauth_nonces
end
end

5
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/new.html.erb vendored Normal file
View file

@ -0,0 +1,5 @@
<h1>Register a new application</h1>
<%% form_for :client_application, :url => { :action => :create } do |f| %>
<%%= render :partial => "form", :locals => { :f => f } %>
<%%= submit_tag "Register" %>
<%% end %>

13
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_nonce.rb vendored Normal file
View file

@ -0,0 +1,13 @@
# Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
# Thus you can use the same nonce with a different timestamp and viceversa.
class OauthNonce < ActiveRecord::Base
validates_presence_of :nonce, :timestamp
validates_uniqueness_of :nonce, :scope => :timestamp
# Remembers a nonce and it's associated timestamp. It returns false if it has already been used
def self.remember(nonce, timestamp)
oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
return false if oauth_nonce.new_record?
oauth_nonce
end
end

24
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_nonce_spec.rb vendored Normal file
View file

@ -0,0 +1,24 @@
require File.dirname(__FILE__) + '/../spec_helper'
require 'oauth/helper'
describe OauthNonce do
include OAuth::Helper
before(:each) do
@oauth_nonce = OauthNonce.remember(generate_key, Time.now.to_i)
end
it "should be valid" do
@oauth_nonce.should be_valid
end
it "should not have errors" do
@oauth_nonce.errors.full_messages.should == []
end
it "should not be a new record" do
@oauth_nonce.should_not be_new_record
end
it "should not allow a second one with the same values" do
OauthNonce.remember(@oauth_nonce.nonce,@oauth_nonce.timestamp).should == false
end
end

26
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_nonce_test.rb vendored Normal file
View file

@ -0,0 +1,26 @@
require 'oauth/helper'
require File.dirname(__FILE__) + '/../test_helper'
class ClientNoneTest < ActiveSupport::TestCase
include OAuth::Helper
def setup
@oauth_nonce = OauthNonce.remember(generate_key,Time.now.to_i)
end
def test_should_be_valid
assert @oauth_nonce.valid?
end
def test_should_not_have_errors
assert_equal [], @oauth_nonce.errors.full_messages
end
def test_should_not_be_a_new_record
assert !@oauth_nonce.new_record?
end
def test_shuold_not_allow_a_second_one_with_the_same_values
assert_equal false, OauthNonce.remember(@oauth_nonce.nonce, @oauth_nonce.timestamp)
end
end

13
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_nonces.yml vendored Normal file
View file

@ -0,0 +1,13 @@
# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
one:
id: 1
nonce: a_nonce
timestamp: 1
created_at: 2007-11-25 17:27:04
updated_at: 2007-11-25 17:27:04
two:
id: 2
nonce: b_nonce
timestamp: 2
created_at: 2007-11-25 17:27:04
updated_at: 2007-11-25 17:27:04

31
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_token.rb vendored Normal file
View file

@ -0,0 +1,31 @@
class OauthToken < ActiveRecord::Base
belongs_to :client_application
belongs_to :user
validates_uniqueness_of :token
validates_presence_of :client_application, :token, :secret
before_validation_on_create :generate_keys
def invalidated?
invalidated_at != nil
end
def invalidate!
update_attribute(:invalidated_at, Time.now)
end
def authorized?
authorized_at != nil && !invalidated?
end
def to_query
"oauth_token=#{token}&oauth_token_secret=#{secret}"
end
protected
def generate_keys
@oauth_token = client_application.oauth_server.generate_credentials
self.token = @oauth_token[0]
self.secret = @oauth_token[1]
end
end

55
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_token_spec.rb vendored Normal file
View file

@ -0,0 +1,55 @@
require File.dirname(__FILE__) + '/../spec_helper'
describe RequestToken do
fixtures :client_applications, :users, :oauth_tokens
before(:each) do
@token = RequestToken.create :client_application => client_applications(:one)
end
it "should be valid" do
@token.should be_valid
end
it "should not have errors" do
@token.errors.should_not == []
end
it "should have a token" do
@token.token.should_not be_nil
end
it "should have a secret" do
@token.secret.should_not be_nil
end
it "should not be authorized" do
@token.should_not be_authorized
end
it "should not be invalidated" do
@token.should_not be_invalidated
end
it "should authorize request" do
@token.authorize!(users(:quentin))
@token.should be_authorized
@token.authorized_at.should_not be_nil
@token.user.should == users(:quentin)
end
it "should not exchange without approval" do
@token.exchange!.should == false
@token.should_not be_invalidated
end
it "should not exchange without approval" do
@token.authorize!(users(:quentin))
@access = @token.exchange!
@access.should_not == false
@token.should be_invalidated
@access.user.should == users(:quentin)
@access.should be_authorized
end
end

57
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_token_test.rb vendored Normal file
View file

@ -0,0 +1,57 @@
require File.dirname(__FILE__) + '/../test_helper'
class RequestTokenTest < ActiveSupport::TestCase
fixtures :client_applications, :users, :oauth_tokens
def setup
@token = RequestToken.create :client_application=>client_applications(:one)
end
def test_should_be_valid
assert @token.valid?
end
def test_should_not_have_errors
assert @token.errors.empty?
end
def test_should_have_a_token
assert_not_nil @token.token
end
def test_should_have_a_secret
assert_not_nil @token.secret
end
def test_should_not_be_authorized
assert !@token.authorized?
end
def test_should_not_be_invalidated
assert !@token.invalidated?
end
def test_should_authorize_request
@token.authorize!(users(:quentin))
assert @token.authorized?
assert_not_nil @token.authorized_at
assert_equal users(:quentin), @token.user
end
def test_should_not_exchange_without_approval
assert_equal false, @token.exchange!
assert_equal false, @token.invalidated?
end
def test_should_not_exchange_without_approval
@token.authorize!(users(:quentin))
@access = @token.exchange!
assert_not_equal false, @access
assert @token.invalidated?
assert_equal users(:quentin), @access.user
assert @access.authorized?
end
end

17
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/oauth_tokens.yml vendored Normal file
View file

@ -0,0 +1,17 @@
# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
one:
id: 1
user_id: 1
client_application_id: 1
token: one
secret: MyString
created_at: 2007-11-19 07:31:46
updated_at: 2007-11-19 07:31:46
two:
id: 2
user_id: 1
client_application_id: 1
token: two
secret: MyString
created_at: 2007-11-19 07:31:46
updated_at: 2007-11-19 07:31:46

17
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/request_token.rb vendored Normal file
View file

@ -0,0 +1,17 @@
class RequestToken < OauthToken
def authorize!(user)
return false if authorized?
self.user = user
self.authorized_at = Time.now
self.save
end
def exchange!
return false unless authorized?
RequestToken.transaction do
access_token = AccessToken.create(:user => user, :client_application => client_application)
invalidate!
access_token
end
end
end

20
vendor/plugins/oauth-plugin/generators/oauth_provider/templates/show.html.erb vendored Normal file
View file

@ -0,0 +1,20 @@
<h1>OAuth details for <%%=@client_application.name %></h1>
<p>
<b>Consumer Key:</b> <%%=@client_application.key %>
</p>
<p>
<b>Consumer Secret:</b> <%%=@client_application.secret %>
</p>
<p>
<b>Request Token URL</b> http<%%='s' if request.ssl? %>://<%%= request.host_with_port %><%%=@client_application.oauth_server.request_token_path %>
</p>
<p>
<b>Access Token URL</b> http<%%='s' if request.ssl? %>://<%%= request.host_with_port %><%%=@client_application.oauth_server.access_token_path %>
</p>
<p>
<b>Authorize URL</b> http<%%='s' if request.ssl? %>://<%%= request.host_with_port %><%%=@client_application.oauth_server.authorize_path %>
</p>
<p>
We support hmac-sha1 (recommended) as well as plain text in ssl mode.
</p>