├── .autotest ├── .gitignore ├── .rspec ├── .watchr.rb ├── CHANGELOG.rdoc ├── Gemfile ├── Gemfile.lock ├── README.rdoc ├── Rakefile ├── VERSION ├── app ├── controllers │ ├── accesses_controller.rb │ ├── application_controller.rb │ ├── clients_controller.rb │ ├── oauth │ │ ├── oauth_authorize_controller.rb │ │ └── oauth_token_controller.rb │ ├── pastas_controller.rb │ ├── pizzas_controller.rb │ ├── scopes_controller.rb │ ├── sessions_controller.rb │ └── users_controller.rb ├── helpers │ ├── accesses_helper.rb │ ├── application_helper.rb │ ├── clients_helper.rb │ ├── oauth_accesses_helper.rb │ ├── oauth_helper.rb │ ├── scopes_helper.rb │ ├── sessions_helper.rb │ └── users_helper.rb ├── models │ ├── client.rb │ ├── oauth │ │ ├── oauth_access.rb │ │ ├── oauth_authorization.rb │ │ ├── oauth_daily_request.rb │ │ ├── oauth_refresh_token.rb │ │ └── oauth_token.rb │ ├── scope.rb │ └── user.rb └── views │ ├── accesses │ ├── index.html.erb │ └── show.html.erb │ ├── clients │ ├── _form.html.erb │ ├── edit.html.erb │ ├── index.html.erb │ ├── new.html.erb │ └── show.html.erb │ ├── layouts │ └── application.html.erb │ ├── oauth │ ├── authorize.html.erb │ └── token.json.erb │ ├── scopes │ ├── _form.html.erb │ ├── edit.html.erb │ ├── index.html.erb │ ├── new.html.erb │ └── show.html.erb │ ├── sessions │ └── new.html.erb │ ├── shared │ ├── 403.json.erb │ ├── 404.json.erb │ ├── 422.json.erb │ ├── 500.json.erb │ └── html │ │ ├── 404.html.erb │ │ └── 422.html.erb │ └── users │ ├── _form.html.erb │ ├── edit.html.erb │ ├── index.html.erb │ ├── new.html.erb │ └── show.html.erb ├── config.ru ├── config ├── application.rb ├── boot.rb ├── cucumber.yml ├── environment.rb ├── environments │ ├── development.rb │ ├── production.rb │ └── test.rb ├── initializers │ ├── backtrace_silencers.rb │ ├── capybara_headers_hack.rb │ ├── inflections.rb │ ├── lely_array_normalize.rb │ ├── lely_base_document.rb │ ├── lely_rescue_helper.rb │ ├── mime_types.rb │ ├── oauth_scope.rb │ ├── oauth_settings.rb │ ├── secret_token.rb │ └── session_store.rb ├── locales │ └── en.yml ├── mongoid.yml ├── oauth.yml └── routes.rb ├── db └── seeds.rb ├── doc └── README_FOR_APP ├── lib └── tasks │ ├── .gitkeep │ ├── cucumber.rake │ └── watchr.rake ├── public ├── 404.html ├── 422.html ├── 500.html ├── favicon.ico ├── images │ ├── help-us.png │ ├── help-us.psd │ └── screenshots │ │ ├── access.png │ │ ├── admin-dashboard.png │ │ ├── all-scope.png │ │ ├── authorization.png │ │ ├── block-clients.png │ │ ├── client-show.png │ │ ├── first-user-creation.png │ │ ├── pizzas-scope.png │ │ └── scopes.png ├── javascripts │ ├── application.js │ ├── highcharts.js │ ├── jquery.js │ ├── jquery.min.js │ ├── jquery.tagsinput.js │ └── rails.js ├── robots.txt └── stylesheets │ ├── .gitkeep │ ├── gh-buttons.css │ ├── gh-icons.png │ ├── jquery.tagsinput.css │ ├── reset.css │ └── template.css ├── script ├── cucumber └── rails ├── spec ├── acceptance │ ├── acceptance_helper.rb │ ├── accesses_controller_spec.rb │ ├── clients_controller_spec.rb │ ├── oauth │ │ ├── oauth_authorize_controller_spec.rb │ │ └── oauth_token_controller_spec.rb │ ├── resource_controller_spec.rb │ ├── scopes_controller_spec.rb │ ├── support │ │ ├── helpers.rb │ │ ├── paths.rb │ │ └── view_helpers.rb │ └── users_controller_spec.rb ├── controllers │ ├── pastas_controller_spec.rb │ └── pizzas_controller_spec.rb ├── extras │ └── scope_spec.rb ├── factories │ └── oauth.rb ├── models │ ├── oauth │ │ ├── client_spec.rb │ │ ├── oauth_access_spec.rb │ │ ├── oauth_authorization_spec.rb │ │ ├── oauth_daily_request_spec.rb │ │ ├── oauth_refresh_token_spec.rb │ │ └── oauth_token_spec.rb │ ├── scope_spec.rb │ └── user_spec.rb ├── spec_helper.rb └── support │ └── settings_helper.rb └── vendor └── plugins └── .gitkeep /.autotest: -------------------------------------------------------------------------------- 1 | require "autotest/growl" 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .bundle 2 | db/*.sqlite3 3 | log/*.log 4 | tmp/**/* 5 | config/database.yml 6 | *.DS_Store 7 | *.swp 8 | .rvmrc 9 | 10 | -------------------------------------------------------------------------------- /.rspec: -------------------------------------------------------------------------------- 1 | --format Fuubar 2 | --colour 3 | -------------------------------------------------------------------------------- /.watchr.rb: -------------------------------------------------------------------------------- 1 | # -------------- 2 | # Running Spec 3 | # -------------- 4 | 5 | def run_spec(file) 6 | unless File.exist?(file) 7 | puts "#{file} does not exist" 8 | return 9 | end 10 | 11 | run_spec_cmd(file) 12 | end 13 | 14 | def run_spec_cmd(cmd) 15 | puts "Running #{cmd}" 16 | system "bundle exec rspec #{cmd}" 17 | end 18 | 19 | # -------------- 20 | # Autodetection 21 | # -------------- 22 | 23 | # Spec tests 24 | watch("spec/.*/*_spec\.rb") do |match| 25 | run_spec match[0] 26 | end 27 | 28 | # Models tests 29 | watch("app/models/(.*/.*)\.rb") do |match| 30 | run_spec %{spec/models/#{match[1]}_spec.rb} 31 | end 32 | 33 | # Acceptance tests for every controller (not the 34 | # best solution, but it works pretty well) 35 | watch("app/controllers/(.*/.*)\.rb") do |match| 36 | exclusions = ["controllers/application_controller"] 37 | unless exclusions.include? match[1] 38 | run_spec %{spec/acceptance/#{match[1]}_spec.rb} 39 | end 40 | end 41 | 42 | # ---------------- 43 | # Signal Handling 44 | # ---------------- 45 | 46 | @second_int = false 47 | 48 | # Run acceptance tests (Ctrl-\) 49 | Signal.trap('QUIT') do 50 | run_spec "spec/acceptance/" 51 | end 52 | 53 | # Run all tests (Ctrl-c) 54 | Signal.trap 'INT' do 55 | check_exit # exit (double Ctrl-c) 56 | #@second_int = true 57 | run_spec "spec/" 58 | end 59 | 60 | def check_exit 61 | exit if @second_int 62 | end 63 | -------------------------------------------------------------------------------- /CHANGELOG.rdoc: -------------------------------------------------------------------------------- 1 | = Changelog 2 | 3 | 4 | == Release v0.3.1 (2011/04/22) 5 | 6 | * Added documentation with screenshots 7 | * Added tag system on scope definition 8 | * Added basic graph with access token stats 9 | 10 | 11 | == Release v0.3.0 (2011/04/21) 12 | 13 | * Added refined UI for the dashboard section 14 | * Updated documentation 15 | 16 | 17 | == Release v0.2.3 (2011/04/19) 18 | 19 | * Added redirect to last URI before logging in 20 | * Added functionality to block the access of a user resource in 21 | behalf of a specific client 22 | * Added client access and stats to every user in the dashboard 23 | * Added functionality to block a client (only admin can do this) 24 | * Added UI to automatically set admin the first user which 25 | register into the OAuth Server 26 | * Added autoupdate of scopes to all clients when one of them 27 | changes 28 | 29 | 30 | == Release v0.2.2 (2011/04/18) 31 | 32 | * Added documentation on scope definition, action authorization, testing 33 | framework and oauth flow testing code. 34 | 35 | 36 | == Release v0.2.1 (2011/04/15) 37 | 38 | * Added bearer token protection simply adding the filter 39 | before_filter :oauth_authorized on the conrtoller 40 | * Added dynamic scope setting. Now is possible to set the 41 | scopes directly in the admin interface, and easily protect 42 | every method inside a controller. 43 | * Added dashboard for admin to add scopes and monitor all 44 | registered users 45 | * Added dashboard to control and create clients 46 | * Added dashboard to edit user info 47 | 48 | 49 | == Release v0.2.0 (2011/04/06) 50 | 51 | * Added refresh token mechanisms 52 | * Removed unuseful gems 53 | * Changed denied message from access=denied to error=access_denied 54 | * Introduced test to block of single token (idea of logout) 55 | * Changed oauth/authorize with /oauth/authorization to make sistem more REST 56 | * Redefinition of all documentation, more simple and complete 57 | 58 | 59 | == Release v0.1.1 (2011/03/29) 60 | 61 | * Added documentation explaining the authorization flows 62 | 63 | 64 | == Release v0.1.0 (2011/03/29) 65 | 66 | * Added documentation explaining the existing flows 67 | * Added OAuth2 server with acceptance tests 68 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'http://rubygems.org' 2 | 3 | gem 'rails', '3.0.5' 4 | gem 'mongoid', '2.0.0.beta.20' 5 | gem 'bson_ext' 6 | gem 'yajl-ruby' 7 | gem 'will_paginate' 8 | gem 'rack-ssl' 9 | gem "bcrypt-ruby", :require => "bcrypt" 10 | gem 'validate_url', '0.1.6' 11 | gem 'email_validator' 12 | gem 'chronic' 13 | gem 'jquery-rails' 14 | 15 | group :development, :test do 16 | gem 'debugger' 17 | gem 'rspec-rails', '2.4.1' 18 | gem 'steak' 19 | gem 'capybara' 20 | gem 'selenium-client' 21 | gem 'selenium-webdriver' 22 | gem 'launchy' 23 | gem 'shoulda' 24 | gem 'factory_girl_rails', '1.1.beta1' 25 | gem 'webrat' 26 | gem 'autotest' 27 | gem 'autotest-growl' 28 | gem 'database_cleaner' 29 | gem 'fuubar' 30 | gem 'watchr' 31 | gem 'delorean' 32 | gem 'rspec-set' 33 | end 34 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: http://rubygems.org/ 3 | specs: 4 | ZenTest (4.5.0) 5 | abstract (1.0.0) 6 | actionmailer (3.0.5) 7 | actionpack (= 3.0.5) 8 | mail (~> 2.2.15) 9 | actionpack (3.0.5) 10 | activemodel (= 3.0.5) 11 | activesupport (= 3.0.5) 12 | builder (~> 2.1.2) 13 | erubis (~> 2.6.6) 14 | i18n (~> 0.4) 15 | rack (~> 1.2.1) 16 | rack-mount (~> 0.6.13) 17 | rack-test (~> 0.5.7) 18 | tzinfo (~> 0.3.23) 19 | activemodel (3.0.5) 20 | activesupport (= 3.0.5) 21 | builder (~> 2.1.2) 22 | i18n (~> 0.4) 23 | activerecord (3.0.5) 24 | activemodel (= 3.0.5) 25 | activesupport (= 3.0.5) 26 | arel (~> 2.0.2) 27 | tzinfo (~> 0.3.23) 28 | activeresource (3.0.5) 29 | activemodel (= 3.0.5) 30 | activesupport (= 3.0.5) 31 | activesupport (3.0.5) 32 | arel (2.0.9) 33 | autotest (4.4.6) 34 | ZenTest (>= 4.4.1) 35 | autotest-growl (0.2.9) 36 | bcrypt-ruby (2.1.4) 37 | bson (1.3.0) 38 | bson_ext (1.3.0) 39 | builder (2.1.2) 40 | capybara (0.4.1.2) 41 | celerity (>= 0.7.9) 42 | culerity (>= 0.2.4) 43 | mime-types (>= 1.16) 44 | nokogiri (>= 1.3.3) 45 | rack (>= 1.0.0) 46 | rack-test (>= 0.5.4) 47 | selenium-webdriver (>= 0.0.27) 48 | xpath (~> 0.1.3) 49 | celerity (0.8.9) 50 | chalofa_ruby-progressbar (0.0.9.1) 51 | childprocess (0.1.8) 52 | ffi (~> 1.0.6) 53 | chronic (0.3.0) 54 | columnize (0.3.6) 55 | configuration (1.2.0) 56 | culerity (0.2.15) 57 | database_cleaner (0.6.6) 58 | debugger (1.1.2) 59 | columnize (>= 0.3.1) 60 | debugger-linecache (~> 1.1) 61 | debugger-ruby_core_source (~> 1.1) 62 | debugger-linecache (1.1.1) 63 | debugger-ruby_core_source (>= 1.1.1) 64 | debugger-ruby_core_source (1.1.2) 65 | delorean (1.0.0) 66 | chronic 67 | diff-lcs (1.1.3) 68 | email_validator (1.0.0) 69 | erubis (2.6.6) 70 | abstract (>= 1.0.0) 71 | factory_girl (2.0.0.beta2) 72 | factory_girl_rails (1.1.beta1) 73 | factory_girl (~> 2.0.0.beta) 74 | rails (>= 3.0.0) 75 | ffi (1.0.11) 76 | fuubar (0.0.4) 77 | chalofa_ruby-progressbar (~> 0.0.9) 78 | rspec (~> 2.0) 79 | rspec-instafail (~> 0.1.4) 80 | i18n (0.5.0) 81 | jquery-rails (0.2.7) 82 | rails (~> 3.0) 83 | thor (~> 0.14.4) 84 | json_pure (1.5.1) 85 | launchy (0.4.0) 86 | configuration (>= 0.0.5) 87 | rake (>= 0.8.1) 88 | mail (2.2.15) 89 | activesupport (>= 2.3.6) 90 | i18n (>= 0.4.0) 91 | mime-types (~> 1.16) 92 | treetop (~> 1.4.8) 93 | mime-types (1.16) 94 | mongo (1.3.0) 95 | bson (>= 1.3.0) 96 | mongoid (2.0.0.beta.20) 97 | activemodel (~> 3.0) 98 | mongo (~> 1.1) 99 | tzinfo (~> 0.3.22) 100 | will_paginate (~> 3.0.pre) 101 | nokogiri (1.5.2) 102 | polyglot (0.3.1) 103 | rack (1.2.5) 104 | rack-mount (0.6.14) 105 | rack (>= 1.0.0) 106 | rack-ssl (1.3.2) 107 | rack 108 | rack-test (0.5.7) 109 | rack (>= 1.0) 110 | rails (3.0.5) 111 | actionmailer (= 3.0.5) 112 | actionpack (= 3.0.5) 113 | activerecord (= 3.0.5) 114 | activeresource (= 3.0.5) 115 | activesupport (= 3.0.5) 116 | bundler (~> 1.0) 117 | railties (= 3.0.5) 118 | railties (3.0.5) 119 | actionpack (= 3.0.5) 120 | activesupport (= 3.0.5) 121 | rake (>= 0.8.7) 122 | thor (~> 0.14.4) 123 | rake (0.9.2.2) 124 | rspec (2.4.0) 125 | rspec-core (~> 2.4.0) 126 | rspec-expectations (~> 2.4.0) 127 | rspec-mocks (~> 2.4.0) 128 | rspec-core (2.4.0) 129 | rspec-expectations (2.4.0) 130 | diff-lcs (~> 1.1.2) 131 | rspec-instafail (0.1.7) 132 | rspec-mocks (2.4.0) 133 | rspec-rails (2.4.1) 134 | actionpack (~> 3.0) 135 | activesupport (~> 3.0) 136 | railties (~> 3.0) 137 | rspec (~> 2.4.0) 138 | rspec-set (0.0.1) 139 | rspec (>= 2) 140 | rubyzip (0.9.4) 141 | selenium-client (1.2.18) 142 | selenium-webdriver (0.1.4) 143 | childprocess (>= 0.1.7) 144 | ffi (>= 1.0.7) 145 | json_pure 146 | rubyzip 147 | shoulda (2.11.3) 148 | steak (1.1.0) 149 | rspec (>= 1.3) 150 | thor (0.14.6) 151 | treetop (1.4.9) 152 | polyglot (>= 0.3.1) 153 | tzinfo (0.3.26) 154 | validate_url (0.1.6) 155 | activemodel (>= 3.0.0) 156 | watchr (0.7) 157 | webrat (0.7.3) 158 | nokogiri (>= 1.2.0) 159 | rack (>= 1.0) 160 | rack-test (>= 0.5.3) 161 | will_paginate (3.0.pre2) 162 | xpath (0.1.3) 163 | nokogiri (~> 1.3) 164 | yajl-ruby (0.8.2) 165 | 166 | PLATFORMS 167 | ruby 168 | 169 | DEPENDENCIES 170 | autotest 171 | autotest-growl 172 | bcrypt-ruby 173 | bson_ext 174 | capybara 175 | chronic 176 | database_cleaner 177 | debugger 178 | delorean 179 | email_validator 180 | factory_girl_rails (= 1.1.beta1) 181 | fuubar 182 | jquery-rails 183 | launchy 184 | mongoid (= 2.0.0.beta.20) 185 | rack-ssl 186 | rails (= 3.0.5) 187 | rspec-rails (= 2.4.1) 188 | rspec-set 189 | selenium-client 190 | selenium-webdriver 191 | shoulda 192 | steak 193 | validate_url (= 0.1.6) 194 | watchr 195 | webrat 196 | will_paginate 197 | yajl-ruby 198 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | require 'rake' 6 | 7 | Lelylan::Application.load_tasks 8 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | v0.3.1 2 | -------------------------------------------------------------------------------- /app/controllers/accesses_controller.rb: -------------------------------------------------------------------------------- 1 | class AccessesController < ApplicationController 2 | 3 | before_filter :find_accesses 4 | before_filter :find_access, except: "index" 5 | 6 | def index 7 | end 8 | 9 | def show 10 | end 11 | 12 | def block 13 | @access.block! 14 | redirect_to accesses_url 15 | end 16 | 17 | def unblock 18 | @access.unblock! 19 | redirect_to accesses_url 20 | end 21 | 22 | 23 | private 24 | 25 | def find_accesses 26 | @accesses = OauthAccess.where(resource_owner_uri: current_user.uri) 27 | end 28 | 29 | def find_access 30 | @access = @accesses.id(params[:id]).first 31 | unless @access 32 | redirect_to root_path, alert: "Resource not found." 33 | end 34 | end 35 | 36 | # TODO: change this behavior with a simple redirect 37 | def resource_not_found 38 | flash.now.alert = "notifications.document.not_found" 39 | @info = { id: params[:id] } 40 | render "shared/html/404" and return 41 | end 42 | 43 | end 44 | -------------------------------------------------------------------------------- /app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | include Lelylan::Rescue::Helpers 3 | 4 | protect_from_forgery 5 | 6 | before_filter :authenticate 7 | helper_method :current_user 8 | helper_method :admin_does_not_exist 9 | 10 | rescue_from BSON::InvalidObjectId, with: :bson_invalid_object_id 11 | rescue_from JSON::ParserError, with: :json_parse_error 12 | rescue_from Mongoid::Errors::InvalidType, with: :mongoid_errors_invalid_type 13 | 14 | protected 15 | 16 | def json_body 17 | @body = HashWithIndifferentAccess.new(JSON.parse(request.body.read.to_s)) 18 | end 19 | 20 | def authenticate 21 | if api_request 22 | # oauth_authorized # uncomment to make all json API protected 23 | else 24 | session_auth 25 | end 26 | end 27 | 28 | def api_request 29 | json? 30 | end 31 | 32 | def json? 33 | request.format == "application/json" 34 | end 35 | 36 | def session_auth 37 | @current_user ||= User.criteria.id(session[:user_id]).first if session[:user_id] 38 | unless current_user 39 | session[:back] = request.url 40 | redirect_to(log_in_path) and return false 41 | end 42 | return @current_user 43 | end 44 | 45 | def current_user 46 | @current_user 47 | end 48 | 49 | def oauth_authorized 50 | action = params[:controller] + "/" + params[:action] 51 | normalize_token 52 | @token = OauthToken.where(token: params[:token]).all_in(scope: [action]).first 53 | if @token.nil? or @token.blocked? 54 | render text: "Unauthorized access.", status: 401 55 | return false 56 | else 57 | access = OauthAccess.where(client_uri: @token.client_uri , resource_owner_uri: @token.resource_owner_uri).first 58 | access.accessed! 59 | end 60 | end 61 | 62 | def normalize_token 63 | # Token in the body 64 | if (json_body and @body[:token]) 65 | params[:token] = @body[:token] 66 | end 67 | # Token in the header 68 | if request.env["Authorization"] 69 | params[:token] = request.env["Authorization"].split(" ").last 70 | end 71 | end 72 | 73 | def admin_does_not_exist 74 | User.where(admin: true).first.nil? 75 | end 76 | 77 | end 78 | -------------------------------------------------------------------------------- /app/controllers/clients_controller.rb: -------------------------------------------------------------------------------- 1 | class ClientsController < ApplicationController 2 | before_filter :find_clients 3 | before_filter :find_client, only: ["show", "edit", "update", "destroy", "block", "unblock"] 4 | before_filter :normalize_scope, only: ["create", "update"] 5 | before_filter :admin?, only: ["block", "unblock"] 6 | 7 | def index 8 | end 9 | 10 | def show 11 | end 12 | 13 | def new 14 | @client = Client.new 15 | @client.scope = ["all"] 16 | end 17 | 18 | def create 19 | @client = Client.new(params[:client]) 20 | @client.created_from = current_user.uri 21 | @client.uri = @client.base_uri(request) 22 | @client.scope_values = Oauth.normalize_scope(params[:client][:scope].clone) 23 | 24 | if @client.save 25 | redirect_to @client, notice: "Resource was successfully created." 26 | else 27 | render "new" 28 | end 29 | end 30 | 31 | def edit 32 | end 33 | 34 | def update 35 | @client.scope = params[:client][:scope] 36 | @client.scope_values = Oauth.normalize_scope(params[:client][:scope].clone) 37 | 38 | if @client.update_attributes(params[:client]) 39 | flash.now.notice = "Resource was successfully updated." 40 | render "show" 41 | else 42 | render action: "edit" 43 | end 44 | end 45 | 46 | def destroy 47 | @client.destroy 48 | redirect_to(clients_url, notice: "Resource was successfully destroyed.") 49 | end 50 | 51 | # TODO: this is not REST way 52 | def block 53 | @client.block! 54 | redirect_to clients_url 55 | end 56 | 57 | def unblock 58 | @client.unblock! 59 | redirect_to clients_url 60 | end 61 | 62 | 63 | private 64 | 65 | def find_clients 66 | if current_user.admin? 67 | @clients = Client.criteria 68 | else 69 | @clients = Client.where(created_from: current_user.uri) 70 | end 71 | end 72 | 73 | def find_client 74 | @client = @clients.id(params[:id]).first 75 | unless @client 76 | redirect_to root_path, alert: "Resource not found." 77 | end 78 | end 79 | 80 | def normalize_scope 81 | params[:client][:scope] = params[:client][:scope].split(Oauth.settings["scope_separator"]) 82 | end 83 | 84 | def admin? 85 | unless current_user.admin? 86 | flash.alert = "Unauthorized access." 87 | redirect_to root_path 88 | return false 89 | end 90 | end 91 | 92 | end 93 | -------------------------------------------------------------------------------- /app/controllers/oauth/oauth_authorize_controller.rb: -------------------------------------------------------------------------------- 1 | class Oauth::OauthAuthorizeController < ApplicationController 2 | 3 | before_filter :authenticate 4 | before_filter :normalize_scope 5 | before_filter :find_client 6 | before_filter :check_scope # check if the access is authorized 7 | before_filter :client_blocked? # check if the client is blocked 8 | before_filter :access_blocked? # check if user has blocked the client 9 | 10 | before_filter :token_blocked?, only: :show # check for an existing token 11 | before_filter :refresh_token, only: :show # create a new token 12 | 13 | 14 | def show 15 | render "/oauth/authorize" and return 16 | end 17 | 18 | def create 19 | @client.granted! 20 | 21 | # section 4.1.1 - authorization code flow 22 | if params[:response_type] == "code" 23 | @authorization = OauthAuthorization.create(client_uri: @client.uri, resource_owner_uri: current_user.uri, scope: params[:scope]) 24 | redirect_to authorization_redirect_uri(@client, @authorization, params[:state]) 25 | end 26 | 27 | # section 4.2.1 - implicit grant flow 28 | if params[:response_type] == "token" 29 | @token = OauthToken.create(client_uri: @client.uri, resource_owner_uri: current_user.uri, scope: params[:scope]) 30 | redirect_to implicit_redirect_uri(@client, @token, params[:state]) 31 | end 32 | end 33 | 34 | def destroy 35 | @client.revoked! 36 | redirect_to deny_redirect_uri(params[:response_type], params[:state]) 37 | end 38 | 39 | 40 | private 41 | 42 | def normalize_scope 43 | params[:scope] = Oauth.normalize_scope(params[:scope]) 44 | end 45 | 46 | 47 | def find_client 48 | @client = Client.where_uri(params[:client_id], params[:redirect_uri]) 49 | client_not_found unless @client.first 50 | end 51 | 52 | def check_scope 53 | @client = @client.where_scope(params[:scope]).first 54 | scope_not_valid unless @client 55 | end 56 | 57 | def client_blocked? 58 | client_blocked if @client.blocked? 59 | end 60 | 61 | def access_blocked? 62 | access = OauthAccess.find_or_create_by(:client_uri => @client.uri, resource_owner_uri: current_user.uri) 63 | access_blocked if access.blocked? 64 | end 65 | 66 | def token_blocked? 67 | if params[:response_type] == "token" 68 | @token = OauthToken.exist(@client.uri, current_user.uri, params[:scope]).first 69 | token_blocked if @token and @token.blocked? 70 | end 71 | end 72 | 73 | # @only refresh token for implicit flow 74 | def refresh_token 75 | if @token 76 | @token = OauthToken.create(client_uri: @client.uri, resource_owner_uri: current_user.uri, scope: params[:scope]) 77 | redirect_to implicit_redirect_uri(@client, @token, params[:state]) and return 78 | end 79 | end 80 | 81 | 82 | # helper methods 83 | 84 | def client_not_found 85 | flash.now.alert = I18n.t "notifications.oauth.client.not_found" 86 | @info = { client_id: params[:client_id], redirect_uri: params[:redirect_uri] } 87 | render "oauth/authorize" and return 88 | end 89 | 90 | def scope_not_valid 91 | flash.now.alert = I18n.t "notifications.oauth.client.not_authorized" 92 | @info = { scope: params[:scope] } 93 | render "oauth/authorize" and return 94 | end 95 | 96 | def client_blocked 97 | flash.now.alert = I18n.t "notifications.oauth.client.blocked" 98 | @info = { client_id: params[:client_id] } 99 | render "oauth/authorize" and return 100 | end 101 | 102 | def access_blocked 103 | flash.now.alert = I18n.t "notifications.oauth.resource_owner.blocked_client" 104 | @info = { client_id: params[:client_id] } 105 | render "oauth/authorize" and return 106 | end 107 | 108 | def token_blocked 109 | flash.now.alert = I18n.t "notifications.oauth.token.blocked_token" 110 | @info = { client_id: params[:client_id], token: @token.token } 111 | render "oauth/authorize" and return 112 | end 113 | 114 | def authorization_redirect_uri(client, authorization, state) 115 | uri = client.redirect_uri 116 | uri += "?code=" + authorization.code 117 | uri += "&state=" + state if state 118 | return uri 119 | end 120 | 121 | def implicit_redirect_uri(client, token, state) 122 | uri = client.redirect_uri 123 | uri += "#token=" + token.token 124 | uri += "&expires_in=" + Oauth.settings["token_expires_in"] 125 | uri += "&state=" + state if state 126 | return uri 127 | end 128 | 129 | def deny_redirect_uri(response_type, state) 130 | uri = @client.redirect_uri 131 | uri += (response_type == "code") ? "?" : "#" 132 | uri += "error=access_denied" 133 | uri += "&state=" + state if state 134 | return uri 135 | end 136 | 137 | end 138 | -------------------------------------------------------------------------------- /app/controllers/oauth/oauth_token_controller.rb: -------------------------------------------------------------------------------- 1 | class Oauth::OauthTokenController < ApplicationController 2 | include ActionView::Helpers::DateHelper 3 | 4 | skip_before_filter :authenticate 5 | before_filter :json_body 6 | 7 | # authorization code flow 8 | before_filter :client_where_secret_and_redirect 9 | before_filter :find_authorization 10 | before_filter :find_authorization_expired 11 | 12 | # password credential flow 13 | before_filter :normalize_scope 14 | before_filter :client_where_secret 15 | before_filter :check_scope 16 | before_filter :find_resource_owner 17 | 18 | # refresh token flow 19 | before_filter :find_refresh_token 20 | before_filter :find_expired_token 21 | before_filter :token_blocked? 22 | 23 | before_filter :client_blocked?, only: "create" # check if the client is blocked 24 | before_filter :access_blocked?, only: "create" # check if user has blocked the client 25 | 26 | 27 | def create 28 | # section 4.1.3 - authorization code flow 29 | if @body[:grant_type] == "authorization_code" 30 | @token = OauthToken.create(client_uri: @client.uri, resource_owner_uri: @authorization.resource_owner_uri, scope: @authorization.scope) 31 | @refresh_token = OauthRefreshToken.create(access_token: @token.token) 32 | render "/oauth/token" and return 33 | end 34 | 35 | # section 4.3.1 (password credentials flow) 36 | if @body[:grant_type] == "password" 37 | @token = OauthToken.create(client_uri: @client.uri, resource_owner_uri: @resource_owner.uri, scope: @body[:scope]) 38 | @refresh_token = OauthRefreshToken.create(access_token: @token.token) 39 | render "/oauth/token" and return 40 | end 41 | 42 | # section 6.0 (refresh token) 43 | if @body[:grant_type] == "refresh_token" 44 | @token = OauthToken.create(client_uri: @expired_token.client_uri, resource_owner_uri: @expired_token.resource_owner_uri, scope: @expired_token.scope) 45 | render "/oauth/token" and return 46 | end 47 | end 48 | 49 | # simulate a logout blocking the token 50 | # TODO: refactoring 51 | def destroy 52 | token = OauthToken.where(token: params[:id]).first 53 | if token 54 | token.block! 55 | return head 200 56 | else 57 | return head 404 58 | end 59 | end 60 | 61 | 62 | private 63 | 64 | # filters for section 4.1.3 - authorization code flow 65 | def client_where_secret_and_redirect 66 | if @body[:grant_type] == "authorization_code" 67 | @client = Client.where_secret(@body[:client_secret], @body[:client_id]).where(redirect_uri: @body[:redirect_uri]).first 68 | message = "notifications.oauth.client.not_found" 69 | info = { client_secret: @body[:client_secret], client_id: @body[:client_id], redirect_uri: @body[:redirect_uri] } 70 | render_422 message, info unless @client 71 | end 72 | end 73 | 74 | def find_authorization 75 | if @body[:grant_type] == "authorization_code" 76 | @authorization = OauthAuthorization.where_code_and_client_uri(@body[:code], @client.uri).first 77 | @resource_owner_uri = @authorization.resource_owner_uri if @authorization 78 | message = "notifications.oauth.authorization.not_found" 79 | info = { code: @body[:code], client_id: @client.uri } 80 | render_422 message, info unless @authorization 81 | end 82 | end 83 | 84 | def find_authorization_expired 85 | if @body[:grant_type] == "authorization_code" 86 | message = "notifications.oauth.authorization.expired" 87 | info = { expired_at: @authorization.expire_at, description: distance_of_time_in_words(@authorization.expire_at, Time.now, true) } 88 | render_422 message, info if @authorization.expired? 89 | end 90 | end 91 | 92 | 93 | # filters for section 4.3.1 (password credentials flow) 94 | def normalize_scope 95 | if @body[:grant_type] == "password" 96 | @body[:scope] ||= "" 97 | @body[:scope] = Oauth.normalize_scope(@body[:scope]) 98 | end 99 | end 100 | 101 | def client_where_secret 102 | if @body[:grant_type] == "password" or @body[:grant_type] == "refresh_token" 103 | @client = Client.where_secret(@body[:client_secret], @body[:client_id]) 104 | message = "notifications.oauth.client.not_found" 105 | info = { client_secret: @body[:client_secret], client_id: @body[:client_id] } 106 | render_422 message, info unless @client.first 107 | end 108 | end 109 | 110 | def check_scope 111 | if @body[:grant_type] == "password" 112 | @client = @client.where_scope(@body[:scope]).first 113 | message = "notifications.oauth.client.not_authorized" 114 | info = { scope: @body[:scope] } 115 | render_422 message, info unless @client 116 | end 117 | end 118 | 119 | def find_resource_owner 120 | if @body[:grant_type] == "password" 121 | @resource_owner = User.authenticate(@body[:username], @body[:password]) 122 | @resource_owner_uri = @resource_owner.uri if @resource_owner 123 | message = "notifications.oauth.resource_owner.not_found" 124 | info = { username: @body[:username] } 125 | render_422 message, info unless @resource_owner 126 | end 127 | end 128 | 129 | 130 | # filters for refresh token (section 6.0) 131 | def find_refresh_token 132 | if @body[:grant_type] == "refresh_token" 133 | @client = @client.first 134 | @refresh_token = OauthRefreshToken.where(refresh_token: @body[:refresh_token]).first 135 | message = "notifications.oauth.refresh_token.not_found" 136 | info = { refresh_token: @body[:refresh_token] } 137 | render_422 message, info unless @refresh_token 138 | end 139 | end 140 | 141 | def find_expired_token 142 | if @body[:grant_type] == "refresh_token" 143 | @expired_token = OauthToken.where(token: @refresh_token.access_token).first 144 | @resource_owner_uri = @expired_token.resource_owner_uri 145 | message = "notifications.oauth.token.not_found" 146 | info = { token: @refresh_token.access_token } 147 | render_422 message, info unless @refresh_token 148 | end 149 | end 150 | 151 | def token_blocked? 152 | if @body[:grant_type] == "refresh_token" 153 | message = "notifications.oauth.token.blocked_token" 154 | info = { token: @refresh_token.access_token } 155 | render_422 message, info if @expired_token.blocked? 156 | end 157 | end 158 | 159 | 160 | # shared 161 | def client_blocked? 162 | message = "notifications.oauth.client.blocked" 163 | info = { client_id: @body[:client_id] } 164 | render_422 message, info if @client.blocked? 165 | end 166 | 167 | def access_blocked? 168 | access = OauthAccess.find_or_create_by(:client_uri => @client.uri, resource_owner_uri: @resource_owner_uri) 169 | message = "notifications.oauth.resource_owner.blocked_client" 170 | info = { client_id: @body[:client_id] } 171 | render_422 message, info if access.blocked 172 | end 173 | 174 | # visualization 175 | def render_404(message, info) 176 | @message = I18n.t message 177 | @info = info.to_s 178 | render "shared/404", status: 404 and return 179 | end 180 | 181 | def render_422(message, info) 182 | @message = I18n.t message 183 | @info = info.to_json 184 | render "shared/422", status: 422 and return 185 | end 186 | 187 | end 188 | -------------------------------------------------------------------------------- /app/controllers/pastas_controller.rb: -------------------------------------------------------------------------------- 1 | class PastasController < ApplicationController 2 | before_filter :oauth_authorized 3 | 4 | def index 5 | render json: {action: :index} 6 | end 7 | 8 | def show 9 | render json: {action: :show} 10 | end 11 | 12 | def create 13 | render json: {action: :create} 14 | end 15 | 16 | def update 17 | render json: {action: :update} 18 | end 19 | 20 | def destroy 21 | render json: {action: :destroy} 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /app/controllers/pizzas_controller.rb: -------------------------------------------------------------------------------- 1 | class PizzasController < ApplicationController 2 | before_filter :oauth_authorized 3 | 4 | def index 5 | render json: {action: :index} 6 | end 7 | 8 | def show 9 | render json: {action: :show} 10 | end 11 | 12 | def create 13 | render json: {action: :create} 14 | end 15 | 16 | def update 17 | render json: {action: :update} 18 | end 19 | 20 | def destroy 21 | render json: {action: :destroy} 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /app/controllers/scopes_controller.rb: -------------------------------------------------------------------------------- 1 | class ScopesController < ApplicationController 2 | 3 | before_filter :admin? 4 | before_filter :find_resource, only: ["show", "edit", "update", "destroy"] 5 | after_filter :sync_existing_scopes, only: ["update", "destroy"] 6 | 7 | def index 8 | @scopes = Scope.all 9 | end 10 | 11 | def show 12 | end 13 | 14 | def new 15 | @scope = Scope.new 16 | end 17 | 18 | def create 19 | @scope = Scope.new(params[:scope]) 20 | @scope.uri = @scope.base_uri(request) 21 | @scope.values = @scope.normalize(params[:scope][:values]) 22 | 23 | if @scope.save 24 | redirect_to(@scope, notice: "Resource was successfully created.") 25 | else 26 | render action: "new" 27 | end 28 | end 29 | 30 | def edit 31 | end 32 | 33 | def update 34 | @scope.values = @scope.normalize(params[:scope][:values]) 35 | 36 | if @scope.update_attributes(params[:scope]) 37 | render("show", notice: "Resource was successfully updated.") 38 | else 39 | render action: "edit" 40 | end 41 | end 42 | 43 | def destroy 44 | @scope.destroy 45 | redirect_to(scopes_url, notice: "Resource was successfully destroyed.") 46 | end 47 | 48 | 49 | private 50 | 51 | def find_resource 52 | @scope = Scope.criteria.id(params[:id]).first 53 | unless @scope 54 | redirect_to root_path, alert: "Resource not found." 55 | end 56 | end 57 | 58 | # TODO: put into a background process 59 | def sync_existing_scopes 60 | Client.sync_clients_with_scope(@scope.name) 61 | end 62 | 63 | def admin? 64 | unless current_user.admin? 65 | flash.alert = "Unauthorized access." 66 | redirect_to root_path 67 | return false 68 | end 69 | end 70 | 71 | end 72 | -------------------------------------------------------------------------------- /app/controllers/sessions_controller.rb: -------------------------------------------------------------------------------- 1 | class SessionsController < ApplicationController 2 | 3 | skip_before_filter :authenticate 4 | 5 | def new 6 | end 7 | 8 | def create 9 | user = User.authenticate(params[:email], params[:password]) 10 | if user 11 | session[:user_id] = user.id 12 | session[:back] ||= user_path(user) 13 | redirect_to session[:back], notice: "Logged in!" 14 | session[:back] = nil 15 | else 16 | flash.now.alert = "Invalid email or password" 17 | render "new" 18 | end 19 | end 20 | 21 | def destroy 22 | session[:user_id] = nil 23 | redirect_to root_url, :notice => "Logged out!" 24 | end 25 | 26 | end 27 | -------------------------------------------------------------------------------- /app/controllers/users_controller.rb: -------------------------------------------------------------------------------- 1 | class UsersController < ApplicationController 2 | 3 | skip_before_filter :authenticate, only: ["new", "create"] 4 | before_filter :admin?, only: ["index"] 5 | before_filter :find_user, only: ["show", "edit", "update", "destroy"] 6 | 7 | def index 8 | @users = User.all 9 | end 10 | 11 | def show 12 | end 13 | 14 | def new 15 | @user = User.new 16 | end 17 | 18 | def create 19 | @user = User.new(params[:user]) 20 | @user.uri = @user.base_uri(request) 21 | @user.admin = true if admin_does_not_exist 22 | if @user.save 23 | redirect_to root_url, :notice => "Signed up!" 24 | else 25 | render "new" 26 | end 27 | end 28 | 29 | def edit 30 | end 31 | 32 | def update 33 | params[:user].delete_if { |key, value| key == "password" and value.empty? } 34 | if @user.update_attributes(params[:user]) 35 | render "show" 36 | else 37 | render action: "edit" 38 | end 39 | end 40 | 41 | 42 | private 43 | 44 | def find_user 45 | @user = current_user.admin? ? User.criteria : User.where(uri: current_user.uri) 46 | @user = @user.id(params[:id]).first 47 | unless @user 48 | redirect_to root_path, alert: "Resource not found." 49 | end 50 | end 51 | 52 | def admin? 53 | unless current_user.admin? 54 | flash.alert = "Unauthorized access." 55 | redirect_to root_path 56 | return false 57 | end 58 | end 59 | 60 | end 61 | -------------------------------------------------------------------------------- /app/helpers/accesses_helper.rb: -------------------------------------------------------------------------------- 1 | module AccessesHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | 3 | end 4 | 5 | -------------------------------------------------------------------------------- /app/helpers/clients_helper.rb: -------------------------------------------------------------------------------- 1 | module ClientsHelper 2 | def authorization_uri(client, scope) 3 | "/oauth/authorization?response_type=code&scope=#{scope}&client_id=#{client.uri}&redirect_uri=#{client.redirect_uri}" 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /app/helpers/oauth_accesses_helper.rb: -------------------------------------------------------------------------------- 1 | module OauthAccessesHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/helpers/oauth_helper.rb: -------------------------------------------------------------------------------- 1 | module OauthHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/helpers/scopes_helper.rb: -------------------------------------------------------------------------------- 1 | module ScopesHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/helpers/sessions_helper.rb: -------------------------------------------------------------------------------- 1 | module SessionsHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/helpers/users_helper.rb: -------------------------------------------------------------------------------- 1 | module UsersHelper 2 | end 3 | -------------------------------------------------------------------------------- /app/models/client.rb: -------------------------------------------------------------------------------- 1 | # Application making protected resource requests on behalf of 2 | # the resource owner and with its authorization 3 | 4 | class Client 5 | include Mongoid::Document 6 | include Mongoid::Timestamps 7 | include Lelylan::Document::Base 8 | 9 | field :uri # client identifier (internal) 10 | field :name # client name 11 | field :created_from # user who created the client 12 | field :secret # client secret 13 | field :site_uri # client website 14 | field :redirect_uri # page called after authorization 15 | field :scope, type: Array, default: [] # raw scope with keywords 16 | field :scope_values, type: Array, default: [] # scope parsed as array of allowed actions 17 | field :info # client additional info 18 | field :granted_times, type: Integer, default: 0 # tokens granted in the authorization step 19 | field :revoked_times, type: Integer, default: 0 # tokens revoked in the authorization step 20 | field :blocked, type: Time, default: nil # blocks any request from the client 21 | 22 | attr_accessible :name, :site_uri, :redirect_uri, :info, :scope 23 | 24 | before_create :random_secret 25 | before_destroy :clean 26 | 27 | validates :name, presence: true 28 | validates :uri, presence: true, url: true 29 | validates :created_from, presence: true, url: true 30 | validates :redirect_uri, presence: true, url: true 31 | 32 | 33 | # Block the client 34 | def block! 35 | self.blocked = Time.now 36 | self.save 37 | OauthToken.block_client!(self.uri) 38 | OauthAuthorization.block_client!(self.uri) 39 | end 40 | 41 | # Unblock the client 42 | def unblock! 43 | self.blocked = nil 44 | self.save 45 | end 46 | 47 | # Check if the status is or is not blocked 48 | def blocked? 49 | !self.blocked.nil? 50 | end 51 | 52 | # Increase the counter of resource owners granting the access 53 | # to the client 54 | def granted! 55 | self.granted_times += 1 56 | self.save 57 | end 58 | 59 | # Increase the counter of resource owners revoking the access 60 | # to the client 61 | def revoked! 62 | self.revoked_times += 1 63 | self.save 64 | end 65 | 66 | def scope_pretty 67 | separator = Oauth.settings["scope_separator"] 68 | scope.join(separator) 69 | end 70 | 71 | def scope_values_pretty 72 | separator = Oauth.settings["scope_separator"] 73 | scope_values.join(separator) 74 | end 75 | 76 | class << self 77 | 78 | # Filter to the client uri (internal identifier) and the 79 | # redirect uri 80 | def where_uri(client_uri, redirect_uri) 81 | where(uri: client_uri, redirect_uri: redirect_uri) 82 | end 83 | 84 | # Filter to the client secret and the redirect uri 85 | def where_secret(secret, client_uri) 86 | where(secret: secret, uri: client_uri) 87 | end 88 | 89 | # Filter to the client scope 90 | def where_scope(scope) 91 | all_in(scope_values: scope) 92 | end 93 | 94 | # Sync all clients with the correct exploded scope when a 95 | # scope is modified (changed or removed) 96 | def sync_clients_with_scope(scope) 97 | Client.all.each do |client| 98 | scope_string = client.scope.join(Oauth.settings["scope_separator"]) 99 | client.scope_values = Oauth.normalize_scope(scope_string) 100 | client.save 101 | end 102 | end 103 | end 104 | 105 | 106 | private 107 | 108 | # TODO: use atomic updates 109 | # https://github.com/mongoid/mongoid/commit/aa2c388c71529bf4d987b286acfd861eaac530ce 110 | def block_tokens! 111 | OauthToken.where(client_uri: uri).map(&:block!) 112 | end 113 | 114 | def block_authorizations! 115 | OauthAuthorization.where(client_uri: uri).map(&:block!) 116 | end 117 | 118 | def random_secret 119 | self.secret = ActiveSupport::SecureRandom.hex(Oauth.settings["random_length"]) 120 | end 121 | 122 | def clean 123 | OauthToken.where(client_uri: uri).destroy_all 124 | OauthAuthorization.where(client_uri: uri).destroy_all 125 | end 126 | 127 | end 128 | -------------------------------------------------------------------------------- /app/models/oauth/oauth_access.rb: -------------------------------------------------------------------------------- 1 | # Access info related to a resource owner using a specific 2 | # client (block and statistics) 3 | 4 | class OauthAccess 5 | include Mongoid::Document 6 | include Mongoid::Timestamps 7 | 8 | field :client_uri # client identifier (internal) 9 | field :resource_owner_uri # resource owner identifier 10 | field :blocked, type: Time, default: nil # authorization block (a user block a single client) 11 | 12 | embeds_many :oauth_daily_requests # daily requests (one record per day) 13 | 14 | validates :client_uri, presence: true 15 | validates :resource_owner_uri, presence: true 16 | 17 | 18 | # Block the resource owner delegation to a specific client 19 | def block! 20 | self.blocked = Time.now 21 | self.save 22 | OauthToken.block_access!(client_uri, resource_owner_uri) 23 | OauthAuthorization.block_access!(client_uri, resource_owner_uri) 24 | end 25 | 26 | # Unblock the resource owner delegation to a specific client 27 | def unblock! 28 | self.blocked = nil 29 | self.save 30 | end 31 | 32 | # Check if the status is or is not blocked 33 | def blocked? 34 | !self.blocked.nil? 35 | end 36 | 37 | # Increment the daily accesses 38 | def accessed! 39 | daily_requests.increment! 40 | end 41 | 42 | # A daily requests record (there is one per day) 43 | # 44 | # @params [String] time we want to find the requests record 45 | # @return [OauthDailyRequest] requests record 46 | def daily_requests(time = Time.now) 47 | find_or_create_daily_requests(time) 48 | end 49 | 50 | # Give back the last days in a friendly format.It is used to 51 | # generate graph for statistics 52 | def chart_days 53 | daily_requests = self.oauth_daily_requests.limit(10) 54 | days = daily_requests.map(&:created_at) 55 | days.map { |d| d.strftime("%b %e") } 56 | end 57 | 58 | # Give the number of accesses for the last days. It is used 59 | # to generate graph for statistics 60 | def chart_times 61 | access_times = self.oauth_daily_requests.limit(10) 62 | access_times.map(&:times) 63 | end 64 | 65 | 66 | private 67 | 68 | def find_or_create_daily_requests(time) 69 | daily_requests = oauth_daily_requests.find_day(time).first 70 | daily_requests = oauth_daily_requests.create(created_at: time) unless daily_requests 71 | return daily_requests 72 | end 73 | 74 | def daily_id(time) 75 | time.year + time.month + time.day 76 | end 77 | 78 | end 79 | -------------------------------------------------------------------------------- /app/models/oauth/oauth_authorization.rb: -------------------------------------------------------------------------------- 1 | # Authorization grant which represents the authorization 2 | # provided by the resource owner 3 | 4 | class OauthAuthorization 5 | include Mongoid::Document 6 | include Mongoid::Timestamps 7 | 8 | field :client_uri # client identifier 9 | field :resource_owner_uri # resource owner identifier 10 | field :code # authorization code 11 | field :scope, type: Array # scope accessible with request 12 | field :expire_at, type: Time # authorization expiration (security reasons) 13 | field :blocked, type: Time, default: nil # authorization block (if client is blocked) 14 | 15 | validates :client_uri, presence: true, url: true 16 | validates :resource_owner_uri, presence: true, url: true 17 | 18 | before_create :random_code 19 | before_create :create_expiration 20 | 21 | # Block the authorization (when resource owner blocks a client) 22 | def block! 23 | self.blocked = Time.now 24 | self.save 25 | end 26 | 27 | # Block tokens used from a client 28 | def self.block_client!(client_uri) 29 | self.where(client_uri: client_uri).map(&:block!) 30 | end 31 | 32 | # Block tokens used from a client in behalf of a resource owner 33 | def self.block_access!(client_uri, resource_owner_uri) 34 | self.where(client_uri: client_uri, resource_owner_uri: resource_owner_uri).map(&:block!) 35 | end 36 | 37 | # Check if the status is or is not blocked 38 | def blocked? 39 | !self.blocked.nil? 40 | end 41 | 42 | # Check if the authorization is expired 43 | def expired? 44 | self.expire_at < Time.now 45 | end 46 | 47 | # Find the authorization based on the client uri and the 48 | # authorization code 49 | class << self 50 | def where_code_and_client_uri(code, client_id) 51 | where(code: code).where(client_uri: client_id) 52 | end 53 | end 54 | 55 | 56 | private 57 | 58 | # random authorization code 59 | def random_code 60 | self.code = ActiveSupport::SecureRandom.hex(Oauth.settings["random_length"]) 61 | end 62 | 63 | # expiration time 64 | def create_expiration 65 | self.expire_at = Chronic.parse("in #{Oauth.settings["authorization_expires_in"]} seconds") 66 | end 67 | 68 | end 69 | -------------------------------------------------------------------------------- /app/models/oauth/oauth_daily_request.rb: -------------------------------------------------------------------------------- 1 | # Daily requests of a Resource Owner on a specific client 2 | 3 | class OauthDailyRequest 4 | 5 | include Mongoid::Document 6 | 7 | field :created_at, type: Time # creation time 8 | field :time_id # unique key for the day 9 | field :day # request day 10 | field :month # request month 11 | field :year # request year 12 | field :times, type: Integer, default: 0 # daily request times 13 | 14 | # resource owner's client access 15 | embedded_in :oauth_access, inverse_of: :oauth_daily_requests 16 | 17 | after_create :init_times 18 | 19 | # Increment the times counter that track the number of 20 | # requests a client have made in behalf of a resource 21 | # owner in a specific day 22 | def increment! 23 | self.times += 1 24 | self.save 25 | end 26 | 27 | class << self 28 | 29 | # Find a daily requests record 30 | def find_day(time) 31 | time_id = time_id(time) 32 | where(time_id: time_id) 33 | end 34 | 35 | # Define an identifier for a specific day 36 | def time_id(time) 37 | time.strftime("%Y%m%d") 38 | end 39 | end 40 | 41 | private 42 | 43 | # Add statistical informations 44 | def init_times 45 | self.day = self.created_at.strftime("%d") 46 | self.month = self.created_at.strftime("%m") 47 | self.year = self.created_at.strftime("%Y") 48 | self.time_id = self.class.time_id(created_at) 49 | self.save 50 | end 51 | 52 | end 53 | -------------------------------------------------------------------------------- /app/models/oauth/oauth_refresh_token.rb: -------------------------------------------------------------------------------- 1 | class OauthRefreshToken 2 | include Mongoid::Document 3 | include Mongoid::Timestamps 4 | 5 | field :refresh_token 6 | field :access_token 7 | 8 | validates :access_token, presence: true 9 | 10 | before_create :random_refresh_token 11 | 12 | private 13 | 14 | def random_refresh_token 15 | self.refresh_token = ActiveSupport::SecureRandom.hex(Oauth.settings["random_length"]) 16 | end 17 | 18 | end 19 | -------------------------------------------------------------------------------- /app/models/oauth/oauth_token.rb: -------------------------------------------------------------------------------- 1 | # Access token used from the client to request resource 2 | # owner resouces 3 | 4 | class OauthToken 5 | include Mongoid::Document 6 | include Mongoid::Timestamps 7 | 8 | field :client_uri # client identifier (internal) 9 | field :resource_owner_uri # resource owner identifier 10 | field :token # access token 11 | field :refresh_token # refresh token 12 | field :scope, type: Array # scope accessible with token 13 | field :expire_at, type: Time, default: nil # token expiration 14 | field :blocked, type: Time, default: nil # access token block (if client is blocked) 15 | 16 | before_create :random_token 17 | before_create :random_refresh_token 18 | before_create :create_expiration 19 | 20 | validates :client_uri, presence: true, url: true 21 | validates :resource_owner_uri, presence: true, url: true 22 | 23 | 24 | # Block the resource owner delegation to a specific client 25 | def block! 26 | self.blocked = Time.now 27 | self.save 28 | end 29 | 30 | # Block tokens used from a client 31 | def self.block_client!(client_uri) 32 | self.where(client_uri: client_uri).map(&:block!) 33 | end 34 | 35 | # Block tokens used from a client in behalf of a resource owner 36 | def self.block_access!(client_uri, resource_owner_uri) 37 | self.where(client_uri: client_uri, resource_owner_uri: resource_owner_uri).map(&:block!) 38 | end 39 | 40 | def self.exist(client_uri, resource_owner_uri, scope) 41 | self.where(client_uri: client_uri). 42 | where(resource_owner_uri: resource_owner_uri). 43 | all_in(scope: scope) 44 | end 45 | 46 | # Check if the status is or is not blocked 47 | def blocked? 48 | !self.blocked.nil? 49 | end 50 | 51 | # Last time the resource owner have used the token 52 | def last_access 53 | self.updated_at 54 | end 55 | 56 | # Token is expired or not 57 | def expired? 58 | self.expire_at < Time.now 59 | end 60 | 61 | 62 | private 63 | 64 | def random_token 65 | self.token = ActiveSupport::SecureRandom.hex(Oauth.settings["random_length"]) 66 | end 67 | 68 | def random_refresh_token 69 | self.refresh_token = ActiveSupport::SecureRandom.hex(Oauth.settings["random_length"]) 70 | end 71 | 72 | def create_expiration 73 | self.expire_at = Chronic.parse("in #{Oauth.settings["token_expires_in"]} seconds") 74 | end 75 | 76 | end 77 | -------------------------------------------------------------------------------- /app/models/scope.rb: -------------------------------------------------------------------------------- 1 | class Scope 2 | include Mongoid::Document 3 | include Mongoid::Timestamps 4 | include Lelylan::Document::Base 5 | 6 | field :name 7 | field :uri 8 | field :values, type: Array, default: [] 9 | 10 | attr_accessible :name 11 | 12 | validates :name, presence: true 13 | validates :values, presence: true 14 | validates :uri, url: true 15 | 16 | def normalize(val) 17 | separator = Oauth.settings["scope_separator"] 18 | val = val.split(separator) 19 | end 20 | 21 | def values_pretty 22 | separator = Oauth.settings["scope_separator"] 23 | values.join(separator) 24 | end 25 | 26 | class << self 27 | # Sync all scopes with the correct exploded scope when a 28 | # scope is modified (changed or removed) 29 | def sync_scopes_with_scope(scope) 30 | scopes_to_sync = any_in(scope: [scope]) 31 | scopes_to_sync.each do |client| 32 | scope.values = Oauth.normalize_scope(scope.values) 33 | scope.save 34 | end 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User 2 | include Mongoid::Document 3 | include Mongoid::Timestamps 4 | include Lelylan::Document::Base 5 | 6 | field :uri 7 | field :email 8 | field :name 9 | field :password_hash 10 | field :password_salt 11 | field :admin, type: Boolean, default: false 12 | 13 | attr_accessible :email, :name, :password 14 | 15 | attr_accessor :password 16 | before_save :encrypt_password 17 | 18 | validates :password, presence: true, on: :create 19 | # TODO: add password length 20 | #validates :password, length: {min: 6}, empty: true 21 | validates :email, presence: true 22 | validates :email, uniqueness: true 23 | validates :email, email: true 24 | 25 | def self.authenticate(email, password) 26 | user = where(email: email).first 27 | user.verify(password) if user 28 | end 29 | 30 | def verify(password) 31 | if password_hash == BCrypt::Engine.hash_secret(password, password_salt) 32 | self 33 | else 34 | nil 35 | end 36 | end 37 | 38 | def encrypt_password 39 | if password.present? 40 | self.password_salt = BCrypt::Engine.generate_salt 41 | self.password_hash = BCrypt::Engine.hash_secret(password, password_salt) 42 | end 43 | end 44 | 45 | def admin? 46 | self.admin 47 | end 48 | end 49 | -------------------------------------------------------------------------------- /app/views/accesses/index.html.erb: -------------------------------------------------------------------------------- 1 |

Show Accesses

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | <% @accesses.each do |access| %> 11 | 12 | 13 | 14 | 15 | <% if access.blocked? %> 16 | 17 | <% else %> 18 | 19 | <% end %> 20 | 21 | 22 | <% end %> 23 |
Client URI
<%= access.client_uri %><%= link_to 'Show stats', access_path(access), class: "button icon settings" %><%= link_to 'Unblock!', unblock_access_path(access), method: :put, class: "button danger" %><%= link_to 'Block!', block_access_path(access), method: :put, class: "button danger" %>
24 | 25 |
26 | -------------------------------------------------------------------------------- /app/views/accesses/show.html.erb: -------------------------------------------------------------------------------- 1 |

Show Access

2 | 3 |
4 | Client URI: 5 | <%= @access.client_uri %> 6 |
7 | 8 |
9 | Today requests: 10 | <%= @access.daily_requests.times %> 11 |
12 | 13 |
14 | 15 |
16 | <%= link_to 'Back', accesses_path, class: "button icon arrowleft" %> 17 | <% if @access.blocked? %> 18 | <%= link_to 'Unblock!', unblock_access_path(@access), method: :put, class: "button danger" %> 19 | <% else %> 20 | <%= link_to 'Block!', block_access_path(@access), method: :put, class: "button danger" %> 21 | <% end %> 22 |
23 | 24 | 25 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /app/views/clients/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_for(@client) do |f| %> 2 | 3 | <% if @client.errors.any? %> 4 |
5 |
<%= pluralize(@client.errors.count, "error") %> prohibited this resource from being saved
6 |
    7 | <% @client.errors.full_messages.each do |msg| %> 8 |
  • <%= msg %>
    • 9 | <% end %> 10 |
11 |
12 | <% end %> 13 | 14 |
15 | <%= f.label :name %>
16 | <%= f.text_field :name %> 17 |
18 | 19 |
20 | <%= f.label :site_uri %>
21 | <%= f.text_field :site_uri %> 22 |
23 | 24 |
25 | <%= f.label :redirect_uri %>
26 | <%= f.text_field :redirect_uri %> 27 |
28 | 29 |
30 | <%= f.label :scope %> (separated by spaces)
31 | 32 |
33 | 34 |
35 | <%= f.label :info %>
36 | <%= f.text_field :info %> 37 |
38 | 39 |
40 | <%= f.submit nil, {class: "button"} %> 41 |
42 | <% end %> 43 | -------------------------------------------------------------------------------- /app/views/clients/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing Client

2 | 3 |
4 | <%= link_to 'Back', clients_path, class: "button icon arrowleft" %> 5 | <%= link_to 'Show', @client, class: "button" %> 6 |
7 | 8 | <%= render 'form' %> 9 | 10 | -------------------------------------------------------------------------------- /app/views/clients/index.html.erb: -------------------------------------------------------------------------------- 1 |

Show Clients

2 |
3 | <%= link_to 'Create a new client', new_client_path, class: "button icon add" %> 4 |
5 | 6 | 7 | 8 | <% if current_user.admin? %> 9 | 10 | <% end %> 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | <% @clients.each do |client| %> 20 | 21 | <% if current_user.admin? %> 22 | 23 | <% end %> 24 | 25 | <% unless current_user.admin? %> 26 | 27 | <% end %> 28 | 29 | 30 | 31 | <% if current_user.admin? %> 32 | <% if client.blocked? %> 33 | 34 | <% else %> 35 | 36 | <% end %> 37 | <% end %> 38 | 39 | 40 | <% end %> 41 |
UserNameActive
<%= link_to User, client.created_from %><%= client.name %><%= client.blocked? ? "Not Active" : "Active" %><%= link_to 'Show', client, class: "button" %><%= link_to 'Edit', edit_client_path(client), class: "button" %><%= link_to 'Destroy', client, confirm: 'Are you sure?', method: :delete, class: "button danger" %><%= link_to 'Unblock!', unblock_client_path(client), method: :put, class: "button danger icon unlock" %><%= link_to 'Block!', block_client_path(client), method: :put, class: "button danger icon lock" %>
42 | 43 |
44 | -------------------------------------------------------------------------------- /app/views/clients/new.html.erb: -------------------------------------------------------------------------------- 1 |

New Client

2 | 3 |
4 | <%= link_to 'Back', clients_path, class: "button icon arrowleft" %> 5 |
6 | 7 | <%= render 'form' %> 8 | 9 | -------------------------------------------------------------------------------- /app/views/clients/show.html.erb: -------------------------------------------------------------------------------- 1 |

Show Client

2 | 3 |
4 | Client URI: 5 | <%= @client.uri %> 6 |
7 | 8 |
9 | Name: 10 | <%= @client.name %> 11 |
12 | 13 |
14 | Secret: 15 | <%= @client.secret %> 16 |
17 | 18 |
19 | Site URI: 20 | <%= @client.site_uri %> 21 |
22 | 23 |
24 | Redirect URI: 25 | <%= @client.redirect_uri %> 26 |
27 | 28 |
29 | Scope: 30 | <%= @client.scope_pretty %> 31 | (includes <%= @client.scope_values_pretty %>) 32 |
33 | 34 |
35 | Info: 36 | <%= @client.info %> 37 |
38 | 39 |
40 |
41 | <%= link_to 'Back', clients_path, class: "button icon arrowleft" %> 42 | <%= link_to 'Edit', edit_client_path(@client), class: "button" %> 43 | <%= link_to 'Destroy', @client, :confirm => 'Are you sure?', :method => :delete, class: "button danger" %> 44 |
45 | 46 |
47 | <%= link_to 'Simulate Authorization', authorization_uri(@client, "all"), class: "button icon search" %> 48 |
49 |
50 | -------------------------------------------------------------------------------- /app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Rest OAuth 2.0 Server 6 | <%= stylesheet_link_tag :all %> 7 | <%= javascript_include_tag :defaults %> 8 | <%= javascript_include_tag "jquery.tagsinput.js", "highcharts.js" %> 9 | <%= csrf_meta_tag %> 10 | 11 | 12 | 13 |
14 | <% unless request.path == oauth_authorization_path %> 15 | Fork me on GitHub 16 | 17 |
18 |

Rest OAuth 2.0 Server

19 |

20 | Rest OAuth 2.0 Server 21 | let you open up your API and manage end-user authentication and client application authorization 22 | implementing the OAuth 2.0 Specifications (draft 13). Read more on Github 23 | 24 |

25 |
26 | <% end %> 27 |
28 | <% if current_user %> 29 |
30 | Logged in as <%= current_user.email %>. 31 | <%= link_to "Log out", log_out_path %> 32 |
33 |
34 | <%= link_to("Home", current_user) %> | 35 | <%= link_to("Accesses", accesses_path) %> | 36 | <%= link_to("Clients", clients_path) %> 37 | <% if current_user.admin? %> | 38 | <%= link_to("Users", users_path) %> | 39 | <%= link_to("Scopes", scopes_path) %> 40 | <% end %> 41 |
42 | <% else %> 43 | <%= link_to "Sign up", sign_up_path %> or 44 | <%= link_to "log in", log_in_path %> 45 | <% end %> 46 |
47 |
48 | 49 | 50 | <% if flash.notice %> 51 |
52 | <%= flash.notice %> 53 |
54 | <% end %> 55 | 56 | <% if flash.alert %> 57 |
58 | <%= flash.alert %> 59 | <% if @info %> 60 |

Additional information: 61 | <%= @info.to_json%> 62 |

63 | <% end %> 64 |
65 | <% end %> 66 | 67 | <%= yield %> 68 | 69 |
70 | 71 | 72 | -------------------------------------------------------------------------------- /app/views/oauth/authorize.html.erb: -------------------------------------------------------------------------------- 1 | <% unless flash.alert %> 2 |

Authorization request

3 |
4 | The application <%=@client.name%> would like to access your resources 5 |
You are giving access to <%= params[:scope].join(" ") %>
6 | 7 | 19 | 20 |
21 |
22 | 23 | 24 | 25 | 26 | "> 27 | <% if params[:state] %> 28 | 29 | <% end %> 30 | 31 |
32 |
33 | 34 | <% end %> 35 | -------------------------------------------------------------------------------- /app/views/oauth/token.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "access_token": "<%=@token.token%>", 3 | "expires_in": <%=Oauth.settings["token_expires_in"]%>, 4 | "refresh_token": "<%=@refresh_token.refresh_token%>" 5 | } 6 | -------------------------------------------------------------------------------- /app/views/scopes/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_for(@scope) do |f| %> 2 | 3 | <% if @scope.errors.any? %> 4 |
5 |
<%= pluralize(@scope.errors.count, "error") %> prohibited this resource from being saved
6 |
    7 | <% @scope.errors.full_messages.each do |msg| %> 8 |
  • <%= msg %>
    • 9 | <% end %> 10 |
11 |
12 | <% end %> 13 | 14 |
15 | <%= f.label :name %>
16 | <%= f.text_field :name %> 17 |
18 | 19 |
20 | <%= f.label :values %> (separated by spaces)
21 | "> 22 |
23 | 24 |
25 | <%= f.submit nil, {class: "button" } %> 26 |
27 | <% end %> 28 | -------------------------------------------------------------------------------- /app/views/scopes/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing Scope

2 | 3 |
4 | <%= link_to 'Back', scopes_path, class: "button icon arrowleft" %> 5 | <%= link_to 'Show', @scope, class: "button" %> 6 |
7 | 8 | <%= render 'form' %> 9 | -------------------------------------------------------------------------------- /app/views/scopes/index.html.erb: -------------------------------------------------------------------------------- 1 |

Show Scope

2 | 3 |
4 | <%= link_to 'Create a new scope', new_scope_path, class: "button icon add" %> 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | <% @scopes.each do |scope| %> 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | <% end %> 25 |
NameValues
<%= scope.name %><%= scope.values_pretty %><%= link_to 'Show', scope, class: "button" %><%= link_to 'Edit', edit_scope_path(scope), class: "button" %><%= link_to 'Destroy', scope, :confirm => 'Are you sure?', :method => :delete, class: "button danger" %>
26 | 27 |
28 | -------------------------------------------------------------------------------- /app/views/scopes/new.html.erb: -------------------------------------------------------------------------------- 1 |

New Scope

2 | 3 |
4 | <%= link_to 'Back', scopes_path, class: "button icon arrowleft" %> 5 |
6 | 7 | <%= render 'form' %> 8 | -------------------------------------------------------------------------------- /app/views/scopes/show.html.erb: -------------------------------------------------------------------------------- 1 |

Show Scope

2 | 3 |
4 | Name: 5 | <%= @scope.name %> 6 |
7 | 8 |
9 | Values: 10 | <%= @scope.values_pretty %> 11 | (includes <%= Oauth.normalize_scope(@scope.values_pretty).join(" ") %> 12 |
13 | 14 | 15 |
16 | <%= link_to 'Back', scopes_path, class: "button icon arrowleft" %> 17 | <%= link_to 'Edit', edit_scope_path(@scope), class: "button" %> 18 | <%= link_to 'Destroy', @scope, :confirm => 'Are you sure?', :method => :delete, class: "button danger" %> 19 |
20 | -------------------------------------------------------------------------------- /app/views/sessions/new.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |

Log in

5 | 6 | <%= form_tag sessions_path do %> 7 |
8 | <%= label_tag :email %>
9 | <%= text_field_tag :email, params[:email] %> 10 |
11 | 12 |
13 | <%= label_tag :password %>
14 | <%= password_field_tag :password %> 15 |
16 | 17 |
18 | <%= submit_tag "Log in", class: "button" %> 19 |
20 | <% end %> 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /app/views/shared/403.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "request" => "<%=request.url%>", 3 | "message" => "to define" 4 | } 5 | -------------------------------------------------------------------------------- /app/views/shared/404.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "request": "<%=raw request.url%>", 3 | "message": "<%=raw @message%>", 4 | "info": "<%=@info%>" 5 | } 6 | 7 | -------------------------------------------------------------------------------- /app/views/shared/422.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "request": "<%=raw request.url%>", 3 | "message": "<%=raw @message%>", 4 | "info": <%=raw @info%> 5 | } 6 | -------------------------------------------------------------------------------- /app/views/shared/500.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "request": "<%=request.url%>", 3 | "message": "<%=@message%>" 4 | } 5 | -------------------------------------------------------------------------------- /app/views/shared/html/404.html.erb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/app/views/shared/html/404.html.erb -------------------------------------------------------------------------------- /app/views/shared/html/422.html.erb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/app/views/shared/html/422.html.erb -------------------------------------------------------------------------------- /app/views/users/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_for(@user) do |f| %> 2 | 3 | <% if @user.errors.any? %> 4 |
5 |
<%= pluralize(@user.errors.count, "error") %> prohibited this resource from being saved
6 |
    7 | <% @user.errors.full_messages.each do |msg| %> 8 |
  • <%= msg %>
    • 9 | <% end %> 10 |
11 |
12 | <% end %> 13 | 14 |
15 | <%= f.label :name%>
16 | <%= f.text_field :name%> 17 |
18 | 19 |
20 | <%= f.label :password %>
21 | <%= f.text_field :password %> 22 |
23 | 24 |
25 | <%= f.submit nil, {class: "button"} %> 26 |
27 | <% end %> 28 | -------------------------------------------------------------------------------- /app/views/users/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing <%=@user.email%>

2 | 3 |
4 | <%= link_to 'Back', @user, class: "button icon arrowleft" %> 5 |
6 | 7 | <%= render 'form' %> 8 | 9 | -------------------------------------------------------------------------------- /app/views/users/index.html.erb: -------------------------------------------------------------------------------- 1 |

Show Users

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | <% @users.each do |user| %> 13 | 14 | 15 | 16 | 17 | 18 | 19 | <% end %> 20 |
EmailName
<%= user.email %><%= user.name %><%= link_to 'Show', user, class: "button" %><%= link_to 'Edit', edit_user_path(user), class: "button" %>
21 | -------------------------------------------------------------------------------- /app/views/users/new.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |

Sign Up

6 | <% if admin_does_not_exist %> 7 |

8 | No administrator was found. Probably this is the first time 9 | you access the Rest OAuth 2.0 Server Dashboard. Fill the form 10 | and create the first admin user. 11 |

12 | <% end %> 13 | 14 | <%= form_for @user do |f| %> 15 | 16 | <% if @user.errors.any? %> 17 |
18 |
<%= pluralize(@user.errors.count, "error") %> prohibited this resource from being saved
19 |
    20 | <% @user.errors.full_messages.each do |msg| %> 21 |
  • <%= msg %>
    • 22 | <% end %> 23 |
24 |
25 | <% end %> 26 | 27 | 28 |
29 | <%= f.label :email %>
30 | <%= f.text_field :email %> 31 |
32 | 33 |
34 | <%= f.label :password %>
35 | <%= f.password_field :password %> 36 |
37 | 38 |
39 | <%= f.submit nil, {class: "button"} %> 40 |
41 | 42 | <% end %> 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /app/views/users/show.html.erb: -------------------------------------------------------------------------------- 1 |

Show User

2 | 3 |
4 | URI: 5 | <%= @user.uri %> 6 |
7 | 8 |
9 | Email: 10 | <%= @user.email %> 11 |
12 | 13 |
14 | Name: 15 | <%= @user.name %> 16 |
17 | 18 |
19 | <%= link_to 'Edit', edit_user_path(@user), class: "button" %> 20 |
21 | -------------------------------------------------------------------------------- /config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Lelylan::Application 5 | -------------------------------------------------------------------------------- /config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require "action_controller/railtie" 4 | #require "action_mailer/railtie" 5 | #require "active_resource/railtie" 6 | #require 'rails/all' 7 | 8 | # If you have a Gemfile, require the gems listed there, including any gems 9 | # you've limited to :test, :development, or :production. 10 | Bundler.require(:default, Rails.env) if defined?(Bundler) 11 | 12 | module Lelylan 13 | class Application < Rails::Application 14 | # Settings in config/environments/* take precedence over those specified here. 15 | # Application configuration should go into files in config/initializers 16 | # -- all .rb files in that directory are automatically loaded. 17 | 18 | # Custom directories with classes and modules you want to be autoloadable. 19 | # TODO: move in lib/extras the initializers when it makes sense 20 | config.autoload_paths += %W[ 21 | #{config.root}/lib/extras 22 | #{config.root}/app/models/oauth 23 | ] 24 | 25 | # Only load the plugins named here, in the order given (default is alphabetical). 26 | # :all can be used as a placeholder for all plugins not explicitly named. 27 | # config.plugins = [ :exception_notification, :ssl_requirement, :all ] 28 | 29 | # Activate observers that should always be running. 30 | # config.active_record.observers = :cacher, :garbage_collector, :forum_observer 31 | 32 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 33 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 34 | # config.time_zone = 'Central Time (US & Canada)' 35 | 36 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 37 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 38 | # config.i18n.default_locale = :de 39 | 40 | # JavaScript files you want as :defaults (application.js is always included). 41 | # config.action_view.javascript_expansions[:defaults] = %w(jquery rails) 42 | 43 | # Configure the default encoding used in templates for Ruby 1.9. 44 | config.encoding = "utf-8" 45 | 46 | # Configure sensitive parameters which will be filtered from the log file. 47 | config.filter_parameters += [:password] 48 | 49 | # Disable authenticity token 50 | config.action_controller.allow_forgery_protection = false 51 | end 52 | end 53 | -------------------------------------------------------------------------------- /config/boot.rb: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | 3 | # Set up gems listed in the Gemfile. 4 | gemfile = File.expand_path('../../Gemfile', __FILE__) 5 | begin 6 | ENV['BUNDLE_GEMFILE'] = gemfile 7 | require 'bundler' 8 | Bundler.setup 9 | rescue Bundler::GemNotFound => e 10 | STDERR.puts e.message 11 | STDERR.puts "Try running `bundle install`." 12 | exit! 13 | end if File.exist?(gemfile) 14 | -------------------------------------------------------------------------------- /config/cucumber.yml: -------------------------------------------------------------------------------- 1 | <% 2 | rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : "" 3 | rerun_opts = rerun.to_s.strip.empty? ? "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}" 4 | std_opts = "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} --strict --tags ~@wip" 5 | %> 6 | default: <%= std_opts %> features 7 | wip: --tags @wip:3 --wip features 8 | rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip 9 | -------------------------------------------------------------------------------- /config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application 5 | Lelylan::Application.initialize! 6 | -------------------------------------------------------------------------------- /config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Lelylan::Application.configure do 2 | # Settings specified here will take precedence over those in config/environment.rb 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the webserver when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Log error messages when you accidentally call methods on nil. 10 | config.whiny_nils = true 11 | 12 | # Show full error reports and disable caching 13 | config.consider_all_requests_local = true 14 | config.action_view.debug_rjs = true 15 | config.action_controller.perform_caching = false 16 | 17 | # Don't care if the mailer can't send 18 | #config.action_mailer.raise_delivery_errors = false 19 | 20 | # Print deprecation notices to the Rails logger 21 | config.active_support.deprecation = :log 22 | 23 | # Only use best-standards-support built into browsers 24 | config.action_dispatch.best_standards_support = :builtin 25 | 26 | end 27 | 28 | -------------------------------------------------------------------------------- /config/environments/production.rb: -------------------------------------------------------------------------------- 1 | require 'rack/ssl' 2 | 3 | Lelylan::Application.configure do 4 | # Settings specified here will take precedence over those in config/environment.rb 5 | 6 | # The production environment is meant for finished, "live" apps. 7 | # Code is not reloaded between requests 8 | config.cache_classes = true 9 | 10 | # Full error reports are disabled and caching is turned on 11 | config.consider_all_requests_local = false 12 | config.action_controller.perform_caching = true 13 | 14 | # Specifies the header that your server uses for sending files 15 | config.action_dispatch.x_sendfile_header = "X-Sendfile" 16 | 17 | # For nginx: 18 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' 19 | 20 | # If you have no front-end server that supports something like X-Sendfile, 21 | # just comment this out and Rails will serve the files 22 | 23 | # See everything in the log (default is :info) 24 | # config.log_level = :debug 25 | 26 | # Use a different logger for distributed setups 27 | # config.logger = SyslogLogger.new 28 | 29 | # Use a different cache store in production 30 | # config.cache_store = :mem_cache_store 31 | 32 | # Disable Rails's static asset server 33 | # In production, Apache or nginx will already do this 34 | config.serve_static_assets = false 35 | 36 | # Enable serving of images, stylesheets, and javascripts from an asset server 37 | # config.action_controller.asset_host = "http://assets.example.com" 38 | 39 | # Disable delivery errors, bad email addresses will be ignored 40 | # config.action_mailer.raise_delivery_errors = false 41 | 42 | # Enable threaded mode 43 | # config.threadsafe! 44 | 45 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 46 | # the I18n.default_locale when a translation can not be found) 47 | config.i18n.fallbacks = true 48 | 49 | # Send deprecation notices to registered listeners 50 | config.active_support.deprecation = :notify 51 | 52 | # Force HTTPS 53 | # http://collectiveidea.com/blog/archives/2010/11/29/ssl-with-rails/ 54 | config.middleware.use Rack::SSL 55 | 56 | # Force secure cookies 57 | config.middleware.insert_before ActionDispatch::Cookies, Rack::SSL 58 | end 59 | -------------------------------------------------------------------------------- /config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Lelylan::Application.configure do 2 | # Settings specified here will take precedence over those in config/environment.rb 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Log error messages when you accidentally call methods on nil. 11 | config.whiny_nils = true 12 | 13 | # Show full error reports and disable caching 14 | config.consider_all_requests_local = true 15 | config.action_controller.perform_caching = false 16 | 17 | # Raise exceptions instead of rendering exception templates 18 | config.action_dispatch.show_exceptions = false 19 | 20 | # Disable request forgery protection in test environment 21 | config.action_controller.allow_forgery_protection = false 22 | 23 | # Tell Action Mailer not to deliver emails to the real world. 24 | # The :test delivery method accumulates sent emails in the 25 | # ActionMailer::Base.deliveries array. 26 | #config.action_mailer.delivery_method = :test 27 | 28 | # Use SQL instead of Active Record's schema dumper when creating the test database. 29 | # This is necessary if your schema can't be completely dumped by the schema dumper, 30 | # like if you have constraints or database-specific column types 31 | # config.active_record.schema_format = :sql 32 | 33 | # Print deprecation notices to the stderr 34 | config.active_support.deprecation = :stderr 35 | end 36 | -------------------------------------------------------------------------------- /config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /config/initializers/capybara_headers_hack.rb: -------------------------------------------------------------------------------- 1 | module RackTestMixin 2 | 3 | def self.included(mod) 4 | mod.class_eval do 5 | # This is where we save additional entries. 6 | def hacked_env 7 | @hacked_env ||= {} 8 | end 9 | 10 | # Alias the original method for further use. 11 | alias_method :original_env, :env 12 | 13 | # Override the method to merge additional headers. 14 | # Plus this implicitly makes it public. 15 | def env 16 | original_env.merge(hacked_env) 17 | end 18 | end 19 | end 20 | 21 | end 22 | 23 | Capybara::Driver::RackTest.send :include, RackTestMixin 24 | 25 | 26 | -------------------------------------------------------------------------------- /config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format 4 | # (all these examples are active by default): 5 | # ActiveSupport::Inflector.inflections do |inflect| 6 | # inflect.plural /^(ox)$/i, '\1en' 7 | # inflect.singular /^(ox)en/i, '\1' 8 | # inflect.irregular 'person', 'people' 9 | # inflect.uncountable %w( fish sheep ) 10 | # end 11 | -------------------------------------------------------------------------------- /config/initializers/lely_array_normalize.rb: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /config/initializers/lely_base_document.rb: -------------------------------------------------------------------------------- 1 | module Lelylan 2 | module Document 3 | module Base 4 | 5 | #def self.included(base) 6 | #base.extend(ClassMethods) 7 | #end 8 | 9 | def base_uri(request) 10 | protocol = request.protocol 11 | host = request.host_with_port 12 | name = self.class.name.underscore.pluralize 13 | id = self.id.as_json 14 | uri = protocol + host + "/" + name + "/" + id 15 | end 16 | 17 | end 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /config/initializers/lely_rescue_helper.rb: -------------------------------------------------------------------------------- 1 | module Lelylan 2 | module Rescue 3 | module Helpers 4 | 5 | def bson_invalid_object_id(e) 6 | redirect_to root_path, alert: "Resource not found." 7 | end 8 | 9 | def json_parse_error(e) 10 | redirect_to root_path, alert: "Json not valid" 11 | end 12 | 13 | def mongoid_errors_invalid_type(e) 14 | redirect_to root_path, alert: "Json values is not an array" 15 | end 16 | 17 | end 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /config/initializers/oauth_scope.rb: -------------------------------------------------------------------------------- 1 | module Oauth 2 | 3 | def self.normalize_scope(scope = []) 4 | scope = scope.split(" ") if scope.kind_of? String 5 | normalized = Scope.any_in(name: scope) 6 | normalized = normalized.map(&:values).flatten 7 | 8 | if normalized.empty? 9 | return self.clean(scope) 10 | else 11 | return self.clean(scope) + self.normalize_scope(normalized) 12 | end 13 | end 14 | 15 | # Remove 'no action' keys. For example during normalization 16 | # we add keys like 'pizza' (resource names) or 'pizza/read' 17 | # wihch we have to remove to easily make the access recognition 18 | # with the bearer token. 19 | # 20 | # NOTE: at the moment are not allowed methods which contain 21 | # the word "read" because it will be removed 22 | def self.clean(scope) 23 | scope = scope.keep_if {|scope| scope =~ /\// } 24 | scope = scope.delete_if {|scope| scope =~ /read/ } 25 | scope = scope.uniq 26 | return scope 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /config/initializers/oauth_settings.rb: -------------------------------------------------------------------------------- 1 | module Oauth 2 | def self.settings 3 | @settings ||= YAML.load_file("#{Rails.root}/config/oauth.yml") 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /config/initializers/secret_token.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | # Make sure the secret is at least 30 characters and all random, 6 | # no regular words or you'll be exposed to dictionary attacks. 7 | Lelylan::Application.config.secret_token = '587decfc3592f92e448446c6986552ca3218de1ee97bc34e3cd445536c35029fd711c1a7ddc40931c56ed03fa533ee8e59e0a21e0373d1c017478ef7b79bb13e' 8 | -------------------------------------------------------------------------------- /config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Lelylan::Application.config.session_store :cookie_store, :key => '_lelylan_session' 4 | 5 | # Use the database for sessions instead of the cookie-based default, 6 | # which shouldn't be used to store highly confidential information 7 | # (create the session table with "rake db:sessions:create") 8 | # Lelylan::Application.config.session_store :active_record_store 9 | -------------------------------------------------------------------------------- /config/locales/en.yml: -------------------------------------------------------------------------------- 1 | en: 2 | notifications: 3 | oauth: 4 | client: 5 | not_found: "Client not found with the provided params" 6 | not_authorized: "Client not authorized with the provided scope" 7 | blocked: "Client blocked" 8 | response_type: 9 | not_valid: "Not valid response type" 10 | authorization: 11 | not_found: "Authorization not found with the provided params" 12 | expired: "Authorization expired" 13 | resource_owner: 14 | not_found: "User not found with the provided params" 15 | blocked_client: "Client blocked from the user (check preferences)" 16 | token: 17 | not_found: "Access token not found with the provided params" 18 | expired: "Access token authorization expired" 19 | blocked_token: "Access token blocked from the user (logged out)" 20 | refresh_token: 21 | not_found: "Refresh token not found with the provided params" 22 | document: 23 | not_found: "Resource not found" 24 | not_valid: "Not valid attributes" 25 | json: 26 | not_valid: "Not valid JSON" 27 | not_array: "Not a valid JSON type associated" 28 | pagination: 29 | not_valid_page: "Not a valid page" 30 | not_valid_per_page: "Not a valid per_page" 31 | 32 | -------------------------------------------------------------------------------- /config/mongoid.yml: -------------------------------------------------------------------------------- 1 | defaults: &defaults 2 | host: localhost 3 | slaves: 4 | - host: slave1.local 5 | port: 27018 6 | - host: slave2.local 7 | port: 27019 8 | autocreate_indexes: false 9 | allow_dynamic_fields: false 10 | include_root_in_json: false 11 | parameterize_keys: true 12 | persist_in_safe_mode: false 13 | raise_not_found_error: true 14 | reconnect_time: 3 15 | 16 | development: 17 | <<: *defaults 18 | database: oauth_development 19 | 20 | test: 21 | <<: *defaults 22 | database: oauth_test 23 | 24 | # set these environment variables on your prod server 25 | production: 26 | host: <%= ENV['MONGOID_HOST'] %> 27 | port: <%= ENV['MONGOID_PORT'] %> 28 | username: <%= ENV['MONGOID_USERNAME'] %> 29 | password: <%= ENV['MONGOID_PASSWORD'] %> 30 | database: <%= ENV['MONGOID_DATABASE'] %> 31 | -------------------------------------------------------------------------------- /config/oauth.yml: -------------------------------------------------------------------------------- 1 | token_expires_in: "1800" 2 | authorization_expires_in: "150" 3 | random_length: 32 4 | scope_separator: " " 5 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Lelylan::Application.routes.draw do 2 | 3 | namespace :oauth do 4 | get "authorization" => "oauth_authorize#show", defaults: { format: "html" } 5 | post "authorization" => "oauth_authorize#create", defaults: { format: "html" } 6 | delete "authorization" => "oauth_authorize#destroy", defaults: { format: "html" } 7 | delete "token/:id" => "oauth_token#destroy", defaults: { format: "json" } 8 | post "token" => "oauth_token#create", defaults: { format: "json" } 9 | end 10 | 11 | get "log_out" => "sessions#destroy", as: "log_out" 12 | get "log_in" => "sessions#new", as: "log_in" 13 | 14 | get "sign_up" => "users#new", as: "sign_up" 15 | get "users/show" => "users#show" 16 | get "users/edit" => "users#edit" 17 | 18 | resources :users 19 | resources :sessions 20 | resources :scopes 21 | 22 | resources :clients do 23 | put :block, on: :member 24 | put :unblock, on: :member 25 | end 26 | 27 | resources :accesses do 28 | put :block, on: :member 29 | put :unblock, on: :member 30 | end 31 | 32 | root :to => "sessions#new" 33 | 34 | # sample resources 35 | resources :pizzas, defaults: { format: "json" } 36 | resources :pastas, defaults: { format: "json" } 37 | 38 | end 39 | -------------------------------------------------------------------------------- /db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }]) 7 | # Mayor.create(:name => 'Daley', :city => cities.first) 8 | -------------------------------------------------------------------------------- /doc/README_FOR_APP: -------------------------------------------------------------------------------- 1 | Use this README file to introduce your application and point to useful places in the API for learning more. 2 | Run "rake doc:app" to generate API documentation for your models, controllers, helpers, and libraries. 3 | -------------------------------------------------------------------------------- /lib/tasks/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/lib/tasks/.gitkeep -------------------------------------------------------------------------------- /lib/tasks/cucumber.rake: -------------------------------------------------------------------------------- 1 | # IMPORTANT: This file is generated by cucumber-rails - edit at your own peril. 2 | # It is recommended to regenerate this file in the future when you upgrade to a 3 | # newer version of cucumber-rails. Consider adding your own code to a new file 4 | # instead of editing this one. Cucumber will automatically load all features/**/*.rb 5 | # files. 6 | 7 | 8 | unless ARGV.any? {|a| a =~ /^gems/} # Don't load anything when running the gems:* tasks 9 | 10 | vendored_cucumber_bin = Dir["#{Rails.root}/vendor/{gems,plugins}/cucumber*/bin/cucumber"].first 11 | $LOAD_PATH.unshift(File.dirname(vendored_cucumber_bin) + '/../lib') unless vendored_cucumber_bin.nil? 12 | 13 | begin 14 | require 'cucumber/rake/task' 15 | 16 | namespace :cucumber do 17 | Cucumber::Rake::Task.new({:ok => 'db:test:prepare'}, 'Run features that should pass') do |t| 18 | t.binary = vendored_cucumber_bin # If nil, the gem's binary is used. 19 | t.fork = true # You may get faster startup if you set this to false 20 | t.profile = 'default' 21 | end 22 | 23 | Cucumber::Rake::Task.new({:wip => 'db:test:prepare'}, 'Run features that are being worked on') do |t| 24 | t.binary = vendored_cucumber_bin 25 | t.fork = true # You may get faster startup if you set this to false 26 | t.profile = 'wip' 27 | end 28 | 29 | Cucumber::Rake::Task.new({:rerun => 'db:test:prepare'}, 'Record failing features and run only them if any exist') do |t| 30 | t.binary = vendored_cucumber_bin 31 | t.fork = true # You may get faster startup if you set this to false 32 | t.profile = 'rerun' 33 | end 34 | 35 | desc 'Run all features' 36 | task :all => [:ok, :wip] 37 | end 38 | desc 'Alias for cucumber:ok' 39 | task :cucumber => 'cucumber:ok' 40 | 41 | task :default => :cucumber 42 | 43 | task :features => :cucumber do 44 | STDERR.puts "*** The 'features' task is deprecated. See rake -T cucumber ***" 45 | end 46 | rescue LoadError 47 | desc 'cucumber rake task not available (cucumber not installed)' 48 | task :cucumber do 49 | abort 'Cucumber rake task is not available. Be sure to install cucumber as a gem or plugin' 50 | end 51 | end 52 | 53 | end 54 | -------------------------------------------------------------------------------- /lib/tasks/watchr.rake: -------------------------------------------------------------------------------- 1 | desc "Run watchr" 2 | task :watchr do 3 | sh %{bundle exec watchr .watchr.rb} 4 | end 5 | 6 | -------------------------------------------------------------------------------- /public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 17 | 18 | 19 | 20 | 21 |
22 |

The page you were looking for doesn't exist.

23 |

You may have mistyped the address or the page may have moved.

24 |
25 | 26 | 27 | -------------------------------------------------------------------------------- /public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 17 | 18 | 19 | 20 | 21 |
22 |

The change you wanted was rejected.

23 |

Maybe you tried to change something you didn't have access to.

24 |
25 | 26 | 27 | -------------------------------------------------------------------------------- /public/500.html: -------------------------------------------------------------------------------- 1 | { 2 | "message": "We are sorry, but it seems we have some problems", 3 | "info": "In the case the problem persist, please send us a mail describing your problem" 4 | } 5 | -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/favicon.ico -------------------------------------------------------------------------------- /public/images/help-us.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/help-us.png -------------------------------------------------------------------------------- /public/images/help-us.psd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/help-us.psd -------------------------------------------------------------------------------- /public/images/screenshots/access.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/access.png -------------------------------------------------------------------------------- /public/images/screenshots/admin-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/admin-dashboard.png -------------------------------------------------------------------------------- /public/images/screenshots/all-scope.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/all-scope.png -------------------------------------------------------------------------------- /public/images/screenshots/authorization.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/authorization.png -------------------------------------------------------------------------------- /public/images/screenshots/block-clients.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/block-clients.png -------------------------------------------------------------------------------- /public/images/screenshots/client-show.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/client-show.png -------------------------------------------------------------------------------- /public/images/screenshots/first-user-creation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/first-user-creation.png -------------------------------------------------------------------------------- /public/images/screenshots/pizzas-scope.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/pizzas-scope.png -------------------------------------------------------------------------------- /public/images/screenshots/scopes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/images/screenshots/scopes.png -------------------------------------------------------------------------------- /public/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // Place your application-specific JavaScript functions and classes here 2 | // This file is automatically included by javascript_include_tag :defaults 3 | 4 | $(document).ready(function () { 5 | $('input.tags').tagsInput({ 6 | 'unique':true, 7 | 'delimiter':" ", 8 | 'defaultText':'add a scope', 9 | 'height':'78px', 10 | 'width':'295px' 11 | }); 12 | }); 13 | 14 | var chart; 15 | function createChart(days, times, uri) { 16 | chart = new Highcharts.Chart({ 17 | chart: { 18 | renderTo: 'chart', 19 | defaultSeriesType: 'line', 20 | marginRight: 30, 21 | marginBottom: 50 22 | }, 23 | title: { text: 'Daily access rate for client' }, 24 | subtitle: { text: uri }, 25 | xAxis: { 26 | categories: days 27 | }, 28 | yAxis: { 29 | title: { text: 'Number of requests' }, 30 | plotLines: [{ value: 0, width: 1, color: '#808080' }] 31 | }, 32 | tooltip: { 33 | formatter: function() { 34 | return 'Accesses ' + this.x +'
' + this.y + ' times'; 35 | } 36 | }, 37 | legend: { 38 | layout: 'vertical', 39 | align: 'right', 40 | verticalAlign: 'top', 41 | x: -10, 42 | y: 10, 43 | borderWidth: 0 44 | }, 45 | series: [{ 46 | name: 'accesses', 47 | data: times 48 | }] 49 | }); 50 | }; 51 | 52 | 53 | -------------------------------------------------------------------------------- /public/javascripts/jquery.tagsinput.js: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | jQuery Tags Input Plugin 1.2.3 4 | 5 | Copyright (c) 2010 XOXCO, Inc 6 | 7 | Documentation for this plugin lives here: 8 | http://xoxco.com/clickable/jquery-tags-input 9 | 10 | Licensed under the MIT license: 11 | http://www.opensource.org/licenses/mit-license.php 12 | 13 | ben@xoxco.com 14 | 15 | */ 16 | 17 | (function($) { 18 | 19 | var delimiter = new Array(); 20 | 21 | jQuery.fn.addTag = function(value,options) { 22 | 23 | var options = jQuery.extend({focus:false},options); 24 | this.each(function() { 25 | id = $(this).attr('id'); 26 | 27 | var tagslist = $(this).val().split(delimiter[id]); 28 | if (tagslist[0] == '') { 29 | tagslist = new Array(); 30 | } 31 | 32 | value = jQuery.trim(value); 33 | 34 | if (options.unique) { 35 | skipTag = $(tagslist).tagExist(value); 36 | } else { 37 | skipTag = false; 38 | } 39 | 40 | if (value !='' && skipTag != true) { 41 | 42 | $(''+value + '  x').insertBefore('#'+id+'_addTag'); 43 | tagslist.push(value); 44 | 45 | $('#'+id+'_tag').val(''); 46 | if (options.focus) { 47 | $('#'+id+'_tag').focus(); 48 | } else { 49 | $('#'+id+'_tag').blur(); 50 | } 51 | } 52 | jQuery.fn.tagsInput.updateTagsField(this,tagslist); 53 | 54 | }); 55 | 56 | return false; 57 | }; 58 | 59 | jQuery.fn.removeTag = function(value) { 60 | 61 | this.each(function() { 62 | id = $(this).attr('id'); 63 | 64 | var old = $(this).val().split(delimiter[id]); 65 | 66 | 67 | $('#'+id+'_tagsinput .tag').remove(); 68 | str = ''; 69 | for (i=0; i< old.length; i++) { 70 | if (escape(old[i])!=value) { 71 | str = str + delimiter[id] +old[i]; 72 | } 73 | } 74 | 75 | jQuery.fn.tagsInput.importTags(this,str); 76 | }); 77 | 78 | return false; 79 | 80 | }; 81 | 82 | jQuery.fn.tagExist = function(val) { 83 | 84 | if (jQuery.inArray(val, $(this)) == -1) { 85 | return false; /* Cannot find value in array */ 86 | } else { 87 | return true; /* Value found */ 88 | } 89 | }; 90 | 91 | // clear all existing tags and import new ones from a string 92 | jQuery.fn.importTags = function(str) { 93 | $('#'+id+'_tagsinput .tag').remove(); 94 | jQuery.fn.tagsInput.importTags(this,str); 95 | } 96 | 97 | jQuery.fn.tagsInput = function(options) { 98 | 99 | var settings = jQuery.extend({defaultText:'add a tag',minChars:0,width:'300px',height:'100px','hide':true,'delimiter':',',autocomplete:{selectFirst:false},'unique':true},options); 100 | 101 | this.each(function() { 102 | if (settings.hide) { 103 | $(this).hide(); 104 | } 105 | 106 | id = $(this).attr('id') 107 | 108 | data = jQuery.extend({ 109 | pid:id, 110 | real_input: '#'+id, 111 | holder: '#'+id+'_tagsinput', 112 | input_wrapper: '#'+id+'_addTag', 113 | fake_input: '#'+id+'_tag' 114 | },settings); 115 | 116 | 117 | delimiter[id] = data.delimiter; 118 | 119 | $('
').insertAfter(this); 120 | 121 | $(data.holder).css('width',settings.width); 122 | $(data.holder).css('height',settings.height); 123 | 124 | 125 | if ($(data.real_input).val()!='') { 126 | jQuery.fn.tagsInput.importTags($(data.real_input),$(data.real_input).val()); 127 | } else { 128 | $(data.fake_input).val($(data.fake_input).attr('default')); 129 | $(data.fake_input).css('color','#666666'); 130 | } 131 | 132 | 133 | $(data.holder).bind('click',data,function(event) { 134 | $(event.data.fake_input).focus(); 135 | }); 136 | 137 | $(data.fake_input).bind('focus',data,function(event) { 138 | if ($(event.data.fake_input).val()==$(event.data.fake_input).attr('default')) { 139 | $(event.data.fake_input).val(''); 140 | } 141 | $(event.data.fake_input).css('color','#000000'); 142 | }); 143 | 144 | if (settings.autocomplete_url != undefined) { 145 | $(data.fake_input).autocomplete(settings.autocomplete_url,settings.autocomplete).bind('result',data,function(event,data,formatted) { 146 | if (data) 147 | { 148 | $(event.data.real_input).addTag(formatted,{focus:true,unique:(settings.unique)}); 149 | } 150 | }); 151 | 152 | $(data.fake_input).bind('blur',data,function(event) { 153 | if( $('.ac_results').is(':visible') ) return false; 154 | if ( $(event.data.fake_input).val() != $(event.data.fake_input).attr('default')) { 155 | if((event.data.minChars <= $(event.data.fake_input).val().length) && (!event.data.maxChars || (event.data.maxChars >= $(event.data.fake_input).val().length))) 156 | $(event.data.real_input).addTag($(event.data.fake_input).val(),{focus:false,unique:(settings.unique)}); 157 | } 158 | 159 | $(event.data.fake_input).val($(event.data.fake_input).attr('default')); 160 | $(event.data.fake_input).css('color','#666666'); 161 | return false; 162 | }); 163 | 164 | 165 | } else { 166 | // if a user tabs out of the field, create a new tag 167 | // this is only available if autocomplete is not used. 168 | $(data.fake_input).bind('blur',data,function(event) { 169 | var d = $(this).attr('default'); 170 | if ($(event.data.fake_input).val()!='' && $(event.data.fake_input).val()!=d) { 171 | if( (event.data.minChars <= $(event.data.fake_input).val().length) && (!event.data.maxChars || (event.data.maxChars >= $(event.data.fake_input).val().length)) ) 172 | $(event.data.real_input).addTag($(event.data.fake_input).val(),{focus:true,unique:(settings.unique)}); 173 | } else { 174 | $(event.data.fake_input).val($(event.data.fake_input).attr('default')); 175 | $(event.data.fake_input).css('color','#666666'); 176 | } 177 | return false; 178 | }); 179 | 180 | } 181 | // if user types a comma, create a new tag 182 | $(data.fake_input).bind('keypress',data,function(event) { 183 | if (event.which==event.data.delimiter.charCodeAt(0) || event.which==13 ) { 184 | if( (event.data.minChars <= $(event.data.fake_input).val().length) && (!event.data.maxChars || (event.data.maxChars >= $(event.data.fake_input).val().length)) ) 185 | $(event.data.real_input).addTag($(event.data.fake_input).val(),{focus:true,unique:(settings.unique)}); 186 | 187 | return false; 188 | } 189 | }); 190 | $(data.fake_input).blur(); 191 | return false; 192 | }); 193 | 194 | return this; 195 | 196 | }; 197 | 198 | 199 | jQuery.fn.tagsInput.updateTagsField = function(obj,tagslist) { 200 | 201 | id = $(obj).attr('id'); 202 | $(obj).val(tagslist.join(delimiter[id])); 203 | }; 204 | 205 | 206 | 207 | jQuery.fn.tagsInput.importTags = function(obj,val) { 208 | 209 | $(obj).val(''); 210 | id = $(obj).attr('id'); 211 | var tags = val.split(delimiter[id]); 212 | for (i=0; iDelete 134 | handleMethod: function(link) { 135 | var href = link.attr('href'), 136 | method = link.data('method'), 137 | csrf_token = $('meta[name=csrf-token]').attr('content'), 138 | csrf_param = $('meta[name=csrf-param]').attr('content'), 139 | form = $('
'), 140 | metadata_input = ''; 141 | 142 | if (csrf_param !== undefined && csrf_token !== undefined) { 143 | metadata_input += ''; 144 | } 145 | 146 | form.hide().append(metadata_input).appendTo('body'); 147 | form.submit(); 148 | }, 149 | 150 | /* Disables form elements: 151 | - Caches element value in 'ujs:enable-with' data store 152 | - Replaces element text with value of 'data-disable-with' attribute 153 | - Adds disabled=disabled attribute 154 | */ 155 | disableFormElements: function(form) { 156 | form.find(rails.disableSelector).each(function() { 157 | var element = $(this), method = element.is('button') ? 'html' : 'val'; 158 | element.data('ujs:enable-with', element[method]()); 159 | element[method](element.data('disable-with')); 160 | element.attr('disabled', 'disabled'); 161 | }); 162 | }, 163 | 164 | /* Re-enables disabled form elements: 165 | - Replaces element text with cached value from 'ujs:enable-with' data store (created in `disableFormElements`) 166 | - Removes disabled attribute 167 | */ 168 | enableFormElements: function(form) { 169 | form.find(rails.enableSelector).each(function() { 170 | var element = $(this), method = element.is('button') ? 'html' : 'val'; 171 | if (element.data('ujs:enable-with')) element[method](element.data('ujs:enable-with')); 172 | element.removeAttr('disabled'); 173 | }); 174 | }, 175 | 176 | // If message provided in 'data-confirm' attribute, fires `confirm` event and returns result of confirm dialog. 177 | // Attaching a handler to the element's `confirm` event that returns false cancels the confirm dialog. 178 | allowAction: function(element) { 179 | var message = element.data('confirm'); 180 | return !message || (rails.fire(element, 'confirm') && confirm(message)); 181 | }, 182 | 183 | // Helper function which checks for blank inputs in a form that match the specified CSS selector 184 | blankInputs: function(form, specifiedSelector, nonBlank) { 185 | var inputs = $(), input, 186 | selector = specifiedSelector || 'input,textarea'; 187 | form.find(selector).each(function() { 188 | input = $(this); 189 | // Collect non-blank inputs if nonBlank option is true, otherwise, collect blank inputs 190 | if (nonBlank ? input.val() : !input.val()) { 191 | inputs = inputs.add(input); 192 | } 193 | }); 194 | return inputs.length ? inputs : false; 195 | }, 196 | 197 | // Helper function which checks for non-blank inputs in a form that match the specified CSS selector 198 | nonBlankInputs: function(form, specifiedSelector) { 199 | return rails.blankInputs(form, specifiedSelector, true); // true specifies nonBlank 200 | }, 201 | 202 | // Helper function, needed to provide consistent behavior in IE 203 | stopEverything: function(e) { 204 | e.stopImmediatePropagation(); 205 | return false; 206 | }, 207 | 208 | // find all the submit events directly bound to the form and 209 | // manually invoke them. If anyone returns false then stop the loop 210 | callFormSubmitBindings: function(form) { 211 | var events = form.data('events'), continuePropagation = true; 212 | if (events !== undefined && events['submit'] !== undefined) { 213 | $.each(events['submit'], function(i, obj){ 214 | if (typeof obj.handler === 'function') return continuePropagation = obj.handler(obj.data); 215 | }); 216 | } 217 | return continuePropagation; 218 | } 219 | }; 220 | 221 | // ajaxPrefilter is a jQuery 1.5 feature 222 | if ('ajaxPrefilter' in $) { 223 | $.ajaxPrefilter(function(options, originalOptions, xhr){ rails.CSRFProtection(xhr); }); 224 | } else { 225 | $(document).ajaxSend(function(e, xhr){ rails.CSRFProtection(xhr); }); 226 | } 227 | 228 | $(rails.linkClickSelector).live('click.rails', function(e) { 229 | var link = $(this); 230 | if (!rails.allowAction(link)) return rails.stopEverything(e); 231 | 232 | if (link.data('remote') !== undefined) { 233 | rails.handleRemote(link); 234 | return false; 235 | } else if (link.data('method')) { 236 | rails.handleMethod(link); 237 | return false; 238 | } 239 | }); 240 | 241 | $(rails.formSubmitSelector).live('submit.rails', function(e) { 242 | var form = $(this), 243 | remote = form.data('remote') !== undefined, 244 | blankRequiredInputs = rails.blankInputs(form, rails.requiredInputSelector), 245 | nonBlankFileInputs = rails.nonBlankInputs(form, rails.fileInputSelector); 246 | 247 | if (!rails.allowAction(form)) return rails.stopEverything(e); 248 | 249 | // skip other logic when required values are missing or file upload is present 250 | if (blankRequiredInputs && rails.fire(form, 'ajax:aborted:required', [blankRequiredInputs])) { 251 | return !remote; 252 | } 253 | 254 | if (remote) { 255 | if (nonBlankFileInputs) { 256 | return rails.fire(form, 'ajax:aborted:file', [nonBlankFileInputs]); 257 | } 258 | 259 | // If browser does not support submit bubbling, then this live-binding will be called before direct 260 | // bindings. Therefore, we should directly call any direct bindings before remotely submitting form. 261 | if (!$.support.submitBubbles && rails.callFormSubmitBindings(form) === false) return rails.stopEverything(e); 262 | 263 | rails.handleRemote(form); 264 | return false; 265 | } else { 266 | // slight timeout so that the submit button gets properly serialized 267 | setTimeout(function(){ rails.disableFormElements(form); }, 13); 268 | } 269 | }); 270 | 271 | $(rails.formInputClickSelector).live('click.rails', function(event) { 272 | var button = $(this); 273 | 274 | if (!rails.allowAction(button)) return rails.stopEverything(event); 275 | 276 | // register the pressed submit button 277 | var name = button.attr('name'), 278 | data = name ? {name:name, value:button.val()} : null; 279 | 280 | button.closest('form').data('ujs:submit-button', data); 281 | }); 282 | 283 | $(rails.formSubmitSelector).live('ajax:beforeSend.rails', function(event) { 284 | if (this == event.target) rails.disableFormElements($(this)); 285 | }); 286 | 287 | $(rails.formSubmitSelector).live('ajax:complete.rails', function(event) { 288 | if (this == event.target) rails.enableFormElements($(this)); 289 | }); 290 | 291 | })( jQuery ); 292 | -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-Agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /public/stylesheets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/stylesheets/.gitkeep -------------------------------------------------------------------------------- /public/stylesheets/gh-buttons.css: -------------------------------------------------------------------------------- 1 | /* ------------------------------------------ 2 | CSS3 GITHUB BUTTONS (Nicolas Gallagher) 3 | Licensed under Unlicense 4 | http://github.com/necolas/css3-github-buttons 5 | ------------------------------------------ */ 6 | 7 | 8 | /* ------------------------------------------------------------------------------------------------------------- BUTTON */ 9 | 10 | .button { 11 | position: relative; 12 | overflow: visible; 13 | display: inline-block; 14 | padding: 0.5em 1em; 15 | border: 1px solid #d4d4d4; 16 | margin: 0; 17 | text-decoration: none; 18 | text-shadow: 1px 1px 0 #fff; 19 | font:11px/normal sans-serif; 20 | color: #333; 21 | white-space: nowrap; 22 | cursor: pointer; 23 | outline: none; 24 | background-color: #ececec; 25 | background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f4f4f4), to(#ececec)); 26 | background-image: -moz-linear-gradient(#f4f4f4, #ececec); 27 | background-image: -o-linear-gradient(#f4f4f4, #ececec); 28 | background-image: linear-gradient(#f4f4f4, #ececec); 29 | -webkit-background-clip: padding; 30 | -moz-background-clip: padding; 31 | -o-background-clip: padding-box; 32 | /*background-clip: padding-box;*/ /* commented out due to Opera 11.10 bug */ 33 | -webkit-border-radius: 0.2em; 34 | -moz-border-radius: 0.2em; 35 | border-radius: 0.2em; 36 | /* IE hacks */ 37 | zoom: 1; 38 | *display: inline; 39 | } 40 | 41 | .button:hover, 42 | .button:focus, 43 | .button:active { 44 | border-color: #3072b3; 45 | border-bottom-color: #2a65a0; 46 | text-decoration: none; 47 | text-shadow: -1px -1px 0 rgba(0,0,0,0.3); 48 | color: #fff; 49 | background-color: #3072b3; 50 | background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#599bdc), to(#3072b3)); 51 | background-image: -moz-linear-gradient(#599bdc, #3072b3); 52 | background-image: -o-linear-gradient(#599bdc, #3072b3); 53 | background-image: linear-gradient(#599bdc, #3072b3); 54 | } 55 | 56 | .button:active, 57 | .button.active { 58 | border-color: #2a65a0; 59 | border-bottom-color: #3884CF; 60 | color: #fff; 61 | background-color: #3072b3; 62 | background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#3072b3), to(#599bdc)); 63 | background-image: -moz-linear-gradient(#3072b3, #599bdc); 64 | background-image: -o-linear-gradient(#3072b3, #599bdc); 65 | background-image: linear-gradient(#3072b3, #599bdc); 66 | } 67 | 68 | /* overrides extra padding on button elements in Firefox */ 69 | .button::-moz-focus-inner { 70 | padding: 0; 71 | border: 0; 72 | } 73 | 74 | /* ............................................................................................................. Icons */ 75 | 76 | .button.icon:before { 77 | content: ""; 78 | position: relative; 79 | top: 1px; 80 | float:left; 81 | width: 12px; 82 | height: 12px; 83 | margin: 0 0.75em 0 -0.25em; 84 | background: url(gh-icons.png) 0 99px no-repeat; 85 | } 86 | 87 | .button.arrowup.icon:before { background-position: 0 0; } 88 | .button.arrowup.icon:hover:before, 89 | .button.arrowup.icon:focus:before, 90 | .button.arrowup.icon:active:before { background-position: -12px 0; } 91 | 92 | .button.arrowdown.icon:before { background-position: 0 -12px; } 93 | .button.arrowdown.icon:hover:before, 94 | .button.arrowdown.icon:focus:before, 95 | .button.arrowdown.icon:active:before { background-position: -12px -12px; } 96 | 97 | .button.arrowleft.icon:before { background-position: 0 -24px; } 98 | .button.arrowleft.icon:hover:before, 99 | .button.arrowleft.icon:focus:before, 100 | .button.arrowleft.icon:active:before { background-position: -12px -24px; } 101 | 102 | .button.arrowright.icon:before { float:right; margin: 0 -0.25em 0 0.5em; background-position: 0 -36px; } 103 | .button.arrowright.icon:hover:before, 104 | .button.arrowright.icon:focus:before, 105 | .button.arrowright.icon:active:before { background-position: -12px -36px; } 106 | 107 | .button.approve.icon:before { background-position: 0 -48px; } 108 | .button.approve.icon:hover:before, 109 | .button.approve.icon:focus:before, 110 | .button.approve.icon:active:before { background-position: -12px -48px; } 111 | 112 | .button.add.icon:before { background-position: 0 -288px; } 113 | .button.add.icon:hover:before, 114 | .button.add.icon:focus:before, 115 | .button.add.icon:active:before { background-position: -12px -288px; } 116 | 117 | .button.remove.icon:before { background-position: 0 -60px; } 118 | .button.remove.icon:hover:before, 119 | .button.remove.icon:focus:before, 120 | .button.remove.icon:active:before { background-position: -12px -60px; } 121 | 122 | .button.log.icon:before { background-position: 0 -72px; } 123 | .button.log.icon:hover:before, 124 | .button.log.icon:focus:before, 125 | .button.log.icon:active:before { background-position: -12px -72px; } 126 | 127 | .button.calendar.icon:before { background-position: 0 -84px; } 128 | .button.calendar.icon:hover:before, 129 | .button.calendar.icon:focus:before, 130 | .button.calendar.icon:active:before { background-position: -12px -84px; } 131 | 132 | .button.chat.icon:before { background-position: 0 -96px; } 133 | .button.chat.icon:hover:before, 134 | .button.chat.icon:focus:before, 135 | .button.chat.icon:active:before { background-position: -12px -96px; } 136 | 137 | .button.clock.icon:before { background-position: 0 -108px; } 138 | .button.clock.icon:hover:before, 139 | .button.clock.icon:focus:before, 140 | .button.clock.icon:active:before { background-position: -12px -108px; } 141 | 142 | .button.settings.icon:before { background-position: 0 -120px; } 143 | .button.settings.icon:hover:before, 144 | .button.settings.icon:focus:before, 145 | .button.settings.icon:active:before { background-position: -12px -120px; } 146 | 147 | .button.comment.icon:before { background-position: 0 -132px; } 148 | .button.comment.icon:hover:before, 149 | .button.comment.icon:focus:before, 150 | .button.comment.icon:active:before { background-position: -12px -132px; } 151 | 152 | .button.fork.icon:before { background-position: 0 -144px; } 153 | .button.fork.icon:hover:before, 154 | .button.fork.icon:focus:before, 155 | .button.fork.icon:active:before { background-position: -12px -144px; } 156 | 157 | .button.like.icon:before { background-position: 0 -156px; } 158 | .button.like.icon:hover:before, 159 | .button.like.icon:focus:before, 160 | .button.like.icon:active:before { background-position: -12px -156px; } 161 | 162 | .button.favorite.icon:before { background-position: 0 -348px; } 163 | .button.favorite.icon:hover:before, 164 | .button.favorite.icon:focus:before, 165 | .button.favorite.icon:active:before { background-position: -12px -348px; } 166 | 167 | .button.home.icon:before { background-position: 0 -168px; } 168 | .button.home.icon:hover:before, 169 | .button.home.icon:focus:before, 170 | .button.home.icon:active:before { background-position: -12px -168px; } 171 | 172 | .button.key.icon:before { background-position: 0 -180px; } 173 | .button.key.icon:hover:before, 174 | .button.key.icon:focus:before, 175 | .button.key.icon:active:before { background-position: -12px -180px; } 176 | 177 | .button.lock.icon:before { background-position: 0 -192px; } 178 | .button.lock.icon:hover:before, 179 | .button.lock.icon:focus:before, 180 | .button.lock.icon:active:before { background-position: -12px -192px; } 181 | 182 | .button.unlock.icon:before { background-position: 0 -204px; } 183 | .button.unlock.icon:hover:before, 184 | .button.unlock.icon:focus:before, 185 | .button.unlock.icon:active:before { background-position: -12px -204px; } 186 | 187 | .button.loop.icon:before { background-position: 0 -216px; } 188 | .button.loop.icon:hover:before, 189 | .button.loop.icon:focus:before, 190 | .button.loop.icon:active:before { background-position: -12px -216px; } 191 | 192 | .button.search.icon:before { background-position: 0 -228px; } 193 | .button.search.icon:hover:before, 194 | .button.search.icon:focus:before, 195 | .button.search.icon:active:before { background-position: -12px -228px; } 196 | 197 | .button.mail.icon:before { background-position: 0 -240px; } 198 | .button.mail.icon:hover:before, 199 | .button.mail.icon:focus:before, 200 | .button.mail.icon:active:before { background-position: -12px -240px; } 201 | 202 | .button.move.icon:before { background-position: 0 -252px; } 203 | .button.move.icon:hover:before, 204 | .button.move.icon:focus:before, 205 | .button.move.icon:active:before { background-position: -12px -252px; } 206 | 207 | .button.edit.icon:before { background-position: 0 -264px; } 208 | .button.edit.icon:hover:before, 209 | .button.edit.icon:focus:before, 210 | .button.edit.icon:active:before { background-position: -12px -264px; } 211 | 212 | .button.pin.icon:before { background-position: 0 -276px; } 213 | .button.pin.icon:hover:before, 214 | .button.pin.icon:focus:before, 215 | .button.pin.icon:active:before { background-position: -12px -276px; } 216 | 217 | .button.reload.icon:before { background-position: 0 -300px; } 218 | .button.reload.icon:hover:before, 219 | .button.reload.icon:focus:before, 220 | .button.reload.icon:active:before { background-position: -12px -300px; } 221 | 222 | .button.rss.icon:before { background-position: 0 -312px; } 223 | .button.rss.icon:hover:before, 224 | .button.rss.icon:focus:before, 225 | .button.rss.icon:active:before { background-position: -12px -312px; } 226 | 227 | .button.tag.icon:before { background-position: 0 -324px; } 228 | .button.tag.icon:hover:before, 229 | .button.tag.icon:focus:before, 230 | .button.tag.icon:active:before { background-position: -12px -324px; } 231 | 232 | .button.trash.icon:before { background-position: 0 -336px; } 233 | .button.trash.icon:hover:before, 234 | .button.trash.icon:focus:before, 235 | .button.trash.icon:active:before { background-position: -12px -336px; } 236 | 237 | .button.user.icon:before { background-position: 0 -360px; } 238 | .button.user.icon:hover:before, 239 | .button.user.icon:focus:before, 240 | .button.user.icon:active:before { background-position: -12px -360px; } 241 | 242 | 243 | /* ------------------------------------------------------------------------------------------------------------- BUTTON EXTENSIONS */ 244 | 245 | /* ............................................................................................................. Primary */ 246 | 247 | .button.primary { 248 | font-weight: bold; 249 | } 250 | 251 | /* ............................................................................................................. Danger */ 252 | 253 | .button.danger { 254 | color: #900; 255 | } 256 | 257 | .button.danger:hover, 258 | .button.danger:focus, 259 | .button.danger:active { 260 | border-color: #b53f3a; 261 | border-bottom-color: #a0302a; 262 | color: #fff; 263 | background-color: #dc5f59; 264 | background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#dc5f59), to(#b33630)); 265 | background-image: -moz-linear-gradient(#dc5f59, #b33630); 266 | background-image: -o-linear-gradient(#dc5f59, #b33630); 267 | background-image: linear-gradient(#dc5f59, #b33630); 268 | } 269 | 270 | .button.danger:active, 271 | .button.danger.active { 272 | border-color: #a0302a; 273 | border-bottom-color: #bf4843; 274 | background-color: #b33630; 275 | background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#b33630), to(#dc5f59)); 276 | background-image: -moz-linear-gradient(#b33630, #dc5f59); 277 | background-image: -o-linear-gradient(#b33630, #dc5f59); 278 | background-image: linear-gradient(#b33630, #dc5f59); 279 | } 280 | 281 | /* ............................................................................................................. Pill */ 282 | 283 | .button.pill { 284 | -webkit-border-radius: 50em; 285 | -moz-border-radius: 50em; 286 | border-radius: 50em; 287 | } 288 | 289 | /* ............................................................................................................. Big */ 290 | 291 | .button.big { 292 | font-size: 14px; 293 | } 294 | 295 | .button.big.icon:before { top: 0; } 296 | 297 | 298 | /* ------------------------------------------------------------------------------------------------------------- BUTTON GROUPS */ 299 | 300 | /* ............................................................................................................. Standard */ 301 | 302 | .button-group { 303 | display: inline-block; 304 | list-style: none; 305 | padding: 0; 306 | margin: 0; 307 | /* IE hacks */ 308 | zoom: 1; 309 | *display: inline; 310 | } 311 | 312 | .button + .button, 313 | .button + .button-group, 314 | .button-group + .button, 315 | .button-group + .button-group { 316 | margin-left: 15px; 317 | } 318 | 319 | .button-group li { 320 | float: left; 321 | padding: 0; 322 | margin: 0; 323 | } 324 | 325 | .button-group .button { 326 | float: left; 327 | margin-left: -1px; 328 | } 329 | 330 | .button-group > .button:not(:first-child):not(:last-child), 331 | .button-group li:not(:first-child):not(:last-child) .button { 332 | -webkit-border-radius: 0; 333 | -moz-border-radius: 0; 334 | border-radius: 0; 335 | } 336 | 337 | .button-group > .button:first-child, 338 | .button-group li:first-child .button { 339 | margin-left: 0; 340 | -webkit-border-top-right-radius: 0; 341 | -webkit-border-bottom-right-radius: 0; 342 | -moz-border-radius-topright: 0; 343 | -moz-border-radius-bottomright: 0; 344 | border-top-right-radius: 0; 345 | border-bottom-right-radius: 0; 346 | } 347 | 348 | .button-group > .button:last-child, 349 | .button-group li:last-child > .button { 350 | -webkit-border-top-left-radius: 0; 351 | -webkit-border-bottom-left-radius: 0; 352 | -moz-border-radius-topleft: 0; 353 | -moz-border-radius-bottomleft: 0; 354 | border-top-left-radius: 0; 355 | border-bottom-left-radius: 0; 356 | } 357 | 358 | /* ............................................................................................................. Minor */ 359 | 360 | .button-group.minor-group .button { 361 | border: 1px solid #d4d4d4; 362 | text-shadow: none; 363 | background-image: none; 364 | background-color: #fff; 365 | } 366 | 367 | .button-group.minor-group .button:hover, 368 | .button-group.minor-group .button:focus, 369 | .button-group.minor-group .button:active { 370 | background-color: #599bdc; 371 | } 372 | 373 | .button-group.minor-group .button:active, 374 | .button-group.minor-group .button.active { 375 | background-color: #3072b3; 376 | } 377 | 378 | .button-group.minor-group .button.icon:before { 379 | opacity: 0.8; 380 | } 381 | 382 | /* ------------------------------------------------------------------------------------------------------------- BUTTON CONTAINER */ 383 | /* For mixing buttons and button groups, e.g., in a navigation bar */ 384 | 385 | .button-container .button, 386 | .button-container .button-group { 387 | vertical-align: top; 388 | } -------------------------------------------------------------------------------- /public/stylesheets/gh-icons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/public/stylesheets/gh-icons.png -------------------------------------------------------------------------------- /public/stylesheets/jquery.tagsinput.css: -------------------------------------------------------------------------------- 1 | div.tagsinput { border:1px solid #CCC; background: #FFF; padding:5px; width:300px; height:100px; overflow-y: auto;} 2 | div.tagsinput span.tag { border: 1px solid #ccc; -moz-border-radius:2px; -webkit-border-radius:2px; display: block; float: left; padding:2px 5px; text-decoration:none; background: #eeeeee; color: #666666; margin-right: 5px; margin-bottom:5px;font-family: helvetica; font-size:13px;} 3 | div.tagsinput span.tag a { font-weight: bold; color: #999999; text-decoration:none; font-size: 11px; } 4 | div.tagsinput input { width:80px; margin:0px; font-family: helvetica; font-size: 13px; border:1px solid transparent; padding:0px; background: transparent; color: #000; outline:0px; margin-right:5px; margin-bottom:5px; } 5 | div.tagsinput div { display:block; float: left; } 6 | .tags_clear { clear: both; width: 100%; height: 0px; } 7 | -------------------------------------------------------------------------------- /public/stylesheets/reset.css: -------------------------------------------------------------------------------- 1 | html, body, div, form, p, 2 | code, pre { margin: 0; padding: 0; border: 0; vertical-align: baseline; } 3 | -------------------------------------------------------------------------------- /public/stylesheets/template.css: -------------------------------------------------------------------------------- 1 | body { font: 14px/1.333 sans-serif; color: #444; background: #eee; } 2 | 3 | a { color: #980905; } 4 | a:hover, a:focus, a:active { text-decoration: none; } 5 | 6 | h1 { margin: 0 0 0.2em; font-size: 36px; } 7 | h2 { margin: 0 0 0.75em; font-size: 21px; } 8 | h3 { margin: 0 0 0.333em; font-size: 16px; font-weight: normal; } 9 | p { margin: 0 0 1.333em; } 10 | em { font-style: italic; } 11 | table { border-collapse: separate; border-spacing: 0; margin: 0; vertical-align: middle; } 12 | th { font-weight: bold; } 13 | th, td { padding: 5px 8px 5px 5px; text-align: left; vertical-align: middle; } 14 | pre, code { font-family: monospace, sans-serif; font-size: 1em; color:#080; } 15 | 16 | .container { position:relative; overflow:hidden; width: 780px; padding: 40px 60px; border: 1px solid #ccc; margin: 40px auto 20px; background: #fff; -webkit-box-shadow: 0 0 15px rgba(0,0,0,0.1); -moz-box-shadow: 0 0 15px rgba(0,0,0,0.1); box-shadow: 0 0 15px rgba(0,0,0,0.1); } 17 | 18 | .container pre, 19 | .container .prettyprint { padding: 0; border: 0; margin: 0 0 20px; font-size: 13px; background: #fff; } 20 | 21 | .ribbon { position: absolute; top: -1px; right: -1px; opacity: 0.9; } 22 | .ribbon:hover, .ribbon:focus, .ribbon:active { opacity: 1; } 23 | .ribbon img { display: block; border: 0; } 24 | 25 | .header { padding-right:80px; } 26 | .header, .navigation { border-bottom: 1px solid #ccc; } 27 | .navigation { padding: 10px; margin: 0px; background-color: #EEE } 28 | 29 | .section { margin: 40px 0 20px; } 30 | 31 | .example { padding: 20px; border: 1px solid #ccc; margin: 10px -20px 20px; } 32 | 33 | .footer { margin: 20px 0 50px; font-size: 11px; color: #666; text-align: center; } 34 | .footer a { color: #666; } 35 | 36 | .field, .actions { margin: 0 0 1.333em; } 37 | .field_show { margin: 0 0 0.666em; } 38 | 39 | .admin_notice { color: green } 40 | .details { color: #CCC; padding: 5px 0 } 41 | 42 | .header_buttons { margin: -8px 0px 20px 0px } 43 | .footer_buttons { margin: 1em 0 0 0 } 44 | 45 | .flash_notice { margin: 0 0 1em 0; color: green; font-weight: bold } 46 | .flash_alert { margin: 0 0 1em 0; color: #980905; font-weight: bold } 47 | 48 | .field input { width: 300px; height: 25px; font: 14px/1.333 sans-serif; padding-left: 4px; } 49 | .field input { border: 1px solid #CCC; } 50 | 51 | #grant, #deny { padding: 5px 0px } 52 | .green { color: green } 53 | -------------------------------------------------------------------------------- /script/cucumber: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | vendored_cucumber_bin = Dir["#{File.dirname(__FILE__)}/../vendor/{gems,plugins}/cucumber*/bin/cucumber"].first 4 | if vendored_cucumber_bin 5 | load File.expand_path(vendored_cucumber_bin) 6 | else 7 | require 'rubygems' unless ENV['NO_RUBYGEMS'] 8 | require 'cucumber' 9 | load Cucumber::BINARY 10 | end 11 | -------------------------------------------------------------------------------- /script/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. 3 | 4 | APP_PATH = File.expand_path('../../config/application', __FILE__) 5 | require File.expand_path('../../config/boot', __FILE__) 6 | require 'rails/commands' 7 | -------------------------------------------------------------------------------- /spec/acceptance/acceptance_helper.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + "/../spec_helper") 2 | require "steak" 3 | 4 | # Put your acceptance spec helpers inside /spec/acceptance/support 5 | Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f} -------------------------------------------------------------------------------- /spec/acceptance/accesses_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/acceptance_helper') 2 | 3 | feature "AccessesController" do 4 | before { host! "http://" + host } 5 | before { @user = Factory(:user) } 6 | before { @client = Factory(:client) } 7 | before { @token = Factory(:oauth_token) } 8 | before { @access = Factory(:oauth_access) } 9 | 10 | context ".index" do 11 | before { @uri = "/accesses" } 12 | 13 | context "when not logged in" do 14 | scenario "is not authorized" do 15 | visit @uri 16 | current_url.should == host + "/log_in" 17 | end 18 | end 19 | 20 | context "when logged in" do 21 | before { login(@user) } 22 | 23 | scenario "view all resources" do 24 | visit @uri 25 | page.should have_content @access.client_uri 26 | page.should have_content "Block!" 27 | end 28 | 29 | scenario "block a resource" do 30 | visit @uri 31 | page.should have_link "Block!" 32 | page.click_link "Block!" 33 | page.should have_link "Unblock!" 34 | end 35 | end 36 | end 37 | 38 | 39 | context ".show" do 40 | before { @uri = "/accesses/" + @access.id.as_json } 41 | 42 | context "when not logged in" do 43 | scenario "is not authorized" do 44 | visit @uri 45 | current_url.should == host + "/log_in" 46 | end 47 | end 48 | 49 | context "when logged in" do 50 | before { login(@user) } 51 | before { @access_not_owned = Factory(:oauth_access, resource_owner_uri: ANOTHER_USER_URI) } 52 | 53 | scenario "view a resource" do 54 | visit @uri 55 | page.should have_content @access.client_uri 56 | end 57 | 58 | scenario "resource not found" do 59 | @access.destroy 60 | visit @uri 61 | page.should have_content "Resource not found" 62 | end 63 | 64 | scenario "resource not owned" do 65 | visit "/accesses/" + @access_not_owned.id.as_json 66 | page.should have_content "Resource not found" 67 | end 68 | 69 | scenario "illegal id" do 70 | visit "/accesses/0" 71 | page.should have_content "Resource not found" 72 | end 73 | end 74 | end 75 | 76 | end 77 | -------------------------------------------------------------------------------- /spec/acceptance/clients_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/acceptance_helper') 2 | 3 | feature "ClientsController" do 4 | before { Client.destroy_all } 5 | before { User.destroy_all } 6 | before { Scope.destroy_all } 7 | before { host! "http://" + host } 8 | before { @user = Factory(:user) } 9 | before { @user_bob = Factory(:user_bob) } 10 | before { @admin = Factory(:admin) } 11 | before { @client = Factory(:client) } 12 | before { @client_not_owned = Factory(:client_not_owned) } 13 | before { @scope_read = Factory(:scope_pizzas_read) } 14 | before { @scope_all = Factory(:scope_pizzas_all) } 15 | 16 | 17 | context ".index" do 18 | before { @uri = "/clients" } 19 | before { @read_client = Factory(:client_read) } 20 | 21 | context "when not logged in" do 22 | scenario "is not authorized" do 23 | visit @uri 24 | current_url.should == host + "/log_in" 25 | end 26 | end 27 | 28 | context "when logged in" do 29 | context "when not admin" do 30 | before { login(@user) } 31 | 32 | scenario "view all resources" do 33 | visit @uri 34 | should_visualize_client(@client) 35 | should_visualize_client(@read_client) 36 | page.should_not have_content "Not owned client" 37 | page.should_not have_content "Block!" 38 | end 39 | end 40 | 41 | context "when admin" do 42 | before do 43 | login(@admin) 44 | visit @uri 45 | should_visualize_client(@client) 46 | should_visualize_client(@read_client) 47 | end 48 | 49 | scenario "view all resource" do 50 | page.should have_content "Not owned client" 51 | end 52 | 53 | scenario "block a resource" do 54 | page.should have_link "Block!" 55 | page.click_link "Block!" 56 | page.should have_link "Unblock!" 57 | end 58 | end 59 | end 60 | end 61 | 62 | 63 | context ".show" do 64 | before { @uri = "/clients/" + @client.id.as_json } 65 | 66 | context "when not logged in" do 67 | scenario "is not authorized" do 68 | visit @uri 69 | current_url.should == host + "/log_in" 70 | end 71 | end 72 | 73 | context "when logged in" do 74 | context "when not admin" do 75 | before { login(@user) } 76 | 77 | scenario "view a resource" do 78 | visit @uri 79 | should_visualize_client(@client) 80 | end 81 | 82 | scenario "resource not found" do 83 | @client.destroy 84 | visit @uri 85 | page.should have_content "Resource not found" 86 | end 87 | 88 | scenario "resource not owned" do 89 | visit "/clients/" + @client_not_owned.id.as_json 90 | page.should have_content "Resource not found" 91 | end 92 | 93 | scenario "illegal id" do 94 | visit "/clients/0" 95 | page.should have_content "Resource not found" 96 | end 97 | end 98 | 99 | context "when admin" do 100 | before { login(@admin) } 101 | scenario "view not owned resource" do 102 | visit "/clients/" + @client_not_owned.id.as_json 103 | should_visualize_client @client_not_owned 104 | end 105 | end 106 | 107 | end 108 | end 109 | 110 | 111 | context ".create" do 112 | before { @uri = "/clients/new" } 113 | 114 | context "when not logged in" do 115 | scenario "is not authorized" do 116 | visit @uri 117 | current_url.should == host + "/log_in" 118 | end 119 | end 120 | 121 | context "when logged in" do 122 | before { login(@user) } 123 | 124 | context "when valid" do 125 | before do 126 | visit @uri 127 | fill_client() 128 | click_button 'Create Client' 129 | @client = Client.last 130 | end 131 | 132 | scenario "create a resource" do 133 | should_visualize_client_details(@client) 134 | page.should have_content "was successfully created" 135 | end 136 | 137 | scenario "assign URI field" do 138 | @client.uri.should == host + "/clients/" + @client.id.as_json 139 | end 140 | 141 | scenario "assign created_from field" do 142 | @client.created_from == @user.uri 143 | end 144 | end 145 | 146 | context "when not valid" do 147 | scenario "fails" do 148 | visit @uri 149 | fill_client("") 150 | click_button 'Create Client' 151 | page.should have_content "Name can't be blank" 152 | end 153 | end 154 | end 155 | end 156 | 157 | 158 | context ".update" do 159 | before { @uri = "/clients/" + @client.id.as_json + "/edit" } 160 | 161 | context "when not logged in" do 162 | scenario "is not authorized" do 163 | visit @uri 164 | current_url.should == host + "/log_in" 165 | end 166 | end 167 | 168 | context "when logged in" do 169 | context "when not admin" do 170 | before { login(@user) } 171 | 172 | scenario "update a resource" do 173 | visit @uri 174 | fill_client("Example Updated") 175 | click_button 'Update Client' 176 | should_visualize_client_details(@client.reload) 177 | page.should have_content "Example Updated" 178 | page.should have_content "was successfully updated" 179 | end 180 | 181 | scenario "resource not found" do 182 | @client.destroy 183 | visit @uri 184 | page.should have_content "Resource not found" 185 | end 186 | 187 | scenario "resource not owned" do 188 | visit "/clients/" + @client_not_owned.id.as_json + "/edit" 189 | page.should have_content "Resource not found" 190 | end 191 | 192 | scenario "illegal id" do 193 | visit "/clients/0" 194 | page.should have_content "Resource not found" 195 | end 196 | 197 | context "when not valid" do 198 | scenario "fails" do 199 | visit @uri 200 | fill_client("") 201 | click_button 'Update Client' 202 | page.should have_content "Name can't be blank" 203 | end 204 | end 205 | end 206 | 207 | context "when admin" do 208 | before { login(@admin) } 209 | scenario "view not owned resource" do 210 | visit "/clients/" + @client_not_owned.id.as_json + "/edit" 211 | page.should have_field("Name", with: "Not owned client") 212 | end 213 | end 214 | end 215 | end 216 | 217 | context ".destroy" do 218 | end 219 | 220 | end 221 | 222 | -------------------------------------------------------------------------------- /spec/acceptance/oauth/oauth_authorize_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/../acceptance_helper') 2 | 3 | feature "OauthAuthorizeController" do 4 | before { Client.destroy_all } 5 | before { OauthAccess.destroy_all } 6 | before { OauthToken.destroy_all } 7 | 8 | let(:user) { Factory(:user) } 9 | let(:client) { Factory(:client) } 10 | let(:client_read) { Factory(:client_read) } 11 | let(:access) { Factory(:oauth_access) } 12 | let(:write_scope) { "pizzas" } 13 | let(:read_scope) { "pizzas/read" } 14 | 15 | before { @scope = Factory(:scope_pizzas_read) } 16 | before { @scope = Factory(:scope_pizzas_all) } 17 | 18 | 19 | context "Authorization code flow" do 20 | before { login(user) } 21 | 22 | context "when valid" do 23 | background do 24 | visit authorization_grant_page(client, write_scope) 25 | page.should have_content client.name 26 | end 27 | 28 | scenario "#grant" do 29 | click_button("Grant") 30 | current_url.should == authorization_grant_uri(client) 31 | end 32 | 33 | scenario "#deny" do 34 | click_button("Deny") 35 | current_url.should == authorization_denied_uri(client) 36 | end 37 | end 38 | 39 | context "when client is blocked" do 40 | it "should not load authorization page" do 41 | client.block! 42 | visit authorization_grant_page(client, write_scope) 43 | page.should have_content("Client blocked") 44 | end 45 | end 46 | 47 | context "when access is blocked (resource owner block a client)" do 48 | it "should not load authorization page" do 49 | access.block! 50 | visit authorization_grant_page(client, write_scope) 51 | page.should have_content("Client blocked") 52 | end 53 | end 54 | 55 | context "when send an extra state params" do 56 | background do 57 | visit(authorization_grant_page(client, write_scope) + "&state=extra") 58 | end 59 | 60 | scenario "#grant" do 61 | click_button("Grant") 62 | current_url.should == authorization_grant_uri(client) + "&state=extra" 63 | end 64 | 65 | scenario "#deny" do 66 | click_button("Deny") 67 | current_url.should == authorization_denied_uri(client) + "&state=extra" 68 | end 69 | end 70 | 71 | context "when not valid" do 72 | scenario "fails with not valid client uri" do 73 | client.uri = "http://not.existing/" 74 | visit authorization_grant_page(client, write_scope) 75 | page.should_not have_content client.name 76 | page.should have_content("Client not found") 77 | end 78 | 79 | scenario "fails with not valid scope" do 80 | visit authorization_grant_page(client_read, write_scope) 81 | page.should_not have_content client.name 82 | page.should have_content("Client not authorized") 83 | end 84 | end 85 | 86 | context "when not valid scope hacked in HTML page" do 87 | background do 88 | visit authorization_grant_page(client_read, read_scope) 89 | page.should have_content client_read.name 90 | end 91 | 92 | scenario "fails #grant" do 93 | page.find("#grant").fill_in("scope", with: "pizzas/create") 94 | click_button("Grant") 95 | page.should have_content("Client not authorized") 96 | end 97 | 98 | scenario "fails #deny" do 99 | page.find("#deny").fill_in("scope", with: "pizzas/create") 100 | click_button("Deny") 101 | page.should have_content("Client not authorized") 102 | end 103 | end 104 | end 105 | 106 | 107 | context "Implicit token flow" do 108 | before { use_javascript } 109 | before { login(user) } 110 | 111 | context "when valid" do 112 | background do 113 | visit implicit_grant_page(client, write_scope) 114 | page.should have_content client.name 115 | end 116 | 117 | scenario "#grant" do 118 | click_button("Grant") 119 | current_url.should == implicit_grant_uri(client) 120 | end 121 | 122 | scenario "#deny" do 123 | click_button("Deny") 124 | current_url.should == implicit_denied_uri(client) 125 | end 126 | end 127 | 128 | context "when client is blocked" do 129 | it "should not load authorization page" do 130 | client.block! 131 | visit implicit_grant_page(client, write_scope) 132 | page.should have_content("Client blocked") 133 | end 134 | end 135 | 136 | context "when access is blocked (resource owner block a client)" do 137 | it "should not load authorization page" do 138 | access.block! 139 | visit implicit_grant_page(client, write_scope) 140 | page.should have_content("Client blocked") 141 | end 142 | end 143 | 144 | context "when send an extra state params" do 145 | background do 146 | visit(implicit_grant_page(client, write_scope) + "&state=extra") 147 | end 148 | 149 | scenario "#grant" do 150 | click_button("Grant") 151 | current_url.should == implicit_grant_uri(client) + "&state=extra" 152 | end 153 | 154 | scenario "#deny" do 155 | click_button("Deny") 156 | current_url.should == implicit_denied_uri(client) + "&state=extra" 157 | end 158 | end 159 | 160 | context "when not valid" do 161 | scenario "fails with not valid client uri" do 162 | client.uri = "http://not.existing/" 163 | visit implicit_grant_page(client, write_scope) 164 | page.should_not have_content client.name 165 | page.should have_content("Client not found") 166 | end 167 | 168 | scenario "fails with not valid scope" do 169 | visit implicit_grant_page(client_read, write_scope) 170 | page.should_not have_content client_read.name 171 | page.should have_content("Client not authorized") 172 | end 173 | end 174 | 175 | after { use_default } 176 | end 177 | 178 | 179 | context "Refresh implicit token flow" do 180 | before { use_javascript } 181 | before { @token = Factory(:oauth_token) } 182 | before { login(user) } 183 | 184 | scenario "should create new token" do 185 | visit implicit_grant_page(client, write_scope) 186 | current_url.should == implicit_grant_uri(client) 187 | end 188 | 189 | context "when send an extra state params" do 190 | scenario "it should be in the callback" do 191 | visit(implicit_grant_page(client, write_scope) + "&state=extra") 192 | current_url.should == implicit_grant_uri(client) + "&state=extra" 193 | end 194 | end 195 | 196 | context "when client is blocked" do 197 | it "should not load authorization page" do 198 | client.block! 199 | visit implicit_grant_page(client, write_scope) 200 | page.should have_content("Client blocked") 201 | end 202 | end 203 | 204 | # TODO: in reality it should not authomatically redirect 205 | # and should show the authorization page (no errors) 206 | # TODO: miss the scope test 207 | context "when access is blocked (resource owner block a client)" do 208 | it "should not load authorization page" do 209 | access.block! 210 | visit implicit_grant_page(client, write_scope) 211 | page.should have_content("Client blocked") 212 | end 213 | end 214 | 215 | context "when token is blocked (resource owner log out)" do 216 | it "should not load authorization page" do 217 | @token.block! 218 | visit implicit_grant_page(client, write_scope) 219 | page.should have_content("Access token blocked from the user") 220 | end 221 | end 222 | 223 | context "when not valid" do 224 | scenario "fails with not valid client uri" do 225 | client.uri = "http://not.existing/" 226 | visit implicit_grant_page(client, write_scope) 227 | page.should_not have_content client.name 228 | page.should have_content("Client not found") 229 | end 230 | 231 | scenario "fails with not valid scope" do 232 | visit implicit_grant_page(client_read, write_scope) 233 | page.should_not have_content client_read.name 234 | page.should have_content("Client not authorized") 235 | end 236 | end 237 | 238 | after { use_default } 239 | end 240 | end 241 | -------------------------------------------------------------------------------- /spec/acceptance/oauth/oauth_token_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/../acceptance_helper') 2 | 3 | feature "OauthTokenController" do 4 | before { Client.destroy_all } 5 | before { OauthAccess.destroy_all } 6 | before { OauthRefreshToken.destroy_all } 7 | 8 | let(:user) { Factory(:user) } 9 | let(:client) { Factory(:client) } 10 | let(:client_read) { Factory(:client_read) } 11 | let(:authorization) { Factory(:oauth_authorization) } 12 | let(:access) { Factory(:oauth_access) } 13 | let(:write_scope) { "pizzas" } 14 | let(:read_scope) { "pizzas/read" } 15 | 16 | before { @scope = Factory(:scope_pizzas_read) } 17 | before { @scope = Factory(:scope_pizzas_all) } 18 | 19 | context "Authorization token flow" do 20 | 21 | let(:attributes) { { 22 | grant_type: "authorization_code", 23 | client_id: client.uri, 24 | client_secret: client.secret, 25 | code: authorization.code, 26 | redirect_uri: client.redirect_uri 27 | } } 28 | 29 | scenario "create a token" do 30 | create_token_uri(attributes) 31 | response_should_have_access_token 32 | response_should_have_refresh_token 33 | end 34 | 35 | context "when client is blocked" do 36 | it "should not load authorization page" do 37 | client.block! 38 | create_token_uri(attributes) 39 | page.should have_content "Client blocked" 40 | end 41 | end 42 | 43 | context "when access is blocked (resource owner block a client)" do 44 | it "should not load authorization page" do 45 | access.block! 46 | create_token_uri(attributes) 47 | page.should have_content "Client blocked from the user" 48 | end 49 | end 50 | 51 | context "when not valid" do 52 | scenario "fails with not valid code" do 53 | attributes.merge!(code: "not_existing") 54 | create_token_uri(attributes) 55 | page.should have_content "Authorization not found" 56 | end 57 | 58 | scenario "fails with no valid client uri" do 59 | attributes.merge!(client_id: "not_existing") 60 | create_token_uri(attributes) 61 | page.should have_content "Client not found" 62 | end 63 | 64 | scenario "fails when authorization is expired" do 65 | authorization.expire_at # hack (otherwise do not set the time) 66 | Delorean.time_travel_to("in #{Oauth.settings["authorization_expires_in"]} seconds") 67 | create_token_uri(attributes) 68 | page.should have_content "Authorization expired" 69 | page.should have_content "less than 5 seconds" 70 | end 71 | 72 | end 73 | end 74 | 75 | 76 | context "Password credentials flow" do 77 | let(:attributes) { { 78 | grant_type: "password", 79 | client_id: client.uri, 80 | client_secret: client.secret, 81 | username: user.email, 82 | password: user.password, 83 | scope: write_scope 84 | } } 85 | 86 | scenario "create a token" do 87 | create_token_uri(attributes) 88 | response_should_have_access_token 89 | response_should_have_refresh_token 90 | end 91 | 92 | context "when client is blocked" do 93 | it "should not load authorization page" do 94 | client.block! 95 | create_token_uri(attributes) 96 | page.should have_content "Client blocked" 97 | end 98 | end 99 | 100 | context "when access is blocked (resource owner block a client)" do 101 | it "should not load authorization page" do 102 | access.block! 103 | create_token_uri(attributes) 104 | page.should have_content "Client blocked from the user" 105 | end 106 | end 107 | 108 | context "when not valid" do 109 | scenario "fails with not valid user password" do 110 | attributes.merge!(password: "not_existing") 111 | create_token_uri(attributes) 112 | page.should have_content "User not found" 113 | end 114 | 115 | scenario "fails with no valid client uri" do 116 | attributes.merge!(client_id: "not_existing") 117 | create_token_uri(attributes) 118 | page.should have_content "Client not found" 119 | end 120 | 121 | scenario "fails with no valid scope authorization" do 122 | attributes.merge!({client_id: client_read.uri, client_secret: client_read.secret }) 123 | create_token_uri(attributes) 124 | page.should have_content "Client not authorized" 125 | end 126 | end 127 | end 128 | 129 | 130 | context "Refresh Token" do 131 | let(:token) { Factory(:oauth_token) } 132 | let(:refresh_token) { OauthRefreshToken.create(access_token: token.token) } 133 | 134 | let(:attributes) { { 135 | grant_type: "refresh_token", 136 | refresh_token: refresh_token.refresh_token, 137 | client_id: client.uri, 138 | client_secret: client.secret 139 | } } 140 | 141 | scenario "create an access token" do 142 | create_token_uri(attributes) 143 | response_should_have_access_token 144 | response_should_have_refresh_token 145 | end 146 | 147 | context "when client is blocked" do 148 | scenario "should not load authorization page" do 149 | client.block! 150 | create_token_uri(attributes) 151 | page.should have_content "Client blocked" 152 | end 153 | end 154 | 155 | context "when access is blocked (resource owner block a client)" do 156 | scenario "should not load authorization page" do 157 | access.block! 158 | create_token_uri(attributes) 159 | page.should have_content "Client blocked from the user" 160 | end 161 | end 162 | 163 | context "when token is blocked (resource owner log out)" do 164 | scenario "should not load authorization page" do 165 | token.block! 166 | create_token_uri(attributes) 167 | page.should have_content "Access token blocked from the user" 168 | end 169 | end 170 | 171 | context "when not valid" do 172 | scenario "fails with no valid client uri" do 173 | attributes.merge!(client_id: "not_existing") 174 | create_token_uri(attributes) 175 | page.should have_content "Client not found" 176 | end 177 | 178 | scenario "fails with no valid refresh token" do 179 | attributes.merge!(refresh_token: "not_existing") 180 | create_token_uri(attributes) 181 | page.should have_content "Refresh token not found" 182 | end 183 | end 184 | end 185 | 186 | context "Authorization token flow" do 187 | before { @token = Factory(:oauth_token) } 188 | 189 | scenario "block a token" do 190 | page.driver.delete("/token/" + @token.token) 191 | #@token.reload.should be_blocked 192 | #page.status_code.should == 200 193 | end 194 | end 195 | end 196 | -------------------------------------------------------------------------------- /spec/acceptance/resource_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/acceptance_helper') 2 | 3 | feature "ResourceController" do 4 | 5 | context "with not existing access token" do 6 | before { @token = Factory(:oauth_access) } 7 | before { @token = Factory(:oauth_token) } 8 | before { @token_value = @token.token } 9 | before { @token_json = {token: @token_value}.to_json } 10 | before { @token.destroy } 11 | 12 | scenario ".index" do 13 | visit "/pizzas?token=" + @token_value 14 | should_not_be_authorized 15 | end 16 | 17 | scenario ".show" do 18 | visit "/pizzas/0?token=" + @token_value 19 | should_not_be_authorized 20 | end 21 | 22 | scenario ".create" do 23 | page.driver.post("/pizzas", @token_json) 24 | should_not_be_authorized 25 | end 26 | 27 | scenario ".update" do 28 | page.driver.put("/pizzas/0", @token_json) 29 | should_not_be_authorized 30 | end 31 | 32 | scenario ".destroy" do 33 | page.driver.delete("/pizzas/0", @token_json) 34 | should_not_be_authorized 35 | end 36 | end 37 | 38 | context "with single action accesses" do 39 | before { @token_value = Factory(:oauth_token, scope: ["pizzas/index"]).token } 40 | before { @token_json = {token: @token_value}.to_json } 41 | 42 | scenario ".index" do 43 | visit "/pizzas?token=" + @token_value 44 | page.should have_content "index" 45 | end 46 | 47 | scenario ".show" do 48 | visit "/pizzas/0?token=" + @token_value 49 | should_not_be_authorized 50 | end 51 | end 52 | 53 | 54 | context "with read accesses on a resource" do 55 | before { @token_value = Factory(:oauth_token_read).token } 56 | before { @token_json = {token: @token_value}.to_json } 57 | 58 | scenario ".index" do 59 | visit "/pizzas?token=" + @token_value 60 | page.should have_content "index" 61 | end 62 | 63 | scenario ".show" do 64 | visit "/pizzas/0?token=" + @token_value 65 | page.should have_content "show" 66 | end 67 | 68 | scenario ".create" do 69 | page.driver.post("/pizzas", @token_json) 70 | should_not_be_authorized 71 | end 72 | 73 | scenario ".update" do 74 | page.driver.put("/pizzas/0", @token_json) 75 | should_not_be_authorized 76 | end 77 | 78 | scenario ".destroy" do 79 | page.driver.delete("/pizzas/0", @token_json) 80 | should_not_be_authorized 81 | end 82 | end 83 | 84 | 85 | context "with all accesses" do 86 | before { @token_value = Factory(:oauth_token).token } 87 | before { @token_json = {token: @token_value}.to_json } 88 | 89 | scenario ".index" do 90 | visit "/pizzas?token=" + @token_value 91 | page.should have_content "index" 92 | end 93 | 94 | scenario ".show" do 95 | visit "/pizzas/0?token=" + @token_value 96 | page.should have_content "show" 97 | end 98 | 99 | scenario ".create" do 100 | page.driver.post("/pizzas", @token_json) 101 | page.should have_content "create" 102 | end 103 | 104 | scenario ".update" do 105 | page.driver.put("/pizzas/0", @token_json) 106 | page.should have_content "update" 107 | end 108 | 109 | scenario ".destroy" do 110 | page.driver.delete("/pizzas/0", @token_json) 111 | page.should have_content "destroy" 112 | end 113 | 114 | context "with token in the header" do 115 | before { @headers = Hash["Authorization", "OAuth2 #{@token_value}"] } 116 | before { page.driver.hacked_env.merge!(@headers) } 117 | 118 | scenario ".index" do 119 | visit "/pizzas" 120 | page.should have_content "index" 121 | end 122 | end 123 | end 124 | 125 | end 126 | -------------------------------------------------------------------------------- /spec/acceptance/scopes_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/acceptance_helper') 2 | 3 | feature "ScopesController" do 4 | before { host! "http://" + host } 5 | before { @user = Factory(:user) } 6 | before { @admin = Factory(:admin) } 7 | before { @scope = Factory(:scope, values: ALL_SCOPE) } 8 | 9 | 10 | context ".index" do 11 | before { @uri = "/scopes" } 12 | before { @read_scope = Factory(:scope, name: "read", values: READ_SCOPE) } 13 | 14 | context "when not logged in" do 15 | scenario "is not authorized" do 16 | visit @uri 17 | current_url.should == host + "/log_in" 18 | end 19 | end 20 | 21 | context "when logged it" do 22 | context "when admin" do 23 | before { login(@admin) } 24 | 25 | scenario "view the resources" do 26 | visit @uri 27 | should_visualize_scope(@scope) 28 | should_visualize_scope(@read_scope) 29 | end 30 | end 31 | 32 | context "when not admin" do 33 | before { login(@user) } 34 | scenario "do not list all resources" do 35 | visit @uri 36 | page.should have_content "Unauthorized access" 37 | end 38 | end 39 | end 40 | end 41 | 42 | 43 | context ".show" do 44 | before { @uri = "/scopes/" + @scope.id.as_json } 45 | 46 | context "when not logged in" do 47 | scenario "is not authorized" do 48 | visit @uri 49 | current_url.should == host + "/log_in" 50 | end 51 | end 52 | 53 | context "when logged in" do 54 | context "when admin" do 55 | before { login(@admin) } 56 | 57 | scenario "view a resource" do 58 | visit @uri 59 | should_visualize_scope(@scope) 60 | end 61 | 62 | scenario "resource not found" do 63 | @scope.destroy 64 | visit @uri 65 | page.should have_content "Resource not found" 66 | end 67 | 68 | scenario "illegal id" do 69 | visit "/scopes/0" 70 | page.should have_content "Resource not found" 71 | end 72 | end 73 | 74 | context "when not admin" do 75 | before { login(@user) } 76 | scenario "do not show a resource" do 77 | visit @uri 78 | page.should have_content "Unauthorized access" 79 | end 80 | end 81 | end 82 | end 83 | 84 | 85 | context ".create" do 86 | before { @uri = "/scopes/new" } 87 | 88 | context "when not logged in" do 89 | scenario "is not authorized" do 90 | visit @uri 91 | current_url.should == host + "/log_in" 92 | end 93 | end 94 | 95 | context "when logged in" do 96 | context "when admin" do 97 | before { login(@admin) } 98 | 99 | context "when valid" do 100 | before do 101 | visit @uri 102 | fill_scope("pizza/read", "pizza/index pizza/show") 103 | click_button 'Create Scope' 104 | @scope = Scope.last 105 | end 106 | 107 | scenario "create a resource" do 108 | should_visualize_scope(@scope) 109 | page.should have_content "was successfully created" 110 | end 111 | 112 | scenario "assign an URI to the resource" do 113 | @scope.uri.should == host + "/scopes/" + @scope.id.as_json 114 | end 115 | end 116 | 117 | context "when not valid" do 118 | scenario "fails" do 119 | visit @uri 120 | fill_scope("", "") 121 | click_button 'Create Scope' 122 | page.should have_content "Name can't be blank" 123 | page.should have_content "Values can't be blank" 124 | end 125 | end 126 | end 127 | 128 | context "when not admin" do 129 | before { login(@user) } 130 | scenario "do not create a resource" do 131 | visit @uri 132 | page.should have_content "Unauthorized access" 133 | end 134 | end 135 | end 136 | end 137 | 138 | context ".update" do 139 | before { @uri = "/scopes/" + @scope.id.as_json + "/edit" } 140 | 141 | context "when not logged in" do 142 | scenario "is not authorized" do 143 | visit @uri 144 | current_url.should == host + "/log_in" 145 | end 146 | end 147 | 148 | context "when logged in" do 149 | context "when admin" do 150 | before { login(@admin) } 151 | 152 | scenario "update a resource" do 153 | visit @uri 154 | fill_scope("pizza/read/toppings", "pizza/index pizza/show pizza/toppings") 155 | click_button 'Update Scope' 156 | page.should have_content("pizza/read/toppings") 157 | page.should have_content("pizza/toppings") 158 | end 159 | 160 | scenario "resource not found" do 161 | @scope.destroy 162 | visit @uri 163 | page.should have_content "Resource not found" 164 | end 165 | 166 | scenario "illegal id" do 167 | visit "/scopes/0" 168 | page.should have_content "Resource not found" 169 | end 170 | 171 | context "when not valid" do 172 | scenario "fails" do 173 | visit @uri 174 | fill_scope("", "") 175 | click_button 'Update Scope' 176 | page.should have_content "Name can't be blank" 177 | page.should have_content "Values can't be blank" 178 | end 179 | end 180 | 181 | context "update clients'scopes" do 182 | 183 | before do 184 | Scope.destroy_all 185 | @scope = Factory(:scope_pizzas_all) 186 | @scope_read = Factory(:scope_pizzas_read) 187 | @client = Factory(:client) 188 | @client_read = Factory(:client_read) 189 | end 190 | 191 | before do 192 | visit "/scopes/" + @scope_read.id.as_json + "/edit" 193 | fill_scope("pizzas/read", "pizzas/show") 194 | click_button 'Update Scope' 195 | end 196 | 197 | context "with indirect client" do 198 | subject { @client.reload.scope_values } 199 | it { should_not include "pizzas/index" } 200 | it { should include "pizzas/show" } 201 | it { should include "pizzas/create" } 202 | it { should include "pizzas/update" } 203 | it { should include "pizzas/destroy" } 204 | end 205 | 206 | context "with direct client" do 207 | subject { @client_read.reload.scope_values } 208 | it { should_not include "pizzas/index" } 209 | it { @client_read.reload.scope_values.should include "pizzas/show" } 210 | end 211 | end 212 | end 213 | 214 | context "when not admin" do 215 | before { login(@user) } 216 | scenario "do not update a resource" do 217 | visit @uri 218 | page.should have_content "Unauthorized access" 219 | end 220 | end 221 | end 222 | end 223 | 224 | context ".destroy" do 225 | end 226 | 227 | end 228 | -------------------------------------------------------------------------------- /spec/acceptance/support/helpers.rb: -------------------------------------------------------------------------------- 1 | module HelperMethods 2 | 3 | def login(user, password = "example") 4 | visit "/log_in" 5 | fill_in "email", with: user.email 6 | fill_in "password", with: password 7 | click_button "Log in" 8 | end 9 | 10 | 11 | # Driver switch 12 | def use_javascript 13 | Capybara.default_driver = :selenium 14 | Capybara.javascript_driver = :selenium 15 | end 16 | 17 | def use_default 18 | Capybara.default_driver = :rack_test 19 | Capybara.javascript_driver = :rack_test 20 | end 21 | 22 | 23 | # Authorization page URIs 24 | def authorization_grant_page(client, scope) 25 | uri = "/oauth/authorization?response_type=code" + authorization_params(client, scope) 26 | return URI.escape(uri) 27 | end 28 | 29 | def implicit_grant_page(client, scope) 30 | uri = "/oauth/authorization?response_type=token" + authorization_params(client, scope) 31 | return URI.escape(uri) 32 | end 33 | 34 | def authorization_params(client, scope) 35 | uri = "&scope=#{scope}" 36 | uri += "&client_id=#{client.uri}" 37 | uri += "&redirect_uri=#{client.redirect_uri}" 38 | end 39 | 40 | 41 | # Redirect URIs 42 | def authorization_grant_uri(client) 43 | authorization = OauthAuthorization.last 44 | client.redirect_uri + "?code=" + authorization.code 45 | end 46 | 47 | def implicit_grant_uri(client) 48 | token = OauthToken.last 49 | token.token.should_not be_nil 50 | uri = client.redirect_uri + "#token=" + token.token + "&expires_in=" + Oauth.settings["token_expires_in"] 51 | end 52 | 53 | def authorization_denied_uri(client) 54 | client.redirect_uri + "?error=access_denied" 55 | end 56 | 57 | def implicit_denied_uri(client) 58 | client.redirect_uri + "#error=access_denied" 59 | end 60 | 61 | 62 | # Token generation (via POST requests) 63 | def create_token_uri(attributes) 64 | page.driver.post("/oauth/token", attributes.to_json) 65 | end 66 | 67 | def response_should_have_access_token 68 | token = OauthToken.last 69 | page.should have_content(token.token) 70 | end 71 | 72 | def response_should_have_refresh_token 73 | refresh_token = OauthRefreshToken.last 74 | page.should have_content(refresh_token.refresh_token) 75 | end 76 | 77 | end 78 | 79 | RSpec.configuration.include HelperMethods, :type => :acceptance 80 | -------------------------------------------------------------------------------- /spec/acceptance/support/paths.rb: -------------------------------------------------------------------------------- 1 | module NavigationHelpers 2 | # Put helper methods related to the paths in your application here. 3 | 4 | def homepage 5 | "/" 6 | end 7 | end 8 | 9 | RSpec.configuration.include NavigationHelpers, :type => :acceptance 10 | -------------------------------------------------------------------------------- /spec/acceptance/support/view_helpers.rb: -------------------------------------------------------------------------------- 1 | module ViewHelperMethods 2 | 3 | # Scope 4 | def should_visualize_scope(scope) 5 | page.should have_content(scope.name) 6 | page.should have_content(scope.values_pretty) 7 | end 8 | 9 | def fill_scope(name, values) 10 | fill_in 'Name', with: name 11 | fill_in 'Values', with: values 12 | end 13 | 14 | # User 15 | def should_visualize_user(user) 16 | page.should have_content(user.email) 17 | end 18 | 19 | # Client 20 | def should_visualize_client(client) 21 | page.should have_content(client.name) 22 | end 23 | 24 | def should_visualize_client_details(client) 25 | page.should have_content(client.name) 26 | page.should have_content(client.uri) 27 | page.should have_content(client.secret) 28 | page.should have_content(client.site_uri) 29 | page.should have_content(client.redirect_uri) 30 | page.should have_content(client.scope_values_pretty) 31 | page.should have_content("pizzas/create") 32 | page.should have_content(client.info) 33 | end 34 | 35 | def fill_client(name = "example") 36 | fill_in "Name", with: name 37 | fill_in "Site", with: HOST 38 | fill_in "Redirect", with: REDIRECT_URI 39 | fill_in "Scope", with: "pizzas" 40 | fill_in "Info", with: "This is an example app" 41 | end 42 | 43 | # bearer token 44 | def should_not_be_authorized 45 | page.status_code.should == 401 46 | page.should have_content "Unauthorized access" 47 | end 48 | 49 | end 50 | 51 | RSpec.configuration.include ViewHelperMethods, :type => :acceptance 52 | 53 | -------------------------------------------------------------------------------- /spec/acceptance/users_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/acceptance_helper') 2 | 3 | feature "UsersController" do 4 | before { host! "http://" + host } 5 | before { @user = Factory(:user) } 6 | before { @bob = Factory(:user_bob) } 7 | before { @admin = Factory(:admin) } 8 | 9 | 10 | context ".index" do 11 | before { @uri = "/users" } 12 | 13 | context "when not logged in" do 14 | scenario "is not authorized" do 15 | visit @uri 16 | current_url.should == host + "/log_in" 17 | end 18 | end 19 | 20 | context "when logged in" do 21 | context "when admin" do 22 | before { login(@admin) } 23 | scenario "list all resources" do 24 | visit @uri 25 | [@user, @bob].each do |user| 26 | should_visualize_user(user) 27 | end 28 | end 29 | end 30 | 31 | context "when not admin" do 32 | before { login(@user) } 33 | scenario "do not list all resources" do 34 | visit @uri 35 | page.should have_content "Unauthorized access" 36 | end 37 | end 38 | end 39 | end 40 | 41 | 42 | context ".show" do 43 | before { @uri = "/users/" + @user.id.as_json } 44 | 45 | context "when not logged in" do 46 | scenario "is not authorized" do 47 | visit @uri 48 | current_url.should == host + "/log_in" 49 | end 50 | end 51 | 52 | context "when logged in" do 53 | before { login(@user) } 54 | 55 | scenario "view a resource" do 56 | visit @uri 57 | should_visualize_user(@user) 58 | end 59 | 60 | scenario "resource not found" do 61 | @user.destroy 62 | visit @uri 63 | current_url.should == host + "/log_in" 64 | end 65 | 66 | scenario "access other users profile" do 67 | login @bob 68 | visit @uri 69 | page.should have_content "Resource not found" 70 | end 71 | 72 | scenario "access with illegal id" do 73 | visit "/users/0" 74 | page.should have_content "Resource not found" 75 | end 76 | end 77 | end 78 | 79 | 80 | context ".create" do 81 | before { @uri = "/sign_up" } 82 | 83 | context "when valid" do 84 | before do 85 | visit @uri 86 | fill_in "Email", with: "new@example.com" 87 | fill_in "Password", with: "example" 88 | click_button 'Create User' 89 | end 90 | 91 | scenario "create a resource" do 92 | page.should have_content "Signed up" 93 | end 94 | 95 | scenario "assign an URI to the resource" do 96 | @user = User.last 97 | @user.uri.should == host + "/users/" + @user.id.as_json 98 | end 99 | end 100 | 101 | context "when not valid" do 102 | scenario "fails" do 103 | visit @uri 104 | fill_in "Email", with: "" 105 | fill_in "Password", with: "" 106 | click_button 'Create User' 107 | page.should have_content "Email can't be blank" 108 | page.should have_content "Password can't be blank" 109 | end 110 | end 111 | 112 | context "when no admin exists" do 113 | before { @admin.destroy } 114 | scenario "create admin" do 115 | visit @uri 116 | page.should have_content "admin" 117 | fill_in "Email", with: "new@example.com" 118 | fill_in "Password", with: "example" 119 | click_button 'Create User' 120 | User.last.should be_admin 121 | end 122 | end 123 | end 124 | 125 | 126 | context ".update" do 127 | before { @uri = "/users/" + @user.id.as_json + "/edit" } 128 | 129 | context "when not logged in" do 130 | scenario "is not authorized" do 131 | visit @uri 132 | current_url.should == host + "/log_in" 133 | end 134 | end 135 | 136 | context "when logged in" do 137 | before { login(@user) } 138 | let(:name) { "Alice is my name" } 139 | 140 | scenario "when update fields" do 141 | visit @uri 142 | fill_in "Name", with: name 143 | click_button "Update User" 144 | page.should have_content(name) 145 | end 146 | 147 | context "when update the password" do 148 | let(:new_pass) { "asecurepassword"} 149 | 150 | context "when valid" do 151 | before do 152 | visit @uri 153 | fill_in "Password", with: new_pass 154 | click_button "Update User" 155 | click_link "Log out" 156 | end 157 | 158 | scenario "should log with new pass" do 159 | login(@user, new_pass) 160 | page.should have_content "Logged in" 161 | end 162 | 163 | scenario "should not log with old pass" do 164 | login(@user) 165 | page.should_not have_content "Logged in" 166 | page.should have_content "Invalid email or password" 167 | end 168 | end 169 | 170 | scenario "when empty" do 171 | visit @uri 172 | fill_in "Password", with: "" 173 | click_button "Update User" 174 | click_link "Log out" 175 | login(@user) 176 | page.should have_content "Logged in" 177 | end 178 | end 179 | 180 | scenario "when resource not found" do 181 | @user.destroy 182 | visit @uri 183 | current_url.should == host + "/log_in" 184 | end 185 | 186 | scenario "when illegal id" do 187 | visit "/users/0" 188 | page.should have_content "Resource not found" 189 | end 190 | 191 | scenario "when edit other users profile" do 192 | login @bob 193 | visit @uri 194 | page.should have_content "Resource not found" 195 | end 196 | end 197 | end 198 | 199 | #context ".destroy" do 200 | #end 201 | 202 | end 203 | 204 | -------------------------------------------------------------------------------- /spec/controllers/pastas_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe PastasController do 4 | 5 | end 6 | -------------------------------------------------------------------------------- /spec/controllers/pizzas_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe PizzasController do 4 | 5 | end 6 | -------------------------------------------------------------------------------- /spec/extras/scope_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe "Oauth" do 4 | before { Scope.destroy_all } 5 | 6 | before { @scope = Factory(:scope_pizzas_read) } 7 | before { @scope = Factory(:scope_pizzas_all) } 8 | before { @scope = Factory(:scope_pastas_read) } 9 | before { @scope = Factory(:scope_pastas_all) } 10 | before { @scope = Factory(:scope_read) } 11 | before { @scope = Factory(:scope_all) } 12 | 13 | context "#normalize_scope" do 14 | context "single resource" do 15 | context "single action" do 16 | let(:normalized) { Oauth.normalize_scope("pizzas/index") } 17 | subject { normalized } 18 | it { should include "pizzas/index" } 19 | end 20 | 21 | context "read actions" do 22 | let(:normalized) { Oauth.normalize_scope("pizzas/read") } 23 | subject { normalized } 24 | 25 | it { should include "pizzas/index" } 26 | it { should include "pizzas/show" } 27 | it { should_not include "pizzas/create"} 28 | end 29 | 30 | context "read actions and create action" do 31 | let(:normalized) { Oauth.normalize_scope("pizzas/read pizzas/create") } 32 | subject { normalized } 33 | 34 | it { should include "pizzas/index" } 35 | it { should include "pizzas/show" } 36 | it { should include "pizzas/create"} 37 | end 38 | 39 | context "all rest actions" do 40 | let(:normalized) { Oauth.normalize_scope("pizzas") } 41 | subject { normalized } 42 | 43 | it { should include "pizzas/index" } 44 | it { should include "pizzas/show" } 45 | it { should include "pizzas/create" } 46 | it { should include "pizzas/update" } 47 | it { should include "pizzas/destroy"} 48 | it { should_not include "pastas/index" } 49 | it { should_not include "pizzas" } 50 | end 51 | end 52 | 53 | context "all resources" do 54 | context "single actions" do 55 | let(:normalized) { Oauth.normalize_scope("pizzas/index pastas/index") } 56 | subject { normalized } 57 | it { should include "pizzas/index" } 58 | it { should_not include "pizzas/show" } 59 | it { should include "pastas/index" } 60 | it { should_not include "pastas/show" } 61 | end 62 | 63 | context "read actions" do 64 | let(:normalized) { Oauth.normalize_scope("read") } 65 | subject { normalized } 66 | 67 | it { should include "pizzas/index" } 68 | it { should include "pizzas/show" } 69 | it { should_not include "pizzas/create"} 70 | 71 | it { should include "pastas/index" } 72 | it { should include "pastas/show" } 73 | it { should_not include "pastas/create"} 74 | 75 | it { should_not include "read" } 76 | it { should_not include "pizzas/read" } 77 | it { should_not include "pastas/read" } 78 | end 79 | 80 | context "all rest actions" do 81 | let(:normalized) { Oauth.normalize_scope("all") } 82 | subject { normalized } 83 | 84 | it { should include "pizzas/index" } 85 | it { should include "pizzas/show" } 86 | it { should include "pizzas/create" } 87 | it { should include "pizzas/update" } 88 | it { should include "pizzas/destroy"} 89 | 90 | it { should include "pastas/index" } 91 | it { should include "pastas/show" } 92 | it { should include "pastas/create" } 93 | it { should include "pastas/update" } 94 | it { should include "pastas/destroy"} 95 | 96 | it { should_not include "all"} 97 | it { should_not include "pizzas"} 98 | it { should_not include "pastas"} 99 | it { should_not include "pizzas/read"} 100 | it { should_not include "pastas/read"} 101 | end 102 | end 103 | 104 | end 105 | end 106 | -------------------------------------------------------------------------------- /spec/factories/oauth.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/../support/settings_helper') 2 | include SettingsHelper 3 | 4 | FactoryGirl.define do 5 | 6 | factory :user do 7 | email "alice@example.com" 8 | password "example" 9 | uri USER_URI 10 | admin false 11 | end 12 | 13 | factory :user_bob, class: User do 14 | email "bob@example.com" 15 | password "example" 16 | uri ANOTHER_USER_URI 17 | admin false 18 | end 19 | 20 | factory :admin, class: User do 21 | email "admin@example.com" 22 | password "example" 23 | uri ADMIN_URI 24 | admin true 25 | end 26 | 27 | factory :oauth_access do 28 | client_uri CLIENT_URI 29 | resource_owner_uri USER_URI 30 | end 31 | 32 | 33 | factory :oauth_authorization do 34 | client_uri CLIENT_URI 35 | resource_owner_uri USER_URI 36 | scope ALL_SCOPE 37 | end 38 | 39 | 40 | factory :oauth_token do 41 | client_uri CLIENT_URI 42 | resource_owner_uri USER_URI 43 | scope ALL_SCOPE 44 | end 45 | 46 | factory :oauth_token_read, parent: :oauth_token do 47 | scope READ_SCOPE 48 | end 49 | 50 | 51 | factory :client do 52 | uri CLIENT_URI 53 | name "the client" 54 | created_from USER_URI 55 | redirect_uri REDIRECT_URI 56 | scope ["pizzas"] 57 | scope_values ALL_SCOPE 58 | end 59 | 60 | factory :client_read, parent: :client do 61 | uri ANOTHER_CLIENT_URI 62 | scope ["pizzas/read"] 63 | scope_values READ_SCOPE 64 | end 65 | 66 | factory :client_not_owned, parent: :client do 67 | name "Not owned client" 68 | created_from ANOTHER_USER_URI 69 | end 70 | 71 | 72 | factory :scope do 73 | uri SCOPE_URI 74 | name "pizzas" 75 | end 76 | 77 | factory :scope_pizzas_read, parent: :scope do 78 | name "pizzas/read" 79 | values ["pizzas/index", "pizzas/show"] 80 | end 81 | 82 | factory :scope_pizzas_all, parent: :scope do 83 | name "pizzas" 84 | values ["pizzas/read", "pizzas/create", "pizzas/update", "pizzas/destroy"] 85 | end 86 | 87 | factory :scope_pastas_read, parent: :scope do 88 | name "pastas/read" 89 | values ["pastas/index", "pastas/show"] 90 | end 91 | 92 | factory :scope_pastas_all, parent: :scope do 93 | name "pastas" 94 | values ["pastas/create", "pastas/update", "pastas/destroy", "pastas/read"] 95 | end 96 | 97 | factory :scope_read, parent: :scope do 98 | name "read" 99 | values ["pizzas/read", "pastas/read"] 100 | end 101 | 102 | factory :scope_all, parent: :scope do 103 | name "all" 104 | values ["pizzas", "pastas"] 105 | end 106 | 107 | end 108 | 109 | 110 | -------------------------------------------------------------------------------- /spec/models/oauth/client_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe Client do 4 | before { @client = Factory.create(:client) } 5 | subject { @client } 6 | 7 | it { should validate_presence_of(:name) } 8 | it { should validate_presence_of(:uri) } 9 | it { should allow_value(VALID_URIS).for(:uri) } 10 | it { should validate_presence_of(:created_from) } 11 | it { should allow_value(VALID_URIS).for(:created_from) } 12 | it { should validate_presence_of(:redirect_uri) } 13 | it { should allow_value(VALID_URIS).for(:redirect_uri) } 14 | 15 | its(:secret) { should_not be_nil } 16 | 17 | it ".granted!" do 18 | lambda{ subject.granted! }.should change{ subject.granted_times }.by(1) 19 | end 20 | 21 | it ".revoked!" do 22 | lambda{ subject.revoked! }.should change{ subject.revoked_times }.by(1) 23 | end 24 | 25 | it { should_not be_blocked } 26 | context "#block!" do 27 | before { @authorization = Factory.create(:oauth_authorization) } 28 | before { @another_authorization = Factory.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI) } 29 | before { @token = Factory.create(:oauth_token) } 30 | before { @another_token = Factory.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI) } 31 | 32 | before { subject.block! } 33 | 34 | it { should be_blocked } 35 | it { @authorization.reload.should be_blocked } 36 | it { @another_authorization.reload.should_not be_blocked } 37 | it { @token.reload.should be_blocked } 38 | it { @another_token.reload.should_not be_blocked } 39 | 40 | context "#unblock!" do 41 | before { subject.unblock! } 42 | 43 | it { should_not be_blocked } 44 | it { @authorization.reload.should be_blocked } 45 | it { @token.reload.should be_blocked } 46 | end 47 | end 48 | 49 | context ".find_by_id" do 50 | context "without scope" do 51 | let(:found) { Client.where_uri(subject.uri, subject.redirect_uri).first } 52 | it { found.should_not be_nil } 53 | end 54 | 55 | context "with valid scope" do 56 | let(:found) { Client.where_scope(subject.scope_values).where_uri(subject.uri, subject.redirect_uri).first } 57 | it { found.should_not be_nil } 58 | end 59 | 60 | # TODO: Understand why with subject it raise error 61 | context "with not valid scope" do 62 | let(:found) { Client.where_scope(["not.valid"]).where_uri(subject.uri, subject.redirect_uri).first } 63 | it { found.should be_nil } 64 | end 65 | end 66 | 67 | context ".find_by_secret" do 68 | let(:found) { Client.where_secret(subject.secret, subject.uri).first } 69 | it { found.should_not be_nil } 70 | end 71 | 72 | context ".where_scope" do 73 | context "with complete scope" do 74 | let(:scope) { ALL_SCOPE } 75 | subject { Client.where_scope(scope).first } 76 | it { should_not be_nil } 77 | end 78 | 79 | context "with partial scope" do 80 | let(:scope) { ["pizzas/show", "pizzas/create"] } 81 | subject { Client.where_scope(scope).first } 82 | it { should_not be_nil } 83 | end 84 | 85 | context "with invalid scope" do 86 | let(:scope) { ["type.write", "reresource.not_existingg"] } 87 | subject { Client.where_scope(scope).first } 88 | it { should be_nil } 89 | end 90 | end 91 | 92 | context "#destroy" do 93 | subject { Factory.create(:client) } 94 | before do 95 | OauthAuthorization.destroy_all 96 | 3.times { Factory.create(:oauth_authorization) } 97 | OauthToken.destroy_all 98 | 3.times { Factory.create(:oauth_token) } 99 | end 100 | 101 | it "should remove related authorizations" do 102 | lambda{ subject.destroy }.should change{ 103 | OauthAuthorization.all.size 104 | }.by(-3) 105 | end 106 | 107 | it "should remove related tokens" do 108 | lambda{ subject.destroy }.should change{ 109 | OauthToken.all.size 110 | }.by(-3) 111 | end 112 | end 113 | 114 | context ".sync_clients_with_scope" do 115 | before { Client.destroy_all } 116 | before { Scope.destroy_all } 117 | 118 | before { @client = Factory(:client) } 119 | before { @read_client = Factory(:client_read) } 120 | before { @scope = Factory(:scope_pizzas_all) } 121 | before { @scope_read = Factory(:scope_pizzas_read, values: ["pizzas/show"]) } 122 | before { Client.sync_clients_with_scope("pizzas/read") } 123 | 124 | context "with indirect scope" do 125 | subject { @client.reload.scope_values } 126 | it { should include "pizzas/show" } 127 | it { should include "pizzas/create" } 128 | it { should include "pizzas/update" } 129 | it { should include "pizzas/destroy" } 130 | it { should_not include "pizzas/index" } 131 | end 132 | 133 | context "with direct scope" do 134 | subject { @read_client.reload.scope_values } 135 | it { should include "pizzas/show" } 136 | it { should_not include "pizzas/index" } 137 | end 138 | end 139 | 140 | end 141 | 142 | -------------------------------------------------------------------------------- /spec/models/oauth/oauth_access_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe OauthAccess do 4 | before { @access = Factory.create(:oauth_access) } 5 | subject { @access } 6 | 7 | it { should validate_presence_of(:client_uri) } 8 | it { should validate_presence_of(:resource_owner_uri) } 9 | it { should_not be_blocked } 10 | 11 | context "#block!" do 12 | before { @authorization = Factory.create(:oauth_authorization) } 13 | before { @another_authorization = Factory.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI) } 14 | before { @token = Factory.create(:oauth_token) } 15 | before { @another_token = Factory.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI) } 16 | 17 | before { subject.block! } 18 | 19 | it { should be_blocked } 20 | it { @authorization.reload.should be_blocked } 21 | it { @another_authorization.reload.should_not be_blocked } 22 | it { @token.reload.should be_blocked } 23 | it { @another_token.reload.should_not be_blocked } 24 | 25 | context "#unblock!" do 26 | before { subject.unblock! } 27 | 28 | it { should_not be_blocked } 29 | it { @authorization.reload.should be_blocked } 30 | it { @token.reload.should be_blocked } 31 | end 32 | end 33 | 34 | context "when increment access" do 35 | let(:today) { Chronic.parse("today at midday") } 36 | let(:tomorrow) { Chronic.parse("tomorrow at midday") } 37 | 38 | it "should create or increment the daily requests counter" do 39 | Delorean.time_travel_to today 40 | 3.times { @access.accessed! } 41 | @access.daily_requests.times.should == 3 42 | Delorean.time_travel_to tomorrow 43 | @access.accessed! 44 | @access.daily_requests.times.should == 1 45 | end 46 | end 47 | 48 | end 49 | -------------------------------------------------------------------------------- /spec/models/oauth/oauth_authorization_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe OauthAuthorization do 4 | before { @authorization = Factory.create(:oauth_authorization) } 5 | subject { @authorization } 6 | 7 | it { should validate_presence_of(:client_uri) } 8 | it { should allow_value(VALID_URIS).for(:client_uri) } 9 | it { should validate_presence_of(:resource_owner_uri) } 10 | it { should allow_value(VALID_URIS).for(:resource_owner_uri) } 11 | 12 | its(:code) { should_not be_nil } 13 | its(:expire_at) { should_not be_nil } 14 | 15 | it { should_not be_blocked } 16 | context "#block" do 17 | before { subject.block! } 18 | it { should be_blocked } 19 | end 20 | 21 | context ".block_client!" do 22 | before { @another_client_authorization = Factory.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI) } 23 | before { OauthAuthorization.block_client!(CLIENT_URI) } 24 | 25 | it { @authorization.reload.should be_blocked } 26 | it { @another_client_authorization.reload.should_not be_blocked } 27 | end 28 | 29 | context ".block_access!" do 30 | before { @another_client_authorization = Factory.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI)} 31 | before { @another_owner_authorization = Factory.create(:oauth_authorization, resource_owner_uri: ANOTHER_USER_URI) } 32 | before { OauthAuthorization.block_access!(CLIENT_URI, USER_URI) } 33 | 34 | it { @authorization.reload.should be_blocked } 35 | it { @another_client_authorization.reload.should_not be_blocked } 36 | it { @another_owner_authorization.reload.should_not be_blocked } 37 | end 38 | 39 | it "#expired?" do 40 | subject.should_not be_expired 41 | Delorean.time_travel_to("in 151 seconds") 42 | subject.should be_expired 43 | end 44 | 45 | it ".where_code_and_client_uri" do 46 | result = OauthAuthorization.where_code_and_client_uri(subject.code, subject.client_uri).first 47 | result.should == subject 48 | end 49 | 50 | end 51 | -------------------------------------------------------------------------------- /spec/models/oauth/oauth_daily_request_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe OauthToken do 4 | 5 | let(:access) { Factory.create(:oauth_access) } 6 | let(:time) { Chronic.parse("17 august 1982") } 7 | let(:day_requests) { access.daily_requests(time) } 8 | 9 | its(:day) { day_requests.day.should == "17" } 10 | its(:month) { day_requests.month.should == "08" } 11 | its(:year) { day_requests.year.should == "1982" } 12 | its(:time_id) { day_requests.time_id.should == "19820817" } 13 | 14 | end 15 | -------------------------------------------------------------------------------- /spec/models/oauth/oauth_refresh_token_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe OauthRefreshToken do 4 | before { @token = Factory(:oauth_token) } 5 | before { @refresh_token = OauthRefreshToken.create(access_token: @token.token) } 6 | subject { @refresh_token } 7 | 8 | it { should validate_presence_of :access_token } 9 | 10 | its(:refresh_token) {should_not be_nil } 11 | end 12 | -------------------------------------------------------------------------------- /spec/models/oauth/oauth_token_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe OauthToken do 4 | before { @token = Factory.create(:oauth_token) } 5 | subject { @token } 6 | 7 | it { should validate_presence_of(:client_uri) } 8 | it { should allow_value(VALID_URIS).for(:client_uri) } 9 | it { should validate_presence_of(:resource_owner_uri) } 10 | it { should allow_value(VALID_URIS).for(:resource_owner_uri) } 11 | 12 | its(:token) { should_not be_nil } 13 | its(:refresh_token) { should_not be_nil } 14 | it { should_not be_blocked } 15 | 16 | context "#block!" do 17 | before { subject.block! } 18 | it { should be_blocked } 19 | end 20 | 21 | context ".block_client!" do 22 | before { @another_client_token = Factory.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI) } 23 | before { OauthToken.block_client!(CLIENT_URI) } 24 | 25 | it { @token.reload.should be_blocked } 26 | it { @another_client_token.should_not be_blocked } 27 | end 28 | 29 | context ".block_access!" do 30 | before { @another_client_token = Factory.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI)} 31 | before { @another_owner_token = Factory.create(:oauth_token, resource_owner_uri: ANOTHER_USER_URI) } 32 | before { OauthToken.block_access!(CLIENT_URI, USER_URI) } 33 | 34 | it { @token.reload.should be_blocked } 35 | it { @another_client_token.should_not be_blocked } 36 | it { @another_owner_token.should_not be_blocked } 37 | end 38 | 39 | context ".exist" do 40 | it "should find the token" do 41 | existing = OauthToken.exist(@token.client_uri, 42 | @token.resource_owner_uri, 43 | @token.scope).first 44 | existing.should_not be_nil 45 | end 46 | end 47 | 48 | 49 | it "#expired?" do 50 | subject.should_not be_expired 51 | Delorean.time_travel_to("in #{Oauth.settings["token_expires_in"]} seconds") 52 | subject.should be_expired 53 | end 54 | 55 | end 56 | -------------------------------------------------------------------------------- /spec/models/scope_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe Scope do 4 | before { @scope = Factory(:scope, values: ALL_SCOPE) } 5 | subject { @scope } 6 | 7 | it { should validate_presence_of(:name) } 8 | it { should validate_presence_of(:name) } 9 | 10 | it { should allow_value(VALID_URIS).for(:uri) } 11 | it { should_not allow_value(INVALID_URIS).for(:uri) } 12 | 13 | it { should_not allow_mass_assignment_of(:values) } 14 | it { should_not allow_mass_assignment_of(:uri) } 15 | 16 | its(:values) { should be_a_kind_of Array } 17 | end 18 | -------------------------------------------------------------------------------- /spec/models/user_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe User do 4 | 5 | end 6 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # This file is copied to spec/ when you run 'rails generate rspec:install' 2 | ENV["RAILS_ENV"] ||= 'test' 3 | require File.expand_path("../../config/environment", __FILE__) 4 | require 'rspec/rails' 5 | 6 | # Requires supporting ruby files with custom matchers and macros, etc, 7 | # in spec/support/ and its subdirectories. 8 | Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f} 9 | 10 | # Require shared examples ruby files 11 | Dir[Rails.root.join("spec/**/shared/*.rb")].each {|f| require f} 12 | 13 | RSpec.configure do |config| 14 | 15 | # Include helpers and global vars 16 | config.include SettingsHelper 17 | 18 | # Include extra rspec matchers 19 | config.include Mongoid::Matchers 20 | 21 | # Include time travel methods 22 | config.include Delorean 23 | 24 | # Mock library 25 | config.mock_with :rspec 26 | 27 | # User cleanup before each test 28 | config.before(:each) do 29 | User.destroy_all 30 | end 31 | 32 | # Cleaning up MongoDB afterspecs have ben executed 33 | config.after :suite do 34 | Mongoid.master.collections.select do |collection| 35 | collection.name !~ /system/ 36 | end.each(&:drop) 37 | end 38 | 39 | end 40 | -------------------------------------------------------------------------------- /spec/support/settings_helper.rb: -------------------------------------------------------------------------------- 1 | # TODO: define a yml file for configurations 2 | module SettingsHelper 3 | 4 | # general 5 | HOST = "http://www.iana.org/domains/example" 6 | ANOTHER_HOST = "http://www.example.com" 7 | 8 | # resources 9 | USER_URI = HOST + "/users/example" 10 | ANOTHER_USER_URI = HOST + "/users/another" 11 | ADMIN_URI = HOST + "/users/admin" 12 | CLIENT_URI = HOST + "/users/alice/client/lelylan" 13 | ANOTHER_CLIENT_URI = HOST + "/users/alice/client/riflect" 14 | REDIRECT_URI = HOST + "/app/callback" 15 | 16 | # scopes 17 | SCOPE_URI = HOST + "/scopes/pizzas" 18 | ALL_SCOPE = ["pizzas/index", "pizzas/show", "pizzas/create", "pizzas/update", "pizzas/destroy"] 19 | READ_SCOPE = ["pizzas/index", "pizzas/show"] 20 | 21 | 22 | # urls validator 23 | VALID_URIS = [ 'http://example.com', 'http://www.example.com', 24 | 'https://example.com', 'https://www.example.com', 25 | 'http://example.host', 'https://example.host' ] 26 | INVALID_URIS = [ 'ftp://godaddy.com', 'www.godaddy.com', 'godaddy.com', 'example' ] 27 | 28 | end 29 | -------------------------------------------------------------------------------- /vendor/plugins/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lelylan/rest-oauth2-server/e17f3f22580d34da9e4b1fae975e73039f96b6bf/vendor/plugins/.gitkeep --------------------------------------------------------------------------------