Commit 68e014aa7c6de178d98741e9da28b175f7ac9207
1 parent
cf8ddd52
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
oauth_provider: added plugin
Showing
3 changed files
with
151 additions
and
0 deletions
Show diff stats
| ... | ... | @@ -0,0 +1 @@ |
| 1 | +gem 'doorkeeper' | ... | ... |
plugins/oauth_provider/db/migrate/20140829153047_create_doorkeeper_tables.rb
0 → 100644
| ... | ... | @@ -0,0 +1,41 @@ |
| 1 | +class CreateDoorkeeperTables < ActiveRecord::Migration | |
| 2 | + def change | |
| 3 | + create_table :oauth_applications do |t| | |
| 4 | + t.string :name, null: false | |
| 5 | + t.string :uid, null: false | |
| 6 | + t.string :secret, null: false | |
| 7 | + t.text :redirect_uri, null: false | |
| 8 | + t.timestamps | |
| 9 | + end | |
| 10 | + | |
| 11 | + add_index :oauth_applications, :uid, unique: true | |
| 12 | + | |
| 13 | + create_table :oauth_access_grants do |t| | |
| 14 | + t.integer :resource_owner_id, null: false | |
| 15 | + t.integer :application_id, null: false | |
| 16 | + t.string :token, null: false | |
| 17 | + t.integer :expires_in, null: false | |
| 18 | + t.text :redirect_uri, null: false | |
| 19 | + t.datetime :created_at, null: false | |
| 20 | + t.datetime :revoked_at | |
| 21 | + t.string :scopes | |
| 22 | + end | |
| 23 | + | |
| 24 | + add_index :oauth_access_grants, :token, unique: true | |
| 25 | + | |
| 26 | + create_table :oauth_access_tokens do |t| | |
| 27 | + t.integer :resource_owner_id | |
| 28 | + t.integer :application_id | |
| 29 | + t.string :token, null: false | |
| 30 | + t.string :refresh_token | |
| 31 | + t.integer :expires_in | |
| 32 | + t.datetime :revoked_at | |
| 33 | + t.datetime :created_at, null: false | |
| 34 | + t.string :scopes | |
| 35 | + end | |
| 36 | + | |
| 37 | + add_index :oauth_access_tokens, :token, unique: true | |
| 38 | + add_index :oauth_access_tokens, :resource_owner_id | |
| 39 | + add_index :oauth_access_tokens, :refresh_token, unique: true | |
| 40 | + end | |
| 41 | +end | ... | ... |
| ... | ... | @@ -0,0 +1,109 @@ |
| 1 | +class OauthProviderPlugin < Noosfero::Plugin | |
| 2 | + | |
| 3 | + def self.plugin_name | |
| 4 | + "Oauth Provider Plugin" | |
| 5 | + end | |
| 6 | + | |
| 7 | + def self.plugin_description | |
| 8 | + _("Oauth Provider.") | |
| 9 | + end | |
| 10 | + | |
| 11 | + Doorkeeper.configure do | |
| 12 | + # Change the ORM that doorkeeper will use. | |
| 13 | + # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper | |
| 14 | + orm :active_record | |
| 15 | + | |
| 16 | + # This block will be called to check whether the resource owner is authenticated or not. | |
| 17 | + resource_owner_authenticator do | |
| 18 | + User.find_by_id(session[:user]) || redirect_to('/account/login') | |
| 19 | + #fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}" | |
| 20 | + # Put your resource owner authentication logic here. | |
| 21 | + # Example implementation: | |
| 22 | + # User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url) | |
| 23 | + end | |
| 24 | + | |
| 25 | + # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below. | |
| 26 | + admin_authenticator do | |
| 27 | + # Put your admin authentication logic here. | |
| 28 | + # Example implementation: | |
| 29 | + User.find_by_id(session[:user]) || redirect_to('/account/login') | |
| 30 | + end | |
| 31 | + | |
| 32 | + # Authorization Code expiration time (default 10 minutes). | |
| 33 | + # authorization_code_expires_in 10.minutes | |
| 34 | + | |
| 35 | + # Access token expiration time (default 2 hours). | |
| 36 | + # If you want to disable expiration, set this to nil. | |
| 37 | + # access_token_expires_in 2.hours | |
| 38 | + | |
| 39 | + # Reuse access token for the same resource owner within an application (disabled by default) | |
| 40 | + # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383 | |
| 41 | + # reuse_access_token | |
| 42 | + | |
| 43 | + # Issue access tokens with refresh token (disabled by default) | |
| 44 | + # use_refresh_token | |
| 45 | + | |
| 46 | + # Provide support for an owner to be assigned to each registered application (disabled by default) | |
| 47 | + # Optional parameter :confirmation => true (default false) if you want to enforce ownership of | |
| 48 | + # a registered application | |
| 49 | + # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support | |
| 50 | + # enable_application_owner :confirmation => false | |
| 51 | + | |
| 52 | + # Define access token scopes for your provider | |
| 53 | + # For more information go to | |
| 54 | + # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes | |
| 55 | + # default_scopes :public | |
| 56 | + # optional_scopes :write, :update | |
| 57 | + | |
| 58 | + # Change the way client credentials are retrieved from the request object. | |
| 59 | + # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then | |
| 60 | + # falls back to the `:client_id` and `:client_secret` params from the `params` object. | |
| 61 | + # Check out the wiki for more information on customization | |
| 62 | + # client_credentials :from_basic, :from_params | |
| 63 | + | |
| 64 | + # Change the way access token is authenticated from the request object. | |
| 65 | + # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then | |
| 66 | + # falls back to the `:access_token` or `:bearer_token` params from the `params` object. | |
| 67 | + # Check out the wiki for more information on customization | |
| 68 | + # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param | |
| 69 | + | |
| 70 | + # Change the native redirect uri for client apps | |
| 71 | + # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider | |
| 72 | + # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL | |
| 73 | + # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi) | |
| 74 | + # | |
| 75 | + # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob' | |
| 76 | + | |
| 77 | + # Specify what grant flows are enabled in array of Strings. The valid | |
| 78 | + # strings and the flows they enable are: | |
| 79 | + # | |
| 80 | + # "authorization_code" => Authorization Code Grant Flow | |
| 81 | + # "implicit" => Implicit Grant Flow | |
| 82 | + # "password" => Resource Owner Password Credentials Grant Flow | |
| 83 | + # "client_credentials" => Client Credentials Grant Flow | |
| 84 | + # | |
| 85 | + # If not specified, Doorkeeper enables all the four grant flows. | |
| 86 | + # | |
| 87 | + # grant_flows %w(authorization_code implicit password client_credentials) | |
| 88 | + | |
| 89 | + # Under some circumstances you might want to have applications auto-approved, | |
| 90 | + # so that the user skips the authorization step. | |
| 91 | + # For example if dealing with trusted a application. | |
| 92 | + # skip_authorization do |resource_owner, client| | |
| 93 | + # client.superapp? or resource_owner.admin? | |
| 94 | + # end | |
| 95 | + | |
| 96 | + # WWW-Authenticate Realm (default "Doorkeeper"). | |
| 97 | + # realm "Doorkeeper" | |
| 98 | + | |
| 99 | + # Allow dynamic query parameters (disabled by default) | |
| 100 | + # Some applications require dynamic query parameters on their request_uri | |
| 101 | + # set to true if you want this to be allowed | |
| 102 | + # wildcard_redirect_uri false | |
| 103 | + end | |
| 104 | + | |
| 105 | + Rails.application.routes.prepend do | |
| 106 | + use_doorkeeper | |
| 107 | + end | |
| 108 | + | |
| 109 | +end | ... | ... |