oauth_provider: added noosfero client

Victor Costa
1 parent 6996df35
Showing 4 changed files with 45 additions and 4 deletions Show diff stats
plugins/oauth_client/lib/oauth_client_plugin.rb
plugins/oauth_client/lib/omniauth/strategies/noosfero_oauth2.rb
plugins/oauth_client/views/auth/_noosfero_oauth2.html.erb
plugins/oauth_provider/lib/oauth_provider_plugin.rb
+require 'omniauth/strategies/noosfero_oauth2'
+
 class OauthClientPlugin < Noosfero::Plugin
   def self.plugin_name
@@ -39,6 +41,9 @@ class OauthClientPlugin &lt; Noosfero::Plugin
     },
     :google_oauth2 => {
       :name => 'Google'
+    },
+    :noosfero_oauth2 => {
+      :name => 'Noosfero'
     }
   }
@@ -0,0 +1,30 @@
+require 'omniauth/strategies/oauth2'
+
+module OmniAuth
+  module Strategies
+    class NoosferoOauth2 < OmniAuth::Strategies::OAuth2
+      option :name, :noosfero_oauth2
+
+      option :client_options, {
+        :site => "http://noosfero.com:3001",
+        :authorize_url => "/oauth/authorize"
+      }
+
+      uid { raw_info["id"] }
+
+      info do
+        {
+          :email => raw_info["email"]
+          # and anything else you want to return to your API consumers
+        }
+      end
+
+      def raw_info
+        #@raw_info ||= access_token.get('/api/v1/me.json').parsed
+        #FIXME
+        #raise access_token.inspect
+        User['vfcosta'].attributes
+      end
+    end
+  end
+end
@@ -0,0 +1 @@
+<a class="noosfero_oauth2" href="/plugin/oauth_client/noosfero_oauth2"><%= _('Login with Noosfero') %></a>
@@ -13,17 +13,22 @@ class OauthProviderPlugin &lt; Noosfero::Plugin
     # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
     orm :active_record
-    domain = Domain.find_by_name(request.host)
-    environment = domain ? domain.environment : Environment.default
-
     # This block will be called to check whether the resource owner is authenticated or not.
     resource_owner_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
       environment.users.find_by_id(session[:user]) || redirect_to('/account/login')
     end
     # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
     admin_authenticator do
-      environment.users.find_by_id(session[:user]) || redirect_to('/account/login')
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      user = environment.users.find_by_id(session[:user])
+      unless user && user.person.is_admin?(environment)
+        redirect_to('/account/login')
+      end
+      user
     end
     # Authorization Code expiration time (default 10 minutes).
@@ -0,0 +1,30 @@		@@ -0,0 +1,30 @@
	1	+require 'omniauth/strategies/oauth2'
	2	+
	3	+module OmniAuth
	4	+ module Strategies
	5	+ class NoosferoOauth2 < OmniAuth::Strategies::OAuth2
	6	+ option :name, :noosfero_oauth2
	7	+
	8	+ option :client_options, {
	9	+ :site => "http://noosfero.com:3001",
	10	+ :authorize_url => "/oauth/authorize"
	11	+ }
	12	+
	13	+ uid { raw_info["id"] }
	14	+
	15	+ info do
	16	+ {
	17	+ :email => raw_info["email"]
	18	+ # and anything else you want to return to your API consumers
	19	+ }
	20	+ end
	21	+
	22	+ def raw_info
	23	+ #@raw_info \|\|= access_token.get('/api/v1/me.json').parsed
	24	+ #FIXME
	25	+ #raise access_token.inspect
	26	+ User['vfcosta'].attributes
	27	+ end
	28	+ end
	29	+ end
	30	+end
	@@ -0,0 +1 @@		@@ -0,0 +1 @@
		1	+<a class="noosfero_oauth2" href="/plugin/oauth_client/noosfero_oauth2"><%= _('Login with Noosfero') %></a>