Merge branch 'oauth_rails3' into stable

Victor Costa
2 parents b84a55b8 80b76bb0
Showing 24 changed files with 608 additions and 1 deletions Show diff stats
app/views/account/_signup_form.html.erb
plugins/oauth_client/Gemfile
plugins/oauth_client/README
plugins/oauth_client/controllers/oauth_client_plugin_admin_controller.rb
plugins/oauth_client/controllers/public/oauth_client_plugin_public_controller.rb
plugins/oauth_client/db/migrate/20140828184930_add_settings_to_users.rb
plugins/oauth_client/lib/ext/user.rb
plugins/oauth_client/lib/oauth_client_plugin.rb
plugins/oauth_client/lib/omniauth/strategies/noosfero_oauth2.rb
plugins/oauth_client/public/images/facebook-icon.png
plugins/oauth_client/public/images/google-icon.png
plugins/oauth_client/public/style.css
plugins/oauth_client/test/test_helper.rb
plugins/oauth_client/test/unit/oauth_client_plugin_test.rb
plugins/oauth_client/test/unit/user_test.rb
plugins/oauth_client/views/account/_oauth_signup.html.erb
plugins/oauth_client/views/auth/_facebook.html.erb
plugins/oauth_client/views/auth/_google_oauth2.html.erb
plugins/oauth_client/views/auth/_noosfero_oauth2.html.erb
plugins/oauth_client/views/auth/_oauth_login.html.erb
@@ -16,7 +16,7 @@
 <input type="hidden" id="signup_time_key" name="signup_time_key" />
 <script type="text/javascript">
   jQuery.ajax({
-    type: "POST",
+    type: "GET",
     url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",
     dataType: 'json',
     success: function(data) {
@@ -0,0 +1,3 @@
+gem 'omniauth'
+gem 'omniauth-facebook'
+gem "omniauth-google-oauth2"
@@ -0,0 +1,11 @@
+
+
+https://github.com/mkdynamic/omniauth-facebook
+https://github.com/zquestz/omniauth-google-oauth2
+
+Create Google+ application:
+  https://developers.google.com/+/web/signin/javascript-flow
+
+Create Facebook application:
+  https://developers.facebook.com/docs/facebook-login/v2.1
+  https://developers.facebook.com/docs/reference/dialogs/oauth
@@ -0,0 +1,15 @@
+class OauthClientPluginAdminController < AdminController
+
+  def index
+    settings = params[:settings] || {}
+
+    @settings = Noosfero::Plugin::Settings.new(environment, OauthClientPlugin, settings)
+    @providers = @settings.get_setting(:providers) || {}
+    if request.post?
+      @settings.save!
+      session[:notice] = 'Settings succefully saved.'
+      redirect_to :action => 'index'
+    end
+  end
+
+end
@@ -0,0 +1,28 @@
+class OauthClientPluginPublicController < PublicController
+
+  def callback
+    auth = request.env["omniauth.auth"]
+    login = auth.info.email.split('@').first
+    user = environment.users.find_with_omniauth(auth)
+
+    if user
+      session[:user] = user
+      redirect_to :controller => :account, :action => :login
+    else
+      session[:oauth_data] = auth
+      name = auth.info.name
+      name ||= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : ''
+      redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email}, :profile_data => {:name => name}
+    end
+  end
+
+  def failure
+    redirect_to root_url
+  end
+
+  def destroy
+    session[:user] = nil
+    redirect_to root_url
+  end
+
+end
@@ -0,0 +1,9 @@
+class AddSettingsToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :settings, :string
+  end
+
+  def self.down
+    remove_column :users, :settings
+  end
+end
@@ -0,0 +1,36 @@
+require_dependency 'user'
+
+class User
+
+  acts_as_having_settings :field => :settings
+
+  settings_items :oauth_providers, :type => Array, :default => []
+
+  def self.find_with_omniauth(auth)
+    user = self.find_by_email(auth.info.email)
+    if user && !user.oauth_providers.empty? #FIXME save new oauth providers
+      user
+    else
+      nil
+    end
+  end
+
+  def password_required_with_oauth?
+    password_required_without_oauth? && oauth_providers.blank?
+  end
+
+  alias_method_chain :password_required?, :oauth
+
+  after_create :activate_oauth_user
+
+  def activate_oauth_user
+    activate unless oauth_providers.empty?
+  end
+
+  def make_activation_code_with_oauth
+    oauth_providers.blank? ? make_activation_code_without_oauth : nil
+  end
+
+  alias_method_chain :make_activation_code, :oauth
+
+end
@@ -0,0 +1,93 @@
+require 'omniauth/strategies/noosfero_oauth2'
+
+class OauthClientPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "Oauth Client Plugin"
+  end
+
+  def self.plugin_description
+    _("Login with Oauth.")
+  end
+
+  def login_extra_contents
+    plugin = self
+    proc do
+      render :partial => 'auth/oauth_login', :locals => {:providers => plugin.enabled_providers}
+    end
+  end
+
+  def signup_extra_contents
+    plugin = self
+
+    proc do
+      if plugin.context.session[:oauth_data].present?
+        render :partial => 'account/oauth_signup'
+      else
+        ''
+      end
+    end
+  end
+
+  def enabled_providers
+    settings = Noosfero::Plugin::Settings.new(context.environment, OauthClientPlugin)
+    providers = settings.get_setting(:providers)
+    providers.select {|provider, options| options[:enabled]}
+  end
+
+  PROVIDERS = {
+    :facebook => {
+      :name => 'Facebook'
+    },
+    :google_oauth2 => {
+      :name => 'Google'
+    },
+    :noosfero_oauth2 => {
+      :name => 'Noosfero'
+    }
+  }
+
+  def stylesheet?
+    true
+  end
+
+  OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
+
+  Rails.application.config.middleware.use OmniAuth::Builder do
+    PROVIDERS.each do |provider, options|
+      provider provider, :setup => lambda { |env|
+        request = Rack::Request.new env
+        strategy = env['omniauth.strategy']
+
+        domain = Domain.find_by_name(request.host)
+        environment = domain.environment rescue Environment.default
+        settings = Noosfero::Plugin::Settings.new(environment, OauthClientPlugin)
+        providers = settings.get_setting(:providers)
+
+        strategy.options.client_id = providers[provider][:client_id]
+        strategy.options.client_secret = providers[provider][:client_secret]
+      }, :path_prefix => '/plugin/oauth_client', :callback_path => "/plugin/oauth_client/public/callback/#{provider}"
+    end
+
+    unless Rails.env.production?
+      provider :developer, :path_prefix => "/plugin/oauth_client", :callback_path => "/plugin/oauth_client/public/callback/developer"
+    end
+  end
+
+  def account_controller_filters
+    {
+      :type => 'before_filter', :method_name => 'signup',
+      :block => proc {
+        auth = session[:oauth_data]
+
+        if auth.present? && params[:user].present?
+          params[:user][:oauth_providers] = [{:provider => auth.provider, :uid => auth.uid}]
+          if request.post? && auth.info.email != params[:user][:email]
+            raise "Wrong email for oauth signup"
+          end
+        end
+      }
+    }
+  end
+
+end
@@ -0,0 +1,30 @@
+require 'omniauth/strategies/oauth2'
+
+module OmniAuth
+  module Strategies
+    class NoosferoOauth2 < OmniAuth::Strategies::OAuth2
+      option :name, :noosfero_oauth2
+
+      option :client_options, {
+        :site => "http://noosfero.com:3001",
+        :authorize_url => "/oauth/authorize"
+      }
+
+      uid { raw_info["id"] }
+
+      info do
+        {
+          :email => raw_info["email"]
+          # and anything else you want to return to your API consumers
+        }
+      end
+
+      def raw_info
+        #@raw_info ||= access_token.get('/api/v1/me.json').parsed
+        #FIXME
+        #raise access_token.inspect
+        User['vfcosta'].attributes
+      end
+    end
+  end
+end
@@ -0,0 +1,22 @@
+.oauth-login .provider a {
+  min-width: 20px;
+  min-height: 20px;
+  background-size: 20px;
+  display: inline-block;
+  text-decoration: none;
+  background-repeat: no-repeat;
+  padding-left: 22px;
+  line-height: 20px;
+}
+
+.oauth-login .provider .facebook {
+  background-image: url(images/facebook-icon.png);
+}
+
+.oauth-login .provider .google_oauth2 {
+  background-image: url(images/google-icon.png);
+}
+
+.oauth-login .provider .developer {
+  display: none;
+}
@@ -0,0 +1 @@
+require File.dirname(__FILE__) + '/../../../test/test_helper'
@@ -0,0 +1,86 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class OauthClientPluginTest < ActiveSupport::TestCase
+
+  def setup
+    @plugin = OauthClientPlugin.new
+    @params = {}
+    @plugin.stubs(:context).returns(self)
+    @environment = Environment.default
+  end
+
+  attr_reader :params, :plugin, :environment
+
+  should 'has extra contents for login' do
+    assert plugin.login_extra_contents
+  end
+
+  should 'has no signup extra contents if no provider was enabled' do
+    assert_equal '', instance_eval(&plugin.signup_extra_contents)
+  end
+
+  should 'has signup extra contents if there is enabled providers' do
+    params[:user] = {:oauth_providers => [:provider]}
+    expects(:render).with(:partial => 'account/oauth_signup').once
+    instance_eval(&plugin.signup_extra_contents)
+  end
+
+  should 'list enabled providers' do
+    settings = Noosfero::Plugin::Settings.new(environment, OauthClientPlugin)
+    providers = {:test => {:enabled => true}, :test2 => {:enabled => false}}
+    settings.set_setting(:providers, providers)
+    assert_equal({:test => {:enabled => true}}, plugin.enabled_providers)
+  end
+
+  should 'define before filter for account controller' do
+    assert plugin.account_controller_filters
+  end
+
+  should 'raise error if oauth email was changed' do
+    request = mock
+    stubs(:request).returns(request)
+    request.expects(:post?).returns(true)
+
+    oauth_data = mock
+    info = mock
+    oauth_data.stubs(:info).returns(info)
+    info.stubs(:email).returns('test@example.com')
+    stubs(:session).returns({:oauth_data => oauth_data})
+
+    params[:user] = {:email => 'test2@example.com'}
+    assert_raises RuntimeError do
+      instance_eval(&plugin.account_controller_filters[:block])
+    end
+  end
+
+  should 'do not raise error if oauth email was not changed' do
+    request = mock
+    stubs(:request).returns(request)
+    request.expects(:post?).returns(true)
+
+    oauth_data = mock
+    info = mock
+    oauth_data.stubs(:info).returns(info)
+    info.stubs(:email).returns('test@example.com')
+    stubs(:session).returns({:oauth_data => oauth_data})
+
+    params[:user] = {:email => 'test@example.com'}
+    instance_eval(&plugin.account_controller_filters[:block])
+  end
+
+  should 'do not raise error if oauth session is not set' do
+    request = mock
+    stubs(:request).returns(request)
+    request.expects(:post?).returns(true)
+    stubs(:session).returns({})
+    instance_eval(&plugin.account_controller_filters[:block])
+  end
+
+  should 'do not raise error if it is not a post' do
+    request = mock
+    stubs(:request).returns(request)
+    request.expects(:post?).returns(false)
+    instance_eval(&plugin.account_controller_filters[:block])
+  end
+
+end
@@ -0,0 +1,49 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserTest < ActiveSupport::TestCase
+
+  should 'find with omniauth params' do
+    user = fast_create(User)
+    user.settings[:oauth_providers] = [:test => {}]
+    user.save!
+    auth = {:info => OpenStruct.new({:email => user.email})}
+    assert_equal user, User.find_with_omniauth(OpenStruct.new(auth))
+  end
+
+  should 'do not return user if there is no provider' do
+    user = fast_create(User)
+    auth = {:info => OpenStruct.new({:email => user.email})}
+    assert_equal nil, User.find_with_omniauth(OpenStruct.new(auth))
+  end
+
+  should 'password is not required if there is a oauth provider' do
+    User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :oauth_providers => [:test])
+  end
+
+  should 'password is required if there is a oauth provider' do
+    user = User.new(:email => 'testoauth@example.com', :login => 'testoauth')
+    user.save
+    assert user.errors[:password].present?
+  end
+
+  should 'activate user when created with oauth' do
+    user = User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :oauth_providers => [:test])
+    assert user.activated?
+  end
+
+  should 'not activate user when created without oauth' do
+    user = fast_create(User)
+    assert !user.activated?
+  end
+
+  should 'not make activation code when created with oauth' do
+    user = User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :oauth_providers => [:test])
+    assert !user.activation_code
+  end
+
+  should 'make activation code when created without oauth' do
+    user = User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :password => 'test', :password_confirmation => 'test')
+    assert user.activation_code
+  end
+
+end
@@ -0,0 +1,11 @@
+<%= hidden_field_tag 'return_to', '/' %>
+
+<style>
+  #signup-password, #signup-password-confirmation, #signup-email {
+    display: none;
+  }
+</style>
+
+<div id='signup-email-readonly'>
+  <%= labelled_form_field(_('Email'), text_field(:user, :email, :class => "disabled", :readonly => true)) %>
+</div>
@@ -0,0 +1 @@
+<a class="facebook" href="/plugin/oauth_client/facebook"><%= _('Login with Facebook') %></a>
@@ -0,0 +1 @@
+<a class="google_oauth2" href="/plugin/oauth_client/google_oauth2"><%= _('Login with Google') %></a>
@@ -0,0 +1 @@
+<a class="noosfero_oauth2" href="/plugin/oauth_client/noosfero_oauth2"><%= _('Login with Noosfero') %></a>
@@ -0,0 +1,13 @@
+<div class="oauth-login">
+  <% providers.each do |provider, options| %>
+    <span class="provider">
+      <%= render :partial => "auth/#{provider}", :locals => {:app_id => options['client_id'] } %>
+    </span>
+  <% end %>
+
+  <span class="provider">
+    <% unless Rails.env.production? %>
+      <%= link_to _('Developer Login'), "/plugin/oauth/developer", :class => 'developer' %>
+    <% end %>
+  </span>
+</div>
@@ -0,0 +1,44 @@
+<h1><%= _('Oauth Client Settings') %></h1>
+
+<%= form_for(:settings) do |f| %>
+  <div class="providers">
+    <h3><%= _('Providers') %></h3>
+  <%= f.fields_for :providers, OpenStruct.new(@providers) do |p| %>
+
+    <% OauthClientPlugin::PROVIDERS.each do |available_provider, options| %>
+      <% provider = OpenStruct.new(@providers[available_provider]) %>
+
+      <%= p.fields_for available_provider, provider do |o| %>
+        <div class="provider">
+          <div class="name">
+            <h4><%= o.check_box :enabled, {:class => 'enable', :checked => provider.enabled=='true'}, true, false %>
+            <%= options[:name] %></h4>
+          </div>
+          <div class="options" style="<%= provider.enabled=='true' ? '':'display:none' %>">
+            <div class="client-id">
+              <span class="label"><%= _('Client ID') %></span>
+              <span class="value"><%= o.text_field :client_id %></span>
+            </div>
+            <div class="client-secret">
+              <span class="label"><%= _('Client Secret') %></span>
+              <span class="value"><%= o.text_field :client_secret %></span>
+            </div>
+          </div>
+        </div>
+      <% end %>
+    <% end %>
+  <% end %>
+
+  <% button_bar do %>
+    <%= submit_button(:save, _('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
+  <% end %>
+  </div>
+<% end %>
+
+<script>
+  jQuery(document).ready(function($) {
+    $('.providers .provider .enable').on('click', function() {
+      $(this).parents('.provider').find('.options').toggle('fast');
+    });
+  });
+</script>
@@ -0,0 +1 @@
+gem 'doorkeeper'
@@ -0,0 +1,41 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         null: false
+      t.string  :uid,          null: false
+      t.string  :secret,       null: false
+      t.text    :redirect_uri, null: false
+      t.timestamps
+    end
+
+    add_index :oauth_applications, :uid, unique: true
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, null: false
+      t.integer  :application_id,    null: false
+      t.string   :token,             null: false
+      t.integer  :expires_in,        null: false
+      t.text     :redirect_uri,      null: false
+      t.datetime :created_at,        null: false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_grants, :token, unique: true
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.integer  :application_id
+      t.string   :token,             null: false
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        null: false
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+  end
+end
@@ -0,0 +1,111 @@
+class OauthProviderPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "Oauth Provider Plugin"
+  end
+
+  def self.plugin_description
+    _("Oauth Provider.")
+  end
+
+  Doorkeeper.configure do
+    # Change the ORM that doorkeeper will use.
+    # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
+    orm :active_record
+
+    # This block will be called to check whether the resource owner is authenticated or not.
+    resource_owner_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      environment.users.find_by_id(session[:user]) || redirect_to('/account/login')
+    end
+
+    # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
+    admin_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      user = environment.users.find_by_id(session[:user])
+      unless user && user.person.is_admin?(environment)
+        redirect_to('/account/login')
+      end
+      user
+    end
+
+    # Authorization Code expiration time (default 10 minutes).
+    # authorization_code_expires_in 10.minutes
+
+    # Access token expiration time (default 2 hours).
+    # If you want to disable expiration, set this to nil.
+    # access_token_expires_in 2.hours
+
+    # Reuse access token for the same resource owner within an application (disabled by default)
+    # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
+    # reuse_access_token
+
+    # Issue access tokens with refresh token (disabled by default)
+    # use_refresh_token
+
+    # Provide support for an owner to be assigned to each registered application (disabled by default)
+    # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+    # a registered application
+    # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
+    # enable_application_owner :confirmation => false
+
+    # Define access token scopes for your provider
+    # For more information go to
+    # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+    # default_scopes  :public
+    # optional_scopes :write, :update
+
+    # Change the way client credentials are retrieved from the request object.
+    # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+    # falls back to the `:client_id` and `:client_secret` params from the `params` object.
+    # Check out the wiki for more information on customization
+    # client_credentials :from_basic, :from_params
+
+    # Change the way access token is authenticated from the request object.
+    # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+    # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
+    # Check out the wiki for more information on customization
+    # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+
+    # Change the native redirect uri for client apps
+    # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+    # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+    # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+    #
+    # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
+
+    # Specify what grant flows are enabled in array of Strings. The valid
+    # strings and the flows they enable are:
+    #
+    # "authorization_code" => Authorization Code Grant Flow
+    # "implicit"           => Implicit Grant Flow
+    # "password"           => Resource Owner Password Credentials Grant Flow
+    # "client_credentials" => Client Credentials Grant Flow
+    #
+    # If not specified, Doorkeeper enables all the four grant flows.
+    #
+    # grant_flows %w(authorization_code implicit password client_credentials)
+
+    # Under some circumstances you might want to have applications auto-approved,
+    # so that the user skips the authorization step.
+    # For example if dealing with trusted a application.
+    # skip_authorization do |resource_owner, client|
+    #   client.superapp? or resource_owner.admin?
+    # end
+
+    # WWW-Authenticate Realm (default "Doorkeeper").
+    # realm "Doorkeeper"
+
+    # Allow dynamic query parameters (disabled by default)
+    # Some applications require dynamic query parameters on their request_uri
+    # set to true if you want this to be allowed
+    # wildcard_redirect_uri false
+  end
+
+  Rails.application.routes.prepend do
+    use_doorkeeper
+  end
+
+end
...	...	@@ -16,7 +16,7 @@
16	16	<input type="hidden" id="signup_time_key" name="signup_time_key" />
17	17	<script type="text/javascript">
18	18	jQuery.ajax({
19		- type: "POST",
	19	+ type: "GET",
20	20	url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",
21	21	dataType: 'json',
22	22	success: function(data) {
...	...
...	...	@@ -0,0 +1,3 @@
	1	+gem 'omniauth'
	2	+gem 'omniauth-facebook'
	3	+gem "omniauth-google-oauth2"
...	...
...	...	@@ -0,0 +1,11 @@
	1	+
	2	+
	3	+https://github.com/mkdynamic/omniauth-facebook
	4	+https://github.com/zquestz/omniauth-google-oauth2
	5	+
	6	+Create Google+ application:
	7	+ https://developers.google.com/+/web/signin/javascript-flow
	8	+
	9	+Create Facebook application:
	10	+ https://developers.facebook.com/docs/facebook-login/v2.1
	11	+ https://developers.facebook.com/docs/reference/dialogs/oauth
...	...
...	...	@@ -0,0 +1,15 @@
	1	+class OauthClientPluginAdminController < AdminController
	2	+
	3	+ def index
	4	+ settings = params[:settings] \|\| {}
	5	+
	6	+ @settings = Noosfero::Plugin::Settings.new(environment, OauthClientPlugin, settings)
	7	+ @providers = @settings.get_setting(:providers) \|\| {}
	8	+ if request.post?
	9	+ @settings.save!
	10	+ session[:notice] = 'Settings succefully saved.'
	11	+ redirect_to :action => 'index'
	12	+ end
	13	+ end
	14	+
	15	+end
...	...
...	...	@@ -0,0 +1,28 @@
	1	+class OauthClientPluginPublicController < PublicController
	2	+
	3	+ def callback
	4	+ auth = request.env["omniauth.auth"]
	5	+ login = auth.info.email.split('@').first
	6	+ user = environment.users.find_with_omniauth(auth)
	7	+
	8	+ if user
	9	+ session[:user] = user
	10	+ redirect_to :controller => :account, :action => :login
	11	+ else
	12	+ session[:oauth_data] = auth
	13	+ name = auth.info.name
	14	+ name \|\|= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : ''
	15	+ redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email}, :profile_data => {:name => name}
	16	+ end
	17	+ end
	18	+
	19	+ def failure
	20	+ redirect_to root_url
	21	+ end
	22	+
	23	+ def destroy
	24	+ session[:user] = nil
	25	+ redirect_to root_url
	26	+ end
	27	+
	28	+end
...	...
...	...	@@ -0,0 +1,9 @@
	1	+class AddSettingsToUsers < ActiveRecord::Migration
	2	+ def self.up
	3	+ add_column :users, :settings, :string
	4	+ end
	5	+
	6	+ def self.down
	7	+ remove_column :users, :settings
	8	+ end
	9	+end
...	...
...	...	@@ -0,0 +1,36 @@
	1	+require_dependency 'user'
	2	+
	3	+class User
	4	+
	5	+ acts_as_having_settings :field => :settings
	6	+
	7	+ settings_items :oauth_providers, :type => Array, :default => []
	8	+
	9	+ def self.find_with_omniauth(auth)
	10	+ user = self.find_by_email(auth.info.email)
	11	+ if user && !user.oauth_providers.empty? #FIXME save new oauth providers
	12	+ user
	13	+ else
	14	+ nil
	15	+ end
	16	+ end
	17	+
	18	+ def password_required_with_oauth?
	19	+ password_required_without_oauth? && oauth_providers.blank?
	20	+ end
	21	+
	22	+ alias_method_chain :password_required?, :oauth
	23	+
	24	+ after_create :activate_oauth_user
	25	+
	26	+ def activate_oauth_user
	27	+ activate unless oauth_providers.empty?
	28	+ end
	29	+
	30	+ def make_activation_code_with_oauth
	31	+ oauth_providers.blank? ? make_activation_code_without_oauth : nil
	32	+ end
	33	+
	34	+ alias_method_chain :make_activation_code, :oauth
	35	+
	36	+end
...	...
...	...	@@ -0,0 +1,93 @@
	1	+require 'omniauth/strategies/noosfero_oauth2'
	2	+
	3	+class OauthClientPlugin < Noosfero::Plugin
	4	+
	5	+ def self.plugin_name
	6	+ "Oauth Client Plugin"
	7	+ end
	8	+
	9	+ def self.plugin_description
	10	+ _("Login with Oauth.")
	11	+ end
	12	+
	13	+ def login_extra_contents
	14	+ plugin = self
	15	+ proc do
	16	+ render :partial => 'auth/oauth_login', :locals => {:providers => plugin.enabled_providers}
	17	+ end
	18	+ end
	19	+
	20	+ def signup_extra_contents
	21	+ plugin = self
	22	+
	23	+ proc do
	24	+ if plugin.context.session[:oauth_data].present?
	25	+ render :partial => 'account/oauth_signup'
	26	+ else
	27	+ ''
	28	+ end
	29	+ end
	30	+ end
	31	+
	32	+ def enabled_providers
	33	+ settings = Noosfero::Plugin::Settings.new(context.environment, OauthClientPlugin)
	34	+ providers = settings.get_setting(:providers)
	35	+ providers.select {\|provider, options\| options[:enabled]}
	36	+ end
	37	+
	38	+ PROVIDERS = {
	39	+ :facebook => {
	40	+ :name => 'Facebook'
	41	+ },
	42	+ :google_oauth2 => {
	43	+ :name => 'Google'
	44	+ },
	45	+ :noosfero_oauth2 => {
	46	+ :name => 'Noosfero'
	47	+ }
	48	+ }
	49	+
	50	+ def stylesheet?
	51	+ true
	52	+ end
	53	+
	54	+ OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
	55	+
	56	+ Rails.application.config.middleware.use OmniAuth::Builder do
	57	+ PROVIDERS.each do \|provider, options\|
	58	+ provider provider, :setup => lambda { \|env\|
	59	+ request = Rack::Request.new env
	60	+ strategy = env['omniauth.strategy']
	61	+
	62	+ domain = Domain.find_by_name(request.host)
	63	+ environment = domain.environment rescue Environment.default
	64	+ settings = Noosfero::Plugin::Settings.new(environment, OauthClientPlugin)
	65	+ providers = settings.get_setting(:providers)
	66	+
	67	+ strategy.options.client_id = providers[provider][:client_id]
	68	+ strategy.options.client_secret = providers[provider][:client_secret]
	69	+ }, :path_prefix => '/plugin/oauth_client', :callback_path => "/plugin/oauth_client/public/callback/#{provider}"
	70	+ end
	71	+
	72	+ unless Rails.env.production?
	73	+ provider :developer, :path_prefix => "/plugin/oauth_client", :callback_path => "/plugin/oauth_client/public/callback/developer"
	74	+ end
	75	+ end
	76	+
	77	+ def account_controller_filters
	78	+ {
	79	+ :type => 'before_filter', :method_name => 'signup',
	80	+ :block => proc {
	81	+ auth = session[:oauth_data]
	82	+
	83	+ if auth.present? && params[:user].present?
	84	+ params[:user][:oauth_providers] = [{:provider => auth.provider, :uid => auth.uid}]
	85	+ if request.post? && auth.info.email != params[:user][:email]
	86	+ raise "Wrong email for oauth signup"
	87	+ end
	88	+ end
	89	+ }
	90	+ }
	91	+ end
	92	+
	93	+end
...	...
...	...	@@ -0,0 +1,30 @@
	1	+require 'omniauth/strategies/oauth2'
	2	+
	3	+module OmniAuth
	4	+ module Strategies
	5	+ class NoosferoOauth2 < OmniAuth::Strategies::OAuth2
	6	+ option :name, :noosfero_oauth2
	7	+
	8	+ option :client_options, {
	9	+ :site => "http://noosfero.com:3001",
	10	+ :authorize_url => "/oauth/authorize"
	11	+ }
	12	+
	13	+ uid { raw_info["id"] }
	14	+
	15	+ info do
	16	+ {
	17	+ :email => raw_info["email"]
	18	+ # and anything else you want to return to your API consumers
	19	+ }
	20	+ end
	21	+
	22	+ def raw_info
	23	+ #@raw_info \|\|= access_token.get('/api/v1/me.json').parsed
	24	+ #FIXME
	25	+ #raise access_token.inspect
	26	+ User['vfcosta'].attributes
	27	+ end
	28	+ end
	29	+ end
	30	+end
...	...
...	...	@@ -0,0 +1,22 @@
	1	+.oauth-login .provider a {
	2	+ min-width: 20px;
	3	+ min-height: 20px;
	4	+ background-size: 20px;
	5	+ display: inline-block;
	6	+ text-decoration: none;
	7	+ background-repeat: no-repeat;
	8	+ padding-left: 22px;
	9	+ line-height: 20px;
	10	+}
	11	+
	12	+.oauth-login .provider .facebook {
	13	+ background-image: url(images/facebook-icon.png);
	14	+}
	15	+
	16	+.oauth-login .provider .google_oauth2 {
	17	+ background-image: url(images/google-icon.png);
	18	+}
	19	+
	20	+.oauth-login .provider .developer {
	21	+ display: none;
	22	+}
...	...