Merge branch 'oauth_rails3' into 'master'

Two oauth plugins: oauth_client and oauth_provider See merge request !415

Merge branch 'oauth_rails3' into 'master'
Two oauth plugins: oauth_client and oauth_provider See merge request !415
Braulio Bhavamitra
2 parents c6f5b484 8408ffac
Showing 47 changed files with 1138 additions and 1 deletions Show diff stats
app/views/account/_signup_form.html.erb
plugins/oauth_client/Gemfile
plugins/oauth_client/README.md
plugins/oauth_client/controllers/oauth_client_plugin_admin_controller.rb
plugins/oauth_client/controllers/public/oauth_client_plugin_public_controller.rb
plugins/oauth_client/db/migrate/20141010135314_create_oauth_client_plugin_provider.rb
plugins/oauth_client/db/migrate/20141014162710_create_oauth_client_user_providers.rb
plugins/oauth_client/lib/ext/environment.rb
plugins/oauth_client/lib/ext/user.rb
plugins/oauth_client/lib/oauth_client_plugin.rb
plugins/oauth_client/lib/oauth_client_plugin/provider.rb
plugins/oauth_client/lib/oauth_client_plugin/user_provider.rb
plugins/oauth_client/lib/omniauth/strategies/noosfero_oauth2.rb
plugins/oauth_client/public/style.css
plugins/oauth_client/test/functional/oauth_client_plugin_public_controller_test.rb
plugins/oauth_client/test/test_helper.rb
plugins/oauth_client/test/unit/environment_test.rb
plugins/oauth_client/test/unit/oauth_client_plugin_test.rb
plugins/oauth_client/test/unit/user_test.rb
plugins/oauth_client/views/account/_oauth_signup.html.erb
@@ -16,7 +16,7 @@
 <input type="hidden" id="signup_time_key" name="signup_time_key" />
 <script type="text/javascript">
   jQuery.ajax({
-    type: "POST",
+    type: "GET",
     url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",
     dataType: 'json',
     success: function(data) {
@@ -0,0 +1,3 @@
+gem 'omniauth', '~> 1.2.2'
+gem 'omniauth-facebook', '~> 2.0.0'
+gem "omniauth-google-oauth2", '~> 0.2.6'
@@ -0,0 +1,72 @@
+README - Oauth Client Plugin
+================================
+
+OauthClient is a plugin which allow users to login/signup to noosfero with some oauth providers (for now, google, facebook and noosfero itself).
+
+Install
+=======
+
+Enable Plugin
+-------------
+
+cd <your_noosfero_dir>
+./script/noosfero-plugins enable oauth_client
+
+Active Plugin
+-------------
+
+As a Noosfero administrator user, go to administrator panel:
+
+- Click on "Enable/disable plugins" option
+- Click on "Oauth Client Plugin" check-box
+
+Provider Settings
+=================
+
+Goggle
+------
+
+[Create Google+ application](https://developers.google.com/+/web/signin/javascript-flow)
+
+Facebook
+--------
+
+[Create Facebook application](https://developers.facebook.com/docs/facebook-login/v2.1)
+
+Varnish Settings
+================
+If varnish has been used in your stack, you've to bypass the cache for signup page and prevent cookies to be removed when calling the oauth_client plugin callback. E.g.:
+
+```
+if (req.url !~ "^/account/*" && req.url !~ "^/plugin/oauth_provider/*" && req.url !~ "^/plugin/oauth_client/*" && req.http.cookie !~ "_noosfero_.*") {
+  unset req.http.cookie;
+  return(lookup);
+}
+```
+
+Using Oauth Provider Plugin
+===========================
+The oauth_provider plugin may be used as a provider in the same noosfero installation that hosts your oauth_client plugin (this is usefull in a multi environment setup).
+
+However, you've to use a distinct set of thin processes to handle the authorization requests (to avoid deadlock).
+
+Apache settings example:
+```
+RewriteRule ^/oauth_provider/oauth/(authorize|token).*$ balancer://noosfero-oauth-provider%{REQUEST_URI} [P,QSA,L]
+```
+
+
+Development
+===========
+
+Running OauthClient tests
+--------------------
+
+$ rake test:noosfero_plugins:oauth_client
+
+License
+=======
+
+Copyright (c) The Author developers.
+
+See Noosfero license.
@@ -0,0 +1,27 @@
+class OauthClientPluginAdminController < AdminController
+
+  def index
+  end
+
+  def new
+    @provider = environment.oauth_providers.new
+    render :file => 'oauth_client_plugin_admin/edit'
+  end
+
+  def remove
+    environment.oauth_providers.find(params[:id]).destroy
+    redirect_to :action => 'index'
+  end
+
+  def edit
+    @provider = params[:id] ? environment.oauth_providers.find(params[:id]) : environment.oauth_providers.new
+    if request.post?
+      if @provider.update_attributes(params['oauth_client_plugin_provider'])
+        session[:notice] = _('Saved!')
+      else
+        session[:notice] = _('Error!')
+      end
+    end
+  end
+
+end
@@ -0,0 +1,46 @@
+class OauthClientPluginPublicController < PublicController
+
+  skip_before_filter :login_required
+
+  def callback
+    auth = request.env["omniauth.auth"]
+    user = environment.users.find_by_email(auth.info.email)
+    user ? login(user) : signup(auth)
+  end
+
+  def failure
+    session[:notice] = _('Failed to login')
+    redirect_to root_url
+  end
+
+  def destroy
+    session[:user] = nil
+    redirect_to root_url
+  end
+
+  protected
+
+  def login(user)
+    provider = OauthClientPlugin::Provider.find(session[:provider_id])
+    user_provider = user.oauth_user_providers.find_by_provider_id(provider.id)
+    unless user_provider
+      user_provider = user.oauth_user_providers.create(:user => user, :provider => provider, :enabled => true)
+    end
+    if user_provider.enabled? && provider.enabled?
+      session[:user] = user.id
+    else
+      session[:notice] = _("Can't login with #{provider.name}")
+    end
+
+    redirect_to :controller => :account, :action => :login
+  end
+
+  def signup(auth)
+    login = auth.info.email.split('@').first
+    session[:oauth_data] = auth
+    name = auth.info.name
+    name ||= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : ''
+    redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email}, :profile_data => {:name => name}
+  end
+
+end
@@ -0,0 +1,19 @@
+class CreateOauthClientPluginProvider < ActiveRecord::Migration
+
+  def self.up
+    create_table :oauth_client_plugin_providers do |t|
+      t.integer :environment_id
+      t.string :strategy
+      t.string :name
+      t.text :options
+      t.boolean :enabled
+      t.integer :image_id
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :oauth_client_plugin_providers
+  end
+end
@@ -0,0 +1,14 @@
+class CreateOauthClientUserProviders < ActiveRecord::Migration
+  def self.up
+    create_table :oauth_client_plugin_user_providers do |t|
+      t.references :user
+      t.references :provider
+      t.boolean :enabled
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :oauth_client_plugin_user_providers
+  end
+end
@@ -0,0 +1,7 @@
+require_dependency 'environment'
+
+class Environment
+
+  has_many :oauth_providers, :class_name => 'OauthClientPlugin::Provider'
+
+end
@@ -0,0 +1,31 @@
+require_dependency 'user'
+
+class User
+
+  has_many :oauth_user_providers, :class_name => 'OauthClientPlugin::UserProvider'
+  has_many :oauth_providers, :through => :oauth_user_providers, :source => :provider
+
+  def password_required_with_oauth?
+    password_required_without_oauth? && oauth_providers.empty?
+  end
+
+  alias_method_chain :password_required?, :oauth
+
+  after_create :activate_oauth_user
+
+  def activate_oauth_user
+    unless oauth_providers.empty?
+      activate
+      oauth_providers.each do |provider|
+        OauthClientPlugin::UserProvider.create!(:user => self, :provider => provider, :enabled => true)
+      end
+    end
+  end
+
+  def make_activation_code_with_oauth
+    oauth_providers.blank? ? make_activation_code_without_oauth : nil
+  end
+
+  alias_method_chain :make_activation_code, :oauth
+
+end
@@ -0,0 +1,95 @@
+require 'omniauth/strategies/noosfero_oauth2'
+
+class OauthClientPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "Oauth Client Plugin"
+  end
+
+  def self.plugin_description
+    _("Login with Oauth.")
+  end
+
+  def login_extra_contents
+    plugin = self
+    proc do
+      render :partial => 'auth/oauth_login', :locals => {:providers => environment.oauth_providers.enabled}
+    end
+  end
+
+  def signup_extra_contents
+    plugin = self
+
+    proc do
+      if plugin.context.session[:oauth_data].present?
+        render :partial => 'account/oauth_signup'
+      else
+        ''
+      end
+    end
+  end
+
+  PROVIDERS = {
+    :facebook => {
+      :name => 'Facebook'
+    },
+    :google_oauth2 => {
+      :name => 'Google'
+    },
+    :noosfero_oauth2 => {
+      :name => 'Noosfero'
+    }
+  }
+
+  def stylesheet?
+    true
+  end
+
+  OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
+
+  Rails.application.config.middleware.use OmniAuth::Builder do
+    PROVIDERS.each do |provider, options|
+      setup = lambda { |env|
+        request = Rack::Request.new(env)
+        strategy = env['omniauth.strategy']
+
+        Noosfero::MultiTenancy.setup!(request.host)
+        domain = Domain.find_by_name(request.host)
+        environment = domain.environment rescue Environment.default
+
+        provider_id = request.params['id']
+        provider_id ||= request.session['omniauth.params']['id'] if request.session['omniauth.params']
+        provider = environment.oauth_providers.find(provider_id)
+        strategy.options.merge!(provider.options.symbolize_keys)
+
+        request.session[:provider_id] = provider_id
+      }
+
+      provider provider, :setup => setup,
+        :path_prefix => '/plugin/oauth_client',
+        :callback_path => "/plugin/oauth_client/public/callback/#{provider}",
+        :client_options => { :connection_opts => { :proxy => ENV["OAUTH_HTTP_PROXY"] } }
+    end
+
+    unless Rails.env.production?
+      provider :developer, :path_prefix => "/plugin/oauth_client", :callback_path => "/plugin/oauth_client/public/callback/developer"
+    end
+  end
+
+  def account_controller_filters
+    {
+      :type => 'before_filter', :method_name => 'signup',
+      :block => proc {
+        auth = session[:oauth_data]
+
+        if auth.present? && params[:user].present?
+          params[:user][:oauth_providers] = [OauthClientPlugin::Provider.find(session[:provider_id])]
+          if request.post? && auth.info.email != params[:user][:email]
+            raise "Wrong email for oauth signup"
+          end
+        end
+      }
+    }
+  end
+
+end
@@ -0,0 +1,20 @@
+class OauthClientPlugin::Provider < Noosfero::Plugin::ActiveRecord
+
+  belongs_to :environment
+
+  validates_presence_of :name, :strategy
+
+  acts_as_having_image
+  acts_as_having_settings :field => :options
+
+  settings_items :client_id, :type => :string
+  settings_items :client_secret, :type => :string
+  settings_items :client_options, :type => Hash
+
+  attr_accessible :name, :environment, :strategy, :client_id, :client_secret, :enabled, :client_options, :image_builder
+
+  scope :enabled, :conditions => {:enabled => true}
+
+  acts_as_having_image
+
+end
@@ -0,0 +1,10 @@
+class OauthClientPlugin::UserProvider < Noosfero::Plugin::ActiveRecord
+
+   belongs_to :user, :class_name => 'User'
+   belongs_to :provider, :class_name => 'OauthClientPlugin::Provider'
+
+   set_table_name :oauth_client_plugin_user_providers
+
+   attr_accessible :user, :provider, :enabled
+
+end
@@ -0,0 +1,26 @@
+require 'omniauth/strategies/oauth2'
+
+module OmniAuth
+  module Strategies
+    class NoosferoOauth2 < OmniAuth::Strategies::OAuth2
+      option :name, :noosfero_oauth2
+      option :client_options, {
+        :authorize_url => '/oauth_provider/oauth/authorize',
+        :token_url     => '/oauth_provider/oauth/token'
+      }
+
+      uid { raw_info["id"] }
+
+      info do
+        {
+          :email => raw_info["email"]
+        }
+      end
+
+      def raw_info
+        #FIXME access the noosfero api (coming soon)
+        @raw_info ||= access_token.get('/plugin/oauth_provider/public/me').parsed
+      end
+    end
+  end
+end
@@ -0,0 +1,18 @@
+.oauth-login .provider a {
+  min-width: 20px;
+  min-height: 20px;
+  background-size: 20px;
+  display: inline-block;
+  text-decoration: none;
+  background-repeat: no-repeat;
+  line-height: 20px;
+}
+.oauth-login .provider a img {
+  max-width: 40px;
+}
+.oauth-login .provider a:hover {
+  opacity: 0.7;
+}
+.oauth-login .provider .developer {
+  display: none;
+}
@@ -0,0 +1,80 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class OauthClientPluginPublicControllerTest < ActionController::TestCase
+
+  def setup
+    @auth = mock
+    @auth.stubs(:info).returns(mock)
+    request.env["omniauth.auth"] = @auth
+    @environment = Environment.default
+    @provider = OauthClientPlugin::Provider.create!(:name => 'provider', :strategy => 'provider', :enabled => true)
+  end
+  attr_reader :auth, :environment, :provider
+
+  should 'redirect to signup when user is not found' do
+    auth.info.stubs(:email).returns("xyz123@noosfero.org")
+    auth.info.stubs(:name).returns('xyz123')
+    session[:provider_id] = provider.id
+
+    get :callback
+    assert_match /.*\/account\/signup/, @response.redirect_url
+  end
+
+  should 'redirect to login when user is found' do
+    user = fast_create(User, :environment_id => environment.id)
+    auth.info.stubs(:email).returns(user.email)
+    auth.info.stubs(:name).returns(user.name)
+    session[:provider_id] = provider.id
+
+    get :callback
+    assert_redirected_to :controller => :account, :action => :login
+    assert_equal user.id, session[:user]
+  end
+
+  should 'do not login when the provider is disabled' do
+    user = fast_create(User, :environment_id => environment.id)
+    auth.info.stubs(:email).returns(user.email)
+    auth.info.stubs(:name).returns(user.name)
+    session[:provider_id] = provider.id
+    provider.update_attribute(:enabled, false)
+
+    get :callback
+    assert_redirected_to :controller => :account, :action => :login
+    assert_equal nil, session[:user]
+  end
+
+  should 'do not login when the provider is disabled for a user' do
+    user = fast_create(User, :environment_id => environment.id)
+    auth.info.stubs(:email).returns(user.email)
+    auth.info.stubs(:name).returns(user.name)
+    session[:provider_id] = provider.id
+    user.oauth_user_providers.create(:user => user, :provider => provider, :enabled => false)
+
+    get :callback
+    assert_redirected_to :controller => :account, :action => :login
+    assert_equal nil, session[:user]
+  end
+
+  should 'save provider when an user login with it' do
+    user = fast_create(User, :environment_id => environment.id)
+    auth.info.stubs(:email).returns(user.email)
+    auth.info.stubs(:name).returns(user.name)
+    session[:provider_id] = provider.id
+
+    get :callback
+    assert_equal [provider], user.oauth_providers
+  end
+
+  should 'do not duplicate relations between an user and a provider when the same provider was used again in a login' do
+    user = fast_create(User, :environment_id => environment.id)
+    auth.info.stubs(:email).returns(user.email)
+    auth.info.stubs(:name).returns(user.name)
+    session[:provider_id] = provider.id
+
+    get :callback
+    assert_no_difference 'user.oauth_user_providers.count' do
+      3.times { get :callback }
+    end
+  end
+
+end
@@ -0,0 +1 @@
+require File.dirname(__FILE__) + '/../../../test/test_helper'
@@ -0,0 +1,10 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserTest < ActiveSupport::TestCase
+
+  should 'be able to add oauth providers in a environment' do
+    env = fast_create(Environment)
+    env.oauth_providers << OauthClientPlugin::Provider.new(:name => 'test', :strategy => 'test')
+  end
+
+end
@@ -0,0 +1,86 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class OauthClientPluginTest < ActiveSupport::TestCase
+
+  def setup
+    @plugin = OauthClientPlugin.new(self)
+    @params = {}
+    @plugin.stubs(:context).returns(self)
+    @environment = Environment.default
+    @session = {}
+    @request = mock
+    @provider = OauthClientPlugin::Provider.create!(:name => 'name', :strategy => 'strategy')
+  end
+
+  attr_reader :params, :plugin, :environment, :session, :request, :provider
+
+  should 'has extra contents for login' do
+    assert plugin.login_extra_contents
+  end
+
+  should 'has no signup extra contents if no provider was enabled' do
+    assert_equal '', instance_eval(&plugin.signup_extra_contents)
+  end
+
+  should 'has signup extra contents if oauth_data exists in session' do
+    session[:oauth_data] = {:oauth => 'test'}
+    expects(:render).with(:partial => 'account/oauth_signup').once
+    instance_eval(&plugin.signup_extra_contents)
+  end
+
+  should 'define before filter for account controller' do
+    assert plugin.account_controller_filters
+  end
+
+  should 'raise error if oauth email was changed' do
+    request.expects(:post?).returns(true)
+
+    oauth_data = mock
+    info = mock
+    oauth_data.stubs(:info).returns(info)
+    oauth_data.stubs(:uid).returns('uid')
+    oauth_data.stubs(:provider).returns('provider')
+    info.stubs(:email).returns('test@example.com')
+    session[:oauth_data] = oauth_data
+    session[:provider_id] = provider.id
+
+    params[:user] = {:email => 'test2@example.com'}
+    assert_raises RuntimeError do
+      instance_eval(&plugin.account_controller_filters[:block])
+    end
+  end
+
+  should 'do not raise error if oauth email was not changed' do
+    request.expects(:post?).returns(true)
+
+    oauth_data = mock
+    info = mock
+    oauth_data.stubs(:info).returns(info)
+    oauth_data.stubs(:uid).returns('uid')
+    oauth_data.stubs(:provider).returns('provider')
+    info.stubs(:email).returns('test@example.com')
+    session[:oauth_data] = oauth_data
+    session[:provider_id] = provider.id
+
+    params[:user] = {:email => 'test@example.com'}
+    instance_eval(&plugin.account_controller_filters[:block])
+  end
+
+  should 'do not raise error if oauth session is not set' do
+    instance_eval(&plugin.account_controller_filters[:block])
+  end
+
+  should 'do not raise error if it is not a post' do
+    request.expects(:post?).returns(false)
+    params[:user] = {:email => 'test2@example.com'}
+
+    oauth_data = mock
+    oauth_data.stubs(:uid).returns('uid')
+    oauth_data.stubs(:provider).returns('provider')
+    session[:provider_id] = provider.id
+
+    session[:oauth_data] = oauth_data
+    instance_eval(&plugin.account_controller_filters[:block])
+  end
+
+end
@@ -0,0 +1,40 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserTest < ActiveSupport::TestCase
+
+  def setup
+    @provider = OauthClientPlugin::Provider.create!(:name => 'name', :strategy => 'strategy')
+  end
+  attr_reader :provider
+
+  should 'password is not required if there is a oauth provider' do
+    User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :oauth_providers => [provider])
+  end
+
+  should 'password is required if there is a oauth provider' do
+    user = User.new(:email => 'testoauth@example.com', :login => 'testoauth')
+    user.save
+    assert user.errors[:password].present?
+  end
+
+  should 'activate user when created with oauth' do
+    user = User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :oauth_providers => [provider])
+    assert user.activated?
+  end
+
+  should 'not activate user when created without oauth' do
+    user = fast_create(User)
+    assert !user.activated?
+  end
+
+  should 'not make activation code when created with oauth' do
+    user = User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :oauth_providers => [provider])
+    assert !user.activation_code
+  end
+
+  should 'make activation code when created without oauth' do
+    user = User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :password => 'test', :password_confirmation => 'test')
+    assert user.activation_code
+  end
+
+end
@@ -0,0 +1,11 @@
+<%= hidden_field_tag 'return_to', '/' %>
+
+<style>
+  #signup-password, #signup-password-confirmation, #signup-email {
+    display: none;
+  }
+</style>
+
+<div id='signup-email-readonly'>
+  <%= labelled_form_field(_('Email'), text_field(:user, :email, :class => "disabled", :readonly => true)) %>
+</div>
@@ -0,0 +1,16 @@
+<div class="oauth-login">
+  <% unless providers.empty? %>
+    <%= _('Login with:') %>
+  <% end %>
+  <% providers.each do |provider| %>
+    <span class="provider">
+      <%= link_to provider.image ? image_tag(provider.image.public_filename) : provider.name, "/plugin/oauth_client/#{provider.strategy}?id=#{provider.id}", :class => provider.strategy, :title => provider.name %>
+    </span>
+  <% end %>
+
+  <span class="provider">
+    <% unless Rails.env.production? %>
+      <%= link_to _('Developer Login'), "/plugin/oauth_client/developer", :class => 'developer' %>
+    <% end %>
+  </span>
+</div>
@@ -0,0 +1,5 @@
+<%= f.fields_for :client_options, OpenStruct.new(provider.options[:client_options]) do |c| %>
+  <div class="client-url">
+    <%= labelled_form_field _('Client Url'), c.text_field(:site) %>
+  </div>
+<% end %>
@@ -0,0 +1,39 @@
+<h1><%= _('Oauth Client Settings') %></h1>
+<h3><%= _('Edit Provider') %></h3>
+
+<%= form_for @provider, :url => {:action => 'edit'}, :method => 'post' do |f| %>
+
+  <div class="enabled">
+    <%= labelled_form_field f.check_box(:enabled) + _('Enabled'), '' %>
+  </div>
+
+  <div class="name">
+    <%= labelled_form_field _('Name'), f.text_field(:name) %>
+  </div>
+
+  <div class="strategy">
+    <%= labelled_form_field _('Strategy'), f.select(:strategy, OauthClientPlugin::PROVIDERS) %>
+  </div>
+
+  <div class="client-id">
+    <%= labelled_form_field _('Client Id'), f.text_field(:client_id) %>
+  </div>
+
+  <div class="client-secret">
+    <%= labelled_form_field _('Client Secret'), f.text_field(:client_secret) %>
+  </div>
+
+  <% if File.exists?(File.join(File.dirname(__FILE__), "_#{@provider.strategy}.html.erb")) %>
+    <%= render :partial => "#{@provider.strategy}", :locals => {:f => f, :provider => @provider} %>
+  <% end %>
+
+  <div class="image-icon">
+    <%= f.fields_for :image_builder, @provider.image do |i| %>
+      <%= file_field_or_thumbnail(_('Image:'), @provider.image, i) %><%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %>
+    <% end %>
+  </div>
+
+  <% button_bar do %>
+    <%= submit_button(:save, _('Save'), :cancel => {:action => 'index'}) %>
+  <% end %>
+<% end %>
@@ -0,0 +1,24 @@
+<h1><%= _('Oauth Client Settings') %></h1>
+<h3><%= _('Providers') %></h3>
+<%= button :add, _('New'), {:action => 'new'} %>
+<table>
+  <tr>
+    <th><%= _('Name') %></th>
+    <th><%= _('Strategy') %></th>
+    <th><%= _('Actions') %></th>
+  </tr>
+
+  <% environment.oauth_providers.each do |provider| %>
+    <tr>
+      <td><%= provider.name %></td>
+      <td><%= provider.strategy %></td>
+      <td>
+        <%= link_to _('Edit'), {:action => 'edit', :id => provider.id} %>
+        <%= link_to _('Remove'), {:action => 'remove', :id => provider.id} %>
+      </td>
+    </tr>
+  <% end %>
+</table>
+<div class="actions">
+  <%= button(:back, _('Go back'), {:controller => 'plugins', :action => 'index'}) %>
+</div>
@@ -0,0 +1 @@
+gem 'doorkeeper', '~> 1.4.0'
@@ -0,0 +1,47 @@
+README - Oauth Provider Plugin
+================================
+
+OauthProvider is a plugin which allow noosfero to be used as an oauth provider 
+
+Install
+=======
+
+Enable Plugin
+-------------
+
+cd <your_noosfero_dir>
+./script/noosfero-plugins enable oauth_provider
+
+Active Plugin
+-------------
+
+As a Noosfero administrator user, go to administrator panel:
+
+- Click on "Enable/disable plugins" option
+- Click on "Oauth Provider Plugin" check-box
+
+Varnish Settings
+================
+If varnish has been used in your stack, you've to prevent cookies to be removed when calling authorization actions for  oauth_provider. E.g.:
+
+```
+if (req.url !~ "^/plugin/oauth_provider/*" && req.http.cookie !~ "_noosfero_.*") {
+  unset req.http.cookie;
+  return(lookup);
+}
+```
+
+Development
+===========
+
+Running OauthProvider tests
+--------------------
+
+$ rake test:noosfero_plugins:oauth_provider
+
+License
+=======
+
+Copyright (c) The Author developers.
+
+See Noosfero license.
@@ -0,0 +1,8 @@
+module Doorkeeper
+  class ApplicationController < ApplicationController
+
+    include Helpers::Controller
+    helper 'doorkeeper/form_errors'
+
+  end
+end
@@ -0,0 +1,9 @@
+class OauthProviderApplicationsController < Doorkeeper::ApplicationsController
+
+  no_design_blocks
+  layout :get_layout
+
+  def show
+  end
+
+end
@@ -0,0 +1,9 @@
+class OauthProviderAuthorizationsController < Doorkeeper::AuthorizationsController
+
+  no_design_blocks
+  layout :get_layout
+
+  def index
+  end
+
+end
@@ -0,0 +1,6 @@
+class OauthProviderAuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
+
+  no_design_blocks
+  layout :get_layout
+
+end
@@ -0,0 +1,6 @@
+class OauthProviderPluginAdminController < AdminController
+
+  def index
+  end
+
+end
@@ -0,0 +1,10 @@
+class OauthProviderPluginPublicController < PublicController
+
+  doorkeeper_for :me
+
+  def me
+    user = environment.users.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+    render :json => {:id =>user.login, :email => user.email}.to_json
+  end
+
+end
@@ -0,0 +1,41 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         null: false
+      t.string  :uid,          null: false
+      t.string  :secret,       null: false
+      t.text    :redirect_uri, null: false
+      t.timestamps
+    end
+
+    add_index :oauth_applications, :uid, unique: true
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, null: false
+      t.integer  :application_id,    null: false
+      t.string   :token,             null: false
+      t.integer  :expires_in,        null: false
+      t.text     :redirect_uri,      null: false
+      t.datetime :created_at,        null: false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_grants, :token, unique: true
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.integer  :application_id
+      t.string   :token,             null: false
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        null: false
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+  end
+end
@@ -0,0 +1,55 @@
+class OauthProviderPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "Oauth Provider Plugin"
+  end
+
+  def self.plugin_description
+    _("Oauth Provider.")
+  end
+
+  def stylesheet?
+    true
+  end
+
+  Doorkeeper.configure do
+    orm :active_record
+
+    resource_owner_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      environment.users.find_by_id(session[:user]) || redirect_to('/account/login')
+    end
+
+    admin_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      user = environment.users.find_by_id(session[:user])
+      unless user && user.person.is_admin?(environment)
+        redirect_to('/account/login')
+      end
+      user
+    end
+
+    default_scopes :public
+  end
+
+  Rails.configuration.to_prepare do
+    Rails.application.routes.prepend do
+      scope 'oauth_provider' do
+        use_doorkeeper do
+          controllers ({
+            :applications => 'oauth_provider_applications',
+            :authorized_applications => 'oauth_provider_authorized_applications',
+            :authorizations => 'oauth_provider_authorizations'
+          })
+        end
+      end
+    end
+  end
+
+  SCOPE_TRANSLATION = {
+    'public' => _('Access your public data')
+  }
+
+end
@@ -0,0 +1,13 @@
+.oauth-provider-authorize .actions form {
+  display: inline-block;
+}
+.oauth-provider-authorize .h4 {
+  font-size: 14px;
+  color: rgb(36, 36, 36)
+}
+.oauth-provider-authorize #oauth-permissions {
+  color: rgb(92, 92, 92);
+}
+.oauth-provider .actions {
+  margin-top: 10px;
+}
@@ -0,0 +1,5 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag [:oauth, application] do %>
+  <input type="hidden" name="_method" value="delete">
+  <%= submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
+<% end %>
@@ -0,0 +1,39 @@
+<%= form_for [:oauth, application], html: {class: 'form-horizontal', role: 'form'} do |f| %>
+  <% if application.errors.any? %>
+    <div class="alert alert-danger" data-alert>
+      <p><%= _('Whoops! Check your form for possible errors') %></p>
+    </div>
+  <% end %>
+
+  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:name].present?}" do %>
+    <%= f.label :name, class: 'col-sm-2 control-label', for: 'application_name' %>
+    <div class="col-sm-10">
+      <%= f.text_field :name, class: 'form-control' %>
+      <%= doorkeeper_errors_for application, :name %>
+    </div>
+  <% end %>
+
+  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:redirect_uri].present?}" do %>
+    <%= f.label :redirect_uri, class: 'col-sm-2 control-label', for: 'application_redirect_uri' %>
+    <div class="col-sm-10">
+      <%= f.text_area :redirect_uri, class: 'form-control' %>
+      <%= doorkeeper_errors_for application, :redirect_uri %>
+      <span class="help-block">
+        <%= _('Use one line per URI') %>
+        </span>
+      <% if Doorkeeper.configuration.native_redirect_uri %>
+          <span class="help-block">
+            Use <code><%= Doorkeeper.configuration.native_redirect_uri %></code> for local tests
+          </span>
+      <% end %>
+    </div>
+  <% end %>
+
+  <div class="form-group">
+    <div class="col-sm-offset-2 col-sm-10">
+      <%= f.submit _('Submit'), class: "btn btn-primary" %>
+      <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %>
+    </div>
+  </div>
+<% end %>
+
@@ -0,0 +1,5 @@
+<div class="page-header">
+  <h1><%= _('Edit application') %></h1>
+</div>
+
+<%= render 'form', application: @application %>
@@ -0,0 +1,31 @@
+<div class="oauth-provider">
+<div class="page-header">
+  <h3><%= link_to _('Oauh Provider'), '/admin/plugin/oauth_provider' %></h3>
+</div>
+
+<p><%= link_to _('New Application'), new_oauth_application_path, class: 'btn btn-success' %></p>
+
+<table class="table table-striped">
+  <thead>
+  <tr>
+    <th><%= _('Name') %></th>
+    <th><%= _('Callback URL') %></th>
+    <th></th>
+    <th></th>
+  </tr>
+  </thead>
+  <tbody>
+  <% @applications.each do |application| %>
+    <tr id="application_<%= application.id %>">
+      <td><%= link_to application.name, [:oauth, application] %></td>
+      <td><%= application.redirect_uri %></td>
+      <td><%= link_to _('Edit'), edit_oauth_application_path(application), class: 'btn btn-link' %></td>
+      <td><%= render 'delete_form', application: application %></td>
+    </tr>
+  <% end %>
+  </tbody>
+</table>
+<div class="actions">
+  <%= button(:back, _('Go back'), {:controller => 'oauth_provider_plugin_admin', :action => 'index'}) %>
+</div>
+</div>
@@ -0,0 +1,5 @@
+<div class="page-header">
+  <h1>New application</h1>
+</div>
+
+<%= render 'form', application: @application %>
@@ -0,0 +1,40 @@
+<div class="page-header">
+  <h1><%= _('Application: %s' % @application.name) %></h1>
+</div>
+
+<div class="row">
+  <div class="col-md-8">
+    <h4><%= _('Application Id:') %></h4>
+
+    <p><code id="application_id"><%= @application.uid %></code></p>
+
+    <h4><%= _('Secret:') %></h4>
+
+    <p><code id="secret"><%= @application.secret %></code></p>
+
+    <h4><%= _('Callback urls:') %></h4>
+
+    <table>
+      <% @application.redirect_uri.split.each do |uri| %>
+        <tr>
+          <td>
+            <code><%= uri %></code>
+          </td>
+          <td>
+          </td>
+        </tr>
+      <% end %>
+    </table>
+  </div>
+
+  <div class="col-md-4">
+    <h3><%= _('Actions') %></h3>
+
+    <p>
+      <%= link_to _('Edit'), edit_oauth_application_path(@application), class: 'btn btn-primary' %>
+      <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %>
+    </p>
+
+    <p><%= render 'delete_form', application: @application, submit_btn_css: 'btn btn-danger' %></p>
+  </div>
+</div>
@@ -0,0 +1,7 @@
+<div class="page-header">
+  <h1>An error has occurred</h1>
+</div>
+
+<main role="main">
+  <pre><%= @pre_auth.error_response.body[:error_description] %></pre>
+</main>
@@ -0,0 +1,43 @@
+<div class="oauth-provider-authorize">
+
+<header class="page-header" role="banner">
+  <h1><%= _('Authorize required') %></h1>
+</header>
+
+<main role="main">
+  <p class="h4">
+  <%= _('Authorize %s to use your account?' % "<strong class=\"text-info\">#{@pre_auth.client.name}</strong>") %>
+  </p>
+
+  <% if @pre_auth.scopes %>
+    <div id="oauth-permissions">
+      <p><%= _('This application will be able to:') %></p>
+
+      <ul class="text-info">
+        <% @pre_auth.scopes.each do |scope| %>
+          <li><%= OauthProviderPlugin::SCOPE_TRANSLATION[scope] %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="actions">
+    <%= form_tag oauth_authorization_path, method: :post do %>
+      <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+      <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+      <%= hidden_field_tag :state, @pre_auth.state %>
+      <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= submit_button :ok, _("Authorize") %>
+    <% end %>
+    <%= form_tag oauth_authorization_path, method: :delete do %>
+      <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+      <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+      <%= hidden_field_tag :state, @pre_auth.state %>
+      <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= submit_button :cancel, _("Deny") %>
+    <% end %>
+  </div>
+</main>
+</div>
@@ -0,0 +1,7 @@
+<header class="page-header">
+  <h1>Authorization code:</h1>
+</header>
+
+<main role="main">
+  <code id="authorization_code"><%= params[:code] %></code>
+</main>
@@ -0,0 +1,5 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag oauth_authorized_application_path(application) do %>
+  <input type="hidden" name="_method" value="delete">
+  <%= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
+<% end %>
@@ -0,0 +1,31 @@
+<div class="oauth-provider">
+<header class="page-header">
+  <h1>Your authorized applications</h1>
+</header>
+
+<main role="main">
+  <table class="table table-striped">
+    <thead>
+    <tr>
+      <th>Application</th>
+      <th>Created At</th>
+      <th></th>
+      <th></th>
+    </tr>
+    </thead>
+    <tbody>
+    <% @applications.each do |application| %>
+      <tr>
+        <td><%= application.name %></td>
+        <td><%= application.created_at.strftime('%Y-%m-%d %H:%M:%S') %></td>
+        <td><%= render 'delete_form', application: application %></td>
+      </tr>
+    <% end %>
+    </tbody>
+  </table>
+</main>
+
+<div class="actions">
+  <%= button(:back, _('Go back'), :back) %>
+</div>
+</div>
@@ -0,0 +1,14 @@
+<div class="oauth-provider">
+<h3><%= _('Oauh Provider') %></h3>
+
+  <div class="applications">
+    <%= link_to _('Applications'), oauth_applications_path %>
+  </div>
+  <div class="authorized-applications">
+    <%= link_to _('Authorized Applications'), oauth_authorized_applications_path %>
+  </div>
+
+  <div class="actions">
+    <%= button(:back, _('Go back'), {:controller => 'plugins', :action => 'index'}) %>
+  </div>
+</div>
	@@ -16,7 +16,7 @@		@@ -16,7 +16,7 @@
16	<input type="hidden" id="signup_time_key" name="signup_time_key" />	16	<input type="hidden" id="signup_time_key" name="signup_time_key" />
17	<script type="text/javascript">	17	<script type="text/javascript">
18	jQuery.ajax({	18	jQuery.ajax({
19	- type: "POST",	19	+ type: "GET",
20	url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",	20	url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",
21	dataType: 'json',	21	dataType: 'json',
22	success: function(data) {	22	success: function(data) {
@@ -0,0 +1,3 @@		@@ -0,0 +1,3 @@
	1	+gem 'omniauth', '~> 1.2.2'
	2	+gem 'omniauth-facebook', '~> 2.0.0'
	3	+gem "omniauth-google-oauth2", '~> 0.2.6'
@@ -0,0 +1,72 @@		@@ -0,0 +1,72 @@
	1	+README - Oauth Client Plugin
	2	+================================
	3	+
	4	+OauthClient is a plugin which allow users to login/signup to noosfero with some oauth providers (for now, google, facebook and noosfero itself).
	5	+
	6	+Install
	7	+=======
	8	+
	9	+Enable Plugin
	10	+-------------
	11	+
	12	+cd <your_noosfero_dir>
	13	+./script/noosfero-plugins enable oauth_client
	14	+
	15	+Active Plugin
	16	+-------------
	17	+
	18	+As a Noosfero administrator user, go to administrator panel:
	19	+
	20	+- Click on "Enable/disable plugins" option
	21	+- Click on "Oauth Client Plugin" check-box
	22	+
	23	+Provider Settings
	24	+=================
	25	+
	26	+Goggle
	27	+------
	28	+
	29	+[Create Google+ application](https://developers.google.com/+/web/signin/javascript-flow)
	30	+
	31	+Facebook
	32	+--------
	33	+
	34	+[Create Facebook application](https://developers.facebook.com/docs/facebook-login/v2.1)
	35	+
	36	+Varnish Settings
	37	+================
	38	+If varnish has been used in your stack, you've to bypass the cache for signup page and prevent cookies to be removed when calling the oauth_client plugin callback. E.g.:
	39	+
	40	+```
	41	+if (req.url !~ "^/account/" && req.url !~ "^/plugin/oauth_provider/" && req.url !~ "^/plugin/oauth_client/" && req.http.cookie !~ "_noosfero_.") {
	42	+ unset req.http.cookie;
	43	+ return(lookup);
	44	+}
	45	+```
	46	+
	47	+Using Oauth Provider Plugin
	48	+===========================
	49	+The oauth_provider plugin may be used as a provider in the same noosfero installation that hosts your oauth_client plugin (this is usefull in a multi environment setup).
	50	+
	51	+However, you've to use a distinct set of thin processes to handle the authorization requests (to avoid deadlock).
	52	+
	53	+Apache settings example:
	54	+```
	55	+RewriteRule ^/oauth_provider/oauth/(authorize\|token).*$ balancer://noosfero-oauth-provider%{REQUEST_URI} [P,QSA,L]
	56	+```
	57	+
	58	+
	59	+Development
	60	+===========
	61	+
	62	+Running OauthClient tests
	63	+--------------------
	64	+
	65	+$ rake test:noosfero_plugins:oauth_client
	66	+
	67	+License
	68	+=======
	69	+
	70	+Copyright (c) The Author developers.
	71	+
	72	+See Noosfero license.
@@ -0,0 +1,27 @@		@@ -0,0 +1,27 @@
	1	+class OauthClientPluginAdminController < AdminController
	2	+
	3	+ def index
	4	+ end
	5	+
	6	+ def new
	7	+ @provider = environment.oauth_providers.new
	8	+ render :file => 'oauth_client_plugin_admin/edit'
	9	+ end
	10	+
	11	+ def remove
	12	+ environment.oauth_providers.find(params[:id]).destroy
	13	+ redirect_to :action => 'index'
	14	+ end
	15	+
	16	+ def edit
	17	+ @provider = params[:id] ? environment.oauth_providers.find(params[:id]) : environment.oauth_providers.new
	18	+ if request.post?
	19	+ if @provider.update_attributes(params['oauth_client_plugin_provider'])
	20	+ session[:notice] = _('Saved!')
	21	+ else
	22	+ session[:notice] = _('Error!')
	23	+ end
	24	+ end
	25	+ end
	26	+
	27	+end
@@ -0,0 +1,46 @@		@@ -0,0 +1,46 @@
	1	+class OauthClientPluginPublicController < PublicController
	2	+
	3	+ skip_before_filter :login_required
	4	+
	5	+ def callback
	6	+ auth = request.env["omniauth.auth"]
	7	+ user = environment.users.find_by_email(auth.info.email)
	8	+ user ? login(user) : signup(auth)
	9	+ end
	10	+
	11	+ def failure
	12	+ session[:notice] = _('Failed to login')
	13	+ redirect_to root_url
	14	+ end
	15	+
	16	+ def destroy
	17	+ session[:user] = nil
	18	+ redirect_to root_url
	19	+ end
	20	+
	21	+ protected
	22	+
	23	+ def login(user)
	24	+ provider = OauthClientPlugin::Provider.find(session[:provider_id])
	25	+ user_provider = user.oauth_user_providers.find_by_provider_id(provider.id)
	26	+ unless user_provider
	27	+ user_provider = user.oauth_user_providers.create(:user => user, :provider => provider, :enabled => true)
	28	+ end
	29	+ if user_provider.enabled? && provider.enabled?
	30	+ session[:user] = user.id
	31	+ else
	32	+ session[:notice] = _("Can't login with #{provider.name}")
	33	+ end
	34	+
	35	+ redirect_to :controller => :account, :action => :login
	36	+ end
	37	+
	38	+ def signup(auth)
	39	+ login = auth.info.email.split('@').first
	40	+ session[:oauth_data] = auth
	41	+ name = auth.info.name
	42	+ name \|\|= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : ''
	43	+ redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email}, :profile_data => {:name => name}
	44	+ end
	45	+
	46	+end
@@ -0,0 +1,19 @@		@@ -0,0 +1,19 @@
	1	+class CreateOauthClientPluginProvider < ActiveRecord::Migration
	2	+
	3	+ def self.up
	4	+ create_table :oauth_client_plugin_providers do \|t\|
	5	+ t.integer :environment_id
	6	+ t.string :strategy
	7	+ t.string :name
	8	+ t.text :options
	9	+ t.boolean :enabled
	10	+ t.integer :image_id
	11	+
	12	+ t.timestamps
	13	+ end
	14	+ end
	15	+
	16	+ def self.down
	17	+ drop_table :oauth_client_plugin_providers
	18	+ end
	19	+end
@@ -0,0 +1,14 @@		@@ -0,0 +1,14 @@
	1	+class CreateOauthClientUserProviders < ActiveRecord::Migration
	2	+ def self.up
	3	+ create_table :oauth_client_plugin_user_providers do \|t\|
	4	+ t.references :user
	5	+ t.references :provider
	6	+ t.boolean :enabled
	7	+ t.timestamps
	8	+ end
	9	+ end
	10	+
	11	+ def self.down
	12	+ drop_table :oauth_client_plugin_user_providers
	13	+ end
	14	+end
@@ -0,0 +1,7 @@		@@ -0,0 +1,7 @@
	1	+require_dependency 'environment'
	2	+
	3	+class Environment
	4	+
	5	+ has_many :oauth_providers, :class_name => 'OauthClientPlugin::Provider'
	6	+
	7	+end
@@ -0,0 +1,31 @@		@@ -0,0 +1,31 @@
	1	+require_dependency 'user'
	2	+
	3	+class User
	4	+
	5	+ has_many :oauth_user_providers, :class_name => 'OauthClientPlugin::UserProvider'
	6	+ has_many :oauth_providers, :through => :oauth_user_providers, :source => :provider
	7	+
	8	+ def password_required_with_oauth?
	9	+ password_required_without_oauth? && oauth_providers.empty?
	10	+ end
	11	+
	12	+ alias_method_chain :password_required?, :oauth
	13	+
	14	+ after_create :activate_oauth_user
	15	+
	16	+ def activate_oauth_user
	17	+ unless oauth_providers.empty?
	18	+ activate
	19	+ oauth_providers.each do \|provider\|
	20	+ OauthClientPlugin::UserProvider.create!(:user => self, :provider => provider, :enabled => true)
	21	+ end
	22	+ end
	23	+ end
	24	+
	25	+ def make_activation_code_with_oauth
	26	+ oauth_providers.blank? ? make_activation_code_without_oauth : nil
	27	+ end
	28	+
	29	+ alias_method_chain :make_activation_code, :oauth
	30	+
	31	+end
@@ -0,0 +1,95 @@		@@ -0,0 +1,95 @@
	1	+require 'omniauth/strategies/noosfero_oauth2'
	2	+
	3	+class OauthClientPlugin < Noosfero::Plugin
	4	+
	5	+ def self.plugin_name
	6	+ "Oauth Client Plugin"
	7	+ end
	8	+
	9	+ def self.plugin_description
	10	+ _("Login with Oauth.")
	11	+ end
	12	+
	13	+ def login_extra_contents
	14	+ plugin = self
	15	+ proc do
	16	+ render :partial => 'auth/oauth_login', :locals => {:providers => environment.oauth_providers.enabled}
	17	+ end
	18	+ end
	19	+
	20	+ def signup_extra_contents
	21	+ plugin = self
	22	+
	23	+ proc do
	24	+ if plugin.context.session[:oauth_data].present?
	25	+ render :partial => 'account/oauth_signup'
	26	+ else
	27	+ ''
	28	+ end
	29	+ end
	30	+ end
	31	+
	32	+ PROVIDERS = {
	33	+ :facebook => {
	34	+ :name => 'Facebook'
	35	+ },
	36	+ :google_oauth2 => {
	37	+ :name => 'Google'
	38	+ },
	39	+ :noosfero_oauth2 => {
	40	+ :name => 'Noosfero'
	41	+ }
	42	+ }
	43	+
	44	+ def stylesheet?
	45	+ true
	46	+ end
	47	+
	48	+ OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
	49	+
	50	+ Rails.application.config.middleware.use OmniAuth::Builder do
	51	+ PROVIDERS.each do \|provider, options\|
	52	+ setup = lambda { \|env\|
	53	+ request = Rack::Request.new(env)
	54	+ strategy = env['omniauth.strategy']
	55	+
	56	+ Noosfero::MultiTenancy.setup!(request.host)
	57	+ domain = Domain.find_by_name(request.host)
	58	+ environment = domain.environment rescue Environment.default
	59	+
	60	+ provider_id = request.params['id']
	61	+ provider_id \|\|= request.session['omniauth.params']['id'] if request.session['omniauth.params']
	62	+ provider = environment.oauth_providers.find(provider_id)
	63	+ strategy.options.merge!(provider.options.symbolize_keys)
	64	+
	65	+ request.session[:provider_id] = provider_id
	66	+ }
	67	+
	68	+ provider provider, :setup => setup,
	69	+ :path_prefix => '/plugin/oauth_client',
	70	+ :callback_path => "/plugin/oauth_client/public/callback/#{provider}",
	71	+ :client_options => { :connection_opts => { :proxy => ENV["OAUTH_HTTP_PROXY"] } }
	72	+ end
	73	+
	74	+ unless Rails.env.production?
	75	+ provider :developer, :path_prefix => "/plugin/oauth_client", :callback_path => "/plugin/oauth_client/public/callback/developer"
	76	+ end
	77	+ end
	78	+
	79	+ def account_controller_filters
	80	+ {
	81	+ :type => 'before_filter', :method_name => 'signup',
	82	+ :block => proc {
	83	+ auth = session[:oauth_data]
	84	+
	85	+ if auth.present? && params[:user].present?
	86	+ params[:user][:oauth_providers] = [OauthClientPlugin::Provider.find(session[:provider_id])]
	87	+ if request.post? && auth.info.email != params[:user][:email]
	88	+ raise "Wrong email for oauth signup"
	89	+ end
	90	+ end
	91	+ }
	92	+ }
	93	+ end
	94	+
	95	+end