Add oauth provider plugin

Victor Costa
1 parent 82325df3
Showing 23 changed files with 437 additions and 0 deletions Show diff stats
plugins/oauth_provider/Gemfile
plugins/oauth_provider/README.md
plugins/oauth_provider/controllers/doorkeeper/application_controller.rb
plugins/oauth_provider/controllers/oauth_provider_applications_controller.rb
plugins/oauth_provider/controllers/oauth_provider_authorizations_controller.rb
plugins/oauth_provider/controllers/oauth_provider_authorized_applications_controller.rb
plugins/oauth_provider/controllers/oauth_provider_plugin_admin_controller.rb
plugins/oauth_provider/controllers/public/oauth_provider_plugin_public_controller.rb
plugins/oauth_provider/db/migrate/20140829153047_create_doorkeeper_tables.rb
plugins/oauth_provider/lib/oauth_provider_plugin.rb
plugins/oauth_provider/public/style.css
plugins/oauth_provider/views/doorkeeper/applications/_delete_form.html.erb
plugins/oauth_provider/views/doorkeeper/applications/_form.html.erb
plugins/oauth_provider/views/doorkeeper/applications/edit.html.erb
plugins/oauth_provider/views/doorkeeper/applications/index.html.erb
plugins/oauth_provider/views/doorkeeper/applications/new.html.erb
plugins/oauth_provider/views/doorkeeper/applications/show.html.erb
plugins/oauth_provider/views/doorkeeper/authorizations/error.html.erb
plugins/oauth_provider/views/doorkeeper/authorizations/new.html.erb
plugins/oauth_provider/views/doorkeeper/authorizations/show.html.erb
@@ -0,0 +1 @@
+gem 'doorkeeper', '~> 1.4.0'
@@ -0,0 +1,47 @@
+README - Oauth Provider Plugin
+================================
+
+OauthProvider is a plugin which allow noosfero to be used as an oauth provider 
+
+Install
+=======
+
+Enable Plugin
+-------------
+
+cd <your_noosfero_dir>
+./script/noosfero-plugins enable oauth_provider
+
+Active Plugin
+-------------
+
+As a Noosfero administrator user, go to administrator panel:
+
+- Click on "Enable/disable plugins" option
+- Click on "Oauth Provider Plugin" check-box
+
+Varnish Settings
+================
+If varnish has been used in your stack, you've to prevent cookies to be removed when calling authorization actions for  oauth_provider. E.g.:
+
+```
+if (req.url !~ "^/plugin/oauth_provider/*" && req.http.cookie !~ "_noosfero_.*") {
+  unset req.http.cookie;
+  return(lookup);
+}
+```
+
+Development
+===========
+
+Running OauthProvider tests
+--------------------
+
+$ rake test:noosfero_plugins:oauth_provider
+
+License
+=======
+
+Copyright (c) The Author developers.
+
+See Noosfero license.
@@ -0,0 +1,8 @@
+module Doorkeeper
+  class ApplicationController < ApplicationController
+
+    include Helpers::Controller
+    helper 'doorkeeper/form_errors'
+
+  end
+end
@@ -0,0 +1,9 @@
+class OauthProviderApplicationsController < Doorkeeper::ApplicationsController
+
+  no_design_blocks
+  layout :get_layout
+
+  def show
+  end
+
+end
@@ -0,0 +1,9 @@
+class OauthProviderAuthorizationsController < Doorkeeper::AuthorizationsController
+
+  no_design_blocks
+  layout :get_layout
+
+  def index
+  end
+
+end
@@ -0,0 +1,6 @@
+class OauthProviderAuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
+
+  no_design_blocks
+  layout :get_layout
+
+end
@@ -0,0 +1,6 @@
+class OauthProviderPluginAdminController < AdminController
+
+  def index
+  end
+
+end
@@ -0,0 +1,10 @@
+class OauthProviderPluginPublicController < PublicController
+
+  doorkeeper_for :me
+
+  def me
+    user = environment.users.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+    render :json => {:id =>user.login, :email => user.email}.to_json
+  end
+
+end
@@ -0,0 +1,41 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         null: false
+      t.string  :uid,          null: false
+      t.string  :secret,       null: false
+      t.text    :redirect_uri, null: false
+      t.timestamps
+    end
+
+    add_index :oauth_applications, :uid, unique: true
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, null: false
+      t.integer  :application_id,    null: false
+      t.string   :token,             null: false
+      t.integer  :expires_in,        null: false
+      t.text     :redirect_uri,      null: false
+      t.datetime :created_at,        null: false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_grants, :token, unique: true
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.integer  :application_id
+      t.string   :token,             null: false
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        null: false
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+  end
+end
@@ -0,0 +1,55 @@
+class OauthProviderPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "Oauth Provider Plugin"
+  end
+
+  def self.plugin_description
+    _("Oauth Provider.")
+  end
+
+  def stylesheet?
+    true
+  end
+
+  Doorkeeper.configure do
+    orm :active_record
+
+    resource_owner_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      environment.users.find_by_id(session[:user]) || redirect_to('/account/login')
+    end
+
+    admin_authenticator do
+      domain = Domain.find_by_name(request.host)
+      environment = domain ? domain.environment : Environment.default
+      user = environment.users.find_by_id(session[:user])
+      unless user && user.person.is_admin?(environment)
+        redirect_to('/account/login')
+      end
+      user
+    end
+
+    default_scopes :public
+  end
+
+  Rails.configuration.to_prepare do
+    Rails.application.routes.prepend do
+      scope 'oauth_provider' do
+        use_doorkeeper do
+          controllers ({
+            :applications => 'oauth_provider_applications',
+            :authorized_applications => 'oauth_provider_authorized_applications',
+            :authorizations => 'oauth_provider_authorizations'
+          })
+        end
+      end
+    end
+  end
+
+  SCOPE_TRANSLATION = {
+    'public' => _('Access your public data')
+  }
+
+end
@@ -0,0 +1,13 @@
+.oauth-provider-authorize .actions form {
+  display: inline-block;
+}
+.oauth-provider-authorize .h4 {
+  font-size: 14px;
+  color: rgb(36, 36, 36)
+}
+.oauth-provider-authorize #oauth-permissions {
+  color: rgb(92, 92, 92);
+}
+.oauth-provider .actions {
+  margin-top: 10px;
+}
@@ -0,0 +1,5 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag [:oauth, application] do %>
+  <input type="hidden" name="_method" value="delete">
+  <%= submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
+<% end %>
@@ -0,0 +1,39 @@
+<%= form_for [:oauth, application], html: {class: 'form-horizontal', role: 'form'} do |f| %>
+  <% if application.errors.any? %>
+    <div class="alert alert-danger" data-alert>
+      <p><%= _('Whoops! Check your form for possible errors') %></p>
+    </div>
+  <% end %>
+
+  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:name].present?}" do %>
+    <%= f.label :name, class: 'col-sm-2 control-label', for: 'application_name' %>
+    <div class="col-sm-10">
+      <%= f.text_field :name, class: 'form-control' %>
+      <%= doorkeeper_errors_for application, :name %>
+    </div>
+  <% end %>
+
+  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:redirect_uri].present?}" do %>
+    <%= f.label :redirect_uri, class: 'col-sm-2 control-label', for: 'application_redirect_uri' %>
+    <div class="col-sm-10">
+      <%= f.text_area :redirect_uri, class: 'form-control' %>
+      <%= doorkeeper_errors_for application, :redirect_uri %>
+      <span class="help-block">
+        <%= _('Use one line per URI') %>
+        </span>
+      <% if Doorkeeper.configuration.native_redirect_uri %>
+          <span class="help-block">
+            Use <code><%= Doorkeeper.configuration.native_redirect_uri %></code> for local tests
+          </span>
+      <% end %>
+    </div>
+  <% end %>
+
+  <div class="form-group">
+    <div class="col-sm-offset-2 col-sm-10">
+      <%= f.submit _('Submit'), class: "btn btn-primary" %>
+      <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %>
+    </div>
+  </div>
+<% end %>
+
@@ -0,0 +1,5 @@
+<div class="page-header">
+  <h1><%= _('Edit application') %></h1>
+</div>
+
+<%= render 'form', application: @application %>
@@ -0,0 +1,31 @@
+<div class="oauth-provider">
+<div class="page-header">
+  <h3><%= link_to _('Oauh Provider'), '/admin/plugin/oauth_provider' %></h3>
+</div>
+
+<p><%= link_to _('New Application'), new_oauth_application_path, class: 'btn btn-success' %></p>
+
+<table class="table table-striped">
+  <thead>
+  <tr>
+    <th><%= _('Name') %></th>
+    <th><%= _('Callback URL') %></th>
+    <th></th>
+    <th></th>
+  </tr>
+  </thead>
+  <tbody>
+  <% @applications.each do |application| %>
+    <tr id="application_<%= application.id %>">
+      <td><%= link_to application.name, [:oauth, application] %></td>
+      <td><%= application.redirect_uri %></td>
+      <td><%= link_to _('Edit'), edit_oauth_application_path(application), class: 'btn btn-link' %></td>
+      <td><%= render 'delete_form', application: application %></td>
+    </tr>
+  <% end %>
+  </tbody>
+</table>
+<div class="actions">
+  <%= button(:back, _('Go back'), {:controller => 'oauth_provider_plugin_admin', :action => 'index'}) %>
+</div>
+</div>
@@ -0,0 +1,5 @@
+<div class="page-header">
+  <h1>New application</h1>
+</div>
+
+<%= render 'form', application: @application %>
@@ -0,0 +1,40 @@
+<div class="page-header">
+  <h1><%= _('Application: %s' % @application.name) %></h1>
+</div>
+
+<div class="row">
+  <div class="col-md-8">
+    <h4><%= _('Application Id:') %></h4>
+
+    <p><code id="application_id"><%= @application.uid %></code></p>
+
+    <h4><%= _('Secret:') %></h4>
+
+    <p><code id="secret"><%= @application.secret %></code></p>
+
+    <h4><%= _('Callback urls:') %></h4>
+
+    <table>
+      <% @application.redirect_uri.split.each do |uri| %>
+        <tr>
+          <td>
+            <code><%= uri %></code>
+          </td>
+          <td>
+          </td>
+        </tr>
+      <% end %>
+    </table>
+  </div>
+
+  <div class="col-md-4">
+    <h3><%= _('Actions') %></h3>
+
+    <p>
+      <%= link_to _('Edit'), edit_oauth_application_path(@application), class: 'btn btn-primary' %>
+      <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %>
+    </p>
+
+    <p><%= render 'delete_form', application: @application, submit_btn_css: 'btn btn-danger' %></p>
+  </div>
+</div>
@@ -0,0 +1,7 @@
+<div class="page-header">
+  <h1>An error has occurred</h1>
+</div>
+
+<main role="main">
+  <pre><%= @pre_auth.error_response.body[:error_description] %></pre>
+</main>
@@ -0,0 +1,43 @@
+<div class="oauth-provider-authorize">
+
+<header class="page-header" role="banner">
+  <h1><%= _('Authorize required') %></h1>
+</header>
+
+<main role="main">
+  <p class="h4">
+  <%= _('Authorize %s to use your account?' % "<strong class=\"text-info\">#{@pre_auth.client.name}</strong>") %>
+  </p>
+
+  <% if @pre_auth.scopes %>
+    <div id="oauth-permissions">
+      <p><%= _('This application will be able to:') %></p>
+
+      <ul class="text-info">
+        <% @pre_auth.scopes.each do |scope| %>
+          <li><%= OauthProviderPlugin::SCOPE_TRANSLATION[scope] %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="actions">
+    <%= form_tag oauth_authorization_path, method: :post do %>
+      <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+      <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+      <%= hidden_field_tag :state, @pre_auth.state %>
+      <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= submit_button :ok, _("Authorize") %>
+    <% end %>
+    <%= form_tag oauth_authorization_path, method: :delete do %>
+      <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+      <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+      <%= hidden_field_tag :state, @pre_auth.state %>
+      <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= submit_button :cancel, _("Deny") %>
+    <% end %>
+  </div>
+</main>
+</div>
@@ -0,0 +1,7 @@
+<header class="page-header">
+  <h1>Authorization code:</h1>
+</header>
+
+<main role="main">
+  <code id="authorization_code"><%= params[:code] %></code>
+</main>
@@ -0,0 +1,5 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag oauth_authorized_application_path(application) do %>
+  <input type="hidden" name="_method" value="delete">
+  <%= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
+<% end %>
@@ -0,0 +1,31 @@
+<div class="oauth-provider">
+<header class="page-header">
+  <h1>Your authorized applications</h1>
+</header>
+
+<main role="main">
+  <table class="table table-striped">
+    <thead>
+    <tr>
+      <th>Application</th>
+      <th>Created At</th>
+      <th></th>
+      <th></th>
+    </tr>
+    </thead>
+    <tbody>
+    <% @applications.each do |application| %>
+      <tr>
+        <td><%= application.name %></td>
+        <td><%= application.created_at.strftime('%Y-%m-%d %H:%M:%S') %></td>
+        <td><%= render 'delete_form', application: application %></td>
+      </tr>
+    <% end %>
+    </tbody>
+  </table>
+</main>
+
+<div class="actions">
+  <%= button(:back, _('Go back'), :back) %>
+</div>
+</div>
@@ -0,0 +1,14 @@
+<div class="oauth-provider">
+<h3><%= _('Oauh Provider') %></h3>
+
+  <div class="applications">
+    <%= link_to _('Applications'), oauth_applications_path %>
+  </div>
+  <div class="authorized-applications">
+    <%= link_to _('Authorized Applications'), oauth_authorized_applications_path %>
+  </div>
+
+  <div class="actions">
+    <%= button(:back, _('Go back'), {:controller => 'plugins', :action => 'index'}) %>
+  </div>
+</div>
...	...	@@ -0,0 +1,47 @@
	1	+README - Oauth Provider Plugin
	2	+================================
	3	+
	4	+OauthProvider is a plugin which allow noosfero to be used as an oauth provider
	5	+
	6	+Install
	7	+=======
	8	+
	9	+Enable Plugin
	10	+-------------
	11	+
	12	+cd <your_noosfero_dir>
	13	+./script/noosfero-plugins enable oauth_provider
	14	+
	15	+Active Plugin
	16	+-------------
	17	+
	18	+As a Noosfero administrator user, go to administrator panel:
	19	+
	20	+- Click on "Enable/disable plugins" option
	21	+- Click on "Oauth Provider Plugin" check-box
	22	+
	23	+Varnish Settings
	24	+================
	25	+If varnish has been used in your stack, you've to prevent cookies to be removed when calling authorization actions for oauth_provider. E.g.:
	26	+
	27	+```
	28	+if (req.url !~ "^/plugin/oauth_provider/" && req.http.cookie !~ "_noosfero_.") {
	29	+ unset req.http.cookie;
	30	+ return(lookup);
	31	+}
	32	+```
	33	+
	34	+Development
	35	+===========
	36	+
	37	+Running OauthProvider tests
	38	+--------------------
	39	+
	40	+$ rake test:noosfero_plugins:oauth_provider
	41	+
	42	+License
	43	+=======
	44	+
	45	+Copyright (c) The Author developers.
	46	+
	47	+See Noosfero license.
...	...
...	...	@@ -0,0 +1,8 @@
	1	+module Doorkeeper
	2	+ class ApplicationController < ApplicationController
	3	+
	4	+ include Helpers::Controller
	5	+ helper 'doorkeeper/form_errors'
	6	+
	7	+ end
	8	+end
...	...
...	...	@@ -0,0 +1,9 @@
	1	+class OauthProviderApplicationsController < Doorkeeper::ApplicationsController
	2	+
	3	+ no_design_blocks
	4	+ layout :get_layout
	5	+
	6	+ def show
	7	+ end
	8	+
	9	+end
...	...
...	...	@@ -0,0 +1,9 @@
	1	+class OauthProviderAuthorizationsController < Doorkeeper::AuthorizationsController
	2	+
	3	+ no_design_blocks
	4	+ layout :get_layout
	5	+
	6	+ def index
	7	+ end
	8	+
	9	+end
...	...
...	...	@@ -0,0 +1,6 @@
	1	+class OauthProviderAuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
	2	+
	3	+ no_design_blocks
	4	+ layout :get_layout
	5	+
	6	+end
...	...
...	...	@@ -0,0 +1,6 @@
	1	+class OauthProviderPluginAdminController < AdminController
	2	+
	3	+ def index
	4	+ end
	5	+
	6	+end
...	...
...	...	@@ -0,0 +1,10 @@
	1	+class OauthProviderPluginPublicController < PublicController
	2	+
	3	+ doorkeeper_for :me
	4	+
	5	+ def me
	6	+ user = environment.users.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
	7	+ render :json => {:id =>user.login, :email => user.email}.to_json
	8	+ end
	9	+
	10	+end
...	...
...	...	@@ -0,0 +1,41 @@
	1	+class CreateDoorkeeperTables < ActiveRecord::Migration
	2	+ def change
	3	+ create_table :oauth_applications do \|t\|
	4	+ t.string :name, null: false
	5	+ t.string :uid, null: false
	6	+ t.string :secret, null: false
	7	+ t.text :redirect_uri, null: false
	8	+ t.timestamps
	9	+ end
	10	+
	11	+ add_index :oauth_applications, :uid, unique: true
	12	+
	13	+ create_table :oauth_access_grants do \|t\|
	14	+ t.integer :resource_owner_id, null: false
	15	+ t.integer :application_id, null: false
	16	+ t.string :token, null: false
	17	+ t.integer :expires_in, null: false
	18	+ t.text :redirect_uri, null: false
	19	+ t.datetime :created_at, null: false
	20	+ t.datetime :revoked_at
	21	+ t.string :scopes
	22	+ end
	23	+
	24	+ add_index :oauth_access_grants, :token, unique: true
	25	+
	26	+ create_table :oauth_access_tokens do \|t\|
	27	+ t.integer :resource_owner_id
	28	+ t.integer :application_id
	29	+ t.string :token, null: false
	30	+ t.string :refresh_token
	31	+ t.integer :expires_in
	32	+ t.datetime :revoked_at
	33	+ t.datetime :created_at, null: false
	34	+ t.string :scopes
	35	+ end
	36	+
	37	+ add_index :oauth_access_tokens, :token, unique: true
	38	+ add_index :oauth_access_tokens, :resource_owner_id
	39	+ add_index :oauth_access_tokens, :refresh_token, unique: true
	40	+ end
	41	+end
...	...
...	...	@@ -0,0 +1,55 @@
	1	+class OauthProviderPlugin < Noosfero::Plugin
	2	+
	3	+ def self.plugin_name
	4	+ "Oauth Provider Plugin"
	5	+ end
	6	+
	7	+ def self.plugin_description
	8	+ _("Oauth Provider.")
	9	+ end
	10	+
	11	+ def stylesheet?
	12	+ true
	13	+ end
	14	+
	15	+ Doorkeeper.configure do
	16	+ orm :active_record
	17	+
	18	+ resource_owner_authenticator do
	19	+ domain = Domain.find_by_name(request.host)
	20	+ environment = domain ? domain.environment : Environment.default
	21	+ environment.users.find_by_id(session[:user]) \|\| redirect_to('/account/login')
	22	+ end
	23	+
	24	+ admin_authenticator do
	25	+ domain = Domain.find_by_name(request.host)
	26	+ environment = domain ? domain.environment : Environment.default
	27	+ user = environment.users.find_by_id(session[:user])
	28	+ unless user && user.person.is_admin?(environment)
	29	+ redirect_to('/account/login')
	30	+ end
	31	+ user
	32	+ end
	33	+
	34	+ default_scopes :public
	35	+ end
	36	+
	37	+ Rails.configuration.to_prepare do
	38	+ Rails.application.routes.prepend do
	39	+ scope 'oauth_provider' do
	40	+ use_doorkeeper do
	41	+ controllers ({
	42	+ :applications => 'oauth_provider_applications',
	43	+ :authorized_applications => 'oauth_provider_authorized_applications',
	44	+ :authorizations => 'oauth_provider_authorizations'
	45	+ })
	46	+ end
	47	+ end
	48	+ end
	49	+ end
	50	+
	51	+ SCOPE_TRANSLATION = {
	52	+ 'public' => _('Access your public data')
	53	+ }
	54	+
	55	+end
...	...
...	...	@@ -0,0 +1,13 @@
	1	+.oauth-provider-authorize .actions form {
	2	+ display: inline-block;
	3	+}
	4	+.oauth-provider-authorize .h4 {
	5	+ font-size: 14px;
	6	+ color: rgb(36, 36, 36)
	7	+}
	8	+.oauth-provider-authorize #oauth-permissions {
	9	+ color: rgb(92, 92, 92);
	10	+}
	11	+.oauth-provider .actions {
	12	+ margin-top: 10px;
	13	+}
...	...