diff --git a/plugins/oauth_provider/Gemfile b/plugins/oauth_provider/Gemfile new file mode 100644 index 0000000..ccaff8e --- /dev/null +++ b/plugins/oauth_provider/Gemfile @@ -0,0 +1 @@ +gem 'doorkeeper', '~> 1.4.0' diff --git a/plugins/oauth_provider/README.md b/plugins/oauth_provider/README.md new file mode 100644 index 0000000..6f35e63 --- /dev/null +++ b/plugins/oauth_provider/README.md @@ -0,0 +1,47 @@ +README - Oauth Provider Plugin +================================ + +OauthProvider is a plugin which allow noosfero to be used as an oauth provider + +Install +======= + +Enable Plugin +------------- + +cd +./script/noosfero-plugins enable oauth_provider + +Active Plugin +------------- + +As a Noosfero administrator user, go to administrator panel: + +- Click on "Enable/disable plugins" option +- Click on "Oauth Provider Plugin" check-box + +Varnish Settings +================ +If varnish has been used in your stack, you've to prevent cookies to be removed when calling authorization actions for oauth_provider. E.g.: + +``` +if (req.url !~ "^/plugin/oauth_provider/*" && req.http.cookie !~ "_noosfero_.*") { + unset req.http.cookie; + return(lookup); +} +``` + +Development +=========== + +Running OauthProvider tests +-------------------- + +$ rake test:noosfero_plugins:oauth_provider + +License +======= + +Copyright (c) The Author developers. + +See Noosfero license. diff --git a/plugins/oauth_provider/controllers/doorkeeper/application_controller.rb b/plugins/oauth_provider/controllers/doorkeeper/application_controller.rb new file mode 100644 index 0000000..75ac214 --- /dev/null +++ b/plugins/oauth_provider/controllers/doorkeeper/application_controller.rb @@ -0,0 +1,8 @@ +module Doorkeeper + class ApplicationController < ApplicationController + + include Helpers::Controller + helper 'doorkeeper/form_errors' + + end +end diff --git a/plugins/oauth_provider/controllers/oauth_provider_applications_controller.rb b/plugins/oauth_provider/controllers/oauth_provider_applications_controller.rb new file mode 100644 index 0000000..49b07b9 --- /dev/null +++ b/plugins/oauth_provider/controllers/oauth_provider_applications_controller.rb @@ -0,0 +1,9 @@ +class OauthProviderApplicationsController < Doorkeeper::ApplicationsController + + no_design_blocks + layout :get_layout + + def show + end + +end diff --git a/plugins/oauth_provider/controllers/oauth_provider_authorizations_controller.rb b/plugins/oauth_provider/controllers/oauth_provider_authorizations_controller.rb new file mode 100644 index 0000000..a48b70d --- /dev/null +++ b/plugins/oauth_provider/controllers/oauth_provider_authorizations_controller.rb @@ -0,0 +1,9 @@ +class OauthProviderAuthorizationsController < Doorkeeper::AuthorizationsController + + no_design_blocks + layout :get_layout + + def index + end + +end diff --git a/plugins/oauth_provider/controllers/oauth_provider_authorized_applications_controller.rb b/plugins/oauth_provider/controllers/oauth_provider_authorized_applications_controller.rb new file mode 100644 index 0000000..4f71984 --- /dev/null +++ b/plugins/oauth_provider/controllers/oauth_provider_authorized_applications_controller.rb @@ -0,0 +1,6 @@ +class OauthProviderAuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController + + no_design_blocks + layout :get_layout + +end diff --git a/plugins/oauth_provider/controllers/oauth_provider_plugin_admin_controller.rb b/plugins/oauth_provider/controllers/oauth_provider_plugin_admin_controller.rb new file mode 100644 index 0000000..3969069 --- /dev/null +++ b/plugins/oauth_provider/controllers/oauth_provider_plugin_admin_controller.rb @@ -0,0 +1,6 @@ +class OauthProviderPluginAdminController < AdminController + + def index + end + +end diff --git a/plugins/oauth_provider/controllers/public/oauth_provider_plugin_public_controller.rb b/plugins/oauth_provider/controllers/public/oauth_provider_plugin_public_controller.rb new file mode 100644 index 0000000..637b2ed --- /dev/null +++ b/plugins/oauth_provider/controllers/public/oauth_provider_plugin_public_controller.rb @@ -0,0 +1,10 @@ +class OauthProviderPluginPublicController < PublicController + + doorkeeper_for :me + + def me + user = environment.users.find(doorkeeper_token.resource_owner_id) if doorkeeper_token + render :json => {:id =>user.login, :email => user.email}.to_json + end + +end diff --git a/plugins/oauth_provider/db/migrate/20140829153047_create_doorkeeper_tables.rb b/plugins/oauth_provider/db/migrate/20140829153047_create_doorkeeper_tables.rb new file mode 100644 index 0000000..fd0bd10 --- /dev/null +++ b/plugins/oauth_provider/db/migrate/20140829153047_create_doorkeeper_tables.rb @@ -0,0 +1,41 @@ +class CreateDoorkeeperTables < ActiveRecord::Migration + def change + create_table :oauth_applications do |t| + t.string :name, null: false + t.string :uid, null: false + t.string :secret, null: false + t.text :redirect_uri, null: false + t.timestamps + end + + add_index :oauth_applications, :uid, unique: true + + create_table :oauth_access_grants do |t| + t.integer :resource_owner_id, null: false + t.integer :application_id, null: false + t.string :token, null: false + t.integer :expires_in, null: false + t.text :redirect_uri, null: false + t.datetime :created_at, null: false + t.datetime :revoked_at + t.string :scopes + end + + add_index :oauth_access_grants, :token, unique: true + + create_table :oauth_access_tokens do |t| + t.integer :resource_owner_id + t.integer :application_id + t.string :token, null: false + t.string :refresh_token + t.integer :expires_in + t.datetime :revoked_at + t.datetime :created_at, null: false + t.string :scopes + end + + add_index :oauth_access_tokens, :token, unique: true + add_index :oauth_access_tokens, :resource_owner_id + add_index :oauth_access_tokens, :refresh_token, unique: true + end +end diff --git a/plugins/oauth_provider/lib/oauth_provider_plugin.rb b/plugins/oauth_provider/lib/oauth_provider_plugin.rb new file mode 100644 index 0000000..2b7bc10 --- /dev/null +++ b/plugins/oauth_provider/lib/oauth_provider_plugin.rb @@ -0,0 +1,55 @@ +class OauthProviderPlugin < Noosfero::Plugin + + def self.plugin_name + "Oauth Provider Plugin" + end + + def self.plugin_description + _("Oauth Provider.") + end + + def stylesheet? + true + end + + Doorkeeper.configure do + orm :active_record + + resource_owner_authenticator do + domain = Domain.find_by_name(request.host) + environment = domain ? domain.environment : Environment.default + environment.users.find_by_id(session[:user]) || redirect_to('/account/login') + end + + admin_authenticator do + domain = Domain.find_by_name(request.host) + environment = domain ? domain.environment : Environment.default + user = environment.users.find_by_id(session[:user]) + unless user && user.person.is_admin?(environment) + redirect_to('/account/login') + end + user + end + + default_scopes :public + end + + Rails.configuration.to_prepare do + Rails.application.routes.prepend do + scope 'oauth_provider' do + use_doorkeeper do + controllers ({ + :applications => 'oauth_provider_applications', + :authorized_applications => 'oauth_provider_authorized_applications', + :authorizations => 'oauth_provider_authorizations' + }) + end + end + end + end + + SCOPE_TRANSLATION = { + 'public' => _('Access your public data') + } + +end diff --git a/plugins/oauth_provider/public/style.css b/plugins/oauth_provider/public/style.css new file mode 100644 index 0000000..47ed2ab --- /dev/null +++ b/plugins/oauth_provider/public/style.css @@ -0,0 +1,13 @@ +.oauth-provider-authorize .actions form { + display: inline-block; +} +.oauth-provider-authorize .h4 { + font-size: 14px; + color: rgb(36, 36, 36) +} +.oauth-provider-authorize #oauth-permissions { + color: rgb(92, 92, 92); +} +.oauth-provider .actions { + margin-top: 10px; +} diff --git a/plugins/oauth_provider/views/doorkeeper/applications/_delete_form.html.erb b/plugins/oauth_provider/views/doorkeeper/applications/_delete_form.html.erb new file mode 100644 index 0000000..0a407db --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/applications/_delete_form.html.erb @@ -0,0 +1,5 @@ +<%- submit_btn_css ||= 'btn btn-link' %> +<%= form_tag [:oauth, application] do %> + + <%= submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css %> +<% end %> diff --git a/plugins/oauth_provider/views/doorkeeper/applications/_form.html.erb b/plugins/oauth_provider/views/doorkeeper/applications/_form.html.erb new file mode 100644 index 0000000..7ea09dc --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/applications/_form.html.erb @@ -0,0 +1,39 @@ +<%= form_for [:oauth, application], html: {class: 'form-horizontal', role: 'form'} do |f| %> + <% if application.errors.any? %> +
+

<%= _('Whoops! Check your form for possible errors') %>

+
+ <% end %> + + <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:name].present?}" do %> + <%= f.label :name, class: 'col-sm-2 control-label', for: 'application_name' %> +
+ <%= f.text_field :name, class: 'form-control' %> + <%= doorkeeper_errors_for application, :name %> +
+ <% end %> + + <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:redirect_uri].present?}" do %> + <%= f.label :redirect_uri, class: 'col-sm-2 control-label', for: 'application_redirect_uri' %> +
+ <%= f.text_area :redirect_uri, class: 'form-control' %> + <%= doorkeeper_errors_for application, :redirect_uri %> + + <%= _('Use one line per URI') %> + + <% if Doorkeeper.configuration.native_redirect_uri %> + + Use <%= Doorkeeper.configuration.native_redirect_uri %> for local tests + + <% end %> +
+ <% end %> + +
+
+ <%= f.submit _('Submit'), class: "btn btn-primary" %> + <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %> +
+
+<% end %> + diff --git a/plugins/oauth_provider/views/doorkeeper/applications/edit.html.erb b/plugins/oauth_provider/views/doorkeeper/applications/edit.html.erb new file mode 100644 index 0000000..6fceb40 --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/applications/edit.html.erb @@ -0,0 +1,5 @@ + + +<%= render 'form', application: @application %> diff --git a/plugins/oauth_provider/views/doorkeeper/applications/index.html.erb b/plugins/oauth_provider/views/doorkeeper/applications/index.html.erb new file mode 100644 index 0000000..2cc3631 --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/applications/index.html.erb @@ -0,0 +1,31 @@ +
+ + +

<%= link_to _('New Application'), new_oauth_application_path, class: 'btn btn-success' %>

+ + + + + + + + + + + + <% @applications.each do |application| %> + + + + + + + <% end %> + +
<%= _('Name') %><%= _('Callback URL') %>
<%= link_to application.name, [:oauth, application] %><%= application.redirect_uri %><%= link_to _('Edit'), edit_oauth_application_path(application), class: 'btn btn-link' %><%= render 'delete_form', application: application %>
+
+ <%= button(:back, _('Go back'), {:controller => 'oauth_provider_plugin_admin', :action => 'index'}) %> +
+
diff --git a/plugins/oauth_provider/views/doorkeeper/applications/new.html.erb b/plugins/oauth_provider/views/doorkeeper/applications/new.html.erb new file mode 100644 index 0000000..68934dd --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/applications/new.html.erb @@ -0,0 +1,5 @@ + + +<%= render 'form', application: @application %> diff --git a/plugins/oauth_provider/views/doorkeeper/applications/show.html.erb b/plugins/oauth_provider/views/doorkeeper/applications/show.html.erb new file mode 100644 index 0000000..1a68133 --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/applications/show.html.erb @@ -0,0 +1,40 @@ + + +
+
+

<%= _('Application Id:') %>

+ +

<%= @application.uid %>

+ +

<%= _('Secret:') %>

+ +

<%= @application.secret %>

+ +

<%= _('Callback urls:') %>

+ + + <% @application.redirect_uri.split.each do |uri| %> + + + + + <% end %> +
+ <%= uri %> + +
+
+ +
+

<%= _('Actions') %>

+ +

+ <%= link_to _('Edit'), edit_oauth_application_path(@application), class: 'btn btn-primary' %> + <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %> +

+ +

<%= render 'delete_form', application: @application, submit_btn_css: 'btn btn-danger' %>

+
+
diff --git a/plugins/oauth_provider/views/doorkeeper/authorizations/error.html.erb b/plugins/oauth_provider/views/doorkeeper/authorizations/error.html.erb new file mode 100644 index 0000000..d374a6c --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/authorizations/error.html.erb @@ -0,0 +1,7 @@ + + +
+
<%= @pre_auth.error_response.body[:error_description] %>
+
diff --git a/plugins/oauth_provider/views/doorkeeper/authorizations/new.html.erb b/plugins/oauth_provider/views/doorkeeper/authorizations/new.html.erb new file mode 100644 index 0000000..9326365 --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/authorizations/new.html.erb @@ -0,0 +1,43 @@ +
+ + + +
+

+ <%= _('Authorize %s to use your account?' % "#{@pre_auth.client.name}") %> +

+ + <% if @pre_auth.scopes %> +
+

<%= _('This application will be able to:') %>

+ +
    + <% @pre_auth.scopes.each do |scope| %> +
  • <%= OauthProviderPlugin::SCOPE_TRANSLATION[scope] %>
  • + <% end %> +
+
+ <% end %> + +
+ <%= form_tag oauth_authorization_path, method: :post do %> + <%= hidden_field_tag :client_id, @pre_auth.client.uid %> + <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %> + <%= hidden_field_tag :state, @pre_auth.state %> + <%= hidden_field_tag :response_type, @pre_auth.response_type %> + <%= hidden_field_tag :scope, @pre_auth.scope %> + <%= submit_button :ok, _("Authorize") %> + <% end %> + <%= form_tag oauth_authorization_path, method: :delete do %> + <%= hidden_field_tag :client_id, @pre_auth.client.uid %> + <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %> + <%= hidden_field_tag :state, @pre_auth.state %> + <%= hidden_field_tag :response_type, @pre_auth.response_type %> + <%= hidden_field_tag :scope, @pre_auth.scope %> + <%= submit_button :cancel, _("Deny") %> + <% end %> +
+
+
diff --git a/plugins/oauth_provider/views/doorkeeper/authorizations/show.html.erb b/plugins/oauth_provider/views/doorkeeper/authorizations/show.html.erb new file mode 100644 index 0000000..2a47be1 --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/authorizations/show.html.erb @@ -0,0 +1,7 @@ + + +
+ <%= params[:code] %> +
diff --git a/plugins/oauth_provider/views/doorkeeper/authorized_applications/_delete_form.html.erb b/plugins/oauth_provider/views/doorkeeper/authorized_applications/_delete_form.html.erb new file mode 100644 index 0000000..92b5a61 --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/authorized_applications/_delete_form.html.erb @@ -0,0 +1,5 @@ +<%- submit_btn_css ||= 'btn btn-link' %> +<%= form_tag oauth_authorized_application_path(application) do %> + + <%= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: submit_btn_css %> +<% end %> diff --git a/plugins/oauth_provider/views/doorkeeper/authorized_applications/index.html.erb b/plugins/oauth_provider/views/doorkeeper/authorized_applications/index.html.erb new file mode 100644 index 0000000..0b9a6c3 --- /dev/null +++ b/plugins/oauth_provider/views/doorkeeper/authorized_applications/index.html.erb @@ -0,0 +1,31 @@ +
+ + +
+ + + + + + + + + + + <% @applications.each do |application| %> + + + + + + <% end %> + +
ApplicationCreated At
<%= application.name %><%= application.created_at.strftime('%Y-%m-%d %H:%M:%S') %><%= render 'delete_form', application: application %>
+
+ +
+ <%= button(:back, _('Go back'), :back) %> +
+
diff --git a/plugins/oauth_provider/views/oauth_provider_plugin_admin/index.html.erb b/plugins/oauth_provider/views/oauth_provider_plugin_admin/index.html.erb new file mode 100644 index 0000000..3d4fca2 --- /dev/null +++ b/plugins/oauth_provider/views/oauth_provider_plugin_admin/index.html.erb @@ -0,0 +1,14 @@ +
+

<%= _('Oauh Provider') %>

+ +
+ <%= link_to _('Applications'), oauth_applications_path %> +
+
+ <%= link_to _('Authorized Applications'), oauth_authorized_applications_path %> +
+ +
+ <%= button(:back, _('Go back'), {:controller => 'plugins', :action => 'index'}) %> +
+
-- libgit2 0.21.2