Commit 8f0d8761001c65c52959e215424fc0059e1c7dd4
1 parent
82325df3
Exists in
master
and in
29 other branches
Add oauth provider plugin
Showing
23 changed files
with
437 additions
and
0 deletions
Show diff stats
@@ -0,0 +1 @@ | @@ -0,0 +1 @@ | ||
1 | +gem 'doorkeeper', '~> 1.4.0' |
@@ -0,0 +1,47 @@ | @@ -0,0 +1,47 @@ | ||
1 | +README - Oauth Provider Plugin | ||
2 | +================================ | ||
3 | + | ||
4 | +OauthProvider is a plugin which allow noosfero to be used as an oauth provider | ||
5 | + | ||
6 | +Install | ||
7 | +======= | ||
8 | + | ||
9 | +Enable Plugin | ||
10 | +------------- | ||
11 | + | ||
12 | +cd <your_noosfero_dir> | ||
13 | +./script/noosfero-plugins enable oauth_provider | ||
14 | + | ||
15 | +Active Plugin | ||
16 | +------------- | ||
17 | + | ||
18 | +As a Noosfero administrator user, go to administrator panel: | ||
19 | + | ||
20 | +- Click on "Enable/disable plugins" option | ||
21 | +- Click on "Oauth Provider Plugin" check-box | ||
22 | + | ||
23 | +Varnish Settings | ||
24 | +================ | ||
25 | +If varnish has been used in your stack, you've to prevent cookies to be removed when calling authorization actions for oauth_provider. E.g.: | ||
26 | + | ||
27 | +``` | ||
28 | +if (req.url !~ "^/plugin/oauth_provider/*" && req.http.cookie !~ "_noosfero_.*") { | ||
29 | + unset req.http.cookie; | ||
30 | + return(lookup); | ||
31 | +} | ||
32 | +``` | ||
33 | + | ||
34 | +Development | ||
35 | +=========== | ||
36 | + | ||
37 | +Running OauthProvider tests | ||
38 | +-------------------- | ||
39 | + | ||
40 | +$ rake test:noosfero_plugins:oauth_provider | ||
41 | + | ||
42 | +License | ||
43 | +======= | ||
44 | + | ||
45 | +Copyright (c) The Author developers. | ||
46 | + | ||
47 | +See Noosfero license. |
plugins/oauth_provider/controllers/doorkeeper/application_controller.rb
0 → 100644
plugins/oauth_provider/controllers/oauth_provider_applications_controller.rb
0 → 100644
plugins/oauth_provider/controllers/oauth_provider_authorizations_controller.rb
0 → 100644
plugins/oauth_provider/controllers/oauth_provider_authorized_applications_controller.rb
0 → 100644
plugins/oauth_provider/controllers/oauth_provider_plugin_admin_controller.rb
0 → 100644
plugins/oauth_provider/controllers/public/oauth_provider_plugin_public_controller.rb
0 → 100644
@@ -0,0 +1,10 @@ | @@ -0,0 +1,10 @@ | ||
1 | +class OauthProviderPluginPublicController < PublicController | ||
2 | + | ||
3 | + doorkeeper_for :me | ||
4 | + | ||
5 | + def me | ||
6 | + user = environment.users.find(doorkeeper_token.resource_owner_id) if doorkeeper_token | ||
7 | + render :json => {:id =>user.login, :email => user.email}.to_json | ||
8 | + end | ||
9 | + | ||
10 | +end |
plugins/oauth_provider/db/migrate/20140829153047_create_doorkeeper_tables.rb
0 → 100644
@@ -0,0 +1,41 @@ | @@ -0,0 +1,41 @@ | ||
1 | +class CreateDoorkeeperTables < ActiveRecord::Migration | ||
2 | + def change | ||
3 | + create_table :oauth_applications do |t| | ||
4 | + t.string :name, null: false | ||
5 | + t.string :uid, null: false | ||
6 | + t.string :secret, null: false | ||
7 | + t.text :redirect_uri, null: false | ||
8 | + t.timestamps | ||
9 | + end | ||
10 | + | ||
11 | + add_index :oauth_applications, :uid, unique: true | ||
12 | + | ||
13 | + create_table :oauth_access_grants do |t| | ||
14 | + t.integer :resource_owner_id, null: false | ||
15 | + t.integer :application_id, null: false | ||
16 | + t.string :token, null: false | ||
17 | + t.integer :expires_in, null: false | ||
18 | + t.text :redirect_uri, null: false | ||
19 | + t.datetime :created_at, null: false | ||
20 | + t.datetime :revoked_at | ||
21 | + t.string :scopes | ||
22 | + end | ||
23 | + | ||
24 | + add_index :oauth_access_grants, :token, unique: true | ||
25 | + | ||
26 | + create_table :oauth_access_tokens do |t| | ||
27 | + t.integer :resource_owner_id | ||
28 | + t.integer :application_id | ||
29 | + t.string :token, null: false | ||
30 | + t.string :refresh_token | ||
31 | + t.integer :expires_in | ||
32 | + t.datetime :revoked_at | ||
33 | + t.datetime :created_at, null: false | ||
34 | + t.string :scopes | ||
35 | + end | ||
36 | + | ||
37 | + add_index :oauth_access_tokens, :token, unique: true | ||
38 | + add_index :oauth_access_tokens, :resource_owner_id | ||
39 | + add_index :oauth_access_tokens, :refresh_token, unique: true | ||
40 | + end | ||
41 | +end |
@@ -0,0 +1,55 @@ | @@ -0,0 +1,55 @@ | ||
1 | +class OauthProviderPlugin < Noosfero::Plugin | ||
2 | + | ||
3 | + def self.plugin_name | ||
4 | + "Oauth Provider Plugin" | ||
5 | + end | ||
6 | + | ||
7 | + def self.plugin_description | ||
8 | + _("Oauth Provider.") | ||
9 | + end | ||
10 | + | ||
11 | + def stylesheet? | ||
12 | + true | ||
13 | + end | ||
14 | + | ||
15 | + Doorkeeper.configure do | ||
16 | + orm :active_record | ||
17 | + | ||
18 | + resource_owner_authenticator do | ||
19 | + domain = Domain.find_by_name(request.host) | ||
20 | + environment = domain ? domain.environment : Environment.default | ||
21 | + environment.users.find_by_id(session[:user]) || redirect_to('/account/login') | ||
22 | + end | ||
23 | + | ||
24 | + admin_authenticator do | ||
25 | + domain = Domain.find_by_name(request.host) | ||
26 | + environment = domain ? domain.environment : Environment.default | ||
27 | + user = environment.users.find_by_id(session[:user]) | ||
28 | + unless user && user.person.is_admin?(environment) | ||
29 | + redirect_to('/account/login') | ||
30 | + end | ||
31 | + user | ||
32 | + end | ||
33 | + | ||
34 | + default_scopes :public | ||
35 | + end | ||
36 | + | ||
37 | + Rails.configuration.to_prepare do | ||
38 | + Rails.application.routes.prepend do | ||
39 | + scope 'oauth_provider' do | ||
40 | + use_doorkeeper do | ||
41 | + controllers ({ | ||
42 | + :applications => 'oauth_provider_applications', | ||
43 | + :authorized_applications => 'oauth_provider_authorized_applications', | ||
44 | + :authorizations => 'oauth_provider_authorizations' | ||
45 | + }) | ||
46 | + end | ||
47 | + end | ||
48 | + end | ||
49 | + end | ||
50 | + | ||
51 | + SCOPE_TRANSLATION = { | ||
52 | + 'public' => _('Access your public data') | ||
53 | + } | ||
54 | + | ||
55 | +end |
@@ -0,0 +1,13 @@ | @@ -0,0 +1,13 @@ | ||
1 | +.oauth-provider-authorize .actions form { | ||
2 | + display: inline-block; | ||
3 | +} | ||
4 | +.oauth-provider-authorize .h4 { | ||
5 | + font-size: 14px; | ||
6 | + color: rgb(36, 36, 36) | ||
7 | +} | ||
8 | +.oauth-provider-authorize #oauth-permissions { | ||
9 | + color: rgb(92, 92, 92); | ||
10 | +} | ||
11 | +.oauth-provider .actions { | ||
12 | + margin-top: 10px; | ||
13 | +} |
plugins/oauth_provider/views/doorkeeper/applications/_delete_form.html.erb
0 → 100644
plugins/oauth_provider/views/doorkeeper/applications/_form.html.erb
0 → 100644
@@ -0,0 +1,39 @@ | @@ -0,0 +1,39 @@ | ||
1 | +<%= form_for [:oauth, application], html: {class: 'form-horizontal', role: 'form'} do |f| %> | ||
2 | + <% if application.errors.any? %> | ||
3 | + <div class="alert alert-danger" data-alert> | ||
4 | + <p><%= _('Whoops! Check your form for possible errors') %></p> | ||
5 | + </div> | ||
6 | + <% end %> | ||
7 | + | ||
8 | + <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:name].present?}" do %> | ||
9 | + <%= f.label :name, class: 'col-sm-2 control-label', for: 'application_name' %> | ||
10 | + <div class="col-sm-10"> | ||
11 | + <%= f.text_field :name, class: 'form-control' %> | ||
12 | + <%= doorkeeper_errors_for application, :name %> | ||
13 | + </div> | ||
14 | + <% end %> | ||
15 | + | ||
16 | + <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:redirect_uri].present?}" do %> | ||
17 | + <%= f.label :redirect_uri, class: 'col-sm-2 control-label', for: 'application_redirect_uri' %> | ||
18 | + <div class="col-sm-10"> | ||
19 | + <%= f.text_area :redirect_uri, class: 'form-control' %> | ||
20 | + <%= doorkeeper_errors_for application, :redirect_uri %> | ||
21 | + <span class="help-block"> | ||
22 | + <%= _('Use one line per URI') %> | ||
23 | + </span> | ||
24 | + <% if Doorkeeper.configuration.native_redirect_uri %> | ||
25 | + <span class="help-block"> | ||
26 | + Use <code><%= Doorkeeper.configuration.native_redirect_uri %></code> for local tests | ||
27 | + </span> | ||
28 | + <% end %> | ||
29 | + </div> | ||
30 | + <% end %> | ||
31 | + | ||
32 | + <div class="form-group"> | ||
33 | + <div class="col-sm-offset-2 col-sm-10"> | ||
34 | + <%= f.submit _('Submit'), class: "btn btn-primary" %> | ||
35 | + <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %> | ||
36 | + </div> | ||
37 | + </div> | ||
38 | +<% end %> | ||
39 | + |
plugins/oauth_provider/views/doorkeeper/applications/edit.html.erb
0 → 100644
plugins/oauth_provider/views/doorkeeper/applications/index.html.erb
0 → 100644
@@ -0,0 +1,31 @@ | @@ -0,0 +1,31 @@ | ||
1 | +<div class="oauth-provider"> | ||
2 | +<div class="page-header"> | ||
3 | + <h3><%= link_to _('Oauh Provider'), '/admin/plugin/oauth_provider' %></h3> | ||
4 | +</div> | ||
5 | + | ||
6 | +<p><%= link_to _('New Application'), new_oauth_application_path, class: 'btn btn-success' %></p> | ||
7 | + | ||
8 | +<table class="table table-striped"> | ||
9 | + <thead> | ||
10 | + <tr> | ||
11 | + <th><%= _('Name') %></th> | ||
12 | + <th><%= _('Callback URL') %></th> | ||
13 | + <th></th> | ||
14 | + <th></th> | ||
15 | + </tr> | ||
16 | + </thead> | ||
17 | + <tbody> | ||
18 | + <% @applications.each do |application| %> | ||
19 | + <tr id="application_<%= application.id %>"> | ||
20 | + <td><%= link_to application.name, [:oauth, application] %></td> | ||
21 | + <td><%= application.redirect_uri %></td> | ||
22 | + <td><%= link_to _('Edit'), edit_oauth_application_path(application), class: 'btn btn-link' %></td> | ||
23 | + <td><%= render 'delete_form', application: application %></td> | ||
24 | + </tr> | ||
25 | + <% end %> | ||
26 | + </tbody> | ||
27 | +</table> | ||
28 | +<div class="actions"> | ||
29 | + <%= button(:back, _('Go back'), {:controller => 'oauth_provider_plugin_admin', :action => 'index'}) %> | ||
30 | +</div> | ||
31 | +</div> |
plugins/oauth_provider/views/doorkeeper/applications/new.html.erb
0 → 100644
plugins/oauth_provider/views/doorkeeper/applications/show.html.erb
0 → 100644
@@ -0,0 +1,40 @@ | @@ -0,0 +1,40 @@ | ||
1 | +<div class="page-header"> | ||
2 | + <h1><%= _('Application: %s' % @application.name) %></h1> | ||
3 | +</div> | ||
4 | + | ||
5 | +<div class="row"> | ||
6 | + <div class="col-md-8"> | ||
7 | + <h4><%= _('Application Id:') %></h4> | ||
8 | + | ||
9 | + <p><code id="application_id"><%= @application.uid %></code></p> | ||
10 | + | ||
11 | + <h4><%= _('Secret:') %></h4> | ||
12 | + | ||
13 | + <p><code id="secret"><%= @application.secret %></code></p> | ||
14 | + | ||
15 | + <h4><%= _('Callback urls:') %></h4> | ||
16 | + | ||
17 | + <table> | ||
18 | + <% @application.redirect_uri.split.each do |uri| %> | ||
19 | + <tr> | ||
20 | + <td> | ||
21 | + <code><%= uri %></code> | ||
22 | + </td> | ||
23 | + <td> | ||
24 | + </td> | ||
25 | + </tr> | ||
26 | + <% end %> | ||
27 | + </table> | ||
28 | + </div> | ||
29 | + | ||
30 | + <div class="col-md-4"> | ||
31 | + <h3><%= _('Actions') %></h3> | ||
32 | + | ||
33 | + <p> | ||
34 | + <%= link_to _('Edit'), edit_oauth_application_path(@application), class: 'btn btn-primary' %> | ||
35 | + <%= link_to _("Cancel"), oauth_applications_path, :class => "btn btn-default" %> | ||
36 | + </p> | ||
37 | + | ||
38 | + <p><%= render 'delete_form', application: @application, submit_btn_css: 'btn btn-danger' %></p> | ||
39 | + </div> | ||
40 | +</div> |
plugins/oauth_provider/views/doorkeeper/authorizations/error.html.erb
0 → 100644
plugins/oauth_provider/views/doorkeeper/authorizations/new.html.erb
0 → 100644
@@ -0,0 +1,43 @@ | @@ -0,0 +1,43 @@ | ||
1 | +<div class="oauth-provider-authorize"> | ||
2 | + | ||
3 | +<header class="page-header" role="banner"> | ||
4 | + <h1><%= _('Authorize required') %></h1> | ||
5 | +</header> | ||
6 | + | ||
7 | +<main role="main"> | ||
8 | + <p class="h4"> | ||
9 | + <%= _('Authorize %s to use your account?' % "<strong class=\"text-info\">#{@pre_auth.client.name}</strong>") %> | ||
10 | + </p> | ||
11 | + | ||
12 | + <% if @pre_auth.scopes %> | ||
13 | + <div id="oauth-permissions"> | ||
14 | + <p><%= _('This application will be able to:') %></p> | ||
15 | + | ||
16 | + <ul class="text-info"> | ||
17 | + <% @pre_auth.scopes.each do |scope| %> | ||
18 | + <li><%= OauthProviderPlugin::SCOPE_TRANSLATION[scope] %></li> | ||
19 | + <% end %> | ||
20 | + </ul> | ||
21 | + </div> | ||
22 | + <% end %> | ||
23 | + | ||
24 | + <div class="actions"> | ||
25 | + <%= form_tag oauth_authorization_path, method: :post do %> | ||
26 | + <%= hidden_field_tag :client_id, @pre_auth.client.uid %> | ||
27 | + <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %> | ||
28 | + <%= hidden_field_tag :state, @pre_auth.state %> | ||
29 | + <%= hidden_field_tag :response_type, @pre_auth.response_type %> | ||
30 | + <%= hidden_field_tag :scope, @pre_auth.scope %> | ||
31 | + <%= submit_button :ok, _("Authorize") %> | ||
32 | + <% end %> | ||
33 | + <%= form_tag oauth_authorization_path, method: :delete do %> | ||
34 | + <%= hidden_field_tag :client_id, @pre_auth.client.uid %> | ||
35 | + <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %> | ||
36 | + <%= hidden_field_tag :state, @pre_auth.state %> | ||
37 | + <%= hidden_field_tag :response_type, @pre_auth.response_type %> | ||
38 | + <%= hidden_field_tag :scope, @pre_auth.scope %> | ||
39 | + <%= submit_button :cancel, _("Deny") %> | ||
40 | + <% end %> | ||
41 | + </div> | ||
42 | +</main> | ||
43 | +</div> |
plugins/oauth_provider/views/doorkeeper/authorizations/show.html.erb
0 → 100644
plugins/oauth_provider/views/doorkeeper/authorized_applications/_delete_form.html.erb
0 → 100644
@@ -0,0 +1,5 @@ | @@ -0,0 +1,5 @@ | ||
1 | +<%- submit_btn_css ||= 'btn btn-link' %> | ||
2 | +<%= form_tag oauth_authorized_application_path(application) do %> | ||
3 | + <input type="hidden" name="_method" value="delete"> | ||
4 | + <%= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: submit_btn_css %> | ||
5 | +<% end %> |
plugins/oauth_provider/views/doorkeeper/authorized_applications/index.html.erb
0 → 100644
@@ -0,0 +1,31 @@ | @@ -0,0 +1,31 @@ | ||
1 | +<div class="oauth-provider"> | ||
2 | +<header class="page-header"> | ||
3 | + <h1>Your authorized applications</h1> | ||
4 | +</header> | ||
5 | + | ||
6 | +<main role="main"> | ||
7 | + <table class="table table-striped"> | ||
8 | + <thead> | ||
9 | + <tr> | ||
10 | + <th>Application</th> | ||
11 | + <th>Created At</th> | ||
12 | + <th></th> | ||
13 | + <th></th> | ||
14 | + </tr> | ||
15 | + </thead> | ||
16 | + <tbody> | ||
17 | + <% @applications.each do |application| %> | ||
18 | + <tr> | ||
19 | + <td><%= application.name %></td> | ||
20 | + <td><%= application.created_at.strftime('%Y-%m-%d %H:%M:%S') %></td> | ||
21 | + <td><%= render 'delete_form', application: application %></td> | ||
22 | + </tr> | ||
23 | + <% end %> | ||
24 | + </tbody> | ||
25 | + </table> | ||
26 | +</main> | ||
27 | + | ||
28 | +<div class="actions"> | ||
29 | + <%= button(:back, _('Go back'), :back) %> | ||
30 | +</div> | ||
31 | +</div> |
plugins/oauth_provider/views/oauth_provider_plugin_admin/index.html.erb
0 → 100644
@@ -0,0 +1,14 @@ | @@ -0,0 +1,14 @@ | ||
1 | +<div class="oauth-provider"> | ||
2 | +<h3><%= _('Oauh Provider') %></h3> | ||
3 | + | ||
4 | + <div class="applications"> | ||
5 | + <%= link_to _('Applications'), oauth_applications_path %> | ||
6 | + </div> | ||
7 | + <div class="authorized-applications"> | ||
8 | + <%= link_to _('Authorized Applications'), oauth_authorized_applications_path %> | ||
9 | + </div> | ||
10 | + | ||
11 | + <div class="actions"> | ||
12 | + <%= button(:back, _('Go back'), {:controller => 'plugins', :action => 'index'}) %> | ||
13 | + </div> | ||
14 | +</div> |