added JWT verification support to diaspora

Gemfile

@@ -20,6 +20,8 @@ gem 'omniauth', '0.2.6'
 gem 'twitter', '1.5.0'
 
 gem 'oauth2-provider', '~> 0.0.0'
+gem 'jwt', :git => "https://github.com/zhitomirskiyi/ruby-jwt", :require => false
+
 
 #Views
 gem 'haml', '3.0.25'
@@ -95,5 +97,5 @@ group :test do
   gem 'fuubar'
 
   gem 'diaspora-client', #:git => 'git@github.com:diaspora/diaspora-client.git'
-                          :path => "~/workspace/diaspora-client" 
+                          :path => "~/work/diaspora-client" 
 end

Gemfile.lock

@@ -37,12 +37,20 @@ GIT
       addressable (>= 2.1.1)
       eventmachine (>= 0.12.9)
 
+GIT
+  remote: https://github.com/zhitomirskiyi/ruby-jwt
+  revision: fa7f46b5ac3653e30cf60abc78de9ffb3319dc0c
+  specs:
+    jwt (0.1.3)
+      json (>= 1.2.4)
+
 PATH
-  remote: ~/workspace/diaspora-client
+  remote: ~/work/diaspora-client
   specs:
     diaspora-client (0.0.0)
       activerecord
       faraday
+      jwt (>= 0.1.3)
       oauth2
       sinatra
 
@@ -438,6 +446,7 @@ DEPENDENCIES
   jammit (= 0.5.4)
   jasmine (= 1.0.2.1)
   json (= 1.4.6)
+  jwt!
   launchy
   mini_magick (= 3.2)
   mongrel

app/controllers/authorizations_controller.rb

@@ -20,13 +20,17 @@ class AuthorizationsController < ApplicationController
   end
 
   def token
+    require 'jwt'
+
     if (!params[:type] == 'client_associate' || !params[:manifest_url])
       render :text => "bad request: #{params.inspect}", :status => 403
       return
     end
-      manifest = JSON.parse(RestClient.get(params[:manifest_url]).body)
+      packaged_manifest = JSON.parse(RestClient.get(params[:manifest_url]).body)
+      public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
+      manifest = JWT.decode(packaged_manifest['jwt'], public_key)
 
-      message = verify(params[:signed_string], params[:signature], manifest['public_key'])
+      message = verify(params[:signed_string], params[:signature], public_key)
       unless message =='ok' 
         render :text => message, :status => 403
       else
@@ -35,8 +39,7 @@ class AuthorizationsController < ApplicationController
         render :json => {:client_id => client.oauth_identifier,
                          :client_secret => client.oauth_secret,
                          :expires_in => 0,
-                         :flows_supported => "",
-                        }
+                         :flows_supported => ""}
       end
   end
 

app/models/oauth2_provider_models_activerecord_client.rb

@@ -6,7 +6,14 @@ class OAuth2::Provider::Models::ActiveRecord::Client
       obj.save!
       obj
     else
-      create!(manifest)
+      self.create!(
+        :name => manifest["name"],
+        :permissions_overview => manifest["permissions_overview"],
+        :description => manifest["description"],
+        :homepage_url => manifest["homepage_url"],
+        :icon_url => manifest["icon_url"],
+        :public_key => manifest["public_key"]
+      )
     end
   end
 end

db/migrate/20110526184644_add_oauth2_tables.rb

@@ -1,10 +1,12 @@
 class AddOauth2Tables < ActiveRecord::Migration
   def self.up
     create_table 'oauth_clients', :force => true do |t|
-      t.string   'name'
+      t.string   'name',             :limit => 127, :null => false
       t.string   'oauth_identifier', :limit => 32,  :null => false
       t.string   'oauth_secret',     :limit => 32,  :null => false
+      t.text     'permissions_overview',            :null => false
     end
+
     add_index :oauth_clients, :name, :unique => true
 
     create_table 'oauth_authorization_codes', :force => true do |t|

db/migrate/20110614005205_add_nonce_and_public_key_to_oauth_clients.rb

@@ -1,6 +1,6 @@
 class AddNonceAndPublicKeyToOauthClients < ActiveRecord::Migration
   def self.up
-    add_column :oauth_clients, :nonce, :string
+    add_column :oauth_clients, :nonce, :string, :limit => 64
     add_column :oauth_clients, :public_key, :text
     add_index :oauth_clients, :nonce
   end

db/schema.rb

@@ -224,13 +224,14 @@ ActiveRecord::Schema.define(:version => 20110614005205) do
   add_index "oauth_authorizations", ["resource_owner_id", "resource_owner_type", "client_id"], :name => "index_oauth_authorizations_on_resource_owner_and_client_id"
 
   create_table "oauth_clients", :force => true do |t|
-    t.string "name"
+    t.string "name",                 :limit => 127, :null => false
     t.string "oauth_identifier",     :limit => 32,  :null => false
     t.string "oauth_secret",         :limit => 32,  :null => false
+    t.text   "permissions_overview",                :null => false
     t.text   "description"
     t.string "homepage_url"
     t.string "icon_url"
-    t.string "nonce"
+    t.string "nonce",                :limit => 64
     t.text   "public_key"
   end
 

features/step_definitions/oauth_steps.rb

@@ -7,7 +7,10 @@ Given /^Chubbies has been killed$/ do
 end
 
 Given /^Chubbies is registered on my pod$/ do
-  manifest = JSON.parse(RestClient.get("localhost:#{Chubbies::PORT}/manifest.json").body)
+  packaged_manifest = JSON.parse(RestClient.get("localhost:#{Chubbies::PORT}/manifest.json").body)
+  public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
+  manifest = JWT.decode(packaged_manifest['jwt'], public_key)
+
   client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest)
   params = {:client_id => client.oauth_identifier,
             :client_secret => client.oauth_secret,

spec/chubbies/Gemfile

@@ -7,5 +7,5 @@ gem 'json'
 gem 'shotgun'
 gem 'sqlite3'
 gem 'activerecord', '3.0.3'
-gem 'diaspora-client',  :path => "~/workspace/diaspora-client"
+gem 'diaspora-client',  :path => "~/work/diaspora-client"
                         #:git => 'git@github.com:diaspora/diaspora-client.git'

spec/chubbies/Gemfile.lock

@@ -1,9 +1,10 @@
 PATH
-  remote: ~/workspace/diaspora-client
+  remote: ~/work/diaspora-client
   specs:
     diaspora-client (0.0.0)
       activerecord
       faraday
+      jwt (>= 0.1.3)
       oauth2
       sinatra
 
@@ -27,15 +28,17 @@ GEM
       addressable (~> 2.2.4)
       multipart-post (~> 1.1.0)
       rack (< 2, >= 1.1.0)
-    haml (3.0.25)
+    haml (3.1.2)
     i18n (0.6.0)
-    json (1.4.6)
+    json (1.5.3)
+    jwt (0.1.3)
+      json (>= 1.2.4)
     multi_json (1.0.3)
     multipart-post (1.1.2)
     oauth2 (0.4.1)
       faraday (~> 0.6.1)
       multi_json (>= 0.0.5)
-    rack (1.2.3)
+    rack (1.3.0)
     shotgun (0.9)
       rack (>= 1.0)
     sinatra (1.2.6)

spec/chubbies/app.rb

@@ -45,6 +45,16 @@ module Chubbies
     d.public_key_path = File.dirname(__FILE__) + "/chubbies.public.pem"
     d.test_mode = true
     d.application_url = "http://localhost:9292"
+
+    d.manifest_field(:name, "Chubbies")
+    d.manifest_field(:description, "The best way to chub.")
+    d.manifest_field(:homepage_url, "http://localhost:9292/")
+    d.manifest_field(:icon_url, "#")
+
+    d.manifest_field(:permissions_overview, "Chubbi.es wants to post photos to your stream.")
+
+    d.permission(:profile, :read, "Chubbi.es wants to view your profile so that it can show it to other users.")
+    d.permission(:photos, :write, "Chubbi.es wants to write to your photos to share your findings with your contacts.")
   end
 
   class App < DiasporaClient::App
@@ -83,14 +93,9 @@ module Chubbies
     end
 
     get '/manifest.json' do
-      {
-        "name"         => "Chubbies",
-        "description"  => "The best way to chub.",
-        "homepage_url" => "http://localhost:9292/",
-        "icon_url"     => "#",
-        "public_key"   => DiasporaClient.public_key
-      }.to_json
+      DiasporaClient.package_manifest
     end
+
     get '/reset' do
       Chubbies.reset_db
     end