Fixing last remarks
This commit is contained in:
augier
theworldbright
parent
c33cce0953
commit
8c2af74447
11 changed files with 36 additions and 53 deletions
|
|
@ -26,3 +26,4 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
.user-consent { margin-top: 20px; }
|
.user-consent { margin-top: 20px; }
|
||||||
|
.approval-button { display: inline; }
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ module Api
|
||||||
token_endpoint: api_openid_connect_access_tokens_url,
|
token_endpoint: api_openid_connect_access_tokens_url,
|
||||||
userinfo_endpoint: api_openid_connect_user_info_url,
|
userinfo_endpoint: api_openid_connect_user_info_url,
|
||||||
jwks_uri: api_openid_connect_url,
|
jwks_uri: api_openid_connect_url,
|
||||||
scopes_supported: %w(openid read write),
|
scopes_supported: Api::OpenidConnect::Authorization::SCOPES,
|
||||||
response_types_supported: Api::OpenidConnect::OAuthApplication.available_response_types,
|
response_types_supported: Api::OpenidConnect::OAuthApplication.available_response_types,
|
||||||
request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
|
request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
|
||||||
subject_types_supported: %w(public pairwise),
|
subject_types_supported: %w(public pairwise),
|
||||||
|
|
|
||||||
|
|
@ -17,15 +17,16 @@ module Api
|
||||||
|
|
||||||
scope :with_redirect_uri, ->(given_uri) { where redirect_uri: given_uri }
|
scope :with_redirect_uri, ->(given_uri) { where redirect_uri: given_uri }
|
||||||
|
|
||||||
|
SCOPES = %w(openid read write)
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
self.refresh_token = SecureRandom.hex(32)
|
self.refresh_token = SecureRandom.hex(32)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def validate_scope_names
|
def validate_scope_names
|
||||||
return unless scopes
|
return unless scopes
|
||||||
scopes.each do |scope|
|
scopes.each do |scope|
|
||||||
errors.add(:scope, "is not a valid scope name") unless scopes.include? scope
|
errors.add(:scope, "is not a valid scope name") unless SCOPES.include? scope
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -57,13 +58,9 @@ module Api
|
||||||
|
|
||||||
def self.find_by_refresh_token(client_id, refresh_token)
|
def self.find_by_refresh_token(client_id, refresh_token)
|
||||||
Api::OpenidConnect::Authorization.joins(:o_auth_application).find_by(
|
Api::OpenidConnect::Authorization.joins(:o_auth_application).find_by(
|
||||||
o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
|
o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.scopes
|
|
||||||
%w(openid read write)
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.use_code(code)
|
def self.use_code(code)
|
||||||
return unless code
|
return unless code
|
||||||
find_by(code: code).tap do |auth|
|
find_by(code: code).tap do |auth|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
module Api
|
|
||||||
module OpenidConnect
|
|
||||||
class AuthorizationScope < ActiveRecord::Base
|
|
||||||
belongs_to :authorization
|
|
||||||
belongs_to :scope
|
|
||||||
|
|
||||||
validates :authorization, presence: true
|
|
||||||
validates :scope, presence: true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
@ -7,12 +7,16 @@ module Api
|
||||||
validates :client_id, presence: true, uniqueness: true
|
validates :client_id, presence: true, uniqueness: true
|
||||||
validates :client_secret, presence: true
|
validates :client_secret, presence: true
|
||||||
validates :client_name, presence: true
|
validates :client_name, presence: true
|
||||||
|
validates_uniqueness_of :client_name, scope: :redirect_uris
|
||||||
|
|
||||||
%i(redirect_uris response_types grant_types contacts).each do |serializable|
|
%i(redirect_uris response_types grant_types contacts).each do |serializable|
|
||||||
serialize serializable, JSON
|
serialize serializable, JSON
|
||||||
end
|
end
|
||||||
|
|
||||||
before_validation :setup, on: :create
|
before_validation :setup, on: :create
|
||||||
|
before_validation do
|
||||||
|
redirect_uris.sort!
|
||||||
|
end
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
self.client_id = SecureRandom.hex(16)
|
self.client_id = SecureRandom.hex(16)
|
||||||
|
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
||||||
module Api
|
|
||||||
module OpenidConnect
|
|
||||||
class Scope < ActiveRecord::Base
|
|
||||||
has_many :authorizations, through: :authorization_scopes
|
|
||||||
|
|
||||||
validates :name, presence: true, uniqueness: true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
@ -3,11 +3,11 @@
|
||||||
%li.list-group-item.authorized-application
|
%li.list-group-item.authorized-application
|
||||||
= render "grants_list", app: @app
|
= render "grants_list", app: @app
|
||||||
|
|
||||||
.clearfix
|
.clearfix.pull-right
|
||||||
= form_tag api_openid_connect_authorizations_path, class: "pull-right" do
|
= form_tag api_openid_connect_authorizations_path, class: "approval-button" do
|
||||||
%span
|
= submit_tag t(".deny"), class: "btn btn-danger"
|
||||||
= submit_tag t(".deny"), class: "btn btn-danger"
|
= hidden_field_tag :approve, false
|
||||||
= hidden_field_tag :deny, false
|
|
||||||
%span
|
= form_tag api_openid_connect_authorizations_path, class: "approval-button"do
|
||||||
= submit_tag t(".approve"), class: "btn btn-primary"
|
= submit_tag t(".approve"), class: "btn btn-primary"
|
||||||
= hidden_field_tag :approve, true
|
= hidden_field_tag :approve, true
|
||||||
|
|
|
||||||
|
|
@ -898,7 +898,7 @@ en:
|
||||||
title: "Authorized applications"
|
title: "Authorized applications"
|
||||||
access: "%{name} has access to:"
|
access: "%{name} has access to:"
|
||||||
no_requirement: "%{name} requires no permissions"
|
no_requirement: "%{name} requires no permissions"
|
||||||
applications_explanation: "Here is a list of applications to which you have authorized"
|
applications_explanation: "Here is a list of applications you have authorized"
|
||||||
no_applications: "You have no authorized applications"
|
no_applications: "You have no authorized applications"
|
||||||
revoke_autorization: "Revoke"
|
revoke_autorization: "Revoke"
|
||||||
scopes:
|
scopes:
|
||||||
|
|
|
||||||
|
|
@ -1,21 +1,22 @@
|
||||||
o_auth_query_params = %i(
|
O_AUTH_QUERY_PARAMS = {
|
||||||
redirect_uri=http://localhost:3000
|
redirect_uri: "http://localhost:3000",
|
||||||
response_type=code
|
response_type: "code",
|
||||||
scope=openid%20read
|
scope: "openid read",
|
||||||
nonce=hello
|
nonce: "hello",
|
||||||
state=hi
|
state: "hi"
|
||||||
).join("&")
|
}
|
||||||
|
|
||||||
Given /^I send a post request from that client to the code flow authorization endpoint$/ do
|
Given /^I send a post request from that client to the code flow authorization endpoint$/ do
|
||||||
client_json = JSON.parse(last_response.body)
|
client_json = JSON.parse(last_response.body)
|
||||||
@client_id = client_json["client_id"]
|
@client_id = client_json["client_id"]
|
||||||
@client_secret = client_json["client_secret"]
|
@client_secret = client_json["client_secret"]
|
||||||
visit new_api_openid_connect_authorization_path +
|
params = O_AUTH_QUERY_PARAMS.merge(client_id: @client_id)
|
||||||
"?client_id=#{@client_id}&#{o_auth_query_params}"
|
visit new_api_openid_connect_authorization_path(params)
|
||||||
end
|
end
|
||||||
|
|
||||||
Given /^I send a post request from that client to the code flow authorization endpoint using a invalid client id/ do
|
Given /^I send a post request from that client to the code flow authorization endpoint using a invalid client id/ do
|
||||||
visit new_api_openid_connect_authorization_path + "?client_id=randomid&#{o_auth_query_params}"
|
params = O_AUTH_QUERY_PARAMS.merge(client_id: "randomid")
|
||||||
|
visit new_api_openid_connect_authorization_path(params)
|
||||||
end
|
end
|
||||||
|
|
||||||
When /^I parse the auth code and create a request to the token endpoint$/ do
|
When /^I parse the auth code and create a request to the token endpoint$/ do
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,8 @@ module NavigationHelpers
|
||||||
stream_path
|
stream_path
|
||||||
when /^the mobile path$/
|
when /^the mobile path$/
|
||||||
force_mobile_path
|
force_mobile_path
|
||||||
|
when /^the user applications page$/
|
||||||
|
api_openid_connect_user_applications_path
|
||||||
when /^the tag page for "([^\"]*)"$/
|
when /^the tag page for "([^\"]*)"$/
|
||||||
tag_path(Regexp.last_match(1))
|
tag_path(Regexp.last_match(1))
|
||||||
when /^its ([\w ]+) page$/
|
when /^its ([\w ]+) page$/
|
||||||
|
|
@ -36,8 +38,6 @@ module NavigationHelpers
|
||||||
edit_user_path
|
edit_user_path
|
||||||
when /^forgot password page$/
|
when /^forgot password page$/
|
||||||
new_user_password_path
|
new_user_password_path
|
||||||
when /^user applications page$/
|
|
||||||
api_openid_connect_user_applications_path
|
|
||||||
when %r{^"(/.*)"}
|
when %r{^"(/.*)"}
|
||||||
Regexp.last_match(1)
|
Regexp.last_match(1)
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,10 @@ module Api
|
||||||
raise NotImplementedError # Implemented by subclass
|
raise NotImplementedError # Implemented by subclass
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def scopes
|
||||||
|
Api::OpenidConnect::Authorization::SCOPES
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def build_client(req)
|
def build_client(req)
|
||||||
|
|
@ -50,10 +54,6 @@ module Api
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
def scopes
|
|
||||||
Api::OpenidConnect::Authorization.scopes
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue