nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Chubbies now sees that it has no secret and registers itself.

Browse source
This commit is contained in:
danielgrippi 2011-06-01 18:56:43 -07:00 committed by Maxwell Salzberg
parent 381b85189d
commit e121b0fe6d
7 changed files with 101 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
app/controllers/authorizations_controller.rb
View file

@ -1,7 +1,9 @@
class AuthorizationsController < ApplicationController
include OAuth2::Provider::Rack::AuthorizationCodesSupport
before_filter :authenticate_user!
before_filter :block_invalid_authorization_code_requests
before_filter :authenticate_user!, :except => :token
before_filter :block_invalid_authorization_code_requests, :except => :token
skip_before_filter :verify_authenticity_token, :only => :token
def new
@client = oauth2_authorization_request.client
@ -14,5 +16,22 @@ class AuthorizationsController < ApplicationController
deny_authorization_code
end
end
def token
if(params[:type] == 'client_associate' && params[:redirect_uri] && params[:name])
client = OAuth2::Provider.client_class.create!(:name => params[:name])
render :json => {:client_id => client.oauth_identifier,
:client_secret => client.oauth_secret,
:expires_in => 0,
:flows_supported => "",
:user_endpoint_url => "bob"}
#redirect_to("#{params[:redirect_uri]}?#{query_string}")
else
render :text => "bad request", :status => 403
end
end
end

2
config/routes.rb
View file

@ -71,6 +71,8 @@ Diaspora::Application.routes.draw do
get "/oauth/authorize" => "authorizations#new"
post "/oauth/authorize" => "authorizations#create"
post "/oauth/token" => "authorizations#token"
#Temporary token_authenticable route
resource :token, :only => [:show, :create]

29
features/oauth.feature
View file

@ -6,6 +6,25 @@ Feature: oauth
Given Chubbies is running
And a user with username "bob" and password "secret"
Scenario: Authorize Chubbies
When I visit "/" on Chubbies
And I try to authorize Chubbies
Then I should see "Authorize Chubbies?"
When I press "Yes"
Then I should be on "/account" on Chubbies
And I should see my "profile.birthday"
And I should see my "name"
Scenario: Not authorize Chubbies
When I visit "/" on Chubbies
And I try to authorize Chubbies
Then I should see "Authorize Chubbies?"
When I press "No"
Then I should be on "/callback" on Chubbies
Then I should see "What is your major malfunction?"
Scenario: Authorize Chubbies
Given Chubbies is registered on my pod
When I visit "/" on Chubbies
@ -17,13 +36,3 @@ Feature: oauth
And I should see my "profile.birthday"
And I should see my "name"
Scenario: Not authorize Chubbies
Given Chubbies is registered on my pod
When I visit "/" on Chubbies
And I try to authorize Chubbies
Then I should see "Authorize Chubbies?"
When I press "No"
Then I should be on "/callback" on Chubbies
Then I should see "What is your major malfunction?"

5
features/step_definitions/oauth_steps.rb
View file

@ -20,6 +20,11 @@ And /^I should see my "([^"]+)"/ do |code|
end
When /^I try to authorize Chubbies$/ do
# We need to reset the tokens saved in Chubbies,
# as we are clearing the Diaspora DB every scenario
Then 'I visit "/reset" on Chubbies'
Then 'I visit "/" on Chubbies'
###
And 'I follow "Log in with Diaspora"'
Then 'I should be on the new user session page'
And "I fill in \"Username\" with \"#{@me.username}\""

1
spec/support/chubbies/Gemfile
View file

@ -4,3 +4,4 @@ gem 'sinatra'
gem 'haml'
gem 'httparty'
gem 'json'

2
spec/support/chubbies/Gemfile.lock
View file

@ -5,6 +5,7 @@ GEM
haml (3.0.18)
httparty (0.7.4)
crack (= 0.1.8)
json (1.4.6)
rack (1.2.2)
sinatra (1.2.6)
rack (~> 1.1)
@ -17,4 +18,5 @@ PLATFORMS
DEPENDENCIES
haml
httparty
json
sinatra

68
spec/support/chubbies/app.rb
View file

@ -3,6 +3,7 @@ require 'bundler/setup'
require 'sinatra'
require 'haml'
require 'httparty'
require 'json'
def resource_host
url = "http://localhost:"
@ -14,8 +15,8 @@ def resource_host
url
end
CLIENT_ID = 'abcdefgh12345678'
CLIENT_SECRET = 'secret'
@@client_id = nil
@@client_secret = nil
RESOURCE_HOST = resource_host
enable :sessions
@ -34,7 +35,11 @@ helpers do
end
def authorize_url
RESOURCE_HOST + "/oauth/authorize?client_id=#{CLIENT_ID}&client_secret=#{CLIENT_SECRET}&redirect_uri=#{redirect_uri}"
RESOURCE_HOST + "/oauth/authorize?client_id=#{@@client_id}&client_secret=#{@@client_secret}&redirect_uri=#{redirect_uri}"
end
def token_url
RESOURCE_HOST + "/oauth/token"
end
def access_token_url
@ -48,28 +53,55 @@ end
get '/callback' do
unless params["error"]
response = HTTParty.post(access_token_url, :body => {
:client_id => CLIENT_ID,
:client_secret => CLIENT_SECRET,
:redirect_uri => redirect_uri,
:code => params["code"],
:grant_type => 'authorization_code'}
)
session[:access_token] = response["access_token"]
redirect '/account'
if(params["client_id"] && params["client_secret"])
@@client_id = params["client_id"]
@@client_secret = params["client_secret"]
redirect '/account'
else
response = HTTParty.post(access_token_url, :body => {
:client_id => @@client_id,
:client_secret => @@client_secret,
:redirect_uri => redirect_uri,
:code => params["code"],
:grant_type => 'authorization_code'}
)
session[:access_token] = response["access_token"]
redirect '/account'
end
else
"What is your major malfunction?"
end
end
get '/account' do
if access_token
@resource_server = RESOURCE_HOST
@url = "/api/v0/me.json"
@resource_response = get_with_access_token(@url)
haml :response
if !@@client_id && !@@client_secret
response = HTTParty.post(token_url, :body => {
:type => :client_associate,
:name => :Chubbies,
:redirect_uri => redirect_uri
})
json = JSON.parse(response.body)
@@client_id = json["client_id"]
@@client_secret = json["client_secret"]
redirect '/account'
else
redirect authorize_url
if access_token
@resource_response = get_with_access_token("/api/v0/me")
haml :response
else
redirect authorize_url
end
end
end
get '/reset' do
@@client_id = nil
@@client_secret = nil
end