Skip to content

Commit

Permalink
Updating OAuth2 authorization mode a bit, first round.
Browse files Browse the repository at this point in the history
  • Loading branch information
Michael Bleigh committed May 26, 2011
1 parent 41dfcb2 commit b7deeb0
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 24 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,6 @@ coverage
pkg
.rvmrc
.bundle
dist

## PROJECT::SPECIFIC
25 changes: 12 additions & 13 deletions Gemfile.lock
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
grape (0.1.3)
grape (0.1.4)
multi_json
multi_xml
rack
Expand All @@ -11,12 +11,11 @@ PATH
GEM
remote: http://rubygems.org/
specs:
ZenTest (4.5.0)
diff-lcs (1.1.2)
json_pure (1.4.3)
maruku (0.6.0)
syntax (>= 1.0.0)
mg (0.0.8)
rake
multi_json (0.0.5)
multi_xml (0.2.2)
rack (1.2.1)
Expand All @@ -26,26 +25,26 @@ GEM
rack (>= 1.0.0)
rack-test (0.5.4)
rack (>= 1.0)
rake (0.8.7)
rspec (2.5.0)
rspec-core (~> 2.5.0)
rspec-expectations (~> 2.5.0)
rspec-mocks (~> 2.5.0)
rspec-core (2.5.1)
rspec-expectations (2.5.0)
rspec (2.6.0)
rspec-core (~> 2.6.0)
rspec-expectations (~> 2.6.0)
rspec-mocks (~> 2.6.0)
rspec-core (2.6.0)
rspec-expectations (2.6.0)
diff-lcs (~> 1.1.2)
rspec-mocks (2.5.0)
rspec-mocks (2.6.0)
syntax (1.0.0)
yard (0.6.1)

PLATFORMS
ruby

DEPENDENCIES
ZenTest
bundler
grape!
json_pure
maruku
mg
rack-test
rspec (~> 2.5.0)
rspec (~> 2.6.0)
yard
5 changes: 3 additions & 2 deletions grape.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,13 @@ Gem::Specification.new do |s|
s.add_runtime_dependency 'multi_json'
s.add_runtime_dependency 'multi_xml'

s.add_development_dependency 'mg'
s.add_development_dependency 'maruku'
s.add_development_dependency 'yard'
s.add_development_dependency 'rack-test'
s.add_development_dependency 'rspec', '~> 2.5.0'
s.add_development_dependency 'rspec', '~> 2.6.0'
s.add_development_dependency 'json_pure'
s.add_development_dependency 'ZenTest'
s.add_development_dependency 'bundler'

s.files = `git ls-files`.split("\n")
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
Expand Down
31 changes: 23 additions & 8 deletions lib/grape/middleware/auth/oauth2.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,31 @@ class OAuth2 < Grape::Middleware::Base
def default_options
{
:token_class => 'AccessToken',
:realm => 'OAuth API'
:realm => 'OAuth API',
:parameter => %w(bearer_token oauth_token),
:header => [/Bearer (.*)/i, /OAuth (.*)/i]
}
end

def before
if request['oauth_token']
verify_token(request['oauth_token'])
elsif env['Authorization'] && t = parse_authorization_header
verify_token(t)
verify_token(token_parameter || token_header)
end

def token_parameter
Array(options[:parameter]).each do |p|
return request[p] if request[p]
end
nil
end

def token_header
return false unless env['Authorization']
Array(options[:header]).each do |regexp|
if env['Authorization'] =~ regexp
return $1
end
end
nil
end

def token_class
Expand All @@ -21,7 +36,7 @@ def token_class

def verify_token(token)
if token = token_class.verify(token)
if token.expired?
if token.respond_to?(:expired?) && token.expired?
error_out(401, 'expired_token')
else
if token.permission_for?(env)
Expand All @@ -43,7 +58,7 @@ def parse_authorization_header

def error_out(status, error)
throw :error, {
:message => 'The token provided has expired.',
:message => error,
:status => status,
:headers => {
'WWW-Authenticate' => "OAuth realm='#{options[:realm]}', error='#{error}'"
Expand All @@ -52,4 +67,4 @@ def error_out(status, error)
end
end
end


2 changes: 1 addition & 1 deletion spec/grape/middleware/auth/oauth2_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -85,4 +85,4 @@ def app
it { @err[:headers]['WWW-Authenticate'].should == "OAuth realm='OAuth API', error='insufficient_scope'" }
it { @err[:status].should == 403 }
end
end
end

0 comments on commit b7deeb0

Please sign in to comment.