diff --git a/Gemfile b/Gemfile
index 1b57e457b05e76de3aeb6bcc9ab018e7317c6243..1b6b5efd3fe3e4a2d7534bf42283412b55a84dc9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,6 +20,8 @@ gem 'omniauth', '0.2.6'
gem 'twitter', '1.5.0'
gem 'oauth2-provider', '~> 0.0.0'
+gem 'jwt', :git => "https://github.com/zhitomirskiyi/ruby-jwt", :require => false
+
#Views
gem 'haml', '3.0.25'
@@ -95,5 +97,5 @@ group :test do
gem 'fuubar'
gem 'diaspora-client', #:git => 'git@github.com:diaspora/diaspora-client.git'
- :path => "~/workspace/diaspora-client"
+ :path => "~/work/diaspora-client"
end
diff --git a/Gemfile.lock b/Gemfile.lock
index 3a87666d52c891429240e8adb127efa6bcb94161..9435414892c5831d0def3894a5671d0fe726d7ef 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -37,12 +37,20 @@ GIT
addressable (>= 2.1.1)
eventmachine (>= 0.12.9)
+GIT
+ remote: https://github.com/zhitomirskiyi/ruby-jwt
+ revision: fa7f46b5ac3653e30cf60abc78de9ffb3319dc0c
+ specs:
+ jwt (0.1.3)
+ json (>= 1.2.4)
+
PATH
- remote: ~/workspace/diaspora-client
+ remote: ~/work/diaspora-client
specs:
diaspora-client (0.0.0)
activerecord
faraday
+ jwt (>= 0.1.3)
oauth2
sinatra
@@ -438,6 +446,7 @@ DEPENDENCIES
jammit (= 0.5.4)
jasmine (= 1.0.2.1)
json (= 1.4.6)
+ jwt!
launchy
mini_magick (= 3.2)
mongrel
diff --git a/app/controllers/authorizations_controller.rb b/app/controllers/authorizations_controller.rb
index f0675eebd704f6f56c0d86e8cc609e26a470c879..603fb3197d137060746f4e1b8f8e866701f8fc08 100644
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -20,13 +20,17 @@ class AuthorizationsController < ApplicationController
end
def token
+ require 'jwt'
+
if (!params[:type] == 'client_associate' || !params[:manifest_url])
render :text => "bad request: #{params.inspect}", :status => 403
return
end
- manifest = JSON.parse(RestClient.get(params[:manifest_url]).body)
+ packaged_manifest = JSON.parse(RestClient.get(params[:manifest_url]).body)
+ public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
+ manifest = JWT.decode(packaged_manifest['jwt'], public_key)
- message = verify(params[:signed_string], params[:signature], manifest['public_key'])
+ message = verify(params[:signed_string], params[:signature], public_key)
unless message =='ok'
render :text => message, :status => 403
else
@@ -35,8 +39,7 @@ class AuthorizationsController < ApplicationController
render :json => {:client_id => client.oauth_identifier,
:client_secret => client.oauth_secret,
:expires_in => 0,
- :flows_supported => "",
- }
+ :flows_supported => ""}
end
end
diff --git a/app/models/oauth2_provider_models_activerecord_client.rb b/app/models/oauth2_provider_models_activerecord_client.rb
index dbd37d86506d4d7508236bdc15bd41645d409c86..9063e89c5ff8118e63ddb98c6a3a47b8aee30cf2 100644
--- a/app/models/oauth2_provider_models_activerecord_client.rb
+++ b/app/models/oauth2_provider_models_activerecord_client.rb
@@ -6,7 +6,14 @@ class OAuth2::Provider::Models::ActiveRecord::Client
obj.save!
obj
else
- create!(manifest)
+ self.create!(
+ :name => manifest["name"],
+ :permissions_overview => manifest["permissions_overview"],
+ :description => manifest["description"],
+ :homepage_url => manifest["homepage_url"],
+ :icon_url => manifest["icon_url"],
+ :public_key => manifest["public_key"]
+ )
end
end
end
diff --git a/db/migrate/20110526184644_add_oauth2_tables.rb b/db/migrate/20110526184644_add_oauth2_tables.rb
index d01744291f4ee6665b70a47f0bb89e41624c2be9..8b389511f703ce6832c03a1bf2d9b4184ba178ef 100644
--- a/db/migrate/20110526184644_add_oauth2_tables.rb
+++ b/db/migrate/20110526184644_add_oauth2_tables.rb
@@ -1,10 +1,12 @@
class AddOauth2Tables < ActiveRecord::Migration
def self.up
create_table 'oauth_clients', :force => true do |t|
- t.string 'name'
- t.string 'oauth_identifier', :limit => 32, :null => false
- t.string 'oauth_secret', :limit => 32, :null => false
+ t.string 'name', :limit => 127, :null => false
+ t.string 'oauth_identifier', :limit => 32, :null => false
+ t.string 'oauth_secret', :limit => 32, :null => false
+ t.text 'permissions_overview', :null => false
end
+
add_index :oauth_clients, :name, :unique => true
create_table 'oauth_authorization_codes', :force => true do |t|
diff --git a/db/migrate/20110614005205_add_nonce_and_public_key_to_oauth_clients.rb b/db/migrate/20110614005205_add_nonce_and_public_key_to_oauth_clients.rb
index 316651adbc16fab4d97630e79093bdecec1230c5..7623502c6f65390b4121a378aa690b7d4b6b8fc6 100644
--- a/db/migrate/20110614005205_add_nonce_and_public_key_to_oauth_clients.rb
+++ b/db/migrate/20110614005205_add_nonce_and_public_key_to_oauth_clients.rb
@@ -1,6 +1,6 @@
class AddNonceAndPublicKeyToOauthClients < ActiveRecord::Migration
def self.up
- add_column :oauth_clients, :nonce, :string
+ add_column :oauth_clients, :nonce, :string, :limit => 64
add_column :oauth_clients, :public_key, :text
add_index :oauth_clients, :nonce
end
diff --git a/db/schema.rb b/db/schema.rb
index f1bf369b8aa1cd8c7d7de8f82fcb0309549a9a5c..2d29c5dd7db9f6e5aedc14f1edd9898eb30ddfbc 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -224,13 +224,14 @@ ActiveRecord::Schema.define(:version => 20110614005205) do
add_index "oauth_authorizations", ["resource_owner_id", "resource_owner_type", "client_id"], :name => "index_oauth_authorizations_on_resource_owner_and_client_id"
create_table "oauth_clients", :force => true do |t|
- t.string "name"
- t.string "oauth_identifier", :limit => 32, :null => false
- t.string "oauth_secret", :limit => 32, :null => false
+ t.string "name", :limit => 127, :null => false
+ t.string "oauth_identifier", :limit => 32, :null => false
+ t.string "oauth_secret", :limit => 32, :null => false
+ t.text "permissions_overview", :null => false
t.text "description"
t.string "homepage_url"
t.string "icon_url"
- t.string "nonce"
+ t.string "nonce", :limit => 64
t.text "public_key"
end
diff --git a/features/step_definitions/oauth_steps.rb b/features/step_definitions/oauth_steps.rb
index ddbe8acbfb90a4e17afca042066a2d7fc29a307e..d32a00286c6e3439623b0d14c707749fcf44562d 100644
--- a/features/step_definitions/oauth_steps.rb
+++ b/features/step_definitions/oauth_steps.rb
@@ -7,7 +7,10 @@ Given /^Chubbies has been killed$/ do
end
Given /^Chubbies is registered on my pod$/ do
- manifest = JSON.parse(RestClient.get("localhost:#{Chubbies::PORT}/manifest.json").body)
+ packaged_manifest = JSON.parse(RestClient.get("localhost:#{Chubbies::PORT}/manifest.json").body)
+ public_key = OpenSSL::PKey::RSA.new(packaged_manifest['public_key'])
+ manifest = JWT.decode(packaged_manifest['jwt'], public_key)
+
client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest)
params = {:client_id => client.oauth_identifier,
:client_secret => client.oauth_secret,
diff --git a/spec/chubbies/Gemfile b/spec/chubbies/Gemfile
index e756b9bb8c0b807f379521502908943e5c022cc8..6c1075bdc63f105e1ebbed8374f0e61c663d8f07 100644
--- a/spec/chubbies/Gemfile
+++ b/spec/chubbies/Gemfile
@@ -7,5 +7,5 @@ gem 'json'
gem 'shotgun'
gem 'sqlite3'
gem 'activerecord', '3.0.3'
-gem 'diaspora-client', :path => "~/workspace/diaspora-client"
+gem 'diaspora-client', :path => "~/work/diaspora-client"
#:git => 'git@github.com:diaspora/diaspora-client.git'
diff --git a/spec/chubbies/Gemfile.lock b/spec/chubbies/Gemfile.lock
index a82f71909e84d66cb7bd93486bb02efdc8e15a67..687d76bae0b1da13dcf1a438f06043a51f37353a 100644
--- a/spec/chubbies/Gemfile.lock
+++ b/spec/chubbies/Gemfile.lock
@@ -1,9 +1,10 @@
PATH
- remote: ~/workspace/diaspora-client
+ remote: ~/work/diaspora-client
specs:
diaspora-client (0.0.0)
activerecord
faraday
+ jwt (>= 0.1.3)
oauth2
sinatra
@@ -27,15 +28,17 @@ GEM
addressable (~> 2.2.4)
multipart-post (~> 1.1.0)
rack (< 2, >= 1.1.0)
- haml (3.0.25)
+ haml (3.1.2)
i18n (0.6.0)
- json (1.4.6)
+ json (1.5.3)
+ jwt (0.1.3)
+ json (>= 1.2.4)
multi_json (1.0.3)
multipart-post (1.1.2)
oauth2 (0.4.1)
faraday (~> 0.6.1)
multi_json (>= 0.0.5)
- rack (1.2.3)
+ rack (1.3.0)
shotgun (0.9)
rack (>= 1.0)
sinatra (1.2.6)
diff --git a/spec/chubbies/app.rb b/spec/chubbies/app.rb
index 03462a5ddb19844d25b84feabad0523b3aec8395..f14f6c8a40c2136806a81b7725c50a8d72e3172e 100644
--- a/spec/chubbies/app.rb
+++ b/spec/chubbies/app.rb
@@ -45,6 +45,16 @@ module Chubbies
d.public_key_path = File.dirname(__FILE__) + "/chubbies.public.pem"
d.test_mode = true
d.application_url = "http://localhost:9292"
+
+ d.manifest_field(:name, "Chubbies")
+ d.manifest_field(:description, "The best way to chub.")
+ d.manifest_field(:homepage_url, "http://localhost:9292/")
+ d.manifest_field(:icon_url, "#")
+
+ d.manifest_field(:permissions_overview, "Chubbi.es wants to post photos to your stream.")
+
+ d.permission(:profile, :read, "Chubbi.es wants to view your profile so that it can show it to other users.")
+ d.permission(:photos, :write, "Chubbi.es wants to write to your photos to share your findings with your contacts.")
end
class App < DiasporaClient::App
@@ -83,14 +93,9 @@ module Chubbies
end
get '/manifest.json' do
- {
- "name" => "Chubbies",
- "description" => "The best way to chub.",
- "homepage_url" => "http://localhost:9292/",
- "icon_url" => "#",
- "public_key" => DiasporaClient.public_key
- }.to_json
+ DiasporaClient.package_manifest
end
+
get '/reset' do
Chubbies.reset_db
end