Merge pull request #83 from mulesoft/oauth2-grants

Enable addition OAuth 2.0 grant flows
mulesoft · Nov 14, 2014 · 806aa78 · 806aa78
2 parents 5719878 + a476695
commit 806aa78
Show file tree

Hide file tree

Showing 9 changed files with 169 additions and 30 deletions.
diff --git a/app/scripts/client/auth_strategies/oauth2/credentials_manager.js b/app/scripts/client/auth_strategies/oauth2/credentials_manager.js
@@ -19,6 +19,40 @@
           grant_type: 'authorization_code',
           redirect_uri: RAML.Settings.oauth2RedirectUri
         };
+      },
+
+      clientCredentialsParameters: function () {
+        return {
+          client_id: credentials.clientId,
+          client_secret: credentials.clientSecret,
+          grant_type: 'client_credentials'
+        };
+      },
+
+      resourceOwnerParameters: function () {
+        var params = {
+          username: credentials.username,
+          password: credentials.password,
+          grant_type: 'password'
+        };
+
+        if (!credentials.clientSecret) {
+          params.client_id = credentials.clientId;
+        }
+
+        return params;
+      },
+
+      resourceOwnerHeaders: function () {
+        if (!credentials.clientSecret) {
+          return {};
+        }
+
+        var authorization = btoa(credentials.clientId + ':' + credentials.clientSecret);
+
+        return {
+          'Authorization': 'Bearer ' + authorization
+        };
       }
     };
   };

diff --git a/app/scripts/client/auth_strategies/oauth2/grant.js b/app/scripts/client/auth_strategies/oauth2/grant.js
@@ -1,27 +1,26 @@
 (function() {
   'use strict';
 
-  var GRANTS = [ 'code', 'token' ], IMPLICIT_GRANT = 'token';
   var Oauth2 = RAML.Client.AuthStrategies.Oauth2;
 
-  function grantTypeFrom(settings) {
-    var authorizationGrants = settings.authorizationGrants || [];
-    var filtered = authorizationGrants.filter(function(grant) { return grant === IMPLICIT_GRANT; });
-    var specifiedGrant = filtered[0] || authorizationGrants[0];
-
-    if (!GRANTS.some(function(grant) { return grant === specifiedGrant; })) {
-      throw new Error('Unknown grant type: ' + specifiedGrant);
-    }
-
-    return specifiedGrant;
-  }
+  var grants = {
+    code: true,
+    token: true,
+    owner: true,
+    credentials: true
+  };
 
   var Grant = {
     create: function(settings, credentials) {
-      var type = grantTypeFrom(settings);
+      var type = credentials.grantType.type;
       var credentialsManager = Oauth2.credentialsManager(credentials, type);
 
+      if (!grants[type]) {
+        throw new Error('Unknown grant type: ' + type);
+      }
+
       var className = type.charAt(0).toUpperCase() + type.slice(1);
+
       return new this[className](settings, credentialsManager);
     }
   };
@@ -47,5 +46,27 @@
     return Oauth2.requestAuthorization(this.settings, this.credentialsManager);
   };
 
+  Grant.Owner = function(settings, credentialsManager) {
+    this.settings = settings;
+    this.credentialsManager = credentialsManager;
+  };
+
+  Grant.Owner.prototype.request = function() {
+    var requestToken = Oauth2.requestOwnerToken(this.settings, this.credentialsManager);
+
+    return requestToken();
+  };
+
+  Grant.Credentials = function(settings, credentialsManager) {
+    this.settings = settings;
+    this.credentialsManager = credentialsManager;
+  };
+
+  Grant.Credentials.prototype.request = function() {
+    var requestToken = Oauth2.requestCredentialsToken(this.settings, this.credentialsManager);
+
+    return requestToken();
+  };
+
   Oauth2.Grant = Grant;
 })();
diff --git a/app/scripts/client/auth_strategies/oauth2/request_access_token.js b/app/scripts/client/auth_strategies/oauth2/request_access_token.js
@@ -18,21 +18,44 @@
     return undefined;
   }
 
+  function extract(data) {
+    var method = accessTokenFromString;
+
+    if (typeof data === 'object') {
+      method = accessTokenFromObject;
+    }
+
+    return method(data);
+  }
+
   RAML.Client.AuthStrategies.Oauth2.requestAccessToken = function(settings, credentialsManager) {
     return function(code) {
       var request = RAML.Client.Request.create(settings.accessTokenUri, 'post');
 
       request.data(credentialsManager.accessTokenParameters(code));
 
-      return $.ajax(request.toOptions()).then(function(data) {
-        var extract = accessTokenFromString;
+      return $.ajax(request.toOptions()).then(extract);
+    };
+  };
+
+  RAML.Client.AuthStrategies.Oauth2.requestCredentialsToken = function(settings, credentialsManager) {
+    return function() {
+      var request = RAML.Client.Request.create(settings.accessTokenUri, 'post');
+
+      request.data(credentialsManager.clientCredentialsParameters());
+
+      return $.ajax(request.toOptions()).then(extract);
+    };
+  };
+
+  RAML.Client.AuthStrategies.Oauth2.requestOwnerToken = function(settings, credentialsManager) {
+    return function() {
+      var request = RAML.Client.Request.create(settings.accessTokenUri, 'post');
 
-        if (typeof data === 'object') {
-          extract = accessTokenFromObject;
-        }
+      request.headers(credentialsManager.resourceOwnerHeaders());
+      request.data(credentialsManager.resourceOwnerParameters());
 
-        return extract(data);
-      });
+      return $.ajax(request.toOptions()).then(extract);
     };
   };
 })();
diff --git a/app/scripts/directives/oauth2.js b/app/scripts/directives/oauth2.js
@@ -2,11 +2,43 @@
 
 (function() {
   RAML.Directives.oauth2 = function() {
+
+    var GRANT_TYPES = [
+      { name: 'Implicit', type: 'token' },
+      { name: 'Authorization Code', type: 'code' },
+      { name: 'Client Credentials', type: 'credentials' },
+      { name: 'Resource Owner Password Credentials', type: 'owner' }
+    ];
+
+    var controller = function($scope) {
+      var authorizationGrants = $scope.scheme.settings.authorizationGrants;
+
+      $scope.grantTypes = GRANT_TYPES.filter(function (grant) {
+        return authorizationGrants.indexOf(grant.type) > -1;
+      });
+
+      $scope.credentials = {
+        clientId: '',
+        clientSecret: '',
+        username: '',
+        password: '',
+        grantType: $scope.grantTypes[0]
+      };
+
+      $scope.$watch('credentials.grantType.type', function (type) {
+        $scope.hasClientSecret      = type !== 'token';
+        $scope.hasOwnerCredentials  = type === 'owner';
+        $scope.requiresClientSecret = $scope.hasClientSecret && type !== 'owner';
+      });
+    };
+
     return {
       restrict: 'E',
       templateUrl: 'views/oauth2.tmpl.html',
       replace: true,
+      controller: controller,
       scope: {
+        scheme: '=',
         credentials: '='
       }
     };

diff --git a/app/styles/forms.less b/app/styles/forms.less
@@ -113,7 +113,8 @@ input.warning {
   outline: 0;
 }
 
-.required {
+.required:before {
+  content: "* ";
   color: @warning;
 }
 

diff --git a/app/views/oauth2.tmpl.html b/app/views/oauth2.tmpl.html
@@ -1,11 +1,36 @@
 <fieldset class="labelled-inline" role="oauth2">
   <div class="control-group">
-    <label for="clientId">Client ID</label>
-    <input type="text" name="clientId" ng-model='credentials.clientId'/>
+    <label for="grantType">Grant Type</label>
+    <select
+      name="grantType"
+      ng-model="credentials.grantType"
+      ng-options="grant.name for grant in grantTypes">
+    </select>
   </div>
 
   <div class="control-group">
-    <label for="clientSecret">Client Secret</label>
-    <input type="password" name="clientSecret" ng-model='credentials.clientSecret'/>
+    <label for="clientId" class="required">Client ID</label>
+
+    <input type="text" name="clientId" ng-model="credentials.clientId" required>
+  </div>
+
+  <div class="control-group" ng-if="hasClientSecret">
+    <label for="clientSecret" ng-class="{ required: requiresClientSecret }">
+      Client Secret
+    </label>
+
+    <input type="password" name="clientSecret" ng-model="credentials.clientSecret" ng-required="requiresClientSecret">
+  </div>
+
+  <div class="control-group" ng-if="hasOwnerCredentials">
+    <label for="username" class="required">Username</label>
+
+    <input type="text" name="username" ng-model="credentials.username" required>
+  </div>
+
+  <div class="control-group" ng-if="hasOwnerCredentials">
+    <label for="password" class="required">Password</label>
+
+    <input type="password" name="password" ng-model="credentials.password" required>
   </div>
 </fieldset>
diff --git a/app/views/parameter_fields.tmpl.html b/app/views/parameter_fields.tmpl.html
@@ -3,8 +3,7 @@
     <div class="parameter-field" ng-repeat="definition in parameter.definitions" ng-show="parameter.isSelected(definition)">
       <div repeatable="definition.repeat" repeatable-model="parameters.values[parameterName]">
         <div class="control-group">
-          <label for="{{parameterName}}">
-            <span class="required" ng-if="definition.required">*</span>
+          <label for="{{parameterName}}" ng-class="{ required: definition.required }">
             {{definition.displayName}}
           </label>
           <parameter-field name='parameterName' model='repeatableModel[$index]' definition='definition' ></parameter-field>

diff --git a/app/views/security_schemes.tmpl.html b/app/views/security_schemes.tmpl.html
@@ -6,9 +6,9 @@ <h2>Authentication</h2>
       <toggle-item heading="Anonymous"></toggle-item>
       <toggle-item ng-repeat="(name, scheme) in schemes" heading="{{name}}">
         <div ng-switch="scheme.type">
-          <basic-auth ng-switch-when="Basic Authentication" credentials='keychain[name]'></basic-auth>
-          <oauth1 ng-switch-when="OAuth 1.0" credentials='keychain[name]'></oauth1>
-          <oauth2 ng-switch-when="OAuth 2.0" credentials='keychain[name]'></oauth2>
+          <basic-auth ng-switch-when="Basic Authentication" scheme="scheme" credentials="keychain[name]"></basic-auth>
+          <oauth1 ng-switch-when="OAuth 1.0" scheme="scheme" credentials="keychain[name]"></oauth1>
+          <oauth2 ng-switch-when="OAuth 2.0" scheme="scheme" credentials="keychain[name]"></oauth2>
         </div>
       </toggle-item>
     </toggle>

diff --git a/spec/unit/client/auth_strategies/grant_spec.js b/spec/unit/client/auth_strategies/grant_spec.js
@@ -18,6 +18,7 @@ describe("RAML.Client.AuthStrategies.Oauth2.Grant", function() {
       beforeEach(function() {
         tokenSpy = spyOn(RAML.Client.AuthStrategies.Oauth2.Grant, 'Token');
         settings = { authorizationGrants: ['token'] };
+        credentials.grantType = { type: 'token' };
         RAML.Client.AuthStrategies.Oauth2.Grant.create(settings, credentials);
       });
 
@@ -36,6 +37,7 @@ describe("RAML.Client.AuthStrategies.Oauth2.Grant", function() {
       beforeEach(function() {
         codeSpy = spyOn(RAML.Client.AuthStrategies.Oauth2.Grant, 'Code');
         settings = { authorizationGrants: ['code'] };
+        credentials.grantType = { type: 'code' };
         RAML.Client.AuthStrategies.Oauth2.Grant.create(settings, credentials);
       });
 
@@ -51,6 +53,7 @@ describe("RAML.Client.AuthStrategies.Oauth2.Grant", function() {
     describe("with an unknown authorizationGrant", function() {
       beforeEach(function() {
         settings = { authorizationGrants: ['unknown'] };
+        credentials.grantType = { type: 'unknown' };
       });
 
       it("throws", function() {
@@ -63,6 +66,7 @@ describe("RAML.Client.AuthStrategies.Oauth2.Grant", function() {
     describe("when no authorizationGrant is present", function() {
       beforeEach(function() {
         settings = {};
+        credentials.grantType = {};
       });
 
       it("throws", function() {