Merge pull request #1 from nulab/master

treyhyde · treyhyde · commit a2a45376ea42 · 2014-06-26T14:46:30.000-07:00
fetch upstream
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 [The OAuth 2.0](http://tools.ietf.org/html/rfc6749) server-side implementation written in Scala.
 
-This provides OAuth 2.0 server-side functionality and supporting function for [Playframework](http://www.playframework.com/). Playframework 2.2 is now supported.
+This provides OAuth 2.0 server-side functionality and supporting function for [Playframework](http://www.playframework.com/). Playframework 2.2 and 2.3 are now supported.
 
 The idea of this library originally comes from [oauth2-server](https://github.com/yoichiro/oauth2-server) which is Java implementation of OAuth 2.0.
 
@@ -22,15 +22,15 @@ If you'd like to use this with Playframework, add "play2-oauth2-provider" to lib
 
 ```scala
 libraryDependencies ++= Seq(
-  "com.nulab-inc" %% "play2-oauth2-provider" % "0.6.0"
+  "com.nulab-inc" %% "play2-oauth2-provider" % "0.7.1"
 )
 ```
 
 Otherwise, add "scala-oauth2-core" instead. In this case, you need to implement your own OAuth provider working with web framework you use.
 
 ```scala
 libraryDependencies ++= Seq(
-  "com.nulab-inc" %% "scala-oauth2-core" % "0.6.0"
+  "com.nulab-inc" %% "scala-oauth2-core" % "0.7.1"
 )
 ```
 
@@ -111,3 +111,12 @@ object MyController extends Controller with OAuth2Provider {
 ```
 
 If you'd like to change the OAuth workflow, modify handleRequest methods of TokenEndPoint and ```ProtectedResource``` traits.
+
+## Examples
+
+- [Playframework 2.2](https://github.com/oyediyildiz/scala-oauth2-provider-example)
+
+## Application using this library
+
+- [Typetalk](https://typetalk.in/)
+- [Backlog](https://backlogtool.com/)
diff --git a/play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala b/play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala
@@ -110,10 +110,10 @@ trait OAuth2Provider extends OAuth2BaseProvider {
    * @return Request is successful then return JSON to client in OAuth 2.0 format.
    *         Request is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: play.api.mvc.Request[A]): SimpleResult = {
+  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: play.api.mvc.Request[A]): Result = {
     TokenEndpoint.handleRequest(request, dataHandler) match {
-      case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e))
-      case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e))
+      case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
+      case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
       case Right(r) => Ok(Json.toJson(responseAccessToken(r)))
     }
   }
@@ -128,7 +128,7 @@ trait OAuth2Provider extends OAuth2BaseProvider {
    * @return Authentication is successful then the response use your API result.
    *         Authentication is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => SimpleResult)(implicit request: play.api.mvc.Request[A]): SimpleResult = {
+  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => Result)(implicit request: play.api.mvc.Request[A]): Result = {
     ProtectedResource.handleRequest(request, dataHandler) match {
       case Left(e) if e.statusCode == 400 => BadRequest.withHeaders(responseOAuthErrorHeader(e))
       case Left(e) if e.statusCode == 401 => Unauthorized.withHeaders(responseOAuthErrorHeader(e))
@@ -181,10 +181,10 @@ trait OAuth2AsyncProvider extends OAuth2BaseProvider {
    * @return Request is successful then return JSON to client in OAuth 2.0 format.
    *         Request is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: play.api.mvc.Request[A]): Future[SimpleResult] = {
+  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: play.api.mvc.Request[A]): Future[Result] = {
     TokenEndpoint.handleRequest(request, dataHandler) match {
-      case Left(e) if e.statusCode == 400 => Future.successful(BadRequest(responseOAuthErrorJson(e)))
-      case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized(responseOAuthErrorJson(e)))
+      case Left(e) if e.statusCode == 400 => Future.successful(BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))
+      case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e)))
       case Right(r) => Future.successful(Ok(Json.toJson(responseAccessToken(r))))
     }
   }
@@ -199,7 +199,7 @@ trait OAuth2AsyncProvider extends OAuth2BaseProvider {
    * @return Authentication is successful then the response use your API result.
    *         Authentication is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => Future[SimpleResult])(implicit request: play.api.mvc.Request[A]): Future[SimpleResult] = {
+  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => Future[Result])(implicit request: play.api.mvc.Request[A]): Future[Result] = {
     ProtectedResource.handleRequest(request, dataHandler) match {
       case Left(e) if e.statusCode == 400 => Future.successful(BadRequest.withHeaders(responseOAuthErrorHeader(e)))
       case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized.withHeaders(responseOAuthErrorHeader(e)))
diff --git a/project/Build.scala b/project/Build.scala
@@ -4,58 +4,63 @@ import Keys._
 object ScalaOAuth2Build extends Build {
 
   lazy val _organization = "com.nulab-inc"
-  lazy val _version =  "0.6.0"
-  lazy val _playVersion =  "2.2.0"
+  lazy val _version =  "0.7.1"
+  def _playVersion(version: String) = version match {
+    case "2.11.0" => "2.3.0"
+    case _ => "2.2.3"
+  }
 
   val _scalaVersion = "2.10.3"
-  val _crossScalaVersions = Seq("2.9.3", "2.10.3")
+  val _crossScalaVersions = Seq("2.10.3", "2.11.0")
 
   val commonDependenciesInTestScope = Seq(
-    "org.scalatest" %% "scalatest" % "2.0" % "test"
+    "org.scalatest" %% "scalatest" % "2.1.6" % "test"
+  )
+
+  lazy val scalaOAuth2ProviderSettings = Defaults.defaultSettings ++ Seq(
+    organization := _organization,
+    version := _version,
+    scalaVersion := _scalaVersion,
+    crossScalaVersions := _crossScalaVersions,
+    scalacOptions ++= _scalacOptions,
+    publishTo <<= version { (v: String) => _publishTo(v) },
+    publishMavenStyle := true,
+    publishArtifact in Test := false,
+    pomIncludeRepository := { x => false },
+    pomExtra := _pomExtra
   )
 
+  lazy val root = Project(
+    id = "scala-oauth2-provider",
+    base = file("."),
+    settings = scalaOAuth2ProviderSettings ++ Seq(
+      name := "scala-oauth2-provider",
+      description := "OAuth 2.0 server-side implementation written in Scala"
+    )
+  ).aggregate(scalaOAuth2Core, play2OAuth2Provider)
+
   lazy val scalaOAuth2Core = Project(
     id = "scala-oauth2-core",
     base = file("scala-oauth2-core"),
-    settings = Defaults.defaultSettings ++ Seq(
-      organization := _organization,
+    settings = scalaOAuth2ProviderSettings ++ Seq(
       name := "scala-oauth2-core",
       description := "OAuth 2.0 server-side implementation written in Scala",
-      version := _version,
-      scalaVersion := _scalaVersion,
-      crossScalaVersions := _crossScalaVersions,
-      scalacOptions ++= _scalacOptions,
       libraryDependencies ++= Seq(
         "commons-codec" % "commons-codec" % "1.8"
-      ) ++ commonDependenciesInTestScope,
-      publishTo <<= version { (v: String) => _publishTo(v) },
-      publishMavenStyle := true,
-      publishArtifact in Test := false,
-      pomIncludeRepository := { x => false },
-      pomExtra := _pomExtra
+      ) ++ commonDependenciesInTestScope
     )
   )
 
   lazy val play2OAuth2Provider = Project(
     id = "play2-oauth2-provider",
     base = file("play2-oauth2-provider"),
-    settings = Defaults.defaultSettings ++ Seq(
-      organization := _organization,
+    settings = scalaOAuth2ProviderSettings ++ Seq(
       name := "play2-oauth2-provider",
       description := "Support scala-oauth2-core library on Playframework Scala",
-      version := _version,
-      scalaVersion := _scalaVersion,
-      crossScalaVersions := _crossScalaVersions,
-      scalacOptions ++= _scalacOptions,
-      resolvers += "Typesafe repository" at "http://repo.typesafe.com/typesafe/releases/",
+      resolvers += "Typesafe repository" at "http://repo.typesafe.com/typesafe/maven-releases/",
       libraryDependencies ++= Seq(
-        "com.typesafe.play" %% "play" % _playVersion % "provided"
-      ) ++ commonDependenciesInTestScope,
-      publishTo <<= version { (v: String) => _publishTo(v) },
-      publishMavenStyle := true,
-      publishArtifact in Test := false,
-      pomIncludeRepository := { x => false },
-      pomExtra := _pomExtra
+        "com.typesafe.play" %% "play" % _playVersion(scalaVersion.value) % "provided"
+      ) ++ commonDependenciesInTestScope
     )
   ) dependsOn(scalaOAuth2Core)
 
diff --git a/scala-oauth2-core/src/main/scala/scalaoauth2/provider/AccessTokenFetcher.scala b/scala-oauth2-core/src/main/scala/scalaoauth2/provider/AccessTokenFetcher.scala
@@ -49,6 +49,7 @@ object AuthHeader extends AccessTokenFetcher {
       val pairs = REGEXP_DIV_COMMA.split(trimmedHeader).map { exp =>
         val (key, value) = exp.split("=", 2) match {
           case Array(k, v) => (k, v.replaceFirst("^\"", ""))
+          case Array(k) => (k, "")
         }
 
         (key, URLDecoder.decode(value.replaceFirst("\"$", ""), "UTF-8"))
diff --git a/scala-oauth2-core/src/test/scala/scalaoauth2/provider/AuthHeaderSpec.scala b/scala-oauth2-core/src/test/scala/scalaoauth2/provider/AuthHeaderSpec.scala
@@ -71,4 +71,10 @@ class AuthHeaderSpec extends FlatSpec {
     result.token should be ("token1")
   }
 
+  it should "fetch illegal parameter without =" in {
+    val result = AuthHeader.fetch(createRequest(Some("""OAuth access_token_value,fizz=buzz,foo""")))
+    result.token should be ("access_token_value")
+    result.params("fizz") should be ("buzz")
+    result.params("foo") should be ("")
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ object AuthHeader extends AccessTokenFetcher {`
`49`	`49`	`val pairs = REGEXP_DIV_COMMA.split(trimmedHeader).map { exp =>`
`50`	`50`	`val (key, value) = exp.split("=", 2) match {`
`51`	`51`	`case Array(k, v) => (k, v.replaceFirst("^\"", ""))`
	`52`	`+ case Array(k) => (k, "")`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`(key, URLDecoder.decode(value.replaceFirst("\"$", ""), "UTF-8"))`
Original file line number	Diff line number	Diff line change
`@@ -71,4 +71,10 @@ class AuthHeaderSpec extends FlatSpec {`
`71`	`71`	`result.token should be ("token1")`
`72`	`72`	`}`
`73`	`73`
	`74`	`+ it should "fetch illegal parameter without =" in {`
	`75`	`+ val result = AuthHeader.fetch(createRequest(Some("""OAuth access_token_value,fizz=buzz,foo""")))`
	`76`	`+ result.token should be ("access_token_value")`
	`77`	`+ result.params("fizz") should be ("buzz")`
	`78`	`+ result.params("foo") should be ("")`
	`79`	`+ }`
`74`	`80`	`}`