oauth.rb in osso-0.0.3.5

- old
+ new
@@ -3,56 +3,61 @@
 require 'rack/oauth2'
 
 module Osso
   class Oauth < Sinatra::Base
     include AppConfig
-    # Send your users here in order to being an authentication
-    # flow. This flow follows the authorization grant oauth
-    # spec with one exception - you must also pass the domain
-    # of the user who wants to sign in.
-    get '/authorize' do
-      @enterprise = Models::EnterpriseAccount.
-        includes(:saml_providers).
-        find_by!(domain: params[:domain])
+    register Sinatra::Namespace
+    # rubocop:disable Metrics/BlockLength
+    namespace '/oauth' do
+      # Send your users here in order to being an authentication
+      # flow. This flow follows the authorization grant oauth
+      # spec with one exception - you must also pass the domain
+      # of the user who wants to sign in.
+      get '/authorize' do
+        @enterprise = Models::EnterpriseAccount.
+          includes(:saml_providers).
+          find_by!(domain: params[:domain])
 
-      Rack::OAuth2::Server::Authorize.new do |req, _res|
-        client = Models::OauthClient.find_by!(identifier: req.client_id)
-        req.verify_redirect_uri!(client.redirect_uri_values)
-      end.call(env)
+        Rack::OAuth2::Server::Authorize.new do |req, _res|
+          client = Models::OauthClient.find_by!(identifier: req.client_id)
+          req.verify_redirect_uri!(client.redirect_uri_values)
+        end.call(env)
 
-      if @enterprise.single_provider?
-        session[:oauth_state] = params[:state]
-        redirect "/auth/saml/#{@enterprise.provider.id}"
-      end
+        if @enterprise.single_provider?
+          session[:oauth_state] = params[:state]
+          redirect "/auth/saml/#{@enterprise.provider.id}"
+        end
 
-      # TODO: multiple provider support
-      # erb :multiple_providers
+        # TODO: multiple provider support
+        # erb :multiple_providers
 
-    rescue Rack::OAuth2::Server::Authorize::BadRequest => e
-      @error = e
-      return erb :error
-    end
+      rescue Rack::OAuth2::Server::Authorize::BadRequest => e
+        @error = e
+        return erb :error
+      end
 
-    # Exchange an authorization code token for an access token.
-    # In addition to the token, you must include all paramaters
-    # required by Oauth spec: redirect_uri, client ID, and client secret
-    post '/token' do
-      Rack::OAuth2::Server::Token.new do |req, res|
-        code = Models::AuthorizationCode.
-          find_by_token!(params[:code])
-        client = Models::OauthClient.find_by!(identifier: req.client_id)
-        req.invalid_client! if client.secret != req.client_secret
-        req.invalid_grant! if code.redirect_uri != req.redirect_uri
-        res.access_token = code.access_token.to_bearer_token
-      end.call(env)
-    end
+      # Exchange an authorization code token for an access token.
+      # In addition to the token, you must include all paramaters
+      # required by Oauth spec: redirect_uri, client ID, and client secret
+      post '/token' do
+        Rack::OAuth2::Server::Token.new do |req, res|
+          code = Models::AuthorizationCode.
+            find_by_token!(params[:code])
+          client = Models::OauthClient.find_by!(identifier: req.client_id)
+          req.invalid_client! if client.secret != req.client_secret
+          req.invalid_grant! if code.redirect_uri != req.redirect_uri
+          res.access_token = code.access_token.to_bearer_token
+        end.call(env)
+      end
 
-    # Use the access token to request a user profile
-    get '/me' do
-      json Models::AccessToken.
-        includes(:user).
-        valid.
-        find_by_token!(params[:access_token]).
-        user
+      # Use the access token to request a user profile
+      get '/me' do
+        json Models::AccessToken.
+          includes(:user).
+          valid.
+          find_by_token!(params[:access_token]).
+          user
+      end
     end
   end
 end
+# rubocop:enable Metrics/BlockLength