capcoauth 0.4.0 → 0.5.0

data/spec/dummy/db/schema.rb

@@ -0,0 +1,22 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20111122132257) do
+
+  create_table "users", force: :cascade do |t|
+    t.string   "name"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+end

data/spec/dummy/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/500.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+    <p>We've been notified about this issue and we'll take a look at it shortly.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/generators/install_generator_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper_integration'
+require 'generators/capcoauth/install_generator'
+
+describe 'Capcoauth::InstallGenerator' do
+  include GeneratorSpec::TestCase
+
+  tests Capcoauth::InstallGenerator
+  destination ::File.expand_path('../tmp/dummy', __FILE__)
+
+  describe 'after running the generator' do
+    before :each do
+      prepare_destination
+      FileUtils.mkdir(::File.expand_path('config', Pathname(destination_root)))
+      FileUtils.mkdir(::File.expand_path('db', Pathname(destination_root)))
+      FileUtils.copy_file(::File.expand_path('../templates/routes.rb', __FILE__), ::File.expand_path('config/routes.rb', Pathname.new(destination_root)))
+      run_generator
+    end
+
+    it 'creates an initializer file' do
+      assert_file 'config/initializers/capcoauth.rb'
+    end
+
+    it 'adds sample route' do
+      assert_file 'config/routes.rb', /use_capcoauth/
+    end
+  end
+end

data/spec/generators/templates/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+
+end

data/spec/lib/capcoauth/oauth/access_token_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper_integration'
+
+describe Capcoauth::OAuth::AccessToken do
+
+  describe '.initialize' do
+    it 'has token but no user ID' do
+      token = Capcoauth::OAuth::AccessToken.new 'abc'
+      expect(token.token).to eq('abc')
+      expect(token.user_id).to be_nil
+    end
+
+    it 'calls TTLCache.user_id_for and sets user_id to return value' do
+      ttl_cache_double = class_double('Capcoauth::OAuth::TTLCache').as_stubbed_const
+      allow(ttl_cache_double).to receive(:user_id_for).and_return('123')
+      token = Capcoauth::OAuth::AccessToken.new 'abc'
+      expect(token.token).to eq('abc')
+      expect(token.user_id).to eq('123')
+    end
+  end
+
+  describe '.verify' do
+    it 'calls TokenVerifier.verify with self' do
+      verifier_double = class_double('Capcoauth::OAuth::TokenVerifier').as_stubbed_const
+      allow(verifier_double).to receive(:verify).and_return('CALLED')
+
+      token = Capcoauth::OAuth::AccessToken.new nil
+      expect(token.token).to be_nil
+      expect(token.verify).to eq('CALLED')
+    end
+  end
+end

data/spec/lib/capcoauth/oauth/token_verifier_spec.rb

@@ -0,0 +1,121 @@
+require 'httparty'
+require 'net/http'
+
+class MockHttpResponse
+  def initialize(**opts)
+    opts.each do |key, val|
+      instance_variable_set("@#{key}", val)
+    end
+  end
+  def code; @code; end
+  def headers; @headers; end
+  def parsed_response; @body; end
+end
+
+describe Capcoauth::OAuth::TokenVerifier do
+  subject { Capcoauth::OAuth::TokenVerifier }
+  describe '#verify' do
+    before do
+      Capcoauth.configuration.client_id = 'verifier_test_client_id'
+    end
+
+    it 'raises UnauthorizedError when no access token object passed' do
+      expect{subject.verify(nil)}.to raise_error(Capcoauth::OAuth::TokenVerifier::UnauthorizedError, 'Please log in to continue')
+    end
+
+    it 'raises UnauthorizedError when access token object has no token material' do
+      expect{subject.verify(Capcoauth::OAuth::AccessToken.new(nil))}.to raise_error(Capcoauth::OAuth::TokenVerifier::UnauthorizedError, 'Please log in to continue')
+    end
+
+    it 'returns access token object if access_token is valid' do
+      Capcoauth::OAuth::TTLCache.update('abc', '123')
+      token = Capcoauth::OAuth::AccessToken.new('abc')
+      expect(subject.verify(token)).to equal(token)
+      Capcoauth::OAuth::TTLCache.remove('abc')
+    end
+
+    it 'calls HTTParty.get and raises OtherError on Net::OpenTimeout' do
+      httparty_double = class_double('HTTParty').as_stubbed_const
+      expect(httparty_double).to receive(:get).and_raise(Net::OpenTimeout)
+      token = Capcoauth::OAuth::AccessToken.new('iamnew')
+      expect{subject.verify(token)}.to raise_error(Capcoauth::OAuth::TokenVerifier::OtherError, 'An error occurred while verifying your credentials (server not available)')
+    end
+
+    it 'calls HTTParty.get and raises UnauthorizedError if ID type is not returned' do
+      Capcoauth.configuration.user_id_field = :psoft
+      httparty_double = class_double('HTTParty').as_stubbed_const
+      expect(httparty_double).to receive(:get).and_return(MockHttpResponse.new(code: 200, body: {
+        'resource_owner_id' => '123',
+        'external_ids' => {}
+      }))
+      token = Capcoauth::OAuth::AccessToken.new('iamnew')
+      expect{subject.verify(token)}.to raise_error(Capcoauth::OAuth::TokenVerifier::UnauthorizedError, 'The system cannot recognize you by that ID type')
+      Capcoauth.configuration.user_id_field = :capcoauth
+    end
+
+    it 'calls HTTParty.get and raises UnauthorizedError if ID type is not returned' do
+      httparty_double = class_double('HTTParty').as_stubbed_const
+      expect(httparty_double).to receive(:get).and_return(MockHttpResponse.new(code: 200, body: {
+        'resource_owner_id' => '123',
+        'application' => {
+          'uid' => 'not_client_id_123'
+        }
+      }))
+      token = Capcoauth::OAuth::AccessToken.new('iamnew')
+      expect{subject.verify(token)}.to raise_error(Capcoauth::OAuth::TokenVerifier::UnauthorizedError, 'Your credentials are valid, but are not for use with this system')
+    end
+
+    it 'calls HTTParty.get and raises UnauthorizedError if token is unknown' do
+      httparty_double = class_double('HTTParty').as_stubbed_const
+      expect(httparty_double).to receive(:get).and_return(MockHttpResponse.new(code: 401, body: {
+        'error': 'invalid_request',
+        'error_description': 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
+      }))
+      token = Capcoauth::OAuth::AccessToken.new('iamnew')
+      expect{subject.verify(token)}.to raise_error(Capcoauth::OAuth::TokenVerifier::UnauthorizedError, 'Please log in to continue')
+    end
+
+    it 'calls HTTParty.get and raises UnauthorizedError if token is unknown' do
+      httparty_double = class_double('HTTParty').as_stubbed_const
+      expect(httparty_double).to receive(:get).and_return(MockHttpResponse.new(code: 12345, body: {
+        'error': 'invalid_request',
+        'error_description': 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
+      }))
+      token = Capcoauth::OAuth::AccessToken.new('iamnew')
+      expect{subject.verify(token)}.to raise_error(Capcoauth::OAuth::TokenVerifier::OtherError, 'An error occurred while verifying your credentials (unknown response)')
+    end
+
+    it 'calls HTTParty.get and returns access token with capcoauth id type' do
+      httparty_double = class_double('HTTParty').as_stubbed_const
+      expect(httparty_double).to receive(:get).and_return(MockHttpResponse.new(code: 200, body: {
+        'resource_owner_id' => 'capcoauth_123',
+        'application' => {
+          'uid' => 'verifier_test_client_id'
+        }
+      }))
+      token = Capcoauth::OAuth::AccessToken.new('capcoauth_user_token')
+      expect(subject.verify(token)).to equal(token)
+      expect(token.user_id).to eq('capcoauth_123')
+      Capcoauth::OAuth::TTLCache.remove('capcoauth_user_token')
+    end
+
+    it 'calls HTTParty.get and returns access token with psoft id type' do
+      Capcoauth.configuration.user_id_field = :psoft
+      httparty_double = class_double('HTTParty').as_stubbed_const
+      expect(httparty_double).to receive(:get).and_return(MockHttpResponse.new(code: 200, body: {
+        'resource_owner_id' => '123',
+        'application' => {
+          'uid' => 'verifier_test_client_id'
+        },
+        'external_ids' => {
+          'psoft' => 'psoft_123'
+        }
+      }))
+      token = Capcoauth::OAuth::AccessToken.new('psoft_user_token')
+      expect(subject.verify(token)).to equal(token)
+      expect(token.user_id).to eq('psoft_123')
+      Capcoauth::OAuth::TTLCache.remove('psoft_user_token')
+      Capcoauth.configuration.user_id_field = :capcoauth
+    end
+  end
+end

data/spec/lib/capcoauth/oauth/ttl_cache_spec.rb

@@ -0,0 +1,88 @@
+require 'spec_helper_integration'
+
+describe Capcoauth::OAuth::TTLCache do
+  subject { Capcoauth::OAuth::TTLCache }
+
+  describe '#user_id_for' do
+    it 'returns nil when store contains no token' do
+      expect(subject.user_id_for('idontexist')).to be_nil
+    end
+
+    it 'returns user_id when store contains token' do
+      subject.update('abc', '123')
+      expect(subject.user_id_for('abc')).to eq('123')
+      subject.remove('abc')
+    end
+
+    it 'returns user_id when TTL is almost expired' do
+      subject.update('abc', '123')
+      Timecop.freeze(Time.zone.now + (Capcoauth.configuration.token_verify_ttl - 1).seconds) do
+        expect(subject.user_id_for('abc')).to eq('123')
+      end
+      subject.remove('abc')
+    end
+
+    it 'returns nil when TTL is expired' do
+      subject.update('abc', '123')
+      Timecop.freeze(Time.zone.now + (Capcoauth.configuration.token_verify_ttl + 1).seconds) do
+        expect(subject.user_id_for('abc')).to be_nil
+      end
+      subject.remove('abc')
+    end
+  end
+
+  describe '#update' do
+    it 'returns true on write' do
+      expect(subject.update('abc', '123')).to be true
+      expect(subject.user_id_for('abc')).to eq('123')
+      subject.remove('abc')
+    end
+
+    it 'respects expires_in TTL' do
+      subject.update('abc', '123')
+      Timecop.freeze(Time.zone.now + (Capcoauth.configuration.token_verify_ttl - 1).seconds) do
+        expect(subject.user_id_for('abc')).to eq('123')
+      end
+      Timecop.freeze(Time.zone.now + (Capcoauth.configuration.token_verify_ttl + 1).seconds) do
+        expect(subject.user_id_for('abc')).to be_nil
+      end
+      subject.remove('abc')
+    end
+
+    it 'overwrites existing values' do
+      subject.update('abc', '123')
+      expect(subject.update('abc', '456')).to be true
+      expect(subject.user_id_for('abc')).to eq('456')
+      subject.remove('abc')
+    end
+  end
+
+  describe '#remove' do
+    it 'returns false when value doesn\'t exist' do
+      expect(subject.remove('idontexist')).to be false
+    end
+    it 'returns true when value exists' do
+      expect(subject.update('abc', '123')).to be true
+      expect(subject.remove('abc')).to be true
+    end
+    it 'returns true when value is expired and false after removed' do
+      expect(subject.update('abc', '123')).to be true
+      Timecop.freeze(Time.zone.now + (Capcoauth.configuration.token_verify_ttl + 1).seconds) do
+        expect(subject.remove('abc')).to be true
+        expect(subject.remove('abc')).to be false
+      end
+    end
+  end
+
+  describe '#key_for' do
+    it 'returns formatted key' do
+      expect(subject.key_for('abc')).to eq('capcoauth_token:abc')
+    end
+  end
+
+  describe '#store' do
+    it 'returns Capcoauth.cache_store' do
+      expect(subject.store).to equal(Capcoauth.configuration.cache_store)
+    end
+  end
+end

data/spec/lib/capcoauth_spec.rb

@@ -0,0 +1,3 @@
+require 'spec_helper'
+describe Capcoauth do
+end

data/spec/lib/config_spec.rb

@@ -0,0 +1,215 @@
+require 'spec_helper_integration'
+
+class DummyLogger; end
+class DummyStore; end
+class DummyUser
+  attr_reader :user_id
+  def initialize(user_id)
+    @user_id = user_id
+  end
+end
+
+describe Capcoauth::Config do
+  subject {
+    Capcoauth.configure do |config|
+      config.client_id = 'ci'
+      config.client_secret = 'cs'
+      config.user_resolver = -> user_id {
+        DummyUser.new user_id
+      }
+    end
+  }
+
+  describe 'subject' do
+    it 'is an instance of Capcoauth::Config' do
+      expect(subject).to be_a(Capcoauth::Config)
+    end
+  end
+
+  describe 'default config requires required options' do
+    subject :default_config do
+      Capcoauth::Config::Builder.new do; end.build
+    end
+
+    it 'fails when not client_id not set' do
+      expect{default_config.client_id}.to raise_error(Capcoauth::MissingRequiredOptionError, 'Missing required option `client_id`')
+    end
+    it 'fails when not client_secret not set' do
+      expect{default_config.client_secret}.to raise_error(Capcoauth::MissingRequiredOptionError, 'Missing required option `client_secret`')
+    end
+    it 'fails when not client_user_resolver not set' do
+      expect{default_config.user_resolver}.to raise_error(Capcoauth::MissingRequiredOptionError, 'Missing required option/lambda `user_resolver`')
+    end
+  end
+
+  describe 'client_id' do
+    it 'has value of ci' do
+      expect(subject.client_id).to eq('ci')
+    end
+    it 'can be updated to test_123' do
+      subject.client_id = 'test_123'
+      expect(subject.client_id).to eq('test_123')
+      subject.client_id = 'ci'
+    end
+    it 'cannot be set to nil' do
+      expect{subject.client_id = nil}.to raise_error(Capcoauth::MissingRequiredOptionError, '`client_id` cannot be set to nil')
+    end
+  end
+
+  describe 'client_secret' do
+    it 'has value of cs' do
+      expect(subject.client_secret).to eq('cs')
+    end
+    it 'can be updated to test_123' do
+      subject.client_secret = 'test_456'
+      expect(subject.client_secret).to eq('test_456')
+      subject.client_secret = 'cs'
+    end
+    it 'cannot be set to nil' do
+      expect{subject.client_secret = nil}.to raise_error(Capcoauth::MissingRequiredOptionError, '`client_secret` cannot be set to nil')
+    end
+  end
+
+  describe 'user_resolver' do
+    before do
+      @old_resolver = subject.user_resolver
+    end
+    after do
+      subject.user_resolver = @old_resolver
+    end
+
+    it 'sets the block that is accessible via user_resolver' do
+      block = proc {}
+      subject.user_resolver = block
+      expect(subject.user_resolver).to equal(block)
+    end
+
+    it 'returns a dummy user' do
+      returned_user = subject.user_resolver.call('123')
+      expect(returned_user).to be_a(DummyUser)
+      expect(returned_user.user_id).to eq('123')
+    end
+
+    it 'raises error from resolver' do
+      subject.user_resolver = -> user_id {
+        User.find_by! id: user_id
+      }
+      expect{subject.user_resolver.call('iwillneverexist')}.to raise_error(ActiveRecord::RecordNotFound, 'Couldn\'t find User')
+    end
+  end
+
+  describe 'logger' do
+    after do
+      subject.logger = ::Rails.logger
+    end
+
+    it 'defaults to Rails.logger' do
+      expect(subject.logger).to equal(::Rails.logger)
+    end
+    it 'can be updated to custom logger' do
+      new_logger = DummyLogger.new
+      subject.logger = new_logger
+      expect(subject.logger).to equal(new_logger)
+    end
+    it 'can be set to nil' do
+      subject.logger = nil
+      expect(subject.logger).to be_nil
+    end
+  end
+
+  describe 'using_routes' do
+    it 'has value false by default' do
+      expect(subject.using_routes).to be_falsey
+    end
+    it 'can be updated to true' do
+      subject.using_routes = true
+      expect(subject.using_routes).to be_truthy
+      subject.using_routes = false
+    end
+    it 'is updated to true by Rails.application.routes.draw' do
+      subject.using_routes = false
+      expect(subject.using_routes).to be_falsy
+      Rails.application.routes.draw do
+        use_capcoauth
+      end
+      expect(subject.using_routes).to be_truthy
+    end
+  end
+
+  describe 'perform_login_redirects' do
+    it 'has value true by default' do
+      expect(subject.perform_login_redirects).to be_truthy
+    end
+    it 'can be updated to false' do
+      subject.perform_login_redirects = false
+      expect(subject.perform_login_redirects).to be_falsey
+      subject.perform_login_redirects = true
+    end
+  end
+
+  describe 'token_verify_ttl' do
+    it 'has value 10 by default' do
+      expect(subject.token_verify_ttl).to eq(Capcoauth::Config::TOKEN_VERIFY_TTL_DEFAULT)
+    end
+    it 'can be updated to other value' do
+      subject.token_verify_ttl = 60
+      expect(subject.token_verify_ttl).to eq(60)
+      subject.token_verify_ttl = Capcoauth::Config::TOKEN_VERIFY_TTL_DEFAULT
+    end
+  end
+
+  describe 'capcoauth_url' do
+    it "has value #{Capcoauth::Config::CAPCOAUTH_URL_DEFAULT} by default" do
+      expect(subject.capcoauth_url).to eq(Capcoauth::Config::CAPCOAUTH_URL_DEFAULT)
+    end
+    it 'can be updated to other value' do
+      subject.capcoauth_url = 'https://example.com'
+      expect(subject.capcoauth_url).to eq('https://example.com')
+      subject.capcoauth_url = Capcoauth::Config::CAPCOAUTH_URL_DEFAULT
+    end
+  end
+
+  describe 'user_id_field' do
+    it 'has value :capcoauth by default' do
+      expect(subject.user_id_field).to eq(:capcoauth)
+    end
+    it 'can be updated to false' do
+      subject.user_id_field = :psoft
+      expect(subject.user_id_field).to eq(:psoft)
+      subject.user_id_field = :capcoauth
+    end
+  end
+
+  describe 'cache_store' do
+    before do
+      @cache_store = subject.cache_store
+    end
+    after do
+      subject.cache_store = @cache_store
+    end
+
+    it 'defaults to ActiveSupport::Cache::MemoryStore store' do
+      expect(subject.cache_store).to be_a(::ActiveSupport::Cache::MemoryStore)
+    end
+    it 'can be updated to custom store' do
+      new_store = DummyStore.new
+      subject.cache_store = new_store
+      expect(subject.cache_store).to equal(new_store)
+    end
+    it 'can be set to nil' do
+      subject.cache_store = nil
+      expect(subject.cache_store).to be_nil
+    end
+  end
+
+  describe 'require_user' do
+    it 'has value true by default' do
+      expect(subject.require_user).to be_truthy
+    end
+    it 'can be updated to false' do
+      subject.require_user = false
+      expect(subject.require_user).to be_falsey
+      subject.require_user = true
+    end
+  end
+end

data/spec/lib/version_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+describe Capcoauth do
+  describe '#gem_version' do
+    subject { Capcoauth.gem_version }
+
+    it 'has a Gem::Version version' do
+      expect(subject).to be_a(Gem::Version)
+    end
+    it 'has semver format' do
+      parts = subject.to_s.split('.')
+      expect(parts.length).to eq(3)
+      parts.each do |part|
+        expect(part.to_i.to_s).to eq(part)
+      end
+    end
+  end
+end
+
+describe Capcoauth::VERSION do
+  it 'has integer parts' do
+    expect(Capcoauth::VERSION::MAJOR).to be_an(Integer)
+    expect(Capcoauth::VERSION::MINOR).to be_an(Integer)
+    expect(Capcoauth::VERSION::PATCH).to be_an(Integer)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+# $LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
+# $LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../app'))
+
+require 'simplecov'
+SimpleCov.start 'rails'
+
+require 'rails'
+require 'capcoauth'