danski-ooh-auth 0.1.2

data/spec/models/token_spec.rb

@@ -0,0 +1,139 @@
+require File.join( File.dirname(__FILE__), '..', "spec_helper" )
+
+describe OohAuth::Token do
+
+  before :each do
+    @authenticating_clients = 3.of {OohAuth::AuthenticatingClient.gen}
+    @users = 3.of {user_class.gen}
+    @date = DateTime.civil(2009)
+  end
+
+  it "should be creatable as a request key for an application" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    a.expires.should == @date
+    a.authenticating_client.should == @authenticating_clients.first
+    a.key.should_not be_blank
+    a.user.should be_nil
+    a.should be_valid
+    a.activated?.should be_false
+  end
+  
+  it "should generate a unique token_key upon creation" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    a.token_key.should match(/[a-zA-Z0-9]{10}/)
+  end
+  it "should generate a unique token and apply the given expiry upon activation" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    result = a.activate!(@users.first)
+    a.should be_valid
+    result.should be_true
+    a.token_key.should match(/[a-zA-Z0-9]{10}/)
+    a.activated?.should be_true
+  end
+  it "should not activate if no user has been specified" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    a.activate!(nil).should be_false
+    a.activated?.should be_false
+  end
+  
+  it "should not change token_key code on save if one was already set" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    a.new_record?.should be_false
+    a.activate!(@users.first).should be_true
+    t = a.token_key
+    a.save
+    a.token_key.should == t
+  end
+  
+  it "should be findable with ::get_token" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    OohAuth::Token.get_token(a.token_key).should == a
+  end
+  
+  it "should get a new key when activated" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    token = a.token_key
+    token.should_not be_blank
+    a.activate!(@users.first).should be_true
+    a.token_key.should_not == token
+    a.token_key.should_not be_blank
+  end
+  
+  it "should generate a secret on first save" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    a.secret.should match(/[a-zA-Z0-9]{10}/)
+  end
+  it "should not change the secret on further saves" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    secret = a.secret
+    a.expires = 1.year.since
+    a.save.should be_true
+    a.secret.should == secret
+  end
+  
+  it "should determine if the object is editable by a given user" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    a.activate!(@users.first)
+    a.editable_by_user?(@users.first).should be_true
+    a.editable_by_user?(user_class.gen).should be_false
+  end
+  
+  it "should return default permissions if permissions are not set" do
+    a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+    OohAuth[:default_permissions].should_not be_nil
+    a.permissions = nil
+    a.permissions.should == OohAuth[:default_permissions]
+    a.permissions = "delete"
+    a.permissions.should == "delete"
+  end
+  
+  describe "#authenticate!" do
+    before :each do
+      @user = user_class.gen
+      @activated = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+      @activated.activate!(@user).should be_true
+      @unactivated = OohAuth::Token.create_request_key(@authenticating_clients[1], @date)
+    end
+    
+    it "should not authenticate a user when given an incorrect API key and an activated token_key" do      
+      OohAuth::Token.authenticate!("DSFARGEG", @activated.token_key).should be_nil
+    end
+    it "should not authenticate a user when given a correct API key and an unactivated key token_key" do
+      OohAuth::Token.authenticate!(@authenticating_clients.first.api_key, @unactivated.token_key).should be_nil
+    end
+    it "should not authenticate a user when given a correct API key but an incorrect token_key" do
+      OohAuth::Token.authenticate!(@authenticating_clients.first.api_key, "DSFARGEG").should be_nil
+    end
+    it "should authenticate a user when given a correct API key and a correct, activated token_key" do
+      #@a.user_id.should == ""
+      OohAuth::Token.authenticate!(@authenticating_clients.first.api_key, @activated.token_key).should == @user
+    end
+  end
+  
+  describe "transformations" do
+    before :each do
+      @user = user_class.gen
+      @a = OohAuth::Token.create_request_key(@authenticating_clients.first, @date)
+      @a.new_record?.should be_false
+    end
+    
+    it "should transform as a 'request_key' bundle when not activated" do
+      @a.activated?.should be_false
+      @a.to_xml.should contain(@a.token_key)
+      @a.to_json.should contain(@a.token_key)
+      @a.to_json.should contain("request_key")
+      @a.to_yaml.should contain(@a.token_key)
+      @a.to_yaml.should contain("request_key")      
+    end
+    it "should transform as a 'access_key' bundle when activated" do
+      @a.activate!(@user).should be_true
+      @a.token_key.should match(/[0-9A-Za-z]{10}/)
+      @a.to_xml.should  contain(@a.token_key)
+      @a.to_json.should contain(@a.token_key)
+      @a.to_json.should contain("access_key")
+      @a.to_yaml.should contain(@a.token_key)
+      @a.to_yaml.should contain("access_key")
+    end
+  end 
+  
+end

data/spec/spec_fixtures.rb

@@ -0,0 +1,19 @@
+OohAuth::Mocks::User.fixture{{
+  :name         => (name = /\w+/.gen),
+  :login        => name,
+  :email        => "#{name}@test.com",
+  :password     => (password = "#{name}_goodpass"),
+  :password_confirmation => password
+}}
+
+OohAuth::AuthenticatingClient.fixture{{
+  :name         =>  /\w+/.gen,
+  :web_url      =>  "http://www.#{ /\w+/.gen }.com/client/",
+  :api_key      =>  /\w+/.gen,
+  :secret       =>  /\w+/.gen,
+  :kind         =>  /desktop|web/.gen
+}}
+
+OohAuth::Token.fixture{{
+  
+}}

data/spec/spec_helper.rb

@@ -0,0 +1,107 @@
+require 'rubygems'
+require 'merb-core'
+require 'merb-slices'
+require 'spec'
+
+# Add ooh-auth.rb to the search path
+Merb::Plugins.config[:merb_slices][:auto_register] = true
+Merb::Plugins.config[:merb_slices][:search_path]   = File.join(File.dirname(__FILE__), '..', 'lib', 'ooh-auth.rb')
+require Merb::Plugins.config[:merb_slices][:search_path]
+
+# Using Merb.root below makes sure that the correct root is set for
+# - testing standalone, without being installed as a gem and no host application
+# - testing from within the host application; its root will be used
+Merb.start_environment(
+  :testing => true, 
+  :adapter => 'runner', 
+  :environment => ENV['MERB_ENV'] || 'test',
+  :session_store => 'memory'
+)
+
+module Merb
+  module Test
+    module SliceHelper
+      
+      # The absolute path to the current slice
+      def current_slice_root
+        @current_slice_root ||= File.expand_path(File.join(File.dirname(__FILE__), '..'))
+      end
+      
+      # Whether the specs are being run from a host application or standalone
+      def standalone?
+        #raise StandardError, "Merb.root #{Merb.root.inspect} ::OohAuth.root #{::OohAuth.root.inspect}"
+        File.join(Merb.root, "") == File.join(::OohAuth.root, "")
+      end
+      
+	    def user_class
+	      Merb::Authentication.user_class
+      end
+  	  
+  	  def noko(document)
+        Nokogiri::HTML(document)
+      end
+	    
+	    # Produces a signed FakeRequest ready to be used when testing any action that requires signing.
+	    def request_signed_by(client, get_params={}, post_params={}, env={}, opts={})
+	      raise RuntimeError, "client #{client.inspect} is not a saved record, has errors #{client.errors.inspect}" if client.new_record?
+	      get_params = {
+	        :oauth_consumer_key=>client.api_key
+	      }.merge(get_params)
+	      # Prepare headers
+        env = {
+          :request_method => "GET",
+          :http_host => "test.fullfat.com", 
+          :request_uri=>"/secrets/"
+	      }.merge(env)
+	      env[:query_string] = get_params.collect{|k,v| "#{k}=#{v}"}.join("&")
+	      # Extras
+	      opts = {
+	        :post_body=>post_params.collect{|k,v| "#{k}=#{v}"}.join("&")
+	      }.merge(opts)
+        
+        unsigned = fake_request(env, opts)        
+        get_params[:oauth_signature] ||= Merb::Parse.escape(unsigned.build_signature)
+        env[:query_string] = get_params.collect{|k,v| "#{k}=#{v}"}.join("&")
+        
+        signed = fake_request(env, opts)
+        #raise RuntimeError, "Request not properly signed. Got: #{signed.uri}?#{signed.params.collect{|k,v|"#{k}=#{v}"}.join("&")}, expected: #{signed.signature_base_string} / #{signed.signature_secret}" unless signed.signed?
+        #signed
+      end
+      
+      # Signs a URL like "/controller/action" with the correct signature to avoid triggering the
+      # ensure_signed filter method.
+      def sign_url_with(client, url, params={})
+        signed = request_signed_by(client, params, {}, {:request_uri=>url, :http_host=>"localhost"})
+        return "#{signed.uri}?#{signed.query_string}"
+      end
+      
+	    # Override for buggy freaking redirect_to assertion in merb 0.9.11.
+      # duplicates syntax of old version, so can be safely removed once
+      # http://merb.lighthouseapp.com/projects/7433-merb/tickets/949-redirect_to-assertion-errors-on-success-under-some-setups
+      # is fixed.
+      def redirect_to(url)
+        simple_matcher("redirect to #{url.inspect}") do |controller, matcher|
+          actual_url = controller.rack_response[1]["Location"]
+          matcher.failure_message = "expected to be redirected to #{url.inspect} but instead was redirected to #{actual_url.inspect}"
+          actual_url == url
+        end
+      end
+	          
+    end
+  end
+end
+
+# this loads all plugins required in your init file so don't add them
+# here again, Merb will do it for you
+#Merb.start_environment(:testing => true, :adapter => 'runner', :environment => ENV['MERB_ENV'] || 'test')
+# Migrate that shit
+DataMapper.auto_migrate!
+# Load fixtures
+require File.join(File.dirname(__FILE__), 'spec_fixtures')
+
+Spec::Runner.configure do |config|
+  config.include(Merb::Test::ViewHelper)
+  config.include(Merb::Test::RouteHelper)
+  config.include(Merb::Test::ControllerHelper)
+  config.include(Merb::Test::SliceHelper)
+end

data/stubs/app/controllers/application.rb

@@ -0,0 +1,2 @@
+class OohAuth::Application < Merb::Controller
+end

data/stubs/app/controllers/main.rb

@@ -0,0 +1,2 @@
+class OohAuth::Main < OohAuth::Application
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification 
+name: danski-ooh-auth
+version: !ruby/object:Gem::Version 
+  version: 0.1.2
+platform: ruby
+authors: 
+- Dan Glegg
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2008-10-22 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: ruby-hmac
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.3.2
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: merb-slices
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.9.10
+    version: 
+description: Merb slice that adds OAuth provider capabilities to any merb-auth application.
+email: dan@angryameoba.co.uk
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- readme.markdown
+- LICENSE
+files: 
+- LICENSE
+- readme.markdown
+- Rakefile
+- lib/ooh-auth
+- lib/ooh-auth/authentication_mixin.rb
+- lib/ooh-auth/controller_mixin.rb
+- lib/ooh-auth/key_generators.rb
+- lib/ooh-auth/merbtasks.rb
+- lib/ooh-auth/request_verification_mixin.rb
+- lib/ooh-auth/slicetasks.rb
+- lib/ooh-auth/spectasks.rb
+- lib/ooh-auth/strategies
+- lib/ooh-auth/strategies/oauth.rb
+- lib/ooh-auth.rb
+- spec/controllers
+- spec/controllers/application_spec.rb
+- spec/controllers/authenticating_clients_spec.rb
+- spec/controllers/tokens_spec.rb
+- spec/merb-auth-slice-fullfat_spec.rb
+- spec/models
+- spec/models/authenticating_client_spec.rb
+- spec/models/oauth_strategy_spec.rb
+- spec/models/request_verification_mixin_spec.rb
+- spec/models/token_spec.rb
+- spec/spec_fixtures.rb
+- spec/spec_helper.rb
+- app/controllers
+- app/controllers/application.rb
+- app/controllers/authenticating_clients.rb
+- app/controllers/tokens.rb
+- app/helpers
+- app/helpers/application_helper.rb
+- app/helpers/authenticating_clients_helper.rb
+- app/helpers/authentications_helper.rb
+- app/models
+- app/models/authenticating_client
+- app/models/authenticating_client/dm_authenticating_client.rb
+- app/models/authenticating_client.rb
+- app/models/token
+- app/models/token/dm_token.rb
+- app/models/token.rb
+- app/views
+- app/views/authenticating_clients
+- app/views/authenticating_clients/_help.html.erb
+- app/views/authenticating_clients/edit.html.erb
+- app/views/authenticating_clients/index.html.erb
+- app/views/authenticating_clients/new.html.erb
+- app/views/authenticating_clients/show.html.erb
+- app/views/layout
+- app/views/layout/ooh_auth.html.erb
+- app/views/tokens
+- app/views/tokens/create.html.erb
+- app/views/tokens/edit.html.erb
+- app/views/tokens/new.html.erb
+- app/views/tokens/show.html.erb
+- public/javascripts
+- public/javascripts/master.js
+- public/stylesheets
+- public/stylesheets/master.css
+- stubs/app
+- stubs/app/controllers
+- stubs/app/controllers/application.rb
+- stubs/app/controllers/main.rb
+has_rdoc: true
+homepage: http://github.com/danski/ooh-auth
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: merb
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Merb Slice that provides RESTful authentication functionality for your application.
+test_files: []
+