devise_oauth2_providable 1.0.3 → 1.0.4

data/Rakefile

@@ -1,11 +1,5 @@
-require 'bundler'
-Bundler::GemHelper.install_tasks
+require "bundler/gem_tasks"
 
-begin
-  require 'bundler/setup'
-rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
 APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
 load 'rails/tasks/engine.rake'
 

data/app/controllers/devise/oauth2_providable/authorizations_controller.rb

@@ -32,15 +32,15 @@ module Devise
       def authorize_endpoint(allow_approval = false)
         Rack::OAuth2::Server::Authorize.new do |req, res|
           @client = Client.find_by_identifier(req.client_id) || req.bad_request!
-          res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri)
+          res.redirect_uri, @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri)
           if allow_approval
             if params[:approve].present?
               case req.response_type
               when :code
-                authorization_code = current_user.authorization_codes.create(:client => @client, :redirect_uri => @redirect_uri)
+                authorization_code = current_user.authorization_codes.create!(:client => @client)
                 res.code = authorization_code.token
               when :token
-                access_token = current_user.access_tokens.create(:client => @client).token
+                access_token = current_user.access_tokens.create!(:client => @client).token
                 bearer_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token)
                 res.access_token = bearer_token
                 res.uid = current_user.id

data/app/models/devise/oauth2_providable/authorization_code.rb

@@ -1,10 +1,3 @@
 class Devise::Oauth2Providable::AuthorizationCode < ActiveRecord::Base
   expires_according_to :authorization_code_expires_in
-
-  def access_token
-    @access_token ||= expired! && user.access_tokens.create(:client => client)
-  end
-  def valid_request?(req)
-    self.redirect_uri == req.redirect_uri
-  end
 end

data/db/migrate/20111014160714_create_devise_oauth2_providable_schema.rb

@@ -42,7 +42,6 @@ class CreateDeviseOauth2ProvidableSchema < ActiveRecord::Migration
       t.belongs_to :user, :client
       t.string :token
       t.datetime :expires_at
-      t.string :redirect_uri
       t.timestamps
     end
     change_table :oauth2_authorization_codes do |t|

data/lib/devise/oauth2_providable/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module Oauth2Providable
-    VERSION = "1.0.3"
+    VERSION = "1.0.4"
   end
 end

data/spec/controllers/authorizations_controller_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe Devise::Oauth2Providable::AuthorizationsController do
+  describe 'GET #new' do
+    with :user
+    with :client
+    before do
+      sign_in user
+      get :new, :client_id => client.identifier, :redirect_uri => client.redirect_uri, :response_type => 'code', :use_route => 'devise_oauth2_providable'
+    end
+    it { should respond_with :ok }
+    it { should respond_with_content_type :html }
+    it { should assign_to(:redirect_uri) }
+    it { should assign_to(:response_type) }
+  end
+end

data/spec/controllers/protected_controller_spec.rb

@@ -4,9 +4,9 @@ describe ProtectedController do
 
   describe 'get :index' do
     with :client
+    with :user
     before do
-      @user = User.create! :email => 'foo@example.com'
-      @token = Devise::Oauth2Providable::AccessToken.create! :client => client, :user => @user
+      @token = Devise::Oauth2Providable::AccessToken.create! :client => client, :user => user
     end
     context 'with valid bearer token in header' do
       before do

data/spec/factories/user_factory.rb

@@ -0,0 +1,4 @@
+Factory.define :user do |f|
+  f.email 'ryan@socialcast.com'
+  f.password 'test'
+end

data/spec/integration/oauth2_authorization_token_grant_type_strategy_spec.rb

@@ -3,11 +3,11 @@ require 'spec_helper'
 describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
   describe 'POST /oauth2/token' do
     describe 'with grant_type=authorization_code' do
-      with :client
       context 'with valid params' do
+        with :client
+        with :user
         before do
-          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
-          @authorization_code = @user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
+          @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
           params = {
             :grant_type => 'authorization_code',
             :client_id => client.identifier,
@@ -33,9 +33,9 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
       end
       context 'with invalid authorization_code' do
         with :client
+        with :user
         before do
-          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
-          @authorization_code = @user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
+          @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
           params = {
             :grant_type => 'authorization_code',
             :client_id => client.identifier,

data/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb

@@ -5,9 +5,9 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
     describe 'with grant_type=refresh_token' do
       context 'with valid params' do
         with :client
+        with :user
         before do
-          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
-          @refresh_token = client.refresh_tokens.create! :user => @user
+          @refresh_token = client.refresh_tokens.create! :user => user
           params = {
             :grant_type => 'refresh_token',
             :client_id => client.identifier,
@@ -32,10 +32,10 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
         end
       end
       context 'with invalid refresh_token' do
+        with :user
+        with :client
         before do
-          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
-          client = Devise::Oauth2Providable::Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
-          @refresh_token = client.refresh_tokens.create! :user => @user
+          @refresh_token = client.refresh_tokens.create! :user => user
           params = {
             :grant_type => 'refresh_token',
             :client_id => client.identifier,
@@ -57,6 +57,58 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
           response.body.should match_json(expected)
         end
       end
+      context 'with invalid client_id' do
+        with :user
+        with :client
+        before do
+          @refresh_token = client.refresh_tokens.create! :user => user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => 'invalid',
+            :client_secret => client.secret,
+            :refresh_token => @refresh_token.token
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = Devise::Oauth2Providable::AccessToken.last
+          refresh_token = @refresh_token
+          expected = {
+            :error => 'invalid_grant',
+            :error_description => 'invalid refresh token'
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client_secret' do
+        with :user
+        with :client
+        before do
+          @refresh_token = client.refresh_tokens.create! :user => user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => client.identifier,
+            :client_secret => client.secret,
+            :refresh_token => @refresh_token.token
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = Devise::Oauth2Providable::AccessToken.last
+          refresh_token = @refresh_token
+          expected = {
+            :error => 'invalid_grant',
+            :error_description => 'invalid refresh token'
+          }
+          response.body.should match_json(expected)
+        end
+      end
     end
   end
 end

data/spec/routing/authorizations_routing_spec.rb

@@ -1,15 +1,19 @@
 require 'spec_helper'
 
 describe Devise::Oauth2Providable::AuthorizationsController do
+  before :all do
+    Devise::Oauth2Providable::Engine.load_engine_routes
+  end
   describe 'routing' do
     it 'routes POST /oauth2/authorizations' do
-      {:post => '/oauth2/authorizations'}.should route_to(:controller => 'oauth2/authorizations', :action => 'create')
+      post('/oauth2/authorizations').should route_to('devise/oauth2_providable/authorizations#create')
     end
     it 'routes GET /oauth2/authorize' do
-      {:get => '/oauth2/authorize'}.should route_to(:controller => 'oauth2/authorizations', :action => 'new')
+      get('/oauth2/authorize').should route_to('devise/oauth2_providable/authorizations#new')
     end
     it 'routes POST /oauth2/authorize' do
-      {:post => '/oauth2/authorize'}.should route_to(:controller => 'oauth2/authorizations', :action => 'new')
+      #FIXME: this is valid, but the route is not being loaded into the test
+      post('/oauth2/authorize').should route_to('devise/oauth2_providable/authorizations#new')
     end
   end
 end

data/spec/routing/tokens_routing_spec.rb

@@ -1,9 +1,12 @@
 require 'spec_helper'
 
 describe Devise::Oauth2Providable::TokensController do
+  before :all do
+    Devise::Oauth2Providable::Engine.load_engine_routes
+  end
   describe 'routing' do
     it 'routes POST /oauth2/token' do
-      {:post => '/oauth2/token'}.should route_to(:controller => 'oauth2/tokens', :action => 'create')
+      post('/oauth2/token').should route_to('devise/oauth2_providable/tokens#create')
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,15 +1,13 @@
 # Configure Rails Envinronment
 ENV["RAILS_ENV"] = "test"
-require File.expand_path("../dummy/config/environment.rb",  __FILE__)
+spec_root = File.expand_path('..', __FILE__)
+require File.expand_path("dummy/config/environment.rb",  spec_root)
 
 require 'pry'
 require 'rspec/rails'
 require 'shoulda-matchers'
-
 require 'factory_girl_rspec'
-FactoryGirl.definition_file_paths = [
-    File.join(File.dirname(__FILE__), 'factories')
-]
+FactoryGirl.definition_file_paths = [File.join(spec_root, 'factories')]
 FactoryGirl.find_definitions
 
 ENGINE_RAILS_ROOT=File.join(File.dirname(__FILE__), '../')
@@ -27,3 +25,5 @@ RSpec.configure do |config|
   # see http://stackoverflow.com/questions/4401539/rspec-2-how-to-render-views-by-default-for-all-controller-specs
   config.render_views
 end
+
+ActiveRecord::Migrator.migrate(File.expand_path("dummy/db/migrate/", spec_root))

data/spec/support/inject_engine_routes_into_application.rb

@@ -0,0 +1,74 @@
+# see http://www.builtfromsource.com/2011/09/21/testing-routes-with-rails-3-1-engines/
+module Devise
+  module Oauth2Providable
+    module EngineHacks
+      ##
+      # Automatically append all of the current engine's routes to the main
+      # application's route set. This needs to be done for ALL functional tests that
+      # use engine routes, since the mounted routes don't work during tests.
+      #
+      # @param [Symbol] engine_symbol Optional; if provided, uses this symbol to
+      #   locate the engine class by name, otherwise uses the module of the calling
+      #   test case as the presumed name of the engine.
+      # 
+      # @author Jason Hamilton (jhamilton@greatherorift.com)
+      # @author Matthew Ratzloff (matt@urbaninfluence.com)
+      def load_engine_routes(engine_symbol = nil)
+        if engine_symbol
+          engine_name = engine_symbol.to_s.camelize
+        else
+          # No engine provided, so presume the current engine is the one to load
+          engine_name = self.class.name.split("::").first.split("(").last
+        end
+        engine = ("#{engine_name}::Engine").constantize
+
+        engine_name = 'oauth2'
+        engine = Devise::Oauth2Providable::Engine
+        named_routes   = engine.routes.named_routes.routes
+        resourced_routes = []
+
+        # Append the routes for this module to the existing routes
+        # ::Rails.application.routes.disable_clear_and_finalize = true
+        # ::Rails.application.routes.clear!
+        # ::Rails.application.routes_reloader.paths.each { |path| load(path) }
+        ::Rails.application.routes.draw do
+
+          # unnamed_routes = engine.routes.routes - named_routes.values
+
+          engine.routes.routes.each do |route|
+            # Call the method by hand based on the symbol
+            path = "/#{engine_name.underscore}#{route.path}"
+            requirements = route.requirements
+            if path_helper = named_routes[route]
+              requirements[:as] = path_helper
+            elsif route.requirements[:controller].present?
+              # Presume that all controllers referenced in routes should also be
+              # resources and append that routing on the end so that *_path helpers
+              # will still work
+              resourced_routes << route.requirements[:controller].gsub("#{engine_name.downcase}/", "").to_sym
+            end
+
+            verb = (route.verb.blank? ? "GET" : route.verb).downcase.to_sym
+            send(verb, path, requirements) if respond_to?(verb)
+          end
+  
+          # Add each route, once, to the end under a scope to trick path helpers.
+          # This will probably break as soon as there is route name overlap, but
+          # we'll cross that bridge when we get to it.
+          # resourced_routes.uniq!
+          # scope engine_name.downcase do
+          #   resourced_routes.each do |resource|
+          #     resources resource
+          #   end
+          # end
+        end
+
+        # Finalize the routes
+        ::Rails.application.routes.finalize!
+        ::Rails.application.routes.disable_clear_and_finalize = false
+      end
+    end
+  end
+end
+
+Rails::Engine.send(:include, Devise::Oauth2Providable::EngineHacks)

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_oauth2_providable
 version: !ruby/object:Gem::Version 
-  hash: 17
+  hash: 31
   prerelease: 
   segments: 
   - 1
   - 0
-  - 3
-  version: 1.0.3
+  - 4
+  version: 1.0.4
 platform: ruby
 authors: 
 - Ryan Sonnek
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-10-28 00:00:00 Z
+date: 2011-12-05 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rails
@@ -175,7 +175,6 @@ extra_rdoc_files: []
 
 files: 
 - .gitignore
-- .rspec
 - .rvmrc
 - CONTRIBUTORS.txt
 - Gemfile
@@ -208,6 +207,7 @@ files:
 - lib/devise/oauth2_providable/version.rb
 - lib/devise_oauth2_providable.rb
 - script/rails
+- spec/controllers/authorizations_controller_spec.rb
 - spec/controllers/protected_controller_spec.rb
 - spec/dummy/Rakefile
 - spec/dummy/app/assets/javascripts/application.js
@@ -248,6 +248,7 @@ files:
 - spec/dummy/public/favicon.ico
 - spec/dummy/script/rails
 - spec/factories/client_factory.rb
+- spec/factories/user_factory.rb
 - spec/integration/oauth2_authorization_token_grant_type_strategy_spec.rb
 - spec/integration/oauth2_password_grant_type_strategy_spec.rb
 - spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb
@@ -259,8 +260,8 @@ files:
 - spec/models/user_spec.rb
 - spec/routing/authorizations_routing_spec.rb
 - spec/routing/tokens_routing_spec.rb
-- spec/setup_database.rb
 - spec/spec_helper.rb
+- spec/support/inject_engine_routes_into_application.rb
 - spec/support/match_json.rb
 homepage: ""
 licenses: []
@@ -296,6 +297,7 @@ signing_key:
 specification_version: 3
 summary: OAuth2 Provider for Rails3 applications
 test_files: 
+- spec/controllers/authorizations_controller_spec.rb
 - spec/controllers/protected_controller_spec.rb
 - spec/dummy/Rakefile
 - spec/dummy/app/assets/javascripts/application.js
@@ -336,6 +338,7 @@ test_files:
 - spec/dummy/public/favicon.ico
 - spec/dummy/script/rails
 - spec/factories/client_factory.rb
+- spec/factories/user_factory.rb
 - spec/integration/oauth2_authorization_token_grant_type_strategy_spec.rb
 - spec/integration/oauth2_password_grant_type_strategy_spec.rb
 - spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb
@@ -347,6 +350,6 @@ test_files:
 - spec/models/user_spec.rb
 - spec/routing/authorizations_routing_spec.rb
 - spec/routing/tokens_routing_spec.rb
-- spec/setup_database.rb
 - spec/spec_helper.rb
+- spec/support/inject_engine_routes_into_application.rb
 - spec/support/match_json.rb

data/.rspec

@@ -1,3 +0,0 @@
---colour
---format documentation
---backtrace

data/spec/setup_database.rb

@@ -1,7 +0,0 @@
-config = YAML::load(IO.read(File.dirname(__FILE__) + '/database.yml'))
-ActiveRecord::Base.logger = Logger.new(File.dirname(__FILE__) + "/debug.log")
-ActiveRecord::Base.establish_connection(config[ENV['DB'] || 'sqlite'])
-
-ActiveRecord::Schema.define(:version => 1) do
-
-end