devise_oauth2_providable 1.0.5 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -20,10 +20,9 @@ module Devise
20
20
  validates :client, :presence => true
21
21
  validates :token, :presence => true, :uniqueness => true
22
22
 
23
- scope :not_expired, lambda {
23
+ default_scope lambda {
24
24
  where(self.arel_table[:expires_at].gteq(Time.now.utc))
25
25
  }
26
- default_scope not_expired
27
26
 
28
27
  include LocalInstanceMethods
29
28
  end
@@ -55,3 +54,4 @@ module Devise
55
54
  end
56
55
 
57
56
  ActiveRecord::Base.send :include, Devise::Oauth2Providable::ExpirableToken
57
+
@@ -7,8 +7,8 @@ module Devise
7
7
  'authorization_code'
8
8
  end
9
9
 
10
- def authenticate!
11
- if client && code = client.authorization_codes.find_by_token(params[:code])
10
+ def authenticate_grant_type(client)
11
+ if code = client.authorization_codes.find_by_token(params[:code])
12
12
  success! code.user
13
13
  elsif !halted?
14
14
  oauth_error! :invalid_grant, 'invalid authorization code request'
@@ -11,12 +11,21 @@ module Devise
11
11
  def grant_type
12
12
  end
13
13
 
14
- def client
15
- return @client if @client
16
- @client = Devise::Oauth2Providable::Client.find_by_identifier params[:client_id]
17
- env[Devise::Oauth2Providable::CLIENT_ENV_REF] = @client
18
- @client
14
+ # defined by subclass
15
+ def authenticate_grant_type(client)
16
+ end
17
+
18
+ def authenticate!
19
+ client_id, client_secret = request.authorization ? decode_credentials : [params[:client_id], params[:client_secret]]
20
+ client = Devise::Oauth2Providable::Client.find_by_identifier client_id
21
+ if client && client.secret == client_secret
22
+ env[Devise::Oauth2Providable::CLIENT_ENV_REF] = client
23
+ authenticate_grant_type(client)
24
+ else
25
+ oauth_error! :invalid_client, 'invalid client credentials'
26
+ end
19
27
  end
28
+
20
29
  # return custom error response in accordance with the oauth spec
21
30
  # see http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.3
22
31
  def oauth_error!(error_code = :invalid_request, description = nil)
@@ -7,9 +7,9 @@ module Devise
7
7
  'password'
8
8
  end
9
9
 
10
- def authenticate!
10
+ def authenticate_grant_type(client)
11
11
  resource = mapping.to.find_for_authentication(mapping.to.authentication_keys.first => params[:username])
12
- if client && validate(resource) { resource.valid_password?(params[:password]) }
12
+ if validate(resource) { resource.valid_password?(params[:password]) }
13
13
  success! resource
14
14
  elsif !halted?
15
15
  oauth_error! :invalid_grant, 'invalid password authentication request'
@@ -7,8 +7,8 @@ module Devise
7
7
  'refresh_token'
8
8
  end
9
9
 
10
- def authenticate!
11
- if client && refresh_token = client.refresh_tokens.find_by_token(params[:refresh_token])
10
+ def authenticate_grant_type(client)
11
+ if refresh_token = client.refresh_tokens.find_by_token(params[:refresh_token])
12
12
  env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF] = refresh_token
13
13
  success! refresh_token.user
14
14
  elsif !halted?
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module Oauth2Providable
3
- VERSION = "1.0.5"
3
+ VERSION = "1.1.0"
4
4
  end
5
5
  end
@@ -31,6 +31,33 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
31
31
  response.body.should match_json(expected)
32
32
  end
33
33
  end
34
+ context 'with expired authorization_code' do
35
+ with :client
36
+ with :user
37
+ before do
38
+ timenow = 2.days.from_now
39
+ Time.stub!(:now).and_return(timenow)
40
+ @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
41
+ params = {
42
+ :grant_type => 'authorization_code',
43
+ :client_id => client.identifier,
44
+ :client_secret => client.secret,
45
+ :code => @authorization_code.token
46
+ }
47
+ Time.stub!(:now).and_return(timenow + 10.minutes)
48
+
49
+ post '/oauth2/token', params
50
+ end
51
+ it { response.code.to_i.should == 400 }
52
+ it { response.content_type.should == 'application/json' }
53
+ it 'returns json' do
54
+ expected = {
55
+ :error => 'invalid_grant',
56
+ :error_description => 'invalid authorization code request'
57
+ }
58
+ response.body.should match_json(expected)
59
+ end
60
+ end
34
61
  context 'with invalid authorization_code' do
35
62
  with :client
36
63
  with :user
@@ -40,7 +67,7 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
40
67
  :grant_type => 'authorization_code',
41
68
  :client_id => client.identifier,
42
69
  :client_secret => client.secret,
43
- :refresh_token => 'invalid'
70
+ :code => 'invalid'
44
71
  }
45
72
 
46
73
  post '/oauth2/token', params
@@ -48,8 +75,6 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
48
75
  it { response.code.to_i.should == 400 }
49
76
  it { response.content_type.should == 'application/json' }
50
77
  it 'returns json' do
51
- token = Devise::Oauth2Providable::AccessToken.last
52
- refresh_token = @refresh_token
53
78
  expected = {
54
79
  :error => 'invalid_grant',
55
80
  :error_description => 'invalid authorization code request'
@@ -57,6 +82,55 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
57
82
  response.body.should match_json(expected)
58
83
  end
59
84
  end
85
+ context 'with invalid client_secret' do
86
+ with :user
87
+ with :client
88
+ before do
89
+ @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
90
+ params = {
91
+ :grant_type => 'authorization_code',
92
+ :client_id => client.identifier,
93
+ :client_secret => 'invalid',
94
+ :code => @authorization_code.token
95
+ }
96
+
97
+ post '/oauth2/token', params
98
+ end
99
+ it { response.code.to_i.should == 400 }
100
+ it { response.content_type.should == 'application/json' }
101
+ it 'returns json' do
102
+ expected = {
103
+ :error => 'invalid_client',
104
+ :error_description => 'invalid client credentials'
105
+ }
106
+ response.body.should match_json(expected)
107
+ end
108
+ end
109
+ context 'with invalid client_id' do
110
+ with :user
111
+ with :client
112
+ before do
113
+ @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
114
+ params = {
115
+ :grant_type => 'authorization_code',
116
+ :client_id => 'invalid',
117
+ :client_secret => client.secret,
118
+ :code => @authorization_code.token
119
+ }
120
+
121
+ post '/oauth2/token', params
122
+ end
123
+ it { response.code.to_i.should == 400 }
124
+ it { response.content_type.should == 'application/json' }
125
+ it 'returns json' do
126
+ expected = {
127
+ :error => 'invalid_client',
128
+ :error_description => 'invalid client credentials'
129
+ }
130
+ response.body.should match_json(expected)
131
+ end
132
+ end
60
133
  end
61
134
  end
62
135
  end
136
+
@@ -26,7 +26,74 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
26
26
  response.body.should match_json(expected)
27
27
  end
28
28
  end
29
- context 'with invalid params' do
29
+ context 'with valid params and client id/secret in basic auth header' do
30
+ with :client
31
+ before do
32
+ @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
33
+
34
+ params = {
35
+ :grant_type => 'password',
36
+ :username => @user.email,
37
+ :password => 'test'
38
+ }
39
+
40
+ auth_header = ActionController::HttpAuthentication::Basic.encode_credentials client.identifier, client.secret
41
+ post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
42
+ end
43
+ it { response.code.to_i.should == 200 }
44
+ it { response.content_type.should == 'application/json' }
45
+ it 'returns json' do
46
+ puts response.body
47
+ token = Devise::Oauth2Providable::AccessToken.last
48
+ expected = token.token_response
49
+ response.body.should match_json(expected)
50
+ end
51
+ end
52
+ context 'with invalid client id in basic auth header' do
53
+ with :client
54
+ before do
55
+ @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
56
+ params = {
57
+ :grant_type => 'password',
58
+ :username => @user.email,
59
+ :password => 'test'
60
+ }
61
+ auth_header = ActionController::HttpAuthentication::Basic.encode_credentials 'invalid client id', client.secret
62
+ post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
63
+ end
64
+ it { response.code.to_i.should == 400 }
65
+ it { response.content_type.should == 'application/json' }
66
+ it 'returns json' do
67
+ expected = {
68
+ :error_description => "invalid client credentials",
69
+ :error => "invalid_client"
70
+ }
71
+ response.body.should match_json(expected)
72
+ end
73
+ end
74
+ context 'with invalid client secret in basic auth header' do
75
+ with :client
76
+ before do
77
+ @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
78
+ params = {
79
+ :grant_type => 'password',
80
+ :username => @user.email,
81
+ :password => 'test'
82
+ }
83
+ auth_header = ActionController::HttpAuthentication::Basic.encode_credentials client.identifier, 'invalid secret'
84
+ post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
85
+ end
86
+ it { response.code.to_i.should == 400 }
87
+ it { response.content_type.should == 'application/json' }
88
+ it 'returns json' do
89
+ expected = {
90
+ :error_description => "invalid client credentials",
91
+ :error => "invalid_client"
92
+ }
93
+ response.body.should match_json(expected)
94
+ end
95
+ end
96
+ context 'with invalid password' do
30
97
  with :client
31
98
  before do
32
99
  @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
@@ -51,13 +118,39 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
51
118
  response.body.should match_json(expected)
52
119
  end
53
120
  end
54
- context 'with invalid client' do
121
+ context 'with invalid client_id' do
122
+ with :client
55
123
  before do
56
124
  @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
57
125
 
58
126
  params = {
59
127
  :grant_type => 'password',
60
- :client_id => '123',
128
+ :client_id => 'invalid',
129
+ :client_secret => client.secret,
130
+ :username => @user.email,
131
+ :password => 'test'
132
+ }
133
+
134
+ post '/oauth2/token', params
135
+ end
136
+ it { response.code.to_i.should == 400 }
137
+ it { response.content_type.should == 'application/json' }
138
+ it 'returns json' do
139
+ expected = {
140
+ :error_description => "invalid client credentials",
141
+ :error => "invalid_client"
142
+ }
143
+ response.body.should match_json(expected)
144
+ end
145
+ end
146
+ context 'with invalid client_secret' do
147
+ with :client
148
+ before do
149
+ @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
150
+
151
+ params = {
152
+ :grant_type => 'password',
153
+ :client_id => client.identifier,
61
154
  :client_secret => 'invalid',
62
155
  :username => @user.email,
63
156
  :password => 'test'
@@ -69,8 +162,8 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
69
162
  it { response.content_type.should == 'application/json' }
70
163
  it 'returns json' do
71
164
  expected = {
72
- :error_description => "invalid password authentication request",
73
- :error => "invalid_grant"
165
+ :error_description => "invalid client credentials",
166
+ :error => "invalid_client"
74
167
  }
75
168
  response.body.should match_json(expected)
76
169
  end
@@ -78,3 +171,4 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
78
171
  end
79
172
  end
80
173
  end
174
+
@@ -31,6 +31,33 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
31
31
  response.body.should match_json(expected)
32
32
  end
33
33
  end
34
+ context 'with expired refresh_token' do
35
+ with :user
36
+ with :client
37
+ before do
38
+ timenow = 2.days.from_now
39
+ Time.stub!(:now).and_return(timenow)
40
+ @refresh_token = client.refresh_tokens.create! :user => user
41
+ params = {
42
+ :grant_type => 'refresh_token',
43
+ :client_id => client.identifier,
44
+ :client_secret => client.secret,
45
+ :refresh_token => @refresh_token.token
46
+ }
47
+ Time.stub!(:now).and_return(timenow + 2.months)
48
+
49
+ post '/oauth2/token', params
50
+ end
51
+ it { response.code.to_i.should == 400 }
52
+ it { response.content_type.should == 'application/json' }
53
+ it 'returns json' do
54
+ expected = {
55
+ :error => 'invalid_grant',
56
+ :error_description => 'invalid refresh token'
57
+ }
58
+ response.body.should match_json(expected)
59
+ end
60
+ end
34
61
  context 'with invalid refresh_token' do
35
62
  with :user
36
63
  with :client
@@ -74,11 +101,9 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
74
101
  it { response.code.to_i.should == 400 }
75
102
  it { response.content_type.should == 'application/json' }
76
103
  it 'returns json' do
77
- token = Devise::Oauth2Providable::AccessToken.last
78
- refresh_token = @refresh_token
79
104
  expected = {
80
- :error => 'invalid_grant',
81
- :error_description => 'invalid refresh token'
105
+ :error => 'invalid_client',
106
+ :error_description => 'invalid client credentials'
82
107
  }
83
108
  response.body.should match_json(expected)
84
109
  end
@@ -91,7 +116,7 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
91
116
  params = {
92
117
  :grant_type => 'refresh_token',
93
118
  :client_id => client.identifier,
94
- :client_secret => client.secret,
119
+ :client_secret => 'invalid',
95
120
  :refresh_token => @refresh_token.token
96
121
  }
97
122
 
@@ -100,11 +125,9 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
100
125
  it { response.code.to_i.should == 400 }
101
126
  it { response.content_type.should == 'application/json' }
102
127
  it 'returns json' do
103
- token = Devise::Oauth2Providable::AccessToken.last
104
- refresh_token = @refresh_token
105
128
  expected = {
106
- :error => 'invalid_grant',
107
- :error_description => 'invalid refresh token'
129
+ :error => 'invalid_client',
130
+ :error_description => 'invalid client credentials'
108
131
  }
109
132
  response.body.should match_json(expected)
110
133
  end
@@ -112,3 +135,4 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
112
135
  end
113
136
  end
114
137
  end
138
+
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_oauth2_providable
3
3
  version: !ruby/object:Gem::Version
4
- hash: 29
4
+ hash: 19
5
5
  prerelease:
6
6
  segments:
7
7
  - 1
8
+ - 1
8
9
  - 0
9
- - 5
10
- version: 1.0.5
10
+ version: 1.1.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Ryan Sonnek
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-01-20 00:00:00 Z
18
+ date: 2012-02-18 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  version_requirements: &id001 !ruby/object:Gem::Requirement