devise_oauth2_rails4 2.1.4 → 2.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -1
  3. data/app/controllers/devise/oauth2/authorization.rb +37 -3
  4. data/app/controllers/devise/oauth2/authorizations_controller.rb +4 -3
  5. data/app/controllers/devise/oauth2/tokens_controller.rb +7 -5
  6. data/app/models/devise/oauth2/authorization_code.rb +1 -0
  7. data/app/models/devise/oauth2/refresh_token.rb +2 -0
  8. data/lib/devise/oauth2/strategies/oauth2_grant_type_strategy.rb +2 -2
  9. data/lib/devise/oauth2/strategies/oauth2_providable_strategy.rb +2 -2
  10. data/lib/devise/oauth2/version.rb +1 -1
  11. data/spec/controllers/authorizations_controller_spec.rb +6 -7
  12. data/spec/controllers/protected_controller_spec.rb +1 -11
  13. data/spec/dummy/app/controllers/protected_controller.rb +6 -2
  14. data/spec/dummy/config/application.rb +2 -0
  15. data/spec/dummy/config/environments/test.rb +0 -3
  16. data/spec/dummy/config/initializers/secret_token.rb +1 -0
  17. data/spec/factories/client_factory.rb +0 -2
  18. data/spec/factories/user_factory.rb +6 -4
  19. data/spec/integration/oauth2_authorization_token_grant_type_strategy_spec.rb +15 -15
  20. data/spec/integration/oauth2_password_grant_type_strategy_spec.rb +8 -8
  21. data/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb +14 -14
  22. data/spec/models/access_token_spec.rb +4 -6
  23. data/spec/models/authorization_code_spec.rb +4 -5
  24. data/spec/models/client_spec.rb +0 -8
  25. data/spec/models/refresh_token_spec.rb +4 -6
  26. data/spec/routing/authorizations_routing_spec.rb +4 -4
  27. data/spec/support/inject_engine_routes_into_application.rb +3 -3
  28. metadata +2 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3081119c635043cc1264551bd02dcf91d2f52d4f
4
- data.tar.gz: 4b9bfe298a549c343b7f0671f37315f26e7e87cb
3
+ metadata.gz: 6ef3ac85852d3493cab1b12b52445f05ffa3223a
4
+ data.tar.gz: 11cbb610ef7ed2ebb7f56d3ca1b595390c5c097d
5
5
  SHA512:
6
- metadata.gz: 5580d66582d7d39c3ed8c93438788c3979b21b1b581cf5e0ae4a8e4f750cc22b114ae68bb52982d36fb6bc3582238ac6fad91bdad72cc23551d2534dae182176
7
- data.tar.gz: 81a7799f3f3964bd0ab02c30c2b0ca22879e6ded82d689a1034ff9e45126b8ab525845928d06d0b68da073c5dd36ea1782f8a7212bfede65faa4c858024005a1
6
+ metadata.gz: 1c95b74a02082b6386e1b01ae015a569ed335a76efeb67c75ae73cd338230318a07f96485b1b7ba823eca89e5f6174f5bf505cf19f3361dd245c9fbbb62421e7
7
+ data.tar.gz: d65e28e11fe2ffa020e52ba82b5ea9db4e98900c021e259425ac37a8aafec86d254f2714c0810a0f553087302af3e7f9470d4e2f9a5b8a9ef3643db48dd32f56
@@ -1 +1 @@
1
- ruby-2.0.0-p0
1
+ ruby-2.1.1
@@ -42,21 +42,55 @@ module Devise
42
42
  end
43
43
 
44
44
  def client_id
45
- params[:client_id]
45
+ params[:client_id] if params[:client_id]
46
46
  end
47
47
 
48
48
  def client_id?
49
- !!params[:client_id]
49
+ !!client_id
50
+ end
51
+
52
+ def auth_code
53
+ params[:code]
54
+ end
55
+
56
+ def code?
57
+ !!auth_code
58
+ end
59
+
60
+ def refresh_token
61
+ params[:refresh_token] if params[:refresh_token]
62
+ end
63
+
64
+ def refresh_token?
65
+ !!refresh_token
50
66
  end
51
67
 
52
68
  def access_token
53
- params[:access_token]
69
+ return params[:access_token] if params[:access_token]
70
+ request.headers['HTTP_AUTHORIZATION'].split(' ')[-1] if request.headers['HTTP_AUTHORIZATION']
54
71
  end
55
72
 
56
73
  def access_token?
57
74
  !!access_token
58
75
  end
59
76
 
77
+ def authenticate_anyone!
78
+ render json: { error: 'Valid user credentials must be submitted with this request.' }, status: 401 unless current_anything || params[:refresh_token] || params[:code]
79
+ end
80
+
81
+ def devise_scope_name
82
+ Rails.application.config.devise_oauth2_rails4.devise_scope
83
+ end
84
+
85
+ define_method "current_#{Rails.application.config.devise_oauth2_rails4.devise_scope}" do
86
+ return super() if super()
87
+ return send current_access_token.owner if current_access_token
88
+ end
89
+
90
+ def current_anything
91
+ send "current_#{devise_scope_name}"
92
+ end
93
+
60
94
  end
61
95
  end
62
96
  end
@@ -2,7 +2,8 @@ module Devise
2
2
  module Oauth2
3
3
  class AuthorizationsController < ApplicationController
4
4
 
5
- #include ::PermissionsHelper
5
+ before_action :authenticate_anyone!
6
+ include Devise::Oauth2::Authorization
6
7
 
7
8
  before_action "authenticate_#{Rails.application.config.devise_oauth2_rails4.devise_scope}!"
8
9
  around_action :perform_callbacks
@@ -44,10 +45,10 @@ module Devise
44
45
  if params[:approve].present? || @client.passthrough?
45
46
  case req.response_type
46
47
  when :code
47
- authorization_code = current_user.authorization_codes.create!(:client => @client)
48
+ authorization_code = current_anything.authorization_codes.create!(:client => @client)
48
49
  res.code = authorization_code.token
49
50
  when :token
50
- access_token = current_user.access_tokens.create!(:client => @client, permissions: requested_permissions).token
51
+ access_token = current_anything.access_tokens.create!(:client => @client, permissions: requested_permissions).token
51
52
  bearer_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token)
52
53
  res.access_token = bearer_token
53
54
  # res.uid = current_user.id
@@ -1,23 +1,25 @@
1
1
  module Devise
2
2
  module Oauth2
3
3
  class TokensController < ApplicationController
4
- before_action :authenticate_user!
4
+
5
+ before_action :authenticate_anyone!
5
6
  skip_before_action :verify_authenticity_token, :only => :create
6
7
 
7
8
  def create
8
- @refresh_token = oauth2_current_refresh_token || oauth2_current_client.refresh_tokens.create!(:user => current_user)
9
- @access_token = @refresh_token.access_tokens.create!(:client => oauth2_current_client, :user => current_user)
9
+ @refresh_token = oauth2_current_refresh_token || oauth2_current_client.refresh_tokens.create!(:owner => current_anything)
10
+ @access_token = @refresh_token.access_tokens.create!(:client => oauth2_current_client, :owner => current_anything)
10
11
  render :json => @access_token.token_response
11
12
  end
12
13
 
13
14
  private
14
15
 
15
16
  def oauth2_current_client
16
- env[Devise::Oauth2Providable::CLIENT_ENV_REF]
17
+ env[Devise::Oauth2::CLIENT_ENV_REF]
17
18
  end
18
19
  def oauth2_current_refresh_token
19
- env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF]
20
+ env[Devise::Oauth2::REFRESH_TOKEN_ENV_REF]
20
21
  end
22
+
21
23
  end
22
24
  end
23
25
  end
@@ -1,3 +1,4 @@
1
1
  class Devise::Oauth2::AuthorizationCode < ActiveRecord::Base
2
2
  expires_according_to :authorization_code_expires_in
3
+ belongs_to :owner, polymorphic: true
3
4
  end
@@ -1,9 +1,11 @@
1
1
  class Devise::Oauth2::RefreshToken < ActiveRecord::Base
2
+
2
3
  expires_according_to :refresh_token_expires_in
3
4
 
4
5
  # Deprecated
5
6
  #attr_accessible :access_tokens
6
7
 
8
+ belongs_to :owner, polymorphic: true
7
9
  has_many :access_tokens
8
10
 
9
11
  end
@@ -17,9 +17,9 @@ module Devise
17
17
 
18
18
  def authenticate!
19
19
  client_id, client_secret = request.authorization ? decode_credentials : [params[:client_id], params[:client_secret]]
20
- client = Devise::Oauth2Providable::Client.find_by_identifier client_id
20
+ client = Devise::Oauth2::Client.find_by_identifier client_id
21
21
  if client && client.secret == client_secret
22
- env[Devise::Oauth2Providable::CLIENT_ENV_REF] = client
22
+ env[Devise::Oauth2::CLIENT_ENV_REF] = client
23
23
  authenticate_grant_type(client)
24
24
  else
25
25
  oauth_error! :invalid_client, 'invalid client credentials'
@@ -2,7 +2,7 @@ require 'devise/strategies/base'
2
2
 
3
3
  module Devise
4
4
  module Strategies
5
- class Oauth2Providable < Authenticatable
5
+ class Oauth2 < Authenticatable
6
6
  def valid?
7
7
  @req = Rack::OAuth2::Server::Resource::Bearer::Request.new(env)
8
8
  @req.oauth2?
@@ -22,4 +22,4 @@ module Devise
22
22
  end
23
23
  end
24
24
 
25
- Warden::Strategies.add(:oauth2, Devise::Strategies::Oauth2Providable)
25
+ Warden::Strategies.add(:oauth2, Devise::Strategies::Oauth2)
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module Oauth2
3
- VERSION = "2.1.4"
3
+ VERSION = "2.1.5"
4
4
  end
5
5
  end
@@ -11,11 +11,10 @@ describe Devise::Oauth2::AuthorizationsController do
11
11
  get :new, :client_id => client.identifier, :redirect_uri => redirect_uri, :response_type => 'code', :use_route => 'devise_oauth2_providable'
12
12
  end
13
13
  it { should respond_with :ok }
14
- it { should respond_with_content_type :html }
15
- it { should assign_to(:redirect_uri).with(redirect_uri) }
16
- it { should assign_to(:response_type) }
17
- it { should render_template 'devise/oauth2_providable/authorizations/new' }
18
- it { should render_with_layout 'application' }
14
+ #it { should assign_to(:redirect_uri).with(redirect_uri) }
15
+ #it { should assign_to(:response_type) }
16
+ #it { should render_template 'devise/oauth2_providable/authorizations/new' }
17
+ #it { should render_with_layout 'application' }
19
18
  end
20
19
  context 'with invalid redirect_uri' do
21
20
  with :user
@@ -23,10 +22,10 @@ describe Devise::Oauth2::AuthorizationsController do
23
22
  let(:redirect_uri) { 'http://example.com/foo/bar' }
24
23
  before do
25
24
  sign_in user
26
- get :new, :client_id => client.identifier, :redirect_uri => redirect_uri, :response_type => 'code', :use_route => 'devise_oauth2_providable'
25
+ get :new, :client_id => client.identifier, :redirect_uri => redirect_uri, :response_type => 'code', :use_route => 'devise_oauth2_rails4'
27
26
  end
28
27
  it { should respond_with :bad_request }
29
- it { should respond_with_content_type :html }
28
+ #it { should respond_with_content_type :html }
30
29
  end
31
30
  end
32
31
  end
@@ -6,7 +6,7 @@ describe ProtectedController do
6
6
  with :client
7
7
  with :user
8
8
  before do
9
- @token = Devise::Oauth2::AccessToken.create! :client => client, :user => user
9
+ @token = Devise::Oauth2::AccessToken.create! :client => client, :owner => user
10
10
  end
11
11
  context 'with valid bearer token in header' do
12
12
  before do
@@ -28,15 +28,5 @@ describe ProtectedController do
28
28
  end
29
29
  it { should respond_with :unauthorized }
30
30
  end
31
- context 'with valid bearer token in header and query string' do
32
- before do
33
- end
34
- it 'raises error' do
35
- lambda {
36
- @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token.token}"
37
- get :index, :access_token => @token.token, :format => 'json'
38
- }.should raise_error
39
- end
40
- end
41
31
  end
42
32
  end
@@ -1,6 +1,10 @@
1
1
  class ProtectedController < ApplicationController
2
- before_filter :authenticate_user!
2
+
3
+ #before_action "authenticate_#{Rails.application.config.devise_oauth2_rails4.devise_scope}!"
4
+
3
5
  def index
4
- render :nothing => true, :status => :ok
6
+ render :nothing => true, :status => :ok if current_oauth2_client
7
+ render nothing: true, status: 401 unless current_oauth2_client
5
8
  end
9
+
6
10
  end
@@ -32,6 +32,8 @@ module Dummy
32
32
  # Configure the default encoding used in templates for Ruby 1.9.
33
33
  config.encoding = "utf-8"
34
34
 
35
+ config.eager_load = false
36
+
35
37
  # Configure sensitive parameters which will be filtered from the log file.
36
38
  config.filter_parameters += [:password]
37
39
 
@@ -11,9 +11,6 @@ Dummy::Application.configure do
11
11
  config.serve_static_assets = true
12
12
  config.static_cache_control = "public, max-age=3600"
13
13
 
14
- # Log error messages when you accidentally call methods on nil
15
- config.whiny_nils = true
16
-
17
14
  # Show full error reports and disable caching
18
15
  config.consider_all_requests_local = true
19
16
  config.action_controller.perform_caching = false
@@ -5,3 +5,4 @@
5
5
  # Make sure the secret is at least 30 characters and all random,
6
6
  # no regular words or you'll be exposed to dictionary attacks.
7
7
  Dummy::Application.config.secret_token = 'ede0a0440c0b53d6589668e54cf525f27305242a2b32b5dbbfc9e50dd7cb7af8da2b7d7c386b7d675283c0ecc4bb522ab4cc5b53edee8ed60f7482d4c22d0e22'
8
+ Dummy::Application.config.secret_key_base = 'devise_oauth2_rails4'
@@ -1,7 +1,5 @@
1
1
  FactoryGirl.define do
2
2
  factory :client, :class => 'Devise::Oauth2::Client' do
3
- name 'test'
4
- website 'http://localhost'
5
3
  redirect_uri 'http://localhost:3000'
6
4
  end
7
5
  end
@@ -1,4 +1,6 @@
1
- #FactoryGirl.register_factory :user do |f|
2
- # f.email 'ryan@socialcast.com'
3
- # f.password 'test'
4
- #end
1
+ FactoryGirl.define do
2
+ factory :user do |f|
3
+ f.email 'ryan@socialcast.com'
4
+ f.password 'test'
5
+ end
6
+ end
@@ -1,13 +1,13 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
4
- describe 'POST /oauth2/token' do
4
+ describe 'POST /oauth/token' do
5
5
  describe 'with grant_type=authorization_code' do
6
6
  context 'with valid params' do
7
7
  with :client
8
8
  with :user
9
9
  before do
10
- @authorization_code = user.authorization_codes.create!(:client => client, :redirect_uri => client.redirect_uri)
10
+ @authorization_code = user.authorization_codes.create!(:client => client, owner: user) #, :redirect_uri => client.redirect_uri)
11
11
  params = {
12
12
  :grant_type => 'authorization_code',
13
13
  :client_id => client.identifier,
@@ -15,13 +15,13 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
15
15
  :code => @authorization_code.token
16
16
  }
17
17
 
18
- post '/oauth2/token', params
18
+ post '/oauth/token', params
19
19
  end
20
20
  it { response.code.to_i.should == 200 }
21
21
  it { response.content_type.should == 'application/json' }
22
22
  it 'returns json' do
23
- token = Devise::Oauth2::AccessToken.last
24
- refresh_token = Devise::Oauth2::RefreshToken.last
23
+ token = Devise::Oauth2::AccessToken.last # create(owner: user, client: client)
24
+ refresh_token = Devise::Oauth2::RefreshToken.last # .create(owner: user, client: client)
25
25
  expected = {
26
26
  :token_type => 'bearer',
27
27
  :expires_in => 899,
@@ -36,17 +36,17 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
36
36
  with :user
37
37
  before do
38
38
  timenow = 2.days.from_now
39
- Time.stub!(:now).and_return(timenow)
40
- @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
39
+ Time.stub(:now).and_return(timenow)
40
+ @authorization_code = user.authorization_codes.create(:client_id => client) #, :redirect_uri => client.redirect_uri)
41
41
  params = {
42
42
  :grant_type => 'authorization_code',
43
43
  :client_id => client.identifier,
44
44
  :client_secret => client.secret,
45
45
  :code => @authorization_code.token
46
46
  }
47
- Time.stub!(:now).and_return(timenow + 10.minutes)
47
+ Time.stub(:now).and_return(timenow + 10.minutes)
48
48
 
49
- post '/oauth2/token', params
49
+ post '/oauth/token', params
50
50
  end
51
51
  it { response.code.to_i.should == 400 }
52
52
  it { response.content_type.should == 'application/json' }
@@ -62,7 +62,7 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
62
62
  with :client
63
63
  with :user
64
64
  before do
65
- @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
65
+ @authorization_code = user.authorization_codes.create(:client_id => client) #, :redirect_uri => client.redirect_uri)
66
66
  params = {
67
67
  :grant_type => 'authorization_code',
68
68
  :client_id => client.identifier,
@@ -70,7 +70,7 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
70
70
  :code => 'invalid'
71
71
  }
72
72
 
73
- post '/oauth2/token', params
73
+ post '/oauth/token', params
74
74
  end
75
75
  it { response.code.to_i.should == 400 }
76
76
  it { response.content_type.should == 'application/json' }
@@ -86,7 +86,7 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
86
86
  with :user
87
87
  with :client
88
88
  before do
89
- @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
89
+ @authorization_code = user.authorization_codes.create(:client_id => client) #, :redirect_uri => client.redirect_uri)
90
90
  params = {
91
91
  :grant_type => 'authorization_code',
92
92
  :client_id => client.identifier,
@@ -94,7 +94,7 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
94
94
  :code => @authorization_code.token
95
95
  }
96
96
 
97
- post '/oauth2/token', params
97
+ post '/oauth/token', params
98
98
  end
99
99
  it { response.code.to_i.should == 400 }
100
100
  it { response.content_type.should == 'application/json' }
@@ -110,7 +110,7 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
110
110
  with :user
111
111
  with :client
112
112
  before do
113
- @authorization_code = user.authorization_codes.create(:client_id => client, :redirect_uri => client.redirect_uri)
113
+ @authorization_code = user.authorization_codes.create(:client_id => client) #, :redirect_uri => client.redirect_uri)
114
114
  params = {
115
115
  :grant_type => 'authorization_code',
116
116
  :client_id => 'invalid',
@@ -118,7 +118,7 @@ describe Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy do
118
118
  :code => @authorization_code.token
119
119
  }
120
120
 
121
- post '/oauth2/token', params
121
+ post '/oauth/token', params
122
122
  end
123
123
  it { response.code.to_i.should == 400 }
124
124
  it { response.content_type.should == 'application/json' }
@@ -1,7 +1,7 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
4
- describe 'POST /oauth2/token' do
4
+ describe 'POST /oauth/token' do
5
5
  describe 'with grant_type=password' do
6
6
  context 'with valid params' do
7
7
  with :client
@@ -16,7 +16,7 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
16
16
  :password => 'test'
17
17
  }
18
18
 
19
- post '/oauth2/token', params
19
+ post '/oauth/token', params
20
20
  end
21
21
  it { response.code.to_i.should == 200 }
22
22
  it { response.content_type.should == 'application/json' }
@@ -38,7 +38,7 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
38
38
  }
39
39
 
40
40
  auth_header = ActionController::HttpAuthentication::Basic.encode_credentials client.identifier, client.secret
41
- post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
41
+ post '/oauth/token', params, 'HTTP_AUTHORIZATION' => auth_header
42
42
  end
43
43
  it { response.code.to_i.should == 200 }
44
44
  it { response.content_type.should == 'application/json' }
@@ -59,7 +59,7 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
59
59
  :password => 'test'
60
60
  }
61
61
  auth_header = ActionController::HttpAuthentication::Basic.encode_credentials 'invalid client id', client.secret
62
- post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
62
+ post '/oauth/token', params, 'HTTP_AUTHORIZATION' => auth_header
63
63
  end
64
64
  it { response.code.to_i.should == 400 }
65
65
  it { response.content_type.should == 'application/json' }
@@ -81,7 +81,7 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
81
81
  :password => 'test'
82
82
  }
83
83
  auth_header = ActionController::HttpAuthentication::Basic.encode_credentials client.identifier, 'invalid secret'
84
- post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
84
+ post '/oauth/token', params, 'HTTP_AUTHORIZATION' => auth_header
85
85
  end
86
86
  it { response.code.to_i.should == 400 }
87
87
  it { response.content_type.should == 'application/json' }
@@ -106,7 +106,7 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
106
106
  :password => 'bar'
107
107
  }
108
108
 
109
- post '/oauth2/token', params
109
+ post '/oauth/token', params
110
110
  end
111
111
  it { response.code.to_i.should == 400 }
112
112
  it { response.content_type.should == 'application/json' }
@@ -131,7 +131,7 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
131
131
  :password => 'test'
132
132
  }
133
133
 
134
- post '/oauth2/token', params
134
+ post '/oauth/token', params
135
135
  end
136
136
  it { response.code.to_i.should == 400 }
137
137
  it { response.content_type.should == 'application/json' }
@@ -156,7 +156,7 @@ describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
156
156
  :password => 'test'
157
157
  }
158
158
 
159
- post '/oauth2/token', params
159
+ post '/oauth/token', params
160
160
  end
161
161
  it { response.code.to_i.should == 400 }
162
162
  it { response.content_type.should == 'application/json' }
@@ -1,13 +1,13 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
4
- describe 'POST /oauth2/token' do
4
+ describe 'POST /oauth/token' do
5
5
  describe 'with grant_type=refresh_token' do
6
6
  context 'with valid params' do
7
7
  with :client
8
8
  with :user
9
9
  before do
10
- @refresh_token = client.refresh_tokens.create! :user => user
10
+ @refresh_token = client.refresh_tokens.create! owner: user, client: client
11
11
  params = {
12
12
  :grant_type => 'refresh_token',
13
13
  :client_id => client.identifier,
@@ -15,13 +15,13 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
15
15
  :refresh_token => @refresh_token.token
16
16
  }
17
17
 
18
- post '/oauth2/token', params
18
+ post '/oauth/token', params
19
19
  end
20
20
  it { response.code.to_i.should == 200 }
21
21
  it { response.content_type.should == 'application/json' }
22
22
  it 'returns json' do
23
- token = Devise::Oauth2::AccessToken.last
24
23
  refresh_token = @refresh_token
24
+ token = Devise::Oauth2::AccessToken.last # create!(owner: user, refresh_token: refresh_token, client: client)
25
25
  expected = {
26
26
  :token_type => 'bearer',
27
27
  :expires_in => 899,
@@ -36,17 +36,17 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
36
36
  with :client
37
37
  before do
38
38
  timenow = 2.days.from_now
39
- Time.stub!(:now).and_return(timenow)
40
- @refresh_token = client.refresh_tokens.create! :user => user
39
+ Time.stub(:now).and_return(timenow)
40
+ @refresh_token = client.refresh_tokens.create! owner: user
41
41
  params = {
42
42
  :grant_type => 'refresh_token',
43
43
  :client_id => client.identifier,
44
44
  :client_secret => client.secret,
45
45
  :refresh_token => @refresh_token.token
46
46
  }
47
- Time.stub!(:now).and_return(timenow + 2.months)
47
+ Time.stub(:now).and_return(timenow + 2.months)
48
48
 
49
- post '/oauth2/token', params
49
+ post '/oauth/token', params
50
50
  end
51
51
  it { response.code.to_i.should == 400 }
52
52
  it { response.content_type.should == 'application/json' }
@@ -62,7 +62,7 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
62
62
  with :user
63
63
  with :client
64
64
  before do
65
- @refresh_token = client.refresh_tokens.create! :user => user
65
+ @refresh_token = client.refresh_tokens.create! owner: user
66
66
  params = {
67
67
  :grant_type => 'refresh_token',
68
68
  :client_id => client.identifier,
@@ -70,7 +70,7 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
70
70
  :refresh_token => 'invalid'
71
71
  }
72
72
 
73
- post '/oauth2/token', params
73
+ post '/oauth/token', params
74
74
  end
75
75
  it { response.code.to_i.should == 400 }
76
76
  it { response.content_type.should == 'application/json' }
@@ -88,7 +88,7 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
88
88
  with :user
89
89
  with :client
90
90
  before do
91
- @refresh_token = client.refresh_tokens.create! :user => user
91
+ @refresh_token = client.refresh_tokens.create! owner: user
92
92
  params = {
93
93
  :grant_type => 'refresh_token',
94
94
  :client_id => 'invalid',
@@ -96,7 +96,7 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
96
96
  :refresh_token => @refresh_token.token
97
97
  }
98
98
 
99
- post '/oauth2/token', params
99
+ post '/oauth/token', params
100
100
  end
101
101
  it { response.code.to_i.should == 400 }
102
102
  it { response.content_type.should == 'application/json' }
@@ -112,7 +112,7 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
112
112
  with :user
113
113
  with :client
114
114
  before do
115
- @refresh_token = client.refresh_tokens.create! :user => user
115
+ @refresh_token = client.refresh_tokens.create! owner: user
116
116
  params = {
117
117
  :grant_type => 'refresh_token',
118
118
  :client_id => client.identifier,
@@ -120,7 +120,7 @@ describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
120
120
  :refresh_token => @refresh_token.token
121
121
  }
122
122
 
123
- post '/oauth2/token', params
123
+ post '/oauth/token', params
124
124
  end
125
125
  it { response.code.to_i.should == 400 }
126
126
  it { response.content_type.should == 'application/json' }
@@ -5,21 +5,19 @@ describe Devise::Oauth2::AccessToken do
5
5
 
6
6
  describe 'basic access token instance' do
7
7
  with :client
8
+ with :user
8
9
  subject do
9
- Devise::Oauth2::AccessToken.create! :client => client
10
+ Devise::Oauth2::AccessToken.create! :client => client, owner: user
10
11
  end
11
12
  it { should validate_presence_of :token }
12
13
  it { should validate_uniqueness_of :token }
13
- it { should belong_to :user }
14
- it { should allow_mass_assignment_of :user }
14
+ it { should belong_to :owner }
15
15
  it { should belong_to :client }
16
- it { should allow_mass_assignment_of :client }
17
16
  it { should validate_presence_of :client }
18
17
  it { should validate_presence_of :expires_at }
19
18
  it { should belong_to :refresh_token }
20
- it { should allow_mass_assignment_of :refresh_token }
21
19
  it { should have_db_index :client_id }
22
- it { should have_db_index :user_id }
20
+ it { should have_db_index :owner_id }
23
21
  it { should have_db_index(:token).unique(true) }
24
22
  it { should have_db_index :expires_at }
25
23
  end
@@ -3,19 +3,18 @@ require 'spec_helper'
3
3
  describe Devise::Oauth2::AuthorizationCode do
4
4
  describe 'basic authorization code instance' do
5
5
  with :client
6
+ with :user
6
7
  subject do
7
- Devise::Oauth2::AuthorizationCode.create! :client => client
8
+ Devise::Oauth2::AuthorizationCode.create! :client => client, owner: user
8
9
  end
9
10
  it { should validate_presence_of :token }
10
11
  it { should validate_uniqueness_of :token }
11
- it { should belong_to :user }
12
- it { should allow_mass_assignment_of :user }
12
+ it { should belong_to :owner }
13
13
  it { should belong_to :client }
14
- it { should allow_mass_assignment_of :client }
15
14
  it { should validate_presence_of :client }
16
15
  it { should validate_presence_of :expires_at }
17
16
  it { should have_db_index :client_id }
18
- it { should have_db_index :user_id }
17
+ it { should have_db_index :owner_id }
19
18
  it { should have_db_index(:token).unique(true) }
20
19
  it { should have_db_index :expires_at }
21
20
  end
@@ -6,16 +6,8 @@ describe Devise::Oauth2::Client do
6
6
  describe 'basic client instance' do
7
7
  with :client
8
8
  subject { client }
9
- it { should validate_presence_of :name }
10
- it { should validate_uniqueness_of :name }
11
- it { should allow_mass_assignment_of :name }
12
- it { should validate_presence_of :website }
13
- it { should allow_mass_assignment_of :website }
14
- it { should allow_mass_assignment_of :redirect_uri }
15
9
  it { should validate_uniqueness_of :identifier }
16
10
  it { should have_db_index(:identifier).unique(true) }
17
- it { should_not allow_mass_assignment_of :identifier }
18
- it { should_not allow_mass_assignment_of :secret }
19
11
  it { should have_many :refresh_tokens }
20
12
  it { should have_many :authorization_codes }
21
13
  end
@@ -5,21 +5,19 @@ describe Devise::Oauth2::RefreshToken do
5
5
 
6
6
  describe 'basic refresh token instance' do
7
7
  with :client
8
+ with :user
8
9
  subject do
9
- Devise::Oauth2::RefreshToken.create! :client => client
10
+ Devise::Oauth2::RefreshToken.create! :client => client, owner: user
10
11
  end
11
12
  it { should validate_presence_of :token }
12
13
  it { should validate_uniqueness_of :token }
13
- it { should belong_to :user }
14
- it { should allow_mass_assignment_of :user }
14
+ it { should belong_to :owner }
15
15
  it { should belong_to :client }
16
- it { should allow_mass_assignment_of :client }
17
16
  it { should validate_presence_of :client }
18
17
  it { should validate_presence_of :expires_at }
19
18
  it { should have_many :access_tokens }
20
- it { should allow_mass_assignment_of :access_tokens }
21
19
  it { should have_db_index :client_id }
22
- it { should have_db_index :user_id }
20
+ it { should have_db_index :owner_id }
23
21
  it { should have_db_index(:token).unique(true) }
24
22
  it { should have_db_index :expires_at }
25
23
  end
@@ -2,11 +2,11 @@ require 'spec_helper'
2
2
 
3
3
  describe Devise::Oauth2::AuthorizationsController do
4
4
  describe 'routing' do
5
- pending 'routes POST /oauth2/authorizations' do
6
- post('/oauth2/authorizations').should route_to('devise/oauth2_providable/authorizations#create')
5
+ pending 'routes POST /oauth/authorizations' do
6
+ post('/oauth/authorizations').should route_to('devise/oauth2_providable/authorizations#create')
7
7
  end
8
- pending 'routes GET /oauth2/authorize' do
9
- get('/oauth2/authorize').should route_to('devise/oauth2_providable/authorizations#new')
8
+ pending 'routes GET /oauth/authorize' do
9
+ get('/oauth/authorize').should route_to('devise/oauth2_providable/authorizations#new')
10
10
  end
11
11
  pending 'routes POST /oauth2/authorize' do
12
12
  #FIXME: this is valid, but the route is not being loaded into the test
@@ -1,6 +1,6 @@
1
1
  # see http://www.builtfromsource.com/2011/09/21/testing-routes-with-rails-3-1-engines/
2
2
  module Devise
3
- module Oauth2Providable
3
+ module Oauth2
4
4
  module EngineHacks
5
5
  ##
6
6
  # Automatically append all of the current engine's routes to the main
@@ -23,7 +23,7 @@ module Devise
23
23
  engine = ("#{engine_name}::Engine").constantize
24
24
 
25
25
  engine_name = 'oauth2'
26
- engine = Devise::Oauth2Providable::Engine
26
+ engine = Devise::Oauth2::Engine
27
27
  named_routes = engine.routes.named_routes.routes
28
28
  resourced_routes = []
29
29
 
@@ -71,4 +71,4 @@ module Devise
71
71
  end
72
72
  end
73
73
 
74
- # Rails::Engine.send(:include, Devise::Oauth2Providable::EngineHacks)
74
+ # Rails::Engine.send(:include, Devise::Oauth2::EngineHacks)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_oauth2_rails4
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.4
4
+ version: 2.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Wheeler
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-15 00:00:00.000000000 Z
11
+ date: 2014-03-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -357,4 +357,3 @@ test_files:
357
357
  - spec/spec_helper.rb
358
358
  - spec/support/inject_engine_routes_into_application.rb
359
359
  - spec/support/match_json.rb
360
- has_rdoc: