doorkeeper-grants_assertion 0.0.1

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/factories/access_grant.rb

@@ -0,0 +1,9 @@
+FactoryGirl.define do
+  factory :access_grant, class: Doorkeeper::AccessGrant do
+    sequence(:resource_owner_id) { |n| n }
+    application
+    redirect_uri 'https://app.com/callback'
+    expires_in 100
+    scopes 'public write'
+  end
+end

data/spec/factories/access_token.rb

@@ -0,0 +1,11 @@
+FactoryGirl.define do
+  factory :access_token, class: Doorkeeper::AccessToken do
+    sequence(:resource_owner_id) { |n| n }
+    application
+    expires_in 2.hours
+
+    factory :clientless_access_token do
+      application nil
+    end
+  end
+end

data/spec/factories/application.rb

@@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :application, class: Doorkeeper::Application do
+    sequence(:name) { |n| "Application #{n}" }
+    redirect_uri 'https://app.com/callback'
+  end
+end

data/spec/requests/flows/assertion_spec.rb

@@ -0,0 +1,74 @@
+require 'spec_helper_integration'
+
+feature 'Resource Owner Assertion Flow inproperly set up' do
+  background do
+    client_exists
+    create_resource_owner
+  end
+
+  context 'with valid user assertion' do
+    scenario "should not issue new token" do
+      expect {
+        post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
+      }.to_not change { Doorkeeper::AccessToken.count }
+
+      should_have_json 'error', 'invalid_resource_owner'
+      should_have_json 'error_description', translated_error_message(:invalid_resource_owner)
+      expect(response.status).to eq(401)
+    end
+  end
+end
+
+feature 'Resource Owner Assertion Flow' do
+  background do
+    config_is_set(:resource_owner_from_assertion) { User.where(assertion: params[:assertion]).first }
+    client_exists
+    create_resource_owner
+  end
+
+  context 'with valid user assertion' do
+    scenario "should issue new token" do
+      expect {
+        post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
+      }.to change { Doorkeeper::AccessToken.count }.by(1)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'access_token',  token.token
+    end
+
+    scenario "should issue a refresh token if enabled" do
+      config_is_set(:refresh_token_enabled, true)
+
+      post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'refresh_token',  token.refresh_token
+    end
+
+  end
+
+  context "with invalid user assertion" do
+    scenario "should not issue new token with bad assertion" do
+      expect {
+        post assertion_endpoint_url( client: @client, assertion: 'i_dont_exist' )
+      }.to_not change { Doorkeeper::AccessToken.count }
+
+      should_have_json 'error', 'invalid_resource_owner'
+      should_have_json 'error_description', translated_error_message(:invalid_resource_owner)
+      expect(response.status).to eq(401)
+    end
+
+    scenario "should not issue new token without assertion" do
+      expect {
+        post assertion_endpoint_url( client: @client )
+      }.to_not change { Doorkeeper::AccessToken.count }
+
+      should_have_json 'error', 'invalid_resource_owner'
+      should_have_json 'error_description', translated_error_message(:invalid_resource_owner)
+      expect(response.status).to eq(401)
+    end
+
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
+$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../app'))

data/spec/spec_helper_integration.rb

@@ -0,0 +1,29 @@
+ENV['RAILS_ENV'] ||= 'test'
+
+$LOAD_PATH.unshift File.dirname(__FILE__)
+
+require 'dummy/config/environment'
+require 'rspec/rails'
+require 'rspec/autorun'
+require 'database_cleaner'
+
+Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm.inspect}"
+Rails.logger.info "====> Rails version: #{Rails.version}"
+Rails.logger.info "====> Ruby version: #{RUBY_VERSION}"
+
+Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |f| require f }
+
+# load schema to in memory sqlite
+ActiveRecord::Migration.verbose = false
+load Rails.root + 'db/schema.rb'
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+
+  config.infer_base_class_for_anonymous_controllers = false
+
+  config.before { DatabaseCleaner.start }
+  config.after { DatabaseCleaner.clean }
+
+  config.order = 'random'
+end

data/spec/support/dependencies/factory_girl.rb

@@ -0,0 +1,2 @@
+require 'factory_girl'
+FactoryGirl.find_definitions

data/spec/support/helpers/config_helper.rb

@@ -0,0 +1,9 @@
+module ConfigHelper
+  def config_is_set(setting, value = nil, &block)
+    setting_ivar = "@#{setting}"
+    value = block_given? ? block : value
+    Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
+  end
+end
+
+RSpec.configuration.send :include, ConfigHelper, type: :request

data/spec/support/helpers/model_helper.rb

@@ -0,0 +1,45 @@
+module ModelHelper
+  def client_exists(client_attributes = {})
+    @client = FactoryGirl.create(:application, client_attributes)
+  end
+
+  def create_resource_owner
+    @resource_owner = User.create!(name: 'Joe', password: 'sekret', assertion: 'assertion')
+  end
+
+  def authorization_code_exists(options = {})
+    @authorization = FactoryGirl.create(:access_grant, options)
+  end
+
+  def access_grant_should_exist_for(client, resource_owner)
+    grant = Doorkeeper::AccessGrant.first
+    expect(grant.application).to eq(client)
+    grant.resource_owner_id  == resource_owner.id
+  end
+
+  def access_token_should_exist_for(client, resource_owner)
+    grant = Doorkeeper::AccessToken.first
+    expect(grant.application).to eq(client)
+    grant.resource_owner_id  == resource_owner.id
+  end
+
+  def access_grant_should_not_exist
+    expect(Doorkeeper::AccessGrant.all).to be_empty
+  end
+
+  def access_token_should_not_exist
+    expect(Doorkeeper::AccessToken.all).to be_empty
+  end
+
+  def access_grant_should_have_scopes(*args)
+    grant = Doorkeeper::AccessGrant.first
+    expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
+  end
+
+  def access_token_should_have_scopes(*args)
+    grant = Doorkeeper::AccessToken.first
+    expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
+  end
+end
+
+RSpec.configuration.send :include, ModelHelper, type: :request

data/spec/support/helpers/request_spec_helper.rb

@@ -0,0 +1,76 @@
+module RequestSpecHelper
+  def i_should_see(content)
+    expect(page).to have_content(content)
+  end
+
+  def i_should_not_see(content)
+    expect(page).to have_no_content(content)
+  end
+
+  def i_should_be_on(path)
+    expect(current_path).to eq(path)
+  end
+
+  def url_should_have_param(param, value)
+    expect(current_params[param]).to eq(value)
+  end
+
+  def url_should_not_have_param(param)
+    expect(current_params).not_to have_key(param)
+  end
+
+  def current_params
+    Rack::Utils.parse_query(current_uri.query)
+  end
+
+  def current_uri
+    URI.parse(page.current_url)
+  end
+
+  def should_have_header(header, value)
+    expect(headers[header]).to eq(value)
+  end
+
+  def with_access_token_header(token)
+    with_header 'Authorization', "Bearer #{token}"
+  end
+
+  def with_header(header, value)
+    page.driver.header header, value
+  end
+
+  def basic_auth_header_for_client(client)
+    ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
+  end
+
+  def should_have_json(key, value)
+    expect(JSON.parse(response.body).fetch(key)).to eq(value)
+  end
+
+  def should_have_json_within(key, value, range)
+    expect(JSON.parse(response.body).fetch(key)).to be_within(range).of(value)
+  end
+
+  def should_not_have_json(key)
+    expect(JSON.parse(response.body)).not_to have_key(key)
+  end
+
+  def sign_in
+    visit '/'
+    click_on 'Sign in'
+  end
+
+  def i_should_see_translated_error_message(key)
+    i_should_see translated_error_message(key)
+  end
+
+  def translated_error_message(key)
+    I18n.translate key, scope: [:doorkeeper, :errors, :messages]
+  end
+
+  def response_status_should_be(status)
+    expect(page.driver.response.status.to_i).to eq(status)
+  end
+end
+
+RSpec.configuration.send :include, RequestSpecHelper, type: :request

data/spec/support/helpers/url_helper.rb

@@ -0,0 +1,19 @@
+module UrlHelper
+  def assertion_endpoint_url(options = {})
+    parameters = {
+      :code          => options[:code],
+      :client_id     => options[:client_id]     || options[:client].uid,
+      :client_secret => options[:client_secret] || options[:client].secret,
+      :redirect_uri  => options[:redirect_uri]  || options[:client].redirect_uri,
+      :grant_type    => options[:grant_type]    || "assertion",
+      :assertion     => options[:assertion]     || (options[:resource_owner] ? options[:resource_owner].assertion : nil)
+    }
+    "/oauth/token?#{build_query(parameters)}"
+  end
+
+  def build_query(hash)
+    Rack::Utils.build_query(hash)
+  end
+end
+
+RSpec.configuration.send :include, UrlHelper, type: :request

data/spec/support/shared/controllers_shared_context.rb

@@ -0,0 +1,60 @@
+shared_context 'valid token', token: :valid do
+  let :token_string do
+    '1A2B3C4D'
+  end
+
+  let :token do
+    double(Doorkeeper::AccessToken, accessible?: true)
+  end
+
+  before :each do
+    allow(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+  end
+end
+
+shared_context 'invalid token', token: :invalid do
+  let :token_string do
+    '1A2B3C4D'
+  end
+
+  let :token do
+    double(Doorkeeper::AccessToken, accessible?: false, revoked?: false, expired?: false)
+  end
+
+  before :each do
+    allow(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+  end
+end
+
+shared_context 'authenticated resource owner' do
+  before do
+    user = double(:resource, id: 1)
+    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
+  end
+end
+
+shared_context 'not authenticated resource owner' do
+  before do
+    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to '/' } }
+  end
+end
+
+shared_context 'valid authorization request' do
+  let :authorization do
+    double(:authorization, valid?: true, authorize: true, success_redirect_uri: 'http://something.com/cb?code=token')
+  end
+
+  before do
+    allow(controller).to receive(:authorization) { authorization }
+  end
+end
+
+shared_context 'invalid authorization request' do
+  let :authorization do
+    double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
+  end
+
+  before do
+    allow(controller).to receive(:authorization) { authorization }
+  end
+end

data/spec/support/shared/models_shared_examples.rb

@@ -0,0 +1,52 @@
+shared_examples 'an accessible token' do
+  describe :accessible? do
+    it 'is accessible if token is not expired' do
+      allow(subject).to receive(:expired?).and_return(false)
+      should be_accessible
+    end
+
+    it 'is not accessible if token is expired' do
+      allow(subject).to receive(:expired?).and_return(true)
+      should_not be_accessible
+    end
+  end
+end
+
+shared_examples 'a revocable token' do
+  describe :accessible? do
+    before { subject.save! }
+
+    it 'is accessible if token is not revoked' do
+      expect(subject).to be_accessible
+    end
+
+    it 'is not accessible if token is revoked' do
+      subject.revoke
+      expect(subject).not_to be_accessible
+    end
+  end
+end
+
+shared_examples 'a unique token' do
+  describe :token do
+    it 'is generated before validation' do
+      expect { subject.valid? }.to change { subject.token }.from(nil)
+    end
+
+    it 'is not valid if token exists' do
+      token1 = FactoryGirl.create factory_name
+      token2 = FactoryGirl.create factory_name
+      token2.token = token1.token
+      expect(token2).not_to be_valid
+    end
+
+    it 'expects database to throw an error when tokens are the same' do
+      token1 = FactoryGirl.create factory_name
+      token2 = FactoryGirl.create factory_name
+      token2.token = token1.token
+      expect do
+        token2.save!(validate: false)
+      end.to raise_error
+    end
+  end
+end

metadata

@@ -0,0 +1,195 @@
+--- !ruby/object:Gem::Specification
+name: doorkeeper-grants_assertion
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Tute Costa
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: doorkeeper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.11.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.11.4
+- !ruby/object:Gem::Dependency
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.2
+- !ruby/object:Gem::Dependency
+  name: factory_girl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.4
+- !ruby/object:Gem::Dependency
+  name: generator_spec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+description: Assertion grant extension for Doorkeeper.
+email:
+- tutecosta@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- MIT-LICENSE
+- README.md
+- Rakefile
+- config/locales/en.yml
+- doorkeeper-grants_assertion.gemspec
+- lib/doorkeeper/grants_assertion.rb
+- lib/doorkeeper/request/assertion.rb
+- spec/dummy/Rakefile
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/controllers/custom_authorizations_controller.rb
+- spec/dummy/app/controllers/full_protected_resources_controller.rb
+- spec/dummy/app/controllers/home_controller.rb
+- spec/dummy/app/controllers/metal_controller.rb
+- spec/dummy/app/controllers/semi_protected_resources_controller.rb
+- spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/models/user.rb
+- spec/dummy/app/views/home/index.html.erb
+- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/config.ru
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/doorkeeper.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/locales/doorkeeper.en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/db/migrate/20111122132257_create_users.rb
+- spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb
+- spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb
+- spec/dummy/db/schema.rb
+- spec/dummy/script/rails
+- spec/factories/access_grant.rb
+- spec/factories/access_token.rb
+- spec/factories/application.rb
+- spec/requests/flows/assertion_spec.rb
+- spec/spec_helper.rb
+- spec/spec_helper_integration.rb
+- spec/support/dependencies/factory_girl.rb
+- spec/support/helpers/config_helper.rb
+- spec/support/helpers/model_helper.rb
+- spec/support/helpers/request_spec_helper.rb
+- spec/support/helpers/url_helper.rb
+- spec/support/shared/controllers_shared_context.rb
+- spec/support/shared/models_shared_examples.rb
+homepage: https://github.com/doorkeeper-gem/doorkeeper/doorkeeper-grants-assertion
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Assertion grant extension for Doorkeeper.
+test_files: []