doorkeeper 0.3.4 → 0.4.0

data/spec/lib/oauth/client/credentials_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+
+class Doorkeeper::OAuth::Client
+  describe Credentials do
+    it 'is blank when any of the credentials is blank' do
+      Credentials.new(nil, "something").should be_blank
+      Credentials.new("something", nil).should be_blank
+    end
+
+    describe :from_request do
+      let(:request) { stub.as_null_object }
+
+      let(:method) do
+        lambda { |request| return 'uid', 'secret' }
+      end
+
+      it 'accepts anything that responds to #call' do
+        method.should_receive(:call).with(request)
+        Credentials.from_request request, method
+      end
+
+      it 'delegates methods received as symbols to Credentials class' do
+        Credentials.should_receive(:from_params).with(request)
+        Credentials.from_request request, :from_params
+      end
+
+      it 'stops at the first credentials found' do
+        not_called_method = mock
+        not_called_method.should_not_receive(:call)
+        credentials = Credentials.from_request request, lambda { |r| }, method, not_called_method
+      end
+
+      it 'returns new Credentials' do
+        credentials = Credentials.from_request request, method
+        credentials.should be_a(Credentials)
+      end
+
+      it 'returns uid and secret from extractor method' do
+        credentials = Credentials.from_request request, method
+        credentials.uid.should    == 'uid'
+        credentials.secret.should == 'secret'
+      end
+    end
+  end
+end

data/spec/lib/oauth/client/methods_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+
+class Doorkeeper::OAuth::Client
+  describe 'Methods' do
+    let(:client_id) { "some-uid" }
+    let(:client_secret) { "some-secret" }
+
+    subject do
+      Class.new do
+        include Methods
+      end.new
+    end
+
+    describe :from_params do
+      it 'returns credentials from parameters when Authorization header is not available' do
+        request     = stub :parameters => { :client_id => client_id, :client_secret => client_secret }
+        uid, secret = subject.from_params(request)
+
+        uid.should    == "some-uid"
+        secret.should == "some-secret"
+      end
+
+      it 'is blank when there are no credentials' do
+        request     = stub :parameters => {}
+        uid, secret = subject.from_params(request)
+
+        uid.should    be_blank
+        secret.should be_blank
+      end
+    end
+
+    describe :from_basic do
+      let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
+
+      it 'decodes the credentials' do
+        request     = stub :authorization => "Basic #{credentials}"
+        uid, secret = subject.from_basic(request)
+
+        uid.should    == "some-uid"
+        secret.should == "some-secret"
+      end
+
+      it 'is blank if Authorization is not Basic' do
+        request     = stub :authorization => "#{credentials}"
+        uid, secret = subject.from_basic(request)
+
+        uid.should    be_blank
+        secret.should be_blank
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/creator_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper_integration'
+
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Creator do
+    let(:client) { FactoryGirl.create :application }
+    let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public') }
+
+    it 'creates a new token' do
+      expect do
+        subject.call(client, scopes)
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
+
+    it 'returns false if creation fails' do
+      Doorkeeper::AccessToken.should_receive(:create).and_return(false)
+      created = subject.call(client, scopes)
+      created.should be_false
+    end
+
+    it 'does not create a new token if there is an accessible one' do
+      subject.call(client, scopes, :expires_in => 10.years)
+      expect do
+        subject.call(client, scopes)
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
+
+    it 'returns the existing token if there is an accessible one' do
+      existing = subject.call(client, scopes, :expires_in => 10.years)
+      created  = subject.call(client, scopes)
+      created.should == existing
+    end
+
+    it 'revokes old token if is not accessible' do
+      existing = subject.call(client, scopes, :expires_in => -1000)
+      subject.call(client, scopes)
+      existing.reload.should be_revoked
+    end
+
+    it 'returns a new token when the old one is not accessible' do
+      existing = subject.call(client, scopes, :expires_in => -1000)
+
+      expect do
+        subject.call(client, scopes)
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/issuer_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/oauth/client_credentials/issuer'
+
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Issuer do
+    let(:creator) { mock :acces_token_creator }
+    let(:server)  { mock :server, :access_token_expires_in => 100 }
+    let(:validation) { mock :validation, :valid? => true }
+
+    subject { Issuer.new(server, validation) }
+
+    describe :create do
+      let(:client) { mock :client, :id => 'some-id' }
+      let(:scopes) { 'some scope' }
+
+      it 'creates and sets the token' do
+        creator.should_receive(:call).and_return('token')
+        subject.create client, scopes, creator
+
+        subject.token.should == 'token'
+      end
+
+      it 'creates with correct token parameters' do
+        creator.should_receive(:call).with(client, scopes, {
+          :expires_in        => 100,
+          :use_refresh_token => false
+        })
+
+        subject.create client, scopes, creator
+      end
+
+      it 'has error set to :server_error if creator fails' do
+        creator.should_receive(:call).and_return(false)
+        subject.create client, scopes, creator
+
+        subject.error.should == :server_error
+      end
+
+      context 'when validation fails' do
+        before do
+          validation.stub :valid? => false, :error => :validation_error
+          creator.should_not_receive(:create)
+        end
+
+        it 'has error set from validation' do
+          subject.create client, scopes, creator
+          subject.error.should == :validation_error
+        end
+
+        it 'returns false' do
+          subject.create(client, scopes, creator).should be_false
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/response_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+require 'doorkeeper/oauth/client_credentials/response'
+
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Response do
+    subject { Response.new(stub.as_null_object) }
+
+    it 'includes access token response headers' do
+      headers = subject.headers
+      headers.fetch('Cache-Control').should == 'no-store'
+      headers.fetch('Pragma').should == 'no-cache'
+    end
+
+    it 'status is success' do
+      subject.status.should == :success
+    end
+
+    it 'token_type is bearer' do
+      subject.token_type.should == 'bearer'
+    end
+
+    it 'can be serialized to JSON' do
+      subject.should respond_to(:to_json)
+    end
+
+    context 'attributes' do
+      let(:access_token) do
+        mock :access_token, {
+          :token => 'some-token',
+          :expires_in => '3600',
+          :scopes_string => 'two scopes'
+        }
+      end
+
+      subject { Response.new(access_token).attributes }
+
+      it 'includes :access_token' do
+        subject['access_token'].should == 'some-token'
+      end
+
+      it 'includes :token_type' do
+        subject['token_type'].should == 'bearer'
+      end
+
+      it 'includes :expires_in' do
+        subject['expires_in'].should == '3600'
+      end
+
+      it 'includes :scope' do
+        subject['scope'].should == 'two scopes'
+      end
+
+      it 'does not include refresh_token (disabled in this flow)' do
+        subject.should_not have_key('refresh_token')
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/validation_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/oauth/client_credentials/validation'
+
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Validation do
+    let(:server)  { mock :server, :scopes => nil }
+    let(:request) { mock :request, :client => stub, :original_scopes => nil }
+
+    subject { Validation.new(server, request) }
+
+    it 'is valid with valid request' do
+      subject.should be_valid
+    end
+
+    it 'is invalid when client is not present' do
+      request.stub :client => nil
+      subject.should_not be_valid
+    end
+
+    context 'with scopes' do
+      it 'is invalid when scopes are not included in the server' do
+        server.stub :scopes => Doorkeeper::OAuth::Scopes.from_string('email')
+        request.stub :original_scopes => 'invalid'
+        subject.should_not be_valid
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials_integration_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe ClientCredentialsRequest do
+    let(:server) { Doorkeeper.configuration }
+
+    context 'with a valid request' do
+      let(:client) { FactoryGirl.create :application }
+
+      it 'issues an access token' do
+        request = ClientCredentialsRequest.new(server, client, {})
+        expect do
+          request.authorize
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+      end
+    end
+
+    describe 'with an invalid request' do
+      it 'does not issue an access token' do
+        request = ClientCredentialsRequest.new(server, nil, {})
+        expect do
+          request.authorize
+        end.to_not change { Doorkeeper::AccessToken.count }
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials_request_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'active_model'
+require 'doorkeeper/oauth/client_credentials_request'
+
+module Doorkeeper::OAuth
+  describe ClientCredentialsRequest do
+    let(:server) { stub :default_scopes => nil }
+    let(:client) { stub }
+    let(:token_creator) { mock :issuer, :create => true, :token => stub }
+
+    subject { ClientCredentialsRequest.new(server, client) }
+
+    before do
+      subject.issuer = token_creator
+    end
+
+    it 'issues an access token for the current client' do
+      token_creator.should_receive(:create).with(client, nil)
+      subject.authorize
+    end
+
+    it 'has successful response when issue was created' do
+      subject.authorize
+      subject.response.should be_a(ClientCredentialsRequest::Response)
+    end
+
+    it 'has an error response if issue was not created' do
+      subject.issuer = stub :create => false, :error => :invalid
+      subject.authorize
+      subject.response.should be_a(Doorkeeper::OAuth::ErrorResponse)
+    end
+
+    it 'delegates the error to issuer' do
+      subject.issuer = stub :create => false, :error => :invalid
+      subject.authorize
+      subject.error.should == :invalid
+    end
+
+    context 'with scopes' do
+      let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
+
+      before do
+        server.stub(:default_scopes).and_return(default_scopes)
+      end
+
+      it 'issues an access token with default scopes if none was requested' do
+        token_creator.should_receive(:create).with(client, default_scopes)
+        subject.authorize
+      end
+
+      it 'issues an access token with requested scopes' do
+        subject = ClientCredentialsRequest.new(server, client, :scope => "email")
+        subject.issuer = token_creator
+        token_creator.should_receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
+        subject.authorize
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+
+module Doorkeeper::OAuth
+  class Doorkeeper::Application
+  end
+
+  describe Client do
+    describe :find do
+      let(:uid) { "some-uid" }
+
+      it 'finds the client via uid' do
+        client = stub
+        Doorkeeper::Application.should_receive(:find_by_uid).with(uid).and_return(client)
+        Client.find(uid).should be_a(Client)
+      end
+
+      it 'returns nil if client was not found' do
+        Doorkeeper::Application.should_receive(:find_by_uid).with(uid).and_return(nil)
+        Client.find(uid).should be_nil
+      end
+    end
+
+    describe :authenticate do
+      it 'returns the authenticated client via credentials' do
+        credentials = Client::Credentials.new("some-uid", "some-secret")
+        authenticator = mock
+        authenticator.should_receive(:call).with("some-uid", "some-secret").and_return(stub)
+        Client.authenticate(credentials, authenticator).should be_a(Client)
+      end
+
+      it 'retunrs nil if client was not authenticated' do
+        credentials = Client::Credentials.new("some-uid", "some-secret")
+        authenticator = mock
+        authenticator.should_receive(:call).with("some-uid", "some-secret").and_return(nil)
+        Client.authenticate(credentials, authenticator).should be_nil
+      end
+    end
+  end
+end

data/spec/lib/oauth/error_response_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+require 'active_model'
+require 'doorkeeper/oauth/error'
+require 'doorkeeper/oauth/error_response'
+
+module Doorkeeper::OAuth
+  describe ErrorResponse do
+    its(:status) { should == :unauthorized }
+
+    describe :from_request do
+      it 'has the error from request' do
+        error = ErrorResponse.from_request stub(:error => :some_error)
+        error.name.should == :some_error
+      end
+
+      it 'ignores state if request does not respond to state' do
+        error = ErrorResponse.from_request stub(:error => :some_error)
+        error.state.should be_nil
+      end
+
+      it 'has state if request responds to state' do
+        error = ErrorResponse.from_request stub(:error => :some_error, :state => :hello)
+        error.state.should == :hello
+      end
+    end
+
+    it 'ignores empty attributes' do
+      subject = ErrorResponse.new(:error => :some_error, :state => nil)
+      subject.attributes.should_not have_key(:state)
+    end
+
+    context 'json response' do
+      subject { ErrorResponse.new(:name => :some_error, :state => :some_state).as_json }
+
+      it { should have_key('error') }
+      it { should have_key('error_description') }
+      it { should have_key('state') }
+    end
+  end
+end