doorkeeper_sso 0.0.3 → 0.0.4

data/lib/sso.rb

@@ -1,4 +1,8 @@
 require "sso/engine"
+require "sso/logging"
 
 module Sso
+  def self.table_name_prefix
+    'sso_'
+  end
 end

data/spec/controllers/sso/sessions_controller_spec.rb

@@ -0,0 +1,65 @@
+require 'rails_helper'
+
+RSpec.describe Sso::SessionsController, :type => :controller do
+  routes { Sso::Engine.routes }
+  render_views
+
+  describe "GET show" do
+    let(:user) { Fabricate(:user) }
+
+    context "logged_in" do
+      before() {  sign_in user }
+
+      it "returns not authorized" do
+        get :show, format: :json
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    context "not logged_in" do
+      it "returns not authorized" do
+        get :show, format: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+
+  describe "POST create" do
+    let(:user) { Fabricate(:user) }
+    let(:params) { { :ip => "202.188.0.133", :agent => "Chrome", format: :json } }
+
+    context "not logged_in" do
+      it do
+        post :create, params
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context "logged_in" do
+      let(:user) { Fabricate(:user) }
+      let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
+      let(:master_sso_session) { Sso::Session.generate_master(user, attributes) }
+      let(:access_token) { Fabricate("Doorkeeper::AccessToken",
+                                     resource_owner_id: user.id) }
+      let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                     resource_owner_id: user.id,
+                                     redirect_uri: 'http://localhost:3002/oauth/callback'
+                                    ) }
+
+      before do
+        master_sso_session.access_token_id = access_token.id
+        master_sso_session.access_grant_id = access_grant.id
+        master_sso_session.save
+
+        allow(controller).to receive(:doorkeeper_authorize!).and_return(true)
+        allow(controller).to receive(:doorkeeper_token).and_return(access_token)
+
+        post :create, params
+      end
+
+      it { expect(response).to have_http_status(:created) }
+      it { expect(assigns(:user)).to eq user }
+    end
+  end
+
+end

data/spec/fabricators/api_application_fabricator.rb

@@ -0,0 +1,16 @@
+Fabricator(:api_application) do
+  name { Faker::Internet.domain_word }
+  api_key { Faker::Lorem.characters(16) }
+end
+
+# == Schema Information
+# Schema version: 20150320075507
+#
+# Table name: api_applications
+#
+#  id         :integer          not null, primary key
+#  name       :string
+#  api_key    :string
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#

data/spec/fabricators/doorkeeper_access_grant_fabricator.rb

@@ -0,0 +1,4 @@
+Fabricator('Doorkeeper::AccessGrant') do
+  application { Fabricate("Doorkeeper::Application") }
+  expires_in { 2.hours }
+end

data/spec/fabricators/doorkeeper_access_token_fabricator.rb

@@ -0,0 +1,5 @@
+Fabricator('Doorkeeper::AccessToken') do
+  resource_owner_id { Fabricate(:user).id }
+  application { Fabricate("Doorkeeper::Application") }
+  expires_in { 2.hours }
+end

data/spec/fabricators/doorkeeper_application_fabricator.rb

@@ -0,0 +1,5 @@
+Fabricator('Doorkeeper::Application') do
+  name { sequence(:name) { |n| "Application #{n}" } }
+  app_uri {  'https://app.com/callback' }
+  redirect_uri { 'https://app.com/callback' }
+end

data/spec/fabricators/sso_session_fabricator.rb

@@ -0,0 +1,6 @@
+Fabricator('Sso::Session') do
+  application_id { 0 }
+  ip { "127.0.0.1" }
+  agent { "Mozilla Firefox" }
+  owner { Fabricate(:user) }
+end

data/spec/fabricators/user_fabricator.rb

@@ -0,0 +1,35 @@
+Fabricator(:user) do
+  first_name Faker::Name.name
+  email Faker::Internet.email
+  password Faker::Internet.password
+  password_confirmation { |attrs| "#{attrs[:password]}" }
+end
+
+# == Schema Information
+# Schema version: 20150320075507
+#
+# Table name: users
+#
+#  id                     :integer          not null, primary key
+#  email                  :string           default(""), not null
+#  encrypted_password     :string           default(""), not null
+#  reset_password_token   :string
+#  reset_password_sent_at :datetime
+#  remember_created_at    :datetime
+#  sign_in_count          :integer          default("0"), not null
+#  current_sign_in_at     :datetime
+#  last_sign_in_at        :datetime
+#  current_sign_in_ip     :inet
+#  last_sign_in_ip        :inet
+#  created_at             :datetime
+#  updated_at             :datetime
+#  first_name             :string
+#  last_name              :string
+#  lang                   :string           default("EN")
+#  phone                  :string
+#
+# Indexes
+#
+#  index_users_on_email                 (email) UNIQUE
+#  index_users_on_reset_password_token  (reset_password_token) UNIQUE
+#

data/spec/models/sso/session_spec.rb

@@ -0,0 +1,183 @@
+require 'rails_helper'
+
+RSpec.describe Sso::Session, :type => :model do
+  describe "associations" do
+    it { is_expected.to belong_to(:application).class_name('Doorkeeper::Application') }
+    it { is_expected.to belong_to(:access_grant).class_name('Doorkeeper::AccessGrant') }
+    it { is_expected.to belong_to(:access_token).class_name('Doorkeeper::AccessToken') }
+    it { is_expected.to belong_to(:owner).class_name('User') }
+  end
+
+  describe "validations" do
+    pending { is_expected.to validate_presence_of(:group_id) }
+    pending { is_expected.to validate_presence_of(:secret) }
+    pending { is_expected.to validate_uniqueness_of(:access_token_id).scoped_to([:owner_id, :revoked_at, :application_id]) }
+    it { is_expected.to allow_value(nil).for(:access_token_id) }
+  end
+
+  describe "scopes" do
+    let(:session) { Fabricate('Sso::Session', revoked_at: nil, application_id: nil) }
+    it { expect(Sso::Session.active).to eq [session] }
+    it { expect(Sso::Session.master).to eq [session] }
+  end
+
+  describe "::master_for" do
+    let(:user) { Fabricate(:user) }
+    let(:access_token) { Fabricate('Doorkeeper::AccessToken',
+                                   resource_owner_id: user.id) }
+    let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                   application_id: nil,
+                                   resource_owner_id: user.id,
+                                   redirect_uri: 'http://localhost:3002/oauth/callback'
+                                  ) }
+
+    let(:session) { Fabricate('Sso::Session',
+                              revoked_at: nil,
+                              application_id: nil,
+                              access_token_id: access_token.id,
+                              access_grant_id: access_grant.id,
+                              owner: user) }
+
+    it do
+      expect(session.revoked_at).to be_nil
+      expect(session.application_id).to be_nil
+      expect(Sso::Session.master_for(access_grant.id)).to eq session
+    end
+  end
+
+  describe "::generate_master" do
+    let(:user) { Fabricate(:user) }
+    let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
+
+    context "without access token" do
+      it "creates a new session" do
+        session = Sso::Session.generate_master(user, attributes)
+        expect(session).to eq(Sso::Session.first)
+      end
+    end
+
+    context "(failure)" do
+      it "raises exception" do
+        expect { Sso::Session.generate_master(nil) }.to raise_exception
+      end
+    end
+  end
+
+  describe "::generate" do
+    let(:master_sso_session) { Sso::Session.generate_master(user, attributes) }
+    let(:user) { Fabricate(:user) }
+    let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
+    let(:access_token) { Fabricate("Doorkeeper::AccessToken", resource_owner_id: user.id) }
+    let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                   application_id: nil,
+                                   resource_owner_id: user.id,
+                                   redirect_uri: 'http://localhost:3002/oauth/callback'
+                                  ) }
+    let(:session) { Sso::Session.generate(user, access_token, attributes) }
+    before do
+      # Notice: We assume our warden/doorkeeper is ok and a master with access grant/token is generated
+      master_sso_session.access_token_id = access_token.id
+      master_sso_session.access_grant_id = access_grant.id
+      master_sso_session.save
+    end
+
+    describe "creates a new session" do
+      it { expect(session.access_token_id).to eq access_token.id }
+      it { expect(session.application_id).to eq access_token.application.id }
+      it { expect(session.group_id).to eq master_sso_session.group_id }
+    end
+  end
+
+  describe "::logout" do
+    let!(:sso_session) { Fabricate('Sso::Session') }
+    let!(:user) { sso_session.owner }
+
+    it "revokes session" do
+      Sso::Session.logout(sso_session.id)
+      new_session = Sso::Session.find(sso_session.id)
+      expect(new_session.revoked_at).not_to be_blank
+      expect(new_session.revoke_reason).to eq("logout")
+    end
+  end
+
+  describe "::update_master_with_grant" do
+    let(:user) { Fabricate(:user) }
+    let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
+    let(:access_token) { Fabricate("Doorkeeper::AccessToken", resource_owner_id: user.id) }
+    let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                   application_id: nil,
+                                   resource_owner_id: user.id,
+                                   redirect_uri: 'http://localhost:3002/oauth/callback'
+                                  ) }
+    let!(:master_sso_session) { Sso::Session.generate_master(user, attributes) }
+
+    context "successful" do
+      it "updates master_sso_session.access_grant_id" do
+        expect{ Sso::Session.update_master_with_grant(master_sso_session.id, access_grant) }.to change{ master_sso_session.reload.access_grant_id }.from(nil).to(access_grant.id)
+      end
+    end
+  end
+
+  describe "::update_master_with_access_token" do
+    let(:user) { Fabricate(:user) }
+    let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
+    let(:access_token) { Fabricate("Doorkeeper::AccessToken", resource_owner_id: user.id) }
+    let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                   application_id: nil,
+                                   resource_owner_id: user.id,
+                                   redirect_uri: 'http://localhost:3002/oauth/callback'
+                                  ) }
+    let!(:master) { Sso::Session.generate_master(user, attributes) }
+
+    before do
+      # Notice: We assume our warden/doorkeeper is ok and a master with grant is generated
+      master.access_grant_id = access_grant.id
+      master.save
+    end
+
+    context "oauth_token not available" do
+      it "returns false" do
+        expect( Sso::Session.update_master_with_access_token(access_token.token, 123)).to be_falsey
+      end
+    end
+
+    it "updates master.access_token_it" do
+      expect{ Sso::Session.update_master_with_access_token(access_grant.token, access_token.token) }.to change{ master.reload.access_token_id }.from(nil).to(access_token.id)
+    end
+  end
+
+end
+
+# == Schema Information
+# Schema version: 20150330031153
+#
+# Table name: sso_sessions
+#
+#  id              :uuid             not null, primary key
+#  access_grant_id :integer
+#  access_token_id :integer
+#  application_id  :integer
+#  owner_id        :integer          not null
+#  group_id        :string           not null
+#  secret          :string           not null
+#  ip              :inet             not null
+#  agent           :string
+#  location        :string
+#  activity_at     :datetime         not null
+#  revoked_at      :datetime
+#  revoke_reason   :string
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#
+# Indexes
+#
+#  index_sso_sessions_on_access_grant_id  (access_grant_id)
+#  index_sso_sessions_on_access_token_id  (access_token_id)
+#  index_sso_sessions_on_application_id   (application_id)
+#  index_sso_sessions_on_group_id         (group_id)
+#  index_sso_sessions_on_ip               (ip)
+#  index_sso_sessions_on_owner_id         (owner_id)
+#  index_sso_sessions_on_revoke_reason    (revoke_reason)
+#  index_sso_sessions_on_secret           (secret)
+#  one_access_token_per_owner             (owner_id,access_token_id,application_id) UNIQUE
+#

data/spec/rails_helper.rb

@@ -3,13 +3,25 @@ ENV["RAILS_ENV"] ||= 'test'
 
 # SimpleCov for rails
 require 'simplecov'
-SimpleCov.start 'rails' do
-  add_filter "/app/admin/"
-end
+SimpleCov.start 'rails'
+
 require 'spec_helper'
-require File.expand_path("../../config/environment", __FILE__)
+# require File.expand_path("../test_app/config/environment", __FILE__)
+
+# Combustion ordering for requires
+require 'combustion'
+# require 'capybara/rspec'
+
+Combustion.path = 'spec/test_app'
+Combustion.initialize! :all
+
+
 require 'rspec/rails'
+# require 'capybara/rails'
 require 'shoulda/matchers'
+require 'fabrication'
+require 'vcr'
+
 # Add additional requires below this line. Rails is not loaded until this point!
 
 # Requires supporting ruby files with custom matchers and macros, etc, in
@@ -25,7 +37,10 @@ require 'shoulda/matchers'
 # directory. Alternatively, in the individual `*_spec.rb` files, manually
 # require only the support files necessary.
 #
-Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
+Dir[Rails.root.join("../support/**/*.rb")].each { |f| require f }
+
+# Require fabricators manually
+Dir[Rails.root.join("../fabricators/**/*fabricator.rb")].each { |f| require f }
 
 # Checks for pending migrations before tests are run.
 # If you are not using ActiveRecord, you can remove this line.
@@ -33,7 +48,7 @@ ActiveRecord::Migration.maintain_test_schema!
 
 RSpec.configure do |config|
   # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
-  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+  # config.fixture_path = "#{::Rails.root}/spec/fixtures"
 
   # If you're not using ActiveRecord, or you'd prefer not to run each of your
   # examples within a transaction, remove the following line or assign false

data/spec/support/devise.rb

@@ -0,0 +1,28 @@
+module ControllerHelpers
+  def sign_in(user = Fabricate(:user))
+    if user.nil?
+      allow(request.env['warden']).to receive(:authenticate!).
+        and_throw(:warden, {:scope => :user})
+      allow(controller).to receive_messages :current_user => nil
+    else
+      allow(request.env['warden']).to receive_messages :authenticate! => user
+      allow(controller).to receive_messages :current_user => user
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include Devise::TestHelpers, :type => :controller
+  config.include ControllerHelpers, :type => :controller
+
+  # rspec-rails 3 will no longer automatically infer an example group's spec type
+  # from the file location. You can explicitly opt-in to the feature using this
+  # config option.
+  # To explicitly tag specs without using automatic inference, set the `:type`
+  # metadata manually:
+  #
+  #     describe ThingsController, :type => :controller do
+  #       # Equivalent to being in spec/controllers
+  #     end
+  config.infer_spec_type_from_file_location!
+end

data/spec/test_app/Rakefile

@@ -1,6 +1,2 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
-
-require File.expand_path('../config/application', __FILE__)
-
-Rails.application.load_tasks

data/spec/test_app/app/models/user.rb

@@ -0,0 +1,39 @@
+class User < ActiveRecord::Base
+
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+
+  validates :email, :first_name, presence: true
+
+end
+
+# == Schema Information
+# Schema version: 20150320075507
+#
+# Table name: users
+#
+#  id                     :integer          not null, primary key
+#  email                  :string           default(""), not null
+#  encrypted_password     :string           default(""), not null
+#  reset_password_token   :string
+#  reset_password_sent_at :datetime
+#  remember_created_at    :datetime
+#  sign_in_count          :integer          default("0"), not null
+#  current_sign_in_at     :datetime
+#  last_sign_in_at        :datetime
+#  current_sign_in_ip     :inet
+#  last_sign_in_ip        :inet
+#  created_at             :datetime
+#  updated_at             :datetime
+#  first_name             :string
+#  last_name              :string
+#  lang                   :string           default("EN")
+#  phone                  :string
+#
+# Indexes
+#
+#  index_users_on_email                 (email) UNIQUE
+#  index_users_on_reset_password_token  (reset_password_token) UNIQUE
+#

data/spec/test_app/config/database.yml

@@ -1,25 +1,10 @@
-# SQLite version 3.x
-#   gem install sqlite3
-#
-#   Ensure the SQLite 3 gem is defined in your Gemfile
-#   gem 'sqlite3'
-#
 default: &default
-  adapter: sqlite3
+  adapter: postgresql
+  encoding: unicode
+  # For details on connection pooling, see rails configuration guide
+  # http://guides.rubyonrails.org/configuring.html#database-pooling
   pool: 5
-  timeout: 5000
 
-development:
-  <<: *default
-  database: db/development.sqlite3
-
-# Warning: The database defined as "test" will be erased and
-# re-generated from your development database when you run "rake".
-# Do not set this db to the same as development or production.
 test:
   <<: *default
-  database: db/test.sqlite3
-
-production:
-  <<: *default
-  database: db/production.sqlite3
+  database: doorkeeper_sso_test