doorkeeper_sso 0.2.3 → 0.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6863fc0decfa591efff780d1e85788de572d96f3
-  data.tar.gz: 7ec4fa2ba956ce465a9a59515838c2b88f54b166
+  metadata.gz: 00bd0477d279b369c70ea874e7beffdad2cefff4
+  data.tar.gz: 5289840040a7eb1845aee6b451c89c62d630d2e0
 SHA512:
-  metadata.gz: 62ce7097053714cb93fa9a1f37973cbc7479ef8371c5bfcced96fc4cf5125b116d77a745a9da89ac48f564b78f38567726c119debdf21b0a1530bb19350dfd88
-  data.tar.gz: 0b1412aa82a683da489ab03ecd40f6e823d2fa8d27991754ada1eff1df9f8c5ee9c649f561fad6a319449fe7c4bce55cbc6bf19e22f3122f65c8662d13c28472
+  metadata.gz: 7667f3e47917c7aa922a2da26e694afad7d5354664b6c24087afc6178676fdf0af4356f58cea24fac5459d650632724d6523252385f76a21a3dbd23ecbb3eccc
+  data.tar.gz: 73462490fe311329f0ef6fdb04600ec377c4517697692a16fe8f69196c6cdb5d038648f5bd3be760051fa538aeb980e532ad0acf12ac5e25db7cca900761ed28

data/app/controllers/sso/application_controller.rb

@@ -1,6 +1,21 @@
 module Sso
-  class ApplicationController < ::ApplicationController
   # class ApplicationController < RocketPants::Base
   #   extend Apipie::DSL::Controller
+  class ApplicationController < ::ApplicationController
+    # include ::Doorkeeper::Helpers::Controller
+
+    # TODO: Security issue?
+    protect_from_forgery
+    # Bug in devise so we skip protect_from_forgery for only create
+    # http://stackoverflow.com/questions/20875591/actioncontrollerinvalidauthenticitytoken-in-registrationscontrollercreate
+    # http://stackoverflow.com/questions/23773730/rails-4-skipping-protect-from-forgery-for-api-actions
+    # skip_before_action :verify_authenticity_token, if: :json_request?
+
+ protected
+
+    def json_request?
+      request.format.json?
+    end
+
   end
 end

data/app/controllers/sso/sessions_controller.rb

@@ -1,12 +1,9 @@
 module Sso
   class SessionsController < Sso::ApplicationController
+    include ::Sso::Logging
 
-    before_action :authenticate_user!, only: :jsonp
+    before_action :authenticate_user!, only: [:jsonp]
     before_action :doorkeeper_authorize!, only: [:show, :create]
-
-    # TODO: Security issue?
-    protect_from_forgery with: :null_session
-
     respond_to :json
 
     ################################################################################
@@ -26,12 +23,11 @@ module Sso
     # Passport Strategy first exchange
     # Insider : Client information from Apps should always be trusted
     def create
-      # passport.load_user!
-      # passport.create_chip!
-      current_client = ::Sso::Client.find_by_access_token(doorkeeper_token.id)
-      current_client.update!(client_params)
-
       @session = current_client.session
+      debug { "SessionsController#create - #{@session.inspect}"}
+      raise "ResourceOwner from token != session.owner" if doorkeeper_token.resource_owner_id != @session.owner.id
+
+      current_client.update_attributes!(client_params)
       render json: @session, status: :created, serializer: Sso::SessionSerializer
     end
 
@@ -50,6 +46,9 @@ module Sso
     ################################################################################
     def mobile
       # TODO : Check inconsistent
+
+      # passport.load_user!
+      # passport.create_chip!
       render :nothing => true
       # respond_with @session, :location => sso.sessions_url
     end
@@ -59,7 +58,15 @@ module Sso
   protected
 
     def current_client
-      @client = doorkeeper_token.sso_client
+      @current_client ||= doorkeeper_token.sso_client
+    end
+
+    def current_resource_owner
+      @current_resource_owner ||= User.find(doorkeeper_token.resource_owner_id)
+    end
+
+    def current_session
+      @current_session = current_client.session
     end
 
     def client_params

data/app/models/sso/client.rb

@@ -12,16 +12,16 @@ module Sso
 
     class << self
       def find_by_grant_token(token)
-        find_by!(access_grant: ::Doorkeeper::AccessGrant.by_token(token))
+        find_by(access_grant: ::Doorkeeper::AccessGrant.by_token(token))
       end
 
       def find_by_access_token(token)
-        find_by!(access_token: ::Doorkeeper::AccessToken.by_token(token))
+        find_by(access_token: ::Doorkeeper::AccessToken.by_token(token))
       end
     end
 
     def update_access_token(token)
-      oauth_token = ::Doorkeeper::AccessToken.by_token(token)
+      return false unless oauth_token = ::Doorkeeper::AccessToken.by_token(token)
       update(access_token_id: oauth_token.id, application_id: oauth_token.application.id)
     end
   end

data/app/models/sso/session.rb

@@ -46,32 +46,12 @@ module Sso
         sso_session
       end
 
-      def generate(user, access_token, options = {})
-        master_sso_session = active.find_by!(owner_id: user.id)
-
-        attributes = ActionController::Parameters.new(options).permit(:ip, :agent, :location)
-        relations = { application: access_token.application, access_token: access_token }
-
-        debug { "Sso::Session::generate for #{user.inspect} - #{access_token.inspect} - #{attributes.inspect}" }
-
-        if client = master_sso_session_id.clients.find_by(access_token_id: access_token.id)
-          client.update_columns(attributes)
-        else
-          master_sso_session.clients.create!(relations.merge(attributes))
-        end
-        master_sso_session
-      end
-
       def logout(sso_session_id)
         return false unless session = find_by_id(sso_session_id)
         session.logout
       end
     end
 
-    def create_session(token, options = {})
-      create(access_token_id)
-    end
-
     def active?
       revoked_at.blank?
     end

data/lib/sso/doorkeeper/authorizations_controller_mixin.rb

@@ -15,20 +15,21 @@ module Sso
         code_response = authorization.instance_variable_get("@response")
         oauth_grant = code_response.try(:auth).try(:token)
 
-        warden_session = session["warden.user.user.session"]
-        sso_session = Sso::Session.find(warden_session["sso_session_id"].to_s)
+        warden_session = session["warden.user.user.session"] || {}
+        sso_session = Sso::Session.find_by_id(warden_session["sso_session_id"].to_s)
 
-        if !sso_session.try(:active?)
-          error { "ERROR : AuthorizationsControllerMixin  - Sso::Session INACTIVE) #{sso_session.inspect}"}
-          warden.logout(:user) and return
+        unless sso_session.try(:active?)
+          error { "ERROR : AuthorizationsControllerMixin  - Sso::Session INACTIVE) #{sso_session.inspect}" }
+          return false
         end
 
         if oauth_grant
           debug { "Sso::Session.update_master_with_grant - #{sso_session.id.inspect}, #{oauth_grant.inspect}" }
           sso_session.clients.find_or_create_by!(access_grant_id: oauth_grant.id)
         else
-          error { "ERROR : AuthorizationsControllerMixin - Unable to get grant id from #{oauth_grant.inspect}"}
-          warden.logout(:user) and return
+          error { "ERROR : AuthorizationsControllerMixin - Unable to get grant id from #{oauth_grant.inspect}" }
+          sso_session.logout
+          return false
         end
       end
     end

data/lib/sso/doorkeeper/tokens_controller_mixin.rb

@@ -10,7 +10,7 @@ module Sso
         after_action :after_token_create, only: :create
       end
 
-      protected
+    protected
 
       def after_token_create
         debug { "TokensController#Create : after_action" }
@@ -23,17 +23,21 @@ module Sso
         debug { %(Detected outgoing "Access Token" #{outgoing_access_token.inspect}) }
 
         unless client = ::Sso::Client.find_by_grant_token(grant_token)
-          error { "::Sso::Client not found for grant token #{grant_token}" }
+          return error_and_return "::Sso::Client not found for grant token #{grant_token}"
         end
 
         if client.update_access_token(outgoing_access_token)
           debug { "::Sso::Client.update_access_token success for access_token: #{outgoing_access_token}" }
         else
-          error { "::Sso::Session.update_access_token failed. #{client.errors.inspect}" }
-          warden.logout
+          return error_and_return "::Sso::Session.update_access_token failed. #{client.errors.inspect}"
         end
       end
 
+      def error_and_return(msg)
+        error { msg }
+        return false
+      end
+
       def grant_token
         params["code"]
       end

data/lib/sso/version.rb

@@ -1,3 +1,3 @@
 module Sso
-  VERSION = "0.2.3"
+  VERSION = "0.2.5"
 end

data/lib/sso/warden/hooks/after_authentication.rb

@@ -2,25 +2,12 @@ module Sso
   module Warden
     module Hooks
       class AfterAuthentication
-        include ::Sso::Logging
-
-        attr_reader :user, :warden, :options
-        delegate :request, to: :warden
-        delegate :params, to: :request
-
-        def self.to_proc
-          proc do |user, warden, options|
-            new(user, warden, options).call
-          end
-        end
-
-        def initialize(user, warden, options)
-          @user, @warden, @options = user, warden, options
-        end
+        include ::Sso::Warden::Support
 
         def call
           debug { "Starting hook because this is considered the first login of the current session..." }
           generate_session
+          return nil
         end
 
         def generate_session
@@ -31,18 +18,6 @@ module Sso
           debug { "Sso:Session with ID #{sso_session.id} generated successfuly. Persisting it in session..." }
           session["sso_session_id"] = sso_session.id.to_s
         end
-
-        def scope
-          scope = options[:scope]
-        end
-
-        def session
-          warden.session(scope)
-        end
-
-        def logged_in?
-          warden.authenticated?(scope) && session && user
-        end
       end
     end
   end

data/lib/sso/warden/hooks/before_logout.rb

@@ -2,21 +2,7 @@ module Sso
   module Warden
     module Hooks
       class BeforeLogout
-        include ::Sso::Logging
-
-        attr_reader :user, :warden, :options
-        delegate :request, to: :warden
-        delegate :params, to: :request
-
-        def self.to_proc
-          proc do |user, warden, options|
-            new(user, warden, options).call
-          end
-        end
-
-        def initialize(user, warden, options)
-          @user, @warden, @options = user, warden, options
-        end
+        include ::Sso::Warden::Support
 
         def call
           # Only run if user is logged in
@@ -25,18 +11,7 @@ module Sso
             debug { "user is #{user.inspect}" }
             ::Sso::Session.logout(session["sso_session_id"])
           end
-        end
-
-        def scope
-          scope = options[:scope]
-        end
-
-        def session
-          warden.session(scope)
-        end
-
-        def logged_in?
-          warden.authenticated?(scope) && session && user
+          return nil
         end
       end
     end

data/lib/sso/warden/hooks/session_check.rb

@@ -2,43 +2,16 @@ module Sso
   module Warden
     module Hooks
       class SessionCheck
-        include ::Sso::Logging
-
-        attr_reader :user, :warden, :options
-        delegate :request, to: :warden
-        delegate :params, to: :request
-
-        def self.to_proc
-          proc do |user, warden, options|
-            new(user, warden, options).call
-          end
-        end
-
-        def initialize(user, warden, options)
-          @user, @warden, @options = user, warden, options
-        end
+        include ::Sso::Warden::Support
 
         def call
           debug { "Starting hook after user is fetched into the session" }
 
-          # Infinite loop with BeforeLogout - before logout runs this too
           unless logged_in? && Sso::Session.find_by_id(session["sso_session_id"]).try(:active?)
             warden.logout(scope)
             throw(:warden, :scope => scope, :reason => "Sso::Session INACTIVE")
           end
         end
-
-        def scope
-          scope = options[:scope]
-        end
-
-        def session
-          warden.session(scope)
-        end
-
-        def logged_in?
-          warden.authenticated?(scope) && session && user
-        end
       end
     end
   end

data/lib/sso/warden/support.rb

@@ -0,0 +1,38 @@
+module Sso
+  module Warden
+    module Support
+      extend ActiveSupport::Concern
+      include ::Sso::Logging
+
+      included do
+        attr_reader :user, :warden, :options
+        delegate :request, to: :warden
+        delegate :params, to: :request
+      end
+
+      module ClassMethods
+        def to_proc
+          proc do |user, warden, options|
+            new(user, warden, options).call
+          end
+        end
+      end
+
+      def initialize(user, warden, options)
+        @user, @warden, @options = user, warden, options
+      end
+
+      def scope
+        scope = options[:scope]
+      end
+
+      def session
+        warden.session(scope)
+      end
+
+      def logged_in?
+        warden.authenticated?(scope) && session && user
+      end
+    end
+  end
+end

data/lib/sso.rb

@@ -1,5 +1,6 @@
 require "sso/engine"
 require "sso/logging"
+require "sso/warden/support"
 require "sso/warden/hooks/after_authentication"
 require "sso/warden/hooks/before_logout"
 require "sso/warden/hooks/session_check"

data/spec/lib/doorkeeper/authorizations_controller_mixin_spec.rb

@@ -0,0 +1,65 @@
+require 'rails_helper'
+
+# Engine.rb automatically includes the mixin
+
+RSpec.describe Doorkeeper::AuthorizationsController do
+
+  let(:user) { Fabricate(:user) }
+  let(:application) { Fabricate('Doorkeeper::Application') }
+  # let(:access_token) { Fabricate('Doorkeeper::AccessToken',
+  #                                resource_owner_id: user.id) }
+  let!(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                 application_id: application.id,
+                                 resource_owner_id: user.id,
+                                 redirect_uri: 'http://localhost:3002/oauth/callback'
+                                ) }
+
+  # Set up Session
+  let(:session) {  Fabricate('Sso::Session', owner: user) }
+  let!(:client) {  Fabricate('Sso::Client', session: session,
+                                application_id: application.id) }
+
+  let(:auth) { double :auth, token: access_grant }
+  let(:code_response)  { double :code_response, auth: auth }
+  let(:authorization)  { double :authorization, instance_variable_get: code_response }
+  let(:warden_session) { { "warden.user.user.session" => { "sso_session_id" => session.id } } }
+  subject(:controller) { described_class.new }
+
+
+  before do
+    allow_any_instance_of(described_class).to receive(:authorization).and_return(authorization)
+    allow_any_instance_of(described_class).to receive(:session).and_return(warden_session)
+  end
+
+  describe "#after_grant_create" do
+    context "working" do
+      it "creates client with grant_id" do
+        controller.send(:after_grant_create)
+        expect(access_grant.sso_client).to be_a ::Sso::Client
+      end
+    end
+
+    context "no grant" do
+      let(:access_grant) { nil }
+
+      it "logs error" do
+        expect(controller).to receive(:error)
+        controller.send(:after_grant_create)
+      end
+
+      it "logout session" do
+        expect_any_instance_of(::Sso::Session).to receive(:logout).and_call_original
+        controller.send(:after_grant_create)
+      end
+    end
+
+    context "no session" do
+      let(:warden_session) { {} }
+
+      it "logs error" do
+        expect(controller).to receive(:error)
+        controller.send(:after_grant_create)
+      end
+    end
+  end
+end

data/spec/lib/doorkeeper/tokens_controller_mixin_spec.rb

@@ -0,0 +1,72 @@
+require 'rails_helper'
+
+# Engine.rb automatically includes the mixin
+
+RSpec.describe Doorkeeper::TokensController, :type => :controller do
+
+  let(:user) { Fabricate(:user) }
+  let(:application) { Fabricate('Doorkeeper::Application') }
+  let(:access_token) { Fabricate('Doorkeeper::AccessToken',
+                                 resource_owner_id: user.id) }
+  let!(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                 application_id: application.id,
+                                 resource_owner_id: user.id,
+                                 redirect_uri: 'http://localhost:3002/oauth/callback'
+                                ) }
+
+  # Set up Session
+  let(:session) {  Fabricate('Sso::Session', owner: user) }
+  let!(:client) {  Fabricate('Sso::Client', session: session,
+                                application_id: application.id,
+                                access_grant_id: access_grant.id) }
+
+  let(:auth) { double :auth, token: access_grant }
+  let(:code_response)  { double :code_response, auth: auth }
+  let(:authorization)  { double :authorization, instance_variable_get: code_response }
+  let(:warden_session) { { "warden.user.user.session" => { "sso_session_id" => session.id } } }
+  subject(:controller) { described_class.new }
+
+
+  describe "#handle_authorization_grant_flow" do
+    before do
+      allow(controller).to receive(:grant_token).and_return(access_grant.try(:token))
+      allow(controller).to receive(:grant_type).and_return("authorization_code")
+      allow(controller).to receive(:outgoing_access_token).and_return(access_token.try(:token))
+    end
+
+    context "working flow" do
+      it "saves access_token" do
+        controller.send(:handle_authorization_grant_flow)
+        client.reload
+        expect(client.access_grant).to eq access_grant
+      end
+    end
+
+    context "grant missing" do
+      let!(:access_grant) { nil }
+      let!(:client) { nil }
+
+      it "logs error and halt" do
+        expect(controller).to receive(:error)
+        expect(controller.send(:handle_authorization_grant_flow)).to be_falsy
+      end
+    end
+
+    context "access_grant token missing" do
+      let(:access_token) { nil }
+
+      it "logs error and halt" do
+        expect(controller).to receive(:error)
+        expect(controller.send(:handle_authorization_grant_flow)).to be_falsy
+      end
+    end
+  end
+
+
+  describe "#error_and_return" do
+    after()  { controller.send(:error_and_return, "AN ERROR") }
+
+    it { expect(controller).to receive(:error) }
+  end
+
+end

data/spec/lib/sso/warden/hooks/after_authentication_spec.rb

@@ -1,36 +1,66 @@
 require 'rails_helper'
 
-# These tests are moot
 RSpec.describe Sso::Warden::Hooks::AfterAuthentication do
-  #include Warden::Test::Helpers
 
-  # let(:user) { Fabricate(:user) }
-  # let(:warden_mock) { double }
-  # let(:attributes) { { :ip => "202.188.0.133", :agent => "Chrome", format: :json } }
-
-  # let(:after_authentication) { Sso::Warden::Hooks::AfterAuthentication.new(user, warden_mock, {:scope => :user}) }
-
-  # let(:master_sso_session) { Sso::Session.generate_master(user, attributes) }
-  # let(:access_token) { Fabricate("Doorkeeper::AccessToken",
+  # Set up user
+  let(:user) { Fabricate(:user) }
+  # let(:application) { Fabricate('Doorkeeper::Application') }
+  # let(:access_token) { Fabricate('Doorkeeper::AccessToken',
   #                                resource_owner_id: user.id) }
-  # let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+  # let!(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+  #                                application_id: application.id,
   #                                resource_owner_id: user.id,
   #                                redirect_uri: 'http://localhost:3002/oauth/callback'
   #                               ) }
 
-  # before do
-  #   master_sso_session.access_token_id = access_token.id
-  #   master_sso_session.access_grant_id = access_grant.id
-  #   master_sso_session.save
-  # end
-
-  # describe 'attributes' do
-  #   it do
-  #     expect(after_authentication.user).to eq user
-  #     expect(after_authentication.warden).to eq warden_mock
-  #     expect(after_authentication.options).to eq({})
-  #   end
-  # end
-
-  # pending "#call"
+  # # Set up Session
+  # let(:session) {  Fabricate('Sso::Session', owner: user) }
+  # let!(:client) {  Fabricate('Sso::Client', session: session,
+  #                               application_id: application.id,
+  #                               access_token_id: access_token.id,
+  #                               access_grant_id: access_grant.id) }
+
+  # Set up rack
+  let(:proc)           { described_class.to_proc }
+  let(:session_params) { { } }
+  let(:request)        { double :request, ip: "10.10.10.133", user_agent: "I AM YOUR BROWSER", session: session_params }
+  let(:warden)         { double :warden, request: request, authenticated?: true }
+  let(:options)        { { scope: :user } }
+  subject(:rack)       { described_class.new(user, warden, options) }
+
+
+  before do
+    Timecop.freeze
+    allow_any_instance_of(described_class).to receive(:session).and_return(session_params)
+  end
+
+  describe '::to_proc' do
+    it 'is a proc' do
+      expect(proc).to be_instance_of Proc
+    end
+  end
+
+  describe "#call" do
+    it 'accepts the three warden arguments and returns nothing' do
+      expect(rack.call).to be_nil
+    end
+
+    it "run #generate_session" do
+      expect(rack).to receive(:generate_session)
+      rack.call
+    end
+  end
+
+  describe '#generate_session' do
+    it "generates master session" do
+      expect(::Sso::Session).to receive(:generate_master).with( user, { ip: "10.10.10.133", agent: "I AM YOUR BROWSER" } ).and_call_original
+      rack.call
+    end
+
+    it 'sets the session' do
+      expect(rack.session["sso_session_id"]).to be_nil
+      rack.call
+      expect(rack.session["sso_session_id"]).to_not be_nil
+    end
+  end
 end

data/spec/lib/sso/warden/hooks/before_logout_spec.rb

@@ -1,31 +1,56 @@
 require 'rails_helper'
 
-# These tests are moot
 RSpec.describe Sso::Warden::Hooks::BeforeLogout do
 
-  # let(:proc)     { described_class.to_proc }
-  # let(:calling)  { proc.call(user, warden, options) }
-  # let(:user)     { double :user }
-  # let(:params)   { { passport_id: 1337 } } #passport.id } }
-  # let(:options)  { double :options, scope: :user }
-  # let(:request)  { double :request, params: params.stringify_keys }
-  # let(:warden)   { double :warden, request: request, :session => user }
-
-  # before do
-  #   allow(warden).to receive(:authenticated?)
-  #   Timecop.freeze
-  # end
-
-  # describe '.to_proc' do
-  #   it 'is a proc' do
-  #     expect(proc).to be_instance_of Proc
-  #   end
-  # end
-
-  # describe '#call' do
-  #   it 'accepts the three warden arguments and returns nothing' do
-  #     expect(calling).to be_nil
-  #   end
-  # end
+  let(:proc)            { described_class.to_proc }
+  let(:calling)         { proc.call(user, warden, options) }
+  let(:session_params)  { { "sso_session_id" => session.id } }
+  let!(:session)        { Fabricate('Sso::Session') }
+
+  let(:user)        { double :user }
+  let(:warden)      { double :warden, request: {}, session: session_params, authenticated?: true }
+  let(:options)     { { 'scope' => :user } }
+  subject(:rack)    { described_class.new(user, warden, options) }
+
+  before do
+    Timecop.freeze
+  end
+
+  describe '.to_proc' do
+    it 'is a proc' do
+      expect(proc).to be_instance_of Proc
+    end
+  end
+
+  describe '#call' do
+    it 'accepts the three warden arguments and returns nothing' do
+      expect(calling).to be_nil
+    end
+
+    context "when logged_in" do
+      before() { allow(rack).to receive(:logged_in?).and_return(true) }
+
+      it "run #logout" do
+        expect(::Sso::Session).to receive(:logout).with(session.id)
+        calling
+      end
+
+      it 'revokes the passport' do
+        rack.call
+        session.reload
+        expect(session.revoked_at.to_i).to eq Time.now.to_i
+        expect(session.revoke_reason).to eq 'logout'
+      end
+    end
+
+    context "when logged_out" do
+      before() { allow(rack).to receive(:logged_in?).and_return(false) }
+
+      it 'no error occurs' do
+        expect(rack.call).to be_nil
+      end
+    end
+  end
+
 
 end

data/spec/models/sso/client_spec.rb

@@ -1,6 +1,20 @@
 require 'rails_helper'
 
 RSpec.describe Sso::Client, :type => :model do
+  let(:user) { Fabricate(:user) }
+  let(:application) { Fabricate('Doorkeeper::Application') }
+  let(:access_token) { Fabricate('Doorkeeper::AccessToken',
+                                 resource_owner_id: user.id) }
+  let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                 application_id: application.id,
+                                 resource_owner_id: user.id,
+                                 redirect_uri: 'http://localhost:3002/oauth/callback'
+                                ) }
+
+  # Set up Session
+  let(:session) {  Fabricate('Sso::Session', owner: user) }
+
+
   describe "associations" do
     it { is_expected.to belong_to(:session).class_name('Sso::Session').with_foreign_key(:sso_session_id) }
     it { is_expected.to belong_to(:application).class_name('Doorkeeper::Application') }
@@ -12,4 +26,35 @@ RSpec.describe Sso::Client, :type => :model do
     it { is_expected.to validate_uniqueness_of(:access_grant_id).allow_nil }
     it { is_expected.to validate_uniqueness_of(:access_token_id).allow_nil }
   end
+
+  describe "::find_by_grant_token" do
+    subject!(:client) {  Fabricate('Sso::Client', session: session,
+                                application_id: application.id,
+                                access_grant_id: access_grant.id,
+                                access_token_id: access_token.id) }
+
+    it { expect(::Sso::Client.find_by_grant_token(access_grant.token)).to eq client}
+  end
+
+  describe "::find_by_access_token" do
+    subject!(:client) {  Fabricate('Sso::Client', session: session,
+                                application_id: application.id,
+                                access_grant_id: access_grant.id,
+                                access_token_id: access_token.id) }
+
+    it { expect(::Sso::Client.find_by_access_token(access_token.token)).to eq client }
+  end
+
+
+  describe "#update_access_token" do
+    subject!(:client) {  Fabricate('Sso::Client', session: session,
+                                application_id: application.id,
+                                access_grant_id: access_grant.id) }
+
+    it "updates client with access token" do
+      expect(client.update_access_token(access_token.token)).to be_truthy
+      expect(client.access_token).to eq access_token
+    end
+  end
+
 end

data/spec/models/sso/session_spec.rb

@@ -97,34 +97,6 @@ RSpec.describe Sso::Session, :type => :model do
     end
   end
 
-  # describe "::generate" do
-  #   let(:master_sso_session) { Fabricate('Sso::Session') }
-  #   let(:user) { Fabricate(:user) }
-  #   let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
-  #   let(:access_token) { Fabricate("Doorkeeper::AccessToken", resource_owner_id: user.id) }
-  #   let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
-  #                                  application_id: nil,
-  #                                  resource_owner_id: user.id,
-  #                                  redirect_uri: 'http://localhost:3002/oauth/callback'
-  #                                 ) }
-
-  #   let(:session) { Sso::Session.generate(user, access_token, attributes) }
-
-  #   before do
-  #     master_sso_session.clients.create(access_token: access_token, access_grant: access_grant )
-  #     # Notice: We assume our warden/doorkeeper is ok and a master with access grant/token is generated
-  #     master_sso_session.access_token_id = access_token.id
-  #     master_sso_session.access_grant_id = access_grant.id
-  #     master_sso_session.save
-  #   end
-
-  #   describe "creates a new session" do
-  #     it { expect(session.access_token_id).to eq access_token.id }
-  #     it { expect(session.application_id).to eq access_token.application.id }
-  #     it { expect(session.group_id).to eq master_sso_session.group_id }
-  #   end
-  # end
-
   describe "::logout" do
     let!(:sso_session) { Fabricate('Sso::Session') }
     let!(:user) { sso_session.owner }
@@ -149,52 +121,6 @@ RSpec.describe Sso::Session, :type => :model do
     end
   end
 
-  # describe "::update_master_with_grant" do
-  #   let(:user) { Fabricate(:user) }
-  #   let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
-  #   let(:access_token) { Fabricate("Doorkeeper::AccessToken", resource_owner_id: user.id) }
-  #   let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
-  #                                  application_id: nil,
-  #                                  resource_owner_id: user.id,
-  #                                  redirect_uri: 'http://localhost:3002/oauth/callback'
-  #                                 ) }
-  #   let!(:master_sso_session) { Sso::Session.generate_master(user, attributes) }
-
-  #   context "successful" do
-  #     it "updates master_sso_session.access_grant_id" do
-  #       expect{ Sso::Session.update_master_with_grant(master_sso_session.id, access_grant) }.to change{ master_sso_session.reload.access_grant_id }.from(nil).to(access_grant.id)
-  #     end
-  #   end
-  # end
-
-  # describe "::update_master_with_access_token" do
-  #   let(:user) { Fabricate(:user) }
-  #   let(:attributes) { { ip: "10.1.1.1", agent: "Safari" } }
-  #   let(:access_token) { Fabricate("Doorkeeper::AccessToken", resource_owner_id: user.id) }
-  #   let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
-  #                                  application_id: nil,
-  #                                  resource_owner_id: user.id,
-  #                                  redirect_uri: 'http://localhost:3002/oauth/callback'
-  #                                 ) }
-  #   let!(:master) { Sso::Session.generate_master(user, attributes) }
-
-  #   before do
-  #     # Notice: We assume our warden/doorkeeper is ok and a master with grant is generated
-  #     master.access_grant_id = access_grant.id
-  #     master.save
-  #   end
-
-  #   context "oauth_token not available" do
-  #     it "returns false" do
-  #       expect( Sso::Session.update_master_with_access_token(access_token.token, 123)).to be_falsey
-  #     end
-  #   end
-
-  #   it "updates master.access_token_it" do
-  #     expect{ Sso::Session.update_master_with_access_token(access_grant.token, access_token.token) }.to change{ master.reload.access_token_id }.from(nil).to(access_token.id)
-  #   end
-  # end
-
 end
 
 # == Schema Information

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper_sso
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.2.5
 platform: ruby
 authors:
 - John Wong
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-17 00:00:00.000000000 Z
+date: 2015-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden
@@ -347,6 +347,7 @@ files:
 - lib/sso/warden/hooks/after_authentication.rb
 - lib/sso/warden/hooks/before_logout.rb
 - lib/sso/warden/hooks/session_check.rb
+- lib/sso/warden/support.rb
 - lib/tasks/sso_tasks.rake
 - spec/api/schemas/session.json
 - spec/controllers/sso/sessions_controller_spec.rb
@@ -360,6 +361,8 @@ files:
 - spec/lib/doorkeeper/access_grant_mixin_spec.rb
 - spec/lib/doorkeeper/access_token_mixin_spec.rb
 - spec/lib/doorkeeper/application_mixin_spec.rb
+- spec/lib/doorkeeper/authorizations_controller_mixin_spec.rb
+- spec/lib/doorkeeper/tokens_controller_mixin_spec.rb
 - spec/lib/sso/warden/hooks/after_authentication_spec.rb
 - spec/lib/sso/warden/hooks/before_logout_spec.rb
 - spec/models/sso/client_spec.rb
@@ -418,6 +421,8 @@ test_files:
 - spec/lib/doorkeeper/access_grant_mixin_spec.rb
 - spec/lib/doorkeeper/access_token_mixin_spec.rb
 - spec/lib/doorkeeper/application_mixin_spec.rb
+- spec/lib/doorkeeper/authorizations_controller_mixin_spec.rb
+- spec/lib/doorkeeper/tokens_controller_mixin_spec.rb
 - spec/lib/sso/warden/hooks/after_authentication_spec.rb
 - spec/lib/sso/warden/hooks/before_logout_spec.rb
 - spec/models/sso/client_spec.rb