RubyGems - doorkeeper_sso - Versions diffs - 0.4.1 → 0.4.3 - Mend

doorkeeper_sso 0.4.1 → 0.4.3

Files changed (24) hide show

checksums.yaml +4 -4
data/app/models/sso/pingback.rb +1 -12
data/lib/sso.rb +4 -3
data/lib/sso/doorkeeper/application_controller_mixin.rb +43 -0
data/lib/sso/doorkeeper/authorization.rb +10 -0
data/lib/sso/doorkeeper/authorization/code_mixin.rb +0 -4
data/lib/sso/doorkeeper/authorization/token_mixin.rb +1 -4
data/lib/sso/doorkeeper/oauth.rb +10 -0
data/lib/sso/doorkeeper/oauth/authorization_code_request_mixin.rb +13 -0
data/lib/sso/doorkeeper/oauth/base.rb +22 -0
data/lib/sso/engine.rb +24 -7
data/lib/sso/engine.rb.orig +71 -0
data/lib/sso/version.rb +1 -1
data/lib/sso/warden/hooks/before_logout.rb +1 -0
data/lib/sso/warden/hooks/create_master_session.rb +8 -5
data/spec/lib/sso/warden/hooks/before_logout_spec.rb +6 -1
data/spec/lib/sso/warden/hooks/create_master_session_spec.rb +7 -15
data/spec/request/oauth/authorization_code_spec.rb +122 -0
metadata +10 -9
data/lib/doorkeeper/oauth/request_concern.rb +0 -12
data/lib/sso/doorkeeper/authorizations_controller_mixin.rb +0 -48
data/lib/sso/doorkeeper/tokens_controller_mixin.rb +0 -55
data/spec/lib/doorkeeper/authorizations_controller_mixin_spec.rb +0 -65
data/spec/lib/doorkeeper/tokens_controller_mixin_spec.rb +0 -72

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 83cabb56cf16ffc50f1c907b6eca037aaa2ef747
-  data.tar.gz: 15314eedab0b7141de0abdf4d3fd096c6d141638
+  metadata.gz: 0ca0ce3b31e9f84891cca3a72dddd92d8b401bf2
+  data.tar.gz: 926a26fbbec7d49bb05a2b71fd4db19f85a6f5fe
 SHA512:
-  metadata.gz: 41a0d41cee7396b3db3f9155871e23d6b65354c1fe45859374b4bb9ab22217da4b972538e6b537a7fca40d03a2072377b1c7e08314b98d3d8d9d5e9ac6bab3e1
-  data.tar.gz: d6ae977b71310c72e773dfbabbd8ecb19979a37eb48647031d653e5ac2407cf450e41e2a2745acae21fcc9a5657ab3e14d3cdb178cf4793505b3ed8457152d9c
+  metadata.gz: 5b96c999fe8b444644bc6b1c5faa131d7f0950a4e391da11ab6a71a0255ec58538dd4636887965fb4542a20f3b550718117bda9d9c8a9a27dcacc66a8e43b645
+  data.tar.gz: 32e6a6a7460f9c5b2e37901f637ad5db92afe1ff4c29e573ee1efe0a620c7ddf204b603b4c5aec7fe22375b7274c03180e29cb702c51b30b23f84be46c976d44

data/app/models/sso/pingback.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 module Sso
   class Pingback
     include ::Sso::Logging
+    include ::Sso::Warden::Support
     attr_reader :user, :warden, :options
     delegate :request, to: :warden
@@ -32,17 +33,5 @@ module Sso
         end
       end
     end
-    def scope
-      scope = options[:scope]
-    end
-    def session
-      warden.session(scope)
-    end
-    def logged_in?
-      warden.authenticated?(scope) && session && user
-    end
   end
 end

data/lib/sso.rb CHANGED Viewed

@@ -1,4 +1,3 @@
-require "doorkeeper/oauth/request_concern"
 require "sso/engine"
 require "sso/logging"
 require "sso/warden/support"
@@ -8,8 +7,9 @@ require "sso/warden/hooks/session_check"
 require "sso/doorkeeper/access_grant_mixin"
 require "sso/doorkeeper/access_token_mixin"
 require "sso/doorkeeper/application_mixin"
-require "sso/doorkeeper/authorizations_controller_mixin"
-require "sso/doorkeeper/tokens_controller_mixin"
+require "sso/doorkeeper/application_controller_mixin"
+require "sso/doorkeeper/authorization"
+require "sso/doorkeeper/oauth"
 module Sso
@@ -17,3 +17,4 @@ module Sso
     'sso_'
   end
 end

data/lib/sso/doorkeeper/application_controller_mixin.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module Sso
+  module Doorkeeper
+    module ApplicationControllerMixin
+      extend ActiveSupport::Concern
+      include ::Sso::Logging
+      included do
+        around_filter :subscribe_to_grant_creation
+      end
+      def subscribe_to_grant_creation
+        Wisper.subscribe(self) do
+          yield
+        end
+      end
+      def warden_user_session
+        warden.session(:user)
+      end
+      def access_grant_created(token_id)
+        debug { "Wisper#access_grant_created grant - #{token_id}" }
+        oauth_grant = ::Doorkeeper::AccessGrant.find(token_id)
+        generate_sso_session if warden_user_session["sso_session_id"].blank?
+        sso_session = Sso::Session.find(warden_user_session["sso_session_id"])
+        debug { "Sso::Session.update_master_with_grant - #{sso_session.id.inspect}, #{oauth_grant.inspect}" }
+        sso_session.clients.find_or_create_by!(access_grant_id: oauth_grant.id, application_id: oauth_grant.application_id)
+      rescue => e
+        sso_session.try(:logout)
+        raise
+      end
+      def generate_sso_session
+        debug { "Sso:Session doesn't exist for user #{user.id.inspect}. Generate new one" }
+        attributes = {  ip: request.ip, agent: request.user_agent }
+        sso_session = Sso::Session.generate_master(user, attributes)
+        warden_user_session["sso_session_id"] = sso_session.id.to_s
+      end
+    end
+  end
+end

data/lib/sso/doorkeeper/authorization.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# This file includes all mixins for authorizations
+require "sso/doorkeeper/authorization/code_mixin"
+require "sso/doorkeeper/authorization/token_mixin"
+module Sso
+  module Doorkeeper
+    module Authorization
+    end
+  end
+end

data/lib/sso/doorkeeper/authorization/code_mixin.rb CHANGED Viewed

@@ -5,15 +5,11 @@ module Sso
   module Doorkeeper
     module Authorization
       module CodeMixin
-        extend ActiveSupport::Concern
-        include ::Sso::Logging
         def issue_token
           super
           broadcast(:access_grant_created, token.id) if @token.try(:id)
           @token
         end
       end
     end
   end

data/lib/sso/doorkeeper/authorization/token_mixin.rb CHANGED Viewed

@@ -4,10 +4,7 @@
 module Sso
   module Doorkeeper
     module Authorization
-      module CodeMixin
-        extend ActiveSupport::Concern
-        include ::Sso::Logging
+      module TokenMixin
         def issue_token
           super
           broadcast(:access_token_created, token.id) if @token.try(:id)

data/lib/sso/doorkeeper/oauth.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# This file includes all mixins for authorizations
+require "sso/doorkeeper/oauth/base"
+require "sso/doorkeeper/oauth/authorization_code_request_mixin"
+module Sso
+  module Doorkeeper
+    module OAuth
+    end
+  end
+end

data/lib/sso/doorkeeper/oauth/authorization_code_request_mixin.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module Sso
+  module Doorkeeper
+    module OAuth
+      module AuthorizationCodeRequestMixin
+        include Base
+        def sso_client
+          @sso_client ||= grant.sso_client
+        end
+      end
+    end
+  end
+end

data/lib/sso/doorkeeper/oauth/base.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module Sso
+  module Doorkeeper
+    module OAuth
+      module Base
+        extend ActiveSupport::Concern
+        def sso_client
+          return @sso_client if @sso_client
+          user = User.find(@access_token.resource_owner_id)
+          sso_session = Sso::Session.generate_master(user, {})
+          @sso_client = sso_session.clients.last
+        end
+        def after_successful_response
+          self.sso_client.update_attributes(access_token_id: @access_token.id)
+          super
+        end
+      end
+    end
+  end
+end

data/lib/sso/engine.rb CHANGED Viewed

@@ -22,14 +22,31 @@ module Sso
       end
     end
+    config.before_initialize do
+      [::Wisper::Publisher].each do |klass|
+        ::Doorkeeper::OAuth::Authorization::Code.send(:include, klass)
+        ::Doorkeeper::OAuth::Authorization::Token.send(:include, klass)
+      end
+      ::Doorkeeper::ApplicationMetalController.send(:include, ::AbstractController::Callbacks)
+    end
     config.after_initialize do
-      ::Doorkeeper::Application.send(:include, Sso::Doorkeeper::ApplicationMixin)
-      ::Doorkeeper::AccessGrant.send(:include, Sso::Doorkeeper::AccessGrantMixin)
-      ::Doorkeeper::AccessToken.send(:include, Sso::Doorkeeper::AccessTokenMixin)
-      ::Doorkeeper::OAuth::CodeRequest.send(:include, ::Wisper::Publisher)
-      ::Doorkeeper::TokensController.send(:include, AbstractController::Callbacks)
-      ::Doorkeeper::TokensController.send(:include, Sso::Doorkeeper::TokensControllerMixin)
-      ::Doorkeeper::AuthorizationsController.send(:include, Sso::Doorkeeper::AuthorizationsControllerMixin)
+      ::Doorkeeper::OAuth::Authorization::Code.send(:prepend, ::Sso::Doorkeeper::Authorization::CodeMixin)
+      ::Doorkeeper::OAuth::Authorization::Token.send(:prepend, ::Sso::Doorkeeper::Authorization::TokenMixin)
+      # Patch every class that includes RequestConcern
+      ::Doorkeeper::OAuth::AuthorizationCodeRequest.send(:prepend, ::Sso::Doorkeeper::OAuth::AuthorizationCodeRequestMixin)
+      ::Doorkeeper::OAuth::ClientCredentialsRequest.send(:include, ::Sso::Doorkeeper::OAuth::Base)
+      ::Doorkeeper::OAuth::PasswordAccessTokenRequest.send(:include, ::Sso::Doorkeeper::OAuth::Base)
+      ::Doorkeeper::OAuth::RefreshTokenRequest.send(:include, ::Sso::Doorkeeper::OAuth::Base)
+      ::Doorkeeper::Application.send(:include,  ::Sso::Doorkeeper::ApplicationMixin)
+      ::Doorkeeper::AccessGrant.send(:include,  ::Sso::Doorkeeper::AccessGrantMixin)
+      ::Doorkeeper::AccessToken.send(:include,  ::Sso::Doorkeeper::AccessTokenMixin)
+      ::Doorkeeper::ApplicationController.send(:include, ::Sso::Doorkeeper::ApplicationControllerMixin)
+      # ::Doorkeeper::ApplicationMetalController.send(:include, ::Sso::Doorkeeper::ApplicationControllerMixin)
       ::Warden::Manager.after_set_user(scope: :user, except: :fetch, &::Sso::Warden::Hooks::CreateMasterSession.to_proc)
       ::Warden::Manager.before_logout(scope: :user, &::Sso::Warden::Hooks::BeforeLogout.to_proc)

data/lib/sso/engine.rb.orig ADDED Viewed

@@ -0,0 +1,71 @@
+module Sso
+  class Engine < ::Rails::Engine
+    isolate_namespace Sso
+    # New test framework integration
+    config.generators do |g|
+      g.test_framework  :rspec,
+                        :fixtures => true,
+                        :view_specs => false,
+                        :helper_specs => false,
+                        :routing_specs => false,
+                        :controller_specs => true,
+                        :request_specs => false
+      g.fixture_replacement :fabrication
+    end
+    initializer :append_migrations do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+    end
+    config.before_initialize do
+      [::Sso::Logging, ::Wisper::Publisher].each do |klass|
+        ::Doorkeeper::OAuth::RequestConcern.send(:include, klass)
+        ::Doorkeeper::OAuth::Authorization::Code.send(:include, klass)
+        ::Doorkeeper::OAuth::Authorization::Token.send(:include, klass)
+      end
+      ::Doorkeeper::ApplicationMetalController.send(:include, ::AbstractController::Callbacks)
+      # need a better way to fix this
+      ::Doorkeeper::OAuth::RequestConcern.class_eval do
+        def after_successful_response
+          raise "RequestConcern#token - #{@access_token.inspect}"
+          broadcast(:access_token_request_successful, @access_token.id)
+          super
+        end
+      end
+    end
+    config.after_initialize do
+      ::Doorkeeper::OAuth::Authorization::Code.send(:prepend, ::Sso::Doorkeeper::Authorization::CodeMixin)
+      ::Doorkeeper::OAuth::Authorization::Token.send(:prepend, ::Sso::Doorkeeper::Authorization::TokenMixin)
+      ::Doorkeeper::Application.send(:include,  ::Sso::Doorkeeper::ApplicationMixin)
+      ::Doorkeeper::AccessGrant.send(:include,  ::Sso::Doorkeeper::AccessGrantMixin)
+      ::Doorkeeper::AccessToken.send(:include,  ::Sso::Doorkeeper::AccessTokenMixin)
+      ::Doorkeeper::ApplicationMetalController.send(:include, ::Sso::Doorkeeper::ApplicationControllerMixin)
+      ::Doorkeeper::ApplicationController.send(:include, ::Sso::Doorkeeper::ApplicationControllerMixin)
+      # ::Doorkeeper::TokensController.send(:include, ::AbstractController::Callbacks)
+      # ::Doorkeeper::TokensController.send(:include, ::Sso::Doorkeeper::TokensControllerMixin)
+      # ::Doorkeeper::AuthorizationsController.send(:include, ::Sso::Doorkeeper::AuthorizationsControllerMixin)
+<<<<<<< HEAD
+      ::Warden::Manager.after_set_user(scope: :user, &::Sso::Warden::Hooks::CreateMasterSession.to_proc)
+=======
+>>>>>>> Use wisper to broadcast when token is created
+      ::Warden::Manager.after_set_user(scope: :user, except: :fetch, &::Sso::Warden::Hooks::CreateMasterSession.to_proc)
+      ::Warden::Manager.before_logout(scope: :user, &::Sso::Warden::Hooks::BeforeLogout.to_proc)
+      # TODO : Do we want to ensure that session is always active?
+      # ::Warden::Manager.after_fetch(scope: :user, &::Sso::Warden::Hooks::SessionCheck.to_proc)
+      # TODO : Why does it need a passport strategy
+      # Warden::Strategies.add :passport, ::Sso::Server::Warden::Strategies::Passport
+    end
+  end
+end

data/lib/sso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Sso
-  VERSION = "0.4.1"
+  VERSION = "0.4.3"
 end

data/lib/sso/warden/hooks/before_logout.rb CHANGED Viewed

@@ -10,6 +10,7 @@ module Sso
             debug { "#BeforeLogout Sso::Session - #{session["sso_session_id"]}" }
             debug { "user is #{user.inspect}" }
             ::Sso::Session.logout(session["sso_session_id"])
+            session["sso_session_id"] = nil
           end
           return nil
         end

data/lib/sso/warden/hooks/create_master_session.rb CHANGED Viewed

@@ -5,12 +5,15 @@ module Sso
         include ::Sso::Warden::Support
         def call
-          if logged_in?
-            debug { "Starting hook because this is considered the first login of the current session..." }
-            debug { "Log out previous Sso:Session if exists : ID session['sso_session_id']" }
-            ::Sso::Session.logout(session["sso_session_id"])
-            generate_session
+          unless logged_in?
+            throw(:warden)
+            raise "DoorkeeperSso : CreateMasterSession requires an authenticated session" and return
           end
+          debug { "NEW USER WARDEN SESSION" }
+          debug { "Log out previous Sso:Session if exists : ID #{session['sso_session_id']}" }
+          ::Sso::Session.logout(session["sso_session_id"])
+          generate_session
           return nil
         end

data/spec/lib/sso/warden/hooks/before_logout_spec.rb CHANGED Viewed

@@ -32,7 +32,7 @@ RSpec.describe Sso::Warden::Hooks::BeforeLogout do
       it "run #logout" do
         expect(::Sso::Session).to receive(:logout).with(session.id)
-        calling
+        rack.call
       end
       it 'revokes the passport' do
@@ -41,6 +41,11 @@ RSpec.describe Sso::Warden::Hooks::BeforeLogout do
         expect(session.revoked_at.to_i).to eq Time.now.to_i
         expect(session.revoke_reason).to eq 'logout'
       end
+      it 'clears session' do
+        rack.call
+        expect(rack.session["sso_session_id"]).to be_nil
+      end
     end
     context "when logged_out" do

data/spec/lib/sso/warden/hooks/create_master_session_spec.rb CHANGED Viewed

@@ -33,15 +33,14 @@ RSpec.describe Sso::Warden::Hooks::CreateMasterSession do
     context 'existing session' do
       let(:sso_params) { { :ip => "202.188.0.133", :agent => "Chrome" } }
       let(:sso_session) { ::Sso::Session.generate_master(user, sso_params ) }
-      let!(:session_params) { { "sso_session_id" => sso_session.id } }
+      let(:sso_session_id) { sso_session.id }
+      let!(:session_params) { { "sso_session_id" => sso_session_id } }
-      before() { rack.call }
-      it { expect(::Sso::Session.count).to eq 2 }
-      it { expect(::Sso::Session.find_by_id(sso_session.id).revoke_reason).to eq "logout" }
+      it { rack.call; expect(::Sso::Session.count).to eq 2 }
+      it { rack.call; expect(::Sso::Session.find_by_id(sso_session.id).revoke_reason).to eq "logout" }
       it "runs Sso::Session.logout" do
-        expect(::Sso::Session).to receive(:logout).with(nil)
+        expect(::Sso::Session).to receive(:logout).with(sso_session_id)
         rack.call
       end
     end
@@ -49,16 +48,9 @@ RSpec.describe Sso::Warden::Hooks::CreateMasterSession do
     context 'logged out' do
       let(:user) { nil }
-      before() { rack.call }
-      it "will not run Sso::Session.logout" do
+      it "will not run Sso::Session.logout but throw :warden" do
         expect(::Sso::Session).not_to receive(:logout)
-        rack.call
-      end
-      it "will not run #generate_session" do
-        expect(rack).not_to receive(:generate_session)
-        rack.call
+        expect { rack.call }.to raise_exception("uncaught throw :warden")
       end
     end

data/spec/request/oauth/authorization_code_spec.rb ADDED Viewed

@@ -0,0 +1,122 @@
+require 'rails_helper'
+RSpec.describe 'OAuth 2.0 Authorization Grant Flow', type: :request, db: true do
+  let!(:user)                     { Fabricate(:user, password: "bumblebee") }
+  let!(:doorkeeper_application)   { Fabricate('Doorkeeper::Application') }
+  let(:redirect_uri)              { doorkeeper_application.redirect_uri }
+  let(:grant_params)        { { client_id: doorkeeper_application.uid, redirect_uri: redirect_uri, response_type: "code", state: 'some_random_string' } } # client_id=04364b30de79090493f079724571899eece7791b5af54e5866d73c6aaf167ec9&redirect_uri=http%3A%2F%2Flaunchpad.dev%2Fauth%2Fmindvalley%2Fcallback&response_type=code&state=a82b7b992c78ed7c47aba11340cdea76cc5ecc4ffe62ef39
+  let(:result)              { JSON.parse(response.body) }
+  let(:latest_grant)        { ::Doorkeeper::AccessGrant.last }
+  let(:latest_access_token) { ::Doorkeeper::AccessToken.last }
+  let(:access_token_count)  { ::Doorkeeper::AccessToken.count }
+  let(:grant_count)         { ::Doorkeeper::AccessGrant.count }
+  let(:latest_passport)     { ::SSO::Session.last }
+  let(:passport_count)      { ::SSO::Session.last.count }
+  before do
+    get_via_redirect '/oauth/authorize', grant_params
+  end
+  it 'shows to the login page' do
+    expect(response).to render_template 'devise/sessions/new'
+  end
+  describe 'Logging in' do
+    before do
+      post '/login', user: { email: user.email, password: "bumblebee" }
+      follow_redirect!
+    end
+    it 'redirects to the application callback including the Grant Token' do
+      #expect(latest_grant).to be_present
+      expect(response.body).to eq 1 #redirect_to "#{doorkeeper_application.redirect_uri}?code=#{latest_grant.token}&state=some_random_string"
+    end
+    # it 'generates a passport with the grant token attached to it' do
+    #   expect(latest_passport.oauth_access_grant_id).to eq latest_grant.id
+    # end
+    # it 'does not generate multiple authorization grants' do
+    #   expect(grant_count).to eq 1
+    # end
+    pending 'Exchanging the Authorization Grant for an Access Token' do
+      let(:grant)      { ::Rack::Utils.parse_query(URI.parse(response.location).query).fetch('code') }
+      let(:grant_type) { :authorization_code }
+      let(:params)     { { doorkeeper_application_id: doorkeeper_application.uid, doorkeeper_application_secret: doorkeeper_application.secret, code: grant, grant_type: grant_type, redirect_uri: redirect_uri } }
+      let(:token)      { JSON.parse(response.body).fetch 'access_token' }
+      before do
+        post '/oauth/token', params
+      end
+      it 'succeeds' do
+        expect(response.status).to eq 200
+      end
+      it 'responds with JSON serialized params' do
+        expect(result).to be_instance_of Hash
+      end
+      it 'includes the access_token' do
+        expect(result['access_token']).to eq latest_access_token.token
+      end
+      it 'generates a passport with the grant token attached to it' do
+        expect(latest_passport.oauth_access_token_id).to eq latest_access_token.id
+      end
+      it 'does not generate multiple passports' do
+        expect(passport_count).to eq 1
+      end
+      it 'does not generate multiple access tokens' do
+        expect(access_token_count).to eq 1
+      end
+      it 'succeeds' do
+        expect(response.status).to eq 200
+      end
+      pending 'Exchanging the Access Token for a Passport' do
+        before do
+          SSO.config.passport_chip_key = SecureRandom.hex
+          post '/oauth/sso/v1/passports', access_token: token
+        end
+        it 'succeeds' do
+          expect(response.status).to eq 200
+        end
+        it 'gets the passport' do
+          expect(result['passport']).to be_present
+        end
+        it 'is the passport for that access token' do
+          expect(result['passport']['id']).to eq latest_passport.id
+          expect(latest_passport.oauth_access_token_id).to eq latest_access_token.id
+        end
+        pending 'is an outsider passport' do
+          expect(latest_passport).to_not be_insider
+        end
+        pending 'insider application' do
+          let!(:doorkeeper_application) { Fabricate('Doorkeeper::Application') }
+          let(:scope)   { :insider }
+          it 'is an insider passport' do
+            expect(latest_passport).to be_insider
+          end
+        end
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper_sso
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.3
 platform: ruby
 authors:
 - John Wong
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-09-02 00:00:00.000000000 Z
+date: 2015-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden
@@ -348,17 +348,20 @@ files:
 - db/migrate/20150521142926_create_sso_clients.rb
 - db/migrate/20150521165143_remove_extra_columns_from_sso_sessions.rb
 - db/migrate/20150603145730_add_pingback_uri_to_doorkeeper_applications.rb
-- lib/doorkeeper/oauth/request_concern.rb
 - lib/doorkeeper_sso.rb
 - lib/sso.rb
 - lib/sso/doorkeeper/access_grant_mixin.rb
 - lib/sso/doorkeeper/access_token_mixin.rb
+- lib/sso/doorkeeper/application_controller_mixin.rb
 - lib/sso/doorkeeper/application_mixin.rb
+- lib/sso/doorkeeper/authorization.rb
 - lib/sso/doorkeeper/authorization/code_mixin.rb
 - lib/sso/doorkeeper/authorization/token_mixin.rb
-- lib/sso/doorkeeper/authorizations_controller_mixin.rb
-- lib/sso/doorkeeper/tokens_controller_mixin.rb
+- lib/sso/doorkeeper/oauth.rb
+- lib/sso/doorkeeper/oauth/authorization_code_request_mixin.rb
+- lib/sso/doorkeeper/oauth/base.rb
 - lib/sso/engine.rb
+- lib/sso/engine.rb.orig
 - lib/sso/logging.rb
 - lib/sso/version.rb
 - lib/sso/warden/hooks/before_logout.rb
@@ -378,14 +381,13 @@ files:
 - spec/lib/doorkeeper/access_grant_mixin_spec.rb
 - spec/lib/doorkeeper/access_token_mixin_spec.rb
 - spec/lib/doorkeeper/application_mixin_spec.rb
-- spec/lib/doorkeeper/authorizations_controller_mixin_spec.rb
-- spec/lib/doorkeeper/tokens_controller_mixin_spec.rb
 - spec/lib/sso/warden/hooks/before_logout_spec.rb
 - spec/lib/sso/warden/hooks/create_master_session_spec.rb
 - spec/models/sso/client_spec.rb
 - spec/models/sso/pingback_spec.rb
 - spec/models/sso/session_spec.rb
 - spec/rails_helper.rb
+- spec/request/oauth/authorization_code_spec.rb
 - spec/spec_helper.rb
 - spec/support/api_schema_matcher.rb
 - spec/support/database_cleaner.rb
@@ -438,14 +440,13 @@ test_files:
 - spec/lib/doorkeeper/access_grant_mixin_spec.rb
 - spec/lib/doorkeeper/access_token_mixin_spec.rb
 - spec/lib/doorkeeper/application_mixin_spec.rb
-- spec/lib/doorkeeper/authorizations_controller_mixin_spec.rb
-- spec/lib/doorkeeper/tokens_controller_mixin_spec.rb
 - spec/lib/sso/warden/hooks/before_logout_spec.rb
 - spec/lib/sso/warden/hooks/create_master_session_spec.rb
 - spec/models/sso/client_spec.rb
 - spec/models/sso/pingback_spec.rb
 - spec/models/sso/session_spec.rb
 - spec/rails_helper.rb
+- spec/request/oauth/authorization_code_spec.rb
 - spec/spec_helper.rb
 - spec/support/api_schema_matcher.rb
 - spec/support/database_cleaner.rb

data/lib/doorkeeper/oauth/request_concern.rb DELETED Viewed

@@ -1,12 +0,0 @@
-module Doorkeeper
-  module OAuth
-    module RequestConcern
-      include Wisper::Publisher
-      def after_successful_response
-        broadcast(:access_token_created, token.id) if respond_to? :token
-        super
-      end
-    end
-  end
-end

data/lib/sso/doorkeeper/authorizations_controller_mixin.rb DELETED Viewed

@@ -1,48 +0,0 @@
-module Sso
-  module Doorkeeper
-    module AuthorizationsControllerMixin
-      extend ActiveSupport::Concern
-      include ::Sso::Logging
-      included do
-        around_action :subscribe_to_token_creation, only: [:new, :create]
-        after_action :after_grant_create, only: [:new, :create]
-      end
-    protected
-      def subscribe_to_token_creation
-        Wisper.subscribe(self) do
-          yield
-        end
-      end
-      def access_token_created(token_id)
-        raise "AuthorizationsController#gives token - #{token_id}"
-      end
-      def after_grant_create
-        debug { "AuthorizationsController#Create : after_action" }
-        code_response = authorization.instance_variable_get("@response")
-        oauth_grant = code_response.try(:auth).try(:token)
-        warden_session = session["warden.user.user.session"] || {}
-        sso_session = Sso::Session.find_by_id(warden_session["sso_session_id"].to_s)
-        unless sso_session.try(:active?)
-          error { "ERROR : AuthorizationsControllerMixin  - Sso::Session INACTIVE) #{sso_session.inspect}" }
-          return false
-        end
-        if oauth_grant
-          debug { "Sso::Session.update_master_with_grant - #{sso_session.id.inspect}, #{oauth_grant.inspect}" }
-          sso_session.clients.find_or_create_by!(access_grant_id: oauth_grant.id)
-        else
-          error { "ERROR : AuthorizationsControllerMixin - Unable to get grant id from #{oauth_grant.inspect}" }
-          sso_session.logout
-          return false
-        end
-      end
-    end
-  end
-end

data/lib/sso/doorkeeper/tokens_controller_mixin.rb DELETED Viewed

@@ -1,55 +0,0 @@
-require 'active_support/concern'
-module Sso
-  module Doorkeeper
-    module TokensControllerMixin
-      extend ActiveSupport::Concern
-      include ::Sso::Logging
-      included do
-        after_action :after_token_create, only: :create
-      end
-    protected
-      def after_token_create
-        debug { "TokensController#Create : after_action" }
-        handle_authorization_grant_flow
-      end
-      def handle_authorization_grant_flow
-        # We cannot rely on session[:sso_session_id] here because the end-user might have cookies disabled.
-        # The only thing we can rely on to identify the user/Passport is the incoming grant token.
-        debug { %(Detected outgoing "Access Token" #{outgoing_access_token.inspect}) }
-        unless client = ::Sso::Client.find_by_grant_token(grant_token)
-          return error_and_return "::Sso::Client not found for grant token #{grant_token}"
-        end
-        if client.update_access_token(outgoing_access_token)
-          debug { "::Sso::Client.update_access_token success for access_token: #{outgoing_access_token}" }
-        else
-          return error_and_return "::Sso::Session.update_access_token failed. #{client.errors.inspect}"
-        end
-      end
-      def error_and_return(msg)
-        error { msg }
-        return false
-      end
-      def grant_token
-        params["code"]
-      end
-      def grant_type
-        params["grant_type"]
-      end
-      def outgoing_access_token
-        @response_hash ||= JSON.parse(response.body)
-        @response_hash["access_token"]
-      end
-    end
-  end
-end

data/spec/lib/doorkeeper/authorizations_controller_mixin_spec.rb DELETED Viewed

@@ -1,65 +0,0 @@
-require 'rails_helper'
-# Engine.rb automatically includes the mixin
-RSpec.describe Doorkeeper::AuthorizationsController do
-  let(:user) { Fabricate(:user) }
-  let(:application) { Fabricate('Doorkeeper::Application') }
-  # let(:access_token) { Fabricate('Doorkeeper::AccessToken',
-  #                                resource_owner_id: user.id) }
-  let!(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
-                                 application_id: application.id,
-                                 resource_owner_id: user.id,
-                                 redirect_uri: 'http://localhost:3002/oauth/callback'
-                                ) }
-  # Set up Session
-  let(:session) {  Fabricate('Sso::Session', owner: user) }
-  let!(:client) {  Fabricate('Sso::Client', session: session,
-                                application_id: application.id) }
-  let(:auth) { double :auth, token: access_grant }
-  let(:code_response)  { double :code_response, auth: auth }
-  let(:authorization)  { double :authorization, instance_variable_get: code_response }
-  let(:warden_session) { { "warden.user.user.session" => { "sso_session_id" => session.id } } }
-  subject(:controller) { described_class.new }
-  before do
-    allow_any_instance_of(described_class).to receive(:authorization).and_return(authorization)
-    allow_any_instance_of(described_class).to receive(:session).and_return(warden_session)
-  end
-  describe "#after_grant_create" do
-    context "working" do
-      it "creates client with grant_id" do
-        controller.send(:after_grant_create)
-        expect(access_grant.sso_client).to be_a ::Sso::Client
-      end
-    end
-    context "no grant" do
-      let(:access_grant) { nil }
-      it "logs error" do
-        expect(controller).to receive(:error)
-        controller.send(:after_grant_create)
-      end
-      it "logout session" do
-        expect_any_instance_of(::Sso::Session).to receive(:logout).and_call_original
-        controller.send(:after_grant_create)
-      end
-    end
-    context "no session" do
-      let(:warden_session) { {} }
-      it "logs error" do
-        expect(controller).to receive(:error)
-        controller.send(:after_grant_create)
-      end
-    end
-  end
-end

data/spec/lib/doorkeeper/tokens_controller_mixin_spec.rb DELETED Viewed

@@ -1,72 +0,0 @@
-require 'rails_helper'
-# Engine.rb automatically includes the mixin
-RSpec.describe Doorkeeper::TokensController, :type => :controller do
-  let(:user) { Fabricate(:user) }
-  let(:application) { Fabricate('Doorkeeper::Application') }
-  let(:access_token) { Fabricate('Doorkeeper::AccessToken',
-                                 resource_owner_id: user.id) }
-  let!(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
-                                 application_id: application.id,
-                                 resource_owner_id: user.id,
-                                 redirect_uri: 'http://localhost:3002/oauth/callback'
-                                ) }
-  # Set up Session
-  let(:session) {  Fabricate('Sso::Session', owner: user) }
-  let!(:client) {  Fabricate('Sso::Client', session: session,
-                                application_id: application.id,
-                                access_grant_id: access_grant.id) }
-  let(:auth) { double :auth, token: access_grant }
-  let(:code_response)  { double :code_response, auth: auth }
-  let(:authorization)  { double :authorization, instance_variable_get: code_response }
-  let(:warden_session) { { "warden.user.user.session" => { "sso_session_id" => session.id } } }
-  subject(:controller) { described_class.new }
-  describe "#handle_authorization_grant_flow" do
-    before do
-      allow(controller).to receive(:grant_token).and_return(access_grant.try(:token))
-      allow(controller).to receive(:grant_type).and_return("authorization_code")
-      allow(controller).to receive(:outgoing_access_token).and_return(access_token.try(:token))
-    end
-    context "working flow" do
-      it "saves access_token" do
-        controller.send(:handle_authorization_grant_flow)
-        client.reload
-        expect(client.access_grant).to eq access_grant
-      end
-    end
-    context "grant missing" do
-      let!(:access_grant) { nil }
-      let!(:client) { nil }
-      it "logs error and halt" do
-        expect(controller).to receive(:error)
-        expect(controller.send(:handle_authorization_grant_flow)).to be_falsy
-      end
-    end
-    context "access_grant token missing" do
-      let(:access_token) { nil }
-      it "logs error and halt" do
-        expect(controller).to receive(:error)
-        expect(controller.send(:handle_authorization_grant_flow)).to be_falsy
-      end
-    end
-  end
-  describe "#error_and_return" do
-    after()  { controller.send(:error_and_return, "AN ERROR") }
-    it { expect(controller).to receive(:error) }
-  end
-end