doorkeeper_sso 0.4.3 → 0.4.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0ca0ce3b31e9f84891cca3a72dddd92d8b401bf2
-  data.tar.gz: 926a26fbbec7d49bb05a2b71fd4db19f85a6f5fe
+  metadata.gz: 2bd334100cf66c77b3f645412a863eabdc1662d2
+  data.tar.gz: dc41d49dbc70d8372eafd3f3b4d4992d46f70ec7
 SHA512:
-  metadata.gz: 5b96c999fe8b444644bc6b1c5faa131d7f0950a4e391da11ab6a71a0255ec58538dd4636887965fb4542a20f3b550718117bda9d9c8a9a27dcacc66a8e43b645
-  data.tar.gz: 32e6a6a7460f9c5b2e37901f637ad5db92afe1ff4c29e573ee1efe0a620c7ddf204b603b4c5aec7fe22375b7274c03180e29cb702c51b30b23f84be46c976d44
+  metadata.gz: 733ec62c0762c923ccd25322e5670641f531850fddb84778a408c1d45bdac1b19c928db1114caeb296391e57bb4b2ec26f69cd43414ba53face2da3ab5cdd606
+  data.tar.gz: efdd2637c8a3b766f47766d985e7ffab1d1ee2643e2299b0b156dc049c474de6970983bf3e66e384742fff00915285100f24f9b877e94dc84e80d7dfe1ad94a7

data/app/controllers/sso/sessions_controller.rb

@@ -15,20 +15,21 @@ module Sso
     # Sessionless (iphone/outsider)
     # Returns passport
     def show
-      @session = current_client.session
-      render json: @session, serializer: Sso::SessionSerializer
+      @client = current_client
+      render json: @client, serializer: Sso::ClientSerializer
     end
 
     # Passport exchange
     # Passport Strategy first exchange
     # Insider : Client information from Apps should always be trusted
     def create
-      @session = current_client.session
+      @client = current_client
+      @session = @client.session
       debug { "SessionsController#create - #{@session.inspect}"}
       raise "ResourceOwner from token != session.owner" if doorkeeper_token.resource_owner_id != @session.owner.id
 
-      current_client.update_attributes!(client_params)
-      render json: @session, status: :created, serializer: Sso::SessionSerializer
+      @client.update_attributes!(client_params)
+      render json: @client, status: :created, serializer: Sso::ClientSerializer
     end
 
     ################################################################################

data/app/models/sso/client.rb

@@ -10,6 +10,11 @@ module Sso
     validates :access_grant_id, uniqueness: { allow_nil: true }
     validates :access_token_id, uniqueness: { allow_nil: true }
 
+    scope :with_access_grant, -> { where.not(access_grant: nil) }
+    scope :with_access_token, -> { where.not(access_token: nil) }
+
+    before_save :ensure_random_token
+
     class << self
       def find_by_grant_token(token)
         find_by(access_grant: ::Doorkeeper::AccessGrant.by_token(token))
@@ -29,5 +34,10 @@ module Sso
       return false unless oauth_token = ::Doorkeeper::AccessToken.by_token(token)
       update(access_token_id: oauth_token.id, application_id: oauth_token.application.id)
     end
+
+  private
+    def ensure_random_token
+      self.random_token ||= SecureRandom.hex
+    end
   end
 end

data/app/models/sso/session.rb

@@ -16,7 +16,6 @@ module Sso
     scope :master, -> { where(application_id: nil) }
 
     before_validation :ensure_secret
-    before_validation :ensure_group_id
     before_validation :ensure_activity_at
 
     class << self
@@ -57,6 +56,9 @@ module Sso
     end
 
     def logout
+      clients.with_access_token.each do |c|
+        c.access_token.revoke
+      end
       update revoked_at: Time.current, revoke_reason: "logout"
     end
 
@@ -66,10 +68,6 @@ module Sso
       self.secret ||= SecureRandom.uuid
     end
 
-    def ensure_group_id
-      self.group_id ||= SecureRandom.uuid
-    end
-
     def ensure_activity_at
       self.activity_at ||= Time.current
     end

data/app/serializers/sso/client_serializer.rb

@@ -0,0 +1,20 @@
+module Sso
+  class ClientSerializer < ActiveModel::Serializer
+    delegate :id, :active?, :revoked_at, :revoke_reason, :secret, to: :session
+
+    attribute  :id, :key => :client_id
+    attributes :id, :active?, :revoked_at, :revoke_reason, :secret, :random_token
+
+
+    belongs_to :owner, serializer: Sso::OwnerSerializer # WTH : hack to load owner using serializer
+
+    def session
+      object.session
+    end
+
+    # WTH : i dont get why i have to do loops to customize my json output
+    def owner
+      session.owner
+    end
+  end
+end

data/app/serializers/sso/session_serializer.rb

@@ -1,7 +1,8 @@
 module Sso
   class SessionSerializer < ActiveModel::Serializer
-    attributes :id, :active?, :secret, :revoked_at, :revoke_reason
+    attributes :id, :active?, :revoked_at, :revoke_reason, :secret
 
+    has_many :clients
     belongs_to :owner, serializer: Sso::OwnerSerializer
   end
 end

data/db/migrate/20151030064515_add_device_information_to_sso_clients.rb

@@ -0,0 +1,16 @@
+class AddDeviceInformationToSsoClients < ActiveRecord::Migration
+  def change
+    change_table :sso_clients do |t|
+      t.string      "device_os"
+      t.string      "device_os_version"
+      t.string      "device_model"
+      t.string      "random_token"
+    end
+
+    Sso::Client.find_each do |client|
+      client.save
+    end
+
+    change_column :sso_clients, :random_token, :string, :null => true
+  end
+end

data/db/migrate/20151104090509_remove_group_id_from_sessions.rb

@@ -0,0 +1,7 @@
+class RemoveGroupIdFromSessions < ActiveRecord::Migration
+  def change
+    change_table :sso_sessions do |t|
+      t.remove :group_id
+    end
+  end
+end

data/lib/doorkeeper_sso.rb

@@ -1,3 +1,4 @@
+require "rails"
 require "active_model_serializers"
 require "wisper"
 require "sso"

data/lib/sso/version.rb

@@ -1,3 +1,3 @@
 module Sso
-  VERSION = "0.4.3"
+  VERSION = "0.4.6"
 end

data/spec/api/schemas/session.json

@@ -1,17 +1,21 @@
 {
   "type": "object",
   "required" : [
+    "client_id",
     "id",
     "active?",
     "secret",
-    "owner"
+    "owner",
+    "random_token"
   ],
   "properties": {
+    "client_id" : { "type" : "string" },
     "id" : { "type" : "string" },
     "active?" : { "type" : "boolean" },
     "revoked_at" : { "type": ["string", "null"], "format": "date-time" },
     "revoke_reason" : { "type": ["string", "null"] },
     "secret" : { "type" : "string" },
+    "random_token" : { "type" : "string" },
     "owner" : {
       "type" : "object",
       "required" : [
@@ -32,4 +36,4 @@
       }
     }
   }
-}
+}

data/spec/controllers/sso/sessions_controller_spec.rb

@@ -59,7 +59,7 @@ RSpec.describe Sso::SessionsController, :type => :controller do
       end
 
       it { expect(response).to have_http_status(:ok) }
-      it { expect(assigns(:session)).to eq session }
+      it { expect(assigns(:client)).to eq client }
       it { expect(response).to match_response_schema("session") }
     end
   end

data/spec/models/sso/client_spec.rb

@@ -57,4 +57,12 @@ RSpec.describe Sso::Client, :type => :model do
     end
   end
 
+  describe "#ensure_random_token" do
+    subject!(:client) {  Fabricate('Sso::Client', session: session,
+                                application_id: application.id,
+                                access_grant_id: access_grant.id) }
+
+    it { expect(client.random_token).not_to be_blank }
+  end
+
 end

data/spec/models/sso/session_spec.rb

@@ -92,18 +92,32 @@ RSpec.describe Sso::Session, :type => :model do
 
     context "(failure)" do
       it "raises exception" do
-        expect { Sso::Session.generate_master(nil) }.to raise_exception
+        expect { Sso::Session.generate_master(nil, nil) }.to raise_exception(ActiveRecord::RecordInvalid)
       end
     end
   end
 
   describe "::logout" do
-    let!(:sso_session) { Fabricate('Sso::Session') }
-    let!(:user) { sso_session.owner }
+    let(:user) { Fabricate(:user) }
+    let(:access_token) { Fabricate('Doorkeeper::AccessToken',
+                                   resource_owner_id: user.id) }
+    let(:access_grant) { Fabricate('Doorkeeper::AccessGrant',
+                                   application_id: nil,
+                                   resource_owner_id: user.id,
+                                   redirect_uri: 'http://localhost:3002/oauth/callback'
+                                  ) }
+
+    let(:sso_session) {  Fabricate('Sso::Session', owner: user) }
+    let!(:sso_client) {  Fabricate('Sso::Client', session: sso_session,
+                                  access_token_id: access_token.id,
+                                  access_grant_id: access_grant.id) }
 
-    it "revokes session" do
+    it "revokes session and access token" do
       Sso::Session.logout(sso_session.id)
       new_session = Sso::Session.find(sso_session.id)
+
+      expect(new_session.clients.count).to eq(2) # Should have 2 clients for a session
+      expect(new_session.clients.with_access_token.first.access_token.revoked_at).not_to be_blank # Client access token should be revoked
       expect(new_session.revoked_at).not_to be_blank
       expect(new_session.revoke_reason).to eq("logout")
     end

data/spec/request/oauth/authorization_code_spec.rb

@@ -15,8 +15,8 @@ RSpec.describe 'OAuth 2.0 Authorization Grant Flow', type: :request, db: true do
   let(:access_token_count)  { ::Doorkeeper::AccessToken.count }
   let(:grant_count)         { ::Doorkeeper::AccessGrant.count }
 
-  let(:latest_passport)     { ::SSO::Session.last }
-  let(:passport_count)      { ::SSO::Session.last.count }
+  let(:latest_session)     { ::Sso::Session.last }
+  let(:session_count)      { ::Sso::Session.count }
 
   before do
     get_via_redirect '/oauth/authorize', grant_params
@@ -27,32 +27,40 @@ RSpec.describe 'OAuth 2.0 Authorization Grant Flow', type: :request, db: true do
   end
 
   describe 'Logging in' do
-    before do
-      post '/login', user: { email: user.email, password: "bumblebee" }
+    before(:each) do
+      post '/users/sign_in', user: { email: user.email, password: "bumblebee" }
       follow_redirect!
     end
 
     it 'redirects to the application callback including the Grant Token' do
-      #expect(latest_grant).to be_present
-      expect(response.body).to eq 1 #redirect_to "#{doorkeeper_application.redirect_uri}?code=#{latest_grant.token}&state=some_random_string"
+      is_expected.to redirect_to "#{doorkeeper_application.redirect_uri}?code=#{latest_grant.token}&state=some_random_string"
     end
 
-    # it 'generates a passport with the grant token attached to it' do
-    #   expect(latest_passport.oauth_access_grant_id).to eq latest_grant.id
-    # end
+    it 'generates a master session' do
+      expect(session_count).to eq 1
+    end
+
+    it 'generates a master client and a child client' do
+      expect(latest_session.clients.count).to eq 2
+    end
+
+    it 'child client have grant token info attached to it' do
+      expect(latest_session.clients.with_access_grant.count).to eq 1
+      expect(latest_session.clients.with_access_grant.first.access_grant_id).to eq latest_grant.id
+    end
 
-    # it 'does not generate multiple authorization grants' do
-    #   expect(grant_count).to eq 1
-    # end
+    it 'does not generate multiple authorization grants' do
+      expect(grant_count).to eq 1
+    end
 
-    pending 'Exchanging the Authorization Grant for an Access Token' do
+    context 'Exchanging the Authorization Grant for an Access Token' do
       let(:grant)      { ::Rack::Utils.parse_query(URI.parse(response.location).query).fetch('code') }
       let(:grant_type) { :authorization_code }
-      let(:params)     { { doorkeeper_application_id: doorkeeper_application.uid, doorkeeper_application_secret: doorkeeper_application.secret, code: grant, grant_type: grant_type, redirect_uri: redirect_uri } }
+      let(:token_params)     { { client_id: doorkeeper_application.uid, client_secret: doorkeeper_application.secret, code: grant, grant_type: grant_type, redirect_uri: redirect_uri } }
       let(:token)      { JSON.parse(response.body).fetch 'access_token' }
 
-      before do
-        post '/oauth/token', params
+      before(:each) do
+        post '/oauth/token', token_params
       end
 
       it 'succeeds' do
@@ -67,52 +75,33 @@ RSpec.describe 'OAuth 2.0 Authorization Grant Flow', type: :request, db: true do
         expect(result['access_token']).to eq latest_access_token.token
       end
 
-      it 'generates a passport with the grant token attached to it' do
-        expect(latest_passport.oauth_access_token_id).to eq latest_access_token.id
+      it 'does not generate multiple master session' do
+        expect(session_count).to eq 1
       end
 
-      it 'does not generate multiple passports' do
-        expect(passport_count).to eq 1
+      it 'does not generate another client' do
+        expect(latest_session.clients.count).to eq 2
       end
 
-      it 'does not generate multiple access tokens' do
-        expect(access_token_count).to eq 1
+      it 'updates child client with the access token info' do
+        expect(latest_session.clients.with_access_token.first.access_token_id).to eq latest_access_token.id
       end
 
-      it 'succeeds' do
-        expect(response.status).to eq 200
-      end
+      context 'Updates the child client with user info' do
+        let(:client_params)     { { access_token: token, ip: "127.0.0.1", agent: "curl/7.43.0" } }
 
-      pending 'Exchanging the Access Token for a Passport' do
-        before do
-          SSO.config.passport_chip_key = SecureRandom.hex
-          post '/oauth/sso/v1/passports', access_token: token
+        before(:each) do
+          post '/sso/sessions', client_params
         end
 
         it 'succeeds' do
-          expect(response.status).to eq 200
-        end
-
-        it 'gets the passport' do
-          expect(result['passport']).to be_present
-        end
-
-        it 'is the passport for that access token' do
-          expect(result['passport']['id']).to eq latest_passport.id
-          expect(latest_passport.oauth_access_token_id).to eq latest_access_token.id
-        end
-
-        pending 'is an outsider passport' do
-          expect(latest_passport).to_not be_insider
+          expect(response.status).to eq 201
         end
 
-        pending 'insider application' do
-          let!(:doorkeeper_application) { Fabricate('Doorkeeper::Application') }
-          let(:scope)   { :insider }
-
-          it 'is an insider passport' do
-            expect(latest_passport).to be_insider
-          end
+        it 'child client is updated with user info' do
+          child_client = latest_session.clients.with_access_token.first
+          expect(child_client.ip).to eq "127.0.0.1"
+          expect(child_client.agent).to eq "curl/7.43.0"
         end
       end
 

data/spec/support/shoulda_matchers.rb

@@ -0,0 +1,6 @@
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    with.test_framework :rspec
+    with.library :rails
+  end
+end

data/spec/test_app/db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150603145730) do
+ActiveRecord::Schema.define(version: 20151104090509) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -78,8 +78,12 @@ ActiveRecord::Schema.define(version: 20150603145730) do
     t.string   "location"
     t.string   "device"
     t.datetime "activity_at"
-    t.datetime "created_at",      null: false
-    t.datetime "updated_at",      null: false
+    t.datetime "created_at",        null: false
+    t.datetime "updated_at",        null: false
+    t.string   "device_os"
+    t.string   "device_os_version"
+    t.string   "device_model"
+    t.string   "random_token",      null: false
   end
 
   add_index "sso_clients", ["access_grant_id"], name: "index_sso_clients_on_access_grant_id", using: :btree
@@ -97,7 +101,6 @@ ActiveRecord::Schema.define(version: 20150603145730) do
     t.integer  "access_token_id"
     t.integer  "application_id"
     t.integer  "owner_id",        null: false
-    t.string   "group_id",        null: false
     t.string   "secret",          null: false
     t.datetime "activity_at",     null: false
     t.datetime "revoked_at"
@@ -109,7 +112,6 @@ ActiveRecord::Schema.define(version: 20150603145730) do
   add_index "sso_sessions", ["access_grant_id"], name: "index_sso_sessions_on_access_grant_id", using: :btree
   add_index "sso_sessions", ["access_token_id"], name: "index_sso_sessions_on_access_token_id", using: :btree
   add_index "sso_sessions", ["application_id"], name: "index_sso_sessions_on_application_id", using: :btree
-  add_index "sso_sessions", ["group_id"], name: "index_sso_sessions_on_group_id", using: :btree
   add_index "sso_sessions", ["owner_id", "access_token_id", "application_id"], name: "one_access_token_per_owner", unique: true, where: "((revoked_at IS NULL) AND (access_token_id IS NOT NULL))", using: :btree
   add_index "sso_sessions", ["owner_id"], name: "index_sso_sessions_on_owner_id", using: :btree
   add_index "sso_sessions", ["revoke_reason"], name: "index_sso_sessions_on_revoke_reason", using: :btree

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper_sso
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.4.6
 platform: ruby
 authors:
 - John Wong
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-23 00:00:00.000000000 Z
+date: 2015-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden
@@ -338,6 +338,7 @@ files:
 - app/models/sso/notifier.rb
 - app/models/sso/pingback.rb
 - app/models/sso/session.rb
+- app/serializers/sso/client_serializer.rb
 - app/serializers/sso/owner_serializer.rb
 - app/serializers/sso/session_serializer.rb
 - app/views/layouts/doorkeeper/admin.html.erb
@@ -348,6 +349,8 @@ files:
 - db/migrate/20150521142926_create_sso_clients.rb
 - db/migrate/20150521165143_remove_extra_columns_from_sso_sessions.rb
 - db/migrate/20150603145730_add_pingback_uri_to_doorkeeper_applications.rb
+- db/migrate/20151030064515_add_device_information_to_sso_clients.rb
+- db/migrate/20151104090509_remove_group_id_from_sessions.rb
 - lib/doorkeeper_sso.rb
 - lib/sso.rb
 - lib/sso/doorkeeper/access_grant_mixin.rb
@@ -361,7 +364,6 @@ files:
 - lib/sso/doorkeeper/oauth/authorization_code_request_mixin.rb
 - lib/sso/doorkeeper/oauth/base.rb
 - lib/sso/engine.rb
-- lib/sso/engine.rb.orig
 - lib/sso/logging.rb
 - lib/sso/version.rb
 - lib/sso/warden/hooks/before_logout.rb
@@ -393,6 +395,7 @@ files:
 - spec/support/database_cleaner.rb
 - spec/support/devise.rb
 - spec/support/fabrication.rb
+- spec/support/shoulda_matchers.rb
 - spec/support/vcr.rb
 - spec/test_app/Rakefile
 - spec/test_app/app/controllers/application_controller.rb
@@ -452,6 +455,7 @@ test_files:
 - spec/support/database_cleaner.rb
 - spec/support/devise.rb
 - spec/support/fabrication.rb
+- spec/support/shoulda_matchers.rb
 - spec/support/vcr.rb
 - spec/test_app/app/controllers/application_controller.rb
 - spec/test_app/app/models/user.rb

data/lib/sso/engine.rb.orig

@@ -1,71 +0,0 @@
-module Sso
-  class Engine < ::Rails::Engine
-    isolate_namespace Sso
-
-    # New test framework integration
-    config.generators do |g|
-      g.test_framework  :rspec,
-                        :fixtures => true,
-                        :view_specs => false,
-                        :helper_specs => false,
-                        :routing_specs => false,
-                        :controller_specs => true,
-                        :request_specs => false
-      g.fixture_replacement :fabrication
-    end
-
-    initializer :append_migrations do |app|
-      unless app.root.to_s.match root.to_s
-        config.paths["db/migrate"].expanded.each do |expanded_path|
-          app.config.paths["db/migrate"] << expanded_path
-        end
-      end
-    end
-
-    config.before_initialize do
-      [::Sso::Logging, ::Wisper::Publisher].each do |klass|
-        ::Doorkeeper::OAuth::RequestConcern.send(:include, klass)
-        ::Doorkeeper::OAuth::Authorization::Code.send(:include, klass)
-        ::Doorkeeper::OAuth::Authorization::Token.send(:include, klass)
-      end
-
-      ::Doorkeeper::ApplicationMetalController.send(:include, ::AbstractController::Callbacks)
-
-      # need a better way to fix this
-      ::Doorkeeper::OAuth::RequestConcern.class_eval do
-        def after_successful_response
-          raise "RequestConcern#token - #{@access_token.inspect}"
-          broadcast(:access_token_request_successful, @access_token.id)
-          super
-        end
-      end
-    end
-
-    config.after_initialize do
-
-      ::Doorkeeper::OAuth::Authorization::Code.send(:prepend, ::Sso::Doorkeeper::Authorization::CodeMixin)
-      ::Doorkeeper::OAuth::Authorization::Token.send(:prepend, ::Sso::Doorkeeper::Authorization::TokenMixin)
-      ::Doorkeeper::Application.send(:include,  ::Sso::Doorkeeper::ApplicationMixin)
-      ::Doorkeeper::AccessGrant.send(:include,  ::Sso::Doorkeeper::AccessGrantMixin)
-      ::Doorkeeper::AccessToken.send(:include,  ::Sso::Doorkeeper::AccessTokenMixin)
-      ::Doorkeeper::ApplicationMetalController.send(:include, ::Sso::Doorkeeper::ApplicationControllerMixin)
-      ::Doorkeeper::ApplicationController.send(:include, ::Sso::Doorkeeper::ApplicationControllerMixin)
-      # ::Doorkeeper::TokensController.send(:include, ::AbstractController::Callbacks)
-      # ::Doorkeeper::TokensController.send(:include, ::Sso::Doorkeeper::TokensControllerMixin)
-      # ::Doorkeeper::AuthorizationsController.send(:include, ::Sso::Doorkeeper::AuthorizationsControllerMixin)
-
-<<<<<<< HEAD
-      ::Warden::Manager.after_set_user(scope: :user, &::Sso::Warden::Hooks::CreateMasterSession.to_proc)
-=======
->>>>>>> Use wisper to broadcast when token is created
-      ::Warden::Manager.after_set_user(scope: :user, except: :fetch, &::Sso::Warden::Hooks::CreateMasterSession.to_proc)
-      ::Warden::Manager.before_logout(scope: :user, &::Sso::Warden::Hooks::BeforeLogout.to_proc)
-
-      # TODO : Do we want to ensure that session is always active?
-      # ::Warden::Manager.after_fetch(scope: :user, &::Sso::Warden::Hooks::SessionCheck.to_proc)
-
-      # TODO : Why does it need a passport strategy
-      # Warden::Strategies.add :passport, ::Sso::Server::Warden::Strategies::Passport
-    end
-  end
-end