doorkeeper_sso_client 0.0.1.pre.alpha → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4cdcda620355889e78cb8e033d7ace6c3312ba0f
-  data.tar.gz: 91719886d17b09dafc3606b60692c08ea28125ca
+  metadata.gz: b20a41c970791aa17e049ba5b375a8745f7c5895
+  data.tar.gz: b7c40a6461323545a359b9950ad8533f8a8c1225
 SHA512:
-  metadata.gz: d8bfce94aebfd8a72c9677c911b99c92346c5e30ed0cb86908b5e0218b50c7f62d00006615840f81c8944739dcce279dfc0a02a158456d12b3374bb18573eb58
-  data.tar.gz: edb32e33342910eab0d9f338cae273e012007dd88d74d8d8c02967dc62f84050f08c745e54692fc2669b008c8aef46133bd7aebd2fa1c13080650b8b167b0993
+  metadata.gz: b79efaa840dd3e0c778fa178b457c9ef3f3a0abc78148d761dbf5c58994892215769fc594af6519d8fcb3bc1ea3ef81d1c6a9565b8a7a003d4c105e701503e1a
+  data.tar.gz: d67a3acf1bb2fa20e2251e62fe2930381d0b2e1e0f458b668c1ef2dd69baa916d8225c3a5bd6667cee8e53ffc44bf58db57c7e3e134c53ec63a96e3443cc1f0d

data/lib/doorkeeper_sso_client/config.rb

@@ -0,0 +1,16 @@
+require 'mixlib/config'
+
+module DoorkeeperSsoClient
+  # Temporary hardcoded config module
+  class Config
+    extend Mixlib::Config
+
+    config_strict_mode true
+    configurable :oauth_client_id
+    configurable :oauth_client_secret
+    configurable :base_uri
+    default :sessions_path, '/sso/sessions'
+    default :passport_verification_timeout_ms, 200
+  end
+
+end

data/lib/doorkeeper_sso_client/engine.rb

@@ -0,0 +1,17 @@
+module DoorkeeperSsoClient
+  class Engine < ::Rails::Engine
+    isolate_namespace DoorkeeperSsoClient
+
+    # New test framework integration
+    config.generators do |g|
+      g.test_framework  :rspec,
+                        :fixtures => true,
+                        :view_specs => false,
+                        :helper_specs => false,
+                        :routing_specs => false,
+                        :controller_specs => true,
+                        :request_specs => false
+      g.fixture_replacement :fabrication
+    end
+  end
+end

data/lib/doorkeeper_sso_client/logging.rb

@@ -0,0 +1,60 @@
+require 'active_support/concern'
+
+module DoorkeeperSsoClient
+  # One thing tha bugs me is when I cannot see which part of the code caused a log message.
+  # This mixin will include the current class name as Logger `progname` so you can show that it in your logfiles.
+  #
+  module Logging
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def debug(&block)
+        logger && logger.debug(progname, &block)
+      end
+
+      def info(&block)
+        logger && logger.info(progname, &block)
+      end
+
+      def warn(&block)
+        logger && logger.warn(progname, &block)
+      end
+
+      def error(&block)
+        logger && logger.error(progname, &block)
+      end
+
+      def fatal(&block)
+        logger && logger.fatal(progname, &block)
+      end
+
+      def progname
+        self.to_s
+      end
+
+      def logger
+        Rails.logger
+      end
+    end #class_methods
+
+    def debug(&block)
+      self.class.debug(&block)
+    end
+
+    def info(&block)
+      self.class.info(&block)
+    end
+
+    def warn(&block)
+      self.class.warn(&block)
+    end
+
+    def error(&block)
+      self.class.error(&block)
+    end
+
+    def fatal(&block)
+      self.class.fatal(&block)
+    end
+  end
+end

data/lib/doorkeeper_sso_client/passport_verifier.rb

@@ -0,0 +1,146 @@
+module DoorkeeperSsoClient
+  class PassportVerifier
+
+    attr_reader :passport_id, :passport_state, :passport_secret, :user_ip, :user_agent, :device_id
+
+    def initialize(options = {})
+      options = ActionController::Parameters.new(options)
+      options.require(:passport_id, :passport_state, :passport_secret, :user_ip)
+      options.permit(:user_agent, :device_id)
+
+      options.each { |k,v| instance_variable_set("@#{k}",v) }
+    end
+
+    def call
+      fetch_response { |failure| return failure }
+      interpret_response
+
+    rescue ::JSON::ParserError
+      error { 'SSO Server response is not valid JSON.' }
+      error { response.inspect }
+      Operations.failure :server_response_not_parseable, object: response
+    end
+
+    def human_readable_timeout_in_ms
+      "#{timeout_in_milliseconds}ms"
+    end
+
+    private
+
+    def fetch_response
+      yield Operations.failure(:server_unreachable, object: response)                   unless response.code.to_s == '200'
+      yield Operations.failure(:server_response_not_parseable, object: response)        unless parsed_response
+      yield Operations.failure(:server_response_missing_success_flag, object: response) unless response_has_success_flag?
+      Operations.success :server_response_looks_legit
+    end
+
+    def interpret_response
+      debug { "Interpreting response code #{response_code.inspect}" }
+
+      case response_code
+      when :passpord_unmodified then Operations.success(:passport_valid)
+      when :passport_changed    then Operations.success(:passport_valid_and_modified, object: received_passport)
+      when :passport_invalid    then Operations.failure(:passport_invalid)
+      else                           Operations.failure(:unexpected_server_response_status, object: response)
+      end
+    end
+
+    def response_code
+      return :unknown_response_code if parsed_response['code'].to_s == ''
+      parsed_response['code'].to_s.to_sym
+    end
+
+    def received_passport
+      ::DoorkeeperSsoClient::Passport.new received_passport_attributes
+
+    rescue ArgumentError
+      error { "Could not instantiate Passport from serialized response #{received_passport_attributes.inspect}" }
+      raise
+    end
+
+    def received_passport_attributes
+      attributes = parsed_response['passport']
+      attributes.keys.each do |key|
+        attributes[(key.to_sym rescue key) || key] = attributes.delete(key)
+      end
+      attributes
+    end
+
+    def params
+      result = { ip: user_ip, agent: user_agent, device_id: device_id, state: passport_state }
+      result.merge! insider_id: insider_id, insider_signature: insider_signature
+      result
+    end
+
+    def insider_id
+      ::Sso.config.oauth_client_id
+    end
+
+    def insider_secret
+      ::Sso.config.oauth_client_secret
+    end
+
+    def insider_signature
+      ::OpenSSL::HMAC.hexdigest signature_digest, insider_secret, user_ip
+    end
+
+    def signature_digest
+      OpenSSL::Digest.new 'sha1'
+    end
+
+    def token
+      Signature::Token.new passport_id, passport_secret
+    end
+
+    def signature_request
+      Signature::Request.new('GET', path, params)
+    end
+
+    def auth_hash
+      signature_request.sign token
+    end
+
+    def timeout_in_milliseconds
+      ::Sso.config.passport_verification_timeout_ms.to_i
+    end
+
+    def timeout_in_seconds
+      (timeout_in_milliseconds / 1000).round 2
+    end
+
+    # TODO: Needs to be configurable
+    def path
+      ::OmniAuth::Strategies::DoorkeeperSso.sessions_path
+    end
+
+    def base_endpoint
+      ::OmniAuth::Strategies::DoorkeeperSso.endpoint
+    end
+
+    def endpoint
+      URI.join(base_endpoint, path).to_s
+    end
+
+    def query_params
+      params.merge auth_hash
+    end
+
+    def response
+      @response ||= response!
+    end
+
+    def response!
+      debug { "Fetching Passport from #{endpoint.inspect}" }
+      ::HTTParty.get endpoint, timeout: timeout_in_seconds, query: query_params, headers: { 'Accept' => 'application/json' }
+    end
+
+    def parsed_response
+      response.parsed_response
+    end
+
+    def response_has_success_flag?
+      parsed_response && parsed_response.respond_to?(:key?) && (parsed_response.key?('success') || parsed_response.key?(:success))
+    end
+
+  end
+end

data/lib/doorkeeper_sso_client/version.rb

@@ -1,3 +1,3 @@
 module DoorkeeperSsoClient
-  VERSION = "0.0.1-alpha"
+  VERSION = "0.2.1"
 end

data/lib/doorkeeper_sso_client/warden/hooks/after_fetch.rb

@@ -0,0 +1,134 @@
+module DoorkeeperSsoClient
+  module Warden
+    module Hooks
+      # This is a helpful `Warden::Manager.after_fetch` hook for Alpha and Beta.
+      # Whenever Carol is fetched out of the session, we also verify her resource.
+      #
+      # Usage:
+      #
+      #   SSO::Client::Warden::Hooks::AfterFetch.activate scope: :vip
+      #
+      class AfterFetch
+        include ::DoorkeeperSsoClient::Logging
+
+        attr_reader :resource, :warden, :options
+        delegate :request, to: :warden
+        delegate :params, to: :request
+
+        def self.activate(warden_options)
+          ::Warden::Manager.after_fetch(warden_options) do |resource, warden, options|
+            self.new(resource, warden, options).call
+          end
+        end
+
+        def initialize(resource, warden, options)
+          @resource, @warden, @options = resource, warden, options
+        end
+
+        def call
+          return unless resource.is_a?(Session)
+          verify
+
+        rescue ::Timeout::Error
+          error { 'SSO Server timed out. Continuing with last known authentication/authorization...' }
+          Operations.failure :server_request_timed_out
+
+        rescue => exception
+          raise exception
+          Operations.failure :client_exception_caught
+        end
+
+        private
+
+        def verifier
+          ::DoorkeeperSsoClient::PassportVerifier.new resource_id: resource.id, resource_state: resource.state, resource_secret: resource.secret, user_ip: ip, user_agent: agent, device_id: device_id
+        end
+
+        def verification
+          @verification ||= verifier.call
+        end
+
+        def verification_code
+          verification.code
+        end
+
+        def verification_object
+          verification.object
+        end
+
+        def verify
+          debug { "Validating Passport #{resource.id.inspect} of logged in #{resource.user.class} in scope #{warden_scope.inspect}" }
+
+          case verification_code
+          when :server_unreachable                    then server_unreachable!
+          when :server_response_not_parseable         then server_response_not_parseable!
+          when :server_response_missing_success_flag  then server_response_missing_success_flag!
+          when :resource_valid                        then resource_valid!
+          when :resource_valid_and_modified           then resource_valid_and_modified!(verification.object)
+          when :resource_invalid                      then resource_invalid!
+          else                                             unexpected_server_response_status!
+          end
+        end
+
+        def resource_valid_and_modified!(modified_resource)
+          debug { 'Valid resource, but state changed' }
+          resource.verified!
+          resource.modified!
+          resource.user = modified_resource.user
+          resource.state = modified_resource.state
+          Operations.success :valid_and_modified
+        end
+
+        def resource_valid!
+          debug { 'Valid resource, no changes' }
+          resource.verified!
+          Operations.success :valid
+        end
+
+        def resource_invalid!
+          info { 'Your Passport is not valid any more.' }
+          warden.logout warden_scope
+          Operations.failure :invalid
+        end
+
+        def server_unreachable!
+          error { "SSO Server responded with an unexpected HTTP status code (#{verification_code.inspect} instead of 200). #{verification_object.inspect}" }
+          Operations.failure :server_unreachable
+        end
+
+        def server_response_missing_success_flag!
+          error { 'SSO Server response did not include the expected success flag.' }
+          Operations.failure :server_response_missing_success_flag
+        end
+
+        def unexpected_server_response_status!
+          error { "SSO Server response did not include a known resource status code. #{verification_code.inspect}" }
+          Operations.failure :unexpected_server_response_status
+        end
+
+        def server_response_not_parseable!
+          error { 'SSO Server response could not be parsed at all.' }
+          Operations.failure :server_response_not_parseable
+        end
+
+        # TODO: Use ActionDispatch remote IP or you might get the Load Balancer's IP instead :(
+        def ip
+          request.ip
+        end
+
+        def agent
+          request.user_agent
+        end
+
+        def device_id
+          params['device_id']
+        end
+
+        def warden_scope
+          options[:scope]
+        end
+
+      end
+    end
+  end
+end

data/lib/doorkeeper_sso_client.rb

@@ -1,2 +1,13 @@
+require "doorkeeper_sso_client/engine"
+require 'doorkeeper_sso_client/config'
+require 'doorkeeper_sso_client/logging'
+require 'doorkeeper_sso_client/passport_verifier'
+require 'doorkeeper_sso_client/warden/hooks/after_fetch'
+require 'doorkeeper_sso_client/version'
+require 'omniauth/strategies/doorkeeper_sso'
+
 module DoorkeeperSsoClient
+  def self.table_name_prefix
+    'sso_client_'
+  end
 end

data/lib/omniauth/strategies/doorkeeper_sso.rb

@@ -0,0 +1,62 @@
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    class DoorkeeperSso < OmniAuth::Strategies::OAuth2
+      option :name, :doorkeeper_sso
+      option :client_options, {
+        site: 'https://sso.example.com',
+        authorize_path: '/oauth/authorize',
+        sso_sessions_path: '/sso/sessions',
+        user_info_path: nil
+      }
+
+      option :fields, [:email, :name, :first_name, :last_name]
+      option :uid_field, :id
+
+      attr_accessor :passport
+
+      uid do
+        user_info[options.uid_field.to_s]
+      end
+
+      info do
+        options.fields.inject({}) do |hash, field|
+          hash[field] = user_info[field.to_s]
+          hash
+        end
+      end
+
+      extra do
+        {
+          :passport_id     => passport_info["id"],
+          :passport_secret => passport_info["secret"]
+        }
+      end
+
+      def user_info
+        @user_info ||=  if options.client_options.user_info_path
+                          access_token.get(options.client_options.user_info_path).parsed["response"]
+                        else
+                          passport_info["owner"]
+                        end
+      end
+
+      def passport_info
+        params = { ip: request.ip, agent: request.user_agent }
+        @passport_info ||= access_token.post(options.client_options.sso_sessions_path, params: params).parsed
+      end
+
+      def call_app!
+        self.passport = create_passport
+        super
+      end
+
+    protected
+      def create_passport
+        ::DoorkeeperSsoClient::Passport.create_from_omniauth(env['omniauth.auth'])
+      end
+
+    end
+  end
+end

data/spec/controllers/doorkeeper_sso_client/callbacks_controller_spec.rb

@@ -0,0 +1,7 @@
+require 'rails_helper'
+
+module DoorkeeperSsoClient
+  RSpec.describe CallbacksController, type: :controller do
+
+  end
+end

data/spec/fabricators/user_fabricator.rb

@@ -0,0 +1,6 @@
+Fabricator(:user) do
+  first_name { FFaker::Name.first_name }
+  last_name { FFaker::Name.last_name }
+  name { |attrs| [attrs[:first_name], attrs[:last_name]].join(" ") }
+  email { FFaker::Internet.email }
+end

data/spec/lib/doorkeeper_sso_client/config_spec.rb

@@ -0,0 +1,35 @@
+require 'rails_helper'
+
+RSpec.describe ::DoorkeeperSsoClient::Config do
+
+  before(:each) do
+    ::DoorkeeperSsoClient::Config.reset
+  end
+
+  pending "no config" do
+    it { expect(::DoorkeeperSsoClient::Config.oauth_client_id).to raise_error }
+  end
+
+  context "with config" do
+
+    before(:each) do
+      ::DoorkeeperSsoClient::Config.reset
+      ::DoorkeeperSsoClient::Config.configure do |config|
+        config[:oauth_client_id] = 123
+        config[:oauth_client_secret] = 'abc'
+        config[:base_uri] = 'http://localhost'
+      end
+    end
+
+    describe "stores config" do
+      it { expect(::DoorkeeperSsoClient::Config.oauth_client_id).to eq 123 }
+      it { expect(::DoorkeeperSsoClient::Config.oauth_client_secret).to eq 'abc' }
+      it { expect(::DoorkeeperSsoClient::Config.base_uri).to eq 'http://localhost' }
+    end
+
+    describe "have default values" do
+      it { expect(::DoorkeeperSsoClient::Config.sessions_path).to eq '/sso/sessions' }
+      it { expect(::DoorkeeperSsoClient::Config.passport_verification_timeout_ms).to eq 200 }
+    end
+  end
+end

data/spec/models/passport_spec.rb

@@ -0,0 +1,15 @@
+require 'rails_helper'
+
+RSpec.describe DoorkeeperSsoClient::Passport, :type => :model do
+  let(:user) { Fabricate(:user) }
+
+  describe "associations" do
+    it { is_expected.to belong_to(:identity) }
+  end
+
+  describe "validations" do
+    it { is_expected.to validate_presence_of(:uid) }
+    it { is_expected.to validate_uniqueness_of(:uid) }
+  end
+
+end

data/spec/rails_helper.rb

@@ -0,0 +1,75 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV["RAILS_ENV"] ||= 'test'
+
+# SimpleCov for rails
+require 'simplecov'
+SimpleCov.start 'rails'
+
+require 'spec_helper'
+# require File.expand_path("../test_app/config/environment", __FILE__)
+
+# Combustion ordering for requires
+require 'combustion'
+# require 'capybara/rspec'
+
+Combustion.path = 'spec/test_app'
+Combustion.initialize! :all
+
+
+require 'rspec/rails'
+# require 'capybara/rails'
+require 'shoulda/matchers'
+require 'fabrication'
+require 'vcr'
+
+# Add additional requires below this line. Rails is not loaded until this point!
+
+# Requires supporting ruby files with custom matchers and macros, etc, in
+# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
+# run as spec files by default. This means that files in spec/support that end
+# in _spec.rb will both be required and run as specs, causing the specs to be
+# run twice. It is recommended that you do not name files matching this glob to
+# end with _spec.rb. You can configure this pattern with the --pattern
+# option on the command line or in ~/.rspec, .rspec or `.rspec-local`.
+#
+# The following line is provided for convenience purposes. It has the downside
+# of increasing the boot-up time by auto-requiring all files in the support
+# directory. Alternatively, in the individual `*_spec.rb` files, manually
+# require only the support files necessary.
+#
+Dir[Rails.root.join("../support/**/*.rb")].each { |f| require f }
+
+# Require fabricators manually
+Dir[Rails.root.join("../fabricators/**/*fabricator.rb")].each { |f| require f }
+
+# Checks for pending migrations before tests are run.
+# If you are not using ActiveRecord, you can remove this line.
+ActiveRecord::Migration.maintain_test_schema!
+
+RSpec.configure do |config|
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  # config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true
+
+  # RSpec Rails can automatically mix in different behaviours to your tests
+  # based on their file location, for example enabling you to call `get` and
+  # `post` in specs under `spec/controllers`.
+  #
+  # You can disable this behaviour by removing the line below, and instead
+  # explicitly tag your specs with their type, e.g.:
+  #
+  #     RSpec.describe UsersController, :type => :controller do
+  #       # ...
+  #     end
+  #
+  # The different available types are documented in the features, such as in
+  # https://relishapp.com/rspec/rspec-rails/docs
+  config.infer_spec_type_from_file_location!
+
+  # Include named routes
+  config.include Rails.application.routes.url_helpers
+end

data/spec/spec_helper.rb

@@ -0,0 +1,84 @@
+# This file was generated by the `rails generate rspec:install` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause this
+# file to always be loaded, without a need to explicitly require it in any files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+
+require 'webmock/rspec'
+
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    # be_bigger_than(2).and_smaller_than(4).description
+    #   # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #   # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  # Limits the available syntax to the non-monkey patched syntax that is recommended.
+  # For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'NyanCatWideFormatter'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+end

data/spec/support/database_cleaner.rb

@@ -0,0 +1,23 @@
+RSpec.configure do |config|
+
+  config.before(:suite) do
+    DatabaseCleaner.clean_with(:truncation)
+  end
+
+  config.before(:each) do
+    DatabaseCleaner.strategy = :truncation
+  end
+
+  config.before(:each, :js => true) do
+    DatabaseCleaner.strategy = :truncation
+  end
+
+  config.before(:each) do
+    DatabaseCleaner.start
+  end
+
+  config.after(:each) do
+    DatabaseCleaner.clean
+  end
+
+end

data/spec/support/fabrication.rb

@@ -0,0 +1,4 @@
+Fabrication.configure do |config|
+  config.path_prefix = Rails.root
+  config.sequence_start = 1
+end

data/spec/support/vcr.rb

@@ -0,0 +1,8 @@
+VCR.configure do |c|
+  #the directory where your cassettes will be saved
+  c.cassette_library_dir = 'spec/cassette_library'
+  # your HTTP request service. You can also use fakeweb, webmock, and more
+  c.hook_into :webmock
+  c.configure_rspec_metadata!
+  c.ignore_hosts 'codeclimate.com'
+end

data/spec/test_app/Rakefile

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+require 'combustion'
+
+Combustion.path = 'spec/test_app'
+Combustion.initialize! :all
+Combustion::Application.load_tasks

data/spec/test_app/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/test_app/app/models/user.rb

@@ -0,0 +1,7 @@
+class User < ActiveRecord::Base
+
+  has_one :passport, as: :identity
+
+  validates :email, :first_name, presence: true
+
+end

data/spec/test_app/config/database.yml

@@ -0,0 +1,10 @@
+default: &default
+  adapter: postgresql
+  encoding: unicode
+  # For details on connection pooling, see rails configuration guide
+  # http://guides.rubyonrails.org/configuring.html#database-pooling
+  pool: 5
+
+test:
+  <<: *default
+  database: doorkeeper_sso_client_test

data/spec/test_app/db/schema.rb

@@ -0,0 +1,54 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20150603155315) do
+
+  # These are extensions that must be enabled in order to support this database
+  enable_extension "plpgsql"
+
+  create_table "sso_client_passports", force: :cascade do |t|
+    t.integer  "identity_id"
+    t.string   "identity_type"
+    t.string   "secret"
+    t.string   "state"
+    t.string   "chip"
+    t.string   "user"
+    t.boolean  "verified",      default: false
+    t.boolean  "modified",      default: false
+    t.datetime "created_at",                    null: false
+    t.datetime "updated_at",                    null: false
+    t.integer  "expiry"
+    t.string   "uid",                           null: false
+    t.string   "token"
+    t.string   "refresh_token"
+    t.integer  "token_expiry"
+    t.datetime "revoked_at"
+    t.string   "revoke_reason"
+    t.datetime "last_login_at"
+  end
+
+  add_index "sso_client_passports", ["identity_type", "identity_id"], name: "index_sso_client_passports_on_identity_type_and_identity_id", using: :btree
+
+  create_table "users", force: :cascade do |t|
+    t.string   "email",                     null: false
+    t.string   "name"
+    t.string   "first_name"
+    t.string   "last_name"
+    t.string   "lang",       default: "EN"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper_sso_client
 version: !ruby/object:Gem::Version
-  version: 0.0.1.pre.alpha
+  version: 0.2.1
 platform: ruby
 authors:
 - John Wong
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-01 00:00:00.000000000 Z
+date: 2015-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,34 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: '3'
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: mixlib-config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -38,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: warden
   requirement: !ruby/object:Gem::Requirement
@@ -53,19 +95,201 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: operation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+- !ruby/object:Gem::Dependency
+  name: api-auth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: shoulda-matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: fabrication
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.9'
+- !ruby/object:Gem::Dependency
+  name: nyan-cat-formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.11'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+- !ruby/object:Gem::Dependency
+  name: ffaker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1'
 description: Provides SSO auth functionality based on Omniauth
 email:
 - john@flexnode.com
@@ -74,8 +298,28 @@ extensions: []
 extra_rdoc_files: []
 files:
 - lib/doorkeeper_sso_client.rb
+- lib/doorkeeper_sso_client/config.rb
+- lib/doorkeeper_sso_client/engine.rb
+- lib/doorkeeper_sso_client/logging.rb
+- lib/doorkeeper_sso_client/passport_verifier.rb
 - lib/doorkeeper_sso_client/version.rb
+- lib/doorkeeper_sso_client/warden/hooks/after_fetch.rb
+- lib/omniauth/strategies/doorkeeper_sso.rb
 - lib/tasks/doorkeeper_sso_client_tasks.rake
+- spec/controllers/doorkeeper_sso_client/callbacks_controller_spec.rb
+- spec/fabricators/user_fabricator.rb
+- spec/lib/doorkeeper_sso_client/config_spec.rb
+- spec/models/passport_spec.rb
+- spec/rails_helper.rb
+- spec/spec_helper.rb
+- spec/support/database_cleaner.rb
+- spec/support/fabrication.rb
+- spec/support/vcr.rb
+- spec/test_app/Rakefile
+- spec/test_app/app/controllers/application_controller.rb
+- spec/test_app/app/models/user.rb
+- spec/test_app/config/database.yml
+- spec/test_app/db/schema.rb
 homepage: https://github.com/flexnode/sso_client
 licenses:
 - MIT
@@ -91,14 +335,28 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Client gem for flexnode/doorkeeper_sso
-test_files: []
+test_files:
+- spec/controllers/doorkeeper_sso_client/callbacks_controller_spec.rb
+- spec/fabricators/user_fabricator.rb
+- spec/lib/doorkeeper_sso_client/config_spec.rb
+- spec/models/passport_spec.rb
+- spec/rails_helper.rb
+- spec/spec_helper.rb
+- spec/support/database_cleaner.rb
+- spec/support/fabrication.rb
+- spec/support/vcr.rb
+- spec/test_app/app/controllers/application_controller.rb
+- spec/test_app/app/models/user.rb
+- spec/test_app/config/database.yml
+- spec/test_app/db/schema.rb
+- spec/test_app/Rakefile
 has_rdoc: