filiptepper-oauth-plugin 0.3.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (74) hide show
  1. data/.gitignore +5 -0
  2. data/CHANGELOG +101 -0
  3. data/MIT-LICENSE +20 -0
  4. data/README.rdoc +376 -0
  5. data/Rakefile +38 -0
  6. data/VERSION +1 -0
  7. data/generators/oauth_consumer/USAGE +10 -0
  8. data/generators/oauth_consumer/oauth_consumer_generator.rb +50 -0
  9. data/generators/oauth_consumer/templates/consumer_token.rb +5 -0
  10. data/generators/oauth_consumer/templates/controller.rb +19 -0
  11. data/generators/oauth_consumer/templates/index.html.erb +29 -0
  12. data/generators/oauth_consumer/templates/index.html.haml +18 -0
  13. data/generators/oauth_consumer/templates/migration.rb +20 -0
  14. data/generators/oauth_consumer/templates/oauth_config.rb +41 -0
  15. data/generators/oauth_consumer/templates/show.html.erb +7 -0
  16. data/generators/oauth_consumer/templates/show.html.haml +8 -0
  17. data/generators/oauth_provider/USAGE +20 -0
  18. data/generators/oauth_provider/lib/insert_routes.rb +67 -0
  19. data/generators/oauth_provider/oauth_provider_generator.rb +125 -0
  20. data/generators/oauth_provider/templates/_form.html.erb +17 -0
  21. data/generators/oauth_provider/templates/_form.html.haml +21 -0
  22. data/generators/oauth_provider/templates/access_token.rb +16 -0
  23. data/generators/oauth_provider/templates/authorize.html.erb +14 -0
  24. data/generators/oauth_provider/templates/authorize.html.haml +16 -0
  25. data/generators/oauth_provider/templates/authorize_failure.html.erb +1 -0
  26. data/generators/oauth_provider/templates/authorize_failure.html.haml +1 -0
  27. data/generators/oauth_provider/templates/authorize_success.html.erb +1 -0
  28. data/generators/oauth_provider/templates/authorize_success.html.haml +1 -0
  29. data/generators/oauth_provider/templates/client_application.rb +55 -0
  30. data/generators/oauth_provider/templates/client_application_spec.rb +29 -0
  31. data/generators/oauth_provider/templates/client_application_test.rb +42 -0
  32. data/generators/oauth_provider/templates/client_applications.yml +23 -0
  33. data/generators/oauth_provider/templates/clients_controller.rb +52 -0
  34. data/generators/oauth_provider/templates/clients_controller_spec.rb +239 -0
  35. data/generators/oauth_provider/templates/clients_controller_test.rb +280 -0
  36. data/generators/oauth_provider/templates/controller.rb +11 -0
  37. data/generators/oauth_provider/templates/controller_spec.rb +367 -0
  38. data/generators/oauth_provider/templates/controller_spec_helper.rb +80 -0
  39. data/generators/oauth_provider/templates/controller_test.rb +310 -0
  40. data/generators/oauth_provider/templates/controller_test_helper.rb +115 -0
  41. data/generators/oauth_provider/templates/edit.html.erb +7 -0
  42. data/generators/oauth_provider/templates/edit.html.haml +4 -0
  43. data/generators/oauth_provider/templates/index.html.erb +43 -0
  44. data/generators/oauth_provider/templates/index.html.haml +39 -0
  45. data/generators/oauth_provider/templates/migration.rb +46 -0
  46. data/generators/oauth_provider/templates/new.html.erb +5 -0
  47. data/generators/oauth_provider/templates/new.html.haml +5 -0
  48. data/generators/oauth_provider/templates/oauth_nonce.rb +13 -0
  49. data/generators/oauth_provider/templates/oauth_nonce_spec.rb +24 -0
  50. data/generators/oauth_provider/templates/oauth_nonce_test.rb +26 -0
  51. data/generators/oauth_provider/templates/oauth_nonces.yml +13 -0
  52. data/generators/oauth_provider/templates/oauth_token.rb +31 -0
  53. data/generators/oauth_provider/templates/oauth_token_spec.rb +309 -0
  54. data/generators/oauth_provider/templates/oauth_token_test.rb +57 -0
  55. data/generators/oauth_provider/templates/oauth_tokens.yml +17 -0
  56. data/generators/oauth_provider/templates/request_token.rb +40 -0
  57. data/generators/oauth_provider/templates/show.html.erb +27 -0
  58. data/generators/oauth_provider/templates/show.html.haml +30 -0
  59. data/init.rb +1 -0
  60. data/install.rb +2 -0
  61. data/lib/oauth-plugin.rb +1 -0
  62. data/lib/oauth/controllers/application_controller_methods.rb +110 -0
  63. data/lib/oauth/controllers/consumer_controller.rb +76 -0
  64. data/lib/oauth/controllers/provider_controller.rb +111 -0
  65. data/lib/oauth/models/consumers/service_loader.rb +18 -0
  66. data/lib/oauth/models/consumers/services/agree2_token.rb +15 -0
  67. data/lib/oauth/models/consumers/services/fireeagle_token.rb +39 -0
  68. data/lib/oauth/models/consumers/services/twitter_token.rb +18 -0
  69. data/lib/oauth/models/consumers/token.rb +60 -0
  70. data/oauth-plugin.gemspec +112 -0
  71. data/rails/init.rb +7 -0
  72. data/tasks/oauth_tasks.rake +4 -0
  73. data/uninstall.rb +1 -0
  74. metadata +136 -0
@@ -0,0 +1,80 @@
1
+ module OAuthControllerSpecHelper
2
+ def login
3
+ controller.stub!(:local_request?).and_return(true)
4
+ @user = mock_model(User)
5
+ controller.stub!(:current_user).and_return(@user)
6
+ @tokens = []
7
+ @tokens.stub!(:find).and_return(@tokens)
8
+ @user.stub!(:tokens).and_return(@tokens)
9
+ User.stub!(:find_by_id).and_return(@user)
10
+ end
11
+
12
+ def login_as_application_owner
13
+ login
14
+ @client_application = mock_model(ClientApplication)
15
+ @client_applications = [@client_application]
16
+
17
+ @user.stub!(:client_applications).and_return(@client_applications)
18
+ @client_applications.stub!(:find).and_return(@client_application)
19
+ end
20
+
21
+ def setup_oauth
22
+ controller.stub!(:local_request?).and_return(true)
23
+ @user||=mock_model(User)
24
+
25
+ User.stub!(:find_by_id).and_return(@user)
26
+
27
+ @server = OAuth::Server.new "http://test.host"
28
+ @consumer = OAuth::Consumer.new('key', 'secret',{:site => "http://test.host"})
29
+
30
+ @client_application = mock_model(ClientApplication)
31
+ controller.stub!(:current_client_application).and_return(@client_application)
32
+ ClientApplication.stub!(:find_by_key).and_return(@client_application)
33
+ @client_application.stub!(:key).and_return(@consumer.key)
34
+ @client_application.stub!(:secret).and_return(@consumer.secret)
35
+ @client_application.stub!(:name).and_return("Client Application name")
36
+ @client_application.stub!(:callback_url).and_return("http://application/callback")
37
+ @request_token = mock_model(RequestToken, :token => 'request_token', :client_application => @client_application, :secret => "request_secret", :user => @user)
38
+ @request_token.stub!(:invalidated?).and_return(false)
39
+ ClientApplication.stub!(:find_token).and_return(@request_token)
40
+
41
+ @request_token_string="oauth_token=request_token&oauth_token_secret=request_secret"
42
+ @request_token.stub!(:to_query).and_return(@request_token_string)
43
+ @request_token.stub!(:expired?).and_return(false)
44
+ @request_token.stub!(:callback_url).and_return(nil)
45
+ @request_token.stub!(:verifier).and_return("verifyme")
46
+ @request_token.stub!(:oauth10?).and_return(false)
47
+ @request_token.stub!(:oob?).and_return(true)
48
+
49
+ @access_token = mock_model(AccessToken, :token => 'access_token', :client_application => @client_application, :secret => "access_secret", :user => @user)
50
+ @access_token.stub!(:invalidated?).and_return(false)
51
+ @access_token.stub!(:authorized?).and_return(true)
52
+ @access_token.stub!(:expired?).and_return(false)
53
+ @access_token_string="oauth_token=access_token&oauth_token_secret=access_secret"
54
+ @access_token.stub!(:to_query).and_return(@access_token_string)
55
+
56
+ @client_application.stub!(:authorize_request?).and_return(true)
57
+ # @client_application.stub!(:sign_request_with_oauth_token).and_return(@request_token)
58
+ @client_application.stub!(:exchange_for_access_token).and_return(@access_token)
59
+ end
60
+
61
+ def setup_oauth_for_user
62
+ login
63
+ setup_oauth
64
+ @tokens = [@request_token]
65
+ @tokens.stub!(:find).and_return(@tokens)
66
+ @tokens.stub!(:find_by_token).and_return(@request_token)
67
+ @user.stub!(:tokens).and_return(@tokens)
68
+ end
69
+
70
+ def sign_request_with_oauth(token=nil,options={})
71
+ ActionController::TestRequest.use_oauth=true
72
+ @request.configure_oauth(@consumer,token,options)
73
+ end
74
+
75
+ def setup_to_authorize_request
76
+ setup_oauth
77
+ OauthToken.stub!(:find_by_token).with( @access_token.token).and_return(@access_token)
78
+ @access_token.stub!(:is_a?).and_return(true)
79
+ end
80
+ end
@@ -0,0 +1,310 @@
1
+ require File.dirname(__FILE__) + '/../test_helper'
2
+ require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
3
+ require 'oauth/client/action_controller_request'
4
+
5
+ class OauthController; def rescue_action(e) raise e end; end
6
+
7
+ class OauthControllerRequestTokenTest < ActionController::TestCase
8
+ include OAuthControllerTestHelper
9
+ tests OauthController
10
+
11
+ def setup
12
+ @controller = OauthController.new
13
+ setup_oauth
14
+ sign_request_with_oauth
15
+ @client_application.stubs(:create_request_token).returns(@request_token)
16
+ end
17
+
18
+ def do_get
19
+ get :request_token
20
+ end
21
+
22
+ def test_should_be_successful
23
+ do_get
24
+ assert @response.success?
25
+ end
26
+
27
+ def test_should_query_for_client_application
28
+ ClientApplication.expects(:find_by_key).with('key').returns(@client_application)
29
+ do_get
30
+ end
31
+
32
+ def test_should_request_token_from_client_application
33
+ @client_application.expects(:create_request_token).returns(@request_token)
34
+ do_get
35
+ end
36
+
37
+ def test_should_return_token_string
38
+ do_get
39
+ assert_equal @request_token_string, @response.body
40
+ end
41
+ end
42
+
43
+ class OauthControllerTokenAuthorizationTest < ActionController::TestCase
44
+ include OAuthControllerTestHelper
45
+ tests OauthController
46
+
47
+ def setup
48
+ @controller = OauthController.new
49
+ login
50
+ setup_oauth
51
+ RequestToken.stubs(:find_by_token).returns(@request_token)
52
+ end
53
+
54
+ def do_get
55
+ get :authorize, :oauth_token => @request_token.token
56
+ end
57
+
58
+ def do_post
59
+ @request_token.expects(:authorize!).with(@user)
60
+ post :authorize,:oauth_token=>@request_token.token,:authorize=>"1"
61
+ end
62
+
63
+ def do_post_without_user_authorization
64
+ @request_token.expects(:invalidate!)
65
+ post :authorize,:oauth_token=>@request_token.token,:authorize=>"0"
66
+ end
67
+
68
+ def do_post_with_callback
69
+ @request_token.expects(:authorize!).with(@user)
70
+ post :authorize,:oauth_token=>@request_token.token,:oauth_callback=>"http://application/alternative",:authorize=>"1"
71
+ end
72
+
73
+ def do_post_with_no_application_callback
74
+ @request_token.expects(:authorize!).with(@user)
75
+ @client_application.stubs(:callback_url).returns(nil)
76
+ post :authorize, :oauth_token => @request_token.token, :authorize=>"1"
77
+ end
78
+
79
+ def test_should_be_successful
80
+ do_get
81
+ assert @response.success?
82
+ end
83
+
84
+ def test_should_query_for_client_application
85
+ RequestToken.expects(:find_by_token).returns(@request_token)
86
+ do_get
87
+ end
88
+
89
+ def test_should_assign_token
90
+ do_get
91
+ assert_equal @request_token, assigns(:token)
92
+ end
93
+
94
+ def test_should_render_authorize_template
95
+ do_get
96
+ assert_template('authorize')
97
+ end
98
+
99
+ def test_should_redirect_to_default_callback
100
+ do_post
101
+ assert_response :redirect
102
+ assert_redirected_to("http://application/callback?oauth_token=#{@request_token.token}")
103
+ end
104
+
105
+ def test_should_redirect_to_callback_in_query
106
+ do_post_with_callback
107
+ assert_response :redirect
108
+ assert_redirected_to("http://application/alternative?oauth_token=#{@request_token.token}")
109
+ end
110
+
111
+ def test_should_be_successful_on_authorize_without_any_application_callback
112
+ do_post_with_no_application_callback
113
+ assert @response.success?
114
+ assert_template('authorize_success')
115
+ end
116
+
117
+ def test_should_render_failure_screen_on_user_invalidation
118
+ do_post_without_user_authorization
119
+ assert_template('authorize_failure')
120
+ end
121
+
122
+ def test_should_render_failure_screen_if_token_is_invalidated
123
+ @request_token.expects(:invalidated?).returns(true)
124
+ do_get
125
+ assert_template('authorize_failure')
126
+ end
127
+
128
+
129
+ end
130
+
131
+ class OauthControllerGetAccessTokenTest < ActionController::TestCase
132
+ include OAuthControllerTestHelper
133
+ tests OauthController
134
+
135
+ def setup
136
+ @controller = OauthController.new
137
+ setup_oauth
138
+ sign_request_with_oauth @request_token
139
+ @request_token.stubs(:exchange!).returns(@access_token)
140
+ end
141
+
142
+ def do_get
143
+ get :access_token
144
+ end
145
+
146
+ def test_should_be_successful
147
+ do_get
148
+ assert @response.success?
149
+ end
150
+
151
+ def test_should_query_for_client_application
152
+ ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
153
+ do_get
154
+ end
155
+
156
+ def test_should_request_token_from_client_application
157
+ @request_token.expects(:exchange!).returns(@access_token)
158
+ do_get
159
+ end
160
+
161
+ def test_should__return_token_string
162
+ do_get
163
+ assert_equal @access_token_string, @response.body
164
+ end
165
+ end
166
+
167
+ class OauthorizedController < ApplicationController
168
+ before_filter :login_or_oauth_required,:only=>:both
169
+ before_filter :login_required,:only=>:interactive
170
+ before_filter :oauth_required,:only=>:token_only
171
+
172
+ def interactive
173
+ render :text => "interactive"
174
+ end
175
+
176
+ def token_only
177
+ render :text => "token"
178
+ end
179
+
180
+ def both
181
+ render :text => "both"
182
+ end
183
+ end
184
+
185
+
186
+ class OauthControllerAccessControlTest < ActionController::TestCase
187
+ include OAuthControllerTestHelper
188
+ tests OauthorizedController
189
+
190
+ def setup
191
+ @controller = OauthorizedController.new
192
+ end
193
+
194
+ def test_should__have_access_token_set_up_correctly
195
+ setup_to_authorize_request
196
+ assert @access_token.is_a?(AccessToken)
197
+ assert @access_token.authorized?
198
+ assert !@access_token.invalidated?
199
+ assert_equal @user, @access_token.user
200
+ assert_equal @client_application, @access_token.client_application
201
+ end
202
+
203
+ def test_should_return_false_for_oauth_by_default
204
+ assert_equal false, @controller.send(:oauth?)
205
+ end
206
+
207
+ def test_should_return_nil_for_current_token_by_default
208
+ assert_nil @controller.send(:current_token)
209
+ end
210
+
211
+ def test_should_allow_oauth_when_using_login_or_oauth_required
212
+ setup_to_authorize_request
213
+ sign_request_with_oauth(@access_token)
214
+ ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
215
+ get :both
216
+ assert_equal @access_token, @controller.send(:current_token)
217
+ assert @controller.send(:current_token).is_a?(AccessToken)
218
+ assert_equal @user, @controller.send(:current_user)
219
+ assert_equal @client_application, @controller.send(:current_client_application)
220
+ assert_equal '200', @response.code
221
+ assert @response.success?
222
+ end
223
+
224
+ def test_should_allow_interactive_when_using_login_or_oauth_required
225
+ login
226
+ get :both
227
+ assert @response.success?
228
+ assert_equal @user, @controller.send(:current_user)
229
+ assert_nil @controller.send(:current_token)
230
+ end
231
+
232
+ def test_should_allow_oauth_when_using_oauth_required
233
+ setup_to_authorize_request
234
+ sign_request_with_oauth(@access_token)
235
+ ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
236
+ get :token_only
237
+ assert_equal @access_token, @controller.send(:current_token)
238
+ assert_equal @client_application, @controller.send(:current_client_application)
239
+ assert_equal @user, @controller.send(:current_user)
240
+ assert_equal '200', @response.code
241
+ assert @response.success?
242
+ end
243
+
244
+ def test_should_disallow_oauth_using_request_token_when_using_oauth_required
245
+ setup_to_authorize_request
246
+ ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
247
+ sign_request_with_oauth(@request_token)
248
+ get :token_only
249
+ assert_equal '401', @response.code
250
+ end
251
+
252
+ def test_should_disallow_interactive_when_using_oauth_required
253
+ login
254
+ get :token_only
255
+ assert_equal '401', @response.code
256
+
257
+ assert_equal @user, @controller.send(:current_user)
258
+ assert_nil @controller.send(:current_token)
259
+ end
260
+
261
+ def test_should_disallow_oauth_when_using_login_required
262
+ setup_to_authorize_request
263
+ sign_request_with_oauth(@access_token)
264
+ get :interactive
265
+ assert_equal "302",@response.code
266
+ assert_nil @controller.send(:current_user)
267
+ assert_nil @controller.send(:current_token)
268
+ end
269
+
270
+ def test_should_allow_interactive_when_using_login_required
271
+ login
272
+ get :interactive
273
+ assert @response.success?
274
+ assert_equal @user, @controller.send(:current_user)
275
+ assert_nil @controller.send(:current_token)
276
+ end
277
+
278
+ end
279
+
280
+ class OauthControllerRevokeTest < ActionController::TestCase
281
+ include OAuthControllerTestHelper
282
+ tests OauthController
283
+
284
+ def setup
285
+ @controller = OauthController.new
286
+ setup_oauth_for_user
287
+ @request_token.stubs(:invalidate!)
288
+ end
289
+
290
+ def do_post
291
+ post :revoke, :token => "TOKEN STRING"
292
+ end
293
+
294
+ def test_should_redirect_to_index
295
+ do_post
296
+ assert_response :redirect
297
+ assert_redirected_to('http://test.host/oauth_clients')
298
+ end
299
+
300
+ def test_should_query_current_users_tokens
301
+ @tokens.expects(:find_by_token).returns(@request_token)
302
+ do_post
303
+ end
304
+
305
+ def test_should_call_invalidate_on_token
306
+ @request_token.expects(:invalidate!)
307
+ do_post
308
+ end
309
+
310
+ end
@@ -0,0 +1,115 @@
1
+ require "mocha"
2
+ module OAuthControllerTestHelper
3
+
4
+ # Some custom stuff since we're using Mocha
5
+ def mock_model(model_class, options_and_stubs = {})
6
+ id = rand(10000)
7
+ options_and_stubs.reverse_merge! :id => id,
8
+ :to_param => id.to_s,
9
+ :new_record? => false,
10
+ :errors => stub("errors", :count => 0)
11
+
12
+ m = stub("#{model_class.name}_#{options_and_stubs[:id]}", options_and_stubs)
13
+ m.instance_eval <<-CODE
14
+ def is_a?(other)
15
+ #{model_class}.ancestors.include?(other)
16
+ end
17
+ def kind_of?(other)
18
+ #{model_class}.ancestors.include?(other)
19
+ end
20
+ def instance_of?(other)
21
+ other == #{model_class}
22
+ end
23
+ def class
24
+ #{model_class}
25
+ end
26
+ CODE
27
+ yield m if block_given?
28
+ m
29
+ end
30
+
31
+ def mock_full_client_application
32
+ mock_model(ClientApplication,
33
+ :name => "App1",
34
+ :url => "http://app.com",
35
+ :callback_url => "http://app.com/callback",
36
+ :support_url => "http://app.com/support",
37
+ :key => "asd23423yy",
38
+ :secret => "secret",
39
+ :oauth_server => OAuth::Server.new("http://kowabunga.com")
40
+ )
41
+ end
42
+
43
+ def login
44
+ @controller.stubs(:local_request?).returns(true)
45
+ @user = mock_model(User, :login => "ron")
46
+ @controller.stubs(:current_user).returns(@user)
47
+ @tokens=[]
48
+ @tokens.stubs(:find).returns(@tokens)
49
+ @user.stubs(:tokens).returns(@tokens)
50
+ User.stubs(:find_by_id).returns(@user)
51
+ end
52
+
53
+ def login_as_application_owner
54
+ login
55
+ @client_application = mock_full_client_application
56
+ @client_applications = [@client_application]
57
+
58
+ @user.stubs(:client_applications).returns(@client_applications)
59
+ @client_applications.stubs(:find).returns(@client_application)
60
+ end
61
+
62
+ def setup_oauth
63
+ @controller.stubs(:local_request?).returns(true)
64
+ @user||=mock_model(User)
65
+
66
+ User.stubs(:find_by_id).returns(@user)
67
+
68
+ @server=OAuth::Server.new "http://test.host"
69
+ @consumer=OAuth::Consumer.new('key','secret',{:site=>"http://test.host"})
70
+
71
+ @client_application = mock_full_client_application
72
+ @controller.stubs(:current_client_application).returns(@client_application)
73
+ ClientApplication.stubs(:find_by_key).returns(@client_application)
74
+ @client_application.stubs(:key).returns(@consumer.key)
75
+ @client_application.stubs(:secret).returns(@consumer.secret)
76
+ @client_application.stubs(:name).returns("Client Application name")
77
+ @client_application.stubs(:callback_url).returns("http://application/callback")
78
+ @request_token=mock_model(RequestToken,:token=>'request_token',:client_application=>@client_application,:secret=>"request_secret",:user=>@user)
79
+ @request_token.stubs(:invalidated?).returns(false)
80
+ ClientApplication.stubs(:find_token).returns(@request_token)
81
+
82
+ @request_token_string="oauth_token=request_token&oauth_token_secret=request_secret"
83
+ @request_token.stubs(:to_query).returns(@request_token_string)
84
+
85
+ @access_token=mock_model(AccessToken,:token=>'access_token',:client_application=>@client_application,:secret=>"access_secret",:user=>@user)
86
+ @access_token.stubs(:invalidated?).returns(false)
87
+ @access_token.stubs(:authorized?).returns(true)
88
+ @access_token_string="oauth_token=access_token&oauth_token_secret=access_secret"
89
+ @access_token.stubs(:to_query).returns(@access_token_string)
90
+
91
+ @client_application.stubs(:authorize_request?).returns(true)
92
+ # @client_application.stubs(:sign_request_with_oauth_token).returns(@request_token)
93
+ @client_application.stubs(:exchange_for_access_token).returns(@access_token)
94
+ end
95
+
96
+ def setup_oauth_for_user
97
+ login
98
+ setup_oauth
99
+ @tokens=[@request_token]
100
+ @tokens.stubs(:find).returns(@tokens)
101
+ @tokens.stubs(:find_by_token).returns(@request_token)
102
+ @user.stubs(:tokens).returns(@tokens)
103
+ end
104
+
105
+ def sign_request_with_oauth(token=nil)
106
+ ActionController::TestRequest.use_oauth=true
107
+ @request.configure_oauth(@consumer, token)
108
+ end
109
+
110
+ def setup_to_authorize_request
111
+ setup_oauth
112
+ OauthToken.stubs(:find_by_token).with( @access_token.token).returns(@access_token)
113
+ @access_token.stubs(:is_a?).returns(true)
114
+ end
115
+ end