g5_authenticatable 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 01d16764300ca8cf106601e9bc00625631f1feb0
-  data.tar.gz: bba2757fa2298839be4230713b1804adde562198
+  metadata.gz: 672c382a3f6ba9af8a13de1e701f267a94ff31c5
+  data.tar.gz: 9049ddf0d5819aeb8f4cd3035b63f3316badb70d
 SHA512:
-  metadata.gz: 776f2f806c5f29953799728e93503f5947424b426f64f45283b750f290dddbaecece6015c9d2d6acf0b77e3110714b6849ccf5f1754fd3d113deb857dfe8b12c
-  data.tar.gz: 30d6470860d0f7c0a504ca37d056133a9ed44eb57bebc33a0d2630e2078da0432ce80bb5d31f0402f78577ab4719dcbcf4501e699e2c7e926da4616c232c650e
+  metadata.gz: c3b08a2fdac7f7d52ab884128e56aef9e9c9106db56036ef2cc23113faf68fdb1097ff6a8c3304b1a9fd1f34605c723cb944fa09c41868af013185baa8dd141a
+  data.tar.gz: 56cb7a3a8dd318d73032742e5fe1a0d7c17acb53729bf47025775605c44a0492a62f3129a3ca2620007318354a3aa79d6eb9b68f2fb08424d10573e01be76398

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.4.1 (2015-01-26)
+
+* Fix test helpers when strict token validation is enabled during testing
+  ([#24](https://github.com/G5/g5_authenticatable/pull/24))
+
 ## v0.4.0 (2015-01-20)
 
 * Several fixes around sign-out, including accepting GET requests and

data/README.md

@@ -18,7 +18,7 @@ library in isolation.
 
 ## Current Version
 
-0.4.0
+0.4.1
 
 ## Requirements
 
@@ -421,6 +421,59 @@ describe 'my secure action' do
 end
 ```
 
+#### Token Validation Helpers ####
+
+If you tag your examples with auth metadata (e.g. `:auth`, `:auth_request` or
+`:auth_controller`), then the shared context will automatically take care of
+any stubs required to support strict token validation.
+
+However, if you are using the auth test helper methods directly, and you have
+enabled strict token validation, then you will need to use the methods in
+`G5Authenticatable::Test::TokenValidationHelpers` to stub external calls to
+validate the access token.
+
+For example, in a feature spec, you could use the `stub_valid_access_token`
+method like so:
+
+```ruby
+describe 'my page' do
+  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+  before do
+    stub_g5_omniauth(user)
+    stub_valid_access_token(user.g5_access_token)
+  end
+
+  it 'should let me in'
+end
+```
+
+As another example, in a request spec, you could stub a revoked access
+token using the `stub_invalid_access_token` helper:
+
+```ruby
+describe 'my API call' do
+  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+  before { login_user }
+
+  context 'when token becomes invalid after login' do
+    before { stub_invalid_access_token(user.g5_access_token) }
+
+    it 'should return 401'
+  end
+
+  context 'when token remains valid after login' do
+    before { stub_valid_access_token(user.g5_access_token) }
+
+    it 'should return 200'
+  end
+end
+```
+
+The same token validation helpers are also available in controller
+specs, or anywhere else that authentication logic may be invoked.
+
 ### Purging local user data
 
 G5 Authenticatable automatically maintains user data locally via the

data/lib/g5_authenticatable/rspec.rb

@@ -1,3 +1,4 @@
+require 'g5_authenticatable/test/env_helpers'
 require 'g5_authenticatable/test/factory'
 require 'g5_authenticatable/test/token_validation_helpers'
 require 'g5_authenticatable/test/feature_helpers'

data/lib/g5_authenticatable/test/controller_helpers.rb

@@ -19,7 +19,11 @@ shared_context 'auth controller', auth_controller: true do
   include G5Authenticatable::Test::ControllerHelpers
   let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
 
-  before { login_user(user) }
+  before do
+    stub_valid_access_token(user.g5_access_token)
+    login_user(user)
+  end
+
   after { logout_user(user) }
 end
 

data/lib/g5_authenticatable/test/env_helpers.rb

@@ -0,0 +1,17 @@
+module G5Authenticatable
+  module Test
+    module EnvHelpers
+      def stub_env_var(name, value)
+        stub_const('ENV', ENV.to_hash.merge(name => value))
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include G5Authenticatable::Test::EnvHelpers
+
+  config.before(:each) do
+    stub_env_var('G5_AUTH_ENDPOINT', 'https://test.auth.host')
+  end
+end

data/lib/g5_authenticatable/test/feature_helpers.rb

@@ -28,7 +28,10 @@ shared_context 'auth', auth: true do
 
   let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
 
-  before { stub_g5_omniauth(user) }
+  before do
+    stub_g5_omniauth(user)
+    stub_valid_access_token(user.g5_access_token)
+  end
 end
 
 RSpec.configure do |config|

data/lib/g5_authenticatable/test/request_helpers.rb

@@ -19,11 +19,6 @@ shared_context 'auth request', auth_request: true do
 
   let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
 
-  let!(:orig_auth_endpoint) { ENV['G5_AUTH_ENDPOINT'] }
-  let(:auth_endpoint) { 'https://test.auth.host' }
-  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
-  after { ENV['G5_AUTH_ENDPOINT'] = orig_auth_endpoint }
-
   before do
     login_user(user)
     stub_valid_access_token(user.g5_access_token)

data/lib/g5_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module G5Authenticatable
-  VERSION = '0.4.0'
+  VERSION = '0.4.1'
 end

data/spec/controllers/application_controller_spec.rb

@@ -17,6 +17,15 @@ describe ::ApplicationController do
     expect(controller.g5_callback_path(:user)).to eq('/g5_auth/users/auth/g5/callback')
   end
 
-  it_should_behave_like 'a secure controller'
+  context 'when strict token validation is enabled' do
+    before { G5Authenticatable.strict_token_validation = true }
 
+    it_should_behave_like 'a secure controller'
+  end
+
+  context 'when strict token validation is disabled' do
+    before { G5Authenticatable.strict_token_validation = false }
+
+    it_should_behave_like 'a secure controller'
+  end
 end

data/spec/features/token_validation_spec.rb

@@ -1,28 +1,22 @@
 require 'spec_helper'
 
 describe 'UI Token validation' do
-  let!(:old_auth_endpoint) { ENV['G5_AUTH_ENDPOINT'] }
-  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
-  after { ENV['G5_AUTH_ENDPOINT'] = old_auth_endpoint }
-  let(:auth_endpoint) { 'https://auth.test.host' }
-
-  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
-
-  before do
-    stub_g5_omniauth(user)
-    visit protected_page_path
-
-    # Now that we're logged in, any subsequent attempts to
-    # authenticate with the auth server will trigger an omniauth
-    # failure, which is a condition we can test for
-    stub_g5_invalid_credentials
-  end
-
   context 'when token validation is enabled' do
     before { G5Authenticatable.strict_token_validation = true }
 
     context 'when user has a valid g5 access token' do
-      before { stub_valid_access_token(user.g5_access_token) }
+      let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+      before do
+        stub_g5_omniauth(user)
+        stub_valid_access_token(user.g5_access_token)
+        visit protected_page_path
+
+        # Now that we're logged in, any subsequent attempts to
+        # authenticate with the auth server will trigger an omniauth
+        # failure, which is a condition we can test for
+        stub_g5_invalid_credentials
+      end
 
       it 'should allow the user to visit a protected page' do
         visit protected_page_path
@@ -30,22 +24,63 @@ describe 'UI Token validation' do
       end
     end
 
-    context 'when user has an invalid g5 access token' do
-      before { stub_invalid_access_token(user.g5_access_token) }
+    context 'when user access token becomes invalid' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+      before do
+        # User access token is valid at sign in
+        stub_g5_omniauth(user)
+        stub_valid_access_token(user.g5_access_token)
+        visit protected_page_path
+
+        # User access token has become invalid, and
+        # any subsequent attempts to authenticate will trigger
+        # an omniauth error
+        stub_invalid_access_token(user.g5_access_token)
+        stub_g5_invalid_credentials
+      end
 
       it 'should force the user to re-authenticate' do
         visit protected_page_path
         expect(current_path).to_not eq(protected_page_path)
       end
     end
+
+    context 'when using the :auth shared context', :auth do
+      it 'should allow the user to visit a protected page' do
+        visit protected_page_path
+        expect(current_path).to eq(protected_page_path)
+      end
+    end
   end
 
   context 'when token validation is disabled' do
     before { G5Authenticatable.strict_token_validation = false }
 
-    it 'should allow the user to visit a protected page' do
-      visit protected_page_path
-      expect(current_path).to eq(protected_page_path)
+    context 'when using the :auth shared context', :auth do
+      it 'should allow the user to visit a protected page' do
+        visit protected_page_path
+        expect(current_path).to eq(protected_page_path)
+      end
+    end
+
+    context 'when user access token has become invalid' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+      before do
+        stub_g5_omniauth(user)
+        visit protected_page_path
+
+        # Now that we're already logged in, invalidate the
+        # access token
+        stub_g5_invalid_credentials
+        stub_invalid_access_token(user.g5_access_token)
+      end
+
+      it 'should allow the user to visit a protected page' do
+        visit protected_page_path
+        expect(current_path).to eq(protected_page_path)
+      end
     end
   end
 end

data/spec/requests/sign_out_spec.rb

@@ -5,12 +5,8 @@ require 'spec_helper'
 # with mocks for external redirects (the capybara-mechanize driver
 # comes closest, but not quite)
 describe 'Signing out' do
-  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
-  after { ENV['G5_AUTH_ENDPOINT'] = nil }
-  let(:auth_endpoint) { 'https://auth.test.host' }
-
   let(:auth_sign_out_url) do
-    "#{auth_endpoint}/users/sign_out?redirect_url=http%3A%2F%2Fwww.example.com%2F"
+    "#{ENV['G5_AUTH_ENDPOINT']}/users/sign_out?redirect_url=http%3A%2F%2Fwww.example.com%2F"
   end
 
   describe 'GET /g5_auth/users/sign_out' do

data/spec/requests/token_validation_spec.rb

@@ -1,16 +1,7 @@
 require 'spec_helper'
 
 describe 'API Token validation' do
-  let!(:old_auth_endpoint) { ENV['G5_AUTH_ENDPOINT'] }
-  before { ENV['G5_AUTH_ENDPOINT'] = auth_endpoint }
-  after { ENV['G5_AUTH_ENDPOINT'] = old_auth_endpoint }
-  let(:auth_endpoint) { 'https://auth.test.host' }
-
-  let(:token_info_url) { URI.join(auth_endpoint, '/oauth/token/info') }
-
-  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
-  before { login_user(user) }
-  after { logout_user }
+  let(:token_info_url) { URI.join(ENV['G5_AUTH_ENDPOINT'], '/oauth/token/info') }
 
   subject(:api_call) { get '/rails_api/secure_resource.json' }
 
@@ -18,7 +9,14 @@ describe 'API Token validation' do
     before { G5Authenticatable.strict_token_validation = true }
 
     context 'when user has a valid g5 access token' do
-      before { stub_valid_access_token(user.g5_access_token) }
+      let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+      before do
+        login_user(user)
+        stub_valid_access_token(user.g5_access_token)
+      end
+
+      after { logout_user }
 
       it 'should allow the user to make the api call' do
         api_call
@@ -27,21 +25,53 @@ describe 'API Token validation' do
     end
 
     context 'when user has an invalid g5 access token' do
-      before { stub_invalid_access_token(user.g5_access_token) }
+      let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+      before do
+        login_user(user)
+        stub_invalid_access_token(user.g5_access_token)
+      end
+
+      after { logout_user }
 
       it 'should return a 401' do
         api_call
         expect(response).to be_http_unauthorized
       end
     end
+
+    context 'with the :auth_request shared context', :auth_request do
+      it 'should allow the user to make the api call' do
+        api_call
+        expect(response).to be_success
+      end
+    end
   end
 
   context 'when token validation is disabled' do
     before { G5Authenticatable.strict_token_validation = false }
 
-    it 'should allow the user to make the api call' do
-      api_call
-      expect(response).to be_success
+    context 'when the user has an invalid g5 access token' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+      before do
+        login_user(user)
+        stub_invalid_access_token(user.g5_access_token)
+      end
+
+      after { logout_user }
+
+      it 'should allow the user to make the api call' do
+        api_call
+        expect(response).to be_success
+      end
+    end
+
+    context 'with the :auth_request shared context', :auth_request do
+      it 'should allow the user to make the api call' do
+        api_call
+        expect(response).to be_success
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: g5_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - maeve
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-21 00:00:00.000000000 Z
+date: 2015-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise_g5_authenticatable
@@ -76,6 +76,7 @@ files:
 - lib/g5_authenticatable/engine.rb
 - lib/g5_authenticatable/rspec.rb
 - lib/g5_authenticatable/test/controller_helpers.rb
+- lib/g5_authenticatable/test/env_helpers.rb
 - lib/g5_authenticatable/test/factory.rb
 - lib/g5_authenticatable/test/feature_helpers.rb
 - lib/g5_authenticatable/test/request_helpers.rb