g5_authentication_client 0.2.0

data/lib/g5_authentication_client/configuration.rb

@@ -0,0 +1,138 @@
+require 'configlet'
+require 'logger'
+
+module G5AuthenticationClient
+  # All valid configurations options
+  VALID_CONFIG_OPTIONS = [:debug, :logger, :username, :password, :client_id,
+                          :client_secret, :redirect_uri, :endpoint,
+                          :authorization_code, :access_token,
+                          :allow_password_credentials]
+
+  DEFAULT_ENDPOINT = "http://auth.g5search.com"
+  DEFAULT_CLIENT_ID = "theid"
+  DEFAULT_CLIENT_SECRET = "thesecret"
+  DEFAULT_REDIRECT_URI = "theurl"
+  DEFAULT_ALLOW_PASSWORD_CREDENTIALS = 'true'
+
+  module Configuration
+    include Configlet
+
+    def self.extended(base)
+      # Default configuration - happens whether or not .configure is called
+      base.config :g5_auth do
+        default debug: 'false'
+        default username: nil
+        default password: nil
+        default endpoint: DEFAULT_ENDPOINT
+        default client_id: DEFAULT_CLIENT_ID
+        default client_secret: DEFAULT_CLIENT_SECRET
+        default redirect_uri: DEFAULT_REDIRECT_URI
+        default authorization_code: nil
+        default access_token: nil
+        default allow_password_credentials: DEFAULT_ALLOW_PASSWORD_CREDENTIALS
+      end
+    end
+
+    # Mutators and accessors for configuration options
+    VALID_CONFIG_OPTIONS.each do |config_opt|
+      define_method(config_opt) do
+        self[config_opt]
+      end
+
+      define_method("#{config_opt}=".to_sym) do |val|
+        self[config_opt] = val.nil? ? nil : val.to_s
+      end
+    end
+
+    # !@attribute [rw] allow_password_credentials
+    #   @return [String] set to true or 'true' to enable use of the username and password
+
+    # !@attribute [rw] debug
+    #   @return [String] set to true or 'true' to enable debug logging (defaults to false)
+
+    # !@attribute [rw] endpoint
+    #   @return [String] the service endpoint URL (Defaults to G5AuthenticationClient::DEFAULT_ENDPOINT)
+
+    # !@attribute [rw] username
+    #   @return [String] the username for password credentials flow
+
+    # !@attribute [rw] password
+    #   @return [String] the password for password credentials flow
+
+    # !@attribute [rw] client_id
+    #   @return [String] the client id for the client application (Defaults to G5Authentication::DEFAULT_CLIENT_ID)
+
+    # !@attribute [rw] client_secret
+    #   @return [String] the client secret for the client application (Defaults to G5Authentication::DEFAULT_CLIENT_SECRET)
+
+    # !@attribute [rw] redirect_uri
+    #   @return [String] the redirect URI for the client application (Defaults to G5Authentication::DEFAULT_REDIRECT_URI)
+
+    # !@attribute [rw] authorization_code
+    #   @return [String] the authorization code provided by the authorization server for authentication
+
+    # !@attribute [rw] access_token
+    #   @return [String] the OAuth access token provided by the authorization server after authentication
+
+    # @return [true,false] true if debug logging is enabled; false otherwie.
+    def debug?
+      self[:debug] == 'true'
+    end
+
+    # Sets the logger to use for debug messages
+    attr_writer :logger
+
+    # @return [Logger] the logger to use for debug messages (defaults to STDOUT)
+    def logger
+      @logger ||= Logger.new(STDOUT)
+    end
+
+    # Configures this module through the given +block+.
+    # Default configuration options will be applied unless 
+    # they are explicitly overridden in the +block+.
+    #
+    # @yield [_self] configures service connection options
+    # @yieldparam [G5AuthenticationClient] _self the object on which the configure method was called
+    # @example Typical case utilizing defaults
+    #   G5AuthenticationClient.configure do |config|
+    #     config.username = 'my_user'
+    #     config.password = 'my_pass'
+    #   end
+    # @example Overriding defaults
+    #   G5AuthenticationClient.configure do |config|
+    #     config.username = 'my_user'
+    #     config.password = 'my_pass'
+    #     config.endpoint = 'http://my.endpoint.com'
+    #   end
+    # @return [G5AuthenticationClient] _self
+    # @see VALID_CONFIG_OPTIONS
+    def configure
+      config :g5_auth do
+        yield self
+      end
+
+      self
+    end
+
+    # Create a hash of configuration options and their
+    # values.
+    #
+    # @return [Hash<Symbol,Object>] the options hash
+    def options
+      VALID_CONFIG_OPTIONS.inject({}) do |option, key|
+        option.merge!(key => send(key))
+      end
+    end
+
+    # Resets this module's configuration.
+    # Configuration options will be set to default values
+    # if they exist; otherwise, they will be set to nil.
+    #
+    # @see VALID_CONFIG_OPTIONS
+
+    def reset
+      VALID_CONFIG_OPTIONS.each { |opt| self.send("#{opt}=", nil) }
+      self
+    end
+  end
+end

data/lib/g5_authentication_client/token_info.rb

@@ -0,0 +1,27 @@
+require 'modelish'
+
+module G5AuthenticationClient
+  # G5 Authentication access token info
+  class TokenInfo < Modelish::Base
+    # @!attribute [rw] resource_owner_id
+    #   @return [String]
+    #   The ID of the user that owns the resource
+    property :resource_owner_id, type: String
+
+    # @!attribute [rw] scopes
+    #   @return [Array]
+    #   The OAuth scopes associated with this token
+    property :scopes, type: Array, default: []
+
+    # @!attribute [rw] expires_in_seconds
+    #   @return [Integer]
+    #   The amount of time until the token expires
+    property :expires_in_seconds, type: Integer
+
+    # @!attribute [rw] application_uid
+    #   @return [String]
+    #   The UID of the OAuth application that requested this token
+    property :application_uid, from: :application,
+                               type: lambda { |val| (val[:uid] || val['uid']).to_s }
+  end
+end

data/lib/g5_authentication_client/user.rb

@@ -0,0 +1,32 @@
+require 'modelish'
+
+module G5AuthenticationClient
+
+  #A G5 Authentication User
+  class User < Modelish::Base
+    # @!attribute [rw] email
+    #   @return [String]
+    #   The user's email address.
+    property :email, type: String, required: true
+
+    # @!attribute [rw] password
+    #   @return [String]
+    #   The user's password.  Required to create a user.
+    property :password, type: String
+
+    # @!attribute [rw] password_confirmation
+    #   @return [String]
+    #   The user's password_confirmation.
+    property :password_confirmation, type: String
+
+    # @!attribute [rw] id
+    #   @return [Integer]
+    #   The user's id.  Not required to create a user.
+    property :id, type: Integer
+
+    def validate_for_create!
+      validate!
+      raise ArgumentError.new("Password required for new user.") unless !password.nil?
+    end
+  end
+end

data/lib/g5_authentication_client/version.rb

@@ -0,0 +1,3 @@
+module G5AuthenticationClient
+  VERSION = '0.2.0'
+end

data/lib/g5_authentication_client.rb

@@ -0,0 +1,11 @@
+require 'oauth2'
+require 'g5_authentication_client/version'
+require 'g5_authentication_client/configuration'
+require 'g5_authentication_client/user'
+require 'g5_authentication_client/token_info'
+
+module G5AuthenticationClient
+  extend Configuration
+
+  require 'g5_authentication_client/client'
+end

data/spec/g5_authentication_client/client_spec.rb

@@ -0,0 +1,335 @@
+require 'spec_helper'
+require 'json'
+
+describe G5AuthenticationClient::Client do
+  subject { client }
+
+  after { G5AuthenticationClient.reset }
+
+  let(:client) { G5AuthenticationClient::Client.new(options) }
+
+  let(:debug) { true }
+  let(:logger) { double() }
+  let(:username) {'username'}
+  let(:password) {'password'}
+  let(:client_id) {'client id'}
+  let(:client_secret) {'client secret'}
+  let(:redirect_uri) {'/stuff'}
+  let(:endpoint){ 'http://endpoint.com' }
+  let(:authorization_code){ 'code' }
+  let(:allow_password_credentials){ 'false' }
+
+  let(:options) do
+    {
+     debug: debug,
+     logger: logger,
+     endpoint: endpoint,
+     username: username,
+     password: password,
+     client_id: client_id,
+     client_secret: client_secret,
+     redirect_uri: redirect_uri,
+     authorization_code: authorization_code,
+     access_token: access_token,
+     allow_password_credentials: allow_password_credentials
+    }
+  end
+
+  let(:access_token) { access_token_value }
+  let(:access_token_value) { 'test_token' }
+  let(:token_type) { 'Bearer' }
+
+  let(:auth_header_value) { "#{token_type} #{access_token_value}" }
+
+  let(:new_user_options) do
+    {email: email,
+    password: "#{password}x",
+    id: user_id}
+  end
+
+  let(:email){'foo@blah.com'}
+  let(:password){'mybigtestpasswored'}
+  let(:user_id){1}
+  let(:returned_user){{id: user_id,email: email}}
+
+  context 'with default configuration' do
+    let(:client) { G5AuthenticationClient::Client.new }
+
+    it { should_not be_debug }
+    its(:logger) { should be_an_instance_of(Logger) }
+    its(:username) { should be_nil }
+    its(:password) { should be_nil }
+    its(:client_id) { should == G5AuthenticationClient::DEFAULT_CLIENT_ID }
+    its(:client_secret) { should == G5AuthenticationClient::DEFAULT_CLIENT_SECRET }
+    its(:redirect_uri) { should == G5AuthenticationClient::DEFAULT_REDIRECT_URI }
+    its(:endpoint){ should == G5AuthenticationClient::DEFAULT_ENDPOINT}
+    its(:authorization_code){ should be_nil}
+    its(:access_token) { should be_nil }
+    its(:allow_password_credentials) { should == 'true'}
+  end
+
+  context 'with non-default configuration' do
+    it { should be_debug }
+    its(:logger) { should == logger }
+
+    describe '#debug=' do
+      subject { client.debug = new_debug }
+
+       context 'with nil debug' do
+        let(:new_debug) { nil }
+
+        context 'when there is a debug flag configured at the top-level module' do
+          let(:configured_debug) { 'true' }
+          before { G5AuthenticationClient.configure { |config| config.debug = configured_debug } }
+
+          it 'should set the debug flag according to the configuration' do
+            expect { subject }.to_not change { client.debug? }
+          end
+        end
+
+        context 'when there is no debug flag configured at the top level' do
+          it 'should set the debug flag to the default' do
+            expect { subject }.to change { client.debug? }.to(false)
+          end
+        end
+      end
+
+      context 'with new setting' do
+        let(:new_debug) { 'false' }
+
+        it 'should change the value of the debug flag to match the new value' do
+          expect { subject }.to change { client.debug? }.from(true).to(false)
+        end
+      end
+    end
+
+    describe '#logger=' do
+      subject { client.logger = new_logger }
+
+       context 'with nil logger' do
+        let(:new_logger) { nil }
+
+        context 'when there is a logger configured at the top-level module' do
+          let(:configured_logger) { double() }
+          before { G5AuthenticationClient.configure { |config| config.logger = configured_logger } }
+
+          it 'should change the value of the logger to match the configuration' do
+            expect { subject }.to change { client.logger }.from(logger).to(configured_logger)
+          end
+        end
+
+        context 'when there is no logger configured at the top level' do
+          it 'should change the value of the logger to the default' do
+            expect { subject }.to change { client.logger }
+            client.logger.should be_an_instance_of(Logger)
+          end
+        end
+      end
+
+      context 'with new logger' do
+        let(:new_logger) { double() }
+
+        it 'should change the value of the logger to match the new value' do
+          expect { subject }.to change { client.logger }.from(logger).to(new_logger)
+        end
+      end
+    end
+
+    its(:username) { should == username }
+
+    it_should_behave_like 'a module configured attribute',:username, nil
+
+    its(:password) { should == password }
+
+    it_should_behave_like 'a module configured attribute', :password, nil
+
+    its(:endpoint){ should == endpoint}
+
+    it_should_behave_like 'a module configured attribute', :endpoint,G5AuthenticationClient::DEFAULT_ENDPOINT
+
+    its(:client_id) { should == client_id}
+
+    it_should_behave_like 'a module configured attribute', :client_id, G5AuthenticationClient::DEFAULT_CLIENT_ID
+
+    its(:client_secret) {should ==client_secret}
+
+    it_should_behave_like 'a module configured attribute', :client_secret, G5AuthenticationClient::DEFAULT_CLIENT_SECRET
+
+    its(:redirect_uri) {should ==redirect_uri}
+
+    it_should_behave_like 'a module configured attribute', :redirect_uri, G5AuthenticationClient::DEFAULT_REDIRECT_URI
+
+    its(:authorization_code) { should == authorization_code}
+    it_should_behave_like 'a module configured attribute', :authorization_code, nil
+
+    its(:access_token) { should == access_token_value }
+    it_should_behave_like 'a module configured attribute', :access_token, nil
+
+    its(:allow_password_credentials) { should == allow_password_credentials }
+    it_should_behave_like 'a module configured attribute', :allow_password_credentials, 'true'
+  end
+
+  describe '#allow_password_credentials??' do
+    subject{ client.allow_password_credentials? }
+
+    context 'when the allow_password_credentials is set to true' do
+      let(:allow_password_credentials) {'true'}
+
+      context 'with non-nil username and password' do
+
+        it 'should be true' do
+          expect(subject).to be_true
+        end
+      end
+
+      context 'when username is nil' do
+        let(:username) {}
+
+        it 'should be false' do
+          expect(subject).to be_false
+        end
+      end
+
+      context 'when password is nil' do
+        let(:password) {}
+
+        it 'should be false' do
+          expect(subject).to be_false
+        end
+      end
+    end
+
+    context 'when the allow_password_credentials is set to false' do
+      let(:allow_password_credentials) {'false'}
+
+      it 'should be false' do
+        expect(subject).to be_false
+      end
+    end
+  end
+
+  describe '#get_access_token' do
+    subject(:get_access_token) { client.get_access_token }
+
+    it "should return the access token" do
+      expect(subject).to eq(access_token)
+    end
+  end
+
+  describe '#create_user' do
+    subject(:create_user) { client.create_user(new_user_options) }
+
+    before do
+      stub_request(:post, /#{endpoint}\/v1\/users/).
+        with(headers: {'Authorization' => auth_header_value}).
+        to_return(status: 200,
+                  body: returned_user.to_json,
+                  headers: {'Content-Type' => 'application/json'})
+    end
+
+    it_should_behave_like 'an oauth protected resource', G5AuthenticationClient::User
+  end
+
+  describe '#update_user' do
+    subject(:update_user) { client.update_user(new_user_options) }
+
+    before do
+      stub_request(:put, /#{endpoint}\/v1\/users\/#{user_id}/).
+        with(headers: {'Authorization' => auth_header_value}).
+        to_return(status: 200,
+                  body: returned_user.to_json,
+                  headers: {'Content-Type' => 'application/json'})
+    end
+
+    it_should_behave_like 'an oauth protected resource', G5AuthenticationClient::User
+  end
+
+  describe '#get_user' do
+    subject(:get_user) { client.get_user(user_id) }
+
+    before do
+      stub_request(:get, /#{endpoint}\/v1\/users\/#{user_id}/).
+        with(headers: {'Authorization' => auth_header_value}).
+        to_return(status: 200,
+                  body: returned_user.to_json,
+                  headers: {'Content-Type' => 'application/json'})
+    end
+
+    it_should_behave_like 'an oauth protected resource', G5AuthenticationClient::User
+  end
+
+  describe '#delete_user' do
+    subject(:delete_user) { client.delete_user(user_id) }
+
+    before do
+      stub_request(:delete, /#{endpoint}\/v1\/users\/#{user_id}/).
+        with(headers: {'Authorization' => auth_header_value}).
+        to_return(status: 200,
+                  body: returned_user.to_json,
+                  headers: {'Content-Type' => 'application/json'})
+    end
+
+    it_should_behave_like 'an oauth protected resource', G5AuthenticationClient::User
+  end
+
+  describe '#me' do
+    subject(:me) { client.me }
+
+    before do
+      stub_request(:get, /#{endpoint}\/v1\/me/).
+        with(headers: {'Authorization' => auth_header_value}).
+        to_return(status: 200,
+                  body: returned_user.to_json,
+                  headers: {'Content-Type' => 'application/json'})
+    end
+
+    it_should_behave_like 'an oauth protected resource', G5AuthenticationClient::User
+  end
+
+  describe '#sign_out_url' do
+    subject { sign_out_url }
+
+    context 'without redirect_url' do
+      let(:sign_out_url) { client.sign_out_url }
+
+      it 'should add the sign out path to the configured endpoint' do
+        expect(sign_out_url).to eq("#{endpoint}/users/sign_out")
+      end
+    end
+
+    context 'with redirect_url' do
+      let(:sign_out_url) { client.sign_out_url('https://test.host/home')}
+
+      it 'should add the sign out path to the endpoint' do
+        expect(sign_out_url).to match /^#{endpoint}\/users\/sign_out/
+      end
+
+      it 'should add the redirect_url as a query param' do
+        expect(sign_out_url). to match /\?redirect_url=https%3A%2F%2Ftest.host%2Fhome$/
+      end
+    end
+  end
+
+  describe '#token_info' do
+    subject(:token_info) { client.token_info }
+
+    let(:returned_token_info) do
+      {
+        resource_owner_id: '42',
+        scopes: [],
+        expires_in_seconds: 3600,
+        application: { uid: 'application-uid-abc123' }
+      }
+    end
+
+    before do
+      stub_request(:get, /#{endpoint}\/oauth\/token\/info/).
+        with(headers: {'Authorization' => auth_header_value}).
+        to_return(status: 200,
+                  body: returned_token_info.to_json,
+                  headers: {'Content-Type' => 'application/json'})
+    end
+
+    it_should_behave_like 'an oauth protected resource', G5AuthenticationClient::TokenInfo
+  end
+end