garage-doorkeeper 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/CHANGELOG.md +2 -0
- data/Gemfile +24 -0
- data/LICENSE.txt +22 -0
- data/README.md +52 -0
- data/Rakefile +2 -0
- data/garage-doorkeeper.gemspec +22 -0
- data/lib/garage/doorkeeper/version.rb +5 -0
- data/lib/garage/doorkeeper.rb +4 -0
- data/lib/garage/strategy/doorkeeper.rb +28 -0
- data/spec/dummy/README.rdoc +261 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +15 -0
- data/spec/dummy/app/assets/stylesheets/application.css +13 -0
- data/spec/dummy/app/controllers/api_controller.rb +11 -0
- data/spec/dummy/app/controllers/application_controller.rb +10 -0
- data/spec/dummy/app/controllers/echos_controller.rb +5 -0
- data/spec/dummy/app/controllers/posts_controller.rb +101 -0
- data/spec/dummy/app/controllers/sessions_controller.rb +19 -0
- data/spec/dummy/app/controllers/users_controller.rb +6 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/helpers/current_user_helper.rb +5 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/models/comment.rb +17 -0
- data/spec/dummy/app/models/namespaced_post.rb +7 -0
- data/spec/dummy/app/models/post.rb +43 -0
- data/spec/dummy/app/models/post_body.rb +3 -0
- data/spec/dummy/app/models/post_stream.rb +2 -0
- data/spec/dummy/app/models/private_post.rb +7 -0
- data/spec/dummy/app/models/user.rb +17 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/app/views/sessions/create.html.erb +1 -0
- data/spec/dummy/app/views/sessions/destroy.html.erb +1 -0
- data/spec/dummy/app/views/sessions/new.html.erb +4 -0
- data/spec/dummy/app/views/sessions/show.html.erb +7 -0
- data/spec/dummy/config/application.rb +59 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml +39 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +37 -0
- data/spec/dummy/config/environments/production.rb +72 -0
- data/spec/dummy/config/environments/test.rb +34 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +1 -0
- data/spec/dummy/config/initializers/garage.rb +53 -0
- data/spec/dummy/config/initializers/inflections.rb +15 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/doorkeeper.en.yml +68 -0
- data/spec/dummy/config/locales/en.yml +5 -0
- data/spec/dummy/config/routes.rb +30 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/db/migrate/20130501215002_create_doorkeeper_tables.rb +42 -0
- data/spec/dummy/db/migrate/20130501215033_create_users.rb +10 -0
- data/spec/dummy/db/migrate/20130501215056_create_posts.rb +11 -0
- data/spec/dummy/db/migrate/20130508032709_create_comments.rb +11 -0
- data/spec/dummy/db/schema.rb +78 -0
- data/spec/dummy/doc/garage/overview.ja.md +3 -0
- data/spec/dummy/doc/garage/overview.md +1 -0
- data/spec/dummy/doc/garage/resources/post.md +1 -0
- data/spec/dummy/doc/garage/resources/user.md +90 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/log/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +25 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/factories/comment.rb +7 -0
- data/spec/factories/doorkeeper.rb +24 -0
- data/spec/factories/post.rb +7 -0
- data/spec/factories/user.rb +6 -0
- data/spec/requests/authentication_spec.rb +35 -0
- data/spec/requests/authorization_spec.rb +197 -0
- data/spec/spec_helper.rb +20 -0
- data/spec/support/authenticated_context.rb +33 -0
- data/spec/support/database_cleaner.rb +16 -0
- data/spec/support/rest_api_spec_helper.rb +46 -0
- metadata +217 -0
@@ -0,0 +1,42 @@
|
|
1
|
+
class CreateDoorkeeperTables < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :oauth_applications do |t|
|
4
|
+
t.string :name, :null => false
|
5
|
+
t.string :uid, :null => false
|
6
|
+
t.string :secret, :null => false
|
7
|
+
t.string :redirect_uri, :null => false
|
8
|
+
t.timestamps
|
9
|
+
end
|
10
|
+
|
11
|
+
add_index :oauth_applications, :uid, :unique => true
|
12
|
+
|
13
|
+
create_table :oauth_access_grants do |t|
|
14
|
+
t.integer :resource_owner_id, :null => false
|
15
|
+
t.integer :application_id, :null => false
|
16
|
+
t.string :token, :null => false
|
17
|
+
t.integer :expires_in, :null => false
|
18
|
+
t.string :redirect_uri, :null => false
|
19
|
+
t.datetime :created_at, :null => false
|
20
|
+
t.datetime :revoked_at
|
21
|
+
t.string :scopes
|
22
|
+
end
|
23
|
+
|
24
|
+
add_index :oauth_access_grants, :token, :unique => true
|
25
|
+
|
26
|
+
create_table :oauth_access_tokens do |t|
|
27
|
+
t.integer :resource_owner_id
|
28
|
+
t.integer :application_id, :null => false
|
29
|
+
t.string :token, :null => false
|
30
|
+
t.string :refresh_token
|
31
|
+
t.integer :expires_in
|
32
|
+
t.datetime :revoked_at
|
33
|
+
t.datetime :created_at, :null => false
|
34
|
+
t.string :scopes
|
35
|
+
end
|
36
|
+
|
37
|
+
add_index :oauth_access_tokens, :token, :unique => true
|
38
|
+
add_index :oauth_access_tokens, :resource_owner_id
|
39
|
+
add_index :oauth_access_tokens, :refresh_token, :unique => true
|
40
|
+
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
# This file is auto-generated from the current state of the database. Instead
|
3
|
+
# of editing this file, please use the migrations feature of Active Record to
|
4
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
5
|
+
#
|
6
|
+
# Note that this schema.rb definition is the authoritative source for your
|
7
|
+
# database schema. If you need to create the application database on another
|
8
|
+
# system, you should be using db:schema:load, not running all the migrations
|
9
|
+
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
10
|
+
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
11
|
+
#
|
12
|
+
# It's strongly recommended to check this file into your version control system.
|
13
|
+
|
14
|
+
ActiveRecord::Schema.define(:version => 20130508032709) do
|
15
|
+
|
16
|
+
create_table "comments", :force => true do |t|
|
17
|
+
t.integer "user_id"
|
18
|
+
t.integer "post_id"
|
19
|
+
t.string "body"
|
20
|
+
t.datetime "created_at", :null => false
|
21
|
+
t.datetime "updated_at", :null => false
|
22
|
+
end
|
23
|
+
|
24
|
+
create_table "oauth_access_grants", :force => true do |t|
|
25
|
+
t.integer "resource_owner_id", :null => false
|
26
|
+
t.integer "application_id", :null => false
|
27
|
+
t.string "token", :null => false
|
28
|
+
t.integer "expires_in", :null => false
|
29
|
+
t.string "redirect_uri", :null => false
|
30
|
+
t.datetime "created_at", :null => false
|
31
|
+
t.datetime "revoked_at"
|
32
|
+
t.string "scopes"
|
33
|
+
end
|
34
|
+
|
35
|
+
add_index "oauth_access_grants", ["token"], :name => "index_oauth_access_grants_on_token", :unique => true
|
36
|
+
|
37
|
+
create_table "oauth_access_tokens", :force => true do |t|
|
38
|
+
t.integer "resource_owner_id"
|
39
|
+
t.integer "application_id", :null => false
|
40
|
+
t.string "token", :null => false
|
41
|
+
t.string "refresh_token"
|
42
|
+
t.integer "expires_in"
|
43
|
+
t.datetime "revoked_at"
|
44
|
+
t.datetime "created_at", :null => false
|
45
|
+
t.string "scopes"
|
46
|
+
end
|
47
|
+
|
48
|
+
add_index "oauth_access_tokens", ["refresh_token"], :name => "index_oauth_access_tokens_on_refresh_token", :unique => true
|
49
|
+
add_index "oauth_access_tokens", ["resource_owner_id"], :name => "index_oauth_access_tokens_on_resource_owner_id"
|
50
|
+
add_index "oauth_access_tokens", ["token"], :name => "index_oauth_access_tokens_on_token", :unique => true
|
51
|
+
|
52
|
+
create_table "oauth_applications", :force => true do |t|
|
53
|
+
t.string "name", :null => false
|
54
|
+
t.string "uid", :null => false
|
55
|
+
t.string "secret", :null => false
|
56
|
+
t.string "redirect_uri", :null => false
|
57
|
+
t.datetime "created_at", :null => false
|
58
|
+
t.datetime "updated_at", :null => false
|
59
|
+
end
|
60
|
+
|
61
|
+
add_index "oauth_applications", ["uid"], :name => "index_oauth_applications_on_uid", :unique => true
|
62
|
+
|
63
|
+
create_table "posts", :force => true do |t|
|
64
|
+
t.integer "user_id"
|
65
|
+
t.string "title"
|
66
|
+
t.string "body"
|
67
|
+
t.datetime "created_at", :null => false
|
68
|
+
t.datetime "updated_at", :null => false
|
69
|
+
end
|
70
|
+
|
71
|
+
create_table "users", :force => true do |t|
|
72
|
+
t.string "name"
|
73
|
+
t.string "email"
|
74
|
+
t.datetime "created_at", :null => false
|
75
|
+
t.datetime "updated_at", :null => false
|
76
|
+
end
|
77
|
+
|
78
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
# This is overview
|
@@ -0,0 +1 @@
|
|
1
|
+
## Post resource
|
@@ -0,0 +1,90 @@
|
|
1
|
+
## GET /users
|
2
|
+
Returns users
|
3
|
+
|
4
|
+
```
|
5
|
+
GET /users
|
6
|
+
```
|
7
|
+
|
8
|
+
### response
|
9
|
+
```
|
10
|
+
Status: 200
|
11
|
+
response:
|
12
|
+
[
|
13
|
+
{
|
14
|
+
"created_at" => "2013-06-11T17:48:09Z",
|
15
|
+
"id" => 1077,
|
16
|
+
"name" => "name 15",
|
17
|
+
"properties" => {},
|
18
|
+
"updated_at" => "2013-06-11T17:48:09Z"
|
19
|
+
}
|
20
|
+
]
|
21
|
+
```
|
22
|
+
|
23
|
+
|
24
|
+
## GET /users/:id
|
25
|
+
Returns the user
|
26
|
+
|
27
|
+
```
|
28
|
+
GET /users/1078
|
29
|
+
```
|
30
|
+
|
31
|
+
### response
|
32
|
+
```
|
33
|
+
Status: 200
|
34
|
+
response:
|
35
|
+
{
|
36
|
+
"created_at" => "2013-06-11T17:48:09Z",
|
37
|
+
"id" => 1078,
|
38
|
+
"name" => "name 16",
|
39
|
+
"properties" => {},
|
40
|
+
"updated_at" => "2013-06-11T17:48:09Z"
|
41
|
+
}
|
42
|
+
```
|
43
|
+
|
44
|
+
|
45
|
+
## POST /users
|
46
|
+
Creates a new user
|
47
|
+
|
48
|
+
```
|
49
|
+
POST /users
|
50
|
+
```
|
51
|
+
|
52
|
+
### parameters
|
53
|
+
* `name` string (required)
|
54
|
+
|
55
|
+
|
56
|
+
### response
|
57
|
+
```
|
58
|
+
Status: 201
|
59
|
+
location: http://www.example.com/users/1079
|
60
|
+
response:
|
61
|
+
{
|
62
|
+
"created_at" => "2013-06-11T17:48:09Z",
|
63
|
+
"id" => 1079,
|
64
|
+
"name" => "name",
|
65
|
+
"properties" => {
|
66
|
+
"description" => "description"
|
67
|
+
},
|
68
|
+
"updated_at" => "2013-06-11T17:48:09Z"
|
69
|
+
}
|
70
|
+
```
|
71
|
+
|
72
|
+
|
73
|
+
## PUT /users/:id
|
74
|
+
Updates the user
|
75
|
+
|
76
|
+
```
|
77
|
+
PUT /users/1080
|
78
|
+
```
|
79
|
+
|
80
|
+
### parameters
|
81
|
+
* `name` string
|
82
|
+
|
83
|
+
|
84
|
+
### response
|
85
|
+
```
|
86
|
+
Status: 204
|
87
|
+
response:
|
88
|
+
```
|
89
|
+
|
90
|
+
|
File without changes
|
File without changes
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The page you were looking for doesn't exist (404)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/404.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>The page you were looking for doesn't exist.</h1>
|
23
|
+
<p>You may have mistyped the address or the page may have moved.</p>
|
24
|
+
</div>
|
25
|
+
</body>
|
26
|
+
</html>
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The change you wanted was rejected (422)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/422.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>The change you wanted was rejected.</h1>
|
23
|
+
<p>Maybe you tried to change something you didn't have access to.</p>
|
24
|
+
</div>
|
25
|
+
</body>
|
26
|
+
</html>
|
@@ -0,0 +1,25 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>We're sorry, but something went wrong (500)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/500.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>We're sorry, but something went wrong.</h1>
|
23
|
+
</div>
|
24
|
+
</body>
|
25
|
+
</html>
|
File without changes
|
@@ -0,0 +1,6 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
+
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
6
|
+
require 'rails/commands'
|
@@ -0,0 +1,24 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
factory :access_grant, :class => Doorkeeper::AccessGrant do
|
3
|
+
sequence(:resource_owner_id) { |n| n }
|
4
|
+
application
|
5
|
+
redirect_uri "https://example.com/callback"
|
6
|
+
expires_in 100
|
7
|
+
scopes "public write"
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
FactoryGirl.define do
|
12
|
+
factory :access_token, :class => Doorkeeper::AccessToken do
|
13
|
+
sequence(:resource_owner_id) { |n| n }
|
14
|
+
application
|
15
|
+
expires_in 2.hours
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
FactoryGirl.define do
|
20
|
+
factory :application, :class => Doorkeeper::Application do
|
21
|
+
sequence(:name){ |n| "Application #{n}" }
|
22
|
+
redirect_uri "https://example.com/callback"
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe "Authentication" do
|
4
|
+
include RestApiSpecHelper
|
5
|
+
include AuthenticatedContext
|
6
|
+
|
7
|
+
describe "GET /echo" do
|
8
|
+
context "without valid token" do
|
9
|
+
before do
|
10
|
+
header["Authorization"] = "Bearer #{access_token.token}"
|
11
|
+
access_token.destroy
|
12
|
+
end
|
13
|
+
|
14
|
+
it "returns 401 with JSON" do
|
15
|
+
should == 401
|
16
|
+
response.body.should be_json
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
context "without any access token candidate" do
|
21
|
+
before do
|
22
|
+
header["Authorization"] = nil
|
23
|
+
end
|
24
|
+
|
25
|
+
it "returns 401 without access token verification" do
|
26
|
+
should == 401
|
27
|
+
response.body.should be_json
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
context "with valid access token from auth server" do
|
32
|
+
it { should == 200 }
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,197 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe "Authorization" do
|
4
|
+
include RestApiSpecHelper
|
5
|
+
include AuthenticatedContext
|
6
|
+
|
7
|
+
let(:alice) do
|
8
|
+
FactoryGirl.create(:user)
|
9
|
+
end
|
10
|
+
|
11
|
+
let(:bob) do
|
12
|
+
FactoryGirl.create(:user)
|
13
|
+
end
|
14
|
+
|
15
|
+
let(:scopes) do
|
16
|
+
"public read_private_post write_post sudo"
|
17
|
+
end
|
18
|
+
|
19
|
+
let(:resource_owner_id) do
|
20
|
+
requester.id
|
21
|
+
end
|
22
|
+
|
23
|
+
let(:requester) do
|
24
|
+
alice
|
25
|
+
end
|
26
|
+
|
27
|
+
let(:resource) do
|
28
|
+
FactoryGirl.create(:post, user: alice)
|
29
|
+
end
|
30
|
+
|
31
|
+
let(:id) do
|
32
|
+
resource.id
|
33
|
+
end
|
34
|
+
|
35
|
+
describe "GET /users/:user_id/posts/private" do
|
36
|
+
let(:user_id) do
|
37
|
+
alice.id
|
38
|
+
end
|
39
|
+
|
40
|
+
context "without valid scope" do
|
41
|
+
let(:scopes) do
|
42
|
+
"public"
|
43
|
+
end
|
44
|
+
it { should == 403 }
|
45
|
+
end
|
46
|
+
|
47
|
+
context "without authority" do
|
48
|
+
let(:requester) do
|
49
|
+
bob
|
50
|
+
end
|
51
|
+
it { should == 403 }
|
52
|
+
end
|
53
|
+
|
54
|
+
context "with valid scope" do
|
55
|
+
it { should == 200 }
|
56
|
+
end
|
57
|
+
|
58
|
+
context "with another valid scope" do
|
59
|
+
let(:scopes) do
|
60
|
+
"sudo"
|
61
|
+
end
|
62
|
+
it { should == 200 }
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
describe "GET /posts/:id" do
|
67
|
+
let(:requester) do
|
68
|
+
alice
|
69
|
+
end
|
70
|
+
|
71
|
+
context "with valid requester" do
|
72
|
+
it { should == 200 }
|
73
|
+
end
|
74
|
+
|
75
|
+
context "with another valid requester" do
|
76
|
+
let(:requester) do
|
77
|
+
bob
|
78
|
+
end
|
79
|
+
it { should == 200 }
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
describe "GET /posts" do
|
84
|
+
context "with stream=1 & no valid scope" do
|
85
|
+
before do
|
86
|
+
params[:stream] = 1
|
87
|
+
end
|
88
|
+
|
89
|
+
let(:scopes) do
|
90
|
+
"public"
|
91
|
+
end
|
92
|
+
|
93
|
+
it { should == 403 }
|
94
|
+
end
|
95
|
+
|
96
|
+
context "with stream=1 & valid scope" do
|
97
|
+
it { should == 200 }
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
describe "PUT /posts/:id" do
|
102
|
+
before do
|
103
|
+
params[:title] = "Bar"
|
104
|
+
end
|
105
|
+
|
106
|
+
context "with invalid requester" do
|
107
|
+
let(:requester) do
|
108
|
+
bob
|
109
|
+
end
|
110
|
+
it { should == 403 }
|
111
|
+
end
|
112
|
+
|
113
|
+
context "with response body option" do
|
114
|
+
it "returns 200 with response body" do
|
115
|
+
should == 200
|
116
|
+
response.body.should be_json_including(id: resource.id)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
describe "POST /posts" do
|
122
|
+
before do
|
123
|
+
params[:title] = "test"
|
124
|
+
end
|
125
|
+
|
126
|
+
context "with valid condition" do
|
127
|
+
it { should == 201 }
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
describe "DELETE /posts/:id" do
|
132
|
+
context "with response body option" do
|
133
|
+
it "returns 200 with response body" do
|
134
|
+
should == 200
|
135
|
+
response.body.should be_json_including(id: resource.id)
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
context "with invalid requester" do
|
140
|
+
let(:requester) do
|
141
|
+
bob
|
142
|
+
end
|
143
|
+
it { should == 403 }
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
147
|
+
describe "GET /posts/namespaced" do
|
148
|
+
let(:scopes) do
|
149
|
+
"foobar.read_post"
|
150
|
+
end
|
151
|
+
|
152
|
+
context "with valid condition" do
|
153
|
+
it { should == 200 }
|
154
|
+
end
|
155
|
+
|
156
|
+
context "without valid scope" do
|
157
|
+
let(:scopes) do
|
158
|
+
"public"
|
159
|
+
end
|
160
|
+
it { should == 403 }
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
describe "log notifications" do
|
165
|
+
context "with 200 case" do
|
166
|
+
it "logs application id" do
|
167
|
+
get "/posts/#{id}", params, env
|
168
|
+
response.status.should == 200
|
169
|
+
response.headers["Application-Id"].should == application_id
|
170
|
+
end
|
171
|
+
end
|
172
|
+
|
173
|
+
context "with 404 case" do
|
174
|
+
let(:id) do
|
175
|
+
0
|
176
|
+
end
|
177
|
+
|
178
|
+
it "logs application id" do
|
179
|
+
get "/posts/#{id}", params, env
|
180
|
+
response.status.should == 404
|
181
|
+
response.headers["Application-Id"].should == application_id
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
context "with 401 case" do
|
186
|
+
before do
|
187
|
+
header.delete("Authorization")
|
188
|
+
end
|
189
|
+
|
190
|
+
it "logs application id" do
|
191
|
+
get "/posts/#{id}", params, env
|
192
|
+
response.status.should == 401
|
193
|
+
response.headers["Application-Id"].should == nil
|
194
|
+
end
|
195
|
+
end
|
196
|
+
end
|
197
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
ENV["RAILS_ENV"] ||= "test"
|
2
|
+
require "garage"
|
3
|
+
|
4
|
+
require File.expand_path("../dummy/config/environment", __FILE__)
|
5
|
+
require "rspec/rails"
|
6
|
+
require "rspec/autorun"
|
7
|
+
require "webmock/rspec"
|
8
|
+
|
9
|
+
Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
|
10
|
+
|
11
|
+
RSpec.configure do |config|
|
12
|
+
config.filter_run :focus => true
|
13
|
+
config.run_all_when_everything_filtered = true
|
14
|
+
config.include FactoryGirl::Syntax::Methods
|
15
|
+
config.include RSpec::JsonMatcher, type: :request
|
16
|
+
|
17
|
+
config.before(:each) do
|
18
|
+
Rails.cache.clear
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module AuthenticatedContext
|
2
|
+
extend ActiveSupport::Concern
|
3
|
+
|
4
|
+
included do
|
5
|
+
before do
|
6
|
+
header["Authorization"] = "Bearer #{access_token.token}"
|
7
|
+
end
|
8
|
+
|
9
|
+
let(:scopes) do
|
10
|
+
"public meta"
|
11
|
+
end
|
12
|
+
|
13
|
+
let(:user) do
|
14
|
+
FactoryGirl.create(:user)
|
15
|
+
end
|
16
|
+
|
17
|
+
let(:resource_owner_id) do
|
18
|
+
user.id
|
19
|
+
end
|
20
|
+
|
21
|
+
let(:application) do
|
22
|
+
FactoryGirl.create(:application)
|
23
|
+
end
|
24
|
+
|
25
|
+
let(:application_id) do
|
26
|
+
application.id
|
27
|
+
end
|
28
|
+
|
29
|
+
let(:access_token) do
|
30
|
+
FactoryGirl.create(:access_token, resource_owner_id: resource_owner_id, scopes: scopes, application: application)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|