garage-doorkeeper 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/CHANGELOG.md +2 -0
- data/Gemfile +24 -0
- data/LICENSE.txt +22 -0
- data/README.md +52 -0
- data/Rakefile +2 -0
- data/garage-doorkeeper.gemspec +22 -0
- data/lib/garage/doorkeeper/version.rb +5 -0
- data/lib/garage/doorkeeper.rb +4 -0
- data/lib/garage/strategy/doorkeeper.rb +28 -0
- data/spec/dummy/README.rdoc +261 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +15 -0
- data/spec/dummy/app/assets/stylesheets/application.css +13 -0
- data/spec/dummy/app/controllers/api_controller.rb +11 -0
- data/spec/dummy/app/controllers/application_controller.rb +10 -0
- data/spec/dummy/app/controllers/echos_controller.rb +5 -0
- data/spec/dummy/app/controllers/posts_controller.rb +101 -0
- data/spec/dummy/app/controllers/sessions_controller.rb +19 -0
- data/spec/dummy/app/controllers/users_controller.rb +6 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/helpers/current_user_helper.rb +5 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/models/comment.rb +17 -0
- data/spec/dummy/app/models/namespaced_post.rb +7 -0
- data/spec/dummy/app/models/post.rb +43 -0
- data/spec/dummy/app/models/post_body.rb +3 -0
- data/spec/dummy/app/models/post_stream.rb +2 -0
- data/spec/dummy/app/models/private_post.rb +7 -0
- data/spec/dummy/app/models/user.rb +17 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/app/views/sessions/create.html.erb +1 -0
- data/spec/dummy/app/views/sessions/destroy.html.erb +1 -0
- data/spec/dummy/app/views/sessions/new.html.erb +4 -0
- data/spec/dummy/app/views/sessions/show.html.erb +7 -0
- data/spec/dummy/config/application.rb +59 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml +39 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +37 -0
- data/spec/dummy/config/environments/production.rb +72 -0
- data/spec/dummy/config/environments/test.rb +34 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +1 -0
- data/spec/dummy/config/initializers/garage.rb +53 -0
- data/spec/dummy/config/initializers/inflections.rb +15 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/doorkeeper.en.yml +68 -0
- data/spec/dummy/config/locales/en.yml +5 -0
- data/spec/dummy/config/routes.rb +30 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/db/migrate/20130501215002_create_doorkeeper_tables.rb +42 -0
- data/spec/dummy/db/migrate/20130501215033_create_users.rb +10 -0
- data/spec/dummy/db/migrate/20130501215056_create_posts.rb +11 -0
- data/spec/dummy/db/migrate/20130508032709_create_comments.rb +11 -0
- data/spec/dummy/db/schema.rb +78 -0
- data/spec/dummy/doc/garage/overview.ja.md +3 -0
- data/spec/dummy/doc/garage/overview.md +1 -0
- data/spec/dummy/doc/garage/resources/post.md +1 -0
- data/spec/dummy/doc/garage/resources/user.md +90 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/log/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +25 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/factories/comment.rb +7 -0
- data/spec/factories/doorkeeper.rb +24 -0
- data/spec/factories/post.rb +7 -0
- data/spec/factories/user.rb +6 -0
- data/spec/requests/authentication_spec.rb +35 -0
- data/spec/requests/authorization_spec.rb +197 -0
- data/spec/spec_helper.rb +20 -0
- data/spec/support/authenticated_context.rb +33 -0
- data/spec/support/database_cleaner.rb +16 -0
- data/spec/support/rest_api_spec_helper.rb +46 -0
- metadata +217 -0
@@ -0,0 +1,42 @@
|
|
1
|
+
class CreateDoorkeeperTables < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :oauth_applications do |t|
|
4
|
+
t.string :name, :null => false
|
5
|
+
t.string :uid, :null => false
|
6
|
+
t.string :secret, :null => false
|
7
|
+
t.string :redirect_uri, :null => false
|
8
|
+
t.timestamps
|
9
|
+
end
|
10
|
+
|
11
|
+
add_index :oauth_applications, :uid, :unique => true
|
12
|
+
|
13
|
+
create_table :oauth_access_grants do |t|
|
14
|
+
t.integer :resource_owner_id, :null => false
|
15
|
+
t.integer :application_id, :null => false
|
16
|
+
t.string :token, :null => false
|
17
|
+
t.integer :expires_in, :null => false
|
18
|
+
t.string :redirect_uri, :null => false
|
19
|
+
t.datetime :created_at, :null => false
|
20
|
+
t.datetime :revoked_at
|
21
|
+
t.string :scopes
|
22
|
+
end
|
23
|
+
|
24
|
+
add_index :oauth_access_grants, :token, :unique => true
|
25
|
+
|
26
|
+
create_table :oauth_access_tokens do |t|
|
27
|
+
t.integer :resource_owner_id
|
28
|
+
t.integer :application_id, :null => false
|
29
|
+
t.string :token, :null => false
|
30
|
+
t.string :refresh_token
|
31
|
+
t.integer :expires_in
|
32
|
+
t.datetime :revoked_at
|
33
|
+
t.datetime :created_at, :null => false
|
34
|
+
t.string :scopes
|
35
|
+
end
|
36
|
+
|
37
|
+
add_index :oauth_access_tokens, :token, :unique => true
|
38
|
+
add_index :oauth_access_tokens, :resource_owner_id
|
39
|
+
add_index :oauth_access_tokens, :refresh_token, :unique => true
|
40
|
+
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
# This file is auto-generated from the current state of the database. Instead
|
3
|
+
# of editing this file, please use the migrations feature of Active Record to
|
4
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
5
|
+
#
|
6
|
+
# Note that this schema.rb definition is the authoritative source for your
|
7
|
+
# database schema. If you need to create the application database on another
|
8
|
+
# system, you should be using db:schema:load, not running all the migrations
|
9
|
+
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
10
|
+
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
11
|
+
#
|
12
|
+
# It's strongly recommended to check this file into your version control system.
|
13
|
+
|
14
|
+
ActiveRecord::Schema.define(:version => 20130508032709) do
|
15
|
+
|
16
|
+
create_table "comments", :force => true do |t|
|
17
|
+
t.integer "user_id"
|
18
|
+
t.integer "post_id"
|
19
|
+
t.string "body"
|
20
|
+
t.datetime "created_at", :null => false
|
21
|
+
t.datetime "updated_at", :null => false
|
22
|
+
end
|
23
|
+
|
24
|
+
create_table "oauth_access_grants", :force => true do |t|
|
25
|
+
t.integer "resource_owner_id", :null => false
|
26
|
+
t.integer "application_id", :null => false
|
27
|
+
t.string "token", :null => false
|
28
|
+
t.integer "expires_in", :null => false
|
29
|
+
t.string "redirect_uri", :null => false
|
30
|
+
t.datetime "created_at", :null => false
|
31
|
+
t.datetime "revoked_at"
|
32
|
+
t.string "scopes"
|
33
|
+
end
|
34
|
+
|
35
|
+
add_index "oauth_access_grants", ["token"], :name => "index_oauth_access_grants_on_token", :unique => true
|
36
|
+
|
37
|
+
create_table "oauth_access_tokens", :force => true do |t|
|
38
|
+
t.integer "resource_owner_id"
|
39
|
+
t.integer "application_id", :null => false
|
40
|
+
t.string "token", :null => false
|
41
|
+
t.string "refresh_token"
|
42
|
+
t.integer "expires_in"
|
43
|
+
t.datetime "revoked_at"
|
44
|
+
t.datetime "created_at", :null => false
|
45
|
+
t.string "scopes"
|
46
|
+
end
|
47
|
+
|
48
|
+
add_index "oauth_access_tokens", ["refresh_token"], :name => "index_oauth_access_tokens_on_refresh_token", :unique => true
|
49
|
+
add_index "oauth_access_tokens", ["resource_owner_id"], :name => "index_oauth_access_tokens_on_resource_owner_id"
|
50
|
+
add_index "oauth_access_tokens", ["token"], :name => "index_oauth_access_tokens_on_token", :unique => true
|
51
|
+
|
52
|
+
create_table "oauth_applications", :force => true do |t|
|
53
|
+
t.string "name", :null => false
|
54
|
+
t.string "uid", :null => false
|
55
|
+
t.string "secret", :null => false
|
56
|
+
t.string "redirect_uri", :null => false
|
57
|
+
t.datetime "created_at", :null => false
|
58
|
+
t.datetime "updated_at", :null => false
|
59
|
+
end
|
60
|
+
|
61
|
+
add_index "oauth_applications", ["uid"], :name => "index_oauth_applications_on_uid", :unique => true
|
62
|
+
|
63
|
+
create_table "posts", :force => true do |t|
|
64
|
+
t.integer "user_id"
|
65
|
+
t.string "title"
|
66
|
+
t.string "body"
|
67
|
+
t.datetime "created_at", :null => false
|
68
|
+
t.datetime "updated_at", :null => false
|
69
|
+
end
|
70
|
+
|
71
|
+
create_table "users", :force => true do |t|
|
72
|
+
t.string "name"
|
73
|
+
t.string "email"
|
74
|
+
t.datetime "created_at", :null => false
|
75
|
+
t.datetime "updated_at", :null => false
|
76
|
+
end
|
77
|
+
|
78
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
# This is overview
|
@@ -0,0 +1 @@
|
|
1
|
+
## Post resource
|
@@ -0,0 +1,90 @@
|
|
1
|
+
## GET /users
|
2
|
+
Returns users
|
3
|
+
|
4
|
+
```
|
5
|
+
GET /users
|
6
|
+
```
|
7
|
+
|
8
|
+
### response
|
9
|
+
```
|
10
|
+
Status: 200
|
11
|
+
response:
|
12
|
+
[
|
13
|
+
{
|
14
|
+
"created_at" => "2013-06-11T17:48:09Z",
|
15
|
+
"id" => 1077,
|
16
|
+
"name" => "name 15",
|
17
|
+
"properties" => {},
|
18
|
+
"updated_at" => "2013-06-11T17:48:09Z"
|
19
|
+
}
|
20
|
+
]
|
21
|
+
```
|
22
|
+
|
23
|
+
|
24
|
+
## GET /users/:id
|
25
|
+
Returns the user
|
26
|
+
|
27
|
+
```
|
28
|
+
GET /users/1078
|
29
|
+
```
|
30
|
+
|
31
|
+
### response
|
32
|
+
```
|
33
|
+
Status: 200
|
34
|
+
response:
|
35
|
+
{
|
36
|
+
"created_at" => "2013-06-11T17:48:09Z",
|
37
|
+
"id" => 1078,
|
38
|
+
"name" => "name 16",
|
39
|
+
"properties" => {},
|
40
|
+
"updated_at" => "2013-06-11T17:48:09Z"
|
41
|
+
}
|
42
|
+
```
|
43
|
+
|
44
|
+
|
45
|
+
## POST /users
|
46
|
+
Creates a new user
|
47
|
+
|
48
|
+
```
|
49
|
+
POST /users
|
50
|
+
```
|
51
|
+
|
52
|
+
### parameters
|
53
|
+
* `name` string (required)
|
54
|
+
|
55
|
+
|
56
|
+
### response
|
57
|
+
```
|
58
|
+
Status: 201
|
59
|
+
location: http://www.example.com/users/1079
|
60
|
+
response:
|
61
|
+
{
|
62
|
+
"created_at" => "2013-06-11T17:48:09Z",
|
63
|
+
"id" => 1079,
|
64
|
+
"name" => "name",
|
65
|
+
"properties" => {
|
66
|
+
"description" => "description"
|
67
|
+
},
|
68
|
+
"updated_at" => "2013-06-11T17:48:09Z"
|
69
|
+
}
|
70
|
+
```
|
71
|
+
|
72
|
+
|
73
|
+
## PUT /users/:id
|
74
|
+
Updates the user
|
75
|
+
|
76
|
+
```
|
77
|
+
PUT /users/1080
|
78
|
+
```
|
79
|
+
|
80
|
+
### parameters
|
81
|
+
* `name` string
|
82
|
+
|
83
|
+
|
84
|
+
### response
|
85
|
+
```
|
86
|
+
Status: 204
|
87
|
+
response:
|
88
|
+
```
|
89
|
+
|
90
|
+
|
File without changes
|
File without changes
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The page you were looking for doesn't exist (404)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/404.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>The page you were looking for doesn't exist.</h1>
|
23
|
+
<p>You may have mistyped the address or the page may have moved.</p>
|
24
|
+
</div>
|
25
|
+
</body>
|
26
|
+
</html>
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The change you wanted was rejected (422)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/422.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>The change you wanted was rejected.</h1>
|
23
|
+
<p>Maybe you tried to change something you didn't have access to.</p>
|
24
|
+
</div>
|
25
|
+
</body>
|
26
|
+
</html>
|
@@ -0,0 +1,25 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>We're sorry, but something went wrong (500)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/500.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>We're sorry, but something went wrong.</h1>
|
23
|
+
</div>
|
24
|
+
</body>
|
25
|
+
</html>
|
File without changes
|
@@ -0,0 +1,6 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
+
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
6
|
+
require 'rails/commands'
|
@@ -0,0 +1,24 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
factory :access_grant, :class => Doorkeeper::AccessGrant do
|
3
|
+
sequence(:resource_owner_id) { |n| n }
|
4
|
+
application
|
5
|
+
redirect_uri "https://example.com/callback"
|
6
|
+
expires_in 100
|
7
|
+
scopes "public write"
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
FactoryGirl.define do
|
12
|
+
factory :access_token, :class => Doorkeeper::AccessToken do
|
13
|
+
sequence(:resource_owner_id) { |n| n }
|
14
|
+
application
|
15
|
+
expires_in 2.hours
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
FactoryGirl.define do
|
20
|
+
factory :application, :class => Doorkeeper::Application do
|
21
|
+
sequence(:name){ |n| "Application #{n}" }
|
22
|
+
redirect_uri "https://example.com/callback"
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe "Authentication" do
|
4
|
+
include RestApiSpecHelper
|
5
|
+
include AuthenticatedContext
|
6
|
+
|
7
|
+
describe "GET /echo" do
|
8
|
+
context "without valid token" do
|
9
|
+
before do
|
10
|
+
header["Authorization"] = "Bearer #{access_token.token}"
|
11
|
+
access_token.destroy
|
12
|
+
end
|
13
|
+
|
14
|
+
it "returns 401 with JSON" do
|
15
|
+
should == 401
|
16
|
+
response.body.should be_json
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
context "without any access token candidate" do
|
21
|
+
before do
|
22
|
+
header["Authorization"] = nil
|
23
|
+
end
|
24
|
+
|
25
|
+
it "returns 401 without access token verification" do
|
26
|
+
should == 401
|
27
|
+
response.body.should be_json
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
context "with valid access token from auth server" do
|
32
|
+
it { should == 200 }
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,197 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe "Authorization" do
|
4
|
+
include RestApiSpecHelper
|
5
|
+
include AuthenticatedContext
|
6
|
+
|
7
|
+
let(:alice) do
|
8
|
+
FactoryGirl.create(:user)
|
9
|
+
end
|
10
|
+
|
11
|
+
let(:bob) do
|
12
|
+
FactoryGirl.create(:user)
|
13
|
+
end
|
14
|
+
|
15
|
+
let(:scopes) do
|
16
|
+
"public read_private_post write_post sudo"
|
17
|
+
end
|
18
|
+
|
19
|
+
let(:resource_owner_id) do
|
20
|
+
requester.id
|
21
|
+
end
|
22
|
+
|
23
|
+
let(:requester) do
|
24
|
+
alice
|
25
|
+
end
|
26
|
+
|
27
|
+
let(:resource) do
|
28
|
+
FactoryGirl.create(:post, user: alice)
|
29
|
+
end
|
30
|
+
|
31
|
+
let(:id) do
|
32
|
+
resource.id
|
33
|
+
end
|
34
|
+
|
35
|
+
describe "GET /users/:user_id/posts/private" do
|
36
|
+
let(:user_id) do
|
37
|
+
alice.id
|
38
|
+
end
|
39
|
+
|
40
|
+
context "without valid scope" do
|
41
|
+
let(:scopes) do
|
42
|
+
"public"
|
43
|
+
end
|
44
|
+
it { should == 403 }
|
45
|
+
end
|
46
|
+
|
47
|
+
context "without authority" do
|
48
|
+
let(:requester) do
|
49
|
+
bob
|
50
|
+
end
|
51
|
+
it { should == 403 }
|
52
|
+
end
|
53
|
+
|
54
|
+
context "with valid scope" do
|
55
|
+
it { should == 200 }
|
56
|
+
end
|
57
|
+
|
58
|
+
context "with another valid scope" do
|
59
|
+
let(:scopes) do
|
60
|
+
"sudo"
|
61
|
+
end
|
62
|
+
it { should == 200 }
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
describe "GET /posts/:id" do
|
67
|
+
let(:requester) do
|
68
|
+
alice
|
69
|
+
end
|
70
|
+
|
71
|
+
context "with valid requester" do
|
72
|
+
it { should == 200 }
|
73
|
+
end
|
74
|
+
|
75
|
+
context "with another valid requester" do
|
76
|
+
let(:requester) do
|
77
|
+
bob
|
78
|
+
end
|
79
|
+
it { should == 200 }
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
describe "GET /posts" do
|
84
|
+
context "with stream=1 & no valid scope" do
|
85
|
+
before do
|
86
|
+
params[:stream] = 1
|
87
|
+
end
|
88
|
+
|
89
|
+
let(:scopes) do
|
90
|
+
"public"
|
91
|
+
end
|
92
|
+
|
93
|
+
it { should == 403 }
|
94
|
+
end
|
95
|
+
|
96
|
+
context "with stream=1 & valid scope" do
|
97
|
+
it { should == 200 }
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
describe "PUT /posts/:id" do
|
102
|
+
before do
|
103
|
+
params[:title] = "Bar"
|
104
|
+
end
|
105
|
+
|
106
|
+
context "with invalid requester" do
|
107
|
+
let(:requester) do
|
108
|
+
bob
|
109
|
+
end
|
110
|
+
it { should == 403 }
|
111
|
+
end
|
112
|
+
|
113
|
+
context "with response body option" do
|
114
|
+
it "returns 200 with response body" do
|
115
|
+
should == 200
|
116
|
+
response.body.should be_json_including(id: resource.id)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
describe "POST /posts" do
|
122
|
+
before do
|
123
|
+
params[:title] = "test"
|
124
|
+
end
|
125
|
+
|
126
|
+
context "with valid condition" do
|
127
|
+
it { should == 201 }
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
describe "DELETE /posts/:id" do
|
132
|
+
context "with response body option" do
|
133
|
+
it "returns 200 with response body" do
|
134
|
+
should == 200
|
135
|
+
response.body.should be_json_including(id: resource.id)
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
context "with invalid requester" do
|
140
|
+
let(:requester) do
|
141
|
+
bob
|
142
|
+
end
|
143
|
+
it { should == 403 }
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
147
|
+
describe "GET /posts/namespaced" do
|
148
|
+
let(:scopes) do
|
149
|
+
"foobar.read_post"
|
150
|
+
end
|
151
|
+
|
152
|
+
context "with valid condition" do
|
153
|
+
it { should == 200 }
|
154
|
+
end
|
155
|
+
|
156
|
+
context "without valid scope" do
|
157
|
+
let(:scopes) do
|
158
|
+
"public"
|
159
|
+
end
|
160
|
+
it { should == 403 }
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
describe "log notifications" do
|
165
|
+
context "with 200 case" do
|
166
|
+
it "logs application id" do
|
167
|
+
get "/posts/#{id}", params, env
|
168
|
+
response.status.should == 200
|
169
|
+
response.headers["Application-Id"].should == application_id
|
170
|
+
end
|
171
|
+
end
|
172
|
+
|
173
|
+
context "with 404 case" do
|
174
|
+
let(:id) do
|
175
|
+
0
|
176
|
+
end
|
177
|
+
|
178
|
+
it "logs application id" do
|
179
|
+
get "/posts/#{id}", params, env
|
180
|
+
response.status.should == 404
|
181
|
+
response.headers["Application-Id"].should == application_id
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
context "with 401 case" do
|
186
|
+
before do
|
187
|
+
header.delete("Authorization")
|
188
|
+
end
|
189
|
+
|
190
|
+
it "logs application id" do
|
191
|
+
get "/posts/#{id}", params, env
|
192
|
+
response.status.should == 401
|
193
|
+
response.headers["Application-Id"].should == nil
|
194
|
+
end
|
195
|
+
end
|
196
|
+
end
|
197
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
ENV["RAILS_ENV"] ||= "test"
|
2
|
+
require "garage"
|
3
|
+
|
4
|
+
require File.expand_path("../dummy/config/environment", __FILE__)
|
5
|
+
require "rspec/rails"
|
6
|
+
require "rspec/autorun"
|
7
|
+
require "webmock/rspec"
|
8
|
+
|
9
|
+
Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
|
10
|
+
|
11
|
+
RSpec.configure do |config|
|
12
|
+
config.filter_run :focus => true
|
13
|
+
config.run_all_when_everything_filtered = true
|
14
|
+
config.include FactoryGirl::Syntax::Methods
|
15
|
+
config.include RSpec::JsonMatcher, type: :request
|
16
|
+
|
17
|
+
config.before(:each) do
|
18
|
+
Rails.cache.clear
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module AuthenticatedContext
|
2
|
+
extend ActiveSupport::Concern
|
3
|
+
|
4
|
+
included do
|
5
|
+
before do
|
6
|
+
header["Authorization"] = "Bearer #{access_token.token}"
|
7
|
+
end
|
8
|
+
|
9
|
+
let(:scopes) do
|
10
|
+
"public meta"
|
11
|
+
end
|
12
|
+
|
13
|
+
let(:user) do
|
14
|
+
FactoryGirl.create(:user)
|
15
|
+
end
|
16
|
+
|
17
|
+
let(:resource_owner_id) do
|
18
|
+
user.id
|
19
|
+
end
|
20
|
+
|
21
|
+
let(:application) do
|
22
|
+
FactoryGirl.create(:application)
|
23
|
+
end
|
24
|
+
|
25
|
+
let(:application_id) do
|
26
|
+
application.id
|
27
|
+
end
|
28
|
+
|
29
|
+
let(:access_token) do
|
30
|
+
FactoryGirl.create(:access_token, resource_owner_id: resource_owner_id, scopes: scopes, application: application)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|