garage-doorkeeper 1.0.0

data/spec/dummy/db/migrate/20130501215002_create_doorkeeper_tables.rb

@@ -0,0 +1,42 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         :null => false
+      t.string  :uid,          :null => false
+      t.string  :secret,       :null => false
+      t.string  :redirect_uri, :null => false
+      t.timestamps
+    end
+
+    add_index :oauth_applications, :uid, :unique => true
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, :null => false
+      t.integer  :application_id,    :null => false
+      t.string   :token,             :null => false
+      t.integer  :expires_in,        :null => false
+      t.string   :redirect_uri,      :null => false
+      t.datetime :created_at,        :null => false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_grants, :token, :unique => true
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.integer  :application_id,    :null => false
+      t.string   :token,             :null => false
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        :null => false
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_tokens, :token, :unique => true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, :unique => true
+
+  end
+end

data/spec/dummy/db/migrate/20130501215033_create_users.rb

@@ -0,0 +1,10 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.string :email
+
+      t.timestamps
+    end
+  end
+end

data/spec/dummy/db/migrate/20130501215056_create_posts.rb

@@ -0,0 +1,11 @@
+class CreatePosts < ActiveRecord::Migration
+  def change
+    create_table :posts do |t|
+      t.integer :user_id
+      t.string :title
+      t.string :body
+
+      t.timestamps
+    end
+  end
+end

data/spec/dummy/db/migrate/20130508032709_create_comments.rb

@@ -0,0 +1,11 @@
+class CreateComments < ActiveRecord::Migration
+  def change
+    create_table :comments do |t|
+      t.integer :user_id
+      t.integer :post_id
+      t.string :body
+
+      t.timestamps
+    end
+  end
+end

data/spec/dummy/db/schema.rb

@@ -0,0 +1,78 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20130508032709) do
+
+  create_table "comments", :force => true do |t|
+    t.integer  "user_id"
+    t.integer  "post_id"
+    t.string   "body"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  create_table "oauth_access_grants", :force => true do |t|
+    t.integer  "resource_owner_id", :null => false
+    t.integer  "application_id",    :null => false
+    t.string   "token",             :null => false
+    t.integer  "expires_in",        :null => false
+    t.string   "redirect_uri",      :null => false
+    t.datetime "created_at",        :null => false
+    t.datetime "revoked_at"
+    t.string   "scopes"
+  end
+
+  add_index "oauth_access_grants", ["token"], :name => "index_oauth_access_grants_on_token", :unique => true
+
+  create_table "oauth_access_tokens", :force => true do |t|
+    t.integer  "resource_owner_id"
+    t.integer  "application_id",    :null => false
+    t.string   "token",             :null => false
+    t.string   "refresh_token"
+    t.integer  "expires_in"
+    t.datetime "revoked_at"
+    t.datetime "created_at",        :null => false
+    t.string   "scopes"
+  end
+
+  add_index "oauth_access_tokens", ["refresh_token"], :name => "index_oauth_access_tokens_on_refresh_token", :unique => true
+  add_index "oauth_access_tokens", ["resource_owner_id"], :name => "index_oauth_access_tokens_on_resource_owner_id"
+  add_index "oauth_access_tokens", ["token"], :name => "index_oauth_access_tokens_on_token", :unique => true
+
+  create_table "oauth_applications", :force => true do |t|
+    t.string   "name",         :null => false
+    t.string   "uid",          :null => false
+    t.string   "secret",       :null => false
+    t.string   "redirect_uri", :null => false
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
+  end
+
+  add_index "oauth_applications", ["uid"], :name => "index_oauth_applications_on_uid", :unique => true
+
+  create_table "posts", :force => true do |t|
+    t.integer  "user_id"
+    t.string   "title"
+    t.string   "body"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  create_table "users", :force => true do |t|
+    t.string   "name"
+    t.string   "email"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+end

data/spec/dummy/doc/garage/overview.ja.md

@@ -0,0 +1,3 @@
+# 概要
+
+testing Japanese page

data/spec/dummy/doc/garage/overview.md

@@ -0,0 +1 @@
+# This is overview

data/spec/dummy/doc/garage/resources/post.md

@@ -0,0 +1 @@
+## Post resource

data/spec/dummy/doc/garage/resources/user.md

@@ -0,0 +1,90 @@
+## GET /users
+Returns users
+
+```
+GET /users
+```
+
+### response
+```
+Status: 200
+response: 
+[
+  {
+    "created_at" => "2013-06-11T17:48:09Z",
+            "id" => 1077,
+          "name" => "name 15",
+    "properties" => {},
+    "updated_at" => "2013-06-11T17:48:09Z"
+  }
+]
+```
+
+
+## GET /users/:id
+Returns the user
+
+```
+GET /users/1078
+```
+
+### response
+```
+Status: 200
+response: 
+{
+  "created_at" => "2013-06-11T17:48:09Z",
+          "id" => 1078,
+        "name" => "name 16",
+  "properties" => {},
+  "updated_at" => "2013-06-11T17:48:09Z"
+}
+```
+
+
+## POST /users
+Creates a new user
+
+```
+POST /users
+```
+
+### parameters
+* `name` string (required)
+
+
+### response
+```
+Status: 201
+location: http://www.example.com/users/1079
+response: 
+{
+  "created_at" => "2013-06-11T17:48:09Z",
+          "id" => 1079,
+        "name" => "name",
+  "properties" => {
+    "description" => "description"
+  },
+  "updated_at" => "2013-06-11T17:48:09Z"
+}
+```
+
+
+## PUT /users/:id
+Updates the user
+
+```
+PUT /users/1080
+```
+
+### parameters
+* `name` string
+
+
+### response
+```
+Status: 204
+response: 
+```
+
+

data/spec/dummy/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/500.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+</body>
+</html>

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/factories/comment.rb

@@ -0,0 +1,7 @@
+FactoryGirl.define do
+  factory :comment do
+    user
+    post
+    body { Forgery(:lorem_ipsum).words(20) }
+  end
+end

data/spec/factories/doorkeeper.rb

@@ -0,0 +1,24 @@
+FactoryGirl.define do
+  factory :access_grant, :class => Doorkeeper::AccessGrant do
+    sequence(:resource_owner_id) { |n| n }
+    application
+    redirect_uri "https://example.com/callback"
+    expires_in 100
+    scopes "public write"
+  end
+end
+
+FactoryGirl.define do
+  factory :access_token, :class => Doorkeeper::AccessToken do
+    sequence(:resource_owner_id) { |n| n }
+    application
+    expires_in 2.hours
+  end
+end
+
+FactoryGirl.define do
+  factory :application, :class => Doorkeeper::Application do
+    sequence(:name){ |n| "Application #{n}" }
+    redirect_uri "https://example.com/callback"
+  end
+end

data/spec/factories/post.rb

@@ -0,0 +1,7 @@
+FactoryGirl.define do
+  factory :post do
+    user
+    title { Forgery(:lorem_ipsum).words(5) }
+    body { Forgery(:lorem_ipsum).words(20) }
+  end
+end

data/spec/factories/user.rb

@@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :user do
+    name { Forgery(:name).full_name }
+    email { Forgery(:internet).email_address }
+  end
+end

data/spec/requests/authentication_spec.rb

@@ -0,0 +1,35 @@
+require "spec_helper"
+
+describe "Authentication" do
+  include RestApiSpecHelper
+  include AuthenticatedContext
+
+  describe "GET /echo" do
+    context "without valid token" do
+      before do
+        header["Authorization"] = "Bearer #{access_token.token}"
+        access_token.destroy
+      end
+
+      it "returns 401 with JSON" do
+        should == 401
+        response.body.should be_json
+      end
+    end
+
+    context "without any access token candidate" do
+      before do
+        header["Authorization"] = nil
+      end
+
+      it "returns 401 without access token verification" do
+        should == 401
+        response.body.should be_json
+      end
+    end
+
+    context "with valid access token from auth server" do
+      it { should == 200 }
+    end
+  end
+end

data/spec/requests/authorization_spec.rb

@@ -0,0 +1,197 @@
+require "spec_helper"
+
+describe "Authorization" do
+  include RestApiSpecHelper
+  include AuthenticatedContext
+
+  let(:alice) do
+    FactoryGirl.create(:user)
+  end
+
+  let(:bob) do
+    FactoryGirl.create(:user)
+  end
+
+  let(:scopes) do
+    "public read_private_post write_post sudo"
+  end
+
+  let(:resource_owner_id) do
+    requester.id
+  end
+
+  let(:requester) do
+    alice
+  end
+
+  let(:resource) do
+    FactoryGirl.create(:post, user: alice)
+  end
+
+  let(:id) do
+    resource.id
+  end
+
+  describe "GET /users/:user_id/posts/private" do
+    let(:user_id) do
+      alice.id
+    end
+
+    context "without valid scope" do
+      let(:scopes) do
+        "public"
+      end
+      it { should == 403 }
+    end
+
+    context "without authority" do
+      let(:requester) do
+        bob
+      end
+      it { should == 403 }
+    end
+
+    context "with valid scope" do
+      it { should == 200 }
+    end
+
+    context "with another valid scope" do
+      let(:scopes) do
+        "sudo"
+      end
+      it { should == 200 }
+    end
+  end
+
+  describe "GET /posts/:id" do
+    let(:requester) do
+      alice
+    end
+
+    context "with valid requester" do
+      it { should == 200 }
+    end
+
+    context "with another valid requester" do
+      let(:requester) do
+        bob
+      end
+      it { should == 200 }
+    end
+  end
+
+  describe "GET /posts" do
+    context "with stream=1 & no valid scope" do
+      before do
+        params[:stream] = 1
+      end
+
+      let(:scopes) do
+        "public"
+      end
+
+      it { should == 403 }
+    end
+
+    context "with stream=1 & valid scope" do
+      it { should == 200 }
+    end
+  end
+
+  describe "PUT /posts/:id" do
+    before do
+      params[:title] = "Bar"
+    end
+
+    context "with invalid requester" do
+      let(:requester) do
+        bob
+      end
+      it { should == 403 }
+    end
+
+    context "with response body option" do
+      it "returns 200 with response body" do
+        should == 200
+        response.body.should be_json_including(id: resource.id)
+      end
+    end
+  end
+
+  describe "POST /posts" do
+    before do
+      params[:title] = "test"
+    end
+
+    context "with valid condition" do
+      it { should == 201 }
+    end
+  end
+
+  describe "DELETE /posts/:id" do
+    context "with response body option" do
+      it "returns 200 with response body" do
+        should == 200
+        response.body.should be_json_including(id: resource.id)
+      end
+    end
+
+    context "with invalid requester" do
+      let(:requester) do
+        bob
+      end
+      it { should == 403 }
+    end
+  end
+
+  describe "GET /posts/namespaced" do
+    let(:scopes) do
+      "foobar.read_post"
+    end
+
+    context "with valid condition" do
+      it { should == 200 }
+    end
+
+    context "without valid scope" do
+      let(:scopes) do
+        "public"
+      end
+      it { should == 403 }
+    end
+  end
+
+  describe "log notifications" do
+    context "with 200 case" do
+      it "logs application id" do
+        get "/posts/#{id}", params, env
+        response.status.should == 200
+        response.headers["Application-Id"].should == application_id
+      end
+    end
+
+    context "with 404 case" do
+      let(:id) do
+        0
+      end
+
+      it "logs application id" do
+        get "/posts/#{id}", params, env
+        response.status.should == 404
+        response.headers["Application-Id"].should == application_id
+      end
+    end
+
+    context "with 401 case" do
+      before do
+        header.delete("Authorization")
+      end
+
+      it "logs application id" do
+        get "/posts/#{id}", params, env
+        response.status.should == 401
+        response.headers["Application-Id"].should == nil
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,20 @@
+ENV["RAILS_ENV"] ||= "test"
+require "garage"
+
+require File.expand_path("../dummy/config/environment", __FILE__)
+require "rspec/rails"
+require "rspec/autorun"
+require "webmock/rspec"
+
+Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
+
+RSpec.configure do |config|
+  config.filter_run :focus => true
+  config.run_all_when_everything_filtered = true
+  config.include FactoryGirl::Syntax::Methods
+  config.include RSpec::JsonMatcher, type: :request
+
+  config.before(:each) do
+    Rails.cache.clear
+  end
+end

data/spec/support/authenticated_context.rb

@@ -0,0 +1,33 @@
+module AuthenticatedContext
+  extend ActiveSupport::Concern
+
+  included do
+    before do
+      header["Authorization"] = "Bearer #{access_token.token}"
+    end
+
+    let(:scopes) do
+      "public meta"
+    end
+
+    let(:user) do
+      FactoryGirl.create(:user)
+    end
+
+    let(:resource_owner_id) do
+      user.id
+    end
+
+    let(:application) do
+      FactoryGirl.create(:application)
+    end
+
+    let(:application_id) do
+      application.id
+    end
+
+    let(:access_token) do
+      FactoryGirl.create(:access_token, resource_owner_id: resource_owner_id, scopes: scopes, application: application)
+    end
+  end
+end