google_sign_in 1.2.1 → 1.3.0

data/test/models/identity_test.rb

@@ -1,88 +0,0 @@
-require 'test_helper'
-require 'jwt'
-
-class GoogleSignIn::IdentityTest < ActiveSupport::TestCase
-  test "client_id must be set" do
-    switch_client_id_to nil do
-      assert_raises(ArgumentError) { GoogleSignIn::Identity.new("some_fake_token") }
-    end
-  end
-
-  test "client_id must be in the token audience" do
-    assert_raises GoogleSignIn::Identity::ValidationError do
-      GoogleSignIn::Identity.new(token_with(aud: "invalid"))
-    end
-  end
-
-  test "token must have a valid issuer" do
-    assert_raises GoogleSignIn::Identity::ValidationError do
-      GoogleSignIn::Identity.new(token_with(iss: "invalid"))
-    end
-  end
-
-  test "token must be signed with the correct key" do
-    assert_raises GoogleSignIn::Identity::ValidationError do
-      GoogleSignIn::Identity.new(token_with(key: OpenSSL::PKey::RSA.new(2048)))
-    end
-  end
-
-  test "token must not be expired" do
-    freeze_time do
-      assert_raises GoogleSignIn::Identity::ValidationError do
-        GoogleSignIn::Identity.new(token_with(iat: 10.minutes.ago.to_i, exp: 5.minutes.ago.to_i))
-      end
-    end
-  end
-
-  test "extracting user ID" do
-    assert_equal "573222559223877", GoogleSignIn::Identity.new(token_with(sub: "573222559223877")).user_id
-  end
-
-  test "extracting name" do
-    assert_equal "George Claghorn", GoogleSignIn::Identity.new(token_with(name: "George Claghorn")).name
-  end
-
-  test "extracting email address" do
-    assert_equal "george@basecamp.com", GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com")).email_address
-  end
-
-  test "extracting email verification status" do
-    assert GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com", email_verified: true)).email_verified?
-    assert_not GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com", email_verified: false)).email_verified?
-    assert_not GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com")).email_verified?
-  end
-
-  test "extracting avatar URL" do
-    assert_equal "https://example.com/avatar.png",
-      GoogleSignIn::Identity.new(token_with(picture: "https://example.com/avatar.png")).avatar_url
-  end
-
-  test "extracting locale" do
-    assert_equal "en-US", GoogleSignIn::Identity.new(token_with(locale: "en-US")).locale
-  end
-
-  test "extracting hosted G Suite domain" do
-    assert_equal "basecamp.com", GoogleSignIn::Identity.new(token_with(hd: "basecamp.com")).hosted_domain
-  end
-
-  test "extracting given name" do
-    assert_equal "George", GoogleSignIn::Identity.new(token_with(given_name: "George")).given_name
-  end
-
-  test "extracting family name" do
-    assert_equal "Claghorn", GoogleSignIn::Identity.new(token_with(family_name: "Claghorn")).family_name
-  end
-
-  private
-    def switch_client_id_to(value)
-      previous_value = GoogleSignIn.client_id
-      GoogleSignIn.client_id = value
-      yield
-    ensure
-      GoogleSignIn.client_id = previous_value
-    end
-
-    def token_with(aud: FAKE_GOOGLE_CLIENT_ID, iss: "https://accounts.google.com", key: GOOGLE_PRIVATE_KEY, **payload)
-      JWT.encode(payload.merge(aud: aud, iss: iss), key, "RS256")
-    end
-end

data/test/models/redirect_protector_test.rb

@@ -1,40 +0,0 @@
-require 'test_helper'
-require 'google_sign_in/redirect_protector'
-
-class GoogleSignIn::RedirectProtectorTest < ActiveSupport::TestCase
-  test "disallows URL target with different host than source" do
-    assert_raises GoogleSignIn::RedirectProtector::Violation do
-      GoogleSignIn::RedirectProtector.ensure_same_origin 'https://malicious.example.com', 'https://basecamp.com'
-    end
-  end
-
-  test "disallows URL target with different port than source" do
-    assert_raises GoogleSignIn::RedirectProtector::Violation do
-      GoogleSignIn::RedirectProtector.ensure_same_origin 'https://basecamp.com:10443', 'https://basecamp.com'
-    end
-  end
-
-  test "disallows URL target with different protocol than source" do
-    assert_raises GoogleSignIn::RedirectProtector::Violation do
-      GoogleSignIn::RedirectProtector.ensure_same_origin 'http://basecamp.com', 'https://basecamp.com'
-    end
-  end
-
-  test "disallows empty URL target" do
-    assert_raises GoogleSignIn::RedirectProtector::Violation do
-      GoogleSignIn::RedirectProtector.ensure_same_origin nil, 'https://basecamp.com'
-    end
-  end
-
-  test "allows URL target with same origin as source" do
-    assert_nothing_raised do
-      GoogleSignIn::RedirectProtector.ensure_same_origin 'https://basecamp.com', 'https://basecamp.com'
-    end
-  end
-
-  test "allows path target" do
-    assert_nothing_raised do
-      GoogleSignIn::RedirectProtector.ensure_same_origin '/callback', 'https://basecamp.com'
-    end
-  end
-end

data/test/test_helper.rb

@@ -1,28 +0,0 @@
-ENV['RAILS_ENV'] = 'test'
-
-FAKE_GOOGLE_CLIENT_ID = '86179201039-eks5VfVc46WoFYyZVUDpQHeZFDRCqno3.apps.googleusercontent.com'
-FAKE_GOOGLE_CLIENT_SECRET = 'r(XsBajmyMddruvf$jDgLyPK'
-
-require_relative '../test/dummy/config/environment'
-
-require 'rails/test_help'
-require 'webmock/minitest'
-require 'byebug'
-
-require 'openssl'
-GOOGLE_PRIVATE_KEY = OpenSSL::PKey::RSA.new(File.read(File.expand_path('key.pem', __dir__)))
-GOOGLE_X509_CERTIFICATE = OpenSSL::X509::Certificate.new(File.read(File.expand_path('certificate.pem', __dir__)))
-
-if GOOGLE_X509_CERTIFICATE.not_after <= Time.now
-  raise "Test certificate is expired. Generate a new one and run the tests again: `bundle exec rake test:certificate:generate`."
-end
-
-require 'google-id-token'
-GoogleSignIn::Identity.validator = GoogleIDToken::Validator.new(x509_cert: GOOGLE_X509_CERTIFICATE)
-
-class ActionView::TestCase
-  private
-    def assert_dom_equal(expected, actual, message = nil)
-      super expected.remove(/(\A|\n)\s*/), actual, message
-    end
-end