grape_oauth2 0.1.1 → 0.2.0

data/spec/mixins/mongoid/client_spec.rb

@@ -1,95 +1,104 @@
-require 'spec_helper'
-
-describe 'Grape::OAuth2::Mongoid::Client', skip_if: ENV['ORM'] != 'mongoid' do
-  let(:client) { Application.new }
-
-  let(:key) { SecureRandom.hex(8)  }
-  let(:secret) { SecureRandom.hex(8) }
-
-  it 'generates key on create' do
-    expect(client.key).to be_nil
-    client.save
-    expect(client.key).not_to be_nil
-  end
-
-  it 'generates key on create if an empty string' do
-    client.key = ''
-    client.save
-    expect(client.key).not_to be_blank
-  end
-
-  it 'generates key on create unless one is set' do
-    client.key = key
-    client.save
-    expect(client.key).to eq(key)
-  end
-
-  it 'is invalid without key' do
-    client.save
-    client.key = nil
-    expect(client).not_to be_valid
-  end
-
-  it 'checks uniqueness of key' do
-    app1 = Application.create
-    app2 = Application.create
-    app2.key = app1.key
-    expect(app2).not_to be_valid
-  end
-
-  it 'expects database to throw an error when keys are the same' do
-    app1 = Application.create
-    app2 = Application.create
-    app2.key = app1.key
-    expect { app2.save! }.to raise_error(Mongoid::Errors::Validations)
-  end
-
-  it 'generate secret on create' do
-    expect(client.secret).to be_nil
-    client.save
-    expect(client.secret).not_to be_nil
-  end
-
-  it 'generate secret on create if is blank string' do
-    client.secret = ''
-    client.save
-    expect(client.secret).not_to be_blank
-  end
-
-  it 'generate secret on create unless one is set' do
-    client.secret = secret
-    client.save
-    expect(client.secret).to eq(secret)
-  end
-
-  it 'is invalid without secret' do
-    client.save
-    client.secret = nil
-    expect(client).not_to be_valid
-  end
-
-  describe '#authenticate' do
-    it 'returns a class instance if authenticated successfully' do
-      client.key = key
-      client.secret = secret
-      client.save
-
-      expect(Application.authenticate(key, secret)).to eq(client)
-    end
-
-    it 'returns a class instance if only key specified' do
-      client.key = key
-      client.save
-
-      expect(Application.authenticate(key)).to eq(client)
-    end
-
-    it 'returns nil if authentication failed' do
-      client.key = key
-      client.secret = secret
-      client.save
-
-      expect(Application.authenticate(key, 'invalid-')).to be_nil
-    end
-  end
-end
+require 'spec_helper'
+
+describe 'Grape::OAuth2::Mongoid::Client', skip_if: ENV['ORM'] != 'mongoid' do
+  let(:client) { Application.new }
+
+  let(:key) { SecureRandom.hex(8)  }
+  let(:secret) { SecureRandom.hex(8) }
+
+  it 'generates key on create' do
+    expect(client.key).to be_nil
+    client.save
+    expect(client.key).not_to be_nil
+  end
+
+  it 'generates key on create if an empty string' do
+    client.key = ''
+    client.save
+    expect(client.key).not_to be_blank
+  end
+
+  it 'generates key on create unless one is set' do
+    client.key = key
+    client.save
+    expect(client.key).to eq(key)
+  end
+
+  it 'is invalid without key' do
+    client.save
+    client.key = nil
+    expect(client).not_to be_valid
+  end
+
+  it 'checks uniqueness of key' do
+    app1 = Application.create
+    app2 = Application.create
+    app2.key = app1.key
+    expect(app2).not_to be_valid
+  end
+
+  it 'expects database to throw an error when keys are the same' do
+    app1 = Application.create
+    app2 = Application.create
+    app2.key = app1.key
+    expect { app2.save! }.to raise_error(Mongoid::Errors::Validations)
+  end
+
+  it 'generate secret on create' do
+    expect(client.secret).to be_nil
+    client.save
+    expect(client.secret).not_to be_nil
+  end
+
+  it 'generate secret on create if is blank string' do
+    client.secret = ''
+    client.save
+    expect(client.secret).not_to be_blank
+  end
+
+  it 'generate secret on create unless one is set' do
+    client.secret = secret
+    client.save
+    expect(client.secret).to eq(secret)
+  end
+
+  it 'is invalid without secret' do
+    client.save
+    client.secret = nil
+    expect(client).not_to be_valid
+  end
+
+  describe '#authenticate' do
+    it 'returns a class instance if authenticated successfully' do
+      client.key = key
+      client.secret = secret
+      client.save
+
+      expect(Application.authenticate(key, secret)).to eq(client)
+    end
+
+    it 'returns a class instance if only key specified' do
+      client.key = key
+      client.save
+
+      expect(Application.authenticate(key)).to eq(client)
+    end
+
+    it 'returns nil if authentication failed' do
+      client.key = key
+      client.secret = secret
+      client.save
+
+      expect(Application.authenticate(key, 'invalid-')).to be_nil
+    end
+
+    it 'delete all the associated access tokens on destroy' do
+      user = User.create(username: 'John', password: '123123')
+      app = Application.create(name: 'app1', redirect_uri: 'https://google.com')
+
+      3.times { AccessToken.create(resource_owner_id: user.id, client_id: app.id) }
+
+      expect { app.reload.destroy }.to change { AccessToken.count }.from(3).to(0)
+    end
+  end
+end

data/spec/mixins/sequel/access_token_spec.rb

@@ -1,185 +1,185 @@
-require 'spec_helper'
-
-describe 'Grape::OAuth2::Sequel::AccessToken', skip_if: ENV['ORM'] != 'sequel' do
-  let(:application) { Application.create(name: 'Test') }
-  let(:user) { User.create(username: 'test', password: '123123') }
-  let(:access_token) { AccessToken.create(client: application, resource_owner: user) }
-
-  let(:token) { SecureRandom.hex(16) }
-
-  describe 'validations' do
-    it 'validate token uniqueness' do
-      another_token = AccessToken.create(client: application)
-      token = AccessToken.new(client: application, token: another_token.token)
-
-      expect(token).not_to be_valid
-      expect(token.errors).to include(:token)
-    end
-  end
-
-  describe '#to_bearer_token' do
-    context 'config with refresh token' do
-      before do
-        Grape::OAuth2.config.issue_refresh_token = true
-      end
-
-      after do
-        Grape::OAuth2.config.issue_refresh_token = false
-      end
-
-      it 'returns refresh token' do
-        expect(access_token.to_bearer_token[:access_token]).not_to be_blank
-      end
-    end
-
-    context 'config without refresh token' do
-      before do
-        Grape::OAuth2.configure do |config|
-          config.issue_refresh_token = false
-        end
-      end
-
-      it 'returns blank refresh token' do
-        expect(access_token.to_bearer_token[:refresh_token]).to be_blank
-      end
-    end
-  end
-
-  describe '#authenticate' do
-    it 'returns an instance if authenticated successfully' do
-      access_token.token = token
-      access_token.save
-
-      expect(AccessToken.authenticate(token)).to eq(access_token)
-    end
-
-    it 'returns nil if authentication failed' do
-      access_token.token = token
-      access_token.save
-
-      expect(AccessToken.authenticate("invalid-#{token}")).to be_nil
-    end
-
-    it 'returns an instance by refresh token' do
-      refresh_token = SecureRandom.hex(6)
-      token = AccessToken.create(client: application, refresh_token: refresh_token)
-
-      expect(AccessToken.authenticate(refresh_token, type: :refresh_token)).to eq(token)
-      expect(AccessToken.authenticate(refresh_token, type: 'refresh_token')).to eq(token)
-    end
-  end
-
-  describe '#create_for?' do
-    it 'creates a record only for Client' do
-      token = AccessToken.create_for(application, nil)
-
-      expect(token.client).not_to be_nil
-      expect(token.resource_owner).to be_nil
-    end
-
-    it 'creates a record for Client and Resource Owner' do
-      token = AccessToken.create_for(application, user)
-
-      expect(token.client).to eq(application)
-      expect(token.resource_owner).to eq(user)
-    end
-
-    it 'creates a record with scopes' do
-      scopes = 'write read'
-      token = AccessToken.create_for(application, user, scopes)
-
-      expect(token.client).to eq(application)
-      expect(token.resource_owner).to eq(user)
-      expect(token.scopes).to eq(scopes)
-    end
-  end
-
-  describe '#expired?' do
-    it 'return false if expires_at nil' do
-      access_token.update_fields({ expires_at: nil }, [:expires_at])
-
-      expect(access_token.expired?).to be_falsey
-    end
-
-    it 'return false if expires_at < Time.now' do
-      expect(access_token.expired?).to be_falsey
-    end
-
-    it 'return false if expires_at > Time.now' do
-      expires_at = Time.now.utc - Grape::OAuth2.config.access_token_lifetime + 1
-      access_token.update_fields({ expires_at: expires_at }, [:expires_at])
-
-      expect(access_token.expired?).to be_truthy
-    end
-  end
-
-  describe '#revoked?' do
-    it 'return false if revoked_at nil' do
-      access_token.update_fields({ revoked_at: nil }, [:revoked_at])
-
-      expect(access_token.revoked?).to be_falsey
-    end
-
-    it 'return false if revoked_at present' do
-      access_token.update_fields({ revoked_at: Time.now.utc }, [:revoked_at])
-      expect(access_token.revoked?).to be_truthy
-    end
-  end
-
-  describe '#revoke!' do
-    it 'update :revoked_at attribute' do
-      expect { access_token.revoke! }.to change { access_token.revoked? }.from(false).to(true)
-    end
-
-    it 'update :revoked_at attribute with custom value' do
-      custom_time = Time.now - 7200
-      access_token.revoke!(custom_time)
-
-      expect(access_token.revoked_at).to eq(custom_time.utc)
-    end
-  end
-
-  describe 'token generation' do
-    it 'generates a new token before saving if token is blank' do
-      token = AccessToken.new(client: application, resource_owner: user)
-
-      expect(token.token).to be_blank
-
-      token.save
-
-      expect(token.token).not_to be_blank
-    end
-
-    it 'does not change token value on saving if token is present' do
-      token = AccessToken.new(client: application, resource_owner: user, token: 'abcdef')
-
-      expect(token.token).not_to be_blank
-
-      token.save
-
-      expect(token.token).to eq('abcdef')
-    end
-  end
-
-  describe 'expiration' do
-    it 'set to nil if configuration option set to nil' do
-      Grape::OAuth2.config.access_token_lifetime = nil
-
-      token = AccessToken.create(client: application, resource_owner: user)
-      expect(token.expires_at).to be_nil
-
-      Grape::OAuth2.config.access_token_lifetime = Grape::OAuth2::Configuration::DEFAULT_TOKEN_LIFETIME
-    end
-
-    it 'set to specific time if configuration option set to some value' do
-      current_time = Time.now.utc
-      Grape::OAuth2.config.access_token_lifetime = 3500
-
-      token = AccessToken.create(client: application, resource_owner: user)
-      expect(token.expires_at).not_to be_nil
-      expect(token.expires_at).to be_within(1).of(current_time + 3500)
-
-      Grape::OAuth2.config.access_token_lifetime = Grape::OAuth2::Configuration::DEFAULT_TOKEN_LIFETIME
-    end
-  end
-end
+require 'spec_helper'
+
+describe 'Grape::OAuth2::Sequel::AccessToken', skip_if: ENV['ORM'] != 'sequel' do
+  let(:application) { Application.create(name: 'Test') }
+  let(:user) { User.create(username: 'test', password: '123123') }
+  let(:access_token) { AccessToken.create(client: application, resource_owner: user) }
+
+  let(:token) { SecureRandom.hex(16) }
+
+  describe 'validations' do
+    it 'validate token uniqueness' do
+      another_token = AccessToken.create(client: application)
+      token = AccessToken.new(client: application, token: another_token.token)
+
+      expect(token).not_to be_valid
+      expect(token.errors).to include(:token)
+    end
+  end
+
+  describe '#to_bearer_token' do
+    context 'config with refresh token' do
+      before do
+        Grape::OAuth2.config.issue_refresh_token = true
+      end
+
+      after do
+        Grape::OAuth2.config.issue_refresh_token = false
+      end
+
+      it 'returns refresh token' do
+        expect(access_token.to_bearer_token[:access_token]).not_to be_blank
+      end
+    end
+
+    context 'config without refresh token' do
+      before do
+        Grape::OAuth2.configure do |config|
+          config.issue_refresh_token = false
+        end
+      end
+
+      it 'returns blank refresh token' do
+        expect(access_token.to_bearer_token[:refresh_token]).to be_blank
+      end
+    end
+  end
+
+  describe '#authenticate' do
+    it 'returns an instance if authenticated successfully' do
+      access_token.token = token
+      access_token.save
+
+      expect(AccessToken.authenticate(token)).to eq(access_token)
+    end
+
+    it 'returns nil if authentication failed' do
+      access_token.token = token
+      access_token.save
+
+      expect(AccessToken.authenticate("invalid-#{token}")).to be_nil
+    end
+
+    it 'returns an instance by refresh token' do
+      refresh_token = SecureRandom.hex(6)
+      token = AccessToken.create(client: application, refresh_token: refresh_token)
+
+      expect(AccessToken.authenticate(refresh_token, type: :refresh_token)).to eq(token)
+      expect(AccessToken.authenticate(refresh_token, type: 'refresh_token')).to eq(token)
+    end
+  end
+
+  describe '#create_for?' do
+    it 'creates a record only for Client' do
+      token = AccessToken.create_for(application, nil)
+
+      expect(token.client).not_to be_nil
+      expect(token.resource_owner).to be_nil
+    end
+
+    it 'creates a record for Client and Resource Owner' do
+      token = AccessToken.create_for(application, user)
+
+      expect(token.client).to eq(application)
+      expect(token.resource_owner).to eq(user)
+    end
+
+    it 'creates a record with scopes' do
+      scopes = 'write read'
+      token = AccessToken.create_for(application, user, scopes)
+
+      expect(token.client).to eq(application)
+      expect(token.resource_owner).to eq(user)
+      expect(token.scopes).to eq(scopes)
+    end
+  end
+
+  describe '#expired?' do
+    it 'return false if expires_at nil' do
+      access_token.update_fields({ expires_at: nil }, [:expires_at])
+
+      expect(access_token.expired?).to be_falsey
+    end
+
+    it 'return false if expires_at < Time.now' do
+      expect(access_token.expired?).to be_falsey
+    end
+
+    it 'return false if expires_at > Time.now' do
+      expires_at = Time.now.utc - Grape::OAuth2.config.access_token_lifetime + 1
+      access_token.update_fields({ expires_at: expires_at }, [:expires_at])
+
+      expect(access_token.expired?).to be_truthy
+    end
+  end
+
+  describe '#revoked?' do
+    it 'return false if revoked_at nil' do
+      access_token.update_fields({ revoked_at: nil }, [:revoked_at])
+
+      expect(access_token.revoked?).to be_falsey
+    end
+
+    it 'return false if revoked_at present' do
+      access_token.update_fields({ revoked_at: Time.now.utc }, [:revoked_at])
+      expect(access_token.revoked?).to be_truthy
+    end
+  end
+
+  describe '#revoke!' do
+    it 'update :revoked_at attribute' do
+      expect { access_token.revoke! }.to change { access_token.revoked? }.from(false).to(true)
+    end
+
+    it 'update :revoked_at attribute with custom value' do
+      custom_time = Time.now - 7200
+      access_token.revoke!(custom_time)
+
+      expect(access_token.revoked_at).to eq(custom_time.utc)
+    end
+  end
+
+  describe 'token generation' do
+    it 'generates a new token before saving if token is blank' do
+      token = AccessToken.new(client: application, resource_owner: user)
+
+      expect(token.token).to be_blank
+
+      token.save
+
+      expect(token.token).not_to be_blank
+    end
+
+    it 'does not change token value on saving if token is present' do
+      token = AccessToken.new(client: application, resource_owner: user, token: 'abcdef')
+
+      expect(token.token).not_to be_blank
+
+      token.save
+
+      expect(token.token).to eq('abcdef')
+    end
+  end
+
+  describe 'expiration' do
+    it 'set to nil if configuration option set to nil' do
+      Grape::OAuth2.config.access_token_lifetime = nil
+
+      token = AccessToken.create(client: application, resource_owner: user)
+      expect(token.expires_at).to be_nil
+
+      Grape::OAuth2.config.access_token_lifetime = Grape::OAuth2::Configuration::DEFAULT_TOKEN_LIFETIME
+    end
+
+    it 'set to specific time if configuration option set to some value' do
+      current_time = Time.now.utc
+      Grape::OAuth2.config.access_token_lifetime = 3500
+
+      token = AccessToken.create(client: application, resource_owner: user)
+      expect(token.expires_at).not_to be_nil
+      expect(token.expires_at).to be_within(1).of(current_time + 3500)
+
+      Grape::OAuth2.config.access_token_lifetime = Grape::OAuth2::Configuration::DEFAULT_TOKEN_LIFETIME
+    end
+  end
+end