grape_oauth2 0.1.1 → 0.2.0

data/spec/requests/flows/revoke_token_spec.rb

@@ -1,103 +1,103 @@
-require 'spec_helper'
-
-describe 'Token Endpoint' do
-  describe 'POST /oauth/revoke' do
-    describe 'Revoke Token flow' do
-      context 'with valid params' do
-        let(:api_url) { '/api/v1/oauth/revoke' }
-        let(:application) { Application.create(name: 'App1') }
-        let(:user) { User.create(username: 'test', password: '12345678') }
-
-        let(:headers) { { 'HTTP_AUTHORIZATION' => ('Basic ' + Base64::encode64("#{application.key}:#{application.secret}")) } }
-
-        describe 'for public token' do
-          context 'when request is invalid' do
-            before { AccessToken.create_for(application, user) }
-
-            it 'does nothing' do
-              expect {
-                post api_url, { token: 'invalid token' }, headers
-              }.not_to change { AccessToken.count }
-
-              expect(json_body).to eq({})
-              expect(last_response.status).to eq 200
-
-              expect(AccessToken.last).not_to be_revoked
-            end
-
-            it 'returns an error with invalid token_type_hint' do
-              expect {
-                post api_url, { token: AccessToken.last.token, token_type_hint: 'undefined' }, headers
-              }.not_to change { AccessToken.count }
-
-              expect(last_response.status).to eq 400
-            end
-          end
-
-          context 'with valid data' do
-            # Token doesn't belongs to anybody
-            before { AccessToken.create_for(nil, nil)  }
-
-            it 'revokes Access Token by its token' do
-              expect {
-                post api_url, { token: AccessToken.last.token }, headers
-              }.to change { AccessToken.where(revoked_at: nil).count }.from(1).to(0)
-
-              expect(json_body).to eq({})
-              expect(last_response.status).to eq 200
-
-              expect(AccessToken.last).to be_revoked
-            end
-
-            it 'revokes Access Token by its refresh token' do
-              refresh_token = SecureRandom.hex(16)
-              AccessToken.last.update(refresh_token: refresh_token)
-
-              expect {
-                post api_url, { token: refresh_token, token_type_hint: 'refresh_token' }, headers
-              }.to change { AccessToken.where(revoked_at: nil).count }.from(1).to(0)
-
-              expect(json_body).to eq({})
-              expect(last_response.status).to eq 200
-
-              expect(AccessToken.last).to be_revoked
-            end
-          end
-        end
-
-        describe 'for private token' do
-          before { AccessToken.create_for(application, user)  }
-
-          context 'with valid data' do
-            it 'revokes token with client authorization' do
-              expect {
-                post api_url, { token: AccessToken.last.token}, headers
-              }.to change { AccessToken.where(revoked_at: nil).count }.from(1).to(0)
-            end
-          end
-
-          context 'with invalid data' do
-            it 'does not revokes Access Token when credentials is invalid' do
-              expect {
-                post api_url, token: AccessToken.last.token
-              }.to_not change { AccessToken.where(revoked_at: nil).count }
-
-              expect(json_body[:error]).to eq('invalid_client')
-            end
-
-            it 'does not revokes Access Token when token was issued to another client' do
-              another_client = Application.create(name: 'Some')
-              AccessToken.last.update(client_id: another_client.id)
-
-              expect {
-                post api_url, token: AccessToken.last.token
-              }.to_not change { AccessToken.where(revoked_at: nil).count }
-
-              expect(json_body[:error]).to eq('invalid_client')
-            end
-          end
-        end
-      end
-    end
-  end
-end
+require 'spec_helper'
+
+describe 'Token Endpoint' do
+  describe 'POST /oauth/revoke' do
+    describe 'Revoke Token flow' do
+      context 'with valid params' do
+        let(:api_url) { '/api/v1/oauth/revoke' }
+        let(:application) { Application.create(name: 'App1') }
+        let(:user) { User.create(username: 'test', password: '12345678') }
+
+        let(:headers) { { 'HTTP_AUTHORIZATION' => ('Basic ' + Base64::encode64("#{application.key}:#{application.secret}")) } }
+
+        describe 'for public token' do
+          context 'when request is invalid' do
+            before { AccessToken.create_for(application, user) }
+
+            it 'does nothing' do
+              expect {
+                post api_url, { token: 'invalid token' }, headers
+              }.not_to change { AccessToken.count }
+
+              expect(json_body).to eq({})
+              expect(last_response.status).to eq 200
+
+              expect(AccessToken.last).not_to be_revoked
+            end
+
+            it 'returns an error with invalid token_type_hint' do
+              expect {
+                post api_url, { token: AccessToken.last.token, token_type_hint: 'undefined' }, headers
+              }.not_to change { AccessToken.count }
+
+              expect(last_response.status).to eq 400
+            end
+          end
+
+          context 'with valid data' do
+            # Token doesn't belongs to anybody
+            before { AccessToken.create_for(nil, nil)  }
+
+            it 'revokes Access Token by its token' do
+              expect {
+                post api_url, { token: AccessToken.last.token }, headers
+              }.to change { AccessToken.where(revoked_at: nil).count }.from(1).to(0)
+
+              expect(json_body).to eq({})
+              expect(last_response.status).to eq 200
+
+              expect(AccessToken.last).to be_revoked
+            end
+
+            it 'revokes Access Token by its refresh token' do
+              refresh_token = SecureRandom.hex(16)
+              AccessToken.last.update(refresh_token: refresh_token)
+
+              expect {
+                post api_url, { token: refresh_token, token_type_hint: 'refresh_token' }, headers
+              }.to change { AccessToken.where(revoked_at: nil).count }.from(1).to(0)
+
+              expect(json_body).to eq({})
+              expect(last_response.status).to eq 200
+
+              expect(AccessToken.last).to be_revoked
+            end
+          end
+        end
+
+        describe 'for private token' do
+          before { AccessToken.create_for(application, user)  }
+
+          context 'with valid data' do
+            it 'revokes token with client authorization' do
+              expect {
+                post api_url, { token: AccessToken.last.token}, headers
+              }.to change { AccessToken.where(revoked_at: nil).count }.from(1).to(0)
+            end
+          end
+
+          context 'with invalid data' do
+            it 'does not revokes Access Token when credentials is invalid' do
+              expect {
+                post api_url, token: AccessToken.last.token
+              }.to_not change { AccessToken.where(revoked_at: nil).count }
+
+              expect(json_body[:error]).to eq('invalid_client')
+            end
+
+            it 'does not revokes Access Token when token was issued to another client' do
+              another_client = Application.create(name: 'Some')
+              AccessToken.last.update(client_id: another_client.id)
+
+              expect {
+                post api_url, token: AccessToken.last.token
+              }.to_not change { AccessToken.where(revoked_at: nil).count }
+
+              expect(json_body[:error]).to eq('invalid_client')
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/requests/protected_resources_spec.rb

@@ -1,64 +1,64 @@
-require 'spec_helper'
-
-describe 'GET Protected Resources' do
-  let(:application) { Application.create(name: 'App1') }
-  let(:user) { User.create(username: 'Jack Sparrow', password: '12345678') }
-  let(:access_token) { AccessToken.create_for(application, user) }
-
-  context 'with invalid data' do
-    it 'returns Unauthorized without Access Token' do
-      get 'api/v1/status'
-
-      expect(last_response.status).to eq 401
-
-      expect(json_body[:error]).to eq('unauthorized')
-      expect(last_response.headers['WWW-Authenticate']).to eq('Bearer realm="Custom Realm"')
-    end
-
-    it 'returns Unauthorized when token scopes are blank' do
-      get 'api/v1/status/single_scope', access_token: access_token.token
-
-      expect(last_response.status).to eq 403
-
-      expect(json_body[:error]).not_to be_blank
-    end
-
-    it "returns Unauthorized when token scopes doesn't match required scopes" do
-      access_token.update(scopes: 'read')
-      get 'api/v1/status/multiple_scopes', access_token: access_token.token
-
-      expect(last_response.status).to eq 403
-
-      expect(json_body[:error]).not_to be_blank
-    end
-  end
-
-  context 'with valid data' do
-    it "returns status for endpoint that doesn't requires any scope" do
-      get 'api/v1/status', access_token: access_token.token
-
-      expect(last_response.status).to eq 200
-
-      expect(json_body[:value]).to eq('Nice day!')
-      expect(json_body[:current_user]).to eq('Jack Sparrow')
-    end
-
-    it 'returns status for endpoint with specific scope' do
-      access_token.update(scopes: 'read public')
-      get 'api/v1/status/single_scope', access_token: access_token.token
-
-      expect(last_response.status).to eq 200
-
-      expect(json_body[:value]).to eq('Access granted')
-    end
-
-    it 'returns status for endpoint with specific set of scopes' do
-      access_token.update(scopes: 'read write public')
-      get 'api/v1/status/multiple_scopes', access_token: access_token.token
-
-      expect(last_response.status).to eq 200
-
-      expect(json_body[:value]).to eq('Access granted')
-    end
-  end
-end
+require 'spec_helper'
+
+describe 'GET Protected Resources' do
+  let(:application) { Application.create(name: 'App1') }
+  let(:user) { User.create(username: 'Jack Sparrow', password: '12345678') }
+  let(:access_token) { AccessToken.create_for(application, user) }
+
+  context 'with invalid data' do
+    it 'returns Unauthorized without Access Token' do
+      get 'api/v1/status'
+
+      expect(last_response.status).to eq 401
+
+      expect(json_body[:error]).to eq('unauthorized')
+      expect(last_response.headers['WWW-Authenticate']).to eq('Bearer realm="Custom Realm"')
+    end
+
+    it 'returns Unauthorized when token scopes are blank' do
+      get 'api/v1/status/single_scope', access_token: access_token.token
+
+      expect(last_response.status).to eq 403
+
+      expect(json_body[:error]).not_to be_blank
+    end
+
+    it "returns Unauthorized when token scopes doesn't match required scopes" do
+      access_token.update(scopes: 'read')
+      get 'api/v1/status/multiple_scopes', access_token: access_token.token
+
+      expect(last_response.status).to eq 403
+
+      expect(json_body[:error]).not_to be_blank
+    end
+  end
+
+  context 'with valid data' do
+    it "returns status for endpoint that doesn't requires any scope" do
+      get 'api/v1/status', access_token: access_token.token
+
+      expect(last_response.status).to eq 200
+
+      expect(json_body[:value]).to eq('Nice day!')
+      expect(json_body[:current_user]).to eq('Jack Sparrow')
+    end
+
+    it 'returns status for endpoint with specific scope' do
+      access_token.update(scopes: 'read public')
+      get 'api/v1/status/single_scope', access_token: access_token.token
+
+      expect(last_response.status).to eq 200
+
+      expect(json_body[:value]).to eq('Access granted')
+    end
+
+    it 'returns status for endpoint with specific set of scopes' do
+      access_token.update(scopes: 'read write public')
+      get 'api/v1/status/multiple_scopes', access_token: access_token.token
+
+      expect(last_response.status).to eq 200
+
+      expect(json_body[:value]).to eq('Access granted')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,60 +1,60 @@
-ENV['RAILS_ENV'] ||= 'test'
-ENV['ORM'] ||= 'active_record'
-
-puts "Configured ORM: '#{ENV['ORM']}'"
-
-require 'coveralls'
-
-if Coveralls.should_run?
-  Coveralls.wear!
-else
-  require 'simplecov'
-  SimpleCov.start
-end
-
-require 'bundler/setup'
-Bundler.setup
-
-require 'rack/test'
-require 'database_cleaner'
-
-ORM_GEMS_MAPPING = {
-  'sequel' => 'sequel',
-  'active_record' => 'active_record',
-  'mongoid' => 'mongoid'
-}.freeze
-
-require ORM_GEMS_MAPPING[ENV['ORM']]
-
-require 'grape_oauth2'
-
-# Require Rack app by ORM
-require File.expand_path("../dummy/orm/#{ENV['ORM']}/app/twitter", __FILE__)
-
-TWITTER_APP = Rack::Builder.parse_file(File.expand_path("../dummy/orm/#{ENV['ORM']}/config.ru", __FILE__)).first
-
-require 'support/api_helper'
-
-RSpec.configure do |config|
-  config.include ApiHelper
-
-  config.filter_run_excluding skip_if: true
-
-  config.order = 'random'
-
-  config.before(:suite) do
-    if ENV['ORM'] == 'mongoid'
-      DatabaseCleaner[:mongoid].strategy = :truncation
-      DatabaseCleaner[:mongoid].clean_with :truncation
-    else
-      DatabaseCleaner.strategy = :transaction
-      DatabaseCleaner.clean_with(:deletion)
-    end
-  end
-
-  config.around(:example) do |example|
-    DatabaseCleaner.cleaning do
-      example.run
-    end
-  end
-end
+ENV['RAILS_ENV'] ||= 'test'
+ENV['ORM'] ||= 'active_record'
+
+puts "Configured ORM: '#{ENV['ORM']}'"
+
+require 'coveralls'
+
+if Coveralls.should_run?
+  Coveralls.wear!
+else
+  require 'simplecov'
+  SimpleCov.start
+end
+
+require 'bundler/setup'
+Bundler.setup
+
+require 'rack/test'
+require 'database_cleaner'
+
+ORM_GEMS_MAPPING = {
+  'sequel' => 'sequel',
+  'active_record' => 'active_record',
+  'mongoid' => 'mongoid'
+}.freeze
+
+require ORM_GEMS_MAPPING[ENV['ORM']]
+
+require 'grape_oauth2'
+
+# Require Rack app by ORM
+require File.expand_path("../dummy/orm/#{ENV['ORM']}/app/twitter", __FILE__)
+
+TWITTER_APP = Rack::Builder.parse_file(File.expand_path("../dummy/orm/#{ENV['ORM']}/config.ru", __FILE__)).first
+
+require 'support/api_helper'
+
+RSpec.configure do |config|
+  config.include ApiHelper
+
+  config.filter_run_excluding skip_if: true
+
+  config.order = 'random'
+
+  config.before(:suite) do
+    if ENV['ORM'] == 'mongoid'
+      DatabaseCleaner[:mongoid].strategy = :truncation
+      DatabaseCleaner[:mongoid].clean_with :truncation
+    else
+      DatabaseCleaner.strategy = :transaction
+      DatabaseCleaner.clean_with(:deletion)
+    end
+  end
+
+  config.around(:example) do |example|
+    DatabaseCleaner.cleaning do
+      example.run
+    end
+  end
+end