holistic_auth 0.9.8

data/lib/holistic_auth/version.rb

@@ -0,0 +1,3 @@
+module HolisticAuth
+  VERSION = '0.9.8'.freeze
+end

data/spec/holistic_auth/client_token_issuer_spec.rb

@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+describe HolisticAuth::ClientTokenIssuer do
+  before :all do
+    HolisticAuth.configure do |config|
+      # config.add_secrets :google,
+      #                    client_id: Rails.application.secrets.google_oauth2['client_id'],
+      #                    client_secret: Rails.application.secrets.google_oauth2['client_secret']
+      #
+      # config.add_secrets :ms_graph,
+      #                    tenant_id: Rails.application.secrets.ms_graph_oauth2['tenant_id'],
+      #                    client_id: Rails.application.secrets.ms_graph_oauth2['client_id'],
+      #                    client_secret: Rails.application.secrets.ms_graph_oauth2['client_secret']
+      config.valid_applications = %i(ios_v1 ember_v1)
+    end
+  end
+
+  it 'should exchange client-provided credentials for auth codes'
+  it 'should gracefully handle and return error condition if client-provided credentials are invalid'
+  it 'should verify that the tokens belong to the provided email before returning them'
+  it 'should generate our own set of tokens for the client if the provided ones exchanged successfully'
+
+  it 'should all integrate to follow a standard flow to auth the api client'
+
+  it 'should gracefully not allow unsupported providers' do
+    expect do
+      HolisticAuth::ClientTokenIssuer.new(provider: :some_fake_provider)
+    end.to raise_error(ArgumentError)
+  end
+
+  it 'should allow supported providers' do
+    expect do
+      HolisticAuth::ClientTokenIssuer.new(provider: :google)
+    end.not_to raise_error
+  end
+
+  it 'should correctly handle client information provided as a parameter' do
+    pending
+    ace = HolisticAuth::ClientTokenIssuer.new(provider: :google, client_id: 'new_id', client_secret: 'new_secret')
+
+    stub_request(:post, ace.site_token_url).
+      with(body: @test_env.merge(client_id: 'new_id', client_secret: 'new_secret'),
+           headers: @req_headers).
+      to_return(@req_response)
+  end
+end

data/spec/holistic_auth/end_point_listener_spec.rb

@@ -0,0 +1,96 @@
+require 'spec_helper'
+
+describe HolisticAuth::EndPointListener do
+  before :each do
+    @stub_provider = HolisticAuth::Providers::Stub.new(
+      client_id: 'cl_id',
+      client_secret: 'cl_sec',
+      site: 'https://example.org',
+      token_url: '/extoken',
+      api_key: 'api_key',
+      user_info_url: 'http://example.org/info',
+    )
+    @creds_hash = {
+      auth_code: '4/auth_code',
+      provider: @stub_provider,
+    }
+  end
+  it 'should accept valid-looking credentials from the client' do
+    listener = HolisticAuth::EndPointListener.new(@creds_hash)
+    expect(listener.valid?).to be_truthy
+  end
+
+  # These tests extend on the test above.
+  # Given the test above handles the happy path, everything below are sad path tests
+
+  it 'should return an error to the client if the credentials were invalid' do
+    bad_creds_hash = {
+      a: 'b',
+      c: 'd',
+    }
+    listener = HolisticAuth::EndPointListener.new(bad_creds_hash)
+    expect(listener.valid?).to be_falsey
+  end
+  it 'should return an error unless all three fields are provided' do
+    listener2 = HolisticAuth::EndPointListener.new(@creds_hash.dup.tap { |hs| hs.delete(:auth_code) }) # remove ac
+    listener3 = HolisticAuth::EndPointListener.new(@creds_hash.dup.tap { |hs| hs.delete(:provider) }) # remove prov
+
+    expect(listener2.valid?).to be_falsey
+    expect(listener3.valid?).to be_falsey
+  end
+
+  it 'should reject invalid providers' do
+    bad_provider_1 = Hash.new(
+      client_id: 'cl_id',
+      client_secret: 'cl_sec',
+      site: 'https://example.org',
+      token_url: '/extoken',
+      api_key: 'api_key',
+      user_info_url: 'http://example.org/info',
+    )
+
+    bad_provider_hash1 = @creds_hash.merge(provider: bad_provider_1)
+
+    listener1 = HolisticAuth::EndPointListener.new(bad_provider_hash1)
+
+    expect(listener1.valid?).to be_falsey
+  end
+
+  it 'should accept valid providers' do
+    provider_1 = HolisticAuth::Providers::Stub.new(
+      client_id: 'cl_id',
+      client_secret: 'cl_sec',
+      site: 'https://example.org',
+      token_url: '/extoken',
+      api_key: 'api_key',
+      user_info_url: 'http://example.org/info',
+    )
+    provider_2 = HolisticAuth::Providers::Google.new(
+      client_id: 'cl_id',
+      client_secret: 'cl_sec',
+      site: 'https://example.org',
+      token_url: '/extoken',
+      api_key: 'api_key',
+      user_info_url: 'http://example.org/info',
+    )
+
+    provider_hash1 = @creds_hash.merge(provider: provider_1)
+    provider_hash2 = @creds_hash.merge(provider: provider_2)
+
+    listener1 = HolisticAuth::EndPointListener.new(provider_hash1)
+    listener2 = HolisticAuth::EndPointListener.new(provider_hash2)
+
+    expect(listener1.valid?).to be_truthy
+    expect(listener2.valid?).to be_truthy
+  end
+
+  it 'should return a human-readable list of errors if there are any' do
+    listener = HolisticAuth::EndPointListener.new({})
+    listener.valid?
+    expect(listener.errors).to eq [
+      'A required param is missing',
+      '"provider" field missing',
+      '"auth_code" field missing',
+    ]
+  end
+end

data/spec/holistic_auth/provider_spec.rb

@@ -0,0 +1,122 @@
+require 'spec_helper'
+require 'json'
+
+describe 'Providers' do
+  before :all do
+    @secrets = {
+      client_id: (0...50).map { ('a'..'z').to_a[rand(26)] }.join,
+      client_secret: (0...50).map { ('a'..'z').to_a[rand(26)] }.join,
+      tenant_id: (0...50).map { ('a'..'z').to_a[rand(26)] }.join,
+    }
+
+    HolisticAuth.configure do |config|
+      config.add_secrets :google,
+                         client_id: @secrets[:client_id],
+                         client_secret: @secrets[:client_secret]
+    end
+    @token_hash = {
+      access_token: 'ya29.token',
+      refresh_token: '1/refresh',
+      expires_in: 3600,
+      token_type: 'Bearer',
+    }
+    @test_env = {
+      client_id: @secrets[:client_id],
+      client_secret: @secrets[:client_secret],
+      code: '4/code',
+      grant_type: 'authorization_code',
+      redirect_uri: 'http://localhost:4200',
+    }
+
+    @req_headers = {
+      accept: '*/*',
+      content_type: 'application/x-www-form-urlencoded',
+    }
+
+    @req_response = {
+      status: 200,
+      body: @token_hash.to_json,
+      headers: { content_type: 'application/json' },
+    }
+
+    @stub_provider = HolisticAuth::Providers::Stub.new(
+      client_id: @secrets[:client_id],
+      client_secret: @secrets[:client_secret],
+      site: 'https://example.org',
+      token_url: '/extoken',
+      api_key: 'api_key',
+      user_info_url: 'http://example.org/info',
+    )
+    @google_provider = HolisticAuth::Providers::Google.new(
+      client_id: @secrets[:client_id],
+      client_secret: @secrets[:client_secret],
+      site: 'https://example.org',
+      token_url: '/extoken',
+      api_key: 'api_key',
+      user_info_url: 'http://example.org/info',
+    )
+  end
+
+  describe 'exchange' do
+    it 'should correctly process a generic (stub) token' do
+      stub_request(:post, @stub_provider.site_token_url).
+        with(body: @test_env,
+             headers: @req_headers).
+        to_return(@req_response)
+
+      result = @stub_provider.exchange(@test_env[:code], @test_env[:redirect_uri])
+
+      expect(result.token).to eq @token_hash[:access_token]
+      expect(result.refresh_token).to eq @token_hash[:refresh_token]
+      expect(result.expires_in).to eq @token_hash[:expires_in]
+    end
+
+    it 'should correctly process a google token' do
+      stub_request(:post, @google_provider.site_token_url).
+        with(body: @test_env,
+             headers: @req_headers).
+        to_return(@req_response)
+
+      result = @google_provider.exchange(@test_env[:code], @test_env[:redirect_uri])
+
+      expect(result.token).to eq @token_hash[:access_token]
+      expect(result.refresh_token).to eq @token_hash[:refresh_token]
+      expect(result.expires_in).to eq @token_hash[:expires_in]
+    end
+
+    it 'should return an AccessToken for each provider' do
+      klass = OAuth2::AccessToken
+
+      HolisticAuth.configuration.providers.each do |provider_name|
+        provider = HolisticAuth.configuration.provider(provider_name)
+        expect(provider).to be_kind_of HolisticAuth::Providers::GenericProvider
+
+        provider.add_secrets(@secrets.dup)
+        expect(provider.client_id).to eq @secrets[:client_id]
+        expect(provider.client_secret).to eq @secrets[:client_secret]
+
+        stub_request(:post, provider.site_token_url).
+          with(body: @test_env,
+               headers: @req_headers).
+          to_return(@req_response)
+
+        expect(provider.exchange(@test_env[:code], @test_env[:redirect_uri])).to be_kind_of klass
+      end
+    end
+  end
+
+  describe 'retreive_user_info' do
+    it 'should error for the generic provider' do
+    end
+
+    it 'should return a hash with all the expected fields' do
+      {
+        email_verified: true,
+        email: 'a@b.c',
+        given_name: 'first',
+        family_name: 'last',
+        profile: 'xyz',
+      }.with_indifferent_access
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,31 @@
+require 'bundler/setup'
+Bundler.setup
+
+if RUBY_VERSION >= '1.9'
+  require 'simplecov'
+  require 'coveralls'
+
+  SimpleCov.formatters = [
+    SimpleCov::Formatter::HTMLFormatter,
+    Coveralls::SimpleCov::Formatter,
+  ]
+
+  SimpleCov.start do
+    minimum_coverage(76)
+  end
+end
+
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'holistic_auth' # and any other gems you need
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+  config.include Rack::Test::Methods
+  config.include WebMock::API
+
+  # some (optional) config here
+end

metadata

@@ -0,0 +1,187 @@
+--- !ruby/object:Gem::Specification
+name: holistic_auth
+version: !ruby/object:Gem::Version
+  version: 0.9.8
+platform: ruby
+authors:
+- Alexander Bradner
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-03-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: doorkeeper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- alex@bradner.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- holistic_auth.gemspec
+- lib/holistic_auth.rb
+- lib/holistic_auth/client_token_issuer.rb
+- lib/holistic_auth/configuration.rb
+- lib/holistic_auth/end_point_listener.rb
+- lib/holistic_auth/errors.rb
+- lib/holistic_auth/orm_handlers/active_record.rb
+- lib/holistic_auth/providers/generic_provider.rb
+- lib/holistic_auth/providers/google.rb
+- lib/holistic_auth/providers/ms_graph.rb
+- lib/holistic_auth/providers/outlook.rb
+- lib/holistic_auth/providers/stub.rb
+- lib/holistic_auth/version.rb
+- spec/holistic_auth/client_token_issuer_spec.rb
+- spec/holistic_auth/end_point_listener_spec.rb
+- spec/holistic_auth/provider_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/abradner/holistic_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Single-Sign-On for the front and rails backend of a Single-Page-App
+test_files:
+- spec/holistic_auth/client_token_issuer_spec.rb
+- spec/holistic_auth/end_point_listener_spec.rb
+- spec/holistic_auth/provider_spec.rb
+- spec/spec_helper.rb