RubyGems - houston-oauth-plugin - Versions diffs - 0.5.1 - Mend

houston-oauth-plugin 0.5.1

Files changed (172) hide show

data/lib/oauth/rack/oauth_filter.rb ADDED Viewed

@@ -0,0 +1,97 @@
+require "rack"
+require "rack/request"
+require "oauth"
+require "oauth/request_proxy/rack_request"
+module OAuth
+  module Rack
+    # An OAuth 1.0a filter to be used together with the oauth-plugin for rails.T
+    # This is still experimental
+    #
+    # Add it as middleware to your config/application.rb:
+    #
+    # require 'oauth/rack/oauth_filter'
+    # config.middleware.use OAuth::Rack::OAuthFilter
+    class OAuthFilter
+      def initialize(app)
+        @app = app
+      end
+      def call(env)
+        request = ::Rack::Request.new(env)
+        env["oauth_plugin"] = true
+        strategies = []
+        if token_string = oauth2_token(request)
+          if token = Oauth2Token.where('invalidated_at IS NULL and authorized_at IS NOT NULL and token = ?', token_string).first
+            env["oauth.token"]   = token
+            env["oauth.version"] = 2
+            strategies << :oauth20_token
+            strategies << :token
+          end
+        elsif oauth1_verify(request) do |request_proxy|
+          client_application = ClientApplication.find_by_key(request_proxy.consumer_key)
+          env["oauth.client_application_candidate"] = client_application
+          oauth_token = nil
+          if client_application
+            # Store this temporarily in client_application object for use in request token generation
+            client_application.token_callback_url = request_proxy.oauth_callback if request_proxy.oauth_callback
+            if request_proxy.token
+              oauth_token = client_application.tokens.where('invalidated_at IS NULL AND authorized_at IS NOT NULL and token = ?', request_proxy.token).first
+              if oauth_token.respond_to?(:provided_oauth_verifier=)
+                oauth_token.provided_oauth_verifier = request_proxy.oauth_verifier
+              end
+              env["oauth.token_candidate"] = oauth_token
+            end
+          end
+          # return the token secret and the consumer secret
+          [(oauth_token.nil? ? nil : oauth_token.secret), (client_application.nil? ? nil : client_application.secret)]
+        end
+          if env["oauth.token_candidate"]
+            env["oauth.token"] = env["oauth.token_candidate"]
+            strategies << :oauth10_token
+            if env["oauth.token"].is_a?(::RequestToken)
+              strategies << :oauth10_request_token
+            elsif env["oauth.token"].is_a?(::AccessToken)
+              strategies << :token
+              strategies << :oauth10_access_token
+            end
+          else
+            strategies << :two_legged
+          end
+          env["oauth.client_application"] = env["oauth.client_application_candidate"]
+          env["oauth.version"] = 1
+        end
+        env["oauth.strategies"] = strategies unless strategies.empty?
+        env["oauth.client_application_candidate"] = nil
+        env["oauth.token_candidate"] = nil
+        @app.call(env)
+      end
+      def oauth1_verify(request, options = {}, &block)
+        begin
+          signature = OAuth::Signature.build(request, options, &block)
+          return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
+          value = signature.verify
+          value
+        rescue OAuth::Signature::UnknownSignatureMethod => e
+          false
+        end
+      end
+      def oauth2_token(request)
+        request.params['bearer_token'] || request.params['access_token'] || (request.params["oauth_token"] && !request.params["oauth_signature"] ? request.params["oauth_token"] : nil )  ||
+            request.env["HTTP_AUTHORIZATION"] &&
+                !request.env["HTTP_AUTHORIZATION"][/(oauth_version="1.0")/] &&
+                request.env["HTTP_AUTHORIZATION"][/^(Bearer|OAuth|Token) (token=)?([^\s]*)$/, 3]
+      end
+    end
+  end
+end

data/oauth-plugin.gemspec ADDED Viewed

@@ -0,0 +1,40 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "oauth-plugin/version"
+Gem::Specification.new do |s|
+  s.name = %q{houston-oauth-plugin}
+  s.version = Oauth::Plugin::VERSION
+  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Pelle Braendgaard"]
+  s.date = %q{2011-10-20}
+  s.description = %q{Rails plugin for implementing an OAuth Provider or Consumer}
+  s.license = "MIT"
+  s.email = %q{oauth-ruby@googlegroups.com}
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.homepage = %q{http://github.com/pelle/oauth-plugin}
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{oauth}
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Ruby on Rails Plugin for OAuth Provider and Consumer}
+  s.add_development_dependency "opentransact"
+  s.add_development_dependency "rspec", "~> 2.4.0"
+  s.add_development_dependency "fakeweb"
+  s.add_development_dependency "fuubar"
+  s.add_development_dependency "guard-rspec"
+  s.add_development_dependency "growl"
+  s.add_development_dependency "rack-test"
+  s.add_dependency "multi_json"
+  s.add_dependency("oauth", ["~> 0.4.4"])
+  s.add_dependency("rack")
+  s.add_dependency("oauth2", '>= 0.5.0')
+end

data/rails/init.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'oauth-plugin'

data/spec/dummy_provider_models.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# Dummy implementation
+class ClientApplication
+  attr_accessor :key
+  def self.find_by_key(key)
+    ClientApplication.new(key)
+  end
+  def initialize(key)
+    @key = key
+  end
+  def tokens
+    @tokens||=[]
+  end
+  def secret
+    "secret"
+  end
+end
+class OauthToken
+  attr_accessor :token, :refresh_token
+  def self.where(q, p)
+    case p
+    when "not_authorized", "invalidated"
+      []
+    else
+      [OauthToken.new(p)]
+    end
+  end
+  def initialize(token)
+    @token = token
+  end
+  def secret
+    "secret"
+  end
+end
+class Oauth2Token < OauthToken ; end
+class Oauth2Verifier < OauthToken ; end
+class AccessToken < OauthToken ; end
+class RequestToken < OauthToken ; end
+class OauthNonce
+  # Always remember
+  def self.remember(nonce,timestamp)
+    true
+  end
+end

data/spec/oauth/provider/authorizer_spec.rb ADDED Viewed

@@ -0,0 +1,202 @@
+require 'spec_helper'
+require 'multi_json'
+require 'oauth/provider/authorizer'
+require 'dummy_provider_models'
+describe OAuth::Provider::Authorizer do
+  describe "Authorization code" do
+    describe "should issue code" do
+      before(:each) do
+        @user = double("user")
+        @app  = double("app")
+        @code = double("code", :token => "secret auth code")
+        ::ClientApplication.should_receive(:find_by_key!).with('client id').and_return(@app)
+      end
+      it "should allow" do
+        ::Oauth2Verifier.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@code)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'code',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?code=secret%20auth%20code"
+        @authorizer.should be_authorized
+      end
+      it "should include state" do
+        ::Oauth2Verifier.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@code)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'code',
+                                                      :state => 'customer id',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?code=secret%20auth%20code&state=customer%20id"
+        @authorizer.should be_authorized
+      end
+      it "should allow query string in callback" do
+        ::Oauth2Verifier.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback?this=one',
+                                                  :scope => 'a b').and_return(@code)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'code',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback?this=one'
+        @authorizer.should be_authorized
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one&code=secret%20auth%20code"
+      end
+    end
+  end
+  describe "user does not authorize" do
+    it "should send error" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'code',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri => 'http://mysite.com/callback'
+      @authorizer.redirect_uri.should == "http://mysite.com/callback?error=access_denied"
+      @authorizer.should_not be_authorized
+    end
+    it "should send error with state and query params in callback" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'code',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri=>'http://mysite.com/callback?this=one',
+                                                    :state => "my customer"
+      @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one&error=access_denied&state=my%20customer"
+      @authorizer.should_not be_authorized
+    end
+  end
+  describe "Implict Grant" do
+    describe "should issue token" do
+      before(:each) do
+        @user = double("user")
+        @app  = double("app")
+        @token = double("token", :token => "secret auth code")
+        ::ClientApplication.should_receive(:find_by_key!).with('client id').and_return(@app)
+      end
+      it "should allow" do
+        ::Oauth2Token.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@token)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'token',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback#access_token=secret%20auth%20code"
+        @authorizer.should be_authorized
+      end
+      it "should include state" do
+        ::Oauth2Token.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@token)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'token',
+                                                      :state => 'customer id',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback#access_token=secret%20auth%20code&state=customer%20id"
+        @authorizer.should be_authorized
+      end
+      it "should allow query string in callback" do
+        ::Oauth2Token.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback?this=one',
+                                                  :scope => 'a b').and_return(@token)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'token',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback?this=one'
+        @authorizer.should be_authorized
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one#access_token=secret%20auth%20code"
+      end
+    end
+  end
+  describe "user does not authorize" do
+    it "should send error" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'token',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri => 'http://mysite.com/callback'
+      @authorizer.redirect_uri.should == "http://mysite.com/callback#error=access_denied"
+      @authorizer.should_not be_authorized
+    end
+    it "should send error with state and query params in callback" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'token',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri=>'http://mysite.com/callback?this=one',
+                                                    :state => "my customer"
+      @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one#error=access_denied&state=my%20customer"
+      @authorizer.should_not be_authorized
+    end
+  end
+  it "should handle unsupported response type" do
+    @user = double("user")
+    @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'my new',
+                                                  :scope => "a b",
+                                                  :client_id => 'client id',
+                                                  :redirect_uri => 'http://mysite.com/callback'
+    @authorizer.redirect_uri.should == "http://mysite.com/callback#error=unsupported_response_type"
+    @authorizer.should_not be_authorized
+  end
+end

data/spec/rack/oauth_filter_spec.rb ADDED Viewed

@@ -0,0 +1,244 @@
+require 'spec_helper'
+require 'rack/test'
+require 'oauth/rack/oauth_filter'
+require 'multi_json'
+require 'forwardable'
+require 'dummy_provider_models'
+class OAuthEcho
+  def call(env)
+    response = {}
+    response[:oauth_token]        = env["oauth.token"].token            if env["oauth.token"]
+    response[:client_application] = env["oauth.client_application"].key if env["oauth.client_application"]
+    response[:oauth_version]      = env["oauth.version"]                if env["oauth.version"]
+    response[:strategies]         = env["oauth.strategies"]             if env["oauth.strategies"]
+     [200, { "Accept" => "application/json" }, [MultiJson.encode(response)]]
+  end
+end
+describe OAuth::Rack::OAuthFilter do
+  include Rack::Test::Methods
+  def app
+    @app ||= OAuth::Rack::OAuthFilter.new(OAuthEcho.new)
+  end
+  it "should pass through without oauth" do
+    get '/'
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {}
+  end
+  describe 'OAuth1' do
+    describe 'with optional white space' do
+      it "should sign with consumer" do
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="amrLDyFE2AMztx5fOYDD1OEqWps6Mc2mAR5qyO44Rj8", oauth_signature="KCSg0RUfVFUcyhrgJo580H8ey0c%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295039581", oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_version"=>1, "strategies"=>["two_legged"]}
+      end
+      it "should sign with oauth 1 access token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:where).and_return([AccessToken.new("my_token")])
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY", oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295040394", oauth_token="my_token", oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","token","oauth10_access_token"]}
+      end
+      it "should sign with oauth 1 request token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:where).and_return([RequestToken.new("my_token")])
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY", oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295040394", oauth_token="my_token", oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","oauth10_request_token"]}
+      end
+    end
+    describe 'without optional white space' do
+      it "should sign with consumer" do
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer",oauth_nonce="amrLDyFE2AMztx5fOYDD1OEqWps6Mc2mAR5qyO44Rj8",oauth_signature="KCSg0RUfVFUcyhrgJo580H8ey0c%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1295039581",oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_version"=>1, "strategies"=>["two_legged"]}
+      end
+      it "should sign with oauth 1 access token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:where).and_return([AccessToken.new("my_token")])
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer",oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY",oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1295040394",oauth_token="my_token",oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","token","oauth10_access_token"]}
+      end
+      it "should sign with oauth 1 request token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:where).and_return([RequestToken.new("my_token")])
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer",oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY",oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1295040394",oauth_token="my_token",oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","oauth10_request_token"]}
+      end
+    end
+  end
+  describe "OAuth2" do
+    describe "token given through a HTTP Auth Header" do
+      context "authorized and non-invalidated token" do
+        it "authenticates" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Bearer valid_token" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+        end
+      end
+      context "non-authorized token" do
+        it "doesn't authenticate" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Bearer not_authorized" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+      context "authorized and invalidated token" do
+        it "doesn't authenticate with an invalidated token" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Bearer invalidated" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+    end
+    describe "OAuth2 pre Bearer" do
+      describe "token given through a HTTP Auth Header" do
+        context "authorized and non-invalidated token" do
+          it "authenticates" do
+            get '/', {}, { "HTTP_AUTHORIZATION" => "OAuth valid_token" }
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+          end
+        end
+        context "non-authorized token" do
+          it "doesn't authenticate" do
+            get '/', {}, { "HTTP_AUTHORIZATION" => "OAuth not_authorized" }
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+        context "authorized and invalidated token" do
+          it "doesn't authenticate with an invalidated token" do
+            get '/', {}, { "HTTP_AUTHORIZATION" => "OAuth invalidated" }
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+      end
+    end
+    describe "token given through a HTTP Auth Header following the OAuth2 pre draft" do
+      context "authorized and non-invalidated token" do
+        it "authenticates" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Token valid_token" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+        end
+      end
+      context "non-authorized token" do
+        it "doesn't authenticate" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Token not_authorized" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+      context "authorized and invalidated token" do
+        it "doesn't authenticate with an invalidated token" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Token invalidated" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+    end
+    ['bearer_token', 'access_token', 'oauth_token'].each do |name|
+      describe "token given through the query parameter '#{name}'" do
+        context "authorized and non-invalidated token" do
+          it "authenticates" do
+            get "/?#{name}=valid_token"
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+          end
+        end
+        context "non-authorized token" do
+          it "doesn't authenticate" do
+            get "/?#{name}=not_authorized"
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+        context "authorized and invalidated token" do
+          it "doesn't authenticate with an invalidated token" do
+            get "/?#{name}=invalidated"
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+      end
+      describe "token given through the post parameter '#{name}'" do
+        context "authorized and non-invalidated token" do
+          it "authenticates" do
+            post '/', name => 'valid_token'
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+          end
+        end
+        context "non-authorized token" do
+          it "doesn't authenticate" do
+            post '/', name => 'not_authorized'
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+        context "authorized and invalidated token" do
+          it "doesn't authenticate with an invalidated token" do
+            post '/', name => 'invalidated'
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+      end
+    end
+  end
+end