houston-oauth-plugin 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (172) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +12 -0
  3. data/CHANGELOG +187 -0
  4. data/Gemfile +27 -0
  5. data/Guardfile +8 -0
  6. data/MIT-LICENSE +20 -0
  7. data/README.rdoc +542 -0
  8. data/Rakefile +1 -0
  9. data/UPGRADE.rdoc +21 -0
  10. data/generators/oauth_consumer/USAGE +10 -0
  11. data/generators/oauth_consumer/oauth_consumer_generator.rb +52 -0
  12. data/generators/oauth_consumer/templates/consumer_token.rb +11 -0
  13. data/generators/oauth_consumer/templates/controller.rb +27 -0
  14. data/generators/oauth_consumer/templates/index.html.erb +29 -0
  15. data/generators/oauth_consumer/templates/index.html.haml +18 -0
  16. data/generators/oauth_consumer/templates/index.html.slim +15 -0
  17. data/generators/oauth_consumer/templates/migration.rb +23 -0
  18. data/generators/oauth_consumer/templates/oauth_config.rb +73 -0
  19. data/generators/oauth_consumer/templates/show.html.erb +7 -0
  20. data/generators/oauth_consumer/templates/show.html.haml +8 -0
  21. data/generators/oauth_consumer/templates/show.html.slim +8 -0
  22. data/generators/oauth_provider/USAGE +20 -0
  23. data/generators/oauth_provider/lib/insert_routes.rb +67 -0
  24. data/generators/oauth_provider/oauth_provider_generator.rb +127 -0
  25. data/generators/oauth_provider/templates/_form.html.erb +17 -0
  26. data/generators/oauth_provider/templates/_form.html.haml +21 -0
  27. data/generators/oauth_provider/templates/access_token.rb +16 -0
  28. data/generators/oauth_provider/templates/authorize.html.erb +14 -0
  29. data/generators/oauth_provider/templates/authorize.html.haml +16 -0
  30. data/generators/oauth_provider/templates/authorize_failure.html.erb +1 -0
  31. data/generators/oauth_provider/templates/authorize_failure.html.haml +1 -0
  32. data/generators/oauth_provider/templates/authorize_success.html.erb +1 -0
  33. data/generators/oauth_provider/templates/authorize_success.html.haml +1 -0
  34. data/generators/oauth_provider/templates/client_application.rb +57 -0
  35. data/generators/oauth_provider/templates/client_application_spec.rb +29 -0
  36. data/generators/oauth_provider/templates/client_application_test.rb +42 -0
  37. data/generators/oauth_provider/templates/client_applications.yml +23 -0
  38. data/generators/oauth_provider/templates/clients_controller.rb +52 -0
  39. data/generators/oauth_provider/templates/clients_controller_spec.rb +176 -0
  40. data/generators/oauth_provider/templates/clients_controller_test.rb +280 -0
  41. data/generators/oauth_provider/templates/controller.rb +23 -0
  42. data/generators/oauth_provider/templates/edit.html.erb +7 -0
  43. data/generators/oauth_provider/templates/edit.html.haml +4 -0
  44. data/generators/oauth_provider/templates/index.html.erb +43 -0
  45. data/generators/oauth_provider/templates/index.html.haml +39 -0
  46. data/generators/oauth_provider/templates/migration.rb +47 -0
  47. data/generators/oauth_provider/templates/new.html.erb +5 -0
  48. data/generators/oauth_provider/templates/new.html.haml +5 -0
  49. data/generators/oauth_provider/templates/oauth2_authorize.html.erb +16 -0
  50. data/generators/oauth_provider/templates/oauth2_authorize.html.haml +17 -0
  51. data/generators/oauth_provider/templates/oauth2_token.rb +20 -0
  52. data/generators/oauth_provider/templates/oauth2_token_spec.rb +52 -0
  53. data/generators/oauth_provider/templates/oauth2_verifier.rb +35 -0
  54. data/generators/oauth_provider/templates/oauth2_verifier_spec.rb +44 -0
  55. data/generators/oauth_provider/templates/oauth_nonce.rb +13 -0
  56. data/generators/oauth_provider/templates/oauth_nonce_spec.rb +24 -0
  57. data/generators/oauth_provider/templates/oauth_nonce_test.rb +26 -0
  58. data/generators/oauth_provider/templates/oauth_nonces.yml +13 -0
  59. data/generators/oauth_provider/templates/oauth_token.rb +30 -0
  60. data/generators/oauth_provider/templates/oauth_token_spec.rb +309 -0
  61. data/generators/oauth_provider/templates/oauth_token_test.rb +57 -0
  62. data/generators/oauth_provider/templates/oauth_tokens.yml +17 -0
  63. data/generators/oauth_provider/templates/request_token.rb +40 -0
  64. data/generators/oauth_provider/templates/show.html.erb +27 -0
  65. data/generators/oauth_provider/templates/show.html.haml +30 -0
  66. data/init.rb +1 -0
  67. data/install.rb +2 -0
  68. data/lib/generators/active_record/oauth_consumer_generator.rb +33 -0
  69. data/lib/generators/active_record/oauth_consumer_templates/consumer_token.rb +11 -0
  70. data/lib/generators/active_record/oauth_consumer_templates/migration.rb +20 -0
  71. data/lib/generators/active_record/oauth_provider_generator.rb +39 -0
  72. data/lib/generators/active_record/oauth_provider_templates/access_token.rb +16 -0
  73. data/lib/generators/active_record/oauth_provider_templates/client_application.rb +57 -0
  74. data/lib/generators/active_record/oauth_provider_templates/migration.rb +47 -0
  75. data/lib/generators/active_record/oauth_provider_templates/oauth2_token.rb +20 -0
  76. data/lib/generators/active_record/oauth_provider_templates/oauth2_verifier.rb +35 -0
  77. data/lib/generators/active_record/oauth_provider_templates/oauth_nonce.rb +13 -0
  78. data/lib/generators/active_record/oauth_provider_templates/oauth_token.rb +30 -0
  79. data/lib/generators/active_record/oauth_provider_templates/request_token.rb +40 -0
  80. data/lib/generators/erb/oauth_consumer_generator.rb +14 -0
  81. data/lib/generators/erb/oauth_consumer_templates/index.html.erb +29 -0
  82. data/lib/generators/erb/oauth_consumer_templates/show.html.erb +7 -0
  83. data/lib/generators/erb/oauth_provider_generator.rb +23 -0
  84. data/lib/generators/erb/oauth_provider_templates/_form.html.erb +17 -0
  85. data/lib/generators/erb/oauth_provider_templates/authorize.html.erb +14 -0
  86. data/lib/generators/erb/oauth_provider_templates/authorize_failure.html.erb +1 -0
  87. data/lib/generators/erb/oauth_provider_templates/authorize_success.html.erb +1 -0
  88. data/lib/generators/erb/oauth_provider_templates/edit.html.erb +7 -0
  89. data/lib/generators/erb/oauth_provider_templates/index.html.erb +43 -0
  90. data/lib/generators/erb/oauth_provider_templates/new.html.erb +5 -0
  91. data/lib/generators/erb/oauth_provider_templates/oauth2_authorize.html.erb +16 -0
  92. data/lib/generators/erb/oauth_provider_templates/show.html.erb +27 -0
  93. data/lib/generators/haml/oauth_consumer_generator.rb +21 -0
  94. data/lib/generators/haml/oauth_consumer_templates/index.html.haml +18 -0
  95. data/lib/generators/haml/oauth_consumer_templates/show.html.haml +8 -0
  96. data/lib/generators/haml/oauth_provider_generator.rb +28 -0
  97. data/lib/generators/haml/oauth_provider_templates/_form.html.haml +21 -0
  98. data/lib/generators/haml/oauth_provider_templates/authorize.html.haml +16 -0
  99. data/lib/generators/haml/oauth_provider_templates/authorize_failure.html.haml +1 -0
  100. data/lib/generators/haml/oauth_provider_templates/authorize_success.html.haml +1 -0
  101. data/lib/generators/haml/oauth_provider_templates/edit.html.haml +4 -0
  102. data/lib/generators/haml/oauth_provider_templates/index.html.haml +39 -0
  103. data/lib/generators/haml/oauth_provider_templates/new.html.haml +5 -0
  104. data/lib/generators/haml/oauth_provider_templates/oauth2_authorize.html.haml +17 -0
  105. data/lib/generators/haml/oauth_provider_templates/show.html.haml +30 -0
  106. data/lib/generators/mongoid/oauth_consumer_generator.rb +15 -0
  107. data/lib/generators/mongoid/oauth_consumer_templates/consumer_token.rb +41 -0
  108. data/lib/generators/mongoid/oauth_provider_generator.rb +21 -0
  109. data/lib/generators/mongoid/oauth_provider_templates/access_token.rb +16 -0
  110. data/lib/generators/mongoid/oauth_provider_templates/client_application.rb +71 -0
  111. data/lib/generators/mongoid/oauth_provider_templates/oauth2_token.rb +20 -0
  112. data/lib/generators/mongoid/oauth_provider_templates/oauth2_verifier.rb +35 -0
  113. data/lib/generators/mongoid/oauth_provider_templates/oauth_nonce.rb +24 -0
  114. data/lib/generators/mongoid/oauth_provider_templates/oauth_token.rb +44 -0
  115. data/lib/generators/mongoid/oauth_provider_templates/request_token.rb +36 -0
  116. data/lib/generators/oauth_consumer/USAGE +11 -0
  117. data/lib/generators/oauth_consumer/oauth_consumer_generator.rb +31 -0
  118. data/lib/generators/oauth_consumer/templates/controller.rb +59 -0
  119. data/lib/generators/oauth_consumer/templates/oauth_config.rb +68 -0
  120. data/lib/generators/oauth_inflections.rb +6 -0
  121. data/lib/generators/oauth_plugin.rb +0 -0
  122. data/lib/generators/oauth_provider/USAGE +18 -0
  123. data/lib/generators/oauth_provider/oauth_provider_generator.rb +37 -0
  124. data/lib/generators/oauth_provider/templates/clients_controller.rb +52 -0
  125. data/lib/generators/oauth_provider/templates/controller.rb +23 -0
  126. data/lib/generators/rspec/oauth_provider_generator.rb +35 -0
  127. data/lib/generators/rspec/templates/client_application_spec.rb +29 -0
  128. data/lib/generators/rspec/templates/client_applications.yml +23 -0
  129. data/lib/generators/rspec/templates/clients_controller_spec.rb +176 -0
  130. data/lib/generators/rspec/templates/oauth2_token_spec.rb +52 -0
  131. data/lib/generators/rspec/templates/oauth2_verifier_spec.rb +44 -0
  132. data/lib/generators/rspec/templates/oauth_nonce_spec.rb +24 -0
  133. data/lib/generators/rspec/templates/oauth_nonces.yml +13 -0
  134. data/lib/generators/rspec/templates/oauth_token_spec.rb +309 -0
  135. data/lib/generators/rspec/templates/oauth_tokens.yml +17 -0
  136. data/lib/generators/slim/oauth_consumer_generator.rb +21 -0
  137. data/lib/generators/slim/oauth_consumer_templates/index.html.slim +15 -0
  138. data/lib/generators/slim/oauth_consumer_templates/show.html.slim +8 -0
  139. data/lib/generators/test_unit/oauth_provider_generator.rb +33 -0
  140. data/lib/generators/test_unit/templates/client_application_test.rb +42 -0
  141. data/lib/generators/test_unit/templates/client_applications.yml +23 -0
  142. data/lib/generators/test_unit/templates/clients_controller_test.rb +280 -0
  143. data/lib/generators/test_unit/templates/oauth_nonce_test.rb +26 -0
  144. data/lib/generators/test_unit/templates/oauth_nonces.yml +13 -0
  145. data/lib/generators/test_unit/templates/oauth_token_test.rb +57 -0
  146. data/lib/generators/test_unit/templates/oauth_tokens.yml +17 -0
  147. data/lib/oauth-plugin.rb +24 -0
  148. data/lib/oauth-plugin/version.rb +5 -0
  149. data/lib/oauth/controllers/application_controller_methods.rb +140 -0
  150. data/lib/oauth/controllers/consumer_controller.rb +153 -0
  151. data/lib/oauth/controllers/provider_controller.rb +181 -0
  152. data/lib/oauth/models/consumers/service_loader.rb +28 -0
  153. data/lib/oauth/models/consumers/services/agree2_token.rb +15 -0
  154. data/lib/oauth/models/consumers/services/fireeagle_token.rb +39 -0
  155. data/lib/oauth/models/consumers/services/google_token.rb +21 -0
  156. data/lib/oauth/models/consumers/services/oauth2_token.rb +49 -0
  157. data/lib/oauth/models/consumers/services/opentransact_token.rb +15 -0
  158. data/lib/oauth/models/consumers/services/picomoney_token.rb +17 -0
  159. data/lib/oauth/models/consumers/services/twitter_token.rb +24 -0
  160. data/lib/oauth/models/consumers/simple_client.rb +50 -0
  161. data/lib/oauth/models/consumers/token.rb +121 -0
  162. data/lib/oauth/provider/authorizer.rb +83 -0
  163. data/lib/oauth/rack/oauth_filter.rb +97 -0
  164. data/oauth-plugin.gemspec +40 -0
  165. data/rails/init.rb +1 -0
  166. data/spec/dummy_provider_models.rb +53 -0
  167. data/spec/oauth/provider/authorizer_spec.rb +202 -0
  168. data/spec/rack/oauth_filter_spec.rb +244 -0
  169. data/spec/spec_helper.rb +3 -0
  170. data/tasks/oauth_tasks.rake +4 -0
  171. data/uninstall.rb +1 -0
  172. metadata +373 -0
@@ -0,0 +1,5 @@
1
+ <h1>Register a new application</h1>
2
+ <%% form_for :client_application, :url => { :action => :create } do |f| %>
3
+ <%%= render :partial => "form", :locals => { :f => f } %>
4
+ <%%= submit_tag "Register" %>
5
+ <%% end %>
@@ -0,0 +1,5 @@
1
+ %h1 Register a new application
2
+
3
+ - form_for :client_application, :url => { :action => :create } do |f|
4
+ = render :partial => "form", :locals => { :f => f }
5
+ = submit_tag "Register"
@@ -0,0 +1,16 @@
1
+ <h1>Authorize access to your account</h1>
2
+ <p>Would you like to authorize <%%= link_to @token.client_application.name,@token.client_application.url %> (<%%= link_to @token.client_application.url,@token.client_application.url %>) to access your account?</p>
3
+ <%% form_tag authorize_url do %>
4
+ <%%= hidden_field_tag "response_type", params[:response_type]%>
5
+ <%%= hidden_field_tag "client_id", params[:client_id]%>
6
+ <%%= hidden_field_tag "redirect_uri", params[:redirect_uri]%>
7
+ <%%= hidden_field_tag "state", params[:state]%>
8
+ <%%= hidden_field_tag "scope", params[:scope]%>
9
+
10
+ <p>
11
+ <%%= check_box_tag 'authorize' %> authorize access
12
+ </p>
13
+ <p>
14
+ <%%= submit_tag %>
15
+ </p>
16
+ <%% end %>
@@ -0,0 +1,17 @@
1
+ %h1 Authorize access to your account
2
+ %p
3
+ Would you like to authorize
4
+ = link_to @client_application.name,@client_application.url
5
+ (
6
+ = link_to @client_application.url,@client_application.url
7
+ ) to access your account?
8
+ - form_tag authorize_url do
9
+ = hidden_field_tag "response_type", params[:response_type]
10
+ = hidden_field_tag "client_id", params[:client_id]
11
+ = hidden_field_tag "redirect_uri", params[:redirect_uri]
12
+ = hidden_field_tag "state", params[:state]
13
+ = hidden_field_tag "scope", params[:scope]
14
+ = check_box_tag 'authorize'
15
+ authorize access
16
+ %p
17
+ = submit_tag
@@ -0,0 +1,20 @@
1
+ class Oauth2Token < AccessToken
2
+ attr_accessor :state
3
+ def as_json(options={})
4
+ d = {:access_token=>token, :token_type => 'bearer'}
5
+ d[:expires_in] = expires_in if expires_at
6
+ d
7
+ end
8
+
9
+ def to_query
10
+ q = "access_token=#{token}&token_type=bearer"
11
+ q << "&state=#{URI.escape(state)}" if @state
12
+ q << "&expires_in=#{expires_in}" if expires_at
13
+ q << "&scope=#{URI.escape(scope)}" if scope
14
+ q
15
+ end
16
+
17
+ def expires_in
18
+ expires_at.to_i - Time.now.to_i
19
+ end
20
+ end
@@ -0,0 +1,52 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+
3
+ describe Oauth2Token do
4
+ fixtures :client_applications, :users, :oauth_tokens
5
+ before(:each) do
6
+ @token = Oauth2Token.create :client_application => client_applications(:one), :user=>users(:aaron)
7
+ end
8
+
9
+ it "should be valid" do
10
+ @token.should be_valid
11
+ end
12
+
13
+ it "should have a token" do
14
+ @token.token.should_not be_nil
15
+ end
16
+
17
+ it "should have a secret" do
18
+ @token.secret.should_not be_nil
19
+ end
20
+
21
+ it "should be authorized" do
22
+ @token.should be_authorized
23
+ end
24
+
25
+ it "should not be invalidated" do
26
+ @token.should_not be_invalidated
27
+ end
28
+
29
+ it "should generate correct json and query strong" do
30
+ @token.as_json.should == {:access_token => @token.token, :token_type => 'bearer'}
31
+ @token.to_query.should == "access_token=#{@token.token}&token_type=bearer"
32
+ end
33
+
34
+ it "should generate correct json and query string and include state in query if present" do
35
+ @token.state = 'bb bb'
36
+ @token.as_json.should == {:access_token => @token.token, :token_type => 'bearer'}
37
+ @token.to_query.should == "access_token=#{@token.token}&token_type=bearer&state=bb%20bb"
38
+ end
39
+
40
+ it "should generate correct json and query string and include scope in query if present" do
41
+ @token.scope = 'bbbb aaaa'
42
+ @token.as_json.should == {:access_token => @token.token, :token_type => 'bearer'}
43
+ @token.to_query.should == "access_token=#{@token.token}&token_type=bearer&scope=bbbb%20aaaa"
44
+ end
45
+
46
+ it "should generate correct json and include expires_in if present" do
47
+ @token.expires_at = 1.hour.from_now
48
+ @token.as_json.should == { :access_token => @token.token, :token_type => 'bearer', :expires_in => 3600 }
49
+ @token.to_query.should == "access_token=#{@token.token}&token_type=bearer&expires_in=3600"
50
+ end
51
+
52
+ end
@@ -0,0 +1,35 @@
1
+ class Oauth2Verifier < OauthToken
2
+ validates_presence_of :user
3
+ attr_accessor :state
4
+
5
+ def exchange!(params={})
6
+ OauthToken.transaction do
7
+ token = Oauth2Token.create! :user=>user,:client_application=>client_application, :scope => scope
8
+ invalidate!
9
+ token
10
+ end
11
+ end
12
+
13
+ def code
14
+ token
15
+ end
16
+
17
+ def redirect_url
18
+ callback_url
19
+ end
20
+
21
+ def to_query
22
+ q = "code=#{token}"
23
+ q << "&state=#{URI.escape(state)}" if @state
24
+ q
25
+ end
26
+
27
+ protected
28
+
29
+ def generate_keys
30
+ self.token = OAuth::Helper.generate_key(20)[0,20]
31
+ self.expires_at = 10.minutes.from_now
32
+ self.authorized_at = Time.now
33
+ end
34
+
35
+ end
@@ -0,0 +1,44 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+
3
+ describe Oauth2Verifier do
4
+ fixtures :client_applications, :users, :oauth_tokens
5
+ before(:each) do
6
+ @verifier = Oauth2Verifier.create :client_application => client_applications(:one), :user=>users(:aaron), :scope => "bbbb aaaa"
7
+ end
8
+
9
+ it "should be valid" do
10
+ @verifier.should be_valid
11
+ end
12
+
13
+ it "should have a code" do
14
+ @verifier.code.should_not be_nil
15
+ end
16
+
17
+ it "should not have a secret" do
18
+ @verifier.secret.should be_nil
19
+ end
20
+
21
+ it "should be authorized" do
22
+ @verifier.should be_authorized
23
+ end
24
+
25
+ it "should not be invalidated" do
26
+ @verifier.should_not be_invalidated
27
+ end
28
+
29
+ it "should generate query string" do
30
+ @verifier.to_query.should == "code=#{@verifier.code}"
31
+ @verifier.state="bbbb aaaa"
32
+ @verifier.to_query.should == "code=#{@verifier.code}&state=bbbb%20aaaa"
33
+ end
34
+
35
+ it "should properly exchange for token" do
36
+ @token = @verifier.exchange!
37
+ @verifier.should be_invalidated
38
+ @token.user.should==@verifier.user
39
+ @token.client_application.should == @verifier.client_application
40
+ @token.should be_authorized
41
+ @token.should_not be_invalidated
42
+ @token.scope.should == @verifier.scope
43
+ end
44
+ end
@@ -0,0 +1,13 @@
1
+ # Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
2
+ # Thus you can use the same nonce with a different timestamp and viceversa.
3
+ class OauthNonce < ActiveRecord::Base
4
+ validates_presence_of :nonce, :timestamp
5
+ validates_uniqueness_of :nonce, :scope => :timestamp
6
+
7
+ # Remembers a nonce and it's associated timestamp. It returns false if it has already been used
8
+ def self.remember(nonce, timestamp)
9
+ oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
10
+ return false if oauth_nonce.new_record?
11
+ oauth_nonce
12
+ end
13
+ end
@@ -0,0 +1,24 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+ require 'oauth/helper'
3
+ describe OauthNonce do
4
+ include OAuth::Helper
5
+ before(:each) do
6
+ @oauth_nonce = OauthNonce.remember(generate_key, Time.now.to_i)
7
+ end
8
+
9
+ it "should be valid" do
10
+ @oauth_nonce.should be_valid
11
+ end
12
+
13
+ it "should not have errors" do
14
+ @oauth_nonce.errors.full_messages.should == []
15
+ end
16
+
17
+ it "should not be a new record" do
18
+ @oauth_nonce.should_not be_new_record
19
+ end
20
+
21
+ it "should not allow a second one with the same values" do
22
+ OauthNonce.remember(@oauth_nonce.nonce,@oauth_nonce.timestamp).should == false
23
+ end
24
+ end
@@ -0,0 +1,26 @@
1
+ require File.dirname(__FILE__) + '/../test_helper'
2
+ require 'oauth/helper'
3
+
4
+ class ClientNoneTest < ActiveSupport::TestCase
5
+ include OAuth::Helper
6
+
7
+ def setup
8
+ @oauth_nonce = OauthNonce.remember(generate_key,Time.now.to_i)
9
+ end
10
+
11
+ def test_should_be_valid
12
+ assert @oauth_nonce.valid?
13
+ end
14
+
15
+ def test_should_not_have_errors
16
+ assert_equal [], @oauth_nonce.errors.full_messages
17
+ end
18
+
19
+ def test_should_not_be_a_new_record
20
+ assert !@oauth_nonce.new_record?
21
+ end
22
+
23
+ def test_shuold_not_allow_a_second_one_with_the_same_values
24
+ assert_equal false, OauthNonce.remember(@oauth_nonce.nonce, @oauth_nonce.timestamp)
25
+ end
26
+ end
@@ -0,0 +1,13 @@
1
+ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2
+ one:
3
+ id: 1
4
+ nonce: a_nonce
5
+ timestamp: 1
6
+ created_at: 2007-11-25 17:27:04
7
+ updated_at: 2007-11-25 17:27:04
8
+ two:
9
+ id: 2
10
+ nonce: b_nonce
11
+ timestamp: 2
12
+ created_at: 2007-11-25 17:27:04
13
+ updated_at: 2007-11-25 17:27:04
@@ -0,0 +1,30 @@
1
+ class OauthToken < ActiveRecord::Base
2
+ belongs_to :client_application
3
+ belongs_to :user
4
+ validates_uniqueness_of :token
5
+ validates_presence_of :client_application, :token
6
+ before_validation_on_create :generate_keys
7
+
8
+ def invalidated?
9
+ invalidated_at != nil
10
+ end
11
+
12
+ def invalidate!
13
+ update_attribute(:invalidated_at, Time.now)
14
+ end
15
+
16
+ def authorized?
17
+ authorized_at != nil && !invalidated?
18
+ end
19
+
20
+ def to_query
21
+ "oauth_token=#{token}&oauth_token_secret=#{secret}"
22
+ end
23
+
24
+ protected
25
+
26
+ def generate_keys
27
+ self.token = OAuth::Helper.generate_key(40)[0,40]
28
+ self.secret = OAuth::Helper.generate_key(40)[0,40]
29
+ end
30
+ end
@@ -0,0 +1,309 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+
3
+ describe RequestToken do
4
+ fixtures :client_applications, :users, :oauth_tokens
5
+ before(:each) do
6
+ @token = RequestToken.create :client_application => client_applications(:one)
7
+ end
8
+
9
+ it "should be valid" do
10
+ @token.should be_valid
11
+ end
12
+
13
+ it "should not have errors" do
14
+ @token.errors.should_not == []
15
+ end
16
+
17
+ it "should have a token" do
18
+ @token.token.should_not be_nil
19
+ end
20
+
21
+ it "should have a secret" do
22
+ @token.secret.should_not be_nil
23
+ end
24
+
25
+ it "should not be authorized" do
26
+ @token.should_not be_authorized
27
+ end
28
+
29
+ it "should not be invalidated" do
30
+ @token.should_not be_invalidated
31
+ end
32
+
33
+ it "should not have a verifier" do
34
+ @token.verifier.should be_nil
35
+ end
36
+
37
+ it "should not be oob" do
38
+ @token.should_not be_oob
39
+ end
40
+
41
+ describe "OAuth 1.0a" do
42
+
43
+ describe "with provided callback" do
44
+ before(:each) do
45
+ @token.callback_url="http://test.com/callback"
46
+ end
47
+
48
+ it "should not be oauth10" do
49
+ @token.should_not be_oauth10
50
+ end
51
+
52
+ it "should not be oob" do
53
+ @token.should_not be_oob
54
+ end
55
+
56
+ describe "authorize request" do
57
+ before(:each) do
58
+ @token.authorize!(users(:quentin))
59
+ end
60
+
61
+ it "should be authorized" do
62
+ @token.should be_authorized
63
+ end
64
+
65
+ it "should have authorized at" do
66
+ @token.authorized_at.should_not be_nil
67
+ end
68
+
69
+ it "should have user set" do
70
+ @token.user.should == users(:quentin)
71
+ end
72
+
73
+ it "should have verifier" do
74
+ @token.verifier.should_not be_nil
75
+ end
76
+
77
+ describe "exchange for access token" do
78
+
79
+ before(:each) do
80
+ @token.provided_oauth_verifier=@token.verifier
81
+ @access = @token.exchange!
82
+ end
83
+
84
+ it "should be valid" do
85
+ @access.should be_valid
86
+ end
87
+
88
+ it "should have no error messages" do
89
+ @access.errors.full_messages.should==[]
90
+ end
91
+
92
+ it "should invalidate request token" do
93
+ @token.should be_invalidated
94
+ end
95
+
96
+ it "should set user on access token" do
97
+ @access.user.should == users(:quentin)
98
+ end
99
+
100
+ it "should authorize accesstoken" do
101
+ @access.should be_authorized
102
+ end
103
+ end
104
+
105
+ describe "attempt exchange with invalid verifier (OAuth 1.0a)" do
106
+
107
+ before(:each) do
108
+ @value = @token.exchange!
109
+ end
110
+
111
+ it "should return false" do
112
+ @value.should==false
113
+ end
114
+
115
+ it "should not invalidate request token" do
116
+ @token.should_not be_invalidated
117
+ end
118
+ end
119
+
120
+ end
121
+
122
+ describe "attempt exchange with out authorization" do
123
+
124
+ before(:each) do
125
+ @value = @token.exchange!
126
+ end
127
+
128
+ it "should return false" do
129
+ @value.should==false
130
+ end
131
+
132
+ it "should not invalidate request token" do
133
+ @token.should_not be_invalidated
134
+ end
135
+ end
136
+
137
+ it "should return 1.0a style to_query" do
138
+ @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}&oauth_callback_confirmed=true"
139
+ end
140
+
141
+ end
142
+
143
+ describe "with oob callback" do
144
+ before(:each) do
145
+ @token.callback_url='oob'
146
+ end
147
+
148
+ it "should not be oauth10" do
149
+ @token.should_not be_oauth10
150
+ end
151
+
152
+ it "should be oob" do
153
+ @token.should be_oob
154
+ end
155
+
156
+ describe "authorize request" do
157
+ before(:each) do
158
+ @token.authorize!(users(:quentin))
159
+ end
160
+
161
+ it "should be authorized" do
162
+ @token.should be_authorized
163
+ end
164
+
165
+ it "should have authorized at" do
166
+ @token.authorized_at.should_not be_nil
167
+ end
168
+
169
+ it "should have user set" do
170
+ @token.user.should == users(:quentin)
171
+ end
172
+
173
+ it "should have verifier" do
174
+ @token.verifier.should_not be_nil
175
+ end
176
+
177
+ describe "exchange for access token" do
178
+
179
+ before(:each) do
180
+ @token.provided_oauth_verifier=@token.verifier
181
+ @access = @token.exchange!
182
+ end
183
+
184
+ it "should invalidate request token" do
185
+ @token.should be_invalidated
186
+ end
187
+
188
+ it "should set user on access token" do
189
+ @access.user.should == users(:quentin)
190
+ end
191
+
192
+ it "should authorize accesstoken" do
193
+ @access.should be_authorized
194
+ end
195
+ end
196
+
197
+ describe "attempt exchange with invalid verifier (OAuth 1.0a)" do
198
+
199
+ before(:each) do
200
+ @value = @token.exchange!
201
+ end
202
+
203
+ it "should return false" do
204
+ @value.should==false
205
+ end
206
+
207
+ it "should not invalidate request token" do
208
+ @token.should_not be_invalidated
209
+ end
210
+ end
211
+
212
+ end
213
+
214
+ describe "attempt exchange with out authorization invalid verifier" do
215
+
216
+ before(:each) do
217
+ @value = @token.exchange!
218
+ end
219
+
220
+ it "should return false" do
221
+ @value.should==false
222
+ end
223
+
224
+ it "should not invalidate request token" do
225
+ @token.should_not be_invalidated
226
+ end
227
+ end
228
+
229
+ it "should return 1.0 style to_query" do
230
+ @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}&oauth_callback_confirmed=true"
231
+ end
232
+ end
233
+ end
234
+
235
+ if defined? OAUTH_10_SUPPORT && OAUTH_10_SUPPORT
236
+ describe "OAuth 1.0" do
237
+
238
+ it "should be oauth10" do
239
+ @token.should be_oauth10
240
+ end
241
+
242
+ it "should not be oob" do
243
+ @token.should_not be_oob
244
+ end
245
+
246
+ describe "authorize request" do
247
+ before(:each) do
248
+ @token.authorize!(users(:quentin))
249
+ end
250
+
251
+ it "should be authorized" do
252
+ @token.should be_authorized
253
+ end
254
+
255
+ it "should have authorized at" do
256
+ @token.authorized_at.should_not be_nil
257
+ end
258
+
259
+ it "should have user set" do
260
+ @token.user.should == users(:quentin)
261
+ end
262
+
263
+ it "should not have verifier" do
264
+ @token.verifier.should be_nil
265
+ end
266
+
267
+ describe "exchange for access token" do
268
+
269
+ before(:each) do
270
+ @access = @token.exchange!
271
+ end
272
+
273
+ it "should invalidate request token" do
274
+ @token.should be_invalidated
275
+ end
276
+
277
+ it "should set user on access token" do
278
+ @access.user.should == users(:quentin)
279
+ end
280
+
281
+ it "should authorize accesstoken" do
282
+ @access.should be_authorized
283
+ end
284
+ end
285
+
286
+ end
287
+
288
+ describe "attempt exchange with out authorization" do
289
+
290
+ before(:each) do
291
+ @value = @token.exchange!
292
+ end
293
+
294
+ it "should return false" do
295
+ @value.should==false
296
+ end
297
+
298
+ it "should not invalidate request token" do
299
+ @token.should_not be_invalidated
300
+ end
301
+ end
302
+
303
+ it "should return 1.0 style to_query" do
304
+ @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}"
305
+ end
306
+
307
+ end
308
+ end
309
+ end