insrc_devise_oauth2_providable 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +35 -0
- data/.rvmrc +1 -0
- data/CONTRIBUTORS.txt +6 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +158 -0
- data/Rakefile +8 -0
- data/app/controllers/devise/oauth2_providable/authorizations_controller.rb +59 -0
- data/app/controllers/devise/oauth2_providable/tokens_controller.rb +17 -0
- data/app/models/devise/oauth2_providable/access_token.rb +24 -0
- data/app/models/devise/oauth2_providable/authorization_code.rb +3 -0
- data/app/models/devise/oauth2_providable/client.rb +24 -0
- data/app/models/devise/oauth2_providable/refresh_token.rb +8 -0
- data/app/views/devise/oauth2_providable/authorizations/_form.html.erb +7 -0
- data/app/views/devise/oauth2_providable/authorizations/error.html.erb +4 -0
- data/app/views/devise/oauth2_providable/authorizations/new.html.erb +4 -0
- data/config/routes.rb +7 -0
- data/db/migrate/20111014160714_create_devise_oauth2_providable_schema.rb +54 -0
- data/devise_oauth2_providable.gemspec +32 -0
- data/lib/devise/oauth2_providable/engine.rb +16 -0
- data/lib/devise/oauth2_providable/expirable_token.rb +58 -0
- data/lib/devise/oauth2_providable/models/oauth2_authorization_code_grantable.rb +6 -0
- data/lib/devise/oauth2_providable/models/oauth2_password_grantable.rb +6 -0
- data/lib/devise/oauth2_providable/models/oauth2_providable.rb +13 -0
- data/lib/devise/oauth2_providable/models/oauth2_refresh_token_grantable.rb +6 -0
- data/lib/devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy.rb +21 -0
- data/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb +39 -0
- data/lib/devise/oauth2_providable/strategies/oauth2_password_grant_type_strategy.rb +22 -0
- data/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb +25 -0
- data/lib/devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy.rb +22 -0
- data/lib/devise/oauth2_providable/version.rb +5 -0
- data/lib/devise_oauth2_providable.rb +41 -0
- data/script/rails +6 -0
- data/spec/controllers/authorizations_controller_spec.rb +32 -0
- data/spec/controllers/protected_controller_spec.rb +42 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +7 -0
- data/spec/dummy/app/assets/stylesheets/application.css +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/controllers/protected_controller.rb +6 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/models/user.rb +3 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +51 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +30 -0
- data/spec/dummy/config/environments/production.rb +60 -0
- data/spec/dummy/config/environments/test.rb +39 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/devise.rb +210 -0
- data/spec/dummy/config/initializers/inflections.rb +10 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/devise.en.yml +58 -0
- data/spec/dummy/config/locales/en.yml +5 -0
- data/spec/dummy/config/routes.rb +7 -0
- data/spec/dummy/db/migrate/20111014142838_create_users.rb +9 -0
- data/spec/dummy/db/migrate/20111014161437_create_devise_oauth2_providable_schema.rb +55 -0
- data/spec/dummy/db/schema.rb +78 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/factories/client_factory.rb +5 -0
- data/spec/factories/user_factory.rb +4 -0
- data/spec/integration/oauth2_authorization_token_grant_type_strategy_spec.rb +136 -0
- data/spec/integration/oauth2_password_grant_type_strategy_spec.rb +174 -0
- data/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb +138 -0
- data/spec/lib/devise_oauth2_providable_spec.rb +7 -0
- data/spec/models/access_token_spec.rb +53 -0
- data/spec/models/authorization_code_spec.rb +23 -0
- data/spec/models/client_spec.rb +22 -0
- data/spec/models/refresh_token_spec.rb +26 -0
- data/spec/models/user_spec.rb +6 -0
- data/spec/routing/authorizations_routing_spec.rb +16 -0
- data/spec/routing/tokens_routing_spec.rb +9 -0
- data/spec/spec_helper.rb +29 -0
- data/spec/support/inject_engine_routes_into_application.rb +74 -0
- data/spec/support/match_json.rb +6 -0
- metadata +374 -0
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
|
3
|
+
require "devise/oauth2_providable/version"
|
|
4
|
+
|
|
5
|
+
Gem::Specification.new do |s|
|
|
6
|
+
s.name = "insrc_devise_oauth2_providable"
|
|
7
|
+
s.version = Devise::Oauth2Providable::VERSION
|
|
8
|
+
s.platform = Gem::Platform::RUBY
|
|
9
|
+
s.authors = ["Ryan Sonnek"]
|
|
10
|
+
s.email = ["ryan@socialcast.com"]
|
|
11
|
+
s.homepage = ""
|
|
12
|
+
s.summary = %q{OAuth2 Provider for Rails3 applications}
|
|
13
|
+
s.description = %q{Rails3 engine that adds OAuth2 Provider support to any application built with Devise authentication}
|
|
14
|
+
|
|
15
|
+
s.rubyforge_project = "devise_oauth2_providable"
|
|
16
|
+
|
|
17
|
+
s.add_runtime_dependency(%q<rails>, [">= 3.1.0"])
|
|
18
|
+
s.add_runtime_dependency(%q<devise>, [">= 1.4.3"])
|
|
19
|
+
s.add_runtime_dependency(%q<rack-oauth2>, ["~> 1.0.5"])
|
|
20
|
+
s.add_development_dependency(%q<rspec-rails>, ['2.6.1'])
|
|
21
|
+
s.add_development_dependency(%q<sqlite3>, ['1.3.5'])
|
|
22
|
+
s.add_development_dependency(%q<shoulda-matchers>, ['1.0.0.beta3'])
|
|
23
|
+
s.add_development_dependency(%q<pry>, ['0.9.6.2'])
|
|
24
|
+
s.add_development_dependency(%q<factory_girl>, ['2.2.0'])
|
|
25
|
+
s.add_development_dependency(%q<factory_girl_rspec>, ['0.0.1'])
|
|
26
|
+
s.add_development_dependency(%q<rake>, ['0.9.2.2'])
|
|
27
|
+
|
|
28
|
+
s.files = `git ls-files`.split("\n")
|
|
29
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
|
30
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
|
31
|
+
s.require_paths = ["lib"]
|
|
32
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
module Devise
|
|
2
|
+
module Oauth2Providable
|
|
3
|
+
class Engine < Rails::Engine
|
|
4
|
+
config.devise_oauth2_providable = ActiveSupport::OrderedOptions.new
|
|
5
|
+
config.devise_oauth2_providable.access_token_expires_in = 15.minutes
|
|
6
|
+
config.devise_oauth2_providable.refresh_token_expires_in = 1.month
|
|
7
|
+
config.devise_oauth2_providable.authorization_code_expires_in = 1.minute
|
|
8
|
+
|
|
9
|
+
engine_name 'oauth2'
|
|
10
|
+
isolate_namespace Devise::Oauth2Providable
|
|
11
|
+
initializer "devise_oauth2_providable.initialize_application", :before=> :load_config_initializers do |app|
|
|
12
|
+
app.config.filter_parameters << :client_secret
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
require 'active_support/concern'
|
|
2
|
+
require 'active_record'
|
|
3
|
+
|
|
4
|
+
module Devise
|
|
5
|
+
module Oauth2Providable
|
|
6
|
+
module ExpirableToken
|
|
7
|
+
extend ActiveSupport::Concern
|
|
8
|
+
|
|
9
|
+
module ClassMethods
|
|
10
|
+
def expires_according_to(config_name)
|
|
11
|
+
cattr_accessor :default_lifetime
|
|
12
|
+
self.default_lifetime = Rails.application.config.devise_oauth2_providable[config_name]
|
|
13
|
+
|
|
14
|
+
belongs_to :user
|
|
15
|
+
belongs_to :client
|
|
16
|
+
|
|
17
|
+
# attr_accessible :user, :client
|
|
18
|
+
|
|
19
|
+
after_initialize :init_token, :on => :create, :unless => :token?
|
|
20
|
+
after_initialize :init_expires_at, :on => :create, :unless => :expires_at?
|
|
21
|
+
validates :expires_at, :presence => true
|
|
22
|
+
validates :client, :presence => true
|
|
23
|
+
validates :token, :presence => true, :uniqueness => true
|
|
24
|
+
|
|
25
|
+
default_scope lambda {
|
|
26
|
+
where(self.arel_table[:expires_at].gteq(Time.now.utc))
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
include LocalInstanceMethods
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
module LocalInstanceMethods
|
|
34
|
+
# number of seconds until the token expires
|
|
35
|
+
def expires_in
|
|
36
|
+
(expires_at - Time.now.utc).to_i
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
# forcefully expire the token
|
|
40
|
+
def expired!
|
|
41
|
+
self.expires_at = Time.now.utc
|
|
42
|
+
self.save!
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
private
|
|
46
|
+
|
|
47
|
+
def init_token
|
|
48
|
+
self.token = Devise::Oauth2Providable.random_id
|
|
49
|
+
end
|
|
50
|
+
def init_expires_at
|
|
51
|
+
self.expires_at = self.default_lifetime.from_now
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
ActiveRecord::Base.send :include, Devise::Oauth2Providable::ExpirableToken
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'devise/models'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Models
|
|
5
|
+
module Oauth2Providable
|
|
6
|
+
extend ActiveSupport::Concern
|
|
7
|
+
included do
|
|
8
|
+
has_many :access_tokens, :class_name => 'Devise::Oauth2Providable::AccessToken'
|
|
9
|
+
has_many :authorization_codes, :class_name => 'Devise::Oauth2Providable::AuthorizationCode'
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Strategies
|
|
5
|
+
class Oauth2AuthorizationCodeGrantTypeStrategy < Oauth2GrantTypeStrategy
|
|
6
|
+
def grant_type
|
|
7
|
+
'authorization_code'
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def authenticate_grant_type(client)
|
|
11
|
+
if code = client.authorization_codes.find_by_token(params[:code])
|
|
12
|
+
success! code.user
|
|
13
|
+
else
|
|
14
|
+
oauth_error! :invalid_grant, 'invalid authorization code request'
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
Warden::Strategies.add(:oauth2_authorization_code_grantable, Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy)
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
require 'devise/strategies/base'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Strategies
|
|
5
|
+
class Oauth2GrantTypeStrategy < Authenticatable
|
|
6
|
+
def valid?
|
|
7
|
+
params[:controller] == 'devise/oauth2_providable/tokens' && request.post? && params[:grant_type] == grant_type
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# defined by subclass
|
|
11
|
+
def grant_type
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
# defined by subclass
|
|
15
|
+
def authenticate_grant_type(client)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def authenticate!
|
|
19
|
+
client_id, client_secret = request.authorization ? decode_credentials : [params[:client_id], params[:client_secret]]
|
|
20
|
+
client = Devise::Oauth2Providable::Client.find_by_identifier client_id
|
|
21
|
+
if client && client.secret == client_secret
|
|
22
|
+
env[Devise::Oauth2Providable::CLIENT_ENV_REF] = client
|
|
23
|
+
authenticate_grant_type(client)
|
|
24
|
+
else
|
|
25
|
+
oauth_error! :invalid_client, 'invalid client credentials'
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
# return custom error response in accordance with the oauth spec
|
|
30
|
+
# see http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.3
|
|
31
|
+
def oauth_error!(error_code = :invalid_request, description = nil)
|
|
32
|
+
body = {:error => error_code}
|
|
33
|
+
body[:error_description] = description if description
|
|
34
|
+
custom! [400, {'Content-Type' => 'application/json'}, [body.to_json]]
|
|
35
|
+
throw :warden
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Strategies
|
|
5
|
+
class Oauth2PasswordGrantTypeStrategy < Oauth2GrantTypeStrategy
|
|
6
|
+
def grant_type
|
|
7
|
+
'password'
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def authenticate_grant_type(client)
|
|
11
|
+
resource = mapping.to.find_for_authentication(mapping.to.authentication_keys.first => params[:username])
|
|
12
|
+
if validate(resource) { resource.valid_password?(params[:password]) }
|
|
13
|
+
success! resource
|
|
14
|
+
else
|
|
15
|
+
oauth_error! :invalid_grant, 'invalid password authentication request'
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
Warden::Strategies.add(:oauth2_password_grantable, Devise::Strategies::Oauth2PasswordGrantTypeStrategy)
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require 'devise/strategies/base'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Strategies
|
|
5
|
+
class Oauth2Providable < Authenticatable
|
|
6
|
+
def valid?
|
|
7
|
+
@req = Rack::OAuth2::Server::Resource::Bearer::Request.new(env)
|
|
8
|
+
@req.oauth2?
|
|
9
|
+
end
|
|
10
|
+
def authenticate!
|
|
11
|
+
@req.setup!
|
|
12
|
+
token = Devise::Oauth2Providable::AccessToken.find_by_token @req.access_token
|
|
13
|
+
env[Devise::Oauth2Providable::CLIENT_ENV_REF] = token.client if token
|
|
14
|
+
resource = token ? token.user : nil
|
|
15
|
+
if validate(resource)
|
|
16
|
+
success! resource
|
|
17
|
+
else
|
|
18
|
+
fail(:invalid_token)
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
Warden::Strategies.add(:oauth2_providable, Devise::Strategies::Oauth2Providable)
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Strategies
|
|
5
|
+
class Oauth2RefreshTokenGrantTypeStrategy < Oauth2GrantTypeStrategy
|
|
6
|
+
def grant_type
|
|
7
|
+
'refresh_token'
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def authenticate_grant_type(client)
|
|
11
|
+
if refresh_token = client.refresh_tokens.find_by_token(params[:refresh_token])
|
|
12
|
+
env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF] = refresh_token
|
|
13
|
+
success! refresh_token.user
|
|
14
|
+
else
|
|
15
|
+
oauth_error! :invalid_grant, 'invalid refresh token'
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
Warden::Strategies.add(:oauth2_refresh_token_grantable, Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy)
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require 'devise'
|
|
2
|
+
require 'rack/oauth2'
|
|
3
|
+
require 'devise/oauth2_providable/engine'
|
|
4
|
+
require 'devise/oauth2_providable/expirable_token'
|
|
5
|
+
require 'devise/oauth2_providable/strategies/oauth2_providable_strategy'
|
|
6
|
+
require 'devise/oauth2_providable/strategies/oauth2_password_grant_type_strategy'
|
|
7
|
+
require 'devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy'
|
|
8
|
+
require 'devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy'
|
|
9
|
+
require 'devise/oauth2_providable/models/oauth2_providable'
|
|
10
|
+
require 'devise/oauth2_providable/models/oauth2_password_grantable'
|
|
11
|
+
require 'devise/oauth2_providable/models/oauth2_refresh_token_grantable'
|
|
12
|
+
require 'devise/oauth2_providable/models/oauth2_authorization_code_grantable'
|
|
13
|
+
|
|
14
|
+
module Devise
|
|
15
|
+
module Oauth2Providable
|
|
16
|
+
CLIENT_ENV_REF = 'oauth2.client'
|
|
17
|
+
REFRESH_TOKEN_ENV_REF = "oauth2.refresh_token"
|
|
18
|
+
|
|
19
|
+
class << self
|
|
20
|
+
def random_id
|
|
21
|
+
SecureRandom.hex
|
|
22
|
+
end
|
|
23
|
+
def table_name_prefix
|
|
24
|
+
'oauth2_'
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
Devise.add_module(:oauth2_providable,
|
|
31
|
+
:strategy => true,
|
|
32
|
+
:model => 'devise/oauth2_providable/models/oauth2_providable')
|
|
33
|
+
Devise.add_module(:oauth2_password_grantable,
|
|
34
|
+
:strategy => true,
|
|
35
|
+
:model => 'devise/oauth2_providable/models/oauth2_password_grantable')
|
|
36
|
+
Devise.add_module(:oauth2_refresh_token_grantable,
|
|
37
|
+
:strategy => true,
|
|
38
|
+
:model => 'devise/oauth2_providable/models/oauth2_refresh_token_grantable')
|
|
39
|
+
Devise.add_module(:oauth2_authorization_code_grantable,
|
|
40
|
+
:strategy => true,
|
|
41
|
+
:model => 'devise/oauth2_providable/models/oauth2_authorization_code_grantable')
|
data/script/rails
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
#!/usr/bin/env ruby
|
|
3
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
|
4
|
+
|
|
5
|
+
ENGINE_PATH = File.expand_path('../..', __FILE__)
|
|
6
|
+
load File.expand_path('../../spec/dummy/script/rails', __FILE__)
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Devise::Oauth2Providable::AuthorizationsController do
|
|
4
|
+
describe 'GET #new' do
|
|
5
|
+
context 'with valid redirect_uri' do
|
|
6
|
+
with :user
|
|
7
|
+
with :client
|
|
8
|
+
let(:redirect_uri) { client.redirect_uri }
|
|
9
|
+
before do
|
|
10
|
+
sign_in user
|
|
11
|
+
get :new, :client_id => client.identifier, :redirect_uri => redirect_uri, :response_type => 'code', :use_route => 'devise_oauth2_providable'
|
|
12
|
+
end
|
|
13
|
+
it { should respond_with :ok }
|
|
14
|
+
it { should respond_with_content_type :html }
|
|
15
|
+
it { should assign_to(:redirect_uri).with(redirect_uri) }
|
|
16
|
+
it { should assign_to(:response_type) }
|
|
17
|
+
it { should render_template 'devise/oauth2_providable/authorizations/new' }
|
|
18
|
+
it { should render_with_layout 'application' }
|
|
19
|
+
end
|
|
20
|
+
context 'with invalid redirect_uri' do
|
|
21
|
+
with :user
|
|
22
|
+
with :client
|
|
23
|
+
let(:redirect_uri) { 'http://example.com/foo/bar' }
|
|
24
|
+
before do
|
|
25
|
+
sign_in user
|
|
26
|
+
get :new, :client_id => client.identifier, :redirect_uri => redirect_uri, :response_type => 'code', :use_route => 'devise_oauth2_providable'
|
|
27
|
+
end
|
|
28
|
+
it { should respond_with :bad_request }
|
|
29
|
+
it { should respond_with_content_type :html }
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe ProtectedController do
|
|
4
|
+
|
|
5
|
+
describe 'get :index' do
|
|
6
|
+
with :client
|
|
7
|
+
with :user
|
|
8
|
+
before do
|
|
9
|
+
@token = Devise::Oauth2Providable::AccessToken.create! :client => client, :user => user
|
|
10
|
+
end
|
|
11
|
+
context 'with valid bearer token in header' do
|
|
12
|
+
before do
|
|
13
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token.token}"
|
|
14
|
+
get :index, :format => 'json'
|
|
15
|
+
end
|
|
16
|
+
it { should respond_with :ok }
|
|
17
|
+
end
|
|
18
|
+
context 'with valid bearer token in query string' do
|
|
19
|
+
before do
|
|
20
|
+
get :index, :access_token => @token.token, :format => 'json'
|
|
21
|
+
end
|
|
22
|
+
it { should respond_with :ok }
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
context 'with invalid bearer token in query param' do
|
|
26
|
+
before do
|
|
27
|
+
get :index, :access_token => 'invalid', :format => 'json'
|
|
28
|
+
end
|
|
29
|
+
it { should respond_with :unauthorized }
|
|
30
|
+
end
|
|
31
|
+
context 'with valid bearer token in header and query string' do
|
|
32
|
+
before do
|
|
33
|
+
end
|
|
34
|
+
it 'raises error' do
|
|
35
|
+
lambda {
|
|
36
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token.token}"
|
|
37
|
+
get :index, :access_token => @token.token, :format => 'json'
|
|
38
|
+
}.should raise_error
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
data/spec/dummy/Rakefile
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
#!/usr/bin/env rake
|
|
2
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
|
3
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
|
4
|
+
|
|
5
|
+
require File.expand_path('../config/application', __FILE__)
|
|
6
|
+
|
|
7
|
+
Dummy::Application.load_tasks
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
// This is a manifest file that'll be compiled into including all the files listed below.
|
|
2
|
+
// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
|
|
3
|
+
// be included in the compiled file accessible from http://example.com/assets/application.js
|
|
4
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
|
5
|
+
// the compiled file.
|
|
6
|
+
//
|
|
7
|
+
//= require_tree .
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* This is a manifest file that'll automatically include all the stylesheets available in this directory
|
|
3
|
+
* and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
|
|
4
|
+
* the top of the compiled file, but it's generally better to create a new file per style scope.
|
|
5
|
+
*= require_self
|
|
6
|
+
*= require_tree .
|
|
7
|
+
*/
|