insrc_devise_oauth2_providable 1.1.2

data/spec/integration/oauth2_password_grant_type_strategy_spec.rb

@@ -0,0 +1,174 @@
+require 'spec_helper'
+
+describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
+  describe 'POST /oauth2/token' do
+    describe 'with grant_type=password' do
+      context 'with valid params' do
+        with :client
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
+
+          params = {
+            :grant_type => 'password',
+            :client_id => client.identifier,
+            :client_secret => client.secret,
+            :username => @user.email,
+            :password => 'test'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 200 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = Devise::Oauth2Providable::AccessToken.last
+          expected = token.token_response
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with valid params and client id/secret in basic auth header' do
+        with :client
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
+
+          params = {
+            :grant_type => 'password',
+            :username => @user.email,
+            :password => 'test'
+          }
+
+          auth_header = ActionController::HttpAuthentication::Basic.encode_credentials client.identifier, client.secret
+          post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
+        end
+        it { response.code.to_i.should == 200 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          puts response.body
+          token = Devise::Oauth2Providable::AccessToken.last
+          expected = token.token_response
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client id in basic auth header' do
+        with :client
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
+          params = {
+            :grant_type => 'password',
+            :username => @user.email,
+            :password => 'test'
+          }
+          auth_header = ActionController::HttpAuthentication::Basic.encode_credentials 'invalid client id', client.secret
+          post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json'  }
+        it 'returns json' do
+          expected = {
+            :error_description => "invalid client credentials",
+            :error => "invalid_client"
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client secret in basic auth header' do
+        with :client
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
+          params = {
+            :grant_type => 'password',
+            :username => @user.email,
+            :password => 'test'
+          }
+          auth_header = ActionController::HttpAuthentication::Basic.encode_credentials client.identifier, 'invalid secret'
+          post '/oauth2/token', params, 'HTTP_AUTHORIZATION' => auth_header
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json'  }
+        it 'returns json' do
+          expected = {
+            :error_description => "invalid client credentials",
+            :error => "invalid_client"
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid password' do
+        with :client
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
+
+          params = {
+            :grant_type => 'password',
+            :client_id => client.identifier,
+            :client_secret => client.secret,
+            :username => @user.email,
+            :password => 'bar'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json'  }
+        it 'returns json' do
+          expected = {
+            :error_description => "invalid password authentication request",
+            :error => "invalid_grant"
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client_id' do
+        with :client
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
+
+          params = {
+            :grant_type => 'password',
+            :client_id => 'invalid',
+            :client_secret => client.secret,
+            :username => @user.email,
+            :password => 'test'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json'  }
+        it 'returns json' do
+          expected = {
+            :error_description => "invalid client credentials",
+            :error => "invalid_client"
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client_secret' do
+        with :client
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :password => 'test'
+
+          params = {
+            :grant_type => 'password',
+            :client_id => client.identifier,
+            :client_secret => 'invalid',
+            :username => @user.email,
+            :password => 'test'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json'  }
+        it 'returns json' do
+          expected = {
+            :error_description => "invalid client credentials",
+            :error => "invalid_client"
+          }
+          response.body.should match_json(expected)
+        end
+      end
+    end
+  end
+end
+

data/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb

@@ -0,0 +1,138 @@
+require 'spec_helper'
+
+describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
+  describe 'POST /oauth2/token' do
+    describe 'with grant_type=refresh_token' do
+      context 'with valid params' do
+        with :client
+        with :user
+        before do
+          @refresh_token = client.refresh_tokens.create! :user => user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => client.identifier,
+            :client_secret => client.secret,
+            :refresh_token => @refresh_token.token
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 200 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = Devise::Oauth2Providable::AccessToken.last
+          refresh_token = @refresh_token
+          expected = {
+            :token_type => 'bearer',
+            :expires_in => 899,
+            :refresh_token => refresh_token.token,
+            :access_token => token.token
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with expired refresh_token' do
+        with :user
+        with :client
+        before do
+          timenow = 2.days.from_now
+          Time.stub!(:now).and_return(timenow)
+          @refresh_token = client.refresh_tokens.create! :user => user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => client.identifier,
+            :client_secret => client.secret,
+            :refresh_token => @refresh_token.token
+          }
+          Time.stub!(:now).and_return(timenow + 2.months)
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          expected = {
+            :error => 'invalid_grant',
+            :error_description => 'invalid refresh token'
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid refresh_token' do
+        with :user
+        with :client
+        before do
+          @refresh_token = client.refresh_tokens.create! :user => user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => client.identifier,
+            :client_secret => client.secret,
+            :refresh_token => 'invalid'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = Devise::Oauth2Providable::AccessToken.last
+          refresh_token = @refresh_token
+          expected = {
+            :error => 'invalid_grant',
+            :error_description => 'invalid refresh token'
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client_id' do
+        with :user
+        with :client
+        before do
+          @refresh_token = client.refresh_tokens.create! :user => user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => 'invalid',
+            :client_secret => client.secret,
+            :refresh_token => @refresh_token.token
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          expected = {
+            :error => 'invalid_client',
+            :error_description => 'invalid client credentials'
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client_secret' do
+        with :user
+        with :client
+        before do
+          @refresh_token = client.refresh_tokens.create! :user => user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => client.identifier,
+            :client_secret => 'invalid',
+            :refresh_token => @refresh_token.token
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          expected = {
+            :error => 'invalid_client',
+            :error_description => 'invalid client credentials'
+          }
+          response.body.should match_json(expected)
+        end
+      end
+    end
+  end
+end
+

data/spec/lib/devise_oauth2_providable_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+describe Devise::Oauth2Providable do
+  it 'should be defined' do
+    # success
+  end
+end

data/spec/models/access_token_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe Devise::Oauth2Providable::AccessToken do
+  it { Devise::Oauth2Providable::AccessToken.table_name.should == 'oauth2_access_tokens' }
+
+  describe 'basic access token instance' do
+    with :client
+    subject do
+      Devise::Oauth2Providable::AccessToken.create! :client => client
+    end
+    it { should validate_presence_of :token }
+    it { should validate_uniqueness_of :token }
+    it { should belong_to :user }
+    it { should allow_mass_assignment_of :user }
+    it { should belong_to :client }
+    it { should allow_mass_assignment_of :client }
+    it { should validate_presence_of :client }
+    it { should validate_presence_of :expires_at }
+    it { should belong_to :refresh_token }
+    it { should allow_mass_assignment_of :refresh_token }
+    it { should have_db_index :client_id }
+    it { should have_db_index :user_id }
+    it { should have_db_index(:token).unique(true) }
+    it { should have_db_index :expires_at }
+  end
+
+  describe '#expires_at' do
+    context 'when refresh token does not expire before access token' do
+      with :client
+      before do
+        @later = 1.year.from_now
+        @refresh_token = client.refresh_tokens.create!
+        @refresh_token.expires_at = @soon
+        @access_token = Devise::Oauth2Providable::AccessToken.create! :client => client, :refresh_token => @refresh_token
+      end
+      focus 'should not set the access token expires_at to equal refresh token' do
+        @access_token.expires_at.should_not == @later
+      end
+    end
+    context 'when refresh token expires before access token' do
+      with :client
+      before do
+        @soon = 1.minute.from_now
+        @refresh_token = client.refresh_tokens.create!
+        @refresh_token.expires_at = @soon
+        @access_token = Devise::Oauth2Providable::AccessToken.create! :client => client, :refresh_token => @refresh_token
+      end
+      it 'should set the access token expires_at to equal refresh token' do
+        @access_token.expires_at.should == @soon
+      end
+    end
+  end
+end

data/spec/models/authorization_code_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Devise::Oauth2Providable::AuthorizationCode do
+  describe 'basic authorization code instance' do
+    with :client
+    subject do
+      Devise::Oauth2Providable::AuthorizationCode.create! :client => client
+    end
+    it { should validate_presence_of :token }
+    it { should validate_uniqueness_of :token }
+    it { should belong_to :user }
+    it { should allow_mass_assignment_of :user }
+    it { should belong_to :client }
+    it { should allow_mass_assignment_of :client }
+    it { should validate_presence_of :client }
+    it { should validate_presence_of :expires_at }
+    it { should have_db_index :client_id }
+    it { should have_db_index :user_id }
+    it { should have_db_index(:token).unique(true) }
+    it { should have_db_index :expires_at }
+  end
+end
+

data/spec/models/client_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe Devise::Oauth2Providable::Client do
+  it { Devise::Oauth2Providable::Client.table_name.should == 'oauth2_clients' }
+
+  describe 'basic client instance' do
+    with :client
+    subject { client }
+    it { should validate_presence_of :name }
+    it { should validate_uniqueness_of :name }
+    it { should allow_mass_assignment_of :name }
+    it { should validate_presence_of :website }
+    it { should allow_mass_assignment_of :website }
+    it { should allow_mass_assignment_of :redirect_uri }
+    it { should validate_uniqueness_of :identifier }
+    it { should have_db_index(:identifier).unique(true) }
+    it { should_not allow_mass_assignment_of :identifier }
+    it { should_not allow_mass_assignment_of :secret }
+    it { should have_many :refresh_tokens }
+    it { should have_many :authorization_codes }
+  end
+end

data/spec/models/refresh_token_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Devise::Oauth2Providable::RefreshToken do
+  it { Devise::Oauth2Providable::RefreshToken.table_name.should == 'oauth2_refresh_tokens' }
+
+  describe 'basic refresh token instance' do
+    with :client
+    subject do
+      Devise::Oauth2Providable::RefreshToken.create! :client => client
+    end
+    it { should validate_presence_of :token }
+    it { should validate_uniqueness_of :token }
+    it { should belong_to :user }
+    it { should allow_mass_assignment_of :user }
+    it { should belong_to :client }
+    it { should allow_mass_assignment_of :client }
+    it { should validate_presence_of :client }
+    it { should validate_presence_of :expires_at }
+    it { should have_many :access_tokens }
+    it { should allow_mass_assignment_of :access_tokens }
+    it { should have_db_index :client_id }
+    it { should have_db_index :user_id }
+    it { should have_db_index(:token).unique(true) }
+    it { should have_db_index :expires_at }
+  end
+end