jm81auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5054fd53d58c6211c8000f49769e161bcba9482e
+  data.tar.gz: 5ae3e3f048318ff1bd5859695067ab805e255386
+SHA512:
+  metadata.gz: dfe794d0b2d0bf1d226351ab9c8fb424e939805a1e414617abb591f3d78cd14eb6483c8a634fd9b8a074892d64ef27707ac1515e20ce0806a86064679ae55a52
+  data.tar.gz: 0053aa9455f3a95bdeeaa919909255d02ecc58d660352f3c2796323db5894a4ee78059e4553af1a06e4e36f1079a924dc3b314cddc464f8e3c41d9f23bb5ac0e

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,3 @@
+= Jm81auth
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,18 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Jm81auth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/jm81auth/configuration.rb

@@ -0,0 +1,9 @@
+class Configuration
+  attr_accessor :client_secrets, :expires_seconds, :jwt_algorithm, :jwt_secret
+
+  def initialize
+    @client_secrets = {}
+    @expires_seconds = 30 * 86400
+    @jwt_algorithm = 'HS512'
+  end
+end

data/lib/jm81auth/models/auth_method.rb

@@ -0,0 +1,32 @@
+module Jm81auth
+  module Models
+    module AuthMethod
+      def self.included(base)
+        base.extend ClassMethods
+
+        base.class_eval do
+          many_to_one :user
+          one_to_many :auth_tokens
+        end
+      end
+
+      # Create AuthToken, setting user and last_used_at
+      #
+      # @return [AuthToken]
+      def create_token
+        add_auth_token user: user, last_used_at: Time.now.utc
+      end
+
+      module ClassMethods
+        # Get an AuthMethod using provider data conditions (#provider_name and
+        # #provider_id).
+        #
+        # @param provider_data [Hash]
+        # @return [AuthMethod]
+        def by_provider_data provider_data
+          where(provider_data).first
+        end
+      end
+    end
+  end
+end

data/lib/jm81auth/models/auth_token.rb

@@ -0,0 +1,101 @@
+module Jm81auth
+  module Models
+    module AuthToken
+      def self.included(base)
+        base.extend ClassMethods
+
+        base.class_eval do
+          plugin :timestamps
+
+          many_to_one :auth_method
+          many_to_one :user
+        end
+      end
+
+      class DecodeError < StandardError
+      end
+
+      # Set #closed_at. Called, for example, when logging out.
+      def close!
+        self.update(closed_at: Time.now) unless self.closed_at
+      end
+
+      # @return [String]
+      #   { auth_token_id: self.id } encoded via JWT for passing to client.
+      def encoded
+        self.class.encode auth_token_id: self.id
+      end
+
+      # @return [Boolean] Is this token expired?
+      def expired?
+        !open?
+      end
+
+      # @return [Boolean] True if token is not expired or closed.
+      def open?
+        !(last_used_at.nil?) && !closed_at && Time.now <= expires_at
+      end
+
+      # @return [DateTime] Time when this token expires.
+      def expires_at
+        last_used_at + self.class.config.expires_seconds
+      end
+
+      module ClassMethods
+
+        # Decode a JWT token and get AuthToken based on stored ID.
+        #
+        # @see #encoded
+        # @param token [String] JWT encoded hash with AuthToken#id
+        # @raise [DecodeError] auth_token_id is missing or no AuthToken found.
+        # @return [AuthToken]
+        def decode token
+          payload = JWT.decode(
+            token, config.jwt_secret, config.jwt_algorithm
+          ).first
+
+          auth_token = self[payload['auth_token_id']]
+
+          if payload['auth_token_id'].nil?
+            raise DecodeError, "auth_token_id missing: #{payload}"
+          elsif auth_token.nil?
+            raise DecodeError, "auth_token_id not found: #{payload}"
+          end
+
+          auth_token
+        end
+
+        # Encode a value using jwt_secret and jwt_algorithm.
+        #
+        # @param value [Hash, Array]
+        # @return [String] Encoded value
+        def encode value
+          JWT.encode value, config.jwt_secret, config.jwt_algorithm
+        end
+
+        # Decode a JWT token and get AuthToken based on stored ID. If an open
+        # AuthToken is found, update its last_used_at value.
+        #
+        # @see #decode
+        # @param token [String] JWT encoded hash with AuthToken#id
+        # @raise [DecodeError] auth_token_id is missing or no AuthToken found.
+        # @return [AuthToken]
+        def use token
+          auth_token = decode token
+
+          if auth_token && !auth_token.expired?
+            auth_token.update(last_used_at: Time.now)
+            auth_token
+          else
+            nil
+          end
+        end
+
+        # @return [Configuration]
+        def config
+          Jm81auth.config
+        end
+      end
+    end
+  end
+end

data/lib/jm81auth/models/user.rb

@@ -0,0 +1,56 @@
+module Jm81auth
+  module Models
+    module User
+      EMAIL_REGEX = /.@./
+
+      def self.included(base)
+        base.extend ClassMethods
+
+        base.class_eval do
+          one_to_many :auth_methods
+          one_to_many :auth_tokens
+        end
+      end
+
+      module ClassMethods
+        # Find user by email address. Returns nil if the email address is not
+        # valid (for a minimal version of valid)
+        #
+        # @param email [~to_s] Email Address
+        # @return [User, nil]
+        def find_by_email email
+          if email.to_s =~ EMAIL_REGEX
+            where(email: email.to_s.downcase.strip).first
+          else
+            nil
+          end
+        end
+
+        # Login from OAuth.
+        #
+        # First try to find an AuthMethod matching the provider data. If none,
+        # find or create a User based on email, then create an AuthMethod.
+        # Finally, create and return an AuthToken.
+        #
+        # @param oauth [OAuth::Base]
+        #   OAuth login object, include #provider_data (Hash with provider_name
+        #   and provider_id), #email and #display_name.
+        # @return [AuthToken]
+        def oauth_login oauth
+          method = ::AuthMethod.by_provider_data oauth.provider_data
+
+          if !method
+            user = find_by_email(oauth.email) || create(
+              email: oauth.email.downcase,
+              display_name: oauth.display_name
+            )
+
+            method = user.add_auth_method oauth.provider_data
+          end
+
+          method.create_token
+        end
+      end
+    end
+  end
+end

data/lib/jm81auth/oauth/base.rb

@@ -0,0 +1,71 @@
+# Based on satellizer example:
+# https://github.com/sahat/satellizer/blob/master/examples/server/ruby
+
+module Jm81auth
+  module OAuth
+    class Base
+      # Setup @params from params param (Har, har). Also, set @access_token,
+      # either from params Hash, or by calling #get_access_token. @params is the
+      # expected params needed by #get_access_token.
+      #
+      # @param params [Hash]
+      #   Expected to contain :code, :redirectUri, :clientId, and, optionally,
+      #   :access_token
+      def initialize params
+        @params = {
+          code: params[:code],
+          redirect_uri: params[:redirectUri],
+          client_id: params[:clientId],
+          client_secret: Jm81auth.config.client_secrets[provider_name]
+        }
+
+        @access_token = params[:access_token] || get_access_token
+      end
+
+      # @return [Hash] Data returned by accessing data URL.
+      def data
+        @data or get_data
+      end
+
+      # @return [String] Display name (e.g. "Jane Doe") from data.
+      def display_name
+        data['name']
+      end
+
+      # @return [String] Email address from data.
+      def email
+        data['email']
+      end
+
+      # Get data via get request to provider's data URL.
+      #
+      # @return [Hash]
+      def get_data
+        response = client.get(self.class::DATA_URL, access_token: @access_token)
+        @data = JSON.parse(response.body)
+      end
+
+      # @return [String] Provider name, based on class name.
+      def provider_name
+        self.class.name.split('::').last.downcase
+      end
+
+      # @return [String] Provider assigned ID, from data.
+      def provider_id
+        data['id'] || data['sub']
+      end
+
+      # @return [Hash] provider_name and provider_id
+      def provider_data
+        { provider_name: provider_name, provider_id: provider_id }
+      end
+
+      private
+
+      # @return [HTTPClient]
+      def client
+        @client ||= HTTPClient.new
+      end
+    end
+  end
+end

data/lib/jm81auth/oauth/github.rb

@@ -0,0 +1,13 @@
+module Jm81auth
+  module OAuth
+    class Github < Base
+      ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token'
+      DATA_URL = 'https://api.github.com/user'
+
+      def get_access_token
+        response = client.post(ACCESS_TOKEN_URL, @params)
+        Rack::Utils.parse_nested_query(response.body)['access_token']
+      end
+    end
+  end
+end

data/lib/jm81auth/version.rb

@@ -0,0 +1,3 @@
+module Jm81auth
+  VERSION = '0.1.0'
+end

data/lib/jm81auth.rb

@@ -0,0 +1,23 @@
+require 'httpclient'
+require 'jwt'
+
+module Jm81auth
+  class << self
+    def config &block
+      @config ||= Configuration.new
+      @config.instance_eval(&block) if block_given?
+      @config
+    end
+  end
+end
+
+require 'jm81auth/configuration'
+
+require 'jm81auth/models/auth_method'
+require 'jm81auth/models/auth_token'
+require 'jm81auth/models/user'
+
+require 'jm81auth/oauth/base'
+require 'jm81auth/oauth/github'
+
+require 'jm81auth/version'

data/spec/factories/auth_methods.rb

@@ -0,0 +1,9 @@
+FactoryGirl.define do
+  factory :auth_method do
+    to_create { |resource| resource.save }
+
+    user
+    provider_name 'test'
+    sequence(:provider_id) { |n| n }
+  end
+end

data/spec/factories/auth_tokens.rb

@@ -0,0 +1,9 @@
+FactoryGirl.define do
+  factory :auth_token do
+    to_create { |resource| resource.save }
+
+    user
+    auth_method
+    last_used_at { Time.now }
+  end
+end

data/spec/factories/users.rb

@@ -0,0 +1,5 @@
+FactoryGirl.define do
+  factory :user do
+    to_create { |resource| resource.save }
+  end
+end

data/spec/jm81auth/models/auth_method_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+RSpec.describe AuthMethod, type: :model do
+  subject(:auth_method) { FactoryGirl.build(:auth_method) }
+
+  it { is_expected.to be_valid }
+
+  describe '#user' do
+    it 'belongs to a User' do
+      expect(auth_method.user).to be_a(User)
+    end
+  end
+
+  describe '#auth_tokens' do
+    before(:each) { auth_method.save }
+
+    let!(:auth_token) do
+      auth_method.add_auth_token(user: auth_method.user, last_used_at: Time.now)
+    end
+
+    it 'has many' do
+      expect(auth_token).to be_a(AuthToken)
+      expect(auth_method.auth_tokens).to eq([auth_token])
+      expect(AuthToken[auth_token.id].auth_method).to eq(auth_method)
+    end
+
+    it 'cascades deletes' do
+      expect { auth_method.destroy }.
+        to raise_error(Sequel::ForeignKeyConstraintViolation)
+    end
+  end
+
+  describe '#create_token' do
+    before(:each) { auth_method.save }
+
+    it 'creates an AuthToken, setting user and last_used_at' do
+      token = nil
+      expect { token = auth_method.create_token }.
+        to change(AuthToken, :count).by(1)
+
+      token.reload
+      expect(token.user).to be_a(User)
+      expect(token.user).to eq(auth_method.user)
+      expect(token.last_used_at).to be_a(Time)
+    end
+  end
+
+  describe '.by_provider_data' do
+    let!(:auth_methods) do
+      [
+        FactoryGirl.create(
+          :auth_method, provider_name: 'github', provider_id: 2
+        ),
+        FactoryGirl.create(
+          :auth_method, provider_name: 'github', provider_id: 4
+        )
+      ]
+    end
+
+    it 'gets an AuthMethod from provider_name and provider_id' do
+      expect(
+        AuthMethod.by_provider_data(provider_name: 'github', provider_id: 2)
+      ).to eq(auth_methods[0])
+      expect(
+        AuthMethod.by_provider_data(provider_name: 'github', provider_id: '4')
+      ).to eq(auth_methods[1])
+      expect(
+        AuthMethod.by_provider_data(provider_name: 'other', provider_id: 2)
+      ).to be(nil)
+      expect(
+        AuthMethod.by_provider_data(provider_name: 'github', provider_id: 1)
+      ).to be(nil)
+    end
+  end
+end

data/spec/jm81auth/models/auth_token_spec.rb

@@ -0,0 +1,193 @@
+require 'spec_helper'
+
+RSpec.describe AuthToken, type: :model do
+  subject(:auth_token) { FactoryGirl.build(:auth_token) }
+
+  it { is_expected.to be_valid }
+
+  describe '#auth_method' do
+    it 'belongs to a AuthMethod' do
+      expect(auth_token.auth_method).to be_a(AuthMethod)
+    end
+  end
+
+  describe '#user' do
+    it 'belongs to a User' do
+      expect(auth_token.user).to be_a(User)
+    end
+  end
+
+  describe '#close!' do
+    context '#closed_at is not set' do
+      it 'sets #closed_at' do
+        auth_token.save
+        auth_token.close!
+        expect(auth_token.reload.closed_at).to be_a(Time)
+      end
+    end
+
+    context '#closed_at is set' do
+      it 'does nothing' do
+        auth_token.closed_at = Time.now - 1200
+        auth_token.save
+        auth_token.close!
+        expect(auth_token.reload.closed_at).to be <= Time.now - 1200
+      end
+    end
+  end
+
+  describe '#encoded' do
+    before(:each) { auth_token.save }
+
+    it 'returns a String encoding the id' do
+      encoded = auth_token.encoded
+      expect(auth_token.encoded).to be_a(String)
+      decoded = JWT.decode(
+        encoded, Jm81auth.config.jwt_secret, Jm81auth.config.jwt_algorithm
+      )
+      expect(decoded[0]).to eq({'auth_token_id' => auth_token.id})
+    end
+  end
+
+  describe '#expires_at' do
+    it 'is 30 days after last_used_at' do
+      auth_token.last_used_at = Time.parse('2015-08-01 15:00')
+      expect(auth_token.expires_at).to eq(Time.parse('2015-08-31 15:00'))
+    end
+  end
+
+  describe '#open? (#expired? is opposite)' do
+    context '#last_used_at not set' do
+      it 'is false' do
+        auth_token.last_used_at = nil
+        expect(auth_token.open?).to be(false)
+        expect(auth_token.expired?).to be(true)
+      end
+    end
+
+    context '#closed_at is set' do
+      it 'is false' do
+        auth_token.closed_at = Time.now
+        expect(auth_token.open?).to be(false)
+        expect(auth_token.expired?).to be(true)
+      end
+    end
+
+    context '#last_used_at is more than 30 days ago' do
+      it 'is false' do
+        auth_token.last_used_at = (Date.today - 30).to_time
+        expect(auth_token.open?).to be(false)
+        expect(auth_token.expired?).to be(true)
+        auth_token.last_used_at = (Date.today - 31).to_time
+        expect(auth_token.open?).to be(false)
+        expect(auth_token.expired?).to be(true)
+      end
+    end
+
+    context '#last_used_at is less than 30 days ago' do
+      it 'is true' do
+        auth_token.last_used_at = (Date.today - 29).to_time
+        expect(auth_token.open?).to be(true)
+        expect(auth_token.expired?).to be(false)
+        auth_token.last_used_at = Time.now
+        expect(auth_token.open?).to be(true)
+        expect(auth_token.expired?).to be(false)
+      end
+    end
+  end
+
+  describe '.decode' do
+    def encoded id
+      AuthToken.encode auth_token_id: id
+    end
+
+    before(:each) { auth_token.save }
+
+    it 'returns AuthToken based on encoded token' do
+      other = FactoryGirl.create(:auth_token)
+      expect(AuthToken.decode(encoded(auth_token.id))).to eq(auth_token)
+      expect(AuthToken.decode(encoded(auth_token.id))).to_not eq(other)
+    end
+
+    context 'auth_token_id missing from decoded hash' do
+      it 'raises DecodeError' do
+        expect { AuthToken.decode(AuthToken.encode(something: 'else')) }.
+          to raise_error(AuthToken::DecodeError)
+      end
+    end
+
+    context 'No AuthToken found for auth_token_id from decoded hash' do
+      it 'raises DecodeError' do
+        expect { AuthToken.decode(encoded(-10)) }.
+          to raise_error(AuthToken::DecodeError)
+      end
+    end
+  end
+
+  describe '.encode' do
+    it 'encodes a value using JWT' do
+      encoded = AuthToken.encode({a: 1, b: 2})
+      expect(auth_token.encoded).to be_a(String)
+      decoded = JWT.decode(
+        encoded, Jm81auth.config.jwt_secret, Jm81auth.config.jwt_algorithm
+      )
+      expect(decoded[0]).to eq({'a' => 1, 'b' => 2})
+    end
+  end
+
+  describe '.use' do
+    def encoded id
+      AuthToken.encode auth_token_id: id
+    end
+
+    before(:each) do
+      auth_token.save
+    end
+
+    context 'found open AuthToken' do
+      before(:each) do
+        auth_token.last_used_at = Time.now - 3600
+        auth_token.save
+      end
+
+      let!(:other) { FactoryGirl.create(:auth_token) }
+
+      it 'updates last_used_at' do
+        found = AuthToken.use(encoded(auth_token.id))
+        expect(found.last_used_at).to be > Time.now - 600
+        expect(found.last_used_at.to_i).
+          to eq(auth_token.reload.last_used_at.to_i)
+      end
+
+      it 'returns found AuthToken' do
+        expect(AuthToken.use(encoded(auth_token.id))).to be === auth_token
+        expect(AuthToken.use(encoded(auth_token.id))).to_not be === other
+      end
+    end
+
+    context 'found expired AuthToken' do
+      before(:each) do
+        auth_token.last_used_at = (Date.today - 40).to_time
+        auth_token.save
+      end
+
+      let!(:last_used_at) { auth_token.last_used_at }
+
+      it 'does not update last_used_at' do
+        AuthToken.use(encoded(auth_token.id))
+        expect(auth_token.reload.last_used_at.to_i).to eq(last_used_at.to_i)
+      end
+
+      it 'returns nil' do
+        expect(AuthToken.use(encoded(auth_token.id))).to be(nil)
+      end
+    end
+
+    context 'No AuthToken found for auth_token_id from decoded hash' do
+      it 'raises DecodeError' do
+        expect { AuthToken.use(encoded(-10)) }.
+          to raise_error(AuthToken::DecodeError)
+      end
+    end
+  end
+end

data/spec/jm81auth/models/user_spec.rb

@@ -0,0 +1,263 @@
+require 'spec_helper'
+
+RSpec.describe User, type: :model do
+  subject(:user) { FactoryGirl.build(:user) }
+
+  it { is_expected.to be_valid }
+
+  describe '#auth_methods' do
+    before(:each) { user.save }
+
+    let!(:auth_method) do
+      user.add_auth_method provider_name: :test, provider_id: 1
+    end
+
+    it 'has many' do
+      expect(auth_method).to be_a(AuthMethod)
+      expect(user.auth_methods).to eq([auth_method])
+      expect(AuthMethod[auth_method.id].user).to eq(user)
+    end
+
+    it 'cascades deletes' do
+      user.destroy
+      expect(AuthMethod[auth_method.id]).to be(nil)
+    end
+  end
+
+  describe '#auth_tokens' do
+    before(:each) { user.save }
+
+    let!(:auth_token) do
+      user.add_auth_token(
+        auth_method: FactoryGirl.create(:auth_method), last_used_at: Time.now
+      )
+    end
+
+    it 'has many' do
+      expect(auth_token).to be_a(AuthToken)
+      expect(user.auth_tokens).to eq([auth_token])
+      expect(AuthToken[auth_token.id].user).to eq(user)
+    end
+
+    it 'restricts deletes' do
+      expect { user.destroy }.
+        to raise_error(Sequel::ForeignKeyConstraintViolation)
+    end
+  end
+
+  describe '.find_by_email' do
+    let!(:existing) { FactoryGirl.create(:user, email: 'test@example.com') }
+
+    context 'existing User with given email' do
+      it 'gets existing User' do
+        expect(User.find_by_email('test@example.com')).to eq(existing)
+        expect(User.find_by_email('  test@example.com ')).to eq(existing)
+        expect(User.find_by_email('TEST@example.com')).to eq(existing)
+      end
+    end
+
+    context 'no existing User with given email' do
+      it 'is nil' do
+        expect(User).to receive(:where).twice.and_call_original
+        expect(User.find_by_email('other@example.com')).to be(nil)
+        expect(User.find_by_email('test@example.org')).to be(nil)
+      end
+    end
+
+    context 'nil email' do
+      it 'is nil' do
+        expect(User).to_not receive(:where)
+        expect(User.find_by_email(nil)).to be(nil)
+      end
+    end
+
+    context 'invalid email' do
+      it 'is nil' do
+        expect(User).to_not receive(:where)
+        expect(User.find_by_email('')).to be(nil)
+        expect(User.find_by_email('@example.com')).to be(nil)
+        expect(User.find_by_email('test')).to be(nil)
+      end
+    end
+  end
+
+  describe '.oauth_login' do
+    let(:oauth) { double 'Jm81auth::OAuth' }
+
+    let!(:user) do
+      FactoryGirl.create :user, email: 'existing-user@example.com',
+        display_name: 'Existing User'
+    end
+
+    let!(:auth_method) do
+      FactoryGirl.create :auth_method,
+        user: user, provider_name: 'github', provider_id: 5
+    end
+
+    def login
+      @login_token = User.oauth_login oauth
+      @login_user = @login_token.user
+      @login_method = @login_token.auth_method
+      user.reload
+      auth_method.reload
+    end
+
+    context 'existing AuthMethod' do
+      before(:each) do
+        expect(oauth).to_not receive(:email)
+
+        expect(oauth).to receive(:provider_data) do
+          { provider_name: 'github', provider_id: 5 }
+        end
+      end
+
+      it 'uses existing (does not create) User' do
+        expect { login }.to_not change(User, :count)
+        expect(@login_user.id).to eq(user.id)
+        expect(@login_user.email).to eq('existing-user@example.com')
+        expect(@login_user.display_name).to eq('Existing User')
+      end
+
+      it 'uses existing (does not create) AuthMethod' do
+        expect { login }.to_not change(AuthMethod, :count)
+        expect(@login_method.id).to eq(auth_method.id)
+      end
+
+      it 'creates and returns AuthToken' do
+        expect { login }.to change(AuthToken, :count).by(1)
+        expect(@login_token.user.id).to eq(user.id)
+        expect(@login_token.auth_method.id).to eq(auth_method.id)
+        expect(@login_token.last_used_at).to be_a(Time)
+      end
+    end
+
+    context 'no existing AuthMethod' do
+      before(:each) do
+        expect(oauth).to receive(:provider_data).twice do
+          { provider_name: 'github', provider_id: 10 }
+        end
+      end
+
+      context 'User found with same email' do
+        before(:each) do
+          expect(oauth).to receive(:email) { 'existing-user@example.com' }
+        end
+
+        it 'uses existing (does not create) a new User' do
+          expect { login }.to_not change(User, :count)
+          expect(@login_user.id).to eq(user.id)
+          expect(@login_user.email).to eq('existing-user@example.com')
+          expect(@login_user.display_name).to eq('Existing User')
+        end
+
+        it 'creates a new AuthMethod' do
+          expect { login }.to change(AuthMethod, :count).by(1)
+          expect(auth_method.provider_id).to eq(5)
+          expect(@login_method.id).to_not eq(auth_method.id)
+          expect(@login_method.provider_name).to eq('github')
+          expect(@login_method.provider_id).to eq(10)
+          expect(@login_method.user.id).to eq(user.id)
+        end
+
+        it 'creates and returns AuthToken' do
+          expect { login }.to change(AuthToken, :count).by(1)
+          expect(@login_token.user.id).to eq(user.id)
+          expect(@login_token.auth_method.id).to eq(@login_method.id)
+          expect(@login_token.last_used_at).to be_a(Time)
+        end
+      end
+
+      context 'No User found with valid OAuth email' do
+        before(:each) do
+          expect(oauth).to receive(:email).twice { 'new-user@example.com' }
+          expect(oauth).to receive(:display_name) { 'New Name' }
+        end
+
+        it 'creates a new User' do
+          expect { login }.to change(User, :count).by(1)
+          expect(user.display_name).to eq('Existing User')
+          expect(@login_user.email).to eq('new-user@example.com')
+          expect(@login_user.display_name).to eq('New Name')
+        end
+
+        it 'creates a new AuthMethod' do
+          expect { login }.to change(AuthMethod, :count).by(1)
+          expect(auth_method.provider_id).to eq(5)
+          expect(@login_method.id).to_not eq(auth_method.id)
+          expect(@login_method.provider_name).to eq('github')
+          expect(@login_method.provider_id).to eq(10)
+          expect(@login_method.user.id).to eq(@login_user.id)
+        end
+
+        it 'creates and returns AuthToken' do
+          expect { login }.to change(AuthToken, :count).by(1)
+          expect(@login_token.user.id).to eq(@login_user.id)
+          expect(@login_token.auth_method.id).to eq(@login_method.id)
+          expect(@login_token.last_used_at).to be_a(Time)
+        end
+      end
+
+      context 'OAuth email is empty' do
+        before(:each) do
+          user.update email: ''
+          expect(oauth).to receive(:email).twice { '' }
+          expect(oauth).to receive(:display_name) { 'New Name' }
+        end
+
+        it 'creates a new User' do
+          expect { login }.to change(User, :count).by(1)
+          expect(user.display_name).to eq('Existing User')
+          expect(@login_user.email).to eq('')
+          expect(@login_user.display_name).to eq('New Name')
+        end
+
+        it 'creates a new AuthMethod' do
+          expect { login }.to change(AuthMethod, :count).by(1)
+          expect(auth_method.provider_id).to eq(5)
+          expect(@login_method.id).to_not eq(auth_method.id)
+          expect(@login_method.provider_name).to eq('github')
+          expect(@login_method.provider_id).to eq(10)
+          expect(@login_method.user.id).to eq(@login_user.id)
+        end
+
+        it 'creates and returns AuthToken' do
+          expect { login }.to change(AuthToken, :count).by(1)
+          expect(@login_token.user.id).to eq(@login_user.id)
+          expect(@login_token.auth_method.id).to eq(@login_method.id)
+          expect(@login_token.last_used_at).to be_a(Time)
+        end
+      end
+
+      context 'OAuth email is invalid' do
+        before(:each) do
+          user.update email: 'invalid'
+          expect(oauth).to receive(:email).twice { 'invalid' }
+          expect(oauth).to receive(:display_name) { 'New Name' }
+        end
+
+        it 'creates a new User' do
+          expect { login }.to change(User, :count).by(1)
+          expect(user.display_name).to eq('Existing User')
+          expect(@login_user.email).to eq('invalid')
+          expect(@login_user.display_name).to eq('New Name')
+        end
+
+        it 'creates a new AuthMethod' do
+          expect { login }.to change(AuthMethod, :count).by(1)
+          expect(auth_method.provider_id).to eq(5)
+          expect(@login_method.id).to_not eq(auth_method.id)
+          expect(@login_method.provider_name).to eq('github')
+          expect(@login_method.provider_id).to eq(10)
+          expect(@login_method.user.id).to eq(@login_user.id)
+        end
+
+        it 'creates and returns AuthToken' do
+          expect { login }.to change(AuthToken, :count).by(1)
+          expect(@login_token.user.id).to eq(@login_user.id)
+          expect(@login_token.auth_method.id).to eq(@login_method.id)
+          expect(@login_token.last_used_at).to be_a(Time)
+        end
+      end
+    end
+  end
+end

data/spec/jm81auth/oauth/base_spec.rb

@@ -0,0 +1,171 @@
+require 'spec_helper'
+
+module SpecModels
+  class OAuthProvider < Jm81auth::OAuth::Base
+    DATA_URL = 'https://example.org/data'
+
+    def get_access_token
+    end
+  end
+end
+
+RSpec.describe Jm81auth::OAuth::Base do
+  let(:model) { SpecModels::OAuthProvider }
+
+  subject(:oauth) do
+    model.new access_token: 'TEST'
+  end
+
+  let(:data) do
+    {
+      'id' => '123',
+      'sub' => '456',
+      'email' => 'first.last@example.com',
+      'name' => 'First Last'
+    }
+  end
+
+  let(:json_data) do
+    <<-EOJSON
+      {
+        "id": "123",
+        "sub": "456",
+        "email": "first.last@example.com",
+        "name": "First Last"
+      }
+    EOJSON
+  end
+
+  let(:http_response) do
+    mock_response = double('http_response')
+    allow(mock_response).to receive(:body).and_return(json_data)
+    mock_response
+  end
+
+  before(:each) do
+    allow_any_instance_of(HTTPClient).to receive(:get) { http_response }
+  end
+
+  describe '#initialize' do
+    let(:params_hash) do
+      {
+        code: 'CODE',
+        redirectUri: 'https://example.org/redirect',
+        clientId: 'CLIENT_ID',
+        other: 'OTHER',
+        access_token: 'ACCESS_TOKEN'
+      }
+    end
+
+    it 'set @params' do
+      new_oauth = Jm81auth::OAuth::Base.new(params_hash)
+
+      expect(new_oauth.instance_variable_get(:@params)).to eq({
+        code: 'CODE',
+        redirect_uri: 'https://example.org/redirect',
+        client_id: 'CLIENT_ID',
+        client_secret: nil
+      })
+    end
+
+    context 'params includes access_token' do
+      it 'sets @access_token from params' do
+        expect_any_instance_of(model).to_not receive(:get_access_token)
+        new_oauth = model.new(params_hash)
+        expect(new_oauth.instance_variable_get(:@access_token)).
+          to eq('ACCESS_TOKEN')
+      end
+    end
+
+    context 'params does not include access_token' do
+      it 'set access_token using get_access_token' do
+        expect_any_instance_of(model).
+          to receive(:get_access_token).and_return('123abc')
+        new_oauth = model.new(params_hash.merge(access_token: nil))
+        expect(new_oauth.instance_variable_get(:@access_token)).
+          to eq('123abc')
+      end
+    end
+  end
+
+  describe 'data' do
+    context '@data set' do
+      let(:set_data) do
+        data.merge('email' => 'other@example.com')
+      end
+
+      before(:each) { oauth.instance_variable_set(:@data, set_data) }
+
+      it 'returns @data' do
+        expect(oauth).to_not receive(:get_data)
+        expect(oauth.data).to eq(set_data)
+      end
+    end
+
+    context '@data not set' do
+      it 'sets @data using get_data' do
+        expect(oauth).to receive(:get_data).and_call_original
+        oauth.data
+      end
+
+      it 'returns @data' do
+        expect(oauth.data).to eq(data)
+      end
+    end
+  end
+
+  describe '#display_name' do
+    it "gets data['name']" do
+      expect(oauth.display_name).to eq('First Last')
+    end
+  end
+
+  describe '#email' do
+    it "gets data['email']" do
+      expect(oauth.email).to eq('first.last@example.com')
+    end
+  end
+
+  describe '#get_data' do
+    it 'gets data from provider' do
+      expect_any_instance_of(HTTPClient).to receive(:get) { http_response }
+      expect(oauth.get_data).to eq(data)
+    end
+  end
+
+  describe '#provider_name' do
+    it 'gets provider name based on the class name' do
+      expect(oauth.provider_name).to eq('oauthprovider')
+      expect(Jm81auth::OAuth::Base.new(access_token: 'a').provider_name).
+        to eq('base')
+    end
+  end
+
+  describe 'provider_id' do
+    context "data['id'] is set" do
+      it "is data['id']" do
+        expect(oauth.provider_id).to eq('123')
+      end
+    end
+
+    context "data['id'] is not set" do
+      before(:each) do
+        expect(http_response).
+          to receive(:body).and_return(json_data.gsub(/id/, 'no_id'))
+      end
+
+      it "is data['sub']" do
+        expect(oauth.provider_id).to eq('456')
+      end
+    end
+  end
+
+  describe 'provider_data' do
+    it 'is a hash with provider_name and provider_id' do
+      expect(oauth.provider_data).to eq({
+        provider_name: 'oauthprovider',
+        provider_id: '123'
+      })
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,62 @@
+require 'rubygems'
+require 'bundler/setup'
+Bundler.require
+require 'jm81auth'
+require 'sequel'
+require 'factory_girl'
+
+Dir['./spec/support/**/*.rb'].sort.each { |f| require f}
+
+RSpec.configure do |config|
+  config.run_all_when_everything_filtered = true
+
+  config.include FactoryGirl::Syntax::Methods
+
+  config.before :suite do
+    FactoryGirl.find_definitions
+  end
+
+  config.around :each do |example|
+    DB.transaction(rollback: :always, auto_savepoint: true) { example.run }
+  end
+end
+
+DB = Sequel.sqlite
+
+DB.create_table(:users) do
+  primary_key :id
+  column :email, "varchar(255)"
+  column :display_name, "varchar(255)"
+end
+
+DB.create_table(:auth_methods) do
+  primary_key :id
+  foreign_key :user_id, :users, :on_delete=>:cascade, :on_update=>:cascade
+  column :provider_name, "varchar(255)", :null=>false
+  column :provider_id, "integer unsigned", :null=>false
+end
+
+DB.create_table(:auth_tokens) do
+  primary_key :id
+  foreign_key :user_id, :users, :on_delete=>:restrict, :on_update=>:cascade
+  foreign_key :auth_method_id, :auth_methods, :on_delete=>:restrict, :on_update=>:cascade
+  column :created_at, "timestamp", :null=>false
+  column :last_used_at, "timestamp", :null=>false
+  column :closed_at, "timestamp"
+end
+
+Jm81auth.config do |config|
+  config.jwt_secret = 'testsecret'
+end
+
+class AuthMethod < Sequel::Model
+  include Jm81auth::Models::AuthMethod
+end
+
+class AuthToken < Sequel::Model
+  include Jm81auth::Models::AuthToken
+end
+
+class User < Sequel::Model
+  include Jm81auth::Models::User
+end

metadata

@@ -0,0 +1,169 @@
+--- !ruby/object:Gem::Specification
+name: jm81auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Jared Morgan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-03-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+description: I have no excuse for giving the world yet another auth lib.
+email:
+- jmorgan@mchost.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.rdoc
+- Rakefile
+- lib/jm81auth.rb
+- lib/jm81auth/configuration.rb
+- lib/jm81auth/models/auth_method.rb
+- lib/jm81auth/models/auth_token.rb
+- lib/jm81auth/models/user.rb
+- lib/jm81auth/oauth/base.rb
+- lib/jm81auth/oauth/github.rb
+- lib/jm81auth/version.rb
+- spec/factories/auth_methods.rb
+- spec/factories/auth_tokens.rb
+- spec/factories/users.rb
+- spec/jm81auth/models/auth_method_spec.rb
+- spec/jm81auth/models/auth_token_spec.rb
+- spec/jm81auth/models/user_spec.rb
+- spec/jm81auth/oauth/base_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/jm81/jm81auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: An authentication library for Rails API
+test_files:
+- spec/factories/users.rb
+- spec/factories/auth_tokens.rb
+- spec/factories/auth_methods.rb
+- spec/jm81auth/models/auth_token_spec.rb
+- spec/jm81auth/models/user_spec.rb
+- spec/jm81auth/models/auth_method_spec.rb
+- spec/jm81auth/oauth/base_spec.rb
+- spec/spec_helper.rb