mbleigh-twitter-auth 0.0.2 → 0.1.1

data/lib/twitter_auth/cryptify.rb

@@ -1,19 +1,30 @@
 module TwitterAuth
   module Cryptify
     class Error < StandardError; end
-    mattr_accessor :crypt_password
-    @@crypt_password = '--TwitterAuth-!##@--2ef'
     
-    def self.encrypt(data, salt)
-      EzCrypto::Key.encrypt_with_password(crypt_password, salt, data)
+    def self.encrypt(data)
+      salt = generate_salt
+      {:encrypted_data => EzCrypto::Key.encrypt_with_password(TwitterAuth.encryption_key, salt, data), :salt => salt}
     end
+ 
+    def self.decrypt(encrypted_data_or_hash, salt=nil)
+      case encrypted_data_or_hash
+      when String
+        encrypted_data = encrypted_data_or_hash
+        raise ArgumentError, 'Must provide a salt to decrypt.' unless salt
+      when Hash
+        encrypted_data = encrypted_data_or_hash[:encrypted_data]
+        salt = encrypted_data_or_hash[:salt]
+      else
+        raise ArgumentError, 'Must provide either an encrypted hash result or encrypted string and salt.'
+      end
 
-    def self.decrypt(encrypted_data, salt)
-      EzCrypto::Key.decrypt_with_password(crypt_password, salt, encrypted_data)
+      EzCrypto::Key.decrypt_with_password(TwitterAuth.encryption_key, salt, encrypted_data)
     end
   
     def self.generate_salt
       ActiveSupport::SecureRandom.hex(4)
     end
   end
-end
+end
+

data/lib/twitter_auth/dispatcher/basic.rb

@@ -0,0 +1,45 @@
+require 'net/http'
+
+module TwitterAuth
+  module Dispatcher
+    class Basic
+      attr_accessor :user
+
+      def initialize(user)
+        raise TwitterAuth::Error, 'Dispatcher must be initialized with a User.' unless user.is_a?(TwitterAuth::BasicUser)
+        self.user = user
+      end
+
+      def request(http_method, path, body=nil, *arguments)
+        path << '.json' unless path.match(/\.(:?xml|json)\z/i)
+
+        response = TwitterAuth.net.start{ |http|
+          req = "Net::HTTP::#{http_method.to_s.capitalize}".constantize.new(path, *arguments)
+          req.basic_auth user.login, user.password
+          req.set_form_data(body) unless body.nil?
+          http.request(req)
+        }
+        
+        JSON.parse(response.body)
+      rescue JSON::ParserError
+        response.body
+      end
+
+      def get(path, *arguments)
+        request(:get, path, *arguments)
+      end
+
+      def post(path, body='', *arguments)
+        request(:post, path, body, *arguments)
+      end
+
+      def put(path, body='', *arguments)
+        request(:put, path, body, *arguments)
+      end
+
+      def delete(path, *arguments)
+        request(:delete, path, *arguments)
+      end
+    end
+  end
+end

data/lib/twitter_auth/dispatcher/oauth.rb

@@ -0,0 +1,23 @@
+require 'oauth'
+
+module TwitterAuth
+  module Dispatcher
+    class Oauth < OAuth::AccessToken
+      attr_accessor :user
+
+      def initialize(user)
+        raise TwitterAuth::Error, 'Dispatcher must be initialized with a User.' unless user.is_a?(TwitterAuth::OauthUser) 
+        self.user = user
+        super(TwitterAuth.consumer, user.access_token, user.access_secret)
+      end
+
+      def request(http_method, path, *arguments)
+        path << '.json' unless path.match(/\.(:?xml|json)\z/i)
+        response = super
+        JSON.parse(response.body)
+      rescue JSON::ParserError
+        response.body
+      end
+    end
+  end
+end

data/spec/controllers/controller_extensions_spec.rb

@@ -0,0 +1,146 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+ActionController::Routing::Routes.draw do |map|
+  map.connect ':controller/:action/:id'
+end
+
+class TwitterAuthTestController < ApplicationController
+  before_filter :login_required, :only => [:login_required_action]
+
+  def login_required_action
+    render :text => "You are logged in!"
+  end
+
+  def fail_auth
+    authentication_failed('Auth FAIL.')
+  end
+
+  def pass_auth
+    if params[:message]
+      authentication_succeeded(params[:message])
+    else
+      authentication_succeeded
+    end
+  end
+
+  def access_denied_action
+    access_denied
+  end
+
+  def redirect_back_action
+    redirect_back_or_default(params[:to] || '/')
+  end
+
+  def logout_keeping_session_action
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
+end
+
+describe TwitterAuthTestController do
+  %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default logout_keeping_session!).each do |m|
+    it "should respond to the extension method '#{m}'" do
+      controller.should respond_to(m)
+    end
+  end
+
+  describe "#authentication_failed" do
+    it 'should set the flash[:error] to the message passed in' do
+      get :fail_auth
+      flash[:error].should == 'Auth FAIL.'
+    end
+
+    it 'should redirect to the root' do
+      get :fail_auth
+      should redirect_to('/')
+    end
+  end
+
+  describe "#authentication_succeeded" do
+    it 'should set the flash[:notice] to a default success message' do
+      get :pass_auth
+      flash[:notice].should == 'You have logged in successfully.' 
+    end
+
+    it 'should be able ot receive a custom message' do
+      get :pass_auth, :message => 'Eat at Joes.'
+      flash[:notice].should == 'Eat at Joes.'
+    end
+  end
+
+  describe '#current_user' do
+    it 'should find the user based on the session user_id' do
+      user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = user.id
+      controller.send(:current_user).should == user
+    end
+
+    it 'should return nil if there is no user matching that id' do
+      request.session[:user_id] = 2345
+      controller.send(:current_user).should be_nil
+    end
+
+    it 'should memoize the result (and not do a double find)' do
+      user = Factory.create(:twitter_oauth_user)
+      User.should_receive(:find_by_id).once.and_return(user)
+      controller.send(:current_user).should == user
+      controller.send(:current_user).should == user
+    end
+  end
+
+  describe "#authorized?" do
+    it 'should be true if there is a current_user' do
+      user = Factory.create(:twitter_oauth_user)
+      controller.stub!(:current_user).and_return(user)
+      controller.send(:authorized?).should be_true
+    end
+
+    it 'should be false if there is not current_user' do
+      controller.stub!(:current_user).and_return(nil)
+      controller.send(:authorized?).should be_false
+    end
+  end
+
+  describe '#access_denied' do
+    it 'should redirect to the login path' do
+      get :access_denied_action
+      should redirect_to(login_path)
+    end
+
+    it 'should store the location first' do
+      controller.should_receive(:store_location).once
+      get :access_denied_action
+    end
+  end
+
+  describe '#redirect_back_or_default' do
+    it 'should redirect if there is a session[:return_to]' do
+      request.session[:return_to] = '/'
+      get :redirect_back_action, :to => '/notroot'
+      should redirect_to('/')
+    end
+
+    it 'should redirect to the default provided otherwise' do
+      get :redirect_back_action, :to => '/someurl'
+      should redirect_to('/someurl')
+    end
+  end
+
+  describe 'logout_keeping_session!' do
+    before do
+      @user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = @user.id
+    end
+
+    it 'should unset session[:user_id]' do
+      get :logout_keeping_session_action
+      request.session[:user_id].should be_nil
+    end
+
+    it 'should unset current_user' do
+      controller.send(:current_user).should == @user
+      get :logout_keeping_session_action
+      controller.send(:current_user).should be_nil
+    end
+  end
+end

data/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,206 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe SessionsController do
+  integrate_views
+
+  describe 'routes' do
+    it 'should route /session/new to SessionsController#new' do
+      params_from(:get, '/session/new').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /login to SessionsController#new' do
+      params_from(:get, '/login').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /logout to SessionsController#destroy' do
+      params_from(:get, '/logout').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route DELETE /session to SessionsController#destroy' do
+      params_from(:delete, '/session').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route /oauth_callback to SessionsController#oauth_callback' do
+      params_from(:get, '/oauth_callback').should == {:controller => 'sessions', :action => 'oauth_callback'}
+    end
+
+    it 'should route POST /session to SessionsController#create' do
+      params_from(:post, '/session').should == {:controller => 'sessions', :action => 'create'}
+    end
+  end
+
+  describe 'with OAuth strategy' do
+    before do
+      stub_oauth!
+    end
+
+    describe '#new' do
+      it 'should retrieve a request token' do
+        get :new
+        assigns[:request_token].token.should == 'faketoken'
+        assigns[:request_token].secret.should == 'faketokensecret'
+      end
+
+      it 'should set session variables for the request token' do
+        get :new
+        session[:request_token].should == 'faketoken'
+        session[:request_token_secret].should == 'faketokensecret'
+      end
+
+      it 'should redirect to the oauth authorization url' do
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken')
+      end
+
+      it 'should redirect to the oauth_callback if one is specified' do
+        TwitterAuth.stub!(:oauth_callback).and_return('http://localhost:3000/development')
+        TwitterAuth.stub!(:oauth_callback?).and_return(true)        
+
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken&oauth_callback=' + CGI.escape(TwitterAuth.oauth_callback))
+      end
+    end
+
+    describe '#oauth_callback' do
+      describe 'with no session info' do
+        it 'should set the flash[:error]' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          flash[:error].should == 'No authentication information was found in the session. Please try again.'
+        end
+
+        it 'should redirect to "/" by default' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          response.should redirect_to('/')
+        end
+
+        it 'should call authentication_failed' do
+          controller.should_receive(:authentication_failed).any_number_of_times
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end
+      end
+
+      describe 'with proper info' do
+        before do
+          @user = Factory.create(:twitter_oauth_user)
+          request.session[:request_token] = 'faketoken'
+          request.session[:request_token_secret] = 'faketokensecret'
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end 
+
+        describe 'building the access token' do
+          it 'should rebuild the request token' do
+            correct_token =  OAuth::RequestToken.new(TwitterAuth.consumer,'faketoken','faketokensecret')
+            
+            %w(token secret).each do |att|
+              assigns[:request_token].send(att).should == correct_token.send(att)
+            end
+          end
+
+          it 'should exchange the request token for an access token' do
+            assigns[:access_token].should be_a(OAuth::AccessToken)
+            assigns[:access_token].token.should == 'fakeaccesstoken'
+            assigns[:access_token].secret.should == 'fakeaccesstokensecret'
+          end
+
+          it 'should wipe the request token after exchange' do
+            session[:request_token].should be_nil
+            session[:request_token_secret].should be_nil
+          end
+        end
+        
+        describe 'identifying the user' do
+          it "should find the user" do         
+            assigns[:user].should == @user
+          end
+
+          it "should assign the user id to the session" do
+            session[:user_id].should == @user.id
+          end
+        end
+
+        describe "when OAuth doesn't work" do
+          before do
+            request.session[:request_token] = 'faketoken'
+            request.session[:request_token_secret] = 'faketokensecret'
+            @request_token =  OAuth::RequestToken.new(TwitterAuth.consumer, session[:request_token], session[:request_token_secret])
+            OAuth::RequestToken.stub!(:new).and_return(@request_token)
+          end
+
+          it 'should call authentication_failed when it gets a 401 from OAuth' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('401 "Unauthorized"', '401 "Unauthorized"'))
+            controller.should_receive(:authentication_failed).with('This authentication request is no longer valid. Please try again.')
+            # the should raise_error is hacky because of the expectation
+            # stubbing the proper behavior :-(
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+
+          it 'should call authentication_failed when it gets a different HTTPServerException' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('404 "Not Found"', '404 "Not Found"'))
+            controller.should_receive(:authentication_failed).with('There was a problem trying to authenticate you. Please try again.')
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+        end
+      end
+    end
+  end
+
+  describe 'with Basic strategy' do
+    before do
+      stub_basic!
+    end
+    
+    describe '#new' do
+      it 'should render the new action' do
+        get :new
+        response.should render_template('sessions/new')
+      end
+
+      it 'should render the login form' do
+        get :new
+        response.should have_tag('form[action=/session][id=login_form][method=post]')
+      end
+      
+      describe '#create' do
+        before do
+          @user = Factory.create(:twitter_basic_user)
+        end
+
+        it 'should call logout_keeping_session! to remove session info' do
+          controller.should_receive(:logout_keeping_session!)
+          post :create
+        end
+
+        it 'should try to authenticate the user' do
+          User.should_receive(:authenticate)
+          post :create
+        end
+
+        it 'should call authentication_failed on authenticate failure' do
+          User.should_receive(:authenticate).and_return(nil)
+          post :create, :login => 'wrong', :password => 'false'
+          response.should redirect_to('/login')
+        end
+
+        it 'should call authentication_succeeded on authentication success' do
+          User.should_receive(:authenticate).and_return(@user)    
+          post :create, :login => 'twitterman', :password => 'cool'
+          response.should redirect_to('/')
+          flash[:notice].should_not be_blank
+        end
+      end
+    end
+
+  end
+
+  describe '#destroy' do
+    it 'should call logout_keeping_session!' do
+      controller.should_receive(:logout_keeping_session!).once
+      get :destroy
+    end
+
+    it 'should redirect to the root' do
+      get :destroy
+      response.should redirect_to('/')
+    end
+  end
+end