oauth-plugin 0.3.14 → 0.4.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (110) hide show
  1. data/CHANGELOG +10 -0
  2. data/README.rdoc +44 -9
  3. data/Rakefile +2 -2
  4. data/VERSION +1 -1
  5. data/generators/oauth_consumer/templates/migration.rb +1 -1
  6. data/generators/oauth_provider/oauth_provider_generator.rb +6 -0
  7. data/generators/oauth_provider/templates/access_token.rb +2 -2
  8. data/generators/oauth_provider/templates/client_application.rb +8 -6
  9. data/generators/oauth_provider/templates/client_applications.yml +6 -6
  10. data/generators/oauth_provider/templates/clients_controller_spec.rb +130 -193
  11. data/generators/oauth_provider/templates/controller.rb +12 -0
  12. data/generators/oauth_provider/templates/controller_spec.rb +762 -291
  13. data/generators/oauth_provider/templates/controller_spec_helper.rb +49 -63
  14. data/generators/oauth_provider/templates/migration.rb +6 -5
  15. data/generators/oauth_provider/templates/oauth2_authorize.html.erb +16 -0
  16. data/generators/oauth_provider/templates/oauth2_authorize.html.haml +17 -0
  17. data/generators/oauth_provider/templates/oauth2_token.rb +6 -0
  18. data/generators/oauth_provider/templates/oauth2_token_spec.rb +29 -0
  19. data/generators/oauth_provider/templates/oauth2_verifier.rb +28 -0
  20. data/generators/oauth_provider/templates/oauth2_verifier_spec.rb +54 -0
  21. data/generators/oauth_provider/templates/oauth_nonce_test.rb +1 -1
  22. data/generators/oauth_provider/templates/oauth_token.rb +3 -4
  23. data/generators/oauth_provider/templates/request_token.rb +1 -1
  24. data/lib/generators/active_record/oauth_consumer_generator.rb +33 -0
  25. data/lib/generators/active_record/oauth_consumer_templates/consumer_token.rb +5 -0
  26. data/lib/generators/active_record/oauth_consumer_templates/migration.rb +20 -0
  27. data/lib/generators/active_record/oauth_provider_generator.rb +39 -0
  28. data/lib/generators/active_record/oauth_provider_templates/access_token.rb +16 -0
  29. data/lib/generators/active_record/oauth_provider_templates/client_application.rb +57 -0
  30. data/lib/generators/active_record/oauth_provider_templates/migration.rb +47 -0
  31. data/lib/generators/active_record/oauth_provider_templates/oauth2_token.rb +5 -0
  32. data/lib/generators/active_record/oauth_provider_templates/oauth2_verifier.rb +28 -0
  33. data/lib/generators/active_record/oauth_provider_templates/oauth_nonce.rb +13 -0
  34. data/lib/generators/active_record/oauth_provider_templates/oauth_token.rb +30 -0
  35. data/lib/generators/active_record/oauth_provider_templates/request_token.rb +40 -0
  36. data/lib/generators/erb/oauth_consumer_generator.rb +14 -0
  37. data/lib/generators/erb/oauth_consumer_templates/index.html.erb +29 -0
  38. data/lib/generators/erb/oauth_consumer_templates/show.html.erb +7 -0
  39. data/lib/generators/erb/oauth_provider_generator.rb +21 -0
  40. data/lib/generators/erb/oauth_provider_templates/_form.html.erb +17 -0
  41. data/lib/generators/erb/oauth_provider_templates/authorize.html.erb +14 -0
  42. data/lib/generators/erb/oauth_provider_templates/authorize_failure.html.erb +1 -0
  43. data/lib/generators/erb/oauth_provider_templates/authorize_success.html.erb +1 -0
  44. data/lib/generators/erb/oauth_provider_templates/edit.html.erb +7 -0
  45. data/lib/generators/erb/oauth_provider_templates/index.html.erb +43 -0
  46. data/lib/generators/erb/oauth_provider_templates/new.html.erb +5 -0
  47. data/lib/generators/erb/oauth_provider_templates/oauth2_authorize.html.erb +16 -0
  48. data/lib/generators/erb/oauth_provider_templates/show.html.erb +27 -0
  49. data/lib/generators/haml/oauth_consumer_generator.rb +21 -0
  50. data/lib/generators/haml/oauth_consumer_templates/index.html.haml +18 -0
  51. data/lib/generators/haml/oauth_consumer_templates/show.html.haml +8 -0
  52. data/lib/generators/haml/oauth_provider_generator.rb +28 -0
  53. data/lib/generators/haml/oauth_provider_templates/_form.html.haml +21 -0
  54. data/lib/generators/haml/oauth_provider_templates/authorize.html.haml +16 -0
  55. data/lib/generators/haml/oauth_provider_templates/authorize_failure.html.haml +1 -0
  56. data/lib/generators/haml/oauth_provider_templates/authorize_success.html.haml +1 -0
  57. data/lib/generators/haml/oauth_provider_templates/edit.html.haml +4 -0
  58. data/lib/generators/haml/oauth_provider_templates/index.html.haml +39 -0
  59. data/lib/generators/haml/oauth_provider_templates/new.html.haml +5 -0
  60. data/lib/generators/haml/oauth_provider_templates/oauth2_authorize.html.haml +17 -0
  61. data/lib/generators/haml/oauth_provider_templates/show.html.haml +30 -0
  62. data/lib/generators/mongoid/oauth_consumer_generator.rb +15 -0
  63. data/lib/generators/mongoid/oauth_consumer_templates/consumer_token.rb +14 -0
  64. data/lib/generators/mongoid/oauth_provider_generator.rb +21 -0
  65. data/lib/generators/mongoid/oauth_provider_templates/access_token.rb +16 -0
  66. data/lib/generators/mongoid/oauth_provider_templates/client_application.rb +71 -0
  67. data/lib/generators/mongoid/oauth_provider_templates/oauth2_token.rb +5 -0
  68. data/lib/generators/mongoid/oauth_provider_templates/oauth2_verifier.rb +25 -0
  69. data/lib/generators/mongoid/oauth_provider_templates/oauth_nonce.rb +24 -0
  70. data/lib/generators/mongoid/oauth_provider_templates/oauth_token.rb +44 -0
  71. data/lib/generators/mongoid/oauth_provider_templates/request_token.rb +36 -0
  72. data/lib/generators/oauth_consumer/USAGE +8 -0
  73. data/lib/generators/oauth_consumer/oauth_consumer_generator.rb +27 -0
  74. data/lib/generators/oauth_consumer/templates/controller.rb +19 -0
  75. data/lib/generators/oauth_consumer/templates/oauth_config.rb +46 -0
  76. data/lib/generators/oauth_inflections.rb +6 -0
  77. data/lib/generators/oauth_plugin.rb +0 -0
  78. data/lib/generators/oauth_provider/USAGE +18 -0
  79. data/lib/generators/oauth_provider/oauth_provider_generator.rb +47 -0
  80. data/lib/generators/oauth_provider/templates/clients_controller.rb +52 -0
  81. data/lib/generators/oauth_provider/templates/controller.rb +23 -0
  82. data/lib/generators/rspec/oauth_provider_generator.rb +39 -0
  83. data/lib/generators/rspec/templates/client_application_spec.rb +29 -0
  84. data/lib/generators/rspec/templates/client_applications.yml +23 -0
  85. data/lib/generators/rspec/templates/clients_controller_spec.rb +176 -0
  86. data/lib/generators/rspec/templates/controller_spec.rb +838 -0
  87. data/lib/generators/rspec/templates/controller_spec_helper.rb +66 -0
  88. data/lib/generators/rspec/templates/oauth2_token_spec.rb +29 -0
  89. data/lib/generators/rspec/templates/oauth2_verifier_spec.rb +54 -0
  90. data/lib/generators/rspec/templates/oauth_nonce_spec.rb +24 -0
  91. data/lib/generators/rspec/templates/oauth_nonces.yml +13 -0
  92. data/lib/generators/rspec/templates/oauth_token_spec.rb +309 -0
  93. data/lib/generators/rspec/templates/oauth_tokens.yml +17 -0
  94. data/lib/generators/test_unit/oauth_provider_generator.rb +37 -0
  95. data/lib/generators/test_unit/templates/client_application_test.rb +42 -0
  96. data/lib/generators/test_unit/templates/client_applications.yml +23 -0
  97. data/lib/generators/test_unit/templates/clients_controller_test.rb +280 -0
  98. data/lib/generators/test_unit/templates/controller_test.rb +310 -0
  99. data/lib/generators/test_unit/templates/controller_test_helper.rb +115 -0
  100. data/lib/generators/test_unit/templates/oauth_nonce_test.rb +26 -0
  101. data/lib/generators/test_unit/templates/oauth_nonces.yml +13 -0
  102. data/lib/generators/test_unit/templates/oauth_token_test.rb +57 -0
  103. data/lib/generators/test_unit/templates/oauth_tokens.yml +17 -0
  104. data/lib/oauth/controllers/application_controller_methods.rb +169 -66
  105. data/lib/oauth/controllers/provider_controller.rb +154 -38
  106. data/lib/oauth/models/consumers/service_loader.rb +2 -0
  107. data/lib/oauth/models/consumers/token.rb +0 -1
  108. data/oauth-plugin.gemspec +97 -10
  109. data/rails/init.rb +6 -2
  110. metadata +119 -12
@@ -0,0 +1,838 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+ require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
3
+ require 'json'
4
+ describe OauthController do
5
+ if defined?(Devise)
6
+ include Devise::TestHelpers
7
+ end
8
+ include OAuthControllerSpecHelper
9
+ fixtures :client_applications, :oauth_tokens, :users
10
+ describe "getting a request token" do
11
+ before(:each) do
12
+ sign_request_with_oauth
13
+ ClientApplication.stub!(:find_by_key).and_return(current_client_application)
14
+ end
15
+
16
+ def do_get
17
+ get :request_token
18
+ end
19
+
20
+ it "should be successful" do
21
+ do_get
22
+ response.should be_success
23
+ end
24
+
25
+ it "should query for client_application" do
26
+ ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
27
+ do_get
28
+ end
29
+
30
+ it "should request token from client_application" do
31
+ current_client_application.should_receive(:create_request_token).and_return(request_token)
32
+ do_get
33
+ end
34
+
35
+ it "should return token string" do
36
+ do_get
37
+ response.body.should==RequestToken.last.to_query
38
+ end
39
+
40
+ it "should not set token_callback_url" do
41
+ current_client_application.should_not_receive(:token_callback_url=)
42
+ do_get
43
+ end
44
+ end
45
+
46
+ describe "getting a request token passing a oauth_callback url" do
47
+ before(:each) do
48
+ sign_request_with_oauth nil, {:oauth_callback=>"http://test.com/alternative_callback"}
49
+ ClientApplication.stub!(:find_by_key).and_return(current_client_application)
50
+ end
51
+
52
+ def do_get
53
+ get :request_token
54
+ end
55
+
56
+ it "should be successful" do
57
+ do_get
58
+ response.should be_success
59
+ end
60
+
61
+ it "should query for client_application" do
62
+ ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
63
+ do_get
64
+ end
65
+
66
+ it "should request token from client_application" do
67
+ current_client_application.should_receive(:create_request_token).and_return(request_token)
68
+ do_get
69
+ end
70
+
71
+ it "should return token string" do
72
+ do_get
73
+ response.body.should==RequestToken.last.to_query
74
+ end
75
+
76
+ it "should set token_callback_url with received oauth_callback" do
77
+ current_client_application.should_receive(:token_callback_url=).with("http://test.com/alternative_callback")
78
+ do_get
79
+ end
80
+ end
81
+
82
+ describe "10a token authorization" do
83
+ before(:each) do
84
+ login
85
+ RequestToken.stub!(:find_by_token).and_return(request_token)
86
+ end
87
+
88
+ def do_get
89
+ get :authorize, :oauth_token => request_token.token
90
+ end
91
+
92
+ it "should show authorize page" do
93
+ do_get
94
+ response.should render_template("authorize")
95
+ end
96
+
97
+ it "should authorize token" do
98
+ request_token.should_not_receive(:authorize!).with(current_user)
99
+ do_get
100
+ end
101
+
102
+ it "should redirect if token is invalidated" do
103
+ request_token.invalidate!
104
+ do_get
105
+ response.should render_template("authorize_failure")
106
+ end
107
+
108
+ end
109
+
110
+ describe "10a token authorization" do
111
+ before(:each) do
112
+ login
113
+ RequestToken.stub!(:find_by_token).and_return(request_token)
114
+ end
115
+
116
+ def do_post
117
+ post :authorize, :oauth_token => request_token.token, :authorize=>"1"
118
+ end
119
+
120
+ it "should redirect to default callback" do
121
+ do_post
122
+ response.should be_redirect
123
+ response.should redirect_to("http://application/callback?oauth_token=#{request_token.token}&oauth_verifier=#{request_token.verifier}")
124
+ end
125
+
126
+ it "should authorize token" do
127
+ request_token.should_receive(:authorize!).with(current_user)
128
+ do_post
129
+ end
130
+
131
+ it "should redirect if token is invalidated" do
132
+ request_token.invalidate!
133
+ do_post
134
+ response.should render_template("authorize_failure")
135
+ end
136
+
137
+ end
138
+
139
+ describe "2.0 authorization code flow" do
140
+ before(:each) do
141
+ login
142
+ end
143
+
144
+ describe "authorize redirect" do
145
+ before(:each) do
146
+ get :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
147
+ end
148
+
149
+ it "should render authorize" do
150
+ response.should render_template("oauth2_authorize")
151
+ end
152
+
153
+ it "should not create token" do
154
+ Oauth2Verifier.last.should be_nil
155
+ end
156
+ end
157
+
158
+ describe "authorize" do
159
+ before(:each) do
160
+ post :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"1"
161
+ @verification_token = Oauth2Verifier.last
162
+ @oauth2_token_count= Oauth2Token.count
163
+ end
164
+ subject { @verification_token }
165
+
166
+ it { should_not be_nil }
167
+ it "should set user on verification token" do
168
+ @verification_token.user.should==current_user
169
+ end
170
+
171
+ it "should set redirect_url" do
172
+ @verification_token.redirect_url.should == "http://application/callback"
173
+ end
174
+
175
+ it "should redirect to default callback" do
176
+ response.should be_redirect
177
+ response.should redirect_to("http://application/callback?code=#{@verification_token.code}")
178
+ end
179
+
180
+ describe "get token" do
181
+ before(:each) do
182
+ post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>@verification_token.code
183
+ @token = Oauth2Token.last
184
+ end
185
+
186
+ subject { @token }
187
+
188
+ it { should_not be_nil }
189
+ it { should be_authorized }
190
+ it "should have added a new token" do
191
+ Oauth2Token.count.should==@oauth2_token_count+1
192
+ end
193
+
194
+ it "should set user to current user" do
195
+ @token.user.should==current_user
196
+ end
197
+
198
+ it "should return json token" do
199
+ JSON.parse(response.body).should=={"access_token"=>@token.token}
200
+ end
201
+ end
202
+
203
+ describe "get token with wrong secret" do
204
+ before(:each) do
205
+ post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>"fake", :redirect_url=>"http://application/callback",:code=>@verification_token.code
206
+ end
207
+
208
+ it "should not create token" do
209
+ Oauth2Token.count.should==@oauth2_token_count
210
+ end
211
+
212
+ it "should return incorrect_client_credentials error" do
213
+ JSON.parse(response.body).should == {"error"=>"invalid_client"}
214
+ end
215
+ end
216
+
217
+ describe "get token with wrong code" do
218
+ before(:each) do
219
+ post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>"fake"
220
+ end
221
+
222
+ it "should not create token" do
223
+ Oauth2Token.count.should==@oauth2_token_count
224
+ end
225
+
226
+ it "should return incorrect_client_credentials error" do
227
+ JSON.parse(response.body).should == {"error"=>"invalid_grant"}
228
+ end
229
+ end
230
+
231
+ describe "get token with wrong redirect_url" do
232
+ before(:each) do
233
+ post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://evil/callback",:code=>@verification_token.code
234
+ end
235
+
236
+ it "should not create token" do
237
+ Oauth2Token.count.should==@oauth2_token_count
238
+ end
239
+
240
+ it "should return incorrect_client_credentials error" do
241
+ JSON.parse(response.body).should == {"error"=>"invalid_grant"}
242
+ end
243
+ end
244
+
245
+ end
246
+
247
+ describe "deny" do
248
+ before(:each) do
249
+ post :authorize, :response_type=>"code", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"0"
250
+ end
251
+
252
+ it { Oauth2Verifier.last.should be_nil }
253
+
254
+ it "should redirect to default callback" do
255
+ response.should be_redirect
256
+ response.should redirect_to("http://application/callback?error=user_denied")
257
+ end
258
+ end
259
+
260
+ end
261
+
262
+
263
+ describe "2.0 authorization token flow" do
264
+ before(:each) do
265
+ login
266
+ current_client_application # load up so it creates its own token
267
+ @oauth2_token_count= Oauth2Token.count
268
+ end
269
+
270
+ describe "authorize redirect" do
271
+ before(:each) do
272
+ get :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
273
+ end
274
+
275
+ it "should render authorize" do
276
+ response.should render_template("oauth2_authorize")
277
+ end
278
+
279
+ it "should not create token" do
280
+ Oauth2Verifier.last.should be_nil
281
+ end
282
+ end
283
+
284
+ describe "authorize" do
285
+ before(:each) do
286
+ post :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"1"
287
+ @token = Oauth2Token.last
288
+ end
289
+ subject { @token }
290
+ it "should redirect to default callback" do
291
+ response.should be_redirect
292
+ response.should redirect_to("http://application/callback?access_token=#{@token.token}")
293
+ end
294
+
295
+ it "should not have a scope" do
296
+ @token.scope.should be_nil
297
+ end
298
+ it { should_not be_nil }
299
+ it { should be_authorized }
300
+
301
+ it "should set user to current user" do
302
+ @token.user.should==current_user
303
+ end
304
+
305
+ it "should have added a new token" do
306
+ Oauth2Token.count.should==@oauth2_token_count+1
307
+ end
308
+ end
309
+
310
+ describe "deny" do
311
+ before(:each) do
312
+ post :authorize, :response_type=>"token", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"0"
313
+ end
314
+
315
+ it { Oauth2Verifier.last.should be_nil }
316
+
317
+ it "should redirect to default callback" do
318
+ response.should be_redirect
319
+ response.should redirect_to("http://application/callback?error=user_denied")
320
+ end
321
+ end
322
+ end
323
+
324
+ describe "oauth2 token for autonomous client_application" do
325
+ before(:each) do
326
+ current_client_application
327
+ @oauth2_token_count = Oauth2Token.count
328
+ post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret
329
+ @token = Oauth2Token.last
330
+ end
331
+
332
+ subject { @token }
333
+
334
+ it { should_not be_nil }
335
+ it { should be_authorized }
336
+ it "should set user to client_applications user" do
337
+ @token.user.should==current_client_application.user
338
+ end
339
+ it "should have added a new token" do
340
+ Oauth2Token.count.should==@oauth2_token_count+1
341
+ end
342
+
343
+ it "should return json token" do
344
+ JSON.parse(response.body).should=={"access_token"=>@token.token}
345
+ end
346
+ end
347
+
348
+ describe "oauth2 token for autonomous client_application with invalid client credentials" do
349
+ before(:each) do
350
+ current_client_application
351
+ @oauth2_token_count = Oauth2Token.count
352
+ post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>"bad"
353
+ end
354
+
355
+ subject { @token }
356
+
357
+ it "should not have added a new token" do
358
+ Oauth2Token.count.should==@oauth2_token_count
359
+ end
360
+
361
+ it "should return json token" do
362
+ JSON.parse(response.body).should=={"error"=>"invalid_client"}
363
+ end
364
+ end
365
+
366
+
367
+ describe "oauth2 token for basic credentials" do
368
+ before(:each) do
369
+ current_client_application
370
+ @oauth2_token_count = Oauth2Token.count
371
+ post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"password"
372
+ @token = Oauth2Token.last
373
+ end
374
+
375
+ subject { @token }
376
+
377
+ it { should_not be_nil }
378
+ it { should be_authorized }
379
+ it "should set user to client_applications user" do
380
+ @token.user.should==current_user
381
+ end
382
+ it "should have added a new token" do
383
+ Oauth2Token.count.should==@oauth2_token_count+1
384
+ end
385
+
386
+ it "should return json token" do
387
+ JSON.parse(response.body).should=={"access_token"=>@token.token}
388
+ end
389
+ end
390
+
391
+ describe "oauth2 token for basic credentials with wrong password" do
392
+ before(:each) do
393
+ current_client_application
394
+ @oauth2_token_count = Oauth2Token.count
395
+ post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"bad"
396
+ end
397
+
398
+ it "should not have added a new token" do
399
+ Oauth2Token.count.should==@oauth2_token_count
400
+ end
401
+
402
+ it "should return json token" do
403
+ JSON.parse(response.body).should=={"error"=>"invalid_grant"}
404
+ end
405
+ end
406
+
407
+ describe "oauth2 token for basic credentials with unknown user" do
408
+ before(:each) do
409
+ current_client_application
410
+ @oauth2_token_count = Oauth2Token.count
411
+ post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>"non existent", :password=>"password"
412
+ end
413
+
414
+ it "should not have added a new token" do
415
+ Oauth2Token.count.should==@oauth2_token_count
416
+ end
417
+
418
+ it "should return json token" do
419
+ JSON.parse(response.body).should=={"error"=>"invalid_grant"}
420
+ end
421
+ end
422
+
423
+ describe "getting an access token" do
424
+ before(:each) do
425
+ request_token.authorize!(current_user)
426
+ request_token.reload
427
+ sign_request_with_oauth consumer_request_token, :oauth_verifier=>request_token.verifier
428
+ end
429
+
430
+ def do_get
431
+ post :access_token
432
+ end
433
+
434
+ it "should have a verifier" do
435
+ request_token.verifier.should_not be_nil
436
+ end
437
+
438
+ it "should be authorized" do
439
+ request_token.should be_authorized
440
+ end
441
+
442
+ it "should be successful" do
443
+ do_get
444
+ response.should be_success
445
+ end
446
+
447
+ it "should request token from client_application" do
448
+ controller.stub!(:current_token).and_return(request_token)
449
+ request_token.should_receive(:exchange!).and_return(access_token)
450
+ do_get
451
+ end
452
+
453
+ it "should return token string" do
454
+ do_get
455
+ response.body.should == AccessToken.last.to_query
456
+ end
457
+
458
+ describe "access token" do
459
+ before(:each) do
460
+ do_get
461
+ access_token=AccessToken.last
462
+ end
463
+
464
+ it "should have user set" do
465
+ access_token.user.should==current_user
466
+ end
467
+
468
+ it "should be authorized" do
469
+ access_token.should be_authorized
470
+ end
471
+ end
472
+ end
473
+
474
+ describe "invalidate" do
475
+ before(:each) do
476
+ sign_request_with_oauth access_token
477
+ get :invalidate
478
+ end
479
+
480
+ it "should be a success" do
481
+ response.code.should=="410"
482
+ end
483
+ end
484
+
485
+ end
486
+
487
+ class OauthorizedController<ApplicationController
488
+ before_filter :login_required, :only => :interactive
489
+ oauthenticate :only => :all
490
+ oauthenticate :strategies=>:token, :only=>:interactive_and_token
491
+ oauthenticate :strategies=>:two_legged, :only=>:interactive_and_two_legged
492
+ oauthenticate :interactive=>false, :only=>:no_interactive
493
+ oauthenticate :interactive=>false, :strategies=>:token, :only=>:token
494
+ oauthenticate :interactive=>false, :strategies=>:two_legged, :only=>:two_legged
495
+ before_filter :oauth_required, :only=>:token_legacy
496
+ before_filter :login_or_oauth_required, :only=>:both_legacy
497
+
498
+ def interactive
499
+ head :ok
500
+ end
501
+
502
+ def all
503
+ head :ok
504
+ end
505
+
506
+ def token
507
+ head :ok
508
+ end
509
+
510
+ def interactive_and_token
511
+ head :ok
512
+ end
513
+
514
+ def interactive_and_two_legged
515
+ head :ok
516
+ end
517
+
518
+ def two_legged
519
+ head :ok
520
+ end
521
+
522
+ def token_legacy
523
+ head :ok
524
+ end
525
+
526
+ def both_legacy
527
+ head :ok
528
+ end
529
+ end
530
+
531
+ describe OauthorizedController, " access control" do
532
+ fixtures :client_applications, :oauth_tokens, :users
533
+ if defined?(Devise)
534
+ include Devise::TestHelpers
535
+ end
536
+ include OAuthControllerSpecHelper
537
+
538
+ it "should return false for oauth? by default" do
539
+ controller.send(:oauth?).should == false
540
+ end
541
+
542
+ it "should return nil for current_token by default" do
543
+ controller.send(:current_token).should be_nil
544
+ end
545
+
546
+ describe "oauth 10a" do
547
+
548
+ describe "request token signed" do
549
+ before(:each) do
550
+ sign_request_with_oauth(request_token)
551
+ end
552
+
553
+ it "should disallow oauth using RequestToken when using oauth_required" do
554
+ get :token
555
+ response.code.should == '401'
556
+ end
557
+ end
558
+
559
+ describe "access token signed" do
560
+ before(:each) do
561
+ sign_request_with_oauth(access_token)
562
+ end
563
+
564
+ [:interactive,:two_legged,:interactive_and_two_legged].each do |action|
565
+ describe "accessing #{action.to_s.humanize}" do
566
+ before(:each) do
567
+ get action
568
+ end
569
+
570
+ it "should not be a success" do
571
+ response.should_not be_success
572
+ end
573
+
574
+ it "should not set current_token" do
575
+ controller.send(:current_token).should be_nil
576
+ end
577
+
578
+ it "should not set current_client_application" do
579
+ controller.send(:current_client_application).should be_nil
580
+ end
581
+
582
+ it "should not set current_user" do
583
+ controller.send(:current_user).should be_nil
584
+ end
585
+ end
586
+ end
587
+
588
+ [:token,:interactive_and_token,:all,:token_legacy,:both_legacy].each do |action|
589
+ describe "accessing #{action.to_s.humanize}" do
590
+ before(:each) do
591
+ get action
592
+ end
593
+
594
+ it "should not be a success" do
595
+ response.should be_success
596
+ end
597
+
598
+ it "should set current_token" do
599
+ controller.send(:current_token).should == access_token
600
+ end
601
+
602
+ it "should set current_client_application" do
603
+ controller.send(:current_client_application).should == current_client_application
604
+ end
605
+
606
+ it "should set current_user" do
607
+ controller.send(:current_user).should == current_user
608
+ end
609
+ end
610
+ end
611
+ end
612
+
613
+ describe "2 legged" do
614
+ before(:each) do
615
+ two_legged_sign_request_with_oauth(current_consumer)
616
+ end
617
+
618
+ [:token,:interactive_and_token,:interactive,:token_legacy,:both_legacy].each do |action|
619
+ describe "accessing #{action.to_s.humanize}" do
620
+ before(:each) do
621
+ get action
622
+ end
623
+
624
+ it "should not be a success" do
625
+ response.should_not be_success
626
+ end
627
+
628
+ it "should not set current_token" do
629
+ controller.send(:current_token).should be_nil
630
+ end
631
+
632
+ it "should not set current_client_application" do
633
+ controller.send(:current_client_application).should be_nil
634
+ end
635
+
636
+ it "should not set current_user" do
637
+ controller.send(:current_user).should be_nil
638
+ end
639
+ end
640
+ end
641
+
642
+ [:two_legged,:interactive_and_two_legged,:all].each do |action|
643
+ describe "accessing #{action.to_s.humanize}" do
644
+ before(:each) do
645
+ get action
646
+ end
647
+
648
+ it "should not be a success" do
649
+ response.should be_success
650
+ end
651
+
652
+ it "should not set current_token" do
653
+ controller.send(:current_token).should be_nil
654
+ end
655
+
656
+ it "should set current_client_application" do
657
+ controller.send(:current_client_application).should == current_client_application
658
+ end
659
+
660
+ it "should set current_user" do
661
+ controller.send(:current_user).should == current_client_application.user
662
+ end
663
+ end
664
+ end
665
+ end
666
+
667
+ end
668
+
669
+ describe "oauth 2.0" do
670
+ before(:each) do
671
+ @access_token = Oauth2Token.create :user=>current_user, :client_application=>current_client_application
672
+ @client_application = @access_token.client_application
673
+ end
674
+ describe "authorize header" do
675
+ before(:each) do
676
+ add_oauth2_token_header(access_token)
677
+ end
678
+
679
+ it "should include headers" do
680
+ get :interactive_and_token
681
+ request.authorization.should == "OAuth #{access_token.token}"
682
+ end
683
+
684
+ [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
685
+ describe "accessing #{action.to_s.humanize}" do
686
+ before(:each) do
687
+ get action
688
+ end
689
+
690
+ it "should not be a success" do
691
+ response.should_not be_success
692
+ end
693
+
694
+ it "should not set current_token" do
695
+ controller.send(:current_token).should be_nil
696
+ end
697
+
698
+ it "should not set current_client_application" do
699
+ controller.send(:current_client_application).should be_nil
700
+ end
701
+
702
+ it "should not set current_user" do
703
+ controller.send(:current_user).should be_nil
704
+ end
705
+ end
706
+ end
707
+
708
+ [:token,:interactive_and_token,:all].each do |action|
709
+ describe "accessing #{action.to_s.humanize}" do
710
+ before(:each) do
711
+ get action
712
+ end
713
+
714
+ it "should not be a success" do
715
+ response.should be_success
716
+ end
717
+
718
+ it "should set current_token" do
719
+ controller.send(:current_token).should == access_token
720
+ end
721
+
722
+ it "should set current_client_application" do
723
+ controller.send(:current_client_application).should == current_client_application
724
+ end
725
+
726
+ it "should set current_user" do
727
+ controller.send(:current_user).should == current_user
728
+ end
729
+ end
730
+ end
731
+ end
732
+
733
+ describe "query string" do
734
+ [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
735
+ describe "accessing #{action.to_s.humanize}" do
736
+ before(:each) do
737
+ get action, :oauth_token=>access_token.token
738
+ end
739
+
740
+ it "should not be a success" do
741
+ response.should_not be_success
742
+ end
743
+
744
+ it "should not set current_token" do
745
+ controller.send(:current_token).should be_nil
746
+ end
747
+
748
+ it "should not set current_client_application" do
749
+ controller.send(:current_client_application).should be_nil
750
+ end
751
+
752
+ it "should not set current_user" do
753
+ controller.send(:current_user).should be_nil
754
+ end
755
+ end
756
+ end
757
+
758
+ [:token,:interactive_and_token,:all].each do |action|
759
+ describe "accessing #{action.to_s.humanize}" do
760
+ before(:each) do
761
+ get action, :oauth_token=>access_token.token
762
+ end
763
+
764
+ it "should not be a success" do
765
+ response.should be_success
766
+ end
767
+
768
+ it "should set current_token" do
769
+ controller.send(:current_token).should == access_token
770
+ end
771
+
772
+ it "should set current_client_application" do
773
+ controller.send(:current_client_application).should == current_client_application
774
+ end
775
+
776
+ it "should set current_user" do
777
+ controller.send(:current_user).should == current_user
778
+ end
779
+ end
780
+ end
781
+
782
+ end
783
+
784
+ end
785
+
786
+ describe "logged in user" do
787
+ before(:each) do
788
+ login
789
+ end
790
+
791
+
792
+ [:token,:two_legged,:token_legacy].each do |action|
793
+ describe "accessing #{action.to_s.humanize}" do
794
+ before(:each) do
795
+ get action, :oauth_token=>access_token.token
796
+ end
797
+
798
+ it "should not be a success" do
799
+ response.should_not be_success
800
+ end
801
+
802
+ it "should not set current_token" do
803
+ controller.send(:current_token).should be_nil
804
+ end
805
+
806
+ it "should not set current_client_application" do
807
+ controller.send(:current_client_application).should be_nil
808
+ end
809
+
810
+ end
811
+ end
812
+
813
+ [:interactive,:interactive_and_two_legged,:interactive_and_token,:all,:both_legacy].each do |action|
814
+ describe "accessing #{action.to_s.humanize}" do
815
+ before(:each) do
816
+ get action, :oauth_token=>access_token.token
817
+ end
818
+
819
+ it "should not be a success" do
820
+ response.should be_success
821
+ end
822
+
823
+ it "should not set current_token" do
824
+ controller.send(:current_token).should be_nil
825
+ end
826
+
827
+ it "should not set current_client_application" do
828
+ controller.send(:current_client_application).should be_nil
829
+ end
830
+
831
+ it "should set current_user" do
832
+ controller.send(:current_user).should == current_user
833
+ end
834
+ end
835
+ end
836
+ end
837
+ end
838
+