oauth-plugin 0.3.5

data/generators/oauth_provider/templates/clients_controller_test.rb

@@ -0,0 +1,280 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
+require 'oauth/client/action_controller_request'
+
+class OauthClientsController; def rescue_action(e) raise e end; end
+
+class OauthClientsControllerIndexTest < ActionController::TestCase
+  include OAuthControllerTestHelper
+  tests OauthClientsController
+  
+  def setup    
+    @controller = OauthClientsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new    
+    
+    login_as_application_owner
+  end
+  
+  def do_get
+    get :index
+  end
+  
+  def test_should_be_successful
+    do_get
+    assert @response.success?
+  end
+  
+  def test_should_query_current_users_client_applications
+    @user.expects(:client_applications).returns(@client_applications)
+    do_get
+  end
+  
+  def test_should_assign_client_applications
+    do_get
+    assert_equal @client_applications, assigns(:client_applications)
+  end
+  
+  def test_should_render_index_template
+    do_get
+    assert_template 'index'
+  end
+end
+
+class OauthClientsControllerShowTest < ActionController::TestCase
+  include OAuthControllerTestHelper
+  tests OauthClientsController
+  
+  def setup
+    @controller = OauthClientsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new    
+    
+    login_as_application_owner
+  end
+  
+  def do_get
+    get :show, :id=>'3'
+  end
+  
+  def test_should_be_successful
+    do_get
+    assert @response.success?
+  end
+  
+  def test_should_query_current_users_client_applications
+    @user.expects(:client_applications).returns(@client_applications)
+    @client_applications.expects(:find).with('3').returns(@client_application)
+    do_get
+  end
+  
+  def test_should_assign_client_applications
+    do_get
+    assert_equal @client_application, assigns(:client_application)
+  end
+  
+  def test_should_render_show_template
+    do_get
+    assert_template 'show'
+  end
+  
+end
+
+class OauthClientsControllerNewTest < ActionController::TestCase
+  include OAuthControllerTestHelper
+  tests OauthClientsController
+
+  def setup
+    @controller = OauthClientsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new    
+    
+    login_as_application_owner
+    ClientApplication.stubs(:new).returns(@client_application)
+  end
+  
+  def do_get
+    get :new
+  end
+  
+  def test_should_be_successful
+    do_get
+    assert @response.success?
+  end
+  
+  def test_should_assign_client_applications
+    do_get
+    assert_equal @client_application, assigns(:client_application)
+  end
+  
+  def test_should_render_show_template
+    do_get
+    assert_template 'new'
+  end
+  
+end
+ 
+class OauthClientsControllerEditTest < ActionController::TestCase
+  include OAuthControllerTestHelper
+  tests OauthClientsController
+  
+  def setup
+    @controller = OauthClientsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new    
+
+    login_as_application_owner
+  end
+  
+  def do_get
+    get :edit, :id=>'3'
+  end
+  
+  def test_should_be_successful
+    do_get
+    assert @response.success?
+  end
+  
+  def test_should_query_current_users_client_applications
+    @user.expects(:client_applications).returns(@client_applications)
+    @client_applications.expects(:find).with('3').returns(@client_application)
+    do_get
+  end
+  
+  def test_should_assign_client_applications
+    do_get
+    assert_equal @client_application, assigns(:client_application)
+  end
+  
+  def test_should_render_edit_template
+    do_get
+    assert_template 'edit'
+  end
+  
+end
+
+class OauthClientsControllerCreateTest < ActionController::TestCase
+  include OAuthControllerTestHelper
+  tests OauthClientsController
+  
+  def setup
+    @controller = OauthClientsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new    
+    
+    login_as_application_owner
+    @client_applications.stubs(:build).returns(@client_application)
+    @client_application.stubs(:save).returns(true)
+  end
+  
+  def do_valid_post
+    @client_application.expects(:save).returns(true)
+    post :create,'client_application'=>{'name'=>'my site'}
+  end
+
+  def do_invalid_post
+    @client_application.expects(:save).returns(false)
+    post :create,:client_application=>{:name=>'my site'}
+  end
+  
+  def test_should_query_current_users_client_applications
+    @client_applications.expects(:build).returns(@client_application)
+    do_valid_post
+  end
+  
+  def test_should_redirect_to_new_client_application
+    do_valid_post
+    assert_response :redirect
+    assert_redirected_to(:action => "show", :id => @client_application.id)
+  end
+  
+  def test_should_assign_client_applications
+    do_invalid_post
+    assert_equal @client_application, assigns(:client_application)
+  end
+  
+  def test_should_render_show_template
+    do_invalid_post
+    assert_template('new')
+  end
+end
+ 
+class OauthClientsControllerDestroyTest < ActionController::TestCase
+  include OAuthControllerTestHelper
+  tests OauthClientsController
+  
+  def setup
+    @controller = OauthClientsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    
+    login_as_application_owner
+    @client_application.stubs(:destroy)
+  end
+  
+  def do_delete
+    delete :destroy,:id=>'3'
+  end
+    
+  def test_should_query_current_users_client_applications
+    @user.expects(:client_applications).returns(@client_applications)
+    @client_applications.expects(:find).with('3').returns(@client_application)
+    do_delete
+  end
+
+  def test_should_destroy_client_applications
+    @client_application.expects(:destroy)
+    do_delete
+  end
+    
+  def test_should_redirect_to_list
+    do_delete
+    assert_response :redirect
+    assert_redirected_to :action => 'index'
+  end
+  
+end
+
+class OauthClientsControllerUpdateTest < ActionController::TestCase
+  include OAuthControllerTestHelper
+  tests OauthClientsController
+
+  def setup
+    @controller = OauthClientsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    login_as_application_owner
+  end
+  
+  def do_valid_update
+    @client_application.expects(:update_attributes).returns(true)
+    put :update, :id => '1', 'client_application' => {'name'=>'my site'}
+  end
+
+  def do_invalid_update
+    @client_application.expects(:update_attributes).returns(false)
+    put :update, :id=>'1', 'client_application' => {'name'=>'my site'}
+  end
+  
+  def test_should_query_current_users_client_applications
+    @user.expects(:client_applications).returns(@client_applications)
+    @client_applications.expects(:find).with('1').returns(@client_application)
+    do_valid_update
+  end
+  
+  def test_should_redirect_to_new_client_application
+    do_valid_update
+    assert_response :redirect
+    assert_redirected_to :action => "show", :id => @client_application.id
+  end
+  
+  def test_should_assign_client_applications
+    do_invalid_update
+    assert_equal @client_application, assigns(:client_application)
+  end
+  
+  def test_should_render_show_template
+    do_invalid_update
+    assert_template('edit')
+  end
+end

data/generators/oauth_provider/templates/controller.rb

@@ -0,0 +1,5 @@
+require 'oauth/controllers/provider_controller'
+class OauthController < ApplicationController
+  include OAuth::Controllers::ProviderController
+  
+end

data/generators/oauth_provider/templates/controller_spec.rb

@@ -0,0 +1,367 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
+require 'oauth/client/action_controller_request'
+
+describe OauthController, "getting a request token" do
+  include OAuthControllerSpecHelper
+  before(:each) do
+    setup_oauth
+    sign_request_with_oauth
+    @client_application.stub!(:create_request_token).and_return(@request_token)
+    @client_application.stub!(:token_callback_url=)
+  end
+  
+  def do_get
+    get :request_token
+  end
+  
+  it "should be successful" do
+    do_get
+    response.should be_success
+  end
+  
+  it "should query for client_application" do
+    ClientApplication.should_receive(:find_by_key).with('key').and_return(@client_application)
+    do_get
+  end
+  
+  it "should request token from client_application" do
+    @client_application.should_receive(:create_request_token).and_return(@request_token)
+    do_get
+  end
+  
+  it "should return token string" do
+    do_get
+    response.body.should==@request_token_string
+  end
+  
+  it "should not set token_callback_url" do
+    @client_application.should_not_receive(:token_callback_url=).with(nil)
+    do_get
+  end
+end
+
+describe OauthController, "getting a request token passing a oauth_callback url" do
+  include OAuthControllerSpecHelper
+  before(:each) do
+    setup_oauth
+    sign_request_with_oauth nil, {:oauth_callback=>"http://test.com/alternative_callback"}
+    @client_application.stub!(:create_request_token).and_return(@request_token)
+    @client_application.stub!(:token_callback_url=)
+  end
+  
+  def do_get
+    get :request_token
+  end
+  
+  it "should be successful" do
+    do_get
+    response.should be_success
+  end
+  
+  it "should query for client_application" do
+    ClientApplication.should_receive(:find_by_key).with('key').and_return(@client_application)
+    do_get
+  end
+  
+  it "should request token from client_application" do
+    @client_application.should_receive(:create_request_token).and_return(@request_token)
+    do_get
+  end
+  
+  it "should return token string" do
+    do_get
+    response.body.should==@request_token_string
+  end
+  
+  it "should set token_callback_url with received oauth_callback" do
+    @client_application.should_receive(:token_callback_url=).with("http://test.com/alternative_callback")
+    do_get
+  end
+end
+
+
+describe OauthController, "token authorization" do
+  include OAuthControllerSpecHelper
+  before(:each) do
+    login
+    setup_oauth
+    RequestToken.stub!(:find_by_token).and_return(@request_token)
+    
+  end
+  
+  def do_get
+    get :authorize, :oauth_token => @request_token.token
+  end
+
+  def do_post
+    @request_token.should_receive(:authorize!).with(@user)
+    post :authorize, :oauth_token => @request_token.token, :authorize => "1"
+  end
+
+  def do_post_without_user_authorization
+    @request_token.should_receive(:invalidate!)
+    post :authorize, :oauth_token => @request_token.token, :authorize => "0"
+  end
+
+  def do_post_with_callback
+    @request_token.should_receive(:authorize!).with(@user)
+    post :authorize, :oauth_token => @request_token.token, :oauth_callback => "http://application/alternative", :authorize => "1"
+  end
+
+  def do_post_with_no_application_callback
+    @request_token.should_receive(:authorize!).with(@user)
+    @client_application.stub!(:callback_url).and_return(nil)
+    post :authorize, :oauth_token => @request_token.token, :authorize => "1"
+  end
+  
+  it "should be successful" do
+    do_get
+    response.should be_success
+  end
+  
+  it "should query for client_application" do
+    RequestToken.should_receive(:find_by_token).and_return(@request_token)
+    do_get
+  end
+  
+  it "should assign token" do
+    do_get
+    assigns[:token].should equal(@request_token)
+  end
+  
+  it "should render authorize template" do
+    do_get
+    response.should render_template('authorize')
+  end
+  
+  it "should redirect to default callback" do
+    do_post
+    response.should be_redirect
+    response.should redirect_to("http://application/callback?oauth_token=#{@request_token.token}&oauth_verifier=verifyme")
+  end
+
+  it "should redirect to default callback without verifier if oauth 1.0" do
+    @request_token.stub!(:oauth10?).and_return(true)
+    do_post
+    response.should be_redirect
+    response.should redirect_to("http://application/callback?oauth_token=#{@request_token.token}")
+  end
+
+  it "should redirect to callback in query if oauth 1.0" do
+    @request_token.stub!(:oauth10?).and_return(true)
+    do_post_with_callback
+    response.should be_redirect
+    response.should redirect_to("http://application/alternative?oauth_token=#{@request_token.token}")
+  end
+
+  it "should redirect to request_token callback" do
+    @request_token.stub!(:oob?).and_return(false)
+    @request_token.stub!(:callback_url).and_return("http://alternative/callback")
+    do_post
+    response.should be_redirect
+    response.should redirect_to("http://alternative/callback?oauth_token=#{@request_token.token}&oauth_verifier=verifyme")
+  end
+
+  it "should ignore callback in query but redirect to default" do
+    do_post_with_callback
+    response.should be_redirect
+    response.should redirect_to("http://application/callback?oauth_token=#{@request_token.token}&oauth_verifier=verifyme")
+  end
+
+  it "should be successful on authorize without any application callback" do
+    do_post_with_no_application_callback
+    response.should be_success
+  end
+
+  it "should be successful on authorize without any application callback" do
+    do_post_with_no_application_callback
+    response.should render_template('authorize_success')
+  end
+  
+  it "should render failure screen on user invalidation" do
+    do_post_without_user_authorization
+    response.should render_template('authorize_failure')
+  end
+
+  it "should render failure screen if token is invalidated" do
+    @request_token.stub!(:authorized?).and_return(false)
+    @request_token.stub!(:invalidated?).and_return(true)
+    do_get
+    response.should render_template('authorize_failure')
+  end
+  
+
+end
+
+
+describe OauthController, "getting an access token" do
+  include OAuthControllerSpecHelper
+  before(:each) do
+    setup_oauth
+    sign_request_with_oauth @request_token
+    @request_token.stub!(:exchange!).and_return(@access_token)
+  end
+  
+  def do_get
+    get :access_token
+  end
+  
+  it "should be successful" do
+    do_get
+    response.should be_success
+  end
+  
+  it "should query for client_application" do
+    ClientApplication.should_receive(:find_token).with(@request_token.token).and_return(@request_token)
+    do_get
+  end
+  
+  it "should request token from client_application" do
+    @request_token.should_receive(:exchange!).and_return(@access_token)
+    do_get
+  end
+  
+  it "should return token string" do
+    do_get
+    response.body.should == @access_token_string
+  end
+end
+
+class OauthorizedController<ApplicationController
+  before_filter :login_or_oauth_required, :only => :both
+  before_filter :login_required, :only => :interactive
+  before_filter :oauth_required, :only => :token_only
+  
+  def interactive
+  end
+  
+  def token_only
+  end
+  
+  def both
+  end
+end
+
+describe OauthorizedController, " access control" do
+  include OAuthControllerSpecHelper
+  
+  before(:each) do
+  end
+  
+  it "should have access_token set up correctly" do
+    setup_to_authorize_request
+    @access_token.is_a?(AccessToken).should == true
+    @access_token.should be_authorized
+    @access_token.should_not be_invalidated
+    @access_token.user.should == @user
+    @access_token.client_application.should == @client_application
+  end
+  
+  it "should return false for oauth? by default" do
+    controller.send(:oauth?).should == false
+  end
+
+  it "should return nil for current_token  by default" do
+    controller.send(:current_token).should be_nil
+  end
+  
+  it "should allow oauth when using login_or_oauth_required" do
+    setup_to_authorize_request
+    sign_request_with_oauth(@access_token)
+    ClientApplication.should_receive(:find_token).with(@access_token.token).and_return(@access_token)
+    get :both
+    controller.send(:current_token).should == @access_token
+    controller.send(:current_token).is_a?(AccessToken).should == true 
+    controller.send(:current_user).should == @user
+    controller.send(:current_client_application).should == @client_application
+    response.code.should == '200'
+    response.should be_success
+  end
+
+  it "should allow interactive when using login_or_oauth_required" do
+    login
+    get :both
+    response.should be_success
+    controller.send(:current_user).should == @user
+    controller.send(:current_token).should be_nil
+  end
+
+  
+  it "should allow oauth when using oauth_required" do
+    setup_to_authorize_request
+    sign_request_with_oauth(@access_token)
+    ClientApplication.should_receive(:find_token).with(@access_token.token).and_return(@access_token)
+    get :token_only
+    controller.send(:current_token).should == @access_token
+    controller.send(:current_client_application).should == @client_application
+    controller.send(:current_user).should == @user 
+    response.code.should == '200' 
+    response.should be_success 
+  end
+
+  it "should disallow oauth using RequestToken when using oauth_required" do
+    setup_to_authorize_request
+    ClientApplication.should_receive(:find_token).with(@request_token.token).and_return(@request_token)
+    sign_request_with_oauth(@request_token)
+    get :token_only
+    response.code.should == '401'
+  end
+
+  it "should disallow interactive when using oauth_required" do
+    login
+    get :token_only
+    response.code.should == '401'
+    
+    controller.send(:current_user).should == @user
+    controller.send(:current_token).should be_nil
+  end
+
+  it "should disallow oauth when using login_required" do
+    setup_to_authorize_request
+    sign_request_with_oauth(@access_token)
+    get :interactive
+    response.code.should == "302"
+    controller.send(:current_user).should be_nil
+    controller.send(:current_token).should be_nil
+  end
+
+  it "should allow interactive when using login_required" do
+    login
+    get :interactive
+    response.should be_success
+    controller.send(:current_user).should == @user
+    controller.send(:current_token).should be_nil
+  end
+
+end
+
+describe OauthController, "revoke" do
+  include OAuthControllerSpecHelper
+  before(:each) do
+    setup_oauth_for_user
+    @request_token.stub!(:invalidate!)
+  end
+  
+  def do_post
+    post :revoke, :token => "TOKEN STRING"
+  end
+  
+  it "should redirect to index" do
+    do_post
+    response.should be_redirect
+    response.should redirect_to('http://test.host/oauth_clients')
+  end
+  
+  it "should query current_users tokens" do
+    @tokens.should_receive(:find_by_token).and_return(@request_token)
+    do_post
+  end
+  
+  it "should call invalidate on token" do
+    @request_token.should_receive(:invalidate!)
+    do_post
+  end
+  
+end
+