RubyGems - oauth-plugin - Versions diffs - 0.4.0.pre4 → 0.4.0.pre5 - Mend

oauth-plugin 0.4.0.pre4 → 0.4.0.pre5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

data/generators/oauth_provider/templates/controller_spec.rb DELETED Viewed

@@ -1,838 +0,0 @@
-require File.dirname(__FILE__) + '/../spec_helper'
-require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
-describe OauthController do
-  if defined?(Devise)
-    include Devise::TestHelpers
-  end
-  include OAuthControllerSpecHelper
-  fixtures :client_applications, :oauth_tokens, :users
-  describe "getting a request token" do
-    before(:each) do
-      sign_request_with_oauth
-      ClientApplication.stub!(:find_by_key).and_return(current_client_application)
-    end
-    def do_get
-      get :request_token
-    end
-    it "should be successful" do
-      do_get
-      response.should be_success
-    end
-    it "should query for client_application" do
-      ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
-      do_get
-    end
-    it "should request token from client_application" do
-      current_client_application.should_receive(:create_request_token).and_return(request_token)
-      do_get
-    end
-    it "should return token string" do
-      do_get
-      response.body.should==RequestToken.last.to_query
-    end
-    it "should not set token_callback_url" do
-      current_client_application.should_not_receive(:token_callback_url=)
-      do_get
-    end
-  end
-  describe "getting a request token passing a oauth_callback url" do
-    before(:each) do
-      sign_request_with_oauth nil, {:oauth_callback=>"http://test.com/alternative_callback"}
-      ClientApplication.stub!(:find_by_key).and_return(current_client_application)
-    end
-    def do_get
-      get :request_token
-    end
-    it "should be successful" do
-      do_get
-      response.should be_success
-    end
-    it "should query for client_application" do
-      ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
-      do_get
-    end
-    it "should request token from client_application" do
-      current_client_application.should_receive(:create_request_token).and_return(request_token)
-      do_get
-    end
-    it "should return token string" do
-      do_get
-      response.body.should==RequestToken.last.to_query
-    end
-    it "should set token_callback_url with received oauth_callback" do
-      current_client_application.should_receive(:token_callback_url=).with("http://test.com/alternative_callback")
-      do_get
-    end
-  end
-  describe "10a token authorization" do
-    before(:each) do
-      login
-      RequestToken.stub!(:find_by_token).and_return(request_token)
-    end
-    def do_get
-      get :authorize, :oauth_token => request_token.token
-    end
-    it "should show authorize page" do
-      do_get
-      response.should render_template("authorize")
-    end
-    it "should authorize token" do
-      request_token.should_not_receive(:authorize!).with(current_user)
-      do_get
-    end
-    it "should redirect if token is invalidated" do
-      request_token.invalidate!
-      do_get
-      response.should render_template("authorize_failure")
-    end
-  end
-  describe "10a token authorization" do
-    before(:each) do
-      login
-      RequestToken.stub!(:find_by_token).and_return(request_token)
-    end
-    def do_post
-      post :authorize, :oauth_token => request_token.token, :authorize=>1
-    end
-    it "should redirect to default callback" do
-      do_post
-      response.should be_redirect
-      response.should redirect_to("http://application/callback?oauth_token=#{request_token.token}&oauth_verifier=#{request_token.verifier}")
-    end
-    it "should authorize token" do
-      request_token.should_receive(:authorize!).with(current_user)
-      do_post
-    end
-    it "should redirect if token is invalidated" do
-      request_token.invalidate!
-      do_post
-      response.should render_template("authorize_failure")
-    end
-  end
-  describe "2.0 authorization code flow" do
-    before(:each) do
-      login
-    end
-    describe "authorize redirect" do
-      before(:each) do
-        get :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
-      end
-      it "should render authorize" do
-        response.should render_template("oauth2_authorize")
-      end
-      it "should not create token" do
-        Oauth2Verifier.last.should be_nil
-      end
-    end
-    describe "authorize" do
-      before(:each) do
-        post :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>1
-        @verification_token = Oauth2Verifier.last
-        @oauth2_token_count= Oauth2Token.count
-      end
-      subject { @verification_token }
-      it { should_not be_nil }
-      it "should set user on verification token" do
-        @verification_token.user.should==current_user
-      end
-      it "should set redirect_url" do
-        @verification_token.redirect_url.should == "http://application/callback"
-      end
-      it "should redirect to default callback" do
-        response.should be_redirect
-        response.should redirect_to("http://application/callback?code=#{@verification_token.code}")
-      end
-      describe "get token" do
-        before(:each) do
-          post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>@verification_token.code
-          @token = Oauth2Token.last
-        end
-        subject { @token }
-        it { should_not be_nil }
-        it { should be_authorized }
-        it "should have added a new token" do
-          Oauth2Token.count.should==@oauth2_token_count+1
-        end
-        it "should set user to current user" do
-          @token.user.should==current_user
-        end
-        it "should return json token" do
-          JSON.parse(response.body).should=={"access_token"=>@token.token}
-        end
-      end
-      describe "get token with wrong secret" do
-        before(:each) do
-          post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>"fake", :redirect_url=>"http://application/callback",:code=>@verification_token.code
-        end
-        it "should not create token" do
-          Oauth2Token.count.should==@oauth2_token_count
-        end
-        it "should return incorrect_client_credentials error" do
-          JSON.parse(response.body).should == {"error"=>"invalid_client"}
-        end
-      end
-      describe "get token with wrong code" do
-        before(:each) do
-          post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>"fake"
-        end
-        it "should not create token" do
-          Oauth2Token.count.should==@oauth2_token_count
-        end
-        it "should return incorrect_client_credentials error" do
-          JSON.parse(response.body).should == {"error"=>"invalid_grant"}
-        end
-      end
-      describe "get token with wrong redirect_url" do
-        before(:each) do
-          post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://evil/callback",:code=>@verification_token.code
-        end
-        it "should not create token" do
-          Oauth2Token.count.should==@oauth2_token_count
-        end
-        it "should return incorrect_client_credentials error" do
-          JSON.parse(response.body).should == {"error"=>"invalid_grant"}
-        end
-      end
-    end
-    describe "deny" do
-      before(:each) do
-        post :authorize, :response_type=>"code", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>0
-      end
-      it { Oauth2Verifier.last.should be_nil }
-      it "should redirect to default callback" do
-        response.should be_redirect
-        response.should redirect_to("http://application/callback?error=user_denied")
-      end
-    end
-  end
-  describe "2.0 authorization token flow" do
-    before(:each) do
-      login
-      current_client_application # load up so it creates its own token
-      @oauth2_token_count= Oauth2Token.count
-    end
-    describe "authorize redirect" do
-      before(:each) do
-        get :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
-      end
-      it "should render authorize" do
-        response.should render_template("oauth2_authorize")
-      end
-      it "should not create token" do
-        Oauth2Verifier.last.should be_nil
-      end
-    end
-    describe "authorize" do
-      before(:each) do
-        post :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>1
-        @token = Oauth2Token.last
-      end
-      subject { @token }
-      it "should redirect to default callback" do
-        response.should be_redirect
-        response.should redirect_to("http://application/callback?access_token=#{@token.token}")
-      end
-      it "should not have a scope" do
-        @token.scope.should be_nil
-      end
-      it { should_not be_nil }
-      it { should be_authorized }
-      it "should set user to current user" do
-        @token.user.should==current_user
-      end
-      it "should have added a new token" do
-        Oauth2Token.count.should==@oauth2_token_count+1
-      end
-    end
-    describe "deny" do
-      before(:each) do
-        post :authorize, :response_type=>"token", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>0
-      end
-      it { Oauth2Verifier.last.should be_nil }
-      it "should redirect to default callback" do
-        response.should be_redirect
-        response.should redirect_to("http://application/callback?error=user_denied")
-      end
-    end
-  end
-  describe "oauth2 token for autonomous client_application" do
-    before(:each) do
-      current_client_application
-      @oauth2_token_count = Oauth2Token.count
-      post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret
-      @token = Oauth2Token.last
-    end
-    subject { @token }
-    it { should_not be_nil }
-    it { should be_authorized }
-    it "should set user to client_applications user" do
-      @token.user.should==current_client_application.user
-    end
-    it "should have added a new token" do
-      Oauth2Token.count.should==@oauth2_token_count+1
-    end
-    it "should return json token" do
-      JSON.parse(response.body).should=={"access_token"=>@token.token}
-    end
-  end
-  describe "oauth2 token for autonomous client_application with invalid client credentials" do
-    before(:each) do
-      current_client_application
-      @oauth2_token_count = Oauth2Token.count
-      post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>"bad"
-    end
-    subject { @token }
-    it "should not have added a new token" do
-      Oauth2Token.count.should==@oauth2_token_count
-    end
-    it "should return json token" do
-      JSON.parse(response.body).should=={"error"=>"invalid_client"}
-    end
-  end
-  describe "oauth2 token for basic credentials" do
-    before(:each) do
-      current_client_application
-      @oauth2_token_count = Oauth2Token.count
-      post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"password"
-      @token = Oauth2Token.last
-    end
-    subject { @token }
-    it { should_not be_nil }
-    it { should be_authorized }
-    it "should set user to client_applications user" do
-      @token.user.should==current_user
-    end
-    it "should have added a new token" do
-      Oauth2Token.count.should==@oauth2_token_count+1
-    end
-    it "should return json token" do
-      JSON.parse(response.body).should=={"access_token"=>@token.token}
-    end
-  end
-  describe "oauth2 token for basic credentials with wrong password" do
-    before(:each) do
-      current_client_application
-      @oauth2_token_count = Oauth2Token.count
-      post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"bad"
-    end
-    it "should not have added a new token" do
-      Oauth2Token.count.should==@oauth2_token_count
-    end
-    it "should return json token" do
-      JSON.parse(response.body).should=={"error"=>"invalid_grant"}
-    end
-  end
-  describe "oauth2 token for basic credentials with unknown user" do
-    before(:each) do
-      current_client_application
-      @oauth2_token_count = Oauth2Token.count
-      post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>"non existent", :password=>"password"
-    end
-    it "should not have added a new token" do
-      Oauth2Token.count.should==@oauth2_token_count
-    end
-    it "should return json token" do
-      JSON.parse(response.body).should=={"error"=>"invalid_grant"}
-    end
-  end
-  describe "getting an access token" do
-    before(:each) do
-      request_token.authorize!(current_user)
-      request_token.reload
-      sign_request_with_oauth consumer_request_token, :oauth_verifier=>request_token.verifier
-    end
-    def do_get
-      post :access_token
-    end
-    it "should have a verifier" do
-      request_token.verifier.should_not be_nil
-    end
-    it "should be authorized" do
-      request_token.should be_authorized
-    end
-    it "should be successful" do
-      do_get
-      response.should be_success
-    end
-    it "should request token from client_application" do
-      controller.stub!(:current_token).and_return(request_token)
-      request_token.should_receive(:exchange!).and_return(access_token)
-      do_get
-    end
-    it "should return token string" do
-      do_get
-      response.body.should == AccessToken.last.to_query
-    end
-    describe "access token" do
-      before(:each) do
-        do_get
-        access_token=AccessToken.last
-      end
-      it "should have user set" do
-        access_token.user.should==current_user
-      end
-      it "should be authorized" do
-        access_token.should be_authorized
-      end
-    end
-  end
-  describe "invalidate" do
-    before(:each) do
-      sign_request_with_oauth access_token
-      get :invalidate
-    end
-    it "should be a success" do
-      response.code.should=="410"
-    end
-  end
-end
-class OauthorizedController<ApplicationController
-  before_filter :login_required,                               :only => :interactive
-  oauthenticate                                                :only => :all
-  oauthenticate :strategies=>:token,                           :only=>:interactive_and_token
-  oauthenticate :strategies=>:two_legged,                      :only=>:interactive_and_two_legged
-  oauthenticate :interactive=>false,                           :only=>:no_interactive
-  oauthenticate :interactive=>false, :strategies=>:token,      :only=>:token
-  oauthenticate :interactive=>false, :strategies=>:two_legged, :only=>:two_legged
-  before_filter :oauth_required,                               :only=>:token_legacy
-  before_filter :login_or_oauth_required,                      :only=>:both_legacy
-  def interactive
-    head :ok
-  end
-  def all
-    head :ok
-  end
-  def token
-    head :ok
-  end
-  def interactive_and_token
-    head :ok
-  end
-  def interactive_and_two_legged
-    head :ok
-  end
-  def two_legged
-    head :ok
-  end
-  def token_legacy
-    head :ok
-  end
-  def both_legacy
-    head :ok
-  end
-end
-describe OauthorizedController, " access control" do
-  fixtures :client_applications, :oauth_tokens, :users
-  if defined?(Devise)
-    include Devise::TestHelpers
-  end
-  include OAuthControllerSpecHelper
-  it "should return false for oauth? by default" do
-    controller.send(:oauth?).should == false
-  end
-  it "should return nil for current_token  by default" do
-    controller.send(:current_token).should be_nil
-  end
-  describe "oauth 10a" do
-    describe "request token signed" do
-      before(:each) do
-        sign_request_with_oauth(request_token)
-      end
-      it "should disallow oauth using RequestToken when using oauth_required" do
-        get :token
-        response.code.should == '401'
-      end
-    end
-    describe "access token signed" do
-      before(:each) do
-        sign_request_with_oauth(access_token)
-      end
-      [:interactive,:two_legged,:interactive_and_two_legged].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action
-          end
-          it "should not be a success" do
-            response.should_not be_success
-          end
-          it "should not set current_token" do
-            controller.send(:current_token).should be_nil
-          end
-          it "should not set current_client_application" do
-            controller.send(:current_client_application).should be_nil
-          end
-          it "should not set current_user" do
-            controller.send(:current_user).should be_nil
-          end
-        end
-      end
-      [:token,:interactive_and_token,:all,:token_legacy,:both_legacy].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action
-          end
-          it "should not be a success" do
-            response.should be_success
-          end
-          it "should set current_token" do
-            controller.send(:current_token).should == access_token
-          end
-          it "should set current_client_application" do
-            controller.send(:current_client_application).should == current_client_application
-          end
-          it "should set current_user" do
-            controller.send(:current_user).should == current_user
-          end
-        end
-      end
-    end
-    describe "2 legged" do
-      before(:each) do
-        two_legged_sign_request_with_oauth(current_consumer)
-      end
-      [:token,:interactive_and_token,:interactive,:token_legacy,:both_legacy].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action
-          end
-          it "should not be a success" do
-            response.should_not be_success
-          end
-          it "should not set current_token" do
-            controller.send(:current_token).should be_nil
-          end
-          it "should not set current_client_application" do
-            controller.send(:current_client_application).should be_nil
-          end
-          it "should not set current_user" do
-            controller.send(:current_user).should be_nil
-          end
-        end
-      end
-      [:two_legged,:interactive_and_two_legged,:all].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action
-          end
-          it "should not be a success" do
-            response.should be_success
-          end
-          it "should not set current_token" do
-            controller.send(:current_token).should be_nil
-          end
-          it "should set current_client_application" do
-            controller.send(:current_client_application).should == current_client_application
-          end
-          it "should set current_user" do
-            controller.send(:current_user).should == current_client_application.user
-          end
-        end
-      end
-    end
-  end
-  describe "oauth 2.0" do
-    before(:each) do
-      @access_token = Oauth2Token.create :user=>current_user, :client_application=>current_client_application
-      @client_application = @access_token.client_application
-    end
-    describe "authorize header" do
-      before(:each) do
-        add_oauth2_token_header(access_token)
-      end
-      it "should include headers" do
-        get :interactive_and_token
-        ActionController::HttpAuthentication::Basic.authorization(request).should == "OAuth #{access_token.token}"
-      end
-      [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action
-          end
-          it "should not be a success" do
-            response.should_not be_success
-          end
-          it "should not set current_token" do
-            controller.send(:current_token).should be_nil
-          end
-          it "should not set current_client_application" do
-            controller.send(:current_client_application).should be_nil
-          end
-          it "should not set current_user" do
-            controller.send(:current_user).should be_nil
-          end
-        end
-      end
-      [:token,:interactive_and_token,:all].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action
-          end
-          it "should not be a success" do
-            response.should be_success
-          end
-          it "should set current_token" do
-            controller.send(:current_token).should == access_token
-          end
-          it "should set current_client_application" do
-            controller.send(:current_client_application).should == current_client_application
-          end
-          it "should set current_user" do
-            controller.send(:current_user).should == current_user
-          end
-        end
-      end
-    end
-    describe "query string" do
-      [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action, :oauth_token=>access_token.token
-          end
-          it "should not be a success" do
-            response.should_not be_success
-          end
-          it "should not set current_token" do
-            controller.send(:current_token).should be_nil
-          end
-          it "should not set current_client_application" do
-            controller.send(:current_client_application).should be_nil
-          end
-          it "should not set current_user" do
-            controller.send(:current_user).should be_nil
-          end
-        end
-      end
-      [:token,:interactive_and_token,:all].each do |action|
-        describe "accessing #{action.to_s.humanize}" do
-          before(:each) do
-            get action, :oauth_token=>access_token.token
-          end
-          it "should not be a success" do
-            response.should be_success
-          end
-          it "should set current_token" do
-            controller.send(:current_token).should == access_token
-          end
-          it "should set current_client_application" do
-            controller.send(:current_client_application).should == current_client_application
-          end
-          it "should set current_user" do
-            controller.send(:current_user).should == current_user
-          end
-        end
-      end
-    end
-  end
-  describe "logged in user" do
-    before(:each) do
-      login
-    end
-    [:token,:two_legged,:token_legacy].each do |action|
-      describe "accessing #{action.to_s.humanize}" do
-        before(:each) do
-          get action, :oauth_token=>access_token.token
-        end
-        it "should not be a success" do
-          response.should_not be_success
-        end
-        it "should not set current_token" do
-          controller.send(:current_token).should be_nil
-        end
-        it "should not set current_client_application" do
-          controller.send(:current_client_application).should be_nil
-        end
-      end
-    end
-    [:interactive,:interactive_and_two_legged,:interactive_and_token,:all,:both_legacy].each do |action|
-      describe "accessing #{action.to_s.humanize}" do
-        before(:each) do
-          get action, :oauth_token=>access_token.token
-        end
-        it "should not be a success" do
-          response.should be_success
-        end
-        it "should not set current_token" do
-          controller.send(:current_token).should be_nil
-        end
-        it "should not set current_client_application" do
-          controller.send(:current_client_application).should be_nil
-        end
-        it "should set current_user" do
-          controller.send(:current_user).should == current_user
-        end
-      end
-    end
-  end
-end