oauth2-provider 0.0.16

data/spec/requests/authorization_codes_support_spec.rb

@@ -0,0 +1,157 @@
+require 'spec_helper'
+
+describe OAuth2::Provider::Rack::AuthorizationCodesSupport do
+  before :each do
+    ExampleResourceOwner.destroy_all
+    @client = OAuth2::Provider.client_class.create! :name => 'client'
+    @valid_params = {
+      :client_id => @client.oauth_identifier,
+      :redirect_uri => "https://redirect.example.com/callback"
+    }
+    @owner = create_resource_owner
+  end
+
+  describe "Validating requests" do
+    action do |env|
+      request = Rack::Request.new(env)
+      env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(env, request.params)
+      env['oauth2.authorization_request'].validate!
+      successful_response
+    end
+
+    describe "Any request with a client_id and redirect_uri" do
+      before :each do
+        get '/oauth/authorize', @valid_params
+      end
+
+      it "is successful" do
+        response.status.should == 200
+      end
+    end
+
+    describe "Any request without a client_id" do
+      before :each do
+        get '/oauth/authorize', @valid_params.except(:client_id)
+      end
+
+      redirects_back_with_error 'invalid_request'
+    end
+
+    describe "Any request without a redirect_uri" do
+      before :each do
+        get '/oauth/authorize', @valid_params.except(:redirect_uri)
+      end
+
+      it "returns 400" do
+        response.status.should == 400
+      end
+    end
+
+    describe "Any request with an invalid redirect_uri" do
+      before :each do
+        get '/oauth/authorize', @valid_params.merge(:redirect_uri => "http://")
+      end
+
+      it "returns 400" do
+        response.status.should == 400
+      end
+    end
+
+    describe "Any request with an unknown client id" do
+      before :each do
+        get '/oauth/authorize', @valid_params.merge(:client_id => 'unknown')
+      end
+
+      redirects_back_with_error 'invalid_client'
+    end
+
+    describe "A request where the scope is declared invalid" do
+      action do |env|
+        request = Rack::Request.new(env)
+        env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(env, request.params)
+        env['oauth2.authorization_request'].validate!
+        env['oauth2.authorization_request'].invalid_scope!
+        successful_response
+      end
+
+      before :each do
+        get '/oauth/authorize', @valid_params
+      end
+
+      redirects_back_with_error 'invalid_scope'
+    end
+  end
+
+  describe "Granting a code" do
+    action do |env|
+      request = Rack::Request.new(env)
+      env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(env, request.params)
+      env['oauth2.authorization_request'].grant! ExampleResourceOwner.first
+    end
+
+    before :each do
+      post '/oauth/authorize', @valid_params.merge(:submit => 'Yes')
+    end
+
+    it "redirects back to the redirect_uri with a valid authorization code for the client" do
+      response.status.should == 302
+      code = Addressable::URI.parse(response.location).query_values["code"]
+      code.should_not be_nil
+      found = OAuth2::Provider.authorization_code_class.find_by_code(code)
+      found.should_not be_nil
+      found.authorization.client.should == @client
+      found.authorization.resource_owner.should == @owner
+      found.should_not be_expired
+    end
+  end
+
+  describe "Granting a code with a scope" do
+    action do |env|
+      request = Rack::Request.new(env)
+      env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(env, request.params)
+      env['oauth2.authorization_request'].grant! ExampleResourceOwner.first
+    end
+
+    before :each do
+      post '/oauth/authorize', @valid_params.merge(:submit => 'Yes', :scope => 'periscope')
+    end
+
+    it "includes the scope in the granted authorization" do
+      code = Addressable::URI.parse(response.location).query_values["code"]
+      found = OAuth2::Provider.authorization_code_class.find_by_code(code)
+      found.authorization.scope.should == 'periscope'
+    end
+  end
+
+  describe "Granting a code with custom authorization length" do
+    action do |env|
+      request = Rack::Request.new(env)
+      env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(env, request.params)
+      env['oauth2.authorization_request'].grant! ExampleResourceOwner.first, 5.years.from_now
+    end
+
+    before :each do
+      post '/oauth/authorize', @valid_params.merge(:submit => 'Yes', :five_years => 'true')
+    end
+
+    it "redirects with an authorization code linked to the extended authorization" do
+      code = Addressable::URI.parse(response.location).query_values["code"]
+      found = OAuth2::Provider.authorization_code_class.find_by_code(code)
+      found.authorization.expires_at.should eql(5.years.from_now)
+    end
+  end
+
+  describe "Denying a code" do
+    action do |env|
+      request = Rack::Request.new(env)
+      env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(env, request.params)
+      env['oauth2.authorization_request'].deny!
+    end
+
+    before :each do
+      post '/oauth/authorize', @valid_params.merge(:submit => 'No')
+    end
+
+    redirects_back_with_error 'access_denied'
+  end
+end

data/spec/schema.rb

@@ -0,0 +1,38 @@
+ActiveRecord::Schema.define(:version => 20110323171649) do
+  create_table 'example_resource_owners', :force => true do |t|
+    t.string   'username'
+    t.string   'password'
+  end
+
+  create_table 'oauth_clients', :force => true do |t|
+    t.string   'name'
+    t.string   'oauth_identifier', :null => false
+    t.string   'oauth_secret', :null => false
+  end
+
+  create_table 'oauth_authorization_codes', :force => true do |t|
+    t.integer  'authorization_id', :null => false
+    t.string   'code',      :null => false
+    t.datetime 'expires_at'
+    t.datetime 'created_at'
+    t.datetime 'updated_at'
+    t.string   'redirect_uri'
+  end
+
+  create_table 'oauth_authorizations', :force => true do |t|
+    t.integer  'client_id', :null => false
+    t.integer  'resource_owner_id'
+    t.string   'resource_owner_type'
+    t.string   'scope'
+    t.datetime 'expires_at'
+  end
+
+  create_table 'oauth_access_tokens', :force => true do |t|
+    t.integer  'authorization_id', :null => false
+    t.string   'access_token', :null => false
+    t.string   'refresh_token'
+    t.datetime 'expires_at'
+    t.datetime 'created_at'
+    t.datetime 'updated_at'
+  end
+end

data/spec/set_backend_env_to_mongoid.rb

@@ -0,0 +1 @@
+ENV['BACKEND']='mongoid'

data/spec/spec_helper.rb

@@ -0,0 +1,27 @@
+require 'bundler/setup'
+require 'rack'
+require 'rack/test'
+require 'oauth2-provider'
+
+require 'timecop'
+require 'yajl'
+
+require "support/#{ENV["BACKEND"] || 'activerecord'}_backend"
+
+require 'support/macros'
+require 'support/factories'
+require 'support/rack'
+
+RSpec.configure do |config|
+  config.before :each do
+    Timecop.freeze
+  end
+
+  config.after :each do
+    Timecop.return
+  end
+
+  config.include OAuth2::Provider::RSpec::Macros
+  config.include OAuth2::Provider::RSpec::Factories
+  config.include OAuth2::Provider::RSpec::Rack
+end

data/spec/support/activerecord_backend.rb

@@ -0,0 +1,18 @@
+require 'active_record'
+
+ActiveRecord::Base.establish_connection(
+  :adapter => "sqlite3",
+  :database => "test.db"
+)
+
+require "schema.rb"
+
+class ExampleResourceOwner < ActiveRecord::Base
+  def self.authenticate_with_username_and_password(*args)
+    find_by_username_and_password(*args)
+  end
+end
+
+OAuth2::Provider.configure do |config|
+  config.resource_owner_class_name = 'ExampleResourceOwner'
+end

data/spec/support/factories.rb

@@ -0,0 +1,56 @@
+module OAuth2::Provider
+  module RSpec
+    module Factories
+      def build_client(attributes = {})
+        OAuth2::Provider.client_class.new({:name => 'client'}.merge(attributes))
+      end
+
+      def create_client(attributes = {})
+        build_client(attributes).tap do |c|
+          c.save!
+        end
+      end
+
+      def build_authorization(attributes = {})
+        OAuth2::Provider.authorization_class.new({
+          :client => build_client
+        }.merge(attributes))
+      end
+
+      def create_authorization(attributes = {})
+        build_authorization({:client => create_client}.merge(attributes)).tap do |ag|
+          ag.save!
+        end
+      end
+
+      def build_authorization_code(attributes = {})
+        OAuth2::Provider.authorization_code_class.new({
+          :redirect_uri => "https://client.example.com/callback",
+          :authorization => build_authorization
+        }.merge(attributes))
+      end
+
+      def create_authorization_code(attributes = {})
+        build_authorization_code({:authorization => create_authorization}.merge(attributes)).tap do |ac|
+          ac.save!
+        end
+      end
+
+      def build_access_token(attributes = {})
+        OAuth2::Provider.access_token_class.new({
+          :authorization => build_authorization
+        }.merge(attributes))
+      end
+
+      def create_access_token(attributes = {})
+        build_access_token({:authorization => create_authorization}.merge(attributes)).tap do |ac|
+          ac.save!
+        end
+      end
+
+      def create_resource_owner(attributes = {})
+        ExampleResourceOwner.create!
+      end
+    end
+  end
+end

data/spec/support/macros.rb

@@ -0,0 +1,46 @@
+module OAuth2::Provider
+  module RSpec
+    module Macros
+      extend ActiveSupport::Concern
+
+      def json_from_response
+        @json_from_response ||= begin
+          response.content_type.should == "application/json"
+          Yajl::Parser.new.parse(response.body)
+        end
+      end
+
+      module ClassMethods
+        def responds_with_header(name, value)
+          it %{responds with header #{name}: #{value}} do
+            response.headers[name].should == value
+          end
+        end
+
+        def responds_with_status(status)
+          it %{responds with status #{status}} do
+            response.status.should == status
+          end
+        end
+
+        def responds_with_json_error(name, options = {})
+          error_description = %{, "error_description": "#{options[:description]}"} if options[:description]
+          it %{responds with json: {"error": "#{name}"#{error_description}}, status: #{options[:status]}} do
+            response.status.should == options[:status]
+            json = json_from_response
+            json["error"].should == name
+            json["error_description"].should == options[:description] if options[:description]
+          end
+        end
+
+        def redirects_back_with_error(name)
+          it %{redirects back with error '#{name}'} do
+            response.status.should == 302
+            error = Addressable::URI.parse(response.location).query_values["error"]
+            error.should == name
+          end
+        end
+      end
+    end
+  end
+end

data/spec/support/mongoid_backend.rb

@@ -0,0 +1,34 @@
+require 'mongoid'
+
+class ExampleResourceOwner
+  include Mongoid::Document
+
+  field :username
+  field :password
+
+  references_many :authorizations, :class_name => "OAuth2::Provider::Models::Mongoid::Authorization"
+
+  def self.authenticate_with_username_and_password(username, password)
+    where(:username => username, :password => password).first
+  end
+end
+
+OAuth2::Provider.configure do |config|
+  config.backend = :mongoid
+  config.resource_owner_class_name = 'ExampleResourceOwner'
+end
+
+Mongoid.configure do |config|
+  config.from_hash(
+    "host" => "127.0.0.1",
+    "autocreate_indexes" => false,
+    "allow_dynamic_fields" => true,
+    "include_root_in_json" => false,
+    "parameterize_keys" => true,
+    "persist_in_safe_mode" => true,
+    "raise_not_found_error" => true,
+    "reconnect_time" => 3,
+    "use_activesupport_time_zone" => true,
+    "database" => "oauth2_test"
+  )
+end

data/spec/support/rack.rb

@@ -0,0 +1,32 @@
+module OAuth2::Provider
+  module RSpec
+    module Rack
+      extend ActiveSupport::Concern
+
+      included do
+        class_attribute :action_block
+        include ::Rack::Test::Methods
+      end
+
+      def app
+        ::OAuth2::Provider::Rack::Middleware.new(
+          action_block
+        )
+      end
+
+      def response
+        last_response
+      end
+
+      module ClassMethods
+        def action(&block)
+          self.action_block = block
+        end
+
+        def successful_response
+          [200, {'Content-Type' => 'text/plain'}, 'Success']
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,373 @@
+--- !ruby/object:Gem::Specification 
+name: oauth2-provider
+version: !ruby/object:Gem::Version 
+  hash: 63
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 16
+  version: 0.0.16
+platform: ruby
+authors: 
+- Tom Ward
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-05-17 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: activesupport
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 3
+        - 0
+        - 1
+        version: 3.0.1
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: addressable
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 2
+        - 2
+        version: "2.2"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 3
+        - 0
+        - 1
+        version: 3.0.1
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rspec-rails
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 2
+        - 1
+        - 0
+        version: 2.1.0
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 49
+        segments: 
+        - 0
+        - 8
+        - 7
+        version: 0.8.7
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: sqlite3-ruby
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 25
+        segments: 
+        - 1
+        - 3
+        - 1
+        version: 1.3.1
+  type: :development
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: timecop
+  prerelease: false
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 0
+        - 3
+        - 4
+        version: 0.3.4
+  type: :development
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: yajl-ruby
+  prerelease: false
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 0
+        - 7
+        - 5
+        version: 0.7.5
+  type: :development
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: mongoid
+  prerelease: false
+  requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 15424089
+        segments: 
+        - 2
+        - 0
+        - 0
+        - rc
+        - 6
+        version: 2.0.0.rc.6
+  type: :development
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
+  name: bson
+  prerelease: false
+  requirement: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 31
+        segments: 
+        - 1
+        - 2
+        - 0
+        version: 1.2.0
+  type: :development
+  version_requirements: *id010
+- !ruby/object:Gem::Dependency 
+  name: bson_ext
+  prerelease: false
+  requirement: &id011 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 31
+        segments: 
+        - 1
+        - 2
+        - 0
+        version: 1.2.0
+  type: :development
+  version_requirements: *id011
+- !ruby/object:Gem::Dependency 
+  name: sdoc
+  prerelease: false
+  requirement: &id012 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 63
+        segments: 
+        - 0
+        - 2
+        - 20
+        version: 0.2.20
+  type: :development
+  version_requirements: *id012
+description: OAuth2 Provider, extracted from api.hashblue.com
+email: 
+- tom@popdog.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- examples/client/Gemfile
+- examples/client/Gemfile.lock
+- examples/client/README
+- examples/client/app.rb
+- examples/client/config.ru
+- examples/client/views/home.haml
+- examples/client/views/response.haml
+- examples/rails3-example/.gitignore
+- examples/rails3-example/Gemfile
+- examples/rails3-example/Gemfile.lock
+- examples/rails3-example/README
+- examples/rails3-example/Rakefile
+- examples/rails3-example/app/controllers/account_controller.rb
+- examples/rails3-example/app/controllers/application_controller.rb
+- examples/rails3-example/app/controllers/authorization_controller.rb
+- examples/rails3-example/app/controllers/home_controller.rb
+- examples/rails3-example/app/controllers/session_controller.rb
+- examples/rails3-example/app/helpers/application_helper.rb
+- examples/rails3-example/app/models/account.rb
+- examples/rails3-example/app/views/authorization/new.html.erb
+- examples/rails3-example/app/views/home/show.html.erb
+- examples/rails3-example/app/views/layouts/application.html.erb
+- examples/rails3-example/app/views/session/new.html.erb
+- examples/rails3-example/config.ru
+- examples/rails3-example/config/application.rb
+- examples/rails3-example/config/boot.rb
+- examples/rails3-example/config/database.yml
+- examples/rails3-example/config/environment.rb
+- examples/rails3-example/config/environments/development.rb
+- examples/rails3-example/config/environments/production.rb
+- examples/rails3-example/config/environments/test.rb
+- examples/rails3-example/config/initializers/backtrace_silencers.rb
+- examples/rails3-example/config/initializers/inflections.rb
+- examples/rails3-example/config/initializers/mime_types.rb
+- examples/rails3-example/config/initializers/secret_token.rb
+- examples/rails3-example/config/initializers/session_store.rb
+- examples/rails3-example/config/locales/en.yml
+- examples/rails3-example/config/routes.rb
+- examples/rails3-example/db/migrate/20110508151935_add_account_table.rb
+- examples/rails3-example/db/migrate/20110508151948_add_oauth2_tables.rb
+- examples/rails3-example/db/schema.rb
+- examples/rails3-example/db/seeds.rb
+- examples/rails3-example/doc/README_FOR_APP
+- examples/rails3-example/lib/tasks/.gitkeep
+- examples/rails3-example/public/404.html
+- examples/rails3-example/public/422.html
+- examples/rails3-example/public/500.html
+- examples/rails3-example/public/favicon.ico
+- examples/rails3-example/public/images/rails.png
+- examples/rails3-example/public/robots.txt
+- examples/rails3-example/public/stylesheets/.gitkeep
+- examples/rails3-example/script/rails
+- lib/oauth2-provider.rb
+- lib/oauth2/provider.rb
+- lib/oauth2/provider/models.rb
+- lib/oauth2/provider/models/access_token.rb
+- lib/oauth2/provider/models/active_record.rb
+- lib/oauth2/provider/models/active_record/access_token.rb
+- lib/oauth2/provider/models/active_record/authorization.rb
+- lib/oauth2/provider/models/active_record/authorization_code.rb
+- lib/oauth2/provider/models/active_record/client.rb
+- lib/oauth2/provider/models/authorization.rb
+- lib/oauth2/provider/models/authorization_code.rb
+- lib/oauth2/provider/models/client.rb
+- lib/oauth2/provider/models/mongoid.rb
+- lib/oauth2/provider/models/mongoid/access_token.rb
+- lib/oauth2/provider/models/mongoid/authorization.rb
+- lib/oauth2/provider/models/mongoid/authorization_code.rb
+- lib/oauth2/provider/models/mongoid/client.rb
+- lib/oauth2/provider/rack.rb
+- lib/oauth2/provider/rack/access_token_handler.rb
+- lib/oauth2/provider/rack/authorization_code_request.rb
+- lib/oauth2/provider/rack/authorization_codes_support.rb
+- lib/oauth2/provider/rack/middleware.rb
+- lib/oauth2/provider/rack/resource_request.rb
+- lib/oauth2/provider/rack/responses.rb
+- lib/oauth2/provider/rails.rb
+- lib/oauth2/provider/rails/controller_authentication.rb
+- lib/oauth2/provider/random.rb
+- lib/oauth2/provider/version.rb
+- oauth2-provider.gemspec
+- spec/models/access_token_spec.rb
+- spec/models/authorization_code_spec.rb
+- spec/models/authorization_spec.rb
+- spec/models/client_spec.rb
+- spec/requests/access_tokens_controller_spec.rb
+- spec/requests/authentication_spec.rb
+- spec/requests/authorization_codes_support_spec.rb
+- spec/schema.rb
+- spec/set_backend_env_to_mongoid.rb
+- spec/spec_helper.rb
+- spec/support/activerecord_backend.rb
+- spec/support/factories.rb
+- spec/support/macros.rb
+- spec/support/mongoid_backend.rb
+- spec/support/rack.rb
+has_rdoc: true
+homepage: http://tomafro.net
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: OAuth2 Provider, extracted from api.hashblue.com
+test_files: 
+- spec/models/access_token_spec.rb
+- spec/models/authorization_code_spec.rb
+- spec/models/authorization_spec.rb
+- spec/models/client_spec.rb
+- spec/requests/access_tokens_controller_spec.rb
+- spec/requests/authentication_spec.rb
+- spec/requests/authorization_codes_support_spec.rb
+- spec/schema.rb
+- spec/set_backend_env_to_mongoid.rb
+- spec/spec_helper.rb
+- spec/support/activerecord_backend.rb
+- spec/support/factories.rb
+- spec/support/macros.rb
+- spec/support/mongoid_backend.rb
+- spec/support/rack.rb