oauth2-provider 0.0.17 → 0.0.18

data/lib/oauth2/provider/rack/authorization_code_request.rb

@@ -2,24 +2,7 @@ module OAuth2::Provider::Rack
   class AuthorizationCodeRequest
     def initialize(params)
       @params = params
-    end
-
-    def validate!
-      unless client_id
-        raise OAuth2::Provider::Rack::InvalidRequest, 'No client_id provided'
-      end
-
-      unless client
-        raise OAuth2::Provider::Rack::InvalidRequest, 'client_id is invalid'
-      end
-
-      unless redirect_uri
-        raise OAuth2::Provider::Rack::InvalidRequest, 'No redirect_uri provided'
-      end
-
-      unless redirect_uri_valid?
-        raise OAuth2::Provider::Rack::InvalidRequest, 'Provided redirect_uri is invalid'
-      end
+      validate!
     end
 
     def grant!(resource_owner = nil, authorization_expires_at = nil)
@@ -33,6 +16,13 @@ module OAuth2::Provider::Rack
       throw_response Responses.redirect_with_code(code.code, redirect_uri)
     end
 
+    def grant_existing!(resource_owner = nil)
+      if existing = OAuth2::Provider.authorization_class.allowing(client, resource_owner, scope).first
+        code = existing.authorization_codes.create! :redirect_uri => redirect_uri
+        throw_response Responses.redirect_with_code(code.code, redirect_uri)
+      end
+    end
+
     def deny!
       throw_response Responses.redirect_with_error('access_denied', redirect_uri)
     end
@@ -63,6 +53,24 @@ module OAuth2::Provider::Rack
 
     private
 
+    def validate!
+      unless client_id
+        raise OAuth2::Provider::Rack::InvalidRequest, 'No client_id provided'
+      end
+
+      unless client
+        raise OAuth2::Provider::Rack::InvalidRequest, 'client_id is invalid'
+      end
+
+      unless redirect_uri
+        raise OAuth2::Provider::Rack::InvalidRequest, 'No redirect_uri provided'
+      end
+
+      unless redirect_uri_valid?
+        raise OAuth2::Provider::Rack::InvalidRequest, 'Provided redirect_uri is invalid'
+      end
+    end
+
     def throw_response(response)
       throw :oauth2, response
     end

data/lib/oauth2/provider/rack/authorization_codes_support.rb

@@ -6,7 +6,11 @@ module OAuth2::Provider::Rack::AuthorizationCodesSupport
   end
 
   def block_invalid_authorization_code_requests
-    oauth2_authorization_request.validate!
+    oauth2_authorization_request
+  end
+
+  def regrant_existing_authorizations
+    oauth2_authorization_request.grant_existing!
   end
 
   def grant_authorization_code(resource_owner = nil, authorization_expires_at = nil)

data/lib/oauth2/provider/rack/middleware.rb

@@ -7,11 +7,9 @@ module OAuth2::Provider::Rack
     def call(env)
       request = env['oauth2'] = ResourceRequest.new(env)
 
-      env['warden'] && env['warden'].custom_failure!
-
       response = catch :oauth2 do
         if request.path == "/oauth/access_token"
-          AccessTokenHandler.new(@app, env).process
+          handle_access_token_request(env)
         else
           @app.call(env)
         end
@@ -19,5 +17,9 @@ module OAuth2::Provider::Rack
     rescue InvalidRequest => e
       [400, {}, e.message]
     end
+
+    def handle_access_token_request(env)
+      AccessTokenHandler.new(@app, env).process
+    end
   end
 end

data/lib/oauth2/provider/rack/resource_request.rb

@@ -53,8 +53,9 @@ module OAuth2::Provider::Rack
       authorization && authorization.resource_owner
     end
 
-    def authentication_required!
-      throw_response Responses.unauthorized
+    def authentication_required!(reason = nil)
+      env['warden'] && env['warden'].custom_failure!
+      throw_response Responses.unauthorized(reason)
     end
 
     def insufficient_scope!
@@ -78,7 +79,7 @@ module OAuth2::Provider::Rack
     def block_invalid_token
       access_token = OAuth2::Provider.access_token_class.find_by_access_token(token)
       @authorization = access_token.authorization if access_token
-      throw_response Responses.unauthorized('invalid_token') if access_token.nil? || access_token.expired?
+      authentication_required! 'invalid_token' if access_token.nil? || access_token.expired?
     end
 
     private

data/lib/oauth2/provider/version.rb

@@ -1,5 +1,5 @@
 module OAuth2
   module Provider
-    VERSION = "0.0.17"
+    VERSION = "0.0.18"
   end
 end

data/oauth2-provider.gemspec

@@ -24,6 +24,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rack-test', '~>0.5.7'
   s.add_development_dependency 'activerecord', '~>3.0.1'
   s.add_development_dependency 'rspec', '~>2.1.0'
+  s.add_development_dependency 'mocha', '~>0.9.12'
   s.add_development_dependency 'rake', '~>0.8.7'
   s.add_development_dependency 'sqlite3-ruby', '~>1.3.1'
   s.add_development_dependency 'timecop', '~>0.3.4'

data/spec/requests/authentication_spec.rb

@@ -106,13 +106,13 @@ describe "A request for a protected resource" do
   describe "when warden is part of the stack" do
     it "bypasses warden when no token is passed" do
       warden = "warden"
-      warden.should_receive(:custom_failure!)
+      warden.expects(:custom_failure!)
       get "/protected", {}, {'warden' => warden}
     end
 
     it "bypasses warden when token invalid" do
       warden = "warden"
-      warden.should_receive(:custom_failure!)
+      warden.expects(:custom_failure!)
       get "/protected", {:oauth_token => 'invalid_token'}, {'warden' => warden}
     end
   end

data/spec/requests/authorization_code_request_spec.rb

@@ -1,5 +1,115 @@
 require 'spec_helper'
 
+describe OAuth2::Provider::Rack::AuthorizationCodeRequest do
+  describe "#initialize" do
+    before :each do
+      @client = OAuth2::Provider.client_class.create! :name => 'client'
+      @valid_params = {
+        'client_id' => @client.oauth_identifier,
+        'redirect_uri' => "https://redirect.example.com/callback"
+      }
+    end
+
+    describe "with a valid client_id and redirect_uri" do
+      it "doesn't raise any exception" do
+        lambda {
+          OAuth2::Provider::Rack::AuthorizationCodeRequest.new(@valid_params)
+        }.should_not raise_error
+      end
+    end
+
+    describe "without a client_id" do
+      it "raises OAuth2::Provider::Rack::InvalidRequest" do
+        lambda {
+          OAuth2::Provider::Rack::AuthorizationCodeRequest.new(@valid_params.except('client_id'))
+        }.should raise_error(OAuth2::Provider::Rack::InvalidRequest)
+      end
+    end
+
+    describe "with an unknown client" do
+      it "raises OAuth2::Provider::Rack::InvalidRequest" do
+        lambda {
+          OAuth2::Provider::Rack::AuthorizationCodeRequest.new(@valid_params.merge(
+            'client_id' => 'unknown'
+          ))
+        }.should raise_error(OAuth2::Provider::Rack::InvalidRequest)
+      end
+    end
+
+    describe "without a redirect_uri" do
+      it "raises OAuth2::Provider::Rack::InvalidRequest" do
+        lambda {
+          OAuth2::Provider::Rack::AuthorizationCodeRequest.new(@valid_params.except('redirect_uri'))
+        }.should raise_error(OAuth2::Provider::Rack::InvalidRequest)
+      end
+    end
+
+    describe "with a redirect_uri the client regards as invalid" do
+      before :each do
+        OAuth2::Provider.client_class.stubs(:from_param).returns(@client)
+        @client.expects(:allow_redirection?).with(@valid_params['redirect_uri']).returns(false)
+      end
+
+      it "raises OAuth2::Provider::Rack::InvalidRequest" do
+        lambda {
+          OAuth2::Provider::Rack::AuthorizationCodeRequest.new(@valid_params)
+        }.should raise_error(OAuth2::Provider::Rack::InvalidRequest)
+      end
+    end
+  end
+
+  describe "#grant_existing!(resource_owner)" do
+    before :each do
+      @client = OAuth2::Provider.client_class.create! :name => 'client'
+      @owner = create_resource_owner
+      @scope = 'a-scope'
+      @request = OAuth2::Provider::Rack::AuthorizationCodeRequest.new(
+        'client_id' => @client.oauth_identifier,
+        'redirect_uri' => "https://redirect.example.com/callback",
+        'scope' => @scope
+      )
+    end
+
+    describe "when matching authorization exists" do
+      before :each do
+        @authorization = create_authorization(:client => @client, :resource_owner => @owner, :scope => @scope)
+      end
+
+      it "throws an oauth2 response" do
+        lambda {
+          @request.grant_existing!(@owner)
+        }.should throw_symbol(:oauth2)
+      end
+
+      it "creates an authorization code for the matching authorization" do
+        catch :oauth2 do
+          @request.grant_existing!(@owner)
+        end
+        code = @authorization.reload.authorization_codes.first
+        code.should_not be_nil
+        code.redirect_uri.should eql("https://redirect.example.com/callback")
+      end
+
+      it "includes authorization code in the response" do
+        response = catch :oauth2 do
+          @request.grant_existing!(@owner)
+        end
+        code = @authorization.reload.authorization_codes.first
+        uri = response[1]["Location"]
+        Addressable::URI.parse(uri).query_values['code'].should == code.code
+      end
+    end
+
+    describe "when no matching authorization exists" do
+      it "returns normally" do
+        lambda {
+          @request.grant_existing!(@owner)
+        }.should_not throw_symbol(:oauth2)
+      end
+    end
+  end
+end
+
 describe OAuth2::Provider::Rack::AuthorizationCodeRequest do
   before :each do
     ExampleResourceOwner.destroy_all
@@ -15,7 +125,6 @@ describe OAuth2::Provider::Rack::AuthorizationCodeRequest do
     action do |env|
       request = Rack::Request.new(env)
       env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(request.params)
-      env['oauth2.authorization_request'].validate!
       successful_response
     end
 
@@ -73,7 +182,6 @@ describe OAuth2::Provider::Rack::AuthorizationCodeRequest do
       action do |env|
         request = Rack::Request.new(env)
         env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(request.params)
-        env['oauth2.authorization_request'].validate!
         env['oauth2.authorization_request'].invalid_scope!
         successful_response
       end
@@ -89,9 +197,8 @@ describe OAuth2::Provider::Rack::AuthorizationCodeRequest do
   describe "Intercepting invalid requests" do
     action do |env|
       request = Rack::Request.new(env)
-      env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(request.params)
       begin
-        env['oauth2.authorization_request'].validate!
+        env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(request.params)
         successful_response
       rescue OAuth2::Provider::Rack::InvalidRequest => e
         [418, {'Content-Type' => 'text/plain'}, e.to_s]
@@ -119,7 +226,6 @@ describe OAuth2::Provider::Rack::AuthorizationCodeRequest do
     action do |env|
       request = Rack::Request.new(env)
       env['oauth2.authorization_request'] ||= OAuth2::Provider::Rack::AuthorizationCodeRequest.new(request.params)
-      env['oauth2.authorization_request'].validate!
       successful_response
     end
 
@@ -206,4 +312,4 @@ describe OAuth2::Provider::Rack::AuthorizationCodeRequest do
 
     redirects_back_with_error 'access_denied'
   end
-end
+end

data/spec/requests/middleware_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe OAuth2::Provider::Rack::Middleware do
+  subject do
+    ::OAuth2::Provider::Rack::Middleware.new(main_app)
+  end
+
+  def app
+    subject
+  end
+
+  describe "in general" do
+    let :main_app do
+      Proc.new do
+        [200, {'Content-Type' => 'text/plain'}, 'Apptastic']
+      end
+    end
+
+    it "passes requests to /oauth/access_token to #handle_access_token_request" do
+      subject.expects(:handle_access_token_request).returns(
+        [418, {'Content-Type' => 'text/plain'}, 'Short and stout']
+      )
+      get "/oauth/access_token"
+      response.status.should eql(418)
+      response.body.should eql('Short and stout')
+    end
+
+    it "passes other requests to the main app" do
+      get "/any/other/path"
+      response.status.should eql(200)
+      response.body.should eql('Apptastic')
+    end
+  end
+
+  describe "when main app throws :oauth2 response" do
+    let :main_app do
+      Proc.new do
+        throw :oauth2, [418, {'Content-Type' => 'text/plain'}, 'Teapot']
+      end
+    end
+
+    it "uses thrown response" do
+      get "/any/path"
+      response.status.should eql(418)
+      response.body.should eql('Teapot')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -21,6 +21,8 @@ RSpec.configure do |config|
     Timecop.return
   end
 
+  config.mock_with :mocha
+
   config.include OAuth2::Provider::RSpec::Macros
   config.include OAuth2::Provider::RSpec::Factories
   config.include OAuth2::Provider::RSpec::Rack

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: oauth2-provider
 version: !ruby/object:Gem::Version 
-  hash: 61
+  hash: 59
   prerelease: 
   segments: 
   - 0
   - 0
-  - 17
-  version: 0.0.17
+  - 18
+  version: 0.0.18
 platform: ruby
 authors: 
 - Tom Ward
@@ -15,8 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-31 00:00:00 +01:00
-default_executable: 
+date: 2011-06-11 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   type: :runtime
@@ -99,6 +98,22 @@ dependencies:
 - !ruby/object:Gem::Dependency 
   type: :development
   requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 35
+        segments: 
+        - 0
+        - 9
+        - 12
+        version: 0.9.12
+  version_requirements: *id006
+  name: mocha
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  type: :development
+  requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -109,12 +124,12 @@ dependencies:
         - 8
         - 7
         version: 0.8.7
-  version_requirements: *id006
+  version_requirements: *id007
   name: rake
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -125,12 +140,12 @@ dependencies:
         - 3
         - 1
         version: 1.3.1
-  version_requirements: *id007
+  version_requirements: *id008
   name: sqlite3-ruby
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id008 !ruby/object:Gem::Requirement 
+  requirement: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -141,12 +156,12 @@ dependencies:
         - 3
         - 4
         version: 0.3.4
-  version_requirements: *id008
+  version_requirements: *id009
   name: timecop
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  requirement: &id010 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -157,12 +172,12 @@ dependencies:
         - 7
         - 5
         version: 0.7.5
-  version_requirements: *id009
+  version_requirements: *id010
   name: yajl-ruby
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  requirement: &id011 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - "="
@@ -175,12 +190,12 @@ dependencies:
         - rc
         - 6
         version: 2.0.0.rc.6
-  version_requirements: *id010
+  version_requirements: *id011
   name: mongoid
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id011 !ruby/object:Gem::Requirement 
+  requirement: &id012 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - "="
@@ -191,12 +206,12 @@ dependencies:
         - 2
         - 0
         version: 1.2.0
-  version_requirements: *id011
+  version_requirements: *id012
   name: bson
   prerelease: false
 - !ruby/object:Gem::Dependency 
   type: :development
-  requirement: &id012 !ruby/object:Gem::Requirement 
+  requirement: &id013 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - "="
@@ -207,7 +222,7 @@ dependencies:
         - 2
         - 0
         version: 1.2.0
-  version_requirements: *id012
+  version_requirements: *id013
   name: bson_ext
   prerelease: false
 description: OAuth2 Provider, extracted from api.hashblue.com
@@ -312,6 +327,7 @@ files:
 - spec/requests/access_tokens_controller_spec.rb
 - spec/requests/authentication_spec.rb
 - spec/requests/authorization_code_request_spec.rb
+- spec/requests/middleware_spec.rb
 - spec/schema.rb
 - spec/set_backend_env_to_mongoid.rb
 - spec/spec_helper.rb
@@ -320,7 +336,6 @@ files:
 - spec/support/macros.rb
 - spec/support/mongoid_backend.rb
 - spec/support/rack.rb
-has_rdoc: true
 homepage: http://tomafro.net
 licenses: []
 
@@ -350,7 +365,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.6.2
+rubygems_version: 1.8.5
 signing_key: 
 specification_version: 3
 summary: OAuth2 Provider, extracted from api.hashblue.com
@@ -362,6 +377,7 @@ test_files:
 - spec/requests/access_tokens_controller_spec.rb
 - spec/requests/authentication_spec.rb
 - spec/requests/authorization_code_request_spec.rb
+- spec/requests/middleware_spec.rb
 - spec/schema.rb
 - spec/set_backend_env_to_mongoid.rb
 - spec/spec_helper.rb