oauth2-rack 0.0.4 → 0.0.5

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oauth2-rack (0.0.4)
+    oauth2-rack (0.0.5)
       multi_json
       rack
 

data/lib/oauth2/rack/authorization/client_credentials/access_token_issuer.rb

@@ -35,7 +35,7 @@ class OAuth2::Rack::Authorization::ClientCredentials::AccessTokenIssuer
   def find_acccess_token(opts)
     if @issuer
       @issuer.call(opts)
-    end || { 'error' => 'unauthorized_client' }
+    end || { 'error' => 'invalid_grant' }
   end
 
   def successful_response(response_object)

data/lib/oauth2/rack/authorization/password/access_token_issuer.rb

@@ -37,7 +37,7 @@ class OAuth2::Rack::Authorization::Password::AccessTokenIssuer
   def find_acccess_token(opts)
     if @issuer
       @issuer.call(opts)
-    end || { 'error' => 'unauthorized_client' }
+    end || { 'error' => 'invalid_grant' }
   end
 
   def successful_response(response_object)

data/lib/oauth2/rack/authorization/refresh_token/access_token_issuer.rb

@@ -0,0 +1,55 @@
+# @see 6. Refreshing an access token
+require 'oauth2/rack'
+require 'multi_json'
+
+class OAuth2::Rack::Authorization::RefreshToken::AccessTokenIssuer
+  def initialize(app, opts = {}, &issuer)
+    @app = app
+
+    @issuer = issuer || opts[:issuer]
+  end
+
+  def call(env)
+    request = Rack::Request.new(env)
+    unless request['grant_type'] == 'refresh_token'
+      return error_response(:error => 'invalid_request')
+    end
+
+    # oauth2.client is set in client authentication
+    access_token = find_acccess_token(:grant_type => 'refresh_token',
+                                      :refresh_token => request['refresh_token'],
+                                      :client => env['oauth2.client'],
+                                      :scope => request['scope'])
+
+    if access_token['error']
+      error_response(access_token)
+    else
+      successful_response(access_token)
+    end
+  end
+
+  private
+  def find_acccess_token(opts)
+    if @issuer
+      @issuer.call(opts)
+    end || { 'error' => 'invalid_grant' }
+  end
+
+  def successful_response(response_object)
+    headers = {
+      'Content-Type' => 'application/json;charset=UTF-8',
+      'Cache-Control' => 'no-store',
+      'Pragma' => 'no-cache'
+    }
+
+    [200, headers, [MultiJson.encode(response_object)]]
+  end
+
+  def error_response(response_object)
+    headers = {
+      'Content-Type' => 'application/json;charset=UTF-8'
+    }
+
+    [400, headers, [MultiJson.encode(response_object)]]
+  end
+end

data/lib/oauth2/rack/authorization/refresh_token.rb

@@ -0,0 +1,4 @@
+module OAuth2::Rack::Authorization::RefreshToken
+  autoload :AccessTokenIssuer, 'oauth2/rack/authorization/refresh_token/access_token_issuer'
+end
+

data/lib/oauth2/rack/authorization.rb

@@ -2,5 +2,6 @@
 module OAuth2::Rack::Authorization
   autoload :ClientCredentials, 'oauth2/rack/authorization/client_credentials'
   autoload :Password, 'oauth2/rack/authorization/password'
+  autoload :RefreshToken, 'oauth2/rack/authorization/refresh_token'
 end
 

data/lib/oauth2/rack/version.rb

@@ -1,5 +1,5 @@
 module OAuth2
   module Rack
-    VERSION = "0.0.4"
+    VERSION = "0.0.5"
   end
 end

data/spec/oauth2/rack/authorization/client_credentials/access_token_issuer_spec.rb

@@ -28,11 +28,11 @@ describe OAuth2::Rack::Authorization::ClientCredentials::AccessTokenIssuer do
       before { opts[:params] = params }
 
       context 'and issuer is not specified' do
-        it 'responds with unauthorized_client' do
+        it 'responds with invalid_grant' do
           do_request
 
           response.status.should eq(400)
-          response_object['error'].should eq('unauthorized_client')
+          response_object['error'].should eq('invalid_grant')
         end
       end
 
@@ -62,11 +62,11 @@ describe OAuth2::Rack::Authorization::ClientCredentials::AccessTokenIssuer do
             before {
               issuer.should_receive(:call).with(expected_find_opts).and_return(nil)
             }
-            it 'responds with unauthorized_client' do
+            it 'responds with invalid_grant' do
               do_request
 
               response.status.should eq(400)
-              response_object['error'].should eq('unauthorized_client')
+              response_object['error'].should eq('invalid_grant')
             end
           end
           

data/spec/oauth2/rack/authorization/password/access_token_issuer_spec.rb

@@ -29,11 +29,11 @@ describe OAuth2::Rack::Authorization::Password::AccessTokenIssuer do
       before { opts[:params] = params }
 
       context 'and issuer is not specified' do
-        it 'responds with unauthorized_client' do
+        it 'responds with invalid_grant' do
           do_request
 
           response.status.should eq(400)
-          response_object['error'].should eq('unauthorized_client')
+          response_object['error'].should eq('invalid_grant')
         end
       end
 
@@ -66,11 +66,11 @@ describe OAuth2::Rack::Authorization::Password::AccessTokenIssuer do
             before {
               issuer.should_receive(:call).with(expected_find_opts).and_return(nil)
             }
-            it 'responds with unauthorized_client' do
+            it 'responds with invalid_grant' do
               do_request
 
               response.status.should eq(400)
-              response_object['error'].should eq('unauthorized_client')
+              response_object['error'].should eq('invalid_grant')
             end
           end
           

data/spec/oauth2/rack/authorization/refresh_token/access_token_issuer_spec.rb

@@ -0,0 +1,92 @@
+require 'spec_helper'
+
+describe OAuth2::Rack::Authorization::RefreshToken::AccessTokenIssuer do
+  let(:refresh_token) { "xxxx" }
+  let(:client) { double('client') }
+  let(:opts) { Hash.new }
+
+  def do_request
+    post '/', opts
+  end
+
+  context 'when grant_type is invalid' do
+    let(:params) { Hash[:grant_type => 'xrefresh_token'] }
+    before { opts[:params] = params }
+
+    it 'responds with invalid_request' do
+      do_request
+
+      response.status.should eq(400)
+      response_object['error'].should eq('invalid_request')
+    end
+  end
+
+  context 'and grant_type is valid' do
+    let(:params) { Hash[:grant_type => 'refresh_token'] }
+    before { opts[:params] = params }
+
+    context 'and issuer is not specified' do
+      it 'responds with invalid_grant' do
+        do_request
+
+        response.status.should eq(400)
+        response_object['error'].should eq('invalid_grant')
+      end
+    end
+
+    context 'and issuer is specified' do
+      before {
+        params[:refresh_token] = refresh_token
+        opts['oauth2.client'] = client
+      }
+
+      let(:issuer) { double('issuer') }
+      let(:expected_find_opts) {
+        Hash[:grant_type => 'refresh_token',
+             :refresh_token => refresh_token,
+             :client => client,
+             :scope => nil]
+      }
+
+      app { OAuth2::Rack::Authorization::RefreshToken::AccessTokenIssuer.new(chained_app) { |opts| issuer.call(opts) } }
+
+      context 'but token is not found for the resource owner' do
+        context 'and error is returned' do
+          before {
+            issuer.should_receive(:call).with(expected_find_opts).and_return({'error' => 'customized_error'})
+          }
+          it 'responds with the that error' do
+            do_request
+
+            response.status.should eq(400)
+            response_object['error'].should eq('customized_error')
+          end
+        end
+        context 'and nothing is returned' do
+          before {
+            issuer.should_receive(:call).with(expected_find_opts).and_return(nil)
+          }
+          it 'responds with invalid_grant' do
+            do_request
+
+            response.status.should eq(400)
+            response_object['error'].should eq('invalid_grant')
+          end
+        end
+
+      end
+      context 'and token is found for the client' do
+        before {
+          issuer.should_receive(:call).with(expected_find_opts).and_return({:access_token => 'X'})
+        }
+
+        it 'responds with the found token' do
+          do_request
+
+          response.status.should eq(200)
+          response_object['access_token'].should eq('X')
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2-rack
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2012-01-20 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
-  requirement: &2152553740 !ruby/object:Gem::Requirement
+  requirement: &2156611780 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2152553740
+  version_requirements: *2156611780
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: &2152544600 !ruby/object:Gem::Requirement
+  requirement: &2156611280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2152544600
+  version_requirements: *2156611280
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2152544080 !ruby/object:Gem::Requirement
+  requirement: &2156592240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152544080
+  version_requirements: *2156592240
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2152543560 !ruby/object:Gem::Requirement
+  requirement: &2156591700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152543560
+  version_requirements: *2156591700
 - !ruby/object:Gem::Dependency
   name: yard
-  requirement: &2152543040 !ruby/object:Gem::Requirement
+  requirement: &2156591120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152543040
+  version_requirements: *2156591120
 - !ruby/object:Gem::Dependency
   name: shotgun
-  requirement: &2152542620 !ruby/object:Gem::Requirement
+  requirement: &2156590520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152542620
+  version_requirements: *2156590520
 - !ruby/object:Gem::Dependency
   name: guard-rspec
-  requirement: &2152542000 !ruby/object:Gem::Requirement
+  requirement: &2156589980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152542000
+  version_requirements: *2156589980
 - !ruby/object:Gem::Dependency
   name: oauth2
-  requirement: &2152541400 !ruby/object:Gem::Requirement
+  requirement: &2156589380 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -98,7 +98,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152541400
+  version_requirements: *2156589380
 description: Rack middlewares for OAuth2 authorization server and resource server
 email:
 - me@iany.me
@@ -130,6 +130,8 @@ files:
 - lib/oauth2/rack/authorization/client_credentials/access_token_issuer.rb
 - lib/oauth2/rack/authorization/password.rb
 - lib/oauth2/rack/authorization/password/access_token_issuer.rb
+- lib/oauth2/rack/authorization/refresh_token.rb
+- lib/oauth2/rack/authorization/refresh_token/access_token_issuer.rb
 - lib/oauth2/rack/version.rb
 - oauth2-rack.gemspec
 - spec/oauth2/rack/authentication/client/http_basic_spec.rb
@@ -137,6 +139,7 @@ files:
 - spec/oauth2/rack/authentication/resource_owner/request_params_spec.rb
 - spec/oauth2/rack/authorization/client_credentials/access_token_issuer_spec.rb
 - spec/oauth2/rack/authorization/password/access_token_issuer_spec.rb
+- spec/oauth2/rack/authorization/refresh_token/access_token_issuer_spec.rb
 - spec/spec_helper.rb
 - spec/support/rake_test_helper.rb
 homepage: https://github.com/doitian/oauth2-rack
@@ -154,7 +157,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3265861188839394143
+      hash: 2663607301986849054
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -163,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3265861188839394143
+      hash: 2663607301986849054
 requirements: []
 rubyforge_project: oauth2-rack
 rubygems_version: 1.8.10
@@ -176,5 +179,6 @@ test_files:
 - spec/oauth2/rack/authentication/resource_owner/request_params_spec.rb
 - spec/oauth2/rack/authorization/client_credentials/access_token_issuer_spec.rb
 - spec/oauth2/rack/authorization/password/access_token_issuer_spec.rb
+- spec/oauth2/rack/authorization/refresh_token/access_token_issuer_spec.rb
 - spec/spec_helper.rb
 - spec/support/rake_test_helper.rb