oauth2 0.3.0 → 0.4.0

data/CHANGELOG.md

@@ -1,22 +1,20 @@
-0.0.10 - June 19, 2010
-----------------------
-* Handle ActiveSupport JSON case where incompatible string does not raise an error. (via Flameeyes)
-* Depend on latest version of MultiJSON.
+# CHANGELOG
 
-0.0.9 - June 18, 2010
----------------------
-* Support a JSON token response with swappable JSON parser via MultiJSON.
-* Add support for "expires_in" parameter and relevant methods on AccessToken.
-
-0.0.8 - April 27, 2010
-----------------------
-* Change get_request_token to use POST to conform to OAuth 2.0 spec. (via jeremy)
-
-0.0.7 - April 27, 2010
-----------------------
-* Updating Faraday dependency for improved SSL support (via technoweenie)
-
-0.0.6 - April 25, 2010
-----------------------
-* Added ResponseString so as not to throw away response information when making requests.
-* Deprecated #access_token on WebServer strategy in favor of #get_access_token
+* [0.4.0 - April 20, 2011](https://github.com/intridea/oauth2/compare/v0.3.0...v0.4.0)
+* [0.3.0 - April 8, 2011](https://github.com/intridea/oauth2/compare/v0.2.0...v0.3.0)
+* [0.2.0 - April 1, 2011](https://github.com/intridea/oauth2/compare/v0.1.1...v0.2.0)
+* [0.1.1 - January 12, 2011](https://github.com/intridea/oauth2/compare/v0.1.0...v0.1.1)
+* [0.1.0 - October 13, 2010](https://github.com/intridea/oauth2/compare/v0.0.13...v0.1.0)
+* [0.0.13 - August 17, 2010](https://github.com/intridea/oauth2/compare/v0.0.12...v0.0.13)
+* [0.0.12 - August 17, 2010](https://github.com/intridea/oauth2/compare/v0.0.11...v0.0.12)
+* [0.0.11 - August 17, 2010](https://github.com/intridea/oauth2/compare/v0.0.10...v0.0.11)
+* [0.0.10 - June 19, 2010](https://github.com/intridea/oauth2/compare/v0.0.9...v0.0.10)
+* [0.0.9 - June 18, 2010](https://github.com/intridea/oauth2/compare/v0.0.8...v0.0.9)
+* [0.0.8 - April 27, 2010](https://github.com/intridea/oauth2/compare/v0.0.7...v0.0.8)
+* [0.0.7 - April 27, 2010](https://github.com/intridea/oauth2/compare/v0.0.6...v0.0.7)
+* [0.0.6 - April 25, 2010](https://github.com/intridea/oauth2/compare/v0.0.5...v0.0.6)
+* [0.0.5 - April 23, 2010](https://github.com/intridea/oauth2/compare/v0.0.4...v0.0.5)
+* [0.0.4 - April 22, 2010](https://github.com/intridea/oauth2/compare/v0.0.3...v0.0.4)
+* [0.0.3 - April 22, 2010](https://github.com/intridea/oauth2/compare/v0.0.2...v0.0.3)
+* [0.0.2 - April 22, 2010](https://github.com/intridea/oauth2/compare/v0.0.1...v0.0.2)
+* [0.0.1 - April 22, 2010](https://github.com/intridea/oauth2/compare/311d9f42e52b832119170d90e818f0f0b0078851...v0.0.1)

data/lib/oauth2.rb

@@ -1,6 +1,7 @@
 module OAuth2
   class ErrorWithResponse < StandardError; attr_accessor :response end
   class AccessDenied < ErrorWithResponse; end
+  class Conflict < ErrorWithResponse; end
   class HTTPError < ErrorWithResponse; end
 end
 
@@ -9,4 +10,4 @@ require 'oauth2/strategy/base'
 require 'oauth2/strategy/web_server'
 require 'oauth2/strategy/password'
 require 'oauth2/access_token'
-require 'oauth2/response_object'
+require 'oauth2/response_object'

data/lib/oauth2/access_token.rb

@@ -27,7 +27,9 @@ module OAuth2
     end
 
     def request(verb, path, params={}, headers={})
-      params = params.merge token_param => @token
+      if params.instance_of?(Hash)
+        params = params.merge token_param => @token
+      end
       headers = headers.merge 'Authorization' => "OAuth #{@token}"
       @client.request(verb, path, params, headers)
     end

data/lib/oauth2/client.rb

@@ -2,7 +2,7 @@ require 'faraday'
 
 module OAuth2
   class Client
-    attr_accessor :id, :secret, :site, :connection, :options, :raise_errors
+    attr_accessor :id, :secret, :site, :connection, :options, :raise_errors, :token_method
     attr_writer :json
 
     # Instantiate a new OAuth 2.0 client using the
@@ -15,6 +15,8 @@ module OAuth2
     # <tt>:authorize_path</tt> :: Specify the path to the authorization endpoint.
     # <tt>:authorize_url</tt> :: Specify a full URL of the authorization endpoint.
     # <tt>:access_token_path</tt> :: Specify the path to the access token endpoint.
+    # <tt>:access_token_method</tt> :: Specify the method to use for token endpoints, can be :get or :post
+    # (note: for Facebook this should be :get and for Google this should be :post)
     # <tt>:access_token_url</tt> :: Specify the full URL of the access token endpoint.
     # <tt>:parse_json</tt> :: If true, <tt>application/json</tt> responses will be automatically parsed.
     # <tt>:ssl</tt> :: Specify SSL options for the connection.
@@ -23,6 +25,7 @@ module OAuth2
     # <tt>:raise_errors</tt> :: Default true. When false it will then return the error status and response instead of raising an exception.
     def initialize(client_id, client_secret, opts={})
       self.options      = opts.dup
+      self.token_method = self.options.delete(:access_token_method) || :get
       adapter           = self.options.delete(:adapter)
       ssl_opts          = self.options.delete(:ssl) || {}
       connection_opts   = ssl_opts ? {:ssl => ssl_opts} : {}
@@ -52,7 +55,7 @@ module OAuth2
 
     # Makes a request relative to the specified site root.
     def request(verb, url, params={}, headers={})
-      if verb == :get
+      if (verb == :get) || (verb == :delete)
         resp = connection.run_request(verb, url, nil, headers) do |req|
           req.params.update(params)
         end
@@ -64,10 +67,16 @@ module OAuth2
         case resp.status
           when 200...299
             return response_for(resp)
+          when 302
+            return request(verb, resp.headers['location'], params, headers)
           when 401
             e = OAuth2::AccessDenied.new("Received HTTP 401 during request.")
             e.response = resp
             raise e
+          when 409
+            e = OAuth2::Conflict.new("Received HTTP 409 during request.")
+            e.response = resp
+            raise e
           else
             e = OAuth2::HTTPError.new("Received HTTP #{resp.status} during request.")
             e.response = resp

data/lib/oauth2/response_object.rb

@@ -51,7 +51,7 @@ module OAuth2
     include ResponseObject
 
     def initialize(response)
-      super(response.body)
+      super(response.body.to_s)
       self.response = response
     end
   end

data/lib/oauth2/strategy/base.rb

@@ -19,6 +19,15 @@ module OAuth2
       end
 
       def access_token_params(options={})
+        return default_params(options)
+      end
+
+      def refresh_token_params(options={})
+        return default_params(options)
+      end
+
+      private
+      def default_params(options={})
         {
           'client_id' => @client.id,
           'client_secret' => @client.secret

data/lib/oauth2/strategy/web_server.rb

@@ -12,8 +12,30 @@ module OAuth2
       # in order to successfully verify your request for most OAuth 2.0
       # endpoints.
       def get_access_token(code, options={})
-        response = @client.request(:get, @client.access_token_url, access_token_params(code, options))
+        response = @client.request(@client.token_method, @client.access_token_url, access_token_params(code, options))
+        parse_response(response)
+      end
+
+      def refresh_access_token(refresh_token, options={})
+        response = @client.request(@client.token_method, @client.access_token_url, refresh_token_params(refresh_token, options))
+        parse_response(response, refresh_token)
+      end
 
+      def access_token_params(code, options={}) #:nodoc:
+        super(options).merge({
+          'grant_type' => 'authorization_code',
+          'code' => code,
+        })
+      end
+
+      def refresh_token_params(refresh_token, options={}) #:nodoc:
+        super(options).merge({
+          'grant_type' => 'refresh_token',
+          'refresh_token' => refresh_token,
+        })
+      end
+
+      def parse_response(response, refresh_token = nil)
         if response.is_a? Hash
           params = response
         else
@@ -26,18 +48,11 @@ module OAuth2
         end
 
         access = params.delete('access_token')
-        refresh = params.delete('refresh_token')
+        refresh = params.delete('refresh_token') || refresh_token
         # params['expires'] is only for Facebook
         expires_in = params.delete('expires_in') || params.delete('expires')
         OAuth2::AccessToken.new(@client, access, refresh, expires_in, params)
       end
-
-      def access_token_params(code, options={}) #:nodoc:
-        super(options).merge({
-          'grant_type' => 'authorization_code',
-          'code' => code,
-        })
-      end
     end
   end
 end

data/lib/oauth2/version.rb

@@ -1,3 +1,3 @@
 module OAuth2
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

data/spec/oauth2/access_token_spec.rb

@@ -5,10 +5,11 @@ describe OAuth2::AccessToken do
     cli = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com')
     cli.connection.build do |b|
       b.adapter :test do |stub|
-        stub.get('/client?oauth_token=monkey') {|env| [200, {}, 'get']}
-        stub.post('/client')                   {|env| [200, {}, 'oauth_token=' << env[:body]['oauth_token']]}
-        stub.put('/client')                    {|env| [200, {}, 'oauth_token=' << env[:body]['oauth_token']]}
-        stub.delete('/client')                 {|env| [200, {}, 'oauth_token=' << env[:body]['oauth_token']]}
+        stub.get('/client?oauth_token=monkey')    {|env| [200, {}, 'get']}
+        stub.post('/client')                      {|env| [200, {}, 'oauth_token=' << env[:body]['oauth_token']]}
+        stub.get('/empty_get?oauth_token=monkey') {|env| [204, {},  nil]}
+        stub.put('/client')                       {|env| [200, {}, 'oauth_token=' << env[:body]['oauth_token']]}
+        stub.delete('/client?oauth_token=monkey') {|env| [200, {}, 'delete']}
       end
     end
     cli
@@ -30,15 +31,21 @@ describe OAuth2::AccessToken do
       target.params['foo'].should == 'bar'
     end
 
-    it "makes GET requests with access token" do
-      subject.send(:get, 'client').should == 'get'
+    %w(get delete).each do |http_method|
+      it "makes #{http_method.upcase} requests with access token" do
+        subject.send(http_method.to_sym, 'client').should == http_method
+      end
     end
 
-    %w(post put delete).each do |http_method|
+    %w(post put).each do |http_method|
       it "makes #{http_method.upcase} requests with access token" do
         subject.send(http_method.to_sym, 'client').should == 'oauth_token=monkey'
       end
     end
+    
+    it "works with a null response body" do
+      subject.get('empty_get').should == ''
+    end
   end
 
   describe '#expires?' do

data/spec/oauth2/client_spec.rb

@@ -7,6 +7,8 @@ describe OAuth2::Client do
       b.adapter :test do |stub|
         stub.get('/success')      {|env| [200, {'Content-Type' => 'text/awesome'}, 'yay']}
         stub.get('/unauthorized') {|env| [401, {'Content-Type' => 'text/plain'}, 'not authorized']}
+        stub.get('/conflict')    {|env| [409, {'Content-Type' => 'text/plain'}, 'not authorized']}
+        stub.get('/redirect')     {|env| [302, {'Content-Type' => 'text/plain', 'location' => '/success' }, '']}
         stub.get('/error')        {|env| [500, {}, '']}
         stub.get('/json')         {|env| [200, {'Content-Type' => 'application/json; charset=utf8'}, '{"abc":"def"}']}
       end
@@ -43,17 +45,24 @@ describe OAuth2::Client do
 
       OAuth2::Client.new('abc', 'def', :adapter => [:action_dispatch, session])
     end
-    
+
     it "defaults raise_errors to true" do
       subject.raise_errors.should be_true
     end
-    
+
     it "allows true/false for raise_errors option" do
       client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :raise_errors => false)
       client.raise_errors.should be_false
       client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :raise_errors => true)
       client.raise_errors.should be_true
     end
+
+    it "allows get/post for access_token_method option" do
+      client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :access_token_method => :get)
+      client.token_method.should == :get
+      client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :access_token_method => :post)
+      client.token_method.should == :post
+    end
   end
 
   %w(authorize access_token).each do |path_type|
@@ -82,6 +91,13 @@ describe OAuth2::Client do
       response.headers.should == {'Content-Type' => 'text/awesome'}
     end
 
+    it "follows redirects properly" do
+      response = subject.request(:get, '/redirect', {}, {})
+      response.should == 'yay'
+      response.status.should == 200
+      response.headers.should == {'Content-Type' => 'text/awesome'}
+    end
+
     it "returns ResponseString on error if raise_errors is false" do
       subject.raise_errors = false
       response = subject.request(:get, '/unauthorized', {}, {})
@@ -95,6 +111,10 @@ describe OAuth2::Client do
       lambda {subject.request(:get, '/unauthorized', {}, {})}.should raise_error(OAuth2::AccessDenied)
     end
 
+    it "raises OAuth2::Conflict on 409 response" do
+      lambda {subject.request(:get, '/conflict', {}, {})}.should raise_error(OAuth2::Conflict)
+    end
+
     it "raises OAuth2::HTTPError on error response" do
       lambda {subject.request(:get, '/error', {}, {})}.should raise_error(OAuth2::HTTPError)
     end

data/spec/oauth2/strategy/web_server_spec.rb

@@ -15,6 +15,32 @@ describe OAuth2::Strategy::WebServer do
             [200, {}, 'expires=600&access_token=salmon&refresh_token=trout&extra_param=steve']
           end
         end
+        stub.post('/oauth/access_token', { 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code' }) do |env|
+          case @mode
+          when "formencoded"
+            [200, {}, 'expires_in=600&access_token=salmon&refresh_token=trout&extra_param=steve']
+          when "json"
+            [200, {}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout","extra_param":"steve"}']
+          when "from_facebook"
+            [200, {}, 'expires=600&access_token=salmon&refresh_token=trout&extra_param=steve']
+          end
+        end
+        stub.get('/oauth/access_token?client_id=abc&client_secret=def&grant_type=refresh_token&refresh_token=trout') do |env|
+          case @mode
+          when "formencoded"
+            [200, {}, 'expires_in=600&access_token=tuna']
+          when "json"
+            [200, {}, '{"expires_in":600,"access_token":"tuna"}']
+          end
+        end
+        stub.post('/oauth/access_token', { 'client_id' => 'abc', 'client_secret' => 'def', 'refresh_token' => 'trout', 'grant_type' => 'refresh_token' }) do |env|
+          case @mode
+          when "formencoded"
+            [200, {}, 'expires_in=600&access_token=tuna']
+          when "json"
+            [200, {}, '{"expires_in":600,"access_token":"tuna"}']
+          end
+        end
       end
     end
     cli
@@ -38,35 +64,73 @@ describe OAuth2::Strategy::WebServer do
 
   %w(json formencoded from_facebook).each do |mode|
     [false, true].each do |parse_json|
-      describe "#get_access_token (#{mode}, parse_json=#{parse_json})" do
-        before do
-          @mode = mode
-          client.json=parse_json
-          @access = subject.get_access_token('sushi')
-        end
+      [:get, :post].each do |verb|
+        describe "#get_access_token (#{mode}, token_method=#{verb} parse_json=#{parse_json})" do
+          before do
+            @mode = mode
+            client.json=parse_json
+            client.token_method=verb
+            @access = subject.get_access_token('sushi')
+          end
 
-        it 'returns AccessToken with same Client' do
-          @access.client.should == client
-        end
+          it 'returns AccessToken with same Client' do
+            @access.client.should == client
+          end
 
-        it 'returns AccessToken with #token' do
-          @access.token.should == 'salmon'
-        end
+          it 'returns AccessToken with #token' do
+            @access.token.should == 'salmon'
+          end
 
-        it 'returns AccessToken with #refresh_token' do
-          @access.refresh_token.should == 'trout'
-        end
+          it 'returns AccessToken with #refresh_token' do
+            @access.refresh_token.should == 'trout'
+          end
 
-        it 'returns AccessToken with #expires_in' do
-          @access.expires_in.should == 600
-        end
+          it 'returns AccessToken with #expires_in' do
+            @access.expires_in.should == 600
+          end
 
-        it 'returns AccessToken with #expires_at' do
-          @access.expires_at.should be_kind_of(Time)
+          it 'returns AccessToken with #expires_at' do
+            @access.expires_at.should be_kind_of(Time)
+          end
+
+          it 'returns AccessToken with params accessible via []' do
+            @access['extra_param'].should == 'steve'
+          end
         end
+      end
+    end
+  end
 
-        it 'returns AccessToken with params accessible via []' do
-          @access['extra_param'].should == 'steve'
+  %w(json formencoded).each do |mode|
+    [false, true].each do |parse_json|
+      [:get].each do |verb|
+        describe "#refresh_access_token (#{mode}, token_method=#{verb} parse_json=#{parse_json})" do
+          before do
+            @mode = mode
+            client.json=parse_json
+            client.token_method=verb
+            @access = subject.refresh_access_token('trout')
+          end
+
+           it 'returns AccessToken with same Client' do
+             @access.client.should == client
+           end
+
+          it 'returns AccessToken with #token' do
+            @access.token.should == 'tuna'
+          end
+
+          it 'returns AccessToken with #refresh_token' do
+            @access.refresh_token.should == 'trout'
+          end
+
+          it 'returns AccessToken with #expires_in' do
+            @access.expires_in.should == 600
+          end
+
+          it 'returns AccessToken with #expires_at' do
+            @access.expires_at.should be_kind_of(Time)
+          end
         end
       end
     end

data/spec/spec_helper.rb

@@ -1,3 +1,7 @@
+require "rubygems"
+require "bundler"
+Bundler.setup
+
 require 'simplecov'
 SimpleCov.start
 require 'oauth2'

metadata

@@ -2,7 +2,7 @@
 name: oauth2
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors: 
 - Michael Bleigh
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-04-08 00:00:00 Z
+date: 2011-04-20 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: faraday