oauth2 0.4.1 → 0.5.0

data/lib/oauth2/error.rb

@@ -0,0 +1,17 @@
+module OAuth2
+  class Error < StandardError
+    attr_reader :response, :code, :description
+
+    # standard error values include:
+    # :invalid_request, :invalid_client, :invalid_token, :invalid_grant, :unsupported_grant_type, :invalid_scope
+    def initialize(response)
+      response.error = self
+      @response = response
+      if response.parsed.is_a?(Hash)
+        @code = response.parsed['error']
+        @description = response.parsed['error_description']
+      end
+    end
+
+  end
+end

data/lib/oauth2/response.rb

@@ -0,0 +1,90 @@
+require 'multi_json'
+
+module OAuth2
+  # OAuth2::Response class
+  class Response
+    attr_reader :response
+    attr_accessor :error, :options
+
+    # Adds a new content type parser.
+    #
+    # @param [Symbol] key A descriptive symbol key such as :json or :query.
+    # @param [Array] One or more mime types to which this parser applies.
+    # @yield [String] A block returning parsed content.
+    def self.register_parser(key, mime_types, &block)
+      key = key.to_sym
+      PARSERS[key] = block
+      Array(mime_types).each do |mime_type|
+        CONTENT_TYPES[mime_type] = key
+      end
+    end
+
+    # Initializes a Response instance
+    #
+    # @param [Faraday::Response] response The Faraday response instance
+    # @param [Hash] opts options in which to initialize the instance
+    # @option opts [Symbol] :parse (:automatic) how to parse the response body.  one of :url (for x-www-form-urlencoded),
+    #   :json, or :automatic (determined by Content-Type response header)
+    def initialize(response, opts={})
+      @response = response
+      @options = {:parse => :automatic}.merge(opts)
+    end
+
+    # The HTTP response headers
+    def headers
+      response.headers
+    end
+
+    # The HTTP response status code
+    def status
+      response.status
+    end
+
+    # The HTTP resposne body
+    def body
+      response.body || ''
+    end
+
+    # Procs that, when called, will parse a response body according
+    # to the specified format.
+    PARSERS = {
+      :json => lambda{|body| MultiJson.decode(body) rescue body },
+      :query => lambda{|body| Rack::Utils.parse_query(body) },
+      :text => lambda{|body| body}
+    }
+
+    # Content type assignments for various potential HTTP content types.
+    CONTENT_TYPES = {
+      'application/json' => :json,
+      'text/javascript' => :json,
+      'application/x-www-form-urlencoded' => :query,
+      'text/plain' => :text
+    }
+
+    # The parsed response body.
+    #   Will attempt to parse application/x-www-form-urlencoded and
+    #   application/json Content-Type response bodies
+    def parsed
+      return nil unless PARSERS.key?(parser)
+      @parsed ||= PARSERS[parser].call(body)
+    end
+
+    # Attempts to determine the content type of the response.
+    def content_type
+      ((response.headers.values_at('content-type', 'Content-Type').compact.first || '').split(';').first || '').strip
+    end
+
+    # Determines the parser that will be used to supply the content of #parsed
+    def parser
+      return options[:parse].to_sym if PARSERS.key?(options[:parse])
+      CONTENT_TYPES[content_type]
+    end
+  end
+end
+
+begin
+  require 'multi_xml'
+  OAuth2::Response.register_parser(:xml, ['text/xml', 'application/rss+xml', 'application/rdf+xml', 'application/atom+xml']) do |body|
+    MultiXml.parse(body) rescue body
+  end
+rescue LoadError; end

data/lib/oauth2/strategy/auth_code.rb

@@ -0,0 +1,32 @@
+module OAuth2
+  module Strategy
+    # The Authorization Code Strategy
+    #
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1
+    class AuthCode < Base
+      # The required query parameters for the authorize URL
+      #
+      # @param [Hash] params additional query parameters
+      def authorize_params(params={})
+        params.merge('response_type' => 'code', 'client_id' => @client.id)
+      end
+
+      # The authorization URL endpoint of the provider
+      #
+      # @param [Hash] params additional query parameters for the URL
+      def authorize_url(params={})
+        @client.authorize_url(authorize_params.merge(params))
+      end
+
+      # Retrieve an access token given the specified validation code.
+      #
+      # @param [String] code The Authorization Code value
+      # @param [Hash] params additional params
+      # @note that you must also provide a :redirect_uri with most OAuth 2.0 providers
+      def get_token(code, params={})
+        params = {'grant_type' => 'authorization_code', 'code' => code}.merge(client_params).merge(params)
+        @client.get_token(params)
+      end
+    end
+  end
+end

data/lib/oauth2/strategy/base.rb

@@ -1,37 +1,15 @@
 module OAuth2
   module Strategy
-    class Base #:nodoc:
-      def initialize(client)#:nodoc:
+    class Base
+      def initialize(client)
         @client = client
       end
 
-      def authorize_url(options={}) #:nodoc:
-        @client.authorize_url(authorize_params(options))
-      end
-
-      def authorize_params(options={}) #:nodoc:
-        options = options.inject({}){|h, (k, v)| h[k.to_s] = v; h}
-        {'client_id' => @client.id}.merge(options)
-      end
-
-      def access_token_url(options={})
-        @client.access_token_url(access_token_params(options))
-      end
-
-      def access_token_params(options={})
-        return default_params(options)
-      end
-
-      def refresh_token_params(options={})
-        return default_params(options)
-      end
-
-      private
-      def default_params(options={})
-        {
-          'client_id' => @client.id,
-          'client_secret' => @client.secret
-        }.merge(options)
+      # The OAuth client_id and client_secret
+      #
+      # @return [Hash]
+      def client_params
+        {'client_id' => @client.id, 'client_secret' => @client.secret}
       end
     end
   end

data/lib/oauth2/strategy/password.rb

@@ -1,37 +1,26 @@
-require 'multi_json'
-
 module OAuth2
   module Strategy
+    # The Resource Owner Password Credentials Authorization Strategy
+    #
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.3
     class Password < Base
+      # Not used for this strategy
+      #
+      # @raise [NotImplementedError]
       def authorize_url
         raise NotImplementedError, "The authorization endpoint is not used in this strategy"
       end
-      # Retrieve an access token given the specified validation code.
-      # Note that you must also provide a <tt>:redirect_uri</tt> option
-      # in order to successfully verify your request for most OAuth 2.0
-      # endpoints.
-      def get_access_token(username, password, options={})
-        response = @client.request(:post, @client.access_token_url, access_token_params(username, password, options))
-
-        params   = MultiJson.decode(response) rescue nil
-        # the ActiveSupport JSON parser won't cause an exception when
-        # given a formencoded string, so make sure that it was
-        # actually parsed in an Hash. This covers even the case where
-        # it caused an exception since it'll still be nil.
-        params   = Rack::Utils.parse_query(response) unless params.is_a? Hash
-
-        access   = params.delete('access_token')
-        refresh  = params.delete('refresh_token')
-        expires_in = params.delete('expires_in')
-        OAuth2::AccessToken.new(@client, access, refresh, expires_in, params)
-      end
 
-      def access_token_params(username, password, options={}) #:nodoc:
-        super(options).merge({
-          'grant_type'  => 'password',
-          'username'    => username,
-          'password'    => password
-        })
+      # Retrieve an access token given the specified End User username and password.
+      #
+      # @param [String] username the End User username
+      # @param [String] password the End User password
+      # @param [Hash] params additional params
+      def get_token(username, password, params={})
+        params = {'grant_type' => 'password',
+                  'username'   => username,
+                  'password'   => password}.merge(client_params).merge(params)
+        @client.get_token(params)
       end
     end
   end

data/lib/oauth2/version.rb

@@ -1,3 +1,3 @@
 module OAuth2
-  VERSION = "0.4.1"
+  VERSION = "0.5.0"
 end

data/oauth2.gemspec

@@ -1,24 +1,26 @@
 # -*- encoding: utf-8 -*-
-require File.expand_path("../lib/oauth2/version", __FILE__)
+require File.expand_path('../lib/oauth2/version', __FILE__)
 
-Gem::Specification.new do |s|
-  s.name = "oauth2"
-  s.version = OAuth2::VERSION
-  s.required_rubygems_version = Gem::Requirement.new(">= 1.3.6") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Michael Bleigh"]
-  s.description = %q{A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth gem.}
-  s.summary = %q{A Ruby wrapper for the OAuth 2.0 protocol.}
-  s.email = "michael@intridea.com"
-  s.homepage = "http://github.com/intridea/oauth2"
-  s.require_paths = ["lib"]
-  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  s.files = `git ls-files`.split("\n")
-  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.add_runtime_dependency("faraday", "~> 0.6.1")
-  s.add_runtime_dependency("multi_json", ">= 0.0.5")
-  s.add_development_dependency("json_pure", "~> 1.5")
-  s.add_development_dependency("rake", "~> 0.8")
-  s.add_development_dependency("simplecov", "~> 0.4")
-  s.add_development_dependency("rspec", "~> 2.5")
-  s.add_development_dependency("ZenTest", "~> 4.5")
+Gem::Specification.new do |gem|
+  gem.add_development_dependency 'rake', '~> 0.9'
+  gem.add_development_dependency 'rdoc', '~> 3.6'
+  gem.add_development_dependency 'rspec', '~> 2.6'
+  gem.add_development_dependency 'simplecov', '~> 0.4'
+  gem.add_development_dependency 'yard', '~> 0.7'
+  gem.add_development_dependency 'ZenTest', '~> 4.5'
+  gem.add_development_dependency 'multi_xml'
+  gem.add_runtime_dependency 'faraday', ['>= 0.6.1', '< 0.8']
+  gem.add_runtime_dependency 'multi_json', '~> 1.0.0'
+  gem.authors = ["Michael Bleigh", "Erik Michaels-Ober"]
+  gem.description = %q{A Ruby wrapper for the OAuth 2.0 protocol built with a similar style to the original OAuth gem.}
+  gem.email = ['michael@intridea.com', 'sferik@gmail.com']
+  gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files = `git ls-files`.split("\n")
+  gem.homepage = 'http://github.com/intridea/oauth2'
+  gem.name = 'oauth2'
+  gem.require_paths = ['lib']
+  gem.required_rubygems_version = Gem::Requirement.new('>= 1.3.6')
+  gem.summary = %q{A Ruby wrapper for the OAuth 2.0 protocol.}
+  gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.version = OAuth2::VERSION
 end

data/spec/helper.rb

@@ -0,0 +1,13 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'simplecov'
+SimpleCov.start
+require 'oauth2'
+require 'rspec'
+require 'rspec/autorun'
+
+Faraday.default_adapter = :test
+
+RSpec.configure do |conf|
+  include OAuth2
+end

data/spec/oauth2/access_token_spec.rb

@@ -1,90 +1,144 @@
-require 'spec_helper'
+require 'helper'
 
-describe OAuth2::AccessToken do
+VERBS = [:get, :post, :put, :delete]
+
+describe AccessToken do
+  let(:token) {'monkey'}
+  let(:token_body) {MultiJson.encode(:access_token => 'foo', :expires_in => 600, :refresh_token => 'bar')}
+  let(:refresh_body) {MultiJson.encode(:access_token => 'refreshed_foo', :expires_in => 600, :refresh_token => 'refresh_bar')}
   let(:client) do
-    cli = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com')
-    cli.connection.build do |b|
-      b.adapter :test do |stub|
-        stub.get('/client?oauth_token=monkey')    {|env| [200, {}, 'get']}
-        stub.post('/client')                      {|env| [200, {}, 'oauth_token=' << env[:body]['oauth_token']]}
-        stub.get('/empty_get?oauth_token=monkey') {|env| [204, {},  nil]}
-        stub.put('/client')                       {|env| [200, {}, 'oauth_token=' << env[:body]['oauth_token']]}
-        stub.delete('/client?oauth_token=monkey') {|env| [200, {}, 'delete']}
+    Client.new('abc', 'def', :site => 'https://api.example.com') do |builder|
+      builder.request :url_encoded
+      builder.adapter :test do |stub|
+        VERBS.each do |verb|
+          stub.send(verb, '/token/header') {|env| [200, {}, env[:request_headers]['Authorization']]}
+          stub.send(verb, "/token/query?bearer_token=#{token}") {|env| [200, {}, Addressable::URI.parse(env[:url]).query_values['bearer_token']]}
+          stub.send(verb, '/token/body') {|env| [200, {}, env[:body]]}
+        end
+        stub.post('/oauth/token') {|env| [200, {'Content-Type' => 'application/json'}, refresh_body]}
       end
     end
-    cli
   end
 
-  let(:token) {'monkey'}
-
-  subject {OAuth2::AccessToken.new(client, token)}
+  subject {AccessToken.new(client, token)}
 
   describe '#initialize' do
-    it 'should assign client and token' do
+    it 'assigns client and token' do
       subject.client.should == client
       subject.token.should  == token
     end
 
-    it 'should assign extra params' do
-      target = OAuth2::AccessToken.new(client, token, nil, nil, {'foo' => 'bar'})
+    it 'assigns extra params' do
+      target = AccessToken.new(client, token, 'foo' => 'bar')
       target.params.should include('foo')
       target.params['foo'].should == 'bar'
     end
 
-    %w(get delete).each do |http_method|
-      it "makes #{http_method.upcase} requests with access token" do
-        subject.send(http_method.to_sym, 'client').should == http_method
-      end
+    def assert_initialized_token(target)
+      target.token.should eq(token)
+      target.should be_expires
+      target.params.keys.should include('foo')
+      target.params['foo'].should == 'bar'
     end
 
-    %w(post put).each do |http_method|
-      it "makes #{http_method.upcase} requests with access token" do
-        subject.send(http_method.to_sym, 'client').should == 'oauth_token=monkey'
-      end
+    it 'initializes with a Hash' do
+      hash = {:access_token => token, :expires_at => Time.now.to_i + 200, 'foo' => 'bar'}
+      target = AccessToken.from_hash(client, hash)
+      assert_initialized_token(target)
     end
-    
-    it "works with a null response body" do
-      subject.get('empty_get').should == ''
+
+    it 'initalizes with a form-urlencoded key/value string' do
+      kvform = "access_token=#{token}&expires_at=#{Time.now.to_i+200}&foo=bar"
+      target = AccessToken.from_kvform(client, kvform)
+      assert_initialized_token(target)
+    end
+
+    it 'sets options' do
+      target = AccessToken.new(client, token, :param_name => 'foo', :header_format => 'Bearer %', :mode => :body)
+      target.options[:param_name].should == 'foo'
+      target.options[:header_format].should == 'Bearer %'
+      target.options[:mode].should == :body
     end
   end
 
-  describe '#expires?' do
-    it 'should be false if there is no expires_at' do
-      OAuth2::AccessToken.new(client, token).should_not be_expires
+  describe '#request' do
+    context ':mode => :header' do
+      before :all do
+        subject.options[:mode] = :header
+      end
+
+      VERBS.each do |verb|
+        it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do
+          subject.post('/token/header').body.should include(token)
+        end
+      end
     end
 
-    it 'should be true if there is an expires_at' do
-      OAuth2::AccessToken.new(client, token, 'abaca', 600).should be_expires
+    context ':mode => :query' do
+      before :all do
+        subject.options[:mode] = :query
+      end
+
+      VERBS.each do |verb|
+        it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do
+          subject.post('/token/query').body.should == token
+        end
+      end
+    end
+
+    context ':mode => :body' do
+      before :all do
+        subject.options[:mode] = :body
+      end
+
+      VERBS.each do |verb|
+        it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do
+          subject.post('/token/body').body.split('=').last.should == token
+        end
+      end
     end
   end
 
-  describe '#expires_at' do
-    before do
-      @now = Time.now
-      Time.stub!(:now).and_return(@now)
+  describe '#expires?' do
+    it 'should be false if there is no expires_at' do
+      AccessToken.new(client, token).should_not be_expires
     end
 
-    subject{OAuth2::AccessToken.new(client, token, 'abaca', 600)}
+    it 'should be true if there is an expires_in' do
+      AccessToken.new(client, token, :refresh_token => 'abaca', :expires_in => 600).should be_expires
+    end
 
-    it 'should be a time representation of #expires_in' do
-      subject.expires_at.should == (@now + 600)
+    it 'should be true if there is an expires_at' do
+      AccessToken.new(client, token, :refresh_token => 'abaca', :expires_in => Time.now.getutc.to_i+600).should be_expires
     end
   end
 
   describe '#expired?' do
-    it 'should be false if there is no expires_at' do
-      OAuth2::AccessToken.new(client, token).should_not be_expired
+    it 'should be false if there is no expires_in or expires_at' do
+      AccessToken.new(client, token).should_not be_expired
     end
 
-    it 'should be false if expires_at is in the future' do
-      OAuth2::AccessToken.new(client, token, 'abaca', 10800).should_not be_expired
+    it 'should be false if expires_in is in the future' do
+      AccessToken.new(client, token, :refresh_token => 'abaca', :expires_in => 10800).should_not be_expired
     end
 
     it 'should be true if expires_at is in the past' do
-      access = OAuth2::AccessToken.new(client, token, 'abaca', 600)
+      access = AccessToken.new(client, token, :refresh_token => 'abaca', :expires_in => 600)
       @now = Time.now + 10800
       Time.stub!(:now).and_return(@now)
       access.should be_expired
     end
+
+  end
+
+  describe '#refresh!' do
+    it 'returns a refresh token with appropriate values carried over' do
+      access = AccessToken.new(client, token, :refresh_token  => 'abaca',
+                                              :expires_in     => 600,
+                                              :param_name     => 'o_param')
+      refreshed = access.refresh!
+      access.client.should == refreshed.client
+      access.options[:param_name].should == refreshed.options[:param_name]
+    end
   end
 end