oauth2 0.4.1 → 0.5.0

data/spec/oauth2/client_spec.rb

@@ -1,19 +1,23 @@
-require 'spec_helper'
+require 'helper'
 
 describe OAuth2::Client do
+  let!(:error_value) {'invalid_token'}
+  let!(:error_description_value) {'bad bad token'}
+
   subject do
-    cli = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com')
-    cli.connection.build do |b|
-      b.adapter :test do |stub|
+    OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com') do |builder|
+      builder.adapter :test do |stub|
         stub.get('/success')      {|env| [200, {'Content-Type' => 'text/awesome'}, 'yay']}
-        stub.get('/unauthorized') {|env| [401, {'Content-Type' => 'text/plain'}, 'not authorized']}
-        stub.get('/conflict')    {|env| [409, {'Content-Type' => 'text/plain'}, 'not authorized']}
+        stub.get('/reflect')      {|env| [200, {}, env[:body]]}
+        stub.post('/reflect')     {|env| [200, {}, env[:body]]}
+        stub.get('/unauthorized') {|env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(:error => error_value, :error_description => error_description_value)]}
+        stub.get('/conflict')     {|env| [409, {'Content-Type' => 'text/plain'}, 'not authorized']}
         stub.get('/redirect')     {|env| [302, {'Content-Type' => 'text/plain', 'location' => '/success' }, '']}
+        stub.post('/redirect')    {|env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect' }, '']}
         stub.get('/error')        {|env| [500, {}, '']}
-        stub.get('/json')         {|env| [200, {'Content-Type' => 'application/json; charset=utf8'}, '{"abc":"def"}']}
+        stub.get('/empty_get')    {|env| [204, {}, nil]}
       end
     end
-    cli
   end
 
   describe '#initialize' do
@@ -34,122 +38,130 @@ describe OAuth2::Client do
       subject.connection.ssl.should == {}
     end
 
-    it "should be able to pass parameters to the adapter, e.g. Faraday::Adapter::ActionDispatch" do
+    it "should be able to pass a block to configure the connection" do
       connection = stub('connection')
-      Faraday::Connection.stub(:new => connection)
       session = stub('session', :to_ary => nil)
       builder = stub('builder')
       connection.stub(:build).and_yield(builder)
+      Faraday::Connection.stub(:new => connection)
 
-      builder.should_receive(:adapter).with(:action_dispatch, session)
+      builder.should_receive(:adapter).with(:test)
 
-      OAuth2::Client.new('abc', 'def', :adapter => [:action_dispatch, session])
+      OAuth2::Client.new('abc', 'def') do |builder|
+        builder.adapter :test
+      end.connection
     end
 
     it "defaults raise_errors to true" do
-      subject.raise_errors.should be_true
+      subject.options[:raise_errors].should be_true
     end
 
     it "allows true/false for raise_errors option" do
       client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :raise_errors => false)
-      client.raise_errors.should be_false
+      client.options[:raise_errors].should be_false
       client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :raise_errors => true)
-      client.raise_errors.should be_true
+      client.options[:raise_errors].should be_true
     end
 
     it "allows get/post for access_token_method option" do
       client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :access_token_method => :get)
-      client.token_method.should == :get
+      client.options[:access_token_method].should == :get
       client = OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com', :access_token_method => :post)
-      client.token_method.should == :post
+      client.options[:access_token_method].should == :post
     end
   end
 
-  %w(authorize access_token).each do |path_type|
-    describe "##{path_type}_url" do
-      it "should default to a path of /oauth/#{path_type}" do
-        subject.send("#{path_type}_url").should == "https://api.example.com/oauth/#{path_type}"
+  %w(authorize token).each do |url_type|
+    describe ":#{url_type}_url option" do
+      it "should default to a path of /oauth/#{url_type}" do
+        subject.send("#{url_type}_url").should == "https://api.example.com/oauth/#{url_type}"
       end
 
-      it "should be settable via the :#{path_type}_path option" do
-        subject.options[:"#{path_type}_path"] = '/oauth/custom'
-        subject.send("#{path_type}_url").should == 'https://api.example.com/oauth/custom'
+      it "should be settable via the :#{url_type}_url option" do
+        subject.options[:"#{url_type}_url"] = '/oauth/custom'
+        subject.send("#{url_type}_url").should == 'https://api.example.com/oauth/custom'
       end
 
-      it "should be settable via the :#{path_type}_url option" do
-        subject.options[:"#{path_type}_url"] = 'https://abc.com/authorize'
-        subject.send("#{path_type}_url").should == 'https://abc.com/authorize'
+      it "allows a different host than the site" do
+        subject.options[:"#{url_type}_url"] = 'https://api.foo.com/oauth/custom'
+        subject.send("#{url_type}_url").should == 'https://api.foo.com/oauth/custom'
       end
     end
   end
 
   describe "#request" do
-    it "returns ResponseString on successful response" do
-      response = subject.request(:get, '/success', {}, {})
-      response.should == 'yay'
-      response.status.should == 200
-      response.headers.should == {'Content-Type' => 'text/awesome'}
+    it "works with a null response body" do
+      subject.request(:get, 'empty_get').body.should == ''
     end
 
-    it "follows redirects properly" do
-      response = subject.request(:get, '/redirect', {}, {})
-      response.should == 'yay'
+    it "returns on a successful response" do
+      response = subject.request(:get, '/success')
+      response.body.should == 'yay'
       response.status.should == 200
       response.headers.should == {'Content-Type' => 'text/awesome'}
     end
 
-    it "returns ResponseString on error if raise_errors is false" do
-      subject.raise_errors = false
-      response = subject.request(:get, '/unauthorized', {}, {})
-
-      response.should == 'not authorized'
-      response.status.should == 401
-      response.headers.should == {'Content-Type' => 'text/plain'}
+    it "posts a body" do
+      response = subject.request(:post, '/reflect', :body => 'foo=bar')
+      response.body.should == 'foo=bar'
     end
 
-    it "raises OAuth2::AccessDenied on 401 response" do
-      lambda {subject.request(:get, '/unauthorized', {}, {})}.should raise_error(OAuth2::AccessDenied)
+    it "follows redirects properly" do
+      response = subject.request(:get, '/redirect')
+      response.body.should == 'yay'
+      response.status.should == 200
+      response.headers.should == {'Content-Type' => 'text/awesome'}
     end
 
-    it "raises OAuth2::Conflict on 409 response" do
-      lambda {subject.request(:get, '/conflict', {}, {})}.should raise_error(OAuth2::Conflict)
+    it "redirects using GET on a 303" do
+      response = subject.request(:post, '/redirect', :body => 'foo=bar')
+      response.body.should be_empty
+      response.status.should == 200
     end
 
-    it "raises OAuth2::HTTPError on error response" do
-      lambda {subject.request(:get, '/error', {}, {})}.should raise_error(OAuth2::HTTPError)
+    it "obeys the :max_redirects option" do
+      max_redirects = subject.options[:max_redirects]
+      subject.options[:max_redirects] = 0
+      response = subject.request(:get, '/redirect')
+      response.status.should == 302
+      subject.options[:max_redirects] = max_redirects
     end
-  end
 
-  it '#web_server should instantiate a WebServer strategy with this client' do
-    subject.web_server.should be_kind_of(OAuth2::Strategy::WebServer)
-  end
+    it "returns if raise_errors is false" do
+      subject.options[:raise_errors] = false
+      response = subject.request(:get, '/unauthorized')
 
-  context 'with JSON parsing' do
-    before do
-      subject.json = true
+      response.status.should == 401
+      response.headers.should == {'Content-Type' => 'application/json'}
+      response.error.should_not be_nil
     end
 
-    describe '#request' do
-      it 'should return a response hash' do
-        response = subject.request(:get, '/json')
-        puts response.inspect
-        response.should be_kind_of(OAuth2::ResponseHash)
-        response['abc'].should == 'def'
+    %w(/unauthorized /conflict /error).each do |error_path|
+      it "raises OAuth2::Error on error response to path #{error_path}" do
+        lambda {subject.request(:get, error_path)}.should raise_error(OAuth2::Error)
       end
+    end
 
-      it 'should only try to decode application/json' do
-        subject.request(:get, '/success').should == 'yay'
+    it 'parses OAuth2 standard error response' do
+      begin
+        subject.request(:get, '/unauthorized')
+      rescue Exception => e
+        e.code.should == error_value
+        e.description.should == error_description_value
       end
     end
 
-    it 'should set json? based on the :parse_json option' do
-      OAuth2::Client.new('abc', 'def', :site => 'http://example.com', :parse_json => true).should be_json
-      OAuth2::Client.new('abc', 'def', :site => 'http://example.com', :parse_json => false).should_not be_json
+    it "provides the response in the Exception" do
+      begin
+        subject.request(:get, '/error')
+      rescue Exception => e
+        e.response.should_not be_nil
+      end
     end
+  end
 
-    after do
-      subject.json = false
-    end
+  it '#auth_code should instantiate a AuthCode strategy with this client' do
+    subject.auth_code.should be_kind_of(OAuth2::Strategy::AuthCode)
   end
 
   context 'with SSL options' do

data/spec/oauth2/response_spec.rb

@@ -0,0 +1,90 @@
+require 'helper'
+
+describe OAuth2::Response do
+  describe '#initialize' do
+    let(:status) {200}
+    let(:headers) {{'foo' => 'bar'}}
+    let(:body) {'foo'}
+
+    it 'returns the status, headers and body' do
+      response = double('response', :headers => headers,
+                                    :status  => status,
+                                    :body    => body)
+      subject = Response.new(response)
+      subject.headers.should == headers
+      subject.status.should == status
+      subject.body.should == body
+    end
+  end
+
+  describe '.register_parser' do
+    let(:response) {
+      double('response', :headers => {'Content-Type' => 'application/foo-bar'},
+                         :status => 200,
+                         :body => 'baz')
+    }
+    before do
+      OAuth2::Response.register_parser(:foobar, 'application/foo-bar') do |body|
+        "foobar #{body}"
+      end
+    end
+
+    it 'should add to the content types and parsers' do
+      OAuth2::Response::PARSERS.keys.should be_include(:foobar)
+      OAuth2::Response::CONTENT_TYPES.keys.should be_include('application/foo-bar')
+    end
+
+    it 'should be able to parse that content type automatically' do
+      OAuth2::Response.new(response).parsed.should == 'foobar baz'
+    end
+  end
+
+  describe '#parsed' do
+    it "parses application/x-www-form-urlencoded body" do
+      headers = {'Content-Type' => 'application/x-www-form-urlencoded'}
+      body = 'foo=bar&answer=42'
+      response = double('response', :headers => headers, :body => body)
+      subject = Response.new(response)
+      subject.parsed.keys.size.should == 2
+      subject.parsed['foo'].should == 'bar'
+      subject.parsed['answer'].should == '42'
+    end
+
+    it "parses application/json body" do
+      headers = {'Content-Type' => 'application/json'}
+      body = MultiJson.encode(:foo => 'bar', :answer => 42)
+      response = double('response', :headers => headers, :body => body)
+      subject = Response.new(response)
+      subject.parsed.keys.size.should == 2
+      subject.parsed['foo'].should == 'bar'
+      subject.parsed['answer'].should == 42
+    end
+
+    it "doesn't try to parse other content-types" do
+      headers = {'Content-Type' => 'text/html'}
+      body = '<!DOCTYPE html><html><head></head><body></body></html>'
+
+      response = double('response', :headers => headers, :body => body)
+
+      MultiJson.should_not_receive(:decode)
+      Rack::Utils.should_not_receive(:parse_query)
+
+      subject = Response.new(response)
+      subject.parsed.should be_nil
+    end
+  end
+
+  context 'xml parser registration' do
+    it 'should try to load multi_xml and use it' do
+      OAuth2::Response::PARSERS[:xml].should_not be_nil
+    end
+
+    it 'should be able to parse xml' do
+      headers = {'Content-Type' => 'text/xml'}
+      body = '<?xml version="1.0" standalone="yes" ?><foo><bar>baz</bar></foo>'
+
+      response = double('response', :headers => headers, :body => body)
+      OAuth2::Response.new(response).parsed.should == {"foo" => {"bar" => "baz"}}
+    end
+  end
+end

data/spec/oauth2/strategy/auth_code_spec.rb

@@ -0,0 +1,88 @@
+require 'helper'
+
+describe OAuth2::Strategy::AuthCode do
+  let(:code) {'sushi'}
+  let(:kvform_token) {'expires_in=600&access_token=salmon&refresh_token=trout&extra_param=steve'}
+  let(:facebook_token) {kvform_token.gsub('_in', '')}
+  let(:json_token) {MultiJson.encode(:expires_in => 600, :access_token => 'salmon', :refresh_token => 'trout', :extra_param => 'steve')}
+
+  let(:client) do
+    OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com') do |builder|
+      builder.adapter :test do |stub|
+        stub.get("/oauth/token?client_id=abc&client_secret=def&code=#{code}&grant_type=authorization_code") do |env|
+          case @mode
+          when "formencoded"
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token]
+          when "json"
+            [200, {'Content-Type' => 'application/json'}, json_token]
+          when "from_facebook"
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token]
+          end
+        end
+        stub.post('/oauth/token', {'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code'}) do |env|
+          case @mode
+          when "formencoded"
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token]
+          when "json"
+            [200, {'Content-Type' => 'application/json'}, json_token]
+          when "from_facebook"
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token]
+          end
+        end
+      end
+    end
+  end
+
+  subject {client.auth_code}
+
+  describe '#authorize_url' do
+    it 'should include the client_id' do
+      subject.authorize_url.should be_include('client_id=abc')
+    end
+
+    it 'should include the type' do
+      subject.authorize_url.should be_include('response_type=code')
+    end
+
+    it 'should include passed in options' do
+      cb = 'http://myserver.local/oauth/callback'
+      subject.authorize_url(:redirect_uri => cb).should be_include("redirect_uri=#{Rack::Utils.escape(cb)}")
+    end
+  end
+
+  %w(json formencoded from_facebook).each do |mode|
+    [:get, :post].each do |verb|
+      describe "#get_token (#{mode}, access_token_method=#{verb}" do
+        before :each do
+          @mode = mode
+          client.options[:token_method] = verb
+          @access = subject.get_token(code)
+        end
+
+        it 'returns AccessToken with same Client' do
+          @access.client.should == client
+        end
+
+        it 'returns AccessToken with #token' do
+          @access.token.should == 'salmon'
+        end
+
+        it 'returns AccessToken with #refresh_token' do
+          @access.refresh_token.should == 'trout'
+        end
+
+        it 'returns AccessToken with #expires_in' do
+          @access.expires_in.should == 600
+        end
+
+        it 'returns AccessToken with #expires_at' do
+          @access.expires_at.should be_kind_of(Integer)
+        end
+
+        it 'returns AccessToken with params accessible via []' do
+          @access['extra_param'].should == 'steve'
+        end
+      end
+    end
+  end
+end

data/spec/oauth2/strategy/base_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper'
+require 'helper'
 
 describe OAuth2::Strategy::Base do
   it 'should initialize with a Client' do

data/spec/oauth2/strategy/password_spec.rb

@@ -1,16 +1,16 @@
-require 'spec_helper'
+require 'helper'
 
 describe OAuth2::Strategy::Password do
   let(:client) do
     cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com')
     cli.connection.build do |b|
       b.adapter :test do |stub|
-        stub.post('/oauth/access_token') do |env|
+        stub.post('/oauth/token') do |env|
           case @mode
             when "formencoded"
-              [200, {}, 'expires_in=600&access_token=salmon&refresh_token=trout']
+              [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, 'expires_in=600&access_token=salmon&refresh_token=trout']
             when "json"
-              [200, {}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}']
+              [200, {'Content-Type' => 'application/json'}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}']
           end
         end
       end
@@ -26,10 +26,10 @@ describe OAuth2::Strategy::Password do
   end
 
   %w(json formencoded).each do |mode|
-    describe "#get_access_token (#{mode})" do
+    describe "#get_token (#{mode})" do
       before do
         @mode = mode
-        @access = subject.get_access_token('username', 'password')
+        @access = subject.get_token('username', 'password')
       end
 
       it 'returns AccessToken with same Client' do
@@ -49,7 +49,7 @@ describe OAuth2::Strategy::Password do
       end
 
       it 'returns AccessToken with #expires_at' do
-        @access.expires_at.should be_kind_of(Time)
+        @access.expires_at.should_not be_nil
       end
     end
   end