oauth2 1.4.2 → 1.4.9

data/spec/oauth2/response_spec.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+describe OAuth2::Response do
+  describe '#initialize' do
+    let(:status) { 200 }
+    let(:headers) { {'foo' => 'bar'} }
+    let(:body) { 'foo' }
+
+    it 'returns the status, headers and body' do
+      response = double('response', :headers => headers,
+                                    :status => status,
+                                    :body => body)
+      subject = described_class.new(response)
+      expect(subject.headers).to eq(headers)
+      expect(subject.status).to eq(status)
+      expect(subject.body).to eq(body)
+    end
+  end
+
+  describe '.register_parser' do
+    let(:response) do
+      double('response', :headers => {'Content-Type' => 'application/foo-bar'},
+                         :status => 200,
+                         :body => 'baz')
+    end
+
+    before do
+      described_class.register_parser(:foobar, 'application/foo-bar') do |body|
+        "foobar #{body}"
+      end
+    end
+
+    it 'adds to the content types and parsers' do
+      expect(described_class.send(:class_variable_get, :@@parsers).keys).to include(:foobar)
+      expect(described_class.send(:class_variable_get, :@@content_types).keys).to include('application/foo-bar')
+    end
+
+    it 'is able to parse that content type automatically' do
+      expect(described_class.new(response).parsed).to eq('foobar baz')
+    end
+  end
+
+  describe '#parsed' do
+    it 'parses application/x-www-form-urlencoded body' do
+      headers = {'Content-Type' => 'application/x-www-form-urlencoded'}
+      body = 'foo=bar&answer=42'
+      response = double('response', :headers => headers, :body => body)
+      subject = described_class.new(response)
+      expect(subject.parsed.keys.size).to eq(2)
+      expect(subject.parsed['foo']).to eq('bar')
+      expect(subject.parsed['answer']).to eq('42')
+    end
+
+    it 'parses application/json body' do
+      headers = {'Content-Type' => 'application/json'}
+      body = MultiJson.encode(:foo => 'bar', :answer => 42)
+      response = double('response', :headers => headers, :body => body)
+      subject = described_class.new(response)
+      expect(subject.parsed.keys.size).to eq(2)
+      expect(subject.parsed['foo']).to eq('bar')
+      expect(subject.parsed['answer']).to eq(42)
+    end
+
+    it "doesn't try to parse other content-types" do
+      headers = {'Content-Type' => 'text/html'}
+      body = '<!DOCTYPE html><html><head></head><body></body></html>'
+
+      response = double('response', :headers => headers, :body => body)
+
+      expect(MultiJson).not_to receive(:decode)
+      expect(MultiJson).not_to receive(:load)
+      expect(Rack::Utils).not_to receive(:parse_query)
+
+      subject = described_class.new(response)
+      expect(subject.parsed).to be_nil
+    end
+  end
+
+  context 'with xml parser registration' do
+    before do
+      MultiXml.parser = :rexml
+    end
+
+    it 'tries to load multi_xml and use it' do
+      expect(described_class.send(:class_variable_get, :@@parsers)[:xml]).not_to be_nil
+    end
+
+    it 'is able to parse xml' do
+      headers = {'Content-Type' => 'text/xml'}
+      body = '<?xml version="1.0" standalone="yes" ?><foo><bar>baz</bar></foo>'
+
+      response = double('response', :headers => headers, :body => body)
+      expect(described_class.new(response).parsed).to eq('foo' => {'bar' => 'baz'})
+    end
+  end
+end

data/spec/oauth2/strategy/assertion_spec.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+describe OAuth2::Strategy::Assertion do
+  let(:client_assertion) { client.assertion }
+
+  let(:client) do
+    cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com')
+    cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b|
+      b.request :url_encoded
+      b.adapter :test do |stub|
+        stub.post('/oauth/token') do |env|
+          case @mode
+          when 'formencoded'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, 'expires_in=600&access_token=salmon&refresh_token=trout']
+          when 'json'
+            [200, {'Content-Type' => 'application/json'}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}']
+          end
+        end
+      end
+    end
+    cli
+  end
+
+  let(:params) do
+    {
+      :hmac_secret => 'foo',
+      :exp => Time.now.utc.to_i + 3600,
+    }
+  end
+
+  describe '#authorize_url' do
+    it 'raises NotImplementedError' do
+      expect { client_assertion.authorize_url }.to raise_error(NotImplementedError)
+    end
+  end
+
+  %w[json formencoded].each do |mode|
+    before { @mode = mode }
+
+    shared_examples_for "get_token #{mode}" do
+      describe "#get_token (#{mode})" do
+        subject(:get_token) { client_assertion.get_token(params) }
+
+        it 'returns AccessToken with same Client' do
+          expect(get_token.client).to eq(client)
+        end
+
+        it 'returns AccessToken with #token' do
+          expect(get_token.token).to eq('salmon')
+        end
+
+        it 'returns AccessToken with #expires_in' do
+          expect(get_token.expires_in).to eq(600)
+        end
+
+        it 'returns AccessToken with #expires_at' do
+          expect(get_token.expires_at).not_to be_nil
+        end
+      end
+    end
+
+    it_behaves_like "get_token #{mode}"
+    describe "#build_assertion (#{mode})" do
+      context 'with hmac_secret' do
+        subject(:build_assertion) { client_assertion.build_assertion(params) }
+
+        let(:hmac_secret) { '1883be842495c3b58f68ca71fbf1397fbb9ed2fdf8990f8404a25d0a1b995943' }
+        let(:params) do
+          {
+            :iss => 2345,
+            :aud => 'too',
+            :prn => 'much',
+            :exp => 123_456_789,
+            :hmac_secret => hmac_secret,
+          }
+        end
+        let(:jwt) { 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOjIzNDUsImF1ZCI6InRvbyIsInBybiI6Im11Y2giLCJleHAiOjEyMzQ1Njc4OX0.GnZjgcdc5WSWKNW0p9S4GuhpBs3LJCEqjPm6turLG-c' }
+
+        it 'returns JWT' do
+          expect(build_assertion).to eq(jwt)
+        end
+
+        it_behaves_like "get_token #{mode}"
+      end
+
+      context 'with private_key' do
+        subject(:build_assertion) { client_assertion.build_assertion(params) }
+
+        let(:private_key_file) { 'spec/fixtures/RS256/jwtRS256.key' }
+        let(:password) { '' }
+        let(:private_key) { OpenSSL::PKey::RSA.new(File.read(private_key_file), password) }
+        let(:params) do
+          {
+            :iss => 2345,
+            :aud => 'too',
+            :prn => 'much',
+            :exp => 123_456_789,
+            :private_key => private_key,
+          }
+        end
+        let(:jwt) { 'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOjIzNDUsImF1ZCI6InRvbyIsInBybiI6Im11Y2giLCJleHAiOjEyMzQ1Njc4OX0.vJ32OiPVMdJrlNkPw02Y9u6beiFY0Mfndhg_CkEDLtOYn8dscQIEpWoR4GzH8tiQVOQ1fOkqxE95tNIKOTjnIoskmYnfzhzIl9fnfQ_lsEuLC-nq45KhPzSM2wYgF2ZEIjDq51daK70bRPzTBr1Id45cTY-jJSito0lbKXj2nPa_Gs-_vyEU2MSxjiMaIxxccfY4Ow5zN3AUMTKp6LjrpDKFxag3fJ1nrb6iDATa504gyJHVLift3ovhAwYidkA81WnmEtISWBY904CKIcZD9Cx3ifS5bc3JaLAteIBKAAyD8o7D60vOKutsjCMHUCKL357BQ36bW7fmaEtW367Ri-xgOsCY0_HeWp991vrJ-DxhFPeuF-8hn_9KggBzKbA2eKEOOY4iDKSFwjWQUFOcRdvHw9RgbGt0IjY3wdo8CaJVlhynh54YlaLgOFhTBPeMgZdqQUHOztljaK9zubeVkrDGNnGuSuq0KR82KArb1x2z7XyZpxiV5ZatP9SNyhn-YIWk7UeQYXaS0UfsBX7L5T1y_FZj84r7Vl42lj1DfdR5DyGvHfZyHotTnejdIrDuQfDL_bGe24eHsilzuEFaajYmu10hxflZ6Apm-lekRRV47tbxTF1zI5we14XsTeklrTXqgDkSw6gyOoNUJm-cQkJpfdvBgUHYGInC1ttz7NU' }
+
+        it 'returns JWT' do
+          expect(build_assertion).to eq(jwt)
+        end
+
+        it_behaves_like "get_token #{mode}"
+      end
+    end
+  end
+end

data/spec/oauth2/strategy/auth_code_spec.rb

@@ -0,0 +1,108 @@
+# encoding: utf-8
+# frozen_string_literal: true
+
+describe OAuth2::Strategy::AuthCode do
+  subject { client.auth_code }
+
+  let(:code) { 'sushi' }
+  let(:kvform_token) { 'expires_in=600&access_token=salmon&refresh_token=trout&extra_param=steve' }
+  let(:facebook_token) { kvform_token.gsub('_in', '') }
+  let(:json_token) { MultiJson.encode(:expires_in => 600, :access_token => 'salmon', :refresh_token => 'trout', :extra_param => 'steve') }
+
+  let(:client) do
+    OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com') do |builder|
+      builder.adapter :test do |stub|
+        stub.get("/oauth/token?client_id=abc&client_secret=def&code=#{code}&grant_type=authorization_code") do |env|
+          case @mode
+          when 'formencoded'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token]
+          when 'json'
+            [200, {'Content-Type' => 'application/json'}, json_token]
+          when 'from_facebook'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token]
+          end
+        end
+        stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'code' => 'sushi', 'grant_type' => 'authorization_code') do |env|
+          case @mode
+          when 'formencoded'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token]
+          when 'json'
+            [200, {'Content-Type' => 'application/json'}, json_token]
+          when 'from_facebook'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, facebook_token]
+          end
+        end
+      end
+    end
+  end
+
+  describe '#authorize_url' do
+    it 'includes the client_id' do
+      expect(subject.authorize_url).to include('client_id=abc')
+    end
+
+    it 'includes the type' do
+      expect(subject.authorize_url).to include('response_type=code')
+    end
+
+    it 'includes passed in options' do
+      cb = 'http://myserver.local/oauth/callback'
+      expect(subject.authorize_url(:redirect_uri => cb)).to include("redirect_uri=#{Rack::Utils.escape(cb)}")
+    end
+  end
+
+  describe '#get_token (handling utf-8 data)' do
+    let(:json_token) { MultiJson.encode(:expires_in => 600, :access_token => 'salmon', :refresh_token => 'trout', :extra_param => 'André') }
+
+    before do
+      @mode = 'json'
+      client.options[:token_method] = :post
+    end
+
+    it 'does not raise an error' do
+      expect { subject.get_token(code) }.not_to raise_error
+    end
+
+    it 'does not create an error instance' do
+      expect(OAuth2::Error).not_to receive(:new)
+
+      subject.get_token(code)
+    end
+  end
+
+  %w[json formencoded from_facebook].each do |mode|
+    [:get, :post].each do |verb|
+      describe "#get_token (#{mode}, access_token_method=#{verb}" do
+        before do
+          @mode = mode
+          client.options[:token_method] = verb
+          @access = subject.get_token(code)
+        end
+
+        it 'returns AccessToken with same Client' do
+          expect(@access.client).to eq(client)
+        end
+
+        it 'returns AccessToken with #token' do
+          expect(@access.token).to eq('salmon')
+        end
+
+        it 'returns AccessToken with #refresh_token' do
+          expect(@access.refresh_token).to eq('trout')
+        end
+
+        it 'returns AccessToken with #expires_in' do
+          expect(@access.expires_in).to eq(600)
+        end
+
+        it 'returns AccessToken with #expires_at' do
+          expect(@access.expires_at).to be_kind_of(Integer)
+        end
+
+        it 'returns AccessToken with params accessible via []' do
+          expect(@access['extra_param']).to eq('steve')
+        end
+      end
+    end
+  end
+end

data/spec/oauth2/strategy/base_spec.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+describe OAuth2::Strategy::Base do
+  it 'initializes with a Client' do
+    expect { described_class.new(OAuth2::Client.new('abc', 'def')) }.not_to raise_error
+  end
+end

data/spec/oauth2/strategy/client_credentials_spec.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+describe OAuth2::Strategy::ClientCredentials do
+  subject { client.client_credentials }
+
+  let(:kvform_token) { 'expires_in=600&access_token=salmon&refresh_token=trout' }
+  let(:json_token) { '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}' }
+
+  let(:client) do
+    OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com') do |builder|
+      builder.adapter :test do |stub|
+        stub.post('/oauth/token', 'grant_type' => 'client_credentials') do |env|
+          client_id, client_secret = Base64.decode64(env[:request_headers]['Authorization'].split(' ', 2)[1]).split(':', 2)
+          (client_id == 'abc' && client_secret == 'def') || raise(Faraday::Adapter::Test::Stubs::NotFound)
+          case @mode
+          when 'formencoded'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token]
+          when 'json'
+            [200, {'Content-Type' => 'application/json'}, json_token]
+          end
+        end
+        stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def', 'grant_type' => 'client_credentials') do |env|
+          case @mode
+          when 'formencoded'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token]
+          when 'json'
+            [200, {'Content-Type' => 'application/json'}, json_token]
+          end
+        end
+      end
+    end
+  end
+
+  describe '#authorize_url' do
+    it 'raises NotImplementedError' do
+      expect { subject.authorize_url }.to raise_error(NotImplementedError)
+    end
+  end
+
+  %w[json formencoded].each do |mode|
+    [:basic_auth, :request_body].each do |auth_scheme|
+      describe "#get_token (#{mode}) (#{auth_scheme})" do
+        before do
+          @mode = mode
+          client.options[:auth_scheme] = auth_scheme
+          @access = subject.get_token
+        end
+
+        it 'returns AccessToken with same Client' do
+          expect(@access.client).to eq(client)
+        end
+
+        it 'returns AccessToken with #token' do
+          expect(@access.token).to eq('salmon')
+        end
+
+        it 'returns AccessToken without #refresh_token' do
+          expect(@access.refresh_token).to be_nil
+        end
+
+        it 'returns AccessToken with #expires_in' do
+          expect(@access.expires_in).to eq(600)
+        end
+
+        it 'returns AccessToken with #expires_at' do
+          expect(@access.expires_at).not_to be_nil
+        end
+      end
+    end
+  end
+end

data/spec/oauth2/strategy/implicit_spec.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+describe OAuth2::Strategy::Implicit do
+  subject { client.implicit }
+
+  let(:client) { OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com') }
+
+  describe '#authorize_url' do
+    it 'includes the client_id' do
+      expect(subject.authorize_url).to include('client_id=abc')
+    end
+
+    it 'includes the type' do
+      expect(subject.authorize_url).to include('response_type=token')
+    end
+
+    it 'includes passed in options' do
+      cb = 'http://myserver.local/oauth/callback'
+      expect(subject.authorize_url(:redirect_uri => cb)).to include("redirect_uri=#{Rack::Utils.escape(cb)}")
+    end
+  end
+
+  describe '#get_token' do
+    it 'raises NotImplementedError' do
+      expect { subject.get_token }.to raise_error(NotImplementedError)
+    end
+  end
+end

data/spec/oauth2/strategy/password_spec.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+describe OAuth2::Strategy::Password do
+  subject { client.password }
+
+  let(:client) do
+    cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com')
+    cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b|
+      b.request :url_encoded
+      b.adapter :test do |stub|
+        stub.post('/oauth/token') do |env|
+          case @mode
+          when 'formencoded'
+            [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, 'expires_in=600&access_token=salmon&refresh_token=trout']
+          when 'json'
+            [200, {'Content-Type' => 'application/json'}, '{"expires_in":600,"access_token":"salmon","refresh_token":"trout"}']
+          end
+        end
+      end
+    end
+    cli
+  end
+
+  describe '#authorize_url' do
+    it 'raises NotImplementedError' do
+      expect { subject.authorize_url }.to raise_error(NotImplementedError)
+    end
+  end
+
+  %w[json formencoded].each do |mode|
+    describe "#get_token (#{mode})" do
+      before do
+        @mode = mode
+        @access = subject.get_token('username', 'password')
+      end
+
+      it 'returns AccessToken with same Client' do
+        expect(@access.client).to eq(client)
+      end
+
+      it 'returns AccessToken with #token' do
+        expect(@access.token).to eq('salmon')
+      end
+
+      it 'returns AccessToken with #refresh_token' do
+        expect(@access.refresh_token).to eq('trout')
+      end
+
+      it 'returns AccessToken with #expires_in' do
+        expect(@access.expires_in).to eq(600)
+      end
+
+      it 'returns AccessToken with #expires_at' do
+        expect(@access.expires_at).not_to be_nil
+      end
+    end
+  end
+end

data/spec/oauth2/version_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+RSpec.describe OAuth2::Version do
+  it 'has a version number' do
+    expect(described_class).not_to be nil
+  end
+
+  it 'can be a string' do
+    expect(described_class.to_s).to be_a(String)
+  end
+
+  it 'allows Constant access' do
+    expect(described_class::VERSION).to be_a(String)
+  end
+
+  it 'is greater than 0.1.0' do
+    expect(Gem::Version.new(described_class) > Gem::Version.new('0.1.0')).to be(true)
+  end
+
+  it 'is not a pre-release' do
+    expect(Gem::Version.new(described_class).prerelease?).to be(false)
+  end
+end