RubyGems - oauth2 - Versions diffs - 1.4.7 → 2.0.3 - Mend

oauth2 1.4.7 → 2.0.3

Files changed (35) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +124 -22
data/CONTRIBUTING.md +44 -0
data/LICENSE +1 -1
data/README.md +416 -138
data/SECURITY.md +20 -0
data/lib/oauth2/access_token.rb +33 -22
data/lib/oauth2/authenticator.rb +12 -5
data/lib/oauth2/client.rb +160 -88
data/lib/oauth2/error.rb +29 -18
data/lib/oauth2/response.rb +75 -22
data/lib/oauth2/snaky_hash.rb +8 -0
data/lib/oauth2/strategy/assertion.rb +66 -39
data/lib/oauth2/strategy/auth_code.rb +15 -2
data/lib/oauth2/strategy/base.rb +2 -0
data/lib/oauth2/strategy/client_credentials.rb +3 -1
data/lib/oauth2/strategy/implicit.rb +10 -1
data/lib/oauth2/strategy/password.rb +3 -1
data/lib/oauth2/version.rb +1 -59
data/lib/oauth2.rb +21 -1
metadata +75 -97
data/lib/oauth2/mac_token.rb +0 -130
data/spec/helper.rb +0 -37
data/spec/oauth2/access_token_spec.rb +0 -216
data/spec/oauth2/authenticator_spec.rb +0 -84
data/spec/oauth2/client_spec.rb +0 -506
data/spec/oauth2/mac_token_spec.rb +0 -117
data/spec/oauth2/response_spec.rb +0 -90
data/spec/oauth2/strategy/assertion_spec.rb +0 -58
data/spec/oauth2/strategy/auth_code_spec.rb +0 -107
data/spec/oauth2/strategy/base_spec.rb +0 -5
data/spec/oauth2/strategy/client_credentials_spec.rb +0 -69
data/spec/oauth2/strategy/implicit_spec.rb +0 -26
data/spec/oauth2/strategy/password_spec.rb +0 -55
data/spec/oauth2/version_spec.rb +0 -23

data/spec/oauth2/client_spec.rb DELETED Viewed

@@ -1,506 +0,0 @@
-# coding: utf-8
-require 'helper'
-require 'nkf'
-describe OAuth2::Client do
-  subject do
-    described_class.new('abc', 'def', :site => 'https://api.example.com') do |builder|
-      builder.adapter :test do |stub|
-        stub.get('/success')             { |env| [200, {'Content-Type' => 'text/awesome'}, 'yay'] }
-        stub.get('/reflect')             { |env| [200, {}, env[:body]] }
-        stub.post('/reflect')            { |env| [200, {}, env[:body]] }
-        stub.get('/unauthorized')        { |env| [401, {'Content-Type' => 'application/json'}, MultiJson.encode(:error => error_value, :error_description => error_description_value)] }
-        stub.get('/conflict')            { |env| [409, {'Content-Type' => 'text/plain'}, 'not authorized'] }
-        stub.get('/redirect')            { |env| [302, {'Content-Type' => 'text/plain', 'location' => '/success'}, ''] }
-        stub.post('/redirect')           { |env| [303, {'Content-Type' => 'text/plain', 'location' => '/reflect'}, ''] }
-        stub.get('/error')               { |env| [500, {'Content-Type' => 'text/plain'}, 'unknown error'] }
-        stub.get('/empty_get')           { |env| [204, {}, nil] }
-        stub.get('/different_encoding')  { |env| [500, {'Content-Type' => 'application/json'}, NKF.nkf('-We', MultiJson.encode(:error => error_value, :error_description => '∞'))] }
-        stub.get('/ascii_8bit_encoding') { |env| [500, {'Content-Type' => 'application/json'}, MultiJson.encode(:error => 'invalid_request', :error_description => 'é').force_encoding('ASCII-8BIT')] }
-      end
-    end
-  end
-  let!(:error_value) { 'invalid_token' }
-  let!(:error_description_value) { 'bad bad token' }
-  describe '#initialize' do
-    it 'assigns id and secret' do
-      expect(subject.id).to eq('abc')
-      expect(subject.secret).to eq('def')
-    end
-    it 'assigns site from the options hash' do
-      expect(subject.site).to eq('https://api.example.com')
-    end
-    it 'assigns Faraday::Connection#host' do
-      expect(subject.connection.host).to eq('api.example.com')
-    end
-    it 'leaves Faraday::Connection#ssl unset' do
-      expect(subject.connection.ssl).to be_empty
-    end
-    it 'is able to pass a block to configure the connection' do
-      connection = double('connection')
-      builder = double('builder')
-      allow(connection).to receive(:build).and_yield(builder)
-      allow(Faraday::Connection).to receive(:new).and_return(connection)
-      expect(builder).to receive(:adapter).with(:test)
-      described_class.new('abc', 'def') do |client|
-        client.adapter :test
-      end.connection
-    end
-    it 'defaults raise_errors to true' do
-      expect(subject.options[:raise_errors]).to be true
-    end
-    it 'allows true/false for raise_errors option' do
-      client = described_class.new('abc', 'def', :site => 'https://api.example.com', :raise_errors => false)
-      expect(client.options[:raise_errors]).to be false
-      client = described_class.new('abc', 'def', :site => 'https://api.example.com', :raise_errors => true)
-      expect(client.options[:raise_errors]).to be true
-    end
-    it 'allows override of raise_errors option' do
-      client = described_class.new('abc', 'def', :site => 'https://api.example.com', :raise_errors => true) do |builder|
-        builder.adapter :test do |stub|
-          stub.get('/notfound') { |env| [404, {}, nil] }
-        end
-      end
-      expect(client.options[:raise_errors]).to be true
-      expect { client.request(:get, '/notfound') }.to raise_error(OAuth2::Error)
-      response = client.request(:get, '/notfound', :raise_errors => false)
-      expect(response.status).to eq(404)
-    end
-    it 'allows get/post for access_token_method option' do
-      client = described_class.new('abc', 'def', :site => 'https://api.example.com', :access_token_method => :get)
-      expect(client.options[:access_token_method]).to eq(:get)
-      client = described_class.new('abc', 'def', :site => 'https://api.example.com', :access_token_method => :post)
-      expect(client.options[:access_token_method]).to eq(:post)
-    end
-    it 'does not mutate the opts hash argument' do
-      opts = {:site => 'http://example.com/'}
-      opts2 = opts.dup
-      described_class.new 'abc', 'def', opts
-      expect(opts).to eq(opts2)
-    end
-  end
-  %w[authorize token].each do |url_type|
-    describe ":#{url_type}_url option" do
-      it "defaults to a path of /oauth/#{url_type}" do
-        expect(subject.send("#{url_type}_url")).to eq("https://api.example.com/oauth/#{url_type}")
-      end
-      it "is settable via the :#{url_type}_url option" do
-        subject.options[:"#{url_type}_url"] = '/oauth/custom'
-        expect(subject.send("#{url_type}_url")).to eq('https://api.example.com/oauth/custom')
-      end
-      it 'allows a different host than the site' do
-        subject.options[:"#{url_type}_url"] = 'https://api.foo.com/oauth/custom'
-        expect(subject.send("#{url_type}_url")).to eq('https://api.foo.com/oauth/custom')
-      end
-    end
-  end
-  describe ':redirect_uri option' do
-    let(:auth_code_params) do
-      {
-        'client_id' => 'abc',
-        'client_secret' => 'def',
-        'code' => 'code',
-        'grant_type' => 'authorization_code',
-      }
-    end
-    context 'when blank' do
-      it 'there is no redirect_uri param added to authorization URL' do
-        expect(subject.authorize_url('a' => 'b')).to eq('https://api.example.com/oauth/authorize?a=b')
-      end
-      it 'does not add the redirect_uri param to the auth_code token exchange request' do
-        client = described_class.new('abc', 'def', :site => 'https://api.example.com') do |builder|
-          builder.adapter :test do |stub|
-            stub.post('/oauth/token', auth_code_params) do
-              [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}']
-            end
-          end
-        end
-        client.auth_code.get_token('code')
-      end
-    end
-    context 'when set' do
-      before { subject.options[:redirect_uri] = 'https://site.com/oauth/callback' }
-      it 'adds the redirect_uri param to authorization URL' do
-        expect(subject.authorize_url('a' => 'b')).to eq('https://api.example.com/oauth/authorize?a=b&redirect_uri=https%3A%2F%2Fsite.com%2Foauth%2Fcallback')
-      end
-      it 'adds the redirect_uri param to the auth_code token exchange request' do
-        client = described_class.new('abc', 'def', :redirect_uri => 'https://site.com/oauth/callback', :site => 'https://api.example.com') do |builder|
-          builder.adapter :test do |stub|
-            stub.post('/oauth/token', auth_code_params.merge('redirect_uri' => 'https://site.com/oauth/callback')) do
-              [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}']
-            end
-          end
-        end
-        client.auth_code.get_token('code')
-      end
-    end
-    describe 'custom headers' do
-      context 'string key headers' do
-        it 'adds the custom headers to request' do
-          client = described_class.new('abc', 'def', :site => 'https://api.example.com', :auth_scheme => :request_body) do |builder|
-            builder.adapter :test do |stub|
-              stub.post('/oauth/token') do |env|
-                expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'})
-                [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}']
-              end
-            end
-          end
-          header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}}
-          client.auth_code.get_token('code', header_params)
-        end
-      end
-      context 'symbol key headers' do
-        it 'adds the custom headers to request' do
-          client = described_class.new('abc', 'def', :site => 'https://api.example.com', :auth_scheme => :request_body) do |builder|
-            builder.adapter :test do |stub|
-              stub.post('/oauth/token') do |env|
-                expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'})
-                [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}']
-              end
-            end
-          end
-          header_params = {:headers => {'CustomHeader' => 'CustomHeader'}}
-          client.auth_code.get_token('code', header_params)
-        end
-      end
-      context 'string key custom headers with basic auth' do
-        it 'adds the custom headers to request' do
-          client = described_class.new('abc', 'def', :site => 'https://api.example.com') do |builder|
-            builder.adapter :test do |stub|
-              stub.post('/oauth/token') do |env|
-                expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'})
-                [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}']
-              end
-            end
-          end
-          header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}}
-          client.auth_code.get_token('code', header_params)
-        end
-      end
-      context 'symbol key custom headers with basic auth' do
-        it 'adds the custom headers to request' do
-          client = described_class.new('abc', 'def', :site => 'https://api.example.com') do |builder|
-            builder.adapter :test do |stub|
-              stub.post('/oauth/token') do |env|
-                expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'})
-                [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}']
-              end
-            end
-          end
-          header_params = {:headers => {'CustomHeader' => 'CustomHeader'}}
-          client.auth_code.get_token('code', header_params)
-        end
-      end
-    end
-  end
-  describe '#request' do
-    it 'works with a null response body' do
-      expect(subject.request(:get, 'empty_get').body).to eq('')
-    end
-    it 'returns on a successful response' do
-      response = subject.request(:get, '/success')
-      expect(response.body).to eq('yay')
-      expect(response.status).to eq(200)
-      expect(response.headers).to eq('Content-Type' => 'text/awesome')
-    end
-    it 'posts a body' do
-      response = subject.request(:post, '/reflect', :body => 'foo=bar')
-      expect(response.body).to eq('foo=bar')
-    end
-    it 'follows redirects properly' do
-      response = subject.request(:get, '/redirect')
-      expect(response.body).to eq('yay')
-      expect(response.status).to eq(200)
-      expect(response.headers).to eq('Content-Type' => 'text/awesome')
-    end
-    it 'redirects using GET on a 303' do
-      response = subject.request(:post, '/redirect', :body => 'foo=bar')
-      expect(response.body).to be_empty
-      expect(response.status).to eq(200)
-    end
-    it 'obeys the :max_redirects option' do
-      max_redirects = subject.options[:max_redirects]
-      subject.options[:max_redirects] = 0
-      response = subject.request(:get, '/redirect')
-      expect(response.status).to eq(302)
-      subject.options[:max_redirects] = max_redirects
-    end
-    it 'returns if raise_errors is false' do
-      subject.options[:raise_errors] = false
-      response = subject.request(:get, '/unauthorized')
-      expect(response.status).to eq(401)
-      expect(response.headers).to eq('Content-Type' => 'application/json')
-      expect(response.error).not_to be_nil
-    end
-    %w[/unauthorized /conflict /error /different_encoding /ascii_8bit_encoding].each do |error_path|
-      it "raises OAuth2::Error on error response to path #{error_path}" do
-        expect { subject.request(:get, error_path) }.to raise_error(OAuth2::Error)
-      end
-    end
-    # rubocop:disable Style/RedundantBegin
-    it 're-encodes response body in the error message' do
-      begin
-        subject.request(:get, '/ascii_8bit_encoding')
-      rescue StandardError => e
-        expect(e.message.encoding.name).to eq('UTF-8')
-        expect(e.message).to eq("invalid_request: é\n{\"error\":\"invalid_request\",\"error_description\":\"��\"}")
-      end
-    end
-    it 'parses OAuth2 standard error response' do
-      begin
-        subject.request(:get, '/unauthorized')
-      rescue StandardError => e
-        expect(e.code).to eq(error_value)
-        expect(e.description).to eq(error_description_value)
-        expect(e.to_s).to match(/#{error_value}/)
-        expect(e.to_s).to match(/#{error_description_value}/)
-      end
-    end
-    it 'provides the response in the Exception' do
-      begin
-        subject.request(:get, '/error')
-      rescue StandardError => e
-        expect(e.response).not_to be_nil
-        expect(e.to_s).to match(/unknown error/)
-      end
-    end
-    # rubocop:enable Style/RedundantBegin
-    context 'with ENV' do
-      include_context 'with stubbed env'
-      before do
-        stub_env('OAUTH_DEBUG' => 'true')
-      end
-      it 'outputs to $stdout when OAUTH_DEBUG=true' do
-        output = capture(:stdout) do
-          subject.request(:get, '/success')
-        end
-        logs = [
-          '-- request: GET https://api.example.com/success',
-          '-- response: Status 200',
-          '-- response: Content-Type: "text/awesome"',
-        ]
-        expect(output).to include(*logs)
-      end
-    end
-  end
-  describe '#get_token' do
-    it 'returns a configured AccessToken' do
-      client = stubbed_client do |stub|
-        stub.post('/oauth/token') do
-          [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')]
-        end
-      end
-      token = client.get_token({})
-      expect(token).to be_a OAuth2::AccessToken
-      expect(token.token).to eq('the-token')
-    end
-    it 'authenticates with request parameters' do
-      client = stubbed_client(:auth_scheme => :request_body) do |stub|
-        stub.post('/oauth/token', 'client_id' => 'abc', 'client_secret' => 'def') do |env|
-          [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')]
-        end
-      end
-      client.get_token({})
-    end
-    it 'authenticates with Basic auth' do
-      client = stubbed_client(:auth_scheme => :basic_auth) do |stub|
-        stub.post('/oauth/token') do |env|
-          raise Faraday::Adapter::Test::Stubs::NotFound unless env[:request_headers]['Authorization'] == OAuth2::Authenticator.encode_basic_auth('abc', 'def')
-          [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')]
-        end
-      end
-      client.get_token({})
-    end
-    describe 'extract_access_token option' do
-      let(:client) do
-        client = stubbed_client(:extract_access_token => extract_access_token) do |stub|
-          stub.post('/oauth/token') do
-            [200, {'Content-Type' => 'application/json'}, MultiJson.encode('data' => {'access_token' => 'the-token'})]
-          end
-        end
-      end
-      context 'with proc extract_access_token' do
-        let(:extract_access_token) do
-          proc do |client, hash|
-            token = hash['data']['access_token']
-            OAuth2::AccessToken.new(client, token, hash)
-          end
-        end
-        it 'returns a configured AccessToken' do
-          token = client.get_token({})
-          expect(token).to be_a OAuth2::AccessToken
-          expect(token.token).to eq('the-token')
-        end
-      end
-      context 'with depracted Class.from_hash option' do
-        let(:extract_access_token) do
-          CustomAccessToken = Class.new(OAuth2::AccessToken)
-          CustomAccessToken.define_singleton_method(:from_hash) do |client, hash|
-            token = hash['data']['access_token']
-            OAuth2::AccessToken.new(client, token, hash)
-          end
-          CustomAccessToken
-        end
-        it 'returns a configured AccessToken' do
-          token = client.get_token({})
-          expect(token).to be_a OAuth2::AccessToken
-          expect(token.token).to eq('the-token')
-        end
-      end
-    end
-    describe ':raise_errors flag' do
-      let(:options) { {} }
-      let(:token_response) { nil }
-      let(:client) do
-        stubbed_client(options.merge(:raise_errors => raise_errors)) do |stub|
-          stub.post('/oauth/token') do
-            # stub 200 response so that we're testing the get_token handling of :raise_errors flag not request
-            [200, {'Content-Type' => 'application/json'}, token_response]
-          end
-        end
-      end
-      context 'when set to false' do
-        let(:raise_errors) { false }
-        context 'when the request body is nil' do
-          it 'returns a nil :access_token' do
-            expect(client.get_token({})).to eq(nil)
-          end
-        end
-        context 'when the request body is missing the access_token' do
-          let(:token_response) { MultiJson.encode('unexpected_access_token' => 'the-token') }
-          it 'returns a nil :access_token' do
-            expect(client.get_token({})).to eq(nil)
-          end
-        end
-        context 'when extract_access_token raises an exception' do
-          let(:options) do
-            {
-              :extract_access_token => proc { |client, hash| raise ArgumentError },
-            }
-          end
-          it 'returns a nil :access_token' do
-            expect(client.get_token({})).to eq(nil)
-          end
-        end
-      end
-      context 'when set to true' do
-        let(:raise_errors) { true }
-        context 'when the request body is nil' do
-          it 'raises an error' do
-            expect { client.get_token({}) }.to raise_error OAuth2::Error
-          end
-        end
-        context 'when the request body is missing the access_token' do
-          let(:token_response) { MultiJson.encode('unexpected_access_token' => 'the-token') }
-          it 'raises an error' do
-            expect { client.get_token({}) }.to raise_error OAuth2::Error
-          end
-        end
-        context 'when extract_access_token raises an exception' do
-          let(:options) do
-            {
-              :extract_access_token => proc { |client, hash| raise ArgumentError },
-            }
-          end
-          it 'raises an error' do
-            expect { client.get_token({}) }.to raise_error OAuth2::Error
-          end
-        end
-      end
-    end
-    def stubbed_client(params = {}, &stubs)
-      params = {:site => 'https://api.example.com'}.merge(params)
-      OAuth2::Client.new('abc', 'def', params) do |builder|
-        builder.adapter :test, &stubs
-      end
-    end
-  end
-  it 'instantiates an AuthCode strategy with this client' do
-    expect(subject.auth_code).to be_kind_of(OAuth2::Strategy::AuthCode)
-  end
-  it 'instantiates an Implicit strategy with this client' do
-    expect(subject.implicit).to be_kind_of(OAuth2::Strategy::Implicit)
-  end
-  context 'with SSL options' do
-    subject do
-      cli = described_class.new('abc', 'def', :site => 'https://api.example.com', :ssl => {:ca_file => 'foo.pem'})
-      cli.connection.build do |b|
-        b.adapter :test
-      end
-      cli
-    end
-    it 'passes the SSL options along to Faraday::Connection#ssl' do
-      expect(subject.connection.ssl.fetch(:ca_file)).to eq('foo.pem')
-    end
-  end
-end

data/spec/oauth2/mac_token_spec.rb DELETED Viewed

@@ -1,117 +0,0 @@
-describe OAuth2::MACToken do
-  subject { described_class.new(client, token, 'abc123') }
-  let(:token) { 'monkey' }
-  let(:client) do
-    OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com') do |builder|
-      builder.request :url_encoded
-      builder.adapter :test do |stub|
-        VERBS.each do |verb|
-          stub.send(verb, '/token/header') { |env| [200, {}, env[:request_headers]['Authorization']] }
-        end
-      end
-    end
-  end
-  describe '#initialize' do
-    it 'assigns client and token' do
-      expect(subject.client).to eq(client)
-      expect(subject.token).to eq(token)
-    end
-    it 'assigns secret' do
-      expect(subject.secret).to eq('abc123')
-    end
-    it 'defaults algorithm to hmac-sha-256' do
-      expect(subject.algorithm).to be_instance_of(OpenSSL::Digest::SHA256)
-    end
-    it 'handles hmac-sha-256' do
-      mac = described_class.new(client, token, 'abc123', :algorithm => 'hmac-sha-256')
-      expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA256)
-    end
-    it 'handles hmac-sha-1' do
-      mac = described_class.new(client, token, 'abc123', :algorithm => 'hmac-sha-1')
-      expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA1)
-    end
-    it 'raises on improper algorithm' do
-      expect { described_class.new(client, token, 'abc123', :algorithm => 'invalid-sha') }.to raise_error(ArgumentError)
-    end
-  end
-  describe '#request' do
-    VERBS.each do |verb|
-      it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do
-        expect(subject.post('/token/header').body).to include("MAC id=\"#{token}\"")
-      end
-    end
-  end
-  describe '#header' do
-    it 'does not generate the same header twice' do
-      header = subject.header('get', 'https://www.example.com/hello')
-      duplicate_header = subject.header('get', 'https://www.example.com/hello')
-      expect(header).not_to eq(duplicate_header)
-    end
-    it 'generates the proper format' do
-      header = subject.header('get', 'https://www.example.com/hello?a=1')
-      expect(header).to match(/MAC id="#{token}", ts="[0-9]+", nonce="[^"]+", mac="[^"]+"/)
-    end
-    it 'passes ArgumentError with an invalid url' do
-      expect { subject.header('get', 'this-is-not-valid') }.to raise_error(ArgumentError)
-    end
-    it 'passes URI::InvalidURIError through' do
-      expect { subject.header('get', nil) }.to raise_error(URI::InvalidURIError)
-    end
-  end
-  describe '#signature' do
-    it 'generates properly' do
-      signature = subject.signature(0, 'random-string', 'get', URI('https://www.google.com'))
-      expect(signature).to eq('rMDjVA3VJj3v1OmxM29QQljKia6msl5rjN83x3bZmi8=')
-    end
-  end
-  describe '#headers' do
-    it 'is an empty hash' do
-      expect(subject.headers).to eq({})
-    end
-  end
-  describe '.from_access_token' do
-    subject { described_class.from_access_token(access_token, 'hello') }
-    let(:access_token) do
-      OAuth2::AccessToken.new(
-        client, token,
-        :expires_at => 1,
-        :expires_in => 1,
-        :refresh_token => 'abc',
-        :random => 1
-      )
-    end
-    it 'initializes client, token, and secret properly' do
-      expect(subject.client).to eq(client)
-      expect(subject.token).to eq(token)
-      expect(subject.secret).to eq('hello')
-    end
-    it 'initializes configuration options' do
-      expect(subject.expires_at).to eq(1)
-      expect(subject.expires_in).to eq(1)
-      expect(subject.refresh_token).to eq('abc')
-    end
-    it 'initializes params' do
-      expect(subject.params).to eq(:random => 1)
-    end
-  end
-end