oauth2_provider_engine 0.0.1

data/test/dummy/spec/acceptance/support/helpers.rb

@@ -0,0 +1,81 @@
+module HelperMethods
+
+  def login(user, password = "example")
+    visit "/log_in"
+    fill_in "email", with: user.email
+    fill_in "password", with: password
+    click_button "Log in"
+  end
+
+
+  # Driver switch
+  def use_javascript
+    Capybara.default_driver = :selenium
+    Capybara.javascript_driver = :selenium
+  end
+
+  def use_default
+    Capybara.default_driver = :rack_test
+    Capybara.javascript_driver = :rack_test
+  end
+
+
+  # Authorization page URIs
+  def authorization_grant_page(client, scope)
+    uri = "/oauth/authorize?response_type=code" + authorization_params(client, scope)
+    return URI.escape(uri)
+  end
+
+  def implicit_grant_page(client, scope)
+    uri = "/oauth/authorize?response_type=token" + authorization_params(client, scope)
+    return URI.escape(uri)
+  end
+
+  def authorization_params(client, scope)
+    uri  = "&scope=#{scope}"
+    uri += "&client_id=#{client.uri}"
+    uri += "&redirect_uri=#{client.redirect_uri}"
+  end
+
+
+  # Redirect URIs
+  def authorization_grant_uri(client)
+    authorization = Oauth2Provider::OauthAuthorization.last
+    client.redirect_uri + "?code=" + authorization.code
+  end
+
+  def implicit_grant_uri(client)
+    token = Oauth2Provider::OauthToken.last
+    token.token.should_not be_nil
+    uri = client.redirect_uri + "#token=" + token.token + "&expires_in=" + Oauth2Provider.settings["token_expires_in"]
+  end
+
+  def authorization_denied_uri(client)
+    client.redirect_uri + "?error=access_denied"
+  end
+
+  def implicit_denied_uri(client)
+    client.redirect_uri + "#error=access_denied"
+  end
+
+
+  # Token generation (via POST requests)
+  def create_token_uri(attributes)
+    uri = Addressable::URI.new
+    uri.query_values = attributes
+    page.driver.post("/oauth/token", uri.query)
+  end
+
+  def response_should_have_access_token
+    token = Oauth2Provider::OauthToken.last
+    page.should have_content(token.token)
+  end
+
+  def response_should_have_refresh_token
+    refresh_token = Oauth2Provider::OauthRefreshToken.last
+    page.should have_content(refresh_token.refresh_token)
+  end
+
+end
+
+RSpec.configuration.include HelperMethods, :type => :acceptance

data/test/dummy/spec/acceptance/support/paths.rb

@@ -0,0 +1,9 @@
+module NavigationHelpers
+  # Put helper methods related to the paths in your application here.
+
+  def homepage
+    "/"
+  end
+end
+
+RSpec.configuration.include NavigationHelpers, :type => :acceptance

data/test/dummy/spec/acceptance/support/view_helpers.rb

@@ -0,0 +1,52 @@
+module ViewHelperMethods
+
+  # Scope
+  def should_visualize_scope(scope)
+    page.should have_content(scope.name)
+    page.should have_content(scope.values_pretty)
+  end
+
+  def fill_scope(name, values)
+    fill_in 'Name', with: name
+    fill_in 'Values', with: values
+  end
+
+  # User
+  def should_visualize_user(user)
+    page.should have_content(user.email)
+  end
+
+  # Client
+  def should_visualize_client(client)
+    page.should have_content(client.name)
+  end
+
+  def should_visualize_client_details(client)
+    page.should have_content(client.name)
+    page.should have_content(client.uri)
+    page.should have_content(client.secret)
+    page.should have_content(client.site_uri)
+    page.should have_content(client.redirect_uri)
+    page.should have_content(client.scope_values_pretty)
+    page.should have_content("pizzas/create")
+    page.should have_content(client.info)
+  end
+
+  def fill_client(name = "example")
+    fill_in "Name", with: name
+    fill_in "Site", with: HOST
+    fill_in "Redirect", with: REDIRECT_URI
+    fill_in "Scope", with: "pizzas"
+    fill_in "Info", with: "This is an example app"
+  end
+
+  # bearer token
+  def should_not_be_authorized
+    page.status_code.should == 401
+    page.should have_content "Unauthorized access"
+  end
+
+end
+
+RSpec.configuration.include ViewHelperMethods, :type => :acceptance
+

data/test/dummy/spec/acceptance/users_controller_spec.rb

@@ -0,0 +1,198 @@
+require File.expand_path(File.dirname(__FILE__) + '/acceptance_helper')
+
+feature "UsersController" do
+  before { host! "http://" + host }
+  before { @user = FactoryGirl.create(:user) }
+  before { @bob = FactoryGirl.create(:user_bob) }
+  before { @admin = FactoryGirl.create(:admin) }
+
+
+  context ".index" do
+    before { @uri = "/users" }
+
+    context "when not logged in" do
+      scenario "is not authorized" do
+        visit @uri
+        current_url.should == host + "/log_in"
+      end
+    end
+
+    context "when logged in" do
+      context "when admin" do
+        before { login(@admin) }
+        scenario "list all resources" do
+          visit @uri
+          [@user, @bob].each do |user|
+            should_visualize_user(user)
+          end
+        end
+      end
+
+      context "when not admin" do
+        before { login(@user) }
+        scenario "do not list all resources" do
+          visit @uri
+          page.should have_content "Unauthorized access"
+        end
+      end
+    end
+  end
+
+
+  context ".show" do
+    before { @uri = "/users/" + @user.id.as_json }
+
+    context "when not logged in" do
+      scenario "is not authorized" do
+        visit @uri
+        current_url.should == host + "/log_in"
+      end
+    end
+
+    context "when logged in" do
+      before { login(@user) }
+
+      scenario "view a resource" do
+        visit @uri
+        should_visualize_user(@user)
+      end
+
+      scenario "resource not found" do
+        @user.destroy
+        visit @uri
+        current_url.should == host + "/log_in"
+      end
+
+      scenario "access other users profile" do
+        login @bob
+        visit @uri
+        page.should have_content "Resource not found"
+      end
+
+      scenario "access with illegal id" do
+        visit "/users/0"
+        page.should have_content "Resource not found"
+      end
+    end
+  end
+
+
+  context ".create" do
+    before { @uri = "/sign_up" }
+
+    context "when valid" do
+      before do
+        visit @uri
+        fill_in "Email", with: "new@example.com"
+        fill_in "Password", with: "example"
+        click_button 'Create User'
+      end
+
+      scenario "create a resource" do
+        page.should have_content "Signed up"
+      end
+    end
+
+    context "when not valid" do
+      scenario "fails" do
+        visit @uri
+        fill_in "Email", with: ""
+        fill_in "Password", with: ""
+        click_button 'Create User'
+        page.should have_content "Email can't be blank"
+        page.should have_content "Password can't be blank"
+      end
+    end
+
+    context "when no admin exists" do
+      before { @admin.destroy }
+      scenario "create admin" do
+        visit @uri
+        page.should have_content "admin"
+        fill_in "Email", with: "new@example.com"
+        fill_in "Password", with: "example"
+        click_button 'Create User'
+        User.last.should be_admin
+      end
+    end
+  end
+
+
+  context ".update" do
+    before { @uri = "/users/" + @user.id.as_json +  "/edit" }
+
+    context "when not logged in" do
+      scenario "is not authorized" do
+        visit @uri
+        current_url.should == host + "/log_in"
+      end
+    end
+
+    context "when logged in" do
+      before { login(@user) }
+      let(:name) { "Alice is my name" }
+
+      scenario "when update fields" do
+        visit @uri
+        fill_in "Name", with: name
+        click_button "Update User"
+        page.should have_content(name)
+      end
+
+      context "when update the password" do
+        let(:new_pass) { "asecurepassword"}
+
+        context "when valid" do
+          before do
+            visit @uri
+            fill_in "Password", with: new_pass
+            click_button "Update User"
+            click_link "Log out"
+          end
+
+          scenario "should log with new pass" do
+            login(@user, new_pass)
+            page.should have_content "Logged in"
+          end
+
+          scenario "should not log with old pass" do
+            login(@user)
+            page.should_not have_content "Logged in"
+            page.should have_content "Invalid email or password"
+          end
+        end
+
+        scenario "when empty" do
+          visit @uri
+          fill_in "Password", with: ""
+          click_button "Update User"
+          click_link "Log out"
+          login(@user)
+          page.should have_content "Logged in"
+        end
+      end
+
+      scenario "when resource not found" do
+        @user.destroy
+        visit @uri
+        current_url.should == host + "/log_in"
+      end
+
+      scenario "when illegal id" do
+        visit "/users/0"
+        page.should have_content "Resource not found"
+      end
+
+      scenario "when edit other users profile" do
+        login @bob
+        visit @uri
+        page.should have_content "Resource not found"
+      end
+    end
+  end
+
+  #context ".destroy" do
+  #end
+
+end
+

data/test/dummy/spec/extras/scope_spec.rb

@@ -0,0 +1,105 @@
+require 'spec_helper'
+
+describe "Oauth" do
+  before { Oauth2Provider::Scope.destroy_all }
+
+  before { @scope = FactoryGirl.create(:scope_pizzas_read) }
+  before { @scope = FactoryGirl.create(:scope_pizzas_all) }
+  before { @scope = FactoryGirl.create(:scope_pastas_read) }
+  before { @scope = FactoryGirl.create(:scope_pastas_all) }
+  before { @scope = FactoryGirl.create(:scope_read) }
+  before { @scope = FactoryGirl.create(:scope_all) }
+
+  context "#normalize_scope" do
+    context "single resource" do
+      context "single action" do
+        let(:normalized) { Oauth2Provider.normalize_scope("pizzas/index") }
+        subject { normalized }
+        it { should include "pizzas/index" }
+      end
+
+      context "read actions" do
+        let(:normalized) { Oauth2Provider.normalize_scope("pizzas/read") }
+        subject { normalized }
+
+        it { should include "pizzas/index" }
+        it { should include "pizzas/show" }
+        it { should_not include "pizzas/create"}
+      end
+
+      context "read actions and create action" do
+        let(:normalized) { Oauth2Provider.normalize_scope("pizzas/read pizzas/create") }
+        subject { normalized }
+
+        it { should include "pizzas/index" }
+        it { should include "pizzas/show" }
+        it { should include "pizzas/create"}
+      end
+
+      context "all rest actions" do
+        let(:normalized) { Oauth2Provider.normalize_scope("pizzas") }
+        subject { normalized }
+
+        it { should include "pizzas/index" }
+        it { should include "pizzas/show" }
+        it { should include "pizzas/create" }
+        it { should include "pizzas/update" }
+        it { should include "pizzas/destroy"}
+        it { should_not include "pastas/index" }
+        it { should_not include "pizzas" }
+      end
+    end
+
+    context "all resources" do
+      context "single actions" do
+        let(:normalized) { Oauth2Provider.normalize_scope("pizzas/index pastas/index") }
+        subject { normalized }
+        it { should include "pizzas/index" }
+        it { should_not include "pizzas/show" }
+        it { should include "pastas/index" }
+        it { should_not include "pastas/show" }
+      end
+
+      context "read actions" do
+        let(:normalized) { Oauth2Provider.normalize_scope("read") }
+        subject { normalized }
+
+        it { should include "pizzas/index" }
+        it { should include "pizzas/show" }
+        it { should_not include "pizzas/create"}
+
+        it { should include "pastas/index" }
+        it { should include "pastas/show" }
+        it { should_not include "pastas/create"}
+
+        it { should_not include "read" }
+        it { should_not include "pizzas/read" }
+        it { should_not include "pastas/read" }
+      end
+
+      context "all rest actions" do
+        let(:normalized) { Oauth2Provider.normalize_scope("all") }
+        subject { normalized }
+
+        it { should include "pizzas/index" }
+        it { should include "pizzas/show" }
+        it { should include "pizzas/create" }
+        it { should include "pizzas/update" }
+        it { should include "pizzas/destroy"}
+
+        it { should include "pastas/index" }
+        it { should include "pastas/show" }
+        it { should include "pastas/create" }
+        it { should include "pastas/update" }
+        it { should include "pastas/destroy"}
+
+        it { should_not include "all"}
+        it { should_not include "pizzas"}
+        it { should_not include "pastas"}
+        it { should_not include "pizzas/read"}
+        it { should_not include "pastas/read"}
+      end
+    end
+
+  end
+end