oauth2_provider_engine 0.0.1

data/test/dummy/spec/factories/oauth.rb

@@ -0,0 +1,106 @@
+require File.expand_path(File.dirname(__FILE__) + '/../support/settings_helper')
+include SettingsHelper
+
+FactoryGirl.define do
+
+  factory :user do
+     email "alice@example.com"
+     password "example"
+     admin false
+  end
+
+  factory :user_bob, class: User do
+     email "bob@example.com"
+     password "example"
+     admin false
+  end
+
+  factory :admin, class: User do
+     email "admin@example.com"
+     password "example"
+     admin true
+  end
+
+  factory :oauth_access, class: Oauth2Provider::OauthAccess do
+    client_uri CLIENT_URI
+    resource_owner_uri USER_URI
+  end
+
+
+  factory :oauth_authorization, class: Oauth2Provider::OauthAuthorization do
+    client_uri CLIENT_URI
+    resource_owner_uri USER_URI
+    scope ALL_SCOPE
+  end
+
+
+  factory :oauth_token, class: Oauth2Provider::OauthToken do
+    client_uri CLIENT_URI
+    resource_owner_uri USER_URI
+    scope ALL_SCOPE
+  end
+
+  factory :oauth_token_read, parent: :oauth_token do
+    scope READ_SCOPE
+  end
+
+
+  factory :client, class: Oauth2Provider::Client do
+    uri CLIENT_URI
+    name "the client"
+    created_from USER_URI
+    redirect_uri REDIRECT_URI
+    scope ["pizzas"]
+    scope_values ALL_SCOPE
+  end
+
+  factory :client_read, parent: :client do
+    uri ANOTHER_CLIENT_URI
+    scope ["pizzas/read"]
+    scope_values READ_SCOPE
+  end
+
+  factory :client_not_owned, parent: :client do
+    name "Not owned client"
+    created_from ANOTHER_USER_URI
+  end
+
+
+  factory :scope, class: Oauth2Provider::Scope do
+    uri SCOPE_URI
+    name "pizzas"
+  end
+
+  factory :scope_pizzas_read, parent: :scope do
+    name "pizzas/read"
+    values ["pizzas/index", "pizzas/show"]
+  end
+
+  factory :scope_pizzas_all, parent: :scope do
+    name "pizzas"
+    values ["pizzas/read", "pizzas/create", "pizzas/update", "pizzas/destroy"]
+  end
+
+  factory :scope_pastas_read, parent: :scope do
+    name "pastas/read"
+    values ["pastas/index", "pastas/show"]
+  end
+
+  factory :scope_pastas_all, parent: :scope do
+    name "pastas"
+    values ["pastas/create", "pastas/update", "pastas/destroy", "pastas/read"]
+  end
+
+  factory :scope_read, parent: :scope do
+    name "read"
+    values ["pizzas/read", "pastas/read"]
+  end
+
+  factory :scope_all, parent: :scope do
+    name "all"
+    values ["pizzas", "pastas"]
+  end
+
+end
+
+

data/test/dummy/spec/models/oauth/client_spec.rb

@@ -0,0 +1,123 @@
+require 'spec_helper'
+module Oauth2Provider
+describe Client do
+  before  { @client = FactoryGirl.create(:client) }
+  subject { @client }
+
+  it { should validate_presence_of(:name) }
+  it { should validate_presence_of(:uri) }
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:uri) } }
+  it { should validate_presence_of(:created_from) }
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:created_from) } }
+  it { should validate_presence_of(:redirect_uri) }
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:redirect_uri) } }
+
+  its(:secret) { should_not be_nil }
+
+  it ".granted!" do
+    lambda{ subject.granted! }.should change{ subject.granted_times }.by(1)
+  end
+
+  it ".revoked!" do
+    lambda{ subject.revoked! }.should change{ subject.revoked_times }.by(1)
+  end
+
+  it { should_not be_blocked }
+  context "#block!" do
+    before { @authorization         = FactoryGirl.create(:oauth_authorization) }
+    before { @another_authorization = FactoryGirl.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI) }
+    before { @token                 = FactoryGirl.create(:oauth_token) }
+    before { @another_token         = FactoryGirl.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI) }
+
+    before { subject.block! }
+
+    it { should be_blocked }
+    it { @authorization.reload.should be_blocked }
+    it { @another_authorization.reload.should_not be_blocked }
+    it { @token.reload.should be_blocked }
+    it { @another_token.reload.should_not be_blocked }
+
+    context "#unblock!" do
+      before { subject.unblock! }
+
+      it { should_not be_blocked }
+      it { @authorization.reload.should be_blocked }
+      it { @token.reload.should be_blocked }
+    end
+  end
+
+  context ".find_by_secret" do
+    let(:found) { Client.where_secret(subject.secret, subject.uri).first }
+    it { found.should_not be_nil }
+  end
+
+  context ".where_scope" do
+    context "with complete scope" do
+      let(:scope) { ALL_SCOPE }
+      subject { Client.where_scope(scope).first }
+      it { should_not be_nil }
+    end
+
+    context "with partial scope" do
+      let(:scope) { ["pizzas/show", "pizzas/create"] }
+      subject { Client.where_scope(scope).first }
+      it { should_not be_nil }
+    end
+
+    context "with invalid scope" do
+      let(:scope) { ["type.write", "reresource.not_existingg"] }
+      subject { Client.where_scope(scope).first }
+      it { should be_nil }
+    end
+  end
+
+  context "#destroy" do
+    subject { FactoryGirl.create(:client) }
+    before do
+      OauthAuthorization.destroy_all
+      3.times { FactoryGirl.create(:oauth_authorization) }
+      OauthToken.destroy_all
+      3.times { FactoryGirl.create(:oauth_token) }
+    end
+
+    it "should remove related authorizations" do
+      lambda{ subject.destroy }.should change{
+        OauthAuthorization.all.size
+      }.by(-3)
+    end
+
+    it "should remove related tokens" do
+      lambda{ subject.destroy }.should change{
+        OauthToken.all.size
+      }.by(-3)
+    end
+  end
+
+  context ".sync_clients_with_scope" do
+    before { Client.destroy_all }
+    before { Scope.destroy_all }
+
+    before { @client = FactoryGirl.create(:client) }
+    before { @read_client = FactoryGirl.create(:client_read) }
+    before { @scope = FactoryGirl.create(:scope_pizzas_all) }
+    before { @scope_read = FactoryGirl.create(:scope_pizzas_read, values: ["pizzas/show"]) }
+    before { Client.sync_clients_with_scope("pizzas/read") }
+
+    context "with indirect scope" do
+      subject { @client.reload.scope_values }
+      it { should include "pizzas/show" }
+      it { should include "pizzas/create" }
+      it { should include "pizzas/update" }
+      it { should include "pizzas/destroy" }
+      it { should_not include "pizzas/index" }
+    end
+
+    context "with direct scope" do
+      subject { @read_client.reload.scope_values }
+      it { should include "pizzas/show" }
+      it { should_not include "pizzas/index" }
+    end
+  end
+
+end
+end

data/test/dummy/spec/models/oauth/oauth_access_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe Oauth2Provider::OauthAccess do
+  before { @access = FactoryGirl.create(:oauth_access) }
+  subject { @access }
+
+  it { should validate_presence_of(:client_uri) }
+  it { should validate_presence_of(:resource_owner_uri) }
+  it { should_not be_blocked }
+
+  context "#block!" do
+    before { @authorization = FactoryGirl.create(:oauth_authorization) }
+    before { @another_authorization = FactoryGirl.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI) }
+    before { @token = FactoryGirl.create(:oauth_token) }
+    before { @another_token = FactoryGirl.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI) }
+
+    before { subject.block! }
+
+    it { should be_blocked }
+    it { @authorization.reload.should be_blocked }
+    it { @another_authorization.reload.should_not be_blocked }
+    it { @token.reload.should be_blocked }
+    it { @another_token.reload.should_not be_blocked }
+
+    context "#unblock!" do
+      before { subject.unblock! }
+
+      it { should_not be_blocked }
+      it { @authorization.reload.should be_blocked }
+      it { @token.reload.should be_blocked }
+    end
+  end
+
+  context "when increment access" do
+    let(:today)    { Chronic.parse("today at midday") }
+    let(:tomorrow) { Chronic.parse("tomorrow at midday") }
+
+    it "should create or increment the daily requests counter" do
+      Delorean.time_travel_to today
+      3.times { @access.accessed! }
+      @access.daily_requests.times.should == 3
+      Delorean.time_travel_to tomorrow
+      @access.accessed!
+      @access.daily_requests.times.should == 1
+    end
+  end
+
+end

data/test/dummy/spec/models/oauth/oauth_authorization_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe Oauth2Provider::OauthAuthorization do
+  before  { @authorization = FactoryGirl.create(:oauth_authorization) }
+  subject { @authorization }
+
+  it { should validate_presence_of(:client_uri) }
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:client_uri) } }
+  it { should validate_presence_of(:resource_owner_uri) }
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:resource_owner_uri) } }
+
+  its(:code) { should_not be_nil }
+  its(:expire_at) { should_not be_nil }
+
+  it { should_not be_blocked }
+  context "#block" do
+    before { subject.block! }
+    it { should be_blocked }
+  end
+
+  context ".block_client!" do
+    before { @another_client_authorization = FactoryGirl.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI) }
+    before { Oauth2Provider::OauthAuthorization.block_client!(CLIENT_URI) }
+
+    it { @authorization.reload.should be_blocked }
+    it { @another_client_authorization.reload.should_not be_blocked }
+  end
+
+  context ".block_access!" do
+    before { @another_client_authorization = FactoryGirl.create(:oauth_authorization, client_uri: ANOTHER_CLIENT_URI)}
+    before { @another_owner_authorization  = FactoryGirl.create(:oauth_authorization, resource_owner_uri: ANOTHER_USER_URI) }
+    before { Oauth2Provider::OauthAuthorization.block_access!(CLIENT_URI, USER_URI) }
+
+    it { @authorization.reload.should be_blocked }
+    it { @another_client_authorization.reload.should_not be_blocked }
+    it { @another_owner_authorization.reload.should_not be_blocked }
+  end
+
+  it "#expired?" do
+    subject.should_not be_expired
+    Delorean.time_travel_to("in 151 seconds")
+    subject.should be_expired
+  end
+
+  it ".where_code_and_client_uri" do
+    result = Oauth2Provider::OauthAuthorization.where_code_and_client_uri(subject.code, subject.client_uri).first
+    result.should == subject
+  end
+
+end

data/test/dummy/spec/models/oauth/oauth_daily_request_spec.rb

@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+describe Oauth2Provider::OauthToken do
+
+  let(:access) { FactoryGirl.create(:oauth_access) }
+  let(:time) { Chronic.parse("17 august 1982") }
+  let(:day_requests) { access.daily_requests(time) }
+
+  its(:day)     { day_requests.day.should == "17" }
+  its(:month)   { day_requests.month.should == "08" }
+  its(:year)    { day_requests.year.should == "1982" }
+  its(:time_id) { day_requests.time_id.should == "19820817" }
+
+end

data/test/dummy/spec/models/oauth/oauth_refresh_token_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+describe Oauth2Provider::OauthRefreshToken do
+  before  { @token = FactoryGirl.create(:oauth_token) }
+  before  { @refresh_token = Oauth2Provider::OauthRefreshToken.create(access_token: @token.token) }
+  subject { @refresh_token }
+
+  it { should validate_presence_of :access_token }
+
+  its(:refresh_token) {should_not be_nil }
+end

data/test/dummy/spec/models/oauth/oauth_token_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe Oauth2Provider::OauthToken do
+  before  { @token = FactoryGirl.create(:oauth_token) }
+  subject { @token }
+
+  it { should validate_presence_of(:client_uri) }
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:client_uri) } }
+  it { should validate_presence_of(:resource_owner_uri) }
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:resource_owner_uri) } }
+
+  its(:token) { should_not be_nil }
+  its(:refresh_token) { should_not be_nil }
+  it { should_not be_blocked }
+
+  context "#block!" do
+    before { subject.block! }
+    it { should be_blocked }
+  end
+
+  context ".block_client!" do
+    before { @another_client_token = FactoryGirl.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI) }
+    before { Oauth2Provider::OauthToken.block_client!(CLIENT_URI) }
+
+    it { @token.reload.should be_blocked }
+    it { @another_client_token.should_not be_blocked }
+  end
+
+  context ".block_access!" do
+    before { @another_client_token = FactoryGirl.create(:oauth_token, client_uri: ANOTHER_CLIENT_URI)}
+    before { @another_owner_token  = FactoryGirl.create(:oauth_token, resource_owner_uri: ANOTHER_USER_URI) }
+    before { Oauth2Provider::OauthToken.block_access!(CLIENT_URI, USER_URI) }
+
+    it { @token.reload.should be_blocked }
+    it { @another_client_token.should_not be_blocked }
+    it { @another_owner_token.should_not be_blocked }
+  end
+
+  context ".exist" do
+    it "should find the token" do
+      existing = Oauth2Provider::OauthToken.exist(@token.client_uri,
+                                  @token.resource_owner_uri,
+                                  @token.scope).first
+      existing.should_not be_nil
+    end
+  end
+
+
+  it "#expired?" do
+    subject.should_not be_expired
+    Delorean.time_travel_to("in #{Oauth2Provider.settings["token_expires_in"]} seconds")
+    subject.should be_expired
+  end
+
+end

data/test/dummy/spec/models/scope_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe Oauth2Provider::Scope do
+  before  { @scope = FactoryGirl.create(:scope, values: ALL_SCOPE) }
+  subject { @scope }
+
+  it { should validate_presence_of(:name) }
+  it { should validate_presence_of(:name) }
+
+  it { VALID_URIS.each{|uri| should allow_value(uri).for(:uri) } }
+  it { INVALID_URIS.each{|uri| should_not allow_value(uri).for(:uri) } }
+
+  it { should_not allow_mass_assignment_of(:values) }
+  it { should_not allow_mass_assignment_of(:uri) }
+
+  its(:values) { should be_a_kind_of Array }
+end

data/test/dummy/spec/spec_helper.rb

@@ -0,0 +1,39 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../config/environment", __FILE__)
+require 'rspec/rails'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
+
+# Require shared examples ruby files
+Dir[Rails.root.join("spec/**/shared/*.rb")].each {|f| require f}
+
+RSpec.configure do |config|
+
+  # Include helpers and global vars
+  config.include SettingsHelper
+
+  # Include extra rspec matchers
+  config.include Mongoid::Matchers
+
+  # Include time travel methods
+  config.include Delorean
+
+  # Mock library
+  config.mock_with :rspec
+
+  # User cleanup before each test
+  config.before(:each) do
+    User.destroy_all
+  end
+
+  # Cleaning up MongoDB afterspecs have ben executed
+  config.after :suite do
+    Mongoid.master.collections.select do |collection|
+      collection.name !~ /system/
+    end.each(&:drop)
+  end
+
+end