omniauth-hackid 0.0.1

data/test/signed_request_test.rb

@@ -0,0 +1,109 @@
+module SignedRequestHelpers
+  def signed_request(payload, secret)
+    encoded_payload = base64_encode_url(MultiJson.encode(payload))
+    encoded_signature = base64_encode_url(signature(encoded_payload, secret))
+    [encoded_signature, encoded_payload].join('.')
+  end
+
+  def base64_encode_url(value)
+    Base64.encode64(value).tr('+/', '-_').gsub(/\n/, '')
+  end
+
+  def signature(payload, secret, algorithm = OpenSSL::Digest::SHA256.new)
+    OpenSSL::HMAC.digest(algorithm, secret, payload)
+  end
+end
+
+module SignedRequestTests
+  class TestCase < StrategyTestCase
+    include SignedRequestHelpers
+  end
+
+  class CookieAndParamNotPresentTest < TestCase
+    test 'is nil' do
+      assert_nil strategy.send(:signed_request)
+    end
+  end
+
+  class CookiePresentTest < TestCase
+    def setup
+      super
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'code' => 'm4c0d3z',
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
+    end
+
+    test 'parses the access code out from the cookie' do
+      assert_equal @payload, strategy.send(:signed_request)
+    end
+  end
+
+  class ParamPresentTest < TestCase
+    def setup
+      super
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'oauth_token' => 'XXX',
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:params).returns({'signed_request' => signed_request(@payload, @client_secret)})
+    end
+
+    test 'parses the access code out from the param' do
+      assert_equal @payload, strategy.send(:signed_request)
+    end
+  end
+
+  class CookieAndParamPresentTest < TestCase
+    def setup
+      super
+      @payload_from_cookie = {
+        'algorithm' => 'HMAC-SHA256',
+        'from' => 'cookie'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload_from_cookie, @client_secret)})
+
+      @payload_from_param = {
+        'algorithm' => 'HMAC-SHA256',
+        'from' => 'param'
+      }
+
+      @request.stubs(:params).returns({'signed_request' => signed_request(@payload_from_param, @client_secret)})
+    end
+
+    test 'picks param over cookie' do
+      assert_equal @payload_from_param, strategy.send(:signed_request)
+    end
+  end
+end
+
+class RequestPhaseWithSignedRequestTest < StrategyTestCase
+  include SignedRequestHelpers
+
+  def setup
+    super
+
+    payload = {
+      'algorithm' => 'HMAC-SHA256',
+      'oauth_token' => 'm4c0d3z'
+    }
+    @raw_signed_request = signed_request(payload, @client_secret)
+    @request.stubs(:params).returns("signed_request" => @raw_signed_request)
+
+    strategy.stubs(:callback_url).returns('/')
+  end
+
+  test 'redirects to callback passing along signed request' do
+    strategy.expects(:redirect).with("/?signed_request=#{Rack::Utils.escape(@raw_signed_request)}").once
+    strategy.request_phase
+  end
+end
+

data/test/strategy_test.rb

@@ -0,0 +1,3 @@
+class StrategyTest < StrategyTestCase
+  include OAuth2StrategyTests
+end

data/test/support/shared_examples.rb

@@ -0,0 +1,85 @@
+# NOTE it would be useful if this lived in omniauth-oauth2 eventually
+module OAuth2StrategyTests
+  def self.included(base)
+    base.class_eval do
+      include ClientTests
+      include AuthorizeParamsTests
+      include CSRFAuthorizeParamsTests
+      include TokenParamsTests
+    end
+  end
+  
+  module ClientTests
+    extend BlockTestHelper
+    
+    test 'should be initialized with symbolized client_options' do
+      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+      assert_equal 'https://example.com', strategy.client.options[:authorize_url]
+    end
+  end
+
+  module AuthorizeParamsTests
+    extend BlockTestHelper
+    
+    test 'should include any authorize params passed in the :authorize_params option' do
+      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+      assert_equal 'bar', strategy.authorize_params['foo']
+      assert_equal 'zip', strategy.authorize_params['baz']
+    end
+
+    test 'should include top-level options that are marked as :authorize_options' do
+      @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      assert_equal 'bar', strategy.authorize_params['scope']
+      assert_equal 'baz', strategy.authorize_params['foo']
+    end
+    
+    test 'should exclude top-level options that are not passed' do
+      @options = { :authorize_options => [:bar] }
+      refute_has_key :bar, strategy.authorize_params
+      refute_has_key 'bar', strategy.authorize_params
+    end
+  end
+
+  module CSRFAuthorizeParamsTests
+    extend BlockTestHelper
+
+    test 'should store random state in the session when none is present in authorize or request params' do
+      assert_includes strategy.authorize_params.keys, 'state'
+      refute_empty strategy.authorize_params['state']
+      refute_empty strategy.session['omniauth.state']
+      assert_equal strategy.authorize_params['state'], strategy.session['omniauth.state']
+    end
+
+    test 'should store state in the session when present in authorize params vs. a random one' do
+      @options = { :authorize_params => { :state => 'bar' } }
+      refute_empty strategy.authorize_params['state']
+      assert_equal 'bar', strategy.authorize_params[:state]
+      refute_empty strategy.session['omniauth.state']
+      assert_equal 'bar', strategy.session['omniauth.state']
+    end
+
+    test 'should store state in the session when present in request params vs. a random one' do
+      @request.stubs(:params).returns({ 'state' => 'foo' })
+      refute_empty strategy.authorize_params['state']
+      assert_equal 'foo', strategy.authorize_params[:state]
+      refute_empty strategy.session['omniauth.state']
+      assert_equal 'foo', strategy.session['omniauth.state']
+    end
+  end
+
+  module TokenParamsTests
+    extend BlockTestHelper
+    
+    test 'should include any authorize params passed in the :token_params option' do
+      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+      assert_equal 'bar', strategy.token_params['foo']
+      assert_equal 'zip', strategy.token_params['baz']
+    end
+
+    test 'should include top-level options that are marked as :token_options' do
+      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      assert_equal 'bar', strategy.token_params['scope']
+      assert_equal 'baz', strategy.token_params['foo']
+    end
+  end
+end

data/test/test.rb

@@ -0,0 +1,162 @@
+require 'helper'
+require 'omniauth-hackid'
+require 'openssl'
+require 'base64'
+
+module SignedRequestHelpers
+  def signed_request(payload, secret)
+    encoded_payload = base64_encode_url(MultiJson.encode(payload))
+    encoded_signature = base64_encode_url(signature(encoded_payload, secret))
+    [encoded_signature, encoded_payload].join('.')
+  end
+
+  def base64_encode_url(value)
+    Base64.encode64(value).tr('+/', '-_').gsub(/\n/, '')
+  end
+
+  def signature(payload, secret, algorithm = OpenSSL::Digest::SHA256.new)
+    OpenSSL::HMAC.digest(algorithm, secret, payload)
+  end
+end
+
+module SignedRequestTests
+  class TestCase < StrategyTestCase
+    include SignedRequestHelpers
+  end
+
+  class CookieAndParamNotPresentTest < TestCase
+    test 'is nil' do
+      assert_nil strategy.send(:signed_request)
+    end
+  end
+
+  class CookiePresentTest < TestCase
+    def setup
+      super
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'code' => 'm4c0d3z',
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
+    end
+
+    test 'parses the access code out from the cookie' do
+      assert_equal @payload, strategy.send(:signed_request)
+    end
+  end
+
+  class ParamPresentTest < TestCase
+    def setup
+      super
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'oauth_token' => 'XXX',
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:params).returns({'signed_request' => signed_request(@payload, @client_secret)})
+    end
+
+    test 'parses the access code out from the param' do
+      assert_equal @payload, strategy.send(:signed_request)
+    end
+  end
+
+  class CookieAndParamPresentTest < TestCase
+    def setup
+      super
+      @payload_from_cookie = {
+        'algorithm' => 'HMAC-SHA256',
+        'from' => 'cookie'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload_from_cookie, @client_secret)})
+
+      @payload_from_param = {
+        'algorithm' => 'HMAC-SHA256',
+        'from' => 'param'
+      }
+
+      @request.stubs(:params).returns({'signed_request' => signed_request(@payload_from_param, @client_secret)})
+    end
+
+    test 'picks param over cookie' do
+      assert_equal @payload_from_param, strategy.send(:signed_request)
+    end
+  end
+end
+
+class RequestPhaseWithSignedRequestTest < StrategyTestCase
+  include SignedRequestHelpers
+
+  def setup
+    super
+
+    payload = {
+      'algorithm' => 'HMAC-SHA256',
+      'oauth_token' => 'm4c0d3z'
+    }
+    @raw_signed_request = signed_request(payload, @client_secret)
+    @request.stubs(:params).returns("signed_request" => @raw_signed_request)
+
+    strategy.stubs(:callback_url).returns('/')
+  end
+
+  test 'redirects to callback passing along signed request' do
+    strategy.expects(:redirect).with("/?signed_request=#{Rack::Utils.escape(@raw_signed_request)}").once
+    strategy.request_phase
+  end
+end
+
+module BuildAccessTokenTests
+  class TestCase < StrategyTestCase
+    include SignedRequestHelpers
+  end
+
+  class ParamsContainSignedRequestWithAccessTokenTest < TestCase
+    def setup
+      super
+
+      @payload = {
+        'algorithm' => 'HMAC-SHA256',
+        'oauth_token' => 'm4c0d3z',
+        'expires' => Time.now.to_i
+      }
+      @raw_signed_request = signed_request(@payload, @client_secret)
+      @request.stubs(:params).returns({"signed_request" => @raw_signed_request})
+
+      strategy.stubs(:callback_url).returns('/')
+    end
+
+    test 'returns a new access token from the signed request' do
+      result = strategy.build_access_token
+      assert_kind_of ::OAuth2::AccessToken, result
+      assert_equal @payload['oauth_token'], result.token
+    end
+
+    test 'returns an access token with the correct expiry time' do
+      result = strategy.build_access_token
+      assert_equal @payload['expires'], result.expires_at
+    end
+  end
+
+  class ParamsContainAccessTokenStringTest < TestCase
+    def setup
+      super
+
+      @request.stubs(:params).returns({'access_token' => 'm4c0d3z'})
+
+      strategy.stubs(:callback_url).returns('/')
+    end
+
+    test 'returns a new access token' do
+      result = strategy.build_access_token
+      assert_kind_of ::OAuth2::AccessToken, result
+      assert_equal 'm4c0d3z', result.token
+    end
+  end
+end

data/test/token_params_test.rb

@@ -0,0 +1,5 @@
+class TokenParamsTest < StrategyTestCase
+  test 'has correct parse strategy' do
+    assert_equal :query, strategy.token_params[:parse]
+  end
+end

data/test/uid_test.rb

@@ -0,0 +1,10 @@
+class UidTest < StrategyTestCase
+  def setup
+    super
+    strategy.stubs(:raw_info).returns({ 'id' => '123' })
+  end
+
+  test 'returns the id from raw_info' do
+    assert_equal '123', strategy.uid
+  end
+end

metadata

@@ -0,0 +1,138 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-hackid
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Steve Yadlowsky
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-09-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- grizlo42@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- README.md
+- Rakefile
+- example/Gemfile
+- example/Gemfile.lock
+- example/config.ru
+- lib/omniauth-hackid.rb
+- lib/omniauth/hackid.rb
+- lib/omniauth/hackid/version.rb
+- lib/omniauth/strategies/hackid.rb
+- omniauth-hackid.gemspec
+- test/access_token_options_test.rb
+- test/authorize_params_test.rb
+- test/build_access_token_test.rb
+- test/callback_url_test.rb
+- test/client_test.rb
+- test/credentials_test.rb
+- test/extra_test.rb
+- test/helper.rb
+- test/info_test.rb
+- test/raw_info_test.rb
+- test/signed_request_test.rb
+- test/strategy_test.rb
+- test/support/shared_examples.rb
+- test/test.rb
+- test/token_params_test.rb
+- test/uid_test.rb
+homepage: https://github.com/grizlo42/omniauth-hackid
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: HackID strategy for OmniAuth
+test_files: []