omniauth-irm_health 0.0.1.pre.snapshot

data/example/config.ru

@@ -0,0 +1,11 @@
+require 'bundler/setup'
+require 'omniauth-irm_health'
+require './app.rb'
+
+use Rack::Session::Cookie, :secret => 'abc123'
+
+use OmniAuth::Builder do
+  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'], :scope => 'email'
+end
+
+run Sinatra::Application

data/lib/omniauth-irm_health.rb

@@ -0,0 +1 @@
+require 'omniauth/irm_health'

data/lib/omniauth/irm_health.rb

@@ -0,0 +1,2 @@
+require 'omniauth/irm_health/version'
+require 'omniauth/strategies/irm_health'

data/lib/omniauth/irm_health/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module IrmHealth
+    VERSION = "0.0.1-snapshot"
+  end
+end

data/lib/omniauth/strategies/irm_health.rb

@@ -0,0 +1,206 @@
+require 'omniauth/strategies/oauth2'
+require 'base64'
+require 'openssl'
+require 'rack/utils'
+require 'uri'
+
+module OmniAuth
+  module Strategies
+    class IrmHealth < OmniAuth::Strategies::OAuth2
+      class NoAuthorizationCodeError < StandardError; end
+      class UnknownSignatureAlgorithmError < NotImplementedError; end
+
+
+      OPHIES_BASE_URL = 'https://ophies.irm.kr'
+      BASE_SCOPE_URL = OPHIES_BASE_URL # 'http://auth.irm.kr' # FIXME to https
+      BASE_SCOPES = %w[email profile study series instance docset]
+      DEFAULT_SCOPE = 'email'
+      DEFAULT_ACCESS_TYPE = 'offline'
+
+      option :name, 'irm_health'
+
+      option :authorize_options, [:scope, :access_type, :state]
+
+      option :client_options, {
+        :site => BASE_SCOPE_URL,
+        :authorize_url => '/auth/oauth2/auth',
+        :token_url => '/auth/oauth2/token'
+      }
+
+      # from google oauth2
+      # def authorize_params
+      #     super.tab do |params|
+      #         options[:authorize_options].each do |k|
+      #             params[k] = request.params[k.to_s] unless [nil, ''].include? request.params[k.to_s]
+      #         end
+      #     end
+      #
+      #     raw_scope = params[:scope] || DEFAULT_SCOPE # email
+      #     scope_list = raw_scope.split(" ").map {|item| item.split(",")}.flatten
+      #     scope_list.map! { |s| s =~ /^http?:\/\// || BASE_SCOPES.include?(s) ? s : "#{BASE_SCOPE_URL}#{s}" }
+      #     params[:scope] = scope_list.join(" ")
+      #     params[:access_type] = 'offline' if params[:access_type].nil?
+      #
+      #     session['omniauth.state'] = params[:state] if params[:state]
+      #
+      # end
+
+      # auth hash schema
+      #
+      # https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
+
+      uid { raw_info['uid'] }   # uid required
+
+      info do                   # info required
+        prune!({
+            # name
+            # first_name
+            # last_name
+            # location
+            # description
+            # image
+            # phone
+            # urls: { study: https://ophies.irm.kr/v1/studies }
+          'name' => raw_info['username'],
+          'email' => raw_info['email'],
+          'urls' => raw_info['urls']
+              # study: "https://ophies.irm.kr/v1/studies",
+              # series: "https://ophies.irm.kr/v1/series",
+              # instance: "https://ophies.irm.kr/v1/instances",
+              # patients: "https://ophies.irm.kr/v1/patients",
+              # docsets: "https://ophies.irm.kr/v1/docsets"
+        })
+      end
+
+
+      # credentials do            # if other than those of oauth2
+      #
+      # end
+
+      # no extra for irm_health
+      extra do                      # provider specific info
+        hash = {}
+        hash['raw_info'] = raw_info unless skip_info?
+        prune! hash
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('/me').parsed
+      end
+
+      def info_options
+        params = {:appsecret_proof => appsecret_proof}
+        params.merge!({:fields => options[:info_fields]}) if options[:info_fields]
+        params.merge!({:locale => options[:locale]}) if options[:locale]
+
+        { :params => params }
+      end
+
+      def callback_phase
+        with_authorization_code! do
+          super
+        end
+      rescue NoAuthorizationCodeError => e
+        fail!(:no_authorization_code, e)
+      rescue UnknownSignatureAlgorithmError => e
+        fail!(:unknown_signature_algoruthm, e)
+      end
+
+      def callback_url
+        "#{OPHIES_BASE_URL}/auth/oauth2/irm_health/callback"
+      end
+
+      # def access_token_options
+      #   options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
+      # end
+
+      # You can pass +display+, +scope+, or +auth_type+ params to the auth request, if you need to set them dynamically.
+      # You can also set these options in the OmniAuth config :authorize_params option.
+      #
+      # For example: /auth/facebook?display=popup
+      def authorize_params
+        super.tap do |params|
+          BASE_SCOPES.each do |v|
+            if request.params[v]
+              params[v.to_sym] = request.params[v]
+            end
+          end
+
+          params[:scope] ||= DEFAULT_SCOPE
+          params[:access_type] = DEFAULT_ACCESS_TYPE if params[:access_type].nil?
+          session['omniauth.state'] = params[:state] if params[:state]
+        end
+      end
+
+
+      protected
+
+
+      private
+
+      # Picks the authorization code in order, from:
+      #
+      # 1. The request 'code' param (manual callback from standard server-side flow)
+      # 2. A signed request from cookie (passed from the client during the client-side flow)
+      def with_authorization_code!
+        if request.params.key?('code')
+          yield
+        else
+          raise NoAuthorizationCodeError, 'must pass a `code`'
+        end
+      end
+
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      # def parse_signed_request(value)
+      #   signature, encoded_payload = value.split('.')
+      #   return if signature.nil?
+      #
+      #   decoded_hex_signature = base64_decode_url(signature)
+      #   decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
+      #
+      #   unless decoded_payload['algorithm'] == 'HMAC-SHA256'
+      #     raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
+      #   end
+      #
+      #   if valid_signature?(client.secret, decoded_hex_signature, encoded_payload)
+      #     decoded_payload
+      #   end
+      # end
+
+      def valid_signature?(secret, signature, payload, algorithm = OpenSSL::Digest::SHA256.new)
+        OpenSSL::HMAC.digest(algorithm, secret, payload) == signature
+      end
+
+      def base64_decode_url(value)
+        value += '=' * (4 - value.size.modulo(4))
+        Base64.decode64(value.tr('-_', '+/'))
+      end
+
+      # def image_url(uid, options)
+      #   uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
+      #   url = uri_class.build({:host => 'graph.facebook.com', :path => "/#{uid}/picture"})
+      #
+      #   query = if options[:image_size].is_a?(String)
+      #     { :type => options[:image_size] }
+      #   elsif options[:image_size].is_a?(Hash)
+      #     options[:image_size]
+      #   end
+      #   url.query = Rack::Utils.build_query(query) if query
+      #
+      #   url.to_s
+      # end
+
+      def appsecret_proof
+        @appsecret_proof ||= OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, client.secret, access_token.token)
+      end
+
+
+    end
+  end
+end

data/omniauth-irm_health.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'omniauth/irm_health/version'
+
+Gem::Specification.new do |s|
+  s.name     = 'omniauth-irm_health'
+  s.version  = OmniAuth::IrmHealth::VERSION
+  s.authors  = ['Youngjoon Choi']
+  s.email    = ['ejoonie@irm.kr']
+  s.summary  = 'Irm Health OAuth2 Strategy for OmniAuth'
+  s.homepage = 'https://github.com/ejoonie-irm/omniauth-irm_health'
+  s.license  = 'MIT'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  s.add_runtime_dependency 'omniauth-oauth2' #, '~> 1.1'
+
+  s.add_development_dependency 'minitest'
+  s.add_development_dependency 'mocha'
+  s.add_development_dependency 'rake'
+end

data/test/helper.rb

@@ -0,0 +1,60 @@
+require 'bundler/setup'
+require 'minitest/autorun'
+require 'mocha/setup'
+require 'omniauth/strategies/irm_health'
+
+OmniAuth.config.test_mode = true
+
+module BlockTestHelper
+  def test(name, &blk)
+    method_name = "test_#{name.gsub(/\s+/, '_')}"
+    raise "Method already defined: #{method_name}" if instance_methods.include?(method_name.to_sym)
+    define_method method_name, &blk
+  end
+end
+
+module CustomAssertions
+  def assert_has_key(key, hash, msg = nil)
+    msg = message(msg) { "Expected #{hash.inspect} to have key #{key.inspect}" }
+    assert hash.has_key?(key), msg
+  end
+
+  def refute_has_key(key, hash, msg = nil)
+    msg = message(msg) { "Expected #{hash.inspect} not to have key #{key.inspect}" }
+    refute hash.has_key?(key), msg
+  end
+end
+
+class TestCase < Minitest::Test
+  extend BlockTestHelper
+  include CustomAssertions
+end
+
+class StrategyTestCase < TestCase
+    IRM_AUTH_BASE_URL = 'https://ophies.irm.kr'
+    IRM_OPHIES_BASE_URL = 'https://ophies.irm.kr'
+
+  def setup
+
+    @request = stubs('Request')
+    @request.stubs(:params).returns({})
+    # @request.stubs(:cookies).returns({})
+    @request.stubs(:env).returns({})
+    @request.stubs(:scheme).returns({})
+    @request.stubs(:ssl?).returns(false)
+
+    @client_id = '123'
+    @client_secret = '53cr3tz'
+  end
+
+  def strategy
+    @strategy ||= begin
+      args = [@client_id, @client_secret, @options].compact
+      OmniAuth::Strategies::IrmHealth.new(nil, *args).tap do |strategy|
+        strategy.stubs(:request).returns(@request)
+      end
+    end
+  end
+end
+
+Dir[File.expand_path('../support/**/*', __FILE__)].each &method(:require)

data/test/support/shared_examples.rb

@@ -0,0 +1,85 @@
+# NOTE it would be useful if this lived in omniauth-oauth2 eventually
+module OAuth2StrategyTests
+  def self.included(base)
+    base.class_eval do
+      include ClientTests
+      include AuthorizeParamsTests
+      include CSRFAuthorizeParamsTests
+      include TokenParamsTests
+    end
+  end
+  
+  module ClientTests
+    extend BlockTestHelper
+    
+    test 'should be initialized with symbolized client_options' do
+      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+      assert_equal 'https://example.com', strategy.client.options[:authorize_url]
+    end
+  end
+
+  module AuthorizeParamsTests
+    extend BlockTestHelper
+    
+    test 'should include any authorize params passed in the :authorize_params option' do
+      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+      assert_equal 'bar', strategy.authorize_params['foo']
+      assert_equal 'zip', strategy.authorize_params['baz']
+    end
+
+    test 'should include top-level options that are marked as :authorize_options' do
+      @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      assert_equal 'bar', strategy.authorize_params['scope']
+      assert_equal 'baz', strategy.authorize_params['foo']
+    end
+    
+    test 'should exclude top-level options that are not passed' do
+      @options = { :authorize_options => [:bar] }
+      refute_has_key :bar, strategy.authorize_params
+      refute_has_key 'bar', strategy.authorize_params
+    end
+  end
+
+  module CSRFAuthorizeParamsTests
+    extend BlockTestHelper
+
+    test 'should store random state in the session when none is present in authorize or request params' do
+      assert_includes strategy.authorize_params.keys, 'state'
+      refute_empty strategy.authorize_params['state']
+      refute_empty strategy.session['omniauth.state']
+      assert_equal strategy.authorize_params['state'], strategy.session['omniauth.state']
+    end
+
+    test 'should not store state in the session when present in authorize params vs. a random one' do
+      @options = { :authorize_params => { :state => 'bar' } }
+      refute_empty strategy.authorize_params['state']
+      refute_equal 'bar', strategy.authorize_params[:state]
+      refute_empty strategy.session['omniauth.state']
+      refute_equal 'bar', strategy.session['omniauth.state']
+    end
+
+    test 'should not store state in the session when present in request params vs. a random one' do
+      @request.stubs(:params).returns({ 'state' => 'foo' })
+      refute_empty strategy.authorize_params['state']
+      refute_equal 'foo', strategy.authorize_params[:state]
+      refute_empty strategy.session['omniauth.state']
+      refute_equal 'foo', strategy.session['omniauth.state']
+    end
+  end
+
+  module TokenParamsTests
+    extend BlockTestHelper
+    
+    test 'should include any authorize params passed in the :token_params option' do
+      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+      assert_equal 'bar', strategy.token_params['foo']
+      assert_equal 'zip', strategy.token_params['baz']
+    end
+
+    test 'should include top-level options that are marked as :token_options' do
+      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      assert_equal 'bar', strategy.token_params['scope']
+      assert_equal 'baz', strategy.token_params['foo']
+    end
+  end
+end

data/test/test.rb

@@ -0,0 +1,485 @@
+require 'helper'
+require 'omniauth-irm_health'
+require 'openssl'
+require 'base64'
+
+class StrategyTest < StrategyTestCase
+  include OAuth2StrategyTests
+end
+
+class ClientTest < StrategyTestCase
+  test 'has correct IrmHealth(Ophies) site' do
+    assert_equal IRM_AUTH_BASE_URL, strategy.client.site
+  end
+
+  test 'has correct authorize url' do
+    assert_equal '/auth/oauth2/auth', strategy.client.options[:authorize_url]
+  end
+
+  test 'has correct token url' do
+    assert_equal '/auth/oauth2/token', strategy.client.options[:token_url]
+  end
+end
+
+class CallbackUrlTest < StrategyTestCase
+  test "returns the default callback url" do
+    url_base = IRM_OPHIES_BASE_URL
+    callback_url = "#{IRM_OPHIES_BASE_URL}/auth/oauth2/irm_health/callback"
+
+    @request.stubs(:url).returns("#{url_base}/some/page")
+    strategy.stubs(:script_name).returns('') # as not to depend on Rack env
+    assert_equal callback_url, strategy.callback_url
+  end
+
+  # test "returns path from callback_path option" do
+  #   @options = { :callback_path => "/auth/FB/done" }
+  #   url_base = 'http://auth.request.com'
+  #   @request.stubs(:url).returns("#{url_base}/page/path")
+  #   strategy.stubs(:script_name).returns('') # as not to depend on Rack env
+  #   assert_equal "#{url_base}/auth/FB/done", strategy.callback_url
+  # end
+
+  # test "returns url from callback_url option" do
+  #   url = 'https://auth.myapp.com/auth/fb/callback'
+  #   @options = { :callback_url => url }
+  #   assert_equal url, strategy.callback_url
+  # end
+end
+
+class AuthorizeParamsTest < StrategyTestCase
+  test 'includes default scope for email' do
+    assert strategy.authorize_params.is_a?(Hash)
+    assert_equal 'email', strategy.authorize_params[:scope]
+  end
+
+  test 'includes default access type as offline' do
+      assert strategy.authorize_params.is_a? Hash
+      assert_equal 'offline', strategy.authorize_params[:access_type]
+  end
+
+  # test 'includes display parameter from request when present' do
+  #   @request.stubs(:params).returns({ 'display' => 'touch' })
+  #   assert strategy.authorize_params.is_a?(Hash)
+  #   assert_equal 'touch', strategy.authorize_params[:display]
+  # end
+
+  # test 'includes auth_type parameter from request when present' do
+  #   @request.stubs(:params).returns({ 'auth_type' => 'reauthenticate' })
+  #   assert strategy.authorize_params.is_a?(Hash)
+  #   assert_equal 'reauthenticate', strategy.authorize_params[:auth_type]
+  # end
+
+  # test 'overrides default scope with parameter passed from request' do
+  #   @request.stubs(:params).returns({ 'scope' => 'email' })
+  #   assert strategy.authorize_params.is_a?(Hash)
+  #   assert_equal 'email', strategy.authorize_params[:scope]
+  # end
+end
+
+# N/A
+# class TokenParamsTest < StrategyTestCase
+#   test 'has correct parse strategy' do
+#     assert_equal :query, strategy.token_params[:parse]
+#   end
+# end
+
+# N/A
+# class AccessTokenOptionsTest < StrategyTestCase
+#   test 'has correct param name by default' do
+#     assert_equal 'access_token', strategy.access_token_options[:param_name]
+#   end
+#
+#   test 'has correct header format by default' do
+#     assert_equal 'OAuth %s', strategy.access_token_options[:header_format]
+#   end
+# end
+
+class UidTest < StrategyTestCase
+  def setup
+    super
+    strategy.stubs(:raw_info).returns({ 'uid' => '123' })
+  end
+
+  test 'returns the id from raw_info' do
+    assert_equal '123', strategy.uid
+  end
+end
+
+class InfoTest < StrategyTestCase
+  test 'contains username and email' do
+    strategy.stubs(:raw_info).returns({ username: 'user01', email: 'test01@irm.kr'})
+  end
+
+
+  # test 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
+  #   @options = { :secure_image_url => true }
+  #   raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+  #   strategy.stubs(:raw_info).returns(raw_info)
+  #   assert_equal 'https://graph.facebook.com/321/picture', strategy.info['image']
+  # end
+
+  # test 'returns the image with size specified in the `image_size` option' do
+  #   @options = { :image_size => 'normal' }
+  #   raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+  #   strategy.stubs(:raw_info).returns(raw_info)
+  #   assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
+  # end
+  #
+  # test 'returns the image with width and height specified in the `image_size` option' do
+  #   @options = { :image_size => { :width => 123, :height => 987 } }
+  #   raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+  #   strategy.stubs(:raw_info).returns(raw_info)
+  #   assert_match 'width=123', strategy.info['image']
+  #   assert_match 'height=987', strategy.info['image']
+  #   assert_match 'http://graph.facebook.com/321/picture?', strategy.info['image']
+  # end
+end
+
+class InfoTestOptionalDataPresent < StrategyTestCase
+  def setup
+    super
+    @raw_info ||= { 'username' => 'Fred Smith' }
+    strategy.stubs(:raw_info).returns(@raw_info)
+  end
+
+  test 'returns the username' do
+    assert_equal 'Fred Smith', strategy.info['name']
+  end
+
+  test 'returns the email' do
+    @raw_info['email'] = 'test01@irm.kr'
+    assert_equal 'test01@irm.kr', strategy.info['email']
+  end
+
+  # test 'returns the username as nickname' do
+  #   @raw_info['username'] = 'fredsmith'
+  #   assert_equal 'fredsmith', strategy.info['nickname']
+  # end
+
+  # test 'returns the first name' do
+  #   @raw_info['first_name'] = 'Fred'
+  #   assert_equal 'Fred', strategy.info['first_name']
+  # end
+  #
+  # test 'returns the last name' do
+  #   @raw_info['last_name'] = 'Smith'
+  #   assert_equal 'Smith', strategy.info['last_name']
+  # end
+  #
+  # test 'returns the location name as location' do
+  #   @raw_info['location'] = { 'id' => '104022926303756', 'name' => 'Palo Alto, California' }
+  #   assert_equal 'Palo Alto, California', strategy.info['location']
+  # end
+  #
+  # test 'returns bio as description' do
+  #   @raw_info['bio'] = 'I am great'
+  #   assert_equal 'I am great', strategy.info['description']
+  # end
+  #
+  # test 'returns the facebook avatar url' do
+  #   @raw_info['id'] = '321'
+  #   assert_equal 'http://graph.facebook.com/321/picture', strategy.info['image']
+  # end
+  #
+  # test 'returns the Facebook link as the Facebook url' do
+  #   @raw_info['link'] = 'http://www.facebook.com/fredsmith'
+  #   assert_kind_of Hash, strategy.info['urls']
+  #   assert_equal 'http://www.facebook.com/fredsmith', strategy.info['urls']['Facebook']
+  # end
+  #
+  # test 'returns website url' do
+  #   @raw_info['website'] = 'https://my-wonderful-site.com'
+  #   assert_kind_of Hash, strategy.info['urls']
+  #   assert_equal 'https://my-wonderful-site.com', strategy.info['urls']['Website']
+  # end
+  #
+  # test 'return both Facebook link and website urls' do
+  #   @raw_info['link'] = 'http://www.facebook.com/fredsmith'
+  #   @raw_info['website'] = 'https://my-wonderful-site.com'
+  #   assert_kind_of Hash, strategy.info['urls']
+  #   assert_equal 'http://www.facebook.com/fredsmith', strategy.info['urls']['Facebook']
+  #   assert_equal 'https://my-wonderful-site.com', strategy.info['urls']['Website']
+  # end
+  #
+  # test 'returns the positive verified status' do
+  #   @raw_info['verified'] = true
+  #   assert strategy.info['verified']
+  # end
+  #
+  # test 'returns the negative verified status' do
+  #   @raw_info['verified'] = false
+  #   refute strategy.info['verified']
+  # end
+end
+
+class InfoTestOptionalDataNotPresent < StrategyTestCase
+  def setup
+    super
+    @raw_info ||= { 'name' => 'Fred Smith' }
+    strategy.stubs(:raw_info).returns(@raw_info)
+  end
+
+  test 'has no email key' do
+    refute_has_key 'email', strategy.info
+  end
+
+  test 'has no nickname key' do
+    refute_has_key 'nickname', strategy.info
+  end
+
+  test 'has no first name key' do
+    refute_has_key 'first_name', strategy.info
+  end
+
+  test 'has no last name key' do
+    refute_has_key 'last_name', strategy.info
+  end
+
+  test 'has no location key' do
+    refute_has_key 'location', strategy.info
+  end
+
+  test 'has no description key' do
+    refute_has_key 'description', strategy.info
+  end
+
+  test 'has no urls' do
+    refute_has_key 'urls', strategy.info
+  end
+
+  test 'has no verified key' do
+    refute_has_key 'verified', strategy.info
+  end
+end
+
+class RawInfoTest < StrategyTestCase
+  def setup
+    super
+    @access_token = stub('OAuth2::AccessToken')
+    @appsecret_proof = 'appsecret_proof'
+    @options = {:appsecret_proof => @appsecret_proof}
+  end
+
+  test "performs a GET to IRM_AUTH_BASE_URL/me" do
+    strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
+    strategy.stubs(:access_token).returns(@access_token)
+    # params = {:params => @options}
+    # @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
+    @access_token.expects(:get).with('/me').returns(stub_everything('OAuth2::Response'))
+    strategy.raw_info
+  end
+
+  # test 'performs a GET to https://graph.facebook.com/me with locale' do
+  #   @options.merge!({ :locale => 'cs_CZ' })
+  #   strategy.stubs(:access_token).returns(@access_token)
+  #   strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
+  #   params = {:params => @options}
+  #   @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
+  #   strategy.raw_info
+  # end
+  #
+  # test 'performs a GET to https://graph.facebook.com/me with info_fields' do
+  #   @options.merge!({:info_fields => 'about'})
+  #   strategy.stubs(:access_token).returns(@access_token)
+  #   strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
+  #   params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'about'}}
+  #   @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
+  #   strategy.raw_info
+  # end
+
+  test 'returns a Hash' do
+    strategy.stubs(:access_token).returns(@access_token)
+    strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
+    raw_response = stub('Faraday::Response')
+    raw_response.stubs(:body).returns('{ "ohai": "thar" }')
+    raw_response.stubs(:status).returns(200)
+    raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
+    oauth2_response = OAuth2::Response.new(raw_response)
+    # params = {:params => @options}
+    @access_token.stubs(:get).with('/me').returns(oauth2_response)
+    assert_kind_of Hash, strategy.raw_info
+    assert_equal 'thar', strategy.raw_info['ohai']
+  end
+
+  test 'returns an empty hash when the response is false' do
+    strategy.stubs(:access_token).returns(@access_token)
+    strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
+    oauth2_response = stub('OAuth2::Response', :parsed => false)
+    # params = {:params => @options}
+    @access_token.stubs(:get).with('/me').returns(oauth2_response)
+    assert_kind_of Hash, strategy.raw_info
+    assert_equal({}, strategy.raw_info)
+  end
+
+  test 'should not include raw_info in extras hash when skip_info is specified' do
+    @options = { :skip_info => true }
+    strategy.stubs(:raw_info).returns({:foo => 'bar' })
+    refute_has_key 'raw_info', strategy.extra
+  end
+end
+
+class CredentialsTest < StrategyTestCase
+  def setup
+    super
+    @access_token = stub('OAuth2::AccessToken')
+    @access_token.stubs(:token)
+    @access_token.stubs(:expires?)
+    @access_token.stubs(:expires_at)
+    @access_token.stubs(:refresh_token)
+    strategy.stubs(:access_token).returns(@access_token)
+  end
+
+  test 'returns a Hash' do
+    assert_kind_of Hash, strategy.credentials
+  end
+
+  test 'returns the token' do
+    @access_token.stubs(:token).returns('123')
+    assert_equal '123', strategy.credentials['token']
+  end
+
+  test 'returns the expiry status' do
+    @access_token.stubs(:expires?).returns(true)
+    assert strategy.credentials['expires']
+
+    @access_token.stubs(:expires?).returns(false)
+    refute strategy.credentials['expires']
+  end
+
+  test 'returns the refresh token and expiry time when expiring' do
+    ten_mins_from_now = (Time.now + 600).to_i
+    @access_token.stubs(:expires?).returns(true)
+    @access_token.stubs(:refresh_token).returns('321')
+    @access_token.stubs(:expires_at).returns(ten_mins_from_now)
+    assert_equal '321', strategy.credentials['refresh_token']
+    assert_equal ten_mins_from_now, strategy.credentials['expires_at']
+  end
+
+  test 'does not return the refresh token when test is nil and expiring' do
+    @access_token.stubs(:expires?).returns(true)
+    @access_token.stubs(:refresh_token).returns(nil)
+    assert_nil strategy.credentials['refresh_token']
+    refute_has_key 'refresh_token', strategy.credentials
+  end
+
+  test 'does not return the refresh token when not expiring' do
+    @access_token.stubs(:expires?).returns(false)
+    @access_token.stubs(:refresh_token).returns('XXX')
+    assert_nil strategy.credentials['refresh_token']
+    refute_has_key 'refresh_token', strategy.credentials
+  end
+end
+
+class ExtraTest < StrategyTestCase
+  def setup
+    super
+    @raw_info = { 'name' => 'Fred Smith' }
+    strategy.stubs(:raw_info).returns(@raw_info)
+  end
+
+  test 'extra is not empty' do
+    refute_empty(strategy.extra)
+  end
+
+  test 'contains raw info' do
+    assert_has_key "raw_info", strategy.extra
+    assert_equal({ 'raw_info' => @raw_info }, strategy.extra)
+  end
+end
+
+# module SignedRequestHelpers
+#   def signed_request(payload, secret)
+#     encoded_payload = base64_encode_url(MultiJson.encode(payload))
+#     encoded_signature = base64_encode_url(signature(encoded_payload, secret))
+#     [encoded_signature, encoded_payload].join('.')
+#   end
+#
+#   def base64_encode_url(value)
+#     Base64.encode64(value).tr('+/', '-_').gsub(/\n/, '')
+#   end
+#
+#   def signature(payload, secret, algorithm = OpenSSL::Digest::SHA256.new)
+#     OpenSSL::HMAC.digest(algorithm, secret, payload)
+#   end
+# end
+
+module SignedRequestTests
+  # class TestCase < StrategyTestCase
+  #   include SignedRequestHelpers
+  # end
+
+  # class CookieAndParamNotPresentTest < TestCase
+  #   test 'is nil' do
+  #     assert_nil strategy.send(:signed_request_from_cookie)
+  #   end
+  #
+  #   test 'throws an error on calling build_access_token' do
+  #     assert_raises(OmniAuth::Strategies::IrmHealth::NoAuthorizationCodeError) { strategy.send(:with_authorization_code!) {} }
+  #   end
+  # end
+
+  # class CookiePresentTest < TestCase
+  #   def setup(algo = nil)
+  #     super()
+  #     @payload = {
+  #       'algorithm' => algo || 'HMAC-SHA256',
+  #       'code' => 'm4c0d3z',
+  #       'issued_at' => Time.now.to_i,
+  #       'user_id' => '123456'
+  #     }
+  #
+  #     @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
+  #   end
+  #
+  #   test 'parses the access code out from the cookie' do
+  #     assert_equal @payload, strategy.send(:signed_request_from_cookie)
+  #   end
+  #
+  #   test 'throws an error if the algorithm is unknown' do
+  #     setup('UNKNOWN-ALGO')
+  #     assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(OmniAuth::Strategies::IrmHealth::UnknownSignatureAlgorithmError) { strategy.send(:signed_request_from_cookie) }.message
+  #   end
+  # end
+
+  # class EmptySignedRequestTest < TestCase
+  #   def setup
+  #     super
+  #     @request.stubs(:params).returns({'signed_request' => ''})
+  #   end
+  #
+  #   test 'empty param' do
+  #     assert_equal nil, strategy.send(:signed_request_from_cookie)
+  #   end
+  # end
+
+  # class MissingCodeInParamsRequestTest < TestCase
+  #   def setup
+  #     super
+  #     @request.stubs(:params).returns({})
+  #   end
+  #
+  #   test 'calls fail! when a code is not included in the params' do
+  #     strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
+  #     strategy.callback_phase
+  #   end
+  # end
+
+  # class MissingCodeInCookieRequestTest < TestCase
+  #   def setup(algo = nil)
+  #     super()
+  #     @payload = {
+  #       'algorithm' => algo || 'HMAC-SHA256',
+  #       'code' => nil,
+  #       'issued_at' => Time.now.to_i,
+  #       'user_id' => '123456'
+  #     }
+  #
+  #     @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
+  #   end
+  #
+  #   test 'calls fail! when a code is not included in the cookie' do
+  #     strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
+  #     strategy.callback_phase
+  #   end
+  # end
+end