omniauth-traity 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 88dc0a97592b230c01076a3cb71c5fbb0071e0f1
4
- data.tar.gz: 68b5280e9efb1f5114d76cc748f05b2756eb3700
3
+ metadata.gz: e93400a5155ab46696b64b80a8b70e2be1b9cc88
4
+ data.tar.gz: bfcce00d2df7fb5b9531ed1457c4b6aab4275c6f
5
5
  SHA512:
6
- metadata.gz: 63c344f1165856f484ef2b9d1ffc44a384f4264b5c26d4d9a46a9f57c829771777b0b79d9929a08086055843d4514265edafab92d40033432dd56f20a0c28285
7
- data.tar.gz: 90ce9c70077c5e5f4b8debf8d4a4473db2ec8e5c8007d3b10fb260cb8c1b6f1f61acfeea6e3c421291402d750e278d29a8eef1a7a3eadd411e655fec3e403179
6
+ metadata.gz: 3c4b2dc843847d44d5567980db101c91ea832038f9faaa307f88a66795db3a8ffeb57647743a72335d7641c37cd3624a3657ac3bed5f3c17d0df9cafdf9076f9
7
+ data.tar.gz: 3a1cefa42c625dc9842057f50d9090a40b4cfad8810fe83ab9b2ade6ba15bd0593bd9e62c7db0b2d3407c826cb9260fe2207cf1035d9c5c855785a6736014ff6
data/Rakefile CHANGED
@@ -1,2 +1,8 @@
1
- require "bundler/gem_tasks"
1
+ require 'bundler/gem_tasks'
2
+ require 'rake/testtask'
2
3
 
4
+ Rake::TestTask.new do |task|
5
+ task.libs << 'test'
6
+ end
7
+
8
+ task :default => :test
@@ -1,9 +1,13 @@
1
- require 'omniauth'
2
- require 'pp'
1
+ require 'omniauth/strategies/oauth2'
2
+ require 'base64'
3
3
 
4
4
  module OmniAuth
5
5
  module Strategies
6
6
  class Traity < OmniAuth::Strategies::OAuth2
7
+ class NoAuthorizationCodeError < StandardError; end
8
+
9
+ DEFAULT_SCOPE = 'email'
10
+
7
11
  option :fields, [:name, :email]
8
12
  option :uid_field, :id
9
13
 
@@ -13,6 +17,12 @@ module OmniAuth
13
17
  token_url: 'oauth/token'
14
18
  }
15
19
 
20
+ option :token_params, {
21
+ :parse => :query
22
+ }
23
+
24
+ option :authorize_options, [:scope, :display]
25
+
16
26
  uid { raw_info['id'] }
17
27
 
18
28
  info do
@@ -24,13 +34,43 @@ module OmniAuth
24
34
  'cover_picture' => raw_info['cover_picture'],
25
35
  'gender' => raw_info['gender'],
26
36
  'location' => raw_info['location'],
27
- 'reputation' => raw_info['reputation'],
37
+ 'reputation' => (raw_info['reputation'] || 0),
28
38
  'email_verified' => (raw_info['verified'] || {}).has_key?('email')
29
39
  })
30
40
  end
31
41
 
42
+ def callback_url
43
+ options[:callback_url] || super
44
+ end
45
+
46
+ def callback_phase
47
+ with_authorization_code! do
48
+ super
49
+ end
50
+ rescue NoAuthorizationCodeError => e
51
+ fail!(:no_authorization_code, e)
52
+ end
53
+
54
+ def authorize_params
55
+ super.tap do |params|
56
+ %w[display scope].each do |v|
57
+ if request.params[v]
58
+ params[v.to_sym] = request.params[v]
59
+ end
60
+ end
61
+
62
+ params[:scope] ||= DEFAULT_SCOPE
63
+ end
64
+ end
65
+
32
66
  def raw_info
33
- @raw_info ||= access_token.get('1.0/me').parsed || {}
67
+ @raw_info ||= access_token.get('1.0/me', info_options).parsed || {}
68
+ end
69
+
70
+ def info_options
71
+ params = {:appsecret_proof => appsecret_proof}
72
+ params.merge!({:locale => options[:locale]}) if options[:locale]
73
+ { :params => params }
34
74
  end
35
75
 
36
76
  def prune!(hash)
@@ -39,6 +79,60 @@ module OmniAuth
39
79
  value.nil? || (value.respond_to?(:empty?) && value.empty?)
40
80
  end
41
81
  end
82
+
83
+ def appsecret_proof
84
+ @appsecret_proof ||= OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, client.secret, access_token.token)
85
+ end
86
+
87
+ private
88
+ def signed_request_from_cookie
89
+ @signed_request_from_cookie ||= raw_signed_request_from_cookie && parse_signed_request(raw_signed_request_from_cookie)
90
+ end
91
+
92
+ def raw_signed_request_from_cookie
93
+ request.cookies["tsr_#{client.id}"]
94
+ end
95
+
96
+ def with_authorization_code!
97
+ if request.params.key?('code')
98
+ yield
99
+ elsif code_from_signed_request = signed_request_from_cookie && signed_request_from_cookie['code']
100
+ request.params['code'] = code_from_signed_request
101
+ @authorization_code_from_signed_request_in_cookie = true
102
+ original_provider_ignores_state = options.provider_ignores_state
103
+ options.provider_ignores_state = true
104
+ begin
105
+ yield
106
+ ensure
107
+ request.params.delete('code')
108
+ @authorization_code_from_signed_request_in_cookie = false
109
+ options.provider_ignores_state = original_provider_ignores_state
110
+ end
111
+ else
112
+ raise NoAuthorizationCodeError, 'must pass either a `code` (via URL or by an `fbsr_XXX` signed request cookie)'
113
+ end
114
+ end
115
+
116
+ def parse_signed_request(value)
117
+ signature, encoded_payload = value.split('.')
118
+ return if signature.nil?
119
+
120
+ decoded_hex_signature = base64_decode_url(signature)
121
+ decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
122
+
123
+ if valid_signature?(client.secret, decoded_hex_signature, encoded_payload)
124
+ decoded_payload
125
+ end
126
+ end
127
+
128
+ def valid_signature?(secret, signature, payload)
129
+ Digest::SHA256.hexdigest("#{payload}-#{secret}") == signature
130
+ end
131
+
132
+ def base64_decode_url(value)
133
+ value += '=' * (4 - value.size.modulo(4))
134
+ Base64.decode64(value.tr('-_', '+/'))
135
+ end
42
136
  end
43
137
  end
44
138
  end
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Traity
3
- VERSION = "0.0.1"
3
+ VERSION = "0.0.2"
4
4
  end
5
5
  end
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
19
19
 
20
20
  spec.add_runtime_dependency 'omniauth-oauth2', '~> 1.2'
21
21
 
22
- spec.add_development_dependency "bundler", "~> 1.7"
23
- spec.add_development_dependency "rake", "~> 10.0"
22
+ spec.add_development_dependency "rake"
23
+ spec.add_development_dependency 'minitest'
24
+ spec.add_development_dependency 'mocha'
24
25
  end
25
-
@@ -0,0 +1,56 @@
1
+ require 'bundler/setup'
2
+ require 'minitest/autorun'
3
+ require 'mocha/setup'
4
+ require 'omniauth/strategies/traity'
5
+
6
+ OmniAuth.config.test_mode = true
7
+
8
+ module BlockTestHelper
9
+ def test(name, &blk)
10
+ method_name = "test_#{name.gsub(/\s+/, '_')}"
11
+ raise "Method already defined: #{method_name}" if instance_methods.include?(method_name.to_sym)
12
+ define_method method_name, &blk
13
+ end
14
+ end
15
+
16
+ module CustomAssertions
17
+ def assert_has_key(key, hash, msg = nil)
18
+ msg = message(msg) { "Expected #{hash.inspect} to have key #{key.inspect}" }
19
+ assert hash.has_key?(key), msg
20
+ end
21
+
22
+ def refute_has_key(key, hash, msg = nil)
23
+ msg = message(msg) { "Expected #{hash.inspect} not to have key #{key.inspect}" }
24
+ refute hash.has_key?(key), msg
25
+ end
26
+ end
27
+
28
+ class TestCase < Minitest::Test
29
+ extend BlockTestHelper
30
+ include CustomAssertions
31
+ end
32
+
33
+ class StrategyTestCase < TestCase
34
+ def setup
35
+ @request = stub('Request')
36
+ @request.stubs(:params).returns({})
37
+ @request.stubs(:cookies).returns({})
38
+ @request.stubs(:env).returns({})
39
+ @request.stubs(:scheme).returns({})
40
+ @request.stubs(:ssl?).returns(false)
41
+
42
+ @client_id = '123'
43
+ @client_secret = '53cr3tz'
44
+ end
45
+
46
+ def strategy
47
+ @strategy ||= begin
48
+ args = [@client_id, @client_secret, @options].compact
49
+ OmniAuth::Strategies::Traity.new(nil, *args).tap do |strategy|
50
+ strategy.stubs(:request).returns(@request)
51
+ end
52
+ end
53
+ end
54
+ end
55
+
56
+ Dir[File.expand_path('../support/**/*', __FILE__)].each &method(:require)
@@ -0,0 +1,85 @@
1
+ # NOTE it would be useful if this lived in omniauth-oauth2 eventually
2
+ module OAuth2StrategyTests
3
+ def self.included(base)
4
+ base.class_eval do
5
+ include ClientTests
6
+ include AuthorizeParamsTests
7
+ include CSRFAuthorizeParamsTests
8
+ include TokenParamsTests
9
+ end
10
+ end
11
+
12
+ module ClientTests
13
+ extend BlockTestHelper
14
+
15
+ test 'should be initialized with symbolized client_options' do
16
+ @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
17
+ assert_equal 'https://example.com', strategy.client.options[:authorize_url]
18
+ end
19
+ end
20
+
21
+ module AuthorizeParamsTests
22
+ extend BlockTestHelper
23
+
24
+ test 'should include any authorize params passed in the :authorize_params option' do
25
+ @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
26
+ assert_equal 'bar', strategy.authorize_params['foo']
27
+ assert_equal 'zip', strategy.authorize_params['baz']
28
+ end
29
+
30
+ test 'should include top-level options that are marked as :authorize_options' do
31
+ @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
32
+ assert_equal 'bar', strategy.authorize_params['scope']
33
+ assert_equal 'baz', strategy.authorize_params['foo']
34
+ end
35
+
36
+ test 'should exclude top-level options that are not passed' do
37
+ @options = { :authorize_options => [:bar] }
38
+ refute_has_key :bar, strategy.authorize_params
39
+ refute_has_key 'bar', strategy.authorize_params
40
+ end
41
+ end
42
+
43
+ module CSRFAuthorizeParamsTests
44
+ extend BlockTestHelper
45
+
46
+ test 'should store random state in the session when none is present in authorize or request params' do
47
+ assert_includes strategy.authorize_params.keys, 'state'
48
+ refute_empty strategy.authorize_params['state']
49
+ refute_empty strategy.session['omniauth.state']
50
+ assert_equal strategy.authorize_params['state'], strategy.session['omniauth.state']
51
+ end
52
+
53
+ test 'should not store state in the session when present in authorize params vs. a random one' do
54
+ @options = { :authorize_params => { :state => 'bar' } }
55
+ refute_empty strategy.authorize_params['state']
56
+ refute_equal 'bar', strategy.authorize_params[:state]
57
+ refute_empty strategy.session['omniauth.state']
58
+ refute_equal 'bar', strategy.session['omniauth.state']
59
+ end
60
+
61
+ test 'should not store state in the session when present in request params vs. a random one' do
62
+ @request.stubs(:params).returns({ 'state' => 'foo' })
63
+ refute_empty strategy.authorize_params['state']
64
+ refute_equal 'foo', strategy.authorize_params[:state]
65
+ refute_empty strategy.session['omniauth.state']
66
+ refute_equal 'foo', strategy.session['omniauth.state']
67
+ end
68
+ end
69
+
70
+ module TokenParamsTests
71
+ extend BlockTestHelper
72
+
73
+ test 'should include any authorize params passed in the :token_params option' do
74
+ @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
75
+ assert_equal 'bar', strategy.token_params['foo']
76
+ assert_equal 'zip', strategy.token_params['baz']
77
+ end
78
+
79
+ test 'should include top-level options that are marked as :token_options' do
80
+ @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
81
+ assert_equal 'bar', strategy.token_params['scope']
82
+ assert_equal 'baz', strategy.token_params['foo']
83
+ end
84
+ end
85
+ end
@@ -0,0 +1,366 @@
1
+ require 'helper'
2
+ require 'omniauth-traity'
3
+ require 'base64'
4
+
5
+
6
+ class StrategyTest < StrategyTestCase
7
+ include OAuth2StrategyTests
8
+ end
9
+
10
+ class ClientTest < StrategyTestCase
11
+ test 'has correct Traity site' do
12
+ assert_equal 'https://api.traity.com/', strategy.client.site
13
+ end
14
+
15
+ test 'has correct authorize url' do
16
+ assert_equal 'https://traity.com/oauth/dialog', strategy.client.options[:authorize_url]
17
+ end
18
+
19
+ test 'has correct token url with versioning' do
20
+ @options = {:client_options => {:site => 'https://api.traity.com/1.0'}}
21
+ assert_equal 'oauth/token', strategy.client.options[:token_url]
22
+ assert_equal 'https://api.traity.com/1.0/oauth/token', strategy.client.token_url
23
+ end
24
+ end
25
+
26
+ class CallbackUrlTest < StrategyTestCase
27
+ test "returns the default callback url" do
28
+ url_base = 'http://auth.request.com'
29
+ @request.stubs(:url).returns("#{url_base}/some/page")
30
+ strategy.stubs(:script_name).returns('') # as not to depend on Rack env
31
+ assert_equal "#{url_base}/auth/traity/callback", strategy.callback_url
32
+ end
33
+
34
+ test "returns path from callback_path option" do
35
+ @options = { :callback_path => "/auth/traity/done"}
36
+ url_base = 'http://auth.request.com'
37
+ @request.stubs(:url).returns("#{url_base}/page/path")
38
+ strategy.stubs(:script_name).returns('') # as not to depend on Rack env
39
+ assert_equal "#{url_base}/auth/traity/done", strategy.callback_url
40
+ end
41
+
42
+ test "returns url from callback_url option" do
43
+ url = 'https://auth.myapp.com/auth/traity/callback'
44
+ @options = { :callback_url => url }
45
+ assert_equal url, strategy.callback_url
46
+ end
47
+ end
48
+
49
+
50
+ class AuthorizeParamsTest < StrategyTestCase
51
+ test 'includes default scope for email' do
52
+ assert strategy.authorize_params.is_a?(Hash)
53
+ assert_equal 'email', strategy.authorize_params[:scope]
54
+ end
55
+
56
+ test 'includes display parameter from request when present' do
57
+ @request.stubs(:params).returns({ 'display' => 'touch' })
58
+ assert strategy.authorize_params.is_a?(Hash)
59
+ assert_equal 'touch', strategy.authorize_params[:display]
60
+ end
61
+
62
+ test 'overrides default scope with parameter passed from request' do
63
+ @request.stubs(:params).returns({ 'scope' => 'email' })
64
+ assert strategy.authorize_params.is_a?(Hash)
65
+ assert_equal 'email', strategy.authorize_params[:scope]
66
+ end
67
+ end
68
+
69
+ class TokenParamsTest < StrategyTestCase
70
+ test 'has correct parse strategy' do
71
+ assert_equal :query, strategy.token_params[:parse]
72
+ end
73
+ end
74
+
75
+ class UidTest < StrategyTestCase
76
+ def setup
77
+ super
78
+ strategy.stubs(:raw_info).returns({ 'id' => '123' })
79
+ end
80
+
81
+ test 'returns the id from raw_info' do
82
+ assert_equal '123', strategy.uid
83
+ end
84
+ end
85
+
86
+
87
+ class InfoTestOptionalDataPresent < StrategyTestCase
88
+ def setup
89
+ super
90
+ @raw_info ||= { 'name' => 'Sergio Leone' }
91
+ strategy.stubs(:raw_info).returns(@raw_info)
92
+ end
93
+
94
+ test 'returns the name' do
95
+ assert_equal 'Sergio Leone', strategy.info['name']
96
+ end
97
+
98
+ test 'returns the email' do
99
+ @raw_info['email'] = 'sergio@leone.com'
100
+ assert_equal 'sergio@leone.com', strategy.info['email']
101
+ end
102
+
103
+ test 'returns the bio' do
104
+ @raw_info['bio'] = 'Amazing western director'
105
+ assert_equal 'Amazing western director', strategy.info['bio']
106
+ end
107
+
108
+ test 'returns the traity avatar url' do
109
+ @raw_info['picture'] = 'http://assets.com/userimage'
110
+ assert_equal 'http://assets.com/userimage', strategy.info['picture']
111
+ end
112
+
113
+ test 'returns the traity cover picture' do
114
+ @raw_info['cover_picture'] = 'http://assets.com/coverpicture'
115
+ assert_equal 'http://assets.com/coverpicture', strategy.info['cover_picture']
116
+ end
117
+
118
+ test 'returns the gender' do
119
+ @raw_info['gender'] = 'Male'
120
+ assert_equal 'Male', strategy.info['gender']
121
+ end
122
+
123
+ test 'returns the location as location' do
124
+ @raw_info['location'] = "Italy"
125
+ assert_equal "Italy", strategy.info['location']
126
+ end
127
+
128
+ test 'returns the reputation' do
129
+ @raw_info['reputation'] = 4.3
130
+ assert_equal 4.3, strategy.info['reputation']
131
+ end
132
+
133
+ test 'returns true if the email is verified' do
134
+ @raw_info['verified'] = { 'email' => Time.now }
135
+ assert_equal true, strategy.info['email_verified']
136
+ end
137
+ end
138
+
139
+ class InfoTestOptionalDataNotPresent < StrategyTestCase
140
+ def setup
141
+ super
142
+ @raw_info ||= { 'name' => 'Sergio Leone' }
143
+ strategy.stubs(:raw_info).returns(@raw_info)
144
+ end
145
+
146
+ test 'has no bio key' do
147
+ refute_has_key 'bio', strategy.info
148
+ end
149
+
150
+ test 'has no picture key' do
151
+ refute_has_key 'picture', strategy.info
152
+ end
153
+
154
+ test 'has no cover_picture key' do
155
+ refute_has_key 'cover_picture', strategy.info
156
+ end
157
+
158
+ test 'has no gender key' do
159
+ refute_has_key 'gender', strategy.info
160
+ end
161
+
162
+ test 'has no location key' do
163
+ refute_has_key 'location', strategy.info
164
+ end
165
+
166
+ test 'has no reputation' do
167
+ assert_equal 0, strategy.info['reputation']
168
+ end
169
+
170
+ test 'has email verified as false' do
171
+ assert_equal false, strategy.info['email_verified']
172
+ end
173
+ end
174
+
175
+ class RawInfoTest < StrategyTestCase
176
+ def setup
177
+ super
178
+ @access_token = stub('OAuth2::AccessToken')
179
+ @appsecret_proof = 'appsecret_proof'
180
+ @options = {:appsecret_proof => @appsecret_proof}
181
+ end
182
+
183
+ test 'performs a GET to https://api.traity.com/1.0/me' do
184
+ strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
185
+ strategy.stubs(:access_token).returns(@access_token)
186
+ params = {:params => @options}
187
+ @access_token.expects(:get).with('1.0/me', params).returns(stub_everything('OAuth2::Response'))
188
+ strategy.raw_info
189
+ end
190
+
191
+ test 'performs a GET to https://api.traity.com/1.0/me with locale' do
192
+ @options.merge!({ :locale => 'cs_CZ' })
193
+ strategy.stubs(:access_token).returns(@access_token)
194
+ strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
195
+ params = {:params => @options}
196
+ @access_token.expects(:get).with('1.0/me', params).returns(stub_everything('OAuth2::Response'))
197
+ strategy.raw_info
198
+ end
199
+
200
+ test 'returns a Hash' do
201
+ strategy.stubs(:access_token).returns(@access_token)
202
+ strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
203
+ raw_response = stub('Faraday::Response')
204
+ raw_response.stubs(:body).returns('{ "ohai": "thar" }')
205
+ raw_response.stubs(:status).returns(200)
206
+ raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
207
+ oauth2_response = OAuth2::Response.new(raw_response)
208
+ params = {:params => @options}
209
+ @access_token.stubs(:get).with('1.0/me', params).returns(oauth2_response)
210
+ assert_kind_of Hash, strategy.raw_info
211
+ assert_equal 'thar', strategy.raw_info['ohai']
212
+ end
213
+
214
+ test 'returns an empty hash when the response is false' do
215
+ strategy.stubs(:access_token).returns(@access_token)
216
+ strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
217
+ oauth2_response = stub('OAuth2::Response', :parsed => false)
218
+ params = {:params => @options}
219
+ @access_token.stubs(:get).with('1.0/me', params).returns(oauth2_response)
220
+ assert_kind_of Hash, strategy.raw_info
221
+ assert_equal({}, strategy.raw_info)
222
+ end
223
+ end
224
+
225
+
226
+ class CredentialsTest < StrategyTestCase
227
+ def setup
228
+ super
229
+ @access_token = stub('OAuth2::AccessToken')
230
+ @access_token.stubs(:token)
231
+ @access_token.stubs(:expires?)
232
+ @access_token.stubs(:expires_at)
233
+ @access_token.stubs(:refresh_token)
234
+ strategy.stubs(:access_token).returns(@access_token)
235
+ end
236
+
237
+ test 'returns a Hash' do
238
+ assert_kind_of Hash, strategy.credentials
239
+ end
240
+
241
+ test 'returns the token' do
242
+ @access_token.stubs(:token).returns('123')
243
+ assert_equal '123', strategy.credentials['token']
244
+ end
245
+
246
+ test 'returns the expiry status' do
247
+ @access_token.stubs(:expires?).returns(true)
248
+ assert strategy.credentials['expires']
249
+
250
+ @access_token.stubs(:expires?).returns(false)
251
+ refute strategy.credentials['expires']
252
+ end
253
+
254
+ test 'returns the refresh token and expiry time when expiring' do
255
+ ten_mins_from_now = (Time.now + 600).to_i
256
+ @access_token.stubs(:expires?).returns(true)
257
+ @access_token.stubs(:refresh_token).returns('321')
258
+ @access_token.stubs(:expires_at).returns(ten_mins_from_now)
259
+ assert_equal '321', strategy.credentials['refresh_token']
260
+ assert_equal ten_mins_from_now, strategy.credentials['expires_at']
261
+ end
262
+
263
+ test 'does not return the refresh token when test is nil and expiring' do
264
+ @access_token.stubs(:expires?).returns(true)
265
+ @access_token.stubs(:refresh_token).returns(nil)
266
+ assert_nil strategy.credentials['refresh_token']
267
+ refute_has_key 'refresh_token', strategy.credentials
268
+ end
269
+
270
+ test 'does not return the refresh token when not expiring' do
271
+ @access_token.stubs(:expires?).returns(false)
272
+ @access_token.stubs(:refresh_token).returns('XXX')
273
+ assert_nil strategy.credentials['refresh_token']
274
+ refute_has_key 'refresh_token', strategy.credentials
275
+ end
276
+ end
277
+
278
+ module SignedRequestHelpers
279
+ def signed_request(payload, secret)
280
+ encoded_payload = base64_encode_url(MultiJson.encode(payload))
281
+ encoded_signature = base64_encode_url(signature(encoded_payload, secret))
282
+ [encoded_signature, encoded_payload].join('.')
283
+ end
284
+
285
+ def base64_encode_url(value)
286
+ Base64.encode64(value).tr('+/', '-_').gsub(/\n/, '')
287
+ end
288
+
289
+ def signature(payload, secret)
290
+ Digest::SHA256.hexdigest("#{payload}-#{secret}")
291
+ end
292
+ end
293
+
294
+ module SignedRequestTests
295
+ class TestCase < StrategyTestCase
296
+ include SignedRequestHelpers
297
+ end
298
+
299
+ class CookieAndParamNotPresentTest < TestCase
300
+ test 'is nil' do
301
+ assert_nil strategy.send(:signed_request_from_cookie)
302
+ end
303
+
304
+ test 'throws an error on calling build_access_token' do
305
+ assert_raises(OmniAuth::Strategies::Traity::NoAuthorizationCodeError) { strategy.send(:with_authorization_code!) {} }
306
+ end
307
+ end
308
+
309
+ class CookiePresentTest < TestCase
310
+ def setup(algo = nil)
311
+ super()
312
+ @payload = {
313
+ 'code' => 'm4c0d3z',
314
+ 'issued_at' => Time.now.to_i,
315
+ 'user_id' => '123456'
316
+ }
317
+
318
+ @request.stubs(:cookies).returns({"tsr_#{@client_id}" => signed_request(@payload, @client_secret)})
319
+ end
320
+
321
+ test 'parses the access code out from the cookie' do
322
+ assert_equal @payload, strategy.send(:signed_request_from_cookie)
323
+ end
324
+ end
325
+
326
+ class EmptySignedRequestTest < TestCase
327
+ def setup
328
+ super
329
+ @request.stubs(:params).returns({'signed_request' => ''})
330
+ end
331
+
332
+ test 'empty param' do
333
+ assert_equal nil, strategy.send(:signed_request_from_cookie)
334
+ end
335
+ end
336
+
337
+ class MissingCodeInParamsRequestTest < TestCase
338
+ def setup
339
+ super
340
+ @request.stubs(:params).returns({})
341
+ end
342
+
343
+ test 'calls fail! when a code is not included in the params' do
344
+ strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Traity::NoAuthorizationCodeError))
345
+ strategy.callback_phase
346
+ end
347
+ end
348
+
349
+ class MissingCodeInCookieRequestTest < TestCase
350
+ def setup(algo = nil)
351
+ super()
352
+ @payload = {
353
+ 'code' => nil,
354
+ 'issued_at' => Time.now.to_i,
355
+ 'user_id' => '123456'
356
+ }
357
+
358
+ @request.stubs(:cookies).returns({"tsr_#{@client_id}" => signed_request(@payload, @client_secret)})
359
+ end
360
+
361
+ test 'calls fail! when a code is not included in the cookie' do
362
+ strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Traity::NoAuthorizationCodeError))
363
+ strategy.callback_phase
364
+ end
365
+ end
366
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-traity
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Javi Velasco
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-03-11 00:00:00.000000000 Z
11
+ date: 2015-03-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-oauth2
@@ -25,33 +25,47 @@ dependencies:
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.2'
27
27
  - !ruby/object:Gem::Dependency
28
- name: bundler
28
+ name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '1.7'
33
+ version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '1.7'
40
+ version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: rake
42
+ name: minitest
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '10.0'
47
+ version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: mocha
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
53
67
  - !ruby/object:Gem::Version
54
- version: '10.0'
68
+ version: '0'
55
69
  description:
56
70
  email:
57
71
  - javi@traity.com
@@ -70,6 +84,9 @@ files:
70
84
  - lib/omniauth/traity.rb
71
85
  - lib/omniauth/traity/version.rb
72
86
  - omniauth-traity.gemspec
87
+ - test/helper.rb
88
+ - test/support/shared_examples.rb
89
+ - test/test.rb
73
90
  homepage: ''
74
91
  licenses:
75
92
  - MIT
@@ -94,4 +111,7 @@ rubygems_version: 2.2.2
94
111
  signing_key:
95
112
  specification_version: 4
96
113
  summary: Traity OAuth2 Strategy for OmniAuth
97
- test_files: []
114
+ test_files:
115
+ - test/helper.rb
116
+ - test/support/shared_examples.rb
117
+ - test/test.rb