openid-token-proxy 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/config/initializers/inflections.rb +2 -0
- data/lib/openid_token_proxy/client.rb +24 -6
- data/lib/openid_token_proxy/engine.rb +2 -0
- data/lib/openid_token_proxy/token.rb +7 -0
- data/lib/openid_token_proxy/version.rb +1 -1
- data/openid-token-proxy.gemspec +1 -0
- data/spec/lib/openid_token_proxy/client_spec.rb +41 -3
- data/spec/lib/openid_token_proxy/token_spec.rb +16 -0
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 52ad78b2ab59d7d79acc5ad4e5f1619fb97bb77e
|
|
4
|
+
data.tar.gz: 8b39777e46e9887f21482b10822648d1a0ddf274
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d7cb5fd53234fec4ae748b106f8ccff6d102c0a7f84bb85fc773cf05e526e8853f9c30ff8b4c75e9b2139c0cb0d6be057214f01ef2e9bb12359c9c8ca5a4e5d0
|
|
7
|
+
data.tar.gz: d19b04ccc60eb2febafb4421c39950b1448f684d3a0a7a05f8f18b3016c7829aa6f780ccde75fd967a767c010903410e95935f48ff932789cfb7d2e02e41fbef
|
data/CHANGELOG.md
CHANGED
|
@@ -20,18 +20,36 @@ module OpenIDTokenProxy
|
|
|
20
20
|
# Raised when refresh token could not be exchanged
|
|
21
21
|
class RefreshTokenError < Error; end
|
|
22
22
|
|
|
23
|
-
#
|
|
23
|
+
# Raised when token could not be retrieved for given credentials
|
|
24
|
+
class CredentialsError < Error; end
|
|
25
|
+
|
|
26
|
+
# Retrieves a token for given auth code, refresh token or username/password
|
|
24
27
|
def retrieve_token!(params)
|
|
25
28
|
client = new_client
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
+
|
|
30
|
+
if auth_code = params.delete(:auth_code)
|
|
31
|
+
client.authorization_code = auth_code
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
if refresh_token = params.delete(:refresh_token)
|
|
35
|
+
client.refresh_token = refresh_token
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
if username = params.delete(:username)
|
|
39
|
+
client.resource_owner_credentials = [
|
|
40
|
+
username,
|
|
41
|
+
params.delete(:password)
|
|
42
|
+
]
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
response = client.access_token!(:query_string, params)
|
|
29
46
|
token = Token.decode!(response.access_token)
|
|
30
47
|
token.refresh_token = response.refresh_token
|
|
31
48
|
token
|
|
32
49
|
rescue Rack::OAuth2::Client::Error => e
|
|
33
|
-
raise AuthCodeError.new(e.message) if
|
|
34
|
-
raise RefreshTokenError.new(e.message) if
|
|
50
|
+
raise AuthCodeError.new(e.message) if auth_code
|
|
51
|
+
raise RefreshTokenError.new(e.message) if refresh_token
|
|
52
|
+
raise CredentialsError.new(e.message) if username
|
|
35
53
|
end
|
|
36
54
|
|
|
37
55
|
def new_client
|
data/openid-token-proxy.gemspec
CHANGED
|
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.require_paths = ['lib']
|
|
21
21
|
|
|
22
22
|
spec.add_dependency 'openid_connect', '~> 0.8.3'
|
|
23
|
+
spec.add_dependency 'rack-oauth2', '~> 1.2.0'
|
|
23
24
|
spec.add_dependency 'rails', '~> 4.0'
|
|
24
25
|
|
|
25
26
|
spec.add_development_dependency 'bundler', '~> 1.6'
|
|
@@ -81,7 +81,8 @@ RSpec.describe OpenIDTokenProxy::Client do
|
|
|
81
81
|
let(:client) {
|
|
82
82
|
double(
|
|
83
83
|
'authorization_code=' => nil,
|
|
84
|
-
'refresh_token=' => nil
|
|
84
|
+
'refresh_token=' => nil,
|
|
85
|
+
'resource_owner_credentials=' => nil
|
|
85
86
|
)
|
|
86
87
|
}
|
|
87
88
|
let(:access_token) { 'access token' }
|
|
@@ -116,7 +117,9 @@ RSpec.describe OpenIDTokenProxy::Client do
|
|
|
116
117
|
|
|
117
118
|
context 'when auth code is valid' do
|
|
118
119
|
it 'returns token instance' do
|
|
119
|
-
expect(client).to receive(:access_token!).
|
|
120
|
+
expect(client).to receive(:access_token!).with(
|
|
121
|
+
:query_string, {}
|
|
122
|
+
).and_return response
|
|
120
123
|
token = subject.retrieve_token! auth_code: 'valid auth code'
|
|
121
124
|
expect(token.access_token).to eq access_token
|
|
122
125
|
expect(token.id_token).to eq id_token
|
|
@@ -138,7 +141,9 @@ RSpec.describe OpenIDTokenProxy::Client do
|
|
|
138
141
|
|
|
139
142
|
context 'when refresh token is valid' do
|
|
140
143
|
it 'returns token instance' do
|
|
141
|
-
expect(client).to receive(:access_token!).
|
|
144
|
+
expect(client).to receive(:access_token!).with(
|
|
145
|
+
:query_string, {}
|
|
146
|
+
).and_return response
|
|
142
147
|
token = subject.retrieve_token! refresh_token: 'valid refresh token'
|
|
143
148
|
expect(token.access_token).to eq access_token
|
|
144
149
|
expect(token.id_token).to eq id_token
|
|
@@ -146,5 +151,38 @@ RSpec.describe OpenIDTokenProxy::Client do
|
|
|
146
151
|
end
|
|
147
152
|
end
|
|
148
153
|
end
|
|
154
|
+
|
|
155
|
+
context 'using username and password' do
|
|
156
|
+
context 'when credentials are invalid' do
|
|
157
|
+
it 'raises' do
|
|
158
|
+
error = Rack::OAuth2::Client::Error.new 400, {}
|
|
159
|
+
expect(client).to receive(:access_token!).and_raise error
|
|
160
|
+
expect do
|
|
161
|
+
token = subject.retrieve_token! username: 'foo', password: 'bar'
|
|
162
|
+
end.to raise_error OpenIDTokenProxy::Client::CredentialsError
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
context 'when credentials are valid' do
|
|
167
|
+
it 'returns token instance' do
|
|
168
|
+
expect(client).to receive(:access_token!).with(
|
|
169
|
+
:query_string, {}
|
|
170
|
+
).and_return response
|
|
171
|
+
token = subject.retrieve_token! username: 'foo', password: 'bar'
|
|
172
|
+
expect(token.access_token).to eq access_token
|
|
173
|
+
expect(token.id_token).to eq id_token
|
|
174
|
+
expect(token.refresh_token).to eq refresh_token
|
|
175
|
+
end
|
|
176
|
+
end
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
context 'when given options' do
|
|
180
|
+
it 'passes these through' do
|
|
181
|
+
expect(client).to receive(:access_token!).with(
|
|
182
|
+
:query_string, resource: 'x'
|
|
183
|
+
).and_return response
|
|
184
|
+
subject.retrieve_token! auth_code: 'valid auth code', resource: 'x'
|
|
185
|
+
end
|
|
186
|
+
end
|
|
149
187
|
end
|
|
150
188
|
end
|
|
@@ -78,6 +78,22 @@ RSpec.describe OpenIDTokenProxy::Token do
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
describe '#valid?' do
|
|
82
|
+
context 'when token is invalid' do
|
|
83
|
+
it 'returns false' do
|
|
84
|
+
allow(subject).to receive(:validate!).and_raise OpenIDTokenProxy::Token::Expired
|
|
85
|
+
expect(subject).not_to be_valid
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
context 'when token is valid' do
|
|
90
|
+
it 'returns true' do
|
|
91
|
+
allow(subject).to receive(:validate!).and_return true
|
|
92
|
+
expect(subject).to be_valid
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
81
97
|
describe '#expiry_time' do
|
|
82
98
|
it 'returns expiry time' do
|
|
83
99
|
expect(subject.expiry_time.to_i).to eq expiry_time.to_i
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid-token-proxy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Kurvers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-06-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: openid_connect
|
|
@@ -24,6 +24,20 @@ dependencies:
|
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 0.8.3
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: rack-oauth2
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 1.2.0
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 1.2.0
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: rails
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|