openid_connect 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. data/Gemfile.lock +6 -6
  2. data/VERSION +1 -1
  3. data/lib/openid_connect/access_token.rb +3 -1
  4. data/lib/openid_connect/response_object/id_token.rb +8 -0
  5. data/spec/mock_response/id_token.json +2 -2
  6. data/spec/openid_connect/access_token_spec.rb +15 -0
  7. data/spec/openid_connect/response_object/id_token_spec.rb +13 -1
  8. metadata +1 -1
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- openid_connect (0.0.4)
4
+ openid_connect (0.0.5)
5
5
  activemodel (>= 3)
6
6
  attr_required (>= 0.0.3)
7
7
  json (>= 1.4.3)
@@ -14,18 +14,18 @@ PATH
14
14
  GEM
15
15
  remote: http://rubygems.org/
16
16
  specs:
17
- activemodel (3.0.9)
18
- activesupport (= 3.0.9)
17
+ activemodel (3.0.5)
18
+ activesupport (= 3.0.5)
19
19
  builder (~> 2.1.2)
20
- i18n (~> 0.5.0)
21
- activesupport (3.0.9)
20
+ i18n (~> 0.4)
21
+ activesupport (3.0.5)
22
22
  addressable (2.2.6)
23
23
  attr_required (0.0.3)
24
24
  builder (2.1.2)
25
25
  crack (0.1.8)
26
26
  diff-lcs (1.1.2)
27
27
  httpclient (2.2.1)
28
- i18n (0.5.0)
28
+ i18n (0.6.0)
29
29
  json (1.5.3)
30
30
  jwt (0.1.3)
31
31
  json (>= 1.2.4)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.5
1
+ 0.0.6
data/lib/openid_connect/access_token.rb CHANGED
@@ -18,7 +18,9 @@ module OpenIDConnect
18
18
  hash = resource_request do
19
19
  get client.introspection_uri
20
20
  end
21
- ResponseObject::IdToken.new hash
21
+ id_token = ResponseObject::IdToken.new hash
22
+ id_token.verify! client.identifier
23
+ id_token
22
24
  end
23
25
 
24
26
  private
data/lib/openid_connect/response_object/id_token.rb CHANGED
@@ -3,9 +3,17 @@ require 'jwt'
3
3
  module OpenIDConnect
4
4
  class ResponseObject
5
5
  class IdToken < ResponseObject
6
+ class InvalidToken < Exception; end
7
+
6
8
  attr_required :iss, :user_id, :aud, :exp
7
9
  attr_optional :iso29115, :nonce, :issued_to, :secret
8
10
 
11
+ def verify!(client_id)
12
+ aud == client_id or
13
+ issued_to == client_id or
14
+ raise InvalidToken.new('Invalid audience or issued_to')
15
+ end
16
+
9
17
  def to_jwt
10
18
  raise Exception.new('Secret Required') unless secret
11
19
  JWT.encode as_json, secret
data/spec/mock_response/id_token.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "iss": "http://server.example.com",
3
- "client_id": "http://client.example.com",
4
- "aud": "http://client.example.com",
3
+ "aud": "client_id",
4
+ "issued_to": "http://client.example.com",
5
5
  "user_id": "user_328723",
6
6
  "exp": 1303852880
7
7
  }
data/spec/openid_connect/access_token_spec.rb CHANGED
@@ -64,5 +64,20 @@ describe OpenIDConnect::AccessToken do
64
64
  token.id_token!.should be_a OpenIDConnect::ResponseObject::IdToken
65
65
  end
66
66
  end
67
+
68
+ context 'when invalid client is given' do
69
+ let :client do
70
+ OpenIDConnect::Client.new(
71
+ :identifier => 'invalid_client',
72
+ :host => 'server.example.com'
73
+ )
74
+ end
75
+
76
+ it 'should raise OpenIDConnect::ResponseObject::IdToken::InvalidToken' do
77
+ mock_json :get, client.introspection_uri, 'id_token', :HTTP_AUTHORIZATION => 'Bearer access_token' do
78
+ expect { token.id_token! }.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
79
+ end
80
+ end
81
+ end
67
82
  end
68
83
  end
data/spec/openid_connect/response_object/id_token_spec.rb CHANGED
@@ -3,6 +3,7 @@ require 'spec_helper'
3
3
  describe OpenIDConnect::ResponseObject::IdToken do
4
4
  let(:klass) { OpenIDConnect::ResponseObject::IdToken }
5
5
  let(:id_token) { klass.new attributes }
6
+ let(:attributes) { required_attributes }
6
7
  let :required_attributes do
7
8
  {
8
9
  :iss => 'https://server.example.com',
@@ -18,6 +19,18 @@ describe OpenIDConnect::ResponseObject::IdToken do
18
19
  its(:optional_attributes) { should == [:iso29115, :nonce, :issued_to, :secret] }
19
20
  end
20
21
 
22
+ describe '#verify!' do
23
+ context 'when valid client_id is given' do
24
+ it { id_token.verify!('client_id').should be_true }
25
+ end
26
+
27
+ context 'otherwise' do
28
+ it do
29
+ expect { id_token.verify! 'invalid_client' }.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
30
+ end
31
+ end
32
+ end
33
+
21
34
  describe '#to_jwt' do
22
35
  subject { id_token.to_jwt }
23
36
 
@@ -27,7 +40,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
27
40
  end
28
41
 
29
42
  context 'otherwise' do
30
- let(:attributes) { required_attributes }
31
43
  it do
32
44
  expect { id_token.to_jwt }.should raise_error OpenIDConnect::Exception, 'Secret Required'
33
45
  end
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 0.0.5
5
+ version: 0.0.6
6
6
  platform: ruby
7
7
  authors:
8
8
  - nov matake