openid_connect 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile.lock +12 -11
- data/VERSION +1 -1
- data/lib/openid_connect/client.rb +1 -1
- data/lib/openid_connect/client/registrar.rb +28 -16
- data/lib/openid_connect/discovery/provider/config/resource.rb +1 -4
- data/lib/openid_connect/exception.rb +4 -4
- data/lib/openid_connect/response_object.rb +1 -1
- data/lib/openid_connect/response_object/id_token.rb +4 -2
- data/openid_connect.gemspec +3 -3
- data/spec/mock_response/access_token/invalid_json.json +1 -0
- data/spec/mock_response/client/registered.json +5 -0
- data/spec/mock_response/client/updated.json +5 -0
- data/spec/mock_response/id_token.json +1 -1
- data/spec/openid_connect/access_token_spec.rb +1 -0
- data/spec/openid_connect/client/registrar_spec.rb +232 -12
- data/spec/openid_connect/client_spec.rb +10 -0
- data/spec/openid_connect/response_object/id_token_spec.rb +3 -2
- data/spec/openid_connect/response_object_spec.rb +4 -4
- data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb +1 -0
- data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +1 -0
- data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +1 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +1 -0
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +1 -0
- metadata +37 -31
data/Gemfile.lock
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
openid_connect (0.1.
|
|
4
|
+
openid_connect (0.1.1)
|
|
5
5
|
activemodel (>= 3)
|
|
6
|
-
attr_required (>= 0.0.
|
|
6
|
+
attr_required (>= 0.0.5)
|
|
7
7
|
json (>= 1.4.3)
|
|
8
8
|
json-jwt (>= 0.0.3)
|
|
9
|
-
rack-oauth2 (>= 0.14.
|
|
10
|
-
swd (>= 0.1.
|
|
9
|
+
rack-oauth2 (>= 0.14.2)
|
|
10
|
+
swd (>= 0.1.2)
|
|
11
11
|
tzinfo
|
|
12
12
|
validate_email
|
|
13
13
|
validate_url
|
|
@@ -22,7 +22,7 @@ GEM
|
|
|
22
22
|
i18n (~> 0.6)
|
|
23
23
|
multi_json (~> 1.0)
|
|
24
24
|
addressable (2.2.6)
|
|
25
|
-
attr_required (0.0.
|
|
25
|
+
attr_required (0.0.5)
|
|
26
26
|
bouncy-castle-java (1.5.0146.1)
|
|
27
27
|
builder (3.0.0)
|
|
28
28
|
configatron (2.9.0)
|
|
@@ -35,10 +35,11 @@ GEM
|
|
|
35
35
|
hashie (1.2.0)
|
|
36
36
|
httpclient (2.2.4)
|
|
37
37
|
i18n (0.6.0)
|
|
38
|
-
jruby-openssl (0.7.
|
|
38
|
+
jruby-openssl (0.7.6.1)
|
|
39
39
|
bouncy-castle-java (>= 1.5.0146.1)
|
|
40
40
|
json (1.6.5)
|
|
41
|
-
json
|
|
41
|
+
json (1.6.5-java)
|
|
42
|
+
json-jwt (0.0.7)
|
|
42
43
|
activesupport (>= 2.3)
|
|
43
44
|
i18n
|
|
44
45
|
json (>= 1.4.3)
|
|
@@ -51,9 +52,9 @@ GEM
|
|
|
51
52
|
multi_json (1.0.4)
|
|
52
53
|
polyglot (0.3.3)
|
|
53
54
|
rack (1.4.1)
|
|
54
|
-
rack-oauth2 (0.14.
|
|
55
|
+
rack-oauth2 (0.14.2)
|
|
55
56
|
activesupport (>= 2.3)
|
|
56
|
-
attr_required (>= 0.0.
|
|
57
|
+
attr_required (>= 0.0.5)
|
|
57
58
|
httpclient (>= 2.2.0.2)
|
|
58
59
|
i18n
|
|
59
60
|
json (>= 1.4.3)
|
|
@@ -67,9 +68,9 @@ GEM
|
|
|
67
68
|
rspec-expectations (2.8.0)
|
|
68
69
|
diff-lcs (~> 1.1.2)
|
|
69
70
|
rspec-mocks (2.8.0)
|
|
70
|
-
swd (0.1.
|
|
71
|
+
swd (0.1.2)
|
|
71
72
|
activesupport (>= 3)
|
|
72
|
-
attr_required (>= 0.0.
|
|
73
|
+
attr_required (>= 0.0.5)
|
|
73
74
|
httpclient (>= 2.2.1)
|
|
74
75
|
i18n
|
|
75
76
|
json (>= 1.4.3)
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.2
|
|
@@ -36,7 +36,13 @@ module OpenIDConnect
|
|
|
36
36
|
|
|
37
37
|
plurar_attributes.each do |_attr_|
|
|
38
38
|
define_method "#{_attr_}_with_split" do
|
|
39
|
-
self.send("#{_attr_}_without_split")
|
|
39
|
+
value = self.send("#{_attr_}_without_split")
|
|
40
|
+
case value
|
|
41
|
+
when String
|
|
42
|
+
value.split(' ')
|
|
43
|
+
else
|
|
44
|
+
value
|
|
45
|
+
end
|
|
40
46
|
end
|
|
41
47
|
alias_method_chain _attr_, :split
|
|
42
48
|
end
|
|
@@ -72,7 +78,12 @@ module OpenIDConnect
|
|
|
72
78
|
def initialize(endpoint, attributes = {})
|
|
73
79
|
@endpoint = endpoint
|
|
74
80
|
optional_attributes.each do |_attr_|
|
|
75
|
-
|
|
81
|
+
value = if _attr_ == :access_token
|
|
82
|
+
attributes[_attr_]
|
|
83
|
+
else
|
|
84
|
+
attributes[_attr_].try(:to_s)
|
|
85
|
+
end
|
|
86
|
+
self.send "#{_attr_}=", value
|
|
76
87
|
end
|
|
77
88
|
attr_missing!
|
|
78
89
|
end
|
|
@@ -122,7 +133,7 @@ module OpenIDConnect
|
|
|
122
133
|
end
|
|
123
134
|
|
|
124
135
|
def validate!
|
|
125
|
-
valid? or raise ValidationFailed.new(
|
|
136
|
+
valid? or raise ValidationFailed.new(self)
|
|
126
137
|
end
|
|
127
138
|
|
|
128
139
|
private
|
|
@@ -138,25 +149,26 @@ module OpenIDConnect
|
|
|
138
149
|
end
|
|
139
150
|
|
|
140
151
|
def validate_contacts
|
|
141
|
-
contacts
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
:invalid
|
|
152
|
+
if contacts
|
|
153
|
+
include_invalid = contacts.any? do |contact|
|
|
154
|
+
begin
|
|
155
|
+
mail = Mail::Address.new(contact)
|
|
156
|
+
mail.address != contact || mail.domain.split(".").length <= 1
|
|
157
|
+
rescue
|
|
158
|
+
:invalid
|
|
159
|
+
end
|
|
150
160
|
end
|
|
161
|
+
errors.add :contacts, 'includes invalid email' if include_invalid
|
|
151
162
|
end
|
|
152
|
-
errors.add :contacts, 'includes invalid email' if include_invalid
|
|
153
163
|
end
|
|
154
164
|
|
|
155
165
|
def validate_redirect_uris
|
|
156
|
-
|
|
157
|
-
|
|
166
|
+
if redirect_uris
|
|
167
|
+
include_invalid = redirect_uris.any? do |redirect_uri|
|
|
168
|
+
!valid_uri?(redirect_uri, nil)
|
|
169
|
+
end
|
|
170
|
+
errors.add :redirect_uris, 'includes invalid URL' if include_invalid
|
|
158
171
|
end
|
|
159
|
-
errors.add :redirect_uris, 'includes invalid URL' if include_invalid
|
|
160
172
|
end
|
|
161
173
|
|
|
162
174
|
def validate_key_urls
|
|
@@ -3,10 +3,7 @@ module OpenIDConnect
|
|
|
3
3
|
module Provider
|
|
4
4
|
class Config
|
|
5
5
|
class Resource < SWD::Resource
|
|
6
|
-
|
|
7
|
-
undef_method :principal, :principal=, :service, :service=
|
|
8
|
-
@required_attributes.delete :principal
|
|
9
|
-
@required_attributes.delete :service
|
|
6
|
+
undef_required_attributes :principal, :service
|
|
10
7
|
|
|
11
8
|
class Expired < SWD::Resource::Expired; end
|
|
12
9
|
|
|
@@ -2,11 +2,11 @@ module OpenIDConnect
|
|
|
2
2
|
class Exception < StandardError; end
|
|
3
3
|
|
|
4
4
|
class ValidationFailed < Exception
|
|
5
|
-
attr_reader :
|
|
5
|
+
attr_reader :object
|
|
6
6
|
|
|
7
|
-
def initialize(
|
|
8
|
-
super errors.full_messages.to_sentence
|
|
9
|
-
@
|
|
7
|
+
def initialize(object)
|
|
8
|
+
super object.errors.full_messages.to_sentence
|
|
9
|
+
@object = object
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -5,8 +5,10 @@ module OpenIDConnect
|
|
|
5
5
|
class IdToken < ResponseObject
|
|
6
6
|
class InvalidToken < Exception; end
|
|
7
7
|
|
|
8
|
-
attr_required :iss, :user_id, :aud, :exp
|
|
9
|
-
attr_optional :
|
|
8
|
+
attr_required :iss, :user_id, :aud, :exp, :nonce
|
|
9
|
+
attr_optional :acr, :auth_time
|
|
10
|
+
|
|
11
|
+
validates :acr, :inclusion => {:in => [0, 1, 2, 3, 4]}, :allow_nil => true
|
|
10
12
|
|
|
11
13
|
def initialize(attributes = {})
|
|
12
14
|
super
|
data/openid_connect.gemspec
CHANGED
|
@@ -12,13 +12,13 @@ Gem::Specification.new do |s|
|
|
|
12
12
|
s.require_paths = ["lib"]
|
|
13
13
|
s.add_runtime_dependency "json", ">= 1.4.3"
|
|
14
14
|
s.add_runtime_dependency "tzinfo"
|
|
15
|
-
s.add_runtime_dependency "attr_required", ">= 0.0.
|
|
15
|
+
s.add_runtime_dependency "attr_required", ">= 0.0.5"
|
|
16
16
|
s.add_runtime_dependency "activemodel", ">= 3"
|
|
17
17
|
s.add_runtime_dependency "validate_url"
|
|
18
18
|
s.add_runtime_dependency "validate_email"
|
|
19
19
|
s.add_runtime_dependency "json-jwt", ">= 0.0.3"
|
|
20
|
-
s.add_runtime_dependency "swd", ">= 0.1.
|
|
21
|
-
s.add_runtime_dependency "rack-oauth2", ">= 0.14.
|
|
20
|
+
s.add_runtime_dependency "swd", ">= 0.1.2"
|
|
21
|
+
s.add_runtime_dependency "rack-oauth2", ">= 0.14.2"
|
|
22
22
|
s.add_development_dependency "rake", ">= 0.8"
|
|
23
23
|
if RUBY_VERSION >= '1.9'
|
|
24
24
|
s.add_development_dependency "cover_me", ">= 1.2.0"
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
access_token=access_token
|
|
@@ -2,6 +2,12 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe OpenIDConnect::Client::Registrar do
|
|
4
4
|
subject { instance }
|
|
5
|
+
let(:attributes) { minimum_attributes }
|
|
6
|
+
let(:minimum_attributes) do
|
|
7
|
+
{
|
|
8
|
+
:type => :client_associate
|
|
9
|
+
}
|
|
10
|
+
end
|
|
5
11
|
let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint, attributes) }
|
|
6
12
|
let(:endpoint) { 'https://server.example.com/clients' }
|
|
7
13
|
|
|
@@ -9,9 +15,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
9
15
|
context 'when attributes given' do
|
|
10
16
|
context 'when type=client_associate' do
|
|
11
17
|
let(:attributes) do
|
|
12
|
-
|
|
13
|
-
:type => :client_associate
|
|
14
|
-
}
|
|
18
|
+
minimum_attributes
|
|
15
19
|
end
|
|
16
20
|
it { should be_valid }
|
|
17
21
|
end
|
|
@@ -70,28 +74,214 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
70
74
|
end
|
|
71
75
|
|
|
72
76
|
describe '#sector_identifier' do
|
|
73
|
-
|
|
77
|
+
context 'when sector_identifier_url given' do
|
|
78
|
+
let(:attributes) do
|
|
79
|
+
minimum_attributes.merge(
|
|
80
|
+
:sector_identifier_url => 'https://client.example.com/sector_identifier.json'
|
|
81
|
+
)
|
|
82
|
+
end
|
|
83
|
+
its(:sector_identifier) { should == 'client.example.com' }
|
|
84
|
+
|
|
85
|
+
context 'when sector_identifier_url is invalid URI' do
|
|
86
|
+
let(:attributes) do
|
|
87
|
+
minimum_attributes.merge(
|
|
88
|
+
:sector_identifier_url => ':invalid'
|
|
89
|
+
)
|
|
90
|
+
end
|
|
91
|
+
its(:sector_identifier) { should be_nil }
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
context 'when redirect_uris given' do
|
|
95
|
+
let(:attributes) do
|
|
96
|
+
minimum_attributes.merge(
|
|
97
|
+
:sector_identifier_url => 'https://client.example.com/sector_identifier.json',
|
|
98
|
+
:redirect_uris => 'https://client2.example.com/callback'
|
|
99
|
+
)
|
|
100
|
+
end
|
|
101
|
+
its(:sector_identifier) { should == 'client.example.com' }
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
context 'otherwise' do
|
|
106
|
+
context 'when redirect_uris given' do
|
|
107
|
+
context 'when single host' do
|
|
108
|
+
let(:attributes) do
|
|
109
|
+
minimum_attributes.merge(
|
|
110
|
+
:redirect_uris => [
|
|
111
|
+
'https://client.example.com/callback/op1',
|
|
112
|
+
'https://client.example.com/callback/op2'
|
|
113
|
+
].join(' ')
|
|
114
|
+
)
|
|
115
|
+
end
|
|
116
|
+
its(:sector_identifier) { should == 'client.example.com' }
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
context 'when multi host' do
|
|
120
|
+
let(:attributes) do
|
|
121
|
+
minimum_attributes.merge(
|
|
122
|
+
:redirect_uris => [
|
|
123
|
+
'https://client1.example.com/callback',
|
|
124
|
+
'https://client2.example.com/callback'
|
|
125
|
+
].join(' ')
|
|
126
|
+
)
|
|
127
|
+
end
|
|
128
|
+
its(:sector_identifier) { should be_nil }
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
context 'when invalid URI' do
|
|
132
|
+
let(:attributes) do
|
|
133
|
+
minimum_attributes.merge(
|
|
134
|
+
:redirect_uris => ':invalid'
|
|
135
|
+
)
|
|
136
|
+
end
|
|
137
|
+
its(:sector_identifier) { should be_nil }
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
context 'otherwise' do
|
|
142
|
+
its(:sector_identifier) { should be_nil }
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
describe '#contacts' do
|
|
148
|
+
context 'when contacts given' do
|
|
149
|
+
context 'when invalid email included' do
|
|
150
|
+
let(:attributes) do
|
|
151
|
+
minimum_attributes.merge(
|
|
152
|
+
:contacts => [
|
|
153
|
+
':invalid',
|
|
154
|
+
'nov@matake.jp'
|
|
155
|
+
].join(' ')
|
|
156
|
+
)
|
|
157
|
+
end
|
|
158
|
+
it { should_not be_valid }
|
|
159
|
+
end
|
|
160
|
+
|
|
161
|
+
context 'when localhost address included' do
|
|
162
|
+
let(:attributes) do
|
|
163
|
+
minimum_attributes.merge(
|
|
164
|
+
:contacts => [
|
|
165
|
+
'nov@localhost',
|
|
166
|
+
'nov@matake.jp'
|
|
167
|
+
].join(' ')
|
|
168
|
+
)
|
|
169
|
+
end
|
|
170
|
+
it { should_not be_valid }
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
context 'otherwise' do
|
|
174
|
+
let(:attributes) do
|
|
175
|
+
minimum_attributes.merge(
|
|
176
|
+
:contacts => 'nov@matake.jp'
|
|
177
|
+
)
|
|
178
|
+
end
|
|
179
|
+
it { should be_valid }
|
|
180
|
+
end
|
|
181
|
+
end
|
|
74
182
|
end
|
|
75
183
|
|
|
76
184
|
describe '#as_json' do
|
|
77
|
-
|
|
185
|
+
context 'when valid' do
|
|
186
|
+
let(:attributes) do
|
|
187
|
+
minimum_attributes.merge(
|
|
188
|
+
:redirect_uris => [
|
|
189
|
+
'https://client1.example.com/callback',
|
|
190
|
+
'https://client2.example.com/callback'
|
|
191
|
+
].join(' ')
|
|
192
|
+
)
|
|
193
|
+
end
|
|
194
|
+
its(:as_json) do
|
|
195
|
+
should == {
|
|
196
|
+
:type => 'client_associate',
|
|
197
|
+
:redirect_uris => 'https://client1.example.com/callback https://client2.example.com/callback'
|
|
198
|
+
}
|
|
199
|
+
end
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
context 'otherwise' do
|
|
203
|
+
let(:attributes) do
|
|
204
|
+
{
|
|
205
|
+
:type => :client_update
|
|
206
|
+
}
|
|
207
|
+
end
|
|
208
|
+
it do
|
|
209
|
+
expect do
|
|
210
|
+
instance.as_json
|
|
211
|
+
end.should raise_error OpenIDConnect::ValidationFailed
|
|
212
|
+
end
|
|
213
|
+
end
|
|
78
214
|
end
|
|
79
215
|
|
|
80
216
|
describe '#associate!' do
|
|
81
|
-
|
|
217
|
+
let(:attributes) do
|
|
218
|
+
{}
|
|
219
|
+
end
|
|
220
|
+
|
|
221
|
+
it 'should return OpenIDConnect::Client' do
|
|
222
|
+
mock_json :post, endpoint, 'client/registered', :params => {
|
|
223
|
+
:type => 'client_associate'
|
|
224
|
+
} do
|
|
225
|
+
client = instance.associate!
|
|
226
|
+
client.should be_instance_of OpenIDConnect::Client
|
|
227
|
+
client.identifier.should == 'client_id'
|
|
228
|
+
client.secret.should == 'client_secret'
|
|
229
|
+
client.expires_in.should == 3600
|
|
230
|
+
end
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
context 'when failed' do
|
|
234
|
+
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
235
|
+
mock_json :post, endpoint, 'errors/unknown', :params => {
|
|
236
|
+
:type => 'client_associate'
|
|
237
|
+
}, :status => 400 do
|
|
238
|
+
expect do
|
|
239
|
+
instance.associate!
|
|
240
|
+
end.should raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
241
|
+
end
|
|
242
|
+
end
|
|
243
|
+
end
|
|
82
244
|
end
|
|
83
245
|
|
|
84
246
|
describe '#update!' do
|
|
85
|
-
|
|
247
|
+
let(:attributes) do
|
|
248
|
+
{
|
|
249
|
+
:client_id => 'client.example.com',
|
|
250
|
+
:client_secret => 'client_secret'
|
|
251
|
+
}
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
it 'should return OpenIDConnect::Client' do
|
|
255
|
+
mock_json :post, endpoint, 'client/updated', :params => {
|
|
256
|
+
:type => 'client_update',
|
|
257
|
+
:client_id => 'client.example.com',
|
|
258
|
+
:client_secret => 'client_secret'
|
|
259
|
+
} do
|
|
260
|
+
client = instance.update!
|
|
261
|
+
client.should be_instance_of OpenIDConnect::Client
|
|
262
|
+
client.identifier.should == 'new_client_id'
|
|
263
|
+
client.secret.should == 'new_client_secret'
|
|
264
|
+
client.expires_in.should == 3600
|
|
265
|
+
end
|
|
266
|
+
end
|
|
267
|
+
|
|
268
|
+
context 'when failed' do
|
|
269
|
+
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
270
|
+
mock_json :post, endpoint, 'errors/unknown', :params => {
|
|
271
|
+
:type => 'client_update',
|
|
272
|
+
:client_id => 'client.example.com',
|
|
273
|
+
:client_secret => 'client_secret'
|
|
274
|
+
}, :status => 400 do
|
|
275
|
+
expect do
|
|
276
|
+
instance.update!
|
|
277
|
+
end.should raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
278
|
+
end
|
|
279
|
+
end
|
|
280
|
+
end
|
|
86
281
|
end
|
|
87
282
|
|
|
88
283
|
describe '#validate!' do
|
|
89
284
|
context 'when valid' do
|
|
90
|
-
let(:attributes) do
|
|
91
|
-
{
|
|
92
|
-
:type => :client_associate
|
|
93
|
-
}
|
|
94
|
-
end
|
|
95
285
|
it do
|
|
96
286
|
expect do
|
|
97
287
|
instance.validate!
|
|
@@ -112,4 +302,34 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
112
302
|
end
|
|
113
303
|
end
|
|
114
304
|
end
|
|
305
|
+
|
|
306
|
+
describe 'http_client' do
|
|
307
|
+
subject { instance.send(:http_client) }
|
|
308
|
+
|
|
309
|
+
context 'when access_token given' do
|
|
310
|
+
let(:attributes) do
|
|
311
|
+
minimum_attributes.merge(
|
|
312
|
+
:access_token => access_token
|
|
313
|
+
)
|
|
314
|
+
end
|
|
315
|
+
|
|
316
|
+
context 'when Rack::OAuth2::AccessToken::Bearer given' do
|
|
317
|
+
let(:access_token) do
|
|
318
|
+
Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
|
319
|
+
end
|
|
320
|
+
it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
|
|
321
|
+
its(:access_token) { should == 'access_token' }
|
|
322
|
+
end
|
|
323
|
+
|
|
324
|
+
context 'otherwise' do
|
|
325
|
+
let(:access_token) { 'access_token' }
|
|
326
|
+
it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
|
|
327
|
+
its(:access_token) { should == 'access_token' }
|
|
328
|
+
end
|
|
329
|
+
end
|
|
330
|
+
|
|
331
|
+
context 'otherwise' do
|
|
332
|
+
it { should be_instance_of HTTPClient }
|
|
333
|
+
end
|
|
334
|
+
end
|
|
115
335
|
end
|
|
@@ -101,6 +101,16 @@ describe OpenIDConnect::Client do
|
|
|
101
101
|
end
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
+
context 'when invalid JSON is returned' do
|
|
105
|
+
it 'should raise OpenIDConnect::Exception' do
|
|
106
|
+
mock_json :post, client.token_endpoint, 'access_token/invalid_json', :params => protocol_params do
|
|
107
|
+
expect do
|
|
108
|
+
access_token
|
|
109
|
+
end.should raise_error OpenIDConnect::Exception, 'Unknown Token Type'
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
|
|
104
114
|
context 'otherwise' do
|
|
105
115
|
it 'should raise Unexpected Token Type exception' do
|
|
106
116
|
mock_json :post, client.token_endpoint, 'access_token/mac', :params => protocol_params do
|
|
@@ -10,14 +10,15 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
|
10
10
|
:iss => 'https://server.example.com',
|
|
11
11
|
:user_id => 'user_id',
|
|
12
12
|
:aud => 'client_id',
|
|
13
|
+
:nonce => 'nonce',
|
|
13
14
|
:exp => ext
|
|
14
15
|
}
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
describe 'attributes' do
|
|
18
19
|
subject { klass }
|
|
19
|
-
its(:required_attributes) { should == [:iss, :user_id, :aud, :exp] }
|
|
20
|
-
its(:optional_attributes) { should == [:
|
|
20
|
+
its(:required_attributes) { should == [:iss, :user_id, :aud, :exp, :nonce] }
|
|
21
|
+
its(:optional_attributes) { should == [:acr, :auth_time] }
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
describe '#verify!' do
|
|
@@ -58,11 +58,11 @@ describe OpenIDConnect::ResponseObject do
|
|
|
58
58
|
{:required => 'Out of List and Too Long'}
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors' do
|
|
61
|
+
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
|
|
62
62
|
expect { instance.as_json }.should raise_error(OpenIDConnect::ValidationFailed) { |e|
|
|
63
63
|
e.message.should include 'Required is not included in the list'
|
|
64
64
|
e.message.should include 'Required is too long (maximum is 10 characters)'
|
|
65
|
-
e.errors.should be_a ActiveModel::Errors
|
|
65
|
+
e.object.errors.should be_a ActiveModel::Errors
|
|
66
66
|
}
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -79,11 +79,11 @@ describe OpenIDConnect::ResponseObject do
|
|
|
79
79
|
{:required => 'Out of List and Too Long'}
|
|
80
80
|
end
|
|
81
81
|
|
|
82
|
-
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors' do
|
|
82
|
+
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
|
|
83
83
|
expect { instance.validate! }.should raise_error(OpenIDConnect::ValidationFailed) { |e|
|
|
84
84
|
e.message.should include 'Required is not included in the list'
|
|
85
85
|
e.message.should include 'Required is too long (maximum is 10 characters)'
|
|
86
|
-
e.errors.should be_a ActiveModel::Errors
|
|
86
|
+
e.object.errors.should be_a ActiveModel::Errors
|
|
87
87
|
}
|
|
88
88
|
end
|
|
89
89
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,11 +9,11 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-02-
|
|
12
|
+
date: 2012-02-16 00:00:00.000000000Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: json
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70274059071100 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 1.4.3
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70274059071100
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: tzinfo
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70274059070360 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,21 +32,21 @@ dependencies:
|
|
|
32
32
|
version: '0'
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70274059070360
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: attr_required
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70274059069640 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
42
42
|
- !ruby/object:Gem::Version
|
|
43
|
-
version: 0.0.
|
|
43
|
+
version: 0.0.5
|
|
44
44
|
type: :runtime
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70274059069640
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: activemodel
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &70274059068540 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - ! '>='
|
|
@@ -54,10 +54,10 @@ dependencies:
|
|
|
54
54
|
version: '3'
|
|
55
55
|
type: :runtime
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *70274059068540
|
|
58
58
|
- !ruby/object:Gem::Dependency
|
|
59
59
|
name: validate_url
|
|
60
|
-
requirement: &
|
|
60
|
+
requirement: &70274059066340 !ruby/object:Gem::Requirement
|
|
61
61
|
none: false
|
|
62
62
|
requirements:
|
|
63
63
|
- - ! '>='
|
|
@@ -65,10 +65,10 @@ dependencies:
|
|
|
65
65
|
version: '0'
|
|
66
66
|
type: :runtime
|
|
67
67
|
prerelease: false
|
|
68
|
-
version_requirements: *
|
|
68
|
+
version_requirements: *70274059066340
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: validate_email
|
|
71
|
-
requirement: &
|
|
71
|
+
requirement: &70274059055940 !ruby/object:Gem::Requirement
|
|
72
72
|
none: false
|
|
73
73
|
requirements:
|
|
74
74
|
- - ! '>='
|
|
@@ -76,10 +76,10 @@ dependencies:
|
|
|
76
76
|
version: '0'
|
|
77
77
|
type: :runtime
|
|
78
78
|
prerelease: false
|
|
79
|
-
version_requirements: *
|
|
79
|
+
version_requirements: *70274059055940
|
|
80
80
|
- !ruby/object:Gem::Dependency
|
|
81
81
|
name: json-jwt
|
|
82
|
-
requirement: &
|
|
82
|
+
requirement: &70274059054840 !ruby/object:Gem::Requirement
|
|
83
83
|
none: false
|
|
84
84
|
requirements:
|
|
85
85
|
- - ! '>='
|
|
@@ -87,32 +87,32 @@ dependencies:
|
|
|
87
87
|
version: 0.0.3
|
|
88
88
|
type: :runtime
|
|
89
89
|
prerelease: false
|
|
90
|
-
version_requirements: *
|
|
90
|
+
version_requirements: *70274059054840
|
|
91
91
|
- !ruby/object:Gem::Dependency
|
|
92
92
|
name: swd
|
|
93
|
-
requirement: &
|
|
93
|
+
requirement: &70274059053220 !ruby/object:Gem::Requirement
|
|
94
94
|
none: false
|
|
95
95
|
requirements:
|
|
96
96
|
- - ! '>='
|
|
97
97
|
- !ruby/object:Gem::Version
|
|
98
|
-
version: 0.1.
|
|
98
|
+
version: 0.1.2
|
|
99
99
|
type: :runtime
|
|
100
100
|
prerelease: false
|
|
101
|
-
version_requirements: *
|
|
101
|
+
version_requirements: *70274059053220
|
|
102
102
|
- !ruby/object:Gem::Dependency
|
|
103
103
|
name: rack-oauth2
|
|
104
|
-
requirement: &
|
|
104
|
+
requirement: &70274059051760 !ruby/object:Gem::Requirement
|
|
105
105
|
none: false
|
|
106
106
|
requirements:
|
|
107
107
|
- - ! '>='
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 0.14.
|
|
109
|
+
version: 0.14.2
|
|
110
110
|
type: :runtime
|
|
111
111
|
prerelease: false
|
|
112
|
-
version_requirements: *
|
|
112
|
+
version_requirements: *70274059051760
|
|
113
113
|
- !ruby/object:Gem::Dependency
|
|
114
114
|
name: rake
|
|
115
|
-
requirement: &
|
|
115
|
+
requirement: &70274059050680 !ruby/object:Gem::Requirement
|
|
116
116
|
none: false
|
|
117
117
|
requirements:
|
|
118
118
|
- - ! '>='
|
|
@@ -120,10 +120,10 @@ dependencies:
|
|
|
120
120
|
version: '0.8'
|
|
121
121
|
type: :development
|
|
122
122
|
prerelease: false
|
|
123
|
-
version_requirements: *
|
|
123
|
+
version_requirements: *70274059050680
|
|
124
124
|
- !ruby/object:Gem::Dependency
|
|
125
125
|
name: cover_me
|
|
126
|
-
requirement: &
|
|
126
|
+
requirement: &70274059050080 !ruby/object:Gem::Requirement
|
|
127
127
|
none: false
|
|
128
128
|
requirements:
|
|
129
129
|
- - ! '>='
|
|
@@ -131,10 +131,10 @@ dependencies:
|
|
|
131
131
|
version: 1.2.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
|
-
version_requirements: *
|
|
134
|
+
version_requirements: *70274059050080
|
|
135
135
|
- !ruby/object:Gem::Dependency
|
|
136
136
|
name: rspec
|
|
137
|
-
requirement: &
|
|
137
|
+
requirement: &70274059049320 !ruby/object:Gem::Requirement
|
|
138
138
|
none: false
|
|
139
139
|
requirements:
|
|
140
140
|
- - ! '>='
|
|
@@ -142,10 +142,10 @@ dependencies:
|
|
|
142
142
|
version: '2'
|
|
143
143
|
type: :development
|
|
144
144
|
prerelease: false
|
|
145
|
-
version_requirements: *
|
|
145
|
+
version_requirements: *70274059049320
|
|
146
146
|
- !ruby/object:Gem::Dependency
|
|
147
147
|
name: webmock
|
|
148
|
-
requirement: &
|
|
148
|
+
requirement: &70274059048160 !ruby/object:Gem::Requirement
|
|
149
149
|
none: false
|
|
150
150
|
requirements:
|
|
151
151
|
- - ! '>='
|
|
@@ -153,7 +153,7 @@ dependencies:
|
|
|
153
153
|
version: 1.6.2
|
|
154
154
|
type: :development
|
|
155
155
|
prerelease: false
|
|
156
|
-
version_requirements: *
|
|
156
|
+
version_requirements: *70274059048160
|
|
157
157
|
description: OpenID Connect Server & Client Library
|
|
158
158
|
email:
|
|
159
159
|
- nov@matake.jp
|
|
@@ -199,7 +199,10 @@ files:
|
|
|
199
199
|
- spec/helpers/webmock_helper.rb
|
|
200
200
|
- spec/mock_response/access_token/bearer.json
|
|
201
201
|
- spec/mock_response/access_token/bearer_with_id_token.json
|
|
202
|
+
- spec/mock_response/access_token/invalid_json.json
|
|
202
203
|
- spec/mock_response/access_token/mac.json
|
|
204
|
+
- spec/mock_response/client/registered.json
|
|
205
|
+
- spec/mock_response/client/updated.json
|
|
203
206
|
- spec/mock_response/discovery/config.json
|
|
204
207
|
- spec/mock_response/discovery/swd.json
|
|
205
208
|
- spec/mock_response/errors/insufficient_scope.json
|
|
@@ -259,7 +262,10 @@ test_files:
|
|
|
259
262
|
- spec/helpers/webmock_helper.rb
|
|
260
263
|
- spec/mock_response/access_token/bearer.json
|
|
261
264
|
- spec/mock_response/access_token/bearer_with_id_token.json
|
|
265
|
+
- spec/mock_response/access_token/invalid_json.json
|
|
262
266
|
- spec/mock_response/access_token/mac.json
|
|
267
|
+
- spec/mock_response/client/registered.json
|
|
268
|
+
- spec/mock_response/client/updated.json
|
|
263
269
|
- spec/mock_response/discovery/config.json
|
|
264
270
|
- spec/mock_response/discovery/swd.json
|
|
265
271
|
- spec/mock_response/errors/insufficient_scope.json
|