openid_connect 0.6.1 → 2.3.0

data/spec/openid_connect/client/registrar_spec.rb

@@ -5,140 +5,101 @@ describe OpenIDConnect::Client::Registrar do
   let(:attributes) { minimum_attributes }
   let(:minimum_attributes) do
     {
-      operation: :client_register
+      redirect_uris: ['https://client.example.com/callback']
     }
   end
   let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint, attributes) }
   let(:endpoint) { 'https://server.example.com/clients' }
 
   context 'when endpoint given' do
-    context 'when attributes given' do
-      context 'when operation=client_register' do
-        let(:attributes) do
-          minimum_attributes
-        end
-        it { should be_valid }
-      end
-
-      context 'when operation=client_update' do
-        context 'when client_id given' do
-          let(:attributes) do
-            {
-              operation: :client_update,
-              client_id: 'client.example.com'
-            }
-          end
-          it { should be_valid }
-        end
-
-        context 'otherwise' do
-          let(:attributes) do
-            {
-              operation: :client_update
-            }
-          end
-          it { should_not be_valid }
-        end
-      end
-
-      context 'otherwise' do
-        let(:attributes) do
-          {
-            operation: :invalid_operation
-          }
-        end
-        it { should_not be_valid }
+    context 'when required attributes given' do
+      let(:attributes) do
+        minimum_attributes
       end
+      it { should be_valid }
     end
 
     context 'otherwise' do
       let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint) }
-      it do
-        expect do
-          instance
-        end.not_to raise_error
-      end
       it { should_not be_valid }
     end
   end
 
   context 'otherwise' do
-    let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint) }
     let(:endpoint) { '' }
+    it { should_not be_valid }
+  end
 
-    it do
-      expect do
-        instance
-      end.to raise_error AttrRequired::AttrMissing
+  describe '#initialize' do
+    it 'creates attribute writers for all attributes' do
+      described_class.metadata_attributes.each do |attr|
+        expect(subject).to respond_to("#{attr}=")
+      end
     end
   end
 
   describe '#sector_identifier' do
-    context 'when sector_identifier_url given' do
+    context 'when sector_identifier_uri given' do
       let(:attributes) do
         minimum_attributes.merge(
-          sector_identifier_url: 'https://client.example.com/sector_identifier.json'
+          sector_identifier_uri: 'https://client2.example.com/sector_identifier.json'
         )
       end
-      its(:sector_identifier) { should == 'client.example.com' }
-
-      context 'when sector_identifier_url is invalid URI' do
-        let(:attributes) do
-          minimum_attributes.merge(
-            sector_identifier_url: ':invalid'
-          )
-        end
-        its(:sector_identifier) { should be_nil }
-      end
+      its(:sector_identifier) { should == 'client2.example.com' }
 
-      context 'when redirect_uris given' do
+      context 'when sector_identifier_uri is invalid URI' do
         let(:attributes) do
           minimum_attributes.merge(
-            sector_identifier_url: 'https://client.example.com/sector_identifier.json',
-            redirect_uris: 'https://client2.example.com/callback'
+            sector_identifier_uri: 'invalid'
           )
         end
-        its(:sector_identifier) { should == 'client.example.com' }
+        it { should_not be_valid }
       end
     end
 
     context 'otherwise' do
-      context 'when redirect_uris given' do
-        context 'when single host' do
-          let(:attributes) do
-            minimum_attributes.merge(
-              redirect_uris: [
-                'https://client.example.com/callback/op1',
-                'https://client.example.com/callback/op2'
-              ].join(' ')
-            )
-          end
-          its(:sector_identifier) { should == 'client.example.com' }
+      let(:attributes) do
+        minimum_attributes.merge(
+          redirect_uris: redirect_uris
+        )
+      end
+
+      context 'when redirect_uris includes only one host' do
+        let(:redirect_uris) do
+          [
+            'https://client.example.com/callback/op1',
+            'https://client.example.com/callback/op2'
+          ]
         end
+        its(:sector_identifier) { should == 'client.example.com' }
+      end
 
-        context 'when multi host' do
-          let(:attributes) do
-            minimum_attributes.merge(
-              redirect_uris: [
-                'https://client1.example.com/callback',
-                'https://client2.example.com/callback'
-              ].join(' ')
-            )
-          end
-          its(:sector_identifier) { should be_nil }
+      context 'when redirect_uris includes multiple hosts' do
+        let(:redirect_uris) do
+          [
+            'https://client1.example.com/callback',
+            'https://client2.example.com/callback'
+          ]
         end
+        its(:sector_identifier) { should be_nil }
 
-        context 'when invalid URI' do
+        context 'when subject_type=pairwise' do
           let(:attributes) do
             minimum_attributes.merge(
-              redirect_uris: ':invalid'
+              redirect_uris: redirect_uris,
+              subject_type: :pairwise
             )
           end
-          its(:sector_identifier) { should be_nil }
+          it { should_not be_valid }
         end
       end
 
-      context 'otherwise' do
+      context 'when redirect_uris includes invalid URL' do
+        let(:redirect_uris) do
+          [
+            'invalid'
+          ]
+        end
         its(:sector_identifier) { should be_nil }
       end
     end
@@ -146,7 +107,7 @@ describe OpenIDConnect::Client::Registrar do
 
   describe '#redirect_uris' do
     let(:base_url) { 'http://client.example.com/callback' }
-    let(:attributes) { minimum_attributes.merge(redirect_uris: redirect_uri) }
+    let(:attributes) { minimum_attributes.merge(redirect_uris: [redirect_uri]) }
 
     context 'when query included' do
       let(:redirect_uri) { [base_url, '?foo=bar'].join }
@@ -156,41 +117,41 @@ describe OpenIDConnect::Client::Registrar do
 
     context 'when fragment included' do
       let(:redirect_uri) { [base_url, '#foo=bar'].join }
-      it { should_not be_valid }
+      it { should be_valid }
     end
   end
 
   describe '#contacts' do
     context 'when contacts given' do
+      let(:attributes) do
+        minimum_attributes.merge(
+          contacts: contacts
+        )
+      end
+
       context 'when invalid email included' do
-        let(:attributes) do
-          minimum_attributes.merge(
-            contacts: [
-              ':invalid',
-              'nov@matake.jp'
-            ].join(' ')
-          )
+        let(:contacts) do
+          [
+            'invalid',
+            'nov@matake.jp'
+          ]
         end
         it { should_not be_valid }
       end
 
       context 'when localhost address included' do
-        let(:attributes) do
-          minimum_attributes.merge(
-            contacts: [
-              'nov@localhost',
-              'nov@matake.jp'
-            ].join(' ')
-          )
+        let(:contacts) do
+          [
+            'nov@localhost',
+            'nov@matake.jp'
+          ]
         end
         it { should_not be_valid }
       end
 
       context 'otherwise' do
-        let(:attributes) do
-          minimum_attributes.merge(
-            contacts: 'nov@matake.jp'
-          )
+        let(:contacts) do
+          ['nov@matake.jp']
         end
         it { should be_valid }
       end
@@ -199,27 +160,16 @@ describe OpenIDConnect::Client::Registrar do
 
   describe '#as_json' do
     context 'when valid' do
-      let(:attributes) do
-        minimum_attributes.merge(
-          redirect_uris: [
-            'https://client1.example.com/callback',
-            'https://client2.example.com/callback'
-          ].join(' ')
-        )
-      end
       its(:as_json) do
-        should == {
-          operation: 'client_register',
-          redirect_uris: 'https://client1.example.com/callback https://client2.example.com/callback'
-        }
+        should == minimum_attributes
       end
     end
 
     context 'otherwise' do
       let(:attributes) do
-        {
-          operation: :client_update
-        }
+        minimum_attributes.merge(
+          sector_identifier_uri: 'invalid'
+        )
       end
       it do
         expect do
@@ -230,27 +180,19 @@ describe OpenIDConnect::Client::Registrar do
   end
 
   describe '#register!' do
-    let(:attributes) do
-      {}
-    end
-
     it 'should return OpenIDConnect::Client' do
-      mock_json :post, endpoint, 'client/registered', params: {
-        operation: 'client_register'
-      } do
-        client = instance.register!
-        client.should be_instance_of OpenIDConnect::Client
-        client.identifier.should == 'client.example.com'
-        client.secret.should == 'client_secret'
-        client.expires_in.should == 3600
+      client = mock_json :post, endpoint, 'client/registered', params: minimum_attributes do
+        instance.register!
       end
+      client.should be_instance_of OpenIDConnect::Client
+      client.identifier.should == 'client.example.com'
+      client.secret.should == 'client_secret'
+      client.expires_in.should == 3600
     end
 
     context 'when failed' do
       it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
-        mock_json :post, endpoint, 'errors/unknown', params: {
-          operation: 'client_register'
-        }, status: 400 do
+        mock_json :post, endpoint, 'errors/unknown', params: minimum_attributes, status: 400 do
           expect do
             instance.register!
           end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
@@ -259,81 +201,24 @@ describe OpenIDConnect::Client::Registrar do
     end
   end
 
-  describe '#update!' do
-    let(:attributes) do
-      {
-        client_id: 'client.example.com',
-        client_secret: 'client_secret'
-      }
-    end
-
-    it 'should return OpenIDConnect::Client' do
-      mock_json :post, endpoint, 'client/updated', params: {
-        operation: 'client_update',
-        client_id: 'client.example.com',
-        client_secret: 'client_secret',
-        client_name: 'New Name'
-      } do
-        instance.client_name = 'New Name'
-        client = instance.update!
-        client.should be_instance_of OpenIDConnect::Client
-        client.identifier.should == 'client.example.com'
-      end
-    end
-
-    context 'when failed' do
-      it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
-        mock_json :post, endpoint, 'errors/unknown', params: {
-          operation: 'client_update',
-          client_id: 'client.example.com',
-          client_secret: 'client_secret'
-        }, status: 400 do
-          expect do
-            instance.update!
-          end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
-        end
-      end
-    end
-  end
-
-  describe '#rotate_secret!' do
-    let(:attributes) do
-      {
-        client_id: 'client.example.com',
-        client_secret: 'client_secret'
-      }
-    end
-
-    it 'should return OpenIDConnect::Client' do
-      mock_json :post, endpoint, 'client/rotated', params: {
-        operation: 'rotate_secret',
-        client_id: 'client.example.com',
-        client_secret: 'client_secret'
-      } do
-        client = instance.rotate_secret!
-        client.should be_instance_of OpenIDConnect::Client
-        client.identifier.should == 'client.example.com'
-        client.secret.should == 'new_client_secret'
-        client.expires_in.should == 3600
-      end
-    end
-  end
-
   describe '#validate!' do
     context 'when valid' do
       it do
         expect do
           instance.validate!
-        end.not_to raise_error OpenIDConnect::ValidationFailed
+        end.not_to raise_error { |e|
+          e.should be_a OpenIDConnect::ValidationFailed
+        }
       end
     end
 
     context 'otherwise' do
       let(:attributes) do
-        {
-          operation: :client_update
-        }
+        minimum_attributes.merge(
+          sector_identifier_uri: 'invalid'
+        )
       end
+
       it do
         expect do
           instance.validate!
@@ -345,15 +230,15 @@ describe OpenIDConnect::Client::Registrar do
   describe 'http_client' do
     subject { instance.send(:http_client) }
 
-    context 'when access_token given' do
+    context 'when initial_access_token given' do
       let(:attributes) do
         minimum_attributes.merge(
-          access_token: access_token
+          initial_access_token: initial_access_token
         )
       end
 
       context 'when Rack::OAuth2::AccessToken::Bearer given' do
-        let(:access_token) do
+        let(:initial_access_token) do
           Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
         end
         it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
@@ -361,14 +246,14 @@ describe OpenIDConnect::Client::Registrar do
       end
 
       context 'otherwise' do
-        let(:access_token) { 'access_token' }
+        let(:initial_access_token) { 'access_token' }
         it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
         its(:access_token) { should == 'access_token' }
       end
     end
 
     context 'otherwise' do
-      it { should be_instance_of HTTPClient }
+      it { should be_instance_of Faraday::Connection }
     end
   end
-end
+end

data/spec/openid_connect/client_spec.rb

@@ -19,11 +19,11 @@ describe OpenIDConnect::Client do
       end
       its(:authorization_uri) { should include 'https://server.example.com/oauth2/authorize' }
       its(:authorization_uri) { should include 'scope=openid' }
-      its(:user_info_uri)     { should == 'https://server.example.com/user_info' }
+      its(:userinfo_uri)     { should == 'https://server.example.com/userinfo' }
     end
 
     context 'otherwise' do
-      [:authorization_uri, :user_info_uri].each do |endpoint|
+      [:authorization_uri, :userinfo_uri].each do |endpoint|
         describe endpoint do
           it do
             expect { client.send endpoint }.to raise_error 'No Host Info'
@@ -34,16 +34,53 @@ describe OpenIDConnect::Client do
   end
 
   describe '#authorization_uri' do
-    describe 'scope' do
+    let(:scope) { nil }
+    let(:prompt) { nil }
+    let(:response_type) { nil }
+    let(:query) do
+      params = {
+        scope: scope,
+        prompt: prompt,
+        response_type: response_type
+      }.reject do |k,v|
+        v.blank?
+      end
+      query = URI.parse(client.authorization_uri params).query
+      Rack::Utils.parse_query(query).with_indifferent_access
+    end
+    let :attributes do
+      required_attributes.merge(
+        host: 'server.example.com'
+      )
+    end
+
+    describe 'response_type' do
       subject do
-        query = URI.parse(client.authorization_uri scope: scope).query
-        Rack::Utils.parse_query(query).with_indifferent_access[:scope]
+        query[:response_type]
       end
-      let(:scope) { nil }
-      let :attributes do
-        required_attributes.merge(
-          host: 'server.example.com'
-        )
+
+      it { should == 'code' }
+
+      context 'when response_type is given' do
+        context 'when array given' do
+          let(:response_type) { [:code, :token] }
+          it { should == 'code token' }
+        end
+
+        context 'when scalar given' do
+          let(:response_type) { :token }
+          it { should == 'token' }
+        end
+      end
+
+      context 'as default' do
+        it { should == 'code' }
+      end
+    end
+
+    describe 'scope' do
+      subject do
+        query[:scope]
       end
 
       context 'when scope is given' do
@@ -58,10 +95,31 @@ describe OpenIDConnect::Client do
         end
       end
 
-      context 'otherwise' do
+      context 'as default' do
         it { should == 'openid' }
       end
     end
+
+    describe 'prompt' do
+      subject do
+        query[:prompt]
+      end
+
+      context 'when prompt is a scalar value' do
+        let(:prompt) { :login }
+        it { should == 'login' }
+      end
+
+      context 'when prompt is a space-delimited string' do
+        let(:prompt) { 'login consent' }
+        it { should == 'login consent' }
+      end
+
+      context 'when prompt is an array' do
+        let(:prompt) { [:login, :consent] }
+        it { should == 'login consent' }
+      end
+    end
   end
 
   describe '#access_token!' do
@@ -104,22 +162,21 @@ describe OpenIDConnect::Client do
       end
     end
 
-    context 'when invalid JSON is returned' do
-      it 'should raise OpenIDConnect::Exception' do
-        mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
-          expect do
-            access_token
-          end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
-        end
-      end
-    end
-
     context 'otherwise' do
       it 'should raise Unexpected Token Type exception' do
         mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do
           expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
         end
       end
+
+      context 'when token_type is forced' do
+        before { client.force_token_type! :bearer }
+        it 'should use forced token_type' do
+          mock_json :post, client.token_endpoint, 'access_token/without_token_type', request_header: header_params, params: protocol_params do
+            access_token.should be_a OpenIDConnect::AccessToken
+          end
+        end
+      end
     end
   end
-end
+end

data/spec/openid_connect/connect_object_spec.rb

@@ -71,7 +71,7 @@ describe OpenIDConnect::ConnectObject do
   describe '#validate!' do
     context 'when valid' do
       subject { instance.validate! }
-      it { should be_true }
+      it { should == true }
     end
 
     context 'otherwise' do