openid_connect 0.0.15 → 0.0.16

data/Gemfile.lock

@@ -1,13 +1,13 @@
 PATH
   remote: .
   specs:
-    openid_connect (0.0.14)
+    openid_connect (0.0.15)
       activemodel (>= 3)
       attr_required (>= 0.0.3)
       json (>= 1.4.3)
       jwt (>= 0.1.3)
       rack-oauth2 (>= 0.9)
-      swd (>= 0.0.3)
+      swd (>= 0.0.4)
       tzinfo
       validate_email
       validate_url
@@ -54,7 +54,7 @@ GEM
     rspec-expectations (2.6.0)
       diff-lcs (~> 1.1.2)
     rspec-mocks (2.6.0)
-    swd (0.0.3)
+    swd (0.0.4)
       activesupport (>= 3)
       attr_required (>= 0.0.3)
       httpclient (>= 2.2.1)

data/VERSION

@@ -1 +1 @@
-0.0.15
+0.0.16

data/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb

@@ -0,0 +1,50 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module Extension
+          class CodeAndIdToken < Abstract::Handler
+            class << self
+              def response_type_for?(response_type)
+                response_type.split.sort == ['code', 'id_token']
+              end
+            end
+
+            def call(env)
+              @request  = Request.new env
+              @response = Response.new request
+              super
+            end
+
+            class Request < Authorize::Code::Request
+              def initialize(env)
+                super
+                @response_type = [:code, :id_token]
+                attr_missing!
+              end
+            end
+
+            class Response < Authorize::Code::Response
+              include IdTokenResponse
+              attr_required :id_token, :private_key
+
+              def protocol_params
+                protocol_params_without_id_token
+              end
+
+              def redirect_uri_with_credentials_with_id_token
+                _redirect_uri_ = URI.parse redirect_uri_with_credentials_without_id_token
+                _redirect_uri_.fragment = {
+                  :id_token => jwt_string
+                }.to_query
+                _redirect_uri_.to_s
+              end
+              alias_method_chain :redirect_uri_with_credentials, :id_token
+
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/extension/id_token.rb

@@ -0,0 +1,50 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module Extension
+          class IdToken < Abstract::Handler
+            class << self
+              def response_type_for?(response_type)
+                response_type == 'id_token'
+              end
+            end
+
+            def call(env)
+              @request  = Request.new env
+              @response = Response.new request
+              super
+            end
+
+            class Request < Authorize::Request
+              def initialize(env)
+                super
+                @response_type = :id_token
+                attr_missing!
+              end
+
+              def error_params_location
+                :fragment
+              end
+            end
+
+            class Response < Authorize::Response
+              include IdTokenResponse
+              attr_required :id_token, :private_key
+
+              def protocol_params_location
+                :fragment
+              end
+
+              def protocol_params
+                super.merge(
+                  :id_token => jwt_string
+                )
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb

@@ -0,0 +1,35 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module Extension
+          class IdTokenAndToken < Abstract::Handler
+            class << self
+              def response_type_for?(response_type)
+                response_type.split.sort == ['id_token', 'token']
+              end
+            end
+
+            def call(env)
+              @request  = Request.new env
+              @response = Response.new request
+              super
+            end
+
+            class Request < Authorize::Token::Request
+              def initialize(env)
+                super
+                @response_type = [:id_token, :token]
+                attr_missing!
+              end
+            end
+
+            class Response < Authorize::Token::Response
+              attr_required :id_token, :private_key
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/id_token_response.rb

@@ -5,7 +5,7 @@ module Rack::OAuth2::Server
       klass.class_eval do
         def jwt_string
           if id_token.is_a? OpenIDConnect::ResponseObject::IdToken
-            raise AttrRequired::AttrMissing.new('private_key is required') unless private_key
+            raise AttrRequired::AttrMissing.new("'private_key' required.") unless private_key
             id_token.to_jwt private_key
           else
             id_token
@@ -24,3 +24,7 @@ module Rack::OAuth2::Server
   Token::Response.send :include, IdTokenResponse
   Authorize::Token::Response.send :include, IdTokenResponse
 end
+
+require 'rack/oauth2/server/authorize/extension/code_and_id_token'
+require 'rack/oauth2/server/authorize/extension/id_token'
+require 'rack/oauth2/server/authorize/extension/id_token_and_token'

data/openid_connect.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
   s.add_runtime_dependency "jwt", ">= 0.1.3"
-  s.add_runtime_dependency "swd", ">= 0.0.3"
+  s.add_runtime_dependency "swd", ">= 0.0.4"
   s.add_runtime_dependency "rack-oauth2", ">= 0.9"
   s.add_development_dependency "rake", ">= 0.8"
   s.add_development_dependency "rcov", ">= 0.9"

data/spec/openid_connect/discovery/principal/email_spec.rb

@@ -1,5 +1,10 @@
 require 'spec_helper'
 
 describe OpenIDConnect::Discovery::Principal::Email do
-  it :TODO
+  subject { email }
+  let(:email) { OpenIDConnect::Discovery::Principal::Email.new identifier }
+  let(:identifier) { 'nov@server.example.com' }
+
+  its(:identifier) { should == identifier }
+  its(:host) { should == 'server.example.com' }
 end

data/spec/openid_connect/discovery/provider_spec.rb

@@ -52,7 +52,10 @@ describe OpenIDConnect::Discovery::Provider do
     end
 
     context 'when Email is given' do
-      it :TODO
+      let(:identifier) { "nov@#{host}" }
+      let(:host)       { 'server.example.com' }
+      let(:principal)  { identifier }
+      it_behaves_like :discover_provider
     end
 
   end

data/spec/rack/oauth2/server/authorize/code_and_token_spec.rb

@@ -47,7 +47,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::CodeAndToken do
         end
       end
       it do
-        expect { response }.should raise_error AttrRequired::AttrMissing, 'private_key is required'
+        expect { response }.should raise_error AttrRequired::AttrMissing, "'private_key' required."
       end
     end
   end

data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+
+describe Rack::OAuth2::Server::Authorize::Extension::CodeAndIdToken do
+  subject { response }
+  let(:request)      { Rack::MockRequest.new app }
+  let(:response)     { request.get("/?response_type=code%20id_token&client_id=client") }
+  let(:redirect_uri) { 'http://client.example.com/callback' }
+  let(:code)         { 'authorization_code' }
+  let :id_token do
+    OpenIDConnect::ResponseObject::IdToken.new(
+      :iss => 'https://server.example.com',
+      :user_id => 'user_id',
+      :aud => 'client_id',
+      :exp => 1313424327
+    )
+  end
+
+  context "when id_token is given" do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.code = code
+        response.id_token = id_token
+        response.private_key = private_key
+        response.approve!
+      end
+    end
+    its(:status)   { should == 302 }
+    its(:location) { should == "#{redirect_uri}?code=#{code}#id_token=#{id_token.to_jwt(private_key)}" }
+
+    context 'when id_token is String' do
+      let(:id_token) { 'id_token' }
+      its(:location) { should == "#{redirect_uri}?code=#{code}#id_token=id_token" }
+    end
+
+    context 'when private_key is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.redirect_uri = redirect_uri
+          response.code = code
+          response.id_token = id_token
+          response.approve!
+        end
+      end
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing, "'private_key' required."
+      end
+    end
+  end
+
+  context "otherwise" do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.code = code
+        response.approve!
+      end
+    end
+    it do
+      expect { response }.should raise_error AttrRequired::AttrMissing, "'id_token', 'private_key' required."
+    end
+  end
+end

data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+
+describe Rack::OAuth2::Server::Authorize::Extension::IdTokenAndToken do
+  subject { response }
+  let(:request)      { Rack::MockRequest.new app }
+  let(:response)     { request.get("/?response_type=token%20id_token&client_id=client") }
+  let(:redirect_uri) { 'http://client.example.com/callback' }
+  let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token') }
+  let :id_token do
+    OpenIDConnect::ResponseObject::IdToken.new(
+      :iss => 'https://server.example.com',
+      :user_id => 'user_id',
+      :aud => 'client_id',
+      :exp => 1313424327
+    )
+  end
+
+  context "when id_token is given" do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.access_token = bearer_token
+        response.id_token = id_token
+        response.private_key = private_key
+        response.approve!
+      end
+    end
+    its(:status)   { should == 302 }
+    its(:location) { should == "#{redirect_uri}#access_token=access_token&id_token=#{id_token.to_jwt(private_key)}&token_type=bearer" }
+
+    context 'when id_token is String' do
+      let(:id_token) { 'id_token' }
+      its(:location) { should == "#{redirect_uri}#access_token=access_token&id_token=id_token&token_type=bearer" }
+    end
+
+    context 'when private_key is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.redirect_uri = redirect_uri
+          response.access_token = bearer_token
+          response.id_token = id_token
+          response.approve!
+        end
+      end
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing, "'private_key' required."
+      end
+    end
+  end
+
+  context "otherwise" do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.access_token = bearer_token
+        response.approve!
+      end
+    end
+    it do
+      expect { response }.should raise_error AttrRequired::AttrMissing, "'id_token', 'private_key' required."
+    end
+  end
+end

data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb

@@ -0,0 +1,59 @@
+require 'spec_helper'
+
+describe Rack::OAuth2::Server::Authorize::Extension::IdToken do
+  subject { response }
+  let(:request)      { Rack::MockRequest.new app }
+  let(:response)     { request.get("/?response_type=id_token&client_id=client") }
+  let(:redirect_uri) { 'http://client.example.com/callback' }
+  let :id_token do
+    OpenIDConnect::ResponseObject::IdToken.new(
+      :iss => 'https://server.example.com',
+      :user_id => 'user_id',
+      :aud => 'client_id',
+      :exp => 1313424327
+    )
+  end
+
+  context "when id_token is given" do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.id_token = id_token
+        response.private_key = private_key
+        response.approve!
+      end
+    end
+    its(:status)   { should == 302 }
+    its(:location) { should == "#{redirect_uri}#id_token=#{id_token.to_jwt(private_key)}" }
+
+    context 'when id_token is String' do
+      let(:id_token) { 'id_token' }
+      its(:location) { should == "#{redirect_uri}#id_token=id_token" }
+    end
+
+    context 'when private_key is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.redirect_uri = redirect_uri
+          response.id_token = id_token
+          response.approve!
+        end
+      end
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing, "'private_key' required."
+      end
+    end
+  end
+
+  context "otherwise" do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.approve!
+      end
+    end
+    it do
+      expect { response }.should raise_error AttrRequired::AttrMissing, "'id_token', 'private_key' required."
+    end
+  end
+end

data/spec/rack/oauth2/server/authorize/token_spec.rb

@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
         end
       end
       it do
-        expect { response }.should raise_error AttrRequired::AttrMissing, 'private_key is required'
+        expect { response }.should raise_error AttrRequired::AttrMissing, "'private_key' required."
       end
     end
   end

data/spec/rack/oauth2/server/token/authorization_code_spec.rb

@@ -45,7 +45,7 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
         end
       end
       it do
-        expect { response }.should raise_error AttrRequired::AttrMissing, 'private_key is required'
+        expect { response }.should raise_error AttrRequired::AttrMissing, "'private_key' required."
       end
     end
   end

data/spec/rack/oauth2/server/token/refresh_token_spec.rb

@@ -44,7 +44,7 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
         end
       end
       it do
-        expect { response }.should raise_error AttrRequired::AttrMissing, 'private_key is required'
+        expect { response }.should raise_error AttrRequired::AttrMissing, "'private_key' required."
       end
     end
   end

metadata

@@ -2,7 +2,7 @@
 name: openid_connect
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.15
+  version: 0.0.16
 platform: ruby
 authors: 
 - nov matake
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-20 00:00:00 Z
+date: 2011-08-24 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: json
@@ -97,7 +97,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.0.3
+        version: 0.0.4
   type: :runtime
   version_requirements: *id008
 - !ruby/object:Gem::Dependency 
@@ -194,6 +194,9 @@ files:
 - lib/openid_connect/server.rb
 - lib/openid_connect/server/id_token.rb
 - lib/openid_connect/server/id_token/error.rb
+- lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb
+- lib/rack/oauth2/server/authorize/extension/id_token.rb
+- lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb
 - lib/rack/oauth2/server/id_token_response.rb
 - openid_connect.gemspec
 - spec/helpers/webmock_helper.rb
@@ -221,6 +224,9 @@ files:
 - spec/openid_connect/response_object_spec.rb
 - spec/openid_connect/server/id_token_spec.rb
 - spec/rack/oauth2/server/authorize/code_and_token_spec.rb
+- spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb
+- spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb
+- spec/rack/oauth2/server/authorize/extension/id_token_spec.rb
 - spec/rack/oauth2/server/authorize/token_spec.rb
 - spec/rack/oauth2/server/token/authorization_code_spec.rb
 - spec/rack/oauth2/server/token/refresh_token_spec.rb
@@ -278,6 +284,9 @@ test_files:
 - spec/openid_connect/response_object_spec.rb
 - spec/openid_connect/server/id_token_spec.rb
 - spec/rack/oauth2/server/authorize/code_and_token_spec.rb
+- spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb
+- spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb
+- spec/rack/oauth2/server/authorize/extension/id_token_spec.rb
 - spec/rack/oauth2/server/authorize/token_spec.rb
 - spec/rack/oauth2/server/token/authorization_code_spec.rb
 - spec/rack/oauth2/server/token/refresh_token_spec.rb