opro 0.0.1 → 0.0.2

data/lib/opro/controllers/application_controller_helper.rb

@@ -15,6 +15,7 @@ module Opro
 
       def opro_authenticate_user!
         Opro.authenticate_user_method.call(self)
+        true
       end
 
       module ClassMethods
@@ -37,7 +38,11 @@ module Opro
 
       # returns boolean if oauth request
       def valid_oauth?
-        oauth? && oauth_user.present? && oauth_client_has_permissions?
+        oauth? && oauth_user.present? && oauth_client_not_expired? && oauth_client_has_permissions?
+      end
+
+      def oauth_client_not_expired?
+        oauth_access_grant.not_expired?
       end
 
       def disallow_oauth
@@ -53,7 +58,7 @@ module Opro
       end
 
       def oauth_access_grant
-        @oauth_access_grant ||= Oauth::AccessGrant.find_for_token(params[:access_token])
+        @oauth_access_grant ||= Oauth::AuthGrant.find_for_token(params[:access_token])
       end
 
       def oauth_client_app

data/lib/opro/engine.rb

@@ -1,5 +1,9 @@
+require 'opro/rails/routes'
+
 module Opro
   class Engine < Rails::Engine
+    isolate_namespace Opro
+
 
     initializer "opro.include_helpers" do
       Opro.include_helpers(Opro::Controllers)

data/lib/opro/rails/routes.rb

@@ -0,0 +1,17 @@
+module ActionDispatch::Routing
+  class Mapper
+    # Includes mount_opro_oauth method for routes. This method is responsible to
+    # generate all needed routes for oauth
+    def mount_opro_oauth(options = {})
+      skip_routes = options[:except].is_a?(Array) ? options[:except] : [options[:except]]
+
+      match 'oauth/new'          => 'oauth/auth#new',          :as => 'oauth_new'
+      match 'oauth/authorize'    => 'oauth/auth#create',       :as => 'oauth_authorize'
+      match 'oauth/token'        => 'oauth/token#create',      :as => 'oauth_token'
+
+      resources :oauth_docs,        :controller => 'oauth/docs'       unless skip_routes.include?(:docs)
+      resources :oauth_tests,       :controller => 'oauth/tests'      unless skip_routes.include?(:tests)
+      resources :oauth_client_apps, :controller => 'oauth/client_app' unless skip_routes.include?(:client_apps)
+    end
+  end
+end

data/opro.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "opro"
-  s.version = "0.0.1"
+  s.version = "0.0.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["schneems"]
-  s.date = "2012-06-14"
+  s.date = "2012-06-18"
   s.description = " Enable OAuth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you"
   s.email = "richard.schneeman@gmail.com"
   s.extra_rdoc_files = [
@@ -24,20 +24,23 @@ Gem::Specification.new do |s|
     "Rakefile",
     "VERSION",
     "app/controllers/oauth/auth_controller.rb",
-    "app/controllers/oauth/client_application_controller.rb",
+    "app/controllers/oauth/client_app_controller.rb",
     "app/controllers/oauth/docs_controller.rb",
     "app/controllers/oauth/tests_controller.rb",
-    "app/controllers/opro_application_controller.rb",
+    "app/controllers/oauth/token_controller.rb",
+    "app/controllers/opro_controller.rb",
     "app/models/oauth/access_grant.rb",
-    "app/models/oauth/client_application.rb",
+    "app/models/oauth/client_appl.rb",
     "app/views/oauth/auth/new.html.erb",
-    "app/views/oauth/client_application/create.html.erb",
-    "app/views/oauth/client_application/index.html.erb",
-    "app/views/oauth/client_application/new.html.erb",
+    "app/views/oauth/client_app/create.html.erb",
+    "app/views/oauth/client_app/index.html.erb",
+    "app/views/oauth/client_app/new.html.erb",
     "app/views/oauth/docs/index.html.erb",
     "app/views/oauth/docs/markdown/curl.md.erb",
     "app/views/oauth/docs/markdown/oauth.md.erb",
+    "app/views/oauth/docs/markdown/permissions.md.erb",
     "app/views/oauth/docs/markdown/quick_start.md.erb",
+    "app/views/oauth/docs/markdown/refresh_tokens.md.erb",
     "app/views/oauth/docs/show.html.erb",
     "app/views/oauth/tests/index.html.erb",
     "config/routes.rb",
@@ -51,8 +54,10 @@ Gem::Specification.new do |s|
     "lib/opro/controllers/concerns/error_messages.rb",
     "lib/opro/controllers/concerns/permissions.rb",
     "lib/opro/engine.rb",
+    "lib/opro/rails/routes.rb",
     "opro.gemspec",
     "test/controllers/permissions_test.rb",
+    "test/controllers/refresh_token_test.rb",
     "test/dummy/Rakefile",
     "test/dummy/app/controllers/application_controller.rb",
     "test/dummy/app/controllers/pages_controller.rb",
@@ -96,10 +101,14 @@ Gem::Specification.new do |s|
     "test/dummy/public/javascripts/rails.js",
     "test/dummy/public/stylesheets/.gitkeep",
     "test/dummy/script/rails",
+    "test/integration/action_dispatch/auth_controller_test.rb",
+    "test/integration/action_dispatch/oauth_flow_test.rb",
+    "test/integration/action_dispatch/refresh_token_test.rb",
     "test/integration/auth_controller_test.rb",
-    "test/integration/client_application_controller_test.rb",
+    "test/integration/client_app_controller_test.rb",
     "test/integration/docs_controller_test.rb",
     "test/integration/oauth_test.rb",
+    "test/integration/refresh_token_test.rb",
     "test/opro_test.rb",
     "test/support/integration_case.rb",
     "test/test_helper.rb"
@@ -114,10 +123,11 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<activesupport>, [">= 3.0.7"])
-      s.add_runtime_dependency(%q<rails>, [">= 3.0.7"])
+      s.add_runtime_dependency(%q<activesupport>, [">= 3.1.0"])
+      s.add_runtime_dependency(%q<rails>, [">= 3.1.0"])
       s.add_runtime_dependency(%q<bluecloth>, [">= 0"])
       s.add_development_dependency(%q<mocha>, [">= 0"])
+      s.add_development_dependency(%q<timecop>, [">= 0"])
       s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
       s.add_development_dependency(%q<bundler>, [">= 1.1.3"])
       s.add_development_dependency(%q<capybara>, [">= 0.4.0"])
@@ -127,10 +137,11 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<rcov>, [">= 0"])
       s.add_development_dependency(%q<simplecov>, [">= 0"])
     else
-      s.add_dependency(%q<activesupport>, [">= 3.0.7"])
-      s.add_dependency(%q<rails>, [">= 3.0.7"])
+      s.add_dependency(%q<activesupport>, [">= 3.1.0"])
+      s.add_dependency(%q<rails>, [">= 3.1.0"])
       s.add_dependency(%q<bluecloth>, [">= 0"])
       s.add_dependency(%q<mocha>, [">= 0"])
+      s.add_dependency(%q<timecop>, [">= 0"])
       s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
       s.add_dependency(%q<bundler>, [">= 1.1.3"])
       s.add_dependency(%q<capybara>, [">= 0.4.0"])
@@ -141,10 +152,11 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<simplecov>, [">= 0"])
     end
   else
-    s.add_dependency(%q<activesupport>, [">= 3.0.7"])
-    s.add_dependency(%q<rails>, [">= 3.0.7"])
+    s.add_dependency(%q<activesupport>, [">= 3.1.0"])
+    s.add_dependency(%q<rails>, [">= 3.1.0"])
     s.add_dependency(%q<bluecloth>, [">= 0"])
     s.add_dependency(%q<mocha>, [">= 0"])
+    s.add_dependency(%q<timecop>, [">= 0"])
     s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
     s.add_dependency(%q<bundler>, [">= 1.1.3"])
     s.add_dependency(%q<capybara>, [">= 0.4.0"])

data/test/dummy/config/environments/test.rb

@@ -10,6 +10,10 @@ Dummy::Application.configure do
   # Log error messages when you accidentally call methods on nil.
   config.whiny_nils = true
 
+
+  config.log_level = :debug
+
+
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false

data/test/dummy/config/initializers/opro.rb

@@ -3,8 +3,15 @@ Opro.setup do |config|
   config.auth_strategy = :devise
 
   ## Add or remove application permissions
-    # Read permission is turned on by default (any request with [GET])
-    # Write permission is requestable by default (any request other than [GET])
-    # Custom permissions can be configured by adding them to the request_permissions Array and configuring require_oauth_permissions in the controller
+  # Read permission (any request with [GET]) is turned on by default
+  # Write permission (any request other than [GET]) is requestable by default
+  # Custom permissions can be configured by adding them to `config.request_permissions`
+  # You can then require that permission on individual actions by calling
+  # `require_oauth_permissions` in the controller
   config.request_permissions = [:write]
+
+  ## Refresh Token config
+  # uncomment `config.require_refresh_within` to require refresh tokens
+  # this will expire tokens within the given time duration
+  # config.require_refresh_within = 1.month
 end

data/test/dummy/config/routes.rb

@@ -1,4 +1,6 @@
 Dummy::Application.routes.draw do
+  mount_opro_oauth
+
   devise_for :users
 
   resources :foo

data/test/dummy/db/migrate/20120514060322_create_opro_access_grants.rb

@@ -1,4 +1,4 @@
-class CreateOproAccessGrants < ActiveRecord::Migration
+class CreateOproAuthGrants < ActiveRecord::Migration
   def change
     create_table  :opro_access_grants do |t|
       t.string    :code

data/test/dummy/db/migrate/20120514060323_create_opro_client_applications.rb

@@ -1,4 +1,4 @@
-class CreateOproClientApplications < ActiveRecord::Migration
+class CreateOproClientApps < ActiveRecord::Migration
   def change
     create_table :opro_client_applications do |t|
       t.string  :name

data/test/integration/action_dispatch/auth_controller_test.rb

@@ -0,0 +1,64 @@
+## NOT CAPYBARA
+#  ActionDispatch::IntegrationTest
+#  http://guides.rubyonrails.org/testing.html#integration-testing
+#  used so we can test POST actions ^_^
+
+require 'test_helper'
+
+class AuthControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user         = create_user
+    @client_app   = create_client_app
+    @redirect_uri = '/'
+  end
+
+
+  test "AUTHORIZE: previously authed user gets Authed immediately, permissions not changed" do
+    auth_grant  = create_auth_grant_for_user(@user, @client_app)
+
+    params = { :client_id     => @client_app.client_id ,
+               :client_secret => @client_app.client_secret,
+               :redirect_uri  => @redirect_uri }
+
+    as_user(@user).post oauth_authorize_path(params)
+
+    assert_equal 302, status
+    follow_redirect!
+    assert_equal @redirect_uri, path
+  end
+
+
+  test "AUTHORIZE: app cannot force permissions change for previously authed user" do
+    auth_grant  = create_auth_grant_for_user(@user, @client_app)
+    permissions = { 'foo' => 1 }
+    assert_not_equal auth_grant.permissions, permissions
+
+    params = { :client_id     => @client_app.client_id ,
+               :client_secret => @client_app.client_secret,
+               :redirect_uri  => @redirect_uri,
+               :permissions   => permissions }
+
+    as_user(@user).post oauth_authorize_path(params)
+
+    assert_equal 302, status
+    follow_redirect!
+    assert_equal @redirect_uri, path
+    auth_grant = Oauth::AuthGrant.find(auth_grant.id)
+
+    refute auth_grant.permissions.has_key?(permissions.keys.first)
+  end
+
+
+  test "AUTHORIZE: user gets redirected to new form if not already authed" do
+    params = { :client_id     => @client_app.client_id ,
+               :client_secret => @client_app.client_secret,
+               :redirect_uri  => @redirect_uri }
+
+    as_user(@user).post oauth_authorize_path(params)
+
+    assert_equal 302, status
+    follow_redirect!
+    assert_equal oauth_new_path, path
+  end
+
+end

data/test/integration/action_dispatch/oauth_flow_test.rb

@@ -0,0 +1,34 @@
+## NOT CAPYBARA
+#  ActionDispatch::IntegrationTest
+#  http://guides.rubyonrails.org/testing.html#integration-testing
+#  used so we can test POST actions ^_^
+
+require 'test_helper'
+
+class OauthTokenTest < ActionDispatch::IntegrationTest
+  setup do
+    @user         = create_user
+  end
+
+
+  test "exchange a code for a token" do
+    user         = create_user
+    auth_grant   = create_auth_grant_for_user(user)
+    client       = auth_grant.application
+    params = {:code           => auth_grant.code,
+              :client_id      => client.client_id,
+              :client_secret  => client.client_secret}
+
+
+    as_user(@user).post oauth_token_path(params)
+
+    json_hash = JSON.parse(response.body)
+    assert json_hash["access_token"]
+    assert json_hash["access_token"], auth_grant.access_token
+
+    assert json_hash["refresh_token"]
+    assert json_hash["refresh_token"], auth_grant.refresh_token
+  end
+
+end
+

data/test/integration/action_dispatch/refresh_token_test.rb

@@ -0,0 +1,54 @@
+## NOT CAPYBARA
+#  ActionDispatch::IntegrationTest
+#  http://guides.rubyonrails.org/testing.html#integration-testing
+#  used so we can test POST actions ^_^
+
+require 'test_helper'
+
+class RefreshTokenTest < ActionDispatch::IntegrationTest
+  setup do
+    Timecop.freeze(Time.now)
+    Opro.setup do |config|
+      config.require_refresh_within = 1.month
+    end
+
+    @user         = create_user
+    @auth_grant   = create_auth_grant_for_user(@user)
+    @client_app   = @auth_grant.application
+  end
+
+  teardown do
+    Timecop.return # "turn off" Timecop
+  end
+
+  test "clients get a valid refresh token" do
+    params = {:client_id      => @client_app.client_id ,
+              :client_secret  => @client_app.client_secret,
+              :code           => @auth_grant.code}
+    as_user(@user).post oauth_token_path(params)
+    json_hash = JSON.parse(response.body)
+    assert_equal json_hash['expires_in'], @auth_grant.expires_in
+  end
+
+  test "exchange a refresh_token for an access_token" do
+    params = {:client_id      => @client_app.client_id ,
+              :client_secret  => @client_app.client_secret,
+              :refresh_token  => @auth_grant.refresh_token}
+
+    Timecop.travel(2.days.from_now)
+
+    as_user(@user).post oauth_token_path(params)
+
+    json_hash = JSON.parse(response.body)
+    refute_equal json_hash['access_token'],   @auth_grant.access_token
+    refute_equal json_hash['refresh_token'],  @auth_grant.refresh_token
+    refute_equal json_hash['expires_in'],     @auth_grant.expires_in
+
+
+    auth_grant = Oauth::AuthGrant.find(@auth_grant.id)
+    assert_equal json_hash['access_token'],   auth_grant.access_token
+    assert_equal json_hash['refresh_token'],  auth_grant.refresh_token
+    assert_equal json_hash['expires_in'],     auth_grant.expires_in
+  end
+
+end

data/test/integration/auth_controller_test.rb

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class AuthControllerTest < ActiveSupport::IntegrationCase
+class CapybaraAuthControllerTest < ActiveSupport::IntegrationCase
 
   setup do
     @app           = create_client_app
@@ -14,13 +14,14 @@ class AuthControllerTest < ActiveSupport::IntegrationCase
   end
 
   test 'auth entry point is accessible to logged IN users' do
+    as_user(@user) do
+      visit oauth_new_path(:client_id => @app.client_id, :redirect_uri => @redirect_uri)
 
-    as_user(@user).visit oauth_new_path(:client_id => @app.client_id, :redirect_uri => @redirect_uri)
-
-    assert_equal '/oauth/new', current_path
+      assert_equal '/oauth/new', current_path
+      click_button 'oauthAuthorize'
+    end
 
-    click_button 'oauthAuthorize'
-    access_grant = Oauth::AccessGrant.where(:user_id => @user.id, :application_id => @app.id).first
+    access_grant = Oauth::AuthGrant.where(:user_id => @user.id, :application_id => @app.id).first
     assert_equal @redirect_uri, current_path
     assert access_grant.present?
     assert access_grant.can?(:write) # write access is checked by default
@@ -31,7 +32,7 @@ class AuthControllerTest < ActiveSupport::IntegrationCase
 
     uncheck('permissions_write') # uncheck write access
     click_button 'oauthAuthorize'
-    access_grant = Oauth::AccessGrant.where(:user_id => @user.id, :application_id => @app.id).first
+    access_grant = Oauth::AuthGrant.where(:user_id => @user.id, :application_id => @app.id).first
     refute access_grant.can?(:write)
   end
 end

data/test/integration/client_app_controller_test.rb

@@ -0,0 +1,24 @@
+require 'test_helper'
+
+class ClientAppControllerTest < ActiveSupport::IntegrationCase
+  test 'must be logged in' do
+    visit new_oauth_client_app_path
+    assert_equal '/users/sign_in', current_path
+  end
+
+  test 'create client application' do
+    user = create_user
+    as_user(user).visit new_oauth_client_app_path
+    assert_equal '/oauth_client_apps/new', current_path
+
+    fill_in 'oauth_client_app_name', :with => rand_name
+
+    click_button 'submitApp'
+    assert_equal '/oauth_client_apps', current_path
+
+    last_client = Oauth::ClientApp.order(:created_at).last
+    assert has_content?(last_client.name)
+    assert has_content?(last_client.client_id)
+    assert has_content?(last_client.client_secret)
+  end
+end