RubyGems - opro - Versions diffs - 0.3.0 → 0.3.1 - Mend

opro 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

data/CHANGELOG.md +4 -0
data/VERSION +1 -1
data/app/models/opro/oauth/auth_grant.rb +12 -2
data/app/models/opro/oauth/client_app.rb +4 -8
data/lib/generators/active_record/templates/auth_grants.rb +4 -0
data/lib/generators/active_record/templates/client_apps.rb +3 -0
data/opro.gemspec +4 -2
data/test/models/opro/oauth/auth_grant_test.rb +18 -0
data/test/models/opro/oauth/client_app_test.rb +11 -0
data/test/test_helper.rb +2 -0
metadata +31 -29

data/CHANGELOG.md CHANGED

@@ -1,3 +1,7 @@
+## 0.3.1
+- [#7] Bugfix: Verify access_token, refresh_token, and code are unique before attempting to save (@twinge)
 ## 0.3.0
 - Properly set attr_accessible for those apps that are requiring all attributes to be whitelisted.

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.3.0
1	+ 0.3.1

data/app/models/opro/oauth/auth_grant.rb CHANGED

@@ -9,6 +9,8 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
   validates :application_id, :uniqueness => {:scope => :user_id, :message => "Application is already authed for this user"}, :presence => true
+  validates :code,           :uniqueness => true
+  validates :access_token,   :uniqueness => true
   before_create :generate_tokens!, :generate_expires_at!
@@ -78,7 +80,15 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
   end
   def generate_tokens!
-    self.code, self.access_token, self.refresh_token = SecureRandom.hex(16), SecureRandom.hex(16), SecureRandom.hex(16)
+    self.code, self.access_token, self.refresh_token = unique_token_for(:refresh_token), unique_token_for(:access_token), unique_token_for(:refresh_token)
+  end
+  # used to guarantee that we are generating unique codes, access_tokens and refresh_tokens
+  def unique_token_for(field, secure_token  = SecureRandom.hex(16))
+    raise "bad field" unless self.respond_to?(field)
+    auth_grant = self.class.where(field => secure_token).first
+    return secure_token if auth_grant.blank?
+    unique_token_for(field)
   end
   def redirect_uri_for(redirect_uri, state = nil)
@@ -90,4 +100,4 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
     redirect_uri << "&state=#{state}" if state.present?
     redirect_uri
   end
-end
+end

data/app/models/opro/oauth/client_app.rb CHANGED

@@ -20,16 +20,12 @@ class Opro::Oauth::ClientApp < ActiveRecord::Base
   end
   def self.create_with_user_and_name(user, name)
-    create(:user => user, :name => name, :app_id => generate_id, :app_secret => SecureRandom.hex(16))
+    create(:user => user, :name => name, :app_id => generate_unique_app_id, :app_secret => SecureRandom.hex(16))
   end
-  def self.generate_id
-    app_id     = SecureRandom.hex(16)
+  def self.generate_unique_app_id(app_id = SecureRandom.hex(16))
     client_app = where(:app_id => app_id)
-    if client_app.present?
-      generate_id
-    else
-      return app_id
-    end
+    return app_id if client_app.blank?
+    generate_unique_app_id
   end
 end

data/lib/generators/active_record/templates/auth_grants.rb CHANGED

@@ -11,5 +11,9 @@ class CreateOproAuthGrants < ActiveRecord::Migration
       t.timestamps
     end
+    add_index :opro_auth_grants, :code,          :unique => true
+    add_index :opro_auth_grants, :access_token,  :unique => true
+    add_index :opro_auth_grants, :refresh_token, :unique => true
   end
 end

data/lib/generators/active_record/templates/client_apps.rb CHANGED

@@ -8,5 +8,8 @@ class CreateOproClientApps < ActiveRecord::Migration
       t.integer :user_id
       t.timestamps
     end
+    add_index :opro_client_apps, :app_id, :unique => true
+    add_index :opro_client_apps, [:app_id, :app_secret], :unique => true
   end
 end

data/opro.gemspec CHANGED

@@ -5,11 +5,11 @@
 Gem::Specification.new do |s|
   s.name = "opro"
-  s.version = "0.3.0"
+  s.version = "0.3.1"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["schneems"]
-  s.date = "2012-07-05"
+  s.date = "2012-07-18"
   s.description = " Enable OAuth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you"
   s.email = "richard.schneeman@gmail.com"
   s.extra_rdoc_files = [
@@ -114,6 +114,8 @@ Gem::Specification.new do |s|
     "test/integration/docs_controller_test.rb",
     "test/integration/oauth_test.rb",
     "test/integration/refresh_token_test.rb",
+    "test/models/opro/oauth/auth_grant_test.rb",
+    "test/models/opro/oauth/client_app_test.rb",
     "test/opro_test.rb",
     "test/support/integration_case.rb",
     "test/test_helper.rb"

data/test/models/opro/oauth/auth_grant_test.rb ADDED

@@ -0,0 +1,18 @@
+require 'test_helper'
+class OproAuthGrantTest < ActiveSupport::TestCase
+  test "duplicate access_tokens can't happen" do
+    grant     = create_auth_grant
+    dup_grant = create_auth_grant
+    dup_grant.access_token = grant.access_token
+    refute dup_grant.valid?
+    assert dup_grant.errors.present?
+  end
+  test "unique_secure_token_for" do
+    grant     = create_auth_grant
+    token     = grant.access_token
+    new_token = grant.unique_token_for(:access_token, token)
+    assert_not_equal token, new_token
+  end
+end

data/test/models/opro/oauth/client_app_test.rb ADDED

@@ -0,0 +1,11 @@
+require 'test_helper'
+class OproClientAppTest < ActiveSupport::TestCase
+  test "generate_unique_app_id" do
+    client_app  = create_client_app
+    app_id      = client_app.app_id
+    new_app_id  = Opro::Oauth::ClientApp.generate_unique_app_id(app_id)
+    assert_not_equal app_id, new_app_id
+  end
+end

data/test/test_helper.rb CHANGED

@@ -78,6 +78,8 @@ def create_auth_grant_for_user(user = nil, app = nil)
   Opro::Oauth::AuthGrant.create(:user => user, :application => app)
 end
+alias :create_auth_grant :create_auth_grant_for_user
 # Will run the given code as the user passed in
 def as_user(user=nil, &block)

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: opro
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
   prerelease:
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-07-05 00:00:00.000000000Z
+date: 2012-07-18 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &70202055236780 !ruby/object:Gem::Requirement
+  requirement: &70290681694980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 3.1.0
   type: :runtime
   prerelease: false
-  version_requirements: *70202055236780
+  version_requirements: *70290681694980
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70202055235540 !ruby/object:Gem::Requirement
+  requirement: &70290681696520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: 3.1.0
   type: :runtime
   prerelease: false
-  version_requirements: *70202055235540
+  version_requirements: *70290681696520
 - !ruby/object:Gem::Dependency
   name: bluecloth
-  requirement: &70202055228260 !ruby/object:Gem::Requirement
+  requirement: &70290681698080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70202055228260
+  version_requirements: *70290681698080
 - !ruby/object:Gem::Dependency
   name: mocha
-  requirement: &70202055227520 !ruby/object:Gem::Requirement
+  requirement: &70290681699760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70202055227520
+  version_requirements: *70290681699760
 - !ruby/object:Gem::Dependency
   name: timecop
-  requirement: &70202055226840 !ruby/object:Gem::Requirement
+  requirement: &70290681717840 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70202055226840
+  version_requirements: *70290681717840
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &70202055225620 !ruby/object:Gem::Requirement
+  requirement: &70290681717140 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -76,10 +76,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *70202055225620
+  version_requirements: *70290681717140
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70202055224960 !ruby/object:Gem::Requirement
+  requirement: &70290681716440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
         version: 1.1.3
   type: :development
   prerelease: false
-  version_requirements: *70202055224960
+  version_requirements: *70290681716440
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &70202055224040 !ruby/object:Gem::Requirement
+  requirement: &70290681715820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -98,10 +98,10 @@ dependencies:
         version: 0.4.0
   type: :development
   prerelease: false
-  version_requirements: *70202055224040
+  version_requirements: *70290681715820
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70202055223120 !ruby/object:Gem::Requirement
+  requirement: &70290681715300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,10 +109,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70202055223120
+  version_requirements: *70290681715300
 - !ruby/object:Gem::Dependency
   name: launchy
-  requirement: &70202055222220 !ruby/object:Gem::Requirement
+  requirement: &70290681714720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -120,10 +120,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70202055222220
+  version_requirements: *70290681714720
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &70202055221440 !ruby/object:Gem::Requirement
+  requirement: &70290681714060 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -131,10 +131,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70202055221440
+  version_requirements: *70290681714060
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &70202055220840 !ruby/object:Gem::Requirement
+  requirement: &70290681713180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -142,10 +142,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70202055220840
+  version_requirements: *70290681713180
 - !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: &70202055209840 !ruby/object:Gem::Requirement
+  requirement: &70290681712500 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -153,7 +153,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70202055209840
+  version_requirements: *70290681712500
 description: ! ' Enable OAuth clients (iphone, android, web sites, etc.) to access
   and use your Rails application, what you do with it is up to you'
 email: richard.schneeman@gmail.com
@@ -260,6 +260,8 @@ files:
 - test/integration/docs_controller_test.rb
 - test/integration/oauth_test.rb
 - test/integration/refresh_token_test.rb
+- test/models/opro/oauth/auth_grant_test.rb
+- test/models/opro/oauth/client_app_test.rb
 - test/opro_test.rb
 - test/support/integration_case.rb
 - test/test_helper.rb
@@ -278,7 +280,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4415944458233682145
+      hash: -1410749762090226826
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: