RubyGems - panjiva-oauth-plugin - Versions diffs - 0.4.1 - Mend

panjiva-oauth-plugin 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (167) hide show

data/oauth-plugin.gemspec ADDED

@@ -0,0 +1,39 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "oauth-plugin/version"
+Gem::Specification.new do |s|
+  s.name = %q{panjiva-oauth-plugin}
+  s.version = Oauth::Plugin::VERSION
+  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Pelle Braendgaard"]
+  s.date = %q{2011-10-20}
+  s.description = %q{Rails plugin for implementing an OAuth Provider or Consumer}
+  s.email = %q{oauth-ruby@googlegroups.com}
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.homepage = %q{http://github.com/pelle/oauth-plugin}
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{oauth}
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Ruby on Rails Plugin for OAuth Provider and Consumer}
+  s.add_development_dependency "opentransact"
+  s.add_development_dependency "rspec", "~> 2.4.0"
+  s.add_development_dependency "fakeweb"
+  s.add_development_dependency "fuubar"
+  s.add_development_dependency "guard-rspec"
+  s.add_development_dependency "growl"
+  s.add_development_dependency "rack-test"
+  s.add_dependency "multi_json"
+  s.add_dependency("oauth", ["~> 0.4.4"])
+  s.add_dependency("rack")
+  s.add_dependency("panjiva-oauth2", '>= 0.5.0')
+end

data/rails/init.rb ADDED

	@@ -0,0 +1 @@
1	+ require 'oauth-plugin'

data/spec/dummy_provider_models.rb ADDED

@@ -0,0 +1,53 @@
+# Dummy implementation
+class ClientApplication
+  attr_accessor :key
+  def self.find_by_key(key)
+    ClientApplication.new(key)
+  end
+  def initialize(key)
+    @key = key
+  end
+  def tokens
+    @tokens||=[]
+  end
+  def secret
+    "secret"
+  end
+end
+class OauthToken
+  attr_accessor :token
+  def self.first(conditions_hash)
+    case conditions_hash[:conditions].last
+    when "not_authorized", "invalidated"
+      nil
+    else
+      OauthToken.new(conditions_hash[:conditions].last)
+    end
+  end
+  def initialize(token)
+    @token = token
+  end
+  def secret
+    "secret"
+  end
+end
+class Oauth2Token < OauthToken ; end
+class Oauth2Verifier < OauthToken ; end
+class AccessToken < OauthToken ; end
+class RequestToken < OauthToken ; end
+class OauthNonce
+  # Always remember
+  def self.remember(nonce,timestamp)
+    true
+  end
+end

data/spec/oauth/provider/authorizer_spec.rb ADDED

@@ -0,0 +1,202 @@
+require 'spec_helper'
+require 'multi_json'
+require 'oauth/provider/authorizer'
+require 'dummy_provider_models'
+describe OAuth::Provider::Authorizer do
+  describe "Authorization code" do
+    describe "should issue code" do
+      before(:each) do
+        @user = double("user")
+        @app  = double("app")
+        @code = double("code", :token => "secret auth code")
+        ::ClientApplication.should_receive(:find_by_key!).with('client id').and_return(@app)
+      end
+      it "should allow" do
+        ::Oauth2Verifier.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@code)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'code',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?code=secret%20auth%20code"
+        @authorizer.should be_authorized
+      end
+      it "should include state" do
+        ::Oauth2Verifier.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@code)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'code',
+                                                      :state => 'customer id',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?code=secret%20auth%20code&state=customer%20id"
+        @authorizer.should be_authorized
+      end
+      it "should allow query string in callback" do
+        ::Oauth2Verifier.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback?this=one',
+                                                  :scope => 'a b').and_return(@code)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'code',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback?this=one'
+        @authorizer.should be_authorized
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one&code=secret%20auth%20code"
+      end
+    end
+  end
+  describe "user does not authorize" do
+    it "should send error" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'code',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri => 'http://mysite.com/callback'
+      @authorizer.redirect_uri.should == "http://mysite.com/callback?error=access_denied"
+      @authorizer.should_not be_authorized
+    end
+    it "should send error with state and query params in callback" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'code',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri=>'http://mysite.com/callback?this=one',
+                                                    :state => "my customer"
+      @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one&error=access_denied&state=my%20customer"
+      @authorizer.should_not be_authorized
+    end
+  end
+  describe "Implict Grant" do
+    describe "should issue token" do
+      before(:each) do
+        @user = double("user")
+        @app  = double("app")
+        @token = double("token", :token => "secret auth code")
+        ::ClientApplication.should_receive(:find_by_key!).with('client id').and_return(@app)
+      end
+      it "should allow" do
+        ::Oauth2Token.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@token)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'token',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback#access_token=secret%20auth%20code"
+        @authorizer.should be_authorized
+      end
+      it "should include state" do
+        ::Oauth2Token.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback',
+                                                  :scope => 'a b').and_return(@token)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'token',
+                                                      :state => 'customer id',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback'
+        @authorizer.redirect_uri.should == "http://mysite.com/callback#access_token=secret%20auth%20code&state=customer%20id"
+        @authorizer.should be_authorized
+      end
+      it "should allow query string in callback" do
+        ::Oauth2Token.should_receive(:create!).with( :client_application=>@app,
+                                                  :user=>@user,
+                                                  :callback_url=>'http://mysite.com/callback?this=one',
+                                                  :scope => 'a b').and_return(@token)
+        @authorizer = OAuth::Provider::Authorizer.new @user, true, :response_type => 'token',
+                                                      :scope => "a b",
+                                                      :client_id => 'client id',
+                                                      :redirect_uri => 'http://mysite.com/callback?this=one'
+        @authorizer.should be_authorized
+        @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one#access_token=secret%20auth%20code"
+      end
+    end
+  end
+  describe "user does not authorize" do
+    it "should send error" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'token',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri => 'http://mysite.com/callback'
+      @authorizer.redirect_uri.should == "http://mysite.com/callback#error=access_denied"
+      @authorizer.should_not be_authorized
+    end
+    it "should send error with state and query params in callback" do
+      @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'token',
+                                                    :scope => "a b",
+                                                    :client_id => 'client id',
+                                                    :redirect_uri=>'http://mysite.com/callback?this=one',
+                                                    :state => "my customer"
+      @authorizer.redirect_uri.should == "http://mysite.com/callback?this=one#error=access_denied&state=my%20customer"
+      @authorizer.should_not be_authorized
+    end
+  end
+  it "should handle unsupported response type" do
+    @user = double("user")
+    @authorizer = OAuth::Provider::Authorizer.new @user, false, :response_type => 'my new',
+                                                  :scope => "a b",
+                                                  :client_id => 'client id',
+                                                  :redirect_uri => 'http://mysite.com/callback'
+    @authorizer.redirect_uri.should == "http://mysite.com/callback#error=unsupported_response_type"
+    @authorizer.should_not be_authorized
+  end
+end

data/spec/rack/oauth_filter_spec.rb ADDED

@@ -0,0 +1,244 @@
+require 'spec_helper'
+require 'rack/test'
+require 'oauth/rack/oauth_filter'
+require 'multi_json'
+require 'forwardable'
+require 'dummy_provider_models'
+class OAuthEcho
+  def call(env)
+    response = {}
+    response[:oauth_token]        = env["oauth.token"].token            if env["oauth.token"]
+    response[:client_application] = env["oauth.client_application"].key if env["oauth.client_application"]
+    response[:oauth_version]      = env["oauth.version"]                if env["oauth.version"]
+    response[:strategies]         = env["oauth.strategies"]             if env["oauth.strategies"]
+     [200, { "Accept" => "application/json" }, [MultiJson.encode(response)]]
+  end
+end
+describe OAuth::Rack::OAuthFilter do
+  include Rack::Test::Methods
+  def app
+    @app ||= OAuth::Rack::OAuthFilter.new(OAuthEcho.new)
+  end
+  it "should pass through without oauth" do
+    get '/'
+    last_response.should be_ok
+    response = MultiJson.decode(last_response.body)
+    response.should == {}
+  end
+  describe 'OAuth1' do
+    describe 'with optional white space' do
+      it "should sign with consumer" do
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="amrLDyFE2AMztx5fOYDD1OEqWps6Mc2mAR5qyO44Rj8", oauth_signature="KCSg0RUfVFUcyhrgJo580H8ey0c%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295039581", oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_version"=>1, "strategies"=>["two_legged"]}
+      end
+      it "should sign with oauth 1 access token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:first).and_return(AccessToken.new("my_token"))
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY", oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295040394", oauth_token="my_token", oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","token","oauth10_access_token"]}
+      end
+      it "should sign with oauth 1 request token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:first).and_return(RequestToken.new("my_token"))
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer", oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY", oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1295040394", oauth_token="my_token", oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","oauth10_request_token"]}
+      end
+    end
+    describe 'without optional white space' do
+      it "should sign with consumer" do
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer",oauth_nonce="amrLDyFE2AMztx5fOYDD1OEqWps6Mc2mAR5qyO44Rj8",oauth_signature="KCSg0RUfVFUcyhrgJo580H8ey0c%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1295039581",oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_version"=>1, "strategies"=>["two_legged"]}
+      end
+      it "should sign with oauth 1 access token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:first).and_return(AccessToken.new("my_token"))
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer",oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY",oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1295040394",oauth_token="my_token",oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","token","oauth10_access_token"]}
+      end
+      it "should sign with oauth 1 request token" do
+        client_application = ClientApplication.new "my_consumer"
+        ClientApplication.stub!(:find_by_key).and_return(client_application)
+        client_application.tokens.stub!(:first).and_return(RequestToken.new("my_token"))
+        get '/',{},{"HTTP_AUTHORIZATION"=>'OAuth oauth_consumer_key="my_consumer",oauth_nonce="oiFHXoN0172eigBBUfgaZLdQg7ycGekv8iTdfkCStY",oauth_signature="y35B2DqTWaNlzNX0p4wv%2FJAGzg8%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1295040394",oauth_token="my_token",oauth_version="1.0"'}
+        last_response.should be_ok
+        response = MultiJson.decode(last_response.body)
+        response.should == {"client_application" => "my_consumer", "oauth_token"=>"my_token","oauth_version"=>1, "strategies"=>["oauth10_token","oauth10_request_token"]}
+      end
+    end
+  end
+  describe "OAuth2" do
+    describe "token given through a HTTP Auth Header" do
+      context "authorized and non-invalidated token" do
+        it "authenticates" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Bearer valid_token" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+        end
+      end
+      context "non-authorized token" do
+        it "doesn't authenticate" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Bearer not_authorized" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+      context "authorized and invalidated token" do
+        it "doesn't authenticate with an invalidated token" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Bearer invalidated" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+    end
+    describe "OAuth2 pre Bearer" do
+      describe "token given through a HTTP Auth Header" do
+        context "authorized and non-invalidated token" do
+          it "authenticates" do
+            get '/', {}, { "HTTP_AUTHORIZATION" => "OAuth valid_token" }
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+          end
+        end
+        context "non-authorized token" do
+          it "doesn't authenticate" do
+            get '/', {}, { "HTTP_AUTHORIZATION" => "OAuth not_authorized" }
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+        context "authorized and invalidated token" do
+          it "doesn't authenticate with an invalidated token" do
+            get '/', {}, { "HTTP_AUTHORIZATION" => "OAuth invalidated" }
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+      end
+    end
+    describe "token given through a HTTP Auth Header following the OAuth2 pre draft" do
+      context "authorized and non-invalidated token" do
+        it "authenticates" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Token valid_token" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+        end
+      end
+      context "non-authorized token" do
+        it "doesn't authenticate" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Token not_authorized" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+      context "authorized and invalidated token" do
+        it "doesn't authenticate with an invalidated token" do
+          get '/', {}, { "HTTP_AUTHORIZATION" => "Token invalidated" }
+          last_response.should be_ok
+          response = MultiJson.decode(last_response.body)
+          response.should == {}
+        end
+      end
+    end
+    ['bearer_token', 'access_token', 'oauth_token'].each do |name|
+      describe "token given through the query parameter '#{name}'" do
+        context "authorized and non-invalidated token" do
+          it "authenticates" do
+            get "/?#{name}=valid_token"
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+          end
+        end
+        context "non-authorized token" do
+          it "doesn't authenticate" do
+            get "/?#{name}=not_authorized"
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+        context "authorized and invalidated token" do
+          it "doesn't authenticate with an invalidated token" do
+            get "/?#{name}=invalidated"
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+      end
+      describe "token given through the post parameter '#{name}'" do
+        context "authorized and non-invalidated token" do
+          it "authenticates" do
+            post '/', name => 'valid_token'
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == { "oauth_token" => "valid_token", "oauth_version" => 2, "strategies"=> ["oauth20_token", "token"] }
+          end
+        end
+        context "non-authorized token" do
+          it "doesn't authenticate" do
+            post '/', name => 'not_authorized'
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+        context "authorized and invalidated token" do
+          it "doesn't authenticate with an invalidated token" do
+            post '/', name => 'invalidated'
+            last_response.should be_ok
+            response = MultiJson.decode(last_response.body)
+            response.should == {}
+          end
+        end
+      end
+    end
+  end
+end