rack-oauth2-revibe 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/.gitignore +22 -0
- data/.rspec +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +7 -0
- data/LICENSE +20 -0
- data/README.rdoc +78 -0
- data/Rakefile +25 -0
- data/VERSION +1 -0
- data/lib/rack/oauth2.rb +67 -0
- data/lib/rack/oauth2/access_token.rb +36 -0
- data/lib/rack/oauth2/access_token/authenticator.rb +24 -0
- data/lib/rack/oauth2/access_token/bearer.rb +11 -0
- data/lib/rack/oauth2/access_token/legacy.rb +23 -0
- data/lib/rack/oauth2/access_token/mac.rb +103 -0
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +17 -0
- data/lib/rack/oauth2/access_token/mac/signature.rb +34 -0
- data/lib/rack/oauth2/access_token/mac/verifier.rb +44 -0
- data/lib/rack/oauth2/client.rb +139 -0
- data/lib/rack/oauth2/client/error.rb +14 -0
- data/lib/rack/oauth2/client/grant.rb +30 -0
- data/lib/rack/oauth2/client/grant/authorization_code.rb +12 -0
- data/lib/rack/oauth2/client/grant/client_credentials.rb +10 -0
- data/lib/rack/oauth2/client/grant/facebook_token.rb +12 -0
- data/lib/rack/oauth2/client/grant/password.rb +11 -0
- data/lib/rack/oauth2/client/grant/refresh_token.rb +11 -0
- data/lib/rack/oauth2/debugger.rb +3 -0
- data/lib/rack/oauth2/debugger/request_filter.rb +30 -0
- data/lib/rack/oauth2/server.rb +4 -0
- data/lib/rack/oauth2/server/abstract.rb +4 -0
- data/lib/rack/oauth2/server/abstract/error.rb +69 -0
- data/lib/rack/oauth2/server/abstract/handler.rb +20 -0
- data/lib/rack/oauth2/server/abstract/request.rb +29 -0
- data/lib/rack/oauth2/server/abstract/response.rb +15 -0
- data/lib/rack/oauth2/server/authorize.rb +117 -0
- data/lib/rack/oauth2/server/authorize/code.rb +39 -0
- data/lib/rack/oauth2/server/authorize/error.rb +71 -0
- data/lib/rack/oauth2/server/authorize/extension.rb +12 -0
- data/lib/rack/oauth2/server/authorize/extension/code_and_token.rb +39 -0
- data/lib/rack/oauth2/server/authorize/token.rb +43 -0
- data/lib/rack/oauth2/server/resource.rb +55 -0
- data/lib/rack/oauth2/server/resource/bearer.rb +47 -0
- data/lib/rack/oauth2/server/resource/bearer/error.rb +24 -0
- data/lib/rack/oauth2/server/resource/error.rb +81 -0
- data/lib/rack/oauth2/server/resource/mac.rb +36 -0
- data/lib/rack/oauth2/server/resource/mac/error.rb +24 -0
- data/lib/rack/oauth2/server/token.rb +87 -0
- data/lib/rack/oauth2/server/token/authorization_code.rb +28 -0
- data/lib/rack/oauth2/server/token/client_credentials.rb +23 -0
- data/lib/rack/oauth2/server/token/error.rb +54 -0
- data/lib/rack/oauth2/server/token/extension.rb +12 -0
- data/lib/rack/oauth2/server/token/extension/jwt.rb +37 -0
- data/lib/rack/oauth2/server/token/facebook_token.rb +27 -0
- data/lib/rack/oauth2/server/token/password.rb +27 -0
- data/lib/rack/oauth2/server/token/refresh_token.rb +26 -0
- data/lib/rack/oauth2/util.rb +58 -0
- data/rack-oauth2.gemspec +30 -0
- data/spec/helpers/time.rb +19 -0
- data/spec/helpers/webmock_helper.rb +41 -0
- data/spec/mock_response/blank +0 -0
- data/spec/mock_response/errors/invalid_request.json +4 -0
- data/spec/mock_response/resources/fake.txt +1 -0
- data/spec/mock_response/tokens/_Bearer.json +6 -0
- data/spec/mock_response/tokens/bearer.json +6 -0
- data/spec/mock_response/tokens/legacy.json +5 -0
- data/spec/mock_response/tokens/legacy.txt +1 -0
- data/spec/mock_response/tokens/legacy_without_expires_in.txt +1 -0
- data/spec/mock_response/tokens/mac.json +8 -0
- data/spec/mock_response/tokens/unknown.json +6 -0
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +43 -0
- data/spec/rack/oauth2/access_token/bearer_spec.rb +18 -0
- data/spec/rack/oauth2/access_token/legacy_spec.rb +23 -0
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +28 -0
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +59 -0
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +25 -0
- data/spec/rack/oauth2/access_token/mac_spec.rb +141 -0
- data/spec/rack/oauth2/access_token_spec.rb +69 -0
- data/spec/rack/oauth2/client/error_spec.rb +18 -0
- data/spec/rack/oauth2/client/grant/authorization_code_spec.rb +37 -0
- data/spec/rack/oauth2/client/grant/client_credentials_spec.rb +7 -0
- data/spec/rack/oauth2/client/grant/password_spec.rb +33 -0
- data/spec/rack/oauth2/client/grant/refresh_token_spec.rb +21 -0
- data/spec/rack/oauth2/client_spec.rb +287 -0
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +33 -0
- data/spec/rack/oauth2/oauth2_spec.rb +74 -0
- data/spec/rack/oauth2/server/abstract/error_spec.rb +59 -0
- data/spec/rack/oauth2/server/authorize/code_spec.rb +57 -0
- data/spec/rack/oauth2/server/authorize/error_spec.rb +103 -0
- data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb +60 -0
- data/spec/rack/oauth2/server/authorize/token_spec.rb +73 -0
- data/spec/rack/oauth2/server/authorize_spec.rb +214 -0
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +123 -0
- data/spec/rack/oauth2/server/resource/error_spec.rb +147 -0
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/mac_spec.rb +119 -0
- data/spec/rack/oauth2/server/resource_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +43 -0
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/error_spec.rb +77 -0
- data/spec/rack/oauth2/server/token/password_spec.rb +37 -0
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +34 -0
- data/spec/rack/oauth2/server/token_spec.rb +134 -0
- data/spec/rack/oauth2/util_spec.rb +97 -0
- data/spec/spec_helper.rb +14 -0
- metadata +326 -0
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Debugger::RequestFilter do
|
4
|
+
let(:resource_endpoint) { 'https://example.com/resources' }
|
5
|
+
let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
|
6
|
+
let(:response) { HTTP::Message.new_response(MultiJson.dump({:hello => 'world'})) }
|
7
|
+
let(:request_filter) { Rack::OAuth2::Debugger::RequestFilter.new }
|
8
|
+
|
9
|
+
describe '#filter_request' do
|
10
|
+
it 'should log request' do
|
11
|
+
[
|
12
|
+
"======= [Rack::OAuth2] HTTP REQUEST STARTED =======",
|
13
|
+
request.dump
|
14
|
+
].each do |output|
|
15
|
+
Rack::OAuth2.logger.should_receive(:info).with output
|
16
|
+
end
|
17
|
+
request_filter.filter_request(request)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe '#filter_response' do
|
22
|
+
it 'should log response' do
|
23
|
+
[
|
24
|
+
"--------------------------------------------------",
|
25
|
+
response.dump,
|
26
|
+
"======= [Rack::OAuth2] HTTP REQUEST FINISHED ======="
|
27
|
+
].each do |output|
|
28
|
+
Rack::OAuth2.logger.should_receive(:info).with output
|
29
|
+
end
|
30
|
+
request_filter.filter_response(request, response)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,74 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Rack::OAuth2 do
|
4
|
+
subject { Rack::OAuth2 }
|
5
|
+
after { Rack::OAuth2.debugging = false }
|
6
|
+
|
7
|
+
its(:logger) { should be_a Logger }
|
8
|
+
its(:debugging?) { should be_false }
|
9
|
+
|
10
|
+
describe '.debug!' do
|
11
|
+
before { Rack::OAuth2.debug! }
|
12
|
+
its(:debugging?) { should be_true }
|
13
|
+
end
|
14
|
+
|
15
|
+
describe '.debug' do
|
16
|
+
it 'should enable debugging within given block' do
|
17
|
+
Rack::OAuth2.debug do
|
18
|
+
Rack::OAuth2.debugging?.should be_true
|
19
|
+
end
|
20
|
+
Rack::OAuth2.debugging?.should be_false
|
21
|
+
end
|
22
|
+
|
23
|
+
it 'should not force disable debugging' do
|
24
|
+
Rack::OAuth2.debug!
|
25
|
+
Rack::OAuth2.debug do
|
26
|
+
Rack::OAuth2.debugging?.should be_true
|
27
|
+
end
|
28
|
+
Rack::OAuth2.debugging?.should be_true
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
describe '.http_config' do
|
33
|
+
context 'when request_filter added' do
|
34
|
+
context 'when "debug!" is called' do
|
35
|
+
after { Rack::OAuth2.reset_http_config! }
|
36
|
+
|
37
|
+
it 'should put Debugger::RequestFilter at last' do
|
38
|
+
Rack::OAuth2.debug!
|
39
|
+
Rack::OAuth2.http_config do |config|
|
40
|
+
config.request_filter << Proc.new {}
|
41
|
+
end
|
42
|
+
Rack::OAuth2.http_client.request_filter.last.should be_instance_of Rack::OAuth2::Debugger::RequestFilter
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'should reset_http_config' do
|
46
|
+
Rack::OAuth2.debug!
|
47
|
+
Rack::OAuth2.http_config do |config|
|
48
|
+
config.request_filter << Proc.new {}
|
49
|
+
end
|
50
|
+
size = Rack::OAuth2.http_client.request_filter.size
|
51
|
+
Rack::OAuth2.reset_http_config!
|
52
|
+
Rack::OAuth2.http_client.request_filter.size.should == size - 1
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
describe ".http_client" do
|
60
|
+
context "when local_http_config is used" do
|
61
|
+
it "should correctly set request_filter" do
|
62
|
+
clnt1 = Rack::OAuth2.http_client
|
63
|
+
clnt2 = Rack::OAuth2.http_client("my client") do |config|
|
64
|
+
config.request_filter << Proc.new {}
|
65
|
+
end
|
66
|
+
clnt3 = Rack::OAuth2.http_client
|
67
|
+
|
68
|
+
clnt1.request_filter.size.should == clnt3.request_filter.size
|
69
|
+
clnt1.request_filter.size.should == clnt2.request_filter.size - 1
|
70
|
+
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Abstract::Error do
|
4
|
+
|
5
|
+
context 'when full attributes are given' do
|
6
|
+
subject do
|
7
|
+
Rack::OAuth2::Server::Abstract::Error.new 400, :invalid_request, 'Missing some required params', :uri => 'http://server.example.com/error'
|
8
|
+
end
|
9
|
+
its(:status) { should == 400 }
|
10
|
+
its(:error) { should == :invalid_request }
|
11
|
+
its(:description) { should == 'Missing some required params' }
|
12
|
+
its(:uri) { should == 'http://server.example.com/error' }
|
13
|
+
its(:protocol_params) do
|
14
|
+
should == {
|
15
|
+
:error => :invalid_request,
|
16
|
+
:error_description => 'Missing some required params',
|
17
|
+
:error_uri => 'http://server.example.com/error'
|
18
|
+
}
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
context 'when optional attributes are not given' do
|
23
|
+
subject do
|
24
|
+
Rack::OAuth2::Server::Abstract::Error.new 400, :invalid_request
|
25
|
+
end
|
26
|
+
its(:status) { should == 400 }
|
27
|
+
its(:error) { should == :invalid_request }
|
28
|
+
its(:description) { should be_nil }
|
29
|
+
its(:uri) { should be_nil }
|
30
|
+
its(:protocol_params) do
|
31
|
+
should == {
|
32
|
+
:error => :invalid_request,
|
33
|
+
:error_description => nil,
|
34
|
+
:error_uri => nil
|
35
|
+
}
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
describe Rack::OAuth2::Server::Abstract::BadRequest do
|
42
|
+
its(:status) { should == 400 }
|
43
|
+
end
|
44
|
+
|
45
|
+
describe Rack::OAuth2::Server::Abstract::Unauthorized do
|
46
|
+
its(:status) { should == 401 }
|
47
|
+
end
|
48
|
+
|
49
|
+
describe Rack::OAuth2::Server::Abstract::Forbidden do
|
50
|
+
its(:status) { should == 403 }
|
51
|
+
end
|
52
|
+
|
53
|
+
describe Rack::OAuth2::Server::Abstract::ServerError do
|
54
|
+
its(:status) { should == 500 }
|
55
|
+
end
|
56
|
+
|
57
|
+
describe Rack::OAuth2::Server::Abstract::TemporarilyUnavailable do
|
58
|
+
its(:status) { should == 503 }
|
59
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Authorize::Code do
|
4
|
+
let(:request) { Rack::MockRequest.new app }
|
5
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
6
|
+
let(:authorization_code) { 'authorization_code' }
|
7
|
+
let(:response) { request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}&state=state" }
|
8
|
+
|
9
|
+
context 'when approved' do
|
10
|
+
subject { response }
|
11
|
+
let :app do
|
12
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
13
|
+
response.redirect_uri = redirect_uri
|
14
|
+
response.code = authorization_code
|
15
|
+
response.approve!
|
16
|
+
end
|
17
|
+
end
|
18
|
+
its(:status) { should == 302 }
|
19
|
+
its(:location) { should == "#{redirect_uri}?code=#{authorization_code}&state=state" }
|
20
|
+
|
21
|
+
context 'when redirect_uri already includes query' do
|
22
|
+
let(:redirect_uri) { 'http://client.example.com/callback?k=v' }
|
23
|
+
its(:location) { should == "#{redirect_uri}&code=#{authorization_code}&state=state" }
|
24
|
+
end
|
25
|
+
|
26
|
+
context 'when redirect_uri is missing' do
|
27
|
+
let(:redirect_uri) { nil }
|
28
|
+
it do
|
29
|
+
expect { response }.to raise_error AttrRequired::AttrMissing
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
context 'when code is missing' do
|
34
|
+
let(:authorization_code) { nil }
|
35
|
+
it do
|
36
|
+
expect { response }.to raise_error AttrRequired::AttrMissing
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
context 'when denied' do
|
42
|
+
let :app do
|
43
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
44
|
+
request.verify_redirect_uri! redirect_uri
|
45
|
+
request.access_denied!
|
46
|
+
end
|
47
|
+
end
|
48
|
+
it 'should redirect with error in query' do
|
49
|
+
response.status.should == 302
|
50
|
+
error_message = {
|
51
|
+
:error => :access_denied,
|
52
|
+
:error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
|
53
|
+
}
|
54
|
+
response.location.should == "#{redirect_uri}?#{error_message.to_query}&state=state"
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,103 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Authorize::BadRequest do
|
4
|
+
let(:klass) { Rack::OAuth2::Server::Authorize::BadRequest }
|
5
|
+
let(:error) { klass.new(:invalid_request) }
|
6
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
7
|
+
|
8
|
+
subject { error }
|
9
|
+
it { should be_a Rack::OAuth2::Server::Abstract::BadRequest }
|
10
|
+
its(:protocol_params) do
|
11
|
+
should == {
|
12
|
+
:error => :invalid_request,
|
13
|
+
:error_description => nil,
|
14
|
+
:error_uri => nil,
|
15
|
+
:state => nil
|
16
|
+
}
|
17
|
+
end
|
18
|
+
|
19
|
+
describe '#finish' do
|
20
|
+
context 'when redirect_uri is given' do
|
21
|
+
before { error.redirect_uri = redirect_uri }
|
22
|
+
|
23
|
+
context 'when protocol_params_location = :query' do
|
24
|
+
before { error.protocol_params_location = :query }
|
25
|
+
it 'should redirect with error in query' do
|
26
|
+
state, header, response = error.finish
|
27
|
+
state.should == 302
|
28
|
+
header["Location"].should == "#{redirect_uri}?error=invalid_request"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
context 'when protocol_params_location = :fragment' do
|
33
|
+
before { error.protocol_params_location = :fragment }
|
34
|
+
it 'should redirect with error in fragment' do
|
35
|
+
state, header, response = error.finish
|
36
|
+
state.should == 302
|
37
|
+
header["Location"].should == "#{redirect_uri}#error=invalid_request"
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
context 'otherwise' do
|
42
|
+
before { error.protocol_params_location = :other }
|
43
|
+
it 'should redirect without error' do
|
44
|
+
state, header, response = error.finish
|
45
|
+
state.should == 302
|
46
|
+
header["Location"].should == redirect_uri
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
context 'otherwise' do
|
52
|
+
it 'should raise itself' do
|
53
|
+
expect { error.finish }.to raise_error(klass) { |e|
|
54
|
+
e.should == error
|
55
|
+
}
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
describe Rack::OAuth2::Server::Authorize::ErrorMethods do
|
62
|
+
let(:klass) { Rack::OAuth2::Server::Authorize::BadRequest }
|
63
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
64
|
+
let(:default_description) { Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION }
|
65
|
+
let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
|
66
|
+
let(:request) { Rack::OAuth2::Server::Authorize::Request.new env }
|
67
|
+
let(:request_for_code) { Rack::OAuth2::Server::Authorize::Code::Request.new env }
|
68
|
+
let(:request_for_token) { Rack::OAuth2::Server::Authorize::Token::Request.new env }
|
69
|
+
|
70
|
+
describe 'bad_request!' do
|
71
|
+
it do
|
72
|
+
expect { request.bad_request! }.to raise_error klass
|
73
|
+
end
|
74
|
+
|
75
|
+
context 'when response_type = :code' do
|
76
|
+
it 'should set protocol_params_location = :query' do
|
77
|
+
expect { request_for_code.bad_request! }.to raise_error(klass) { |e|
|
78
|
+
e.protocol_params_location.should == :query
|
79
|
+
}
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
context 'when response_type = :token' do
|
84
|
+
it 'should set protocol_params_location = :fragment' do
|
85
|
+
expect { request_for_token.bad_request! }.to raise_error(klass) { |e|
|
86
|
+
e.protocol_params_location.should == :fragment
|
87
|
+
}
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
|
93
|
+
method = "#{error_code}!"
|
94
|
+
describe method do
|
95
|
+
it "should raise Rack::OAuth2::Server::Authorize::BadRequest with error = :#{error_code}" do
|
96
|
+
expect { request.send method }.to raise_error(klass) { |error|
|
97
|
+
error.error.should == error_code
|
98
|
+
error.description.should == default_description[error_code]
|
99
|
+
}
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
require 'rack/oauth2/server/authorize/extension/code_and_token'
|
3
|
+
|
4
|
+
describe Rack::OAuth2::Server::Authorize::Extension::CodeAndToken do
|
5
|
+
let(:request) { Rack::MockRequest.new app }
|
6
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
7
|
+
let(:access_token) { 'access_token' }
|
8
|
+
let(:authorization_code) { 'authorization_code' }
|
9
|
+
let(:response) do
|
10
|
+
request.get("/?response_type=code%20token&client_id=client&redirect_uri=#{redirect_uri}")
|
11
|
+
end
|
12
|
+
|
13
|
+
context "when approved" do
|
14
|
+
subject { response }
|
15
|
+
let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
|
16
|
+
let :app do
|
17
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
18
|
+
response.redirect_uri = redirect_uri
|
19
|
+
response.access_token = bearer_token
|
20
|
+
response.code = authorization_code
|
21
|
+
response.approve!
|
22
|
+
end
|
23
|
+
end
|
24
|
+
its(:status) { should == 302 }
|
25
|
+
its(:location) { should include "#{redirect_uri}#" }
|
26
|
+
its(:location) { should include "code=#{authorization_code}"}
|
27
|
+
its(:location) { should include "access_token=#{access_token}"}
|
28
|
+
its(:location) { should include 'token_type=bearer' }
|
29
|
+
|
30
|
+
context 'when refresh_token is given' do
|
31
|
+
let :bearer_token do
|
32
|
+
Rack::OAuth2::AccessToken::Bearer.new(
|
33
|
+
:access_token => access_token,
|
34
|
+
:refresh_token => 'refresh'
|
35
|
+
)
|
36
|
+
end
|
37
|
+
its(:location) { should include "#{redirect_uri}#" }
|
38
|
+
its(:location) { should include "code=#{authorization_code}"}
|
39
|
+
its(:location) { should include "access_token=#{access_token}"}
|
40
|
+
its(:location) { should include 'token_type=bearer' }
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
context 'when denied' do
|
45
|
+
let :app do
|
46
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
47
|
+
request.verify_redirect_uri! redirect_uri
|
48
|
+
request.access_denied!
|
49
|
+
end
|
50
|
+
end
|
51
|
+
it 'should redirect with error in fragment' do
|
52
|
+
response.status.should == 302
|
53
|
+
error_message = {
|
54
|
+
:error => :access_denied,
|
55
|
+
:error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
|
56
|
+
}
|
57
|
+
response.location.should == "#{redirect_uri}##{error_message.to_query}"
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Authorize::Token do
|
4
|
+
let(:request) { Rack::MockRequest.new app }
|
5
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
6
|
+
let(:access_token) { 'access_token' }
|
7
|
+
let(:response) { request.get("/?response_type=token&client_id=client&redirect_uri=#{redirect_uri}&state=state") }
|
8
|
+
|
9
|
+
context "when approved" do
|
10
|
+
subject { response }
|
11
|
+
let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
|
12
|
+
let :app do
|
13
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
14
|
+
response.redirect_uri = redirect_uri
|
15
|
+
response.access_token = bearer_token
|
16
|
+
response.approve!
|
17
|
+
end
|
18
|
+
end
|
19
|
+
its(:status) { should == 302 }
|
20
|
+
its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&state=state&token_type=bearer" }
|
21
|
+
|
22
|
+
context 'when refresh_token is given' do
|
23
|
+
let :bearer_token do
|
24
|
+
Rack::OAuth2::AccessToken::Bearer.new(
|
25
|
+
:access_token => access_token,
|
26
|
+
:refresh_token => 'refresh'
|
27
|
+
)
|
28
|
+
end
|
29
|
+
its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&state=state&token_type=bearer" }
|
30
|
+
end
|
31
|
+
|
32
|
+
context 'when redirect_uri is missing' do
|
33
|
+
let :app do
|
34
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
35
|
+
response.access_token = bearer_token
|
36
|
+
response.approve!
|
37
|
+
end
|
38
|
+
end
|
39
|
+
it do
|
40
|
+
expect { response }.to raise_error AttrRequired::AttrMissing
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
context 'when access_token is missing' do
|
45
|
+
let :app do
|
46
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
47
|
+
response.redirect_uri = redirect_uri
|
48
|
+
response.approve!
|
49
|
+
end
|
50
|
+
end
|
51
|
+
it do
|
52
|
+
expect { response }.to raise_error AttrRequired::AttrMissing
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
context 'when denied' do
|
58
|
+
let :app do
|
59
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
60
|
+
request.verify_redirect_uri! redirect_uri
|
61
|
+
request.access_denied!
|
62
|
+
end
|
63
|
+
end
|
64
|
+
it 'should redirect with error in fragment' do
|
65
|
+
response.status.should == 302
|
66
|
+
error_message = {
|
67
|
+
:error => :access_denied,
|
68
|
+
:error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
|
69
|
+
}
|
70
|
+
response.location.should == "#{redirect_uri}##{error_message.to_query}&state=state"
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|