rack-oauth2 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/rack-oauth2.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{rack-oauth2}
8
- s.version = "0.1.0"
8
+ s.version = "0.2.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["nov matake"]
12
- s.date = %q{2010-09-18}
12
+ s.date = %q{2010-10-03}
13
13
  s.description = %q{Rack Middleware for OAuth2. Currently support only Server/Provider, not Client/Consumer.}
14
14
  s.email = %q{nov@matake.jp}
15
15
  s.extra_rdoc_files = [
@@ -23,9 +23,6 @@ Gem::Specification.new do |s|
23
23
  "README.rdoc",
24
24
  "Rakefile",
25
25
  "VERSION",
26
- "example/server/authorize.rb",
27
- "example/server/oauth2_controller.rb",
28
- "example/server/token.rb",
29
26
  "lib/rack/oauth2.rb",
30
27
  "lib/rack/oauth2/server.rb",
31
28
  "lib/rack/oauth2/server/abstract.rb",
@@ -37,6 +34,9 @@ Gem::Specification.new do |s|
37
34
  "lib/rack/oauth2/server/authorize/code_and_token.rb",
38
35
  "lib/rack/oauth2/server/authorize/token.rb",
39
36
  "lib/rack/oauth2/server/error.rb",
37
+ "lib/rack/oauth2/server/error/authorize.rb",
38
+ "lib/rack/oauth2/server/error/resource.rb",
39
+ "lib/rack/oauth2/server/error/token.rb",
40
40
  "lib/rack/oauth2/server/resource.rb",
41
41
  "lib/rack/oauth2/server/token.rb",
42
42
  "lib/rack/oauth2/server/token/assertion.rb",
@@ -49,6 +49,9 @@ Gem::Specification.new do |s|
49
49
  "spec/rack/oauth2/server/authorize/code_spec.rb",
50
50
  "spec/rack/oauth2/server/authorize/token_spec.rb",
51
51
  "spec/rack/oauth2/server/authorize_spec.rb",
52
+ "spec/rack/oauth2/server/error/authorize_spec.rb",
53
+ "spec/rack/oauth2/server/error/resource_spec.rb",
54
+ "spec/rack/oauth2/server/error/token_spec.rb",
52
55
  "spec/rack/oauth2/server/error_spec.rb",
53
56
  "spec/rack/oauth2/server/resource_spec.rb",
54
57
  "spec/rack/oauth2/server/token/assertion_spec.rb",
@@ -56,6 +59,7 @@ Gem::Specification.new do |s|
56
59
  "spec/rack/oauth2/server/token/password_spec.rb",
57
60
  "spec/rack/oauth2/server/token/refresh_token_spec.rb",
58
61
  "spec/rack/oauth2/server/token_spec.rb",
62
+ "spec/rack/oauth2/server/util_spec.rb",
59
63
  "spec/spec.opts",
60
64
  "spec/spec_helper.rb"
61
65
  ]
@@ -63,12 +67,15 @@ Gem::Specification.new do |s|
63
67
  s.rdoc_options = ["--charset=UTF-8"]
64
68
  s.require_paths = ["lib"]
65
69
  s.rubygems_version = %q{1.3.7}
66
- s.summary = %q{Rack Middleware for OAuth2 Client & Server}
70
+ s.summary = %q{Rack Middleware for OAuth2 Server}
67
71
  s.test_files = [
68
72
  "spec/rack/oauth2/server/authorize/code_and_token_spec.rb",
69
73
  "spec/rack/oauth2/server/authorize/code_spec.rb",
70
74
  "spec/rack/oauth2/server/authorize/token_spec.rb",
71
75
  "spec/rack/oauth2/server/authorize_spec.rb",
76
+ "spec/rack/oauth2/server/error/authorize_spec.rb",
77
+ "spec/rack/oauth2/server/error/resource_spec.rb",
78
+ "spec/rack/oauth2/server/error/token_spec.rb",
72
79
  "spec/rack/oauth2/server/error_spec.rb",
73
80
  "spec/rack/oauth2/server/resource_spec.rb",
74
81
  "spec/rack/oauth2/server/token/assertion_spec.rb",
@@ -76,6 +83,7 @@ Gem::Specification.new do |s|
76
83
  "spec/rack/oauth2/server/token/password_spec.rb",
77
84
  "spec/rack/oauth2/server/token/refresh_token_spec.rb",
78
85
  "spec/rack/oauth2/server/token_spec.rb",
86
+ "spec/rack/oauth2/server/util_spec.rb",
79
87
  "spec/spec_helper.rb"
80
88
  ]
81
89
 
@@ -5,7 +5,6 @@ describe Rack::OAuth2::Server::Authorize::CodeAndToken do
5
5
  context "when authorized" do
6
6
 
7
7
  before do
8
- # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::CodeAndToken directly
9
8
  @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
10
9
  response.approve!
11
10
  response.code = "authorization_code"
@@ -20,14 +19,21 @@ describe Rack::OAuth2::Server::Authorize::CodeAndToken do
20
19
  response.location.should == "http://client.example.com/callback?code=authorization_code#access_token=access_token"
21
20
  end
22
21
 
22
+ context "when redirect_uri already includes query and fragment" do
23
+ it "should keep original query and fragment" do
24
+ response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback?k=v%23fragment")
25
+ response.status.should == 302
26
+ response.location.should == "http://client.example.com/callback?k=v&code=authorization_code#fragment&access_token=access_token"
27
+ end
28
+ end
29
+
23
30
  end
24
31
 
25
32
  context "when denied" do
26
33
 
27
34
  before do
28
- # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
29
35
  @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
30
- raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
36
+ request.access_denied! 'User rejected the requested access.'
31
37
  end
32
38
  @request = Rack::MockRequest.new @app
33
39
  end
@@ -35,7 +41,11 @@ describe Rack::OAuth2::Server::Authorize::CodeAndToken do
35
41
  it "should redirect to redirect_uri with error message" do
36
42
  response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback")
37
43
  response.status.should == 302
38
- response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
44
+ error_message = {
45
+ :error => :access_denied,
46
+ :error_description => "User rejected the requested access."
47
+ }
48
+ response.location.should == "http://client.example.com/callback?#{error_message.to_query}"
39
49
  end
40
50
 
41
51
  end
@@ -5,7 +5,6 @@ describe Rack::OAuth2::Server::Authorize::Code do
5
5
  context "when authorized" do
6
6
 
7
7
  before do
8
- # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
9
8
  @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
10
9
  response.approve!
11
10
  response.code = "authorization_code"
@@ -19,14 +18,21 @@ describe Rack::OAuth2::Server::Authorize::Code do
19
18
  response.location.should == "http://client.example.com/callback?code=authorization_code"
20
19
  end
21
20
 
21
+ context "when redirect_uri already includes query" do
22
+ it "should keep original query" do
23
+ response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback?k=v")
24
+ response.status.should == 302
25
+ response.location.should == "http://client.example.com/callback?k=v&code=authorization_code"
26
+ end
27
+ end
28
+
22
29
  end
23
30
 
24
31
  context "when denied" do
25
32
 
26
33
  before do
27
- # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
28
34
  @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
29
- raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
35
+ request.access_denied! 'User rejected the requested access.'
30
36
  end
31
37
  @request = Rack::MockRequest.new @app
32
38
  end
@@ -34,7 +40,11 @@ describe Rack::OAuth2::Server::Authorize::Code do
34
40
  it "should redirect to redirect_uri with error message" do
35
41
  response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
36
42
  response.status.should == 302
37
- response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
43
+ error_message = {
44
+ :error => :access_denied,
45
+ :error_description => "User rejected the requested access."
46
+ }
47
+ response.location.should == "http://client.example.com/callback?#{error_message.to_query}"
38
48
  end
39
49
 
40
50
  end
@@ -5,7 +5,6 @@ describe Rack::OAuth2::Server::Authorize::Token do
5
5
  context "when authorized" do
6
6
 
7
7
  before do
8
- # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
9
8
  @app = Rack::OAuth2::Server::Authorize.new do |request, response|
10
9
  response.approve!
11
10
  response.access_token = "access_token"
@@ -19,14 +18,21 @@ describe Rack::OAuth2::Server::Authorize::Token do
19
18
  response.location.should == "http://client.example.com/callback#access_token=access_token"
20
19
  end
21
20
 
21
+ context "when redirect_uri already includes fragment" do
22
+ it "should keep original fragment" do
23
+ response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback%23fragment")
24
+ response.status.should == 302
25
+ response.location.should == "http://client.example.com/callback#fragment&access_token=access_token"
26
+ end
27
+ end
28
+
22
29
  end
23
30
 
24
31
  context "when denied" do
25
32
 
26
33
  before do
27
- # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
28
34
  @app = Rack::OAuth2::Server::Authorize.new do |request, response|
29
- raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
35
+ request.access_denied! 'User rejected the requested access.'
30
36
  end
31
37
  @request = Rack::MockRequest.new @app
32
38
  end
@@ -34,7 +40,11 @@ describe Rack::OAuth2::Server::Authorize::Token do
34
40
  it "should redirect to redirect_uri with error message" do
35
41
  response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback")
36
42
  response.status.should == 302
37
- response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
43
+ error_message = {
44
+ :error => :access_denied,
45
+ :error_description => "User rejected the requested access."
46
+ }
47
+ response.location.should == "http://client.example.com/callback?#{error_message.to_query}"
38
48
  end
39
49
 
40
50
  end
@@ -0,0 +1,103 @@
1
+ require 'spec_helper.rb'
2
+
3
+ describe Rack::OAuth2::Server::Authorize::Request do
4
+
5
+ before do
6
+ @request = Rack::OAuth2::Server::Authorize::Request.new(
7
+ Rack::MockRequest.env_for("/authorize", :params => {
8
+ :client_id => "client_id",
9
+ :response_type => "code"
10
+ })
11
+ )
12
+ end
13
+
14
+ describe "#error!" do
15
+ it "should raise BadRequest error" do
16
+ lambda do
17
+ @request.error! :something
18
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
19
+ e.error.should == :something
20
+ e.description.should be_nil
21
+ }
22
+ end
23
+ end
24
+
25
+ describe "#invalid_request!" do
26
+ it "should raise BadRequest error" do
27
+ lambda do
28
+ @request.invalid_request!
29
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
30
+ e.error.should == :invalid_request
31
+ e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:invalid_request]
32
+ }
33
+ end
34
+ end
35
+
36
+ describe "#invalid_client!" do
37
+ it "should raise BadRequest error" do
38
+ lambda do
39
+ @request.invalid_client!
40
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
41
+ e.error.should == :invalid_client
42
+ e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:invalid_client]
43
+ }
44
+ end
45
+ end
46
+
47
+ describe "#unauthorized_client!" do
48
+ it "should raise BadRequest error" do
49
+ lambda do
50
+ @request.unauthorized_client!
51
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
52
+ e.error.should == :unauthorized_client
53
+ e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:unauthorized_client]
54
+ }
55
+ end
56
+ end
57
+
58
+ describe "#redirect_uri_mismatch!" do
59
+ it "should raise BadRequest error" do
60
+ lambda do
61
+ @request.redirect_uri_mismatch!
62
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
63
+ e.error.should == :redirect_uri_mismatch
64
+ e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:redirect_uri_mismatch]
65
+ }
66
+ end
67
+ end
68
+
69
+ describe "#access_denied!" do
70
+ it "should raise BadRequest error" do
71
+ lambda do
72
+ @request.access_denied!
73
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
74
+ e.error.should == :access_denied
75
+ e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:access_denied]
76
+ }
77
+ end
78
+ end
79
+
80
+ describe "#unsupported_response_type!" do
81
+ it "should raise BadRequest error" do
82
+ lambda do
83
+ @request.unsupported_response_type!
84
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
85
+ p e
86
+ e.error.should == :unsupported_response_type
87
+ e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:unsupported_response_type]
88
+ }
89
+ end
90
+ end
91
+
92
+ describe "#invalid_scope!" do
93
+ it "should raise BadRequest error" do
94
+ lambda do
95
+ @request.invalid_scope!
96
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
97
+ e.error.should == :invalid_scope
98
+ e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:invalid_scope]
99
+ }
100
+ end
101
+ end
102
+
103
+ end
@@ -0,0 +1,69 @@
1
+ require 'spec_helper.rb'
2
+
3
+ describe Rack::OAuth2::Server::Resource::Request do
4
+
5
+ before do
6
+ @request = Rack::OAuth2::Server::Resource::Request.new(
7
+ Rack::MockRequest.env_for("/resource", :params => {
8
+ :oauth_token => "oauth_token"
9
+ }), "server.example.com"
10
+ )
11
+ end
12
+
13
+ describe "#error!" do
14
+ it "should raise BadRequest error" do
15
+ lambda do
16
+ @request.error! :something
17
+ end.should raise_error(Rack::OAuth2::Server::Error) { |e|
18
+ e.status.should == 400
19
+ e.error.should == :something
20
+ e.description.should be_nil
21
+ }
22
+ end
23
+ end
24
+
25
+ describe "#invalid_request!" do
26
+ it "should raise BadRequest error" do
27
+ lambda do
28
+ @request.invalid_request!
29
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
30
+ e.error.should == :invalid_request
31
+ e.description.should == Rack::OAuth2::Server::Error::Resource::DEFAULT_DESCRIPTION[:invalid_request]
32
+ }
33
+ end
34
+ end
35
+
36
+ describe "#invalid_token!" do
37
+ it "should raise Unauthorized error" do
38
+ lambda do
39
+ @request.invalid_token!
40
+ end.should raise_error(Rack::OAuth2::Server::Unauthorized) { |e|
41
+ e.error.should == :invalid_token
42
+ e.description.should == Rack::OAuth2::Server::Error::Resource::DEFAULT_DESCRIPTION[:invalid_token]
43
+ }
44
+ end
45
+ end
46
+
47
+ describe "#expired_token!" do
48
+ it "should raise Unauthorized error" do
49
+ lambda do
50
+ @request.expired_token!
51
+ end.should raise_error(Rack::OAuth2::Server::Unauthorized) { |e|
52
+ e.error.should == :expired_token
53
+ e.description.should == Rack::OAuth2::Server::Error::Resource::DEFAULT_DESCRIPTION[:expired_token]
54
+ }
55
+ end
56
+ end
57
+
58
+ describe "#insufficient_scope!" do
59
+ it "should raise Forbidden error" do
60
+ lambda do
61
+ @request.insufficient_scope!
62
+ end.should raise_error(Rack::OAuth2::Server::Forbidden) { |e|
63
+ e.error.should == :insufficient_scope
64
+ e.description.should == Rack::OAuth2::Server::Error::Resource::DEFAULT_DESCRIPTION[:insufficient_scope]
65
+ }
66
+ end
67
+ end
68
+
69
+ end
@@ -0,0 +1,115 @@
1
+ require 'spec_helper.rb'
2
+
3
+ describe Rack::OAuth2::Server::Token::Request do
4
+
5
+ before do
6
+ @request = Rack::OAuth2::Server::Token::Request.new(
7
+ Rack::MockRequest.env_for("/token", :params => {
8
+ :client_id => "client_id",
9
+ :grant_type => "authorization_code",
10
+ :code => "code"
11
+ })
12
+ )
13
+ end
14
+
15
+ describe "#error!" do
16
+ it "should raise BadRequest error" do
17
+ lambda do
18
+ @request.error! :something
19
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
20
+ e.error.should == :something
21
+ e.description.should be_nil
22
+ }
23
+ end
24
+ end
25
+
26
+ describe "#invalid_request!" do
27
+ it "should raise BadRequest error" do
28
+ lambda do
29
+ @request.invalid_request!
30
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
31
+ e.error.should == :invalid_request
32
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:invalid_request]
33
+ }
34
+ end
35
+ end
36
+
37
+ describe "#invalid_client!" do
38
+ it "should raise BadRequest error" do
39
+ lambda do
40
+ @request.invalid_client!
41
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
42
+ e.error.should == :invalid_client
43
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:invalid_client]
44
+ }
45
+ end
46
+
47
+ context "when Authorization header is used" do
48
+ it "should raise Unauthorized error" do
49
+ lambda do
50
+ @request.via_authorization_header = true
51
+ @request.invalid_client!
52
+ end.should raise_error(Rack::OAuth2::Server::Unauthorized) { |e|
53
+ e.error.should == :invalid_client
54
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:invalid_client]
55
+ }
56
+ end
57
+ end
58
+ end
59
+
60
+ describe "#unauthorized_client!" do
61
+ it "should raise BadRequest error" do
62
+ lambda do
63
+ @request.unauthorized_client!
64
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
65
+ e.error.should == :unauthorized_client
66
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:unauthorized_client]
67
+ }
68
+ end
69
+ end
70
+
71
+ describe "#invalid_grant!" do
72
+ it "should raise BadRequest error" do
73
+ lambda do
74
+ @request.invalid_grant!
75
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
76
+ e.error.should == :invalid_grant
77
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:invalid_grant]
78
+ }
79
+ end
80
+ end
81
+
82
+ describe "#unsupported_grant_type!" do
83
+ it "should raise BadRequest error" do
84
+ lambda do
85
+ @request.unsupported_grant_type!
86
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
87
+ e.error.should == :unsupported_grant_type
88
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:unsupported_grant_type]
89
+ }
90
+ end
91
+ end
92
+
93
+ describe "#unsupported_response_type!" do
94
+ it "should raise BadRequest error" do
95
+ lambda do
96
+ @request.unsupported_response_type!
97
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
98
+ e.error.should == :unsupported_response_type
99
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:unsupported_response_type]
100
+ }
101
+ end
102
+ end
103
+
104
+ describe "#invalid_scope!" do
105
+ it "should raise BadRequest error" do
106
+ lambda do
107
+ @request.invalid_scope!
108
+ end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
109
+ e.error.should == :invalid_scope
110
+ e.description.should == Rack::OAuth2::Server::Error::Token::DEFAULT_DESCRIPTION[:invalid_scope]
111
+ }
112
+ end
113
+ end
114
+
115
+ end