rack-oauth2 0.1.0 → 0.2.0

data/spec/rack/oauth2/server/error_spec.rb

@@ -26,25 +26,47 @@ describe Rack::OAuth2::Server::Error, '#finish' do
       header['Content-Type'].should == "text/html"
       header['Location'].should == "#{@params.delete(:redirect_uri)}?#{@params.to_query}"
     end
+
+    context "when redirect_uri already includes query" do
+      before do
+        @params = {
+          :error => :invalid_request,
+          :error_description => "Something invalid!!",
+          :redirect_uri => "http://client.example.com?k=v"
+        }
+        @error = Rack::OAuth2::Server::Error.new(400, @params[:error], @params[:error_description], :redirect_uri => @params[:redirect_uri])
+      end
+
+      it "should keep original query" do
+        status, header, response = @error.finish
+        status.should == 302
+        header['Content-Type'].should == "text/html"
+        header['Location'].should == "#{@params.delete(:redirect_uri)}&#{@params.to_query}"
+      end
+    end
   end
 
-  context "when www_authenticate isn given" do
+  context "when realm is given" do
     before do
       @params = {
         :error => :invalid_request,
         :error_description => "Something invalid!!"
       }
-      @error = Rack::OAuth2::Server::Error.new(401, @params[:error], @params[:error_description], :www_authenticate => true)
+      @error = Rack::OAuth2::Server::Error.new(401, @params[:error], @params[:error_description], :realm => "server.example.com")
     end
 
     it "should return failure response with error message in WWW-Authenticate header" do
       status, header, response = @error.finish
       status.should === 401
-      header['WWW-Authenticate'].should == "OAuth realm='' error_description='Something invalid!!' error='invalid_request'"
+      error_message = {
+        :error => "invalid_request",
+        :error_description => "Something invalid!!"
+      }
+      header['WWW-Authenticate'].should == "OAuth realm='server.example.com' #{error_message.collect {|k,v| "#{k}='#{v}'"}.join(' ')}"
     end
   end
 
-  context "when either redirect_uri nor www_authenticate isn't given" do
+  context "when either redirect_uri nor realm isn't given" do
     before do
       @params = {
         :error => :invalid_request,
@@ -58,6 +80,7 @@ describe Rack::OAuth2::Server::Error, '#finish' do
       status.should === 400
       response.body.to_s.should == @params.to_json
     end
+    
   end
 
 end
@@ -70,8 +93,15 @@ describe Rack::OAuth2::Server::BadRequest do
 end
 
 describe Rack::OAuth2::Server::Unauthorized do
-  it "should use 400 as status" do
+  it "should use 401 as status" do
     error = Rack::OAuth2::Server::Unauthorized.new(:invalid_request)
     error.status.should == 401
   end
+end
+
+describe Rack::OAuth2::Server::Forbidden do
+  it "should use 403 as status" do
+    error = Rack::OAuth2::Server::Forbidden.new(:invalid_request)
+    error.status.should == 403
+  end
 end

data/spec/rack/oauth2/server/resource_spec.rb

@@ -15,11 +15,11 @@ describe Rack::OAuth2::Server::Resource, '#call' do
       when "valid_token"
         # nothing to do
       when "insufficient_scope_token"
-        raise Rack::OAuth2::Server::Unauthorized.new(:insufficient_scope, "More scope is required.", :www_authenticate => true)
+        request.insufficient_scope!("More scope is required.")
       when "expired_token"
-        raise Rack::OAuth2::Server::Unauthorized.new(:expired_token, "Given access token has been expired.", :www_authenticate => true)
+        request.expired_token!("Given access token has been expired.")
       else
-        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_token, "Given access token is invalid.", :www_authenticate => true)
+        request.invalid_token!("Given access token is invalid.")
       end
     end
     @request = Rack::MockRequest.new @app
@@ -45,13 +45,35 @@ describe Rack::OAuth2::Server::Resource, '#call' do
       @app.call(env)
       env[Rack::OAuth2::ACCESS_TOKEN].should == "valid_token"
     end
+
+    context "when Authorization header is used" do
+      it "should be accepted" do
+        env = Rack::MockRequest.env_for("/protected_resource", "HTTP_AUTHORIZATION" => "OAuth valid_token")
+        status, header, response = @app.call(env)
+        status.should == 200
+        env[Rack::OAuth2::ACCESS_TOKEN].should == "valid_token"
+      end
+    end
+
+    context "when request body is used" do
+      it "should be accepted" do
+        env = Rack::MockRequest.env_for("/protected_resource", :params => {:oauth_token => "valid_token"})
+        status, header, response = @app.call(env)
+        status.should == 200
+        env[Rack::OAuth2::ACCESS_TOKEN].should == "valid_token"
+      end
+    end
   end
 
   context "when expired_token is given" do
     it "should fail with expired_token error" do
       response = @request.get("/protected_resource?oauth_token=expired_token")
       response.status.should == 401
-      response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' error_description='Given access token has been expired.' error='expired_token'"
+      error_message = {
+        :error => :expired_token,
+        :error_description => "Given access token has been expired."
+      }
+      response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' #{error_message.collect {|k,v| "#{k}='#{v}'"}.join(' ')}"
     end
 
     it "should not store access token in env" do
@@ -65,7 +87,11 @@ describe Rack::OAuth2::Server::Resource, '#call' do
     it "should fail with invalid_token error" do
       response = @request.get("/protected_resource?oauth_token=invalid_token")
       response.status.should == 401
-      response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' error_description='Given access token is invalid.' error='invalid_token'"
+      error_message = {
+        :error => :invalid_token,
+        :error_description => "Given access token is invalid."
+      }
+      response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' #{error_message.collect {|k,v| "#{k}='#{v}'"}.join(' ')}"
     end
 
     it "should not store access token in env" do
@@ -79,7 +105,11 @@ describe Rack::OAuth2::Server::Resource, '#call' do
     it "should fail with invalid_request error" do
       response = @request.get("/protected_resource?oauth_token=invalid_token", "HTTP_AUTHORIZATION" => "OAuth valid_token")
       response.status.should == 400
-      response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' error_description='Both Authorization header and payload includes oauth_token.' error='invalid_request'"
+      error_message = {
+        :error => :invalid_request,
+        :error_description => "Both Authorization header and payload includes oauth_token."
+      }
+      response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' #{error_message.collect {|k,v| "#{k}='#{v}'"}.join(' ')}"
     end
   end
 

data/spec/rack/oauth2/server/token/assertion_spec.rb

@@ -5,7 +5,6 @@ describe Rack::OAuth2::Server::Token::Assertion do
   context "when valid assertion is given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
         response.access_token = "access_token"
       end
@@ -21,7 +20,9 @@ describe Rack::OAuth2::Server::Token::Assertion do
       })
       response.status.should == 200
       response.content_type.should == "application/json"
-      response.body.should == "{\"access_token\":\"access_token\"}"
+      response.body.should == {
+        :access_token => "access_token"
+      }.to_json
     end
 
   end
@@ -29,9 +30,8 @@ describe Rack::OAuth2::Server::Token::Assertion do
   context "when invalid assertion is given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid assertion.')
+        request.invalid_grant! 'Invalid assertion.'
       end
       @request = Rack::MockRequest.new @app
     end
@@ -43,9 +43,12 @@ describe Rack::OAuth2::Server::Token::Assertion do
         :assertion => "invalid_assertion",
         :assertion_type => "something"
       })
-      response.status.should == 401
+      response.status.should == 400
       response.content_type.should == "application/json"
-      response.body.should == "{\"error_description\":\"Invalid assertion.\",\"error\":\"invalid_grant\"}"
+      response.body.should == {
+        :error => :invalid_grant,
+        :error_description => "Invalid assertion."
+      }.to_json
     end
 
   end

data/spec/rack/oauth2/server/token/authorization_code_spec.rb

@@ -5,7 +5,6 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
   context "when valid code is given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
         response.access_token = "access_token"
       end
@@ -21,7 +20,9 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
       })
       response.status.should == 200
       response.content_type.should == "application/json"
-      response.body.should == "{\"access_token\":\"access_token\"}"
+      response.body.should == {
+        :access_token => "access_token"
+      }.to_json
     end
 
   end
@@ -29,9 +30,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
   context "when invalid code is given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
+        request.invalid_grant!('Invalid authorization code.')
       end
       @request = Rack::MockRequest.new @app
     end
@@ -43,9 +43,12 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
         :code => "invalid_authorization_code",
         :redirect_uri => "http://client.example.com/callback"
       })
-      response.status.should == 401
+      response.status.should == 400
       response.content_type.should == "application/json"
-      response.body.should == "{\"error_description\":\"Invalid authorization code.\",\"error\":\"invalid_grant\"}"
+      response.body.should == {
+        :error => :invalid_grant,
+        :error_description => "Invalid authorization code."
+      }.to_json
     end
 
   end
@@ -53,23 +56,62 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
   context "when invalid client_id is given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.')
+        request.invalid_client!('Invalid client identifier.')
       end
       @request = Rack::MockRequest.new @app
     end
 
-    it "should return error message as json response body" do
-      response = @request.post("/", :params => {
-        :grant_type => "authorization_code",
-        :client_id => "invalid_client",
-        :code => "valid_authorization_code",
-        :redirect_uri => "http://client.example.com/callback"
-      })
-      response.status.should == 401
-      response.content_type.should == "application/json"
-      response.body.should == "{\"error_description\":\"Invalid client identifier.\",\"error\":\"invalid_client\"}"
+    context "when client credentials is given via Authorization header" do
+      it "should return 401 error" do
+        response = @request.post("/", :params => {
+          :grant_type => "authorization_code",
+          :code => "valid_authorization_code",
+          :redirect_uri => "http://client.example.com/callback"
+        }, 'HTTP_AUTHORIZATION' => "Basic #{["invalid_client_id:client_secret"].pack("m*")}")
+        response.status.should == 401
+        response.content_type.should == "application/json"
+        response.body.should == {
+          :error => :invalid_client,
+          :error_description => "Invalid client identifier."
+        }.to_json
+      end
+    end
+
+    context "when client credentials is given via request body" do
+      it "should return 400 error" do
+        response = @request.post("/", :params => {
+          :grant_type => "authorization_code",
+          :client_id => "invalid_client",
+          :code => "valid_authorization_code",
+          :redirect_uri => "http://client.example.com/callback"
+        })
+        response.status.should == 400
+        response.content_type.should == "application/json"
+        response.body.should == {
+          :error => :invalid_client,
+          :error_description => "Invalid client identifier."
+        }.to_json
+      end
+    end
+
+    context "when client credentials is given via both Authorization header and request body" do
+      it "should return 401 error with multiple credentials error message" do
+        response = @request.post("/", :params => {
+          :grant_type => "authorization_code",
+          :client_id => "invalid_client",
+          :code => "valid_authorization_code",
+          :redirect_uri => "http://client.example.com/callback"
+        }, 'HTTP_AUTHORIZATION' => "Basic #{["invalid_client_id:client_secret"].pack("m*")}")
+        response.status.should == 401
+        response.content_type.should == "application/json"
+        response.body.should == {
+          :error => :invalid_client,
+          :error_description => "Multiple client credentials are provided."
+        }.to_json
+      end
+      # TODO
+      
     end
 
   end

data/spec/rack/oauth2/server/token/password_spec.rb

@@ -5,7 +5,6 @@ describe Rack::OAuth2::Server::Token::Password do
   context "when valid resource owner credentials are given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
         response.access_token = "access_token"
       end
@@ -21,7 +20,9 @@ describe Rack::OAuth2::Server::Token::Password do
       })
       response.status.should == 200
       response.content_type.should == "application/json"
-      response.body.should == "{\"access_token\":\"access_token\"}"
+      response.body.should == {
+        :access_token => "access_token"
+      }.to_json
     end
 
   end
@@ -29,9 +30,8 @@ describe Rack::OAuth2::Server::Token::Password do
   context "when invalid resource owner credentials are given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource owner credentials.')
+        request.invalid_grant! 'Invalid resource owner credentials.'
       end
       @request = Rack::MockRequest.new @app
     end
@@ -43,9 +43,12 @@ describe Rack::OAuth2::Server::Token::Password do
         :username => "nov",
         :password => "invalid_pass"
       })
-      response.status.should == 401
+      response.status.should == 400
       response.content_type.should == "application/json"
-      response.body.should == "{\"error_description\":\"Invalid resource owner credentials.\",\"error\":\"invalid_grant\"}"
+      response.body.should == {
+        :error => :invalid_grant,
+        :error_description => "Invalid resource owner credentials."
+      }.to_json
     end
 
   end

data/spec/rack/oauth2/server/token/refresh_token_spec.rb

@@ -5,7 +5,6 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
   context "when valid refresh_token is given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
         response.access_token = "access_token"
       end
@@ -20,7 +19,9 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
       })
       response.status.should == 200
       response.content_type.should == "application/json"
-      response.body.should == "{\"access_token\":\"access_token\"}"
+      response.body.should == {
+        :access_token => "access_token"
+      }.to_json
     end
 
   end
@@ -28,9 +29,8 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
   context "when invalid refresh_token is given" do
 
     before do
-      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
       @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid refresh_token.')
+        request.invalid_grant! 'Invalid refresh_token.'
       end
       @request = Rack::MockRequest.new @app
     end
@@ -41,9 +41,12 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
         :client_id => "valid_client",
         :refresh_token => "invalid_refresh_token"
       })
-      response.status.should == 401
+      response.status.should == 400
       response.content_type.should == "application/json"
-      response.body.should == "{\"error_description\":\"Invalid refresh_token.\",\"error\":\"invalid_grant\"}"
+      response.body.should == {
+        :error => :invalid_grant,
+        :error_description => "Invalid refresh_token."
+      }.to_json
     end
 
   end

data/spec/rack/oauth2/server/util_spec.rb

@@ -0,0 +1,26 @@
+describe Rack::OAuth2::Server::Util, ".parse_uri" do
+
+  context "when String is given" do
+    it "should parse it as URI" do
+      uri = Rack::OAuth2::Server::Util.parse_uri "http://client.example.com"
+      uri.should be_a_kind_of(URI::Generic)
+    end
+  end
+
+  context "when URI is given" do
+    it "should return itself" do
+      _uri_ = URI.parse "http://client.example.com"
+      uri = Rack::OAuth2::Server::Util.parse_uri _uri_
+      uri.should == _uri_
+    end
+  end
+
+  context "when Integer is given" do
+    it "should raise error" do
+      lambda do
+        Rack::OAuth2::Server::Util.parse_uri 123
+      end.should raise_error(StandardError)
+    end
+  end
+
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-oauth2
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 23
   prerelease: false
   segments: 
   - 0
-  - 1
+  - 2
   - 0
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors: 
 - nov matake
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-18 00:00:00 +09:00
+date: 2010-10-03 00:00:00 +09:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -78,9 +78,6 @@ files:
 - README.rdoc
 - Rakefile
 - VERSION
-- example/server/authorize.rb
-- example/server/oauth2_controller.rb
-- example/server/token.rb
 - lib/rack/oauth2.rb
 - lib/rack/oauth2/server.rb
 - lib/rack/oauth2/server/abstract.rb
@@ -92,6 +89,9 @@ files:
 - lib/rack/oauth2/server/authorize/code_and_token.rb
 - lib/rack/oauth2/server/authorize/token.rb
 - lib/rack/oauth2/server/error.rb
+- lib/rack/oauth2/server/error/authorize.rb
+- lib/rack/oauth2/server/error/resource.rb
+- lib/rack/oauth2/server/error/token.rb
 - lib/rack/oauth2/server/resource.rb
 - lib/rack/oauth2/server/token.rb
 - lib/rack/oauth2/server/token/assertion.rb
@@ -104,6 +104,9 @@ files:
 - spec/rack/oauth2/server/authorize/code_spec.rb
 - spec/rack/oauth2/server/authorize/token_spec.rb
 - spec/rack/oauth2/server/authorize_spec.rb
+- spec/rack/oauth2/server/error/authorize_spec.rb
+- spec/rack/oauth2/server/error/resource_spec.rb
+- spec/rack/oauth2/server/error/token_spec.rb
 - spec/rack/oauth2/server/error_spec.rb
 - spec/rack/oauth2/server/resource_spec.rb
 - spec/rack/oauth2/server/token/assertion_spec.rb
@@ -111,6 +114,7 @@ files:
 - spec/rack/oauth2/server/token/password_spec.rb
 - spec/rack/oauth2/server/token/refresh_token_spec.rb
 - spec/rack/oauth2/server/token_spec.rb
+- spec/rack/oauth2/server/util_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
 has_rdoc: true
@@ -146,12 +150,15 @@ rubyforge_project:
 rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
-summary: Rack Middleware for OAuth2 Client & Server
+summary: Rack Middleware for OAuth2 Server
 test_files: 
 - spec/rack/oauth2/server/authorize/code_and_token_spec.rb
 - spec/rack/oauth2/server/authorize/code_spec.rb
 - spec/rack/oauth2/server/authorize/token_spec.rb
 - spec/rack/oauth2/server/authorize_spec.rb
+- spec/rack/oauth2/server/error/authorize_spec.rb
+- spec/rack/oauth2/server/error/resource_spec.rb
+- spec/rack/oauth2/server/error/token_spec.rb
 - spec/rack/oauth2/server/error_spec.rb
 - spec/rack/oauth2/server/resource_spec.rb
 - spec/rack/oauth2/server/token/assertion_spec.rb
@@ -159,4 +166,5 @@ test_files:
 - spec/rack/oauth2/server/token/password_spec.rb
 - spec/rack/oauth2/server/token/refresh_token_spec.rb
 - spec/rack/oauth2/server/token_spec.rb
+- spec/rack/oauth2/server/util_spec.rb
 - spec/spec_helper.rb