rack-oauth2 0.2.3 → 0.3.0.alpha

data/spec/rack/oauth2/server/authorize/code_spec.rb

@@ -1,52 +1,66 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Server::Authorize::Code do
+  let(:request)            { Rack::MockRequest.new app }
+  let(:redirect_uri)       { 'http://client.example.com/callback' }
+  let(:authorization_code) { 'authorization_code' }  
+  let(:response)           { request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}" }
 
-  context "when authorized" do
-
-    before do
-      @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
+  context 'when approved' do
+    subject { response }
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.code = authorization_code
         response.approve!
-        response.code = "authorization_code"
       end
-      @request = Rack::MockRequest.new @app
     end
+    its(:status)   { should == 302 }
+    its(:location) { should == "#{redirect_uri}?code=#{authorization_code}" }
 
-    it "should redirect to redirect_uri with authorization code" do
-      response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
-      response.status.should == 302
-      response.location.should == "http://client.example.com/callback?code=authorization_code"
+    context 'when redirect_uri already includes query' do
+      let(:redirect_uri) { 'http://client.example.com/callback?k=v' }
+      its(:location)     { should == "#{redirect_uri}&code=#{authorization_code}" }
     end
 
-    context "when redirect_uri already includes query" do
-      it "should keep original query" do
-        response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback?k=v")
-        response.status.should == 302
-        response.location.should == "http://client.example.com/callback?k=v&code=authorization_code"
+    context 'when redirect_uri is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.code = authorization_code
+          response.approve!
+        end
+      end
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing
       end
     end
 
+    context 'when code is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.redirect_uri = redirect_uri
+          response.approve!
+        end
+      end
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing
+      end
+    end
   end
 
-  context "when denied" do
-
-    before do
-      @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
-        request.access_denied! 'User rejected the requested access.'
+  context 'when denied' do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        request.access_denied!
       end
-      @request = Rack::MockRequest.new @app
     end
-
-    it "should redirect to redirect_uri with error message" do
-      response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
+    it 'should redirect with error in query' do
       response.status.should == 302
       error_message = {
         :error => :access_denied,
-        :error_description => "User rejected the requested access."
+        :error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
       }
-      response.location.should == "http://client.example.com/callback?#{error_message.to_query}"
+      response.location.should == "#{redirect_uri}?#{error_message.to_query}"
     end
-
   end
-
 end

data/spec/rack/oauth2/server/authorize/error_spec.rb

@@ -0,0 +1,103 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Authorize::BadRequest do
+  let(:klass)        { Rack::OAuth2::Server::Authorize::BadRequest }
+  let(:error)        { klass.new(:invalid_request) }
+  let(:redirect_uri) { 'http://client.example.com/callback' }
+
+  subject { error }
+  it { should be_a Rack::OAuth2::Server::Abstract::BadRequest }
+  its(:protocol_params) do
+    should == {
+      :error             => :invalid_request,
+      :error_description => nil,
+      :error_uri         => nil,
+      :state             => nil
+    }
+  end
+
+  describe '#finish' do
+    context 'when redirect_uri is given' do
+      before { error.redirect_uri = redirect_uri }
+
+      context 'when protocol_params_location = :query' do
+        before { error.protocol_params_location = :query }
+        it 'should redirect with error in query' do
+          state, header, response = error.finish
+          state.should == 302
+          header["Location"].should == "#{redirect_uri}?error=invalid_request"
+        end
+      end
+
+      context 'when protocol_params_location = :fragment' do
+        before { error.protocol_params_location = :fragment }
+        it 'should redirect with error in fragment' do
+          state, header, response = error.finish
+          state.should == 302
+          header["Location"].should == "#{redirect_uri}#error=invalid_request"
+        end
+      end
+
+      context 'otherwise' do
+        before { error.protocol_params_location = :other }
+        it 'should redirect without error' do
+          state, header, response = error.finish
+          state.should == 302
+          header["Location"].should == redirect_uri
+        end
+      end
+    end
+
+    context 'otherwise' do
+      it 'should raise itself' do
+        expect { error.finish }.should raise_error(klass) { |e|
+          e.should == error
+        }
+      end
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Authorize::ErrorMethods do
+  let(:klass)               { Rack::OAuth2::Server::Authorize::BadRequest }
+  let(:redirect_uri)        { 'http://client.example.com/callback' }
+  let(:default_description) { Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION }
+  let(:env)                 { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
+  let(:request)             { Rack::OAuth2::Server::Authorize::Request.new env }
+  let(:request_for_code)    { Rack::OAuth2::Server::Authorize::Code::Request.new env }
+  let(:request_for_token)   { Rack::OAuth2::Server::Authorize::Token::Request.new env }
+
+  describe 'bad_request!' do
+    it do
+      expect { request.bad_request! }.should raise_error klass
+    end
+
+    context 'when response_type = :code' do
+      it 'should set protocol_params_location = :query' do
+        expect { request_for_code.bad_request! }.should raise_error(klass) { |e|
+          e.protocol_params_location.should == :query
+        }
+      end
+    end
+
+    context 'when response_type = :token' do
+      it 'should set protocol_params_location = :fragment' do
+        expect { request_for_token.bad_request! }.should raise_error(klass) { |e|
+          e.protocol_params_location.should == :fragment
+        }
+      end
+    end
+  end
+
+  Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
+    method = "#{error_code}!"
+    describe method do
+      it "should raise Rack::OAuth2::Server::Authorize::BadRequest with error = :#{error_code}" do
+        expect { request.send method }.should raise_error(klass) { |error|
+          error.error.should       == error_code
+          error.description.should == default_description[error_code]
+        }
+      end
+    end
+  end
+end

data/spec/rack/oauth2/server/authorize/token_spec.rb

@@ -1,52 +1,81 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Server::Authorize::Token do
+  let(:request)      { Rack::MockRequest.new app }
+  let(:redirect_uri) { 'http://client.example.com/callback' }
+  let(:access_token) { 'access_token' }
+  let(:token_type)   { 'bearer' }
+  let(:response)     { request.get("/?response_type=token&client_id=client&redirect_uri=#{redirect_uri}") }
 
-  context "when authorized" do
-
-    before do
-      @app = Rack::OAuth2::Server::Authorize.new do |request, response|
+  context "when approved" do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.access_token = access_token
+        response.token_type = token_type
         response.approve!
-        response.access_token = "access_token"
       end
-      @request = Rack::MockRequest.new @app
     end
 
-    it "should redirect to redirect_uri with authorization code" do
-      response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback")
+    it 'should redirect with authorization code in fragment' do
       response.status.should == 302
-      response.location.should == "http://client.example.com/callback#access_token=access_token"
+      response.location.should == "#{redirect_uri}#access_token=#{access_token}"
     end
 
-    context "when redirect_uri already includes fragment" do
-      it "should keep original fragment" do
-        response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback%23fragment")
-        response.status.should == 302
-        response.location.should == "http://client.example.com/callback#fragment&access_token=access_token"
+    context 'when redirect_uri is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.access_token = access_token
+          response.token_type = token_type
+          response.approve!
+        end
+      end
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing
       end
     end
 
-  end
+    context 'when access_token is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.redirect_uri = redirect_uri
+          response.token_type = token_type
+          response.approve!
+        end
+      end
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing
+      end
+    end
 
-  context "when denied" do
+    context 'when token_type is missing' do
+      let :app do
+        Rack::OAuth2::Server::Authorize.new do |request, response|
+          response.redirect_uri = redirect_uri
+          response.access_token = access_token
+          response.approve!
+        end
+      end
 
-    before do
-      @app = Rack::OAuth2::Server::Authorize.new do |request, response|
-        request.access_denied! 'User rejected the requested access.'
+      it do
+        expect { response }.should raise_error AttrRequired::AttrMissing
       end
-      @request = Rack::MockRequest.new @app
     end
+  end
 
-    it "should redirect to redirect_uri with error message" do
-      response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback")
+  context 'when denied' do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        request.access_denied!
+      end
+    end
+    it 'should redirect with error in fragment' do
       response.status.should == 302
       error_message = {
         :error => :access_denied,
-        :error_description => "User rejected the requested access."
+        :error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
       }
-      response.location.should == "http://client.example.com/callback?#{error_message.to_query}"
+      response.location.should == "#{redirect_uri}##{error_message.to_query}"
     end
-
   end
-
 end

data/spec/rack/oauth2/server/authorize_spec.rb

@@ -1,88 +1,44 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Server::Authorize do
-  it "should support realm" do
-    app = Rack::OAuth2::Server::Authorize.new("server.example.com")
-    app.realm.should == "server.example.com"
-  end
-end
-
-describe Rack::OAuth2::Server::Authorize::Request do
+  let(:app)          { Rack::OAuth2::Server::Authorize.new }
+  let(:request)      { Rack::MockRequest.new app }
+  let(:redirect_uri) { 'http://client.example.com/callback' }
+  let(:bad_request)  { Rack::OAuth2::Server::Authorize::BadRequest }
 
-  before do
-    @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
-      response.code = "authorization_code"
-      response.redirect_uri ||= "http://client.example.com/callback/pre-registered"
+  context 'when redirect_uri is missing' do
+    it do
+      expect { request.get '/' }.should raise_error bad_request
     end
-    @request = Rack::MockRequest.new @app
   end
 
-  context "when any required parameters are missing" do
-    it "should return invalid_request error" do
-      assert_error_response(:json, :invalid_request) do
-        @request.get('/')
-      end
-      assert_error_response(:json, :invalid_request) do
-        @request.get('/?response_type=code')
-      end
-      assert_error_response(:json, :invalid_request) do
-        @request.get('/?client_id=client')
+  context 'when redirect_uri is given' do
+    context 'when client_id is missing' do
+      it do
+        expect { request.get "/?redirect_uri=#{redirect_uri}" }.should raise_error bad_request
       end
     end
-  end
-
-  context "when unsupported response_type is given" do
-    it "should return unsupported_response_type error" do
-      assert_error_response(:query, :unsupported_response_type) do
-        @request.get('/?response_type=hello&client_id=client&redirect_uri=http://client.example.com/callback')
+    context 'when client_id is given' do
+      context 'when response_type is missing' do
+        it do
+          expect { request.get "/?client_id=client&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
+        end
       end
     end
   end
 
-  context "when all required parameters are valid" do
-    it "should succeed" do
-      response = @request.get('/?response_type=code&client_id=client')
-      response.status.should == 200
+  context 'when unknown response_type is given' do
+    it do
+      expect { request.get "/?response_type=unknown&client_id=client&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
     end
   end
 
-end
-
-describe Rack::OAuth2::Server::Authorize::Response do
-
-  context "when required response params are missing" do
-
-    before do
-      @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
-        response.approve!
-        # code is missing
+  context 'when all required parameters are valid' do
+    [:code, :token].each do |request_type|
+      context "when response_type = :#{request_type}" do
+        subject { request.get "/?response_type=#{request_type}&client_id=client&redirect_uri=#{redirect_uri}" }
+        its(:status) { should == 200 }
       end
-      @request = Rack::MockRequest.new @app
-    end
-
-    it "should raise an error" do
-      lambda do
-        @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
-      end.should raise_error(StandardError)
     end
-
-  end
-
-  context "when required response params are given" do
-
-    before do
-      @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
-        response.approve!
-        response.code = "authorization_code"
-      end
-      @request = Rack::MockRequest.new @app
-    end
-
-    it "should succeed" do
-      response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
-      response.status.should == 302
-    end
-
   end
-
 end

data/spec/rack/oauth2/server/resource/bearer/error_spec.rb

@@ -0,0 +1,118 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Resource::Bearer::BadRequest do
+  let(:error) { Rack::OAuth2::Server::Resource::Bearer::BadRequest.new(:invalid_request) }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::BadRequest }
+  describe '#finish' do
+    it 'should respond in JSON' do
+      status, header, response = error.finish
+      status.should == 400
+      header['Content-Type'].should == 'application/json'
+      response.body.should == ['{"error":"invalid_request"}']
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Resource::Bearer::Unauthorized do
+  let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token) }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::Unauthorized }
+  describe '#finish' do
+    it 'should respond in JSON' do
+      status, header, response = error.finish
+      status.should == 401
+      header['Content-Type'].should == 'application/json'
+      header['WWW-Authenticate'].should == 'Bearer error="invalid_token"'
+      response.body.should == ['{"error":"invalid_token"}']
+    end
+  end
+
+  context 'when error_code is not invalid_token' do
+    let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something) }
+
+    it 'should have error_code in body but not in WWW-Authenticate header' do
+      status, header, response = error.finish
+      header['WWW-Authenticate'].should == 'Bearer'
+      response.body.first.should include '"error":"something"'
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Resource::Bearer::Forbidden do
+  let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope) }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::Forbidden }
+  describe '#finish' do
+    it 'should respond in JSON' do
+      status, header, response = error.finish
+      status.should == 403
+      header['Content-Type'].should == 'application/json'
+      response.body.should == ['{"error":"insufficient_scope"}']
+    end
+  end
+
+  context 'when scope option is given' do
+    let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', :scope => [:scope1, :scope2]) }
+
+    it 'should have blank WWW-Authenticate header' do
+      status, header, response = error.finish
+      response.body.first.should include '"scope":"scope1 scope2"'
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Resource::Bearer::ErrorMethods do
+  let(:bad_request)         { Rack::OAuth2::Server::Resource::Bearer::BadRequest }
+  let(:unauthorized)        { Rack::OAuth2::Server::Resource::Bearer::Unauthorized }
+  let(:forbidden)           { Rack::OAuth2::Server::Resource::Bearer::Forbidden }
+  let(:redirect_uri)        { 'http://client.example.com/callback' }
+  let(:default_description) { Rack::OAuth2::Server::Resource::Bearer::ErrorMethods::DEFAULT_DESCRIPTION }
+  let(:env)                 { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
+  let(:request)             { Rack::OAuth2::Server::Resource::Bearer::Request.new env }
+
+  describe 'bad_request!' do
+    it do
+      expect { request.bad_request! :invalid_request }.should raise_error bad_request
+    end
+  end
+
+  describe 'unauthorized!' do
+    it do
+      expect { request.unauthorized! :invalid_client }.should raise_error unauthorized
+    end
+  end
+
+  Rack::OAuth2::Server::Resource::Bearer::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
+    method = "#{error_code}!"
+    case error_code
+    when :invalid_request
+      describe method do
+        it "should raise Rack::OAuth2::Server::Resource::Bearer::BadRequest with error = :#{error_code}" do
+          expect { request.send method }.should raise_error(bad_request) { |error|
+            error.error.should       == error_code
+            error.description.should == default_description[error_code]
+          }
+        end
+      end
+    when :insufficient_scope
+      describe method do
+        it "should raise Rack::OAuth2::Server::Resource::Bearer::Forbidden with error = :#{error_code}" do
+          expect { request.send method }.should raise_error(forbidden) { |error|
+            error.error.should       == error_code
+            error.description.should == default_description[error_code]
+          }
+        end
+      end
+    else
+      describe method do
+        it "should raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized with error = :#{error_code}" do
+          expect { request.send method }.should raise_error(unauthorized) { |error|
+            error.error.should       == error_code
+            error.description.should == default_description[error_code]
+          }
+        end
+      end
+    end
+  end
+end