rack-oauth2 0.2.3 → 0.3.0.alpha

data/spec/rack/oauth2/server/resource/bearer_spec.rb

@@ -0,0 +1,117 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Resource::Bearer do
+  let(:app) do
+    Rack::OAuth2::Server::Resource::Bearer.new(simple_app) do |request|
+      case request.access_token
+      when 'valid_token'
+        # nothing to do
+      when 'insufficient_scope_token'
+        request.insufficient_scope!
+      else
+        request.invalid_token!
+      end
+    end
+  end
+  let(:access_token) { env[Rack::OAuth2::Server::Resource::Bearer::ACCESS_TOKEN] }
+  let(:request) { app.call(env) }
+  subject { app.call(env) }
+
+  shared_examples_for :non_oauth2_request do
+    it 'should skip OAuth 2.0 authentication' do
+      status, header, response = request
+      status.should == 200
+      access_token.should be_nil
+    end
+  end
+  shared_examples_for :authenticated_request do
+    it 'should be authenticated' do
+      status, header, response = request
+      status.should == 200
+      access_token.should == 'valid_token'
+    end
+  end
+  shared_examples_for :unauthorized_request do
+    it 'should be unauthorized' do
+      status, header, response = request
+      status.should == 401
+      header['WWW-Authenticate'].should include 'Bearer'
+      access_token.should be_nil
+    end
+  end
+  shared_examples_for :bad_request do
+    it 'should be unauthorized' do
+      status, header, response = request
+      status.should == 400
+      access_token.should be_nil
+    end
+  end
+
+  context 'when no access token is given' do
+    let(:env) { Rack::MockRequest.env_for('/protected_resource') }
+    it_behaves_like :non_oauth2_request
+  end
+
+  context 'when valid_token is given' do
+    context 'when token is in Authorization header' do
+      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'Bearer valid_token') }
+      it_behaves_like :authenticated_request
+    end
+
+    context 'when token is in params' do
+      let(:env) { Rack::MockRequest.env_for('/protected_resource', :params => {:oauth_token => 'valid_token'}) }
+      it_behaves_like :authenticated_request
+    end
+  end
+
+  context 'when invalid_token is given' do
+    context 'when token is in Authorization header' do
+      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'Bearer invalid_token') }
+      it_behaves_like :unauthorized_request
+    end
+
+    context 'when token is in params' do
+      let(:env) { Rack::MockRequest.env_for('/protected_resource', :params => {:oauth_token => 'invalid_token'}) }
+      it_behaves_like :unauthorized_request
+    end
+  end
+
+  context 'when multiple access_token is given' do
+    context 'when token is in Authorization header and params' do
+      let(:env) do
+        Rack::MockRequest.env_for(
+          '/protected_resource',
+          'HTTP_AUTHORIZATION' => 'Bearer valid_token',
+          :params => {:oauth_token => 'valid_token'}
+        )
+      end
+      it_behaves_like :bad_request
+    end
+  end
+
+  context 'when OAuth 1.0 request' do
+    context 'when token is in Authorization header' do
+      let(:env) do
+        Rack::MockRequest.env_for(
+          '/protected_resource',
+          'HTTP_AUTHORIZATION' => 'OAuth oauth_consumer_key="key" oauth_token="token" oauth_signature_method="HMAC-SHA1" oauth_signature="sig" oauth_timestamp="123456789" oauth_nonce="nonce"'
+        )
+      end
+      it_behaves_like :non_oauth2_request
+    end
+
+    context 'when token is in params' do
+      let(:env) do
+        Rack::MockRequest.env_for('/protected_resource', :params => {
+          :oauth_consumer_key => 'key',
+          :oauth_token => 'token',
+          :oauth_signature_method => 'HMAC-SHA1',
+          :oauth_signature => 'sig',
+          :oauth_timestamp => 123456789,
+          :oauth_nonce => 'nonce'
+        })
+      end
+      it_behaves_like :non_oauth2_request
+    end
+  end
+end

data/spec/rack/oauth2/server/token/authorization_code_spec.rb

@@ -1,119 +1,36 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Server::Token::AuthorizationCode do
-
-  context "when valid code is given" do
-
-    before do
-      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        response.access_token = "access_token"
-      end
-      @request = Rack::MockRequest.new @app
+  let(:request) { Rack::MockRequest.new app }
+  let(:app) do
+    Rack::OAuth2::Server::Token.new do |request, response|
+      response.access_token = 'access_token'
     end
-
-    it "should return access_token as json response body" do
-      response = @request.post("/", :params => {
-        :grant_type => "authorization_code",
-        :client_id => "valid_client",
-        :code => "valid_authorization_code",
-        :redirect_uri => "http://client.example.com/callback"
-      })
-      response.status.should == 200
-      response.content_type.should == "application/json"
-      response.body.should == {
-        :access_token => "access_token"
-      }.to_json
-    end
-
   end
-
-  context "when invalid code is given" do
-
-    before do
-      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        request.invalid_grant!('Invalid authorization code.')
-      end
-      @request = Rack::MockRequest.new @app
-    end
-
-    it "should return error message as json response body" do
-      response = @request.post("/", :params => {
-        :grant_type => "authorization_code",
-        :client_id => "valid_client",
-        :code => "invalid_authorization_code",
-        :redirect_uri => "http://client.example.com/callback"
-      })
-      response.status.should == 400
-      response.content_type.should == "application/json"
-      response.body.should == {
-        :error => :invalid_grant,
-        :error_description => "Invalid authorization code."
-      }.to_json
-    end
-
+  let(:params) do
+    {
+      :grant_type => 'authorization_code',
+      :client_id => 'client_id',
+      :code => 'authorization_code',
+      :redirect_uri => 'http://client.example.com/callback'
+    }
   end
-
-  context "when invalid client_id is given" do
-
-    before do
-      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        request.invalid_client!('Invalid client identifier.')
+  subject { request.post('/', :params => params) }
+
+  its(:status)       { should == 200 }
+  its(:content_type) { should == 'application/json' }
+  its(:body)         { should == '{"access_token":"access_token"}' }
+
+  [:code, :redirect_uri].each do |required|
+    context "when #{required} is missing" do
+      before do
+        params.delete_if do |key, value|
+          key == required
+        end
       end
-      @request = Rack::MockRequest.new @app
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
     end
-
-    context "when client credentials is given via Authorization header" do
-      it "should return 401 error" do
-        response = @request.post("/", :params => {
-          :grant_type => "authorization_code",
-          :code => "valid_authorization_code",
-          :redirect_uri => "http://client.example.com/callback"
-        }, 'HTTP_AUTHORIZATION' => "Basic #{["invalid_client_id:client_secret"].pack("m*")}")
-        response.status.should == 401
-        response.content_type.should == "application/json"
-        response.body.should == {
-          :error => :invalid_client,
-          :error_description => "Invalid client identifier."
-        }.to_json
-      end
-    end
-
-    context "when client credentials is given via request body" do
-      it "should return 400 error" do
-        response = @request.post("/", :params => {
-          :grant_type => "authorization_code",
-          :client_id => "invalid_client",
-          :code => "valid_authorization_code",
-          :redirect_uri => "http://client.example.com/callback"
-        })
-        response.status.should == 400
-        response.content_type.should == "application/json"
-        response.body.should == {
-          :error => :invalid_client,
-          :error_description => "Invalid client identifier."
-        }.to_json
-      end
-    end
-
-    context "when client credentials is given via both Authorization header and request body" do
-      it "should return 401 error with multiple credentials error message" do
-        response = @request.post("/", :params => {
-          :grant_type => "authorization_code",
-          :client_id => "invalid_client",
-          :code => "valid_authorization_code",
-          :redirect_uri => "http://client.example.com/callback"
-        }, 'HTTP_AUTHORIZATION' => "Basic #{["invalid_client_id:client_secret"].pack("m*")}")
-        response.status.should == 401
-        response.content_type.should == "application/json"
-        response.body.should == {
-          :error => :invalid_client,
-          :error_description => "Multiple client credentials are provided."
-        }.to_json
-      end
-      # TODO
-      
-    end
-
   end
-
 end

data/spec/rack/oauth2/server/token/error_spec.rb

@@ -0,0 +1,77 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Token::BadRequest do
+  let(:error) { Rack::OAuth2::Server::Token::BadRequest.new(:invalid_request) }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::BadRequest }
+
+  describe '#finish' do
+    it 'should respond in JSON' do
+      status, header, response = error.finish
+      status.should == 400
+      header['Content-Type'].should == 'application/json'
+      response.body.should == ['{"error":"invalid_request"}']
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Token::Unauthorized do
+  let(:error) { Rack::OAuth2::Server::Token::Unauthorized.new(:invalid_request) }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::Unauthorized }
+
+  describe '#finish' do
+    it 'should respond in JSON' do
+      status, header, response = error.finish
+      status.should == 401
+      header['Content-Type'].should == 'application/json'
+      header['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
+      response.body.should == ['{"error":"invalid_request"}']
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Token::ErrorMethods do
+  let(:bad_request)         { Rack::OAuth2::Server::Token::BadRequest }
+  let(:unauthorized)        { Rack::OAuth2::Server::Token::Unauthorized }
+  let(:redirect_uri)        { 'http://client.example.com/callback' }
+  let(:default_description) { Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION }
+  let(:env)                 { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
+  let(:request)             { Rack::OAuth2::Server::Token::Request.new env }
+
+  describe 'bad_request!' do
+    it do
+      expect { request.bad_request! :invalid_request }.should raise_error bad_request
+    end
+  end
+
+  describe 'unauthorized!' do
+    it do
+      expect { request.unauthorized! :invalid_client }.should raise_error unauthorized
+    end
+  end
+
+  Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
+    method = "#{error_code}!"
+    case error_code
+    when :invalid_client
+      describe method do
+        it "should raise Rack::OAuth2::Server::Token::Unauthorized with error = :#{error_code}" do
+          expect { request.send method }.should raise_error(unauthorized) { |error|
+            error.error.should       == error_code
+            error.description.should == default_description[error_code]
+          }
+        end
+      end
+    else
+      describe method do
+        it "should raise Rack::OAuth2::Server::Token::BadRequest with error = :#{error_code}" do
+          expect { request.send method }.should raise_error(bad_request) { |error|
+            error.error.should       == error_code
+            error.description.should == default_description[error_code]
+          }
+        end
+      end
+    end
+  end
+end

data/spec/rack/oauth2/server/token/password_spec.rb

@@ -1,56 +1,36 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Server::Token::Password do
-
-  context "when valid resource owner credentials are given" do
-
-    before do
-      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        response.access_token = "access_token"
-      end
-      @request = Rack::MockRequest.new @app
+  let(:request) { Rack::MockRequest.new app }
+  let(:app) do
+    Rack::OAuth2::Server::Token.new do |request, response|
+      response.access_token = 'access_token'
     end
-
-    it "should return access_token as json response body" do
-      response = @request.post("/", :params => {
-        :grant_type => "password",
-        :client_id => "valid_client",
-        :username => "nov",
-        :password => "valid_pass"
-      })
-      response.status.should == 200
-      response.content_type.should == "application/json"
-      response.body.should == {
-        :access_token => "access_token"
-      }.to_json
-    end
-
   end
-
-  context "when invalid resource owner credentials are given" do
-
-    before do
-      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        request.invalid_grant! 'Invalid resource owner credentials.'
+  let(:params) do
+    {
+      :grant_type => 'password',
+      :client_id => 'client_id',
+      :username => 'nov',
+      :password => 'secret'
+    }
+  end
+  subject { request.post('/', :params => params) }
+
+  its(:status)       { should == 200 }
+  its(:content_type) { should == 'application/json' }
+  its(:body)         { should == '{"access_token":"access_token"}' }
+
+  [:username, :password].each do |required|
+    context "when #{required} is missing" do
+      before do
+        params.delete_if do |key, value|
+          key == required
+        end
       end
-      @request = Rack::MockRequest.new @app
-    end
-
-    it "should return error message as json response body" do
-      response = @request.post("/", :params => {
-        :grant_type => "password",
-        :client_id => "valid_client",
-        :username => "nov",
-        :password => "invalid_pass"
-      })
-      response.status.should == 400
-      response.content_type.should == "application/json"
-      response.body.should == {
-        :error => :invalid_grant,
-        :error_description => "Invalid resource owner credentials."
-      }.to_json
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
     end
-
   end
-
 end

data/spec/rack/oauth2/server/token/refresh_token_spec.rb

@@ -1,54 +1,33 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Server::Token::RefreshToken do
-
-  context "when valid refresh_token is given" do
-
-    before do
-      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        response.access_token = "access_token"
-      end
-      @request = Rack::MockRequest.new @app
-    end
-
-    it "should return access_token as json response body" do
-      response = @request.post("/", :params => {
-        :grant_type => "refresh_token",
-        :client_id => "valid_client",
-        :refresh_token => "valid_refresh_token"
-      })
-      response.status.should == 200
-      response.content_type.should == "application/json"
-      response.body.should == {
-        :access_token => "access_token"
-      }.to_json
+  let(:request) { Rack::MockRequest.new app }
+  let(:app) do
+    Rack::OAuth2::Server::Token.new do |request, response|
+      response.access_token = 'access_token'
     end
-
   end
+  let(:params) do
+    {
+      :grant_type => "refresh_token",
+      :client_id => "client_id",
+      :refresh_token => "refresh_token"
+    }
+  end
+  subject { request.post('/', :params => params) }
 
-  context "when invalid refresh_token is given" do
+  its(:status)       { should == 200 }
+  its(:content_type) { should == 'application/json' }
+  its(:body)         { should == '{"access_token":"access_token"}' }
 
+  context 'when refresh_token is missing' do
     before do
-      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
-        request.invalid_grant! 'Invalid refresh_token.'
+      params.delete_if do |key, value|
+        key == :refresh_token
       end
-      @request = Rack::MockRequest.new @app
-    end
-
-    it "should return error message as json response body" do
-      response = @request.post("/", :params => {
-        :grant_type => "refresh_token",
-        :client_id => "valid_client",
-        :refresh_token => "invalid_refresh_token"
-      })
-      response.status.should == 400
-      response.content_type.should == "application/json"
-      response.body.should == {
-        :error => :invalid_grant,
-        :error_description => "Invalid refresh_token."
-      }.to_json
     end
-
+    its(:status)       { should == 400 }
+    its(:content_type) { should == 'application/json' }
+    its(:body)         { should include '"error":"invalid_request"' }
   end
-
-end
+end