rack-oauth2 0.2.3 → 0.3.0.alpha
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +1 -0
- data/README.rdoc +1 -0
- data/VERSION +1 -1
- data/lib/rack/oauth2.rb +1 -7
- data/lib/rack/oauth2/server.rb +0 -1
- data/lib/rack/oauth2/server/abstract.rb +2 -1
- data/lib/rack/oauth2/server/abstract/error.rb +55 -0
- data/lib/rack/oauth2/server/abstract/handler.rb +2 -3
- data/lib/rack/oauth2/server/abstract/request.rb +2 -3
- data/lib/rack/oauth2/server/abstract/response.rb +0 -5
- data/lib/rack/oauth2/server/authorize.rb +19 -14
- data/lib/rack/oauth2/server/authorize/code.rb +8 -19
- data/lib/rack/oauth2/server/authorize/error.rb +60 -0
- data/lib/rack/oauth2/server/authorize/token.rb +15 -24
- data/lib/rack/oauth2/server/resource.rb +1 -79
- data/lib/rack/oauth2/server/resource/bearer.rb +74 -0
- data/lib/rack/oauth2/server/resource/bearer/error.rb +80 -0
- data/lib/rack/oauth2/server/token.rb +12 -19
- data/lib/rack/oauth2/server/token/authorization_code.rb +4 -5
- data/lib/rack/oauth2/server/token/error.rb +54 -0
- data/lib/rack/oauth2/server/token/password.rb +0 -2
- data/lib/rack/oauth2/server/token/refresh_token.rb +1 -1
- data/lib/rack/oauth2/server/util.rb +29 -0
- data/rack-oauth2.gemspec +1 -1
- data/spec/rack/oauth2/server/abstract/error_spec.rb +51 -0
- data/spec/rack/oauth2/server/authorize/code_spec.rb +42 -28
- data/spec/rack/oauth2/server/authorize/error_spec.rb +103 -0
- data/spec/rack/oauth2/server/authorize/token_spec.rb +55 -26
- data/spec/rack/oauth2/server/authorize_spec.rb +24 -68
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +118 -0
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +117 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +26 -109
- data/spec/rack/oauth2/server/token/error_spec.rb +77 -0
- data/spec/rack/oauth2/server/token/password_spec.rb +27 -47
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +22 -43
- data/spec/rack/oauth2/server/token_spec.rb +77 -116
- data/spec/rack/oauth2/server/util_spec.rb +75 -16
- data/spec/spec_helper.rb +0 -12
- metadata +25 -29
- data/lib/rack/oauth2/server/authorize/code_and_token.rb +0 -62
- data/lib/rack/oauth2/server/error.rb +0 -73
- data/lib/rack/oauth2/server/error/authorize.rb +0 -54
- data/lib/rack/oauth2/server/error/resource.rb +0 -50
- data/lib/rack/oauth2/server/error/token.rb +0 -59
- data/lib/rack/oauth2/server/token/assertion.rb +0 -29
- data/spec/rack/oauth2/server/authorize/code_and_token_spec.rb +0 -53
- data/spec/rack/oauth2/server/error/authorize_spec.rb +0 -102
- data/spec/rack/oauth2/server/error/resource_spec.rb +0 -69
- data/spec/rack/oauth2/server/error/token_spec.rb +0 -115
- data/spec/rack/oauth2/server/error_spec.rb +0 -107
- data/spec/rack/oauth2/server/resource_spec.rb +0 -141
- data/spec/rack/oauth2/server/token/assertion_spec.rb +0 -56
@@ -1,142 +1,103 @@
|
|
1
1
|
require 'spec_helper.rb'
|
2
|
+
require 'base64'
|
2
3
|
|
3
4
|
describe Rack::OAuth2::Server::Token do
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
end
|
9
|
-
|
10
|
-
describe Rack::OAuth2::Server::Token::Request do
|
11
|
-
|
12
|
-
before do
|
13
|
-
@app = Rack::OAuth2::Server::Token.new do |request, response|
|
14
|
-
response.access_token = "access_token"
|
5
|
+
let(:request) { Rack::MockRequest.new app }
|
6
|
+
let(:app) do
|
7
|
+
Rack::OAuth2::Server::Token.new do |request, response|
|
8
|
+
response.access_token = 'access_token'
|
15
9
|
end
|
16
|
-
@request = Rack::MockRequest.new @app
|
17
10
|
end
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
@request.post('/', :params => {
|
37
|
-
:grant_type => "authorization_code",
|
38
|
-
:redirect_uri => "http://client.example.com/callback"
|
39
|
-
})
|
40
|
-
end
|
41
|
-
assert_error_response(:json, :invalid_request) do
|
42
|
-
@request.post('/', :params => {
|
43
|
-
:client_id => "client",
|
44
|
-
:redirect_uri => "http://client.example.com/callback"
|
45
|
-
})
|
46
|
-
end
|
47
|
-
assert_error_response(:json, :invalid_request) do
|
48
|
-
@request.post('/', :params => {
|
49
|
-
:grant_type => "authorization_code",
|
50
|
-
:redirect_uri => "http://client.example.com/callback"
|
51
|
-
})
|
52
|
-
end
|
53
|
-
assert_error_response(:json, :invalid_request) do
|
54
|
-
@request.post('/', :params => {
|
55
|
-
:grant_type => "authorization_code",
|
56
|
-
:client_id => "client",
|
57
|
-
:redirect_uri => "http://client.example.com/callback"
|
58
|
-
})
|
11
|
+
let(:params) do
|
12
|
+
{
|
13
|
+
:grant_type => 'authorization_code',
|
14
|
+
:client_id => 'client_id',
|
15
|
+
:code => 'authorization_code',
|
16
|
+
:redirect_uri => 'http://client.example.com/callback'
|
17
|
+
}
|
18
|
+
end
|
19
|
+
subject { request.post('/token', :params => params) }
|
20
|
+
|
21
|
+
context 'when multiple client credentials are given' do
|
22
|
+
context 'when different credentials are given' do
|
23
|
+
let(:env) do
|
24
|
+
Rack::MockRequest.env_for(
|
25
|
+
'/token',
|
26
|
+
'HTTP_AUTHORIZATION' => "Basic #{Base64.encode64('client_id2:client_secret')}",
|
27
|
+
:params => params
|
28
|
+
)
|
59
29
|
end
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
:redirect_uri => "http://client.example.com/callback"
|
65
|
-
})
|
30
|
+
it 'should fail with unsupported_grant_type' do
|
31
|
+
status, header, response = app.call(env)
|
32
|
+
status.should == 400
|
33
|
+
response.body.first.should include '"error":"invalid_request"'
|
66
34
|
end
|
67
35
|
end
|
68
|
-
end
|
69
36
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
:
|
76
|
-
|
77
|
-
|
78
|
-
|
37
|
+
context 'when same credentials are given' do
|
38
|
+
let(:env) do
|
39
|
+
Rack::MockRequest.env_for(
|
40
|
+
'/token',
|
41
|
+
'HTTP_AUTHORIZATION' => "Basic #{Base64.encode64('client_id:client_secret')}",
|
42
|
+
:params => params
|
43
|
+
)
|
44
|
+
end
|
45
|
+
it 'should ignore duplicates' do
|
46
|
+
status, header, response = app.call(env)
|
47
|
+
status.should == 200
|
79
48
|
end
|
80
49
|
end
|
81
50
|
end
|
82
51
|
|
83
|
-
context
|
84
|
-
|
85
|
-
|
86
|
-
:grant_type => "authorization_code",
|
87
|
-
:client_id => "client",
|
88
|
-
:code => "authorization_code",
|
89
|
-
:redirect_uri => "http://client.example.com/callback"
|
90
|
-
})
|
91
|
-
response.status.should == 200
|
52
|
+
context 'when unsupported grant_type is given' do
|
53
|
+
before do
|
54
|
+
params.merge!(:grant_type => 'unknown')
|
92
55
|
end
|
56
|
+
its(:status) { should == 400 }
|
57
|
+
its(:content_type) { should == 'application/json' }
|
58
|
+
its(:body) { should include '"error":"unsupported_grant_type"' }
|
93
59
|
end
|
94
60
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
before do
|
102
|
-
@app = Rack::OAuth2::Server::Token.new do |request, response|
|
103
|
-
# access_token is missing
|
61
|
+
[:client_id, :grant_type].each do |required|
|
62
|
+
context "when #{required} is missing" do
|
63
|
+
before do
|
64
|
+
params.delete_if do |key, value|
|
65
|
+
key == required
|
66
|
+
end
|
104
67
|
end
|
105
|
-
|
68
|
+
its(:status) { should == 400 }
|
69
|
+
its(:content_type) { should == 'application/json' }
|
70
|
+
its(:body) { should include '"error":"invalid_request"' }
|
106
71
|
end
|
107
|
-
|
108
|
-
it "should raise an error" do
|
109
|
-
lambda do
|
110
|
-
@request.post('/', :params => {
|
111
|
-
:grant_type => "authorization_code",
|
112
|
-
:client_id => "client",
|
113
|
-
:code => "authorization_code",
|
114
|
-
:redirect_uri => "http://client.example.com/callback"
|
115
|
-
})
|
116
|
-
end.should raise_error(StandardError)
|
117
|
-
end
|
118
|
-
|
119
72
|
end
|
120
73
|
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
74
|
+
Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION.each do |error, default_message|
|
75
|
+
status = if error == :invalid_client
|
76
|
+
401
|
77
|
+
else
|
78
|
+
400
|
79
|
+
end
|
80
|
+
context "when #{error}" do
|
81
|
+
let(:app) do
|
82
|
+
Rack::OAuth2::Server::Token.new do |request, response|
|
83
|
+
request.send "#{error}!"
|
84
|
+
end
|
126
85
|
end
|
127
|
-
|
86
|
+
its(:status) { should == status }
|
87
|
+
its(:content_type) { should == 'application/json' }
|
88
|
+
its(:body) { should include "\"error\":\"#{error}\"" }
|
89
|
+
its(:body) { should include "\"error_description\":\"#{default_message}\"" }
|
128
90
|
end
|
91
|
+
end
|
129
92
|
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
93
|
+
context 'when responding' do
|
94
|
+
context 'when access_token is missing' do
|
95
|
+
let(:app) do
|
96
|
+
Rack::OAuth2::Server::Token.new
|
97
|
+
end
|
98
|
+
it do
|
99
|
+
expect { request.post('/', :params => params) }.should raise_error AttrRequired::AttrMissing
|
100
|
+
end
|
138
101
|
end
|
139
|
-
|
140
102
|
end
|
141
|
-
|
142
103
|
end
|
@@ -1,28 +1,87 @@
|
|
1
1
|
require 'spec_helper.rb'
|
2
2
|
|
3
|
-
describe Rack::OAuth2::Server::Util
|
3
|
+
describe Rack::OAuth2::Server::Util do
|
4
|
+
let :util do
|
5
|
+
Rack::OAuth2::Server::Util
|
6
|
+
end
|
4
7
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
8
|
+
let :uri do
|
9
|
+
'http://client.example.com/callback'
|
10
|
+
end
|
11
|
+
|
12
|
+
describe '.compact_hash' do
|
13
|
+
subject { util.compact_hash :k1 => 'v1', :k2 => '', :k3 => nil }
|
14
|
+
it { should == {:k1 => 'v1'} }
|
10
15
|
end
|
11
16
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
+
describe '.parse_uri' do
|
18
|
+
context 'when String is given' do
|
19
|
+
it { util.parse_uri(uri).should be_a URI::Generic }
|
20
|
+
end
|
21
|
+
|
22
|
+
context 'when URI is given' do
|
23
|
+
it 'should be itself' do
|
24
|
+
_uri_ = URI.parse uri
|
25
|
+
util.parse_uri(_uri_).should be _uri_
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
context 'when invalid URI is given' do
|
30
|
+
it do
|
31
|
+
expect do
|
32
|
+
util.parse_uri '::'
|
33
|
+
end.should raise_error URI::InvalidURIError
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
context 'otherwise' do
|
38
|
+
it do
|
39
|
+
expect { util.parse_uri nil }.should raise_error StandardError
|
40
|
+
expect { util.parse_uri 123 }.should raise_error StandardError
|
41
|
+
end
|
17
42
|
end
|
18
43
|
end
|
19
44
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
45
|
+
describe '.redirect_uri' do
|
46
|
+
let(:base_uri) { 'http://client.example.com' }
|
47
|
+
let(:params) do
|
48
|
+
{:k1 => :v1, :k2 => ''}
|
49
|
+
end
|
50
|
+
subject { util.redirect_uri base_uri, location, params }
|
51
|
+
|
52
|
+
context 'when location = :fragment' do
|
53
|
+
let(:location) { :fragment }
|
54
|
+
it { should == "#{base_uri}##{util.compact_hash(params).to_query}" }
|
55
|
+
end
|
56
|
+
|
57
|
+
context 'when location = :query' do
|
58
|
+
let(:location) { :query }
|
59
|
+
it { should == "#{base_uri}?#{util.compact_hash(params).to_query}" }
|
25
60
|
end
|
26
61
|
end
|
27
62
|
|
63
|
+
describe '.verify_redirect_uri' do
|
64
|
+
context 'when invalid URI is given' do
|
65
|
+
it do
|
66
|
+
util.verify_redirect_uri('::', '::').should be_false
|
67
|
+
util.verify_redirect_uri(123, 'http://client.example.com/other').should be_false
|
68
|
+
util.verify_redirect_uri('http://client.example.com/other', nil).should be_false
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
context 'when exactry same' do
|
73
|
+
it { util.verify_redirect_uri(uri, uri).should be_true }
|
74
|
+
end
|
75
|
+
|
76
|
+
context 'when path prefix matches' do
|
77
|
+
it { util.verify_redirect_uri(uri, "#{uri}/deep_path").should be_true }
|
78
|
+
end
|
79
|
+
|
80
|
+
context 'otherwise' do
|
81
|
+
it do
|
82
|
+
util.verify_redirect_uri(uri, 'http://client.example.com/other').should be_false
|
83
|
+
util.verify_redirect_uri(uri, 'http://attacker.example.com/callback').should be_false
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
28
87
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -8,16 +8,4 @@ def simple_app
|
|
8
8
|
lambda do |env|
|
9
9
|
[ 200, {'Content-Type' => 'text/plain'}, ["HELLO"] ]
|
10
10
|
end
|
11
|
-
end
|
12
|
-
|
13
|
-
def assert_error_response(format, error)
|
14
|
-
response = yield
|
15
|
-
case format
|
16
|
-
when :json
|
17
|
-
response.status.should == 400
|
18
|
-
response.body.should match("\"error\":\"#{error}\"")
|
19
|
-
when :query
|
20
|
-
response.status.should == 302
|
21
|
-
response.location.should match("error=#{error}")
|
22
|
-
end
|
23
11
|
end
|
metadata
CHANGED
@@ -1,13 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
5
|
-
prerelease:
|
4
|
+
hash: -1851332186
|
5
|
+
prerelease: 6
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
- 2
|
9
8
|
- 3
|
10
|
-
|
9
|
+
- 0
|
10
|
+
- alpha
|
11
|
+
version: 0.3.0.alpha
|
11
12
|
platform: ruby
|
12
13
|
authors:
|
13
14
|
- nov matake
|
@@ -15,7 +16,7 @@ autorequire:
|
|
15
16
|
bindir: bin
|
16
17
|
cert_chain: []
|
17
18
|
|
18
|
-
date:
|
19
|
+
date: 2011-03-05 00:00:00 +09:00
|
19
20
|
default_executable:
|
20
21
|
dependencies:
|
21
22
|
- !ruby/object:Gem::Dependency
|
@@ -86,12 +87,12 @@ dependencies:
|
|
86
87
|
requirements:
|
87
88
|
- - ">="
|
88
89
|
- !ruby/object:Gem::Version
|
89
|
-
hash:
|
90
|
+
hash: 25
|
90
91
|
segments:
|
91
92
|
- 0
|
92
93
|
- 0
|
93
|
-
-
|
94
|
-
version: 0.0.
|
94
|
+
- 3
|
95
|
+
version: 0.0.3
|
95
96
|
type: :runtime
|
96
97
|
version_requirements: *id005
|
97
98
|
- !ruby/object:Gem::Dependency
|
@@ -159,36 +160,33 @@ files:
|
|
159
160
|
- lib/rack/oauth2.rb
|
160
161
|
- lib/rack/oauth2/server.rb
|
161
162
|
- lib/rack/oauth2/server/abstract.rb
|
163
|
+
- lib/rack/oauth2/server/abstract/error.rb
|
162
164
|
- lib/rack/oauth2/server/abstract/handler.rb
|
163
165
|
- lib/rack/oauth2/server/abstract/request.rb
|
164
166
|
- lib/rack/oauth2/server/abstract/response.rb
|
165
167
|
- lib/rack/oauth2/server/authorize.rb
|
166
168
|
- lib/rack/oauth2/server/authorize/code.rb
|
167
|
-
- lib/rack/oauth2/server/authorize/
|
169
|
+
- lib/rack/oauth2/server/authorize/error.rb
|
168
170
|
- lib/rack/oauth2/server/authorize/token.rb
|
169
|
-
- lib/rack/oauth2/server/error.rb
|
170
|
-
- lib/rack/oauth2/server/error/authorize.rb
|
171
|
-
- lib/rack/oauth2/server/error/resource.rb
|
172
|
-
- lib/rack/oauth2/server/error/token.rb
|
173
171
|
- lib/rack/oauth2/server/resource.rb
|
172
|
+
- lib/rack/oauth2/server/resource/bearer.rb
|
173
|
+
- lib/rack/oauth2/server/resource/bearer/error.rb
|
174
174
|
- lib/rack/oauth2/server/token.rb
|
175
|
-
- lib/rack/oauth2/server/token/assertion.rb
|
176
175
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
176
|
+
- lib/rack/oauth2/server/token/error.rb
|
177
177
|
- lib/rack/oauth2/server/token/password.rb
|
178
178
|
- lib/rack/oauth2/server/token/refresh_token.rb
|
179
179
|
- lib/rack/oauth2/server/util.rb
|
180
180
|
- rack-oauth2.gemspec
|
181
|
-
- spec/rack/oauth2/server/
|
181
|
+
- spec/rack/oauth2/server/abstract/error_spec.rb
|
182
182
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
183
|
+
- spec/rack/oauth2/server/authorize/error_spec.rb
|
183
184
|
- spec/rack/oauth2/server/authorize/token_spec.rb
|
184
185
|
- spec/rack/oauth2/server/authorize_spec.rb
|
185
|
-
- spec/rack/oauth2/server/
|
186
|
-
- spec/rack/oauth2/server/
|
187
|
-
- spec/rack/oauth2/server/error/token_spec.rb
|
188
|
-
- spec/rack/oauth2/server/error_spec.rb
|
189
|
-
- spec/rack/oauth2/server/resource_spec.rb
|
190
|
-
- spec/rack/oauth2/server/token/assertion_spec.rb
|
186
|
+
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
187
|
+
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
191
188
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
189
|
+
- spec/rack/oauth2/server/token/error_spec.rb
|
192
190
|
- spec/rack/oauth2/server/token/password_spec.rb
|
193
191
|
- spec/rack/oauth2/server/token/refresh_token_spec.rb
|
194
192
|
- spec/rack/oauth2/server/token_spec.rb
|
@@ -226,22 +224,20 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
226
224
|
requirements: []
|
227
225
|
|
228
226
|
rubyforge_project:
|
229
|
-
rubygems_version: 1.3
|
227
|
+
rubygems_version: 1.5.3
|
230
228
|
signing_key:
|
231
229
|
specification_version: 3
|
232
230
|
summary: Rack Middleware for OAuth2 server
|
233
231
|
test_files:
|
234
|
-
- spec/rack/oauth2/server/
|
232
|
+
- spec/rack/oauth2/server/abstract/error_spec.rb
|
235
233
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
234
|
+
- spec/rack/oauth2/server/authorize/error_spec.rb
|
236
235
|
- spec/rack/oauth2/server/authorize/token_spec.rb
|
237
236
|
- spec/rack/oauth2/server/authorize_spec.rb
|
238
|
-
- spec/rack/oauth2/server/
|
239
|
-
- spec/rack/oauth2/server/
|
240
|
-
- spec/rack/oauth2/server/error/token_spec.rb
|
241
|
-
- spec/rack/oauth2/server/error_spec.rb
|
242
|
-
- spec/rack/oauth2/server/resource_spec.rb
|
243
|
-
- spec/rack/oauth2/server/token/assertion_spec.rb
|
237
|
+
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
238
|
+
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
244
239
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
240
|
+
- spec/rack/oauth2/server/token/error_spec.rb
|
245
241
|
- spec/rack/oauth2/server/token/password_spec.rb
|
246
242
|
- spec/rack/oauth2/server/token/refresh_token_spec.rb
|
247
243
|
- spec/rack/oauth2/server/token_spec.rb
|