rack-oauth2 0.2.3 → 0.3.0.alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. data/Gemfile +1 -0
  2. data/README.rdoc +1 -0
  3. data/VERSION +1 -1
  4. data/lib/rack/oauth2.rb +1 -7
  5. data/lib/rack/oauth2/server.rb +0 -1
  6. data/lib/rack/oauth2/server/abstract.rb +2 -1
  7. data/lib/rack/oauth2/server/abstract/error.rb +55 -0
  8. data/lib/rack/oauth2/server/abstract/handler.rb +2 -3
  9. data/lib/rack/oauth2/server/abstract/request.rb +2 -3
  10. data/lib/rack/oauth2/server/abstract/response.rb +0 -5
  11. data/lib/rack/oauth2/server/authorize.rb +19 -14
  12. data/lib/rack/oauth2/server/authorize/code.rb +8 -19
  13. data/lib/rack/oauth2/server/authorize/error.rb +60 -0
  14. data/lib/rack/oauth2/server/authorize/token.rb +15 -24
  15. data/lib/rack/oauth2/server/resource.rb +1 -79
  16. data/lib/rack/oauth2/server/resource/bearer.rb +74 -0
  17. data/lib/rack/oauth2/server/resource/bearer/error.rb +80 -0
  18. data/lib/rack/oauth2/server/token.rb +12 -19
  19. data/lib/rack/oauth2/server/token/authorization_code.rb +4 -5
  20. data/lib/rack/oauth2/server/token/error.rb +54 -0
  21. data/lib/rack/oauth2/server/token/password.rb +0 -2
  22. data/lib/rack/oauth2/server/token/refresh_token.rb +1 -1
  23. data/lib/rack/oauth2/server/util.rb +29 -0
  24. data/rack-oauth2.gemspec +1 -1
  25. data/spec/rack/oauth2/server/abstract/error_spec.rb +51 -0
  26. data/spec/rack/oauth2/server/authorize/code_spec.rb +42 -28
  27. data/spec/rack/oauth2/server/authorize/error_spec.rb +103 -0
  28. data/spec/rack/oauth2/server/authorize/token_spec.rb +55 -26
  29. data/spec/rack/oauth2/server/authorize_spec.rb +24 -68
  30. data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +118 -0
  31. data/spec/rack/oauth2/server/resource/bearer_spec.rb +117 -0
  32. data/spec/rack/oauth2/server/token/authorization_code_spec.rb +26 -109
  33. data/spec/rack/oauth2/server/token/error_spec.rb +77 -0
  34. data/spec/rack/oauth2/server/token/password_spec.rb +27 -47
  35. data/spec/rack/oauth2/server/token/refresh_token_spec.rb +22 -43
  36. data/spec/rack/oauth2/server/token_spec.rb +77 -116
  37. data/spec/rack/oauth2/server/util_spec.rb +75 -16
  38. data/spec/spec_helper.rb +0 -12
  39. metadata +25 -29
  40. data/lib/rack/oauth2/server/authorize/code_and_token.rb +0 -62
  41. data/lib/rack/oauth2/server/error.rb +0 -73
  42. data/lib/rack/oauth2/server/error/authorize.rb +0 -54
  43. data/lib/rack/oauth2/server/error/resource.rb +0 -50
  44. data/lib/rack/oauth2/server/error/token.rb +0 -59
  45. data/lib/rack/oauth2/server/token/assertion.rb +0 -29
  46. data/spec/rack/oauth2/server/authorize/code_and_token_spec.rb +0 -53
  47. data/spec/rack/oauth2/server/error/authorize_spec.rb +0 -102
  48. data/spec/rack/oauth2/server/error/resource_spec.rb +0 -69
  49. data/spec/rack/oauth2/server/error/token_spec.rb +0 -115
  50. data/spec/rack/oauth2/server/error_spec.rb +0 -107
  51. data/spec/rack/oauth2/server/resource_spec.rb +0 -141
  52. data/spec/rack/oauth2/server/token/assertion_spec.rb +0 -56
data/lib/rack/oauth2/server/authorize/code_and_token.rb DELETED
@@ -1,62 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
- class Authorize
5
- class CodeAndToken < Abstract::Handler
6
-
7
- def call(env)
8
- @request = Request.new(env)
9
- @response = Response.new(request)
10
- super
11
- end
12
-
13
- class Request < Authorize::Request
14
- def initialize(env)
15
- super
16
- @response_type = :code_and_token
17
- attr_missing!
18
- end
19
- end
20
-
21
- class Response < Authorize::Response
22
- attr_required :code, :access_token
23
- attr_optional :expires_in, :scope
24
-
25
- def finish
26
- if approved?
27
- # append query params
28
- query_params = {
29
- :code => code,
30
- :state => state
31
- }.delete_if do |key, value|
32
- value.blank?
33
- end
34
- redirect_uri.query = if redirect_uri.query
35
- [redirect_uri.query, query_params.to_query].join('&')
36
- else
37
- query_params.to_query
38
- end
39
- # append fragment params
40
- fragment_params = {
41
- :access_token => access_token,
42
- :expires_in => expires_in,
43
- :scope => Array(scope).join(' ')
44
- }.delete_if do |key, value|
45
- value.blank?
46
- end
47
- redirect_uri.fragment = if redirect_uri.fragment
48
- [redirect_uri.fragment, fragment_params.to_query].join('&')
49
- else
50
- fragment_params.to_query
51
- end
52
- redirect redirect_uri.to_s
53
- end
54
- super
55
- end
56
- end
57
-
58
- end
59
- end
60
- end
61
- end
62
- end
data/lib/rack/oauth2/server/error.rb DELETED
@@ -1,73 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
-
5
- class Error < StandardError
6
- attr_accessor :status, :error, :description, :uri, :state, :scope, :redirect_uri, :realm
7
-
8
- def initialize(status, error, description = "", options = {})
9
- @status = status
10
- @error = error
11
- @description = description
12
- @uri = options[:uri]
13
- @state = options[:state]
14
- @realm = options[:realm]
15
- @scope = Array(options[:scope])
16
- @redirect_uri = Util.parse_uri(options[:redirect_uri]) if options[:redirect_uri]
17
- end
18
-
19
- def finish
20
- params = {
21
- :error => error,
22
- :error_description => description,
23
- :error_uri => uri,
24
- :state => state,
25
- :scope => scope.join(' ')
26
- }.delete_if do |key, value|
27
- value.blank?
28
- end
29
- response = Rack::Response.new
30
- if @redirect_uri.present?
31
- redirect_uri.query = if redirect_uri.query
32
- [redirect_uri.query, params.to_query].join('&')
33
- else
34
- params.to_query
35
- end
36
- response.redirect redirect_uri.to_s
37
- else
38
- response.status = status
39
- response.header['Content-Type'] = 'application/json'
40
- if realm.present?
41
- response.header['WWW-Authenticate'] = "OAuth realm='#{realm}' #{params.collect { |key, value| "#{key}='#{value.to_s}'" }.join(' ')}"
42
- end
43
- response.write params.to_json
44
- end
45
- response.finish
46
- end
47
- end
48
-
49
- class BadRequest < Error
50
- def initialize(error, description = "", options = {})
51
- super(400, error, description, options)
52
- end
53
- end
54
-
55
- class Unauthorized < Error
56
- def initialize(error, description = "", options = {})
57
- super(401, error, description, options)
58
- end
59
- end
60
-
61
- class Forbidden < Error
62
- def initialize(error, description = "", options = {})
63
- super(403, error, description, options)
64
- end
65
- end
66
-
67
- end
68
- end
69
- end
70
-
71
- require 'rack/oauth2/server/error/authorize'
72
- require 'rack/oauth2/server/error/token'
73
- require 'rack/oauth2/server/error/resource'
data/lib/rack/oauth2/server/error/authorize.rb DELETED
@@ -1,54 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
- class Error
5
- module Authorize
6
-
7
- DEFAULT_DESCRIPTION = {
8
- :invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed.",
9
- :invalid_client => "The client identifier provided is invalid.",
10
- :unauthorized_client => "The client is not authorized to use the requested response type.",
11
- :redirect_uri_mismatch => "The redirection URI provided does not match a pre-registered value.",
12
- :access_denied => "The end-user or authorization server denied the request.",
13
- :unsupported_response_type => "The requested response type is not supported by the authorization server.",
14
- :invalid_scope => "The requested scope is invalid, unknown, or malformed."
15
- }
16
-
17
- def error!(error, description = nil, options = {})
18
- description ||= DEFAULT_DESCRIPTION[error]
19
- raise BadRequest.new(error, description, options.merge(:state => state, :redirect_uri => redirect_uri))
20
- end
21
-
22
- def invalid_request!(description = nil, options = {})
23
- error!(:invalid_request, description, options)
24
- end
25
-
26
- def invalid_client!(description = nil, options = {})
27
- error!(:invalid_client, description, options)
28
- end
29
-
30
- def unauthorized_client!(description = nil, options = {})
31
- error!(:unauthorized_client, description, options)
32
- end
33
-
34
- def redirect_uri_mismatch!(description = nil, options = {})
35
- error!(:redirect_uri_mismatch, description, options)
36
- end
37
-
38
- def access_denied!(description = nil, options = {})
39
- error!(:access_denied, description, options)
40
- end
41
-
42
- def unsupported_response_type!(description = nil, options = {})
43
- error!(:unsupported_response_type, description, options)
44
- end
45
-
46
- def invalid_scope!(description = nil, options = {})
47
- error!(:invalid_scope, description, options)
48
- end
49
-
50
- end
51
- end
52
- end
53
- end
54
- end
data/lib/rack/oauth2/server/error/resource.rb DELETED
@@ -1,50 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
- class Error
5
- module Resource
6
-
7
- DEFAULT_DESCRIPTION = {
8
- :invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.",
9
- :invalid_token => "The access token provided is invalid.",
10
- :expired_token => "The access token provided has expired.",
11
- :insufficient_scope => "The request requires higher privileges than provided by the access token."
12
- }
13
-
14
- def error!(error, description = nil, options = {})
15
- description ||= DEFAULT_DESCRIPTION[error]
16
- options[:realm] = realm
17
- exception = case error
18
- when :invalid_token, :expired_token
19
- Unauthorized
20
- when :insufficient_scope
21
- Forbidden
22
- when :invalid_request
23
- BadRequest
24
- else
25
- raise Error.new(options[:status] || 400, error, description, options)
26
- end
27
- raise exception.new(error, description, options)
28
- end
29
-
30
- def invalid_request!(description = nil, options = {})
31
- error!(:invalid_request, description, options)
32
- end
33
-
34
- def invalid_token!(description = nil, options = {})
35
- error!(:invalid_token, description, options)
36
- end
37
-
38
- def expired_token!(description = nil, options = {})
39
- error!(:expired_token, description, options)
40
- end
41
-
42
- def insufficient_scope!(description = nil, options = {})
43
- error!(:insufficient_scope, description, options)
44
- end
45
-
46
- end
47
- end
48
- end
49
- end
50
- end
data/lib/rack/oauth2/server/error/token.rb DELETED
@@ -1,59 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
- class Error
5
- module Token
6
-
7
- DEFAULT_DESCRIPTION = {
8
- :invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.",
9
- :invalid_client => "The client identifier provided is invalid, the client failed to authenticate, the client did not include its credentials, provided multiple client credentials, or used unsupported credentials type.",
10
- :unauthorized_client => "The authenticated client is not authorized to use the access grant type provided.",
11
- :invalid_grant => "The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user password credentials, or mismatching authorization code and redirection URI).",
12
- :unsupported_grant_type => "The access grant included - its type or another attribute - is not supported by the authorization server.",
13
- :unsupported_response_type => "The requested response type is not supported by the authorization server.",
14
- :invalid_scope => "The requested scope is invalid, unknown, malformed, or exceeds the previously granted scope."
15
- }
16
-
17
- def error!(error, description = nil, options = {})
18
- description ||= DEFAULT_DESCRIPTION[error]
19
- exception = if options.delete(:unauthorized)
20
- Unauthorized
21
- else
22
- BadRequest
23
- end
24
- raise exception.new(error, description, options)
25
- end
26
-
27
- def invalid_request!(description = nil, options = {})
28
- error!(:invalid_request, description, options)
29
- end
30
-
31
- def invalid_client!(description = nil, options = {})
32
- error!(:invalid_client, description, options.merge(:unauthorized => via_authorization_header))
33
- end
34
-
35
- def unauthorized_client!(description = nil, options = {})
36
- error!(:unauthorized_client, description, options)
37
- end
38
-
39
- def invalid_grant!(description = nil, options = {})
40
- error!(:invalid_grant, description, options)
41
- end
42
-
43
- def unsupported_grant_type!(description = nil, options = {})
44
- error!(:unsupported_grant_type, description, options)
45
- end
46
-
47
- def unsupported_response_type!(description = nil, options = {})
48
- error!(:unsupported_response_type, description, options)
49
- end
50
-
51
- def invalid_scope!(description = nil, options = {})
52
- error!(:invalid_scope, description, options)
53
- end
54
-
55
- end
56
- end
57
- end
58
- end
59
- end
data/lib/rack/oauth2/server/token/assertion.rb DELETED
@@ -1,29 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
- class Token
5
- class Assertion < Abstract::Handler
6
-
7
- def call(env)
8
- @request = Request.new(env)
9
- @response = Response.new(request)
10
- super
11
- end
12
-
13
- class Request < Token::Request
14
- attr_required :assertion_type, :assertion
15
-
16
- def initialize(env)
17
- super
18
- @grant_type = 'assertion'
19
- @assertion_type = params['assertion_type']
20
- @assertion = params['assertion']
21
- attr_missing!
22
- end
23
- end
24
-
25
- end
26
- end
27
- end
28
- end
29
- end
data/spec/rack/oauth2/server/authorize/code_and_token_spec.rb DELETED
@@ -1,53 +0,0 @@
1
- require 'spec_helper.rb'
2
-
3
- describe Rack::OAuth2::Server::Authorize::CodeAndToken do
4
-
5
- context "when authorized" do
6
-
7
- before do
8
- @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
9
- response.approve!
10
- response.code = "authorization_code"
11
- response.access_token = "access_token"
12
- end
13
- @request = Rack::MockRequest.new @app
14
- end
15
-
16
- it "should redirect to redirect_uri with authorization code" do
17
- response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback")
18
- response.status.should == 302
19
- response.location.should == "http://client.example.com/callback?code=authorization_code#access_token=access_token"
20
- end
21
-
22
- context "when redirect_uri already includes query and fragment" do
23
- it "should keep original query and fragment" do
24
- response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback?k=v%23fragment")
25
- response.status.should == 302
26
- response.location.should == "http://client.example.com/callback?k=v&code=authorization_code#fragment&access_token=access_token"
27
- end
28
- end
29
-
30
- end
31
-
32
- context "when denied" do
33
-
34
- before do
35
- @app = Rack::OAuth2::Server::Authorize.new(simple_app) do |request, response|
36
- request.access_denied! 'User rejected the requested access.'
37
- end
38
- @request = Rack::MockRequest.new @app
39
- end
40
-
41
- it "should redirect to redirect_uri with error message" do
42
- response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback")
43
- response.status.should == 302
44
- error_message = {
45
- :error => :access_denied,
46
- :error_description => "User rejected the requested access."
47
- }
48
- response.location.should == "http://client.example.com/callback?#{error_message.to_query}"
49
- end
50
-
51
- end
52
-
53
- end
data/spec/rack/oauth2/server/error/authorize_spec.rb DELETED
@@ -1,102 +0,0 @@
1
- require 'spec_helper.rb'
2
-
3
- describe Rack::OAuth2::Server::Authorize::Request do
4
-
5
- before do
6
- @request = Rack::OAuth2::Server::Authorize::Request.new(
7
- Rack::MockRequest.env_for("/authorize", :params => {
8
- :client_id => "client_id",
9
- :response_type => "code"
10
- })
11
- )
12
- end
13
-
14
- describe "#error!" do
15
- it "should raise BadRequest error" do
16
- lambda do
17
- @request.error! :something
18
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
19
- e.error.should == :something
20
- e.description.should be_nil
21
- }
22
- end
23
- end
24
-
25
- describe "#invalid_request!" do
26
- it "should raise BadRequest error" do
27
- lambda do
28
- @request.invalid_request!
29
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
30
- e.error.should == :invalid_request
31
- e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:invalid_request]
32
- }
33
- end
34
- end
35
-
36
- describe "#invalid_client!" do
37
- it "should raise BadRequest error" do
38
- lambda do
39
- @request.invalid_client!
40
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
41
- e.error.should == :invalid_client
42
- e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:invalid_client]
43
- }
44
- end
45
- end
46
-
47
- describe "#unauthorized_client!" do
48
- it "should raise BadRequest error" do
49
- lambda do
50
- @request.unauthorized_client!
51
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
52
- e.error.should == :unauthorized_client
53
- e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:unauthorized_client]
54
- }
55
- end
56
- end
57
-
58
- describe "#redirect_uri_mismatch!" do
59
- it "should raise BadRequest error" do
60
- lambda do
61
- @request.redirect_uri_mismatch!
62
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
63
- e.error.should == :redirect_uri_mismatch
64
- e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:redirect_uri_mismatch]
65
- }
66
- end
67
- end
68
-
69
- describe "#access_denied!" do
70
- it "should raise BadRequest error" do
71
- lambda do
72
- @request.access_denied!
73
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
74
- e.error.should == :access_denied
75
- e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:access_denied]
76
- }
77
- end
78
- end
79
-
80
- describe "#unsupported_response_type!" do
81
- it "should raise BadRequest error" do
82
- lambda do
83
- @request.unsupported_response_type!
84
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
85
- e.error.should == :unsupported_response_type
86
- e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:unsupported_response_type]
87
- }
88
- end
89
- end
90
-
91
- describe "#invalid_scope!" do
92
- it "should raise BadRequest error" do
93
- lambda do
94
- @request.invalid_scope!
95
- end.should raise_error(Rack::OAuth2::Server::BadRequest) { |e|
96
- e.error.should == :invalid_scope
97
- e.description.should == Rack::OAuth2::Server::Error::Authorize::DEFAULT_DESCRIPTION[:invalid_scope]
98
- }
99
- end
100
- end
101
-
102
- end