rack-oauth2 0.5.1 → 0.6.0.alpha

data/spec/rack/oauth2/access_token_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe Rack::OAuth2::AccessToken do
+  subject do
+    Rack::OAuth2::AccessToken::Bearer.new(
+      :access_token => 'access_token',
+      :refresh_token => 'refresh_token',
+      :expires_in => 3600,
+      :scope => [:scope1, :scope2]
+    )
+  end
+
+  its(:access_token)  { should == 'access_token' }
+  its(:refresh_token) { should == 'refresh_token' }
+  its(:expires_in)    { should == 3600 }
+  its(:scope)         { should == [:scope1, :scope2] }
+  its(:token_response) do
+    should == {
+      :token_type => :bearer,
+      :access_token => 'access_token',
+      :refresh_token => 'refresh_token',
+      :expires_in => 3600,
+      :scope => 'scope1 scope2'
+    }
+  end
+
+  context 'when access_token is missing' do
+    it do
+      expect do
+        Rack::OAuth2::AccessToken::Bearer.new(
+          :refresh_token => 'refresh_token',
+          :expires_in => 3600,
+          :scope => [:scope1, :scope2]
+        )
+      end.should raise_error AttrRequired::AttrMissing
+    end
+  end
+
+  context 'otherwise' do
+    it do
+      expect do
+        Rack::OAuth2::AccessToken::Bearer.new(
+          :access_token => 'access_token'
+        )
+      end.should_not raise_error
+    end
+  end
+end

data/spec/rack/oauth2/client_spec.rb

@@ -18,9 +18,7 @@ describe Rack::OAuth2::Client do
 
   context 'when identifier is missing' do
     it do
-      lambda do
-        Rack::OAuth2::Client.new
-      end.should raise_error AttrRequired::AttrMissing
+      expect { Rack::OAuth2::Client.new }.should raise_error AttrRequired::AttrMissing
     end
   end
 
@@ -100,9 +98,23 @@ describe Rack::OAuth2::Client do
         )
       end
       it do
-        lambda do
-          client.access_token!
-        end.should raise_error Rack::OAuth2::Client::Error
+        expect { client.access_token! }.should raise_error Rack::OAuth2::Client::Error
+      end
+    end
+
+    context 'when key-value response is given' do
+      before do
+        fake_response(
+          :post,
+          'https://server.example.com/oauth2/token',
+          'facebook_token_response.txt'
+        )
+      end
+      it do
+        client.access_token!.should == {
+          'access_token' => 'access_token',
+          'expires_in' => '3600' # NOTE: String not Integer
+        }
       end
     end
   end

data/spec/rack/oauth2/server/resource/bearer/error_spec.rb

@@ -1,94 +1,30 @@
 require 'spec_helper.rb'
 
-describe Rack::OAuth2::Server::Resource::Bearer::BadRequest do
-  let(:error) { Rack::OAuth2::Server::Resource::Bearer::BadRequest.new(:invalid_request) }
-
-  it { should be_a Rack::OAuth2::Server::Abstract::BadRequest }
-  describe '#finish' do
-    it 'should respond in JSON' do
-      status, header, response = error.finish
-      status.should == 400
-      header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"invalid_request"}']
-    end
-  end
-end
-
 describe Rack::OAuth2::Server::Resource::Bearer::Unauthorized do
   let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token) }
-  let(:realm) { Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM }
 
-  it { should be_a Rack::OAuth2::Server::Abstract::Unauthorized }
-  describe '#finish' do
-    it 'should respond in JSON' do
-      status, header, response = error.finish
-      status.should == 401
-      header['Content-Type'].should == 'application/json'
-      header['WWW-Authenticate'].should == "Bearer realm=\"#{realm}\" error=\"invalid_token\""
-      response.body.should == ['{"error":"invalid_token"}']
-    end
-  end
+  it { should be_a Rack::OAuth2::Server::Resource::Unauthorized }
 
-  context 'when error_code is not invalid_token' do
-    let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something) }
-
-    it 'should have error_code in body but not in WWW-Authenticate header' do
-      status, header, response = error.finish
-      header['WWW-Authenticate'].should == "Bearer realm=\"#{realm}\""
-      response.body.first.should include '"error":"something"'
-    end
-  end
-
-  context 'when realm is specified' do
-    let(:realm) { 'server.example.com' }
-    let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, :realm => realm) }
-
-    it 'should use given realm' do
-      status, header, response = error.finish
-      header['WWW-Authenticate'].should == "Bearer realm=\"#{realm}\""
-      response.body.first.should include '"error":"something"'
-    end
+  describe '#scheme' do
+    subject { error }
+    its(:scheme) { should == :Bearer }
   end
-end
-
-describe Rack::OAuth2::Server::Resource::Bearer::Forbidden do
-  let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope) }
 
-  it { should be_a Rack::OAuth2::Server::Abstract::Forbidden }
   describe '#finish' do
-    it 'should respond in JSON' do
+    it 'should use Bearer scheme' do
       status, header, response = error.finish
-      status.should == 403
-      header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"insufficient_scope"}']
-    end
-  end
-
-  context 'when scope option is given' do
-    let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', :scope => [:scope1, :scope2]) }
-
-    it 'should have blank WWW-Authenticate header' do
-      status, header, response = error.finish
-      response.body.first.should include '"scope":"scope1 scope2"'
+      header['WWW-Authenticate'].should include 'Bearer'
     end
   end
 end
 
 describe Rack::OAuth2::Server::Resource::Bearer::ErrorMethods do
-  let(:bad_request)         { Rack::OAuth2::Server::Resource::Bearer::BadRequest }
   let(:unauthorized)        { Rack::OAuth2::Server::Resource::Bearer::Unauthorized }
-  let(:forbidden)           { Rack::OAuth2::Server::Resource::Bearer::Forbidden }
   let(:redirect_uri)        { 'http://client.example.com/callback' }
-  let(:default_description) { Rack::OAuth2::Server::Resource::Bearer::ErrorMethods::DEFAULT_DESCRIPTION }
+  let(:default_description) { Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION }
   let(:env)                 { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
   let(:request)             { Rack::OAuth2::Server::Resource::Bearer::Request.new env }
 
-  describe 'bad_request!' do
-    it do
-      expect { request.bad_request! :invalid_request }.should raise_error bad_request
-    end
-  end
-
   describe 'unauthorized!' do
     it do
       expect { request.unauthorized! :invalid_client }.should raise_error unauthorized
@@ -99,23 +35,9 @@ describe Rack::OAuth2::Server::Resource::Bearer::ErrorMethods do
     method = "#{error_code}!"
     case error_code
     when :invalid_request
-      describe method do
-        it "should raise Rack::OAuth2::Server::Resource::Bearer::BadRequest with error = :#{error_code}" do
-          expect { request.send method }.should raise_error(bad_request) { |error|
-            error.error.should       == error_code
-            error.description.should == default_description[error_code]
-          }
-        end
-      end
+      # ignore
     when :insufficient_scope
-      describe method do
-        it "should raise Rack::OAuth2::Server::Resource::Bearer::Forbidden with error = :#{error_code}" do
-          expect { request.send method }.should raise_error(forbidden) { |error|
-            error.error.should       == error_code
-            error.description.should == default_description[error_code]
-          }
-        end
-      end
+      # ignore
     else
       describe method do
         it "should raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized with error = :#{error_code}" do

data/spec/rack/oauth2/server/resource/bearer_spec.rb

@@ -13,25 +13,18 @@ describe Rack::OAuth2::Server::Resource::Bearer do
       end
     end
   end
-  let(:access_token) { env[Rack::OAuth2::Server::Resource::Bearer::ACCESS_TOKEN] }
+  let(:access_token) { env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN] }
   let(:request) { app.call(env) }
   subject { app.call(env) }
 
-  shared_examples_for :non_oauth2_request do
-    it 'should skip OAuth 2.0 authentication' do
-      status, header, response = request
-      status.should == 200
-      access_token.should be_nil
-    end
-  end
-  shared_examples_for :authenticated_request do
+  shared_examples_for :authenticated_bearer_request do
     it 'should be authenticated' do
       status, header, response = request
       status.should == 200
       access_token.should == 'valid_token'
     end
   end
-  shared_examples_for :unauthorized_request do
+  shared_examples_for :unauthorized_bearer_request do
     it 'should be unauthorized' do
       status, header, response = request
       status.should == 401
@@ -39,8 +32,8 @@ describe Rack::OAuth2::Server::Resource::Bearer do
       access_token.should be_nil
     end
   end
-  shared_examples_for :bad_request do
-    it 'should be unauthorized' do
+  shared_examples_for :bad_bearer_request do
+    it 'should be bad_request' do
       status, header, response = request
       status.should == 400
       access_token.should be_nil
@@ -49,30 +42,58 @@ describe Rack::OAuth2::Server::Resource::Bearer do
 
   context 'when no access token is given' do
     let(:env) { Rack::MockRequest.env_for('/protected_resource') }
-    it_behaves_like :non_oauth2_request
+    it 'should skip OAuth 2.0 authentication' do
+      status, header, response = request
+      status.should == 200
+      access_token.should be_nil
+    end
   end
 
   context 'when valid_token is given' do
     context 'when token is in Authorization header' do
       let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'Bearer valid_token') }
-      it_behaves_like :authenticated_request
+      it_behaves_like :authenticated_bearer_request
     end
 
     context 'when token is in params' do
       let(:env) { Rack::MockRequest.env_for('/protected_resource', :params => {:bearer_token => 'valid_token'}) }
-      it_behaves_like :authenticated_request
+      it_behaves_like :authenticated_bearer_request
     end
   end
 
   context 'when invalid_token is given' do
+    let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'Bearer invalid_token') }
+
     context 'when token is in Authorization header' do
-      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'Bearer invalid_token') }
-      it_behaves_like :unauthorized_request
+      it_behaves_like :unauthorized_bearer_request
     end
 
     context 'when token is in params' do
       let(:env) { Rack::MockRequest.env_for('/protected_resource', :params => {:bearer_token => 'invalid_token'}) }
-      it_behaves_like :unauthorized_request
+      it_behaves_like :unauthorized_bearer_request
+    end
+
+    describe 'realm' do
+
+      context 'when specified' do
+        let(:realm) { 'server.example.com' }
+        let(:app) do
+          Rack::OAuth2::Server::Resource::Bearer.new(simple_app, realm) do |request|
+            request.unauthorized!
+          end
+        end
+        it 'should use specified realm' do
+          status, header, response = request
+          header['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
+        end
+      end
+
+      context 'otherwize' do
+        it 'should use default realm' do
+          status, header, response = request
+          header['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
+        end
+      end
     end
   end
 
@@ -85,57 +106,7 @@ describe Rack::OAuth2::Server::Resource::Bearer do
           :params => {:bearer_token => 'valid_token'}
         )
       end
-      it_behaves_like :bad_request
-    end
-  end
-
-  context 'when OAuth 1.0 request' do
-    context 'when token is in Authorization header' do
-      let(:env) do
-        Rack::MockRequest.env_for(
-          '/protected_resource',
-          'HTTP_AUTHORIZATION' => 'OAuth oauth_consumer_key="key" oauth_token="token" oauth_signature_method="HMAC-SHA1" oauth_signature="sig" oauth_timestamp="123456789" oauth_nonce="nonce"'
-        )
-      end
-      it_behaves_like :non_oauth2_request
-    end
-
-    context 'when token is in params' do
-      let(:env) do
-        Rack::MockRequest.env_for('/protected_resource', :params => {
-          :oauth_consumer_key => 'key',
-          :oauth_token => 'token',
-          :oauth_signature_method => 'HMAC-SHA1',
-          :oauth_signature => 'sig',
-          :oauth_timestamp => 123456789,
-          :oauth_nonce => 'nonce'
-        })
-      end
-      it_behaves_like :non_oauth2_request
-    end
-  end
-
-  describe 'realm' do
-    let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'Bearer invalid_token') }
-
-    context 'when specified' do
-      let(:realm) { 'server.example.com' }
-      let(:app) do
-        Rack::OAuth2::Server::Resource::Bearer.new(simple_app, realm) do |request|
-          request.unauthorized!
-        end
-      end
-      it 'should use specified realm' do
-        status, header, response = request
-        header['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
-      end
-    end
-
-    context 'otherwize' do
-      it 'should use default realm' do
-        status, header, response = request
-        header['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
-      end
+      it_behaves_like :bad_bearer_request
     end
   end
 end

data/spec/rack/oauth2/server/resource/error_spec.rb

@@ -0,0 +1,147 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Resource::BadRequest do
+  let(:error) { Rack::OAuth2::Server::Resource::BadRequest.new(:invalid_request) }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::BadRequest }
+
+  describe '#finish' do
+    it 'should respond in JSON' do
+      status, header, response = error.finish
+      status.should == 400
+      header['Content-Type'].should == 'application/json'
+      response.body.should == ['{"error":"invalid_request"}']
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Resource::Unauthorized do
+  let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:invalid_token) }
+  let(:realm) { Rack::OAuth2::Server::Resource::DEFAULT_REALM }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::Unauthorized }
+
+  describe '#scheme' do
+    it do
+      expect { error.scheme }.should raise_error(RuntimeError, 'Define me!')
+    end
+  end
+
+  context 'when scheme is defined' do
+    let :error_with_scheme do
+      e = error
+      e.instance_eval do
+        def scheme
+          :Scheme
+        end
+      end
+      e
+    end
+
+    describe '#finish' do
+      it 'should respond in JSON' do
+        status, header, response = error_with_scheme.finish
+        status.should == 401
+        header['Content-Type'].should == 'application/json'
+        header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\" error=\"invalid_token\""
+        response.body.should == ['{"error":"invalid_token"}']
+      end
+
+      context 'when error_code is not invalid_token' do
+        let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
+
+        it 'should have error_code in body but not in WWW-Authenticate header' do
+          status, header, response = error_with_scheme.finish
+          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          response.body.first.should include '"error":"something"'
+        end
+      end
+
+      context 'when realm is specified' do
+        let(:realm) { 'server.example.com' }
+        let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, :realm => realm) }
+
+        it 'should use given realm' do
+          status, header, response = error_with_scheme.finish
+          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          response.body.first.should include '"error":"something"'
+        end
+      end
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Resource::Forbidden do
+  let(:error) { Rack::OAuth2::Server::Resource::Forbidden.new(:insufficient_scope) }
+
+  it { should be_a Rack::OAuth2::Server::Abstract::Forbidden }
+
+  describe '#finish' do
+    it 'should respond in JSON' do
+      status, header, response = error.finish
+      status.should == 403
+      header['Content-Type'].should == 'application/json'
+      response.body.should == ['{"error":"insufficient_scope"}']
+    end
+  end
+
+  context 'when scope option is given' do
+    let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', :scope => [:scope1, :scope2]) }
+
+    it 'should have blank WWW-Authenticate header' do
+      status, header, response = error.finish
+      response.body.first.should include '"scope":"scope1 scope2"'
+    end
+  end
+end
+
+describe Rack::OAuth2::Server::Resource::Bearer::ErrorMethods do
+  let(:bad_request)         { Rack::OAuth2::Server::Resource::BadRequest }
+  let(:forbidden)           { Rack::OAuth2::Server::Resource::Forbidden }
+  let(:redirect_uri)        { 'http://client.example.com/callback' }
+  let(:default_description) { Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION }
+  let(:env)                 { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
+  let(:request)             { Rack::OAuth2::Server::Resource::Request.new env }
+
+  describe 'bad_request!' do
+    it do
+      expect { request.bad_request! :invalid_request }.should raise_error bad_request
+    end
+  end
+
+  describe 'unauthorized!' do
+    it do
+      expect { request.unauthorized! :invalid_client }.should raise_error(RuntimeError, 'Define me!')
+    end
+  end
+
+  Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
+    method = "#{error_code}!"
+    case error_code
+    when :invalid_request
+      describe method do
+        it "should raise Rack::OAuth2::Server::Resource::BadRequest with error = :#{error_code}" do
+          expect { request.send method }.should raise_error(bad_request) { |error|
+            error.error.should       == error_code
+            error.description.should == default_description[error_code]
+          }
+        end
+      end
+    when :insufficient_scope
+      describe method do
+        it "should raise Rack::OAuth2::Server::Resource::Forbidden with error = :#{error_code}" do
+          expect { request.send method }.should raise_error(forbidden) { |error|
+            error.error.should       == error_code
+            error.description.should == default_description[error_code]
+          }
+        end
+      end
+    else
+      describe method do
+        it do
+          expect { request.send method }.should raise_error(RuntimeError, 'Define me!')
+        end
+      end
+    end
+  end
+end