rack-oauth2 0.5.1 → 0.6.0.alpha
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/lib/rack/oauth2.rb +2 -1
- data/lib/rack/oauth2/access_token.rb +30 -0
- data/lib/rack/oauth2/access_token/bearer.rb +29 -0
- data/lib/rack/oauth2/access_token/mac.rb +109 -0
- data/lib/rack/oauth2/access_token/mac/body_hash.rb +15 -0
- data/lib/rack/oauth2/access_token/mac/signature.rb +49 -0
- data/lib/rack/oauth2/access_token/mac/verifier.rb +43 -0
- data/lib/rack/oauth2/server/authorize/code.rb +0 -1
- data/lib/rack/oauth2/server/resource.rb +55 -1
- data/lib/rack/oauth2/server/resource/bearer.rb +12 -39
- data/lib/rack/oauth2/server/resource/bearer/error.rb +5 -60
- data/lib/rack/oauth2/server/resource/error.rb +81 -0
- data/lib/rack/oauth2/server/resource/mac.rb +39 -0
- data/lib/rack/oauth2/server/resource/mac/error.rb +24 -0
- data/lib/rack/oauth2/server/token.rb +3 -10
- data/lib/rack/oauth2/server/token/refresh_token.rb +0 -2
- data/lib/rack/oauth2/util.rb +10 -0
- data/spec/fake_response/facebook_token_response.txt +1 -0
- data/spec/fake_response/resources/fake.txt +1 -0
- data/spec/helpers/time.rb +19 -0
- data/spec/rack/oauth2/access_token/bearer_spec.rb +43 -0
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +23 -0
- data/spec/rack/oauth2/access_token/mac_spec.rb +163 -0
- data/spec/rack/oauth2/access_token_spec.rb +48 -0
- data/spec/rack/oauth2/client_spec.rb +18 -6
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +9 -87
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +40 -69
- data/spec/rack/oauth2/server/resource/error_spec.rb +147 -0
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/mac_spec.rb +92 -0
- data/spec/rack/oauth2/server/resource_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +1 -2
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +1 -2
- data/spec/rack/oauth2/server/token/password_spec.rb +1 -2
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +1 -2
- data/spec/rack/oauth2/server/token_spec.rb +1 -2
- data/spec/rack/oauth2/util_spec.rb +10 -0
- data/spec/spec_helper.rb +1 -0
- metadata +38 -6
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Resource::MAC::Unauthorized do
|
4
|
+
let(:error) { Rack::OAuth2::Server::Resource::MAC::Unauthorized.new(:invalid_token) }
|
5
|
+
|
6
|
+
it { should be_a Rack::OAuth2::Server::Resource::Unauthorized }
|
7
|
+
|
8
|
+
describe '#scheme' do
|
9
|
+
subject { error }
|
10
|
+
its(:scheme) { should == :MAC }
|
11
|
+
end
|
12
|
+
|
13
|
+
describe '#finish' do
|
14
|
+
it 'should use MAC scheme' do
|
15
|
+
status, header, response = error.finish
|
16
|
+
header['WWW-Authenticate'].should =~ /^MAC /
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe Rack::OAuth2::Server::Resource::MAC::ErrorMethods do
|
22
|
+
let(:unauthorized) { Rack::OAuth2::Server::Resource::MAC::Unauthorized }
|
23
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
24
|
+
let(:default_description) { Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION }
|
25
|
+
let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
|
26
|
+
let(:request) { Rack::OAuth2::Server::Resource::MAC::Request.new env }
|
27
|
+
|
28
|
+
describe 'unauthorized!' do
|
29
|
+
it do
|
30
|
+
expect { request.unauthorized! :invalid_client }.should raise_error unauthorized
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
Rack::OAuth2::Server::Resource::Bearer::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
|
35
|
+
method = "#{error_code}!"
|
36
|
+
case error_code
|
37
|
+
when :invalid_request
|
38
|
+
# ignore
|
39
|
+
when :insufficient_scope
|
40
|
+
# ignore
|
41
|
+
else
|
42
|
+
describe method do
|
43
|
+
it "should raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized with error = :#{error_code}" do
|
44
|
+
expect { request.send method }.should raise_error(unauthorized) { |error|
|
45
|
+
error.error.should == error_code
|
46
|
+
error.description.should == default_description[error_code]
|
47
|
+
}
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,92 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Resource::MAC do
|
4
|
+
let(:app) do
|
5
|
+
Rack::OAuth2::Server::Resource::MAC.new(simple_app) do |request|
|
6
|
+
case request.access_token
|
7
|
+
when 'valid_token'
|
8
|
+
# nothing to do
|
9
|
+
when 'insufficient_scope_token'
|
10
|
+
request.insufficient_scope!
|
11
|
+
else
|
12
|
+
request.invalid_token!
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
let(:access_token) { env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN] }
|
17
|
+
let(:request) { app.call(env) }
|
18
|
+
subject { app.call(env) }
|
19
|
+
|
20
|
+
shared_examples_for :non_mac_request do
|
21
|
+
it 'should skip OAuth 2.0 authentication' do
|
22
|
+
status, header, response = request
|
23
|
+
status.should == 200
|
24
|
+
access_token.should be_nil
|
25
|
+
end
|
26
|
+
end
|
27
|
+
shared_examples_for :authenticated_mac_request do
|
28
|
+
it 'should be authenticated' do
|
29
|
+
status, header, response = request
|
30
|
+
status.should == 200
|
31
|
+
access_token.should == 'valid_token'
|
32
|
+
end
|
33
|
+
end
|
34
|
+
shared_examples_for :unauthorized_mac_request do
|
35
|
+
it 'should be unauthorized' do
|
36
|
+
status, header, response = request
|
37
|
+
status.should == 401
|
38
|
+
header['WWW-Authenticate'].should include 'MAC'
|
39
|
+
access_token.should be_nil
|
40
|
+
end
|
41
|
+
end
|
42
|
+
shared_examples_for :bad_mac_request do
|
43
|
+
it 'should be unauthorized' do
|
44
|
+
status, header, response = request
|
45
|
+
status.should == 400
|
46
|
+
access_token.should be_nil
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
context 'when no access token is given' do
|
51
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource') }
|
52
|
+
it 'should skip OAuth 2.0 authentication' do
|
53
|
+
status, header, response = request
|
54
|
+
status.should == 200
|
55
|
+
access_token.should be_nil
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
context 'when valid_token is given' do
|
60
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC token="valid_token"') }
|
61
|
+
it_behaves_like :authenticated_mac_request
|
62
|
+
end
|
63
|
+
|
64
|
+
context 'when invalid_token is given' do
|
65
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC token="invalid_token"') }
|
66
|
+
it_behaves_like :unauthorized_mac_request
|
67
|
+
|
68
|
+
describe 'realm' do
|
69
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC token="invalid_token"') }
|
70
|
+
|
71
|
+
context 'when specified' do
|
72
|
+
let(:realm) { 'server.example.com' }
|
73
|
+
let(:app) do
|
74
|
+
Rack::OAuth2::Server::Resource::MAC.new(simple_app, realm) do |request|
|
75
|
+
request.unauthorized!
|
76
|
+
end
|
77
|
+
end
|
78
|
+
it 'should use specified realm' do
|
79
|
+
status, header, response = request
|
80
|
+
header['WWW-Authenticate'].should include "MAC realm=\"#{realm}\""
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
context 'otherwize' do
|
85
|
+
it 'should use default realm' do
|
86
|
+
status, header, response = request
|
87
|
+
header['WWW-Authenticate'].should include "MAC realm=\"#{Rack::OAuth2::Server::Resource::DEFAULT_REALM}\""
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Resource do
|
4
|
+
subject { Rack::OAuth2::Server::Resource.new(simple_app, 'realm') }
|
5
|
+
its(:realm) { should == 'realm' }
|
6
|
+
end
|
7
|
+
|
8
|
+
describe Rack::OAuth2::Server::Resource::Request do
|
9
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource') }
|
10
|
+
let(:request) { Rack::OAuth2::Server::Resource::Request.new(env) }
|
11
|
+
|
12
|
+
describe '#setup!' do
|
13
|
+
it do
|
14
|
+
expect { request.setup! }.should raise_error(RuntimeError, 'Define me!')
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
describe '#oauth2?' do
|
19
|
+
it do
|
20
|
+
expect { request.oauth2? }.should raise_error(RuntimeError, 'Define me!')
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::Password do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -5,8 +5,7 @@ describe Rack::OAuth2::Server::Token do
|
|
5
5
|
let(:request) { Rack::MockRequest.new app }
|
6
6
|
let(:app) do
|
7
7
|
Rack::OAuth2::Server::Token.new do |request, response|
|
8
|
-
response.access_token = 'access_token'
|
9
|
-
response.token_type = :bearer
|
8
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
10
9
|
end
|
11
10
|
end
|
12
11
|
let(:params) do
|
@@ -9,6 +9,16 @@ describe Rack::OAuth2::Util do
|
|
9
9
|
'http://client.example.com/callback'
|
10
10
|
end
|
11
11
|
|
12
|
+
describe '.rfc3986_encode' do
|
13
|
+
subject { util.rfc3986_encode '=+ .-/' }
|
14
|
+
it { should == '%3D%2B%20.-%2F' }
|
15
|
+
end
|
16
|
+
|
17
|
+
describe '.base64_encode' do
|
18
|
+
subject { util.base64_encode '=+ .-/' }
|
19
|
+
it { should == 'PSsgLi0v' }
|
20
|
+
end
|
21
|
+
|
12
22
|
describe '.compact_hash' do
|
13
23
|
subject { util.compact_hash :k1 => 'v1', :k2 => '', :k3 => nil }
|
14
24
|
it { should == {:k1 => 'v1'} }
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
5
|
-
prerelease:
|
4
|
+
hash: -1851332210
|
5
|
+
prerelease: 6
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
-
|
10
|
-
|
8
|
+
- 6
|
9
|
+
- 0
|
10
|
+
- alpha
|
11
|
+
version: 0.6.0.alpha
|
11
12
|
platform: ruby
|
12
13
|
authors:
|
13
14
|
- nov matake
|
@@ -15,7 +16,7 @@ autorequire:
|
|
15
16
|
bindir: bin
|
16
17
|
cert_chain: []
|
17
18
|
|
18
|
-
date: 2011-04-
|
19
|
+
date: 2011-04-20 00:00:00 +09:00
|
19
20
|
default_executable:
|
20
21
|
dependencies:
|
21
22
|
- !ruby/object:Gem::Dependency
|
@@ -186,6 +187,12 @@ files:
|
|
186
187
|
- Rakefile
|
187
188
|
- VERSION
|
188
189
|
- lib/rack/oauth2.rb
|
190
|
+
- lib/rack/oauth2/access_token.rb
|
191
|
+
- lib/rack/oauth2/access_token/bearer.rb
|
192
|
+
- lib/rack/oauth2/access_token/mac.rb
|
193
|
+
- lib/rack/oauth2/access_token/mac/body_hash.rb
|
194
|
+
- lib/rack/oauth2/access_token/mac/signature.rb
|
195
|
+
- lib/rack/oauth2/access_token/mac/verifier.rb
|
189
196
|
- lib/rack/oauth2/client.rb
|
190
197
|
- lib/rack/oauth2/client/error.rb
|
191
198
|
- lib/rack/oauth2/client/grant.rb
|
@@ -206,6 +213,9 @@ files:
|
|
206
213
|
- lib/rack/oauth2/server/resource.rb
|
207
214
|
- lib/rack/oauth2/server/resource/bearer.rb
|
208
215
|
- lib/rack/oauth2/server/resource/bearer/error.rb
|
216
|
+
- lib/rack/oauth2/server/resource/error.rb
|
217
|
+
- lib/rack/oauth2/server/resource/mac.rb
|
218
|
+
- lib/rack/oauth2/server/resource/mac/error.rb
|
209
219
|
- lib/rack/oauth2/server/token.rb
|
210
220
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
211
221
|
- lib/rack/oauth2/server/token/client_credentials.rb
|
@@ -214,8 +224,15 @@ files:
|
|
214
224
|
- lib/rack/oauth2/server/token/refresh_token.rb
|
215
225
|
- lib/rack/oauth2/util.rb
|
216
226
|
- rack-oauth2.gemspec
|
227
|
+
- spec/fake_response/facebook_token_response.txt
|
217
228
|
- spec/fake_response/invalid_request.json
|
229
|
+
- spec/fake_response/resources/fake.txt
|
218
230
|
- spec/fake_response/token.json
|
231
|
+
- spec/helpers/time.rb
|
232
|
+
- spec/rack/oauth2/access_token/bearer_spec.rb
|
233
|
+
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
234
|
+
- spec/rack/oauth2/access_token/mac_spec.rb
|
235
|
+
- spec/rack/oauth2/access_token_spec.rb
|
219
236
|
- spec/rack/oauth2/client/error_spec.rb
|
220
237
|
- spec/rack/oauth2/client_spec.rb
|
221
238
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
@@ -225,6 +242,10 @@ files:
|
|
225
242
|
- spec/rack/oauth2/server/authorize_spec.rb
|
226
243
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
227
244
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
245
|
+
- spec/rack/oauth2/server/resource/error_spec.rb
|
246
|
+
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
247
|
+
- spec/rack/oauth2/server/resource/mac_spec.rb
|
248
|
+
- spec/rack/oauth2/server/resource_spec.rb
|
228
249
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
229
250
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
230
251
|
- spec/rack/oauth2/server/token/error_spec.rb
|
@@ -270,8 +291,15 @@ signing_key:
|
|
270
291
|
specification_version: 3
|
271
292
|
summary: Rack Middleware for OAuth2 server
|
272
293
|
test_files:
|
294
|
+
- spec/fake_response/facebook_token_response.txt
|
273
295
|
- spec/fake_response/invalid_request.json
|
296
|
+
- spec/fake_response/resources/fake.txt
|
274
297
|
- spec/fake_response/token.json
|
298
|
+
- spec/helpers/time.rb
|
299
|
+
- spec/rack/oauth2/access_token/bearer_spec.rb
|
300
|
+
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
301
|
+
- spec/rack/oauth2/access_token/mac_spec.rb
|
302
|
+
- spec/rack/oauth2/access_token_spec.rb
|
275
303
|
- spec/rack/oauth2/client/error_spec.rb
|
276
304
|
- spec/rack/oauth2/client_spec.rb
|
277
305
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
@@ -281,6 +309,10 @@ test_files:
|
|
281
309
|
- spec/rack/oauth2/server/authorize_spec.rb
|
282
310
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
283
311
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
312
|
+
- spec/rack/oauth2/server/resource/error_spec.rb
|
313
|
+
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
314
|
+
- spec/rack/oauth2/server/resource/mac_spec.rb
|
315
|
+
- spec/rack/oauth2/server/resource_spec.rb
|
284
316
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
285
317
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
286
318
|
- spec/rack/oauth2/server/token/error_spec.rb
|