rack-oauth2 0.5.1 → 0.6.0.alpha
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/rack/oauth2.rb +2 -1
- data/lib/rack/oauth2/access_token.rb +30 -0
- data/lib/rack/oauth2/access_token/bearer.rb +29 -0
- data/lib/rack/oauth2/access_token/mac.rb +109 -0
- data/lib/rack/oauth2/access_token/mac/body_hash.rb +15 -0
- data/lib/rack/oauth2/access_token/mac/signature.rb +49 -0
- data/lib/rack/oauth2/access_token/mac/verifier.rb +43 -0
- data/lib/rack/oauth2/server/authorize/code.rb +0 -1
- data/lib/rack/oauth2/server/resource.rb +55 -1
- data/lib/rack/oauth2/server/resource/bearer.rb +12 -39
- data/lib/rack/oauth2/server/resource/bearer/error.rb +5 -60
- data/lib/rack/oauth2/server/resource/error.rb +81 -0
- data/lib/rack/oauth2/server/resource/mac.rb +39 -0
- data/lib/rack/oauth2/server/resource/mac/error.rb +24 -0
- data/lib/rack/oauth2/server/token.rb +3 -10
- data/lib/rack/oauth2/server/token/refresh_token.rb +0 -2
- data/lib/rack/oauth2/util.rb +10 -0
- data/spec/fake_response/facebook_token_response.txt +1 -0
- data/spec/fake_response/resources/fake.txt +1 -0
- data/spec/helpers/time.rb +19 -0
- data/spec/rack/oauth2/access_token/bearer_spec.rb +43 -0
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +23 -0
- data/spec/rack/oauth2/access_token/mac_spec.rb +163 -0
- data/spec/rack/oauth2/access_token_spec.rb +48 -0
- data/spec/rack/oauth2/client_spec.rb +18 -6
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +9 -87
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +40 -69
- data/spec/rack/oauth2/server/resource/error_spec.rb +147 -0
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +52 -0
- data/spec/rack/oauth2/server/resource/mac_spec.rb +92 -0
- data/spec/rack/oauth2/server/resource_spec.rb +23 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +1 -2
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +1 -2
- data/spec/rack/oauth2/server/token/password_spec.rb +1 -2
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +1 -2
- data/spec/rack/oauth2/server/token_spec.rb +1 -2
- data/spec/rack/oauth2/util_spec.rb +10 -0
- data/spec/spec_helper.rb +1 -0
- metadata +38 -6
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Resource::MAC::Unauthorized do
|
4
|
+
let(:error) { Rack::OAuth2::Server::Resource::MAC::Unauthorized.new(:invalid_token) }
|
5
|
+
|
6
|
+
it { should be_a Rack::OAuth2::Server::Resource::Unauthorized }
|
7
|
+
|
8
|
+
describe '#scheme' do
|
9
|
+
subject { error }
|
10
|
+
its(:scheme) { should == :MAC }
|
11
|
+
end
|
12
|
+
|
13
|
+
describe '#finish' do
|
14
|
+
it 'should use MAC scheme' do
|
15
|
+
status, header, response = error.finish
|
16
|
+
header['WWW-Authenticate'].should =~ /^MAC /
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe Rack::OAuth2::Server::Resource::MAC::ErrorMethods do
|
22
|
+
let(:unauthorized) { Rack::OAuth2::Server::Resource::MAC::Unauthorized }
|
23
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
24
|
+
let(:default_description) { Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION }
|
25
|
+
let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
|
26
|
+
let(:request) { Rack::OAuth2::Server::Resource::MAC::Request.new env }
|
27
|
+
|
28
|
+
describe 'unauthorized!' do
|
29
|
+
it do
|
30
|
+
expect { request.unauthorized! :invalid_client }.should raise_error unauthorized
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
Rack::OAuth2::Server::Resource::Bearer::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
|
35
|
+
method = "#{error_code}!"
|
36
|
+
case error_code
|
37
|
+
when :invalid_request
|
38
|
+
# ignore
|
39
|
+
when :insufficient_scope
|
40
|
+
# ignore
|
41
|
+
else
|
42
|
+
describe method do
|
43
|
+
it "should raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized with error = :#{error_code}" do
|
44
|
+
expect { request.send method }.should raise_error(unauthorized) { |error|
|
45
|
+
error.error.should == error_code
|
46
|
+
error.description.should == default_description[error_code]
|
47
|
+
}
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,92 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Resource::MAC do
|
4
|
+
let(:app) do
|
5
|
+
Rack::OAuth2::Server::Resource::MAC.new(simple_app) do |request|
|
6
|
+
case request.access_token
|
7
|
+
when 'valid_token'
|
8
|
+
# nothing to do
|
9
|
+
when 'insufficient_scope_token'
|
10
|
+
request.insufficient_scope!
|
11
|
+
else
|
12
|
+
request.invalid_token!
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
let(:access_token) { env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN] }
|
17
|
+
let(:request) { app.call(env) }
|
18
|
+
subject { app.call(env) }
|
19
|
+
|
20
|
+
shared_examples_for :non_mac_request do
|
21
|
+
it 'should skip OAuth 2.0 authentication' do
|
22
|
+
status, header, response = request
|
23
|
+
status.should == 200
|
24
|
+
access_token.should be_nil
|
25
|
+
end
|
26
|
+
end
|
27
|
+
shared_examples_for :authenticated_mac_request do
|
28
|
+
it 'should be authenticated' do
|
29
|
+
status, header, response = request
|
30
|
+
status.should == 200
|
31
|
+
access_token.should == 'valid_token'
|
32
|
+
end
|
33
|
+
end
|
34
|
+
shared_examples_for :unauthorized_mac_request do
|
35
|
+
it 'should be unauthorized' do
|
36
|
+
status, header, response = request
|
37
|
+
status.should == 401
|
38
|
+
header['WWW-Authenticate'].should include 'MAC'
|
39
|
+
access_token.should be_nil
|
40
|
+
end
|
41
|
+
end
|
42
|
+
shared_examples_for :bad_mac_request do
|
43
|
+
it 'should be unauthorized' do
|
44
|
+
status, header, response = request
|
45
|
+
status.should == 400
|
46
|
+
access_token.should be_nil
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
context 'when no access token is given' do
|
51
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource') }
|
52
|
+
it 'should skip OAuth 2.0 authentication' do
|
53
|
+
status, header, response = request
|
54
|
+
status.should == 200
|
55
|
+
access_token.should be_nil
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
context 'when valid_token is given' do
|
60
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC token="valid_token"') }
|
61
|
+
it_behaves_like :authenticated_mac_request
|
62
|
+
end
|
63
|
+
|
64
|
+
context 'when invalid_token is given' do
|
65
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC token="invalid_token"') }
|
66
|
+
it_behaves_like :unauthorized_mac_request
|
67
|
+
|
68
|
+
describe 'realm' do
|
69
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC token="invalid_token"') }
|
70
|
+
|
71
|
+
context 'when specified' do
|
72
|
+
let(:realm) { 'server.example.com' }
|
73
|
+
let(:app) do
|
74
|
+
Rack::OAuth2::Server::Resource::MAC.new(simple_app, realm) do |request|
|
75
|
+
request.unauthorized!
|
76
|
+
end
|
77
|
+
end
|
78
|
+
it 'should use specified realm' do
|
79
|
+
status, header, response = request
|
80
|
+
header['WWW-Authenticate'].should include "MAC realm=\"#{realm}\""
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
context 'otherwize' do
|
85
|
+
it 'should use default realm' do
|
86
|
+
status, header, response = request
|
87
|
+
header['WWW-Authenticate'].should include "MAC realm=\"#{Rack::OAuth2::Server::Resource::DEFAULT_REALM}\""
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Resource do
|
4
|
+
subject { Rack::OAuth2::Server::Resource.new(simple_app, 'realm') }
|
5
|
+
its(:realm) { should == 'realm' }
|
6
|
+
end
|
7
|
+
|
8
|
+
describe Rack::OAuth2::Server::Resource::Request do
|
9
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource') }
|
10
|
+
let(:request) { Rack::OAuth2::Server::Resource::Request.new(env) }
|
11
|
+
|
12
|
+
describe '#setup!' do
|
13
|
+
it do
|
14
|
+
expect { request.setup! }.should raise_error(RuntimeError, 'Define me!')
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
describe '#oauth2?' do
|
19
|
+
it do
|
20
|
+
expect { request.oauth2? }.should raise_error(RuntimeError, 'Define me!')
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::Password do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -4,8 +4,7 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
-
response.access_token = 'access_token'
|
8
|
-
response.token_type = :bearer
|
7
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
9
8
|
end
|
10
9
|
end
|
11
10
|
let(:params) do
|
@@ -5,8 +5,7 @@ describe Rack::OAuth2::Server::Token do
|
|
5
5
|
let(:request) { Rack::MockRequest.new app }
|
6
6
|
let(:app) do
|
7
7
|
Rack::OAuth2::Server::Token.new do |request, response|
|
8
|
-
response.access_token = 'access_token'
|
9
|
-
response.token_type = :bearer
|
8
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => 'access_token')
|
10
9
|
end
|
11
10
|
end
|
12
11
|
let(:params) do
|
@@ -9,6 +9,16 @@ describe Rack::OAuth2::Util do
|
|
9
9
|
'http://client.example.com/callback'
|
10
10
|
end
|
11
11
|
|
12
|
+
describe '.rfc3986_encode' do
|
13
|
+
subject { util.rfc3986_encode '=+ .-/' }
|
14
|
+
it { should == '%3D%2B%20.-%2F' }
|
15
|
+
end
|
16
|
+
|
17
|
+
describe '.base64_encode' do
|
18
|
+
subject { util.base64_encode '=+ .-/' }
|
19
|
+
it { should == 'PSsgLi0v' }
|
20
|
+
end
|
21
|
+
|
12
22
|
describe '.compact_hash' do
|
13
23
|
subject { util.compact_hash :k1 => 'v1', :k2 => '', :k3 => nil }
|
14
24
|
it { should == {:k1 => 'v1'} }
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
5
|
-
prerelease:
|
4
|
+
hash: -1851332210
|
5
|
+
prerelease: 6
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
-
|
10
|
-
|
8
|
+
- 6
|
9
|
+
- 0
|
10
|
+
- alpha
|
11
|
+
version: 0.6.0.alpha
|
11
12
|
platform: ruby
|
12
13
|
authors:
|
13
14
|
- nov matake
|
@@ -15,7 +16,7 @@ autorequire:
|
|
15
16
|
bindir: bin
|
16
17
|
cert_chain: []
|
17
18
|
|
18
|
-
date: 2011-04-
|
19
|
+
date: 2011-04-20 00:00:00 +09:00
|
19
20
|
default_executable:
|
20
21
|
dependencies:
|
21
22
|
- !ruby/object:Gem::Dependency
|
@@ -186,6 +187,12 @@ files:
|
|
186
187
|
- Rakefile
|
187
188
|
- VERSION
|
188
189
|
- lib/rack/oauth2.rb
|
190
|
+
- lib/rack/oauth2/access_token.rb
|
191
|
+
- lib/rack/oauth2/access_token/bearer.rb
|
192
|
+
- lib/rack/oauth2/access_token/mac.rb
|
193
|
+
- lib/rack/oauth2/access_token/mac/body_hash.rb
|
194
|
+
- lib/rack/oauth2/access_token/mac/signature.rb
|
195
|
+
- lib/rack/oauth2/access_token/mac/verifier.rb
|
189
196
|
- lib/rack/oauth2/client.rb
|
190
197
|
- lib/rack/oauth2/client/error.rb
|
191
198
|
- lib/rack/oauth2/client/grant.rb
|
@@ -206,6 +213,9 @@ files:
|
|
206
213
|
- lib/rack/oauth2/server/resource.rb
|
207
214
|
- lib/rack/oauth2/server/resource/bearer.rb
|
208
215
|
- lib/rack/oauth2/server/resource/bearer/error.rb
|
216
|
+
- lib/rack/oauth2/server/resource/error.rb
|
217
|
+
- lib/rack/oauth2/server/resource/mac.rb
|
218
|
+
- lib/rack/oauth2/server/resource/mac/error.rb
|
209
219
|
- lib/rack/oauth2/server/token.rb
|
210
220
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
211
221
|
- lib/rack/oauth2/server/token/client_credentials.rb
|
@@ -214,8 +224,15 @@ files:
|
|
214
224
|
- lib/rack/oauth2/server/token/refresh_token.rb
|
215
225
|
- lib/rack/oauth2/util.rb
|
216
226
|
- rack-oauth2.gemspec
|
227
|
+
- spec/fake_response/facebook_token_response.txt
|
217
228
|
- spec/fake_response/invalid_request.json
|
229
|
+
- spec/fake_response/resources/fake.txt
|
218
230
|
- spec/fake_response/token.json
|
231
|
+
- spec/helpers/time.rb
|
232
|
+
- spec/rack/oauth2/access_token/bearer_spec.rb
|
233
|
+
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
234
|
+
- spec/rack/oauth2/access_token/mac_spec.rb
|
235
|
+
- spec/rack/oauth2/access_token_spec.rb
|
219
236
|
- spec/rack/oauth2/client/error_spec.rb
|
220
237
|
- spec/rack/oauth2/client_spec.rb
|
221
238
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
@@ -225,6 +242,10 @@ files:
|
|
225
242
|
- spec/rack/oauth2/server/authorize_spec.rb
|
226
243
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
227
244
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
245
|
+
- spec/rack/oauth2/server/resource/error_spec.rb
|
246
|
+
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
247
|
+
- spec/rack/oauth2/server/resource/mac_spec.rb
|
248
|
+
- spec/rack/oauth2/server/resource_spec.rb
|
228
249
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
229
250
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
230
251
|
- spec/rack/oauth2/server/token/error_spec.rb
|
@@ -270,8 +291,15 @@ signing_key:
|
|
270
291
|
specification_version: 3
|
271
292
|
summary: Rack Middleware for OAuth2 server
|
272
293
|
test_files:
|
294
|
+
- spec/fake_response/facebook_token_response.txt
|
273
295
|
- spec/fake_response/invalid_request.json
|
296
|
+
- spec/fake_response/resources/fake.txt
|
274
297
|
- spec/fake_response/token.json
|
298
|
+
- spec/helpers/time.rb
|
299
|
+
- spec/rack/oauth2/access_token/bearer_spec.rb
|
300
|
+
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
301
|
+
- spec/rack/oauth2/access_token/mac_spec.rb
|
302
|
+
- spec/rack/oauth2/access_token_spec.rb
|
275
303
|
- spec/rack/oauth2/client/error_spec.rb
|
276
304
|
- spec/rack/oauth2/client_spec.rb
|
277
305
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
@@ -281,6 +309,10 @@ test_files:
|
|
281
309
|
- spec/rack/oauth2/server/authorize_spec.rb
|
282
310
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
283
311
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
312
|
+
- spec/rack/oauth2/server/resource/error_spec.rb
|
313
|
+
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
314
|
+
- spec/rack/oauth2/server/resource/mac_spec.rb
|
315
|
+
- spec/rack/oauth2/server/resource_spec.rb
|
284
316
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
285
317
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
286
318
|
- spec/rack/oauth2/server/token/error_spec.rb
|