rack-oauth2 0.8.7 → 0.9.0.alpha

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. data/Gemfile.lock +1 -1
  2. data/VERSION +1 -1
  3. data/lib/rack/oauth2/server/authorize.rb +35 -16
  4. data/lib/rack/oauth2/server/authorize/code.rb +4 -0
  5. data/lib/rack/oauth2/server/authorize/error.rb +1 -6
  6. data/lib/rack/oauth2/server/authorize/extensions.rb +12 -0
  7. data/lib/rack/oauth2/server/authorize/extensions/code_and_token.rb +39 -0
  8. data/lib/rack/oauth2/server/authorize/token.rb +4 -0
  9. data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb +54 -0
  10. data/spec/rack/oauth2/server/authorize/token_spec.rb +4 -10
  11. data/spec/rack/oauth2/server/authorize_spec.rb +73 -13
  12. metadata +64 -3
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rack-oauth2 (0.8.6)
4
+ rack-oauth2 (0.8.7)
5
5
  activesupport (>= 2.3)
6
6
  attr_required (>= 0.0.3)
7
7
  httpclient (>= 2.2.0.2)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.8.7
1
+ 0.9.0.alpha
data/lib/rack/oauth2/server/authorize.rb CHANGED
@@ -4,11 +4,35 @@ module Rack
4
4
  class Authorize < Abstract::Handler
5
5
  def call(env)
6
6
  request = Request.new(env)
7
- request.profile.new(&@authenticator).call(env).finish
7
+ response_type_for(request).new(&@authenticator).call(env).finish
8
8
  rescue Rack::OAuth2::Server::Abstract::Error => e
9
9
  e.finish
10
10
  end
11
11
 
12
+ private
13
+
14
+ def response_type_for(request)
15
+ response_type = request.params['response_type'].to_s
16
+ case response_type
17
+ when 'code'
18
+ Code
19
+ when 'token'
20
+ Token
21
+ when ''
22
+ request.attr_missing!
23
+ else
24
+ extensions.detect do |extension|
25
+ extension.response_type_for? response_type
26
+ end || request.unsupported_response_type!
27
+ end
28
+ end
29
+
30
+ def extensions
31
+ Extensions.constants.sort.collect do |key|
32
+ Extensions.const_get key
33
+ end
34
+ end
35
+
12
36
  class Request < Abstract::Request
13
37
  attr_required :response_type
14
38
  attr_optional :redirect_uri, :state
@@ -22,20 +46,6 @@ module Rack
22
46
  @state = params['state']
23
47
  end
24
48
 
25
- def profile
26
- case params['response_type'].to_s
27
- when 'code'
28
- Code
29
- when 'token'
30
- Token
31
- when ''
32
- attr_missing!
33
- else
34
- # TODO: support extensions
35
- unsupported_response_type!
36
- end
37
- end
38
-
39
49
  def verify_redirect_uri!(pre_registered)
40
50
  @verified_redirect_uri = if redirect_uri.present?
41
51
  if Util.uri_match?(pre_registered, redirect_uri)
@@ -48,6 +58,10 @@ module Rack
48
58
  end
49
59
  self.verified_redirect_uri.to_s
50
60
  end
61
+
62
+ def error_params_location
63
+ nil # => All errors are raised immediately and no error response are returned to client.
64
+ end
51
65
  end
52
66
 
53
67
  class Response < Abstract::Response
@@ -71,10 +85,14 @@ module Rack
71
85
  {:state => state}
72
86
  end
73
87
 
88
+ def redirect_uri_with_credentials
89
+ Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
90
+ end
91
+
74
92
  def finish
75
93
  if approved?
76
94
  attr_missing!
77
- redirect Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
95
+ redirect redirect_uri_with_credentials
78
96
  end
79
97
  super
80
98
  end
@@ -86,4 +104,5 @@ end
86
104
 
87
105
  require 'rack/oauth2/server/authorize/code'
88
106
  require 'rack/oauth2/server/authorize/token'
107
+ require 'rack/oauth2/server/authorize/extensions'
89
108
  require 'rack/oauth2/server/authorize/error'
data/lib/rack/oauth2/server/authorize/code.rb CHANGED
@@ -15,6 +15,10 @@ module Rack
15
15
  @response_type = :code
16
16
  attr_missing!
17
17
  end
18
+
19
+ def error_params_location
20
+ :query
21
+ end
18
22
  end
19
23
 
20
24
  class Response < Authorize::Response
data/lib/rack/oauth2/server/authorize/error.rb CHANGED
@@ -57,12 +57,7 @@ module Rack
57
57
 
58
58
  def bad_request!(error = :bad_request, description = nil, options = {})
59
59
  exception = BadRequest.new error, description, options
60
- exception.protocol_params_location = case response_type
61
- when :code
62
- :query
63
- when :token
64
- :fragment
65
- end
60
+ exception.protocol_params_location = error_params_location
66
61
  exception.state = state
67
62
  exception.redirect_uri = verified_redirect_uri
68
63
  raise exception
data/lib/rack/oauth2/server/authorize/extensions.rb ADDED
@@ -0,0 +1,12 @@
1
+ module Rack
2
+ module OAuth2
3
+ module Server
4
+ class Authorize
5
+ module Extensions
6
+ # Define your extension in this namespace and load it explicitly.
7
+ # extensions/code_and_token.rb would be good example for you.
8
+ end
9
+ end
10
+ end
11
+ end
12
+ end
data/lib/rack/oauth2/server/authorize/extensions/code_and_token.rb ADDED
@@ -0,0 +1,39 @@
1
+ module Rack
2
+ module OAuth2
3
+ module Server
4
+ class Authorize
5
+ module Extensions
6
+ class CodeAndToken < Abstract::Handler
7
+ class << self
8
+ def response_type_for?(response_type)
9
+ response_type.split.sort == ['code', 'token']
10
+ end
11
+ end
12
+
13
+ def call(env)
14
+ @request = Request.new env
15
+ @response = Response.new request
16
+ super
17
+ end
18
+
19
+ class Request < Authorize::Token::Request
20
+ def initialize(env)
21
+ super
22
+ @response_type = [:code, :token]
23
+ attr_missing!
24
+ end
25
+ end
26
+
27
+ class Response < Authorize::Token::Response
28
+ attr_required :code
29
+
30
+ def redirect_uri_with_credentials
31
+ Util.redirect_uri(super, :query, :code => code)
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
39
+ end
data/lib/rack/oauth2/server/authorize/token.rb CHANGED
@@ -15,6 +15,10 @@ module Rack
15
15
  @response_type = :token
16
16
  attr_missing!
17
17
  end
18
+
19
+ def error_params_location
20
+ :fragment
21
+ end
18
22
  end
19
23
 
20
24
  class Response < Authorize::Response
data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb ADDED
@@ -0,0 +1,54 @@
1
+ require 'spec_helper.rb'
2
+ require 'rack/oauth2/server/authorize/extensions/code_and_token'
3
+
4
+ describe Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken do
5
+ let(:request) { Rack::MockRequest.new app }
6
+ let(:redirect_uri) { 'http://client.example.com/callback' }
7
+ let(:access_token) { 'access_token' }
8
+ let(:authorization_code) { 'authorization_code' }
9
+ let(:response) do
10
+ request.get("/?response_type=code%20token&client_id=client&redirect_uri=#{redirect_uri}")
11
+ end
12
+
13
+ context "when approved" do
14
+ subject { response }
15
+ let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
16
+ let :app do
17
+ Rack::OAuth2::Server::Authorize.new do |request, response|
18
+ response.redirect_uri = redirect_uri
19
+ response.access_token = bearer_token
20
+ response.code = authorization_code
21
+ response.approve!
22
+ end
23
+ end
24
+ its(:status) { should == 302 }
25
+ its(:location) { should == "#{redirect_uri}?code=#{authorization_code}#access_token=#{access_token}&token_type=bearer" }
26
+
27
+ context 'when refresh_token is given' do
28
+ let :bearer_token do
29
+ Rack::OAuth2::AccessToken::Bearer.new(
30
+ :access_token => access_token,
31
+ :refresh_token => 'refresh'
32
+ )
33
+ end
34
+ its(:location) { should == "#{redirect_uri}?code=#{authorization_code}#access_token=#{access_token}&token_type=bearer" }
35
+ end
36
+ end
37
+
38
+ context 'when denied' do
39
+ let :app do
40
+ Rack::OAuth2::Server::Authorize.new do |request, response|
41
+ request.verify_redirect_uri! redirect_uri
42
+ request.access_denied!
43
+ end
44
+ end
45
+ it 'should redirect with error in fragment' do
46
+ response.status.should == 302
47
+ error_message = {
48
+ :error => :access_denied,
49
+ :error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
50
+ }
51
+ response.location.should == "#{redirect_uri}##{error_message.to_query}"
52
+ end
53
+ end
54
+ end
data/spec/rack/oauth2/server/authorize/token_spec.rb CHANGED
@@ -7,6 +7,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
7
7
  let(:response) { request.get("/?response_type=token&client_id=client&redirect_uri=#{redirect_uri}") }
8
8
 
9
9
  context "when approved" do
10
+ subject { response }
10
11
  let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
11
12
  let :app do
12
13
  Rack::OAuth2::Server::Authorize.new do |request, response|
@@ -15,11 +16,8 @@ describe Rack::OAuth2::Server::Authorize::Token do
15
16
  response.approve!
16
17
  end
17
18
  end
18
-
19
- it 'should redirect with authorization code in fragment' do
20
- response.status.should == 302
21
- response.location.should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer"
22
- end
19
+ its(:status) { should == 302 }
20
+ its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
23
21
 
24
22
  context 'when refresh_token is given' do
25
23
  let :bearer_token do
@@ -28,11 +26,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
28
26
  :refresh_token => 'refresh'
29
27
  )
30
28
  end
31
-
32
- it 'should remove refresh_token from response' do
33
- response.status.should == 302
34
- response.location.should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer"
35
- end
29
+ its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
36
30
  end
37
31
 
38
32
  context 'when redirect_uri is missing' do
data/spec/rack/oauth2/server/authorize_spec.rb CHANGED
@@ -6,24 +6,21 @@ describe Rack::OAuth2::Server::Authorize do
6
6
  let(:redirect_uri) { 'http://client.example.com/callback' }
7
7
  let(:bad_request) { Rack::OAuth2::Server::Authorize::BadRequest }
8
8
 
9
- context 'when redirect_uri is missing' do
9
+ context 'when response_type is missing' do
10
10
  it do
11
- expect { request.get '/' }.should raise_error bad_request
11
+ expect { request.get "/?client_id=client&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
12
12
  end
13
13
  end
14
14
 
15
- context 'when redirect_uri is given' do
16
- context 'when client_id is missing' do
17
- it do
18
- expect { request.get "/?redirect_uri=#{redirect_uri}" }.should raise_error bad_request
19
- end
15
+ context 'when redirect_uri is missing' do
16
+ it do
17
+ expect { request.get "/?response_type=code&client_id=client" }.should_not raise_error
20
18
  end
21
- context 'when client_id is given' do
22
- context 'when response_type is missing' do
23
- it do
24
- expect { request.get "/?client_id=client&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
25
- end
26
- end
19
+ end
20
+
21
+ context 'when client_id is missing' do
22
+ it do
23
+ expect { request.get "/?response_type=code&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
27
24
  end
28
25
  end
29
26
 
@@ -71,4 +68,67 @@ describe Rack::OAuth2::Server::Authorize do
71
68
  end
72
69
  end
73
70
  end
71
+
72
+ describe 'extensions' do
73
+ before do
74
+ require 'rack/oauth2/server/authorize/extensions/code_and_token'
75
+ end
76
+
77
+ let(:env) do
78
+ Rack::MockRequest.env_for("/authorize?response_type=#{response_type}&client_id=client")
79
+ end
80
+ let(:request) { Rack::OAuth2::Server::Authorize::Request.new env }
81
+ its(:extensions) { should == [Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken] }
82
+
83
+ describe 'code token' do
84
+ let(:response_type) { 'code%20token' }
85
+ it do
86
+ app.send(
87
+ :response_type_for, request
88
+ ).should == Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken
89
+ end
90
+ end
91
+
92
+ describe 'token code' do
93
+ let(:response_type) { 'token%20code' }
94
+ it do
95
+ app.send(
96
+ :response_type_for, request
97
+ ).should == Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken
98
+ end
99
+ end
100
+
101
+ describe 'token code id_token' do
102
+ let(:response_type) { 'token%20code%20id_token' }
103
+ it do
104
+ expect do
105
+ app.send(:response_type_for, request)
106
+ end.should raise_error bad_request
107
+ end
108
+ end
109
+
110
+ describe 'id_token' do
111
+ before do
112
+ class Rack::OAuth2::Server::Authorize::Extensions::IdToken < Rack::OAuth2::Server::Abstract::Handler
113
+ def self.response_type_for?(response_type)
114
+ response_type == 'id_token'
115
+ end
116
+ end
117
+ end
118
+
119
+ its(:extensions) do
120
+ should == [
121
+ Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken,
122
+ Rack::OAuth2::Server::Authorize::Extensions::IdToken
123
+ ]
124
+ end
125
+
126
+ let(:response_type) { 'id_token' }
127
+ it do
128
+ app.send(
129
+ :response_type_for, request
130
+ ).should == Rack::OAuth2::Server::Authorize::Extensions::IdToken
131
+ end
132
+ end
133
+ end
74
134
  end
metadata CHANGED
@@ -1,8 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- prerelease:
5
- version: 0.8.7
4
+ hash: -1851332106
5
+ prerelease: 6
6
+ segments:
7
+ - 0
8
+ - 9
9
+ - 0
10
+ - alpha
11
+ version: 0.9.0.alpha
6
12
  platform: ruby
7
13
  authors:
8
14
  - nov matake
@@ -10,7 +16,7 @@ autorequire:
10
16
  bindir: bin
11
17
  cert_chain: []
12
18
 
13
- date: 2011-08-10 00:00:00 Z
19
+ date: 2011-08-11 00:00:00 Z
14
20
  dependencies:
15
21
  - !ruby/object:Gem::Dependency
16
22
  name: rack
@@ -20,6 +26,10 @@ dependencies:
20
26
  requirements:
21
27
  - - ">="
22
28
  - !ruby/object:Gem::Version
29
+ hash: 13
30
+ segments:
31
+ - 1
32
+ - 1
23
33
  version: "1.1"
24
34
  type: :runtime
25
35
  version_requirements: *id001
@@ -31,6 +41,11 @@ dependencies:
31
41
  requirements:
32
42
  - - ">="
33
43
  - !ruby/object:Gem::Version
44
+ hash: 1
45
+ segments:
46
+ - 1
47
+ - 4
48
+ - 3
34
49
  version: 1.4.3
35
50
  type: :runtime
36
51
  version_requirements: *id002
@@ -42,6 +57,12 @@ dependencies:
42
57
  requirements:
43
58
  - - ">="
44
59
  - !ruby/object:Gem::Version
60
+ hash: 123
61
+ segments:
62
+ - 2
63
+ - 2
64
+ - 0
65
+ - 2
45
66
  version: 2.2.0.2
46
67
  type: :runtime
47
68
  version_requirements: *id003
@@ -53,6 +74,10 @@ dependencies:
53
74
  requirements:
54
75
  - - ">="
55
76
  - !ruby/object:Gem::Version
77
+ hash: 5
78
+ segments:
79
+ - 2
80
+ - 3
56
81
  version: "2.3"
57
82
  type: :runtime
58
83
  version_requirements: *id004
@@ -64,6 +89,9 @@ dependencies:
64
89
  requirements:
65
90
  - - ">="
66
91
  - !ruby/object:Gem::Version
92
+ hash: 3
93
+ segments:
94
+ - 0
67
95
  version: "0"
68
96
  type: :runtime
69
97
  version_requirements: *id005
@@ -75,6 +103,11 @@ dependencies:
75
103
  requirements:
76
104
  - - ">="
77
105
  - !ruby/object:Gem::Version
106
+ hash: 25
107
+ segments:
108
+ - 0
109
+ - 0
110
+ - 3
78
111
  version: 0.0.3
79
112
  type: :runtime
80
113
  version_requirements: *id006
@@ -86,6 +119,10 @@ dependencies:
86
119
  requirements:
87
120
  - - ">="
88
121
  - !ruby/object:Gem::Version
122
+ hash: 27
123
+ segments:
124
+ - 0
125
+ - 8
89
126
  version: "0.8"
90
127
  type: :development
91
128
  version_requirements: *id007
@@ -97,6 +134,10 @@ dependencies:
97
134
  requirements:
98
135
  - - ">="
99
136
  - !ruby/object:Gem::Version
137
+ hash: 25
138
+ segments:
139
+ - 0
140
+ - 9
100
141
  version: "0.9"
101
142
  type: :development
102
143
  version_requirements: *id008
@@ -108,6 +149,9 @@ dependencies:
108
149
  requirements:
109
150
  - - ">="
110
151
  - !ruby/object:Gem::Version
152
+ hash: 7
153
+ segments:
154
+ - 2
111
155
  version: "2"
112
156
  type: :development
113
157
  version_requirements: *id009
@@ -119,6 +163,11 @@ dependencies:
119
163
  requirements:
120
164
  - - ">="
121
165
  - !ruby/object:Gem::Version
166
+ hash: 11
167
+ segments:
168
+ - 1
169
+ - 6
170
+ - 2
122
171
  version: 1.6.2
123
172
  type: :development
124
173
  version_requirements: *id010
@@ -166,6 +215,8 @@ files:
166
215
  - lib/rack/oauth2/server/authorize.rb
167
216
  - lib/rack/oauth2/server/authorize/code.rb
168
217
  - lib/rack/oauth2/server/authorize/error.rb
218
+ - lib/rack/oauth2/server/authorize/extensions.rb
219
+ - lib/rack/oauth2/server/authorize/extensions/code_and_token.rb
169
220
  - lib/rack/oauth2/server/authorize/token.rb
170
221
  - lib/rack/oauth2/server/resource.rb
171
222
  - lib/rack/oauth2/server/resource/bearer.rb
@@ -208,6 +259,7 @@ files:
208
259
  - spec/rack/oauth2/server/abstract/error_spec.rb
209
260
  - spec/rack/oauth2/server/authorize/code_spec.rb
210
261
  - spec/rack/oauth2/server/authorize/error_spec.rb
262
+ - spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb
211
263
  - spec/rack/oauth2/server/authorize/token_spec.rb
212
264
  - spec/rack/oauth2/server/authorize_spec.rb
213
265
  - spec/rack/oauth2/server/resource/bearer/error_spec.rb
@@ -237,12 +289,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
237
289
  requirements:
238
290
  - - ">="
239
291
  - !ruby/object:Gem::Version
292
+ hash: 3
293
+ segments:
294
+ - 0
240
295
  version: "0"
241
296
  required_rubygems_version: !ruby/object:Gem::Requirement
242
297
  none: false
243
298
  requirements:
244
299
  - - ">="
245
300
  - !ruby/object:Gem::Version
301
+ hash: 23
302
+ segments:
303
+ - 1
304
+ - 3
305
+ - 6
246
306
  version: 1.3.6
247
307
  requirements: []
248
308
 
@@ -279,6 +339,7 @@ test_files:
279
339
  - spec/rack/oauth2/server/abstract/error_spec.rb
280
340
  - spec/rack/oauth2/server/authorize/code_spec.rb
281
341
  - spec/rack/oauth2/server/authorize/error_spec.rb
342
+ - spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb
282
343
  - spec/rack/oauth2/server/authorize/token_spec.rb
283
344
  - spec/rack/oauth2/server/authorize_spec.rb
284
345
  - spec/rack/oauth2/server/resource/bearer/error_spec.rb