rack-oauth2 1.1.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -1
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/mac/verifier.rb +1 -1
- data/lib/rack/oauth2/access_token/mac.rb +26 -26
- data/lib/rack/oauth2/access_token.rb +7 -7
- data/lib/rack/oauth2/client/grant.rb +2 -2
- data/lib/rack/oauth2/client.rb +14 -13
- data/lib/rack/oauth2/server/abstract/error.rb +4 -4
- data/lib/rack/oauth2/server/abstract/request.rb +2 -2
- data/lib/rack/oauth2/server/authorize/code.rb +2 -2
- data/lib/rack/oauth2/server/authorize/error.rb +9 -9
- data/lib/rack/oauth2/server/authorize/extension/code_and_token.rb +2 -2
- data/lib/rack/oauth2/server/authorize.rb +2 -2
- data/lib/rack/oauth2/server/resource/error.rb +5 -5
- data/lib/rack/oauth2/server/resource.rb +1 -1
- data/lib/rack/oauth2/server/token/error.rb +7 -7
- data/lib/rack/oauth2/server/token.rb +1 -1
- data/lib/rack/oauth2.rb +1 -1
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +6 -6
- data/spec/rack/oauth2/access_token/bearer_spec.rb +3 -3
- data/spec/rack/oauth2/access_token/legacy_spec.rb +3 -3
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +5 -5
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +26 -26
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +3 -3
- data/spec/rack/oauth2/access_token/mac_spec.rb +20 -20
- data/spec/rack/oauth2/access_token_spec.rb +14 -14
- data/spec/rack/oauth2/client/error_spec.rb +4 -4
- data/spec/rack/oauth2/client/grant/authorization_code_spec.rb +5 -5
- data/spec/rack/oauth2/client/grant/client_credentials_spec.rb +2 -2
- data/spec/rack/oauth2/client/grant/password_spec.rb +4 -4
- data/spec/rack/oauth2/client/grant/refresh_token_spec.rb +3 -3
- data/spec/rack/oauth2/client_spec.rb +81 -45
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +2 -2
- data/spec/rack/oauth2/server/abstract/error_spec.rb +8 -8
- data/spec/rack/oauth2/server/authorize/code_spec.rb +4 -4
- data/spec/rack/oauth2/server/authorize/error_spec.rb +5 -5
- data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb +6 -6
- data/spec/rack/oauth2/server/authorize/token_spec.rb +6 -6
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +4 -4
- data/spec/rack/oauth2/server/resource/error_spec.rb +3 -3
- data/spec/rack/oauth2/server/resource/mac_spec.rb +4 -4
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +7 -7
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +6 -6
- data/spec/rack/oauth2/server/token/password_spec.rb +7 -7
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +5 -5
- data/spec/rack/oauth2/server/token_spec.rb +14 -14
- data/spec/rack/oauth2/util_spec.rb +4 -4
- metadata +2 -2
@@ -4,19 +4,19 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
4
4
|
let(:ts) { 1305820234 }
|
5
5
|
let :token do
|
6
6
|
Rack::OAuth2::AccessToken::MAC.new(
|
7
|
-
:
|
8
|
-
:
|
9
|
-
:
|
10
|
-
:
|
7
|
+
access_token: 'access_token',
|
8
|
+
mac_key: 'secret',
|
9
|
+
mac_algorithm: 'hmac-sha-256',
|
10
|
+
ts: ts
|
11
11
|
)
|
12
12
|
end
|
13
13
|
let :token_with_ext_verifier do
|
14
14
|
Rack::OAuth2::AccessToken::MAC.new(
|
15
|
-
:
|
16
|
-
:
|
17
|
-
:
|
18
|
-
:
|
19
|
-
:
|
15
|
+
access_token: 'access_token',
|
16
|
+
mac_key: 'secret',
|
17
|
+
mac_algorithm: 'hmac-sha-256',
|
18
|
+
ts: ts,
|
19
|
+
ext_verifier: Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier
|
20
20
|
)
|
21
21
|
end
|
22
22
|
let(:nonce) { '1000:51e74de734c05613f37520872e68db5f' }
|
@@ -27,13 +27,13 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
27
27
|
its(:mac_algorithm) { should == 'hmac-sha-256' }
|
28
28
|
its(:token_response) do
|
29
29
|
should == {
|
30
|
-
:
|
31
|
-
:
|
32
|
-
:
|
33
|
-
:
|
34
|
-
:
|
35
|
-
:
|
36
|
-
:
|
30
|
+
access_token: 'access_token',
|
31
|
+
refresh_token: nil,
|
32
|
+
token_type: :mac,
|
33
|
+
expires_in: nil,
|
34
|
+
scope: '',
|
35
|
+
mac_key: 'secret',
|
36
|
+
mac_algorithm: 'hmac-sha-256'
|
37
37
|
}
|
38
38
|
end
|
39
39
|
its(:generate_nonce) { should be_a String }
|
@@ -72,9 +72,9 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
72
72
|
let(:env) do
|
73
73
|
Rack::MockRequest.env_for(
|
74
74
|
'/protected_resources',
|
75
|
-
:
|
76
|
-
:
|
77
|
-
:
|
75
|
+
method: :POST,
|
76
|
+
params: {
|
77
|
+
key1: 'value1'
|
78
78
|
},
|
79
79
|
'HTTP_AUTHORIZATION' => %{MAC id="access_token", nonce="#{nonce}", ts="#{ts}", mac="#{signature}", ext="#{ext}"}
|
80
80
|
)
|
@@ -116,7 +116,7 @@ describe Rack::OAuth2::AccessToken::MAC do
|
|
116
116
|
end
|
117
117
|
|
118
118
|
describe '.authenticate' do
|
119
|
-
let(:request) { HTTPClient.new.send(:create_request, :post, URI.parse(resource_endpoint), {}, {:
|
119
|
+
let(:request) { HTTPClient.new.send(:create_request, :post, URI.parse(resource_endpoint), {}, {hello: "world"}, {}) }
|
120
120
|
context 'when no ext_verifier is given' do
|
121
121
|
let(:signature) { 'pOBaL6HRawe4tUPmcU4vJEj1f2GJqrbQOlCcdAYgI/s=' }
|
122
122
|
|
@@ -3,10 +3,10 @@ require 'spec_helper'
|
|
3
3
|
describe Rack::OAuth2::AccessToken do
|
4
4
|
let :token do
|
5
5
|
Rack::OAuth2::AccessToken::Bearer.new(
|
6
|
-
:
|
7
|
-
:
|
8
|
-
:
|
9
|
-
:
|
6
|
+
access_token: 'access_token',
|
7
|
+
refresh_token: 'refresh_token',
|
8
|
+
expires_in: 3600,
|
9
|
+
scope: [:scope1, :scope2]
|
10
10
|
)
|
11
11
|
end
|
12
12
|
subject { token }
|
@@ -17,11 +17,11 @@ describe Rack::OAuth2::AccessToken do
|
|
17
17
|
its(:scope) { should == [:scope1, :scope2] }
|
18
18
|
its(:token_response) do
|
19
19
|
should == {
|
20
|
-
:
|
21
|
-
:
|
22
|
-
:
|
23
|
-
:
|
24
|
-
:
|
20
|
+
token_type: :bearer,
|
21
|
+
access_token: 'access_token',
|
22
|
+
refresh_token: 'refresh_token',
|
23
|
+
expires_in: 3600,
|
24
|
+
scope: 'scope1 scope2'
|
25
25
|
}
|
26
26
|
end
|
27
27
|
|
@@ -29,9 +29,9 @@ describe Rack::OAuth2::AccessToken do
|
|
29
29
|
it do
|
30
30
|
expect do
|
31
31
|
Rack::OAuth2::AccessToken::Bearer.new(
|
32
|
-
:
|
33
|
-
:
|
34
|
-
:
|
32
|
+
refresh_token: 'refresh_token',
|
33
|
+
expires_in: 3600,
|
34
|
+
scope: [:scope1, :scope2]
|
35
35
|
)
|
36
36
|
end.to raise_error AttrRequired::AttrMissing
|
37
37
|
end
|
@@ -41,7 +41,7 @@ describe Rack::OAuth2::AccessToken do
|
|
41
41
|
it do
|
42
42
|
expect do
|
43
43
|
Rack::OAuth2::AccessToken::Bearer.new(
|
44
|
-
:
|
44
|
+
access_token: 'access_token'
|
45
45
|
)
|
46
46
|
end.not_to raise_error
|
47
47
|
end
|
@@ -66,4 +66,4 @@ describe Rack::OAuth2::AccessToken do
|
|
66
66
|
end
|
67
67
|
end
|
68
68
|
end
|
69
|
-
end
|
69
|
+
end
|
@@ -3,9 +3,9 @@ require 'spec_helper.rb'
|
|
3
3
|
describe Rack::OAuth2::Client::Error do
|
4
4
|
let :error do
|
5
5
|
{
|
6
|
-
:
|
7
|
-
:
|
8
|
-
:
|
6
|
+
error: :invalid_request,
|
7
|
+
error_description: 'Include invalid parameters',
|
8
|
+
error_uri: 'http://server.example.com/error/invalid_request'
|
9
9
|
}
|
10
10
|
end
|
11
11
|
subject do
|
@@ -15,4 +15,4 @@ describe Rack::OAuth2::Client::Error do
|
|
15
15
|
its(:status) { should == 400 }
|
16
16
|
its(:message) { should == error[:error_description] }
|
17
17
|
its(:response) { should == error }
|
18
|
-
end
|
18
|
+
end
|
@@ -6,17 +6,17 @@ describe Rack::OAuth2::Client::Grant::AuthorizationCode do
|
|
6
6
|
|
7
7
|
context 'when code is given' do
|
8
8
|
let :attributes do
|
9
|
-
{:
|
9
|
+
{code: 'code'}
|
10
10
|
end
|
11
11
|
|
12
12
|
context 'when redirect_uri is given' do
|
13
13
|
let :attributes do
|
14
|
-
{:
|
14
|
+
{code: 'code', redirect_uri: redirect_uri}
|
15
15
|
end
|
16
16
|
subject { grant.new attributes }
|
17
17
|
its(:redirect_uri) { should == redirect_uri }
|
18
18
|
its(:as_json) do
|
19
|
-
should == {:
|
19
|
+
should == {grant_type: :authorization_code, code: 'code', redirect_uri: redirect_uri}
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
@@ -24,7 +24,7 @@ describe Rack::OAuth2::Client::Grant::AuthorizationCode do
|
|
24
24
|
subject { grant.new attributes }
|
25
25
|
its(:redirect_uri) { should be_nil }
|
26
26
|
its(:as_json) do
|
27
|
-
should == {:
|
27
|
+
should == {grant_type: :authorization_code, code: 'code', redirect_uri: nil}
|
28
28
|
end
|
29
29
|
end
|
30
30
|
end
|
@@ -34,4 +34,4 @@ describe Rack::OAuth2::Client::Grant::AuthorizationCode do
|
|
34
34
|
expect { grant.new }.to raise_error AttrRequired::AttrMissing
|
35
35
|
end
|
36
36
|
end
|
37
|
-
end
|
37
|
+
end
|
@@ -5,16 +5,16 @@ describe Rack::OAuth2::Client::Grant::Password do
|
|
5
5
|
|
6
6
|
context 'when username is given' do
|
7
7
|
let :attributes do
|
8
|
-
{:
|
8
|
+
{username: 'username'}
|
9
9
|
end
|
10
10
|
|
11
11
|
context 'when password is given' do
|
12
12
|
let :attributes do
|
13
|
-
{:
|
13
|
+
{username: 'username', password: 'password'}
|
14
14
|
end
|
15
15
|
subject { grant.new attributes }
|
16
16
|
its(:as_json) do
|
17
|
-
should == {:
|
17
|
+
should == {grant_type: :password, username: 'username', password: 'password'}
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
@@ -30,4 +30,4 @@ describe Rack::OAuth2::Client::Grant::Password do
|
|
30
30
|
expect { grant.new }.to raise_error AttrRequired::AttrMissing
|
31
31
|
end
|
32
32
|
end
|
33
|
-
end
|
33
|
+
end
|
@@ -5,11 +5,11 @@ describe Rack::OAuth2::Client::Grant::RefreshToken do
|
|
5
5
|
|
6
6
|
context 'when refresh_token is given' do
|
7
7
|
let :attributes do
|
8
|
-
{:
|
8
|
+
{refresh_token: 'refresh_token'}
|
9
9
|
end
|
10
10
|
subject { grant.new attributes }
|
11
11
|
its(:as_json) do
|
12
|
-
should == {:
|
12
|
+
should == {grant_type: :refresh_token, refresh_token: 'refresh_token'}
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
@@ -18,4 +18,4 @@ describe Rack::OAuth2::Client::Grant::RefreshToken do
|
|
18
18
|
expect { grant.new }.to raise_error AttrRequired::AttrMissing
|
19
19
|
end
|
20
20
|
end
|
21
|
-
end
|
21
|
+
end
|
@@ -3,10 +3,10 @@ require 'spec_helper.rb'
|
|
3
3
|
describe Rack::OAuth2::Client do
|
4
4
|
let :client do
|
5
5
|
Rack::OAuth2::Client.new(
|
6
|
-
:
|
7
|
-
:
|
8
|
-
:
|
9
|
-
:
|
6
|
+
identifier: 'client_id',
|
7
|
+
secret: 'client_secret',
|
8
|
+
host: 'server.example.com',
|
9
|
+
redirect_uri: 'https://client.example.com/callback'
|
10
10
|
)
|
11
11
|
end
|
12
12
|
subject { client }
|
@@ -43,17 +43,17 @@ describe Rack::OAuth2::Client do
|
|
43
43
|
end
|
44
44
|
|
45
45
|
context 'when response_type is token' do
|
46
|
-
subject { client.authorization_uri(:
|
46
|
+
subject { client.authorization_uri(response_type: :token) }
|
47
47
|
it { should include 'response_type=token' }
|
48
48
|
end
|
49
49
|
|
50
50
|
context 'when response_type is an Array' do
|
51
|
-
subject { client.authorization_uri(:
|
51
|
+
subject { client.authorization_uri(response_type: [:token, :code]) }
|
52
52
|
it { should include 'response_type=token+code' }
|
53
53
|
end
|
54
54
|
|
55
55
|
context 'when scope is given' do
|
56
|
-
subject { client.authorization_uri(:
|
56
|
+
subject { client.authorization_uri(scope: [:scope1, :scope2]) }
|
57
57
|
it { should include 'scope=scope1+scope2' }
|
58
58
|
end
|
59
59
|
end
|
@@ -79,55 +79,91 @@ describe Rack::OAuth2::Client do
|
|
79
79
|
describe '#access_token!' do
|
80
80
|
subject { client.access_token! }
|
81
81
|
|
82
|
-
|
83
|
-
before do
|
84
|
-
client.authorization_code = 'code'
|
85
|
-
end
|
82
|
+
context 'when *args given' do
|
86
83
|
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
'tokens/bearer.json',
|
92
|
-
:request_header => {
|
93
|
-
'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ='
|
94
|
-
}
|
95
|
-
)
|
96
|
-
client.access_token!
|
97
|
-
end
|
84
|
+
describe 'client authentication method' do
|
85
|
+
before do
|
86
|
+
client.authorization_code = 'code'
|
87
|
+
end
|
98
88
|
|
99
|
-
|
100
|
-
it do
|
89
|
+
it 'should be Basic auth as default' do
|
101
90
|
mock_response(
|
102
91
|
:post,
|
103
92
|
'https://server.example.com/oauth2/token',
|
104
93
|
'tokens/bearer.json',
|
105
|
-
:
|
106
|
-
|
107
|
-
:client_secret => 'client_secret',
|
108
|
-
:code => 'code',
|
109
|
-
:grant_type => 'authorization_code',
|
110
|
-
:redirect_uri => 'https://client.example.com/callback'
|
94
|
+
request_header: {
|
95
|
+
'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ='
|
111
96
|
}
|
112
97
|
)
|
113
|
-
client.access_token!
|
98
|
+
client.access_token!
|
99
|
+
end
|
100
|
+
|
101
|
+
context 'when other auth method specified' do
|
102
|
+
it 'should be body params' do
|
103
|
+
mock_response(
|
104
|
+
:post,
|
105
|
+
'https://server.example.com/oauth2/token',
|
106
|
+
'tokens/bearer.json',
|
107
|
+
params: {
|
108
|
+
client_id: 'client_id',
|
109
|
+
client_secret: 'client_secret',
|
110
|
+
code: 'code',
|
111
|
+
grant_type: 'authorization_code',
|
112
|
+
redirect_uri: 'https://client.example.com/callback'
|
113
|
+
}
|
114
|
+
)
|
115
|
+
client.access_token! :client_auth_body
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
context 'when auth method is specified as Hash' do
|
120
|
+
it 'should be removed before sending request' do
|
121
|
+
mock_response(
|
122
|
+
:post,
|
123
|
+
'https://server.example.com/oauth2/token',
|
124
|
+
'tokens/bearer.json',
|
125
|
+
params: {
|
126
|
+
client_id: 'client_id',
|
127
|
+
client_secret: 'client_secret',
|
128
|
+
code: 'code',
|
129
|
+
grant_type: 'authorization_code',
|
130
|
+
redirect_uri: 'https://client.example.com/callback'
|
131
|
+
}
|
132
|
+
)
|
133
|
+
client.access_token! client_auth_method: :body
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
describe 'scopes' do
|
139
|
+
context 'when scope option given' do
|
140
|
+
it 'should specify given scope' do
|
141
|
+
mock_response(
|
142
|
+
:post,
|
143
|
+
'https://server.example.com/oauth2/token',
|
144
|
+
'tokens/bearer.json',
|
145
|
+
params: {
|
146
|
+
grant_type: 'client_credentials',
|
147
|
+
scope: 'a b'
|
148
|
+
}
|
149
|
+
)
|
150
|
+
client.access_token! scope: [:a, :b]
|
151
|
+
end
|
114
152
|
end
|
115
153
|
end
|
116
|
-
end
|
117
154
|
|
118
|
-
|
119
|
-
|
120
|
-
it 'should specify given scope' do
|
155
|
+
describe 'unknown params' do
|
156
|
+
it 'should be included in body params' do
|
121
157
|
mock_response(
|
122
158
|
:post,
|
123
159
|
'https://server.example.com/oauth2/token',
|
124
160
|
'tokens/bearer.json',
|
125
|
-
:
|
126
|
-
:
|
127
|
-
:
|
161
|
+
params: {
|
162
|
+
grant_type: 'client_credentials',
|
163
|
+
resource: 'something'
|
128
164
|
}
|
129
165
|
)
|
130
|
-
client.access_token! :
|
166
|
+
client.access_token! resource: :something
|
131
167
|
end
|
132
168
|
end
|
133
169
|
end
|
@@ -238,7 +274,7 @@ describe Rack::OAuth2::Client do
|
|
238
274
|
:post,
|
239
275
|
'https://server.example.com/oauth2/token',
|
240
276
|
'errors/invalid_request.json',
|
241
|
-
:
|
277
|
+
status: 400
|
242
278
|
)
|
243
279
|
end
|
244
280
|
it do
|
@@ -253,7 +289,7 @@ describe Rack::OAuth2::Client do
|
|
253
289
|
:post,
|
254
290
|
'https://server.example.com/oauth2/token',
|
255
291
|
'blank',
|
256
|
-
:
|
292
|
+
status: 400
|
257
293
|
)
|
258
294
|
end
|
259
295
|
it do
|
@@ -266,9 +302,9 @@ describe Rack::OAuth2::Client do
|
|
266
302
|
context 'when no host info' do
|
267
303
|
let :client do
|
268
304
|
Rack::OAuth2::Client.new(
|
269
|
-
:
|
270
|
-
:
|
271
|
-
:
|
305
|
+
identifier: 'client_id',
|
306
|
+
secret: 'client_secret',
|
307
|
+
redirect_uri: 'https://client.example.com/callback'
|
272
308
|
)
|
273
309
|
end
|
274
310
|
|
@@ -284,4 +320,4 @@ describe Rack::OAuth2::Client do
|
|
284
320
|
end
|
285
321
|
end
|
286
322
|
end
|
287
|
-
end
|
323
|
+
end
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
3
3
|
describe Rack::OAuth2::Debugger::RequestFilter do
|
4
4
|
let(:resource_endpoint) { 'https://example.com/resources' }
|
5
5
|
let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
|
6
|
-
let(:response) { HTTP::Message.new_response(MultiJson.dump({:
|
6
|
+
let(:response) { HTTP::Message.new_response(MultiJson.dump({hello: 'world'})) }
|
7
7
|
let(:request_filter) { Rack::OAuth2::Debugger::RequestFilter.new }
|
8
8
|
|
9
9
|
describe '#filter_request' do
|
@@ -30,4 +30,4 @@ describe Rack::OAuth2::Debugger::RequestFilter do
|
|
30
30
|
request_filter.filter_response(request, response)
|
31
31
|
end
|
32
32
|
end
|
33
|
-
end
|
33
|
+
end
|
@@ -4,7 +4,7 @@ describe Rack::OAuth2::Server::Abstract::Error do
|
|
4
4
|
|
5
5
|
context 'when full attributes are given' do
|
6
6
|
subject do
|
7
|
-
Rack::OAuth2::Server::Abstract::Error.new 400, :invalid_request, 'Missing some required params', :
|
7
|
+
Rack::OAuth2::Server::Abstract::Error.new 400, :invalid_request, 'Missing some required params', uri: 'http://server.example.com/error'
|
8
8
|
end
|
9
9
|
its(:status) { should == 400 }
|
10
10
|
its(:error) { should == :invalid_request }
|
@@ -12,9 +12,9 @@ describe Rack::OAuth2::Server::Abstract::Error do
|
|
12
12
|
its(:uri) { should == 'http://server.example.com/error' }
|
13
13
|
its(:protocol_params) do
|
14
14
|
should == {
|
15
|
-
:
|
16
|
-
:
|
17
|
-
:
|
15
|
+
error: :invalid_request,
|
16
|
+
error_description: 'Missing some required params',
|
17
|
+
error_uri: 'http://server.example.com/error'
|
18
18
|
}
|
19
19
|
end
|
20
20
|
end
|
@@ -29,9 +29,9 @@ describe Rack::OAuth2::Server::Abstract::Error do
|
|
29
29
|
its(:uri) { should be_nil }
|
30
30
|
its(:protocol_params) do
|
31
31
|
should == {
|
32
|
-
:
|
33
|
-
:
|
34
|
-
:
|
32
|
+
error: :invalid_request,
|
33
|
+
error_description: nil,
|
34
|
+
error_uri: nil
|
35
35
|
}
|
36
36
|
end
|
37
37
|
end
|
@@ -56,4 +56,4 @@ end
|
|
56
56
|
|
57
57
|
describe Rack::OAuth2::Server::Abstract::TemporarilyUnavailable do
|
58
58
|
its(:status) { should == 503 }
|
59
|
-
end
|
59
|
+
end
|
@@ -3,7 +3,7 @@ require 'spec_helper.rb'
|
|
3
3
|
describe Rack::OAuth2::Server::Authorize::Code do
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:redirect_uri) { 'http://client.example.com/callback' }
|
6
|
-
let(:authorization_code) { 'authorization_code' }
|
6
|
+
let(:authorization_code) { 'authorization_code' }
|
7
7
|
let(:response) { request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}&state=state" }
|
8
8
|
|
9
9
|
context 'when approved' do
|
@@ -48,10 +48,10 @@ describe Rack::OAuth2::Server::Authorize::Code do
|
|
48
48
|
it 'should redirect with error in query' do
|
49
49
|
response.status.should == 302
|
50
50
|
error_message = {
|
51
|
-
:
|
52
|
-
:
|
51
|
+
error: :access_denied,
|
52
|
+
error_description: Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
|
53
53
|
}
|
54
54
|
response.location.should == "#{redirect_uri}?#{error_message.to_query}&state=state"
|
55
55
|
end
|
56
56
|
end
|
57
|
-
end
|
57
|
+
end
|
@@ -9,10 +9,10 @@ describe Rack::OAuth2::Server::Authorize::BadRequest do
|
|
9
9
|
it { should be_a Rack::OAuth2::Server::Abstract::BadRequest }
|
10
10
|
its(:protocol_params) do
|
11
11
|
should == {
|
12
|
-
:
|
13
|
-
:
|
14
|
-
:
|
15
|
-
:
|
12
|
+
error: :invalid_request,
|
13
|
+
error_description: nil,
|
14
|
+
error_uri: nil,
|
15
|
+
state: nil
|
16
16
|
}
|
17
17
|
end
|
18
18
|
|
@@ -109,4 +109,4 @@ describe Rack::OAuth2::Server::Authorize::ErrorMethods do
|
|
109
109
|
end
|
110
110
|
end
|
111
111
|
end
|
112
|
-
end
|
112
|
+
end
|
@@ -12,7 +12,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::CodeAndToken do
|
|
12
12
|
|
13
13
|
context "when approved" do
|
14
14
|
subject { response }
|
15
|
-
let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:
|
15
|
+
let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(access_token: access_token) }
|
16
16
|
let :app do
|
17
17
|
Rack::OAuth2::Server::Authorize.new do |request, response|
|
18
18
|
response.redirect_uri = redirect_uri
|
@@ -30,8 +30,8 @@ describe Rack::OAuth2::Server::Authorize::Extension::CodeAndToken do
|
|
30
30
|
context 'when refresh_token is given' do
|
31
31
|
let :bearer_token do
|
32
32
|
Rack::OAuth2::AccessToken::Bearer.new(
|
33
|
-
:
|
34
|
-
:
|
33
|
+
access_token: access_token,
|
34
|
+
refresh_token: 'refresh'
|
35
35
|
)
|
36
36
|
end
|
37
37
|
its(:location) { should include "#{redirect_uri}#" }
|
@@ -51,10 +51,10 @@ describe Rack::OAuth2::Server::Authorize::Extension::CodeAndToken do
|
|
51
51
|
it 'should redirect with error in fragment' do
|
52
52
|
response.status.should == 302
|
53
53
|
error_message = {
|
54
|
-
:
|
55
|
-
:
|
54
|
+
error: :access_denied,
|
55
|
+
error_description: Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
|
56
56
|
}
|
57
57
|
response.location.should == "#{redirect_uri}##{error_message.to_query}"
|
58
58
|
end
|
59
59
|
end
|
60
|
-
end
|
60
|
+
end
|
@@ -8,7 +8,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
|
|
8
8
|
|
9
9
|
context "when approved" do
|
10
10
|
subject { response }
|
11
|
-
let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:
|
11
|
+
let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(access_token: access_token) }
|
12
12
|
let :app do
|
13
13
|
Rack::OAuth2::Server::Authorize.new do |request, response|
|
14
14
|
response.redirect_uri = redirect_uri
|
@@ -22,8 +22,8 @@ describe Rack::OAuth2::Server::Authorize::Token do
|
|
22
22
|
context 'when refresh_token is given' do
|
23
23
|
let :bearer_token do
|
24
24
|
Rack::OAuth2::AccessToken::Bearer.new(
|
25
|
-
:
|
26
|
-
:
|
25
|
+
access_token: access_token,
|
26
|
+
refresh_token: 'refresh'
|
27
27
|
)
|
28
28
|
end
|
29
29
|
its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&state=state&token_type=bearer" }
|
@@ -64,10 +64,10 @@ describe Rack::OAuth2::Server::Authorize::Token do
|
|
64
64
|
it 'should redirect with error in fragment' do
|
65
65
|
response.status.should == 302
|
66
66
|
error_message = {
|
67
|
-
:
|
68
|
-
:
|
67
|
+
error: :access_denied,
|
68
|
+
error_description: Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
|
69
69
|
}
|
70
70
|
response.location.should == "#{redirect_uri}##{error_message.to_query}&state=state"
|
71
71
|
end
|
72
72
|
end
|
73
|
-
end
|
73
|
+
end
|
@@ -14,7 +14,7 @@ describe Rack::OAuth2::Server::Resource::Bearer do
|
|
14
14
|
end
|
15
15
|
end
|
16
16
|
let(:bearer_token) do
|
17
|
-
Rack::OAuth2::AccessToken::Bearer.new(:
|
17
|
+
Rack::OAuth2::AccessToken::Bearer.new(access_token: 'valid_token')
|
18
18
|
end
|
19
19
|
let(:access_token) { env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN] }
|
20
20
|
let(:request) { app.call(env) }
|
@@ -62,7 +62,7 @@ describe Rack::OAuth2::Server::Resource::Bearer do
|
|
62
62
|
end
|
63
63
|
|
64
64
|
context 'when token is in params' do
|
65
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', :
|
65
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', params: {access_token: 'valid_token'}) }
|
66
66
|
it_behaves_like :authenticated_bearer_request
|
67
67
|
end
|
68
68
|
end
|
@@ -80,7 +80,7 @@ describe Rack::OAuth2::Server::Resource::Bearer do
|
|
80
80
|
end
|
81
81
|
|
82
82
|
context 'when token is in params' do
|
83
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', :
|
83
|
+
let(:env) { Rack::MockRequest.env_for('/protected_resource', params: {access_token: 'invalid_token'}) }
|
84
84
|
it_behaves_like :unauthorized_bearer_request
|
85
85
|
end
|
86
86
|
|
@@ -114,7 +114,7 @@ describe Rack::OAuth2::Server::Resource::Bearer do
|
|
114
114
|
Rack::MockRequest.env_for(
|
115
115
|
'/protected_resource',
|
116
116
|
'HTTP_AUTHORIZATION' => 'Bearer valid_token',
|
117
|
-
:
|
117
|
+
params: {access_token: 'valid_token'}
|
118
118
|
)
|
119
119
|
end
|
120
120
|
it_behaves_like :bad_bearer_request
|