rack-oauth2 1.12.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.github/workflows/spec.yml +32 -0
- data/CHANGELOG.md +25 -0
- data/README.rdoc +1 -26
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
- data/lib/rack/oauth2/access_token/bearer.rb +1 -1
- data/lib/rack/oauth2/access_token/mtls.rb +2 -2
- data/lib/rack/oauth2/access_token.rb +4 -6
- data/lib/rack/oauth2/client.rb +97 -41
- data/lib/rack/oauth2/server/abstract/error.rb +2 -1
- data/lib/rack/oauth2/server/extension/pkce.rb +1 -1
- data/lib/rack/oauth2/server/rails/response_ext.rb +5 -5
- data/lib/rack/oauth2/server/resource/error.rb +4 -4
- data/lib/rack/oauth2/server/resource.rb +0 -1
- data/lib/rack/oauth2/server/token/error.rb +3 -1
- data/lib/rack/oauth2/server/token.rb +16 -5
- data/lib/rack/oauth2/urn.rb +3 -3
- data/lib/rack/oauth2/util.rb +6 -2
- data/lib/rack/oauth2.rb +11 -10
- data/rack-oauth2.gemspec +7 -5
- data/spec/helpers/webmock_helper.rb +8 -2
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -22
- data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
- data/spec/rack/oauth2/access_token_spec.rb +0 -17
- data/spec/rack/oauth2/client_spec.rb +173 -75
- data/spec/rack/oauth2/oauth2_spec.rb +0 -43
- data/spec/rack/oauth2/server/authorize/error_spec.rb +6 -6
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +2 -2
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +9 -9
- data/spec/rack/oauth2/server/resource/error_spec.rb +21 -21
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +2 -2
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +32 -2
- data/spec/rack/oauth2/server/token/error_spec.rb +8 -8
- data/spec/rack/oauth2/server/token_spec.rb +72 -3
- data/spec/rack/oauth2/util_spec.rb +8 -3
- metadata +47 -51
- data/.travis.yml +0 -7
- data/lib/rack/oauth2/access_token/legacy.rb +0 -19
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
- data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
- data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
- data/lib/rack/oauth2/access_token/mac.rb +0 -103
- data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
- data/lib/rack/oauth2/debugger.rb +0 -3
- data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
- data/lib/rack/oauth2/server/resource/mac.rb +0 -36
- data/spec/mock_response/tokens/legacy.json +0 -5
- data/spec/mock_response/tokens/legacy.txt +0 -1
- data/spec/mock_response/tokens/legacy_without_expires_in.txt +0 -1
- data/spec/mock_response/tokens/mac.json +0 -8
- data/spec/rack/oauth2/access_token/legacy_spec.rb +0 -23
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
- data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
- data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
- /data/spec/mock_response/{blank → blank.txt} +0 -0
@@ -1,119 +0,0 @@
|
|
1
|
-
require 'spec_helper.rb'
|
2
|
-
|
3
|
-
describe Rack::OAuth2::Server::Resource::MAC do
|
4
|
-
let(:app) do
|
5
|
-
Rack::OAuth2::Server::Resource::MAC.new(simple_app) do |request|
|
6
|
-
case request.access_token
|
7
|
-
when 'valid_token'
|
8
|
-
token = mac_token
|
9
|
-
token.verify!(request)
|
10
|
-
token
|
11
|
-
when 'insufficient_scope_token'
|
12
|
-
request.insufficient_scope!
|
13
|
-
else
|
14
|
-
request.invalid_token!
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
let(:mac_token) do
|
19
|
-
Rack::OAuth2::AccessToken::MAC.new(
|
20
|
-
access_token: 'valid_token',
|
21
|
-
mac_key: 'secret',
|
22
|
-
mac_algorithm: 'hmac-sha-256',
|
23
|
-
ts: 1305820230 # fix verification time
|
24
|
-
)
|
25
|
-
end
|
26
|
-
let(:access_token) { env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN] }
|
27
|
-
let(:request) { app.call(env) }
|
28
|
-
subject { app.call(env) }
|
29
|
-
|
30
|
-
shared_examples_for :non_mac_request do
|
31
|
-
it 'should skip OAuth 2.0 authentication' do
|
32
|
-
status, header, response = request
|
33
|
-
status.should == 200
|
34
|
-
access_token.should be_nil
|
35
|
-
end
|
36
|
-
end
|
37
|
-
shared_examples_for :authenticated_mac_request do
|
38
|
-
it 'should be authenticated' do
|
39
|
-
status, header, response = request
|
40
|
-
status.should == 200
|
41
|
-
access_token.should == mac_token
|
42
|
-
end
|
43
|
-
end
|
44
|
-
shared_examples_for :unauthorized_mac_request do
|
45
|
-
it 'should be unauthorized' do
|
46
|
-
status, header, response = request
|
47
|
-
status.should == 401
|
48
|
-
header['WWW-Authenticate'].should include 'MAC'
|
49
|
-
access_token.should be_nil
|
50
|
-
end
|
51
|
-
end
|
52
|
-
shared_examples_for :bad_mac_request do
|
53
|
-
it 'should be unauthorized' do
|
54
|
-
status, header, response = request
|
55
|
-
status.should == 400
|
56
|
-
access_token.should be_nil
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
context 'when no access token is given' do
|
61
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource') }
|
62
|
-
it 'should skip OAuth 2.0 authentication' do
|
63
|
-
status, header, response = request
|
64
|
-
status.should == 200
|
65
|
-
access_token.should be_nil
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
context 'when valid_token is given' do
|
70
|
-
context 'when other required params are missing' do
|
71
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token"') }
|
72
|
-
it_behaves_like :unauthorized_mac_request
|
73
|
-
end
|
74
|
-
|
75
|
-
context 'when other required params are invalid' do
|
76
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305820234", mac="invalid""') }
|
77
|
-
it_behaves_like :unauthorized_mac_request
|
78
|
-
end
|
79
|
-
|
80
|
-
context 'when all required params are valid' do
|
81
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305820234", mac="26JP6MMZyAHLHeMU8+m+NbVJgZbikp5SlT86/a62pwg="') }
|
82
|
-
it_behaves_like :authenticated_mac_request
|
83
|
-
end
|
84
|
-
|
85
|
-
context 'when all required params are valid and ts is expired' do
|
86
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305819234", mac="nuo4765MZrVL/qMsAtuTczhqZAE5y02ChaLCyOiVU68="') }
|
87
|
-
it_behaves_like :unauthorized_mac_request
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
|
-
context 'when invalid_token is given' do
|
92
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
|
93
|
-
it_behaves_like :unauthorized_mac_request
|
94
|
-
|
95
|
-
describe 'realm' do
|
96
|
-
let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
|
97
|
-
|
98
|
-
context 'when specified' do
|
99
|
-
let(:realm) { 'server.example.com' }
|
100
|
-
let(:app) do
|
101
|
-
Rack::OAuth2::Server::Resource::MAC.new(simple_app, realm) do |request|
|
102
|
-
request.unauthorized!
|
103
|
-
end
|
104
|
-
end
|
105
|
-
it 'should use specified realm' do
|
106
|
-
status, header, response = request
|
107
|
-
header['WWW-Authenticate'].should include "MAC realm=\"#{realm}\""
|
108
|
-
end
|
109
|
-
end
|
110
|
-
|
111
|
-
context 'otherwize' do
|
112
|
-
it 'should use default realm' do
|
113
|
-
status, header, response = request
|
114
|
-
header['WWW-Authenticate'].should include "MAC realm=\"#{Rack::OAuth2::Server::Resource::DEFAULT_REALM}\""
|
115
|
-
end
|
116
|
-
end
|
117
|
-
end
|
118
|
-
end
|
119
|
-
end
|
File without changes
|