rack-oauth2 1.12.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. checksums.yaml +4 -4
  2. data/.github/FUNDING.yml +3 -0
  3. data/.github/workflows/spec.yml +32 -0
  4. data/CHANGELOG.md +25 -0
  5. data/README.rdoc +1 -26
  6. data/VERSION +1 -1
  7. data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
  8. data/lib/rack/oauth2/access_token/bearer.rb +1 -1
  9. data/lib/rack/oauth2/access_token/mtls.rb +2 -2
  10. data/lib/rack/oauth2/access_token.rb +4 -6
  11. data/lib/rack/oauth2/client.rb +97 -41
  12. data/lib/rack/oauth2/server/abstract/error.rb +2 -1
  13. data/lib/rack/oauth2/server/extension/pkce.rb +1 -1
  14. data/lib/rack/oauth2/server/rails/response_ext.rb +5 -5
  15. data/lib/rack/oauth2/server/resource/error.rb +4 -4
  16. data/lib/rack/oauth2/server/resource.rb +0 -1
  17. data/lib/rack/oauth2/server/token/error.rb +3 -1
  18. data/lib/rack/oauth2/server/token.rb +16 -5
  19. data/lib/rack/oauth2/urn.rb +3 -3
  20. data/lib/rack/oauth2/util.rb +6 -2
  21. data/lib/rack/oauth2.rb +11 -10
  22. data/rack-oauth2.gemspec +7 -5
  23. data/spec/helpers/webmock_helper.rb +8 -2
  24. data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -22
  25. data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
  26. data/spec/rack/oauth2/access_token_spec.rb +0 -17
  27. data/spec/rack/oauth2/client_spec.rb +173 -75
  28. data/spec/rack/oauth2/oauth2_spec.rb +0 -43
  29. data/spec/rack/oauth2/server/authorize/error_spec.rb +6 -6
  30. data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +2 -2
  31. data/spec/rack/oauth2/server/resource/bearer_spec.rb +9 -9
  32. data/spec/rack/oauth2/server/resource/error_spec.rb +21 -21
  33. data/spec/rack/oauth2/server/token/authorization_code_spec.rb +2 -2
  34. data/spec/rack/oauth2/server/token/client_credentials_spec.rb +32 -2
  35. data/spec/rack/oauth2/server/token/error_spec.rb +8 -8
  36. data/spec/rack/oauth2/server/token_spec.rb +72 -3
  37. data/spec/rack/oauth2/util_spec.rb +8 -3
  38. metadata +47 -51
  39. data/.travis.yml +0 -7
  40. data/lib/rack/oauth2/access_token/legacy.rb +0 -19
  41. data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
  42. data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
  43. data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
  44. data/lib/rack/oauth2/access_token/mac.rb +0 -103
  45. data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
  46. data/lib/rack/oauth2/debugger.rb +0 -3
  47. data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
  48. data/lib/rack/oauth2/server/resource/mac.rb +0 -36
  49. data/spec/mock_response/tokens/legacy.json +0 -5
  50. data/spec/mock_response/tokens/legacy.txt +0 -1
  51. data/spec/mock_response/tokens/legacy_without_expires_in.txt +0 -1
  52. data/spec/mock_response/tokens/mac.json +0 -8
  53. data/spec/rack/oauth2/access_token/legacy_spec.rb +0 -23
  54. data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
  55. data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
  56. data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
  57. data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
  58. data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
  59. data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
  60. data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
  61. /data/spec/mock_response/{blank → blank.txt} +0 -0
data/spec/rack/oauth2/server/resource/mac_spec.rb DELETED
@@ -1,119 +0,0 @@
1
- require 'spec_helper.rb'
2
-
3
- describe Rack::OAuth2::Server::Resource::MAC do
4
- let(:app) do
5
- Rack::OAuth2::Server::Resource::MAC.new(simple_app) do |request|
6
- case request.access_token
7
- when 'valid_token'
8
- token = mac_token
9
- token.verify!(request)
10
- token
11
- when 'insufficient_scope_token'
12
- request.insufficient_scope!
13
- else
14
- request.invalid_token!
15
- end
16
- end
17
- end
18
- let(:mac_token) do
19
- Rack::OAuth2::AccessToken::MAC.new(
20
- access_token: 'valid_token',
21
- mac_key: 'secret',
22
- mac_algorithm: 'hmac-sha-256',
23
- ts: 1305820230 # fix verification time
24
- )
25
- end
26
- let(:access_token) { env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN] }
27
- let(:request) { app.call(env) }
28
- subject { app.call(env) }
29
-
30
- shared_examples_for :non_mac_request do
31
- it 'should skip OAuth 2.0 authentication' do
32
- status, header, response = request
33
- status.should == 200
34
- access_token.should be_nil
35
- end
36
- end
37
- shared_examples_for :authenticated_mac_request do
38
- it 'should be authenticated' do
39
- status, header, response = request
40
- status.should == 200
41
- access_token.should == mac_token
42
- end
43
- end
44
- shared_examples_for :unauthorized_mac_request do
45
- it 'should be unauthorized' do
46
- status, header, response = request
47
- status.should == 401
48
- header['WWW-Authenticate'].should include 'MAC'
49
- access_token.should be_nil
50
- end
51
- end
52
- shared_examples_for :bad_mac_request do
53
- it 'should be unauthorized' do
54
- status, header, response = request
55
- status.should == 400
56
- access_token.should be_nil
57
- end
58
- end
59
-
60
- context 'when no access token is given' do
61
- let(:env) { Rack::MockRequest.env_for('/protected_resource') }
62
- it 'should skip OAuth 2.0 authentication' do
63
- status, header, response = request
64
- status.should == 200
65
- access_token.should be_nil
66
- end
67
- end
68
-
69
- context 'when valid_token is given' do
70
- context 'when other required params are missing' do
71
- let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token"') }
72
- it_behaves_like :unauthorized_mac_request
73
- end
74
-
75
- context 'when other required params are invalid' do
76
- let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305820234", mac="invalid""') }
77
- it_behaves_like :unauthorized_mac_request
78
- end
79
-
80
- context 'when all required params are valid' do
81
- let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305820234", mac="26JP6MMZyAHLHeMU8+m+NbVJgZbikp5SlT86/a62pwg="') }
82
- it_behaves_like :authenticated_mac_request
83
- end
84
-
85
- context 'when all required params are valid and ts is expired' do
86
- let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305819234", mac="nuo4765MZrVL/qMsAtuTczhqZAE5y02ChaLCyOiVU68="') }
87
- it_behaves_like :unauthorized_mac_request
88
- end
89
- end
90
-
91
- context 'when invalid_token is given' do
92
- let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
93
- it_behaves_like :unauthorized_mac_request
94
-
95
- describe 'realm' do
96
- let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
97
-
98
- context 'when specified' do
99
- let(:realm) { 'server.example.com' }
100
- let(:app) do
101
- Rack::OAuth2::Server::Resource::MAC.new(simple_app, realm) do |request|
102
- request.unauthorized!
103
- end
104
- end
105
- it 'should use specified realm' do
106
- status, header, response = request
107
- header['WWW-Authenticate'].should include "MAC realm=\"#{realm}\""
108
- end
109
- end
110
-
111
- context 'otherwize' do
112
- it 'should use default realm' do
113
- status, header, response = request
114
- header['WWW-Authenticate'].should include "MAC realm=\"#{Rack::OAuth2::Server::Resource::DEFAULT_REALM}\""
115
- end
116
- end
117
- end
118
- end
119
- end
/data/spec/mock_response/{blank → blank.txt} RENAMED
File without changes