rack-oauth2 1.19.0 → 2.2.1

data/spec/rack/oauth2/access_token_spec.rb

@@ -49,23 +49,6 @@ describe Rack::OAuth2::AccessToken do
 
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
   [:get, :delete, :post, :put].each do |method|
-    describe method do
-      it 'should delegate to HTTPClient with Authenticator filter' do
-        expect(token.httpclient).to receive(method).with(resource_endpoint)
-        token.httpclient.request_filter.last.should be_a Rack::OAuth2::AccessToken::Authenticator
-        token.send method, resource_endpoint
-      end
-    end
-
-    context 'in debug mode' do
-      it do
-        Rack::OAuth2.debug do
-          token.httpclient.request_filter[-2].should be_a Rack::OAuth2::AccessToken::Authenticator
-          token.httpclient.request_filter.last.should be_a Rack::OAuth2::Debugger::RequestFilter
-        end
-      end
-    end
-
     context 'when extension params given' do
       subject do
         Rack::OAuth2::AccessToken::Bearer.new(

data/spec/rack/oauth2/client_spec.rb

@@ -8,7 +8,8 @@ describe Rack::OAuth2::Client do
       identifier: client_id,
       secret: client_secret,
       host: 'server.example.com',
-      redirect_uri: 'https://client.example.com/callback'
+      redirect_uri: 'https://client.example.com/callback',
+      revocation_endpoint: '/oauth2/revoke'
     )
   end
   subject { client }
@@ -17,6 +18,7 @@ describe Rack::OAuth2::Client do
   its(:secret)     { should == 'client_secret' }
   its(:authorization_endpoint) { should == '/oauth2/authorize' }
   its(:token_endpoint)         { should == '/oauth2/token' }
+  its(:revocation_endpoint)    { should == '/oauth2/revoke' }
 
   context 'when identifier is missing' do
     it do
@@ -91,7 +93,7 @@ describe Rack::OAuth2::Client do
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/bearer.json',
+            'tokens/bearer',
             request_header: {
               'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ='
             }
@@ -107,7 +109,7 @@ describe Rack::OAuth2::Client do
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 request_header: {
                   'Authorization' => 'Basic aHR0cHMlM0ElMkYlMkZjbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
                 }
@@ -125,7 +127,7 @@ describe Rack::OAuth2::Client do
                mock_response(
                  :post,
                  'https://server.example.com/oauth2/token',
-                 'tokens/bearer.json',
+                 'tokens/bearer',
                  request_header: {
                    'Authorization' => 'Basic aHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
                  }
@@ -141,7 +143,7 @@ describe Rack::OAuth2::Client do
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 params: {
                   client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9\..+/, # NOTE: HS256
                   client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -169,7 +171,7 @@ describe Rack::OAuth2::Client do
                 mock_response(
                   :post,
                   'https://server.example.com/oauth2/token',
-                  'tokens/bearer.json',
+                  'tokens/bearer',
                   params: {
                     client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9\..+/, # NOTE: RS256
                     client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -186,7 +188,7 @@ describe Rack::OAuth2::Client do
               let :client do
                 Rack::OAuth2::Client.new(
                   identifier: 'client_id',
-                  private_key: OpenSSL::PKey::EC.new('prime256v1').generate_key,
+                  private_key: OpenSSL::PKey::EC.generate('prime256v1'),
                   host: 'server.example.com',
                   redirect_uri: 'https://client.example.com/callback'
                 )
@@ -196,7 +198,7 @@ describe Rack::OAuth2::Client do
                 mock_response(
                   :post,
                   'https://server.example.com/oauth2/token',
-                  'tokens/bearer.json',
+                  'tokens/bearer',
                   params: {
                     client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9\..+/, # NOTE: ES256
                     client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -223,7 +225,7 @@ describe Rack::OAuth2::Client do
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 params: {
                   client_assertion: 'any.jwt.assertion',
                   client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -242,7 +244,7 @@ describe Rack::OAuth2::Client do
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 client_id: 'client_id',
                 client_secret: 'client_secret',
@@ -260,7 +262,7 @@ describe Rack::OAuth2::Client do
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 client_id: 'client_id',
                 client_secret: 'client_secret',
@@ -280,7 +282,7 @@ describe Rack::OAuth2::Client do
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 grant_type: 'client_credentials',
                 scope: 'a b'
@@ -296,7 +298,7 @@ describe Rack::OAuth2::Client do
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/bearer.json',
+            'tokens/bearer',
             params: {
               grant_type: 'client_credentials',
               resource: 'something'
@@ -307,13 +309,30 @@ describe Rack::OAuth2::Client do
       end
     end
 
+    context 'local_http_config handling' do
+      it do
+        mock_response(
+          :post,
+          'https://server.example.com/oauth2/token',
+          'tokens/bearer',
+          request_header: {
+            'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
+            'X-Foo' => 'bar'
+          }
+        )
+        client.access_token! do |request|
+          request.headers['X-Foo'] = 'bar'
+        end
+      end
+    end
+
     context 'when bearer token is given' do
       before do
         client.authorization_code = 'code'
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/bearer.json'
+          'tokens/bearer'
         )
       end
       it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
@@ -328,7 +347,7 @@ describe Rack::OAuth2::Client do
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/_Bearer.json'
+            'tokens/_Bearer'
           )
         end
         it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
@@ -336,112 +355,146 @@ describe Rack::OAuth2::Client do
       end
     end
 
-    context 'when mac token is given' do
+    context 'when unknown-type token is given' do
       before do
         client.authorization_code = 'code'
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/mac.json'
+          'tokens/unknown'
         )
       end
-      it { should be_instance_of Rack::OAuth2::AccessToken::MAC }
-      its(:token_type) { should == :mac }
-      its(:access_token) { should == 'access_token' }
-      its(:refresh_token) { should == 'refresh_token' }
-      its(:expires_in) { should == 3600 }
+      it do
+        expect { client.access_token! }.to raise_error(StandardError, 'Unknown Token Type')
+      end
     end
 
-    context 'when no-type token is given (JSON)' do
+    context 'when error response is given' do
       before do
-        client.authorization_code = 'code'
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/legacy.json'
+          'errors/invalid_request',
+          status: 400
         )
       end
-      it { should be_instance_of Rack::OAuth2::AccessToken::Legacy }
-      its(:token_type) { should == :legacy }
-      its(:access_token) { should == 'access_token' }
-      its(:refresh_token) { should == 'refresh_token' }
-      its(:expires_in) { should == 3600 }
+      it do
+        expect { client.access_token! }.to raise_error Rack::OAuth2::Client::Error
+      end
+    end
 
-      context 'when token_type is forced' do
+    context 'when no body given' do
+      context 'when error given' do
         before do
-          client.force_token_type! :bearer
+          mock_response(
+            :post,
+            'https://server.example.com/oauth2/token',
+            'blank',
+            format: 'txt',
+            status: 400
+          )
+        end
+        it do
+          expect { client.access_token! }.to raise_error Rack::OAuth2::Client::Error
         end
-        it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
-        its(:token_type) { should == :bearer }
       end
     end
+  end
 
-    context 'when no-type token is given (key-value)' do
-      before do
+  describe '#revoke!' do
+    context 'local_http_config handling' do
+      it do
         mock_response(
           :post,
-          'https://server.example.com/oauth2/token',
-          'tokens/legacy.txt'
+          'https://server.example.com/oauth2/revoke',
+          'blank',
+          format: 'txt',
+          status: 200,
+          body: {
+            token: 'access_token',
+            token_type_hint: 'access_token'
+          },
+          request_header: {
+            'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
+            'X-Foo' => 'bar'
+          }
         )
-      end
-      it { should be_instance_of Rack::OAuth2::AccessToken::Legacy }
-      its(:token_type) { should == :legacy }
-      its(:access_token) { should == 'access_token' }
-      its(:expires_in) { should == 3600 }
-
-      context 'when expires_in is not given' do
-        before do
-          mock_response(
-            :post,
-            'https://server.example.com/oauth2/token',
-            'tokens/legacy_without_expires_in.txt'
-          )
+        client.revoke!(access_token: 'access_token') do |request|
+          request.headers['X-Foo'] = 'bar'
         end
-        its(:expires_in) { should be_nil }
       end
     end
 
-    context 'when unknown-type token is given' do
+    context 'when access_token given' do
       before do
-        client.authorization_code = 'code'
         mock_response(
           :post,
-          'https://server.example.com/oauth2/token',
-          'tokens/unknown.json'
+          'https://server.example.com/oauth2/revoke',
+          'blank',
+          format: 'txt',
+          status: 200,
+          body: {
+            token: 'access_token',
+            token_type_hint: 'access_token'
+          }
         )
       end
       it do
-        expect { client.access_token! }.to raise_error(StandardError, 'Unknown Token Type')
+        client.revoke!(access_token: 'access_token').should == :success
       end
     end
 
-    context 'when error response is given' do
+    context 'when refresh_token given' do
       before do
         mock_response(
           :post,
-          'https://server.example.com/oauth2/token',
-          'errors/invalid_request.json',
+          'https://server.example.com/oauth2/revoke',
+          'blank',
+          format: 'txt',
+          status: 200,
+          body: {
+            token: 'refresh_token',
+            token_type_hint: 'refresh_token'
+          }
+        )
+      end
+
+      context 'as argument' do
+        it do
+          client.revoke!(refresh_token: 'refresh_token').should == :success
+        end
+      end
+
+      context 'as grant' do
+        it do
+          client.refresh_token = 'refresh_token'
+          client.revoke!
+        end
+      end
+    end
+
+    context 'when error response given' do
+      before do
+        mock_response(
+          :post,
+          'https://server.example.com/oauth2/revoke',
+          'errors/invalid_request',
           status: 400
         )
       end
+
       it do
-        expect { client.access_token! }.to raise_error Rack::OAuth2::Client::Error
+        expect do
+          client.revoke! access_token: 'access_token'
+        end.to raise_error Rack::OAuth2::Client::Error
       end
     end
 
-    context 'when no body given' do
-      context 'when error given' do
-        before do
-          mock_response(
-            :post,
-            'https://server.example.com/oauth2/token',
-            'blank',
-            status: 400
-          )
-        end
-        it do
-          expect { client.access_token! }.to raise_error Rack::OAuth2::Client::Error
-        end
+    context 'when no token given' do
+      it do
+        expect do
+          client.revoke!
+        end.to raise_error ArgumentError
       end
     end
   end
@@ -451,7 +504,8 @@ describe Rack::OAuth2::Client do
       Rack::OAuth2::Client.new(
         identifier: 'client_id',
         secret: 'client_secret',
-        redirect_uri: 'https://client.example.com/callback'
+        redirect_uri: 'https://client.example.com/callback',
+        revocation_endpoint: '/oauth2/revoke'
       )
     end
 
@@ -466,5 +520,11 @@ describe Rack::OAuth2::Client do
         expect { client.access_token! }.to raise_error 'No Host Info'
       end
     end
+
+    describe '#revoke!' do
+      it do
+        expect { client.revoke! access_token: 'access_token' }.to raise_error 'No Host Info'
+      end
+    end
   end
 end

data/spec/rack/oauth2/oauth2_spec.rb

@@ -28,47 +28,4 @@ describe Rack::OAuth2 do
       Rack::OAuth2.debugging?.should == true
     end
   end
-
-  describe '.http_config' do
-    context 'when request_filter added' do
-      context 'when "debug!" is called' do
-        after { Rack::OAuth2.reset_http_config! }
-
-        it 'should put Debugger::RequestFilter at last' do
-          Rack::OAuth2.debug!
-          Rack::OAuth2.http_config do |config|
-            config.request_filter << Proc.new {}
-          end
-          Rack::OAuth2.http_client.request_filter.last.should be_instance_of Rack::OAuth2::Debugger::RequestFilter
-        end
-
-        it 'should reset_http_config' do
-          Rack::OAuth2.debug!
-          Rack::OAuth2.http_config do |config|
-            config.request_filter << Proc.new {}
-          end
-          size = Rack::OAuth2.http_client.request_filter.size
-          Rack::OAuth2.reset_http_config!
-          Rack::OAuth2.http_client.request_filter.size.should == size - 1
-        end
-
-      end
-    end
-  end
-
-  describe ".http_client" do
-    context "when local_http_config is used" do
-      it "should correctly set request_filter" do
-        clnt1 = Rack::OAuth2.http_client
-        clnt2 = Rack::OAuth2.http_client("my client") do |config|
-          config.request_filter << Proc.new {}
-        end
-        clnt3 = Rack::OAuth2.http_client
-
-        clnt1.request_filter.size.should == clnt3.request_filter.size
-        clnt1.request_filter.size.should == clnt2.request_filter.size - 1
-
-      end
-    end
-  end
 end

data/spec/rack/oauth2/server/authorize/error_spec.rb

@@ -23,27 +23,27 @@ describe Rack::OAuth2::Server::Authorize::BadRequest do
       context 'when protocol_params_location = :query' do
         before { error.protocol_params_location = :query }
         it 'should redirect with error in query' do
-          state, header, response = error.finish
+          state, headers, response = error.finish
           state.should == 302
-          header["Location"].should == "#{redirect_uri}?error=invalid_request"
+          headers["Location"].should == "#{redirect_uri}?error=invalid_request"
         end
       end
 
       context 'when protocol_params_location = :fragment' do
         before { error.protocol_params_location = :fragment }
         it 'should redirect with error in fragment' do
-          state, header, response = error.finish
+          state, headers, response = error.finish
           state.should == 302
-          header["Location"].should == "#{redirect_uri}#error=invalid_request"
+          headers["Location"].should == "#{redirect_uri}#error=invalid_request"
         end
       end
 
       context 'otherwise' do
         before { error.protocol_params_location = :other }
         it 'should redirect without error' do
-          state, header, response = error.finish
+          state, headers, response = error.finish
           state.should == 302
-          header["Location"].should == redirect_uri
+          headers["Location"].should == redirect_uri
         end
       end
     end

data/spec/rack/oauth2/server/resource/bearer/error_spec.rb

@@ -12,8 +12,8 @@ describe Rack::OAuth2::Server::Resource::Bearer::Unauthorized do
 
   describe '#finish' do
     it 'should use Bearer scheme' do
-      status, header, response = error.finish
-      header['WWW-Authenticate'].should include 'Bearer'
+      status, headers, response = error.finish
+      headers['WWW-Authenticate'].should include 'Bearer'
     end
   end
 end

data/spec/rack/oauth2/server/resource/bearer_spec.rb

@@ -22,29 +22,29 @@ describe Rack::OAuth2::Server::Resource::Bearer do
 
   shared_examples_for :authenticated_bearer_request do
     it 'should be authenticated' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 200
       access_token.should == bearer_token
     end
   end
   shared_examples_for :unauthorized_bearer_request do
     it 'should be unauthorized' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 401
-      header['WWW-Authenticate'].should include 'Bearer'
+      headers['WWW-Authenticate'].should include 'Bearer'
       access_token.should be_nil
     end
   end
   shared_examples_for :bad_bearer_request do
     it 'should be bad_request' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 400
       access_token.should be_nil
     end
   end
   shared_examples_for :skipped_authentication_request do
     it 'should skip OAuth 2.0 authentication' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 200
       access_token.should be_nil
     end
@@ -94,15 +94,15 @@ describe Rack::OAuth2::Server::Resource::Bearer do
           end
         end
         it 'should use specified realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
+          status, headers, response = request
+          headers['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
         end
       end
 
       context 'otherwize' do
         it 'should use default realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
+          status, headers, response = request
+          headers['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
         end
       end
     end

data/spec/rack/oauth2/server/resource/error_spec.rb

@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 400
-      header['Content-Type'].should == 'application/json'
+      headers['Content-Type'].should == 'application/json'
       response.should == ['{"error":"invalid_request"}']
     end
   end
@@ -40,10 +40,10 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
 
     describe '#finish' do
       it 'should respond in JSON' do
-        status, header, response = error_with_scheme.finish
+        status, headers, response = error_with_scheme.finish
         status.should == 401
-        header['Content-Type'].should == 'application/json'
-        header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
+        headers['Content-Type'].should == 'application/json'
+        headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
         response.should == ['{"error":"invalid_token"}']
       end
 
@@ -51,8 +51,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
 
         it 'should have error_code in body but not in WWW-Authenticate header' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
           response.first.should include '"error":"something"'
         end
       end
@@ -61,8 +61,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new }
 
         it 'should have error_code in body but not in WWW-Authenticate header' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
           response.first.should == '{"error":"unauthorized"}'
         end
       end
@@ -72,8 +72,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, realm: realm) }
 
         it 'should use given realm' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
           response.first.should include '"error":"something"'
         end
       end
@@ -88,9 +88,9 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 403
-      header['Content-Type'].should == 'application/json'
+      headers['Content-Type'].should == 'application/json'
       response.should == ['{"error":"insufficient_scope"}']
     end
   end
@@ -99,7 +99,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
     let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', scope: [:scope1, :scope2]) }
 
     it 'should have blank WWW-Authenticate header' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       response.first.should include '"scope":"scope1 scope2"'
     end
   end

data/spec/rack/oauth2/server/token/authorization_code_spec.rb

@@ -24,8 +24,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
   its(:body)         { should include '"token_type":"bearer"' }
 
   it 'should prevent to be cached' do
-    response.header['Cache-Control'].should == 'no-store'
-    response.header['Pragma'].should == 'no-cache'
+    response.headers['Cache-Control'].should == 'no-store'
+    response.headers['Pragma'].should == 'no-cache'
   end
 
   [:code].each do |required|