rack-oauth2 1.21.2 → 2.0.0.rc1

data/spec/rack/oauth2/access_token/mac/signature_spec.rb

@@ -1,59 +0,0 @@
-require 'spec_helper'
-
-describe Rack::OAuth2::AccessToken::MAC::Signature do
-  # From the example of Webtopay wallet API
-  # ref) https://www.webtopay.com/wallet/
-  context 'when ext is not given' do
-    subject do
-      Rack::OAuth2::AccessToken::MAC::Signature.new(
-        secret:      'IrdTc8uQodU7PRpLzzLTW6wqZAO6tAMU',
-        algorithm:   'hmac-sha-256',
-        nonce:       'dj83hs9s',
-        ts:          1336363200,
-        method:      'GET',
-        request_uri: '/wallet/rest/api/v1/payment/123',
-        host:        'www.webtopay.com',
-        port:        443
-      )
-    end
-    its(:calculate) { should == 'OZE9fTk2qiRtL1jb01L8lRxC66PTiAGhMDEmboeVeLs=' }
-  end
-
-  # From the example of MAC spec section 1.1
-  # ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-01.pdf
-  context 'when ext is not given' do
-    subject do
-      Rack::OAuth2::AccessToken::MAC::Signature.new(
-        secret:      '489dks293j39',
-        algorithm:   'hmac-sha-1',
-        nonce:       'dj83hs9s',
-        ts:          1336363200,
-        method:      'GET',
-        request_uri: '/resource/1?b=1&a=2',
-        host:        'example.com',
-        port:        80
-      )
-    end
-    its(:calculate) { should == '6T3zZzy2Emppni6bzL7kdRxUWL4=' }
-  end
-
-  # From the example of MAC spec section 3.2
-  # ref) http://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-01.pdf
-  context 'otherwise' do
-    subject do
-      Rack::OAuth2::AccessToken::MAC::Signature.new(
-        secret:      '489dks293j39',
-        algorithm:   'hmac-sha-1',
-        nonce:       '7d8f3e4a',
-        ts:          264095,
-        method:      'POST',
-        request_uri: '/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b&c2&a3=2+q',
-        host:        'example.com',
-        port:        80,
-        ext:         'a,b,c'
-      )
-    end
-    its(:calculate) { should == '+txL5oOFHGYjrfdNYH5VEzROaBY=' }
-  end
-
-end

data/spec/rack/oauth2/access_token/mac/verifier_spec.rb

@@ -1,25 +0,0 @@
-require 'spec_helper'
-
-describe Rack::OAuth2::AccessToken::MAC::Verifier do
-  let(:verifier) { Rack::OAuth2::AccessToken::MAC::Verifier.new(algorithm: algorithm) }
-  subject { verifier }
-
-  context 'when "hmac-sha-1" is specified' do
-    let(:algorithm) { 'hmac-sha-1' }
-    its(:hash_generator) { should be_instance_of OpenSSL::Digest::SHA1 }
-  end
-
-  context 'when "hmac-sha-256" is specified' do
-    let(:algorithm) { 'hmac-sha-256' }
-    its(:hash_generator) { should be_instance_of OpenSSL::Digest::SHA256 }
-  end
-
-  context 'otherwise' do
-    let(:algorithm) { 'invalid' }
-    it do
-      expect { verifier.send(:hash_generator) }.to raise_error(StandardError, 'Unsupported Algorithm')
-    end
-  end
-
-
-end

data/spec/rack/oauth2/access_token/mac_spec.rb

@@ -1,141 +0,0 @@
-require 'spec_helper'
-
-describe Rack::OAuth2::AccessToken::MAC do
-  let(:ts) { 1305820234 }
-  let :token do
-    Rack::OAuth2::AccessToken::MAC.new(
-      access_token: 'access_token',
-      mac_key: 'secret',
-      mac_algorithm: 'hmac-sha-256',
-      ts: ts
-    )
-  end
-  let :token_with_ext_verifier do
-    Rack::OAuth2::AccessToken::MAC.new(
-      access_token: 'access_token',
-      mac_key: 'secret',
-      mac_algorithm: 'hmac-sha-256',
-      ts: ts,
-      ext_verifier: Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier
-    )
-  end
-  let(:nonce) { '1000:51e74de734c05613f37520872e68db5f' }
-  let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
-  subject { token }
-
-  its(:mac_key)    { should == 'secret' }
-  its(:mac_algorithm) { should == 'hmac-sha-256' }
-  its(:token_response) do
-    should == {
-      access_token: 'access_token',
-      refresh_token: nil,
-      token_type: :mac,
-      expires_in: nil,
-      scope: '',
-      mac_key: 'secret',
-      mac_algorithm: 'hmac-sha-256'
-    }
-  end
-  its(:generate_nonce) { should be_a String }
-
-  describe 'verify!' do
-    let(:request) { Rack::OAuth2::Server::Resource::MAC::Request.new(env) }
-
-    context 'when no ext_verifier is given' do
-      let(:env) do
-        Rack::MockRequest.env_for(
-          '/protected_resources',
-          'HTTP_AUTHORIZATION' => %{MAC id="access_token", nonce="#{nonce}", ts="#{ts}" mac="#{signature}"}
-        )
-      end
-
-      context 'when signature is valid' do
-        let(:signature) { 'BgooS/voPOZWLwoVfx4+zbC3xAVKW3jtjhKYOfIGZOA=' }
-        it do
-
-          token.verify!(request.setup!).should == :verified
-        end
-      end
-
-      context 'otherwise' do
-        let(:signature) { 'invalid' }
-        it do
-          expect { token.verify!(request.setup!) }.to raise_error(
-            Rack::OAuth2::Server::Resource::MAC::Unauthorized,
-            'invalid_token :: Signature Invalid'
-          )
-        end
-      end
-    end
-
-    context 'when ext_verifier is given' do
-      let(:env) do
-        Rack::MockRequest.env_for(
-          '/protected_resources',
-          method: :POST,
-          params: {
-            key1: 'value1'
-          },
-          'HTTP_AUTHORIZATION' => %{MAC id="access_token", nonce="#{nonce}", ts="#{ts}", mac="#{signature}", ext="#{ext}"}
-        )
-      end
-      let(:signature) { 'invalid' }
-
-      context 'when ext is invalid' do
-        let(:ext) { 'invalid' }
-        it do
-          expect { token_with_ext_verifier.verify!(request.setup!) }.to raise_error(
-            Rack::OAuth2::Server::Resource::MAC::Unauthorized,
-            'invalid_token :: Sha256HexVerifier Invalid'
-          )
-        end
-      end
-
-      context 'when ext is valid' do
-        let(:ext) { '4cfcd46c59f54b5ea6a5f9b05c28b52fef2864747194b5fdfc3d59c0057bf35a' }
-
-        context 'when signature is valid' do
-          let(:signature) { 'dZYR54n+Lym5qCRRmDqmRZ71rG+bkjSWmqrOv8OjYHk=' }
-          it do
-            Time.fix(Time.at(1302361200)) do
-              token_with_ext_verifier.verify!(request.setup!).should == :verified
-            end
-          end
-        end
-
-        context 'otherwise' do
-          it do
-            expect { token.verify!(request.setup!) }.to raise_error(
-              Rack::OAuth2::Server::Resource::MAC::Unauthorized,
-              'invalid_token :: Signature Invalid'
-            )
-          end
-        end
-      end
-    end
-  end
-
-  describe '.authenticate' do
-    let(:request) { HTTPClient.new.send(:create_request, :post, URI.parse(resource_endpoint), {}, {hello: "world"}, {}) }
-    context 'when no ext_verifier is given' do
-      let(:signature) { 'pOBaL6HRawe4tUPmcU4vJEj1f2GJqrbQOlCcdAYgI/s=' }
-
-      it 'should set Authorization header' do
-        expect(token).to receive(:generate_nonce).and_return(nonce)
-        expect(request.header).to receive(:[]=).with('Authorization', "MAC id=\"access_token\", nonce=\"#{nonce}\", ts=\"#{ts.to_i}\", mac=\"#{signature}\"")
-        token.authenticate(request)
-      end
-    end
-
-    context 'when ext_verifier is given' do
-      let(:signature) { 'vgU0fj6rSpwUCAoCOrXlu8pZBR8a5Q5xIVlB4MCvJeM=' }
-      let(:ext) { '3d011e09502a84552a0f8ae112d024cc2c115597e3a577d5f49007902c221dc5' }
-      it 'should set Authorization header with ext_verifier' do
-        expect(token_with_ext_verifier).to receive(:generate_nonce).and_return(nonce)
-        expect(request.header).to receive(:[]=).with('Authorization', "MAC id=\"access_token\", nonce=\"#{nonce}\", ts=\"#{ts.to_i}\", mac=\"#{signature}\", ext=\"#{ext}\"")
-        token_with_ext_verifier.authenticate(request)
-      end
-    end
-
-  end
-end

data/spec/rack/oauth2/debugger/request_filter_spec.rb

@@ -1,33 +0,0 @@
-require 'spec_helper'
-
-describe Rack::OAuth2::Debugger::RequestFilter do
-  let(:resource_endpoint) { 'https://example.com/resources' }
-  let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
-  let(:response) { HTTP::Message.new_response({hello: 'world'}.to_json) }
-  let(:request_filter) { Rack::OAuth2::Debugger::RequestFilter.new }
-
-  describe '#filter_request' do
-    it 'should log request' do
-      [
-        "======= [Rack::OAuth2] HTTP REQUEST STARTED =======",
-        request.dump
-      ].each do |output|
-        expect(Rack::OAuth2.logger).to receive(:info).with output
-      end
-      request_filter.filter_request(request)
-    end
-  end
-
-  describe '#filter_response' do
-    it 'should log response' do
-      [
-        "--------------------------------------------------",
-        response.dump,
-        "======= [Rack::OAuth2] HTTP REQUEST FINISHED ======="
-      ].each do |output|
-        expect(Rack::OAuth2.logger).to receive(:info).with output
-      end
-      request_filter.filter_response(request, response)
-    end
-  end
-end

data/spec/rack/oauth2/server/resource/mac/error_spec.rb

@@ -1,52 +0,0 @@
-require 'spec_helper.rb'
-
-describe Rack::OAuth2::Server::Resource::MAC::Unauthorized do
-  let(:error) { Rack::OAuth2::Server::Resource::MAC::Unauthorized.new(:invalid_token) }
-
-  it { should be_a Rack::OAuth2::Server::Resource::Unauthorized }
-
-  describe '#scheme' do
-    subject { error }
-    its(:scheme) { should == :MAC }
-  end
-
-  describe '#finish' do
-    it 'should use MAC scheme' do
-      status, header, response = error.finish
-      header['WWW-Authenticate'].should =~ /^MAC /
-    end
-  end
-end
-
-describe Rack::OAuth2::Server::Resource::MAC::ErrorMethods do
-  let(:unauthorized)        { Rack::OAuth2::Server::Resource::MAC::Unauthorized }
-  let(:redirect_uri)        { 'http://client.example.com/callback' }
-  let(:default_description) { Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION }
-  let(:env)                 { Rack::MockRequest.env_for("/authorize?client_id=client_id") }
-  let(:request)             { Rack::OAuth2::Server::Resource::MAC::Request.new env }
-
-  describe 'unauthorized!' do
-    it do
-      expect { request.unauthorized! :invalid_client }.to raise_error unauthorized
-    end
-  end
-
-  Rack::OAuth2::Server::Resource::Bearer::ErrorMethods::DEFAULT_DESCRIPTION.keys.each do |error_code|
-    method = "#{error_code}!"
-    case error_code
-    when :invalid_request
-      # ignore
-    when :insufficient_scope
-      # ignore
-    else
-      describe method do
-        it "should raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized with error = :#{error_code}" do
-          expect { request.send method }.to raise_error(unauthorized) { |error|
-            error.error.should       == error_code
-            error.description.should == default_description[error_code]
-          }
-        end
-      end
-    end
-  end
-end

data/spec/rack/oauth2/server/resource/mac_spec.rb

@@ -1,119 +0,0 @@
-require 'spec_helper.rb'
-
-describe Rack::OAuth2::Server::Resource::MAC do
-  let(:app) do
-    Rack::OAuth2::Server::Resource::MAC.new(simple_app) do |request|
-      case request.access_token
-      when 'valid_token'
-        token = mac_token
-        token.verify!(request)
-        token
-      when 'insufficient_scope_token'
-        request.insufficient_scope!
-      else
-        request.invalid_token!
-      end
-    end
-  end
-  let(:mac_token) do
-    Rack::OAuth2::AccessToken::MAC.new(
-      access_token: 'valid_token',
-      mac_key: 'secret',
-      mac_algorithm: 'hmac-sha-256',
-      ts: 1305820230 # fix verification time
-    )
-  end
-  let(:access_token) { env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN] }
-  let(:request) { app.call(env) }
-  subject { app.call(env) }
-
-  shared_examples_for :non_mac_request do
-    it 'should skip OAuth 2.0 authentication' do
-      status, header, response = request
-      status.should == 200
-      access_token.should be_nil
-    end
-  end
-  shared_examples_for :authenticated_mac_request do
-    it 'should be authenticated' do
-      status, header, response = request
-      status.should == 200
-      access_token.should == mac_token
-    end
-  end
-  shared_examples_for :unauthorized_mac_request do
-    it 'should be unauthorized' do
-      status, header, response = request
-      status.should == 401
-      header['WWW-Authenticate'].should include 'MAC'
-      access_token.should be_nil
-    end
-  end
-  shared_examples_for :bad_mac_request do
-    it 'should be unauthorized' do
-      status, header, response = request
-      status.should == 400
-      access_token.should be_nil
-    end
-  end
-
-  context 'when no access token is given' do
-    let(:env) { Rack::MockRequest.env_for('/protected_resource') }
-    it 'should skip OAuth 2.0 authentication' do
-      status, header, response = request
-      status.should == 200
-      access_token.should be_nil
-    end
-  end
-
-  context 'when valid_token is given' do
-    context 'when other required params are missing' do
-      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token"') }
-      it_behaves_like :unauthorized_mac_request
-    end
-
-    context 'when other required params are invalid' do
-      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305820234", mac="invalid""') }
-      it_behaves_like :unauthorized_mac_request
-    end
-
-    context 'when all required params are valid' do
-      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305820234", mac="26JP6MMZyAHLHeMU8+m+NbVJgZbikp5SlT86/a62pwg="') }
-      it_behaves_like :authenticated_mac_request
-    end
-
-    context 'when all required params are valid and ts is expired' do
-      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="valid_token", nonce="51e74de734c05613f37520872e68db5f", ts="1305819234", mac="nuo4765MZrVL/qMsAtuTczhqZAE5y02ChaLCyOiVU68="') }
-      it_behaves_like :unauthorized_mac_request
-    end
-  end
-
-  context 'when invalid_token is given' do
-    let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
-    it_behaves_like :unauthorized_mac_request
-
-    describe 'realm' do
-      let(:env) { Rack::MockRequest.env_for('/protected_resource', 'HTTP_AUTHORIZATION' => 'MAC id="invalid_token"') }
-
-      context 'when specified' do
-        let(:realm) { 'server.example.com' }
-        let(:app) do
-          Rack::OAuth2::Server::Resource::MAC.new(simple_app, realm) do |request|
-            request.unauthorized!
-          end
-        end
-        it 'should use specified realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "MAC realm=\"#{realm}\""
-        end
-      end
-
-      context 'otherwize' do
-        it 'should use default realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "MAC realm=\"#{Rack::OAuth2::Server::Resource::DEFAULT_REALM}\""
-        end
-      end
-    end
-  end
-end