rack-oauth2 0.0.0 → 0.0.1

data/Rakefile

@@ -11,6 +11,7 @@ begin
     gem.homepage = 'http://github.com/nov/rack-oauth2'
     gem.authors = ['nov matake']
     gem.add_dependency 'json'
+    gem.add_dependency 'activesupport'
     gem.add_development_dependency 'rspec', '>= 1.2.9'
     # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
   end

data/VERSION

@@ -1 +1 @@
-0.0.0
+0.0.1

data/example/server/authorize.rb

@@ -48,7 +48,7 @@ post '/oauth/authorize' do
         response.expires_in = 3600
       end
     else
-      raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.')
+      raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri, :state => request.state)
     end
   end
   authorization_endpoint.call(env)

data/lib/rack/oauth2/server/abstract/request.rb

@@ -3,13 +3,17 @@ module Rack
     module Server
       module Abstract
         class Request < Rack::Request
+          attr_accessor :client_id
+
           def initialize(env)
             super
             verify_required_params!
+            @client_id = params['client_id']
+            @scope     = Array(params['scope'].to_s.split(' '))
           end
 
           def required_params
-            raise "Implement verify_required_params! in #{self.class}"
+            raise "Implement #{self.class}#verify_required_params!"
           end
 
           def verify_required_params!
@@ -17,8 +21,8 @@ module Rack
             required_params.each do |key|
               missing_params << key unless params[key.to_s]
             end
-            unless missing_params.empty?
-              raise BadRequest.new(:invalid_request, "'#{missing_params.join('\', \'')}' required")
+            unless missing_params.blank?
+              raise BadRequest.new(:invalid_request, "'#{missing_params.join('\', \'')}' required", :state => @state, :redirect_uri => @redirect_uri)
             end
           end
         end

data/lib/rack/oauth2/server/authorization/code.rb

@@ -22,10 +22,17 @@ module Rack
 
             def finish
               if approved?
-                query_params = Array(redirect_uri.query)
-                query_params << "code=#{URI.encode code}"
-                query_params << "state=#{URI.encode state}" if state
-                redirect_uri.query = query_params.join('&')
+                params = {
+                  :code => code,
+                  :state => state
+                }.delete_if do |key, value|
+                  value.blank?
+                end
+                redirect_uri.query = if redirect_uri.query
+                  [redirect_uri.query, params.to_query].join('&')
+                else
+                  params.to_query
+                end
                 redirect redirect_uri.to_s
               end
               super

data/lib/rack/oauth2/server/authorization/token.rb

@@ -22,12 +22,19 @@ module Rack
 
             def finish
               if approved?
-                fragment = Array(redirect_uri.fragment)
-                fragment << "access_token=#{URI.encode access_token}"
-                fragment << "expires_in=#{URI.encode expires_in.to_s}" if expires_in
-                fragment << "scope=#{URI.encode Array(scope).join(' ')}" if scope
-                query_params << "state=#{URI.encode state}" if state
-                redirect_uri.fragment = fragment.join('&')
+                params = {
+                  :access_token => access_token,
+                  :expires_in => expires_in,
+                  :scope => Array(scope).join(' '),
+                  :state => state
+                }.delete_if do |key, value|
+                  value.blank?
+                end
+                redirect_uri.fragment = if redirect_uri.fragment
+                  [redirect_uri.fragment, params.to_query].join('&')
+                else
+                  params.to_query
+                end
                 redirect redirect_uri.to_s
               end
               super

data/lib/rack/oauth2/server/authorization.rb

@@ -15,10 +15,11 @@ module Rack
 
           def initialize(env)
             super
-            @client_id    = params['client_id']
-            @redirect_uri = URI.parse(params['redirect_uri']) rescue nil
-            @scope        = Array(params['scope'].to_s.split(' '))
+            @redirect_uri = URI.parse(params['redirect_uri'])
             @state        = params['state']
+          rescue URI::InvalidURIError
+            # NOTE: can't redirect in this case.
+            raise BadRequest.new(:invalid_request, 'Invalid redirect_uri format.')
           end
 
           def required_params
@@ -34,7 +35,7 @@ module Rack
             when 'token_and_code'
               CodeAndToken
             else
-              raise BadRequest.new(:unsupported_response_type, "'#{params['response_type']}' isn't supported.")
+              raise BadRequest.new(:unsupported_response_type, "'#{params['response_type']}' isn't supported.", :state => state, :redirect_uri => redirect_uri)
             end
           end
         end

data/lib/rack/oauth2/server/error.rb

@@ -3,37 +3,57 @@ module Rack
     module Server
 
       class Error < StandardError
-        attr_accessor :code, :error, :description, :uri, :state
+        attr_accessor :code, :error, :description, :uri, :redirect_uri, :state
 
-        def initialize(code, error, description, options = {})
-          @code = code
-          @error = error
-          @description = description
-          @uri = options[:uri]
-          @state = options[:state]
+        def initialize(code, error, description = "", options = {})
+          @code         = code
+          @error        = error
+          @description  = description
+          @uri          = options[:uri]
+          @state        = options[:state]
+          @redirect_uri = options[:redirect_uri]
         end
 
         def finish
-          [code, {'Content-Type' => 'application/json'}, response.to_json]
-        end
-
-        def response
-          response = {:error => error}
-          response[:error_description] = description if description
-          response[:error_uri] = uri if uri
-          response[:state] = state if state
-          response
+          params = {
+            :error             => error,
+            :error_description => description,
+            :error_uri         => uri,
+            :state             => state
+          }.delete_if do |key, value|
+            value.blank?
+          end
+          if redirect_uri
+            _redirect_uri_ = case redirect_uri
+            when URI::Generic
+              redirect_uri
+            when String
+              URI.parse(redirect_uri)
+            else
+              raise "Invalid redirect_uri is given. String or URI::Generic is require."
+            end
+            _redirect_uri_.query = if _redirect_uri_.query
+              [_redirect_uri_.query, params.to_query].join('&')
+            else
+              params.to_query
+            end
+            response = Rack::Response.new
+            response.redirect _redirect_uri_.to_s
+            response.finish
+          else
+            [code, {'Content-Type' => 'application/json'}, params.to_json]
+          end
         end
       end
 
       class Unauthorized < Error
-        def initialize(error, description, options = {})
+        def initialize(error, description = "", options = {})
           super(401, error, description, options)
         end
       end
 
       class BadRequest < Error
-        def initialize(error, description, options = {})
+        def initialize(error, description = "", options = {})
           super(400, error, description, options)
         end
       end

data/lib/rack/oauth2/server/token/authorization_code.rb

@@ -11,14 +11,16 @@ module Rack
           end
 
           class Request < Token::Request
-            attr_accessor :client_id, :client_secret, :code, :redirect_uri, :scope
+            attr_accessor :code, :redirect_uri, :scope
 
             def initialize(env)
               super
               @grant_type   = 'authorization_code'
               @code         = params['code']
-              @redirect_uri = URI.parse(params['redirect_uri']) rescue nil
+              @redirect_uri = URI.parse(params['redirect_uri'])
               @scope        = Array(params['scope'].to_s.split(' '))
+            rescue URI::InvalidURIError
+              raise BadRequest.new(:invalid_request, 'Invalid redirect_uri format.')
             end
 
             def required_params

data/lib/rack/oauth2/server/token.rb

@@ -12,13 +12,12 @@ module Rack
         end
 
         class Request < Abstract::Request
-          attr_accessor :client_id, :client_secret, :code, :redirect_uri, :scope
+          attr_accessor :grant_type, :client_secret
 
           def initialize(env)
             super
-            @client_id     = params['client_id']
+            @grant_type    = params['grant_type']
             @client_secret = params['client_secret']
-            @scope         = Array(params['scope'].to_s.split(' '))
           end
 
           def required_params

data/lib/rack/oauth2.rb

@@ -1,2 +1,4 @@
+require 'rack'
 require 'json'
+require 'active_support/core_ext'
 require 'rack/oauth2/server'

data/rack-oauth2.gemspec

@@ -0,0 +1,82 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rack-oauth2}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["nov matake"]
+  s.date = %q{2010-09-15}
+  s.description = %q{Rack Middleware for OAuth2 Client & Server, currently working on server code first.}
+  s.email = %q{nov@matake.jp}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "example/server/authorize.rb",
+     "example/server/token.rb",
+     "lib/rack/oauth2.rb",
+     "lib/rack/oauth2/server.rb",
+     "lib/rack/oauth2/server/abstract.rb",
+     "lib/rack/oauth2/server/abstract/handler.rb",
+     "lib/rack/oauth2/server/abstract/request.rb",
+     "lib/rack/oauth2/server/abstract/response.rb",
+     "lib/rack/oauth2/server/authorization.rb",
+     "lib/rack/oauth2/server/authorization/code.rb",
+     "lib/rack/oauth2/server/authorization/code_and_token.rb",
+     "lib/rack/oauth2/server/authorization/token.rb",
+     "lib/rack/oauth2/server/error.rb",
+     "lib/rack/oauth2/server/token.rb",
+     "lib/rack/oauth2/server/token/assertion.rb",
+     "lib/rack/oauth2/server/token/authorization_code.rb",
+     "lib/rack/oauth2/server/token/password.rb",
+     "lib/rack/oauth2/server/token/refresh_token.rb",
+     "rack-oauth2.gemspec",
+     "spec/rack/oauth2/server/authorization/code_spec.rb",
+     "spec/rack/oauth2/server/authorization_spec.rb",
+     "spec/rack/oauth2/server/error_spec.rb",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/nov/rack-oauth2}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Rack Middleware for OAuth2 Client & Server}
+  s.test_files = [
+    "spec/rack/oauth2/server/authorization/code_spec.rb",
+     "spec/rack/oauth2/server/authorization_spec.rb",
+     "spec/rack/oauth2/server/error_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<json>, [">= 0"])
+      s.add_runtime_dependency(%q<activesupport>, [">= 0"])
+      s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
+    else
+      s.add_dependency(%q<json>, [">= 0"])
+      s.add_dependency(%q<activesupport>, [">= 0"])
+      s.add_dependency(%q<rspec>, [">= 1.2.9"])
+    end
+  else
+    s.add_dependency(%q<json>, [">= 0"])
+    s.add_dependency(%q<activesupport>, [">= 0"])
+    s.add_dependency(%q<rspec>, [">= 1.2.9"])
+  end
+end
+

data/spec/rack/oauth2/server/authorization/code_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Authorization::Code do
+
+  context "when authorized" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
+        response.approve!
+        response.code = "authorization_code"
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should redirect to redirect_uri with authorization code" do
+      response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
+      response.status.should == 302
+      response.location.should == "http://client.example.com/callback?code=authorization_code"
+    end
+
+  end
+
+  context "when denied" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
+        raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should redirect to redirect_uri with authorization code" do
+      response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
+      response.status.should == 302
+      response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
+    end
+
+  end
+
+end

data/spec/rack/oauth2/server/authorization_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Authorization do
+
+  before do
+    @app = Rack::OAuth2::Server::Authorization.new(simple_app)
+    @request = Rack::MockRequest.new @app
+  end
+
+  it "should support realm" do
+    app = Rack::OAuth2::Server::Authorization.new(simple_app, "server.example.com")
+    app.realm.should == "server.example.com"
+  end
+
+  context "when any required parameters are missing" do
+    it "should return invalid_request error" do
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?response_type=code')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?response_type=code&client_id=client')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?response_type=code&redirect_uri=http://client.example.com/callback')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?client_id=client&redirect_uri=http://client.example.com/callback')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?response_type=code&redirect_uri=http://client.example.com/callback')
+      end
+    end
+  end
+
+  context "when unsupported response_type is given" do
+    it "should return unsupported_response_type error" do
+      assert_error_response(:query, :unsupported_response_type) do
+        @request.get('/?response_type=hello&client_id=client&redirect_uri=http://client.example.com/callback')
+      end
+    end
+  end
+
+  context "when all required parameters are valid" do
+    it "should succeed" do
+      response = @request.get('/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback')
+      response.status.should == 200
+    end
+  end
+
+end

data/spec/rack/oauth2/server/error_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Error, '#finish' do
+
+  context "when state is given" do
+    it "should return state as error response" do
+      error = Rack::OAuth2::Server::Error.new(400, :invalid_request, "Something Invalid!!", :state => "anything")
+      status, header, body = error.finish
+      body.should match("\"state\":\"anything\"")
+    end
+  end
+
+  context "when redirect_uri is given" do
+    before do
+      @params = {
+        :error => :invalid_request,
+        :error_description => "Something invalid!!",
+        :redirect_uri => "http://client.example.com"
+      }
+      @error = Rack::OAuth2::Server::Error.new(400, @params[:error], @params[:error_description], :redirect_uri => @params[:redirect_uri])
+    end
+
+    it "should redirect to redirect_uri with error message in query string" do
+      status, header, body = @error.finish
+      status.should == 302
+      header['Content-Type'].should == "text/html"
+      header['Location'].should == "#{@params.delete(:redirect_uri)}?#{@params.to_query}"
+    end
+  end
+
+  context "when redirect_uri isn't given" do
+    before do
+      @params = {
+        :error => :invalid_request,
+        :error_description => "Something invalid!!"
+      }
+      @error = Rack::OAuth2::Server::Error.new(400, @params[:error], @params[:error_description])
+    end
+
+    it "should return failure response with error message in json body" do
+      status, header, body = @error.finish
+      body.should == @params.to_json
+    end
+  end
+
+end
+
+describe Rack::OAuth2::Server::BadRequest do
+  it "should use 400 as status" do
+    error = Rack::OAuth2::Server::BadRequest.new(:invalid_request)
+    error.code.should == 400
+  end
+end
+
+describe Rack::OAuth2::Server::Unauthorized do
+  it "should use 401 as status" do
+    error = Rack::OAuth2::Server::Unauthorized.new(:unauthorized_client)
+    error.code.should == 401
+  end
+end

data/spec/spec_helper.rb

@@ -3,7 +3,26 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 require 'rack/oauth2'
 require 'spec'
 require 'spec/autorun'
+require 'rack/mock'
 
 Spec::Runner.configure do |config|
   
 end
+
+def simple_app
+  lambda do |env|
+    [ 200, {'Content-Type' => 'text/plain'}, ["HELLO"] ]
+  end
+end
+
+def assert_error_response(format, error)
+  response = yield
+  case format
+  when :json
+    response.status.should == 400
+    response.body.should match("\"error\":\"#{error}\"")
+  when :query
+    response.status.should == 302
+    response.location.should match("error=#{error}")
+  end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-oauth2
 version: !ruby/object:Gem::Version 
-  hash: 31
+  hash: 29
   prerelease: false
   segments: 
   - 0
   - 0
-  - 0
-  version: 0.0.0
+  - 1
+  version: 0.0.1
 platform: ruby
 authors: 
 - nov matake
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-13 00:00:00 +09:00
+date: 2010-09-15 00:00:00 +09:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -33,9 +33,23 @@ dependencies:
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: rspec
+  name: activesupport
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -47,7 +61,7 @@ dependencies:
         - 9
         version: 1.2.9
   type: :development
-  version_requirements: *id002
+  version_requirements: *id003
 description: Rack Middleware for OAuth2 Client & Server, currently working on server code first.
 email: nov@matake.jp
 executables: []
@@ -82,7 +96,10 @@ files:
 - lib/rack/oauth2/server/token/authorization_code.rb
 - lib/rack/oauth2/server/token/password.rb
 - lib/rack/oauth2/server/token/refresh_token.rb
-- spec/rack/oauth2_spec.rb
+- rack-oauth2.gemspec
+- spec/rack/oauth2/server/authorization/code_spec.rb
+- spec/rack/oauth2/server/authorization_spec.rb
+- spec/rack/oauth2/server/error_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
 has_rdoc: true
@@ -120,5 +137,7 @@ signing_key:
 specification_version: 3
 summary: Rack Middleware for OAuth2 Client & Server
 test_files: 
-- spec/rack/oauth2_spec.rb
+- spec/rack/oauth2/server/authorization/code_spec.rb
+- spec/rack/oauth2/server/authorization_spec.rb
+- spec/rack/oauth2/server/error_spec.rb
 - spec/spec_helper.rb

data/spec/rack/oauth2_spec.rb

@@ -1,7 +0,0 @@
-require File.join(File.dirname(__FILE__), '../spec_helper')
-
-describe Rack::OAuth2 do
-  it "fails" do
-    fail "hey buddy, you should probably rename this file and start specing for real"
-  end
-end