rack-oauth2 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/rack/oauth2/server/abstract/request.rb +2 -2
- data/lib/rack/oauth2/server/authorization/code_and_token.rb +29 -6
- data/lib/rack/oauth2/server/authorization.rb +5 -4
- data/lib/rack/oauth2/server/token/authorization_code.rb +4 -8
- data/lib/rack/oauth2/server/token/refresh_token.rb +6 -2
- data/lib/rack/oauth2/server/token.rb +5 -3
- data/rack-oauth2.gemspec +14 -2
- data/spec/rack/oauth2/server/authorization/code_and_token_spec.rb +43 -0
- data/spec/rack/oauth2/server/authorization/code_spec.rb +1 -1
- data/spec/rack/oauth2/server/authorization/token_spec.rb +42 -0
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +62 -0
- data/spec/rack/oauth2/server/token/password_spec.rb +43 -0
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +43 -0
- data/spec/rack/oauth2/server/token_spec.rb +59 -0
- metadata +15 -3
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.2
|
@@ -3,7 +3,7 @@ module Rack
|
|
3
3
|
module Server
|
4
4
|
module Abstract
|
5
5
|
class Request < Rack::Request
|
6
|
-
attr_accessor :client_id
|
6
|
+
attr_accessor :client_id, :scope
|
7
7
|
|
8
8
|
def initialize(env)
|
9
9
|
super
|
@@ -13,7 +13,7 @@ module Rack
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def required_params
|
16
|
-
|
16
|
+
[:client_id]
|
17
17
|
end
|
18
18
|
|
19
19
|
def verify_required_params!
|
@@ -13,18 +13,41 @@ module Rack
|
|
13
13
|
class Request < Authorization::Request
|
14
14
|
def initialize(env)
|
15
15
|
super
|
16
|
-
|
17
|
-
end
|
18
|
-
|
19
|
-
def requred_params
|
20
|
-
# TODO
|
16
|
+
@response_type = 'code_and_token'
|
21
17
|
end
|
22
18
|
end
|
23
19
|
|
24
20
|
class Response < Authorization::Response
|
21
|
+
attr_accessor :code, :access_token, :expires_in, :scope
|
22
|
+
|
25
23
|
def finish
|
26
24
|
if approved?
|
27
|
-
#
|
25
|
+
# append query params
|
26
|
+
query_params = {
|
27
|
+
:code => code,
|
28
|
+
:state => state
|
29
|
+
}.delete_if do |key, value|
|
30
|
+
value.blank?
|
31
|
+
end
|
32
|
+
redirect_uri.query = if redirect_uri.query
|
33
|
+
[redirect_uri.query, query_params.to_query].join('&')
|
34
|
+
else
|
35
|
+
query_params.to_query
|
36
|
+
end
|
37
|
+
# append fragment params
|
38
|
+
fragment_params = {
|
39
|
+
:access_token => access_token,
|
40
|
+
:expires_in => expires_in,
|
41
|
+
:scope => Array(scope).join(' ')
|
42
|
+
}.delete_if do |key, value|
|
43
|
+
value.blank?
|
44
|
+
end
|
45
|
+
redirect_uri.fragment = if redirect_uri.fragment
|
46
|
+
[redirect_uri.fragment, fragment_params.to_query].join('&')
|
47
|
+
else
|
48
|
+
fragment_params.to_query
|
49
|
+
end
|
50
|
+
redirect redirect_uri.to_s
|
28
51
|
end
|
29
52
|
super
|
30
53
|
end
|
@@ -11,7 +11,7 @@ module Rack
|
|
11
11
|
end
|
12
12
|
|
13
13
|
class Request < Abstract::Request
|
14
|
-
attr_accessor :response_type, :client_id, :redirect_uri, :
|
14
|
+
attr_accessor :response_type, :client_id, :redirect_uri, :state
|
15
15
|
|
16
16
|
def initialize(env)
|
17
17
|
super
|
@@ -23,7 +23,7 @@ module Rack
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def required_params
|
26
|
-
[:response_type, :client_id, :redirect_uri]
|
26
|
+
super + [:response_type, :client_id, :redirect_uri]
|
27
27
|
end
|
28
28
|
|
29
29
|
def profile
|
@@ -32,7 +32,7 @@ module Rack
|
|
32
32
|
Code
|
33
33
|
when 'token'
|
34
34
|
Token
|
35
|
-
when '
|
35
|
+
when 'code_and_token'
|
36
36
|
CodeAndToken
|
37
37
|
else
|
38
38
|
raise BadRequest.new(:unsupported_response_type, "'#{params['response_type']}' isn't supported.", :state => state, :redirect_uri => redirect_uri)
|
@@ -64,4 +64,5 @@ module Rack
|
|
64
64
|
end
|
65
65
|
|
66
66
|
require 'rack/oauth2/server/authorization/code'
|
67
|
-
require 'rack/oauth2/server/authorization/token'
|
67
|
+
require 'rack/oauth2/server/authorization/token'
|
68
|
+
require 'rack/oauth2/server/authorization/code_and_token'
|
@@ -11,20 +11,16 @@ module Rack
|
|
11
11
|
end
|
12
12
|
|
13
13
|
class Request < Token::Request
|
14
|
-
attr_accessor :code
|
14
|
+
attr_accessor :code
|
15
15
|
|
16
16
|
def initialize(env)
|
17
17
|
super
|
18
|
-
@grant_type
|
19
|
-
@code
|
20
|
-
@redirect_uri = URI.parse(params['redirect_uri'])
|
21
|
-
@scope = Array(params['scope'].to_s.split(' '))
|
22
|
-
rescue URI::InvalidURIError
|
23
|
-
raise BadRequest.new(:invalid_request, 'Invalid redirect_uri format.')
|
18
|
+
@grant_type = 'authorization_code'
|
19
|
+
@code = params['code']
|
24
20
|
end
|
25
21
|
|
26
22
|
def required_params
|
27
|
-
super + [:code
|
23
|
+
super + [:code]
|
28
24
|
end
|
29
25
|
end
|
30
26
|
|
@@ -11,12 +11,16 @@ module Rack
|
|
11
11
|
end
|
12
12
|
|
13
13
|
class Request < Token::Request
|
14
|
+
attr_reader :refresh_token
|
15
|
+
|
14
16
|
def initialize(env)
|
15
|
-
|
17
|
+
super
|
18
|
+
@grant_type = 'refresh_token'
|
19
|
+
@refresh_token = params['refresh_token']
|
16
20
|
end
|
17
21
|
|
18
22
|
def required_params
|
19
|
-
|
23
|
+
super + [:refresh_token]
|
20
24
|
end
|
21
25
|
end
|
22
26
|
|
@@ -21,7 +21,7 @@ module Rack
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def required_params
|
24
|
-
[:grant_type
|
24
|
+
super + [:grant_type]
|
25
25
|
end
|
26
26
|
|
27
27
|
def profile(allow_no_profile = false)
|
@@ -35,7 +35,7 @@ module Rack
|
|
35
35
|
when 'refresh_token'
|
36
36
|
RefreshToken
|
37
37
|
else
|
38
|
-
raise BadRequest.new(:unsupported_grant_type, "'#{params['
|
38
|
+
raise BadRequest.new(:unsupported_grant_type, "'#{params['grant_type']}' isn't supported.")
|
39
39
|
end
|
40
40
|
end
|
41
41
|
end
|
@@ -48,7 +48,9 @@ module Rack
|
|
48
48
|
response[:expires_in] = expires_in if expires_in
|
49
49
|
response[:refresh_token] = refresh_token if refresh_token
|
50
50
|
response[:scope] = Array(scope).join(' ') if scope
|
51
|
-
|
51
|
+
write response.to_json
|
52
|
+
header['Content-Type'] = "application/json"
|
53
|
+
super
|
52
54
|
end
|
53
55
|
end
|
54
56
|
|
data/rack-oauth2.gemspec
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{rack-oauth2}
|
8
|
-
s.version = "0.0.
|
8
|
+
s.version = "0.0.2"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["nov matake"]
|
@@ -42,9 +42,15 @@ Gem::Specification.new do |s|
|
|
42
42
|
"lib/rack/oauth2/server/token/password.rb",
|
43
43
|
"lib/rack/oauth2/server/token/refresh_token.rb",
|
44
44
|
"rack-oauth2.gemspec",
|
45
|
+
"spec/rack/oauth2/server/authorization/code_and_token_spec.rb",
|
45
46
|
"spec/rack/oauth2/server/authorization/code_spec.rb",
|
47
|
+
"spec/rack/oauth2/server/authorization/token_spec.rb",
|
46
48
|
"spec/rack/oauth2/server/authorization_spec.rb",
|
47
49
|
"spec/rack/oauth2/server/error_spec.rb",
|
50
|
+
"spec/rack/oauth2/server/token/authorization_code_spec.rb",
|
51
|
+
"spec/rack/oauth2/server/token/password_spec.rb",
|
52
|
+
"spec/rack/oauth2/server/token/refresh_token_spec.rb",
|
53
|
+
"spec/rack/oauth2/server/token_spec.rb",
|
48
54
|
"spec/spec.opts",
|
49
55
|
"spec/spec_helper.rb"
|
50
56
|
]
|
@@ -54,9 +60,15 @@ Gem::Specification.new do |s|
|
|
54
60
|
s.rubygems_version = %q{1.3.7}
|
55
61
|
s.summary = %q{Rack Middleware for OAuth2 Client & Server}
|
56
62
|
s.test_files = [
|
57
|
-
"spec/rack/oauth2/server/authorization/
|
63
|
+
"spec/rack/oauth2/server/authorization/code_and_token_spec.rb",
|
64
|
+
"spec/rack/oauth2/server/authorization/code_spec.rb",
|
65
|
+
"spec/rack/oauth2/server/authorization/token_spec.rb",
|
58
66
|
"spec/rack/oauth2/server/authorization_spec.rb",
|
59
67
|
"spec/rack/oauth2/server/error_spec.rb",
|
68
|
+
"spec/rack/oauth2/server/token/authorization_code_spec.rb",
|
69
|
+
"spec/rack/oauth2/server/token/password_spec.rb",
|
70
|
+
"spec/rack/oauth2/server/token/refresh_token_spec.rb",
|
71
|
+
"spec/rack/oauth2/server/token_spec.rb",
|
60
72
|
"spec/spec_helper.rb"
|
61
73
|
]
|
62
74
|
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Authorization::CodeAndToken do
|
4
|
+
|
5
|
+
context "when authorized" do
|
6
|
+
|
7
|
+
before do
|
8
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::CodeAndToken directly
|
9
|
+
@app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
|
10
|
+
response.approve!
|
11
|
+
response.code = "authorization_code"
|
12
|
+
response.access_token = "access_token"
|
13
|
+
end
|
14
|
+
@request = Rack::MockRequest.new @app
|
15
|
+
end
|
16
|
+
|
17
|
+
it "should redirect to redirect_uri with authorization code" do
|
18
|
+
response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback")
|
19
|
+
response.status.should == 302
|
20
|
+
response.location.should == "http://client.example.com/callback?code=authorization_code#access_token=access_token"
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
|
25
|
+
context "when denied" do
|
26
|
+
|
27
|
+
before do
|
28
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
|
29
|
+
@app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
|
30
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
|
31
|
+
end
|
32
|
+
@request = Rack::MockRequest.new @app
|
33
|
+
end
|
34
|
+
|
35
|
+
it "should redirect to redirect_uri with error message" do
|
36
|
+
response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback")
|
37
|
+
response.status.should == 302
|
38
|
+
response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
@@ -31,7 +31,7 @@ describe Rack::OAuth2::Server::Authorization::Code do
|
|
31
31
|
@request = Rack::MockRequest.new @app
|
32
32
|
end
|
33
33
|
|
34
|
-
it "should redirect to redirect_uri with
|
34
|
+
it "should redirect to redirect_uri with error message" do
|
35
35
|
response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
|
36
36
|
response.status.should == 302
|
37
37
|
response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
|
@@ -0,0 +1,42 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Authorization::Token do
|
4
|
+
|
5
|
+
context "when authorized" do
|
6
|
+
|
7
|
+
before do
|
8
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
|
9
|
+
@app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
|
10
|
+
response.approve!
|
11
|
+
response.access_token = "access_token"
|
12
|
+
end
|
13
|
+
@request = Rack::MockRequest.new @app
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should redirect to redirect_uri with authorization code" do
|
17
|
+
response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback")
|
18
|
+
response.status.should == 302
|
19
|
+
response.location.should == "http://client.example.com/callback#access_token=access_token"
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
context "when denied" do
|
25
|
+
|
26
|
+
before do
|
27
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
|
28
|
+
@app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
|
29
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
|
30
|
+
end
|
31
|
+
@request = Rack::MockRequest.new @app
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should redirect to redirect_uri with error message" do
|
35
|
+
response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback")
|
36
|
+
response.status.should == 302
|
37
|
+
response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
|
42
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
4
|
+
|
5
|
+
context "when valid code is given" do
|
6
|
+
|
7
|
+
before do
|
8
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
|
9
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
|
10
|
+
response.access_token = "access_token"
|
11
|
+
end
|
12
|
+
@request = Rack::MockRequest.new @app
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should return access_token as json response body" do
|
16
|
+
response = @request.get("/?grant_type=authorization_code&client_id=valid_client&code=valid_authorization_code&redirect_uri=http://client.example.com/callback")
|
17
|
+
response.status.should == 200
|
18
|
+
response.content_type.should == "application/json"
|
19
|
+
response.body.should == "{\"access_token\":\"access_token\"}"
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
context "when invalid code is given" do
|
25
|
+
|
26
|
+
before do
|
27
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
|
28
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
|
29
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
|
30
|
+
end
|
31
|
+
@request = Rack::MockRequest.new @app
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should return error message as json response body" do
|
35
|
+
response = @request.get("/?grant_type=authorization_code&client_id=valid_client&code=invalid_authorization_code&redirect_uri=http://client.example.com/callback")
|
36
|
+
response.status.should == 401
|
37
|
+
response.content_type.should == "application/json"
|
38
|
+
response.body.should == "{\"error_description\":\"Invalid authorization code.\",\"error\":\"invalid_grant\"}"
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
|
43
|
+
context "when invalid client_id is given" do
|
44
|
+
|
45
|
+
before do
|
46
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
|
47
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
|
48
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.')
|
49
|
+
end
|
50
|
+
@request = Rack::MockRequest.new @app
|
51
|
+
end
|
52
|
+
|
53
|
+
it "should return error message as json response body" do
|
54
|
+
response = @request.get("/?grant_type=authorization_code&client_id=invalid_client&code=valid_authorization_code&redirect_uri=http://client.example.com/callback")
|
55
|
+
response.status.should == 401
|
56
|
+
response.content_type.should == "application/json"
|
57
|
+
response.body.should == "{\"error_description\":\"Invalid client identifier.\",\"error\":\"invalid_client\"}"
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Token::Password do
|
4
|
+
|
5
|
+
context "when valid resource owner credentials are given" do
|
6
|
+
|
7
|
+
before do
|
8
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
|
9
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
|
10
|
+
response.access_token = "access_token"
|
11
|
+
end
|
12
|
+
@request = Rack::MockRequest.new @app
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should return access_token as json response body" do
|
16
|
+
response = @request.get("/?grant_type=password&client_id=valid_client&username=nov&password=valid_pass")
|
17
|
+
response.status.should == 200
|
18
|
+
response.content_type.should == "application/json"
|
19
|
+
response.body.should == "{\"access_token\":\"access_token\"}"
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
context "when invalid resource owner credentials are given" do
|
25
|
+
|
26
|
+
before do
|
27
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
|
28
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
|
29
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource owner credentials.')
|
30
|
+
end
|
31
|
+
@request = Rack::MockRequest.new @app
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should return error message as json response body" do
|
35
|
+
response = @request.get("/?grant_type=password&client_id=valid_client&username=nov&password=invalid_pass")
|
36
|
+
response.status.should == 401
|
37
|
+
response.content_type.should == "application/json"
|
38
|
+
response.body.should == "{\"error_description\":\"Invalid resource owner credentials.\",\"error\":\"invalid_grant\"}"
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Token::RefreshToken do
|
4
|
+
|
5
|
+
context "when valid refresh_token is given" do
|
6
|
+
|
7
|
+
before do
|
8
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
|
9
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
|
10
|
+
response.access_token = "access_token"
|
11
|
+
end
|
12
|
+
@request = Rack::MockRequest.new @app
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should return access_token as json response body" do
|
16
|
+
response = @request.get("/?grant_type=refresh_token&client_id=valid_client&refresh_token=valid_refresh_token")
|
17
|
+
response.status.should == 200
|
18
|
+
response.content_type.should == "application/json"
|
19
|
+
response.body.should == "{\"access_token\":\"access_token\"}"
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
context "when invalid refresh_token is given" do
|
25
|
+
|
26
|
+
before do
|
27
|
+
# NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
|
28
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
|
29
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid refresh_token.')
|
30
|
+
end
|
31
|
+
@request = Rack::MockRequest.new @app
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should return error message as json response body" do
|
35
|
+
response = @request.get("/?grant_type=refresh_token&client_id=valid_client&refresh_token=invalid_refresh_token")
|
36
|
+
response.status.should == 401
|
37
|
+
response.content_type.should == "application/json"
|
38
|
+
response.body.should == "{\"error_description\":\"Invalid refresh_token.\",\"error\":\"invalid_grant\"}"
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Token do
|
4
|
+
|
5
|
+
before do
|
6
|
+
@app = Rack::OAuth2::Server::Token.new(simple_app)
|
7
|
+
@request = Rack::MockRequest.new @app
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should support realm" do
|
11
|
+
app = Rack::OAuth2::Server::Token.new(simple_app, "server.example.com")
|
12
|
+
app.realm.should == "server.example.com"
|
13
|
+
end
|
14
|
+
|
15
|
+
context "when any required parameters are missing" do
|
16
|
+
it "should return invalid_request error" do
|
17
|
+
assert_error_response(:json, :invalid_request) do
|
18
|
+
@request.get('/')
|
19
|
+
end
|
20
|
+
assert_error_response(:json, :invalid_request) do
|
21
|
+
@request.get('/?grant_type=authorization_code')
|
22
|
+
end
|
23
|
+
assert_error_response(:json, :invalid_request) do
|
24
|
+
@request.get('/?grant_type=authorization_code&client_id=client')
|
25
|
+
end
|
26
|
+
assert_error_response(:json, :invalid_request) do
|
27
|
+
@request.get('/?grant_type=authorization_code&redirect_uri=http://client.example.com/callback')
|
28
|
+
end
|
29
|
+
assert_error_response(:json, :invalid_request) do
|
30
|
+
@request.get('/?client_id=client&redirect_uri=http://client.example.com/callback')
|
31
|
+
end
|
32
|
+
assert_error_response(:json, :invalid_request) do
|
33
|
+
@request.get('/?grant_type=authorization_code&redirect_uri=http://client.example.com/callback')
|
34
|
+
end
|
35
|
+
assert_error_response(:json, :invalid_request) do
|
36
|
+
@request.get('/?grant_type=authorization_code&client_id=client&redirect_uri=http://client.example.com/callback')
|
37
|
+
end
|
38
|
+
assert_error_response(:json, :invalid_request) do
|
39
|
+
@request.get('/?grant_type=authorization_code&code=authorization_code&redirect_uri=http://client.example.com/callback')
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
context "when unsupported grant_type is given" do
|
45
|
+
it "should return unsupported_response_type error" do
|
46
|
+
assert_error_response(:json, :unsupported_grant_type) do
|
47
|
+
@request.get('/?grant_type=hello&client_id=client&code=authorization_code&redirect_uri=http://client.example.com/callback')
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
context "when all required parameters are valid" do
|
53
|
+
it "should succeed" do
|
54
|
+
response = @request.get('/?grant_type=authorization_code&client_id=client&code=authorization_code&redirect_uri=http://client.example.com/callback')
|
55
|
+
response.status.should == 200
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 27
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 2
|
10
|
+
version: 0.0.2
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- nov matake
|
@@ -97,9 +97,15 @@ files:
|
|
97
97
|
- lib/rack/oauth2/server/token/password.rb
|
98
98
|
- lib/rack/oauth2/server/token/refresh_token.rb
|
99
99
|
- rack-oauth2.gemspec
|
100
|
+
- spec/rack/oauth2/server/authorization/code_and_token_spec.rb
|
100
101
|
- spec/rack/oauth2/server/authorization/code_spec.rb
|
102
|
+
- spec/rack/oauth2/server/authorization/token_spec.rb
|
101
103
|
- spec/rack/oauth2/server/authorization_spec.rb
|
102
104
|
- spec/rack/oauth2/server/error_spec.rb
|
105
|
+
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
106
|
+
- spec/rack/oauth2/server/token/password_spec.rb
|
107
|
+
- spec/rack/oauth2/server/token/refresh_token_spec.rb
|
108
|
+
- spec/rack/oauth2/server/token_spec.rb
|
103
109
|
- spec/spec.opts
|
104
110
|
- spec/spec_helper.rb
|
105
111
|
has_rdoc: true
|
@@ -137,7 +143,13 @@ signing_key:
|
|
137
143
|
specification_version: 3
|
138
144
|
summary: Rack Middleware for OAuth2 Client & Server
|
139
145
|
test_files:
|
146
|
+
- spec/rack/oauth2/server/authorization/code_and_token_spec.rb
|
140
147
|
- spec/rack/oauth2/server/authorization/code_spec.rb
|
148
|
+
- spec/rack/oauth2/server/authorization/token_spec.rb
|
141
149
|
- spec/rack/oauth2/server/authorization_spec.rb
|
142
150
|
- spec/rack/oauth2/server/error_spec.rb
|
151
|
+
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
152
|
+
- spec/rack/oauth2/server/token/password_spec.rb
|
153
|
+
- spec/rack/oauth2/server/token/refresh_token_spec.rb
|
154
|
+
- spec/rack/oauth2/server/token_spec.rb
|
143
155
|
- spec/spec_helper.rb
|