rack-oauth2 0.0.1 → 0.0.2

data/VERSION

@@ -1 +1 @@
-0.0.1
+0.0.2

data/lib/rack/oauth2/server/abstract/request.rb

@@ -3,7 +3,7 @@ module Rack
     module Server
       module Abstract
         class Request < Rack::Request
-          attr_accessor :client_id
+          attr_accessor :client_id, :scope
 
           def initialize(env)
             super
@@ -13,7 +13,7 @@ module Rack
           end
 
           def required_params
-            raise "Implement #{self.class}#verify_required_params!"
+            [:client_id]
           end
 
           def verify_required_params!

data/lib/rack/oauth2/server/authorization/code_and_token.rb

@@ -13,18 +13,41 @@ module Rack
           class Request < Authorization::Request
             def initialize(env)
               super
-              # TODO
-            end
-
-            def requred_params
-              # TODO
+              @response_type = 'code_and_token'
             end
           end
 
           class Response < Authorization::Response
+            attr_accessor :code, :access_token, :expires_in, :scope
+
             def finish
               if approved?
-                # TODO
+                # append query params
+                query_params = {
+                  :code => code,
+                  :state => state
+                }.delete_if do |key, value|
+                  value.blank?
+                end
+                redirect_uri.query = if redirect_uri.query
+                  [redirect_uri.query, query_params.to_query].join('&')
+                else
+                  query_params.to_query
+                end
+                # append fragment params
+                fragment_params = {
+                  :access_token => access_token,
+                  :expires_in => expires_in,
+                  :scope => Array(scope).join(' ')
+                }.delete_if do |key, value|
+                  value.blank?
+                end
+                redirect_uri.fragment = if redirect_uri.fragment
+                  [redirect_uri.fragment, fragment_params.to_query].join('&')
+                else
+                  fragment_params.to_query
+                end
+                redirect redirect_uri.to_s
               end
               super
             end

data/lib/rack/oauth2/server/authorization.rb

@@ -11,7 +11,7 @@ module Rack
         end
 
         class Request < Abstract::Request
-          attr_accessor :response_type, :client_id, :redirect_uri, :scope, :state
+          attr_accessor :response_type, :client_id, :redirect_uri, :state
 
           def initialize(env)
             super
@@ -23,7 +23,7 @@ module Rack
           end
 
           def required_params
-            [:response_type, :client_id, :redirect_uri]
+            super + [:response_type, :client_id, :redirect_uri]
           end
 
           def profile
@@ -32,7 +32,7 @@ module Rack
               Code
             when 'token'
               Token
-            when 'token_and_code'
+            when 'code_and_token'
               CodeAndToken
             else
               raise BadRequest.new(:unsupported_response_type, "'#{params['response_type']}' isn't supported.", :state => state, :redirect_uri => redirect_uri)
@@ -64,4 +64,5 @@ module Rack
 end
 
 require 'rack/oauth2/server/authorization/code'
-require 'rack/oauth2/server/authorization/token'
+require 'rack/oauth2/server/authorization/token'
+require 'rack/oauth2/server/authorization/code_and_token'

data/lib/rack/oauth2/server/token/authorization_code.rb

@@ -11,20 +11,16 @@ module Rack
           end
 
           class Request < Token::Request
-            attr_accessor :code, :redirect_uri, :scope
+            attr_accessor :code
 
             def initialize(env)
               super
-              @grant_type   = 'authorization_code'
-              @code         = params['code']
-              @redirect_uri = URI.parse(params['redirect_uri'])
-              @scope        = Array(params['scope'].to_s.split(' '))
-            rescue URI::InvalidURIError
-              raise BadRequest.new(:invalid_request, 'Invalid redirect_uri format.')
+              @grant_type = 'authorization_code'
+              @code       = params['code']
             end
 
             def required_params
-              super + [:code, :redirect_uri]
+              super + [:code]
             end
           end
 

data/lib/rack/oauth2/server/token/refresh_token.rb

@@ -11,12 +11,16 @@ module Rack
           end
 
           class Request < Token::Request
+            attr_reader :refresh_token
+
             def initialize(env)
-              # TODO
+              super
+              @grant_type    = 'refresh_token'
+              @refresh_token = params['refresh_token']
             end
 
             def required_params
-              # TODO
+              super + [:refresh_token]
             end
           end
 

data/lib/rack/oauth2/server/token.rb

@@ -21,7 +21,7 @@ module Rack
           end
 
           def required_params
-            [:grant_type, :client_id]
+            super + [:grant_type]
           end
 
           def profile(allow_no_profile = false)
@@ -35,7 +35,7 @@ module Rack
             when 'refresh_token'
               RefreshToken
             else
-              raise BadRequest.new(:unsupported_grant_type, "'#{params['invalid_grant']}' isn't supported.")
+              raise BadRequest.new(:unsupported_grant_type, "'#{params['grant_type']}' isn't supported.")
             end
           end
         end
@@ -48,7 +48,9 @@ module Rack
             response[:expires_in] = expires_in if expires_in
             response[:refresh_token] = refresh_token if refresh_token
             response[:scope] = Array(scope).join(' ') if scope
-            [200, {'Content-Type' => "application/json"}, response.to_json]
+            write response.to_json
+            header['Content-Type'] = "application/json"
+            super
           end
         end
 

data/rack-oauth2.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{rack-oauth2}
-  s.version = "0.0.1"
+  s.version = "0.0.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["nov matake"]
@@ -42,9 +42,15 @@ Gem::Specification.new do |s|
      "lib/rack/oauth2/server/token/password.rb",
      "lib/rack/oauth2/server/token/refresh_token.rb",
      "rack-oauth2.gemspec",
+     "spec/rack/oauth2/server/authorization/code_and_token_spec.rb",
      "spec/rack/oauth2/server/authorization/code_spec.rb",
+     "spec/rack/oauth2/server/authorization/token_spec.rb",
      "spec/rack/oauth2/server/authorization_spec.rb",
      "spec/rack/oauth2/server/error_spec.rb",
+     "spec/rack/oauth2/server/token/authorization_code_spec.rb",
+     "spec/rack/oauth2/server/token/password_spec.rb",
+     "spec/rack/oauth2/server/token/refresh_token_spec.rb",
+     "spec/rack/oauth2/server/token_spec.rb",
      "spec/spec.opts",
      "spec/spec_helper.rb"
   ]
@@ -54,9 +60,15 @@ Gem::Specification.new do |s|
   s.rubygems_version = %q{1.3.7}
   s.summary = %q{Rack Middleware for OAuth2 Client & Server}
   s.test_files = [
-    "spec/rack/oauth2/server/authorization/code_spec.rb",
+    "spec/rack/oauth2/server/authorization/code_and_token_spec.rb",
+     "spec/rack/oauth2/server/authorization/code_spec.rb",
+     "spec/rack/oauth2/server/authorization/token_spec.rb",
      "spec/rack/oauth2/server/authorization_spec.rb",
      "spec/rack/oauth2/server/error_spec.rb",
+     "spec/rack/oauth2/server/token/authorization_code_spec.rb",
+     "spec/rack/oauth2/server/token/password_spec.rb",
+     "spec/rack/oauth2/server/token/refresh_token_spec.rb",
+     "spec/rack/oauth2/server/token_spec.rb",
      "spec/spec_helper.rb"
   ]
 

data/spec/rack/oauth2/server/authorization/code_and_token_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Authorization::CodeAndToken do
+
+  context "when authorized" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::CodeAndToken directly
+      @app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
+        response.approve!
+        response.code = "authorization_code"
+        response.access_token = "access_token"
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should redirect to redirect_uri with authorization code" do
+      response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback")
+      response.status.should == 302
+      response.location.should == "http://client.example.com/callback?code=authorization_code#access_token=access_token"
+    end
+
+  end
+
+  context "when denied" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
+        raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should redirect to redirect_uri with error message" do
+      response = @request.get("/?response_type=code_and_token&client_id=client&redirect_uri=http://client.example.com/callback")
+      response.status.should == 302
+      response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
+    end
+
+  end
+
+end

data/spec/rack/oauth2/server/authorization/code_spec.rb

@@ -31,7 +31,7 @@ describe Rack::OAuth2::Server::Authorization::Code do
       @request = Rack::MockRequest.new @app
     end
 
-    it "should redirect to redirect_uri with authorization code" do
+    it "should redirect to redirect_uri with error message" do
       response = @request.get("/?response_type=code&client_id=client&redirect_uri=http://client.example.com/callback")
       response.status.should == 302
       response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"

data/spec/rack/oauth2/server/authorization/token_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Authorization::Token do
+
+  context "when authorized" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
+      @app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
+        response.approve!
+        response.access_token = "access_token"
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should redirect to redirect_uri with authorization code" do
+      response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback")
+      response.status.should == 302
+      response.location.should == "http://client.example.com/callback#access_token=access_token"
+    end
+
+  end
+
+  context "when denied" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Authorization.new(simple_app) do |request, response|
+        raise Rack::OAuth2::Server::Unauthorized.new(:access_denied, 'User rejected the requested access.', :redirect_uri => request.redirect_uri)
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should redirect to redirect_uri with error message" do
+      response = @request.get("/?response_type=token&client_id=client&redirect_uri=http://client.example.com/callback")
+      response.status.should == 302
+      response.location.should == "http://client.example.com/callback?error_description=User+rejected+the+requested+access.&error=access_denied"
+    end
+
+  end
+
+end

data/spec/rack/oauth2/server/token/authorization_code_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Token::AuthorizationCode do
+
+  context "when valid code is given" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
+      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
+        response.access_token = "access_token"
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should return access_token as json response body" do
+      response = @request.get("/?grant_type=authorization_code&client_id=valid_client&code=valid_authorization_code&redirect_uri=http://client.example.com/callback")
+      response.status.should == 200
+      response.content_type.should == "application/json"
+      response.body.should == "{\"access_token\":\"access_token\"}"
+    end
+
+  end
+
+  context "when invalid code is given" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
+        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid authorization code.')
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should return error message as json response body" do
+      response = @request.get("/?grant_type=authorization_code&client_id=valid_client&code=invalid_authorization_code&redirect_uri=http://client.example.com/callback")
+      response.status.should == 401
+      response.content_type.should == "application/json"
+      response.body.should == "{\"error_description\":\"Invalid authorization code.\",\"error\":\"invalid_grant\"}"
+    end
+
+  end
+
+  context "when invalid client_id is given" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
+        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_client, 'Invalid client identifier.')
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should return error message as json response body" do
+      response = @request.get("/?grant_type=authorization_code&client_id=invalid_client&code=valid_authorization_code&redirect_uri=http://client.example.com/callback")
+      response.status.should == 401
+      response.content_type.should == "application/json"
+      response.body.should == "{\"error_description\":\"Invalid client identifier.\",\"error\":\"invalid_client\"}"
+    end
+
+  end
+
+end

data/spec/rack/oauth2/server/token/password_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Token::Password do
+
+  context "when valid resource owner credentials are given" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
+      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
+        response.access_token = "access_token"
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should return access_token as json response body" do
+      response = @request.get("/?grant_type=password&client_id=valid_client&username=nov&password=valid_pass")
+      response.status.should == 200
+      response.content_type.should == "application/json"
+      response.body.should == "{\"access_token\":\"access_token\"}"
+    end
+
+  end
+
+  context "when invalid resource owner credentials are given" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
+        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid resource owner credentials.')
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should return error message as json response body" do
+      response = @request.get("/?grant_type=password&client_id=valid_client&username=nov&password=invalid_pass")
+      response.status.should == 401
+      response.content_type.should == "application/json"
+      response.body.should == "{\"error_description\":\"Invalid resource owner credentials.\",\"error\":\"invalid_grant\"}"
+    end
+
+  end
+
+end

data/spec/rack/oauth2/server/token/refresh_token_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Token::RefreshToken do
+
+  context "when valid refresh_token is given" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Token directly
+      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
+        response.access_token = "access_token"
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should return access_token as json response body" do
+      response = @request.get("/?grant_type=refresh_token&client_id=valid_client&refresh_token=valid_refresh_token")
+      response.status.should == 200
+      response.content_type.should == "application/json"
+      response.body.should == "{\"access_token\":\"access_token\"}"
+    end
+
+  end
+
+  context "when invalid refresh_token is given" do
+
+    before do
+      # NOTE: for some reason, test fails when called Rack::OAuth2::Server::Authorization::Code directly
+      @app = Rack::OAuth2::Server::Token.new(simple_app) do |request, response|
+        raise Rack::OAuth2::Server::Unauthorized.new(:invalid_grant, 'Invalid refresh_token.')
+      end
+      @request = Rack::MockRequest.new @app
+    end
+
+    it "should return error message as json response body" do
+      response = @request.get("/?grant_type=refresh_token&client_id=valid_client&refresh_token=invalid_refresh_token")
+      response.status.should == 401
+      response.content_type.should == "application/json"
+      response.body.should == "{\"error_description\":\"Invalid refresh_token.\",\"error\":\"invalid_grant\"}"
+    end
+
+  end
+
+end

data/spec/rack/oauth2/server/token_spec.rb

@@ -0,0 +1,59 @@
+require 'spec_helper.rb'
+
+describe Rack::OAuth2::Server::Token do
+
+  before do
+    @app = Rack::OAuth2::Server::Token.new(simple_app)
+    @request = Rack::MockRequest.new @app
+  end
+
+  it "should support realm" do
+    app = Rack::OAuth2::Server::Token.new(simple_app, "server.example.com")
+    app.realm.should == "server.example.com"
+  end
+
+  context "when any required parameters are missing" do
+    it "should return invalid_request error" do
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?grant_type=authorization_code')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?grant_type=authorization_code&client_id=client')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?grant_type=authorization_code&redirect_uri=http://client.example.com/callback')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?client_id=client&redirect_uri=http://client.example.com/callback')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?grant_type=authorization_code&redirect_uri=http://client.example.com/callback')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?grant_type=authorization_code&client_id=client&redirect_uri=http://client.example.com/callback')
+      end
+      assert_error_response(:json, :invalid_request) do
+        @request.get('/?grant_type=authorization_code&code=authorization_code&redirect_uri=http://client.example.com/callback')
+      end
+    end
+  end
+
+  context "when unsupported grant_type is given" do
+    it "should return unsupported_response_type error" do
+      assert_error_response(:json, :unsupported_grant_type) do
+        @request.get('/?grant_type=hello&client_id=client&code=authorization_code&redirect_uri=http://client.example.com/callback')
+      end
+    end
+  end
+
+  context "when all required parameters are valid" do
+    it "should succeed" do
+      response = @request.get('/?grant_type=authorization_code&client_id=client&code=authorization_code&redirect_uri=http://client.example.com/callback')
+      response.status.should == 200
+    end
+  end
+
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-oauth2
 version: !ruby/object:Gem::Version 
-  hash: 29
+  hash: 27
   prerelease: false
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - nov matake
@@ -97,9 +97,15 @@ files:
 - lib/rack/oauth2/server/token/password.rb
 - lib/rack/oauth2/server/token/refresh_token.rb
 - rack-oauth2.gemspec
+- spec/rack/oauth2/server/authorization/code_and_token_spec.rb
 - spec/rack/oauth2/server/authorization/code_spec.rb
+- spec/rack/oauth2/server/authorization/token_spec.rb
 - spec/rack/oauth2/server/authorization_spec.rb
 - spec/rack/oauth2/server/error_spec.rb
+- spec/rack/oauth2/server/token/authorization_code_spec.rb
+- spec/rack/oauth2/server/token/password_spec.rb
+- spec/rack/oauth2/server/token/refresh_token_spec.rb
+- spec/rack/oauth2/server/token_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
 has_rdoc: true
@@ -137,7 +143,13 @@ signing_key:
 specification_version: 3
 summary: Rack Middleware for OAuth2 Client & Server
 test_files: 
+- spec/rack/oauth2/server/authorization/code_and_token_spec.rb
 - spec/rack/oauth2/server/authorization/code_spec.rb
+- spec/rack/oauth2/server/authorization/token_spec.rb
 - spec/rack/oauth2/server/authorization_spec.rb
 - spec/rack/oauth2/server/error_spec.rb
+- spec/rack/oauth2/server/token/authorization_code_spec.rb
+- spec/rack/oauth2/server/token/password_spec.rb
+- spec/rack/oauth2/server/token/refresh_token_spec.rb
+- spec/rack/oauth2/server/token_spec.rb
 - spec/spec_helper.rb