rack-oauth2 0.0.7 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/lib/rack/oauth2.rb +7 -1
- data/lib/rack/oauth2/server.rb +2 -1
- data/lib/rack/oauth2/server/abstract/handler.rb +1 -1
- data/lib/rack/oauth2/server/error.rb +22 -10
- data/lib/rack/oauth2/server/resource.rb +76 -0
- data/rack-oauth2.gemspec +4 -1
- data/spec/rack/oauth2/server/error_spec.rb +21 -13
- data/spec/rack/oauth2/server/resource_spec.rb +111 -0
- data/spec/rack/oauth2/server/token/assertion_spec.rb +1 -1
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +2 -2
- data/spec/rack/oauth2/server/token/password_spec.rb +1 -1
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +1 -1
- data/spec/rack/oauth2/server/token_spec.rb +54 -12
- data/spec/spec.opts +3 -1
- metadata +6 -3
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.8
|
data/lib/rack/oauth2.rb
CHANGED
data/lib/rack/oauth2/server.rb
CHANGED
@@ -3,7 +3,7 @@ module Rack
|
|
3
3
|
module Server
|
4
4
|
|
5
5
|
class Error < StandardError
|
6
|
-
attr_accessor :code, :error, :description, :uri, :redirect_uri, :
|
6
|
+
attr_accessor :code, :error, :description, :uri, :state, :scope, :redirect_uri, :realm
|
7
7
|
|
8
8
|
def initialize(code, error, description = "", options = {})
|
9
9
|
@code = code
|
@@ -11,7 +11,17 @@ module Rack
|
|
11
11
|
@description = description
|
12
12
|
@uri = options[:uri]
|
13
13
|
@state = options[:state]
|
14
|
+
@realm = options[:realm]
|
15
|
+
@scope = Array(options[:scope])
|
14
16
|
@redirect_uri = Util.parse_uri(options[:redirect_uri]) if options[:redirect_uri]
|
17
|
+
@www_authenticate =
|
18
|
+
@channel = if options[:www_authenticate].present?
|
19
|
+
:www_authenticate
|
20
|
+
elsif @redirect_uri.present?
|
21
|
+
:query_string
|
22
|
+
else
|
23
|
+
:json_body
|
24
|
+
end
|
15
25
|
end
|
16
26
|
|
17
27
|
def finish
|
@@ -19,11 +29,18 @@ module Rack
|
|
19
29
|
:error => error,
|
20
30
|
:error_description => description,
|
21
31
|
:error_uri => uri,
|
22
|
-
:state => state
|
32
|
+
:state => state,
|
33
|
+
:scope => scope.join(' ')
|
23
34
|
}.delete_if do |key, value|
|
24
35
|
value.blank?
|
25
36
|
end
|
26
|
-
|
37
|
+
case @channel
|
38
|
+
when :www_authenticate
|
39
|
+
params = params.collect do |key, value|
|
40
|
+
"#{key}=\"#{URI.encode value.to_s}\""
|
41
|
+
end
|
42
|
+
[code, {'WWW-Authenticate' => "OAuth realm=\"#{realm}\" #{params.join(" ")}"}, []]
|
43
|
+
when :query_string
|
27
44
|
redirect_uri.query = if redirect_uri.query
|
28
45
|
[redirect_uri.query, params.to_query].join('&')
|
29
46
|
else
|
@@ -32,7 +49,7 @@ module Rack
|
|
32
49
|
response = Rack::Response.new
|
33
50
|
response.redirect redirect_uri.to_s
|
34
51
|
response.finish
|
35
|
-
|
52
|
+
when :json_body
|
36
53
|
[code, {'Content-Type' => 'application/json'}, params.to_json]
|
37
54
|
end
|
38
55
|
end
|
@@ -40,12 +57,7 @@ module Rack
|
|
40
57
|
|
41
58
|
class Unauthorized < Error
|
42
59
|
def initialize(error, description = "", options = {})
|
43
|
-
|
44
|
-
401
|
45
|
-
else
|
46
|
-
400
|
47
|
-
end
|
48
|
-
super(status, error, description, options)
|
60
|
+
super(401, error, description, options)
|
49
61
|
end
|
50
62
|
end
|
51
63
|
|
@@ -0,0 +1,76 @@
|
|
1
|
+
require 'rack/auth/abstract/request'
|
2
|
+
|
3
|
+
module Rack
|
4
|
+
module OAuth2
|
5
|
+
module Server
|
6
|
+
class Resource < Abstract::Handler
|
7
|
+
|
8
|
+
def initialize(app, realm=nil, &authenticator)
|
9
|
+
@app = app
|
10
|
+
super(realm, &authenticator)
|
11
|
+
end
|
12
|
+
|
13
|
+
def call(env)
|
14
|
+
request = Request.new(env)
|
15
|
+
if request.oauth2?
|
16
|
+
authenticate!(request)
|
17
|
+
env[ACCESS_TOKEN] = request.access_token
|
18
|
+
end
|
19
|
+
@app.call(env)
|
20
|
+
rescue Error => e
|
21
|
+
e.realm = realm
|
22
|
+
e.finish
|
23
|
+
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def authenticate!(request)
|
28
|
+
@authenticator.call(request)
|
29
|
+
end
|
30
|
+
|
31
|
+
class Request < Rack::Request
|
32
|
+
|
33
|
+
def initialize(env)
|
34
|
+
@env = env
|
35
|
+
@auth_header = Rack::Auth::AbstractRequest.new(env)
|
36
|
+
end
|
37
|
+
|
38
|
+
def oauth2?
|
39
|
+
access_token.present?
|
40
|
+
end
|
41
|
+
|
42
|
+
def access_token
|
43
|
+
@access_token ||= case
|
44
|
+
when access_token_in_haeder.present? && access_token_in_payload.blank?
|
45
|
+
access_token_in_haeder
|
46
|
+
when access_token_in_haeder.blank? && access_token_in_payload.present?
|
47
|
+
access_token_in_payload
|
48
|
+
when access_token_in_haeder.present? && access_token_in_payload.present?
|
49
|
+
raise BadRequest.new(:invalid_request, 'Both Authorization header and payload includes oauth_token.', :www_authenticate => true)
|
50
|
+
else
|
51
|
+
nil
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def access_token_in_haeder
|
56
|
+
if @auth_header.provided? && @auth_header.scheme == :oauth && @auth_header.params !~ /oauth_signature_method/
|
57
|
+
@auth_header.params
|
58
|
+
else
|
59
|
+
nil
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def access_token_in_payload
|
64
|
+
if params['oauth_token'] && !params['oauth_signature_method']
|
65
|
+
params['oauth_token']
|
66
|
+
else
|
67
|
+
nil # This is OAuth1 request
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
end
|
72
|
+
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
data/rack-oauth2.gemspec
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{rack-oauth2}
|
8
|
-
s.version = "0.0.
|
8
|
+
s.version = "0.0.8"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["nov matake"]
|
@@ -37,6 +37,7 @@ Gem::Specification.new do |s|
|
|
37
37
|
"lib/rack/oauth2/server/authorize/code_and_token.rb",
|
38
38
|
"lib/rack/oauth2/server/authorize/token.rb",
|
39
39
|
"lib/rack/oauth2/server/error.rb",
|
40
|
+
"lib/rack/oauth2/server/resource.rb",
|
40
41
|
"lib/rack/oauth2/server/token.rb",
|
41
42
|
"lib/rack/oauth2/server/token/assertion.rb",
|
42
43
|
"lib/rack/oauth2/server/token/authorization_code.rb",
|
@@ -49,6 +50,7 @@ Gem::Specification.new do |s|
|
|
49
50
|
"spec/rack/oauth2/server/authorize/token_spec.rb",
|
50
51
|
"spec/rack/oauth2/server/authorize_spec.rb",
|
51
52
|
"spec/rack/oauth2/server/error_spec.rb",
|
53
|
+
"spec/rack/oauth2/server/resource_spec.rb",
|
52
54
|
"spec/rack/oauth2/server/token/assertion_spec.rb",
|
53
55
|
"spec/rack/oauth2/server/token/authorization_code_spec.rb",
|
54
56
|
"spec/rack/oauth2/server/token/password_spec.rb",
|
@@ -68,6 +70,7 @@ Gem::Specification.new do |s|
|
|
68
70
|
"spec/rack/oauth2/server/authorize/token_spec.rb",
|
69
71
|
"spec/rack/oauth2/server/authorize_spec.rb",
|
70
72
|
"spec/rack/oauth2/server/error_spec.rb",
|
73
|
+
"spec/rack/oauth2/server/resource_spec.rb",
|
71
74
|
"spec/rack/oauth2/server/token/assertion_spec.rb",
|
72
75
|
"spec/rack/oauth2/server/token/authorization_code_spec.rb",
|
73
76
|
"spec/rack/oauth2/server/token/password_spec.rb",
|
@@ -28,7 +28,23 @@ describe Rack::OAuth2::Server::Error, '#finish' do
|
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
31
|
-
context "when
|
31
|
+
context "when www_authenticate isn given" do
|
32
|
+
before do
|
33
|
+
@params = {
|
34
|
+
:error => :invalid_request,
|
35
|
+
:error_description => "Something invalid!!"
|
36
|
+
}
|
37
|
+
@error = Rack::OAuth2::Server::Error.new(401, @params[:error], @params[:error_description], :www_authenticate => true)
|
38
|
+
end
|
39
|
+
|
40
|
+
it "should return failure response with error message in WWW-Authenticate header" do
|
41
|
+
status, header, body = @error.finish
|
42
|
+
status.should === 401
|
43
|
+
header['WWW-Authenticate'].should == "OAuth realm=\"\" error_description=\"Something%20invalid!!\" error=\"invalid_request\""
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
context "when either redirect_uri nor www_authenticate isn't given" do
|
32
48
|
before do
|
33
49
|
@params = {
|
34
50
|
:error => :invalid_request,
|
@@ -39,6 +55,7 @@ describe Rack::OAuth2::Server::Error, '#finish' do
|
|
39
55
|
|
40
56
|
it "should return failure response with error message in json body" do
|
41
57
|
status, header, body = @error.finish
|
58
|
+
status.should === 400
|
42
59
|
body.should == @params.to_json
|
43
60
|
end
|
44
61
|
end
|
@@ -53,17 +70,8 @@ describe Rack::OAuth2::Server::BadRequest do
|
|
53
70
|
end
|
54
71
|
|
55
72
|
describe Rack::OAuth2::Server::Unauthorized do
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
error.code.should == 401
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
context "when payload isn't header" do
|
64
|
-
it "should use 400 as status" do
|
65
|
-
error = Rack::OAuth2::Server::Unauthorized.new(:invalid_request)
|
66
|
-
error.code.should == 400
|
67
|
-
end
|
73
|
+
it "should use 400 as status" do
|
74
|
+
error = Rack::OAuth2::Server::Unauthorized.new(:invalid_request)
|
75
|
+
error.code.should == 401
|
68
76
|
end
|
69
77
|
end
|
@@ -0,0 +1,111 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Rack::OAuth2::Server::Resource do
|
4
|
+
it "should support realm" do
|
5
|
+
app = Rack::OAuth2::Server::Resource.new(simple_app, "server.example.com")
|
6
|
+
app.realm.should == "server.example.com"
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
describe Rack::OAuth2::Server::Resource, '#call' do
|
11
|
+
|
12
|
+
before do
|
13
|
+
@app = Rack::OAuth2::Server::Resource.new(simple_app, "server.example.com") do |request|
|
14
|
+
case request.access_token
|
15
|
+
when "valid_token"
|
16
|
+
# nothing to do
|
17
|
+
when "insufficient_scope_token"
|
18
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:insufficient_scope, "More scope is required.", :www_authenticate => true)
|
19
|
+
when "expired_token"
|
20
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:expired_token, "Given access token has been expired.", :www_authenticate => true)
|
21
|
+
else
|
22
|
+
raise Rack::OAuth2::Server::Unauthorized.new(:invalid_token, "Given access token is invalid.", :www_authenticate => true)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
@request = Rack::MockRequest.new @app
|
26
|
+
end
|
27
|
+
|
28
|
+
context "when no access token is given" do
|
29
|
+
it "should skip OAuth 2.0 authentication" do
|
30
|
+
env = Rack::MockRequest.env_for("/protected_resource")
|
31
|
+
status, header, body = @app.call(env)
|
32
|
+
status.should == 200
|
33
|
+
env[Rack::OAuth2::ACCESS_TOKEN].should be_nil
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
context "when valid_token is given" do
|
38
|
+
it "should succeed" do
|
39
|
+
response = @request.get("/protected_resource?oauth_token=valid_token")
|
40
|
+
response.status.should == 200
|
41
|
+
end
|
42
|
+
|
43
|
+
it "should store access token in env" do
|
44
|
+
env = Rack::MockRequest.env_for("/protected_resource?oauth_token=valid_token")
|
45
|
+
@app.call(env)
|
46
|
+
env[Rack::OAuth2::ACCESS_TOKEN].should == "valid_token"
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
context "when expired_token is given" do
|
51
|
+
it "should fail with expired_token error" do
|
52
|
+
response = @request.get("/protected_resource?oauth_token=expired_token")
|
53
|
+
response.status.should == 401
|
54
|
+
response.headers["WWW-Authenticate"].should == "OAuth realm=\"server.example.com\" error_description=\"Given%20access%20token%20has%20been%20expired.\" error=\"expired_token\""
|
55
|
+
end
|
56
|
+
|
57
|
+
it "should not store access token in env" do
|
58
|
+
env = Rack::MockRequest.env_for("/protected_resource?oauth_token=expired_token")
|
59
|
+
@app.call(env)
|
60
|
+
env[Rack::OAuth2::ACCESS_TOKEN].should be_nil
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
context "when expired_token is given" do
|
65
|
+
it "should fail with invalid_token error" do
|
66
|
+
response = @request.get("/protected_resource?oauth_token=invalid_token")
|
67
|
+
response.status.should == 401
|
68
|
+
response.headers["WWW-Authenticate"].should == "OAuth realm=\"server.example.com\" error_description=\"Given%20access%20token%20is%20invalid.\" error=\"invalid_token\""
|
69
|
+
end
|
70
|
+
|
71
|
+
it "should not store access token in env" do
|
72
|
+
env = Rack::MockRequest.env_for("/protected_resource?oauth_token=invalid_token")
|
73
|
+
@app.call(env)
|
74
|
+
env[Rack::OAuth2::ACCESS_TOKEN].should be_nil
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
context "when multiple access_token is given" do
|
79
|
+
it "should fail with invalid_request error" do
|
80
|
+
response = @request.get("/protected_resource?oauth_token=invalid_token", "HTTP_AUTHORIZATION" => "OAuth valid_token")
|
81
|
+
response.status.should == 400
|
82
|
+
response.headers["WWW-Authenticate"].should == "OAuth realm=\"server.example.com\" error_description=\"Both%20Authorization%20header%20and%20payload%20includes%20oauth_token.\" error=\"invalid_request\""
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
context "when OAuth 1.0 Authorization header is given" do
|
87
|
+
it "should ignore the OAuth params" do
|
88
|
+
env = Rack::MockRequest.env_for("/protected_resource", "HTTP_AUTHORIZATION" => "OAuth realm=\"server.example.com\" oauth_consumer_key=\"key\" oauth_token=\"token\" oauth_signature_method=\"HMAC-SHA1\" oauth_signature=\"sig\" oauth_timestamp=\"123456789\" oauth_nonce=\"nonce\"")
|
89
|
+
status, header, body = @app.call(env)
|
90
|
+
status.should == 200
|
91
|
+
env[Rack::OAuth2::ACCESS_TOKEN].should be_nil
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
context "when OAuth 1.0 params is given" do
|
96
|
+
it "should ignore the OAuth params" do
|
97
|
+
env = Rack::MockRequest.env_for("/protected_resource", :params => {
|
98
|
+
:oauth_consumer_key => "key",
|
99
|
+
:oauth_token => "token",
|
100
|
+
:oauth_signature_method => "HMAC-SHA1",
|
101
|
+
:oauth_signature => "sig",
|
102
|
+
:oauth_timestamp => 123456789,
|
103
|
+
:oauth_nonce => "nonce"
|
104
|
+
})
|
105
|
+
status, header, body = @app.call(env)
|
106
|
+
status.should == 200
|
107
|
+
env[Rack::OAuth2::ACCESS_TOKEN].should be_nil
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
end
|
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token::Assertion do
|
|
43
43
|
:assertion => "invalid_assertion",
|
44
44
|
:assertion_type => "something"
|
45
45
|
})
|
46
|
-
response.status.should ==
|
46
|
+
response.status.should == 401
|
47
47
|
response.content_type.should == "application/json"
|
48
48
|
response.body.should == "{\"error_description\":\"Invalid assertion.\",\"error\":\"invalid_grant\"}"
|
49
49
|
end
|
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
|
43
43
|
:code => "invalid_authorization_code",
|
44
44
|
:redirect_uri => "http://client.example.com/callback"
|
45
45
|
})
|
46
|
-
response.status.should ==
|
46
|
+
response.status.should == 401
|
47
47
|
response.content_type.should == "application/json"
|
48
48
|
response.body.should == "{\"error_description\":\"Invalid authorization code.\",\"error\":\"invalid_grant\"}"
|
49
49
|
end
|
@@ -67,7 +67,7 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
|
67
67
|
:code => "valid_authorization_code",
|
68
68
|
:redirect_uri => "http://client.example.com/callback"
|
69
69
|
})
|
70
|
-
response.status.should ==
|
70
|
+
response.status.should == 401
|
71
71
|
response.content_type.should == "application/json"
|
72
72
|
response.body.should == "{\"error_description\":\"Invalid client identifier.\",\"error\":\"invalid_client\"}"
|
73
73
|
end
|
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token::Password do
|
|
43
43
|
:username => "nov",
|
44
44
|
:password => "invalid_pass"
|
45
45
|
})
|
46
|
-
response.status.should ==
|
46
|
+
response.status.should == 401
|
47
47
|
response.content_type.should == "application/json"
|
48
48
|
response.body.should == "{\"error_description\":\"Invalid resource owner credentials.\",\"error\":\"invalid_grant\"}"
|
49
49
|
end
|
@@ -41,7 +41,7 @@ describe Rack::OAuth2::Server::Token::RefreshToken do
|
|
41
41
|
:client_id => "valid_client",
|
42
42
|
:refresh_token => "invalid_refresh_token"
|
43
43
|
})
|
44
|
-
response.status.should ==
|
44
|
+
response.status.should == 401
|
45
45
|
response.content_type.should == "application/json"
|
46
46
|
response.body.should == "{\"error_description\":\"Invalid refresh_token.\",\"error\":\"invalid_grant\"}"
|
47
47
|
end
|
@@ -19,28 +19,50 @@ describe Rack::OAuth2::Server::Token::Request do
|
|
19
19
|
context "when any required parameters are missing" do
|
20
20
|
it "should return invalid_request error" do
|
21
21
|
assert_error_response(:json, :invalid_request) do
|
22
|
-
@request.
|
22
|
+
@request.post('/')
|
23
23
|
end
|
24
24
|
assert_error_response(:json, :invalid_request) do
|
25
|
-
@request.
|
25
|
+
@request.post('/', :params => {
|
26
|
+
:grant_type => "authorization_code"
|
27
|
+
})
|
26
28
|
end
|
27
29
|
assert_error_response(:json, :invalid_request) do
|
28
|
-
@request.
|
30
|
+
@request.post('/', :params => {
|
31
|
+
:grant_type => "authorization_code",
|
32
|
+
:client_id => "client"
|
33
|
+
})
|
29
34
|
end
|
30
35
|
assert_error_response(:json, :invalid_request) do
|
31
|
-
@request.
|
36
|
+
@request.post('/', :params => {
|
37
|
+
:grant_type => "authorization_code",
|
38
|
+
:redirect_uri => "http://client.example.com/callback"
|
39
|
+
})
|
32
40
|
end
|
33
41
|
assert_error_response(:json, :invalid_request) do
|
34
|
-
@request.
|
42
|
+
@request.post('/', :params => {
|
43
|
+
:client_id => "client",
|
44
|
+
:redirect_uri => "http://client.example.com/callback"
|
45
|
+
})
|
35
46
|
end
|
36
47
|
assert_error_response(:json, :invalid_request) do
|
37
|
-
@request.
|
48
|
+
@request.post('/', :params => {
|
49
|
+
:grant_type => "authorization_code",
|
50
|
+
:redirect_uri => "http://client.example.com/callback"
|
51
|
+
})
|
38
52
|
end
|
39
53
|
assert_error_response(:json, :invalid_request) do
|
40
|
-
@request.
|
54
|
+
@request.post('/', :params => {
|
55
|
+
:grant_type => "authorization_code",
|
56
|
+
:client_id => "client",
|
57
|
+
:redirect_uri => "http://client.example.com/callback"
|
58
|
+
})
|
41
59
|
end
|
42
60
|
assert_error_response(:json, :invalid_request) do
|
43
|
-
@request.
|
61
|
+
@request.post('/', :params => {
|
62
|
+
:grant_type => "authorization_code",
|
63
|
+
:code => "authorization_code",
|
64
|
+
:redirect_uri => "http://client.example.com/callback"
|
65
|
+
})
|
44
66
|
end
|
45
67
|
end
|
46
68
|
end
|
@@ -48,14 +70,24 @@ describe Rack::OAuth2::Server::Token::Request do
|
|
48
70
|
context "when unsupported grant_type is given" do
|
49
71
|
it "should return unsupported_response_type error" do
|
50
72
|
assert_error_response(:json, :unsupported_grant_type) do
|
51
|
-
@request.
|
73
|
+
@request.post('/', :params => {
|
74
|
+
:grant_type => "hello",
|
75
|
+
:client_id => "client",
|
76
|
+
:code => "authorization_code",
|
77
|
+
:redirect_uri => "http://client.example.com/callback"
|
78
|
+
})
|
52
79
|
end
|
53
80
|
end
|
54
81
|
end
|
55
82
|
|
56
83
|
context "when all required parameters are valid" do
|
57
84
|
it "should succeed" do
|
58
|
-
response = @request.
|
85
|
+
response = @request.post('/', :params => {
|
86
|
+
:grant_type => "authorization_code",
|
87
|
+
:client_id => "client",
|
88
|
+
:code => "authorization_code",
|
89
|
+
:redirect_uri => "http://client.example.com/callback"
|
90
|
+
})
|
59
91
|
response.status.should == 200
|
60
92
|
end
|
61
93
|
end
|
@@ -75,7 +107,12 @@ describe Rack::OAuth2::Server::Token::Response do
|
|
75
107
|
|
76
108
|
it "should raise an error" do
|
77
109
|
lambda do
|
78
|
-
@request.
|
110
|
+
@request.post('/', :params => {
|
111
|
+
:grant_type => "authorization_code",
|
112
|
+
:client_id => "client",
|
113
|
+
:code => "authorization_code",
|
114
|
+
:redirect_uri => "http://client.example.com/callback"
|
115
|
+
})
|
79
116
|
end.should raise_error(StandardError)
|
80
117
|
end
|
81
118
|
|
@@ -91,7 +128,12 @@ describe Rack::OAuth2::Server::Token::Response do
|
|
91
128
|
end
|
92
129
|
|
93
130
|
it "should succeed" do
|
94
|
-
response = @request.
|
131
|
+
response = @request.post('/', :params => {
|
132
|
+
:grant_type => "authorization_code",
|
133
|
+
:client_id => "client",
|
134
|
+
:code => "authorization_code",
|
135
|
+
:redirect_uri => "http://client.example.com/callback"
|
136
|
+
})
|
95
137
|
response.status.should == 200
|
96
138
|
end
|
97
139
|
|
data/spec/spec.opts
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 15
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 8
|
10
|
+
version: 0.0.8
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- nov matake
|
@@ -92,6 +92,7 @@ files:
|
|
92
92
|
- lib/rack/oauth2/server/authorize/code_and_token.rb
|
93
93
|
- lib/rack/oauth2/server/authorize/token.rb
|
94
94
|
- lib/rack/oauth2/server/error.rb
|
95
|
+
- lib/rack/oauth2/server/resource.rb
|
95
96
|
- lib/rack/oauth2/server/token.rb
|
96
97
|
- lib/rack/oauth2/server/token/assertion.rb
|
97
98
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
@@ -104,6 +105,7 @@ files:
|
|
104
105
|
- spec/rack/oauth2/server/authorize/token_spec.rb
|
105
106
|
- spec/rack/oauth2/server/authorize_spec.rb
|
106
107
|
- spec/rack/oauth2/server/error_spec.rb
|
108
|
+
- spec/rack/oauth2/server/resource_spec.rb
|
107
109
|
- spec/rack/oauth2/server/token/assertion_spec.rb
|
108
110
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
109
111
|
- spec/rack/oauth2/server/token/password_spec.rb
|
@@ -151,6 +153,7 @@ test_files:
|
|
151
153
|
- spec/rack/oauth2/server/authorize/token_spec.rb
|
152
154
|
- spec/rack/oauth2/server/authorize_spec.rb
|
153
155
|
- spec/rack/oauth2/server/error_spec.rb
|
156
|
+
- spec/rack/oauth2/server/resource_spec.rb
|
154
157
|
- spec/rack/oauth2/server/token/assertion_spec.rb
|
155
158
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
156
159
|
- spec/rack/oauth2/server/token/password_spec.rb
|