rack-oauth2 0.0.8 → 0.0.9
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/rack/oauth2/server/error.rb +11 -10
- data/rack-oauth2.gemspec +2 -2
- data/spec/rack/oauth2/server/error_spec.rb +9 -9
- data/spec/rack/oauth2/server/resource_spec.rb +5 -5
- metadata +4 -4
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.9
|
@@ -3,10 +3,10 @@ module Rack
|
|
3
3
|
module Server
|
4
4
|
|
5
5
|
class Error < StandardError
|
6
|
-
attr_accessor :
|
6
|
+
attr_accessor :status, :error, :description, :uri, :state, :scope, :redirect_uri, :realm
|
7
7
|
|
8
|
-
def initialize(
|
9
|
-
@
|
8
|
+
def initialize(status, error, description = "", options = {})
|
9
|
+
@status = status
|
10
10
|
@error = error
|
11
11
|
@description = description
|
12
12
|
@uri = options[:uri]
|
@@ -34,24 +34,25 @@ module Rack
|
|
34
34
|
}.delete_if do |key, value|
|
35
35
|
value.blank?
|
36
36
|
end
|
37
|
+
response = Rack::Response.new
|
37
38
|
case @channel
|
38
39
|
when :www_authenticate
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
[code, {'WWW-Authenticate' => "OAuth realm=\"#{realm}\" #{params.join(" ")}"}, []]
|
40
|
+
response.status = status
|
41
|
+
response.header['WWW-Authenticate'] = "OAuth realm='#{realm}' #{params.collect { |key, value| "#{key}='#{value.to_s}'" }.join(' ')}"
|
42
|
+
response.write params.to_json
|
43
43
|
when :query_string
|
44
44
|
redirect_uri.query = if redirect_uri.query
|
45
45
|
[redirect_uri.query, params.to_query].join('&')
|
46
46
|
else
|
47
47
|
params.to_query
|
48
48
|
end
|
49
|
-
response = Rack::Response.new
|
50
49
|
response.redirect redirect_uri.to_s
|
51
|
-
response.finish
|
52
50
|
when :json_body
|
53
|
-
|
51
|
+
response.status = status
|
52
|
+
response.header['Content-Type'] = 'application/json'
|
53
|
+
response.write params.to_json
|
54
54
|
end
|
55
|
+
response.finish
|
55
56
|
end
|
56
57
|
end
|
57
58
|
|
data/rack-oauth2.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{rack-oauth2}
|
8
|
-
s.version = "0.0.
|
8
|
+
s.version = "0.0.9"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["nov matake"]
|
12
|
-
s.date = %q{2010-09-
|
12
|
+
s.date = %q{2010-09-17}
|
13
13
|
s.description = %q{Rack Middleware for OAuth2 Client & Server, currently working on server code first.}
|
14
14
|
s.email = %q{nov@matake.jp}
|
15
15
|
s.extra_rdoc_files = [
|
@@ -5,8 +5,8 @@ describe Rack::OAuth2::Server::Error, '#finish' do
|
|
5
5
|
context "when state is given" do
|
6
6
|
it "should return state as error response" do
|
7
7
|
error = Rack::OAuth2::Server::Error.new(400, :invalid_request, "Something Invalid!!", :state => "anything")
|
8
|
-
status, header,
|
9
|
-
body.should match("\"state\":\"anything\"")
|
8
|
+
status, header, response = error.finish
|
9
|
+
response.body.to_s.should match("\"state\":\"anything\"")
|
10
10
|
end
|
11
11
|
end
|
12
12
|
|
@@ -21,7 +21,7 @@ describe Rack::OAuth2::Server::Error, '#finish' do
|
|
21
21
|
end
|
22
22
|
|
23
23
|
it "should redirect to redirect_uri with error message in query string" do
|
24
|
-
status, header,
|
24
|
+
status, header, response = @error.finish
|
25
25
|
status.should == 302
|
26
26
|
header['Content-Type'].should == "text/html"
|
27
27
|
header['Location'].should == "#{@params.delete(:redirect_uri)}?#{@params.to_query}"
|
@@ -38,9 +38,9 @@ describe Rack::OAuth2::Server::Error, '#finish' do
|
|
38
38
|
end
|
39
39
|
|
40
40
|
it "should return failure response with error message in WWW-Authenticate header" do
|
41
|
-
status, header,
|
41
|
+
status, header, response = @error.finish
|
42
42
|
status.should === 401
|
43
|
-
header['WWW-Authenticate'].should == "OAuth realm
|
43
|
+
header['WWW-Authenticate'].should == "OAuth realm='' error_description='Something invalid!!' error='invalid_request'"
|
44
44
|
end
|
45
45
|
end
|
46
46
|
|
@@ -54,9 +54,9 @@ describe Rack::OAuth2::Server::Error, '#finish' do
|
|
54
54
|
end
|
55
55
|
|
56
56
|
it "should return failure response with error message in json body" do
|
57
|
-
status, header,
|
57
|
+
status, header, response = @error.finish
|
58
58
|
status.should === 400
|
59
|
-
body.should == @params.to_json
|
59
|
+
response.body.to_s.should == @params.to_json
|
60
60
|
end
|
61
61
|
end
|
62
62
|
|
@@ -65,13 +65,13 @@ end
|
|
65
65
|
describe Rack::OAuth2::Server::BadRequest do
|
66
66
|
it "should use 400 as status" do
|
67
67
|
error = Rack::OAuth2::Server::BadRequest.new(:invalid_request)
|
68
|
-
error.
|
68
|
+
error.status.should == 400
|
69
69
|
end
|
70
70
|
end
|
71
71
|
|
72
72
|
describe Rack::OAuth2::Server::Unauthorized do
|
73
73
|
it "should use 400 as status" do
|
74
74
|
error = Rack::OAuth2::Server::Unauthorized.new(:invalid_request)
|
75
|
-
error.
|
75
|
+
error.status.should == 401
|
76
76
|
end
|
77
77
|
end
|
@@ -28,7 +28,7 @@ describe Rack::OAuth2::Server::Resource, '#call' do
|
|
28
28
|
context "when no access token is given" do
|
29
29
|
it "should skip OAuth 2.0 authentication" do
|
30
30
|
env = Rack::MockRequest.env_for("/protected_resource")
|
31
|
-
status, header,
|
31
|
+
status, header, response = @app.call(env)
|
32
32
|
status.should == 200
|
33
33
|
env[Rack::OAuth2::ACCESS_TOKEN].should be_nil
|
34
34
|
end
|
@@ -51,7 +51,7 @@ describe Rack::OAuth2::Server::Resource, '#call' do
|
|
51
51
|
it "should fail with expired_token error" do
|
52
52
|
response = @request.get("/protected_resource?oauth_token=expired_token")
|
53
53
|
response.status.should == 401
|
54
|
-
response.headers["WWW-Authenticate"].should == "OAuth realm
|
54
|
+
response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' error_description='Given access token has been expired.' error='expired_token'"
|
55
55
|
end
|
56
56
|
|
57
57
|
it "should not store access token in env" do
|
@@ -65,7 +65,7 @@ describe Rack::OAuth2::Server::Resource, '#call' do
|
|
65
65
|
it "should fail with invalid_token error" do
|
66
66
|
response = @request.get("/protected_resource?oauth_token=invalid_token")
|
67
67
|
response.status.should == 401
|
68
|
-
response.headers["WWW-Authenticate"].should == "OAuth realm
|
68
|
+
response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' error_description='Given access token is invalid.' error='invalid_token'"
|
69
69
|
end
|
70
70
|
|
71
71
|
it "should not store access token in env" do
|
@@ -79,13 +79,13 @@ describe Rack::OAuth2::Server::Resource, '#call' do
|
|
79
79
|
it "should fail with invalid_request error" do
|
80
80
|
response = @request.get("/protected_resource?oauth_token=invalid_token", "HTTP_AUTHORIZATION" => "OAuth valid_token")
|
81
81
|
response.status.should == 400
|
82
|
-
response.headers["WWW-Authenticate"].should == "OAuth realm
|
82
|
+
response.headers["WWW-Authenticate"].should == "OAuth realm='server.example.com' error_description='Both Authorization header and payload includes oauth_token.' error='invalid_request'"
|
83
83
|
end
|
84
84
|
end
|
85
85
|
|
86
86
|
context "when OAuth 1.0 Authorization header is given" do
|
87
87
|
it "should ignore the OAuth params" do
|
88
|
-
env = Rack::MockRequest.env_for("/protected_resource", "HTTP_AUTHORIZATION" => "OAuth realm
|
88
|
+
env = Rack::MockRequest.env_for("/protected_resource", "HTTP_AUTHORIZATION" => "OAuth realm='server.example.com' oauth_consumer_key='key' oauth_token='token' oauth_signature_method='HMAC-SHA1' oauth_signature='sig' oauth_timestamp='123456789' oauth_nonce='nonce'")
|
89
89
|
status, header, body = @app.call(env)
|
90
90
|
status.should == 200
|
91
91
|
env[Rack::OAuth2::ACCESS_TOKEN].should be_nil
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 13
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 9
|
10
|
+
version: 0.0.9
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- nov matake
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-09-
|
18
|
+
date: 2010-09-17 00:00:00 +09:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|