rack-oauth2 0.9.5 → 0.10.0.alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/Gemfile.lock +1 -2
  2. data/VERSION +1 -1
  3. data/lib/rack/oauth2/server/authorize.rb +9 -4
  4. data/lib/rack/oauth2/util.rb +7 -2
  5. data/spec/rack/oauth2/server/authorize_spec.rb +52 -4
  6. metadata +3 -3
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rack-oauth2 (0.9.4)
4
+ rack-oauth2 (0.9.5)
5
5
  activesupport (>= 2.3)
6
6
  attr_required (>= 0.0.3)
7
7
  httpclient (>= 2.2.0.2)
@@ -24,7 +24,6 @@ GEM
24
24
  jruby-openssl (0.7.4)
25
25
  bouncy-castle-java
26
26
  json (1.5.4)
27
- json (1.5.4-java)
28
27
  multi_json (1.0.3)
29
28
  rack (1.3.2)
30
29
  rake (0.9.2)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.9.5
1
+ 0.10.0.alpha
data/lib/rack/oauth2/server/authorize.rb CHANGED
@@ -46,15 +46,20 @@ module Rack
46
46
  @state = params['state']
47
47
  end
48
48
 
49
- def verify_redirect_uri!(pre_registered)
49
+ def verify_redirect_uri!(pre_registered, allow_partial_match = false)
50
50
  @verified_redirect_uri = if redirect_uri.present?
51
- if Util.uri_match?(pre_registered, redirect_uri)
51
+ verified = Array(pre_registered).any? do |_pre_registered_|
52
+ Util.uri_match?(_pre_registered_, redirect_uri, allow_partial_match)
53
+ end
54
+ if verified
52
55
  redirect_uri
53
56
  else
54
- bad_request!
57
+ bad_request! 'Invalid redirect_uri is given'
55
58
  end
56
- else
59
+ elsif pre_registered.present?
57
60
  pre_registered
61
+ else
62
+ bad_request! 'No redirect_uri is given'
58
63
  end
59
64
  self.verified_redirect_uri.to_s
60
65
  end
data/lib/rack/oauth2/util.rb CHANGED
@@ -40,14 +40,19 @@ module Rack
40
40
  redirect_uri.to_s
41
41
  end
42
42
 
43
- def uri_match?(base, given)
43
+ def uri_match?(base, given, allow_partial_match = true)
44
44
  base = parse_uri(base)
45
45
  given = parse_uri(given)
46
46
  base.path = '/' if base.path.blank?
47
47
  given.path = '/' if given.path.blank?
48
+ path_match = if allow_partial_match
49
+ /^#{base.path}/ =~ given.path
50
+ else
51
+ base.path == given.path
52
+ end
48
53
  [:scheme, :host, :port].all? do |key|
49
54
  base.send(key) == given.send(key)
50
- end && /^#{base.path}/ =~ given.path
55
+ end && path_match
51
56
  rescue
52
57
  false
53
58
  end
data/spec/rack/oauth2/server/authorize_spec.rb CHANGED
@@ -42,25 +42,73 @@ describe Rack::OAuth2::Server::Authorize do
42
42
  describe Rack::OAuth2::Server::Authorize::Request do
43
43
  let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client&redirect_uri=#{redirect_uri}") }
44
44
  let(:request) { Rack::OAuth2::Server::Authorize::Request.new env }
45
- let(:pre_registered) { 'http://client.example.com' }
46
45
 
47
46
  describe '#varified_redirect_uri' do
48
- context 'when valid redirect_uri is given' do
49
- it 'should use given redirect_uri' do
47
+ context 'when an Array of pre-registered URIs are given' do
48
+ context 'when given redirect_uri is valid against one of them' do
49
+ let :pre_registered do
50
+ [
51
+ redirect_uri,
52
+ 'http://ja.client.example.com/callback',
53
+ 'http://en.client.example.com/callback'
54
+ ]
55
+ end
56
+ it 'should be valid' do
57
+ request.verify_redirect_uri!(pre_registered).should == redirect_uri
58
+ end
59
+ end
60
+
61
+ context 'otherwise' do
62
+ let :pre_registered do
63
+ [
64
+ 'http://ja.client.example.com/callback',
65
+ 'http://en.client.example.com/callback'
66
+ ]
67
+ end
68
+ it do
69
+ expect do
70
+ request.verify_redirect_uri!(pre_registered)
71
+ end.should raise_error Rack::OAuth2::Server::Authorize::BadRequest
72
+ end
73
+ end
74
+ end
75
+
76
+ context 'when exact mathed redirect_uri is given' do
77
+ let(:pre_registered) { redirect_uri }
78
+ it 'should be valid' do
50
79
  request.verify_redirect_uri!(pre_registered).should == redirect_uri
51
80
  end
52
81
  end
53
82
 
83
+ context 'when partially mathed redirect_uri is given' do
84
+ let(:pre_registered) { 'http://client.example.com' }
85
+
86
+ context 'when partial matching allowed' do
87
+ it 'should be valid' do
88
+ request.verify_redirect_uri!(pre_registered, :allow_partial_match).should == redirect_uri
89
+ end
90
+ end
91
+
92
+ context 'otherwise' do
93
+ it do
94
+ expect do
95
+ request.verify_redirect_uri!(pre_registered)
96
+ end.should raise_error Rack::OAuth2::Server::Authorize::BadRequest
97
+ end
98
+ end
99
+ end
100
+
54
101
  context 'when invalid redirect_uri is given' do
55
102
  let(:pre_registered) { 'http://client2.example.com' }
56
103
  it do
57
104
  expect do
58
- request.verify_redirect_uri!(pre_registered).should == pre_registered
105
+ request.verify_redirect_uri!(pre_registered)
59
106
  end.should raise_error Rack::OAuth2::Server::Authorize::BadRequest
60
107
  end
61
108
  end
62
109
 
63
110
  context 'when redirect_uri is missing' do
111
+ let(:pre_registered) { redirect_uri }
64
112
  let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client") }
65
113
  it 'should use pre-registered redirect_uri' do
66
114
  request.verify_redirect_uri!(pre_registered).should == pre_registered
metadata CHANGED
@@ -1,8 +1,8 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- prerelease:
5
- version: 0.9.5
4
+ prerelease: 7
5
+ version: 0.10.0.alpha
6
6
  platform: ruby
7
7
  authors:
8
8
  - nov matake
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2011-09-11 00:00:00 Z
13
+ date: 2011-09-13 00:00:00 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rack