rack-oauth2 0.11.0 → 0.12.0

data/.gitignore

@@ -14,7 +14,7 @@ tmtags
 *.swp
 
 ## PROJECT::GENERAL
-coverage
+coverage*
 rdoc
 pkg
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rack-oauth2 (0.10.1)
+    rack-oauth2 (0.11.0)
       activesupport (>= 2.3)
       attr_required (>= 0.0.3)
       httpclient (>= 2.2.0.2)
@@ -12,43 +12,50 @@ PATH
 GEM
   remote: http://rubygems.org/
   specs:
-    activesupport (3.1.0)
+    activesupport (3.2.1)
+      i18n (~> 0.6)
       multi_json (~> 1.0)
     addressable (2.2.6)
     attr_required (0.0.3)
     bouncy-castle-java (1.5.0146.1)
-    crack (0.1.8)
+    configatron (2.9.0)
+      yamler (>= 0.1.0)
+    cover_me (1.2.0)
+      configatron
+      hashie
+    crack (0.3.1)
     diff-lcs (1.1.3)
-    httpclient (2.2.1)
+    hashie (1.2.0)
+    httpclient (2.2.4)
     i18n (0.6.0)
-    jruby-openssl (0.7.4)
-      bouncy-castle-java
-    json (1.6.0)
-    multi_json (1.0.3)
-    rack (1.3.2)
-    rake (0.9.2)
-    rcov (0.9.10)
-    rcov (0.9.10-java)
-    rspec (2.6.0)
-      rspec-core (~> 2.6.0)
-      rspec-expectations (~> 2.6.0)
-      rspec-mocks (~> 2.6.0)
-    rspec-core (2.6.4)
-    rspec-expectations (2.6.0)
+    jruby-openssl (0.7.5)
+      bouncy-castle-java (>= 1.5.0146.1)
+    json (1.6.5)
+    json (1.6.5-java)
+    multi_json (1.0.4)
+    rack (1.4.1)
+    rake (0.9.2.2)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
       diff-lcs (~> 1.1.2)
-    rspec-mocks (2.6.0)
-    webmock (1.7.6)
-      addressable (> 2.2.5, ~> 2.2)
+    rspec-mocks (2.8.0)
+    webmock (1.7.10)
+      addressable (~> 2.2, > 2.2.5)
       crack (>= 0.1.7)
+    yamler (0.1.0)
 
 PLATFORMS
   java
   ruby
 
 DEPENDENCIES
+  cover_me (>= 1.2.0)
   jruby-openssl (>= 0.7)
   rack-oauth2!
   rake (>= 0.8)
-  rcov (>= 0.9)
   rspec (>= 2)
   webmock (>= 1.6.2)

data/Rakefile

@@ -4,9 +4,16 @@ Bundler::GemHelper.install_tasks
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 
-RSpec::Core::RakeTask.new(:rcov) do |spec|
-  spec.rcov = true
-  spec.rcov_opts = ['-Ilib -Ispec --exclude spec,gems']
+if RUBY_VERSION >= '1.9'
+  require 'cover_me'
+  CoverMe.config do |c|
+    c.file_pattern = /(#{CoverMe.config.project.root}\/lib\/.+\.rb)/i
+  end
+else
+  RSpec::Core::RakeTask.new(:rcov) do |spec|
+    spec.rcov = true
+    spec.rcov_opts = ['-Ilib -Ispec --exclude spec,gems']
+  end
 end
 
 task :default => :spec

data/VERSION

@@ -1 +1 @@
-0.11.0
+0.12.0

data/lib/rack/oauth2/access_token/mac.rb

@@ -76,7 +76,7 @@ module Rack
         def generate_nonce
           [
             (Time.now.utc - @issued_at).to_i,
-            ActiveSupport::SecureRandom.hex
+            SecureRandom.hex
           ].join(':')
         end
       end

data/lib/rack/oauth2/client.rb

@@ -46,7 +46,7 @@ module Rack
       end
 
       def access_token!
-        params = @grant.to_hash
+        params = @grant.as_json
         params.merge!(
           :client_id => self.identifier,
           :client_secret => self.secret

data/lib/rack/oauth2/client/grant.rb

@@ -11,7 +11,7 @@ module Rack
           attr_missing!
         end
 
-        def to_hash
+        def as_json(options = {})
           (required_attributes + optional_attributes).inject({
             :grant_type => self.class.name.demodulize.underscore.to_sym
           }) do |hash, key|

data/lib/rack/oauth2/server/token.rb

@@ -6,11 +6,38 @@ module Rack
       class Token < Abstract::Handler
         def call(env)
           request = Request.new(env)
-          request.profile.new(&@authenticator).call(env).finish
+          grant_type_for(request).new(&@authenticator).call(env).finish
         rescue Rack::OAuth2::Server::Abstract::Error => e
           e.finish
         end
 
+        private
+
+        def grant_type_for(request)
+          case request.grant_type
+          when 'authorization_code'
+            AuthorizationCode
+          when 'password'
+            Password
+          when 'client_credentials'
+            ClientCredentials
+          when 'refresh_token'
+            RefreshToken
+          when ''
+            request.attr_missing!
+          else
+            extensions.detect do |extension|
+              extension.grant_type_for? request.grant_type
+            end || request.unsupported_grant_type!
+          end
+        end
+
+        def extensions
+          Extension.constants.sort.collect do |key|
+            Extension.const_get key
+          end
+        end
+
         class Request < Abstract::Request
           attr_required :grant_type
           attr_optional :client_secret
@@ -24,25 +51,7 @@ module Rack
               super
               @client_secret = params['client_secret']
             end
-            @grant_type = params['grant_type']
-          end
-
-          def profile
-            case params['grant_type'].to_s
-            when 'authorization_code'
-              AuthorizationCode
-            when 'password'
-              Password
-            when 'client_credentials'
-              ClientCredentials
-            when 'refresh_token'
-              RefreshToken
-            when ''
-              attr_missing!
-            else
-              # TODO: support extensions
-              unsupported_grant_type!("'#{params['grant_type']}' isn't supported.")
-            end
+            @grant_type = params['grant_type'].to_s
           end
         end
 
@@ -67,8 +76,9 @@ module Rack
   end
 end
 
-require 'rack/oauth2/server/token/error'
 require 'rack/oauth2/server/token/authorization_code'
 require 'rack/oauth2/server/token/password'
 require 'rack/oauth2/server/token/client_credentials'
-require 'rack/oauth2/server/token/refresh_token'
+require 'rack/oauth2/server/token/refresh_token'
+require 'rack/oauth2/server/token/extension'
+require 'rack/oauth2/server/token/error'

data/lib/rack/oauth2/server/token/extension.rb

@@ -0,0 +1,12 @@
+module Rack
+  module OAuth2
+    module Server
+      class Token
+        module Extension
+          # Define your extension in this namespace and load it explicitly.
+          # extension/assertion/jwt.rb would be good example for you.
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/token/extension/jwt.rb

@@ -0,0 +1,34 @@
+module Rack
+  module OAuth2
+    module Server
+      class Token
+        module Extension
+          class JWT < Abstract::Handler
+            class << self
+              def grant_type_for?(grant_type)
+                grant_type == 'urn:ietf:params:oauth:grant-type:jwt-bearer'
+              end
+            end
+
+            def call(env)
+              @request  = Request.new env
+              @response = Response.new request
+              super
+            end
+
+            class Request < Authorize::Token::Request
+              attr_required :assertion
+
+              def initialize(env)
+                super
+                @grant_type = :jwt
+                @assertion = params['assertion']
+                attr_missing!
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/rack-oauth2.gemspec

@@ -20,7 +20,11 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "i18n"
   s.add_runtime_dependency "attr_required", ">= 0.0.3"
   s.add_development_dependency "rake", ">= 0.8"
-  s.add_development_dependency "rcov", ">= 0.9"
+  if RUBY_VERSION >= '1.9'
+    s.add_development_dependency "cover_me", ">= 1.2.0"
+  else
+    s.add_development_dependency "rcov", ">= 0.9"
+  end
   s.add_development_dependency "rspec", ">= 2"
   s.add_development_dependency "webmock", ">= 1.6.2"
 end

data/spec/rack/oauth2/client/grant/authorization_code_spec.rb

@@ -15,7 +15,7 @@ describe Rack::OAuth2::Client::Grant::AuthorizationCode do
       end
       subject { grant.new attributes }
       its(:redirect_uri) { should == redirect_uri }
-      its(:to_hash) do
+      its(:as_json) do
         should == {:grant_type => :authorization_code, :code => 'code', :redirect_uri => redirect_uri}
       end
     end
@@ -23,7 +23,7 @@ describe Rack::OAuth2::Client::Grant::AuthorizationCode do
     context 'otherwise' do
       subject { grant.new attributes }
       its(:redirect_uri) { should be_nil }
-      its(:to_hash) do
+      its(:as_json) do
         should == {:grant_type => :authorization_code, :code => 'code', :redirect_uri => nil}
       end
     end

data/spec/rack/oauth2/client/grant/client_credentials_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Client::Grant::ClientCredentials do
-  its(:to_hash) do
+  its(:as_json) do
     should == {:grant_type => :client_credentials}
   end
 end

data/spec/rack/oauth2/client/grant/password_spec.rb

@@ -13,7 +13,7 @@ describe Rack::OAuth2::Client::Grant::Password do
         {:username => 'username', :password => 'password'}
       end
       subject { grant.new attributes }
-      its(:to_hash) do
+      its(:as_json) do
         should == {:grant_type => :password, :username => 'username', :password => 'password'}
       end
     end

data/spec/rack/oauth2/client/grant/refresh_token_spec.rb

@@ -8,7 +8,7 @@ describe Rack::OAuth2::Client::Grant::RefreshToken do
       {:refresh_token => 'refresh_token'}
     end
     subject { grant.new attributes }
-    its(:to_hash) do
+    its(:as_json) do
       should == {:grant_type => :refresh_token, :refresh_token => 'refresh_token'}
     end
   end

data/spec/rack/oauth2/server/authorize/code_spec.rb

@@ -4,7 +4,7 @@ describe Rack::OAuth2::Server::Authorize::Code do
   let(:request)            { Rack::MockRequest.new app }
   let(:redirect_uri)       { 'http://client.example.com/callback' }
   let(:authorization_code) { 'authorization_code' }  
-  let(:response)           { request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}" }
+  let(:response)           { request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}&state=state" }
 
   context 'when approved' do
     subject { response }
@@ -16,11 +16,11 @@ describe Rack::OAuth2::Server::Authorize::Code do
       end
     end
     its(:status)   { should == 302 }
-    its(:location) { should == "#{redirect_uri}?code=#{authorization_code}" }
+    its(:location) { should == "#{redirect_uri}?code=#{authorization_code}&state=state" }
 
     context 'when redirect_uri already includes query' do
       let(:redirect_uri) { 'http://client.example.com/callback?k=v' }
-      its(:location)     { should == "#{redirect_uri}&code=#{authorization_code}" }
+      its(:location)     { should == "#{redirect_uri}&code=#{authorization_code}&state=state" }
     end
 
     context 'when redirect_uri is missing' do
@@ -51,7 +51,7 @@ describe Rack::OAuth2::Server::Authorize::Code do
         :error => :access_denied,
         :error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
       }
-      response.location.should == "#{redirect_uri}?#{error_message.to_query}"
+      response.location.should == "#{redirect_uri}?#{error_message.to_query}&state=state"
     end
   end
 end

data/spec/rack/oauth2/server/authorize/token_spec.rb

@@ -4,7 +4,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
   let(:request)      { Rack::MockRequest.new app }
   let(:redirect_uri) { 'http://client.example.com/callback' }
   let(:access_token) { 'access_token' }
-  let(:response)     { request.get("/?response_type=token&client_id=client&redirect_uri=#{redirect_uri}") }
+  let(:response)     { request.get("/?response_type=token&client_id=client&redirect_uri=#{redirect_uri}&state=state") }
 
   context "when approved" do
     subject { response }
@@ -17,7 +17,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
       end
     end
     its(:status)   { should == 302 }
-    its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
+    its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&state=state&token_type=bearer" }
 
     context 'when refresh_token is given' do
       let :bearer_token do
@@ -26,7 +26,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
           :refresh_token => 'refresh'
         )
       end
-      its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
+      its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&state=state&token_type=bearer" }
     end
 
     context 'when redirect_uri is missing' do
@@ -67,7 +67,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
         :error => :access_denied,
         :error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
       }
-      response.location.should == "#{redirect_uri}##{error_message.to_query}"
+      response.location.should == "#{redirect_uri}##{error_message.to_query}&state=state"
     end
   end
 end

data/spec/rack/oauth2/server/authorize_spec.rb

@@ -117,7 +117,7 @@ describe Rack::OAuth2::Server::Authorize do
     end
   end
 
-  describe 'extensions' do
+  describe 'extensibility' do
     before do
       require 'rack/oauth2/server/authorize/extension/code_and_token'
     end

data/spec/rack/oauth2/server/token_spec.rb

@@ -100,4 +100,35 @@ describe Rack::OAuth2::Server::Token do
       end
     end
   end
+
+  describe 'extensibility' do
+    before do
+      require 'rack/oauth2/server/token/extension/jwt'
+    end
+
+    subject { app }
+    let(:env) do
+      Rack::MockRequest.env_for(
+        '/token',
+        :params => params
+      )
+    end
+    let(:request) { Rack::OAuth2::Server::Token::Request.new env }
+    its(:extensions) { should == [Rack::OAuth2::Server::Token::Extension::JWT] }
+
+    describe 'JWT assertion' do
+      let(:params) do
+        {
+          :grant_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+          :assertion => 'header.payload.signature'
+        }
+      end
+
+      it do
+        app.send(
+          :grant_type_for, request
+        ).should == Rack::OAuth2::Server::Token::Extension::JWT
+      end
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -1,3 +1,10 @@
+if RUBY_VERSION >= '1.9'
+  require 'cover_me'
+  at_exit do
+    CoverMe.complete!
+  end
+end
+
 require 'rspec'
 require 'rack/oauth2'
 require 'helpers/time'

metadata

@@ -1,137 +1,135 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rack-oauth2
-version: !ruby/object:Gem::Version 
+version: !ruby/object:Gem::Version
+  version: 0.12.0
   prerelease: 
-  version: 0.11.0
 platform: ruby
-authors: 
+authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-09-16 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-02-01 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rack
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &70151141124580 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "1.1"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '1.1'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: json
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141124580
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: &70151141124100 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.4.3
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: httpclient
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141124100
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: &70151141123620 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 2.2.0.2
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: activesupport
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141123620
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: &70151141123100 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "2.3"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '2.3'
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: i18n
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141123100
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: &70151141122640 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: attr_required
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141122640
+- !ruby/object:Gem::Dependency
+  name: attr_required
+  requirement: &70151141121940 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.0.3
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141121940
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70151141120640 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0.8"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0.8'
   type: :development
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: rcov
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141120640
+- !ruby/object:Gem::Dependency
+  name: cover_me
+  requirement: &70151141120120 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0.9"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.2.0
   type: :development
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141120120
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70151141113400 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "2"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '2'
   type: :development
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency 
-  name: webmock
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  version_requirements: *70151141113400
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: &70151141112480 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 1.6.2
   type: :development
-  version_requirements: *id010
-description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are supported.
+  prerelease: false
+  version_requirements: *70151141112480
+description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are
+  supported.
 email: nov@matake.jp
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - LICENSE
 - README.rdoc
-files: 
+files:
 - .document
 - .gitignore
 - .rspec
@@ -182,6 +180,8 @@ files:
 - lib/rack/oauth2/server/token/authorization_code.rb
 - lib/rack/oauth2/server/token/client_credentials.rb
 - lib/rack/oauth2/server/token/error.rb
+- lib/rack/oauth2/server/token/extension.rb
+- lib/rack/oauth2/server/token/extension/jwt.rb
 - lib/rack/oauth2/server/token/password.rb
 - lib/rack/oauth2/server/token/refresh_token.rb
 - lib/rack/oauth2/util.rb
@@ -235,32 +235,30 @@ files:
 - spec/spec_helper.rb
 homepage: http://github.com/nov/rack-oauth2
 licenses: []
-
 post_install_message: 
-rdoc_options: 
+rdoc_options:
 - --charset=UTF-8
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 1.8.12
 signing_key: 
 specification_version: 3
 summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported
-test_files: 
+test_files:
 - spec/helpers/time.rb
 - spec/helpers/webmock_helper.rb
 - spec/mock_response/errors/invalid_request.json