rack-oauth2 0.6.3 → 0.6.4

data/README.rdoc

@@ -6,8 +6,8 @@ Both Bearer and MAC token type are supported.
 The OAuth 2.0 Authorization Protocol (draft 15)
 http://tools.ietf.org/html/draft-ietf-oauth-v2-15
 
-The OAuth 2.0 Protocol: Bearer Tokens (draft 03)
-http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-03
+The OAuth 2.0 Protocol: Bearer Tokens (draft 04)
+http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04
 
 HTTP Authentication: MAC Authentication (draft 02)
 http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-02
@@ -42,7 +42,7 @@ http://github.com/nov/rack-oauth2-sample-mac
 
 == Sample Client
 
-=== Bearer
+=== Common between Bearer and MAC
 
 Authorization Request (request_type: 'code' and 'token')
 https://gist.github.com/862393
@@ -50,12 +50,15 @@ https://gist.github.com/862393
 Token Request (grant_type: 'client_credentials', 'password', 'authorization_code' and 'refresh_token')
 https://gist.github.com/883541
 
+=== Bearer
+
 Resource Request (request both for resource owner resource and for client resource)
 https://gist.github.com/883575
 
 === MAC
 
-Coming soon..
+Resource Request (request both for resource owner resource and for client resource)
+https://gist.github.com/933885
 
 == Note on Patches/Pull Requests
  

data/VERSION

@@ -1 +1 @@
-0.6.3
+0.6.4

data/lib/rack/oauth2/access_token/mac.rb

@@ -88,12 +88,12 @@ module Rack
         end
 
         def authorization_header
-          header = "MAC "
-          header << "token=\"#{access_token}\","
-          header << "timestamp=\"#{timestamp}\","
-          header << "nonce=\"#{nonce}\","
-          header << "bodyhash=\"#{body_hash}\"," if self.body_hash.present?
-          header << "signature=\"#{signature}\""
+          header = "MAC"
+          header << " token=\"#{access_token}\","
+          header << " timestamp=\"#{timestamp}\","
+          header << " nonce=\"#{nonce}\","
+          header << " bodyhash=\"#{body_hash}\"," if self.body_hash.present?
+          header << " signature=\"#{signature}\""
         end
 
         def generate_nonce

data/lib/rack/oauth2/client.rb

@@ -67,7 +67,15 @@ module Rack
 
       def handle_response
         response = yield
-        JSON.parse(response.body).with_indifferent_access
+        token_hash = JSON.parse(response.body).with_indifferent_access
+        case token_hash[:token_type]
+        when 'bearer'
+          AccessToken::Bearer.new(token_hash)
+        when 'mac'
+          AccessToken::MAC.new(token_hash)
+        else
+          token_hash
+        end
       rescue JSON::ParserError
         # NOTE: Facebook support (They don't use JSON as token response)
         Rack::Utils.parse_nested_query(response.body).with_indifferent_access

data/lib/rack/oauth2/server/resource/error.rb

@@ -15,9 +15,9 @@ module Rack
               self.realm ||= DEFAULT_REALM
               header = response.header['WWW-Authenticate'] = "#{scheme} realm=\"#{realm}\""
               if ErrorMethods::DEFAULT_DESCRIPTION.keys.include?(error)
-                header << ",error=\"#{error}\""
-                header << ",error_description=\"#{description}\"" if description.present?
-                header << ",error_uri=\"#{uri}\""                 if uri.present?
+                header << ", error=\"#{error}\""
+                header << ", error_description=\"#{description}\"" if description.present?
+                header << ", error_uri=\"#{uri}\""                 if uri.present?
               end
             end
           end

data/spec/fake_response/{token.json → tokens/bearer.json}

@@ -1,5 +1,6 @@
 {
   "access_token":"access_token",
+  "refresh_token":"refresh_token",
   "token_type":"bearer",
   "expires_in":3600
 }

data/spec/fake_response/tokens/legacy.json

@@ -0,0 +1,5 @@
+{
+  "access_token":"access_token",
+  "refresh_token":"refresh_token",
+  "expires_in":3600
+}

data/spec/fake_response/tokens/mac.json

@@ -0,0 +1,8 @@
+{
+  "token_type":"mac",
+  "algorithm":"hmac-sha-256",
+  "expires_in":3600,
+  "secret":"secret",
+  "refresh_token":"refresh_token",
+  "access_token":"access_token"
+}

data/spec/rack/oauth2/access_token/mac_spec.rb

@@ -37,7 +37,7 @@ describe Rack::OAuth2::AccessToken::MAC do
         Time.fix(Time.at(1302361200)) do
           RestClient.should_receive(:get).with(
             resource_endpoint,
-            :AUTHORIZATION => "MAC token=\"access_token\",timestamp=\"1302361200\",nonce=\"51e74de734c05613f37520872e68db5f\",signature=\"yYDSkZMrEbOOqj0anHNLA9ougNA+lxU0zmPiMSPtmJ8=\""
+            :AUTHORIZATION => "MAC token=\"access_token\", timestamp=\"1302361200\", nonce=\"51e74de734c05613f37520872e68db5f\", signature=\"yYDSkZMrEbOOqj0anHNLA9ougNA+lxU0zmPiMSPtmJ8=\""
           )
           token.get resource_endpoint
         end
@@ -50,7 +50,7 @@ describe Rack::OAuth2::AccessToken::MAC do
           RestClient.should_receive(:post).with(
             resource_endpoint,
             {:key => :value},
-            {:AUTHORIZATION => "MAC token=\"access_token\",timestamp=\"1302361200\",nonce=\"51e74de734c05613f37520872e68db5f\",bodyhash=\"Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=\",signature=\"xRvIiA+rmjhPjULVpyCCgiHEsOkLEHZik4ZaB+cyqgk=\""}
+            {:AUTHORIZATION => "MAC token=\"access_token\", timestamp=\"1302361200\", nonce=\"51e74de734c05613f37520872e68db5f\", bodyhash=\"Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=\", signature=\"xRvIiA+rmjhPjULVpyCCgiHEsOkLEHZik4ZaB+cyqgk=\""}
           )
           token.post resource_endpoint, :key => :value
         end
@@ -63,7 +63,7 @@ describe Rack::OAuth2::AccessToken::MAC do
           RestClient.should_receive(:put).with(
             resource_endpoint,
             {:key => :value},
-            {:AUTHORIZATION => "MAC token=\"access_token\",timestamp=\"1302361200\",nonce=\"51e74de734c05613f37520872e68db5f\",bodyhash=\"Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=\",signature=\"2lWgkUCtD9lNBlDi5fe9eVDwEwbxfLGAqjgykaSV1ww=\""}
+            {:AUTHORIZATION => "MAC token=\"access_token\", timestamp=\"1302361200\", nonce=\"51e74de734c05613f37520872e68db5f\", bodyhash=\"Vj8DVxGNBe8UXWvd8pZswj6Gyo8vAT+RXlZa/fCfeiM=\", signature=\"2lWgkUCtD9lNBlDi5fe9eVDwEwbxfLGAqjgykaSV1ww=\""}
           )
           token.put resource_endpoint, :key => :value
         end
@@ -75,7 +75,7 @@ describe Rack::OAuth2::AccessToken::MAC do
         Time.fix(Time.at(1302361200)) do
           RestClient.should_receive(:delete).with(
             resource_endpoint,
-            :AUTHORIZATION => "MAC token=\"access_token\",timestamp=\"1302361200\",nonce=\"51e74de734c05613f37520872e68db5f\",signature=\"PX2GhHuo5yYNEs51e4Zlllw8itQ4Te0v+6ZuRCK7k+s=\""
+            :AUTHORIZATION => "MAC token=\"access_token\", timestamp=\"1302361200\", nonce=\"51e74de734c05613f37520872e68db5f\", signature=\"PX2GhHuo5yYNEs51e4Zlllw8itQ4Te0v+6ZuRCK7k+s=\""
           )
           token.delete resource_endpoint
         end
@@ -90,7 +90,7 @@ describe Rack::OAuth2::AccessToken::MAC do
       let(:env) do
         Rack::MockRequest.env_for(
           '/protected_resources',
-          'HTTP_AUTHORIZATION' => "MAC token=\"access_token\",timestamp=\"1302361200\",nonce=\"51e74de734c05613f37520872e68db5f\",signature=\"#{signature}\""
+          'HTTP_AUTHORIZATION' => "MAC token=\"access_token\", timestamp=\"1302361200\", nonce=\"51e74de734c05613f37520872e68db5f\", signature=\"#{signature}\""
         )
       end
 
@@ -122,7 +122,7 @@ describe Rack::OAuth2::AccessToken::MAC do
           :params => {
             :key1 => 'value1'
           },
-          'HTTP_AUTHORIZATION' => "MAC token=\"access_token\",timestamp=\"1302361200\",nonce=\"51e74de734c05613f37520872e68db5f\",bodyhash=\"#{body_hash}\",signature=\"#{signature}\""
+          'HTTP_AUTHORIZATION' => "MAC token=\"access_token\", timestamp=\"1302361200\", nonce=\"51e74de734c05613f37520872e68db5f\", bodyhash=\"#{body_hash}\", signature=\"#{signature}\""
         )
       end
       let(:signature) { 'invalid' }

data/spec/rack/oauth2/client_spec.rb

@@ -72,44 +72,68 @@ describe Rack::OAuth2::Client do
   end
 
   describe '#access_token!' do
-    before  do
-      client.authorization_code = 'code'
-      fake_response(
-        :post,
-        'https://server.example.com/oauth2/token',
-        'token.json'
-      )
+    subject { client.access_token! }
+
+    context 'when bearer token is given' do
+      before  do
+        client.authorization_code = 'code'
+        fake_response(
+          :post,
+          'https://server.example.com/oauth2/token',
+          'tokens/bearer.json'
+        )
+      end
+      it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
+      its(:token_type) { should == :bearer }
+      its(:access_token) { should == 'access_token' }
+      its(:refresh_token) { should == 'refresh_token' }
+      its(:expires_in) { should == 3600 }
     end
-    it do
-      client.access_token!.should == {
-        'access_token' => 'access_token',
-        'token_type' => 'bearer',
-        'expires_in' => 3600
-      }
+
+    context 'when mac token is given' do
+      before  do
+        client.authorization_code = 'code'
+        fake_response(
+          :post,
+          'https://server.example.com/oauth2/token',
+          'tokens/mac.json'
+        )
+      end
+      it { should be_instance_of Rack::OAuth2::AccessToken::MAC }
+      its(:token_type) { should == :mac }
+      its(:access_token) { should == 'access_token' }
+      its(:refresh_token) { should == 'refresh_token' }
+      its(:expires_in) { should == 3600 }
     end
 
-    context 'when error response is given' do
-      before do
+    context 'when legacy-style (JSON) token is given' do
+      before  do
+        client.authorization_code = 'code'
         fake_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'invalid_request.json',
-          :status => 400
+          'tokens/legacy.json'
         )
       end
+      it { should be_instance_of ActiveSupport::HashWithIndifferentAccess }
       it do
-        expect { client.access_token! }.should raise_error Rack::OAuth2::Client::Error
+        client.access_token!.should == {
+          'access_token' => 'access_token',
+          'refresh_token' => 'refresh_token',
+          'expires_in' => 3600
+        }
       end
     end
 
-    context 'when key-value response is given' do
+    context 'when legacy-style (key-value) response is given' do
       before do
         fake_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'facebook_token_response.txt'
+          'tokens/legacy.txt'
         )
       end
+      it { should be_instance_of ActiveSupport::HashWithIndifferentAccess }
       it do
         client.access_token!.should == {
           'access_token' => 'access_token',
@@ -117,5 +141,19 @@ describe Rack::OAuth2::Client do
         }
       end
     end
+
+    context 'when error response is given' do
+      before do
+        fake_response(
+          :post,
+          'https://server.example.com/oauth2/token',
+          'errors/invalid_request.json',
+          :status => 400
+        )
+      end
+      it do
+        expect { client.access_token! }.should raise_error Rack::OAuth2::Client::Error
+      end
+    end
   end
 end

data/spec/rack/oauth2/server/resource/error_spec.rb

@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         status, header, response = error_with_scheme.finish
         status.should == 401
         header['Content-Type'].should == 'application/json'
-        header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\",error=\"invalid_token\""
+        header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
         response.body.should == ['{"error":"invalid_token"}']
       end
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack-oauth2
 version: !ruby/object:Gem::Version 
-  hash: 1
+  hash: 15
   prerelease: 
   segments: 
   - 0
   - 6
-  - 3
-  version: 0.6.3
+  - 4
+  version: 0.6.4
 platform: ruby
 authors: 
 - nov matake
@@ -223,10 +223,12 @@ files:
 - lib/rack/oauth2/server/token/refresh_token.rb
 - lib/rack/oauth2/util.rb
 - rack-oauth2.gemspec
-- spec/fake_response/facebook_token_response.txt
-- spec/fake_response/invalid_request.json
+- spec/fake_response/errors/invalid_request.json
 - spec/fake_response/resources/fake.txt
-- spec/fake_response/token.json
+- spec/fake_response/tokens/bearer.json
+- spec/fake_response/tokens/legacy.json
+- spec/fake_response/tokens/legacy.txt
+- spec/fake_response/tokens/mac.json
 - spec/helpers/time.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
 - spec/rack/oauth2/access_token/mac/verifier_spec.rb
@@ -290,10 +292,12 @@ signing_key:
 specification_version: 3
 summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported
 test_files: 
-- spec/fake_response/facebook_token_response.txt
-- spec/fake_response/invalid_request.json
+- spec/fake_response/errors/invalid_request.json
 - spec/fake_response/resources/fake.txt
-- spec/fake_response/token.json
+- spec/fake_response/tokens/bearer.json
+- spec/fake_response/tokens/legacy.json
+- spec/fake_response/tokens/legacy.txt
+- spec/fake_response/tokens/mac.json
 - spec/helpers/time.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
 - spec/rack/oauth2/access_token/mac/verifier_spec.rb