rack-oauth2 0.8.3 → 0.8.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. data/README.rdoc +2 -2
  2. data/VERSION +1 -1
  3. data/lib/rack/oauth2/server/abstract/error.rb +12 -0
  4. data/lib/rack/oauth2/server/authorize.rb +1 -0
  5. data/lib/rack/oauth2/server/authorize/error.rb +19 -3
  6. data/lib/rack/oauth2/server/authorize/token.rb +5 -1
  7. data/lib/rack/oauth2/server/token.rb +4 -1
  8. data/lib/rack/oauth2/server/token/authorization_code.rb +2 -1
  9. data/spec/rack/oauth2/server/authorize/token_spec.rb +17 -2
  10. data/spec/rack/oauth2/server/token/authorization_code_spec.rb +8 -2
  11. metadata +59 -3
data/README.rdoc CHANGED
@@ -3,8 +3,8 @@
3
3
  OAuth 2.0 Server & Client Library.
4
4
  Both Bearer and MAC token type are supported.
5
5
 
6
- The OAuth 2.0 Authorization Protocol (draft 15)
7
- http://tools.ietf.org/html/draft-ietf-oauth-v2-15
6
+ The OAuth 2.0 Authorization Protocol (draft 18)
7
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-18
8
8
 
9
9
  The OAuth 2.0 Protocol: Bearer Tokens (draft 06)
10
10
  http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.8.3
1
+ 0.8.4
data/lib/rack/oauth2/server/abstract/error.rb CHANGED
@@ -51,6 +51,18 @@ module Rack
51
51
  super 403, error, description, options
52
52
  end
53
53
  end
54
+
55
+ class ServerError < Error
56
+ def initialize(error = :forbidden, description = nil, options = {})
57
+ super 500, error, description, options
58
+ end
59
+ end
60
+
61
+ class TemporarilyUnavailable < Error
62
+ def initialize(error = :forbidden, description = nil, options = {})
63
+ super 503, error, description, options
64
+ end
65
+ end
54
66
  end
55
67
  end
56
68
  end
data/lib/rack/oauth2/server/authorize.rb CHANGED
@@ -31,6 +31,7 @@ module Rack
31
31
  when ''
32
32
  attr_missing!
33
33
  else
34
+ # TODO: support extensions
34
35
  unsupported_response_type!
35
36
  end
36
37
  end
data/lib/rack/oauth2/server/authorize/error.rb CHANGED
@@ -2,8 +2,10 @@ module Rack
2
2
  module OAuth2
3
3
  module Server
4
4
  class Authorize
5
- class BadRequest < Abstract::BadRequest
6
- attr_accessor :redirect_uri, :state, :protocol_params_location
5
+ module ErrorHandler
6
+ def self.included(klass)
7
+ klass.send :attr_accessor, :redirect_uri, :state, :protocol_params_location
8
+ end
7
9
 
8
10
  def protocol_params
9
11
  super.merge(:state => state)
@@ -20,13 +22,27 @@ module Rack
20
22
  end
21
23
  end
22
24
 
25
+ class BadRequest < Abstract::BadRequest
26
+ include ErrorHandler
27
+ end
28
+
29
+ class ServerError < Abstract::ServerError
30
+ include ErrorHandler
31
+ end
32
+
33
+ class TemporarilyUnavailable < Abstract::TemporarilyUnavailable
34
+ include ErrorHandler
35
+ end
36
+
23
37
  module ErrorMethods
24
38
  DEFAULT_DESCRIPTION = {
25
39
  :invalid_request => "The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed.",
26
40
  :unauthorized_client => "The client is not authorized to use the requested response type.",
27
41
  :access_denied => "The end-user or authorization server denied the request.",
28
42
  :unsupported_response_type => "The requested response type is not supported by the authorization server.",
29
- :invalid_scope => "The requested scope is invalid, unknown, or malformed."
43
+ :invalid_scope => "The requested scope is invalid, unknown, or malformed.",
44
+ :server_error => "Internal Server Error",
45
+ :temporarily_unavailable => "Service Unavailable"
30
46
  }
31
47
 
32
48
  def self.included(klass)
data/lib/rack/oauth2/server/authorize/token.rb CHANGED
@@ -21,7 +21,11 @@ module Rack
21
21
  attr_required :access_token
22
22
 
23
23
  def protocol_params
24
- super.merge access_token.token_response
24
+ super.merge(
25
+ access_token.token_response.delete_if do |k, v|
26
+ k == :refresh_token
27
+ end
28
+ )
25
29
  end
26
30
 
27
31
  def protocol_params_location
data/lib/rack/oauth2/server/token.rb CHANGED
@@ -40,6 +40,7 @@ module Rack
40
40
  when ''
41
41
  attr_missing!
42
42
  else
43
+ # TODO: support extensions
43
44
  unsupported_grant_type!("'#{params['grant_type']}' isn't supported.")
44
45
  end
45
46
  end
@@ -55,7 +56,9 @@ module Rack
55
56
  def finish
56
57
  attr_missing!
57
58
  write Util.compact_hash(protocol_params).to_json
58
- header['Content-Type'] = "application/json"
59
+ header['Content-Type'] = 'application/json'
60
+ header['Cache-Control'] = 'no-store'
61
+ header['Pragma'] = 'no-cache'
59
62
  super
60
63
  end
61
64
  end
data/lib/rack/oauth2/server/token/authorization_code.rb CHANGED
@@ -10,7 +10,8 @@ module Rack
10
10
  end
11
11
 
12
12
  class Request < Token::Request
13
- attr_required :code, :redirect_uri
13
+ attr_required :code
14
+ attr_optional :redirect_uri
14
15
 
15
16
  def initialize(env)
16
17
  super
data/spec/rack/oauth2/server/authorize/token_spec.rb CHANGED
@@ -7,10 +7,11 @@ describe Rack::OAuth2::Server::Authorize::Token do
7
7
  let(:response) { request.get("/?response_type=token&client_id=client&redirect_uri=#{redirect_uri}") }
8
8
 
9
9
  context "when approved" do
10
+ let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
10
11
  let :app do
11
12
  Rack::OAuth2::Server::Authorize.new do |request, response|
12
13
  response.redirect_uri = redirect_uri
13
- response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token)
14
+ response.access_token = bearer_token
14
15
  response.approve!
15
16
  end
16
17
  end
@@ -20,10 +21,24 @@ describe Rack::OAuth2::Server::Authorize::Token do
20
21
  response.location.should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer"
21
22
  end
22
23
 
24
+ context 'when refresh_token is given' do
25
+ let :bearer_token do
26
+ Rack::OAuth2::AccessToken::Bearer.new(
27
+ :access_token => access_token,
28
+ :refresh_token => 'refresh'
29
+ )
30
+ end
31
+
32
+ it 'should remove refresh_token from response' do
33
+ response.status.should == 302
34
+ response.location.should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer"
35
+ end
36
+ end
37
+
23
38
  context 'when redirect_uri is missing' do
24
39
  let :app do
25
40
  Rack::OAuth2::Server::Authorize.new do |request, response|
26
- response.access_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token)
41
+ response.access_token = bearer_token
27
42
  response.approve!
28
43
  end
29
44
  end
data/spec/rack/oauth2/server/token/authorization_code_spec.rb CHANGED
@@ -15,14 +15,20 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
15
15
  :redirect_uri => 'http://client.example.com/callback'
16
16
  }
17
17
  end
18
- subject { request.post('/', :params => params) }
18
+ let(:response) { request.post('/', :params => params) }
19
+ subject { response }
19
20
 
20
21
  its(:status) { should == 200 }
21
22
  its(:content_type) { should == 'application/json' }
22
23
  its(:body) { should include '"access_token":"access_token"' }
23
24
  its(:body) { should include '"token_type":"bearer"' }
24
25
 
25
- [:code, :redirect_uri].each do |required|
26
+ it 'should prevent to be cached' do
27
+ response.header['Cache-Control'].should == 'no-store'
28
+ response.header['Pragma'].should == 'no-cache'
29
+ end
30
+
31
+ [:code].each do |required|
26
32
  context "when #{required} is missing" do
27
33
  before do
28
34
  params.delete_if do |key, value|
metadata CHANGED
@@ -1,8 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-oauth2
3
3
  version: !ruby/object:Gem::Version
4
+ hash: 55
4
5
  prerelease:
5
- version: 0.8.3
6
+ segments:
7
+ - 0
8
+ - 8
9
+ - 4
10
+ version: 0.8.4
6
11
  platform: ruby
7
12
  authors:
8
13
  - nov matake
@@ -10,7 +15,7 @@ autorequire:
10
15
  bindir: bin
11
16
  cert_chain: []
12
17
 
13
- date: 2011-06-28 00:00:00 Z
18
+ date: 2011-07-15 00:00:00 Z
14
19
  dependencies:
15
20
  - !ruby/object:Gem::Dependency
16
21
  name: rack
@@ -20,6 +25,10 @@ dependencies:
20
25
  requirements:
21
26
  - - ">="
22
27
  - !ruby/object:Gem::Version
28
+ hash: 13
29
+ segments:
30
+ - 1
31
+ - 1
23
32
  version: "1.1"
24
33
  type: :runtime
25
34
  version_requirements: *id001
@@ -31,6 +40,11 @@ dependencies:
31
40
  requirements:
32
41
  - - ">="
33
42
  - !ruby/object:Gem::Version
43
+ hash: 1
44
+ segments:
45
+ - 1
46
+ - 4
47
+ - 3
34
48
  version: 1.4.3
35
49
  type: :runtime
36
50
  version_requirements: *id002
@@ -42,6 +56,12 @@ dependencies:
42
56
  requirements:
43
57
  - - ">="
44
58
  - !ruby/object:Gem::Version
59
+ hash: 123
60
+ segments:
61
+ - 2
62
+ - 2
63
+ - 0
64
+ - 2
45
65
  version: 2.2.0.2
46
66
  type: :runtime
47
67
  version_requirements: *id003
@@ -53,6 +73,10 @@ dependencies:
53
73
  requirements:
54
74
  - - ">="
55
75
  - !ruby/object:Gem::Version
76
+ hash: 5
77
+ segments:
78
+ - 2
79
+ - 3
56
80
  version: "2.3"
57
81
  type: :runtime
58
82
  version_requirements: *id004
@@ -64,6 +88,9 @@ dependencies:
64
88
  requirements:
65
89
  - - ">="
66
90
  - !ruby/object:Gem::Version
91
+ hash: 3
92
+ segments:
93
+ - 0
67
94
  version: "0"
68
95
  type: :runtime
69
96
  version_requirements: *id005
@@ -75,6 +102,11 @@ dependencies:
75
102
  requirements:
76
103
  - - ">="
77
104
  - !ruby/object:Gem::Version
105
+ hash: 25
106
+ segments:
107
+ - 0
108
+ - 0
109
+ - 3
78
110
  version: 0.0.3
79
111
  type: :runtime
80
112
  version_requirements: *id006
@@ -86,6 +118,10 @@ dependencies:
86
118
  requirements:
87
119
  - - ">="
88
120
  - !ruby/object:Gem::Version
121
+ hash: 27
122
+ segments:
123
+ - 0
124
+ - 8
89
125
  version: "0.8"
90
126
  type: :development
91
127
  version_requirements: *id007
@@ -97,6 +133,10 @@ dependencies:
97
133
  requirements:
98
134
  - - ">="
99
135
  - !ruby/object:Gem::Version
136
+ hash: 25
137
+ segments:
138
+ - 0
139
+ - 9
100
140
  version: "0.9"
101
141
  type: :development
102
142
  version_requirements: *id008
@@ -108,6 +148,9 @@ dependencies:
108
148
  requirements:
109
149
  - - ">="
110
150
  - !ruby/object:Gem::Version
151
+ hash: 7
152
+ segments:
153
+ - 2
111
154
  version: "2"
112
155
  type: :development
113
156
  version_requirements: *id009
@@ -119,6 +162,11 @@ dependencies:
119
162
  requirements:
120
163
  - - ">="
121
164
  - !ruby/object:Gem::Version
165
+ hash: 11
166
+ segments:
167
+ - 1
168
+ - 6
169
+ - 2
122
170
  version: 1.6.2
123
171
  type: :development
124
172
  version_requirements: *id010
@@ -233,17 +281,25 @@ required_ruby_version: !ruby/object:Gem::Requirement
233
281
  requirements:
234
282
  - - ">="
235
283
  - !ruby/object:Gem::Version
284
+ hash: 3
285
+ segments:
286
+ - 0
236
287
  version: "0"
237
288
  required_rubygems_version: !ruby/object:Gem::Requirement
238
289
  none: false
239
290
  requirements:
240
291
  - - ">="
241
292
  - !ruby/object:Gem::Version
293
+ hash: 23
294
+ segments:
295
+ - 1
296
+ - 3
297
+ - 6
242
298
  version: 1.3.6
243
299
  requirements: []
244
300
 
245
301
  rubyforge_project:
246
- rubygems_version: 1.7.2
302
+ rubygems_version: 1.8.5
247
303
  signing_key:
248
304
  specification_version: 3
249
305
  summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported