rack-oauth2 0.8.7 → 0.9.0.alpha

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rack-oauth2 (0.8.6)
+    rack-oauth2 (0.8.7)
       activesupport (>= 2.3)
       attr_required (>= 0.0.3)
       httpclient (>= 2.2.0.2)

data/VERSION

@@ -1 +1 @@
-0.8.7
+0.9.0.alpha

data/lib/rack/oauth2/server/authorize.rb

@@ -4,11 +4,35 @@ module Rack
       class Authorize < Abstract::Handler
         def call(env)
           request = Request.new(env)
-          request.profile.new(&@authenticator).call(env).finish
+          response_type_for(request).new(&@authenticator).call(env).finish
         rescue Rack::OAuth2::Server::Abstract::Error => e
           e.finish
         end
 
+        private
+
+        def response_type_for(request)
+          response_type = request.params['response_type'].to_s
+          case response_type
+          when 'code'
+            Code
+          when 'token'
+            Token
+          when ''
+            request.attr_missing!
+          else
+            extensions.detect do |extension|
+              extension.response_type_for? response_type
+            end || request.unsupported_response_type!
+          end
+        end
+
+        def extensions
+          Extensions.constants.sort.collect do |key|
+            Extensions.const_get key
+          end
+        end
+
         class Request < Abstract::Request
           attr_required :response_type
           attr_optional :redirect_uri, :state
@@ -22,20 +46,6 @@ module Rack
             @state = params['state']
           end
 
-          def profile
-            case params['response_type'].to_s
-            when 'code'
-              Code
-            when 'token'
-              Token
-            when ''
-              attr_missing!
-            else
-              # TODO: support extensions
-              unsupported_response_type!
-            end
-          end
-
           def verify_redirect_uri!(pre_registered)
             @verified_redirect_uri = if redirect_uri.present?
               if Util.uri_match?(pre_registered, redirect_uri)
@@ -48,6 +58,10 @@ module Rack
             end
             self.verified_redirect_uri.to_s
           end
+
+          def error_params_location
+            nil # => All errors are raised immediately and no error response are returned to client.
+          end
         end
 
         class Response < Abstract::Response
@@ -71,10 +85,14 @@ module Rack
             {:state => state}
           end
 
+          def redirect_uri_with_credentials
+            Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
+          end
+
           def finish
             if approved?
               attr_missing!
-              redirect Util.redirect_uri(redirect_uri, protocol_params_location, protocol_params)
+              redirect redirect_uri_with_credentials
             end
             super
           end
@@ -86,4 +104,5 @@ end
 
 require 'rack/oauth2/server/authorize/code'
 require 'rack/oauth2/server/authorize/token'
+require 'rack/oauth2/server/authorize/extensions'
 require 'rack/oauth2/server/authorize/error'

data/lib/rack/oauth2/server/authorize/code.rb

@@ -15,6 +15,10 @@ module Rack
               @response_type = :code
               attr_missing!
             end
+
+            def error_params_location
+              :query
+            end
           end
 
           class Response < Authorize::Response

data/lib/rack/oauth2/server/authorize/error.rb

@@ -57,12 +57,7 @@ module Rack
 
           def bad_request!(error = :bad_request, description = nil, options = {})
             exception = BadRequest.new error, description, options
-            exception.protocol_params_location = case response_type
-            when :code
-              :query
-            when :token
-              :fragment
-            end
+            exception.protocol_params_location = error_params_location
             exception.state = state
             exception.redirect_uri = verified_redirect_uri
             raise exception

data/lib/rack/oauth2/server/authorize/extensions.rb

@@ -0,0 +1,12 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module Extensions
+          # Define your extension in this namespace and load it explicitly.
+          # extensions/code_and_token.rb would be good example for you.
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/extensions/code_and_token.rb

@@ -0,0 +1,39 @@
+module Rack
+  module OAuth2
+    module Server
+      class Authorize
+        module Extensions
+          class CodeAndToken < Abstract::Handler
+            class << self
+              def response_type_for?(response_type)
+                response_type.split.sort == ['code', 'token']
+              end
+            end
+
+            def call(env)
+              @request  = Request.new env
+              @response = Response.new request
+              super
+            end
+
+            class Request < Authorize::Token::Request
+              def initialize(env)
+                super
+                @response_type = [:code, :token]
+                attr_missing!
+              end
+            end
+
+            class Response < Authorize::Token::Response
+              attr_required :code
+
+              def redirect_uri_with_credentials
+                Util.redirect_uri(super, :query, :code => code)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rack/oauth2/server/authorize/token.rb

@@ -15,6 +15,10 @@ module Rack
               @response_type = :token
               attr_missing!
             end
+
+            def error_params_location
+              :fragment
+            end
           end
 
           class Response < Authorize::Response

data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper.rb'
+require 'rack/oauth2/server/authorize/extensions/code_and_token'
+
+describe Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken do
+  let(:request)            { Rack::MockRequest.new app }
+  let(:redirect_uri)       { 'http://client.example.com/callback' }
+  let(:access_token)       { 'access_token' }
+  let(:authorization_code) { 'authorization_code' }
+  let(:response) do
+    request.get("/?response_type=code%20token&client_id=client&redirect_uri=#{redirect_uri}")
+  end
+
+  context "when approved" do
+    subject { response }
+    let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        response.redirect_uri = redirect_uri
+        response.access_token = bearer_token
+        response.code         = authorization_code
+        response.approve!
+      end
+    end
+    its(:status)   { should == 302 }
+    its(:location) { should == "#{redirect_uri}?code=#{authorization_code}#access_token=#{access_token}&token_type=bearer" }
+
+    context 'when refresh_token is given' do
+      let :bearer_token do
+        Rack::OAuth2::AccessToken::Bearer.new(
+          :access_token => access_token,
+          :refresh_token => 'refresh'
+        )
+      end
+      its(:location) { should == "#{redirect_uri}?code=#{authorization_code}#access_token=#{access_token}&token_type=bearer" }
+    end
+  end
+
+  context 'when denied' do
+    let :app do
+      Rack::OAuth2::Server::Authorize.new do |request, response|
+        request.verify_redirect_uri! redirect_uri
+        request.access_denied!
+      end
+    end
+    it 'should redirect with error in fragment' do
+      response.status.should == 302
+      error_message = {
+        :error => :access_denied,
+        :error_description => Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
+      }
+      response.location.should == "#{redirect_uri}##{error_message.to_query}"
+    end
+  end
+end

data/spec/rack/oauth2/server/authorize/token_spec.rb

@@ -7,6 +7,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
   let(:response)     { request.get("/?response_type=token&client_id=client&redirect_uri=#{redirect_uri}") }
 
   context "when approved" do
+    subject { response }
     let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
     let :app do
       Rack::OAuth2::Server::Authorize.new do |request, response|
@@ -15,11 +16,8 @@ describe Rack::OAuth2::Server::Authorize::Token do
         response.approve!
       end
     end
-
-    it 'should redirect with authorization code in fragment' do
-      response.status.should == 302
-      response.location.should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer"
-    end
+    its(:status)   { should == 302 }
+    its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
 
     context 'when refresh_token is given' do
       let :bearer_token do
@@ -28,11 +26,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
           :refresh_token => 'refresh'
         )
       end
-
-      it 'should remove refresh_token from response' do
-        response.status.should == 302
-        response.location.should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer"
-      end
+      its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
     end
 
     context 'when redirect_uri is missing' do

data/spec/rack/oauth2/server/authorize_spec.rb

@@ -6,24 +6,21 @@ describe Rack::OAuth2::Server::Authorize do
   let(:redirect_uri) { 'http://client.example.com/callback' }
   let(:bad_request)  { Rack::OAuth2::Server::Authorize::BadRequest }
 
-  context 'when redirect_uri is missing' do
+  context 'when response_type is missing' do
     it do
-      expect { request.get '/' }.should raise_error bad_request
+      expect { request.get "/?client_id=client&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
     end
   end
 
-  context 'when redirect_uri is given' do
-    context 'when client_id is missing' do
-      it do
-        expect { request.get "/?redirect_uri=#{redirect_uri}" }.should raise_error bad_request
-      end
+  context 'when redirect_uri is missing' do
+    it do
+      expect { request.get "/?response_type=code&client_id=client" }.should_not raise_error
     end
-    context 'when client_id is given' do
-      context 'when response_type is missing' do
-        it do
-          expect { request.get "/?client_id=client&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
-        end
-      end
+  end
+
+  context 'when client_id is missing' do
+    it do
+      expect { request.get "/?response_type=code&redirect_uri=#{redirect_uri}" }.should raise_error bad_request
     end
   end
 
@@ -71,4 +68,67 @@ describe Rack::OAuth2::Server::Authorize do
       end
     end
   end
+
+  describe 'extensions' do
+    before do
+      require 'rack/oauth2/server/authorize/extensions/code_and_token'
+    end
+
+    let(:env) do
+      Rack::MockRequest.env_for("/authorize?response_type=#{response_type}&client_id=client")
+    end
+    let(:request) { Rack::OAuth2::Server::Authorize::Request.new env }
+    its(:extensions) { should == [Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken] }
+
+    describe 'code token' do
+      let(:response_type) { 'code%20token' }
+      it do
+        app.send(
+          :response_type_for, request
+        ).should == Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken
+      end
+    end
+
+    describe 'token code' do
+      let(:response_type) { 'token%20code' }
+      it do
+        app.send(
+          :response_type_for, request
+        ).should == Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken
+      end
+    end
+
+    describe 'token code id_token' do
+      let(:response_type) { 'token%20code%20id_token' }
+      it do
+        expect do
+          app.send(:response_type_for, request)
+        end.should raise_error bad_request
+      end
+    end
+
+    describe 'id_token' do
+      before do
+        class Rack::OAuth2::Server::Authorize::Extensions::IdToken < Rack::OAuth2::Server::Abstract::Handler
+          def self.response_type_for?(response_type)
+            response_type == 'id_token'
+          end
+        end
+      end
+
+      its(:extensions) do
+        should == [
+          Rack::OAuth2::Server::Authorize::Extensions::CodeAndToken,
+          Rack::OAuth2::Server::Authorize::Extensions::IdToken
+        ]
+      end
+
+      let(:response_type) { 'id_token' }
+      it do
+        app.send(
+          :response_type_for, request
+        ).should == Rack::OAuth2::Server::Authorize::Extensions::IdToken
+      end
+    end
+  end
 end

metadata

@@ -1,8 +1,14 @@
 --- !ruby/object:Gem::Specification 
 name: rack-oauth2
 version: !ruby/object:Gem::Version 
-  prerelease: 
-  version: 0.8.7
+  hash: -1851332106
+  prerelease: 6
+  segments: 
+  - 0
+  - 9
+  - 0
+  - alpha
+  version: 0.9.0.alpha
 platform: ruby
 authors: 
 - nov matake
@@ -10,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-10 00:00:00 Z
+date: 2011-08-11 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rack
@@ -20,6 +26,10 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 13
+        segments: 
+        - 1
+        - 1
         version: "1.1"
   type: :runtime
   version_requirements: *id001
@@ -31,6 +41,11 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 1
+        - 4
+        - 3
         version: 1.4.3
   type: :runtime
   version_requirements: *id002
@@ -42,6 +57,12 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 123
+        segments: 
+        - 2
+        - 2
+        - 0
+        - 2
         version: 2.2.0.2
   type: :runtime
   version_requirements: *id003
@@ -53,6 +74,10 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 2
+        - 3
         version: "2.3"
   type: :runtime
   version_requirements: *id004
@@ -64,6 +89,9 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
         version: "0"
   type: :runtime
   version_requirements: *id005
@@ -75,6 +103,11 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 25
+        segments: 
+        - 0
+        - 0
+        - 3
         version: 0.0.3
   type: :runtime
   version_requirements: *id006
@@ -86,6 +119,10 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 0
+        - 8
         version: "0.8"
   type: :development
   version_requirements: *id007
@@ -97,6 +134,10 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 25
+        segments: 
+        - 0
+        - 9
         version: "0.9"
   type: :development
   version_requirements: *id008
@@ -108,6 +149,9 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 2
         version: "2"
   type: :development
   version_requirements: *id009
@@ -119,6 +163,11 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 1
+        - 6
+        - 2
         version: 1.6.2
   type: :development
   version_requirements: *id010
@@ -166,6 +215,8 @@ files:
 - lib/rack/oauth2/server/authorize.rb
 - lib/rack/oauth2/server/authorize/code.rb
 - lib/rack/oauth2/server/authorize/error.rb
+- lib/rack/oauth2/server/authorize/extensions.rb
+- lib/rack/oauth2/server/authorize/extensions/code_and_token.rb
 - lib/rack/oauth2/server/authorize/token.rb
 - lib/rack/oauth2/server/resource.rb
 - lib/rack/oauth2/server/resource/bearer.rb
@@ -208,6 +259,7 @@ files:
 - spec/rack/oauth2/server/abstract/error_spec.rb
 - spec/rack/oauth2/server/authorize/code_spec.rb
 - spec/rack/oauth2/server/authorize/error_spec.rb
+- spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb
 - spec/rack/oauth2/server/authorize/token_spec.rb
 - spec/rack/oauth2/server/authorize_spec.rb
 - spec/rack/oauth2/server/resource/bearer/error_spec.rb
@@ -237,12 +289,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 23
+      segments: 
+      - 1
+      - 3
+      - 6
       version: 1.3.6
 requirements: []
 
@@ -279,6 +339,7 @@ test_files:
 - spec/rack/oauth2/server/abstract/error_spec.rb
 - spec/rack/oauth2/server/authorize/code_spec.rb
 - spec/rack/oauth2/server/authorize/error_spec.rb
+- spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb
 - spec/rack/oauth2/server/authorize/token_spec.rb
 - spec/rack/oauth2/server/authorize_spec.rb
 - spec/rack/oauth2/server/resource/bearer/error_spec.rb