rack-oauth2_utils 0.0.4 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
@@ -3,11 +3,14 @@ module Rack
3
3
 
4
4
  class Middleware
5
5
 
6
+ INVALID_HEADERS_AND_BODY = [{'Content-Type' => 'text/plain'}, ['The access token is invalid.']].freeze
7
+
6
8
  def initialize(app, options = {}, &resolver)
7
9
  @app = app
8
10
  @realm = options[:realm]
9
11
  @logger = options[:logger]
10
12
  @resolver = resolver
13
+ @invalid_token_response = options[:invalid_token_response] || INVALID_HEADERS_AND_BODY.dup
11
14
  end
12
15
 
13
16
  def call(env)
@@ -34,7 +37,9 @@ module Rack
34
37
  def unauthorized(request)
35
38
  challenge = 'OAuth realm="%s"' % (@realm || request.host)
36
39
  challenge << ', error="invalid_token", error_description="The access token is invalid."'
37
- return [401, { "WWW-Authenticate" => challenge, 'Content-Type' => 'text/plain' }, ['The access token is invalid.']]
40
+ headers = @invalid_token_response.first.merge("WWW-Authenticate" => challenge)
41
+ body = @invalid_token_response.last
42
+ return [401, headers, body]
38
43
  end
39
44
 
40
45
  end
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module OAuth2Utils
3
- VERSION = "0.0.4"
3
+ VERSION = "0.0.5"
4
4
  end
5
5
  end
@@ -80,6 +80,14 @@ describe Rack::OAuth2Utils::Middleware do
80
80
  it 'should return WWW-Authenticate header with realm and error info' do
81
81
  last_response.headers['WWW-Authenticate'].must_equal "OAuth realm=\"example.org\", error=\"invalid_token\", error_description=\"The access token is invalid.\""
82
82
  end
83
+
84
+ it 'should have default content type' do
85
+ last_response.headers['Content-Type'].must_equal 'text/plain'
86
+ end
87
+
88
+ it 'should have default error explanation in the body' do
89
+ last_response.body.must_equal 'The access token is invalid.'
90
+ end
83
91
  end
84
92
 
85
93
  describe 'private resource' do
@@ -95,6 +103,47 @@ describe Rack::OAuth2Utils::Middleware do
95
103
  end
96
104
  end
97
105
 
106
+ describe ':invalid_token_response' do
107
+ def app
108
+ invalid = [{'Content-Type' => 'application/json'}, ['{"error": "Invalid token"}']]
109
+ Rack::Builder.new do
110
+ # Simple token / identity store
111
+ use Rack::OAuth2Utils::Middleware, :invalid_token_response => invalid do |access_token|
112
+ IDENTITIES[access_token]
113
+ end
114
+
115
+ # Private, or auth protected
116
+ map('/private'){
117
+ run lambda {|env|
118
+ OK_RESPONSE
119
+ }
120
+ }
121
+ end
122
+ end
123
+
124
+ before {
125
+ header "Authorization", "OAuth invalidtoken"
126
+ get '/private'
127
+ }
128
+
129
+ it 'should return 401 Unauthorized' do
130
+ last_response.status.must_equal 401
131
+ end
132
+
133
+ it 'should return WWW-Authenticate header with realm and error info' do
134
+ last_response.headers['WWW-Authenticate'].must_equal "OAuth realm=\"example.org\", error=\"invalid_token\", error_description=\"The access token is invalid.\""
135
+ end
136
+
137
+ it 'should have set content type' do
138
+ last_response.headers['Content-Type'].must_equal 'application/json'
139
+ end
140
+
141
+ it 'should have default error explanation in the body' do
142
+ last_response.body.must_equal '{"error": "Invalid token"}'
143
+ end
144
+
145
+ end
146
+
98
147
  describe 'with valid token' do
99
148
 
100
149
  before {
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-oauth2_utils
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2011-12-28 00:00:00.000000000Z
12
+ date: 2012-03-01 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack
16
- requirement: &2152549680 !ruby/object:Gem::Requirement
16
+ requirement: &2151857500 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 1.2.2
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *2152549680
24
+ version_requirements: *2151857500
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: bundler
27
- requirement: &2152549020 !ruby/object:Gem::Requirement
27
+ requirement: &2151854660 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 1.0.0
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *2152549020
35
+ version_requirements: *2151854660
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: minitest
38
- requirement: &2152548460 !ruby/object:Gem::Requirement
38
+ requirement: &2151841280 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: '0'
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *2152548460
46
+ version_requirements: *2151841280
47
47
  description: Simple Rack middleware that catches OAuth2 access tokens and validates
48
48
  identity
49
49
  email: