rack-oauth2_utils 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -3,11 +3,14 @@ module Rack
|
|
|
3
3
|
|
|
4
4
|
class Middleware
|
|
5
5
|
|
|
6
|
+
INVALID_HEADERS_AND_BODY = [{'Content-Type' => 'text/plain'}, ['The access token is invalid.']].freeze
|
|
7
|
+
|
|
6
8
|
def initialize(app, options = {}, &resolver)
|
|
7
9
|
@app = app
|
|
8
10
|
@realm = options[:realm]
|
|
9
11
|
@logger = options[:logger]
|
|
10
12
|
@resolver = resolver
|
|
13
|
+
@invalid_token_response = options[:invalid_token_response] || INVALID_HEADERS_AND_BODY.dup
|
|
11
14
|
end
|
|
12
15
|
|
|
13
16
|
def call(env)
|
|
@@ -34,7 +37,9 @@ module Rack
|
|
|
34
37
|
def unauthorized(request)
|
|
35
38
|
challenge = 'OAuth realm="%s"' % (@realm || request.host)
|
|
36
39
|
challenge << ', error="invalid_token", error_description="The access token is invalid."'
|
|
37
|
-
|
|
40
|
+
headers = @invalid_token_response.first.merge("WWW-Authenticate" => challenge)
|
|
41
|
+
body = @invalid_token_response.last
|
|
42
|
+
return [401, headers, body]
|
|
38
43
|
end
|
|
39
44
|
|
|
40
45
|
end
|
data/test/middleware_test.rb
CHANGED
|
@@ -80,6 +80,14 @@ describe Rack::OAuth2Utils::Middleware do
|
|
|
80
80
|
it 'should return WWW-Authenticate header with realm and error info' do
|
|
81
81
|
last_response.headers['WWW-Authenticate'].must_equal "OAuth realm=\"example.org\", error=\"invalid_token\", error_description=\"The access token is invalid.\""
|
|
82
82
|
end
|
|
83
|
+
|
|
84
|
+
it 'should have default content type' do
|
|
85
|
+
last_response.headers['Content-Type'].must_equal 'text/plain'
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
it 'should have default error explanation in the body' do
|
|
89
|
+
last_response.body.must_equal 'The access token is invalid.'
|
|
90
|
+
end
|
|
83
91
|
end
|
|
84
92
|
|
|
85
93
|
describe 'private resource' do
|
|
@@ -95,6 +103,47 @@ describe Rack::OAuth2Utils::Middleware do
|
|
|
95
103
|
end
|
|
96
104
|
end
|
|
97
105
|
|
|
106
|
+
describe ':invalid_token_response' do
|
|
107
|
+
def app
|
|
108
|
+
invalid = [{'Content-Type' => 'application/json'}, ['{"error": "Invalid token"}']]
|
|
109
|
+
Rack::Builder.new do
|
|
110
|
+
# Simple token / identity store
|
|
111
|
+
use Rack::OAuth2Utils::Middleware, :invalid_token_response => invalid do |access_token|
|
|
112
|
+
IDENTITIES[access_token]
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
# Private, or auth protected
|
|
116
|
+
map('/private'){
|
|
117
|
+
run lambda {|env|
|
|
118
|
+
OK_RESPONSE
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
before {
|
|
125
|
+
header "Authorization", "OAuth invalidtoken"
|
|
126
|
+
get '/private'
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
it 'should return 401 Unauthorized' do
|
|
130
|
+
last_response.status.must_equal 401
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
it 'should return WWW-Authenticate header with realm and error info' do
|
|
134
|
+
last_response.headers['WWW-Authenticate'].must_equal "OAuth realm=\"example.org\", error=\"invalid_token\", error_description=\"The access token is invalid.\""
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
it 'should have set content type' do
|
|
138
|
+
last_response.headers['Content-Type'].must_equal 'application/json'
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
it 'should have default error explanation in the body' do
|
|
142
|
+
last_response.body.must_equal '{"error": "Invalid token"}'
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
end
|
|
146
|
+
|
|
98
147
|
describe 'with valid token' do
|
|
99
148
|
|
|
100
149
|
before {
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-oauth2_utils
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,11 +9,11 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2012-03-01 00:00:00.000000000Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &2151857500 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 1.2.2
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *2151857500
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: bundler
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &2151854660 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: 1.0.0
|
|
33
33
|
type: :development
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *2151854660
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: minitest
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &2151841280 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
version: '0'
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *2151841280
|
|
47
47
|
description: Simple Rack middleware that catches OAuth2 access tokens and validates
|
|
48
48
|
identity
|
|
49
49
|
email:
|