rails_api_auth 0.0.2

data/spec/dummy/public/404.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <div>
+      <h1>The page you were looking for doesn't exist.</h1>
+      <p>You may have mistyped the address or the page may have moved.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/422.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <div>
+      <h1>The change you wanted was rejected.</h1>
+      <p>Maybe you tried to change something you didn't have access to.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/500.html

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <div>
+      <h1>We're sorry, but something went wrong.</h1>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/spec/factories/logins.rb

@@ -0,0 +1,11 @@
+FactoryGirl.define do
+  factory :login do
+    email    { Faker::Internet.email }
+    password { Faker::Lorem.word }
+
+    trait :facebook do
+      facebook_uid { Faker::Number.number }
+      password nil
+    end
+  end
+end

data/spec/models/login_spec.rb

@@ -0,0 +1,69 @@
+require 'spec_helper'
+
+describe Login do
+  it { is_expected.to validate_presence_of(:email) }
+  it { is_expected.to allow_value('test@example.com').for(:email) }
+  it { is_expected.to_not allow_value('test_example.com').for(:email) }
+
+  it 'validates presence of either password or Facebook UID' do
+    login = described_class.new(email: 'test@example.com', oauth2_token: 'token')
+
+    expect(login).to_not be_valid
+  end
+
+  it "doesn't validate presence of password when Facebook UID is present" do
+    login = described_class.new(email: 'test@example.com', oauth2_token: 'token', facebook_uid: '123')
+
+    expect(login).to be_valid
+  end
+
+  it "doesn't validate presence of Facebook UID  when password is present" do
+    login = described_class.new(email: 'test@example.com', oauth2_token: 'token', password: '123')
+
+    expect(login).to be_valid
+  end
+
+  describe '#refresh_oauth2_token!' do
+    subject { described_class.new(oauth2_token: 'oldtoken') }
+
+    before do
+      allow(subject).to receive(:save!)
+    end
+
+    it 'force-resets the oauth2 token' do
+      expect { subject.refresh_oauth2_token! }.to change(subject, :oauth2_token)
+    end
+
+    it 'saves the model' do
+      expect(subject).to receive(:save!)
+
+      subject.refresh_oauth2_token!
+    end
+  end
+
+  describe '#consume_single_use_oauth2_token!' do
+    subject { described_class.new(single_use_oauth2_token: 'token') }
+
+    before do
+      allow(subject).to receive(:save!)
+    end
+
+    context 'when the supplied token is valid' do
+      it 'resets the single use oauth2 token' do
+        expect { subject.consume_single_use_oauth2_token!(subject.single_use_oauth2_token) }.to change(subject, :single_use_oauth2_token)
+      end
+
+      it 'saves the model' do
+        expect(subject).to receive(:save!)
+
+        subject.refresh_oauth2_token!
+      end
+    end
+
+    context 'when the supplied token is invalid' do
+      it 'raises an InvalidSingleUseOAuth2Token' do
+        expect { subject.consume_single_use_oauth2_token!('invalid token') }.to raise_error(Login::InvalidSingleUseOAuth2Token)
+      end
+    end
+  end
+end

data/spec/requests/authenticated_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe 'Authenticated route' do
+  let!(:login) { create(:login) }
+  let(:headers) do
+    {
+      'Authorization': "Bearer #{login.oauth2_token}"
+    }
+  end
+
+  subject { get '/authenticated', {}, headers }
+
+  it 'assigns login found to @current_login' do
+    subject
+
+    assigns[:current_login] = login
+  end
+
+  it '200' do
+    subject
+
+    expect(response.status).to eq 200
+  end
+
+  it 'lets the action get rendered' do
+    subject
+
+    expect(response.body).to eql 'zuper content'
+  end
+
+  context 'no token' do
+
+    subject { get '/authenticated' }
+
+    it '401' do
+      subject
+
+      expect(response.status).to eq 401
+    end
+
+    it 'responds with an empty body' do
+      subject
+
+      expect(response.body).to be_empty
+    end
+  end
+end

data/spec/requests/oauth2_spec.rb

@@ -0,0 +1,187 @@
+require 'spec_helper'
+
+describe 'Oauth2 API' do
+
+  let!(:login) { create(:login) }
+
+  describe 'POST /token' do
+    let(:params) { { grant_type: 'password', username: login.email, password: login.password } }
+
+    subject { post '/token', params }
+
+    context 'for grant_type "password"' do
+      context 'with valid login credentials' do
+        it 'succeeds' do
+          subject
+
+          expect(response).to have_http_status(200)
+        end
+
+        it 'responds with an access token' do
+          subject
+
+          expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
+        end
+      end
+
+      context 'with invalid login credentials' do
+        let(:params) { { grant_type: 'password', username: 'bad@email.com', password: 'badpassword' } }
+
+        it 'responds with status 400' do
+          subject
+
+          expect(response).to have_http_status(400)
+        end
+
+        it 'responds with an invalid grant error' do
+          subject
+
+          expect(response.body).to be_json_eql({ error: 'invalid_grant' }.to_json)
+        end
+      end
+    end
+
+    context 'for grant_type "facebook_auth_code"' do
+      let(:secret)                { described_class::FB_APP_SECRET }
+      let(:params)                { { grant_type: 'facebook_auth_code', auth_code: 'fb auth code' } }
+      let(:facebook_email)        { login.email }
+      let(:facebook_data)   do
+        {
+          id:         '1238190321',
+          email:      facebook_email
+        }
+      end
+
+      before do
+        stub_request(:get, %r{https://graph.facebook.com/v2.3/oauth/access_token}).to_return(body: '{ "access_token": "access_token" }')
+        stub_request(:get, %r{https://graph.facebook.com/v2.3/me}).to_return(body: JSON.generate(facebook_data), headers: { 'Content-Type' => 'application/json' })
+      end
+
+      context 'when a login with the posted Facebook email exists' do
+        it 'connects the login to the Facebook account' do
+          subject
+
+          expect(login.reload.facebook_uid).to eq(facebook_data[:id])
+        end
+
+        it 'succeeds' do
+          subject
+
+          expect(response).to have_http_status(200)
+        end
+
+        it 'responds with an oauth2 token' do
+          subject
+
+          expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
+        end
+      end
+
+      context 'when no login with the posted Facebook email exists' do
+        let(:facebook_email) { Faker::Internet.email }
+
+        it 'succeeds' do
+          subject
+
+          expect(response).to have_http_status(200)
+        end
+
+        it 'creates a login with it' do
+          expect { subject }.to change { Login.where(email: facebook_email).count }.by(1)
+        end
+
+        it 'responds with an oauth2 token' do
+          subject
+          login = Login.find_by(email: facebook_email)
+
+          expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
+        end
+      end
+
+      context 'when no facebook code is sent' do
+        let(:params) { { grant_type: 'facebook_auth_code' } }
+
+        it 'responds with status 400' do
+          subject
+
+          expect(response).to have_http_status(400)
+        end
+
+        it 'responds with a no authorization code error' do
+          subject
+
+          expect(response.body).to be_json_eql({ error: 'no_authorization_code' }.to_json)
+        end
+      end
+
+      context 'when Facebook responds with an error' do
+        before do
+          stub_request(:get, %r{https://graph.facebook.com/v2.3/oauth/access_token}).to_return(status: 422)
+        end
+
+        it 'responds with status 500' do
+          subject
+
+          expect(response).to have_http_status(500)
+        end
+
+        it 'responds with an empty response body' do
+          subject
+
+          expect(response.body).to eql('')
+        end
+      end
+    end
+
+    context 'for an unknown grant type' do
+      let(:params) { { grant_type: 'UNKNOWN' } }
+
+      it 'responds with status 400' do
+        subject
+
+        expect(response).to have_http_status(400)
+      end
+
+      it 'responds with an invalid grant error' do
+        subject
+
+        expect(response.body).to be_json_eql({ error: 'unsupported_grant_type' }.to_json)
+      end
+    end
+  end
+
+  describe 'POST #destroy' do
+    let(:params) { { token_type_hint: 'access_token', token: login.oauth2_token } }
+
+    subject { post '/revoke', params }
+
+    it 'succeeds' do
+      subject
+
+      expect(response).to have_http_status(200)
+    end
+
+    it 'resets login token' do
+      expect { subject }.to change { login.reload.oauth2_token }
+
+      subject
+    end
+
+    context 'for an unknown (or stale) token' do
+      let(:params) { { token_type_hint: 'access_token', token: 'badtoken' } }
+
+      it 'succeeds' do
+        subject
+
+        expect(response).to have_http_status(200)
+      end
+
+      it "doesn't reset any logins' token" do
+
+        expect_any_instance_of(LoginNotFound).to receive(:refresh_oauth2_token!)
+
+        subject
+      end
+    end
+  end
+end