rails_api_auth 0.0.3 → 0.0.4

data/spec/factories/logins.rb

@@ -4,8 +4,9 @@ FactoryGirl.define do
     password       { Faker::Lorem.word }
 
     trait :facebook do
-      facebook_uid { Faker::Number.number }
+      uid { Faker::Number.number }
       password nil
+      provider 'facebook'
     end
   end
 end

data/spec/models/login_spec.rb

@@ -12,7 +12,7 @@ describe Login do
   end
 
   it "doesn't validate presence of password when Facebook UID is present" do
-    login = described_class.new(identification: 'test@example.com', oauth2_token: 'token', facebook_uid: '123')
+    login = described_class.new(identification: 'test@example.com', oauth2_token: 'token', uid: '123', provider: 'facebook')
 
     expect(login).to be_valid
   end
@@ -41,29 +41,21 @@ describe Login do
     end
   end
 
-  describe '#consume_single_use_oauth2_token!' do
-    subject { described_class.new(single_use_oauth2_token: 'token') }
+  describe '#refresh_single_use_oauth2_token!' do
+    subject { described_class.new(single_use_oauth2_token: 'oldtoken') }
 
     before do
       allow(subject).to receive(:save!)
     end
 
-    context 'when the supplied token is valid' do
-      it 'resets the single use oauth2 token' do
-        expect { subject.consume_single_use_oauth2_token!(subject.single_use_oauth2_token) }.to change(subject, :single_use_oauth2_token)
-      end
-
-      it 'saves the model' do
-        expect(subject).to receive(:save!)
-
-        subject.refresh_oauth2_token!
-      end
+    it 'force-resets the single oauth2 token' do
+      expect { subject.refresh_single_use_oauth2_token! }.to change(subject, :single_use_oauth2_token)
     end
 
-    context 'when the supplied token is invalid' do
-      it 'raises an InvalidOAuth2Token' do
-        expect { subject.consume_single_use_oauth2_token!('invalid token') }.to raise_error(Login::InvalidOAuth2Token)
-      end
+    it 'saves the model' do
+      expect(subject).to receive(:save!)
+
+      subject.refresh_single_use_oauth2_token!
     end
   end
 end

data/spec/requests/access_once_spec.rb

@@ -0,0 +1,66 @@
+describe 'an access-once route' do
+  subject { get '/access-once', {}, headers }
+
+  let(:login) { create(:login) }
+  let(:headers) do
+    { 'Authorization' => "Bearer #{login.single_use_oauth2_token}" }
+  end
+
+  context 'when a valid Bearer token is present' do
+    it 'assigns the authenticated login to @current_login' do
+      subject
+
+      expect(assigns[:current_login]).to eq(login)
+    end
+
+    it "responds with the actual action's status" do
+      subject
+
+      expect(response).to have_http_status(200)
+    end
+
+    it "responds with the actual action's body" do
+      subject
+
+      expect(response.body).to eql('zuper content')
+    end
+
+    it "changes the login's single_use_oauth2_token" do
+      expect { subject }.to change { login.reload.single_use_oauth2_token }
+    end
+  end
+
+  shared_examples 'when access is not allowed' do
+    it 'does not assign the authenticated login to @current_login' do
+      subject
+
+      expect(assigns[:current_login]).to be_nil
+    end
+
+    it 'responds with status 401' do
+      subject
+
+      expect(response).to have_http_status(401)
+    end
+
+    it 'responds with an empty body' do
+      subject
+
+      expect(response.body.strip).to be_empty
+    end
+  end
+
+  context 'when accessed a second time with the same token' do
+    before do
+      get '/access-once', {}, headers
+    end
+
+    it_behaves_like 'when access is not allowed'
+  end
+
+  context 'when no valid Bearer token is present' do
+    let(:headers) { {} }
+
+    it_behaves_like 'when access is not allowed'
+  end
+end

data/spec/requests/authenticated_spec.rb

@@ -18,7 +18,7 @@ describe 'an authenticated route' do
     it "responds with the actual action's status" do
       subject
 
-      expect(response).to have_http_status(201)
+      expect(response).to have_http_status(200)
     end
 
     it "responds with the actual action's body" do

data/spec/requests/custom_authenticated_spec.rb

@@ -19,7 +19,7 @@ describe 'a custom authenticated route' do
     it "responds with the actual action's status" do
       subject
 
-      expect(response).to have_http_status(201)
+      expect(response).to have_http_status(200)
     end
 
     it "responds with the actual action's body" do

data/spec/requests/oauth2_spec.rb

@@ -39,95 +39,31 @@ describe 'Oauth2 API' do
     end
 
     context 'for grant_type "facebook_auth_code"' do
-      let(:secret)                { described_class::FB_APP_SECRET }
-      let(:params)                { { grant_type: 'facebook_auth_code', auth_code: 'authcode' } }
-      let(:facebook_email)        { login.identification }
-      let(:facebook_data) do
+      let(:authenticated_user_data) do
         {
           id:    '1238190321',
-          email: facebook_email
+          email: email
         }
       end
+      let(:uid_mapped_field) { 'id' }
+      let(:grant_type) { 'facebook_auth_code' }
+      let(:profile_url) { FacebookAuthenticator::PROFILE_URL }
+      include_context 'stubbed facebook requests'
+      it_behaves_like 'oauth2 shared contexts'
+    end
 
-      before do
-        stub_request(:get, 'https://graph.facebook.com/oauth/access_token?client_id=app_id&client_secret=app_secret&code=authcode&redirect_uri=redirect_uri').to_return({ body: '{ "access_token": "access_token" }' })
-        stub_request(:get, 'https://graph.facebook.com/me?access_token=access_token').to_return({ body: JSON.generate(facebook_data), headers: { 'Content-Type' => 'application/json' } })
-      end
-
-      context 'when a login with for the Facebook account exists' do
-        it 'connects the login to the Facebook account' do
-          subject
-
-          expect(login.reload.facebook_uid).to eq(facebook_data[:id])
-        end
-
-        it 'responds with status 200' do
-          subject
-
-          expect(response).to have_http_status(200)
-        end
-
-        it "responds with the login's OAuth 2.0 token" do
-          subject
-
-          expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
-        end
-      end
-
-      context 'when no login for the Facebook account exists' do
-        let(:facebook_email) { Faker::Internet.email }
-
-        it 'responds with status 200' do
-          subject
-
-          expect(response).to have_http_status(200)
-        end
-
-        it 'creates a login for the Facebook account' do
-          expect { subject }.to change { Login.where(identification: facebook_email).count }.by(1)
-        end
-
-        it "responds with the login's OAuth 2.0 token" do
-          subject
-          login = Login.where(identification: facebook_email).first
-
-          expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
-        end
-      end
-
-      context 'when no Facebook auth code is sent' do
-        let(:params) { { grant_type: 'facebook_auth_code' } }
-
-        it 'responds with status 400' do
-          subject
-
-          expect(response).to have_http_status(400)
-        end
-
-        it 'responds with a "no_authorization_code" error' do
-          subject
-
-          expect(response.body).to be_json_eql({ error: 'no_authorization_code' }.to_json)
-        end
-      end
-
-      context 'when Facebook responds with an error' do
-        before do
-          stub_request(:get, 'https://graph.facebook.com/me?access_token=access_token').to_return(status: 422)
-        end
-
-        it 'responds with status 502' do
-          subject
-
-          expect(response).to have_http_status(502)
-        end
-
-        it 'responds with an empty response body' do
-          subject
-
-          expect(response.body.strip).to eql('')
-        end
+    context 'for grant_type "google_auth_code"' do
+      let(:authenticated_user_data) do
+        {
+          sub: '1238190321',
+          email: email
+        }
       end
+      let(:uid_mapped_field) { 'sub' }
+      let(:grant_type) { 'google_auth_code' }
+      let(:profile_url) { GoogleAuthenticator::PROFILE_URL }
+      include_context 'stubbed google requests'
+      it_behaves_like 'oauth2 shared contexts'
     end
 
     context 'for an unknown grant type' do

data/spec/services/facebook_authenticator_spec.rb

@@ -1,52 +1,12 @@
 describe FacebookAuthenticator do
-  describe '#authenticate!' do
-    let(:auth_code) { 'authcode' }
-    let(:email)     { 'email@facebook.com' }
-    let(:facebook_data) do
-      {
-        id:    '1238190321',
-        email: email
-      }
-    end
-    let(:response_with_fb_token) { { body: '{ "access_token": "access_token" }' } }
-    let(:response_with_fb_user)  { { body: JSON.generate(facebook_data), headers: { 'Content-Type' => 'application/json' } } }
-    let(:login)                  { double('login') }
+  let(:uid_mapped_field) { 'id' }
 
-    subject { described_class.new(auth_code).authenticate! }
-
-    before do
-      stub_request(:get, 'https://graph.facebook.com/oauth/access_token?client_id=app_id&client_secret=app_secret&code=authcode&redirect_uri=redirect_uri').to_return({ body: '{ "access_token": "access_token" }' })
-      stub_request(:get, 'https://graph.facebook.com/me?access_token=access_token').to_return(response_with_fb_user)
-    end
-
-    context 'when no login for the Facebook account exists' do
-      let(:login_attributes) do
-        {
-          identification: facebook_data[:email],
-          facebook_uid:   facebook_data[:id]
-        }
-      end
-
-      before do
-        allow(Login).to receive(:create!).with(login_attributes).and_return(login)
-      end
-
-      it 'returns a login created from the Facebook account' do
-        expect(subject).to eql(login)
-      end
-    end
-
-    context 'when a login for the Facebook account exists already' do
-      before do
-        expect(Login).to receive(:where).with(identification: facebook_data[:email]).and_return([login])
-        allow(login).to receive(:update_attributes!).with(facebook_uid: facebook_data[:id])
-      end
-
-      it 'connects the login to the Facebook account' do
-        expect(login).to receive(:update_attributes!).with(facebook_uid: facebook_data[:id])
-
-        subject
-      end
-    end
+  let(:authenticated_user_data) do
+    {
+      email: 'user@facebook.com',
+      id: '123123123123'
+    }
   end
+  include_context 'stubbed facebook requests'
+  it_behaves_like 'a authenticator'
 end

data/spec/services/google_authenticator_spec.rb

@@ -0,0 +1,12 @@
+describe GoogleAuthenticator do
+  let(:uid_mapped_field) { 'sub' }
+
+  let(:authenticated_user_data) do
+    {
+      email: 'user@gmail.com',
+      sub: '789789789789'
+    }
+  end
+  include_context 'stubbed google requests'
+  it_behaves_like 'a authenticator'
+end

data/spec/support/shared_contexts/stubbed_facebook_requests.rb

@@ -0,0 +1,12 @@
+shared_context 'stubbed facebook requests' do
+  let(:auth_code) { 'authcode' }
+  let(:access_token)           { 'CAAMvEGOZAxB8BAODGpIWO9meEXEpvigfIRs5j7LIi1Uef8xvTz4vpayfP6rxn0Om3jZAmvEojZB9HNWD44PgSSwFyD7bKsJ3EaNMKwYpZBRqjm25HfwUzF3pOVRXp9cdquT1afm7bj4mnb4WFFo7TxLcgO848FaAKZBdxwefJlPneVUSpquEh2TZAVWghndnPO9ON7QTqXhAZDZD' }
+  let(:response_with_fb_token) { { body: JSON.generate({ access_token: access_token, token_type: 'bearer', expires_in: 5169402 }), headers: { 'Content-Type' => 'application/json' } } }
+  let(:response_with_fb_user)  { { body: JSON.generate(authenticated_user_data), headers: { 'Content-Type' => 'application/json' } } }
+  let(:token_parameters) { { client_id: 'app_id', client_secret: 'app_secret', auth_code: auth_code, redirect_uri: 'redirect_uri' } }
+
+  before do
+    stub_request(:get, FacebookAuthenticator::TOKEN_URL % token_parameters).to_return(response_with_fb_token)
+    stub_request(:get, FacebookAuthenticator::PROFILE_URL % { access_token: access_token }).to_return(response_with_fb_user)
+  end
+end

data/spec/support/shared_contexts/stubbed_google_requests.rb

@@ -0,0 +1,11 @@
+shared_context 'stubbed google requests' do
+  let(:auth_code) { 'authcode' }
+  let(:response_with_token) { { body: '{ "access_token": "access_token" },  "token_type": "Bearer", "expires_in": 3600' } }
+  let(:response_with_user)  { { body: JSON.generate(authenticated_user_data), headers: { 'Content-Type' => 'application/json' } } }
+
+  before do
+    stub_request(:post, GoogleAuthenticator::TOKEN_URL).
+      with(body: hash_including(grant_type: 'authorization_code')).to_return(response_with_token)
+    stub_request(:get, GoogleAuthenticator::PROFILE_URL % { access_token: 'access_token' }).to_return(response_with_user)
+  end
+end

data/spec/support/shared_examples/authenticator_shared_requests.rb

@@ -0,0 +1,38 @@
+shared_examples 'a authenticator' do
+  describe '#authenticate!' do
+    let(:login) { double('login') }
+
+    subject { described_class.new(auth_code).authenticate! }
+
+    context "when no login for the #{described_class::PROVIDER} account exists" do
+      let(:login_attributes) do
+        {
+          identification: authenticated_user_data[:email],
+          uid: authenticated_user_data[uid_mapped_field.to_sym],
+          provider: described_class::PROVIDER
+        }
+      end
+
+      before do
+        allow(Login).to receive(:create!).with(login_attributes).and_return(login)
+      end
+
+      it "returns a login created from the #{described_class::PROVIDER} account" do
+        expect(subject).to eql(login)
+      end
+    end
+
+    context "when a login for the #{described_class::PROVIDER} account exists already" do
+      before do
+        expect(Login).to receive(:where).with(identification: authenticated_user_data[:email]).and_return([login])
+        allow(login).to receive(:update_attributes!).with(uid: authenticated_user_data[uid_mapped_field.to_sym], provider: described_class::PROVIDER)
+      end
+
+      it "connects the login to the #{described_class::PROVIDER} account" do
+        expect(login).to receive(:update_attributes!).with(uid: authenticated_user_data[uid_mapped_field.to_sym], provider: described_class::PROVIDER)
+
+        subject
+      end
+    end
+  end
+end

data/spec/support/shared_examples/oauth2_shared_requests.rb

@@ -0,0 +1,80 @@
+shared_context 'oauth2 shared contexts' do
+  let(:params)                { { grant_type: grant_type, auth_code: 'authcode' } }
+  let(:access_token) { 'access_token' }
+  let(:email) { login.identification }
+
+  context 'when a login with for the service account exists' do
+    it 'connects the login to the service account' do
+      subject
+
+      expect(login.reload.uid).to eq(authenticated_user_data[uid_mapped_field.to_sym])
+    end
+
+    it 'responds with status 200' do
+      subject
+
+      expect(response).to have_http_status(200)
+    end
+
+    it "responds with the login's OAuth 2.0 token" do
+      subject
+
+      expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
+    end
+  end
+
+  context 'when no login for the service account exists' do
+    let(:email) { Faker::Internet.email }
+
+    it 'responds with status 200' do
+      subject
+
+      expect(response).to have_http_status(200)
+    end
+
+    it 'creates a login for the service account' do
+      expect { subject }.to change { Login.where(identification: email).count }.by(1)
+    end
+
+    it "responds with the login's OAuth 2.0 token" do
+      subject
+      login = Login.where(identification: email).first
+
+      expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
+    end
+  end
+
+  context 'when no service auth code is sent' do
+    let(:params) { { grant_type: grant_type } }
+
+    it 'responds with status 400' do
+      subject
+
+      expect(response).to have_http_status(400)
+    end
+
+    it 'responds with a "no_authorization_code" error' do
+      subject
+
+      expect(response.body).to be_json_eql({ error: 'no_authorization_code' }.to_json)
+    end
+  end
+
+  context 'when service responds with an error' do
+    before do
+      stub_request(:get, profile_url % { access_token: access_token }).to_return(status: 422)
+    end
+
+    it 'responds with status 502' do
+      subject
+
+      expect(response).to have_http_status(502)
+    end
+
+    it 'responds with an empty response body' do
+      subject
+
+      expect(response.body.strip).to eql('')
+    end
+  end
+end