rails_api_auth 0.0.4 → 0.0.5

data/spec/requests/oauth2_spec.rb

@@ -3,26 +3,73 @@ describe 'Oauth2 API' do
 
   describe 'POST /token' do
     let(:params) { { grant_type: 'password', username: login.identification, password: login.password } }
+    subject { post '/token', params, 'HTTPS' => ssl }
 
-    subject { post '/token', params }
+    shared_examples 'when the request gets through' do
+      context 'for grant_type "password"' do
+        context 'with valid login credentials' do
+          it 'responds with status 200' do
+            subject
 
-    context 'for grant_type "password"' do
-      context 'with valid login credentials' do
-        it 'responds with status 200' do
-          subject
+            expect(response).to have_http_status(200)
+          end
 
-          expect(response).to have_http_status(200)
+          it 'responds with an access token' do
+            subject
+
+            expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
+          end
         end
 
-        it 'responds with an access token' do
-          subject
+        context 'with invalid login credentials' do
+          let(:params) { { grant_type: 'password', username: login.identification, password: 'badpassword' } }
+
+          it 'responds with status 400' do
+            subject
+
+            expect(response).to have_http_status(400)
+          end
+
+          it 'responds with an invalid grant error' do
+            subject
+
+            expect(response.body).to be_json_eql({ error: 'invalid_grant' }.to_json)
+          end
+        end
+      end
+
+      context 'for grant_type "facebook_auth_code"' do
+        let(:authenticated_user_data) do
+          {
+            id:    '1238190321',
+            email: email
+          }
+        end
+        let(:uid_mapped_field) { 'id' }
+        let(:grant_type) { 'facebook_auth_code' }
+        let(:profile_url) { FacebookAuthenticator::PROFILE_URL }
+
+        include_context 'stubbed facebook requests'
+        include_examples 'oauth2 shared contexts'
+      end
 
-          expect(response.body).to be_json_eql({ access_token: login.oauth2_token }.to_json)
+      context 'for grant_type "google_auth_code"' do
+        let(:authenticated_user_data) do
+          {
+            sub: '1238190321',
+            email: email
+          }
         end
+        let(:uid_mapped_field) { 'sub' }
+        let(:grant_type) { 'google_auth_code' }
+        let(:profile_url) { GoogleAuthenticator::PROFILE_URL }
+
+        include_context 'stubbed google requests'
+        include_examples 'oauth2 shared contexts'
       end
 
-      context 'with invalid login credentials' do
-        let(:params) { { grant_type: 'password', username: login.identification, password: 'badpassword' } }
+      context 'for an unknown grant type' do
+        let(:params) { { grant_type: 'UNKNOWN' } }
 
         it 'responds with status 400' do
           subject
@@ -30,89 +77,122 @@ describe 'Oauth2 API' do
           expect(response).to have_http_status(400)
         end
 
-        it 'responds with an invalid grant error' do
+        it 'responds with an "unsupported_grant_type" error' do
           subject
 
-          expect(response.body).to be_json_eql({ error: 'invalid_grant' }.to_json)
+          expect(response.body).to be_json_eql({ error: 'unsupported_grant_type' }.to_json)
         end
       end
     end
 
-    context 'for grant_type "facebook_auth_code"' do
-      let(:authenticated_user_data) do
-        {
-          id:    '1238190321',
-          email: email
-        }
+    context 'when SSL is forced' do
+      include_context 'with force_ssl configured'
+      let(:force_ssl) { true }
+
+      context 'and the request uses SSL' do
+        let(:ssl) { 'on' }
+
+        include_examples 'when the request gets through'
       end
-      let(:uid_mapped_field) { 'id' }
-      let(:grant_type) { 'facebook_auth_code' }
-      let(:profile_url) { FacebookAuthenticator::PROFILE_URL }
-      include_context 'stubbed facebook requests'
-      it_behaves_like 'oauth2 shared contexts'
-    end
 
-    context 'for grant_type "google_auth_code"' do
-      let(:authenticated_user_data) do
-        {
-          sub: '1238190321',
-          email: email
-        }
+      context 'and the request does not use SSL' do
+        let(:ssl) { false }
+
+        it 'responds with status 301' do
+          subject
+
+          expect(response).to have_http_status(301)
+        end
       end
-      let(:uid_mapped_field) { 'sub' }
-      let(:grant_type) { 'google_auth_code' }
-      let(:profile_url) { GoogleAuthenticator::PROFILE_URL }
-      include_context 'stubbed google requests'
-      it_behaves_like 'oauth2 shared contexts'
     end
 
-    context 'for an unknown grant type' do
-      let(:params) { { grant_type: 'UNKNOWN' } }
+    context 'when SSL is not forced' do
+      include_context 'with force_ssl configured'
+      let(:force_ssl) { false }
 
-      it 'responds with status 400' do
-        subject
+      context 'and the request uses SSL' do
+        let(:ssl) { 'on' }
 
-        expect(response).to have_http_status(400)
+        include_examples 'when the request gets through'
       end
 
-      it 'responds with an "unsupported_grant_type" error' do
-        subject
+      context 'and the request does not use SSL' do
+        let(:ssl) { false }
 
-        expect(response.body).to be_json_eql({ error: 'unsupported_grant_type' }.to_json)
+        include_examples 'when the request gets through'
       end
     end
   end
 
   describe 'POST #destroy' do
     let(:params) { { token_type_hint: 'access_token', token: login.oauth2_token } }
+    subject { post '/revoke', params, 'HTTPS' => ssl }
+
+    shared_examples 'when the request gets through' do
+      it 'responds with status 200' do
+        subject
 
-    subject { post '/revoke', params }
+        expect(response).to have_http_status(200)
+      end
+
+      it "resets the login's OAuth 2.0 token" do
+        expect { subject }.to change { login.reload.oauth2_token }
+
+        subject
+      end
+
+      context 'for an invalid token' do
+        let(:params) { { token_type_hint: 'access_token', token: 'badtoken' } }
 
-    it 'responds with status 200' do
-      subject
+        it 'responds with status 200' do
+          subject
 
-      expect(response).to have_http_status(200)
+          expect(response).to have_http_status(200)
+        end
+
+        it "doesn't reset any logins' token" do
+          expect_any_instance_of(LoginNotFound).to receive(:refresh_oauth2_token!)
+
+          subject
+        end
+      end
     end
 
-    it "resets the login's OAuth 2.0 token" do
-      expect { subject }.to change { login.reload.oauth2_token }
+    context 'when SSL is forced' do
+      include_context 'with force_ssl configured'
+      let(:force_ssl) { true }
+
+      context 'and the request uses SSL' do
+        let(:ssl) { 'on' }
+
+        include_examples 'when the request gets through'
+      end
+
+      context 'and the request does not use SSL' do
+        let(:ssl) { false }
+
+        it 'responds with status 301' do
+          subject
 
-      subject
+          expect(response).to have_http_status(301)
+        end
+      end
     end
 
-    context 'for an invalid token' do
-      let(:params) { { token_type_hint: 'access_token', token: 'badtoken' } }
+    context 'when SSL is not forced' do
+      include_context 'with force_ssl configured'
+      let(:force_ssl) { false }
 
-      it 'responds with status 200' do
-        subject
+      context 'and the request uses SSL' do
+        let(:ssl) { 'on' }
 
-        expect(response).to have_http_status(200)
+        include_examples 'when the request gets through'
       end
 
-      it "doesn't reset any logins' token" do
-        expect_any_instance_of(LoginNotFound).to receive(:refresh_oauth2_token!)
+      context 'and the request does not use SSL' do
+        let(:ssl) { false }
 
-        subject
+        include_examples 'when the request gets through'
       end
     end
   end

data/spec/support/shared_contexts/force_ssl.rb

@@ -0,0 +1,8 @@
+shared_context 'with force_ssl configured' do
+  around do |example|
+    default_force_ssl = RailsApiAuth.force_ssl
+    RailsApiAuth.force_ssl = force_ssl
+    example.run
+    RailsApiAuth.force_ssl = default_force_ssl
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_api_auth
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Marco Otte-Witte
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-16 00:00:00.000000000 Z
+date: 2016-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -84,6 +84,7 @@ files:
 - lib/rails_api_auth/authentication.rb
 - lib/rails_api_auth/engine.rb
 - lib/rails_api_auth/version.rb
+- spec/config/force_ssl_spec.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
 - spec/dummy/app/assets/javascripts/application.js
@@ -139,6 +140,7 @@ files:
 - spec/services/google_authenticator_spec.rb
 - spec/spec_helper.rb
 - spec/support/factory_girl.rb
+- spec/support/shared_contexts/force_ssl.rb
 - spec/support/shared_contexts/stubbed_facebook_requests.rb
 - spec/support/shared_contexts/stubbed_google_requests.rb
 - spec/support/shared_examples/authenticator_shared_requests.rb
@@ -168,6 +170,7 @@ signing_key:
 specification_version: 4
 summary: Engine that implements OAuth 2.0 and Facebook authentication for API projects
 test_files:
+- spec/config/force_ssl_spec.rb
 - spec/dummy/app/assets/javascripts/application.js
 - spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/access_once_controller.rb
@@ -223,6 +226,7 @@ test_files:
 - spec/services/google_authenticator_spec.rb
 - spec/spec_helper.rb
 - spec/support/factory_girl.rb
+- spec/support/shared_contexts/force_ssl.rb
 - spec/support/shared_contexts/stubbed_facebook_requests.rb
 - spec/support/shared_contexts/stubbed_google_requests.rb
 - spec/support/shared_examples/authenticator_shared_requests.rb