signet 0.5.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +13 -5
- data/CHANGELOG.md +7 -0
- data/Gemfile +2 -19
- data/lib/signet/oauth_2/client.rb +82 -50
- data/lib/signet/oauth_2.rb +9 -2
- data/lib/signet/version.rb +2 -2
- data/signet.gemspec +38 -0
- data/spec/signet/oauth_1/client_spec.rb +231 -243
- data/spec/signet/oauth_1/credential_spec.rb +30 -30
- data/spec/signet/oauth_1/server_spec.rb +128 -129
- data/spec/signet/oauth_1/services/google_spec.rb +24 -25
- data/spec/signet/oauth_1/signature_methods/hmac_sha1_spec.rb +4 -4
- data/spec/signet/oauth_1/signature_methods/plaintext_spec.rb +4 -4
- data/spec/signet/oauth_1/signature_methods/rsa_sha1_spec.rb +6 -6
- data/spec/signet/oauth_1_spec.rb +190 -192
- data/spec/signet/oauth_2/client_spec.rb +296 -181
- data/spec/signet/oauth_2_spec.rb +58 -48
- data/spec/signet_spec.rb +23 -23
- data/spec/spec_helper.rb +3 -1
- data/tasks/gem.rake +3 -55
- data/tasks/spec.rake +0 -25
- metadata +99 -38
@@ -24,86 +24,92 @@ require 'jwt'
|
|
24
24
|
|
25
25
|
conn = Faraday.default_connection
|
26
26
|
|
27
|
+
def build_json_response(payload)
|
28
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, MultiJson.dump(payload)]
|
29
|
+
end
|
30
|
+
|
31
|
+
def build_form_encoded_response(payload)
|
32
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, Addressable::URI.form_encode(payload)]
|
33
|
+
end
|
34
|
+
|
27
35
|
describe Signet::OAuth2::Client, 'unconfigured' do
|
28
36
|
before do
|
29
37
|
@client = Signet::OAuth2::Client.new
|
30
38
|
end
|
31
39
|
it 'should allow additional paraemters to be set.' do
|
32
|
-
@client.additional_parameters['type'] =
|
33
|
-
|
34
|
-
@client.additional_parameters.should ==
|
35
|
-
{'type' => 'web_server'}
|
40
|
+
@client.additional_parameters['type'] = 'web_server'
|
41
|
+
expect(@client.additional_parameters).to eq({'type' => 'web_server'})
|
36
42
|
end
|
37
43
|
it 'should raise an error if a bogus scope is provided' do
|
38
|
-
(lambda do
|
44
|
+
expect(lambda do
|
39
45
|
@client = Signet::OAuth2::Client.new(:scope => :bogus)
|
40
|
-
end).
|
46
|
+
end).to raise_error(TypeError)
|
41
47
|
end
|
42
48
|
|
43
49
|
it 'should raise an error if a scope array is provided with spaces' do
|
44
|
-
(lambda do
|
50
|
+
expect(lambda do
|
45
51
|
@client = Signet::OAuth2::Client.new(:scope => [
|
46
52
|
'legit',
|
47
53
|
'bogus bogus'
|
48
54
|
])
|
49
|
-
end).
|
55
|
+
end).to raise_error(ArgumentError)
|
50
56
|
end
|
51
57
|
|
52
58
|
it 'should allow the scope to be set to a String' do
|
53
59
|
@client.scope = 'legit'
|
54
|
-
@client.scope.
|
60
|
+
expect(@client.scope).to eq ['legit']
|
55
61
|
@client.scope = 'legit alsolegit'
|
56
|
-
@client.scope.
|
62
|
+
expect(@client.scope).to eq ['legit', 'alsolegit']
|
57
63
|
end
|
58
64
|
|
59
65
|
it 'should allow the scope to be set to an Array' do
|
60
66
|
@client.scope = ['legit']
|
61
|
-
@client.scope.
|
67
|
+
expect(@client.scope).to eq ['legit']
|
62
68
|
@client.scope = ['legit', 'alsolegit']
|
63
|
-
@client.scope.
|
69
|
+
expect(@client.scope).to eq ['legit', 'alsolegit']
|
64
70
|
end
|
65
71
|
|
66
72
|
it 'should raise an error if a bogus redirect URI is provided' do
|
67
|
-
(lambda do
|
73
|
+
expect(lambda do
|
68
74
|
@client = Signet::OAuth2::Client.new(:redirect_uri => :bogus)
|
69
|
-
end).
|
75
|
+
end).to raise_error(TypeError)
|
70
76
|
end
|
71
77
|
|
72
78
|
it 'should raise an error if a relative redirect URI is provided' do
|
73
|
-
(lambda do
|
79
|
+
expect(lambda do
|
74
80
|
@client = Signet::OAuth2::Client.new(:redirect_uri => '/relative/path')
|
75
|
-
end).
|
81
|
+
end).to raise_error(ArgumentError)
|
76
82
|
end
|
77
83
|
|
78
84
|
it 'should allow "postmessage" as a redirect URI (Google hack)' do
|
79
85
|
@client.authorization_uri = 'https://example.com/authorize'
|
80
86
|
@client.client_id = 's6BhdRkqt3'
|
81
87
|
@client.redirect_uri = 'postmessage'
|
82
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
88
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq 'postmessage'
|
83
89
|
end
|
84
90
|
|
85
91
|
it 'should allow oob values as a redirect URI (for installed apps)' do
|
86
92
|
@client.authorization_uri = 'https://example.com/authorize'
|
87
93
|
@client.client_id = 's6BhdRkqt3'
|
88
94
|
@client.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
|
89
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
95
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq 'urn:ietf:wg:oauth:2.0:oob'
|
90
96
|
@client.redirect_uri = 'oob'
|
91
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
97
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq 'oob'
|
92
98
|
end
|
93
99
|
|
94
100
|
it 'should have no authorization_uri' do
|
95
|
-
@client.authorization_uri.
|
101
|
+
expect(@client.authorization_uri).to eq nil
|
96
102
|
end
|
97
103
|
|
98
104
|
it 'should allow the authorization_uri to be set to a String' do
|
99
105
|
@client.authorization_uri = 'https://example.com/authorize'
|
100
106
|
@client.client_id = 's6BhdRkqt3'
|
101
107
|
@client.redirect_uri = 'https://example.client.com/callback'
|
102
|
-
@client.authorization_uri.to_s.
|
108
|
+
expect(@client.authorization_uri.to_s).to include(
|
103
109
|
'https://example.com/authorize'
|
104
110
|
)
|
105
|
-
@client.authorization_uri.query_values['client_id'].
|
106
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
111
|
+
expect(@client.authorization_uri.query_values['client_id']).to eq 's6BhdRkqt3'
|
112
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq (
|
107
113
|
'https://example.client.com/callback'
|
108
114
|
)
|
109
115
|
end
|
@@ -114,11 +120,11 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
114
120
|
}
|
115
121
|
@client.client_id = 's6BhdRkqt3'
|
116
122
|
@client.redirect_uri = 'https://example.client.com/callback'
|
117
|
-
@client.authorization_uri.to_s.
|
123
|
+
expect(@client.authorization_uri.to_s).to include(
|
118
124
|
'https://example.com/authorize'
|
119
125
|
)
|
120
|
-
@client.authorization_uri.query_values['client_id'].
|
121
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
126
|
+
expect(@client.authorization_uri.query_values['client_id']).to eq 's6BhdRkqt3'
|
127
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq (
|
122
128
|
'https://example.client.com/callback'
|
123
129
|
)
|
124
130
|
end
|
@@ -129,11 +135,11 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
129
135
|
@client.client_id = 's6BhdRkqt3'
|
130
136
|
@client.redirect_uri =
|
131
137
|
Addressable::URI.parse('https://example.client.com/callback')
|
132
|
-
@client.authorization_uri.to_s.
|
138
|
+
expect(@client.authorization_uri.to_s).to include(
|
133
139
|
'https://example.com/authorize'
|
134
140
|
)
|
135
|
-
@client.authorization_uri.query_values['client_id'].
|
136
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
141
|
+
expect(@client.authorization_uri.query_values['client_id']).to eq 's6BhdRkqt3'
|
142
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq (
|
137
143
|
'https://example.client.com/callback'
|
138
144
|
)
|
139
145
|
end
|
@@ -142,9 +148,9 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
142
148
|
@client.authorization_uri =
|
143
149
|
Addressable::URI.parse('https://example.com/authorize')
|
144
150
|
@client.client_id = 's6BhdRkqt3'
|
145
|
-
(lambda do
|
151
|
+
expect(lambda do
|
146
152
|
@client.authorization_uri
|
147
|
-
end).
|
153
|
+
end).to raise_error(ArgumentError)
|
148
154
|
end
|
149
155
|
|
150
156
|
it 'should require a client ID when getting the authorization_uri' do
|
@@ -152,31 +158,31 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
152
158
|
Addressable::URI.parse('https://example.com/authorize')
|
153
159
|
@client.redirect_uri =
|
154
160
|
Addressable::URI.parse('https://example.client.com/callback')
|
155
|
-
(lambda do
|
161
|
+
expect(lambda do
|
156
162
|
@client.authorization_uri
|
157
|
-
end).
|
163
|
+
end).to raise_error(ArgumentError)
|
158
164
|
end
|
159
165
|
|
160
166
|
it 'should have no token_credential_uri' do
|
161
|
-
@client.token_credential_uri.
|
167
|
+
expect(@client.token_credential_uri).to eq nil
|
162
168
|
end
|
163
169
|
|
164
170
|
it 'should allow the token_credential_uri to be set to a String' do
|
165
171
|
@client.token_credential_uri = "https://example.com/token"
|
166
|
-
@client.token_credential_uri.
|
172
|
+
expect(@client.token_credential_uri.to_s).to eq "https://example.com/token"
|
167
173
|
end
|
168
174
|
|
169
175
|
it 'should allow the token_credential_uri to be set to a Hash' do
|
170
176
|
@client.token_credential_uri = {
|
171
177
|
:scheme => 'https', :host => 'example.com', :path => '/token'
|
172
178
|
}
|
173
|
-
@client.token_credential_uri.to_s.
|
179
|
+
expect(@client.token_credential_uri.to_s).to eq 'https://example.com/token'
|
174
180
|
end
|
175
181
|
|
176
182
|
it 'should allow the token_credential_uri to be set to a URI' do
|
177
183
|
@client.token_credential_uri =
|
178
184
|
Addressable::URI.parse("https://example.com/token")
|
179
|
-
@client.token_credential_uri.
|
185
|
+
expect(@client.token_credential_uri.to_s).to eq "https://example.com/token"
|
180
186
|
end
|
181
187
|
end
|
182
188
|
|
@@ -197,76 +203,74 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
|
|
197
203
|
|
198
204
|
it 'should generate valid JWTs' do
|
199
205
|
jwt = @client.to_jwt
|
200
|
-
jwt.
|
206
|
+
expect(jwt).not_to be_nil
|
201
207
|
|
202
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
203
|
-
claim["iss"].
|
204
|
-
claim["scope"].
|
205
|
-
claim["aud"].
|
208
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
209
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
210
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
211
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
206
212
|
end
|
207
213
|
|
208
214
|
it 'should generate valid JWTs for impersonation' do
|
209
215
|
@client.principal = 'user@example.com'
|
210
216
|
jwt = @client.to_jwt
|
211
|
-
jwt.
|
217
|
+
expect(jwt).not_to be_nil
|
212
218
|
|
213
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
214
|
-
claim["iss"].
|
215
|
-
claim["prn"].
|
216
|
-
claim["scope"].
|
217
|
-
claim["aud"].
|
219
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
220
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
221
|
+
expect(claim["prn"]).to eq 'user@example.com'
|
222
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
223
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
218
224
|
end
|
219
225
|
|
220
226
|
it 'should generate valid JWTs for impersonation using deprecated person attribute' do
|
221
227
|
@client.person = 'user@example.com'
|
222
228
|
jwt = @client.to_jwt
|
223
|
-
jwt.
|
229
|
+
expect(jwt).not_to be_nil
|
224
230
|
|
225
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
226
|
-
claim["iss"].
|
227
|
-
claim["prn"].
|
228
|
-
claim["scope"].
|
229
|
-
claim["aud"].
|
231
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
232
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
233
|
+
expect(claim["prn"]).to eq 'user@example.com'
|
234
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
235
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
230
236
|
end
|
231
237
|
|
232
238
|
it 'should generate valid JWTs for impersonation using the sub attribute' do
|
233
239
|
@client.sub = 'user@example.com'
|
234
240
|
jwt = @client.to_jwt
|
235
|
-
jwt.
|
241
|
+
expect(jwt).not_to be_nil
|
236
242
|
|
237
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
238
|
-
claim["iss"].
|
239
|
-
claim["sub"].
|
240
|
-
claim["scope"].
|
241
|
-
claim["aud"].
|
243
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
244
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
245
|
+
expect(claim["sub"]).to eq 'user@example.com'
|
246
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
247
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
242
248
|
end
|
243
249
|
|
244
250
|
it 'should generate a JSON representation of the client' do
|
245
251
|
@client.principal = 'user@example.com'
|
246
252
|
json = @client.to_json
|
247
|
-
json.
|
253
|
+
expect(json).not_to be_nil
|
248
254
|
|
249
255
|
deserialized = MultiJson.load(json)
|
250
|
-
deserialized["token_credential_uri"].
|
251
|
-
|
252
|
-
deserialized["
|
253
|
-
|
254
|
-
deserialized["
|
255
|
-
deserialized["audience"].should == 'https://accounts.google.com/o/oauth2/token'
|
256
|
-
deserialized["signing_key"].should == @key.to_s
|
256
|
+
expect(deserialized["token_credential_uri"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
257
|
+
expect(deserialized["scope"]).to eq ['https://www.googleapis.com/auth/userinfo.profile']
|
258
|
+
expect(deserialized["issuer"]).to eq 'app@example.com'
|
259
|
+
expect(deserialized["audience"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
260
|
+
expect(deserialized["signing_key"]).to eq @key.to_s
|
257
261
|
end
|
258
262
|
|
259
263
|
it 'should send valid access token request' do
|
260
264
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
261
265
|
stub.post('/o/oauth2/token') do |env|
|
262
266
|
params = Addressable::URI.form_unencode(env[:body])
|
263
|
-
|
264
|
-
params.assoc("grant_type").
|
265
|
-
|
266
|
-
"access_token"
|
267
|
-
"token_type"
|
268
|
-
"expires_in"
|
269
|
-
}
|
267
|
+
claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key)
|
268
|
+
expect(params.assoc("grant_type")).to eq ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
|
269
|
+
build_json_response({
|
270
|
+
"access_token" => "1/abcdef1234567890",
|
271
|
+
"token_type" => "Bearer",
|
272
|
+
"expires_in" => 3600
|
273
|
+
})
|
270
274
|
end
|
271
275
|
end
|
272
276
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -274,7 +278,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
|
|
274
278
|
end
|
275
279
|
|
276
280
|
@client.fetch_access_token!(:connection => connection)
|
277
|
-
@client.access_token.
|
281
|
+
expect(@client.access_token).to eq "1/abcdef1234567890"
|
278
282
|
stubs.verify_stubbed_calls
|
279
283
|
end
|
280
284
|
end
|
@@ -294,12 +298,12 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
|
|
294
298
|
|
295
299
|
it 'should generate valid JWTs' do
|
296
300
|
jwt = @client.to_jwt
|
297
|
-
jwt.
|
301
|
+
expect(jwt).not_to be_nil
|
298
302
|
|
299
|
-
claim = JWT.decode(jwt, @key, true)
|
300
|
-
claim["iss"].
|
301
|
-
claim["scope"].
|
302
|
-
claim["aud"].
|
303
|
+
claim, header = JWT.decode(jwt, @key, true)
|
304
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
305
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
306
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
303
307
|
end
|
304
308
|
end
|
305
309
|
end
|
@@ -316,33 +320,33 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
316
320
|
end
|
317
321
|
|
318
322
|
it 'should not have a grant type by default' do
|
319
|
-
@client.grant_type.
|
323
|
+
expect(@client.grant_type).to eq nil
|
320
324
|
end
|
321
325
|
|
322
326
|
it 'should use the authorization_code grant type if given code' do
|
323
327
|
@client.code = '00000'
|
324
328
|
@client.redirect_uri = 'http://www.example.com/'
|
325
|
-
@client.grant_type.
|
329
|
+
expect(@client.grant_type).to eq 'authorization_code'
|
326
330
|
end
|
327
331
|
|
328
332
|
it 'should use the refresh_token grant type if given refresh token' do
|
329
333
|
@client.refresh_token = '54321'
|
330
|
-
@client.grant_type.
|
334
|
+
expect(@client.grant_type).to eq 'refresh_token'
|
331
335
|
end
|
332
336
|
|
333
337
|
it 'should use the password grant type if given username and password' do
|
334
338
|
@client.username = 'johndoe'
|
335
339
|
@client.password = 'incognito'
|
336
|
-
@client.grant_type.
|
340
|
+
expect(@client.grant_type).to eq 'password'
|
337
341
|
end
|
338
342
|
|
339
343
|
it 'should allow the grant type to be set manually' do
|
340
344
|
@client.grant_type = 'authorization_code'
|
341
|
-
@client.grant_type.
|
345
|
+
expect(@client.grant_type).to eq 'authorization_code'
|
342
346
|
@client.grant_type = 'refresh_token'
|
343
|
-
@client.grant_type.
|
347
|
+
expect(@client.grant_type).to eq 'refresh_token'
|
344
348
|
@client.grant_type = 'password'
|
345
|
-
@client.grant_type.
|
349
|
+
expect(@client.grant_type).to eq 'password'
|
346
350
|
end
|
347
351
|
|
348
352
|
it 'should allow the grant type to be set to an extension' do
|
@@ -350,16 +354,14 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
350
354
|
@client.extension_parameters['assertion'] =
|
351
355
|
'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'
|
352
356
|
|
353
|
-
@client.grant_type.
|
354
|
-
|
355
|
-
@client.extension_parameters.should ==
|
356
|
-
{'assertion' => 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'}
|
357
|
+
expect(@client.grant_type).to eq Addressable::URI.parse('urn:ietf:params:oauth:grant-type:saml2-bearer')
|
358
|
+
expect(@client.extension_parameters).to eq ({'assertion' => 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'})
|
357
359
|
end
|
358
360
|
|
359
361
|
it 'should raise an error if extension parameters are bogus' do
|
360
|
-
(lambda do
|
362
|
+
expect(lambda do
|
361
363
|
@client.extension_parameters = :bogus
|
362
|
-
end).
|
364
|
+
end).to raise_error(TypeError)
|
363
365
|
end
|
364
366
|
|
365
367
|
it 'should include extension parameters in token request' do
|
@@ -369,7 +371,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
369
371
|
|
370
372
|
request = @client.generate_access_token_request
|
371
373
|
params = Addressable::URI.form_unencode(request.body)
|
372
|
-
params.
|
374
|
+
expect(params).to include(['assertion', 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'])
|
373
375
|
end
|
374
376
|
|
375
377
|
it 'should allow the token to be updated' do
|
@@ -380,11 +382,22 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
380
382
|
:expires_in => 3600,
|
381
383
|
:issued_at => issued_at
|
382
384
|
)
|
383
|
-
@client.access_token.
|
384
|
-
@client.refresh_token.
|
385
|
-
@client.expires_in.
|
386
|
-
@client.issued_at.
|
387
|
-
@client.
|
385
|
+
expect(@client.access_token).to eq '12345'
|
386
|
+
expect(@client.refresh_token).to eq '54321'
|
387
|
+
expect(@client.expires_in).to eq 3600
|
388
|
+
expect(@client.issued_at).to eq issued_at
|
389
|
+
expect(@client).to_not be_expired
|
390
|
+
end
|
391
|
+
|
392
|
+
it 'should handle expires as equivalent to expires_in' do
|
393
|
+
issued_at = Time.now
|
394
|
+
@client.update_token!(
|
395
|
+
:access_token => '12345',
|
396
|
+
:refresh_token => '54321',
|
397
|
+
:expires => 600,
|
398
|
+
:issued_at => issued_at
|
399
|
+
)
|
400
|
+
expect(@client.expires_in).to eq 600
|
388
401
|
end
|
389
402
|
|
390
403
|
it 'should allow the token to be updated without an expiration' do
|
@@ -392,11 +405,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
392
405
|
:access_token => '12345',
|
393
406
|
:refresh_token => '54321'
|
394
407
|
)
|
395
|
-
@client.access_token.
|
396
|
-
@client.refresh_token.
|
397
|
-
@client.expires_in.
|
398
|
-
@client.issued_at.
|
399
|
-
@client.
|
408
|
+
expect(@client.access_token).to eq '12345'
|
409
|
+
expect(@client.refresh_token).to eq '54321'
|
410
|
+
expect(@client.expires_in).to eq nil
|
411
|
+
expect(@client.issued_at).to eq nil
|
412
|
+
expect(@client).to_not be_expired
|
400
413
|
end
|
401
414
|
|
402
415
|
it 'should allow the token expiration to be cleared' do
|
@@ -409,7 +422,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
409
422
|
)
|
410
423
|
@client.expires_in = nil
|
411
424
|
@client.issued_at = nil
|
412
|
-
@client.
|
425
|
+
expect(@client).to_not be_expired
|
413
426
|
end
|
414
427
|
|
415
428
|
it 'should allow the expires_at time to be updated' do
|
@@ -418,15 +431,15 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
418
431
|
:expires_at => expires_at.to_i,
|
419
432
|
:expires_in => nil
|
420
433
|
)
|
421
|
-
@client.expires_at.
|
422
|
-
@client.
|
434
|
+
expect(@client.expires_at).to be_within(1).of(expires_at)
|
435
|
+
expect(@client).to be_expired
|
423
436
|
end
|
424
437
|
|
425
438
|
it 'should allow setting expires_at manually' do
|
426
439
|
expires_at = Time.now+100
|
427
440
|
@client.expires_at = expires_at.to_i
|
428
|
-
@client.expires_at.
|
429
|
-
@client.
|
441
|
+
expect(@client.expires_at).to be_within(1).of(expires_at)
|
442
|
+
expect(@client).to_not be_expired
|
430
443
|
end
|
431
444
|
|
432
445
|
it 'should raise an error if the authorization endpoint is not secure' do
|
@@ -434,16 +447,16 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
434
447
|
@client.client_secret = 'secret-12345'
|
435
448
|
@client.redirect_uri = 'http://www.example.com/'
|
436
449
|
@client.authorization_uri = 'http://accounts.google.com/o/oauth2/auth'
|
437
|
-
(lambda do
|
450
|
+
expect(lambda do
|
438
451
|
@client.authorization_uri
|
439
|
-
end).
|
452
|
+
end).to raise_error(Signet::UnsafeOperationError)
|
440
453
|
end
|
441
454
|
|
442
455
|
it 'should raise an error if token credential URI is missing' do
|
443
456
|
@client.token_credential_uri = nil
|
444
|
-
(lambda do
|
457
|
+
expect(lambda do
|
445
458
|
@client.fetch_access_token!
|
446
|
-
end).
|
459
|
+
end).to raise_error(ArgumentError)
|
447
460
|
end
|
448
461
|
|
449
462
|
it 'should raise an error if unauthorized' do
|
@@ -454,14 +467,14 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
454
467
|
[401, {}, 'User authorization failed or something.']
|
455
468
|
end
|
456
469
|
end
|
457
|
-
(lambda do
|
470
|
+
expect(lambda do
|
458
471
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
459
472
|
builder.adapter(:test, stubs)
|
460
473
|
end
|
461
474
|
@client.fetch_access_token!(
|
462
475
|
:connection => connection
|
463
476
|
)
|
464
|
-
end).
|
477
|
+
end).to raise_error(Signet::AuthorizationError)
|
465
478
|
stubs.verify_stubbed_calls
|
466
479
|
end
|
467
480
|
|
@@ -473,14 +486,14 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
473
486
|
[509, {}, 'Rate limit hit or something.']
|
474
487
|
end
|
475
488
|
end
|
476
|
-
(lambda do
|
489
|
+
expect(lambda do
|
477
490
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
478
491
|
builder.adapter(:test, stubs)
|
479
492
|
end
|
480
493
|
@client.fetch_access_token!(
|
481
494
|
:connection => connection
|
482
495
|
)
|
483
|
-
end).
|
496
|
+
end).to raise_error(Signet::AuthorizationError)
|
484
497
|
stubs.verify_stubbed_calls
|
485
498
|
end
|
486
499
|
|
@@ -491,11 +504,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
491
504
|
@client.redirect_uri = 'https://www.example.com/'
|
492
505
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
493
506
|
stub.post('/o/oauth2/token') do
|
494
|
-
|
507
|
+
build_json_response({
|
495
508
|
'access_token' => '12345',
|
496
509
|
'refresh_token' => '54321',
|
497
510
|
'expires_in' => '3600'
|
498
|
-
})
|
511
|
+
})
|
499
512
|
end
|
500
513
|
end
|
501
514
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -504,9 +517,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
504
517
|
@client.fetch_access_token!(
|
505
518
|
:connection => connection
|
506
519
|
)
|
507
|
-
@client.access_token.
|
508
|
-
@client.refresh_token.
|
509
|
-
@client.expires_in.
|
520
|
+
expect(@client.access_token).to eq '12345'
|
521
|
+
expect(@client.refresh_token).to eq '54321'
|
522
|
+
expect(@client.expires_in).to eq 3600
|
510
523
|
stubs.verify_stubbed_calls
|
511
524
|
end
|
512
525
|
|
@@ -517,11 +530,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
517
530
|
@client.password = 'incognito'
|
518
531
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
519
532
|
stub.post('/o/oauth2/token') do
|
520
|
-
|
533
|
+
build_json_response({
|
521
534
|
'access_token' => '12345',
|
522
535
|
'refresh_token' => '54321',
|
523
536
|
'expires_in' => '3600'
|
524
|
-
})
|
537
|
+
})
|
525
538
|
end
|
526
539
|
end
|
527
540
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -530,9 +543,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
530
543
|
@client.fetch_access_token!(
|
531
544
|
:connection => connection
|
532
545
|
)
|
533
|
-
@client.access_token.
|
534
|
-
@client.refresh_token.
|
535
|
-
@client.expires_in.
|
546
|
+
expect(@client.access_token).to eq '12345'
|
547
|
+
expect(@client.refresh_token).to eq '54321'
|
548
|
+
expect(@client.expires_in).to eq 3600
|
536
549
|
stubs.verify_stubbed_calls
|
537
550
|
end
|
538
551
|
|
@@ -542,11 +555,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
542
555
|
@client.refresh_token = '54321'
|
543
556
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
544
557
|
stub.post('/o/oauth2/token') do
|
545
|
-
|
558
|
+
build_json_response({
|
546
559
|
'access_token' => '12345',
|
547
560
|
'refresh_token' => '54321',
|
548
561
|
'expires_in' => '3600'
|
549
|
-
})
|
562
|
+
})
|
550
563
|
end
|
551
564
|
end
|
552
565
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -555,9 +568,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
555
568
|
@client.fetch_access_token!(
|
556
569
|
:connection => connection
|
557
570
|
)
|
558
|
-
@client.access_token.
|
559
|
-
@client.refresh_token.
|
560
|
-
@client.expires_in.
|
571
|
+
expect(@client.access_token).to eq '12345'
|
572
|
+
expect(@client.refresh_token).to eq '54321'
|
573
|
+
expect(@client.expires_in).to eq 3600
|
561
574
|
stubs.verify_stubbed_calls
|
562
575
|
end
|
563
576
|
|
@@ -565,9 +578,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
565
578
|
@client.client_id = 'client-12345'
|
566
579
|
@client.client_secret = 'secret-12345'
|
567
580
|
@client.redirect_uri = 'https://www.example.com/'
|
568
|
-
(lambda do
|
581
|
+
expect(lambda do
|
569
582
|
@client.fetch_access_token!
|
570
|
-
end).
|
583
|
+
end).to raise_error(ArgumentError)
|
571
584
|
end
|
572
585
|
|
573
586
|
it 'should correctly fetch protected resources' do
|
@@ -594,8 +607,8 @@ JSON
|
|
594
607
|
:connection => connection,
|
595
608
|
:uri => 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json'
|
596
609
|
)
|
597
|
-
response.status.
|
598
|
-
response.body.
|
610
|
+
expect(response.status).to eq 200
|
611
|
+
expect(response.body).to eq <<-JSON
|
599
612
|
{
|
600
613
|
"id": "116452824309856782163",
|
601
614
|
"name": "Bob Aman",
|
@@ -621,7 +634,7 @@ JSON
|
|
621
634
|
req.url('https://www.googleapis.com/oauth2/v1/userinfo?alt=json')
|
622
635
|
end
|
623
636
|
)
|
624
|
-
request.headers['Authorization'].
|
637
|
+
expect(request.headers['Authorization']).to eq 'Bearer 12345, realm="Example"'
|
625
638
|
end
|
626
639
|
|
627
640
|
it 'should correctly send the realm in the Authorization header' do
|
@@ -641,7 +654,7 @@ JSON
|
|
641
654
|
['']
|
642
655
|
]
|
643
656
|
)
|
644
|
-
request.headers['Authorization'].
|
657
|
+
expect(request.headers['Authorization']).to eq 'Bearer 12345, realm="Example"'
|
645
658
|
end
|
646
659
|
|
647
660
|
it 'should not raise an error if a request is ' +
|
@@ -662,20 +675,20 @@ JSON
|
|
662
675
|
@client.client_id = 'client-12345'
|
663
676
|
@client.client_secret = 'secret-12345'
|
664
677
|
@client.access_token = '12345'
|
665
|
-
(lambda do
|
678
|
+
expect(lambda do
|
666
679
|
@client.generate_authenticated_request(
|
667
680
|
:realm => 'Example',
|
668
681
|
:method => 'POST'
|
669
682
|
)
|
670
|
-
end).
|
683
|
+
end).to raise_error(ArgumentError)
|
671
684
|
end
|
672
685
|
|
673
686
|
it 'should raise an error if the client does not have an access token' do
|
674
687
|
@client.client_id = 'client-12345'
|
675
688
|
@client.client_secret = 'secret-12345'
|
676
|
-
(lambda do
|
689
|
+
expect(lambda do
|
677
690
|
@client.fetch_protected_resource
|
678
|
-
end).
|
691
|
+
end).to raise_error(ArgumentError)
|
679
692
|
end
|
680
693
|
|
681
694
|
it 'should not raise an error if the API server gives an error status' do
|
@@ -694,8 +707,8 @@ JSON
|
|
694
707
|
:connection => connection,
|
695
708
|
:uri => 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json'
|
696
709
|
)
|
697
|
-
response.status.
|
698
|
-
response.body.
|
710
|
+
expect(response.status).to eq 509
|
711
|
+
expect(response.body).to eq 'Rate limit hit or something.'
|
699
712
|
stubs.verify_stubbed_calls
|
700
713
|
end
|
701
714
|
|
@@ -709,7 +722,7 @@ JSON
|
|
709
722
|
[401, {}, 'User authorization failed or something.']
|
710
723
|
end
|
711
724
|
end
|
712
|
-
(lambda do
|
725
|
+
expect(lambda do
|
713
726
|
connection = Faraday.new(
|
714
727
|
:url => 'https://www.googleapis.com'
|
715
728
|
) do |builder|
|
@@ -719,7 +732,7 @@ JSON
|
|
719
732
|
:connection => connection,
|
720
733
|
:uri => 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json'
|
721
734
|
)
|
722
|
-
end).
|
735
|
+
end).to raise_error(Signet::AuthorizationError)
|
723
736
|
stubs.verify_stubbed_calls
|
724
737
|
end
|
725
738
|
|
@@ -728,7 +741,7 @@ JSON
|
|
728
741
|
@client.client_secret = 'secret-12345'
|
729
742
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
730
743
|
stub.post('/o/oauth2/token') do
|
731
|
-
|
744
|
+
build_json_response({
|
732
745
|
'access_token' => '12345',
|
733
746
|
'refresh_token' => '54321',
|
734
747
|
'expires_in' => '3600',
|
@@ -739,7 +752,7 @@ JSON
|
|
739
752
|
'Y2xpZW50LTEyMzQ1IiwiaXNzIjoiZXhhbXBsZS5jb20ifQ.tsF3srlBaAh6pV3U' +
|
740
753
|
'wfRrHSA3-jwnvOw6MMsQ6sO4kjc'
|
741
754
|
)
|
742
|
-
})
|
755
|
+
})
|
743
756
|
end
|
744
757
|
end
|
745
758
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -748,9 +761,9 @@ JSON
|
|
748
761
|
@client.fetch_access_token!(
|
749
762
|
:connection => connection
|
750
763
|
)
|
751
|
-
@client.access_token.
|
752
|
-
@client.refresh_token.
|
753
|
-
@client.decoded_id_token.
|
764
|
+
expect(@client.access_token).to eq '12345'
|
765
|
+
expect(@client.refresh_token).to eq '54321'
|
766
|
+
expect(@client.decoded_id_token).to eq ({
|
754
767
|
"token_hash" => "tghD9J7n8V0N2vcw6eMijg",
|
755
768
|
"id" => "12345",
|
756
769
|
"aud" => "client-12345",
|
@@ -758,8 +771,8 @@ JSON
|
|
758
771
|
"exp" => 1320674878,
|
759
772
|
"cid" => "client-12345",
|
760
773
|
"iss" => "example.com"
|
761
|
-
}
|
762
|
-
@client.expires_in.
|
774
|
+
})
|
775
|
+
expect(@client.expires_in).to eq 3600
|
763
776
|
stubs.verify_stubbed_calls
|
764
777
|
end
|
765
778
|
|
@@ -769,7 +782,7 @@ JSON
|
|
769
782
|
@client.client_secret = 'secret-12345'
|
770
783
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
771
784
|
stub.post('/o/oauth2/token') do
|
772
|
-
|
785
|
+
build_json_response({
|
773
786
|
'access_token' => '12345',
|
774
787
|
'refresh_token' => '54321',
|
775
788
|
'expires_in' => '3600',
|
@@ -780,7 +793,7 @@ JSON
|
|
780
793
|
'Y2xpZW50LTEyMzQ1IiwiaXNzIjoiZXhhbXBsZS5jb20ifQ.tsF3srlBaAh6pV3U' +
|
781
794
|
'wfRrHSA3-jwnvOw6MMsQ6sO4kjc'
|
782
795
|
)
|
783
|
-
})
|
796
|
+
})
|
784
797
|
end
|
785
798
|
end
|
786
799
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -789,12 +802,12 @@ JSON
|
|
789
802
|
@client.fetch_access_token!(
|
790
803
|
:connection => connection
|
791
804
|
)
|
792
|
-
@client.access_token.
|
793
|
-
@client.refresh_token.
|
794
|
-
@client.expires_in.
|
795
|
-
(lambda do
|
805
|
+
expect(@client.access_token).to eq '12345'
|
806
|
+
expect(@client.refresh_token).to eq '54321'
|
807
|
+
expect(@client.expires_in).to eq 3600
|
808
|
+
expect(lambda do
|
796
809
|
@client.decoded_id_token
|
797
|
-
end).
|
810
|
+
end).to raise_error(Signet::UnsafeOperationError)
|
798
811
|
stubs.verify_stubbed_calls
|
799
812
|
end
|
800
813
|
|
@@ -804,7 +817,7 @@ JSON
|
|
804
817
|
@client.client_secret = 'secret-12345'
|
805
818
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
806
819
|
stub.post('/o/oauth2/token') do
|
807
|
-
|
820
|
+
build_json_response({
|
808
821
|
'access_token' => '12345',
|
809
822
|
'refresh_token' => '54321',
|
810
823
|
'expires_in' => '3600',
|
@@ -814,7 +827,7 @@ JSON
|
|
814
827
|
'zgsImV4cCI6MTMyMDY3NDg3OCwiY2lkIjoiY2xpZW50LTEyMzQ1IiwiaXNzIjoi' +
|
815
828
|
'ZXhhbXBsZS5jb20ifQ.7qj85CKbQyVdDe5y2ScdJAZNkEeKMPW9LIonLxG1vu8'
|
816
829
|
)
|
817
|
-
})
|
830
|
+
})
|
818
831
|
end
|
819
832
|
end
|
820
833
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -823,12 +836,12 @@ JSON
|
|
823
836
|
@client.fetch_access_token!(
|
824
837
|
:connection => connection
|
825
838
|
)
|
826
|
-
@client.access_token.
|
827
|
-
@client.refresh_token.
|
828
|
-
@client.expires_in.
|
829
|
-
(lambda do
|
839
|
+
expect(@client.access_token).to eq '12345'
|
840
|
+
expect(@client.refresh_token).to eq '54321'
|
841
|
+
expect(@client.expires_in).to eq 3600
|
842
|
+
expect(lambda do
|
830
843
|
@client.decoded_id_token
|
831
|
-
end).
|
844
|
+
end).to raise_error(Signet::UnsafeOperationError)
|
832
845
|
stubs.verify_stubbed_calls
|
833
846
|
end
|
834
847
|
|
@@ -837,7 +850,7 @@ JSON
|
|
837
850
|
@client.client_secret = 'secret-12345'
|
838
851
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
839
852
|
stub.post('/o/oauth2/token') do
|
840
|
-
|
853
|
+
build_json_response({
|
841
854
|
'access_token' => '12345',
|
842
855
|
'refresh_token' => '54321',
|
843
856
|
'expires_in' => '3600',
|
@@ -851,7 +864,7 @@ JSON
|
|
851
864
|
'wcy1PxsROY1fmBvXSer0IQesAqOW-rPOCNReSn-eY8d53ph1x2HAF-AzEi3GOl' +
|
852
865
|
'6hFycH8wj7Su6JqqyEbIVLxE7q7DkAZGaMPkxbTHs1EhSd5_oaKQ6O4xO3ZnnT4'
|
853
866
|
)
|
854
|
-
})
|
867
|
+
})
|
855
868
|
end
|
856
869
|
end
|
857
870
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -860,10 +873,10 @@ JSON
|
|
860
873
|
@client.fetch_access_token!(
|
861
874
|
:connection => connection
|
862
875
|
)
|
863
|
-
@client.access_token.
|
864
|
-
@client.refresh_token.
|
865
|
-
@client.expires_in.
|
866
|
-
(lambda do
|
876
|
+
expect(@client.access_token).to eq '12345'
|
877
|
+
expect(@client.refresh_token).to eq '54321'
|
878
|
+
expect(@client.expires_in).to eq 3600
|
879
|
+
expect(lambda do
|
867
880
|
pubkey = OpenSSL::PKey::RSA.new(<<-PUBKEY)
|
868
881
|
-----BEGIN PUBLIC KEY-----
|
869
882
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCaY7425h964bjaoLeUm
|
@@ -876,7 +889,7 @@ xwIDAQAB
|
|
876
889
|
-----END PUBLIC KEY-----
|
877
890
|
PUBKEY
|
878
891
|
@client.decoded_id_token(pubkey)
|
879
|
-
end).
|
892
|
+
end).to raise_error(JWT::DecodeError, "Signature verification failed")
|
880
893
|
stubs.verify_stubbed_calls
|
881
894
|
end
|
882
895
|
end
|
@@ -891,17 +904,17 @@ describe Signet::OAuth2::Client, 'authorization_uri' do
|
|
891
904
|
end
|
892
905
|
|
893
906
|
it 'should set access_type to offline by default' do
|
894
|
-
@client.authorization_uri.query_values['access_type'].
|
907
|
+
expect(@client.authorization_uri.query_values['access_type']).to eq 'offline'
|
895
908
|
end
|
896
909
|
|
897
910
|
it 'should set response_type to code by default' do
|
898
|
-
@client.authorization_uri.query_values['response_type'].
|
911
|
+
expect(@client.authorization_uri.query_values['response_type']).to eq 'code'
|
899
912
|
end
|
900
913
|
|
901
914
|
it 'should raise an error when setting both prompt and approval_prompt' do
|
902
|
-
(lambda do
|
915
|
+
expect(lambda do
|
903
916
|
@client.authorization_uri(:approval_prompt => 'force', :prompt => 'consent')
|
904
|
-
end).
|
917
|
+
end).to raise_error(ArgumentError)
|
905
918
|
end
|
906
919
|
end
|
907
920
|
|
@@ -916,18 +929,71 @@ describe Signet::OAuth2::Client, 'configured with custom parameters' do
|
|
916
929
|
)
|
917
930
|
end
|
918
931
|
|
932
|
+
# Normalizing to symbols - good test case example here for changes to normalized input.
|
933
|
+
# Also tests Addressable's output.
|
934
|
+
# Note: The only changes made here are to testing the **INTERNAL** representation of options.
|
919
935
|
it 'should allow custom parameters to be set on init' do
|
920
|
-
@client.additional_parameters.
|
936
|
+
expect(@client.additional_parameters).to eq({:type => 'web_server'})
|
937
|
+
end
|
938
|
+
|
939
|
+
it 'should allow custom parameters to be updated' do
|
940
|
+
@client.update!(:additional_parameters => {:type => 'new_type'})
|
941
|
+
@client.additional_parameters.should == { :type => 'new_type'}
|
942
|
+
end
|
943
|
+
|
944
|
+
it 'should use custom parameters when generating authorization_uri' do
|
945
|
+
expect(@client.authorization_uri().query_values).to eq ({
|
946
|
+
"access_type"=>"offline",
|
947
|
+
"client_id"=>"s6BhdRkqt3",
|
948
|
+
"redirect_uri"=>"https://example.client.com/callback",
|
949
|
+
"response_type"=>"code",
|
950
|
+
"type"=>"web_server"})
|
951
|
+
end
|
952
|
+
|
953
|
+
it 'should merge new authorization_uri custom parameters' do
|
954
|
+
@client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "new_param"=>"new_val", "response_type"=>"code","redirect_uri"=>"https://example.client.com/callback", "type"=>"new_type"}
|
955
|
+
end
|
956
|
+
|
957
|
+
it 'should merge new generate_access_token_request custom parameters' do
|
958
|
+
@client.update!(:code=>'12345')
|
959
|
+
body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
|
960
|
+
body.should include("type=new_type")
|
961
|
+
body.should include("new_param=new_val")
|
962
|
+
end
|
963
|
+
end
|
964
|
+
|
965
|
+
describe Signet::OAuth2::Client, 'configured with custom parameters' do
|
966
|
+
before do
|
967
|
+
@client = Signet::OAuth2::Client.new(
|
968
|
+
"client_id" => 's6BhdRkqt3',
|
969
|
+
"redirect_uri" => 'https://example.client.com/callback',
|
970
|
+
"authorization_uri" => 'https://example.com/authorize',
|
971
|
+
"token_credential_uri" => 'https://example.com/token',
|
972
|
+
"additional_parameters" => {'type' => 'web_server'}
|
973
|
+
)
|
974
|
+
end
|
975
|
+
|
976
|
+
# Normalizing to symbols - good test case example here for changes to normalized input.
|
977
|
+
# Also tests Addressable's output.
|
978
|
+
# Note: The only changes made here are to testing the **INTERNAL** representation of options.
|
979
|
+
it 'should allow custom parameters to be set on init' do
|
980
|
+
@client.additional_parameters.should == { :type => 'web_server'}
|
921
981
|
end
|
922
982
|
|
923
983
|
it 'should allow custom parameters to be updated' do
|
924
984
|
@client.update!(:additional_parameters => {'type' => 'new_type'})
|
925
|
-
@client.additional_parameters.should == {
|
985
|
+
@client.additional_parameters.should == { :type => 'new_type'}
|
926
986
|
end
|
927
987
|
|
928
988
|
it 'should use custom parameters when generating authorization_uri' do
|
929
989
|
@client.authorization_uri().query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "redirect_uri"=>"https://example.client.com/callback", "response_type"=>"code", "type"=>"web_server"}
|
930
990
|
end
|
991
|
+
|
992
|
+
it 'should have the correct authorization_uri' do
|
993
|
+
@client.authorization_uri.host.should == 'example.com'
|
994
|
+
@client.authorization_uri.path.should == '/authorize'
|
995
|
+
end
|
996
|
+
|
931
997
|
it 'should merge new authorization_uri custom parameters' do
|
932
998
|
@client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "new_param"=>"new_val", "response_type"=>"code","redirect_uri"=>"https://example.client.com/callback", "type"=>"new_type"}
|
933
999
|
end
|
@@ -939,3 +1005,52 @@ describe Signet::OAuth2::Client, 'configured with custom parameters' do
|
|
939
1005
|
body.should include("new_param=new_val")
|
940
1006
|
end
|
941
1007
|
end
|
1008
|
+
|
1009
|
+
describe Signet::OAuth2::Client, 'configured with custom parameters a la JSON.load(credentials_file)' do
|
1010
|
+
before do
|
1011
|
+
@client = Signet::OAuth2::Client.new(
|
1012
|
+
"client_id" => 's6BhdRkqt3',
|
1013
|
+
"redirect_uri" => 'https://example.client.com/callback',
|
1014
|
+
"authorization_uri" => {"scheme"=>"https", "user"=>nil, "password"=>nil, "host"=>"accounts.google.com", "port"=>nil, "path"=>"/o/oauth2/auth", "query"=>nil, "fragment"=>nil},
|
1015
|
+
"token_credential_uri" => 'https://example.com/token',
|
1016
|
+
"additional_parameters" => {'type' => 'web_server'}
|
1017
|
+
)
|
1018
|
+
end
|
1019
|
+
|
1020
|
+
it 'should allow custom parameters to be set on init' do
|
1021
|
+
@client.additional_parameters.should == {:type => 'web_server'}
|
1022
|
+
end
|
1023
|
+
|
1024
|
+
it 'should allow custom parameters to be updated' do
|
1025
|
+
@client.update!(:additional_parameters => {'type' => 'new_type'})
|
1026
|
+
@client.additional_parameters.should == {:type => 'new_type'}
|
1027
|
+
end
|
1028
|
+
|
1029
|
+
it 'should have correct authorization_uri hash options' do
|
1030
|
+
@client.authorization_uri.host.should == "accounts.google.com"
|
1031
|
+
@client.authorization_uri.path.should == "/o/oauth2/auth"
|
1032
|
+
end
|
1033
|
+
|
1034
|
+
it 'should use custom parameters when generating authorization_uri' do
|
1035
|
+
@client.authorization_uri().query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "redirect_uri"=>"https://example.client.com/callback", "response_type"=>"code", "type"=>"web_server"}
|
1036
|
+
end
|
1037
|
+
|
1038
|
+
# , "path" => "/o/oauth2/oauth", "host" => "accounts.google.com"
|
1039
|
+
|
1040
|
+
it 'should merge new authorization_uri custom parameters' do
|
1041
|
+
expect(@client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values).to eq ({
|
1042
|
+
"access_type"=>"offline",
|
1043
|
+
"client_id"=>"s6BhdRkqt3",
|
1044
|
+
"new_param"=>"new_val",
|
1045
|
+
"response_type"=>"code",
|
1046
|
+
"redirect_uri"=>"https://example.client.com/callback",
|
1047
|
+
"type"=>"new_type"})
|
1048
|
+
end
|
1049
|
+
|
1050
|
+
it 'should merge new generate_access_token_request custom parameters' do
|
1051
|
+
@client.update!(:code=>'12345')
|
1052
|
+
body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
|
1053
|
+
expect(body).to include("type=new_type")
|
1054
|
+
expect(body).to include("new_param=new_val")
|
1055
|
+
end
|
1056
|
+
end
|