signet 0.5.1 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +13 -5
- data/CHANGELOG.md +7 -0
- data/Gemfile +2 -19
- data/lib/signet/oauth_2/client.rb +82 -50
- data/lib/signet/oauth_2.rb +9 -2
- data/lib/signet/version.rb +2 -2
- data/signet.gemspec +38 -0
- data/spec/signet/oauth_1/client_spec.rb +231 -243
- data/spec/signet/oauth_1/credential_spec.rb +30 -30
- data/spec/signet/oauth_1/server_spec.rb +128 -129
- data/spec/signet/oauth_1/services/google_spec.rb +24 -25
- data/spec/signet/oauth_1/signature_methods/hmac_sha1_spec.rb +4 -4
- data/spec/signet/oauth_1/signature_methods/plaintext_spec.rb +4 -4
- data/spec/signet/oauth_1/signature_methods/rsa_sha1_spec.rb +6 -6
- data/spec/signet/oauth_1_spec.rb +190 -192
- data/spec/signet/oauth_2/client_spec.rb +296 -181
- data/spec/signet/oauth_2_spec.rb +58 -48
- data/spec/signet_spec.rb +23 -23
- data/spec/spec_helper.rb +3 -1
- data/tasks/gem.rake +3 -55
- data/tasks/spec.rake +0 -25
- metadata +99 -38
@@ -24,86 +24,92 @@ require 'jwt'
|
|
24
24
|
|
25
25
|
conn = Faraday.default_connection
|
26
26
|
|
27
|
+
def build_json_response(payload)
|
28
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, MultiJson.dump(payload)]
|
29
|
+
end
|
30
|
+
|
31
|
+
def build_form_encoded_response(payload)
|
32
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, Addressable::URI.form_encode(payload)]
|
33
|
+
end
|
34
|
+
|
27
35
|
describe Signet::OAuth2::Client, 'unconfigured' do
|
28
36
|
before do
|
29
37
|
@client = Signet::OAuth2::Client.new
|
30
38
|
end
|
31
39
|
it 'should allow additional paraemters to be set.' do
|
32
|
-
@client.additional_parameters['type'] =
|
33
|
-
|
34
|
-
@client.additional_parameters.should ==
|
35
|
-
{'type' => 'web_server'}
|
40
|
+
@client.additional_parameters['type'] = 'web_server'
|
41
|
+
expect(@client.additional_parameters).to eq({'type' => 'web_server'})
|
36
42
|
end
|
37
43
|
it 'should raise an error if a bogus scope is provided' do
|
38
|
-
(lambda do
|
44
|
+
expect(lambda do
|
39
45
|
@client = Signet::OAuth2::Client.new(:scope => :bogus)
|
40
|
-
end).
|
46
|
+
end).to raise_error(TypeError)
|
41
47
|
end
|
42
48
|
|
43
49
|
it 'should raise an error if a scope array is provided with spaces' do
|
44
|
-
(lambda do
|
50
|
+
expect(lambda do
|
45
51
|
@client = Signet::OAuth2::Client.new(:scope => [
|
46
52
|
'legit',
|
47
53
|
'bogus bogus'
|
48
54
|
])
|
49
|
-
end).
|
55
|
+
end).to raise_error(ArgumentError)
|
50
56
|
end
|
51
57
|
|
52
58
|
it 'should allow the scope to be set to a String' do
|
53
59
|
@client.scope = 'legit'
|
54
|
-
@client.scope.
|
60
|
+
expect(@client.scope).to eq ['legit']
|
55
61
|
@client.scope = 'legit alsolegit'
|
56
|
-
@client.scope.
|
62
|
+
expect(@client.scope).to eq ['legit', 'alsolegit']
|
57
63
|
end
|
58
64
|
|
59
65
|
it 'should allow the scope to be set to an Array' do
|
60
66
|
@client.scope = ['legit']
|
61
|
-
@client.scope.
|
67
|
+
expect(@client.scope).to eq ['legit']
|
62
68
|
@client.scope = ['legit', 'alsolegit']
|
63
|
-
@client.scope.
|
69
|
+
expect(@client.scope).to eq ['legit', 'alsolegit']
|
64
70
|
end
|
65
71
|
|
66
72
|
it 'should raise an error if a bogus redirect URI is provided' do
|
67
|
-
(lambda do
|
73
|
+
expect(lambda do
|
68
74
|
@client = Signet::OAuth2::Client.new(:redirect_uri => :bogus)
|
69
|
-
end).
|
75
|
+
end).to raise_error(TypeError)
|
70
76
|
end
|
71
77
|
|
72
78
|
it 'should raise an error if a relative redirect URI is provided' do
|
73
|
-
(lambda do
|
79
|
+
expect(lambda do
|
74
80
|
@client = Signet::OAuth2::Client.new(:redirect_uri => '/relative/path')
|
75
|
-
end).
|
81
|
+
end).to raise_error(ArgumentError)
|
76
82
|
end
|
77
83
|
|
78
84
|
it 'should allow "postmessage" as a redirect URI (Google hack)' do
|
79
85
|
@client.authorization_uri = 'https://example.com/authorize'
|
80
86
|
@client.client_id = 's6BhdRkqt3'
|
81
87
|
@client.redirect_uri = 'postmessage'
|
82
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
88
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq 'postmessage'
|
83
89
|
end
|
84
90
|
|
85
91
|
it 'should allow oob values as a redirect URI (for installed apps)' do
|
86
92
|
@client.authorization_uri = 'https://example.com/authorize'
|
87
93
|
@client.client_id = 's6BhdRkqt3'
|
88
94
|
@client.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
|
89
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
95
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq 'urn:ietf:wg:oauth:2.0:oob'
|
90
96
|
@client.redirect_uri = 'oob'
|
91
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
97
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq 'oob'
|
92
98
|
end
|
93
99
|
|
94
100
|
it 'should have no authorization_uri' do
|
95
|
-
@client.authorization_uri.
|
101
|
+
expect(@client.authorization_uri).to eq nil
|
96
102
|
end
|
97
103
|
|
98
104
|
it 'should allow the authorization_uri to be set to a String' do
|
99
105
|
@client.authorization_uri = 'https://example.com/authorize'
|
100
106
|
@client.client_id = 's6BhdRkqt3'
|
101
107
|
@client.redirect_uri = 'https://example.client.com/callback'
|
102
|
-
@client.authorization_uri.to_s.
|
108
|
+
expect(@client.authorization_uri.to_s).to include(
|
103
109
|
'https://example.com/authorize'
|
104
110
|
)
|
105
|
-
@client.authorization_uri.query_values['client_id'].
|
106
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
111
|
+
expect(@client.authorization_uri.query_values['client_id']).to eq 's6BhdRkqt3'
|
112
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq (
|
107
113
|
'https://example.client.com/callback'
|
108
114
|
)
|
109
115
|
end
|
@@ -114,11 +120,11 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
114
120
|
}
|
115
121
|
@client.client_id = 's6BhdRkqt3'
|
116
122
|
@client.redirect_uri = 'https://example.client.com/callback'
|
117
|
-
@client.authorization_uri.to_s.
|
123
|
+
expect(@client.authorization_uri.to_s).to include(
|
118
124
|
'https://example.com/authorize'
|
119
125
|
)
|
120
|
-
@client.authorization_uri.query_values['client_id'].
|
121
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
126
|
+
expect(@client.authorization_uri.query_values['client_id']).to eq 's6BhdRkqt3'
|
127
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq (
|
122
128
|
'https://example.client.com/callback'
|
123
129
|
)
|
124
130
|
end
|
@@ -129,11 +135,11 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
129
135
|
@client.client_id = 's6BhdRkqt3'
|
130
136
|
@client.redirect_uri =
|
131
137
|
Addressable::URI.parse('https://example.client.com/callback')
|
132
|
-
@client.authorization_uri.to_s.
|
138
|
+
expect(@client.authorization_uri.to_s).to include(
|
133
139
|
'https://example.com/authorize'
|
134
140
|
)
|
135
|
-
@client.authorization_uri.query_values['client_id'].
|
136
|
-
@client.authorization_uri.query_values['redirect_uri'].
|
141
|
+
expect(@client.authorization_uri.query_values['client_id']).to eq 's6BhdRkqt3'
|
142
|
+
expect(@client.authorization_uri.query_values['redirect_uri']).to eq (
|
137
143
|
'https://example.client.com/callback'
|
138
144
|
)
|
139
145
|
end
|
@@ -142,9 +148,9 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
142
148
|
@client.authorization_uri =
|
143
149
|
Addressable::URI.parse('https://example.com/authorize')
|
144
150
|
@client.client_id = 's6BhdRkqt3'
|
145
|
-
(lambda do
|
151
|
+
expect(lambda do
|
146
152
|
@client.authorization_uri
|
147
|
-
end).
|
153
|
+
end).to raise_error(ArgumentError)
|
148
154
|
end
|
149
155
|
|
150
156
|
it 'should require a client ID when getting the authorization_uri' do
|
@@ -152,31 +158,31 @@ describe Signet::OAuth2::Client, 'unconfigured' do
|
|
152
158
|
Addressable::URI.parse('https://example.com/authorize')
|
153
159
|
@client.redirect_uri =
|
154
160
|
Addressable::URI.parse('https://example.client.com/callback')
|
155
|
-
(lambda do
|
161
|
+
expect(lambda do
|
156
162
|
@client.authorization_uri
|
157
|
-
end).
|
163
|
+
end).to raise_error(ArgumentError)
|
158
164
|
end
|
159
165
|
|
160
166
|
it 'should have no token_credential_uri' do
|
161
|
-
@client.token_credential_uri.
|
167
|
+
expect(@client.token_credential_uri).to eq nil
|
162
168
|
end
|
163
169
|
|
164
170
|
it 'should allow the token_credential_uri to be set to a String' do
|
165
171
|
@client.token_credential_uri = "https://example.com/token"
|
166
|
-
@client.token_credential_uri.
|
172
|
+
expect(@client.token_credential_uri.to_s).to eq "https://example.com/token"
|
167
173
|
end
|
168
174
|
|
169
175
|
it 'should allow the token_credential_uri to be set to a Hash' do
|
170
176
|
@client.token_credential_uri = {
|
171
177
|
:scheme => 'https', :host => 'example.com', :path => '/token'
|
172
178
|
}
|
173
|
-
@client.token_credential_uri.to_s.
|
179
|
+
expect(@client.token_credential_uri.to_s).to eq 'https://example.com/token'
|
174
180
|
end
|
175
181
|
|
176
182
|
it 'should allow the token_credential_uri to be set to a URI' do
|
177
183
|
@client.token_credential_uri =
|
178
184
|
Addressable::URI.parse("https://example.com/token")
|
179
|
-
@client.token_credential_uri.
|
185
|
+
expect(@client.token_credential_uri.to_s).to eq "https://example.com/token"
|
180
186
|
end
|
181
187
|
end
|
182
188
|
|
@@ -197,76 +203,74 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
|
|
197
203
|
|
198
204
|
it 'should generate valid JWTs' do
|
199
205
|
jwt = @client.to_jwt
|
200
|
-
jwt.
|
206
|
+
expect(jwt).not_to be_nil
|
201
207
|
|
202
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
203
|
-
claim["iss"].
|
204
|
-
claim["scope"].
|
205
|
-
claim["aud"].
|
208
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
209
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
210
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
211
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
206
212
|
end
|
207
213
|
|
208
214
|
it 'should generate valid JWTs for impersonation' do
|
209
215
|
@client.principal = 'user@example.com'
|
210
216
|
jwt = @client.to_jwt
|
211
|
-
jwt.
|
217
|
+
expect(jwt).not_to be_nil
|
212
218
|
|
213
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
214
|
-
claim["iss"].
|
215
|
-
claim["prn"].
|
216
|
-
claim["scope"].
|
217
|
-
claim["aud"].
|
219
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
220
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
221
|
+
expect(claim["prn"]).to eq 'user@example.com'
|
222
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
223
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
218
224
|
end
|
219
225
|
|
220
226
|
it 'should generate valid JWTs for impersonation using deprecated person attribute' do
|
221
227
|
@client.person = 'user@example.com'
|
222
228
|
jwt = @client.to_jwt
|
223
|
-
jwt.
|
229
|
+
expect(jwt).not_to be_nil
|
224
230
|
|
225
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
226
|
-
claim["iss"].
|
227
|
-
claim["prn"].
|
228
|
-
claim["scope"].
|
229
|
-
claim["aud"].
|
231
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
232
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
233
|
+
expect(claim["prn"]).to eq 'user@example.com'
|
234
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
235
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
230
236
|
end
|
231
237
|
|
232
238
|
it 'should generate valid JWTs for impersonation using the sub attribute' do
|
233
239
|
@client.sub = 'user@example.com'
|
234
240
|
jwt = @client.to_jwt
|
235
|
-
jwt.
|
241
|
+
expect(jwt).not_to be_nil
|
236
242
|
|
237
|
-
claim = JWT.decode(jwt, @key.public_key, true)
|
238
|
-
claim["iss"].
|
239
|
-
claim["sub"].
|
240
|
-
claim["scope"].
|
241
|
-
claim["aud"].
|
243
|
+
claim, header = JWT.decode(jwt, @key.public_key, true)
|
244
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
245
|
+
expect(claim["sub"]).to eq 'user@example.com'
|
246
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
247
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
242
248
|
end
|
243
249
|
|
244
250
|
it 'should generate a JSON representation of the client' do
|
245
251
|
@client.principal = 'user@example.com'
|
246
252
|
json = @client.to_json
|
247
|
-
json.
|
253
|
+
expect(json).not_to be_nil
|
248
254
|
|
249
255
|
deserialized = MultiJson.load(json)
|
250
|
-
deserialized["token_credential_uri"].
|
251
|
-
|
252
|
-
deserialized["
|
253
|
-
|
254
|
-
deserialized["
|
255
|
-
deserialized["audience"].should == 'https://accounts.google.com/o/oauth2/token'
|
256
|
-
deserialized["signing_key"].should == @key.to_s
|
256
|
+
expect(deserialized["token_credential_uri"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
257
|
+
expect(deserialized["scope"]).to eq ['https://www.googleapis.com/auth/userinfo.profile']
|
258
|
+
expect(deserialized["issuer"]).to eq 'app@example.com'
|
259
|
+
expect(deserialized["audience"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
260
|
+
expect(deserialized["signing_key"]).to eq @key.to_s
|
257
261
|
end
|
258
262
|
|
259
263
|
it 'should send valid access token request' do
|
260
264
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
261
265
|
stub.post('/o/oauth2/token') do |env|
|
262
266
|
params = Addressable::URI.form_unencode(env[:body])
|
263
|
-
|
264
|
-
params.assoc("grant_type").
|
265
|
-
|
266
|
-
"access_token"
|
267
|
-
"token_type"
|
268
|
-
"expires_in"
|
269
|
-
}
|
267
|
+
claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key)
|
268
|
+
expect(params.assoc("grant_type")).to eq ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
|
269
|
+
build_json_response({
|
270
|
+
"access_token" => "1/abcdef1234567890",
|
271
|
+
"token_type" => "Bearer",
|
272
|
+
"expires_in" => 3600
|
273
|
+
})
|
270
274
|
end
|
271
275
|
end
|
272
276
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -274,7 +278,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
|
|
274
278
|
end
|
275
279
|
|
276
280
|
@client.fetch_access_token!(:connection => connection)
|
277
|
-
@client.access_token.
|
281
|
+
expect(@client.access_token).to eq "1/abcdef1234567890"
|
278
282
|
stubs.verify_stubbed_calls
|
279
283
|
end
|
280
284
|
end
|
@@ -294,12 +298,12 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
|
|
294
298
|
|
295
299
|
it 'should generate valid JWTs' do
|
296
300
|
jwt = @client.to_jwt
|
297
|
-
jwt.
|
301
|
+
expect(jwt).not_to be_nil
|
298
302
|
|
299
|
-
claim = JWT.decode(jwt, @key, true)
|
300
|
-
claim["iss"].
|
301
|
-
claim["scope"].
|
302
|
-
claim["aud"].
|
303
|
+
claim, header = JWT.decode(jwt, @key, true)
|
304
|
+
expect(claim["iss"]).to eq 'app@example.com'
|
305
|
+
expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
|
306
|
+
expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
|
303
307
|
end
|
304
308
|
end
|
305
309
|
end
|
@@ -316,33 +320,33 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
316
320
|
end
|
317
321
|
|
318
322
|
it 'should not have a grant type by default' do
|
319
|
-
@client.grant_type.
|
323
|
+
expect(@client.grant_type).to eq nil
|
320
324
|
end
|
321
325
|
|
322
326
|
it 'should use the authorization_code grant type if given code' do
|
323
327
|
@client.code = '00000'
|
324
328
|
@client.redirect_uri = 'http://www.example.com/'
|
325
|
-
@client.grant_type.
|
329
|
+
expect(@client.grant_type).to eq 'authorization_code'
|
326
330
|
end
|
327
331
|
|
328
332
|
it 'should use the refresh_token grant type if given refresh token' do
|
329
333
|
@client.refresh_token = '54321'
|
330
|
-
@client.grant_type.
|
334
|
+
expect(@client.grant_type).to eq 'refresh_token'
|
331
335
|
end
|
332
336
|
|
333
337
|
it 'should use the password grant type if given username and password' do
|
334
338
|
@client.username = 'johndoe'
|
335
339
|
@client.password = 'incognito'
|
336
|
-
@client.grant_type.
|
340
|
+
expect(@client.grant_type).to eq 'password'
|
337
341
|
end
|
338
342
|
|
339
343
|
it 'should allow the grant type to be set manually' do
|
340
344
|
@client.grant_type = 'authorization_code'
|
341
|
-
@client.grant_type.
|
345
|
+
expect(@client.grant_type).to eq 'authorization_code'
|
342
346
|
@client.grant_type = 'refresh_token'
|
343
|
-
@client.grant_type.
|
347
|
+
expect(@client.grant_type).to eq 'refresh_token'
|
344
348
|
@client.grant_type = 'password'
|
345
|
-
@client.grant_type.
|
349
|
+
expect(@client.grant_type).to eq 'password'
|
346
350
|
end
|
347
351
|
|
348
352
|
it 'should allow the grant type to be set to an extension' do
|
@@ -350,16 +354,14 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
350
354
|
@client.extension_parameters['assertion'] =
|
351
355
|
'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'
|
352
356
|
|
353
|
-
@client.grant_type.
|
354
|
-
|
355
|
-
@client.extension_parameters.should ==
|
356
|
-
{'assertion' => 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'}
|
357
|
+
expect(@client.grant_type).to eq Addressable::URI.parse('urn:ietf:params:oauth:grant-type:saml2-bearer')
|
358
|
+
expect(@client.extension_parameters).to eq ({'assertion' => 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'})
|
357
359
|
end
|
358
360
|
|
359
361
|
it 'should raise an error if extension parameters are bogus' do
|
360
|
-
(lambda do
|
362
|
+
expect(lambda do
|
361
363
|
@client.extension_parameters = :bogus
|
362
|
-
end).
|
364
|
+
end).to raise_error(TypeError)
|
363
365
|
end
|
364
366
|
|
365
367
|
it 'should include extension parameters in token request' do
|
@@ -369,7 +371,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
369
371
|
|
370
372
|
request = @client.generate_access_token_request
|
371
373
|
params = Addressable::URI.form_unencode(request.body)
|
372
|
-
params.
|
374
|
+
expect(params).to include(['assertion', 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'])
|
373
375
|
end
|
374
376
|
|
375
377
|
it 'should allow the token to be updated' do
|
@@ -380,11 +382,22 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
380
382
|
:expires_in => 3600,
|
381
383
|
:issued_at => issued_at
|
382
384
|
)
|
383
|
-
@client.access_token.
|
384
|
-
@client.refresh_token.
|
385
|
-
@client.expires_in.
|
386
|
-
@client.issued_at.
|
387
|
-
@client.
|
385
|
+
expect(@client.access_token).to eq '12345'
|
386
|
+
expect(@client.refresh_token).to eq '54321'
|
387
|
+
expect(@client.expires_in).to eq 3600
|
388
|
+
expect(@client.issued_at).to eq issued_at
|
389
|
+
expect(@client).to_not be_expired
|
390
|
+
end
|
391
|
+
|
392
|
+
it 'should handle expires as equivalent to expires_in' do
|
393
|
+
issued_at = Time.now
|
394
|
+
@client.update_token!(
|
395
|
+
:access_token => '12345',
|
396
|
+
:refresh_token => '54321',
|
397
|
+
:expires => 600,
|
398
|
+
:issued_at => issued_at
|
399
|
+
)
|
400
|
+
expect(@client.expires_in).to eq 600
|
388
401
|
end
|
389
402
|
|
390
403
|
it 'should allow the token to be updated without an expiration' do
|
@@ -392,11 +405,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
392
405
|
:access_token => '12345',
|
393
406
|
:refresh_token => '54321'
|
394
407
|
)
|
395
|
-
@client.access_token.
|
396
|
-
@client.refresh_token.
|
397
|
-
@client.expires_in.
|
398
|
-
@client.issued_at.
|
399
|
-
@client.
|
408
|
+
expect(@client.access_token).to eq '12345'
|
409
|
+
expect(@client.refresh_token).to eq '54321'
|
410
|
+
expect(@client.expires_in).to eq nil
|
411
|
+
expect(@client.issued_at).to eq nil
|
412
|
+
expect(@client).to_not be_expired
|
400
413
|
end
|
401
414
|
|
402
415
|
it 'should allow the token expiration to be cleared' do
|
@@ -409,7 +422,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
409
422
|
)
|
410
423
|
@client.expires_in = nil
|
411
424
|
@client.issued_at = nil
|
412
|
-
@client.
|
425
|
+
expect(@client).to_not be_expired
|
413
426
|
end
|
414
427
|
|
415
428
|
it 'should allow the expires_at time to be updated' do
|
@@ -418,15 +431,15 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
418
431
|
:expires_at => expires_at.to_i,
|
419
432
|
:expires_in => nil
|
420
433
|
)
|
421
|
-
@client.expires_at.
|
422
|
-
@client.
|
434
|
+
expect(@client.expires_at).to be_within(1).of(expires_at)
|
435
|
+
expect(@client).to be_expired
|
423
436
|
end
|
424
437
|
|
425
438
|
it 'should allow setting expires_at manually' do
|
426
439
|
expires_at = Time.now+100
|
427
440
|
@client.expires_at = expires_at.to_i
|
428
|
-
@client.expires_at.
|
429
|
-
@client.
|
441
|
+
expect(@client.expires_at).to be_within(1).of(expires_at)
|
442
|
+
expect(@client).to_not be_expired
|
430
443
|
end
|
431
444
|
|
432
445
|
it 'should raise an error if the authorization endpoint is not secure' do
|
@@ -434,16 +447,16 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
434
447
|
@client.client_secret = 'secret-12345'
|
435
448
|
@client.redirect_uri = 'http://www.example.com/'
|
436
449
|
@client.authorization_uri = 'http://accounts.google.com/o/oauth2/auth'
|
437
|
-
(lambda do
|
450
|
+
expect(lambda do
|
438
451
|
@client.authorization_uri
|
439
|
-
end).
|
452
|
+
end).to raise_error(Signet::UnsafeOperationError)
|
440
453
|
end
|
441
454
|
|
442
455
|
it 'should raise an error if token credential URI is missing' do
|
443
456
|
@client.token_credential_uri = nil
|
444
|
-
(lambda do
|
457
|
+
expect(lambda do
|
445
458
|
@client.fetch_access_token!
|
446
|
-
end).
|
459
|
+
end).to raise_error(ArgumentError)
|
447
460
|
end
|
448
461
|
|
449
462
|
it 'should raise an error if unauthorized' do
|
@@ -454,14 +467,14 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
454
467
|
[401, {}, 'User authorization failed or something.']
|
455
468
|
end
|
456
469
|
end
|
457
|
-
(lambda do
|
470
|
+
expect(lambda do
|
458
471
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
459
472
|
builder.adapter(:test, stubs)
|
460
473
|
end
|
461
474
|
@client.fetch_access_token!(
|
462
475
|
:connection => connection
|
463
476
|
)
|
464
|
-
end).
|
477
|
+
end).to raise_error(Signet::AuthorizationError)
|
465
478
|
stubs.verify_stubbed_calls
|
466
479
|
end
|
467
480
|
|
@@ -473,14 +486,14 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
473
486
|
[509, {}, 'Rate limit hit or something.']
|
474
487
|
end
|
475
488
|
end
|
476
|
-
(lambda do
|
489
|
+
expect(lambda do
|
477
490
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
478
491
|
builder.adapter(:test, stubs)
|
479
492
|
end
|
480
493
|
@client.fetch_access_token!(
|
481
494
|
:connection => connection
|
482
495
|
)
|
483
|
-
end).
|
496
|
+
end).to raise_error(Signet::AuthorizationError)
|
484
497
|
stubs.verify_stubbed_calls
|
485
498
|
end
|
486
499
|
|
@@ -491,11 +504,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
491
504
|
@client.redirect_uri = 'https://www.example.com/'
|
492
505
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
493
506
|
stub.post('/o/oauth2/token') do
|
494
|
-
|
507
|
+
build_json_response({
|
495
508
|
'access_token' => '12345',
|
496
509
|
'refresh_token' => '54321',
|
497
510
|
'expires_in' => '3600'
|
498
|
-
})
|
511
|
+
})
|
499
512
|
end
|
500
513
|
end
|
501
514
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -504,9 +517,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
504
517
|
@client.fetch_access_token!(
|
505
518
|
:connection => connection
|
506
519
|
)
|
507
|
-
@client.access_token.
|
508
|
-
@client.refresh_token.
|
509
|
-
@client.expires_in.
|
520
|
+
expect(@client.access_token).to eq '12345'
|
521
|
+
expect(@client.refresh_token).to eq '54321'
|
522
|
+
expect(@client.expires_in).to eq 3600
|
510
523
|
stubs.verify_stubbed_calls
|
511
524
|
end
|
512
525
|
|
@@ -517,11 +530,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
517
530
|
@client.password = 'incognito'
|
518
531
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
519
532
|
stub.post('/o/oauth2/token') do
|
520
|
-
|
533
|
+
build_json_response({
|
521
534
|
'access_token' => '12345',
|
522
535
|
'refresh_token' => '54321',
|
523
536
|
'expires_in' => '3600'
|
524
|
-
})
|
537
|
+
})
|
525
538
|
end
|
526
539
|
end
|
527
540
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -530,9 +543,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
530
543
|
@client.fetch_access_token!(
|
531
544
|
:connection => connection
|
532
545
|
)
|
533
|
-
@client.access_token.
|
534
|
-
@client.refresh_token.
|
535
|
-
@client.expires_in.
|
546
|
+
expect(@client.access_token).to eq '12345'
|
547
|
+
expect(@client.refresh_token).to eq '54321'
|
548
|
+
expect(@client.expires_in).to eq 3600
|
536
549
|
stubs.verify_stubbed_calls
|
537
550
|
end
|
538
551
|
|
@@ -542,11 +555,11 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
542
555
|
@client.refresh_token = '54321'
|
543
556
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
544
557
|
stub.post('/o/oauth2/token') do
|
545
|
-
|
558
|
+
build_json_response({
|
546
559
|
'access_token' => '12345',
|
547
560
|
'refresh_token' => '54321',
|
548
561
|
'expires_in' => '3600'
|
549
|
-
})
|
562
|
+
})
|
550
563
|
end
|
551
564
|
end
|
552
565
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -555,9 +568,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
555
568
|
@client.fetch_access_token!(
|
556
569
|
:connection => connection
|
557
570
|
)
|
558
|
-
@client.access_token.
|
559
|
-
@client.refresh_token.
|
560
|
-
@client.expires_in.
|
571
|
+
expect(@client.access_token).to eq '12345'
|
572
|
+
expect(@client.refresh_token).to eq '54321'
|
573
|
+
expect(@client.expires_in).to eq 3600
|
561
574
|
stubs.verify_stubbed_calls
|
562
575
|
end
|
563
576
|
|
@@ -565,9 +578,9 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
|
|
565
578
|
@client.client_id = 'client-12345'
|
566
579
|
@client.client_secret = 'secret-12345'
|
567
580
|
@client.redirect_uri = 'https://www.example.com/'
|
568
|
-
(lambda do
|
581
|
+
expect(lambda do
|
569
582
|
@client.fetch_access_token!
|
570
|
-
end).
|
583
|
+
end).to raise_error(ArgumentError)
|
571
584
|
end
|
572
585
|
|
573
586
|
it 'should correctly fetch protected resources' do
|
@@ -594,8 +607,8 @@ JSON
|
|
594
607
|
:connection => connection,
|
595
608
|
:uri => 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json'
|
596
609
|
)
|
597
|
-
response.status.
|
598
|
-
response.body.
|
610
|
+
expect(response.status).to eq 200
|
611
|
+
expect(response.body).to eq <<-JSON
|
599
612
|
{
|
600
613
|
"id": "116452824309856782163",
|
601
614
|
"name": "Bob Aman",
|
@@ -621,7 +634,7 @@ JSON
|
|
621
634
|
req.url('https://www.googleapis.com/oauth2/v1/userinfo?alt=json')
|
622
635
|
end
|
623
636
|
)
|
624
|
-
request.headers['Authorization'].
|
637
|
+
expect(request.headers['Authorization']).to eq 'Bearer 12345, realm="Example"'
|
625
638
|
end
|
626
639
|
|
627
640
|
it 'should correctly send the realm in the Authorization header' do
|
@@ -641,7 +654,7 @@ JSON
|
|
641
654
|
['']
|
642
655
|
]
|
643
656
|
)
|
644
|
-
request.headers['Authorization'].
|
657
|
+
expect(request.headers['Authorization']).to eq 'Bearer 12345, realm="Example"'
|
645
658
|
end
|
646
659
|
|
647
660
|
it 'should not raise an error if a request is ' +
|
@@ -662,20 +675,20 @@ JSON
|
|
662
675
|
@client.client_id = 'client-12345'
|
663
676
|
@client.client_secret = 'secret-12345'
|
664
677
|
@client.access_token = '12345'
|
665
|
-
(lambda do
|
678
|
+
expect(lambda do
|
666
679
|
@client.generate_authenticated_request(
|
667
680
|
:realm => 'Example',
|
668
681
|
:method => 'POST'
|
669
682
|
)
|
670
|
-
end).
|
683
|
+
end).to raise_error(ArgumentError)
|
671
684
|
end
|
672
685
|
|
673
686
|
it 'should raise an error if the client does not have an access token' do
|
674
687
|
@client.client_id = 'client-12345'
|
675
688
|
@client.client_secret = 'secret-12345'
|
676
|
-
(lambda do
|
689
|
+
expect(lambda do
|
677
690
|
@client.fetch_protected_resource
|
678
|
-
end).
|
691
|
+
end).to raise_error(ArgumentError)
|
679
692
|
end
|
680
693
|
|
681
694
|
it 'should not raise an error if the API server gives an error status' do
|
@@ -694,8 +707,8 @@ JSON
|
|
694
707
|
:connection => connection,
|
695
708
|
:uri => 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json'
|
696
709
|
)
|
697
|
-
response.status.
|
698
|
-
response.body.
|
710
|
+
expect(response.status).to eq 509
|
711
|
+
expect(response.body).to eq 'Rate limit hit or something.'
|
699
712
|
stubs.verify_stubbed_calls
|
700
713
|
end
|
701
714
|
|
@@ -709,7 +722,7 @@ JSON
|
|
709
722
|
[401, {}, 'User authorization failed or something.']
|
710
723
|
end
|
711
724
|
end
|
712
|
-
(lambda do
|
725
|
+
expect(lambda do
|
713
726
|
connection = Faraday.new(
|
714
727
|
:url => 'https://www.googleapis.com'
|
715
728
|
) do |builder|
|
@@ -719,7 +732,7 @@ JSON
|
|
719
732
|
:connection => connection,
|
720
733
|
:uri => 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json'
|
721
734
|
)
|
722
|
-
end).
|
735
|
+
end).to raise_error(Signet::AuthorizationError)
|
723
736
|
stubs.verify_stubbed_calls
|
724
737
|
end
|
725
738
|
|
@@ -728,7 +741,7 @@ JSON
|
|
728
741
|
@client.client_secret = 'secret-12345'
|
729
742
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
730
743
|
stub.post('/o/oauth2/token') do
|
731
|
-
|
744
|
+
build_json_response({
|
732
745
|
'access_token' => '12345',
|
733
746
|
'refresh_token' => '54321',
|
734
747
|
'expires_in' => '3600',
|
@@ -739,7 +752,7 @@ JSON
|
|
739
752
|
'Y2xpZW50LTEyMzQ1IiwiaXNzIjoiZXhhbXBsZS5jb20ifQ.tsF3srlBaAh6pV3U' +
|
740
753
|
'wfRrHSA3-jwnvOw6MMsQ6sO4kjc'
|
741
754
|
)
|
742
|
-
})
|
755
|
+
})
|
743
756
|
end
|
744
757
|
end
|
745
758
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -748,9 +761,9 @@ JSON
|
|
748
761
|
@client.fetch_access_token!(
|
749
762
|
:connection => connection
|
750
763
|
)
|
751
|
-
@client.access_token.
|
752
|
-
@client.refresh_token.
|
753
|
-
@client.decoded_id_token.
|
764
|
+
expect(@client.access_token).to eq '12345'
|
765
|
+
expect(@client.refresh_token).to eq '54321'
|
766
|
+
expect(@client.decoded_id_token).to eq ({
|
754
767
|
"token_hash" => "tghD9J7n8V0N2vcw6eMijg",
|
755
768
|
"id" => "12345",
|
756
769
|
"aud" => "client-12345",
|
@@ -758,8 +771,8 @@ JSON
|
|
758
771
|
"exp" => 1320674878,
|
759
772
|
"cid" => "client-12345",
|
760
773
|
"iss" => "example.com"
|
761
|
-
}
|
762
|
-
@client.expires_in.
|
774
|
+
})
|
775
|
+
expect(@client.expires_in).to eq 3600
|
763
776
|
stubs.verify_stubbed_calls
|
764
777
|
end
|
765
778
|
|
@@ -769,7 +782,7 @@ JSON
|
|
769
782
|
@client.client_secret = 'secret-12345'
|
770
783
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
771
784
|
stub.post('/o/oauth2/token') do
|
772
|
-
|
785
|
+
build_json_response({
|
773
786
|
'access_token' => '12345',
|
774
787
|
'refresh_token' => '54321',
|
775
788
|
'expires_in' => '3600',
|
@@ -780,7 +793,7 @@ JSON
|
|
780
793
|
'Y2xpZW50LTEyMzQ1IiwiaXNzIjoiZXhhbXBsZS5jb20ifQ.tsF3srlBaAh6pV3U' +
|
781
794
|
'wfRrHSA3-jwnvOw6MMsQ6sO4kjc'
|
782
795
|
)
|
783
|
-
})
|
796
|
+
})
|
784
797
|
end
|
785
798
|
end
|
786
799
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -789,12 +802,12 @@ JSON
|
|
789
802
|
@client.fetch_access_token!(
|
790
803
|
:connection => connection
|
791
804
|
)
|
792
|
-
@client.access_token.
|
793
|
-
@client.refresh_token.
|
794
|
-
@client.expires_in.
|
795
|
-
(lambda do
|
805
|
+
expect(@client.access_token).to eq '12345'
|
806
|
+
expect(@client.refresh_token).to eq '54321'
|
807
|
+
expect(@client.expires_in).to eq 3600
|
808
|
+
expect(lambda do
|
796
809
|
@client.decoded_id_token
|
797
|
-
end).
|
810
|
+
end).to raise_error(Signet::UnsafeOperationError)
|
798
811
|
stubs.verify_stubbed_calls
|
799
812
|
end
|
800
813
|
|
@@ -804,7 +817,7 @@ JSON
|
|
804
817
|
@client.client_secret = 'secret-12345'
|
805
818
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
806
819
|
stub.post('/o/oauth2/token') do
|
807
|
-
|
820
|
+
build_json_response({
|
808
821
|
'access_token' => '12345',
|
809
822
|
'refresh_token' => '54321',
|
810
823
|
'expires_in' => '3600',
|
@@ -814,7 +827,7 @@ JSON
|
|
814
827
|
'zgsImV4cCI6MTMyMDY3NDg3OCwiY2lkIjoiY2xpZW50LTEyMzQ1IiwiaXNzIjoi' +
|
815
828
|
'ZXhhbXBsZS5jb20ifQ.7qj85CKbQyVdDe5y2ScdJAZNkEeKMPW9LIonLxG1vu8'
|
816
829
|
)
|
817
|
-
})
|
830
|
+
})
|
818
831
|
end
|
819
832
|
end
|
820
833
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -823,12 +836,12 @@ JSON
|
|
823
836
|
@client.fetch_access_token!(
|
824
837
|
:connection => connection
|
825
838
|
)
|
826
|
-
@client.access_token.
|
827
|
-
@client.refresh_token.
|
828
|
-
@client.expires_in.
|
829
|
-
(lambda do
|
839
|
+
expect(@client.access_token).to eq '12345'
|
840
|
+
expect(@client.refresh_token).to eq '54321'
|
841
|
+
expect(@client.expires_in).to eq 3600
|
842
|
+
expect(lambda do
|
830
843
|
@client.decoded_id_token
|
831
|
-
end).
|
844
|
+
end).to raise_error(Signet::UnsafeOperationError)
|
832
845
|
stubs.verify_stubbed_calls
|
833
846
|
end
|
834
847
|
|
@@ -837,7 +850,7 @@ JSON
|
|
837
850
|
@client.client_secret = 'secret-12345'
|
838
851
|
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
839
852
|
stub.post('/o/oauth2/token') do
|
840
|
-
|
853
|
+
build_json_response({
|
841
854
|
'access_token' => '12345',
|
842
855
|
'refresh_token' => '54321',
|
843
856
|
'expires_in' => '3600',
|
@@ -851,7 +864,7 @@ JSON
|
|
851
864
|
'wcy1PxsROY1fmBvXSer0IQesAqOW-rPOCNReSn-eY8d53ph1x2HAF-AzEi3GOl' +
|
852
865
|
'6hFycH8wj7Su6JqqyEbIVLxE7q7DkAZGaMPkxbTHs1EhSd5_oaKQ6O4xO3ZnnT4'
|
853
866
|
)
|
854
|
-
})
|
867
|
+
})
|
855
868
|
end
|
856
869
|
end
|
857
870
|
connection = Faraday.new(:url => 'https://www.google.com') do |builder|
|
@@ -860,10 +873,10 @@ JSON
|
|
860
873
|
@client.fetch_access_token!(
|
861
874
|
:connection => connection
|
862
875
|
)
|
863
|
-
@client.access_token.
|
864
|
-
@client.refresh_token.
|
865
|
-
@client.expires_in.
|
866
|
-
(lambda do
|
876
|
+
expect(@client.access_token).to eq '12345'
|
877
|
+
expect(@client.refresh_token).to eq '54321'
|
878
|
+
expect(@client.expires_in).to eq 3600
|
879
|
+
expect(lambda do
|
867
880
|
pubkey = OpenSSL::PKey::RSA.new(<<-PUBKEY)
|
868
881
|
-----BEGIN PUBLIC KEY-----
|
869
882
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCaY7425h964bjaoLeUm
|
@@ -876,7 +889,7 @@ xwIDAQAB
|
|
876
889
|
-----END PUBLIC KEY-----
|
877
890
|
PUBKEY
|
878
891
|
@client.decoded_id_token(pubkey)
|
879
|
-
end).
|
892
|
+
end).to raise_error(JWT::DecodeError, "Signature verification failed")
|
880
893
|
stubs.verify_stubbed_calls
|
881
894
|
end
|
882
895
|
end
|
@@ -891,17 +904,17 @@ describe Signet::OAuth2::Client, 'authorization_uri' do
|
|
891
904
|
end
|
892
905
|
|
893
906
|
it 'should set access_type to offline by default' do
|
894
|
-
@client.authorization_uri.query_values['access_type'].
|
907
|
+
expect(@client.authorization_uri.query_values['access_type']).to eq 'offline'
|
895
908
|
end
|
896
909
|
|
897
910
|
it 'should set response_type to code by default' do
|
898
|
-
@client.authorization_uri.query_values['response_type'].
|
911
|
+
expect(@client.authorization_uri.query_values['response_type']).to eq 'code'
|
899
912
|
end
|
900
913
|
|
901
914
|
it 'should raise an error when setting both prompt and approval_prompt' do
|
902
|
-
(lambda do
|
915
|
+
expect(lambda do
|
903
916
|
@client.authorization_uri(:approval_prompt => 'force', :prompt => 'consent')
|
904
|
-
end).
|
917
|
+
end).to raise_error(ArgumentError)
|
905
918
|
end
|
906
919
|
end
|
907
920
|
|
@@ -916,18 +929,71 @@ describe Signet::OAuth2::Client, 'configured with custom parameters' do
|
|
916
929
|
)
|
917
930
|
end
|
918
931
|
|
932
|
+
# Normalizing to symbols - good test case example here for changes to normalized input.
|
933
|
+
# Also tests Addressable's output.
|
934
|
+
# Note: The only changes made here are to testing the **INTERNAL** representation of options.
|
919
935
|
it 'should allow custom parameters to be set on init' do
|
920
|
-
@client.additional_parameters.
|
936
|
+
expect(@client.additional_parameters).to eq({:type => 'web_server'})
|
937
|
+
end
|
938
|
+
|
939
|
+
it 'should allow custom parameters to be updated' do
|
940
|
+
@client.update!(:additional_parameters => {:type => 'new_type'})
|
941
|
+
@client.additional_parameters.should == { :type => 'new_type'}
|
942
|
+
end
|
943
|
+
|
944
|
+
it 'should use custom parameters when generating authorization_uri' do
|
945
|
+
expect(@client.authorization_uri().query_values).to eq ({
|
946
|
+
"access_type"=>"offline",
|
947
|
+
"client_id"=>"s6BhdRkqt3",
|
948
|
+
"redirect_uri"=>"https://example.client.com/callback",
|
949
|
+
"response_type"=>"code",
|
950
|
+
"type"=>"web_server"})
|
951
|
+
end
|
952
|
+
|
953
|
+
it 'should merge new authorization_uri custom parameters' do
|
954
|
+
@client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "new_param"=>"new_val", "response_type"=>"code","redirect_uri"=>"https://example.client.com/callback", "type"=>"new_type"}
|
955
|
+
end
|
956
|
+
|
957
|
+
it 'should merge new generate_access_token_request custom parameters' do
|
958
|
+
@client.update!(:code=>'12345')
|
959
|
+
body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
|
960
|
+
body.should include("type=new_type")
|
961
|
+
body.should include("new_param=new_val")
|
962
|
+
end
|
963
|
+
end
|
964
|
+
|
965
|
+
describe Signet::OAuth2::Client, 'configured with custom parameters' do
|
966
|
+
before do
|
967
|
+
@client = Signet::OAuth2::Client.new(
|
968
|
+
"client_id" => 's6BhdRkqt3',
|
969
|
+
"redirect_uri" => 'https://example.client.com/callback',
|
970
|
+
"authorization_uri" => 'https://example.com/authorize',
|
971
|
+
"token_credential_uri" => 'https://example.com/token',
|
972
|
+
"additional_parameters" => {'type' => 'web_server'}
|
973
|
+
)
|
974
|
+
end
|
975
|
+
|
976
|
+
# Normalizing to symbols - good test case example here for changes to normalized input.
|
977
|
+
# Also tests Addressable's output.
|
978
|
+
# Note: The only changes made here are to testing the **INTERNAL** representation of options.
|
979
|
+
it 'should allow custom parameters to be set on init' do
|
980
|
+
@client.additional_parameters.should == { :type => 'web_server'}
|
921
981
|
end
|
922
982
|
|
923
983
|
it 'should allow custom parameters to be updated' do
|
924
984
|
@client.update!(:additional_parameters => {'type' => 'new_type'})
|
925
|
-
@client.additional_parameters.should == {
|
985
|
+
@client.additional_parameters.should == { :type => 'new_type'}
|
926
986
|
end
|
927
987
|
|
928
988
|
it 'should use custom parameters when generating authorization_uri' do
|
929
989
|
@client.authorization_uri().query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "redirect_uri"=>"https://example.client.com/callback", "response_type"=>"code", "type"=>"web_server"}
|
930
990
|
end
|
991
|
+
|
992
|
+
it 'should have the correct authorization_uri' do
|
993
|
+
@client.authorization_uri.host.should == 'example.com'
|
994
|
+
@client.authorization_uri.path.should == '/authorize'
|
995
|
+
end
|
996
|
+
|
931
997
|
it 'should merge new authorization_uri custom parameters' do
|
932
998
|
@client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "new_param"=>"new_val", "response_type"=>"code","redirect_uri"=>"https://example.client.com/callback", "type"=>"new_type"}
|
933
999
|
end
|
@@ -939,3 +1005,52 @@ describe Signet::OAuth2::Client, 'configured with custom parameters' do
|
|
939
1005
|
body.should include("new_param=new_val")
|
940
1006
|
end
|
941
1007
|
end
|
1008
|
+
|
1009
|
+
describe Signet::OAuth2::Client, 'configured with custom parameters a la JSON.load(credentials_file)' do
|
1010
|
+
before do
|
1011
|
+
@client = Signet::OAuth2::Client.new(
|
1012
|
+
"client_id" => 's6BhdRkqt3',
|
1013
|
+
"redirect_uri" => 'https://example.client.com/callback',
|
1014
|
+
"authorization_uri" => {"scheme"=>"https", "user"=>nil, "password"=>nil, "host"=>"accounts.google.com", "port"=>nil, "path"=>"/o/oauth2/auth", "query"=>nil, "fragment"=>nil},
|
1015
|
+
"token_credential_uri" => 'https://example.com/token',
|
1016
|
+
"additional_parameters" => {'type' => 'web_server'}
|
1017
|
+
)
|
1018
|
+
end
|
1019
|
+
|
1020
|
+
it 'should allow custom parameters to be set on init' do
|
1021
|
+
@client.additional_parameters.should == {:type => 'web_server'}
|
1022
|
+
end
|
1023
|
+
|
1024
|
+
it 'should allow custom parameters to be updated' do
|
1025
|
+
@client.update!(:additional_parameters => {'type' => 'new_type'})
|
1026
|
+
@client.additional_parameters.should == {:type => 'new_type'}
|
1027
|
+
end
|
1028
|
+
|
1029
|
+
it 'should have correct authorization_uri hash options' do
|
1030
|
+
@client.authorization_uri.host.should == "accounts.google.com"
|
1031
|
+
@client.authorization_uri.path.should == "/o/oauth2/auth"
|
1032
|
+
end
|
1033
|
+
|
1034
|
+
it 'should use custom parameters when generating authorization_uri' do
|
1035
|
+
@client.authorization_uri().query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "redirect_uri"=>"https://example.client.com/callback", "response_type"=>"code", "type"=>"web_server"}
|
1036
|
+
end
|
1037
|
+
|
1038
|
+
# , "path" => "/o/oauth2/oauth", "host" => "accounts.google.com"
|
1039
|
+
|
1040
|
+
it 'should merge new authorization_uri custom parameters' do
|
1041
|
+
expect(@client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values).to eq ({
|
1042
|
+
"access_type"=>"offline",
|
1043
|
+
"client_id"=>"s6BhdRkqt3",
|
1044
|
+
"new_param"=>"new_val",
|
1045
|
+
"response_type"=>"code",
|
1046
|
+
"redirect_uri"=>"https://example.client.com/callback",
|
1047
|
+
"type"=>"new_type"})
|
1048
|
+
end
|
1049
|
+
|
1050
|
+
it 'should merge new generate_access_token_request custom parameters' do
|
1051
|
+
@client.update!(:code=>'12345')
|
1052
|
+
body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
|
1053
|
+
expect(body).to include("type=new_type")
|
1054
|
+
expect(body).to include("new_param=new_val")
|
1055
|
+
end
|
1056
|
+
end
|