solidus_jwt 1.0.0 → 1.1.0

data/spec/lib/solidus_jwt/preferences_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+RSpec.describe SolidusJwt::Preferences do
+  let(:instance) { described_class.new }
+
+  it { is_expected.to be_kind_of(Spree::Preferences::Configuration) }
+
+  describe '#jwt_secret' do
+    subject { instance.jwt_secret }
+
+    it { is_expected.to eql Rails.application.secret_key_base }
+  end
+
+  describe '#allow_spree_api_key' do
+    subject { instance.allow_spree_api_key }
+
+    it { is_expected.to be true }
+  end
+
+  describe '#jwt_algorithm' do
+    subject { instance.jwt_algorithm }
+
+    it { is_expected.to eql 'HS256' }
+  end
+
+  describe '#jwt_expiration' do
+    subject { instance.jwt_expiration }
+
+    it { is_expected.to be 3600 }
+  end
+
+  describe '#jwt_options' do
+    subject { instance.jwt_options }
+
+    it { is_expected.to be_kind_of Hash }
+  end
+end

data/spec/lib/solidus_jwt_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper'
+
+RSpec.describe SolidusJwt do
+  include_examples 'Decodeable Examples'
+  include_examples 'Encodeable Examples'
+end

data/spec/models/solidus_jwt/token_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+RSpec.describe SolidusJwt::Token, type: :model do
+  subject { instance }
+
+  let(:instance) { FactoryBot.create(:token) }
+
+  it { is_expected.to be_valid }
+  it { is_expected.to be_active }
+  it { is_expected.not_to be_expired }
+
+  context 'when token is nil' do
+    let(:instance) { FactoryBot.build(:token, token: nil) }
+
+    it 'generates one automatically' do
+      expect(instance.token).to be_nil
+      instance.save
+      expect(instance.token).to be_present
+    end
+  end
+
+  describe '.honor?' do
+    subject { described_class.honor?(token) }
+
+    let(:token) { instance.token }
+
+    it { is_expected.to be true }
+
+    context 'when token is inactive' do
+      let(:instance) { FactoryBot.create(:token, :inactive) }
+
+      it { is_expected.to be false }
+    end
+
+    context 'when token is expired' do
+      let(:instance) { FactoryBot.create(:token, :expired) }
+
+      it { is_expected.to be false }
+    end
+  end
+end

data/spec/requests/spree/api/json_web_tokens_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+require 'spree/testing_support/factories/user_factory'
+
+RSpec.describe 'SolidusJwt Authentication', type: :request do
+  let(:params) do
+    { token: token }
+  end
+
+  let(:token) { nil }
+  let(:user) { FactoryBot.create(:user, spree_api_key: 'secret') }
+
+  it 'fails if user visits api without authenticating' do
+    get spree.api_user_path(user.id)
+    expect(response.status).to be(401)
+  end
+
+  context 'when jwt fails to decode' do
+    let(:token) { 'abc.123.efg' }
+
+    it 'renders invalid_api_key' do
+      get spree.api_user_path(user.id), params: params
+
+      expect(response.status).to be(401)
+      expect(response.body).to include('Invalid API key')
+    end
+  end
+
+  context 'when spree api key is allowed' do
+    context 'when spree api key is present' do
+      let(:token) { user.spree_api_key }
+
+      it 'passes authentication' do
+        get spree.api_user_path(user.id), params: params
+        expect(response.status).to be(200)
+      end
+    end
+
+    context 'when json web token is used' do
+      let(:token) { user.generate_jwt }
+
+      it 'passes authentication' do
+        get spree.api_user_path(user.id), params: params
+        expect(response.status).to be(200)
+      end
+    end
+  end
+
+  context 'when spree api key is not allowed' do
+    before(:all) do
+      SolidusJwt::Config.allow_spree_api_key = false
+    end
+
+    after(:all) do
+      SolidusJwt::Config.allow_spree_api_key = true
+    end
+
+    context 'when spree api key is present' do
+      let(:token) { user.spree_api_key }
+
+      it 'fails authentication' do
+        get spree.api_user_path(user.id), params: params
+        expect(response.status).to be(401)
+      end
+    end
+
+    context 'when json web token is used' do
+      let(:token) { user.generate_jwt }
+
+      it 'passes authentication' do
+        get spree.api_user_path(user.id), params: params
+        expect(response.status).to be(200)
+      end
+    end
+  end
+end

data/spec/requests/spree/api/oauths_spec.rb

@@ -0,0 +1,120 @@
+require 'spec_helper'
+require 'spree/testing_support/factories/user_factory'
+
+RSpec.describe 'Token Retrieval', type: :request do
+  let(:user) { FactoryBot.create(:user, password: 'password') }
+
+  describe '/api/token' do
+    context 'when username and password are provided' do
+      context 'when success' do
+        before do
+          post '/oauth/token', params: { username: user.email, password: 'password', grant_type: 'password' }
+        end
+
+        it 'responds with status 200' do
+          expect(response).to have_http_status(:ok)
+        end
+
+        it 'responds with access_token and refresh_token' do
+          json = JSON.parse(response.body)
+
+          expect(json).to have_key('access_token')
+          expect(json).to have_key('refresh_token')
+        end
+      end
+
+      context 'when warden failure' do
+        def send_request
+          post '/oauth/token', params: { username: user.email, password: 'password', grant_type: 'password' }
+        end
+
+        it 'responds with status 401' do
+          expect_any_instance_of(Spree::Api::OauthsController).to receive(:try_authenticate_user) do # rubocop:disable RSpec/AnyInstance
+            throw(:warden, scope: :spree_user, message: :locked)
+          end
+
+          send_request
+          expect(response).to have_http_status(:unauthorized)
+        end
+
+        it 'responds with translated Devise error message' do
+          expect_any_instance_of(Spree::Api::OauthsController).to receive(:try_authenticate_user) do # rubocop:disable RSpec/AnyInstance
+            throw(:warden, scope: :spree_user, message: :locked)
+          end
+
+          send_request
+          json = JSON.parse(response.body)
+
+          expect(json).to have_key('error')
+          expect(json['error']).to eq('Your account is locked.')
+        end
+      end
+
+      context 'when invalid password' do
+        def send_request
+          post '/oauth/token', params: { username: user.email, password: 'invalid', grant_type: 'password' }
+        end
+
+        it 'responds with status 401' do
+          send_request
+          expect(response).to have_http_status(:unauthorized)
+        end
+
+        it 'responds with invalid username or password' do
+          send_request
+
+          json = JSON.parse(response.body)
+
+          expect(json).to have_key('error')
+          expect(json['error']).to eq('invalid username or password')
+        end
+
+        context 'with error message translation' do
+          before do
+            allow(I18n).to receive(:t).with(:invalid_credentials, scope: 'solidus_jwt').and_return('Wrong token!')
+          end
+
+          it 'responds with translated error message' do
+            send_request
+
+            json = JSON.parse(response.body)
+
+            expect(json).to have_key('error')
+            expect(json['error']).to eq('Wrong token!')
+          end
+        end
+      end
+    end
+
+    context 'when refresh token provided' do
+      let(:refresh_token) { user.auth_tokens.create! }
+
+      context 'when success' do
+        before do
+          post '/oauth/token', params: { refresh_token: refresh_token.token, grant_type: 'refresh_token' }
+        end
+
+        it 'responds with status 200' do
+          expect(response).to have_http_status(:ok)
+        end
+
+        it 'responds with access_token and refresh_token' do
+          json = JSON.parse(response.body)
+
+          expect(json).to have_key('access_token')
+          expect(json).to have_key('refresh_token')
+        end
+      end
+
+      context 'when failure' do
+        before do
+          post '/oauth/token', params: { refresh_token: 'invalid', grant_type: 'refresh_token' }
+        end
+
+        it 'response with status 401' do
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,24 @@
+# Configure Rails Environment
+ENV['RAILS_ENV'] = 'test'
+
+require 'byebug'
+
+# Run Coverage report
+require 'solidus_dev_support/rspec/coverage'
+
+require File.expand_path('dummy/config/environment.rb', __dir__)
+
+# Requires factories and other useful helpers defined in spree_core.
+require 'solidus_dev_support/rspec/feature_helper'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[File.join(File.dirname(__FILE__), 'support/**/*.rb')].each { |f| require f }
+
+# Requires factories defined in lib/solidus_jwt/factories.rb
+require 'solidus_jwt/factories'
+
+RSpec.configure do |config|
+  config.infer_spec_type_from_file_location!
+  config.use_transactional_fixtures = false
+end

data/spec/support/shared_examples/decodeable_examples.rb

@@ -0,0 +1,21 @@
+RSpec.shared_examples 'Decodeable Examples' do
+  describe 'decode' do
+    let(:token) do
+      JWT.encode(payload, SolidusJwt::Config.jwt_secret,
+        SolidusJwt::Config.jwt_algorithm)
+    end
+
+    let(:payload) { { sub: 1 } }
+
+    it 'decodes a json web token' do
+      allow(JWT).to receive(:decode).and_call_original
+
+      decoded_token = subject.decode(token)
+
+      expect(JWT).to have_received(:decode).with(token, SolidusJwt::Config.jwt_secret,
+        true, hash_including(algorithm: SolidusJwt::Config.jwt_algorithm))
+      expect(decoded_token).to be_kind_of(Array)
+      expect(decoded_token.first).to include(payload.as_json)
+    end
+  end
+end

data/spec/support/shared_examples/encodeable_examples.rb

@@ -0,0 +1,27 @@
+RSpec.shared_examples 'Encodeable Examples' do
+  describe 'encode' do
+    let(:payload) { { user_id: 1 } }
+
+    it 'encodes a json web token' do
+      allow(JWT).to receive(:encode).and_call_original
+
+      token = subject.encode(payload: payload)
+
+      expect(JWT).to have_received(:encode).with(hash_including('iat', 'user_id' => 1),
+        SolidusJwt::Config.jwt_secret, SolidusJwt::Config.jwt_algorithm)
+      expect(token).to be_kind_of String
+    end
+
+    context 'when expiration is passed in' do
+      it 'encodes a json web token with expiration date' do
+        allow(JWT).to receive(:encode).and_call_original
+
+        token = subject.encode(payload: payload, expires_in: 60)
+
+        expect(JWT).to have_received(:encode).with(hash_including('iat', 'exp', 'user_id' => 1),
+          SolidusJwt::Config.jwt_secret, SolidusJwt::Config.jwt_algorithm)
+        expect(token).to be_kind_of String
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_jwt
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Taylor Scott
 autorequire: 
-bindir: bin
+bindir: exe
 cert_chain: []
-date: 2019-12-09 00:00:00.000000000 Z
+date: 2020-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -38,33 +38,13 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: solidus_backend
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3'
 - !ruby/object:Gem::Dependency
   name: solidus_core
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 2.0.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -74,7 +54,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 2.0.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -82,16 +62,16 @@ dependencies:
   name: solidus_support
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.3
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.3
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -107,189 +87,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: capybara
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: coffee-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: database_cleaner
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: factory_bot
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: ffaker
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: gem-release
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: poltergeist
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rubocop-rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sass-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: selenium-webdriver
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: solidus_dev_support
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -308,28 +106,39 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
+- ".gem_release.yml"
+- ".github/CODEOWNERS"
+- ".github/stale.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-gemset"
+- ".ruby-version"
+- Gemfile
 - LICENSE
 - README.md
 - Rakefile
-- app/assets/javascripts/spree/backend/solidus_jwt.js
-- app/assets/javascripts/spree/frontend/solidus_jwt.js
-- app/assets/stylesheets/spree/backend/solidus_jwt.css
-- app/assets/stylesheets/spree/frontend/solidus_jwt.css
-- app/controllers/spree/api/base_controller/json_web_tokens.rb
-- app/controllers/spree/api/base_controller_decorator.rb
+- _config.yml
 - app/controllers/spree/api/oauths_controller.rb
-- app/models/application_record.rb
-- app/models/solidus_jwt/application_record.rb
+- app/decorators/solidus_jwt/spree/api/base_controller_decorator.rb
+- app/decorators/solidus_jwt/spree/user_decorator.rb
+- app/models/solidus_jwt/base_record.rb
 - app/models/solidus_jwt/token.rb
-- app/models/spree/user_decorator.rb
+- bin/console
+- bin/rails
+- bin/sandbox
+- bin/setup
 - config/locales/en.yml
 - config/routes.rb
 - db/migrate/20190222220038_create_solidus_jwt_tokens.rb
+- db/migrate/20191212083655_add_foreign_key_to_users_table.rb
 - lib/generators/solidus_jwt/install/install_generator.rb
 - lib/solidus_jwt.rb
 - lib/solidus_jwt/concerns/decodeable.rb
 - lib/solidus_jwt/concerns/encodeable.rb
 - lib/solidus_jwt/config.rb
+- lib/solidus_jwt/devise_strategies/base.rb
 - lib/solidus_jwt/devise_strategies/password.rb
 - lib/solidus_jwt/devise_strategies/refresh_token.rb
 - lib/solidus_jwt/distributor/devise.rb
@@ -337,27 +146,56 @@ files:
 - lib/solidus_jwt/factories.rb
 - lib/solidus_jwt/preferences.rb
 - lib/solidus_jwt/version.rb
-homepage: https://github.com/skukx
+- solidus_jwt.gemspec
+- spec/lib/solidus_jwt/concerns/decodeable_spec.rb
+- spec/lib/solidus_jwt/concerns/encodeable_spec.rb
+- spec/lib/solidus_jwt/config_spec.rb
+- spec/lib/solidus_jwt/devise_strategies/password_spec.rb
+- spec/lib/solidus_jwt/devise_strategies/refresh_token_spec.rb
+- spec/lib/solidus_jwt/preferences_spec.rb
+- spec/lib/solidus_jwt_spec.rb
+- spec/models/solidus_jwt/token_spec.rb
+- spec/requests/spree/api/json_web_tokens_spec.rb
+- spec/requests/spree/api/oauths_spec.rb
+- spec/spec_helper.rb
+- spec/support/shared_examples/decodeable_examples.rb
+- spec/support/shared_examples/encodeable_examples.rb
+homepage: https://github.com/skukx/solidus_jwt
 licenses:
 - BSD-3-Clause
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/skukx/solidus_jwt
+  source_code_uri: https://github.com/skukx/solidus_jwt
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Add Json Web Tokens to Solidus API
-test_files: []
+test_files:
+- spec/lib/solidus_jwt/concerns/decodeable_spec.rb
+- spec/lib/solidus_jwt/concerns/encodeable_spec.rb
+- spec/lib/solidus_jwt/config_spec.rb
+- spec/lib/solidus_jwt/devise_strategies/password_spec.rb
+- spec/lib/solidus_jwt/devise_strategies/refresh_token_spec.rb
+- spec/lib/solidus_jwt/preferences_spec.rb
+- spec/lib/solidus_jwt_spec.rb
+- spec/models/solidus_jwt/token_spec.rb
+- spec/requests/spree/api/json_web_tokens_spec.rb
+- spec/requests/spree/api/oauths_spec.rb
+- spec/spec_helper.rb
+- spec/support/shared_examples/decodeable_examples.rb
+- spec/support/shared_examples/encodeable_examples.rb