sso 0.0.2 → 0.1.0.alpha1

data/spec/integration/oauth/after_fetch_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+RSpec.describe SSO::Client::Warden::Hooks::AfterFetch, type: :request, db: true do
+
+  # Client side
+  let(:warden_env)      { {} }
+  let(:warden_request)  { double :warden_request, ip: ip, user_agent: agent, env: warden_env }
+  let(:warden)          { double :warden, request: warden_request }
+  let(:hook)            { described_class.new passport: client_passport, warden: warden, options: {} }
+  let(:client_user)     { double :client_user }
+  let(:client_passport) { ::SSO::Client::Passport.new id: passport_id, secret: passport_secret, state: passport_state, user: client_user }
+
+  # Shared
+  let!(:oauth_app)      { create :unscoped_doorkeeper_application }
+  let(:passport_id)     { server_passport.id }
+  let(:passport_state)  { server_passport.state }
+  let(:passport_secret) { server_passport.secret }
+  let(:ip)              { '198.51.100.74' }
+  let(:agent)           { 'IE7' }
+
+  # Server side
+  let!(:server_user)     { create :user }
+  let!(:server_passport) { create :passport, user: server_user, owner_id: server_user.id, ip: ip, agent: agent, application_id: oauth_app.id }
+
+  context 'no changes' do
+    it 'verifies the passport' do
+      expect(client_passport).to receive(:verified!)
+      hook.call
+    end
+  end
+
+  context 'a user attribute changed which is not included in the state digest' do
+    before do
+      server_user.update_attribute :name, 'Something new'
+    end
+
+    it 'verifies the passport' do
+      expect(client_passport).to receive(:verified!)
+      hook.call
+    end
+  end
+
+end

data/spec/integration/oauth/authorization_code_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+RSpec.describe 'OAuth 2.0 Authorization Grant Flow', type: :request, db: true do
+
+  let!(:user)        { create :user }
+  let!(:client)      { create :unscoped_doorkeeper_application }
+  let(:redirect_uri) { client.redirect_uri }
+
+  let(:grant_params)    { { client_id: client.uid, redirect_uri: redirect_uri, response_type: :code, scope: :insider, state: 'some_random_string' } }
+  let(:latest_grant)    { Doorkeeper::AccessGrant.last }
+  let(:latest_passport) { SSO::Server::Passport.last }
+
+  before do
+    get_via_redirect '/oauth/authorize', grant_params
+  end
+
+  it 'remembers the return path' do
+    expect(session[:return_path]).to eq "/oauth/authorize?#{grant_params.to_query}"
+  end
+
+  it 'shows to the login page' do
+    expect(response).to render_template 'sessions/new'
+  end
+
+  context 'Logging in' do
+    before do
+      post '/sessions', username: user.email, password: user.password
+      follow_redirect!
+    end
+
+    it 'redirects to the application callback including the Grant Token' do
+      expect(latest_grant).to be_present
+      expect(response).to redirect_to "#{client.redirect_uri}?code=#{latest_grant.token}&state=some_random_string"
+    end
+
+    it 'generates a passport with the grant token attached to it' do
+      expect(latest_passport.oauth_access_grant_id).to eq latest_grant.id
+    end
+
+    context 'Exchanging the Authorization Grant for an Access Token' do
+      let(:grant)        { ::Rack::Utils.parse_query(URI.parse(response.location).query).fetch('code') }
+      let(:grant_type)   { :authorization_code }
+      let(:params)       { { client_id: client.uid, client_secret: client.secret, code: grant, grant_type: grant_type, redirect_uri: redirect_uri } }
+      let(:access_token) { JSON.parse(response.body).fetch 'access_token' }
+
+      before do
+        post '/oauth/token', params
+      end
+
+      it 'gets the access token' do
+        expect(access_token).to be_present
+      end
+    end
+  end
+
+end

data/spec/integration/oauth/password_verification_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+
+RSpec.describe 'OAuth 2.0 Resource Owner Password Credentials Grant', type: :request, db: true do
+
+  let!(:user)    { create :user }
+  let!(:client)  { create :unscoped_doorkeeper_application }
+
+  let(:password) { user.password }
+  let(:params)   { { grant_type: :password, client_id: client.uid, client_secret: client.secret, username: user.email, password: password } }
+  let(:headers)  { { 'HTTP_ACCEPT' => 'application/json' } }
+
+  let(:latest_passport)     { ::SSO::Server::Passport.last }
+  let(:passport_count)      { ::SSO::Server::Passport.count }
+  let(:latest_access_token) { ::Doorkeeper::AccessToken.last }
+  let(:result)              { JSON.parse(response.body) }
+
+  before do
+    post '/oauth/token', params, headers
+  end
+
+  context 'correct password' do
+    it 'succeeds' do
+      expect(response.status).to eq 200
+    end
+
+    it 'responds with JSON serialized params' do
+      expect(result).to be_instance_of Hash
+    end
+
+    it 'includes the access_token' do
+      expect(result['access_token']).to eq latest_access_token.token
+    end
+
+    it 'generates a passport with the grant token attached to it' do
+      expect(latest_passport.oauth_access_token_id).to eq latest_access_token.id
+    end
+
+    it 'does not generate multiple passports' do
+      expect(passport_count).to eq 1
+    end
+  end
+
+  context 'wrong password' do
+    let(:password) { 'wrong-password-sent-by-hackerz' }
+
+    it 'fails' do
+      expect(response.status).to eq 401
+    end
+
+    it 'responds with JSON serialized params' do
+      expect(result).to be_instance_of Hash
+    end
+
+    it 'provides a errornous status' do
+      expect(result['status']).to eq 'error'
+    end
+
+    it 'provides a useful code' do
+      expect(result['code']).to eq 'authentication_failed'
+    end
+
+    it 'does not generate anny passports' do
+      expect(passport_count).to eq 0
+    end
+  end
+
+end

data/spec/lib/sso/logging_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+RSpec.describe SSO::Logging do
+
+  let(:instance) { MyTestNamespace::MyClass.new }
+  let(:logger)   { ::Logger.new '/dev/null' }
+
+  before do
+    ::SSO.config.logger = logger
+    stub_const 'MyTestNamespace', Module.new
+    stub_const 'MyTestNamespace::MyClass', Class.new {  include SSO::Logging }
+  end
+
+  describe '#logger' do
+    it 'is a logger' do
+      expect(instance.logger).to be_instance_of ::Logger
+    end
+  end
+
+  describe '#debug' do
+    it 'delegates to the logger' do
+      expect(logger).to receive(:debug).with('MyTestNamespace::MyClass') do |_, &block|
+        expect(block.call).to eq 'Say what?'
+      end
+      instance.debug { 'Say what?' }
+    end
+  end
+
+  context 'logger missing' do
+    let(:logger) {}
+
+    describe '#debug' do
+      it 'does not break' do
+        instance.debug { 'Should I freak out now?' }
+      end
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,54 @@
+ENV['RACK_ENV'] = 'test'
+
+unless ENV['TRAVIS']
+  require 'simplecov'
+  SimpleCov.start
+end
+
+require 'sso'
+require 'sso/server'  # <- The dummy app is an SSO Server
+require 'sso/client'  # <- For integration tests from client to server
+
+require File.expand_path('../dummy/config/environment', __FILE__)
+
+require 'rspec/rails'
+require 'factory_girl_rails'
+require 'database_cleaner'
+require 'timecop'
+require 'webmock'
+
+Dir[Pathname.pwd.join('spec/support/**/*.rb')].each { |f| require f }
+
+RSpec.configure do |config|
+
+  config.include FactoryGirl::Syntax::Methods
+  config.include SSO::Test::Helpers
+
+  config.color = true
+  config.disable_monkey_patching!
+  config.fail_fast = true
+  config.raise_errors_for_deprecations!
+  config.use_transactional_fixtures = false
+
+  config.before :suite do
+    DatabaseCleaner.strategy = :transaction
+    DatabaseCleaner.clean_with :truncation
+  end
+
+  config.before :each do
+    redirect_httparty_to_rails_stack
+  end
+
+  config.before :each, db: true do
+    DatabaseCleaner.start
+  end
+
+  config.after :each do
+    Timecop.return
+  end
+
+  config.after :each, db: true do
+    DatabaseCleaner.clean
+  end
+
+end

data/spec/support/factories/doorkeeper/application.rb

@@ -0,0 +1,21 @@
+FactoryGirl.define do
+  factory :parent_of_all_doorkeeper_applications, class: Doorkeeper::Application do
+
+    factory :insider_doorkeeper_application do
+      scopes { :insider }
+    end
+
+    factory :outsider_doorkeeper_application do
+      scopes { :outsider }
+    end
+
+    factory :unscoped_doorkeeper_application do
+    end
+
+    uid          { SecureRandom.hex }
+    secret       { SecureRandom.hex }
+    name         { %w(Alpha Beta Gamma Delta Epsilon).sample }
+    redirect_uri { "https://#{name.downcase}.example.com#{['/subpath', nil].sample}/auth/sso/callback" }
+
+  end
+end

data/spec/support/factories/server/passport.rb

@@ -0,0 +1,10 @@
+FactoryGirl.define do
+  factory :parent_of_all_passports, class: SSO::Server::Passport do
+
+    factory :passport do
+    end
+
+    group_id { SecureRandom.hex }
+
+  end
+end

data/spec/support/factories/server/user.rb

@@ -0,0 +1,14 @@
+FactoryGirl.define do
+  factory :parent_of_all_users, class: User do
+
+    factory :user do
+    end
+
+    name         { %w(Alice Bob Carol Eve Frank).sample }
+    email        { "#{name.downcase}@email.com" }
+    password     { %w(p4ssword s3same l3tmein).sample }
+    tags         { [[%w(password_expired superuser).sample, %w(admin confirmed).sample], []].sample }
+    vip          { [true, false].sample }
+
+  end
+end

data/spec/support/sso/test.rb

@@ -0,0 +1,9 @@
+module SSO
+  module Test
+
+    def self.strip_cookies
+      false
+    end
+
+  end
+end

data/spec/support/sso/test/cookie_stripper.rb

@@ -0,0 +1,20 @@
+module SSO
+  module Test
+    # There is no good way to simulate disabled cookies in Rails,
+    # so we inject this Middleware which actually removes them from our incoming requests.
+    #
+    class CookieStripper
+
+      def initialize(app)
+        fail 'What are you doing?' unless Rails.env.test?
+        @app = app
+      end
+
+      def call(env)
+        Rack::Request.new(env).cookies.clear if SSO::Test.strip_cookies
+        @app.call(env)
+      end
+
+    end
+  end
+end

data/spec/support/sso/test/helpers.rb

@@ -0,0 +1,56 @@
+require 'httparty'
+
+module SSO
+  module Test
+    module Helpers
+
+      def redirect_httparty_to_rails_stack
+        redirect_httparty :get
+        redirect_httparty :post
+      end
+
+      private
+
+      def redirect_httparty(method)
+        allow(HTTParty).to receive(method) do |url, options|
+          ::SSO.config.logger.warn('SSO::Test::Helpers') do
+            "RSpec caught an outgoing HTTParty request to #{url.inspect} and re-routes it back into the Rails integration test framework..."
+          end
+
+          url = URI.parse url
+          expect(url.host).to include '.example.com'
+          expect(url.scheme).to eq 'https'
+
+          if options[:basic_auth].present?
+            basic_auth_header = 'Basic ' + Base64.encode64("#{options[:basic_auth][:username]}:#{options[:basic_auth][:password]}")
+            options[:headers]['HTTP_AUTHORIZATION'] = basic_auth_header
+          end
+
+          case method
+          when :post
+            query_string = options[:query].to_query.present? ? "?#{options[:query].to_query}" : nil
+            send method, "#{url.path}#{query_string}", options[:body], options[:headers]
+          when :get
+            send method, url.path, options[:query], options[:headers]
+          else
+            fail NotImplementedError
+          end
+
+          convert_rails_response_to_httparty_response response
+        end
+      end
+
+      def convert_rails_response_to_httparty_response(response)
+        parsed_response = JSON.parse response.body
+        OpenStruct.new code: response.code.to_i, parsed_response: parsed_response
+
+      rescue JSON::ParserError
+        ::SSO.config.logger.warn('SSO::Test::Helpers') do
+          'It looks like I could not parse that JSON response. I will behave just like HTTParty and not raise an Exception for this.'
+        end
+        OpenStruct.new code: response.code.to_i
+      end
+
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sso
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0.alpha1
 platform: ruby
 authors:
 - halo
@@ -10,6 +10,34 @@ bindir: bin
 cert_chain: []
 date: 2015-02-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: doorkeeper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: operation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.3
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -44,22 +72,50 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.1.8
   type: :runtime
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.8
+- !ruby/object:Gem::Dependency
+  name: warden
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.3
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: trouble
+  name: factory_girl_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -67,28 +123,190 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: warden
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.3
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Working towards a single-sign on rack middleware. To provide true single-sign-OUT,
-  every request on a client app is verified with the SSO server.
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Leveraging Doorkeeper as single-sign-on OAuth server. To provide true
+  single-sign-OUT, every request on an OAuth client app is verified with the SSO server.
 email: 
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
-homepage: https://github.com/halo/oauth-sso/issues/1
-licenses: []
+files:
+- lib/sso.rb
+- spec/dummy/Rakefile
+- spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/controllers/home_controller.rb
+- spec/dummy/app/controllers/sessions_controller.rb
+- spec/dummy/app/models/user.rb
+- spec/dummy/app/views/home/index.html.erb
+- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/app/views/sessions/new.html.erb
+- spec/dummy/bin/bundle
+- spec/dummy/bin/rails
+- spec/dummy/bin/rake
+- spec/dummy/bin/setup
+- spec/dummy/config.ru
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/assets.rb
+- spec/dummy/config/initializers/cookies_serializer.rb
+- spec/dummy/config/initializers/doorkeeper.rb
+- spec/dummy/config/initializers/filter_parameter_logging.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/sso.rb
+- spec/dummy/config/initializers/warden.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/locales/doorkeeper.en.yml
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/db/migrate/20150302113121_add_users.rb
+- spec/dummy/db/migrate/20150303054803_create_doorkeeper_tables.rb
+- spec/dummy/db/migrate/20150303132931_create_passports_table.rb
+- spec/dummy/db/schema.rb
+- spec/integration/oauth/after_fetch_spec.rb
+- spec/integration/oauth/authorization_code_spec.rb
+- spec/integration/oauth/password_verification_spec.rb
+- spec/lib/sso/logging_spec.rb
+- spec/spec_helper.rb
+- spec/support/factories/doorkeeper/application.rb
+- spec/support/factories/server/passport.rb
+- spec/support/factories/server/user.rb
+- spec/support/sso/test.rb
+- spec/support/sso/test/cookie_stripper.rb
+- spec/support/sso/test/helpers.rb
+homepage: https://github.com/halo/sso
+licenses:
+- MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -98,16 +316,64 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
-summary: Working towards a single-sign on rack middleware.
-test_files: []
+summary: Leveraging Doorkeeper as single-sign-on OAuth server.
+test_files:
+- spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/controllers/home_controller.rb
+- spec/dummy/app/controllers/sessions_controller.rb
+- spec/dummy/app/models/user.rb
+- spec/dummy/app/views/home/index.html.erb
+- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/app/views/sessions/new.html.erb
+- spec/dummy/bin/bundle
+- spec/dummy/bin/rails
+- spec/dummy/bin/rake
+- spec/dummy/bin/setup
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/assets.rb
+- spec/dummy/config/initializers/cookies_serializer.rb
+- spec/dummy/config/initializers/doorkeeper.rb
+- spec/dummy/config/initializers/filter_parameter_logging.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/sso.rb
+- spec/dummy/config/initializers/warden.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/locales/doorkeeper.en.yml
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/config.ru
+- spec/dummy/db/migrate/20150302113121_add_users.rb
+- spec/dummy/db/migrate/20150303054803_create_doorkeeper_tables.rb
+- spec/dummy/db/migrate/20150303132931_create_passports_table.rb
+- spec/dummy/db/schema.rb
+- spec/dummy/Rakefile
+- spec/integration/oauth/after_fetch_spec.rb
+- spec/integration/oauth/authorization_code_spec.rb
+- spec/integration/oauth/password_verification_spec.rb
+- spec/lib/sso/logging_spec.rb
+- spec/spec_helper.rb
+- spec/support/factories/doorkeeper/application.rb
+- spec/support/factories/server/passport.rb
+- spec/support/factories/server/user.rb
+- spec/support/sso/test/cookie_stripper.rb
+- spec/support/sso/test/helpers.rb
+- spec/support/sso/test.rb