tentd 0.0.1

data/lib/tentd/model/type_properties.rb

@@ -0,0 +1,36 @@
+module TentD
+  module Model
+    module TypeProperties
+      def self.included(base)
+        base.class_eval do
+          property :type_base, DataMapper::Property::Text, :required => true, :lazy => false
+          property :type_view, String
+          property :type_version, String
+
+          validates_with_block :type_version do
+            return true if type_base == 'all' || type_version
+            [false, 'type version must be set']
+          end
+        end
+      end
+
+      def type
+        TentType.new.tap do |t|
+          t.base = type_base
+          t.version = type_version
+          t.view = type_view
+        end
+      end
+
+      def type=(new_t)
+        if String === new_t
+          new_t = TentType.new(new_t)
+        end
+
+        self.type_base = new_t.base
+        self.type_version = new_t.version
+        self.type_view = new_t.view
+      end
+    end
+  end
+end

data/lib/tentd/model/user.rb

@@ -0,0 +1,39 @@
+module TentD
+  module Model
+    class User
+      include DataMapper::Resource
+
+      storage_names[:default] = 'users'
+
+      property :id, Serial
+      property :created_at, DateTime
+      property :updated_at, DateTime
+      property :deleted_at, ParanoidDateTime
+
+      has n, :posts, 'TentD::Model::Post'
+      has n, :post_versions, 'TentD::Model::PostVersion'
+      has n, :apps, 'TentD::Model::App'
+      has n, :followings, 'TentD::Model::Following'
+      has n, :followers, 'TentD::Model::Follower'
+      has n, :groups, 'TentD::Model::Group'
+      has n, :profile_infos, 'TentD::Model::ProfileInfo'
+      has n, :notification_subscriptions, 'TentD::Model::NotificationSubscription'
+
+      def self.current=(u)
+        relationships.each do |relationship|
+          relationship.child_model.default_scope(:default).update(:user => u)
+        end
+        Thread.current[:user] = u
+      end
+
+      def self.current
+        Thread.current[:user]
+      end
+
+      def profile_entity
+        info = profile_infos.first(:type_base => ProfileInfo::TENT_PROFILE_TYPE.base, :order => :type_version.desc)
+        info.content['entity'] if info
+      end
+    end
+  end
+end

data/lib/tentd/model/user_scoped.rb

@@ -0,0 +1,14 @@
+module TentD
+  module Model
+    module UserScoped
+      def self.included(base)
+        base.class_eval do
+          belongs_to :user, 'TentD::Model::User'
+          before :valid? do
+            self.user_id ||= User.current.id if User.current
+          end
+        end
+      end
+    end
+  end
+end

data/lib/tentd/notifications.rb

@@ -0,0 +1,13 @@
+module TentD
+  class Notifications
+    # current job types
+    #   - trigger
+    #   - notify
+    #   - notify_entity
+    #   - update_following_profile
+    #   - profile_info_update
+    def self.method_missing(*args)
+      send(:queue_job, *args)
+    end
+  end
+end

data/lib/tentd/notifications/girl_friday.rb

@@ -0,0 +1,30 @@
+require 'tentd/notifications'
+require 'girl_friday'
+
+module TentD
+  class Notifications
+    def self.queue_job(job, msg)
+      const_get(job.to_s.upcase+'_QUEUE').push(msg)
+    end
+
+    TRIGGER_QUEUE = GirlFriday::WorkQueue.new(:trigger) do |msg|
+      Model::NotificationSubscription.notify_all(msg[:type], msg[:post_id])
+    end
+
+    NOTIFY_QUEUE = GirlFriday::WorkQueue.new(:notify) do |msg|
+      Model::NotificationSubscription.first(:id => msg[:subscription_id]).notify_about(msg[:post_id], msg[:view])
+    end
+
+    NOTIFY_ENTITY_QUEUE = GirlFriday::WorkQueue.new(:notify_entity) do |msg|
+      Model::NotificationSubscription.notify_entity(msg[:entity], msg[:post_id])
+    end
+
+    UPDATE_FOLLOWING_PROFILE_QUEUE = GirlFriday::WorkQueue.new(:update_following_profile) do |msg|
+      Model::Following.update_profile(msg[:following_id])
+    end
+
+    PROFILE_INFO_UPDATE_QUEUE = GirlFriday::WorkQueue.new(:profile_info_update) do |msg|
+      Model::ProfileInfo.create_update_post(msg[:profile_info_id])
+    end
+  end
+end

data/lib/tentd/notifications/sidekiq.rb

@@ -0,0 +1,50 @@
+require 'tentd/notifications'
+require 'sidekiq'
+
+module TentD
+  class Notifications
+    def self.queue_job(job, msg)
+      const_get(job.to_s.split('_').map(&:capitalize).push('Worker').join).perform_async(msg)
+    end
+
+    class TriggerWorker
+      include Sidekiq::Worker
+
+      def perform(msg)
+        Model::NotificationSubscription.notify_all(msg['type'], msg['post_id'])
+      end
+    end
+
+    class NotifyWorker
+      include Sidekiq::Worker
+
+      def perform(msg)
+        Model::NotificationSubscription.first(:id => msg['subscription_id']).notify_about(msg['post_id'])
+      end
+    end
+
+    class NotifyEntityWorker
+      include Sidekiq::Worker
+
+      def perform(msg)
+        Model::NotificationSubscription.notify_entity(msg['entity'], msg['post_id'])
+      end
+    end
+
+    class UpdateFollowingProfileWorker
+      include Sidekiq::Worker
+
+      def perform(msg)
+        Model::Following.update_profile(msg['following_id'])
+      end
+    end
+
+    class ProfileInfoUpdateWorker
+      include Sidekiq::Worker
+
+      def perform(msg)
+        Model::ProfileInfo.create_update_post(msg['profile_info_id'])
+      end
+    end
+  end
+end

data/lib/tentd/tent_type.rb

@@ -0,0 +1,20 @@
+module TentD
+  class TentType
+    attr_accessor :version, :view, :base
+
+    def initialize(uri = nil)
+      if uri
+        @version = TentVersion.from_uri(uri)
+        view_split = uri.to_s.split('#')
+        @view = view_split[1]
+        @base = view_split[0].to_s.sub(%r{/v[^a-z/][^/]*$}, '')
+      end
+    end
+
+    def uri
+      version_part = @version.nil? ? '' : "/v#{@version}"
+      view_part = @view.nil? ? '' : "##{@view}"
+      "#{@base}#{version_part}#{view_part}"
+    end
+  end
+end

data/lib/tentd/tent_version.rb

@@ -0,0 +1,41 @@
+module TentD
+  class TentVersion
+    Infinity = 1 / 0.0
+
+    include Comparable
+
+    def self.from_uri(uri)
+      new((uri.to_s.match(/v([.\dx]+)/) || [])[1])
+    end
+
+    def initialize(version_string)
+      @version = version_string
+    end
+
+    def to_s
+      @version
+    end
+
+    def parts
+      @version.split('.').map { |p| p == 'x' ? p : p.to_i }
+    end
+
+    def parts=(array)
+      @version = array.join('.')
+    end
+
+    def <=>(other)
+      other = self.class.new(other) if other.kind_of?(String)
+      parts.each_with_index.map { |p, index|
+        if (p == 'x' || other.parts[index] == 'x') || p == other.parts[index]
+          0
+        elsif p < other.parts[index]
+          -1
+        elsif p > other.parts[index]
+          1
+        end
+      }.each { |r| return r if r != 0 }
+      0
+    end
+  end
+end

data/lib/tentd/version.rb

@@ -0,0 +1,3 @@
+module TentD
+  VERSION = '0.0.1'
+end

data/spec/fabricators/app_authorizations_fabricator.rb

@@ -0,0 +1,5 @@
+Fabricator(:app_authorization, :class_name => 'TentD::Model::AppAuthorization') do |f|
+  f.notification_url "http://example.com/notifications"
+  updated_at { Time.now }
+  created_at { Time.now }
+end

data/spec/fabricators/apps_fabricator.rb

@@ -0,0 +1,11 @@
+Fabricator(:app, :class_name => 'TentD::Model::App') do
+  name "MicroBlogger"
+  description "Manages your status updates"
+  url "https://microbloggerapp.example.com"
+  icon "https://microbloggerapp.example.com/icon.png"
+  redirect_uris ["https://microbloggerapp.example.com/auth/callback?foo=bar"]
+  scopes { Hash.new(
+    "read_posts" => "Can read your posts",
+    "create_posts" => "Can create posts on your behalf"
+  ) }
+end

data/spec/fabricators/followers_fabricator.rb

@@ -0,0 +1,14 @@
+Fabricator(:follower, :class_name => "TentD::Model::Follower") do |f|
+  f.transient :server_urls
+  f.entity "https://smith.example.com"
+  f.public true
+  f.licenses ["http://creativecommons.org/licenses/by-nc-sa/3.0/", "http://www.gnu.org/copyleft/gpl.html"]
+  f.groups { ["family", "friends"].map {|name| Fabricate(:group, :name => name).public_id } }
+  f.notification_path "notifications/asdf"
+  f.profile { |f|
+    { TentD::Model::ProfileInfo::TENT_PROFILE_TYPE_URI =>
+      { :entity => f[:entity], :licenses => f[:licenses], :servers => Array(f[:server_urls] || ["https://example.com"]) }
+    }.to_json
+  }
+  f.updated_at { Time.now }
+end

data/spec/fabricators/followings_fabricator.rb

@@ -0,0 +1,17 @@
+Fabricator(:following, :class_name => "TentD::Model::Following") do
+  transient :server_urls
+  entity "https://smith.example.com"
+  licenses ["http://creativecommons.org/licenses/by-nc-sa/3.0/", "http://www.gnu.org/copyleft/gpl.html"]
+  groups { ["family", "friends"].map {|name| Fabricate(:group, :name => name).public_id } }
+  mac_key_id { SecureRandom.hex(4) }
+  mac_key { SecureRandom.hex(16) }
+  mac_algorithm 'hmac-sha-256'
+  mac_timestamp_delta Time.now.to_i
+  profile { |f|
+    { TentD::Model::ProfileInfo::TENT_PROFILE_TYPE_URI =>
+      { :entity => f[:entity], :licenses => f[:licenses], :servers => Array(f[:server_urls] || ["https://example.com"]) }
+    }.to_json
+  }
+  updated_at { Time.now }
+  confirmed true
+end

data/spec/fabricators/groups_fabricator.rb

@@ -0,0 +1,3 @@
+Fabricator(:group, :class_name => "TentD::Model::Group") do |f|
+  f.name 'Foos'
+end

data/spec/fabricators/mentions_fabricator.rb

@@ -0,0 +1,3 @@
+Fabricator(:mention, :class_name => 'TentD::Model::Mention') do
+  entity 'https://johnsmith.example.org'
+end

data/spec/fabricators/notification_subscriptions_fabricator.rb

@@ -0,0 +1,4 @@
+Fabricator(:notification_subscription, :class_name => 'TentD::Model::NotificationSubscription') do |f|
+  f.type_base 'https://tent.io/types/post/status'
+  f.type_version '0.1.0'
+end

data/spec/fabricators/permissions_fabricator.rb

@@ -0,0 +1 @@
+Fabricator(:permission, :class_name => "TentD::Model::Permission")

data/spec/fabricators/post_attachments_fabricator.rb

@@ -0,0 +1,8 @@
+Fabricator(:post_attachment, :class_name => "TentD::Model::PostAttachment") do |f|
+  post
+  f.category 'foo-category'
+  f.type 'text/plain'
+  f.name 'asdf.txt'
+  f.data "NTQzMjE=\n"
+  f.size 5
+end

data/spec/fabricators/post_versions_fabricator.rb

@@ -0,0 +1,12 @@
+Fabricator(:post_version, :class_name => 'TentD::Model::PostVersion') do |f|
+  f.entity "https://smith.example.com"
+  f.public true
+  f.original true
+  f.type_base "https://tent.io/types/post/status"
+  f.type_version "0.1.0"
+  f.licenses ["http://creativecommons.org/licenses/by-nc-sa/3.0/", "http://www.gnu.org/copyleft/gpl.html"]
+  f.content {{ 'text' => "Debitis exercitationem et cum dolores dolor laudantium. Delectus sit eius id. Totam voluptatem et sunt consectetur sed facere debitis. Quia molestias ratione." }}
+  f.updated_at { |attrs| Time.now }
+  f.published_at { |attrs| Time.now }
+  f.received_at { |attrs| Time.now }
+end

data/spec/fabricators/posts_fabricator.rb

@@ -0,0 +1,12 @@
+Fabricator(:post, :class_name => "TentD::Model::Post") do |f|
+  f.entity "https://smith.example.com"
+  f.public true
+  f.original true
+  f.type_base "https://tent.io/types/post/status"
+  f.type_version "0.1.0"
+  f.licenses ["http://creativecommons.org/licenses/by-nc-sa/3.0/", "http://www.gnu.org/copyleft/gpl.html"]
+  f.content {{ 'text' => "Debitis exercitationem et cum dolores dolor laudantium. Delectus sit eius id. Totam voluptatem et sunt consectetur sed facere debitis. Quia molestias ratione." }}
+  f.updated_at { |attrs| Time.now }
+  f.published_at { |attrs| Time.now }
+  f.received_at { |attrs| Time.now }
+end

data/spec/fabricators/profile_infos_fabricator.rb

@@ -0,0 +1,30 @@
+Fabricator(:profile_info, :class_name => 'TentD::Model::ProfileInfo') do |f|
+  f.public true
+  f.type_base 'https://tent.io/types/info/core'
+  f.type_version '0.1.0'
+  f.content { |attrs|
+    {
+      "licenses" => [
+        "http://creativecommons.org/licenses/by-nc-sa/3.0/",
+        "http://www.gnu.org/copyleft/gpl.html"
+      ],
+      "entity" => attrs[:entity],
+      "servers" => [
+        attrs[:entity],
+        "https://backup-johnsmith.example.com"
+      ]
+    }
+  }
+end
+
+Fabricator(:basic_profile_info, :class_name => 'TentD::Model::ProfileInfo') do |f|
+  f.public true
+  f.type_base 'https://tent.io/types/info/basic'
+  f.type_version '0.1.0'
+  f.content {
+    {
+      "name" => "John Smith",
+      "age" => 25
+    }
+  }
+end

data/spec/integration/api/apps_spec.rb

@@ -0,0 +1,466 @@
+require 'spec_helper'
+require 'tentd/core_ext/hash/slice'
+
+describe TentD::API::Apps do
+  def app
+    TentD::API.new
+  end
+
+  def authorize!(*scopes)
+    env['current_auth'] = stub(
+      :kind_of? => true,
+      :app_id => nil,
+      :id => nil,
+      :scopes => scopes
+    )
+  end
+
+  let(:env) { Hash.new }
+  let(:params) { Hash.new }
+
+  describe 'GET /apps' do
+    context 'when authorized' do
+      before { authorize!(:read_apps) }
+
+      with_mac_key = proc do
+        it 'should return list of apps with mac keys' do
+          expect(Fabricate(:app)).to be_saved
+
+          json_get '/apps', params, env
+          expect(last_response.status).to eq(200)
+
+          body = JSON.parse(last_response.body)
+          whitelist = %w{ mac_key_id mac_key mac_algorithm }
+          body.each { |actual|
+            whitelist.each { |key|
+              expect(actual).to have_key(key)
+            }
+          }
+        end
+      end
+
+      without_mac_key = proc do
+        it 'should return list of apps without mac keys' do
+          expect(Fabricate(:app)).to be_saved
+
+          json_get '/apps', params, env
+          expect(last_response.status).to eq(200)
+          body = JSON.parse(last_response.body)
+          blacklist = %w{ mac_key_id mac_key mac_algorithm }
+          body.each { |actual|
+            blacklist.each { |key|
+              expect(actual).to_not have_key(key)
+            }
+          }
+        end
+      end
+
+      context 'when read_secrets scope authorized' do
+        before { authorize!(:read_apps, :read_secrets) }
+        context 'with secrets param' do
+          before { params['secrets'] = true }
+          context '', &with_mac_key
+        end
+
+        context 'without secrets param', &without_mac_key
+      end
+
+      context 'when read_secrets scope unauthorized', &without_mac_key
+    end
+
+    context 'when unauthorized' do
+      it 'should respond 403' do
+        json_get '/apps', params, env
+        expect(last_response.status).to eq(403)
+      end
+
+      context 'when pretending to be authorized' do
+        let(:_app) { Fabricate(:app) }
+        before do
+          env['current_auth'] = Fabricate(:app_authorization, :app => _app)
+        end
+
+        it 'should respond 403' do
+          json_get "/apps?app_id=#{ _app.public_id }", params, env
+          expect(last_response.status).to eq(403)
+        end
+      end
+    end
+  end
+
+  describe 'GET /apps/:id' do
+    without_mac_key = proc do
+      it 'should return app without mac_key' do
+        app = _app
+
+        json_get "/apps/#{app.public_id}", params, env
+        expect(last_response.status).to eq(200)
+        body = JSON.parse(last_response.body)
+        blacklist = %w{ mac_key_id mac_key mac_algorithm }
+        blacklist.each { |key|
+          expect(body).to_not have_key(key)
+        }
+        expect(body['id']).to eq(app.public_id)
+      end
+    end
+
+    context 'when authorized via scope' do
+      let(:_app) { Fabricate(:app) }
+      before { authorize!(:read_apps) }
+
+      context 'app with :id exists' do
+        context 'when read_secrets scope authorized' do
+          before { authorize!(:read_apps, :read_secrets) }
+
+          context 'with read secrets param' do
+            before { params['secrets'] = true }
+
+            it 'should return app with mac_key' do
+              app = _app
+              json_get "/apps/#{app.public_id}", params, env
+              expect(last_response.status).to eq(200)
+              body = JSON.parse(last_response.body)
+              whitelist = %w{ mac_key_id mac_key mac_algorithm }
+              whitelist.each { |key|
+                expect(body).to have_key(key)
+              }
+              expect(body['id']).to eq(app.public_id)
+            end
+          end
+
+          context 'without read secrets param', &without_mac_key
+        end
+
+        context 'when read_secrets scope unauthorized', &without_mac_key
+      end
+
+      context 'app with :id does not exist' do
+        it 'should return 404' do
+          json_get "/apps/app-id", params, env
+          expect(last_response.status).to eq(404)
+        end
+      end
+    end
+
+    context 'when authorized via identity' do
+      let(:_app) { Fabricate(:app) }
+      examples = proc do
+        context 'app with :id exists' do
+          context 'without secrets param', &without_mac_key
+        end
+
+        context 'app with :id does not exist' do
+          it 'should return 403' do
+            json_get '/apps/app-id', params, env
+            expect(last_response.status).to eq(403)
+          end
+        end
+      end
+
+      context 'when App' do
+        before do
+          env['current_auth'] = _app
+        end
+
+        context &examples
+      end
+    end
+
+    context 'when unauthorized' do
+      it 'should respond 403' do
+        json_get "/apps/app-id", params, env
+        expect(last_response.status).to eq(403)
+      end
+    end
+  end
+
+  describe 'POST /apps' do
+    it 'should create app' do
+      data = Fabricate.build(:app).attributes.slice(:name, :description, :url, :icon, :redirect_uris, :scopes)
+
+      TentD::Model::App.all.destroy
+      expect(lambda { json_post '/apps', data, env }).to change(TentD::Model::App, :count).by(1)
+
+      app = TentD::Model::App.last
+      expect(last_response.status).to eq(200)
+      body = JSON.parse(last_response.body)
+      whitelist = %w{ mac_key_id mac_key mac_algorithm }
+      whitelist.each { |key|
+        expect(body).to have_key(key)
+      }
+    end
+  end
+
+  describe 'POST /apps/:id/authorizations' do
+    context 'when authorized' do
+      before { authorize!(:write_apps) }
+
+      it 'should create app authorization' do
+        app = Fabricate(:app)
+        scopes = %w{ read_posts write_posts }
+        post_types = %w{ https://tent.io/types/post/status/v0.1.0 https://tent.io/types/post/photo/v0.1.0 }
+        profile_info_types = %w{ https://tent.io/types/info/basic/v0.1.0 https://tent.io/types/info/core/v0.1.0 }
+        data = {
+          :notification_url => "http://example.com/webhooks/notifications",
+          :scopes => scopes,
+          :post_types => post_types.map {|url| URI.encode(url, ":/") },
+          :profile_info_types => profile_info_types.map {|url| URI.encode(url, ":/") },
+        }
+        expect(lambda {
+          expect(lambda {
+            json_post "/apps/#{app.public_id}/authorizations", data, env
+            expect(last_response.status).to eq(200)
+          }).to change(TentD::Model::NotificationSubscription, :count).by(2)
+        }).to change(TentD::Model::AppAuthorization, :count)
+
+        app_auth = app.authorizations.last
+        expect(app_auth.scopes).to eq(scopes)
+        expect(app_auth.post_types).to eq(post_types)
+        expect(app_auth.profile_info_types).to eq(profile_info_types)
+      end
+    end
+
+    context 'when not authorized' do
+      context 'when token exchange' do
+        it 'should exchange mac_key_id for mac_key' do
+          app = Fabricate(:app)
+          authorization = app.authorizations.create
+
+          data = {
+            :code => authorization.token_code
+          }
+
+          json_post "/apps/#{app.public_id}/authorizations", data, env
+          expect(last_response.status).to eq(200)
+          expect(authorization.reload.token_code).to_not eq(data[:code])
+          body = JSON.parse(last_response.body)
+          whitelist = %w{ access_token mac_key mac_algorithm token_type }
+          whitelist.each { |key|
+            expect(body).to have_key(key)
+          }
+        end
+      end
+
+      it 'should return 403' do
+        app = Fabricate(:app)
+        expect(lambda {
+          json_post "/apps/#{app.public_id}/authorizations", params, env
+        }).to_not change(TentD::Model::AppAuthorization, :count)
+        expect(last_response.status).to eq(403)
+      end
+    end
+  end
+
+  describe 'PUT /apps/:id' do
+    authorized_examples = proc do
+      context 'app with :id exists' do
+        it 'should update app' do
+          app = _app
+          data = app.attributes.slice(:name, :url, :icon, :redirect_uris, :scopes)
+          data[:name] = "Yet Another MicroBlog App"
+          data[:scopes] = {
+            "read_posts" => "Can read your posts"
+          }
+
+          json_put "/apps/#{app.public_id}", data, env
+          expect(last_response.status).to eq(200)
+          app.reload
+          data.slice(:name, :scopes, :url, :icon, :redirect_uris).each_pair do |key, val|
+            expect(app.send(key).to_json).to eq(val.to_json)
+          end
+        end
+      end
+    end
+
+    context 'when authorized via scope' do
+      let(:_app) { Fabricate(:app) }
+      before { authorize!(:write_apps) }
+
+      context '', &authorized_examples
+
+      context 'app with :id does not exist' do
+        it 'should return 404' do
+          json_put "/apps/#{(TentD::Model::App.count + 1) * 100}", params, env
+          expect(last_response.status).to eq(404)
+        end
+      end
+    end
+
+    context 'when authorized as app' do
+      let(:_app) { Fabricate(:app) }
+
+      before do
+        env['current_auth'] = _app
+      end
+
+      context '', &authorized_examples
+
+      context 'app with :id does not exist' do
+        it 'should return 403' do
+          json_put "/apps/app-id", params, env
+          expect(last_response.status).to eq(403)
+        end
+      end
+    end
+
+    context 'when unauthorized' do
+      it 'should respond 403' do
+        json_put '/apps/app-id', params, env
+        expect(last_response.status).to eq(403)
+      end
+    end
+  end
+
+  describe 'DELETE /apps/:id' do
+    authorized_examples = proc do
+      context 'app with :id exists' do
+        it 'should delete app' do
+          app = _app
+          expect(app).to be_saved
+
+          expect(lambda {
+            delete "/apps/#{app.public_id}", params, env
+            expect(last_response.status).to eq(200)
+          }).to change(TentD::Model::App, :count).by(-1)
+        end
+      end
+    end
+
+    context 'when authorized via scope' do
+      before { authorize!(:write_apps) }
+      let(:_app) { Fabricate(:app) }
+
+      context '', &authorized_examples
+      context 'app with :id does not exist' do
+        it 'should return 404' do
+          delete "/apps/app-id", params, env
+          expect(last_response.status).to eq(404)
+        end
+      end
+    end
+
+    context 'when authorized via identity' do
+      let(:_app) { Fabricate(:app) }
+      before do
+        env['current_auth'] = _app
+      end
+
+      context '', &authorized_examples
+
+      context 'app with :id does not exist' do
+        it 'should respond 403' do
+          delete '/apps/app-id', params, env
+          expect(last_response.status).to eq(403)
+        end
+      end
+    end
+
+    context 'when unauthorized' do
+      it 'should respond 403' do
+        delete '/apps/app-id', params, env
+        expect(last_response.status).to eq(403)
+      end
+    end
+  end
+
+  describe 'PUT /apps/:app_id/authorizations/:auth_id' do
+    let!(:_app) { Fabricate(:app) }
+    let!(:app_auth) { Fabricate(:app_authorization, :post_types => [], :profile_info_types => [], :notification_url => "http://example.com/notification", :app => _app) }
+
+    context 'when authorized via scope' do
+      before { authorize!(:write_apps) }
+
+      context 'update params unrelated to notification subscription' do
+        it 'should update app authorization' do
+          data = {
+            :notification_url => "http://example.com/webhooks/notifications",
+            :profile_info_types => ["https://tent.io/types/info/basic/v0.1.0"],
+            :scopes => %w{ read_posts read_apps }
+          }
+          json_put "/apps/#{_app.public_id}/authorizations/#{app_auth.public_id}", data, env
+          expect(last_response.status).to eq(200)
+
+          app_auth.reload
+          data.each_pair do |key, val|
+            expect(app_auth.send(key)).to eq(data[key])
+          end
+        end
+      end
+
+      context 'update post_types' do
+        it 'should update notification subscriptions' do
+          data = {
+            :post_types => ["https://tent.io/types/post/status/v0.1.0"]
+          }
+          expect(lambda {
+            json_put "/apps/#{_app.public_id}/authorizations/#{app_auth.public_id}", data, env
+            expect(last_response.status).to eq(200)
+          }).to change(TentD::Model::NotificationSubscription, :count).by(1)
+
+          expect(lambda {
+            json_put "/apps/#{_app.public_id}/authorizations/#{app_auth.public_id}", data, env
+            expect(last_response.status).to eq(200)
+          }).to_not change(TentD::Model::NotificationSubscription, :count)
+
+          app_auth.reload
+          expect(app_auth.post_types).to eq(data[:post_types])
+
+          expect(lambda {
+            data[:post_types] = []
+            json_put "/apps/#{_app.public_id}/authorizations/#{app_auth.public_id}", data, env
+            expect(last_response.status).to eq(200)
+          }).to change(TentD::Model::NotificationSubscription, :count).by(-1)
+        end
+      end
+
+      it 'should return 404 unless app and authorization exist' do
+        json_put "/apps/app-id/authorizations/auth-id", params, env
+        expect(last_response.status).to eq(404)
+      end
+    end
+  end
+
+  describe 'DELETE /apps/:app_id/authorizations/:auth_id' do
+    let!(:_app) { Fabricate(:app) }
+    let!(:app_auth) { Fabricate(:app_authorization, :app => _app) }
+    context 'when authorized via scope' do
+      before { authorize!(:write_apps) }
+
+      it 'should delete app authorization' do
+        expect(lambda {
+          expect(lambda {
+            delete "/apps/#{_app.public_id}/authorizations/#{app_auth.public_id}", params, env
+          }).to_not change(TentD::Model::App, :count)
+          expect(last_response.status).to eq(200)
+        }).to change(TentD::Model::AppAuthorization, :count).by(-1)
+      end
+
+      it 'should return 404 unless app and authorization exist' do
+        expect(lambda {
+          expect(lambda {
+            delete "/apps/app-id/authorizations/#{app_auth.public_id}", params, env
+            expect(last_response.status).to eq(404)
+          }).to_not change(TentD::Model::App, :count)
+        }).to_not change(TentD::Model::AppAuthorization, :count)
+
+        expect(lambda {
+          expect(lambda {
+            delete "/apps/#{_app.public_id}/authorizations/auth-id", params, env
+            expect(last_response.status).to eq(404)
+          }).to_not change(TentD::Model::App, :count)
+        }).to_not change(TentD::Model::AppAuthorization, :count)
+      end
+    end
+
+    context 'when not authorized' do
+      it 'it should return 403' do
+        expect(lambda {
+          expect(lambda {
+            delete "/apps/#{_app.public_id}/authorizations/#{app_auth.public_id}", params, env
+          }).to_not change(TentD::Model::App, :count)
+          expect(last_response.status).to eq(403)
+        }).to_not change(TentD::Model::AppAuthorization, :count)
+      end
+    end
+  end
+end