warden-github-rails-thinknear-fork 1.1.0

data/spec/integration/route_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+
+describe 'request to a protected resource' do
+  subject { get '/protected' }
+
+  context 'when not logged in' do
+    it { should be_github_oauth_redirect }
+  end
+
+  context 'when logged in' do
+    before { github_login }
+    it { should be_ok }
+  end
+
+  context 'with multiple scopes' do
+    subject { get '/admin/protected' }
+
+    context 'when logged in in the wrong scope' do
+      before { github_login }
+      it { should be_github_oauth_redirect }
+    end
+
+    context 'when logged in in the correct scope' do
+      before { github_login(:admin) }
+      it { should be_ok }
+    end
+  end
+end
+
+describe 'request to a resource that only exists when logged in' do
+  subject { get '/conditional' }
+
+  context 'when not logged in' do
+    it { should be_not_found }
+  end
+
+  context 'when logged in' do
+    before { github_login }
+    it { should be_ok }
+  end
+
+  context 'with mutliple scopes' do
+    subject { get '/admin/conditional' }
+
+    context 'when logged in in the wrong scope' do
+      before { github_login }
+      it { should be_not_found }
+    end
+
+    context 'when logged in in the correct scope' do
+      before { github_login(:admin) }
+      it { should be_ok }
+    end
+  end
+end
+
+describe 'request to a resource that only exists when logged out' do
+  subject { get '/conditional_inverse' }
+
+  context 'when not logged in' do
+    it { should be_ok }
+  end
+
+  context 'when logged in' do
+    before { github_login }
+    it { should be_not_found }
+  end
+
+  context 'with mutliple scopes' do
+    subject { get '/admin/conditional_inverse' }
+
+    context 'when logged in in the wrong scope' do
+      before { github_login }
+      it { should be_ok }
+    end
+
+    context 'when logged in in the correct scope' do
+      before { github_login(:admin) }
+      it { should be_not_found }
+    end
+  end
+end

data/spec/integration/scope_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+# Test if the configs in rails_app/config/initializers/warden_github_rails.rb
+# are actually being set and used by warden.
+describe 'request to custom configured scope' do
+  def test_redirect(url, args)
+    request = get url
+    params = Addressable::URI.parse(request.location).query_values
+
+    expect(request).to be_github_oauth_redirect
+    expect(params.fetch('client_id')).to eq(args.fetch(:client_id))
+    expect(params.fetch('redirect_uri')).to match(args.fetch(:redirect_uri))
+    expect(params.fetch('scope')).to eq(args.fetch(:scope))
+  end
+
+  context 'user' do
+    it 'passes the correct configs to the oauth flow' do
+      test_redirect('/protected',
+                    :client_id => 'foo',
+                    :redirect_uri => /\/protected$/,
+                    :scope => 'user')
+    end
+  end
+
+  context 'admin' do
+    it 'passes the correct configs to the oauth flow' do
+      test_redirect('/admin/protected',
+                    :client_id => 'abc',
+                    :redirect_uri => /\/admin\/login\/callback$/,
+                    :scope => 'repo')
+    end
+  end
+end

data/spec/integration/view_helpers_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe 'view helpers' do
+  describe '#github_user' do
+    subject(:request) { get "/view_tests/user" }
+
+    it 'is defined' do
+      expect(request.body).to include('true')
+    end
+  end
+
+  describe '#github_authenticated?' do
+    subject(:request) { get "/view_tests/authenticated" }
+
+    it 'is defined' do
+      expect(request.body).to include('true')
+    end
+  end
+end

data/spec/rails_app/app/controllers/scoped_controller.rb

@@ -0,0 +1,28 @@
+class ScopedController < ActionController::Base
+  def authenticate
+    github_authenticate!(:admin)
+    render :nothing => true
+  end
+
+  def logout
+    was_logged_in = !github_user(:admin).nil?
+    github_logout(:admin)
+    render :text => was_logged_in
+  end
+
+  def authenticated
+    render :text => github_authenticated?(:admin)
+  end
+
+  def user
+    render :text => github_user(:admin)
+  end
+
+  def session
+    if (session = github_session(:admin))
+      session[:foo] = :bar
+    end
+
+    render :text => github_session(:admin)
+  end
+end

data/spec/rails_app/app/controllers/unscoped_controller.rb

@@ -0,0 +1,28 @@
+class UnscopedController < ActionController::Base
+  def authenticate
+    github_authenticate!
+    render :nothing => true
+  end
+
+  def logout
+    was_logged_in = !github_user.nil?
+    github_logout
+    render :text => was_logged_in
+  end
+
+  def authenticated
+    render :text => github_authenticated?
+  end
+
+  def user
+    render :text => github_user
+  end
+
+  def session
+    if (session = github_session)
+      session[:foo] = :bar
+    end
+
+    render :text => github_session
+  end
+end

data/spec/rails_app/app/controllers/view_tests_controller.rb

@@ -0,0 +1,2 @@
+class ViewTestsController < ActionController::Base
+end

data/spec/rails_app/app/views/view_tests/authenticated.html.erb

@@ -0,0 +1 @@
+<%= !!defined?(github_authenticated?) %>

data/spec/rails_app/app/views/view_tests/user.html.erb

@@ -0,0 +1 @@
+<%= !!defined?(github_user) %>

data/spec/rails_app/config.ru

@@ -0,0 +1,2 @@
+require ::File.expand_path('../config/environment',  __FILE__)
+run RailsApp::Application

data/spec/rails_app/config/application.rb

@@ -0,0 +1,20 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'action_controller/railtie'
+require 'warden/github/rails'
+
+unless Rails.env.test?
+  begin
+    require 'debugger'
+  rescue LoadError
+    require 'ruby-debug'
+  end
+end
+
+module RailsApp
+  class Application < Rails::Application
+    config.encoding = "utf-8"
+    config.filter_parameters += [:password]
+    config.active_support.escape_html_entities_in_json = true
+  end
+end

data/spec/rails_app/config/boot.rb

@@ -0,0 +1,3 @@
+require 'rubygems'
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/rails_app/config/environment.rb

@@ -0,0 +1,3 @@
+require File.expand_path('../application', __FILE__)
+
+RailsApp::Application.initialize!

data/spec/rails_app/config/environments/development.rb

@@ -0,0 +1,8 @@
+RailsApp::Application.configure do
+  config.cache_classes = false
+  config.whiny_nils = true
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+  config.active_support.deprecation = :log
+  config.action_dispatch.best_standards_support = :builtin
+end

data/spec/rails_app/config/environments/production.rb

@@ -0,0 +1,8 @@
+RailsApp::Application.configure do
+  config.cache_classes = true
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+  config.serve_static_assets = false
+  config.i18n.fallbacks = true
+  config.active_support.deprecation = :notify
+end

data/spec/rails_app/config/environments/test.rb

@@ -0,0 +1,11 @@
+RailsApp::Application.configure do
+  config.cache_classes = true
+  config.serve_static_assets = true
+  config.static_cache_control = "public, max-age=3600"
+  config.whiny_nils = true
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+  config.action_dispatch.show_exceptions = false
+  config.action_controller.allow_forgery_protection    = false
+  config.active_support.deprecation = :stderr
+end

data/spec/rails_app/config/initializers/secret_token.rb

@@ -0,0 +1 @@
+RailsApp::Application.config.secret_token = '81fe673d8f0ffe90945ee8d493f8c0c474dc18ab9ff0a7e58af85d7870a56f3324f0d034131e5b5c2816c8a690cd13f9a46f484222dad475b734462b90e90527'

data/spec/rails_app/config/initializers/session_store.rb

@@ -0,0 +1 @@
+RailsApp::Application.config.session_store :cookie_store, :key => '_rails_app_session'

data/spec/rails_app/config/initializers/warden_github_rails.rb

@@ -0,0 +1,12 @@
+Warden::GitHub::Rails.setup do |config|
+  config.add_scope :user,  :client_id     => ENV['GITHUB_CLIENT_ID'] || 'foo',
+                           :client_secret => ENV['GITHUB_CLIENT_SECRET'] || 'bar',
+                           :scope         => 'user'
+
+  config.add_scope :admin, :client_id     => ENV['GITHUB_CLIENT_ID'] || 'abc',
+                           :client_secret => ENV['GITHUB_CLIENT_SECRET'] || 'xyz',
+                           :redirect_uri  => '/admin/login/callback',
+                           :scope         => 'repo'
+
+  config.add_team :marketing, 456
+end

data/spec/rails_app/config/initializers/wrap_parameters.rb

@@ -0,0 +1,4 @@
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters :format => [:json]
+end
+

data/spec/rails_app/config/routes.rb

@@ -0,0 +1,53 @@
+RailsApp::Application.routes.draw do
+  responses = {
+    200 => lambda { |env| [200, {}, ['welcome']] },
+    404 => lambda { |env| [404, {}, ['not found']] }
+  }
+
+  # Routes for route constraints tests:
+
+  github_authenticate    { get '/protected'           => responses[200] }
+  github_authenticated   { get '/conditional'         => responses[200] }
+  github_unauthenticated { get '/conditional_inverse' => responses[200] }
+
+  github_authenticate(:admin)    { get '/admin/protected'           => responses[200] }
+  github_authenticate(:admin)    { get '/admin/login/callback'      => redirect('/admin/protected') }
+  github_authenticated(:admin)   { get '/admin/conditional'         => responses[200] }
+  github_unauthenticated(:admin) { get '/admin/conditional_inverse' => responses[200] }
+
+  github_authenticate(:team => 123)  { get '/team/protected'   => responses[200] }
+  github_authenticated(:team => 123) { get '/team/conditional' => responses[200] }
+
+  github_authenticate(:team => :marketing)  { get '/team_alias/protected'   => responses[200] }
+  github_authenticated(:team => :marketing) { get '/team_alias/conditional' => responses[200] }
+
+  github_authenticate(:org => :foobar_inc)  { get '/org/protected'   => responses[200] }
+  github_authenticated(:org => :foobar_inc) { get '/org/conditional' => responses[200] }
+
+  github_authenticate(:organization => 'some_org')  { get '/organization/protected'   => responses[200] }
+  github_authenticated(:organization => 'some_org') { get '/organization/conditional' => responses[200] }
+
+  github_authenticated(:org => lambda { |req| req.params[:id] }) do
+    get '/dynamic_org/:id' => responses[200]
+  end
+
+  github_authenticated(:team => lambda { |req| req.params[:id] }) do
+    get '/dynamic_team/:id' => responses[200]
+  end
+
+  # Routes for controller helpers tests:
+
+  %w[ unscoped scoped ].each do |type|
+    %w[ authenticate logout authenticated user session ].each do |method|
+      get "/#{type}/#{method}" => "#{type}##{method}"
+    end
+  end
+
+  %w[ user authenticated ].each do |method|
+    get "/view_tests/#{method}" => "view_tests##{method}"
+  end
+
+  # Everything else should be a 404:
+
+  get '*all' => responses[404]
+end

data/spec/rails_app/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/spec_helper.rb

@@ -0,0 +1,40 @@
+unless ENV['CI']
+  require 'simplecov'
+  SimpleCov.start do
+    add_filter '/spec'
+    add_filter '/example'
+  end
+end
+
+require 'rack/test'
+require 'warden/github/rails/test_helpers'
+require 'addressable/uri'
+
+# Load the test rails app:
+ENV['RAILS_ENV'] ||= 'test'
+require 'rails_app/config/environment'
+
+# Setup configs needed to run:
+ENV['GITHUB_CLIENT_ID']     = 'test_client_id'
+ENV['GITHUB_CLIENT_SECRET'] = 'test_client_secret'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+  config.order = 'random'
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+
+  config.include Rack::Test::Methods
+  config.include Warden::GitHub::Rails::TestHelpers
+
+  # Reset warden's login states after each test.
+  config.after { Warden.test_reset! }
+
+  # This is how rack-test gets access to the app.
+  def app
+    RailsApp::Application
+  end
+end

data/spec/unit/config_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+
+describe Warden::GitHub::Rails::Config do
+  subject(:config) { described_class.new }
+
+  describe '#default_scope' do
+    it 'defaults to :user' do
+      expect(config.default_scope).to eq(:user)
+    end
+  end
+
+  describe '#scopes' do
+    it 'defaults to an empty hash' do
+      expect(config.scopes).to eq({})
+    end
+  end
+
+  describe '#teams' do
+    it 'defaults to an empty hash' do
+      expect(config.scopes).to eq({})
+    end
+  end
+
+  describe '#add_scope' do
+    it 'adds a scope with its configs' do
+      scope_config = double
+      config.add_scope :admin, scope_config
+      expect(config.scopes[:admin]).to eq(scope_config)
+    end
+  end
+
+  describe '#add_team' do
+    it 'adds a name mapping for a team' do
+      config.add_team :marketing, 1234
+      expect(config.teams[:marketing]).to eq(1234)
+    end
+
+    it 'normalizes the input' do
+      config.add_team 'marketing', '1234'
+      expect(config.teams[:marketing]).to eq(1234)
+    end
+  end
+
+  describe '#team_id' do
+    context 'when passed a numeric value' do
+      it 'returns that value' do
+        expect(config.team_id('1234')).to eq(1234)
+        expect(config.team_id(1234)).to eq(1234)
+      end
+    end
+
+    context 'when passed an alias' do
+      it 'returns the id for the alias' do
+        config.add_team :marketing, 1234
+        expect(config.team_id(:marketing)).to eq(1234)
+        expect(config.team_id('marketing')).to eq(1234)
+      end
+    end
+
+    context 'when no mapping exists' do
+      it 'raises a BadConfig' do
+        expect { config.team_id(:foobar) }.
+          to raise_error(Warden::GitHub::Rails::Config::BadConfig)
+      end
+    end
+  end
+end