warden-github 0.12.1 → 0.13.0

data/lib/warden/github/version.rb

@@ -0,0 +1,5 @@
+module Warden
+  module GitHub
+    VERSION = "0.13.0"
+  end
+end

data/spec/fixtures/user.json

@@ -0,0 +1,42 @@
+{
+  "public_repos": 14,
+  "company": "Foobar, Inc.",
+  "type": "User",
+  "url": "https:\/\/api.github.com\/users\/john",
+  "received_events_url": "https:\/\/api.github.com\/users\/john\/received_events",
+  "login": "john",
+  "updated_at": "2013-02-03T18:50:08Z",
+  "avatar_url": "https:\/\/secure.gravatar.com\/avatar\/38581cb351a52002548f40f8066cfecf?d=https:\/\/a248.e.akamai.net\/assets.github.com%2Fimages%2Fgravatars%2Fgravatar-user-420.png",
+  "collaborators": 0,
+  "public_gists": 8,
+  "hireable": false,
+  "events_url": "https:\/\/api.github.com\/users\/john\/events{\/privacy}",
+  "organizations_url": "https:\/\/api.github.com\/users\/john\/orgs",
+  "total_private_repos": 0,
+  "gists_url": "https:\/\/api.github.com\/users\/john\/gists{\/gist_id}",
+  "private_gists": 9,
+  "followers": 15,
+  "following": 35,
+  "created_at": "2009-09-17T14:12:20Z",
+  "bio": "Just a simple test user",
+  "owned_private_repos": 0,
+  "location": "Bay Area",
+  "starred_url": "https:\/\/api.github.com\/users\/john\/starred{\/owner}{\/repo}",
+  "gravatar_id": "38581cb351a52002548f40f8066cfecf",
+  "name": "John Doe",
+  "blog": "http:\/\/johndoe.com/",
+  "disk_usage": 10361,
+  "html_url": "https:\/\/github.com\/john",
+  "followers_url": "https:\/\/api.github.com\/users\/john\/followers",
+  "id": 1234,
+  "plan": {
+    "collaborators": 1,
+    "space": 614400,
+    "name": "micro",
+    "private_repos": 5
+  },
+  "email": "me@johndoe.com",
+  "repos_url": "https:\/\/api.github.com\/users\/john\/repos",
+  "subscriptions_url": "https:\/\/api.github.com\/users\/john\/subscriptions",
+  "following_url": "https:\/\/api.github.com\/users\/john\/following"
+}

data/spec/integration/oauth_spec.rb

@@ -0,0 +1,131 @@
+require 'spec_helper'
+
+describe 'OAuth' do
+  let(:code) { '1234' }
+
+  def stub_code_for_token_exchange(answer='access_token=the_token')
+    stub_request(:post, 'https://github.com/login/oauth/access_token').
+      with(:body => hash_including(:code => code)).
+      to_return(:status => 200, :body => answer)
+  end
+
+  def stub_user_retrieval
+    stub_request(:get, 'https://api.github.com/user').
+      with(:headers => { 'Authorization' => 'token the_token' }).
+      to_return(
+        :status => 200,
+        :body => File.read('spec/fixtures/user.json'),
+        :headers => { 'Content-Type' => 'application/json; charset=utf-8' })
+  end
+
+  def redirect_uri(response)
+    Addressable::URI.parse(response.headers['Location'])
+  end
+
+  context 'when accessing a protected url' do
+    it 'redirects to GitHub for authentication' do
+      unauthenticated_response = get '/profile'
+      github_uri = redirect_uri(unauthenticated_response)
+
+      github_uri.scheme.should eq 'https'
+      github_uri.host.should eq 'github.com'
+      github_uri.path.should eq '/login/oauth/authorize'
+      github_uri.query_values['client_id'].should =~ /\w+/
+      github_uri.query_values['state'].should =~ /\w+/
+      github_uri.query_values['redirect_uri'].should =~ /^http.*\/profile$/
+    end
+  end
+
+  context 'when redirected back from GitHub' do
+    it 'exchanges the code for an access token' do
+      stub_code_for_token_exchange
+      stub_user_retrieval
+
+      unauthenticated_response = get '/login'
+      github_uri = redirect_uri(unauthenticated_response)
+      state = github_uri.query_values['state']
+
+      get "/login?code=#{code}&state=#{state}"
+    end
+
+    context 'and the returned state does not match the initial state' do
+      it 'fails authentication' do
+        get '/login'
+        response = get "/login?code=#{code}&state=foobar"
+
+        response.should_not be_successful
+        response.body.should include 'State mismatch'
+      end
+    end
+
+    context 'and GitHub rejects the code while exchanging it for an access token' do
+      it 'fails authentication' do
+        stub_code_for_token_exchange('error=bad_verification_code')
+
+        unauthenticated_response = get '/login'
+        github_uri = redirect_uri(unauthenticated_response)
+        state = github_uri.query_values['state']
+        response = get "/login?code=#{code}&state=#{state}"
+
+        response.should_not be_successful
+        response.body.should include 'Bad verification code'
+      end
+    end
+
+    context 'and the user denied access' do
+      it 'fails authentication' do
+        unauthenticated_response = get '/login'
+        github_uri = redirect_uri(unauthenticated_response)
+        state = github_uri.query_values['state']
+        response = get "/login?error=access_denied&state=#{state}"
+
+        response.should_not be_successful
+        response.body.should include 'access denied'
+      end
+    end
+
+    context 'and code was exchanged for an access token' do
+      it 'redirects back to the original path' do
+        stub_code_for_token_exchange
+        stub_user_retrieval
+
+        unauthenticated_response = get '/profile?foo=bar'
+        github_uri = redirect_uri(unauthenticated_response)
+        state = github_uri.query_values['state']
+
+        callback_response = get "/profile?code=#{code}&state=#{state}"
+        authenticated_uri = redirect_uri(callback_response)
+
+        authenticated_uri.path.should eq '/profile'
+        authenticated_uri.query.should eq 'foo=bar'
+      end
+    end
+  end
+
+  context 'when not inside OAuth flow' do
+    it 'does not recognize a seeming callback url as an actual callback' do
+      response = get '/profile?state=foo&code=bar'
+
+      a_request(:post, 'https://github.com/login/oauth/access_token').
+        should have_not_been_made
+    end
+  end
+
+  context 'when already authenticated' do
+    it 'does not perform the OAuth flow again' do
+      stub_code_for_token_exchange
+      stub_user_retrieval
+
+      unauthenticated_response = get '/login'
+      github_uri = redirect_uri(unauthenticated_response)
+      state = github_uri.query_values['state']
+
+      callback_response = get "/login?code=#{code}&state=#{state}"
+      authenticated_uri = redirect_uri(callback_response)
+      get authenticated_uri.path
+      logged_in_response = get '/login'
+
+      redirect_uri(logged_in_response).path.should eq '/'
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,11 +1,16 @@
-Bundler.require(:default, :runtime, :test)
+require 'simplecov'
+SimpleCov.start do
+  add_filter '/spec'
+  add_filter '/example'
+end
 
-require File.join(File.dirname(__FILE__), '..', 'lib', 'warden-github')
-require File.join(File.dirname(__FILE__), 'app')
+require 'warden/github'
+require File.expand_path('../../example/app', __FILE__)
 require 'rack/test'
 require 'webrat'
 require 'addressable/uri'
 require 'pp'
+require 'webmock/rspec'
 
 Webrat.configure do |config|
   config.mode = :rack

data/spec/unit/oauth_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe Warden::GitHub::OAuth do
+  let(:default_attrs) do
+    { :state => 'abc',
+      :client_id => 'foo',
+      :client_secret => 'bar',
+      :redirect_uri => 'http://example.com/callback' }
+  end
+
+  def oauth(attrs=default_attrs)
+    described_class.new(attrs)
+  end
+
+  describe '#authorize_uri' do
+    it 'contains the base uri' do
+      oauth.authorize_uri.to_s.should \
+        include Octokit::Configuration::DEFAULT_WEB_ENDPOINT
+    end
+
+    %w[ client_id state redirect_uri ].each do |name|
+      it "contains the correct #{name} param" do
+        uri = Addressable::URI.parse(oauth.authorize_uri)
+
+        uri.query_values[name].should eq default_attrs[name.to_sym]
+      end
+    end
+
+    { :nil => nil, :empty => '' }.each do |desc, value|
+      it "does not contain the scope param if #{desc}" do
+        uri = oauth(default_attrs.merge(:scope => value)).authorize_uri
+
+        uri.to_s.should_not include 'scope'
+      end
+    end
+  end
+
+  describe '#access_token' do
+    def expect_request(attrs={})
+      stub_request(:post, %r{\/login\/oauth\/access_token$}).
+        with(:body => hash_including(attrs.fetch(:params, {}))).
+        to_return(:status => 200,
+                  :body => attrs.fetch(:answer, 'access_token=foobar'))
+    end
+
+    it 'exchanges the code for an access token' do
+      expect_request(:answer => 'access_token=the_token&token_type=bearer')
+
+      oauth.access_token.should eq 'the_token'
+    end
+
+    it 'raises BadVerificationCode if no access token is returned' do
+      expect_request(:answer => 'error=bad_verification_code')
+
+      expect { oauth.access_token }.
+        to raise_error(described_class::BadVerificationCode)
+    end
+
+    %w[ client_id client_secret code ].each do |name|
+      it "performs a request containing the correct #{name} param" do
+        oauth(default_attrs.merge(:code => 'the_code')).tap do |o|
+          expect_request(:params => { name => o.send(name) })
+          o.access_token
+        end
+      end
+    end
+  end
+end

data/spec/unit/user_spec.rb

@@ -0,0 +1,112 @@
+require 'spec_helper'
+
+describe Warden::GitHub::User do
+  let(:default_attrs) do
+    { 'login' => 'john',
+      'name' => 'John Doe',
+      'gravatar_id' => '38581cb351a52002548f40f8066cfecg',
+      'email' => 'john@doe.com',
+      'company' => 'Doe, Inc.' }
+  end
+  let(:token) { 'the_token' }
+
+  let(:user) do
+    described_class.new(default_attrs, token)
+  end
+
+  describe '#token' do
+    it 'returns the token' do
+      user.token.should eq token
+    end
+  end
+
+  %w[login name gravatar_id email company].each do |name|
+    describe "##{name}" do
+      it "returns the #{name}" do
+        user.send(name).should eq default_attrs[name]
+      end
+    end
+  end
+
+  describe '#api' do
+    it 'returns a preconfigured Octokit client for the user' do
+      api = user.api
+
+      api.should be_an Octokit::Client
+      api.login.should eq user.login
+      api.oauth_token.should eq user.token
+    end
+  end
+
+  def stub_api(user, method, args, ret)
+    api = double
+    user.stub(:api => api)
+    api.should_receive(method).with(*args).and_return(ret)
+  end
+
+  [:organization_public_member?, :organization_member?].each do |method|
+    describe "##{method}" do
+      it 'asks the api for the member status' do
+        status = double
+        stub_api(user, method, ['rails', user.login], status)
+
+        user.send(method, 'rails').should be status
+      end
+    end
+  end
+
+  describe '#team_member?' do
+    it 'asks the api for team members' do
+      status = double
+      stub_api(user, :team_members, [123], false)
+
+      user.team_member?(123)
+    end
+
+    context 'when user is not member' do
+      it 'returns false' do
+        api = double
+        user.stub(:api => api)
+
+        # api.stub(:team_member?, [123, user.login]).and_raise(Octokit::NotFound.new({}))
+        api.stub(:team_members, [123]).and_raise(Octokit::NotFound.new({}))
+
+        user.should_not be_team_member(123)
+      end
+    end
+
+    context 'when user is member' do
+      it 'returns true' do
+        api = double
+        user.stub(:api => api)
+        # api.stub(:team_member?, [123, user.login])
+        api.stub(:team_members, [123])
+
+        user.should be_team_member(123)
+      end
+    end
+  end
+
+  describe '.load' do
+    it 'loads the user data from GitHub and creates an instance' do
+      client = double
+      attrs = {}
+
+      Octokit::Client.
+        should_receive(:new).
+        with(:oauth_token => token).
+        and_return(client)
+      client.should_receive(:user).and_return(attrs)
+
+      user = described_class.load(token)
+
+      user.attribs.should eq attrs
+      user.token.should eq token
+    end
+  end
+
+  # NOTE: This always passes on MRI 1.9.3 because of ruby bug #7627.
+  it 'marshals correctly' do
+    Marshal.load(Marshal.dump(user)).should eq user
+  end
+end

data/warden-github.gemspec

@@ -1,11 +1,9 @@
 # -*- encoding: utf-8 -*-
-$:.push File.expand_path("../lib", __FILE__)
-
-require 'warden-github/version'
+require File.expand_path('../lib/warden/github/version', __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "warden-github"
-  s.version     = Warden::Github::VERSION
+  s.version     = Warden::GitHub::VERSION
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Corey Donohoe"]
   s.email       = ["atmos@atmos.org"]
@@ -15,16 +13,15 @@ Gem::Specification.new do |s|
 
   s.rubyforge_project = "warden-github"
 
-  s.add_dependency "json",   "~>1.5"
-  s.add_dependency "warden", "~>1.0"
-  s.add_dependency "oauth2", "~>0.5.2"
-  s.add_dependency "octokit", "~>1.19.0"
-  s.add_dependency "rest-client", "~>1.6.1"
-  s.add_dependency "yajl-ruby",     "~>1.1"
+  s.add_dependency "warden",    ">1.0"
+  s.add_dependency "octokit",   ">=1.22.0"
+  s.add_dependency "yajl-ruby", ">=1.1.0"
 
   s.add_development_dependency "rack",      "~>1.4.1"
   s.add_development_dependency "rake"
-  s.add_development_dependency "rspec",     "~>2.8.0"
+  s.add_development_dependency "rspec",     "~>2.8"
+  s.add_development_dependency "simplecov"
+  s.add_development_dependency "webmock",   "~>1.9"
   s.add_development_dependency "webrat"
   s.add_development_dependency "sinatra"
   s.add_development_dependency "shotgun"

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: warden-github
 version: !ruby/object:Gem::Version 
-  hash: 45
+  hash: 43
   prerelease: 
   segments: 
   - 0
-  - 12
-  - 1
-  version: 0.12.1
+  - 13
+  - 0
+  version: 0.13.0
 platform: ruby
 authors: 
 - Corey Donohoe
@@ -15,122 +15,105 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2013-01-28 00:00:00 -08:00
+date: 2013-02-05 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: json
+  name: warden
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ~>
+    - - ">"
       - !ruby/object:Gem::Version 
-        hash: 5
+        hash: 15
         segments: 
         - 1
-        - 5
-        version: "1.5"
+        - 0
+        version: "1.0"
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: warden
+  name: octokit
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version 
-        hash: 15
+        hash: 79
         segments: 
         - 1
+        - 22
         - 0
-        version: "1.0"
+        version: 1.22.0
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: oauth2
+  name: yajl-ruby
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version 
-        hash: 15
+        hash: 19
         segments: 
+        - 1
+        - 1
         - 0
-        - 5
-        - 2
-        version: 0.5.2
+        version: 1.1.0
   type: :runtime
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
-  name: octokit
+  name: rack
   prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 91
+        hash: 5
         segments: 
         - 1
-        - 19
-        - 0
-        version: 1.19.0
-  type: :runtime
+        - 4
+        - 1
+        version: 1.4.1
+  type: :development
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  name: rest-client
+  name: rake
   prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version 
-        hash: 13
+        hash: 3
         segments: 
-        - 1
-        - 6
-        - 1
-        version: 1.6.1
-  type: :runtime
+        - 0
+        version: "0"
+  type: :development
   version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  name: yajl-ruby
+  name: rspec
   prerelease: false
   requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 13
+        hash: 19
         segments: 
-        - 1
-        - 1
-        version: "1.1"
-  type: :runtime
+        - 2
+        - 8
+        version: "2.8"
+  type: :development
   version_requirements: *id006
 - !ruby/object:Gem::Dependency 
-  name: rack
+  name: simplecov
   prerelease: false
   requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 1
-        - 4
-        - 1
-        version: 1.4.1
-  type: :development
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: rake
-  prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -140,27 +123,26 @@ dependencies:
         - 0
         version: "0"
   type: :development
-  version_requirements: *id008
+  version_requirements: *id007
 - !ruby/object:Gem::Dependency 
-  name: rspec
+  name: webmock
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 47
+        hash: 29
         segments: 
-        - 2
-        - 8
-        - 0
-        version: 2.8.0
+        - 1
+        - 9
+        version: "1.9"
   type: :development
-  version_requirements: *id009
+  version_requirements: *id008
 - !ruby/object:Gem::Dependency 
   name: webrat
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  requirement: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -170,11 +152,11 @@ dependencies:
         - 0
         version: "0"
   type: :development
-  version_requirements: *id010
+  version_requirements: *id009
 - !ruby/object:Gem::Dependency 
   name: sinatra
   prerelease: false
-  requirement: &id011 !ruby/object:Gem::Requirement 
+  requirement: &id010 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -184,11 +166,11 @@ dependencies:
         - 0
         version: "0"
   type: :development
-  version_requirements: *id011
+  version_requirements: *id010
 - !ruby/object:Gem::Dependency 
   name: shotgun
   prerelease: false
-  requirement: &id012 !ruby/object:Gem::Requirement 
+  requirement: &id011 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -198,11 +180,11 @@ dependencies:
         - 0
         version: "0"
   type: :development
-  version_requirements: *id012
+  version_requirements: *id011
 - !ruby/object:Gem::Dependency 
   name: addressable
   prerelease: false
-  requirement: &id013 !ruby/object:Gem::Requirement 
+  requirement: &id012 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -214,11 +196,11 @@ dependencies:
         - 0
         version: 2.2.0
   type: :development
-  version_requirements: *id013
+  version_requirements: *id012
 - !ruby/object:Gem::Dependency 
   name: rack-test
   prerelease: false
-  requirement: &id014 !ruby/object:Gem::Requirement 
+  requirement: &id013 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -230,7 +212,7 @@ dependencies:
         - 3
         version: 0.5.3
   type: :development
-  version_requirements: *id014
+  version_requirements: *id013
 description: A warden strategy for easy oauth integration with github
 email: 
 - atmos@atmos.org
@@ -249,16 +231,18 @@ files:
 - README.md
 - Rakefile
 - config.ru
-- lib/warden-github.rb
-- lib/warden-github/proxy.rb
-- lib/warden-github/strategy.rb
-- lib/warden-github/user.rb
-- lib/warden-github/version.rb
-- spec/app.rb
-- spec/oauth_spec.rb
-- spec/proxy_spec.rb
+- example/app.rb
+- lib/warden/github.rb
+- lib/warden/github/hook.rb
+- lib/warden/github/oauth.rb
+- lib/warden/github/strategy.rb
+- lib/warden/github/user.rb
+- lib/warden/github/version.rb
+- spec/fixtures/user.json
+- spec/integration/oauth_spec.rb
 - spec/spec_helper.rb
-- spec/user_spec.rb
+- spec/unit/oauth_spec.rb
+- spec/unit/user_spec.rb
 - warden-github.gemspec
 has_rdoc: true
 homepage: http://github.com/atmos/warden-github
@@ -295,8 +279,8 @@ signing_key:
 specification_version: 3
 summary: A warden strategy for easy oauth integration with github
 test_files: 
-- spec/app.rb
-- spec/oauth_spec.rb
-- spec/proxy_spec.rb
+- spec/fixtures/user.json
+- spec/integration/oauth_spec.rb
 - spec/spec_helper.rb
-- spec/user_spec.rb
+- spec/unit/oauth_spec.rb
+- spec/unit/user_spec.rb