warden-jwt 0.1.0

data/spec/fixtures/vcr_cassettes/Warden_JWT_Strategy/_authenticate_/with_issuer_check/and_valid_issuer/authenticates_successfully.yml

@@ -0,0 +1,55 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:4000/oauth/token
+    body:
+      encoding: US-ASCII
+      string: grant_type=password&username=you%40example.com&password=mypassword
+    headers:
+      Accept:
+      - "*/*; q=0.5, application/xml"
+      Accept-Encoding:
+      - gzip, deflate
+      Content-Length:
+      - '66'
+      Content-Type:
+      - application/x-www-form-urlencoded
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Xss-Protection:
+      - 1; mode=block
+      X-Content-Type-Options:
+      - nosniff
+      Cache-Control:
+      - no-store
+      Pragma:
+      - no-cache
+      Content-Type:
+      - application/json; charset=utf-8
+      Etag:
+      - W/"e660f9f498b0d02ca450145e9ac9a20e"
+      Set-Cookie:
+      - _oauth-provider-doorkeeper_session=NUR4dnBROHZHTjhiTm5DZmF4LzJUQjY3Y0wvTFliMDA2U1RIQTJ2cFk3VjJpaWFWM3NGYmFmSE5wRm1mbHFQWGViOW9PYlRaenNZR0h2cERCOXMraUE9PS0tT0U3YlJnT0J5bm9sVmpwQnoxNXhkZz09--cca28b97961fe2e163405d48eed26c0f1767398d;
+        path=/; HttpOnly
+      X-Request-Id:
+      - 86aa1ef4-c4cb-446e-b45e-af9b82e6519d
+      X-Runtime:
+      - '0.134671'
+      Connection:
+      - close
+      Server:
+      - thin
+    body:
+      encoding: UTF-8
+      string: '{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOiIyMDE1LTA3LTI4VDA0OjE2OjUxLjAyMSswMDowMCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMCIsImF1ZCI6WyIxZjI0YmY1NDJiNjkyNWZmM2IxODAzMmY5MzExYzEyMmMyMTA2OGNlMGEwOTAzM2IyMDcxMTJmODI2ZGIzZDdmIl0sInVpZCI6OSwidW4iOiJ0ZXN0IiwiZW1haWwiOiJ5b3VAZXhhbXBsZS5jb20iLCJmbiI6IlRlc3QiLCJsbiI6IlRlc3QiLCJuIjoiVGVzdCIsInIiOiJkZWZhdWx0IiwibSI6W3sicCI6ImRlZmF1bHQiLCJvaWQiOiIxZjI0YmY1NDJiNjkyNWZmM2IxODAzMmY5MzExYzEyMmMyMTA2OGNlMGEwOTAzM2IyMDcxMTJmODI2ZGIzZDdmIiwibyI6IkRpZ2lmaW5kIn1dfQ.BjbvUcrR8HKo51wBA3hv3VlQimmS_oMrpSweri57-yk","token_type":"bearer","expires_in":7200,"refresh_token":"c20c932ebd9dcad41b47e7ab6998ad48fe365c8da605de95f7ce0dfd0a97ee1f","scope":"public","created_at":1438057011}'
+    http_version: 
+  recorded_at: Tue, 28 Jul 2015 04:16:51 GMT
+recorded_with: VCR 2.9.3

data/spec/fixtures/vcr_cassettes/Warden_JWT_Strategy/_authenticate_/with_valid_parameters/authenticates_successfully.yml

@@ -0,0 +1,55 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:4000/oauth/token
+    body:
+      encoding: US-ASCII
+      string: grant_type=password&username=you%40example.com&password=mypassword
+    headers:
+      Accept:
+      - "*/*; q=0.5, application/xml"
+      Accept-Encoding:
+      - gzip, deflate
+      Content-Length:
+      - '66'
+      Content-Type:
+      - application/x-www-form-urlencoded
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Xss-Protection:
+      - 1; mode=block
+      X-Content-Type-Options:
+      - nosniff
+      Cache-Control:
+      - no-store
+      Pragma:
+      - no-cache
+      Content-Type:
+      - application/json; charset=utf-8
+      Etag:
+      - W/"745b7d26dc386138c4cac5914250021b"
+      Set-Cookie:
+      - _oauth-provider-doorkeeper_session=VGxZYkVEUHM2TXhqNkxTb0VqM3ZrMWJ0NEpLWm9iZzgvcWR3a2lxVktGd0lPMFBIbVBBVGE4dVBYSXFmVmxlckhiVjlleElGaEFFOEJzYmRBNUltZWc9PS0tVVNrVVhvL3pzaWs3aW1ZMlY0d0NpQT09--b8cdb35682eda8b627cb0bc52cd2918cec880d7c;
+        path=/; HttpOnly
+      X-Request-Id:
+      - 8c70bde2-a5a6-4341-9c4b-1e399dd750d7
+      X-Runtime:
+      - '0.379515'
+      Connection:
+      - close
+      Server:
+      - thin
+    body:
+      encoding: UTF-8
+      string: '{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOiIyMDE1LTA3LTI4VDA0OjE0OjA5Ljg0NCswMDowMCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMCIsImF1ZCI6WyIxZjI0YmY1NDJiNjkyNWZmM2IxODAzMmY5MzExYzEyMmMyMTA2OGNlMGEwOTAzM2IyMDcxMTJmODI2ZGIzZDdmIl0sInVpZCI6OSwidW4iOiJ0ZXN0IiwiZW1haWwiOiJ5b3VAZXhhbXBsZS5jb20iLCJmbiI6IlRlc3QiLCJsbiI6IlRlc3QiLCJuIjoiVGVzdCIsInIiOiJkZWZhdWx0IiwibSI6W3sicCI6ImRlZmF1bHQiLCJvaWQiOiIxZjI0YmY1NDJiNjkyNWZmM2IxODAzMmY5MzExYzEyMmMyMTA2OGNlMGEwOTAzM2IyMDcxMTJmODI2ZGIzZDdmIiwibyI6IkRpZ2lmaW5kIn1dfQ.DPWNg9ESIDUJRVGhD1ICKs93YryTWRNXyu4Fv7QmSwM","token_type":"bearer","expires_in":7200,"refresh_token":"aa729119459f41d03c7d6076f3115d5162ad00a2890d45ebc570002f3bed2f21","scope":"public","created_at":1438056849}'
+    http_version: 
+  recorded_at: Tue, 28 Jul 2015 04:14:09 GMT
+recorded_with: VCR 2.9.3

data/spec/helpers/request_helper.rb

@@ -0,0 +1,9 @@
+module Warden::Spec
+  module Helpers
+    def env_with_params(path = "/", params = {}, env = {})
+      method = params.delete(:method) || "GET"
+      env = { 'HTTP_VERSION' => '1.1', 'REQUEST_METHOD' => "#{method}" }.merge(env)
+      Rack::MockRequest.env_for("#{path}?#{Rack::Utils.build_query(params)}", env)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+require "codeclimate-test-reporter"
+CodeClimate::TestReporter.start
+
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'warden/jwt'
+require 'webmock/rspec'
+require 'support/vcr'
+require 'rubygems'
+require 'rack'
+
+
+Dir[File.join(File.dirname(__FILE__), "helpers", "**/*.rb")].each do |f|
+  require f
+end
+
+RSpec.configure do |config|
+  config.include(Warden::Spec::Helpers)
+end

data/spec/support/vcr.rb

@@ -0,0 +1,7 @@
+require 'vcr'
+
+VCR.configure do |config|
+  config.cassette_library_dir = "spec/fixtures/vcr_cassettes"
+  config.hook_into :webmock
+  config.configure_rspec_metadata!
+end

data/spec/warden/jwt/config_spec.rb

@@ -0,0 +1,183 @@
+require 'spec_helper'
+
+describe Warden::JWT::Config do
+  let(:warden_scope) { :test_scope }
+
+  let(:env) do
+    { 'warden' => double(:config => warden_config) }
+  end
+
+  let(:warden_config) do
+    { :scope_defaults => { warden_scope => { :config => scope_config } } }
+  end
+
+  let(:scope_config) do
+    {}
+  end
+
+  let(:request) do
+    double(:url => 'http://example.com/the/path', :path => '/the/path')
+  end
+
+  subject(:config) do
+    described_class.new(env, warden_scope)
+  end
+
+  before do
+    allow(config).to receive_messages(:request => request)
+  end
+
+  def silence_warnings
+    old_verbose, $VERBOSE = $VERBOSE, nil
+    yield
+  ensure
+    $VERBOSE = old_verbose
+  end
+
+  describe '#audience' do
+    context 'when specified in scope config' do
+      it 'returns the audience' do
+        scope_config[:audience] = 'foobar'
+        expect(config.audience).to eq 'foobar'
+      end
+    end
+
+    context 'when specified in ENV' do
+      it 'returns the audience' do
+        allow(ENV).to receive(:[]).with('IDENTITY_CLIENT_ID').and_return('foobar')
+        expect(config.audience).to eq 'foobar'
+      end
+    end
+
+    context 'when not specified' do
+      it 'raises BadConfig' do
+        expect { config.audience }.to raise_error(described_class::BadConfig)
+      end
+    end
+  end
+
+  describe '#secret' do
+    context 'when specified in scope config' do
+      it 'returns the client secret' do
+        scope_config[:secret] = 'foobar'
+        expect(config.secret).to eq 'foobar'
+      end
+    end
+
+    context 'when specified in ENV' do
+      it 'returns the secret' do
+        allow(ENV).to receive(:[]).with('IDENTITY_SECRET').and_return('foobar')
+        silence_warnings do
+          expect(config.secret).to eq 'foobar'
+        end
+      end
+    end
+
+    context 'when not specified' do
+      it 'raises BadConfig' do
+        expect { config.secret }.to raise_error(described_class::BadConfig)
+      end
+    end
+  end
+
+  describe '#issuer' do
+    context 'when specified in scope config' do
+      it 'returns the identity uri' do
+        scope_config[:issuer] = 'http://example.com/callback'
+        expect(config.issuer).to eq 'http://example.com/callback'
+      end
+    end
+
+    context 'when specified in ENV' do
+      it 'returns the identity_uri' do
+        allow(ENV).to receive(:[]).with('IDENTITY_URL').and_return('http://example.com/callback')
+        silence_warnings do
+          expect(config.issuer).to eq 'http://example.com/callback'
+        end
+      end
+    end
+
+    context 'when not specified' do
+      it 'raises BadConfig' do
+        expect { config.issuer }.to raise_error(described_class::BadConfig)
+      end
+    end
+  end
+
+  describe '#username_param' do
+    context 'when specified in config' do
+      it 'returns the username param' do
+        scope_config[:username_param] = 'user'
+        expect(config.username_param).to eq 'user'
+      end
+    end
+
+    context 'when not specified' do
+      it 'returns username' do
+        expect(config.username_param).to eq 'username'
+      end
+    end
+  end
+
+  describe '#password_param' do
+    context 'when specified in config' do
+      it 'returns the password param' do
+        scope_config[:password_param] = 'pass'
+        expect(config.password_param).to eq 'pass'
+      end
+    end
+
+    context 'when not specified' do
+      it 'returns password' do
+        expect(config.password_param).to eq 'password'
+      end
+    end
+  end
+
+  describe "#verify_issuer" do
+    context 'when specified in config' do
+      it 'returns the verify_issuer param' do
+        scope_config[:verify_issuer] = false
+        expect(config.verify_issuer).to eq false
+      end
+    end
+
+    context 'when not specified' do
+      it 'returns true' do
+        expect(config.verify_issuer).to eq true
+      end
+    end
+  end
+
+  describe "#verify_audience" do
+    context 'when specified in config' do
+      it 'returns the verify_audience param' do
+        scope_config[:verify_audience] = false
+        expect(config.verify_audience).to eq false
+      end
+    end
+
+    context 'when not specified' do
+      it 'returns true' do
+        expect(config.verify_audience).to eq true
+      end
+    end
+  end
+
+  describe '#to_hash' do
+    it 'includes all configs' do
+      scope_config.merge!(
+        :issuer  => '/foo',
+        :audience     => 'abc',
+        :secret => '123',
+        :username_param => 'wef',
+        :password_param => 'wef',
+        :verify_issuer => 'wef',
+        :verify_audience => 'wef'
+      )
+
+      expect(config.to_hash.keys).
+        to match_array([:issuer, :audience, :secret, :username_param, :password_param, :verify_issuer, :verify_audience])
+      end
+  end
+end

data/spec/warden/jwt/strategy_spec.rb

@@ -0,0 +1,143 @@
+require 'spec_helper'
+require 'warden/jwt'
+
+describe Warden::JWT::Strategy do
+  let(:strategy) { Warden::Strategies[:jwt].new(env_with_params(path, params, env), warden_scope) }
+
+  let(:warden_scope) { :test_scope }
+
+  let(:env) do
+    { 'warden' => double(:config => warden_config) }
+  end
+
+  let(:warden_config) do
+    { :scope_defaults => { warden_scope => { :config => scope_config } } }
+  end
+
+  let(:secret) { '1fcd5a60e0f8f874c9297d7bc9e8af21a1e8be86add775fcaa1ed8a3722089f398a4ef6fa8a0cc115b85557a72920feaf894e4a34dc3f87dbf91d95f398b5c4c' }
+  let(:issuer) { 'http://localhost:4000'}
+  let(:audience) { '1f24bf542b6925ff3b18032f9311c122c21068ce0a09033b207112f826db3d7f' }
+  let(:verify_audience) { false }
+  let(:verify_issuer) { false }
+
+  let(:scope_config) do
+    {
+      :issuer => issuer,
+      :audience => audience,
+      :secret => secret,
+      :verify_audience => verify_audience,
+      :verify_issuer => verify_issuer
+    }
+  end
+
+  let(:params) { {} }
+
+  let(:path) { '/' }
+
+  before(:each) do
+    RAS = Warden::Strategies unless defined?(RAS)
+    Warden::Strategies.clear!
+    Warden::Strategies.add(:jwt, Warden::JWT::Strategy)
+  end
+
+  describe "#valid?" do
+    context "with empty params" do
+      let(:params) { {} }
+
+      it "is false" do
+        expect(strategy.valid?).to eq(false)
+      end
+    end
+
+    context "with only username param" do
+      let(:params) { {'username' => 'user'} }
+
+      it "is false" do
+        expect(strategy.valid?).to eq(false)
+      end
+    end
+
+    context "with only password param" do
+      let(:params) { {'password' => 'pass'} }
+
+      it "is false" do
+        expect(strategy.valid?).to eq(false)
+      end
+    end
+
+    context "with username and password" do
+      let(:params) { {'username' => 'user', 'password' => 'pass'} }
+
+      it "is true" do
+        expect(strategy.valid?).to eq(true)
+      end
+    end
+  end
+
+  describe "#decode_token_from_json" do
+    let(:respone) { }
+  end
+
+  describe "#authenticate!", :vcr do
+    let(:params) { {'username' => 'you@example.com', 'password' => 'mypassword'} }
+
+    context "with valid parameters" do
+      it "authenticates successfully" do
+        expect(strategy.authenticate!).to eq(:success)
+      end
+    end
+
+    context "with invalid password" do
+      let(:params) { {'username' => 'you@example.com', 'password' => 'pass'} }
+
+      it "fails authentication" do
+        expect(strategy.authenticate!).to eq(:failure)
+      end
+    end
+
+    context "with invalid username" do
+      let(:params) { {'username' => 'me@example.com', 'password' => 'pass'} }
+
+      it "fails authentication" do
+        expect(strategy.authenticate!).to eq(:failure)
+      end
+    end
+
+    context "with audience check" do
+      let(:verify_audience) { true }
+
+      context "and valid audience" do
+        it "authenticates successfully" do
+          expect(strategy.authenticate!).to eq(:success)
+        end
+      end
+
+      context "and invalid audience" do
+        let(:audience) { 'weiufhwef'}
+
+        it "fails authentication" do
+          expect(strategy.authenticate!).to eq(:failure)
+        end
+      end
+    end
+
+
+    context "with issuer check" do
+      let(:verify_issuer) { true }
+
+      context "and valid issuer" do
+        it "authenticates successfully" do
+          expect(strategy.authenticate!).to eq(:success)
+        end
+      end
+
+      context "and invalid issuer" do
+        let(:issuer) { 'http://localhost:2000/' }
+
+        it "raises invalid issuer exception" do
+          expect{ strategy.authenticate! }.to raise_error(JWT::InvalidIssuerError)
+        end
+      end
+    end
+  end
+end

data/spec/warden/jwt_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+describe Warden::JWT do
+  it 'has a version number' do
+    expect(Warden::JWT::VERSION).not_to be nil
+  end
+end

data/warden-jwt.gemspec

@@ -0,0 +1,38 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'warden/jwt/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "warden-jwt"
+  spec.version       = Warden::JWT::VERSION
+  spec.authors       = ["Rob Sharp"]
+  spec.email         = ["rob.sharp@digivizer.com"]
+
+  spec.summary       = %q{A Warden strategy for JWT}
+  spec.homepage      = "http://github.com/dgvz/warden-jwt"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'jwt', '~> 1.5'
+  spec.add_runtime_dependency 'rest-client', '~> 1.8'
+  spec.add_runtime_dependency 'warden', '~> 1.2'
+  spec.add_runtime_dependency 'addressable', '~> 2.3'
+
+  spec.add_development_dependency 'bundler', '~> 1.0'
+  spec.add_development_dependency 'rake', '~> 10'
+  spec.add_development_dependency 'rack', '~> 1.6'
+  spec.add_development_dependency 'rspec', '~> 3.3'
+  spec.add_development_dependency 'simplecov', '~> 0.10'
+  spec.add_development_dependency 'vcr', '~> 2.9'
+  spec.add_development_dependency 'webmock', '~> 1.21'
+  spec.add_development_dependency 'multi_json', '~> 1.11'
+  spec.add_development_dependency 'guard', '~> 2.11'
+  spec.add_development_dependency 'guard-rspec', '~> 4.5'
+  spec.add_development_dependency 'guard-bundler', '~> 0.1'
+end