warden-oauth2-strategies 0.0.4 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b5f58493bf08099b52076a588bec5a9b085a87dc
-  data.tar.gz: c035adbefd44c2d638f4083837bdf177556d4daa
+  metadata.gz: 0c6a34c8e622339f8691e13f71bdc4e24750098a
+  data.tar.gz: c85473c8b74ac773e500284e3499572866a47c0f
 SHA512:
-  metadata.gz: 82c79f570379db6077afae398c31ac2fae751e6e1dabdd38c44a653340d48432eb98125dde64905ce2cd515cd47c4f7f67add125a569595e46acc650f965bca2
-  data.tar.gz: 9fa9d1e8aaa201fa5a1644d985f4456e26aab48c9ed625a71b3cd2b0ff2c565340421ff0fc32f6e1bb61912034681bedc668cf01dd2145e07f11f3ebeb50ddba
+  metadata.gz: bfb7486551c23f787779fd628a1de71de1acdd56ec6aee88acff8fdeb741aa7a83c83e1755fa9cb42845abab8a705ca2b6c0bb606b2e16b95992b66b5255924a
+  data.tar.gz: ea455fafa45ee5d0bf75b5bc3f7caa1c280f33bcb2c2fc5ec330c2bd7cef4cd03dbdede5e2f64125cc45e498567b9dc49320b5d920cca9f337f461f23f409baa

data/.travis.yml

@@ -1,7 +1,5 @@
 rvm:
   - 1.9.3
-  - 1.9.2
-  - 1.8.7
   - jruby
   - rbx
 script: "bundle exec rake"

data/README.md

@@ -15,12 +15,14 @@ require 'warden-oauth2'
 
 class MyAPI < Grape::API
   use Warden::Manager do |config|
-    strategies.add :bearer, Warden::OAuth2::Strategies::Bearer
-    strategies.add :client_credentials, Warden::OAuth2::Strategies::ClientCredentials
-    strategies.add :resource_owner_password_credentials, Warden::OAuth2::Strategies::ResourceOwnerPasswordCredentials
-    strategies.add :public, Warden::OAuth2::Strategies::Public
-
-    config.default_strategies :bearer, :client_credentials, :resource_owner_password_credentials, :public
+    config.strategies.add :bearer, Warden::OAuth2::Strategies::Bearer
+    config.strategies.add :client_credentials, Warden::OAuth2::Strategies::ClientCredentials
+    config.strategies.add :resource_owner_password_credentials, Warden::OAuth2::Strategies::ResourceOwnerPasswordCredentials
+    config.strategies.add :issuing_access_token, Warden::OAuth2::Strategies::IssuingAccessToken
+    config.strategies.add :accessing_protected_resource, Warden::OAuth2::Strategies::AccessingProtectedResource
+
+    config.default_strategies :client_credentials, :resource_owner_password_credentials, :issuing_access_token
+    config.default_strategies :bearer, :accessing_protected_resource
     config.failure_app Warden::OAuth2::FailureApp
   end
 
@@ -162,6 +164,14 @@ Use `.valid?` on the client application to determine if user credentials are cor
 
 **User:** The Warden user is set to the access token returned by `.locate`.
 
+### Issuing Access Token
+
+This strategy is a fallback strategy when cannot issue access token due to unspecified grant_type
+
+### Accessing Protected Resource
+
+This strategy is a fallback strategy when cannot validate access to protected resource due to unspecified token
+
 ### Public
 
 This strategy succeeds by default and only fails if the authentication

data/lib/warden/oauth2/failure_app.rb

@@ -21,8 +21,8 @@ module Warden
           headers['X-Accepted-OAuth-Scopes'] = (strategy.scope || :public).to_s
         else
           status = 400
-          body[:error] = "invalid_grant"
-          body[:error_description] = "grant_type is not specified or invalid"
+          body[:error] = 'invalid_request'
+          body[:error_description] = 'cannot determine authentication method'
         end
         [status, headers, [JSON.dump(body)]]
       end

data/lib/warden/oauth2/strategies/accessing_protected_resource.rb

@@ -0,0 +1,18 @@
+require 'warden-oauth2'
+
+module Warden
+  module OAuth2
+    module Strategies
+      class AccessingProtectedResource < Bearer
+        def valid?
+          !super
+        end
+
+        def authenticate!
+          self.error_description = 'Bearer Token is not provided'
+          fail! 'invalid_client'
+        end
+      end
+    end
+  end
+end

data/lib/warden/oauth2/strategies/base.rb

@@ -4,6 +4,7 @@ module Warden
   module OAuth2
     module Strategies
       class Base < Warden::Strategies::Base
+        attr_writer :error_description
         def store?
           false
         end
@@ -11,6 +12,10 @@ module Warden
         def error_status
           400
         end
+
+        def error_description
+          @error_description || ''
+        end
       end
     end
   end

data/lib/warden/oauth2/strategies/client.rb

@@ -5,16 +5,16 @@ module Warden
   module OAuth2
     module Strategies
       class Client < Base
-        attr_reader :client, :client_id, :client_secret, :error_description
+        attr_reader :client, :client_id, :client_secret
 
         def authenticate!
           @client = client_from_http_basic || client_from_request_params
 
           if self.client
-            fail "invalid_scope" and return if scope && client.respond_to?(:scope) && !client.scope?(scope)
+            fail 'invalid_scope' and return if scope && client.respond_to?(:scope) && !client.scope?(scope)
             client_authenticated
           else
-            fail "invalid_client"
+            fail 'invalid_client'
           end
         end
 
@@ -36,14 +36,12 @@ module Warden
 
         def error_status
           case message
-            when "invalid_client" then 401
-            when "invalid_scope" then 403
+            when 'invalid_client' then 401
+            when 'invalid_scope' then 403
             else 400
           end
         end
 
-        protected
-        attr_writer :error_description
         def model
           raise 'Model should be defined in a child strategy'
         end

data/lib/warden/oauth2/strategies/issuing_access_token.rb

@@ -0,0 +1,18 @@
+require 'warden-oauth2'
+
+module Warden
+  module OAuth2
+    module Strategies
+      class IssuingAccessToken < Base
+        def valid?
+          !params.include?('grant_type')
+        end
+
+        def authenticate!
+          self.error_description = 'grant_type is not specified or invalid'
+          fail! 'invalid_grant'
+        end
+      end
+    end
+  end
+end

data/lib/warden/oauth2/version.rb

@@ -1,5 +1,5 @@
 module Warden
   module OAuth2
-    VERSION = "0.0.4"
+    VERSION = "0.0.5"
   end
 end

data/lib/warden/oauth2.rb

@@ -29,6 +29,8 @@ module Warden
       autoload :Client, 'warden/oauth2/strategies/client'
       autoload :ClientCredentials, 'warden/oauth2/strategies/client_credentials'
       autoload :ResourceOwnerPasswordCredentials, 'warden/oauth2/strategies/resource_owner_password_credentials'
+      autoload :IssuingAccessToken, 'warden/oauth2/strategies/issuing_access_token'
+      autoload :AccessingProtectedResource, 'warden/oauth2/strategies/accessing_protected_resource'
       autoload :Bearer, 'warden/oauth2/strategies/bearer'
     end
   end

data/spec/warden/oauth2/failure_app_spec.rb

@@ -4,11 +4,11 @@ describe Warden::OAuth2::FailureApp do
   let(:app) { subject }
   let(:warden) { double(:winning_strategy => @strategy) }
 
-  it 'defaults to invalid_grant if strategy is not found' do
+  it 'defaults to invalid_request if strategy is not found' do
     @strategy = nil
     get '/unauthenticated', {}, 'warden' => warden
     last_response.status.should == 400
-    last_response.body.should == '{"error":"invalid_grant","error_description":"grant_type is not specified or invalid"}'
+    last_response.body.should == '{"error":"invalid_request","error_description":"cannot determine authentication method"}'
   end
   it 'uses empty string is strategy does not provide a description' do
     @strategy = double(error_status: 500,:message => 'custom', scope: 'bla')

data/spec/warden/oauth2/strategies/accessing_protected_resource_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Warden::OAuth2::Strategies::AccessingProtectedResource do
+  let(:strategy){ described_class }
+  subject{ strategy.new({'rack.input' => {}}) }
+
+  describe '#valid?' do
+    Rack::Auth::AbstractRequest::AUTHORIZATION_KEYS.each do |key|
+      it 'returns true if token string is not correct' do
+        subject.stub(:env).and_return({key => 'Some sneaky key'})
+        subject.should be_valid
+      end
+    end
+    it 'returns true if token string is not specified' do
+      subject.stub(:env).and_return({})
+      subject.should be_valid
+    end
+    it 'returns false if token string is correct' do
+      subject.stub(:env).and_return({'HTTP_AUTHORIZATION' => 'Bearer abc'})
+      subject.should_not be_valid
+    end
+  end
+  describe '#authenticate!' do
+    it 'fails with invalid_client' do
+      subject._run!
+      subject.result.should == :failure
+      subject.message.should == 'invalid_client'
+      subject.error_status.should == 400
+      subject.error_description.should_not be_empty
+    end
+  end
+end

data/spec/warden/oauth2/strategies/issuing_access_token_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Warden::OAuth2::Strategies::IssuingAccessToken do
+  let(:strategy){ described_class }
+  subject{ strategy.new({'rack.input' => {}}) }
+
+  describe '#valid?' do
+    it 'returns false when grant_type is specified' do
+      subject.stub(:params).and_return({'grant_type' => 'whatever'})
+      subject.should_not be_valid
+    end
+    it 'returns true when the grant_type is not specified' do
+      subject.stub(:params).and_return({})
+      subject.should be_valid
+    end
+  end
+  describe '#authenticate!' do
+    it 'fails with invalid grant' do
+      subject._run!
+      subject.result.should == :failure
+      subject.message.should == 'invalid_grant'
+      subject.error_status.should == 400
+      subject.error_description.should_not be_empty
+    end
+  end
+end

data/warden-oauth2.gemspec

@@ -15,6 +15,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Warden::OAuth2::VERSION
   gem.licenses      = ['MIT']
+  gem.required_ruby_version = '>= 1.9.3'
 
   gem.add_dependency 'warden'
   gem.add_development_dependency 'rake'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: warden-oauth2-strategies
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - AirService
@@ -84,19 +84,23 @@ files:
 - lib/warden/oauth2.rb
 - lib/warden/oauth2/error_app.rb
 - lib/warden/oauth2/failure_app.rb
+- lib/warden/oauth2/strategies/accessing_protected_resource.rb
 - lib/warden/oauth2/strategies/base.rb
 - lib/warden/oauth2/strategies/bearer.rb
 - lib/warden/oauth2/strategies/client.rb
 - lib/warden/oauth2/strategies/client_credentials.rb
+- lib/warden/oauth2/strategies/issuing_access_token.rb
 - lib/warden/oauth2/strategies/public.rb
 - lib/warden/oauth2/strategies/resource_owner_password_credentials.rb
 - lib/warden/oauth2/strategies/token.rb
 - lib/warden/oauth2/version.rb
 - spec/spec_helper.rb
 - spec/warden/oauth2/failure_app_spec.rb
+- spec/warden/oauth2/strategies/accessing_protected_resource_spec.rb
 - spec/warden/oauth2/strategies/bearer_spec.rb
 - spec/warden/oauth2/strategies/client_credentials_spec.rb
 - spec/warden/oauth2/strategies/client_spec.rb
+- spec/warden/oauth2/strategies/issuing_access_token_spec.rb
 - spec/warden/oauth2/strategies/public_spec.rb
 - spec/warden/oauth2/strategies/resource_owner_password_credentials_spec.rb
 - spec/warden/oauth2/strategies/token_spec.rb
@@ -113,7 +117,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - '>='
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - '>='
@@ -121,16 +125,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.11
+rubygems_version: 2.2.1
 signing_key: 
 specification_version: 4
 summary: OAuth 2.0 strategies for Warden
 test_files:
 - spec/spec_helper.rb
 - spec/warden/oauth2/failure_app_spec.rb
+- spec/warden/oauth2/strategies/accessing_protected_resource_spec.rb
 - spec/warden/oauth2/strategies/bearer_spec.rb
 - spec/warden/oauth2/strategies/client_credentials_spec.rb
 - spec/warden/oauth2/strategies/client_spec.rb
+- spec/warden/oauth2/strategies/issuing_access_token_spec.rb
 - spec/warden/oauth2/strategies/public_spec.rb
 - spec/warden/oauth2/strategies/resource_owner_password_credentials_spec.rb
 - spec/warden/oauth2/strategies/token_spec.rb