warden-oauth2-strategies 0.0.7 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 91693eebe7b261a8fac112ba0eaf0e9326010e01
-  data.tar.gz: c734102cc67e9483dcff30c616ec736f341bd45f
+  metadata.gz: d058d337570bf20c44cf52997b3354f8a91b90f9
+  data.tar.gz: 8adef9735a0c873a7654bbefa8be3f4ec97a3aae
 SHA512:
-  metadata.gz: ee76e1b6713669d752c8562b3a8c778f92a15e1f7802b146f76fd1de97fcfdd3a0b3d8ed4340abf4f3253dec38c4d27ff1ed38ce95552d7073c06bf22fe3cd04
-  data.tar.gz: 87f1a4f2ede459483285fafb34173d4c0f735e325bf4561de2080aae7424b560e3e57b8f52c59bbd00895e1fef247801f42c3137e4e2c335d2283f03fd51f7de
+  metadata.gz: 70bb686e79781c318eb6fa3b4c2d8f7f46b899c08352747b8eef7b22cd1c9f63ed3a8b5727d9ed82ea8cf271b2c3ed4e8daeae8b0a43f741bfa05494b0d5875c
+  data.tar.gz: 27a76dc67de1cc68edd4046cecf00b4fe39eddbf58afaa8f4830ae5ac5041234093913c1c7fb8f57d1bf124de9528b63ecb1415db2c9ef021ba3e7a676fa66d5

data/README.md

@@ -20,8 +20,9 @@ class MyAPI < Grape::API
     config.strategies.add :resource_owner_password_credentials, Warden::OAuth2::Strategies::ResourceOwnerPasswordCredentials
     config.strategies.add :issuing_access_token, Warden::OAuth2::Strategies::IssuingAccessToken
     config.strategies.add :accessing_protected_resource, Warden::OAuth2::Strategies::AccessingProtectedResource
+    config.strategies.add :refresh_token, Warden::OAuth2::Strategies::RefreshToken
 
-    config.default_strategies :client_credentials, :resource_owner_password_credentials, :issuing_access_token
+    config.default_strategies :client_credentials, :resource_owner_password_credentials, :refresh_token, :issuing_access_token
     config.default_strategies :bearer, :accessing_protected_resource
     config.failure_app Warden::OAuth2::FailureApp
   end
@@ -54,9 +55,10 @@ end
   Defaults to `ClientCredentialsApplication`.
 * **resource_owner_password_credentials_model:** A client application class used for resource owner password authentication. See **Models** below.
   Defaults to `ResourceOwnerPasswordCredentialsApplication`.
+* **refresh_token_model:** A refresh token application class used for refresh token authentication. See **Models** below. Defaults
+  to `RefreshTokenApplication`.
 * **token_model:** An access token class. See **Models** below. Defaults
   to `AccessToken`.
-
 ## Models
 
 You will need to supply data models to back up the persistent facets of
@@ -106,6 +108,24 @@ class ResourceOwnerPasswordCredentialsApplication
 end
 ```
 
+### Refresh Token Application
+
+```ruby
+class RefreshTokenApplication
+  # REQUIRED
+  def self.locate(client_id, client_secret = nil)
+    # Should return a refresh token application matching the client_id
+    # provided, but should ONLY match client_secret if it is
+    # provided.
+    # the returned value should implement the following interface
+    # def valid?
+      # Use options[:refresh_token] to check that specified refresh token is valid
+    # end
+  end
+
+end
+```
+
 ### Access Token
 
 ```ruby
@@ -164,6 +184,13 @@ Use `.valid?` on the client application to determine if user credentials are cor
 
 **User:** The Warden user is set to the access token returned by `.locate`.
 
+### Refresh Token
+
+This strategy creates an new access token based on expired access token refresh token.
+Use `.valid?` on the refresh token application to determine if refresh token is valid.
+
+**User:** The Warden user is set to the access token returned by `.locate`.
+
 ### Issuing Access Token
 
 This strategy is a fallback strategy when cannot issue access token due to unspecified grant_type

data/lib/warden/oauth2.rb

@@ -4,11 +4,15 @@ require 'warden/oauth2/version'
 module Warden
   module OAuth2
     class Configuration
-      attr_accessor :client_credentials_model, :resource_owner_password_credentials_model, :token_model
+      attr_accessor :client_credentials_model,
+                    :resource_owner_password_credentials_model,
+                    :token_model,
+                    :refresh_token_model
 
       def initialize
         self.client_credentials_model = ClientCredentialsApplication if defined?(ClientCredentialsApplication)
         self.resource_owner_password_credentials_model = ResourceOwnerPasswordCredentialsApplication if defined?(ResourceOwnerPasswordCredentialsApplication)
+        self.refresh_token_model = RefreshTokenApplication if defined?(RefreshTokenApplication)
         self.token_model = AccessToken if defined?(AccessToken)
       end
     end
@@ -32,6 +36,7 @@ module Warden
       autoload :IssuingAccessToken, 'warden/oauth2/strategies/issuing_access_token'
       autoload :AccessingProtectedResource, 'warden/oauth2/strategies/accessing_protected_resource'
       autoload :Bearer, 'warden/oauth2/strategies/bearer'
+      autoload :RefreshToken, 'warden/oauth2/strategies/refresh_token'
     end
   end
 end

data/lib/warden/oauth2/strategies/client.rb

@@ -36,7 +36,7 @@ module Warden
 
         def error_status
           case message
-            when 'invalid_client' then 401
+            when 'invalid_client', 'invalid_token' then 401
             when 'invalid_scope' then 403
             else 400
           end

data/lib/warden/oauth2/strategies/refresh_token.rb

@@ -0,0 +1,29 @@
+module Warden
+  module OAuth2
+    module Strategies
+      class RefreshToken < Client
+        def valid?
+          params['grant_type'] == 'refresh_token'
+        end
+        protected
+        def model
+          Warden::OAuth2.config.refresh_token_model
+        end
+        def client_authenticated
+          if params['refresh_token']
+            valid_client = client.valid?(refresh_token: params['refresh_token'])
+            if valid_client
+              super
+            else
+              fail("invalid_token")
+              self.error_description = "provided refresh token is not valid"
+            end
+          else
+            fail "invalid_request"
+            self.error_description = "refresh token is not provided"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/warden/oauth2/version.rb

@@ -1,5 +1,5 @@
 module Warden
   module OAuth2
-    VERSION = '0.0.7'
+    VERSION = '0.0.8'
   end
 end

data/spec/warden/oauth2/strategies/client_spec.rb

@@ -43,7 +43,7 @@ describe Warden::OAuth2::Strategies::Client do
     end
   end
 
-  describe '#authorize!' do
+  describe '#authenticate!' do
     it 'should succeed if a client is around' do
       client_instance = double
       client_model.stub(:locate).and_return(client_instance)

data/spec/warden/oauth2/strategies/refresh_token_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe Warden::OAuth2::Strategies::RefreshToken do
+  let(:strategy){ described_class }
+  let(:client_model){ double(:RefreshTokenApplication) }
+  subject{ strategy.new({'rack.input' => {}}) }
+
+  before do
+    Warden::OAuth2.config.refresh_token_model = client_model
+  end
+  describe '#valid?' do
+    it 'returns false if the grant type is not specified' do
+      subject.stub(:params).and_return({})
+      subject.should_not be_valid
+    end
+
+    it 'returns true if the grant type is refresh_token' do
+      subject.stub(:params).and_return({'grant_type' => 'refresh_token'})
+      subject.should be_valid
+    end
+
+    it 'returns false if the grant type is not password' do
+      subject.stub(:params).and_return({'grant_type' => 'whatever'})
+      subject.should_not be_valid
+    end
+  end
+
+
+  describe 'authenticate!' do
+    it 'should fail if no refresh token provided' do
+      client_model.stub(locate: double)
+      subject.stub(:params).and_return('client_id' => 'client_id')
+
+      subject._run!
+
+      subject.result.should == :failure
+      subject.message.should == "invalid_request"
+      subject.error_status.should == 400
+    end
+
+    it 'should succeed if a client is around' do
+      client_instance = double
+      client_instance.stub(:valid?).with(refresh_token: 'some_token').and_return(true)
+      client_model.stub(:locate).with('client_id', nil).and_return(client_instance)
+      subject.stub(:params).and_return('client_id' => 'client_id', 'refresh_token' => 'some_token')
+      subject._run!
+      subject.user.should == client_instance
+      subject.result.should == :success
+    end
+
+    it 'should fail if a client is not found' do
+      client_model.stub(locate: nil)
+      subject.stub(:params).and_return('refresh_token' => 'some_token')
+      subject._run!
+      subject.result.should == :failure
+      subject.message.should == "invalid_client"
+    end
+
+    it 'should fail if client is not valid' do
+      client_instance = double(valid?: false)
+      client_model.stub(locate: client_instance)
+      subject.stub(:params).and_return('client_id' => 'client_id','refresh_token' => 'some_token')
+      subject._run!
+      subject.user.should == nil
+      subject.result.should == :failure
+      subject.message.should == "invalid_token"
+      subject.error_description.should_not be_empty
+      subject.error_status.should == 401
+    end
+  end
+end

data/spec/warden/oauth2/strategies/resource_owner_password_credentials_spec.rb

@@ -26,7 +26,7 @@ describe Warden::OAuth2::Strategies::ResourceOwnerPasswordCredentials do
     end
   end
 
-  describe '#authorize!' do
+  describe '#authenticate!' do
     it 'should fail if a client is around but not valid' do
       client_instance = double(:client_instance, valid?: false)
       client_model.stub(locate: client_instance)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: warden-oauth2-strategies
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors:
 - AirService
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-24 00:00:00.000000000 Z
+date: 2014-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden
@@ -91,6 +91,7 @@ files:
 - lib/warden/oauth2/strategies/client_credentials.rb
 - lib/warden/oauth2/strategies/issuing_access_token.rb
 - lib/warden/oauth2/strategies/public.rb
+- lib/warden/oauth2/strategies/refresh_token.rb
 - lib/warden/oauth2/strategies/resource_owner_password_credentials.rb
 - lib/warden/oauth2/strategies/token.rb
 - lib/warden/oauth2/version.rb
@@ -102,6 +103,7 @@ files:
 - spec/warden/oauth2/strategies/client_spec.rb
 - spec/warden/oauth2/strategies/issuing_access_token_spec.rb
 - spec/warden/oauth2/strategies/public_spec.rb
+- spec/warden/oauth2/strategies/refresh_token_spec.rb
 - spec/warden/oauth2/strategies/resource_owner_password_credentials_spec.rb
 - spec/warden/oauth2/strategies/token_spec.rb
 - warden-oauth2.gemspec
@@ -138,5 +140,6 @@ test_files:
 - spec/warden/oauth2/strategies/client_spec.rb
 - spec/warden/oauth2/strategies/issuing_access_token_spec.rb
 - spec/warden/oauth2/strategies/public_spec.rb
+- spec/warden/oauth2/strategies/refresh_token_spec.rb
 - spec/warden/oauth2/strategies/resource_owner_password_credentials_spec.rb
 - spec/warden/oauth2/strategies/token_spec.rb