warden_oauth_provider 1.0.0

data/spec/all_steps_spec.rb

@@ -0,0 +1,79 @@
+require 'spec_helper'
+
+describe "OAuth all steps" do
+
+  context "Success" do
+
+    before(:all) do
+      @client_application = Factory.create(:client_application)
+      @user = Factory(:user)
+    end
+
+    it "should succeed all oauth steps" do
+      
+      # Step 1 - Request token
+      auth_str_step1 = oauth_header({
+        :realm                  => "MoneyBird",
+        :oauth_consumer_key     => @client_application.key,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp        => Time.now.to_i+1,
+        :oauth_nonce            => Time.now.to_f+1,
+        :oauth_callback         => "oob",
+        :oauth_signature        => @client_application.secret + "%26"
+      })
+      env_step1 = env_with_params("/oauth/request_token", {}, {
+        "HTTP_AUTHORIZATION" => auth_str_step1
+      })
+      response = setup_rack.call(env_step1)
+      response.first.should == 200
+      oauth_response = Hash[*response.last.first.split("&").collect { |v| v.split("=") }.flatten]
+      oauth_request_token = oauth_response["oauth_token"]
+      oauth_request_token_secret = oauth_response["oauth_token_secret"]
+      
+      # Step 2 - Authorize
+      req = WardenOauthProvider::Token::Request.find_by_token(oauth_request_token)
+      env_step2 = env_with_params("/oauth/authorize", {:oauth_token => oauth_request_token, :username => "John"}, {})
+      response = setup_rack.call(env_step2)
+      response.first.should == 302
+      location = URI.parse(response[1]["Location"])
+      oauth_response = Hash[*location.query.split("&").collect { |v| v.split("=") }.flatten]
+      oauth_verifier = oauth_response["oauth_verifier"]
+      
+      # Step 3 - Access token
+      auth_str_step3 = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key,
+        :oauth_token => oauth_request_token,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i+2,
+        :oauth_nonce => Time.now.to_f+2,
+        :oauth_verifier => oauth_verifier,
+        :oauth_signature => @client_application.secret + "%26" + oauth_request_token_secret
+      })
+      env_step3 = env_with_params("/oauth/access_token", {}, {
+        "HTTP_AUTHORIZATION" => auth_str_step3
+      })
+      response = setup_rack.call(env_step3)
+      response.first.should == 200
+      oauth_response = Hash[*response.last.first.split("&").collect { |v| v.split("=") }.flatten]
+      oauth_access_token = oauth_response["oauth_token"]
+      oauth_access_token_secret = oauth_response["oauth_token_secret"]
+      
+      # Step 4 - App request with access token
+      auth_str_step4 = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key,
+        :oauth_token => oauth_access_token,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i+3,
+        :oauth_nonce => Time.now.to_f+3,
+        :oauth_signature => @client_application.secret + "%26" + oauth_access_token_secret
+      })
+      env_step4 = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str_step4
+      })
+      response = setup_rack.call(env_step4)
+      response.first.should == 200      
+    end    
+  end
+end

data/spec/authorize_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe "Authorize" do
+  
+  context "Success" do
+    
+    before(:all) do
+      @request_token = Factory.create(:request_token, :client_application => Factory.create(:client_application))
+      env = env_with_params("/oauth/authorize", {:oauth_token => @request_token.token, :username => "John"}, {})
+      @response = setup_rack.call(env)
+      @location = URI.parse(@response[1]["Location"])
+      @oauth_response = Hash[*@location.query.split("&").collect { |v| v.split("=") }.flatten]
+      @response.first.should == 302
+    end
+    
+    it "should have an oauth token" do
+      @oauth_response.keys.should include("oauth_token")
+      @oauth_response["oauth_token"].should == @request_token.token
+    end
+    
+    it "should have an oauth verifier" do
+      @oauth_response.keys.should include("oauth_verifier")
+      @oauth_response["oauth_verifier"].should_not be_nil
+    end
+    
+    it "should have stored the oauth verifier in the database" do
+      WardenOauthProvider::Token::Request.where(:token => @oauth_response["oauth_token"], :verifier => @oauth_response["oauth_verifier"]).count.should == 1
+    end
+    
+  end
+  
+  context "Failure" do
+    it "should response with a 401 if the token is invalidated" do
+      @request_token = Factory.create(:request_token, :client_application => Factory.create(:client_application))
+      @request_token.invalidate!
+      
+      env = env_with_params("/oauth/authorize", {:oauth_token => @request_token.token}, {})
+      @response = setup_rack.call(env)
+      @response.first.should == 401
+    end
+  end
+  
+end

data/spec/client_application_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe WardenOauthProvider::ClientApplication do 
+
+  it "should be valid with valid attributes" do
+    @application = WardenOauthProvider::ClientApplication.create(:name => "Test application", :url => "http://testapp.com")
+    @application.should be_valid
+  end
+
+  it "should be invalid with invalid attributes" do
+    @application = WardenOauthProvider::ClientApplication.new
+    @application.valid?
+    @application.errors[:name].should_not be_empty
+    @application.errors[:url].should_not be_empty
+  end
+  
+  it "should have key and secret" do
+    @application = WardenOauthProvider::ClientApplication.create(:name => "Test application", :url => "http://testapp.com")
+    @application.key.should_not be_nil
+    @application.secret.should_not be_nil
+  end
+  
+  ["http://valid.com",
+   "http://valid.com/path"].each do |url|
+     it "should allow #{url} as a valid url" do
+       @application = WardenOauthProvider::ClientApplication.new(:url => url)
+       @application.valid?
+       @application.errors[:url].should be_empty
+     end
+   end
+  
+  ["ftp://invalid.com",
+  "http:://invalid.com"].each do |url|
+    it "should not allow #{url} as a valid url" do
+      @application = WardenOauthProvider::ClientApplication.new(:url => url)
+      @application.valid?
+      @application.errors[:url].should_not be_empty
+    end
+  end
+  
+end

data/spec/helpers/factories.rb

@@ -0,0 +1,16 @@
+Factory.define(:client_application, :class => WardenOauthProvider::ClientApplication) do |f|
+  f.name            "Example client application"
+  f.url             "http://www.example.com"
+  f.support_url     "http://www.example.com/support"
+  f.callback_url    "http://www.example.com/callback"
+end
+
+Factory.define(:request_token, :class => WardenOauthProvider::Token::Request) do |f|
+end
+
+Factory.define(:access_token, :class => WardenOauthProvider::Token::Access) do |f|
+end
+
+Factory.define(:user) do |f|
+  f.name "John"
+end

data/spec/helpers/request_helper.rb

@@ -0,0 +1,87 @@
+module RequestHelper
+  
+  Warden::Manager.serialize_into_session do |user|
+    user.id
+  end
+
+  Warden::Manager.serialize_from_session do |id|
+    User.find(id)
+  end
+  
+  def env_with_params(path, params = {}, env = {})
+    method = params.delete(:method) || "GET"
+    env = { 'HTTP_VERSION' => '1.1', 'REQUEST_METHOD' => "#{method}" }.merge(env)
+    Rack::MockRequest.env_for("#{path}?#{Rack::Utils.build_query(params)}", env)
+  end
+  
+  def oauth_header(params)
+    "OAuth #{params.collect { |k,v| "#{k}=\"#{v}\""}.join(", ") }"
+  end
+  
+  def setup_rack(app = nil, opts = {})
+    app ||= default_app
+    
+    # Strategy used for authenticating the user to the app without oauth
+    # Required for authorize call to the app
+    Warden::Strategies.add(:success) do
+      def valid?
+        !params["username"].nil?
+      end
+      
+      def authenticate!
+        if u = User.where(:name => params["username"]).first
+          success!(u)
+        else
+          fail!("User unknown")
+        end
+      end
+    end
+    
+    opts[:failure_app]         ||= failure_app
+    opts[:default_strategies]  ||= [:oauth_provider, :success]
+    opts[:oauth_request_token_path] ||= "/oauth/request_token"
+    opts[:oauth_access_token_path] ||= "/oauth/access_token"
+    
+    Rack::Builder.new do
+      use opts[:session] || RequestHelper::Session
+      use Warden::Manager, opts
+      run app
+    end
+  end
+  
+  def default_app
+    lambda do |env|
+      env['warden'].authenticate!
+      request = Rack::Request.new(env)
+      if request.path =~ /^\/oauth\/authorize/
+        if env['warden'].authenticate?(:oauth_token, :scope => :oauth_token)
+          [302, {"Location" => env['oauth.redirect_url']}, []]
+        else
+          [401, {"Content-Type" => "text/plain"}, ["Token invalid"]]
+        end
+      else
+        [200, {"Content-Type" => "text/plain"}, ["Very secret resource!"]]
+      end
+    end
+  end
+  
+  def failure_app
+    lambda do |env|
+      [401, {"Content-Type" => "text/plain"}, ["You Fail! #{env['warden'].message}"]]
+    end
+  end
+  
+  
+  class Session
+    attr_accessor :app
+    def initialize(app,configs = {})
+      @app = app
+    end
+
+    def call(e)
+      e['rack.session'] ||= {}
+      @app.call(e)
+    end
+  end # session
+  
+end

data/spec/nonce_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe WardenOauthProvider::Nonce do
+  before(:each) do
+    @oauth_nonce = WardenOauthProvider::Nonce.remember(Time.now.to_f, Time.now.to_i)
+  end
+
+  it "should be valid" do
+    @oauth_nonce.should be_valid
+  end
+  
+  it "should not have errors" do
+    @oauth_nonce.errors.full_messages.should == []
+  end
+  
+  it "should not be a new record" do
+    @oauth_nonce.should_not be_new_record
+  end
+  
+  it "should not allow a second one with the same values" do
+    WardenOauthProvider::Nonce.remember(@oauth_nonce.nonce, @oauth_nonce.timestamp).should == false
+  end
+end

data/spec/oauth_request_spec.rb

@@ -0,0 +1,161 @@
+require 'spec_helper'
+
+describe "OAuth request" do
+
+  context "Success" do
+
+    before(:all) do
+      @user = Factory(:user)
+      @client_application = Factory.create(:client_application)
+      @access_token = Factory.create(:access_token, :user => @user, :client_application => @client_application)
+    end
+
+    it "should allow to access very secret resources" do
+      auth_str = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key,
+        :oauth_token => @access_token.token,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i,
+        :oauth_nonce => Time.now.to_f,
+        :oauth_signature => @client_application.secret + "%26" + @access_token.secret
+      })
+      
+      env = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str
+      })
+      @response = setup_rack.call(env)
+      @response.first.should == 200
+    end
+    
+  end
+  
+  context "Success (GET)" do
+
+    before(:all) do
+      @user = Factory(:user)
+      @client_application = Factory.create(:client_application)
+      @access_token = Factory.create(:access_token, :user => @user, :client_application => @client_application)
+    end
+
+    it "should allow to access very secret resources" do
+      auth_params = {
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key,
+        :oauth_token => @access_token.token,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i,
+        :oauth_nonce => Time.now.to_f,
+        :oauth_signature => @client_application.secret + "&" + @access_token.secret
+      }
+      
+      env = env_with_params("/invoices", auth_params)
+      @response = setup_rack.call(env)
+      @response.first.should == 200
+    end
+    
+  end
+  
+  context "Failure" do
+    
+    before(:all) do
+      @user = Factory(:user)
+      @client_application = Factory.create(:client_application)
+      @access_token = Factory.create(:access_token, :user => @user, :client_application => @client_application)
+    end
+
+    it "should not allow to access very secret resources if the second request contains the same nonce" do
+      auth_str = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key,
+        :oauth_token => @access_token.token,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i,
+        :oauth_nonce => Time.now.to_f,
+        :oauth_signature => @client_application.secret + "%26" + @access_token.secret
+      })
+      env1 = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str
+      })
+      env2 = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str
+      })
+      
+      @response1 = setup_rack.call(env1)
+      @response2 = setup_rack.call(env2)
+      @response2.first.should == 401
+    end
+
+    it "should not allow to access very secret resources with invalid consumer key" do
+      auth_str = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key + "invalid",
+        :oauth_token => @access_token.token,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i,
+        :oauth_nonce => Time.now.to_f,
+        :oauth_signature => @client_application.secret + "%26" + @access_token.secret
+      })
+      
+      env = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str
+      })
+      @response = setup_rack.call(env)
+      @response.first.should == 401
+    end
+
+    it "should not allow to access very secret resources with invalid token" do
+      auth_str = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key,
+        :oauth_token => @access_token.token + "invalid",
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i,
+        :oauth_nonce => Time.now.to_f,
+        :oauth_signature => @client_application.secret + "%26" + @access_token.secret
+      })
+      
+      env = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str
+      })
+      @response = setup_rack.call(env)
+      @response.first.should == 401
+    end
+
+    it "should not allow to access very secret resources with invalid signature" do
+      auth_str = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key,
+        :oauth_token => @access_token.token,
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i,
+        :oauth_nonce => Time.now.to_f,
+        :oauth_signature => @client_application.secret + "%26" + @access_token.secret + "invalid"
+      })
+      
+      env = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str
+      })
+      @response = setup_rack.call(env)
+      @response.first.should == 401
+    end
+
+    it "should not allow to access very secret resources with invalid keys" do
+      auth_str = oauth_header({
+        :realm => "MoneyBird",
+        :oauth_consumer_key => @client_application.key + "invalid",
+        :oauth_token => @access_token.token + "invalid",
+        :oauth_signature_method => "PLAINTEXT",
+        :oauth_timestamp => Time.now.to_i,
+        :oauth_nonce => Time.now.to_f,
+        :oauth_signature => @client_application.secret + "%26" + @access_token.secret + "invalid"
+      })
+      
+      env = env_with_params("/invoices", {}, {
+        "HTTP_AUTHORIZATION" => auth_str
+      })
+      @response = setup_rack.call(env)
+      @response.first.should == 401
+    end    
+  end  
+end