xaviershay-twitter-auth 0.1.19

data/rails/init.rb

@@ -0,0 +1,8 @@
+# Gem Dependencies
+config.gem 'oauth'
+config.gem 'ezcrypto'
+
+require 'json'
+require 'twitter_auth'
+
+RAILS_DEFAULT_LOGGER.info("** TwitterAuth initialized properly.")

data/spec/controllers/controller_extensions_spec.rb

@@ -0,0 +1,162 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+ActionController::Routing::Routes.draw do |map|
+  map.connect ':controller/:action/:id'
+end
+
+class TwitterAuthTestController < ApplicationController
+  before_filter :login_required, :only => [:login_required_action]
+
+  def login_required_action
+    render :text => "You are logged in!"
+  end
+
+  def fail_auth
+    authentication_failed('Auth FAIL.')
+  end
+
+  def pass_auth
+    if params[:message]
+      authentication_succeeded(params[:message])
+    else
+      authentication_succeeded
+    end
+  end
+
+  def access_denied_action
+    access_denied
+  end
+
+  def redirect_back_action
+    redirect_back_or_default(params[:to] || '/')
+  end
+
+  def logout_keeping_session_action
+    logout_keeping_session!
+    redirect_back_or_default('/')
+  end
+
+  def current_user_action
+    @user = current_user
+    render :nothing => true
+  end
+end
+
+describe TwitterAuthTestController do
+  before do
+    controller.stub!(:cookies).and_return({})
+  end
+
+  %w(authentication_failed authentication_succeeded current_user authorized? login_required access_denied store_location redirect_back_or_default logout_keeping_session!).each do |m|
+    it "should respond to the extension method '#{m}'" do
+      controller.should respond_to(m)
+    end
+  end
+
+  describe "#authentication_failed" do
+    it 'should set the flash[:error] to the message passed in' do
+      get :fail_auth
+      flash[:error].should == 'Auth FAIL.'
+    end
+
+    it 'should redirect to the root' do
+      get :fail_auth
+      should redirect_to('/')
+    end
+  end
+
+  describe "#authentication_succeeded" do
+    it 'should set the flash[:notice] to a default success message' do
+      get :pass_auth
+      flash[:notice].should == 'You have logged in successfully.' 
+    end
+
+    it 'should be able ot receive a custom message' do
+      get :pass_auth, :message => 'Eat at Joes.'
+      flash[:notice].should == 'Eat at Joes.'
+    end
+  end
+
+  describe '#current_user' do
+    it 'should find the user based on the session user_id' do
+      user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = user.id
+      get(:current_user_action)
+      assigns[:user].should == user
+    end
+
+    it 'should log the user in through a cookie' do
+      user = Factory(:twitter_oauth_user, :remember_token => 'abc', :remember_token_expires_at => (Time.now + 10.days))
+      controller.stub!(:cookies).and_return({:remember_token => 'abc'})
+      get :current_user_action
+      assigns[:user].should == user
+    end
+
+    it 'should return nil if there is no user matching that id' do
+      request.session[:user_id] = 2345
+      get :current_user_action
+      assigns[:user].should be_nil
+    end
+  end
+
+  describe "#authorized?" do
+    it 'should be true if there is a current_user' do
+      user = Factory.create(:twitter_oauth_user)
+      controller.stub!(:current_user).and_return(user)
+      controller.send(:authorized?).should be_true
+    end
+
+    it 'should be false if there is not current_user' do
+      controller.stub!(:current_user).and_return(nil)
+      controller.send(:authorized?).should be_false
+    end
+  end
+
+  describe '#access_denied' do
+    it 'should redirect to the login path' do
+      get :access_denied_action
+      should redirect_to(login_path)
+    end
+
+    it 'should store the location first' do
+      controller.should_receive(:store_location).once
+      get :access_denied_action
+    end
+  end
+
+  describe '#redirect_back_or_default' do
+    it 'should redirect if there is a session[:return_to]' do
+      request.session[:return_to] = '/'
+      get :redirect_back_action, :to => '/notroot'
+      should redirect_to('/')
+    end
+
+    it 'should redirect to the default provided otherwise' do
+      get :redirect_back_action, :to => '/someurl'
+      should redirect_to('/someurl')
+    end
+  end
+
+  describe 'logout_keeping_session!' do
+    before do
+      @user = Factory.create(:twitter_oauth_user)
+      request.session[:user_id] = @user.id
+    end
+
+    it 'should unset session[:user_id]' do
+      get :logout_keeping_session_action
+      request.session[:user_id].should be_nil
+    end
+
+    it 'should unset current_user' do
+      controller.send(:current_user).should == @user
+      get :logout_keeping_session_action
+      controller.send(:current_user).should be_nil
+    end
+
+    it 'should unset the cookie' do
+      controller.send(:cookies).should_receive(:delete).with(:remember_token)
+      get :logout_keeping_session_action
+    end
+  end
+end

data/spec/controllers/sessions_controller_spec.rb

@@ -0,0 +1,250 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe SessionsController do
+  integrate_views
+
+  describe 'routes' do
+    it 'should route /session/new to SessionsController#new' do
+      params_from(:get, '/session/new').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /login to SessionsController#new' do
+      params_from(:get, '/login').should == {:controller => 'sessions', :action => 'new'}
+    end
+
+    it 'should route /logout to SessionsController#destroy' do
+      params_from(:get, '/logout').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route DELETE /session to SessionsController#destroy' do
+      params_from(:delete, '/session').should == {:controller => 'sessions', :action => 'destroy'}
+    end
+
+    it 'should route /oauth_callback to SessionsController#oauth_callback' do
+      params_from(:get, '/oauth_callback').should == {:controller => 'sessions', :action => 'oauth_callback'}
+    end
+
+    it 'should route POST /session to SessionsController#create' do
+      params_from(:post, '/session').should == {:controller => 'sessions', :action => 'create'}
+    end
+  end
+
+  describe 'with OAuth strategy' do
+    before do
+      stub_oauth!
+    end
+
+    describe '#new' do
+      it 'should retrieve a request token' do
+        get :new
+        assigns[:request_token].token.should == 'faketoken'
+        assigns[:request_token].secret.should == 'faketokensecret'
+      end
+
+      it 'should set session variables for the request token' do
+        get :new
+        session[:request_token].should == 'faketoken'
+        session[:request_token_secret].should == 'faketokensecret'
+      end
+
+      it 'should redirect to the oauth authorization url' do
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken')
+      end
+
+      it 'should redirect to the oauth_callback if one is specified' do
+        TwitterAuth.stub!(:oauth_callback).and_return('http://localhost:3000/development')
+        TwitterAuth.stub!(:oauth_callback?).and_return(true)        
+
+        get :new
+        response.should redirect_to('https://twitter.com/oauth/authorize?oauth_token=faketoken&oauth_callback=' + CGI.escape(TwitterAuth.oauth_callback))
+      end
+    end
+
+    describe '#oauth_callback' do
+      describe 'with no session info' do
+        it 'should set the flash[:error]' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          flash[:error].should == 'No authentication information was found in the session. Please try again.'
+        end
+
+        it 'should redirect to "/" by default' do
+          get :oauth_callback, :oauth_token => 'faketoken'
+          response.should redirect_to('/')
+        end
+
+        it 'should call authentication_failed' do
+          controller.should_receive(:authentication_failed).any_number_of_times
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end
+      end
+
+      describe 'with proper info for new user' do
+        before do
+          @time = Time.now
+          
+          Time.stub!(:now).and_return(@time)
+          ActiveSupport::SecureRandom.stub!(:hex).and_return(@remember_token)
+
+          request.session[:request_token] = 'faketoken'
+          request.session[:request_token_secret] = 'faketokensecret'
+        end
+
+        it "should create the user" do         
+          get :oauth_callback, :oauth_token => 'faketoken'
+          assigns[:user].should_not be_nil
+          assigns[:user].login.should == 'twitterman'
+        end
+
+        it "should allow user attributes to be set in a callback" do
+          @controller.instance_eval do
+            def build_user(user)
+              user.login = 'hijacked'
+            end
+          end
+          get :oauth_callback, :oauth_token => 'faketoken'
+          assigns[:user].should_not be_nil
+          assigns[:user].login.should == 'hijacked'
+        end
+      end
+
+      describe 'with proper info' do
+        before do
+          @user = Factory.create(:twitter_oauth_user)
+          @time = Time.now
+          @remember_token = ActiveSupport::SecureRandom.hex(10)
+          
+          Time.stub!(:now).and_return(@time)
+          ActiveSupport::SecureRandom.stub!(:hex).and_return(@remember_token)
+
+          request.session[:request_token] = 'faketoken'
+          request.session[:request_token_secret] = 'faketokensecret'
+          get :oauth_callback, :oauth_token => 'faketoken'
+        end 
+
+        describe 'building the access token' do
+          it 'should rebuild the request token' do
+            correct_token =  OAuth::RequestToken.new(TwitterAuth.consumer,'faketoken','faketokensecret')
+            
+            %w(token secret).each do |att|
+              assigns[:request_token].send(att).should == correct_token.send(att)
+            end
+          end
+
+          it 'should exchange the request token for an access token' do
+            assigns[:access_token].should be_a(OAuth::AccessToken)
+            assigns[:access_token].token.should == 'fakeaccesstoken'
+            assigns[:access_token].secret.should == 'fakeaccesstokensecret'
+          end
+
+          it 'should wipe the request token after exchange' do
+            session[:request_token].should be_nil
+            session[:request_token_secret].should be_nil
+          end
+        end
+        
+        describe 'identifying the user' do
+          it "should find the user" do         
+            assigns[:user].should == @user
+          end
+
+          it "should assign the user id to the session" do
+            session[:user_id].should == @user.id
+          end
+
+          it "should call remember me" do
+            @user.reload
+            @user.remember_token.should == @remember_token
+          end
+
+          it "should set a cookie" do
+            cookies[:remember_token].should == @remember_token
+          end
+        end
+
+        describe "when OAuth doesn't work" do
+          before do
+            request.session[:request_token] = 'faketoken'
+            request.session[:request_token_secret] = 'faketokensecret'
+            @request_token =  OAuth::RequestToken.new(TwitterAuth.consumer, session[:request_token], session[:request_token_secret])
+            OAuth::RequestToken.stub!(:new).and_return(@request_token)
+          end
+
+          it 'should call authentication_failed when it gets a 401 from OAuth' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('401 "Unauthorized"', '401 "Unauthorized"'))
+            controller.should_receive(:authentication_failed).with('This authentication request is no longer valid. Please try again.')
+            # the should raise_error is hacky because of the expectation
+            # stubbing the proper behavior :-(
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+
+          it 'should call authentication_failed when it gets a different HTTPServerException' do
+            @request_token.stub!(:get_access_token).and_raise(Net::HTTPServerException.new('404 "Not Found"', '404 "Not Found"'))
+            controller.should_receive(:authentication_failed).with('There was a problem trying to authenticate you. Please try again.')
+            lambda{get :oauth_callback, :oauth_token => 'faketoken'}.should raise_error(ActionView::MissingTemplate)
+          end
+        end
+      end
+    end
+  end
+
+  describe 'with Basic strategy' do
+    before do
+      stub_basic!
+    end
+    
+    describe '#new' do
+      it 'should render the new action' do
+        get :new
+        response.should render_template('sessions/new')
+      end
+
+      it 'should render the login form' do
+        get :new
+        response.should have_tag('form[action=/session][id=login_form][method=post]')
+      end
+      
+      describe '#create' do
+        before do
+          @user = Factory.create(:twitter_basic_user)
+        end
+
+        it 'should call logout_keeping_session! to remove session info' do
+          controller.should_receive(:logout_keeping_session!)
+          post :create
+        end
+
+        it 'should try to authenticate the user' do
+          User.should_receive(:authenticate)
+          post :create
+        end
+
+        it 'should call authentication_failed on authenticate failure' do
+          User.should_receive(:authenticate).and_return(nil)
+          post :create, :login => 'wrong', :password => 'false'
+          response.should redirect_to('/login')
+        end
+
+        it 'should call authentication_succeeded on authentication success' do
+          User.should_receive(:authenticate).and_return(@user)    
+          post :create, :login => 'twitterman', :password => 'cool'
+          response.should redirect_to('/')
+          flash[:notice].should_not be_blank
+        end
+      end
+    end
+
+  end
+
+  describe '#destroy' do
+    it 'should call logout_keeping_session!' do
+      controller.should_receive(:logout_keeping_session!).once
+      get :destroy
+    end
+
+    it 'should redirect to the root' do
+      get :destroy
+      response.should redirect_to('/')
+    end
+  end
+end

data/spec/fixtures/config/twitter_auth.yml

@@ -0,0 +1,17 @@
+development:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: devkey
+  oauth_consumer_secret: devsecret
+  oauth_callback: "http://localhost:3000"
+test:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: testkey
+  oauth_consumer_secret: testsecret
+production:
+  strategy: oauth
+  base_url: "https://twitter.com"
+  oauth_consumer_key: prodkey
+  oauth_consumer_secret: prodsecret
+

data/spec/fixtures/factories.rb

@@ -0,0 +1,18 @@
+require 'factory_girl'
+
+Factory.define(:twitter_oauth_user, :class => User) do |u|
+  u.login 'twitterman'
+  u.access_token 'fakeaccesstoken'
+  u.access_secret 'fakeaccesstokensecret'
+  
+  u.name 'Twitter Man'
+  u.description 'Saving the world for all Twitter kind.'
+end
+
+Factory.define(:twitter_basic_user, :class => User) do |u|
+  u.login 'twitterman'
+  u.password 'test'
+
+  u.name 'Twitter Man'
+  u.description 'Saving the world for all Twitter kind.'
+end