Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

got rid of oauth_controller_spec and it's spec helpers.

The goal is to test as much as possible in the gem so it's less
intrusive in your apps.
  • Loading branch information...
commit 6e24ec0ee2f3dc871756b2e8a75fa2181ff504f4 1 parent b08be7b
@pelle authored
View
4 generators/oauth_provider/oauth_provider_generator.rb
@@ -73,8 +73,6 @@ def manifest
m.template 'client_applications.yml',File.join('spec/fixtures',"client_applications.yml")
m.template 'oauth_tokens.yml', File.join('spec/fixtures',"oauth_tokens.yml")
m.template 'oauth_nonces.yml', File.join('spec/fixtures',"oauth_nonces.yml")
- m.template 'controller_spec_helper.rb', File.join('spec/controllers', controller_class_path,"#{controller_file_name}_controller_spec_helper.rb")
- m.template 'controller_spec.rb',File.join('spec/controllers',controller_class_path,"#{controller_file_name}_controller_spec.rb")
m.template 'clients_controller_spec.rb',File.join('spec/controllers',controller_class_path,"#{controller_file_name}_clients_controller_spec.rb")
else
m.directory File.join('test')
@@ -87,8 +85,6 @@ def manifest
m.template 'client_applications.yml',File.join('test/fixtures',"client_applications.yml")
m.template 'oauth_tokens.yml', File.join('test/fixtures',"oauth_tokens.yml")
m.template 'oauth_nonces.yml', File.join('test/fixtures',"oauth_nonces.yml")
- m.template 'controller_test_helper.rb', File.join('test', controller_class_path,"#{controller_file_name}_controller_test_helper.rb")
- m.template 'controller_test.rb',File.join('test/functional',controller_class_path,"#{controller_file_name}_controller_test.rb")
m.template 'clients_controller_test.rb',File.join('test/functional',controller_class_path,"#{controller_file_name}_clients_controller_test.rb")
end
View
838 generators/oauth_provider/templates/controller_spec.rb
@@ -1,838 +0,0 @@
-require File.dirname(__FILE__) + '/../spec_helper'
-require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
-
-describe OauthController do
- if defined?(Devise)
- include Devise::TestHelpers
- end
- include OAuthControllerSpecHelper
- fixtures :client_applications, :oauth_tokens, :users
- describe "getting a request token" do
- before(:each) do
- sign_request_with_oauth
- ClientApplication.stub!(:find_by_key).and_return(current_client_application)
- end
-
- def do_get
- get :request_token
- end
-
- it "should be successful" do
- do_get
- response.should be_success
- end
-
- it "should query for client_application" do
- ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
- do_get
- end
-
- it "should request token from client_application" do
- current_client_application.should_receive(:create_request_token).and_return(request_token)
- do_get
- end
-
- it "should return token string" do
- do_get
- response.body.should==RequestToken.last.to_query
- end
-
- it "should not set token_callback_url" do
- current_client_application.should_not_receive(:token_callback_url=)
- do_get
- end
- end
-
- describe "getting a request token passing a oauth_callback url" do
- before(:each) do
- sign_request_with_oauth nil, {:oauth_callback=>"http://test.com/alternative_callback"}
- ClientApplication.stub!(:find_by_key).and_return(current_client_application)
- end
-
- def do_get
- get :request_token
- end
-
- it "should be successful" do
- do_get
- response.should be_success
- end
-
- it "should query for client_application" do
- ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
- do_get
- end
-
- it "should request token from client_application" do
- current_client_application.should_receive(:create_request_token).and_return(request_token)
- do_get
- end
-
- it "should return token string" do
- do_get
- response.body.should==RequestToken.last.to_query
- end
-
- it "should set token_callback_url with received oauth_callback" do
- current_client_application.should_receive(:token_callback_url=).with("http://test.com/alternative_callback")
- do_get
- end
- end
-
- describe "10a token authorization" do
- before(:each) do
- login
- RequestToken.stub!(:find_by_token).and_return(request_token)
- end
-
- def do_get
- get :authorize, :oauth_token => request_token.token
- end
-
- it "should show authorize page" do
- do_get
- response.should render_template("authorize")
- end
-
- it "should authorize token" do
- request_token.should_not_receive(:authorize!).with(current_user)
- do_get
- end
-
- it "should redirect if token is invalidated" do
- request_token.invalidate!
- do_get
- response.should render_template("authorize_failure")
- end
-
- end
-
- describe "10a token authorization" do
- before(:each) do
- login
- RequestToken.stub!(:find_by_token).and_return(request_token)
- end
-
- def do_post
- post :authorize, :oauth_token => request_token.token, :authorize=>1
- end
-
- it "should redirect to default callback" do
- do_post
- response.should be_redirect
- response.should redirect_to("http://application/callback?oauth_token=#{request_token.token}&oauth_verifier=#{request_token.verifier}")
- end
-
- it "should authorize token" do
- request_token.should_receive(:authorize!).with(current_user)
- do_post
- end
-
- it "should redirect if token is invalidated" do
- request_token.invalidate!
- do_post
- response.should render_template("authorize_failure")
- end
-
- end
-
- describe "2.0 authorization code flow" do
- before(:each) do
- login
- end
-
- describe "authorize redirect" do
- before(:each) do
- get :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
- end
-
- it "should render authorize" do
- response.should render_template("oauth2_authorize")
- end
-
- it "should not create token" do
- Oauth2Verifier.last.should be_nil
- end
- end
-
- describe "authorize" do
- before(:each) do
- post :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>1
- @verification_token = Oauth2Verifier.last
- @oauth2_token_count= Oauth2Token.count
- end
- subject { @verification_token }
-
- it { should_not be_nil }
- it "should set user on verification token" do
- @verification_token.user.should==current_user
- end
-
- it "should set redirect_url" do
- @verification_token.redirect_url.should == "http://application/callback"
- end
-
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?code=#{@verification_token.code}")
- end
-
- describe "get token" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>@verification_token.code
- @token = Oauth2Token.last
- end
-
- subject { @token }
-
- it { should_not be_nil }
- it { should be_authorized }
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
-
- it "should set user to current user" do
- @token.user.should==current_user
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"access_token"=>@token.token}
- end
- end
-
- describe "get token with wrong secret" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>"fake", :redirect_url=>"http://application/callback",:code=>@verification_token.code
- end
-
- it "should not create token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return incorrect_client_credentials error" do
- JSON.parse(response.body).should == {"error"=>"invalid_client"}
- end
- end
-
- describe "get token with wrong code" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>"fake"
- end
-
- it "should not create token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return incorrect_client_credentials error" do
- JSON.parse(response.body).should == {"error"=>"invalid_grant"}
- end
- end
-
- describe "get token with wrong redirect_url" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://evil/callback",:code=>@verification_token.code
- end
-
- it "should not create token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return incorrect_client_credentials error" do
- JSON.parse(response.body).should == {"error"=>"invalid_grant"}
- end
- end
-
- end
-
- describe "deny" do
- before(:each) do
- post :authorize, :response_type=>"code", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>0
- end
-
- it { Oauth2Verifier.last.should be_nil }
-
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?error=user_denied")
- end
- end
-
- end
-
-
- describe "2.0 authorization token flow" do
- before(:each) do
- login
- current_client_application # load up so it creates its own token
- @oauth2_token_count= Oauth2Token.count
- end
-
- describe "authorize redirect" do
- before(:each) do
- get :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
- end
-
- it "should render authorize" do
- response.should render_template("oauth2_authorize")
- end
-
- it "should not create token" do
- Oauth2Verifier.last.should be_nil
- end
- end
-
- describe "authorize" do
- before(:each) do
- post :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>1
- @token = Oauth2Token.last
- end
- subject { @token }
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?access_token=#{@token.token}")
- end
-
- it "should not have a scope" do
- @token.scope.should be_nil
- end
- it { should_not be_nil }
- it { should be_authorized }
-
- it "should set user to current user" do
- @token.user.should==current_user
- end
-
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
- end
-
- describe "deny" do
- before(:each) do
- post :authorize, :response_type=>"token", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>0
- end
-
- it { Oauth2Verifier.last.should be_nil }
-
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?error=user_denied")
- end
- end
- end
-
- describe "oauth2 token for autonomous client_application" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret
- @token = Oauth2Token.last
- end
-
- subject { @token }
-
- it { should_not be_nil }
- it { should be_authorized }
- it "should set user to client_applications user" do
- @token.user.should==current_client_application.user
- end
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"access_token"=>@token.token}
- end
- end
-
- describe "oauth2 token for autonomous client_application with invalid client credentials" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>"bad"
- end
-
- subject { @token }
-
- it "should not have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"error"=>"invalid_client"}
- end
- end
-
-
- describe "oauth2 token for basic credentials" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"password"
- @token = Oauth2Token.last
- end
-
- subject { @token }
-
- it { should_not be_nil }
- it { should be_authorized }
- it "should set user to client_applications user" do
- @token.user.should==current_user
- end
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"access_token"=>@token.token}
- end
- end
-
- describe "oauth2 token for basic credentials with wrong password" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"bad"
- end
-
- it "should not have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"error"=>"invalid_grant"}
- end
- end
-
- describe "oauth2 token for basic credentials with unknown user" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>"non existent", :password=>"password"
- end
-
- it "should not have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"error"=>"invalid_grant"}
- end
- end
-
- describe "getting an access token" do
- before(:each) do
- request_token.authorize!(current_user)
- request_token.reload
- sign_request_with_oauth consumer_request_token, :oauth_verifier=>request_token.verifier
- end
-
- def do_get
- post :access_token
- end
-
- it "should have a verifier" do
- request_token.verifier.should_not be_nil
- end
-
- it "should be authorized" do
- request_token.should be_authorized
- end
-
- it "should be successful" do
- do_get
- response.should be_success
- end
-
- it "should request token from client_application" do
- controller.stub!(:current_token).and_return(request_token)
- request_token.should_receive(:exchange!).and_return(access_token)
- do_get
- end
-
- it "should return token string" do
- do_get
- response.body.should == AccessToken.last.to_query
- end
-
- describe "access token" do
- before(:each) do
- do_get
- access_token=AccessToken.last
- end
-
- it "should have user set" do
- access_token.user.should==current_user
- end
-
- it "should be authorized" do
- access_token.should be_authorized
- end
- end
- end
-
- describe "invalidate" do
- before(:each) do
- sign_request_with_oauth access_token
- get :invalidate
- end
-
- it "should be a success" do
- response.code.should=="410"
- end
- end
-
-end
-
-class OauthorizedController<ApplicationController
- before_filter :login_required, :only => :interactive
- oauthenticate :only => :all
- oauthenticate :strategies=>:token, :only=>:interactive_and_token
- oauthenticate :strategies=>:two_legged, :only=>:interactive_and_two_legged
- oauthenticate :interactive=>false, :only=>:no_interactive
- oauthenticate :interactive=>false, :strategies=>:token, :only=>:token
- oauthenticate :interactive=>false, :strategies=>:two_legged, :only=>:two_legged
- before_filter :oauth_required, :only=>:token_legacy
- before_filter :login_or_oauth_required, :only=>:both_legacy
-
- def interactive
- head :ok
- end
-
- def all
- head :ok
- end
-
- def token
- head :ok
- end
-
- def interactive_and_token
- head :ok
- end
-
- def interactive_and_two_legged
- head :ok
- end
-
- def two_legged
- head :ok
- end
-
- def token_legacy
- head :ok
- end
-
- def both_legacy
- head :ok
- end
-end
-
-describe OauthorizedController, " access control" do
- fixtures :client_applications, :oauth_tokens, :users
- if defined?(Devise)
- include Devise::TestHelpers
- end
- include OAuthControllerSpecHelper
-
- it "should return false for oauth? by default" do
- controller.send(:oauth?).should == false
- end
-
- it "should return nil for current_token by default" do
- controller.send(:current_token).should be_nil
- end
-
- describe "oauth 10a" do
-
- describe "request token signed" do
- before(:each) do
- sign_request_with_oauth(request_token)
- end
-
- it "should disallow oauth using RequestToken when using oauth_required" do
- get :token
- response.code.should == '401'
- end
- end
-
- describe "access token signed" do
- before(:each) do
- sign_request_with_oauth(access_token)
- end
-
- [:interactive,:two_legged,:interactive_and_two_legged].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:token,:interactive_and_token,:all,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should set current_token" do
- controller.send(:current_token).should == access_token
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
- end
-
- describe "2 legged" do
- before(:each) do
- two_legged_sign_request_with_oauth(current_consumer)
- end
-
- [:token,:interactive_and_token,:interactive,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:two_legged,:interactive_and_two_legged,:all].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_client_application.user
- end
- end
- end
- end
-
- end
-
- describe "oauth 2.0" do
- before(:each) do
- @access_token = Oauth2Token.create :user=>current_user, :client_application=>current_client_application
- @client_application = @access_token.client_application
- end
- describe "authorize header" do
- before(:each) do
- add_oauth2_token_header(access_token)
- end
-
- it "should include headers" do
- get :interactive_and_token
- ActionController::HttpAuthentication::Basic.authorization(request).should == "OAuth #{access_token.token}"
- end
-
- [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:token,:interactive_and_token,:all].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should set current_token" do
- controller.send(:current_token).should == access_token
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
- end
-
- describe "query string" do
- [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:token,:interactive_and_token,:all].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should set current_token" do
- controller.send(:current_token).should == access_token
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
-
- end
-
- end
-
- describe "logged in user" do
- before(:each) do
- login
- end
-
-
- [:token,:two_legged,:token_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- end
- end
-
- [:interactive,:interactive_and_two_legged,:interactive_and_token,:all,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
- end
-end
-
View
66 generators/oauth_provider/templates/controller_spec_helper.rb
@@ -1,66 +0,0 @@
-require 'oauth/client/action_controller_request'
-module OAuthControllerSpecHelper
-
- def current_user
- @user||=users(:aaron)
- end
-
- def current_client_application
- @client_application||=client_applications(:one)
- end
-
- def access_token
- @access_token||=AccessToken.create :user=>current_user,:client_application=>current_client_application
- end
-
- def request_token
- @request_token||=RequestToken.create :client_application=>current_client_application, :callback_url=>"http://application/callback"
- end
-
- def consumer_request_token
- OAuth::RequestToken.new current_consumer,request_token.token,request_token.secret
- end
-
- def consumer_access_token
- OAuth::AccessToken.new current_consumer,access_token.token,access_token.secret
- end
-
- if defined?(Devise)
- include Devise::TestHelpers
- def login
- sign_in :user, current_user
- end
- else
- def login
- controller.stub!(:current_user).and_return(current_user)
- end
- end
-
- def login_as_application_owner
- @user = users(:quentin)
- login
- end
-
- def current_consumer
- @consumer ||= OAuth::Consumer.new(current_client_application.key,current_client_application.secret,{:site => "http://test.host"})
- end
-
- def setup_oauth_for_user
- login
- end
-
- def sign_request_with_oauth(token=nil,options={})
- ActionController::TestRequest.use_oauth=true
- @request.configure_oauth(current_consumer,token,options)
- end
-
- def two_legged_sign_request_with_oauth(consumer=nil,options={})
- ActionController::TestRequest.use_oauth=true
- @request.configure_oauth(consumer,nil,options)
- end
-
- def add_oauth2_token_header(token,options={})
- request.env['HTTP_AUTHORIZATION'] = "OAuth #{token.token}"
- end
-
-end
View
310 generators/oauth_provider/templates/controller_test.rb
@@ -1,310 +0,0 @@
-require File.dirname(__FILE__) + '/../test_helper'
-require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
-require 'oauth/client/action_controller_request'
-
-class OauthController; def rescue_action(e) raise e end; end
-
-class OauthControllerRequestTokenTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- setup_oauth
- sign_request_with_oauth
- @client_application.stubs(:create_request_token).returns(@request_token)
- end
-
- def do_get
- get :request_token
- end
-
- def test_should_be_successful
- do_get
- assert @response.success?
- end
-
- def test_should_query_for_client_application
- ClientApplication.expects(:find_by_key).with('key').returns(@client_application)
- do_get
- end
-
- def test_should_request_token_from_client_application
- @client_application.expects(:create_request_token).returns(@request_token)
- do_get
- end
-
- def test_should_return_token_string
- do_get
- assert_equal @request_token_string, @response.body
- end
-end
-
-class OauthControllerTokenAuthorizationTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- login
- setup_oauth
- RequestToken.stubs(:find_by_token).returns(@request_token)
- end
-
- def do_get
- get :authorize, :oauth_token => @request_token.token
- end
-
- def do_post
- @request_token.expects(:authorize!).with(@user)
- post :authorize,:oauth_token=>@request_token.token,:authorize=>"1"
- end
-
- def do_post_without_user_authorization
- @request_token.expects(:invalidate!)
- post :authorize,:oauth_token=>@request_token.token,:authorize=>"0"
- end
-
- def do_post_with_callback
- @request_token.expects(:authorize!).with(@user)
- post :authorize,:oauth_token=>@request_token.token,:oauth_callback=>"http://application/alternative",:authorize=>"1"
- end
-
- def do_post_with_no_application_callback
- @request_token.expects(:authorize!).with(@user)
- @client_application.stubs(:callback_url).returns(nil)
- post :authorize, :oauth_token => @request_token.token, :authorize=>"1"
- end
-
- def test_should_be_successful
- do_get
- assert @response.success?
- end
-
- def test_should_query_for_client_application
- RequestToken.expects(:find_by_token).returns(@request_token)
- do_get
- end
-
- def test_should_assign_token
- do_get
- assert_equal @request_token, assigns(:token)
- end
-
- def test_should_render_authorize_template
- do_get
- assert_template('authorize')
- end
-
- def test_should_redirect_to_default_callback
- do_post
- assert_response :redirect
- assert_redirected_to("http://application/callback?oauth_token=#{@request_token.token}")
- end
-
- def test_should_redirect_to_callback_in_query
- do_post_with_callback
- assert_response :redirect
- assert_redirected_to("http://application/alternative?oauth_token=#{@request_token.token}")
- end
-
- def test_should_be_successful_on_authorize_without_any_application_callback
- do_post_with_no_application_callback
- assert @response.success?
- assert_template('authorize_success')
- end
-
- def test_should_render_failure_screen_on_user_invalidation
- do_post_without_user_authorization
- assert_template('authorize_failure')
- end
-
- def test_should_render_failure_screen_if_token_is_invalidated
- @request_token.expects(:invalidated?).returns(true)
- do_get
- assert_template('authorize_failure')
- end
-
-
-end
-
-class OauthControllerGetAccessTokenTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- setup_oauth
- sign_request_with_oauth @request_token
- @request_token.stubs(:exchange!).returns(@access_token)
- end
-
- def do_get
- get :access_token
- end
-
- def test_should_be_successful
- do_get
- assert @response.success?
- end
-
- def test_should_query_for_client_application
- ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
- do_get
- end
-
- def test_should_request_token_from_client_application
- @request_token.expects(:exchange!).returns(@access_token)
- do_get
- end
-
- def test_should__return_token_string
- do_get
- assert_equal @access_token_string, @response.body
- end
-end
-
-class OauthorizedController < ApplicationController
- before_filter :login_or_oauth_required,:only=>:both
- before_filter :login_required,:only=>:interactive
- before_filter :oauth_required,:only=>:token_only
-
- def interactive
- render :text => "interactive"
- end
-
- def token_only
- render :text => "token"
- end
-
- def both
- render :text => "both"
- end
-end
-
-
-class OauthControllerAccessControlTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthorizedController
-
- def setup
- @controller = OauthorizedController.new
- end
-
- def test_should__have_access_token_set_up_correctly
- setup_to_authorize_request
- assert @access_token.is_a?(AccessToken)
- assert @access_token.authorized?
- assert !@access_token.invalidated?
- assert_equal @user, @access_token.user
- assert_equal @client_application, @access_token.client_application
- end
-
- def test_should_return_false_for_oauth_by_default
- assert_equal false, @controller.send(:oauth?)
- end
-
- def test_should_return_nil_for_current_token_by_default
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_allow_oauth_when_using_login_or_oauth_required
- setup_to_authorize_request
- sign_request_with_oauth(@access_token)
- ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
- get :both
- assert_equal @access_token, @controller.send(:current_token)
- assert @controller.send(:current_token).is_a?(AccessToken)
- assert_equal @user, @controller.send(:current_user)
- assert_equal @client_application, @controller.send(:current_client_application)
- assert_equal '200', @response.code
- assert @response.success?
- end
-
- def test_should_allow_interactive_when_using_login_or_oauth_required
- login
- get :both
- assert @response.success?
- assert_equal @user, @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_allow_oauth_when_using_oauth_required
- setup_to_authorize_request
- sign_request_with_oauth(@access_token)
- ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
- get :token_only
- assert_equal @access_token, @controller.send(:current_token)
- assert_equal @client_application, @controller.send(:current_client_application)
- assert_equal @user, @controller.send(:current_user)
- assert_equal '200', @response.code
- assert @response.success?
- end
-
- def test_should_disallow_oauth_using_request_token_when_using_oauth_required
- setup_to_authorize_request
- ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
- sign_request_with_oauth(@request_token)
- get :token_only
- assert_equal '401', @response.code
- end
-
- def test_should_disallow_interactive_when_using_oauth_required
- login
- get :token_only
- assert_equal '401', @response.code
-
- assert_equal @user, @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_disallow_oauth_when_using_login_required
- setup_to_authorize_request
- sign_request_with_oauth(@access_token)
- get :interactive
- assert_equal "302",@response.code
- assert_nil @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_allow_interactive_when_using_login_required
- login
- get :interactive
- assert @response.success?
- assert_equal @user, @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
-end
-
-class OauthControllerRevokeTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- setup_oauth_for_user
- @request_token.stubs(:invalidate!)
- end
-
- def do_post
- post :revoke, :token => "TOKEN STRING"
- end
-
- def test_should_redirect_to_index
- do_post
- assert_response :redirect
- assert_redirected_to('http://test.host/oauth_clients')
- end
-
- def test_should_query_current_users_tokens
- @tokens.expects(:find_by_token).returns(@request_token)
- do_post
- end
-
- def test_should_call_invalidate_on_token
- @request_token.expects(:invalidate!)
- do_post
- end
-
-end
View
115 generators/oauth_provider/templates/controller_test_helper.rb
@@ -1,115 +0,0 @@
-require "mocha"
-module OAuthControllerTestHelper
-
- # Some custom stuff since we're using Mocha
- def mock_model(model_class, options_and_stubs = {})
- id = rand(10000)
- options_and_stubs.reverse_merge! :id => id,
- :to_param => id.to_s,
- :new_record? => false,
- :errors => stub("errors", :count => 0)
-
- m = stub("#{model_class.name}_#{options_and_stubs[:id]}", options_and_stubs)
- m.instance_eval <<-CODE
- def is_a?(other)
- #{model_class}.ancestors.include?(other)
- end
- def kind_of?(other)
- #{model_class}.ancestors.include?(other)
- end
- def instance_of?(other)
- other == #{model_class}
- end
- def class
- #{model_class}
- end
- CODE
- yield m if block_given?
- m
- end
-
- def mock_full_client_application
- mock_model(ClientApplication,
- :name => "App1",
- :url => "http://app.com",
- :callback_url => "http://app.com/callback",
- :support_url => "http://app.com/support",
- :key => "asd23423yy",
- :secret => "secret",
- :oauth_server => OAuth::Server.new("http://kowabunga.com")
- )
- end
-
- def login
- @controller.stubs(:local_request?).returns(true)
- @user = mock_model(User, :login => "ron")
- @controller.stubs(:current_user).returns(@user)
- @tokens=[]
- @tokens.stubs(:find).returns(@tokens)
- @user.stubs(:tokens).returns(@tokens)
- User.stubs(:find_by_id).returns(@user)
- end
-
- def login_as_application_owner
- login
- @client_application = mock_full_client_application
- @client_applications = [@client_application]
-
- @user.stubs(:client_applications).returns(@client_applications)
- @client_applications.stubs(:find).returns(@client_application)
- end
-
- def setup_oauth
- @controller.stubs(:local_request?).returns(true)
- @user||=mock_model(User)
-
- User.stubs(:find_by_id).returns(@user)
-
- @server=OAuth::Server.new "http://test.host"
- @consumer=OAuth::Consumer.new('key','secret',{:site=>"http://test.host"})
-
- @client_application = mock_full_client_application
- @controller.stubs(:current_client_application).returns(@client_application)
- ClientApplication.stubs(:find_by_key).returns(@client_application)
- @client_application.stubs(:key).returns(@consumer.key)
- @client_application.stubs(:secret).returns(@consumer.secret)
- @client_application.stubs(:name).returns("Client Application name")
- @client_application.stubs(:callback_url).returns("http://application/callback")
- @request_token=mock_model(RequestToken,:token=>'request_token',:client_application=>@client_application,:secret=>"request_secret",:user=>@user)
- @request_token.stubs(:invalidated?).returns(false)
- ClientApplication.stubs(:find_token).returns(@request_token)
-
- @request_token_string="oauth_token=request_token&oauth_token_secret=request_secret"
- @request_token.stubs(:to_query).returns(@request_token_string)
-
- @access_token=mock_model(AccessToken,:token=>'access_token',:client_application=>@client_application,:secret=>"access_secret",:user=>@user)
- @access_token.stubs(:invalidated?).returns(false)
- @access_token.stubs(:authorized?).returns(true)
- @access_token_string="oauth_token=access_token&oauth_token_secret=access_secret"
- @access_token.stubs(:to_query).returns(@access_token_string)
-
- @client_application.stubs(:authorize_request?).returns(true)
-# @client_application.stubs(:sign_request_with_oauth_token).returns(@request_token)
- @client_application.stubs(:exchange_for_access_token).returns(@access_token)
- end
-
- def setup_oauth_for_user
- login
- setup_oauth
- @tokens=[@request_token]
- @tokens.stubs(:find).returns(@tokens)
- @tokens.stubs(:find_by_token).returns(@request_token)
- @user.stubs(:tokens).returns(@tokens)
- end
-
- def sign_request_with_oauth(token=nil)
- ActionController::TestRequest.use_oauth=true
- @request.configure_oauth(@consumer, token)
- end
-
- def setup_to_authorize_request
- setup_oauth
- OauthToken.stubs(:find_by_token).with( @access_token.token).returns(@access_token)
- @access_token.stubs(:is_a?).returns(true)
- end
-end
View
4 lib/generators/rspec/oauth_provider_generator.rb
@@ -9,10 +9,6 @@ class OauthProviderGenerator < Rails::Generators::NamedBase
class_option :fixture, :type => :boolean
def copy_controller_spec_files
- template 'controller_spec_helper.rb',
- File.join('spec/controllers', class_path, "#{file_name}_controller_spec_helper.rb")
- template 'controller_spec.rb',
- File.join('spec/controllers', class_path, "#{file_name}_controller_spec.rb")
template 'clients_controller_spec.rb',
File.join('spec/controllers', class_path, "#{file_name}_clients_controller_spec.rb")
end
View
838 lib/generators/rspec/templates/controller_spec.rb
@@ -1,838 +0,0 @@
-require File.dirname(__FILE__) + '/../spec_helper'
-require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
-require 'json'
-describe OauthController do
- if defined?(Devise)
- include Devise::TestHelpers
- end
- include OAuthControllerSpecHelper
- fixtures :client_applications, :oauth_tokens, :users
- describe "getting a request token" do
- before(:each) do
- sign_request_with_oauth
- ClientApplication.stub!(:find_by_key).and_return(current_client_application)
- end
-
- def do_get
- get :request_token
- end
-
- it "should be successful" do
- do_get
- response.should be_success
- end
-
- it "should query for client_application" do
- ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
- do_get
- end
-
- it "should request token from client_application" do
- current_client_application.should_receive(:create_request_token).and_return(request_token)
- do_get
- end
-
- it "should return token string" do
- do_get
- response.body.should==RequestToken.last.to_query
- end
-
- it "should not set token_callback_url" do
- current_client_application.should_not_receive(:token_callback_url=)
- do_get
- end
- end
-
- describe "getting a request token passing a oauth_callback url" do
- before(:each) do
- sign_request_with_oauth nil, {:oauth_callback=>"http://test.com/alternative_callback"}
- ClientApplication.stub!(:find_by_key).and_return(current_client_application)
- end
-
- def do_get
- get :request_token
- end
-
- it "should be successful" do
- do_get
- response.should be_success
- end
-
- it "should query for client_application" do
- ClientApplication.should_receive(:find_by_key).with(current_client_application.key).and_return(current_client_application)
- do_get
- end
-
- it "should request token from client_application" do
- current_client_application.should_receive(:create_request_token).and_return(request_token)
- do_get
- end
-
- it "should return token string" do
- do_get
- response.body.should==RequestToken.last.to_query
- end
-
- it "should set token_callback_url with received oauth_callback" do
- current_client_application.should_receive(:token_callback_url=).with("http://test.com/alternative_callback")
- do_get
- end
- end
-
- describe "10a token authorization" do
- before(:each) do
- login
- RequestToken.stub!(:find_by_token).and_return(request_token)
- end
-
- def do_get
- get :authorize, :oauth_token => request_token.token
- end
-
- it "should show authorize page" do
- do_get
- response.should render_template("authorize")
- end
-
- it "should authorize token" do
- request_token.should_not_receive(:authorize!).with(current_user)
- do_get
- end
-
- it "should redirect if token is invalidated" do
- request_token.invalidate!
- do_get
- response.should render_template("authorize_failure")
- end
-
- end
-
- describe "10a token authorization" do
- before(:each) do
- login
- RequestToken.stub!(:find_by_token).and_return(request_token)
- end
-
- def do_post
- post :authorize, :oauth_token => request_token.token, :authorize=>"1"
- end
-
- it "should redirect to default callback" do
- do_post
- response.should be_redirect
- response.should redirect_to("http://application/callback?oauth_token=#{request_token.token}&oauth_verifier=#{request_token.verifier}")
- end
-
- it "should authorize token" do
- request_token.should_receive(:authorize!).with(current_user)
- do_post
- end
-
- it "should redirect if token is invalidated" do
- request_token.invalidate!
- do_post
- response.should render_template("authorize_failure")
- end
-
- end
-
- describe "2.0 authorization code flow" do
- before(:each) do
- login
- end
-
- describe "authorize redirect" do
- before(:each) do
- get :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
- end
-
- it "should render authorize" do
- response.should render_template("oauth2_authorize")
- end
-
- it "should not create token" do
- Oauth2Verifier.last.should be_nil
- end
- end
-
- describe "authorize" do
- before(:each) do
- post :authorize, :response_type=>"code",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"1"
- @verification_token = Oauth2Verifier.last
- @oauth2_token_count= Oauth2Token.count
- end
- subject { @verification_token }
-
- it { should_not be_nil }
- it "should set user on verification token" do
- @verification_token.user.should==current_user
- end
-
- it "should set redirect_url" do
- @verification_token.redirect_url.should == "http://application/callback"
- end
-
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?code=#{@verification_token.code}")
- end
-
- describe "get token" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>@verification_token.code
- @token = Oauth2Token.last
- end
-
- subject { @token }
-
- it { should_not be_nil }
- it { should be_authorized }
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
-
- it "should set user to current user" do
- @token.user.should==current_user
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"access_token"=>@token.token}
- end
- end
-
- describe "get token with wrong secret" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>"fake", :redirect_url=>"http://application/callback",:code=>@verification_token.code
- end
-
- it "should not create token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return incorrect_client_credentials error" do
- JSON.parse(response.body).should == {"error"=>"invalid_client"}
- end
- end
-
- describe "get token with wrong code" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://application/callback",:code=>"fake"
- end
-
- it "should not create token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return incorrect_client_credentials error" do
- JSON.parse(response.body).should == {"error"=>"invalid_grant"}
- end
- end
-
- describe "get token with wrong redirect_url" do
- before(:each) do
- post :token, :grant_type=>"authorization_code", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :redirect_url=>"http://evil/callback",:code=>@verification_token.code
- end
-
- it "should not create token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return incorrect_client_credentials error" do
- JSON.parse(response.body).should == {"error"=>"invalid_grant"}
- end
- end
-
- end
-
- describe "deny" do
- before(:each) do
- post :authorize, :response_type=>"code", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"0"
- end
-
- it { Oauth2Verifier.last.should be_nil }
-
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?error=user_denied")
- end
- end
-
- end
-
-
- describe "2.0 authorization token flow" do
- before(:each) do
- login
- current_client_application # load up so it creates its own token
- @oauth2_token_count= Oauth2Token.count
- end
-
- describe "authorize redirect" do
- before(:each) do
- get :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback"
- end
-
- it "should render authorize" do
- response.should render_template("oauth2_authorize")
- end
-
- it "should not create token" do
- Oauth2Verifier.last.should be_nil
- end
- end
-
- describe "authorize" do
- before(:each) do
- post :authorize, :response_type=>"token",:client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"1"
- @token = Oauth2Token.last
- end
- subject { @token }
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?access_token=#{@token.token}")
- end
-
- it "should not have a scope" do
- @token.scope.should be_nil
- end
- it { should_not be_nil }
- it { should be_authorized }
-
- it "should set user to current user" do
- @token.user.should==current_user
- end
-
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
- end
-
- describe "deny" do
- before(:each) do
- post :authorize, :response_type=>"token", :client_id=>current_client_application.key, :redirect_url=>"http://application/callback",:authorize=>"0"
- end
-
- it { Oauth2Verifier.last.should be_nil }
-
- it "should redirect to default callback" do
- response.should be_redirect
- response.should redirect_to("http://application/callback?error=user_denied")
- end
- end
- end
-
- describe "oauth2 token for autonomous client_application" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret
- @token = Oauth2Token.last
- end
-
- subject { @token }
-
- it { should_not be_nil }
- it { should be_authorized }
- it "should set user to client_applications user" do
- @token.user.should==current_client_application.user
- end
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"access_token"=>@token.token}
- end
- end
-
- describe "oauth2 token for autonomous client_application with invalid client credentials" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"none", :client_id=>current_client_application.key,:client_secret=>"bad"
- end
-
- subject { @token }
-
- it "should not have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"error"=>"invalid_client"}
- end
- end
-
-
- describe "oauth2 token for basic credentials" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"password"
- @token = Oauth2Token.last
- end
-
- subject { @token }
-
- it { should_not be_nil }
- it { should be_authorized }
- it "should set user to client_applications user" do
- @token.user.should==current_user
- end
- it "should have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count+1
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"access_token"=>@token.token}
- end
- end
-
- describe "oauth2 token for basic credentials with wrong password" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>current_user.login, :password=>"bad"
- end
-
- it "should not have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"error"=>"invalid_grant"}
- end
- end
-
- describe "oauth2 token for basic credentials with unknown user" do
- before(:each) do
- current_client_application
- @oauth2_token_count = Oauth2Token.count
- post :token, :grant_type=>"password", :client_id=>current_client_application.key,:client_secret=>current_client_application.secret, :username=>"non existent", :password=>"password"
- end
-
- it "should not have added a new token" do
- Oauth2Token.count.should==@oauth2_token_count
- end
-
- it "should return json token" do
- JSON.parse(response.body).should=={"error"=>"invalid_grant"}
- end
- end
-
- describe "getting an access token" do
- before(:each) do
- request_token.authorize!(current_user)
- request_token.reload
- sign_request_with_oauth consumer_request_token, :oauth_verifier=>request_token.verifier
- end
-
- def do_get
- post :access_token
- end
-
- it "should have a verifier" do
- request_token.verifier.should_not be_nil
- end
-
- it "should be authorized" do
- request_token.should be_authorized
- end
-
- it "should be successful" do
- do_get
- response.should be_success
- end
-
- it "should request token from client_application" do
- controller.stub!(:current_token).and_return(request_token)
- request_token.should_receive(:exchange!).and_return(access_token)
- do_get
- end
-
- it "should return token string" do
- do_get
- response.body.should == AccessToken.last.to_query
- end
-
- describe "access token" do
- before(:each) do
- do_get
- access_token=AccessToken.last
- end
-
- it "should have user set" do
- access_token.user.should==current_user
- end
-
- it "should be authorized" do
- access_token.should be_authorized
- end
- end
- end
-
- describe "invalidate" do
- before(:each) do
- sign_request_with_oauth access_token
- get :invalidate
- end
-
- it "should be a success" do
- response.code.should=="410"
- end
- end
-
-end
-
-class OauthorizedController<ApplicationController
- before_filter :login_required, :only => :interactive
- oauthenticate :only => :all
- oauthenticate :strategies=>:token, :only=>:interactive_and_token
- oauthenticate :strategies=>:two_legged, :only=>:interactive_and_two_legged
- oauthenticate :interactive=>false, :only=>:no_interactive
- oauthenticate :interactive=>false, :strategies=>:token, :only=>:token
- oauthenticate :interactive=>false, :strategies=>:two_legged, :only=>:two_legged
- before_filter :oauth_required, :only=>:token_legacy
- before_filter :login_or_oauth_required, :only=>:both_legacy
-
- def interactive
- head :ok
- end
-
- def all
- head :ok
- end
-
- def token
- head :ok
- end
-
- def interactive_and_token
- head :ok
- end
-
- def interactive_and_two_legged
- head :ok
- end
-
- def two_legged
- head :ok
- end
-
- def token_legacy
- head :ok
- end
-
- def both_legacy
- head :ok
- end
-end
-
-describe OauthorizedController, " access control" do
- fixtures :client_applications, :oauth_tokens, :users
- if defined?(Devise)
- include Devise::TestHelpers
- end
- include OAuthControllerSpecHelper
-
- it "should return false for oauth? by default" do
- controller.send(:oauth?).should == false
- end
-
- it "should return nil for current_token by default" do
- controller.send(:current_token).should be_nil
- end
-
- describe "oauth 10a" do
-
- describe "request token signed" do
- before(:each) do
- sign_request_with_oauth(request_token)
- end
-
- it "should disallow oauth using RequestToken when using oauth_required" do
- get :token
- response.code.should == '401'
- end
- end
-
- describe "access token signed" do
- before(:each) do
- sign_request_with_oauth(access_token)
- end
-
- [:interactive,:two_legged,:interactive_and_two_legged].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:token,:interactive_and_token,:all,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should set current_token" do
- controller.send(:current_token).should == access_token
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
- end
-
- describe "2 legged" do
- before(:each) do
- two_legged_sign_request_with_oauth(current_consumer)
- end
-
- [:token,:interactive_and_token,:interactive,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:two_legged,:interactive_and_two_legged,:all].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_client_application.user
- end
- end
- end
- end
-
- end
-
- describe "oauth 2.0" do
- before(:each) do
- @access_token = Oauth2Token.create :user=>current_user, :client_application=>current_client_application
- @client_application = @access_token.client_application
- end
- describe "authorize header" do
- before(:each) do
- add_oauth2_token_header(access_token)
- end
-
- it "should include headers" do
- get :interactive_and_token
- request.authorization.should == "OAuth #{access_token.token}"
- end
-
- [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:token,:interactive_and_token,:all].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should set current_token" do
- controller.send(:current_token).should == access_token
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
- end
-
- describe "query string" do
- [:interactive,:two_legged,:interactive_and_two_legged,:token_legacy,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should not set current_user" do
- controller.send(:current_user).should be_nil
- end
- end
- end
-
- [:token,:interactive_and_token,:all].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should set current_token" do
- controller.send(:current_token).should == access_token
- end
-
- it "should set current_client_application" do
- controller.send(:current_client_application).should == current_client_application
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
-
- end
-
- end
-
- describe "logged in user" do
- before(:each) do
- login
- end
-
-
- [:token,:two_legged,:token_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should_not be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- end
- end
-
- [:interactive,:interactive_and_two_legged,:interactive_and_token,:all,:both_legacy].each do |action|
- describe "accessing #{action.to_s.humanize}" do
- before(:each) do
- get action, :oauth_token=>access_token.token
- end
-
- it "should not be a success" do
- response.should be_success
- end
-
- it "should not set current_token" do
- controller.send(:current_token).should be_nil
- end
-
- it "should not set current_client_application" do
- controller.send(:current_client_application).should be_nil
- end
-
- it "should set current_user" do
- controller.send(:current_user).should == current_user
- end
- end
- end
- end
-end
-
View
66 lib/generators/rspec/templates/controller_spec_helper.rb
@@ -1,66 +0,0 @@
-require 'oauth/client/action_controller_request'
-module OAuthControllerSpecHelper
-
- def current_user
- @user||=users(:aaron)
- end
-
- def current_client_application
- @client_application||=client_applications(:one)
- end
-
- def access_token
- @access_token||=AccessToken.create :user=>current_user,:client_application=>current_client_application
- end
-
- def request_token
- @request_token||=RequestToken.create :client_application=>current_client_application, :callback_url=>"http://application/callback"
- end
-
- def consumer_request_token
- OAuth::RequestToken.new current_consumer,request_token.token,request_token.secret
- end
-
- def consumer_access_token
- OAuth::AccessToken.new current_consumer,access_token.token,access_token.secret
- end
-
- if defined?(Devise)
- include Devise::TestHelpers
- def login
- sign_in :user, current_user
- end
- else
- def login
- controller.stub!(:current_user).and_return(current_user)
- end
- end
-
- def login_as_application_owner
- @user = users(:quentin)
- login
- end
-
- def current_consumer
- @consumer ||= OAuth::Consumer.new(current_client_application.key,current_client_application.secret,{:site => "http://test.host"})
- end
-
- def setup_oauth_for_user
- login
- end
-
- def sign_request_with_oauth(token=nil,options={})
- ActionController::TestRequest.use_oauth=true
- @request.configure_oauth(current_consumer,token,options)
- end
-
- def two_legged_sign_request_with_oauth(consumer=nil,options={})
- ActionController::TestRequest.use_oauth=true
- @request.configure_oauth(consumer,nil,options)
- end
-
- def add_oauth2_token_header(token,options={})
- request.env['HTTP_AUTHORIZATION'] = "OAuth #{token.token}"
- end
-
-end
View
4 lib/generators/test_unit/oauth_provider_generator.rb
@@ -9,10 +9,6 @@ class OauthProviderGenerator < Base
class_option :fixture, :type => :boolean
def copy_controller_test_files
- template 'controller_test_helper.rb',
- File.join('test', class_path, "#{file_name}_controller_test_helper.rb")
- template 'controller_test.rb',
- File.join('test/functional', class_path, "#{file_name}_controller_test.rb")
template 'clients_controller_test.rb',
File.join('test/functional', class_path, "#{file_name}_clients_controller_test.rb")
end
View
310 lib/generators/test_unit/templates/controller_test.rb
@@ -1,310 +0,0 @@
-require File.dirname(__FILE__) + '/../test_helper'
-require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
-require 'oauth/client/action_controller_request'
-
-class OauthController; def rescue_action(e) raise e end; end
-
-class OauthControllerRequestTokenTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- setup_oauth
- sign_request_with_oauth
- @client_application.stubs(:create_request_token).returns(@request_token)
- end
-
- def do_get
- get :request_token
- end
-
- def test_should_be_successful
- do_get
- assert @response.success?
- end
-
- def test_should_query_for_client_application
- ClientApplication.expects(:find_by_key).with('key').returns(@client_application)
- do_get
- end
-
- def test_should_request_token_from_client_application
- @client_application.expects(:create_request_token).returns(@request_token)
- do_get
- end
-
- def test_should_return_token_string
- do_get
- assert_equal @request_token_string, @response.body
- end
-end
-
-class OauthControllerTokenAuthorizationTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- login
- setup_oauth
- RequestToken.stubs(:find_by_token).returns(@request_token)
- end
-
- def do_get
- get :authorize, :oauth_token => @request_token.token
- end
-
- def do_post
- @request_token.expects(:authorize!).with(@user)
- post :authorize,:oauth_token=>@request_token.token,:authorize=>"1"
- end
-
- def do_post_without_user_authorization
- @request_token.expects(:invalidate!)
- post :authorize,:oauth_token=>@request_token.token,:authorize=>"0"
- end
-
- def do_post_with_callback
- @request_token.expects(:authorize!).with(@user)
- post :authorize,:oauth_token=>@request_token.token,:oauth_callback=>"http://application/alternative",:authorize=>"1"
- end
-
- def do_post_with_no_application_callback
- @request_token.expects(:authorize!).with(@user)
- @client_application.stubs(:callback_url).returns(nil)
- post :authorize, :oauth_token => @request_token.token, :authorize=>"1"
- end
-
- def test_should_be_successful
- do_get
- assert @response.success?
- end
-
- def test_should_query_for_client_application
- RequestToken.expects(:find_by_token).returns(@request_token)
- do_get
- end
-
- def test_should_assign_token
- do_get
- assert_equal @request_token, assigns(:token)
- end
-
- def test_should_render_authorize_template
- do_get
- assert_template('authorize')
- end
-
- def test_should_redirect_to_default_callback
- do_post
- assert_response :redirect
- assert_redirected_to("http://application/callback?oauth_token=#{@request_token.token}")
- end
-
- def test_should_redirect_to_callback_in_query
- do_post_with_callback
- assert_response :redirect
- assert_redirected_to("http://application/alternative?oauth_token=#{@request_token.token}")
- end
-
- def test_should_be_successful_on_authorize_without_any_application_callback
- do_post_with_no_application_callback
- assert @response.success?
- assert_template('authorize_success')
- end
-
- def test_should_render_failure_screen_on_user_invalidation
- do_post_without_user_authorization
- assert_template('authorize_failure')
- end
-
- def test_should_render_failure_screen_if_token_is_invalidated
- @request_token.expects(:invalidated?).returns(true)
- do_get
- assert_template('authorize_failure')
- end
-
-
-end
-
-class OauthControllerGetAccessTokenTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- setup_oauth
- sign_request_with_oauth @request_token
- @request_token.stubs(:exchange!).returns(@access_token)
- end
-
- def do_get
- get :access_token
- end
-
- def test_should_be_successful
- do_get
- assert @response.success?
- end
-
- def test_should_query_for_client_application
- ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
- do_get
- end
-
- def test_should_request_token_from_client_application
- @request_token.expects(:exchange!).returns(@access_token)
- do_get
- end
-
- def test_should__return_token_string
- do_get
- assert_equal @access_token_string, @response.body
- end
-end
-
-class OauthorizedController < ApplicationController
- before_filter :login_or_oauth_required,:only=>:both
- before_filter :login_required,:only=>:interactive
- before_filter :oauth_required,:only=>:token_only
-
- def interactive
- render :text => "interactive"
- end
-
- def token_only
- render :text => "token"
- end
-
- def both
- render :text => "both"
- end
-end
-
-
-class OauthControllerAccessControlTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthorizedController
-
- def setup
- @controller = OauthorizedController.new
- end
-
- def test_should__have_access_token_set_up_correctly
- setup_to_authorize_request
- assert @access_token.is_a?(AccessToken)
- assert @access_token.authorized?
- assert !@access_token.invalidated?
- assert_equal @user, @access_token.user
- assert_equal @client_application, @access_token.client_application
- end
-
- def test_should_return_false_for_oauth_by_default
- assert_equal false, @controller.send(:oauth?)
- end
-
- def test_should_return_nil_for_current_token_by_default
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_allow_oauth_when_using_login_or_oauth_required
- setup_to_authorize_request
- sign_request_with_oauth(@access_token)
- ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
- get :both
- assert_equal @access_token, @controller.send(:current_token)
- assert @controller.send(:current_token).is_a?(AccessToken)
- assert_equal @user, @controller.send(:current_user)
- assert_equal @client_application, @controller.send(:current_client_application)
- assert_equal '200', @response.code
- assert @response.success?
- end
-
- def test_should_allow_interactive_when_using_login_or_oauth_required
- login
- get :both
- assert @response.success?
- assert_equal @user, @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_allow_oauth_when_using_oauth_required
- setup_to_authorize_request
- sign_request_with_oauth(@access_token)
- ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
- get :token_only
- assert_equal @access_token, @controller.send(:current_token)
- assert_equal @client_application, @controller.send(:current_client_application)
- assert_equal @user, @controller.send(:current_user)
- assert_equal '200', @response.code
- assert @response.success?
- end
-
- def test_should_disallow_oauth_using_request_token_when_using_oauth_required
- setup_to_authorize_request
- ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
- sign_request_with_oauth(@request_token)
- get :token_only
- assert_equal '401', @response.code
- end
-
- def test_should_disallow_interactive_when_using_oauth_required
- login
- get :token_only
- assert_equal '401', @response.code
-
- assert_equal @user, @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_disallow_oauth_when_using_login_required
- setup_to_authorize_request
- sign_request_with_oauth(@access_token)
- get :interactive
- assert_equal "302",@response.code
- assert_nil @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
- def test_should_allow_interactive_when_using_login_required
- login
- get :interactive
- assert @response.success?
- assert_equal @user, @controller.send(:current_user)
- assert_nil @controller.send(:current_token)
- end
-
-end
-
-class OauthControllerRevokeTest < ActionController::TestCase
- include OAuthControllerTestHelper
- tests OauthController
-
- def setup
- @controller = OauthController.new
- setup_oauth_for_user
- @request_token.stubs(:invalidate!)
- end
-
- def do_post
- post :revoke, :token => "TOKEN STRING"
- end
-
- def test_should_redirect_to_index
- do_post
- assert_response :redirect
- assert_redirected_to('http://test.host/oauth_clients')
- end
-
- def test_should_query_current_users_tokens
- @tokens.expects(:find_by_token).returns(@request_token)
- do_post
- end
-
- def test_should_call_invalidate_on_token
- @request_token.expects(:invalidate!)
- do_post
- end
-
-end
View
115 lib/generators/test_unit/templates/controller_test_helper.rb
@@ -1,115 +0,0 @@
-require "mocha"
-module OAuthControllerTestHelper
-
- # Some custom stuff since we're using Mocha
- def mock_model(model_class, options_and_stubs = {})
- id = rand(10000)
- options_and_stubs.reverse_merge! :id => id,
- :to_param => id.to_s,
- :new_record? => false,
- :errors => stub("errors", :count => 0)