more spec

mdyd-dev · Aug 16, 2011 · b30f15b · b30f15b
1 parent 0e17ec5
commit b30f15b
Show file tree

Hide file tree

Showing 18 changed files with 213 additions and 14 deletions.
diff --git a/.rspec b/.rspec
@@ -0,0 +1,2 @@
+--color
+--format=documentation
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -19,8 +19,10 @@ GEM
       builder (~> 2.1.2)
       i18n (~> 0.5.0)
     activesupport (3.0.9)
+    addressable (2.2.6)
     attr_required (0.0.3)
     builder (2.1.2)
+    crack (0.1.8)
     diff-lcs (1.1.2)
     httpclient (2.2.1)
     i18n (0.5.0)
@@ -60,6 +62,9 @@ GEM
       mail (>= 2.2.5)
     validate_url (0.2.0)
       activemodel (>= 3.0.0)
+    webmock (1.6.4)
+      addressable (> 2.2.5, ~> 2.2)
+      crack (>= 0.1.7)
 
 PLATFORMS
   ruby
@@ -69,3 +74,4 @@ DEPENDENCIES
   rake (>= 0.8)
   rcov (>= 0.9)
   rspec (>= 2)
+  webmock (>= 1.6.2)
diff --git a/lib/openid_connect/access_token.rb b/lib/openid_connect/access_token.rb
@@ -2,17 +2,16 @@ module OpenIDConnect
   class AccessToken < Rack::OAuth2::AccessToken::Bearer
     attr_required :client
 
+    def initialize(attributes = {})
+      super
+      @token_type = :bearer
+    end
+
     def user_info!(scheme = :openid)
-      klass = case scheme
-      when :openid
-        ResponseObject::UserInfo::OpenID
-      else
-        raise Exception.new("Unknown Scheme: #{scheme}")
-      end
       hash = resource_request do
         get client.user_info_uri
       end
-      klass.new hash
+      ResponseObject::UserInfo::OpenID.new hash
     end
 
     def id_token!
@@ -29,10 +28,14 @@ def resource_request
       case res.status
       when 200
         JSON.parse(res.body).with_indifferent_access
+      when 400
+        raise BadRequest.new('API Access Faild')
       when 401
-        raise OpenIDConnect::Unauthorized.new('Access Token Invalid or Expired')
+        raise Unauthorized.new('Access Token Invalid or Expired')
+      when 403
+        raise Forbidden.new('Insufficient Scope')
       else
-        raise OpenIDConnect::BadRequest.new('API Access Faild')
+        raise HttpError.new(res.status, 'Unknown HttpError')
       end
     end
   end

diff --git a/lib/openid_connect/client.rb b/lib/openid_connect/client.rb
@@ -19,6 +19,7 @@ def authorization_uri(params = {})
 
     def access_token!
       token = super
+      raise Exception.new("Unexpected Token Type: #{token.token_type}") unless token.token_type == :bearer
       AccessToken.new token.token_response.merge(:client => self)
     end
 

diff --git a/openid_connect.gemspec b/openid_connect.gemspec
@@ -21,4 +21,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency "rake", ">= 0.8"
   s.add_development_dependency "rcov", ">= 0.9"
   s.add_development_dependency "rspec", ">= 2"
+  s.add_development_dependency "webmock", ">= 1.6.2"
 end
diff --git a/spec/helpers/webmock_helper.rb b/spec/helpers/webmock_helper.rb
@@ -0,0 +1,42 @@
+require 'webmock/rspec'
+
+module WebMockHelper
+  def mock_json(method, endpoint, response_file, options = {})
+    stub_request(method, endpoint).with(
+      request_for(method, options)
+    ).to_return(
+      response_for(response_file, options)
+    )
+    yield
+    a_request(method, endpoint).with(
+      request_for(method, options)
+    ).should have_been_made.once
+  end
+
+  private
+
+  def request_for(method, options = {})
+    request = {}
+    if options[:params]
+      case method
+      when :post, :put
+        request[:body] = options[:params]
+      else
+        request[:query] = options[:params]
+      end
+    end
+    request
+  end
+
+  def response_for(response_file, options = {})
+    response = {}
+    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{options[:format] || :json}"))
+    if options[:status]
+      response[:status] = options[:status]
+    end
+    response
+  end
+end
+
+include WebMockHelper
+WebMock.disable_net_connect!
diff --git a/spec/mock_response/access_token/bearer.json b/spec/mock_response/access_token/bearer.json
@@ -0,0 +1,6 @@
+{
+  "access_token":"access_token",
+  "refresh_token":"refresh_token",
+  "token_type":"bearer",
+  "expires_in":3600
+}
diff --git a/spec/mock_response/access_token/mac.json b/spec/mock_response/access_token/mac.json
@@ -0,0 +1,8 @@
+{
+  "token_type": "mac",
+  "mac_algorithm": "hmac-sha-256",
+  "expires_in": 3600,
+  "mac_key": "secret",
+  "refresh_token": "refresh_token",
+  "access_token": "access_token"
+}
diff --git a/spec/mock_response/errors/insufficient_scope.json b/spec/mock_response/errors/insufficient_scope.json
@@ -0,0 +1,3 @@
+{
+  "error": "insufficient_scope"
+}
diff --git a/spec/mock_response/errors/invalid_access_token.json b/spec/mock_response/errors/invalid_access_token.json
@@ -0,0 +1,3 @@
+{
+  "error": "invalid_access_token"
+}
diff --git a/spec/mock_response/errors/invalid_request.json b/spec/mock_response/errors/invalid_request.json
@@ -0,0 +1,3 @@
+{
+  "error": "invalid_request"
+}
diff --git a/spec/mock_response/errors/unknown.json b/spec/mock_response/errors/unknown.json
@@ -0,0 +1 @@
+Fuckin Unknown Error
diff --git a/spec/mock_response/id_token.json b/spec/mock_response/id_token.json
@@ -0,0 +1,7 @@
+{
+  "iss": "http://server.example.com",
+  "client_id": "http://client.example.com",
+  "aud": "http://client.example.com",
+  "user_id": "user_328723",
+  "exp": 1303852880
+}
diff --git a/spec/mock_response/user_info/openid.json b/spec/mock_response/user_info/openid.json
@@ -0,0 +1,23 @@
+{
+  "id": "90125",
+  "name": "Jonathan Q. Doe",
+  "given_name": "Jonathan",
+  "middle_name": "Q.",
+  "family_name": "Doe",
+  "nickname": "John",
+  "email": "[email protected]",
+  "verified": true,
+  "profile": "http://example.com/johndoe/",
+  "picture": "http://example.com/johndoe/me.jpg",
+  "website": "http://john.doe.blogs.example.net/",
+  "gender": "male",
+  "birthday": "05/02/0000",
+  "zoneinfo": "America/Los_Angeles",
+  "locale": "en_US",
+  "phone_number": "+1 (425) 555-1212",
+  "address": {
+    "region": "WA",
+    "country": "United States"
+  },
+  "last_updated": "2011-06-29T21:10:22+0000"
+}
diff --git a/spec/openid_connect/access_token_spec.rb b/spec/openid_connect/access_token_spec.rb
@@ -1,11 +1,68 @@
 require 'spec_helper'
 
 describe OpenIDConnect::AccessToken do
+  subject { token }
+  let :client do
+    OpenIDConnect::Client.new(
+      :identifier => 'client_id',
+      :host => 'server.example.com'
+    )
+  end
+  let :token do
+    OpenIDConnect::AccessToken.new(
+      :access_token => 'access_token',
+      :client => client
+    )
+  end
+  its(:token_type) { should == :bearer }
+
   describe '#user_info!' do
-    it :TODO
+    it 'should return OpenIDConnect::ResponseObject::UserInfo::OpenID' do
+      mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token' do
+        token.user_info!.should be_a OpenIDConnect::ResponseObject::UserInfo::OpenID
+      end
+    end
+
+    describe 'error handling' do
+      context 'when bad_request' do
+        it 'should raise OpenIDConnect::Forbidden' do
+          mock_json :get, client.user_info_uri, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 400 do
+            expect { token.user_info! }.should raise_error OpenIDConnect::BadRequest
+          end
+        end
+      end
+
+      context 'when unauthorized' do
+        it 'should raise OpenIDConnect::Unauthorized' do
+          mock_json :get, client.user_info_uri, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 401 do
+            expect { token.user_info! }.should raise_error OpenIDConnect::Unauthorized
+          end
+        end
+      end
+
+      context 'when forbidden' do
+        it 'should raise OpenIDConnect::Forbidden' do
+          mock_json :get, client.user_info_uri, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 403 do
+            expect { token.user_info! }.should raise_error OpenIDConnect::Forbidden
+          end
+        end
+      end
+
+      context 'when unknown' do
+        it 'should raise OpenIDConnect::HttpError' do
+          mock_json :get, client.user_info_uri, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 500 do
+            expect { token.user_info! }.should raise_error OpenIDConnect::HttpError
+          end
+        end
+      end
+    end
   end
 
   describe '#id_token!' do
-    it :TODO
+    it 'should return OpenIDConnect::ResponseObject::IdToken' do
+      mock_json :get, client.introspection_uri, 'id_token', :HTTP_AUTHORIZATION => 'Bearer access_token' do
+        token.id_token!.should be_a OpenIDConnect::ResponseObject::IdToken
+      end
+    end
   end
 end
diff --git a/spec/openid_connect/client_spec.rb b/spec/openid_connect/client_spec.rb
@@ -3,6 +3,7 @@
 describe OpenIDConnect::Client do
   subject { client }
   let(:client) { OpenIDConnect::Client.new attributes }
+  let(:attributes) { required_attributes }
   let :required_attributes do
     {
       :identifier => 'client_id'
@@ -23,7 +24,6 @@
     end
 
     context 'otherwise' do
-      let(:attributes) { required_attributes }
       [:authorization_uri, :introspection_uri, :user_info_uri].each do |endpoint|
         describe endpoint do
           it do
@@ -66,6 +66,37 @@
   end
 
   describe '#access_token!' do
-    it :TODO
+    let :attributes do
+      required_attributes.merge(
+        :secret => 'client_secret',
+        :token_endpoint => 'http://server.example.com/access_tokens'
+      )
+    end
+    let :protocol_params do
+      {
+        :client_id => 'client_id',
+        :client_secret => 'client_secret',
+        :grant_type => 'authorization_code',
+        :code => 'code'
+      }
+    end
+
+    context 'when bearer token is returned' do
+      it 'should return OpenIDConnect::AccessToken' do
+        mock_json :post, client.token_endpoint, 'access_token/bearer', :params => protocol_params do
+          client.authorization_code = 'code'
+          client.access_token!.should be_a OpenIDConnect::AccessToken
+        end
+      end
+    end
+
+    context 'otherwise' do
+      it 'should raise Unexpected Token Type exception' do
+        mock_json :post, client.token_endpoint, 'access_token/mac', :params => protocol_params do
+          client.authorization_code = 'code'
+          expect { client.access_token! }.should raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
+        end
+      end
+    end
   end
 end
diff --git a/spec/openid_connect/response_object/id_token_spec.rb b/spec/openid_connect/response_object/id_token_spec.rb
@@ -29,7 +29,7 @@
     context 'otherwise' do
       let(:attributes) { required_attributes }
       it do
-        expect { id_token.to_jwt }.should raise_error(OpenIDConnect::Exception, 'Secret Required')
+        expect { id_token.to_jwt }.should raise_error OpenIDConnect::Exception, 'Secret Required'
       end
     end
   end

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -1,2 +1,4 @@
 require 'rspec'
 require 'openid_connect'
+
+require 'helpers/webmock_helper'