1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
require "spec"
require "oauth2"
class OAuth2::AccessToken
describe Bearer do
it "builds from json" do
token_value = "some token value"
token_type = "Bearer"
expires_in = 3600
refresh_token = "some refresh token"
scope = "some scope"
json = %({
"access_token" : "#{token_value}",
"token_type" : "#{token_type}",
"expires_in" : #{expires_in},
"refresh_token" : "#{refresh_token}",
"scope" : "#{scope}"
})
access_token = AccessToken.from_json(json)
access_token = access_token.as(Bearer)
access_token.token_type.should eq("Bearer")
access_token.access_token.should eq(token_value)
access_token.expires_in.should eq(expires_in)
access_token.refresh_token.should eq(refresh_token)
access_token.scope.should eq(scope)
access_token = AccessToken::Bearer.from_json(json)
access_token = access_token.as(Bearer)
access_token.token_type.should eq("Bearer")
access_token.access_token.should eq(token_value)
access_token.expires_in.should eq(expires_in)
access_token.refresh_token.should eq(refresh_token)
access_token.scope.should eq(scope)
end
it "dumps to json" do
token = Bearer.new("access token", 3600, "refresh token")
token2 = AccessToken.from_json(token.to_json)
token2.should eq(token)
end
it "authenticates request" do
token = Bearer.new("access token", 3600, "refresh token")
request = HTTP::Request.new "GET", "/"
token.authenticate request, false
request.headers["Authorization"].should eq("Bearer access token")
end
it "builds from json without expires_in (#4041)" do
access_token = AccessToken.from_json(%({
"access_token" : "foo",
"token_type" : "Bearer",
"refresh_token" : "bar",
"scope" : "baz"
}))
access_token.expires_in.should be_nil
end
it "builds from json with unknown key (#4437)" do
token = AccessToken.from_json(%({
"access_token" : "foo",
"token_type" : "Bearer",
"refresh_token" : "bar",
"scope" : "baz",
"unknown": [1, 2, 3]
}))
token.extra.not_nil!["unknown"].should eq("[1,2,3]")
end
it "builds from json without token_type, assumes Bearer (#4503)" do
token = AccessToken.from_json(%({
"access_token" : "foo",
"refresh_token" : "bar",
"scope" : "baz"
}))
token.should be_a(AccessToken::Bearer)
token.access_token.should eq("foo")
end
end
describe Mac do
it "builds from json" do
mac_algorithm = "hmac-sha-256"
expires_in = 3600
mac_key = "secret key"
refresh_token = "some refresh token"
token_value = "some token value"
scope = "some scope"
json = %({
"token_type": "mac",
"mac_algorithm": "#{mac_algorithm}",
"expires_in": #{expires_in},
"mac_key": "#{mac_key}",
"refresh_token":"#{refresh_token}",
"access_token":"#{token_value}",
"scope":"#{scope}"
})
access_token = AccessToken.from_json(json)
access_token = access_token.as(Mac)
access_token.token_type.should eq("Mac")
access_token.access_token.should eq(token_value)
access_token.expires_in.should eq(expires_in)
access_token.refresh_token.should eq(refresh_token)
access_token.scope.should eq(scope)
access_token.mac_algorithm.should eq(mac_algorithm)
access_token.mac_key.should eq(mac_key)
access_token = AccessToken::Mac.from_json(json)
access_token = access_token.as(Mac)
access_token.token_type.should eq("Mac")
access_token.access_token.should eq(token_value)
access_token.expires_in.should eq(expires_in)
access_token.refresh_token.should eq(refresh_token)
access_token.scope.should eq(scope)
access_token.mac_algorithm.should eq(mac_algorithm)
access_token.mac_key.should eq(mac_key)
end
it "builds with null refresh token" do
json = %({
"token_type": "Mac",
"access_token":"WRN01OBN1gme8HxeRL5yJ8w05PjCvt-2vXOIle43w9s",
"expires_in":899,
"refresh_token":null,
"mac_algorithm":"hmac-sha-256",
"mac_key":"N-ATggO2ywqylWgIi3QZn40jWJmL2f9h6ZOGd3jqcxU"
})
access_token = AccessToken.from_json(json)
access_token = access_token.as(Mac)
access_token.refresh_token.should be_nil
end
it "dumps to json" do
token = Mac.new("access token", 3600, "mac algorithm", "mac key", "refresh token", "scope")
token2 = AccessToken.from_json(token.to_json)
token2.should eq(token)
end
it "authenticates request" do
headers = HTTP::Headers.new
headers["Host"] = "localhost:4000"
token = Mac.new("3n2-YaAzH67YH9UJ-9CnJ_PS-vSy1MRLM-q7TZknPw", 3600, "hmac-sha-256", "i-pt1Lir-yAfUdXbt-AXM1gMupK7vDiOK1SZGWkASDc")
request = HTTP::Request.new "GET", "/some/resource.json", headers
token.authenticate request, false
auth = request.headers["Authorization"]
auth.should match /MAC id=".+?", nonce=".+?", ts=".+?", mac=".+?"/
end
it "computes signature" do
mac = Mac.signature 1, "0:1234", "GET", "/resource.json", "localhost", "4000", "", "hmac-sha-256", "i-pt1Lir-yAfUdXbt-AXM1gMupK7vDiOK1SZGWkASDc"
mac.should eq("21vVRFACz5NrO+zlVfFuxTjTx5Wb0qBMfKelMTtujpE=")
end
end
end
|
