File: authenticator_spec.rb

package info (click to toggle)
ruby-oauth2 2.0.17-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,608 kB
  • sloc: ruby: 5,441; javascript: 529; makefile: 4; sh: 4
file content (174 lines) | stat: -rw-r--r-- 4,946 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
# frozen_string_literal: true

RSpec.describe OAuth2::Authenticator do
  subject do
    described_class.new(client_id, client_secret, mode)
  end

  let(:client_id) { "foo" }
  let(:client_secret) { "bar" }
  let(:mode) { :undefined }

  it "raises NotImplementedError for unknown authentication mode" do
    expect { subject.apply({}) }.to raise_error(NotImplementedError)
  end

  describe "#apply" do
    context "with parameter-based authentication" do
      let(:mode) { :request_body }

      it "adds client_id and client_secret to params" do
        output = subject.apply({})
        expect(output).to eq("client_id" => "foo", "client_secret" => "bar")
      end

      context "when client_id nil" do
        let(:client_id) { nil }

        it "ignores client_id, but adds client_secret to params" do
          output = subject.apply({})
          expect(output).to eq("client_secret" => "bar")
        end
      end

      it "does not overwrite existing credentials" do
        input = {"client_secret" => "s3cr3t"}
        output = subject.apply(input)
        expect(output).to eq("client_id" => "foo", "client_secret" => "s3cr3t")
      end

      it "preserves other parameters" do
        input = {"state" => "42", :headers => {"A" => "b"}}
        output = subject.apply(input)
        expect(output).to eq(
          "client_id" => "foo",
          "client_secret" => "bar",
          "state" => "42",
          :headers => {"A" => "b"},
        )
      end

      context "passing nil secret" do
        let(:client_secret) { nil }

        it "does not set nil client_secret" do
          output = subject.apply({})
          expect(output).to eq("client_id" => "foo")
        end
      end

      context "using tls client authentication" do
        let(:mode) { :tls_client_auth }

        it "does not add client_secret" do
          output = subject.apply({})
          expect(output).to eq("client_id" => "foo")
        end
      end

      context "using private key jwt authentication" do
        let(:mode) { :private_key_jwt }

        it "does not include client_id or client_secret" do
          output = subject.apply({})
          expect(output).to eq({})
        end
      end
    end

    context "using tls_client_auth" do
      let(:mode) { :tls_client_auth }

      context "when client_id present" do
        let(:client_id) { "foobar" }

        it "adds client_id to params" do
          output = subject.apply({})
          expect(output).to eq("client_id" => "foobar")
        end
      end

      context "when client_id nil" do
        let(:client_id) { nil }

        it "ignores client_id for params" do
          output = subject.apply({})
          expect(output).to eq({})
        end
      end
    end

    context "with Basic authentication" do
      let(:mode) { :basic_auth }
      let(:header) { "Basic #{Base64.strict_encode64("#{client_id}:#{client_secret}")}" }

      it "encodes credentials in headers" do
        output = subject.apply({})
        expect(output).to eq(headers: {"Authorization" => header})
      end

      it "does not overwrite existing credentials" do
        input = {headers: {"Authorization" => "Bearer abc123"}}
        output = subject.apply(input)
        expect(output).to eq(headers: {"Authorization" => "Bearer abc123"})
      end

      it "does not overwrite existing params or headers" do
        input = {"state" => "42", :headers => {"A" => "b"}}
        output = subject.apply(input)
        expect(output).to eq(
          "state" => "42",
          :headers => {"A" => "b", "Authorization" => header},
        )
      end
    end
  end

  describe "#inspect" do
    it "filters secret by default" do
      expect(described_class.filtered_attribute_names).to include(:secret)
    end

    it "filters out the @secret value" do
      expect(subject.inspect).to include("@secret=[FILTERED]")
    end

    context "when filter is changed" do
      before do
        @original_filter = described_class.filtered_attribute_names
        described_class.filtered_attributes :vanilla
      end

      after do
        described_class.filtered_attributes(*@original_filter)
      end

      it "changes the filter" do
        expect(described_class.filtered_attribute_names).to eq([:vanilla])
      end

      it "does not filter out the @secret value" do
        expect(subject.inspect).to include("@secret=\"bar\"")
      end
    end

    context "when filter is empty" do
      before do
        @original_filter = described_class.filtered_attribute_names
        described_class.filtered_attributes
      end

      after do
        described_class.filtered_attributes(*@original_filter)
      end

      it "changes the filter" do
        expect(described_class.filtered_attribute_names).to eq([])
      end

      it "does not filter out the @secret value" do
        expect(subject.inspect).to include("@secret=\"bar\"")
      end
    end
  end
end