google-auth-library-ruby/spec/googleauth/web_user_authorizer_spec.rb

167 lines
5.5 KiB
Ruby

# Copyright 2015, Google Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Google Inc. nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
$LOAD_PATH.unshift spec_dir
$LOAD_PATH.uniq!
require "googleauth"
require "googleauth/web_user_authorizer"
require "uri"
require "multi_json"
require "spec_helper"
require "rack"
describe Google::Auth::WebUserAuthorizer do
include TestHelpers
let(:client_id) { Google::Auth::ClientId.new "testclient", "notasecret" }
let(:scope) { %w[email profile] }
let(:token_store) { DummyTokenStore.new }
let :authorizer do
Google::Auth::WebUserAuthorizer.new client_id, scope, token_store
end
describe "#get_authorization_url" do
let :env do
Rack::MockRequest.env_for(
"http://example.com:8080/test",
"REMOTE_ADDR" => "10.10.10.10"
)
end
let(:request) { Rack::Request.new env }
it "should include current url in state" do
url = authorizer.get_authorization_url request: request
expect(url).to match(
%r{%22current_uri%22:%22http://example.com:8080/test%22}
)
end
it "should include request forgery token in state" do
expect(SecureRandom).to receive(:base64).and_return("aGVsbG8=")
url = authorizer.get_authorization_url request: request
expect(url).to match(/%22session_id%22:%22aGVsbG8=%22/)
end
it "should include request forgery token in session" do
expect(SecureRandom).to receive(:base64).and_return("aGVsbG8=")
authorizer.get_authorization_url request: request
expect(request.session["g-xsrf-token"]).to eq "aGVsbG8="
end
it "should resolve callback against base URL" do
url = authorizer.get_authorization_url request: request
expect(url).to match(
%r{redirect_uri=http://example.com:8080/oauth2callback}
)
end
it "should allow overriding the current URL" do
url = authorizer.get_authorization_url(
request: request,
redirect_to: "/foo"
)
expect(url).to match %r{%22current_uri%22:%22/foo%22}
end
it "should pass through login hint" do
url = authorizer.get_authorization_url(
request: request,
login_hint: "user@example.com"
)
expect(url).to match(/login_hint=user@example.com/)
end
end
shared_examples "handles callback" do
let :token_json do
MultiJson.dump("access_token" => "1/abc123",
"token_type" => "Bearer",
"expires_in" => 3600)
end
before :example do
stub_request(:post, "https://oauth2.googleapis.com/token")
.to_return(body: token_json,
status: 200,
headers: { "Content-Type" => "application/json" })
end
let :env do
Rack::MockRequest.env_for(
"http://example.com:8080/oauth2callback?code=authcode&"\
"state=%7B%22current_uri%22%3A%22%2Ffoo%22%2C%22"\
"session_id%22%3A%22abc%22%7D",
"REMOTE_ADDR" => "10.10.10.10"
)
end
let(:request) { Rack::Request.new env }
before :example do
request.session["g-xsrf-token"] = "abc"
end
it "should return credentials when valid code present" do
expect(credentials).to be_instance_of(
Google::Auth::UserRefreshCredentials
)
end
it "should return next URL to redirect to" do
expect(next_url).to eq "/foo"
end
it "should fail if xrsf token in session and does not match request" do
request.session["g-xsrf-token"] = "123"
expect { credentials }.to raise_error(Signet::AuthorizationError)
end
end
describe "#handle_auth_callback" do
let(:result) { authorizer.handle_auth_callback "user1", request }
let(:credentials) { result[0] }
let(:next_url) { result[1] }
it_behaves_like "handles callback"
end
describe "#handle_auth_callback_deferred and #get_credentials" do
let :next_url do
Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred request
end
let :credentials do
next_url
authorizer.get_credentials "user1", request
end
it_behaves_like "handles callback"
end
end