From 58aef5658bf13ec98308f0cff94fb177e1d4ee57 Mon Sep 17 00:00:00 2001 From: theworldbright Date: Mon, 4 Jan 2016 16:26:00 +0900 Subject: [PATCH] Fix remaining remarks --- .../authorizations_controller.rb | 2 +- .../token_endpoint_controller.rb | 1 - .../api/openid_connect/o_auth_application.rb | 7 +- config/initializers/cors.rb | 8 +- config/locales/diaspora/en.yml | 4 +- .../step_definitions/oidc_common_steps.rb | 2 +- .../authorizations_controller_spec.rb | 2 +- .../openid_connect/clients_controller_spec.rb | 97 ++++++++++--------- 8 files changed, 65 insertions(+), 58 deletions(-) diff --git a/app/controllers/api/openid_connect/authorizations_controller.rb b/app/controllers/api/openid_connect/authorizations_controller.rb index 5dae076e5..36417e20b 100644 --- a/app/controllers/api/openid_connect/authorizations_controller.rb +++ b/app/controllers/api/openid_connect/authorizations_controller.rb @@ -97,7 +97,7 @@ module Api if seconds.nil? false else - (Time.zone.now.utc.to_i - current_user.current_sign_in_at.to_i) > seconds.to_i + (Time.now - current_user.current_sign_in_at) > seconds.to_i end end diff --git a/app/controllers/api/openid_connect/token_endpoint_controller.rb b/app/controllers/api/openid_connect/token_endpoint_controller.rb index 9f145058d..36b0ed31c 100644 --- a/app/controllers/api/openid_connect/token_endpoint_controller.rb +++ b/app/controllers/api/openid_connect/token_endpoint_controller.rb @@ -55,7 +55,6 @@ module Api logger.info e.backtrace[0, 10].join("\n") render json: {error: :invalid_grant, error_description: e.message, status: 400} end - end end end diff --git a/app/models/api/openid_connect/o_auth_application.rb b/app/models/api/openid_connect/o_auth_application.rb index 57d5fe27f..6f5363669 100644 --- a/app/models/api/openid_connect/o_auth_application.rb +++ b/app/models/api/openid_connect/o_auth_application.rb @@ -76,13 +76,14 @@ module Api supported_metadata.each_with_object({}) do |key, attr| value = registrar.public_send(key) next unless value - if key == :subject_type + case key + when :subject_type attr[:ppid] = (value == "pairwise") - elsif key == :jwks_uri + when :jwks_uri response = Faraday.get(value) attr[:jwks] = response.body attr[:jwks_uri] = value - elsif key == :jwks + when :jwks attr[:jwks] = value.to_json else attr[key] = value diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 9ad8a18a5..a50aead3e 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -1,11 +1,11 @@ Rails.application.config.middleware.insert 0, Rack::Cors do allow do origins "*" - resource "/.well-known/host-meta" - resource "/webfinger" - resource "/.well-known/webfinger" - resource "/.well-known/openid-configuration" resource "/api/openid_connect/user_info", methods: %i(get post) resource "/api/v0/*", methods: %i(delete get post) + resource "/.well-known/host-meta" + resource "/.well-known/webfinger" + resource "/.well-known/openid-configuration" + resource "/webfinger" end end diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml index 09b20142c..78c63c74c 100644 --- a/config/locales/diaspora/en.yml +++ b/config/locales/diaspora/en.yml @@ -919,8 +919,8 @@ en: description: "This allows the application to send new posts, write conversations, and send reactions" error_page: title: "Oh! Something went wrong :(" - contact_developer: "You should contact the developer of the application and include the following detailed message error:" - login_required: "You must first login before authorize this application" + contact_developer: "You should contact the developer of the application and include the following detailed error message:" + login_required: "You must first login before you can authorize this application" could_not_authorize: "The application could not be authorized" people: diff --git a/features/step_definitions/oidc_common_steps.rb b/features/step_definitions/oidc_common_steps.rb index 743dfd8a7..4e28cd5f2 100644 --- a/features/step_definitions/oidc_common_steps.rb +++ b/features/step_definitions/oidc_common_steps.rb @@ -35,5 +35,5 @@ Then /^I should receive an "([^\"]*)" error$/ do |error_message| end Then(/^I should see a message containing "(.*?)"$/) do |message| - expect(find("#openid_connect_error_description").text).to eq(message) + expect(find("#openid_connect_error_description").text).to include(message) end diff --git a/spec/controllers/api/openid_connect/authorizations_controller_spec.rb b/spec/controllers/api/openid_connect/authorizations_controller_spec.rb index 0c7e4ab0f..09b7bc626 100644 --- a/spec/controllers/api/openid_connect/authorizations_controller_spec.rb +++ b/spec/controllers/api/openid_connect/authorizations_controller_spec.rb @@ -356,7 +356,7 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do it "raises an error" do delete :destroy, id: 123_456_789 expect(response).to redirect_to(api_openid_connect_user_applications_url) - expect(flash[:error]).to eq("The attempt to revoke the authorization with ID 123456789 has failed") + expect(flash[:error]).to eq("The attempt to revoke the authorization with ID 123456789 failed") end end end diff --git a/spec/controllers/api/openid_connect/clients_controller_spec.rb b/spec/controllers/api/openid_connect/clients_controller_spec.rb index 19129bc49..164c82bce 100644 --- a/spec/controllers/api/openid_connect/clients_controller_spec.rb +++ b/spec/controllers/api/openid_connect/clients_controller_spec.rb @@ -5,8 +5,11 @@ describe Api::OpenidConnect::ClientsController, type: :controller do context "when valid parameters are passed" do it "should return a client id" do stub_request(:get, "http://example.com/uris") - .with(headers: {"Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", - "User-Agent" => "Faraday v0.9.2"}) + .with(headers: { + "Accept" => "*/*", + "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", + "User-Agent" => "Faraday v0.9.2" + }) .to_return(status: 200, body: "[\"http://localhost\"]", headers: {}) post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client", response_types: [], grant_types: [], application_type: "web", contacts: [], @@ -22,8 +25,10 @@ describe Api::OpenidConnect::ClientsController, type: :controller do context "when valid parameters with jwks is passed" do it "should return a client id" do stub_request(:get, "http://example.com/uris") - .with(headers: {"Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", - "User-Agent" => "Faraday v0.9.2"}) + .with(headers: { + "Accept" => "*/*", + "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", + "User-Agent" => "Faraday v0.9.2"}) .to_return(status: 200, body: "[\"http://localhost\"]", headers: {}) post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client", response_types: [], grant_types: [], application_type: "web", contacts: [], @@ -33,43 +38,43 @@ describe Api::OpenidConnect::ClientsController, type: :controller do token_endpoint_auth_method: "private_key_jwt", jwks: { keys: - [ - { - use: "enc", - e: "AQAB", - d: "-lTBWkI-----lvCO6tuiDsR4qgJnUwnndQFwEI_4mLmD3iNWXrc8N--5Cjq55eLtuJjtvuQ", - n: "--zYRQNDvIVsBDLQQIgrbctuGqj6lrXb31Jj3JIEYqH_4h5X9d0Q", - q: "1q-r----pFtyTz_JksYYaotc_Z3Zy-Szw6a39IDbuYGy1qL-15oQuc", - p: "-BfRjdgYouy4c6xAnGDgSMTip1YnPRyvbMaoYT9E_tEcBW5wOeoc", - kid: "a0", - kty: "RSA" - }, - { - use: "sig", - e: "AQAB", - d: "--x-gW---LRPowKrdvTuTo2p--HMI0pIEeFs7H_u5OW3jihjvoFClGPynHQhgWmQzlQRvWRXh6FhDVqFeGQ", - n: "---TyeadDqQPWgbqX69UzcGq5irhzN8cpZ_JaTk3Y_uV6owanTZLVvCgdjaAnMYeZhb0KFw", - q: "5E5XKK5njT--Hx3nF5sne5fleVfU-sZy6Za4B2U75PcE62oZgCPauOTAEm9Xuvrt5aMMovyzR8ecJZhm9bw7naU", - p: "-BUGA-", - kid: "a1", - kty: "RSA"}, - { - use: "sig", - crv: "P-256", - kty: "EC", - y: "Yg4IRzHBMIsuQK2Oz0Uukp1aNDnpdoyk6QBMtmfGHQQ", - x: "L0WUeVlc9r6YJd6ie9duvOU1RHwxSkJKA37IK9B4Bpc", - kid: "a2" - }, - { - use: "enc", - crv: "P-256", - kty: "EC", - y: "E6E6g5_ziIZvfdAoACctnwOhuQYMvQzA259aftPn59M", - x: "Yu8_BQE2L0f1MqnK0GumZOaj_77Tx70-LoudyRUnLM4", - kid: "a3" - } - ] + [ + { + use: "enc", + e: "AQAB", + d: "-lTBWkI-----lvCO6tuiDsR4qgJnUwnndQFwEI_4mLmD3iNWXrc8N--5Cjq55eLtuJjtvuQ", + n: "--zYRQNDvIVsBDLQQIgrbctuGqj6lrXb31Jj3JIEYqH_4h5X9d0Q", + q: "1q-r----pFtyTz_JksYYaotc_Z3Zy-Szw6a39IDbuYGy1qL-15oQuc", + p: "-BfRjdgYouy4c6xAnGDgSMTip1YnPRyvbMaoYT9E_tEcBW5wOeoc", + kid: "a0", + kty: "RSA" + }, + { + use: "sig", + e: "AQAB", + d: "--x-gW---LRPowKrdvTuTo2p--HMI0pIEeFs7H_u5OW3jihjvoFClGPynHQhgWmQzlQRvWRXh6FhDVqFeGQ", + n: "---TyeadDqQPWgbqX69UzcGq5irhzN8cpZ_JaTk3Y_uV6owanTZLVvCgdjaAnMYeZhb0KFw", + q: "5E5XKK5njT--Hx3nF5sne5fleVfU-sZy6Za4B2U75PcE62oZgCPauOTAEm9Xuvrt5aMMovyzR8ecJZhm9bw7naU", + p: "-BUGA-", + kid: "a1", + kty: "RSA"}, + { + use: "sig", + crv: "P-256", + kty: "EC", + y: "Yg4IRzHBMIsuQK2Oz0Uukp1aNDnpdoyk6QBMtmfGHQQ", + x: "L0WUeVlc9r6YJd6ie9duvOU1RHwxSkJKA37IK9B4Bpc", + kid: "a2" + }, + { + use: "enc", + crv: "P-256", + kty: "EC", + y: "E6E6g5_ziIZvfdAoACctnwOhuQYMvQzA259aftPn59M", + x: "Yu8_BQE2L0f1MqnK0GumZOaj_77Tx70-LoudyRUnLM4", + kid: "a3" + } + ] } client_json = JSON.parse(response.body) expect(client_json["client_id"].length).to eq(32) @@ -80,12 +85,14 @@ describe Api::OpenidConnect::ClientsController, type: :controller do context "when valid parameters with jwks_uri is passed" do it "should return a client id" do stub_request(:get, "http://example.com/uris") - .with(headers: {"Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", - "User-Agent" => "Faraday v0.9.2"}) + .with(headers: {"Accept" => "*/*", + "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", + "User-Agent" => "Faraday v0.9.2"}) .to_return(status: 200, body: "[\"http://localhost\"]", headers: {}) stub_request(:get, "https://kentshikama.com/api/openid_connect/jwks.json") - .with(headers: {"Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", - "User-Agent" => "Faraday v0.9.2"}) + .with(headers: {"Accept" => "*/*", + "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", + "User-Agent" => "Faraday v0.9.2"}) .to_return(status: 200, body: "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"n\":\"qpW\",\"use\":\"sig\"}]}", headers: {}) post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",