Fixing last remarks

2015-08-28 16:46:04 -07:00 · 2015-08-28 16:46:04 -07:00 · 8c2af74447
commit 8c2af74447
parent c33cce0953
11 changed files with 36 additions and 53 deletions
--- a/app/assets/stylesheets/user_applications.scss
+++ b/app/assets/stylesheets/user_applications.scss
@ -26,3 +26,4 @@
 }

 .user-consent { margin-top: 20px; }
+.approval-button { display: inline; }
--- a/app/controllers/api/openid_connect/discovery_controller.rb
+++ b/app/controllers/api/openid_connect/discovery_controller.rb
@ -20,7 +20,7 @@ module Api
          token_endpoint:                              api_openid_connect_access_tokens_url,
          userinfo_endpoint:                           api_openid_connect_user_info_url,
          jwks_uri:                                    api_openid_connect_url,
-          scopes_supported:                            %w(openid read write),
+          scopes_supported:                            Api::OpenidConnect::Authorization::SCOPES,
          response_types_supported:                    Api::OpenidConnect::OAuthApplication.available_response_types,
          request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
          subject_types_supported:                     %w(public pairwise),
--- a/app/models/api/openid_connect/authorization.rb
+++ b/app/models/api/openid_connect/authorization.rb
@ -17,15 +17,16 @@ module Api

      scope :with_redirect_uri, ->(given_uri) { where redirect_uri: given_uri }

+      SCOPES = %w(openid read write)
+
      def setup
        self.refresh_token = SecureRandom.hex(32)
      end

-
      def validate_scope_names
        return unless scopes
        scopes.each do |scope|
-          errors.add(:scope, "is not a valid scope name") unless scopes.include? scope
+          errors.add(:scope, "is not a valid scope name") unless SCOPES.include? scope
        end
      end

@ -57,13 +58,9 @@ module Api

      def self.find_by_refresh_token(client_id, refresh_token)
        Api::OpenidConnect::Authorization.joins(:o_auth_application).find_by(
-        o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
+          o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
      end

-      def self.scopes
-        %w(openid read write)
-      end
-      
      def self.use_code(code)
        return unless code
        find_by(code: code).tap do |auth|
--- a/app/models/api/openid_connect/authorization_scope.rb
+++ b/app/models/api/openid_connect/authorization_scope.rb
@ -1,11 +0,0 @@
-module Api
-  module OpenidConnect
-    class AuthorizationScope < ActiveRecord::Base
-      belongs_to :authorization
-      belongs_to :scope
-
-      validates :authorization, presence: true
-      validates :scope, presence: true
-    end
-  end
-end
--- a/app/models/api/openid_connect/o_auth_application.rb
+++ b/app/models/api/openid_connect/o_auth_application.rb
@ -7,12 +7,16 @@ module Api
      validates :client_id, presence: true, uniqueness: true
      validates :client_secret, presence: true
      validates :client_name, presence: true
+      validates_uniqueness_of :client_name, scope: :redirect_uris

      %i(redirect_uris response_types grant_types contacts).each do |serializable|
        serialize serializable, JSON
      end

      before_validation :setup, on: :create
+      before_validation do
+        redirect_uris.sort!
+      end

      def setup
        self.client_id = SecureRandom.hex(16)
--- a/app/models/api/openid_connect/scope.rb
+++ b/app/models/api/openid_connect/scope.rb
@ -1,9 +0,0 @@
-module Api
-  module OpenidConnect
-    class Scope < ActiveRecord::Base
-      has_many :authorizations, through: :authorization_scopes
-
-      validates :name, presence: true, uniqueness: true
-    end
-  end
-end
--- a/app/views/api/openid_connect/authorizations/new.html.haml
+++ b/app/views/api/openid_connect/authorizations/new.html.haml
@ -3,11 +3,11 @@
    %li.list-group-item.authorized-application
      = render "grants_list", app: @app

-      .clearfix
-        = form_tag api_openid_connect_authorizations_path, class: "pull-right"  do
-          %span
-            = submit_tag t(".deny"), class: "btn btn-danger"
-            = hidden_field_tag :deny, false
-          %span
-            = submit_tag t(".approve"),  class: "btn btn-primary"
-            = hidden_field_tag :approve, true
+      .clearfix.pull-right
+        = form_tag api_openid_connect_authorizations_path, class: "approval-button" do
+          = submit_tag t(".deny"), class: "btn btn-danger"
+          = hidden_field_tag :approve, false
+
+        = form_tag api_openid_connect_authorizations_path, class: "approval-button"do
+          = submit_tag t(".approve"),  class: "btn btn-primary"
+          = hidden_field_tag :approve, true
--- a/config/locales/diaspora/en.yml
+++ b/config/locales/diaspora/en.yml
@ -898,7 +898,7 @@ en:
          title: "Authorized applications"
          access: "%{name} has access to:"
          no_requirement: "%{name} requires no permissions"
-          applications_explanation: "Here is a list of applications to which you have authorized"
+          applications_explanation: "Here is a list of applications you have authorized"
        no_applications: "You have no authorized applications"
        revoke_autorization: "Revoke"
      scopes:
--- a/features/step_definitions/auth_code_steps.rb
+++ b/features/step_definitions/auth_code_steps.rb
@ -1,21 +1,22 @@
-o_auth_query_params = %i(
-  redirect_uri=http://localhost:3000
-  response_type=code
-  scope=openid%20read
-  nonce=hello
-  state=hi
-).join("&")
+O_AUTH_QUERY_PARAMS = {
+  redirect_uri:  "http://localhost:3000",
+  response_type: "code",
+  scope:         "openid read",
+  nonce:         "hello",
+  state:         "hi"
+}

 Given /^I send a post request from that client to the code flow authorization endpoint$/ do
  client_json = JSON.parse(last_response.body)
  @client_id = client_json["client_id"]
  @client_secret = client_json["client_secret"]
-  visit new_api_openid_connect_authorization_path +
-          "?client_id=#{@client_id}&#{o_auth_query_params}"
+  params = O_AUTH_QUERY_PARAMS.merge(client_id: @client_id)
+  visit new_api_openid_connect_authorization_path(params)
 end

 Given /^I send a post request from that client to the code flow authorization endpoint using a invalid client id/ do
-  visit new_api_openid_connect_authorization_path + "?client_id=randomid&#{o_auth_query_params}"
+  params = O_AUTH_QUERY_PARAMS.merge(client_id: "randomid")
+  visit new_api_openid_connect_authorization_path(params)
 end

 When /^I parse the auth code and create a request to the token endpoint$/ do
--- a/features/support/paths.rb
+++ b/features/support/paths.rb
@ -7,6 +7,8 @@ module NavigationHelpers
      stream_path
    when /^the mobile path$/
      force_mobile_path
+    when /^the user applications page$/
+      api_openid_connect_user_applications_path
    when /^the tag page for "([^\"]*)"$/
      tag_path(Regexp.last_match(1))
    when /^its ([\w ]+) page$/
@ -36,8 +38,6 @@ module NavigationHelpers
      edit_user_path
    when /^forgot password page$/
      new_user_password_path
-    when /^user applications page$/
-      api_openid_connect_user_applications_path
    when %r{^"(/.*)"}
      Regexp.last_match(1)
    else
--- a/lib/api/openid_connect/authorization_point/endpoint.rb
+++ b/lib/api/openid_connect/authorization_point/endpoint.rb
@ -29,6 +29,10 @@ module Api
          raise NotImplementedError # Implemented by subclass
        end

+        def scopes
+          Api::OpenidConnect::Authorization::SCOPES
+        end
+
        private

        def build_client(req)
@ -50,10 +54,6 @@ module Api
            end
          }
        end
-
-        def scopes
-          Api::OpenidConnect::Authorization.scopes
-        end
      end
    end
  end