Adjust discovery controller to current values

2015-07-13 01:37:10 +09:00 · 2015-07-13 01:37:10 +09:00 · 9d9dc13272
commit 9d9dc13272
parent 73cc55940d
3 changed files with 62 additions and 44 deletions
--- a/app/controllers/openid_connect/discovery_controller.rb
+++ b/app/controllers/openid_connect/discovery_controller.rb
@ -1,45 +1,32 @@
-class DiscoveryController < ApplicationController
-  def show
-    case params[:id]
-    when "webfinger"
-      webfinger_discovery
-    when "openid-configuration"
-      openid_configuration
-    else
-      raise HttpError::NotFound
+module OpenidConnect
+  class DiscoveryController < ApplicationController
+    def webfinger
+      jrd = {
+               links: [{
+                          rel: OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
+                          href: File.join(root_url, "openid_connect")
+                       }]
+            }
+      jrd[:subject] = params[:resource] if params[:resource].present?
+      render json: jrd, content_type: "application/jrd+json"
+    end
+
+    def configuration
+      render json: OpenIDConnect::Discovery::Provider::Config::Response.new(
+               issuer: root_url,
+               registration_endpoint: openid_connect_clients_url,
+               authorization_endpoint: new_openid_connect_authorization_url,
+               token_endpoint: openid_connect_access_tokens_url,
+               userinfo_endpoint: api_v0_user_url,
+               jwks_uri: "https://not_configured_yet.com", # TODO: File.join({new_openid_connect_authorization_path} + "/jwks.json"),
+               scopes_supported: Scope.pluck(:name),
+               response_types_supported: OAuthApplication.available_response_types,
+               request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
+               subject_types_supported: %w(public pairwise),
+               id_token_signing_alg_values_supported: %i(RS256),
+               token_endpoint_auth_methods_supported: %w(client_secret_basic client_secret_post),
+             # TODO: claims_supported: ["sub", "iss", "name", "email"]
+             )
    end
  end
-
-  private
-
-  def webfinger_discovery
-    jrd = {
-      links: [{
-        rel:  OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
-        href: root_path
-      }]
-    }
-    jrd[:subject] = params[:resource] if params[:resource].present?
-    render json: jrd, content_type: "application/jrd+json"
-  end
-
-  def openid_configuration
-    config = OpenIDConnect::Discovery::Provider::Config::Response.new(
-      issuer:                                      root_path,
-      authorization_endpoint:                      "#{authorizations_url}/new",
-      token_endpoint:                              access_tokens_url,
-      userinfo_endpoint:                           user_info_url,
-      jwks_uri:                                    "#{authorizations_url}/jwks.json",
-      registration_endpoint:                       "#{root_path}/connect",
-      scopes_supported:                            "iss",
-      response_types_supported:                    "Client.available_response_types",
-      grant_types_supported:                       "Client.available_grant_types",
-      request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
-      subject_types_supported:                     %w(public pairwise),
-      id_token_signing_alg_values_supported:       %i(RS256),
-      token_endpoint_auth_methods_supported:       %w(client_secret_basic client_secret_post),
-      claims_supported:                            %w(sub iss name email)
-    )
-    render json: config
-  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -238,12 +238,16 @@ Diaspora::Application.routes.draw do
    resources :clients, only: :create
    post "access_tokens", to: proc {|env| OpenidConnect::TokenEndpoint.new.call(env) }

-    # Authorization Servers MUST support the use of the HTTP GET and POST methods at the Authorization Endpoint (see http://openid.net/specs/openid-connect-core-1_0.html#AuthResponseValidation).
+    # Authorization Servers MUST support the use of the HTTP GET and POST methods at the Authorization Endpoint
+    # See http://openid.net/specs/openid-connect-core-1_0.html#AuthResponseValidation
    resources :authorizations, only: %i(new create)
    post "authorizations/new", to: "authorizations#new"
+
+    get ".well-known/webfinger", to: "discovery#webfinger"
+    get ".well-known/openid-configuration", to: "discovery#configuration"
  end

  api_version(module: "Api::V0", path: {value: "api/v0"}, default: true) do
-    match "user", to: "users#show", via: [:get, :post]
+    match "user", to: "users#show", via: %i(get post)
  end
 end
--- a/spec/controllers/openid_connect/discovery_controller_spec.rb
+++ b/spec/controllers/openid_connect/discovery_controller_spec.rb
@ -0,0 +1,27 @@
+require "spec_helper"
+
+describe OpenidConnect::DiscoveryController, type: :controller do
+  describe "#webfinger" do
+    before do
+      get :webfinger, resource: "http://test.host/bob"
+    end
+
+    it "should return a url to the openid-configuration" do
+      json_body = JSON.parse(response.body)
+      expect(json_body["links"].first["href"]).to eq("http://test.host/openid_connect")
+    end
+
+    it "should return the resource in the subject" do
+      json_body = JSON.parse(response.body)
+      expect(json_body["subject"]).to eq("http://test.host/bob")
+    end
+  end
+
+  describe "#configuration" do
+    it "should have the issuer as the root url" do
+      get :configuration
+      json_body = JSON.parse(response.body)
+      expect(json_body["issuer"]).to eq("http://test.host/")
+    end
+  end
+end