Fix travis errors and refactor

lib/openid_connect/authorization/endpoint_start_point.rb

@@ -4,24 +4,30 @@ module OpenidConnect
       def initialize(current_user)
         super(current_user)
       end
-      def handleResponseType(req, res)
+
+      def handle_response_type(req, res)
         @response_type = req.response_type
       end
-      def buildAttributes(req, res)
+
+      def build_attributes(req, res)
         super(req, res)
-        verifyNonce(req, res)
-        buildScopes(req)
+        verify_nonce(req, res)
+        build_scopes(req)
         # TODO: buildRequestObject(req)
       end
-      def verifyNonce(req, res)
+
+      def verify_nonce(req, res)
         if res.protocol_params_location == :fragment && req.nonce.blank?
           req.invalid_request! "nonce required"
         end
       end
-      def buildScopes(req)
-        @scopes = req.scope.inject([]) do |_scopes_, scope|
-          _scopes_ << (Scope.find_by_name(scope) or req.invalid_scope! "Unknown scope: #{scope}")
-        end
+
+      def build_scopes(req)
+        @scopes = req.scope.map {|scope|
+          Scope.where(name: scope).first.tap do |scope|
+            req.invalid_scope! "Unknown scope: #{scope}" unless scope
+          end
+        }
       end
     end
   end

lib/openid_connect/protected_resource_endpoint.rb

 module OpenidConnect
   module ProtectedResourceEndpoint
-
     def self.included(klass)
       klass.send :include, ProtectedResourceEndpoint::Helper
     end

lib/openid_connect/token_endpoint.rb

@@ -5,25 +5,25 @@ module OpenidConnect
 
     def initialize
       @app = Rack::OAuth2::Server::Token.new do |req, res|
-        o_auth_app = retrieveClient(req)
-        if isAppValid(o_auth_app, req)
-          handleFlows(req, res)
+        o_auth_app = retrieve_client(req)
+        if app_valid?(o_auth_app, req)
+          handle_flows(req, res)
         else
           req.invalid_client!
         end
       end
     end
 
-    def handleFlows(req, res)
+    def handle_flows(req, res)
       case req.grant_type
-        when :password
-          handlePasswordFlow(req, res)
-        else
-          req.unsupported_grant_type!
+      when :password
+        handle_password_flow(req, res)
+      else
+        req.unsupported_grant_type!
       end
     end
 
-    def handlePasswordFlow(req, res)
+    def handle_password_flow(req, res)
       user = User.find_for_database_authentication(username: req.username)
       if user
         if user.valid_password?(req.password)
@@ -36,11 +36,11 @@ module OpenidConnect
       end
     end
 
-    def retrieveClient(req)
+    def retrieve_client(req)
       OAuthApplication.find_by_client_id req.client_id
     end
 
-    def isAppValid(o_auth_app, req)
+    def app_valid?(o_auth_app, req)
       o_auth_app.client_secret == req.client_secret
     end
   end

spec/controllers/api/v0/base_controller_spec.rb

-require 'spec_helper'
+require "spec_helper"
 
 describe Api::V0::BaseController do
-
 end

spec/controllers/openid_connect/authorizations_controller_spec.rb

-require 'spec_helper'
+require "spec_helper"
 
 describe OpenidConnect::AuthorizationsController, type: :controller do
   let!(:client) { OAuthApplication.create!(name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/"]) }
-  let!(:client_with_multiple_redirects) { OAuthApplication.create!(name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/","http://localhost/"]) }
+  let!(:client_with_multiple_redirects) do
+    OAuthApplication.create!(
+      name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/", "http://localhost/"])
+  end
 
   before do
     sign_in :user, alice
     allow(@controller).to receive(:current_user).and_return(alice)
-    Scope.create!(name:"openid")
+    Scope.create!(name: "openid")
   end
 
   describe "#new" do
@@ -15,113 +18,71 @@ describe OpenidConnect::AuthorizationsController, type: :controller do
       render_views
       context "as GET request" do
         it "should return a form page" do
-          get :new,
-              {
-                client_id: client.client_id,
-                redirect_uri: "http://localhost:3000/",
-                response_type: "id_token",
-                scope: "openid",
-                nonce: SecureRandom.hex(16),
-                state: SecureRandom.hex(16)
-              }
+          get :new, client_id: client.client_id, redirect_uri: "http://localhost:3000/", response_type: "id_token",
+              scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
           expect(response.body).to match("Diaspora Test Client")
         end
       end
+
       context "as POST request" do
         it "should return a form page" do
-          post :new,
-              {
-                client_id: client.client_id,
-                redirect_uri: "http://localhost:3000/",
-                response_type: "id_token",
-                scope: "openid",
-                nonce: SecureRandom.hex(16),
-                state: SecureRandom.hex(16)
-              }
+          post :new, client_id: client.client_id, redirect_uri: "http://localhost:3000/", response_type: "id_token",
+               scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
           expect(response.body).to match("Diaspora Test Client")
         end
       end
     end
+
     context "when client id is missing" do
       it "should return an bad request error" do
-        post :new,
-             {
-               redirect_uri: "http://localhost:3000/",
-               response_type: "id_token",
-               scope: "openid",
-               nonce: SecureRandom.hex(16),
-               state: SecureRandom.hex(16)
-             }
+        post :new, redirect_uri: "http://localhost:3000/", response_type: "id_token",
+             scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
         expect(response.body).to match("bad_request")
       end
     end
+
     context "when redirect uri is missing" do
       context "when only one redirect URL is pre-registered" do
         it "should return a form pager" do
           # Note this intentionally behavior diverts from OIDC spec http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+          # When client has only one redirect uri registered, only that redirect uri can be used. Hence,
+          # we should implicitly assume the client wants to use that registered URI.
           # See https://github.com/nov/rack-oauth2/blob/master/lib/rack/oauth2/server/authorize.rb#L63
-          post :new,
-               {
-                 client_id: client.client_id,
-                 response_type: "id_token",
-                 scope: "openid",
-                 nonce: SecureRandom.hex(16),
-                 state: SecureRandom.hex(16)
-               }
+          post :new, client_id: client.client_id, response_type: "id_token",
+               scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
           expect(response.body).to match("Diaspora Test Client")
         end
       end
     end
+
     context "when multiple redirect URLs are pre-registered" do
       it "should return an invalid request error" do
-        post :new,
-             {
-               client_id: client_with_multiple_redirects.client_id,
-               response_type: "id_token",
-               scope: "openid",
-               nonce: SecureRandom.hex(16),
-               state: SecureRandom.hex(16)
-             }
+        post :new, client_id: client_with_multiple_redirects.client_id, response_type: "id_token",
+             scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
         expect(response.body).to match("bad_request")
       end
     end
+
     context "when redirect URI does not match pre-registered URIs" do
       it "should return an invalid request error" do
-        post :new,
-             {
-               client_id: client.client_id,
-               redirect_uri: "http://localhost:2000/",
-               response_type: "id_token",
-               scope: "openid",
-               nonce: SecureRandom.hex(16)
-             }
+        post :new, client_id: client.client_id, redirect_uri: "http://localhost:2000/",
+             response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16)
         expect(response.body).to match("bad_request")
       end
     end
+
     context "when an unsupported scope is passed in" do
       it "should return an invalid scope error" do
-        post :new,
-             {
-               client_id: client.client_id,
-               redirect_uri: "http://localhost:3000/",
-               response_type: "id_token",
-               scope: "random",
-               nonce: SecureRandom.hex(16),
-               state: SecureRandom.hex(16)
-             }
+        post :new, client_id: client.client_id, redirect_uri: "http://localhost:3000/", response_type: "id_token",
+             scope: "random", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
         expect(response.body).to match("error=invalid_scope")
       end
     end
+
     context "when nonce is missing" do
       it "should return an invalid request error" do
-        post :new,
-             {
-               client_id: client.client_id,
-               redirect_uri: "http://localhost:3000/",
-               response_type: "id_token",
-               scope: "openid",
-               state: SecureRandom.hex(16)
-             }
+        post :new, client_id: client.client_id, redirect_uri: "http://localhost:3000/",
+             response_type: "id_token", scope: "openid", state: SecureRandom.hex(16)
         expect(response.location).to match("error=invalid_request")
       end
     end
@@ -129,44 +90,36 @@ describe OpenidConnect::AuthorizationsController, type: :controller do
 
   describe "#create" do
     before do
-      get :new,
-          {
-            client_id: client.client_id,
-            redirect_uri: "http://localhost:3000/",
-            response_type: "id_token",
-            scope: "openid",
-            nonce: SecureRandom.hex(16),
-            state: 4180930983
-          }
+      get :new, client_id: client.client_id, redirect_uri: "http://localhost:3000/", response_type: "id_token",
+          scope: "openid", nonce: SecureRandom.hex(16), state: 418_093_098_3
     end
+
     context "when authorization is approved" do
       before do
-        post :create,
-             {
-               approve: "true"
-             }
+        post :create, approve: "true"
       end
+
       it "should return the id token in a fragment" do
         expect(response.location).to have_content("id_token=")
       end
+
       it "should return the passed in state" do
         expect(response.location).to have_content("state=4180930983")
       end
     end
+
     context "when authorization is denied" do
       before do
-        post :create,
-             {
-               approve: "false"
-             }
+        post :create, approve: "false"
       end
+
       it "should return an error in the fragment" do
         expect(response.location).to have_content("error=")
       end
+
       it "should NOT contain a id token in the fragment" do
         expect(response.location).to_not have_content("id_token=")
       end
     end
   end
-
 end

spec/controllers/openid_connect/clients_controller_spec.rb

-require 'spec_helper'
+require "spec_helper"
 
 describe OpenidConnect::ClientsController, type: :controller do
   describe "#create" do
     context "when valid parameters are passed" do
       it "should return a client id" do
-        post :create,
-             {
-               redirect_uris: ["http://localhost"]
-             }
-        clientJSON = JSON.parse(response.body)
-        expect(clientJSON["o_auth_application"]["client_id"].length).to eq(32)
+        post :create, redirect_uris: ["http://localhost"]
+        client_json = JSON.parse(response.body)
+        expect(client_json["o_auth_application"]["client_id"].length).to eq(32)
       end
     end
     context "when redirect uri is missing" do
       it "should return a invalid_client_metadata error" do
         post :create
-        clientJSON = JSON.parse(response.body)
-        expect(clientJSON["error"]).to have_content("invalid_client_metadata")
+        client_json = JSON.parse(response.body)
+        expect(client_json["error"]).to have_content("invalid_client_metadata")
       end
     end
   end

spec/lib/openid_connect/protected_resource_endpoint_spec.rb

-require 'spec_helper'
+require "spec_helper"
 
 describe OpenidConnect::ProtectedResourceEndpoint, type: :request do
   describe "getting the user info" do
@@ -8,19 +8,13 @@ describe OpenidConnect::ProtectedResourceEndpoint, type: :request do
 
     context "when access token is valid" do
       it "shows the user's username and email" do
-        get "/api/v0/user/",
-            {
-              access_token: token
-            }
-        jsonBody = JSON.parse(response.body)
-        expect(jsonBody["username"]).to eq(bob.username)
-        expect(jsonBody["email"]).to eq(bob.email)
+        get "/api/v0/user/", access_token: token
+        json_body = JSON.parse(response.body)
+        expect(json_body["username"]).to eq(bob.username)
+        expect(json_body["email"]).to eq(bob.email)
       end
       it "should include private in the cache-control header" do
-        get "/api/v0/user/",
-            {
-              access_token: token
-            }
+        get "/api/v0/user/", access_token: token
         expect(response.headers["Cache-Control"]).to include("private")
       end
     end
@@ -38,24 +32,15 @@ describe OpenidConnect::ProtectedResourceEndpoint, type: :request do
 
     context "when an invalid access token is provided" do
       it "should respond with a 401 Unauthorized response" do
-        get "/api/v0/user/",
-            {
-              access_token: invalid_token
-            }
+        get "/api/v0/user/", access_token: invalid_token
         expect(response.status).to be(401)
       end
       it "should have an auth-scheme value of Bearer" do
-        get "/api/v0/user/",
-            {
-              access_token: invalid_token
-            }
+        get "/api/v0/user/", access_token: invalid_token
         expect(response.headers["WWW-Authenticate"]).to include("Bearer")
       end
       it "should contain an invalid_token error" do
-        get "/api/v0/user/",
-            {
-              access_token: invalid_token
-            }
+        get "/api/v0/user/", access_token: invalid_token
         expect(response.body).to include("invalid_token")
       end
     end

spec/lib/openid_connect/token_endpoint_spec.rb

-require 'spec_helper'
+require "spec_helper"
 
 describe OpenidConnect::TokenEndpoint, type: :request do
   let!(:client) { OAuthApplication.create!(redirect_uris: ["http://localhost"]) }
   describe "the password grant type" do
     context "when the username field is missing" do
       it "should return an invalid request error" do
-        post "/openid_connect/access_tokens",
-             {
-               grant_type: "password",
-               password: "bluepin7",
-               client_id: client.client_id,
-               client_secret: client.client_secret
-             }
+        post "/openid_connect/access_tokens", grant_type: "password", password: "bluepin7",
+             client_id: client.client_id, client_secret: client.client_secret
         expect(response.body).to include("'username' required")
       end
     end
     context "when the password field is missing" do
       it "should return an invalid request error" do
-        post "/openid_connect/access_tokens",
-             {
-               grant_type: "password",
-               username: "bob",
-               client_id: client.client_id,
-               client_secret: client.client_secret
-             }
+        post "/openid_connect/access_tokens", grant_type: "password", username: "bob",
+             client_id: client.client_id, client_secret: client.client_secret
         expect(response.body).to include("'password' required")
       end
     end
     context "when the username does not match an existing user" do
       it "should return an invalid request error" do
-        post "/openid_connect/access_tokens",
-             {
-               grant_type: "password",
-               username: "randomnoexist",
-               password: "bluepin7",
-               client_id: client.client_id,
-               client_secret: client.client_secret
-             }
+        post "/openid_connect/access_tokens", grant_type: "password", username: "randomnoexist",
+             password: "bluepin7", client_id: client.client_id, client_secret: client.client_secret
         expect(response.body).to include("invalid_grant")
       end
     end
     context "when the password is invalid" do
       it "should return an invalid request error" do
-        post "/openid_connect/access_tokens",
-             {
-               grant_type: "password",
-               username: "bob",
-               password: "wrongpassword",
-               client_id: client.client_id,
-               client_secret: client.client_secret
-             }
+        post "/openid_connect/access_tokens", grant_type: "password", username: "bob",
+             password: "wrongpassword", client_id: client.client_id, client_secret: client.client_secret
         expect(response.body).to include("invalid_grant")
       end
     end
     context "when the request is valid" do
       it "should return an access token" do
-        post "/openid_connect/access_tokens",
-             {
-               grant_type: "password",
-               username: "bob",
-               password: "bluepin7",
-               client_id: client.client_id,
-               client_secret: client.client_secret
-             }
+        post "/openid_connect/access_tokens", grant_type: "password", username: "bob",
+             password: "bluepin7", client_id: client.client_id, client_secret: client.client_secret
         json = JSON.parse(response.body)
         expect(json["access_token"].length).to eq(64)
         expect(json["token_type"]).to eq("bearer")
@@ -71,44 +43,25 @@ describe OpenidConnect::TokenEndpoint, type: :request do
     end
     context "when there are duplicate fields" do
       it "should return an invalid request error" do
-        post "/openid_connect/access_tokens",
-             {
-               grant_type: "password",
-               username: "bob",
-               password: "bluepin7",
-               username: "bob",
-               password: "bluepin6",
-               client_id: client.client_id,
-               client_secret: client.client_secret
-             }
+        post "/openid_connect/access_tokens", grant_type: "password", username: "bob", password: "bluepin7",
+             username: "bob", password: "bluepin6", client_id: client.client_id, client_secret: client.client_secret
         expect(response.body).to include("invalid_grant")
       end
     end
     context "when the client is unregistered" do
       it "should return an error" do
-        post "/openid_connect/access_tokens",
-             {
-               grant_type: "password",
-               username: "bob",
-               password: "bluepin7",
-               client_id: SecureRandom.hex(16).to_s,
-               client_secret: client.client_secret
-             }
+        post "/openid_connect/access_tokens", grant_type: "password", username: "bob",
+             password: "bluepin7", client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret
         expect(response.body).to include("invalid_client")
       end
     end
-    # TODO: Support a way to prevent brute force attacks using rate-limitation? as specified by RFC 6749 4.3.2 Access Token Request
+    # TODO: Support a way to prevent brute force attacks using rate-limitation
+    # as specified by RFC 6749 4.3.2 Access Token Request
   end
   describe "an unsupported grant type" do
     it "should return an unsupported grant type error" do
-      post "/openid_connect/access_tokens",
-           {
-             grant_type: "noexistgrant",
-             username: "bob",
-             password: "bluepin7",
-             client_id: client.client_id,
-             client_secret: client.client_secret
-           }
+      post "/openid_connect/access_tokens", grant_type: "noexistgrant", username: "bob",
+           password: "bluepin7", client_id: client.client_id, client_secret: client.client_secret
       expect(response.body).to include "unsupported_grant_type"
     end
   end

spec/models/o_auth_application_spec.rb

-require 'rails_helper'
-
-RSpec.describe OAuthApplication, type: :model do
-  pending "add some examples to (or delete) #{__FILE__}"
-end

spec/models/token_spec.rb

-require 'rails_helper'
-
-RSpec.describe Token, type: :model do
-  pending "add some examples to (or delete) #{__FILE__}"
-end

spec/presenters/api/v0/base_presenter_spec.rb

-require 'spec_helper'
+require "spec_helper"
 
 describe Api::V0::BasePresenter do
-
 end

spec/requests/api/v2/base_controller_spec.rb

-require 'spec_helper'
+require "spec_helper"
 
 describe Api::V0::BaseController do
-
 end

spec/spec_helper.rb

@@ -59,14 +59,6 @@ def photo_fixture_name
   @photo_fixture_name = File.join(File.dirname(__FILE__), "fixtures", "button.png")
 end
 
-def retrieveAccessToken(user)
-  o_auth_app = OAuthApplication.create!(client_id: 4, client_secret: "azerty")
-  user = User.find_for_database_authentication(username: user.username)
-  if o_auth_app && user && user.valid_password?("bluepin7") # Hard coded password for bob
-    o_auth_app.tokens.create!.bearer_token.to_s
-  end
-end
-
 # Force fixture rebuild
 FileUtils.rm_f(Rails.root.join("tmp", "fixture_builder.yml"))