add some tests

Rakefile

@@ -1 +1,8 @@
 require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new do |task|
+  task.libs << "test"
+end
+
+task :default => :test

omniauth-slack.gemspec

@@ -20,4 +20,6 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "mocha"
 end

test/helper.rb

@@ -0,0 +1,56 @@
+require "bundler/setup"
+require "minitest/autorun"
+require "mocha/setup"
+require "omniauth/strategies/slack"
+
+OmniAuth.config.test_mode = true
+
+module BlockTestHelper
+  def test(name, &blk)
+    method_name = "test_#{name.gsub(/\s+/, "_")}"
+    raise "Method already defined: #{method_name}" if instance_methods.include?(method_name.to_sym)
+    define_method method_name, &blk
+  end
+end
+
+module CustomAssertions
+  def assert_has_key(key, hash, msg = nil)
+    msg = message(msg) { "Expected #{hash.inspect} to have key #{key.inspect}" }
+    assert hash.has_key?(key), msg
+  end
+
+  def refute_has_key(key, hash, msg = nil)
+    msg = message(msg) { "Expected #{hash.inspect} not to have key #{key.inspect}" }
+    refute hash.has_key?(key), msg
+  end
+end
+
+class TestCase < Minitest::Test
+  extend BlockTestHelper
+  include CustomAssertions
+end
+
+class StrategyTestCase < TestCase
+  def setup
+    @request = stub("Request")
+    @request.stubs(:params).returns({})
+    @request.stubs(:cookies).returns({})
+    @request.stubs(:env).returns({})
+    @request.stubs(:scheme).returns({})
+    @request.stubs(:ssl?).returns(false)
+
+    @client_id = "123"
+    @client_secret = "53cr3tz"
+  end
+
+  def strategy
+    @strategy ||= begin
+      args = [@client_id, @client_secret, @options].compact
+      OmniAuth::Strategies::Slack.new(nil, *args).tap do |strategy|
+        strategy.stubs(:request).returns(@request)
+      end
+    end
+  end
+end
+
+Dir[File.expand_path("../support/**/*", __FILE__)].each &method(:require)

test/support/shared_examples.rb

@@ -0,0 +1,85 @@
+# NOTE it would be useful if this lived in omniauth-oauth2 eventually
+module OAuth2StrategyTests
+  def self.included(base)
+    base.class_eval do
+      include ClientTests
+      include AuthorizeParamsTests
+      include CSRFAuthorizeParamsTests
+      include TokenParamsTests
+    end
+  end
+
+  module ClientTests
+    extend BlockTestHelper
+
+    test "should be initialized with symbolized client_options" do
+      @options = { :client_options => { "authorize_url" => "https://example.com" } }
+      assert_equal "https://example.com", strategy.client.options[:authorize_url]
+    end
+  end
+
+  module AuthorizeParamsTests
+    extend BlockTestHelper
+
+    test "should include any authorize params passed in the :authorize_params option" do
+      @options = { :authorize_params => { :foo => "bar", :baz => "zip" } }
+      assert_equal "bar", strategy.authorize_params["foo"]
+      assert_equal "zip", strategy.authorize_params["baz"]
+    end
+
+    test "should include top-level options that are marked as :authorize_options" do
+      @options = { :authorize_options => [:scope, :foo], :scope => "bar", :foo => "baz" }
+      assert_equal "bar", strategy.authorize_params["scope"]
+      assert_equal "baz", strategy.authorize_params["foo"]
+    end
+
+    test "should exclude top-level options that are not passed" do
+      @options = { :authorize_options => [:bar] }
+      refute_has_key :bar, strategy.authorize_params
+      refute_has_key "bar", strategy.authorize_params
+    end
+  end
+
+  module CSRFAuthorizeParamsTests
+    extend BlockTestHelper
+
+    test "should store random state in the session when none is present in authorize or request params" do
+      assert_includes strategy.authorize_params.keys, "state"
+      refute_empty strategy.authorize_params["state"]
+      refute_empty strategy.session["omniauth.state"]
+      assert_equal strategy.authorize_params["state"], strategy.session["omniauth.state"]
+    end
+
+    test "should not store state in the session when present in authorize params vs. a random one" do
+      @options = { :authorize_params => { :state => "bar" } }
+      refute_empty strategy.authorize_params["state"]
+      refute_equal "bar", strategy.authorize_params[:state]
+      refute_empty strategy.session["omniauth.state"]
+      refute_equal "bar", strategy.session["omniauth.state"]
+    end
+
+    test "should not store state in the session when present in request params vs. a random one" do
+      @request.stubs(:params).returns({ "state" => "foo" })
+      refute_empty strategy.authorize_params["state"]
+      refute_equal "foo", strategy.authorize_params[:state]
+      refute_empty strategy.session["omniauth.state"]
+      refute_equal "foo", strategy.session["omniauth.state"]
+    end
+  end
+
+  module TokenParamsTests
+    extend BlockTestHelper
+
+    test "should include any authorize params passed in the :token_params option" do
+      @options = { :token_params => { :foo => "bar", :baz => "zip" } }
+      assert_equal "bar", strategy.token_params["foo"]
+      assert_equal "zip", strategy.token_params["baz"]
+    end
+
+    test "should include top-level options that are marked as :token_options" do
+      @options = { :token_options => [:scope, :foo], :scope => "bar", :foo => "baz" }
+      assert_equal "bar", strategy.token_params["scope"]
+      assert_equal "baz", strategy.token_params["foo"]
+    end
+  end
+end

test/test.rb

@@ -0,0 +1,100 @@
+require "helper"
+require "omniauth-slack"
+
+class StrategyTest < StrategyTestCase
+  include OAuth2StrategyTests
+end
+
+class ClientTest < StrategyTestCase
+  test "has correct Slack site" do
+    assert_equal "https://slack.com", strategy.client.site
+  end
+
+  test "has correct authorize url" do
+    assert_equal "/oauth/authorize", strategy.client.options[:authorize_url]
+  end
+
+  test "has correct token url" do
+    assert_equal "/api/oauth.access", strategy.client.options[:token_url]
+  end
+end
+
+class CallbackUrlTest < StrategyTestCase
+  test "returns the default callback url" do
+    url_base = "http://auth.request.com"
+    @request.stubs(:url).returns("#{url_base}/some/page")
+    strategy.stubs(:script_name).returns("") # as not to depend on Rack env
+    assert_equal "#{url_base}/auth/slack/callback", strategy.callback_url
+  end
+
+  test "returns path from callback_path option" do
+    @options = { :callback_path => "/auth/slack/done"}
+    url_base = "http://auth.request.com"
+    @request.stubs(:url).returns("#{url_base}/page/path")
+    strategy.stubs(:script_name).returns("") # as not to depend on Rack env
+    assert_equal "#{url_base}/auth/slack/done", strategy.callback_url
+  end
+end
+
+class UidTest < StrategyTestCase
+  def setup
+    super
+    strategy.stubs(:raw_info).returns("user_id" => "U123")
+  end
+
+  test "returns the user ID from raw_info" do
+    assert_equal "U123", strategy.uid
+  end
+end
+
+class CredentialsTest < StrategyTestCase
+  def setup
+    super
+    @access_token = stub("OAuth2::AccessToken")
+    @access_token.stubs(:token)
+    @access_token.stubs(:expires?)
+    @access_token.stubs(:expires_at)
+    @access_token.stubs(:refresh_token)
+    strategy.stubs(:access_token).returns(@access_token)
+  end
+
+  test "returns a Hash" do
+    assert_kind_of Hash, strategy.credentials
+  end
+
+  test "returns the token" do
+    @access_token.stubs(:token).returns("123")
+    assert_equal "123", strategy.credentials["token"]
+  end
+
+  test "returns the expiry status" do
+    @access_token.stubs(:expires?).returns(true)
+    assert strategy.credentials["expires"]
+
+    @access_token.stubs(:expires?).returns(false)
+    refute strategy.credentials["expires"]
+  end
+
+  test "returns the refresh token and expiry time when expiring" do
+    ten_mins_from_now = (Time.now + 600).to_i
+    @access_token.stubs(:expires?).returns(true)
+    @access_token.stubs(:refresh_token).returns("321")
+    @access_token.stubs(:expires_at).returns(ten_mins_from_now)
+    assert_equal "321", strategy.credentials["refresh_token"]
+    assert_equal ten_mins_from_now, strategy.credentials["expires_at"]
+  end
+
+  test "does not return the refresh token when test is nil and expiring" do
+    @access_token.stubs(:expires?).returns(true)
+    @access_token.stubs(:refresh_token).returns(nil)
+    assert_nil strategy.credentials["refresh_token"]
+    refute_has_key "refresh_token", strategy.credentials
+  end
+
+  test "does not return the refresh token when not expiring" do
+    @access_token.stubs(:expires?).returns(false)
+    @access_token.stubs(:refresh_token).returns("XXX")
+    assert_nil strategy.credentials["refresh_token"]
+    refute_has_key "refresh_token", strategy.credentials
+  end
+end