couchkeeper 0.6.7

data/spec/lib/oauth/token_request_spec.rb

@@ -0,0 +1,46 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe TokenRequest do
+    let :pre_auth do
+      mock(:pre_auth, {
+        :client => mock(:application, :id => 9990),
+        :redirect_uri => 'http://tst.com/cb',
+        :state => nil,
+        :scopes => nil,
+        :error => nil,
+        :authorizable? => true
+      })
+    end
+
+    let :owner do
+      mock :owner, :id => 7866
+    end
+
+    subject do
+      TokenRequest.new(pre_auth, owner)
+    end
+
+    it 'creates an access token' do
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
+
+    it 'returns a code response' do
+      subject.authorize.should be_a(CodeResponse)
+    end
+
+    it 'does not create token when not authorizable' do
+      pre_auth.stub :authorizable? => false
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
+
+    it 'returns a error response' do
+      pre_auth.stub :authorizable? => false
+      subject.authorize.should be_a(ErrorResponse)
+    end
+  end
+end

data/spec/lib/oauth/token_response_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+require 'doorkeeper/oauth/token_response'
+
+module Doorkeeper::OAuth
+  describe TokenResponse do
+    subject { TokenResponse.new(stub.as_null_object) }
+
+    it 'includes access token response headers' do
+      headers = subject.headers
+      headers.fetch('Cache-Control').should == 'no-store'
+      headers.fetch('Pragma').should == 'no-cache'
+    end
+
+    it 'status is ok' do
+      subject.status.should == :ok
+    end
+
+    describe '.body' do
+      let(:access_token) do
+        mock :access_token, {
+          :token => 'some-token',
+          :expires_in => '3600',
+          :scopes_string => 'two scopes',
+          :refresh_token => 'some-refresh-token',
+          :token_type => 'bearer'
+        }
+      end
+
+      subject { TokenResponse.new(access_token).body }
+
+      it 'includes :access_token' do
+        subject['access_token'].should == 'some-token'
+      end
+
+      it 'includes :token_type' do
+        subject['token_type'].should == 'bearer'
+      end
+
+      it 'includes :expires_in' do
+        subject['expires_in'].should == '3600'
+      end
+
+      it 'includes :scope' do
+        subject['scope'].should == 'two scopes'
+      end
+
+      it 'includes :refresh_token' do
+        subject['refresh_token'].should == 'some-refresh-token'
+      end
+    end
+  end
+end

data/spec/lib/oauth/token_spec.rb

@@ -0,0 +1,83 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/token'
+
+module Doorkeeper
+  unless defined?(AccessToken)
+    class AccessToken
+    end
+  end
+
+  module OAuth
+    describe Token do
+      describe :from_request do
+        let(:request) { stub.as_null_object }
+
+        let(:method) do
+          lambda { |request| return 'token-value' }
+        end
+
+        it 'accepts anything that responds to #call' do
+          method.should_receive(:call).with(request)
+          Token.from_request request, method
+        end
+
+        it 'delegates methods received as symbols to Token class' do
+          Token.should_receive(:from_params).with(request)
+          Token.from_request request, :from_params
+        end
+
+        it 'stops at the first credentials found' do
+          not_called_method = mock
+          not_called_method.should_not_receive(:call)
+          credentials = Token.from_request request, lambda { |r| }, method, not_called_method
+        end
+
+        it 'returns the credential from extractor method' do
+          credentials = Token.from_request request, method
+          credentials.should == 'token-value'
+        end
+      end
+
+      describe :from_access_token_param do
+        it 'returns token from access_token parameter' do
+          request = stub :parameters => { :access_token => 'some-token' }
+          token   = Token.from_access_token_param(request)
+          token.should == "some-token"
+        end
+      end
+
+      describe :from_bearer_param do
+        it 'returns token from bearer_token parameter' do
+          request = stub :parameters => { :bearer_token => 'some-token' }
+          token   = Token.from_bearer_param(request)
+          token.should == "some-token"
+        end
+      end
+
+      describe :from_bearer_authorization do
+        it 'returns token from authorization bearer' do
+          request = stub :authorization => "Bearer SomeToken"
+          token   = Token.from_bearer_authorization(request)
+          token.should == "SomeToken"
+        end
+
+        it 'does not return token if authorization is not bearer' do
+          request = stub :authorization => "MAC SomeToken"
+          token   = Token.from_bearer_authorization(request)
+          token.should be_blank
+        end
+      end
+
+      describe :authenticate do
+        let(:finder) { mock :finder }
+
+        it 'calls the finder if token was found' do
+          token = lambda { |r| 'token' }
+          AccessToken.should_receive(:authenticate).with('token')
+          Token.authenticate stub, token
+        end
+      end
+    end
+  end
+end

data/spec/lib/server_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/errors'
+require 'doorkeeper/server'
+
+describe Doorkeeper::Server do
+  let(:fake_class) { mock :fake_class }
+
+  subject do
+    described_class.new
+  end
+
+  describe '.authorization_request' do
+    it 'raises error when strategy does not exist' do
+      expect { subject.authorization_request(:duh) }.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
+    end
+
+    it 'builds the request with selected strategy' do
+      stub_const 'Doorkeeper::Request::Code', fake_class
+      fake_class.should_receive(:build).with(subject)
+      subject.authorization_request :code
+    end
+  end
+end

data/spec/models/doorkeeper/access_grant_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper_integration'
+
+describe Doorkeeper::AccessGrant do
+  subject { FactoryGirl.build(:access_grant) }
+
+  it { should be_valid }
+
+  it_behaves_like "an accessible token"
+  it_behaves_like "a revocable token"
+  it_behaves_like "an unique token" do
+    let(:factory_name) { :access_grant }
+  end
+
+  describe "validations" do
+    it "is invalid without resource_owner_id" do
+      subject.resource_owner_id = nil
+      should_not be_valid
+    end
+
+    it "is invalid without application_id" do
+      subject.application_id = nil
+      should_not be_valid
+    end
+
+    it "is invalid without token" do
+      subject.save
+      subject.token = nil
+      should_not be_valid
+    end
+
+    it "is invalid without expires_in" do
+      subject.expires_in = nil
+      should_not be_valid
+    end
+  end
+end

data/spec/models/doorkeeper/access_token_spec.rb

@@ -0,0 +1,153 @@
+require 'spec_helper_integration'
+
+module Doorkeeper
+  describe AccessToken do
+    subject { FactoryGirl.build(:access_token) }
+
+    it { should be_valid }
+
+    it_behaves_like "an accessible token"
+    it_behaves_like "a revocable token"
+    it_behaves_like "an unique token" do
+      let(:factory_name) { :access_token }
+    end
+
+    describe :refresh_token do
+      it 'has empty refresh token if it was not required' do
+        token = FactoryGirl.create :access_token
+        token.refresh_token.should be_nil
+      end
+
+      it 'generates a refresh token if it was requested' do
+        token = FactoryGirl.create :access_token, :use_refresh_token => true
+        token.refresh_token.should_not be_nil
+      end
+
+      it "is not valid if token exists" do
+        token1 = FactoryGirl.create :access_token, :use_refresh_token => true
+        token2 = FactoryGirl.create :access_token, :use_refresh_token => true
+        token2.send :write_attribute, :refresh_token, token1.refresh_token
+        token2.should_not be_valid
+      end
+
+      it 'expects database to raise an error if refresh tokens are the same' do
+        token1 = FactoryGirl.create :access_token, :use_refresh_token => true
+        token2 = FactoryGirl.create :access_token, :use_refresh_token => true
+        expect {
+          token2.write_attribute :refresh_token, token1.refresh_token
+          token2.save(:validate => false)
+        }.to raise_error
+      end
+    end
+
+    describe "validations" do
+      it "is valid without resource_owner_id" do
+        # For client credentials flow
+        subject.resource_owner_id = nil
+        should be_valid
+      end
+
+      it "is invalid without application_id" do
+        subject.application_id = nil
+        should_not be_valid
+      end
+    end
+
+    describe '.revoke_all_for' do
+      let(:resource_owner) { stub(:id => 100) }
+      let(:application)    { FactoryGirl.create :application }
+      let(:default_attributes) do
+        { :application => application, :resource_owner_id => resource_owner.id }
+      end
+
+      it 'revokes all tokens for given application and resource owner' do
+        FactoryGirl.create :access_token, default_attributes
+        AccessToken.revoke_all_for application.id, resource_owner
+        AccessToken.all.should be_empty
+      end
+
+      it 'matches application' do
+        FactoryGirl.create :access_token, default_attributes.merge(:application => FactoryGirl.create(:application))
+        AccessToken.revoke_all_for application.id, resource_owner
+        AccessToken.all.should_not be_empty
+      end
+
+      it 'matches resource owner' do
+        FactoryGirl.create :access_token, default_attributes.merge(:resource_owner_id => 90)
+        AccessToken.revoke_all_for application.id, resource_owner
+        AccessToken.all.should_not be_empty
+      end
+    end
+
+    describe '.matching_token_for' do
+      let(:resource_owner_id) { 100 }
+      let(:application)       { FactoryGirl.create :application }
+      let(:scopes)            { Doorkeeper::OAuth::Scopes.from_string("public write") }
+      let(:default_attributes) do
+        { :application => application, :resource_owner_id => resource_owner_id, :scopes => scopes.to_s }
+      end
+
+      it 'returns only one token' do
+        token = FactoryGirl.create :access_token, default_attributes
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        last_token.should == token
+      end
+
+      it 'accepts resource owner as object' do
+        resource_owner = stub(:to_key => true, :id => 100)
+        token = FactoryGirl.create :access_token, default_attributes
+        last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
+        last_token.should == token
+      end
+
+      it 'accepts nil as resource owner' do
+        token = FactoryGirl.create :access_token, default_attributes.merge(:resource_owner_id => nil)
+        last_token = AccessToken.matching_token_for(application, nil, scopes)
+        last_token.should == token
+      end
+
+      it 'excludes revoked tokens' do
+        FactoryGirl.create :access_token, default_attributes.merge(:revoked_at => 1.day.ago)
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        last_token.should be_nil
+      end
+
+      it 'matches the application' do
+        token = FactoryGirl.create :access_token, default_attributes.merge(:application => FactoryGirl.create(:application))
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        last_token.should be_nil
+      end
+
+      it 'matches the resource owner' do
+        FactoryGirl.create :access_token, default_attributes.merge(:resource_owner_id => 2)
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        last_token.should be_nil
+      end
+
+      it 'matches the scopes' do
+        FactoryGirl.create :access_token, default_attributes.merge(:scopes => 'public email')
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        last_token.should be_nil
+      end
+
+      it 'returns the last created token' do
+        FactoryGirl.create :access_token, default_attributes.merge(:created_at => 1.day.ago)
+        token = FactoryGirl.create :access_token, default_attributes
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        last_token.should == token
+      end
+
+      it 'returns as_json hash'   do
+        token = FactoryGirl.create :access_token, default_attributes
+        token_hash = {
+                      :resource_owner_id => token.resource_owner_id,
+                      :scopes => token.scopes,
+                      :expires_in_seconds => token.expires_in_seconds, 
+                      :application => { :uid => token.application.uid }
+                     }
+        token.as_json.should eq token_hash
+      end
+    end
+
+  end
+end

data/spec/models/doorkeeper/application_spec.rb

@@ -0,0 +1,162 @@
+require 'spec_helper_integration'
+
+module Doorkeeper
+  describe Application do
+    include OrmHelper
+
+    let(:require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", true) }
+    let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", false) }
+    let(:new_application) { FactoryGirl.build(:application) }
+
+    context "application_owner is enabled" do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          enable_application_owner
+        end
+      end
+
+      context 'application owner is not required' do
+        before(:each) do
+          unset_require_owner
+        end
+
+        it 'is valid given valid attributes' do
+          new_application.should be_valid
+        end
+      end
+
+      context "application owner is required" do
+        before(:each) do
+          require_owner
+          @owner = mock_application_owner
+        end
+
+        it 'is invalid without an owner' do
+          new_application.should_not be_valid
+        end
+
+        it 'is valid with an owner' do
+          new_application.owner = @owner
+          new_application.should be_valid
+        end
+      end
+    end
+
+    it 'is invalid without a name' do
+      new_application.name = nil
+      new_application.should_not be_valid
+    end
+
+    it 'generates uid on create' do
+      new_application.uid.should be_nil
+      new_application.save
+      new_application.uid.should_not be_nil
+    end
+
+    it 'is invalid without uid' do
+      new_application.save
+      new_application.uid = nil
+      new_application.should_not be_valid
+    end
+
+    it 'is invalid without redirect_uri' do
+      new_application.save
+      new_application.redirect_uri = nil
+      new_application.should_not be_valid
+    end
+
+    it 'checks uniqueness of uid' do
+      app1 = Factory(:application)
+      app2 = Factory(:application)
+      app2.uid = app1.uid
+      app2.should_not be_valid
+    end
+
+    it 'expects database to throw an error when uids are the same' do
+      app1 = FactoryGirl.create(:application)
+      app2 = FactoryGirl.create(:application)
+      app2.uid = app1.uid
+      expect {
+        app2.save!(:validate => false)
+      }.to raise_error
+    end
+
+    it 'generate secret on create' do
+      new_application.secret.should be_nil
+      new_application.save
+      new_application.secret.should_not be_nil
+    end
+
+    it 'is invalid without secret' do
+      new_application.save
+      new_application.secret = nil
+      new_application.should_not be_valid
+    end
+
+    describe 'destroy related models on cascade' do
+      before(:each) do
+        new_application.save
+      end
+
+      it 'should destroy its access grants' do
+        FactoryGirl.create(:access_grant, :application => new_application)
+        expect { new_application.destroy }.to change { Doorkeeper::AccessGrant.count }.by(-1)
+      end
+
+      it 'should destroy its access tokens' do
+        FactoryGirl.create(:access_token, :application => new_application)
+        FactoryGirl.create(:access_token, :application => new_application, :revoked_at => Time.now)
+        expect { new_application.destroy }.to change { Doorkeeper::AccessToken.count }.by(-2)
+      end
+    end
+
+    describe :authorized_for do
+      let(:resource_owner) { double(:resource_owner, :id => 10) }
+
+      it "is empty if the application is not authorized for anyone" do
+        Application.authorized_for(resource_owner).should be_empty
+      end
+
+      it "returns only application for a specific resource owner" do
+        FactoryGirl.create(:access_token, :resource_owner_id => resource_owner.id + 1)
+        token = FactoryGirl.create(:access_token, :resource_owner_id => resource_owner.id)
+        Application.authorized_for(resource_owner).should == [token.application]
+      end
+
+      it "excludes revoked tokens" do
+        FactoryGirl.create(:access_token, :resource_owner_id => resource_owner.id, :revoked_at => 2.days.ago)
+        Application.authorized_for(resource_owner).should be_empty
+      end
+
+      it "returns all applications that have been authorized" do
+        token1 = FactoryGirl.create(:access_token, :resource_owner_id => resource_owner.id)
+        token2 = FactoryGirl.create(:access_token, :resource_owner_id => resource_owner.id)
+        Application.authorized_for(resource_owner).should == [token1.application, token2.application]
+      end
+
+      it "returns only one application even if it has been authorized twice" do
+        application = FactoryGirl.create(:application)
+        FactoryGirl.create(:access_token, :resource_owner_id => resource_owner.id, :application => application)
+        FactoryGirl.create(:access_token, :resource_owner_id => resource_owner.id, :application => application)
+        Application.authorized_for(resource_owner).should == [application]
+      end
+
+      it "should fail to mass assign a new application" do
+        mass_assign = { :name => 'Something',
+                        :redirect_uri => 'http://somewhere.com/something',
+                        :uid => 123,
+                        :secret => 'something' }
+        Application.create(mass_assign).uid.should_not == 123
+      end
+    end
+
+    describe :authenticate do
+      it 'finds the application via uid/secret' do
+        app = FactoryGirl.create :application
+        authenticated = Application.authenticate(app.uid, app.secret)
+        authenticated.should == app
+      end
+    end
+  end
+end