couchkeeper 0.6.7

data/spec/requests/flows/implicit_grant_errors_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper_integration'
+
+feature 'Implicit Grant Flow Errors' do
+  background do
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    client_exists
+    create_resource_owner
+    sign_in
+  end
+
+  after do
+    access_token_should_not_exist
+  end
+
+  [
+    [:client_id,     :invalid_client],
+    [:redirect_uri,  :invalid_redirect_uri],
+  ].each do |error|
+    scenario "displays #{error.last.inspect} error for invalid #{error.first.inspect}" do
+      visit authorization_endpoint_url(:client => @client, error.first => "invalid", :response_type => "token")
+      i_should_not_see "Authorize"
+      i_should_see_translated_error_message error.last
+    end
+
+    scenario "displays #{error.last.inspect} error when #{error.first.inspect} is missing" do
+      visit authorization_endpoint_url(:client => @client, error.first => "", :response_type => "token")
+      i_should_not_see "Authorize"
+      i_should_see_translated_error_message error.last
+    end
+  end
+end

data/spec/requests/flows/implicit_grant_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper_integration'
+
+feature 'Implicit Grant Flow' do
+  background do
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    client_exists
+    create_resource_owner
+    sign_in
+  end
+
+  scenario 'resource owner authorizes the client' do
+    visit authorization_endpoint_url(:client => @client, :response_type => 'token')
+    click_on "Authorize"
+
+    access_token_should_exist_for @client, @resource_owner
+
+    i_should_be_on_client_callback @client
+  end
+end

data/spec/requests/flows/password_spec.rb

@@ -0,0 +1,78 @@
+# coding: utf-8
+
+# TODO: this flow should be configurable (letting Doorkeeper users decide if
+# they want to make it available)
+
+require 'spec_helper_integration'
+
+feature 'Resource Owner Password Credentials Flow inproperly set up' do
+  background do
+    client_exists
+    create_resource_owner
+  end
+
+  context 'with valid user credentials' do
+    scenario "should issue new token" do
+      pending 'Check a way to supress warnings here (or handle config better)'
+      expect {
+        post password_token_endpoint_url(:client => @client, :resource_owner => @resource_owner)
+      }.to_not change { Doorkeeper::AccessToken.count }
+    end
+  end
+end
+
+feature 'Resource Owner Password Credentials Flow' do
+  background do
+    config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
+    client_exists
+    create_resource_owner
+  end
+
+  context 'with valid user credentials' do
+    scenario "should issue new token" do
+      expect {
+        post password_token_endpoint_url(:client => @client, :resource_owner => @resource_owner)
+      }.to change { Doorkeeper::AccessToken.count }.by(1)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'access_token',  token.token
+    end
+
+    scenario "should issue a refresh token if enabled" do
+      config_is_set(:refresh_token_enabled, true)
+
+      post password_token_endpoint_url(:client => @client, :resource_owner => @resource_owner)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'refresh_token',  token.refresh_token
+    end
+
+    scenario 'should return the same token if it is still accessible' do
+      client_is_authorized(@client, @resource_owner)
+
+      post password_token_endpoint_url(:client => @client, :resource_owner => @resource_owner)
+
+      Doorkeeper::AccessToken.count.should be(1)
+
+      should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+    end
+  end
+
+  context "with invalid user credentials" do
+    scenario "should not issue new token with bad password" do
+      expect {
+        post password_token_endpoint_url( :client => @client,
+                                          :resource_owner_username => @resource_owner.name,
+                                          :resource_owner_password => 'wrongpassword')
+      }.to_not change { Doorkeeper::AccessToken.count }
+    end
+
+    scenario "should not issue new token without credentials" do
+      expect {
+        post password_token_endpoint_url( :client => @client)
+      }.to_not change { Doorkeeper::AccessToken.count }
+    end
+  end
+end

data/spec/requests/flows/refresh_token_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper_integration'
+
+feature "Refresh Token Flow" do
+  before do
+    Doorkeeper.configure {
+      orm DOORKEEPER_ORM
+      use_refresh_token
+    }
+    client_exists
+  end
+
+  context "issuing a refresh token" do
+    before do
+      authorization_code_exists :application => @client
+    end
+
+    scenario "client gets the refresh token and refreshses it" do
+      post token_endpoint_url(:code => @authorization.token, :client => @client)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'access_token',  token.token
+      should_have_json 'refresh_token', token.refresh_token
+
+      @authorization.reload.should be_revoked
+
+      post refresh_token_endpoint_url(:client => @client, :refresh_token => token.refresh_token)
+
+      new_token = Doorkeeper::AccessToken.last
+      should_have_json 'access_token',  new_token.token
+      should_have_json 'refresh_token', new_token.refresh_token
+
+      token.token.should_not         == new_token.token
+      token.refresh_token.should_not == new_token.refresh_token
+    end
+  end
+
+  context "refreshing the token" do
+    before do
+      @token = FactoryGirl.create(:access_token, :application => @client, :resource_owner_id => 1, :use_refresh_token => true)
+    end
+
+    scenario "client request a token with refresh token" do
+      post refresh_token_endpoint_url(:client => @client, :refresh_token => @token.refresh_token)
+      should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+      @token.reload.should be_revoked
+    end
+
+    scenario "client request a token with expired access token" do
+      @token.update_column :expires_in, -100
+      post refresh_token_endpoint_url(:client => @client, :refresh_token => @token.refresh_token)
+      should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+      @token.reload.should be_revoked
+    end
+
+    # TODO: verify proper error code for this (previously was invalid_grant)
+    scenario "client gets an error for invalid refresh token" do
+      post refresh_token_endpoint_url(:client => @client, :refresh_token => "invalid")
+      should_not_have_json 'refresh_token'
+      should_have_json 'error', 'invalid_request'
+    end
+
+    # TODO: verify proper error code for this (previously was invalid_grant)
+    scenario "client gets an error for revoked acccess token" do
+      @token.revoke
+      post refresh_token_endpoint_url(:client => @client, :refresh_token => @token.refresh_token)
+      should_not_have_json 'refresh_token'
+      should_have_json 'error', 'invalid_request'
+    end
+  end
+end

data/spec/requests/flows/skip_authorization_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper_integration'
+
+feature 'Skip authorization form' do
+  background do
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    client_exists
+    default_scopes_exist  :public
+    optional_scopes_exist :write
+  end
+
+  context 'for previously authorized clients' do
+    background do
+      create_resource_owner
+      sign_in
+    end
+
+    scenario 'skips the authorization and return a new grant code' do
+      client_is_authorized(@client, @resource_owner, :scopes => "public")
+      visit authorization_endpoint_url(:client => @client)
+
+      i_should_not_see "Authorize"
+      client_should_be_authorized @client
+      i_should_be_on_client_callback @client
+      url_should_have_param "code", Doorkeeper::AccessGrant.first.token
+    end
+
+    scenario 'does not skip authorization when scopes differ' do
+      client_is_authorized(@client, @resource_owner, :scopes => "public write")
+      visit authorization_endpoint_url(:client => @client, :scope => "public")
+      i_should_see "Authorize"
+    end
+
+    scenario 'creates grant with new scope when scopes differ' do
+      client_is_authorized(@client, @resource_owner, :scopes => "public write")
+      visit authorization_endpoint_url(:client => @client, :scope => "public")
+      click_on "Authorize"
+      access_grant_should_have_scopes :public
+    end
+  end
+end

data/spec/requests/protected_resources/metal_spec.rb

@@ -0,0 +1,14 @@
+require 'spec_helper_integration'
+
+feature 'ActionController::Metal API' do
+  background do
+    @client   = FactoryGirl.create(:application)
+    @resource = User.create!(:name => "Joe", :password => "sekret")
+    @token    = client_is_authorized(@client, @resource)
+  end
+
+  scenario 'client requests protected resource with valid token' do
+    get "/metal.json?access_token=#{@token.token}"
+    should_have_json 'ok', true
+  end
+end

data/spec/requests/protected_resources/private_api_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper_integration'
+
+feature 'Private API' do
+  background do
+    @client   = FactoryGirl.create(:application)
+    @resource = User.create!(:name => "Joe", :password => "sekret")
+    @token    = client_is_authorized(@client, @resource)
+  end
+
+  scenario 'client requests protected resource with valid token' do
+    with_access_token_header @token.token
+    visit '/full_protected_resources'
+    page.body.should have_content("index")
+  end
+
+  scenario 'client requests protected resource with disabled header authentication' do
+    config_is_set :access_token_methods, [:from_access_token_param]
+    with_access_token_header @token.token
+    visit '/full_protected_resources'
+    response_status_should_be 401
+  end
+
+  scenario 'client attempts to request protected resource with invalid token' do
+    with_access_token_header "invalid"
+    visit '/full_protected_resources'
+    response_status_should_be 401
+  end
+
+  scenario 'client attempts to request protected resource with expired token' do
+    @token.update_column :expires_in, -100 # expires token
+    with_access_token_header @token.token
+    visit '/full_protected_resources'
+    response_status_should_be 401
+  end
+
+  scenario 'client requests protected resource with permanent token' do
+    @token.update_column :expires_in, nil # never expires
+    with_access_token_header @token.token
+    visit '/full_protected_resources'
+    page.body.should have_content("index")
+  end
+
+  scenario 'access token with no scopes' do
+    optional_scopes_exist :admin
+    @token.update_column :scopes, nil
+    with_access_token_header @token.token
+    visit '/full_protected_resources/1.json'
+    response_status_should_be 401
+  end
+end

data/spec/routing/custom_controller_routes_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper_integration'
+
+describe 'Custom controller for routes' do
+  it 'GET /space/oauth/authorize routes to custom authorizations controller' do
+    get('/space/oauth/authorize').should route_to('custom_authorizations#new')
+  end
+
+  it 'POST /space/oauth/authorize routes to custom authorizations controller' do
+    post('/space/oauth/authorize').should route_to('custom_authorizations#create')
+  end
+
+  it 'DELETE /space/oauth/authorize routes to custom authorizations controller' do
+    delete('/space/oauth/authorize').should route_to('custom_authorizations#destroy')
+  end
+
+  it 'POST /space/oauth/token routes to tokens controller' do
+    post('/space/oauth/token').should route_to('custom_authorizations#create')
+  end
+
+  it 'GET /space/oauth/applications routes to applications controller' do
+    get('/space/oauth/applications').should route_to('custom_authorizations#index')
+  end
+
+  it 'GET /space/oauth/token/info routes to the token_info controller' do
+    get('/space/oauth/token/info').should route_to('custom_authorizations#show')  
+  end
+
+  it 'POST /outer_space/oauth/token is not be routable' do
+    post('/outer_space/oauth/token').should_not be_routable
+  end
+
+  it 'GET /outer_space/oauth/authorize routes to custom authorizations controller' do
+    get('/outer_space/oauth/authorize').should be_routable
+  end
+
+  it 'GET /outer_space/oauth/applications is not routable' do
+    get('/outer_space/oauth/applications').should_not be_routable
+  end
+
+  it 'GET /outer_space/oauth/token_info is not routable' do
+    get('/outer_space/oauth/token/info').should_not be_routable
+  end
+    
+end

data/spec/routing/default_routes_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper_integration'
+
+describe 'Default routes' do
+  it 'GET /oauth/authorize routes to authorizations controller' do
+    get('/oauth/authorize').should route_to('doorkeeper/authorizations#new')
+  end
+
+  it 'POST /oauth/authorize routes to authorizations controller' do
+    post('/oauth/authorize').should route_to('doorkeeper/authorizations#create')
+  end
+
+  it 'DELETE /oauth/authorize routes to authorizations controller' do
+    delete('/oauth/authorize').should route_to('doorkeeper/authorizations#destroy')
+  end
+
+  it 'POST /oauth/token routes to tokens controller' do
+    post('/oauth/token').should route_to('doorkeeper/tokens#create')
+  end
+
+  it 'GET /oauth/applications routes to applications controller' do
+    get('/oauth/applications').should route_to('doorkeeper/applications#index')
+  end
+
+  it 'GET /oauth/authorized_applications routes to authorized applications controller' do
+    get('/oauth/authorized_applications').should route_to('doorkeeper/authorized_applications#index')
+  end
+
+  it 'GET /oauth/token/info route to authorzed tokeninfo controller' do
+    get('/oauth/token/info').should route_to('doorkeeper/token_info#show')    
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), "../lib"))
+$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), "../app"))

data/spec/spec_helper_integration.rb

@@ -0,0 +1,40 @@
+ENV["RAILS_ENV"] ||= 'test'
+DOORKEEPER_ORM = (ENV['orm'] || :active_record).to_sym
+
+$:.unshift File.dirname(__FILE__)
+
+require 'dummy/config/environment'
+require 'rspec/rails'
+require 'rspec/autorun'
+require 'generator_spec/test_case'
+require 'timecop'
+require 'database_cleaner'
+
+puts "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm.inspect}"
+puts "====> Rails version: #{Rails.version}"
+puts "====> Ruby version: #{RUBY_VERSION}"
+
+require "support/orm/#{Doorkeeper.configuration.orm_name}"
+
+ENGINE_RAILS_ROOT = File.join(File.dirname(__FILE__), '../')
+
+Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |f| require f }
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+
+  config.infer_base_class_for_anonymous_controllers = false
+
+  config.before do
+    DatabaseCleaner.start
+    Doorkeeper.configure {
+      orm DOORKEEPER_ORM
+    }
+  end
+
+  config.after do
+    DatabaseCleaner.clean
+  end
+
+  config.order = 'random'
+end

data/spec/support/dependencies/factory_girl.rb

@@ -0,0 +1,2 @@
+require 'factory_girl'
+FactoryGirl.find_definitions

data/spec/support/helpers/access_token_request_helper.rb

@@ -0,0 +1,11 @@
+module AccessTokenRequestHelper
+  def client_is_authorized(client, resource_owner, access_token_attributes = {})
+    attributes = {
+      :application => client,
+      :resource_owner_id => resource_owner.id
+    }.merge(access_token_attributes)
+    FactoryGirl.create(:access_token, attributes)
+  end
+end
+
+RSpec.configuration.send :include, AccessTokenRequestHelper, :type => :request