RubyGems - couchkeeper - Versions diffs - 0.6.7 - Mend

couchkeeper 0.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (240) hide show

data/.gitignore +14 -0
data/.rspec +1 -0
data/.travis.yml +28 -0
data/CHANGELOG.md +198 -0
data/Gemfile +32 -0
data/MIT-LICENSE +20 -0
data/README.md +290 -0
data/Rakefile +18 -0
data/app/assets/javascripts/doorkeeper/application.js +2 -0
data/app/assets/stylesheets/doorkeeper/application.css +18 -0
data/app/assets/stylesheets/doorkeeper/form.css +13 -0
data/app/controllers/doorkeeper/application_controller.rb +7 -0
data/app/controllers/doorkeeper/applications_controller.rb +60 -0
data/app/controllers/doorkeeper/authorizations_controller.rb +57 -0
data/app/controllers/doorkeeper/authorized_applications_controller.rb +12 -0
data/app/controllers/doorkeeper/token_info_controller.rb +12 -0
data/app/controllers/doorkeeper/tokens_controller.rb +20 -0
data/app/helpers/doorkeeper/form_errors_helper.rb +9 -0
data/app/validators/redirect_uri_validator.rb +23 -0
data/app/views/doorkeeper/applications/_form.html.erb +34 -0
data/app/views/doorkeeper/applications/edit.html.erb +13 -0
data/app/views/doorkeeper/applications/index.html.erb +29 -0
data/app/views/doorkeeper/applications/new.html.erb +13 -0
data/app/views/doorkeeper/applications/show.html.erb +26 -0
data/app/views/doorkeeper/authorizations/error.html.erb +6 -0
data/app/views/doorkeeper/authorizations/new.html.erb +37 -0
data/app/views/doorkeeper/authorizations/show.html.erb +4 -0
data/app/views/doorkeeper/authorized_applications/index.html.erb +25 -0
data/app/views/layouts/doorkeeper/application.html.erb +33 -0
data/config/locales/en.yml +68 -0
data/doorkeeper.gemspec +28 -0
data/lib/doorkeeper.rb +64 -0
data/lib/doorkeeper/config.rb +194 -0
data/lib/doorkeeper/doorkeeper_for.rb +76 -0
data/lib/doorkeeper/engine.rb +19 -0
data/lib/doorkeeper/errors.rb +15 -0
data/lib/doorkeeper/helpers/controller.rb +58 -0
data/lib/doorkeeper/helpers/filter.rb +38 -0
data/lib/doorkeeper/models/access_grant.rb +24 -0
data/lib/doorkeeper/models/access_token.rb +95 -0
data/lib/doorkeeper/models/accessible.rb +9 -0
data/lib/doorkeeper/models/active_record/access_grant.rb +5 -0
data/lib/doorkeeper/models/active_record/access_token.rb +21 -0
data/lib/doorkeeper/models/active_record/application.rb +20 -0
data/lib/doorkeeper/models/application.rb +33 -0
data/lib/doorkeeper/models/couchbase/access_grant.rb +10 -0
data/lib/doorkeeper/models/couchbase/access_token.rb +7 -0
data/lib/doorkeeper/models/couchbase/application.rb +35 -0
data/lib/doorkeeper/models/doorkeeper_access_grant/by_token/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id_and_resource_owner_id/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_access_token/by_refresh_token/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_access_token/by_resource_owner_id/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_access_token/by_token/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_application/by_uid/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_application/by_uid_and_secret/map.js +5 -0
data/lib/doorkeeper/models/doorkeeper_application/show_all/map.js +6 -0
data/lib/doorkeeper/models/expirable.rb +21 -0
data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +28 -0
data/lib/doorkeeper/models/mongo_mapper/access_token.rb +51 -0
data/lib/doorkeeper/models/mongo_mapper/application.rb +30 -0
data/lib/doorkeeper/models/mongo_mapper/revocable.rb +15 -0
data/lib/doorkeeper/models/mongoid/revocable.rb +15 -0
data/lib/doorkeeper/models/mongoid/scopes.rb +15 -0
data/lib/doorkeeper/models/mongoid2/access_grant.rb +22 -0
data/lib/doorkeeper/models/mongoid2/access_token.rb +41 -0
data/lib/doorkeeper/models/mongoid2/application.rb +22 -0
data/lib/doorkeeper/models/mongoid3/access_grant.rb +22 -0
data/lib/doorkeeper/models/mongoid3/access_token.rb +41 -0
data/lib/doorkeeper/models/mongoid3/application.rb +22 -0
data/lib/doorkeeper/models/ownership.rb +16 -0
data/lib/doorkeeper/models/scopes.rb +17 -0
data/lib/doorkeeper/oauth/authorization.rb +10 -0
data/lib/doorkeeper/oauth/authorization/code.rb +32 -0
data/lib/doorkeeper/oauth/authorization/token.rb +28 -0
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +29 -0
data/lib/doorkeeper/oauth/authorization_code_request.rb +82 -0
data/lib/doorkeeper/oauth/client.rb +29 -0
data/lib/doorkeeper/oauth/client/credentials.rb +21 -0
data/lib/doorkeeper/oauth/client/methods.rb +18 -0
data/lib/doorkeeper/oauth/client_credentials/creator.rb +29 -0
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +35 -0
data/lib/doorkeeper/oauth/client_credentials/validation.rb +33 -0
data/lib/doorkeeper/oauth/client_credentials_request.rb +47 -0
data/lib/doorkeeper/oauth/code_request.rb +28 -0
data/lib/doorkeeper/oauth/code_response.rb +37 -0
data/lib/doorkeeper/oauth/error.rb +9 -0
data/lib/doorkeeper/oauth/error_response.rb +44 -0
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +18 -0
data/lib/doorkeeper/oauth/helpers/unique_token.rb +13 -0
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +32 -0
data/lib/doorkeeper/oauth/password_access_token_request.rb +84 -0
data/lib/doorkeeper/oauth/pre_authorization.rb +62 -0
data/lib/doorkeeper/oauth/refresh_token_request.rb +58 -0
data/lib/doorkeeper/oauth/scopes.rb +60 -0
data/lib/doorkeeper/oauth/token.rb +36 -0
data/lib/doorkeeper/oauth/token_request.rb +28 -0
data/lib/doorkeeper/oauth/token_response.rb +29 -0
data/lib/doorkeeper/rails/routes.rb +90 -0
data/lib/doorkeeper/rails/routes/mapper.rb +28 -0
data/lib/doorkeeper/rails/routes/mapping.rb +39 -0
data/lib/doorkeeper/request.rb +33 -0
data/lib/doorkeeper/request/authorization_code.rb +23 -0
data/lib/doorkeeper/request/client_credentials.rb +23 -0
data/lib/doorkeeper/request/code.rb +24 -0
data/lib/doorkeeper/request/password.rb +23 -0
data/lib/doorkeeper/request/refresh_token.rb +23 -0
data/lib/doorkeeper/request/token.rb +24 -0
data/lib/doorkeeper/server.rb +54 -0
data/lib/doorkeeper/validations.rb +30 -0
data/lib/doorkeeper/version.rb +3 -0
data/lib/generators/doorkeeper/application_owner_generator.rb +15 -0
data/lib/generators/doorkeeper/install_generator.rb +12 -0
data/lib/generators/doorkeeper/migration_generator.rb +15 -0
data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb +12 -0
data/lib/generators/doorkeeper/templates/README +44 -0
data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +7 -0
data/lib/generators/doorkeeper/templates/indexes.rb +3 -0
data/lib/generators/doorkeeper/templates/initializer.rb +67 -0
data/lib/generators/doorkeeper/templates/migration.rb +42 -0
data/lib/generators/doorkeeper/views_generator.rb +15 -0
data/script/rails +6 -0
data/script/run_all +14 -0
data/spec/controllers/applications_controller_spec.rb +18 -0
data/spec/controllers/authorizations_controller_spec.rb +154 -0
data/spec/controllers/protected_resources_controller_spec.rb +304 -0
data/spec/controllers/token_info_controller_spec.rb +54 -0
data/spec/controllers/tokens_controller_spec.rb +36 -0
data/spec/dummy/Rakefile +7 -0
data/spec/dummy/app/assets/javascripts/application.js +9 -0
data/spec/dummy/app/assets/stylesheets/application.css +7 -0
data/spec/dummy/app/controllers/application_controller.rb +3 -0
data/spec/dummy/app/controllers/custom_authorizations_controller.rb +7 -0
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
data/spec/dummy/app/controllers/home_controller.rb +17 -0
data/spec/dummy/app/controllers/metal_controller.rb +11 -0
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
data/spec/dummy/app/helpers/application_helper.rb +5 -0
data/spec/dummy/app/models/user.rb +27 -0
data/spec/dummy/app/views/home/index.html.erb +0 -0
data/spec/dummy/app/views/layouts/application.html.erb +16 -0
data/spec/dummy/config.ru +4 -0
data/spec/dummy/config/application.rb +54 -0
data/spec/dummy/config/boot.rb +6 -0
data/spec/dummy/config/database.yml +15 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +30 -0
data/spec/dummy/config/environments/production.rb +60 -0
data/spec/dummy/config/environments/test.rb +39 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/doorkeeper.rb +56 -0
data/spec/dummy/config/initializers/secret_token.rb +9 -0
data/spec/dummy/config/initializers/session_store.rb +8 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
data/spec/dummy/config/locales/doorkeeper.en.yml +5 -0
data/spec/dummy/config/mongo.yml +11 -0
data/spec/dummy/config/mongoid2.yml +9 -0
data/spec/dummy/config/mongoid3.yml +18 -0
data/spec/dummy/config/routes.rb +38 -0
data/spec/dummy/db/migrate/20111122132257_create_users.rb +9 -0
data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +5 -0
data/spec/dummy/db/migrate/20120524202412_create_doorkeeper_tables.rb +44 -0
data/spec/dummy/db/schema.rb +64 -0
data/spec/dummy/public/404.html +26 -0
data/spec/dummy/public/422.html +26 -0
data/spec/dummy/public/500.html +26 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/dummy/script/rails +6 -0
data/spec/factories/access_grant.rb +9 -0
data/spec/factories/access_token.rb +7 -0
data/spec/factories/application.rb +6 -0
data/spec/generators/application_owner_generator_spec.rb +23 -0
data/spec/generators/install_generator_spec.rb +31 -0
data/spec/generators/migration_generator_spec.rb +20 -0
data/spec/generators/templates/routes.rb +3 -0
data/spec/generators/views_generator_spec.rb +27 -0
data/spec/lib/config_spec.rb +170 -0
data/spec/lib/models/expirable_spec.rb +51 -0
data/spec/lib/models/revocable_spec.rb +31 -0
data/spec/lib/models/scopes_spec.rb +32 -0
data/spec/lib/oauth/authorization/uri_builder_spec.rb +37 -0
data/spec/lib/oauth/authorization_code_request_spec.rb +80 -0
data/spec/lib/oauth/client/credentials_spec.rb +47 -0
data/spec/lib/oauth/client/methods_spec.rb +54 -0
data/spec/lib/oauth/client_credentials/creator_spec.rb +47 -0
data/spec/lib/oauth/client_credentials/issuer_spec.rb +57 -0
data/spec/lib/oauth/client_credentials/validation_spec.rb +29 -0
data/spec/lib/oauth/client_credentials_integration_spec.rb +27 -0
data/spec/lib/oauth/client_credentials_request_spec.rb +64 -0
data/spec/lib/oauth/client_spec.rb +39 -0
data/spec/lib/oauth/code_request_spec.rb +44 -0
data/spec/lib/oauth/error_response_spec.rb +40 -0
data/spec/lib/oauth/error_spec.rb +19 -0
data/spec/lib/oauth/helpers/scope_checker_spec.rb +74 -0
data/spec/lib/oauth/helpers/unique_token_spec.rb +20 -0
data/spec/lib/oauth/helpers/uri_checker_spec.rb +64 -0
data/spec/lib/oauth/password_access_token_request_spec.rb +65 -0
data/spec/lib/oauth/pre_authorization_spec.rb +80 -0
data/spec/lib/oauth/refresh_token_request_spec.rb +56 -0
data/spec/lib/oauth/scopes_spec.rb +115 -0
data/spec/lib/oauth/token_request_spec.rb +46 -0
data/spec/lib/oauth/token_response_spec.rb +52 -0
data/spec/lib/oauth/token_spec.rb +83 -0
data/spec/lib/server_spec.rb +24 -0
data/spec/models/doorkeeper/access_grant_spec.rb +36 -0
data/spec/models/doorkeeper/access_token_spec.rb +153 -0
data/spec/models/doorkeeper/application_spec.rb +162 -0
data/spec/requests/applications/applications_request_spec.rb +92 -0
data/spec/requests/applications/authorized_applications_spec.rb +30 -0
data/spec/requests/endpoints/authorization_spec.rb +47 -0
data/spec/requests/endpoints/token_spec.rb +46 -0
data/spec/requests/flows/authorization_code_errors_spec.rb +66 -0
data/spec/requests/flows/authorization_code_spec.rb +135 -0
data/spec/requests/flows/client_credentials_spec.rb +58 -0
data/spec/requests/flows/implicit_grant_errors_spec.rb +31 -0
data/spec/requests/flows/implicit_grant_spec.rb +19 -0
data/spec/requests/flows/password_spec.rb +78 -0
data/spec/requests/flows/refresh_token_spec.rb +71 -0
data/spec/requests/flows/skip_authorization_spec.rb +40 -0
data/spec/requests/protected_resources/metal_spec.rb +14 -0
data/spec/requests/protected_resources/private_api_spec.rb +50 -0
data/spec/routing/custom_controller_routes_spec.rb +44 -0
data/spec/routing/default_routes_spec.rb +32 -0
data/spec/spec_helper.rb +2 -0
data/spec/spec_helper_integration.rb +40 -0
data/spec/support/dependencies/factory_girl.rb +2 -0
data/spec/support/helpers/access_token_request_helper.rb +11 -0
data/spec/support/helpers/authorization_request_helper.rb +32 -0
data/spec/support/helpers/config_helper.rb +9 -0
data/spec/support/helpers/model_helper.rb +45 -0
data/spec/support/helpers/request_spec_helper.rb +72 -0
data/spec/support/helpers/url_helper.rb +51 -0
data/spec/support/orm/active_record.rb +11 -0
data/spec/support/orm/mongo_mapper.rb +26 -0
data/spec/support/orm/mongoid.rb +31 -0
data/spec/support/shared/controllers_shared_context.rb +60 -0
data/spec/support/shared/models_shared_examples.rb +60 -0
data/spec/validators/redirect_uri_validator_spec.rb +47 -0
data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +356 -0
metadata +430 -0

data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb ADDED

@@ -0,0 +1,7 @@
+class AddOwnerToApplication < ActiveRecord::Migration
+  def change
+    add_column :oauth_applications, :owner_id, :integer, :null => true
+    add_column :oauth_applications, :owner_type, :string, :null => true
+    add_index :oauth_applications, [:owner_id, :owner_type]
+  end
+end

data/lib/generators/doorkeeper/templates/indexes.rb ADDED

@@ -0,0 +1,3 @@
+Doorkeeper::Application.create_indexes
+Doorkeeper::AccessGrant.create_indexes
+Doorkeeper::AccessToken.create_indexes

data/lib/generators/doorkeeper/templates/initializer.rb ADDED

@@ -0,0 +1,67 @@
+Doorkeeper.configure do
+  # Change the ORM that doorkeeper will use.
+  # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
+  orm :active_record
+  # This block will be called to check whether the resource owner is authenticated or not.
+  resource_owner_authenticator do
+    raise "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
+    # Put your resource owner authentication logic here.
+    # Example implementation:
+    #   User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
+  end
+  # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
+  # admin_authenticator do
+  #   # Put your admin authentication logic here.
+  #   # Example implementation:
+  #   Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
+  # end
+  # Authorization Code expiration time (default 10 minutes).
+  # authorization_code_expires_in 10.minutes
+  # Access token expiration time (default 2 hours).
+  # If you want to disable expiration, set this to nil.
+  # access_token_expires_in 2.hours
+  # Issue access tokens with refresh token (disabled by default)
+  # use_refresh_token
+  # Provide support for an owner to be assigned to each registered application (disabled by default)
+  # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+  # a registered application
+  # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
+  # enable_application_owner :confirmation => false
+  # Define access token scopes for your provider
+  # For more information go to https://github.com/applicake/doorkeeper/wiki/Using-Scopes
+  # default_scopes  :public
+  # optional_scopes :write, :update
+  # Change the way client credentials are retrieved from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:client_id` and `:client_secret` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # client_credentials :from_basic, :from_params
+  # Change the way access token is authenticated from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
+  # Check out the wiki for mor information on customization
+  # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+  # Change the test redirect uri for client apps
+  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+  #
+  # test_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
+  # Under some circumstances you might want to have applications auto-approved,
+  # so that the user skips the authorization step.
+  # For example if dealing with trusted a application.
+  # skip_authorization do |resource_owner, client|
+  #   client.superapp? or resource_owner.admin?
+  # end
+end

data/lib/generators/doorkeeper/templates/migration.rb ADDED

@@ -0,0 +1,42 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         :null => false
+      t.string  :uid,          :null => false
+      t.string  :secret,       :null => false
+      t.string  :redirect_uri, :null => false
+      t.timestamps
+    end
+    add_index :oauth_applications, :uid, :unique => true
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, :null => false
+      t.integer  :application_id,    :null => false
+      t.string   :token,             :null => false
+      t.integer  :expires_in,        :null => false
+      t.string   :redirect_uri,      :null => false
+      t.datetime :created_at,        :null => false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+    add_index :oauth_access_grants, :token, :unique => true
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.integer  :application_id,    :null => false
+      t.string   :token,             :null => false
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        :null => false
+      t.string   :scopes
+    end
+    add_index :oauth_access_tokens, :token, :unique => true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, :unique => true
+  end
+end

data/lib/generators/doorkeeper/views_generator.rb ADDED

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module Generators
+    class ViewsGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../../../../app/views/doorkeeper', __FILE__)
+      desc "Copies default Doorkeeper views to your application."
+      def manifest
+        directory 'applications', 'app/views/doorkeeper/applications'
+        directory 'authorizations', 'app/views/doorkeeper/authorizations'
+        directory 'authorized_applications', 'app/views/doorkeeper/authorized_applications'
+      end
+    end
+  end
+end

data/script/rails ADDED

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+ENGINE_PATH = File.expand_path('../..',  __FILE__)
+load File.expand_path('../../spec/dummy/script/rails',  __FILE__)

data/script/run_all ADDED

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -e
+rails=3.2.8 orm=active_record bundle install --quiet
+rails=3.2.8 orm=active_record bundle exec rake
+rails=3.2.8 orm=mongoid2 bundle install --quiet
+rails=3.2.8 orm=mongoid2 bundle exec rake
+rails=3.2.8 orm=mongoid3 bundle install --quiet
+rails=3.2.8 orm=mongoid3 bundle exec rake
+rails=3.2.8 orm=mongo_mapper bundle install --quiet
+rails=3.2.8 orm=mongo_mapper bundle exec rake

data/spec/controllers/applications_controller_spec.rb ADDED

@@ -0,0 +1,18 @@
+require 'spec_helper_integration'
+module Doorkeeper
+  describe ApplicationsController do
+    context "when admin is not authenticated" do
+      before(:each) do
+        Doorkeeper.configuration.stub(:authenticate_admin => proc do
+          redirect_to main_app.root_url
+        end)
+      end
+      it "redirects as set in Doorkeeper.authenticate_admin" do
+        get :index
+        expect(response).to redirect_to(controller.main_app.root_url)
+      end
+    end
+  end
+end

data/spec/controllers/authorizations_controller_spec.rb ADDED

@@ -0,0 +1,154 @@
+require 'spec_helper_integration'
+describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
+  include AuthorizationRequestHelper
+  def fragments(param)
+    fragment = URI.parse(response.location).fragment
+    Rack::Utils.parse_query(fragment)[param]
+  end
+  def translated_error_message(key)
+    I18n.translate key, :scope => [:doorkeeper, :errors, :messages]
+  end
+  let(:client) { FactoryGirl.create :application }
+  let(:user)   { User.create!(:name => "Joe", :password => "sekret") }
+  before do
+    controller.stub :current_resource_owner => user
+  end
+  describe "POST #create" do
+    before do
+      post :create, :client_id => client.uid, :response_type => "token", :redirect_uri => client.redirect_uri
+    end
+    it "redirects after authorization" do
+      expect(response).to be_redirect
+    end
+    it "redirects to client redirect uri" do
+      expect(response.location).to match(%r[^#{client.redirect_uri}])
+    end
+    it "includes access token in fragment" do
+      expect(fragments("access_token")).to eq(Doorkeeper::AccessToken.first.token)
+    end
+    it "includes token type in fragment" do
+      expect(fragments("token_type")).to eq('bearer')
+    end
+    it "includes token expiration in fragment" do
+      expect(fragments("expires_in").to_i).to eq(2.hours.to_i)
+    end
+    it "issues the token for the current client" do
+      expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
+    end
+    it "issues the token for the current resource owner" do
+      expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
+    end
+  end
+  describe "POST #create with errors" do
+    before do
+      default_scopes_exist :public
+      post :create, :client_id => client.uid, :response_type => "token", :scope => "invalid", :redirect_uri => client.redirect_uri
+    end
+    it "redirects after authorization" do
+      expect(response).to be_redirect
+    end
+    it "redirects to client redirect uri" do
+      expect(response.location).to match(%r[^#{client.redirect_uri}])
+    end
+    it "does not include access token in fragment" do
+      expect(fragments("access_token")).to be_nil
+    end
+    it "includes error in fragment" do
+      expect(fragments("error")).to eq('invalid_scope')
+    end
+    it "includes error description in fragment" do
+      expect(fragments("error_description")).to eq(translated_error_message(:invalid_scope))
+    end
+    it "does not issue any access token" do
+      expect(Doorkeeper::AccessToken.all).to be_empty
+    end
+  end
+  describe "POST #create with application already authorized" do
+    it "returns the existing access token in a fragment"
+  end
+  describe "GET #new" do
+    before do
+      get :new, :client_id => client.uid, :response_type => "token", :redirect_uri => client.redirect_uri
+    end
+    it 'renders new template' do
+      expect(response).to render_template(:new)
+    end
+  end
+  describe "GET #new with skip_authorization true" do
+    before do
+      Doorkeeper.configuration.stub(:skip_authorization => proc do
+          true
+        end)
+      get :new, :client_id => client.uid, :response_type => "token", :redirect_uri => client.redirect_uri
+    end
+    it "should redirect immediately" do
+      response.should be_redirect
+      response.location.should =~ %r[^#{client.redirect_uri}]
+    end
+    it "should issue a token" do
+      Doorkeeper::AccessToken.count.should be 1
+    end
+    it "includes token type in fragment" do
+      fragments("token_type").should == "bearer"
+    end
+    it "includes token expiration in fragment" do
+      fragments("expires_in").to_i.should == 2.hours.to_i
+    end
+    it "issues the token for the current client" do
+      Doorkeeper::AccessToken.first.application_id.should == client.id
+    end
+    it "issues the token for the current resource owner" do
+      Doorkeeper::AccessToken.first.resource_owner_id.should == user.id
+    end
+  end
+  describe "GET #new with errors" do
+    before do
+      default_scopes_exist :public
+      get :new, :an_invalid => 'request'
+    end
+    it "does not redirect" do
+      expect(response).to_not be_redirect
+    end
+    it 'renders error template' do
+      expect(response).to render_template(:error)
+    end
+    it 'does not issue any token' do
+      expect(Doorkeeper::AccessGrant.count).to eq 0
+      expect(Doorkeeper::AccessToken.count).to eq 0
+    end
+  end
+end

data/spec/controllers/protected_resources_controller_spec.rb ADDED

@@ -0,0 +1,304 @@
+require 'spec_helper_integration'
+module ControllerActions
+  def index
+    render :text => "index"
+  end
+  def show
+    render :text => "show"
+  end
+end
+shared_examples "specified for particular actions" do
+  context "with valid token", :token => :valid do
+    it "allows into index action" do
+      get :index, :access_token => token_string
+      expect(response).to be_success
+    end
+    it "allows into show action" do
+      get :show, :id => "3", :access_token => token_string
+      expect(response).to be_success
+    end
+  end
+  context "with invalid token", :token => :invalid do
+    include_context "invalid token"
+    it "does not allow into index action" do
+      get :index, :access_token => token_string
+      expect(response.status).to eq 401
+    end
+    it "allows into show action" do
+      get :show, :id => "5", :access_token => token_string
+      expect(response).to be_success
+    end
+  end
+end
+shared_examples "specified with except" do
+  context "with valid token", :token => :valid do
+    it "allows into index action" do
+      get :index, :access_token => token_string
+      expect(response).to be_success
+    end
+    it "allows into show action" do
+      get :show, :id => "4", :access_token => token_string
+      expect(response).to be_success
+    end
+  end
+  context "with invalid token", :token => :invalid do
+    it "allows into index action" do
+      get :index, :access_token => token_string
+      expect(response).to be_success
+    end
+    it "does not allow into show action" do
+      get :show, :id => "14", :access_token => token_string
+      expect(response.status).to eq 401
+    end
+  end
+end
+describe "Doorkeeper_for helper" do
+  context "accepts token code specified as" do
+    controller do
+      doorkeeper_for :all
+      def index
+        render :text => "index"
+      end
+    end
+    let(:token_string) { "1A2BC3" }
+    it "access_token param" do
+      Doorkeeper::AccessToken.should_receive(:authenticate).with(token_string)
+      get :index, :access_token => token_string
+    end
+    it "bearer_token param" do
+      Doorkeeper::AccessToken.should_receive(:authenticate).with(token_string)
+      get :index, :bearer_token => token_string
+    end
+    it "Authorization header" do
+      Doorkeeper::AccessToken.should_receive(:authenticate).with(token_string)
+      request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
+      get :index
+    end
+    it "different kind of Authorization header" do
+      Doorkeeper::AccessToken.should_not_receive(:authenticate)
+      request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64.encode64("foo:bar")}"
+      get :index
+    end
+    it "doesn't change Authorization header value" do
+      Doorkeeper::AccessToken.should_receive(:authenticate).exactly(2).times
+      request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
+      get :index
+      get :index
+    end
+  end
+  context "defined for all actions" do
+    controller do
+      doorkeeper_for :all
+      include ControllerActions
+    end
+    context "with valid token", :token => :valid do
+      it "allows into index action" do
+        get :index, :access_token => token_string
+        expect(response).to be_success
+      end
+      it "allows into show action" do
+        get :show, :id => "4", :access_token => token_string
+        expect(response).to be_success
+      end
+    end
+    context "with invalid token", :token => :invalid do
+      it "does not allow into index action" do
+        get :index, :access_token => token_string
+        expect(response.status).to eq 401
+      end
+      it "does not allow into show action" do
+        get :show, :id => "4", :access_token => token_string
+        expect(response.status).to eq 401
+      end
+    end
+  end
+  context "defined only for index action" do
+    controller do
+      doorkeeper_for :index
+      include ControllerActions
+    end
+    include_examples "specified for particular actions"
+  end
+  context "defined for actions except index" do
+    controller do
+      doorkeeper_for :all, :except => :index
+      include ControllerActions
+    end
+    include_examples "specified with except"
+  end
+  context "defined with scopes" do
+    controller do
+      doorkeeper_for :all, :scopes => [:write]
+      include ControllerActions
+    end
+    let(:token_string) { "1A2DUWE" }
+    it "allows if the token has particular scopes" do
+      token = double(Doorkeeper::AccessToken, :accessible? => true, :scopes => [:write, :public])
+      Doorkeeper::AccessToken.should_receive(:authenticate).with(token_string).and_return(token)
+      get :index, :access_token => token_string
+      expect(response).to be_success
+    end
+    it "does not allow if the token does not include given scope" do
+      token = double(Doorkeeper::AccessToken, :accessible? => true, :scopes => [:public])
+      Doorkeeper::AccessToken.should_receive(:authenticate).with(token_string).and_return(token)
+      get :index, :access_token => token_string
+      expect(response.status).to eq 401
+    end
+  end
+  context "when custom unauthorized render options are configured" do
+    controller do
+      doorkeeper_for :all
+      include ControllerActions
+    end
+    context "with a JSON custom render", :token => :invalid do
+      before do
+        controller.should_receive(:doorkeeper_unauthorized_render_options).and_return({ :json => ActiveSupport::JSON.encode({ :error => "Unauthorized" })  } )
+      end
+      it "it renders a custom JSON response", :token => :invalid do
+        get :index, :access_token => token_string
+        expect(response.status).to eq 401
+        expect(response.content_type).to eq('application/json')
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body).not_to be_nil
+        expect(parsed_body['error']).to eq('Unauthorized')
+      end
+    end
+    context "with a text custom render", :token => :invalid do
+      before do
+        controller.should_receive(:doorkeeper_unauthorized_render_options).and_return({ :text => "Unauthorized"  } )
+      end
+      it "it renders a custom JSON response", :token => :invalid do
+        get :index, :access_token => token_string
+        expect(response.status).to eq 401
+        expect(response.content_type).to eq('text/html')
+        expect(response.body.should).to eq('Unauthorized')
+      end
+    end
+  end
+  context "when defined with conditional if block" do
+    controller do
+      doorkeeper_for :index, :if => lambda { the_false }
+      doorkeeper_for :show, :if => lambda { the_true }
+      include ControllerActions
+      private
+      def the_true
+        true
+      end
+      def the_false
+        false
+      end
+    end
+    context "with valid token", :token => :valid do
+      it "enables access if passed block evaluates to false" do
+        get :index, :access_token => token_string
+        expect(response).to be_success
+      end
+      it "enables access if passed block evaluates to true" do
+        get :show, :id => 1, :access_token => token_string
+        expect(response).to be_success
+      end
+    end
+    context "with invalid token", :token => :invalid do
+      it "enables access if passed block evaluates to false" do
+        get :index, :access_token => token_string
+        expect(response).to be_success
+      end
+      it "does not enable access if passed block evaluates to true" do
+        get :show, :id => 3, :access_token => token_string
+        expect(response.status).to eq 401
+      end
+    end
+  end
+  context "when defined with conditional unless block" do
+    controller do
+      doorkeeper_for :index, :unless => lambda { the_false }
+      doorkeeper_for :show, :unless => lambda { the_true }
+      include ControllerActions
+      def the_true
+        true
+      end
+      private
+      def the_false
+        false
+      end
+    end
+    context "with valid token", :token => :valid do
+      it "allows access if passed block evaluates to false" do
+        get :index, :access_token => token_string
+        expect(response).to be_success
+      end
+      it "allows access if passed block evaluates to true" do
+        get :show, :id => 1, :access_token => token_string
+        expect(response).to be_success
+      end
+    end
+    context "with invalid token", :token => :invalid do
+      it "does not allow access if passed block evaluates to false" do
+        get :index, :access_token => token_string
+      end
+      it "allows access if passed block evaluates to true" do
+        get :show, :id => 3, :access_token => token_string
+        expect(response).to be_success
+      end
+    end
+  end
+end