doorkeeper-grants_assertion 0.1.0 → 0.2.0

data/spec/dummy/config/initializers/secret_token.rb

@@ -1,9 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-Dummy::Application.config.secret_key_base =
-  Dummy::Application.config.secret_token =
-  'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'

data/spec/dummy/config/initializers/session_store.rb

@@ -1,8 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
-
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# Dummy::Application.config.session_store :active_record_store

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -1,14 +0,0 @@
-# Be sure to restart your server when you modify this file.
-#
-# This file contains settings for ActionController::ParamsWrapper which
-# is enabled by default.
-
-# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
-ActiveSupport.on_load(:action_controller) do
-  wrap_parameters format: [:json]
-end
-
-# Disable root element in JSON by default.
-ActiveSupport.on_load(:active_record) do
-  self.include_root_in_json = false
-end

data/spec/dummy/config/locales/doorkeeper.en.yml

@@ -1,74 +0,0 @@
-en:
-  activerecord:
-    errors:
-      models:
-        application:
-          attributes:
-            redirect_uri:
-              fragment_present: 'cannot contain a fragment.'
-              has_query_parameter: 'cannot contain a query parameter.'
-              invalid_uri: 'must be a valid URI.'
-              relative_uri: 'must be an absolute URI.'
-  mongoid:
-    errors:
-      models:
-        application:
-          attributes:
-            redirect_uri:
-              fragment_present: 'cannot contain a fragment.'
-              has_query_parameter: 'cannot contain a query parameter.'
-              invalid_uri: 'must be a valid URI.'
-              relative_uri: 'must be an absolute URI.'
-  mongo_mapper:
-    errors:
-      models:
-        application:
-          attributes:
-            redirect_uri:
-              fragment_present: 'cannot contain a fragment.'
-              has_query_parameter: 'cannot contain a query parameter.'
-              invalid_uri: 'must be a valid URI.'
-              relative_uri: 'must be an absolute URI.'
-  doorkeeper:
-    errors:
-      messages:
-        # Common error messages
-        invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
-        invalid_redirect_uri: 'The redirect uri included is not valid.'
-        unauthorized_client: 'The client is not authorized to perform this request using this method.'
-        access_denied: 'The resource owner or authorization server denied the request.'
-        invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
-        server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
-        temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
-
-        #configuration error messages
-        credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
-        resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'
-
-        # Access grant errors
-        unsupported_response_type: 'The authorization server does not support this response type.'
-
-        # Access token errors
-        invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
-        invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
-        unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
-
-        # Password Access token errors
-        invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
-
-        invalid_token:
-          revoked: "The access token was revoked"
-          expired: "The access token expired"
-          unknown: "The access token is invalid"
-
-    flash:
-      applications:
-        create:
-          notice: 'Application created.'
-        destroy:
-          notice: 'Application deleted.'
-        update:
-          notice: 'Application updated.'
-      authorized_applications:
-        destroy:
-          notice: 'Application revoked.'

data/spec/dummy/config/routes.rb

@@ -1,52 +0,0 @@
-Rails.application.routes.draw do
-  use_doorkeeper
-  use_doorkeeper scope: 'scope'
-
-  scope 'inner_space' do
-    use_doorkeeper scope: 'scope' do
-      controllers authorizations: 'custom_authorizations',
-                  tokens: 'custom_authorizations',
-                  applications: 'custom_authorizations',
-                  token_info: 'custom_authorizations'
-
-      as authorizations: 'custom_auth',
-         tokens: 'custom_token',
-         token_info: 'custom_token_info'
-    end
-  end
-
-  scope 'space' do
-    use_doorkeeper do
-      controllers authorizations: 'custom_authorizations',
-                  tokens: 'custom_authorizations',
-                  applications: 'custom_authorizations',
-                  token_info: 'custom_authorizations'
-
-      as authorizations: 'custom_auth',
-         tokens: 'custom_token',
-         token_info: 'custom_token_info'
-    end
-  end
-
-  scope 'outer_space' do
-    use_doorkeeper do
-      controllers authorizations: 'custom_authorizations',
-                  tokens: 'custom_authorizations',
-                  token_info: 'custom_authorizations'
-
-      as authorizations: 'custom_auth',
-         tokens: 'custom_token',
-         token_info: 'custom_token_info'
-
-      skip_controllers :tokens, :applications, :token_info
-    end
-  end
-
-  get 'metal.json' => 'metal#index'
-
-  get '/callback', to: 'home#callback'
-  get '/sign_in',  to: 'home#sign_in'
-  resources :semi_protected_resources
-  resources :full_protected_resources
-  root to: 'home#index'
-end

data/spec/dummy/db/migrate/20111122132257_create_users.rb

@@ -1,10 +0,0 @@
-class CreateUsers < ActiveRecord::Migration
-  def change
-    create_table :users do |t|
-      t.string :name
-      t.string :password
-      t.string :assertion
-      t.timestamps
-    end
-  end
-end

data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb

@@ -1,41 +0,0 @@
-class CreateDoorkeeperTables < ActiveRecord::Migration
-  def change
-    create_table :oauth_applications do |t|
-      t.string  :name,         null: false
-      t.string  :uid,          null: false
-      t.string  :secret,       null: false
-      t.string  :redirect_uri, null: false, limit: 2048
-      t.timestamps
-    end
-
-    add_index :oauth_applications, :uid, unique: true
-
-    create_table :oauth_access_grants do |t|
-      t.integer  :resource_owner_id, null: false
-      t.integer  :application_id,    null: false
-      t.string   :token,             null: false
-      t.integer  :expires_in,        null: false
-      t.string   :redirect_uri,      null: false, limit: 2048
-      t.datetime :created_at,        null: false
-      t.datetime :revoked_at
-      t.string   :scopes
-    end
-
-    add_index :oauth_access_grants, :token, unique: true
-
-    create_table :oauth_access_tokens do |t|
-      t.integer  :resource_owner_id
-      t.integer  :application_id
-      t.string   :token,             null: false
-      t.string   :refresh_token
-      t.integer  :expires_in
-      t.datetime :revoked_at
-      t.datetime :created_at,        null: false
-      t.string   :scopes
-    end
-
-    add_index :oauth_access_tokens, :token, unique: true
-    add_index :oauth_access_tokens, :resource_owner_id
-    add_index :oauth_access_tokens, :refresh_token, unique: true
-  end
-end

data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb

@@ -1,7 +0,0 @@
-class AddOwnerToApplication < ActiveRecord::Migration
-  def change
-    add_column :oauth_applications, :owner_id, :integer, null: true
-    add_column :oauth_applications, :owner_type, :string, null: true
-    add_index :oauth_applications, [:owner_id, :owner_type]
-  end
-end

data/spec/dummy/db/schema.rb

@@ -1,66 +0,0 @@
-# encoding: UTF-8
-# This file is auto-generated from the current state of the database. Instead
-# of editing this file, please use the migrations feature of Active Record to
-# incrementally modify your database, and then regenerate this schema definition.
-#
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
-#
-# It's strongly recommended that you check this file into your version control system.
-
-ActiveRecord::Schema.define(version: 20130902175349) do
-
-  create_table "oauth_access_grants", force: true do |t|
-    t.integer  "resource_owner_id",              null: false
-    t.integer  "application_id",                 null: false
-    t.string   "token",                          null: false
-    t.integer  "expires_in",                     null: false
-    t.string   "redirect_uri",      limit: 2048, null: false
-    t.datetime "created_at",                     null: false
-    t.datetime "revoked_at"
-    t.string   "scopes"
-  end
-
-  add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true
-
-  create_table "oauth_access_tokens", force: true do |t|
-    t.integer  "resource_owner_id"
-    t.integer  "application_id"
-    t.string   "token",             null: false
-    t.string   "refresh_token"
-    t.integer  "expires_in"
-    t.datetime "revoked_at"
-    t.datetime "created_at",        null: false
-    t.string   "scopes"
-  end
-
-  add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
-  add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
-  add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true
-
-  create_table "oauth_applications", force: true do |t|
-    t.string   "name",                      null: false
-    t.string   "uid",                       null: false
-    t.string   "secret",                    null: false
-    t.string   "redirect_uri", limit: 2048, null: false
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.integer  "owner_id"
-    t.string   "owner_type"
-  end
-
-  add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
-  add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true
-
-  create_table "users", force: true do |t|
-    t.string   "name"
-    t.string   "password"
-    t.string   "assertion"
-    t.datetime "created_at"
-    t.datetime "updated_at"
-  end
-
-end

data/spec/dummy/script/rails

@@ -1,6 +0,0 @@
-#!/usr/bin/env ruby
-# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
-
-APP_PATH = File.expand_path('../../config/application',  __FILE__)
-require File.expand_path('../../config/boot',  __FILE__)
-require 'rails/commands'

data/spec/factories/access_grant.rb

@@ -1,9 +0,0 @@
-FactoryGirl.define do
-  factory :access_grant, class: Doorkeeper::AccessGrant do
-    sequence(:resource_owner_id) { |n| n }
-    application
-    redirect_uri 'https://app.com/callback'
-    expires_in 100
-    scopes 'public write'
-  end
-end

data/spec/factories/access_token.rb

@@ -1,11 +0,0 @@
-FactoryGirl.define do
-  factory :access_token, class: Doorkeeper::AccessToken do
-    sequence(:resource_owner_id) { |n| n }
-    application
-    expires_in 2.hours
-
-    factory :clientless_access_token do
-      application nil
-    end
-  end
-end

data/spec/factories/application.rb

@@ -1,6 +0,0 @@
-FactoryGirl.define do
-  factory :application, class: Doorkeeper::Application do
-    sequence(:name) { |n| "Application #{n}" }
-    redirect_uri 'https://app.com/callback'
-  end
-end

data/spec/requests/flows/assertion_spec.rb

@@ -1,127 +0,0 @@
-require 'spec_helper_integration'
-
-describe 'Resource Owner Assertion Flow inproperly set up', type: :request do
-  before do
-    config_is_set(:resource_owner_from_assertion) { nil }
-    client_exists
-    create_resource_owner
-  end
-
-  context 'with valid user assertion' do
-    it "should not issue new token" do
-      expect {
-        post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
-      }.to_not change { Doorkeeper::AccessToken.count }
-
-      should_have_json 'error', 'invalid_grant'
-      should_have_json 'error_description', translated_error_message(:invalid_grant)
-      expect(response.status).to eq(401)
-    end
-  end
-end
-
-describe 'Resource Owner Assertion Flow', type: :request do
-  before do
-    config_is_set(:resource_owner_from_assertion) { User.where(assertion: params[:assertion]).first }
-    client_exists
-    create_resource_owner
-  end
-
-  context "with invalid client/application information" do
-
-    it "should not create an access token" do
-      expect {
-        post assertion_endpoint_url(
-          client_id: 'not-real',
-          client_secret: 'not-real',
-          redirect_uri: 'http://fake-redirect.com'
-        )
-      }.to_not change { Doorkeeper::AccessToken.count }
-    end
-  end
-
-  context "with missing client/application information" do
-    let(:no_client_params) {
-      {
-        grant_type: "assertion",
-        assertion: @resource_owner.assertion
-      }
-    }
-
-    it "should create an access token" do
-      expect {
-        post "/oauth/token?#{build_query(no_client_params)}"
-      }.to change { Doorkeeper::AccessToken.count }.by(1)
-    end
-
-    context "when client is required as part of assertion lookup" do
-
-      before do
-        config_is_set(:resource_owner_from_assertion) {
-          Doorkeeper::Application.find_by!(uid: params[:client_id])
-          User.where(assertion: params[:assertion]).first
-        }
-      end
-
-      it "should not create an access token" do
-        expect {
-          post "/oauth/token?#{build_query(no_client_params)}"
-        }.to raise_error(ActiveRecord::RecordNotFound)
-      end
-    end
-  end
-
-  context 'with valid user assertion' do
-    it "should issue new token" do
-      expect {
-        post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
-      }.to change { Doorkeeper::AccessToken.count }.by(1)
-
-      token = Doorkeeper::AccessToken.first
-
-      should_have_json 'access_token',  token.token
-    end
-
-    it "should associate the token with the appropriate application" do
-      post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
-
-      token = Doorkeeper::AccessToken.first
-
-      expect(token.application_id).to eq(@client.id)
-    end
-
-    it "should issue a refresh token if enabled" do
-      config_is_set(:refresh_token_enabled, true)
-
-      post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
-
-      token = Doorkeeper::AccessToken.first
-
-      should_have_json 'refresh_token',  token.refresh_token
-    end
-
-  end
-
-  context "with invalid user assertion" do
-    it "should not issue new token with bad assertion" do
-      expect {
-        post assertion_endpoint_url( client: @client, assertion: 'i_dont_exist' )
-      }.to_not change { Doorkeeper::AccessToken.count }
-
-      should_have_json 'error', 'invalid_grant'
-      should_have_json 'error_description', translated_error_message(:invalid_grant)
-      expect(response.status).to eq(401)
-    end
-
-    it "should not issue new token without assertion" do
-      expect {
-        post assertion_endpoint_url( client: @client )
-      }.to_not change { Doorkeeper::AccessToken.count }
-
-      should_have_json 'error', 'invalid_grant'
-      should_have_json 'error_description', translated_error_message(:invalid_grant)
-      expect(response.status).to eq(401)
-    end
-
-  end
-end