doorkeeper-grants_assertion 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -0
  3. data/.travis.yml +1 -6
  4. data/Gemfile +6 -9
  5. data/README.md +71 -2
  6. data/Rakefile +8 -6
  7. data/doorkeeper-grants_assertion.gemspec +27 -8
  8. data/gemfiles/rails_4_2.gemfile +0 -3
  9. data/gemfiles/rails_4_2.gemfile.lock +68 -17
  10. data/gemfiles/rails_5_0.gemfile +0 -3
  11. data/gemfiles/rails_5_0.gemfile.lock +68 -17
  12. data/gemfiles/rails_latest_and_doorkeeper_latest.gemfile +0 -3
  13. data/gemfiles/rails_latest_and_doorkeeper_latest.gemfile.lock +68 -17
  14. data/lib/doorkeeper/grants_assertion.rb +5 -0
  15. data/lib/doorkeeper/grants_assertion/devise/omniauth.rb +33 -0
  16. data/lib/doorkeeper/grants_assertion/omniauth.rb +35 -0
  17. data/lib/doorkeeper/grants_assertion/railtie.rb +6 -0
  18. data/lib/doorkeeper/grants_assertion/version.rb +7 -0
  19. data/lib/doorkeeper/request/assertion.rb +2 -0
  20. metadata +115 -58
  21. data/spec/dummy/Rakefile +0 -7
  22. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  23. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  24. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -11
  25. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  26. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  27. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  28. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  29. data/spec/dummy/app/models/user.rb +0 -9
  30. data/spec/dummy/app/views/home/index.html.erb +0 -0
  31. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  32. data/spec/dummy/config.ru +0 -4
  33. data/spec/dummy/config/application.rb +0 -47
  34. data/spec/dummy/config/boot.rb +0 -4
  35. data/spec/dummy/config/database.yml +0 -15
  36. data/spec/dummy/config/environment.rb +0 -5
  37. data/spec/dummy/config/environments/development.rb +0 -29
  38. data/spec/dummy/config/environments/production.rb +0 -62
  39. data/spec/dummy/config/environments/test.rb +0 -53
  40. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  41. data/spec/dummy/config/initializers/doorkeeper.rb +0 -92
  42. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  43. data/spec/dummy/config/initializers/session_store.rb +0 -8
  44. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  45. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -74
  46. data/spec/dummy/config/routes.rb +0 -52
  47. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -10
  48. data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
  49. data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
  50. data/spec/dummy/db/schema.rb +0 -66
  51. data/spec/dummy/script/rails +0 -6
  52. data/spec/factories/access_grant.rb +0 -9
  53. data/spec/factories/access_token.rb +0 -11
  54. data/spec/factories/application.rb +0 -6
  55. data/spec/requests/flows/assertion_spec.rb +0 -127
  56. data/spec/spec_helper.rb +0 -2
  57. data/spec/spec_helper_integration.rb +0 -28
  58. data/spec/support/dependencies/factory_girl.rb +0 -2
  59. data/spec/support/helpers/config_helper.rb +0 -9
  60. data/spec/support/helpers/model_helper.rb +0 -45
  61. data/spec/support/helpers/request_spec_helper.rb +0 -76
  62. data/spec/support/helpers/url_helper.rb +0 -19
  63. data/spec/support/shared/controllers_shared_context.rb +0 -60
  64. data/spec/support/shared/models_shared_examples.rb +0 -52
@@ -1,9 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- # Your secret key for verifying the integrity of signed cookies.
4
- # If you change this key, all old signed cookies will become invalid!
5
- # Make sure the secret is at least 30 characters and all random,
6
- # no regular words or you'll be exposed to dictionary attacks.
7
- Dummy::Application.config.secret_key_base =
8
- Dummy::Application.config.secret_token =
9
- 'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'
@@ -1,8 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
-
3
- Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
4
-
5
- # Use the database for sessions instead of the cookie-based default,
6
- # which shouldn't be used to store highly confidential information
7
- # (create the session table with "rails generate session_migration")
8
- # Dummy::Application.config.session_store :active_record_store
@@ -1,14 +0,0 @@
1
- # Be sure to restart your server when you modify this file.
2
- #
3
- # This file contains settings for ActionController::ParamsWrapper which
4
- # is enabled by default.
5
-
6
- # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7
- ActiveSupport.on_load(:action_controller) do
8
- wrap_parameters format: [:json]
9
- end
10
-
11
- # Disable root element in JSON by default.
12
- ActiveSupport.on_load(:active_record) do
13
- self.include_root_in_json = false
14
- end
@@ -1,74 +0,0 @@
1
- en:
2
- activerecord:
3
- errors:
4
- models:
5
- application:
6
- attributes:
7
- redirect_uri:
8
- fragment_present: 'cannot contain a fragment.'
9
- has_query_parameter: 'cannot contain a query parameter.'
10
- invalid_uri: 'must be a valid URI.'
11
- relative_uri: 'must be an absolute URI.'
12
- mongoid:
13
- errors:
14
- models:
15
- application:
16
- attributes:
17
- redirect_uri:
18
- fragment_present: 'cannot contain a fragment.'
19
- has_query_parameter: 'cannot contain a query parameter.'
20
- invalid_uri: 'must be a valid URI.'
21
- relative_uri: 'must be an absolute URI.'
22
- mongo_mapper:
23
- errors:
24
- models:
25
- application:
26
- attributes:
27
- redirect_uri:
28
- fragment_present: 'cannot contain a fragment.'
29
- has_query_parameter: 'cannot contain a query parameter.'
30
- invalid_uri: 'must be a valid URI.'
31
- relative_uri: 'must be an absolute URI.'
32
- doorkeeper:
33
- errors:
34
- messages:
35
- # Common error messages
36
- invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
37
- invalid_redirect_uri: 'The redirect uri included is not valid.'
38
- unauthorized_client: 'The client is not authorized to perform this request using this method.'
39
- access_denied: 'The resource owner or authorization server denied the request.'
40
- invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
41
- server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
42
- temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
43
-
44
- #configuration error messages
45
- credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
46
- resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'
47
-
48
- # Access grant errors
49
- unsupported_response_type: 'The authorization server does not support this response type.'
50
-
51
- # Access token errors
52
- invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
53
- invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
54
- unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
55
-
56
- # Password Access token errors
57
- invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
58
-
59
- invalid_token:
60
- revoked: "The access token was revoked"
61
- expired: "The access token expired"
62
- unknown: "The access token is invalid"
63
-
64
- flash:
65
- applications:
66
- create:
67
- notice: 'Application created.'
68
- destroy:
69
- notice: 'Application deleted.'
70
- update:
71
- notice: 'Application updated.'
72
- authorized_applications:
73
- destroy:
74
- notice: 'Application revoked.'
@@ -1,52 +0,0 @@
1
- Rails.application.routes.draw do
2
- use_doorkeeper
3
- use_doorkeeper scope: 'scope'
4
-
5
- scope 'inner_space' do
6
- use_doorkeeper scope: 'scope' do
7
- controllers authorizations: 'custom_authorizations',
8
- tokens: 'custom_authorizations',
9
- applications: 'custom_authorizations',
10
- token_info: 'custom_authorizations'
11
-
12
- as authorizations: 'custom_auth',
13
- tokens: 'custom_token',
14
- token_info: 'custom_token_info'
15
- end
16
- end
17
-
18
- scope 'space' do
19
- use_doorkeeper do
20
- controllers authorizations: 'custom_authorizations',
21
- tokens: 'custom_authorizations',
22
- applications: 'custom_authorizations',
23
- token_info: 'custom_authorizations'
24
-
25
- as authorizations: 'custom_auth',
26
- tokens: 'custom_token',
27
- token_info: 'custom_token_info'
28
- end
29
- end
30
-
31
- scope 'outer_space' do
32
- use_doorkeeper do
33
- controllers authorizations: 'custom_authorizations',
34
- tokens: 'custom_authorizations',
35
- token_info: 'custom_authorizations'
36
-
37
- as authorizations: 'custom_auth',
38
- tokens: 'custom_token',
39
- token_info: 'custom_token_info'
40
-
41
- skip_controllers :tokens, :applications, :token_info
42
- end
43
- end
44
-
45
- get 'metal.json' => 'metal#index'
46
-
47
- get '/callback', to: 'home#callback'
48
- get '/sign_in', to: 'home#sign_in'
49
- resources :semi_protected_resources
50
- resources :full_protected_resources
51
- root to: 'home#index'
52
- end
@@ -1,10 +0,0 @@
1
- class CreateUsers < ActiveRecord::Migration
2
- def change
3
- create_table :users do |t|
4
- t.string :name
5
- t.string :password
6
- t.string :assertion
7
- t.timestamps
8
- end
9
- end
10
- end
@@ -1,41 +0,0 @@
1
- class CreateDoorkeeperTables < ActiveRecord::Migration
2
- def change
3
- create_table :oauth_applications do |t|
4
- t.string :name, null: false
5
- t.string :uid, null: false
6
- t.string :secret, null: false
7
- t.string :redirect_uri, null: false, limit: 2048
8
- t.timestamps
9
- end
10
-
11
- add_index :oauth_applications, :uid, unique: true
12
-
13
- create_table :oauth_access_grants do |t|
14
- t.integer :resource_owner_id, null: false
15
- t.integer :application_id, null: false
16
- t.string :token, null: false
17
- t.integer :expires_in, null: false
18
- t.string :redirect_uri, null: false, limit: 2048
19
- t.datetime :created_at, null: false
20
- t.datetime :revoked_at
21
- t.string :scopes
22
- end
23
-
24
- add_index :oauth_access_grants, :token, unique: true
25
-
26
- create_table :oauth_access_tokens do |t|
27
- t.integer :resource_owner_id
28
- t.integer :application_id
29
- t.string :token, null: false
30
- t.string :refresh_token
31
- t.integer :expires_in
32
- t.datetime :revoked_at
33
- t.datetime :created_at, null: false
34
- t.string :scopes
35
- end
36
-
37
- add_index :oauth_access_tokens, :token, unique: true
38
- add_index :oauth_access_tokens, :resource_owner_id
39
- add_index :oauth_access_tokens, :refresh_token, unique: true
40
- end
41
- end
@@ -1,7 +0,0 @@
1
- class AddOwnerToApplication < ActiveRecord::Migration
2
- def change
3
- add_column :oauth_applications, :owner_id, :integer, null: true
4
- add_column :oauth_applications, :owner_type, :string, null: true
5
- add_index :oauth_applications, [:owner_id, :owner_type]
6
- end
7
- end
@@ -1,66 +0,0 @@
1
- # encoding: UTF-8
2
- # This file is auto-generated from the current state of the database. Instead
3
- # of editing this file, please use the migrations feature of Active Record to
4
- # incrementally modify your database, and then regenerate this schema definition.
5
- #
6
- # Note that this schema.rb definition is the authoritative source for your
7
- # database schema. If you need to create the application database on another
8
- # system, you should be using db:schema:load, not running all the migrations
9
- # from scratch. The latter is a flawed and unsustainable approach (the more migrations
10
- # you'll amass, the slower it'll run and the greater likelihood for issues).
11
- #
12
- # It's strongly recommended that you check this file into your version control system.
13
-
14
- ActiveRecord::Schema.define(version: 20130902175349) do
15
-
16
- create_table "oauth_access_grants", force: true do |t|
17
- t.integer "resource_owner_id", null: false
18
- t.integer "application_id", null: false
19
- t.string "token", null: false
20
- t.integer "expires_in", null: false
21
- t.string "redirect_uri", limit: 2048, null: false
22
- t.datetime "created_at", null: false
23
- t.datetime "revoked_at"
24
- t.string "scopes"
25
- end
26
-
27
- add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true
28
-
29
- create_table "oauth_access_tokens", force: true do |t|
30
- t.integer "resource_owner_id"
31
- t.integer "application_id"
32
- t.string "token", null: false
33
- t.string "refresh_token"
34
- t.integer "expires_in"
35
- t.datetime "revoked_at"
36
- t.datetime "created_at", null: false
37
- t.string "scopes"
38
- end
39
-
40
- add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
41
- add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
42
- add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true
43
-
44
- create_table "oauth_applications", force: true do |t|
45
- t.string "name", null: false
46
- t.string "uid", null: false
47
- t.string "secret", null: false
48
- t.string "redirect_uri", limit: 2048, null: false
49
- t.datetime "created_at"
50
- t.datetime "updated_at"
51
- t.integer "owner_id"
52
- t.string "owner_type"
53
- end
54
-
55
- add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
56
- add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true
57
-
58
- create_table "users", force: true do |t|
59
- t.string "name"
60
- t.string "password"
61
- t.string "assertion"
62
- t.datetime "created_at"
63
- t.datetime "updated_at"
64
- end
65
-
66
- end
@@ -1,6 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
3
-
4
- APP_PATH = File.expand_path('../../config/application', __FILE__)
5
- require File.expand_path('../../config/boot', __FILE__)
6
- require 'rails/commands'
@@ -1,9 +0,0 @@
1
- FactoryGirl.define do
2
- factory :access_grant, class: Doorkeeper::AccessGrant do
3
- sequence(:resource_owner_id) { |n| n }
4
- application
5
- redirect_uri 'https://app.com/callback'
6
- expires_in 100
7
- scopes 'public write'
8
- end
9
- end
@@ -1,11 +0,0 @@
1
- FactoryGirl.define do
2
- factory :access_token, class: Doorkeeper::AccessToken do
3
- sequence(:resource_owner_id) { |n| n }
4
- application
5
- expires_in 2.hours
6
-
7
- factory :clientless_access_token do
8
- application nil
9
- end
10
- end
11
- end
@@ -1,6 +0,0 @@
1
- FactoryGirl.define do
2
- factory :application, class: Doorkeeper::Application do
3
- sequence(:name) { |n| "Application #{n}" }
4
- redirect_uri 'https://app.com/callback'
5
- end
6
- end
@@ -1,127 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Resource Owner Assertion Flow inproperly set up', type: :request do
4
- before do
5
- config_is_set(:resource_owner_from_assertion) { nil }
6
- client_exists
7
- create_resource_owner
8
- end
9
-
10
- context 'with valid user assertion' do
11
- it "should not issue new token" do
12
- expect {
13
- post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
14
- }.to_not change { Doorkeeper::AccessToken.count }
15
-
16
- should_have_json 'error', 'invalid_grant'
17
- should_have_json 'error_description', translated_error_message(:invalid_grant)
18
- expect(response.status).to eq(401)
19
- end
20
- end
21
- end
22
-
23
- describe 'Resource Owner Assertion Flow', type: :request do
24
- before do
25
- config_is_set(:resource_owner_from_assertion) { User.where(assertion: params[:assertion]).first }
26
- client_exists
27
- create_resource_owner
28
- end
29
-
30
- context "with invalid client/application information" do
31
-
32
- it "should not create an access token" do
33
- expect {
34
- post assertion_endpoint_url(
35
- client_id: 'not-real',
36
- client_secret: 'not-real',
37
- redirect_uri: 'http://fake-redirect.com'
38
- )
39
- }.to_not change { Doorkeeper::AccessToken.count }
40
- end
41
- end
42
-
43
- context "with missing client/application information" do
44
- let(:no_client_params) {
45
- {
46
- grant_type: "assertion",
47
- assertion: @resource_owner.assertion
48
- }
49
- }
50
-
51
- it "should create an access token" do
52
- expect {
53
- post "/oauth/token?#{build_query(no_client_params)}"
54
- }.to change { Doorkeeper::AccessToken.count }.by(1)
55
- end
56
-
57
- context "when client is required as part of assertion lookup" do
58
-
59
- before do
60
- config_is_set(:resource_owner_from_assertion) {
61
- Doorkeeper::Application.find_by!(uid: params[:client_id])
62
- User.where(assertion: params[:assertion]).first
63
- }
64
- end
65
-
66
- it "should not create an access token" do
67
- expect {
68
- post "/oauth/token?#{build_query(no_client_params)}"
69
- }.to raise_error(ActiveRecord::RecordNotFound)
70
- end
71
- end
72
- end
73
-
74
- context 'with valid user assertion' do
75
- it "should issue new token" do
76
- expect {
77
- post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
78
- }.to change { Doorkeeper::AccessToken.count }.by(1)
79
-
80
- token = Doorkeeper::AccessToken.first
81
-
82
- should_have_json 'access_token', token.token
83
- end
84
-
85
- it "should associate the token with the appropriate application" do
86
- post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
87
-
88
- token = Doorkeeper::AccessToken.first
89
-
90
- expect(token.application_id).to eq(@client.id)
91
- end
92
-
93
- it "should issue a refresh token if enabled" do
94
- config_is_set(:refresh_token_enabled, true)
95
-
96
- post assertion_endpoint_url(client: @client, resource_owner: @resource_owner)
97
-
98
- token = Doorkeeper::AccessToken.first
99
-
100
- should_have_json 'refresh_token', token.refresh_token
101
- end
102
-
103
- end
104
-
105
- context "with invalid user assertion" do
106
- it "should not issue new token with bad assertion" do
107
- expect {
108
- post assertion_endpoint_url( client: @client, assertion: 'i_dont_exist' )
109
- }.to_not change { Doorkeeper::AccessToken.count }
110
-
111
- should_have_json 'error', 'invalid_grant'
112
- should_have_json 'error_description', translated_error_message(:invalid_grant)
113
- expect(response.status).to eq(401)
114
- end
115
-
116
- it "should not issue new token without assertion" do
117
- expect {
118
- post assertion_endpoint_url( client: @client )
119
- }.to_not change { Doorkeeper::AccessToken.count }
120
-
121
- should_have_json 'error', 'invalid_grant'
122
- should_have_json 'error_description', translated_error_message(:invalid_grant)
123
- expect(response.status).to eq(401)
124
- end
125
-
126
- end
127
- end