doorkeeper-grants_assertion 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/.travis.yml +1 -6
- data/Gemfile +6 -9
- data/README.md +71 -2
- data/Rakefile +8 -6
- data/doorkeeper-grants_assertion.gemspec +27 -8
- data/gemfiles/rails_4_2.gemfile +0 -3
- data/gemfiles/rails_4_2.gemfile.lock +68 -17
- data/gemfiles/rails_5_0.gemfile +0 -3
- data/gemfiles/rails_5_0.gemfile.lock +68 -17
- data/gemfiles/rails_latest_and_doorkeeper_latest.gemfile +0 -3
- data/gemfiles/rails_latest_and_doorkeeper_latest.gemfile.lock +68 -17
- data/lib/doorkeeper/grants_assertion.rb +5 -0
- data/lib/doorkeeper/grants_assertion/devise/omniauth.rb +33 -0
- data/lib/doorkeeper/grants_assertion/omniauth.rb +35 -0
- data/lib/doorkeeper/grants_assertion/railtie.rb +6 -0
- data/lib/doorkeeper/grants_assertion/version.rb +7 -0
- data/lib/doorkeeper/request/assertion.rb +2 -0
- metadata +115 -58
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -9
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/config/application.rb +0 -47
- data/spec/dummy/config/boot.rb +0 -4
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -53
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -92
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -74
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -10
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
- data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/schema.rb +0 -66
- data/spec/dummy/script/rails +0 -6
- data/spec/factories/access_grant.rb +0 -9
- data/spec/factories/access_token.rb +0 -11
- data/spec/factories/application.rb +0 -6
- data/spec/requests/flows/assertion_spec.rb +0 -127
- data/spec/spec_helper.rb +0 -2
- data/spec/spec_helper_integration.rb +0 -28
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -45
- data/spec/support/helpers/request_spec_helper.rb +0 -76
- data/spec/support/helpers/url_helper.rb +0 -19
- data/spec/support/shared/controllers_shared_context.rb +0 -60
- data/spec/support/shared/models_shared_examples.rb +0 -52
data/spec/spec_helper.rb
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
ENV['RAILS_ENV'] ||= 'test'
|
2
|
-
|
3
|
-
$LOAD_PATH.unshift File.dirname(__FILE__)
|
4
|
-
|
5
|
-
require 'dummy/config/environment'
|
6
|
-
require 'rspec/rails'
|
7
|
-
require 'database_cleaner'
|
8
|
-
|
9
|
-
Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm.inspect}"
|
10
|
-
Rails.logger.info "====> Rails version: #{Rails.version}"
|
11
|
-
Rails.logger.info "====> Ruby version: #{RUBY_VERSION}"
|
12
|
-
|
13
|
-
Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |f| require f }
|
14
|
-
|
15
|
-
# load schema to in memory sqlite
|
16
|
-
ActiveRecord::Migration.verbose = false
|
17
|
-
load Rails.root + 'db/schema.rb'
|
18
|
-
|
19
|
-
RSpec.configure do |config|
|
20
|
-
config.mock_with :rspec
|
21
|
-
|
22
|
-
config.infer_base_class_for_anonymous_controllers = false
|
23
|
-
|
24
|
-
config.before { DatabaseCleaner.start }
|
25
|
-
config.after { DatabaseCleaner.clean }
|
26
|
-
|
27
|
-
config.order = 'random'
|
28
|
-
end
|
@@ -1,9 +0,0 @@
|
|
1
|
-
module ConfigHelper
|
2
|
-
def config_is_set(setting, value = nil, &block)
|
3
|
-
setting_ivar = "@#{setting}"
|
4
|
-
value = block_given? ? block : value
|
5
|
-
Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
|
6
|
-
end
|
7
|
-
end
|
8
|
-
|
9
|
-
RSpec.configuration.send :include, ConfigHelper, type: :request
|
@@ -1,45 +0,0 @@
|
|
1
|
-
module ModelHelper
|
2
|
-
def client_exists(client_attributes = {})
|
3
|
-
@client = FactoryGirl.create(:application, client_attributes)
|
4
|
-
end
|
5
|
-
|
6
|
-
def create_resource_owner
|
7
|
-
@resource_owner = User.create!(name: 'Joe', password: 'sekret', assertion: 'assertion')
|
8
|
-
end
|
9
|
-
|
10
|
-
def authorization_code_exists(options = {})
|
11
|
-
@authorization = FactoryGirl.create(:access_grant, options)
|
12
|
-
end
|
13
|
-
|
14
|
-
def access_grant_should_exist_for(client, resource_owner)
|
15
|
-
grant = Doorkeeper::AccessGrant.first
|
16
|
-
expect(grant.application).to eq(client)
|
17
|
-
grant.resource_owner_id == resource_owner.id
|
18
|
-
end
|
19
|
-
|
20
|
-
def access_token_should_exist_for(client, resource_owner)
|
21
|
-
grant = Doorkeeper::AccessToken.first
|
22
|
-
expect(grant.application).to eq(client)
|
23
|
-
grant.resource_owner_id == resource_owner.id
|
24
|
-
end
|
25
|
-
|
26
|
-
def access_grant_should_not_exist
|
27
|
-
expect(Doorkeeper::AccessGrant.all).to be_empty
|
28
|
-
end
|
29
|
-
|
30
|
-
def access_token_should_not_exist
|
31
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
32
|
-
end
|
33
|
-
|
34
|
-
def access_grant_should_have_scopes(*args)
|
35
|
-
grant = Doorkeeper::AccessGrant.first
|
36
|
-
expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
|
37
|
-
end
|
38
|
-
|
39
|
-
def access_token_should_have_scopes(*args)
|
40
|
-
grant = Doorkeeper::AccessToken.first
|
41
|
-
expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
RSpec.configuration.send :include, ModelHelper, type: :request
|
@@ -1,76 +0,0 @@
|
|
1
|
-
module RequestSpecHelper
|
2
|
-
def i_should_see(content)
|
3
|
-
expect(page).to have_content(content)
|
4
|
-
end
|
5
|
-
|
6
|
-
def i_should_not_see(content)
|
7
|
-
expect(page).to have_no_content(content)
|
8
|
-
end
|
9
|
-
|
10
|
-
def i_should_be_on(path)
|
11
|
-
expect(current_path).to eq(path)
|
12
|
-
end
|
13
|
-
|
14
|
-
def url_should_have_param(param, value)
|
15
|
-
expect(current_params[param]).to eq(value)
|
16
|
-
end
|
17
|
-
|
18
|
-
def url_should_not_have_param(param)
|
19
|
-
expect(current_params).not_to have_key(param)
|
20
|
-
end
|
21
|
-
|
22
|
-
def current_params
|
23
|
-
Rack::Utils.parse_query(current_uri.query)
|
24
|
-
end
|
25
|
-
|
26
|
-
def current_uri
|
27
|
-
URI.parse(page.current_url)
|
28
|
-
end
|
29
|
-
|
30
|
-
def should_have_header(header, value)
|
31
|
-
expect(headers[header]).to eq(value)
|
32
|
-
end
|
33
|
-
|
34
|
-
def with_access_token_header(token)
|
35
|
-
with_header 'Authorization', "Bearer #{token}"
|
36
|
-
end
|
37
|
-
|
38
|
-
def with_header(header, value)
|
39
|
-
page.driver.header header, value
|
40
|
-
end
|
41
|
-
|
42
|
-
def basic_auth_header_for_client(client)
|
43
|
-
ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
|
44
|
-
end
|
45
|
-
|
46
|
-
def should_have_json(key, value)
|
47
|
-
expect(JSON.parse(response.body).fetch(key)).to eq(value)
|
48
|
-
end
|
49
|
-
|
50
|
-
def should_have_json_within(key, value, range)
|
51
|
-
expect(JSON.parse(response.body).fetch(key)).to be_within(range).of(value)
|
52
|
-
end
|
53
|
-
|
54
|
-
def should_not_have_json(key)
|
55
|
-
expect(JSON.parse(response.body)).not_to have_key(key)
|
56
|
-
end
|
57
|
-
|
58
|
-
def sign_in
|
59
|
-
visit '/'
|
60
|
-
click_on 'Sign in'
|
61
|
-
end
|
62
|
-
|
63
|
-
def i_should_see_translated_error_message(key)
|
64
|
-
i_should_see translated_error_message(key)
|
65
|
-
end
|
66
|
-
|
67
|
-
def translated_error_message(key)
|
68
|
-
I18n.translate key, scope: [:doorkeeper, :errors, :messages]
|
69
|
-
end
|
70
|
-
|
71
|
-
def response_status_should_be(status)
|
72
|
-
expect(page.driver.response.status.to_i).to eq(status)
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
RSpec.configuration.send :include, RequestSpecHelper, type: :request
|
@@ -1,19 +0,0 @@
|
|
1
|
-
module UrlHelper
|
2
|
-
def assertion_endpoint_url(options = {})
|
3
|
-
parameters = {
|
4
|
-
:code => options[:code],
|
5
|
-
:client_id => options[:client_id] || options[:client].uid,
|
6
|
-
:client_secret => options[:client_secret] || options[:client].secret,
|
7
|
-
:redirect_uri => options[:redirect_uri] || options[:client].redirect_uri,
|
8
|
-
:grant_type => options[:grant_type] || "assertion",
|
9
|
-
:assertion => options[:assertion] || (options[:resource_owner] ? options[:resource_owner].assertion : nil)
|
10
|
-
}
|
11
|
-
"/oauth/token?#{build_query(parameters)}"
|
12
|
-
end
|
13
|
-
|
14
|
-
def build_query(hash)
|
15
|
-
Rack::Utils.build_query(hash)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
RSpec.configuration.send :include, UrlHelper, type: :request
|
@@ -1,60 +0,0 @@
|
|
1
|
-
shared_context 'valid token', token: :valid do
|
2
|
-
let :token_string do
|
3
|
-
'1A2B3C4D'
|
4
|
-
end
|
5
|
-
|
6
|
-
let :token do
|
7
|
-
double(Doorkeeper::AccessToken, accessible?: true)
|
8
|
-
end
|
9
|
-
|
10
|
-
before :each do
|
11
|
-
allow(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
shared_context 'invalid token', token: :invalid do
|
16
|
-
let :token_string do
|
17
|
-
'1A2B3C4D'
|
18
|
-
end
|
19
|
-
|
20
|
-
let :token do
|
21
|
-
double(Doorkeeper::AccessToken, accessible?: false, revoked?: false, expired?: false)
|
22
|
-
end
|
23
|
-
|
24
|
-
before :each do
|
25
|
-
allow(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
shared_context 'authenticated resource owner' do
|
30
|
-
before do
|
31
|
-
user = double(:resource, id: 1)
|
32
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
shared_context 'not authenticated resource owner' do
|
37
|
-
before do
|
38
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to '/' } }
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
shared_context 'valid authorization request' do
|
43
|
-
let :authorization do
|
44
|
-
double(:authorization, valid?: true, authorize: true, success_redirect_uri: 'http://something.com/cb?code=token')
|
45
|
-
end
|
46
|
-
|
47
|
-
before do
|
48
|
-
allow(controller).to receive(:authorization) { authorization }
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
shared_context 'invalid authorization request' do
|
53
|
-
let :authorization do
|
54
|
-
double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
|
55
|
-
end
|
56
|
-
|
57
|
-
before do
|
58
|
-
allow(controller).to receive(:authorization) { authorization }
|
59
|
-
end
|
60
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
shared_examples 'an accessible token' do
|
2
|
-
describe :accessible? do
|
3
|
-
it 'is accessible if token is not expired' do
|
4
|
-
allow(subject).to receive(:expired?).and_return(false)
|
5
|
-
should be_accessible
|
6
|
-
end
|
7
|
-
|
8
|
-
it 'is not accessible if token is expired' do
|
9
|
-
allow(subject).to receive(:expired?).and_return(true)
|
10
|
-
should_not be_accessible
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
shared_examples 'a revocable token' do
|
16
|
-
describe :accessible? do
|
17
|
-
before { subject.save! }
|
18
|
-
|
19
|
-
it 'is accessible if token is not revoked' do
|
20
|
-
expect(subject).to be_accessible
|
21
|
-
end
|
22
|
-
|
23
|
-
it 'is not accessible if token is revoked' do
|
24
|
-
subject.revoke
|
25
|
-
expect(subject).not_to be_accessible
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
shared_examples 'a unique token' do
|
31
|
-
describe :token do
|
32
|
-
it 'is generated before validation' do
|
33
|
-
expect { subject.valid? }.to change { subject.token }.from(nil)
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'is not valid if token exists' do
|
37
|
-
token1 = FactoryGirl.create factory_name
|
38
|
-
token2 = FactoryGirl.create factory_name
|
39
|
-
token2.token = token1.token
|
40
|
-
expect(token2).not_to be_valid
|
41
|
-
end
|
42
|
-
|
43
|
-
it 'expects database to throw an error when tokens are the same' do
|
44
|
-
token1 = FactoryGirl.create factory_name
|
45
|
-
token2 = FactoryGirl.create factory_name
|
46
|
-
token2.token = token1.token
|
47
|
-
expect do
|
48
|
-
token2.save!(validate: false)
|
49
|
-
end.to raise_error
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|