doorkeeper-mongodb 5.2.1 → 5.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (87) hide show
  1. checksums.yaml +4 -4
  2. data/lib/doorkeeper-mongodb.rb +1 -0
  3. data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb +1 -0
  4. data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb +1 -0
  5. data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb +76 -0
  6. data/lib/doorkeeper-mongodb/mixins/mongoid/base_mixin.rb +0 -8
  7. data/lib/doorkeeper-mongodb/mixins/mongoid/json_serializable.rb +17 -0
  8. data/lib/doorkeeper-mongodb/version.rb +1 -1
  9. data/spec/controllers/application_metal_controller_spec.rb +4 -4
  10. data/spec/controllers/applications_controller_spec.rb +198 -202
  11. data/spec/controllers/authorizations_controller_spec.rb +32 -31
  12. data/spec/controllers/protected_resources_controller_spec.rb +10 -10
  13. data/spec/controllers/token_info_controller_spec.rb +1 -1
  14. data/spec/controllers/tokens_controller_spec.rb +105 -62
  15. data/spec/doorkeeper/redirect_uri_validator_spec.rb +183 -0
  16. data/spec/{lib → doorkeeper}/server_spec.rb +5 -4
  17. data/spec/{lib → doorkeeper}/stale_records_cleaner_spec.rb +8 -7
  18. data/spec/{version → doorkeeper}/version_spec.rb +3 -3
  19. data/spec/dummy/log/test.log +4220 -4184
  20. data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{eS/eSL1QMz46gKLM0GR6S9fL6uyARPxOImcappZ9_ZtSyg.cache → Pm/PmheG0PGFqDws1qgFOxOyIL-gpMof3Ar9eSRKVLYuik.cache} +0 -0
  21. data/spec/grape/grape_integration_spec.rb +1 -1
  22. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
  23. data/spec/lib/config_spec.rb +23 -12
  24. data/spec/lib/doorkeeper_spec.rb +4 -4
  25. data/spec/lib/models/expirable_spec.rb +9 -9
  26. data/spec/lib/models/reusable_spec.rb +2 -2
  27. data/spec/lib/models/revocable_spec.rb +4 -7
  28. data/spec/lib/models/scopes_spec.rb +7 -7
  29. data/spec/lib/models/secret_storable_spec.rb +9 -8
  30. data/spec/lib/oauth/authorization/uri_builder_spec.rb +23 -27
  31. data/spec/lib/oauth/authorization_code_request_spec.rb +6 -6
  32. data/spec/lib/oauth/base_request_spec.rb +11 -27
  33. data/spec/lib/oauth/base_response_spec.rb +2 -2
  34. data/spec/lib/oauth/client/credentials_spec.rb +25 -25
  35. data/spec/lib/oauth/client_credentials/creator_spec.rb +89 -91
  36. data/spec/lib/oauth/client_credentials/issuer_spec.rb +84 -86
  37. data/spec/lib/oauth/client_credentials/validation_spec.rb +72 -39
  38. data/spec/lib/oauth/client_credentials_integration_spec.rb +5 -5
  39. data/spec/lib/oauth/client_credentials_request_spec.rb +7 -10
  40. data/spec/lib/oauth/client_spec.rb +8 -8
  41. data/spec/lib/oauth/code_request_spec.rb +5 -5
  42. data/spec/lib/oauth/code_response_spec.rb +4 -4
  43. data/spec/lib/oauth/error_response_spec.rb +6 -5
  44. data/spec/lib/oauth/error_spec.rb +1 -1
  45. data/spec/lib/oauth/forbidden_token_response_spec.rb +2 -2
  46. data/spec/lib/oauth/helpers/scope_checker_spec.rb +37 -37
  47. data/spec/lib/oauth/helpers/unique_token_spec.rb +2 -2
  48. data/spec/lib/oauth/helpers/uri_checker_spec.rb +54 -54
  49. data/spec/lib/oauth/invalid_request_response_spec.rb +6 -6
  50. data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
  51. data/spec/lib/oauth/password_access_token_request_spec.rb +10 -9
  52. data/spec/lib/oauth/pre_authorization_spec.rb +20 -8
  53. data/spec/lib/oauth/refresh_token_request_spec.rb +10 -10
  54. data/spec/lib/oauth/scopes_spec.rb +14 -14
  55. data/spec/lib/oauth/token_request_spec.rb +9 -9
  56. data/spec/lib/oauth/token_response_spec.rb +5 -5
  57. data/spec/lib/oauth/token_spec.rb +5 -5
  58. data/spec/lib/option_spec.rb +1 -1
  59. data/spec/lib/request/strategy_spec.rb +34 -37
  60. data/spec/lib/secret_storing/base_spec.rb +3 -2
  61. data/spec/lib/secret_storing/bcrypt_spec.rb +2 -1
  62. data/spec/lib/secret_storing/plain_spec.rb +2 -1
  63. data/spec/lib/secret_storing/sha256_hash_spec.rb +2 -1
  64. data/spec/models/doorkeeper/access_grant_spec.rb +7 -9
  65. data/spec/models/doorkeeper/access_token_spec.rb +20 -26
  66. data/spec/models/doorkeeper/application_spec.rb +83 -26
  67. data/spec/requests/applications/applications_request_spec.rb +91 -93
  68. data/spec/requests/endpoints/authorization_spec.rb +1 -1
  69. data/spec/requests/endpoints/token_spec.rb +22 -16
  70. data/spec/requests/flows/authorization_code_errors_spec.rb +12 -8
  71. data/spec/requests/flows/authorization_code_spec.rb +108 -79
  72. data/spec/requests/flows/client_credentials_spec.rb +57 -45
  73. data/spec/requests/flows/implicit_grant_spec.rb +4 -4
  74. data/spec/requests/flows/password_spec.rb +253 -213
  75. data/spec/requests/flows/refresh_token_spec.rb +53 -39
  76. data/spec/requests/flows/revoke_token_spec.rb +24 -24
  77. data/spec/requests/flows/skip_authorization_spec.rb +1 -1
  78. data/spec/requests/protected_resources/metal_spec.rb +2 -2
  79. data/spec/routing/custom_controller_routes_spec.rb +1 -1
  80. data/spec/routing/default_routes_spec.rb +1 -1
  81. data/spec/routing/scoped_routes_spec.rb +1 -1
  82. data/spec/support/helpers/request_spec_helper.rb +1 -13
  83. data/spec/support/helpers/url_helper.rb +2 -2
  84. data/spec/support/shared/controllers_shared_context.rb +5 -38
  85. data/spec/support/shared/hashing_shared_context.rb +4 -0
  86. data/spec/support/shared/models_shared_examples.rb +6 -6
  87. metadata +13 -10
@@ -2,23 +2,22 @@
2
2
 
3
3
  require "spec_helper"
4
4
 
5
- describe "Client Credentials Request" do
5
+ RSpec.describe "Client Credentials Request" do
6
6
  let(:client) { FactoryBot.create :application }
7
7
 
8
- context "a valid request" do
8
+ context "with a valid request" do
9
9
  it "authorizes the client and returns the token response" do
10
10
  headers = authorization client.uid, client.secret
11
11
  params = { grant_type: "client_credentials" }
12
12
 
13
13
  post "/oauth/token", params: params, headers: headers
14
14
 
15
- should_have_json "access_token", Doorkeeper::AccessToken.first.token
16
- should_have_json_within "expires_in", Doorkeeper.configuration.access_token_expires_in, 1
17
- should_not_have_json "scope"
18
- should_not_have_json "refresh_token"
19
-
20
- should_not_have_json "error"
21
- should_not_have_json "error_description"
15
+ expect(json_response).to match(
16
+ "access_token" => Doorkeeper::AccessToken.first.token,
17
+ "token_type" => "Bearer",
18
+ "expires_in" => Doorkeeper.configuration.access_token_expires_in,
19
+ "created_at" => an_instance_of(Integer),
20
+ )
22
21
  end
23
22
 
24
23
  context "with scopes" do
@@ -33,34 +32,38 @@ describe "Client Credentials Request" do
33
32
 
34
33
  post "/oauth/token", params: params, headers: headers
35
34
 
36
- should_have_json "access_token", Doorkeeper::AccessToken.first.token
37
- should_have_json "scope", "write"
35
+ expect(json_response).to include(
36
+ "access_token" => Doorkeeper::AccessToken.first.token,
37
+ "scope" => "write",
38
+ )
38
39
  end
39
40
 
40
- context "that are default" do
41
+ context "when scopes are default" do
41
42
  it "adds the scope to the token an returns in the response" do
42
43
  headers = authorization client.uid, client.secret
43
44
  params = { grant_type: "client_credentials", scope: "public" }
44
45
 
45
46
  post "/oauth/token", params: params, headers: headers
46
47
 
47
- should_have_json "access_token", Doorkeeper::AccessToken.first.token
48
- should_have_json "scope", "public"
48
+ expect(json_response).to include(
49
+ "access_token" => Doorkeeper::AccessToken.first.token,
50
+ "scope" => "public",
51
+ )
49
52
  end
50
53
  end
51
54
 
52
- context "that are invalid" do
55
+ context "when scopes are invalid" do
53
56
  it "does not authorize the client and returns the error" do
54
57
  headers = authorization client.uid, client.secret
55
58
  params = { grant_type: "client_credentials", scope: "random" }
56
59
 
57
60
  post "/oauth/token", params: params, headers: headers
58
61
 
59
- should_have_json "error", "invalid_scope"
60
- should_have_json "error_description", translated_error_message(:invalid_scope)
61
- should_not_have_json "access_token"
62
-
63
62
  expect(response.status).to eq(400)
63
+ expect(json_response).to match(
64
+ "error" => "invalid_scope",
65
+ "error_description" => translated_error_message(:invalid_scope),
66
+ )
64
67
  end
65
68
  end
66
69
  end
@@ -82,8 +85,10 @@ describe "Client Credentials Request" do
82
85
 
83
86
  post "/oauth/token", params: params, headers: headers
84
87
 
85
- should_have_json "error", "unauthorized_client"
86
- should_have_json "error_description", translated_error_message(:unauthorized_client)
88
+ expect(json_response).to match(
89
+ "error" => "unauthorized_client",
90
+ "error_description" => translated_error_message(:unauthorized_client),
91
+ )
87
92
  end
88
93
 
89
94
  scenario "allows the request when satisfies condition" do
@@ -94,13 +99,12 @@ describe "Client Credentials Request" do
94
99
 
95
100
  post "/oauth/token", params: params, headers: headers
96
101
 
97
- should_have_json "access_token", Doorkeeper::AccessToken.first.token
98
- should_have_json_within "expires_in", Doorkeeper.configuration.access_token_expires_in, 1
99
- should_not_have_json "scope"
100
- should_not_have_json "refresh_token"
101
-
102
- should_not_have_json "error"
103
- should_not_have_json "error_description"
102
+ expect(json_response).to match(
103
+ "access_token" => Doorkeeper::AccessToken.first.token,
104
+ "token_type" => "Bearer",
105
+ "expires_in" => 7200,
106
+ "created_at" => an_instance_of(Integer),
107
+ )
104
108
  end
105
109
  end
106
110
 
@@ -122,8 +126,10 @@ describe "Client Credentials Request" do
122
126
  token = Doorkeeper::AccessToken.first
123
127
 
124
128
  expect(token.application_id).to eq client.id
125
- should_have_json "access_token", token.token
126
- should_have_json "scope", "public"
129
+ expect(json_response).to include(
130
+ "access_token" => token.token,
131
+ "scope" => "public",
132
+ )
127
133
  end
128
134
 
129
135
  it "issues new token with multiple default scopes that are present in application scopes" do
@@ -139,30 +145,33 @@ describe "Client Credentials Request" do
139
145
  token = Doorkeeper::AccessToken.first
140
146
 
141
147
  expect(token.application_id).to eq client.id
142
- should_have_json "access_token", token.token
143
- should_have_json "scope", "public read"
148
+ expect(json_response).to include(
149
+ "access_token" => token.token,
150
+ "scope" => "public read",
151
+ )
144
152
  end
145
153
  end
146
154
 
147
- context "an invalid request" do
155
+ context "when request is invalid" do
148
156
  it "does not authorize the client and returns the error" do
149
157
  headers = {}
150
158
  params = { grant_type: "client_credentials" }
151
159
 
152
160
  post "/oauth/token", params: params, headers: headers
153
161
 
154
- should_have_json "error", "invalid_client"
155
- should_have_json "error_description", translated_error_message(:invalid_client)
156
- should_not_have_json "access_token"
157
-
158
162
  expect(response.status).to eq(401)
163
+
164
+ expect(json_response).to match(
165
+ "error" => "invalid_client",
166
+ "error_description" => translated_error_message(:invalid_client),
167
+ )
159
168
  end
160
169
  end
161
170
 
162
171
  context "when revoke_previous_client_credentials_token is true" do
163
172
  before do
164
- allow(Doorkeeper.config).to receive(:reuse_access_token) { false }
165
- allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token) { true }
173
+ allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(false)
174
+ allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token?).and_return(true)
166
175
  end
167
176
 
168
177
  it "revokes the previous token" do
@@ -170,15 +179,15 @@ describe "Client Credentials Request" do
170
179
  params = { grant_type: "client_credentials" }
171
180
 
172
181
  post "/oauth/token", params: params, headers: headers
173
- should_have_json "access_token", Doorkeeper::AccessToken.first.token
182
+ expect(json_response).to include("access_token" => Doorkeeper::AccessToken.first.token)
174
183
 
175
184
  token = Doorkeeper::AccessToken.first
176
185
 
177
186
  post "/oauth/token", params: params, headers: headers
178
- should_have_json "access_token", Doorkeeper::AccessToken.last.token
187
+ expect(json_response).to include("access_token" => Doorkeeper::AccessToken.last.token)
179
188
 
180
- expect(token.reload.revoked?).to be_truthy
181
- expect(Doorkeeper::AccessToken.last.revoked?).to be_falsey
189
+ expect(token.reload).to be_revoked
190
+ expect(Doorkeeper::AccessToken.last).not_to be_revoked
182
191
  end
183
192
 
184
193
  context "with a simultaneous request" do
@@ -194,8 +203,11 @@ describe "Client Credentials Request" do
194
203
  params = { grant_type: "client_credentials" }
195
204
 
196
205
  post "/oauth/token", params: params, headers: headers
197
- should_not_have_json "access_token"
198
- should_have_json "error", "invalid_token_reuse"
206
+
207
+ expect(json_response).to match(
208
+ "error" => "invalid_token_reuse",
209
+ "error_description" => translated_error_message(:server_error),
210
+ )
199
211
  end
200
212
  end
201
213
  end
@@ -44,7 +44,7 @@ feature "Implicit Grant Flow (feature spec)" do
44
44
  end
45
45
  end
46
46
 
47
- describe "Implicit Grant Flow (request spec)" do
47
+ RSpec.describe "Implicit Grant Flow (request spec)" do
48
48
  before do
49
49
  default_scopes_exist :default
50
50
  config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
@@ -53,8 +53,8 @@ describe "Implicit Grant Flow (request spec)" do
53
53
  create_resource_owner
54
54
  end
55
55
 
56
- context "token reuse" do
57
- it "should return a new token each request" do
56
+ context "when reuse_access_token enabled" do
57
+ it "returns a new token each request" do
58
58
  allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
59
59
 
60
60
  token = client_is_authorized(@client, @resource_owner, scopes: "default")
@@ -71,7 +71,7 @@ describe "Implicit Grant Flow (request spec)" do
71
71
  expect(response.location).not_to include(token.token)
72
72
  end
73
73
 
74
- it "should return the same token if it is still accessible" do
74
+ it "returns the same token if it is still accessible" do
75
75
  allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
76
76
 
77
77
  token = client_is_authorized(@client, @resource_owner, scopes: "default")
@@ -2,315 +2,355 @@
2
2
 
3
3
  require "spec_helper"
4
4
 
5
- describe "Resource Owner Password Credentials Flow not set up" do
6
- before do
7
- client_exists
8
- create_resource_owner
9
- end
5
+ RSpec.describe "Resource Owner Password Credentials Flow" do
6
+ context "when not setup properly" do
7
+ before do
8
+ client_exists
9
+ create_resource_owner
10
+ end
10
11
 
11
- context "with valid user credentials" do
12
- it "does not issue new token" do
13
- expect do
14
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
15
- end.to_not(change { Doorkeeper::AccessToken.count })
12
+ context "with valid user credentials" do
13
+ it "does not issue new token" do
14
+ expect do
15
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
16
+ end.not_to(change { Doorkeeper::AccessToken.count })
17
+ end
16
18
  end
17
19
  end
18
- end
19
20
 
20
- describe "Resource Owner Password Credentials Flow" do
21
- let(:client_attributes) { { redirect_uri: nil } }
21
+ context "when grant type configured" do
22
+ let(:client_attributes) { { redirect_uri: nil } }
22
23
 
23
- before do
24
- config_is_set(:grant_flows, ["password"])
25
- config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
26
- client_exists(client_attributes)
27
- create_resource_owner
28
- end
24
+ before do
25
+ config_is_set(:grant_flows, ["password"])
26
+ config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
27
+ client_exists(client_attributes)
28
+ create_resource_owner
29
+ end
29
30
 
30
- context "with valid user credentials" do
31
- context "with non-confidential/public client" do
32
- let(:client_attributes) { { confidential: false } }
31
+ context "with valid user credentials" do
32
+ context "with confidential client authorized using Basic auth" do
33
+ it "issues a new token" do
34
+ expect do
35
+ post password_token_endpoint_url(
36
+ resource_owner: @resource_owner,
37
+ ), headers: { "HTTP_AUTHORIZATION" => basic_auth_header_for_client(@client) }
38
+ end.to(change { Doorkeeper::AccessToken.count })
33
39
 
34
- context "when configured to check application supported grant flow" do
35
- before do
36
- Doorkeeper.configuration.instance_variable_set(
37
- :@allow_grant_flow_for_client,
38
- ->(_grant_flow, client) { client.name == "admin" },
40
+ token = Doorkeeper::AccessToken.first
41
+ expect(token.application_id).to eq(@client.id)
42
+
43
+ expect(json_response).to match(
44
+ "access_token" => token.token,
45
+ "expires_in" => an_instance_of(Integer),
46
+ "token_type" => "Bearer",
47
+ "created_at" => an_instance_of(Integer),
39
48
  )
40
49
  end
50
+ end
41
51
 
42
- scenario "forbids the request when doesn't satisfy condition" do
43
- @client.update(name: "sample app")
52
+ context "with non-confidential/public client" do
53
+ let(:client_attributes) { { confidential: false } }
44
54
 
45
- expect do
46
- post password_token_endpoint_url(
47
- client_id: @client.uid,
48
- client_secret: "foobar",
49
- resource_owner: @resource_owner,
55
+ context "when configured to check application supported grant flow" do
56
+ before do
57
+ Doorkeeper.configuration.instance_variable_set(
58
+ :@allow_grant_flow_for_client,
59
+ ->(_grant_flow, client) { client.name == "admin" },
50
60
  )
51
- end.not_to(change { Doorkeeper::AccessToken.count })
61
+ end
52
62
 
53
- expect(response.status).to eq(401)
54
- should_have_json "error", "invalid_client"
55
- end
63
+ scenario "forbids the request when doesn't satisfy condition" do
64
+ @client.update(name: "sample app")
65
+
66
+ expect do
67
+ post password_token_endpoint_url(
68
+ client_id: @client.uid,
69
+ client_secret: "foobar",
70
+ resource_owner: @resource_owner,
71
+ )
72
+ end.not_to(change { Doorkeeper::AccessToken.count })
56
73
 
57
- scenario "allows the request when satisfies condition" do
58
- @client.update(name: "admin")
74
+ expect(response.status).to eq(401)
75
+ expect(json_response).to match(
76
+ "error" => "invalid_client",
77
+ "error_description" => an_instance_of(String),
78
+ )
79
+ end
59
80
 
60
- expect do
61
- post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
62
- end.to change { Doorkeeper::AccessToken.count }.by(1)
81
+ scenario "allows the request when satisfies condition" do
82
+ @client.update(name: "admin")
63
83
 
64
- token = Doorkeeper::AccessToken.first
84
+ expect do
85
+ post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
86
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
87
+
88
+ token = Doorkeeper::AccessToken.first
89
+ expect(token.application_id).to eq(@client.id)
65
90
 
66
- expect(token.application_id).to eq @client.id
67
- should_have_json "access_token", token.token
91
+ expect(json_response).to include("access_token" => token.token)
92
+ end
68
93
  end
69
- end
70
94
 
71
- context "when client_secret absent" do
72
- it "should issue new token" do
73
- expect do
74
- post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
75
- end.to change { Doorkeeper::AccessToken.count }.by(1)
95
+ context "when client_secret absent" do
96
+ it "issues a new token" do
97
+ expect do
98
+ post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
99
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
76
100
 
77
- token = Doorkeeper::AccessToken.first
101
+ token = Doorkeeper::AccessToken.first
78
102
 
79
- expect(token.application_id).to eq @client.id
80
- should_have_json "access_token", token.token
103
+ expect(token.application_id).to eq(@client.id)
104
+ expect(json_response).to include("access_token" => token.token)
105
+ end
106
+ end
107
+
108
+ context "when client_secret present" do
109
+ it "issues a new token" do
110
+ expect do
111
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
112
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
113
+
114
+ token = Doorkeeper::AccessToken.first
115
+
116
+ expect(token.application_id).to eq(@client.id)
117
+ expect(json_response).to include("access_token" => token.token)
118
+ end
119
+
120
+ context "when client_secret incorrect" do
121
+ it "doesn't issue new token" do
122
+ expect do
123
+ post password_token_endpoint_url(
124
+ client_id: @client.uid,
125
+ client_secret: "foobar",
126
+ resource_owner: @resource_owner,
127
+ )
128
+ end.not_to(change { Doorkeeper::AccessToken.count })
129
+
130
+ expect(response.status).to eq(401)
131
+ expect(json_response).to include(
132
+ "error" => "invalid_client",
133
+ "error_description" => an_instance_of(String),
134
+ )
135
+ end
136
+ end
81
137
  end
82
138
  end
83
139
 
84
- context "when client_secret present" do
85
- it "should issue new token" do
140
+ context "with confidential/private client" do
141
+ it "issues a new token" do
86
142
  expect do
87
143
  post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
88
144
  end.to change { Doorkeeper::AccessToken.count }.by(1)
89
145
 
90
146
  token = Doorkeeper::AccessToken.first
91
147
 
92
- expect(token.application_id).to eq @client.id
93
- should_have_json "access_token", token.token
148
+ expect(token.application_id).to eq(@client.id)
149
+ expect(json_response).to include("access_token" => token.token)
94
150
  end
95
151
 
96
- context "when client_secret incorrect" do
97
- it "should not issue new token" do
152
+ context "when client_secret absent" do
153
+ it "doesn't issue new token" do
98
154
  expect do
99
- post password_token_endpoint_url(
100
- client_id: @client.uid,
101
- client_secret: "foobar",
102
- resource_owner: @resource_owner,
103
- )
155
+ post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
104
156
  end.not_to(change { Doorkeeper::AccessToken.count })
105
157
 
106
158
  expect(response.status).to eq(401)
107
- should_have_json "error", "invalid_client"
159
+ expect(json_response).to match(
160
+ "error" => "invalid_client",
161
+ "error_description" => an_instance_of(String),
162
+ )
108
163
  end
109
164
  end
110
165
  end
111
- end
112
166
 
113
- context "with confidential/private client" do
114
- it "should issue new token" do
167
+ it "issues new token without client credentials" do
115
168
  expect do
116
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
117
- end.to change { Doorkeeper::AccessToken.count }.by(1)
169
+ post password_token_endpoint_url(resource_owner: @resource_owner)
170
+ end.to(change { Doorkeeper::AccessToken.count }.by(1))
118
171
 
119
172
  token = Doorkeeper::AccessToken.first
120
173
 
121
- expect(token.application_id).to eq @client.id
122
- should_have_json "access_token", token.token
123
- end
124
-
125
- context "when client_secret absent" do
126
- it "should not issue new token" do
127
- expect do
128
- post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
129
- end.not_to(change { Doorkeeper::AccessToken.count })
130
-
131
- expect(response.status).to eq(401)
132
- should_have_json "error", "invalid_client"
133
- end
174
+ expect(token.application_id).to be_nil
175
+ expect(json_response).to include("access_token" => token.token)
134
176
  end
135
- end
136
177
 
137
- it "should issue new token without client credentials" do
138
- expect do
139
- post password_token_endpoint_url(resource_owner: @resource_owner)
140
- end.to(change { Doorkeeper::AccessToken.count }.by(1))
178
+ it "issues a refresh token if enabled" do
179
+ config_is_set(:refresh_token_enabled, true)
141
180
 
142
- token = Doorkeeper::AccessToken.first
181
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
143
182
 
144
- expect(token.application_id).to be_nil
145
- should_have_json "access_token", token.token
146
- end
183
+ token = Doorkeeper::AccessToken.first
184
+ expect(json_response).to include("refresh_token" => token.refresh_token)
185
+ end
147
186
 
148
- it "should issue a refresh token if enabled" do
149
- config_is_set(:refresh_token_enabled, true)
187
+ it "returns the same token if it is still accessible" do
188
+ allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
150
189
 
151
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
190
+ client_is_authorized(@client, @resource_owner)
152
191
 
153
- token = Doorkeeper::AccessToken.first
192
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
154
193
 
155
- should_have_json "refresh_token", token.refresh_token
156
- end
194
+ expect(Doorkeeper::AccessToken.count).to be(1)
195
+ expect(json_response).to include("access_token" => Doorkeeper::AccessToken.first.token)
196
+ end
157
197
 
158
- it "should return the same token if it is still accessible" do
159
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
198
+ context "with valid, default scope" do
199
+ before do
200
+ default_scopes_exist :public
201
+ end
160
202
 
161
- client_is_authorized(@client, @resource_owner)
203
+ it "issues new token" do
204
+ expect do
205
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner, scope: "public")
206
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
162
207
 
163
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
208
+ token = Doorkeeper::AccessToken.first
164
209
 
165
- expect(Doorkeeper::AccessToken.count).to be(1)
166
- should_have_json "access_token", Doorkeeper::AccessToken.first.token
210
+ expect(token.application_id).to eq(@client.id)
211
+ expect(json_response).to include(
212
+ "access_token" => token.token,
213
+ "scope" => "public",
214
+ )
215
+ end
216
+ end
167
217
  end
168
218
 
169
- context "with valid, default scope" do
219
+ context "when application scopes are present and differs from configured default scopes and no scope is passed" do
170
220
  before do
171
221
  default_scopes_exist :public
222
+ @client.update(scopes: "abc")
172
223
  end
173
224
 
174
- it "should issue new token" do
225
+ it "issues new token without any scope" do
175
226
  expect do
176
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner, scope: "public")
227
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
177
228
  end.to change { Doorkeeper::AccessToken.count }.by(1)
178
229
 
179
230
  token = Doorkeeper::AccessToken.first
180
231
 
181
- expect(token.application_id).to eq @client.id
182
- should_have_json "access_token", token.token
183
- should_have_json "scope", "public"
232
+ expect(token.application_id).to eq(@client.id)
233
+ expect(token.scopes).to be_empty
234
+ expect(json_response).to include("access_token" => token.token)
235
+ expect(json_response).not_to include("scope")
184
236
  end
185
237
  end
186
- end
187
238
 
188
- context "when application scopes are present and differs from configured default scopes and no scope is passed" do
189
- before do
190
- default_scopes_exist :public
191
- @client.update(scopes: "abc")
192
- end
239
+ context "when application scopes contain some of the default scopes and no scope is passed" do
240
+ before do
241
+ @client.update(scopes: "read write public")
242
+ end
193
243
 
194
- it "issues new token without any scope" do
195
- expect do
196
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
197
- end.to change { Doorkeeper::AccessToken.count }.by(1)
244
+ it "issues new token with one default scope that are present in application scopes" do
245
+ default_scopes_exist :public, :admin
198
246
 
199
- token = Doorkeeper::AccessToken.first
247
+ expect do
248
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
249
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
200
250
 
201
- expect(token.application_id).to eq @client.id
202
- expect(token.scopes).to be_empty
203
- should_have_json "access_token", token.token
204
- should_not_have_json "scope"
205
- end
206
- end
251
+ token = Doorkeeper::AccessToken.first
207
252
 
208
- context "when application scopes contain some of the default scopes and no scope is passed" do
209
- before do
210
- @client.update(scopes: "read write public")
211
- end
253
+ expect(token.application_id).to eq(@client.id)
254
+ expect(json_response).to include(
255
+ "access_token" => token.token,
256
+ "scope" => "public",
257
+ )
258
+ end
212
259
 
213
- it "issues new token with one default scope that are present in application scopes" do
214
- default_scopes_exist :public, :admin
260
+ it "issues new token with multiple default scopes that are present in application scopes" do
261
+ default_scopes_exist :public, :read, :update
215
262
 
216
- expect do
217
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
218
- end.to change { Doorkeeper::AccessToken.count }.by(1)
263
+ expect do
264
+ post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
265
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
219
266
 
220
- token = Doorkeeper::AccessToken.first
267
+ token = Doorkeeper::AccessToken.first
221
268
 
222
- expect(token.application_id).to eq @client.id
223
- should_have_json "access_token", token.token
224
- should_have_json "scope", "public"
269
+ expect(token.application_id).to eq(@client.id)
270
+ expect(json_response).to include(
271
+ "access_token" => token.token,
272
+ "scope" => "public read",
273
+ )
274
+ end
225
275
  end
226
276
 
227
- it "issues new token with multiple default scopes that are present in application scopes" do
228
- default_scopes_exist :public, :read, :update
229
-
230
- expect do
231
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
232
- end.to change { Doorkeeper::AccessToken.count }.by(1)
233
-
234
- token = Doorkeeper::AccessToken.first
277
+ context "with invalid scopes" do
278
+ subject do
279
+ post password_token_endpoint_url(
280
+ client: @client,
281
+ resource_owner: @resource_owner,
282
+ scope: "random",
283
+ )
284
+ end
235
285
 
236
- expect(token.application_id).to eq @client.id
237
- should_have_json "access_token", token.token
238
- should_have_json "scope", "public read"
239
- end
240
- end
286
+ it "doesn't issue new token" do
287
+ expect { subject }.not_to(change { Doorkeeper::AccessToken.count })
288
+ end
241
289
 
242
- context "with invalid scopes" do
243
- subject do
244
- post password_token_endpoint_url(
245
- client: @client,
246
- resource_owner: @resource_owner,
247
- scope: "random",
248
- )
249
- end
290
+ it "returns invalid_scope error" do
291
+ subject
250
292
 
251
- it "should not issue new token" do
252
- expect { subject }.to_not(change { Doorkeeper::AccessToken.count })
253
- end
293
+ expect(json_response).to include(
294
+ "error" => "invalid_scope",
295
+ "error_description" => translated_error_message(:invalid_scope),
296
+ )
254
297
 
255
- it "should return invalid_scope error" do
256
- subject
257
- should_have_json "error", "invalid_scope"
258
- should_have_json "error_description", translated_error_message(:invalid_scope)
259
- should_not_have_json "access_token"
298
+ expect(json_response).not_to include("access_token")
260
299
 
261
- expect(response.status).to eq(400)
300
+ expect(response.status).to eq(400)
301
+ end
262
302
  end
263
- end
264
303
 
265
- context "with invalid user credentials" do
266
- it "should not issue new token with bad password" do
267
- expect do
268
- post password_token_endpoint_url(
269
- client: @client,
270
- resource_owner_username: @resource_owner.name,
271
- resource_owner_password: "wrongpassword",
272
- )
273
- end.to_not(change { Doorkeeper::AccessToken.count })
274
- end
304
+ context "with invalid user credentials" do
305
+ it "doesn't issue new token with bad password" do
306
+ expect do
307
+ post password_token_endpoint_url(
308
+ client: @client,
309
+ resource_owner_username: @resource_owner.name,
310
+ resource_owner_password: "wrongpassword",
311
+ )
312
+ end.not_to(change { Doorkeeper::AccessToken.count })
313
+ end
275
314
 
276
- it "should not issue new token without credentials" do
277
- expect do
278
- post password_token_endpoint_url(client: @client)
279
- end.to_not(change { Doorkeeper::AccessToken.count })
280
- end
315
+ it "doesn't issue new token without credentials" do
316
+ expect do
317
+ post password_token_endpoint_url(client: @client)
318
+ end.not_to(change { Doorkeeper::AccessToken.count })
319
+ end
281
320
 
282
- it "should not issue new token if resource_owner_from_credentials returned false or nil" do
283
- config_is_set(:resource_owner_from_credentials) { false }
321
+ it "doesn't issue new token if resource_owner_from_credentials returned false or nil" do
322
+ config_is_set(:resource_owner_from_credentials) { false }
284
323
 
285
- expect do
286
- post password_token_endpoint_url(client: @client)
287
- end.to_not(change { Doorkeeper::AccessToken.count })
324
+ expect do
325
+ post password_token_endpoint_url(client: @client)
326
+ end.not_to(change { Doorkeeper::AccessToken.count })
288
327
 
289
- config_is_set(:resource_owner_from_credentials) { nil }
328
+ config_is_set(:resource_owner_from_credentials) { nil }
290
329
 
291
- expect do
292
- post password_token_endpoint_url(client: @client)
293
- end.to_not(change { Doorkeeper::AccessToken.count })
330
+ expect do
331
+ post password_token_endpoint_url(client: @client)
332
+ end.not_to(change { Doorkeeper::AccessToken.count })
333
+ end
294
334
  end
295
- end
296
335
 
297
- context "with invalid confidential client credentials" do
298
- it "should not issue new token with bad client credentials" do
299
- expect do
300
- post password_token_endpoint_url(
301
- client_id: @client.uid,
302
- client_secret: "bad_secret",
303
- resource_owner: @resource_owner,
304
- )
305
- end.to_not(change { Doorkeeper::AccessToken.count })
336
+ context "with invalid confidential client credentials" do
337
+ it "doesn't issue new token with bad client credentials" do
338
+ expect do
339
+ post password_token_endpoint_url(
340
+ client_id: @client.uid,
341
+ client_secret: "bad_secret",
342
+ resource_owner: @resource_owner,
343
+ )
344
+ end.not_to(change { Doorkeeper::AccessToken.count })
345
+ end
306
346
  end
307
- end
308
347
 
309
- context "with invalid public client id" do
310
- it "should not issue new token with bad client id" do
311
- expect do
312
- post password_token_endpoint_url(client_id: "bad_id", resource_owner: @resource_owner)
313
- end.to_not(change { Doorkeeper::AccessToken.count })
348
+ context "with invalid public client id" do
349
+ it "doesn't issue new token with bad client id" do
350
+ expect do
351
+ post password_token_endpoint_url(client_id: "bad_id", resource_owner: @resource_owner)
352
+ end.not_to(change { Doorkeeper::AccessToken.count })
353
+ end
314
354
  end
315
355
  end
316
356
  end