doorkeeper-mongodb 5.2.1 → 5.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/doorkeeper-mongodb.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb +76 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/base_mixin.rb +0 -8
- data/lib/doorkeeper-mongodb/mixins/mongoid/json_serializable.rb +17 -0
- data/lib/doorkeeper-mongodb/version.rb +1 -1
- data/spec/controllers/application_metal_controller_spec.rb +4 -4
- data/spec/controllers/applications_controller_spec.rb +198 -202
- data/spec/controllers/authorizations_controller_spec.rb +32 -31
- data/spec/controllers/protected_resources_controller_spec.rb +10 -10
- data/spec/controllers/token_info_controller_spec.rb +1 -1
- data/spec/controllers/tokens_controller_spec.rb +105 -62
- data/spec/doorkeeper/redirect_uri_validator_spec.rb +183 -0
- data/spec/{lib → doorkeeper}/server_spec.rb +5 -4
- data/spec/{lib → doorkeeper}/stale_records_cleaner_spec.rb +8 -7
- data/spec/{version → doorkeeper}/version_spec.rb +3 -3
- data/spec/dummy/log/test.log +4220 -4184
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{eS/eSL1QMz46gKLM0GR6S9fL6uyARPxOImcappZ9_ZtSyg.cache → Pm/PmheG0PGFqDws1qgFOxOyIL-gpMof3Ar9eSRKVLYuik.cache} +0 -0
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +23 -12
- data/spec/lib/doorkeeper_spec.rb +4 -4
- data/spec/lib/models/expirable_spec.rb +9 -9
- data/spec/lib/models/reusable_spec.rb +2 -2
- data/spec/lib/models/revocable_spec.rb +4 -7
- data/spec/lib/models/scopes_spec.rb +7 -7
- data/spec/lib/models/secret_storable_spec.rb +9 -8
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +23 -27
- data/spec/lib/oauth/authorization_code_request_spec.rb +6 -6
- data/spec/lib/oauth/base_request_spec.rb +11 -27
- data/spec/lib/oauth/base_response_spec.rb +2 -2
- data/spec/lib/oauth/client/credentials_spec.rb +25 -25
- data/spec/lib/oauth/client_credentials/creator_spec.rb +89 -91
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +84 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +72 -39
- data/spec/lib/oauth/client_credentials_integration_spec.rb +5 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +7 -10
- data/spec/lib/oauth/client_spec.rb +8 -8
- data/spec/lib/oauth/code_request_spec.rb +5 -5
- data/spec/lib/oauth/code_response_spec.rb +4 -4
- data/spec/lib/oauth/error_response_spec.rb +6 -5
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/forbidden_token_response_spec.rb +2 -2
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +37 -37
- data/spec/lib/oauth/helpers/unique_token_spec.rb +2 -2
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +54 -54
- data/spec/lib/oauth/invalid_request_response_spec.rb +6 -6
- data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
- data/spec/lib/oauth/password_access_token_request_spec.rb +10 -9
- data/spec/lib/oauth/pre_authorization_spec.rb +20 -8
- data/spec/lib/oauth/refresh_token_request_spec.rb +10 -10
- data/spec/lib/oauth/scopes_spec.rb +14 -14
- data/spec/lib/oauth/token_request_spec.rb +9 -9
- data/spec/lib/oauth/token_response_spec.rb +5 -5
- data/spec/lib/oauth/token_spec.rb +5 -5
- data/spec/lib/option_spec.rb +1 -1
- data/spec/lib/request/strategy_spec.rb +34 -37
- data/spec/lib/secret_storing/base_spec.rb +3 -2
- data/spec/lib/secret_storing/bcrypt_spec.rb +2 -1
- data/spec/lib/secret_storing/plain_spec.rb +2 -1
- data/spec/lib/secret_storing/sha256_hash_spec.rb +2 -1
- data/spec/models/doorkeeper/access_grant_spec.rb +7 -9
- data/spec/models/doorkeeper/access_token_spec.rb +20 -26
- data/spec/models/doorkeeper/application_spec.rb +83 -26
- data/spec/requests/applications/applications_request_spec.rb +91 -93
- data/spec/requests/endpoints/authorization_spec.rb +1 -1
- data/spec/requests/endpoints/token_spec.rb +22 -16
- data/spec/requests/flows/authorization_code_errors_spec.rb +12 -8
- data/spec/requests/flows/authorization_code_spec.rb +108 -79
- data/spec/requests/flows/client_credentials_spec.rb +57 -45
- data/spec/requests/flows/implicit_grant_spec.rb +4 -4
- data/spec/requests/flows/password_spec.rb +253 -213
- data/spec/requests/flows/refresh_token_spec.rb +53 -39
- data/spec/requests/flows/revoke_token_spec.rb +24 -24
- data/spec/requests/flows/skip_authorization_spec.rb +1 -1
- data/spec/requests/protected_resources/metal_spec.rb +2 -2
- data/spec/routing/custom_controller_routes_spec.rb +1 -1
- data/spec/routing/default_routes_spec.rb +1 -1
- data/spec/routing/scoped_routes_spec.rb +1 -1
- data/spec/support/helpers/request_spec_helper.rb +1 -13
- data/spec/support/helpers/url_helper.rb +2 -2
- data/spec/support/shared/controllers_shared_context.rb +5 -38
- data/spec/support/shared/hashing_shared_context.rb +4 -0
- data/spec/support/shared/models_shared_examples.rb +6 -6
- metadata +13 -10
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::AuthorizationsController
|
|
5
|
+
RSpec.describe Doorkeeper::AuthorizationsController do
|
|
6
6
|
include AuthorizationRequestHelper
|
|
7
7
|
|
|
8
8
|
class ActionDispatch::TestResponse
|
|
@@ -14,8 +14,8 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
14
14
|
end
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
let(:client)
|
|
18
|
-
let(:user)
|
|
17
|
+
let(:client) { FactoryBot.create :application }
|
|
18
|
+
let(:user) { User.create!(name: "Joe", password: "sekret") }
|
|
19
19
|
|
|
20
20
|
let(:access_token) do
|
|
21
21
|
FactoryBot.build :access_token,
|
|
@@ -27,6 +27,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
27
27
|
|
|
28
28
|
before do
|
|
29
29
|
Doorkeeper.configure do
|
|
30
|
+
orm DOORKEEPER_ORM
|
|
30
31
|
default_scopes :default
|
|
31
32
|
|
|
32
33
|
custom_access_token_expires_in(lambda do |context|
|
|
@@ -37,7 +38,6 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
37
38
|
allow(Doorkeeper.config).to receive(:grant_flows).and_return(["implicit"])
|
|
38
39
|
allow(Doorkeeper.config).to receive(:authenticate_resource_owner).and_return(->(_) { authenticator_method })
|
|
39
40
|
allow(controller).to receive(:authenticator_method).and_return(user)
|
|
40
|
-
expect(controller).to receive(:authenticator_method).at_most(:once)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
describe "POST #create" do
|
|
@@ -47,6 +47,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
47
47
|
|
|
48
48
|
it "redirects after authorization" do
|
|
49
49
|
expect(response).to be_redirect
|
|
50
|
+
expect(controller).to receive(:authenticator_method).at_most(:once)
|
|
50
51
|
end
|
|
51
52
|
|
|
52
53
|
it "redirects to client redirect uri" do
|
|
@@ -311,7 +312,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
311
312
|
end
|
|
312
313
|
|
|
313
314
|
it "includes error description in redirect uri" do
|
|
314
|
-
expect(redirect_uri.match(/error_description=(.+)&?/)[1]).
|
|
315
|
+
expect(redirect_uri.match(/error_description=(.+)&?/)[1]).not_to be_nil
|
|
315
316
|
end
|
|
316
317
|
|
|
317
318
|
it "does not issue any access token" do
|
|
@@ -356,13 +357,13 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
356
357
|
}
|
|
357
358
|
end
|
|
358
359
|
|
|
359
|
-
it "
|
|
360
|
+
it "calls :before_successful_authorization callback" do
|
|
360
361
|
expect(Doorkeeper.config)
|
|
361
362
|
.to receive_message_chain(:before_successful_authorization, :call)
|
|
362
363
|
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
|
363
364
|
end
|
|
364
365
|
|
|
365
|
-
it "
|
|
366
|
+
it "calls :after_successful_authorization callback" do
|
|
366
367
|
expect(Doorkeeper.config)
|
|
367
368
|
.to receive_message_chain(:after_successful_authorization, :call)
|
|
368
369
|
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
|
@@ -374,11 +375,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
374
375
|
post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: "bad_uri" }
|
|
375
376
|
end
|
|
376
377
|
|
|
377
|
-
it "
|
|
378
|
+
it "does not call :before_successful_authorization callback" do
|
|
378
379
|
expect(Doorkeeper.config).not_to receive(:before_successful_authorization)
|
|
379
380
|
end
|
|
380
381
|
|
|
381
|
-
it "
|
|
382
|
+
it "does not call :after_successful_authorization callback" do
|
|
382
383
|
expect(Doorkeeper.config).not_to receive(:after_successful_authorization)
|
|
383
384
|
end
|
|
384
385
|
end
|
|
@@ -399,16 +400,16 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
399
400
|
}
|
|
400
401
|
end
|
|
401
402
|
|
|
402
|
-
it "
|
|
403
|
+
it "redirects immediately" do
|
|
403
404
|
expect(response).to be_redirect
|
|
404
405
|
expect(response.location).to match(%r{/oauth/token/info\?access_token=})
|
|
405
406
|
end
|
|
406
407
|
|
|
407
|
-
it "
|
|
408
|
+
it "does not issue a grant" do
|
|
408
409
|
expect(Doorkeeper::AccessGrant.count).to be 0
|
|
409
410
|
end
|
|
410
411
|
|
|
411
|
-
it "
|
|
412
|
+
it "issues a token" do
|
|
412
413
|
expect(Doorkeeper::AccessToken.count).to be 1
|
|
413
414
|
end
|
|
414
415
|
end
|
|
@@ -429,17 +430,17 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
429
430
|
}
|
|
430
431
|
end
|
|
431
432
|
|
|
432
|
-
it "
|
|
433
|
+
it "redirects immediately" do
|
|
433
434
|
expect(response).to be_redirect
|
|
434
435
|
expect(response.location)
|
|
435
436
|
.to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
|
|
436
437
|
end
|
|
437
438
|
|
|
438
|
-
it "
|
|
439
|
+
it "issues a grant" do
|
|
439
440
|
expect(Doorkeeper::AccessGrant.count).to be 1
|
|
440
441
|
end
|
|
441
442
|
|
|
442
|
-
it "
|
|
443
|
+
it "does not issue a token" do
|
|
443
444
|
expect(Doorkeeper::AccessToken.count).to be 0
|
|
444
445
|
end
|
|
445
446
|
end
|
|
@@ -457,12 +458,12 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
457
458
|
}
|
|
458
459
|
end
|
|
459
460
|
|
|
460
|
-
it "
|
|
461
|
+
it "redirects immediately" do
|
|
461
462
|
expect(response).to be_redirect
|
|
462
463
|
expect(response.location).to match(/^#{client.redirect_uri}/)
|
|
463
464
|
end
|
|
464
465
|
|
|
465
|
-
it "
|
|
466
|
+
it "issues a token" do
|
|
466
467
|
expect(Doorkeeper::AccessToken.count).to be 1
|
|
467
468
|
end
|
|
468
469
|
|
|
@@ -494,7 +495,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
494
495
|
}
|
|
495
496
|
end
|
|
496
497
|
|
|
497
|
-
it "
|
|
498
|
+
it "renders success" do
|
|
498
499
|
expect(response).to be_successful
|
|
499
500
|
end
|
|
500
501
|
|
|
@@ -523,11 +524,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
523
524
|
}
|
|
524
525
|
end
|
|
525
526
|
|
|
526
|
-
it "
|
|
527
|
+
it "renders success" do
|
|
527
528
|
expect(response).to be_successful
|
|
528
529
|
end
|
|
529
530
|
|
|
530
|
-
it "
|
|
531
|
+
it "issues a token" do
|
|
531
532
|
expect(Doorkeeper::AccessToken.count).to be 1
|
|
532
533
|
end
|
|
533
534
|
|
|
@@ -537,7 +538,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
537
538
|
|
|
538
539
|
it "sets redirect_uri to correct value" do
|
|
539
540
|
redirect_uri = JSON.parse(response.body)["redirect_uri"]
|
|
540
|
-
expect(redirect_uri).
|
|
541
|
+
expect(redirect_uri).not_to be_nil
|
|
541
542
|
expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
|
|
542
543
|
expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
|
|
543
544
|
expect(
|
|
@@ -562,7 +563,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
562
563
|
end
|
|
563
564
|
|
|
564
565
|
it "does not redirect" do
|
|
565
|
-
expect(response).
|
|
566
|
+
expect(response).not_to be_redirect
|
|
566
567
|
end
|
|
567
568
|
|
|
568
569
|
it "does not issue any token" do
|
|
@@ -583,7 +584,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
583
584
|
end
|
|
584
585
|
|
|
585
586
|
it "does not redirect" do
|
|
586
|
-
expect(response).
|
|
587
|
+
expect(response).not_to be_redirect
|
|
587
588
|
end
|
|
588
589
|
|
|
589
590
|
it "does not issue any token" do
|
|
@@ -606,7 +607,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
606
607
|
|
|
607
608
|
let(:response_json_body) { JSON.parse(response.body) }
|
|
608
609
|
|
|
609
|
-
it "
|
|
610
|
+
it "renders bad request" do
|
|
610
611
|
expect(response).to have_http_status(:bad_request)
|
|
611
612
|
end
|
|
612
613
|
|
|
@@ -638,7 +639,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
638
639
|
|
|
639
640
|
let(:response_json_body) { JSON.parse(response.body) }
|
|
640
641
|
|
|
641
|
-
it "
|
|
642
|
+
it "renders bad request" do
|
|
642
643
|
expect(response).to have_http_status(:bad_request)
|
|
643
644
|
end
|
|
644
645
|
|
|
@@ -669,13 +670,13 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
669
670
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
|
|
670
671
|
end
|
|
671
672
|
|
|
672
|
-
it "
|
|
673
|
+
it "calls :before_successful_authorization callback" do
|
|
673
674
|
expect(Doorkeeper.configuration)
|
|
674
675
|
.to receive_message_chain(:before_successful_authorization, :call)
|
|
675
676
|
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
|
676
677
|
end
|
|
677
678
|
|
|
678
|
-
it "
|
|
679
|
+
it "calls :after_successful_authorization callback" do
|
|
679
680
|
expect(Doorkeeper.configuration)
|
|
680
681
|
.to receive_message_chain(:after_successful_authorization, :call)
|
|
681
682
|
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
|
@@ -687,11 +688,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
687
688
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
|
|
688
689
|
end
|
|
689
690
|
|
|
690
|
-
it "
|
|
691
|
+
it "does not call :before_successful_authorization callback" do
|
|
691
692
|
expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
|
|
692
693
|
end
|
|
693
694
|
|
|
694
|
-
it "
|
|
695
|
+
it "does not call :after_successful_authorization callback" do
|
|
695
696
|
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
|
696
697
|
end
|
|
697
698
|
end
|
|
@@ -702,11 +703,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
|
|
702
703
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
|
703
704
|
end
|
|
704
705
|
|
|
705
|
-
it "
|
|
706
|
+
it "does not call :before_successful_authorization callback" do
|
|
706
707
|
expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
|
|
707
708
|
end
|
|
708
709
|
|
|
709
|
-
it "
|
|
710
|
+
it "does not call :after_successful_authorization callback" do
|
|
710
711
|
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
|
711
712
|
end
|
|
712
713
|
end
|
|
@@ -16,8 +16,8 @@ module ControllerActions
|
|
|
16
16
|
def doorkeeper_forbidden_render_options(*); end
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
describe "doorkeeper authorize filter" do
|
|
20
|
-
context "accepts token code specified as" do
|
|
19
|
+
RSpec.describe "doorkeeper authorize filter" do
|
|
20
|
+
context "when accepts token code specified as" do
|
|
21
21
|
controller do
|
|
22
22
|
before_action :doorkeeper_authorize!
|
|
23
23
|
|
|
@@ -58,7 +58,7 @@ describe "doorkeeper authorize filter" do
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
it "does not change Authorization header value" do
|
|
61
|
-
expect(Doorkeeper::AccessToken).to receive(:by_token).
|
|
61
|
+
expect(Doorkeeper::AccessToken).to receive(:by_token).twice.and_return(token)
|
|
62
62
|
request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
|
|
63
63
|
get :index
|
|
64
64
|
controller.send(:remove_instance_variable, :@doorkeeper_token)
|
|
@@ -66,7 +66,7 @@ describe "doorkeeper authorize filter" do
|
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
-
context "defined for all actions" do
|
|
69
|
+
context "when defined for all actions" do
|
|
70
70
|
controller do
|
|
71
71
|
before_action :doorkeeper_authorize!
|
|
72
72
|
|
|
@@ -100,7 +100,7 @@ describe "doorkeeper authorize filter" do
|
|
|
100
100
|
end
|
|
101
101
|
end
|
|
102
102
|
|
|
103
|
-
context "defined with scopes" do
|
|
103
|
+
context "when defined with scopes" do
|
|
104
104
|
controller do
|
|
105
105
|
before_action -> { doorkeeper_authorize! :write }
|
|
106
106
|
|
|
@@ -139,7 +139,7 @@ describe "doorkeeper authorize filter" do
|
|
|
139
139
|
|
|
140
140
|
get :index, params: { access_token: token_string }
|
|
141
141
|
expect(response.status).to eq 403
|
|
142
|
-
expect(response.header).
|
|
142
|
+
expect(response.header).not_to include("WWW-Authenticate")
|
|
143
143
|
end
|
|
144
144
|
end
|
|
145
145
|
|
|
@@ -169,7 +169,7 @@ describe "doorkeeper authorize filter" do
|
|
|
169
169
|
end
|
|
170
170
|
end
|
|
171
171
|
|
|
172
|
-
it "
|
|
172
|
+
it "renders a custom JSON response", token: :invalid do
|
|
173
173
|
get :index, params: { access_token: token_string }
|
|
174
174
|
expect(response.status).to eq 401
|
|
175
175
|
expect(response.content_type).to include("application/json")
|
|
@@ -199,7 +199,7 @@ describe "doorkeeper authorize filter" do
|
|
|
199
199
|
end
|
|
200
200
|
end
|
|
201
201
|
|
|
202
|
-
it "
|
|
202
|
+
it "renders a custom text response", token: :invalid do
|
|
203
203
|
get :index, params: { access_token: token_string }
|
|
204
204
|
expect(response.status).to eq 401
|
|
205
205
|
expect(response.content_type).to include("text/plain")
|
|
@@ -253,7 +253,7 @@ describe "doorkeeper authorize filter" do
|
|
|
253
253
|
|
|
254
254
|
it "renders a custom JSON response" do
|
|
255
255
|
get :index, params: { access_token: token_string }
|
|
256
|
-
expect(response.header).
|
|
256
|
+
expect(response.header).not_to include("WWW-Authenticate")
|
|
257
257
|
expect(response.content_type).to include("application/json")
|
|
258
258
|
expect(response.status).to eq 403
|
|
259
259
|
|
|
@@ -292,7 +292,7 @@ describe "doorkeeper authorize filter" do
|
|
|
292
292
|
|
|
293
293
|
it "renders a custom status code and text response" do
|
|
294
294
|
get :index, params: { access_token: token_string }
|
|
295
|
-
expect(response.header).
|
|
295
|
+
expect(response.header).not_to include("WWW-Authenticate")
|
|
296
296
|
expect(response.status).to eq 403
|
|
297
297
|
expect(response.body).to eq("Forbidden")
|
|
298
298
|
end
|
|
@@ -2,12 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::TokensController do
|
|
5
|
+
RSpec.describe Doorkeeper::TokensController do
|
|
6
|
+
subject { JSON.parse(response.body) }
|
|
7
|
+
|
|
6
8
|
let(:client) { FactoryBot.create :application }
|
|
7
9
|
let!(:user) { User.create!(name: "Joe", password: "sekret") }
|
|
8
10
|
|
|
9
11
|
before do
|
|
10
12
|
Doorkeeper.configure do
|
|
13
|
+
orm DOORKEEPER_ORM
|
|
11
14
|
resource_owner_from_credentials do
|
|
12
15
|
User.first
|
|
13
16
|
end
|
|
@@ -16,8 +19,6 @@ describe Doorkeeper::TokensController do
|
|
|
16
19
|
allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["password"])
|
|
17
20
|
end
|
|
18
21
|
|
|
19
|
-
subject { JSON.parse(response.body) }
|
|
20
|
-
|
|
21
22
|
describe "POST #create" do
|
|
22
23
|
before do
|
|
23
24
|
post :create, params: {
|
|
@@ -70,7 +71,7 @@ describe Doorkeeper::TokensController do
|
|
|
70
71
|
end
|
|
71
72
|
|
|
72
73
|
it "include error_description in response" do
|
|
73
|
-
expect(subject["error_description"]).to
|
|
74
|
+
expect(subject["error_description"]).to be_present
|
|
74
75
|
end
|
|
75
76
|
|
|
76
77
|
it "does not include access token in response" do
|
|
@@ -104,12 +105,12 @@ describe Doorkeeper::TokensController do
|
|
|
104
105
|
}
|
|
105
106
|
end
|
|
106
107
|
|
|
107
|
-
it "
|
|
108
|
+
it "calls :before_successful_authorization callback" do
|
|
108
109
|
expect(Doorkeeper.configuration)
|
|
109
110
|
.to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class), nil)
|
|
110
111
|
end
|
|
111
112
|
|
|
112
|
-
it "
|
|
113
|
+
it "calls :after_successful_authorization callback" do
|
|
113
114
|
expect(Doorkeeper.configuration)
|
|
114
115
|
.to receive_message_chain(:after_successful_authorization, :call)
|
|
115
116
|
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
|
@@ -125,12 +126,12 @@ describe Doorkeeper::TokensController do
|
|
|
125
126
|
}
|
|
126
127
|
end
|
|
127
128
|
|
|
128
|
-
it "
|
|
129
|
+
it "calls :before_successful_authorization callback" do
|
|
129
130
|
expect(Doorkeeper.configuration)
|
|
130
131
|
.to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class), nil)
|
|
131
132
|
end
|
|
132
133
|
|
|
133
|
-
it "
|
|
134
|
+
it "does not call :after_successful_authorization callback" do
|
|
134
135
|
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
|
135
136
|
end
|
|
136
137
|
end
|
|
@@ -190,9 +191,11 @@ describe Doorkeeper::TokensController do
|
|
|
190
191
|
context "when associated app is confidential" do
|
|
191
192
|
let(:client) { FactoryBot.create(:application, confidential: true) }
|
|
192
193
|
let(:oauth_client) { Doorkeeper::OAuth::Client.new(client) }
|
|
194
|
+
let(:server) { instance_double(Doorkeeper::Server) }
|
|
193
195
|
|
|
194
|
-
before
|
|
195
|
-
|
|
196
|
+
before do
|
|
197
|
+
allow(Doorkeeper::Server).to receive(:new).and_return(server)
|
|
198
|
+
allow(server).to receive(:client).and_return(oauth_client)
|
|
196
199
|
end
|
|
197
200
|
|
|
198
201
|
it "returns 200" do
|
|
@@ -231,30 +234,35 @@ describe Doorkeeper::TokensController do
|
|
|
231
234
|
let(:access_token) { FactoryBot.create(:access_token, application: client) }
|
|
232
235
|
let(:token_for_introspection) { FactoryBot.create(:access_token, application: client) }
|
|
233
236
|
|
|
234
|
-
context "authorized using valid Bearer token" do
|
|
237
|
+
context "when authorized using valid Bearer token" do
|
|
235
238
|
it "responds with full token introspection" do
|
|
236
239
|
request.headers["Authorization"] = "Bearer #{access_token.token}"
|
|
237
240
|
|
|
238
241
|
post :introspect, params: { token: token_for_introspection.token }
|
|
239
242
|
|
|
240
|
-
|
|
243
|
+
expect(json_response).to include("active" => true)
|
|
241
244
|
expect(json_response).to include("client_id", "token_type", "exp", "iat")
|
|
242
245
|
end
|
|
243
246
|
end
|
|
244
247
|
|
|
245
|
-
context "authorized using Client Credentials of the client that token is issued to" do
|
|
248
|
+
context "when authorized using Client Credentials of the client that token is issued to" do
|
|
246
249
|
it "responds with full token introspection" do
|
|
247
250
|
request.headers["Authorization"] = basic_auth_header_for_client(client)
|
|
248
251
|
|
|
249
252
|
post :introspect, params: { token: token_for_introspection.token }
|
|
250
253
|
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
+
expect(json_response).to match(
|
|
255
|
+
"active" => true,
|
|
256
|
+
"client_id" => client.uid,
|
|
257
|
+
"token_type" => "Bearer",
|
|
258
|
+
"scope" => nil,
|
|
259
|
+
"exp" => an_instance_of(Integer),
|
|
260
|
+
"iat" => an_instance_of(Integer),
|
|
261
|
+
)
|
|
254
262
|
end
|
|
255
263
|
end
|
|
256
264
|
|
|
257
|
-
context "
|
|
265
|
+
context "when token introspection disabled" do
|
|
258
266
|
before do
|
|
259
267
|
Doorkeeper.configure do
|
|
260
268
|
orm DOORKEEPER_ORM
|
|
@@ -269,12 +277,12 @@ describe Doorkeeper::TokensController do
|
|
|
269
277
|
|
|
270
278
|
response_status_should_be 401
|
|
271
279
|
|
|
272
|
-
|
|
273
|
-
|
|
280
|
+
expect(json_response).not_to include("active")
|
|
281
|
+
expect(json_response).to include("error" => "invalid_token")
|
|
274
282
|
end
|
|
275
283
|
end
|
|
276
284
|
|
|
277
|
-
context "
|
|
285
|
+
context "when custom introspection response configured" do
|
|
278
286
|
before do
|
|
279
287
|
Doorkeeper.configure do
|
|
280
288
|
orm DOORKEEPER_ORM
|
|
@@ -292,13 +300,20 @@ describe Doorkeeper::TokensController do
|
|
|
292
300
|
|
|
293
301
|
post :introspect, params: { token: token_for_introspection.token }
|
|
294
302
|
|
|
295
|
-
expect(json_response).to
|
|
296
|
-
|
|
297
|
-
|
|
303
|
+
expect(json_response).to match(
|
|
304
|
+
"active" => true,
|
|
305
|
+
"client_id" => client.uid,
|
|
306
|
+
"token_type" => "Bearer",
|
|
307
|
+
"scope" => nil,
|
|
308
|
+
"exp" => an_instance_of(Integer),
|
|
309
|
+
"iat" => an_instance_of(Integer),
|
|
310
|
+
"aud" => "https://protected.example.net/resource",
|
|
311
|
+
"sub" => "Z5O3upPC88QrAjx00dis",
|
|
312
|
+
)
|
|
298
313
|
end
|
|
299
314
|
end
|
|
300
315
|
|
|
301
|
-
context "
|
|
316
|
+
context "when access token is public" do
|
|
302
317
|
let(:token_for_introspection) { FactoryBot.create(:access_token, application: nil) }
|
|
303
318
|
|
|
304
319
|
it "responds with full token introspection" do
|
|
@@ -306,13 +321,18 @@ describe Doorkeeper::TokensController do
|
|
|
306
321
|
|
|
307
322
|
post :introspect, params: { token: token_for_introspection.token }
|
|
308
323
|
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
324
|
+
expect(json_response).to match(
|
|
325
|
+
"active" => true,
|
|
326
|
+
"client_id" => nil,
|
|
327
|
+
"token_type" => "Bearer",
|
|
328
|
+
"scope" => nil,
|
|
329
|
+
"exp" => an_instance_of(Integer),
|
|
330
|
+
"iat" => an_instance_of(Integer),
|
|
331
|
+
)
|
|
312
332
|
end
|
|
313
333
|
end
|
|
314
334
|
|
|
315
|
-
context "token was issued to a different client than is making this request" do
|
|
335
|
+
context "when token was issued to a different client than is making this request" do
|
|
316
336
|
let(:different_client) { FactoryBot.create(:application) }
|
|
317
337
|
|
|
318
338
|
it "responds with only active state" do
|
|
@@ -322,12 +342,11 @@ describe Doorkeeper::TokensController do
|
|
|
322
342
|
|
|
323
343
|
expect(response).to be_successful
|
|
324
344
|
|
|
325
|
-
|
|
326
|
-
expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
|
|
345
|
+
expect(json_response).to match("active" => false)
|
|
327
346
|
end
|
|
328
347
|
end
|
|
329
348
|
|
|
330
|
-
context "introspection request authorized by a client and allow_token_introspection is true" do
|
|
349
|
+
context "when introspection request authorized by a client and allow_token_introspection is true" do
|
|
331
350
|
let(:different_client) { FactoryBot.create(:application) }
|
|
332
351
|
|
|
333
352
|
before do
|
|
@@ -341,13 +360,18 @@ describe Doorkeeper::TokensController do
|
|
|
341
360
|
|
|
342
361
|
post :introspect, params: { token: token_for_introspection.token }
|
|
343
362
|
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
363
|
+
expect(json_response).to match(
|
|
364
|
+
"active" => true,
|
|
365
|
+
"client_id" => client.uid,
|
|
366
|
+
"token_type" => "Bearer",
|
|
367
|
+
"scope" => nil,
|
|
368
|
+
"exp" => an_instance_of(Integer),
|
|
369
|
+
"iat" => an_instance_of(Integer),
|
|
370
|
+
)
|
|
347
371
|
end
|
|
348
372
|
end
|
|
349
373
|
|
|
350
|
-
context "allow_token_introspection requires authorized token with special scope" do
|
|
374
|
+
context "when allow_token_introspection requires authorized token with special scope" do
|
|
351
375
|
let(:access_token) { FactoryBot.create(:access_token, scopes: "introspection") }
|
|
352
376
|
|
|
353
377
|
before do
|
|
@@ -361,8 +385,14 @@ describe Doorkeeper::TokensController do
|
|
|
361
385
|
|
|
362
386
|
post :introspect, params: { token: token_for_introspection.token }
|
|
363
387
|
|
|
364
|
-
|
|
365
|
-
|
|
388
|
+
expect(json_response).to match(
|
|
389
|
+
"active" => true,
|
|
390
|
+
"client_id" => client.uid,
|
|
391
|
+
"token_type" => "Bearer",
|
|
392
|
+
"scope" => nil,
|
|
393
|
+
"exp" => an_instance_of(Integer),
|
|
394
|
+
"iat" => an_instance_of(Integer),
|
|
395
|
+
)
|
|
366
396
|
end
|
|
367
397
|
|
|
368
398
|
it "responds with invalid_token error if authorized token doesn't have introspection scope" do
|
|
@@ -374,12 +404,15 @@ describe Doorkeeper::TokensController do
|
|
|
374
404
|
|
|
375
405
|
response_status_should_be 401
|
|
376
406
|
|
|
377
|
-
|
|
378
|
-
|
|
407
|
+
expect(json_response).to match(
|
|
408
|
+
"error" => "invalid_token",
|
|
409
|
+
"error_description" => an_instance_of(String),
|
|
410
|
+
"state" => "unauthorized",
|
|
411
|
+
)
|
|
379
412
|
end
|
|
380
413
|
end
|
|
381
414
|
|
|
382
|
-
context "authorized using invalid Bearer token" do
|
|
415
|
+
context "when authorized using invalid Bearer token" do
|
|
383
416
|
let(:access_token) do
|
|
384
417
|
FactoryBot.create(:access_token, application: client, revoked_at: 1.day.ago)
|
|
385
418
|
end
|
|
@@ -391,12 +424,15 @@ describe Doorkeeper::TokensController do
|
|
|
391
424
|
|
|
392
425
|
response_status_should_be 401
|
|
393
426
|
|
|
394
|
-
|
|
395
|
-
|
|
427
|
+
expect(json_response).to match(
|
|
428
|
+
"error" => "invalid_token",
|
|
429
|
+
"error_description" => an_instance_of(String),
|
|
430
|
+
"state" => "unauthorized",
|
|
431
|
+
)
|
|
396
432
|
end
|
|
397
433
|
end
|
|
398
434
|
|
|
399
|
-
context "authorized using the Bearer token that need to be introspected" do
|
|
435
|
+
context "when authorized using the Bearer token that need to be introspected" do
|
|
400
436
|
it "responds with invalid token error" do
|
|
401
437
|
request.headers["Authorization"] = "Bearer #{access_token.token}"
|
|
402
438
|
|
|
@@ -404,12 +440,15 @@ describe Doorkeeper::TokensController do
|
|
|
404
440
|
|
|
405
441
|
response_status_should_be 401
|
|
406
442
|
|
|
407
|
-
|
|
408
|
-
|
|
443
|
+
expect(json_response).to match(
|
|
444
|
+
"error" => "invalid_token",
|
|
445
|
+
"error_description" => an_instance_of(String),
|
|
446
|
+
"state" => "unauthorized",
|
|
447
|
+
)
|
|
409
448
|
end
|
|
410
449
|
end
|
|
411
450
|
|
|
412
|
-
context "
|
|
451
|
+
context "when invalid credentials used to authorize" do
|
|
413
452
|
let(:client) { double(uid: "123123", secret: "666999") }
|
|
414
453
|
let(:access_token) { FactoryBot.create(:access_token) }
|
|
415
454
|
|
|
@@ -421,24 +460,25 @@ describe Doorkeeper::TokensController do
|
|
|
421
460
|
expect(response).not_to be_successful
|
|
422
461
|
response_status_should_be 401
|
|
423
462
|
|
|
424
|
-
|
|
425
|
-
|
|
463
|
+
expect(json_response).to match(
|
|
464
|
+
"error" => "invalid_client",
|
|
465
|
+
"error_description" => an_instance_of(String),
|
|
466
|
+
)
|
|
426
467
|
end
|
|
427
468
|
end
|
|
428
469
|
|
|
429
|
-
context "
|
|
430
|
-
context "authorized using client credentials" do
|
|
470
|
+
context "when wrong token value used" do
|
|
471
|
+
context "when authorized using client credentials" do
|
|
431
472
|
it "responds with only active state" do
|
|
432
473
|
request.headers["Authorization"] = basic_auth_header_for_client(client)
|
|
433
474
|
|
|
434
475
|
post :introspect, params: { token: SecureRandom.hex(16) }
|
|
435
476
|
|
|
436
|
-
|
|
437
|
-
expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
|
|
477
|
+
expect(json_response).to match("active" => false)
|
|
438
478
|
end
|
|
439
479
|
end
|
|
440
480
|
|
|
441
|
-
context "authorized using valid Bearer token" do
|
|
481
|
+
context "when authorized using valid Bearer token" do
|
|
442
482
|
it "responds with invalid_token error" do
|
|
443
483
|
request.headers["Authorization"] = "Bearer #{access_token.token}"
|
|
444
484
|
|
|
@@ -446,8 +486,11 @@ describe Doorkeeper::TokensController do
|
|
|
446
486
|
|
|
447
487
|
response_status_should_be 401
|
|
448
488
|
|
|
449
|
-
|
|
450
|
-
|
|
489
|
+
expect(json_response).to match(
|
|
490
|
+
"error" => "invalid_token",
|
|
491
|
+
"error_description" => an_instance_of(String),
|
|
492
|
+
"state" => "unauthorized",
|
|
493
|
+
)
|
|
451
494
|
end
|
|
452
495
|
end
|
|
453
496
|
end
|
|
@@ -462,8 +505,7 @@ describe Doorkeeper::TokensController do
|
|
|
462
505
|
|
|
463
506
|
post :introspect, params: { token: token_for_introspection.token }
|
|
464
507
|
|
|
465
|
-
|
|
466
|
-
expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
|
|
508
|
+
expect(json_response).to match("active" => false)
|
|
467
509
|
end
|
|
468
510
|
end
|
|
469
511
|
|
|
@@ -477,12 +519,11 @@ describe Doorkeeper::TokensController do
|
|
|
477
519
|
|
|
478
520
|
post :introspect, params: { token: token_for_introspection.token }
|
|
479
521
|
|
|
480
|
-
|
|
481
|
-
expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
|
|
522
|
+
expect(json_response).to match("active" => false)
|
|
482
523
|
end
|
|
483
524
|
end
|
|
484
525
|
|
|
485
|
-
context "unauthorized (no bearer token or client credentials)" do
|
|
526
|
+
context "when unauthorized (no bearer token or client credentials)" do
|
|
486
527
|
let(:token_for_introspection) { FactoryBot.create(:access_token) }
|
|
487
528
|
|
|
488
529
|
it "responds with invalid_request error" do
|
|
@@ -491,8 +532,10 @@ describe Doorkeeper::TokensController do
|
|
|
491
532
|
expect(response).not_to be_successful
|
|
492
533
|
response_status_should_be 400
|
|
493
534
|
|
|
494
|
-
|
|
495
|
-
|
|
535
|
+
expect(json_response).to match(
|
|
536
|
+
"error" => "invalid_request",
|
|
537
|
+
"error_description" => an_instance_of(String),
|
|
538
|
+
)
|
|
496
539
|
end
|
|
497
540
|
end
|
|
498
541
|
end
|