doorkeeper-mongodb 5.2.1 → 5.2.2

data/spec/controllers/authorizations_controller_spec.rb

@@ -2,7 +2,7 @@
 
 require "spec_helper"
 
-describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
+RSpec.describe Doorkeeper::AuthorizationsController do
   include AuthorizationRequestHelper
 
   class ActionDispatch::TestResponse
@@ -14,8 +14,8 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
     end
   end
 
-  let(:client)        { FactoryBot.create :application }
-  let(:user)          { User.create!(name: "Joe", password: "sekret") }
+  let(:client) { FactoryBot.create :application }
+  let(:user) { User.create!(name: "Joe", password: "sekret") }
 
   let(:access_token) do
     FactoryBot.build :access_token,
@@ -27,6 +27,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
 
   before do
     Doorkeeper.configure do
+      orm DOORKEEPER_ORM
       default_scopes :default
 
       custom_access_token_expires_in(lambda do |context|
@@ -37,7 +38,6 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
     allow(Doorkeeper.config).to receive(:grant_flows).and_return(["implicit"])
     allow(Doorkeeper.config).to receive(:authenticate_resource_owner).and_return(->(_) { authenticator_method })
     allow(controller).to receive(:authenticator_method).and_return(user)
-    expect(controller).to receive(:authenticator_method).at_most(:once)
   end
 
   describe "POST #create" do
@@ -47,6 +47,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
 
     it "redirects after authorization" do
       expect(response).to be_redirect
+      expect(controller).to receive(:authenticator_method).at_most(:once)
     end
 
     it "redirects to client redirect uri" do
@@ -311,7 +312,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       end
 
       it "includes error description in redirect uri" do
-        expect(redirect_uri.match(/error_description=(.+)&?/)[1]).to_not be_nil
+        expect(redirect_uri.match(/error_description=(.+)&?/)[1]).not_to be_nil
       end
 
       it "does not issue any access token" do
@@ -356,13 +357,13 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
         }
       end
 
-      it "should call :before_successful_authorization callback" do
+      it "calls :before_successful_authorization callback" do
         expect(Doorkeeper.config)
           .to receive_message_chain(:before_successful_authorization, :call)
           .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
       end
 
-      it "should call :after_successful_authorization callback" do
+      it "calls :after_successful_authorization callback" do
         expect(Doorkeeper.config)
           .to receive_message_chain(:after_successful_authorization, :call)
           .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
@@ -374,11 +375,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
         post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: "bad_uri" }
       end
 
-      it "should not call :before_successful_authorization callback" do
+      it "does not call :before_successful_authorization callback" do
         expect(Doorkeeper.config).not_to receive(:before_successful_authorization)
       end
 
-      it "should not call :after_successful_authorization callback" do
+      it "does not call :after_successful_authorization callback" do
         expect(Doorkeeper.config).not_to receive(:after_successful_authorization)
       end
     end
@@ -399,16 +400,16 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       }
     end
 
-    it "should redirect immediately" do
+    it "redirects immediately" do
       expect(response).to be_redirect
       expect(response.location).to match(%r{/oauth/token/info\?access_token=})
     end
 
-    it "should not issue a grant" do
+    it "does not issue a grant" do
       expect(Doorkeeper::AccessGrant.count).to be 0
     end
 
-    it "should issue a token" do
+    it "issues a token" do
       expect(Doorkeeper::AccessToken.count).to be 1
     end
   end
@@ -429,17 +430,17 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       }
     end
 
-    it "should redirect immediately" do
+    it "redirects immediately" do
       expect(response).to be_redirect
       expect(response.location)
         .to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
     end
 
-    it "should issue a grant" do
+    it "issues a grant" do
       expect(Doorkeeper::AccessGrant.count).to be 1
     end
 
-    it "should not issue a token" do
+    it "does not issue a token" do
       expect(Doorkeeper::AccessToken.count).to be 0
     end
   end
@@ -457,12 +458,12 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       }
     end
 
-    it "should redirect immediately" do
+    it "redirects immediately" do
       expect(response).to be_redirect
       expect(response.location).to match(/^#{client.redirect_uri}/)
     end
 
-    it "should issue a token" do
+    it "issues a token" do
       expect(Doorkeeper::AccessToken.count).to be 1
     end
 
@@ -494,7 +495,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       }
     end
 
-    it "should render success" do
+    it "renders success" do
       expect(response).to be_successful
     end
 
@@ -523,11 +524,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       }
     end
 
-    it "should render success" do
+    it "renders success" do
       expect(response).to be_successful
     end
 
-    it "should issue a token" do
+    it "issues a token" do
       expect(Doorkeeper::AccessToken.count).to be 1
     end
 
@@ -537,7 +538,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
 
     it "sets redirect_uri to correct value" do
       redirect_uri = JSON.parse(response.body)["redirect_uri"]
-      expect(redirect_uri).to_not be_nil
+      expect(redirect_uri).not_to be_nil
       expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
       expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
       expect(
@@ -562,7 +563,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       end
 
       it "does not redirect" do
-        expect(response).to_not be_redirect
+        expect(response).not_to be_redirect
       end
 
       it "does not issue any token" do
@@ -583,7 +584,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
       end
 
       it "does not redirect" do
-        expect(response).to_not be_redirect
+        expect(response).not_to be_redirect
       end
 
       it "does not issue any token" do
@@ -606,7 +607,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
 
       let(:response_json_body) { JSON.parse(response.body) }
 
-      it "should render bad request" do
+      it "renders bad request" do
         expect(response).to have_http_status(:bad_request)
       end
 
@@ -638,7 +639,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
 
       let(:response_json_body) { JSON.parse(response.body) }
 
-      it "should render bad request" do
+      it "renders bad request" do
         expect(response).to have_http_status(:bad_request)
       end
 
@@ -669,13 +670,13 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
         allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
       end
 
-      it "should call :before_successful_authorization callback" do
+      it "calls :before_successful_authorization callback" do
         expect(Doorkeeper.configuration)
           .to receive_message_chain(:before_successful_authorization, :call)
           .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
       end
 
-      it "should call :after_successful_authorization callback" do
+      it "calls :after_successful_authorization callback" do
         expect(Doorkeeper.configuration)
           .to receive_message_chain(:after_successful_authorization, :call)
           .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
@@ -687,11 +688,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
         allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
       end
 
-      it "should not call :before_successful_authorization callback" do
+      it "does not call :before_successful_authorization callback" do
         expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
       end
 
-      it "should not call :after_successful_authorization callback" do
+      it "does not call :after_successful_authorization callback" do
         expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
       end
     end
@@ -702,11 +703,11 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
         allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
       end
 
-      it "should not call :before_successful_authorization callback" do
+      it "does not call :before_successful_authorization callback" do
         expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
       end
 
-      it "should not call :after_successful_authorization callback" do
+      it "does not call :after_successful_authorization callback" do
         expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
       end
     end

data/spec/controllers/protected_resources_controller_spec.rb

@@ -16,8 +16,8 @@ module ControllerActions
   def doorkeeper_forbidden_render_options(*); end
 end
 
-describe "doorkeeper authorize filter" do
-  context "accepts token code specified as" do
+RSpec.describe "doorkeeper authorize filter" do
+  context "when accepts token code specified as" do
     controller do
       before_action :doorkeeper_authorize!
 
@@ -58,7 +58,7 @@ describe "doorkeeper authorize filter" do
     end
 
     it "does not change Authorization header value" do
-      expect(Doorkeeper::AccessToken).to receive(:by_token).exactly(2).times.and_return(token)
+      expect(Doorkeeper::AccessToken).to receive(:by_token).twice.and_return(token)
       request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
       get :index
       controller.send(:remove_instance_variable, :@doorkeeper_token)
@@ -66,7 +66,7 @@ describe "doorkeeper authorize filter" do
     end
   end
 
-  context "defined for all actions" do
+  context "when defined for all actions" do
     controller do
       before_action :doorkeeper_authorize!
 
@@ -100,7 +100,7 @@ describe "doorkeeper authorize filter" do
     end
   end
 
-  context "defined with scopes" do
+  context "when defined with scopes" do
     controller do
       before_action -> { doorkeeper_authorize! :write }
 
@@ -139,7 +139,7 @@ describe "doorkeeper authorize filter" do
 
       get :index, params: { access_token: token_string }
       expect(response.status).to eq 403
-      expect(response.header).to_not include("WWW-Authenticate")
+      expect(response.header).not_to include("WWW-Authenticate")
     end
   end
 
@@ -169,7 +169,7 @@ describe "doorkeeper authorize filter" do
         end
       end
 
-      it "it renders a custom JSON response", token: :invalid do
+      it "renders a custom JSON response", token: :invalid do
         get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.content_type).to include("application/json")
@@ -199,7 +199,7 @@ describe "doorkeeper authorize filter" do
         end
       end
 
-      it "it renders a custom text response", token: :invalid do
+      it "renders a custom text response", token: :invalid do
         get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.content_type).to include("text/plain")
@@ -253,7 +253,7 @@ describe "doorkeeper authorize filter" do
 
       it "renders a custom JSON response" do
         get :index, params: { access_token: token_string }
-        expect(response.header).to_not include("WWW-Authenticate")
+        expect(response.header).not_to include("WWW-Authenticate")
         expect(response.content_type).to include("application/json")
         expect(response.status).to eq 403
 
@@ -292,7 +292,7 @@ describe "doorkeeper authorize filter" do
 
       it "renders a custom status code and text response" do
         get :index, params: { access_token: token_string }
-        expect(response.header).to_not include("WWW-Authenticate")
+        expect(response.header).not_to include("WWW-Authenticate")
         expect(response.status).to eq 403
         expect(response.body).to eq("Forbidden")
       end

data/spec/controllers/token_info_controller_spec.rb

@@ -2,7 +2,7 @@
 
 require "spec_helper"
 
-describe Doorkeeper::TokenInfoController do
+RSpec.describe Doorkeeper::TokenInfoController do
   describe "when requesting token info with valid token" do
     let(:doorkeeper_token) { FactoryBot.create(:access_token) }
 

data/spec/controllers/tokens_controller_spec.rb

@@ -2,12 +2,15 @@
 
 require "spec_helper"
 
-describe Doorkeeper::TokensController do
+RSpec.describe Doorkeeper::TokensController do
+  subject { JSON.parse(response.body) }
+
   let(:client) { FactoryBot.create :application }
   let!(:user)  { User.create!(name: "Joe", password: "sekret") }
 
   before do
     Doorkeeper.configure do
+      orm DOORKEEPER_ORM
       resource_owner_from_credentials do
         User.first
       end
@@ -16,8 +19,6 @@ describe Doorkeeper::TokensController do
     allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["password"])
   end
 
-  subject { JSON.parse(response.body) }
-
   describe "POST #create" do
     before do
       post :create, params: {
@@ -70,7 +71,7 @@ describe Doorkeeper::TokensController do
     end
 
     it "include error_description in response" do
-      expect(subject["error_description"]).to be
+      expect(subject["error_description"]).to be_present
     end
 
     it "does not include access token in response" do
@@ -104,12 +105,12 @@ describe Doorkeeper::TokensController do
         }
       end
 
-      it "should call :before_successful_authorization callback" do
+      it "calls :before_successful_authorization callback" do
         expect(Doorkeeper.configuration)
           .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class), nil)
       end
 
-      it "should call :after_successful_authorization callback" do
+      it "calls :after_successful_authorization callback" do
         expect(Doorkeeper.configuration)
           .to receive_message_chain(:after_successful_authorization, :call)
           .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
@@ -125,12 +126,12 @@ describe Doorkeeper::TokensController do
         }
       end
 
-      it "should call :before_successful_authorization callback" do
+      it "calls :before_successful_authorization callback" do
         expect(Doorkeeper.configuration)
           .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class), nil)
       end
 
-      it "should not call :after_successful_authorization callback" do
+      it "does not call :after_successful_authorization callback" do
         expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
       end
     end
@@ -190,9 +191,11 @@ describe Doorkeeper::TokensController do
     context "when associated app is confidential" do
       let(:client) { FactoryBot.create(:application, confidential: true) }
       let(:oauth_client) { Doorkeeper::OAuth::Client.new(client) }
+      let(:server) { instance_double(Doorkeeper::Server) }
 
-      before(:each) do
-        allow_any_instance_of(Doorkeeper::Server).to receive(:client) { oauth_client }
+      before do
+        allow(Doorkeeper::Server).to receive(:new).and_return(server)
+        allow(server).to receive(:client).and_return(oauth_client)
       end
 
       it "returns 200" do
@@ -231,30 +234,35 @@ describe Doorkeeper::TokensController do
     let(:access_token) { FactoryBot.create(:access_token, application: client) }
     let(:token_for_introspection) { FactoryBot.create(:access_token, application: client) }
 
-    context "authorized using valid Bearer token" do
+    context "when authorized using valid Bearer token" do
       it "responds with full token introspection" do
         request.headers["Authorization"] = "Bearer #{access_token.token}"
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json "active", true
+        expect(json_response).to include("active" => true)
         expect(json_response).to include("client_id", "token_type", "exp", "iat")
       end
     end
 
-    context "authorized using Client Credentials of the client that token is issued to" do
+    context "when authorized using Client Credentials of the client that token is issued to" do
       it "responds with full token introspection" do
         request.headers["Authorization"] = basic_auth_header_for_client(client)
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json "active", true
-        expect(json_response).to include("client_id", "token_type", "exp", "iat")
-        should_have_json "client_id", client.uid
+        expect(json_response).to match(
+          "active" => true,
+          "client_id" => client.uid,
+          "token_type" => "Bearer",
+          "scope" => nil,
+          "exp" => an_instance_of(Integer),
+          "iat" => an_instance_of(Integer),
+        )
       end
     end
 
-    context "configured token introspection disabled" do
+    context "when token introspection disabled" do
       before do
         Doorkeeper.configure do
           orm DOORKEEPER_ORM
@@ -269,12 +277,12 @@ describe Doorkeeper::TokensController do
 
         response_status_should_be 401
 
-        should_not_have_json "active"
-        should_have_json "error", "invalid_token"
+        expect(json_response).not_to include("active")
+        expect(json_response).to include("error" => "invalid_token")
       end
     end
 
-    context "using custom introspection response" do
+    context "when custom introspection response configured" do
       before do
         Doorkeeper.configure do
           orm DOORKEEPER_ORM
@@ -292,13 +300,20 @@ describe Doorkeeper::TokensController do
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        expect(json_response).to include("client_id", "token_type", "exp", "iat", "sub", "aud")
-        should_have_json "sub", "Z5O3upPC88QrAjx00dis"
-        should_have_json "aud", "https://protected.example.net/resource"
+        expect(json_response).to match(
+          "active" => true,
+          "client_id" => client.uid,
+          "token_type" => "Bearer",
+          "scope" => nil,
+          "exp" => an_instance_of(Integer),
+          "iat" => an_instance_of(Integer),
+          "aud" => "https://protected.example.net/resource",
+          "sub" => "Z5O3upPC88QrAjx00dis",
+        )
       end
     end
 
-    context "public access token" do
+    context "when access token is public" do
       let(:token_for_introspection) { FactoryBot.create(:access_token, application: nil) }
 
       it "responds with full token introspection" do
@@ -306,13 +321,18 @@ describe Doorkeeper::TokensController do
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json "active", true
-        expect(json_response).to include("client_id", "token_type", "exp", "iat")
-        should_have_json "client_id", nil
+        expect(json_response).to match(
+          "active" => true,
+          "client_id" => nil,
+          "token_type" => "Bearer",
+          "scope" => nil,
+          "exp" => an_instance_of(Integer),
+          "iat" => an_instance_of(Integer),
+        )
       end
     end
 
-    context "token was issued to a different client than is making this request" do
+    context "when token was issued to a different client than is making this request" do
       let(:different_client) { FactoryBot.create(:application) }
 
       it "responds with only active state" do
@@ -322,12 +342,11 @@ describe Doorkeeper::TokensController do
 
         expect(response).to be_successful
 
-        should_have_json "active", false
-        expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
+        expect(json_response).to match("active" => false)
       end
     end
 
-    context "introspection request authorized by a client and allow_token_introspection is true" do
+    context "when introspection request authorized by a client and allow_token_introspection is true" do
       let(:different_client) { FactoryBot.create(:application) }
 
       before do
@@ -341,13 +360,18 @@ describe Doorkeeper::TokensController do
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json "active", true
-        expect(json_response).to include("client_id", "token_type", "exp", "iat")
-        should_have_json "client_id", client.uid
+        expect(json_response).to match(
+          "active" => true,
+          "client_id" => client.uid,
+          "token_type" => "Bearer",
+          "scope" => nil,
+          "exp" => an_instance_of(Integer),
+          "iat" => an_instance_of(Integer),
+        )
       end
     end
 
-    context "allow_token_introspection requires authorized token with special scope" do
+    context "when allow_token_introspection requires authorized token with special scope" do
       let(:access_token) { FactoryBot.create(:access_token, scopes: "introspection") }
 
       before do
@@ -361,8 +385,14 @@ describe Doorkeeper::TokensController do
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json "active", true
-        expect(json_response).to include("client_id", "token_type", "exp", "iat")
+        expect(json_response).to match(
+          "active" => true,
+          "client_id" => client.uid,
+          "token_type" => "Bearer",
+          "scope" => nil,
+          "exp" => an_instance_of(Integer),
+          "iat" => an_instance_of(Integer),
+        )
       end
 
       it "responds with invalid_token error if authorized token doesn't have introspection scope" do
@@ -374,12 +404,15 @@ describe Doorkeeper::TokensController do
 
         response_status_should_be 401
 
-        should_not_have_json "active"
-        should_have_json "error", "invalid_token"
+        expect(json_response).to match(
+          "error" => "invalid_token",
+          "error_description" => an_instance_of(String),
+          "state" => "unauthorized",
+        )
       end
     end
 
-    context "authorized using invalid Bearer token" do
+    context "when authorized using invalid Bearer token" do
       let(:access_token) do
         FactoryBot.create(:access_token, application: client, revoked_at: 1.day.ago)
       end
@@ -391,12 +424,15 @@ describe Doorkeeper::TokensController do
 
         response_status_should_be 401
 
-        should_not_have_json "active"
-        should_have_json "error", "invalid_token"
+        expect(json_response).to match(
+          "error" => "invalid_token",
+          "error_description" => an_instance_of(String),
+          "state" => "unauthorized",
+        )
       end
     end
 
-    context "authorized using the Bearer token that need to be introspected" do
+    context "when authorized using the Bearer token that need to be introspected" do
       it "responds with invalid token error" do
         request.headers["Authorization"] = "Bearer #{access_token.token}"
 
@@ -404,12 +440,15 @@ describe Doorkeeper::TokensController do
 
         response_status_should_be 401
 
-        should_not_have_json "active"
-        should_have_json "error", "invalid_token"
+        expect(json_response).to match(
+          "error" => "invalid_token",
+          "error_description" => an_instance_of(String),
+          "state" => "unauthorized",
+        )
       end
     end
 
-    context "using invalid credentials to authorize" do
+    context "when invalid credentials used to authorize" do
       let(:client) { double(uid: "123123", secret: "666999") }
       let(:access_token) { FactoryBot.create(:access_token) }
 
@@ -421,24 +460,25 @@ describe Doorkeeper::TokensController do
         expect(response).not_to be_successful
         response_status_should_be 401
 
-        should_not_have_json "active"
-        should_have_json "error", "invalid_client"
+        expect(json_response).to match(
+          "error" => "invalid_client",
+          "error_description" => an_instance_of(String),
+        )
       end
     end
 
-    context "using wrong token value" do
-      context "authorized using client credentials" do
+    context "when wrong token value used" do
+      context "when authorized using client credentials" do
         it "responds with only active state" do
           request.headers["Authorization"] = basic_auth_header_for_client(client)
 
           post :introspect, params: { token: SecureRandom.hex(16) }
 
-          should_have_json "active", false
-          expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
+          expect(json_response).to match("active" => false)
         end
       end
 
-      context "authorized using valid Bearer token" do
+      context "when authorized using valid Bearer token" do
         it "responds with invalid_token error" do
           request.headers["Authorization"] = "Bearer #{access_token.token}"
 
@@ -446,8 +486,11 @@ describe Doorkeeper::TokensController do
 
           response_status_should_be 401
 
-          should_not_have_json "active"
-          should_have_json "error", "invalid_token"
+          expect(json_response).to match(
+            "error" => "invalid_token",
+            "error_description" => an_instance_of(String),
+            "state" => "unauthorized",
+          )
         end
       end
     end
@@ -462,8 +505,7 @@ describe Doorkeeper::TokensController do
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json "active", false
-        expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
+        expect(json_response).to match("active" => false)
       end
     end
 
@@ -477,12 +519,11 @@ describe Doorkeeper::TokensController do
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json "active", false
-        expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
+        expect(json_response).to match("active" => false)
       end
     end
 
-    context "unauthorized (no bearer token or client credentials)" do
+    context "when unauthorized (no bearer token or client credentials)" do
       let(:token_for_introspection) { FactoryBot.create(:access_token) }
 
       it "responds with invalid_request error" do
@@ -491,8 +532,10 @@ describe Doorkeeper::TokensController do
         expect(response).not_to be_successful
         response_status_should_be 400
 
-        should_not_have_json "active"
-        should_have_json "error", "invalid_request"
+        expect(json_response).to match(
+          "error" => "invalid_request",
+          "error_description" => an_instance_of(String),
+        )
       end
     end
   end