doorkeeper-mongodb 5.2.1 → 5.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/doorkeeper-mongodb.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb +76 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/base_mixin.rb +0 -8
- data/lib/doorkeeper-mongodb/mixins/mongoid/json_serializable.rb +17 -0
- data/lib/doorkeeper-mongodb/version.rb +1 -1
- data/spec/controllers/application_metal_controller_spec.rb +4 -4
- data/spec/controllers/applications_controller_spec.rb +198 -202
- data/spec/controllers/authorizations_controller_spec.rb +32 -31
- data/spec/controllers/protected_resources_controller_spec.rb +10 -10
- data/spec/controllers/token_info_controller_spec.rb +1 -1
- data/spec/controllers/tokens_controller_spec.rb +105 -62
- data/spec/doorkeeper/redirect_uri_validator_spec.rb +183 -0
- data/spec/{lib → doorkeeper}/server_spec.rb +5 -4
- data/spec/{lib → doorkeeper}/stale_records_cleaner_spec.rb +8 -7
- data/spec/{version → doorkeeper}/version_spec.rb +3 -3
- data/spec/dummy/log/test.log +4220 -4184
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{eS/eSL1QMz46gKLM0GR6S9fL6uyARPxOImcappZ9_ZtSyg.cache → Pm/PmheG0PGFqDws1qgFOxOyIL-gpMof3Ar9eSRKVLYuik.cache} +0 -0
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +23 -12
- data/spec/lib/doorkeeper_spec.rb +4 -4
- data/spec/lib/models/expirable_spec.rb +9 -9
- data/spec/lib/models/reusable_spec.rb +2 -2
- data/spec/lib/models/revocable_spec.rb +4 -7
- data/spec/lib/models/scopes_spec.rb +7 -7
- data/spec/lib/models/secret_storable_spec.rb +9 -8
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +23 -27
- data/spec/lib/oauth/authorization_code_request_spec.rb +6 -6
- data/spec/lib/oauth/base_request_spec.rb +11 -27
- data/spec/lib/oauth/base_response_spec.rb +2 -2
- data/spec/lib/oauth/client/credentials_spec.rb +25 -25
- data/spec/lib/oauth/client_credentials/creator_spec.rb +89 -91
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +84 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +72 -39
- data/spec/lib/oauth/client_credentials_integration_spec.rb +5 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +7 -10
- data/spec/lib/oauth/client_spec.rb +8 -8
- data/spec/lib/oauth/code_request_spec.rb +5 -5
- data/spec/lib/oauth/code_response_spec.rb +4 -4
- data/spec/lib/oauth/error_response_spec.rb +6 -5
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/forbidden_token_response_spec.rb +2 -2
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +37 -37
- data/spec/lib/oauth/helpers/unique_token_spec.rb +2 -2
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +54 -54
- data/spec/lib/oauth/invalid_request_response_spec.rb +6 -6
- data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
- data/spec/lib/oauth/password_access_token_request_spec.rb +10 -9
- data/spec/lib/oauth/pre_authorization_spec.rb +20 -8
- data/spec/lib/oauth/refresh_token_request_spec.rb +10 -10
- data/spec/lib/oauth/scopes_spec.rb +14 -14
- data/spec/lib/oauth/token_request_spec.rb +9 -9
- data/spec/lib/oauth/token_response_spec.rb +5 -5
- data/spec/lib/oauth/token_spec.rb +5 -5
- data/spec/lib/option_spec.rb +1 -1
- data/spec/lib/request/strategy_spec.rb +34 -37
- data/spec/lib/secret_storing/base_spec.rb +3 -2
- data/spec/lib/secret_storing/bcrypt_spec.rb +2 -1
- data/spec/lib/secret_storing/plain_spec.rb +2 -1
- data/spec/lib/secret_storing/sha256_hash_spec.rb +2 -1
- data/spec/models/doorkeeper/access_grant_spec.rb +7 -9
- data/spec/models/doorkeeper/access_token_spec.rb +20 -26
- data/spec/models/doorkeeper/application_spec.rb +83 -26
- data/spec/requests/applications/applications_request_spec.rb +91 -93
- data/spec/requests/endpoints/authorization_spec.rb +1 -1
- data/spec/requests/endpoints/token_spec.rb +22 -16
- data/spec/requests/flows/authorization_code_errors_spec.rb +12 -8
- data/spec/requests/flows/authorization_code_spec.rb +108 -79
- data/spec/requests/flows/client_credentials_spec.rb +57 -45
- data/spec/requests/flows/implicit_grant_spec.rb +4 -4
- data/spec/requests/flows/password_spec.rb +253 -213
- data/spec/requests/flows/refresh_token_spec.rb +53 -39
- data/spec/requests/flows/revoke_token_spec.rb +24 -24
- data/spec/requests/flows/skip_authorization_spec.rb +1 -1
- data/spec/requests/protected_resources/metal_spec.rb +2 -2
- data/spec/routing/custom_controller_routes_spec.rb +1 -1
- data/spec/routing/default_routes_spec.rb +1 -1
- data/spec/routing/scoped_routes_spec.rb +1 -1
- data/spec/support/helpers/request_spec_helper.rb +1 -13
- data/spec/support/helpers/url_helper.rb +2 -2
- data/spec/support/shared/controllers_shared_context.rb +5 -38
- data/spec/support/shared/hashing_shared_context.rb +4 -0
- data/spec/support/shared/models_shared_examples.rb +6 -6
- metadata +13 -10
@@ -2,38 +2,34 @@
|
|
2
2
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
|
-
|
6
|
-
describe
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
uri = subject.uri_with_query "http://example.com/", parameter: "value"
|
12
|
-
expect(uri).to eq("http://example.com/?parameter=value")
|
13
|
-
end
|
5
|
+
RSpec.describe Doorkeeper::OAuth::Authorization::URIBuilder do
|
6
|
+
describe ".uri_with_query" do
|
7
|
+
it "returns the uri with query" do
|
8
|
+
uri = described_class.uri_with_query "http://example.com/", parameter: "value"
|
9
|
+
expect(uri).to eq("http://example.com/?parameter=value")
|
10
|
+
end
|
14
11
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
12
|
+
it "rejects nil values" do
|
13
|
+
uri = described_class.uri_with_query "http://example.com/", parameter: ""
|
14
|
+
expect(uri).to eq("http://example.com/?")
|
15
|
+
end
|
19
16
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
end
|
17
|
+
it "preserves original query parameters" do
|
18
|
+
uri = described_class.uri_with_query "http://example.com/?query1=value", parameter: "value"
|
19
|
+
expect(uri).to match(/query1=value/)
|
20
|
+
expect(uri).to match(/parameter=value/)
|
25
21
|
end
|
22
|
+
end
|
26
23
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
24
|
+
describe ".uri_with_fragment" do
|
25
|
+
it "returns uri with parameters as fragments" do
|
26
|
+
uri = described_class.uri_with_fragment "http://example.com/", parameter: "value"
|
27
|
+
expect(uri).to eq("http://example.com/#parameter=value")
|
28
|
+
end
|
32
29
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
end
|
30
|
+
it "preserves original query parameters" do
|
31
|
+
uri = described_class.uri_with_fragment "http://example.com/?query1=value1", parameter: "value"
|
32
|
+
expect(uri).to eq("http://example.com/?query1=value1#parameter=value")
|
37
33
|
end
|
38
34
|
end
|
39
35
|
end
|
@@ -2,7 +2,11 @@
|
|
2
2
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
|
-
describe Doorkeeper::OAuth::AuthorizationCodeRequest do
|
5
|
+
RSpec.describe Doorkeeper::OAuth::AuthorizationCodeRequest do
|
6
|
+
subject do
|
7
|
+
described_class.new(server, grant, client, params)
|
8
|
+
end
|
9
|
+
|
6
10
|
let(:server) do
|
7
11
|
double :server,
|
8
12
|
access_token_expires_in: 2.days,
|
@@ -26,10 +30,6 @@ describe Doorkeeper::OAuth::AuthorizationCodeRequest do
|
|
26
30
|
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
27
31
|
end
|
28
32
|
|
29
|
-
subject do
|
30
|
-
described_class.new(server, grant, client, params)
|
31
|
-
end
|
32
|
-
|
33
33
|
it "issues a new token for the client" do
|
34
34
|
expect do
|
35
35
|
subject.authorize
|
@@ -111,7 +111,7 @@ describe Doorkeeper::OAuth::AuthorizationCodeRequest do
|
|
111
111
|
scopes: grant.scopes.to_s,
|
112
112
|
)
|
113
113
|
|
114
|
-
expect { subject.authorize }.
|
114
|
+
expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
|
115
115
|
end
|
116
116
|
|
117
117
|
it "creates token if there is a matching one but non reusable" do
|
@@ -2,7 +2,11 @@
|
|
2
2
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
|
-
describe Doorkeeper::OAuth::BaseRequest do
|
5
|
+
RSpec.describe Doorkeeper::OAuth::BaseRequest do
|
6
|
+
subject do
|
7
|
+
described_class.new
|
8
|
+
end
|
9
|
+
|
6
10
|
let(:access_token) do
|
7
11
|
double :access_token,
|
8
12
|
plaintext_token: "some-token",
|
@@ -29,10 +33,6 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
29
33
|
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
30
34
|
end
|
31
35
|
|
32
|
-
subject do
|
33
|
-
described_class.new
|
34
|
-
end
|
35
|
-
|
36
36
|
describe "#authorize" do
|
37
37
|
before do
|
38
38
|
allow(subject).to receive(:access_token).and_return(access_token)
|
@@ -43,7 +43,7 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
43
43
|
subject.authorize
|
44
44
|
end
|
45
45
|
|
46
|
-
context "valid" do
|
46
|
+
context "when valid" do
|
47
47
|
before do
|
48
48
|
allow(subject).to receive(:valid?).and_return(true)
|
49
49
|
end
|
@@ -64,7 +64,7 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
67
|
-
context "invalid" do
|
67
|
+
context "when invalid" do
|
68
68
|
context "with error other than invalid_request" do
|
69
69
|
before do
|
70
70
|
allow(subject).to receive(:valid?).and_return(false)
|
@@ -146,7 +146,7 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
146
146
|
"public",
|
147
147
|
server,
|
148
148
|
)
|
149
|
-
expect(result.expires_in).to
|
149
|
+
expect(result.expires_in).to be(500)
|
150
150
|
end
|
151
151
|
|
152
152
|
it "respects use_refresh_token with a block" do
|
@@ -167,7 +167,7 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
167
167
|
"public",
|
168
168
|
server,
|
169
169
|
)
|
170
|
-
expect(result.refresh_token).
|
170
|
+
expect(result.refresh_token).not_to be_nil
|
171
171
|
|
172
172
|
result = subject.find_or_create_access_token(
|
173
173
|
client,
|
@@ -180,7 +180,7 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
180
180
|
end
|
181
181
|
|
182
182
|
describe "#scopes" do
|
183
|
-
context "@original_scopes is present" do
|
183
|
+
context "when @original_scopes is present" do
|
184
184
|
before do
|
185
185
|
subject.instance_variable_set(:@original_scopes, "public write")
|
186
186
|
end
|
@@ -192,7 +192,7 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
192
192
|
end
|
193
193
|
end
|
194
194
|
|
195
|
-
context "@original_scopes is
|
195
|
+
context "when @original_scopes is blank" do
|
196
196
|
before do
|
197
197
|
subject.instance_variable_set(:@original_scopes, "")
|
198
198
|
end
|
@@ -207,20 +207,4 @@ describe Doorkeeper::OAuth::BaseRequest do
|
|
207
207
|
end
|
208
208
|
end
|
209
209
|
end
|
210
|
-
|
211
|
-
describe "#valid?" do
|
212
|
-
context "error is nil" do
|
213
|
-
it "returns true" do
|
214
|
-
allow(subject).to receive(:error).and_return(nil).once
|
215
|
-
expect(subject.valid?).to eq(true)
|
216
|
-
end
|
217
|
-
end
|
218
|
-
|
219
|
-
context "error is not nil" do
|
220
|
-
it "returns false" do
|
221
|
-
allow(subject).to receive(:error).and_return(Object.new).once
|
222
|
-
expect(subject.valid?).to eq(false)
|
223
|
-
end
|
224
|
-
end
|
225
|
-
end
|
226
210
|
end
|
@@ -8,10 +8,10 @@ class Doorkeeper::OAuth::Client
|
|
8
8
|
let(:client_secret) { "some-secret" }
|
9
9
|
|
10
10
|
it "is blank when the uid in credentials is blank" do
|
11
|
-
expect(
|
12
|
-
expect(
|
13
|
-
expect(
|
14
|
-
expect(
|
11
|
+
expect(described_class.new(nil, nil)).to be_blank
|
12
|
+
expect(described_class.new(nil, "something")).to be_blank
|
13
|
+
expect(described_class.new("something", nil)).to be_present
|
14
|
+
expect(described_class.new("something", "something")).to be_present
|
15
15
|
end
|
16
16
|
|
17
17
|
describe ".from_request" do
|
@@ -23,66 +23,66 @@ class Doorkeeper::OAuth::Client
|
|
23
23
|
|
24
24
|
it "accepts anything that responds to #call" do
|
25
25
|
expect(method).to receive(:call).with(request)
|
26
|
-
|
26
|
+
described_class.from_request request, method
|
27
27
|
end
|
28
28
|
|
29
29
|
it "delegates methods received as symbols to Credentials class" do
|
30
|
-
expect(
|
31
|
-
|
30
|
+
expect(described_class).to receive(:from_params).with(request)
|
31
|
+
described_class.from_request request, :from_params
|
32
32
|
end
|
33
33
|
|
34
34
|
it "stops at the first credentials found" do
|
35
35
|
not_called_method = double
|
36
36
|
expect(not_called_method).not_to receive(:call)
|
37
|
-
|
37
|
+
described_class.from_request request, ->(_) {}, method, not_called_method
|
38
38
|
end
|
39
39
|
|
40
40
|
it "returns new Credentials" do
|
41
|
-
credentials =
|
42
|
-
expect(credentials).to be_a(
|
41
|
+
credentials = described_class.from_request request, method
|
42
|
+
expect(credentials).to be_a(described_class)
|
43
43
|
end
|
44
44
|
|
45
45
|
it "returns uid and secret from extractor method" do
|
46
|
-
credentials =
|
46
|
+
credentials = described_class.from_request request, method
|
47
47
|
expect(credentials.uid).to eq("uid")
|
48
48
|
expect(credentials.secret).to eq("secret")
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
|
-
describe
|
52
|
+
describe ".from_params" do
|
53
53
|
it "returns credentials from parameters when Authorization header is not available" do
|
54
|
-
request
|
55
|
-
uid, secret =
|
54
|
+
request = double parameters: { client_id: client_id, client_secret: client_secret }
|
55
|
+
uid, secret = described_class.from_params(request)
|
56
56
|
|
57
|
-
expect(uid).to
|
57
|
+
expect(uid).to eq("some-uid")
|
58
58
|
expect(secret).to eq("some-secret")
|
59
59
|
end
|
60
60
|
|
61
61
|
it "is blank when there are no credentials" do
|
62
|
-
request
|
63
|
-
uid, secret =
|
62
|
+
request = double parameters: {}
|
63
|
+
uid, secret = described_class.from_params(request)
|
64
64
|
|
65
|
-
expect(uid).to
|
65
|
+
expect(uid).to be_blank
|
66
66
|
expect(secret).to be_blank
|
67
67
|
end
|
68
68
|
end
|
69
69
|
|
70
|
-
describe
|
70
|
+
describe ".from_basic" do
|
71
71
|
let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
|
72
72
|
|
73
73
|
it "decodes the credentials" do
|
74
|
-
request
|
75
|
-
uid, secret =
|
74
|
+
request = double authorization: "Basic #{credentials}"
|
75
|
+
uid, secret = described_class.from_basic(request)
|
76
76
|
|
77
|
-
expect(uid).to
|
77
|
+
expect(uid).to eq("some-uid")
|
78
78
|
expect(secret).to eq("some-secret")
|
79
79
|
end
|
80
80
|
|
81
81
|
it "is blank if Authorization is not Basic" do
|
82
|
-
request
|
83
|
-
uid, secret =
|
82
|
+
request = double authorization: credentials.to_s
|
83
|
+
uid, secret = described_class.from_basic(request)
|
84
84
|
|
85
|
-
expect(uid).to
|
85
|
+
expect(uid).to be_blank
|
86
86
|
expect(secret).to be_blank
|
87
87
|
end
|
88
88
|
end
|
@@ -2,136 +2,134 @@
|
|
2
2
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
let(:scopes) { Doorkeeper::OAuth::Scopes.from_string("public") }
|
5
|
+
RSpec.describe Doorkeeper::OAuth::ClientCredentials::Creator do
|
6
|
+
let(:client) { FactoryBot.create :application }
|
7
|
+
let(:scopes) { Doorkeeper::OAuth::Scopes.from_string("public") }
|
9
8
|
|
9
|
+
before do
|
10
|
+
default_scopes_exist :public
|
11
|
+
end
|
12
|
+
|
13
|
+
it "creates a new token" do
|
14
|
+
expect do
|
15
|
+
subject.call(client, scopes)
|
16
|
+
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
17
|
+
end
|
18
|
+
|
19
|
+
context "when reuse_access_token is true" do
|
10
20
|
before do
|
11
|
-
|
21
|
+
allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(true)
|
12
22
|
end
|
13
23
|
|
14
|
-
|
15
|
-
|
16
|
-
subject.call(client, scopes)
|
17
|
-
|
24
|
+
context "when expiration is disabled" do
|
25
|
+
it "returns the existing valid token" do
|
26
|
+
existing_token = subject.call(client, scopes)
|
27
|
+
|
28
|
+
result = subject.call(client, scopes)
|
29
|
+
|
30
|
+
expect(Doorkeeper::AccessToken.count).to eq(1)
|
31
|
+
expect(result).to eq(existing_token)
|
32
|
+
end
|
18
33
|
end
|
19
34
|
|
20
|
-
context "when
|
35
|
+
context "when existing token has not crossed token_reuse_limit" do
|
36
|
+
let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
|
37
|
+
|
21
38
|
before do
|
22
|
-
allow(Doorkeeper.config).to receive(:
|
39
|
+
allow(Doorkeeper.config).to receive(:token_reuse_limit).and_return(50)
|
40
|
+
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(600)
|
23
41
|
end
|
24
42
|
|
25
|
-
|
26
|
-
|
27
|
-
existing_token = subject.call(client, scopes)
|
43
|
+
it "returns the existing valid token" do
|
44
|
+
result = subject.call(client, scopes, expires_in: 1000)
|
28
45
|
|
29
|
-
|
30
|
-
|
31
|
-
expect(Doorkeeper::AccessToken.count).to eq(1)
|
32
|
-
expect(result).to eq(existing_token)
|
33
|
-
end
|
46
|
+
expect(Doorkeeper::AccessToken.count).to eq(1)
|
47
|
+
expect(result).to eq(existing_token)
|
34
48
|
end
|
35
49
|
|
36
|
-
context "when
|
37
|
-
let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
|
38
|
-
|
50
|
+
context "when revoke_previous_client_credentials_token is false" do
|
39
51
|
before do
|
40
|
-
allow(Doorkeeper.config).to receive(:
|
41
|
-
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(600)
|
52
|
+
allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token).and_return(false)
|
42
53
|
end
|
43
54
|
|
44
|
-
it "
|
45
|
-
|
46
|
-
|
47
|
-
expect(Doorkeeper::AccessToken.count).to eq(1)
|
48
|
-
expect(result).to eq(existing_token)
|
49
|
-
end
|
50
|
-
|
51
|
-
context "and when revoke_previous_client_credentials_token is false" do
|
52
|
-
before do
|
53
|
-
allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token).and_return(false)
|
54
|
-
end
|
55
|
-
|
56
|
-
it "does not revoke the existing valid token" do
|
57
|
-
subject.call(client, scopes, expires_in: 1000)
|
58
|
-
expect(existing_token.reload).not_to be_revoked
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
context "when existing token has crossed token_reuse_limit" do
|
64
|
-
it "returns a new token" do
|
65
|
-
allow(Doorkeeper.config).to receive(:token_reuse_limit).and_return(50)
|
66
|
-
existing_token = subject.call(client, scopes, expires_in: 1000)
|
67
|
-
|
68
|
-
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(400)
|
69
|
-
result = subject.call(client, scopes, expires_in: 1000)
|
70
|
-
|
71
|
-
expect(Doorkeeper::AccessToken.count).to eq(2)
|
72
|
-
expect(result).not_to eq(existing_token)
|
55
|
+
it "does not revoke the existing valid token" do
|
56
|
+
subject.call(client, scopes, expires_in: 1000)
|
57
|
+
expect(existing_token.reload).not_to be_revoked
|
73
58
|
end
|
74
59
|
end
|
60
|
+
end
|
75
61
|
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
62
|
+
context "when existing token has crossed token_reuse_limit" do
|
63
|
+
it "returns a new token" do
|
64
|
+
allow(Doorkeeper.config).to receive(:token_reuse_limit).and_return(50)
|
65
|
+
existing_token = subject.call(client, scopes, expires_in: 1000)
|
80
66
|
|
81
|
-
|
82
|
-
|
67
|
+
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(400)
|
68
|
+
result = subject.call(client, scopes, expires_in: 1000)
|
83
69
|
|
84
|
-
|
85
|
-
|
86
|
-
end
|
70
|
+
expect(Doorkeeper::AccessToken.count).to eq(2)
|
71
|
+
expect(result).not_to eq(existing_token)
|
87
72
|
end
|
88
73
|
end
|
89
74
|
|
90
|
-
context "when
|
91
|
-
before do
|
92
|
-
allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(false)
|
93
|
-
end
|
94
|
-
|
75
|
+
context "when existing token has been expired" do
|
95
76
|
it "returns a new token" do
|
96
|
-
|
77
|
+
allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
|
78
|
+
existing_token = subject.call(client, scopes, expires_in: 1000)
|
97
79
|
|
98
|
-
|
80
|
+
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expired?).and_return(true)
|
81
|
+
result = subject.call(client, scopes, expires_in: 1000)
|
99
82
|
|
100
83
|
expect(Doorkeeper::AccessToken.count).to eq(2)
|
101
84
|
expect(result).not_to eq(existing_token)
|
102
85
|
end
|
103
86
|
end
|
87
|
+
end
|
104
88
|
|
105
|
-
|
106
|
-
|
89
|
+
context "when reuse_access_token is false" do
|
90
|
+
before do
|
91
|
+
allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(false)
|
92
|
+
end
|
107
93
|
|
108
|
-
|
109
|
-
|
110
|
-
end
|
94
|
+
it "returns a new token" do
|
95
|
+
existing_token = subject.call(client, scopes)
|
111
96
|
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
97
|
+
result = subject.call(client, scopes)
|
98
|
+
|
99
|
+
expect(Doorkeeper::AccessToken.count).to eq(2)
|
100
|
+
expect(result).not_to eq(existing_token)
|
116
101
|
end
|
102
|
+
end
|
117
103
|
|
118
|
-
|
119
|
-
|
104
|
+
context "when revoke_previous_client_credentials_token is true" do
|
105
|
+
let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
|
120
106
|
|
121
|
-
|
122
|
-
|
123
|
-
|
107
|
+
before do
|
108
|
+
allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token?).and_return(true)
|
109
|
+
end
|
124
110
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
end
|
111
|
+
it "revokes the existing token" do
|
112
|
+
subject.call(client, scopes, expires_in: 1000)
|
113
|
+
expect(existing_token.reload).to be_revoked
|
129
114
|
end
|
115
|
+
end
|
130
116
|
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
117
|
+
context "when revoke_previous_client_credentials_token is false" do
|
118
|
+
let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
|
119
|
+
|
120
|
+
before do
|
121
|
+
allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token?).and_return(false)
|
122
|
+
end
|
123
|
+
|
124
|
+
it "does not revoke the existing token" do
|
125
|
+
subject.call(client, scopes, expires_in: 1000)
|
126
|
+
expect(existing_token.reload).not_to be_revoked
|
135
127
|
end
|
136
128
|
end
|
129
|
+
|
130
|
+
it "returns false if creation fails" do
|
131
|
+
expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
|
132
|
+
created = subject.call(client, scopes)
|
133
|
+
expect(created).to be_falsey
|
134
|
+
end
|
137
135
|
end
|