doorkeeper-mongodb 5.2.1 → 5.2.2

data/spec/lib/oauth/client_credentials/issuer_spec.rb

@@ -2,110 +2,108 @@
 
 require "spec_helper"
 
-class Doorkeeper::OAuth::ClientCredentialsRequest
-  describe Issuer do
-    let(:creator) { double :access_token_creator }
-    let(:server) do
-      double(
-        :server,
-        access_token_expires_in: 100,
-      )
+RSpec.describe Doorkeeper::OAuth::ClientCredentials::Issuer do
+  subject { described_class.new(server, validator) }
+
+  let(:creator) { double :access_token_creator }
+  let(:server) do
+    double(
+      :server,
+      access_token_expires_in: 100,
+    )
+  end
+  let(:validator) { double :validator, valid?: true }
+
+  before do
+    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
+  end
+
+  describe "#create" do
+    let(:client) { double :client, id: "some-id" }
+    let(:scopes) { "some scope" }
+
+    it "creates and sets the token" do
+      expect(creator).to receive(:call).and_return("token")
+      subject.create client, scopes, creator
+
+      expect(subject.token).to eq("token")
     end
-    let(:validator) { double :validator, valid?: true }
 
-    before do
-      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
+    it "creates with correct token parameters" do
+      expect(creator).to receive(:call).with(
+        client,
+        scopes,
+        expires_in: 100,
+        use_refresh_token: false,
+      )
+
+      subject.create client, scopes, creator
     end
 
-    subject { Issuer.new(server, validator) }
+    it "has error set to :server_error if creator fails" do
+      expect(creator).to receive(:call).and_return(false)
+      subject.create client, scopes, creator
+
+      expect(subject.error).to eq(:server_error)
+    end
 
-    describe :create do
-      let(:client) { double :client, id: "some-id" }
-      let(:scopes) { "some scope" }
+    context "when validator fails" do
+      before do
+        allow(validator).to receive(:valid?).and_return(false)
+        allow(validator).to receive(:error).and_return(:validation_error)
+      end
 
-      it "creates and sets the token" do
-        expect(creator).to receive(:call).and_return("token")
+      it "has error set from validator" do
+        expect(creator).not_to receive(:create)
         subject.create client, scopes, creator
+        expect(subject.error).to eq(:validation_error)
+      end
+
+      it "returns false" do
+        expect(subject.create(client, scopes, creator)).to be_falsey
+      end
+    end
+
+    context "with custom expiration" do
+      let(:custom_ttl_grant) { 1234 }
+      let(:custom_ttl_scope) { 1235 }
+      let(:custom_scope) { "special" }
+      let(:server) do
+        double(
+          :server,
+          custom_access_token_expires_in: lambda { |context|
+            # scopes is normally an object but is a string in this test
+            if context.scopes == custom_scope
+              custom_ttl_scope
+            elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
+              custom_ttl_grant
+            end
+          },
+        )
+      end
 
-        expect(subject.token).to eq("token")
+      before do
+        allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
       end
 
-      it "creates with correct token parameters" do
+      it "respects grant based rules" do
         expect(creator).to receive(:call).with(
           client,
           scopes,
-          expires_in: 100,
+          expires_in: custom_ttl_grant,
           use_refresh_token: false,
         )
-
         subject.create client, scopes, creator
       end
 
-      it "has error set to :server_error if creator fails" do
-        expect(creator).to receive(:call).and_return(false)
-        subject.create client, scopes, creator
-
-        expect(subject.error).to eq(:server_error)
-      end
-
-      context "when validator fails" do
-        before do
-          allow(validator).to receive(:valid?).and_return(false)
-          allow(validator).to receive(:error).and_return(:validation_error)
-          expect(creator).not_to receive(:create)
-        end
-
-        it "has error set from validator" do
-          subject.create client, scopes, creator
-          expect(subject.error).to eq(:validation_error)
-        end
-
-        it "returns false" do
-          expect(subject.create(client, scopes, creator)).to be_falsey
-        end
-      end
-
-      context "with custom expiration" do
-        let(:custom_ttl_grant) { 1234 }
-        let(:custom_ttl_scope) { 1235 }
-        let(:custom_scope) { "special" }
-        let(:server) do
-          double(
-            :server,
-            custom_access_token_expires_in: lambda { |context|
-              # scopes is normally an object but is a string in this test
-              if context.scopes == custom_scope
-                custom_ttl_scope
-              elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
-                custom_ttl_grant
-              end
-            },
-          )
-        end
-
-        before do
-          allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-        end
-
-        it "respects grant based rules" do
-          expect(creator).to receive(:call).with(
-            client,
-            scopes,
-            expires_in: custom_ttl_grant,
-            use_refresh_token: false,
-          )
-          subject.create client, scopes, creator
-        end
-
-        it "respects scope based rules" do
-          expect(creator).to receive(:call).with(
-            client,
-            custom_scope,
-            expires_in: custom_ttl_scope,
-            use_refresh_token: false,
-          )
-          subject.create client, custom_scope, creator
-        end
+      it "respects scope based rules" do
+        expect(creator).to receive(:call).with(
+          client,
+          custom_scope,
+          expires_in: custom_ttl_scope,
+          use_refresh_token: false,
+        )
+        subject.create client, custom_scope, creator
       end
     end
   end

data/spec/lib/oauth/client_credentials/validation_spec.rb

@@ -2,58 +2,91 @@
 
 require "spec_helper"
 
-class Doorkeeper::OAuth::ClientCredentialsRequest
-  describe Validator do
-    let(:server)      { double :server, scopes: nil }
-    let(:application) { double scopes: nil }
-    let(:client)      { double application: application }
-    let(:request)     { double :request, client: client, scopes: nil }
+RSpec.describe Doorkeeper::OAuth::ClientCredentials::Validator do
+  subject { described_class.new(server, request) }
 
-    subject { described_class.new(server, request) }
+  let(:server)      { double :server, scopes: nil }
+  let(:application) { double scopes: nil }
+  let(:client)      { double application: application }
+  let(:request)     { double :request, client: client, scopes: nil }
 
-    it "is valid with valid request" do
-      expect(subject).to be_valid
+  it "is valid with valid request" do
+    expect(subject).to be_valid
+  end
+
+  it "is invalid when client is not present" do
+    allow(request).to receive(:client).and_return(nil)
+    expect(subject).not_to be_valid
+  end
+
+  context "when a grant flow check is configured" do
+    let(:callback) { double("callback") }
+
+    before do
+      allow(Doorkeeper.config).to receive(:option_defined?).with(:allow_grant_flow_for_client).and_return(true)
+      allow(Doorkeeper.config).to receive(:allow_grant_flow_for_client).and_return(callback)
+    end
+
+    context "when the callback rejects the grant flow" do
+      let(:callback_response) { false }
+
+      it "is invalid" do
+        expect(callback).to receive(:call).twice.with(
+          Doorkeeper::OAuth::CLIENT_CREDENTIALS,
+          application,
+        ).and_return(callback_response)
+
+        expect(subject).not_to be_valid
+      end
     end
 
-    it "is invalid when client is not present" do
-      allow(request).to receive(:client).and_return(nil)
+    context "when the callback allows the grant flow" do
+      let(:callback_response) { true }
+
+      it "is invalid" do
+        expect(callback).to receive(:call).twice.with(
+          Doorkeeper::OAuth::CLIENT_CREDENTIALS,
+          application,
+        ).and_return(callback_response)
+
+        expect(subject).to be_valid
+      end
+    end
+  end
+
+  context "with scopes" do
+    it "is invalid when scopes are not included in the server" do
+      server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
+      allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
+      allow(server).to receive(:scopes).and_return(server_scopes)
+      allow(request).to receive(:scopes).and_return(
+        Doorkeeper::OAuth::Scopes.from_string("invalid"),
+      )
       expect(subject).not_to be_valid
     end
 
-    context "with scopes" do
-      it "is invalid when scopes are not included in the server" do
-        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
+    context "with application scopes" do
+      it "is valid when scopes are included in the application" do
+        application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
+        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
+        allow(application).to receive(:scopes).and_return(application_scopes)
+        allow(server).to receive(:scopes).and_return(server_scopes)
+        allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
+        allow(request).to receive(:scopes).and_return(application_scopes)
+        expect(subject).to be_valid
+      end
+
+      it "is invalid when scopes are not included in the application" do
+        application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
+        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
+        allow(application).to receive(:scopes).and_return(application_scopes)
         allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
         allow(server).to receive(:scopes).and_return(server_scopes)
         allow(request).to receive(:scopes).and_return(
-          Doorkeeper::OAuth::Scopes.from_string("invalid"),
+          Doorkeeper::OAuth::Scopes.from_string("email"),
         )
         expect(subject).not_to be_valid
       end
-
-      context "with application scopes" do
-        it "is valid when scopes are included in the application" do
-          application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
-          server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
-          allow(application).to receive(:scopes).and_return(application_scopes)
-          allow(server).to receive(:scopes).and_return(server_scopes)
-          allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
-          allow(request).to receive(:scopes).and_return(application_scopes)
-          expect(subject).to be_valid
-        end
-
-        it "is invalid when scopes are not included in the application" do
-          application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
-          server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
-          allow(application).to receive(:scopes).and_return(application_scopes)
-          allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
-          allow(server).to receive(:scopes).and_return(server_scopes)
-          allow(request).to receive(:scopes).and_return(
-            Doorkeeper::OAuth::Scopes.from_string("email"),
-          )
-          expect(subject).not_to be_valid
-        end
-      end
     end
   end
 end

data/spec/lib/oauth/client_credentials_integration_spec.rb

@@ -2,14 +2,14 @@
 
 require "spec_helper"
 
-describe Doorkeeper::OAuth::ClientCredentialsRequest do
+RSpec.describe Doorkeeper::OAuth::ClientCredentialsRequest do
   let(:server) { Doorkeeper.configuration }
 
   context "with a valid request" do
-    let(:client) { FactoryBot.create :application }
+    let(:client) { Doorkeeper::OAuth::Client.new(FactoryBot.build_stubbed(:application)) }
 
     it "issues an access token" do
-      request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, {})
+      request = described_class.new(server, client, {})
       expect do
         request.authorize
       end.to change { Doorkeeper::AccessToken.count }.by(1)
@@ -18,10 +18,10 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
 
   describe "with an invalid request" do
     it "does not issue an access token" do
-      request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, nil, {})
+      request = described_class.new(server, nil, {})
       expect do
         request.authorize
-      end.to_not(change { Doorkeeper::AccessToken.count })
+      end.not_to(change { Doorkeeper::AccessToken.count })
     end
   end
 end

data/spec/lib/oauth/client_credentials_request_spec.rb

@@ -2,7 +2,9 @@
 
 require "spec_helper"
 
-describe Doorkeeper::OAuth::ClientCredentialsRequest do
+RSpec.describe Doorkeeper::OAuth::ClientCredentialsRequest do
+  subject { described_class.new(server, client) }
+
   let(:server) do
     double(
       default_scopes: nil,
@@ -17,11 +19,6 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
 
   before do
     allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-  end
-
-  subject { Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client) }
-
-  before do
     allow(subject).to receive(:issuer).and_return(token_creator)
   end
 
@@ -35,7 +32,7 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
     expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
   end
 
-  context "if issue was not created" do
+  context "when issue was not created" do
     before do
       issuer = double create: false, error: :invalid
       allow(subject).to receive(:issuer).and_return(issuer)
@@ -65,7 +62,7 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
     end
 
     it "issues an access token with requested scopes" do
-      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "email")
+      subject = described_class.new(server, client, scope: "email")
       allow(subject).to receive(:issuer).and_return(token_creator)
       expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
       subject.authorize
@@ -92,14 +89,14 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
     end
 
     it "delegates the error to issuer if no scope was requested" do
-      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client)
+      subject = described_class.new(server, client)
       subject.authorize
       expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
       expect(subject.error).to eq(:invalid_scope)
     end
 
     it "issues an access token with requested scopes" do
-      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "phone")
+      subject = described_class.new(server, client, scope: "phone")
       subject.authorize
       expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
       expect(subject.response.token.scopes_string).to eq("phone")

data/spec/lib/oauth/client_spec.rb

@@ -2,20 +2,20 @@
 
 require "spec_helper"
 
-describe Doorkeeper::OAuth::Client do
-  describe :find do
+RSpec.describe Doorkeeper::OAuth::Client do
+  describe ".find" do
     let(:method) { double }
 
     it "finds the client via uid" do
       client = double
       expect(method).to receive(:call).with("uid").and_return(client)
-      expect(Doorkeeper::OAuth::Client.find("uid", method))
-        .to be_a(Doorkeeper::OAuth::Client)
+      expect(described_class.find("uid", method))
+        .to be_a(described_class)
     end
 
     it "returns nil if client was not found" do
       expect(method).to receive(:call).with("uid").and_return(nil)
-      expect(Doorkeeper::OAuth::Client.find("uid", method)).to be_nil
+      expect(described_class.find("uid", method)).to be_nil
     end
   end
 
@@ -24,15 +24,15 @@ describe Doorkeeper::OAuth::Client do
       credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
       authenticator = double
       expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
-      expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator))
-        .to be_a(Doorkeeper::OAuth::Client)
+      expect(described_class.authenticate(credentials, authenticator))
+        .to be_a(described_class)
     end
 
     it "returns nil if client was not authenticated" do
       credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
       authenticator = double
       expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
-      expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator)).to be_nil
+      expect(described_class.authenticate(credentials, authenticator)).to be_nil
     end
   end
 end