doorkeeper-mongodb 5.2.1 → 5.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/doorkeeper-mongodb.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb +1 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb +76 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/base_mixin.rb +0 -8
- data/lib/doorkeeper-mongodb/mixins/mongoid/json_serializable.rb +17 -0
- data/lib/doorkeeper-mongodb/version.rb +1 -1
- data/spec/controllers/application_metal_controller_spec.rb +4 -4
- data/spec/controllers/applications_controller_spec.rb +198 -202
- data/spec/controllers/authorizations_controller_spec.rb +32 -31
- data/spec/controllers/protected_resources_controller_spec.rb +10 -10
- data/spec/controllers/token_info_controller_spec.rb +1 -1
- data/spec/controllers/tokens_controller_spec.rb +105 -62
- data/spec/doorkeeper/redirect_uri_validator_spec.rb +183 -0
- data/spec/{lib → doorkeeper}/server_spec.rb +5 -4
- data/spec/{lib → doorkeeper}/stale_records_cleaner_spec.rb +8 -7
- data/spec/{version → doorkeeper}/version_spec.rb +3 -3
- data/spec/dummy/log/test.log +4220 -4184
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{eS/eSL1QMz46gKLM0GR6S9fL6uyARPxOImcappZ9_ZtSyg.cache → Pm/PmheG0PGFqDws1qgFOxOyIL-gpMof3Ar9eSRKVLYuik.cache} +0 -0
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +23 -12
- data/spec/lib/doorkeeper_spec.rb +4 -4
- data/spec/lib/models/expirable_spec.rb +9 -9
- data/spec/lib/models/reusable_spec.rb +2 -2
- data/spec/lib/models/revocable_spec.rb +4 -7
- data/spec/lib/models/scopes_spec.rb +7 -7
- data/spec/lib/models/secret_storable_spec.rb +9 -8
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +23 -27
- data/spec/lib/oauth/authorization_code_request_spec.rb +6 -6
- data/spec/lib/oauth/base_request_spec.rb +11 -27
- data/spec/lib/oauth/base_response_spec.rb +2 -2
- data/spec/lib/oauth/client/credentials_spec.rb +25 -25
- data/spec/lib/oauth/client_credentials/creator_spec.rb +89 -91
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +84 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +72 -39
- data/spec/lib/oauth/client_credentials_integration_spec.rb +5 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +7 -10
- data/spec/lib/oauth/client_spec.rb +8 -8
- data/spec/lib/oauth/code_request_spec.rb +5 -5
- data/spec/lib/oauth/code_response_spec.rb +4 -4
- data/spec/lib/oauth/error_response_spec.rb +6 -5
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/forbidden_token_response_spec.rb +2 -2
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +37 -37
- data/spec/lib/oauth/helpers/unique_token_spec.rb +2 -2
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +54 -54
- data/spec/lib/oauth/invalid_request_response_spec.rb +6 -6
- data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
- data/spec/lib/oauth/password_access_token_request_spec.rb +10 -9
- data/spec/lib/oauth/pre_authorization_spec.rb +20 -8
- data/spec/lib/oauth/refresh_token_request_spec.rb +10 -10
- data/spec/lib/oauth/scopes_spec.rb +14 -14
- data/spec/lib/oauth/token_request_spec.rb +9 -9
- data/spec/lib/oauth/token_response_spec.rb +5 -5
- data/spec/lib/oauth/token_spec.rb +5 -5
- data/spec/lib/option_spec.rb +1 -1
- data/spec/lib/request/strategy_spec.rb +34 -37
- data/spec/lib/secret_storing/base_spec.rb +3 -2
- data/spec/lib/secret_storing/bcrypt_spec.rb +2 -1
- data/spec/lib/secret_storing/plain_spec.rb +2 -1
- data/spec/lib/secret_storing/sha256_hash_spec.rb +2 -1
- data/spec/models/doorkeeper/access_grant_spec.rb +7 -9
- data/spec/models/doorkeeper/access_token_spec.rb +20 -26
- data/spec/models/doorkeeper/application_spec.rb +83 -26
- data/spec/requests/applications/applications_request_spec.rb +91 -93
- data/spec/requests/endpoints/authorization_spec.rb +1 -1
- data/spec/requests/endpoints/token_spec.rb +22 -16
- data/spec/requests/flows/authorization_code_errors_spec.rb +12 -8
- data/spec/requests/flows/authorization_code_spec.rb +108 -79
- data/spec/requests/flows/client_credentials_spec.rb +57 -45
- data/spec/requests/flows/implicit_grant_spec.rb +4 -4
- data/spec/requests/flows/password_spec.rb +253 -213
- data/spec/requests/flows/refresh_token_spec.rb +53 -39
- data/spec/requests/flows/revoke_token_spec.rb +24 -24
- data/spec/requests/flows/skip_authorization_spec.rb +1 -1
- data/spec/requests/protected_resources/metal_spec.rb +2 -2
- data/spec/routing/custom_controller_routes_spec.rb +1 -1
- data/spec/routing/default_routes_spec.rb +1 -1
- data/spec/routing/scoped_routes_spec.rb +1 -1
- data/spec/support/helpers/request_spec_helper.rb +1 -13
- data/spec/support/helpers/url_helper.rb +2 -2
- data/spec/support/shared/controllers_shared_context.rb +5 -38
- data/spec/support/shared/hashing_shared_context.rb +4 -0
- data/spec/support/shared/models_shared_examples.rb +6 -6
- metadata +13 -10
|
@@ -2,7 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::CodeRequest do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::CodeRequest do
|
|
6
|
+
subject do
|
|
7
|
+
described_class.new(pre_auth, owner)
|
|
8
|
+
end
|
|
9
|
+
|
|
6
10
|
let(:pre_auth) do
|
|
7
11
|
server = Doorkeeper.configuration
|
|
8
12
|
allow(server)
|
|
@@ -26,10 +30,6 @@ describe Doorkeeper::OAuth::CodeRequest do
|
|
|
26
30
|
|
|
27
31
|
let(:owner) { FactoryBot.create(:resource_owner) }
|
|
28
32
|
|
|
29
|
-
subject do
|
|
30
|
-
described_class.new(pre_auth, owner)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
33
|
context "when pre_auth is authorized" do
|
|
34
34
|
it "creates an access grant and returns a code response" do
|
|
35
35
|
expect { subject.authorize }.to change { Doorkeeper::AccessGrant.count }.by(1)
|
|
@@ -2,9 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::CodeResponse do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::CodeResponse do
|
|
6
6
|
describe "#redirect_uri" do
|
|
7
7
|
context "when generating the redirect URI for an implicit grant" do
|
|
8
|
+
subject { described_class.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
|
|
9
|
+
|
|
8
10
|
let :pre_auth do
|
|
9
11
|
double(
|
|
10
12
|
:pre_auth,
|
|
@@ -21,13 +23,11 @@ describe Doorkeeper::OAuth::CodeResponse do
|
|
|
21
23
|
|
|
22
24
|
let :auth do
|
|
23
25
|
Doorkeeper::OAuth::Authorization::Token.new(pre_auth, owner).tap do |c|
|
|
24
|
-
c.issue_token
|
|
26
|
+
c.issue_token!
|
|
25
27
|
allow(c.token).to receive(:expires_in_seconds).and_return(3600)
|
|
26
28
|
end
|
|
27
29
|
end
|
|
28
30
|
|
|
29
|
-
subject { described_class.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
|
|
30
|
-
|
|
31
31
|
it "includes the remaining TTL of the token relative to the time the token was generated" do
|
|
32
32
|
expect(subject).to include("expires_in=3600")
|
|
33
33
|
end
|
|
@@ -2,13 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::ErrorResponse do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::ErrorResponse do
|
|
6
6
|
describe "#status" do
|
|
7
|
-
it "
|
|
7
|
+
it "has a status of bad_request" do
|
|
8
8
|
expect(subject.status).to eq(:bad_request)
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
it "
|
|
11
|
+
it "has a status of unauthorized for an invalid_client error" do
|
|
12
12
|
subject = described_class.new(name: :invalid_client)
|
|
13
13
|
|
|
14
14
|
expect(subject.status).to eq(:unauthorized)
|
|
@@ -48,15 +48,16 @@ describe Doorkeeper::OAuth::ErrorResponse do
|
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
describe ".headers" do
|
|
51
|
-
let(:error_response) { described_class.new(name: :some_error, state: :some_state) }
|
|
52
51
|
subject { error_response.headers }
|
|
53
52
|
|
|
53
|
+
let(:error_response) { described_class.new(name: :some_error, state: :some_state) }
|
|
54
|
+
|
|
54
55
|
it { expect(subject).to include "WWW-Authenticate" }
|
|
55
56
|
|
|
56
57
|
describe "WWW-Authenticate header" do
|
|
57
58
|
subject { error_response.headers["WWW-Authenticate"] }
|
|
58
59
|
|
|
59
|
-
it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
|
|
60
|
+
it { expect(subject).to include("realm=\"#{error_response.send(:realm)}\"") }
|
|
60
61
|
it { expect(subject).to include("error=\"#{error_response.name}\"") }
|
|
61
62
|
it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
|
|
62
63
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::ForbiddenTokenResponse do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::ForbiddenTokenResponse do
|
|
6
6
|
describe "#name" do
|
|
7
7
|
it { expect(subject.name).to eq(:invalid_scope) }
|
|
8
8
|
end
|
|
@@ -12,7 +12,7 @@ describe Doorkeeper::OAuth::ForbiddenTokenResponse do
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
describe ".from_scopes" do
|
|
15
|
-
it "
|
|
15
|
+
it "have a list of acceptable scopes" do
|
|
16
16
|
response = described_class.from_scopes(["public"])
|
|
17
17
|
expect(response.description).to include("public")
|
|
18
18
|
end
|
|
@@ -8,31 +8,31 @@ module Doorkeeper::OAuth::Helpers
|
|
|
8
8
|
|
|
9
9
|
it "is valid if scope is present" do
|
|
10
10
|
server_scopes.add :scope
|
|
11
|
-
expect(
|
|
11
|
+
expect(described_class).to be_valid(scope_str: "scope", server_scopes: server_scopes)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
it "is invalid if includes tabs space" do
|
|
15
|
-
expect(
|
|
15
|
+
expect(described_class).not_to be_valid(scope_str: "\tsomething", server_scopes: server_scopes)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
it "is invalid if scope is not present" do
|
|
19
|
-
expect(
|
|
19
|
+
expect(described_class).not_to be_valid(scope_str: nil, server_scopes: server_scopes)
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
it "is invalid if scope is blank" do
|
|
23
|
-
expect(
|
|
23
|
+
expect(described_class).not_to be_valid(scope_str: " ", server_scopes: server_scopes)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
it "is invalid if includes return space" do
|
|
27
|
-
expect(
|
|
27
|
+
expect(described_class).not_to be_valid(scope_str: "scope\r", server_scopes: server_scopes)
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
it "is invalid if includes new lines" do
|
|
31
|
-
expect(
|
|
31
|
+
expect(described_class).not_to be_valid(scope_str: "scope\nanother", server_scopes: server_scopes)
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
it "is invalid if any scope is not included in server scopes" do
|
|
35
|
-
expect(
|
|
35
|
+
expect(described_class).not_to be_valid(scope_str: "scope another", server_scopes: server_scopes)
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
context "with application_scopes" do
|
|
@@ -44,19 +44,19 @@ module Doorkeeper::OAuth::Helpers
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
it "is valid if scope is included in the application scope list" do
|
|
47
|
-
expect(
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
47
|
+
expect(described_class).to be_valid(
|
|
48
|
+
scope_str: "app123",
|
|
49
|
+
server_scopes: server_scopes,
|
|
50
|
+
app_scopes: application_scopes,
|
|
51
|
+
)
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
it "is invalid if any scope is not included in the application" do
|
|
55
|
-
expect(
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
55
|
+
expect(described_class).not_to be_valid(
|
|
56
|
+
scope_str: "svr",
|
|
57
|
+
server_scopes: server_scopes,
|
|
58
|
+
app_scopes: application_scopes,
|
|
59
|
+
)
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
62
|
|
|
@@ -67,19 +67,19 @@ module Doorkeeper::OAuth::Helpers
|
|
|
67
67
|
|
|
68
68
|
context "with scopes_by_grant_type not configured for grant_type" do
|
|
69
69
|
it "is valid if the scope is in server scopes" do
|
|
70
|
-
expect(
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
70
|
+
expect(described_class).to be_valid(
|
|
71
|
+
scope_str: "scope1",
|
|
72
|
+
server_scopes: server_scopes,
|
|
73
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
74
|
+
)
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
it "is invalid if the scope is not in server scopes" do
|
|
78
|
-
expect(
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
78
|
+
expect(described_class).not_to be_valid(
|
|
79
|
+
scope_str: "unknown",
|
|
80
|
+
server_scopes: server_scopes,
|
|
81
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
82
|
+
)
|
|
83
83
|
end
|
|
84
84
|
end
|
|
85
85
|
|
|
@@ -90,19 +90,19 @@ module Doorkeeper::OAuth::Helpers
|
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
it "is valid if the scope is permitted for grant_type" do
|
|
93
|
-
expect(
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
93
|
+
expect(described_class).to be_valid(
|
|
94
|
+
scope_str: "scope1",
|
|
95
|
+
server_scopes: server_scopes,
|
|
96
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
97
|
+
)
|
|
98
98
|
end
|
|
99
99
|
|
|
100
100
|
it "is invalid if the scope is permitted for grant_type" do
|
|
101
|
-
expect(
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
101
|
+
expect(described_class).not_to be_valid(
|
|
102
|
+
scope_str: "scope2",
|
|
103
|
+
server_scopes: server_scopes,
|
|
104
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
105
|
+
)
|
|
106
106
|
end
|
|
107
107
|
end
|
|
108
108
|
end
|
|
@@ -9,12 +9,12 @@ module Doorkeeper::OAuth::Helpers
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
it "is able to customize the generator method" do
|
|
12
|
-
token =
|
|
12
|
+
token = described_class.generate(generator: generator)
|
|
13
13
|
expect(token).to eq("a" * 32)
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
it "is able to customize the size of the token" do
|
|
17
|
-
token =
|
|
17
|
+
token = described_class.generate(generator: generator, size: 2)
|
|
18
18
|
expect(token).to eq("aa")
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -7,142 +7,142 @@ module Doorkeeper::OAuth::Helpers
|
|
|
7
7
|
describe ".valid?" do
|
|
8
8
|
it "is valid for valid uris" do
|
|
9
9
|
uri = "http://app.co"
|
|
10
|
-
expect(
|
|
10
|
+
expect(described_class).to be_valid(uri)
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
it "is valid if include path param" do
|
|
14
14
|
uri = "http://app.co/path"
|
|
15
|
-
expect(
|
|
15
|
+
expect(described_class).to be_valid(uri)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
it "is valid if include query param" do
|
|
19
19
|
uri = "http://app.co/?query=1"
|
|
20
|
-
expect(
|
|
20
|
+
expect(described_class).to be_valid(uri)
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
it "is invalid if uri includes fragment" do
|
|
24
24
|
uri = "http://app.co/test#fragment"
|
|
25
|
-
expect(
|
|
25
|
+
expect(described_class).not_to be_valid(uri)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
it "is invalid if scheme is missing" do
|
|
29
29
|
uri = "app.co"
|
|
30
|
-
expect(
|
|
30
|
+
expect(described_class).not_to be_valid(uri)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
it "is invalid if is a relative uri" do
|
|
34
34
|
uri = "/abc/123"
|
|
35
|
-
expect(
|
|
35
|
+
expect(described_class).not_to be_valid(uri)
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
it "is invalid if is not a url" do
|
|
39
39
|
uri = "http://"
|
|
40
|
-
expect(
|
|
40
|
+
expect(described_class).not_to be_valid(uri)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
it "is invalid if localhost is resolved as as scheme (no scheme specified)" do
|
|
44
44
|
uri = "localhost:8080"
|
|
45
|
-
expect(
|
|
45
|
+
expect(described_class).not_to be_valid(uri)
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
it "is invalid if scheme is missing #2" do
|
|
49
49
|
uri = "app.co:80"
|
|
50
|
-
expect(
|
|
50
|
+
expect(described_class).not_to be_valid(uri)
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
it "is invalid if is not an uri" do
|
|
54
54
|
uri = " "
|
|
55
|
-
expect(
|
|
55
|
+
expect(described_class).not_to be_valid(uri)
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
it "is valid for custom schemes" do
|
|
59
59
|
uri = "com.example.app:/test"
|
|
60
|
-
expect(
|
|
60
|
+
expect(described_class).to be_valid(uri)
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
it "is valid for custom schemes with authority marker (common misconfiguration)" do
|
|
64
64
|
uri = "com.example.app://test"
|
|
65
|
-
expect(
|
|
65
|
+
expect(described_class).to be_valid(uri)
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
describe ".matches?" do
|
|
70
70
|
it "is true if both url matches" do
|
|
71
71
|
uri = client_uri = "http://app.co/aaa"
|
|
72
|
-
expect(
|
|
72
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
it "ignores query parameter on
|
|
75
|
+
it "ignores query parameter on comparison" do
|
|
76
76
|
uri = "http://app.co/?query=hello"
|
|
77
77
|
client_uri = "http://app.co"
|
|
78
|
-
expect(
|
|
78
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
it "doesn't allow non-matching domains through" do
|
|
82
82
|
uri = "http://app.abc/?query=hello"
|
|
83
83
|
client_uri = "http://app.co"
|
|
84
|
-
expect(
|
|
84
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
85
85
|
end
|
|
86
86
|
|
|
87
87
|
it "doesn't allow non-matching domains that don't start at the beginning" do
|
|
88
88
|
uri = "http://app.co/?query=hello"
|
|
89
89
|
client_uri = "http://example.com?app.co=test"
|
|
90
|
-
expect(
|
|
90
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
91
91
|
end
|
|
92
92
|
|
|
93
|
-
context "loopback IP redirect URIs" do
|
|
93
|
+
context "when loopback IP redirect URIs" do
|
|
94
94
|
it "ignores port for same URIs" do
|
|
95
95
|
uri = "http://127.0.0.1:5555/auth/callback"
|
|
96
96
|
client_uri = "http://127.0.0.1:48599/auth/callback"
|
|
97
|
-
expect(
|
|
97
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
98
98
|
|
|
99
99
|
uri = "http://[::1]:5555/auth/callback"
|
|
100
100
|
client_uri = "http://[::1]:5555/auth/callback"
|
|
101
|
-
expect(
|
|
101
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
it "doesn't ignore port for URIs with different queries" do
|
|
105
105
|
uri = "http://127.0.0.1:5555/auth/callback"
|
|
106
106
|
client_uri = "http://127.0.0.1:48599/auth/callback2"
|
|
107
|
-
expect(
|
|
107
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
108
108
|
end
|
|
109
109
|
end
|
|
110
110
|
|
|
111
|
-
context "client registered query params" do
|
|
111
|
+
context "when client registered query params" do
|
|
112
112
|
it "doesn't allow query being absent" do
|
|
113
113
|
uri = "http://app.co"
|
|
114
114
|
client_uri = "http://app.co/?vendorId=AJ4L7XXW9"
|
|
115
|
-
expect(
|
|
115
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
116
116
|
end
|
|
117
117
|
|
|
118
118
|
it "is false if query values differ but key same" do
|
|
119
119
|
uri = "http://app.co/?vendorId=pancakes"
|
|
120
120
|
client_uri = "http://app.co/?vendorId=waffles"
|
|
121
|
-
expect(
|
|
121
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
122
122
|
end
|
|
123
123
|
|
|
124
124
|
it "is false if query values same but key differs" do
|
|
125
125
|
uri = "http://app.co/?foo=pancakes"
|
|
126
126
|
client_uri = "http://app.co/?bar=pancakes"
|
|
127
|
-
expect(
|
|
127
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
128
128
|
end
|
|
129
129
|
|
|
130
130
|
it "is false if query present and match, but unknown queries present" do
|
|
131
131
|
uri = "http://app.co/?vendorId=pancakes&unknown=query"
|
|
132
132
|
client_uri = "http://app.co/?vendorId=waffles"
|
|
133
|
-
expect(
|
|
133
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
134
134
|
end
|
|
135
135
|
|
|
136
136
|
it "is true if queries are present and matche" do
|
|
137
137
|
uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
|
|
138
138
|
client_uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
|
|
139
|
-
expect(
|
|
139
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
142
|
it "is true if queries are present, match and in different order" do
|
|
143
143
|
uri = "http://app.co/?bing=bang&foo=bar"
|
|
144
144
|
client_uri = "http://app.co/?foo=bar&bing=bang"
|
|
145
|
-
expect(
|
|
145
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
146
146
|
end
|
|
147
147
|
end
|
|
148
148
|
end
|
|
@@ -150,112 +150,112 @@ module Doorkeeper::OAuth::Helpers
|
|
|
150
150
|
describe ".valid_for_authorization?" do
|
|
151
151
|
it "is true if valid and matches" do
|
|
152
152
|
uri = client_uri = "http://app.co/aaa"
|
|
153
|
-
expect(
|
|
153
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
154
154
|
|
|
155
155
|
uri = client_uri = "http://app.co/aaa?b=c"
|
|
156
|
-
expect(
|
|
156
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
157
157
|
end
|
|
158
158
|
|
|
159
159
|
it "is true if uri includes blank query" do
|
|
160
160
|
uri = client_uri = "http://app.co/aaa?"
|
|
161
|
-
expect(
|
|
161
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
162
162
|
|
|
163
163
|
uri = "http://app.co/aaa?"
|
|
164
164
|
client_uri = "http://app.co/aaa"
|
|
165
|
-
expect(
|
|
165
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
166
166
|
|
|
167
167
|
uri = "http://app.co/aaa"
|
|
168
168
|
client_uri = "http://app.co/aaa?"
|
|
169
|
-
expect(
|
|
169
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
170
170
|
end
|
|
171
171
|
|
|
172
172
|
it "is false if valid and mismatches" do
|
|
173
173
|
uri = "http://app.co/aaa"
|
|
174
174
|
client_uri = "http://app.co/bbb"
|
|
175
|
-
expect(
|
|
175
|
+
expect(described_class).not_to be_valid_for_authorization(uri, client_uri)
|
|
176
176
|
end
|
|
177
177
|
|
|
178
178
|
it "is true if valid and included in array" do
|
|
179
179
|
uri = "http://app.co/aaa"
|
|
180
180
|
client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
|
|
181
|
-
expect(
|
|
181
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
it "is false if valid and not included in array" do
|
|
185
185
|
uri = "http://app.co/aaa"
|
|
186
186
|
client_uri = "http://example.com/bbb\nhttp://app.co/cc"
|
|
187
|
-
expect(
|
|
187
|
+
expect(described_class).not_to be_valid_for_authorization(uri, client_uri)
|
|
188
188
|
end
|
|
189
189
|
|
|
190
190
|
it "is false if queries does not match" do
|
|
191
191
|
uri = "http://app.co/aaa?pankcakes=abc"
|
|
192
192
|
client_uri = "http://app.co/aaa?waffles=abc"
|
|
193
|
-
expect(
|
|
193
|
+
expect(described_class.valid_for_authorization?(uri, client_uri)).to be false
|
|
194
194
|
end
|
|
195
195
|
|
|
196
196
|
it "calls .matches?" do
|
|
197
197
|
uri = "http://app.co/aaa?pankcakes=abc"
|
|
198
198
|
client_uri = "http://app.co/aaa?waffles=abc"
|
|
199
|
-
expect(
|
|
200
|
-
|
|
199
|
+
expect(described_class).to receive(:matches?).with(uri, client_uri).once
|
|
200
|
+
described_class.valid_for_authorization?(uri, client_uri)
|
|
201
201
|
end
|
|
202
202
|
|
|
203
203
|
it "calls .valid?" do
|
|
204
204
|
uri = "http://app.co/aaa?pankcakes=abc"
|
|
205
205
|
client_uri = "http://app.co/aaa?waffles=abc"
|
|
206
|
-
expect(
|
|
207
|
-
|
|
206
|
+
expect(described_class).to receive(:valid?).with(uri).once
|
|
207
|
+
described_class.valid_for_authorization?(uri, client_uri)
|
|
208
208
|
end
|
|
209
209
|
end
|
|
210
210
|
|
|
211
211
|
describe ".query_matches?" do
|
|
212
212
|
it "is true if no queries" do
|
|
213
|
-
expect(
|
|
214
|
-
expect(
|
|
213
|
+
expect(described_class).to be_query_matches("", "")
|
|
214
|
+
expect(described_class).to be_query_matches(nil, nil)
|
|
215
215
|
end
|
|
216
216
|
|
|
217
217
|
it "is true if same query" do
|
|
218
|
-
expect(
|
|
218
|
+
expect(described_class).to be_query_matches("foo", "foo")
|
|
219
219
|
end
|
|
220
220
|
|
|
221
221
|
it "is false if different query" do
|
|
222
|
-
expect(
|
|
222
|
+
expect(described_class).not_to be_query_matches("foo", "bar")
|
|
223
223
|
end
|
|
224
224
|
|
|
225
225
|
it "is true if same queries" do
|
|
226
|
-
expect(
|
|
226
|
+
expect(described_class).to be_query_matches("foo&bar", "foo&bar")
|
|
227
227
|
end
|
|
228
228
|
|
|
229
229
|
it "is true if same queries, different order" do
|
|
230
|
-
expect(
|
|
230
|
+
expect(described_class).to be_query_matches("foo&bar", "bar&foo")
|
|
231
231
|
end
|
|
232
232
|
|
|
233
233
|
it "is false if one different query" do
|
|
234
|
-
expect(
|
|
234
|
+
expect(described_class).not_to be_query_matches("foo&bang", "foo&bing")
|
|
235
235
|
end
|
|
236
236
|
|
|
237
237
|
it "is true if same query with same value" do
|
|
238
|
-
expect(
|
|
238
|
+
expect(described_class).to be_query_matches("foo=bar", "foo=bar")
|
|
239
239
|
end
|
|
240
240
|
|
|
241
241
|
it "is true if same queries with same values" do
|
|
242
|
-
expect(
|
|
242
|
+
expect(described_class).to be_query_matches("foo=bar&bing=bang", "foo=bar&bing=bang")
|
|
243
243
|
end
|
|
244
244
|
|
|
245
245
|
it "is true if same queries with same values, different order" do
|
|
246
|
-
expect(
|
|
246
|
+
expect(described_class).to be_query_matches("foo=bar&bing=bang", "bing=bang&foo=bar")
|
|
247
247
|
end
|
|
248
248
|
|
|
249
249
|
it "is false if same query with different value" do
|
|
250
|
-
expect(
|
|
250
|
+
expect(described_class).not_to be_query_matches("foo=bar", "foo=bang")
|
|
251
251
|
end
|
|
252
252
|
|
|
253
253
|
it "is false if some queries missing" do
|
|
254
|
-
expect(
|
|
254
|
+
expect(described_class).not_to be_query_matches("foo=bar", "foo=bar&bing=bang")
|
|
255
255
|
end
|
|
256
256
|
|
|
257
257
|
it "is false if some queries different value" do
|
|
258
|
-
expect(
|
|
258
|
+
expect(described_class).not_to be_query_matches("foo=bar&bing=bang", "foo=bar&bing=banana")
|
|
259
259
|
end
|
|
260
260
|
end
|
|
261
261
|
end
|