RubyGems - doorkeeper-mongodb - Versions diffs - 5.2.1 → 5.2.2 - Mend

doorkeeper-mongodb 5.2.1 → 5.2.2

Files changed (87) hide show

checksums.yaml +4 -4
data/lib/doorkeeper-mongodb.rb +1 -0
data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb +1 -0
data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb +1 -0
data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb +76 -0
data/lib/doorkeeper-mongodb/mixins/mongoid/base_mixin.rb +0 -8
data/lib/doorkeeper-mongodb/mixins/mongoid/json_serializable.rb +17 -0
data/lib/doorkeeper-mongodb/version.rb +1 -1
data/spec/controllers/application_metal_controller_spec.rb +4 -4
data/spec/controllers/applications_controller_spec.rb +198 -202
data/spec/controllers/authorizations_controller_spec.rb +32 -31
data/spec/controllers/protected_resources_controller_spec.rb +10 -10
data/spec/controllers/token_info_controller_spec.rb +1 -1
data/spec/controllers/tokens_controller_spec.rb +105 -62
data/spec/doorkeeper/redirect_uri_validator_spec.rb +183 -0
data/spec/{lib → doorkeeper}/server_spec.rb +5 -4
data/spec/{lib → doorkeeper}/stale_records_cleaner_spec.rb +8 -7
data/spec/{version → doorkeeper}/version_spec.rb +3 -3
data/spec/dummy/log/test.log +4220 -4184
data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{eS/eSL1QMz46gKLM0GR6S9fL6uyARPxOImcappZ9_ZtSyg.cache → Pm/PmheG0PGFqDws1qgFOxOyIL-gpMof3Ar9eSRKVLYuik.cache} +0 -0
data/spec/grape/grape_integration_spec.rb +1 -1
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +23 -12
data/spec/lib/doorkeeper_spec.rb +4 -4
data/spec/lib/models/expirable_spec.rb +9 -9
data/spec/lib/models/reusable_spec.rb +2 -2
data/spec/lib/models/revocable_spec.rb +4 -7
data/spec/lib/models/scopes_spec.rb +7 -7
data/spec/lib/models/secret_storable_spec.rb +9 -8
data/spec/lib/oauth/authorization/uri_builder_spec.rb +23 -27
data/spec/lib/oauth/authorization_code_request_spec.rb +6 -6
data/spec/lib/oauth/base_request_spec.rb +11 -27
data/spec/lib/oauth/base_response_spec.rb +2 -2
data/spec/lib/oauth/client/credentials_spec.rb +25 -25
data/spec/lib/oauth/client_credentials/creator_spec.rb +89 -91
data/spec/lib/oauth/client_credentials/issuer_spec.rb +84 -86
data/spec/lib/oauth/client_credentials/validation_spec.rb +72 -39
data/spec/lib/oauth/client_credentials_integration_spec.rb +5 -5
data/spec/lib/oauth/client_credentials_request_spec.rb +7 -10
data/spec/lib/oauth/client_spec.rb +8 -8
data/spec/lib/oauth/code_request_spec.rb +5 -5
data/spec/lib/oauth/code_response_spec.rb +4 -4
data/spec/lib/oauth/error_response_spec.rb +6 -5
data/spec/lib/oauth/error_spec.rb +1 -1
data/spec/lib/oauth/forbidden_token_response_spec.rb +2 -2
data/spec/lib/oauth/helpers/scope_checker_spec.rb +37 -37
data/spec/lib/oauth/helpers/unique_token_spec.rb +2 -2
data/spec/lib/oauth/helpers/uri_checker_spec.rb +54 -54
data/spec/lib/oauth/invalid_request_response_spec.rb +6 -6
data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
data/spec/lib/oauth/password_access_token_request_spec.rb +10 -9
data/spec/lib/oauth/pre_authorization_spec.rb +20 -8
data/spec/lib/oauth/refresh_token_request_spec.rb +10 -10
data/spec/lib/oauth/scopes_spec.rb +14 -14
data/spec/lib/oauth/token_request_spec.rb +9 -9
data/spec/lib/oauth/token_response_spec.rb +5 -5
data/spec/lib/oauth/token_spec.rb +5 -5
data/spec/lib/option_spec.rb +1 -1
data/spec/lib/request/strategy_spec.rb +34 -37
data/spec/lib/secret_storing/base_spec.rb +3 -2
data/spec/lib/secret_storing/bcrypt_spec.rb +2 -1
data/spec/lib/secret_storing/plain_spec.rb +2 -1
data/spec/lib/secret_storing/sha256_hash_spec.rb +2 -1
data/spec/models/doorkeeper/access_grant_spec.rb +7 -9
data/spec/models/doorkeeper/access_token_spec.rb +20 -26
data/spec/models/doorkeeper/application_spec.rb +83 -26
data/spec/requests/applications/applications_request_spec.rb +91 -93
data/spec/requests/endpoints/authorization_spec.rb +1 -1
data/spec/requests/endpoints/token_spec.rb +22 -16
data/spec/requests/flows/authorization_code_errors_spec.rb +12 -8
data/spec/requests/flows/authorization_code_spec.rb +108 -79
data/spec/requests/flows/client_credentials_spec.rb +57 -45
data/spec/requests/flows/implicit_grant_spec.rb +4 -4
data/spec/requests/flows/password_spec.rb +253 -213
data/spec/requests/flows/refresh_token_spec.rb +53 -39
data/spec/requests/flows/revoke_token_spec.rb +24 -24
data/spec/requests/flows/skip_authorization_spec.rb +1 -1
data/spec/requests/protected_resources/metal_spec.rb +2 -2
data/spec/routing/custom_controller_routes_spec.rb +1 -1
data/spec/routing/default_routes_spec.rb +1 -1
data/spec/routing/scoped_routes_spec.rb +1 -1
data/spec/support/helpers/request_spec_helper.rb +1 -13
data/spec/support/helpers/url_helper.rb +2 -2
data/spec/support/shared/controllers_shared_context.rb +5 -38
data/spec/support/shared/hashing_shared_context.rb +4 -0
data/spec/support/shared/models_shared_examples.rb +6 -6
metadata +13 -10

data/spec/lib/oauth/invalid_request_response_spec.rb CHANGED

@@ -2,7 +2,7 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::InvalidRequestResponse do
+RSpec.describe Doorkeeper::OAuth::InvalidRequestResponse do
   describe "#name" do
     it { expect(subject.name).to eq(:invalid_request) }
   end
@@ -14,7 +14,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
   describe ".from_request" do
     let(:response) { described_class.from_request(request) }
-    context "missing param" do
+    context "when param missed" do
       let(:request) { double(missing_param: "some_param") }
       it "sets a description" do
@@ -28,7 +28,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
       end
     end
-    context "server doesn't support_pkce" do
+    context "when server doesn't support PKCE" do
       let(:request) { double(invalid_request_reason: :not_support_pkce) }
       it "sets a description" do
@@ -42,7 +42,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
       end
     end
-    context "request is not authorized" do
+    context "when request is not authorized" do
       let(:request) { double(invalid_request_reason: :request_not_authorized) }
       it "sets a description" do
@@ -56,7 +56,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
       end
     end
-    context "unknown reason" do
+    context "when unknown reason" do
       let(:request) { double(invalid_request_reason: :unknown_reason) }
       it "sets a description" do
@@ -65,7 +65,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
         )
       end
-      it "unknown reason" do
+      it "sets the reason to unknown" do
         expect(response.reason).to eq(:unknown_reason)
       end
     end

data/spec/lib/oauth/invalid_token_response_spec.rb CHANGED

@@ -2,7 +2,7 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::InvalidTokenResponse do
+RSpec.describe Doorkeeper::OAuth::InvalidTokenResponse do
   describe "#name" do
     it { expect(subject.name).to eq(:invalid_token) }
   end
@@ -14,7 +14,7 @@ describe Doorkeeper::OAuth::InvalidTokenResponse do
   describe ".from_access_token" do
     let(:response) { described_class.from_access_token(access_token) }
-    context "revoked" do
+    context "when token revoked" do
       let(:access_token) { double(revoked?: true, expired?: true) }
       it "sets a description" do
@@ -26,7 +26,7 @@ describe Doorkeeper::OAuth::InvalidTokenResponse do
       end
     end
-    context "expired" do
+    context "when token expired" do
       let(:access_token) { double(revoked?: false, expired?: true) }
       it "sets a description" do
@@ -38,7 +38,7 @@ describe Doorkeeper::OAuth::InvalidTokenResponse do
       end
     end
-    context "unknown" do
+    context "when unknown" do
       let(:access_token) { double(revoked?: false, expired?: false) }
       it "sets a description" do

data/spec/lib/oauth/password_access_token_request_spec.rb CHANGED

@@ -2,7 +2,11 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
+RSpec.describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
+  subject do
+    described_class.new(server, client, owner)
+  end
   let(:server) do
     double(
       :server,
@@ -14,23 +18,20 @@ describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
       },
     )
   end
-  let(:client) { FactoryBot.create(:application) }
-  let(:owner)  { FactoryBot.create(:resource_owner) }
+  let(:client) { Doorkeeper::OAuth::Client.new(FactoryBot.create(:application)) }
+  let(:application) { client.application }
+  let(:owner) { FactoryBot.build_stubbed(:resource_owner) }
   before do
     allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
   end
-  subject do
-    described_class.new(server, client, owner)
-  end
   it "issues a new token for the client" do
     expect do
       subject.authorize
-    end.to change { client.reload.access_tokens.count }.by(1)
+    end.to change { application.reload.access_tokens.count }.by(1)
-    expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
+    expect(application.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
   end
   it "issues a new token without a client" do

data/spec/lib/oauth/pre_authorization_spec.rb CHANGED

@@ -2,7 +2,11 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::PreAuthorization do
+RSpec.describe Doorkeeper::OAuth::PreAuthorization do
+  subject do
+    described_class.new(server, attributes)
+  end
   let(:server) do
     server = Doorkeeper.configuration
     allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("default"))
@@ -23,10 +27,6 @@ describe Doorkeeper::OAuth::PreAuthorization do
     }
   end
-  subject do
-    described_class.new(server, attributes)
-  end
   it "is authorizable when request is valid" do
     expect(subject).to be_authorizable
   end
@@ -77,7 +77,19 @@ describe Doorkeeper::OAuth::PreAuthorization do
     end
   end
-  context "client application does not restrict valid scopes" do
+  context "when grant flow is client credentials & redirect_uri is nil" do
+    before do
+      allow(server).to receive(:grant_flows).and_return(["client_credentials"])
+      allow(Doorkeeper.configuration).to receive(:allow_grant_flow_for_client?).and_return(false)
+      application.update_column :redirect_uri, nil
+    end
+    it "is not authorizable" do
+      expect(subject).not_to be_authorizable
+    end
+  end
+  context "when client application does not restrict valid scopes" do
     it "accepts valid scopes" do
       attributes[:scope] = "public"
       expect(subject).to be_authorizable
@@ -101,7 +113,7 @@ describe Doorkeeper::OAuth::PreAuthorization do
     end
   end
-  context "client application restricts valid scopes" do
+  context "when client application restricts valid scopes" do
     let(:application) do
       FactoryBot.create(:application, scopes: Doorkeeper::OAuth::Scopes.from_string("public nonsense"))
     end
@@ -118,7 +130,7 @@ describe Doorkeeper::OAuth::PreAuthorization do
     it "rejects (application level) non-valid scopes" do
       attributes[:scope] = "profile"
-      expect(subject).to_not be_authorizable
+      expect(subject).not_to be_authorizable
     end
     it "accepts scopes which are permitted for grant_type" do

data/spec/lib/oauth/refresh_token_request_spec.rb CHANGED

@@ -2,7 +2,9 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::RefreshTokenRequest do
+RSpec.describe Doorkeeper::OAuth::RefreshTokenRequest do
+  subject { described_class.new(server, refresh_token, credentials) }
   let(:server) do
     double :server, access_token_expires_in: 2.minutes
   end
@@ -19,8 +21,6 @@ describe Doorkeeper::OAuth::RefreshTokenRequest do
     allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
   end
-  subject { described_class.new(server, refresh_token, credentials) }
   it "issues a new token for the client" do
     expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
     # #sort_by used for MongoDB ORM extensions for valid ordering
@@ -38,7 +38,7 @@ describe Doorkeeper::OAuth::RefreshTokenRequest do
   end
   it "revokes the previous token" do
-    expect { subject.authorize }.to change { refresh_token.revoked? }.from(false).to(true)
+    expect { subject.authorize }.to change(refresh_token, :revoked?).from(false).to(true)
   end
   it "calls configured request callback methods" do
@@ -87,7 +87,7 @@ describe Doorkeeper::OAuth::RefreshTokenRequest do
     expect(subject).to be_valid
   end
-  context "refresh tokens expire on access token use" do
+  context "when refresh tokens expire on access token use" do
     before do
       allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(true)
     end
@@ -110,17 +110,19 @@ describe Doorkeeper::OAuth::RefreshTokenRequest do
     end
   end
-  context "clientless access tokens" do
-    let!(:refresh_token) { FactoryBot.create(:clientless_access_token, use_refresh_token: true) }
+  context "with clientless access tokens" do
     subject { described_class.new server, refresh_token, nil }
+    let!(:refresh_token) { FactoryBot.create(:clientless_access_token, use_refresh_token: true) }
     it "issues a new token without a client" do
       expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
     end
   end
   context "with scopes" do
+    subject { described_class.new server, refresh_token, credentials, parameters }
     let(:refresh_token) do
       FactoryBot.create :access_token,
                         use_refresh_token: true,
@@ -128,8 +130,6 @@ describe Doorkeeper::OAuth::RefreshTokenRequest do
     end
     let(:parameters) { {} }
-    subject { described_class.new server, refresh_token, credentials, parameters }
     it "transfers scopes from the old token to the new token" do
       subject.authorize
       expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public write])

data/spec/lib/oauth/scopes_spec.rb CHANGED

@@ -2,7 +2,7 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::Scopes do
+RSpec.describe Doorkeeper::OAuth::Scopes do
   describe "#add" do
     it "allows you to add scopes with symbols" do
       subject.add :public
@@ -27,28 +27,28 @@ describe Doorkeeper::OAuth::Scopes do
     end
     it "returns true if scope with given name is present" do
-      expect(subject.exists?("public")).to be_truthy
+      expect(subject).to exist("public")
     end
     it "returns false if scope with given name does not exist" do
-      expect(subject.exists?("other")).to be_falsey
+      expect(subject).not_to exist("other")
     end
     it "handles symbols" do
-      expect(subject.exists?(:public)).to be_truthy
-      expect(subject.exists?(:other)).to be_falsey
+      expect(subject).to exist(:public)
+      expect(subject).not_to exist(:other)
     end
   end
   describe ".from_string" do
-    let(:string) { "public write" }
     subject { described_class.from_string(string) }
+    let(:string) { "public write" }
     it { expect(subject).to be_a(described_class) }
     describe "#all" do
-      it "should be an array of the expected scopes" do
+      it "is an array of the expected scopes" do
         scopes_array = subject.all
         expect(scopes_array.size).to eq(2)
         expect(scopes_array).to include("public")
@@ -120,27 +120,27 @@ describe Doorkeeper::OAuth::Scopes do
     subject { described_class.from_string("public admin") }
     it "returns true when at least one scope is included" do
-      expect(subject.has_scopes?(described_class.from_string("public"))).to be_truthy
+      expect(subject).to have_scopes(described_class.from_string("public"))
     end
     it "returns true when all scopes are included" do
-      expect(subject.has_scopes?(described_class.from_string("public admin"))).to be_truthy
+      expect(subject).to have_scopes(described_class.from_string("public admin"))
     end
     it "is true if all scopes are included in any order" do
-      expect(subject.has_scopes?(described_class.from_string("admin public"))).to be_truthy
+      expect(subject).to have_scopes(described_class.from_string("admin public"))
     end
     it "is false if no scopes are included" do
-      expect(subject.has_scopes?(described_class.from_string("notexistent"))).to be_falsey
+      expect(subject).not_to have_scopes(described_class.from_string("notexistent"))
     end
     it "returns false when any scope is not included" do
-      expect(subject.has_scopes?(described_class.from_string("public nope"))).to be_falsey
+      expect(subject).not_to have_scopes(described_class.from_string("public nope"))
     end
     it "is false if no scopes are included even for existing ones" do
-      expect(subject.has_scopes?(described_class.from_string("public admin notexistent"))).to be_falsey
+      expect(subject).not_to have_scopes(described_class.from_string("public admin notexistent"))
     end
   end
 end

data/spec/lib/oauth/token_request_spec.rb CHANGED

@@ -2,7 +2,11 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::TokenRequest do
+RSpec.describe Doorkeeper::OAuth::TokenRequest do
+  subject do
+    described_class.new(pre_auth, owner)
+  end
   let :application do
     FactoryBot.create(:application, scopes: "public")
   end
@@ -29,10 +33,6 @@ describe Doorkeeper::OAuth::TokenRequest do
     FactoryBot.create(:doorkeeper_testing_user)
   end
-  subject do
-    described_class.new(pre_auth, owner)
-  end
   it "creates an access token" do
     expect do
       subject.authorize
@@ -61,7 +61,7 @@ describe Doorkeeper::OAuth::TokenRequest do
         end
       end
-      it "should use the custom ttl" do
+      it "uses the custom ttl" do
         subject.authorize
         token = Doorkeeper::AccessToken.first
         expect(token.expires_in).to eq(1234)
@@ -79,7 +79,7 @@ describe Doorkeeper::OAuth::TokenRequest do
         end
       end
-      it "should fallback to access_token_expires_in" do
+      it "fallbacks to access_token_expires_in" do
         subject.authorize
         token = Doorkeeper::AccessToken.first
         expect(token.expires_in).to eq(654)
@@ -97,7 +97,7 @@ describe Doorkeeper::OAuth::TokenRequest do
         end
       end
-      it "should fallback to access_token_expires_in" do
+      it "fallbacks to access_token_expires_in" do
         subject.authorize
         token = Doorkeeper::AccessToken.first
         expect(token.expires_in).to be_nil
@@ -105,7 +105,7 @@ describe Doorkeeper::OAuth::TokenRequest do
     end
   end
-  context "token reuse" do
+  context "when reuse_access_token enabled" do
     it "creates a new token if there are no matching tokens" do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
       expect do

data/spec/lib/oauth/token_response_spec.rb CHANGED

@@ -2,7 +2,7 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::TokenResponse do
+RSpec.describe Doorkeeper::OAuth::TokenResponse do
   subject { described_class.new(double.as_null_object) }
   it "includes access token response headers" do
@@ -16,6 +16,8 @@ describe Doorkeeper::OAuth::TokenResponse do
   end
   describe ".body" do
+    subject { described_class.new(access_token).body }
     let(:access_token) do
       double :access_token,
              plaintext_token: "some-token",
@@ -27,8 +29,6 @@ describe Doorkeeper::OAuth::TokenResponse do
              created_at: 0
     end
-    subject { described_class.new(access_token).body }
     it "includes :access_token" do
       expect(subject["access_token"]).to eq("some-token")
     end
@@ -57,6 +57,8 @@ describe Doorkeeper::OAuth::TokenResponse do
   end
   describe ".body filters out empty values" do
+    subject { described_class.new(access_token).body }
     let(:access_token) do
       double :access_token,
              plaintext_token: "some-token",
@@ -67,8 +69,6 @@ describe Doorkeeper::OAuth::TokenResponse do
              created_at: 0
     end
-    subject { described_class.new(access_token).body }
     it "includes :expires_in" do
       expect(subject["expires_in"]).to be_nil
     end

data/spec/lib/oauth/token_spec.rb CHANGED

@@ -9,7 +9,7 @@ module Doorkeeper
   end
 end
-describe Doorkeeper::OAuth::Token do
+RSpec.describe Doorkeeper::OAuth::Token do
   describe ".from_request" do
     let(:request) { double.as_null_object }
@@ -96,8 +96,8 @@ describe Doorkeeper::OAuth::Token do
   end
   describe ".authenticate" do
-    context "refresh tokens are disabled (default)" do
-      context "refresh tokens are enabled" do
+    context "when refresh tokens are disabled (default)" do
+      context "when refresh tokens are enabled" do
         it "does not revoke previous refresh_token if token was found" do
           token = ->(_r) { "token" }
           expect(
@@ -115,7 +115,7 @@ describe Doorkeeper::OAuth::Token do
       end
     end
-    context "token hashing is enabled" do
+    context "when token hashing is enabled" do
       include_context "with token hashing enabled"
       let(:hashed_token) { hashed_or_plain_token_func.call("token") }
@@ -129,7 +129,7 @@ describe Doorkeeper::OAuth::Token do
       end
     end
-    context "refresh tokens are enabled" do
+    context "when refresh tokens are enabled" do
       before do
         Doorkeeper.configure do
           orm DOORKEEPER_ORM