doorkeeper-mongodb 5.2.1 → 5.2.2

data/spec/lib/option_spec.rb

@@ -2,7 +2,7 @@
 
 require "spec_helper"
 
-describe Doorkeeper, "configuration option DSL" do
+RSpec.describe Doorkeeper::Config::Option do
   class Extension
     def self.configure(&block)
       @config = Config::Builder.new(Config.new, &block).build

data/spec/lib/request/strategy_spec.rb

@@ -2,53 +2,50 @@
 
 require "spec_helper"
 
-module Doorkeeper
-  module Request
-    describe Strategy do
-      let(:server) { double }
-      subject(:strategy) { Strategy.new(server) }
-
-      describe :initialize do
-        it "sets the server attribute" do
-          expect(strategy.server).to eq server
-        end
-      end
-
-      describe :request do
-        it "requires an implementation" do
-          expect { strategy.request }.to raise_exception NotImplementedError
-        end
-      end
+RSpec.describe Doorkeeper::Request::Strategy do
+  subject(:strategy) { described_class.new(server) }
 
-      describe "a sample Strategy subclass" do
-        let(:fake_request) { double }
+  let(:server) { double }
 
-        let(:strategy_class) do
-          subclass = Class.new(Strategy) do
-            class << self
-              attr_accessor :fake_request
-            end
+  describe "#initialize" do
+    it "sets the server attribute" do
+      expect(strategy.server).to eq server
+    end
+  end
 
-            def request
-              self.class.fake_request
-            end
-          end
+  describe "#request" do
+    it "requires an implementation" do
+      expect { strategy.request }.to raise_exception NotImplementedError
+    end
+  end
 
-          subclass.fake_request = fake_request
-          subclass
-        end
+  describe "a sample Strategy subclass" do
+    subject(:strategy) { strategy_class.new(server) }
 
-        subject(:strategy) { strategy_class.new(server) }
+    let(:fake_request) { double }
 
-        it "provides a request implementation" do
-          expect(strategy.request).to eq fake_request
+    let(:strategy_class) do
+      subclass = Class.new(described_class) do
+        class << self
+          attr_accessor :fake_request
         end
 
-        it "authorizes the request" do
-          expect(fake_request).to receive :authorize
-          strategy.authorize
+        def request
+          self.class.fake_request
         end
       end
+
+      subclass.fake_request = fake_request
+      subclass
+    end
+
+    it "provides a request implementation" do
+      expect(strategy.request).to eq fake_request
+    end
+
+    it "authorizes the request" do
+      expect(fake_request).to receive :authorize
+      strategy.authorize
     end
   end
 end

data/spec/lib/secret_storing/base_spec.rb

@@ -2,10 +2,11 @@
 
 require "spec_helper"
 
-describe ::Doorkeeper::SecretStoring::Base do
-  let(:instance) { double("instance", token: "foo") }
+RSpec.describe ::Doorkeeper::SecretStoring::Base do
   subject { described_class }
 
+  let(:instance) { double("instance", token: "foo") }
+
   describe "#transform_secret" do
     it "raises" do
       expect { subject.transform_secret("foo") }.to raise_error(NotImplementedError)

data/spec/lib/secret_storing/bcrypt_spec.rb

@@ -3,8 +3,9 @@
 require "spec_helper"
 require "bcrypt"
 
-describe ::Doorkeeper::SecretStoring::BCrypt do
+RSpec.describe ::Doorkeeper::SecretStoring::BCrypt do
   subject { described_class }
+
   let(:instance) { double("instance", token: "foo") }
 
   describe "#transform_secret" do

data/spec/lib/secret_storing/plain_spec.rb

@@ -2,8 +2,9 @@
 
 require "spec_helper"
 
-describe ::Doorkeeper::SecretStoring::Plain do
+RSpec.describe ::Doorkeeper::SecretStoring::Plain do
   subject { described_class }
+
   let(:instance) { double("instance", token: "foo") }
 
   describe "#transform_secret" do

data/spec/lib/secret_storing/sha256_hash_spec.rb

@@ -2,8 +2,9 @@
 
 require "spec_helper"
 
-describe ::Doorkeeper::SecretStoring::Sha256Hash do
+RSpec.describe ::Doorkeeper::SecretStoring::Sha256Hash do
   subject { described_class }
+
   let(:instance) { double("instance") }
 
   let(:hash_function) do

data/spec/models/doorkeeper/access_grant_spec.rb

@@ -2,11 +2,7 @@
 
 require "spec_helper"
 
-describe Doorkeeper::AccessGrant do
-  let(:resource_owner) { FactoryBot.create(:resource_owner) }
-  let(:client) { FactoryBot.build_stubbed(:application) }
-  let(:clazz) { Doorkeeper::AccessGrant }
-
+RSpec.describe Doorkeeper::AccessGrant do
   subject do
     FactoryBot.build(
       :access_grant,
@@ -16,6 +12,10 @@ describe Doorkeeper::AccessGrant do
     )
   end
 
+  let(:resource_owner) { FactoryBot.create(:resource_owner) }
+  let(:client) { FactoryBot.build_stubbed(:application) }
+  let(:clazz) { described_class }
+
   it { expect(subject).to be_valid }
 
   it_behaves_like "an accessible token"
@@ -31,6 +31,7 @@ describe Doorkeeper::AccessGrant do
                         resource_owner_id: resource_owner.id,
                         resource_owner_type: resource_owner.class.name
     end
+
     include_context "with token hashing enabled"
 
     it "holds a volatile plaintext token when created" do
@@ -143,10 +144,7 @@ describe Doorkeeper::AccessGrant do
       FactoryBot.create :access_grant, default_attributes
 
       described_class.revoke_all_for(application.id, resource_owner)
-
-      described_class.all.each do |token|
-        expect(token).to be_revoked
-      end
+      expect(described_class.all).to all(be_revoked)
     end
 
     it "matches application" do

data/spec/models/doorkeeper/access_token_spec.rb

@@ -27,6 +27,7 @@ RSpec.describe Doorkeeper::AccessToken do
 
     context "with hashing enabled" do
       let(:token) { FactoryBot.create :access_token }
+
       include_context "with token hashing enabled"
 
       it "holds a volatile plaintext token when created" do
@@ -385,14 +386,15 @@ RSpec.describe Doorkeeper::AccessToken do
       end
       let(:access_token1) { FactoryBot.create :access_token, default_attributes }
 
-      context "the second token has the same owner and same app" do
+      context "when the second token has the same owner and same app" do
         let(:access_token2) { FactoryBot.create :access_token, default_attributes }
+
         it "success" do
-          expect(access_token1.same_credential?(access_token2)).to be_truthy
+          expect(access_token1).to be_same_credential(access_token2)
         end
       end
 
-      context "the second token has same owner and different app" do
+      context "when the second token has same owner and different app" do
         let(:other_application) { FactoryBot.create :application }
         let(:access_token2) do
           FactoryBot.create :access_token,
@@ -401,12 +403,12 @@ RSpec.describe Doorkeeper::AccessToken do
                             resource_owner_type: resource_owner.class.name
         end
 
-        it "fail" do
-          expect(access_token1.same_credential?(access_token2)).to be_falsey
+        it "fails" do
+          expect(access_token1).not_to be_same_credential(access_token2)
         end
       end
 
-      context "the second token has different owner and different app" do
+      context "when the second token has different owner and different app" do
         let(:other_application) { FactoryBot.create :application }
         let(:access_token2) do
           FactoryBot.create :access_token,
@@ -414,50 +416,50 @@ RSpec.describe Doorkeeper::AccessToken do
                             resource_owner_id: resource_owner.id + 1
         end
 
-        it "fail" do
-          expect(access_token1.same_credential?(access_token2)).to be_falsey
+        it "fails" do
+          expect(access_token1).not_to be_same_credential(access_token2)
         end
       end
 
-      context "the second token has different owner and same app" do
+      context "when the second token has different owner and same app" do
         let(:access_token2) do
           FactoryBot.create :access_token,
                             application: application,
                             resource_owner_id: resource_owner.id + 1
         end
 
-        it "fail" do
-          expect(access_token1.same_credential?(access_token2)).to be_falsey
+        it "fails" do
+          expect(access_token1).not_to be_same_credential(access_token2)
         end
       end
     end
   end
 
   describe "#acceptable?" do
-    context "a token that is not accessible" do
+    context "when token is not accessible" do
       let(:token) { FactoryBot.create(:access_token, created_at: 6.hours.ago) }
 
-      it "should return false" do
+      it "returns false" do
         expect(token.acceptable?(nil)).to be false
       end
     end
 
-    context "a token that has the incorrect scopes" do
+    context "when token has the incorrect scopes" do
       let(:token) { FactoryBot.create(:access_token) }
 
-      it "should return false" do
+      it "returns false" do
         expect(token.acceptable?(["public"])).to be false
       end
     end
 
-    context "a token is acceptable with the correct scopes" do
+    context "when token is acceptable with the correct scopes" do
       let(:token) do
         token = FactoryBot.create(:access_token)
         token[:scopes] = "public"
         token
       end
 
-      it "should return true" do
+      it "returns true" do
         expect(token.acceptable?(["public"])).to be true
       end
     end
@@ -477,9 +479,7 @@ RSpec.describe Doorkeeper::AccessToken do
     it "revokes all tokens for given application and resource owner" do
       FactoryBot.create :access_token, default_attributes
       described_class.revoke_all_for application.id, resource_owner
-      described_class.all.each do |token|
-        expect(token).to be_revoked
-      end
+      expect(described_class.all).to all(be_revoked)
     end
 
     it "matches application" do
@@ -529,12 +529,6 @@ RSpec.describe Doorkeeper::AccessToken do
       expect(last_token).to eq(token)
     end
 
-    it "accepts resource owner as object" do
-      token = FactoryBot.create :access_token, default_attributes
-      last_token = described_class.matching_token_for(application, resource_owner, scopes)
-      expect(last_token).to eq(token)
-    end
-
     it "accepts nil as resource owner" do
       token = FactoryBot.create :access_token,
                                 default_attributes.merge(resource_owner_id: nil, resource_owner_type: nil)

data/spec/models/doorkeeper/application_spec.rb

@@ -3,7 +3,7 @@
 require "spec_helper"
 require "bcrypt"
 
-describe Doorkeeper::Application do
+RSpec.describe Doorkeeper::Application do
   let(:require_owner) { Doorkeeper.config.instance_variable_set("@confirm_application_owner", true) }
   let(:unset_require_owner) { Doorkeeper.config.instance_variable_set("@confirm_application_owner", false) }
   let(:new_application) { FactoryBot.build(:application) }
@@ -83,7 +83,7 @@ describe Doorkeeper::Application do
     expect(new_application).not_to be_valid
   end
 
-  context "application_owner is enabled" do
+  context "when application_owner is enabled" do
     before do
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
@@ -91,8 +91,8 @@ describe Doorkeeper::Application do
       end
     end
 
-    context "application owner is not required" do
-      before(:each) do
+    context "when application owner is not required" do
+      before do
         unset_require_owner
       end
 
@@ -101,8 +101,8 @@ describe Doorkeeper::Application do
       end
     end
 
-    context "application owner is required" do
-      before(:each) do
+    context "when application owner is required" do
+      before do
         require_owner
         @owner = FactoryBot.build_stubbed(:doorkeeper_testing_user)
       end
@@ -118,10 +118,11 @@ describe Doorkeeper::Application do
     end
   end
 
-  context "redirect URI" do
+  describe "redirect URI" do
     context "when grant flows allow blank redirect URI" do
       before do
         Doorkeeper.configure do
+          orm DOORKEEPER_ORM
           grant_flows %w[password client_credentials]
         end
       end
@@ -136,6 +137,7 @@ describe Doorkeeper::Application do
     context "when grant flows require redirect URI" do
       before do
         Doorkeeper.configure do
+          orm DOORKEEPER_ORM
           grant_flows %w[password client_credentials authorization_code]
         end
       end
@@ -150,6 +152,7 @@ describe Doorkeeper::Application do
     context "when blank URI option disabled" do
       before do
         Doorkeeper.configure do
+          orm DOORKEEPER_ORM
           grant_flows %w[password client_credentials]
           allow_blank_redirect_uri false
         end
@@ -179,6 +182,7 @@ describe Doorkeeper::Application do
       # will always be true
       before do
         Doorkeeper.configure do
+          orm DOORKEEPER_ORM
           hash_application_secrets using: "Doorkeeper::SecretStoring::BCrypt"
         end
       end
@@ -218,13 +222,13 @@ describe Doorkeeper::Application do
   end
 
   describe "destroy related models on cascade" do
-    before(:each) do
+    before do
       new_application.save
     end
 
     let(:resource_owner) { FactoryBot.create(:resource_owner) }
 
-    it "should destroy its access grants" do
+    it "destroys its access grants" do
       FactoryBot.create(
         :access_grant,
         application: new_application,
@@ -235,7 +239,7 @@ describe Doorkeeper::Application do
       expect { new_application.destroy }.to change { Doorkeeper::AccessGrant.count }.by(-1)
     end
 
-    it "should destroy its access tokens" do
+    it "destroys its access tokens" do
       FactoryBot.create(:access_token, application: new_application)
       FactoryBot.create(:access_token, application: new_application, revoked_at: Time.now.utc)
       expect do
@@ -264,13 +268,14 @@ describe Doorkeeper::Application do
 
   describe "#redirect_uri=" do
     context "when array of valid redirect_uris" do
-      it "should join by newline" do
+      it "joins by newline" do
         new_application.redirect_uri = ["http://localhost/callback1", "http://localhost/callback2"]
         expect(new_application.redirect_uri).to eq("http://localhost/callback1\nhttp://localhost/callback2")
       end
     end
+
     context "when string of valid redirect_uris" do
-      it "should store as-is" do
+      it "stores as-is" do
         new_application.redirect_uri = "http://localhost/callback1\nhttp://localhost/callback2"
         expect(new_application.redirect_uri).to eq("http://localhost/callback1\nhttp://localhost/callback2")
       end
@@ -280,7 +285,7 @@ describe Doorkeeper::Application do
   describe "#renew_secret" do
     let(:app) { FactoryBot.create :application }
 
-    it "should generate a new secret" do
+    it "generates a new secret" do
       old_secret = app.secret
       app.renew_secret
       expect(old_secret).not_to eq(app.secret)
@@ -372,8 +377,9 @@ describe Doorkeeper::Application do
         authenticated = described_class.by_uid_and_secret(app.uid, app.secret)
         expect(authenticated).to eq(app)
       end
+
       context "when secret is wrong" do
-        it "should not find the application" do
+        it "does not find the application" do
           app = FactoryBot.create :application
           authenticated = described_class.by_uid_and_secret(app.uid, "bad")
           expect(authenticated).to eq(nil)
@@ -383,14 +389,15 @@ describe Doorkeeper::Application do
 
     context "when application is public/non-confidential" do
       context "when secret is blank" do
-        it "should find the application" do
+        it "finds the application" do
           app = FactoryBot.create :application, confidential: false
           authenticated = described_class.by_uid_and_secret(app.uid, nil)
           expect(authenticated).to eq(app)
         end
       end
+
       context "when secret is wrong" do
-        it "should not find the application" do
+        it "does not find the application" do
           app = FactoryBot.create :application, confidential: false
           authenticated = described_class.by_uid_and_secret(app.uid, "bad")
           expect(authenticated).to eq(nil)
@@ -404,11 +411,13 @@ describe Doorkeeper::Application do
 
     context "when application is private/confidential" do
       let(:confidential) { true }
+
       it { expect(subject).to eq(true) }
     end
 
     context "when application is public/non-confidential" do
       let(:confidential) { false }
+
       it { expect(subject).to eq(false) }
     end
   end
@@ -421,16 +430,7 @@ describe Doorkeeper::Application do
         .to receive(:application_secret_strategy).and_return(Doorkeeper::SecretStoring::Plain)
     end
 
-    it "includes plaintext secret" do
-      expect(app.as_json).to include("secret" => "123123123")
-    end
-
-    it "respects custom options" do
-      expect(app.as_json(except: :secret)).not_to include("secret")
-      expect(app.as_json(only: :id)).to match("id" => app.id)
-    end
-
-    # AR specific
+    # AR specific feature
     if DOORKEEPER_ORM == :active_record
       it "correctly works with #to_json" do
         ActiveRecord::Base.include_root_in_json = true
@@ -438,5 +438,62 @@ describe Doorkeeper::Application do
         ActiveRecord::Base.include_root_in_json = false
       end
     end
+
+    context "when called without authorized resource owner" do
+      it "includes minimal set of attributes" do
+        expect(app.as_json).to match(
+          "id" => app.id,
+          "name" => app.name,
+          "created_at" => anything,
+        )
+      end
+
+      it "includes application UID if it's public" do
+        app = FactoryBot.create :application, secret: "123123123", confidential: false
+
+        expect(app.as_json).to match(
+          "id" => app.id,
+          "name" => app.name,
+          "created_at" => anything,
+          "uid" => app.uid,
+        )
+      end
+
+      it "respects custom options" do
+        expect(app.as_json(except: :id)).not_to include("id")
+        expect(app.as_json(only: %i[name created_at secret]))
+          .to match(
+            "name" => app.name,
+            "created_at" => anything,
+          )
+      end
+    end
+
+    context "when called with authorized resource owner" do
+      let(:owner) { FactoryBot.create(:doorkeeper_testing_user) }
+      let(:other_owner) { FactoryBot.create(:doorkeeper_testing_user) }
+      let(:app) { FactoryBot.create(:application, secret: "123123123", owner: owner) }
+
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          enable_application_owner confirmation: false
+        end
+      end
+
+      it "includes all the attributes" do
+        expect(app.as_json(current_resource_owner: owner))
+          .to include(
+            "secret" => "123123123",
+            "redirect_uri" => app.redirect_uri,
+            "uid" => app.uid,
+          )
+      end
+
+      it "doesn't include unsafe attributes if current owner isn't the same as owner" do
+        expect(app.as_json(current_resource_owner: other_owner))
+          .not_to include("redirect_uri")
+      end
+    end
   end
 end