RubyGems - doorkeeper-mongodb - Versions diffs - 5.2.1 → 5.2.3 - Mend

doorkeeper-mongodb 5.2.1 → 5.2.3

Files changed (177) hide show

data/spec/lib/oauth/client_credentials/issuer_spec.rb CHANGED Viewed

@@ -2,110 +2,108 @@
 require "spec_helper"
-class Doorkeeper::OAuth::ClientCredentialsRequest
-  describe Issuer do
-    let(:creator) { double :access_token_creator }
-    let(:server) do
-      double(
-        :server,
-        access_token_expires_in: 100,
-      )
+RSpec.describe Doorkeeper::OAuth::ClientCredentials::Issuer do
+  subject { described_class.new(server, validator) }
+  let(:creator) { double :access_token_creator }
+  let(:server) do
+    double(
+      :server,
+      access_token_expires_in: 100,
+    )
+  end
+  let(:validator) { double :validator, valid?: true }
+  before do
+    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
+  end
+  describe "#create" do
+    let(:client) { double :client, id: "some-id" }
+    let(:scopes) { "some scope" }
+    it "creates and sets the token" do
+      expect(creator).to receive(:call).and_return("token")
+      subject.create client, scopes, creator
+      expect(subject.token).to eq("token")
     end
-    let(:validator) { double :validator, valid?: true }
-    before do
-      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
+    it "creates with correct token parameters" do
+      expect(creator).to receive(:call).with(
+        client,
+        scopes,
+        expires_in: 100,
+        use_refresh_token: false,
+      )
+      subject.create client, scopes, creator
     end
-    subject { Issuer.new(server, validator) }
+    it "has error set to :server_error if creator fails" do
+      expect(creator).to receive(:call).and_return(false)
+      subject.create client, scopes, creator
+      expect(subject.error).to eq(:server_error)
+    end
-    describe :create do
-      let(:client) { double :client, id: "some-id" }
-      let(:scopes) { "some scope" }
+    context "when validator fails" do
+      before do
+        allow(validator).to receive(:valid?).and_return(false)
+        allow(validator).to receive(:error).and_return(:validation_error)
+      end
-      it "creates and sets the token" do
-        expect(creator).to receive(:call).and_return("token")
+      it "has error set from validator" do
+        expect(creator).not_to receive(:create)
         subject.create client, scopes, creator
+        expect(subject.error).to eq(:validation_error)
+      end
+      it "returns false" do
+        expect(subject.create(client, scopes, creator)).to be_falsey
+      end
+    end
+    context "with custom expiration" do
+      let(:custom_ttl_grant) { 1234 }
+      let(:custom_ttl_scope) { 1235 }
+      let(:custom_scope) { "special" }
+      let(:server) do
+        double(
+          :server,
+          custom_access_token_expires_in: lambda { |context|
+            # scopes is normally an object but is a string in this test
+            if context.scopes == custom_scope
+              custom_ttl_scope
+            elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
+              custom_ttl_grant
+            end
+          },
+        )
+      end
-        expect(subject.token).to eq("token")
+      before do
+        allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
       end
-      it "creates with correct token parameters" do
+      it "respects grant based rules" do
         expect(creator).to receive(:call).with(
           client,
           scopes,
-          expires_in: 100,
+          expires_in: custom_ttl_grant,
           use_refresh_token: false,
         )
         subject.create client, scopes, creator
       end
-      it "has error set to :server_error if creator fails" do
-        expect(creator).to receive(:call).and_return(false)
-        subject.create client, scopes, creator
-        expect(subject.error).to eq(:server_error)
-      end
-      context "when validator fails" do
-        before do
-          allow(validator).to receive(:valid?).and_return(false)
-          allow(validator).to receive(:error).and_return(:validation_error)
-          expect(creator).not_to receive(:create)
-        end
-        it "has error set from validator" do
-          subject.create client, scopes, creator
-          expect(subject.error).to eq(:validation_error)
-        end
-        it "returns false" do
-          expect(subject.create(client, scopes, creator)).to be_falsey
-        end
-      end
-      context "with custom expiration" do
-        let(:custom_ttl_grant) { 1234 }
-        let(:custom_ttl_scope) { 1235 }
-        let(:custom_scope) { "special" }
-        let(:server) do
-          double(
-            :server,
-            custom_access_token_expires_in: lambda { |context|
-              # scopes is normally an object but is a string in this test
-              if context.scopes == custom_scope
-                custom_ttl_scope
-              elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
-                custom_ttl_grant
-              end
-            },
-          )
-        end
-        before do
-          allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-        end
-        it "respects grant based rules" do
-          expect(creator).to receive(:call).with(
-            client,
-            scopes,
-            expires_in: custom_ttl_grant,
-            use_refresh_token: false,
-          )
-          subject.create client, scopes, creator
-        end
-        it "respects scope based rules" do
-          expect(creator).to receive(:call).with(
-            client,
-            custom_scope,
-            expires_in: custom_ttl_scope,
-            use_refresh_token: false,
-          )
-          subject.create client, custom_scope, creator
-        end
+      it "respects scope based rules" do
+        expect(creator).to receive(:call).with(
+          client,
+          custom_scope,
+          expires_in: custom_ttl_scope,
+          use_refresh_token: false,
+        )
+        subject.create client, custom_scope, creator
       end
     end
   end

data/spec/lib/oauth/client_credentials/validation_spec.rb CHANGED Viewed

@@ -2,58 +2,91 @@
 require "spec_helper"
-class Doorkeeper::OAuth::ClientCredentialsRequest
-  describe Validator do
-    let(:server)      { double :server, scopes: nil }
-    let(:application) { double scopes: nil }
-    let(:client)      { double application: application }
-    let(:request)     { double :request, client: client, scopes: nil }
+RSpec.describe Doorkeeper::OAuth::ClientCredentials::Validator do
+  subject { described_class.new(server, request) }
-    subject { described_class.new(server, request) }
+  let(:server)      { double :server, scopes: nil }
+  let(:application) { double scopes: nil }
+  let(:client)      { double application: application }
+  let(:request)     { double :request, client: client, scopes: nil }
-    it "is valid with valid request" do
-      expect(subject).to be_valid
+  it "is valid with valid request" do
+    expect(subject).to be_valid
+  end
+  it "is invalid when client is not present" do
+    allow(request).to receive(:client).and_return(nil)
+    expect(subject).not_to be_valid
+  end
+  context "when a grant flow check is configured" do
+    let(:callback) { double("callback") }
+    before do
+      allow(Doorkeeper.config).to receive(:option_defined?).with(:allow_grant_flow_for_client).and_return(true)
+      allow(Doorkeeper.config).to receive(:allow_grant_flow_for_client).and_return(callback)
+    end
+    context "when the callback rejects the grant flow" do
+      let(:callback_response) { false }
+      it "is invalid" do
+        expect(callback).to receive(:call).twice.with(
+          Doorkeeper::OAuth::CLIENT_CREDENTIALS,
+          application,
+        ).and_return(callback_response)
+        expect(subject).not_to be_valid
+      end
     end
-    it "is invalid when client is not present" do
-      allow(request).to receive(:client).and_return(nil)
+    context "when the callback allows the grant flow" do
+      let(:callback_response) { true }
+      it "is invalid" do
+        expect(callback).to receive(:call).twice.with(
+          Doorkeeper::OAuth::CLIENT_CREDENTIALS,
+          application,
+        ).and_return(callback_response)
+        expect(subject).to be_valid
+      end
+    end
+  end
+  context "with scopes" do
+    it "is invalid when scopes are not included in the server" do
+      server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
+      allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
+      allow(server).to receive(:scopes).and_return(server_scopes)
+      allow(request).to receive(:scopes).and_return(
+        Doorkeeper::OAuth::Scopes.from_string("invalid"),
+      )
       expect(subject).not_to be_valid
     end
-    context "with scopes" do
-      it "is invalid when scopes are not included in the server" do
-        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
+    context "with application scopes" do
+      it "is valid when scopes are included in the application" do
+        application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
+        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
+        allow(application).to receive(:scopes).and_return(application_scopes)
+        allow(server).to receive(:scopes).and_return(server_scopes)
+        allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
+        allow(request).to receive(:scopes).and_return(application_scopes)
+        expect(subject).to be_valid
+      end
+      it "is invalid when scopes are not included in the application" do
+        application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
+        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
+        allow(application).to receive(:scopes).and_return(application_scopes)
         allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
         allow(server).to receive(:scopes).and_return(server_scopes)
         allow(request).to receive(:scopes).and_return(
-          Doorkeeper::OAuth::Scopes.from_string("invalid"),
+          Doorkeeper::OAuth::Scopes.from_string("email"),
         )
         expect(subject).not_to be_valid
       end
-      context "with application scopes" do
-        it "is valid when scopes are included in the application" do
-          application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
-          server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
-          allow(application).to receive(:scopes).and_return(application_scopes)
-          allow(server).to receive(:scopes).and_return(server_scopes)
-          allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
-          allow(request).to receive(:scopes).and_return(application_scopes)
-          expect(subject).to be_valid
-        end
-        it "is invalid when scopes are not included in the application" do
-          application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
-          server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
-          allow(application).to receive(:scopes).and_return(application_scopes)
-          allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
-          allow(server).to receive(:scopes).and_return(server_scopes)
-          allow(request).to receive(:scopes).and_return(
-            Doorkeeper::OAuth::Scopes.from_string("email"),
-          )
-          expect(subject).not_to be_valid
-        end
-      end
     end
   end
 end

data/spec/lib/oauth/client_credentials_integration_spec.rb CHANGED Viewed

@@ -2,14 +2,14 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::ClientCredentialsRequest do
+RSpec.describe Doorkeeper::OAuth::ClientCredentialsRequest do
   let(:server) { Doorkeeper.configuration }
   context "with a valid request" do
-    let(:client) { FactoryBot.create :application }
+    let(:client) { Doorkeeper::OAuth::Client.new(FactoryBot.build_stubbed(:application)) }
     it "issues an access token" do
-      request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, {})
+      request = described_class.new(server, client, {})
       expect do
         request.authorize
       end.to change { Doorkeeper::AccessToken.count }.by(1)
@@ -18,10 +18,10 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
   describe "with an invalid request" do
     it "does not issue an access token" do
-      request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, nil, {})
+      request = described_class.new(server, nil, {})
       expect do
         request.authorize
-      end.to_not(change { Doorkeeper::AccessToken.count })
+      end.not_to(change { Doorkeeper::AccessToken.count })
     end
   end
 end

data/spec/lib/oauth/client_credentials_request_spec.rb CHANGED Viewed

@@ -2,7 +2,9 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::ClientCredentialsRequest do
+RSpec.describe Doorkeeper::OAuth::ClientCredentialsRequest do
+  subject { described_class.new(server, client) }
   let(:server) do
     double(
       default_scopes: nil,
@@ -17,11 +19,6 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
   before do
     allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-  end
-  subject { Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client) }
-  before do
     allow(subject).to receive(:issuer).and_return(token_creator)
   end
@@ -35,7 +32,7 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
     expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
   end
-  context "if issue was not created" do
+  context "when issue was not created" do
     before do
       issuer = double create: false, error: :invalid
       allow(subject).to receive(:issuer).and_return(issuer)
@@ -65,7 +62,7 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
     end
     it "issues an access token with requested scopes" do
-      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "email")
+      subject = described_class.new(server, client, scope: "email")
       allow(subject).to receive(:issuer).and_return(token_creator)
       expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
       subject.authorize
@@ -92,14 +89,14 @@ describe Doorkeeper::OAuth::ClientCredentialsRequest do
     end
     it "delegates the error to issuer if no scope was requested" do
-      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client)
+      subject = described_class.new(server, client)
       subject.authorize
       expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
       expect(subject.error).to eq(:invalid_scope)
     end
     it "issues an access token with requested scopes" do
-      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "phone")
+      subject = described_class.new(server, client, scope: "phone")
       subject.authorize
       expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
       expect(subject.response.token.scopes_string).to eq("phone")

data/spec/lib/oauth/client_spec.rb CHANGED Viewed

@@ -2,20 +2,20 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::Client do
-  describe :find do
+RSpec.describe Doorkeeper::OAuth::Client do
+  describe ".find" do
     let(:method) { double }
     it "finds the client via uid" do
       client = double
       expect(method).to receive(:call).with("uid").and_return(client)
-      expect(Doorkeeper::OAuth::Client.find("uid", method))
-        .to be_a(Doorkeeper::OAuth::Client)
+      expect(described_class.find("uid", method))
+        .to be_a(described_class)
     end
     it "returns nil if client was not found" do
       expect(method).to receive(:call).with("uid").and_return(nil)
-      expect(Doorkeeper::OAuth::Client.find("uid", method)).to be_nil
+      expect(described_class.find("uid", method)).to be_nil
     end
   end
@@ -24,15 +24,15 @@ describe Doorkeeper::OAuth::Client do
       credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
       authenticator = double
       expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
-      expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator))
-        .to be_a(Doorkeeper::OAuth::Client)
+      expect(described_class.authenticate(credentials, authenticator))
+        .to be_a(described_class)
     end
     it "returns nil if client was not authenticated" do
       credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
       authenticator = double
       expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
-      expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator)).to be_nil
+      expect(described_class.authenticate(credentials, authenticator)).to be_nil
     end
   end
 end

data/spec/lib/oauth/code_request_spec.rb CHANGED Viewed

@@ -2,7 +2,11 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::CodeRequest do
+RSpec.describe Doorkeeper::OAuth::CodeRequest do
+  subject do
+    described_class.new(pre_auth, owner)
+  end
   let(:pre_auth) do
     server = Doorkeeper.configuration
     allow(server)
@@ -26,10 +30,6 @@ describe Doorkeeper::OAuth::CodeRequest do
   let(:owner) { FactoryBot.create(:resource_owner) }
-  subject do
-    described_class.new(pre_auth, owner)
-  end
   context "when pre_auth is authorized" do
     it "creates an access grant and returns a code response" do
       expect { subject.authorize }.to change { Doorkeeper::AccessGrant.count }.by(1)

data/spec/lib/oauth/code_response_spec.rb CHANGED Viewed

@@ -2,9 +2,11 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::CodeResponse do
+RSpec.describe Doorkeeper::OAuth::CodeResponse do
   describe "#redirect_uri" do
     context "when generating the redirect URI for an implicit grant" do
+      subject { described_class.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
       let :pre_auth do
         double(
           :pre_auth,
@@ -21,13 +23,11 @@ describe Doorkeeper::OAuth::CodeResponse do
       let :auth do
         Doorkeeper::OAuth::Authorization::Token.new(pre_auth, owner).tap do |c|
-          c.issue_token
+          c.issue_token!
           allow(c.token).to receive(:expires_in_seconds).and_return(3600)
         end
       end
-      subject { described_class.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
       it "includes the remaining TTL of the token relative to the time the token was generated" do
         expect(subject).to include("expires_in=3600")
       end

data/spec/lib/oauth/error_response_spec.rb CHANGED Viewed

@@ -2,13 +2,13 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::ErrorResponse do
+RSpec.describe Doorkeeper::OAuth::ErrorResponse do
   describe "#status" do
-    it "should have a status of bad_request" do
+    it "has a status of bad_request" do
       expect(subject.status).to eq(:bad_request)
     end
-    it "should have a status of unauthorized for an invalid_client error" do
+    it "has a status of unauthorized for an invalid_client error" do
       subject = described_class.new(name: :invalid_client)
       expect(subject.status).to eq(:unauthorized)
@@ -48,15 +48,16 @@ describe Doorkeeper::OAuth::ErrorResponse do
   end
   describe ".headers" do
-    let(:error_response) { described_class.new(name: :some_error, state: :some_state) }
     subject { error_response.headers }
+    let(:error_response) { described_class.new(name: :some_error, state: :some_state) }
     it { expect(subject).to include "WWW-Authenticate" }
     describe "WWW-Authenticate header" do
       subject { error_response.headers["WWW-Authenticate"] }
-      it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
+      it { expect(subject).to include("realm=\"#{error_response.send(:realm)}\"") }
       it { expect(subject).to include("error=\"#{error_response.name}\"") }
       it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
     end

data/spec/lib/oauth/error_spec.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::Error do
+RSpec.describe Doorkeeper::OAuth::Error do
   subject(:error) { described_class.new(:some_error, :some_state) }
   it { expect(subject).to respond_to(:name) }

data/spec/lib/oauth/forbidden_token_response_spec.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 require "spec_helper"
-describe Doorkeeper::OAuth::ForbiddenTokenResponse do
+RSpec.describe Doorkeeper::OAuth::ForbiddenTokenResponse do
   describe "#name" do
     it { expect(subject.name).to eq(:invalid_scope) }
   end
@@ -12,7 +12,7 @@ describe Doorkeeper::OAuth::ForbiddenTokenResponse do
   end
   describe ".from_scopes" do
-    it "should have a list of acceptable scopes" do
+    it "have a list of acceptable scopes" do
       response = described_class.from_scopes(["public"])
       expect(response.description).to include("public")
     end