doorkeeper-mongodb 5.2.1 → 5.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +12 -27
- data/lib/doorkeeper/orm/concerns/mongoid/ownership.rb +1 -1
- data/lib/doorkeeper/orm/concerns/mongoid/resource_ownerable.rb +1 -1
- data/lib/doorkeeper/orm/mongoid4.rb +18 -0
- data/lib/doorkeeper/orm/mongoid5.rb +18 -0
- data/lib/doorkeeper/orm/mongoid6.rb +18 -0
- data/lib/doorkeeper/orm/mongoid7.rb +18 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb +7 -6
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb +8 -5
- data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb +82 -5
- data/lib/doorkeeper-mongodb/mixins/mongoid/base_mixin.rb +0 -8
- data/lib/doorkeeper-mongodb/mixins/mongoid/json_serializable.rb +17 -0
- data/lib/doorkeeper-mongodb/version.rb +1 -1
- data/lib/doorkeeper-mongodb.rb +1 -0
- data/spec/controllers/application_metal_controller_spec.rb +4 -4
- data/spec/controllers/applications_controller_spec.rb +198 -202
- data/spec/controllers/authorizations_controller_spec.rb +32 -31
- data/spec/controllers/protected_resources_controller_spec.rb +10 -10
- data/spec/controllers/token_info_controller_spec.rb +1 -1
- data/spec/controllers/tokens_controller_spec.rb +105 -62
- data/spec/doorkeeper/redirect_uri_validator_spec.rb +183 -0
- data/spec/{lib → doorkeeper}/server_spec.rb +5 -4
- data/spec/{lib → doorkeeper}/stale_records_cleaner_spec.rb +8 -7
- data/spec/{version → doorkeeper}/version_spec.rb +3 -3
- data/spec/dummy/app/assets/config/manifest.js +0 -0
- data/spec/dummy/app/controllers/application_controller.rb +0 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -0
- data/spec/dummy/app/controllers/home_controller.rb +0 -0
- data/spec/dummy/app/controllers/metal_controller.rb +0 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -0
- data/spec/dummy/app/helpers/application_helper.rb +0 -0
- data/spec/dummy/app/models/user.rb +0 -1
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -0
- data/spec/dummy/config/application.rb +0 -0
- data/spec/dummy/config/boot.rb +0 -0
- data/spec/dummy/config/database.yml +0 -0
- data/spec/dummy/config/environment.rb +0 -0
- data/spec/dummy/config/environments/development.rb +0 -0
- data/spec/dummy/config/environments/production.rb +0 -0
- data/spec/dummy/config/environments/test.rb +0 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -0
- data/spec/dummy/config/initializers/secret_token.rb +0 -0
- data/spec/dummy/config/initializers/session_store.rb +0 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -0
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -0
- data/spec/dummy/config/mongo.yml +2 -2
- data/spec/dummy/config/routes.rb +0 -0
- data/spec/dummy/config.ru +0 -0
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -0
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -0
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -0
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -0
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -0
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -0
- data/spec/dummy/db/schema.rb +0 -0
- data/spec/dummy/public/404.html +0 -0
- data/spec/dummy/public/422.html +0 -0
- data/spec/dummy/public/500.html +0 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/-o/-ofn45zIfO5vx4VD6m6NXesLf6da5usA-Sbw2SVju3o.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/0_/0_ouGcG_o_1zmVmBe-tdQYk594LBwVa1bumjrKtdfEw.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/2X/2XMMcHbyTSRqh1GkV0xzyIETNtt-zgN6iniziShaKmQ.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/4Q/4QQw-pMQ98JIj3xdcFhGBQdysdGPY9rWffRqWMmyjew.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/7H/7HjRsym0tTpXFCVhWt6kteMs_-CozKVbr9s5syHm8es.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/8B/8BxJyv22HPFHu1se_l2J8qW1N9NzZ16UOWOy1YMSgs4.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/8D/8DJG7JfPvShfLLyeSom6NZ_TcQc6QH27tJ7prEWZPfI.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/9x/9xjtGv-yKjj62x9uFwBZg8pTSh9ERPAgANwNo9uwIaA.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Bt/BtXO7f0PZ8DNt3TMLYM-zY7LkbWa_KgyB0v1V98M1CQ.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/E0/E02f1Q2tutWumMulGCFNfqQNjvEP_hMAK_5E83eWepI.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/EZ/EZGpd6pUEJZxO6uT2yIS4Fpn5KX7VDgC9VB3AaemF5Q.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/FJ/FJlQpfMtpRbrM5P8A7d2FAelFKwo6GrVs2xks8z5GKU.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/L8/L8mOWakJlWKr6MU85rj0V7yGFfNyIR6vE6YXtqArPGw.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Lk/LklIq5hrBAPESXVUpFMwQ9L-1qTj90sPVi6U19_Xi-Q.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/MB/MBWRxa9S470ee8suxVKp0jYgv6K6FQOqKGV0kPGQNMs.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Ma/MaK3K1AoZZ4xM5fOOifhROd73hfZJpP4yGbkGdoYtEk.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/PA/PAH_jI20wRw12tngeJ-V619c30avNLDu5U9Z-9Pc5SQ.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Ph/Ph7RtH_NvG2I8XpTa8mA8SBQXZDzBPVIh4CH6g7OXJ0.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{eS/eSL1QMz46gKLM0GR6S9fL6uyARPxOImcappZ9_ZtSyg.cache → Pm/PmheG0PGFqDws1qgFOxOyIL-gpMof3Ar9eSRKVLYuik.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Pn/PnXU_mkG2fLZFm9BwiZ03BZdBTjKuInP-cRXjHS7yJo.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Qs/QsVgO6vM5Yn9oeYTYlrqtyVnK6sdVDWDa083N7zpfHw.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/So/So59ksdx2dw-_A3-zFZ6Palr7fROjm7_0JDZb04temw.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Wt/WtXL_iDofLeTH_v0Yf3PM421r9b1V0g-VBvMPeu9KA0.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/b6/b6QRH6ZdCc0e6bUWu4qni_kZmptaMgWciO8Jl9q6_p8.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/dX/dX6FDdUIy8yBCOoaoXcjf71rX9N_bpiXGJ4Urt32NTk.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/jC/jCTZ1jAldKBn4OTANBBmCKzxLrDgok1ur4meoTqlDNg.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/qT/qTQIQsmS0Wbbg2JxNn9rxdI5qVOTg5SfyQdaTvr9vLo.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/yN/yNOFGOsnHmxXNMkuEAWuL1u3jlmdvrdeoTx6DDJ1in8.cache +0 -0
- data/spec/factories.rb +0 -0
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +23 -12
- data/spec/lib/doorkeeper_spec.rb +4 -4
- data/spec/lib/models/expirable_spec.rb +9 -9
- data/spec/lib/models/reusable_spec.rb +2 -2
- data/spec/lib/models/revocable_spec.rb +4 -7
- data/spec/lib/models/scopes_spec.rb +7 -7
- data/spec/lib/models/secret_storable_spec.rb +9 -8
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +23 -27
- data/spec/lib/oauth/authorization_code_request_spec.rb +6 -6
- data/spec/lib/oauth/base_request_spec.rb +11 -27
- data/spec/lib/oauth/base_response_spec.rb +2 -2
- data/spec/lib/oauth/client/credentials_spec.rb +25 -25
- data/spec/lib/oauth/client_credentials/creator_spec.rb +89 -91
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +84 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +72 -39
- data/spec/lib/oauth/client_credentials_integration_spec.rb +5 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +7 -10
- data/spec/lib/oauth/client_spec.rb +8 -8
- data/spec/lib/oauth/code_request_spec.rb +5 -5
- data/spec/lib/oauth/code_response_spec.rb +4 -4
- data/spec/lib/oauth/error_response_spec.rb +6 -5
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/forbidden_token_response_spec.rb +2 -2
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +37 -37
- data/spec/lib/oauth/helpers/unique_token_spec.rb +2 -2
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +54 -54
- data/spec/lib/oauth/invalid_request_response_spec.rb +6 -6
- data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
- data/spec/lib/oauth/password_access_token_request_spec.rb +10 -9
- data/spec/lib/oauth/pre_authorization_spec.rb +20 -8
- data/spec/lib/oauth/refresh_token_request_spec.rb +10 -10
- data/spec/lib/oauth/scopes_spec.rb +14 -14
- data/spec/lib/oauth/token_request_spec.rb +9 -9
- data/spec/lib/oauth/token_response_spec.rb +5 -5
- data/spec/lib/oauth/token_spec.rb +5 -5
- data/spec/lib/option_spec.rb +1 -1
- data/spec/lib/request/strategy_spec.rb +34 -37
- data/spec/lib/secret_storing/base_spec.rb +3 -2
- data/spec/lib/secret_storing/bcrypt_spec.rb +2 -1
- data/spec/lib/secret_storing/plain_spec.rb +2 -1
- data/spec/lib/secret_storing/sha256_hash_spec.rb +2 -1
- data/spec/models/doorkeeper/access_grant_spec.rb +7 -9
- data/spec/models/doorkeeper/access_token_spec.rb +20 -26
- data/spec/models/doorkeeper/application_spec.rb +83 -26
- data/spec/requests/applications/applications_request_spec.rb +91 -93
- data/spec/requests/applications/authorized_applications_spec.rb +0 -0
- data/spec/requests/endpoints/authorization_spec.rb +1 -1
- data/spec/requests/endpoints/token_spec.rb +22 -16
- data/spec/requests/flows/authorization_code_errors_spec.rb +12 -8
- data/spec/requests/flows/authorization_code_spec.rb +108 -79
- data/spec/requests/flows/client_credentials_spec.rb +57 -45
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -0
- data/spec/requests/flows/implicit_grant_spec.rb +4 -4
- data/spec/requests/flows/password_spec.rb +253 -213
- data/spec/requests/flows/refresh_token_spec.rb +53 -39
- data/spec/requests/flows/revoke_token_spec.rb +24 -24
- data/spec/requests/flows/skip_authorization_spec.rb +1 -1
- data/spec/requests/protected_resources/metal_spec.rb +2 -2
- data/spec/requests/protected_resources/private_api_spec.rb +0 -0
- data/spec/routing/custom_controller_routes_spec.rb +1 -1
- data/spec/routing/default_routes_spec.rb +1 -1
- data/spec/routing/scoped_routes_spec.rb +1 -1
- data/spec/spec_helper.rb +0 -0
- data/spec/spec_helper_integration.rb +0 -0
- data/spec/support/dependencies/factory_bot.rb +0 -0
- data/spec/support/doorkeeper_rspec.rb +0 -0
- data/spec/support/helpers/access_token_request_helper.rb +0 -0
- data/spec/support/helpers/authorization_request_helper.rb +0 -0
- data/spec/support/helpers/config_helper.rb +0 -0
- data/spec/support/helpers/model_helper.rb +0 -0
- data/spec/support/helpers/request_spec_helper.rb +1 -13
- data/spec/support/helpers/url_helper.rb +2 -2
- data/spec/support/orm/active_record.rb +0 -0
- data/spec/support/orm/mongoid4.rb +1 -1
- data/spec/support/orm/mongoid5.rb +1 -1
- data/spec/support/orm/mongoid6.rb +1 -1
- data/spec/support/orm/mongoid7.rb +1 -1
- data/spec/support/shared/controllers_shared_context.rb +5 -38
- data/spec/support/shared/hashing_shared_context.rb +4 -0
- data/spec/support/shared/models_shared_examples.rb +6 -6
- metadata +154 -167
- data/spec/dummy/log/test.log +0 -6108
|
@@ -8,31 +8,31 @@ module Doorkeeper::OAuth::Helpers
|
|
|
8
8
|
|
|
9
9
|
it "is valid if scope is present" do
|
|
10
10
|
server_scopes.add :scope
|
|
11
|
-
expect(
|
|
11
|
+
expect(described_class).to be_valid(scope_str: "scope", server_scopes: server_scopes)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
it "is invalid if includes tabs space" do
|
|
15
|
-
expect(
|
|
15
|
+
expect(described_class).not_to be_valid(scope_str: "\tsomething", server_scopes: server_scopes)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
it "is invalid if scope is not present" do
|
|
19
|
-
expect(
|
|
19
|
+
expect(described_class).not_to be_valid(scope_str: nil, server_scopes: server_scopes)
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
it "is invalid if scope is blank" do
|
|
23
|
-
expect(
|
|
23
|
+
expect(described_class).not_to be_valid(scope_str: " ", server_scopes: server_scopes)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
it "is invalid if includes return space" do
|
|
27
|
-
expect(
|
|
27
|
+
expect(described_class).not_to be_valid(scope_str: "scope\r", server_scopes: server_scopes)
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
it "is invalid if includes new lines" do
|
|
31
|
-
expect(
|
|
31
|
+
expect(described_class).not_to be_valid(scope_str: "scope\nanother", server_scopes: server_scopes)
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
it "is invalid if any scope is not included in server scopes" do
|
|
35
|
-
expect(
|
|
35
|
+
expect(described_class).not_to be_valid(scope_str: "scope another", server_scopes: server_scopes)
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
context "with application_scopes" do
|
|
@@ -44,19 +44,19 @@ module Doorkeeper::OAuth::Helpers
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
it "is valid if scope is included in the application scope list" do
|
|
47
|
-
expect(
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
47
|
+
expect(described_class).to be_valid(
|
|
48
|
+
scope_str: "app123",
|
|
49
|
+
server_scopes: server_scopes,
|
|
50
|
+
app_scopes: application_scopes,
|
|
51
|
+
)
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
it "is invalid if any scope is not included in the application" do
|
|
55
|
-
expect(
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
55
|
+
expect(described_class).not_to be_valid(
|
|
56
|
+
scope_str: "svr",
|
|
57
|
+
server_scopes: server_scopes,
|
|
58
|
+
app_scopes: application_scopes,
|
|
59
|
+
)
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
62
|
|
|
@@ -67,19 +67,19 @@ module Doorkeeper::OAuth::Helpers
|
|
|
67
67
|
|
|
68
68
|
context "with scopes_by_grant_type not configured for grant_type" do
|
|
69
69
|
it "is valid if the scope is in server scopes" do
|
|
70
|
-
expect(
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
70
|
+
expect(described_class).to be_valid(
|
|
71
|
+
scope_str: "scope1",
|
|
72
|
+
server_scopes: server_scopes,
|
|
73
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
74
|
+
)
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
it "is invalid if the scope is not in server scopes" do
|
|
78
|
-
expect(
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
78
|
+
expect(described_class).not_to be_valid(
|
|
79
|
+
scope_str: "unknown",
|
|
80
|
+
server_scopes: server_scopes,
|
|
81
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
82
|
+
)
|
|
83
83
|
end
|
|
84
84
|
end
|
|
85
85
|
|
|
@@ -90,19 +90,19 @@ module Doorkeeper::OAuth::Helpers
|
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
it "is valid if the scope is permitted for grant_type" do
|
|
93
|
-
expect(
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
93
|
+
expect(described_class).to be_valid(
|
|
94
|
+
scope_str: "scope1",
|
|
95
|
+
server_scopes: server_scopes,
|
|
96
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
97
|
+
)
|
|
98
98
|
end
|
|
99
99
|
|
|
100
100
|
it "is invalid if the scope is permitted for grant_type" do
|
|
101
|
-
expect(
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
101
|
+
expect(described_class).not_to be_valid(
|
|
102
|
+
scope_str: "scope2",
|
|
103
|
+
server_scopes: server_scopes,
|
|
104
|
+
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
105
|
+
)
|
|
106
106
|
end
|
|
107
107
|
end
|
|
108
108
|
end
|
|
@@ -9,12 +9,12 @@ module Doorkeeper::OAuth::Helpers
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
it "is able to customize the generator method" do
|
|
12
|
-
token =
|
|
12
|
+
token = described_class.generate(generator: generator)
|
|
13
13
|
expect(token).to eq("a" * 32)
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
it "is able to customize the size of the token" do
|
|
17
|
-
token =
|
|
17
|
+
token = described_class.generate(generator: generator, size: 2)
|
|
18
18
|
expect(token).to eq("aa")
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -7,142 +7,142 @@ module Doorkeeper::OAuth::Helpers
|
|
|
7
7
|
describe ".valid?" do
|
|
8
8
|
it "is valid for valid uris" do
|
|
9
9
|
uri = "http://app.co"
|
|
10
|
-
expect(
|
|
10
|
+
expect(described_class).to be_valid(uri)
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
it "is valid if include path param" do
|
|
14
14
|
uri = "http://app.co/path"
|
|
15
|
-
expect(
|
|
15
|
+
expect(described_class).to be_valid(uri)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
it "is valid if include query param" do
|
|
19
19
|
uri = "http://app.co/?query=1"
|
|
20
|
-
expect(
|
|
20
|
+
expect(described_class).to be_valid(uri)
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
it "is invalid if uri includes fragment" do
|
|
24
24
|
uri = "http://app.co/test#fragment"
|
|
25
|
-
expect(
|
|
25
|
+
expect(described_class).not_to be_valid(uri)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
it "is invalid if scheme is missing" do
|
|
29
29
|
uri = "app.co"
|
|
30
|
-
expect(
|
|
30
|
+
expect(described_class).not_to be_valid(uri)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
it "is invalid if is a relative uri" do
|
|
34
34
|
uri = "/abc/123"
|
|
35
|
-
expect(
|
|
35
|
+
expect(described_class).not_to be_valid(uri)
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
it "is invalid if is not a url" do
|
|
39
39
|
uri = "http://"
|
|
40
|
-
expect(
|
|
40
|
+
expect(described_class).not_to be_valid(uri)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
it "is invalid if localhost is resolved as as scheme (no scheme specified)" do
|
|
44
44
|
uri = "localhost:8080"
|
|
45
|
-
expect(
|
|
45
|
+
expect(described_class).not_to be_valid(uri)
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
it "is invalid if scheme is missing #2" do
|
|
49
49
|
uri = "app.co:80"
|
|
50
|
-
expect(
|
|
50
|
+
expect(described_class).not_to be_valid(uri)
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
it "is invalid if is not an uri" do
|
|
54
54
|
uri = " "
|
|
55
|
-
expect(
|
|
55
|
+
expect(described_class).not_to be_valid(uri)
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
it "is valid for custom schemes" do
|
|
59
59
|
uri = "com.example.app:/test"
|
|
60
|
-
expect(
|
|
60
|
+
expect(described_class).to be_valid(uri)
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
it "is valid for custom schemes with authority marker (common misconfiguration)" do
|
|
64
64
|
uri = "com.example.app://test"
|
|
65
|
-
expect(
|
|
65
|
+
expect(described_class).to be_valid(uri)
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
describe ".matches?" do
|
|
70
70
|
it "is true if both url matches" do
|
|
71
71
|
uri = client_uri = "http://app.co/aaa"
|
|
72
|
-
expect(
|
|
72
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
it "ignores query parameter on
|
|
75
|
+
it "ignores query parameter on comparison" do
|
|
76
76
|
uri = "http://app.co/?query=hello"
|
|
77
77
|
client_uri = "http://app.co"
|
|
78
|
-
expect(
|
|
78
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
it "doesn't allow non-matching domains through" do
|
|
82
82
|
uri = "http://app.abc/?query=hello"
|
|
83
83
|
client_uri = "http://app.co"
|
|
84
|
-
expect(
|
|
84
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
85
85
|
end
|
|
86
86
|
|
|
87
87
|
it "doesn't allow non-matching domains that don't start at the beginning" do
|
|
88
88
|
uri = "http://app.co/?query=hello"
|
|
89
89
|
client_uri = "http://example.com?app.co=test"
|
|
90
|
-
expect(
|
|
90
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
91
91
|
end
|
|
92
92
|
|
|
93
|
-
context "loopback IP redirect URIs" do
|
|
93
|
+
context "when loopback IP redirect URIs" do
|
|
94
94
|
it "ignores port for same URIs" do
|
|
95
95
|
uri = "http://127.0.0.1:5555/auth/callback"
|
|
96
96
|
client_uri = "http://127.0.0.1:48599/auth/callback"
|
|
97
|
-
expect(
|
|
97
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
98
98
|
|
|
99
99
|
uri = "http://[::1]:5555/auth/callback"
|
|
100
100
|
client_uri = "http://[::1]:5555/auth/callback"
|
|
101
|
-
expect(
|
|
101
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
it "doesn't ignore port for URIs with different queries" do
|
|
105
105
|
uri = "http://127.0.0.1:5555/auth/callback"
|
|
106
106
|
client_uri = "http://127.0.0.1:48599/auth/callback2"
|
|
107
|
-
expect(
|
|
107
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
108
108
|
end
|
|
109
109
|
end
|
|
110
110
|
|
|
111
|
-
context "client registered query params" do
|
|
111
|
+
context "when client registered query params" do
|
|
112
112
|
it "doesn't allow query being absent" do
|
|
113
113
|
uri = "http://app.co"
|
|
114
114
|
client_uri = "http://app.co/?vendorId=AJ4L7XXW9"
|
|
115
|
-
expect(
|
|
115
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
116
116
|
end
|
|
117
117
|
|
|
118
118
|
it "is false if query values differ but key same" do
|
|
119
119
|
uri = "http://app.co/?vendorId=pancakes"
|
|
120
120
|
client_uri = "http://app.co/?vendorId=waffles"
|
|
121
|
-
expect(
|
|
121
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
122
122
|
end
|
|
123
123
|
|
|
124
124
|
it "is false if query values same but key differs" do
|
|
125
125
|
uri = "http://app.co/?foo=pancakes"
|
|
126
126
|
client_uri = "http://app.co/?bar=pancakes"
|
|
127
|
-
expect(
|
|
127
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
128
128
|
end
|
|
129
129
|
|
|
130
130
|
it "is false if query present and match, but unknown queries present" do
|
|
131
131
|
uri = "http://app.co/?vendorId=pancakes&unknown=query"
|
|
132
132
|
client_uri = "http://app.co/?vendorId=waffles"
|
|
133
|
-
expect(
|
|
133
|
+
expect(described_class).not_to be_matches(uri, client_uri)
|
|
134
134
|
end
|
|
135
135
|
|
|
136
136
|
it "is true if queries are present and matche" do
|
|
137
137
|
uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
|
|
138
138
|
client_uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
|
|
139
|
-
expect(
|
|
139
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
142
|
it "is true if queries are present, match and in different order" do
|
|
143
143
|
uri = "http://app.co/?bing=bang&foo=bar"
|
|
144
144
|
client_uri = "http://app.co/?foo=bar&bing=bang"
|
|
145
|
-
expect(
|
|
145
|
+
expect(described_class).to be_matches(uri, client_uri)
|
|
146
146
|
end
|
|
147
147
|
end
|
|
148
148
|
end
|
|
@@ -150,112 +150,112 @@ module Doorkeeper::OAuth::Helpers
|
|
|
150
150
|
describe ".valid_for_authorization?" do
|
|
151
151
|
it "is true if valid and matches" do
|
|
152
152
|
uri = client_uri = "http://app.co/aaa"
|
|
153
|
-
expect(
|
|
153
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
154
154
|
|
|
155
155
|
uri = client_uri = "http://app.co/aaa?b=c"
|
|
156
|
-
expect(
|
|
156
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
157
157
|
end
|
|
158
158
|
|
|
159
159
|
it "is true if uri includes blank query" do
|
|
160
160
|
uri = client_uri = "http://app.co/aaa?"
|
|
161
|
-
expect(
|
|
161
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
162
162
|
|
|
163
163
|
uri = "http://app.co/aaa?"
|
|
164
164
|
client_uri = "http://app.co/aaa"
|
|
165
|
-
expect(
|
|
165
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
166
166
|
|
|
167
167
|
uri = "http://app.co/aaa"
|
|
168
168
|
client_uri = "http://app.co/aaa?"
|
|
169
|
-
expect(
|
|
169
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
170
170
|
end
|
|
171
171
|
|
|
172
172
|
it "is false if valid and mismatches" do
|
|
173
173
|
uri = "http://app.co/aaa"
|
|
174
174
|
client_uri = "http://app.co/bbb"
|
|
175
|
-
expect(
|
|
175
|
+
expect(described_class).not_to be_valid_for_authorization(uri, client_uri)
|
|
176
176
|
end
|
|
177
177
|
|
|
178
178
|
it "is true if valid and included in array" do
|
|
179
179
|
uri = "http://app.co/aaa"
|
|
180
180
|
client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
|
|
181
|
-
expect(
|
|
181
|
+
expect(described_class).to be_valid_for_authorization(uri, client_uri)
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
it "is false if valid and not included in array" do
|
|
185
185
|
uri = "http://app.co/aaa"
|
|
186
186
|
client_uri = "http://example.com/bbb\nhttp://app.co/cc"
|
|
187
|
-
expect(
|
|
187
|
+
expect(described_class).not_to be_valid_for_authorization(uri, client_uri)
|
|
188
188
|
end
|
|
189
189
|
|
|
190
190
|
it "is false if queries does not match" do
|
|
191
191
|
uri = "http://app.co/aaa?pankcakes=abc"
|
|
192
192
|
client_uri = "http://app.co/aaa?waffles=abc"
|
|
193
|
-
expect(
|
|
193
|
+
expect(described_class.valid_for_authorization?(uri, client_uri)).to be false
|
|
194
194
|
end
|
|
195
195
|
|
|
196
196
|
it "calls .matches?" do
|
|
197
197
|
uri = "http://app.co/aaa?pankcakes=abc"
|
|
198
198
|
client_uri = "http://app.co/aaa?waffles=abc"
|
|
199
|
-
expect(
|
|
200
|
-
|
|
199
|
+
expect(described_class).to receive(:matches?).with(uri, client_uri).once
|
|
200
|
+
described_class.valid_for_authorization?(uri, client_uri)
|
|
201
201
|
end
|
|
202
202
|
|
|
203
203
|
it "calls .valid?" do
|
|
204
204
|
uri = "http://app.co/aaa?pankcakes=abc"
|
|
205
205
|
client_uri = "http://app.co/aaa?waffles=abc"
|
|
206
|
-
expect(
|
|
207
|
-
|
|
206
|
+
expect(described_class).to receive(:valid?).with(uri).once
|
|
207
|
+
described_class.valid_for_authorization?(uri, client_uri)
|
|
208
208
|
end
|
|
209
209
|
end
|
|
210
210
|
|
|
211
211
|
describe ".query_matches?" do
|
|
212
212
|
it "is true if no queries" do
|
|
213
|
-
expect(
|
|
214
|
-
expect(
|
|
213
|
+
expect(described_class).to be_query_matches("", "")
|
|
214
|
+
expect(described_class).to be_query_matches(nil, nil)
|
|
215
215
|
end
|
|
216
216
|
|
|
217
217
|
it "is true if same query" do
|
|
218
|
-
expect(
|
|
218
|
+
expect(described_class).to be_query_matches("foo", "foo")
|
|
219
219
|
end
|
|
220
220
|
|
|
221
221
|
it "is false if different query" do
|
|
222
|
-
expect(
|
|
222
|
+
expect(described_class).not_to be_query_matches("foo", "bar")
|
|
223
223
|
end
|
|
224
224
|
|
|
225
225
|
it "is true if same queries" do
|
|
226
|
-
expect(
|
|
226
|
+
expect(described_class).to be_query_matches("foo&bar", "foo&bar")
|
|
227
227
|
end
|
|
228
228
|
|
|
229
229
|
it "is true if same queries, different order" do
|
|
230
|
-
expect(
|
|
230
|
+
expect(described_class).to be_query_matches("foo&bar", "bar&foo")
|
|
231
231
|
end
|
|
232
232
|
|
|
233
233
|
it "is false if one different query" do
|
|
234
|
-
expect(
|
|
234
|
+
expect(described_class).not_to be_query_matches("foo&bang", "foo&bing")
|
|
235
235
|
end
|
|
236
236
|
|
|
237
237
|
it "is true if same query with same value" do
|
|
238
|
-
expect(
|
|
238
|
+
expect(described_class).to be_query_matches("foo=bar", "foo=bar")
|
|
239
239
|
end
|
|
240
240
|
|
|
241
241
|
it "is true if same queries with same values" do
|
|
242
|
-
expect(
|
|
242
|
+
expect(described_class).to be_query_matches("foo=bar&bing=bang", "foo=bar&bing=bang")
|
|
243
243
|
end
|
|
244
244
|
|
|
245
245
|
it "is true if same queries with same values, different order" do
|
|
246
|
-
expect(
|
|
246
|
+
expect(described_class).to be_query_matches("foo=bar&bing=bang", "bing=bang&foo=bar")
|
|
247
247
|
end
|
|
248
248
|
|
|
249
249
|
it "is false if same query with different value" do
|
|
250
|
-
expect(
|
|
250
|
+
expect(described_class).not_to be_query_matches("foo=bar", "foo=bang")
|
|
251
251
|
end
|
|
252
252
|
|
|
253
253
|
it "is false if some queries missing" do
|
|
254
|
-
expect(
|
|
254
|
+
expect(described_class).not_to be_query_matches("foo=bar", "foo=bar&bing=bang")
|
|
255
255
|
end
|
|
256
256
|
|
|
257
257
|
it "is false if some queries different value" do
|
|
258
|
-
expect(
|
|
258
|
+
expect(described_class).not_to be_query_matches("foo=bar&bing=bang", "foo=bar&bing=banana")
|
|
259
259
|
end
|
|
260
260
|
end
|
|
261
261
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
6
6
|
describe "#name" do
|
|
7
7
|
it { expect(subject.name).to eq(:invalid_request) }
|
|
8
8
|
end
|
|
@@ -14,7 +14,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
|
14
14
|
describe ".from_request" do
|
|
15
15
|
let(:response) { described_class.from_request(request) }
|
|
16
16
|
|
|
17
|
-
context "
|
|
17
|
+
context "when param missed" do
|
|
18
18
|
let(:request) { double(missing_param: "some_param") }
|
|
19
19
|
|
|
20
20
|
it "sets a description" do
|
|
@@ -28,7 +28,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
-
context "server doesn't
|
|
31
|
+
context "when server doesn't support PKCE" do
|
|
32
32
|
let(:request) { double(invalid_request_reason: :not_support_pkce) }
|
|
33
33
|
|
|
34
34
|
it "sets a description" do
|
|
@@ -42,7 +42,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
|
42
42
|
end
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
context "request is not authorized" do
|
|
45
|
+
context "when request is not authorized" do
|
|
46
46
|
let(:request) { double(invalid_request_reason: :request_not_authorized) }
|
|
47
47
|
|
|
48
48
|
it "sets a description" do
|
|
@@ -56,7 +56,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
|
56
56
|
end
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
-
context "unknown reason" do
|
|
59
|
+
context "when unknown reason" do
|
|
60
60
|
let(:request) { double(invalid_request_reason: :unknown_reason) }
|
|
61
61
|
|
|
62
62
|
it "sets a description" do
|
|
@@ -65,7 +65,7 @@ describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
|
65
65
|
)
|
|
66
66
|
end
|
|
67
67
|
|
|
68
|
-
it "
|
|
68
|
+
it "sets the reason to unknown" do
|
|
69
69
|
expect(response.reason).to eq(:unknown_reason)
|
|
70
70
|
end
|
|
71
71
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::InvalidTokenResponse do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::InvalidTokenResponse do
|
|
6
6
|
describe "#name" do
|
|
7
7
|
it { expect(subject.name).to eq(:invalid_token) }
|
|
8
8
|
end
|
|
@@ -14,7 +14,7 @@ describe Doorkeeper::OAuth::InvalidTokenResponse do
|
|
|
14
14
|
describe ".from_access_token" do
|
|
15
15
|
let(:response) { described_class.from_access_token(access_token) }
|
|
16
16
|
|
|
17
|
-
context "revoked" do
|
|
17
|
+
context "when token revoked" do
|
|
18
18
|
let(:access_token) { double(revoked?: true, expired?: true) }
|
|
19
19
|
|
|
20
20
|
it "sets a description" do
|
|
@@ -26,7 +26,7 @@ describe Doorkeeper::OAuth::InvalidTokenResponse do
|
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
context "expired" do
|
|
29
|
+
context "when token expired" do
|
|
30
30
|
let(:access_token) { double(revoked?: false, expired?: true) }
|
|
31
31
|
|
|
32
32
|
it "sets a description" do
|
|
@@ -38,7 +38,7 @@ describe Doorkeeper::OAuth::InvalidTokenResponse do
|
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
context "unknown" do
|
|
41
|
+
context "when unknown" do
|
|
42
42
|
let(:access_token) { double(revoked?: false, expired?: false) }
|
|
43
43
|
|
|
44
44
|
it "sets a description" do
|
|
@@ -2,7 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
|
|
6
|
+
subject do
|
|
7
|
+
described_class.new(server, client, owner)
|
|
8
|
+
end
|
|
9
|
+
|
|
6
10
|
let(:server) do
|
|
7
11
|
double(
|
|
8
12
|
:server,
|
|
@@ -14,23 +18,20 @@ describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
|
|
|
14
18
|
},
|
|
15
19
|
)
|
|
16
20
|
end
|
|
17
|
-
let(:client) { FactoryBot.create(:application) }
|
|
18
|
-
let(:
|
|
21
|
+
let(:client) { Doorkeeper::OAuth::Client.new(FactoryBot.create(:application)) }
|
|
22
|
+
let(:application) { client.application }
|
|
23
|
+
let(:owner) { FactoryBot.build_stubbed(:resource_owner) }
|
|
19
24
|
|
|
20
25
|
before do
|
|
21
26
|
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
|
22
27
|
end
|
|
23
28
|
|
|
24
|
-
subject do
|
|
25
|
-
described_class.new(server, client, owner)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
29
|
it "issues a new token for the client" do
|
|
29
30
|
expect do
|
|
30
31
|
subject.authorize
|
|
31
|
-
end.to change {
|
|
32
|
+
end.to change { application.reload.access_tokens.count }.by(1)
|
|
32
33
|
|
|
33
|
-
expect(
|
|
34
|
+
expect(application.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
|
|
34
35
|
end
|
|
35
36
|
|
|
36
37
|
it "issues a new token without a client" do
|
|
@@ -2,7 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
require "spec_helper"
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::OAuth::PreAuthorization do
|
|
5
|
+
RSpec.describe Doorkeeper::OAuth::PreAuthorization do
|
|
6
|
+
subject do
|
|
7
|
+
described_class.new(server, attributes)
|
|
8
|
+
end
|
|
9
|
+
|
|
6
10
|
let(:server) do
|
|
7
11
|
server = Doorkeeper.configuration
|
|
8
12
|
allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("default"))
|
|
@@ -23,10 +27,6 @@ describe Doorkeeper::OAuth::PreAuthorization do
|
|
|
23
27
|
}
|
|
24
28
|
end
|
|
25
29
|
|
|
26
|
-
subject do
|
|
27
|
-
described_class.new(server, attributes)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
30
|
it "is authorizable when request is valid" do
|
|
31
31
|
expect(subject).to be_authorizable
|
|
32
32
|
end
|
|
@@ -77,7 +77,19 @@ describe Doorkeeper::OAuth::PreAuthorization do
|
|
|
77
77
|
end
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
-
context "client
|
|
80
|
+
context "when grant flow is client credentials & redirect_uri is nil" do
|
|
81
|
+
before do
|
|
82
|
+
allow(server).to receive(:grant_flows).and_return(["client_credentials"])
|
|
83
|
+
allow(Doorkeeper.configuration).to receive(:allow_grant_flow_for_client?).and_return(false)
|
|
84
|
+
application.update_column :redirect_uri, nil
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
it "is not authorizable" do
|
|
88
|
+
expect(subject).not_to be_authorizable
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
context "when client application does not restrict valid scopes" do
|
|
81
93
|
it "accepts valid scopes" do
|
|
82
94
|
attributes[:scope] = "public"
|
|
83
95
|
expect(subject).to be_authorizable
|
|
@@ -101,7 +113,7 @@ describe Doorkeeper::OAuth::PreAuthorization do
|
|
|
101
113
|
end
|
|
102
114
|
end
|
|
103
115
|
|
|
104
|
-
context "client application restricts valid scopes" do
|
|
116
|
+
context "when client application restricts valid scopes" do
|
|
105
117
|
let(:application) do
|
|
106
118
|
FactoryBot.create(:application, scopes: Doorkeeper::OAuth::Scopes.from_string("public nonsense"))
|
|
107
119
|
end
|
|
@@ -118,7 +130,7 @@ describe Doorkeeper::OAuth::PreAuthorization do
|
|
|
118
130
|
|
|
119
131
|
it "rejects (application level) non-valid scopes" do
|
|
120
132
|
attributes[:scope] = "profile"
|
|
121
|
-
expect(subject).
|
|
133
|
+
expect(subject).not_to be_authorizable
|
|
122
134
|
end
|
|
123
135
|
|
|
124
136
|
it "accepts scopes which are permitted for grant_type" do
|