RubyGems - doorkeeper-mongodb - Versions diffs - 5.2.3 → 5.4.0 - Mend

doorkeeper-mongodb 5.2.3 → 5.4.0

Files changed (188) hide show

data/spec/requests/flows/client_credentials_spec.rb DELETED Viewed

@@ -1,219 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe "Client Credentials Request" do
-  let(:client) { FactoryBot.create :application }
-  context "with a valid request" do
-    it "authorizes the client and returns the token response" do
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to match(
-        "access_token" => Doorkeeper::AccessToken.first.token,
-        "token_type" => "Bearer",
-        "expires_in" => Doorkeeper.configuration.access_token_expires_in,
-        "created_at" => an_instance_of(Integer),
-      )
-    end
-    context "with scopes" do
-      before do
-        optional_scopes_exist :write
-        default_scopes_exist :public
-      end
-      it "adds the scope to the token an returns in the response" do
-        headers = authorization client.uid, client.secret
-        params  = { grant_type: "client_credentials", scope: "write" }
-        post "/oauth/token", params: params, headers: headers
-        expect(json_response).to include(
-          "access_token" => Doorkeeper::AccessToken.first.token,
-          "scope" => "write",
-        )
-      end
-      context "when scopes are default" do
-        it "adds the scope to the token an returns in the response" do
-          headers = authorization client.uid, client.secret
-          params  = { grant_type: "client_credentials", scope: "public" }
-          post "/oauth/token", params: params, headers: headers
-          expect(json_response).to include(
-            "access_token" => Doorkeeper::AccessToken.first.token,
-            "scope" => "public",
-          )
-        end
-      end
-      context "when scopes are invalid" do
-        it "does not authorize the client and returns the error" do
-          headers = authorization client.uid, client.secret
-          params  = { grant_type: "client_credentials", scope: "random" }
-          post "/oauth/token", params: params, headers: headers
-          expect(response.status).to eq(400)
-          expect(json_response).to match(
-            "error" => "invalid_scope",
-            "error_description" => translated_error_message(:invalid_scope),
-          )
-        end
-      end
-    end
-  end
-  context "when configured to check application supported grant flow" do
-    before do
-      Doorkeeper.configuration.instance_variable_set(
-        :@allow_grant_flow_for_client,
-        ->(_grant_flow, client) { client.name == "admin" },
-      )
-    end
-    scenario "forbids the request when doesn't satisfy condition" do
-      client.update(name: "sample app")
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to match(
-        "error" => "unauthorized_client",
-        "error_description" => translated_error_message(:unauthorized_client),
-      )
-    end
-    scenario "allows the request when satisfies condition" do
-      client.update(name: "admin")
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to match(
-        "access_token" => Doorkeeper::AccessToken.first.token,
-        "token_type" => "Bearer",
-        "expires_in" => 7200,
-        "created_at" => an_instance_of(Integer),
-      )
-    end
-  end
-  context "when application scopes contain some of the default scopes and no scope is passed" do
-    before do
-      client.update(scopes: "read write public")
-    end
-    it "issues new token with one default scope that are present in application scopes" do
-      default_scopes_exist :public
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      expect do
-        post "/oauth/token", params: params, headers: headers
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-      token = Doorkeeper::AccessToken.first
-      expect(token.application_id).to eq client.id
-      expect(json_response).to include(
-        "access_token" => token.token,
-        "scope" => "public",
-      )
-    end
-    it "issues new token with multiple default scopes that are present in application scopes" do
-      default_scopes_exist :public, :read, :update
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      expect do
-        post "/oauth/token", params: params, headers: headers
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-      token = Doorkeeper::AccessToken.first
-      expect(token.application_id).to eq client.id
-      expect(json_response).to include(
-        "access_token" => token.token,
-        "scope" => "public read",
-      )
-    end
-  end
-  context "when request is invalid" do
-    it "does not authorize the client and returns the error" do
-      headers = {}
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(response.status).to eq(401)
-      expect(json_response).to match(
-        "error" => "invalid_client",
-        "error_description" => translated_error_message(:invalid_client),
-      )
-    end
-  end
-  context "when revoke_previous_client_credentials_token is true" do
-    before do
-      allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(false)
-      allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token?).and_return(true)
-    end
-    it "revokes the previous token" do
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to include("access_token" => Doorkeeper::AccessToken.first.token)
-      token = Doorkeeper::AccessToken.first
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to include("access_token" => Doorkeeper::AccessToken.last.token)
-      expect(token.reload).to be_revoked
-      expect(Doorkeeper::AccessToken.last).not_to be_revoked
-    end
-    context "with a simultaneous request" do
-      let!(:access_token) { FactoryBot.create :access_token, resource_owner_id: nil }
-      before do
-        allow(Doorkeeper.config.access_token_model).to receive(:matching_token_for) { access_token }
-        allow(access_token).to receive(:revoked?).and_return(true)
-      end
-      it "returns an error" do
-        headers = authorization client.uid, client.secret
-        params  = { grant_type: "client_credentials" }
-        post "/oauth/token", params: params, headers: headers
-        expect(json_response).to match(
-          "error" => "invalid_token_reuse",
-          "error_description" => translated_error_message(:server_error),
-        )
-      end
-    end
-  end
-  def authorization(username, password)
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials username, password
-    { "HTTP_AUTHORIZATION" => credentials }
-  end
-end

data/spec/requests/flows/implicit_grant_errors_spec.rb DELETED Viewed

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-feature "Implicit Grant Flow Errors" do
-  background do
-    default_scopes_exist :default
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
-    config_is_set(:grant_flows, ["implicit"])
-    client_exists
-    create_resource_owner
-    sign_in
-  end
-  after do
-    access_token_should_not_exist
-  end
-  context "when validate client_id param" do
-    scenario "displays invalid_client error for invalid client_id" do
-      visit authorization_endpoint_url(client_id: "invalid", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_client
-    end
-    scenario "displays invalid_request error when client_id is missing" do
-      visit authorization_endpoint_url(client_id: "", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_invalid_request_error_message :missing_param, :client_id
-    end
-  end
-  context "when validate redirect_uri param" do
-    scenario "displays invalid_redirect_uri error for invalid redirect_uri" do
-      visit authorization_endpoint_url(client: @client, redirect_uri: "invalid", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_redirect_uri
-    end
-    scenario "displays invalid_redirect_uri error when redirect_uri is missing" do
-      visit authorization_endpoint_url(client: @client, redirect_uri: "", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_redirect_uri
-    end
-  end
-end

data/spec/requests/flows/implicit_grant_spec.rb DELETED Viewed

@@ -1,91 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-feature "Implicit Grant Flow (feature spec)" do
-  background do
-    default_scopes_exist :default
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
-    config_is_set(:grant_flows, ["implicit"])
-    client_exists
-    create_resource_owner
-    sign_in
-  end
-  scenario "resource owner authorizes the client" do
-    visit authorization_endpoint_url(client: @client, response_type: "token")
-    click_on "Authorize"
-    access_token_should_exist_for @client, @resource_owner
-    i_should_be_on_client_callback @client
-  end
-  context "when application scopes are present and no scope is passed" do
-    background do
-      @client.update(scopes: "public write read")
-    end
-    scenario "scope is invalid because default scope is different from application scope" do
-      default_scopes_exist :admin
-      visit authorization_endpoint_url(client: @client, response_type: "token")
-      response_status_should_be 200
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_scope
-    end
-    scenario "access token has scopes which are common in application scopes and default scopes" do
-      default_scopes_exist :public, :write
-      visit authorization_endpoint_url(client: @client, response_type: "token")
-      click_on "Authorize"
-      access_token_should_exist_for @client, @resource_owner
-      access_token_should_have_scopes :public, :write
-    end
-  end
-end
-RSpec.describe "Implicit Grant Flow (request spec)" do
-  before do
-    default_scopes_exist :default
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
-    config_is_set(:grant_flows, ["implicit"])
-    client_exists
-    create_resource_owner
-  end
-  context "when reuse_access_token enabled" do
-    it "returns a new token each request" do
-      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
-      token = client_is_authorized(@client, @resource_owner, scopes: "default")
-      post "/oauth/authorize",
-           params: {
-             client_id: @client.uid,
-             state: "",
-             redirect_uri: @client.redirect_uri,
-             response_type: "token",
-             commit: "Authorize",
-           }
-      expect(response.location).not_to include(token.token)
-    end
-    it "returns the same token if it is still accessible" do
-      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-      token = client_is_authorized(@client, @resource_owner, scopes: "default")
-      post "/oauth/authorize",
-           params: {
-             client_id: @client.uid,
-             state: "",
-             redirect_uri: @client.redirect_uri,
-             response_type: "token",
-             commit: "Authorize",
-           }
-      expect(response.location).to include(token.token)
-    end
-  end
-end