RubyGems - doorkeeper-mongodb - Versions diffs - 5.3.0 → 5.4.0 - Mend

doorkeeper-mongodb 5.3.0 → 5.4.0

Files changed (182) hide show

data/spec/lib/doorkeeper_spec.rb DELETED Viewed

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper do
-  describe "#authenticate" do
-    let(:request) { double }
-    it "calls OAuth::Token#authenticate" do
-      token_strategies = described_class.config.access_token_methods
-      expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
-        .with(request, *token_strategies)
-      described_class.authenticate(request)
-    end
-    it "accepts custom token strategies" do
-      token_strategies = %i[first_way second_way]
-      expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
-        .with(request, *token_strategies)
-      described_class.authenticate(request, token_strategies)
-    end
-  end
-end

data/spec/lib/models/expirable_spec.rb DELETED Viewed

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Expirable do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Expirable
-    end.new
-  end
-  before do
-    allow(subject).to receive(:created_at).and_return(1.minute.ago)
-  end
-  describe "#expired?" do
-    it "is not expired if time has not passed" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject).not_to be_expired
-    end
-    it "is expired if time has passed" do
-      allow(subject).to receive(:expires_in).and_return(10.seconds)
-      expect(subject).to be_expired
-    end
-    it "is not expired if expires_in is not set" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject).not_to be_expired
-    end
-  end
-  describe "#expires_in_seconds" do
-    it "returns the amount of time remaining until the token is expired" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject.expires_in_seconds).to eq(60)
-    end
-    it "returns 0 when expired" do
-      allow(subject).to receive(:expires_in).and_return(30.seconds)
-      expect(subject.expires_in_seconds).to eq(0)
-    end
-    it "returns nil when expires_in is nil" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject.expires_in_seconds).to be_nil
-    end
-  end
-  describe "#expires_at" do
-    it "returns the expiration time of the token" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject.expires_at).to be_a(Time)
-    end
-    it "returns nil when expires_in is nil" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject.expires_at).to be_nil
-    end
-  end
-end

data/spec/lib/models/reusable_spec.rb DELETED Viewed

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Reusable do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Reusable
-    end.new
-  end
-  describe "#reusable?" do
-    it "is reusable if its expires_in is nil" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject).to be_reusable
-    end
-    it "is reusable if its expiry has crossed reusable limit" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
-      allow(subject).to receive(:expires_in).and_return(100.seconds)
-      allow(subject).to receive(:expires_in_seconds).and_return(20.seconds)
-      expect(subject).to be_reusable
-    end
-    it "is not reusable if its expiry has crossed reusable limit" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
-      allow(subject).to receive(:expires_in).and_return(100.seconds)
-      allow(subject).to receive(:expires_in_seconds).and_return(5.seconds)
-      expect(subject).not_to be_reusable
-    end
-    it "is not reusable if it is already expired" do
-      allow(subject).to receive(:expired?).and_return(true)
-      expect(subject).not_to be_reusable
-    end
-  end
-end

data/spec/lib/models/revocable_spec.rb DELETED Viewed

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Revocable do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Revocable
-    end.new
-  end
-  describe "#revoke" do
-    it "updates :revoked_at attribute with current time" do
-      utc = double utc: double
-      clock = double now: utc
-      expect(subject).to receive(:update_column).with(:revoked_at, clock.now.utc)
-      subject.revoke(clock)
-    end
-  end
-  describe "#revoked?" do
-    it "is revoked if :revoked_at has passed" do
-      allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
-      expect(subject).to be_revoked
-    end
-    it "is not revoked if :revoked_at has not passed" do
-      allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
-      expect(subject).not_to be_revoked
-    end
-    it "is not revoked if :revoked_at is not set" do
-      allow(subject).to receive(:revoked_at).and_return(nil)
-      expect(subject).not_to be_revoked
-    end
-  end
-  describe "#revoke_previous_refresh_token!" do
-    it "revokes the previous token if exists and resets the `previous_refresh_token` attribute" do
-      previous_token = FactoryBot.create(
-        :access_token,
-        refresh_token: "refresh_token",
-      )
-      current_token = FactoryBot.create(
-        :access_token,
-        previous_refresh_token: previous_token.refresh_token,
-      )
-      current_token.revoke_previous_refresh_token!
-      expect(current_token.previous_refresh_token).to be_empty
-      expect(previous_token.reload).to be_revoked
-    end
-  end
-end

data/spec/lib/models/scopes_spec.rb DELETED Viewed

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Scopes do
-  subject do
-    Class.new(Struct.new(:scopes)) do
-      include Doorkeeper::Models::Scopes
-    end.new
-  end
-  before do
-    subject[:scopes] = "public admin"
-  end
-  describe "#scopes" do
-    it "is a `Scopes` class" do
-      expect(subject.scopes).to be_a(Doorkeeper::OAuth::Scopes)
-    end
-    it "includes scopes" do
-      expect(subject.scopes).to include("public")
-    end
-  end
-  describe "#scopes=" do
-    it "accepts String" do
-      subject.scopes = "private admin"
-      expect(subject.scopes_string).to eq("private admin")
-    end
-    it "accepts Array" do
-      subject.scopes = %w[private admin]
-      expect(subject.scopes_string).to eq("private admin")
-    end
-    it "ignores duplicated scopes" do
-      subject.scopes = %w[private admin admin]
-      expect(subject.scopes_string).to eq("private admin")
-      subject.scopes = "private admin admin"
-      expect(subject.scopes_string).to eq("private admin")
-    end
-  end
-  describe "#scopes_string" do
-    it "is a `Scopes` class" do
-      expect(subject.scopes_string).to eq("public admin")
-    end
-  end
-  describe "#includes_scope?" do
-    it "returns true if at least one scope is included" do
-      expect(subject.includes_scope?("public", "private")).to be true
-    end
-    it "returns false if no scopes are included" do
-      expect(subject.includes_scope?("teacher", "student")).to be false
-    end
-  end
-end

data/spec/lib/models/secret_storable_spec.rb DELETED Viewed

@@ -1,136 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::SecretStorable do
-  let(:clazz) do
-    Class.new do
-      include Doorkeeper::Models::SecretStorable
-      def self.find_by(*)
-        raise "stub this"
-      end
-      def update_column(*)
-        raise "stub this"
-      end
-      def token
-        raise "stub this"
-      end
-    end
-  end
-  let(:strategy) { clazz.secret_strategy }
-  describe ".find_by_plaintext_token" do
-    subject { clazz.send(:find_by_plaintext_token, "attr", "input") }
-    it "forwards to the secret_strategy" do
-      expect(strategy)
-        .to receive(:transform_secret)
-        .with("input")
-        .and_return "found"
-      expect(clazz)
-        .to receive(:find_by)
-        .with("attr" => "found")
-        .and_return "result"
-      expect(subject).to eq "result"
-    end
-    it "calls find_by_fallback_token if not found" do
-      expect(clazz)
-        .to receive(:find_by)
-        .with("attr" => "input")
-        .and_return nil
-      expect(clazz)
-        .to receive(:find_by_fallback_token)
-        .with("attr", "input")
-        .and_return "fallback"
-      expect(subject).to eq "fallback"
-    end
-  end
-  describe ".find_by_fallback_token" do
-    subject { clazz.send(:find_by_fallback_token, "attr", "input") }
-    let(:fallback) { double(::Doorkeeper::SecretStoring::Plain) }
-    it "returns nil if none defined" do
-      expect(clazz.fallback_secret_strategy).to eq nil
-      expect(subject).to eq nil
-    end
-    context "when a fallback strategy is defined" do
-      before do
-        allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
-      end
-      context "when resource is defined" do
-        let(:resource) { double("Token model") }
-        it "calls the strategy for lookup" do
-          expect(clazz)
-            .to receive(:find_by)
-            .with("attr" => "fallback")
-            .and_return(resource)
-          expect(fallback)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("fallback")
-          # store_secret will call the resource
-          expect(resource)
-            .to receive(:attr=)
-            .with("new value")
-          # It will upgrade the secret automtically using the current strategy
-          expect(strategy)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("new value")
-          expect(resource).to receive(:update).with("attr" => "new value")
-          expect(subject).to eq resource
-        end
-      end
-      context "when resource is not defined" do
-        before do
-          allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
-        end
-        it "returns nil" do
-          expect(clazz)
-            .to receive(:find_by)
-            .with("attr" => "fallback")
-            .and_return(nil)
-          expect(fallback)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("fallback")
-          # It does not find a token even with the fallback method
-          expect(subject).to be_nil
-        end
-      end
-    end
-  end
-  describe ".secret_strategy" do
-    it "defaults to plain strategy" do
-      expect(strategy).to eq Doorkeeper::SecretStoring::Plain
-    end
-  end
-  describe ".fallback_secret_strategy" do
-    it "defaults to nil" do
-      expect(clazz.fallback_secret_strategy).to eq nil
-    end
-  end
-end

data/spec/lib/oauth/authorization/uri_builder_spec.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::Authorization::URIBuilder do
-  describe ".uri_with_query" do
-    it "returns the uri with query" do
-      uri = described_class.uri_with_query "http://example.com/", parameter: "value"
-      expect(uri).to eq("http://example.com/?parameter=value")
-    end
-    it "rejects nil values" do
-      uri = described_class.uri_with_query "http://example.com/", parameter: ""
-      expect(uri).to eq("http://example.com/?")
-    end
-    it "preserves original query parameters" do
-      uri = described_class.uri_with_query "http://example.com/?query1=value", parameter: "value"
-      expect(uri).to match(/query1=value/)
-      expect(uri).to match(/parameter=value/)
-    end
-  end
-  describe ".uri_with_fragment" do
-    it "returns uri with parameters as fragments" do
-      uri = described_class.uri_with_fragment "http://example.com/", parameter: "value"
-      expect(uri).to eq("http://example.com/#parameter=value")
-    end
-    it "preserves original query parameters" do
-      uri = described_class.uri_with_fragment "http://example.com/?query1=value1", parameter: "value"
-      expect(uri).to eq("http://example.com/?query1=value1#parameter=value")
-    end
-  end
-end

data/spec/lib/oauth/authorization_code_request_spec.rb DELETED Viewed

@@ -1,180 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::AuthorizationCodeRequest do
-  subject do
-    described_class.new(server, grant, client, params)
-  end
-  let(:server) do
-    double :server,
-           access_token_expires_in: 2.days,
-           refresh_token_enabled?: false,
-           custom_access_token_expires_in: lambda { |context|
-             context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
-           }
-  end
-  let(:resource_owner) { FactoryBot.create :resource_owner }
-  let(:grant) do
-    FactoryBot.create :access_grant,
-                      resource_owner_id: resource_owner.id,
-                      resource_owner_type: resource_owner.class.name
-  end
-  let(:client) { grant.application }
-  let(:redirect_uri) { client.redirect_uri }
-  let(:params) { { redirect_uri: redirect_uri } }
-  before do
-    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-  end
-  it "issues a new token for the client" do
-    expect do
-      subject.authorize
-    end.to change { client.reload.access_tokens.count }.by(1)
-    expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
-  end
-  it "issues the token with same grant's scopes" do
-    subject.authorize
-    expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
-  end
-  it "revokes the grant" do
-    expect { subject.authorize }.to(change { grant.reload.accessible? })
-  end
-  it "requires the grant to be accessible" do
-    grant.revoke
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "requires the grant" do
-    subject = described_class.new(server, nil, client, params)
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "requires the client" do
-    subject = described_class.new(server, grant, nil, params)
-    subject.validate
-    expect(subject.error).to eq(:invalid_client)
-  end
-  it "requires the redirect_uri" do
-    subject = described_class.new(server, grant, nil, params.except(:redirect_uri))
-    subject.validate
-    expect(subject.error).to eq(:invalid_request)
-    expect(subject.missing_param).to eq(:redirect_uri)
-  end
-  it "invalid code_verifier param because server does not support pkce" do
-    allow(Doorkeeper::AccessGrant).to receive(:pkce_supported?).and_return(false)
-    code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
-    subject = described_class.new(server, grant, client, params.merge(code_verifier: code_verifier))
-    subject.validate
-    expect(subject.error).to eq(:invalid_request)
-    expect(subject.invalid_request_reason).to eq(:not_support_pkce)
-  end
-  it "matches the redirect_uri with grant's one" do
-    subject = described_class.new(server, grant, client, params.merge(redirect_uri: "http://other.com"))
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "matches the client with grant's one" do
-    other_client = FactoryBot.create :application
-    subject = described_class.new(server, grant, other_client, params)
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "skips token creation if there is a matching one reusable" do
-    scopes = grant.scopes
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-      reuse_access_token
-      default_scopes(*scopes)
-    end
-    FactoryBot.create(
-      :access_token,
-      application_id: client.id,
-      resource_owner_id: grant.resource_owner_id,
-      resource_owner_type: grant.resource_owner_type,
-      scopes: grant.scopes.to_s,
-    )
-    expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
-  end
-  it "creates token if there is a matching one but non reusable" do
-    scopes = grant.scopes
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-      reuse_access_token
-      default_scopes(*scopes)
-    end
-    FactoryBot.create(
-      :access_token,
-      application_id: client.id,
-      resource_owner_id: grant.resource_owner_id,
-      resource_owner_type: grant.resource_owner_type,
-      scopes: grant.scopes.to_s,
-    )
-    allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
-    expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
-  end
-  it "calls configured request callback methods" do
-    expect(Doorkeeper.configuration.before_successful_strategy_response)
-      .to receive(:call).with(subject).once
-    expect(Doorkeeper.configuration.after_successful_strategy_response)
-      .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
-    subject.authorize
-  end
-  context "when redirect_uri contains some query params" do
-    let(:redirect_uri) { client.redirect_uri + "?query=q" }
-    it "compares only host part with grant's redirect_uri" do
-      subject.validate
-      expect(subject.error).to eq(nil)
-    end
-  end
-  context "when redirect_uri is not an URI" do
-    let(:redirect_uri) { "123d#!s" }
-    it "responds with invalid_grant" do
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
-  end
-  context "when redirect_uri is the native one" do
-    let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
-    it "invalidates when redirect_uri of the grant is not native" do
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
-    it "validates when redirect_uri of the grant is also native" do
-      allow(grant).to receive(:redirect_uri) { redirect_uri }
-      subject.validate
-      expect(subject.error).to eq(nil)
-    end
-  end
-end