RubyGems - doorkeeper-mongodb - Versions diffs - 5.3.0 → 5.5.0 - Mend

doorkeeper-mongodb 5.3.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

data/spec/lib/doorkeeper_spec.rb DELETED Viewed

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper do
-  describe "#authenticate" do
-    let(:request) { double }
-    it "calls OAuth::Token#authenticate" do
-      token_strategies = described_class.config.access_token_methods
-      expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
-        .with(request, *token_strategies)
-      described_class.authenticate(request)
-    end
-    it "accepts custom token strategies" do
-      token_strategies = %i[first_way second_way]
-      expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
-        .with(request, *token_strategies)
-      described_class.authenticate(request, token_strategies)
-    end
-  end
-end

data/spec/lib/models/expirable_spec.rb DELETED Viewed

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Expirable do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Expirable
-    end.new
-  end
-  before do
-    allow(subject).to receive(:created_at).and_return(1.minute.ago)
-  end
-  describe "#expired?" do
-    it "is not expired if time has not passed" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject).not_to be_expired
-    end
-    it "is expired if time has passed" do
-      allow(subject).to receive(:expires_in).and_return(10.seconds)
-      expect(subject).to be_expired
-    end
-    it "is not expired if expires_in is not set" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject).not_to be_expired
-    end
-  end
-  describe "#expires_in_seconds" do
-    it "returns the amount of time remaining until the token is expired" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject.expires_in_seconds).to eq(60)
-    end
-    it "returns 0 when expired" do
-      allow(subject).to receive(:expires_in).and_return(30.seconds)
-      expect(subject.expires_in_seconds).to eq(0)
-    end
-    it "returns nil when expires_in is nil" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject.expires_in_seconds).to be_nil
-    end
-  end
-  describe "#expires_at" do
-    it "returns the expiration time of the token" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject.expires_at).to be_a(Time)
-    end
-    it "returns nil when expires_in is nil" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject.expires_at).to be_nil
-    end
-  end
-end

data/spec/lib/models/reusable_spec.rb DELETED Viewed

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Reusable do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Reusable
-    end.new
-  end
-  describe "#reusable?" do
-    it "is reusable if its expires_in is nil" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject).to be_reusable
-    end
-    it "is reusable if its expiry has crossed reusable limit" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
-      allow(subject).to receive(:expires_in).and_return(100.seconds)
-      allow(subject).to receive(:expires_in_seconds).and_return(20.seconds)
-      expect(subject).to be_reusable
-    end
-    it "is not reusable if its expiry has crossed reusable limit" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
-      allow(subject).to receive(:expires_in).and_return(100.seconds)
-      allow(subject).to receive(:expires_in_seconds).and_return(5.seconds)
-      expect(subject).not_to be_reusable
-    end
-    it "is not reusable if it is already expired" do
-      allow(subject).to receive(:expired?).and_return(true)
-      expect(subject).not_to be_reusable
-    end
-  end
-end

data/spec/lib/models/revocable_spec.rb DELETED Viewed

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Revocable do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Revocable
-    end.new
-  end
-  describe "#revoke" do
-    it "updates :revoked_at attribute with current time" do
-      utc = double utc: double
-      clock = double now: utc
-      expect(subject).to receive(:update_column).with(:revoked_at, clock.now.utc)
-      subject.revoke(clock)
-    end
-  end
-  describe "#revoked?" do
-    it "is revoked if :revoked_at has passed" do
-      allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
-      expect(subject).to be_revoked
-    end
-    it "is not revoked if :revoked_at has not passed" do
-      allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
-      expect(subject).not_to be_revoked
-    end
-    it "is not revoked if :revoked_at is not set" do
-      allow(subject).to receive(:revoked_at).and_return(nil)
-      expect(subject).not_to be_revoked
-    end
-  end
-  describe "#revoke_previous_refresh_token!" do
-    it "revokes the previous token if exists and resets the `previous_refresh_token` attribute" do
-      previous_token = FactoryBot.create(
-        :access_token,
-        refresh_token: "refresh_token",
-      )
-      current_token = FactoryBot.create(
-        :access_token,
-        previous_refresh_token: previous_token.refresh_token,
-      )
-      current_token.revoke_previous_refresh_token!
-      expect(current_token.previous_refresh_token).to be_empty
-      expect(previous_token.reload).to be_revoked
-    end
-  end
-end

data/spec/lib/models/scopes_spec.rb DELETED Viewed

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::Scopes do
-  subject do
-    Class.new(Struct.new(:scopes)) do
-      include Doorkeeper::Models::Scopes
-    end.new
-  end
-  before do
-    subject[:scopes] = "public admin"
-  end
-  describe "#scopes" do
-    it "is a `Scopes` class" do
-      expect(subject.scopes).to be_a(Doorkeeper::OAuth::Scopes)
-    end
-    it "includes scopes" do
-      expect(subject.scopes).to include("public")
-    end
-  end
-  describe "#scopes=" do
-    it "accepts String" do
-      subject.scopes = "private admin"
-      expect(subject.scopes_string).to eq("private admin")
-    end
-    it "accepts Array" do
-      subject.scopes = %w[private admin]
-      expect(subject.scopes_string).to eq("private admin")
-    end
-    it "ignores duplicated scopes" do
-      subject.scopes = %w[private admin admin]
-      expect(subject.scopes_string).to eq("private admin")
-      subject.scopes = "private admin admin"
-      expect(subject.scopes_string).to eq("private admin")
-    end
-  end
-  describe "#scopes_string" do
-    it "is a `Scopes` class" do
-      expect(subject.scopes_string).to eq("public admin")
-    end
-  end
-  describe "#includes_scope?" do
-    it "returns true if at least one scope is included" do
-      expect(subject.includes_scope?("public", "private")).to be true
-    end
-    it "returns false if no scopes are included" do
-      expect(subject.includes_scope?("teacher", "student")).to be false
-    end
-  end
-end

data/spec/lib/models/secret_storable_spec.rb DELETED Viewed

@@ -1,136 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::Models::SecretStorable do
-  let(:clazz) do
-    Class.new do
-      include Doorkeeper::Models::SecretStorable
-      def self.find_by(*)
-        raise "stub this"
-      end
-      def update_column(*)
-        raise "stub this"
-      end
-      def token
-        raise "stub this"
-      end
-    end
-  end
-  let(:strategy) { clazz.secret_strategy }
-  describe ".find_by_plaintext_token" do
-    subject { clazz.send(:find_by_plaintext_token, "attr", "input") }
-    it "forwards to the secret_strategy" do
-      expect(strategy)
-        .to receive(:transform_secret)
-        .with("input")
-        .and_return "found"
-      expect(clazz)
-        .to receive(:find_by)
-        .with("attr" => "found")
-        .and_return "result"
-      expect(subject).to eq "result"
-    end
-    it "calls find_by_fallback_token if not found" do
-      expect(clazz)
-        .to receive(:find_by)
-        .with("attr" => "input")
-        .and_return nil
-      expect(clazz)
-        .to receive(:find_by_fallback_token)
-        .with("attr", "input")
-        .and_return "fallback"
-      expect(subject).to eq "fallback"
-    end
-  end
-  describe ".find_by_fallback_token" do
-    subject { clazz.send(:find_by_fallback_token, "attr", "input") }
-    let(:fallback) { double(::Doorkeeper::SecretStoring::Plain) }
-    it "returns nil if none defined" do
-      expect(clazz.fallback_secret_strategy).to eq nil
-      expect(subject).to eq nil
-    end
-    context "when a fallback strategy is defined" do
-      before do
-        allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
-      end
-      context "when resource is defined" do
-        let(:resource) { double("Token model") }
-        it "calls the strategy for lookup" do
-          expect(clazz)
-            .to receive(:find_by)
-            .with("attr" => "fallback")
-            .and_return(resource)
-          expect(fallback)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("fallback")
-          # store_secret will call the resource
-          expect(resource)
-            .to receive(:attr=)
-            .with("new value")
-          # It will upgrade the secret automtically using the current strategy
-          expect(strategy)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("new value")
-          expect(resource).to receive(:update).with("attr" => "new value")
-          expect(subject).to eq resource
-        end
-      end
-      context "when resource is not defined" do
-        before do
-          allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
-        end
-        it "returns nil" do
-          expect(clazz)
-            .to receive(:find_by)
-            .with("attr" => "fallback")
-            .and_return(nil)
-          expect(fallback)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("fallback")
-          # It does not find a token even with the fallback method
-          expect(subject).to be_nil
-        end
-      end
-    end
-  end
-  describe ".secret_strategy" do
-    it "defaults to plain strategy" do
-      expect(strategy).to eq Doorkeeper::SecretStoring::Plain
-    end
-  end
-  describe ".fallback_secret_strategy" do
-    it "defaults to nil" do
-      expect(clazz.fallback_secret_strategy).to eq nil
-    end
-  end
-end

data/spec/lib/oauth/authorization/uri_builder_spec.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::Authorization::URIBuilder do
-  describe ".uri_with_query" do
-    it "returns the uri with query" do
-      uri = described_class.uri_with_query "http://example.com/", parameter: "value"
-      expect(uri).to eq("http://example.com/?parameter=value")
-    end
-    it "rejects nil values" do
-      uri = described_class.uri_with_query "http://example.com/", parameter: ""
-      expect(uri).to eq("http://example.com/?")
-    end
-    it "preserves original query parameters" do
-      uri = described_class.uri_with_query "http://example.com/?query1=value", parameter: "value"
-      expect(uri).to match(/query1=value/)
-      expect(uri).to match(/parameter=value/)
-    end
-  end
-  describe ".uri_with_fragment" do
-    it "returns uri with parameters as fragments" do
-      uri = described_class.uri_with_fragment "http://example.com/", parameter: "value"
-      expect(uri).to eq("http://example.com/#parameter=value")
-    end
-    it "preserves original query parameters" do
-      uri = described_class.uri_with_fragment "http://example.com/?query1=value1", parameter: "value"
-      expect(uri).to eq("http://example.com/?query1=value1#parameter=value")
-    end
-  end
-end

data/spec/lib/oauth/authorization_code_request_spec.rb DELETED Viewed

@@ -1,180 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::AuthorizationCodeRequest do
-  subject do
-    described_class.new(server, grant, client, params)
-  end
-  let(:server) do
-    double :server,
-           access_token_expires_in: 2.days,
-           refresh_token_enabled?: false,
-           custom_access_token_expires_in: lambda { |context|
-             context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
-           }
-  end
-  let(:resource_owner) { FactoryBot.create :resource_owner }
-  let(:grant) do
-    FactoryBot.create :access_grant,
-                      resource_owner_id: resource_owner.id,
-                      resource_owner_type: resource_owner.class.name
-  end
-  let(:client) { grant.application }
-  let(:redirect_uri) { client.redirect_uri }
-  let(:params) { { redirect_uri: redirect_uri } }
-  before do
-    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-  end
-  it "issues a new token for the client" do
-    expect do
-      subject.authorize
-    end.to change { client.reload.access_tokens.count }.by(1)
-    expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
-  end
-  it "issues the token with same grant's scopes" do
-    subject.authorize
-    expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
-  end
-  it "revokes the grant" do
-    expect { subject.authorize }.to(change { grant.reload.accessible? })
-  end
-  it "requires the grant to be accessible" do
-    grant.revoke
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "requires the grant" do
-    subject = described_class.new(server, nil, client, params)
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "requires the client" do
-    subject = described_class.new(server, grant, nil, params)
-    subject.validate
-    expect(subject.error).to eq(:invalid_client)
-  end
-  it "requires the redirect_uri" do
-    subject = described_class.new(server, grant, nil, params.except(:redirect_uri))
-    subject.validate
-    expect(subject.error).to eq(:invalid_request)
-    expect(subject.missing_param).to eq(:redirect_uri)
-  end
-  it "invalid code_verifier param because server does not support pkce" do
-    allow(Doorkeeper::AccessGrant).to receive(:pkce_supported?).and_return(false)
-    code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
-    subject = described_class.new(server, grant, client, params.merge(code_verifier: code_verifier))
-    subject.validate
-    expect(subject.error).to eq(:invalid_request)
-    expect(subject.invalid_request_reason).to eq(:not_support_pkce)
-  end
-  it "matches the redirect_uri with grant's one" do
-    subject = described_class.new(server, grant, client, params.merge(redirect_uri: "http://other.com"))
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "matches the client with grant's one" do
-    other_client = FactoryBot.create :application
-    subject = described_class.new(server, grant, other_client, params)
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "skips token creation if there is a matching one reusable" do
-    scopes = grant.scopes
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-      reuse_access_token
-      default_scopes(*scopes)
-    end
-    FactoryBot.create(
-      :access_token,
-      application_id: client.id,
-      resource_owner_id: grant.resource_owner_id,
-      resource_owner_type: grant.resource_owner_type,
-      scopes: grant.scopes.to_s,
-    )
-    expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
-  end
-  it "creates token if there is a matching one but non reusable" do
-    scopes = grant.scopes
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-      reuse_access_token
-      default_scopes(*scopes)
-    end
-    FactoryBot.create(
-      :access_token,
-      application_id: client.id,
-      resource_owner_id: grant.resource_owner_id,
-      resource_owner_type: grant.resource_owner_type,
-      scopes: grant.scopes.to_s,
-    )
-    allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
-    expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
-  end
-  it "calls configured request callback methods" do
-    expect(Doorkeeper.configuration.before_successful_strategy_response)
-      .to receive(:call).with(subject).once
-    expect(Doorkeeper.configuration.after_successful_strategy_response)
-      .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
-    subject.authorize
-  end
-  context "when redirect_uri contains some query params" do
-    let(:redirect_uri) { client.redirect_uri + "?query=q" }
-    it "compares only host part with grant's redirect_uri" do
-      subject.validate
-      expect(subject.error).to eq(nil)
-    end
-  end
-  context "when redirect_uri is not an URI" do
-    let(:redirect_uri) { "123d#!s" }
-    it "responds with invalid_grant" do
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
-  end
-  context "when redirect_uri is the native one" do
-    let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
-    it "invalidates when redirect_uri of the grant is not native" do
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
-    it "validates when redirect_uri of the grant is also native" do
-      allow(grant).to receive(:redirect_uri) { redirect_uri }
-      subject.validate
-      expect(subject.error).to eq(nil)
-    end
-  end
-end