RubyGems - doorkeeper-mongodb - Versions diffs - 5.3.0 → 5.5.0 - Mend

doorkeeper-mongodb 5.3.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

data/spec/lib/oauth/base_request_spec.rb DELETED Viewed

@@ -1,210 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::BaseRequest do
-  subject do
-    described_class.new
-  end
-  let(:access_token) do
-    double :access_token,
-           plaintext_token: "some-token",
-           expires_in: "3600",
-           expires_in_seconds: "300",
-           scopes_string: "two scopes",
-           plaintext_refresh_token: "some-refresh-token",
-           token_type: "bearer",
-           created_at: 0
-  end
-  let(:client) { double :client, id: "1" }
-  let(:scopes_array) { %w[public write] }
-  let(:server) do
-    double :server,
-           access_token_expires_in: 100,
-           custom_access_token_expires_in: ->(_context) { nil },
-           refresh_token_enabled?: false
-  end
-  before do
-    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-  end
-  describe "#authorize" do
-    before do
-      allow(subject).to receive(:access_token).and_return(access_token)
-    end
-    it "validates itself" do
-      expect(subject).to receive(:validate).once
-      subject.authorize
-    end
-    context "when valid" do
-      before do
-        allow(subject).to receive(:valid?).and_return(true)
-      end
-      it "calls callback methods" do
-        expect(subject).to receive(:before_successful_response).once
-        expect(subject).to receive(:after_successful_response).once
-        subject.authorize
-      end
-      it "returns a TokenResponse object" do
-        result = subject.authorize
-        expect(result).to be_an_instance_of(Doorkeeper::OAuth::TokenResponse)
-        expect(result.body).to eq(
-          Doorkeeper::OAuth::TokenResponse.new(access_token).body,
-        )
-      end
-    end
-    context "when invalid" do
-      context "with error other than invalid_request" do
-        before do
-          allow(subject).to receive(:valid?).and_return(false)
-          allow(subject).to receive(:error).and_return(:server_error)
-          allow(subject).to receive(:state).and_return("hello")
-        end
-        it "returns an ErrorResponse object" do
-          result = subject.authorize
-          expect(result).to be_an_instance_of(Doorkeeper::OAuth::ErrorResponse)
-          expect(result.body).to eq(
-            error: :server_error,
-            error_description: translated_error_message(:server_error),
-            state: "hello",
-          )
-        end
-      end
-      context "with invalid_request error" do
-        before do
-          allow(subject).to receive(:valid?).and_return(false)
-          allow(subject).to receive(:error).and_return(:invalid_request)
-          allow(subject).to receive(:state).and_return("hello")
-        end
-        it "returns an InvalidRequestResponse object" do
-          result = subject.authorize
-          expect(result).to be_an_instance_of(Doorkeeper::OAuth::InvalidRequestResponse)
-          expect(result.body).to eq(
-            error: :invalid_request,
-            error_description: translated_invalid_request_error_message(:unknown, :unknown),
-            state: "hello",
-          )
-        end
-      end
-    end
-  end
-  describe "#default_scopes" do
-    it "delegates to the server" do
-      expect(subject).to receive(:server).and_return(server).once
-      expect(server).to receive(:default_scopes).once
-      subject.default_scopes
-    end
-  end
-  describe "#find_or_create_access_token" do
-    let(:resource_owner) { FactoryBot.build_stubbed(:resource_owner) }
-    it "returns an instance of AccessToken" do
-      result = subject.find_or_create_access_token(
-        client,
-        resource_owner,
-        "public",
-        server,
-      )
-      expect(result).to be_an_instance_of(Doorkeeper::AccessToken)
-    end
-    it "respects custom_access_token_expires_in" do
-      server = double(
-        :server,
-        access_token_expires_in: 100,
-        custom_access_token_expires_in: ->(context) { context.scopes == "public" ? 500 : nil },
-        refresh_token_enabled?: false,
-      )
-      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-      result = subject.find_or_create_access_token(
-        client,
-        resource_owner,
-        "public",
-        server,
-      )
-      expect(result.expires_in).to be(500)
-    end
-    it "respects use_refresh_token with a block" do
-      server = double(
-        :server,
-        access_token_expires_in: 100,
-        custom_access_token_expires_in: ->(_context) { nil },
-        refresh_token_enabled?: lambda { |context|
-          context.scopes == "public"
-        },
-      )
-      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-      result = subject.find_or_create_access_token(
-        client,
-        resource_owner,
-        "public",
-        server,
-      )
-      expect(result.refresh_token).not_to be_nil
-      result = subject.find_or_create_access_token(
-        client,
-        resource_owner,
-        "private",
-        server,
-      )
-      expect(result.refresh_token).to be_nil
-    end
-  end
-  describe "#scopes" do
-    context "when @original_scopes is present" do
-      before do
-        subject.instance_variable_set(:@original_scopes, "public write")
-      end
-      it "returns array of @original_scopes" do
-        result = subject.scopes
-        expect(result).to eq(scopes_array)
-      end
-    end
-    context "when @original_scopes is blank" do
-      before do
-        subject.instance_variable_set(:@original_scopes, "")
-      end
-      it "calls #default_scopes" do
-        allow(subject).to receive(:server).and_return(server).once
-        allow(server).to receive(:default_scopes).and_return(scopes_array).once
-        result = subject.scopes
-        expect(result).to eq(scopes_array)
-      end
-    end
-  end
-end

data/spec/lib/oauth/base_response_spec.rb DELETED Viewed

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::BaseResponse do
-  subject do
-    described_class.new
-  end
-  describe "#body" do
-    it "returns an empty Hash" do
-      expect(subject.body).to eq({})
-    end
-  end
-  describe "#description" do
-    it "returns an empty String" do
-      expect(subject.description).to eq("")
-    end
-  end
-  describe "#headers" do
-    it "returns an empty Hash" do
-      expect(subject.headers).to eq({})
-    end
-  end
-  describe "#redirectable?" do
-    it "returns false" do
-      expect(subject.redirectable?).to eq(false)
-    end
-  end
-  describe "#redirect_uri" do
-    it "returns an empty String" do
-      expect(subject.redirect_uri).to eq("")
-    end
-  end
-  describe "#status" do
-    it "returns :ok" do
-      expect(subject.status).to eq(:ok)
-    end
-  end
-end

data/spec/lib/oauth/client/credentials_spec.rb DELETED Viewed

@@ -1,90 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-class Doorkeeper::OAuth::Client
-  describe Credentials do
-    let(:client_id) { "some-uid" }
-    let(:client_secret) { "some-secret" }
-    it "is blank when the uid in credentials is blank" do
-      expect(described_class.new(nil, nil)).to be_blank
-      expect(described_class.new(nil, "something")).to be_blank
-      expect(described_class.new("something", nil)).to be_present
-      expect(described_class.new("something", "something")).to be_present
-    end
-    describe ".from_request" do
-      let(:request) { double.as_null_object }
-      let(:method) do
-        ->(_request) { %w[uid secret] }
-      end
-      it "accepts anything that responds to #call" do
-        expect(method).to receive(:call).with(request)
-        described_class.from_request request, method
-      end
-      it "delegates methods received as symbols to Credentials class" do
-        expect(described_class).to receive(:from_params).with(request)
-        described_class.from_request request, :from_params
-      end
-      it "stops at the first credentials found" do
-        not_called_method = double
-        expect(not_called_method).not_to receive(:call)
-        described_class.from_request request, ->(_) {}, method, not_called_method
-      end
-      it "returns new Credentials" do
-        credentials = described_class.from_request request, method
-        expect(credentials).to be_a(described_class)
-      end
-      it "returns uid and secret from extractor method" do
-        credentials = described_class.from_request request, method
-        expect(credentials.uid).to    eq("uid")
-        expect(credentials.secret).to eq("secret")
-      end
-    end
-    describe ".from_params" do
-      it "returns credentials from parameters when Authorization header is not available" do
-        request = double parameters: { client_id: client_id, client_secret: client_secret }
-        uid, secret = described_class.from_params(request)
-        expect(uid).to eq("some-uid")
-        expect(secret).to eq("some-secret")
-      end
-      it "is blank when there are no credentials" do
-        request = double parameters: {}
-        uid, secret = described_class.from_params(request)
-        expect(uid).to be_blank
-        expect(secret).to be_blank
-      end
-    end
-    describe ".from_basic" do
-      let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
-      it "decodes the credentials" do
-        request = double authorization: "Basic #{credentials}"
-        uid, secret = described_class.from_basic(request)
-        expect(uid).to eq("some-uid")
-        expect(secret).to eq("some-secret")
-      end
-      it "is blank if Authorization is not Basic" do
-        request = double authorization: credentials.to_s
-        uid, secret = described_class.from_basic(request)
-        expect(uid).to be_blank
-        expect(secret).to be_blank
-      end
-    end
-  end
-end

data/spec/lib/oauth/client_credentials/creator_spec.rb DELETED Viewed

@@ -1,135 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::ClientCredentials::Creator do
-  let(:client) { FactoryBot.create :application }
-  let(:scopes) { Doorkeeper::OAuth::Scopes.from_string("public") }
-  before do
-    default_scopes_exist :public
-  end
-  it "creates a new token" do
-    expect do
-      subject.call(client, scopes)
-    end.to change { Doorkeeper::AccessToken.count }.by(1)
-  end
-  context "when reuse_access_token is true" do
-    before do
-      allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(true)
-    end
-    context "when expiration is disabled" do
-      it "returns the existing valid token" do
-        existing_token = subject.call(client, scopes)
-        result = subject.call(client, scopes)
-        expect(Doorkeeper::AccessToken.count).to eq(1)
-        expect(result).to eq(existing_token)
-      end
-    end
-    context "when existing token has not crossed token_reuse_limit" do
-      let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
-      before do
-        allow(Doorkeeper.config).to receive(:token_reuse_limit).and_return(50)
-        allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(600)
-      end
-      it "returns the existing valid token" do
-        result = subject.call(client, scopes, expires_in: 1000)
-        expect(Doorkeeper::AccessToken.count).to eq(1)
-        expect(result).to eq(existing_token)
-      end
-      context "when revoke_previous_client_credentials_token is false" do
-        before do
-          allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token).and_return(false)
-        end
-        it "does not revoke the existing valid token" do
-          subject.call(client, scopes, expires_in: 1000)
-          expect(existing_token.reload).not_to be_revoked
-        end
-      end
-    end
-    context "when existing token has crossed token_reuse_limit" do
-      it "returns a new token" do
-        allow(Doorkeeper.config).to receive(:token_reuse_limit).and_return(50)
-        existing_token = subject.call(client, scopes, expires_in: 1000)
-        allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(400)
-        result = subject.call(client, scopes, expires_in: 1000)
-        expect(Doorkeeper::AccessToken.count).to eq(2)
-        expect(result).not_to eq(existing_token)
-      end
-    end
-    context "when existing token has been expired" do
-      it "returns a new token" do
-        allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
-        existing_token = subject.call(client, scopes, expires_in: 1000)
-        allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expired?).and_return(true)
-        result = subject.call(client, scopes, expires_in: 1000)
-        expect(Doorkeeper::AccessToken.count).to eq(2)
-        expect(result).not_to eq(existing_token)
-      end
-    end
-  end
-  context "when reuse_access_token is false" do
-    before do
-      allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(false)
-    end
-    it "returns a new token" do
-      existing_token = subject.call(client, scopes)
-      result = subject.call(client, scopes)
-      expect(Doorkeeper::AccessToken.count).to eq(2)
-      expect(result).not_to eq(existing_token)
-    end
-  end
-  context "when revoke_previous_client_credentials_token is true" do
-    let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
-    before do
-      allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token?).and_return(true)
-    end
-    it "revokes the existing token" do
-      subject.call(client, scopes, expires_in: 1000)
-      expect(existing_token.reload).to be_revoked
-    end
-  end
-  context "when revoke_previous_client_credentials_token is false" do
-    let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
-    before do
-      allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token?).and_return(false)
-    end
-    it "does not revoke the existing token" do
-      subject.call(client, scopes, expires_in: 1000)
-      expect(existing_token.reload).not_to be_revoked
-    end
-  end
-  it "returns false if creation fails" do
-    expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
-    created = subject.call(client, scopes)
-    expect(created).to be_falsey
-  end
-end

data/spec/lib/oauth/client_credentials/issuer_spec.rb DELETED Viewed

@@ -1,110 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::ClientCredentials::Issuer do
-  subject { described_class.new(server, validator) }
-  let(:creator) { double :access_token_creator }
-  let(:server) do
-    double(
-      :server,
-      access_token_expires_in: 100,
-    )
-  end
-  let(:validator) { double :validator, valid?: true }
-  before do
-    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
-  end
-  describe "#create" do
-    let(:client) { double :client, id: "some-id" }
-    let(:scopes) { "some scope" }
-    it "creates and sets the token" do
-      expect(creator).to receive(:call).and_return("token")
-      subject.create client, scopes, creator
-      expect(subject.token).to eq("token")
-    end
-    it "creates with correct token parameters" do
-      expect(creator).to receive(:call).with(
-        client,
-        scopes,
-        expires_in: 100,
-        use_refresh_token: false,
-      )
-      subject.create client, scopes, creator
-    end
-    it "has error set to :server_error if creator fails" do
-      expect(creator).to receive(:call).and_return(false)
-      subject.create client, scopes, creator
-      expect(subject.error).to eq(:server_error)
-    end
-    context "when validator fails" do
-      before do
-        allow(validator).to receive(:valid?).and_return(false)
-        allow(validator).to receive(:error).and_return(:validation_error)
-      end
-      it "has error set from validator" do
-        expect(creator).not_to receive(:create)
-        subject.create client, scopes, creator
-        expect(subject.error).to eq(:validation_error)
-      end
-      it "returns false" do
-        expect(subject.create(client, scopes, creator)).to be_falsey
-      end
-    end
-    context "with custom expiration" do
-      let(:custom_ttl_grant) { 1234 }
-      let(:custom_ttl_scope) { 1235 }
-      let(:custom_scope) { "special" }
-      let(:server) do
-        double(
-          :server,
-          custom_access_token_expires_in: lambda { |context|
-            # scopes is normally an object but is a string in this test
-            if context.scopes == custom_scope
-              custom_ttl_scope
-            elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
-              custom_ttl_grant
-            end
-          },
-        )
-      end
-      before do
-        allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-      end
-      it "respects grant based rules" do
-        expect(creator).to receive(:call).with(
-          client,
-          scopes,
-          expires_in: custom_ttl_grant,
-          use_refresh_token: false,
-        )
-        subject.create client, scopes, creator
-      end
-      it "respects scope based rules" do
-        expect(creator).to receive(:call).with(
-          client,
-          custom_scope,
-          expires_in: custom_ttl_scope,
-          use_refresh_token: false,
-        )
-        subject.create client, custom_scope, creator
-      end
-    end
-  end
-end

data/spec/lib/oauth/client_credentials/validation_spec.rb DELETED Viewed

@@ -1,92 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::ClientCredentials::Validator do
-  subject { described_class.new(server, request) }
-  let(:server)      { double :server, scopes: nil }
-  let(:application) { double scopes: nil }
-  let(:client)      { double application: application }
-  let(:request)     { double :request, client: client, scopes: nil }
-  it "is valid with valid request" do
-    expect(subject).to be_valid
-  end
-  it "is invalid when client is not present" do
-    allow(request).to receive(:client).and_return(nil)
-    expect(subject).not_to be_valid
-  end
-  context "when a grant flow check is configured" do
-    let(:callback) { double("callback") }
-    before do
-      allow(Doorkeeper.config).to receive(:option_defined?).with(:allow_grant_flow_for_client).and_return(true)
-      allow(Doorkeeper.config).to receive(:allow_grant_flow_for_client).and_return(callback)
-    end
-    context "when the callback rejects the grant flow" do
-      let(:callback_response) { false }
-      it "is invalid" do
-        expect(callback).to receive(:call).twice.with(
-          Doorkeeper::OAuth::CLIENT_CREDENTIALS,
-          application,
-        ).and_return(callback_response)
-        expect(subject).not_to be_valid
-      end
-    end
-    context "when the callback allows the grant flow" do
-      let(:callback_response) { true }
-      it "is invalid" do
-        expect(callback).to receive(:call).twice.with(
-          Doorkeeper::OAuth::CLIENT_CREDENTIALS,
-          application,
-        ).and_return(callback_response)
-        expect(subject).to be_valid
-      end
-    end
-  end
-  context "with scopes" do
-    it "is invalid when scopes are not included in the server" do
-      server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
-      allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
-      allow(server).to receive(:scopes).and_return(server_scopes)
-      allow(request).to receive(:scopes).and_return(
-        Doorkeeper::OAuth::Scopes.from_string("invalid"),
-      )
-      expect(subject).not_to be_valid
-    end
-    context "with application scopes" do
-      it "is valid when scopes are included in the application" do
-        application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
-        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
-        allow(application).to receive(:scopes).and_return(application_scopes)
-        allow(server).to receive(:scopes).and_return(server_scopes)
-        allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
-        allow(request).to receive(:scopes).and_return(application_scopes)
-        expect(subject).to be_valid
-      end
-      it "is invalid when scopes are not included in the application" do
-        application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
-        server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
-        allow(application).to receive(:scopes).and_return(application_scopes)
-        allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
-        allow(server).to receive(:scopes).and_return(server_scopes)
-        allow(request).to receive(:scopes).and_return(
-          Doorkeeper::OAuth::Scopes.from_string("email"),
-        )
-        expect(subject).not_to be_valid
-      end
-    end
-  end
-end