doorkeeper-mongodb 5.3.0 → 5.5.0

data/spec/lib/oauth/client_credentials_integration_spec.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::ClientCredentialsRequest do
-  let(:server) { Doorkeeper.configuration }
-
-  context "with a valid request" do
-    let(:client) { Doorkeeper::OAuth::Client.new(FactoryBot.build_stubbed(:application)) }
-
-    it "issues an access token" do
-      request = described_class.new(server, client, {})
-      expect do
-        request.authorize
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-    end
-  end
-
-  describe "with an invalid request" do
-    it "does not issue an access token" do
-      request = described_class.new(server, nil, {})
-      expect do
-        request.authorize
-      end.not_to(change { Doorkeeper::AccessToken.count })
-    end
-  end
-end

data/spec/lib/oauth/client_credentials_request_spec.rb

@@ -1,105 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::ClientCredentialsRequest do
-  subject { described_class.new(server, client) }
-
-  let(:server) do
-    double(
-      default_scopes: nil,
-      access_token_expires_in: 2.hours,
-      custom_access_token_expires_in: ->(_context) { nil },
-    )
-  end
-
-  let(:application)   { FactoryBot.create(:application, scopes: "") }
-  let(:client)        { double :client, application: application, scopes: "" }
-  let(:token_creator) { double :issuer, create: true, token: double }
-
-  before do
-    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-    allow(subject).to receive(:issuer).and_return(token_creator)
-  end
-
-  it "issues an access token for the current client" do
-    expect(token_creator).to receive(:create).with(client, nil)
-    subject.authorize
-  end
-
-  it "has successful response when issue was created" do
-    subject.authorize
-    expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
-  end
-
-  context "when issue was not created" do
-    before do
-      issuer = double create: false, error: :invalid
-      allow(subject).to receive(:issuer).and_return(issuer)
-    end
-
-    it "has an error response" do
-      subject.authorize
-      expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
-    end
-
-    it "delegates the error to issuer" do
-      subject.authorize
-      expect(subject.error).to eq(:invalid)
-    end
-  end
-
-  context "with scopes" do
-    let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
-
-    before do
-      allow(server).to receive(:default_scopes).and_return(default_scopes)
-    end
-
-    it "issues an access token with default scopes if none was requested" do
-      expect(token_creator).to receive(:create).with(client, default_scopes)
-      subject.authorize
-    end
-
-    it "issues an access token with requested scopes" do
-      subject = described_class.new(server, client, scope: "email")
-      allow(subject).to receive(:issuer).and_return(token_creator)
-      expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
-      subject.authorize
-    end
-  end
-
-  context "with restricted client" do
-    let(:default_scopes) do
-      Doorkeeper::OAuth::Scopes.from_string("public email")
-    end
-    let(:server_scopes) do
-      Doorkeeper::OAuth::Scopes.from_string("public email phone")
-    end
-    let(:client_scopes) do
-      Doorkeeper::OAuth::Scopes.from_string("public phone")
-    end
-
-    before do
-      allow(server).to receive(:default_scopes).and_return(default_scopes)
-      allow(server).to receive(:scopes).and_return(server_scopes)
-      allow(server).to receive(:access_token_expires_in).and_return(100)
-      allow(application).to receive(:scopes).and_return(client_scopes)
-      allow(client).to receive(:id).and_return(nil)
-    end
-
-    it "delegates the error to issuer if no scope was requested" do
-      subject = described_class.new(server, client)
-      subject.authorize
-      expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
-      expect(subject.error).to eq(:invalid_scope)
-    end
-
-    it "issues an access token with requested scopes" do
-      subject = described_class.new(server, client, scope: "phone")
-      subject.authorize
-      expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
-      expect(subject.response.token.scopes_string).to eq("phone")
-    end
-  end
-end

data/spec/lib/oauth/client_spec.rb

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::Client do
-  describe ".find" do
-    let(:method) { double }
-
-    it "finds the client via uid" do
-      client = double
-      expect(method).to receive(:call).with("uid").and_return(client)
-      expect(described_class.find("uid", method))
-        .to be_a(described_class)
-    end
-
-    it "returns nil if client was not found" do
-      expect(method).to receive(:call).with("uid").and_return(nil)
-      expect(described_class.find("uid", method)).to be_nil
-    end
-  end
-
-  describe ".authenticate" do
-    it "returns the authenticated client via credentials" do
-      credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
-      authenticator = double
-      expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
-      expect(described_class.authenticate(credentials, authenticator))
-        .to be_a(described_class)
-    end
-
-    it "returns nil if client was not authenticated" do
-      credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
-      authenticator = double
-      expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
-      expect(described_class.authenticate(credentials, authenticator)).to be_nil
-    end
-  end
-end

data/spec/lib/oauth/code_request_spec.rb

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::CodeRequest do
-  subject do
-    described_class.new(pre_auth, owner)
-  end
-
-  let(:pre_auth) do
-    server = Doorkeeper.configuration
-    allow(server)
-      .to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
-    allow(server)
-      .to receive(:grant_flows).and_return(Doorkeeper::OAuth::Scopes.from_string("authorization_code"))
-
-    application = FactoryBot.create(:application, scopes: "public")
-    client = Doorkeeper::OAuth::Client.new(application)
-
-    attributes = {
-      client_id: client.uid,
-      response_type: "code",
-      redirect_uri: "https://app.com/callback",
-    }
-
-    pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
-    pre_auth.authorizable?
-    pre_auth
-  end
-
-  let(:owner) { FactoryBot.create(:resource_owner) }
-
-  context "when pre_auth is authorized" do
-    it "creates an access grant and returns a code response" do
-      expect { subject.authorize }.to change { Doorkeeper::AccessGrant.count }.by(1)
-      expect(subject.authorize).to be_a(Doorkeeper::OAuth::CodeResponse)
-    end
-  end
-
-  context "when pre_auth is denied" do
-    it "does not create access grant and returns a error response" do
-      expect { subject.deny }.not_to(change { Doorkeeper::AccessGrant.count })
-      expect(subject.deny).to be_a(Doorkeeper::OAuth::ErrorResponse)
-    end
-  end
-end

data/spec/lib/oauth/code_response_spec.rb

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::CodeResponse do
-  describe "#redirect_uri" do
-    context "when generating the redirect URI for an implicit grant" do
-      subject { described_class.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
-
-      let :pre_auth do
-        double(
-          :pre_auth,
-          client: double(:application, id: 1),
-          redirect_uri: "http://tst.com/cb",
-          state: nil,
-          scopes: Doorkeeper::OAuth::Scopes.from_string("public"),
-        )
-      end
-
-      let :owner do
-        FactoryBot.create(:resource_owner)
-      end
-
-      let :auth do
-        Doorkeeper::OAuth::Authorization::Token.new(pre_auth, owner).tap do |c|
-          c.issue_token!
-          allow(c.token).to receive(:expires_in_seconds).and_return(3600)
-        end
-      end
-
-      it "includes the remaining TTL of the token relative to the time the token was generated" do
-        expect(subject).to include("expires_in=3600")
-      end
-    end
-  end
-end

data/spec/lib/oauth/error_response_spec.rb

@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::ErrorResponse do
-  describe "#status" do
-    it "has a status of bad_request" do
-      expect(subject.status).to eq(:bad_request)
-    end
-
-    it "has a status of unauthorized for an invalid_client error" do
-      subject = described_class.new(name: :invalid_client)
-
-      expect(subject.status).to eq(:unauthorized)
-    end
-  end
-
-  describe ".from_request" do
-    it "has the error from request" do
-      error = described_class.from_request double(error: :some_error)
-      expect(error.name).to eq(:some_error)
-    end
-
-    it "ignores state if request does not respond to state" do
-      error = described_class.from_request double(error: :some_error)
-      expect(error.state).to be_nil
-    end
-
-    it "has state if request responds to state" do
-      error = described_class.from_request double(error: :some_error, state: :hello)
-      expect(error.state).to eq(:hello)
-    end
-  end
-
-  it "ignores empty error values" do
-    subject = described_class.new(error: :some_error, state: nil)
-    expect(subject.body).not_to have_key(:state)
-  end
-
-  describe ".body" do
-    subject { described_class.new(name: :some_error, state: :some_state).body }
-
-    describe "#body" do
-      it { expect(subject).to have_key(:error) }
-      it { expect(subject).to have_key(:error_description) }
-      it { expect(subject).to have_key(:state) }
-    end
-  end
-
-  describe ".headers" do
-    subject { error_response.headers }
-
-    let(:error_response) { described_class.new(name: :some_error, state: :some_state) }
-
-    it { expect(subject).to include "WWW-Authenticate" }
-
-    describe "WWW-Authenticate header" do
-      subject { error_response.headers["WWW-Authenticate"] }
-
-      it { expect(subject).to include("realm=\"#{error_response.send(:realm)}\"") }
-      it { expect(subject).to include("error=\"#{error_response.name}\"") }
-      it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
-    end
-  end
-end

data/spec/lib/oauth/error_spec.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::Error do
-  subject(:error) { described_class.new(:some_error, :some_state) }
-
-  it { expect(subject).to respond_to(:name) }
-  it { expect(subject).to respond_to(:state) }
-
-  describe "#description" do
-    it "is translated from translation messages" do
-      expect(I18n).to receive(:translate).with(
-        :some_error,
-        scope: %i[doorkeeper errors messages],
-        default: :server_error,
-      )
-      error.description
-    end
-  end
-end

data/spec/lib/oauth/forbidden_token_response_spec.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Doorkeeper::OAuth::ForbiddenTokenResponse do
-  describe "#name" do
-    it { expect(subject.name).to eq(:invalid_scope) }
-  end
-
-  describe "#status" do
-    it { expect(subject.status).to eq(:forbidden) }
-  end
-
-  describe ".from_scopes" do
-    it "have a list of acceptable scopes" do
-      response = described_class.from_scopes(["public"])
-      expect(response.description).to include("public")
-    end
-  end
-end

data/spec/lib/oauth/helpers/scope_checker_spec.rb

@@ -1,110 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-module Doorkeeper::OAuth::Helpers
-  describe ScopeChecker, ".valid?" do
-    let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
-
-    it "is valid if scope is present" do
-      server_scopes.add :scope
-      expect(described_class).to be_valid(scope_str: "scope", server_scopes: server_scopes)
-    end
-
-    it "is invalid if includes tabs space" do
-      expect(described_class).not_to be_valid(scope_str: "\tsomething", server_scopes: server_scopes)
-    end
-
-    it "is invalid if scope is not present" do
-      expect(described_class).not_to be_valid(scope_str: nil, server_scopes: server_scopes)
-    end
-
-    it "is invalid if scope is blank" do
-      expect(described_class).not_to be_valid(scope_str: " ", server_scopes: server_scopes)
-    end
-
-    it "is invalid if includes return space" do
-      expect(described_class).not_to be_valid(scope_str: "scope\r", server_scopes: server_scopes)
-    end
-
-    it "is invalid if includes new lines" do
-      expect(described_class).not_to be_valid(scope_str: "scope\nanother", server_scopes: server_scopes)
-    end
-
-    it "is invalid if any scope is not included in server scopes" do
-      expect(described_class).not_to be_valid(scope_str: "scope another", server_scopes: server_scopes)
-    end
-
-    context "with application_scopes" do
-      let(:server_scopes) do
-        Doorkeeper::OAuth::Scopes.from_string "common svr"
-      end
-      let(:application_scopes) do
-        Doorkeeper::OAuth::Scopes.from_string "app123"
-      end
-
-      it "is valid if scope is included in the application scope list" do
-        expect(described_class).to be_valid(
-          scope_str: "app123",
-          server_scopes: server_scopes,
-          app_scopes: application_scopes,
-        )
-      end
-
-      it "is invalid if any scope is not included in the application" do
-        expect(described_class).not_to be_valid(
-          scope_str: "svr",
-          server_scopes: server_scopes,
-          app_scopes: application_scopes,
-        )
-      end
-    end
-
-    context "with grant_type" do
-      let(:server_scopes) do
-        Doorkeeper::OAuth::Scopes.from_string "scope1 scope2"
-      end
-
-      context "with scopes_by_grant_type not configured for grant_type" do
-        it "is valid if the scope is in server scopes" do
-          expect(described_class).to be_valid(
-            scope_str: "scope1",
-            server_scopes: server_scopes,
-            grant_type: Doorkeeper::OAuth::PASSWORD,
-          )
-        end
-
-        it "is invalid if the scope is not in server scopes" do
-          expect(described_class).not_to be_valid(
-            scope_str: "unknown",
-            server_scopes: server_scopes,
-            grant_type: Doorkeeper::OAuth::PASSWORD,
-          )
-        end
-      end
-
-      context "when scopes_by_grant_type configured for grant_type" do
-        before do
-          allow(Doorkeeper.configuration).to receive(:scopes_by_grant_type)
-            .and_return(password: [:scope1])
-        end
-
-        it "is valid if the scope is permitted for grant_type" do
-          expect(described_class).to be_valid(
-            scope_str: "scope1",
-            server_scopes: server_scopes,
-            grant_type: Doorkeeper::OAuth::PASSWORD,
-          )
-        end
-
-        it "is invalid if the scope is permitted for grant_type" do
-          expect(described_class).not_to be_valid(
-            scope_str: "scope2",
-            server_scopes: server_scopes,
-            grant_type: Doorkeeper::OAuth::PASSWORD,
-          )
-        end
-      end
-    end
-  end
-end

data/spec/lib/oauth/helpers/unique_token_spec.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-module Doorkeeper::OAuth::Helpers
-  describe UniqueToken do
-    let :generator do
-      ->(size) { "a" * size }
-    end
-
-    it "is able to customize the generator method" do
-      token = described_class.generate(generator: generator)
-      expect(token).to eq("a" * 32)
-    end
-
-    it "is able to customize the size of the token" do
-      token = described_class.generate(generator: generator, size: 2)
-      expect(token).to eq("aa")
-    end
-  end
-end