RubyGems - doorkeeper-mongodb - Versions diffs - 5.3.0 → 5.5.0 - Mend

doorkeeper-mongodb 5.3.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

data/spec/lib/oauth/helpers/uri_checker_spec.rb DELETED Viewed

@@ -1,262 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-module Doorkeeper::OAuth::Helpers
-  describe URIChecker do
-    describe ".valid?" do
-      it "is valid for valid uris" do
-        uri = "http://app.co"
-        expect(described_class).to be_valid(uri)
-      end
-      it "is valid if include path param" do
-        uri = "http://app.co/path"
-        expect(described_class).to be_valid(uri)
-      end
-      it "is valid if include query param" do
-        uri = "http://app.co/?query=1"
-        expect(described_class).to be_valid(uri)
-      end
-      it "is invalid if uri includes fragment" do
-        uri = "http://app.co/test#fragment"
-        expect(described_class).not_to be_valid(uri)
-      end
-      it "is invalid if scheme is missing" do
-        uri = "app.co"
-        expect(described_class).not_to be_valid(uri)
-      end
-      it "is invalid if is a relative uri" do
-        uri = "/abc/123"
-        expect(described_class).not_to be_valid(uri)
-      end
-      it "is invalid if is not a url" do
-        uri = "http://"
-        expect(described_class).not_to be_valid(uri)
-      end
-      it "is invalid if localhost is resolved as as scheme (no scheme specified)" do
-        uri = "localhost:8080"
-        expect(described_class).not_to be_valid(uri)
-      end
-      it "is invalid if scheme is missing #2" do
-        uri = "app.co:80"
-        expect(described_class).not_to be_valid(uri)
-      end
-      it "is invalid if is not an uri" do
-        uri = "   "
-        expect(described_class).not_to be_valid(uri)
-      end
-      it "is valid for custom schemes" do
-        uri = "com.example.app:/test"
-        expect(described_class).to be_valid(uri)
-      end
-      it "is valid for custom schemes with authority marker (common misconfiguration)" do
-        uri = "com.example.app://test"
-        expect(described_class).to be_valid(uri)
-      end
-    end
-    describe ".matches?" do
-      it "is true if both url matches" do
-        uri = client_uri = "http://app.co/aaa"
-        expect(described_class).to be_matches(uri, client_uri)
-      end
-      it "ignores query parameter on comparison" do
-        uri = "http://app.co/?query=hello"
-        client_uri = "http://app.co"
-        expect(described_class).to be_matches(uri, client_uri)
-      end
-      it "doesn't allow non-matching domains through" do
-        uri = "http://app.abc/?query=hello"
-        client_uri = "http://app.co"
-        expect(described_class).not_to be_matches(uri, client_uri)
-      end
-      it "doesn't allow non-matching domains that don't start at the beginning" do
-        uri = "http://app.co/?query=hello"
-        client_uri = "http://example.com?app.co=test"
-        expect(described_class).not_to be_matches(uri, client_uri)
-      end
-      context "when loopback IP redirect URIs" do
-        it "ignores port for same URIs" do
-          uri = "http://127.0.0.1:5555/auth/callback"
-          client_uri = "http://127.0.0.1:48599/auth/callback"
-          expect(described_class).to be_matches(uri, client_uri)
-          uri = "http://[::1]:5555/auth/callback"
-          client_uri = "http://[::1]:5555/auth/callback"
-          expect(described_class).to be_matches(uri, client_uri)
-        end
-        it "doesn't ignore port for URIs with different queries" do
-          uri = "http://127.0.0.1:5555/auth/callback"
-          client_uri = "http://127.0.0.1:48599/auth/callback2"
-          expect(described_class).not_to be_matches(uri, client_uri)
-        end
-      end
-      context "when client registered query params" do
-        it "doesn't allow query being absent" do
-          uri = "http://app.co"
-          client_uri = "http://app.co/?vendorId=AJ4L7XXW9"
-          expect(described_class).not_to be_matches(uri, client_uri)
-        end
-        it "is false if query values differ but key same" do
-          uri = "http://app.co/?vendorId=pancakes"
-          client_uri = "http://app.co/?vendorId=waffles"
-          expect(described_class).not_to be_matches(uri, client_uri)
-        end
-        it "is false if query values same but key differs" do
-          uri = "http://app.co/?foo=pancakes"
-          client_uri = "http://app.co/?bar=pancakes"
-          expect(described_class).not_to be_matches(uri, client_uri)
-        end
-        it "is false if query present and match, but unknown queries present" do
-          uri = "http://app.co/?vendorId=pancakes&unknown=query"
-          client_uri = "http://app.co/?vendorId=waffles"
-          expect(described_class).not_to be_matches(uri, client_uri)
-        end
-        it "is true if queries are present and matche" do
-          uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
-          client_uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
-          expect(described_class).to be_matches(uri, client_uri)
-        end
-        it "is true if queries are present, match and in different order" do
-          uri = "http://app.co/?bing=bang&foo=bar"
-          client_uri = "http://app.co/?foo=bar&bing=bang"
-          expect(described_class).to be_matches(uri, client_uri)
-        end
-      end
-    end
-    describe ".valid_for_authorization?" do
-      it "is true if valid and matches" do
-        uri = client_uri = "http://app.co/aaa"
-        expect(described_class).to be_valid_for_authorization(uri, client_uri)
-        uri = client_uri = "http://app.co/aaa?b=c"
-        expect(described_class).to be_valid_for_authorization(uri, client_uri)
-      end
-      it "is true if uri includes blank query" do
-        uri = client_uri = "http://app.co/aaa?"
-        expect(described_class).to be_valid_for_authorization(uri, client_uri)
-        uri = "http://app.co/aaa?"
-        client_uri = "http://app.co/aaa"
-        expect(described_class).to be_valid_for_authorization(uri, client_uri)
-        uri = "http://app.co/aaa"
-        client_uri = "http://app.co/aaa?"
-        expect(described_class).to be_valid_for_authorization(uri, client_uri)
-      end
-      it "is false if valid and mismatches" do
-        uri = "http://app.co/aaa"
-        client_uri = "http://app.co/bbb"
-        expect(described_class).not_to be_valid_for_authorization(uri, client_uri)
-      end
-      it "is true if valid and included in array" do
-        uri = "http://app.co/aaa"
-        client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
-        expect(described_class).to be_valid_for_authorization(uri, client_uri)
-      end
-      it "is false if valid and not included in array" do
-        uri = "http://app.co/aaa"
-        client_uri = "http://example.com/bbb\nhttp://app.co/cc"
-        expect(described_class).not_to be_valid_for_authorization(uri, client_uri)
-      end
-      it "is false if queries does not match" do
-        uri = "http://app.co/aaa?pankcakes=abc"
-        client_uri = "http://app.co/aaa?waffles=abc"
-        expect(described_class.valid_for_authorization?(uri, client_uri)).to be false
-      end
-      it "calls .matches?" do
-        uri = "http://app.co/aaa?pankcakes=abc"
-        client_uri = "http://app.co/aaa?waffles=abc"
-        expect(described_class).to receive(:matches?).with(uri, client_uri).once
-        described_class.valid_for_authorization?(uri, client_uri)
-      end
-      it "calls .valid?" do
-        uri = "http://app.co/aaa?pankcakes=abc"
-        client_uri = "http://app.co/aaa?waffles=abc"
-        expect(described_class).to receive(:valid?).with(uri).once
-        described_class.valid_for_authorization?(uri, client_uri)
-      end
-    end
-    describe ".query_matches?" do
-      it "is true if no queries" do
-        expect(described_class).to be_query_matches("", "")
-        expect(described_class).to be_query_matches(nil, nil)
-      end
-      it "is true if same query" do
-        expect(described_class).to be_query_matches("foo", "foo")
-      end
-      it "is false if different query" do
-        expect(described_class).not_to be_query_matches("foo", "bar")
-      end
-      it "is true if same queries" do
-        expect(described_class).to be_query_matches("foo&bar", "foo&bar")
-      end
-      it "is true if same queries, different order" do
-        expect(described_class).to be_query_matches("foo&bar", "bar&foo")
-      end
-      it "is false if one different query" do
-        expect(described_class).not_to be_query_matches("foo&bang", "foo&bing")
-      end
-      it "is true if same query with same value" do
-        expect(described_class).to be_query_matches("foo=bar", "foo=bar")
-      end
-      it "is true if same queries with same values" do
-        expect(described_class).to be_query_matches("foo=bar&bing=bang", "foo=bar&bing=bang")
-      end
-      it "is true if same queries with same values, different order" do
-        expect(described_class).to be_query_matches("foo=bar&bing=bang", "bing=bang&foo=bar")
-      end
-      it "is false if same query with different value" do
-        expect(described_class).not_to be_query_matches("foo=bar", "foo=bang")
-      end
-      it "is false if some queries missing" do
-        expect(described_class).not_to be_query_matches("foo=bar", "foo=bar&bing=bang")
-      end
-      it "is false if some queries different value" do
-        expect(described_class).not_to be_query_matches("foo=bar&bing=bang", "foo=bar&bing=banana")
-      end
-    end
-  end
-end

data/spec/lib/oauth/invalid_request_response_spec.rb DELETED Viewed

@@ -1,73 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::InvalidRequestResponse do
-  describe "#name" do
-    it { expect(subject.name).to eq(:invalid_request) }
-  end
-  describe "#status" do
-    it { expect(subject.status).to eq(:bad_request) }
-  end
-  describe ".from_request" do
-    let(:response) { described_class.from_request(request) }
-    context "when param missed" do
-      let(:request) { double(missing_param: "some_param") }
-      it "sets a description" do
-        expect(response.description).to eq(
-          I18n.t(:missing_param, scope: %i[doorkeeper errors messages invalid_request], value: "some_param"),
-        )
-      end
-      it "sets the reason" do
-        expect(response.reason).to eq(:missing_param)
-      end
-    end
-    context "when server doesn't support PKCE" do
-      let(:request) { double(invalid_request_reason: :not_support_pkce) }
-      it "sets a description" do
-        expect(response.description).to eq(
-          I18n.t(:not_support_pkce, scope: %i[doorkeeper errors messages invalid_request]),
-        )
-      end
-      it "sets the reason" do
-        expect(response.reason).to eq(:not_support_pkce)
-      end
-    end
-    context "when request is not authorized" do
-      let(:request) { double(invalid_request_reason: :request_not_authorized) }
-      it "sets a description" do
-        expect(response.description).to eq(
-          I18n.t(:request_not_authorized, scope: %i[doorkeeper errors messages invalid_request]),
-        )
-      end
-      it "sets the reason" do
-        expect(response.reason).to eq(:request_not_authorized)
-      end
-    end
-    context "when unknown reason" do
-      let(:request) { double(invalid_request_reason: :unknown_reason) }
-      it "sets a description" do
-        expect(response.description).to eq(
-          I18n.t(:unknown, scope: %i[doorkeeper errors messages invalid_request]),
-        )
-      end
-      it "sets the reason to unknown" do
-        expect(response.reason).to eq(:unknown_reason)
-      end
-    end
-  end
-end

data/spec/lib/oauth/invalid_token_response_spec.rb DELETED Viewed

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::InvalidTokenResponse do
-  describe "#name" do
-    it { expect(subject.name).to eq(:invalid_token) }
-  end
-  describe "#status" do
-    it { expect(subject.status).to eq(:unauthorized) }
-  end
-  describe ".from_access_token" do
-    let(:response) { described_class.from_access_token(access_token) }
-    context "when token revoked" do
-      let(:access_token) { double(revoked?: true, expired?: true) }
-      it "sets a description" do
-        expect(response.description).to include("revoked")
-      end
-      it "sets the reason" do
-        expect(response.reason).to eq(:revoked)
-      end
-    end
-    context "when token expired" do
-      let(:access_token) { double(revoked?: false, expired?: true) }
-      it "sets a description" do
-        expect(response.description).to include("expired")
-      end
-      it "sets the reason" do
-        expect(response.reason).to eq(:expired)
-      end
-    end
-    context "when unknown" do
-      let(:access_token) { double(revoked?: false, expired?: false) }
-      it "sets a description" do
-        expect(response.description).to include("invalid")
-      end
-      it "sets the reason" do
-        expect(response.reason).to eq(:unknown)
-      end
-    end
-  end
-end

data/spec/lib/oauth/password_access_token_request_spec.rb DELETED Viewed

@@ -1,202 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
-  subject do
-    described_class.new(server, client, owner)
-  end
-  let(:server) do
-    double(
-      :server,
-      default_scopes: Doorkeeper::OAuth::Scopes.new,
-      access_token_expires_in: 2.hours,
-      refresh_token_enabled?: false,
-      custom_access_token_expires_in: lambda { |context|
-        context.grant_type == Doorkeeper::OAuth::PASSWORD ? 1234 : nil
-      },
-    )
-  end
-  let(:client) { Doorkeeper::OAuth::Client.new(FactoryBot.create(:application)) }
-  let(:application) { client.application }
-  let(:owner) { FactoryBot.build_stubbed(:resource_owner) }
-  before do
-    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-  end
-  it "issues a new token for the client" do
-    expect do
-      subject.authorize
-    end.to change { application.reload.access_tokens.count }.by(1)
-    expect(application.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
-  end
-  it "issues a new token without a client" do
-    subject = described_class.new(server, nil, owner)
-    expect(subject).to be_valid
-    expect do
-      subject.authorize
-    end.to change { Doorkeeper::AccessToken.count }.by(1)
-  end
-  it "does not issue a new token with an invalid client" do
-    subject = described_class.new(server, nil, owner, { client_id: "bad_id" })
-    expect do
-      subject.authorize
-    end.not_to(change { Doorkeeper::AccessToken.count })
-    expect(subject.error).to eq(:invalid_client)
-  end
-  it "requires the owner" do
-    subject = described_class.new(server, client, nil)
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-  it "creates token even when there is already one (default)" do
-    FactoryBot.create(
-      :access_token,
-      application_id: client.id,
-      resource_owner_id: owner.id,
-      resource_owner_type: owner.class.name,
-    )
-    expect do
-      subject.authorize
-    end.to change { Doorkeeper::AccessToken.count }.by(1)
-  end
-  it "skips token creation if there is already one reusable" do
-    allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-    FactoryBot.create(
-      :access_token,
-      application_id: client.id,
-      resource_owner_id: owner.id,
-      resource_owner_type: owner.class.name,
-    )
-    expect do
-      subject.authorize
-    end.not_to(change { Doorkeeper::AccessToken.count })
-  end
-  it "creates token when there is already one but non reusable" do
-    allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-    FactoryBot.create(
-      :access_token,
-      application_id: client.id,
-      resource_owner_id: owner.id,
-      resource_owner_type: owner.class.name,
-    )
-    allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
-    expect do
-      subject.authorize
-    end.to change { Doorkeeper::AccessToken.count }.by(1)
-  end
-  it "calls configured request callback methods" do
-    expect(Doorkeeper.configuration.before_successful_strategy_response)
-      .to receive(:call).with(subject).once
-    expect(Doorkeeper.configuration.after_successful_strategy_response)
-      .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
-    subject.authorize
-  end
-  describe "with scopes" do
-    subject do
-      described_class.new(server, client, owner, scope: "public")
-    end
-    context "when scopes_by_grant_type is not configured for grant_type" do
-      it "returns error when scopes are invalid" do
-        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("another"))
-        subject.validate
-        expect(subject.error).to eq(:invalid_scope)
-      end
-      it "creates the token with scopes if scopes are valid" do
-        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
-        expect do
-          subject.authorize
-        end.to change { Doorkeeper::AccessToken.count }.by(1)
-        expect(Doorkeeper::AccessToken.last.scopes).to include("public")
-      end
-    end
-    context "when scopes_by_grant_type is configured for grant_type" do
-      it "returns error when scopes are valid but not permitted for grant_type" do
-        allow(server)
-          .to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
-        allow(Doorkeeper.configuration)
-          .to receive(:scopes_by_grant_type).and_return(password: "another")
-        subject.validate
-        expect(subject.error).to eq(:invalid_scope)
-      end
-      it "creates the token with scopes if scopes are valid and permitted for grant_type" do
-        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
-        allow(Doorkeeper.configuration)
-          .to receive(:scopes_by_grant_type).and_return(password: [:public])
-        expect do
-          subject.authorize
-        end.to change { Doorkeeper::AccessToken.count }.by(1)
-        expect(Doorkeeper::AccessToken.last.scopes).to include("public")
-      end
-    end
-  end
-  describe "with custom expiry" do
-    let(:server) do
-      double(
-        :server,
-        default_scopes: Doorkeeper::OAuth::Scopes.new,
-        access_token_expires_in: 2.hours,
-        refresh_token_enabled?: false,
-        custom_access_token_expires_in: lambda { |context|
-          if context.scopes.exists?("public")
-            222
-          elsif context.scopes.exists?("magic")
-            Float::INFINITY
-          end
-        },
-      )
-    end
-    before do
-      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-    end
-    it "checks scopes" do
-      subject = described_class.new(server, client, owner, scope: "public")
-      allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
-      expect do
-        subject.authorize
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-      expect(Doorkeeper::AccessToken.last.expires_in).to eq(222)
-    end
-    it "falls back to the default otherwise" do
-      subject = described_class.new(server, client, owner, scope: "private")
-      allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("private"))
-      expect do
-        subject.authorize
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-      expect(Doorkeeper::AccessToken.last.expires_in).to eq(2.hours)
-    end
-  end
-end