doorkeeper-mongodb 5.3.0 → 5.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/Rakefile +18 -4
- data/lib/doorkeeper/orm/mongoid9/access_grant.rb +26 -0
- data/lib/doorkeeper/orm/mongoid9/access_token.rb +38 -0
- data/lib/doorkeeper/orm/mongoid9/application.rb +43 -0
- data/lib/doorkeeper/orm/mongoid9/stale_records_cleaner.rb +11 -0
- data/lib/doorkeeper/orm/mongoid9.rb +50 -0
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb +6 -2
- data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb +46 -6
- data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb +2 -2
- data/lib/doorkeeper-mongodb/version.rb +1 -1
- data/lib/doorkeeper-mongodb.rb +1 -0
- data/spec/dummy/app/assets/config/manifest.js +0 -0
- data/spec/dummy/app/controllers/application_controller.rb +0 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -0
- data/spec/dummy/app/controllers/home_controller.rb +0 -0
- data/spec/dummy/app/controllers/metal_controller.rb +0 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -0
- data/spec/dummy/app/helpers/application_helper.rb +0 -0
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -0
- data/spec/dummy/config/application.rb +0 -0
- data/spec/dummy/config/boot.rb +0 -0
- data/spec/dummy/config/database.yml +0 -0
- data/spec/dummy/config/environment.rb +0 -0
- data/spec/dummy/config/environments/development.rb +0 -0
- data/spec/dummy/config/environments/production.rb +0 -0
- data/spec/dummy/config/environments/test.rb +0 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +7 -2
- data/spec/dummy/config/initializers/secret_token.rb +0 -0
- data/spec/dummy/config/initializers/session_store.rb +0 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -0
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -0
- data/spec/dummy/config/mongoid8.yml +19 -0
- data/spec/dummy/config/mongoid9.yml +19 -0
- data/spec/dummy/config/routes.rb +0 -0
- data/spec/dummy/config.ru +1 -1
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -0
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -0
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -0
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -0
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -0
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -0
- data/spec/dummy/db/migrate/20230205064514_add_custom_attributes.rb +8 -0
- data/spec/dummy/db/schema.rb +3 -1
- data/spec/dummy/log/test.log +39440 -0
- data/spec/dummy/public/404.html +0 -0
- data/spec/dummy/public/422.html +0 -0
- data/spec/dummy/public/500.html +0 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/2L/2LdlR-88TqZc8vSU7Z58xiNpCGRZj0CIlOxSN4Vx2i4.cache +1 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{Pn/PnXU_mkG2fLZFm9BwiZ03BZdBTjKuInP-cRXjHS7yJo.cache → 2r/2r0L9eNOmETsg4Tm1IgBdw3J4ahcko41NpILRXu19_A.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/5y/5ywocFQgpSY36nyF_xDKPExhDRo-eqeiqfDvQee1K9k.cache +2 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{Qs/QsVgO6vM5Yn9oeYTYlrqtyVnK6sdVDWDa083N7zpfHw.cache → 8r/8rW0CpDDUJZ7xvg86t6jZ6WmyvaVZ0uTPEPRjghFIKo.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{PA/PAH_jI20wRw12tngeJ-V619c30avNLDu5U9Z-9Pc5SQ.cache → Cs/CsfBL8Dls9-jhjFsNYt4DZxu5LWChDMB-xXKjsEFSsU.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{8D/8DJG7JfPvShfLLyeSom6NZ_TcQc6QH27tJ7prEWZPfI.cache → Cv/Cv9WXE_0OqtPUZBXfTWaE8uKx9oFIzqO18ZkwVaBLSg.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Mf/MfB2-0nbsmC548XBSLftafi6BZ9nAquBA-6eu7mAmdE.cache +2 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/N2/N2cUP-Um_nQ5ZTCQr_H0bKIjOSIyV7Ry5sT6-DB9e4A.cache +1 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{FJ/FJlQpfMtpRbrM5P8A7d2FAelFKwo6GrVs2xks8z5GKU.cache → Ot/OtNAnT3d-csAKBtJ8UBLOSwUDyfmOdCWpS08RaSCGsQ.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/P3/P33RwiTMGEu2wZySBEUmf5U7hnfBhdL49wzdUWXYNRs.cache +1 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/RZ/RZAL9gIt4aD731Ikf7UZZNPSZXzhPqtDskLB7nQcWH4.cache +1 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/SQ/SQVJeYO2bM0qgQiOaeVBjYo3SWQZmvixa3tXUjsmuUs.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{Ma/MaK3K1AoZZ4xM5fOOifhROd73hfZJpP4yGbkGdoYtEk.cache → V2/V2JApVhUSYhvWnNVIbpe58U4xheVkpi0gCStqjDN6-A.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{Lk/LklIq5hrBAPESXVUpFMwQ9L-1qTj90sPVi6U19_Xi-Q.cache → VA/VADOUaZFukufOb44ts4KoyQZumPcVJET0bi9RvC7c-o.cache} +1 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Vz/VzdPLfWn16XbpHNJdkDMamAf3QutM29cvvPkDNyy5nE.cache +1 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/W9/W9QfraySVwoRt-SgGOIS0e-iP8R1qP_URwXZw1l6M5E.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Wy/Wyiw07ngOzgV6RPis_Lo2hhSRkwo2YSqKTEDAF0crhA.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Z6/Z6rAtdVt3OXS26vLVCtdO3vmMlttI3ajdpbC2FHk7iQ.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/b6/b6QRH6ZdCc0e6bUWu4qni_kZmptaMgWciO8Jl9q6_p8.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{Pm/PmheG0PGFqDws1qgFOxOyIL-gpMof3Ar9eSRKVLYuik.cache → fP/fPihom3hnc1rQQxpviTvZPRJB_IghWYWP3dDcsGrcLk.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/gD/gDU38plXvosMgFK47_PBI9xGVsmsE2tShWEZzxiek3k.cache +1 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/gR/gRqL5_jaFW7eA3d2frJmOzw_vFLuvfhwMhotAlsO8J4.cache +2 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/jC/jCTZ1jAldKBn4OTANBBmCKzxLrDgok1ur4meoTqlDNg.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{yN/yNOFGOsnHmxXNMkuEAWuL1u3jlmdvrdeoTx6DDJ1in8.cache → jc/jcB8w1gBT7JP10DW4OOvvYpW1ZFeMyedngmMy3QbRLQ.cache} +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/jg/jgxXkkkXf1NPOPrpNdEJzhDt-2xHGzd_-mLkIHWrOr4.cache +2 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/nx/nxzZnvk5YyBhTUloQSZZ5zRuaqlsLiHy_AbOzQ3d788.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/wr/wrlf8nUW2yftpcIA97qImyECR8f8o3OiOdHLdfkmw8c.cache +1 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/{qT/qTQIQsmS0Wbbg2JxNn9rxdI5qVOTg5SfyQdaTvr9vLo.cache → xd/xdD4KJ55W3jy5PIrwT0UnDp1toKpUfgrjJBgB4WaPIc.cache} +0 -0
- data/spec/support/doorkeeper_rspec.rb +0 -0
- data/spec/support/orm/mongoid.rb +18 -2
- data/spec/support/orm/mongoid8.rb +6 -0
- data/spec/support/orm/mongoid9.rb +6 -0
- data/spec/support/render_with_matcher.rb +26 -0
- metadata +126 -241
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -270
- data/spec/controllers/authorizations_controller_spec.rb +0 -744
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -542
- data/spec/doorkeeper/redirect_uri_validator_spec.rb +0 -183
- data/spec/doorkeeper/server_spec.rb +0 -50
- data/spec/doorkeeper/stale_records_cleaner_spec.rb +0 -103
- data/spec/doorkeeper/version_spec.rb +0 -17
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/-o/-ofn45zIfO5vx4VD6m6NXesLf6da5usA-Sbw2SVju3o.cache +0 -2
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/0_/0_ouGcG_o_1zmVmBe-tdQYk594LBwVa1bumjrKtdfEw.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/2X/2XMMcHbyTSRqh1GkV0xzyIETNtt-zgN6iniziShaKmQ.cache +0 -2
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/4Q/4QQw-pMQ98JIj3xdcFhGBQdysdGPY9rWffRqWMmyjew.cache +0 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/7H/7HjRsym0tTpXFCVhWt6kteMs_-CozKVbr9s5syHm8es.cache +0 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/8B/8BxJyv22HPFHu1se_l2J8qW1N9NzZ16UOWOy1YMSgs4.cache +0 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/9x/9xjtGv-yKjj62x9uFwBZg8pTSh9ERPAgANwNo9uwIaA.cache +0 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Bt/BtXO7f0PZ8DNt3TMLYM-zY7LkbWa_KgyB0v1V98M1CQ.cache +0 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/E0/E02f1Q2tutWumMulGCFNfqQNjvEP_hMAK_5E83eWepI.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/EZ/EZGpd6pUEJZxO6uT2yIS4Fpn5KX7VDgC9VB3AaemF5Q.cache +0 -2
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/L8/L8mOWakJlWKr6MU85rj0V7yGFfNyIR6vE6YXtqArPGw.cache +0 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/MB/MBWRxa9S470ee8suxVKp0jYgv6K6FQOqKGV0kPGQNMs.cache +0 -1
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Ph/Ph7RtH_NvG2I8XpTa8mA8SBQXZDzBPVIh4CH6g7OXJ0.cache +0 -2
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/So/So59ksdx2dw-_A3-zFZ6Palr7fROjm7_0JDZb04temw.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/Wt/WtXL_iDofLeTH_v0Yf3PM421r9b1V0g-VBvMPeu9KA0.cache +0 -0
- data/spec/dummy/tmp/cache/assets/sprockets/v4.0.0/dX/dX6FDdUIy8yBCOoaoXcjf71rX9N_bpiXGJ4Urt32NTk.cache +0 -0
- data/spec/factories.rb +0 -30
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -824
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -55
- data/spec/lib/models/scopes_spec.rb +0 -61
- data/spec/lib/models/secret_storable_spec.rb +0 -136
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -35
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
- data/spec/lib/oauth/base_request_spec.rb +0 -210
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -92
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -105
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -65
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -202
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -230
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -164
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/option_spec.rb +0 -51
- data/spec/lib/request/strategy_spec.rb +0 -51
- data/spec/lib/secret_storing/base_spec.rb +0 -61
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -50
- data/spec/lib/secret_storing/plain_spec.rb +0 -45
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -49
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -173
- data/spec/models/doorkeeper/access_token_spec.rb +0 -644
- data/spec/models/doorkeeper/application_spec.rb +0 -499
- data/spec/requests/applications/applications_request_spec.rb +0 -257
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -85
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -86
- data/spec/requests/flows/authorization_code_spec.rb +0 -559
- data/spec/requests/flows/client_credentials_spec.rb +0 -219
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -356
- data/spec/requests/flows/refresh_token_spec.rb +0 -255
- data/spec/requests/flows/revoke_token_spec.rb +0 -196
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/helpers/access_token_request_helper.rb +0 -14
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -98
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -100
- data/spec/support/shared/hashing_shared_context.rb +0 -40
- data/spec/support/shared/models_shared_examples.rb +0 -56
|
@@ -1,644 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
RSpec.describe Doorkeeper::AccessToken do
|
|
6
|
-
subject { FactoryBot.build(:access_token) }
|
|
7
|
-
|
|
8
|
-
it { expect(subject).to be_valid }
|
|
9
|
-
|
|
10
|
-
it_behaves_like "an accessible token"
|
|
11
|
-
it_behaves_like "a revocable token"
|
|
12
|
-
it_behaves_like "a unique token" do
|
|
13
|
-
let(:factory_name) { :access_token }
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
module CustomGeneratorArgs
|
|
17
|
-
def self.generate; end
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
describe "#generate_token" do
|
|
21
|
-
it "generates a token using the default method" do
|
|
22
|
-
FactoryBot.create :access_token
|
|
23
|
-
|
|
24
|
-
token = FactoryBot.create :access_token
|
|
25
|
-
expect(token.token).to be_a(String)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
context "with hashing enabled" do
|
|
29
|
-
let(:token) { FactoryBot.create :access_token }
|
|
30
|
-
|
|
31
|
-
include_context "with token hashing enabled"
|
|
32
|
-
|
|
33
|
-
it "holds a volatile plaintext token when created" do
|
|
34
|
-
expect(token.plaintext_token).to be_a(String)
|
|
35
|
-
expect(token.token)
|
|
36
|
-
.to eq(hashed_or_plain_token_func.call(token.plaintext_token))
|
|
37
|
-
|
|
38
|
-
# Finder method only finds the hashed token
|
|
39
|
-
loaded = described_class.find_by(token: token.token)
|
|
40
|
-
expect(loaded).to eq(token)
|
|
41
|
-
expect(loaded.plaintext_token).to be_nil
|
|
42
|
-
expect(loaded.token).to eq(token.token)
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
it "does not find_by plain text tokens" do
|
|
46
|
-
expect(described_class.find_by(token: token.plaintext_token)).to be_nil
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
describe "with having a plain text token" do
|
|
50
|
-
let(:plain_text_token) { "plain text token" }
|
|
51
|
-
let(:access_token) { FactoryBot.create :access_token }
|
|
52
|
-
|
|
53
|
-
before do
|
|
54
|
-
# Assume we have a plain text token from before activating the option
|
|
55
|
-
access_token.update_column(:token, plain_text_token)
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
context "without fallback lookup" do
|
|
59
|
-
it "does not provide lookups with either through by_token" do
|
|
60
|
-
expect(described_class.by_token(plain_text_token)).to eq(nil)
|
|
61
|
-
expect(described_class.by_token(access_token.token)).to eq(nil)
|
|
62
|
-
|
|
63
|
-
# And it does not touch the token
|
|
64
|
-
access_token.reload
|
|
65
|
-
expect(access_token.token).to eq(plain_text_token)
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
context "with fallback lookup" do
|
|
70
|
-
include_context "with token hashing and fallback lookup enabled"
|
|
71
|
-
|
|
72
|
-
it "upgrades a plain token when falling back to it" do
|
|
73
|
-
# Side-effect: This will automatically upgrade the token
|
|
74
|
-
expect(described_class).to receive(:upgrade_fallback_value).and_call_original
|
|
75
|
-
expect(described_class.by_token(plain_text_token))
|
|
76
|
-
.to have_attributes(
|
|
77
|
-
resource_owner_id: access_token.resource_owner_id,
|
|
78
|
-
application_id: access_token.application_id,
|
|
79
|
-
scopes: access_token.scopes,
|
|
80
|
-
)
|
|
81
|
-
|
|
82
|
-
# Will find subsequently by hashing the token
|
|
83
|
-
expect(described_class.by_token(plain_text_token))
|
|
84
|
-
.to have_attributes(
|
|
85
|
-
resource_owner_id: access_token.resource_owner_id,
|
|
86
|
-
application_id: access_token.application_id,
|
|
87
|
-
scopes: access_token.scopes,
|
|
88
|
-
)
|
|
89
|
-
|
|
90
|
-
# Not all the ORM support :id PK
|
|
91
|
-
if access_token.respond_to?(:id)
|
|
92
|
-
expect(described_class.by_token(plain_text_token).id).to eq(access_token.id)
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
# And it modifies the token value
|
|
96
|
-
access_token.reload
|
|
97
|
-
expect(access_token.token).not_to eq(plain_text_token)
|
|
98
|
-
expect(described_class.find_by(token: plain_text_token)).to eq(nil)
|
|
99
|
-
expect(described_class.find_by(token: access_token.token)).not_to be_nil
|
|
100
|
-
end
|
|
101
|
-
end
|
|
102
|
-
end
|
|
103
|
-
end
|
|
104
|
-
|
|
105
|
-
it "generates a token using a custom object" do
|
|
106
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
|
107
|
-
eigenclass.class_eval do
|
|
108
|
-
remove_method :generate
|
|
109
|
-
end
|
|
110
|
-
module CustomGeneratorArgs
|
|
111
|
-
def self.generate(opts = {})
|
|
112
|
-
id = opts[:resource_owner_id] || opts[:resource_owner]&.id
|
|
113
|
-
"custom_generator_token_#{id}"
|
|
114
|
-
end
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
Doorkeeper.configure do
|
|
118
|
-
orm DOORKEEPER_ORM
|
|
119
|
-
access_token_generator "CustomGeneratorArgs"
|
|
120
|
-
end
|
|
121
|
-
|
|
122
|
-
owner = FactoryBot.create :resource_owner
|
|
123
|
-
token = FactoryBot.create :access_token,
|
|
124
|
-
resource_owner_id: owner.id,
|
|
125
|
-
resource_owner_type: owner.class.name
|
|
126
|
-
|
|
127
|
-
expect(token.token).to match(/custom_generator_token_\d+/)
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
it "allows the custom generator to access the application details" do
|
|
131
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
|
132
|
-
eigenclass.class_eval do
|
|
133
|
-
remove_method :generate
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
module CustomGeneratorArgs
|
|
137
|
-
def self.generate(opts = {})
|
|
138
|
-
"custom_generator_token_#{opts[:application].name}"
|
|
139
|
-
end
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
Doorkeeper.configure do
|
|
143
|
-
orm DOORKEEPER_ORM
|
|
144
|
-
access_token_generator "CustomGeneratorArgs"
|
|
145
|
-
end
|
|
146
|
-
|
|
147
|
-
token = FactoryBot.create :access_token
|
|
148
|
-
expect(token.token).to match(/custom_generator_token_Application \d+/)
|
|
149
|
-
end
|
|
150
|
-
|
|
151
|
-
it "allows the custom generator to access the scopes" do
|
|
152
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
|
153
|
-
eigenclass.class_eval do
|
|
154
|
-
remove_method :generate
|
|
155
|
-
end
|
|
156
|
-
module CustomGeneratorArgs
|
|
157
|
-
def self.generate(opts = {})
|
|
158
|
-
"custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
|
|
159
|
-
end
|
|
160
|
-
end
|
|
161
|
-
|
|
162
|
-
Doorkeeper.configure do
|
|
163
|
-
orm DOORKEEPER_ORM
|
|
164
|
-
access_token_generator "CustomGeneratorArgs"
|
|
165
|
-
end
|
|
166
|
-
|
|
167
|
-
token = FactoryBot.create :access_token, scopes: "public write"
|
|
168
|
-
|
|
169
|
-
expect(token.token).to eq "custom_generator_token_2_public write"
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
it "allows the custom generator to access the expiry length" do
|
|
173
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
|
174
|
-
eigenclass.class_eval do
|
|
175
|
-
remove_method :generate
|
|
176
|
-
end
|
|
177
|
-
module CustomGeneratorArgs
|
|
178
|
-
def self.generate(opts = {})
|
|
179
|
-
"custom_generator_token_#{opts[:expires_in]}"
|
|
180
|
-
end
|
|
181
|
-
end
|
|
182
|
-
|
|
183
|
-
Doorkeeper.configure do
|
|
184
|
-
orm DOORKEEPER_ORM
|
|
185
|
-
access_token_generator "CustomGeneratorArgs"
|
|
186
|
-
end
|
|
187
|
-
|
|
188
|
-
token = FactoryBot.create :access_token
|
|
189
|
-
expect(token.token).to eq "custom_generator_token_7200"
|
|
190
|
-
end
|
|
191
|
-
|
|
192
|
-
it "allows the custom generator to access the created time" do
|
|
193
|
-
module CustomGeneratorArgs
|
|
194
|
-
def self.generate(opts = {})
|
|
195
|
-
"custom_generator_token_#{opts[:created_at].to_i}"
|
|
196
|
-
end
|
|
197
|
-
end
|
|
198
|
-
|
|
199
|
-
Doorkeeper.configure do
|
|
200
|
-
orm DOORKEEPER_ORM
|
|
201
|
-
access_token_generator "CustomGeneratorArgs"
|
|
202
|
-
end
|
|
203
|
-
|
|
204
|
-
token = FactoryBot.create :access_token
|
|
205
|
-
created_at = token.created_at
|
|
206
|
-
expect(token.token).to eq "custom_generator_token_#{created_at.to_i}"
|
|
207
|
-
end
|
|
208
|
-
|
|
209
|
-
it "raises an error if the custom object does not support generate" do
|
|
210
|
-
module NoGenerate
|
|
211
|
-
end
|
|
212
|
-
|
|
213
|
-
Doorkeeper.configure do
|
|
214
|
-
orm DOORKEEPER_ORM
|
|
215
|
-
access_token_generator "NoGenerate"
|
|
216
|
-
end
|
|
217
|
-
|
|
218
|
-
expect { FactoryBot.create :access_token }.to(
|
|
219
|
-
raise_error(Doorkeeper::Errors::UnableToGenerateToken),
|
|
220
|
-
)
|
|
221
|
-
end
|
|
222
|
-
|
|
223
|
-
it "raises original error if something went wrong in custom generator" do
|
|
224
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
|
225
|
-
eigenclass.class_eval do
|
|
226
|
-
remove_method :generate
|
|
227
|
-
end
|
|
228
|
-
|
|
229
|
-
module CustomGeneratorArgs
|
|
230
|
-
def self.generate(_opts = {})
|
|
231
|
-
raise LoadError, "custom behaviour"
|
|
232
|
-
end
|
|
233
|
-
end
|
|
234
|
-
|
|
235
|
-
Doorkeeper.configure do
|
|
236
|
-
orm DOORKEEPER_ORM
|
|
237
|
-
access_token_generator "CustomGeneratorArgs"
|
|
238
|
-
end
|
|
239
|
-
|
|
240
|
-
expect { FactoryBot.create :access_token }.to(
|
|
241
|
-
raise_error(LoadError),
|
|
242
|
-
)
|
|
243
|
-
end
|
|
244
|
-
|
|
245
|
-
it "raises an error if the custom object does not exist" do
|
|
246
|
-
Doorkeeper.configure do
|
|
247
|
-
orm DOORKEEPER_ORM
|
|
248
|
-
access_token_generator "Doorkeeper::NotReal"
|
|
249
|
-
end
|
|
250
|
-
|
|
251
|
-
expect { FactoryBot.create :access_token }.to(
|
|
252
|
-
raise_error(Doorkeeper::Errors::TokenGeneratorNotFound, /NotReal/),
|
|
253
|
-
)
|
|
254
|
-
end
|
|
255
|
-
end
|
|
256
|
-
|
|
257
|
-
describe "refresh_token" do
|
|
258
|
-
it "has empty refresh token if it was not required" do
|
|
259
|
-
token = FactoryBot.create :access_token
|
|
260
|
-
expect(token.refresh_token).to be_nil
|
|
261
|
-
end
|
|
262
|
-
|
|
263
|
-
it "generates a refresh token if it was requested" do
|
|
264
|
-
token = FactoryBot.create :access_token, use_refresh_token: true
|
|
265
|
-
expect(token.refresh_token).not_to be_nil
|
|
266
|
-
end
|
|
267
|
-
|
|
268
|
-
it "is not valid if token exists" do
|
|
269
|
-
token1 = FactoryBot.create :access_token, use_refresh_token: true
|
|
270
|
-
token2 = FactoryBot.create :access_token, use_refresh_token: true
|
|
271
|
-
token2.refresh_token = token1.refresh_token
|
|
272
|
-
expect(token2).not_to be_valid
|
|
273
|
-
end
|
|
274
|
-
|
|
275
|
-
it "expects database to raise an error if refresh tokens are the same" do
|
|
276
|
-
token1 = FactoryBot.create :access_token, use_refresh_token: true
|
|
277
|
-
token2 = FactoryBot.create :access_token, use_refresh_token: true
|
|
278
|
-
expect do
|
|
279
|
-
token2.refresh_token = token1.refresh_token
|
|
280
|
-
token2.save(validate: false)
|
|
281
|
-
end.to raise_error(uniqueness_error)
|
|
282
|
-
end
|
|
283
|
-
|
|
284
|
-
context "with hashing enabled" do
|
|
285
|
-
include_context "with token hashing enabled"
|
|
286
|
-
let(:token) { FactoryBot.create :access_token, use_refresh_token: true }
|
|
287
|
-
|
|
288
|
-
it "holds a volatile refresh token when created" do
|
|
289
|
-
expect(token.plaintext_refresh_token).to be_a(String)
|
|
290
|
-
expect(token.refresh_token)
|
|
291
|
-
.to eq(hashed_or_plain_token_func.call(token.plaintext_refresh_token))
|
|
292
|
-
|
|
293
|
-
# Finder method only finds the hashed token
|
|
294
|
-
loaded = described_class.find_by(refresh_token: token.refresh_token)
|
|
295
|
-
expect(loaded).to eq(token)
|
|
296
|
-
expect(loaded.plaintext_refresh_token).to be_nil
|
|
297
|
-
expect(loaded.refresh_token).to eq(token.refresh_token)
|
|
298
|
-
end
|
|
299
|
-
|
|
300
|
-
it "does not find_by plain text refresh tokens" do
|
|
301
|
-
expect(described_class.find_by(refresh_token: token.plaintext_refresh_token)).to be_nil
|
|
302
|
-
end
|
|
303
|
-
|
|
304
|
-
describe "with having a plain text token" do
|
|
305
|
-
let(:plain_refresh_token) { "plain refresh token" }
|
|
306
|
-
let(:access_token) { FactoryBot.create :access_token }
|
|
307
|
-
|
|
308
|
-
before do
|
|
309
|
-
# Assume we have a plain text token from before activating the option
|
|
310
|
-
access_token.update_column(:refresh_token, plain_refresh_token)
|
|
311
|
-
end
|
|
312
|
-
|
|
313
|
-
context "without fallback lookup" do
|
|
314
|
-
it "does not provide lookups with either through by_token" do
|
|
315
|
-
expect(described_class.by_refresh_token(plain_refresh_token)).to eq(nil)
|
|
316
|
-
expect(described_class.by_refresh_token(access_token.refresh_token)).to eq(nil)
|
|
317
|
-
|
|
318
|
-
# And it does not touch the token
|
|
319
|
-
access_token.reload
|
|
320
|
-
expect(access_token.refresh_token).to eq(plain_refresh_token)
|
|
321
|
-
end
|
|
322
|
-
end
|
|
323
|
-
|
|
324
|
-
context "with fallback lookup" do
|
|
325
|
-
include_context "with token hashing and fallback lookup enabled"
|
|
326
|
-
|
|
327
|
-
it "upgrades a plain token when falling back to it" do
|
|
328
|
-
# Side-effect: This will automatically upgrade the token
|
|
329
|
-
expect(described_class).to receive(:upgrade_fallback_value).and_call_original
|
|
330
|
-
expect(described_class.by_refresh_token(plain_refresh_token))
|
|
331
|
-
.to have_attributes(
|
|
332
|
-
token: access_token.token,
|
|
333
|
-
resource_owner_id: access_token.resource_owner_id,
|
|
334
|
-
application_id: access_token.application_id,
|
|
335
|
-
)
|
|
336
|
-
|
|
337
|
-
# Will find subsequently by hashing the token
|
|
338
|
-
expect(described_class.by_refresh_token(plain_refresh_token))
|
|
339
|
-
.to have_attributes(
|
|
340
|
-
token: access_token.token,
|
|
341
|
-
resource_owner_id: access_token.resource_owner_id,
|
|
342
|
-
application_id: access_token.application_id,
|
|
343
|
-
)
|
|
344
|
-
|
|
345
|
-
# Not all the ORM support :id PK
|
|
346
|
-
if access_token.respond_to?(:id)
|
|
347
|
-
expect(described_class.by_refresh_token(plain_refresh_token).id).to eq(access_token.id)
|
|
348
|
-
end
|
|
349
|
-
|
|
350
|
-
# And it modifies the token value
|
|
351
|
-
access_token.reload
|
|
352
|
-
expect(access_token.refresh_token).not_to eq(plain_refresh_token)
|
|
353
|
-
expect(described_class.find_by(refresh_token: plain_refresh_token)).to eq(nil)
|
|
354
|
-
expect(described_class.find_by(refresh_token: access_token.refresh_token)).not_to be_nil
|
|
355
|
-
end
|
|
356
|
-
end
|
|
357
|
-
end
|
|
358
|
-
end
|
|
359
|
-
end
|
|
360
|
-
|
|
361
|
-
describe "validations" do
|
|
362
|
-
it "is valid without resource_owner_id" do
|
|
363
|
-
# For client credentials flow
|
|
364
|
-
subject.resource_owner_id = nil
|
|
365
|
-
expect(subject).to be_valid
|
|
366
|
-
end
|
|
367
|
-
|
|
368
|
-
it "is valid without application_id" do
|
|
369
|
-
# For resource owner credentials flow
|
|
370
|
-
subject.application_id = nil
|
|
371
|
-
expect(subject).to be_valid
|
|
372
|
-
end
|
|
373
|
-
end
|
|
374
|
-
|
|
375
|
-
describe "#same_credential?" do
|
|
376
|
-
context "with default parameters" do
|
|
377
|
-
let(:resource_owner) { FactoryBot.create(:resource_owner) }
|
|
378
|
-
let(:resource_owner_id) { resource_owner.id }
|
|
379
|
-
let(:application) { FactoryBot.create :application }
|
|
380
|
-
let(:default_attributes) do
|
|
381
|
-
{
|
|
382
|
-
application: application,
|
|
383
|
-
resource_owner_id: resource_owner_id,
|
|
384
|
-
resource_owner_type: resource_owner.class.name,
|
|
385
|
-
}
|
|
386
|
-
end
|
|
387
|
-
let(:access_token1) { FactoryBot.create :access_token, default_attributes }
|
|
388
|
-
|
|
389
|
-
context "when the second token has the same owner and same app" do
|
|
390
|
-
let(:access_token2) { FactoryBot.create :access_token, default_attributes }
|
|
391
|
-
|
|
392
|
-
it "success" do
|
|
393
|
-
expect(access_token1).to be_same_credential(access_token2)
|
|
394
|
-
end
|
|
395
|
-
end
|
|
396
|
-
|
|
397
|
-
context "when the second token has same owner and different app" do
|
|
398
|
-
let(:other_application) { FactoryBot.create :application }
|
|
399
|
-
let(:access_token2) do
|
|
400
|
-
FactoryBot.create :access_token,
|
|
401
|
-
application: other_application,
|
|
402
|
-
resource_owner_id: resource_owner_id,
|
|
403
|
-
resource_owner_type: resource_owner.class.name
|
|
404
|
-
end
|
|
405
|
-
|
|
406
|
-
it "fails" do
|
|
407
|
-
expect(access_token1).not_to be_same_credential(access_token2)
|
|
408
|
-
end
|
|
409
|
-
end
|
|
410
|
-
|
|
411
|
-
context "when the second token has different owner and different app" do
|
|
412
|
-
let(:other_application) { FactoryBot.create :application }
|
|
413
|
-
let(:access_token2) do
|
|
414
|
-
FactoryBot.create :access_token,
|
|
415
|
-
application: other_application,
|
|
416
|
-
resource_owner_id: resource_owner.id + 1
|
|
417
|
-
end
|
|
418
|
-
|
|
419
|
-
it "fails" do
|
|
420
|
-
expect(access_token1).not_to be_same_credential(access_token2)
|
|
421
|
-
end
|
|
422
|
-
end
|
|
423
|
-
|
|
424
|
-
context "when the second token has different owner and same app" do
|
|
425
|
-
let(:access_token2) do
|
|
426
|
-
FactoryBot.create :access_token,
|
|
427
|
-
application: application,
|
|
428
|
-
resource_owner_id: resource_owner.id + 1
|
|
429
|
-
end
|
|
430
|
-
|
|
431
|
-
it "fails" do
|
|
432
|
-
expect(access_token1).not_to be_same_credential(access_token2)
|
|
433
|
-
end
|
|
434
|
-
end
|
|
435
|
-
end
|
|
436
|
-
end
|
|
437
|
-
|
|
438
|
-
describe "#acceptable?" do
|
|
439
|
-
context "when token is not accessible" do
|
|
440
|
-
let(:token) { FactoryBot.create(:access_token, created_at: 6.hours.ago) }
|
|
441
|
-
|
|
442
|
-
it "returns false" do
|
|
443
|
-
expect(token.acceptable?(nil)).to be false
|
|
444
|
-
end
|
|
445
|
-
end
|
|
446
|
-
|
|
447
|
-
context "when token has the incorrect scopes" do
|
|
448
|
-
let(:token) { FactoryBot.create(:access_token) }
|
|
449
|
-
|
|
450
|
-
it "returns false" do
|
|
451
|
-
expect(token.acceptable?(["public"])).to be false
|
|
452
|
-
end
|
|
453
|
-
end
|
|
454
|
-
|
|
455
|
-
context "when token is acceptable with the correct scopes" do
|
|
456
|
-
let(:token) do
|
|
457
|
-
token = FactoryBot.create(:access_token)
|
|
458
|
-
token[:scopes] = "public"
|
|
459
|
-
token
|
|
460
|
-
end
|
|
461
|
-
|
|
462
|
-
it "returns true" do
|
|
463
|
-
expect(token.acceptable?(["public"])).to be true
|
|
464
|
-
end
|
|
465
|
-
end
|
|
466
|
-
end
|
|
467
|
-
|
|
468
|
-
describe ".revoke_all_for" do
|
|
469
|
-
let(:resource_owner) { FactoryBot.create :resource_owner }
|
|
470
|
-
let(:application) { FactoryBot.create :application }
|
|
471
|
-
let(:default_attributes) do
|
|
472
|
-
{
|
|
473
|
-
application: application,
|
|
474
|
-
resource_owner_id: resource_owner.id,
|
|
475
|
-
resource_owner_type: resource_owner.class.name,
|
|
476
|
-
}
|
|
477
|
-
end
|
|
478
|
-
|
|
479
|
-
it "revokes all tokens for given application and resource owner" do
|
|
480
|
-
FactoryBot.create :access_token, default_attributes
|
|
481
|
-
described_class.revoke_all_for application.id, resource_owner
|
|
482
|
-
expect(described_class.all).to all(be_revoked)
|
|
483
|
-
end
|
|
484
|
-
|
|
485
|
-
it "matches application" do
|
|
486
|
-
access_token_for_different_app = FactoryBot.create(
|
|
487
|
-
:access_token,
|
|
488
|
-
default_attributes.merge(application: FactoryBot.create(:application)),
|
|
489
|
-
)
|
|
490
|
-
|
|
491
|
-
described_class.revoke_all_for application.id, resource_owner
|
|
492
|
-
|
|
493
|
-
expect(access_token_for_different_app.reload).not_to be_revoked
|
|
494
|
-
end
|
|
495
|
-
|
|
496
|
-
it "matches resource owner" do
|
|
497
|
-
access_token_for_different_owner = FactoryBot.create(
|
|
498
|
-
:access_token,
|
|
499
|
-
default_attributes.merge(resource_owner_id: resource_owner.id + 1),
|
|
500
|
-
)
|
|
501
|
-
|
|
502
|
-
described_class.revoke_all_for application.id, resource_owner
|
|
503
|
-
|
|
504
|
-
expect(access_token_for_different_owner.reload).not_to be_revoked
|
|
505
|
-
end
|
|
506
|
-
end
|
|
507
|
-
|
|
508
|
-
describe ".matching_token_for" do
|
|
509
|
-
let(:resource_owner) { FactoryBot.create :resource_owner }
|
|
510
|
-
let(:resource_owner_id) { resource_owner.id }
|
|
511
|
-
let(:application) { FactoryBot.create :application }
|
|
512
|
-
let(:scopes) { Doorkeeper::OAuth::Scopes.from_string("public write") }
|
|
513
|
-
let(:default_attributes) do
|
|
514
|
-
{
|
|
515
|
-
application: application,
|
|
516
|
-
resource_owner_id: resource_owner_id,
|
|
517
|
-
resource_owner_type: resource_owner.class.name,
|
|
518
|
-
scopes: scopes.to_s,
|
|
519
|
-
}
|
|
520
|
-
end
|
|
521
|
-
|
|
522
|
-
before do
|
|
523
|
-
default_scopes_exist(*scopes.all)
|
|
524
|
-
end
|
|
525
|
-
|
|
526
|
-
it "returns only one token" do
|
|
527
|
-
token = FactoryBot.create :access_token, default_attributes
|
|
528
|
-
last_token = described_class.matching_token_for(application, resource_owner, scopes)
|
|
529
|
-
expect(last_token).to eq(token)
|
|
530
|
-
end
|
|
531
|
-
|
|
532
|
-
it "accepts nil as resource owner" do
|
|
533
|
-
token = FactoryBot.create :access_token,
|
|
534
|
-
default_attributes.merge(resource_owner_id: nil, resource_owner_type: nil)
|
|
535
|
-
last_token = described_class.matching_token_for(application, nil, scopes)
|
|
536
|
-
expect(last_token).to eq(token)
|
|
537
|
-
end
|
|
538
|
-
|
|
539
|
-
it "excludes revoked tokens" do
|
|
540
|
-
FactoryBot.create :access_token, default_attributes.merge(revoked_at: 1.day.ago)
|
|
541
|
-
last_token = described_class.matching_token_for(application, resource_owner_id, scopes)
|
|
542
|
-
expect(last_token).to be_nil
|
|
543
|
-
end
|
|
544
|
-
|
|
545
|
-
it "excludes tokens with a different application" do
|
|
546
|
-
FactoryBot.create :access_token, default_attributes.merge(application: FactoryBot.create(:application))
|
|
547
|
-
last_token = described_class.matching_token_for(application, resource_owner_id, scopes)
|
|
548
|
-
expect(last_token).to be_nil
|
|
549
|
-
end
|
|
550
|
-
|
|
551
|
-
it "excludes tokens with a different resource owner" do
|
|
552
|
-
FactoryBot.create :access_token, default_attributes.merge(resource_owner_id: resource_owner.id + 1)
|
|
553
|
-
last_token = described_class.matching_token_for(application, resource_owner_id, scopes)
|
|
554
|
-
expect(last_token).to be_nil
|
|
555
|
-
end
|
|
556
|
-
|
|
557
|
-
it "excludes tokens with fewer scopes" do
|
|
558
|
-
FactoryBot.create :access_token, default_attributes.merge(scopes: "public")
|
|
559
|
-
last_token = described_class.matching_token_for(application, resource_owner_id, scopes)
|
|
560
|
-
expect(last_token).to be_nil
|
|
561
|
-
end
|
|
562
|
-
|
|
563
|
-
it "excludes tokens with different scopes" do
|
|
564
|
-
FactoryBot.create :access_token, default_attributes.merge(scopes: "public email")
|
|
565
|
-
last_token = described_class.matching_token_for(application, resource_owner, scopes)
|
|
566
|
-
expect(last_token).to be_nil
|
|
567
|
-
end
|
|
568
|
-
|
|
569
|
-
it "excludes tokens with additional scopes" do
|
|
570
|
-
FactoryBot.create :access_token, default_attributes.merge(scopes: "public write email")
|
|
571
|
-
last_token = described_class.matching_token_for(application, resource_owner, scopes)
|
|
572
|
-
expect(last_token).to be_nil
|
|
573
|
-
end
|
|
574
|
-
|
|
575
|
-
it "excludes tokens with scopes that are not present in server scopes" do
|
|
576
|
-
FactoryBot.create :access_token, default_attributes.merge(
|
|
577
|
-
application: application, scopes: "public read",
|
|
578
|
-
)
|
|
579
|
-
last_token = described_class.matching_token_for(application, resource_owner, scopes)
|
|
580
|
-
expect(last_token).to be_nil
|
|
581
|
-
end
|
|
582
|
-
|
|
583
|
-
it "excludes tokens with scopes that are not present in application scopes" do
|
|
584
|
-
application = FactoryBot.create :application, scopes: "private read"
|
|
585
|
-
FactoryBot.create :access_token, default_attributes.merge(
|
|
586
|
-
application: application,
|
|
587
|
-
)
|
|
588
|
-
last_token = described_class.matching_token_for(application, resource_owner, scopes)
|
|
589
|
-
expect(last_token).to be_nil
|
|
590
|
-
end
|
|
591
|
-
|
|
592
|
-
it "does not match token if empty scope requested and token/app scopes present" do
|
|
593
|
-
application = FactoryBot.create :application, scopes: "sample:scope"
|
|
594
|
-
app_params = {
|
|
595
|
-
application_id: application.id, scopes: "sample:scope",
|
|
596
|
-
resource_owner_id: resource_owner.id,
|
|
597
|
-
resource_owner_type: resource_owner.class.name,
|
|
598
|
-
}
|
|
599
|
-
FactoryBot.create :access_token, app_params
|
|
600
|
-
empty_scopes = Doorkeeper::OAuth::Scopes.from_string("")
|
|
601
|
-
last_token = described_class.matching_token_for(application, resource_owner.id, empty_scopes)
|
|
602
|
-
expect(last_token).to be_nil
|
|
603
|
-
end
|
|
604
|
-
|
|
605
|
-
it "matches token if empty scope requested and no token scopes present" do
|
|
606
|
-
empty_scopes = Doorkeeper::OAuth::Scopes.from_string("")
|
|
607
|
-
token = FactoryBot.create :access_token, default_attributes.merge(scopes: empty_scopes)
|
|
608
|
-
last_token = described_class.matching_token_for(application, resource_owner.id, empty_scopes)
|
|
609
|
-
expect(last_token).to eq(token)
|
|
610
|
-
end
|
|
611
|
-
|
|
612
|
-
it "returns the last matching token" do
|
|
613
|
-
FactoryBot.create :access_token, default_attributes.merge(created_at: 1.day.ago)
|
|
614
|
-
matching_token = FactoryBot.create :access_token, default_attributes
|
|
615
|
-
FactoryBot.create :access_token, default_attributes.merge(scopes: "public")
|
|
616
|
-
|
|
617
|
-
last_token = described_class.matching_token_for(application, resource_owner_id, scopes)
|
|
618
|
-
expect(last_token).to eq(matching_token)
|
|
619
|
-
end
|
|
620
|
-
end
|
|
621
|
-
|
|
622
|
-
describe "#as_json" do
|
|
623
|
-
let(:token) { FactoryBot.create(:access_token) }
|
|
624
|
-
let(:token_hash) do
|
|
625
|
-
{
|
|
626
|
-
resource_owner_id: token.resource_owner_id,
|
|
627
|
-
scope: token.scopes,
|
|
628
|
-
expires_in: token.expires_in_seconds,
|
|
629
|
-
application: { uid: token.application.uid },
|
|
630
|
-
created_at: token.created_at.to_i,
|
|
631
|
-
}
|
|
632
|
-
end
|
|
633
|
-
|
|
634
|
-
it "returns as_json hash" do
|
|
635
|
-
hash = token_hash
|
|
636
|
-
|
|
637
|
-
if Doorkeeper.configuration.polymorphic_resource_owner?
|
|
638
|
-
hash[:resource_owner_type] = token.resource_owner_type
|
|
639
|
-
end
|
|
640
|
-
|
|
641
|
-
expect(token.as_json).to match(hash)
|
|
642
|
-
end
|
|
643
|
-
end
|
|
644
|
-
end
|