RubyGems - doorkeeper-mongodb - Versions diffs - 5.3.0 → 5.5.0 - Mend

doorkeeper-mongodb 5.3.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

data/spec/requests/flows/client_credentials_spec.rb DELETED Viewed

@@ -1,219 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-RSpec.describe "Client Credentials Request" do
-  let(:client) { FactoryBot.create :application }
-  context "with a valid request" do
-    it "authorizes the client and returns the token response" do
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to match(
-        "access_token" => Doorkeeper::AccessToken.first.token,
-        "token_type" => "Bearer",
-        "expires_in" => Doorkeeper.configuration.access_token_expires_in,
-        "created_at" => an_instance_of(Integer),
-      )
-    end
-    context "with scopes" do
-      before do
-        optional_scopes_exist :write
-        default_scopes_exist :public
-      end
-      it "adds the scope to the token an returns in the response" do
-        headers = authorization client.uid, client.secret
-        params  = { grant_type: "client_credentials", scope: "write" }
-        post "/oauth/token", params: params, headers: headers
-        expect(json_response).to include(
-          "access_token" => Doorkeeper::AccessToken.first.token,
-          "scope" => "write",
-        )
-      end
-      context "when scopes are default" do
-        it "adds the scope to the token an returns in the response" do
-          headers = authorization client.uid, client.secret
-          params  = { grant_type: "client_credentials", scope: "public" }
-          post "/oauth/token", params: params, headers: headers
-          expect(json_response).to include(
-            "access_token" => Doorkeeper::AccessToken.first.token,
-            "scope" => "public",
-          )
-        end
-      end
-      context "when scopes are invalid" do
-        it "does not authorize the client and returns the error" do
-          headers = authorization client.uid, client.secret
-          params  = { grant_type: "client_credentials", scope: "random" }
-          post "/oauth/token", params: params, headers: headers
-          expect(response.status).to eq(400)
-          expect(json_response).to match(
-            "error" => "invalid_scope",
-            "error_description" => translated_error_message(:invalid_scope),
-          )
-        end
-      end
-    end
-  end
-  context "when configured to check application supported grant flow" do
-    before do
-      Doorkeeper.configuration.instance_variable_set(
-        :@allow_grant_flow_for_client,
-        ->(_grant_flow, client) { client.name == "admin" },
-      )
-    end
-    scenario "forbids the request when doesn't satisfy condition" do
-      client.update(name: "sample app")
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to match(
-        "error" => "unauthorized_client",
-        "error_description" => translated_error_message(:unauthorized_client),
-      )
-    end
-    scenario "allows the request when satisfies condition" do
-      client.update(name: "admin")
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to match(
-        "access_token" => Doorkeeper::AccessToken.first.token,
-        "token_type" => "Bearer",
-        "expires_in" => 7200,
-        "created_at" => an_instance_of(Integer),
-      )
-    end
-  end
-  context "when application scopes contain some of the default scopes and no scope is passed" do
-    before do
-      client.update(scopes: "read write public")
-    end
-    it "issues new token with one default scope that are present in application scopes" do
-      default_scopes_exist :public
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      expect do
-        post "/oauth/token", params: params, headers: headers
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-      token = Doorkeeper::AccessToken.first
-      expect(token.application_id).to eq client.id
-      expect(json_response).to include(
-        "access_token" => token.token,
-        "scope" => "public",
-      )
-    end
-    it "issues new token with multiple default scopes that are present in application scopes" do
-      default_scopes_exist :public, :read, :update
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      expect do
-        post "/oauth/token", params: params, headers: headers
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-      token = Doorkeeper::AccessToken.first
-      expect(token.application_id).to eq client.id
-      expect(json_response).to include(
-        "access_token" => token.token,
-        "scope" => "public read",
-      )
-    end
-  end
-  context "when request is invalid" do
-    it "does not authorize the client and returns the error" do
-      headers = {}
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(response.status).to eq(401)
-      expect(json_response).to match(
-        "error" => "invalid_client",
-        "error_description" => translated_error_message(:invalid_client),
-      )
-    end
-  end
-  context "when revoke_previous_client_credentials_token is true" do
-    before do
-      allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(false)
-      allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token?).and_return(true)
-    end
-    it "revokes the previous token" do
-      headers = authorization client.uid, client.secret
-      params  = { grant_type: "client_credentials" }
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to include("access_token" => Doorkeeper::AccessToken.first.token)
-      token = Doorkeeper::AccessToken.first
-      post "/oauth/token", params: params, headers: headers
-      expect(json_response).to include("access_token" => Doorkeeper::AccessToken.last.token)
-      expect(token.reload).to be_revoked
-      expect(Doorkeeper::AccessToken.last).not_to be_revoked
-    end
-    context "with a simultaneous request" do
-      let!(:access_token) { FactoryBot.create :access_token, resource_owner_id: nil }
-      before do
-        allow(Doorkeeper.config.access_token_model).to receive(:matching_token_for) { access_token }
-        allow(access_token).to receive(:revoked?).and_return(true)
-      end
-      it "returns an error" do
-        headers = authorization client.uid, client.secret
-        params  = { grant_type: "client_credentials" }
-        post "/oauth/token", params: params, headers: headers
-        expect(json_response).to match(
-          "error" => "invalid_token_reuse",
-          "error_description" => translated_error_message(:server_error),
-        )
-      end
-    end
-  end
-  def authorization(username, password)
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials username, password
-    { "HTTP_AUTHORIZATION" => credentials }
-  end
-end

data/spec/requests/flows/implicit_grant_errors_spec.rb DELETED Viewed

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-feature "Implicit Grant Flow Errors" do
-  background do
-    default_scopes_exist :default
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
-    config_is_set(:grant_flows, ["implicit"])
-    client_exists
-    create_resource_owner
-    sign_in
-  end
-  after do
-    access_token_should_not_exist
-  end
-  context "when validate client_id param" do
-    scenario "displays invalid_client error for invalid client_id" do
-      visit authorization_endpoint_url(client_id: "invalid", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_client
-    end
-    scenario "displays invalid_request error when client_id is missing" do
-      visit authorization_endpoint_url(client_id: "", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_invalid_request_error_message :missing_param, :client_id
-    end
-  end
-  context "when validate redirect_uri param" do
-    scenario "displays invalid_redirect_uri error for invalid redirect_uri" do
-      visit authorization_endpoint_url(client: @client, redirect_uri: "invalid", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_redirect_uri
-    end
-    scenario "displays invalid_redirect_uri error when redirect_uri is missing" do
-      visit authorization_endpoint_url(client: @client, redirect_uri: "", response_type: "token")
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_redirect_uri
-    end
-  end
-end

data/spec/requests/flows/implicit_grant_spec.rb DELETED Viewed

@@ -1,91 +0,0 @@
-# frozen_string_literal: true
-require "spec_helper"
-feature "Implicit Grant Flow (feature spec)" do
-  background do
-    default_scopes_exist :default
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
-    config_is_set(:grant_flows, ["implicit"])
-    client_exists
-    create_resource_owner
-    sign_in
-  end
-  scenario "resource owner authorizes the client" do
-    visit authorization_endpoint_url(client: @client, response_type: "token")
-    click_on "Authorize"
-    access_token_should_exist_for @client, @resource_owner
-    i_should_be_on_client_callback @client
-  end
-  context "when application scopes are present and no scope is passed" do
-    background do
-      @client.update(scopes: "public write read")
-    end
-    scenario "scope is invalid because default scope is different from application scope" do
-      default_scopes_exist :admin
-      visit authorization_endpoint_url(client: @client, response_type: "token")
-      response_status_should_be 200
-      i_should_not_see "Authorize"
-      i_should_see_translated_error_message :invalid_scope
-    end
-    scenario "access token has scopes which are common in application scopes and default scopes" do
-      default_scopes_exist :public, :write
-      visit authorization_endpoint_url(client: @client, response_type: "token")
-      click_on "Authorize"
-      access_token_should_exist_for @client, @resource_owner
-      access_token_should_have_scopes :public, :write
-    end
-  end
-end
-RSpec.describe "Implicit Grant Flow (request spec)" do
-  before do
-    default_scopes_exist :default
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
-    config_is_set(:grant_flows, ["implicit"])
-    client_exists
-    create_resource_owner
-  end
-  context "when reuse_access_token enabled" do
-    it "returns a new token each request" do
-      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
-      token = client_is_authorized(@client, @resource_owner, scopes: "default")
-      post "/oauth/authorize",
-           params: {
-             client_id: @client.uid,
-             state: "",
-             redirect_uri: @client.redirect_uri,
-             response_type: "token",
-             commit: "Authorize",
-           }
-      expect(response.location).not_to include(token.token)
-    end
-    it "returns the same token if it is still accessible" do
-      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-      token = client_is_authorized(@client, @resource_owner, scopes: "default")
-      post "/oauth/authorize",
-           params: {
-             client_id: @client.uid,
-             state: "",
-             redirect_uri: @client.redirect_uri,
-             response_type: "token",
-             commit: "Authorize",
-           }
-      expect(response.location).to include(token.token)
-    end
-  end
-end