RubyGems - doorkeeper-sequel - Versions diffs - 1.2.1 - Mend

doorkeeper-sequel 1.2.1

Files changed (197) hide show

data/spec/lib/oauth/token_request_spec.rb ADDED Viewed

@@ -0,0 +1,98 @@
+require 'spec_helper_integration'
+module Doorkeeper::OAuth
+  describe TokenRequest do
+    let :application do
+      scopes = double(all: ['public'])
+      double(:application, id: 9990, scopes: scopes)
+    end
+    let :pre_auth do
+      double(
+        :pre_auth,
+        client: application,
+        redirect_uri: 'http://tst.com/cb',
+        state: nil,
+        scopes: Scopes.from_string('public'),
+        error: nil,
+        authorizable?: true
+      )
+    end
+    let :owner do
+      double :owner, id: 7866
+    end
+    subject do
+      TokenRequest.new(pre_auth, owner)
+    end
+    it 'creates an access token' do
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
+    it 'returns a code response' do
+      expect(subject.authorize).to be_a(CodeResponse)
+    end
+    it 'does not create token when not authorizable' do
+      allow(pre_auth).to receive(:authorizable?).and_return(false)
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
+    it 'returns a error response' do
+      allow(pre_auth).to receive(:authorizable?).and_return(false)
+      expect(subject.authorize).to be_a(ErrorResponse)
+    end
+    context 'with custom expirations' do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          custom_access_token_expires_in do |_oauth_client|
+            1234
+          end
+        end
+      end
+      it 'should use the custom ttl' do
+        subject.authorize
+        token = Doorkeeper::AccessToken.first
+        expect(token.expires_in).to eq(1234)
+      end
+    end
+    context 'token reuse' do
+      it 'creates a new token if there are no matching tokens' do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        expect do
+          subject.authorize
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+      end
+      it 'creates a new token if scopes do not match' do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
+                           resource_owner_id: owner.id, scopes: '')
+        expect do
+          subject.authorize
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+      end
+      it 'skips token creation if there is a matching one' do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        allow(application.scopes).to receive(:has_scopes?).and_return(true)
+        allow(application.scopes).to receive(:all?).and_return(true)
+        FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
+                           resource_owner_id: owner.id, scopes: 'public')
+        expect do
+          subject.authorize
+        end.to_not change { Doorkeeper::AccessToken.count }
+      end
+    end
+  end
+end

data/spec/lib/oauth/token_response_spec.rb ADDED Viewed

@@ -0,0 +1,85 @@
+require 'spec_helper'
+require 'doorkeeper/oauth/token_response'
+module Doorkeeper::OAuth
+  describe TokenResponse do
+    subject { TokenResponse.new(double.as_null_object) }
+    it 'includes access token response headers' do
+      headers = subject.headers
+      expect(headers.fetch('Cache-Control')).to eq('no-store')
+      expect(headers.fetch('Pragma')).to eq('no-cache')
+    end
+    it 'status is ok' do
+      expect(subject.status).to eq(:ok)
+    end
+    describe '.body' do
+      let(:access_token) do
+        double :access_token,
+               token:              'some-token',
+               expires_in:         '3600',
+               expires_in_seconds: '300',
+               scopes_string:      'two scopes',
+               refresh_token:      'some-refresh-token',
+               token_type:         'bearer',
+               created_at:         0
+      end
+      subject { TokenResponse.new(access_token).body }
+      it 'includes :access_token' do
+        expect(subject['access_token']).to eq('some-token')
+      end
+      it 'includes :token_type' do
+        expect(subject['token_type']).to eq('bearer')
+      end
+      # expires_in_seconds is returned as `expires_in` in order to match
+      # the OAuth spec (section 4.2.2)
+      it 'includes :expires_in' do
+        expect(subject['expires_in']).to eq('300')
+      end
+      it 'includes :scope' do
+        expect(subject['scope']).to eq('two scopes')
+      end
+      it 'includes :refresh_token' do
+        expect(subject['refresh_token']).to eq('some-refresh-token')
+      end
+      it 'includes :created_at' do
+        expect(subject['created_at']).to eq(0)
+      end
+    end
+    describe '.body filters out empty values' do
+      let(:access_token) do
+        double :access_token,
+               token:              'some-token',
+               expires_in_seconds: '',
+               scopes_string:      '',
+               refresh_token:      '',
+               token_type:         'bearer',
+               created_at:         0
+      end
+      subject { TokenResponse.new(access_token).body }
+      it 'includes :expires_in' do
+        expect(subject['expires_in']).to be_nil
+      end
+      it 'includes :scope' do
+        expect(subject['scope']).to be_nil
+      end
+      it 'includes :refresh_token' do
+        expect(subject['refresh_token']).to be_nil
+      end
+    end
+  end
+end

data/spec/lib/oauth/token_spec.rb ADDED Viewed

@@ -0,0 +1,116 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/token'
+module Doorkeeper
+  unless defined?(AccessToken)
+    class AccessToken
+    end
+  end
+  module OAuth
+    describe Token do
+      describe :from_request do
+        let(:request) { double.as_null_object }
+        let(:method) do
+          ->(request) { return 'token-value' }
+        end
+        it 'accepts anything that responds to #call' do
+          expect(method).to receive(:call).with(request)
+          Token.from_request request, method
+        end
+        it 'delegates methods received as symbols to Token class' do
+          expect(Token).to receive(:from_params).with(request)
+          Token.from_request request, :from_params
+        end
+        it 'stops at the first credentials found' do
+          not_called_method = double
+          expect(not_called_method).not_to receive(:call)
+          Token.from_request request, ->(_r) {}, method, not_called_method
+        end
+        it 'returns the credential from extractor method' do
+          credentials = Token.from_request request, method
+          expect(credentials).to eq('token-value')
+        end
+      end
+      describe :from_access_token_param do
+        it 'returns token from access_token parameter' do
+          request = double parameters: { access_token: 'some-token' }
+          token   = Token.from_access_token_param(request)
+          expect(token).to eq('some-token')
+        end
+      end
+      describe :from_bearer_param do
+        it 'returns token from bearer_token parameter' do
+          request = double parameters: { bearer_token: 'some-token' }
+          token   = Token.from_bearer_param(request)
+          expect(token).to eq('some-token')
+        end
+      end
+      describe :from_bearer_authorization do
+        it 'returns token from capitalized authorization bearer' do
+          request = double authorization: 'Bearer SomeToken'
+          token   = Token.from_bearer_authorization(request)
+          expect(token).to eq('SomeToken')
+        end
+        it 'returns token from lowercased authorization bearer' do
+          request = double authorization: 'bearer SomeToken'
+          token   = Token.from_bearer_authorization(request)
+          expect(token).to eq('SomeToken')
+        end
+        it 'does not return token if authorization is not bearer' do
+          request = double authorization: 'MAC SomeToken'
+          token   = Token.from_bearer_authorization(request)
+          expect(token).to be_blank
+        end
+      end
+      describe :from_basic_authorization do
+        it 'returns token from capitalized authorization basic' do
+          request = double authorization: "Basic #{Base64.encode64 'SomeToken:'}"
+          token   = Token.from_basic_authorization(request)
+          expect(token).to eq('SomeToken')
+        end
+        it 'returns token from lowercased authorization basic' do
+          request = double authorization: "basic #{Base64.encode64 'SomeToken:'}"
+          token   = Token.from_basic_authorization(request)
+          expect(token).to eq('SomeToken')
+        end
+        it 'does not return token if authorization is not basic' do
+          request = double authorization: "MAC #{Base64.encode64 'SomeToken:'}"
+          token   = Token.from_basic_authorization(request)
+          expect(token).to be_blank
+        end
+      end
+      describe :authenticate do
+        it 'calls the finder if token was returned' do
+          token = ->(_r) { 'token' }
+          expect(AccessToken).to receive(:by_token).with('token')
+          Token.authenticate double, token
+        end
+        it 'revokes previous refresh_token if token was found' do
+          token = ->(_r) { 'token' }
+          expect(
+            AccessToken
+          ).to receive(:by_token).with('token').and_return(token)
+          expect(token).to receive(:revoke_previous_refresh_token!)
+          Token.authenticate double, token
+        end
+      end
+    end
+  end
+end

data/spec/lib/request/strategy_spec.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require 'spec_helper'
+require 'doorkeeper/request/strategy'
+module Doorkeeper
+  module Request
+    describe Strategy do
+      let(:server) { double }
+      subject(:strategy) { Strategy.new(server) }
+      describe :initialize do
+        it "sets the server attribute" do
+          expect(strategy.server).to eq server
+        end
+      end
+      describe :request do
+        it "requires an implementation" do
+          expect { strategy.request }.to raise_exception NotImplementedError
+        end
+      end
+      describe "a sample Strategy subclass" do
+        let(:fake_request) { double }
+        let(:strategy_class) do
+          subclass = Class.new(Strategy) do
+            class << self
+              attr_accessor :fake_request
+            end
+            def request
+              self.class.fake_request
+            end
+          end
+          subclass.fake_request = fake_request
+          subclass
+        end
+        subject(:strategy) { strategy_class.new(server) }
+        it "provides a request implementation" do
+          expect(strategy.request).to eq fake_request
+        end
+        it "authorizes the request" do
+          expect(fake_request).to receive :authorize
+          strategy.authorize
+        end
+      end
+    end
+  end
+end

data/spec/lib/server_spec.rb ADDED Viewed

@@ -0,0 +1,52 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/errors'
+require 'doorkeeper/server'
+describe Doorkeeper::Server do
+  let(:fake_class) { double :fake_class }
+  subject do
+    described_class.new
+  end
+  describe '.authorization_request' do
+    it 'raises error when strategy does not exist' do
+      expect do
+        subject.authorization_request(:duh)
+      end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
+    end
+    it 'raises error when strategy does not match phase' do
+      expect do
+        subject.token_request(:code)
+      end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
+    end
+    context 'when only Authorization Code strategy is enabled' do
+      before do
+        allow(Doorkeeper.configuration).
+          to receive(:grant_flows).
+          and_return(['authorization_code'])
+      end
+      it 'raises error when using the disabled Implicit strategy' do
+        expect do
+          subject.authorization_request(:token)
+        end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
+      end
+      it 'raises error when using the disabled Client Credentials strategy' do
+        expect do
+          subject.token_request(:client_credentials)
+        end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
+      end
+    end
+    it 'builds the request with selected strategy' do
+      stub_const 'Doorkeeper::Request::Code', fake_class
+      expect(fake_class).to receive(:new).with(subject)
+      subject.authorization_request :code
+    end
+  end
+end

data/spec/models/doorkeeper/access_grant_spec.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require 'spec_helper_integration'
+describe Doorkeeper::AccessGrant do
+  subject { FactoryGirl.build(:access_grant) }
+  it { expect(subject).to be_valid }
+  it_behaves_like 'an accessible token'
+  it_behaves_like 'a revocable token'
+  it_behaves_like 'a unique token' do
+    let(:factory_name) { :access_grant }
+  end
+  describe 'validations' do
+    it 'is invalid without resource_owner_id' do
+      subject.resource_owner_id = nil
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid without application_id' do
+      subject.application_id = nil
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid without token' do
+      subject.save
+      subject.token = nil
+      expect(subject).not_to be_valid
+    end
+    it 'is invalid without expires_in' do
+      subject.expires_in = nil
+      expect(subject).not_to be_valid
+    end
+  end
+end