doorkeeper-sequel 1.2.1

data/spec/models/doorkeeper/access_token_spec.rb

@@ -0,0 +1,394 @@
+require 'spec_helper_integration'
+
+module Doorkeeper
+  describe AccessToken do
+    subject { FactoryGirl.build(:access_token) }
+
+    it { expect(subject).to be_valid }
+
+    it_behaves_like 'an accessible token'
+    it_behaves_like 'a revocable token'
+    it_behaves_like 'a unique token' do
+      let(:factory_name) { :access_token }
+    end
+
+    module CustomGeneratorArgs
+      def self.generate
+      end
+    end
+
+    describe :generate_token do
+      it 'generates a token using the default method' do
+        FactoryGirl.create :access_token
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to be_a(String)
+      end
+
+      it 'generates a token using a custom object' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:resource_owner_id]}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to match(%r{custom_generator_token_\d+})
+      end
+
+      it 'allows the custom generator to access the application details' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:application].name}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to match(%r{custom_generator_token_Application \d+})
+      end
+
+      it 'allows the custom generator to access the scopes' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token, scopes: 'public write'
+
+        expect(token.token).to eq 'custom_generator_token_2_public write'
+      end
+
+      it 'allows the custom generator to access the expiry length' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:expires_in]}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to eq 'custom_generator_token_7200'
+      end
+
+      it 'allows the custom generator to access the created time' do
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:created_at].to_i}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token
+        created_at = token.created_at
+        expect(token.token).to eq "custom_generator_token_#{created_at.to_i}"
+      end
+
+      it 'raises an error if the custom object does not support generate' do
+        module NoGenerate
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::NoGenerate"
+        end
+
+        expect { FactoryGirl.create :access_token }.to(
+          raise_error(Doorkeeper::Errors::UnableToGenerateToken))
+      end
+
+      it 'raises an error if the custom object does not exist' do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::NotReal"
+        end
+
+        expect { FactoryGirl.create :access_token }.to(
+          raise_error(Doorkeeper::Errors::TokenGeneratorNotFound))
+      end
+    end
+
+    describe :refresh_token do
+      it 'has empty refresh token if it was not required' do
+        token = FactoryGirl.create :access_token
+        expect(token.refresh_token).to be_nil
+      end
+
+      it 'generates a refresh token if it was requested' do
+        token = FactoryGirl.create :access_token, use_refresh_token: true
+        expect(token.refresh_token).not_to be_nil
+      end
+
+      it 'is not valid if token exists' do
+        token1 = FactoryGirl.create :access_token, use_refresh_token: true
+        token2 = FactoryGirl.create :access_token, use_refresh_token: true
+        token2.refresh_token = token1.refresh_token
+        expect(token2).not_to be_valid
+      end
+
+      it 'expects database to raise an error if refresh tokens are the same' do
+        token1 = FactoryGirl.create :access_token, use_refresh_token: true
+        token2 = FactoryGirl.create :access_token, use_refresh_token: true
+        expect do
+          token2.refresh_token = token1.refresh_token
+          token2.save(validate: false)
+        end.to raise_error(uniqueness_error)
+      end
+    end
+
+    describe 'validations' do
+      it 'is valid without resource_owner_id' do
+        # For client credentials flow
+        subject.resource_owner_id = nil
+        expect(subject).to be_valid
+      end
+
+      it 'is valid without application_id' do
+        # For resource owner credentials flow
+        subject.application_id = nil
+        expect(subject).to be_valid
+      end
+    end
+
+    describe '#same_credential?' do
+
+      context 'with default parameters' do
+
+        let(:resource_owner_id) { 100 }
+        let(:application)    { FactoryGirl.create :application }
+        let(:default_attributes) do
+          { application: application, resource_owner_id: resource_owner_id }
+        end
+        let(:access_token1) { FactoryGirl.create :access_token, default_attributes }
+
+        context 'the second token has the same owner and same app' do
+          let(:access_token2) { FactoryGirl.create :access_token, default_attributes }
+          it 'success' do
+            expect(access_token1.same_credential?(access_token2)).to be_truthy
+          end
+        end
+
+        context 'the second token has same owner and different app' do
+          let(:other_application) { FactoryGirl.create :application }
+          let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: resource_owner_id }
+
+          it 'fail' do
+            expect(access_token1.same_credential?(access_token2)).to be_falsey
+          end
+        end
+
+        context 'the second token has different owner and different app' do
+
+          let(:other_application) { FactoryGirl.create :application }
+          let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: 42 }
+
+          it 'fail' do
+            expect(access_token1.same_credential?(access_token2)).to be_falsey
+          end
+        end
+
+        context 'the second token has different owner and same app' do
+          let(:access_token2) { FactoryGirl.create :access_token, application: application, resource_owner_id: 42 }
+
+          it 'fail' do
+            expect(access_token1.same_credential?(access_token2)).to be_falsey
+          end
+        end
+      end
+    end
+
+    describe '#acceptable?' do
+      context 'a token that is not accessible' do
+        let(:token) { FactoryGirl.create(:access_token, created_at: 6.hours.ago) }
+
+        it 'should return false' do
+          expect(token.acceptable?(nil)).to be false
+        end
+      end
+
+      context 'a token that has the incorrect scopes' do
+        let(:token) { FactoryGirl.create(:access_token) }
+
+        it 'should return false' do
+          expect(token.acceptable?(['public'])).to be false
+        end
+      end
+
+      context 'a token is acceptable with the correct scopes' do
+        let(:token) do
+          token = FactoryGirl.create(:access_token)
+          token[:scopes] = 'public'
+          token
+        end
+
+        it 'should return true' do
+          expect(token.acceptable?(['public'])).to be true
+        end
+      end
+    end
+
+    describe '.revoke_all_for' do
+      let(:resource_owner) { double(id: 100) }
+      let(:application)    { FactoryGirl.create :application }
+      let(:default_attributes) do
+        { application: application, resource_owner_id: resource_owner.id }
+      end
+
+      it 'revokes all tokens for given application and resource owner' do
+        FactoryGirl.create :access_token, default_attributes
+        AccessToken.revoke_all_for application.id, resource_owner
+        AccessToken.all.each do |token|
+          expect(token).to be_revoked
+        end
+      end
+
+      it 'matches application' do
+        FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
+        AccessToken.revoke_all_for application.id, resource_owner
+        expect(AccessToken.all).not_to be_empty
+      end
+
+      it 'matches resource owner' do
+        FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 90)
+        AccessToken.revoke_all_for application.id, resource_owner
+        expect(AccessToken.all).not_to be_empty
+      end
+    end
+
+    describe '.matching_token_for' do
+      let(:resource_owner_id) { 100 }
+      let(:application)       { FactoryGirl.create :application }
+      let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public write') }
+      let(:default_attributes) do
+        {
+          application: application,
+          resource_owner_id: resource_owner_id,
+          scopes: scopes.to_s
+        }
+      end
+
+      it 'returns only one token' do
+        token = FactoryGirl.create :access_token, default_attributes
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to eq(token)
+      end
+
+      it 'accepts resource owner as object' do
+        resource_owner = double(to_key: true, id: 100)
+        token = FactoryGirl.create :access_token, default_attributes
+        last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
+        expect(last_token).to eq(token)
+      end
+
+      it 'accepts nil as resource owner' do
+        token = FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: nil)
+        last_token = AccessToken.matching_token_for(application, nil, scopes)
+        expect(last_token).to eq(token)
+      end
+
+      it 'excludes revoked tokens' do
+        FactoryGirl.create :access_token, default_attributes.merge(revoked_at: 1.day.ago)
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
+      it 'matches the application' do
+        FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
+      it 'matches the resource owner' do
+        FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 2)
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
+      it 'matches token with fewer scopes' do
+        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public')
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
+      it 'matches token with different scopes' do
+        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public email')
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
+      it 'matches token with more scopes' do
+        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public write email')
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
+      it 'matches application scopes' do
+        application = FactoryGirl.create :application, scopes: "private read"
+        FactoryGirl.create :access_token, default_attributes.merge(
+          application: application
+        )
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
+      it 'returns the last created token' do
+        FactoryGirl.create :access_token, default_attributes.merge(created_at: 1.day.ago)
+        token = FactoryGirl.create :access_token, default_attributes
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to eq(token)
+      end
+
+      it 'returns as_json hash' do
+        token = FactoryGirl.create :access_token, default_attributes
+        token_hash = {
+          resource_owner_id:  token.resource_owner_id,
+          scopes:             token.scopes,
+          expires_in_seconds: token.expires_in_seconds,
+          application:        { uid: token.application.uid },
+          created_at:         token.created_at.to_i,
+        }
+        expect(token.as_json).to eq token_hash
+      end
+    end
+
+  end
+end

data/spec/models/doorkeeper/application_spec.rb

@@ -0,0 +1,179 @@
+require 'spec_helper_integration'
+
+module Doorkeeper
+  describe Application do
+    let(:require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', true) }
+    let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', false) }
+    let(:new_application) { FactoryGirl.build(:application) }
+
+    let(:uid) { SecureRandom.hex(8) }
+    let(:secret) { SecureRandom.hex(8) }
+
+    context 'application_owner is enabled' do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          enable_application_owner
+        end
+      end
+
+      context 'application owner is not required' do
+        before(:each) do
+          unset_require_owner
+        end
+
+        it 'is valid given valid attributes' do
+          expect(new_application).to be_valid
+        end
+      end
+
+      context 'application owner is required' do
+        before(:each) do
+          require_owner
+          @owner = FactoryGirl.build_stubbed(:doorkeeper_testing_user)
+        end
+
+        it 'is invalid without an owner' do
+          expect(new_application).not_to be_valid
+        end
+
+        it 'is valid with an owner' do
+          new_application.owner = @owner
+          expect(new_application).to be_valid
+        end
+      end
+    end
+
+    it 'is invalid without a name' do
+      new_application.name = nil
+      expect(new_application).not_to be_valid
+    end
+
+    it 'generates uid on create' do
+      expect(new_application.uid).to be_nil
+      new_application.save
+      expect(new_application.uid).not_to be_nil
+    end
+
+    it 'generates uid on create if an empty string' do
+      new_application.uid = ''
+      new_application.save
+      expect(new_application.uid).not_to be_blank
+    end
+
+    it 'generates uid on create unless one is set' do
+      new_application.uid = uid
+      new_application.save
+      expect(new_application.uid).to eq(uid)
+    end
+
+    it 'is invalid without uid' do
+      new_application.save
+      new_application.uid = nil
+      expect(new_application).not_to be_valid
+    end
+
+    it 'is invalid without redirect_uri' do
+      new_application.save
+      new_application.redirect_uri = nil
+      expect(new_application).not_to be_valid
+    end
+
+    it 'checks uniqueness of uid' do
+      app1 = FactoryGirl.create(:application)
+      app2 = FactoryGirl.create(:application)
+      app2.uid = app1.uid
+      expect(app2).not_to be_valid
+    end
+
+    it 'expects database to throw an error when uids are the same' do
+      app1 = FactoryGirl.create(:application)
+      app2 = FactoryGirl.create(:application)
+      app2.uid = app1.uid
+      expect { app2.save!(validate: false) }.to raise_error(uniqueness_error)
+    end
+
+    it 'generate secret on create' do
+      expect(new_application.secret).to be_nil
+      new_application.save
+      expect(new_application.secret).not_to be_nil
+    end
+
+    it 'generate secret on create if is blank string' do
+      new_application.secret = ''
+      new_application.save
+      expect(new_application.secret).not_to be_blank
+    end
+
+    it 'generate secret on create unless one is set' do
+      new_application.secret = secret
+      new_application.save
+      expect(new_application.secret).to eq(secret)
+    end
+
+    it 'is invalid without secret' do
+      new_application.save
+      new_application.secret = nil
+      expect(new_application).not_to be_valid
+    end
+
+    describe 'destroy related models on cascade' do
+      before(:each) do
+        new_application.save
+      end
+
+      it 'should destroy its access grants' do
+        FactoryGirl.create(:access_grant, application: new_application)
+        expect { new_application.destroy }.to change { Doorkeeper::AccessGrant.count }.by(-1)
+      end
+
+      it 'should destroy its access tokens' do
+        FactoryGirl.create(:access_token, application: new_application)
+        FactoryGirl.create(:access_token, application: new_application, revoked_at: Time.now.utc)
+        expect do
+          new_application.destroy
+        end.to change { Doorkeeper::AccessToken.count }.by(-2)
+      end
+    end
+
+    describe :authorized_for do
+      let(:resource_owner) { double(:resource_owner, id: 10) }
+
+      it 'is empty if the application is not authorized for anyone' do
+        expect(Application.authorized_for(resource_owner)).to be_empty
+      end
+
+      it 'returns only application for a specific resource owner' do
+        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id + 1)
+        token = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
+        expect(Application.authorized_for(resource_owner)).to eq([token.application])
+      end
+
+      it 'excludes revoked tokens' do
+        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, revoked_at: 2.days.ago)
+        expect(Application.authorized_for(resource_owner)).to be_empty
+      end
+
+      it 'returns all applications that have been authorized' do
+        token1 = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
+        token2 = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
+        expect(Application.authorized_for(resource_owner)).to eq([token1.application, token2.application])
+      end
+
+      it 'returns only one application even if it has been authorized twice' do
+        application = FactoryGirl.create(:application)
+        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, application: application)
+        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, application: application)
+        expect(Application.authorized_for(resource_owner)).to eq([application])
+      end
+    end
+
+    describe :authenticate do
+      it 'finds the application via uid/secret' do
+        app = FactoryGirl.create :application
+        authenticated = Application.by_uid_and_secret(app.uid, app.secret)
+        expect(authenticated).to eq(app)
+      end
+    end
+  end
+end

data/spec/requests/applications/applications_request_spec.rb

@@ -0,0 +1,94 @@
+require 'spec_helper_integration'
+
+feature 'Adding applications' do
+  context 'in application form' do
+    background do
+      visit '/oauth/applications/new'
+    end
+
+    scenario 'adding a valid app' do
+      fill_in 'doorkeeper_application[name]', with: 'My Application'
+      fill_in 'doorkeeper_application[redirect_uri]',
+              with: 'https://example.com'
+
+      click_button 'Submit'
+      i_should_see 'Application created'
+      i_should_see 'My Application'
+    end
+
+    scenario 'adding invalid app' do
+      click_button 'Submit'
+      i_should_see 'Whoops! Check your form for possible errors'
+    end
+  end
+end
+
+feature 'Listing applications' do
+  background do
+    FactoryGirl.create :application, name: 'Oauth Dude'
+    FactoryGirl.create :application, name: 'Awesome App'
+  end
+
+  scenario 'application list' do
+    visit '/oauth/applications'
+    i_should_see 'Awesome App'
+    i_should_see 'Oauth Dude'
+  end
+end
+
+feature 'Show application' do
+  given :app do
+    FactoryGirl.create :application, name: 'Just another oauth app'
+  end
+
+  scenario 'visiting application page' do
+    visit "/oauth/applications/#{app.id}"
+    i_should_see 'Just another oauth app'
+  end
+end
+
+feature 'Edit application' do
+  let :app do
+    FactoryGirl.create :application, name: 'OMG my app'
+  end
+
+  background do
+    visit "/oauth/applications/#{app.id}/edit"
+  end
+
+  scenario 'updating a valid app' do
+    fill_in 'doorkeeper_application[name]', with: 'Serious app'
+    click_button 'Submit'
+    i_should_see 'Application updated'
+    i_should_see 'Serious app'
+    i_should_not_see 'OMG my app'
+  end
+
+  scenario 'updating an invalid app' do
+    fill_in 'doorkeeper_application[name]', with: ''
+    click_button 'Submit'
+    i_should_see 'Whoops! Check your form for possible errors'
+  end
+end
+
+feature 'Remove application' do
+  background do
+    @app = FactoryGirl.create :application
+  end
+
+  scenario 'deleting an application from list' do
+    visit '/oauth/applications'
+    i_should_see @app.name
+    within(:css, "tr#application_#{@app.id}") do
+      click_button 'Destroy'
+    end
+    i_should_see 'Application deleted'
+    i_should_not_see @app.name
+  end
+
+  scenario 'deleting an application from show' do
+    visit "/oauth/applications/#{@app.id}"
+    click_button 'Destroy'
+    i_should_see 'Application deleted'
+  end
+end

data/spec/requests/applications/authorized_applications_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper_integration'
+
+feature 'Authorized applications' do
+  background do
+    @user   = User.create!(name: 'Joe', password: 'sekret')
+    @client = client_exists(name: 'Amazing Client App')
+    resource_owner_is_authenticated @user
+    client_is_authorized @client, @user
+  end
+
+  scenario 'display user\'s authorized applications' do
+    visit '/oauth/authorized_applications'
+    i_should_see 'Amazing Client App'
+  end
+
+  scenario 'do not display other user\'s authorized applications' do
+    client = client_exists(name: 'Another Client App')
+    client_is_authorized client, User.create!(name: 'Joe', password: 'sekret')
+    visit '/oauth/authorized_applications'
+    i_should_not_see 'Another Client App'
+  end
+
+  scenario 'user revoke access to application' do
+    visit '/oauth/authorized_applications'
+    i_should_see 'Amazing Client App'
+    click_on 'Revoke'
+    i_should_see 'Application revoked'
+    i_should_not_see 'Amazing Client App'
+  end
+end