doorkeeper-sequel 1.2.1

data/spec/stubs/config/application.rb

@@ -0,0 +1,29 @@
+require File.expand_path('../boot', __FILE__)
+
+require "rails"
+
+%w(
+  action_controller
+  action_view
+  action_mailer
+  active_job
+  rails/test_unit
+  sprockets
+).each do |framework|
+  begin
+    require "#{framework}/railtie"
+  rescue LoadError
+  end
+end
+
+Bundler.require(*Rails.groups)
+
+require 'yaml'
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+  end
+end

data/spec/stubs/config/initializers/db.rb

@@ -0,0 +1,74 @@
+# SQLite memory database
+DB = if defined?(JRUBY_VERSION)
+       Sequel.connect('jdbc:sqlite::memory:')
+     else
+       Sequel.sqlite
+     end
+
+DB.create_table :oauth_applications do
+  primary_key :id
+
+  column :name, String, size: 255, null: false
+  column :uid, String, size: 255, null: false, index: { unique: true }
+  column :secret, String, size: 255, null: false
+
+  column :scopes, String, size: 255, null: false, default: ''
+  column :redirect_uri, String
+
+  column :created_at, DateTime
+  column :updated_at, DateTime
+
+  column :owner_id, Integer
+  column :owner_type, String
+  index [:owner_id, :owner_type]
+end
+
+DB.create_table :oauth_access_grants do
+  primary_key :id
+  column :application_id, Integer
+
+  column :resource_owner_id, Integer, null: false
+
+  column :token, String, size: 255, null: false, index: { unique: true }
+  column :expires_in, Integer, null: false
+  column :redirect_uri, String, null: false
+  column :created_at, DateTime, null: false
+  column :revoked_at, DateTime
+  column :scopes, String, size: 255
+end
+
+DB.create_table :oauth_access_tokens do
+  primary_key :id
+  column :application_id, Integer
+
+  column :resource_owner_id, Integer, index: true
+
+  # If you use a custom token generator you may need to change this column
+  # from string to text, so that it accepts tokens larger than 255
+  # characters. More info on custom token generators in:
+  # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+  #
+  # column :token, String, null: false
+  column :token, String, size: 255, null: false, index: { unique: true }
+
+  column :refresh_token, String, size: 255, index: { unique: true }
+  # If there is a previous_refresh_token column,
+  # refresh tokens will be revoked after a related access token is used.
+  # If there is no previous_refresh_token column,
+  # previous tokens are revoked as soon as a new access token is created.
+  # Comment out this line if you'd rather have refresh tokens
+  # instantly revoked.
+  column :previous_refresh_token, String, size: 255, null: false, default: ''
+  column :expires_in, Integer
+  column :revoked_at, DateTime
+  column :created_at, DateTime, null: false
+  column :scopes, String, size: 255
+end
+
+DB.create_table :users do
+  primary_key :id
+  column :name, String, size: 255
+  column :created_at, DateTime
+  column :updated_at, DateTime
+  column :password, String, size: 255
+end

data/spec/stubs/generators/application_owner_generator_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper_integration'
+require 'generators/doorkeeper/sequel/application_owner_generator'
+
+describe 'Doorkeeper::Sequel::ApplicationOwnerGenerator' do
+  include GeneratorSpec::TestCase
+
+  tests Doorkeeper::Sequel::ApplicationOwnerGenerator
+  destination ::File.expand_path('../tmp/dummy', __FILE__)
+
+  describe 'after running the generator' do
+    before :each do
+      prepare_destination
+      run_generator
+    end
+
+    it 'creates a migration' do
+      assert_migration 'db/migrate/add_owner_to_application.rb'
+    end
+  end
+end

data/spec/stubs/generators/migration_generator_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper_integration'
+require 'generators/doorkeeper/sequel/migration_generator'
+
+describe 'Doorkeeper::Sequel::MigrationGenerator' do
+  include GeneratorSpec::TestCase
+
+  tests Doorkeeper::Sequel::MigrationGenerator
+  destination ::File.expand_path('../tmp/dummy', __FILE__)
+
+  describe 'after running the generator' do
+    before :each do
+      prepare_destination
+      run_generator
+    end
+
+    it 'creates a migration' do
+      assert_migration 'db/migrate/create_doorkeeper_tables.rb'
+    end
+  end
+end

data/spec/stubs/generators/previous_refresh_token_generator_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper_integration'
+require 'generators/doorkeeper/sequel/previous_refresh_token_generator'
+
+describe 'Doorkeeper::Sequel::PreviousRefreshTokenGenerator' do
+  include GeneratorSpec::TestCase
+
+  tests Doorkeeper::Sequel::PreviousRefreshTokenGenerator
+  destination ::File.expand_path('../tmp/dummy', __FILE__)
+
+  describe 'after running the generator' do
+    before :each do
+      prepare_destination
+      run_generator
+    end
+
+    it 'creates a migration' do
+      assert_migration 'db/migrate/add_previous_refresh_token_to_access_tokens.rb'
+    end
+  end
+end

data/spec/stubs/generators/tmp/dummy/db/migrate/20161012132810_add_owner_to_application.rb

@@ -0,0 +1,9 @@
+Sequel.migration do
+  change do
+    alter_table(:oauth_applications) do
+      add_column :owner_id, Integer, null: true
+      add_column :owner_type, String, null: true
+      add_index [:owner_id, :owner_type]
+    end
+  end
+end

data/spec/stubs/models/user.rb

@@ -0,0 +1,11 @@
+class User < Sequel::Model
+  class << self
+    def authenticate!(name, password)
+      User.where(name: name, password: password).first
+    end
+
+    def create!(values = {}, &block)
+      new(values, &block).save(raise_on_failure: true)
+    end
+  end
+end

data/spec/stubs/spec_helper_integration.rb

@@ -0,0 +1,50 @@
+ENV['RAILS_ENV'] ||= 'test'
+
+DOORKEEPER_ORM = :sequel
+
+$LOAD_PATH.unshift File.dirname(__FILE__)
+
+require 'capybara/rspec'
+require 'dummy/config/environment'
+require 'rspec/rails'
+require 'generator_spec/test_case'
+require 'timecop'
+
+# Load JRuby SQLite3 if in that platform
+begin
+  require 'jdbc/sqlite3'
+  Jdbc::SQLite3.load_driver
+rescue LoadError
+end
+
+Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm.inspect}"
+Rails.logger.info "====> Rails version: #{Rails.version}"
+Rails.logger.info "====> Ruby version: #{RUBY_VERSION}"
+
+require "support/orm/#{DOORKEEPER_ORM}"
+
+ENGINE_RAILS_ROOT = File.join(File.dirname(__FILE__), '../')
+
+Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |f| require f }
+
+# Remove after dropping support of Rails 4.2
+require "#{File.dirname(__FILE__)}/support/http_method_shim.rb"
+
+RSpec.configure do |config|
+  config.infer_spec_type_from_file_location!
+  config.mock_with :rspec
+
+  config.infer_base_class_for_anonymous_controllers = false
+
+  config.include RSpec::Rails::RequestExampleGroup, type: :request
+
+  config.before do
+    Doorkeeper.configure { orm DOORKEEPER_ORM }
+  end
+
+  config.around(:each) do |example|
+    DB.transaction(rollback: :always, auto_savepoint: true) { example.run }
+  end
+
+  config.order = 'random'
+end

data/spec/support/dependencies/factory_girl.rb

@@ -0,0 +1,2 @@
+require 'factory_girl'
+FactoryGirl.find_definitions

data/spec/support/helpers/access_token_request_helper.rb

@@ -0,0 +1,11 @@
+module AccessTokenRequestHelper
+  def client_is_authorized(client, resource_owner, access_token_attributes = {})
+    attributes = {
+      application: client,
+      resource_owner_id: resource_owner.id
+    }.merge(access_token_attributes)
+    FactoryGirl.create(:access_token, attributes)
+  end
+end
+
+RSpec.configuration.send :include, AccessTokenRequestHelper

data/spec/support/helpers/authorization_request_helper.rb

@@ -0,0 +1,41 @@
+module AuthorizationRequestHelper
+  def resource_owner_is_authenticated(resource_owner = nil)
+    resource_owner ||= User.create!(name: 'Joe', password: 'sekret')
+    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { resource_owner })
+  end
+
+  def resource_owner_is_not_authenticated
+    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to('/sign_in') })
+  end
+
+  def default_scopes_exist(*scopes)
+    Doorkeeper.configuration.instance_variable_set(:@default_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
+  end
+
+  def optional_scopes_exist(*scopes)
+    Doorkeeper.configuration.instance_variable_set(:@optional_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
+  end
+
+  def client_should_be_authorized(client)
+    expect(client.access_grants.size).to eq(1)
+  end
+
+  def client_should_not_be_authorized(client)
+    expect(client.size).to eq(0)
+  end
+
+  def i_should_be_on_client_callback(client)
+    expect(client.redirect_uri).to eq("#{current_uri.scheme}://#{current_uri.host}#{current_uri.path}")
+  end
+
+  def allowing_forgery_protection(&block)
+    _original_value = ActionController::Base.allow_forgery_protection
+    ActionController::Base.allow_forgery_protection = true
+
+    block.call
+  ensure
+    ActionController::Base.allow_forgery_protection = _original_value
+  end
+end
+
+RSpec.configuration.send :include, AuthorizationRequestHelper

data/spec/support/helpers/config_helper.rb

@@ -0,0 +1,9 @@
+module ConfigHelper
+  def config_is_set(setting, value = nil, &block)
+    setting_ivar = "@#{setting}"
+    value = block_given? ? block : value
+    Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
+  end
+end
+
+RSpec.configuration.send :include, ConfigHelper

data/spec/support/helpers/model_helper.rb

@@ -0,0 +1,67 @@
+module ModelHelper
+  def client_exists(client_attributes = {})
+    @client = FactoryGirl.create(:application, client_attributes)
+  end
+
+  def create_resource_owner
+    @resource_owner = User.create!(name: 'Joe', password: 'sekret')
+  end
+
+  def authorization_code_exists(options = {})
+    @authorization = FactoryGirl.create(:access_grant, options)
+  end
+
+  def access_grant_should_exist_for(client, resource_owner)
+    grant = Doorkeeper::AccessGrant.first
+
+    expect(grant.application).to have_attributes(id: client.id).
+      and(be_instance_of(Doorkeeper::Application))
+
+    expect(grant.resource_owner_id).to eq(resource_owner.id)
+  end
+
+  def access_token_should_exist_for(client, resource_owner)
+    token = Doorkeeper::AccessToken.first
+
+    expect(token.application).to have_attributes(id: client.id).
+      and(be_instance_of(Doorkeeper::Application))
+
+    expect(token.resource_owner_id).to eq(resource_owner.id)
+  end
+
+  def access_grant_should_not_exist
+    expect(Doorkeeper::AccessGrant.all).to be_empty
+  end
+
+  def access_token_should_not_exist
+    expect(Doorkeeper::AccessToken.all).to be_empty
+  end
+
+  def access_grant_should_have_scopes(*args)
+    grant = Doorkeeper::AccessGrant.first
+    expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
+  end
+
+  def access_token_should_have_scopes(*args)
+    grant = Doorkeeper::AccessToken.last
+    expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
+  end
+
+  def uniqueness_error
+    case DOORKEEPER_ORM
+    when :active_record
+      ActiveRecord::RecordNotUnique
+    when :sequel
+      error_classes = [Sequel::UniqueConstraintViolation, Sequel::ValidationFailed]
+      proc { |error| expect(error.class).to be_in(error_classes) }
+    when :mongo_mapper
+      MongoMapper::DocumentNotValid
+    when /mongoid/
+      Mongoid::Errors::Validations
+    else
+      raise "'#{DOORKEEPER_ORM}' ORM is not supported!"
+    end
+  end
+end
+
+RSpec.configuration.send :include, ModelHelper

data/spec/support/helpers/request_spec_helper.rb

@@ -0,0 +1,76 @@
+module RequestSpecHelper
+  def i_should_see(content)
+    expect(page).to have_content(content)
+  end
+
+  def i_should_not_see(content)
+    expect(page).to have_no_content(content)
+  end
+
+  def i_should_be_on(path)
+    expect(current_path).to eq(path)
+  end
+
+  def url_should_have_param(param, value)
+    expect(current_params[param]).to eq(value)
+  end
+
+  def url_should_not_have_param(param)
+    expect(current_params).not_to have_key(param)
+  end
+
+  def current_params
+    Rack::Utils.parse_query(current_uri.query)
+  end
+
+  def current_uri
+    URI.parse(page.current_url)
+  end
+
+  def should_have_header(header, value)
+    expect(headers[header]).to eq(value)
+  end
+
+  def with_access_token_header(token)
+    with_header 'Authorization', "Bearer #{token}"
+  end
+
+  def with_header(header, value)
+    page.driver.header header, value
+  end
+
+  def basic_auth_header_for_client(client)
+    ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
+  end
+
+  def should_have_json(key, value)
+    expect(JSON.parse(response.body).fetch(key)).to eq(value)
+  end
+
+  def should_have_json_within(key, value, range)
+    expect(JSON.parse(response.body).fetch(key)).to be_within(range).of(value)
+  end
+
+  def should_not_have_json(key)
+    expect(JSON.parse(response.body)).not_to have_key(key)
+  end
+
+  def sign_in
+    visit '/'
+    click_on 'Sign in'
+  end
+
+  def i_should_see_translated_error_message(key)
+    i_should_see translated_error_message(key)
+  end
+
+  def translated_error_message(key)
+    I18n.translate key, scope: [:doorkeeper, :errors, :messages]
+  end
+
+  def response_status_should_be(status)
+    expect(page.driver.response.status.to_i).to eq(status)
+  end
+end
+
+RSpec.configuration.send :include, RequestSpecHelper

data/spec/support/helpers/url_helper.rb

@@ -0,0 +1,55 @@
+module UrlHelper
+  def token_endpoint_url(options = {})
+    parameters = {
+      code: options[:code],
+      client_id: options[:client_id]     || (options[:client] ? options[:client].uid : nil),
+      client_secret: options[:client_secret] || (options[:client] ? options[:client].secret : nil),
+      redirect_uri: options[:redirect_uri]  || (options[:client] ? options[:client].redirect_uri : nil),
+      grant_type: options[:grant_type]    || 'authorization_code'
+    }
+    "/oauth/token?#{build_query(parameters)}"
+  end
+
+  def password_token_endpoint_url(options = {})
+    parameters = {
+      code: options[:code],
+      client_id: options[:client_id]     || (options[:client] ? options[:client].uid : nil),
+      client_secret: options[:client_secret] || (options[:client] ? options[:client].secret : nil),
+      username: options[:resource_owner_username] || (options[:resource_owner] ? options[:resource_owner].name : nil),
+      password: options[:resource_owner_password] || (options[:resource_owner] ? options[:resource_owner].password : nil),
+      grant_type: 'password'
+    }
+    "/oauth/token?#{build_query(parameters)}"
+  end
+
+  def authorization_endpoint_url(options = {})
+    parameters = {
+      client_id: options[:client_id]     || options[:client].uid,
+      redirect_uri: options[:redirect_uri]  || options[:client].redirect_uri,
+      response_type: options[:response_type] || 'code',
+      scope: options[:scope],
+      state: options[:state]
+    }.reject { |k, v| v.blank? }
+    "/oauth/authorize?#{build_query(parameters)}"
+  end
+
+  def refresh_token_endpoint_url(options = {})
+    parameters = {
+      refresh_token: options[:refresh_token],
+      client_id: options[:client_id]     || options[:client].uid,
+      client_secret: options[:client_secret] || options[:client].secret,
+      grant_type: options[:grant_type]    || 'refresh_token'
+    }
+    "/oauth/token?#{build_query(parameters)}"
+  end
+
+  def revocation_token_endpoint_url
+    '/oauth/revoke'
+  end
+
+  def build_query(hash)
+    Rack::Utils.build_query(hash)
+  end
+end
+
+RSpec.configuration.send :include, UrlHelper

data/spec/support/http_method_shim.rb

@@ -0,0 +1,24 @@
+# Rails 5 deprecates calling HTTP action methods with positional arguments
+# in favor of keyword arguments. However, the keyword argument form is only
+# supported in Rails 5+. Since we support back to 4, we need some sort of shim
+# to avoid super noisy deprecations when running tests.
+module HTTPMethodShim
+  def get(path, params = nil, headers = nil)
+    super(path, params: params, headers: headers)
+  end
+
+  def post(path, params = nil, headers = nil)
+    super(path, params: params, headers: headers)
+  end
+
+  def put(path, params = nil, headers = nil)
+    super(path, params: params, headers: headers)
+  end
+end
+
+if ::Rails::VERSION::MAJOR >= 5
+  RSpec.configure do |config|
+    config.include HTTPMethodShim, type: :controller
+    config.include HTTPMethodShim, type: :request
+  end
+end

data/spec/support/orm/active_record.rb

@@ -0,0 +1,3 @@
+# load schema to in memory sqlite
+ActiveRecord::Migration.verbose = false
+load Rails.root + 'db/schema.rb'

data/spec/support/shared/controllers_shared_context.rb

@@ -0,0 +1,69 @@
+shared_context 'valid token', token: :valid do
+  let :token_string do
+    '1A2B3C4D'
+  end
+
+  let :token do
+    double(Doorkeeper::AccessToken,
+           accessible?: true, includes_scope?: true, acceptable?: true,
+           previous_refresh_token: "", revoke_previous_refresh_token!: true)
+  end
+
+  before :each do
+    allow(
+      Doorkeeper::AccessToken
+    ).to receive(:by_token).with(token_string).and_return(token)
+  end
+end
+
+shared_context 'invalid token', token: :invalid do
+  let :token_string do
+    '1A2B3C4D'
+  end
+
+  let :token do
+    double(Doorkeeper::AccessToken,
+           accessible?: false, revoked?: false, expired?: false,
+           includes_scope?: false, acceptable?: false,
+           previous_refresh_token: "", revoke_previous_refresh_token!: true)
+  end
+
+  before :each do
+    allow(
+      Doorkeeper::AccessToken
+    ).to receive(:by_token).with(token_string).and_return(token)
+  end
+end
+
+shared_context 'authenticated resource owner' do
+  before do
+    user = double(:resource, id: 1)
+    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
+  end
+end
+
+shared_context 'not authenticated resource owner' do
+  before do
+    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to '/' } }
+  end
+end
+
+shared_context 'valid authorization request' do
+  let :authorization do
+    double(:authorization, valid?: true, authorize: true, success_redirect_uri: 'http://something.com/cb?code=token')
+  end
+
+  before do
+    allow(controller).to receive(:authorization) { authorization }
+  end
+end
+
+shared_context 'invalid authorization request' do
+  let :authorization do
+    double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
+  end
+
+  before do
+    allow(controller).to receive(:authorization) { authorization }
+  end
+end

data/spec/support/shared/models_shared_examples.rb

@@ -0,0 +1,52 @@
+shared_examples 'an accessible token' do
+  describe :accessible? do
+    it 'is accessible if token is not expired' do
+      allow(subject).to receive(:expired?).and_return(false)
+      should be_accessible
+    end
+
+    it 'is not accessible if token is expired' do
+      allow(subject).to receive(:expired?).and_return(true)
+      should_not be_accessible
+    end
+  end
+end
+
+shared_examples 'a revocable token' do
+  describe :accessible? do
+    before { subject.save! }
+
+    it 'is accessible if token is not revoked' do
+      expect(subject).to be_accessible
+    end
+
+    it 'is not accessible if token is revoked' do
+      subject.revoke
+      expect(subject).not_to be_accessible
+    end
+  end
+end
+
+shared_examples 'a unique token' do
+  describe :token do
+    it 'is generated before validation' do
+      expect { subject.valid? }.to change { subject.token }.from(nil)
+    end
+
+    it 'is not valid if token exists' do
+      token1 = FactoryGirl.create factory_name
+      token2 = FactoryGirl.create factory_name
+      token2.token = token1.token
+      expect(token2).not_to be_valid
+    end
+
+    it 'expects database to throw an error when tokens are the same' do
+      token1 = FactoryGirl.create factory_name
+      token2 = FactoryGirl.create factory_name
+      token2.token = token1.token
+      expect do
+        token2.save!(validate: false)
+      end.to raise_error(uniqueness_error)
+    end
+  end
+end