doorkeeper-sequel 1.2.1

data/spec/lib/config_spec.rb

@@ -0,0 +1,334 @@
+require 'spec_helper_integration'
+
+describe Doorkeeper, 'configuration' do
+  subject { Doorkeeper.configuration }
+
+  describe 'resource_owner_authenticator' do
+    it 'sets the block that is accessible via authenticate_resource_owner' do
+      block = proc {}
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        resource_owner_authenticator(&block)
+      end
+      expect(subject.authenticate_resource_owner).to eq(block)
+    end
+  end
+
+  describe 'setup_orm_adapter' do
+    it 'adds specific error message to NameError exception' do
+      expect do
+        Doorkeeper.configure { orm 'hibernate' }
+      end.to raise_error(NameError, /ORM adapter not found \(hibernate\)/)
+    end
+
+    it 'does not change other exceptions' do
+      allow_any_instance_of(String).to receive(:classify) { raise NoMethodError }
+
+      expect do
+        Doorkeeper.configure { orm 'hibernate' }
+      end.to raise_error(NoMethodError, /ORM adapter not found \(hibernate\)/)
+    end
+  end
+
+  describe 'admin_authenticator' do
+    it 'sets the block that is accessible via authenticate_admin' do
+      block = proc {}
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        admin_authenticator(&block)
+      end
+      expect(subject.authenticate_admin).to eq(block)
+    end
+  end
+
+  describe 'access_token_expires_in' do
+    it 'has 2 hours by default' do
+      expect(subject.access_token_expires_in).to eq(2.hours)
+    end
+
+    it 'can change the value' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        access_token_expires_in 4.hours
+      end
+      expect(subject.access_token_expires_in).to eq(4.hours)
+    end
+
+    it 'can be set to nil' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        access_token_expires_in nil
+      end
+      expect(subject.access_token_expires_in).to be_nil
+    end
+  end
+
+  describe 'scopes' do
+    it 'has default scopes' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        default_scopes :public
+      end
+      expect(subject.default_scopes).to include('public')
+    end
+
+    it 'has optional scopes' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        optional_scopes :write, :update
+      end
+      expect(subject.optional_scopes).to include('write', 'update')
+    end
+
+    it 'has all scopes' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        default_scopes  :normal
+        optional_scopes :admin
+      end
+      expect(subject.scopes).to include('normal', 'admin')
+    end
+  end
+
+  describe 'use_refresh_token' do
+    it 'is false by default' do
+      expect(subject.refresh_token_enabled?).to be_falsey
+    end
+
+    it 'can change the value' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        use_refresh_token
+      end
+      expect(subject.refresh_token_enabled?).to be_truthy
+    end
+
+    it "does not includes 'refresh_token' in authorization_response_types" do
+      expect(subject.token_grant_types).not_to include 'refresh_token'
+    end
+
+    context "is enabled" do
+      before do
+        Doorkeeper.configure {
+          orm DOORKEEPER_ORM
+          use_refresh_token
+        }
+      end
+
+      it "includes 'refresh_token' in authorization_response_types" do
+        expect(subject.token_grant_types).to include 'refresh_token'
+      end
+    end
+  end
+
+  describe 'client_credentials' do
+    it 'has defaults order' do
+      expect(subject.client_credentials_methods).to eq([:from_basic, :from_params])
+    end
+
+    it 'can change the value' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        client_credentials :from_digest, :from_params
+      end
+      expect(subject.client_credentials_methods).to eq([:from_digest, :from_params])
+    end
+  end
+
+  describe 'force_ssl_in_redirect_uri' do
+    it 'is true by default in non-development environments' do
+      expect(subject.force_ssl_in_redirect_uri).to be_truthy
+    end
+
+    it 'can change the value' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        force_ssl_in_redirect_uri(false)
+      end
+      expect(subject.force_ssl_in_redirect_uri).to be_falsey
+    end
+  end
+
+  describe 'access_token_methods' do
+    it 'has defaults order' do
+      expect(subject.access_token_methods).to eq([:from_bearer_authorization, :from_access_token_param, :from_bearer_param])
+    end
+
+    it 'can change the value' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        access_token_methods :from_access_token_param, :from_bearer_param
+      end
+      expect(subject.access_token_methods).to eq([:from_access_token_param, :from_bearer_param])
+    end
+  end
+
+  describe 'enable_application_owner' do
+    it 'is disabled by default' do
+      expect(Doorkeeper.configuration.enable_application_owner?).not_to be_truthy
+    end
+
+    context 'when enabled without confirmation' do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          enable_application_owner
+        end
+      end
+      it 'adds support for application owner' do
+        expect(Doorkeeper::Application.new).to respond_to :owner
+      end
+      it 'Doorkeeper.configuration.confirm_application_owner? returns false' do
+        expect(Doorkeeper.configuration.confirm_application_owner?).not_to be_truthy
+      end
+    end
+
+    context 'when enabled with confirmation set to true' do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          enable_application_owner confirmation: true
+        end
+      end
+      it 'adds support for application owner' do
+        expect(Doorkeeper::Application.new).to respond_to :owner
+      end
+      it 'Doorkeeper.configuration.confirm_application_owner? returns true' do
+        expect(Doorkeeper.configuration.confirm_application_owner?).to be_truthy
+      end
+    end
+  end
+
+  describe 'realm' do
+    it 'is \'Doorkeeper\' by default' do
+      expect(Doorkeeper.configuration.realm).to eq('Doorkeeper')
+    end
+
+    it 'can change the value' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        realm 'Example'
+      end
+      expect(subject.realm).to eq('Example')
+    end
+  end
+
+  describe "grant_flows" do
+    it "is set to all grant flows by default" do
+      expect(Doorkeeper.configuration.grant_flows).
+        to eq(%w(authorization_code client_credentials))
+    end
+
+    it "can change the value" do
+      Doorkeeper.configure {
+        orm DOORKEEPER_ORM
+        grant_flows [ 'authorization_code', 'implicit' ]
+      }
+      expect(subject.grant_flows).to eq ['authorization_code', 'implicit']
+    end
+
+    context "when including 'authorization_code'" do
+      before do
+        Doorkeeper.configure {
+          orm DOORKEEPER_ORM
+          grant_flows ['authorization_code']
+        }
+      end
+
+      it "includes 'code' in authorization_response_types" do
+        expect(subject.authorization_response_types).to include 'code'
+      end
+
+      it "includes 'authorization_code' in token_grant_types" do
+        expect(subject.token_grant_types).to include 'authorization_code'
+      end
+    end
+
+    context "when including 'implicit'" do
+      before do
+        Doorkeeper.configure {
+          orm DOORKEEPER_ORM
+          grant_flows ['implicit']
+        }
+      end
+
+      it "includes 'token' in authorization_response_types" do
+        expect(subject.authorization_response_types).to include 'token'
+      end
+    end
+
+    context "when including 'password'" do
+      before do
+        Doorkeeper.configure {
+          orm DOORKEEPER_ORM
+          grant_flows ['password']
+        }
+      end
+
+      it "includes 'password' in token_grant_types" do
+        expect(subject.token_grant_types).to include 'password'
+      end
+    end
+
+    context "when including 'client_credentials'" do
+      before do
+        Doorkeeper.configure {
+          orm DOORKEEPER_ORM
+          grant_flows ['client_credentials']
+        }
+      end
+
+      it "includes 'client_credentials' in token_grant_types" do
+        expect(subject.token_grant_types).to include 'client_credentials'
+      end
+    end
+  end
+
+  it 'raises an exception when configuration is not set' do
+    old_config = Doorkeeper.configuration
+    Doorkeeper.module_eval do
+      @config = nil
+    end
+
+    expect do
+      Doorkeeper.configuration
+    end.to raise_error Doorkeeper::MissingConfiguration
+
+    Doorkeeper.module_eval do
+      @config = old_config
+    end
+  end
+
+  describe 'access_token_generator' do
+    it 'is \'Doorkeeper::OAuth::Helpers::UniqueToken\' by default' do
+      expect(Doorkeeper.configuration.access_token_generator).to(
+        eq('Doorkeeper::OAuth::Helpers::UniqueToken')
+      )
+    end
+
+    it 'can change the value' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        access_token_generator 'Example'
+      end
+      expect(subject.access_token_generator).to eq('Example')
+    end
+  end
+
+  describe 'base_controller' do
+    context 'default' do
+      it { expect(Doorkeeper.configuration.base_controller).to eq('ActionController::Base') }
+    end
+
+    context 'custom' do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          base_controller 'ApplicationController'
+        end
+      end
+
+      it { expect(Doorkeeper.configuration.base_controller).to eq('ApplicationController') }
+    end
+  end
+end

data/spec/lib/doorkeeper_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper_integration'
+
+describe Doorkeeper do
+  describe 'authenticate' do
+    let(:token) { double('Token') }
+    let(:request) { double('ActionDispatch::Request') }
+    before do
+      allow(Doorkeeper::OAuth::Token).to receive(:authenticate).
+        with(request, *token_strategies) { token }
+    end
+
+    context 'with specific access token strategies' do
+      let(:token_strategies) { [:first_way, :second_way] }
+
+      it 'authenticates the token from the request' do
+        expect(Doorkeeper.authenticate(request, token_strategies)).to eq(token)
+      end
+    end
+
+    context 'with default access token strategies' do
+      let(:token_strategies) { Doorkeeper.configuration.access_token_methods }
+
+      it 'authenticates the token from the request' do
+        expect(Doorkeeper.authenticate(request)).to eq(token)
+      end
+    end
+  end
+end

data/spec/lib/models/expirable_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+require 'timecop'
+require 'active_support/time'
+require 'doorkeeper/models/concerns/expirable'
+
+describe 'Expirable' do
+  subject do
+    Class.new do
+      include Doorkeeper::Models::Expirable
+    end.new
+  end
+
+  before do
+    allow(subject).to receive(:created_at).and_return(1.minute.ago)
+  end
+
+  describe :expired? do
+    it 'is not expired if time has not passed' do
+      allow(subject).to receive(:expires_in).and_return(2.minutes)
+      expect(subject).not_to be_expired
+    end
+
+    it 'is expired if time has passed' do
+      allow(subject).to receive(:expires_in).and_return(10.seconds)
+      expect(subject).to be_expired
+    end
+
+    it 'is not expired if expires_in is not set' do
+      allow(subject).to receive(:expires_in).and_return(nil)
+      expect(subject).not_to be_expired
+    end
+  end
+
+  describe :expires_in_seconds do
+    it 'should return the amount of time remaining until the token is expired' do
+      allow(subject).to receive(:expires_in).and_return(2.minutes)
+      expect(subject.expires_in_seconds).to eq(60)
+    end
+
+    it 'should return 0 when expired' do
+      allow(subject).to receive(:expires_in).and_return(30.seconds)
+      expect(subject.expires_in_seconds).to eq(0)
+    end
+
+    it 'should return nil when expires_in is nil' do
+      allow(subject).to receive(:expires_in).and_return(nil)
+      expect(subject.expires_in_seconds).to be_nil
+    end
+
+  end
+end

data/spec/lib/models/revocable_spec.rb

@@ -0,0 +1,59 @@
+require 'spec_helper'
+require 'active_support/core_ext/object/blank'
+require 'doorkeeper/models/concerns/revocable'
+
+describe 'Revocable' do
+  subject do
+    Class.new do
+      include Doorkeeper::Models::Revocable
+    end.new
+  end
+
+  describe :revoke do
+    it 'updates :revoked_at attribute with current time' do
+      utc = double utc: double
+      clock = double now: utc
+      expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now.utc)
+      subject.revoke(clock)
+    end
+  end
+
+  describe :revoked? do
+    it 'is revoked if :revoked_at has passed' do
+      allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
+      expect(subject).to be_revoked
+    end
+
+    it 'is not revoked if :revoked_at has not passed' do
+      allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
+      expect(subject).not_to be_revoked
+    end
+
+    it 'is not revoked if :revoked_at is not set' do
+      allow(subject).to receive(:revoked_at).and_return(nil)
+      expect(subject).not_to be_revoked
+    end
+  end
+
+  describe :revoke_previous_refresh_token! do
+    it "revokes the previous token if existing, and resets the
+      `previous_refresh_token` attribute" do
+      previous_token = FactoryGirl.create(
+        :access_token,
+        refresh_token: "refresh_token"
+      )
+      current_token = FactoryGirl.create(
+        :access_token,
+        previous_refresh_token: previous_token.refresh_token
+      )
+
+      expect_any_instance_of(
+        Doorkeeper::AccessToken
+      ).to receive(:revoke).and_call_original
+      current_token.revoke_previous_refresh_token!
+
+      expect(current_token.previous_refresh_token).to be_empty
+      expect(previous_token.reload).to be_revoked
+    end
+  end
+end

data/spec/lib/models/scopes_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/object/blank'
+require 'doorkeeper/oauth/scopes'
+require 'doorkeeper/models/concerns/scopes'
+
+describe 'Doorkeeper::Models::Scopes' do
+  subject do
+    Class.new(Hash) do
+      include Doorkeeper::Models::Scopes
+    end.new
+  end
+
+  before do
+    subject[:scopes] = 'public admin'
+  end
+
+  describe :scopes do
+    it 'is a `Scopes` class' do
+      expect(subject.scopes).to be_a(Doorkeeper::OAuth::Scopes)
+    end
+
+    it 'includes scopes' do
+      expect(subject.scopes).to include('public')
+    end
+  end
+
+  describe :scopes_string do
+    it 'is a `Scopes` class' do
+      expect(subject.scopes_string).to eq('public admin')
+    end
+  end
+
+  describe :includes_scope? do
+    it 'should return true if at least one scope is included' do
+      expect(subject.includes_scope?('public', 'private')).to be true
+    end
+
+    it 'should return false if no scopes are included' do
+      expect(subject.includes_scope?('teacher', 'student')).to be false
+    end
+  end
+end

data/spec/lib/oauth/authorization/uri_builder_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'uri'
+require 'rack/utils'
+require 'doorkeeper/oauth/authorization/uri_builder'
+
+module Doorkeeper::OAuth::Authorization
+  describe URIBuilder do
+
+    subject { Object.new.class.send :include, URIBuilder }
+
+    describe :uri_with_query do
+      it 'returns the uri with query' do
+        uri = subject.uri_with_query 'http://example.com/', parameter: 'value'
+        expect(uri).to eq('http://example.com/?parameter=value')
+      end
+
+      it 'rejects nil values' do
+        uri = subject.uri_with_query 'http://example.com/', parameter: ''
+        expect(uri).to eq('http://example.com/?')
+      end
+
+      it 'preserves original query parameters' do
+        uri = subject.uri_with_query 'http://example.com/?query1=value', parameter: 'value'
+        expect(uri).to match(/query1=value/)
+        expect(uri).to match(/parameter=value/)
+      end
+    end
+
+    describe :uri_with_fragment do
+      it 'returns uri with parameters as fragments' do
+        uri = subject.uri_with_fragment 'http://example.com/', parameter: 'value'
+        expect(uri).to eq('http://example.com/#parameter=value')
+      end
+
+      it 'preserves original query parameters' do
+        uri = subject.uri_with_fragment 'http://example.com/?query1=value1', parameter: 'value'
+        expect(uri).to eq('http://example.com/?query1=value1#parameter=value')
+      end
+    end
+  end
+end

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe AuthorizationCodeRequest do
+    let(:server) do
+      double :server,
+             access_token_expires_in: 2.days,
+             refresh_token_enabled?: false,
+             custom_access_token_expires_in: ->(_app) { nil }
+    end
+    let(:grant)  { FactoryGirl.create :access_grant }
+    let(:client) { grant.application }
+
+    subject do
+      AuthorizationCodeRequest.new server, grant, client, redirect_uri: client.redirect_uri
+    end
+
+    it 'issues a new token for the client' do
+      expect do
+        subject.authorize
+      end.to change { client.reload.access_tokens.count }.by(1)
+    end
+
+    it "issues the token with same grant's scopes" do
+      subject.authorize
+      expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
+    end
+
+    it 'revokes the grant' do
+      expect do
+        subject.authorize
+      end.to change { grant.reload.accessible? }
+    end
+
+    it 'requires the grant to be accessible' do
+      grant.revoke
+      subject.validate
+      expect(subject.error).to eq(:invalid_grant)
+    end
+
+    it 'requires the grant' do
+      subject.grant = nil
+      subject.validate
+      expect(subject.error).to eq(:invalid_grant)
+    end
+
+    it 'requires the client' do
+      subject.client = nil
+      subject.validate
+      expect(subject.error).to eq(:invalid_client)
+    end
+
+    it 'requires the redirect_uri' do
+      subject.redirect_uri = nil
+      subject.validate
+      expect(subject.error).to eq(:invalid_request)
+    end
+
+    it "matches the redirect_uri with grant's one" do
+      subject.redirect_uri = 'http://other.com'
+      subject.validate
+      expect(subject.error).to eq(:invalid_grant)
+    end
+
+    it "matches the client with grant's one" do
+      subject.client = FactoryGirl.create :application
+      subject.validate
+      expect(subject.error).to eq(:invalid_grant)
+    end
+
+    it 'skips token creation if there is a matching one' do
+      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+      FactoryGirl.create(:access_token, application_id: client.id,
+        resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s)
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
+  end
+end

data/spec/lib/oauth/client/credentials_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+
+class Doorkeeper::OAuth::Client
+  describe Credentials do
+    it 'is blank when any of the credentials is blank' do
+      expect(Credentials.new(nil, 'something')).to be_blank
+      expect(Credentials.new('something', nil)).to be_blank
+    end
+
+    describe :from_request do
+      let(:request) { double.as_null_object }
+
+      let(:method) do
+        ->(_request) { return 'uid', 'secret' }
+      end
+
+      it 'accepts anything that responds to #call' do
+        expect(method).to receive(:call).with(request)
+        Credentials.from_request request, method
+      end
+
+      it 'delegates methods received as symbols to Credentials class' do
+        expect(Credentials).to receive(:from_params).with(request)
+        Credentials.from_request request, :from_params
+      end
+
+      it 'stops at the first credentials found' do
+        not_called_method = double
+        expect(not_called_method).not_to receive(:call)
+        Credentials.from_request request, ->(_) {}, method, not_called_method
+      end
+
+      it 'returns new Credentials' do
+        credentials = Credentials.from_request request, method
+        expect(credentials).to be_a(Credentials)
+      end
+
+      it 'returns uid and secret from extractor method' do
+        credentials = Credentials.from_request request, method
+        expect(credentials.uid).to    eq('uid')
+        expect(credentials.secret).to eq('secret')
+      end
+    end
+  end
+end