RubyGems - doorkeeper-sequel - Versions diffs - 1.2.1 - Mend

doorkeeper-sequel 1.2.1

Files changed (197) hide show

data/spec/lib/oauth/client/methods_spec.rb ADDED Viewed

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+class Doorkeeper::OAuth::Client
+  describe 'Methods' do
+    let(:client_id) { 'some-uid' }
+    let(:client_secret) { 'some-secret' }
+    subject do
+      Class.new do
+        include Methods
+      end.new
+    end
+    describe :from_params do
+      it 'returns credentials from parameters when Authorization header is not available' do
+        request     = double parameters: { client_id: client_id, client_secret: client_secret }
+        uid, secret = subject.from_params(request)
+        expect(uid).to    eq('some-uid')
+        expect(secret).to eq('some-secret')
+      end
+      it 'is blank when there are no credentials' do
+        request     = double parameters: {}
+        uid, secret = subject.from_params(request)
+        expect(uid).to    be_blank
+        expect(secret).to be_blank
+      end
+    end
+    describe :from_basic do
+      let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
+      it 'decodes the credentials' do
+        request     = double authorization: "Basic #{credentials}"
+        uid, secret = subject.from_basic(request)
+        expect(uid).to    eq('some-uid')
+        expect(secret).to eq('some-secret')
+      end
+      it 'is blank if Authorization is not Basic' do
+        request     = double authorization: "#{credentials}"
+        uid, secret = subject.from_basic(request)
+        expect(uid).to    be_blank
+        expect(secret).to be_blank
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/creator_spec.rb ADDED Viewed

@@ -0,0 +1,44 @@
+require 'spec_helper_integration'
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Creator do
+    let(:client) { FactoryGirl.create :application }
+    let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public') }
+    it 'creates a new token' do
+      expect do
+        subject.call(client, scopes)
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
+    context "when reuse_access_token is true" do
+      it "returns the existing valid token" do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        existing_token = subject.call(client, scopes)
+        result = subject.call(client, scopes)
+        expect(Doorkeeper::AccessToken.count).to eq(1)
+        expect(result).to eq(existing_token)
+      end
+    end
+    context "when reuse_access_token is false" do
+      it "returns a new token" do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
+        existing_token = subject.call(client, scopes)
+        result = subject.call(client, scopes)
+        expect(Doorkeeper::AccessToken.count).to eq(2)
+        expect(result).not_to eq(existing_token)
+      end
+    end
+    it 'returns false if creation fails' do
+      expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
+      created = subject.call(client, scopes)
+      expect(created).to be_falsey
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/issuer_spec.rb ADDED Viewed

@@ -0,0 +1,86 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/oauth/client_credentials/issuer'
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Issuer do
+    let(:creator) { double :acces_token_creator }
+    let(:server) do
+      double(
+        :server,
+        access_token_expires_in: 100,
+        custom_access_token_expires_in: ->(_app) { nil }
+      )
+    end
+    let(:validation) { double :validation, valid?: true }
+    subject { Issuer.new(server, validation) }
+    describe :create do
+      let(:client) { double :client, id: 'some-id' }
+      let(:scopes) { 'some scope' }
+      it 'creates and sets the token' do
+        expect(creator).to receive(:call).and_return('token')
+        subject.create client, scopes, creator
+        expect(subject.token).to eq('token')
+      end
+      it 'creates with correct token parameters' do
+        expect(creator).to receive(:call).with(
+          client,
+          scopes,
+          expires_in: 100,
+          use_refresh_token: false
+        )
+        subject.create client, scopes, creator
+      end
+      it 'has error set to :server_error if creator fails' do
+        expect(creator).to receive(:call).and_return(false)
+        subject.create client, scopes, creator
+        expect(subject.error).to eq(:server_error)
+      end
+      context 'when validation fails' do
+        before do
+          allow(validation).to receive(:valid?).and_return(false)
+          allow(validation).to receive(:error).and_return(:validation_error)
+          expect(creator).not_to receive(:create)
+        end
+        it 'has error set from validation' do
+          subject.create client, scopes, creator
+          expect(subject.error).to eq(:validation_error)
+        end
+        it 'returns false' do
+          expect(subject.create(client, scopes, creator)).to be_falsey
+        end
+      end
+      context 'with custom expirations' do
+        let(:custom_ttl) { 1233 }
+        let(:server) do
+          double(
+            :server,
+            custom_access_token_expires_in: ->(_app) { custom_ttl }
+          )
+        end
+        it 'creates with correct token parameters' do
+          expect(creator).to receive(:call).with(
+            client,
+            scopes,
+            expires_in: custom_ttl,
+            use_refresh_token: false
+          )
+          subject.create client, scopes, creator
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/validation_spec.rb ADDED Viewed

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/oauth/client_credentials/validation'
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Validation do
+    let(:server)      { double :server, scopes: nil }
+    let(:application) { double scopes: nil }
+    let(:client)      { double application: application }
+    let(:request)     { double :request, client: client, scopes: nil }
+    subject { Validation.new(server, request) }
+    it 'is valid with valid request' do
+      expect(subject).to be_valid
+    end
+    it 'is invalid when client is not present' do
+      allow(request).to receive(:client).and_return(nil)
+      expect(subject).not_to be_valid
+    end
+    context 'with scopes' do
+      it 'is invalid when scopes are not included in the server' do
+        server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email'
+        allow(server).to receive(:scopes).and_return(server_scopes)
+        allow(request).to receive(:scopes).and_return(
+          Doorkeeper::OAuth::Scopes.from_string 'invalid')
+        expect(subject).not_to be_valid
+      end
+      context 'with application scopes' do
+        it 'is valid when scopes are included in the application' do
+          application_scopes = Doorkeeper::OAuth::Scopes.from_string 'app'
+          server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email app'
+          allow(application).to receive(:scopes).and_return(application_scopes)
+          allow(server).to receive(:scopes).and_return(server_scopes)
+          allow(request).to receive(:scopes).and_return(application_scopes)
+          expect(subject).to be_valid
+        end
+        it 'is invalid when scopes are not included in the application' do
+          application_scopes = Doorkeeper::OAuth::Scopes.from_string 'app'
+          server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email app'
+          allow(application).to receive(:scopes).and_return(application_scopes)
+          allow(server).to receive(:scopes).and_return(server_scopes)
+          allow(request).to receive(:scopes).and_return(
+            Doorkeeper::OAuth::Scopes.from_string 'email')
+          expect(subject).not_to be_valid
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials_integration_spec.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require 'spec_helper_integration'
+module Doorkeeper::OAuth
+  describe ClientCredentialsRequest do
+    let(:server) { Doorkeeper.configuration }
+    context 'with a valid request' do
+      let(:client) { FactoryGirl.create :application }
+      it 'issues an access token' do
+        request = ClientCredentialsRequest.new(server, client, {})
+        expect do
+          request.authorize
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+      end
+    end
+    describe 'with an invalid request' do
+      it 'does not issue an access token' do
+        request = ClientCredentialsRequest.new(server, nil, {})
+        expect do
+          request.authorize
+        end.to_not change { Doorkeeper::AccessToken.count }
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials_request_spec.rb ADDED Viewed

@@ -0,0 +1,104 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'active_model'
+require 'doorkeeper/oauth/client_credentials_request'
+module Doorkeeper::OAuth
+  describe ClientCredentialsRequest do
+    let(:server) do
+      double(
+        default_scopes: nil,
+        custom_access_token_expires_in: ->(_app) { nil }
+      )
+    end
+    let(:application)   { double :application, scopes: Scopes.from_string('') }
+    let(:client)        { double :client, application: application }
+    let(:token_creator) { double :issuer, create: true, token: double }
+    subject { ClientCredentialsRequest.new(server, client) }
+    before do
+      subject.issuer = token_creator
+    end
+    it 'issues an access token for the current client' do
+      expect(token_creator).to receive(:create).with(client, nil)
+      subject.authorize
+    end
+    it 'has successful response when issue was created' do
+      subject.authorize
+      expect(subject.response).to be_a(TokenResponse)
+    end
+    context 'if issue was not created' do
+      before do
+        subject.issuer = double create: false, error: :invalid
+      end
+      it 'has an error response' do
+        subject.authorize
+        expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
+      end
+      it 'delegates the error to issuer' do
+        subject.authorize
+        expect(subject.error).to eq(:invalid)
+      end
+    end
+    context 'with scopes' do
+      let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string('public email') }
+      before do
+        allow(server).to receive(:default_scopes).and_return(default_scopes)
+      end
+      it 'issues an access token with default scopes if none was requested' do
+        expect(token_creator).to receive(:create).with(client, default_scopes)
+        subject.authorize
+      end
+      it 'issues an access token with requested scopes' do
+        subject = ClientCredentialsRequest.new(server, client, scope: 'email')
+        subject.issuer = token_creator
+        expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string('email'))
+        subject.authorize
+      end
+    end
+    context 'with restricted client' do
+      let(:default_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string('public email')
+      end
+      let(:server_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string('public email phone')
+      end
+      let(:client_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string('public phone')
+      end
+      before do
+        allow(server).to receive(:default_scopes).and_return(default_scopes)
+        allow(server).to receive(:scopes).and_return(server_scopes)
+        allow(server).to receive(:access_token_expires_in).and_return(100)
+        allow(application).to receive(:scopes).and_return(client_scopes)
+        allow(client).to receive(:id).and_return(nil)
+      end
+      it 'delegates the error to issuer if no scope was requested' do
+        subject = ClientCredentialsRequest.new(server, client)
+        subject.authorize
+        expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
+        expect(subject.error).to eq(:invalid_scope)
+      end
+      it 'issues an access token with requested scopes' do
+        subject = ClientCredentialsRequest.new(server, client, scope: 'phone')
+        subject.authorize
+        expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
+        expect(subject.response.token.scopes_string).to eq('phone')
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_spec.rb ADDED Viewed

@@ -0,0 +1,39 @@
+require 'spec_helper'
+require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+module Doorkeeper::OAuth
+  describe Client do
+    describe :find do
+      let(:method) { double }
+      it 'finds the client via uid' do
+        client = double
+        expect(method).to receive(:call).with('uid').and_return(client)
+        expect(Client.find('uid', method)).to be_a(Client)
+      end
+      it 'returns nil if client was not found' do
+        expect(method).to receive(:call).with('uid').and_return(nil)
+        expect(Client.find('uid', method)).to be_nil
+      end
+    end
+    describe :authenticate do
+      it 'returns the authenticated client via credentials' do
+        credentials = Client::Credentials.new('some-uid', 'some-secret')
+        authenticator = double
+        expect(authenticator).to receive(:call).with('some-uid', 'some-secret').and_return(double)
+        expect(Client.authenticate(credentials, authenticator)).to be_a(Client)
+      end
+      it 'returns nil if client was not authenticated' do
+        credentials = Client::Credentials.new('some-uid', 'some-secret')
+        authenticator = double
+        expect(authenticator).to receive(:call).with('some-uid', 'some-secret').and_return(nil)
+        expect(Client.authenticate(credentials, authenticator)).to be_nil
+      end
+    end
+  end
+end

data/spec/lib/oauth/code_request_spec.rb ADDED Viewed

@@ -0,0 +1,45 @@
+require 'spec_helper_integration'
+module Doorkeeper::OAuth
+  describe CodeRequest do
+    let(:pre_auth) do
+      double(
+        :pre_auth,
+        client: double(:application, id: 9990),
+        redirect_uri: 'http://tst.com/cb',
+        scopes: nil,
+        state: nil,
+        error: nil,
+        authorizable?: true
+      )
+    end
+    let(:owner) { double :owner, id: 8900 }
+    subject do
+      CodeRequest.new(pre_auth, owner)
+    end
+    it 'creates an access grant' do
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessGrant.count }.by(1)
+    end
+    it 'returns a code response' do
+      expect(subject.authorize).to be_a(CodeResponse)
+    end
+    it 'does not create grant when not authorizable' do
+      allow(pre_auth).to receive(:authorizable?).and_return(false)
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessGrant.count }
+    end
+    it 'returns a error response' do
+      allow(pre_auth).to receive(:authorizable?).and_return(false)
+      expect(subject.authorize).to be_a(ErrorResponse)
+    end
+  end
+end

data/spec/lib/oauth/code_response_spec.rb ADDED Viewed

@@ -0,0 +1,34 @@
+require 'spec_helper'
+module Doorkeeper
+  module OAuth
+    describe CodeResponse do
+      describe '.redirect_uri' do
+        context 'when generating the redirect URI for an implicit grant' do
+          let :pre_auth do
+            double(
+              :pre_auth,
+              client: double(:application, id: 1),
+              redirect_uri: 'http://tst.com/cb',
+              state: nil,
+              scopes: Scopes.from_string('public'),
+            )
+          end
+          let :auth do
+            Authorization::Token.new(pre_auth, double(id: 1)).tap do |c|
+              c.issue_token
+              allow(c.token).to receive(:expires_in_seconds).and_return(3600)
+            end
+          end
+          subject { CodeResponse.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
+          it 'includes the remaining TTL of the token relative to the time the token was generated' do
+            expect(subject).to include('expires_in=3600')
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/error_response_spec.rb ADDED Viewed

@@ -0,0 +1,61 @@
+require 'spec_helper'
+require 'active_model'
+require 'doorkeeper/oauth/error'
+require 'doorkeeper/oauth/error_response'
+module Doorkeeper::OAuth
+  describe ErrorResponse do
+    describe '#status' do
+      it 'should have a status of unauthorized' do
+        expect(subject.status).to eq(:unauthorized)
+      end
+    end
+    describe :from_request do
+      it 'has the error from request' do
+        error = ErrorResponse.from_request double(error: :some_error)
+        expect(error.name).to eq(:some_error)
+      end
+      it 'ignores state if request does not respond to state' do
+        error = ErrorResponse.from_request double(error: :some_error)
+        expect(error.state).to be_nil
+      end
+      it 'has state if request responds to state' do
+        error = ErrorResponse.from_request double(error: :some_error, state: :hello)
+        expect(error.state).to eq(:hello)
+      end
+    end
+    it 'ignores empty error values' do
+      subject = ErrorResponse.new(error: :some_error, state: nil)
+      expect(subject.body).not_to have_key(:state)
+    end
+    describe '.body' do
+      subject { ErrorResponse.new(name: :some_error, state: :some_state).body }
+      describe '#body' do
+        it { expect(subject).to have_key(:error) }
+        it { expect(subject).to have_key(:error_description) }
+        it { expect(subject).to have_key(:state) }
+      end
+    end
+    describe '.authenticate_info' do
+      let(:error_response) { ErrorResponse.new(name: :some_error, state: :some_state) }
+      subject { error_response.authenticate_info }
+      it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
+      it { expect(subject).to include("error=\"#{error_response.name}\"") }
+      it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
+    end
+    describe '.headers' do
+      subject { ErrorResponse.new(name: :some_error, state: :some_state).headers }
+      it { expect(subject).to include 'WWW-Authenticate' }
+    end
+  end
+end

data/spec/lib/oauth/error_spec.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'active_support/i18n'
+require 'doorkeeper/oauth/error'
+module Doorkeeper::OAuth
+  describe Error do
+    subject(:error) { Error.new(:some_error, :some_state) }
+    it { expect(subject).to respond_to(:name) }
+    it { expect(subject).to respond_to(:state) }
+    describe :description do
+      it 'is translated from translation messages' do
+        expect(I18n).to receive(:translate).with(
+          :some_error,
+          scope: [:doorkeeper, :errors, :messages],
+          default: :server_error
+        )
+        error.description
+      end
+    end
+  end
+end

data/spec/lib/oauth/forbidden_token_response_spec.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'active_model'
+require 'doorkeeper'
+require 'doorkeeper/oauth/forbidden_token_response'
+module Doorkeeper::OAuth
+  describe ForbiddenTokenResponse do
+    describe '#name' do
+      it  { expect(subject.name).to eq(:invalid_scope) }
+    end
+    describe '#status' do
+      it { expect(subject.status).to eq(:forbidden) }
+    end
+    describe :from_scopes do
+      it 'should have a list of acceptable scopes' do
+        response = ForbiddenTokenResponse.from_scopes(["public"])
+        expect(response.description).to include('public')
+      end
+    end
+  end
+end

data/spec/lib/oauth/helpers/scope_checker_spec.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/helpers/scope_checker'
+require 'doorkeeper/oauth/scopes'
+module Doorkeeper::OAuth::Helpers
+  describe ScopeChecker, '.valid?' do
+    let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
+    it 'is valid if scope is present' do
+      server_scopes.add :scope
+      expect(ScopeChecker.valid?('scope', server_scopes)).to be_truthy
+    end
+    it 'is invalid if includes tabs space' do
+      expect(ScopeChecker.valid?("\tsomething", server_scopes)).to be_falsey
+    end
+    it 'is invalid if scope is not present' do
+      expect(ScopeChecker.valid?(nil, server_scopes)).to be_falsey
+    end
+    it 'is invalid if scope is blank' do
+      expect(ScopeChecker.valid?(' ', server_scopes)).to be_falsey
+    end
+    it 'is invalid if includes return space' do
+      expect(ScopeChecker.valid?("scope\r", server_scopes)).to be_falsey
+    end
+    it 'is invalid if includes new lines' do
+      expect(ScopeChecker.valid?("scope\nanother", server_scopes)).to be_falsey
+    end
+    it 'is invalid if any scope is not included in server scopes' do
+      expect(ScopeChecker.valid?('scope another', server_scopes)).to be_falsey
+    end
+    context 'with application_scopes' do
+      let(:server_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string 'common svr'
+      end
+      let(:application_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string 'app123'
+      end
+      it 'is valid if scope is included in the application scope list' do
+        expect(ScopeChecker.valid?(
+          'app123',
+          server_scopes,
+          application_scopes
+        )).to be_truthy
+      end
+      it 'is invalid if any scope is not included in the application' do
+        expect(ScopeChecker.valid?(
+          'svr',
+          server_scopes,
+          application_scopes
+        )).to be_falsey
+      end
+    end
+  end
+end

data/spec/lib/oauth/helpers/unique_token_spec.rb ADDED Viewed

@@ -0,0 +1,20 @@
+require 'spec_helper'
+require 'doorkeeper/oauth/helpers/unique_token'
+module Doorkeeper::OAuth::Helpers
+  describe UniqueToken do
+    let :generator do
+      ->(size) { 'a' * size }
+    end
+    it 'is able to customize the generator method' do
+      token = UniqueToken.generate(generator: generator)
+      expect(token).to eq('a' * 32)
+    end
+    it 'is able to customize the size of the token' do
+      token = UniqueToken.generate(generator: generator, size: 2)
+      expect(token).to eq('aa')
+    end
+  end
+end