RubyGems - doorkeeper-sequel - Versions diffs - 1.2.1 - Mend

doorkeeper-sequel 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

data/spec/lib/oauth/client/methods_spec.rb ADDED Viewed

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+class Doorkeeper::OAuth::Client
+  describe 'Methods' do
+    let(:client_id) { 'some-uid' }
+    let(:client_secret) { 'some-secret' }
+    subject do
+      Class.new do
+        include Methods
+      end.new
+    end
+    describe :from_params do
+      it 'returns credentials from parameters when Authorization header is not available' do
+        request     = double parameters: { client_id: client_id, client_secret: client_secret }
+        uid, secret = subject.from_params(request)
+        expect(uid).to    eq('some-uid')
+        expect(secret).to eq('some-secret')
+      end
+      it 'is blank when there are no credentials' do
+        request     = double parameters: {}
+        uid, secret = subject.from_params(request)
+        expect(uid).to    be_blank
+        expect(secret).to be_blank
+      end
+    end
+    describe :from_basic do
+      let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
+      it 'decodes the credentials' do
+        request     = double authorization: "Basic #{credentials}"
+        uid, secret = subject.from_basic(request)
+        expect(uid).to    eq('some-uid')
+        expect(secret).to eq('some-secret')
+      end
+      it 'is blank if Authorization is not Basic' do
+        request     = double authorization: "#{credentials}"
+        uid, secret = subject.from_basic(request)
+        expect(uid).to    be_blank
+        expect(secret).to be_blank
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/creator_spec.rb ADDED Viewed

@@ -0,0 +1,44 @@
+require 'spec_helper_integration'
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Creator do
+    let(:client) { FactoryGirl.create :application }
+    let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public') }
+    it 'creates a new token' do
+      expect do
+        subject.call(client, scopes)
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
+    context "when reuse_access_token is true" do
+      it "returns the existing valid token" do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        existing_token = subject.call(client, scopes)
+        result = subject.call(client, scopes)
+        expect(Doorkeeper::AccessToken.count).to eq(1)
+        expect(result).to eq(existing_token)
+      end
+    end
+    context "when reuse_access_token is false" do
+      it "returns a new token" do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
+        existing_token = subject.call(client, scopes)
+        result = subject.call(client, scopes)
+        expect(Doorkeeper::AccessToken.count).to eq(2)
+        expect(result).not_to eq(existing_token)
+      end
+    end
+    it 'returns false if creation fails' do
+      expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
+      created = subject.call(client, scopes)
+      expect(created).to be_falsey
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/issuer_spec.rb ADDED Viewed

@@ -0,0 +1,86 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/oauth/client_credentials/issuer'
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Issuer do
+    let(:creator) { double :acces_token_creator }
+    let(:server) do
+      double(
+        :server,
+        access_token_expires_in: 100,
+        custom_access_token_expires_in: ->(_app) { nil }
+      )
+    end
+    let(:validation) { double :validation, valid?: true }
+    subject { Issuer.new(server, validation) }
+    describe :create do
+      let(:client) { double :client, id: 'some-id' }
+      let(:scopes) { 'some scope' }
+      it 'creates and sets the token' do
+        expect(creator).to receive(:call).and_return('token')
+        subject.create client, scopes, creator
+        expect(subject.token).to eq('token')
+      end
+      it 'creates with correct token parameters' do
+        expect(creator).to receive(:call).with(
+          client,
+          scopes,
+          expires_in: 100,
+          use_refresh_token: false
+        )
+        subject.create client, scopes, creator
+      end
+      it 'has error set to :server_error if creator fails' do
+        expect(creator).to receive(:call).and_return(false)
+        subject.create client, scopes, creator
+        expect(subject.error).to eq(:server_error)
+      end
+      context 'when validation fails' do
+        before do
+          allow(validation).to receive(:valid?).and_return(false)
+          allow(validation).to receive(:error).and_return(:validation_error)
+          expect(creator).not_to receive(:create)
+        end
+        it 'has error set from validation' do
+          subject.create client, scopes, creator
+          expect(subject.error).to eq(:validation_error)
+        end
+        it 'returns false' do
+          expect(subject.create(client, scopes, creator)).to be_falsey
+        end
+      end
+      context 'with custom expirations' do
+        let(:custom_ttl) { 1233 }
+        let(:server) do
+          double(
+            :server,
+            custom_access_token_expires_in: ->(_app) { custom_ttl }
+          )
+        end
+        it 'creates with correct token parameters' do
+          expect(creator).to receive(:call).with(
+            client,
+            scopes,
+            expires_in: custom_ttl,
+            use_refresh_token: false
+          )
+          subject.create client, scopes, creator
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials/validation_spec.rb ADDED Viewed

@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'doorkeeper/oauth/client_credentials/validation'
+class Doorkeeper::OAuth::ClientCredentialsRequest
+  describe Validation do
+    let(:server)      { double :server, scopes: nil }
+    let(:application) { double scopes: nil }
+    let(:client)      { double application: application }
+    let(:request)     { double :request, client: client, scopes: nil }
+    subject { Validation.new(server, request) }
+    it 'is valid with valid request' do
+      expect(subject).to be_valid
+    end
+    it 'is invalid when client is not present' do
+      allow(request).to receive(:client).and_return(nil)
+      expect(subject).not_to be_valid
+    end
+    context 'with scopes' do
+      it 'is invalid when scopes are not included in the server' do
+        server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email'
+        allow(server).to receive(:scopes).and_return(server_scopes)
+        allow(request).to receive(:scopes).and_return(
+          Doorkeeper::OAuth::Scopes.from_string 'invalid')
+        expect(subject).not_to be_valid
+      end
+      context 'with application scopes' do
+        it 'is valid when scopes are included in the application' do
+          application_scopes = Doorkeeper::OAuth::Scopes.from_string 'app'
+          server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email app'
+          allow(application).to receive(:scopes).and_return(application_scopes)
+          allow(server).to receive(:scopes).and_return(server_scopes)
+          allow(request).to receive(:scopes).and_return(application_scopes)
+          expect(subject).to be_valid
+        end
+        it 'is invalid when scopes are not included in the application' do
+          application_scopes = Doorkeeper::OAuth::Scopes.from_string 'app'
+          server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email app'
+          allow(application).to receive(:scopes).and_return(application_scopes)
+          allow(server).to receive(:scopes).and_return(server_scopes)
+          allow(request).to receive(:scopes).and_return(
+            Doorkeeper::OAuth::Scopes.from_string 'email')
+          expect(subject).not_to be_valid
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials_integration_spec.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require 'spec_helper_integration'
+module Doorkeeper::OAuth
+  describe ClientCredentialsRequest do
+    let(:server) { Doorkeeper.configuration }
+    context 'with a valid request' do
+      let(:client) { FactoryGirl.create :application }
+      it 'issues an access token' do
+        request = ClientCredentialsRequest.new(server, client, {})
+        expect do
+          request.authorize
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+      end
+    end
+    describe 'with an invalid request' do
+      it 'does not issue an access token' do
+        request = ClientCredentialsRequest.new(server, nil, {})
+        expect do
+          request.authorize
+        end.to_not change { Doorkeeper::AccessToken.count }
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_credentials_request_spec.rb ADDED Viewed

@@ -0,0 +1,104 @@
+require 'spec_helper'
+require 'active_support/all'
+require 'active_model'
+require 'doorkeeper/oauth/client_credentials_request'
+module Doorkeeper::OAuth
+  describe ClientCredentialsRequest do
+    let(:server) do
+      double(
+        default_scopes: nil,
+        custom_access_token_expires_in: ->(_app) { nil }
+      )
+    end
+    let(:application)   { double :application, scopes: Scopes.from_string('') }
+    let(:client)        { double :client, application: application }
+    let(:token_creator) { double :issuer, create: true, token: double }
+    subject { ClientCredentialsRequest.new(server, client) }
+    before do
+      subject.issuer = token_creator
+    end
+    it 'issues an access token for the current client' do
+      expect(token_creator).to receive(:create).with(client, nil)
+      subject.authorize
+    end
+    it 'has successful response when issue was created' do
+      subject.authorize
+      expect(subject.response).to be_a(TokenResponse)
+    end
+    context 'if issue was not created' do
+      before do
+        subject.issuer = double create: false, error: :invalid
+      end
+      it 'has an error response' do
+        subject.authorize
+        expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
+      end
+      it 'delegates the error to issuer' do
+        subject.authorize
+        expect(subject.error).to eq(:invalid)
+      end
+    end
+    context 'with scopes' do
+      let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string('public email') }
+      before do
+        allow(server).to receive(:default_scopes).and_return(default_scopes)
+      end
+      it 'issues an access token with default scopes if none was requested' do
+        expect(token_creator).to receive(:create).with(client, default_scopes)
+        subject.authorize
+      end
+      it 'issues an access token with requested scopes' do
+        subject = ClientCredentialsRequest.new(server, client, scope: 'email')
+        subject.issuer = token_creator
+        expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string('email'))
+        subject.authorize
+      end
+    end
+    context 'with restricted client' do
+      let(:default_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string('public email')
+      end
+      let(:server_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string('public email phone')
+      end
+      let(:client_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string('public phone')
+      end
+      before do
+        allow(server).to receive(:default_scopes).and_return(default_scopes)
+        allow(server).to receive(:scopes).and_return(server_scopes)
+        allow(server).to receive(:access_token_expires_in).and_return(100)
+        allow(application).to receive(:scopes).and_return(client_scopes)
+        allow(client).to receive(:id).and_return(nil)
+      end
+      it 'delegates the error to issuer if no scope was requested' do
+        subject = ClientCredentialsRequest.new(server, client)
+        subject.authorize
+        expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
+        expect(subject.error).to eq(:invalid_scope)
+      end
+      it 'issues an access token with requested scopes' do
+        subject = ClientCredentialsRequest.new(server, client, scope: 'phone')
+        subject.authorize
+        expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
+        expect(subject.response.token.scopes_string).to eq('phone')
+      end
+    end
+  end
+end

data/spec/lib/oauth/client_spec.rb ADDED Viewed

@@ -0,0 +1,39 @@
+require 'spec_helper'
+require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/client'
+module Doorkeeper::OAuth
+  describe Client do
+    describe :find do
+      let(:method) { double }
+      it 'finds the client via uid' do
+        client = double
+        expect(method).to receive(:call).with('uid').and_return(client)
+        expect(Client.find('uid', method)).to be_a(Client)
+      end
+      it 'returns nil if client was not found' do
+        expect(method).to receive(:call).with('uid').and_return(nil)
+        expect(Client.find('uid', method)).to be_nil
+      end
+    end
+    describe :authenticate do
+      it 'returns the authenticated client via credentials' do
+        credentials = Client::Credentials.new('some-uid', 'some-secret')
+        authenticator = double
+        expect(authenticator).to receive(:call).with('some-uid', 'some-secret').and_return(double)
+        expect(Client.authenticate(credentials, authenticator)).to be_a(Client)
+      end
+      it 'returns nil if client was not authenticated' do
+        credentials = Client::Credentials.new('some-uid', 'some-secret')
+        authenticator = double
+        expect(authenticator).to receive(:call).with('some-uid', 'some-secret').and_return(nil)
+        expect(Client.authenticate(credentials, authenticator)).to be_nil
+      end
+    end
+  end
+end

data/spec/lib/oauth/code_request_spec.rb ADDED Viewed

@@ -0,0 +1,45 @@
+require 'spec_helper_integration'
+module Doorkeeper::OAuth
+  describe CodeRequest do
+    let(:pre_auth) do
+      double(
+        :pre_auth,
+        client: double(:application, id: 9990),
+        redirect_uri: 'http://tst.com/cb',
+        scopes: nil,
+        state: nil,
+        error: nil,
+        authorizable?: true
+      )
+    end
+    let(:owner) { double :owner, id: 8900 }
+    subject do
+      CodeRequest.new(pre_auth, owner)
+    end
+    it 'creates an access grant' do
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessGrant.count }.by(1)
+    end
+    it 'returns a code response' do
+      expect(subject.authorize).to be_a(CodeResponse)
+    end
+    it 'does not create grant when not authorizable' do
+      allow(pre_auth).to receive(:authorizable?).and_return(false)
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessGrant.count }
+    end
+    it 'returns a error response' do
+      allow(pre_auth).to receive(:authorizable?).and_return(false)
+      expect(subject.authorize).to be_a(ErrorResponse)
+    end
+  end
+end

data/spec/lib/oauth/code_response_spec.rb ADDED Viewed

@@ -0,0 +1,34 @@
+require 'spec_helper'
+module Doorkeeper
+  module OAuth
+    describe CodeResponse do
+      describe '.redirect_uri' do
+        context 'when generating the redirect URI for an implicit grant' do
+          let :pre_auth do
+            double(
+              :pre_auth,
+              client: double(:application, id: 1),
+              redirect_uri: 'http://tst.com/cb',
+              state: nil,
+              scopes: Scopes.from_string('public'),
+            )
+          end
+          let :auth do
+            Authorization::Token.new(pre_auth, double(id: 1)).tap do |c|
+              c.issue_token
+              allow(c.token).to receive(:expires_in_seconds).and_return(3600)
+            end
+          end
+          subject { CodeResponse.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
+          it 'includes the remaining TTL of the token relative to the time the token was generated' do
+            expect(subject).to include('expires_in=3600')
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/error_response_spec.rb ADDED Viewed

@@ -0,0 +1,61 @@
+require 'spec_helper'
+require 'active_model'
+require 'doorkeeper/oauth/error'
+require 'doorkeeper/oauth/error_response'
+module Doorkeeper::OAuth
+  describe ErrorResponse do
+    describe '#status' do
+      it 'should have a status of unauthorized' do
+        expect(subject.status).to eq(:unauthorized)
+      end
+    end
+    describe :from_request do
+      it 'has the error from request' do
+        error = ErrorResponse.from_request double(error: :some_error)
+        expect(error.name).to eq(:some_error)
+      end
+      it 'ignores state if request does not respond to state' do
+        error = ErrorResponse.from_request double(error: :some_error)
+        expect(error.state).to be_nil
+      end
+      it 'has state if request responds to state' do
+        error = ErrorResponse.from_request double(error: :some_error, state: :hello)
+        expect(error.state).to eq(:hello)
+      end
+    end
+    it 'ignores empty error values' do
+      subject = ErrorResponse.new(error: :some_error, state: nil)
+      expect(subject.body).not_to have_key(:state)
+    end
+    describe '.body' do
+      subject { ErrorResponse.new(name: :some_error, state: :some_state).body }
+      describe '#body' do
+        it { expect(subject).to have_key(:error) }
+        it { expect(subject).to have_key(:error_description) }
+        it { expect(subject).to have_key(:state) }
+      end
+    end
+    describe '.authenticate_info' do
+      let(:error_response) { ErrorResponse.new(name: :some_error, state: :some_state) }
+      subject { error_response.authenticate_info }
+      it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
+      it { expect(subject).to include("error=\"#{error_response.name}\"") }
+      it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
+    end
+    describe '.headers' do
+      subject { ErrorResponse.new(name: :some_error, state: :some_state).headers }
+      it { expect(subject).to include 'WWW-Authenticate' }
+    end
+  end
+end

data/spec/lib/oauth/error_spec.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'active_support/i18n'
+require 'doorkeeper/oauth/error'
+module Doorkeeper::OAuth
+  describe Error do
+    subject(:error) { Error.new(:some_error, :some_state) }
+    it { expect(subject).to respond_to(:name) }
+    it { expect(subject).to respond_to(:state) }
+    describe :description do
+      it 'is translated from translation messages' do
+        expect(I18n).to receive(:translate).with(
+          :some_error,
+          scope: [:doorkeeper, :errors, :messages],
+          default: :server_error
+        )
+        error.description
+      end
+    end
+  end
+end

data/spec/lib/oauth/forbidden_token_response_spec.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'active_model'
+require 'doorkeeper'
+require 'doorkeeper/oauth/forbidden_token_response'
+module Doorkeeper::OAuth
+  describe ForbiddenTokenResponse do
+    describe '#name' do
+      it  { expect(subject.name).to eq(:invalid_scope) }
+    end
+    describe '#status' do
+      it { expect(subject.status).to eq(:forbidden) }
+    end
+    describe :from_scopes do
+      it 'should have a list of acceptable scopes' do
+        response = ForbiddenTokenResponse.from_scopes(["public"])
+        expect(response.description).to include('public')
+      end
+    end
+  end
+end

data/spec/lib/oauth/helpers/scope_checker_spec.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'spec_helper'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/helpers/scope_checker'
+require 'doorkeeper/oauth/scopes'
+module Doorkeeper::OAuth::Helpers
+  describe ScopeChecker, '.valid?' do
+    let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
+    it 'is valid if scope is present' do
+      server_scopes.add :scope
+      expect(ScopeChecker.valid?('scope', server_scopes)).to be_truthy
+    end
+    it 'is invalid if includes tabs space' do
+      expect(ScopeChecker.valid?("\tsomething", server_scopes)).to be_falsey
+    end
+    it 'is invalid if scope is not present' do
+      expect(ScopeChecker.valid?(nil, server_scopes)).to be_falsey
+    end
+    it 'is invalid if scope is blank' do
+      expect(ScopeChecker.valid?(' ', server_scopes)).to be_falsey
+    end
+    it 'is invalid if includes return space' do
+      expect(ScopeChecker.valid?("scope\r", server_scopes)).to be_falsey
+    end
+    it 'is invalid if includes new lines' do
+      expect(ScopeChecker.valid?("scope\nanother", server_scopes)).to be_falsey
+    end
+    it 'is invalid if any scope is not included in server scopes' do
+      expect(ScopeChecker.valid?('scope another', server_scopes)).to be_falsey
+    end
+    context 'with application_scopes' do
+      let(:server_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string 'common svr'
+      end
+      let(:application_scopes) do
+        Doorkeeper::OAuth::Scopes.from_string 'app123'
+      end
+      it 'is valid if scope is included in the application scope list' do
+        expect(ScopeChecker.valid?(
+          'app123',
+          server_scopes,
+          application_scopes
+        )).to be_truthy
+      end
+      it 'is invalid if any scope is not included in the application' do
+        expect(ScopeChecker.valid?(
+          'svr',
+          server_scopes,
+          application_scopes
+        )).to be_falsey
+      end
+    end
+  end
+end

data/spec/lib/oauth/helpers/unique_token_spec.rb ADDED Viewed

@@ -0,0 +1,20 @@
+require 'spec_helper'
+require 'doorkeeper/oauth/helpers/unique_token'
+module Doorkeeper::OAuth::Helpers
+  describe UniqueToken do
+    let :generator do
+      ->(size) { 'a' * size }
+    end
+    it 'is able to customize the generator method' do
+      token = UniqueToken.generate(generator: generator)
+      expect(token).to eq('a' * 32)
+    end
+    it 'is able to customize the size of the token' do
+      token = UniqueToken.generate(generator: generator, size: 2)
+      expect(token).to eq('aa')
+    end
+  end
+end