doorkeeper 0.3.4 → 0.4.0

data/spec/dummy/config/locales/doorkeeper.en.yml

@@ -0,0 +1,5 @@
+en:
+  doorkeeper:
+    scopes:
+      public: "Access your public data"
+      write:  "Update your data"

data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb

@@ -0,0 +1,5 @@
+class AddPasswordToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :password_digest, :string
+  end
+end

data/spec/dummy/db/migrate/{20111206151426_create_doorkeeper_tables.rb → 20120524202412_create_doorkeeper_tables.rb}

@@ -8,6 +8,8 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.timestamps
     end
 
+    add_index :oauth_applications, :uid, :unique => true
+
     create_table :oauth_access_grants do |t|
       t.integer  :resource_owner_id, :null => false
       t.integer  :application_id,    :null => false
@@ -19,8 +21,10 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.string   :scopes
     end
 
+    add_index :oauth_access_grants, :token, :unique => true
+
     create_table :oauth_access_tokens do |t|
-      t.integer  :resource_owner_id, :null => false
+      t.integer  :resource_owner_id
       t.integer  :application_id,    :null => false
       t.string   :token,             :null => false
       t.string   :refresh_token
@@ -29,5 +33,10 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.datetime :created_at,        :null => false
       t.string   :scopes
     end
+
+    add_index :oauth_access_tokens, :token, :unique => true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, :unique => true
+
   end
 end

data/spec/dummy/db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20111206151426) do
+ActiveRecord::Schema.define(:version => 20120524202412) do
 
   create_table "oauth_access_grants", :force => true do |t|
     t.integer  "resource_owner_id", :null => false
@@ -24,8 +24,10 @@ ActiveRecord::Schema.define(:version => 20111206151426) do
     t.string   "scopes"
   end
 
+  add_index "oauth_access_grants", ["token"], :name => "index_oauth_access_grants_on_token", :unique => true
+
   create_table "oauth_access_tokens", :force => true do |t|
-    t.integer  "resource_owner_id", :null => false
+    t.integer  "resource_owner_id"
     t.integer  "application_id",    :null => false
     t.string   "token",             :null => false
     t.string   "refresh_token"
@@ -35,19 +37,26 @@ ActiveRecord::Schema.define(:version => 20111206151426) do
     t.string   "scopes"
   end
 
+  add_index "oauth_access_tokens", ["refresh_token"], :name => "index_oauth_access_tokens_on_refresh_token", :unique => true
+  add_index "oauth_access_tokens", ["resource_owner_id"], :name => "index_oauth_access_tokens_on_resource_owner_id"
+  add_index "oauth_access_tokens", ["token"], :name => "index_oauth_access_tokens_on_token", :unique => true
+
   create_table "oauth_applications", :force => true do |t|
     t.string   "name",         :null => false
     t.string   "uid",          :null => false
     t.string   "secret",       :null => false
     t.string   "redirect_uri", :null => false
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
   end
 
+  add_index "oauth_applications", ["uid"], :name => "index_oauth_applications_on_uid", :unique => true
+
   create_table "users", :force => true do |t|
     t.string   "name"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
+    t.string   "password_digest"
   end
 
 end

data/spec/lib/config_spec.rb

@@ -34,27 +34,32 @@ describe Doorkeeper, "configuration" do
       end
       subject.access_token_expires_in.should == 4.hours
     end
-  end
 
-  describe "scopes" do
-    it "can be set with authorization_scopes method in DSL" do
+    it "can be set to nil" do
       Doorkeeper.configure do
-        authorization_scopes do
-          scope :public, :default => true, :description => "Public"
-        end
+        access_token_expires_in nil
       end
+      subject.access_token_expires_in.should be_nil
+    end
+  end
+
+  describe "scopes" do
+    it "has default scopes" do
+      Doorkeeper.configure { default_scopes :public }
+      subject.default_scopes.should include(:public)
+    end
 
-      subject.scopes[:public].should_not be_nil
-      subject.scopes[:public].description.should == "Public"
-      subject.scopes[:public].default.should == true
+    it 'has optional scopes' do
+      Doorkeeper.configure { optional_scopes :write, :update }
+      subject.optional_scopes.should include(:write, :update)
     end
 
-    it "returns empty Scopes collection if no scopes were defined" do
+    it 'has all scopes' do
       Doorkeeper.configure do
+        default_scopes  :normal
+        optional_scopes :admin
       end
-
-      subject.scopes.should be_a(Doorkeeper::Scopes)
-      subject.scopes.all.should == []
+      subject.scopes.should include(:normal, :admin)
     end
   end
 
@@ -68,4 +73,15 @@ describe Doorkeeper, "configuration" do
       subject.refresh_token_enabled?.should be_true
     end
   end
+
+  describe 'client_credentials' do
+    it 'has defaults order' do
+      subject.client_credentials_methods.should == [:from_basic, :from_params]
+    end
+
+    it "can change the value" do
+      Doorkeeper.configure { client_credentials :from_digest, :from_params }
+      subject.client_credentials_methods.should == [:from_digest, :from_params]
+    end
+  end
 end

data/spec/lib/models/scopes_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+require 'active_support/core_ext/module/delegation'
+require 'doorkeeper/oauth/scopes'
+require 'doorkeeper/models/scopes'
+
+describe 'Doorkeeper::Models::Scopes' do
+  subject do
+    Class.new(Hash) do
+      include Doorkeeper::Models::Scopes
+    end.new
+  end
+
+  before do
+    subject[:scopes] = 'public admin'
+  end
+
+  describe :scopes do
+    it 'is a `Scopes` class' do
+      subject.scopes.should be_a(Doorkeeper::OAuth::Scopes)
+    end
+
+    it 'includes scopes' do
+      subject.scopes.should include(:public)
+    end
+  end
+
+  describe :scopes_string do
+    it 'is a `Scopes` class' do
+      subject.scopes_string.should == 'public admin'
+    end
+  end
+end

data/spec/lib/oauth/access_token_request_spec.rb

@@ -6,8 +6,6 @@ module Doorkeeper::OAuth
     let(:grant)  { FactoryGirl.create(:access_grant, :application => client) }
     let(:params) {
       {
-        :client_id     => client.uid,
-        :client_secret => client.secret,
         :code          => grant.token,
         :grant_type    => "authorization_code",
         :redirect_uri  => client.redirect_uri
@@ -15,7 +13,7 @@ module Doorkeeper::OAuth
     }
 
     describe "with a valid authorization code and client" do
-      subject { AccessTokenRequest.new(params) }
+      subject { AccessTokenRequest.new(client, params) }
 
       before { subject.authorize }
 
@@ -30,7 +28,7 @@ module Doorkeeper::OAuth
     end
 
     describe "creating the access token" do
-      subject { AccessTokenRequest.new(params) }
+      subject { AccessTokenRequest.new(client, params) }
 
       it "creates with correct params" do
         Doorkeeper::AccessToken.should_receive(:create!).with({
@@ -45,7 +43,7 @@ module Doorkeeper::OAuth
     end
 
     describe "with a valid authorization code, client and existing valid access token" do
-      subject { AccessTokenRequest.new(params) }
+      subject { AccessTokenRequest.new(client, params) }
 
       before { subject.authorize }
       it { should be_valid }
@@ -58,7 +56,7 @@ module Doorkeeper::OAuth
     end
 
     describe "with a valid authorization code, client and existing expired access token" do
-      subject { AccessTokenRequest.new(params) }
+      subject { AccessTokenRequest.new(client, params) }
 
       it "will create a new token" do
         subject.authorize
@@ -72,7 +70,7 @@ module Doorkeeper::OAuth
     end
 
     describe "finding the current access token" do
-      subject { AccessTokenRequest.new(params) }
+      subject { AccessTokenRequest.new(client, params) }
       it { should be_valid }
       its(:error)         { should be_nil }
 
@@ -86,7 +84,7 @@ module Doorkeeper::OAuth
     end
 
     describe "creating the first access_token" do
-      subject { AccessTokenRequest.new(params) }
+      subject { AccessTokenRequest.new(client, params) }
       it { should be_valid }
       its(:error)         { should be_nil }
 
@@ -98,12 +96,12 @@ module Doorkeeper::OAuth
 
     describe "with errors" do
       def token(params)
-        AccessTokenRequest.new(params)
+        AccessTokenRequest.new(client, params)
       end
 
       it "includes the error in the response" do
         access_token = token(params.except(:grant_type))
-        access_token.error_response['error'].should == "invalid_request"
+        access_token.error_response.name.should == :invalid_request
       end
 
       [:grant_type, :code, :redirect_uri].each do |param|
@@ -113,13 +111,8 @@ module Doorkeeper::OAuth
         end
       end
 
-      describe "when :client_id does not match" do
-        subject     { token(params.merge(:client_id => "inexistent")) }
-        its(:error) { should == :invalid_client }
-      end
-
-      describe "when :client_secret does not match" do
-        subject     { token(params.merge(:client_secret => "inexistent")) }
+      describe "when client is not present" do
+        subject     { AccessTokenRequest.new(nil, params) }
         its(:error) { should == :invalid_client }
       end
 
@@ -166,8 +159,6 @@ module Doorkeeper::OAuth
     let(:access) { FactoryGirl.create(:access_token, :application => client, :use_refresh_token => true) }
     let(:params) {
       {
-        :client_id     => client.uid,
-        :client_secret => client.secret,
         :refresh_token => access.refresh_token,
         :grant_type    => "refresh_token",
       }
@@ -178,7 +169,7 @@ module Doorkeeper::OAuth
     end
 
     describe "with a valid authorization code and client" do
-      subject { AccessTokenRequest.new(params) }
+      subject { AccessTokenRequest.new(client, params) }
 
       before do
         subject.authorize
@@ -196,12 +187,12 @@ module Doorkeeper::OAuth
 
     describe "with errors" do
       def token(params)
-        AccessTokenRequest.new(params)
+        AccessTokenRequest.new(client, params)
       end
 
       it "includes the error in the response" do
         access_token = token(params.except(:grant_type))
-        access_token.error_response['error'].should == "invalid_request"
+        access_token.error_response.name.should == :invalid_request
       end
 
       [:grant_type, :refresh_token].each do |param|
@@ -211,13 +202,8 @@ module Doorkeeper::OAuth
         end
       end
 
-      describe "when :client_id does not match" do
-        subject     { token(params.merge(:client_id => "inexistent")) }
-        its(:error) { should == :invalid_client }
-      end
-
-      describe "when :client_secret does not match" do
-        subject     { token(params.merge(:client_secret => "inexistent")) }
+      describe "when client is not present" do
+        subject     { AccessTokenRequest.new(nil, params) }
         its(:error) { should == :invalid_client }
       end
 

data/spec/lib/oauth/authorization_request_spec.rb

@@ -6,7 +6,6 @@ module Doorkeeper::OAuth
     let(:client)         { FactoryGirl.create(:application) }
     let(:base_attributes) do
       {
-        :client_id     => client.uid,
         :redirect_uri  => client.redirect_uri,
         :scope         => "public write",
         :state         => "return-this"
@@ -14,15 +13,14 @@ module Doorkeeper::OAuth
     end
 
     before :each do
-      Doorkeeper::OAuth::Helpers::ScopeChecker.stub(:valid?).and_return(true)
-      Doorkeeper.stub_chain(:configuration, :scopes, :all).and_return([Doorkeeper::Scope.new(:public)])
+      Doorkeeper.configuration.stub(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public write'))
     end
 
     describe "with a code response_type" do
       let(:attributes) { base_attributes.merge!(:response_type => "code") }
 
       describe "with valid attributes" do
-        subject { AuthorizationRequest.new(resource_owner, attributes) }
+        subject { AuthorizationRequest.new(client, resource_owner, attributes) }
 
         describe "after authorization" do
           before { subject.authorize }
@@ -46,16 +44,8 @@ module Doorkeeper::OAuth
           end
         end
 
-        describe :scopes  do
-          it "returns scopes objects returned by Doorkeeper::Scopes with names specified by scopes" do
-            scopes_object = double(Doorkeeper::Scopes)
-            Doorkeeper.stub_chain(:configuration, :scopes, :with_names).with("public", "write").and_return(scopes_object)
-            subject.scopes.should == scopes_object
-          end
-        end
-
         describe :authorize do
-          let(:authorization_request) { AuthorizationRequest.new(resource_owner, attributes) }
+          let(:authorization_request) { AuthorizationRequest.new(client, resource_owner, attributes) }
           subject { authorization_request.authorize }
 
           it "returns Doorkeeper::AccessGrant object" do
@@ -70,7 +60,6 @@ module Doorkeeper::OAuth
             subject.scopes == authorization_request.scope
           end
         end
-
       end
 
       describe "with a redirect_uri with query params" do
@@ -81,7 +70,7 @@ module Doorkeeper::OAuth
           attributes[:redirect_uri] = u.to_s
           attributes
         }
-        subject { AuthorizationRequest.new(resource_owner, attributes_with_query_params) }
+        subject { AuthorizationRequest.new(client, resource_owner, attributes_with_query_params) }
 
         it "preservers the original query when error"
 
@@ -103,31 +92,25 @@ module Doorkeeper::OAuth
               query.should =~ /abc=123/
               query.should =~ /def=456/
             end
-
           end
-
         end
       end
 
       describe "if no scope given" do
         it "sets the scope to the default one" do
-          Doorkeeper.stub_chain(:configuration, :default_scope_string).and_return("public email")
-          request = AuthorizationRequest.new(resource_owner, attributes.except(:scope))
-          request.scope.should == "public email"
+          request = AuthorizationRequest.new(client, resource_owner, attributes.except(:scope))
+          request.scopes.to_s.should == "public write"
         end
       end
 
       describe "with errors" do
         before do
           Doorkeeper::AccessGrant.should_not_receive(:create)
-          Doorkeeper.stub_chain(:configuration, :scopes, :all).and_return([Doorkeeper::Scope.new(:public)])
         end
 
-        [:response_type].each do |attribute|
-          describe "when :#{attribute} is missing" do
-            subject     { auth(attributes.except(attribute)) }
-            its(:error) { should == :invalid_request }
-          end
+        describe "when :response_type is missing" do
+          subject     { auth(attributes.except(:response_type)) }
+          its(:error) { should == :invalid_request }
         end
 
         describe "when :redirect_uri is missing" do
@@ -135,13 +118,8 @@ module Doorkeeper::OAuth
           its(:error) { should == :invalid_redirect_uri }
         end
 
-        describe "when :client_id is missing" do
-          subject     { auth(attributes.except(:client_id)) }
-          its(:error) { should == :invalid_client }
-        end
-
-        describe "when :client_id does not match" do
-          subject     { auth(attributes.merge(:client_id => "invalid")) }
+        describe "when client is not present" do
+          subject     { AuthorizationRequest.new(nil, resource_owner, attributes) }
           its(:error) { should == :invalid_client }
         end
 
@@ -166,10 +144,6 @@ module Doorkeeper::OAuth
         end
 
         describe "when :scope contains scopes that are note registered in the provider" do
-          before do
-            Doorkeeper::OAuth::Helpers::ScopeChecker.stub(:valid?).and_return(false)
-          end
-
           subject     { auth(attributes.merge(:scope => "public strange")) }
           its(:error) { should == :invalid_scope }
         end
@@ -178,19 +152,18 @@ module Doorkeeper::OAuth
 
     describe "with a token response_type" do
       before do
-        Doorkeeper.stub_chain(:configuration, :access_token_expires_in).and_return(7200)
+        Doorkeeper.configuration.stub(:access_token_expires_in).and_return(7200)
       end
 
       let(:attributes) { base_attributes.merge!(:response_type => "token") }
 
       describe "with valid attributes" do
-        subject { AuthorizationRequest.new(resource_owner, attributes) }
+        subject { AuthorizationRequest.new(client, resource_owner, attributes) }
 
         describe "after authorization" do
           before { subject.authorize }
 
           its(:response_type) { should == "token" }
-          its(:client_id)     { should == client.uid }
           its(:scope)         { should == "public write" }
           its(:state)         { should == "return-this" }
           its(:error)         { should be_nil }
@@ -224,16 +197,8 @@ module Doorkeeper::OAuth
           end
         end
 
-        describe :scopes  do
-          it "returns scopes objects returned by Doorkeeper::Scopes with names specified by scopes" do
-            scopes_object = double(Doorkeeper::Scopes)
-            Doorkeeper.stub_chain(:configuration, :scopes, :with_names).with("public", "write").and_return(scopes_object)
-            subject.scopes.should == scopes_object
-          end
-        end
-
         describe :authorize do
-          let(:authorization_request) { AuthorizationRequest.new(resource_owner, attributes) }
+          let(:authorization_request) { AuthorizationRequest.new(client, resource_owner, attributes) }
           subject { authorization_request.authorize }
 
           it "returns Doorkeeper::AccessGrant object" do
@@ -248,28 +213,23 @@ module Doorkeeper::OAuth
             subject.scopes == authorization_request.scope
           end
         end
-
       end
 
       describe "if no scope given" do
         it "sets the scope to the default one" do
-          Doorkeeper.stub_chain(:configuration, :default_scope_string).and_return("public email")
-          request = AuthorizationRequest.new(resource_owner, attributes.except(:scope))
-          request.scope.should == "public email"
+          request = AuthorizationRequest.new(client, resource_owner, attributes.except(:scope))
+          request.scopes.to_s.should == "public write"
         end
       end
 
       describe "with errors" do
         before do
           Doorkeeper::AccessGrant.should_not_receive(:create)
-          Doorkeeper.stub_chain(:configuration, :scopes, :all).and_return([Doorkeeper::Scope.new(:public)])
         end
 
-        [:response_type].each do |attribute|
-          describe "when :#{attribute} is missing" do
-            subject     { auth(attributes.except(attribute)) }
-            its(:error) { should == :invalid_request }
-          end
+        describe "when :response_type is missing" do
+          subject     { auth(attributes.except(:response_type)) }
+          its(:error) { should == :invalid_request }
         end
 
         describe "when :redirect_uri is missing" do
@@ -277,13 +237,8 @@ module Doorkeeper::OAuth
           its(:error) { should == :invalid_redirect_uri }
         end
 
-        describe "when :client_id is missing" do
-          subject     { auth(attributes.except(:client_id)) }
-          its(:error) { should == :invalid_client }
-        end
-
-        describe "when :client_id does not match" do
-          subject     { auth(attributes.merge(:client_id => "invalid")) }
+        describe "when client is not present" do
+          subject     { AuthorizationRequest.new(nil, resource_owner, attributes) }
           its(:error) { should == :invalid_client }
         end
 
@@ -318,19 +273,14 @@ module Doorkeeper::OAuth
         end
 
         describe "when :scope contains scopes that are note registered in the provider" do
-          before do
-            Doorkeeper::OAuth::Helpers::ScopeChecker.stub(:valid?).and_return(false)
-          end
-
           subject     { auth(attributes.merge(:scope => "public strange")) }
           its(:error) { should == :invalid_scope }
         end
       end
-
     end
 
     def auth(attributes)
-      AuthorizationRequest.new(resource_owner, attributes)
+      AuthorizationRequest.new(client, resource_owner, attributes)
     end
   end
 end