doorkeeper 0.3.4 → 0.4.0

data/spec/lib/oauth/error_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+require 'active_support/i18n'
+require 'doorkeeper/oauth/error'
+
+module Doorkeeper::OAuth
+  describe Error do
+    subject { Error.new(:some_error, :some_state) }
+
+    it { should respond_to(:name) }
+    it { should respond_to(:state) }
+
+    describe :description do
+      it 'is translated from translation messages' do
+        I18n.should_receive(:translate).with(:some_error, :scope => [:doorkeeper, :errors, :messages])
+        subject.description
+      end
+    end
+  end
+end

data/spec/lib/oauth/helpers/scope_checker_spec.rb

@@ -1,30 +1,35 @@
 require 'spec_helper'
 require 'active_support/core_ext/string'
 require 'doorkeeper/oauth/helpers/scope_checker'
+require 'doorkeeper/oauth/scopes'
 
 module Doorkeeper::OAuth::Helpers
   describe ScopeChecker, ".matches?" do
+    def new_scope(*args)
+      Doorkeeper::OAuth::Scopes.from_array args
+    end
+
     it "true if scopes matches" do
-      scopes = [:public]
-      scopes_to_match = "public"
+      scopes = new_scope :public
+      scopes_to_match = new_scope :public
       ScopeChecker.matches?(scopes, scopes_to_match).should be_true
     end
 
     it "is false when scopes differs" do
-      scopes = [:public]
-      scopes_to_match = "write"
+      scopes = new_scope :public
+      scopes_to_match = new_scope :write
       ScopeChecker.matches?(scopes, scopes_to_match).should be_false
     end
 
     it "is false when scope in array is missing" do
-      scopes = [:public]
-      scopes_to_match = "public write"
+      scopes = new_scope :public
+      scopes_to_match = new_scope :public, :write
       ScopeChecker.matches?(scopes, scopes_to_match).should be_false
     end
 
     it "is false when scope in string is missing" do
-      scopes = [:public, :write]
-      scopes_to_match = "public"
+      scopes = new_scope :public, :write
+      scopes_to_match = new_scope :public
       ScopeChecker.matches?(scopes, scopes_to_match).should be_false
     end
 
@@ -35,9 +40,10 @@ module Doorkeeper::OAuth::Helpers
   end
 
   describe ScopeChecker, ".valid?" do
-    let(:server_scopes) { double :all_included? => true }
+    let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
 
     it "is valid if scope is present" do
+      server_scopes.add :scope
       ScopeChecker.valid?("scope", server_scopes).should be_true
     end
 
@@ -62,7 +68,6 @@ module Doorkeeper::OAuth::Helpers
     end
 
     it "is invalid if any scope is not included in server scopes" do
-      server_scopes.stub(:all_included?).and_return(false)
       ScopeChecker.valid?("scope another", server_scopes).should be_false
     end
   end

data/spec/lib/oauth/password_access_token_request_spec.rb

@@ -0,0 +1,152 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe PasswordAccessTokenRequest do
+    let(:client) { Factory(:application) }
+    let(:owner)  { User.create!(:name => "Joe", :password => "sekret") }
+    let(:params) {
+      {
+        :grant_type    => "password"
+      }
+    }
+
+    describe "with a valid owner and client" do
+      subject { PasswordAccessTokenRequest.new(client, owner, params) }
+
+      before { subject.authorize }
+
+      it { should be_valid }
+
+      its(:token_type)    { should == "bearer" }
+      its(:error)         { should be_nil }
+      its(:refresh_token) { should be_nil }
+
+      it "has an access token" do
+        subject.access_token.token.should =~ /\w+/
+      end
+    end
+
+    describe "with a valid client but an invalid owner" do
+      subject { PasswordAccessTokenRequest.new(client, nil, params) }
+
+      before { subject.authorize }
+
+      it { should_not be_valid }
+      its(:error)         { should == :invalid_resource_owner }
+      its(:access_token)  { should be_nil }
+      its(:refresh_token) { should be_nil }
+    end
+
+    describe "with a valid owner but an invalid client" do
+      subject { PasswordAccessTokenRequest.new(nil, owner, params) }
+
+      before { subject.authorize }
+
+      it { should_not be_valid }
+      its(:error)         { should == :invalid_client }
+      its(:access_token)  { should be_nil }
+      its(:refresh_token) { should be_nil }
+    end
+
+    describe "creating the access token" do
+      subject { PasswordAccessTokenRequest.new(client, owner, params) }
+
+      it "creates with correct params" do
+        Doorkeeper::AccessToken.should_receive(:create!).with({
+          :application_id    => client.id,
+          :resource_owner_id => owner.id,
+          :expires_in        => 2.hours,
+          :scopes            =>"",
+          :use_refresh_token => false,
+        })
+        subject.authorize
+      end
+
+      it "creates a refresh token if Doorkeeper is configured to do so" do
+        Doorkeeper.configure { use_refresh_token }
+
+        Doorkeeper::AccessToken.should_receive(:create!).with({
+          :application_id    => client.id,
+          :resource_owner_id => owner.id,
+          :expires_in        => 2.hours,
+          :scopes            =>"",
+          :use_refresh_token => true,
+        })
+        subject.authorize
+      end
+    end
+
+    describe "with an existing valid access token" do
+      subject { PasswordAccessTokenRequest.new(client, owner, params) }
+
+      before { subject.authorize }
+      it { should be_valid }
+      its(:error)         { should be_nil }
+
+      it "will not create a new token" do
+        subject.should_not_receive(:create_access_token)
+        subject.authorize
+      end
+    end
+
+    describe "with an existing expired access token" do
+      subject { PasswordAccessTokenRequest.new(client, owner, params) }
+
+      it "will create a new token" do
+        subject.authorize
+        expired_access_token = subject.access_token.dup
+        subject.access_token.created_at = Time.now - subject.access_token.expires_in - 1.second
+        subject.should_receive(:create_access_token)
+        subject.access_token.should_receive(:revoke)
+        subject.authorize
+        subject.access_token.should_not eq(expired_access_token)
+      end
+    end
+
+    describe "finding the current access token" do
+      subject { PasswordAccessTokenRequest.new(client, owner, params) }
+      it { should be_valid }
+      its(:error)         { should be_nil }
+
+      before { subject.authorize }
+
+      it "should find the access token and not create a new one" do
+        subject.should_not_receive(:create_access_token)
+        access_token = subject.authorize
+        subject.access_token.should eq(access_token)
+      end
+    end
+
+    describe "creating the first access_token" do
+      subject { PasswordAccessTokenRequest.new(client, owner, params) }
+      it { should be_valid }
+      its(:error)         { should be_nil }
+
+      it "should create a new access token" do
+        subject.should_receive(:create_access_token)
+        subject.authorize
+      end
+    end
+
+    describe "with errors" do
+      def token(params)
+        PasswordAccessTokenRequest.new(client, owner, params)
+      end
+
+      it "includes the error in the response" do
+        access_token = token(params.except(:grant_type))
+        access_token.error_response.name.should == :invalid_request
+      end
+
+      describe "when client is not present" do
+        subject     { PasswordAccessTokenRequest.new(nil, owner, params) }
+        its(:error) { should == :invalid_client }
+      end
+
+      describe "when :grant_type is not 'password'" do
+        subject     { token(params.merge(:grant_type => "invalid")) }
+        its(:error) { should == :unsupported_grant_type }
+      end
+    end
+  end
+end

data/spec/lib/oauth/scopes_spec.rb

@@ -0,0 +1,115 @@
+require 'spec_helper'
+require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/string'
+require 'doorkeeper/oauth/scopes'
+
+module Doorkeeper::OAuth
+  describe Scopes do
+    describe :add do
+      it 'allows you to add scopes with symbols' do
+        subject.add :public
+        subject.all.should == [:public]
+      end
+
+      it 'allows you to add scopes with strings' do
+        subject.add "public"
+        subject.all.should == [:public]
+      end
+
+      it 'do not add already included scopes' do
+        subject.add :public
+        subject.add :public
+        subject.all.should == [:public]
+      end
+    end
+
+    describe :exists do
+      before do
+        subject.add :public
+      end
+
+      it 'returns true if scope with given name is present' do
+        subject.exists?("public").should be_true
+      end
+
+      it 'returns false if scope with given name does not exist' do
+        subject.exists?("other").should be_false
+      end
+
+      it 'handles symbols' do
+        subject.exists?(:public).should be_true
+        subject.exists?(:other).should be_false
+      end
+    end
+
+    describe ".from_string" do
+      let(:string) { "public write" }
+
+      subject { Scopes.from_string(string) }
+
+      it { should be_a(Scopes) }
+      its(:all) { should == [:public, :write] }
+    end
+
+    describe :+ do
+      it "can add to another scope object" do
+        scopes = Scopes.from_string("public") + Scopes.from_string("admin")
+        scopes.all.should == [:public, :admin]
+      end
+
+      it "does not change the existing object" do
+        origin = Scopes.from_string("public")
+        new_scope = origin + Scopes.from_string("admin")
+        origin.to_s.should == "public"
+      end
+
+      it "raises an error if cannot handle addition" do
+        expect {
+          Scopes.from_string("public") + "admin"
+        }.to raise_error(NoMethodError)
+      end
+    end
+
+    describe :== do
+      it 'is equal to another set of scopes' do
+        Scopes.from_string("public").should == Scopes.from_string("public")
+      end
+
+      it 'is equal to another set of scopes with no particular order' do
+        Scopes.from_string("public write").should == Scopes.from_string("write public")
+      end
+
+      it 'differs from another set of scopes when scopes are not the same' do
+        Scopes.from_string("public write").should_not == Scopes.from_string("write")
+      end
+    end
+
+    describe :has_scopes? do
+      subject { Scopes.from_string("public admin") }
+
+      it "returns true when at least one scope is included" do
+        subject.has_scopes?(Scopes.from_string("public")).should be_true
+      end
+
+      it "returns true when all scopes are included" do
+        subject.has_scopes?(Scopes.from_string("public admin")).should be_true
+      end
+
+      it "is true if all scopes are included in any order" do
+        subject.has_scopes?(Scopes.from_string("admin public")).should be_true
+      end
+
+      it "is false if no scopes are included" do
+        subject.has_scopes?(Scopes.from_string("notexistent")).should be_false
+      end
+
+      it "returns false when any scope is not included" do
+        subject.has_scopes?(Scopes.from_string("public nope")).should be_false
+      end
+
+      it "is false if no scopes are included even for existing ones" do
+        subject.has_scopes?(Scopes.from_string("public admin notexistent")).should be_false
+      end
+    end
+  end
+end

data/spec/models/doorkeeper/access_grant_spec.rb

@@ -33,19 +33,4 @@ describe Doorkeeper::AccessGrant do
       should_not be_valid
     end
   end
-
-  describe :scopes do
-    it "is nil when scopes are not set" do
-      subject.scopes = nil
-      subject.scopes.should be_nil
-    end
-
-    describe "returns an array of scopes" do
-      subject { FactoryGirl.create(:access_grant, :scopes => "public write").scopes }
-
-      it { should be_kind_of(Array) }
-      its(:count) { should == 2 }
-      it { should include(:public, :write) }
-    end
-  end
 end

data/spec/models/doorkeeper/access_token_spec.rb

@@ -13,9 +13,10 @@ module Doorkeeper
     end
 
     describe "validations" do
-      it "is invalid without resource_owner_id" do
+      it "is valid without resource_owner_id" do
+        # For client credentials flow
         subject.resource_owner_id = nil
-        should_not be_valid
+        should be_valid
       end
 
       it "is invalid without application_id" do
@@ -53,9 +54,9 @@ module Doorkeeper
     describe '.matching_token_for' do
       let(:resource_owner_id) { 100 }
       let(:application)       { FactoryGirl.create :application }
-      let(:scopes)            { "public write" }
+      let(:scopes)            { Doorkeeper::OAuth::Scopes.from_string("public write") }
       let(:default_attributes) do
-        { :application => application, :resource_owner_id => resource_owner_id, :scopes => scopes }
+        { :application => application, :resource_owner_id => resource_owner_id, :scopes => scopes.to_s }
       end
 
       it 'returns only one token' do
@@ -71,6 +72,12 @@ module Doorkeeper
         last_token.should == token
       end
 
+      it 'accepts nil as resource owner' do
+        token = FactoryGirl.create :access_token, default_attributes.merge(:resource_owner_id => nil)
+        last_token = AccessToken.matching_token_for(application, nil, scopes)
+        last_token.should == token
+      end
+
       it 'excludes revoked tokens' do
         FactoryGirl.create :access_token, default_attributes.merge(:revoked_at => 1.day.ago)
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)

data/spec/requests/applications/authorized_applications_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper_integration'
 
 feature 'Authorized applications' do
   background do
-    @user   = User.create!
+    @user   = User.create!(:name => "Joe", :password => "sekret")
     @client = client_exists(:name => "Amazing Client App")
     resource_owner_is_authenticated @user
     client_is_authorized @client, @user
@@ -15,7 +15,7 @@ feature 'Authorized applications' do
 
   scenario "do not display other user's authorized applications" do
     client = client_exists(:name => "Another Client App")
-    client_is_authorized client, User.create!
+    client_is_authorized client, User.create!(:name => "Joe", :password => "sekret")
     visit '/oauth/authorized_applications'
     i_should_not_see 'Another Client App'
   end

data/spec/requests/endpoints/authorization_spec.rb

@@ -38,8 +38,8 @@ feature 'Authorization endpoint' do
     background do
       create_resource_owner
       sign_in
-      scope_exists :public, :default => true, :description => "Access your public data"
-      scope_exists :write,  :description => "Update your data"
+      default_scopes_exist  :public
+      optional_scopes_exist :write
     end
 
     scenario "displays default scopes when no scope was requested" do

data/spec/requests/endpoints/token_spec.rb

@@ -19,4 +19,11 @@ feature 'Token endpoint' do
 
     should_have_json 'access_token', Doorkeeper::AccessToken.first.token
   end
+
+  scenario 'returns null for expires_in when a permanent token is set' do
+    config_is_set(:access_token_expires_in, nil)
+    post token_endpoint_url(:code => @authorization.token, :client => @client)
+    should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+    should_have_json 'expires_in', nil
+  end
 end