doorkeeper 0.3.4 → 0.4.0

data/spec/requests/flows/authorization_code_errors_spec.rb

@@ -66,7 +66,7 @@ feature 'Authorization Code Flow Errors' do
 
   context 'with scopes' do
     background do
-      scope_exists :write, :description => "Update your data"
+      optional_scopes_exist :write
     end
 
     scenario "redirects with :invalid_scope error when scope does not exists" do

data/spec/requests/flows/authorization_code_spec.rb

@@ -75,8 +75,8 @@ feature 'Authorization Code Flow' do
 
   context 'with scopes' do
     background do
-      scope_exists :public, :default => true, :description => "Access your public data"
-      scope_exists :write,  :description => "Update your data"
+      default_scopes_exist  :public
+      optional_scopes_exist :write
     end
 
     scenario 'resource owner authorizes the client with default scopes' do
@@ -92,6 +92,12 @@ feature 'Authorization Code Flow' do
       access_grant_should_have_scopes :public, :write
     end
 
+    scenario 'resource owner authorizes the client with required scopes (without defaults)' do
+      visit authorization_endpoint_url(:client => @client, :scope => "write")
+      click_on "Authorize"
+      access_grant_should_have_scopes :write
+    end
+
     scenario 'new access token matches required scopes' do
       visit authorization_endpoint_url(:client => @client, :scope => "public write")
       click_on "Authorize"

data/spec/requests/flows/client_credentials_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper_integration'
+
+describe 'Client Credentials Request' do
+  let(:client) { FactoryGirl.create :application }
+
+  context 'a valid request' do
+    it 'authorizes the client and returns the token response' do
+      headers = authorization client.uid, client.secret
+      params  = { :grant_type => 'client_credentials' }
+
+      post '/oauth/token', params, headers
+
+      should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+      should_have_json 'expires_in', Doorkeeper.configuration.access_token_expires_in
+      should_have_json 'scope', ''
+
+      should_not_have_json 'error'
+      should_not_have_json 'error_description'
+      should_not_have_json 'refresh_token'
+    end
+
+    context 'with scopes' do
+      before do
+        optional_scopes_exist :write
+      end
+
+      it 'adds the scope to the token an returns in the response' do
+        headers = authorization client.uid, client.secret
+        params  = { :grant_type => 'client_credentials', :scope => 'write' }
+
+        post '/oauth/token', params, headers
+
+        should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+        should_have_json 'scope', 'write'
+      end
+    end
+  end
+
+  context 'an invalid request' do
+    it 'does not authorize the client and returns the error' do
+      headers = {}
+      params  = { :grant_type => 'client_credentials' }
+
+      post '/oauth/token', params, headers
+
+      should_have_json 'error', 'invalid_client'
+      should_have_json 'error_description', translated_error_message(:invalid_client)
+      should_not_have_json 'access_token'
+    end
+  end
+
+  def authorization(username, password)
+    credentials = ActionController::HttpAuthentication::Basic.encode_credentials username, password
+    { 'HTTP_AUTHORIZATION' => credentials }
+  end
+end

data/spec/requests/flows/password_spec.rb

@@ -0,0 +1,52 @@
+# coding: utf-8
+
+# TODO: this flow should be configurable (letting Doorkeeper users decide if
+# they want to make it available)
+
+require 'spec_helper_integration'
+
+feature 'Resource Owner Password Credentials Flow' do
+  background do
+    config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
+    client_exists
+    create_resource_owner
+  end
+
+  context 'with valid user credentials' do
+    scenario "should issue new token" do
+      expect {
+        post password_token_endpoint_url(:client => @client, :resource_owner => @resource_owner)
+      }.to change { Doorkeeper::AccessToken.count }.by(1)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'access_token',  token.token
+    end
+
+    scenario "should issue a refresh token if enabled" do
+      config_is_set(:refresh_token_enabled, true)
+
+      post password_token_endpoint_url(:client => @client, :resource_owner => @resource_owner)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'refresh_token',  token.refresh_token
+    end
+  end
+
+  context "with invalid user credentials" do
+    scenario "should not issue new token with bad password" do
+      expect {
+        post password_token_endpoint_url( :client => @client,
+                                          :resource_owner_username => @resource_owner.name,
+                                          :resource_owner_password => 'wrongpassword')
+      }.to_not change { Doorkeeper::AccessToken.count }
+    end
+
+    scenario "should not issue new token without credentials" do
+      expect {
+        post password_token_endpoint_url( :client => @client)
+      }.to_not change { Doorkeeper::AccessToken.count }
+    end
+  end
+end

data/spec/requests/flows/skip_authorization_spec.rb

@@ -4,8 +4,8 @@ feature 'Skip authorization form' do
   background do
     config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
     client_exists
-    scope_exists :public, :default => true, :description => "Access your public data"
-    scope_exists :write, :description => "Update your data"
+    default_scopes_exist  :public
+    optional_scopes_exist :write
   end
 
   context 'for previously authorized clients' do

data/spec/requests/protected_resources/private_api_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper_integration'
 feature 'Private API' do
   background do
     @client   = FactoryGirl.create(:application)
-    @resource = User.create!
+    @resource = User.create!(:name => "Joe", :password => "sekret")
     @token    = client_is_authorized(@client, @resource)
   end
 
@@ -26,8 +26,15 @@ feature 'Private API' do
     response_status_should_be 401
   end
 
+  scenario 'client requests protected resource with permanent token' do
+    @token.update_attribute :expires_in, nil # never expires
+    with_access_token_header @token.token
+    visit '/full_protected_resources'
+    page.body.should have_content("index")
+  end
+
   scenario 'access token with no scopes' do
-    scope_exists :admin, :description => "admin"
+    optional_scopes_exist :admin
     @token.update_attribute :scopes, nil
     with_access_token_header @token.token
     visit '/full_protected_resources/1.json'

data/spec/spec_helper_integration.rb

@@ -8,6 +8,9 @@ require 'timecop'
 
 ENGINE_RAILS_ROOT = File.join(File.dirname(__FILE__), '../')
 
+puts "====> Rails version: #{Rails.version}"
+puts "====> Ruby version: #{RUBY_VERSION}"
+
 # load schema to in memory sqlite
 ActiveRecord::Migration.verbose = false
 load Rails.root + "db/schema.rb"

data/spec/support/helpers/authorization_request_helper.rb

@@ -1,6 +1,6 @@
 module AuthorizationRequestHelper
   def resource_owner_is_authenticated(resource_owner = nil)
-    resource_owner ||= User.create!
+    resource_owner ||= User.create!(:name => "Joe", :password => "sekret")
     Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { resource_owner })
   end
 
@@ -8,10 +8,12 @@ module AuthorizationRequestHelper
     Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to("/sign_in") })
   end
 
-  def scope_exists(*args)
-    scopes = Doorkeeper.configuration.instance_variable_get(:@scopes) || Doorkeeper::Scopes.new
-    scopes.add(Doorkeeper::Scope.new(*args))
-    Doorkeeper.configuration.instance_variable_set(:@scopes, scopes)
+  def default_scopes_exist(*scopes)
+    Doorkeeper.configuration.instance_variable_set(:@default_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
+  end
+
+  def optional_scopes_exist(*scopes)
+    Doorkeeper.configuration.instance_variable_set(:@optional_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
   end
 
   def client_should_be_authorized(client)

data/spec/support/helpers/model_helper.rb

@@ -4,7 +4,7 @@ module ModelHelper
   end
 
   def create_resource_owner
-    @resource_owner = User.create!
+    @resource_owner = User.create!(:name => "Joe", :password => "sekret")
   end
 
   def authorization_code_exists(options = {})
@@ -33,12 +33,12 @@ module ModelHelper
 
   def access_grant_should_have_scopes(*args)
     grant = Doorkeeper::AccessGrant.first
-    grant.scopes.should == args
+    grant.scopes.should == Doorkeeper::OAuth::Scopes.from_array(args)
   end
 
   def access_token_should_have_scopes(*args)
     grant = Doorkeeper::AccessToken.first
-    grant.scopes.should == args
+    grant.scopes.should == Doorkeeper::OAuth::Scopes.from_array(args)
   end
 end
 

data/spec/support/helpers/request_spec_helper.rb

@@ -40,7 +40,7 @@ module RequestSpecHelper
   end
 
   def basic_auth_header_for_client(client)
-    "Basic #{Base64.encode64("#{client.uid}:#{client.secret}")}"
+    ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
   end
 
   def should_have_json(key, value)

data/spec/support/helpers/url_helper.rb

@@ -10,6 +10,18 @@ module UrlHelper
     "/oauth/token?#{build_query(parameters)}"
   end
 
+  def password_token_endpoint_url(options = {})
+    parameters = {
+      :code          => options[:code],
+      :client_id     => options[:client_id]     || (options[:client] ? options[:client].uid : nil),
+      :client_secret => options[:client_secret] || (options[:client] ? options[:client].secret : nil),
+      :username      => options[:resource_owner_username] || (options[:resource_owner] ? options[:resource_owner].name : nil),
+      :password      => options[:resource_owner_password] || (options[:resource_owner] ? options[:resource_owner].password : nil),
+      :grant_type    => "password",
+    }
+    "/oauth/token?#{build_query(parameters)}"
+  end
+
   def authorization_endpoint_url(options = {})
     parameters = {
       :client_id     => options[:client_id]     || options[:client].uid,

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-24 00:00:00.000000000 Z
+date: 2012-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
-  requirement: &70167361790320 !ruby/object:Gem::Requirement
+  requirement: &70213938588360 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -22,10 +22,10 @@ dependencies:
         version: '3.1'
   type: :runtime
   prerelease: false
-  version_requirements: *70167361790320
+  version_requirements: *70213938588360
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70167361788260 !ruby/object:Gem::Requirement
+  requirement: &70213938586440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -33,21 +33,21 @@ dependencies:
         version: 1.3.5
   type: :development
   prerelease: false
-  version_requirements: *70167361788260
+  version_requirements: *70213938586440
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70167361803480 !ruby/object:Gem::Requirement
+  requirement: &70213938584520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.9.0
+        version: 2.10.0
   type: :development
   prerelease: false
-  version_requirements: *70167361803480
+  version_requirements: *70213938584520
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &70167361802300 !ruby/object:Gem::Requirement
+  requirement: &70213938582960 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -55,10 +55,10 @@ dependencies:
         version: 1.1.2
   type: :development
   prerelease: false
-  version_requirements: *70167361802300
+  version_requirements: *70213938582960
 - !ruby/object:Gem::Dependency
   name: generator_spec
-  requirement: &70167361800940 !ruby/object:Gem::Requirement
+  requirement: &70213938582320 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -66,10 +66,10 @@ dependencies:
         version: 0.8.5
   type: :development
   prerelease: false
-  version_requirements: *70167361800940
+  version_requirements: *70213938582320
 - !ruby/object:Gem::Dependency
   name: factory_girl
-  requirement: &70167361799900 !ruby/object:Gem::Requirement
+  requirement: &70213938597380 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -77,10 +77,10 @@ dependencies:
         version: 2.6.4
   type: :development
   prerelease: false
-  version_requirements: *70167361799900
+  version_requirements: *70213938597380
 - !ruby/object:Gem::Dependency
   name: timecop
-  requirement: &70167361799080 !ruby/object:Gem::Requirement
+  requirement: &70213938595120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -88,10 +88,10 @@ dependencies:
         version: 0.3.5
   type: :development
   prerelease: false
-  version_requirements: *70167361799080
+  version_requirements: *70213938595120
 - !ruby/object:Gem::Dependency
   name: database_cleaner
-  requirement: &70167361798020 !ruby/object:Gem::Requirement
+  requirement: &70213938592720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -99,7 +99,18 @@ dependencies:
         version: 0.7.1
   type: :development
   prerelease: false
-  version_requirements: *70167361798020
+  version_requirements: *70213938592720
+- !ruby/object:Gem::Dependency
+  name: bcrypt-ruby
+  requirement: &70213938591020 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.1
+  type: :development
+  prerelease: false
+  version_requirements: *70213938591020
 description: Doorkeeper is an OAuth 2 provider for Rails.
 email:
 - felipe@applicake.com
@@ -145,22 +156,32 @@ files:
 - gemfiles/gemfile.rails-3.2.x
 - lib/doorkeeper.rb
 - lib/doorkeeper/config.rb
-- lib/doorkeeper/config/scope.rb
-- lib/doorkeeper/config/scopes.rb
-- lib/doorkeeper/config/scopes_builder.rb
 - lib/doorkeeper/doorkeeper_for.rb
 - lib/doorkeeper/engine.rb
 - lib/doorkeeper/models/expirable.rb
 - lib/doorkeeper/models/revocable.rb
+- lib/doorkeeper/models/scopes.rb
 - lib/doorkeeper/oauth/access_token_request.rb
 - lib/doorkeeper/oauth/authorization.rb
 - lib/doorkeeper/oauth/authorization/code.rb
 - lib/doorkeeper/oauth/authorization/token.rb
 - lib/doorkeeper/oauth/authorization/uri_builder.rb
 - lib/doorkeeper/oauth/authorization_request.rb
+- lib/doorkeeper/oauth/client.rb
+- lib/doorkeeper/oauth/client/credentials.rb
+- lib/doorkeeper/oauth/client/methods.rb
+- lib/doorkeeper/oauth/client_credentials/creator.rb
+- lib/doorkeeper/oauth/client_credentials/issuer.rb
+- lib/doorkeeper/oauth/client_credentials/response.rb
+- lib/doorkeeper/oauth/client_credentials/validation.rb
+- lib/doorkeeper/oauth/client_credentials_request.rb
+- lib/doorkeeper/oauth/error.rb
+- lib/doorkeeper/oauth/error_response.rb
 - lib/doorkeeper/oauth/helpers/scope_checker.rb
 - lib/doorkeeper/oauth/helpers/unique_token.rb
 - lib/doorkeeper/oauth/helpers/uri_checker.rb
+- lib/doorkeeper/oauth/password_access_token_request.rb
+- lib/doorkeeper/oauth/scopes.rb
 - lib/doorkeeper/validations.rb
 - lib/doorkeeper/version.rb
 - lib/generators/doorkeeper/install_generator.rb
@@ -170,6 +191,7 @@ files:
 - lib/generators/doorkeeper/views_generator.rb
 - lib/tasks/doorkeeper_tasks.rake
 - script/rails
+- script/run_all
 - spec/controllers/applications_controller_spec.rb
 - spec/controllers/authorizations_controller_spec.rb
 - spec/controllers/protected_resources_controller_spec.rb
@@ -195,14 +217,14 @@ files:
 - spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/initializers/doorkeeper.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/locales/doorkeeper.en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/db/migrate/20111122132257_create_users.rb
-- spec/dummy/db/migrate/20111206151426_create_doorkeeper_tables.rb
+- spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
+- spec/dummy/db/migrate/20120524202412_create_doorkeeper_tables.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
@@ -215,18 +237,29 @@ files:
 - spec/generators/install_generator_spec.rb
 - spec/generators/templates/routes.rb
 - spec/generators/views_generator_spec.rb
-- spec/lib/config/scope_spec.rb
-- spec/lib/config/scopes_builder_spec.rb
-- spec/lib/config/scopes_spec.rb
 - spec/lib/config_spec.rb
 - spec/lib/models/expirable_spec.rb
 - spec/lib/models/revocable_spec.rb
+- spec/lib/models/scopes_spec.rb
 - spec/lib/oauth/access_token_request_spec.rb
 - spec/lib/oauth/authorization/uri_builder_spec.rb
 - spec/lib/oauth/authorization_request_spec.rb
+- spec/lib/oauth/client/credentials_spec.rb
+- spec/lib/oauth/client/methods_spec.rb
+- spec/lib/oauth/client_credentials/creator_spec.rb
+- spec/lib/oauth/client_credentials/issuer_spec.rb
+- spec/lib/oauth/client_credentials/response_spec.rb
+- spec/lib/oauth/client_credentials/validation_spec.rb
+- spec/lib/oauth/client_credentials_integration_spec.rb
+- spec/lib/oauth/client_credentials_request_spec.rb
+- spec/lib/oauth/client_spec.rb
+- spec/lib/oauth/error_response_spec.rb
+- spec/lib/oauth/error_spec.rb
 - spec/lib/oauth/helpers/scope_checker_spec.rb
 - spec/lib/oauth/helpers/unique_token_spec.rb
 - spec/lib/oauth/helpers/uri_checker_spec.rb
+- spec/lib/oauth/password_access_token_request_spec.rb
+- spec/lib/oauth/scopes_spec.rb
 - spec/models/doorkeeper/access_grant_spec.rb
 - spec/models/doorkeeper/access_token_spec.rb
 - spec/models/doorkeeper/application_spec.rb
@@ -236,8 +269,10 @@ files:
 - spec/requests/endpoints/token_spec.rb
 - spec/requests/flows/authorization_code_errors_spec.rb
 - spec/requests/flows/authorization_code_spec.rb
+- spec/requests/flows/client_credentials_spec.rb
 - spec/requests/flows/implicit_grant_errors_spec.rb
 - spec/requests/flows/implicit_grant_spec.rb
+- spec/requests/flows/password_spec.rb
 - spec/requests/flows/refresh_token_spec.rb
 - spec/requests/flows/skip_authorization_spec.rb
 - spec/requests/protected_resources/private_api_spec.rb
@@ -267,7 +302,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1917524084818713138
+      hash: -318783597431461187
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -276,7 +311,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1917524084818713138
+      hash: -318783597431461187
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.12