doorkeeper 0.5.0 → 0.6.0.rc1

data/spec/dummy/config/{mongoid.yml → mongoid2.yml}

@@ -1,7 +1,9 @@
 development:
   database: doorkeeper-development
   persist_in_safe_mode: true
+  autocreate_indexes: true
 
 test:
-  database: doorkeeper-test-suite
+  database: doorkeeper-mongoid2-test
   persist_in_safe_mode: true
+  autocreate_indexes: true

data/spec/dummy/config/mongoid3.yml

@@ -0,0 +1,18 @@
+development:
+  sessions:
+    default:
+      database: doorkeeper-mongoid3-development
+      hosts:
+        - localhost:27017
+      options:
+        consistency: :strong
+        safe: true
+test:
+  sessions:
+    default:
+      database: doorkeeper-mongoid3-test
+      hosts:
+        - localhost:27017
+      options:
+        consistency: :strong
+        safe: true

data/spec/generators/install_generator_spec.rb

@@ -11,6 +11,7 @@ describe 'Doorkeeper::InstallGenerator' do
     before :each do
       prepare_destination
       FileUtils.mkdir(::File.expand_path("config", Pathname(destination_root)))
+      FileUtils.mkdir(::File.expand_path("db", Pathname(destination_root)))
       FileUtils.copy_file(::File.expand_path("../templates/routes.rb", __FILE__), ::File.expand_path("config/routes.rb", Pathname.new(destination_root)))
       run_generator
     end

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe AuthorizationCodeRequest do
+    let(:server) { mock :server, :access_token_expires_in => 2.days, :refresh_token_enabled? => false }
+    let(:grant)  { FactoryGirl.create :access_grant }
+    let(:client) { grant.application }
+
+    subject do
+      AuthorizationCodeRequest.new server, grant, client, :redirect_uri => client.redirect_uri
+    end
+
+    it 'issues a new token for the client' do
+      expect do
+        subject.authorize
+      end.to change { client.access_tokens.count }.by(1)
+    end
+
+    it "issues the token with same grant's scopes" do
+      subject.authorize
+      Doorkeeper::AccessToken.last.scopes.should == grant.scopes
+    end
+
+    it 'revokes the grant' do
+      expect do
+        subject.authorize
+      end.to change { grant.reload.accessible? }
+    end
+
+    it 'requires the grant to be accessible' do
+      grant.revoke
+      subject.validate
+      subject.error.should == :invalid_grant
+    end
+
+    it 'requires the grant' do
+      subject.grant = nil
+      subject.validate
+      subject.error.should == :invalid_grant
+    end
+
+    it 'requires the client' do
+      subject.client = nil
+      subject.validate
+      subject.error.should == :invalid_client
+    end
+
+    it 'requires the redirect_uri' do
+      subject.redirect_uri = nil
+      subject.validate
+      subject.error.should == :invalid_request
+    end
+
+    it "matches the redirect_uri with grant's one" do
+      subject.redirect_uri = 'http://other.com'
+      subject.validate
+      subject.error.should == :invalid_grant
+    end
+
+    it "matches the client with grant's one" do
+      subject.client = FactoryGirl.create :application
+      subject.validate
+      subject.error.should == :invalid_grant
+    end
+
+    it 'skips token creation if there is a matching one' do
+      FactoryGirl.create(:access_token, :application_id => client.id, :resource_owner_id => grant.resource_owner_id, :scopes => "public write")
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
+
+    it 'revokes matching token if expired' do
+      token = FactoryGirl.create(:access_token, :application_id => client.id, :resource_owner_id => grant.resource_owner_id, :scopes => "public write", :expires_in => -100)
+      expect do
+        subject.authorize
+      end.to change { token.reload.revoked? }
+    end
+  end
+end

data/spec/lib/oauth/client_credentials_request_spec.rb

@@ -22,7 +22,7 @@ module Doorkeeper::OAuth
 
     it 'has successful response when issue was created' do
       subject.authorize
-      subject.response.should be_a(ClientCredentialsRequest::Response)
+      subject.response.should be_a(TokenResponse)
     end
 
     context 'if issue was not created' do
@@ -30,8 +30,6 @@ module Doorkeeper::OAuth
         subject.issuer = stub :create => false, :error => :invalid
       end
 
-      its(:authorize) { should be_false }
-
       it 'has an error response' do
         subject.authorize
         subject.response.should be_a(Doorkeeper::OAuth::ErrorResponse)

data/spec/lib/oauth/code_request_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe CodeRequest do
+    let(:pre_auth) do
+      mock(:pre_auth, {
+        :client => mock(:application, :id => 9990),
+        :redirect_uri => 'http://tst.com/cb',
+        :scopes => nil,
+        :state => nil,
+        :error => nil,
+        :authorizable? => true
+      })
+    end
+
+    let(:owner) { mock :owner, :id => 8900 }
+
+    subject do
+      CodeRequest.new(pre_auth, owner)
+    end
+
+    it 'creates an access grant' do
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessGrant.count }.by(1)
+    end
+
+    it 'returns a code response' do
+      subject.authorize.should be_a(CodeResponse)
+    end
+
+    it 'does not create grant when not authorizable' do
+      pre_auth.stub :authorizable? => false
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessGrant.count }
+    end
+
+    it 'returns a error response' do
+      pre_auth.stub :authorizable? => false
+      subject.authorize.should be_a(ErrorResponse)
+    end
+  end
+end

data/spec/lib/oauth/error_response_spec.rb

@@ -24,17 +24,17 @@ module Doorkeeper::OAuth
       end
     end
 
-    it 'ignores empty attributes' do
+    it 'ignores empty error values' do
       subject = ErrorResponse.new(:error => :some_error, :state => nil)
-      subject.attributes.should_not have_key(:state)
+      subject.body.should_not have_key(:state)
     end
 
-    context 'json response' do
-      subject { ErrorResponse.new(:name => :some_error, :state => :some_state).as_json }
+    describe '.body' do
+      subject { ErrorResponse.new(:name => :some_error, :state => :some_state) }
 
-      it { should have_key('error') }
-      it { should have_key('error_description') }
-      it { should have_key('state') }
+      its(:body) { should have_key(:error) }
+      its(:body) { should have_key(:error_description) }
+      its(:body) { should have_key(:state) }
     end
   end
 end

data/spec/lib/oauth/password_access_token_request_spec.rb

@@ -2,177 +2,64 @@ require 'spec_helper_integration'
 
 module Doorkeeper::OAuth
   describe PasswordAccessTokenRequest do
+    let(:server) { mock :server, :default_scopes => Doorkeeper::OAuth::Scopes.new, :access_token_expires_in => 2.hours, :refresh_token_enabled? => false }
     let(:client) { FactoryGirl.create(:application) }
-    let(:owner)  { User.create!(:name => "Joe", :password => "sekret") }
-    let(:params) {
-      {
-        :grant_type    => "password"
-      }
-    }
+    let(:owner)  { mock :owner, :id => 99 }
 
-    describe "with a valid owner and client" do
-      subject { PasswordAccessTokenRequest.new(client, owner, params) }
-
-      before { subject.authorize }
-
-      it { should be_valid }
-
-      its(:token_type)    { should == "bearer" }
-      its(:error)         { should be_nil }
-      its(:refresh_token) { should be_nil }
-
-      it "has an access token" do
-        subject.access_token.token.should =~ /\w+/
-      end
-    end
-
-    describe "with a valid client but an invalid owner" do
-      subject { PasswordAccessTokenRequest.new(client, nil, params) }
-
-      before { subject.authorize }
-
-      it { should_not be_valid }
-      its(:error)         { should == :invalid_resource_owner }
-      its(:access_token)  { should be_nil }
-      its(:refresh_token) { should be_nil }
+    subject do
+      PasswordAccessTokenRequest.new(server, client, owner)
     end
 
-    describe "with a valid owner but an invalid client" do
-      subject { PasswordAccessTokenRequest.new(nil, owner, params) }
-
-      before { subject.authorize }
-
-      it { should_not be_valid }
-      its(:error)         { should == :invalid_client }
-      its(:access_token)  { should be_nil }
-      its(:refresh_token) { should be_nil }
-    end
-
-    describe "creating the access token" do
-      subject { PasswordAccessTokenRequest.new(client, owner, params) }
-
-      it "creates with correct params" do
-        Doorkeeper::AccessToken.should_receive(:create!).with({
-          :application_id    => client.id,
-          :resource_owner_id => owner.id,
-          :expires_in        => 2.hours,
-          :scopes            =>"",
-          :use_refresh_token => false,
-        })
-        subject.authorize
-      end
-
-      it "creates a refresh token if Doorkeeper is configured to do so" do
-        Doorkeeper.configure { 
-          orm DOORKEEPER_ORM
-          use_refresh_token 
-        }
-
-        Doorkeeper::AccessToken.should_receive(:create!).with({
-          :application_id    => client.id,
-          :resource_owner_id => owner.id,
-          :expires_in        => 2.hours,
-          :scopes            =>"",
-          :use_refresh_token => true,
-        })
+    it 'issues a new token for the client' do
+      expect do
         subject.authorize
-      end
+      end.to change { client.access_tokens.count }.by(1)
     end
 
-    describe "with an existing valid access token" do
-      subject { PasswordAccessTokenRequest.new(client, owner, params) }
-
-      before { subject.authorize }
-      it { should be_valid }
-      its(:error)         { should be_nil }
-
-      it "will not create a new token" do
-        subject.should_not_receive(:create_access_token)
-        subject.authorize
-      end
+    it "requires the owner" do
+      subject.resource_owner = nil
+      subject.validate
+      subject.error.should == :invalid_resource_owner
     end
 
-    describe "with an existing expired access token" do
-      subject { PasswordAccessTokenRequest.new(client, owner, params) }
-
-      before do
-        PasswordAccessTokenRequest.new(client, owner, params).authorize
-        last_token = Doorkeeper::AccessToken.last
-        # TODO: make this better, maybe with an expire! method?
-        last_token.update_column :created_at, 10.days.ago
-      end
-
-      it "will create a new token" do
-        expect {
-          subject.authorize
-        }.to change { Doorkeeper::AccessToken.count }.by(1)
-      end
+    it 'requires the client' do
+      subject.client = nil
+      subject.validate
+      subject.error.should == :invalid_client
     end
 
-    describe "finding the current access token" do
-      subject { PasswordAccessTokenRequest.new(client, owner, params) }
-      it { should be_valid }
-      its(:error)         { should be_nil }
-
-      before { subject.authorize }
-
-      it "should find the access token and not create a new one" do
-        subject.should_not_receive(:create_access_token)
-        access_token = subject.authorize
-        subject.access_token.should eq(access_token)
-      end
+    it 'skips token creation if there is already one' do
+      FactoryGirl.create(:access_token, :application_id => client.id, :resource_owner_id => owner.id)
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessToken.count }
     end
 
-    describe "creating the first access_token" do
-      subject { PasswordAccessTokenRequest.new(client, owner, params) }
-      it { should be_valid }
-      its(:error)         { should be_nil }
-
-      it "should create a new access token" do
-        subject.should_receive(:create_access_token)
+    it 'revokes old token if expired' do
+      token = FactoryGirl.create(:access_token, :application_id => client.id, :resource_owner_id => owner.id, :expires_in => -100)
+      expect do
         subject.authorize
-      end
+      end.to change { token.reload.revoked? }
     end
 
     describe "with scopes" do
       subject do
-        PasswordAccessTokenRequest.new(client, owner, params.merge(:scope => 'public'))
+        PasswordAccessTokenRequest.new(server, client, owner, :scope => 'public')
       end
 
-      before do
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          default_scopes :public
-        end
+      it 'validates the current scope' do
+        server.stub :scopes => Doorkeeper::OAuth::Scopes.from_string('another')
+        subject.validate
+        subject.error.should == :invalid_scope
       end
 
       it 'creates the token with scopes' do
+        server.stub :scopes => Doorkeeper::OAuth::Scopes.from_string("public")
         expect {
           subject.authorize
         }.to change { Doorkeeper::AccessToken.count }.by(1)
         Doorkeeper::AccessToken.last.scopes.should include(:public)
       end
     end
-
-    describe "with errors" do
-      def token(params)
-        PasswordAccessTokenRequest.new(client, owner, params)
-      end
-
-      it "includes the error in the response" do
-        access_token = token(params.except(:grant_type))
-        access_token.error_response.name.should == :invalid_request
-      end
-
-      describe "when client is not present" do
-        subject     { PasswordAccessTokenRequest.new(nil, owner, params) }
-        its(:error) { should == :invalid_client }
-      end
-
-      describe "when :grant_type is not 'password'" do
-        subject     { token(params.merge(:grant_type => "invalid")) }
-        its(:error) { should == :unsupported_grant_type }
-      end
-    end
   end
 end

data/spec/lib/oauth/pre_authorization_spec.rb

@@ -0,0 +1,80 @@
+require "spec_helper_integration"
+
+module Doorkeeper::OAuth
+  describe PreAuthorization do
+    let(:server) { mock :server, :default_scopes => Scopes.new, :scopes => Scopes.from_string('public') }
+    let(:client) { mock :client, :redirect_uri => 'http://tst.com/auth' }
+
+    let :attributes do
+      {
+        :response_type => 'code',
+        :redirect_uri => 'http://tst.com/auth',
+        :state => 'save-this'
+      }
+    end
+
+    subject do
+      PreAuthorization.new(server, client, attributes)
+    end
+
+    it 'is authorizable when request is valid' do
+      subject.should be_authorizable
+    end
+
+    it 'accepts code as response type' do
+      subject.response_type = 'code'
+      subject.should be_authorizable
+    end
+
+    it 'accepts token as response type' do
+      subject.response_type = 'token'
+      subject.should be_authorizable
+    end
+
+    it 'accepts valid scopes' do
+      subject.scope = 'public'
+      subject.should be_authorizable
+    end
+
+    it 'uses default scopes when none is required' do
+      server.stub :default_scopes => Scopes.from_string('default')
+      subject.scope = nil
+      subject.scope.should  == 'default'
+      subject.scopes.should == Scopes.from_string('default')
+    end
+
+    it 'accepts test uri' do
+      subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
+      subject.should be_authorizable
+    end
+
+    it "matches the redirect uri against client's one" do
+      subject.redirect_uri = 'http://nothesame.com'
+      subject.should_not be_authorizable
+    end
+
+    it 'stores the state' do
+      subject.state.should == 'save-this'
+    end
+
+    it 'rejects if response type is not allowed' do
+      subject.response_type = 'whops'
+      subject.should_not be_authorizable
+    end
+
+    it 'requires an existing client' do
+      subject.client = nil
+      subject.should_not be_authorizable
+    end
+
+    it 'requires a redirect uri' do
+      subject.redirect_uri = nil
+      subject.should_not be_authorizable
+    end
+
+    it 'rejects non-valid scopes' do
+      subject.scope = 'invalid'
+      subject.should_not be_authorizable
+    end
+  end
+end