doorkeeper 0.7.4 → 1.0.0.rc1

data/spec/lib/oauth/token_request_spec.rb

@@ -3,8 +3,8 @@ require 'spec_helper_integration'
 module Doorkeeper::OAuth
   describe TokenRequest do
     let :pre_auth do
-      mock(:pre_auth, {
-        :client => mock(:application, :id => 9990),
+      double(:pre_auth, {
+        :client => double(:application, :id => 9990),
         :redirect_uri => 'http://tst.com/cb',
         :state => nil,
         :scopes => nil,
@@ -14,7 +14,7 @@ module Doorkeeper::OAuth
     end
 
     let :owner do
-      mock :owner, :id => 7866
+      double :owner, :id => 7866
     end
 
     subject do

data/spec/lib/oauth/token_response_spec.rb

@@ -3,7 +3,7 @@ require 'doorkeeper/oauth/token_response'
 
 module Doorkeeper::OAuth
   describe TokenResponse do
-    subject { TokenResponse.new(stub.as_null_object) }
+    subject { TokenResponse.new(double.as_null_object) }
 
     it 'includes access token response headers' do
       headers = subject.headers
@@ -17,9 +17,10 @@ module Doorkeeper::OAuth
 
     describe '.body' do
       let(:access_token) do
-        mock :access_token, {
+        double :access_token, {
           :token => 'some-token',
           :expires_in => '3600',
+          :expires_in_seconds => '300',
           :scopes_string => 'two scopes',
           :refresh_token => 'some-refresh-token',
           :token_type => 'bearer'
@@ -36,8 +37,10 @@ module Doorkeeper::OAuth
         subject['token_type'].should == 'bearer'
       end
 
+      # expires_in_seconds is returned as `expires_in` in order to match
+      # the OAuth spec (section 4.2.2)
       it 'includes :expires_in' do
-        subject['expires_in'].should == '3600'
+        subject['expires_in'].should == '300'
       end
 
       it 'includes :scope' do
@@ -51,9 +54,9 @@ module Doorkeeper::OAuth
 
     describe '.body filters out empty values' do
       let(:access_token) do
-        mock :access_token, {
+        double :access_token, {
           :token => 'some-token',
-          :expires_in => '',
+          :expires_in_seconds => '',
           :scopes_string => '',
           :refresh_token => '',
           :token_type => 'bearer'

data/spec/lib/oauth/token_spec.rb

@@ -11,7 +11,7 @@ module Doorkeeper
   module OAuth
     describe Token do
       describe :from_request do
-        let(:request) { stub.as_null_object }
+        let(:request) { double.as_null_object }
 
         let(:method) do
           lambda { |request| return 'token-value' }
@@ -28,7 +28,7 @@ module Doorkeeper
         end
 
         it 'stops at the first credentials found' do
-          not_called_method = mock
+          not_called_method = double
           not_called_method.should_not_receive(:call)
           credentials = Token.from_request request, lambda { |r| }, method, not_called_method
         end
@@ -41,7 +41,7 @@ module Doorkeeper
 
       describe :from_access_token_param do
         it 'returns token from access_token parameter' do
-          request = stub :parameters => { :access_token => 'some-token' }
+          request = double :parameters => { :access_token => 'some-token' }
           token   = Token.from_access_token_param(request)
           token.should == "some-token"
         end
@@ -49,7 +49,7 @@ module Doorkeeper
 
       describe :from_bearer_param do
         it 'returns token from bearer_token parameter' do
-          request = stub :parameters => { :bearer_token => 'some-token' }
+          request = double :parameters => { :bearer_token => 'some-token' }
           token   = Token.from_bearer_param(request)
           token.should == "some-token"
         end
@@ -57,25 +57,25 @@ module Doorkeeper
 
       describe :from_bearer_authorization do
         it 'returns token from authorization bearer' do
-          request = stub :authorization => "Bearer SomeToken"
+          request = double :authorization => "Bearer SomeToken"
           token   = Token.from_bearer_authorization(request)
           token.should == "SomeToken"
         end
 
         it 'does not return token if authorization is not bearer' do
-          request = stub :authorization => "MAC SomeToken"
+          request = double :authorization => "MAC SomeToken"
           token   = Token.from_bearer_authorization(request)
           token.should be_blank
         end
       end
 
       describe :authenticate do
-        let(:finder) { mock :finder }
+        let(:finder) { double :finder }
 
         it 'calls the finder if token was found' do
           token = lambda { |r| 'token' }
           AccessToken.should_receive(:authenticate).with('token')
-          Token.authenticate stub, token
+          Token.authenticate double, token
         end
       end
     end

data/spec/lib/server_spec.rb

@@ -4,7 +4,7 @@ require 'doorkeeper/errors'
 require 'doorkeeper/server'
 
 describe Doorkeeper::Server do
-  let(:fake_class) { mock :fake_class }
+  let(:fake_class) { double :fake_class }
 
   subject do
     described_class.new

data/spec/models/doorkeeper/access_token_spec.rb

@@ -46,15 +46,10 @@ module Doorkeeper
         subject.resource_owner_id = nil
         should be_valid
       end
-
-      it "is invalid without application_id" do
-        subject.application_id = nil
-        should_not be_valid
-      end
     end
 
     describe '.revoke_all_for' do
-      let(:resource_owner) { stub(:id => 100) }
+      let(:resource_owner) { double(:id => 100) }
       let(:application)    { FactoryGirl.create :application }
       let(:default_attributes) do
         { :application => application, :resource_owner_id => resource_owner.id }
@@ -63,7 +58,9 @@ module Doorkeeper
       it 'revokes all tokens for given application and resource owner' do
         FactoryGirl.create :access_token, default_attributes
         AccessToken.revoke_all_for application.id, resource_owner
-        AccessToken.all.should be_empty
+        AccessToken.all.each do |token|
+          token.should be_revoked
+        end
       end
 
       it 'matches application' do
@@ -94,7 +91,7 @@ module Doorkeeper
       end
 
       it 'accepts resource owner as object' do
-        resource_owner = stub(:to_key => true, :id => 100)
+        resource_owner = double(:to_key => true, :id => 100)
         token = FactoryGirl.create :access_token, default_attributes
         last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
         last_token.should == token
@@ -142,7 +139,7 @@ module Doorkeeper
         token_hash = {
                       :resource_owner_id => token.resource_owner_id,
                       :scopes => token.scopes,
-                      :expires_in_seconds => token.expires_in_seconds, 
+                      :expires_in_seconds => token.expires_in_seconds,
                       :application => { :uid => token.application.uid }
                      }
         token.as_json.should eq token_hash

data/spec/models/doorkeeper/application_spec.rb

@@ -8,6 +8,9 @@ module Doorkeeper
     let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", false) }
     let(:new_application) { FactoryGirl.build(:application) }
 
+    let(:uid) { SecureRandom.hex(8) }
+    let(:secret) { SecureRandom.hex(8) }
+
     context "application_owner is enabled" do
       before do
         Doorkeeper.configure do
@@ -54,6 +57,12 @@ module Doorkeeper
       new_application.uid.should_not be_nil
     end
 
+    it 'generates uid on create unless one is set' do
+      new_application.uid = uid
+      new_application.save
+      new_application.uid.should eq(uid)
+    end
+
     it 'is invalid without uid' do
       new_application.save
       new_application.uid = nil
@@ -88,6 +97,12 @@ module Doorkeeper
       new_application.secret.should_not be_nil
     end
 
+    it 'generate secret on create unless one is set' do
+      new_application.secret = secret
+      new_application.save
+      new_application.secret.should eq(secret)
+    end
+
     it 'is invalid without secret' do
       new_application.save
       new_application.secret = nil
@@ -142,7 +157,7 @@ module Doorkeeper
         Application.authorized_for(resource_owner).should == [application]
       end
 
-      it "should fail to mass assign a new application" do
+      it "should fail to mass assign a new application", if: ::Rails::VERSION::MAJOR < 4 do
         mass_assign = { :name => 'Something',
                         :redirect_uri => 'http://somewhere.com/something',
                         :uid => 123,

data/spec/requests/applications/applications_request_spec.rb

@@ -69,7 +69,7 @@ feature 'Edit application' do
   end
 end
 
-feature 'Destroy application' do
+feature 'Remove application' do
   background do
     @app = FactoryGirl.create :application
   end
@@ -78,7 +78,7 @@ feature 'Destroy application' do
     visit "/oauth/applications"
     i_should_see @app.name
     within(:css, "tr#application_#{@app.id}") do
-      click_link "Destroy"
+      click_button "Remove"
     end
     i_should_see "Application deleted"
     i_should_not_see @app.name
@@ -86,7 +86,7 @@ feature 'Destroy application' do
 
   scenario 'deleting an application from show' do
     visit "/oauth/applications/#{@app.id}"
-    click_link 'Remove'
+    click_button 'Remove'
     i_should_see "Application deleted"
   end
 end

data/spec/requests/flows/password_spec.rb

@@ -39,6 +39,16 @@ feature 'Resource Owner Password Credentials Flow' do
       should_have_json 'access_token',  token.token
     end
 
+    scenario "should issue new token without client credentials" do
+      expect {
+        post password_token_endpoint_url(:resource_owner => @resource_owner)
+      }.to change { Doorkeeper::AccessToken.count }.by(1)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'access_token',  token.token
+    end
+
     scenario "should issue a refresh token if enabled" do
       config_is_set(:refresh_token_enabled, true)
 
@@ -65,4 +75,14 @@ feature 'Resource Owner Password Credentials Flow' do
       }.to_not change { Doorkeeper::AccessToken.count }
     end
   end
+
+  context "with invalid client credentials" do
+    scenario "should not issue new token with bad client credentials" do
+      expect {
+        post password_token_endpoint_url( :client_id => @client.uid,
+                                          :client_secret => "bad_secret",
+                                          :resource_owner => @resource_owner)
+      }.to_not change { Doorkeeper::AccessToken.count }
+    end
+  end
 end

data/spec/requests/protected_resources/private_api_spec.rb

@@ -47,4 +47,12 @@ feature 'Private API' do
     visit '/full_protected_resources/1.json'
     response_status_should_be 401
   end
+
+  scenario 'access token with default scope' do
+    default_scopes_exist :admin
+    @token.update_column :scopes, :admin
+    with_access_token_header @token.token
+    visit '/full_protected_resources/1.json'
+    page.body.should have_content("show")
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 0.7.4
+  version: 1.0.0.rc1
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-01 00:00:00.000000000 Z
+date: 2013-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -25,20 +25,6 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '3.1'
-- !ruby/object:Gem::Dependency
-  name: jquery-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 2.0.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -167,7 +153,6 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
-- app/assets/javascripts/doorkeeper/application.js
 - app/assets/stylesheets/doorkeeper/application.css
 - app/assets/stylesheets/doorkeeper/form.css
 - app/controllers/doorkeeper/application_controller.rb
@@ -178,6 +163,7 @@ files:
 - app/controllers/doorkeeper/tokens_controller.rb
 - app/helpers/doorkeeper/form_errors_helper.rb
 - app/validators/redirect_uri_validator.rb
+- app/views/doorkeeper/applications/_delete_form.html.erb
 - app/views/doorkeeper/applications/_form.html.erb
 - app/views/doorkeeper/applications/edit.html.erb
 - app/views/doorkeeper/applications/index.html.erb
@@ -277,8 +263,6 @@ files:
 - spec/controllers/token_info_controller_spec.rb
 - spec/controllers/tokens_controller_spec.rb
 - spec/dummy/Rakefile
-- spec/dummy/app/assets/javascripts/application.js
-- spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/custom_authorizations_controller.rb
 - spec/dummy/app/controllers/full_protected_resources_controller.rb
@@ -404,9 +388,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.0.14

data/app/assets/javascripts/doorkeeper/application.js

@@ -1,2 +0,0 @@
-//= require jquery
-//= require jquery_ujs

data/spec/dummy/app/assets/javascripts/application.js

@@ -1,9 +0,0 @@
-// This is a manifest file that'll be compiled into including all the files listed below.
-// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
-// be included in the compiled file accessible from http://example.com/assets/application.js
-// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-// the compiled file.
-//
-//= require jquery
-//= require jquery_ujs
-//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -1,7 +0,0 @@
-/*
- * This is a manifest file that'll automatically include all the stylesheets available in this directory
- * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
- * the top of the compiled file, but it's generally better to create a new file per style scope.
- *= require_self
- *= require_tree . 
-*/