doorkeeper 0.7.4 → 1.0.0.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +24 -0
  3. data/Gemfile +0 -2
  4. data/README.md +1 -1
  5. data/app/controllers/doorkeeper/tokens_controller.rb +2 -0
  6. data/app/views/doorkeeper/applications/_delete_form.html.erb +16 -0
  7. data/app/views/doorkeeper/applications/index.html.erb +6 -2
  8. data/app/views/doorkeeper/applications/show.html.erb +1 -1
  9. data/app/views/doorkeeper/authorized_applications/index.html.erb +1 -1
  10. data/app/views/layouts/doorkeeper/application.html.erb +0 -1
  11. data/doorkeeper.gemspec +0 -1
  12. data/lib/doorkeeper/doorkeeper_for.rb +2 -2
  13. data/lib/doorkeeper/models/access_token.rb +5 -2
  14. data/lib/doorkeeper/models/application.rb +2 -2
  15. data/lib/doorkeeper/oauth/password_access_token_request.rb +13 -8
  16. data/lib/doorkeeper/oauth/refresh_token_request.rb +38 -12
  17. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  18. data/lib/doorkeeper/request/password.rb +5 -5
  19. data/lib/doorkeeper/request/refresh_token.rb +5 -5
  20. data/lib/doorkeeper/version.rb +1 -1
  21. data/lib/generators/doorkeeper/templates/migration.rb +1 -1
  22. data/spec/controllers/applications_controller_spec.rb +9 -0
  23. data/spec/controllers/protected_resources_controller_spec.rb +2 -2
  24. data/spec/controllers/tokens_controller_spec.rb +1 -1
  25. data/spec/dummy/app/views/layouts/application.html.erb +0 -2
  26. data/spec/dummy/config/environments/test.rb +11 -2
  27. data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +1 -1
  28. data/spec/dummy/db/schema.rb +1 -1
  29. data/spec/factories/access_token.rb +4 -0
  30. data/spec/lib/models/revocable_spec.rb +2 -2
  31. data/spec/lib/oauth/authorization_code_request_spec.rb +1 -1
  32. data/spec/lib/oauth/client/credentials_spec.rb +2 -2
  33. data/spec/lib/oauth/client/methods_spec.rb +4 -4
  34. data/spec/lib/oauth/client_credentials/issuer_spec.rb +4 -4
  35. data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -2
  36. data/spec/lib/oauth/client_credentials_request_spec.rb +4 -4
  37. data/spec/lib/oauth/client_spec.rb +5 -5
  38. data/spec/lib/oauth/code_request_spec.rb +3 -3
  39. data/spec/lib/oauth/error_response_spec.rb +3 -3
  40. data/spec/lib/oauth/helpers/scope_checker_spec.rb +2 -2
  41. data/spec/lib/oauth/password_access_token_request_spec.rb +26 -10
  42. data/spec/lib/oauth/pre_authorization_spec.rb +2 -2
  43. data/spec/lib/oauth/refresh_token_request_spec.rb +52 -10
  44. data/spec/lib/oauth/token_request_spec.rb +3 -3
  45. data/spec/lib/oauth/token_response_spec.rb +8 -5
  46. data/spec/lib/oauth/token_spec.rb +8 -8
  47. data/spec/lib/server_spec.rb +1 -1
  48. data/spec/models/doorkeeper/access_token_spec.rb +6 -9
  49. data/spec/models/doorkeeper/application_spec.rb +16 -1
  50. data/spec/requests/applications/applications_request_spec.rb +3 -3
  51. data/spec/requests/flows/password_spec.rb +20 -0
  52. data/spec/requests/protected_resources/private_api_spec.rb +8 -0
  53. metadata +5 -21
  54. data/app/assets/javascripts/doorkeeper/application.js +0 -2
  55. data/spec/dummy/app/assets/javascripts/application.js +0 -9
  56. data/spec/dummy/app/assets/stylesheets/application.css +0 -7
@@ -3,8 +3,8 @@ require 'spec_helper_integration'
3
3
  module Doorkeeper::OAuth
4
4
  describe TokenRequest do
5
5
  let :pre_auth do
6
- mock(:pre_auth, {
7
- :client => mock(:application, :id => 9990),
6
+ double(:pre_auth, {
7
+ :client => double(:application, :id => 9990),
8
8
  :redirect_uri => 'http://tst.com/cb',
9
9
  :state => nil,
10
10
  :scopes => nil,
@@ -14,7 +14,7 @@ module Doorkeeper::OAuth
14
14
  end
15
15
 
16
16
  let :owner do
17
- mock :owner, :id => 7866
17
+ double :owner, :id => 7866
18
18
  end
19
19
 
20
20
  subject do
@@ -3,7 +3,7 @@ require 'doorkeeper/oauth/token_response'
3
3
 
4
4
  module Doorkeeper::OAuth
5
5
  describe TokenResponse do
6
- subject { TokenResponse.new(stub.as_null_object) }
6
+ subject { TokenResponse.new(double.as_null_object) }
7
7
 
8
8
  it 'includes access token response headers' do
9
9
  headers = subject.headers
@@ -17,9 +17,10 @@ module Doorkeeper::OAuth
17
17
 
18
18
  describe '.body' do
19
19
  let(:access_token) do
20
- mock :access_token, {
20
+ double :access_token, {
21
21
  :token => 'some-token',
22
22
  :expires_in => '3600',
23
+ :expires_in_seconds => '300',
23
24
  :scopes_string => 'two scopes',
24
25
  :refresh_token => 'some-refresh-token',
25
26
  :token_type => 'bearer'
@@ -36,8 +37,10 @@ module Doorkeeper::OAuth
36
37
  subject['token_type'].should == 'bearer'
37
38
  end
38
39
 
40
+ # expires_in_seconds is returned as `expires_in` in order to match
41
+ # the OAuth spec (section 4.2.2)
39
42
  it 'includes :expires_in' do
40
- subject['expires_in'].should == '3600'
43
+ subject['expires_in'].should == '300'
41
44
  end
42
45
 
43
46
  it 'includes :scope' do
@@ -51,9 +54,9 @@ module Doorkeeper::OAuth
51
54
 
52
55
  describe '.body filters out empty values' do
53
56
  let(:access_token) do
54
- mock :access_token, {
57
+ double :access_token, {
55
58
  :token => 'some-token',
56
- :expires_in => '',
59
+ :expires_in_seconds => '',
57
60
  :scopes_string => '',
58
61
  :refresh_token => '',
59
62
  :token_type => 'bearer'
@@ -11,7 +11,7 @@ module Doorkeeper
11
11
  module OAuth
12
12
  describe Token do
13
13
  describe :from_request do
14
- let(:request) { stub.as_null_object }
14
+ let(:request) { double.as_null_object }
15
15
 
16
16
  let(:method) do
17
17
  lambda { |request| return 'token-value' }
@@ -28,7 +28,7 @@ module Doorkeeper
28
28
  end
29
29
 
30
30
  it 'stops at the first credentials found' do
31
- not_called_method = mock
31
+ not_called_method = double
32
32
  not_called_method.should_not_receive(:call)
33
33
  credentials = Token.from_request request, lambda { |r| }, method, not_called_method
34
34
  end
@@ -41,7 +41,7 @@ module Doorkeeper
41
41
 
42
42
  describe :from_access_token_param do
43
43
  it 'returns token from access_token parameter' do
44
- request = stub :parameters => { :access_token => 'some-token' }
44
+ request = double :parameters => { :access_token => 'some-token' }
45
45
  token = Token.from_access_token_param(request)
46
46
  token.should == "some-token"
47
47
  end
@@ -49,7 +49,7 @@ module Doorkeeper
49
49
 
50
50
  describe :from_bearer_param do
51
51
  it 'returns token from bearer_token parameter' do
52
- request = stub :parameters => { :bearer_token => 'some-token' }
52
+ request = double :parameters => { :bearer_token => 'some-token' }
53
53
  token = Token.from_bearer_param(request)
54
54
  token.should == "some-token"
55
55
  end
@@ -57,25 +57,25 @@ module Doorkeeper
57
57
 
58
58
  describe :from_bearer_authorization do
59
59
  it 'returns token from authorization bearer' do
60
- request = stub :authorization => "Bearer SomeToken"
60
+ request = double :authorization => "Bearer SomeToken"
61
61
  token = Token.from_bearer_authorization(request)
62
62
  token.should == "SomeToken"
63
63
  end
64
64
 
65
65
  it 'does not return token if authorization is not bearer' do
66
- request = stub :authorization => "MAC SomeToken"
66
+ request = double :authorization => "MAC SomeToken"
67
67
  token = Token.from_bearer_authorization(request)
68
68
  token.should be_blank
69
69
  end
70
70
  end
71
71
 
72
72
  describe :authenticate do
73
- let(:finder) { mock :finder }
73
+ let(:finder) { double :finder }
74
74
 
75
75
  it 'calls the finder if token was found' do
76
76
  token = lambda { |r| 'token' }
77
77
  AccessToken.should_receive(:authenticate).with('token')
78
- Token.authenticate stub, token
78
+ Token.authenticate double, token
79
79
  end
80
80
  end
81
81
  end
@@ -4,7 +4,7 @@ require 'doorkeeper/errors'
4
4
  require 'doorkeeper/server'
5
5
 
6
6
  describe Doorkeeper::Server do
7
- let(:fake_class) { mock :fake_class }
7
+ let(:fake_class) { double :fake_class }
8
8
 
9
9
  subject do
10
10
  described_class.new
@@ -46,15 +46,10 @@ module Doorkeeper
46
46
  subject.resource_owner_id = nil
47
47
  should be_valid
48
48
  end
49
-
50
- it "is invalid without application_id" do
51
- subject.application_id = nil
52
- should_not be_valid
53
- end
54
49
  end
55
50
 
56
51
  describe '.revoke_all_for' do
57
- let(:resource_owner) { stub(:id => 100) }
52
+ let(:resource_owner) { double(:id => 100) }
58
53
  let(:application) { FactoryGirl.create :application }
59
54
  let(:default_attributes) do
60
55
  { :application => application, :resource_owner_id => resource_owner.id }
@@ -63,7 +58,9 @@ module Doorkeeper
63
58
  it 'revokes all tokens for given application and resource owner' do
64
59
  FactoryGirl.create :access_token, default_attributes
65
60
  AccessToken.revoke_all_for application.id, resource_owner
66
- AccessToken.all.should be_empty
61
+ AccessToken.all.each do |token|
62
+ token.should be_revoked
63
+ end
67
64
  end
68
65
 
69
66
  it 'matches application' do
@@ -94,7 +91,7 @@ module Doorkeeper
94
91
  end
95
92
 
96
93
  it 'accepts resource owner as object' do
97
- resource_owner = stub(:to_key => true, :id => 100)
94
+ resource_owner = double(:to_key => true, :id => 100)
98
95
  token = FactoryGirl.create :access_token, default_attributes
99
96
  last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
100
97
  last_token.should == token
@@ -142,7 +139,7 @@ module Doorkeeper
142
139
  token_hash = {
143
140
  :resource_owner_id => token.resource_owner_id,
144
141
  :scopes => token.scopes,
145
- :expires_in_seconds => token.expires_in_seconds,
142
+ :expires_in_seconds => token.expires_in_seconds,
146
143
  :application => { :uid => token.application.uid }
147
144
  }
148
145
  token.as_json.should eq token_hash
@@ -8,6 +8,9 @@ module Doorkeeper
8
8
  let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", false) }
9
9
  let(:new_application) { FactoryGirl.build(:application) }
10
10
 
11
+ let(:uid) { SecureRandom.hex(8) }
12
+ let(:secret) { SecureRandom.hex(8) }
13
+
11
14
  context "application_owner is enabled" do
12
15
  before do
13
16
  Doorkeeper.configure do
@@ -54,6 +57,12 @@ module Doorkeeper
54
57
  new_application.uid.should_not be_nil
55
58
  end
56
59
 
60
+ it 'generates uid on create unless one is set' do
61
+ new_application.uid = uid
62
+ new_application.save
63
+ new_application.uid.should eq(uid)
64
+ end
65
+
57
66
  it 'is invalid without uid' do
58
67
  new_application.save
59
68
  new_application.uid = nil
@@ -88,6 +97,12 @@ module Doorkeeper
88
97
  new_application.secret.should_not be_nil
89
98
  end
90
99
 
100
+ it 'generate secret on create unless one is set' do
101
+ new_application.secret = secret
102
+ new_application.save
103
+ new_application.secret.should eq(secret)
104
+ end
105
+
91
106
  it 'is invalid without secret' do
92
107
  new_application.save
93
108
  new_application.secret = nil
@@ -142,7 +157,7 @@ module Doorkeeper
142
157
  Application.authorized_for(resource_owner).should == [application]
143
158
  end
144
159
 
145
- it "should fail to mass assign a new application" do
160
+ it "should fail to mass assign a new application", if: ::Rails::VERSION::MAJOR < 4 do
146
161
  mass_assign = { :name => 'Something',
147
162
  :redirect_uri => 'http://somewhere.com/something',
148
163
  :uid => 123,
@@ -69,7 +69,7 @@ feature 'Edit application' do
69
69
  end
70
70
  end
71
71
 
72
- feature 'Destroy application' do
72
+ feature 'Remove application' do
73
73
  background do
74
74
  @app = FactoryGirl.create :application
75
75
  end
@@ -78,7 +78,7 @@ feature 'Destroy application' do
78
78
  visit "/oauth/applications"
79
79
  i_should_see @app.name
80
80
  within(:css, "tr#application_#{@app.id}") do
81
- click_link "Destroy"
81
+ click_button "Remove"
82
82
  end
83
83
  i_should_see "Application deleted"
84
84
  i_should_not_see @app.name
@@ -86,7 +86,7 @@ feature 'Destroy application' do
86
86
 
87
87
  scenario 'deleting an application from show' do
88
88
  visit "/oauth/applications/#{@app.id}"
89
- click_link 'Remove'
89
+ click_button 'Remove'
90
90
  i_should_see "Application deleted"
91
91
  end
92
92
  end
@@ -39,6 +39,16 @@ feature 'Resource Owner Password Credentials Flow' do
39
39
  should_have_json 'access_token', token.token
40
40
  end
41
41
 
42
+ scenario "should issue new token without client credentials" do
43
+ expect {
44
+ post password_token_endpoint_url(:resource_owner => @resource_owner)
45
+ }.to change { Doorkeeper::AccessToken.count }.by(1)
46
+
47
+ token = Doorkeeper::AccessToken.first
48
+
49
+ should_have_json 'access_token', token.token
50
+ end
51
+
42
52
  scenario "should issue a refresh token if enabled" do
43
53
  config_is_set(:refresh_token_enabled, true)
44
54
 
@@ -65,4 +75,14 @@ feature 'Resource Owner Password Credentials Flow' do
65
75
  }.to_not change { Doorkeeper::AccessToken.count }
66
76
  end
67
77
  end
78
+
79
+ context "with invalid client credentials" do
80
+ scenario "should not issue new token with bad client credentials" do
81
+ expect {
82
+ post password_token_endpoint_url( :client_id => @client.uid,
83
+ :client_secret => "bad_secret",
84
+ :resource_owner => @resource_owner)
85
+ }.to_not change { Doorkeeper::AccessToken.count }
86
+ end
87
+ end
68
88
  end
@@ -47,4 +47,12 @@ feature 'Private API' do
47
47
  visit '/full_protected_resources/1.json'
48
48
  response_status_should_be 401
49
49
  end
50
+
51
+ scenario 'access token with default scope' do
52
+ default_scopes_exist :admin
53
+ @token.update_column :scopes, :admin
54
+ with_access_token_header @token.token
55
+ visit '/full_protected_resources/1.json'
56
+ page.body.should have_content("show")
57
+ end
50
58
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.4
4
+ version: 1.0.0.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-12-01 00:00:00.000000000 Z
12
+ date: 2013-12-11 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: railties
@@ -25,20 +25,6 @@ dependencies:
25
25
  - - '>='
26
26
  - !ruby/object:Gem::Version
27
27
  version: '3.1'
28
- - !ruby/object:Gem::Dependency
29
- name: jquery-rails
30
- requirement: !ruby/object:Gem::Requirement
31
- requirements:
32
- - - '>='
33
- - !ruby/object:Gem::Version
34
- version: 2.0.2
35
- type: :runtime
36
- prerelease: false
37
- version_requirements: !ruby/object:Gem::Requirement
38
- requirements:
39
- - - '>='
40
- - !ruby/object:Gem::Version
41
- version: 2.0.2
42
28
  - !ruby/object:Gem::Dependency
43
29
  name: sqlite3
44
30
  requirement: !ruby/object:Gem::Requirement
@@ -167,7 +153,6 @@ files:
167
153
  - MIT-LICENSE
168
154
  - README.md
169
155
  - Rakefile
170
- - app/assets/javascripts/doorkeeper/application.js
171
156
  - app/assets/stylesheets/doorkeeper/application.css
172
157
  - app/assets/stylesheets/doorkeeper/form.css
173
158
  - app/controllers/doorkeeper/application_controller.rb
@@ -178,6 +163,7 @@ files:
178
163
  - app/controllers/doorkeeper/tokens_controller.rb
179
164
  - app/helpers/doorkeeper/form_errors_helper.rb
180
165
  - app/validators/redirect_uri_validator.rb
166
+ - app/views/doorkeeper/applications/_delete_form.html.erb
181
167
  - app/views/doorkeeper/applications/_form.html.erb
182
168
  - app/views/doorkeeper/applications/edit.html.erb
183
169
  - app/views/doorkeeper/applications/index.html.erb
@@ -277,8 +263,6 @@ files:
277
263
  - spec/controllers/token_info_controller_spec.rb
278
264
  - spec/controllers/tokens_controller_spec.rb
279
265
  - spec/dummy/Rakefile
280
- - spec/dummy/app/assets/javascripts/application.js
281
- - spec/dummy/app/assets/stylesheets/application.css
282
266
  - spec/dummy/app/controllers/application_controller.rb
283
267
  - spec/dummy/app/controllers/custom_authorizations_controller.rb
284
268
  - spec/dummy/app/controllers/full_protected_resources_controller.rb
@@ -404,9 +388,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
404
388
  version: '0'
405
389
  required_rubygems_version: !ruby/object:Gem::Requirement
406
390
  requirements:
407
- - - '>='
391
+ - - '>'
408
392
  - !ruby/object:Gem::Version
409
- version: '0'
393
+ version: 1.3.1
410
394
  requirements: []
411
395
  rubyforge_project:
412
396
  rubygems_version: 2.0.14
@@ -1,2 +0,0 @@
1
- //= require jquery
2
- //= require jquery_ujs
@@ -1,9 +0,0 @@
1
- // This is a manifest file that'll be compiled into including all the files listed below.
2
- // Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
3
- // be included in the compiled file accessible from http://example.com/assets/application.js
4
- // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
5
- // the compiled file.
6
- //
7
- //= require jquery
8
- //= require jquery_ujs
9
- //= require_tree .
@@ -1,7 +0,0 @@
1
- /*
2
- * This is a manifest file that'll automatically include all the stylesheets available in this directory
3
- * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
4
- * the top of the compiled file, but it's generally better to create a new file per style scope.
5
- *= require_self
6
- *= require_tree .
7
- */