doorkeeper 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +2 -2
- data/CHANGELOG.md +14 -2
- data/README.md +93 -42
- data/app/controllers/doorkeeper/application_controller.rb +1 -1
- data/app/controllers/doorkeeper/applications_controller.rb +4 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/controllers/doorkeeper/token_info_controller.rb +3 -3
- data/app/controllers/doorkeeper/tokens_controller.rb +29 -2
- data/app/helpers/doorkeeper/form_errors_helper.rb +2 -2
- data/app/validators/redirect_uri_validator.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +3 -3
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +5 -5
- data/doorkeeper.gemspec +1 -1
- data/lib/doorkeeper.rb +31 -31
- data/lib/doorkeeper/config.rb +66 -37
- data/lib/doorkeeper/doorkeeper_for.rb +6 -3
- data/lib/doorkeeper/engine.rb +2 -2
- data/lib/doorkeeper/helpers/controller.rb +9 -9
- data/lib/doorkeeper/helpers/filter.rb +1 -1
- data/lib/doorkeeper/models/access_grant.rb +5 -5
- data/lib/doorkeeper/models/access_token.rb +22 -18
- data/lib/doorkeeper/models/active_record/access_token.rb +8 -8
- data/lib/doorkeeper/models/active_record/application.rb +5 -5
- data/lib/doorkeeper/models/application.rb +8 -9
- data/lib/doorkeeper/models/expirable.rb +1 -1
- data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +2 -2
- data/lib/doorkeeper/models/mongo_mapper/access_token.rb +11 -11
- data/lib/doorkeeper/models/mongo_mapper/application.rb +4 -4
- data/lib/doorkeeper/models/mongoid/version.rb +2 -2
- data/lib/doorkeeper/models/mongoid2/access_grant.rb +7 -7
- data/lib/doorkeeper/models/mongoid2/access_token.rb +14 -14
- data/lib/doorkeeper/models/mongoid2/application.rb +7 -7
- data/lib/doorkeeper/models/mongoid3_4/access_grant.rb +7 -7
- data/lib/doorkeeper/models/mongoid3_4/access_token.rb +13 -13
- data/lib/doorkeeper/models/mongoid3_4/application.rb +6 -6
- data/lib/doorkeeper/models/ownership.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +7 -7
- data/lib/doorkeeper/oauth/authorization_code_request.rb +18 -19
- data/lib/doorkeeper/oauth/client.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +4 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +6 -4
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -2
- data/lib/doorkeeper/oauth/client_credentials_request.rb +11 -15
- data/lib/doorkeeper/oauth/code_request.rb +5 -4
- data/lib/doorkeeper/oauth/code_response.rb +8 -7
- data/lib/doorkeeper/oauth/error.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
- data/lib/doorkeeper/oauth/invalid_token_response.rb +10 -10
- data/lib/doorkeeper/oauth/password_access_token_request.rb +57 -54
- data/lib/doorkeeper/oauth/pre_authorization.rb +7 -7
- data/lib/doorkeeper/oauth/refresh_token_request.rb +27 -24
- data/lib/doorkeeper/oauth/scopes.rb +3 -3
- data/lib/doorkeeper/oauth/token.rb +27 -1
- data/lib/doorkeeper/oauth/token_request.rb +14 -4
- data/lib/doorkeeper/rails/routes.rb +31 -22
- data/lib/doorkeeper/rails/routes/mapping.rb +11 -12
- data/lib/doorkeeper/request.rb +5 -5
- data/lib/doorkeeper/version.rb +1 -1
- data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
- data/lib/generators/doorkeeper/install_generator.rb +5 -5
- data/lib/generators/doorkeeper/migration_generator.rb +1 -1
- data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb +2 -2
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +2 -2
- data/lib/generators/doorkeeper/templates/initializer.rb +16 -3
- data/lib/generators/doorkeeper/templates/migration.rb +16 -17
- data/lib/generators/doorkeeper/views_generator.rb +1 -1
- data/spec/controllers/applications_controller_spec.rb +7 -7
- data/spec/controllers/authorizations_controller_spec.rb +48 -48
- data/spec/controllers/protected_resources_controller_spec.rb +108 -107
- data/spec/controllers/token_info_controller_spec.rb +11 -11
- data/spec/controllers/tokens_controller_spec.rb +8 -8
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -2
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +3 -3
- data/spec/dummy/app/controllers/home_controller.rb +5 -5
- data/spec/dummy/app/controllers/metal_controller.rb +1 -1
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +2 -2
- data/spec/dummy/app/models/user.rb +3 -3
- data/spec/dummy/config/application.rb +8 -9
- data/spec/dummy/config/boot.rb +1 -1
- data/spec/dummy/config/environments/test.rb +1 -1
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -5
- data/spec/dummy/config/initializers/session_store.rb +1 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +1 -1
- data/spec/dummy/config/routes.rb +27 -27
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +16 -17
- data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +3 -3
- data/spec/dummy/db/schema.rb +39 -39
- data/spec/factories/access_grant.rb +3 -3
- data/spec/factories/access_token.rb +1 -1
- data/spec/factories/application.rb +3 -3
- data/spec/generators/application_owner_generator_spec.rb +6 -7
- data/spec/generators/install_generator_spec.rb +9 -9
- data/spec/generators/migration_generator_spec.rb +4 -4
- data/spec/lib/config_spec.rb +136 -44
- data/spec/lib/models/expirable_spec.rb +9 -9
- data/spec/lib/models/revocable_spec.rb +4 -4
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +4 -4
- data/spec/lib/oauth/authorization_code_request_spec.rb +2 -2
- data/spec/lib/oauth/client/credentials_spec.rb +4 -4
- data/spec/lib/oauth/client/methods_spec.rb +10 -10
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +9 -7
- data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -2
- data/spec/lib/oauth/client_credentials_request_spec.rb +6 -6
- data/spec/lib/oauth/client_spec.rb +4 -4
- data/spec/lib/oauth/code_request_spec.rb +10 -9
- data/spec/lib/oauth/error_response_spec.rb +8 -8
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +17 -17
- data/spec/lib/oauth/helpers/unique_token_spec.rb +7 -7
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +33 -33
- data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
- data/spec/lib/oauth/password_access_token_request_spec.rb +13 -13
- data/spec/lib/oauth/pre_authorization_spec.rb +47 -7
- data/spec/lib/oauth/refresh_token_request_spec.rb +11 -21
- data/spec/lib/oauth/scopes_spec.rb +32 -32
- data/spec/lib/oauth/token_request_spec.rb +10 -9
- data/spec/lib/oauth/token_response_spec.rb +13 -15
- data/spec/lib/oauth/token_spec.rb +24 -10
- data/spec/lib/server_spec.rb +24 -2
- data/spec/models/doorkeeper/access_grant_spec.rb +8 -8
- data/spec/models/doorkeeper/access_token_spec.rb +79 -33
- data/spec/models/doorkeeper/application_spec.rb +29 -29
- data/spec/requests/applications/applications_request_spec.rb +15 -15
- data/spec/requests/applications/authorized_applications_spec.rb +7 -7
- data/spec/requests/endpoints/authorization_spec.rb +19 -12
- data/spec/requests/endpoints/token_spec.rb +26 -8
- data/spec/requests/flows/authorization_code_errors_spec.rb +17 -17
- data/spec/requests/flows/authorization_code_spec.rb +28 -28
- data/spec/requests/flows/client_credentials_spec.rb +3 -3
- data/spec/requests/flows/implicit_grant_errors_spec.rb +5 -5
- data/spec/requests/flows/implicit_grant_spec.rb +2 -2
- data/spec/requests/flows/password_spec.rb +32 -32
- data/spec/requests/flows/refresh_token_spec.rb +23 -23
- data/spec/requests/flows/revoke_token_spec.rb +165 -0
- data/spec/requests/flows/skip_authorization_spec.rb +10 -10
- data/spec/requests/protected_resources/metal_spec.rb +1 -1
- data/spec/requests/protected_resources/private_api_spec.rb +5 -5
- data/spec/routing/custom_controller_routes_spec.rb +4 -0
- data/spec/routing/default_routes_spec.rb +5 -1
- data/spec/spec_helper.rb +2 -2
- data/spec/spec_helper_integration.rb +8 -10
- data/spec/support/helpers/access_token_request_helper.rb +3 -3
- data/spec/support/helpers/authorization_request_helper.rb +3 -3
- data/spec/support/helpers/config_helper.rb +1 -1
- data/spec/support/helpers/model_helper.rb +2 -2
- data/spec/support/helpers/request_spec_helper.rb +3 -3
- data/spec/support/helpers/url_helper.rb +25 -21
- data/spec/support/orm/active_record.rb +4 -4
- data/spec/support/orm/mongo_mapper.rb +2 -3
- data/spec/support/orm/mongoid.rb +5 -6
- data/spec/support/shared/controllers_shared_context.rb +15 -15
- data/spec/support/shared/models_shared_examples.rb +13 -13
- data/spec/validators/redirect_uri_validator_spec.rb +9 -9
- metadata +5 -4
|
@@ -7,8 +7,8 @@ feature 'Adding applications' do
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
scenario 'adding a valid app' do
|
|
10
|
-
fill_in 'application_name', :
|
|
11
|
-
fill_in 'application_redirect_uri', :
|
|
10
|
+
fill_in 'application_name', with: 'My Application'
|
|
11
|
+
fill_in 'application_redirect_uri', with: 'http://example.com'
|
|
12
12
|
click_button 'Submit'
|
|
13
13
|
i_should_see 'Application created'
|
|
14
14
|
i_should_see 'My Application'
|
|
@@ -23,8 +23,8 @@ end
|
|
|
23
23
|
|
|
24
24
|
feature 'Listing applications' do
|
|
25
25
|
background do
|
|
26
|
-
FactoryGirl.create :application, :
|
|
27
|
-
FactoryGirl.create :application, :
|
|
26
|
+
FactoryGirl.create :application, name: 'Oauth Dude'
|
|
27
|
+
FactoryGirl.create :application, name: 'Awesome App'
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
scenario 'application list' do
|
|
@@ -36,7 +36,7 @@ end
|
|
|
36
36
|
|
|
37
37
|
feature 'Show application' do
|
|
38
38
|
let :app do
|
|
39
|
-
FactoryGirl.create :application, :
|
|
39
|
+
FactoryGirl.create :application, name: 'Just another oauth app'
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
scenario 'visiting application page' do
|
|
@@ -47,7 +47,7 @@ end
|
|
|
47
47
|
|
|
48
48
|
feature 'Edit application' do
|
|
49
49
|
let :app do
|
|
50
|
-
FactoryGirl.create :application, :
|
|
50
|
+
FactoryGirl.create :application, name: 'OMG my app'
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
background do
|
|
@@ -55,15 +55,15 @@ feature 'Edit application' do
|
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
scenario 'updating a valid app' do
|
|
58
|
-
fill_in :name, :
|
|
58
|
+
fill_in :name, with: 'Serious app'
|
|
59
59
|
click_button 'Submit'
|
|
60
|
-
i_should_see
|
|
61
|
-
i_should_see
|
|
62
|
-
i_should_not_see
|
|
60
|
+
i_should_see 'Application updated'
|
|
61
|
+
i_should_see 'Serious app'
|
|
62
|
+
i_should_not_see 'OMG my app'
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
scenario 'updating an invalid app' do
|
|
66
|
-
fill_in :name, :
|
|
66
|
+
fill_in :name, with: ''
|
|
67
67
|
click_button 'Submit'
|
|
68
68
|
i_should_see 'Whoops! Check your form for possible errors'
|
|
69
69
|
end
|
|
@@ -75,18 +75,18 @@ feature 'Remove application' do
|
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
scenario 'deleting an application from list' do
|
|
78
|
-
visit
|
|
78
|
+
visit '/oauth/applications'
|
|
79
79
|
i_should_see @app.name
|
|
80
80
|
within(:css, "tr#application_#{@app.id}") do
|
|
81
|
-
click_button
|
|
81
|
+
click_button 'Destroy'
|
|
82
82
|
end
|
|
83
|
-
i_should_see
|
|
83
|
+
i_should_see 'Application deleted'
|
|
84
84
|
i_should_not_see @app.name
|
|
85
85
|
end
|
|
86
86
|
|
|
87
87
|
scenario 'deleting an application from show' do
|
|
88
88
|
visit "/oauth/applications/#{@app.id}"
|
|
89
89
|
click_button 'Destroy'
|
|
90
|
-
i_should_see
|
|
90
|
+
i_should_see 'Application deleted'
|
|
91
91
|
end
|
|
92
92
|
end
|
|
@@ -2,25 +2,25 @@ require 'spec_helper_integration'
|
|
|
2
2
|
|
|
3
3
|
feature 'Authorized applications' do
|
|
4
4
|
background do
|
|
5
|
-
@user = User.create!(:
|
|
6
|
-
@client = client_exists(:
|
|
5
|
+
@user = User.create!(name: 'Joe', password: 'sekret')
|
|
6
|
+
@client = client_exists(name: 'Amazing Client App')
|
|
7
7
|
resource_owner_is_authenticated @user
|
|
8
8
|
client_is_authorized @client, @user
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
scenario
|
|
11
|
+
scenario 'display user\'s authorized applications' do
|
|
12
12
|
visit '/oauth/authorized_applications'
|
|
13
13
|
i_should_see 'Amazing Client App'
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
-
scenario
|
|
17
|
-
client = client_exists(:
|
|
18
|
-
client_is_authorized client, User.create!(:
|
|
16
|
+
scenario 'do not display other user\'s authorized applications' do
|
|
17
|
+
client = client_exists(name: 'Another Client App')
|
|
18
|
+
client_is_authorized client, User.create!(name: 'Joe', password: 'sekret')
|
|
19
19
|
visit '/oauth/authorized_applications'
|
|
20
20
|
i_should_not_see 'Another Client App'
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
scenario
|
|
23
|
+
scenario 'user revoke access to application' do
|
|
24
24
|
visit '/oauth/authorized_applications'
|
|
25
25
|
i_should_see 'Amazing Client App'
|
|
26
26
|
click_on 'Revoke'
|
|
@@ -3,13 +3,13 @@ require 'spec_helper_integration'
|
|
|
3
3
|
feature 'Authorization endpoint' do
|
|
4
4
|
background do
|
|
5
5
|
config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
|
|
6
|
-
client_exists(:
|
|
6
|
+
client_exists(name: 'MyApp')
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
scenario 'requires resource owner to be authenticated' do
|
|
10
|
-
visit authorization_endpoint_url(:
|
|
11
|
-
i_should_see
|
|
12
|
-
i_should_be_on
|
|
10
|
+
visit authorization_endpoint_url(client: @client)
|
|
11
|
+
i_should_see 'Sign in'
|
|
12
|
+
i_should_be_on '/'
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
context 'with authenticated resource owner' do
|
|
@@ -19,16 +19,16 @@ feature 'Authorization endpoint' do
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
scenario 'displays the authorization form' do
|
|
22
|
-
visit authorization_endpoint_url(:
|
|
23
|
-
i_should_see
|
|
22
|
+
visit authorization_endpoint_url(client: @client)
|
|
23
|
+
i_should_see 'Authorize MyApp to use your account?'
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
scenario
|
|
26
|
+
scenario 'displays all requested scopes' do
|
|
27
27
|
default_scopes_exist :public
|
|
28
28
|
optional_scopes_exist :write
|
|
29
|
-
visit authorization_endpoint_url(:
|
|
30
|
-
i_should_see
|
|
31
|
-
i_should_see
|
|
29
|
+
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
|
30
|
+
i_should_see 'Access your public data'
|
|
31
|
+
i_should_see 'Update your data'
|
|
32
32
|
end
|
|
33
33
|
end
|
|
34
34
|
|
|
@@ -38,8 +38,15 @@ feature 'Authorization endpoint' do
|
|
|
38
38
|
sign_in
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
scenario
|
|
42
|
-
visit authorization_endpoint_url(:
|
|
41
|
+
scenario 'displays the related error' do
|
|
42
|
+
visit authorization_endpoint_url(client: @client, response_type: '')
|
|
43
|
+
i_should_not_see 'Authorize'
|
|
44
|
+
i_should_see_translated_error_message :unsupported_response_type
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
scenario "displays unsupported_response_type error when using a disabled response type" do
|
|
48
|
+
config_is_set(:grant_flows, ['implicit'])
|
|
49
|
+
visit authorization_endpoint_url(client: @client, response_type: 'code')
|
|
43
50
|
i_should_not_see "Authorize"
|
|
44
51
|
i_should_see_translated_error_message :unsupported_response_type
|
|
45
52
|
end
|
|
@@ -3,33 +3,51 @@ require 'spec_helper_integration'
|
|
|
3
3
|
feature 'Token endpoint' do
|
|
4
4
|
background do
|
|
5
5
|
client_exists
|
|
6
|
-
authorization_code_exists :
|
|
6
|
+
authorization_code_exists application: @client, scopes: 'public'
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
scenario 'respond with correct headers' do
|
|
10
|
-
post token_endpoint_url(:
|
|
10
|
+
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
11
11
|
should_have_header 'Pragma', 'no-cache'
|
|
12
12
|
should_have_header 'Cache-Control', 'no-store'
|
|
13
13
|
should_have_header 'Content-Type', 'application/json; charset=utf-8'
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
scenario 'accepts client credentials with basic auth header' do
|
|
17
|
-
post token_endpoint_url(
|
|
18
|
-
|
|
19
|
-
|
|
17
|
+
post token_endpoint_url(
|
|
18
|
+
code: @authorization.token,
|
|
19
|
+
redirect_uri: @client.redirect_uri
|
|
20
|
+
), {}, 'HTTP_AUTHORIZATION' => basic_auth_header_for_client(@client)
|
|
20
21
|
|
|
21
22
|
should_have_json 'access_token', Doorkeeper::AccessToken.first.token
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
scenario 'returns null for expires_in when a permanent token is set' do
|
|
25
26
|
config_is_set(:access_token_expires_in, nil)
|
|
26
|
-
post token_endpoint_url(:
|
|
27
|
+
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
27
28
|
should_have_json 'access_token', Doorkeeper::AccessToken.first.token
|
|
28
29
|
should_not_have_json 'expires_in'
|
|
29
30
|
end
|
|
30
31
|
|
|
31
32
|
scenario 'returns unsupported_grant_type for invalid grant_type param' do
|
|
32
|
-
post token_endpoint_url(:
|
|
33
|
+
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'nothing')
|
|
34
|
+
|
|
35
|
+
should_not_have_json 'access_token'
|
|
36
|
+
should_have_json 'error', 'unsupported_grant_type'
|
|
37
|
+
should_have_json 'error_description', translated_error_message('unsupported_grant_type')
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
scenario 'returns unsupported_grant_type for disabled grant flows' do
|
|
41
|
+
config_is_set(:grant_flows, ['implicit'])
|
|
42
|
+
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'authorization_code')
|
|
43
|
+
|
|
44
|
+
should_not_have_json 'access_token'
|
|
45
|
+
should_have_json 'error', 'unsupported_grant_type'
|
|
46
|
+
should_have_json 'error_description', translated_error_message('unsupported_grant_type')
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
scenario 'returns unsupported_grant_type when refresh_token is not in use' do
|
|
50
|
+
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'refresh_token')
|
|
33
51
|
|
|
34
52
|
should_not_have_json 'access_token'
|
|
35
53
|
should_have_json 'error', 'unsupported_grant_type'
|
|
@@ -37,7 +55,7 @@ feature 'Token endpoint' do
|
|
|
37
55
|
end
|
|
38
56
|
|
|
39
57
|
scenario 'returns invalid_request if grant_type is missing' do
|
|
40
|
-
post token_endpoint_url(:
|
|
58
|
+
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: '')
|
|
41
59
|
|
|
42
60
|
should_not_have_json 'access_token'
|
|
43
61
|
should_have_json 'error', 'invalid_request'
|
|
@@ -14,22 +14,22 @@ feature 'Authorization Code Flow Errors' do
|
|
|
14
14
|
|
|
15
15
|
context 'when access was denied' do
|
|
16
16
|
scenario 'redirects with error' do
|
|
17
|
-
visit authorization_endpoint_url(:
|
|
18
|
-
click_on
|
|
17
|
+
visit authorization_endpoint_url(client: @client)
|
|
18
|
+
click_on 'Deny'
|
|
19
19
|
|
|
20
20
|
i_should_be_on_client_callback @client
|
|
21
|
-
url_should_not_have_param
|
|
22
|
-
url_should_have_param
|
|
23
|
-
url_should_have_param
|
|
21
|
+
url_should_not_have_param 'code'
|
|
22
|
+
url_should_have_param 'error', 'access_denied'
|
|
23
|
+
url_should_have_param 'error_description', translated_error_message(:access_denied)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
scenario 'redirects with state parameter' do
|
|
27
|
-
visit authorization_endpoint_url(:
|
|
28
|
-
click_on
|
|
27
|
+
visit authorization_endpoint_url(client: @client, state: 'return-this')
|
|
28
|
+
click_on 'Deny'
|
|
29
29
|
|
|
30
30
|
i_should_be_on_client_callback @client
|
|
31
|
-
url_should_not_have_param
|
|
32
|
-
url_should_have_param
|
|
31
|
+
url_should_not_have_param 'code'
|
|
32
|
+
url_should_have_param 'state', 'return-this'
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
end
|
|
@@ -37,25 +37,25 @@ end
|
|
|
37
37
|
feature 'Authorization Code Flow Errors', 'after authorization' do
|
|
38
38
|
background do
|
|
39
39
|
client_exists
|
|
40
|
-
authorization_code_exists :
|
|
40
|
+
authorization_code_exists application: @client
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
-
scenario
|
|
43
|
+
scenario 'returns :invalid_grant error when posting an already revoked grant code' do
|
|
44
44
|
# First successful request
|
|
45
|
-
post token_endpoint_url(:
|
|
45
|
+
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
46
46
|
|
|
47
47
|
# Second attempt with same token
|
|
48
|
-
expect
|
|
49
|
-
post token_endpoint_url(:
|
|
50
|
-
|
|
48
|
+
expect do
|
|
49
|
+
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
50
|
+
end.to_not change { Doorkeeper::AccessToken.count }
|
|
51
51
|
|
|
52
52
|
should_not_have_json 'access_token'
|
|
53
53
|
should_have_json 'error', 'invalid_grant'
|
|
54
54
|
should_have_json 'error_description', translated_error_message('invalid_grant')
|
|
55
55
|
end
|
|
56
56
|
|
|
57
|
-
scenario
|
|
58
|
-
post token_endpoint_url(:
|
|
57
|
+
scenario 'returns :invalid_grant error for invalid grant code' do
|
|
58
|
+
post token_endpoint_url(code: 'invalid', client: @client)
|
|
59
59
|
|
|
60
60
|
access_token_should_not_exist
|
|
61
61
|
|
|
@@ -9,23 +9,23 @@ feature 'Authorization Code Flow' do
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
scenario 'resource owner authorizes the client' do
|
|
12
|
-
visit authorization_endpoint_url(:
|
|
13
|
-
click_on
|
|
12
|
+
visit authorization_endpoint_url(client: @client)
|
|
13
|
+
click_on 'Authorize'
|
|
14
14
|
|
|
15
15
|
access_grant_should_exist_for(@client, @resource_owner)
|
|
16
16
|
|
|
17
17
|
i_should_be_on_client_callback(@client)
|
|
18
18
|
|
|
19
|
-
url_should_have_param(
|
|
20
|
-
url_should_not_have_param(
|
|
21
|
-
url_should_not_have_param(
|
|
19
|
+
url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
|
|
20
|
+
url_should_not_have_param('state')
|
|
21
|
+
url_should_not_have_param('error')
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
scenario 'resource owner authorizes using test url' do
|
|
25
25
|
@client.redirect_uri = Doorkeeper.configuration.test_redirect_uri
|
|
26
26
|
@client.save!
|
|
27
|
-
visit authorization_endpoint_url(:
|
|
28
|
-
click_on
|
|
27
|
+
visit authorization_endpoint_url(client: @client)
|
|
28
|
+
click_on 'Authorize'
|
|
29
29
|
|
|
30
30
|
access_grant_should_exist_for(@client, @resource_owner)
|
|
31
31
|
|
|
@@ -34,25 +34,25 @@ feature 'Authorization Code Flow' do
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
scenario 'resource owner authorizes the client with state parameter set' do
|
|
37
|
-
visit authorization_endpoint_url(:
|
|
38
|
-
click_on
|
|
39
|
-
url_should_have_param(
|
|
40
|
-
url_should_have_param(
|
|
37
|
+
visit authorization_endpoint_url(client: @client, state: 'return-me')
|
|
38
|
+
click_on 'Authorize'
|
|
39
|
+
url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
|
|
40
|
+
url_should_have_param('state', 'return-me')
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
scenario 'resource owner requests an access token with authorization code' do
|
|
44
|
-
visit authorization_endpoint_url(:
|
|
45
|
-
click_on
|
|
44
|
+
visit authorization_endpoint_url(client: @client)
|
|
45
|
+
click_on 'Authorize'
|
|
46
46
|
|
|
47
47
|
authorization_code = Doorkeeper::AccessGrant.first.token
|
|
48
|
-
post token_endpoint_url(:
|
|
48
|
+
post token_endpoint_url(code: authorization_code, client: @client)
|
|
49
49
|
|
|
50
50
|
access_token_should_exist_for(@client, @resource_owner)
|
|
51
51
|
|
|
52
52
|
should_not_have_json 'error'
|
|
53
53
|
|
|
54
54
|
should_have_json 'access_token', Doorkeeper::AccessToken.first.token
|
|
55
|
-
should_have_json 'token_type',
|
|
55
|
+
should_have_json 'token_type', 'bearer'
|
|
56
56
|
should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
|
|
57
57
|
end
|
|
58
58
|
|
|
@@ -63,42 +63,42 @@ feature 'Authorization Code Flow' do
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
scenario 'resource owner authorizes the client with default scopes' do
|
|
66
|
-
visit authorization_endpoint_url(:
|
|
67
|
-
click_on
|
|
66
|
+
visit authorization_endpoint_url(client: @client)
|
|
67
|
+
click_on 'Authorize'
|
|
68
68
|
access_grant_should_exist_for(@client, @resource_owner)
|
|
69
69
|
access_grant_should_have_scopes :public
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
scenario 'resource owner authorizes the client with required scopes' do
|
|
73
|
-
visit authorization_endpoint_url(:
|
|
74
|
-
click_on
|
|
73
|
+
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
|
74
|
+
click_on 'Authorize'
|
|
75
75
|
access_grant_should_have_scopes :public, :write
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
scenario 'resource owner authorizes the client with required scopes (without defaults)' do
|
|
79
|
-
visit authorization_endpoint_url(:
|
|
80
|
-
click_on
|
|
79
|
+
visit authorization_endpoint_url(client: @client, scope: 'write')
|
|
80
|
+
click_on 'Authorize'
|
|
81
81
|
access_grant_should_have_scopes :write
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
scenario 'new access token matches required scopes' do
|
|
85
|
-
visit authorization_endpoint_url(:
|
|
86
|
-
click_on
|
|
85
|
+
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
|
86
|
+
click_on 'Authorize'
|
|
87
87
|
|
|
88
88
|
authorization_code = Doorkeeper::AccessGrant.first.token
|
|
89
|
-
post token_endpoint_url(:
|
|
89
|
+
post token_endpoint_url(code: authorization_code, client: @client)
|
|
90
90
|
|
|
91
91
|
access_token_should_exist_for(@client, @resource_owner)
|
|
92
92
|
access_token_should_have_scopes :public, :write
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
scenario 'returns new token if scopes have changed' do
|
|
96
|
-
client_is_authorized(@client, @resource_owner, :
|
|
97
|
-
visit authorization_endpoint_url(:
|
|
98
|
-
click_on
|
|
96
|
+
client_is_authorized(@client, @resource_owner, scopes: 'public write')
|
|
97
|
+
visit authorization_endpoint_url(client: @client, scope: 'public')
|
|
98
|
+
click_on 'Authorize'
|
|
99
99
|
|
|
100
100
|
authorization_code = Doorkeeper::AccessGrant.first.token
|
|
101
|
-
post token_endpoint_url(:
|
|
101
|
+
post token_endpoint_url(code: authorization_code, client: @client)
|
|
102
102
|
|
|
103
103
|
expect(Doorkeeper::AccessToken.count).to be(2)
|
|
104
104
|
|
|
@@ -6,7 +6,7 @@ describe 'Client Credentials Request' do
|
|
|
6
6
|
context 'a valid request' do
|
|
7
7
|
it 'authorizes the client and returns the token response' do
|
|
8
8
|
headers = authorization client.uid, client.secret
|
|
9
|
-
params = { :
|
|
9
|
+
params = { grant_type: 'client_credentials' }
|
|
10
10
|
|
|
11
11
|
post '/oauth/token', params, headers
|
|
12
12
|
|
|
@@ -26,7 +26,7 @@ describe 'Client Credentials Request' do
|
|
|
26
26
|
|
|
27
27
|
it 'adds the scope to the token an returns in the response' do
|
|
28
28
|
headers = authorization client.uid, client.secret
|
|
29
|
-
params = { :
|
|
29
|
+
params = { grant_type: 'client_credentials', scope: 'write' }
|
|
30
30
|
|
|
31
31
|
post '/oauth/token', params, headers
|
|
32
32
|
|
|
@@ -39,7 +39,7 @@ describe 'Client Credentials Request' do
|
|
|
39
39
|
context 'an invalid request' do
|
|
40
40
|
it 'does not authorize the client and returns the error' do
|
|
41
41
|
headers = {}
|
|
42
|
-
params = { :
|
|
42
|
+
params = { grant_type: 'client_credentials' }
|
|
43
43
|
|
|
44
44
|
post '/oauth/token', params, headers
|
|
45
45
|
|