RubyGems - doorkeeper - Versions diffs - 1.3.1 → 1.4.0 - Mend

doorkeeper 1.3.1 → 1.4.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (64) hide show

checksums.yaml +4 -4
data/.hound.yml +4 -1
data/CHANGELOG.md +18 -0
data/README.md +2 -1
data/app/controllers/doorkeeper/application_metal_controller.rb +16 -0
data/app/controllers/doorkeeper/applications_controller.rb +0 -6
data/app/controllers/doorkeeper/authorizations_controller.rb +14 -15
data/app/controllers/doorkeeper/authorized_applications_controller.rb +10 -8
data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +3 -11
data/app/validators/redirect_uri_validator.rb +0 -1
data/config/locales/en.yml +0 -3
data/doorkeeper.gemspec +1 -0
data/lib/doorkeeper.rb +1 -0
data/lib/doorkeeper/config.rb +5 -5
data/lib/doorkeeper/doorkeeper_for.rb +7 -17
data/lib/doorkeeper/helpers/controller.rb +11 -8
data/lib/doorkeeper/helpers/filter.rb +35 -13
data/lib/doorkeeper/models/access_grant.rb +5 -5
data/lib/doorkeeper/models/access_token.rb +9 -5
data/lib/doorkeeper/models/active_record/access_grant.rb +1 -1
data/lib/doorkeeper/models/active_record/access_token.rb +1 -1
data/lib/doorkeeper/models/active_record/application.rb +3 -3
data/lib/doorkeeper/models/application.rb +1 -1
data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +0 -3
data/lib/doorkeeper/models/mongo_mapper/access_token.rb +0 -3
data/lib/doorkeeper/models/mongoid2/access_grant.rb +1 -3
data/lib/doorkeeper/models/mongoid2/access_token.rb +1 -3
data/lib/doorkeeper/models/mongoid3_4/access_grant.rb +2 -4
data/lib/doorkeeper/models/mongoid3_4/access_token.rb +2 -4
data/lib/doorkeeper/models/revocable.rb +1 -1
data/lib/doorkeeper/models/scopes.rb +6 -2
data/lib/doorkeeper/oauth/authorization/code.rb +4 -0
data/lib/doorkeeper/oauth/authorization/token.rb +8 -0
data/lib/doorkeeper/oauth/authorization_code_request.rb +2 -2
data/lib/doorkeeper/oauth/client.rb +2 -2
data/lib/doorkeeper/oauth/client_credentials/creator.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -2
data/lib/doorkeeper/oauth/client_credentials_request.rb +3 -12
data/lib/doorkeeper/oauth/code_response.rb +3 -4
data/lib/doorkeeper/oauth/error_response.rb +3 -3
data/lib/doorkeeper/oauth/forbidden_token_response.rb +29 -0
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
data/lib/doorkeeper/oauth/password_access_token_request.rb +5 -5
data/lib/doorkeeper/oauth/pre_authorization.rb +2 -2
data/lib/doorkeeper/oauth/refresh_token_request.rb +6 -6
data/lib/doorkeeper/oauth/request_concern.rb +2 -2
data/lib/doorkeeper/oauth/token.rb +1 -1
data/lib/doorkeeper/server.rb +2 -2
data/lib/doorkeeper/version.rb +1 -1
data/spec/controllers/authorizations_controller_spec.rb +46 -0
data/spec/controllers/protected_resources_controller_spec.rb +13 -6
data/spec/lib/models/revocable_spec.rb +1 -1
data/spec/lib/models/scopes_spec.rb +11 -0
data/spec/lib/oauth/authorization/uri_builder_spec.rb +5 -0
data/spec/lib/oauth/forbidden_token_response_spec.rb +23 -0
data/spec/models/doorkeeper/access_token_spec.rb +30 -0
data/spec/requests/flows/refresh_token_spec.rb +2 -2
data/spec/requests/protected_resources/private_api_spec.rb +5 -5
data/spec/support/shared/controllers_shared_context.rb +2 -2
data/spec/validators/redirect_uri_validator_spec.rb +1 -2
metadata +19 -4
data/lib/doorkeeper/models/mongo_mapper/revocable.rb +0 -15
data/lib/doorkeeper/models/mongoid/revocable.rb +0 -15

data/lib/doorkeeper/oauth/request_concern.rb CHANGED

@@ -15,7 +15,7 @@ module Doorkeeper
       def scopes
         @scopes ||= if @original_scopes.present?
-                      Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
+                      OAuth::Scopes.from_string(@original_scopes)
                     else
                       default_scopes
                     end
@@ -30,7 +30,7 @@ module Doorkeeper
       end
       def find_or_create_access_token(client, resource_owner_id, scopes, server)
-        @access_token = Doorkeeper::AccessToken.find_or_create_for(
+        @access_token = AccessToken.find_or_create_for(
           client,
           resource_owner_id,
           scopes,

data/lib/doorkeeper/oauth/token.rb CHANGED

@@ -55,7 +55,7 @@ module Doorkeeper
       def self.authenticate(request, *methods)
         token = from_request request, *methods
-        Doorkeeper::AccessToken.authenticate(token) if token
+        AccessToken.authenticate(token) if token
       end
     end
   end

data/lib/doorkeeper/server.rb CHANGED

@@ -34,11 +34,11 @@ module Doorkeeper
     end
     def current_refresh_token
-      Doorkeeper::AccessToken.by_refresh_token(parameters[:refresh_token])
+      AccessToken.by_refresh_token(parameters[:refresh_token])
     end
     def grant
-      Doorkeeper::AccessGrant.authenticate(parameters[:code])
+      AccessGrant.authenticate(parameters[:code])
     end
     # TODO: Use configuration and evaluate proper context on block

data/lib/doorkeeper/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '1.3.1'
+  VERSION = '1.4.0'
 end

data/spec/controllers/authorizations_controller_spec.rb CHANGED

@@ -98,6 +98,52 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'GET #new token request with native url and skip_authorization true' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
+        true
+      end)
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+      get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+    end
+    it 'should redirect immediately' do
+      expect(response).to be_redirect
+      expect(response.location).to match(/oauth\/token\/info\?access_token=/)
+    end
+    it 'should not issue a grant' do
+      expect(Doorkeeper::AccessGrant.count).to be 0
+    end
+    it 'should issue a token' do
+      expect(Doorkeeper::AccessToken.count).to be 1
+    end
+  end
+  describe 'GET #new code request with native url and skip_authorization true' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
+        true
+      end)
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+      get :new, client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri
+    end
+    it 'should redirect immediately' do
+      expect(response).to be_redirect
+      expect(response.location).to match(/oauth\/authorize\//)
+    end
+    it 'should issue a grant' do
+      expect(Doorkeeper::AccessGrant.count).to be 1
+    end
+    it 'should not issue a token' do
+      expect(Doorkeeper::AccessToken.count).to be 0
+    end
+  end
   describe 'GET #new with skip_authorization true' do
     before do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do

data/spec/controllers/protected_resources_controller_spec.rb CHANGED

@@ -77,19 +77,22 @@ describe 'Doorkeeper_for helper' do
     end
     let(:token_string) { '1A2BC3' }
+    let(:token) do
+      double(Doorkeeper::AccessToken, acceptable?: true)
+    end
     it 'access_token param' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string)
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       get :index, access_token: token_string
     end
     it 'bearer_token param' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string)
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       get :index, bearer_token: token_string
     end
     it 'Authorization header' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string)
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
     end
@@ -101,7 +104,7 @@ describe 'Doorkeeper_for helper' do
     end
     it 'does not change Authorization header value' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).exactly(2).times
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).exactly(2).times.and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
       controller.send(:remove_instance_variable, :@token)
@@ -172,6 +175,7 @@ describe 'Doorkeeper_for helper' do
     it 'allows if the token has particular scopes' do
       token = double(Doorkeeper::AccessToken, accessible?: true, scopes: %w(write public))
+      expect(token).to receive(:acceptable?).with(['write']).and_return(true)
       expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       get :index, access_token: token_string
       expect(response).to be_success
@@ -180,9 +184,10 @@ describe 'Doorkeeper_for helper' do
     it 'does not allow if the token does not include given scope' do
       token = double(Doorkeeper::AccessToken, accessible?: true, scopes: ['public'], revoked?: false, expired?: false)
       expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+      expect(token).to receive(:acceptable?).with(['write']).and_return(false)
       get :index, access_token: token_string
-      expect(response.status).to eq 401
-      expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
+      expect(response.status).to eq 403
+      expect(response.header).to_not include('WWW-Authenticate')
     end
   end
@@ -302,6 +307,8 @@ describe 'Doorkeeper_for helper' do
     context 'with invalid token', token: :invalid do
       it 'does not allow access if passed block evaluates to false' do
         get :index, access_token: token_string
+        expect(response.status).to eq 401
+        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
       end
       it 'allows access if passed block evaluates to true' do

data/spec/lib/models/revocable_spec.rb CHANGED

@@ -12,7 +12,7 @@ describe 'Revocable' do
   describe :revoke do
     it 'updates :revoked_at attribute with current time' do
       clock = double now: double
-      expect(subject).to receive(:update_column).with(:revoked_at, clock.now)
+      expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now)
       subject.revoke(clock)
     end
   end

data/spec/lib/models/scopes_spec.rb CHANGED

@@ -1,5 +1,6 @@
 require 'spec_helper'
 require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/object/blank'
 require 'doorkeeper/oauth/scopes'
 require 'doorkeeper/models/scopes'
@@ -29,4 +30,14 @@ describe 'Doorkeeper::Models::Scopes' do
       expect(subject.scopes_string).to eq('public admin')
     end
   end
+  describe :includes_scope? do
+    it 'should return true if at least one scope is included' do
+      expect(subject.includes_scope?(['public', 'private'])).to be true
+    end
+    it 'should return false if no scopes are included' do
+      expect(subject.includes_scope?(['teacher', 'student'])).to be false
+    end
+  end
 end

data/spec/lib/oauth/authorization/uri_builder_spec.rb CHANGED

@@ -32,6 +32,11 @@ module Doorkeeper::OAuth::Authorization
         uri = subject.uri_with_fragment 'http://example.com/', parameter: 'value'
         expect(uri).to eq('http://example.com/#parameter=value')
       end
+      it 'preserves original query parameters' do
+        uri = subject.uri_with_fragment 'http://example.com/?query1=value1', parameter: 'value'
+        expect(uri).to eq('http://example.com/?query1=value1#parameter=value')
+      end
     end
   end
 end

data/spec/lib/oauth/forbidden_token_response_spec.rb ADDED

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'active_model'
+require 'doorkeeper'
+require 'doorkeeper/oauth/forbidden_token_response'
+module Doorkeeper::OAuth
+  describe ForbiddenTokenResponse do
+    describe '#name' do
+      it  { expect(subject.name).to eq(:invalid_scope) }
+    end
+    describe '#status' do
+      it { expect(subject.status).to eq(:forbidden) }
+    end
+    describe :from_scopes do
+      it 'should have a list of acceptable scopes' do
+        response = ForbiddenTokenResponse.from_scopes(["public"])
+        expect(response.description).to include('public')
+      end
+    end
+  end
+end

data/spec/models/doorkeeper/access_token_spec.rb CHANGED

@@ -95,6 +95,36 @@ module Doorkeeper
       end
     end
+    describe '#acceptable?' do
+      context 'a token that is not accessible' do
+        let(:token) { FactoryGirl.create(:access_token, created_at: 6.hours.ago) }
+        it 'should return false' do
+          expect(token.acceptable?(nil)).to be false
+        end
+      end
+      context 'a token that has the incorrect scopes' do
+        let(:token) { FactoryGirl.create(:access_token) }
+        it 'should return false' do
+          expect(token.acceptable?(['public'])).to be false
+        end
+      end
+      context 'a token is acceptable with the correct scopes' do
+        let(:token) do
+          token = FactoryGirl.create(:access_token)
+          token[:scopes] = 'public'
+          token
+        end
+        it 'should return true' do
+          expect(token.acceptable?(['public'])).to be true
+        end
+      end
+    end
     describe '.revoke_all_for' do
       let(:resource_owner) { double(id: 100) }
       let(:application)    { FactoryGirl.create :application }

data/spec/requests/flows/refresh_token_spec.rb CHANGED

@@ -47,7 +47,7 @@ feature 'Refresh Token Flow' do
     end
     scenario 'client request a token with expired access token' do
-      @token.update_column :expires_in, -100
+      @token.update_attribute :expires_in, -100
       post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
       should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
       expect(@token.reload).to be_revoked
@@ -78,7 +78,7 @@ feature 'Refresh Token Flow' do
     end
     scenario 'client request a token after creating another token with the same user' do
-      @token.update_column :expires_in, -100
+      @token.update_attribute :expires_in, -100
       post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
       post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
       should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token

data/spec/requests/protected_resources/private_api_spec.rb CHANGED

@@ -27,14 +27,14 @@ feature 'Private API' do
   end
   scenario 'client attempts to request protected resource with expired token' do
-    @token.update_column :expires_in, -100 # expires token
+    @token.update_attribute :expires_in, -100 # expires token
     with_access_token_header @token.token
     visit '/full_protected_resources'
     response_status_should_be 401
   end
   scenario 'client requests protected resource with permanent token' do
-    @token.update_column :expires_in, nil # never expires
+    @token.update_attribute :expires_in, nil # never expires
     with_access_token_header @token.token
     visit '/full_protected_resources'
     expect(page.body).to have_content('index')
@@ -42,15 +42,15 @@ feature 'Private API' do
   scenario 'access token with no scopes' do
     optional_scopes_exist :admin
-    @token.update_column :scopes, nil
+    @token.update_attribute :scopes, nil
     with_access_token_header @token.token
     visit '/full_protected_resources/1.json'
-    response_status_should_be 401
+    response_status_should_be 403
   end
   scenario 'access token with default scope' do
     default_scopes_exist :admin
-    @token.update_column :scopes, 'admin'
+    @token.update_attribute :scopes, 'admin'
     with_access_token_header @token.token
     visit '/full_protected_resources/1.json'
     expect(page.body).to have_content('show')

data/spec/support/shared/controllers_shared_context.rb CHANGED

@@ -4,7 +4,7 @@ shared_context 'valid token', token: :valid do
   end
   let :token do
-    double(Doorkeeper::AccessToken, accessible?: true)
+    double(Doorkeeper::AccessToken, accessible?: true, includes_scope?: true, acceptable?: true)
   end
   before :each do
@@ -18,7 +18,7 @@ shared_context 'invalid token', token: :invalid do
   end
   let :token do
-    double(Doorkeeper::AccessToken, accessible?: false, revoked?: false, expired?: false)
+    double(Doorkeeper::AccessToken, accessible?: false, revoked?: false, expired?: false, includes_scope?: false, acceptable?: false)
   end
   before :each do

data/spec/validators/redirect_uri_validator_spec.rb CHANGED

@@ -41,7 +41,6 @@ describe RedirectUriValidator do
   it 'is invalid when the uri has a query parameter' do
     subject.redirect_uri = 'http://example.com/abcd?xyz=123'
-    expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq('cannot contain a query parameter.')
+    expect(subject).to be_valid
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.4.0
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-06 00:00:00.000000000 Z
+date: 2014-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -151,6 +151,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.0.1
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
 description: Doorkeeper is an OAuth 2 provider for Rails.
 email:
 - felipe@applicake.com
@@ -171,6 +185,7 @@ files:
 - app/assets/stylesheets/doorkeeper/admin/application.css
 - app/assets/stylesheets/doorkeeper/application.css
 - app/controllers/doorkeeper/application_controller.rb
+- app/controllers/doorkeeper/application_metal_controller.rb
 - app/controllers/doorkeeper/applications_controller.rb
 - app/controllers/doorkeeper/authorizations_controller.rb
 - app/controllers/doorkeeper/authorized_applications_controller.rb
@@ -211,8 +226,6 @@ files:
 - lib/doorkeeper/models/mongo_mapper/access_grant.rb
 - lib/doorkeeper/models/mongo_mapper/access_token.rb
 - lib/doorkeeper/models/mongo_mapper/application.rb
-- lib/doorkeeper/models/mongo_mapper/revocable.rb
-- lib/doorkeeper/models/mongoid/revocable.rb
 - lib/doorkeeper/models/mongoid/scopes.rb
 - lib/doorkeeper/models/mongoid/version.rb
 - lib/doorkeeper/models/mongoid2/access_grant.rb
@@ -239,6 +252,7 @@ files:
 - lib/doorkeeper/oauth/code_response.rb
 - lib/doorkeeper/oauth/error.rb
 - lib/doorkeeper/oauth/error_response.rb
+- lib/doorkeeper/oauth/forbidden_token_response.rb
 - lib/doorkeeper/oauth/helpers/scope_checker.rb
 - lib/doorkeeper/oauth/helpers/unique_token.rb
 - lib/doorkeeper/oauth/helpers/uri_checker.rb
@@ -347,6 +361,7 @@ files:
 - spec/lib/oauth/code_request_spec.rb
 - spec/lib/oauth/error_response_spec.rb
 - spec/lib/oauth/error_spec.rb
+- spec/lib/oauth/forbidden_token_response_spec.rb
 - spec/lib/oauth/helpers/scope_checker_spec.rb
 - spec/lib/oauth/helpers/unique_token_spec.rb
 - spec/lib/oauth/helpers/uri_checker_spec.rb

data/lib/doorkeeper/models/mongo_mapper/revocable.rb DELETED

@@ -1,15 +0,0 @@
-module Doorkeeper
-  module Models
-    module MongoMapper
-      module Revocable
-        def self.included(base)
-          base.class_eval do
-            def update_column(attr, val)
-              update_attribute attr, val
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/doorkeeper/models/mongoid/revocable.rb DELETED

@@ -1,15 +0,0 @@
-module Doorkeeper
-  module Models
-    module Mongoid
-      module Revocable
-        def self.included(base)
-          base.class_eval do
-            def update_column(attr, val)
-              update_attribute attr, val
-            end
-          end
-        end
-      end
-    end
-  end
-end