RubyGems - doorkeeper - Versions diffs - 1.3.1 → 1.4.0 - Mend

doorkeeper 1.3.1 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (64) hide show

checksums.yaml +4 -4
data/.hound.yml +4 -1
data/CHANGELOG.md +18 -0
data/README.md +2 -1
data/app/controllers/doorkeeper/application_metal_controller.rb +16 -0
data/app/controllers/doorkeeper/applications_controller.rb +0 -6
data/app/controllers/doorkeeper/authorizations_controller.rb +14 -15
data/app/controllers/doorkeeper/authorized_applications_controller.rb +10 -8
data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +3 -11
data/app/validators/redirect_uri_validator.rb +0 -1
data/config/locales/en.yml +0 -3
data/doorkeeper.gemspec +1 -0
data/lib/doorkeeper.rb +1 -0
data/lib/doorkeeper/config.rb +5 -5
data/lib/doorkeeper/doorkeeper_for.rb +7 -17
data/lib/doorkeeper/helpers/controller.rb +11 -8
data/lib/doorkeeper/helpers/filter.rb +35 -13
data/lib/doorkeeper/models/access_grant.rb +5 -5
data/lib/doorkeeper/models/access_token.rb +9 -5
data/lib/doorkeeper/models/active_record/access_grant.rb +1 -1
data/lib/doorkeeper/models/active_record/access_token.rb +1 -1
data/lib/doorkeeper/models/active_record/application.rb +3 -3
data/lib/doorkeeper/models/application.rb +1 -1
data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +0 -3
data/lib/doorkeeper/models/mongo_mapper/access_token.rb +0 -3
data/lib/doorkeeper/models/mongoid2/access_grant.rb +1 -3
data/lib/doorkeeper/models/mongoid2/access_token.rb +1 -3
data/lib/doorkeeper/models/mongoid3_4/access_grant.rb +2 -4
data/lib/doorkeeper/models/mongoid3_4/access_token.rb +2 -4
data/lib/doorkeeper/models/revocable.rb +1 -1
data/lib/doorkeeper/models/scopes.rb +6 -2
data/lib/doorkeeper/oauth/authorization/code.rb +4 -0
data/lib/doorkeeper/oauth/authorization/token.rb +8 -0
data/lib/doorkeeper/oauth/authorization_code_request.rb +2 -2
data/lib/doorkeeper/oauth/client.rb +2 -2
data/lib/doorkeeper/oauth/client_credentials/creator.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -2
data/lib/doorkeeper/oauth/client_credentials_request.rb +3 -12
data/lib/doorkeeper/oauth/code_response.rb +3 -4
data/lib/doorkeeper/oauth/error_response.rb +3 -3
data/lib/doorkeeper/oauth/forbidden_token_response.rb +29 -0
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
data/lib/doorkeeper/oauth/password_access_token_request.rb +5 -5
data/lib/doorkeeper/oauth/pre_authorization.rb +2 -2
data/lib/doorkeeper/oauth/refresh_token_request.rb +6 -6
data/lib/doorkeeper/oauth/request_concern.rb +2 -2
data/lib/doorkeeper/oauth/token.rb +1 -1
data/lib/doorkeeper/server.rb +2 -2
data/lib/doorkeeper/version.rb +1 -1
data/spec/controllers/authorizations_controller_spec.rb +46 -0
data/spec/controllers/protected_resources_controller_spec.rb +13 -6
data/spec/lib/models/revocable_spec.rb +1 -1
data/spec/lib/models/scopes_spec.rb +11 -0
data/spec/lib/oauth/authorization/uri_builder_spec.rb +5 -0
data/spec/lib/oauth/forbidden_token_response_spec.rb +23 -0
data/spec/models/doorkeeper/access_token_spec.rb +30 -0
data/spec/requests/flows/refresh_token_spec.rb +2 -2
data/spec/requests/protected_resources/private_api_spec.rb +5 -5
data/spec/support/shared/controllers_shared_context.rb +2 -2
data/spec/validators/redirect_uri_validator_spec.rb +1 -2
metadata +19 -4
data/lib/doorkeeper/models/mongo_mapper/revocable.rb +0 -15
data/lib/doorkeeper/models/mongoid/revocable.rb +0 -15

data/lib/doorkeeper/oauth/request_concern.rb CHANGED

@@ -15,7 +15,7 @@ module Doorkeeper
       def scopes
         @scopes ||= if @original_scopes.present?
-                      Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
+                      OAuth::Scopes.from_string(@original_scopes)
                     else
                       default_scopes
                     end
@@ -30,7 +30,7 @@ module Doorkeeper
       end
       def find_or_create_access_token(client, resource_owner_id, scopes, server)
-        @access_token = Doorkeeper::AccessToken.find_or_create_for(
+        @access_token = AccessToken.find_or_create_for(
           client,
           resource_owner_id,
           scopes,

data/lib/doorkeeper/oauth/token.rb CHANGED

@@ -55,7 +55,7 @@ module Doorkeeper
       def self.authenticate(request, *methods)
         token = from_request request, *methods
-        Doorkeeper::AccessToken.authenticate(token) if token
+        AccessToken.authenticate(token) if token
       end
     end
   end

data/lib/doorkeeper/server.rb CHANGED

@@ -34,11 +34,11 @@ module Doorkeeper
     end
     def current_refresh_token
-      Doorkeeper::AccessToken.by_refresh_token(parameters[:refresh_token])
+      AccessToken.by_refresh_token(parameters[:refresh_token])
     end
     def grant
-      Doorkeeper::AccessGrant.authenticate(parameters[:code])
+      AccessGrant.authenticate(parameters[:code])
     end
     # TODO: Use configuration and evaluate proper context on block

data/lib/doorkeeper/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '1.3.1'
+  VERSION = '1.4.0'
 end

data/spec/controllers/authorizations_controller_spec.rb CHANGED

@@ -98,6 +98,52 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'GET #new token request with native url and skip_authorization true' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
+        true
+      end)
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+      get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+    end
+    it 'should redirect immediately' do
+      expect(response).to be_redirect
+      expect(response.location).to match(/oauth\/token\/info\?access_token=/)
+    end
+    it 'should not issue a grant' do
+      expect(Doorkeeper::AccessGrant.count).to be 0
+    end
+    it 'should issue a token' do
+      expect(Doorkeeper::AccessToken.count).to be 1
+    end
+  end
+  describe 'GET #new code request with native url and skip_authorization true' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
+        true
+      end)
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+      get :new, client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri
+    end
+    it 'should redirect immediately' do
+      expect(response).to be_redirect
+      expect(response.location).to match(/oauth\/authorize\//)
+    end
+    it 'should issue a grant' do
+      expect(Doorkeeper::AccessGrant.count).to be 1
+    end
+    it 'should not issue a token' do
+      expect(Doorkeeper::AccessToken.count).to be 0
+    end
+  end
   describe 'GET #new with skip_authorization true' do
     before do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do

data/spec/controllers/protected_resources_controller_spec.rb CHANGED

@@ -77,19 +77,22 @@ describe 'Doorkeeper_for helper' do
     end
     let(:token_string) { '1A2BC3' }
+    let(:token) do
+      double(Doorkeeper::AccessToken, acceptable?: true)
+    end
     it 'access_token param' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string)
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       get :index, access_token: token_string
     end
     it 'bearer_token param' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string)
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       get :index, bearer_token: token_string
     end
     it 'Authorization header' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string)
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
     end
@@ -101,7 +104,7 @@ describe 'Doorkeeper_for helper' do
     end
     it 'does not change Authorization header value' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).exactly(2).times
+      expect(Doorkeeper::AccessToken).to receive(:authenticate).exactly(2).times.and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
       controller.send(:remove_instance_variable, :@token)
@@ -172,6 +175,7 @@ describe 'Doorkeeper_for helper' do
     it 'allows if the token has particular scopes' do
       token = double(Doorkeeper::AccessToken, accessible?: true, scopes: %w(write public))
+      expect(token).to receive(:acceptable?).with(['write']).and_return(true)
       expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
       get :index, access_token: token_string
       expect(response).to be_success
@@ -180,9 +184,10 @@ describe 'Doorkeeper_for helper' do
     it 'does not allow if the token does not include given scope' do
       token = double(Doorkeeper::AccessToken, accessible?: true, scopes: ['public'], revoked?: false, expired?: false)
       expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+      expect(token).to receive(:acceptable?).with(['write']).and_return(false)
       get :index, access_token: token_string
-      expect(response.status).to eq 401
-      expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
+      expect(response.status).to eq 403
+      expect(response.header).to_not include('WWW-Authenticate')
     end
   end
@@ -302,6 +307,8 @@ describe 'Doorkeeper_for helper' do
     context 'with invalid token', token: :invalid do
       it 'does not allow access if passed block evaluates to false' do
         get :index, access_token: token_string
+        expect(response.status).to eq 401
+        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
       end
       it 'allows access if passed block evaluates to true' do

data/spec/lib/models/revocable_spec.rb CHANGED

@@ -12,7 +12,7 @@ describe 'Revocable' do
   describe :revoke do
     it 'updates :revoked_at attribute with current time' do
       clock = double now: double
-      expect(subject).to receive(:update_column).with(:revoked_at, clock.now)
+      expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now)
       subject.revoke(clock)
     end
   end

data/spec/lib/models/scopes_spec.rb CHANGED

@@ -1,5 +1,6 @@
 require 'spec_helper'
 require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/object/blank'
 require 'doorkeeper/oauth/scopes'
 require 'doorkeeper/models/scopes'
@@ -29,4 +30,14 @@ describe 'Doorkeeper::Models::Scopes' do
       expect(subject.scopes_string).to eq('public admin')
     end
   end
+  describe :includes_scope? do
+    it 'should return true if at least one scope is included' do
+      expect(subject.includes_scope?(['public', 'private'])).to be true
+    end
+    it 'should return false if no scopes are included' do
+      expect(subject.includes_scope?(['teacher', 'student'])).to be false
+    end
+  end
 end

data/spec/lib/oauth/authorization/uri_builder_spec.rb CHANGED

@@ -32,6 +32,11 @@ module Doorkeeper::OAuth::Authorization
         uri = subject.uri_with_fragment 'http://example.com/', parameter: 'value'
         expect(uri).to eq('http://example.com/#parameter=value')
       end
+      it 'preserves original query parameters' do
+        uri = subject.uri_with_fragment 'http://example.com/?query1=value1', parameter: 'value'
+        expect(uri).to eq('http://example.com/?query1=value1#parameter=value')
+      end
     end
   end
 end

data/spec/lib/oauth/forbidden_token_response_spec.rb ADDED

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'active_model'
+require 'doorkeeper'
+require 'doorkeeper/oauth/forbidden_token_response'
+module Doorkeeper::OAuth
+  describe ForbiddenTokenResponse do
+    describe '#name' do
+      it  { expect(subject.name).to eq(:invalid_scope) }
+    end
+    describe '#status' do
+      it { expect(subject.status).to eq(:forbidden) }
+    end
+    describe :from_scopes do
+      it 'should have a list of acceptable scopes' do
+        response = ForbiddenTokenResponse.from_scopes(["public"])
+        expect(response.description).to include('public')
+      end
+    end
+  end
+end

data/spec/models/doorkeeper/access_token_spec.rb CHANGED

@@ -95,6 +95,36 @@ module Doorkeeper
       end
     end
+    describe '#acceptable?' do
+      context 'a token that is not accessible' do
+        let(:token) { FactoryGirl.create(:access_token, created_at: 6.hours.ago) }
+        it 'should return false' do
+          expect(token.acceptable?(nil)).to be false
+        end
+      end
+      context 'a token that has the incorrect scopes' do
+        let(:token) { FactoryGirl.create(:access_token) }
+        it 'should return false' do
+          expect(token.acceptable?(['public'])).to be false
+        end
+      end
+      context 'a token is acceptable with the correct scopes' do
+        let(:token) do
+          token = FactoryGirl.create(:access_token)
+          token[:scopes] = 'public'
+          token
+        end
+        it 'should return true' do
+          expect(token.acceptable?(['public'])).to be true
+        end
+      end
+    end
     describe '.revoke_all_for' do
       let(:resource_owner) { double(id: 100) }
       let(:application)    { FactoryGirl.create :application }

data/spec/requests/flows/refresh_token_spec.rb CHANGED

@@ -47,7 +47,7 @@ feature 'Refresh Token Flow' do
     end
     scenario 'client request a token with expired access token' do
-      @token.update_column :expires_in, -100
+      @token.update_attribute :expires_in, -100
       post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
       should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
       expect(@token.reload).to be_revoked
@@ -78,7 +78,7 @@ feature 'Refresh Token Flow' do
     end
     scenario 'client request a token after creating another token with the same user' do
-      @token.update_column :expires_in, -100
+      @token.update_attribute :expires_in, -100
       post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
       post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
       should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token

data/spec/requests/protected_resources/private_api_spec.rb CHANGED

@@ -27,14 +27,14 @@ feature 'Private API' do
   end
   scenario 'client attempts to request protected resource with expired token' do
-    @token.update_column :expires_in, -100 # expires token
+    @token.update_attribute :expires_in, -100 # expires token
     with_access_token_header @token.token
     visit '/full_protected_resources'
     response_status_should_be 401
   end
   scenario 'client requests protected resource with permanent token' do
-    @token.update_column :expires_in, nil # never expires
+    @token.update_attribute :expires_in, nil # never expires
     with_access_token_header @token.token
     visit '/full_protected_resources'
     expect(page.body).to have_content('index')
@@ -42,15 +42,15 @@ feature 'Private API' do
   scenario 'access token with no scopes' do
     optional_scopes_exist :admin
-    @token.update_column :scopes, nil
+    @token.update_attribute :scopes, nil
     with_access_token_header @token.token
     visit '/full_protected_resources/1.json'
-    response_status_should_be 401
+    response_status_should_be 403
   end
   scenario 'access token with default scope' do
     default_scopes_exist :admin
-    @token.update_column :scopes, 'admin'
+    @token.update_attribute :scopes, 'admin'
     with_access_token_header @token.token
     visit '/full_protected_resources/1.json'
     expect(page.body).to have_content('show')

data/spec/support/shared/controllers_shared_context.rb CHANGED

@@ -4,7 +4,7 @@ shared_context 'valid token', token: :valid do
   end
   let :token do
-    double(Doorkeeper::AccessToken, accessible?: true)
+    double(Doorkeeper::AccessToken, accessible?: true, includes_scope?: true, acceptable?: true)
   end
   before :each do
@@ -18,7 +18,7 @@ shared_context 'invalid token', token: :invalid do
   end
   let :token do
-    double(Doorkeeper::AccessToken, accessible?: false, revoked?: false, expired?: false)
+    double(Doorkeeper::AccessToken, accessible?: false, revoked?: false, expired?: false, includes_scope?: false, acceptable?: false)
   end
   before :each do

data/spec/validators/redirect_uri_validator_spec.rb CHANGED

@@ -41,7 +41,6 @@ describe RedirectUriValidator do
   it 'is invalid when the uri has a query parameter' do
     subject.redirect_uri = 'http://example.com/abcd?xyz=123'
-    expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq('cannot contain a query parameter.')
+    expect(subject).to be_valid
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.4.0
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-06 00:00:00.000000000 Z
+date: 2014-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -151,6 +151,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.0.1
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
 description: Doorkeeper is an OAuth 2 provider for Rails.
 email:
 - felipe@applicake.com
@@ -171,6 +185,7 @@ files:
 - app/assets/stylesheets/doorkeeper/admin/application.css
 - app/assets/stylesheets/doorkeeper/application.css
 - app/controllers/doorkeeper/application_controller.rb
+- app/controllers/doorkeeper/application_metal_controller.rb
 - app/controllers/doorkeeper/applications_controller.rb
 - app/controllers/doorkeeper/authorizations_controller.rb
 - app/controllers/doorkeeper/authorized_applications_controller.rb
@@ -211,8 +226,6 @@ files:
 - lib/doorkeeper/models/mongo_mapper/access_grant.rb
 - lib/doorkeeper/models/mongo_mapper/access_token.rb
 - lib/doorkeeper/models/mongo_mapper/application.rb
-- lib/doorkeeper/models/mongo_mapper/revocable.rb
-- lib/doorkeeper/models/mongoid/revocable.rb
 - lib/doorkeeper/models/mongoid/scopes.rb
 - lib/doorkeeper/models/mongoid/version.rb
 - lib/doorkeeper/models/mongoid2/access_grant.rb
@@ -239,6 +252,7 @@ files:
 - lib/doorkeeper/oauth/code_response.rb
 - lib/doorkeeper/oauth/error.rb
 - lib/doorkeeper/oauth/error_response.rb
+- lib/doorkeeper/oauth/forbidden_token_response.rb
 - lib/doorkeeper/oauth/helpers/scope_checker.rb
 - lib/doorkeeper/oauth/helpers/unique_token.rb
 - lib/doorkeeper/oauth/helpers/uri_checker.rb
@@ -347,6 +361,7 @@ files:
 - spec/lib/oauth/code_request_spec.rb
 - spec/lib/oauth/error_response_spec.rb
 - spec/lib/oauth/error_spec.rb
+- spec/lib/oauth/forbidden_token_response_spec.rb
 - spec/lib/oauth/helpers/scope_checker_spec.rb
 - spec/lib/oauth/helpers/unique_token_spec.rb
 - spec/lib/oauth/helpers/uri_checker_spec.rb

data/lib/doorkeeper/models/mongo_mapper/revocable.rb DELETED

@@ -1,15 +0,0 @@
-module Doorkeeper
-  module Models
-    module MongoMapper
-      module Revocable
-        def self.included(base)
-          base.class_eval do
-            def update_column(attr, val)
-              update_attribute attr, val
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/doorkeeper/models/mongoid/revocable.rb DELETED

@@ -1,15 +0,0 @@
-module Doorkeeper
-  module Models
-    module Mongoid
-      module Revocable
-        def self.included(base)
-          base.class_eval do
-            def update_column(attr, val)
-              update_attribute attr, val
-            end
-          end
-        end
-      end
-    end
-  end
-end