doorkeeper 2.0.1 → 2.1.0

data/spec/lib/oauth/password_access_token_request_spec.rb

@@ -2,7 +2,14 @@ require 'spec_helper_integration'
 
 module Doorkeeper::OAuth
   describe PasswordAccessTokenRequest do
-    let(:server) { double :server, default_scopes: Doorkeeper::OAuth::Scopes.new, access_token_expires_in: 2.hours, refresh_token_enabled?: false }
+    let(:server) do
+      double(
+        :server,
+        default_scopes: Doorkeeper::OAuth::Scopes.new,
+        access_token_expires_in: 2.hours,
+        refresh_token_enabled?: false
+      )
+    end
     let(:credentials) { Client::Credentials.new(client.uid, client.secret) }
     let(:client) { FactoryGirl.create(:application) }
     let(:owner)  { double :owner, id: 99 }

data/spec/lib/oauth/pre_authorization_spec.rb

@@ -41,6 +41,7 @@ module Doorkeeper::OAuth
     end
 
     it 'accepts token as response type' do
+      server.stub(:grant_flows) { ['implicit'] }
       subject.response_type = 'token'
       expect(subject).to be_authorizable
     end
@@ -52,6 +53,7 @@ module Doorkeeper::OAuth
       end
 
       it 'accepts "token" as response type' do
+        server.stub(:grant_flows) { ['implicit'] }
         subject.response_type = 'token'
         expect(subject).to be_authorizable
       end

data/spec/lib/oauth/refresh_token_request_spec.rb

@@ -40,7 +40,7 @@ module Doorkeeper::OAuth
     it 'rejects revoked tokens' do
       refresh_token.revoke
       subject.validate
-      expect(subject.error).to eq(:invalid_request)
+      expect(subject.error).to eq(:invalid_grant)
     end
 
     it 'accepts expired tokens' do

data/spec/lib/oauth/token_request_spec.rb

@@ -2,10 +2,14 @@ require 'spec_helper_integration'
 
 module Doorkeeper::OAuth
   describe TokenRequest do
+    let :application do
+      scopes = double(all: ['public'])
+      double(:application, id: 9990, scopes: scopes)
+    end
     let :pre_auth do
       double(
         :pre_auth,
-        client: double(:application, id: 9990),
+        client: application,
         redirect_uri: 'http://tst.com/cb',
         state: nil,
         scopes: Scopes.from_string('public'),

data/spec/lib/oauth/token_response_spec.rb

@@ -18,12 +18,13 @@ module Doorkeeper::OAuth
     describe '.body' do
       let(:access_token) do
         double :access_token,
-               token: 'some-token',
-               expires_in: '3600',
+               token:              'some-token',
+               expires_in:         '3600',
                expires_in_seconds: '300',
-               scopes_string: 'two scopes',
-               refresh_token: 'some-refresh-token',
-               token_type: 'bearer'
+               scopes_string:      'two scopes',
+               refresh_token:      'some-refresh-token',
+               token_type:         'bearer',
+               created_at:         0
       end
 
       subject { TokenResponse.new(access_token).body }
@@ -49,16 +50,21 @@ module Doorkeeper::OAuth
       it 'includes :refresh_token' do
         expect(subject['refresh_token']).to eq('some-refresh-token')
       end
+
+      it 'includes :created_at' do
+        expect(subject['created_at']).to eq(0)
+      end
     end
 
     describe '.body filters out empty values' do
       let(:access_token) do
         double :access_token,
-               token: 'some-token',
+               token:              'some-token',
                expires_in_seconds: '',
-               scopes_string: '',
-               refresh_token: '',
-               token_type: 'bearer'
+               scopes_string:      '',
+               refresh_token:      '',
+               token_type:         'bearer',
+               created_at:         0
       end
 
       subject { TokenResponse.new(access_token).body }

data/spec/models/doorkeeper/access_token_spec.rb

@@ -156,9 +156,13 @@ module Doorkeeper
     describe '.matching_token_for' do
       let(:resource_owner_id) { 100 }
       let(:application)       { FactoryGirl.create :application }
-      let(:scopes)            { Doorkeeper::OAuth::Scopes.from_string('public write') }
+      let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public write') }
       let(:default_attributes) do
-        { application: application, resource_owner_id: resource_owner_id, scopes: scopes.to_s }
+        {
+          application: application,
+          resource_owner_id: resource_owner_id,
+          scopes: scopes.to_s
+        }
       end
 
       it 'returns only one token' do
@@ -187,7 +191,7 @@ module Doorkeeper
       end
 
       it 'matches the application' do
-        token = FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
+        FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
@@ -204,6 +208,15 @@ module Doorkeeper
         expect(last_token).to be_nil
       end
 
+      it 'matches application scopes' do
+        application = FactoryGirl.create :application, scopes: "private read"
+        FactoryGirl.create :access_token, default_attributes.merge(
+          application: application
+        )
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+
       it 'returns the last created token' do
         FactoryGirl.create :access_token, default_attributes.merge(created_at: 1.day.ago)
         token = FactoryGirl.create :access_token, default_attributes
@@ -211,12 +224,14 @@ module Doorkeeper
         expect(last_token).to eq(token)
       end
 
-      it 'returns as_json hash'   do
+      it 'returns as_json hash' do
         token = FactoryGirl.create :access_token, default_attributes
-        token_hash = { resource_owner_id: token.resource_owner_id,
-                       scopes: token.scopes,
-                       expires_in_seconds: token.expires_in_seconds,
-                       application: { uid: token.application.uid }
+        token_hash = {
+          resource_owner_id:  token.resource_owner_id,
+          scopes:             token.scopes,
+          expires_in_seconds: token.expires_in_seconds,
+          application:        { uid: token.application.uid },
+          created_at:         token.created_at.to_i,
         }
         expect(token.as_json).to eq token_hash
       end

data/spec/requests/endpoints/authorization_spec.rb

@@ -53,14 +53,6 @@ feature 'Authorization endpoint' do
   end
 
   context 'forgery protection enabled' do
-    before do
-      ActionController::Base.allow_forgery_protection = true
-    end
-
-    after do
-      ActionController::Base.allow_forgery_protection = false
-    end
-
     background do
       create_resource_owner
       sign_in
@@ -68,10 +60,12 @@ feature 'Authorization endpoint' do
 
     scenario 'raises exception on forged requests' do
       ActionController::Base.any_instance.should_receive(:handle_unverified_request)
-      post "/oauth/authorize",
-        client_id:      @client.uid,
-        redirect_uri:   @client.redirect_uri,
-        response_type:  'code'
+      allowing_forgery_protection do
+        post "/oauth/authorize",
+          client_id:      @client.uid,
+          redirect_uri:   @client.redirect_uri,
+          response_type:  'code'
+      end
     end
   end
 end

data/spec/requests/flows/implicit_grant_errors_spec.rb

@@ -3,6 +3,7 @@ require 'spec_helper_integration'
 feature 'Implicit Grant Flow Errors' do
   background do
     config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    config_is_set(:grant_flows, ["implicit"])
     client_exists
     create_resource_owner
     sign_in

data/spec/requests/flows/implicit_grant_spec.rb

@@ -3,6 +3,7 @@ require 'spec_helper_integration'
 feature 'Implicit Grant Flow' do
   background do
     config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    config_is_set(:grant_flows, ["implicit"])
     client_exists
     create_resource_owner
     sign_in

data/spec/requests/flows/password_spec.rb

@@ -23,6 +23,7 @@ end
 
 feature 'Resource Owner Password Credentials Flow' do
   background do
+    config_is_set(:grant_flows, ["password"])
     config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
     client_exists
     create_resource_owner
@@ -67,7 +68,6 @@ feature 'Resource Owner Password Credentials Flow' do
       post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
 
       Doorkeeper::AccessToken.count.should be(1)
-
       should_have_json 'access_token', Doorkeeper::AccessToken.first.token
     end
   end

data/spec/requests/flows/refresh_token_spec.rb

@@ -53,25 +53,24 @@ feature 'Refresh Token Flow' do
       expect(@token.reload).to be_revoked
     end
 
-    # TODO: verify proper error code for this (previously was invalid_grant)
     scenario 'client gets an error for invalid refresh token' do
       post refresh_token_endpoint_url(client: @client, refresh_token: 'invalid')
       should_not_have_json 'refresh_token'
-      should_have_json 'error', 'invalid_request'
+      should_have_json 'error', 'invalid_grant'
     end
 
-    # TODO: verify proper error code for this (previously was invalid_grant)
     scenario 'client gets an error for revoked acccess token' do
       @token.revoke
       post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
       should_not_have_json 'refresh_token'
-      should_have_json 'error', 'invalid_request'
+      should_have_json 'error', 'invalid_grant'
     end
   end
 
   context 'refreshing the token with multiple sessions (devices)' do
     before do
       # enable password auth to simulate other devices
+      config_is_set(:grant_flows, ["password"])
       config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
       create_resource_owner
       _another_token = post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)

data/spec/spec_helper_integration.rb

@@ -2,7 +2,7 @@ ENV['RAILS_ENV'] ||= 'test'
 TABLE_NAME_PREFIX = ENV['table_name_prefix'] || nil
 TABLE_NAME_SUFFIX = ENV['table_name_suffix'] || nil
 
-orm = ENV['BUNDLE_GEMFILE'].match(/Gemfile\.(.+)\.rb/)
+orm = (ENV['BUNDLE_GEMFILE'] || '').match(/Gemfile\.(.+)\.rb/)
 DOORKEEPER_ORM = (orm && orm[1] || :active_record).to_sym
 
 $LOAD_PATH.unshift File.dirname(__FILE__)

data/spec/support/helpers/authorization_request_helper.rb

@@ -27,6 +27,15 @@ module AuthorizationRequestHelper
   def i_should_be_on_client_callback(client)
     expect(client.redirect_uri).to eq("#{current_uri.scheme}://#{current_uri.host}#{current_uri.path}")
   end
+
+  def allowing_forgery_protection(&block)
+    _original_value = ActionController::Base.allow_forgery_protection
+    ActionController::Base.allow_forgery_protection = true
+
+    block.call
+  ensure
+    ActionController::Base.allow_forgery_protection = _original_value
+  end
 end
 
 RSpec.configuration.send :include, AuthorizationRequestHelper, type: :request

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-17 00:00:00.000000000 Z
+date: 2015-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -338,7 +338,6 @@ files:
 - spec/dummy/config/mongoid3.yml
 - spec/dummy/config/mongoid4.yml
 - spec/dummy/config/routes.rb
-- spec/dummy/db/development.sqlite3
 - spec/dummy/db/migrate/20111122132257_create_users.rb
 - spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
 - spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb
@@ -444,7 +443,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Doorkeeper is an OAuth 2 provider for Rails.