doorkeeper 2.1.4 → 3.1.0

data/spec/lib/oauth/pre_authorization_spec.rb

@@ -4,14 +4,14 @@ module Doorkeeper::OAuth
   describe PreAuthorization do
     let(:server) {
       server = Doorkeeper.configuration
-      server.stub(:default_scopes) { Scopes.new }
-      server.stub(:scopes) { Scopes.from_string('public profile') }
+      allow(server).to receive(:default_scopes).and_return(Scopes.new)
+      allow(server).to receive(:scopes).and_return(Scopes.from_string('public profile'))
       server
     }
 
     let(:application) do
       application = double :application
-      application.stub(:scopes) { Scopes.from_string('') }
+      allow(application).to receive(:scopes).and_return(Scopes.from_string(''))
       application
     end
 
@@ -41,7 +41,7 @@ module Doorkeeper::OAuth
     end
 
     it 'accepts token as response type' do
-      server.stub(:grant_flows) { ['implicit'] }
+      allow(server).to receive(:grant_flows).and_return(['implicit'])
       subject.response_type = 'token'
       expect(subject).to be_authorizable
     end
@@ -53,7 +53,7 @@ module Doorkeeper::OAuth
       end
 
       it 'accepts "token" as response type' do
-        server.stub(:grant_flows) { ['implicit'] }
+        allow(server).to receive(:grant_flows).and_return(['implicit'])
         subject.response_type = 'token'
         expect(subject).to be_authorizable
       end
@@ -61,7 +61,7 @@ module Doorkeeper::OAuth
 
     context 'when authorization code grant flow is disabled' do
       before do
-        server.stub(:grant_flows) { ['implicit'] }
+        allow(server).to receive(:grant_flows).and_return(['implicit'])
       end
 
       it 'does not accept "code" as response type' do
@@ -72,7 +72,7 @@ module Doorkeeper::OAuth
 
     context 'when implicit grant flow is disabled' do
       before do
-        server.stub(:grant_flows) { ['authorization_code'] }
+        allow(server).to receive(:grant_flows).and_return(['authorization_code'])
       end
 
       it 'does not accept "token" as response type' do
@@ -96,7 +96,7 @@ module Doorkeeper::OAuth
     context 'client application restricts valid scopes' do
       let(:application) do
         application = double :application
-        application.stub(:scopes) { Scopes.from_string('public nonsense') }
+        allow(application).to receive(:scopes).and_return(Scopes.from_string('public nonsense'))
         application
       end
 
@@ -119,7 +119,7 @@ module Doorkeeper::OAuth
     it 'uses default scopes when none is required' do
       allow(server).to receive(:default_scopes).and_return(Scopes.from_string('default'))
       subject.scope = nil
-      expect(subject.scope).to  eq('default')
+      expect(subject.scope).to eq('default')
       expect(subject.scopes).to eq(Scopes.from_string('default'))
     end
 
@@ -151,6 +151,5 @@ module Doorkeeper::OAuth
       subject.redirect_uri = nil
       expect(subject).not_to be_authorizable
     end
-
   end
 end

data/spec/lib/oauth/refresh_token_request_spec.rb

@@ -2,10 +2,16 @@ require 'spec_helper_integration'
 
 module Doorkeeper::OAuth
   describe RefreshTokenRequest do
-    let(:server)         { double :server, access_token_expires_in: 2.minutes }
-    let!(:refresh_token) { FactoryGirl.create(:access_token, use_refresh_token: true) }
-    let(:client)         { refresh_token.application }
-    let(:credentials)    { Client::Credentials.new(client.uid, client.secret) }
+    let(:server) do
+      double :server,
+             access_token_expires_in: 2.minutes,
+             custom_access_token_expires_in: -> (_oauth_client) { nil }
+    end
+    let(:refresh_token) do
+      FactoryGirl.create(:access_token, use_refresh_token: true)
+    end
+    let(:client) { refresh_token.application }
+    let(:credentials) { Client::Credentials.new(client.uid, client.secret) }
 
     subject { RefreshTokenRequest.new server, refresh_token, credentials }
 
@@ -13,6 +19,17 @@ module Doorkeeper::OAuth
       expect do
         subject.authorize
       end.to change { client.access_tokens.count }.by(1)
+      expect(client.reload.access_tokens.last.expires_in).to eq(120)
+    end
+
+    it 'issues a new token for the client with custom expires_in' do
+      server = double :server,
+                      access_token_expires_in: 2.minutes,
+                      custom_access_token_expires_in: ->(_oauth_client) { 1234 }
+
+      RefreshTokenRequest.new(server, refresh_token, credentials).authorize
+
+      expect(client.reload.access_tokens.last.expires_in).to eq(1234)
     end
 
     it 'revokes the previous token' do
@@ -61,7 +78,11 @@ module Doorkeeper::OAuth
     end
 
     context 'with scopes' do
-      let!(:refresh_token) { FactoryGirl.create(:access_token, use_refresh_token: true, scopes: 'public write') }
+      let(:refresh_token) do
+        FactoryGirl.create :access_token,
+                           use_refresh_token: true,
+                           scopes: 'public write'
+      end
       let(:parameters) { {} }
       subject { RefreshTokenRequest.new server, refresh_token, credentials, parameters }
 
@@ -98,6 +119,5 @@ module Doorkeeper::OAuth
         expect(subject.error).to eq(:invalid_scope)
       end
     end
-
   end
 end

data/spec/lib/oauth/scopes_spec.rb

@@ -47,7 +47,7 @@ module Doorkeeper::OAuth
 
       subject { Scopes.from_string(string) }
 
-      it { should be_a(Scopes) }
+      it { expect(subject).to be_a(Scopes) }
 
       describe '#all' do
         it 'should be an array of the expected scopes' do

data/spec/lib/oauth/token_request_spec.rb

@@ -67,14 +67,14 @@ module Doorkeeper::OAuth
 
     context 'token reuse' do
       it 'creates a new token if there are no matching tokens' do
-        Doorkeeper.configuration.stub(:reuse_access_token).and_return(true)
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
         expect do
           subject.authorize
         end.to change { Doorkeeper::AccessToken.count }.by(1)
       end
 
       it 'creates a new token if scopes do not match' do
-        Doorkeeper.configuration.stub(:reuse_access_token).and_return(true)
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
         FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
                            resource_owner_id: owner.id, scopes: '')
         expect do
@@ -83,9 +83,12 @@ module Doorkeeper::OAuth
       end
 
       it 'skips token creation if there is a matching one' do
-        Doorkeeper.configuration.stub(:reuse_access_token).and_return(true)
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        allow(application.scopes).to receive(:has_scopes?).and_return(true)
+        allow(application.scopes).to receive(:all?).and_return(true)
         FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
                            resource_owner_id: owner.id, scopes: 'public')
+
         expect do
           subject.authorize
         end.to_not change { Doorkeeper::AccessToken.count }

data/spec/lib/request/strategy_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper'
+require 'doorkeeper/request/strategy'
+
+module Doorkeeper
+  module Request
+    describe Strategy do
+      let(:server) { double }
+      subject(:strategy) { Strategy.new(server) }
+
+      describe :initialize do
+        it "sets the server attribute" do
+          expect(strategy.server).to eq server
+        end
+      end
+
+      describe :request do
+        it "requires an implementation" do
+          expect { strategy.request }.to raise_exception NotImplementedError
+        end
+      end
+
+      describe "a sample Strategy subclass" do
+        let(:fake_request) { double }
+
+        let(:strategy_class) do
+          subclass = Class.new(Strategy) do
+            class << self
+              attr_accessor :fake_request
+            end
+
+            def request
+              self.class.fake_request
+            end
+          end
+
+          subclass.fake_request = fake_request
+          subclass
+        end
+
+        subject(:strategy) { strategy_class.new(server) }
+
+        it "provides a request implementation" do
+          expect(strategy.request).to eq fake_request
+        end
+
+        it "authorizes the request" do
+          expect(fake_request).to receive :authorize
+          strategy.authorize
+        end
+      end
+    end
+  end
+end

data/spec/lib/server_spec.rb

@@ -25,7 +25,9 @@ describe Doorkeeper::Server do
 
     context 'when only Authorization Code strategy is enabled' do
       before do
-        Doorkeeper.configuration.stub(:grant_flows) { ['authorization_code'] }
+        allow(Doorkeeper.configuration).
+          to receive(:grant_flows).
+          and_return(['authorization_code'])
       end
 
       it 'raises error when using the disabled Implicit strategy' do
@@ -43,7 +45,7 @@ describe Doorkeeper::Server do
 
     it 'builds the request with selected strategy' do
       stub_const 'Doorkeeper::Request::Code', fake_class
-      expect(fake_class).to receive(:build).with(subject)
+      expect(fake_class).to receive(:new).with(subject)
       subject.authorization_request :code
     end
   end

data/spec/models/doorkeeper/access_grant_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper_integration'
 describe Doorkeeper::AccessGrant do
   subject { FactoryGirl.build(:access_grant) }
 
-  it { should be_valid }
+  it { expect(subject).to be_valid }
 
   it_behaves_like 'an accessible token'
   it_behaves_like 'a revocable token'
@@ -14,23 +14,23 @@ describe Doorkeeper::AccessGrant do
   describe 'validations' do
     it 'is invalid without resource_owner_id' do
       subject.resource_owner_id = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
 
     it 'is invalid without application_id' do
       subject.application_id = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
 
     it 'is invalid without token' do
       subject.save
       subject.token = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
 
     it 'is invalid without expires_in' do
       subject.expires_in = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
   end
 end

data/spec/models/doorkeeper/access_token_spec.rb

@@ -4,7 +4,7 @@ module Doorkeeper
   describe AccessToken do
     subject { FactoryGirl.build(:access_token) }
 
-    it { should be_valid }
+    it { expect(subject).to be_valid }
 
     it_behaves_like 'an accessible token'
     it_behaves_like 'a revocable token'
@@ -12,6 +12,103 @@ module Doorkeeper
       let(:factory_name) { :access_token }
     end
 
+    describe :generate_token do
+      it 'generates a token using the default method' do
+        FactoryGirl.create :access_token
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to be_a(String)
+      end
+
+      it 'generates a token using a custom object' do
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:resource_owner_id]}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to match(%r{custom_generator_token_\d+})
+      end
+
+      it 'allows the custom generator to access the application details' do
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:application].name}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to match(%r{custom_generator_token_Application \d+})
+      end
+
+      it 'allows the custom generator to access the scopes' do
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token, scopes: 'public write'
+
+        expect(token.token).to eq 'custom_generator_token_2_public write'
+      end
+
+      it 'allows the custom generator to access the expiry length' do
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:expires_in]}"
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        token = FactoryGirl.create :access_token
+        expect(token.token).to eq 'custom_generator_token_7200'
+      end
+
+      it 'raises an error if the custom object does not support generate' do
+        module NoGenerate
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::NoGenerate"
+        end
+
+        expect { FactoryGirl.create :access_token }.to(
+          raise_error(Doorkeeper::Errors::UnableToGenerateToken))
+      end
+
+      it 'raises an error if the custom object does not exist' do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::NotReal"
+        end
+
+        expect { FactoryGirl.create :access_token }.to(
+          raise_error(Doorkeeper::Errors::TokenGeneratorNotFound))
+      end
+    end
+
     describe :refresh_token do
       it 'has empty refresh token if it was not required' do
         token = FactoryGirl.create :access_token
@@ -26,7 +123,7 @@ module Doorkeeper
       it 'is not valid if token exists' do
         token1 = FactoryGirl.create :access_token, use_refresh_token: true
         token2 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2.send :write_attribute, :refresh_token, token1.refresh_token
+        token2.refresh_token = token1.refresh_token
         expect(token2).not_to be_valid
       end
 
@@ -34,9 +131,9 @@ module Doorkeeper
         token1 = FactoryGirl.create :access_token, use_refresh_token: true
         token2 = FactoryGirl.create :access_token, use_refresh_token: true
         expect do
-          token2.write_attribute :refresh_token, token1.refresh_token
+          token2.refresh_token = token1.refresh_token
           token2.save(validate: false)
-        end.to raise_error
+        end.to raise_error(ActiveRecord::RecordNotUnique)
       end
     end
 
@@ -44,7 +141,7 @@ module Doorkeeper
       it 'is valid without resource_owner_id' do
         # For client credentials flow
         subject.resource_owner_id = nil
-        should be_valid
+        expect(subject).to be_valid
       end
     end
 

data/spec/models/doorkeeper/application_spec.rb

@@ -55,6 +55,12 @@ module Doorkeeper
       expect(new_application.uid).not_to be_nil
     end
 
+    it 'generates uid on create if an empty string' do
+      new_application.uid = ''
+      new_application.save
+      expect(new_application.uid).not_to be_blank
+    end
+
     it 'generates uid on create unless one is set' do
       new_application.uid = uid
       new_application.save
@@ -84,7 +90,7 @@ module Doorkeeper
       app1 = FactoryGirl.create(:application)
       app2 = FactoryGirl.create(:application)
       app2.uid = app1.uid
-      expect { app2.save!(validate: false) }.to raise_error
+      expect { app2.save!(validate: false) }.to raise_error(ActiveRecord::RecordNotUnique)
     end
 
     it 'generate secret on create' do
@@ -93,6 +99,12 @@ module Doorkeeper
       expect(new_application.secret).not_to be_nil
     end
 
+    it 'generate secret on create if is blank string' do
+      new_application.secret = ''
+      new_application.save
+      expect(new_application.secret).not_to be_blank
+    end
+
     it 'generate secret on create unless one is set' do
       new_application.secret = secret
       new_application.save
@@ -171,20 +183,5 @@ module Doorkeeper
         expect(authenticated).to eq(app)
       end
     end
-
-    if Doorkeeper.configuration.orm == :active_record
-      describe :scopes do
-        it 'fails on missing column with an upgrade notice' do
-          app = FactoryGirl.build :application
-          no_scopes_app = double(attributes: [])
-          allow(Application).to receive(:new).and_return(no_scopes_app)
-
-          expect { app.scopes }.to raise_error(
-            NameError,
-            /Missing column: `applications.scopes`/
-          )
-        end
-      end
-    end
   end
 end

data/spec/requests/applications/applications_request_spec.rb

@@ -37,7 +37,7 @@ feature 'Listing applications' do
 end
 
 feature 'Show application' do
-  let :app do
+  given :app do
     FactoryGirl.create :application, name: 'Just another oauth app'
   end
 

data/spec/requests/endpoints/authorization_spec.rb

@@ -59,7 +59,8 @@ feature 'Authorization endpoint' do
     end
 
     scenario 'raises exception on forged requests' do
-      ActionController::Base.any_instance.should_receive(:handle_unverified_request)
+      skip 'TODO: need to add request helpers to this feature spec'
+      allow_any_instance_of(ActionController::Base).to receive(:handle_unverified_request)
       allowing_forgery_protection do
         post "/oauth/authorize",
           client_id:      @client.uid,

data/spec/requests/endpoints/token_spec.rb

@@ -1,19 +1,19 @@
 require 'spec_helper_integration'
 
-feature 'Token endpoint' do
-  background do
+describe 'Token endpoint' do
+  before do
     client_exists
     authorization_code_exists application: @client, scopes: 'public'
   end
 
-  scenario 'respond with correct headers' do
+  it 'respond with correct headers' do
     post token_endpoint_url(code: @authorization.token, client: @client)
     should_have_header 'Pragma', 'no-cache'
     should_have_header 'Cache-Control', 'no-store'
     should_have_header 'Content-Type', 'application/json; charset=utf-8'
   end
 
-  scenario 'accepts client credentials with basic auth header' do
+  it 'accepts client credentials with basic auth header' do
     post token_endpoint_url(
       code: @authorization.token,
       redirect_uri: @client.redirect_uri
@@ -22,14 +22,14 @@ feature 'Token endpoint' do
     should_have_json 'access_token', Doorkeeper::AccessToken.first.token
   end
 
-  scenario 'returns null for expires_in when a permanent token is set' do
+  it 'returns null for expires_in when a permanent token is set' do
     config_is_set(:access_token_expires_in, nil)
     post token_endpoint_url(code: @authorization.token, client: @client)
     should_have_json 'access_token', Doorkeeper::AccessToken.first.token
     should_not_have_json 'expires_in'
   end
 
-  scenario 'returns unsupported_grant_type for invalid grant_type param' do
+  it 'returns unsupported_grant_type for invalid grant_type param' do
     post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'nothing')
 
     should_not_have_json 'access_token'
@@ -37,7 +37,7 @@ feature 'Token endpoint' do
     should_have_json 'error_description', translated_error_message('unsupported_grant_type')
   end
 
-  scenario 'returns unsupported_grant_type for disabled grant flows' do
+  it 'returns unsupported_grant_type for disabled grant flows' do
     config_is_set(:grant_flows, ['implicit'])
     post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'authorization_code')
 
@@ -46,7 +46,7 @@ feature 'Token endpoint' do
     should_have_json 'error_description', translated_error_message('unsupported_grant_type')
   end
 
-  scenario 'returns unsupported_grant_type when refresh_token is not in use' do
+  it 'returns unsupported_grant_type when refresh_token is not in use' do
     post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'refresh_token')
 
     should_not_have_json 'access_token'
@@ -54,7 +54,7 @@ feature 'Token endpoint' do
     should_have_json 'error_description', translated_error_message('unsupported_grant_type')
   end
 
-  scenario 'returns invalid_request if grant_type is missing' do
+  it 'returns invalid_request if grant_type is missing' do
     post token_endpoint_url(code: @authorization.token, client: @client, grant_type: '')
 
     should_not_have_json 'access_token'

data/spec/requests/flows/authorization_code_errors_spec.rb

@@ -34,13 +34,13 @@ feature 'Authorization Code Flow Errors' do
   end
 end
 
-feature 'Authorization Code Flow Errors', 'after authorization' do
-  background do
+describe 'Authorization Code Flow Errors', 'after authorization' do
+  before do
     client_exists
     authorization_code_exists application: @client
   end
 
-  scenario 'returns :invalid_grant error when posting an already revoked grant code' do
+  it 'returns :invalid_grant error when posting an already revoked grant code' do
     # First successful request
     post token_endpoint_url(code: @authorization.token, client: @client)
 
@@ -54,7 +54,7 @@ feature 'Authorization Code Flow Errors', 'after authorization' do
     should_have_json 'error_description', translated_error_message('invalid_grant')
   end
 
-  scenario 'returns :invalid_grant error for invalid grant code' do
+  it 'returns :invalid_grant error for invalid grant code' do
     post token_endpoint_url(code: 'invalid', client: @client)
 
     access_token_should_not_exist

data/spec/requests/flows/authorization_code_spec.rb

@@ -41,6 +41,8 @@ feature 'Authorization Code Flow' do
   end
 
   scenario 'resource owner requests an access token with authorization code' do
+    skip 'TODO: need to add request helpers to this feature spec'
+
     visit authorization_endpoint_url(client: @client)
     click_on 'Authorize'
 
@@ -52,13 +54,13 @@ feature 'Authorization Code Flow' do
     should_not_have_json 'error'
 
     should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-    should_have_json 'token_type',   'bearer'
+    should_have_json 'token_type', 'bearer'
     should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
   end
 
   context 'with scopes' do
     background do
-      default_scopes_exist  :public
+      default_scopes_exist :public
       optional_scopes_exist :write
     end
 
@@ -82,6 +84,8 @@ feature 'Authorization Code Flow' do
     end
 
     scenario 'new access token matches required scopes' do
+      skip 'TODO: need to add request helpers to this feature spec'
+
       visit authorization_endpoint_url(client: @client, scope: 'public write')
       click_on 'Authorize'
 
@@ -93,6 +97,8 @@ feature 'Authorization Code Flow' do
     end
 
     scenario 'returns new token if scopes have changed' do
+      skip 'TODO: need to add request helpers to this feature spec'
+
       client_is_authorized(@client, @resource_owner, scopes: 'public write')
       visit authorization_endpoint_url(client: @client, scope: 'public')
       click_on 'Authorize'
@@ -106,6 +112,8 @@ feature 'Authorization Code Flow' do
     end
 
     scenario 'resource owner authorizes the client with extra scopes' do
+      skip 'TODO: need to add request helpers to this feature spec'
+
       client_is_authorized(@client, @resource_owner, scopes: 'public')
       visit authorization_endpoint_url(client: @client, scope: 'public write')
       click_on 'Authorize'
@@ -120,3 +128,29 @@ feature 'Authorization Code Flow' do
     end
   end
 end
+
+describe 'Authorization Code Flow' do
+  before do
+    Doorkeeper.configure do
+      orm DOORKEEPER_ORM
+      use_refresh_token
+    end
+    client_exists
+  end
+
+  context 'issuing a refresh token' do
+    before do
+      authorization_code_exists application: @client
+    end
+
+    it 'second of simultaneous client requests get an error for revoked acccess token' do
+      authorization_code = Doorkeeper::AccessGrant.first.token
+      allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:revoked?).and_return(false, true)
+
+      post token_endpoint_url(code: authorization_code, client: @client)
+
+      should_not_have_json 'access_token'
+      should_have_json 'error', 'invalid_grant'
+    end
+  end
+end