RubyGems - doorkeeper - Versions diffs - 3.0.0 → 4.0.0 - Mend

doorkeeper 3.0.0 → 4.0.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (114) hide show

checksums.yaml +4 -4
data/.hound.yml +4 -0
data/.travis.yml +9 -7
data/CONTRIBUTING.md +2 -0
data/Gemfile +10 -3
data/NEWS.md +79 -2
data/README.md +56 -51
data/RELEASING.md +2 -2
data/Rakefile +1 -1
data/app/assets/stylesheets/doorkeeper/admin/application.css +1 -5
data/app/controllers/doorkeeper/application_metal_controller.rb +1 -2
data/app/controllers/doorkeeper/applications_controller.rb +2 -2
data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +1 -1
data/app/helpers/doorkeeper/dashboard_helper.rb +13 -11
data/app/views/doorkeeper/applications/show.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +1 -1
data/app/views/layouts/doorkeeper/admin.html.erb +5 -2
data/config/locales/en.yml +1 -0
data/doorkeeper.gemspec +7 -7
data/lib/doorkeeper/config.rb +10 -15
data/lib/doorkeeper/engine.rb +11 -7
data/lib/doorkeeper/errors.rb +6 -0
data/lib/doorkeeper/helpers/controller.rb +7 -1
data/lib/doorkeeper/models/access_grant_mixin.rb +9 -5
data/lib/doorkeeper/models/access_token_mixin.rb +28 -22
data/lib/doorkeeper/models/application_mixin.rb +3 -7
data/lib/doorkeeper/models/concerns/expirable.rb +2 -2
data/lib/doorkeeper/models/concerns/ownership.rb +6 -1
data/lib/doorkeeper/models/concerns/revocable.rb +19 -2
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -5
data/lib/doorkeeper/oauth/client/credentials.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -4
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +2 -1
data/lib/doorkeeper/oauth/client_credentials_request.rb +7 -4
data/lib/doorkeeper/oauth/code_response.rb +13 -14
data/lib/doorkeeper/oauth/error.rb +5 -1
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +2 -1
data/lib/doorkeeper/oauth/password_access_token_request.rb +6 -10
data/lib/doorkeeper/oauth/refresh_token_request.rb +29 -12
data/lib/doorkeeper/oauth/scopes.rb +2 -2
data/lib/doorkeeper/oauth/token.rb +6 -5
data/lib/doorkeeper/oauth/token_response.rb +1 -1
data/lib/doorkeeper/orm/active_record/access_grant.rb +2 -2
data/lib/doorkeeper/orm/active_record/access_token.rb +10 -2
data/lib/doorkeeper/orm/active_record/application.rb +4 -9
data/lib/doorkeeper/orm/active_record.rb +0 -15
data/lib/doorkeeper/rails/helpers.rb +13 -3
data/lib/doorkeeper/rails/routes/mapper.rb +1 -1
data/lib/doorkeeper/rails/routes.rb +2 -1
data/lib/doorkeeper/request/authorization_code.rb +10 -15
data/lib/doorkeeper/request/client_credentials.rb +9 -15
data/lib/doorkeeper/request/code.rb +7 -13
data/lib/doorkeeper/request/password.rb +18 -13
data/lib/doorkeeper/request/refresh_token.rb +11 -13
data/lib/doorkeeper/request/strategy.rb +17 -0
data/lib/doorkeeper/request/token.rb +7 -13
data/lib/doorkeeper/request.rb +18 -8
data/lib/doorkeeper/server.rb +2 -2
data/lib/doorkeeper/version.rb +1 -1
data/lib/doorkeeper.rb +1 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +29 -0
data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +1 -1
data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb +11 -0
data/lib/generators/doorkeeper/templates/initializer.rb +2 -2
data/lib/generators/doorkeeper/templates/migration.rb +23 -5
data/spec/controllers/authorizations_controller_spec.rb +0 -14
data/spec/controllers/protected_resources_controller_spec.rb +138 -15
data/spec/controllers/tokens_controller_spec.rb +30 -0
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -4
data/spec/dummy/app/controllers/home_controller.rb +1 -1
data/spec/dummy/app/controllers/metal_controller.rb +1 -1
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +3 -3
data/spec/dummy/app/models/user.rb +0 -4
data/spec/dummy/config/application.rb +2 -36
data/spec/dummy/config/environment.rb +1 -1
data/spec/dummy/config/environments/test.rb +4 -15
data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +6 -0
data/spec/dummy/config/initializers/doorkeeper.rb +2 -2
data/spec/dummy/db/migrate/{20130902165751_create_doorkeeper_tables.rb → 20151223192035_create_doorkeeper_tables.rb} +24 -5
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +11 -0
data/spec/dummy/db/schema.rb +23 -22
data/spec/lib/config_spec.rb +2 -2
data/spec/lib/models/revocable_spec.rb +27 -4
data/spec/lib/oauth/authorization_code_request_spec.rb +1 -1
data/spec/lib/oauth/client_credentials/creator_spec.rb +25 -1
data/spec/lib/oauth/code_response_spec.rb +34 -0
data/spec/lib/oauth/error_response_spec.rb +7 -7
data/spec/lib/oauth/error_spec.rb +9 -5
data/spec/lib/oauth/password_access_token_request_spec.rb +5 -5
data/spec/lib/oauth/refresh_token_request_spec.rb +34 -3
data/spec/lib/oauth/scopes_spec.rb +1 -2
data/spec/lib/oauth/token_spec.rb +12 -5
data/spec/lib/request/strategy_spec.rb +53 -0
data/spec/lib/server_spec.rb +1 -1
data/spec/models/doorkeeper/access_grant_spec.rb +5 -5
data/spec/models/doorkeeper/access_token_spec.rb +49 -5
data/spec/models/doorkeeper/application_spec.rb +2 -10
data/spec/requests/flows/authorization_code_spec.rb +26 -0
data/spec/requests/flows/password_spec.rb +26 -5
data/spec/requests/flows/refresh_token_spec.rb +95 -17
data/spec/spec_helper_integration.rb +10 -0
data/spec/support/helpers/model_helper.rb +27 -5
data/spec/support/http_method_shim.rb +24 -0
data/spec/support/shared/controllers_shared_context.rb +13 -4
data/spec/support/shared/models_shared_examples.rb +1 -1
metadata +46 -38
data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
/data/spec/dummy/db/migrate/{20130902175349_add_owner_to_application.rb → 20151223200000_add_owner_to_application.rb} +0 -0

data/spec/lib/models/revocable_spec.rb CHANGED Viewed

@@ -11,20 +11,21 @@ describe 'Revocable' do
   describe :revoke do
     it 'updates :revoked_at attribute with current time' do
-      clock = double now: double
-      expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now)
+      utc = double utc: double
+      clock = double now: utc
+      expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now.utc)
       subject.revoke(clock)
     end
   end
   describe :revoked? do
     it 'is revoked if :revoked_at has passed' do
-      allow(subject).to receive(:revoked_at).and_return(Time.now - 1000)
+      allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
       expect(subject).to be_revoked
     end
     it 'is not revoked if :revoked_at has not passed' do
-      allow(subject).to receive(:revoked_at).and_return(Time.now + 1000)
+      allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
       expect(subject).not_to be_revoked
     end
@@ -33,4 +34,26 @@ describe 'Revocable' do
       expect(subject).not_to be_revoked
     end
   end
+  describe :revoke_previous_refresh_token! do
+    it "revokes the previous token if existing, and resets the
+      `previous_refresh_token` attribute" do
+      previous_token = FactoryGirl.create(
+        :access_token,
+        refresh_token: "refresh_token"
+      )
+      current_token = FactoryGirl.create(
+        :access_token,
+        previous_refresh_token: previous_token.refresh_token
+      )
+      expect_any_instance_of(
+        Doorkeeper::AccessToken
+      ).to receive(:revoke).and_call_original
+      current_token.revoke_previous_refresh_token!
+      expect(current_token.previous_refresh_token).to be_empty
+      expect(previous_token.reload).to be_revoked
+    end
+  end
 end

data/spec/lib/oauth/authorization_code_request_spec.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Doorkeeper::OAuth
     it 'issues a new token for the client' do
       expect do
         subject.authorize
-      end.to change { client.access_tokens.count }.by(1)
+      end.to change { client.reload.access_tokens.count }.by(1)
     end
     it "issues the token with same grant's scopes" do

data/spec/lib/oauth/client_credentials/creator_spec.rb CHANGED Viewed

@@ -11,8 +11,32 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
       end.to change { Doorkeeper::AccessToken.count }.by(1)
     end
+    context "when reuse_access_token is true" do
+      it "returns the existing valid token" do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        existing_token = subject.call(client, scopes)
+        result = subject.call(client, scopes)
+        expect(Doorkeeper::AccessToken.count).to eq(1)
+        expect(result).to eq(existing_token)
+      end
+    end
+    context "when reuse_access_token is false" do
+      it "returns a new token" do
+        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
+        existing_token = subject.call(client, scopes)
+        result = subject.call(client, scopes)
+        expect(Doorkeeper::AccessToken.count).to eq(2)
+        expect(result).not_to eq(existing_token)
+      end
+    end
     it 'returns false if creation fails' do
-      expect(Doorkeeper::AccessToken).to receive(:create).and_return(false)
+      expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
       created = subject.call(client, scopes)
       expect(created).to be_falsey
     end

data/spec/lib/oauth/code_response_spec.rb ADDED Viewed

@@ -0,0 +1,34 @@
+require 'spec_helper'
+module Doorkeeper
+  module OAuth
+    describe CodeResponse do
+      describe '.redirect_uri' do
+        context 'when generating the redirect URI for an implicit grant' do
+          let :pre_auth do
+            double(
+              :pre_auth,
+              client: double(:application, id: 1),
+              redirect_uri: 'http://tst.com/cb',
+              state: nil,
+              scopes: Scopes.from_string('public'),
+            )
+          end
+          let :auth do
+            Authorization::Token.new(pre_auth, double(id: 1)).tap do |c|
+              c.issue_token
+              allow(c.token).to receive(:expires_in_seconds).and_return(3600)
+            end
+          end
+          subject { CodeResponse.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
+          it 'includes the remaining TTL of the token relative to the time the token was generated' do
+            expect(subject).to include('expires_in=3600')
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/error_response_spec.rb CHANGED Viewed

@@ -37,9 +37,9 @@ module Doorkeeper::OAuth
       subject { ErrorResponse.new(name: :some_error, state: :some_state).body }
       describe '#body' do
-        it { should have_key(:error) }
-        it { should have_key(:error_description) }
-        it { should have_key(:state) }
+        it { expect(subject).to have_key(:error) }
+        it { expect(subject).to have_key(:error_description) }
+        it { expect(subject).to have_key(:state) }
       end
     end
@@ -47,15 +47,15 @@ module Doorkeeper::OAuth
       let(:error_response) { ErrorResponse.new(name: :some_error, state: :some_state) }
       subject { error_response.authenticate_info }
-      it { should include("realm=\"#{error_response.realm}\"") }
-      it { should include("error=\"#{error_response.name}\"") }
-      it { should include("error_description=\"#{error_response.description}\"") }
+      it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
+      it { expect(subject).to include("error=\"#{error_response.name}\"") }
+      it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
     end
     describe '.headers' do
       subject { ErrorResponse.new(name: :some_error, state: :some_state).headers }
-      it { should include 'WWW-Authenticate' }
+      it { expect(subject).to include 'WWW-Authenticate' }
     end
   end
 end

data/spec/lib/oauth/error_spec.rb CHANGED Viewed

@@ -4,15 +4,19 @@ require 'doorkeeper/oauth/error'
 module Doorkeeper::OAuth
   describe Error do
-    subject { Error.new(:some_error, :some_state) }
+    subject(:error) { Error.new(:some_error, :some_state) }
-    it { should respond_to(:name) }
-    it { should respond_to(:state) }
+    it { expect(subject).to respond_to(:name) }
+    it { expect(subject).to respond_to(:state) }
     describe :description do
       it 'is translated from translation messages' do
-        expect(I18n).to receive(:translate).with(:some_error, scope: [:doorkeeper, :errors, :messages])
-        subject.description
+        expect(I18n).to receive(:translate).with(
+          :some_error,
+          scope: [:doorkeeper, :errors, :messages],
+          default: :server_error
+        )
+        error.description
       end
     end
   end

data/spec/lib/oauth/password_access_token_request_spec.rb CHANGED Viewed

@@ -11,23 +11,22 @@ module Doorkeeper::OAuth
         custom_access_token_expires_in: ->(_app) { nil }
       )
     end
-    let(:credentials) { Client::Credentials.new(client.uid, client.secret) }
     let(:client) { FactoryGirl.create(:application) }
     let(:owner)  { double :owner, id: 99 }
     subject do
-      PasswordAccessTokenRequest.new(server, credentials, owner)
+      PasswordAccessTokenRequest.new(server, client, owner)
     end
     it 'issues a new token for the client' do
       expect do
         subject.authorize
-      end.to change { client.access_tokens.count }.by(1)
+      end.to change { client.reload.access_tokens.count }.by(1)
     end
     it 'issues a new token without a client' do
       expect do
-        subject.credentials = nil
+        subject.client = nil
         subject.authorize
       end.to change { Doorkeeper::AccessToken.count }.by(1)
     end
@@ -35,6 +34,7 @@ module Doorkeeper::OAuth
     it 'does not issue a new token with an invalid client' do
       expect do
         subject.client = nil
+        subject.parameters = { client_id: 'bad_id' }
         subject.authorize
       end.to_not change { Doorkeeper::AccessToken.count }
@@ -48,7 +48,7 @@ module Doorkeeper::OAuth
     end
     it 'optionally accepts the client' do
-      subject.credentials = nil
+      subject.client = nil
       expect(subject).to be_valid
     end

data/spec/lib/oauth/refresh_token_request_spec.rb CHANGED Viewed

@@ -2,6 +2,9 @@ require 'spec_helper_integration'
 module Doorkeeper::OAuth
   describe RefreshTokenRequest do
+    before do
+      allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
+    end
     let(:server) do
       double :server,
              access_token_expires_in: 2.minutes,
@@ -16,9 +19,7 @@ module Doorkeeper::OAuth
     subject { RefreshTokenRequest.new server, refresh_token, credentials }
     it 'issues a new token for the client' do
-      expect do
-        subject.authorize
-      end.to change { client.access_tokens.count }.by(1)
+      expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
       expect(client.reload.access_tokens.last.expires_in).to eq(120)
     end
@@ -27,6 +28,8 @@ module Doorkeeper::OAuth
                       access_token_expires_in: 2.minutes,
                       custom_access_token_expires_in: ->(_oauth_client) { 1234 }
+      allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
       RefreshTokenRequest.new(server, refresh_token, credentials).authorize
       expect(client.reload.access_tokens.last.expires_in).to eq(1234)
@@ -67,6 +70,34 @@ module Doorkeeper::OAuth
       expect(subject).to be_valid
     end
+    context 'refresh tokens expire on access token use' do
+      let(:server) do
+        double :server,
+               access_token_expires_in: 2.minutes,
+               custom_access_token_expires_in: ->(_oauth_client) { 1234 }
+      end
+      before do
+        allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(true)
+      end
+      it 'issues a new token for the client' do
+        expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
+      end
+      it 'does not revoke the previous token' do
+        subject.authorize
+        expect(refresh_token).not_to be_revoked
+      end
+      it 'sets the previous refresh token in the new access token' do
+        subject.authorize
+        expect(
+          client.access_tokens.last.previous_refresh_token
+        ).to eq(refresh_token.refresh_token)
+      end
+    end
     context 'clientless access tokens' do
       let!(:refresh_token) { FactoryGirl.create(:clientless_access_token, use_refresh_token: true) }

data/spec/lib/oauth/scopes_spec.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module Doorkeeper::OAuth
       subject { Scopes.from_string(string) }
-      it { should be_a(Scopes) }
+      it { expect(subject).to be_a(Scopes) }
       describe '#all' do
         it 'should be an array of the expected scopes' do
@@ -67,7 +67,6 @@ module Doorkeeper::OAuth
       it 'does not change the existing object' do
         origin = Scopes.from_string('public')
-        new_scope = origin + Scopes.from_string('admin')
         expect(origin.to_s).to eq('public')
       end

data/spec/lib/oauth/token_spec.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Doorkeeper
         it 'stops at the first credentials found' do
           not_called_method = double
           expect(not_called_method).not_to receive(:call)
-          Token.from_request request, ->(r) {}, method, not_called_method
+          Token.from_request request, ->(_r) {}, method, not_called_method
         end
         it 'returns the credential from extractor method' do
@@ -96,13 +96,20 @@ module Doorkeeper
       end
       describe :authenticate do
-        let(:finder) { double :finder }
-        it 'calls the finder if token was found' do
-          token = ->(r) { 'token' }
+        it 'calls the finder if token was returned' do
+          token = ->(_r) { 'token' }
           expect(AccessToken).to receive(:by_token).with('token')
           Token.authenticate double, token
         end
+        it 'revokes previous refresh_token if token was found' do
+          token = ->(_r) { 'token' }
+          expect(
+            AccessToken
+          ).to receive(:by_token).with('token').and_return(token)
+          expect(token).to receive(:revoke_previous_refresh_token!)
+          Token.authenticate double, token
+        end
       end
     end
   end

data/spec/lib/request/strategy_spec.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require 'spec_helper'
+require 'doorkeeper/request/strategy'
+module Doorkeeper
+  module Request
+    describe Strategy do
+      let(:server) { double }
+      subject(:strategy) { Strategy.new(server) }
+      describe :initialize do
+        it "sets the server attribute" do
+          expect(strategy.server).to eq server
+        end
+      end
+      describe :request do
+        it "requires an implementation" do
+          expect { strategy.request }.to raise_exception NotImplementedError
+        end
+      end
+      describe "a sample Strategy subclass" do
+        let(:fake_request) { double }
+        let(:strategy_class) do
+          subclass = Class.new(Strategy) do
+            class << self
+              attr_accessor :fake_request
+            end
+            def request
+              self.class.fake_request
+            end
+          end
+          subclass.fake_request = fake_request
+          subclass
+        end
+        subject(:strategy) { strategy_class.new(server) }
+        it "provides a request implementation" do
+          expect(strategy.request).to eq fake_request
+        end
+        it "authorizes the request" do
+          expect(fake_request).to receive :authorize
+          strategy.authorize
+        end
+      end
+    end
+  end
+end

data/spec/lib/server_spec.rb CHANGED Viewed

@@ -45,7 +45,7 @@ describe Doorkeeper::Server do
     it 'builds the request with selected strategy' do
       stub_const 'Doorkeeper::Request::Code', fake_class
-      expect(fake_class).to receive(:build).with(subject)
+      expect(fake_class).to receive(:new).with(subject)
       subject.authorization_request :code
     end
   end

data/spec/models/doorkeeper/access_grant_spec.rb CHANGED Viewed

@@ -3,7 +3,7 @@ require 'spec_helper_integration'
 describe Doorkeeper::AccessGrant do
   subject { FactoryGirl.build(:access_grant) }
-  it { should be_valid }
+  it { expect(subject).to be_valid }
   it_behaves_like 'an accessible token'
   it_behaves_like 'a revocable token'
@@ -14,23 +14,23 @@ describe Doorkeeper::AccessGrant do
   describe 'validations' do
     it 'is invalid without resource_owner_id' do
       subject.resource_owner_id = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
     it 'is invalid without application_id' do
       subject.application_id = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
     it 'is invalid without token' do
       subject.save
       subject.token = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
     it 'is invalid without expires_in' do
       subject.expires_in = nil
-      should_not be_valid
+      expect(subject).not_to be_valid
     end
   end
 end

data/spec/models/doorkeeper/access_token_spec.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Doorkeeper
   describe AccessToken do
     subject { FactoryGirl.build(:access_token) }
-    it { should be_valid }
+    it { expect(subject).to be_valid }
     it_behaves_like 'an accessible token'
     it_behaves_like 'a revocable token'
@@ -12,6 +12,11 @@ module Doorkeeper
       let(:factory_name) { :access_token }
     end
+    module CustomGeneratorArgs
+      def self.generate
+      end
+    end
     describe :generate_token do
       it 'generates a token using the default method' do
         FactoryGirl.create :access_token
@@ -21,6 +26,10 @@ module Doorkeeper
       end
       it 'generates a token using a custom object' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:resource_owner_id]}"
@@ -37,6 +46,10 @@ module Doorkeeper
       end
       it 'allows the custom generator to access the application details' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:application].name}"
@@ -53,6 +66,10 @@ module Doorkeeper
       end
       it 'allows the custom generator to access the scopes' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
@@ -70,6 +87,10 @@ module Doorkeeper
       end
       it 'allows the custom generator to access the expiry length' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:expires_in]}"
@@ -85,6 +106,23 @@ module Doorkeeper
         expect(token.token).to eq 'custom_generator_token_7200'
       end
+      it 'allows the custom generator to access the created time' do
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            "custom_generator_token_#{opts[:created_at].to_i}"
+          end
+        end
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+        token = FactoryGirl.create :access_token
+        created_at = token.created_at
+        expect(token.token).to eq "custom_generator_token_#{created_at.to_i}"
+      end
       it 'raises an error if the custom object does not support generate' do
         module NoGenerate
         end
@@ -123,7 +161,7 @@ module Doorkeeper
       it 'is not valid if token exists' do
         token1 = FactoryGirl.create :access_token, use_refresh_token: true
         token2 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2.send :write_attribute, :refresh_token, token1.refresh_token
+        token2.refresh_token = token1.refresh_token
         expect(token2).not_to be_valid
       end
@@ -131,9 +169,9 @@ module Doorkeeper
         token1 = FactoryGirl.create :access_token, use_refresh_token: true
         token2 = FactoryGirl.create :access_token, use_refresh_token: true
         expect do
-          token2.write_attribute :refresh_token, token1.refresh_token
+          token2.refresh_token = token1.refresh_token
           token2.save(validate: false)
-        end.to raise_error
+        end.to raise_error(uniqueness_error)
       end
     end
@@ -141,7 +179,13 @@ module Doorkeeper
       it 'is valid without resource_owner_id' do
         # For client credentials flow
         subject.resource_owner_id = nil
-        should be_valid
+        expect(subject).to be_valid
+      end
+      it 'is valid without application_id' do
+        # For resource owner credentials flow
+        subject.application_id = nil
+        expect(subject).to be_valid
       end
     end

data/spec/models/doorkeeper/application_spec.rb CHANGED Viewed

@@ -90,7 +90,7 @@ module Doorkeeper
       app1 = FactoryGirl.create(:application)
       app2 = FactoryGirl.create(:application)
       app2.uid = app1.uid
-      expect { app2.save!(validate: false) }.to raise_error
+      expect { app2.save!(validate: false) }.to raise_error(uniqueness_error)
     end
     it 'generate secret on create' do
@@ -129,7 +129,7 @@ module Doorkeeper
       it 'should destroy its access tokens' do
         FactoryGirl.create(:access_token, application: new_application)
-        FactoryGirl.create(:access_token, application: new_application, revoked_at: Time.now)
+        FactoryGirl.create(:access_token, application: new_application, revoked_at: Time.now.utc)
         expect do
           new_application.destroy
         end.to change { Doorkeeper::AccessToken.count }.by(-2)
@@ -166,14 +166,6 @@ module Doorkeeper
         FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, application: application)
         expect(Application.authorized_for(resource_owner)).to eq([application])
       end
-      it 'should fail to mass assign a new application', if: ::Rails::VERSION::MAJOR < 4 do
-        mass_assign = { name: 'Something',
-                        redirect_uri: 'http://somewhere.com/something',
-                        uid: 123,
-                        secret: 'something' }
-        expect(Application.create(mass_assign).uid).not_to eq(123)
-      end
     end
     describe :authenticate do

data/spec/requests/flows/authorization_code_spec.rb CHANGED Viewed

@@ -128,3 +128,29 @@ feature 'Authorization Code Flow' do
     end
   end
 end
+describe 'Authorization Code Flow' do
+  before do
+    Doorkeeper.configure do
+      orm DOORKEEPER_ORM
+      use_refresh_token
+    end
+    client_exists
+  end
+  context 'issuing a refresh token' do
+    before do
+      authorization_code_exists application: @client
+    end
+    it 'second of simultaneous client requests get an error for revoked acccess token' do
+      authorization_code = Doorkeeper::AccessGrant.first.token
+      allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:revoked?).and_return(false, true)
+      post token_endpoint_url(code: authorization_code, client: @client)
+      should_not_have_json 'access_token'
+      should_have_json 'error', 'invalid_grant'
+    end
+  end
+end