doorkeeper 3.1.0 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.coveralls.yml +1 -0
- data/.github/ISSUE_TEMPLATE.md +25 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
- data/.gitignore +6 -1
- data/.hound.yml +2 -13
- data/.rubocop.yml +17 -0
- data/.travis.yml +26 -10
- data/Appraisals +18 -0
- data/CODE_OF_CONDUCT.md +46 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +5 -5
- data/NEWS.md +141 -2
- data/README.md +149 -66
- data/RELEASING.md +5 -12
- data/Rakefile +1 -1
- data/SECURITY.md +15 -0
- data/app/controllers/doorkeeper/application_controller.rb +4 -6
- data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
- data/app/controllers/doorkeeper/applications_controller.rb +18 -8
- data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +62 -15
- data/app/helpers/doorkeeper/dashboard_helper.rb +14 -10
- data/app/validators/redirect_uri_validator.rb +12 -2
- data/app/views/doorkeeper/applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/applications/_form.html.erb +13 -2
- data/app/views/doorkeeper/applications/index.html.erb +2 -0
- data/app/views/doorkeeper/applications/show.html.erb +4 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +1 -1
- data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +1 -1
- data/config/locales/en.yml +12 -7
- data/doorkeeper.gemspec +16 -11
- data/gemfiles/rails_4_2.gemfile +13 -0
- data/gemfiles/rails_5_0.gemfile +12 -0
- data/gemfiles/rails_5_1.gemfile +12 -0
- data/gemfiles/rails_5_2.gemfile +12 -0
- data/gemfiles/rails_master.gemfile +14 -0
- data/lib/doorkeeper/config.rb +119 -46
- data/lib/doorkeeper/engine.rb +11 -7
- data/lib/doorkeeper/errors.rb +18 -0
- data/lib/doorkeeper/grape/helpers.rb +14 -8
- data/lib/doorkeeper/helpers/controller.rb +8 -19
- data/lib/doorkeeper/models/access_grant_mixin.rb +10 -21
- data/lib/doorkeeper/models/access_token_mixin.rb +147 -43
- data/lib/doorkeeper/models/application_mixin.rb +33 -35
- data/lib/doorkeeper/models/concerns/accessible.rb +4 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +15 -5
- data/lib/doorkeeper/models/concerns/orderable.rb +13 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +6 -1
- data/lib/doorkeeper/models/concerns/revocable.rb +37 -2
- data/lib/doorkeeper/oauth/authorization/token.rb +22 -18
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +20 -18
- data/lib/doorkeeper/oauth/authorization_code_request.rb +7 -5
- data/lib/doorkeeper/oauth/{request_concern.rb → base_request.rb} +9 -2
- data/lib/doorkeeper/oauth/base_response.rb +29 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +21 -8
- data/lib/doorkeeper/oauth/client.rb +2 -3
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +3 -2
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -8
- data/lib/doorkeeper/oauth/code_response.rb +16 -16
- data/lib/doorkeeper/oauth/error.rb +2 -2
- data/lib/doorkeeper/oauth/error_response.rb +10 -10
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +17 -1
- data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -4
- data/lib/doorkeeper/oauth/password_access_token_request.rb +8 -13
- data/lib/doorkeeper/oauth/pre_authorization.rb +5 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +23 -14
- data/lib/doorkeeper/oauth/scopes.rb +18 -8
- data/lib/doorkeeper/oauth/token.rb +20 -21
- data/lib/doorkeeper/oauth/token_introspection.rb +128 -0
- data/lib/doorkeeper/oauth/token_request.rb +1 -2
- data/lib/doorkeeper/oauth/token_response.rb +1 -1
- data/lib/doorkeeper/orm/active_record/access_grant.rb +27 -0
- data/lib/doorkeeper/orm/active_record/access_token.rb +34 -8
- data/lib/doorkeeper/orm/active_record/application.rb +48 -11
- data/lib/doorkeeper/orm/active_record.rb +17 -22
- data/lib/doorkeeper/rails/helpers.rb +6 -9
- data/lib/doorkeeper/rails/routes/mapper.rb +4 -4
- data/lib/doorkeeper/rails/routes/mapping.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +17 -11
- data/lib/doorkeeper/request/authorization_code.rb +7 -1
- data/lib/doorkeeper/request/password.rb +2 -2
- data/lib/doorkeeper/request/refresh_token.rb +1 -1
- data/lib/doorkeeper/request.rb +7 -1
- data/lib/doorkeeper/server.rb +0 -8
- data/lib/doorkeeper/validations.rb +3 -2
- data/lib/doorkeeper/version.rb +34 -1
- data/lib/doorkeeper.rb +10 -2
- data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +31 -0
- data/lib/generators/doorkeeper/application_owner_generator.rb +11 -2
- data/lib/generators/doorkeeper/migration_generator.rb +13 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +35 -0
- data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +11 -0
- data/{spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb → lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb} +1 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +11 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +38 -6
- data/lib/generators/doorkeeper/templates/migration.rb.erb +69 -0
- data/spec/controllers/application_metal_controller.rb +10 -0
- data/spec/controllers/applications_controller_spec.rb +15 -4
- data/spec/controllers/authorizations_controller_spec.rb +74 -27
- data/spec/controllers/protected_resources_controller_spec.rb +70 -32
- data/spec/controllers/token_info_controller_spec.rb +17 -13
- data/spec/controllers/tokens_controller_spec.rb +198 -12
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -4
- data/spec/dummy/app/controllers/home_controller.rb +1 -1
- data/spec/dummy/app/controllers/metal_controller.rb +1 -1
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +3 -3
- data/spec/dummy/app/models/user.rb +0 -4
- data/spec/dummy/config/application.rb +2 -36
- data/spec/dummy/config/environment.rb +1 -1
- data/spec/dummy/config/environments/test.rb +4 -15
- data/spec/dummy/config/initializers/doorkeeper.rb +19 -3
- data/spec/dummy/config/initializers/new_framework_defaults.rb +6 -0
- data/spec/dummy/config/initializers/secret_token.rb +0 -1
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +3 -1
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +3 -1
- data/{lib/generators/doorkeeper/templates/migration.rb → spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb} +16 -4
- data/{lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb → spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb} +4 -2
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +13 -0
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_application.rb +13 -0
- data/spec/dummy/db/schema.rb +24 -22
- data/spec/factories.rb +4 -2
- data/spec/generators/application_owner_generator_spec.rb +24 -5
- data/spec/generators/migration_generator_spec.rb +24 -3
- data/spec/generators/previous_refresh_token_generator_spec.rb +57 -0
- data/spec/grape/grape_integration_spec.rb +135 -0
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +159 -14
- data/spec/lib/doorkeeper_spec.rb +135 -13
- data/spec/lib/models/expirable_spec.rb +0 -1
- data/spec/lib/models/revocable_spec.rb +27 -4
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +1 -2
- data/spec/lib/oauth/authorization_code_request_spec.rb +55 -12
- data/spec/lib/oauth/base_request_spec.rb +155 -0
- data/spec/lib/oauth/base_response_spec.rb +45 -0
- data/spec/lib/oauth/client/credentials_spec.rb +45 -2
- data/spec/lib/oauth/client_credentials/creator_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials_request_spec.rb +1 -0
- data/spec/lib/oauth/code_request_spec.rb +1 -3
- data/spec/lib/oauth/code_response_spec.rb +34 -0
- data/spec/lib/oauth/error_response_spec.rb +9 -9
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +115 -1
- data/spec/lib/oauth/invalid_token_response_spec.rb +36 -8
- data/spec/lib/oauth/password_access_token_request_spec.rb +14 -8
- data/spec/lib/oauth/pre_authorization_spec.rb +12 -7
- data/spec/lib/oauth/refresh_token_request_spec.rb +52 -9
- data/spec/lib/oauth/scopes_spec.rb +28 -2
- data/spec/lib/oauth/token_request_spec.rb +6 -8
- data/spec/lib/oauth/token_spec.rb +12 -5
- data/spec/lib/server_spec.rb +10 -3
- data/spec/models/doorkeeper/access_grant_spec.rb +1 -1
- data/spec/models/doorkeeper/access_token_spec.rb +116 -48
- data/spec/models/doorkeeper/application_spec.rb +145 -29
- data/spec/requests/applications/applications_request_spec.rb +5 -5
- data/spec/requests/endpoints/authorization_spec.rb +5 -6
- data/spec/requests/endpoints/token_spec.rb +8 -1
- data/spec/requests/flows/authorization_code_errors_spec.rb +11 -1
- data/spec/requests/flows/authorization_code_spec.rb +6 -13
- data/spec/requests/flows/client_credentials_spec.rb +29 -1
- data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
- data/spec/requests/flows/password_spec.rb +118 -15
- data/spec/requests/flows/refresh_token_spec.rb +89 -19
- data/spec/requests/flows/revoke_token_spec.rb +105 -91
- data/spec/requests/protected_resources/metal_spec.rb +1 -1
- data/spec/requests/protected_resources/private_api_spec.rb +1 -1
- data/spec/routing/custom_controller_routes_spec.rb +4 -0
- data/spec/routing/default_routes_spec.rb +5 -1
- data/spec/spec_helper.rb +2 -0
- data/spec/spec_helper_integration.rb +22 -4
- data/spec/support/dependencies/factory_girl.rb +2 -2
- data/spec/support/helpers/access_token_request_helper.rb +1 -1
- data/spec/support/helpers/model_helper.rb +34 -7
- data/spec/support/helpers/request_spec_helper.rb +17 -5
- data/spec/support/helpers/url_helper.rb +9 -8
- data/spec/support/http_method_shim.rb +38 -0
- data/spec/support/shared/controllers_shared_context.rb +15 -10
- data/spec/support/shared/models_shared_examples.rb +5 -5
- data/spec/validators/redirect_uri_validator_spec.rb +51 -6
- data/spec/version/version_spec.rb +15 -0
- metadata +128 -46
- data/lib/doorkeeper/oauth/client/methods.rb +0 -18
- data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
- data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
- data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
- data/spec/lib/oauth/client/methods_spec.rb +0 -54
@@ -10,13 +10,32 @@ describe 'Doorkeeper::ApplicationOwnerGenerator' do
|
|
10
10
|
describe 'after running the generator' do
|
11
11
|
before :each do
|
12
12
|
prepare_destination
|
13
|
-
FileUtils.mkdir(::File.expand_path('config', Pathname(destination_root)))
|
14
|
-
FileUtils.copy_file(::File.expand_path('../templates/routes.rb', __FILE__), ::File.expand_path('config/routes.rb', Pathname.new(destination_root)))
|
15
|
-
run_generator
|
16
13
|
end
|
17
14
|
|
18
|
-
|
19
|
-
|
15
|
+
context 'pre Rails 5.0.0' do
|
16
|
+
it 'creates a migration with no version specifier' do
|
17
|
+
stub_const("ActiveRecord::VERSION::MAJOR", 4)
|
18
|
+
stub_const("ActiveRecord::VERSION::MINOR", 2)
|
19
|
+
|
20
|
+
run_generator
|
21
|
+
|
22
|
+
assert_migration 'db/migrate/add_owner_to_application.rb' do |migration|
|
23
|
+
assert migration.include?("ActiveRecord::Migration\n")
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context 'post Rails 5.0.0' do
|
29
|
+
it 'creates a migration with a version specifier' do
|
30
|
+
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
31
|
+
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
32
|
+
|
33
|
+
run_generator
|
34
|
+
|
35
|
+
assert_migration 'db/migrate/add_owner_to_application.rb' do |migration|
|
36
|
+
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
37
|
+
end
|
38
|
+
end
|
20
39
|
end
|
21
40
|
end
|
22
41
|
end
|
@@ -10,11 +10,32 @@ describe 'Doorkeeper::MigrationGenerator' do
|
|
10
10
|
describe 'after running the generator' do
|
11
11
|
before :each do
|
12
12
|
prepare_destination
|
13
|
-
run_generator
|
14
13
|
end
|
15
14
|
|
16
|
-
|
17
|
-
|
15
|
+
context 'pre Rails 5.0.0' do
|
16
|
+
it 'creates a migration with no version specifier' do
|
17
|
+
stub_const('ActiveRecord::VERSION::MAJOR', 4)
|
18
|
+
stub_const('ActiveRecord::VERSION::MINOR', 2)
|
19
|
+
|
20
|
+
run_generator
|
21
|
+
|
22
|
+
assert_migration 'db/migrate/create_doorkeeper_tables.rb' do |migration|
|
23
|
+
assert migration.include?("ActiveRecord::Migration\n")
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context 'post Rails 5.0.0' do
|
29
|
+
it 'creates a migration with a version specifier' do
|
30
|
+
stub_const('ActiveRecord::VERSION::MAJOR', 5)
|
31
|
+
stub_const('ActiveRecord::VERSION::MINOR', 0)
|
32
|
+
|
33
|
+
run_generator
|
34
|
+
|
35
|
+
assert_migration 'db/migrate/create_doorkeeper_tables.rb' do |migration|
|
36
|
+
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
37
|
+
end
|
38
|
+
end
|
18
39
|
end
|
19
40
|
end
|
20
41
|
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'spec_helper_integration'
|
2
|
+
require 'generators/doorkeeper/previous_refresh_token_generator'
|
3
|
+
|
4
|
+
describe 'Doorkeeper::PreviousRefreshTokenGenerator' do
|
5
|
+
include GeneratorSpec::TestCase
|
6
|
+
|
7
|
+
tests Doorkeeper::PreviousRefreshTokenGenerator
|
8
|
+
destination ::File.expand_path('../tmp/dummy', __FILE__)
|
9
|
+
|
10
|
+
describe 'after running the generator' do
|
11
|
+
before :each do
|
12
|
+
prepare_destination
|
13
|
+
|
14
|
+
allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
|
15
|
+
receive(:no_previous_refresh_token_column?).and_return(true)
|
16
|
+
)
|
17
|
+
end
|
18
|
+
|
19
|
+
context 'pre Rails 5.0.0' do
|
20
|
+
it 'creates a migration with no version specifier' do
|
21
|
+
stub_const('ActiveRecord::VERSION::MAJOR', 4)
|
22
|
+
stub_const('ActiveRecord::VERSION::MINOR', 2)
|
23
|
+
|
24
|
+
run_generator
|
25
|
+
|
26
|
+
assert_migration 'db/migrate/add_previous_refresh_token_to_access_tokens.rb' do |migration|
|
27
|
+
assert migration.include?("ActiveRecord::Migration\n")
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
context 'post Rails 5.0.0' do
|
33
|
+
it 'creates a migration with a version specifier' do
|
34
|
+
stub_const('ActiveRecord::VERSION::MAJOR', 5)
|
35
|
+
stub_const('ActiveRecord::VERSION::MINOR', 0)
|
36
|
+
|
37
|
+
run_generator
|
38
|
+
|
39
|
+
assert_migration 'db/migrate/add_previous_refresh_token_to_access_tokens.rb' do |migration|
|
40
|
+
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
context 'already exist' do
|
46
|
+
it 'does not create a migration' do
|
47
|
+
allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
|
48
|
+
receive(:no_previous_refresh_token_column?).and_call_original
|
49
|
+
)
|
50
|
+
|
51
|
+
run_generator
|
52
|
+
|
53
|
+
assert_no_migration 'db/migrate/add_previous_refresh_token_to_access_tokens.rb'
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,135 @@
|
|
1
|
+
require 'spec_helper_integration'
|
2
|
+
require 'grape'
|
3
|
+
require 'rack/test'
|
4
|
+
require 'doorkeeper/grape/helpers'
|
5
|
+
|
6
|
+
# Test Grape API application
|
7
|
+
module GrapeApp
|
8
|
+
class API < Grape::API
|
9
|
+
version 'v1', using: :path
|
10
|
+
format :json
|
11
|
+
prefix :api
|
12
|
+
|
13
|
+
helpers Doorkeeper::Grape::Helpers
|
14
|
+
|
15
|
+
resource :protected do
|
16
|
+
before do
|
17
|
+
doorkeeper_authorize!
|
18
|
+
end
|
19
|
+
|
20
|
+
desc 'Protected resource, requires token.'
|
21
|
+
|
22
|
+
get :status do
|
23
|
+
{ token: doorkeeper_token.token }
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
resource :protected_with_endpoint_scopes do
|
28
|
+
before do
|
29
|
+
doorkeeper_authorize!
|
30
|
+
end
|
31
|
+
|
32
|
+
desc 'Protected resource, requires token with scopes (defined in endpoint).'
|
33
|
+
|
34
|
+
get :status, scopes: [:admin] do
|
35
|
+
{ response: 'OK' }
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
resource :protected_with_helper_scopes do
|
40
|
+
before do
|
41
|
+
doorkeeper_authorize! :admin
|
42
|
+
end
|
43
|
+
|
44
|
+
desc 'Protected resource, requires token with scopes (defined in helper).'
|
45
|
+
|
46
|
+
get :status do
|
47
|
+
{ response: 'OK' }
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
resource :public do
|
52
|
+
desc "Public resource, no token required."
|
53
|
+
|
54
|
+
get :status do
|
55
|
+
{ response: 'OK' }
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
describe 'Grape integration' do
|
62
|
+
include Rack::Test::Methods
|
63
|
+
|
64
|
+
def app
|
65
|
+
GrapeApp::API
|
66
|
+
end
|
67
|
+
|
68
|
+
def json_body
|
69
|
+
JSON.parse(last_response.body)
|
70
|
+
end
|
71
|
+
|
72
|
+
let(:client) { FactoryBot.create(:application) }
|
73
|
+
let(:resource) { FactoryBot.create(:doorkeeper_testing_user, name: 'Joe', password: 'sekret') }
|
74
|
+
let(:access_token) { client_is_authorized(client, resource) }
|
75
|
+
|
76
|
+
context 'with valid Access Token' do
|
77
|
+
it 'successfully requests protected resource' do
|
78
|
+
get "api/v1/protected/status.json?access_token=#{access_token.token}"
|
79
|
+
|
80
|
+
expect(last_response).to be_successful
|
81
|
+
|
82
|
+
expect(json_body['token']).to eq(access_token.token)
|
83
|
+
end
|
84
|
+
|
85
|
+
it 'successfully requests protected resource with token that has required scopes (Grape endpoint)' do
|
86
|
+
access_token = client_is_authorized(client, resource, scopes: 'admin')
|
87
|
+
|
88
|
+
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
|
89
|
+
|
90
|
+
expect(last_response).to be_successful
|
91
|
+
expect(json_body).to have_key('response')
|
92
|
+
end
|
93
|
+
|
94
|
+
it 'successfully requests protected resource with token that has required scopes (Doorkeeper helper)' do
|
95
|
+
access_token = client_is_authorized(client, resource, scopes: 'admin')
|
96
|
+
|
97
|
+
get "api/v1/protected_with_helper_scopes/status.json?access_token=#{access_token.token}"
|
98
|
+
|
99
|
+
expect(last_response).to be_successful
|
100
|
+
expect(json_body).to have_key('response')
|
101
|
+
end
|
102
|
+
|
103
|
+
it 'successfully requests public resource' do
|
104
|
+
get "api/v1/public/status.json"
|
105
|
+
|
106
|
+
expect(last_response).to be_successful
|
107
|
+
expect(json_body).to have_key('response')
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
context 'with invalid Access Token' do
|
112
|
+
it 'fails without access token' do
|
113
|
+
get "api/v1/protected/status.json"
|
114
|
+
|
115
|
+
expect(last_response).not_to be_successful
|
116
|
+
expect(json_body).to have_key('error')
|
117
|
+
end
|
118
|
+
|
119
|
+
it 'fails for access token without scopes' do
|
120
|
+
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
|
121
|
+
|
122
|
+
expect(last_response).not_to be_successful
|
123
|
+
expect(json_body).to have_key('error')
|
124
|
+
end
|
125
|
+
|
126
|
+
it 'fails for access token with invalid scopes' do
|
127
|
+
access_token = client_is_authorized(client, resource, scopes: 'read write')
|
128
|
+
|
129
|
+
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
|
130
|
+
|
131
|
+
expect(last_response).not_to be_successful
|
132
|
+
expect(json_body).to have_key('error')
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'spec_helper_integration'
|
2
2
|
|
3
3
|
describe Doorkeeper::DashboardHelper do
|
4
|
-
describe '
|
4
|
+
describe '#doorkeeper_errors_for' do
|
5
5
|
let(:object) { double errors: { method: messages } }
|
6
6
|
let(:messages) { ['first message', 'second message'] }
|
7
7
|
|
data/spec/lib/config_spec.rb
CHANGED
@@ -8,10 +8,45 @@ describe Doorkeeper, 'configuration' do
|
|
8
8
|
block = proc {}
|
9
9
|
Doorkeeper.configure do
|
10
10
|
orm DOORKEEPER_ORM
|
11
|
-
resource_owner_authenticator
|
11
|
+
resource_owner_authenticator(&block)
|
12
12
|
end
|
13
|
+
|
13
14
|
expect(subject.authenticate_resource_owner).to eq(block)
|
14
15
|
end
|
16
|
+
|
17
|
+
it 'prints warning message by default' do
|
18
|
+
Doorkeeper.configure do
|
19
|
+
orm DOORKEEPER_ORM
|
20
|
+
end
|
21
|
+
|
22
|
+
expect(Rails.logger).to receive(:warn).with(
|
23
|
+
I18n.t('doorkeeper.errors.messages.resource_owner_authenticator_not_configured')
|
24
|
+
)
|
25
|
+
subject.authenticate_resource_owner.call(nil)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
describe 'resource_owner_from_credentials' do
|
30
|
+
it 'sets the block that is accessible via authenticate_resource_owner' do
|
31
|
+
block = proc {}
|
32
|
+
Doorkeeper.configure do
|
33
|
+
orm DOORKEEPER_ORM
|
34
|
+
resource_owner_from_credentials(&block)
|
35
|
+
end
|
36
|
+
|
37
|
+
expect(subject.resource_owner_from_credentials).to eq(block)
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'prints warning message by default' do
|
41
|
+
Doorkeeper.configure do
|
42
|
+
orm DOORKEEPER_ORM
|
43
|
+
end
|
44
|
+
|
45
|
+
expect(Rails.logger).to receive(:warn).with(
|
46
|
+
I18n.t('doorkeeper.errors.messages.credential_flow_not_configured')
|
47
|
+
)
|
48
|
+
subject.resource_owner_from_credentials.call(nil)
|
49
|
+
end
|
15
50
|
end
|
16
51
|
|
17
52
|
describe 'setup_orm_adapter' do
|
@@ -37,6 +72,7 @@ describe Doorkeeper, 'configuration' do
|
|
37
72
|
orm DOORKEEPER_ORM
|
38
73
|
admin_authenticator(&block)
|
39
74
|
end
|
75
|
+
|
40
76
|
expect(subject.authenticate_admin).to eq(block)
|
41
77
|
end
|
42
78
|
end
|
@@ -59,6 +95,7 @@ describe Doorkeeper, 'configuration' do
|
|
59
95
|
orm DOORKEEPER_ORM
|
60
96
|
access_token_expires_in nil
|
61
97
|
end
|
98
|
+
|
62
99
|
expect(subject.access_token_expires_in).to be_nil
|
63
100
|
end
|
64
101
|
end
|
@@ -69,6 +106,7 @@ describe Doorkeeper, 'configuration' do
|
|
69
106
|
orm DOORKEEPER_ORM
|
70
107
|
default_scopes :public
|
71
108
|
end
|
109
|
+
|
72
110
|
expect(subject.default_scopes).to include('public')
|
73
111
|
end
|
74
112
|
|
@@ -77,6 +115,7 @@ describe Doorkeeper, 'configuration' do
|
|
77
115
|
orm DOORKEEPER_ORM
|
78
116
|
optional_scopes :write, :update
|
79
117
|
end
|
118
|
+
|
80
119
|
expect(subject.optional_scopes).to include('write', 'update')
|
81
120
|
end
|
82
121
|
|
@@ -86,6 +125,7 @@ describe Doorkeeper, 'configuration' do
|
|
86
125
|
default_scopes :normal
|
87
126
|
optional_scopes :admin
|
88
127
|
end
|
128
|
+
|
89
129
|
expect(subject.scopes).to include('normal', 'admin')
|
90
130
|
end
|
91
131
|
end
|
@@ -100,6 +140,7 @@ describe Doorkeeper, 'configuration' do
|
|
100
140
|
orm DOORKEEPER_ORM
|
101
141
|
use_refresh_token
|
102
142
|
end
|
143
|
+
|
103
144
|
expect(subject.refresh_token_enabled?).to be_truthy
|
104
145
|
end
|
105
146
|
|
@@ -121,6 +162,31 @@ describe Doorkeeper, 'configuration' do
|
|
121
162
|
end
|
122
163
|
end
|
123
164
|
|
165
|
+
describe 'opt_out_native_route_change' do
|
166
|
+
around(:each) do |example|
|
167
|
+
Doorkeeper.configure do
|
168
|
+
orm DOORKEEPER_ORM
|
169
|
+
opt_out_native_route_change
|
170
|
+
end
|
171
|
+
|
172
|
+
Rails.application.reload_routes!
|
173
|
+
|
174
|
+
subject { Doorkeeper.configuration }
|
175
|
+
|
176
|
+
example.run
|
177
|
+
|
178
|
+
Doorkeeper.configure do
|
179
|
+
orm DOORKEEPER_ORM
|
180
|
+
end
|
181
|
+
|
182
|
+
Rails.application.reload_routes!
|
183
|
+
end
|
184
|
+
|
185
|
+
it 'sets the native authorization code route /:code' do
|
186
|
+
expect(subject.native_authorization_code_route).to eq('/:code')
|
187
|
+
end
|
188
|
+
end
|
189
|
+
|
124
190
|
describe 'client_credentials' do
|
125
191
|
it 'has defaults order' do
|
126
192
|
expect(subject.client_credentials_methods).to eq([:from_basic, :from_params])
|
@@ -131,6 +197,7 @@ describe Doorkeeper, 'configuration' do
|
|
131
197
|
orm DOORKEEPER_ORM
|
132
198
|
client_credentials :from_digest, :from_params
|
133
199
|
end
|
200
|
+
|
134
201
|
expect(subject.client_credentials_methods).to eq([:from_digest, :from_params])
|
135
202
|
end
|
136
203
|
end
|
@@ -145,11 +212,23 @@ describe Doorkeeper, 'configuration' do
|
|
145
212
|
orm DOORKEEPER_ORM
|
146
213
|
force_ssl_in_redirect_uri(false)
|
147
214
|
end
|
215
|
+
|
148
216
|
expect(subject.force_ssl_in_redirect_uri).to be_falsey
|
149
217
|
end
|
218
|
+
|
219
|
+
it 'can be a callable object' do
|
220
|
+
block = proc { false }
|
221
|
+
Doorkeeper.configure do
|
222
|
+
orm DOORKEEPER_ORM
|
223
|
+
force_ssl_in_redirect_uri(&block)
|
224
|
+
end
|
225
|
+
|
226
|
+
expect(subject.force_ssl_in_redirect_uri).to eq(block)
|
227
|
+
expect(subject.force_ssl_in_redirect_uri.call).to be_falsey
|
228
|
+
end
|
150
229
|
end
|
151
230
|
|
152
|
-
describe '
|
231
|
+
describe 'access_token_methods' do
|
153
232
|
it 'has defaults order' do
|
154
233
|
expect(subject.access_token_methods).to eq([:from_bearer_authorization, :from_access_token_param, :from_bearer_param])
|
155
234
|
end
|
@@ -159,10 +238,28 @@ describe Doorkeeper, 'configuration' do
|
|
159
238
|
orm DOORKEEPER_ORM
|
160
239
|
access_token_methods :from_access_token_param, :from_bearer_param
|
161
240
|
end
|
241
|
+
|
162
242
|
expect(subject.access_token_methods).to eq([:from_access_token_param, :from_bearer_param])
|
163
243
|
end
|
164
244
|
end
|
165
245
|
|
246
|
+
describe 'forbid_redirect_uri' do
|
247
|
+
it 'is false by default' do
|
248
|
+
expect(subject.forbid_redirect_uri.call(URI.parse('https://localhost'))).to be_falsey
|
249
|
+
end
|
250
|
+
|
251
|
+
it 'can be a callable object' do
|
252
|
+
block = proc { true }
|
253
|
+
Doorkeeper.configure do
|
254
|
+
orm DOORKEEPER_ORM
|
255
|
+
forbid_redirect_uri(&block)
|
256
|
+
end
|
257
|
+
|
258
|
+
expect(subject.forbid_redirect_uri).to eq(block)
|
259
|
+
expect(subject.forbid_redirect_uri.call).to be_truthy
|
260
|
+
end
|
261
|
+
end
|
262
|
+
|
166
263
|
describe 'enable_application_owner' do
|
167
264
|
it 'is disabled by default' do
|
168
265
|
expect(Doorkeeper.configuration.enable_application_owner?).not_to be_truthy
|
@@ -175,9 +272,11 @@ describe Doorkeeper, 'configuration' do
|
|
175
272
|
enable_application_owner
|
176
273
|
end
|
177
274
|
end
|
275
|
+
|
178
276
|
it 'adds support for application owner' do
|
179
277
|
expect(Doorkeeper::Application.new).to respond_to :owner
|
180
278
|
end
|
279
|
+
|
181
280
|
it 'Doorkeeper.configuration.confirm_application_owner? returns false' do
|
182
281
|
expect(Doorkeeper.configuration.confirm_application_owner?).not_to be_truthy
|
183
282
|
end
|
@@ -190,9 +289,11 @@ describe Doorkeeper, 'configuration' do
|
|
190
289
|
enable_application_owner confirmation: true
|
191
290
|
end
|
192
291
|
end
|
292
|
+
|
193
293
|
it 'adds support for application owner' do
|
194
294
|
expect(Doorkeeper::Application.new).to respond_to :owner
|
195
295
|
end
|
296
|
+
|
196
297
|
it 'Doorkeeper.configuration.confirm_application_owner? returns true' do
|
197
298
|
expect(Doorkeeper.configuration.confirm_application_owner?).to be_truthy
|
198
299
|
end
|
@@ -209,6 +310,7 @@ describe Doorkeeper, 'configuration' do
|
|
209
310
|
orm DOORKEEPER_ORM
|
210
311
|
realm 'Example'
|
211
312
|
end
|
313
|
+
|
212
314
|
expect(subject.realm).to eq('Example')
|
213
315
|
end
|
214
316
|
end
|
@@ -216,23 +318,24 @@ describe Doorkeeper, 'configuration' do
|
|
216
318
|
describe "grant_flows" do
|
217
319
|
it "is set to all grant flows by default" do
|
218
320
|
expect(Doorkeeper.configuration.grant_flows).
|
219
|
-
to eq(%w
|
321
|
+
to eq(%w[authorization_code client_credentials])
|
220
322
|
end
|
221
323
|
|
222
324
|
it "can change the value" do
|
223
|
-
Doorkeeper.configure
|
325
|
+
Doorkeeper.configure do
|
224
326
|
orm DOORKEEPER_ORM
|
225
|
-
grant_flows [
|
226
|
-
|
327
|
+
grant_flows ['authorization_code', 'implicit']
|
328
|
+
end
|
329
|
+
|
227
330
|
expect(subject.grant_flows).to eq ['authorization_code', 'implicit']
|
228
331
|
end
|
229
332
|
|
230
333
|
context "when including 'authorization_code'" do
|
231
334
|
before do
|
232
|
-
Doorkeeper.configure
|
335
|
+
Doorkeeper.configure do
|
233
336
|
orm DOORKEEPER_ORM
|
234
337
|
grant_flows ['authorization_code']
|
235
|
-
|
338
|
+
end
|
236
339
|
end
|
237
340
|
|
238
341
|
it "includes 'code' in authorization_response_types" do
|
@@ -246,10 +349,10 @@ describe Doorkeeper, 'configuration' do
|
|
246
349
|
|
247
350
|
context "when including 'implicit'" do
|
248
351
|
before do
|
249
|
-
Doorkeeper.configure
|
352
|
+
Doorkeeper.configure do
|
250
353
|
orm DOORKEEPER_ORM
|
251
354
|
grant_flows ['implicit']
|
252
|
-
|
355
|
+
end
|
253
356
|
end
|
254
357
|
|
255
358
|
it "includes 'token' in authorization_response_types" do
|
@@ -259,10 +362,10 @@ describe Doorkeeper, 'configuration' do
|
|
259
362
|
|
260
363
|
context "when including 'password'" do
|
261
364
|
before do
|
262
|
-
Doorkeeper.configure
|
365
|
+
Doorkeeper.configure do
|
263
366
|
orm DOORKEEPER_ORM
|
264
367
|
grant_flows ['password']
|
265
|
-
|
368
|
+
end
|
266
369
|
end
|
267
370
|
|
268
371
|
it "includes 'password' in token_grant_types" do
|
@@ -272,10 +375,10 @@ describe Doorkeeper, 'configuration' do
|
|
272
375
|
|
273
376
|
context "when including 'client_credentials'" do
|
274
377
|
before do
|
275
|
-
Doorkeeper.configure
|
378
|
+
Doorkeeper.configure do
|
276
379
|
orm DOORKEEPER_ORM
|
277
380
|
grant_flows ['client_credentials']
|
278
|
-
|
381
|
+
end
|
279
382
|
end
|
280
383
|
|
281
384
|
it "includes 'client_credentials' in token_grant_types" do
|
@@ -314,4 +417,46 @@ describe Doorkeeper, 'configuration' do
|
|
314
417
|
expect(subject.access_token_generator).to eq('Example')
|
315
418
|
end
|
316
419
|
end
|
420
|
+
|
421
|
+
describe 'base_controller' do
|
422
|
+
context 'default' do
|
423
|
+
it { expect(Doorkeeper.configuration.base_controller).to eq('ActionController::Base') }
|
424
|
+
end
|
425
|
+
|
426
|
+
context 'custom' do
|
427
|
+
before do
|
428
|
+
Doorkeeper.configure do
|
429
|
+
orm DOORKEEPER_ORM
|
430
|
+
base_controller 'ApplicationController'
|
431
|
+
end
|
432
|
+
end
|
433
|
+
|
434
|
+
it { expect(Doorkeeper.configuration.base_controller).to eq('ApplicationController') }
|
435
|
+
end
|
436
|
+
end
|
437
|
+
|
438
|
+
if DOORKEEPER_ORM == :active_record
|
439
|
+
describe 'active_record_options' do
|
440
|
+
let(:models) { [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application] }
|
441
|
+
|
442
|
+
before do
|
443
|
+
models.each do |model|
|
444
|
+
allow(model).to receive(:establish_connection).and_return(true)
|
445
|
+
end
|
446
|
+
end
|
447
|
+
|
448
|
+
it 'establishes connection for Doorkeeper models based on options' do
|
449
|
+
models.each do |model|
|
450
|
+
expect(model).to receive(:establish_connection)
|
451
|
+
end
|
452
|
+
|
453
|
+
Doorkeeper.configure do
|
454
|
+
orm DOORKEEPER_ORM
|
455
|
+
active_record_options(
|
456
|
+
establish_connection: Rails.configuration.database_configuration[Rails.env]
|
457
|
+
)
|
458
|
+
end
|
459
|
+
end
|
460
|
+
end
|
461
|
+
end
|
317
462
|
end
|