doorkeeper 3.1.0 → 4.4.3

data/spec/generators/application_owner_generator_spec.rb

@@ -10,13 +10,32 @@ describe 'Doorkeeper::ApplicationOwnerGenerator' do
   describe 'after running the generator' do
     before :each do
       prepare_destination
-      FileUtils.mkdir(::File.expand_path('config', Pathname(destination_root)))
-      FileUtils.copy_file(::File.expand_path('../templates/routes.rb', __FILE__), ::File.expand_path('config/routes.rb', Pathname.new(destination_root)))
-      run_generator
     end
 
-    it 'creates a migration' do
-      assert_migration 'db/migrate/add_owner_to_application.rb'
+    context 'pre Rails 5.0.0' do
+      it 'creates a migration with no version specifier' do
+        stub_const("ActiveRecord::VERSION::MAJOR", 4)
+        stub_const("ActiveRecord::VERSION::MINOR", 2)
+
+        run_generator
+
+        assert_migration 'db/migrate/add_owner_to_application.rb' do |migration|
+          assert migration.include?("ActiveRecord::Migration\n")
+        end
+      end
+    end
+
+    context 'post Rails 5.0.0' do
+      it 'creates a migration with a version specifier' do
+        stub_const("ActiveRecord::VERSION::MAJOR", 5)
+        stub_const("ActiveRecord::VERSION::MINOR", 0)
+
+        run_generator
+
+        assert_migration 'db/migrate/add_owner_to_application.rb' do |migration|
+          assert migration.include?("ActiveRecord::Migration[5.0]\n")
+        end
+      end
     end
   end
 end

data/spec/generators/migration_generator_spec.rb

@@ -10,11 +10,32 @@ describe 'Doorkeeper::MigrationGenerator' do
   describe 'after running the generator' do
     before :each do
       prepare_destination
-      run_generator
     end
 
-    it 'creates a migration' do
-      assert_migration 'db/migrate/create_doorkeeper_tables.rb'
+    context 'pre Rails 5.0.0' do
+      it 'creates a migration with no version specifier' do
+        stub_const('ActiveRecord::VERSION::MAJOR', 4)
+        stub_const('ActiveRecord::VERSION::MINOR', 2)
+
+        run_generator
+
+        assert_migration 'db/migrate/create_doorkeeper_tables.rb' do |migration|
+          assert migration.include?("ActiveRecord::Migration\n")
+        end
+      end
+    end
+
+    context 'post Rails 5.0.0' do
+      it 'creates a migration with a version specifier' do
+        stub_const('ActiveRecord::VERSION::MAJOR', 5)
+        stub_const('ActiveRecord::VERSION::MINOR', 0)
+
+        run_generator
+
+        assert_migration 'db/migrate/create_doorkeeper_tables.rb' do |migration|
+          assert migration.include?("ActiveRecord::Migration[5.0]\n")
+        end
+      end
     end
   end
 end

data/spec/generators/previous_refresh_token_generator_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper_integration'
+require 'generators/doorkeeper/previous_refresh_token_generator'
+
+describe 'Doorkeeper::PreviousRefreshTokenGenerator' do
+  include GeneratorSpec::TestCase
+
+  tests Doorkeeper::PreviousRefreshTokenGenerator
+  destination ::File.expand_path('../tmp/dummy', __FILE__)
+
+  describe 'after running the generator' do
+    before :each do
+      prepare_destination
+
+      allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
+        receive(:no_previous_refresh_token_column?).and_return(true)
+      )
+    end
+
+    context 'pre Rails 5.0.0' do
+      it 'creates a migration with no version specifier' do
+        stub_const('ActiveRecord::VERSION::MAJOR', 4)
+        stub_const('ActiveRecord::VERSION::MINOR', 2)
+
+        run_generator
+
+        assert_migration 'db/migrate/add_previous_refresh_token_to_access_tokens.rb' do |migration|
+          assert migration.include?("ActiveRecord::Migration\n")
+        end
+      end
+    end
+
+    context 'post Rails 5.0.0' do
+      it 'creates a migration with a version specifier' do
+        stub_const('ActiveRecord::VERSION::MAJOR', 5)
+        stub_const('ActiveRecord::VERSION::MINOR', 0)
+
+        run_generator
+
+        assert_migration 'db/migrate/add_previous_refresh_token_to_access_tokens.rb' do |migration|
+          assert migration.include?("ActiveRecord::Migration[5.0]\n")
+        end
+      end
+    end
+
+    context 'already exist' do
+      it 'does not create a migration' do
+        allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
+          receive(:no_previous_refresh_token_column?).and_call_original
+        )
+
+        run_generator
+
+        assert_no_migration 'db/migrate/add_previous_refresh_token_to_access_tokens.rb'
+      end
+    end
+  end
+end

data/spec/grape/grape_integration_spec.rb

@@ -0,0 +1,135 @@
+require 'spec_helper_integration'
+require 'grape'
+require 'rack/test'
+require 'doorkeeper/grape/helpers'
+
+# Test Grape API application
+module GrapeApp
+  class API < Grape::API
+    version 'v1', using: :path
+    format :json
+    prefix :api
+
+    helpers Doorkeeper::Grape::Helpers
+
+    resource :protected do
+      before do
+        doorkeeper_authorize!
+      end
+
+      desc 'Protected resource, requires token.'
+
+      get :status do
+        { token: doorkeeper_token.token }
+      end
+    end
+
+    resource :protected_with_endpoint_scopes do
+      before do
+        doorkeeper_authorize!
+      end
+
+      desc 'Protected resource, requires token with scopes (defined in endpoint).'
+
+      get :status, scopes: [:admin] do
+        { response: 'OK' }
+      end
+    end
+
+    resource :protected_with_helper_scopes do
+      before do
+        doorkeeper_authorize! :admin
+      end
+
+      desc 'Protected resource, requires token with scopes (defined in helper).'
+
+      get :status do
+        { response: 'OK' }
+      end
+    end
+
+    resource :public do
+      desc "Public resource, no token required."
+
+      get :status do
+        { response: 'OK' }
+      end
+    end
+  end
+end
+
+describe 'Grape integration' do
+  include Rack::Test::Methods
+
+  def app
+    GrapeApp::API
+  end
+
+  def json_body
+    JSON.parse(last_response.body)
+  end
+  
+  let(:client) { FactoryBot.create(:application) }
+  let(:resource) { FactoryBot.create(:doorkeeper_testing_user, name: 'Joe', password: 'sekret') }
+  let(:access_token) { client_is_authorized(client, resource) }
+
+  context 'with valid Access Token' do
+    it 'successfully requests protected resource' do
+      get "api/v1/protected/status.json?access_token=#{access_token.token}"
+
+      expect(last_response).to be_successful
+
+      expect(json_body['token']).to eq(access_token.token)
+    end
+
+    it 'successfully requests protected resource with token that has required scopes (Grape endpoint)' do
+      access_token = client_is_authorized(client, resource, scopes: 'admin')
+
+      get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
+
+      expect(last_response).to be_successful
+      expect(json_body).to have_key('response')
+    end
+
+    it 'successfully requests protected resource with token that has required scopes (Doorkeeper helper)' do
+      access_token = client_is_authorized(client, resource, scopes: 'admin')
+
+      get "api/v1/protected_with_helper_scopes/status.json?access_token=#{access_token.token}"
+
+      expect(last_response).to be_successful
+      expect(json_body).to have_key('response')
+    end
+
+    it 'successfully requests public resource' do
+      get "api/v1/public/status.json"
+
+      expect(last_response).to be_successful
+      expect(json_body).to have_key('response')
+    end
+  end
+
+  context 'with invalid Access Token' do
+    it 'fails without access token' do
+      get "api/v1/protected/status.json"
+
+      expect(last_response).not_to be_successful
+      expect(json_body).to have_key('error')
+    end
+
+    it 'fails for access token without scopes' do
+      get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
+
+      expect(last_response).not_to be_successful
+      expect(json_body).to have_key('error')
+    end
+
+    it 'fails for access token with invalid scopes' do
+      access_token = client_is_authorized(client, resource, scopes: 'read write')
+
+      get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
+
+      expect(last_response).not_to be_successful
+      expect(json_body).to have_key('error')
+    end
+  end
+end

data/spec/helpers/doorkeeper/dashboard_helper_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper_integration'
 
 describe Doorkeeper::DashboardHelper do
-  describe '.doorkeeper_errors_for' do
+  describe '#doorkeeper_errors_for' do
     let(:object) { double errors: { method: messages } }
     let(:messages) { ['first message', 'second message'] }
 

data/spec/lib/config_spec.rb

@@ -8,10 +8,45 @@ describe Doorkeeper, 'configuration' do
       block = proc {}
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        resource_owner_authenticator &block
+        resource_owner_authenticator(&block)
       end
+
       expect(subject.authenticate_resource_owner).to eq(block)
     end
+
+    it 'prints warning message by default' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+      end
+
+      expect(Rails.logger).to receive(:warn).with(
+        I18n.t('doorkeeper.errors.messages.resource_owner_authenticator_not_configured')
+      )
+      subject.authenticate_resource_owner.call(nil)
+    end
+  end
+
+  describe 'resource_owner_from_credentials' do
+    it 'sets the block that is accessible via authenticate_resource_owner' do
+      block = proc {}
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        resource_owner_from_credentials(&block)
+      end
+
+      expect(subject.resource_owner_from_credentials).to eq(block)
+    end
+
+    it 'prints warning message by default' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+      end
+
+      expect(Rails.logger).to receive(:warn).with(
+        I18n.t('doorkeeper.errors.messages.credential_flow_not_configured')
+      )
+      subject.resource_owner_from_credentials.call(nil)
+    end
   end
 
   describe 'setup_orm_adapter' do
@@ -37,6 +72,7 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         admin_authenticator(&block)
       end
+
       expect(subject.authenticate_admin).to eq(block)
     end
   end
@@ -59,6 +95,7 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         access_token_expires_in nil
       end
+
       expect(subject.access_token_expires_in).to be_nil
     end
   end
@@ -69,6 +106,7 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         default_scopes :public
       end
+
       expect(subject.default_scopes).to include('public')
     end
 
@@ -77,6 +115,7 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         optional_scopes :write, :update
       end
+
       expect(subject.optional_scopes).to include('write', 'update')
     end
 
@@ -86,6 +125,7 @@ describe Doorkeeper, 'configuration' do
         default_scopes  :normal
         optional_scopes :admin
       end
+
       expect(subject.scopes).to include('normal', 'admin')
     end
   end
@@ -100,6 +140,7 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         use_refresh_token
       end
+
       expect(subject.refresh_token_enabled?).to be_truthy
     end
 
@@ -121,6 +162,31 @@ describe Doorkeeper, 'configuration' do
     end
   end
 
+  describe 'opt_out_native_route_change' do
+    around(:each) do |example|
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        opt_out_native_route_change
+      end
+
+      Rails.application.reload_routes!
+
+      subject { Doorkeeper.configuration }
+
+      example.run
+
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+      end
+
+      Rails.application.reload_routes!
+    end
+
+    it 'sets the native authorization code route /:code' do
+      expect(subject.native_authorization_code_route).to eq('/:code')
+    end
+  end
+
   describe 'client_credentials' do
     it 'has defaults order' do
       expect(subject.client_credentials_methods).to eq([:from_basic, :from_params])
@@ -131,6 +197,7 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         client_credentials :from_digest, :from_params
       end
+
       expect(subject.client_credentials_methods).to eq([:from_digest, :from_params])
     end
   end
@@ -145,11 +212,23 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         force_ssl_in_redirect_uri(false)
       end
+
       expect(subject.force_ssl_in_redirect_uri).to be_falsey
     end
+
+    it 'can be a callable object' do
+      block = proc { false }
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        force_ssl_in_redirect_uri(&block)
+      end
+
+      expect(subject.force_ssl_in_redirect_uri).to eq(block)
+      expect(subject.force_ssl_in_redirect_uri.call).to be_falsey
+    end
   end
 
-  describe 'access_token_credentials' do
+  describe 'access_token_methods' do
     it 'has defaults order' do
       expect(subject.access_token_methods).to eq([:from_bearer_authorization, :from_access_token_param, :from_bearer_param])
     end
@@ -159,10 +238,28 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         access_token_methods :from_access_token_param, :from_bearer_param
       end
+
       expect(subject.access_token_methods).to eq([:from_access_token_param, :from_bearer_param])
     end
   end
 
+  describe 'forbid_redirect_uri' do
+    it 'is false by default' do
+      expect(subject.forbid_redirect_uri.call(URI.parse('https://localhost'))).to be_falsey
+    end
+
+    it 'can be a callable object' do
+      block = proc { true }
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        forbid_redirect_uri(&block)
+      end
+
+      expect(subject.forbid_redirect_uri).to eq(block)
+      expect(subject.forbid_redirect_uri.call).to be_truthy
+    end
+  end
+
   describe 'enable_application_owner' do
     it 'is disabled by default' do
       expect(Doorkeeper.configuration.enable_application_owner?).not_to be_truthy
@@ -175,9 +272,11 @@ describe Doorkeeper, 'configuration' do
           enable_application_owner
         end
       end
+
       it 'adds support for application owner' do
         expect(Doorkeeper::Application.new).to respond_to :owner
       end
+
       it 'Doorkeeper.configuration.confirm_application_owner? returns false' do
         expect(Doorkeeper.configuration.confirm_application_owner?).not_to be_truthy
       end
@@ -190,9 +289,11 @@ describe Doorkeeper, 'configuration' do
           enable_application_owner confirmation: true
         end
       end
+
       it 'adds support for application owner' do
         expect(Doorkeeper::Application.new).to respond_to :owner
       end
+
       it 'Doorkeeper.configuration.confirm_application_owner? returns true' do
         expect(Doorkeeper.configuration.confirm_application_owner?).to be_truthy
       end
@@ -209,6 +310,7 @@ describe Doorkeeper, 'configuration' do
         orm DOORKEEPER_ORM
         realm 'Example'
       end
+
       expect(subject.realm).to eq('Example')
     end
   end
@@ -216,23 +318,24 @@ describe Doorkeeper, 'configuration' do
   describe "grant_flows" do
     it "is set to all grant flows by default" do
       expect(Doorkeeper.configuration.grant_flows).
-        to eq(%w(authorization_code client_credentials))
+        to eq(%w[authorization_code client_credentials])
     end
 
     it "can change the value" do
-      Doorkeeper.configure {
+      Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        grant_flows [ 'authorization_code', 'implicit' ]
-      }
+        grant_flows ['authorization_code', 'implicit']
+      end
+
       expect(subject.grant_flows).to eq ['authorization_code', 'implicit']
     end
 
     context "when including 'authorization_code'" do
       before do
-        Doorkeeper.configure {
+        Doorkeeper.configure do
           orm DOORKEEPER_ORM
           grant_flows ['authorization_code']
-        }
+        end
       end
 
       it "includes 'code' in authorization_response_types" do
@@ -246,10 +349,10 @@ describe Doorkeeper, 'configuration' do
 
     context "when including 'implicit'" do
       before do
-        Doorkeeper.configure {
+        Doorkeeper.configure do
           orm DOORKEEPER_ORM
           grant_flows ['implicit']
-        }
+        end
       end
 
       it "includes 'token' in authorization_response_types" do
@@ -259,10 +362,10 @@ describe Doorkeeper, 'configuration' do
 
     context "when including 'password'" do
       before do
-        Doorkeeper.configure {
+        Doorkeeper.configure do
           orm DOORKEEPER_ORM
           grant_flows ['password']
-        }
+        end
       end
 
       it "includes 'password' in token_grant_types" do
@@ -272,10 +375,10 @@ describe Doorkeeper, 'configuration' do
 
     context "when including 'client_credentials'" do
       before do
-        Doorkeeper.configure {
+        Doorkeeper.configure do
           orm DOORKEEPER_ORM
           grant_flows ['client_credentials']
-        }
+        end
       end
 
       it "includes 'client_credentials' in token_grant_types" do
@@ -314,4 +417,46 @@ describe Doorkeeper, 'configuration' do
       expect(subject.access_token_generator).to eq('Example')
     end
   end
+
+  describe 'base_controller' do
+    context 'default' do
+      it { expect(Doorkeeper.configuration.base_controller).to eq('ActionController::Base') }
+    end
+
+    context 'custom' do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          base_controller 'ApplicationController'
+        end
+      end
+
+      it { expect(Doorkeeper.configuration.base_controller).to eq('ApplicationController') }
+    end
+  end
+
+  if DOORKEEPER_ORM == :active_record
+    describe 'active_record_options' do
+      let(:models) { [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application] }
+
+      before do
+        models.each do |model|
+          allow(model).to receive(:establish_connection).and_return(true)
+        end
+      end
+
+      it 'establishes connection for Doorkeeper models based on options' do
+        models.each do |model|
+          expect(model).to receive(:establish_connection)
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          active_record_options(
+            establish_connection: Rails.configuration.database_configuration[Rails.env]
+          )
+        end
+      end
+    end
+  end
 end