doorkeeper 3.1.0 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.coveralls.yml +1 -0
- data/.github/ISSUE_TEMPLATE.md +25 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
- data/.gitignore +6 -1
- data/.hound.yml +2 -13
- data/.rubocop.yml +17 -0
- data/.travis.yml +26 -10
- data/Appraisals +18 -0
- data/CODE_OF_CONDUCT.md +46 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +5 -5
- data/NEWS.md +141 -2
- data/README.md +149 -66
- data/RELEASING.md +5 -12
- data/Rakefile +1 -1
- data/SECURITY.md +15 -0
- data/app/controllers/doorkeeper/application_controller.rb +4 -6
- data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
- data/app/controllers/doorkeeper/applications_controller.rb +18 -8
- data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +62 -15
- data/app/helpers/doorkeeper/dashboard_helper.rb +14 -10
- data/app/validators/redirect_uri_validator.rb +12 -2
- data/app/views/doorkeeper/applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/applications/_form.html.erb +13 -2
- data/app/views/doorkeeper/applications/index.html.erb +2 -0
- data/app/views/doorkeeper/applications/show.html.erb +4 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +1 -1
- data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +1 -1
- data/config/locales/en.yml +12 -7
- data/doorkeeper.gemspec +16 -11
- data/gemfiles/rails_4_2.gemfile +13 -0
- data/gemfiles/rails_5_0.gemfile +12 -0
- data/gemfiles/rails_5_1.gemfile +12 -0
- data/gemfiles/rails_5_2.gemfile +12 -0
- data/gemfiles/rails_master.gemfile +14 -0
- data/lib/doorkeeper/config.rb +119 -46
- data/lib/doorkeeper/engine.rb +11 -7
- data/lib/doorkeeper/errors.rb +18 -0
- data/lib/doorkeeper/grape/helpers.rb +14 -8
- data/lib/doorkeeper/helpers/controller.rb +8 -19
- data/lib/doorkeeper/models/access_grant_mixin.rb +10 -21
- data/lib/doorkeeper/models/access_token_mixin.rb +147 -43
- data/lib/doorkeeper/models/application_mixin.rb +33 -35
- data/lib/doorkeeper/models/concerns/accessible.rb +4 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +15 -5
- data/lib/doorkeeper/models/concerns/orderable.rb +13 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +6 -1
- data/lib/doorkeeper/models/concerns/revocable.rb +37 -2
- data/lib/doorkeeper/oauth/authorization/token.rb +22 -18
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +20 -18
- data/lib/doorkeeper/oauth/authorization_code_request.rb +7 -5
- data/lib/doorkeeper/oauth/{request_concern.rb → base_request.rb} +9 -2
- data/lib/doorkeeper/oauth/base_response.rb +29 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +21 -8
- data/lib/doorkeeper/oauth/client.rb +2 -3
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +3 -2
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -8
- data/lib/doorkeeper/oauth/code_response.rb +16 -16
- data/lib/doorkeeper/oauth/error.rb +2 -2
- data/lib/doorkeeper/oauth/error_response.rb +10 -10
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +17 -1
- data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -4
- data/lib/doorkeeper/oauth/password_access_token_request.rb +8 -13
- data/lib/doorkeeper/oauth/pre_authorization.rb +5 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +23 -14
- data/lib/doorkeeper/oauth/scopes.rb +18 -8
- data/lib/doorkeeper/oauth/token.rb +20 -21
- data/lib/doorkeeper/oauth/token_introspection.rb +128 -0
- data/lib/doorkeeper/oauth/token_request.rb +1 -2
- data/lib/doorkeeper/oauth/token_response.rb +1 -1
- data/lib/doorkeeper/orm/active_record/access_grant.rb +27 -0
- data/lib/doorkeeper/orm/active_record/access_token.rb +34 -8
- data/lib/doorkeeper/orm/active_record/application.rb +48 -11
- data/lib/doorkeeper/orm/active_record.rb +17 -22
- data/lib/doorkeeper/rails/helpers.rb +6 -9
- data/lib/doorkeeper/rails/routes/mapper.rb +4 -4
- data/lib/doorkeeper/rails/routes/mapping.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +17 -11
- data/lib/doorkeeper/request/authorization_code.rb +7 -1
- data/lib/doorkeeper/request/password.rb +2 -2
- data/lib/doorkeeper/request/refresh_token.rb +1 -1
- data/lib/doorkeeper/request.rb +7 -1
- data/lib/doorkeeper/server.rb +0 -8
- data/lib/doorkeeper/validations.rb +3 -2
- data/lib/doorkeeper/version.rb +34 -1
- data/lib/doorkeeper.rb +10 -2
- data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +31 -0
- data/lib/generators/doorkeeper/application_owner_generator.rb +11 -2
- data/lib/generators/doorkeeper/migration_generator.rb +13 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +35 -0
- data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +11 -0
- data/{spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb → lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb} +1 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +11 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +38 -6
- data/lib/generators/doorkeeper/templates/migration.rb.erb +69 -0
- data/spec/controllers/application_metal_controller.rb +10 -0
- data/spec/controllers/applications_controller_spec.rb +15 -4
- data/spec/controllers/authorizations_controller_spec.rb +74 -27
- data/spec/controllers/protected_resources_controller_spec.rb +70 -32
- data/spec/controllers/token_info_controller_spec.rb +17 -13
- data/spec/controllers/tokens_controller_spec.rb +198 -12
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -4
- data/spec/dummy/app/controllers/home_controller.rb +1 -1
- data/spec/dummy/app/controllers/metal_controller.rb +1 -1
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +3 -3
- data/spec/dummy/app/models/user.rb +0 -4
- data/spec/dummy/config/application.rb +2 -36
- data/spec/dummy/config/environment.rb +1 -1
- data/spec/dummy/config/environments/test.rb +4 -15
- data/spec/dummy/config/initializers/doorkeeper.rb +19 -3
- data/spec/dummy/config/initializers/new_framework_defaults.rb +6 -0
- data/spec/dummy/config/initializers/secret_token.rb +0 -1
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +3 -1
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +3 -1
- data/{lib/generators/doorkeeper/templates/migration.rb → spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb} +16 -4
- data/{lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb → spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb} +4 -2
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +13 -0
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_application.rb +13 -0
- data/spec/dummy/db/schema.rb +24 -22
- data/spec/factories.rb +4 -2
- data/spec/generators/application_owner_generator_spec.rb +24 -5
- data/spec/generators/migration_generator_spec.rb +24 -3
- data/spec/generators/previous_refresh_token_generator_spec.rb +57 -0
- data/spec/grape/grape_integration_spec.rb +135 -0
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +159 -14
- data/spec/lib/doorkeeper_spec.rb +135 -13
- data/spec/lib/models/expirable_spec.rb +0 -1
- data/spec/lib/models/revocable_spec.rb +27 -4
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +1 -2
- data/spec/lib/oauth/authorization_code_request_spec.rb +55 -12
- data/spec/lib/oauth/base_request_spec.rb +155 -0
- data/spec/lib/oauth/base_response_spec.rb +45 -0
- data/spec/lib/oauth/client/credentials_spec.rb +45 -2
- data/spec/lib/oauth/client_credentials/creator_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials_request_spec.rb +1 -0
- data/spec/lib/oauth/code_request_spec.rb +1 -3
- data/spec/lib/oauth/code_response_spec.rb +34 -0
- data/spec/lib/oauth/error_response_spec.rb +9 -9
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +115 -1
- data/spec/lib/oauth/invalid_token_response_spec.rb +36 -8
- data/spec/lib/oauth/password_access_token_request_spec.rb +14 -8
- data/spec/lib/oauth/pre_authorization_spec.rb +12 -7
- data/spec/lib/oauth/refresh_token_request_spec.rb +52 -9
- data/spec/lib/oauth/scopes_spec.rb +28 -2
- data/spec/lib/oauth/token_request_spec.rb +6 -8
- data/spec/lib/oauth/token_spec.rb +12 -5
- data/spec/lib/server_spec.rb +10 -3
- data/spec/models/doorkeeper/access_grant_spec.rb +1 -1
- data/spec/models/doorkeeper/access_token_spec.rb +116 -48
- data/spec/models/doorkeeper/application_spec.rb +145 -29
- data/spec/requests/applications/applications_request_spec.rb +5 -5
- data/spec/requests/endpoints/authorization_spec.rb +5 -6
- data/spec/requests/endpoints/token_spec.rb +8 -1
- data/spec/requests/flows/authorization_code_errors_spec.rb +11 -1
- data/spec/requests/flows/authorization_code_spec.rb +6 -13
- data/spec/requests/flows/client_credentials_spec.rb +29 -1
- data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
- data/spec/requests/flows/password_spec.rb +118 -15
- data/spec/requests/flows/refresh_token_spec.rb +89 -19
- data/spec/requests/flows/revoke_token_spec.rb +105 -91
- data/spec/requests/protected_resources/metal_spec.rb +1 -1
- data/spec/requests/protected_resources/private_api_spec.rb +1 -1
- data/spec/routing/custom_controller_routes_spec.rb +4 -0
- data/spec/routing/default_routes_spec.rb +5 -1
- data/spec/spec_helper.rb +2 -0
- data/spec/spec_helper_integration.rb +22 -4
- data/spec/support/dependencies/factory_girl.rb +2 -2
- data/spec/support/helpers/access_token_request_helper.rb +1 -1
- data/spec/support/helpers/model_helper.rb +34 -7
- data/spec/support/helpers/request_spec_helper.rb +17 -5
- data/spec/support/helpers/url_helper.rb +9 -8
- data/spec/support/http_method_shim.rb +38 -0
- data/spec/support/shared/controllers_shared_context.rb +15 -10
- data/spec/support/shared/models_shared_examples.rb +5 -5
- data/spec/validators/redirect_uri_validator_spec.rb +51 -6
- data/spec/version/version_spec.rb +15 -0
- metadata +128 -46
- data/lib/doorkeeper/oauth/client/methods.rb +0 -18
- data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
- data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
- data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
- data/spec/lib/oauth/client/methods_spec.rb +0 -54
|
@@ -3,17 +3,33 @@ require 'spec_helper_integration'
|
|
|
3
3
|
describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
4
4
|
include AuthorizationRequestHelper
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
if Rails::VERSION::MAJOR >= 5
|
|
7
|
+
class ActionDispatch::TestResponse
|
|
8
|
+
def query_params
|
|
9
|
+
@_query_params ||= begin
|
|
10
|
+
fragment = URI.parse(location).fragment
|
|
11
|
+
Rack::Utils.parse_query(fragment)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
else
|
|
16
|
+
class ActionController::TestResponse
|
|
17
|
+
def query_params
|
|
18
|
+
@_query_params ||= begin
|
|
19
|
+
fragment = URI.parse(location).fragment
|
|
20
|
+
Rack::Utils.parse_query(fragment)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
9
24
|
end
|
|
10
25
|
|
|
11
26
|
def translated_error_message(key)
|
|
12
|
-
I18n.translate key, scope: [
|
|
27
|
+
I18n.translate key, scope: %i[doorkeeper errors messages]
|
|
13
28
|
end
|
|
14
29
|
|
|
15
|
-
let(:client)
|
|
16
|
-
let(:user)
|
|
30
|
+
let(:client) { FactoryBot.create :application }
|
|
31
|
+
let(:user) { User.create!(name: 'Joe', password: 'sekret') }
|
|
32
|
+
let(:access_token) { FactoryBot.build :access_token, resource_owner_id: user.id, application_id: client.id }
|
|
17
33
|
|
|
18
34
|
before do
|
|
19
35
|
allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
|
|
@@ -34,15 +50,15 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
34
50
|
end
|
|
35
51
|
|
|
36
52
|
it 'includes access token in fragment' do
|
|
37
|
-
expect(
|
|
53
|
+
expect(response.query_params['access_token']).to eq(Doorkeeper::AccessToken.first.token)
|
|
38
54
|
end
|
|
39
55
|
|
|
40
56
|
it 'includes token type in fragment' do
|
|
41
|
-
expect(
|
|
57
|
+
expect(response.query_params['token_type']).to eq('Bearer')
|
|
42
58
|
end
|
|
43
59
|
|
|
44
60
|
it 'includes token expiration in fragment' do
|
|
45
|
-
expect(
|
|
61
|
+
expect(response.query_params['expires_in'].to_i).to eq(2.hours.to_i)
|
|
46
62
|
end
|
|
47
63
|
|
|
48
64
|
it 'issues the token for the current client' do
|
|
@@ -69,15 +85,15 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
69
85
|
end
|
|
70
86
|
|
|
71
87
|
it 'does not include access token in fragment' do
|
|
72
|
-
expect(
|
|
88
|
+
expect(response.query_params['access_token']).to be_nil
|
|
73
89
|
end
|
|
74
90
|
|
|
75
91
|
it 'includes error in fragment' do
|
|
76
|
-
expect(
|
|
92
|
+
expect(response.query_params['error']).to eq('invalid_scope')
|
|
77
93
|
end
|
|
78
94
|
|
|
79
95
|
it 'includes error description in fragment' do
|
|
80
|
-
expect(
|
|
96
|
+
expect(response.query_params['error_description']).to eq(translated_error_message(:invalid_scope))
|
|
81
97
|
end
|
|
82
98
|
|
|
83
99
|
it 'does not issue any access token' do
|
|
@@ -86,16 +102,19 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
86
102
|
end
|
|
87
103
|
|
|
88
104
|
describe 'POST #create with application already authorized' do
|
|
89
|
-
it 'returns the existing access token in a fragment'
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
describe 'GET #new' do
|
|
93
105
|
before do
|
|
94
|
-
|
|
106
|
+
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
|
107
|
+
|
|
108
|
+
access_token.save!
|
|
109
|
+
post :create, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
it 'returns the existing access token in a fragment' do
|
|
113
|
+
expect(response.query_params['access_token']).to eq(access_token.token)
|
|
95
114
|
end
|
|
96
115
|
|
|
97
|
-
it '
|
|
98
|
-
expect(
|
|
116
|
+
it 'does not creates a new access token' do
|
|
117
|
+
expect(Doorkeeper::AccessToken.count).to eq(1)
|
|
99
118
|
end
|
|
100
119
|
end
|
|
101
120
|
|
|
@@ -125,7 +144,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
125
144
|
describe 'GET #new code request with native url and skip_authorization true' do
|
|
126
145
|
before do
|
|
127
146
|
allow(Doorkeeper.configuration).to receive(:grant_flows).
|
|
128
|
-
and_return(%w
|
|
147
|
+
and_return(%w[authorization_code])
|
|
129
148
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
|
130
149
|
true
|
|
131
150
|
end)
|
|
@@ -135,7 +154,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
135
154
|
|
|
136
155
|
it 'should redirect immediately' do
|
|
137
156
|
expect(response).to be_redirect
|
|
138
|
-
expect(response.location).to match(/oauth\/authorize
|
|
157
|
+
expect(response.location).to match(/oauth\/authorize\/native\?code=#{Doorkeeper::AccessGrant.first.token}/)
|
|
139
158
|
end
|
|
140
159
|
|
|
141
160
|
it 'should issue a grant' do
|
|
@@ -145,6 +164,38 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
145
164
|
it 'should not issue a token' do
|
|
146
165
|
expect(Doorkeeper::AccessToken.count).to be 0
|
|
147
166
|
end
|
|
167
|
+
|
|
168
|
+
context 'with opt_out_native_route_change' do
|
|
169
|
+
around(:each) do |example|
|
|
170
|
+
Doorkeeper.configure do
|
|
171
|
+
orm DOORKEEPER_ORM
|
|
172
|
+
opt_out_native_route_change
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
Rails.application.reload_routes!
|
|
176
|
+
|
|
177
|
+
example.run
|
|
178
|
+
|
|
179
|
+
Doorkeeper.configure do
|
|
180
|
+
orm DOORKEEPER_ORM
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
Rails.application.reload_routes!
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
it 'should redirect immediately' do
|
|
187
|
+
expect(response).to be_redirect
|
|
188
|
+
expect(response.location).to match(/oauth\/authorize\/#{Doorkeeper::AccessGrant.first.token}/)
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
it 'should issue a grant' do
|
|
192
|
+
expect(Doorkeeper::AccessGrant.count).to be 1
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
it 'should not issue a token' do
|
|
196
|
+
expect(Doorkeeper::AccessToken.count).to be 0
|
|
197
|
+
end
|
|
198
|
+
end
|
|
148
199
|
end
|
|
149
200
|
|
|
150
201
|
describe 'GET #new with skip_authorization true' do
|
|
@@ -165,11 +216,11 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
165
216
|
end
|
|
166
217
|
|
|
167
218
|
it 'includes token type in fragment' do
|
|
168
|
-
expect(
|
|
219
|
+
expect(response.query_params['token_type']).to eq('Bearer')
|
|
169
220
|
end
|
|
170
221
|
|
|
171
222
|
it 'includes token expiration in fragment' do
|
|
172
|
-
expect(
|
|
223
|
+
expect(response.query_params['expires_in'].to_i).to eq(2.hours.to_i)
|
|
173
224
|
end
|
|
174
225
|
|
|
175
226
|
it 'issues the token for the current client' do
|
|
@@ -191,10 +242,6 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
|
191
242
|
expect(response).to_not be_redirect
|
|
192
243
|
end
|
|
193
244
|
|
|
194
|
-
it 'renders error template' do
|
|
195
|
-
expect(response).to render_template(:error)
|
|
196
|
-
end
|
|
197
|
-
|
|
198
245
|
it 'does not issue any token' do
|
|
199
246
|
expect(Doorkeeper::AccessGrant.count).to eq 0
|
|
200
247
|
expect(Doorkeeper::AccessToken.count).to eq 0
|
|
@@ -2,27 +2,33 @@ require 'spec_helper_integration'
|
|
|
2
2
|
|
|
3
3
|
module ControllerActions
|
|
4
4
|
def index
|
|
5
|
-
render
|
|
5
|
+
render plain: 'index'
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
def show
|
|
9
|
-
render
|
|
9
|
+
render plain: 'show'
|
|
10
10
|
end
|
|
11
|
+
|
|
12
|
+
def doorkeeper_unauthorized_render_options(*); end
|
|
13
|
+
|
|
14
|
+
def doorkeeper_forbidden_render_options(*); end
|
|
11
15
|
end
|
|
12
16
|
|
|
13
17
|
describe 'doorkeeper authorize filter' do
|
|
14
18
|
context 'accepts token code specified as' do
|
|
15
19
|
controller do
|
|
16
|
-
|
|
20
|
+
before_action :doorkeeper_authorize!
|
|
17
21
|
|
|
18
22
|
def index
|
|
19
|
-
render
|
|
23
|
+
render plain: 'index'
|
|
20
24
|
end
|
|
21
25
|
end
|
|
22
26
|
|
|
23
27
|
let(:token_string) { '1A2BC3' }
|
|
24
28
|
let(:token) do
|
|
25
|
-
double(Doorkeeper::AccessToken,
|
|
29
|
+
double(Doorkeeper::AccessToken,
|
|
30
|
+
acceptable?: true, previous_refresh_token: "",
|
|
31
|
+
revoke_previous_refresh_token!: true)
|
|
26
32
|
end
|
|
27
33
|
|
|
28
34
|
it 'access_token param' do
|
|
@@ -58,7 +64,7 @@ describe 'doorkeeper authorize filter' do
|
|
|
58
64
|
|
|
59
65
|
context 'defined for all actions' do
|
|
60
66
|
controller do
|
|
61
|
-
|
|
67
|
+
before_action :doorkeeper_authorize!
|
|
62
68
|
|
|
63
69
|
include ControllerActions
|
|
64
70
|
end
|
|
@@ -66,12 +72,12 @@ describe 'doorkeeper authorize filter' do
|
|
|
66
72
|
context 'with valid token', token: :valid do
|
|
67
73
|
it 'allows into index action' do
|
|
68
74
|
get :index, access_token: token_string
|
|
69
|
-
expect(response).to
|
|
75
|
+
expect(response).to be_successful
|
|
70
76
|
end
|
|
71
77
|
|
|
72
78
|
it 'allows into show action' do
|
|
73
79
|
get :show, id: '4', access_token: token_string
|
|
74
|
-
expect(response).to
|
|
80
|
+
expect(response).to be_successful
|
|
75
81
|
end
|
|
76
82
|
end
|
|
77
83
|
|
|
@@ -92,7 +98,7 @@ describe 'doorkeeper authorize filter' do
|
|
|
92
98
|
|
|
93
99
|
context 'defined with scopes' do
|
|
94
100
|
controller do
|
|
95
|
-
|
|
101
|
+
before_action -> { doorkeeper_authorize! :write }
|
|
96
102
|
|
|
97
103
|
include ControllerActions
|
|
98
104
|
end
|
|
@@ -100,17 +106,29 @@ describe 'doorkeeper authorize filter' do
|
|
|
100
106
|
let(:token_string) { '1A2DUWE' }
|
|
101
107
|
|
|
102
108
|
it 'allows if the token has particular scopes' do
|
|
103
|
-
token = double(Doorkeeper::AccessToken,
|
|
109
|
+
token = double(Doorkeeper::AccessToken,
|
|
110
|
+
accessible?: true, scopes: %w[write public],
|
|
111
|
+
previous_refresh_token: "",
|
|
112
|
+
revoke_previous_refresh_token!: true)
|
|
104
113
|
expect(token).to receive(:acceptable?).with([:write]).and_return(true)
|
|
105
|
-
expect(
|
|
114
|
+
expect(
|
|
115
|
+
Doorkeeper::AccessToken
|
|
116
|
+
).to receive(:by_token).with(token_string).and_return(token)
|
|
117
|
+
|
|
106
118
|
get :index, access_token: token_string
|
|
107
|
-
expect(response).to
|
|
119
|
+
expect(response).to be_successful
|
|
108
120
|
end
|
|
109
121
|
|
|
110
122
|
it 'does not allow if the token does not include given scope' do
|
|
111
|
-
token = double(Doorkeeper::AccessToken,
|
|
112
|
-
|
|
123
|
+
token = double(Doorkeeper::AccessToken,
|
|
124
|
+
accessible?: true, scopes: ['public'], revoked?: false,
|
|
125
|
+
expired?: false, previous_refresh_token: "",
|
|
126
|
+
revoke_previous_refresh_token!: true)
|
|
127
|
+
expect(
|
|
128
|
+
Doorkeeper::AccessToken
|
|
129
|
+
).to receive(:by_token).with(token_string).and_return(token)
|
|
113
130
|
expect(token).to receive(:acceptable?).with([:write]).and_return(false)
|
|
131
|
+
|
|
114
132
|
get :index, access_token: token_string
|
|
115
133
|
expect(response.status).to eq 403
|
|
116
134
|
expect(response.header).to_not include('WWW-Authenticate')
|
|
@@ -119,7 +137,7 @@ describe 'doorkeeper authorize filter' do
|
|
|
119
137
|
|
|
120
138
|
context 'when custom unauthorized render options are configured' do
|
|
121
139
|
controller do
|
|
122
|
-
|
|
140
|
+
before_action :doorkeeper_authorize!
|
|
123
141
|
|
|
124
142
|
include ControllerActions
|
|
125
143
|
end
|
|
@@ -127,13 +145,18 @@ describe 'doorkeeper authorize filter' do
|
|
|
127
145
|
context 'with a JSON custom render', token: :invalid do
|
|
128
146
|
before do
|
|
129
147
|
module ControllerActions
|
|
148
|
+
remove_method :doorkeeper_unauthorized_render_options
|
|
149
|
+
|
|
130
150
|
def doorkeeper_unauthorized_render_options(error: nil)
|
|
131
151
|
{ json: ActiveSupport::JSON.encode(error_message: error.description) }
|
|
132
152
|
end
|
|
133
153
|
end
|
|
134
154
|
end
|
|
155
|
+
|
|
135
156
|
after do
|
|
136
157
|
module ControllerActions
|
|
158
|
+
remove_method :doorkeeper_unauthorized_render_options
|
|
159
|
+
|
|
137
160
|
def doorkeeper_unauthorized_render_options(error: nil)
|
|
138
161
|
end
|
|
139
162
|
end
|
|
@@ -144,31 +167,35 @@ describe 'doorkeeper authorize filter' do
|
|
|
144
167
|
expect(response.status).to eq 401
|
|
145
168
|
expect(response.content_type).to eq('application/json')
|
|
146
169
|
expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
|
|
147
|
-
|
|
148
|
-
expect(
|
|
149
|
-
expect(
|
|
170
|
+
|
|
171
|
+
expect(json_response).not_to be_nil
|
|
172
|
+
expect(json_response['error_message']).to match('token is invalid')
|
|
150
173
|
end
|
|
151
174
|
end
|
|
152
175
|
|
|
153
176
|
context 'with a text custom render', token: :invalid do
|
|
154
177
|
before do
|
|
155
178
|
module ControllerActions
|
|
156
|
-
|
|
157
|
-
|
|
179
|
+
remove_method :doorkeeper_unauthorized_render_options
|
|
180
|
+
|
|
181
|
+
def doorkeeper_unauthorized_render_options(**)
|
|
182
|
+
{ plain: 'Unauthorized' }
|
|
158
183
|
end
|
|
159
184
|
end
|
|
160
185
|
end
|
|
186
|
+
|
|
161
187
|
after do
|
|
162
188
|
module ControllerActions
|
|
163
|
-
|
|
164
|
-
|
|
189
|
+
remove_method :doorkeeper_unauthorized_render_options
|
|
190
|
+
|
|
191
|
+
def doorkeeper_unauthorized_render_options(error: nil); end
|
|
165
192
|
end
|
|
166
193
|
end
|
|
167
194
|
|
|
168
195
|
it 'it renders a custom text response', token: :invalid do
|
|
169
196
|
get :index, access_token: token_string
|
|
170
197
|
expect(response.status).to eq 401
|
|
171
|
-
expect(response.content_type).to eq('text/
|
|
198
|
+
expect(response.content_type).to eq('text/plain')
|
|
172
199
|
expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
|
|
173
200
|
expect(response.body).to eq('Unauthorized')
|
|
174
201
|
end
|
|
@@ -183,26 +210,32 @@ describe 'doorkeeper authorize filter' do
|
|
|
183
210
|
|
|
184
211
|
after do
|
|
185
212
|
module ControllerActions
|
|
186
|
-
|
|
187
|
-
|
|
213
|
+
remove_method :doorkeeper_forbidden_render_options
|
|
214
|
+
|
|
215
|
+
def doorkeeper_forbidden_render_options(*); end
|
|
188
216
|
end
|
|
189
217
|
end
|
|
190
218
|
|
|
191
219
|
controller do
|
|
192
|
-
|
|
220
|
+
before_action -> { doorkeeper_authorize! :write }
|
|
193
221
|
|
|
194
222
|
include ControllerActions
|
|
195
223
|
end
|
|
196
224
|
|
|
197
225
|
let(:token) do
|
|
198
226
|
double(Doorkeeper::AccessToken,
|
|
199
|
-
accessible?: true, scopes: ['public'], revoked?: false,
|
|
227
|
+
accessible?: true, scopes: ['public'], revoked?: false,
|
|
228
|
+
expired?: false, previous_refresh_token: "",
|
|
229
|
+
revoke_previous_refresh_token!: true)
|
|
200
230
|
end
|
|
231
|
+
|
|
201
232
|
let(:token_string) { '1A2DUWE' }
|
|
202
233
|
|
|
203
234
|
context 'with a JSON custom render' do
|
|
204
235
|
before do
|
|
205
236
|
module ControllerActions
|
|
237
|
+
remove_method :doorkeeper_forbidden_render_options
|
|
238
|
+
|
|
206
239
|
def doorkeeper_forbidden_render_options(*)
|
|
207
240
|
{ json: { error_message: 'Forbidden' } }
|
|
208
241
|
end
|
|
@@ -214,15 +247,16 @@ describe 'doorkeeper authorize filter' do
|
|
|
214
247
|
expect(response.header).to_not include('WWW-Authenticate')
|
|
215
248
|
expect(response.content_type).to eq('application/json')
|
|
216
249
|
expect(response.status).to eq 403
|
|
217
|
-
|
|
218
|
-
expect(
|
|
219
|
-
expect(
|
|
250
|
+
|
|
251
|
+
expect(json_response).not_to be_nil
|
|
252
|
+
expect(json_response['error_message']).to match('Forbidden')
|
|
220
253
|
end
|
|
221
254
|
end
|
|
222
255
|
|
|
223
256
|
context 'with a status and JSON custom render' do
|
|
224
257
|
before do
|
|
225
258
|
module ControllerActions
|
|
259
|
+
remove_method :doorkeeper_forbidden_render_options
|
|
226
260
|
def doorkeeper_forbidden_render_options(*)
|
|
227
261
|
{ json: { error_message: 'Not Found' },
|
|
228
262
|
respond_not_found_when_forbidden: true }
|
|
@@ -239,8 +273,10 @@ describe 'doorkeeper authorize filter' do
|
|
|
239
273
|
context 'with a text custom render' do
|
|
240
274
|
before do
|
|
241
275
|
module ControllerActions
|
|
276
|
+
remove_method :doorkeeper_forbidden_render_options
|
|
277
|
+
|
|
242
278
|
def doorkeeper_forbidden_render_options(*)
|
|
243
|
-
{
|
|
279
|
+
{ plain: 'Forbidden' }
|
|
244
280
|
end
|
|
245
281
|
end
|
|
246
282
|
end
|
|
@@ -256,8 +292,10 @@ describe 'doorkeeper authorize filter' do
|
|
|
256
292
|
context 'with a status and text custom render' do
|
|
257
293
|
before do
|
|
258
294
|
module ControllerActions
|
|
295
|
+
remove_method :doorkeeper_forbidden_render_options
|
|
296
|
+
|
|
259
297
|
def doorkeeper_forbidden_render_options(*)
|
|
260
|
-
{ respond_not_found_when_forbidden: true,
|
|
298
|
+
{ respond_not_found_when_forbidden: true, plain: 'Not Found' }
|
|
261
299
|
end
|
|
262
300
|
end
|
|
263
301
|
end
|
|
@@ -1,26 +1,23 @@
|
|
|
1
1
|
require 'spec_helper_integration'
|
|
2
2
|
|
|
3
3
|
describe Doorkeeper::TokenInfoController do
|
|
4
|
-
describe 'when requesting
|
|
5
|
-
let(:doorkeeper_token) {
|
|
4
|
+
describe 'when requesting token info with valid token' do
|
|
5
|
+
let(:doorkeeper_token) { FactoryBot.create(:access_token) }
|
|
6
6
|
|
|
7
7
|
before(:each) do
|
|
8
8
|
allow(controller).to receive(:doorkeeper_token) { doorkeeper_token }
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
def do_get
|
|
12
|
-
get :show
|
|
13
|
-
end
|
|
14
|
-
|
|
15
11
|
describe 'successful request' do
|
|
16
|
-
|
|
17
12
|
it 'responds with tokeninfo' do
|
|
18
|
-
|
|
13
|
+
get :show
|
|
14
|
+
|
|
19
15
|
expect(response.body).to eq(doorkeeper_token.to_json)
|
|
20
16
|
end
|
|
21
17
|
|
|
22
18
|
it 'responds with a 200 status' do
|
|
23
|
-
|
|
19
|
+
get :show
|
|
20
|
+
|
|
24
21
|
expect(response.status).to eq 200
|
|
25
22
|
end
|
|
26
23
|
end
|
|
@@ -29,8 +26,10 @@ describe Doorkeeper::TokenInfoController do
|
|
|
29
26
|
before(:each) do
|
|
30
27
|
allow(controller).to receive(:doorkeeper_token).and_return(nil)
|
|
31
28
|
end
|
|
29
|
+
|
|
32
30
|
it 'responds with 401 when doorkeeper_token is not valid' do
|
|
33
|
-
|
|
31
|
+
get :show
|
|
32
|
+
|
|
34
33
|
expect(response.status).to eq 401
|
|
35
34
|
expect(response.headers['WWW-Authenticate']).to match(/^Bearer/)
|
|
36
35
|
end
|
|
@@ -38,14 +37,19 @@ describe Doorkeeper::TokenInfoController do
|
|
|
38
37
|
it 'responds with 401 when doorkeeper_token is invalid, expired or revoked' do
|
|
39
38
|
allow(controller).to receive(:doorkeeper_token).and_return(doorkeeper_token)
|
|
40
39
|
allow(doorkeeper_token).to receive(:accessible?).and_return(false)
|
|
41
|
-
|
|
40
|
+
|
|
41
|
+
get :show
|
|
42
|
+
|
|
42
43
|
expect(response.status).to eq 401
|
|
43
44
|
expect(response.headers['WWW-Authenticate']).to match(/^Bearer/)
|
|
44
45
|
end
|
|
45
46
|
|
|
46
47
|
it 'responds body message for error' do
|
|
47
|
-
|
|
48
|
-
|
|
48
|
+
get :show
|
|
49
|
+
|
|
50
|
+
expect(response.body).to eq(
|
|
51
|
+
Doorkeeper::OAuth::ErrorResponse.new(name: :invalid_request, status: :unauthorized).body.to_json
|
|
52
|
+
)
|
|
49
53
|
end
|
|
50
54
|
end
|
|
51
55
|
end
|