doorkeeper 3.1.0 → 5.6.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (270) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1079 -0
  3. data/README.md +114 -326
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +7 -6
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +9 -12
  7. data/app/controllers/doorkeeper/applications_controller.rb +66 -21
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +100 -18
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +23 -4
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +138 -22
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +15 -9
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +17 -11
  22. data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
  23. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  24. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  25. data/config/locales/en.yml +37 -9
  26. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  27. data/lib/doorkeeper/config/option.rb +82 -0
  28. data/lib/doorkeeper/config/validations.rb +53 -0
  29. data/lib/doorkeeper/config.rb +602 -142
  30. data/lib/doorkeeper/engine.rb +22 -7
  31. data/lib/doorkeeper/errors.rb +37 -10
  32. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  33. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  34. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  35. data/lib/doorkeeper/grant_flow.rb +45 -0
  36. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  37. data/lib/doorkeeper/grape/helpers.rb +24 -12
  38. data/lib/doorkeeper/helpers/controller.rb +49 -27
  39. data/lib/doorkeeper/models/access_grant_mixin.rb +99 -16
  40. data/lib/doorkeeper/models/access_token_mixin.rb +386 -77
  41. data/lib/doorkeeper/models/application_mixin.rb +73 -30
  42. data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
  43. data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
  44. data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
  45. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  46. data/lib/doorkeeper/models/concerns/ownership.rb +4 -2
  47. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  48. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  49. data/lib/doorkeeper/models/concerns/revocable.rb +13 -2
  50. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  51. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  52. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  53. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  54. data/lib/doorkeeper/oauth/authorization/token.rb +72 -28
  55. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
  56. data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
  57. data/lib/doorkeeper/oauth/base_request.rb +66 -0
  58. data/lib/doorkeeper/oauth/base_response.rb +31 -0
  59. data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
  60. data/lib/doorkeeper/oauth/client.rb +10 -12
  61. data/lib/doorkeeper/oauth/client_credentials/creator.rb +48 -4
  62. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +17 -9
  63. data/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
  64. data/lib/doorkeeper/oauth/client_credentials_request.rb +14 -15
  65. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  66. data/lib/doorkeeper/oauth/code_response.rb +31 -19
  67. data/lib/doorkeeper/oauth/error.rb +5 -3
  68. data/lib/doorkeeper/oauth/error_response.rb +41 -20
  69. data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
  70. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +24 -19
  71. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  72. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +55 -4
  73. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  74. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  75. data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
  76. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  77. data/lib/doorkeeper/oauth/password_access_token_request.rb +46 -18
  78. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  79. data/lib/doorkeeper/oauth/refresh_token_request.rb +67 -30
  80. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  81. data/lib/doorkeeper/oauth/token.rb +28 -25
  82. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  83. data/lib/doorkeeper/oauth/token_request.rb +8 -21
  84. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  85. data/lib/doorkeeper/oauth.rb +13 -0
  86. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  87. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -17
  88. data/lib/doorkeeper/orm/active_record/application.rb +6 -20
  89. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  90. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +81 -0
  91. data/lib/doorkeeper/orm/active_record/mixins/application.rb +214 -0
  92. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  93. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  94. data/lib/doorkeeper/orm/active_record.rb +36 -26
  95. data/lib/doorkeeper/rails/helpers.rb +14 -15
  96. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  97. data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
  98. data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
  99. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  100. data/lib/doorkeeper/rails/routes.rb +45 -28
  101. data/lib/doorkeeper/rake/db.rake +40 -0
  102. data/lib/doorkeeper/rake/setup.rake +6 -0
  103. data/lib/doorkeeper/rake.rb +14 -0
  104. data/lib/doorkeeper/request/authorization_code.rb +12 -4
  105. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  106. data/lib/doorkeeper/request/code.rb +1 -1
  107. data/lib/doorkeeper/request/password.rb +5 -4
  108. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  109. data/lib/doorkeeper/request/strategy.rb +4 -2
  110. data/lib/doorkeeper/request/token.rb +1 -1
  111. data/lib/doorkeeper/request.rb +62 -29
  112. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  113. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  114. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  115. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  116. data/lib/doorkeeper/server.rb +9 -19
  117. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  118. data/lib/doorkeeper/validations.rb +5 -2
  119. data/lib/doorkeeper/version.rb +12 -1
  120. data/lib/doorkeeper.rb +112 -56
  121. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  122. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  123. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  124. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  125. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  126. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  127. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +41 -0
  128. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  129. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  130. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +13 -0
  131. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  132. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  133. data/lib/generators/doorkeeper/templates/initializer.rb +417 -32
  134. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  135. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  136. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  137. metadata +163 -280
  138. data/.gitignore +0 -14
  139. data/.hound.yml +0 -13
  140. data/.rspec +0 -1
  141. data/.travis.yml +0 -22
  142. data/CONTRIBUTING.md +0 -45
  143. data/Gemfile +0 -10
  144. data/NEWS.md +0 -525
  145. data/RELEASING.md +0 -17
  146. data/Rakefile +0 -20
  147. data/app/validators/redirect_uri_validator.rb +0 -34
  148. data/doorkeeper.gemspec +0 -27
  149. data/lib/doorkeeper/oauth/client/methods.rb +0 -18
  150. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  151. data/lib/doorkeeper/oauth/request_concern.rb +0 -48
  152. data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
  153. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  154. data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
  155. data/lib/generators/doorkeeper/templates/migration.rb +0 -50
  156. data/spec/controllers/applications_controller_spec.rb +0 -58
  157. data/spec/controllers/authorizations_controller_spec.rb +0 -203
  158. data/spec/controllers/protected_resources_controller_spec.rb +0 -271
  159. data/spec/controllers/token_info_controller_spec.rb +0 -52
  160. data/spec/controllers/tokens_controller_spec.rb +0 -88
  161. data/spec/dummy/Rakefile +0 -7
  162. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  163. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  164. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  165. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  166. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  167. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  168. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  169. data/spec/dummy/app/models/user.rb +0 -9
  170. data/spec/dummy/app/views/home/index.html.erb +0 -0
  171. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  172. data/spec/dummy/config/application.rb +0 -57
  173. data/spec/dummy/config/boot.rb +0 -9
  174. data/spec/dummy/config/database.yml +0 -15
  175. data/spec/dummy/config/environment.rb +0 -5
  176. data/spec/dummy/config/environments/development.rb +0 -29
  177. data/spec/dummy/config/environments/production.rb +0 -62
  178. data/spec/dummy/config/environments/test.rb +0 -55
  179. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  180. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  181. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  182. data/spec/dummy/config/initializers/session_store.rb +0 -8
  183. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  184. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  185. data/spec/dummy/config/routes.rb +0 -52
  186. data/spec/dummy/config.ru +0 -4
  187. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  188. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  189. data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
  190. data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
  191. data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
  192. data/spec/dummy/db/schema.rb +0 -66
  193. data/spec/dummy/public/404.html +0 -26
  194. data/spec/dummy/public/422.html +0 -26
  195. data/spec/dummy/public/500.html +0 -26
  196. data/spec/dummy/public/favicon.ico +0 -0
  197. data/spec/dummy/script/rails +0 -6
  198. data/spec/factories.rb +0 -26
  199. data/spec/generators/application_owner_generator_spec.rb +0 -22
  200. data/spec/generators/install_generator_spec.rb +0 -31
  201. data/spec/generators/migration_generator_spec.rb +0 -20
  202. data/spec/generators/templates/routes.rb +0 -3
  203. data/spec/generators/views_generator_spec.rb +0 -27
  204. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  205. data/spec/lib/config_spec.rb +0 -317
  206. data/spec/lib/doorkeeper_spec.rb +0 -28
  207. data/spec/lib/models/expirable_spec.rb +0 -51
  208. data/spec/lib/models/revocable_spec.rb +0 -36
  209. data/spec/lib/models/scopes_spec.rb +0 -43
  210. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
  211. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  212. data/spec/lib/oauth/client/credentials_spec.rb +0 -47
  213. data/spec/lib/oauth/client/methods_spec.rb +0 -54
  214. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  215. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  216. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  217. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  218. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  219. data/spec/lib/oauth/client_spec.rb +0 -39
  220. data/spec/lib/oauth/code_request_spec.rb +0 -45
  221. data/spec/lib/oauth/error_response_spec.rb +0 -61
  222. data/spec/lib/oauth/error_spec.rb +0 -23
  223. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  224. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  225. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  226. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  227. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
  228. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  229. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  230. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -123
  231. data/spec/lib/oauth/scopes_spec.rb +0 -123
  232. data/spec/lib/oauth/token_request_spec.rb +0 -98
  233. data/spec/lib/oauth/token_response_spec.rb +0 -85
  234. data/spec/lib/oauth/token_spec.rb +0 -109
  235. data/spec/lib/request/strategy_spec.rb +0 -53
  236. data/spec/lib/server_spec.rb +0 -52
  237. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  238. data/spec/models/doorkeeper/access_token_spec.rb +0 -350
  239. data/spec/models/doorkeeper/application_spec.rb +0 -187
  240. data/spec/requests/applications/applications_request_spec.rb +0 -94
  241. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  242. data/spec/requests/endpoints/authorization_spec.rb +0 -72
  243. data/spec/requests/endpoints/token_spec.rb +0 -64
  244. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
  245. data/spec/requests/flows/authorization_code_spec.rb +0 -156
  246. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  247. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  248. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  249. data/spec/requests/flows/password_spec.rb +0 -94
  250. data/spec/requests/flows/refresh_token_spec.rb +0 -104
  251. data/spec/requests/flows/revoke_token_spec.rb +0 -143
  252. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  253. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  254. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  255. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  256. data/spec/routing/default_routes_spec.rb +0 -35
  257. data/spec/routing/scoped_routes_spec.rb +0 -31
  258. data/spec/spec_helper.rb +0 -2
  259. data/spec/spec_helper_integration.rb +0 -56
  260. data/spec/support/dependencies/factory_girl.rb +0 -2
  261. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  262. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  263. data/spec/support/helpers/config_helper.rb +0 -9
  264. data/spec/support/helpers/model_helper.rb +0 -45
  265. data/spec/support/helpers/request_spec_helper.rb +0 -76
  266. data/spec/support/helpers/url_helper.rb +0 -55
  267. data/spec/support/orm/active_record.rb +0 -3
  268. data/spec/support/shared/controllers_shared_context.rb +0 -60
  269. data/spec/support/shared/models_shared_examples.rb +0 -52
  270. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,54 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/core_ext/string'
3
- require 'doorkeeper/oauth/client'
4
-
5
- class Doorkeeper::OAuth::Client
6
- describe 'Methods' do
7
- let(:client_id) { 'some-uid' }
8
- let(:client_secret) { 'some-secret' }
9
-
10
- subject do
11
- Class.new do
12
- include Methods
13
- end.new
14
- end
15
-
16
- describe :from_params do
17
- it 'returns credentials from parameters when Authorization header is not available' do
18
- request = double parameters: { client_id: client_id, client_secret: client_secret }
19
- uid, secret = subject.from_params(request)
20
-
21
- expect(uid).to eq('some-uid')
22
- expect(secret).to eq('some-secret')
23
- end
24
-
25
- it 'is blank when there are no credentials' do
26
- request = double parameters: {}
27
- uid, secret = subject.from_params(request)
28
-
29
- expect(uid).to be_blank
30
- expect(secret).to be_blank
31
- end
32
- end
33
-
34
- describe :from_basic do
35
- let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
36
-
37
- it 'decodes the credentials' do
38
- request = double authorization: "Basic #{credentials}"
39
- uid, secret = subject.from_basic(request)
40
-
41
- expect(uid).to eq('some-uid')
42
- expect(secret).to eq('some-secret')
43
- end
44
-
45
- it 'is blank if Authorization is not Basic' do
46
- request = double authorization: "#{credentials}"
47
- uid, secret = subject.from_basic(request)
48
-
49
- expect(uid).to be_blank
50
- expect(secret).to be_blank
51
- end
52
- end
53
- end
54
- end
@@ -1,44 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- class Doorkeeper::OAuth::ClientCredentialsRequest
4
- describe Creator do
5
- let(:client) { FactoryGirl.create :application }
6
- let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public') }
7
-
8
- it 'creates a new token' do
9
- expect do
10
- subject.call(client, scopes)
11
- end.to change { Doorkeeper::AccessToken.count }.by(1)
12
- end
13
-
14
- context "when reuse_access_token is true" do
15
- it "returns the existing valid token" do
16
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
17
- existing_token = subject.call(client, scopes)
18
-
19
- result = subject.call(client, scopes)
20
-
21
- expect(Doorkeeper::AccessToken.count).to eq(1)
22
- expect(result).to eq(existing_token)
23
- end
24
- end
25
-
26
- context "when reuse_access_token is false" do
27
- it "returns a new token" do
28
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
29
- existing_token = subject.call(client, scopes)
30
-
31
- result = subject.call(client, scopes)
32
-
33
- expect(Doorkeeper::AccessToken.count).to eq(2)
34
- expect(result).not_to eq(existing_token)
35
- end
36
- end
37
-
38
- it 'returns false if creation fails' do
39
- expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
40
- created = subject.call(client, scopes)
41
- expect(created).to be_falsey
42
- end
43
- end
44
- end
@@ -1,86 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/all'
3
- require 'doorkeeper/oauth/client_credentials/issuer'
4
-
5
- class Doorkeeper::OAuth::ClientCredentialsRequest
6
- describe Issuer do
7
- let(:creator) { double :acces_token_creator }
8
- let(:server) do
9
- double(
10
- :server,
11
- access_token_expires_in: 100,
12
- custom_access_token_expires_in: ->(_app) { nil }
13
- )
14
- end
15
- let(:validation) { double :validation, valid?: true }
16
-
17
- subject { Issuer.new(server, validation) }
18
-
19
- describe :create do
20
- let(:client) { double :client, id: 'some-id' }
21
- let(:scopes) { 'some scope' }
22
-
23
- it 'creates and sets the token' do
24
- expect(creator).to receive(:call).and_return('token')
25
- subject.create client, scopes, creator
26
-
27
- expect(subject.token).to eq('token')
28
- end
29
-
30
- it 'creates with correct token parameters' do
31
- expect(creator).to receive(:call).with(
32
- client,
33
- scopes,
34
- expires_in: 100,
35
- use_refresh_token: false
36
- )
37
-
38
- subject.create client, scopes, creator
39
- end
40
-
41
- it 'has error set to :server_error if creator fails' do
42
- expect(creator).to receive(:call).and_return(false)
43
- subject.create client, scopes, creator
44
-
45
- expect(subject.error).to eq(:server_error)
46
- end
47
-
48
- context 'when validation fails' do
49
- before do
50
- allow(validation).to receive(:valid?).and_return(false)
51
- allow(validation).to receive(:error).and_return(:validation_error)
52
- expect(creator).not_to receive(:create)
53
- end
54
-
55
- it 'has error set from validation' do
56
- subject.create client, scopes, creator
57
- expect(subject.error).to eq(:validation_error)
58
- end
59
-
60
- it 'returns false' do
61
- expect(subject.create(client, scopes, creator)).to be_falsey
62
- end
63
- end
64
-
65
- context 'with custom expirations' do
66
- let(:custom_ttl) { 1233 }
67
- let(:server) do
68
- double(
69
- :server,
70
- custom_access_token_expires_in: ->(_app) { custom_ttl }
71
- )
72
- end
73
-
74
- it 'creates with correct token parameters' do
75
- expect(creator).to receive(:call).with(
76
- client,
77
- scopes,
78
- expires_in: custom_ttl,
79
- use_refresh_token: false
80
- )
81
- subject.create client, scopes, creator
82
- end
83
- end
84
- end
85
- end
86
- end
@@ -1,54 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/all'
3
- require 'doorkeeper/oauth/client_credentials/validation'
4
-
5
- class Doorkeeper::OAuth::ClientCredentialsRequest
6
- describe Validation do
7
- let(:server) { double :server, scopes: nil }
8
- let(:application) { double scopes: nil }
9
- let(:client) { double application: application }
10
- let(:request) { double :request, client: client, scopes: nil }
11
-
12
- subject { Validation.new(server, request) }
13
-
14
- it 'is valid with valid request' do
15
- expect(subject).to be_valid
16
- end
17
-
18
- it 'is invalid when client is not present' do
19
- allow(request).to receive(:client).and_return(nil)
20
- expect(subject).not_to be_valid
21
- end
22
-
23
- context 'with scopes' do
24
- it 'is invalid when scopes are not included in the server' do
25
- server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email'
26
- allow(server).to receive(:scopes).and_return(server_scopes)
27
- allow(request).to receive(:scopes).and_return(
28
- Doorkeeper::OAuth::Scopes.from_string 'invalid')
29
- expect(subject).not_to be_valid
30
- end
31
-
32
- context 'with application scopes' do
33
- it 'is valid when scopes are included in the application' do
34
- application_scopes = Doorkeeper::OAuth::Scopes.from_string 'app'
35
- server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email app'
36
- allow(application).to receive(:scopes).and_return(application_scopes)
37
- allow(server).to receive(:scopes).and_return(server_scopes)
38
- allow(request).to receive(:scopes).and_return(application_scopes)
39
- expect(subject).to be_valid
40
- end
41
-
42
- it 'is invalid when scopes are not included in the application' do
43
- application_scopes = Doorkeeper::OAuth::Scopes.from_string 'app'
44
- server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email app'
45
- allow(application).to receive(:scopes).and_return(application_scopes)
46
- allow(server).to receive(:scopes).and_return(server_scopes)
47
- allow(request).to receive(:scopes).and_return(
48
- Doorkeeper::OAuth::Scopes.from_string 'email')
49
- expect(subject).not_to be_valid
50
- end
51
- end
52
- end
53
- end
54
- end
@@ -1,27 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- module Doorkeeper::OAuth
4
- describe ClientCredentialsRequest do
5
- let(:server) { Doorkeeper.configuration }
6
-
7
- context 'with a valid request' do
8
- let(:client) { FactoryGirl.create :application }
9
-
10
- it 'issues an access token' do
11
- request = ClientCredentialsRequest.new(server, client, {})
12
- expect do
13
- request.authorize
14
- end.to change { Doorkeeper::AccessToken.count }.by(1)
15
- end
16
- end
17
-
18
- describe 'with an invalid request' do
19
- it 'does not issue an access token' do
20
- request = ClientCredentialsRequest.new(server, nil, {})
21
- expect do
22
- request.authorize
23
- end.to_not change { Doorkeeper::AccessToken.count }
24
- end
25
- end
26
- end
27
- end
@@ -1,104 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/all'
3
- require 'active_model'
4
- require 'doorkeeper/oauth/client_credentials_request'
5
-
6
- module Doorkeeper::OAuth
7
- describe ClientCredentialsRequest do
8
- let(:server) do
9
- double(
10
- default_scopes: nil,
11
- custom_access_token_expires_in: ->(_app) { nil }
12
- )
13
- end
14
- let(:application) { double :application, scopes: Scopes.from_string('') }
15
- let(:client) { double :client, application: application }
16
- let(:token_creator) { double :issuer, create: true, token: double }
17
-
18
- subject { ClientCredentialsRequest.new(server, client) }
19
-
20
- before do
21
- subject.issuer = token_creator
22
- end
23
-
24
- it 'issues an access token for the current client' do
25
- expect(token_creator).to receive(:create).with(client, nil)
26
- subject.authorize
27
- end
28
-
29
- it 'has successful response when issue was created' do
30
- subject.authorize
31
- expect(subject.response).to be_a(TokenResponse)
32
- end
33
-
34
- context 'if issue was not created' do
35
- before do
36
- subject.issuer = double create: false, error: :invalid
37
- end
38
-
39
- it 'has an error response' do
40
- subject.authorize
41
- expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
42
- end
43
-
44
- it 'delegates the error to issuer' do
45
- subject.authorize
46
- expect(subject.error).to eq(:invalid)
47
- end
48
- end
49
-
50
- context 'with scopes' do
51
- let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string('public email') }
52
-
53
- before do
54
- allow(server).to receive(:default_scopes).and_return(default_scopes)
55
- end
56
-
57
- it 'issues an access token with default scopes if none was requested' do
58
- expect(token_creator).to receive(:create).with(client, default_scopes)
59
- subject.authorize
60
- end
61
-
62
- it 'issues an access token with requested scopes' do
63
- subject = ClientCredentialsRequest.new(server, client, scope: 'email')
64
- subject.issuer = token_creator
65
- expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string('email'))
66
- subject.authorize
67
- end
68
- end
69
-
70
- context 'with restricted client' do
71
- let(:default_scopes) do
72
- Doorkeeper::OAuth::Scopes.from_string('public email')
73
- end
74
- let(:server_scopes) do
75
- Doorkeeper::OAuth::Scopes.from_string('public email phone')
76
- end
77
- let(:client_scopes) do
78
- Doorkeeper::OAuth::Scopes.from_string('public phone')
79
- end
80
-
81
- before do
82
- allow(server).to receive(:default_scopes).and_return(default_scopes)
83
- allow(server).to receive(:scopes).and_return(server_scopes)
84
- allow(server).to receive(:access_token_expires_in).and_return(100)
85
- allow(application).to receive(:scopes).and_return(client_scopes)
86
- allow(client).to receive(:id).and_return(nil)
87
- end
88
-
89
- it 'delegates the error to issuer if no scope was requested' do
90
- subject = ClientCredentialsRequest.new(server, client)
91
- subject.authorize
92
- expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
93
- expect(subject.error).to eq(:invalid_scope)
94
- end
95
-
96
- it 'issues an access token with requested scopes' do
97
- subject = ClientCredentialsRequest.new(server, client, scope: 'phone')
98
- subject.authorize
99
- expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
100
- expect(subject.response.token.scopes_string).to eq('phone')
101
- end
102
- end
103
- end
104
- end
@@ -1,39 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/core_ext/module/delegation'
3
- require 'active_support/core_ext/string'
4
- require 'doorkeeper/oauth/client'
5
-
6
- module Doorkeeper::OAuth
7
- describe Client do
8
- describe :find do
9
- let(:method) { double }
10
-
11
- it 'finds the client via uid' do
12
- client = double
13
- expect(method).to receive(:call).with('uid').and_return(client)
14
- expect(Client.find('uid', method)).to be_a(Client)
15
- end
16
-
17
- it 'returns nil if client was not found' do
18
- expect(method).to receive(:call).with('uid').and_return(nil)
19
- expect(Client.find('uid', method)).to be_nil
20
- end
21
- end
22
-
23
- describe :authenticate do
24
- it 'returns the authenticated client via credentials' do
25
- credentials = Client::Credentials.new('some-uid', 'some-secret')
26
- authenticator = double
27
- expect(authenticator).to receive(:call).with('some-uid', 'some-secret').and_return(double)
28
- expect(Client.authenticate(credentials, authenticator)).to be_a(Client)
29
- end
30
-
31
- it 'returns nil if client was not authenticated' do
32
- credentials = Client::Credentials.new('some-uid', 'some-secret')
33
- authenticator = double
34
- expect(authenticator).to receive(:call).with('some-uid', 'some-secret').and_return(nil)
35
- expect(Client.authenticate(credentials, authenticator)).to be_nil
36
- end
37
- end
38
- end
39
- end
@@ -1,45 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- module Doorkeeper::OAuth
4
- describe CodeRequest do
5
- let(:pre_auth) do
6
- double(
7
- :pre_auth,
8
- client: double(:application, id: 9990),
9
- redirect_uri: 'http://tst.com/cb',
10
- scopes: nil,
11
- state: nil,
12
- error: nil,
13
- authorizable?: true
14
- )
15
- end
16
-
17
- let(:owner) { double :owner, id: 8900 }
18
-
19
- subject do
20
- CodeRequest.new(pre_auth, owner)
21
- end
22
-
23
- it 'creates an access grant' do
24
- expect do
25
- subject.authorize
26
- end.to change { Doorkeeper::AccessGrant.count }.by(1)
27
- end
28
-
29
- it 'returns a code response' do
30
- expect(subject.authorize).to be_a(CodeResponse)
31
- end
32
-
33
- it 'does not create grant when not authorizable' do
34
- allow(pre_auth).to receive(:authorizable?).and_return(false)
35
- expect do
36
- subject.authorize
37
- end.to_not change { Doorkeeper::AccessGrant.count }
38
- end
39
-
40
- it 'returns a error response' do
41
- allow(pre_auth).to receive(:authorizable?).and_return(false)
42
- expect(subject.authorize).to be_a(ErrorResponse)
43
- end
44
- end
45
- end
@@ -1,61 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_model'
3
- require 'doorkeeper/oauth/error'
4
- require 'doorkeeper/oauth/error_response'
5
-
6
- module Doorkeeper::OAuth
7
- describe ErrorResponse do
8
- describe '#status' do
9
- it 'should have a status of unauthorized' do
10
- expect(subject.status).to eq(:unauthorized)
11
- end
12
- end
13
-
14
- describe :from_request do
15
- it 'has the error from request' do
16
- error = ErrorResponse.from_request double(error: :some_error)
17
- expect(error.name).to eq(:some_error)
18
- end
19
-
20
- it 'ignores state if request does not respond to state' do
21
- error = ErrorResponse.from_request double(error: :some_error)
22
- expect(error.state).to be_nil
23
- end
24
-
25
- it 'has state if request responds to state' do
26
- error = ErrorResponse.from_request double(error: :some_error, state: :hello)
27
- expect(error.state).to eq(:hello)
28
- end
29
- end
30
-
31
- it 'ignores empty error values' do
32
- subject = ErrorResponse.new(error: :some_error, state: nil)
33
- expect(subject.body).not_to have_key(:state)
34
- end
35
-
36
- describe '.body' do
37
- subject { ErrorResponse.new(name: :some_error, state: :some_state).body }
38
-
39
- describe '#body' do
40
- it { expect(subject).to have_key(:error) }
41
- it { expect(subject).to have_key(:error_description) }
42
- it { expect(subject).to have_key(:state) }
43
- end
44
- end
45
-
46
- describe '.authenticate_info' do
47
- let(:error_response) { ErrorResponse.new(name: :some_error, state: :some_state) }
48
- subject { error_response.authenticate_info }
49
-
50
- it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
51
- it { expect(subject).to include("error=\"#{error_response.name}\"") }
52
- it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
53
- end
54
-
55
- describe '.headers' do
56
- subject { ErrorResponse.new(name: :some_error, state: :some_state).headers }
57
-
58
- it { expect(subject).to include 'WWW-Authenticate' }
59
- end
60
- end
61
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/i18n'
3
- require 'doorkeeper/oauth/error'
4
-
5
- module Doorkeeper::OAuth
6
- describe Error do
7
- subject(:error) { Error.new(:some_error, :some_state) }
8
-
9
- it { expect(subject).to respond_to(:name) }
10
- it { expect(subject).to respond_to(:state) }
11
-
12
- describe :description do
13
- it 'is translated from translation messages' do
14
- expect(I18n).to receive(:translate).with(
15
- :some_error,
16
- scope: [:doorkeeper, :errors, :messages],
17
- default: :server_error
18
- )
19
- error.description
20
- end
21
- end
22
- end
23
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_model'
3
- require 'doorkeeper'
4
- require 'doorkeeper/oauth/forbidden_token_response'
5
-
6
- module Doorkeeper::OAuth
7
- describe ForbiddenTokenResponse do
8
- describe '#name' do
9
- it { expect(subject.name).to eq(:invalid_scope) }
10
- end
11
-
12
- describe '#status' do
13
- it { expect(subject.status).to eq(:forbidden) }
14
- end
15
-
16
- describe :from_scopes do
17
- it 'should have a list of acceptable scopes' do
18
- response = ForbiddenTokenResponse.from_scopes(["public"])
19
- expect(response.description).to include('public')
20
- end
21
- end
22
- end
23
- end
@@ -1,64 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/core_ext/string'
3
- require 'doorkeeper/oauth/helpers/scope_checker'
4
- require 'doorkeeper/oauth/scopes'
5
-
6
- module Doorkeeper::OAuth::Helpers
7
- describe ScopeChecker, '.valid?' do
8
- let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
9
-
10
- it 'is valid if scope is present' do
11
- server_scopes.add :scope
12
- expect(ScopeChecker.valid?('scope', server_scopes)).to be_truthy
13
- end
14
-
15
- it 'is invalid if includes tabs space' do
16
- expect(ScopeChecker.valid?("\tsomething", server_scopes)).to be_falsey
17
- end
18
-
19
- it 'is invalid if scope is not present' do
20
- expect(ScopeChecker.valid?(nil, server_scopes)).to be_falsey
21
- end
22
-
23
- it 'is invalid if scope is blank' do
24
- expect(ScopeChecker.valid?(' ', server_scopes)).to be_falsey
25
- end
26
-
27
- it 'is invalid if includes return space' do
28
- expect(ScopeChecker.valid?("scope\r", server_scopes)).to be_falsey
29
- end
30
-
31
- it 'is invalid if includes new lines' do
32
- expect(ScopeChecker.valid?("scope\nanother", server_scopes)).to be_falsey
33
- end
34
-
35
- it 'is invalid if any scope is not included in server scopes' do
36
- expect(ScopeChecker.valid?('scope another', server_scopes)).to be_falsey
37
- end
38
-
39
- context 'with application_scopes' do
40
- let(:server_scopes) do
41
- Doorkeeper::OAuth::Scopes.from_string 'common svr'
42
- end
43
- let(:application_scopes) do
44
- Doorkeeper::OAuth::Scopes.from_string 'app123'
45
- end
46
-
47
- it 'is valid if scope is included in the application scope list' do
48
- expect(ScopeChecker.valid?(
49
- 'app123',
50
- server_scopes,
51
- application_scopes
52
- )).to be_truthy
53
- end
54
-
55
- it 'is invalid if any scope is not included in the application' do
56
- expect(ScopeChecker.valid?(
57
- 'svr',
58
- server_scopes,
59
- application_scopes
60
- )).to be_falsey
61
- end
62
- end
63
- end
64
- end
@@ -1,20 +0,0 @@
1
- require 'spec_helper'
2
- require 'doorkeeper/oauth/helpers/unique_token'
3
-
4
- module Doorkeeper::OAuth::Helpers
5
- describe UniqueToken do
6
- let :generator do
7
- ->(size) { 'a' * size }
8
- end
9
-
10
- it 'is able to customize the generator method' do
11
- token = UniqueToken.generate(generator: generator)
12
- expect(token).to eq('a' * 32)
13
- end
14
-
15
- it 'is able to customize the size of the token' do
16
- token = UniqueToken.generate(generator: generator, size: 2)
17
- expect(token).to eq('aa')
18
- end
19
- end
20
- end