doorkeeper 3.1.0 → 5.6.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1079 -0
- data/README.md +114 -326
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +7 -6
- data/app/controllers/doorkeeper/application_metal_controller.rb +9 -12
- data/app/controllers/doorkeeper/applications_controller.rb +66 -21
- data/app/controllers/doorkeeper/authorizations_controller.rb +100 -18
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +23 -4
- data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
- data/app/controllers/doorkeeper/tokens_controller.rb +138 -22
- data/app/helpers/doorkeeper/dashboard_helper.rb +15 -9
- data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
- data/app/views/doorkeeper/applications/_form.html.erb +33 -21
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +40 -16
- data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +17 -11
- data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
- data/config/locales/en.yml +37 -9
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +82 -0
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +602 -142
- data/lib/doorkeeper/engine.rb +22 -7
- data/lib/doorkeeper/errors.rb +37 -10
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
- data/lib/doorkeeper/grape/helpers.rb +24 -12
- data/lib/doorkeeper/helpers/controller.rb +49 -27
- data/lib/doorkeeper/models/access_grant_mixin.rb +99 -16
- data/lib/doorkeeper/models/access_token_mixin.rb +386 -77
- data/lib/doorkeeper/models/application_mixin.rb +73 -30
- data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +4 -2
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +13 -2
- data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
- data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
- data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +72 -28
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
- data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
- data/lib/doorkeeper/oauth/base_request.rb +66 -0
- data/lib/doorkeeper/oauth/base_response.rb +31 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
- data/lib/doorkeeper/oauth/client.rb +10 -12
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +48 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +17 -9
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +14 -15
- data/lib/doorkeeper/oauth/code_request.rb +8 -12
- data/lib/doorkeeper/oauth/code_response.rb +31 -19
- data/lib/doorkeeper/oauth/error.rb +5 -3
- data/lib/doorkeeper/oauth/error_response.rb +41 -20
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +24 -19
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +55 -4
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +46 -18
- data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
- data/lib/doorkeeper/oauth/refresh_token_request.rb +67 -30
- data/lib/doorkeeper/oauth/scopes.rb +26 -12
- data/lib/doorkeeper/oauth/token.rb +28 -25
- data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
- data/lib/doorkeeper/oauth/token_request.rb +8 -21
- data/lib/doorkeeper/oauth/token_response.rb +14 -10
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
- data/lib/doorkeeper/orm/active_record/access_token.rb +5 -17
- data/lib/doorkeeper/orm/active_record/application.rb +6 -20
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +81 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +214 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
- data/lib/doorkeeper/orm/active_record.rb +36 -26
- data/lib/doorkeeper/rails/helpers.rb +14 -15
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
- data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +45 -28
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +6 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/authorization_code.rb +12 -4
- data/lib/doorkeeper/request/client_credentials.rb +3 -3
- data/lib/doorkeeper/request/code.rb +1 -1
- data/lib/doorkeeper/request/password.rb +5 -4
- data/lib/doorkeeper/request/refresh_token.rb +6 -5
- data/lib/doorkeeper/request/strategy.rb +4 -2
- data/lib/doorkeeper/request/token.rb +1 -1
- data/lib/doorkeeper/request.rb +62 -29
- data/lib/doorkeeper/secret_storing/base.rb +64 -0
- data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
- data/lib/doorkeeper/secret_storing/plain.rb +33 -0
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
- data/lib/doorkeeper/server.rb +9 -19
- data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
- data/lib/doorkeeper/validations.rb +5 -2
- data/lib/doorkeeper/version.rb +12 -1
- data/lib/doorkeeper.rb +112 -56
- data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/install_generator.rb +19 -9
- data/lib/generators/doorkeeper/migration_generator.rb +27 -10
- data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +41 -0
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +417 -32
- data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
- data/lib/generators/doorkeeper/views_generator.rb +8 -4
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +163 -280
- data/.gitignore +0 -14
- data/.hound.yml +0 -13
- data/.rspec +0 -1
- data/.travis.yml +0 -22
- data/CONTRIBUTING.md +0 -45
- data/Gemfile +0 -10
- data/NEWS.md +0 -525
- data/RELEASING.md +0 -17
- data/Rakefile +0 -20
- data/app/validators/redirect_uri_validator.rb +0 -34
- data/doorkeeper.gemspec +0 -27
- data/lib/doorkeeper/oauth/client/methods.rb +0 -18
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
- data/lib/doorkeeper/oauth/request_concern.rb +0 -48
- data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
- data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
- data/lib/generators/doorkeeper/templates/migration.rb +0 -50
- data/spec/controllers/applications_controller_spec.rb +0 -58
- data/spec/controllers/authorizations_controller_spec.rb +0 -203
- data/spec/controllers/protected_resources_controller_spec.rb +0 -271
- data/spec/controllers/token_info_controller_spec.rb +0 -52
- data/spec/controllers/tokens_controller_spec.rb +0 -88
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -9
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -57
- data/spec/dummy/config/boot.rb +0 -9
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -55
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
- data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
- data/spec/dummy/db/schema.rb +0 -66
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/factories.rb +0 -26
- data/spec/generators/application_owner_generator_spec.rb +0 -22
- data/spec/generators/install_generator_spec.rb +0 -31
- data/spec/generators/migration_generator_spec.rb +0 -20
- data/spec/generators/templates/routes.rb +0 -3
- data/spec/generators/views_generator_spec.rb +0 -27
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
- data/spec/lib/config_spec.rb +0 -317
- data/spec/lib/doorkeeper_spec.rb +0 -28
- data/spec/lib/models/expirable_spec.rb +0 -51
- data/spec/lib/models/revocable_spec.rb +0 -36
- data/spec/lib/models/scopes_spec.rb +0 -43
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
- data/spec/lib/oauth/client/credentials_spec.rb +0 -47
- data/spec/lib/oauth/client/methods_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
- data/spec/lib/oauth/client_spec.rb +0 -39
- data/spec/lib/oauth/code_request_spec.rb +0 -45
- data/spec/lib/oauth/error_response_spec.rb +0 -61
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -123
- data/spec/lib/oauth/scopes_spec.rb +0 -123
- data/spec/lib/oauth/token_request_spec.rb +0 -98
- data/spec/lib/oauth/token_response_spec.rb +0 -85
- data/spec/lib/oauth/token_spec.rb +0 -109
- data/spec/lib/request/strategy_spec.rb +0 -53
- data/spec/lib/server_spec.rb +0 -52
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
- data/spec/models/doorkeeper/access_token_spec.rb +0 -350
- data/spec/models/doorkeeper/application_spec.rb +0 -187
- data/spec/requests/applications/applications_request_spec.rb +0 -94
- data/spec/requests/applications/authorized_applications_spec.rb +0 -30
- data/spec/requests/endpoints/authorization_spec.rb +0 -72
- data/spec/requests/endpoints/token_spec.rb +0 -64
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
- data/spec/requests/flows/authorization_code_spec.rb +0 -156
- data/spec/requests/flows/client_credentials_spec.rb +0 -58
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
- data/spec/requests/flows/implicit_grant_spec.rb +0 -61
- data/spec/requests/flows/password_spec.rb +0 -94
- data/spec/requests/flows/refresh_token_spec.rb +0 -104
- data/spec/requests/flows/revoke_token_spec.rb +0 -143
- data/spec/requests/flows/skip_authorization_spec.rb +0 -59
- data/spec/requests/protected_resources/metal_spec.rb +0 -14
- data/spec/requests/protected_resources/private_api_spec.rb +0 -81
- data/spec/routing/custom_controller_routes_spec.rb +0 -71
- data/spec/routing/default_routes_spec.rb +0 -35
- data/spec/routing/scoped_routes_spec.rb +0 -31
- data/spec/spec_helper.rb +0 -2
- data/spec/spec_helper_integration.rb +0 -56
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/access_token_request_helper.rb +0 -11
- data/spec/support/helpers/authorization_request_helper.rb +0 -41
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -45
- data/spec/support/helpers/request_spec_helper.rb +0 -76
- data/spec/support/helpers/url_helper.rb +0 -55
- data/spec/support/orm/active_record.rb +0 -3
- data/spec/support/shared/controllers_shared_context.rb +0 -60
- data/spec/support/shared/models_shared_examples.rb +0 -52
- data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,98 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
module Doorkeeper::OAuth
|
4
|
-
describe TokenRequest do
|
5
|
-
let :application do
|
6
|
-
scopes = double(all: ['public'])
|
7
|
-
double(:application, id: 9990, scopes: scopes)
|
8
|
-
end
|
9
|
-
let :pre_auth do
|
10
|
-
double(
|
11
|
-
:pre_auth,
|
12
|
-
client: application,
|
13
|
-
redirect_uri: 'http://tst.com/cb',
|
14
|
-
state: nil,
|
15
|
-
scopes: Scopes.from_string('public'),
|
16
|
-
error: nil,
|
17
|
-
authorizable?: true
|
18
|
-
)
|
19
|
-
end
|
20
|
-
|
21
|
-
let :owner do
|
22
|
-
double :owner, id: 7866
|
23
|
-
end
|
24
|
-
|
25
|
-
subject do
|
26
|
-
TokenRequest.new(pre_auth, owner)
|
27
|
-
end
|
28
|
-
|
29
|
-
it 'creates an access token' do
|
30
|
-
expect do
|
31
|
-
subject.authorize
|
32
|
-
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
33
|
-
end
|
34
|
-
|
35
|
-
it 'returns a code response' do
|
36
|
-
expect(subject.authorize).to be_a(CodeResponse)
|
37
|
-
end
|
38
|
-
|
39
|
-
it 'does not create token when not authorizable' do
|
40
|
-
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
41
|
-
expect do
|
42
|
-
subject.authorize
|
43
|
-
end.to_not change { Doorkeeper::AccessToken.count }
|
44
|
-
end
|
45
|
-
|
46
|
-
it 'returns a error response' do
|
47
|
-
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
48
|
-
expect(subject.authorize).to be_a(ErrorResponse)
|
49
|
-
end
|
50
|
-
|
51
|
-
context 'with custom expirations' do
|
52
|
-
before do
|
53
|
-
Doorkeeper.configure do
|
54
|
-
orm DOORKEEPER_ORM
|
55
|
-
custom_access_token_expires_in do |_oauth_client|
|
56
|
-
1234
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
it 'should use the custom ttl' do
|
62
|
-
subject.authorize
|
63
|
-
token = Doorkeeper::AccessToken.first
|
64
|
-
expect(token.expires_in).to eq(1234)
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
context 'token reuse' do
|
69
|
-
it 'creates a new token if there are no matching tokens' do
|
70
|
-
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
71
|
-
expect do
|
72
|
-
subject.authorize
|
73
|
-
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
74
|
-
end
|
75
|
-
|
76
|
-
it 'creates a new token if scopes do not match' do
|
77
|
-
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
78
|
-
FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
|
79
|
-
resource_owner_id: owner.id, scopes: '')
|
80
|
-
expect do
|
81
|
-
subject.authorize
|
82
|
-
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
83
|
-
end
|
84
|
-
|
85
|
-
it 'skips token creation if there is a matching one' do
|
86
|
-
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
87
|
-
allow(application.scopes).to receive(:has_scopes?).and_return(true)
|
88
|
-
allow(application.scopes).to receive(:all?).and_return(true)
|
89
|
-
FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
|
90
|
-
resource_owner_id: owner.id, scopes: 'public')
|
91
|
-
|
92
|
-
expect do
|
93
|
-
subject.authorize
|
94
|
-
end.to_not change { Doorkeeper::AccessToken.count }
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
@@ -1,85 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'doorkeeper/oauth/token_response'
|
3
|
-
|
4
|
-
module Doorkeeper::OAuth
|
5
|
-
describe TokenResponse do
|
6
|
-
subject { TokenResponse.new(double.as_null_object) }
|
7
|
-
|
8
|
-
it 'includes access token response headers' do
|
9
|
-
headers = subject.headers
|
10
|
-
expect(headers.fetch('Cache-Control')).to eq('no-store')
|
11
|
-
expect(headers.fetch('Pragma')).to eq('no-cache')
|
12
|
-
end
|
13
|
-
|
14
|
-
it 'status is ok' do
|
15
|
-
expect(subject.status).to eq(:ok)
|
16
|
-
end
|
17
|
-
|
18
|
-
describe '.body' do
|
19
|
-
let(:access_token) do
|
20
|
-
double :access_token,
|
21
|
-
token: 'some-token',
|
22
|
-
expires_in: '3600',
|
23
|
-
expires_in_seconds: '300',
|
24
|
-
scopes_string: 'two scopes',
|
25
|
-
refresh_token: 'some-refresh-token',
|
26
|
-
token_type: 'bearer',
|
27
|
-
created_at: 0
|
28
|
-
end
|
29
|
-
|
30
|
-
subject { TokenResponse.new(access_token).body }
|
31
|
-
|
32
|
-
it 'includes :access_token' do
|
33
|
-
expect(subject['access_token']).to eq('some-token')
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'includes :token_type' do
|
37
|
-
expect(subject['token_type']).to eq('bearer')
|
38
|
-
end
|
39
|
-
|
40
|
-
# expires_in_seconds is returned as `expires_in` in order to match
|
41
|
-
# the OAuth spec (section 4.2.2)
|
42
|
-
it 'includes :expires_in' do
|
43
|
-
expect(subject['expires_in']).to eq('300')
|
44
|
-
end
|
45
|
-
|
46
|
-
it 'includes :scope' do
|
47
|
-
expect(subject['scope']).to eq('two scopes')
|
48
|
-
end
|
49
|
-
|
50
|
-
it 'includes :refresh_token' do
|
51
|
-
expect(subject['refresh_token']).to eq('some-refresh-token')
|
52
|
-
end
|
53
|
-
|
54
|
-
it 'includes :created_at' do
|
55
|
-
expect(subject['created_at']).to eq(0)
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
describe '.body filters out empty values' do
|
60
|
-
let(:access_token) do
|
61
|
-
double :access_token,
|
62
|
-
token: 'some-token',
|
63
|
-
expires_in_seconds: '',
|
64
|
-
scopes_string: '',
|
65
|
-
refresh_token: '',
|
66
|
-
token_type: 'bearer',
|
67
|
-
created_at: 0
|
68
|
-
end
|
69
|
-
|
70
|
-
subject { TokenResponse.new(access_token).body }
|
71
|
-
|
72
|
-
it 'includes :expires_in' do
|
73
|
-
expect(subject['expires_in']).to be_nil
|
74
|
-
end
|
75
|
-
|
76
|
-
it 'includes :scope' do
|
77
|
-
expect(subject['scope']).to be_nil
|
78
|
-
end
|
79
|
-
|
80
|
-
it 'includes :refresh_token' do
|
81
|
-
expect(subject['refresh_token']).to be_nil
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
end
|
@@ -1,109 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'active_support/core_ext/string'
|
3
|
-
require 'doorkeeper/oauth/token'
|
4
|
-
|
5
|
-
module Doorkeeper
|
6
|
-
unless defined?(AccessToken)
|
7
|
-
class AccessToken
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
module OAuth
|
12
|
-
describe Token do
|
13
|
-
describe :from_request do
|
14
|
-
let(:request) { double.as_null_object }
|
15
|
-
|
16
|
-
let(:method) do
|
17
|
-
->(request) { return 'token-value' }
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'accepts anything that responds to #call' do
|
21
|
-
expect(method).to receive(:call).with(request)
|
22
|
-
Token.from_request request, method
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'delegates methods received as symbols to Token class' do
|
26
|
-
expect(Token).to receive(:from_params).with(request)
|
27
|
-
Token.from_request request, :from_params
|
28
|
-
end
|
29
|
-
|
30
|
-
it 'stops at the first credentials found' do
|
31
|
-
not_called_method = double
|
32
|
-
expect(not_called_method).not_to receive(:call)
|
33
|
-
Token.from_request request, ->(r) {}, method, not_called_method
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'returns the credential from extractor method' do
|
37
|
-
credentials = Token.from_request request, method
|
38
|
-
expect(credentials).to eq('token-value')
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
describe :from_access_token_param do
|
43
|
-
it 'returns token from access_token parameter' do
|
44
|
-
request = double parameters: { access_token: 'some-token' }
|
45
|
-
token = Token.from_access_token_param(request)
|
46
|
-
expect(token).to eq('some-token')
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
describe :from_bearer_param do
|
51
|
-
it 'returns token from bearer_token parameter' do
|
52
|
-
request = double parameters: { bearer_token: 'some-token' }
|
53
|
-
token = Token.from_bearer_param(request)
|
54
|
-
expect(token).to eq('some-token')
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
describe :from_bearer_authorization do
|
59
|
-
it 'returns token from capitalized authorization bearer' do
|
60
|
-
request = double authorization: 'Bearer SomeToken'
|
61
|
-
token = Token.from_bearer_authorization(request)
|
62
|
-
expect(token).to eq('SomeToken')
|
63
|
-
end
|
64
|
-
|
65
|
-
it 'returns token from lowercased authorization bearer' do
|
66
|
-
request = double authorization: 'bearer SomeToken'
|
67
|
-
token = Token.from_bearer_authorization(request)
|
68
|
-
expect(token).to eq('SomeToken')
|
69
|
-
end
|
70
|
-
|
71
|
-
it 'does not return token if authorization is not bearer' do
|
72
|
-
request = double authorization: 'MAC SomeToken'
|
73
|
-
token = Token.from_bearer_authorization(request)
|
74
|
-
expect(token).to be_blank
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
describe :from_basic_authorization do
|
79
|
-
it 'returns token from capitalized authorization basic' do
|
80
|
-
request = double authorization: "Basic #{Base64.encode64 'SomeToken:'}"
|
81
|
-
token = Token.from_basic_authorization(request)
|
82
|
-
expect(token).to eq('SomeToken')
|
83
|
-
end
|
84
|
-
|
85
|
-
it 'returns token from lowercased authorization basic' do
|
86
|
-
request = double authorization: "basic #{Base64.encode64 'SomeToken:'}"
|
87
|
-
token = Token.from_basic_authorization(request)
|
88
|
-
expect(token).to eq('SomeToken')
|
89
|
-
end
|
90
|
-
|
91
|
-
it 'does not return token if authorization is not basic' do
|
92
|
-
request = double authorization: "MAC #{Base64.encode64 'SomeToken:'}"
|
93
|
-
token = Token.from_basic_authorization(request)
|
94
|
-
expect(token).to be_blank
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
describe :authenticate do
|
99
|
-
let(:finder) { double :finder }
|
100
|
-
|
101
|
-
it 'calls the finder if token was found' do
|
102
|
-
token = ->(r) { 'token' }
|
103
|
-
expect(AccessToken).to receive(:by_token).with('token')
|
104
|
-
Token.authenticate double, token
|
105
|
-
end
|
106
|
-
end
|
107
|
-
end
|
108
|
-
end
|
109
|
-
end
|
@@ -1,53 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'doorkeeper/request/strategy'
|
3
|
-
|
4
|
-
module Doorkeeper
|
5
|
-
module Request
|
6
|
-
describe Strategy do
|
7
|
-
let(:server) { double }
|
8
|
-
subject(:strategy) { Strategy.new(server) }
|
9
|
-
|
10
|
-
describe :initialize do
|
11
|
-
it "sets the server attribute" do
|
12
|
-
expect(strategy.server).to eq server
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
describe :request do
|
17
|
-
it "requires an implementation" do
|
18
|
-
expect { strategy.request }.to raise_exception NotImplementedError
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
describe "a sample Strategy subclass" do
|
23
|
-
let(:fake_request) { double }
|
24
|
-
|
25
|
-
let(:strategy_class) do
|
26
|
-
subclass = Class.new(Strategy) do
|
27
|
-
class << self
|
28
|
-
attr_accessor :fake_request
|
29
|
-
end
|
30
|
-
|
31
|
-
def request
|
32
|
-
self.class.fake_request
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
subclass.fake_request = fake_request
|
37
|
-
subclass
|
38
|
-
end
|
39
|
-
|
40
|
-
subject(:strategy) { strategy_class.new(server) }
|
41
|
-
|
42
|
-
it "provides a request implementation" do
|
43
|
-
expect(strategy.request).to eq fake_request
|
44
|
-
end
|
45
|
-
|
46
|
-
it "authorizes the request" do
|
47
|
-
expect(fake_request).to receive :authorize
|
48
|
-
strategy.authorize
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
data/spec/lib/server_spec.rb
DELETED
@@ -1,52 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'active_support/all'
|
3
|
-
require 'doorkeeper/errors'
|
4
|
-
require 'doorkeeper/server'
|
5
|
-
|
6
|
-
describe Doorkeeper::Server do
|
7
|
-
let(:fake_class) { double :fake_class }
|
8
|
-
|
9
|
-
subject do
|
10
|
-
described_class.new
|
11
|
-
end
|
12
|
-
|
13
|
-
describe '.authorization_request' do
|
14
|
-
it 'raises error when strategy does not exist' do
|
15
|
-
expect do
|
16
|
-
subject.authorization_request(:duh)
|
17
|
-
end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'raises error when strategy does not match phase' do
|
21
|
-
expect do
|
22
|
-
subject.token_request(:code)
|
23
|
-
end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
|
24
|
-
end
|
25
|
-
|
26
|
-
context 'when only Authorization Code strategy is enabled' do
|
27
|
-
before do
|
28
|
-
allow(Doorkeeper.configuration).
|
29
|
-
to receive(:grant_flows).
|
30
|
-
and_return(['authorization_code'])
|
31
|
-
end
|
32
|
-
|
33
|
-
it 'raises error when using the disabled Implicit strategy' do
|
34
|
-
expect do
|
35
|
-
subject.authorization_request(:token)
|
36
|
-
end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
|
37
|
-
end
|
38
|
-
|
39
|
-
it 'raises error when using the disabled Client Credentials strategy' do
|
40
|
-
expect do
|
41
|
-
subject.token_request(:client_credentials)
|
42
|
-
end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
it 'builds the request with selected strategy' do
|
47
|
-
stub_const 'Doorkeeper::Request::Code', fake_class
|
48
|
-
expect(fake_class).to receive(:new).with(subject)
|
49
|
-
subject.authorization_request :code
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
describe Doorkeeper::AccessGrant do
|
4
|
-
subject { FactoryGirl.build(:access_grant) }
|
5
|
-
|
6
|
-
it { expect(subject).to be_valid }
|
7
|
-
|
8
|
-
it_behaves_like 'an accessible token'
|
9
|
-
it_behaves_like 'a revocable token'
|
10
|
-
it_behaves_like 'a unique token' do
|
11
|
-
let(:factory_name) { :access_grant }
|
12
|
-
end
|
13
|
-
|
14
|
-
describe 'validations' do
|
15
|
-
it 'is invalid without resource_owner_id' do
|
16
|
-
subject.resource_owner_id = nil
|
17
|
-
expect(subject).not_to be_valid
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'is invalid without application_id' do
|
21
|
-
subject.application_id = nil
|
22
|
-
expect(subject).not_to be_valid
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'is invalid without token' do
|
26
|
-
subject.save
|
27
|
-
subject.token = nil
|
28
|
-
expect(subject).not_to be_valid
|
29
|
-
end
|
30
|
-
|
31
|
-
it 'is invalid without expires_in' do
|
32
|
-
subject.expires_in = nil
|
33
|
-
expect(subject).not_to be_valid
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|