doorkeeper 3.1.0 → 5.6.2

data/spec/models/doorkeeper/access_token_spec.rb

@@ -1,350 +0,0 @@
-require 'spec_helper_integration'
-
-module Doorkeeper
-  describe AccessToken do
-    subject { FactoryGirl.build(:access_token) }
-
-    it { expect(subject).to be_valid }
-
-    it_behaves_like 'an accessible token'
-    it_behaves_like 'a revocable token'
-    it_behaves_like 'a unique token' do
-      let(:factory_name) { :access_token }
-    end
-
-    describe :generate_token do
-      it 'generates a token using the default method' do
-        FactoryGirl.create :access_token
-
-        token = FactoryGirl.create :access_token
-        expect(token.token).to be_a(String)
-      end
-
-      it 'generates a token using a custom object' do
-        module CustomGeneratorArgs
-          def self.generate(opts = {})
-            "custom_generator_token_#{opts[:resource_owner_id]}"
-          end
-        end
-
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          access_token_generator "Doorkeeper::CustomGeneratorArgs"
-        end
-
-        token = FactoryGirl.create :access_token
-        expect(token.token).to match(%r{custom_generator_token_\d+})
-      end
-
-      it 'allows the custom generator to access the application details' do
-        module CustomGeneratorArgs
-          def self.generate(opts = {})
-            "custom_generator_token_#{opts[:application].name}"
-          end
-        end
-
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          access_token_generator "Doorkeeper::CustomGeneratorArgs"
-        end
-
-        token = FactoryGirl.create :access_token
-        expect(token.token).to match(%r{custom_generator_token_Application \d+})
-      end
-
-      it 'allows the custom generator to access the scopes' do
-        module CustomGeneratorArgs
-          def self.generate(opts = {})
-            "custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
-          end
-        end
-
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          access_token_generator "Doorkeeper::CustomGeneratorArgs"
-        end
-
-        token = FactoryGirl.create :access_token, scopes: 'public write'
-
-        expect(token.token).to eq 'custom_generator_token_2_public write'
-      end
-
-      it 'allows the custom generator to access the expiry length' do
-        module CustomGeneratorArgs
-          def self.generate(opts = {})
-            "custom_generator_token_#{opts[:expires_in]}"
-          end
-        end
-
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          access_token_generator "Doorkeeper::CustomGeneratorArgs"
-        end
-
-        token = FactoryGirl.create :access_token
-        expect(token.token).to eq 'custom_generator_token_7200'
-      end
-
-      it 'raises an error if the custom object does not support generate' do
-        module NoGenerate
-        end
-
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          access_token_generator "Doorkeeper::NoGenerate"
-        end
-
-        expect { FactoryGirl.create :access_token }.to(
-          raise_error(Doorkeeper::Errors::UnableToGenerateToken))
-      end
-
-      it 'raises an error if the custom object does not exist' do
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          access_token_generator "Doorkeeper::NotReal"
-        end
-
-        expect { FactoryGirl.create :access_token }.to(
-          raise_error(Doorkeeper::Errors::TokenGeneratorNotFound))
-      end
-    end
-
-    describe :refresh_token do
-      it 'has empty refresh token if it was not required' do
-        token = FactoryGirl.create :access_token
-        expect(token.refresh_token).to be_nil
-      end
-
-      it 'generates a refresh token if it was requested' do
-        token = FactoryGirl.create :access_token, use_refresh_token: true
-        expect(token.refresh_token).not_to be_nil
-      end
-
-      it 'is not valid if token exists' do
-        token1 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2.refresh_token = token1.refresh_token
-        expect(token2).not_to be_valid
-      end
-
-      it 'expects database to raise an error if refresh tokens are the same' do
-        token1 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2 = FactoryGirl.create :access_token, use_refresh_token: true
-        expect do
-          token2.refresh_token = token1.refresh_token
-          token2.save(validate: false)
-        end.to raise_error(ActiveRecord::RecordNotUnique)
-      end
-    end
-
-    describe 'validations' do
-      it 'is valid without resource_owner_id' do
-        # For client credentials flow
-        subject.resource_owner_id = nil
-        expect(subject).to be_valid
-      end
-    end
-
-    describe '#same_credential?' do
-
-      context 'with default parameters' do
-
-        let(:resource_owner_id) { 100 }
-        let(:application)    { FactoryGirl.create :application }
-        let(:default_attributes) do
-          { application: application, resource_owner_id: resource_owner_id }
-        end
-        let(:access_token1) { FactoryGirl.create :access_token, default_attributes }
-
-        context 'the second token has the same owner and same app' do
-          let(:access_token2) { FactoryGirl.create :access_token, default_attributes }
-          it 'success' do
-            expect(access_token1.same_credential?(access_token2)).to be_truthy
-          end
-        end
-
-        context 'the second token has same owner and different app' do
-          let(:other_application) { FactoryGirl.create :application }
-          let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: resource_owner_id }
-
-          it 'fail' do
-            expect(access_token1.same_credential?(access_token2)).to be_falsey
-          end
-        end
-
-        context 'the second token has different owner and different app' do
-
-          let(:other_application) { FactoryGirl.create :application }
-          let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: 42 }
-
-          it 'fail' do
-            expect(access_token1.same_credential?(access_token2)).to be_falsey
-          end
-        end
-
-        context 'the second token has different owner and same app' do
-          let(:access_token2) { FactoryGirl.create :access_token, application: application, resource_owner_id: 42 }
-
-          it 'fail' do
-            expect(access_token1.same_credential?(access_token2)).to be_falsey
-          end
-        end
-      end
-    end
-
-    describe '#acceptable?' do
-      context 'a token that is not accessible' do
-        let(:token) { FactoryGirl.create(:access_token, created_at: 6.hours.ago) }
-
-        it 'should return false' do
-          expect(token.acceptable?(nil)).to be false
-        end
-      end
-
-      context 'a token that has the incorrect scopes' do
-        let(:token) { FactoryGirl.create(:access_token) }
-
-        it 'should return false' do
-          expect(token.acceptable?(['public'])).to be false
-        end
-      end
-
-      context 'a token is acceptable with the correct scopes' do
-        let(:token) do
-          token = FactoryGirl.create(:access_token)
-          token[:scopes] = 'public'
-          token
-        end
-
-        it 'should return true' do
-          expect(token.acceptable?(['public'])).to be true
-        end
-      end
-    end
-
-    describe '.revoke_all_for' do
-      let(:resource_owner) { double(id: 100) }
-      let(:application)    { FactoryGirl.create :application }
-      let(:default_attributes) do
-        { application: application, resource_owner_id: resource_owner.id }
-      end
-
-      it 'revokes all tokens for given application and resource owner' do
-        FactoryGirl.create :access_token, default_attributes
-        AccessToken.revoke_all_for application.id, resource_owner
-        AccessToken.all.each do |token|
-          expect(token).to be_revoked
-        end
-      end
-
-      it 'matches application' do
-        FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
-        AccessToken.revoke_all_for application.id, resource_owner
-        expect(AccessToken.all).not_to be_empty
-      end
-
-      it 'matches resource owner' do
-        FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 90)
-        AccessToken.revoke_all_for application.id, resource_owner
-        expect(AccessToken.all).not_to be_empty
-      end
-    end
-
-    describe '.matching_token_for' do
-      let(:resource_owner_id) { 100 }
-      let(:application)       { FactoryGirl.create :application }
-      let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public write') }
-      let(:default_attributes) do
-        {
-          application: application,
-          resource_owner_id: resource_owner_id,
-          scopes: scopes.to_s
-        }
-      end
-
-      it 'returns only one token' do
-        token = FactoryGirl.create :access_token, default_attributes
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to eq(token)
-      end
-
-      it 'accepts resource owner as object' do
-        resource_owner = double(to_key: true, id: 100)
-        token = FactoryGirl.create :access_token, default_attributes
-        last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
-        expect(last_token).to eq(token)
-      end
-
-      it 'accepts nil as resource owner' do
-        token = FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: nil)
-        last_token = AccessToken.matching_token_for(application, nil, scopes)
-        expect(last_token).to eq(token)
-      end
-
-      it 'excludes revoked tokens' do
-        FactoryGirl.create :access_token, default_attributes.merge(revoked_at: 1.day.ago)
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to be_nil
-      end
-
-      it 'matches the application' do
-        FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to be_nil
-      end
-
-      it 'matches the resource owner' do
-        FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 2)
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to be_nil
-      end
-
-      it 'matches token with fewer scopes' do
-        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public')
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to be_nil
-      end
-
-      it 'matches token with different scopes' do
-        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public email')
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to be_nil
-      end
-
-      it 'matches token with more scopes' do
-        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public write email')
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to be_nil
-      end
-
-      it 'matches application scopes' do
-        application = FactoryGirl.create :application, scopes: "private read"
-        FactoryGirl.create :access_token, default_attributes.merge(
-          application: application
-        )
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to be_nil
-      end
-
-      it 'returns the last created token' do
-        FactoryGirl.create :access_token, default_attributes.merge(created_at: 1.day.ago)
-        token = FactoryGirl.create :access_token, default_attributes
-        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to eq(token)
-      end
-
-      it 'returns as_json hash' do
-        token = FactoryGirl.create :access_token, default_attributes
-        token_hash = {
-          resource_owner_id:  token.resource_owner_id,
-          scopes:             token.scopes,
-          expires_in_seconds: token.expires_in_seconds,
-          application:        { uid: token.application.uid },
-          created_at:         token.created_at.to_i,
-        }
-        expect(token.as_json).to eq token_hash
-      end
-    end
-
-  end
-end

data/spec/models/doorkeeper/application_spec.rb

@@ -1,187 +0,0 @@
-require 'spec_helper_integration'
-
-module Doorkeeper
-  describe Application do
-    let(:require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', true) }
-    let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', false) }
-    let(:new_application) { FactoryGirl.build(:application) }
-
-    let(:uid) { SecureRandom.hex(8) }
-    let(:secret) { SecureRandom.hex(8) }
-
-    context 'application_owner is enabled' do
-      before do
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          enable_application_owner
-        end
-      end
-
-      context 'application owner is not required' do
-        before(:each) do
-          unset_require_owner
-        end
-
-        it 'is valid given valid attributes' do
-          expect(new_application).to be_valid
-        end
-      end
-
-      context 'application owner is required' do
-        before(:each) do
-          require_owner
-          @owner = FactoryGirl.build_stubbed(:user)
-        end
-
-        it 'is invalid without an owner' do
-          expect(new_application).not_to be_valid
-        end
-
-        it 'is valid with an owner' do
-          new_application.owner = @owner
-          expect(new_application).to be_valid
-        end
-      end
-    end
-
-    it 'is invalid without a name' do
-      new_application.name = nil
-      expect(new_application).not_to be_valid
-    end
-
-    it 'generates uid on create' do
-      expect(new_application.uid).to be_nil
-      new_application.save
-      expect(new_application.uid).not_to be_nil
-    end
-
-    it 'generates uid on create if an empty string' do
-      new_application.uid = ''
-      new_application.save
-      expect(new_application.uid).not_to be_blank
-    end
-
-    it 'generates uid on create unless one is set' do
-      new_application.uid = uid
-      new_application.save
-      expect(new_application.uid).to eq(uid)
-    end
-
-    it 'is invalid without uid' do
-      new_application.save
-      new_application.uid = nil
-      expect(new_application).not_to be_valid
-    end
-
-    it 'is invalid without redirect_uri' do
-      new_application.save
-      new_application.redirect_uri = nil
-      expect(new_application).not_to be_valid
-    end
-
-    it 'checks uniqueness of uid' do
-      app1 = FactoryGirl.create(:application)
-      app2 = FactoryGirl.create(:application)
-      app2.uid = app1.uid
-      expect(app2).not_to be_valid
-    end
-
-    it 'expects database to throw an error when uids are the same' do
-      app1 = FactoryGirl.create(:application)
-      app2 = FactoryGirl.create(:application)
-      app2.uid = app1.uid
-      expect { app2.save!(validate: false) }.to raise_error(ActiveRecord::RecordNotUnique)
-    end
-
-    it 'generate secret on create' do
-      expect(new_application.secret).to be_nil
-      new_application.save
-      expect(new_application.secret).not_to be_nil
-    end
-
-    it 'generate secret on create if is blank string' do
-      new_application.secret = ''
-      new_application.save
-      expect(new_application.secret).not_to be_blank
-    end
-
-    it 'generate secret on create unless one is set' do
-      new_application.secret = secret
-      new_application.save
-      expect(new_application.secret).to eq(secret)
-    end
-
-    it 'is invalid without secret' do
-      new_application.save
-      new_application.secret = nil
-      expect(new_application).not_to be_valid
-    end
-
-    describe 'destroy related models on cascade' do
-      before(:each) do
-        new_application.save
-      end
-
-      it 'should destroy its access grants' do
-        FactoryGirl.create(:access_grant, application: new_application)
-        expect { new_application.destroy }.to change { Doorkeeper::AccessGrant.count }.by(-1)
-      end
-
-      it 'should destroy its access tokens' do
-        FactoryGirl.create(:access_token, application: new_application)
-        FactoryGirl.create(:access_token, application: new_application, revoked_at: Time.now)
-        expect do
-          new_application.destroy
-        end.to change { Doorkeeper::AccessToken.count }.by(-2)
-      end
-    end
-
-    describe :authorized_for do
-      let(:resource_owner) { double(:resource_owner, id: 10) }
-
-      it 'is empty if the application is not authorized for anyone' do
-        expect(Application.authorized_for(resource_owner)).to be_empty
-      end
-
-      it 'returns only application for a specific resource owner' do
-        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id + 1)
-        token = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
-        expect(Application.authorized_for(resource_owner)).to eq([token.application])
-      end
-
-      it 'excludes revoked tokens' do
-        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, revoked_at: 2.days.ago)
-        expect(Application.authorized_for(resource_owner)).to be_empty
-      end
-
-      it 'returns all applications that have been authorized' do
-        token1 = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
-        token2 = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
-        expect(Application.authorized_for(resource_owner)).to eq([token1.application, token2.application])
-      end
-
-      it 'returns only one application even if it has been authorized twice' do
-        application = FactoryGirl.create(:application)
-        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, application: application)
-        FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, application: application)
-        expect(Application.authorized_for(resource_owner)).to eq([application])
-      end
-
-      it 'should fail to mass assign a new application', if: ::Rails::VERSION::MAJOR < 4 do
-        mass_assign = { name: 'Something',
-                        redirect_uri: 'http://somewhere.com/something',
-                        uid: 123,
-                        secret: 'something' }
-        expect(Application.create(mass_assign).uid).not_to eq(123)
-      end
-    end
-
-    describe :authenticate do
-      it 'finds the application via uid/secret' do
-        app = FactoryGirl.create :application
-        authenticated = Application.by_uid_and_secret(app.uid, app.secret)
-        expect(authenticated).to eq(app)
-      end
-    end
-  end
-end

data/spec/requests/applications/applications_request_spec.rb

@@ -1,94 +0,0 @@
-require 'spec_helper_integration'
-
-feature 'Adding applications' do
-  context 'in application form' do
-    background do
-      visit '/oauth/applications/new'
-    end
-
-    scenario 'adding a valid app' do
-      fill_in 'doorkeeper_application[name]', with: 'My Application'
-      fill_in 'doorkeeper_application[redirect_uri]',
-              with: 'https://example.com'
-
-      click_button 'Submit'
-      i_should_see 'Application created'
-      i_should_see 'My Application'
-    end
-
-    scenario 'adding invalid app' do
-      click_button 'Submit'
-      i_should_see 'Whoops! Check your form for possible errors'
-    end
-  end
-end
-
-feature 'Listing applications' do
-  background do
-    FactoryGirl.create :application, name: 'Oauth Dude'
-    FactoryGirl.create :application, name: 'Awesome App'
-  end
-
-  scenario 'application list' do
-    visit '/oauth/applications'
-    i_should_see 'Awesome App'
-    i_should_see 'Oauth Dude'
-  end
-end
-
-feature 'Show application' do
-  given :app do
-    FactoryGirl.create :application, name: 'Just another oauth app'
-  end
-
-  scenario 'visiting application page' do
-    visit "/oauth/applications/#{app.id}"
-    i_should_see 'Just another oauth app'
-  end
-end
-
-feature 'Edit application' do
-  let :app do
-    FactoryGirl.create :application, name: 'OMG my app'
-  end
-
-  background do
-    visit "/oauth/applications/#{app.id}/edit"
-  end
-
-  scenario 'updating a valid app' do
-    fill_in 'doorkeeper_application[name]', with: 'Serious app'
-    click_button 'Submit'
-    i_should_see 'Application updated'
-    i_should_see 'Serious app'
-    i_should_not_see 'OMG my app'
-  end
-
-  scenario 'updating an invalid app' do
-    fill_in 'doorkeeper_application[name]', with: ''
-    click_button 'Submit'
-    i_should_see 'Whoops! Check your form for possible errors'
-  end
-end
-
-feature 'Remove application' do
-  background do
-    @app = FactoryGirl.create :application
-  end
-
-  scenario 'deleting an application from list' do
-    visit '/oauth/applications'
-    i_should_see @app.name
-    within(:css, "tr#application_#{@app.id}") do
-      click_button 'Destroy'
-    end
-    i_should_see 'Application deleted'
-    i_should_not_see @app.name
-  end
-
-  scenario 'deleting an application from show' do
-    visit "/oauth/applications/#{@app.id}"
-    click_button 'Destroy'
-    i_should_see 'Application deleted'
-  end
-end

data/spec/requests/applications/authorized_applications_spec.rb

@@ -1,30 +0,0 @@
-require 'spec_helper_integration'
-
-feature 'Authorized applications' do
-  background do
-    @user   = User.create!(name: 'Joe', password: 'sekret')
-    @client = client_exists(name: 'Amazing Client App')
-    resource_owner_is_authenticated @user
-    client_is_authorized @client, @user
-  end
-
-  scenario 'display user\'s authorized applications' do
-    visit '/oauth/authorized_applications'
-    i_should_see 'Amazing Client App'
-  end
-
-  scenario 'do not display other user\'s authorized applications' do
-    client = client_exists(name: 'Another Client App')
-    client_is_authorized client, User.create!(name: 'Joe', password: 'sekret')
-    visit '/oauth/authorized_applications'
-    i_should_not_see 'Another Client App'
-  end
-
-  scenario 'user revoke access to application' do
-    visit '/oauth/authorized_applications'
-    i_should_see 'Amazing Client App'
-    click_on 'Revoke'
-    i_should_see 'Application revoked'
-    i_should_not_see 'Amazing Client App'
-  end
-end