doorkeeper 3.1.0 → 5.6.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (270) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1079 -0
  3. data/README.md +114 -326
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +7 -6
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +9 -12
  7. data/app/controllers/doorkeeper/applications_controller.rb +66 -21
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +100 -18
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +23 -4
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +138 -22
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +15 -9
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +17 -11
  22. data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
  23. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  24. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  25. data/config/locales/en.yml +37 -9
  26. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  27. data/lib/doorkeeper/config/option.rb +82 -0
  28. data/lib/doorkeeper/config/validations.rb +53 -0
  29. data/lib/doorkeeper/config.rb +602 -142
  30. data/lib/doorkeeper/engine.rb +22 -7
  31. data/lib/doorkeeper/errors.rb +37 -10
  32. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  33. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  34. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  35. data/lib/doorkeeper/grant_flow.rb +45 -0
  36. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  37. data/lib/doorkeeper/grape/helpers.rb +24 -12
  38. data/lib/doorkeeper/helpers/controller.rb +49 -27
  39. data/lib/doorkeeper/models/access_grant_mixin.rb +99 -16
  40. data/lib/doorkeeper/models/access_token_mixin.rb +386 -77
  41. data/lib/doorkeeper/models/application_mixin.rb +73 -30
  42. data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
  43. data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
  44. data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
  45. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  46. data/lib/doorkeeper/models/concerns/ownership.rb +4 -2
  47. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  48. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  49. data/lib/doorkeeper/models/concerns/revocable.rb +13 -2
  50. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  51. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  52. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  53. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  54. data/lib/doorkeeper/oauth/authorization/token.rb +72 -28
  55. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
  56. data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
  57. data/lib/doorkeeper/oauth/base_request.rb +66 -0
  58. data/lib/doorkeeper/oauth/base_response.rb +31 -0
  59. data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
  60. data/lib/doorkeeper/oauth/client.rb +10 -12
  61. data/lib/doorkeeper/oauth/client_credentials/creator.rb +48 -4
  62. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +17 -9
  63. data/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
  64. data/lib/doorkeeper/oauth/client_credentials_request.rb +14 -15
  65. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  66. data/lib/doorkeeper/oauth/code_response.rb +31 -19
  67. data/lib/doorkeeper/oauth/error.rb +5 -3
  68. data/lib/doorkeeper/oauth/error_response.rb +41 -20
  69. data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
  70. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +24 -19
  71. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  72. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +55 -4
  73. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  74. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  75. data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
  76. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  77. data/lib/doorkeeper/oauth/password_access_token_request.rb +46 -18
  78. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  79. data/lib/doorkeeper/oauth/refresh_token_request.rb +67 -30
  80. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  81. data/lib/doorkeeper/oauth/token.rb +28 -25
  82. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  83. data/lib/doorkeeper/oauth/token_request.rb +8 -21
  84. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  85. data/lib/doorkeeper/oauth.rb +13 -0
  86. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  87. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -17
  88. data/lib/doorkeeper/orm/active_record/application.rb +6 -20
  89. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  90. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +81 -0
  91. data/lib/doorkeeper/orm/active_record/mixins/application.rb +214 -0
  92. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  93. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  94. data/lib/doorkeeper/orm/active_record.rb +36 -26
  95. data/lib/doorkeeper/rails/helpers.rb +14 -15
  96. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  97. data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
  98. data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
  99. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  100. data/lib/doorkeeper/rails/routes.rb +45 -28
  101. data/lib/doorkeeper/rake/db.rake +40 -0
  102. data/lib/doorkeeper/rake/setup.rake +6 -0
  103. data/lib/doorkeeper/rake.rb +14 -0
  104. data/lib/doorkeeper/request/authorization_code.rb +12 -4
  105. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  106. data/lib/doorkeeper/request/code.rb +1 -1
  107. data/lib/doorkeeper/request/password.rb +5 -4
  108. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  109. data/lib/doorkeeper/request/strategy.rb +4 -2
  110. data/lib/doorkeeper/request/token.rb +1 -1
  111. data/lib/doorkeeper/request.rb +62 -29
  112. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  113. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  114. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  115. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  116. data/lib/doorkeeper/server.rb +9 -19
  117. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  118. data/lib/doorkeeper/validations.rb +5 -2
  119. data/lib/doorkeeper/version.rb +12 -1
  120. data/lib/doorkeeper.rb +112 -56
  121. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  122. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  123. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  124. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  125. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  126. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  127. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +41 -0
  128. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  129. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  130. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +13 -0
  131. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  132. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  133. data/lib/generators/doorkeeper/templates/initializer.rb +417 -32
  134. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  135. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  136. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  137. metadata +163 -280
  138. data/.gitignore +0 -14
  139. data/.hound.yml +0 -13
  140. data/.rspec +0 -1
  141. data/.travis.yml +0 -22
  142. data/CONTRIBUTING.md +0 -45
  143. data/Gemfile +0 -10
  144. data/NEWS.md +0 -525
  145. data/RELEASING.md +0 -17
  146. data/Rakefile +0 -20
  147. data/app/validators/redirect_uri_validator.rb +0 -34
  148. data/doorkeeper.gemspec +0 -27
  149. data/lib/doorkeeper/oauth/client/methods.rb +0 -18
  150. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  151. data/lib/doorkeeper/oauth/request_concern.rb +0 -48
  152. data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
  153. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  154. data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
  155. data/lib/generators/doorkeeper/templates/migration.rb +0 -50
  156. data/spec/controllers/applications_controller_spec.rb +0 -58
  157. data/spec/controllers/authorizations_controller_spec.rb +0 -203
  158. data/spec/controllers/protected_resources_controller_spec.rb +0 -271
  159. data/spec/controllers/token_info_controller_spec.rb +0 -52
  160. data/spec/controllers/tokens_controller_spec.rb +0 -88
  161. data/spec/dummy/Rakefile +0 -7
  162. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  163. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  164. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  165. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  166. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  167. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  168. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  169. data/spec/dummy/app/models/user.rb +0 -9
  170. data/spec/dummy/app/views/home/index.html.erb +0 -0
  171. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  172. data/spec/dummy/config/application.rb +0 -57
  173. data/spec/dummy/config/boot.rb +0 -9
  174. data/spec/dummy/config/database.yml +0 -15
  175. data/spec/dummy/config/environment.rb +0 -5
  176. data/spec/dummy/config/environments/development.rb +0 -29
  177. data/spec/dummy/config/environments/production.rb +0 -62
  178. data/spec/dummy/config/environments/test.rb +0 -55
  179. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  180. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  181. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  182. data/spec/dummy/config/initializers/session_store.rb +0 -8
  183. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  184. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  185. data/spec/dummy/config/routes.rb +0 -52
  186. data/spec/dummy/config.ru +0 -4
  187. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  188. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  189. data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
  190. data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
  191. data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
  192. data/spec/dummy/db/schema.rb +0 -66
  193. data/spec/dummy/public/404.html +0 -26
  194. data/spec/dummy/public/422.html +0 -26
  195. data/spec/dummy/public/500.html +0 -26
  196. data/spec/dummy/public/favicon.ico +0 -0
  197. data/spec/dummy/script/rails +0 -6
  198. data/spec/factories.rb +0 -26
  199. data/spec/generators/application_owner_generator_spec.rb +0 -22
  200. data/spec/generators/install_generator_spec.rb +0 -31
  201. data/spec/generators/migration_generator_spec.rb +0 -20
  202. data/spec/generators/templates/routes.rb +0 -3
  203. data/spec/generators/views_generator_spec.rb +0 -27
  204. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  205. data/spec/lib/config_spec.rb +0 -317
  206. data/spec/lib/doorkeeper_spec.rb +0 -28
  207. data/spec/lib/models/expirable_spec.rb +0 -51
  208. data/spec/lib/models/revocable_spec.rb +0 -36
  209. data/spec/lib/models/scopes_spec.rb +0 -43
  210. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
  211. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  212. data/spec/lib/oauth/client/credentials_spec.rb +0 -47
  213. data/spec/lib/oauth/client/methods_spec.rb +0 -54
  214. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  215. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  216. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  217. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  218. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  219. data/spec/lib/oauth/client_spec.rb +0 -39
  220. data/spec/lib/oauth/code_request_spec.rb +0 -45
  221. data/spec/lib/oauth/error_response_spec.rb +0 -61
  222. data/spec/lib/oauth/error_spec.rb +0 -23
  223. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  224. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  225. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  226. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  227. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
  228. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  229. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  230. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -123
  231. data/spec/lib/oauth/scopes_spec.rb +0 -123
  232. data/spec/lib/oauth/token_request_spec.rb +0 -98
  233. data/spec/lib/oauth/token_response_spec.rb +0 -85
  234. data/spec/lib/oauth/token_spec.rb +0 -109
  235. data/spec/lib/request/strategy_spec.rb +0 -53
  236. data/spec/lib/server_spec.rb +0 -52
  237. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  238. data/spec/models/doorkeeper/access_token_spec.rb +0 -350
  239. data/spec/models/doorkeeper/application_spec.rb +0 -187
  240. data/spec/requests/applications/applications_request_spec.rb +0 -94
  241. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  242. data/spec/requests/endpoints/authorization_spec.rb +0 -72
  243. data/spec/requests/endpoints/token_spec.rb +0 -64
  244. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
  245. data/spec/requests/flows/authorization_code_spec.rb +0 -156
  246. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  247. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  248. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  249. data/spec/requests/flows/password_spec.rb +0 -94
  250. data/spec/requests/flows/refresh_token_spec.rb +0 -104
  251. data/spec/requests/flows/revoke_token_spec.rb +0 -143
  252. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  253. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  254. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  255. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  256. data/spec/routing/default_routes_spec.rb +0 -35
  257. data/spec/routing/scoped_routes_spec.rb +0 -31
  258. data/spec/spec_helper.rb +0 -2
  259. data/spec/spec_helper_integration.rb +0 -56
  260. data/spec/support/dependencies/factory_girl.rb +0 -2
  261. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  262. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  263. data/spec/support/helpers/config_helper.rb +0 -9
  264. data/spec/support/helpers/model_helper.rb +0 -45
  265. data/spec/support/helpers/request_spec_helper.rb +0 -76
  266. data/spec/support/helpers/url_helper.rb +0 -55
  267. data/spec/support/orm/active_record.rb +0 -3
  268. data/spec/support/shared/controllers_shared_context.rb +0 -60
  269. data/spec/support/shared/models_shared_examples.rb +0 -52
  270. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,72 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- feature 'Authorization endpoint' do
4
- background do
5
- config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
6
- client_exists(name: 'MyApp')
7
- end
8
-
9
- scenario 'requires resource owner to be authenticated' do
10
- visit authorization_endpoint_url(client: @client)
11
- i_should_see 'Sign in'
12
- i_should_be_on '/'
13
- end
14
-
15
- context 'with authenticated resource owner' do
16
- background do
17
- create_resource_owner
18
- sign_in
19
- end
20
-
21
- scenario 'displays the authorization form' do
22
- visit authorization_endpoint_url(client: @client)
23
- i_should_see 'Authorize MyApp to use your account?'
24
- end
25
-
26
- scenario 'displays all requested scopes' do
27
- default_scopes_exist :public
28
- optional_scopes_exist :write
29
- visit authorization_endpoint_url(client: @client, scope: 'public write')
30
- i_should_see 'Access your public data'
31
- i_should_see 'Update your data'
32
- end
33
- end
34
-
35
- context 'with a invalid request' do
36
- background do
37
- create_resource_owner
38
- sign_in
39
- end
40
-
41
- scenario 'displays the related error' do
42
- visit authorization_endpoint_url(client: @client, response_type: '')
43
- i_should_not_see 'Authorize'
44
- i_should_see_translated_error_message :unsupported_response_type
45
- end
46
-
47
- scenario "displays unsupported_response_type error when using a disabled response type" do
48
- config_is_set(:grant_flows, ['implicit'])
49
- visit authorization_endpoint_url(client: @client, response_type: 'code')
50
- i_should_not_see "Authorize"
51
- i_should_see_translated_error_message :unsupported_response_type
52
- end
53
- end
54
-
55
- context 'forgery protection enabled' do
56
- background do
57
- create_resource_owner
58
- sign_in
59
- end
60
-
61
- scenario 'raises exception on forged requests' do
62
- skip 'TODO: need to add request helpers to this feature spec'
63
- allow_any_instance_of(ActionController::Base).to receive(:handle_unverified_request)
64
- allowing_forgery_protection do
65
- post "/oauth/authorize",
66
- client_id: @client.uid,
67
- redirect_uri: @client.redirect_uri,
68
- response_type: 'code'
69
- end
70
- end
71
- end
72
- end
@@ -1,64 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Token endpoint' do
4
- before do
5
- client_exists
6
- authorization_code_exists application: @client, scopes: 'public'
7
- end
8
-
9
- it 'respond with correct headers' do
10
- post token_endpoint_url(code: @authorization.token, client: @client)
11
- should_have_header 'Pragma', 'no-cache'
12
- should_have_header 'Cache-Control', 'no-store'
13
- should_have_header 'Content-Type', 'application/json; charset=utf-8'
14
- end
15
-
16
- it 'accepts client credentials with basic auth header' do
17
- post token_endpoint_url(
18
- code: @authorization.token,
19
- redirect_uri: @client.redirect_uri
20
- ), {}, 'HTTP_AUTHORIZATION' => basic_auth_header_for_client(@client)
21
-
22
- should_have_json 'access_token', Doorkeeper::AccessToken.first.token
23
- end
24
-
25
- it 'returns null for expires_in when a permanent token is set' do
26
- config_is_set(:access_token_expires_in, nil)
27
- post token_endpoint_url(code: @authorization.token, client: @client)
28
- should_have_json 'access_token', Doorkeeper::AccessToken.first.token
29
- should_not_have_json 'expires_in'
30
- end
31
-
32
- it 'returns unsupported_grant_type for invalid grant_type param' do
33
- post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'nothing')
34
-
35
- should_not_have_json 'access_token'
36
- should_have_json 'error', 'unsupported_grant_type'
37
- should_have_json 'error_description', translated_error_message('unsupported_grant_type')
38
- end
39
-
40
- it 'returns unsupported_grant_type for disabled grant flows' do
41
- config_is_set(:grant_flows, ['implicit'])
42
- post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'authorization_code')
43
-
44
- should_not_have_json 'access_token'
45
- should_have_json 'error', 'unsupported_grant_type'
46
- should_have_json 'error_description', translated_error_message('unsupported_grant_type')
47
- end
48
-
49
- it 'returns unsupported_grant_type when refresh_token is not in use' do
50
- post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'refresh_token')
51
-
52
- should_not_have_json 'access_token'
53
- should_have_json 'error', 'unsupported_grant_type'
54
- should_have_json 'error_description', translated_error_message('unsupported_grant_type')
55
- end
56
-
57
- it 'returns invalid_request if grant_type is missing' do
58
- post token_endpoint_url(code: @authorization.token, client: @client, grant_type: '')
59
-
60
- should_not_have_json 'access_token'
61
- should_have_json 'error', 'invalid_request'
62
- should_have_json 'error_description', translated_error_message('invalid_request')
63
- end
64
- end
@@ -1,66 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- feature 'Authorization Code Flow Errors' do
4
- background do
5
- config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
6
- client_exists
7
- create_resource_owner
8
- sign_in
9
- end
10
-
11
- after do
12
- access_grant_should_not_exist
13
- end
14
-
15
- context 'when access was denied' do
16
- scenario 'redirects with error' do
17
- visit authorization_endpoint_url(client: @client)
18
- click_on 'Deny'
19
-
20
- i_should_be_on_client_callback @client
21
- url_should_not_have_param 'code'
22
- url_should_have_param 'error', 'access_denied'
23
- url_should_have_param 'error_description', translated_error_message(:access_denied)
24
- end
25
-
26
- scenario 'redirects with state parameter' do
27
- visit authorization_endpoint_url(client: @client, state: 'return-this')
28
- click_on 'Deny'
29
-
30
- i_should_be_on_client_callback @client
31
- url_should_not_have_param 'code'
32
- url_should_have_param 'state', 'return-this'
33
- end
34
- end
35
- end
36
-
37
- describe 'Authorization Code Flow Errors', 'after authorization' do
38
- before do
39
- client_exists
40
- authorization_code_exists application: @client
41
- end
42
-
43
- it 'returns :invalid_grant error when posting an already revoked grant code' do
44
- # First successful request
45
- post token_endpoint_url(code: @authorization.token, client: @client)
46
-
47
- # Second attempt with same token
48
- expect do
49
- post token_endpoint_url(code: @authorization.token, client: @client)
50
- end.to_not change { Doorkeeper::AccessToken.count }
51
-
52
- should_not_have_json 'access_token'
53
- should_have_json 'error', 'invalid_grant'
54
- should_have_json 'error_description', translated_error_message('invalid_grant')
55
- end
56
-
57
- it 'returns :invalid_grant error for invalid grant code' do
58
- post token_endpoint_url(code: 'invalid', client: @client)
59
-
60
- access_token_should_not_exist
61
-
62
- should_not_have_json 'access_token'
63
- should_have_json 'error', 'invalid_grant'
64
- should_have_json 'error_description', translated_error_message('invalid_grant')
65
- end
66
- end
@@ -1,156 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- feature 'Authorization Code Flow' do
4
- background do
5
- config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
6
- client_exists
7
- create_resource_owner
8
- sign_in
9
- end
10
-
11
- scenario 'resource owner authorizes the client' do
12
- visit authorization_endpoint_url(client: @client)
13
- click_on 'Authorize'
14
-
15
- access_grant_should_exist_for(@client, @resource_owner)
16
-
17
- i_should_be_on_client_callback(@client)
18
-
19
- url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
20
- url_should_not_have_param('state')
21
- url_should_not_have_param('error')
22
- end
23
-
24
- scenario 'resource owner authorizes using test url' do
25
- @client.redirect_uri = Doorkeeper.configuration.native_redirect_uri
26
- @client.save!
27
- visit authorization_endpoint_url(client: @client)
28
- click_on 'Authorize'
29
-
30
- access_grant_should_exist_for(@client, @resource_owner)
31
-
32
- i_should_see 'Authorization code:'
33
- i_should_see Doorkeeper::AccessGrant.first.token
34
- end
35
-
36
- scenario 'resource owner authorizes the client with state parameter set' do
37
- visit authorization_endpoint_url(client: @client, state: 'return-me')
38
- click_on 'Authorize'
39
- url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
40
- url_should_have_param('state', 'return-me')
41
- end
42
-
43
- scenario 'resource owner requests an access token with authorization code' do
44
- skip 'TODO: need to add request helpers to this feature spec'
45
-
46
- visit authorization_endpoint_url(client: @client)
47
- click_on 'Authorize'
48
-
49
- authorization_code = Doorkeeper::AccessGrant.first.token
50
- post token_endpoint_url(code: authorization_code, client: @client)
51
-
52
- access_token_should_exist_for(@client, @resource_owner)
53
-
54
- should_not_have_json 'error'
55
-
56
- should_have_json 'access_token', Doorkeeper::AccessToken.first.token
57
- should_have_json 'token_type', 'bearer'
58
- should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
59
- end
60
-
61
- context 'with scopes' do
62
- background do
63
- default_scopes_exist :public
64
- optional_scopes_exist :write
65
- end
66
-
67
- scenario 'resource owner authorizes the client with default scopes' do
68
- visit authorization_endpoint_url(client: @client)
69
- click_on 'Authorize'
70
- access_grant_should_exist_for(@client, @resource_owner)
71
- access_grant_should_have_scopes :public
72
- end
73
-
74
- scenario 'resource owner authorizes the client with required scopes' do
75
- visit authorization_endpoint_url(client: @client, scope: 'public write')
76
- click_on 'Authorize'
77
- access_grant_should_have_scopes :public, :write
78
- end
79
-
80
- scenario 'resource owner authorizes the client with required scopes (without defaults)' do
81
- visit authorization_endpoint_url(client: @client, scope: 'write')
82
- click_on 'Authorize'
83
- access_grant_should_have_scopes :write
84
- end
85
-
86
- scenario 'new access token matches required scopes' do
87
- skip 'TODO: need to add request helpers to this feature spec'
88
-
89
- visit authorization_endpoint_url(client: @client, scope: 'public write')
90
- click_on 'Authorize'
91
-
92
- authorization_code = Doorkeeper::AccessGrant.first.token
93
- post token_endpoint_url(code: authorization_code, client: @client)
94
-
95
- access_token_should_exist_for(@client, @resource_owner)
96
- access_token_should_have_scopes :public, :write
97
- end
98
-
99
- scenario 'returns new token if scopes have changed' do
100
- skip 'TODO: need to add request helpers to this feature spec'
101
-
102
- client_is_authorized(@client, @resource_owner, scopes: 'public write')
103
- visit authorization_endpoint_url(client: @client, scope: 'public')
104
- click_on 'Authorize'
105
-
106
- authorization_code = Doorkeeper::AccessGrant.first.token
107
- post token_endpoint_url(code: authorization_code, client: @client)
108
-
109
- expect(Doorkeeper::AccessToken.count).to be(2)
110
-
111
- should_have_json 'access_token', Doorkeeper::AccessToken.last.token
112
- end
113
-
114
- scenario 'resource owner authorizes the client with extra scopes' do
115
- skip 'TODO: need to add request helpers to this feature spec'
116
-
117
- client_is_authorized(@client, @resource_owner, scopes: 'public')
118
- visit authorization_endpoint_url(client: @client, scope: 'public write')
119
- click_on 'Authorize'
120
-
121
- authorization_code = Doorkeeper::AccessGrant.first.token
122
- post token_endpoint_url(code: authorization_code, client: @client)
123
-
124
- expect(Doorkeeper::AccessToken.count).to be(2)
125
-
126
- should_have_json 'access_token', Doorkeeper::AccessToken.last.token
127
- access_token_should_have_scopes :public, :write
128
- end
129
- end
130
- end
131
-
132
- describe 'Authorization Code Flow' do
133
- before do
134
- Doorkeeper.configure do
135
- orm DOORKEEPER_ORM
136
- use_refresh_token
137
- end
138
- client_exists
139
- end
140
-
141
- context 'issuing a refresh token' do
142
- before do
143
- authorization_code_exists application: @client
144
- end
145
-
146
- it 'second of simultaneous client requests get an error for revoked acccess token' do
147
- authorization_code = Doorkeeper::AccessGrant.first.token
148
- allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:revoked?).and_return(false, true)
149
-
150
- post token_endpoint_url(code: authorization_code, client: @client)
151
-
152
- should_not_have_json 'access_token'
153
- should_have_json 'error', 'invalid_grant'
154
- end
155
- end
156
- end
@@ -1,58 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Client Credentials Request' do
4
- let(:client) { FactoryGirl.create :application }
5
-
6
- context 'a valid request' do
7
- it 'authorizes the client and returns the token response' do
8
- headers = authorization client.uid, client.secret
9
- params = { grant_type: 'client_credentials' }
10
-
11
- post '/oauth/token', params, headers
12
-
13
- should_have_json 'access_token', Doorkeeper::AccessToken.first.token
14
- should_have_json_within 'expires_in', Doorkeeper.configuration.access_token_expires_in, 1
15
- should_not_have_json 'scope'
16
- should_not_have_json 'refresh_token'
17
-
18
- should_not_have_json 'error'
19
- should_not_have_json 'error_description'
20
- end
21
-
22
- context 'with scopes' do
23
- before do
24
- optional_scopes_exist :write
25
- end
26
-
27
- it 'adds the scope to the token an returns in the response' do
28
- headers = authorization client.uid, client.secret
29
- params = { grant_type: 'client_credentials', scope: 'write' }
30
-
31
- post '/oauth/token', params, headers
32
-
33
- should_have_json 'access_token', Doorkeeper::AccessToken.first.token
34
- should_have_json 'scope', 'write'
35
- end
36
- end
37
- end
38
-
39
- context 'an invalid request' do
40
- it 'does not authorize the client and returns the error' do
41
- headers = {}
42
- params = { grant_type: 'client_credentials' }
43
-
44
- post '/oauth/token', params, headers
45
-
46
- should_have_json 'error', 'invalid_client'
47
- should_have_json 'error_description', translated_error_message(:invalid_client)
48
- should_not_have_json 'access_token'
49
-
50
- expect(response.status).to eq(401)
51
- end
52
- end
53
-
54
- def authorization(username, password)
55
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials username, password
56
- { 'HTTP_AUTHORIZATION' => credentials }
57
- end
58
- end
@@ -1,32 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- feature 'Implicit Grant Flow Errors' do
4
- background do
5
- config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
6
- config_is_set(:grant_flows, ["implicit"])
7
- client_exists
8
- create_resource_owner
9
- sign_in
10
- end
11
-
12
- after do
13
- access_token_should_not_exist
14
- end
15
-
16
- [
17
- [:client_id, :invalid_client],
18
- [:redirect_uri, :invalid_redirect_uri]
19
- ].each do |error|
20
- scenario "displays #{error.last.inspect} error for invalid #{error.first.inspect}" do
21
- visit authorization_endpoint_url(client: @client, error.first => 'invalid', response_type: 'token')
22
- i_should_not_see 'Authorize'
23
- i_should_see_translated_error_message error.last
24
- end
25
-
26
- scenario "displays #{error.last.inspect} error when #{error.first.inspect} is missing" do
27
- visit authorization_endpoint_url(client: @client, error.first => '', response_type: 'token')
28
- i_should_not_see 'Authorize'
29
- i_should_see_translated_error_message error.last
30
- end
31
- end
32
- end
@@ -1,61 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- feature 'Implicit Grant Flow (feature spec)' do
4
- background do
5
- config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
6
- config_is_set(:grant_flows, ["implicit"])
7
- client_exists
8
- create_resource_owner
9
- sign_in
10
- end
11
-
12
- scenario 'resource owner authorizes the client' do
13
- visit authorization_endpoint_url(client: @client, response_type: 'token')
14
- click_on 'Authorize'
15
-
16
- access_token_should_exist_for @client, @resource_owner
17
-
18
- i_should_be_on_client_callback @client
19
- end
20
- end
21
-
22
- describe 'Implicit Grant Flow (request spec)' do
23
- before do
24
- config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
25
- config_is_set(:grant_flows, ["implicit"])
26
- client_exists
27
- create_resource_owner
28
- end
29
-
30
- context 'token reuse' do
31
- it 'should return a new token each request' do
32
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
33
-
34
- token = client_is_authorized(@client, @resource_owner)
35
-
36
- post "/oauth/authorize",
37
- client_id: @client.uid,
38
- state: '',
39
- redirect_uri: @client.redirect_uri,
40
- response_type: 'token',
41
- commit: 'Authorize'
42
-
43
- expect(response.location).not_to include(token.token)
44
- end
45
-
46
- it 'should return the same token if it is still accessible' do
47
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
48
-
49
- token = client_is_authorized(@client, @resource_owner)
50
-
51
- post "/oauth/authorize",
52
- client_id: @client.uid,
53
- state: '',
54
- redirect_uri: @client.redirect_uri,
55
- response_type: 'token',
56
- commit: 'Authorize'
57
-
58
- expect(response.location).to include(token.token)
59
- end
60
- end
61
- end
@@ -1,94 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Resource Owner Password Credentials Flow not set up' do
4
- before do
5
- client_exists
6
- create_resource_owner
7
- end
8
-
9
- context 'with valid user credentials' do
10
- it 'doesn\'t issue new token' do
11
- expect do
12
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
13
- end.to_not change { Doorkeeper::AccessToken.count }
14
- end
15
- end
16
- end
17
-
18
- describe 'Resource Owner Password Credentials Flow' do
19
- before do
20
- config_is_set(:grant_flows, ["password"])
21
- config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
22
- client_exists
23
- create_resource_owner
24
- end
25
-
26
- context 'with valid user credentials' do
27
- it 'should issue new token' do
28
- expect do
29
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
30
- end.to change { Doorkeeper::AccessToken.count }.by(1)
31
-
32
- token = Doorkeeper::AccessToken.first
33
-
34
- should_have_json 'access_token', token.token
35
- end
36
-
37
- it 'should issue new token without client credentials' do
38
- expect do
39
- post password_token_endpoint_url(resource_owner: @resource_owner)
40
- end.to change { Doorkeeper::AccessToken.count }.by(1)
41
-
42
- token = Doorkeeper::AccessToken.first
43
-
44
- should_have_json 'access_token', token.token
45
- end
46
-
47
- it 'should issue a refresh token if enabled' do
48
- config_is_set(:refresh_token_enabled, true)
49
-
50
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
51
-
52
- token = Doorkeeper::AccessToken.first
53
-
54
- should_have_json 'refresh_token', token.refresh_token
55
- end
56
-
57
- it 'should return the same token if it is still accessible' do
58
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
59
-
60
- client_is_authorized(@client, @resource_owner)
61
-
62
- post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
63
-
64
- expect(Doorkeeper::AccessToken.count).to be(1)
65
- should_have_json 'access_token', Doorkeeper::AccessToken.first.token
66
- end
67
- end
68
-
69
- context 'with invalid user credentials' do
70
- it 'should not issue new token with bad password' do
71
- expect do
72
- post password_token_endpoint_url(client: @client,
73
- resource_owner_username: @resource_owner.name,
74
- resource_owner_password: 'wrongpassword')
75
- end.to_not change { Doorkeeper::AccessToken.count }
76
- end
77
-
78
- it 'should not issue new token without credentials' do
79
- expect do
80
- post password_token_endpoint_url(client: @client)
81
- end.to_not change { Doorkeeper::AccessToken.count }
82
- end
83
- end
84
-
85
- context 'with invalid client credentials' do
86
- it 'should not issue new token with bad client credentials' do
87
- expect do
88
- post password_token_endpoint_url(client_id: @client.uid,
89
- client_secret: 'bad_secret',
90
- resource_owner: @resource_owner)
91
- end.to_not change { Doorkeeper::AccessToken.count }
92
- end
93
- end
94
- end