doorkeeper 3.1.0 → 5.6.2

data/spec/requests/flows/refresh_token_spec.rb

@@ -1,104 +0,0 @@
-require 'spec_helper_integration'
-
-describe 'Refresh Token Flow' do
-  before do
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-      use_refresh_token
-    end
-    client_exists
-  end
-
-  context 'issuing a refresh token' do
-    before do
-      authorization_code_exists application: @client
-    end
-
-    it 'client gets the refresh token and refreshses it' do
-      post token_endpoint_url(code: @authorization.token, client: @client)
-
-      token = Doorkeeper::AccessToken.first
-
-      should_have_json 'access_token',  token.token
-      should_have_json 'refresh_token', token.refresh_token
-
-      expect(@authorization.reload).to be_revoked
-
-      post refresh_token_endpoint_url(client: @client, refresh_token: token.refresh_token)
-
-      new_token = Doorkeeper::AccessToken.last
-      should_have_json 'access_token',  new_token.token
-      should_have_json 'refresh_token', new_token.refresh_token
-
-      expect(token.token).not_to         eq(new_token.token)
-      expect(token.refresh_token).not_to eq(new_token.refresh_token)
-    end
-  end
-
-  context 'refreshing the token' do
-    before do
-      @token = FactoryGirl.create(:access_token, application: @client, resource_owner_id: 1, use_refresh_token: true)
-    end
-
-    it 'client request a token with refresh token' do
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
-      should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
-      expect(@token.reload).to be_revoked
-    end
-
-    it 'client request a token with expired access token' do
-      @token.update_attribute :expires_in, -100
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
-      should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
-      expect(@token.reload).to be_revoked
-    end
-
-    it 'client gets an error for invalid refresh token' do
-      post refresh_token_endpoint_url(client: @client, refresh_token: 'invalid')
-      should_not_have_json 'refresh_token'
-      should_have_json 'error', 'invalid_grant'
-    end
-
-    it 'client gets an error for revoked acccess token' do
-      @token.revoke
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
-      should_not_have_json 'refresh_token'
-      should_have_json 'error', 'invalid_grant'
-    end
-
-    it 'second of simultaneous client requests get an error for revoked acccess token' do
-      allow_any_instance_of(Doorkeeper::AccessToken).to receive(:revoked?).and_return(false, true)
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
-
-      should_not_have_json 'refresh_token'
-      should_have_json 'error', 'invalid_request'
-    end
-  end
-
-  context 'refreshing the token with multiple sessions (devices)' do
-    before do
-      # enable password auth to simulate other devices
-      config_is_set(:grant_flows, ["password"])
-      config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
-      create_resource_owner
-      _another_token = post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
-      last_token.update_attribute :created_at, 5.seconds.ago
-
-      @token = FactoryGirl.create(:access_token, application: @client, resource_owner_id: @resource_owner.id, use_refresh_token: true)
-      @token.update_attribute :expires_in, -100
-    end
-
-    it 'client request a token after creating another token with the same user' do
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
-
-      should_have_json 'refresh_token', last_token.refresh_token
-      expect(@token.reload).to be_revoked
-    end
-
-    def last_token
-      Doorkeeper::AccessToken.last_authorized_token_for(
-        @client.id, @resource_owner.id
-      )
-    end
-  end
-end

data/spec/requests/flows/revoke_token_spec.rb

@@ -1,143 +0,0 @@
-require 'spec_helper_integration'
-
-describe 'Revoke Token Flow' do
-  before do
-    Doorkeeper.configure { orm DOORKEEPER_ORM }
-  end
-
-  context 'with default parameters' do
-    let(:client_application) { FactoryGirl.create :application }
-    let(:resource_owner) { User.create!(name: 'John', password: 'sekret') }
-    let(:authorization_access_token) do
-      FactoryGirl.create(:access_token,
-                         application: client_application,
-                         resource_owner_id: resource_owner.id,
-                         use_refresh_token: true)
-    end
-    let(:headers) { { 'HTTP_AUTHORIZATION' => "Bearer #{authorization_access_token.token}" } }
-
-    context 'With invalid token to revoke' do
-      it 'client wants to revoke the given access token' do
-        post revocation_token_endpoint_url, { token: 'I_AM_AN_INVALIDE_TOKEN' }, headers
-
-        authorization_access_token.reload
-        # The authorization server responds with HTTP status code 200 if the token
-        # has been revoked successfully or if the client submitted an invalid token.
-        expect(response).to be_success
-        expect(authorization_access_token).to_not be_revoked
-      end
-    end
-
-    context 'The access token to revoke is the same than the authorization access token' do
-      let(:token_to_revoke) { authorization_access_token }
-
-      it 'client wants to revoke the given access token' do
-        post revocation_token_endpoint_url, { token: token_to_revoke.token }, headers
-
-        token_to_revoke.reload
-        authorization_access_token.reload
-
-        expect(response).to be_success
-        expect(token_to_revoke.revoked?).to be_truthy
-        expect(Doorkeeper::AccessToken.by_refresh_token(token_to_revoke.refresh_token).revoked?).to be_truthy
-      end
-
-      it 'client wants to revoke the given access token using the POST query string' do
-        url_with_query_string = revocation_token_endpoint_url + '?' + Rack::Utils.build_query(token: token_to_revoke.token)
-        post url_with_query_string, {}, headers
-
-        token_to_revoke.reload
-        authorization_access_token.reload
-
-        expect(response).to be_success
-        expect(token_to_revoke.revoked?).to be_falsey
-        expect(Doorkeeper::AccessToken.by_refresh_token(token_to_revoke.refresh_token).revoked?).to be_falsey
-        expect(authorization_access_token.revoked?).to be_falsey
-      end
-    end
-
-    context 'The access token to revoke app and owners are the same than the authorization access token' do
-      let(:token_to_revoke) do
-        FactoryGirl.create(:access_token,
-                           application: client_application,
-                           resource_owner_id: resource_owner.id,
-                           use_refresh_token: true)
-      end
-
-      it 'client wants to revoke the given access token' do
-        post revocation_token_endpoint_url, { token: token_to_revoke.token }, headers
-
-        token_to_revoke.reload
-        authorization_access_token.reload
-
-        expect(response).to be_success
-        expect(token_to_revoke.revoked?).to be_truthy
-        expect(Doorkeeper::AccessToken.by_refresh_token(token_to_revoke.refresh_token).revoked?).to be_truthy
-        expect(authorization_access_token.revoked?).to be_falsey
-      end
-    end
-
-    context 'The access token to revoke authorization owner is the same than the authorization access token' do
-      let(:other_client_application) { FactoryGirl.create :application }
-      let(:token_to_revoke) do
-        FactoryGirl.create(:access_token,
-                           application: other_client_application,
-                           resource_owner_id: resource_owner.id,
-                           use_refresh_token: true)
-      end
-
-      it 'client wants to revoke the given access token' do
-        post revocation_token_endpoint_url, { token: token_to_revoke.token }, headers
-
-        token_to_revoke.reload
-        authorization_access_token.reload
-
-        expect(response).to be_success
-        expect(token_to_revoke.revoked?).to be_falsey
-        expect(Doorkeeper::AccessToken.by_refresh_token(token_to_revoke.refresh_token).revoked?).to be_falsey
-        expect(authorization_access_token.revoked?).to be_falsey
-      end
-    end
-
-    context 'The access token to revoke app is the same than the authorization access token' do
-      let(:other_resource_owner) { User.create!(name: 'Matheo', password: 'pareto') }
-      let(:token_to_revoke) do
-        FactoryGirl.create(:access_token,
-                           application: client_application,
-                           resource_owner_id: other_resource_owner.id,
-                           use_refresh_token: true)
-      end
-
-      it 'client wants to revoke the given access token' do
-        post revocation_token_endpoint_url, { token: token_to_revoke.token }, headers
-
-        token_to_revoke.reload
-        authorization_access_token.reload
-
-        expect(response).to be_success
-        expect(token_to_revoke.revoked?).to be_falsey
-        expect(Doorkeeper::AccessToken.by_refresh_token(token_to_revoke.refresh_token).revoked?).to be_falsey
-        expect(authorization_access_token.revoked?).to be_falsey
-      end
-    end
-
-    context 'With valid refresh token to revoke' do
-      let(:token_to_revoke) do
-        FactoryGirl.create(:access_token,
-                           application: client_application,
-                           resource_owner_id: resource_owner.id,
-                           use_refresh_token: true)
-      end
-
-      it 'client wants to revoke the given refresh token' do
-        post revocation_token_endpoint_url, { token: token_to_revoke.refresh_token, token_type_hint: 'refresh_token' }, headers
-        authorization_access_token.reload
-        token_to_revoke.reload
-
-        expect(response).to be_success
-        expect(Doorkeeper::AccessToken.by_refresh_token(token_to_revoke.refresh_token).revoked?).to be_truthy
-        expect(authorization_access_token).to_not be_revoked
-      end
-    end
-  end
-end

data/spec/requests/flows/skip_authorization_spec.rb

@@ -1,59 +0,0 @@
-require 'spec_helper_integration'
-
-feature 'Skip authorization form' do
-  background do
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
-    client_exists
-    default_scopes_exist  :public
-    optional_scopes_exist :write
-  end
-
-  context 'for previously authorized clients' do
-    background do
-      create_resource_owner
-      sign_in
-    end
-
-    scenario 'skips the authorization and return a new grant code' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public')
-      visit authorization_endpoint_url(client: @client)
-
-      i_should_not_see 'Authorize'
-      client_should_be_authorized @client
-      i_should_be_on_client_callback @client
-      url_should_have_param 'code', Doorkeeper::AccessGrant.first.token
-    end
-
-    scenario 'does not skip authorization when scopes differ (new request has fewer scopes)' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public write')
-      visit authorization_endpoint_url(client: @client, scope: 'public')
-      i_should_see 'Authorize'
-    end
-
-    scenario 'does not skip authorization when scopes differ (new request has more scopes)' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public write')
-      visit authorization_endpoint_url(client: @client, scopes: 'public write email')
-      i_should_see 'Authorize'
-    end
-
-    scenario 'creates grant with new scope when scopes differ' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public write')
-      visit authorization_endpoint_url(client: @client, scope: 'public')
-      click_on 'Authorize'
-      access_grant_should_have_scopes :public
-    end
-
-    scenario 'doesn not skip authorization when scopes are greater' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public')
-      visit authorization_endpoint_url(client: @client, scope: 'public write')
-      i_should_see 'Authorize'
-    end
-
-    scenario 'creates grant with new scope when scopes are greater' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public')
-      visit authorization_endpoint_url(client: @client, scope: 'public write')
-      click_on 'Authorize'
-      access_grant_should_have_scopes :public, :write
-    end
-  end
-end

data/spec/requests/protected_resources/metal_spec.rb

@@ -1,14 +0,0 @@
-require 'spec_helper_integration'
-
-describe 'ActionController::Metal API' do
-  before do
-    @client   = FactoryGirl.create(:application)
-    @resource = User.create!(name: 'Joe', password: 'sekret')
-    @token    = client_is_authorized(@client, @resource)
-  end
-
-  it 'client requests protected resource with valid token' do
-    get "/metal.json?access_token=#{@token.token}"
-    should_have_json 'ok', true
-  end
-end

data/spec/requests/protected_resources/private_api_spec.rb

@@ -1,81 +0,0 @@
-require 'spec_helper_integration'
-
-feature 'Private API' do
-  background do
-    @client   = FactoryGirl.create(:application)
-    @resource = User.create!(name: 'Joe', password: 'sekret')
-    @token    = client_is_authorized(@client, @resource)
-  end
-
-  scenario 'client requests protected resource with valid token' do
-    with_access_token_header @token.token
-    visit '/full_protected_resources'
-    expect(page.body).to have_content('index')
-  end
-
-  scenario 'client requests protected resource with disabled header authentication' do
-    config_is_set :access_token_methods, [:from_access_token_param]
-    with_access_token_header @token.token
-    visit '/full_protected_resources'
-    response_status_should_be 401
-  end
-
-  scenario 'client attempts to request protected resource with invalid token' do
-    with_access_token_header 'invalid'
-    visit '/full_protected_resources'
-    response_status_should_be 401
-  end
-
-  scenario 'client attempts to request protected resource with expired token' do
-    @token.update_attribute :expires_in, -100 # expires token
-    with_access_token_header @token.token
-    visit '/full_protected_resources'
-    response_status_should_be 401
-  end
-
-  scenario 'client requests protected resource with permanent token' do
-    @token.update_attribute :expires_in, nil # never expires
-    with_access_token_header @token.token
-    visit '/full_protected_resources'
-    expect(page.body).to have_content('index')
-  end
-
-  scenario 'access token with no default scopes' do
-    Doorkeeper.configuration.instance_eval {
-      @default_scopes = Doorkeeper::OAuth::Scopes.from_array([:public])
-      @scopes = default_scopes + optional_scopes
-    }
-    @token.update_attribute :scopes, 'dummy'
-    with_access_token_header @token.token
-    visit '/full_protected_resources'
-    response_status_should_be 403
-  end
-
-  scenario 'access token with no allowed scopes' do
-    @token.update_attribute :scopes, nil
-    with_access_token_header @token.token
-    visit '/full_protected_resources/1.json'
-    response_status_should_be 403
-  end
-
-  scenario 'access token with one of allowed scopes' do
-    @token.update_attribute :scopes, 'admin'
-    with_access_token_header @token.token
-    visit '/full_protected_resources/1.json'
-    expect(page.body).to have_content('show')
-  end
-
-  scenario 'access token with another of allowed scopes' do
-    @token.update_attribute :scopes, 'write'
-    with_access_token_header @token.token
-    visit '/full_protected_resources/1.json'
-    expect(page.body).to have_content('show')
-  end
-
-  scenario 'access token with both allowed scopes' do
-    @token.update_attribute :scopes, 'write admin'
-    with_access_token_header @token.token
-    visit '/full_protected_resources/1.json'
-    expect(page.body).to have_content('show')
-  end
-end

data/spec/routing/custom_controller_routes_spec.rb

@@ -1,71 +0,0 @@
-require 'spec_helper_integration'
-
-describe 'Custom controller for routes' do
-  it 'GET /space/scope/authorize routes to custom authorizations controller' do
-    expect(get('/inner_space/scope/authorize')).to route_to('custom_authorizations#new')
-  end
-
-  it 'POST /space/scope/authorize routes to custom authorizations controller' do
-    expect(post('/inner_space/scope/authorize')).to route_to('custom_authorizations#create')
-  end
-
-  it 'DELETE /space/scope/authorize routes to custom authorizations controller' do
-    expect(delete('/inner_space/scope/authorize')).to route_to('custom_authorizations#destroy')
-  end
-
-  it 'POST /space/scope/token routes to tokens controller' do
-    expect(post('/inner_space/scope/token')).to route_to('custom_authorizations#create')
-  end
-
-  it 'GET /space/scope/applications routes to applications controller' do
-    expect(get('/inner_space/scope/applications')).to route_to('custom_authorizations#index')
-  end
-
-  it 'GET /space/scope/token/info routes to the token_info controller' do
-    expect(get('/inner_space/scope/token/info')).to route_to('custom_authorizations#show')
-  end
-
-  it 'GET /space/oauth/authorize routes to custom authorizations controller' do
-    expect(get('/space/oauth/authorize')).to route_to('custom_authorizations#new')
-  end
-
-  it 'POST /space/oauth/authorize routes to custom authorizations controller' do
-    expect(post('/space/oauth/authorize')).to route_to('custom_authorizations#create')
-  end
-
-  it 'DELETE /space/oauth/authorize routes to custom authorizations controller' do
-    expect(delete('/space/oauth/authorize')).to route_to('custom_authorizations#destroy')
-  end
-
-  it 'POST /space/oauth/token routes to tokens controller' do
-    expect(post('/space/oauth/token')).to route_to('custom_authorizations#create')
-  end
-
-  it 'POST /space/oauth/revoke routes to tokens controller' do
-    expect(post('/space/oauth/revoke')).to route_to('custom_authorizations#revoke')
-  end
-
-  it 'GET /space/oauth/applications routes to applications controller' do
-    expect(get('/space/oauth/applications')).to route_to('custom_authorizations#index')
-  end
-
-  it 'GET /space/oauth/token/info routes to the token_info controller' do
-    expect(get('/space/oauth/token/info')).to route_to('custom_authorizations#show')
-  end
-
-  it 'POST /outer_space/oauth/token is not be routable' do
-    expect(post('/outer_space/oauth/token')).not_to be_routable
-  end
-
-  it 'GET /outer_space/oauth/authorize routes to custom authorizations controller' do
-    expect(get('/outer_space/oauth/authorize')).to be_routable
-  end
-
-  it 'GET /outer_space/oauth/applications is not routable' do
-    expect(get('/outer_space/oauth/applications')).not_to be_routable
-  end
-
-  it 'GET /outer_space/oauth/token_info is not routable' do
-    expect(get('/outer_space/oauth/token/info')).not_to be_routable
-  end
-end

data/spec/routing/default_routes_spec.rb

@@ -1,35 +0,0 @@
-require 'spec_helper_integration'
-
-describe 'Default routes' do
-  it 'GET /oauth/authorize routes to authorizations controller' do
-    expect(get('/oauth/authorize')).to route_to('doorkeeper/authorizations#new')
-  end
-
-  it 'POST /oauth/authorize routes to authorizations controller' do
-    expect(post('/oauth/authorize')).to route_to('doorkeeper/authorizations#create')
-  end
-
-  it 'DELETE /oauth/authorize routes to authorizations controller' do
-    expect(delete('/oauth/authorize')).to route_to('doorkeeper/authorizations#destroy')
-  end
-
-  it 'POST /oauth/token routes to tokens controller' do
-    expect(post('/oauth/token')).to route_to('doorkeeper/tokens#create')
-  end
-
-  it 'POST /oauth/revoke routes to tokens controller' do
-    expect(post('/oauth/revoke')).to route_to('doorkeeper/tokens#revoke')
-  end
-
-  it 'GET /oauth/applications routes to applications controller' do
-    expect(get('/oauth/applications')).to route_to('doorkeeper/applications#index')
-  end
-
-  it 'GET /oauth/authorized_applications routes to authorized applications controller' do
-    expect(get('/oauth/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
-  end
-
-  it 'GET /oauth/token/info route to authorzed tokeninfo controller' do
-    expect(get('/oauth/token/info')).to route_to('doorkeeper/token_info#show')
-  end
-end

data/spec/routing/scoped_routes_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper_integration'
-
-describe 'Scoped routes' do
-  it 'GET /scope/authorize routes to authorizations controller' do
-    expect(get('/scope/authorize')).to route_to('doorkeeper/authorizations#new')
-  end
-
-  it 'POST /scope/authorize routes to authorizations controller' do
-    expect(post('/scope/authorize')).to route_to('doorkeeper/authorizations#create')
-  end
-
-  it 'DELETE /scope/authorize routes to authorizations controller' do
-    expect(delete('/scope/authorize')).to route_to('doorkeeper/authorizations#destroy')
-  end
-
-  it 'POST /scope/token routes to tokens controller' do
-    expect(post('/scope/token')).to route_to('doorkeeper/tokens#create')
-  end
-
-  it 'GET /scope/applications routes to applications controller' do
-    expect(get('/scope/applications')).to route_to('doorkeeper/applications#index')
-  end
-
-  it 'GET /scope/authorized_applications routes to authorized applications controller' do
-    expect(get('/scope/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
-  end
-
-  it 'GET /scope/token/info route to authorzed tokeninfo controller' do
-    expect(get('/scope/token/info')).to route_to('doorkeeper/token_info#show')
-  end
-end

data/spec/spec_helper.rb

@@ -1,2 +0,0 @@
-$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
-$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../app'))

data/spec/spec_helper_integration.rb

@@ -1,56 +0,0 @@
-ENV['RAILS_ENV'] ||= 'test'
-TABLE_NAME_PREFIX = ENV['table_name_prefix'] || nil
-TABLE_NAME_SUFFIX = ENV['table_name_suffix'] || nil
-
-orm = (ENV['BUNDLE_GEMFILE'] || '').match(/Gemfile\.(.+)\.rb/)
-DOORKEEPER_ORM = (orm && orm[1] || :active_record).to_sym
-
-$LOAD_PATH.unshift File.dirname(__FILE__)
-
-require 'capybara/rspec'
-require 'dummy/config/environment'
-require 'rspec/rails'
-require 'generator_spec/test_case'
-require 'timecop'
-require 'database_cleaner'
-
-# Load JRuby SQLite3 if in that platform
-begin
-  require 'jdbc/sqlite3'
-  Jdbc::SQLite3.load_driver
-rescue LoadError
-end
-
-Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm.inspect}"
-if Doorkeeper.configuration.orm == :active_record
-  Rails.logger.info "======> active_record.table_name_prefix = #{Rails.configuration.active_record.table_name_prefix.inspect}"
-  Rails.logger.info "======> active_record.table_name_suffix = #{Rails.configuration.active_record.table_name_suffix.inspect}"
-end
-Rails.logger.info "====> Rails version: #{Rails.version}"
-Rails.logger.info "====> Ruby version: #{RUBY_VERSION}"
-
-require "support/orm/#{DOORKEEPER_ORM}"
-
-ENGINE_RAILS_ROOT = File.join(File.dirname(__FILE__), '../')
-
-Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |f| require f }
-
-RSpec.configure do |config|
-  config.infer_spec_type_from_file_location!
-  config.mock_with :rspec
-
-  config.infer_base_class_for_anonymous_controllers = false
-
-  config.include RSpec::Rails::RequestExampleGroup, type: :request
-
-  config.before do
-    DatabaseCleaner.start
-    Doorkeeper.configure { orm DOORKEEPER_ORM }
-  end
-
-  config.after do
-    DatabaseCleaner.clean
-  end
-
-  config.order = 'random'
-end

data/spec/support/dependencies/factory_girl.rb

@@ -1,2 +0,0 @@
-require 'factory_girl'
-FactoryGirl.find_definitions

data/spec/support/helpers/access_token_request_helper.rb

@@ -1,11 +0,0 @@
-module AccessTokenRequestHelper
-  def client_is_authorized(client, resource_owner, access_token_attributes = {})
-    attributes = {
-      application: client,
-      resource_owner_id: resource_owner.id
-    }.merge(access_token_attributes)
-    FactoryGirl.create(:access_token, attributes)
-  end
-end
-
-RSpec.configuration.send :include, AccessTokenRequestHelper

data/spec/support/helpers/authorization_request_helper.rb

@@ -1,41 +0,0 @@
-module AuthorizationRequestHelper
-  def resource_owner_is_authenticated(resource_owner = nil)
-    resource_owner ||= User.create!(name: 'Joe', password: 'sekret')
-    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { resource_owner })
-  end
-
-  def resource_owner_is_not_authenticated
-    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to('/sign_in') })
-  end
-
-  def default_scopes_exist(*scopes)
-    Doorkeeper.configuration.instance_variable_set(:@default_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
-  end
-
-  def optional_scopes_exist(*scopes)
-    Doorkeeper.configuration.instance_variable_set(:@optional_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
-  end
-
-  def client_should_be_authorized(client)
-    expect(client.access_grants.size).to eq(1)
-  end
-
-  def client_should_not_be_authorized(client)
-    expect(client.size).to eq(0)
-  end
-
-  def i_should_be_on_client_callback(client)
-    expect(client.redirect_uri).to eq("#{current_uri.scheme}://#{current_uri.host}#{current_uri.path}")
-  end
-
-  def allowing_forgery_protection(&block)
-    _original_value = ActionController::Base.allow_forgery_protection
-    ActionController::Base.allow_forgery_protection = true
-
-    block.call
-  ensure
-    ActionController::Base.allow_forgery_protection = _original_value
-  end
-end
-
-RSpec.configuration.send :include, AuthorizationRequestHelper

data/spec/support/helpers/config_helper.rb

@@ -1,9 +0,0 @@
-module ConfigHelper
-  def config_is_set(setting, value = nil, &block)
-    setting_ivar = "@#{setting}"
-    value = block_given? ? block : value
-    Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
-  end
-end
-
-RSpec.configuration.send :include, ConfigHelper