doorkeeper 4.0.0.rc2 → 4.0.0.rc3

data/spec/models/doorkeeper/access_token_spec.rb

@@ -12,6 +12,11 @@ module Doorkeeper
       let(:factory_name) { :access_token }
     end
 
+    module CustomGeneratorArgs
+      def self.generate
+      end
+    end
+
     describe :generate_token do
       it 'generates a token using the default method' do
         FactoryGirl.create :access_token
@@ -21,6 +26,10 @@ module Doorkeeper
       end
 
       it 'generates a token using a custom object' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:resource_owner_id]}"
@@ -37,6 +46,10 @@ module Doorkeeper
       end
 
       it 'allows the custom generator to access the application details' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:application].name}"
@@ -53,6 +66,10 @@ module Doorkeeper
       end
 
       it 'allows the custom generator to access the scopes' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
@@ -70,6 +87,10 @@ module Doorkeeper
       end
 
       it 'allows the custom generator to access the expiry length' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
         module CustomGeneratorArgs
           def self.generate(opts = {})
             "custom_generator_token_#{opts[:expires_in]}"
@@ -144,7 +165,7 @@ module Doorkeeper
         expect(subject).to be_valid
       end
 
-      it 'is valid without resource_owner_id' do
+      it 'is valid without application_id' do
         # For resource owner credentials flow
         subject.application_id = nil
         expect(subject).to be_valid

data/spec/models/doorkeeper/application_spec.rb

@@ -129,7 +129,7 @@ module Doorkeeper
 
       it 'should destroy its access tokens' do
         FactoryGirl.create(:access_token, application: new_application)
-        FactoryGirl.create(:access_token, application: new_application, revoked_at: Time.now)
+        FactoryGirl.create(:access_token, application: new_application, revoked_at: Time.now.utc)
         expect do
           new_application.destroy
         end.to change { Doorkeeper::AccessToken.count }.by(-2)

data/spec/requests/flows/refresh_token_spec.rb

@@ -37,20 +37,62 @@ describe 'Refresh Token Flow' do
 
   context 'refreshing the token' do
     before do
-      @token = FactoryGirl.create(:access_token, application: @client, resource_owner_id: 1, use_refresh_token: true)
+      @token = FactoryGirl.create(
+        :access_token,
+        application: @client,
+        resource_owner_id: 1,
+        use_refresh_token: true
+      )
     end
 
-    it 'client request a token with refresh token' do
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
-      should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
-      expect(@token.reload).to be_revoked
+    context "refresh_token revoked on use" do
+      it 'client request a token with refresh token' do
+        post refresh_token_endpoint_url(
+          client: @client, refresh_token: @token.refresh_token
+        )
+        should_have_json(
+          'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+        )
+        expect(@token.reload).not_to be_revoked
+      end
+
+      it 'client request a token with expired access token' do
+        @token.update_attribute :expires_in, -100
+        post refresh_token_endpoint_url(
+          client: @client, refresh_token: @token.refresh_token
+        )
+        should_have_json(
+          'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+        )
+        expect(@token.reload).not_to be_revoked
+      end
     end
 
-    it 'client request a token with expired access token' do
-      @token.update_attribute :expires_in, -100
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
-      should_have_json 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
-      expect(@token.reload).to be_revoked
+    context "refresh_token revoked on refresh_token request" do
+      before do
+        config_is_set(:refresh_token_revoked_on_use, false)
+      end
+
+      it 'client request a token with refresh token' do
+        post refresh_token_endpoint_url(
+          client: @client, refresh_token: @token.refresh_token
+        )
+        should_have_json(
+          'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+        )
+        expect(@token.reload).to be_revoked
+      end
+
+      it 'client request a token with expired access token' do
+        @token.update_attribute :expires_in, -100
+        post refresh_token_endpoint_url(
+          client: @client, refresh_token: @token.refresh_token
+        )
+        should_have_json(
+          'refresh_token', Doorkeeper::AccessToken.last.refresh_token
+        )
+        expect(@token.reload).to be_revoked
+      end
     end
 
     it 'client gets an error for invalid refresh token' do
@@ -79,20 +121,48 @@ describe 'Refresh Token Flow' do
     before do
       # enable password auth to simulate other devices
       config_is_set(:grant_flows, ["password"])
-      config_is_set(:resource_owner_from_credentials) { User.authenticate! params[:username], params[:password] }
+      config_is_set(:resource_owner_from_credentials) do
+        User.authenticate! params[:username], params[:password]
+      end
       create_resource_owner
-      _another_token = post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
+      _another_token = post password_token_endpoint_url(
+        client: @client, resource_owner: @resource_owner
+      )
       last_token.update_attribute :created_at, 5.seconds.ago
 
-      @token = FactoryGirl.create(:access_token, application: @client, resource_owner_id: @resource_owner.id, use_refresh_token: true)
+      @token = FactoryGirl.create(
+        :access_token,
+        application: @client,
+        resource_owner_id: @resource_owner.id,
+        use_refresh_token: true
+      )
       @token.update_attribute :expires_in, -100
     end
 
-    it 'client request a token after creating another token with the same user' do
-      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
+    context "refresh_token revoked on use" do
+      it 'client request a token after creating another token with the same user' do
+        post refresh_token_endpoint_url(
+          client: @client, refresh_token: @token.refresh_token
+        )
+
+        should_have_json 'refresh_token', last_token.refresh_token
+        expect(@token.reload).not_to be_revoked
+      end
+    end
+
+    context "refresh_token revoked on refresh_token request" do
+      before do
+        config_is_set(:refresh_token_revoked_on_use, false)
+      end
+
+      it 'client request a token after creating another token with the same user' do
+        post refresh_token_endpoint_url(
+          client: @client, refresh_token: @token.refresh_token
+        )
 
-      should_have_json 'refresh_token', last_token.refresh_token
-      expect(@token.reload).to be_revoked
+        should_have_json 'refresh_token', last_token.refresh_token
+        expect(@token.reload).to be_revoked
+      end
     end
 
     def last_token

data/spec/support/shared/controllers_shared_context.rb

@@ -4,11 +4,15 @@ shared_context 'valid token', token: :valid do
   end
 
   let :token do
-    double(Doorkeeper::AccessToken, accessible?: true, includes_scope?: true, acceptable?: true)
+    double(Doorkeeper::AccessToken,
+           accessible?: true, includes_scope?: true, acceptable?: true,
+           previous_refresh_token: "", revoke_previous_refresh_token!: true)
   end
 
   before :each do
-    allow(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
+    allow(
+      Doorkeeper::AccessToken
+    ).to receive(:by_token).with(token_string).and_return(token)
   end
 end
 
@@ -18,11 +22,16 @@ shared_context 'invalid token', token: :invalid do
   end
 
   let :token do
-    double(Doorkeeper::AccessToken, accessible?: false, revoked?: false, expired?: false, includes_scope?: false, acceptable?: false)
+    double(Doorkeeper::AccessToken,
+           accessible?: false, revoked?: false, expired?: false,
+           includes_scope?: false, acceptable?: false,
+           previous_refresh_token: "", revoke_previous_refresh_token!: true)
   end
 
   before :each do
-    allow(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
+    allow(
+      Doorkeeper::AccessToken
+    ).to receive(:by_token).with(token_string).and_return(token)
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 4.0.0.rc2
+  version: 4.0.0.rc3
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-03 00:00:00.000000000 Z
+date: 2016-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -26,7 +26,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '4.2'
 - !ruby/object:Gem::Dependency
-  name: rspec-rails
+  name: capybara
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -40,19 +40,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: capybara
+  name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: factory_girl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.5.0
 - !ruby/object:Gem::Dependency
   name: generator_spec
   requirement: !ruby/object:Gem::Requirement
@@ -68,47 +82,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.9.0
 - !ruby/object:Gem::Dependency
-  name: factory_girl
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 4.5.0
+        version: 10.5.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">"
       - !ruby/object:Gem::Version
-        version: 4.5.0
+        version: 10.5.0
 - !ruby/object:Gem::Dependency
-  name: timecop
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: database_cleaner
+  name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 0.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 0.7.0
 description: Doorkeeper is an OAuth 2 provider for Rails and Grape.
 email:
 - tutecosta@gmail.com
@@ -219,8 +233,10 @@ files:
 - lib/generators/doorkeeper/application_scopes_generator.rb
 - lib/generators/doorkeeper/install_generator.rb
 - lib/generators/doorkeeper/migration_generator.rb
+- lib/generators/doorkeeper/previous_refresh_token_generator.rb
 - lib/generators/doorkeeper/templates/README
 - lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb
+- lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb
 - lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb
 - lib/generators/doorkeeper/templates/initializer.rb
 - lib/generators/doorkeeper/templates/migration.rb
@@ -261,6 +277,7 @@ files:
 - spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
 - spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
 - spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
+- spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
@@ -362,7 +379,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.2
 signing_key: 
 specification_version: 4
 summary: OAuth 2 provider for Rails and Grape
@@ -403,6 +420,7 @@ test_files:
 - spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
 - spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
 - spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
+- spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html