doorkeeper 4.2.0 → 4.2.5

data/spec/lib/oauth/authorization/uri_builder_spec.rb

@@ -6,8 +6,7 @@ require 'doorkeeper/oauth/authorization/uri_builder'
 
 module Doorkeeper::OAuth::Authorization
   describe URIBuilder do
-
-    subject { Object.new.class.send :include, URIBuilder }
+    subject { URIBuilder }
 
     describe :uri_with_query do
       it 'returns the uri with query' do

data/spec/lib/oauth/base_request_spec.rb

@@ -0,0 +1,160 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe BaseRequest do
+    let(:access_token) do
+      double :access_token,
+        token:              "some-token",
+        expires_in:         "3600",
+        expires_in_seconds: "300",
+        scopes_string:      "two scopes",
+        refresh_token:      "some-refresh-token",
+        token_type:         "bearer",
+        created_at:         0
+    end
+
+    let(:client) do
+      double :client,
+        id: '1'
+    end
+
+    let(:scopes_array) do
+      %w(public write)
+    end
+
+    let(:server) do
+      double :server,
+        access_token_expires_in: 100,
+        custom_access_token_expires_in: ->(_) { nil },
+        refresh_token_enabled?: false
+    end
+
+    subject do
+      BaseRequest.new
+    end
+
+    describe "#authorize" do
+      before do
+        allow(subject).to receive(:access_token).and_return(access_token)
+      end
+
+      it "validates itself" do
+        expect(subject).to receive(:validate).once
+        subject.authorize
+      end
+
+      context "valid" do
+        before do
+          allow(subject).to receive(:valid?).and_return(true)
+        end
+
+        it "calls callback methods" do
+          expect(subject).to receive(:before_successful_response).once
+          expect(subject).to receive(:after_successful_response).once
+          subject.authorize
+        end
+
+        it "returns a TokenResponse object" do
+          result = subject.authorize
+
+          expect(result).to be_an_instance_of(TokenResponse)
+          expect(result.body).to eq(
+            TokenResponse.new(access_token).body
+          )
+        end
+      end
+
+      context "invalid" do
+        before do
+          allow(subject).to receive(:valid?).and_return(false)
+          allow(subject).to receive(:error).and_return("server_error")
+          allow(subject).to receive(:state).and_return("hello")
+        end
+
+        it "returns an ErrorResponse object" do
+          error_description = I18n.translate(
+            "server_error",
+            scope: [:doorkeeper, :errors, :messages]
+          )
+
+          result = subject.authorize
+
+          expect(result).to be_an_instance_of(ErrorResponse)
+
+          expect(result.body).to eq(
+            error: "server_error",
+            error_description: error_description,
+            state: "hello"
+          )
+        end
+      end
+    end
+
+    describe "#default_scopes" do
+      it "delegates to the server" do
+        expect(subject).to receive(:server).and_return(server).once
+        expect(server).to receive(:default_scopes).once
+
+        subject.default_scopes
+      end
+    end
+
+    describe "#find_or_create_access_token" do
+      it "returns an instance of AccessToken" do
+        result = subject.find_or_create_access_token(
+          client,
+          "1",
+          "public",
+          server
+        )
+
+        expect(result).to be_an_instance_of(Doorkeeper::AccessToken)
+      end
+    end
+
+    describe "#scopes" do
+      context "@original_scopes is present" do
+        before do
+          subject.instance_variable_set(:@original_scopes, "public write")
+        end
+
+        it "returns array of @original_scopes" do
+          result = subject.scopes
+
+          expect(result).to eq(scopes_array)
+        end
+      end
+
+      context "@original_scopes is not present" do
+        before do
+          subject.instance_variable_set(:@original_scopes, "")
+        end
+
+        it "calls #default_scopes" do
+          allow(subject).to receive(:server).and_return(server).once
+          allow(server).to receive(:default_scopes).and_return(scopes_array).once
+
+          result = subject.scopes
+
+          expect(result).to eq(scopes_array)
+        end
+      end
+    end
+
+    describe "#valid?" do
+      context "error is nil" do
+        it "returns true" do
+          allow(subject).to receive(:error).and_return(nil).once
+          expect(subject.valid?).to eq(true)
+        end
+      end
+
+      context "error is not nil" do
+        it "returns false" do
+          allow(subject).to receive(:error).and_return(Object.new).once
+          expect(subject.valid?).to eq(false)
+        end
+      end
+    end
+  end
+end

data/spec/lib/oauth/base_response_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper_integration'
+
+module Doorkeeper::OAuth
+  describe BaseResponse do
+    subject do
+      BaseResponse.new
+    end
+
+    describe "#body" do
+      it "returns an empty Hash" do
+        expect(subject.body).to eq({})
+      end
+    end
+
+    describe "#description" do
+      it "returns an empty String" do
+        expect(subject.description).to eq("")
+      end
+    end
+
+    describe "#headers" do
+      it "returns an empty Hash" do
+        expect(subject.headers).to eq({})
+      end
+    end
+
+    describe "#redirectable?" do
+      it "returns false" do
+        expect(subject.redirectable?).to eq(false)
+      end
+    end
+
+    describe "#redirect_uri" do
+      it "returns an empty String" do
+        expect(subject.redirect_uri).to eq("")
+      end
+    end
+
+    describe "#status" do
+      it "returns :ok" do
+        expect(subject.status).to eq(:ok)
+      end
+    end
+  end
+end

data/spec/lib/oauth/client/credentials_spec.rb

@@ -4,6 +4,9 @@ require 'doorkeeper/oauth/client'
 
 class Doorkeeper::OAuth::Client
   describe Credentials do
+    let(:client_id) { 'some-uid' }
+    let(:client_secret) { 'some-secret' }
+
     it 'is blank when any of the credentials is blank' do
       expect(Credentials.new(nil, 'something')).to be_blank
       expect(Credentials.new('something', nil)).to be_blank
@@ -43,5 +46,43 @@ class Doorkeeper::OAuth::Client
         expect(credentials.secret).to eq('secret')
       end
     end
+
+    describe :from_params do
+      it 'returns credentials from parameters when Authorization header is not available' do
+        request     = double parameters: { client_id: client_id, client_secret: client_secret }
+        uid, secret = Credentials.from_params(request)
+
+        expect(uid).to    eq('some-uid')
+        expect(secret).to eq('some-secret')
+      end
+
+      it 'is blank when there are no credentials' do
+        request     = double parameters: {}
+        uid, secret = Credentials.from_params(request)
+
+        expect(uid).to    be_blank
+        expect(secret).to be_blank
+      end
+    end
+
+    describe :from_basic do
+      let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
+
+      it 'decodes the credentials' do
+        request     = double authorization: "Basic #{credentials}"
+        uid, secret = Credentials.from_basic(request)
+
+        expect(uid).to    eq('some-uid')
+        expect(secret).to eq('some-secret')
+      end
+
+      it 'is blank if Authorization is not Basic' do
+        request     = double authorization: "#{credentials}"
+        uid, secret = Credentials.from_basic(request)
+
+        expect(uid).to    be_blank
+        expect(secret).to be_blank
+      end
+    end
   end
 end

data/spec/lib/oauth/error_response_spec.rb

@@ -43,19 +43,19 @@ module Doorkeeper::OAuth
       end
     end
 
-    describe '.authenticate_info' do
+    describe '.headers' do
       let(:error_response) { ErrorResponse.new(name: :some_error, state: :some_state) }
-      subject { error_response.authenticate_info }
+      subject { error_response.headers }
 
-      it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
-      it { expect(subject).to include("error=\"#{error_response.name}\"") }
-      it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
-    end
+      it { expect(subject).to include 'WWW-Authenticate' }
 
-    describe '.headers' do
-      subject { ErrorResponse.new(name: :some_error, state: :some_state).headers }
+      describe "WWW-Authenticate header" do
+        subject { error_response.headers["WWW-Authenticate"] }
 
-      it { expect(subject).to include 'WWW-Authenticate' }
+        it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
+        it { expect(subject).to include("error=\"#{error_response.name}\"") }
+        it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
+      end
     end
   end
 end

data/spec/lib/oauth/invalid_token_response_spec.rb

@@ -5,23 +5,51 @@ require 'doorkeeper/oauth/invalid_token_response'
 
 module Doorkeeper::OAuth
   describe InvalidTokenResponse do
-    describe '#name' do
+    describe "#name" do
       it  { expect(subject.name).to eq(:invalid_token) }
     end
 
-    describe '#status' do
+    describe "#status" do
       it { expect(subject.status).to eq(:unauthorized) }
     end
 
     describe :from_access_token do
-      it 'revoked' do
-        response = InvalidTokenResponse.from_access_token double(revoked?: true, expired?: true)
-        expect(response.description).to include('revoked')
+      let(:response) { InvalidTokenResponse.from_access_token(access_token) }
+
+      context "revoked" do
+        let(:access_token) { double(revoked?: true, expired?: true) }
+
+        it "sets a description" do
+          expect(response.description).to include("revoked")
+        end
+
+        it "sets the reason" do
+          expect(response.reason).to eq(:revoked)
+        end
       end
 
-      it 'expired' do
-        response = InvalidTokenResponse.from_access_token double(revoked?: false, expired?: true)
-        expect(response.description).to include('expired')
+      context "expired" do
+        let(:access_token) { double(revoked?: false, expired?: true) }
+
+        it "sets a description" do
+          expect(response.description).to include("expired")
+        end
+
+        it "sets the reason" do
+          expect(response.reason).to eq(:expired)
+        end
+      end
+
+      context "unkown" do
+        let(:access_token) { double(revoked?: false, expired?: false) }
+
+        it "sets a description" do
+          expect(response.description).to include("invalid")
+        end
+
+        it "sets the reason" do
+          expect(response.reason).to eq(:unknown)
+        end
       end
     end
   end

data/spec/lib/server_spec.rb

@@ -1,7 +1,4 @@
 require 'spec_helper'
-require 'active_support/all'
-require 'doorkeeper/errors'
-require 'doorkeeper/server'
 
 describe Doorkeeper::Server do
   let(:fake_class) { double :fake_class }

data/spec/requests/endpoints/authorization_spec.rb

@@ -59,13 +59,12 @@ feature 'Authorization endpoint' do
     end
 
     scenario 'raises exception on forged requests' do
-      skip 'TODO: need to add request helpers to this feature spec'
-      allow_any_instance_of(ActionController::Base).to receive(:handle_unverified_request)
       allowing_forgery_protection do
-        post "/oauth/authorize",
-          client_id:      @client.uid,
-          redirect_uri:   @client.redirect_uri,
-          response_type:  'code'
+        expect {
+          page.driver.post authorization_endpoint_url(client_id: @client.uid,
+                                                      redirect_uri: @client.redirect_uri,
+                                                      response_type:  'code')
+        }.to raise_error(ActionController::InvalidAuthenticityToken)
       end
     end
   end

data/spec/requests/flows/authorization_code_spec.rb

@@ -41,13 +41,11 @@ feature 'Authorization Code Flow' do
   end
 
   scenario 'resource owner requests an access token with authorization code' do
-    skip 'TODO: need to add request helpers to this feature spec'
-
     visit authorization_endpoint_url(client: @client)
     click_on 'Authorize'
 
     authorization_code = Doorkeeper::AccessGrant.first.token
-    post token_endpoint_url(code: authorization_code, client: @client)
+    create_access_token authorization_code, @client
 
     access_token_should_exist_for(@client, @resource_owner)
 
@@ -84,27 +82,23 @@ feature 'Authorization Code Flow' do
     end
 
     scenario 'new access token matches required scopes' do
-      skip 'TODO: need to add request helpers to this feature spec'
-
       visit authorization_endpoint_url(client: @client, scope: 'public write')
       click_on 'Authorize'
 
       authorization_code = Doorkeeper::AccessGrant.first.token
-      post token_endpoint_url(code: authorization_code, client: @client)
+      create_access_token authorization_code, @client
 
       access_token_should_exist_for(@client, @resource_owner)
       access_token_should_have_scopes :public, :write
     end
 
     scenario 'returns new token if scopes have changed' do
-      skip 'TODO: need to add request helpers to this feature spec'
-
       client_is_authorized(@client, @resource_owner, scopes: 'public write')
       visit authorization_endpoint_url(client: @client, scope: 'public')
       click_on 'Authorize'
 
       authorization_code = Doorkeeper::AccessGrant.first.token
-      post token_endpoint_url(code: authorization_code, client: @client)
+      create_access_token authorization_code, @client
 
       expect(Doorkeeper::AccessToken.count).to be(2)
 
@@ -112,14 +106,12 @@ feature 'Authorization Code Flow' do
     end
 
     scenario 'resource owner authorizes the client with extra scopes' do
-      skip 'TODO: need to add request helpers to this feature spec'
-
       client_is_authorized(@client, @resource_owner, scopes: 'public')
       visit authorization_endpoint_url(client: @client, scope: 'public write')
       click_on 'Authorize'
 
       authorization_code = Doorkeeper::AccessGrant.first.token
-      post token_endpoint_url(code: authorization_code, client: @client)
+      create_access_token authorization_code, @client
 
       expect(Doorkeeper::AccessToken.count).to be(2)