doorkeeper 4.2.0 → 5.5.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (271) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1038 -0
  3. data/README.md +110 -348
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +6 -7
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
  7. data/app/controllers/doorkeeper/applications_controller.rb +65 -20
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +112 -35
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +7 -1
  22. data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
  23. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  24. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  25. data/config/locales/en.yml +33 -9
  26. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  27. data/lib/doorkeeper/config/option.rb +82 -0
  28. data/lib/doorkeeper/config/validations.rb +53 -0
  29. data/lib/doorkeeper/config.rb +545 -143
  30. data/lib/doorkeeper/engine.rb +11 -5
  31. data/lib/doorkeeper/errors.rb +37 -10
  32. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  33. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  34. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  35. data/lib/doorkeeper/grant_flow.rb +45 -0
  36. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  37. data/lib/doorkeeper/grape/helpers.rb +24 -12
  38. data/lib/doorkeeper/helpers/controller.rb +49 -27
  39. data/lib/doorkeeper/models/access_grant_mixin.rb +100 -21
  40. data/lib/doorkeeper/models/access_token_mixin.rb +379 -75
  41. data/lib/doorkeeper/models/application_mixin.rb +72 -25
  42. data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
  43. data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
  44. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  45. data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
  46. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  47. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  48. data/lib/doorkeeper/models/concerns/revocable.rb +12 -18
  49. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  50. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  51. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  52. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  53. data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
  54. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
  55. data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
  56. data/lib/doorkeeper/oauth/base_request.rb +66 -0
  57. data/lib/doorkeeper/oauth/base_response.rb +31 -0
  58. data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
  59. data/lib/doorkeeper/oauth/client.rb +10 -12
  60. data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
  61. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
  62. data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
  63. data/lib/doorkeeper/oauth/client_credentials_request.rb +11 -15
  64. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  65. data/lib/doorkeeper/oauth/code_response.rb +28 -15
  66. data/lib/doorkeeper/oauth/error.rb +5 -3
  67. data/lib/doorkeeper/oauth/error_response.rb +41 -20
  68. data/lib/doorkeeper/oauth/forbidden_token_response.rb +10 -3
  69. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
  70. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  71. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
  72. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  73. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  74. data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
  75. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  76. data/lib/doorkeeper/oauth/password_access_token_request.rb +45 -13
  77. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  78. data/lib/doorkeeper/oauth/refresh_token_request.rb +61 -36
  79. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  80. data/lib/doorkeeper/oauth/token.rb +25 -23
  81. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  82. data/lib/doorkeeper/oauth/token_request.rb +8 -21
  83. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  84. data/lib/doorkeeper/oauth.rb +13 -0
  85. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  86. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -25
  87. data/lib/doorkeeper/orm/active_record/application.rb +6 -15
  88. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
  89. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
  90. data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
  91. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  92. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  93. data/lib/doorkeeper/orm/active_record.rb +37 -8
  94. data/lib/doorkeeper/rails/helpers.rb +14 -15
  95. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  96. data/lib/doorkeeper/rails/routes/mapper.rb +3 -1
  97. data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
  98. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  99. data/lib/doorkeeper/rails/routes.rb +42 -30
  100. data/lib/doorkeeper/rake/db.rake +40 -0
  101. data/lib/doorkeeper/rake/setup.rake +11 -0
  102. data/lib/doorkeeper/rake.rb +14 -0
  103. data/lib/doorkeeper/request/authorization_code.rb +12 -4
  104. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  105. data/lib/doorkeeper/request/code.rb +1 -1
  106. data/lib/doorkeeper/request/password.rb +5 -14
  107. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  108. data/lib/doorkeeper/request/strategy.rb +4 -2
  109. data/lib/doorkeeper/request/token.rb +1 -1
  110. data/lib/doorkeeper/request.rb +62 -29
  111. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  112. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  113. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  114. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  115. data/lib/doorkeeper/server.rb +9 -19
  116. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  117. data/lib/doorkeeper/validations.rb +5 -2
  118. data/lib/doorkeeper/version.rb +12 -1
  119. data/lib/doorkeeper.rb +111 -56
  120. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  121. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  122. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  123. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  124. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  125. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  126. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
  127. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  128. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  129. data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
  130. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  131. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  132. data/lib/generators/doorkeeper/templates/initializer.rb +410 -31
  133. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  134. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  135. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  136. metadata +132 -286
  137. data/.gitignore +0 -14
  138. data/.hound.yml +0 -13
  139. data/.rspec +0 -1
  140. data/.travis.yml +0 -20
  141. data/CONTRIBUTING.md +0 -47
  142. data/Gemfile +0 -14
  143. data/NEWS.md +0 -593
  144. data/RELEASING.md +0 -17
  145. data/Rakefile +0 -20
  146. data/app/validators/redirect_uri_validator.rb +0 -34
  147. data/doorkeeper.gemspec +0 -28
  148. data/lib/doorkeeper/oauth/client/methods.rb +0 -18
  149. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  150. data/lib/doorkeeper/oauth/request_concern.rb +0 -48
  151. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  152. data/lib/generators/doorkeeper/templates/migration.rb +0 -68
  153. data/spec/controllers/application_metal_controller.rb +0 -10
  154. data/spec/controllers/applications_controller_spec.rb +0 -58
  155. data/spec/controllers/authorizations_controller_spec.rb +0 -189
  156. data/spec/controllers/protected_resources_controller_spec.rb +0 -300
  157. data/spec/controllers/token_info_controller_spec.rb +0 -52
  158. data/spec/controllers/tokens_controller_spec.rb +0 -88
  159. data/spec/dummy/Rakefile +0 -7
  160. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  161. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  162. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  163. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  164. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  165. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  166. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  167. data/spec/dummy/app/models/user.rb +0 -5
  168. data/spec/dummy/app/views/home/index.html.erb +0 -0
  169. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  170. data/spec/dummy/config/application.rb +0 -23
  171. data/spec/dummy/config/boot.rb +0 -9
  172. data/spec/dummy/config/database.yml +0 -15
  173. data/spec/dummy/config/environment.rb +0 -5
  174. data/spec/dummy/config/environments/development.rb +0 -29
  175. data/spec/dummy/config/environments/production.rb +0 -62
  176. data/spec/dummy/config/environments/test.rb +0 -44
  177. data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
  178. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  179. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  180. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  181. data/spec/dummy/config/initializers/session_store.rb +0 -8
  182. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  183. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  184. data/spec/dummy/config/routes.rb +0 -52
  185. data/spec/dummy/config.ru +0 -4
  186. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  187. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  188. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
  189. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
  190. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -11
  191. data/spec/dummy/db/schema.rb +0 -67
  192. data/spec/dummy/public/404.html +0 -26
  193. data/spec/dummy/public/422.html +0 -26
  194. data/spec/dummy/public/500.html +0 -26
  195. data/spec/dummy/public/favicon.ico +0 -0
  196. data/spec/dummy/script/rails +0 -6
  197. data/spec/factories.rb +0 -28
  198. data/spec/generators/application_owner_generator_spec.rb +0 -22
  199. data/spec/generators/install_generator_spec.rb +0 -31
  200. data/spec/generators/migration_generator_spec.rb +0 -20
  201. data/spec/generators/templates/routes.rb +0 -3
  202. data/spec/generators/views_generator_spec.rb +0 -27
  203. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  204. data/spec/lib/config_spec.rb +0 -334
  205. data/spec/lib/doorkeeper_spec.rb +0 -28
  206. data/spec/lib/models/expirable_spec.rb +0 -51
  207. data/spec/lib/models/revocable_spec.rb +0 -59
  208. data/spec/lib/models/scopes_spec.rb +0 -43
  209. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
  210. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  211. data/spec/lib/oauth/client/credentials_spec.rb +0 -47
  212. data/spec/lib/oauth/client/methods_spec.rb +0 -54
  213. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  214. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  215. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  216. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  217. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  218. data/spec/lib/oauth/client_spec.rb +0 -39
  219. data/spec/lib/oauth/code_request_spec.rb +0 -45
  220. data/spec/lib/oauth/code_response_spec.rb +0 -34
  221. data/spec/lib/oauth/error_response_spec.rb +0 -61
  222. data/spec/lib/oauth/error_spec.rb +0 -23
  223. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  224. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  225. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  226. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  227. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
  228. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  229. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  230. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
  231. data/spec/lib/oauth/scopes_spec.rb +0 -122
  232. data/spec/lib/oauth/token_request_spec.rb +0 -98
  233. data/spec/lib/oauth/token_response_spec.rb +0 -85
  234. data/spec/lib/oauth/token_spec.rb +0 -116
  235. data/spec/lib/request/strategy_spec.rb +0 -53
  236. data/spec/lib/server_spec.rb +0 -52
  237. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  238. data/spec/models/doorkeeper/access_token_spec.rb +0 -394
  239. data/spec/models/doorkeeper/application_spec.rb +0 -179
  240. data/spec/requests/applications/applications_request_spec.rb +0 -94
  241. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  242. data/spec/requests/endpoints/authorization_spec.rb +0 -72
  243. data/spec/requests/endpoints/token_spec.rb +0 -64
  244. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
  245. data/spec/requests/flows/authorization_code_spec.rb +0 -156
  246. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  247. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  248. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  249. data/spec/requests/flows/password_spec.rb +0 -115
  250. data/spec/requests/flows/refresh_token_spec.rb +0 -174
  251. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  252. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  253. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  254. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  255. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  256. data/spec/routing/default_routes_spec.rb +0 -35
  257. data/spec/routing/scoped_routes_spec.rb +0 -31
  258. data/spec/spec_helper.rb +0 -2
  259. data/spec/spec_helper_integration.rb +0 -59
  260. data/spec/support/dependencies/factory_girl.rb +0 -2
  261. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  262. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  263. data/spec/support/helpers/config_helper.rb +0 -9
  264. data/spec/support/helpers/model_helper.rb +0 -67
  265. data/spec/support/helpers/request_spec_helper.rb +0 -76
  266. data/spec/support/helpers/url_helper.rb +0 -55
  267. data/spec/support/http_method_shim.rb +0 -24
  268. data/spec/support/orm/active_record.rb +0 -3
  269. data/spec/support/shared/controllers_shared_context.rb +0 -69
  270. data/spec/support/shared/models_shared_examples.rb +0 -52
  271. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,122 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/core_ext/module/delegation'
3
- require 'active_support/core_ext/string'
4
- require 'doorkeeper/oauth/scopes'
5
-
6
- module Doorkeeper::OAuth
7
- describe Scopes do
8
- describe '#add' do
9
- it 'allows you to add scopes with symbols' do
10
- subject.add :public
11
- expect(subject.all).to eq(['public'])
12
- end
13
-
14
- it 'allows you to add scopes with strings' do
15
- subject.add 'public'
16
- expect(subject.all).to eq(['public'])
17
- end
18
-
19
- it 'do not add already included scopes' do
20
- subject.add :public
21
- subject.add :public
22
- expect(subject.all).to eq(['public'])
23
- end
24
- end
25
-
26
- describe '#exists' do
27
- before do
28
- subject.add :public
29
- end
30
-
31
- it 'returns true if scope with given name is present' do
32
- expect(subject.exists?('public')).to be_truthy
33
- end
34
-
35
- it 'returns false if scope with given name does not exist' do
36
- expect(subject.exists?('other')).to be_falsey
37
- end
38
-
39
- it 'handles symbols' do
40
- expect(subject.exists?(:public)).to be_truthy
41
- expect(subject.exists?(:other)).to be_falsey
42
- end
43
- end
44
-
45
- describe '.from_string' do
46
- let(:string) { 'public write' }
47
-
48
- subject { Scopes.from_string(string) }
49
-
50
- it { expect(subject).to be_a(Scopes) }
51
-
52
- describe '#all' do
53
- it 'should be an array of the expected scopes' do
54
- scopes_array = subject.all
55
- expect(scopes_array.size).to eq(2)
56
- expect(scopes_array).to include('public')
57
- expect(scopes_array).to include('write')
58
- end
59
- end
60
- end
61
-
62
- describe '#+' do
63
- it 'can add to another scope object' do
64
- scopes = Scopes.from_string('public') + Scopes.from_string('admin')
65
- expect(scopes.all).to eq(%w(public admin))
66
- end
67
-
68
- it 'does not change the existing object' do
69
- origin = Scopes.from_string('public')
70
- expect(origin.to_s).to eq('public')
71
- end
72
-
73
- it 'raises an error if cannot handle addition' do
74
- expect do
75
- Scopes.from_string('public') + 'admin'
76
- end.to raise_error(NoMethodError)
77
- end
78
- end
79
-
80
- describe '#==' do
81
- it 'is equal to another set of scopes' do
82
- expect(Scopes.from_string('public')).to eq(Scopes.from_string('public'))
83
- end
84
-
85
- it 'is equal to another set of scopes with no particular order' do
86
- expect(Scopes.from_string('public write')).to eq(Scopes.from_string('write public'))
87
- end
88
-
89
- it 'differs from another set of scopes when scopes are not the same' do
90
- expect(Scopes.from_string('public write')).not_to eq(Scopes.from_string('write'))
91
- end
92
- end
93
-
94
- describe '#has_scopes?' do
95
- subject { Scopes.from_string('public admin') }
96
-
97
- it 'returns true when at least one scope is included' do
98
- expect(subject.has_scopes?(Scopes.from_string('public'))).to be_truthy
99
- end
100
-
101
- it 'returns true when all scopes are included' do
102
- expect(subject.has_scopes?(Scopes.from_string('public admin'))).to be_truthy
103
- end
104
-
105
- it 'is true if all scopes are included in any order' do
106
- expect(subject.has_scopes?(Scopes.from_string('admin public'))).to be_truthy
107
- end
108
-
109
- it 'is false if no scopes are included' do
110
- expect(subject.has_scopes?(Scopes.from_string('notexistent'))).to be_falsey
111
- end
112
-
113
- it 'returns false when any scope is not included' do
114
- expect(subject.has_scopes?(Scopes.from_string('public nope'))).to be_falsey
115
- end
116
-
117
- it 'is false if no scopes are included even for existing ones' do
118
- expect(subject.has_scopes?(Scopes.from_string('public admin notexistent'))).to be_falsey
119
- end
120
- end
121
- end
122
- end
@@ -1,98 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- module Doorkeeper::OAuth
4
- describe TokenRequest do
5
- let :application do
6
- scopes = double(all: ['public'])
7
- double(:application, id: 9990, scopes: scopes)
8
- end
9
- let :pre_auth do
10
- double(
11
- :pre_auth,
12
- client: application,
13
- redirect_uri: 'http://tst.com/cb',
14
- state: nil,
15
- scopes: Scopes.from_string('public'),
16
- error: nil,
17
- authorizable?: true
18
- )
19
- end
20
-
21
- let :owner do
22
- double :owner, id: 7866
23
- end
24
-
25
- subject do
26
- TokenRequest.new(pre_auth, owner)
27
- end
28
-
29
- it 'creates an access token' do
30
- expect do
31
- subject.authorize
32
- end.to change { Doorkeeper::AccessToken.count }.by(1)
33
- end
34
-
35
- it 'returns a code response' do
36
- expect(subject.authorize).to be_a(CodeResponse)
37
- end
38
-
39
- it 'does not create token when not authorizable' do
40
- allow(pre_auth).to receive(:authorizable?).and_return(false)
41
- expect do
42
- subject.authorize
43
- end.to_not change { Doorkeeper::AccessToken.count }
44
- end
45
-
46
- it 'returns a error response' do
47
- allow(pre_auth).to receive(:authorizable?).and_return(false)
48
- expect(subject.authorize).to be_a(ErrorResponse)
49
- end
50
-
51
- context 'with custom expirations' do
52
- before do
53
- Doorkeeper.configure do
54
- orm DOORKEEPER_ORM
55
- custom_access_token_expires_in do |_oauth_client|
56
- 1234
57
- end
58
- end
59
- end
60
-
61
- it 'should use the custom ttl' do
62
- subject.authorize
63
- token = Doorkeeper::AccessToken.first
64
- expect(token.expires_in).to eq(1234)
65
- end
66
- end
67
-
68
- context 'token reuse' do
69
- it 'creates a new token if there are no matching tokens' do
70
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
71
- expect do
72
- subject.authorize
73
- end.to change { Doorkeeper::AccessToken.count }.by(1)
74
- end
75
-
76
- it 'creates a new token if scopes do not match' do
77
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
78
- FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
79
- resource_owner_id: owner.id, scopes: '')
80
- expect do
81
- subject.authorize
82
- end.to change { Doorkeeper::AccessToken.count }.by(1)
83
- end
84
-
85
- it 'skips token creation if there is a matching one' do
86
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
87
- allow(application.scopes).to receive(:has_scopes?).and_return(true)
88
- allow(application.scopes).to receive(:all?).and_return(true)
89
- FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
90
- resource_owner_id: owner.id, scopes: 'public')
91
-
92
- expect do
93
- subject.authorize
94
- end.to_not change { Doorkeeper::AccessToken.count }
95
- end
96
- end
97
- end
98
- end
@@ -1,85 +0,0 @@
1
- require 'spec_helper'
2
- require 'doorkeeper/oauth/token_response'
3
-
4
- module Doorkeeper::OAuth
5
- describe TokenResponse do
6
- subject { TokenResponse.new(double.as_null_object) }
7
-
8
- it 'includes access token response headers' do
9
- headers = subject.headers
10
- expect(headers.fetch('Cache-Control')).to eq('no-store')
11
- expect(headers.fetch('Pragma')).to eq('no-cache')
12
- end
13
-
14
- it 'status is ok' do
15
- expect(subject.status).to eq(:ok)
16
- end
17
-
18
- describe '.body' do
19
- let(:access_token) do
20
- double :access_token,
21
- token: 'some-token',
22
- expires_in: '3600',
23
- expires_in_seconds: '300',
24
- scopes_string: 'two scopes',
25
- refresh_token: 'some-refresh-token',
26
- token_type: 'bearer',
27
- created_at: 0
28
- end
29
-
30
- subject { TokenResponse.new(access_token).body }
31
-
32
- it 'includes :access_token' do
33
- expect(subject['access_token']).to eq('some-token')
34
- end
35
-
36
- it 'includes :token_type' do
37
- expect(subject['token_type']).to eq('bearer')
38
- end
39
-
40
- # expires_in_seconds is returned as `expires_in` in order to match
41
- # the OAuth spec (section 4.2.2)
42
- it 'includes :expires_in' do
43
- expect(subject['expires_in']).to eq('300')
44
- end
45
-
46
- it 'includes :scope' do
47
- expect(subject['scope']).to eq('two scopes')
48
- end
49
-
50
- it 'includes :refresh_token' do
51
- expect(subject['refresh_token']).to eq('some-refresh-token')
52
- end
53
-
54
- it 'includes :created_at' do
55
- expect(subject['created_at']).to eq(0)
56
- end
57
- end
58
-
59
- describe '.body filters out empty values' do
60
- let(:access_token) do
61
- double :access_token,
62
- token: 'some-token',
63
- expires_in_seconds: '',
64
- scopes_string: '',
65
- refresh_token: '',
66
- token_type: 'bearer',
67
- created_at: 0
68
- end
69
-
70
- subject { TokenResponse.new(access_token).body }
71
-
72
- it 'includes :expires_in' do
73
- expect(subject['expires_in']).to be_nil
74
- end
75
-
76
- it 'includes :scope' do
77
- expect(subject['scope']).to be_nil
78
- end
79
-
80
- it 'includes :refresh_token' do
81
- expect(subject['refresh_token']).to be_nil
82
- end
83
- end
84
- end
85
- end
@@ -1,116 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/core_ext/string'
3
- require 'doorkeeper/oauth/token'
4
-
5
- module Doorkeeper
6
- unless defined?(AccessToken)
7
- class AccessToken
8
- end
9
- end
10
-
11
- module OAuth
12
- describe Token do
13
- describe :from_request do
14
- let(:request) { double.as_null_object }
15
-
16
- let(:method) do
17
- ->(request) { return 'token-value' }
18
- end
19
-
20
- it 'accepts anything that responds to #call' do
21
- expect(method).to receive(:call).with(request)
22
- Token.from_request request, method
23
- end
24
-
25
- it 'delegates methods received as symbols to Token class' do
26
- expect(Token).to receive(:from_params).with(request)
27
- Token.from_request request, :from_params
28
- end
29
-
30
- it 'stops at the first credentials found' do
31
- not_called_method = double
32
- expect(not_called_method).not_to receive(:call)
33
- Token.from_request request, ->(_r) {}, method, not_called_method
34
- end
35
-
36
- it 'returns the credential from extractor method' do
37
- credentials = Token.from_request request, method
38
- expect(credentials).to eq('token-value')
39
- end
40
- end
41
-
42
- describe :from_access_token_param do
43
- it 'returns token from access_token parameter' do
44
- request = double parameters: { access_token: 'some-token' }
45
- token = Token.from_access_token_param(request)
46
- expect(token).to eq('some-token')
47
- end
48
- end
49
-
50
- describe :from_bearer_param do
51
- it 'returns token from bearer_token parameter' do
52
- request = double parameters: { bearer_token: 'some-token' }
53
- token = Token.from_bearer_param(request)
54
- expect(token).to eq('some-token')
55
- end
56
- end
57
-
58
- describe :from_bearer_authorization do
59
- it 'returns token from capitalized authorization bearer' do
60
- request = double authorization: 'Bearer SomeToken'
61
- token = Token.from_bearer_authorization(request)
62
- expect(token).to eq('SomeToken')
63
- end
64
-
65
- it 'returns token from lowercased authorization bearer' do
66
- request = double authorization: 'bearer SomeToken'
67
- token = Token.from_bearer_authorization(request)
68
- expect(token).to eq('SomeToken')
69
- end
70
-
71
- it 'does not return token if authorization is not bearer' do
72
- request = double authorization: 'MAC SomeToken'
73
- token = Token.from_bearer_authorization(request)
74
- expect(token).to be_blank
75
- end
76
- end
77
-
78
- describe :from_basic_authorization do
79
- it 'returns token from capitalized authorization basic' do
80
- request = double authorization: "Basic #{Base64.encode64 'SomeToken:'}"
81
- token = Token.from_basic_authorization(request)
82
- expect(token).to eq('SomeToken')
83
- end
84
-
85
- it 'returns token from lowercased authorization basic' do
86
- request = double authorization: "basic #{Base64.encode64 'SomeToken:'}"
87
- token = Token.from_basic_authorization(request)
88
- expect(token).to eq('SomeToken')
89
- end
90
-
91
- it 'does not return token if authorization is not basic' do
92
- request = double authorization: "MAC #{Base64.encode64 'SomeToken:'}"
93
- token = Token.from_basic_authorization(request)
94
- expect(token).to be_blank
95
- end
96
- end
97
-
98
- describe :authenticate do
99
- it 'calls the finder if token was returned' do
100
- token = ->(_r) { 'token' }
101
- expect(AccessToken).to receive(:by_token).with('token')
102
- Token.authenticate double, token
103
- end
104
-
105
- it 'revokes previous refresh_token if token was found' do
106
- token = ->(_r) { 'token' }
107
- expect(
108
- AccessToken
109
- ).to receive(:by_token).with('token').and_return(token)
110
- expect(token).to receive(:revoke_previous_refresh_token!)
111
- Token.authenticate double, token
112
- end
113
- end
114
- end
115
- end
116
- end
@@ -1,53 +0,0 @@
1
- require 'spec_helper'
2
- require 'doorkeeper/request/strategy'
3
-
4
- module Doorkeeper
5
- module Request
6
- describe Strategy do
7
- let(:server) { double }
8
- subject(:strategy) { Strategy.new(server) }
9
-
10
- describe :initialize do
11
- it "sets the server attribute" do
12
- expect(strategy.server).to eq server
13
- end
14
- end
15
-
16
- describe :request do
17
- it "requires an implementation" do
18
- expect { strategy.request }.to raise_exception NotImplementedError
19
- end
20
- end
21
-
22
- describe "a sample Strategy subclass" do
23
- let(:fake_request) { double }
24
-
25
- let(:strategy_class) do
26
- subclass = Class.new(Strategy) do
27
- class << self
28
- attr_accessor :fake_request
29
- end
30
-
31
- def request
32
- self.class.fake_request
33
- end
34
- end
35
-
36
- subclass.fake_request = fake_request
37
- subclass
38
- end
39
-
40
- subject(:strategy) { strategy_class.new(server) }
41
-
42
- it "provides a request implementation" do
43
- expect(strategy.request).to eq fake_request
44
- end
45
-
46
- it "authorizes the request" do
47
- expect(fake_request).to receive :authorize
48
- strategy.authorize
49
- end
50
- end
51
- end
52
- end
53
- end
@@ -1,52 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/all'
3
- require 'doorkeeper/errors'
4
- require 'doorkeeper/server'
5
-
6
- describe Doorkeeper::Server do
7
- let(:fake_class) { double :fake_class }
8
-
9
- subject do
10
- described_class.new
11
- end
12
-
13
- describe '.authorization_request' do
14
- it 'raises error when strategy does not exist' do
15
- expect do
16
- subject.authorization_request(:duh)
17
- end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
18
- end
19
-
20
- it 'raises error when strategy does not match phase' do
21
- expect do
22
- subject.token_request(:code)
23
- end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
24
- end
25
-
26
- context 'when only Authorization Code strategy is enabled' do
27
- before do
28
- allow(Doorkeeper.configuration).
29
- to receive(:grant_flows).
30
- and_return(['authorization_code'])
31
- end
32
-
33
- it 'raises error when using the disabled Implicit strategy' do
34
- expect do
35
- subject.authorization_request(:token)
36
- end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
37
- end
38
-
39
- it 'raises error when using the disabled Client Credentials strategy' do
40
- expect do
41
- subject.token_request(:client_credentials)
42
- end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
43
- end
44
- end
45
-
46
- it 'builds the request with selected strategy' do
47
- stub_const 'Doorkeeper::Request::Code', fake_class
48
- expect(fake_class).to receive(:new).with(subject)
49
- subject.authorization_request :code
50
- end
51
- end
52
- end
@@ -1,36 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe Doorkeeper::AccessGrant do
4
- subject { FactoryGirl.build(:access_grant) }
5
-
6
- it { expect(subject).to be_valid }
7
-
8
- it_behaves_like 'an accessible token'
9
- it_behaves_like 'a revocable token'
10
- it_behaves_like 'a unique token' do
11
- let(:factory_name) { :access_grant }
12
- end
13
-
14
- describe 'validations' do
15
- it 'is invalid without resource_owner_id' do
16
- subject.resource_owner_id = nil
17
- expect(subject).not_to be_valid
18
- end
19
-
20
- it 'is invalid without application_id' do
21
- subject.application_id = nil
22
- expect(subject).not_to be_valid
23
- end
24
-
25
- it 'is invalid without token' do
26
- subject.save
27
- subject.token = nil
28
- expect(subject).not_to be_valid
29
- end
30
-
31
- it 'is invalid without expires_in' do
32
- subject.expires_in = nil
33
- expect(subject).not_to be_valid
34
- end
35
- end
36
- end