doorkeeper 4.2.0 → 5.5.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (271) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1038 -0
  3. data/README.md +110 -348
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +6 -7
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
  7. data/app/controllers/doorkeeper/applications_controller.rb +65 -20
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +112 -35
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +7 -1
  22. data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
  23. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  24. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  25. data/config/locales/en.yml +33 -9
  26. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  27. data/lib/doorkeeper/config/option.rb +82 -0
  28. data/lib/doorkeeper/config/validations.rb +53 -0
  29. data/lib/doorkeeper/config.rb +545 -143
  30. data/lib/doorkeeper/engine.rb +11 -5
  31. data/lib/doorkeeper/errors.rb +37 -10
  32. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  33. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  34. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  35. data/lib/doorkeeper/grant_flow.rb +45 -0
  36. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  37. data/lib/doorkeeper/grape/helpers.rb +24 -12
  38. data/lib/doorkeeper/helpers/controller.rb +49 -27
  39. data/lib/doorkeeper/models/access_grant_mixin.rb +100 -21
  40. data/lib/doorkeeper/models/access_token_mixin.rb +379 -75
  41. data/lib/doorkeeper/models/application_mixin.rb +72 -25
  42. data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
  43. data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
  44. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  45. data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
  46. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  47. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  48. data/lib/doorkeeper/models/concerns/revocable.rb +12 -18
  49. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  50. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  51. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  52. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  53. data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
  54. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
  55. data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
  56. data/lib/doorkeeper/oauth/base_request.rb +66 -0
  57. data/lib/doorkeeper/oauth/base_response.rb +31 -0
  58. data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
  59. data/lib/doorkeeper/oauth/client.rb +10 -12
  60. data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
  61. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
  62. data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
  63. data/lib/doorkeeper/oauth/client_credentials_request.rb +11 -15
  64. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  65. data/lib/doorkeeper/oauth/code_response.rb +28 -15
  66. data/lib/doorkeeper/oauth/error.rb +5 -3
  67. data/lib/doorkeeper/oauth/error_response.rb +41 -20
  68. data/lib/doorkeeper/oauth/forbidden_token_response.rb +10 -3
  69. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
  70. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  71. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
  72. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  73. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  74. data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
  75. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  76. data/lib/doorkeeper/oauth/password_access_token_request.rb +45 -13
  77. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  78. data/lib/doorkeeper/oauth/refresh_token_request.rb +61 -36
  79. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  80. data/lib/doorkeeper/oauth/token.rb +25 -23
  81. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  82. data/lib/doorkeeper/oauth/token_request.rb +8 -21
  83. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  84. data/lib/doorkeeper/oauth.rb +13 -0
  85. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  86. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -25
  87. data/lib/doorkeeper/orm/active_record/application.rb +6 -15
  88. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
  89. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
  90. data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
  91. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  92. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  93. data/lib/doorkeeper/orm/active_record.rb +37 -8
  94. data/lib/doorkeeper/rails/helpers.rb +14 -15
  95. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  96. data/lib/doorkeeper/rails/routes/mapper.rb +3 -1
  97. data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
  98. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  99. data/lib/doorkeeper/rails/routes.rb +42 -30
  100. data/lib/doorkeeper/rake/db.rake +40 -0
  101. data/lib/doorkeeper/rake/setup.rake +11 -0
  102. data/lib/doorkeeper/rake.rb +14 -0
  103. data/lib/doorkeeper/request/authorization_code.rb +12 -4
  104. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  105. data/lib/doorkeeper/request/code.rb +1 -1
  106. data/lib/doorkeeper/request/password.rb +5 -14
  107. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  108. data/lib/doorkeeper/request/strategy.rb +4 -2
  109. data/lib/doorkeeper/request/token.rb +1 -1
  110. data/lib/doorkeeper/request.rb +62 -29
  111. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  112. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  113. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  114. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  115. data/lib/doorkeeper/server.rb +9 -19
  116. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  117. data/lib/doorkeeper/validations.rb +5 -2
  118. data/lib/doorkeeper/version.rb +12 -1
  119. data/lib/doorkeeper.rb +111 -56
  120. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  121. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  122. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  123. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  124. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  125. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  126. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
  127. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  128. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  129. data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
  130. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  131. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  132. data/lib/generators/doorkeeper/templates/initializer.rb +410 -31
  133. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  134. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  135. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  136. metadata +132 -286
  137. data/.gitignore +0 -14
  138. data/.hound.yml +0 -13
  139. data/.rspec +0 -1
  140. data/.travis.yml +0 -20
  141. data/CONTRIBUTING.md +0 -47
  142. data/Gemfile +0 -14
  143. data/NEWS.md +0 -593
  144. data/RELEASING.md +0 -17
  145. data/Rakefile +0 -20
  146. data/app/validators/redirect_uri_validator.rb +0 -34
  147. data/doorkeeper.gemspec +0 -28
  148. data/lib/doorkeeper/oauth/client/methods.rb +0 -18
  149. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  150. data/lib/doorkeeper/oauth/request_concern.rb +0 -48
  151. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  152. data/lib/generators/doorkeeper/templates/migration.rb +0 -68
  153. data/spec/controllers/application_metal_controller.rb +0 -10
  154. data/spec/controllers/applications_controller_spec.rb +0 -58
  155. data/spec/controllers/authorizations_controller_spec.rb +0 -189
  156. data/spec/controllers/protected_resources_controller_spec.rb +0 -300
  157. data/spec/controllers/token_info_controller_spec.rb +0 -52
  158. data/spec/controllers/tokens_controller_spec.rb +0 -88
  159. data/spec/dummy/Rakefile +0 -7
  160. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  161. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  162. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  163. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  164. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  165. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  166. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  167. data/spec/dummy/app/models/user.rb +0 -5
  168. data/spec/dummy/app/views/home/index.html.erb +0 -0
  169. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  170. data/spec/dummy/config/application.rb +0 -23
  171. data/spec/dummy/config/boot.rb +0 -9
  172. data/spec/dummy/config/database.yml +0 -15
  173. data/spec/dummy/config/environment.rb +0 -5
  174. data/spec/dummy/config/environments/development.rb +0 -29
  175. data/spec/dummy/config/environments/production.rb +0 -62
  176. data/spec/dummy/config/environments/test.rb +0 -44
  177. data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
  178. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  179. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  180. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  181. data/spec/dummy/config/initializers/session_store.rb +0 -8
  182. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  183. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  184. data/spec/dummy/config/routes.rb +0 -52
  185. data/spec/dummy/config.ru +0 -4
  186. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  187. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  188. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
  189. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
  190. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -11
  191. data/spec/dummy/db/schema.rb +0 -67
  192. data/spec/dummy/public/404.html +0 -26
  193. data/spec/dummy/public/422.html +0 -26
  194. data/spec/dummy/public/500.html +0 -26
  195. data/spec/dummy/public/favicon.ico +0 -0
  196. data/spec/dummy/script/rails +0 -6
  197. data/spec/factories.rb +0 -28
  198. data/spec/generators/application_owner_generator_spec.rb +0 -22
  199. data/spec/generators/install_generator_spec.rb +0 -31
  200. data/spec/generators/migration_generator_spec.rb +0 -20
  201. data/spec/generators/templates/routes.rb +0 -3
  202. data/spec/generators/views_generator_spec.rb +0 -27
  203. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  204. data/spec/lib/config_spec.rb +0 -334
  205. data/spec/lib/doorkeeper_spec.rb +0 -28
  206. data/spec/lib/models/expirable_spec.rb +0 -51
  207. data/spec/lib/models/revocable_spec.rb +0 -59
  208. data/spec/lib/models/scopes_spec.rb +0 -43
  209. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
  210. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  211. data/spec/lib/oauth/client/credentials_spec.rb +0 -47
  212. data/spec/lib/oauth/client/methods_spec.rb +0 -54
  213. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  214. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  215. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  216. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  217. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  218. data/spec/lib/oauth/client_spec.rb +0 -39
  219. data/spec/lib/oauth/code_request_spec.rb +0 -45
  220. data/spec/lib/oauth/code_response_spec.rb +0 -34
  221. data/spec/lib/oauth/error_response_spec.rb +0 -61
  222. data/spec/lib/oauth/error_spec.rb +0 -23
  223. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  224. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  225. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  226. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  227. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
  228. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  229. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  230. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
  231. data/spec/lib/oauth/scopes_spec.rb +0 -122
  232. data/spec/lib/oauth/token_request_spec.rb +0 -98
  233. data/spec/lib/oauth/token_response_spec.rb +0 -85
  234. data/spec/lib/oauth/token_spec.rb +0 -116
  235. data/spec/lib/request/strategy_spec.rb +0 -53
  236. data/spec/lib/server_spec.rb +0 -52
  237. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  238. data/spec/models/doorkeeper/access_token_spec.rb +0 -394
  239. data/spec/models/doorkeeper/application_spec.rb +0 -179
  240. data/spec/requests/applications/applications_request_spec.rb +0 -94
  241. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  242. data/spec/requests/endpoints/authorization_spec.rb +0 -72
  243. data/spec/requests/endpoints/token_spec.rb +0 -64
  244. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
  245. data/spec/requests/flows/authorization_code_spec.rb +0 -156
  246. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  247. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  248. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  249. data/spec/requests/flows/password_spec.rb +0 -115
  250. data/spec/requests/flows/refresh_token_spec.rb +0 -174
  251. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  252. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  253. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  254. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  255. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  256. data/spec/routing/default_routes_spec.rb +0 -35
  257. data/spec/routing/scoped_routes_spec.rb +0 -31
  258. data/spec/spec_helper.rb +0 -2
  259. data/spec/spec_helper_integration.rb +0 -59
  260. data/spec/support/dependencies/factory_girl.rb +0 -2
  261. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  262. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  263. data/spec/support/helpers/config_helper.rb +0 -9
  264. data/spec/support/helpers/model_helper.rb +0 -67
  265. data/spec/support/helpers/request_spec_helper.rb +0 -76
  266. data/spec/support/helpers/url_helper.rb +0 -55
  267. data/spec/support/http_method_shim.rb +0 -24
  268. data/spec/support/orm/active_record.rb +0 -3
  269. data/spec/support/shared/controllers_shared_context.rb +0 -69
  270. data/spec/support/shared/models_shared_examples.rb +0 -52
  271. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,174 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Refresh Token Flow' do
4
- before do
5
- Doorkeeper.configure do
6
- orm DOORKEEPER_ORM
7
- use_refresh_token
8
- end
9
- client_exists
10
- end
11
-
12
- context 'issuing a refresh token' do
13
- before do
14
- authorization_code_exists application: @client
15
- end
16
-
17
- it 'client gets the refresh token and refreshses it' do
18
- post token_endpoint_url(code: @authorization.token, client: @client)
19
-
20
- token = Doorkeeper::AccessToken.first
21
-
22
- should_have_json 'access_token', token.token
23
- should_have_json 'refresh_token', token.refresh_token
24
-
25
- expect(@authorization.reload).to be_revoked
26
-
27
- post refresh_token_endpoint_url(client: @client, refresh_token: token.refresh_token)
28
-
29
- new_token = Doorkeeper::AccessToken.last
30
- should_have_json 'access_token', new_token.token
31
- should_have_json 'refresh_token', new_token.refresh_token
32
-
33
- expect(token.token).not_to eq(new_token.token)
34
- expect(token.refresh_token).not_to eq(new_token.refresh_token)
35
- end
36
- end
37
-
38
- context 'refreshing the token' do
39
- before do
40
- @token = FactoryGirl.create(
41
- :access_token,
42
- application: @client,
43
- resource_owner_id: 1,
44
- use_refresh_token: true
45
- )
46
- end
47
-
48
- context "refresh_token revoked on use" do
49
- it 'client request a token with refresh token' do
50
- post refresh_token_endpoint_url(
51
- client: @client, refresh_token: @token.refresh_token
52
- )
53
- should_have_json(
54
- 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
55
- )
56
- expect(@token.reload).not_to be_revoked
57
- end
58
-
59
- it 'client request a token with expired access token' do
60
- @token.update_attribute :expires_in, -100
61
- post refresh_token_endpoint_url(
62
- client: @client, refresh_token: @token.refresh_token
63
- )
64
- should_have_json(
65
- 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
66
- )
67
- expect(@token.reload).not_to be_revoked
68
- end
69
- end
70
-
71
- context "refresh_token revoked on refresh_token request" do
72
- before do
73
- allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
74
- end
75
-
76
- it 'client request a token with refresh token' do
77
- post refresh_token_endpoint_url(
78
- client: @client, refresh_token: @token.refresh_token
79
- )
80
- should_have_json(
81
- 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
82
- )
83
- expect(@token.reload).to be_revoked
84
- end
85
-
86
- it 'client request a token with expired access token' do
87
- @token.update_attribute :expires_in, -100
88
- post refresh_token_endpoint_url(
89
- client: @client, refresh_token: @token.refresh_token
90
- )
91
- should_have_json(
92
- 'refresh_token', Doorkeeper::AccessToken.last.refresh_token
93
- )
94
- expect(@token.reload).to be_revoked
95
- end
96
- end
97
-
98
- it 'client gets an error for invalid refresh token' do
99
- post refresh_token_endpoint_url(client: @client, refresh_token: 'invalid')
100
- should_not_have_json 'refresh_token'
101
- should_have_json 'error', 'invalid_grant'
102
- end
103
-
104
- it 'client gets an error for revoked acccess token' do
105
- @token.revoke
106
- post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
107
- should_not_have_json 'refresh_token'
108
- should_have_json 'error', 'invalid_grant'
109
- end
110
-
111
- it 'second of simultaneous client requests get an error for revoked acccess token' do
112
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:revoked?).and_return(false, true)
113
- post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
114
-
115
- should_not_have_json 'refresh_token'
116
- should_have_json 'error', 'invalid_request'
117
- end
118
- end
119
-
120
- context 'refreshing the token with multiple sessions (devices)' do
121
- before do
122
- # enable password auth to simulate other devices
123
- config_is_set(:grant_flows, ["password"])
124
- config_is_set(:resource_owner_from_credentials) do
125
- User.authenticate! params[:username], params[:password]
126
- end
127
- create_resource_owner
128
- _another_token = post password_token_endpoint_url(
129
- client: @client, resource_owner: @resource_owner
130
- )
131
- last_token.update_attribute :created_at, 5.seconds.ago
132
-
133
- @token = FactoryGirl.create(
134
- :access_token,
135
- application: @client,
136
- resource_owner_id: @resource_owner.id,
137
- use_refresh_token: true
138
- )
139
- @token.update_attribute :expires_in, -100
140
- end
141
-
142
- context "refresh_token revoked on use" do
143
- it 'client request a token after creating another token with the same user' do
144
- post refresh_token_endpoint_url(
145
- client: @client, refresh_token: @token.refresh_token
146
- )
147
-
148
- should_have_json 'refresh_token', last_token.refresh_token
149
- expect(@token.reload).not_to be_revoked
150
- end
151
- end
152
-
153
- context "refresh_token revoked on refresh_token request" do
154
- before do
155
- allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
156
- end
157
-
158
- it 'client request a token after creating another token with the same user' do
159
- post refresh_token_endpoint_url(
160
- client: @client, refresh_token: @token.refresh_token
161
- )
162
-
163
- should_have_json 'refresh_token', last_token.refresh_token
164
- expect(@token.reload).to be_revoked
165
- end
166
- end
167
-
168
- def last_token
169
- Doorkeeper::AccessToken.last_authorized_token_for(
170
- @client.id, @resource_owner.id
171
- )
172
- end
173
- end
174
- end
@@ -1,157 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Revoke Token Flow' do
4
- before do
5
- Doorkeeper.configure { orm DOORKEEPER_ORM }
6
- end
7
-
8
- context 'with default parameters' do
9
- let(:client_application) { FactoryGirl.create :application }
10
- let(:resource_owner) { User.create!(name: 'John', password: 'sekret') }
11
- let(:access_token) do
12
- FactoryGirl.create(:access_token,
13
- application: client_application,
14
- resource_owner_id: resource_owner.id,
15
- use_refresh_token: true)
16
- end
17
-
18
- context 'with authenticated, confidential OAuth 2.0 client/application' do
19
- let(:headers) do
20
- client_id = client_application.uid
21
- client_secret = client_application.secret
22
- credentials = Base64.encode64("#{client_id}:#{client_secret}")
23
- { 'HTTP_AUTHORIZATION' => "Basic #{credentials}" }
24
- end
25
-
26
- it 'should revoke the access token provided' do
27
- post revocation_token_endpoint_url, { token: access_token.token }, headers
28
-
29
- access_token.reload
30
-
31
- expect(response).to be_success
32
- expect(access_token.revoked?).to be_truthy
33
- end
34
-
35
- it 'should revoke the refresh token provided' do
36
- post revocation_token_endpoint_url, { token: access_token.refresh_token }, headers
37
-
38
- access_token.reload
39
-
40
- expect(response).to be_success
41
- expect(access_token.revoked?).to be_truthy
42
- end
43
-
44
- context 'with invalid token to revoke' do
45
- it 'should not revoke any tokens and respond successfully' do
46
- num_prev_revoked_tokens = Doorkeeper::AccessToken.where(revoked_at: nil).count
47
- post revocation_token_endpoint_url, { token: 'I_AM_AN_INVALID_TOKEN' }, headers
48
-
49
- # The authorization server responds with HTTP status code 200 even if
50
- # token is invalid
51
- expect(response).to be_success
52
- expect(Doorkeeper::AccessToken.where(revoked_at: nil).count).to eq(num_prev_revoked_tokens)
53
- end
54
- end
55
-
56
- context 'with bad credentials and a valid token' do
57
- let(:headers) do
58
- client_id = client_application.uid
59
- credentials = Base64.encode64("#{client_id}:poop")
60
- { 'HTTP_AUTHORIZATION' => "Basic #{credentials}" }
61
- end
62
- it 'should not revoke any tokens and respond successfully' do
63
- post revocation_token_endpoint_url, { token: access_token.token }, headers
64
-
65
- access_token.reload
66
-
67
- expect(response).to be_success
68
- expect(access_token.revoked?).to be_falsey
69
- end
70
- end
71
-
72
- context 'with no credentials and a valid token' do
73
- it 'should not revoke any tokens and respond successfully' do
74
- post revocation_token_endpoint_url, { token: access_token.token }
75
-
76
- access_token.reload
77
-
78
- expect(response).to be_success
79
- expect(access_token.revoked?).to be_falsey
80
- end
81
- end
82
-
83
- context 'with valid token for another client application' do
84
- let(:other_client_application) { FactoryGirl.create :application }
85
- let(:headers) do
86
- client_id = other_client_application.uid
87
- client_secret = other_client_application.secret
88
- credentials = Base64.encode64("#{client_id}:#{client_secret}")
89
- { 'HTTP_AUTHORIZATION' => "Basic #{credentials}" }
90
- end
91
-
92
- it 'should not revoke the token as its unauthorized' do
93
- post revocation_token_endpoint_url, { token: access_token.token }, headers
94
-
95
- access_token.reload
96
-
97
- expect(response).to be_success
98
- expect(access_token.revoked?).to be_falsey
99
- end
100
- end
101
- end
102
-
103
- context 'with public OAuth 2.0 client/application' do
104
- let(:access_token) do
105
- FactoryGirl.create(:access_token,
106
- application: nil,
107
- resource_owner_id: resource_owner.id,
108
- use_refresh_token: true)
109
- end
110
-
111
- it 'should revoke the access token provided' do
112
- post revocation_token_endpoint_url, { token: access_token.token }
113
-
114
- access_token.reload
115
-
116
- expect(response).to be_success
117
- expect(access_token.revoked?).to be_truthy
118
- end
119
-
120
- it 'should revoke the refresh token provided' do
121
- post revocation_token_endpoint_url, { token: access_token.refresh_token }
122
-
123
- access_token.reload
124
-
125
- expect(response).to be_success
126
- expect(access_token.revoked?).to be_truthy
127
- end
128
-
129
- context 'with a valid token issued for a confidential client' do
130
- let(:access_token) do
131
- FactoryGirl.create(:access_token,
132
- application: client_application,
133
- resource_owner_id: resource_owner.id,
134
- use_refresh_token: true)
135
- end
136
-
137
- it 'should not revoke the access token provided' do
138
- post revocation_token_endpoint_url, { token: access_token.token }
139
-
140
- access_token.reload
141
-
142
- expect(response).to be_success
143
- expect(access_token.revoked?).to be_falsey
144
- end
145
-
146
- it 'should not revoke the refresh token provided' do
147
- post revocation_token_endpoint_url, { token: access_token.token }
148
-
149
- access_token.reload
150
-
151
- expect(response).to be_success
152
- expect(access_token.revoked?).to be_falsey
153
- end
154
- end
155
- end
156
- end
157
- end
@@ -1,59 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- feature 'Skip authorization form' do
4
- background do
5
- config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
6
- client_exists
7
- default_scopes_exist :public
8
- optional_scopes_exist :write
9
- end
10
-
11
- context 'for previously authorized clients' do
12
- background do
13
- create_resource_owner
14
- sign_in
15
- end
16
-
17
- scenario 'skips the authorization and return a new grant code' do
18
- client_is_authorized(@client, @resource_owner, scopes: 'public')
19
- visit authorization_endpoint_url(client: @client)
20
-
21
- i_should_not_see 'Authorize'
22
- client_should_be_authorized @client
23
- i_should_be_on_client_callback @client
24
- url_should_have_param 'code', Doorkeeper::AccessGrant.first.token
25
- end
26
-
27
- scenario 'does not skip authorization when scopes differ (new request has fewer scopes)' do
28
- client_is_authorized(@client, @resource_owner, scopes: 'public write')
29
- visit authorization_endpoint_url(client: @client, scope: 'public')
30
- i_should_see 'Authorize'
31
- end
32
-
33
- scenario 'does not skip authorization when scopes differ (new request has more scopes)' do
34
- client_is_authorized(@client, @resource_owner, scopes: 'public write')
35
- visit authorization_endpoint_url(client: @client, scopes: 'public write email')
36
- i_should_see 'Authorize'
37
- end
38
-
39
- scenario 'creates grant with new scope when scopes differ' do
40
- client_is_authorized(@client, @resource_owner, scopes: 'public write')
41
- visit authorization_endpoint_url(client: @client, scope: 'public')
42
- click_on 'Authorize'
43
- access_grant_should_have_scopes :public
44
- end
45
-
46
- scenario 'doesn not skip authorization when scopes are greater' do
47
- client_is_authorized(@client, @resource_owner, scopes: 'public')
48
- visit authorization_endpoint_url(client: @client, scope: 'public write')
49
- i_should_see 'Authorize'
50
- end
51
-
52
- scenario 'creates grant with new scope when scopes are greater' do
53
- client_is_authorized(@client, @resource_owner, scopes: 'public')
54
- visit authorization_endpoint_url(client: @client, scope: 'public write')
55
- click_on 'Authorize'
56
- access_grant_should_have_scopes :public, :write
57
- end
58
- end
59
- end
@@ -1,14 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'ActionController::Metal API' do
4
- before do
5
- @client = FactoryGirl.create(:application)
6
- @resource = User.create!(name: 'Joe', password: 'sekret')
7
- @token = client_is_authorized(@client, @resource)
8
- end
9
-
10
- it 'client requests protected resource with valid token' do
11
- get "/metal.json?access_token=#{@token.token}"
12
- should_have_json 'ok', true
13
- end
14
- end
@@ -1,81 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- feature 'Private API' do
4
- background do
5
- @client = FactoryGirl.create(:application)
6
- @resource = User.create!(name: 'Joe', password: 'sekret')
7
- @token = client_is_authorized(@client, @resource)
8
- end
9
-
10
- scenario 'client requests protected resource with valid token' do
11
- with_access_token_header @token.token
12
- visit '/full_protected_resources'
13
- expect(page.body).to have_content('index')
14
- end
15
-
16
- scenario 'client requests protected resource with disabled header authentication' do
17
- config_is_set :access_token_methods, [:from_access_token_param]
18
- with_access_token_header @token.token
19
- visit '/full_protected_resources'
20
- response_status_should_be 401
21
- end
22
-
23
- scenario 'client attempts to request protected resource with invalid token' do
24
- with_access_token_header 'invalid'
25
- visit '/full_protected_resources'
26
- response_status_should_be 401
27
- end
28
-
29
- scenario 'client attempts to request protected resource with expired token' do
30
- @token.update_attribute :expires_in, -100 # expires token
31
- with_access_token_header @token.token
32
- visit '/full_protected_resources'
33
- response_status_should_be 401
34
- end
35
-
36
- scenario 'client requests protected resource with permanent token' do
37
- @token.update_attribute :expires_in, nil # never expires
38
- with_access_token_header @token.token
39
- visit '/full_protected_resources'
40
- expect(page.body).to have_content('index')
41
- end
42
-
43
- scenario 'access token with no default scopes' do
44
- Doorkeeper.configuration.instance_eval {
45
- @default_scopes = Doorkeeper::OAuth::Scopes.from_array([:public])
46
- @scopes = default_scopes + optional_scopes
47
- }
48
- @token.update_attribute :scopes, 'dummy'
49
- with_access_token_header @token.token
50
- visit '/full_protected_resources'
51
- response_status_should_be 403
52
- end
53
-
54
- scenario 'access token with no allowed scopes' do
55
- @token.update_attribute :scopes, nil
56
- with_access_token_header @token.token
57
- visit '/full_protected_resources/1.json'
58
- response_status_should_be 403
59
- end
60
-
61
- scenario 'access token with one of allowed scopes' do
62
- @token.update_attribute :scopes, 'admin'
63
- with_access_token_header @token.token
64
- visit '/full_protected_resources/1.json'
65
- expect(page.body).to have_content('show')
66
- end
67
-
68
- scenario 'access token with another of allowed scopes' do
69
- @token.update_attribute :scopes, 'write'
70
- with_access_token_header @token.token
71
- visit '/full_protected_resources/1.json'
72
- expect(page.body).to have_content('show')
73
- end
74
-
75
- scenario 'access token with both allowed scopes' do
76
- @token.update_attribute :scopes, 'write admin'
77
- with_access_token_header @token.token
78
- visit '/full_protected_resources/1.json'
79
- expect(page.body).to have_content('show')
80
- end
81
- end
@@ -1,71 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Custom controller for routes' do
4
- it 'GET /space/scope/authorize routes to custom authorizations controller' do
5
- expect(get('/inner_space/scope/authorize')).to route_to('custom_authorizations#new')
6
- end
7
-
8
- it 'POST /space/scope/authorize routes to custom authorizations controller' do
9
- expect(post('/inner_space/scope/authorize')).to route_to('custom_authorizations#create')
10
- end
11
-
12
- it 'DELETE /space/scope/authorize routes to custom authorizations controller' do
13
- expect(delete('/inner_space/scope/authorize')).to route_to('custom_authorizations#destroy')
14
- end
15
-
16
- it 'POST /space/scope/token routes to tokens controller' do
17
- expect(post('/inner_space/scope/token')).to route_to('custom_authorizations#create')
18
- end
19
-
20
- it 'GET /space/scope/applications routes to applications controller' do
21
- expect(get('/inner_space/scope/applications')).to route_to('custom_authorizations#index')
22
- end
23
-
24
- it 'GET /space/scope/token/info routes to the token_info controller' do
25
- expect(get('/inner_space/scope/token/info')).to route_to('custom_authorizations#show')
26
- end
27
-
28
- it 'GET /space/oauth/authorize routes to custom authorizations controller' do
29
- expect(get('/space/oauth/authorize')).to route_to('custom_authorizations#new')
30
- end
31
-
32
- it 'POST /space/oauth/authorize routes to custom authorizations controller' do
33
- expect(post('/space/oauth/authorize')).to route_to('custom_authorizations#create')
34
- end
35
-
36
- it 'DELETE /space/oauth/authorize routes to custom authorizations controller' do
37
- expect(delete('/space/oauth/authorize')).to route_to('custom_authorizations#destroy')
38
- end
39
-
40
- it 'POST /space/oauth/token routes to tokens controller' do
41
- expect(post('/space/oauth/token')).to route_to('custom_authorizations#create')
42
- end
43
-
44
- it 'POST /space/oauth/revoke routes to tokens controller' do
45
- expect(post('/space/oauth/revoke')).to route_to('custom_authorizations#revoke')
46
- end
47
-
48
- it 'GET /space/oauth/applications routes to applications controller' do
49
- expect(get('/space/oauth/applications')).to route_to('custom_authorizations#index')
50
- end
51
-
52
- it 'GET /space/oauth/token/info routes to the token_info controller' do
53
- expect(get('/space/oauth/token/info')).to route_to('custom_authorizations#show')
54
- end
55
-
56
- it 'POST /outer_space/oauth/token is not be routable' do
57
- expect(post('/outer_space/oauth/token')).not_to be_routable
58
- end
59
-
60
- it 'GET /outer_space/oauth/authorize routes to custom authorizations controller' do
61
- expect(get('/outer_space/oauth/authorize')).to be_routable
62
- end
63
-
64
- it 'GET /outer_space/oauth/applications is not routable' do
65
- expect(get('/outer_space/oauth/applications')).not_to be_routable
66
- end
67
-
68
- it 'GET /outer_space/oauth/token_info is not routable' do
69
- expect(get('/outer_space/oauth/token/info')).not_to be_routable
70
- end
71
- end
@@ -1,35 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Default routes' do
4
- it 'GET /oauth/authorize routes to authorizations controller' do
5
- expect(get('/oauth/authorize')).to route_to('doorkeeper/authorizations#new')
6
- end
7
-
8
- it 'POST /oauth/authorize routes to authorizations controller' do
9
- expect(post('/oauth/authorize')).to route_to('doorkeeper/authorizations#create')
10
- end
11
-
12
- it 'DELETE /oauth/authorize routes to authorizations controller' do
13
- expect(delete('/oauth/authorize')).to route_to('doorkeeper/authorizations#destroy')
14
- end
15
-
16
- it 'POST /oauth/token routes to tokens controller' do
17
- expect(post('/oauth/token')).to route_to('doorkeeper/tokens#create')
18
- end
19
-
20
- it 'POST /oauth/revoke routes to tokens controller' do
21
- expect(post('/oauth/revoke')).to route_to('doorkeeper/tokens#revoke')
22
- end
23
-
24
- it 'GET /oauth/applications routes to applications controller' do
25
- expect(get('/oauth/applications')).to route_to('doorkeeper/applications#index')
26
- end
27
-
28
- it 'GET /oauth/authorized_applications routes to authorized applications controller' do
29
- expect(get('/oauth/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
30
- end
31
-
32
- it 'GET /oauth/token/info route to authorzed tokeninfo controller' do
33
- expect(get('/oauth/token/info')).to route_to('doorkeeper/token_info#show')
34
- end
35
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe 'Scoped routes' do
4
- it 'GET /scope/authorize routes to authorizations controller' do
5
- expect(get('/scope/authorize')).to route_to('doorkeeper/authorizations#new')
6
- end
7
-
8
- it 'POST /scope/authorize routes to authorizations controller' do
9
- expect(post('/scope/authorize')).to route_to('doorkeeper/authorizations#create')
10
- end
11
-
12
- it 'DELETE /scope/authorize routes to authorizations controller' do
13
- expect(delete('/scope/authorize')).to route_to('doorkeeper/authorizations#destroy')
14
- end
15
-
16
- it 'POST /scope/token routes to tokens controller' do
17
- expect(post('/scope/token')).to route_to('doorkeeper/tokens#create')
18
- end
19
-
20
- it 'GET /scope/applications routes to applications controller' do
21
- expect(get('/scope/applications')).to route_to('doorkeeper/applications#index')
22
- end
23
-
24
- it 'GET /scope/authorized_applications routes to authorized applications controller' do
25
- expect(get('/scope/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
26
- end
27
-
28
- it 'GET /scope/token/info route to authorzed tokeninfo controller' do
29
- expect(get('/scope/token/info')).to route_to('doorkeeper/token_info#show')
30
- end
31
- end
data/spec/spec_helper.rb DELETED
@@ -1,2 +0,0 @@
1
- $LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
2
- $LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../app'))