doorkeeper 4.2.5 → 4.3.0

data/spec/support/shared/models_shared_examples.rb

@@ -34,15 +34,15 @@ shared_examples 'a unique token' do
     end
 
     it 'is not valid if token exists' do
-      token1 = FactoryGirl.create factory_name
-      token2 = FactoryGirl.create factory_name
+      token1 = FactoryBot.create factory_name
+      token2 = FactoryBot.create factory_name
       token2.token = token1.token
       expect(token2).not_to be_valid
     end
 
     it 'expects database to throw an error when tokens are the same' do
-      token1 = FactoryGirl.create factory_name
-      token2 = FactoryGirl.create factory_name
+      token1 = FactoryBot.create factory_name
+      token2 = FactoryBot.create factory_name
       token2.token = token1.token
       expect do
         token2.save!(validate: false)

data/spec/validators/redirect_uri_validator_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper_integration'
 
 describe RedirectUriValidator do
   subject do
-    FactoryGirl.create(:application)
+    FactoryBot.create(:application)
   end
 
   it 'is valid when the uri is a uri' do
@@ -10,6 +10,21 @@ describe RedirectUriValidator do
     expect(subject).to be_valid
   end
 
+  # Most mobile and desktop operating systems allow apps to register a custom URL
+  # scheme that will launch the app when a URL with that scheme is visited from
+  # the system browser.
+  #
+  # @see https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/
+  it 'is valid when the uri is custom native URI' do
+    subject.redirect_uri = 'myapp://callback'
+    expect(subject).to be_valid
+  end
+
+  it 'is valid when the uri has a query parameter' do
+    subject.redirect_uri = 'https://example.com/abcd?xyz=123'
+    expect(subject).to be_valid
+  end
+
   it 'accepts native redirect uri' do
     subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
     expect(subject).to be_valid
@@ -39,11 +54,6 @@ describe RedirectUriValidator do
     expect(subject.errors[:redirect_uri].first).to eq('cannot contain a fragment.')
   end
 
-  it 'is invalid when the uri has a query parameter' do
-    subject.redirect_uri = 'https://example.com/abcd?xyz=123'
-    expect(subject).to be_valid
-  end
-
   context 'force secured uri' do
     it 'accepts an valid uri' do
       subject.redirect_uri = 'https://example.com/callback'
@@ -68,6 +78,34 @@ describe RedirectUriValidator do
       expect(subject).to be_valid
     end
 
+    it 'accepts a non secured protocol when conditional option defined' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        force_ssl_in_redirect_uri { |uri| uri.host != 'localhost' }
+      end
+
+      application = FactoryBot.build(:application, redirect_uri: 'http://localhost/callback')
+      expect(application).to be_valid
+
+      application = FactoryBot.build(:application, redirect_uri: 'http://localhost2/callback')
+      expect(application).not_to be_valid
+    end
+
+    it 'forbids redirect uri if required' do
+      subject.redirect_uri = 'javascript://document.cookie'
+
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        forbid_redirect_uri { |uri| uri.scheme == 'javascript' }
+      end
+
+      expect(subject).to be_invalid
+      expect(subject.errors[:redirect_uri].first).to eq('is forbidden by the server.')
+
+      subject.redirect_uri = 'https://localhost/callback'
+      expect(subject).to be_valid
+    end
+
     it 'invalidates the uri when the uri does not use a secure protocol' do
       subject.redirect_uri = 'http://example.com/callback'
       expect(subject).not_to be_valid
@@ -75,4 +113,11 @@ describe RedirectUriValidator do
       expect(error).to eq('must be an HTTPS/SSL URI.')
     end
   end
+
+  context 'multiple redirect uri' do
+    it 'invalidates the second uri when the first uri is native uri' do
+      subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob\nexample.com/callback"
+      expect(subject).to be_invalid
+    end
+  end
 end

data/spec/version/version_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper_integration'
+
+describe 'Doorkeeper version' do
+  context '#gem_version' do
+    it 'returns Gem::Version instance' do
+      expect(Doorkeeper.gem_version).to be_an_instance_of(Gem::Version)
+    end
+  end
+
+  context 'VERSION' do
+    it 'returns gem version string' do
+      expect(Doorkeeper::VERSION::STRING).to match(/^\d+\.\d+\.\d+[.\w]?$/)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 4.2.5
+  version: 4.3.0
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-12 00:00:00.000000000 Z
+date: 2018-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -54,34 +54,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: grape
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.3
+        version: '1.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.3
+        version: '1.6'
 - !ruby/object:Gem::Dependency
-  name: factory_girl
+  name: factory_bot
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.7.0
+        version: '4.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.7.0
+        version: '4.8'
 - !ruby/object:Gem::Dependency
   name: generator_spec
   requirement: !ruby/object:Gem::Requirement
@@ -124,20 +138,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: timecop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.8.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.8.1
 description: Doorkeeper is an OAuth 2 provider for Rails and Grape.
 email:
 - me@jonathanmoss.me
@@ -146,11 +146,15 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".coveralls.yml"
+- ".github/ISSUE_TEMPLATE.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
 - ".gitignore"
 - ".hound.yml"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - Appraisals
+- CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
 - MIT-LICENSE
@@ -158,6 +162,7 @@ files:
 - README.md
 - RELEASING.md
 - Rakefile
+- SECURITY.md
 - app/assets/stylesheets/doorkeeper/admin/application.css
 - app/assets/stylesheets/doorkeeper/application.css
 - app/controllers/doorkeeper/application_controller.rb
@@ -187,6 +192,8 @@ files:
 - gemfiles/rails_4_2.gemfile
 - gemfiles/rails_5_0.gemfile
 - gemfiles/rails_5_1.gemfile
+- gemfiles/rails_5_2.gemfile
+- gemfiles/rails_master.gemfile
 - lib/doorkeeper.rb
 - lib/doorkeeper/config.rb
 - lib/doorkeeper/engine.rb
@@ -228,12 +235,14 @@ files:
 - lib/doorkeeper/oauth/refresh_token_request.rb
 - lib/doorkeeper/oauth/scopes.rb
 - lib/doorkeeper/oauth/token.rb
+- lib/doorkeeper/oauth/token_introspection.rb
 - lib/doorkeeper/oauth/token_request.rb
 - lib/doorkeeper/oauth/token_response.rb
 - lib/doorkeeper/orm/active_record.rb
 - lib/doorkeeper/orm/active_record/access_grant.rb
 - lib/doorkeeper/orm/active_record/access_token.rb
 - lib/doorkeeper/orm/active_record/application.rb
+- lib/doorkeeper/orm/active_record/base_record.rb
 - lib/doorkeeper/rails/helpers.rb
 - lib/doorkeeper/rails/routes.rb
 - lib/doorkeeper/rails/routes/mapper.rb
@@ -254,10 +263,10 @@ files:
 - lib/generators/doorkeeper/migration_generator.rb
 - lib/generators/doorkeeper/previous_refresh_token_generator.rb
 - lib/generators/doorkeeper/templates/README
-- lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb
-- lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb
+- lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb
+- lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb
 - lib/generators/doorkeeper/templates/initializer.rb
-- lib/generators/doorkeeper/templates/migration.rb
+- lib/generators/doorkeeper/templates/migration.rb.erb
 - lib/generators/doorkeeper/views_generator.rb
 - spec/controllers/application_metal_controller.rb
 - spec/controllers/applications_controller_spec.rb
@@ -284,9 +293,9 @@ files:
 - spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/initializers/doorkeeper.rb
+- spec/dummy/config/initializers/new_framework_defaults.rb
 - spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
@@ -307,8 +316,10 @@ files:
 - spec/generators/application_owner_generator_spec.rb
 - spec/generators/install_generator_spec.rb
 - spec/generators/migration_generator_spec.rb
+- spec/generators/previous_refresh_token_generator_spec.rb
 - spec/generators/templates/routes.rb
 - spec/generators/views_generator_spec.rb
+- spec/grape/grape_integration_spec.rb
 - spec/helpers/doorkeeper/dashboard_helper_spec.rb
 - spec/lib/config_spec.rb
 - spec/lib/doorkeeper_spec.rb
@@ -379,6 +390,7 @@ files:
 - spec/support/shared/controllers_shared_context.rb
 - spec/support/shared/models_shared_examples.rb
 - spec/validators/redirect_uri_validator_spec.rb
+- spec/version/version_spec.rb
 - vendor/assets/stylesheets/doorkeeper/bootstrap.min.css
 homepage: https://github.com/doorkeeper-gem/doorkeeper
 licenses:
@@ -400,7 +412,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.5.2.2
 signing_key: 
 specification_version: 4
 summary: OAuth 2 provider for Rails and Grape
@@ -430,9 +442,9 @@ test_files:
 - spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/initializers/doorkeeper.rb
+- spec/dummy/config/initializers/new_framework_defaults.rb
 - spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
@@ -453,8 +465,10 @@ test_files:
 - spec/generators/application_owner_generator_spec.rb
 - spec/generators/install_generator_spec.rb
 - spec/generators/migration_generator_spec.rb
+- spec/generators/previous_refresh_token_generator_spec.rb
 - spec/generators/templates/routes.rb
 - spec/generators/views_generator_spec.rb
+- spec/grape/grape_integration_spec.rb
 - spec/helpers/doorkeeper/dashboard_helper_spec.rb
 - spec/lib/config_spec.rb
 - spec/lib/doorkeeper_spec.rb
@@ -525,3 +539,4 @@ test_files:
 - spec/support/shared/controllers_shared_context.rb
 - spec/support/shared/models_shared_examples.rb
 - spec/validators/redirect_uri_validator_spec.rb
+- spec/version/version_spec.rb