doorkeeper 4.2.6 → 4.3.0

data/spec/lib/models/revocable_spec.rb

@@ -38,11 +38,11 @@ describe 'Revocable' do
   describe :revoke_previous_refresh_token! do
     it "revokes the previous token if existing, and resets the
       `previous_refresh_token` attribute" do
-      previous_token = FactoryGirl.create(
+      previous_token = FactoryBot.create(
         :access_token,
         refresh_token: "refresh_token"
       )
-      current_token = FactoryGirl.create(
+      current_token = FactoryBot.create(
         :access_token,
         previous_refresh_token: previous_token.refresh_token
       )

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -8,11 +8,14 @@ module Doorkeeper::OAuth
              refresh_token_enabled?: false,
              custom_access_token_expires_in: ->(_app) { nil }
     end
-    let(:grant)  { FactoryGirl.create :access_grant }
+
+    let(:grant)  { FactoryBot.create :access_grant }
     let(:client) { grant.application }
+    let(:redirect_uri) { client.redirect_uri }
+    let(:params) { { redirect_uri: redirect_uri } }
 
     subject do
-      AuthorizationCodeRequest.new server, grant, client, redirect_uri: client.redirect_uri
+      AuthorizationCodeRequest.new server, grant, client, params
     end
 
     it 'issues a new token for the client' do
@@ -27,9 +30,7 @@ module Doorkeeper::OAuth
     end
 
     it 'revokes the grant' do
-      expect do
-        subject.authorize
-      end.to change { grant.reload.accessible? }
+      expect { subject.authorize }.to change { grant.reload.accessible? }
     end
 
     it 'requires the grant to be accessible' do
@@ -63,18 +64,45 @@ module Doorkeeper::OAuth
     end
 
     it "matches the client with grant's one" do
-      subject.client = FactoryGirl.create :application
+      subject.client = FactoryBot.create :application
       subject.validate
       expect(subject.error).to eq(:invalid_grant)
     end
 
     it 'skips token creation if there is a matching one' do
-      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-      FactoryGirl.create(:access_token, application_id: client.id,
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        reuse_access_token
+      end
+
+      FactoryBot.create(:access_token, application_id: client.id,
         resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s)
-      expect do
-        subject.authorize
-      end.to_not change { Doorkeeper::AccessToken.count }
+
+      expect { subject.authorize }.to_not change { Doorkeeper::AccessToken.count }
+    end
+
+    it "calls BaseRequest callback methods" do
+      expect_any_instance_of(BaseRequest).to receive(:before_successful_response).once
+      expect_any_instance_of(BaseRequest).to receive(:after_successful_response).once
+      subject.authorize
+    end
+
+    context "when redirect_uri contains some query params" do
+      let(:redirect_uri) { client.redirect_uri + "?query=q" }
+
+      it "compares only host part with grant's redirect_uri" do
+        subject.validate
+        expect(subject.error).to eq(nil)
+      end
+    end
+
+    context "when redirect_uri is not an URI" do
+      let(:redirect_uri) { '123d#!s' }
+
+      it "responds with invalid_grant" do
+        subject.validate
+        expect(subject.error).to eq(:invalid_grant)
+      end
     end
   end
 end

data/spec/lib/oauth/base_request_spec.rb

@@ -13,14 +13,9 @@ module Doorkeeper::OAuth
         created_at:         0
     end
 
-    let(:client) do
-      double :client,
-        id: '1'
-    end
+    let(:client) { double :client, id: '1' }
 
-    let(:scopes_array) do
-      %w(public write)
-    end
+    let(:scopes_array) { %w[public write] }
 
     let(:server) do
       double :server,

data/spec/lib/oauth/client_credentials/creator_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper_integration'
 
 class Doorkeeper::OAuth::ClientCredentialsRequest
   describe Creator do
-    let(:client) { FactoryGirl.create :application }
+    let(:client) { FactoryBot.create :application }
     let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public') }
 
     it 'creates a new token' do

data/spec/lib/oauth/client_credentials_integration_spec.rb

@@ -5,7 +5,7 @@ module Doorkeeper::OAuth
     let(:server) { Doorkeeper.configuration }
 
     context 'with a valid request' do
-      let(:client) { FactoryGirl.create :application }
+      let(:client) { FactoryBot.create :application }
 
       it 'issues an access token' do
         request = ClientCredentialsRequest.new(server, client, {})

data/spec/lib/oauth/client_credentials_request_spec.rb

@@ -11,6 +11,7 @@ module Doorkeeper::OAuth
         custom_access_token_expires_in: ->(_app) { nil }
       )
     end
+
     let(:application)   { double :application, scopes: Scopes.from_string('') }
     let(:client)        { double :client, application: application }
     let(:token_creator) { double :issuer, create: true, token: double }

data/spec/lib/oauth/code_request_spec.rb

@@ -32,9 +32,7 @@ module Doorkeeper::OAuth
 
     it 'does not create grant when not authorizable' do
       allow(pre_auth).to receive(:authorizable?).and_return(false)
-      expect do
-        subject.authorize
-      end.to_not change { Doorkeeper::AccessGrant.count }
+      expect { subject.authorize }.not_to change { Doorkeeper::AccessGrant.count }
     end
 
     it 'returns a error response' do

data/spec/lib/oauth/helpers/uri_checker_spec.rb

@@ -39,6 +39,11 @@ module Doorkeeper::OAuth::Helpers
         uri = 'http://'
         expect(URIChecker.valid?(uri)).to be_falsey
       end
+
+      it 'is invalid if is not an uri' do
+        uri = '   '
+        expect(URIChecker.valid?(uri)).to be_falsey
+      end
     end
 
     describe '.matches?' do

data/spec/lib/oauth/invalid_token_response_spec.rb

@@ -40,7 +40,7 @@ module Doorkeeper::OAuth
         end
       end
 
-      context "unkown" do
+      context "unknown" do
         let(:access_token) { double(revoked?: false, expired?: false) }
 
         it "sets a description" do

data/spec/lib/oauth/password_access_token_request_spec.rb

@@ -11,7 +11,7 @@ module Doorkeeper::OAuth
         custom_access_token_expires_in: ->(_app) { nil }
       )
     end
-    let(:client) { FactoryGirl.create(:application) }
+    let(:client) { FactoryBot.create(:application) }
     let(:owner)  { double :owner, id: 99 }
 
     subject do
@@ -53,7 +53,7 @@ module Doorkeeper::OAuth
     end
 
     it 'creates token even when there is already one (default)' do
-      FactoryGirl.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
+      FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
       expect do
         subject.authorize
       end.to change { Doorkeeper::AccessToken.count }.by(1)
@@ -61,12 +61,18 @@ module Doorkeeper::OAuth
 
     it 'skips token creation if there is already one' do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-      FactoryGirl.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
+      FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
       expect do
         subject.authorize
       end.to_not change { Doorkeeper::AccessToken.count }
     end
 
+    it "calls BaseRequest callback methods" do
+      expect_any_instance_of(BaseRequest).to receive(:before_successful_response).once
+      expect_any_instance_of(BaseRequest).to receive(:after_successful_response).once
+      subject.authorize
+    end
+
     describe 'with scopes' do
       subject do
         PasswordAccessTokenRequest.new(server, client, owner, scope: 'public')

data/spec/lib/oauth/refresh_token_request_spec.rb

@@ -5,14 +5,17 @@ module Doorkeeper::OAuth
     before do
       allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
     end
+
     let(:server) do
       double :server,
              access_token_expires_in: 2.minutes,
              custom_access_token_expires_in: -> (_oauth_client) { nil }
     end
+
     let(:refresh_token) do
-      FactoryGirl.create(:access_token, use_refresh_token: true)
+      FactoryBot.create(:access_token, use_refresh_token: true)
     end
+
     let(:client) { refresh_token.application }
     let(:credentials) { Client::Credentials.new(client.uid, client.secret) }
 
@@ -20,7 +23,8 @@ module Doorkeeper::OAuth
 
     it 'issues a new token for the client' do
       expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
-      expect(client.reload.access_tokens.last.expires_in).to eq(120)
+      # #sort_by used for MongoDB ORM extensions for valid ordering
+      expect(client.reload.access_tokens.sort_by(&:created_at).last.expires_in).to eq(120)
     end
 
     it 'issues a new token for the client with custom expires_in' do
@@ -32,13 +36,20 @@ module Doorkeeper::OAuth
 
       RefreshTokenRequest.new(server, refresh_token, credentials).authorize
 
-      expect(client.reload.access_tokens.last.expires_in).to eq(1234)
+      # #sort_by used for MongoDB ORM extensions for valid ordering
+      expect(client.reload.access_tokens.sort_by(&:created_at).last.expires_in).to eq(1234)
     end
 
     it 'revokes the previous token' do
       expect { subject.authorize }.to change { refresh_token.revoked? }.from(false).to(true)
     end
 
+    it "calls BaseRequest callback methods" do
+      expect_any_instance_of(BaseRequest).to receive(:before_successful_response).once
+      expect_any_instance_of(BaseRequest).to receive(:after_successful_response).once
+      subject.authorize
+    end
+
     it 'requires the refresh token' do
       subject.refresh_token = nil
       subject.validate
@@ -52,7 +63,7 @@ module Doorkeeper::OAuth
     end
 
     it "requires the token's client and current client to match" do
-      subject.client = FactoryGirl.create(:application)
+      subject.client = FactoryBot.create(:application)
       subject.validate
       expect(subject.error).to eq(:invalid_grant)
     end
@@ -93,13 +104,14 @@ module Doorkeeper::OAuth
       it 'sets the previous refresh token in the new access token' do
         subject.authorize
         expect(
-          client.access_tokens.last.previous_refresh_token
+          # #sort_by used for MongoDB ORM extensions for valid ordering
+          client.access_tokens.sort_by(&:created_at).last.previous_refresh_token
         ).to eq(refresh_token.refresh_token)
       end
     end
 
     context 'clientless access tokens' do
-      let!(:refresh_token) { FactoryGirl.create(:clientless_access_token, use_refresh_token: true) }
+      let!(:refresh_token) { FactoryBot.create(:clientless_access_token, use_refresh_token: true) }
 
       subject { RefreshTokenRequest.new server, refresh_token, nil }
 
@@ -110,7 +122,7 @@ module Doorkeeper::OAuth
 
     context 'with scopes' do
       let(:refresh_token) do
-        FactoryGirl.create :access_token,
+        FactoryBot.create :access_token,
                            use_refresh_token: true,
                            scopes: 'public write'
       end

data/spec/lib/oauth/scopes_spec.rb

@@ -62,7 +62,7 @@ module Doorkeeper::OAuth
     describe '#+' do
       it 'can add to another scope object' do
         scopes = Scopes.from_string('public') + Scopes.from_string('admin')
-        expect(scopes.all).to eq(%w(public admin))
+        expect(scopes.all).to eq(%w[public admin])
       end
 
       it 'does not change the existing object' do
@@ -70,6 +70,11 @@ module Doorkeeper::OAuth
         expect(origin.to_s).to eq('public')
       end
 
+      it 'can add an array to a scope object' do
+        scopes = Scopes.from_string('public') + ['admin']
+        expect(scopes.all).to eq(%w[public admin])
+      end
+
       it 'raises an error if cannot handle addition' do
         expect do
           Scopes.from_string('public') + 'admin'
@@ -77,6 +82,24 @@ module Doorkeeper::OAuth
       end
     end
 
+    describe '#&' do
+      it 'can get intersection with another scope object' do
+        scopes = Scopes.from_string('public admin') & Scopes.from_string('write admin')
+        expect(scopes.all).to eq(%w[admin])
+      end
+
+      it 'does not change the existing object' do
+        origin = Scopes.from_string('public admin')
+        origin & Scopes.from_string('write admin')
+        expect(origin.to_s).to eq('public admin')
+      end
+
+      it 'can get intersection with an array' do
+        scopes = Scopes.from_string('public admin') & %w[write admin]
+        expect(scopes.all).to eq(%w[admin])
+      end
+    end
+
     describe '#==' do
       it 'is equal to another set of scopes' do
         expect(Scopes.from_string('public')).to eq(Scopes.from_string('public'))
@@ -89,6 +112,10 @@ module Doorkeeper::OAuth
       it 'differs from another set of scopes when scopes are not the same' do
         expect(Scopes.from_string('public write')).not_to eq(Scopes.from_string('write'))
       end
+
+      it "does not raise an error when compared to a non-enumerable object" do
+        expect { Scopes.from_string("public") == false }.not_to raise_error
+      end
     end
 
     describe '#has_scopes?' do

data/spec/lib/oauth/token_request_spec.rb

@@ -6,6 +6,7 @@ module Doorkeeper::OAuth
       scopes = double(all: ['public'])
       double(:application, id: 9990, scopes: scopes)
     end
+
     let :pre_auth do
       double(
         :pre_auth,
@@ -38,9 +39,7 @@ module Doorkeeper::OAuth
 
     it 'does not create token when not authorizable' do
       allow(pre_auth).to receive(:authorizable?).and_return(false)
-      expect do
-        subject.authorize
-      end.to_not change { Doorkeeper::AccessToken.count }
+      expect { subject.authorize }.not_to change { Doorkeeper::AccessToken.count }
     end
 
     it 'returns a error response' do
@@ -75,7 +74,7 @@ module Doorkeeper::OAuth
 
       it 'creates a new token if scopes do not match' do
         allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-        FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
+        FactoryBot.create(:access_token, application_id: pre_auth.client.id,
                            resource_owner_id: owner.id, scopes: '')
         expect do
           subject.authorize
@@ -86,12 +85,11 @@ module Doorkeeper::OAuth
         allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
         allow(application.scopes).to receive(:has_scopes?).and_return(true)
         allow(application.scopes).to receive(:all?).and_return(true)
-        FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
+
+        FactoryBot.create(:access_token, application_id: pre_auth.client.id,
                            resource_owner_id: owner.id, scopes: 'public')
 
-        expect do
-          subject.authorize
-        end.to_not change { Doorkeeper::AccessToken.count }
+        expect { subject.authorize }.not_to change { Doorkeeper::AccessToken.count }
       end
     end
   end

data/spec/lib/server_spec.rb

@@ -45,5 +45,15 @@ describe Doorkeeper::Server do
       expect(fake_class).to receive(:new).with(subject)
       subject.authorization_request :code
     end
+
+    it 'builds the request with composit strategy name' do
+      allow(Doorkeeper.configuration).
+        to receive(:authorization_response_types).
+        and_return(['id_token token'])
+
+      stub_const 'Doorkeeper::Request::IdTokenToken', fake_class
+      expect(fake_class).to receive(:new).with(subject)
+      subject.authorization_request 'id_token token'
+    end
   end
 end

data/spec/models/doorkeeper/access_grant_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper_integration'
 
 describe Doorkeeper::AccessGrant do
-  subject { FactoryGirl.build(:access_grant) }
+  subject { FactoryBot.build(:access_grant) }
 
   it { expect(subject).to be_valid }
 

data/spec/models/doorkeeper/access_token_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper_integration'
 
 module Doorkeeper
   describe AccessToken do
-    subject { FactoryGirl.build(:access_token) }
+    subject { FactoryBot.build(:access_token) }
 
     it { expect(subject).to be_valid }
 
@@ -19,9 +19,9 @@ module Doorkeeper
 
     describe :generate_token do
       it 'generates a token using the default method' do
-        FactoryGirl.create :access_token
+        FactoryBot.create :access_token
 
-        token = FactoryGirl.create :access_token
+        token = FactoryBot.create :access_token
         expect(token.token).to be_a(String)
       end
 
@@ -41,7 +41,7 @@ module Doorkeeper
           access_token_generator "Doorkeeper::CustomGeneratorArgs"
         end
 
-        token = FactoryGirl.create :access_token
+        token = FactoryBot.create :access_token
         expect(token.token).to match(%r{custom_generator_token_\d+})
       end
 
@@ -61,7 +61,7 @@ module Doorkeeper
           access_token_generator "Doorkeeper::CustomGeneratorArgs"
         end
 
-        token = FactoryGirl.create :access_token
+        token = FactoryBot.create :access_token
         expect(token.token).to match(%r{custom_generator_token_Application \d+})
       end
 
@@ -81,7 +81,7 @@ module Doorkeeper
           access_token_generator "Doorkeeper::CustomGeneratorArgs"
         end
 
-        token = FactoryGirl.create :access_token, scopes: 'public write'
+        token = FactoryBot.create :access_token, scopes: 'public write'
 
         expect(token.token).to eq 'custom_generator_token_2_public write'
       end
@@ -102,7 +102,7 @@ module Doorkeeper
           access_token_generator "Doorkeeper::CustomGeneratorArgs"
         end
 
-        token = FactoryGirl.create :access_token
+        token = FactoryBot.create :access_token
         expect(token.token).to eq 'custom_generator_token_7200'
       end
 
@@ -118,7 +118,7 @@ module Doorkeeper
           access_token_generator "Doorkeeper::CustomGeneratorArgs"
         end
 
-        token = FactoryGirl.create :access_token
+        token = FactoryBot.create :access_token
         created_at = token.created_at
         expect(token.token).to eq "custom_generator_token_#{created_at.to_i}"
       end
@@ -132,8 +132,31 @@ module Doorkeeper
           access_token_generator "Doorkeeper::NoGenerate"
         end
 
-        expect { FactoryGirl.create :access_token }.to(
-          raise_error(Doorkeeper::Errors::UnableToGenerateToken))
+        expect { FactoryBot.create :access_token }.to(
+          raise_error(Doorkeeper::Errors::UnableToGenerateToken)
+        )
+      end
+
+      it 'raises original error if something went wrong in custom generator' do
+        eigenclass = class << CustomGeneratorArgs; self; end
+        eigenclass.class_eval do
+          remove_method :generate
+        end
+
+        module CustomGeneratorArgs
+          def self.generate(opts = {})
+            raise LoadError, 'custom behaviour'
+          end
+        end
+
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_generator "Doorkeeper::CustomGeneratorArgs"
+        end
+
+        expect { FactoryBot.create :access_token }.to(
+          raise_error(LoadError)
+        )
       end
 
       it 'raises an error if the custom object does not exist' do
@@ -142,32 +165,33 @@ module Doorkeeper
           access_token_generator "Doorkeeper::NotReal"
         end
 
-        expect { FactoryGirl.create :access_token }.to(
-          raise_error(Doorkeeper::Errors::TokenGeneratorNotFound))
+        expect { FactoryBot.create :access_token }.to(
+          raise_error(Doorkeeper::Errors::TokenGeneratorNotFound, /NotReal/)
+        )
       end
     end
 
     describe :refresh_token do
       it 'has empty refresh token if it was not required' do
-        token = FactoryGirl.create :access_token
+        token = FactoryBot.create :access_token
         expect(token.refresh_token).to be_nil
       end
 
       it 'generates a refresh token if it was requested' do
-        token = FactoryGirl.create :access_token, use_refresh_token: true
+        token = FactoryBot.create :access_token, use_refresh_token: true
         expect(token.refresh_token).not_to be_nil
       end
 
       it 'is not valid if token exists' do
-        token1 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2 = FactoryGirl.create :access_token, use_refresh_token: true
+        token1 = FactoryBot.create :access_token, use_refresh_token: true
+        token2 = FactoryBot.create :access_token, use_refresh_token: true
         token2.refresh_token = token1.refresh_token
         expect(token2).not_to be_valid
       end
 
       it 'expects database to raise an error if refresh tokens are the same' do
-        token1 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2 = FactoryGirl.create :access_token, use_refresh_token: true
+        token1 = FactoryBot.create :access_token, use_refresh_token: true
+        token2 = FactoryBot.create :access_token, use_refresh_token: true
         expect do
           token2.refresh_token = token1.refresh_token
           token2.save(validate: false)
@@ -194,22 +218,22 @@ module Doorkeeper
       context 'with default parameters' do
 
         let(:resource_owner_id) { 100 }
-        let(:application)    { FactoryGirl.create :application }
+        let(:application)    { FactoryBot.create :application }
         let(:default_attributes) do
           { application: application, resource_owner_id: resource_owner_id }
         end
-        let(:access_token1) { FactoryGirl.create :access_token, default_attributes }
+        let(:access_token1) { FactoryBot.create :access_token, default_attributes }
 
         context 'the second token has the same owner and same app' do
-          let(:access_token2) { FactoryGirl.create :access_token, default_attributes }
+          let(:access_token2) { FactoryBot.create :access_token, default_attributes }
           it 'success' do
             expect(access_token1.same_credential?(access_token2)).to be_truthy
           end
         end
 
         context 'the second token has same owner and different app' do
-          let(:other_application) { FactoryGirl.create :application }
-          let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: resource_owner_id }
+          let(:other_application) { FactoryBot.create :application }
+          let(:access_token2) { FactoryBot.create :access_token, application: other_application, resource_owner_id: resource_owner_id }
 
           it 'fail' do
             expect(access_token1.same_credential?(access_token2)).to be_falsey
@@ -218,8 +242,8 @@ module Doorkeeper
 
         context 'the second token has different owner and different app' do
 
-          let(:other_application) { FactoryGirl.create :application }
-          let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: 42 }
+          let(:other_application) { FactoryBot.create :application }
+          let(:access_token2) { FactoryBot.create :access_token, application: other_application, resource_owner_id: 42 }
 
           it 'fail' do
             expect(access_token1.same_credential?(access_token2)).to be_falsey
@@ -227,7 +251,7 @@ module Doorkeeper
         end
 
         context 'the second token has different owner and same app' do
-          let(:access_token2) { FactoryGirl.create :access_token, application: application, resource_owner_id: 42 }
+          let(:access_token2) { FactoryBot.create :access_token, application: application, resource_owner_id: 42 }
 
           it 'fail' do
             expect(access_token1.same_credential?(access_token2)).to be_falsey
@@ -238,7 +262,7 @@ module Doorkeeper
 
     describe '#acceptable?' do
       context 'a token that is not accessible' do
-        let(:token) { FactoryGirl.create(:access_token, created_at: 6.hours.ago) }
+        let(:token) { FactoryBot.create(:access_token, created_at: 6.hours.ago) }
 
         it 'should return false' do
           expect(token.acceptable?(nil)).to be false
@@ -246,7 +270,7 @@ module Doorkeeper
       end
 
       context 'a token that has the incorrect scopes' do
-        let(:token) { FactoryGirl.create(:access_token) }
+        let(:token) { FactoryBot.create(:access_token) }
 
         it 'should return false' do
           expect(token.acceptable?(['public'])).to be false
@@ -255,7 +279,7 @@ module Doorkeeper
 
       context 'a token is acceptable with the correct scopes' do
         let(:token) do
-          token = FactoryGirl.create(:access_token)
+          token = FactoryBot.create(:access_token)
           token[:scopes] = 'public'
           token
         end
@@ -268,13 +292,13 @@ module Doorkeeper
 
     describe '.revoke_all_for' do
       let(:resource_owner) { double(id: 100) }
-      let(:application)    { FactoryGirl.create :application }
+      let(:application)    { FactoryBot.create :application }
       let(:default_attributes) do
         { application: application, resource_owner_id: resource_owner.id }
       end
 
       it 'revokes all tokens for given application and resource owner' do
-        FactoryGirl.create :access_token, default_attributes
+        FactoryBot.create :access_token, default_attributes
         AccessToken.revoke_all_for application.id, resource_owner
         AccessToken.all.each do |token|
           expect(token).to be_revoked
@@ -282,13 +306,13 @@ module Doorkeeper
       end
 
       it 'matches application' do
-        FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
+        FactoryBot.create :access_token, default_attributes.merge(application: FactoryBot.create(:application))
         AccessToken.revoke_all_for application.id, resource_owner
         expect(AccessToken.all).not_to be_empty
       end
 
       it 'matches resource owner' do
-        FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 90)
+        FactoryBot.create :access_token, default_attributes.merge(resource_owner_id: 90)
         AccessToken.revoke_all_for application.id, resource_owner
         expect(AccessToken.all).not_to be_empty
       end
@@ -296,7 +320,7 @@ module Doorkeeper
 
     describe '.matching_token_for' do
       let(:resource_owner_id) { 100 }
-      let(:application)       { FactoryGirl.create :application }
+      let(:application)       { FactoryBot.create :application }
       let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public write') }
       let(:default_attributes) do
         {
@@ -307,63 +331,63 @@ module Doorkeeper
       end
 
       it 'returns only one token' do
-        token = FactoryGirl.create :access_token, default_attributes
+        token = FactoryBot.create :access_token, default_attributes
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to eq(token)
       end
 
       it 'accepts resource owner as object' do
         resource_owner = double(to_key: true, id: 100)
-        token = FactoryGirl.create :access_token, default_attributes
+        token = FactoryBot.create :access_token, default_attributes
         last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
         expect(last_token).to eq(token)
       end
 
       it 'accepts nil as resource owner' do
-        token = FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: nil)
+        token = FactoryBot.create :access_token, default_attributes.merge(resource_owner_id: nil)
         last_token = AccessToken.matching_token_for(application, nil, scopes)
         expect(last_token).to eq(token)
       end
 
       it 'excludes revoked tokens' do
-        FactoryGirl.create :access_token, default_attributes.merge(revoked_at: 1.day.ago)
+        FactoryBot.create :access_token, default_attributes.merge(revoked_at: 1.day.ago)
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
 
       it 'matches the application' do
-        FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
+        FactoryBot.create :access_token, default_attributes.merge(application: FactoryBot.create(:application))
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
 
       it 'matches the resource owner' do
-        FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 2)
+        FactoryBot.create :access_token, default_attributes.merge(resource_owner_id: 2)
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
 
       it 'matches token with fewer scopes' do
-        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public')
+        FactoryBot.create :access_token, default_attributes.merge(scopes: 'public')
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
 
       it 'matches token with different scopes' do
-        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public email')
+        FactoryBot.create :access_token, default_attributes.merge(scopes: 'public email')
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
 
       it 'matches token with more scopes' do
-        FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public write email')
+        FactoryBot.create :access_token, default_attributes.merge(scopes: 'public write email')
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
 
       it 'matches application scopes' do
-        application = FactoryGirl.create :application, scopes: "private read"
-        FactoryGirl.create :access_token, default_attributes.merge(
+        application = FactoryBot.create :application, scopes: "private read"
+        FactoryBot.create :access_token, default_attributes.merge(
           application: application
         )
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
@@ -371,14 +395,14 @@ module Doorkeeper
       end
 
       it 'returns the last created token' do
-        FactoryGirl.create :access_token, default_attributes.merge(created_at: 1.day.ago)
-        token = FactoryGirl.create :access_token, default_attributes
+        FactoryBot.create :access_token, default_attributes.merge(created_at: 1.day.ago)
+        token = FactoryBot.create :access_token, default_attributes
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to eq(token)
       end
 
       it 'returns as_json hash' do
-        token = FactoryGirl.create :access_token, default_attributes
+        token = FactoryBot.create :access_token, default_attributes
         token_hash = {
           resource_owner_id:  token.resource_owner_id,
           scopes:             token.scopes,