doorkeeper 4.2.6 → 4.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE.md +19 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
- data/.gitignore +1 -1
- data/.hound.yml +2 -13
- data/.rubocop.yml +13 -0
- data/.travis.yml +13 -5
- data/Appraisals +6 -2
- data/CODE_OF_CONDUCT.md +46 -0
- data/Gemfile +1 -1
- data/NEWS.md +24 -0
- data/README.md +39 -9
- data/SECURITY.md +13 -0
- data/app/controllers/doorkeeper/application_controller.rb +1 -5
- data/app/controllers/doorkeeper/applications_controller.rb +14 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +13 -1
- data/app/helpers/doorkeeper/dashboard_helper.rb +4 -2
- data/app/validators/redirect_uri_validator.rb +12 -2
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/config/locales/en.yml +3 -5
- data/doorkeeper.gemspec +4 -3
- data/gemfiles/rails_4_2.gemfile +6 -4
- data/gemfiles/rails_5_0.gemfile +4 -4
- data/gemfiles/rails_5_1.gemfile +6 -7
- data/gemfiles/rails_5_2.gemfile +12 -0
- data/gemfiles/rails_master.gemfile +14 -0
- data/lib/doorkeeper.rb +1 -0
- data/lib/doorkeeper/config.rb +55 -55
- data/lib/doorkeeper/engine.rb +3 -3
- data/lib/doorkeeper/grape/helpers.rb +13 -8
- data/lib/doorkeeper/helpers/controller.rb +8 -4
- data/lib/doorkeeper/models/access_token_mixin.rb +14 -7
- data/lib/doorkeeper/models/application_mixin.rb +11 -6
- data/lib/doorkeeper/models/concerns/expirable.rb +7 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +22 -18
- data/lib/doorkeeper/oauth/authorization_code_request.rb +6 -1
- data/lib/doorkeeper/oauth/base_request.rb +5 -5
- data/lib/doorkeeper/oauth/client.rb +2 -2
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -2
- data/lib/doorkeeper/oauth/error.rb +2 -2
- data/lib/doorkeeper/oauth/error_response.rb +1 -2
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -3
- data/lib/doorkeeper/oauth/password_access_token_request.rb +1 -0
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -0
- data/lib/doorkeeper/oauth/scopes.rb +18 -8
- data/lib/doorkeeper/oauth/token.rb +1 -1
- data/lib/doorkeeper/oauth/token_introspection.rb +128 -0
- data/lib/doorkeeper/orm/active_record.rb +20 -8
- data/lib/doorkeeper/orm/active_record/access_grant.rb +1 -1
- data/lib/doorkeeper/orm/active_record/access_token.rb +1 -23
- data/lib/doorkeeper/orm/active_record/application.rb +1 -1
- data/lib/doorkeeper/orm/active_record/base_record.rb +11 -0
- data/lib/doorkeeper/rails/helpers.rb +5 -6
- data/lib/doorkeeper/rails/routes.rb +9 -7
- data/lib/doorkeeper/request.rb +7 -1
- data/lib/doorkeeper/validations.rb +3 -2
- data/lib/doorkeeper/version.rb +13 -1
- data/lib/generators/doorkeeper/application_owner_generator.rb +11 -2
- data/lib/generators/doorkeeper/migration_generator.rb +13 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -1
- data/lib/generators/doorkeeper/templates/{add_owner_to_application_migration.rb → add_owner_to_application_migration.rb.erb} +1 -1
- data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +1 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +19 -3
- data/lib/generators/doorkeeper/templates/{migration.rb → migration.rb.erb} +1 -1
- data/spec/controllers/applications_controller_spec.rb +15 -4
- data/spec/controllers/authorizations_controller_spec.rb +5 -5
- data/spec/controllers/protected_resources_controller_spec.rb +28 -19
- data/spec/controllers/token_info_controller_spec.rb +17 -13
- data/spec/controllers/tokens_controller_spec.rb +138 -4
- data/spec/dummy/config/initializers/doorkeeper.rb +1 -1
- data/spec/dummy/config/initializers/{active_record_belongs_to_required_by_default.rb → new_framework_defaults.rb} +1 -1
- data/spec/dummy/config/initializers/secret_token.rb +0 -1
- data/spec/factories.rb +1 -1
- data/spec/generators/application_owner_generator_spec.rb +24 -5
- data/spec/generators/migration_generator_spec.rb +24 -3
- data/spec/generators/previous_refresh_token_generator_spec.rb +57 -0
- data/spec/grape/grape_integration_spec.rb +135 -0
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +115 -12
- data/spec/lib/models/revocable_spec.rb +2 -2
- data/spec/lib/oauth/authorization_code_request_spec.rb +39 -11
- data/spec/lib/oauth/base_request_spec.rb +2 -7
- data/spec/lib/oauth/client_credentials/creator_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials_request_spec.rb +1 -0
- data/spec/lib/oauth/code_request_spec.rb +1 -3
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +5 -0
- data/spec/lib/oauth/invalid_token_response_spec.rb +1 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +9 -3
- data/spec/lib/oauth/refresh_token_request_spec.rb +19 -7
- data/spec/lib/oauth/scopes_spec.rb +28 -1
- data/spec/lib/oauth/token_request_spec.rb +6 -8
- data/spec/lib/server_spec.rb +10 -0
- data/spec/models/doorkeeper/access_grant_spec.rb +1 -1
- data/spec/models/doorkeeper/access_token_spec.rb +72 -48
- data/spec/models/doorkeeper/application_spec.rb +51 -18
- data/spec/requests/applications/applications_request_spec.rb +5 -5
- data/spec/requests/endpoints/token_spec.rb +8 -1
- data/spec/requests/flows/authorization_code_spec.rb +1 -0
- data/spec/requests/flows/client_credentials_spec.rb +1 -1
- data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
- data/spec/requests/flows/refresh_token_spec.rb +4 -4
- data/spec/requests/flows/revoke_token_spec.rb +15 -15
- data/spec/requests/protected_resources/metal_spec.rb +1 -1
- data/spec/requests/protected_resources/private_api_spec.rb +1 -1
- data/spec/routing/custom_controller_routes_spec.rb +4 -0
- data/spec/routing/default_routes_spec.rb +5 -1
- data/spec/spec_helper_integration.rb +15 -4
- data/spec/support/dependencies/factory_girl.rb +2 -2
- data/spec/support/helpers/access_token_request_helper.rb +1 -1
- data/spec/support/helpers/model_helper.rb +9 -4
- data/spec/support/helpers/request_spec_helper.rb +7 -3
- data/spec/support/helpers/url_helper.rb +8 -8
- data/spec/support/shared/controllers_shared_context.rb +2 -6
- data/spec/support/shared/models_shared_examples.rb +4 -4
- data/spec/validators/redirect_uri_validator_spec.rb +51 -6
- data/spec/version/version_spec.rb +15 -0
- metadata +42 -13
|
@@ -4,7 +4,7 @@ module Doorkeeper
|
|
|
4
4
|
describe Application do
|
|
5
5
|
let(:require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', true) }
|
|
6
6
|
let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', false) }
|
|
7
|
-
let(:new_application) {
|
|
7
|
+
let(:new_application) { FactoryBot.build(:application) }
|
|
8
8
|
|
|
9
9
|
let(:uid) { SecureRandom.hex(8) }
|
|
10
10
|
let(:secret) { SecureRandom.hex(8) }
|
|
@@ -30,7 +30,7 @@ module Doorkeeper
|
|
|
30
30
|
context 'application owner is required' do
|
|
31
31
|
before(:each) do
|
|
32
32
|
require_owner
|
|
33
|
-
@owner =
|
|
33
|
+
@owner = FactoryBot.build_stubbed(:doorkeeper_testing_user)
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
it 'is invalid without an owner' do
|
|
@@ -80,15 +80,15 @@ module Doorkeeper
|
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
it 'checks uniqueness of uid' do
|
|
83
|
-
app1 =
|
|
84
|
-
app2 =
|
|
83
|
+
app1 = FactoryBot.create(:application)
|
|
84
|
+
app2 = FactoryBot.create(:application)
|
|
85
85
|
app2.uid = app1.uid
|
|
86
86
|
expect(app2).not_to be_valid
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
it 'expects database to throw an error when uids are the same' do
|
|
90
|
-
app1 =
|
|
91
|
-
app2 =
|
|
90
|
+
app1 = FactoryBot.create(:application)
|
|
91
|
+
app2 = FactoryBot.create(:application)
|
|
92
92
|
app2.uid = app1.uid
|
|
93
93
|
expect { app2.save!(validate: false) }.to raise_error(uniqueness_error)
|
|
94
94
|
end
|
|
@@ -123,19 +123,52 @@ module Doorkeeper
|
|
|
123
123
|
end
|
|
124
124
|
|
|
125
125
|
it 'should destroy its access grants' do
|
|
126
|
-
|
|
126
|
+
FactoryBot.create(:access_grant, application: new_application)
|
|
127
127
|
expect { new_application.destroy }.to change { Doorkeeper::AccessGrant.count }.by(-1)
|
|
128
128
|
end
|
|
129
129
|
|
|
130
130
|
it 'should destroy its access tokens' do
|
|
131
|
-
|
|
132
|
-
|
|
131
|
+
FactoryBot.create(:access_token, application: new_application)
|
|
132
|
+
FactoryBot.create(:access_token, application: new_application, revoked_at: Time.now.utc)
|
|
133
133
|
expect do
|
|
134
134
|
new_application.destroy
|
|
135
135
|
end.to change { Doorkeeper::AccessToken.count }.by(-2)
|
|
136
136
|
end
|
|
137
137
|
end
|
|
138
138
|
|
|
139
|
+
describe :ordered_by do
|
|
140
|
+
let(:applications) { FactoryBot.create_list(:application, 5) }
|
|
141
|
+
|
|
142
|
+
context 'when a direction is not specified' do
|
|
143
|
+
it 'calls order with a default order of asc' do
|
|
144
|
+
names = applications.map(&:name).sort
|
|
145
|
+
expect(Application.ordered_by(:name).map(&:name)).to eq(names)
|
|
146
|
+
end
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
context 'when a direction is specified' do
|
|
150
|
+
it 'calls order with specified direction' do
|
|
151
|
+
names = applications.map(&:name).sort.reverse
|
|
152
|
+
expect(Application.ordered_by(:name, :desc).map(&:name)).to eq(names)
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
describe "#redirect_uri=" do
|
|
158
|
+
context "when array of valid redirect_uris" do
|
|
159
|
+
it "should join by newline" do
|
|
160
|
+
new_application.redirect_uri = ['http://localhost/callback1', 'http://localhost/callback2']
|
|
161
|
+
expect(new_application.redirect_uri).to eq("http://localhost/callback1\nhttp://localhost/callback2")
|
|
162
|
+
end
|
|
163
|
+
end
|
|
164
|
+
context "when string of valid redirect_uris" do
|
|
165
|
+
it "should store as-is" do
|
|
166
|
+
new_application.redirect_uri = "http://localhost/callback1\nhttp://localhost/callback2"
|
|
167
|
+
expect(new_application.redirect_uri).to eq("http://localhost/callback1\nhttp://localhost/callback2")
|
|
168
|
+
end
|
|
169
|
+
end
|
|
170
|
+
end
|
|
171
|
+
|
|
139
172
|
describe :authorized_for do
|
|
140
173
|
let(:resource_owner) { double(:resource_owner, id: 10) }
|
|
141
174
|
|
|
@@ -144,33 +177,33 @@ module Doorkeeper
|
|
|
144
177
|
end
|
|
145
178
|
|
|
146
179
|
it 'returns only application for a specific resource owner' do
|
|
147
|
-
|
|
148
|
-
token =
|
|
180
|
+
FactoryBot.create(:access_token, resource_owner_id: resource_owner.id + 1)
|
|
181
|
+
token = FactoryBot.create(:access_token, resource_owner_id: resource_owner.id)
|
|
149
182
|
expect(Application.authorized_for(resource_owner)).to eq([token.application])
|
|
150
183
|
end
|
|
151
184
|
|
|
152
185
|
it 'excludes revoked tokens' do
|
|
153
|
-
|
|
186
|
+
FactoryBot.create(:access_token, resource_owner_id: resource_owner.id, revoked_at: 2.days.ago)
|
|
154
187
|
expect(Application.authorized_for(resource_owner)).to be_empty
|
|
155
188
|
end
|
|
156
189
|
|
|
157
190
|
it 'returns all applications that have been authorized' do
|
|
158
|
-
token1 =
|
|
159
|
-
token2 =
|
|
191
|
+
token1 = FactoryBot.create(:access_token, resource_owner_id: resource_owner.id)
|
|
192
|
+
token2 = FactoryBot.create(:access_token, resource_owner_id: resource_owner.id)
|
|
160
193
|
expect(Application.authorized_for(resource_owner)).to eq([token1.application, token2.application])
|
|
161
194
|
end
|
|
162
195
|
|
|
163
196
|
it 'returns only one application even if it has been authorized twice' do
|
|
164
|
-
application =
|
|
165
|
-
|
|
166
|
-
|
|
197
|
+
application = FactoryBot.create(:application)
|
|
198
|
+
FactoryBot.create(:access_token, resource_owner_id: resource_owner.id, application: application)
|
|
199
|
+
FactoryBot.create(:access_token, resource_owner_id: resource_owner.id, application: application)
|
|
167
200
|
expect(Application.authorized_for(resource_owner)).to eq([application])
|
|
168
201
|
end
|
|
169
202
|
end
|
|
170
203
|
|
|
171
204
|
describe :authenticate do
|
|
172
205
|
it 'finds the application via uid/secret' do
|
|
173
|
-
app =
|
|
206
|
+
app = FactoryBot.create :application
|
|
174
207
|
authenticated = Application.by_uid_and_secret(app.uid, app.secret)
|
|
175
208
|
expect(authenticated).to eq(app)
|
|
176
209
|
end
|
|
@@ -25,8 +25,8 @@ end
|
|
|
25
25
|
|
|
26
26
|
feature 'Listing applications' do
|
|
27
27
|
background do
|
|
28
|
-
|
|
29
|
-
|
|
28
|
+
FactoryBot.create :application, name: 'Oauth Dude'
|
|
29
|
+
FactoryBot.create :application, name: 'Awesome App'
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
scenario 'application list' do
|
|
@@ -38,7 +38,7 @@ end
|
|
|
38
38
|
|
|
39
39
|
feature 'Show application' do
|
|
40
40
|
given :app do
|
|
41
|
-
|
|
41
|
+
FactoryBot.create :application, name: 'Just another oauth app'
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
scenario 'visiting application page' do
|
|
@@ -49,7 +49,7 @@ end
|
|
|
49
49
|
|
|
50
50
|
feature 'Edit application' do
|
|
51
51
|
let :app do
|
|
52
|
-
|
|
52
|
+
FactoryBot.create :application, name: 'OMG my app'
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
background do
|
|
@@ -73,7 +73,7 @@ end
|
|
|
73
73
|
|
|
74
74
|
feature 'Remove application' do
|
|
75
75
|
background do
|
|
76
|
-
@app =
|
|
76
|
+
@app = FactoryBot.create :application
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
scenario 'deleting an application from list' do
|
|
@@ -9,7 +9,14 @@ describe 'Token endpoint' do
|
|
|
9
9
|
it 'respond with correct headers' do
|
|
10
10
|
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
11
11
|
should_have_header 'Pragma', 'no-cache'
|
|
12
|
-
|
|
12
|
+
|
|
13
|
+
# Rails 5.2 changed headers
|
|
14
|
+
if ::Rails::VERSION::MAJOR >= 5 && ::Rails::VERSION::MINOR >= 2 || ::Rails::VERSION::MAJOR >= 6
|
|
15
|
+
should_have_header 'Cache-Control', 'private, no-store'
|
|
16
|
+
else
|
|
17
|
+
should_have_header 'Cache-Control', 'no-store'
|
|
18
|
+
end
|
|
19
|
+
|
|
13
20
|
should_have_header 'Content-Type', 'application/json; charset=utf-8'
|
|
14
21
|
end
|
|
15
22
|
|
|
@@ -29,6 +29,7 @@ feature 'Authorization Code Flow' do
|
|
|
29
29
|
|
|
30
30
|
access_grant_should_exist_for(@client, @resource_owner)
|
|
31
31
|
|
|
32
|
+
url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
|
|
32
33
|
i_should_see 'Authorization code:'
|
|
33
34
|
i_should_see Doorkeeper::AccessGrant.first.token
|
|
34
35
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require 'spec_helper_integration'
|
|
2
2
|
|
|
3
3
|
describe 'Client Credentials Request' do
|
|
4
|
-
let(:client) {
|
|
4
|
+
let(:client) { FactoryBot.create :application }
|
|
5
5
|
|
|
6
6
|
context 'a valid request' do
|
|
7
7
|
it 'authorizes the client and returns the token response' do
|
|
@@ -17,13 +17,13 @@ feature 'Implicit Grant Flow Errors' do
|
|
|
17
17
|
[:client_id, :invalid_client],
|
|
18
18
|
[:redirect_uri, :invalid_redirect_uri]
|
|
19
19
|
].each do |error|
|
|
20
|
-
scenario "displays #{error.last
|
|
20
|
+
scenario "displays #{error.last} error for invalid #{error.first}" do
|
|
21
21
|
visit authorization_endpoint_url(client: @client, error.first => 'invalid', response_type: 'token')
|
|
22
22
|
i_should_not_see 'Authorize'
|
|
23
23
|
i_should_see_translated_error_message error.last
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
scenario "displays #{error.last
|
|
26
|
+
scenario "displays #{error.last} error when #{error.first} is missing" do
|
|
27
27
|
visit authorization_endpoint_url(client: @client, error.first => '', response_type: 'token')
|
|
28
28
|
i_should_not_see 'Authorize'
|
|
29
29
|
i_should_see_translated_error_message error.last
|
|
@@ -37,7 +37,7 @@ describe 'Refresh Token Flow' do
|
|
|
37
37
|
|
|
38
38
|
context 'refreshing the token' do
|
|
39
39
|
before do
|
|
40
|
-
@token =
|
|
40
|
+
@token = FactoryBot.create(
|
|
41
41
|
:access_token,
|
|
42
42
|
application: @client,
|
|
43
43
|
resource_owner_id: 1,
|
|
@@ -101,14 +101,14 @@ describe 'Refresh Token Flow' do
|
|
|
101
101
|
should_have_json 'error', 'invalid_grant'
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
-
it 'client gets an error for revoked
|
|
104
|
+
it 'client gets an error for revoked access token' do
|
|
105
105
|
@token.revoke
|
|
106
106
|
post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
|
|
107
107
|
should_not_have_json 'refresh_token'
|
|
108
108
|
should_have_json 'error', 'invalid_grant'
|
|
109
109
|
end
|
|
110
110
|
|
|
111
|
-
it 'second of simultaneous client requests get an error for revoked
|
|
111
|
+
it 'second of simultaneous client requests get an error for revoked access token' do
|
|
112
112
|
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:revoked?).and_return(false, true)
|
|
113
113
|
post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
|
|
114
114
|
|
|
@@ -130,7 +130,7 @@ describe 'Refresh Token Flow' do
|
|
|
130
130
|
)
|
|
131
131
|
last_token.update_attribute :created_at, 5.seconds.ago
|
|
132
132
|
|
|
133
|
-
@token =
|
|
133
|
+
@token = FactoryBot.create(
|
|
134
134
|
:access_token,
|
|
135
135
|
application: @client,
|
|
136
136
|
resource_owner_id: @resource_owner.id,
|
|
@@ -6,10 +6,10 @@ describe 'Revoke Token Flow' do
|
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
context 'with default parameters' do
|
|
9
|
-
let(:client_application) {
|
|
9
|
+
let(:client_application) { FactoryBot.create :application }
|
|
10
10
|
let(:resource_owner) { User.create!(name: 'John', password: 'sekret') }
|
|
11
11
|
let(:access_token) do
|
|
12
|
-
|
|
12
|
+
FactoryBot.create(:access_token,
|
|
13
13
|
application: client_application,
|
|
14
14
|
resource_owner_id: resource_owner.id,
|
|
15
15
|
use_refresh_token: true)
|
|
@@ -28,7 +28,7 @@ describe 'Revoke Token Flow' do
|
|
|
28
28
|
|
|
29
29
|
access_token.reload
|
|
30
30
|
|
|
31
|
-
expect(response).to
|
|
31
|
+
expect(response).to be_successful
|
|
32
32
|
expect(access_token.revoked?).to be_truthy
|
|
33
33
|
end
|
|
34
34
|
|
|
@@ -37,7 +37,7 @@ describe 'Revoke Token Flow' do
|
|
|
37
37
|
|
|
38
38
|
access_token.reload
|
|
39
39
|
|
|
40
|
-
expect(response).to
|
|
40
|
+
expect(response).to be_successful
|
|
41
41
|
expect(access_token.revoked?).to be_truthy
|
|
42
42
|
end
|
|
43
43
|
|
|
@@ -48,7 +48,7 @@ describe 'Revoke Token Flow' do
|
|
|
48
48
|
|
|
49
49
|
# The authorization server responds with HTTP status code 200 even if
|
|
50
50
|
# token is invalid
|
|
51
|
-
expect(response).to
|
|
51
|
+
expect(response).to be_successful
|
|
52
52
|
expect(Doorkeeper::AccessToken.where(revoked_at: nil).count).to eq(num_prev_revoked_tokens)
|
|
53
53
|
end
|
|
54
54
|
end
|
|
@@ -64,7 +64,7 @@ describe 'Revoke Token Flow' do
|
|
|
64
64
|
|
|
65
65
|
access_token.reload
|
|
66
66
|
|
|
67
|
-
expect(response).to
|
|
67
|
+
expect(response).to be_successful
|
|
68
68
|
expect(access_token.revoked?).to be_falsey
|
|
69
69
|
end
|
|
70
70
|
end
|
|
@@ -75,13 +75,13 @@ describe 'Revoke Token Flow' do
|
|
|
75
75
|
|
|
76
76
|
access_token.reload
|
|
77
77
|
|
|
78
|
-
expect(response).to
|
|
78
|
+
expect(response).to be_successful
|
|
79
79
|
expect(access_token.revoked?).to be_falsey
|
|
80
80
|
end
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
context 'with valid token for another client application' do
|
|
84
|
-
let(:other_client_application) {
|
|
84
|
+
let(:other_client_application) { FactoryBot.create :application }
|
|
85
85
|
let(:headers) do
|
|
86
86
|
client_id = other_client_application.uid
|
|
87
87
|
client_secret = other_client_application.secret
|
|
@@ -94,7 +94,7 @@ describe 'Revoke Token Flow' do
|
|
|
94
94
|
|
|
95
95
|
access_token.reload
|
|
96
96
|
|
|
97
|
-
expect(response).to
|
|
97
|
+
expect(response).to be_successful
|
|
98
98
|
expect(access_token.revoked?).to be_falsey
|
|
99
99
|
end
|
|
100
100
|
end
|
|
@@ -102,7 +102,7 @@ describe 'Revoke Token Flow' do
|
|
|
102
102
|
|
|
103
103
|
context 'with public OAuth 2.0 client/application' do
|
|
104
104
|
let(:access_token) do
|
|
105
|
-
|
|
105
|
+
FactoryBot.create(:access_token,
|
|
106
106
|
application: nil,
|
|
107
107
|
resource_owner_id: resource_owner.id,
|
|
108
108
|
use_refresh_token: true)
|
|
@@ -113,7 +113,7 @@ describe 'Revoke Token Flow' do
|
|
|
113
113
|
|
|
114
114
|
access_token.reload
|
|
115
115
|
|
|
116
|
-
expect(response).to
|
|
116
|
+
expect(response).to be_successful
|
|
117
117
|
expect(access_token.revoked?).to be_truthy
|
|
118
118
|
end
|
|
119
119
|
|
|
@@ -122,13 +122,13 @@ describe 'Revoke Token Flow' do
|
|
|
122
122
|
|
|
123
123
|
access_token.reload
|
|
124
124
|
|
|
125
|
-
expect(response).to
|
|
125
|
+
expect(response).to be_successful
|
|
126
126
|
expect(access_token.revoked?).to be_truthy
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
context 'with a valid token issued for a confidential client' do
|
|
130
130
|
let(:access_token) do
|
|
131
|
-
|
|
131
|
+
FactoryBot.create(:access_token,
|
|
132
132
|
application: client_application,
|
|
133
133
|
resource_owner_id: resource_owner.id,
|
|
134
134
|
use_refresh_token: true)
|
|
@@ -139,7 +139,7 @@ describe 'Revoke Token Flow' do
|
|
|
139
139
|
|
|
140
140
|
access_token.reload
|
|
141
141
|
|
|
142
|
-
expect(response).to
|
|
142
|
+
expect(response).to be_successful
|
|
143
143
|
expect(access_token.revoked?).to be_falsey
|
|
144
144
|
end
|
|
145
145
|
|
|
@@ -148,7 +148,7 @@ describe 'Revoke Token Flow' do
|
|
|
148
148
|
|
|
149
149
|
access_token.reload
|
|
150
150
|
|
|
151
|
-
expect(response).to
|
|
151
|
+
expect(response).to be_successful
|
|
152
152
|
expect(access_token.revoked?).to be_falsey
|
|
153
153
|
end
|
|
154
154
|
end
|
|
@@ -2,7 +2,7 @@ require 'spec_helper_integration'
|
|
|
2
2
|
|
|
3
3
|
describe 'ActionController::Metal API' do
|
|
4
4
|
before do
|
|
5
|
-
@client =
|
|
5
|
+
@client = FactoryBot.create(:application)
|
|
6
6
|
@resource = User.create!(name: 'Joe', password: 'sekret')
|
|
7
7
|
@token = client_is_authorized(@client, @resource)
|
|
8
8
|
end
|
|
@@ -2,7 +2,7 @@ require 'spec_helper_integration'
|
|
|
2
2
|
|
|
3
3
|
feature 'Private API' do
|
|
4
4
|
background do
|
|
5
|
-
@client =
|
|
5
|
+
@client = FactoryBot.create(:application)
|
|
6
6
|
@resource = User.create!(name: 'Joe', password: 'sekret')
|
|
7
7
|
@token = client_is_authorized(@client, @resource)
|
|
8
8
|
end
|
|
@@ -45,6 +45,10 @@ describe 'Custom controller for routes' do
|
|
|
45
45
|
expect(post('/space/oauth/revoke')).to route_to('custom_authorizations#revoke')
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
+
it 'POST /space/oauth/introspect routes to tokens controller' do
|
|
49
|
+
expect(post('/space/oauth/introspect')).to route_to('custom_authorizations#introspect')
|
|
50
|
+
end
|
|
51
|
+
|
|
48
52
|
it 'GET /space/oauth/applications routes to applications controller' do
|
|
49
53
|
expect(get('/space/oauth/applications')).to route_to('custom_authorizations#index')
|
|
50
54
|
end
|
|
@@ -21,6 +21,10 @@ describe 'Default routes' do
|
|
|
21
21
|
expect(post('/oauth/revoke')).to route_to('doorkeeper/tokens#revoke')
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
it 'POST /oauth/introspect routes to tokens controller' do
|
|
25
|
+
expect(post('/oauth/introspect')).to route_to('doorkeeper/tokens#introspect')
|
|
26
|
+
end
|
|
27
|
+
|
|
24
28
|
it 'GET /oauth/applications routes to applications controller' do
|
|
25
29
|
expect(get('/oauth/applications')).to route_to('doorkeeper/applications#index')
|
|
26
30
|
end
|
|
@@ -29,7 +33,7 @@ describe 'Default routes' do
|
|
|
29
33
|
expect(get('/oauth/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
|
|
30
34
|
end
|
|
31
35
|
|
|
32
|
-
it 'GET /oauth/token/info route to
|
|
36
|
+
it 'GET /oauth/token/info route to authorized tokeninfo controller' do
|
|
33
37
|
expect(get('/oauth/token/info')).to route_to('doorkeeper/token_info#show')
|
|
34
38
|
end
|
|
35
39
|
end
|
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
if ENV['TRAVIS']
|
|
2
2
|
require 'coveralls'
|
|
3
|
-
|
|
3
|
+
|
|
4
|
+
Coveralls.wear!('rails') do
|
|
5
|
+
add_filter('/spec/')
|
|
6
|
+
add_filter('/lib/generators/doorkeeper/templates/')
|
|
7
|
+
end
|
|
8
|
+
else
|
|
9
|
+
require 'simplecov'
|
|
10
|
+
|
|
11
|
+
SimpleCov.start do
|
|
12
|
+
add_filter('/spec/')
|
|
13
|
+
add_filter('/lib/generators/doorkeeper/templates/')
|
|
14
|
+
end
|
|
4
15
|
end
|
|
5
16
|
|
|
6
17
|
ENV['RAILS_ENV'] ||= 'test'
|
|
@@ -25,10 +36,10 @@ begin
|
|
|
25
36
|
rescue LoadError
|
|
26
37
|
end
|
|
27
38
|
|
|
28
|
-
Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm
|
|
39
|
+
Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm}"
|
|
29
40
|
if Doorkeeper.configuration.orm == :active_record
|
|
30
|
-
Rails.logger.info "======> active_record.table_name_prefix = #{Rails.configuration.active_record.table_name_prefix
|
|
31
|
-
Rails.logger.info "======> active_record.table_name_suffix = #{Rails.configuration.active_record.table_name_suffix
|
|
41
|
+
Rails.logger.info "======> active_record.table_name_prefix = #{Rails.configuration.active_record.table_name_prefix}"
|
|
42
|
+
Rails.logger.info "======> active_record.table_name_suffix = #{Rails.configuration.active_record.table_name_suffix}"
|
|
32
43
|
end
|
|
33
44
|
Rails.logger.info "====> Rails version: #{Rails.version}"
|
|
34
45
|
Rails.logger.info "====> Ruby version: #{RUBY_VERSION}"
|