RubyGems - doorkeeper - Versions diffs - 4.2.6 → 5.0.0.rc1 - Mend

doorkeeper 4.2.6 → 5.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

checksums.yaml +4 -4
data/.github/ISSUE_TEMPLATE.md +25 -0
data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
data/.gitignore +2 -1
data/.hound.yml +2 -13
data/.rubocop.yml +17 -0
data/.travis.yml +19 -5
data/Appraisals +8 -4
data/CODE_OF_CONDUCT.md +46 -0
data/Gemfile +1 -1
data/NEWS.md +77 -0
data/README.md +169 -34
data/Rakefile +6 -0
data/SECURITY.md +15 -0
data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
data/app/controllers/doorkeeper/application_controller.rb +2 -5
data/app/controllers/doorkeeper/application_metal_controller.rb +4 -0
data/app/controllers/doorkeeper/applications_controller.rb +47 -13
data/app/controllers/doorkeeper/authorizations_controller.rb +55 -12
data/app/controllers/doorkeeper/authorized_applications_controller.rb +15 -1
data/app/controllers/doorkeeper/tokens_controller.rb +15 -7
data/app/helpers/doorkeeper/dashboard_helper.rb +8 -6
data/app/validators/redirect_uri_validator.rb +13 -2
data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
data/app/views/doorkeeper/applications/_form.html.erb +31 -19
data/app/views/doorkeeper/applications/edit.html.erb +1 -1
data/app/views/doorkeeper/applications/index.html.erb +18 -6
data/app/views/doorkeeper/applications/new.html.erb +1 -1
data/app/views/doorkeeper/applications/show.html.erb +8 -5
data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +4 -0
data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
data/app/views/layouts/doorkeeper/admin.html.erb +15 -15
data/config/locales/en.yml +18 -6
data/doorkeeper.gemspec +6 -5
data/gemfiles/rails_4_2.gemfile +6 -4
data/gemfiles/rails_5_0.gemfile +4 -4
data/gemfiles/rails_5_1.gemfile +6 -7
data/gemfiles/rails_5_2.gemfile +12 -0
data/gemfiles/rails_master.gemfile +14 -0
data/lib/doorkeeper/config.rb +107 -68
data/lib/doorkeeper/engine.rb +7 -3
data/lib/doorkeeper/errors.rb +2 -5
data/lib/doorkeeper/grape/helpers.rb +14 -9
data/lib/doorkeeper/helpers/controller.rb +15 -6
data/lib/doorkeeper/models/access_grant_mixin.rb +52 -23
data/lib/doorkeeper/models/access_token_mixin.rb +51 -52
data/lib/doorkeeper/models/application_mixin.rb +16 -30
data/lib/doorkeeper/models/concerns/expirable.rb +7 -5
data/lib/doorkeeper/models/concerns/orderable.rb +13 -0
data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
data/lib/doorkeeper/oauth/authorization/code.rb +31 -8
data/lib/doorkeeper/oauth/authorization/context.rb +15 -0
data/lib/doorkeeper/oauth/authorization/token.rb +41 -20
data/lib/doorkeeper/oauth/authorization_code_request.rb +33 -3
data/lib/doorkeeper/oauth/base_request.rb +22 -7
data/lib/doorkeeper/oauth/client/credentials.rb +6 -4
data/lib/doorkeeper/oauth/client.rb +2 -2
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +6 -1
data/lib/doorkeeper/oauth/client_credentials/validation.rb +4 -2
data/lib/doorkeeper/oauth/error.rb +2 -2
data/lib/doorkeeper/oauth/error_response.rb +11 -4
data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +0 -8
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +15 -0
data/lib/doorkeeper/oauth/invalid_token_response.rb +3 -4
data/lib/doorkeeper/oauth/password_access_token_request.rb +8 -4
data/lib/doorkeeper/oauth/pre_authorization.rb +45 -13
data/lib/doorkeeper/oauth/refresh_token_request.rb +7 -1
data/lib/doorkeeper/oauth/scopes.rb +19 -9
data/lib/doorkeeper/oauth/token.rb +6 -3
data/lib/doorkeeper/oauth/token_introspection.rb +128 -0
data/lib/doorkeeper/oauth/token_response.rb +4 -2
data/lib/doorkeeper/oauth.rb +13 -0
data/lib/doorkeeper/orm/active_record/access_grant.rb +27 -0
data/lib/doorkeeper/orm/active_record/access_token.rb +21 -20
data/lib/doorkeeper/orm/active_record/application.rb +34 -0
data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +26 -0
data/lib/doorkeeper/orm/active_record.rb +21 -8
data/lib/doorkeeper/rails/helpers.rb +7 -10
data/lib/doorkeeper/rails/routes.rb +21 -7
data/lib/doorkeeper/rake/db.rake +40 -0
data/lib/doorkeeper/rake/setup.rake +6 -0
data/lib/doorkeeper/rake.rb +14 -0
data/lib/doorkeeper/request/password.rb +1 -11
data/lib/doorkeeper/request.rb +29 -23
data/lib/doorkeeper/validations.rb +3 -2
data/lib/doorkeeper/version.rb +14 -1
data/lib/doorkeeper.rb +6 -17
data/lib/generators/doorkeeper/application_owner_generator.rb +26 -12
data/lib/generators/doorkeeper/confidential_applications_generator.rb +32 -0
data/lib/generators/doorkeeper/install_generator.rb +17 -9
data/lib/generators/doorkeeper/migration_generator.rb +26 -9
data/lib/generators/doorkeeper/pkce_generator.rb +32 -0
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -20
data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
data/lib/generators/doorkeeper/templates/{add_owner_to_application_migration.rb → add_owner_to_application_migration.rb.erb} +1 -1
data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +1 -1
data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +6 -0
data/lib/generators/doorkeeper/templates/initializer.rb +88 -10
data/lib/generators/doorkeeper/templates/{migration.rb → migration.rb.erb} +2 -1
data/lib/generators/doorkeeper/views_generator.rb +3 -1
data/spec/controllers/application_metal_controller_spec.rb +50 -0
data/spec/controllers/applications_controller_spec.rb +141 -17
data/spec/controllers/authorizations_controller_spec.rb +255 -20
data/spec/controllers/protected_resources_controller_spec.rb +44 -35
data/spec/controllers/token_info_controller_spec.rb +17 -21
data/spec/controllers/tokens_controller_spec.rb +142 -10
data/spec/dummy/app/assets/config/manifest.js +2 -0
data/spec/dummy/config/environments/test.rb +4 -5
data/spec/dummy/config/initializers/doorkeeper.rb +18 -1
data/spec/dummy/config/initializers/{active_record_belongs_to_required_by_default.rb → new_framework_defaults.rb} +5 -1
data/spec/dummy/config/initializers/secret_token.rb +0 -1
data/spec/dummy/config/routes.rb +3 -42
data/spec/dummy/db/migrate/20111122132257_create_users.rb +3 -1
data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +3 -1
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -1
data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +3 -1
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +3 -1
data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +6 -0
data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +13 -0
data/spec/dummy/db/schema.rb +38 -37
data/spec/factories.rb +1 -1
data/spec/generators/application_owner_generator_spec.rb +25 -6
data/spec/generators/confidential_applications_generator_spec.rb +45 -0
data/spec/generators/install_generator_spec.rb +1 -1
data/spec/generators/migration_generator_spec.rb +25 -4
data/spec/generators/pkce_generator_spec.rb +43 -0
data/spec/generators/previous_refresh_token_generator_spec.rb +57 -0
data/spec/generators/views_generator_spec.rb +1 -1
data/spec/grape/grape_integration_spec.rb +135 -0
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +2 -2
data/spec/lib/config_spec.rb +170 -22
data/spec/lib/doorkeeper_spec.rb +1 -126
data/spec/lib/models/expirable_spec.rb +0 -3
data/spec/lib/models/revocable_spec.rb +2 -4
data/spec/lib/models/scopes_spec.rb +0 -4
data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -4
data/spec/lib/oauth/authorization_code_request_spec.rb +63 -13
data/spec/lib/oauth/base_request_spec.rb +19 -10
data/spec/lib/oauth/base_response_spec.rb +1 -1
data/spec/lib/oauth/client/credentials_spec.rb +5 -5
data/spec/lib/oauth/client_credentials/creator_spec.rb +6 -2
data/spec/lib/oauth/client_credentials/issuer_spec.rb +26 -7
data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -3
data/spec/lib/oauth/client_credentials_integration_spec.rb +2 -2
data/spec/lib/oauth/client_credentials_request_spec.rb +4 -5
data/spec/lib/oauth/client_spec.rb +0 -3
data/spec/lib/oauth/code_request_spec.rb +5 -5
data/spec/lib/oauth/error_response_spec.rb +0 -3
data/spec/lib/oauth/error_spec.rb +1 -3
data/spec/lib/oauth/forbidden_token_response_spec.rb +1 -4
data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -3
data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -1
data/spec/lib/oauth/helpers/uri_checker_spec.rb +115 -3
data/spec/lib/oauth/invalid_token_response_spec.rb +2 -5
data/spec/lib/oauth/password_access_token_request_spec.rb +46 -5
data/spec/lib/oauth/pre_authorization_spec.rb +40 -6
data/spec/lib/oauth/refresh_token_request_spec.rb +30 -14
data/spec/lib/oauth/scopes_spec.rb +28 -4
data/spec/lib/oauth/token_request_spec.rb +10 -13
data/spec/lib/oauth/token_response_spec.rb +0 -1
data/spec/lib/oauth/token_spec.rb +37 -14
data/spec/lib/orm/active_record/stale_records_cleaner_spec.rb +79 -0
data/spec/lib/request/strategy_spec.rb +0 -1
data/spec/lib/server_spec.rb +10 -0
data/spec/models/doorkeeper/access_grant_spec.rb +2 -2
data/spec/models/doorkeeper/access_token_spec.rb +118 -60
data/spec/models/doorkeeper/application_spec.rb +101 -23
data/spec/requests/applications/applications_request_spec.rb +94 -6
data/spec/requests/applications/authorized_applications_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +1 -1
data/spec/requests/endpoints/token_spec.rb +15 -6
data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
data/spec/requests/flows/authorization_code_spec.rb +198 -1
data/spec/requests/flows/client_credentials_spec.rb +73 -5
data/spec/requests/flows/implicit_grant_errors_spec.rb +3 -3
data/spec/requests/flows/implicit_grant_spec.rb +38 -11
data/spec/requests/flows/password_spec.rb +160 -24
data/spec/requests/flows/refresh_token_spec.rb +6 -6
data/spec/requests/flows/revoke_token_spec.rb +26 -26
data/spec/requests/flows/skip_authorization_spec.rb +16 -11
data/spec/requests/protected_resources/metal_spec.rb +2 -2
data/spec/requests/protected_resources/private_api_spec.rb +2 -2
data/spec/routing/custom_controller_routes_spec.rb +63 -7
data/spec/routing/default_routes_spec.rb +6 -2
data/spec/routing/scoped_routes_spec.rb +16 -2
data/spec/spec_helper.rb +54 -3
data/spec/spec_helper_integration.rb +2 -63
data/spec/support/dependencies/factory_bot.rb +2 -0
data/spec/support/doorkeeper_rspec.rb +19 -0
data/spec/support/helpers/access_token_request_helper.rb +1 -1
data/spec/support/helpers/authorization_request_helper.rb +4 -4
data/spec/support/helpers/model_helper.rb +9 -4
data/spec/support/helpers/request_spec_helper.rb +10 -6
data/spec/support/helpers/url_helper.rb +15 -10
data/spec/support/http_method_shim.rb +12 -16
data/spec/support/shared/controllers_shared_context.rb +2 -6
data/spec/support/shared/models_shared_examples.rb +4 -4
data/spec/validators/redirect_uri_validator_spec.rb +58 -7
data/spec/version/version_spec.rb +15 -0
data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
metadata +73 -19
data/spec/controllers/application_metal_controller.rb +0 -10
data/spec/support/dependencies/factory_girl.rb +0 -2

data/spec/controllers/authorizations_controller_spec.rb CHANGED Viewed

@@ -1,12 +1,12 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   include AuthorizationRequestHelper
-  if Rails::VERSION::MAJOR == 5
+  if Rails::VERSION::MAJOR >= 5
     class ActionDispatch::TestResponse
       def query_params
-        @_query_params ||= begin
+        @query_params ||= begin
           fragment = URI.parse(location).fragment
           Rack::Utils.parse_query(fragment)
         end
@@ -15,7 +15,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   else
     class ActionController::TestResponse
       def query_params
-        @_query_params ||= begin
+        @query_params ||= begin
           fragment = URI.parse(location).fragment
           Rack::Utils.parse_query(fragment)
         end
@@ -24,21 +24,24 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   end
   def translated_error_message(key)
-    I18n.translate key, scope: [:doorkeeper, :errors, :messages]
+    I18n.translate key, scope: %i[doorkeeper errors messages]
   end
-  let(:client)        { FactoryGirl.create :application }
+  let(:client)        { FactoryBot.create :application }
   let(:user)          { User.create!(name: 'Joe', password: 'sekret') }
-  let(:access_token)  { FactoryGirl.build :access_token, resource_owner_id: user.id, application_id: client.id }
+  let(:access_token)  { FactoryBot.build :access_token, resource_owner_id: user.id, application_id: client.id }
   before do
     allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
     allow(controller).to receive(:current_resource_owner).and_return(user)
+    allow(Doorkeeper.configuration).to receive(:custom_access_token_expires_in).and_return(proc { |context|
+      context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
+    })
   end
   describe 'POST #create' do
     before do
-      post :create, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
     end
     it 'redirects after authorization' do
@@ -58,7 +61,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
     it 'includes token expiration in fragment' do
-      expect(response.query_params['expires_in'].to_i).to eq(2.hours.to_i)
+      expect(response.query_params['expires_in'].to_i).to eq(1234)
     end
     it 'issues the token for the current client' do
@@ -70,10 +73,48 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe "POST #create in API mode" do
+    before do
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
+    end
+    let(:response_json_body) { JSON.parse(response.body) }
+    let(:redirect_uri) { response_json_body["redirect_uri"] }
+    it "renders success after authorization" do
+      expect(response).to be_successful
+    end
+    it "renders correct redirect uri" do
+      expect(redirect_uri).to match(/^#{client.redirect_uri}/)
+    end
+    it "includes access token in fragment" do
+      expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)[1]).to eq(Doorkeeper::AccessToken.first.token)
+    end
+    it "includes token type in fragment" do
+      expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "bearer"
+    end
+    it "includes token expiration in fragment" do
+      expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
+    end
+    it "issues the token for the current client" do
+      expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
+    end
+    it "issues the token for the current resource owner" do
+      expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
+    end
+  end
   describe 'POST #create with errors' do
     before do
       default_scopes_exist :public
-      post :create, client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri
+      post :create, params: { client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri }
     end
     it 'redirects after authorization' do
@@ -81,7 +122,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
     it 'redirects to client redirect uri' do
-      expect(response.location).to match(%r{^#{client.redirect_uri}})
+      expect(response.location).to match(/^#{client.redirect_uri}/)
     end
     it 'does not include access token in fragment' do
@@ -101,12 +142,47 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'POST #create in API mode with errors' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      default_scopes_exist :public
+      post :create, params: { client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri }
+    end
+    let(:response_json_body) { JSON.parse(response.body) }
+    let(:redirect_uri) { response_json_body['redirect_uri'] }
+    it 'renders 400 error' do
+      expect(response.status).to eq 401
+    end
+    it 'includes correct redirect URI' do
+      expect(redirect_uri).to match(/^#{client.redirect_uri}/)
+    end
+    it 'does not include access token in fragment' do
+      expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)).to be_nil
+    end
+    it 'includes error in redirect uri' do
+      expect(redirect_uri.match(/error=([a-z_]+)&?/)[1]).to eq 'invalid_scope'
+    end
+    it 'includes error description in redirect uri' do
+      expect(redirect_uri.match(/error_description=(.+)&?/)[1]).to_not be_nil
+    end
+    it 'does not issue any access token' do
+      expect(Doorkeeper::AccessToken.all).to be_empty
+    end
+  end
   describe 'POST #create with application already authorized' do
     before do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
       access_token.save!
-      post :create, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
     end
     it 'returns the existing access token in a fragment' do
@@ -118,13 +194,47 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'POST #create with callbacks' do
+    after do
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+    end
+    describe 'when successful' do
+      after do
+        post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+      end
+      it 'should call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+      end
+      it 'should call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
+      end
+    end
+    describe 'with errors' do
+      after do
+        post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: 'bad_uri' }
+      end
+      it 'should not call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
+      end
+      it 'should not call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
+      end
+    end
+  end
   describe 'GET #new token request with native url and skip_authorization true' do
     before do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
       client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
-      get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
     end
     it 'should redirect immediately' do
@@ -143,18 +253,17 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   describe 'GET #new code request with native url and skip_authorization true' do
     before do
-      allow(Doorkeeper.configuration).to receive(:grant_flows).
-        and_return(%w(authorization_code))
+      allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(%w[authorization_code])
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
       client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
-      get :new, client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri
+      get :new, params: { client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri }
     end
     it 'should redirect immediately' do
       expect(response).to be_redirect
-      expect(response.location).to match(/oauth\/authorize\//)
+      expect(response.location).to match(/oauth\/authorize\/native\?code=#{Doorkeeper::AccessGrant.first.token}/)
     end
     it 'should issue a grant' do
@@ -171,7 +280,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
-      get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
     end
     it 'should redirect immediately' do
@@ -188,7 +297,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
     it 'includes token expiration in fragment' do
-      expect(response.query_params['expires_in'].to_i).to eq(2.hours.to_i)
+      expect(response.query_params['expires_in'].to_i).to eq(1234)
     end
     it 'issues the token for the current client' do
@@ -200,10 +309,72 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'GET #new in API mode' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+    end
+    it 'should render success' do
+      expect(response).to be_successful
+    end
+    it "sets status to pre-authorization" do
+      expect(json_response["status"]).to eq(I18n.t('doorkeeper.pre_authorization.status'))
+    end
+    it "sets correct values" do
+      expect(json_response['client_id']).to eq(client.uid)
+      expect(json_response['redirect_uri']).to eq(client.redirect_uri)
+      expect(json_response['state']).to be_nil
+      expect(json_response['response_type']).to eq('token')
+      expect(json_response['scope']).to eq('')
+    end
+  end
+  describe 'GET #new in API mode with skip_authorization true' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+    end
+    it 'should render success' do
+      expect(response).to be_successful
+    end
+    it 'should issue a token' do
+      expect(Doorkeeper::AccessToken.count).to be 1
+    end
+    it "sets status to redirect" do
+      expect(JSON.parse(response.body)["status"]).to eq("redirect")
+    end
+    it "sets redirect_uri to correct value" do
+      redirect_uri = JSON.parse(response.body)["redirect_uri"]
+      expect(redirect_uri).to_not be_nil
+      expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "bearer"
+      expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
+      expect(
+        redirect_uri.match(/access_token=([a-f0-9]+)&?/)[1]
+      ).to eq Doorkeeper::AccessToken.first.token
+    end
+    it "issues the token for the current client" do
+      expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
+    end
+    it "issues the token for the current resource owner" do
+      expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
+    end
+  end
   describe 'GET #new with errors' do
     before do
       default_scopes_exist :public
-      get :new, an_invalid: 'request'
+      get :new, params: { an_invalid: 'request' }
     end
     it 'does not redirect' do
@@ -215,4 +386,68 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       expect(Doorkeeper::AccessToken.count).to eq 0
     end
   end
+  describe 'GET #new with callbacks' do
+    after do
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+    end
+    describe 'when authorizing' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
+      end
+      it 'should call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+      end
+      it 'should call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
+      end
+    end
+    describe 'when not authorizing' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
+      end
+      it 'should not call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
+      end
+      it 'should not call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
+      end
+    end
+    describe 'when not authorizing in api mode' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
+        allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      end
+      it 'should not call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
+      end
+      it 'should not call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
+      end
+    end
+  end
+  describe 'authorize response memoization' do
+    it 'memoizes the result of the authorization' do
+      strategy = double(:strategy, authorize: true)
+      expect(strategy).to receive(:authorize).once
+      allow(controller).to receive(:strategy) { strategy }
+      allow(controller).to receive(:create) do
+        2.times { controller.send :authorize_response }
+        controller.render json: {}, status: :ok
+      end
+      post :create
+    end
+  end
 end

data/spec/controllers/protected_resources_controller_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module ControllerActions
   def index
@@ -9,11 +9,9 @@ module ControllerActions
     render plain: 'show'
   end
-  def doorkeeper_unauthorized_render_options(*)
-  end
+  def doorkeeper_unauthorized_render_options(*); end
-  def doorkeeper_forbidden_render_options(*)
-  end
+  def doorkeeper_forbidden_render_options(*); end
 end
 describe 'doorkeeper authorize filter' do
@@ -35,12 +33,12 @@ describe 'doorkeeper authorize filter' do
     it 'access_token param' do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
-      get :index, access_token: token_string
+      get :index, params: { access_token: token_string }
     end
     it 'bearer_token param' do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
-      get :index, bearer_token: token_string
+      get :index, params: { bearer_token: token_string }
     end
     it 'Authorization header' do
@@ -59,7 +57,7 @@ describe 'doorkeeper authorize filter' do
       expect(Doorkeeper::AccessToken).to receive(:by_token).exactly(2).times.and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
-      controller.send(:remove_instance_variable, :@_doorkeeper_token)
+      controller.send(:remove_instance_variable, :@doorkeeper_token)
       get :index
     end
   end
@@ -73,25 +71,25 @@ describe 'doorkeeper authorize filter' do
     context 'with valid token', token: :valid do
       it 'allows into index action' do
-        get :index, access_token: token_string
-        expect(response).to be_success
+        get :index, params: { access_token: token_string }
+        expect(response).to be_successful
       end
       it 'allows into show action' do
-        get :show, id: '4', access_token: token_string
-        expect(response).to be_success
+        get :show, params: { id: '4', access_token: token_string }
+        expect(response).to be_successful
       end
     end
     context 'with invalid token', token: :invalid do
       it 'does not allow into index action' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
       end
       it 'does not allow into show action' do
-        get :show, id: '4', access_token: token_string
+        get :show, params: { id: '4', access_token: token_string }
         expect(response.status).to eq 401
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
       end
@@ -109,15 +107,16 @@ describe 'doorkeeper authorize filter' do
     it 'allows if the token has particular scopes' do
       token = double(Doorkeeper::AccessToken,
-                     accessible?: true, scopes: %w(write public),
+                     accessible?: true, scopes: %w[write public],
                      previous_refresh_token: "",
                      revoke_previous_refresh_token!: true)
       expect(token).to receive(:acceptable?).with([:write]).and_return(true)
       expect(
         Doorkeeper::AccessToken
       ).to receive(:by_token).with(token_string).and_return(token)
-      get :index, access_token: token_string
-      expect(response).to be_success
+      get :index, params: { access_token: token_string }
+      expect(response).to be_successful
     end
     it 'does not allow if the token does not include given scope' do
@@ -129,7 +128,8 @@ describe 'doorkeeper authorize filter' do
         Doorkeeper::AccessToken
       ).to receive(:by_token).with(token_string).and_return(token)
       expect(token).to receive(:acceptable?).with([:write]).and_return(false)
-      get :index, access_token: token_string
+      get :index, params: { access_token: token_string }
       expect(response.status).to eq 403
       expect(response.header).to_not include('WWW-Authenticate')
     end
@@ -146,27 +146,30 @@ describe 'doorkeeper authorize filter' do
       before do
         module ControllerActions
           remove_method :doorkeeper_unauthorized_render_options
           def doorkeeper_unauthorized_render_options(error: nil)
             { json: ActiveSupport::JSON.encode(error_message: error.description) }
           end
         end
       end
       after do
         module ControllerActions
           remove_method :doorkeeper_unauthorized_render_options
           def doorkeeper_unauthorized_render_options(error: nil)
           end
         end
       end
       it 'it renders a custom JSON response', token: :invalid do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.content_type).to eq('application/json')
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
-        parsed_body = JSON.parse(response.body)
-        expect(parsed_body).not_to be_nil
-        expect(parsed_body['error_message']).to match('token is invalid')
+        expect(json_response).not_to be_nil
+        expect(json_response['error_message']).to match('token is invalid')
       end
     end
@@ -174,21 +177,23 @@ describe 'doorkeeper authorize filter' do
       before do
         module ControllerActions
           remove_method :doorkeeper_unauthorized_render_options
-          def doorkeeper_unauthorized_render_options(error: nil)
+          def doorkeeper_unauthorized_render_options(**)
             { plain: 'Unauthorized' }
           end
         end
       end
       after do
         module ControllerActions
           remove_method :doorkeeper_unauthorized_render_options
-          def doorkeeper_unauthorized_render_options(error: nil)
-          end
+          def doorkeeper_unauthorized_render_options(error: nil); end
         end
       end
       it 'it renders a custom text response', token: :invalid do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.content_type).to eq('text/plain')
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
@@ -206,8 +211,8 @@ describe 'doorkeeper authorize filter' do
     after do
       module ControllerActions
         remove_method :doorkeeper_forbidden_render_options
-        def doorkeeper_forbidden_render_options(*)
-        end
+        def doorkeeper_forbidden_render_options(*); end
       end
     end
@@ -223,12 +228,14 @@ describe 'doorkeeper authorize filter' do
              expired?: false, previous_refresh_token: "",
              revoke_previous_refresh_token!: true)
     end
     let(:token_string) { '1A2DUWE' }
     context 'with a JSON custom render' do
       before do
         module ControllerActions
           remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
             { json: { error_message: 'Forbidden' } }
           end
@@ -236,13 +243,13 @@ describe 'doorkeeper authorize filter' do
       end
       it 'renders a custom JSON response' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.header).to_not include('WWW-Authenticate')
         expect(response.content_type).to eq('application/json')
         expect(response.status).to eq 403
-        parsed_body = JSON.parse(response.body)
-        expect(parsed_body).not_to be_nil
-        expect(parsed_body['error_message']).to match('Forbidden')
+        expect(json_response).not_to be_nil
+        expect(json_response['error_message']).to match('Forbidden')
       end
     end
@@ -258,7 +265,7 @@ describe 'doorkeeper authorize filter' do
       end
       it 'overrides the default status code' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 404
       end
     end
@@ -267,6 +274,7 @@ describe 'doorkeeper authorize filter' do
       before do
         module ControllerActions
           remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
             { plain: 'Forbidden' }
           end
@@ -274,7 +282,7 @@ describe 'doorkeeper authorize filter' do
       end
       it 'renders a custom status code and text response' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.header).to_not include('WWW-Authenticate')
         expect(response.status).to eq 403
         expect(response.body).to eq('Forbidden')
@@ -285,6 +293,7 @@ describe 'doorkeeper authorize filter' do
       before do
         module ControllerActions
           remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
             { respond_not_found_when_forbidden: true, plain: 'Not Found' }
           end
@@ -292,7 +301,7 @@ describe 'doorkeeper authorize filter' do
       end
       it 'overrides the default status code' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 404
       end
     end