doorkeeper 4.2.6 → 5.5.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1049 -0
- data/README.md +110 -353
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +6 -7
- data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
- data/app/controllers/doorkeeper/applications_controller.rb +65 -16
- data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
- data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
- data/app/controllers/doorkeeper/tokens_controller.rb +115 -38
- data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
- data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
- data/app/views/doorkeeper/applications/_form.html.erb +33 -21
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +40 -16
- data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +6 -0
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
- data/config/locales/en.yml +34 -7
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +82 -0
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +514 -167
- data/lib/doorkeeper/engine.rb +11 -5
- data/lib/doorkeeper/errors.rb +25 -16
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
- data/lib/doorkeeper/grape/helpers.rb +23 -12
- data/lib/doorkeeper/helpers/controller.rb +51 -14
- data/lib/doorkeeper/models/access_grant_mixin.rb +94 -27
- data/lib/doorkeeper/models/access_token_mixin.rb +284 -96
- data/lib/doorkeeper/models/application_mixin.rb +58 -27
- data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +12 -6
- data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +3 -27
- data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
- data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
- data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +7 -5
- data/lib/doorkeeper/oauth/authorization_code_request.rb +63 -10
- data/lib/doorkeeper/oauth/base_request.rb +35 -19
- data/lib/doorkeeper/oauth/base_response.rb +2 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +9 -7
- data/lib/doorkeeper/oauth/client.rb +10 -11
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -11
- data/lib/doorkeeper/oauth/code_request.rb +8 -12
- data/lib/doorkeeper/oauth/code_response.rb +27 -15
- data/lib/doorkeeper/oauth/error.rb +5 -3
- data/lib/doorkeeper/oauth/error_response.rb +35 -15
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +29 -5
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +44 -10
- data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
- data/lib/doorkeeper/oauth/refresh_token_request.rb +60 -31
- data/lib/doorkeeper/oauth/scopes.rb +26 -12
- data/lib/doorkeeper/oauth/token.rb +13 -9
- data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
- data/lib/doorkeeper/oauth/token_request.rb +8 -20
- data/lib/doorkeeper/oauth/token_response.rb +14 -10
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
- data/lib/doorkeeper/orm/active_record/access_token.rb +5 -42
- data/lib/doorkeeper/orm/active_record/application.rb +6 -20
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
- data/lib/doorkeeper/orm/active_record.rb +37 -8
- data/lib/doorkeeper/rails/helpers.rb +14 -13
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
- data/lib/doorkeeper/rails/routes/mapping.rb +9 -7
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +41 -28
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +11 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/authorization_code.rb +6 -4
- data/lib/doorkeeper/request/client_credentials.rb +3 -3
- data/lib/doorkeeper/request/code.rb +1 -1
- data/lib/doorkeeper/request/password.rb +5 -14
- data/lib/doorkeeper/request/refresh_token.rb +6 -5
- data/lib/doorkeeper/request/strategy.rb +4 -2
- data/lib/doorkeeper/request/token.rb +1 -1
- data/lib/doorkeeper/request.rb +62 -29
- data/lib/doorkeeper/secret_storing/base.rb +64 -0
- data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
- data/lib/doorkeeper/secret_storing/plain.rb +33 -0
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
- data/lib/doorkeeper/server.rb +9 -11
- data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
- data/lib/doorkeeper/validations.rb +5 -2
- data/lib/doorkeeper/version.rb +12 -1
- data/lib/doorkeeper.rb +111 -62
- data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/install_generator.rb +19 -9
- data/lib/generators/doorkeeper/migration_generator.rb +27 -10
- data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
- data/{spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb → lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +412 -33
- data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
- data/lib/generators/doorkeeper/views_generator.rb +8 -4
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +114 -276
- data/.coveralls.yml +0 -1
- data/.gitignore +0 -19
- data/.hound.yml +0 -13
- data/.rspec +0 -1
- data/.travis.yml +0 -26
- data/Appraisals +0 -14
- data/CONTRIBUTING.md +0 -47
- data/Gemfile +0 -10
- data/NEWS.md +0 -606
- data/RELEASING.md +0 -10
- data/Rakefile +0 -20
- data/app/validators/redirect_uri_validator.rb +0 -34
- data/doorkeeper.gemspec +0 -29
- data/gemfiles/rails_4_2.gemfile +0 -11
- data/gemfiles/rails_5_0.gemfile +0 -12
- data/gemfiles/rails_5_1.gemfile +0 -13
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb +0 -11
- data/lib/generators/doorkeeper/templates/migration.rb +0 -68
- data/spec/controllers/application_metal_controller.rb +0 -10
- data/spec/controllers/applications_controller_spec.rb +0 -58
- data/spec/controllers/authorizations_controller_spec.rb +0 -218
- data/spec/controllers/protected_resources_controller_spec.rb +0 -300
- data/spec/controllers/token_info_controller_spec.rb +0 -52
- data/spec/controllers/tokens_controller_spec.rb +0 -88
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -5
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -23
- data/spec/dummy/config/boot.rb +0 -9
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -44
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/schema.rb +0 -67
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/factories.rb +0 -28
- data/spec/generators/application_owner_generator_spec.rb +0 -22
- data/spec/generators/install_generator_spec.rb +0 -31
- data/spec/generators/migration_generator_spec.rb +0 -20
- data/spec/generators/templates/routes.rb +0 -3
- data/spec/generators/views_generator_spec.rb +0 -27
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
- data/spec/lib/config_spec.rb +0 -334
- data/spec/lib/doorkeeper_spec.rb +0 -150
- data/spec/lib/models/expirable_spec.rb +0 -50
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -43
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -41
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
- data/spec/lib/oauth/base_request_spec.rb +0 -160
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -88
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
- data/spec/lib/oauth/client_spec.rb +0 -39
- data/spec/lib/oauth/code_request_spec.rb +0 -45
- data/spec/lib/oauth/code_response_spec.rb +0 -34
- data/spec/lib/oauth/error_response_spec.rb +0 -61
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -56
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
- data/spec/lib/oauth/scopes_spec.rb +0 -122
- data/spec/lib/oauth/token_request_spec.rb +0 -98
- data/spec/lib/oauth/token_response_spec.rb +0 -85
- data/spec/lib/oauth/token_spec.rb +0 -116
- data/spec/lib/request/strategy_spec.rb +0 -53
- data/spec/lib/server_spec.rb +0 -49
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
- data/spec/models/doorkeeper/access_token_spec.rb +0 -394
- data/spec/models/doorkeeper/application_spec.rb +0 -179
- data/spec/requests/applications/applications_request_spec.rb +0 -94
- data/spec/requests/applications/authorized_applications_spec.rb +0 -30
- data/spec/requests/endpoints/authorization_spec.rb +0 -71
- data/spec/requests/endpoints/token_spec.rb +0 -64
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -76
- data/spec/requests/flows/authorization_code_spec.rb +0 -148
- data/spec/requests/flows/client_credentials_spec.rb +0 -58
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
- data/spec/requests/flows/implicit_grant_spec.rb +0 -61
- data/spec/requests/flows/password_spec.rb +0 -115
- data/spec/requests/flows/refresh_token_spec.rb +0 -174
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -59
- data/spec/requests/protected_resources/metal_spec.rb +0 -14
- data/spec/requests/protected_resources/private_api_spec.rb +0 -81
- data/spec/routing/custom_controller_routes_spec.rb +0 -71
- data/spec/routing/default_routes_spec.rb +0 -35
- data/spec/routing/scoped_routes_spec.rb +0 -31
- data/spec/spec_helper.rb +0 -4
- data/spec/spec_helper_integration.rb +0 -63
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/access_token_request_helper.rb +0 -11
- data/spec/support/helpers/authorization_request_helper.rb +0 -41
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -67
- data/spec/support/helpers/request_spec_helper.rb +0 -84
- data/spec/support/helpers/url_helper.rb +0 -55
- data/spec/support/http_method_shim.rb +0 -38
- data/spec/support/orm/active_record.rb +0 -3
- data/spec/support/shared/controllers_shared_context.rb +0 -69
- data/spec/support/shared/models_shared_examples.rb +0 -52
- data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,116 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'active_support/core_ext/string'
|
3
|
-
require 'doorkeeper/oauth/token'
|
4
|
-
|
5
|
-
module Doorkeeper
|
6
|
-
unless defined?(AccessToken)
|
7
|
-
class AccessToken
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
module OAuth
|
12
|
-
describe Token do
|
13
|
-
describe :from_request do
|
14
|
-
let(:request) { double.as_null_object }
|
15
|
-
|
16
|
-
let(:method) do
|
17
|
-
->(request) { return 'token-value' }
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'accepts anything that responds to #call' do
|
21
|
-
expect(method).to receive(:call).with(request)
|
22
|
-
Token.from_request request, method
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'delegates methods received as symbols to Token class' do
|
26
|
-
expect(Token).to receive(:from_params).with(request)
|
27
|
-
Token.from_request request, :from_params
|
28
|
-
end
|
29
|
-
|
30
|
-
it 'stops at the first credentials found' do
|
31
|
-
not_called_method = double
|
32
|
-
expect(not_called_method).not_to receive(:call)
|
33
|
-
Token.from_request request, ->(_r) {}, method, not_called_method
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'returns the credential from extractor method' do
|
37
|
-
credentials = Token.from_request request, method
|
38
|
-
expect(credentials).to eq('token-value')
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
describe :from_access_token_param do
|
43
|
-
it 'returns token from access_token parameter' do
|
44
|
-
request = double parameters: { access_token: 'some-token' }
|
45
|
-
token = Token.from_access_token_param(request)
|
46
|
-
expect(token).to eq('some-token')
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
describe :from_bearer_param do
|
51
|
-
it 'returns token from bearer_token parameter' do
|
52
|
-
request = double parameters: { bearer_token: 'some-token' }
|
53
|
-
token = Token.from_bearer_param(request)
|
54
|
-
expect(token).to eq('some-token')
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
describe :from_bearer_authorization do
|
59
|
-
it 'returns token from capitalized authorization bearer' do
|
60
|
-
request = double authorization: 'Bearer SomeToken'
|
61
|
-
token = Token.from_bearer_authorization(request)
|
62
|
-
expect(token).to eq('SomeToken')
|
63
|
-
end
|
64
|
-
|
65
|
-
it 'returns token from lowercased authorization bearer' do
|
66
|
-
request = double authorization: 'bearer SomeToken'
|
67
|
-
token = Token.from_bearer_authorization(request)
|
68
|
-
expect(token).to eq('SomeToken')
|
69
|
-
end
|
70
|
-
|
71
|
-
it 'does not return token if authorization is not bearer' do
|
72
|
-
request = double authorization: 'MAC SomeToken'
|
73
|
-
token = Token.from_bearer_authorization(request)
|
74
|
-
expect(token).to be_blank
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
describe :from_basic_authorization do
|
79
|
-
it 'returns token from capitalized authorization basic' do
|
80
|
-
request = double authorization: "Basic #{Base64.encode64 'SomeToken:'}"
|
81
|
-
token = Token.from_basic_authorization(request)
|
82
|
-
expect(token).to eq('SomeToken')
|
83
|
-
end
|
84
|
-
|
85
|
-
it 'returns token from lowercased authorization basic' do
|
86
|
-
request = double authorization: "basic #{Base64.encode64 'SomeToken:'}"
|
87
|
-
token = Token.from_basic_authorization(request)
|
88
|
-
expect(token).to eq('SomeToken')
|
89
|
-
end
|
90
|
-
|
91
|
-
it 'does not return token if authorization is not basic' do
|
92
|
-
request = double authorization: "MAC #{Base64.encode64 'SomeToken:'}"
|
93
|
-
token = Token.from_basic_authorization(request)
|
94
|
-
expect(token).to be_blank
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
describe :authenticate do
|
99
|
-
it 'calls the finder if token was returned' do
|
100
|
-
token = ->(_r) { 'token' }
|
101
|
-
expect(AccessToken).to receive(:by_token).with('token')
|
102
|
-
Token.authenticate double, token
|
103
|
-
end
|
104
|
-
|
105
|
-
it 'revokes previous refresh_token if token was found' do
|
106
|
-
token = ->(_r) { 'token' }
|
107
|
-
expect(
|
108
|
-
AccessToken
|
109
|
-
).to receive(:by_token).with('token').and_return(token)
|
110
|
-
expect(token).to receive(:revoke_previous_refresh_token!)
|
111
|
-
Token.authenticate double, token
|
112
|
-
end
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
@@ -1,53 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'doorkeeper/request/strategy'
|
3
|
-
|
4
|
-
module Doorkeeper
|
5
|
-
module Request
|
6
|
-
describe Strategy do
|
7
|
-
let(:server) { double }
|
8
|
-
subject(:strategy) { Strategy.new(server) }
|
9
|
-
|
10
|
-
describe :initialize do
|
11
|
-
it "sets the server attribute" do
|
12
|
-
expect(strategy.server).to eq server
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
describe :request do
|
17
|
-
it "requires an implementation" do
|
18
|
-
expect { strategy.request }.to raise_exception NotImplementedError
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
describe "a sample Strategy subclass" do
|
23
|
-
let(:fake_request) { double }
|
24
|
-
|
25
|
-
let(:strategy_class) do
|
26
|
-
subclass = Class.new(Strategy) do
|
27
|
-
class << self
|
28
|
-
attr_accessor :fake_request
|
29
|
-
end
|
30
|
-
|
31
|
-
def request
|
32
|
-
self.class.fake_request
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
subclass.fake_request = fake_request
|
37
|
-
subclass
|
38
|
-
end
|
39
|
-
|
40
|
-
subject(:strategy) { strategy_class.new(server) }
|
41
|
-
|
42
|
-
it "provides a request implementation" do
|
43
|
-
expect(strategy.request).to eq fake_request
|
44
|
-
end
|
45
|
-
|
46
|
-
it "authorizes the request" do
|
47
|
-
expect(fake_request).to receive :authorize
|
48
|
-
strategy.authorize
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
data/spec/lib/server_spec.rb
DELETED
@@ -1,49 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe Doorkeeper::Server do
|
4
|
-
let(:fake_class) { double :fake_class }
|
5
|
-
|
6
|
-
subject do
|
7
|
-
described_class.new
|
8
|
-
end
|
9
|
-
|
10
|
-
describe '.authorization_request' do
|
11
|
-
it 'raises error when strategy does not exist' do
|
12
|
-
expect do
|
13
|
-
subject.authorization_request(:duh)
|
14
|
-
end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
|
15
|
-
end
|
16
|
-
|
17
|
-
it 'raises error when strategy does not match phase' do
|
18
|
-
expect do
|
19
|
-
subject.token_request(:code)
|
20
|
-
end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
|
21
|
-
end
|
22
|
-
|
23
|
-
context 'when only Authorization Code strategy is enabled' do
|
24
|
-
before do
|
25
|
-
allow(Doorkeeper.configuration).
|
26
|
-
to receive(:grant_flows).
|
27
|
-
and_return(['authorization_code'])
|
28
|
-
end
|
29
|
-
|
30
|
-
it 'raises error when using the disabled Implicit strategy' do
|
31
|
-
expect do
|
32
|
-
subject.authorization_request(:token)
|
33
|
-
end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'raises error when using the disabled Client Credentials strategy' do
|
37
|
-
expect do
|
38
|
-
subject.token_request(:client_credentials)
|
39
|
-
end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
it 'builds the request with selected strategy' do
|
44
|
-
stub_const 'Doorkeeper::Request::Code', fake_class
|
45
|
-
expect(fake_class).to receive(:new).with(subject)
|
46
|
-
subject.authorization_request :code
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
describe Doorkeeper::AccessGrant do
|
4
|
-
subject { FactoryGirl.build(:access_grant) }
|
5
|
-
|
6
|
-
it { expect(subject).to be_valid }
|
7
|
-
|
8
|
-
it_behaves_like 'an accessible token'
|
9
|
-
it_behaves_like 'a revocable token'
|
10
|
-
it_behaves_like 'a unique token' do
|
11
|
-
let(:factory_name) { :access_grant }
|
12
|
-
end
|
13
|
-
|
14
|
-
describe 'validations' do
|
15
|
-
it 'is invalid without resource_owner_id' do
|
16
|
-
subject.resource_owner_id = nil
|
17
|
-
expect(subject).not_to be_valid
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'is invalid without application_id' do
|
21
|
-
subject.application_id = nil
|
22
|
-
expect(subject).not_to be_valid
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'is invalid without token' do
|
26
|
-
subject.save
|
27
|
-
subject.token = nil
|
28
|
-
expect(subject).not_to be_valid
|
29
|
-
end
|
30
|
-
|
31
|
-
it 'is invalid without expires_in' do
|
32
|
-
subject.expires_in = nil
|
33
|
-
expect(subject).not_to be_valid
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,394 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
module Doorkeeper
|
4
|
-
describe AccessToken do
|
5
|
-
subject { FactoryGirl.build(:access_token) }
|
6
|
-
|
7
|
-
it { expect(subject).to be_valid }
|
8
|
-
|
9
|
-
it_behaves_like 'an accessible token'
|
10
|
-
it_behaves_like 'a revocable token'
|
11
|
-
it_behaves_like 'a unique token' do
|
12
|
-
let(:factory_name) { :access_token }
|
13
|
-
end
|
14
|
-
|
15
|
-
module CustomGeneratorArgs
|
16
|
-
def self.generate
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
describe :generate_token do
|
21
|
-
it 'generates a token using the default method' do
|
22
|
-
FactoryGirl.create :access_token
|
23
|
-
|
24
|
-
token = FactoryGirl.create :access_token
|
25
|
-
expect(token.token).to be_a(String)
|
26
|
-
end
|
27
|
-
|
28
|
-
it 'generates a token using a custom object' do
|
29
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
30
|
-
eigenclass.class_eval do
|
31
|
-
remove_method :generate
|
32
|
-
end
|
33
|
-
module CustomGeneratorArgs
|
34
|
-
def self.generate(opts = {})
|
35
|
-
"custom_generator_token_#{opts[:resource_owner_id]}"
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
Doorkeeper.configure do
|
40
|
-
orm DOORKEEPER_ORM
|
41
|
-
access_token_generator "Doorkeeper::CustomGeneratorArgs"
|
42
|
-
end
|
43
|
-
|
44
|
-
token = FactoryGirl.create :access_token
|
45
|
-
expect(token.token).to match(%r{custom_generator_token_\d+})
|
46
|
-
end
|
47
|
-
|
48
|
-
it 'allows the custom generator to access the application details' do
|
49
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
50
|
-
eigenclass.class_eval do
|
51
|
-
remove_method :generate
|
52
|
-
end
|
53
|
-
module CustomGeneratorArgs
|
54
|
-
def self.generate(opts = {})
|
55
|
-
"custom_generator_token_#{opts[:application].name}"
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
Doorkeeper.configure do
|
60
|
-
orm DOORKEEPER_ORM
|
61
|
-
access_token_generator "Doorkeeper::CustomGeneratorArgs"
|
62
|
-
end
|
63
|
-
|
64
|
-
token = FactoryGirl.create :access_token
|
65
|
-
expect(token.token).to match(%r{custom_generator_token_Application \d+})
|
66
|
-
end
|
67
|
-
|
68
|
-
it 'allows the custom generator to access the scopes' do
|
69
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
70
|
-
eigenclass.class_eval do
|
71
|
-
remove_method :generate
|
72
|
-
end
|
73
|
-
module CustomGeneratorArgs
|
74
|
-
def self.generate(opts = {})
|
75
|
-
"custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
Doorkeeper.configure do
|
80
|
-
orm DOORKEEPER_ORM
|
81
|
-
access_token_generator "Doorkeeper::CustomGeneratorArgs"
|
82
|
-
end
|
83
|
-
|
84
|
-
token = FactoryGirl.create :access_token, scopes: 'public write'
|
85
|
-
|
86
|
-
expect(token.token).to eq 'custom_generator_token_2_public write'
|
87
|
-
end
|
88
|
-
|
89
|
-
it 'allows the custom generator to access the expiry length' do
|
90
|
-
eigenclass = class << CustomGeneratorArgs; self; end
|
91
|
-
eigenclass.class_eval do
|
92
|
-
remove_method :generate
|
93
|
-
end
|
94
|
-
module CustomGeneratorArgs
|
95
|
-
def self.generate(opts = {})
|
96
|
-
"custom_generator_token_#{opts[:expires_in]}"
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
100
|
-
Doorkeeper.configure do
|
101
|
-
orm DOORKEEPER_ORM
|
102
|
-
access_token_generator "Doorkeeper::CustomGeneratorArgs"
|
103
|
-
end
|
104
|
-
|
105
|
-
token = FactoryGirl.create :access_token
|
106
|
-
expect(token.token).to eq 'custom_generator_token_7200'
|
107
|
-
end
|
108
|
-
|
109
|
-
it 'allows the custom generator to access the created time' do
|
110
|
-
module CustomGeneratorArgs
|
111
|
-
def self.generate(opts = {})
|
112
|
-
"custom_generator_token_#{opts[:created_at].to_i}"
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
Doorkeeper.configure do
|
117
|
-
orm DOORKEEPER_ORM
|
118
|
-
access_token_generator "Doorkeeper::CustomGeneratorArgs"
|
119
|
-
end
|
120
|
-
|
121
|
-
token = FactoryGirl.create :access_token
|
122
|
-
created_at = token.created_at
|
123
|
-
expect(token.token).to eq "custom_generator_token_#{created_at.to_i}"
|
124
|
-
end
|
125
|
-
|
126
|
-
it 'raises an error if the custom object does not support generate' do
|
127
|
-
module NoGenerate
|
128
|
-
end
|
129
|
-
|
130
|
-
Doorkeeper.configure do
|
131
|
-
orm DOORKEEPER_ORM
|
132
|
-
access_token_generator "Doorkeeper::NoGenerate"
|
133
|
-
end
|
134
|
-
|
135
|
-
expect { FactoryGirl.create :access_token }.to(
|
136
|
-
raise_error(Doorkeeper::Errors::UnableToGenerateToken))
|
137
|
-
end
|
138
|
-
|
139
|
-
it 'raises an error if the custom object does not exist' do
|
140
|
-
Doorkeeper.configure do
|
141
|
-
orm DOORKEEPER_ORM
|
142
|
-
access_token_generator "Doorkeeper::NotReal"
|
143
|
-
end
|
144
|
-
|
145
|
-
expect { FactoryGirl.create :access_token }.to(
|
146
|
-
raise_error(Doorkeeper::Errors::TokenGeneratorNotFound))
|
147
|
-
end
|
148
|
-
end
|
149
|
-
|
150
|
-
describe :refresh_token do
|
151
|
-
it 'has empty refresh token if it was not required' do
|
152
|
-
token = FactoryGirl.create :access_token
|
153
|
-
expect(token.refresh_token).to be_nil
|
154
|
-
end
|
155
|
-
|
156
|
-
it 'generates a refresh token if it was requested' do
|
157
|
-
token = FactoryGirl.create :access_token, use_refresh_token: true
|
158
|
-
expect(token.refresh_token).not_to be_nil
|
159
|
-
end
|
160
|
-
|
161
|
-
it 'is not valid if token exists' do
|
162
|
-
token1 = FactoryGirl.create :access_token, use_refresh_token: true
|
163
|
-
token2 = FactoryGirl.create :access_token, use_refresh_token: true
|
164
|
-
token2.refresh_token = token1.refresh_token
|
165
|
-
expect(token2).not_to be_valid
|
166
|
-
end
|
167
|
-
|
168
|
-
it 'expects database to raise an error if refresh tokens are the same' do
|
169
|
-
token1 = FactoryGirl.create :access_token, use_refresh_token: true
|
170
|
-
token2 = FactoryGirl.create :access_token, use_refresh_token: true
|
171
|
-
expect do
|
172
|
-
token2.refresh_token = token1.refresh_token
|
173
|
-
token2.save(validate: false)
|
174
|
-
end.to raise_error(uniqueness_error)
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
describe 'validations' do
|
179
|
-
it 'is valid without resource_owner_id' do
|
180
|
-
# For client credentials flow
|
181
|
-
subject.resource_owner_id = nil
|
182
|
-
expect(subject).to be_valid
|
183
|
-
end
|
184
|
-
|
185
|
-
it 'is valid without application_id' do
|
186
|
-
# For resource owner credentials flow
|
187
|
-
subject.application_id = nil
|
188
|
-
expect(subject).to be_valid
|
189
|
-
end
|
190
|
-
end
|
191
|
-
|
192
|
-
describe '#same_credential?' do
|
193
|
-
|
194
|
-
context 'with default parameters' do
|
195
|
-
|
196
|
-
let(:resource_owner_id) { 100 }
|
197
|
-
let(:application) { FactoryGirl.create :application }
|
198
|
-
let(:default_attributes) do
|
199
|
-
{ application: application, resource_owner_id: resource_owner_id }
|
200
|
-
end
|
201
|
-
let(:access_token1) { FactoryGirl.create :access_token, default_attributes }
|
202
|
-
|
203
|
-
context 'the second token has the same owner and same app' do
|
204
|
-
let(:access_token2) { FactoryGirl.create :access_token, default_attributes }
|
205
|
-
it 'success' do
|
206
|
-
expect(access_token1.same_credential?(access_token2)).to be_truthy
|
207
|
-
end
|
208
|
-
end
|
209
|
-
|
210
|
-
context 'the second token has same owner and different app' do
|
211
|
-
let(:other_application) { FactoryGirl.create :application }
|
212
|
-
let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: resource_owner_id }
|
213
|
-
|
214
|
-
it 'fail' do
|
215
|
-
expect(access_token1.same_credential?(access_token2)).to be_falsey
|
216
|
-
end
|
217
|
-
end
|
218
|
-
|
219
|
-
context 'the second token has different owner and different app' do
|
220
|
-
|
221
|
-
let(:other_application) { FactoryGirl.create :application }
|
222
|
-
let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: 42 }
|
223
|
-
|
224
|
-
it 'fail' do
|
225
|
-
expect(access_token1.same_credential?(access_token2)).to be_falsey
|
226
|
-
end
|
227
|
-
end
|
228
|
-
|
229
|
-
context 'the second token has different owner and same app' do
|
230
|
-
let(:access_token2) { FactoryGirl.create :access_token, application: application, resource_owner_id: 42 }
|
231
|
-
|
232
|
-
it 'fail' do
|
233
|
-
expect(access_token1.same_credential?(access_token2)).to be_falsey
|
234
|
-
end
|
235
|
-
end
|
236
|
-
end
|
237
|
-
end
|
238
|
-
|
239
|
-
describe '#acceptable?' do
|
240
|
-
context 'a token that is not accessible' do
|
241
|
-
let(:token) { FactoryGirl.create(:access_token, created_at: 6.hours.ago) }
|
242
|
-
|
243
|
-
it 'should return false' do
|
244
|
-
expect(token.acceptable?(nil)).to be false
|
245
|
-
end
|
246
|
-
end
|
247
|
-
|
248
|
-
context 'a token that has the incorrect scopes' do
|
249
|
-
let(:token) { FactoryGirl.create(:access_token) }
|
250
|
-
|
251
|
-
it 'should return false' do
|
252
|
-
expect(token.acceptable?(['public'])).to be false
|
253
|
-
end
|
254
|
-
end
|
255
|
-
|
256
|
-
context 'a token is acceptable with the correct scopes' do
|
257
|
-
let(:token) do
|
258
|
-
token = FactoryGirl.create(:access_token)
|
259
|
-
token[:scopes] = 'public'
|
260
|
-
token
|
261
|
-
end
|
262
|
-
|
263
|
-
it 'should return true' do
|
264
|
-
expect(token.acceptable?(['public'])).to be true
|
265
|
-
end
|
266
|
-
end
|
267
|
-
end
|
268
|
-
|
269
|
-
describe '.revoke_all_for' do
|
270
|
-
let(:resource_owner) { double(id: 100) }
|
271
|
-
let(:application) { FactoryGirl.create :application }
|
272
|
-
let(:default_attributes) do
|
273
|
-
{ application: application, resource_owner_id: resource_owner.id }
|
274
|
-
end
|
275
|
-
|
276
|
-
it 'revokes all tokens for given application and resource owner' do
|
277
|
-
FactoryGirl.create :access_token, default_attributes
|
278
|
-
AccessToken.revoke_all_for application.id, resource_owner
|
279
|
-
AccessToken.all.each do |token|
|
280
|
-
expect(token).to be_revoked
|
281
|
-
end
|
282
|
-
end
|
283
|
-
|
284
|
-
it 'matches application' do
|
285
|
-
FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
|
286
|
-
AccessToken.revoke_all_for application.id, resource_owner
|
287
|
-
expect(AccessToken.all).not_to be_empty
|
288
|
-
end
|
289
|
-
|
290
|
-
it 'matches resource owner' do
|
291
|
-
FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 90)
|
292
|
-
AccessToken.revoke_all_for application.id, resource_owner
|
293
|
-
expect(AccessToken.all).not_to be_empty
|
294
|
-
end
|
295
|
-
end
|
296
|
-
|
297
|
-
describe '.matching_token_for' do
|
298
|
-
let(:resource_owner_id) { 100 }
|
299
|
-
let(:application) { FactoryGirl.create :application }
|
300
|
-
let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public write') }
|
301
|
-
let(:default_attributes) do
|
302
|
-
{
|
303
|
-
application: application,
|
304
|
-
resource_owner_id: resource_owner_id,
|
305
|
-
scopes: scopes.to_s
|
306
|
-
}
|
307
|
-
end
|
308
|
-
|
309
|
-
it 'returns only one token' do
|
310
|
-
token = FactoryGirl.create :access_token, default_attributes
|
311
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
312
|
-
expect(last_token).to eq(token)
|
313
|
-
end
|
314
|
-
|
315
|
-
it 'accepts resource owner as object' do
|
316
|
-
resource_owner = double(to_key: true, id: 100)
|
317
|
-
token = FactoryGirl.create :access_token, default_attributes
|
318
|
-
last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
|
319
|
-
expect(last_token).to eq(token)
|
320
|
-
end
|
321
|
-
|
322
|
-
it 'accepts nil as resource owner' do
|
323
|
-
token = FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: nil)
|
324
|
-
last_token = AccessToken.matching_token_for(application, nil, scopes)
|
325
|
-
expect(last_token).to eq(token)
|
326
|
-
end
|
327
|
-
|
328
|
-
it 'excludes revoked tokens' do
|
329
|
-
FactoryGirl.create :access_token, default_attributes.merge(revoked_at: 1.day.ago)
|
330
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
331
|
-
expect(last_token).to be_nil
|
332
|
-
end
|
333
|
-
|
334
|
-
it 'matches the application' do
|
335
|
-
FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
|
336
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
337
|
-
expect(last_token).to be_nil
|
338
|
-
end
|
339
|
-
|
340
|
-
it 'matches the resource owner' do
|
341
|
-
FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 2)
|
342
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
343
|
-
expect(last_token).to be_nil
|
344
|
-
end
|
345
|
-
|
346
|
-
it 'matches token with fewer scopes' do
|
347
|
-
FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public')
|
348
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
349
|
-
expect(last_token).to be_nil
|
350
|
-
end
|
351
|
-
|
352
|
-
it 'matches token with different scopes' do
|
353
|
-
FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public email')
|
354
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
355
|
-
expect(last_token).to be_nil
|
356
|
-
end
|
357
|
-
|
358
|
-
it 'matches token with more scopes' do
|
359
|
-
FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public write email')
|
360
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
361
|
-
expect(last_token).to be_nil
|
362
|
-
end
|
363
|
-
|
364
|
-
it 'matches application scopes' do
|
365
|
-
application = FactoryGirl.create :application, scopes: "private read"
|
366
|
-
FactoryGirl.create :access_token, default_attributes.merge(
|
367
|
-
application: application
|
368
|
-
)
|
369
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
370
|
-
expect(last_token).to be_nil
|
371
|
-
end
|
372
|
-
|
373
|
-
it 'returns the last created token' do
|
374
|
-
FactoryGirl.create :access_token, default_attributes.merge(created_at: 1.day.ago)
|
375
|
-
token = FactoryGirl.create :access_token, default_attributes
|
376
|
-
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
377
|
-
expect(last_token).to eq(token)
|
378
|
-
end
|
379
|
-
|
380
|
-
it 'returns as_json hash' do
|
381
|
-
token = FactoryGirl.create :access_token, default_attributes
|
382
|
-
token_hash = {
|
383
|
-
resource_owner_id: token.resource_owner_id,
|
384
|
-
scopes: token.scopes,
|
385
|
-
expires_in_seconds: token.expires_in_seconds,
|
386
|
-
application: { uid: token.application.uid },
|
387
|
-
created_at: token.created_at.to_i,
|
388
|
-
}
|
389
|
-
expect(token.as_json).to eq token_hash
|
390
|
-
end
|
391
|
-
end
|
392
|
-
|
393
|
-
end
|
394
|
-
end
|