doorkeeper 4.2.6 → 5.5.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (274) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1049 -0
  3. data/README.md +110 -353
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +6 -7
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
  7. data/app/controllers/doorkeeper/applications_controller.rb +65 -16
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +115 -38
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +6 -0
  22. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  23. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  24. data/config/locales/en.yml +34 -7
  25. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  26. data/lib/doorkeeper/config/option.rb +82 -0
  27. data/lib/doorkeeper/config/validations.rb +53 -0
  28. data/lib/doorkeeper/config.rb +514 -167
  29. data/lib/doorkeeper/engine.rb +11 -5
  30. data/lib/doorkeeper/errors.rb +25 -16
  31. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  32. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  33. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  34. data/lib/doorkeeper/grant_flow.rb +45 -0
  35. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  36. data/lib/doorkeeper/grape/helpers.rb +23 -12
  37. data/lib/doorkeeper/helpers/controller.rb +51 -14
  38. data/lib/doorkeeper/models/access_grant_mixin.rb +94 -27
  39. data/lib/doorkeeper/models/access_token_mixin.rb +284 -96
  40. data/lib/doorkeeper/models/application_mixin.rb +58 -27
  41. data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
  42. data/lib/doorkeeper/models/concerns/expirable.rb +12 -6
  43. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  44. data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
  45. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  46. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  47. data/lib/doorkeeper/models/concerns/revocable.rb +3 -27
  48. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  49. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  50. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  51. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  52. data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
  53. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +7 -5
  54. data/lib/doorkeeper/oauth/authorization_code_request.rb +63 -10
  55. data/lib/doorkeeper/oauth/base_request.rb +35 -19
  56. data/lib/doorkeeper/oauth/base_response.rb +2 -0
  57. data/lib/doorkeeper/oauth/client/credentials.rb +9 -7
  58. data/lib/doorkeeper/oauth/client.rb +10 -11
  59. data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
  60. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
  61. data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
  62. data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -11
  63. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  64. data/lib/doorkeeper/oauth/code_response.rb +27 -15
  65. data/lib/doorkeeper/oauth/error.rb +5 -3
  66. data/lib/doorkeeper/oauth/error_response.rb +35 -15
  67. data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
  68. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
  69. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  70. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
  71. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  72. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  73. data/lib/doorkeeper/oauth/invalid_token_response.rb +29 -5
  74. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  75. data/lib/doorkeeper/oauth/password_access_token_request.rb +44 -10
  76. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  77. data/lib/doorkeeper/oauth/refresh_token_request.rb +60 -31
  78. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  79. data/lib/doorkeeper/oauth/token.rb +13 -9
  80. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  81. data/lib/doorkeeper/oauth/token_request.rb +8 -20
  82. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  83. data/lib/doorkeeper/oauth.rb +13 -0
  84. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  85. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -42
  86. data/lib/doorkeeper/orm/active_record/application.rb +6 -20
  87. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  88. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
  89. data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
  90. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  91. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  92. data/lib/doorkeeper/orm/active_record.rb +37 -8
  93. data/lib/doorkeeper/rails/helpers.rb +14 -13
  94. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  95. data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
  96. data/lib/doorkeeper/rails/routes/mapping.rb +9 -7
  97. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  98. data/lib/doorkeeper/rails/routes.rb +41 -28
  99. data/lib/doorkeeper/rake/db.rake +40 -0
  100. data/lib/doorkeeper/rake/setup.rake +11 -0
  101. data/lib/doorkeeper/rake.rb +14 -0
  102. data/lib/doorkeeper/request/authorization_code.rb +6 -4
  103. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  104. data/lib/doorkeeper/request/code.rb +1 -1
  105. data/lib/doorkeeper/request/password.rb +5 -14
  106. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  107. data/lib/doorkeeper/request/strategy.rb +4 -2
  108. data/lib/doorkeeper/request/token.rb +1 -1
  109. data/lib/doorkeeper/request.rb +62 -29
  110. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  111. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  112. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  113. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  114. data/lib/doorkeeper/server.rb +9 -11
  115. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  116. data/lib/doorkeeper/validations.rb +5 -2
  117. data/lib/doorkeeper/version.rb +12 -1
  118. data/lib/doorkeeper.rb +111 -62
  119. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  120. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  121. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  122. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  123. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  124. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  125. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
  126. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  127. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  128. data/{spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb → lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
  129. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  130. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  131. data/lib/generators/doorkeeper/templates/initializer.rb +412 -33
  132. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  133. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  134. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  135. metadata +114 -276
  136. data/.coveralls.yml +0 -1
  137. data/.gitignore +0 -19
  138. data/.hound.yml +0 -13
  139. data/.rspec +0 -1
  140. data/.travis.yml +0 -26
  141. data/Appraisals +0 -14
  142. data/CONTRIBUTING.md +0 -47
  143. data/Gemfile +0 -10
  144. data/NEWS.md +0 -606
  145. data/RELEASING.md +0 -10
  146. data/Rakefile +0 -20
  147. data/app/validators/redirect_uri_validator.rb +0 -34
  148. data/doorkeeper.gemspec +0 -29
  149. data/gemfiles/rails_4_2.gemfile +0 -11
  150. data/gemfiles/rails_5_0.gemfile +0 -12
  151. data/gemfiles/rails_5_1.gemfile +0 -13
  152. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  153. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  154. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb +0 -11
  155. data/lib/generators/doorkeeper/templates/migration.rb +0 -68
  156. data/spec/controllers/application_metal_controller.rb +0 -10
  157. data/spec/controllers/applications_controller_spec.rb +0 -58
  158. data/spec/controllers/authorizations_controller_spec.rb +0 -218
  159. data/spec/controllers/protected_resources_controller_spec.rb +0 -300
  160. data/spec/controllers/token_info_controller_spec.rb +0 -52
  161. data/spec/controllers/tokens_controller_spec.rb +0 -88
  162. data/spec/dummy/Rakefile +0 -7
  163. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  164. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  165. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  166. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  167. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  168. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  169. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  170. data/spec/dummy/app/models/user.rb +0 -5
  171. data/spec/dummy/app/views/home/index.html.erb +0 -0
  172. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  173. data/spec/dummy/config/application.rb +0 -23
  174. data/spec/dummy/config/boot.rb +0 -9
  175. data/spec/dummy/config/database.yml +0 -15
  176. data/spec/dummy/config/environment.rb +0 -5
  177. data/spec/dummy/config/environments/development.rb +0 -29
  178. data/spec/dummy/config/environments/production.rb +0 -62
  179. data/spec/dummy/config/environments/test.rb +0 -44
  180. data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
  181. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  182. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  183. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  184. data/spec/dummy/config/initializers/session_store.rb +0 -8
  185. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  186. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  187. data/spec/dummy/config/routes.rb +0 -52
  188. data/spec/dummy/config.ru +0 -4
  189. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  190. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  191. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
  192. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
  193. data/spec/dummy/db/schema.rb +0 -67
  194. data/spec/dummy/public/404.html +0 -26
  195. data/spec/dummy/public/422.html +0 -26
  196. data/spec/dummy/public/500.html +0 -26
  197. data/spec/dummy/public/favicon.ico +0 -0
  198. data/spec/dummy/script/rails +0 -6
  199. data/spec/factories.rb +0 -28
  200. data/spec/generators/application_owner_generator_spec.rb +0 -22
  201. data/spec/generators/install_generator_spec.rb +0 -31
  202. data/spec/generators/migration_generator_spec.rb +0 -20
  203. data/spec/generators/templates/routes.rb +0 -3
  204. data/spec/generators/views_generator_spec.rb +0 -27
  205. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  206. data/spec/lib/config_spec.rb +0 -334
  207. data/spec/lib/doorkeeper_spec.rb +0 -150
  208. data/spec/lib/models/expirable_spec.rb +0 -50
  209. data/spec/lib/models/revocable_spec.rb +0 -59
  210. data/spec/lib/models/scopes_spec.rb +0 -43
  211. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -41
  212. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  213. data/spec/lib/oauth/base_request_spec.rb +0 -160
  214. data/spec/lib/oauth/base_response_spec.rb +0 -45
  215. data/spec/lib/oauth/client/credentials_spec.rb +0 -88
  216. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  217. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  218. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  219. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  220. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  221. data/spec/lib/oauth/client_spec.rb +0 -39
  222. data/spec/lib/oauth/code_request_spec.rb +0 -45
  223. data/spec/lib/oauth/code_response_spec.rb +0 -34
  224. data/spec/lib/oauth/error_response_spec.rb +0 -61
  225. data/spec/lib/oauth/error_spec.rb +0 -23
  226. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  227. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  228. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  229. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  230. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -56
  231. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  232. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  233. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
  234. data/spec/lib/oauth/scopes_spec.rb +0 -122
  235. data/spec/lib/oauth/token_request_spec.rb +0 -98
  236. data/spec/lib/oauth/token_response_spec.rb +0 -85
  237. data/spec/lib/oauth/token_spec.rb +0 -116
  238. data/spec/lib/request/strategy_spec.rb +0 -53
  239. data/spec/lib/server_spec.rb +0 -49
  240. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  241. data/spec/models/doorkeeper/access_token_spec.rb +0 -394
  242. data/spec/models/doorkeeper/application_spec.rb +0 -179
  243. data/spec/requests/applications/applications_request_spec.rb +0 -94
  244. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  245. data/spec/requests/endpoints/authorization_spec.rb +0 -71
  246. data/spec/requests/endpoints/token_spec.rb +0 -64
  247. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -76
  248. data/spec/requests/flows/authorization_code_spec.rb +0 -148
  249. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  250. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  251. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  252. data/spec/requests/flows/password_spec.rb +0 -115
  253. data/spec/requests/flows/refresh_token_spec.rb +0 -174
  254. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  255. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  256. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  257. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  258. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  259. data/spec/routing/default_routes_spec.rb +0 -35
  260. data/spec/routing/scoped_routes_spec.rb +0 -31
  261. data/spec/spec_helper.rb +0 -4
  262. data/spec/spec_helper_integration.rb +0 -63
  263. data/spec/support/dependencies/factory_girl.rb +0 -2
  264. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  265. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  266. data/spec/support/helpers/config_helper.rb +0 -9
  267. data/spec/support/helpers/model_helper.rb +0 -67
  268. data/spec/support/helpers/request_spec_helper.rb +0 -84
  269. data/spec/support/helpers/url_helper.rb +0 -55
  270. data/spec/support/http_method_shim.rb +0 -38
  271. data/spec/support/orm/active_record.rb +0 -3
  272. data/spec/support/shared/controllers_shared_context.rb +0 -69
  273. data/spec/support/shared/models_shared_examples.rb +0 -52
  274. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,116 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/core_ext/string'
3
- require 'doorkeeper/oauth/token'
4
-
5
- module Doorkeeper
6
- unless defined?(AccessToken)
7
- class AccessToken
8
- end
9
- end
10
-
11
- module OAuth
12
- describe Token do
13
- describe :from_request do
14
- let(:request) { double.as_null_object }
15
-
16
- let(:method) do
17
- ->(request) { return 'token-value' }
18
- end
19
-
20
- it 'accepts anything that responds to #call' do
21
- expect(method).to receive(:call).with(request)
22
- Token.from_request request, method
23
- end
24
-
25
- it 'delegates methods received as symbols to Token class' do
26
- expect(Token).to receive(:from_params).with(request)
27
- Token.from_request request, :from_params
28
- end
29
-
30
- it 'stops at the first credentials found' do
31
- not_called_method = double
32
- expect(not_called_method).not_to receive(:call)
33
- Token.from_request request, ->(_r) {}, method, not_called_method
34
- end
35
-
36
- it 'returns the credential from extractor method' do
37
- credentials = Token.from_request request, method
38
- expect(credentials).to eq('token-value')
39
- end
40
- end
41
-
42
- describe :from_access_token_param do
43
- it 'returns token from access_token parameter' do
44
- request = double parameters: { access_token: 'some-token' }
45
- token = Token.from_access_token_param(request)
46
- expect(token).to eq('some-token')
47
- end
48
- end
49
-
50
- describe :from_bearer_param do
51
- it 'returns token from bearer_token parameter' do
52
- request = double parameters: { bearer_token: 'some-token' }
53
- token = Token.from_bearer_param(request)
54
- expect(token).to eq('some-token')
55
- end
56
- end
57
-
58
- describe :from_bearer_authorization do
59
- it 'returns token from capitalized authorization bearer' do
60
- request = double authorization: 'Bearer SomeToken'
61
- token = Token.from_bearer_authorization(request)
62
- expect(token).to eq('SomeToken')
63
- end
64
-
65
- it 'returns token from lowercased authorization bearer' do
66
- request = double authorization: 'bearer SomeToken'
67
- token = Token.from_bearer_authorization(request)
68
- expect(token).to eq('SomeToken')
69
- end
70
-
71
- it 'does not return token if authorization is not bearer' do
72
- request = double authorization: 'MAC SomeToken'
73
- token = Token.from_bearer_authorization(request)
74
- expect(token).to be_blank
75
- end
76
- end
77
-
78
- describe :from_basic_authorization do
79
- it 'returns token from capitalized authorization basic' do
80
- request = double authorization: "Basic #{Base64.encode64 'SomeToken:'}"
81
- token = Token.from_basic_authorization(request)
82
- expect(token).to eq('SomeToken')
83
- end
84
-
85
- it 'returns token from lowercased authorization basic' do
86
- request = double authorization: "basic #{Base64.encode64 'SomeToken:'}"
87
- token = Token.from_basic_authorization(request)
88
- expect(token).to eq('SomeToken')
89
- end
90
-
91
- it 'does not return token if authorization is not basic' do
92
- request = double authorization: "MAC #{Base64.encode64 'SomeToken:'}"
93
- token = Token.from_basic_authorization(request)
94
- expect(token).to be_blank
95
- end
96
- end
97
-
98
- describe :authenticate do
99
- it 'calls the finder if token was returned' do
100
- token = ->(_r) { 'token' }
101
- expect(AccessToken).to receive(:by_token).with('token')
102
- Token.authenticate double, token
103
- end
104
-
105
- it 'revokes previous refresh_token if token was found' do
106
- token = ->(_r) { 'token' }
107
- expect(
108
- AccessToken
109
- ).to receive(:by_token).with('token').and_return(token)
110
- expect(token).to receive(:revoke_previous_refresh_token!)
111
- Token.authenticate double, token
112
- end
113
- end
114
- end
115
- end
116
- end
@@ -1,53 +0,0 @@
1
- require 'spec_helper'
2
- require 'doorkeeper/request/strategy'
3
-
4
- module Doorkeeper
5
- module Request
6
- describe Strategy do
7
- let(:server) { double }
8
- subject(:strategy) { Strategy.new(server) }
9
-
10
- describe :initialize do
11
- it "sets the server attribute" do
12
- expect(strategy.server).to eq server
13
- end
14
- end
15
-
16
- describe :request do
17
- it "requires an implementation" do
18
- expect { strategy.request }.to raise_exception NotImplementedError
19
- end
20
- end
21
-
22
- describe "a sample Strategy subclass" do
23
- let(:fake_request) { double }
24
-
25
- let(:strategy_class) do
26
- subclass = Class.new(Strategy) do
27
- class << self
28
- attr_accessor :fake_request
29
- end
30
-
31
- def request
32
- self.class.fake_request
33
- end
34
- end
35
-
36
- subclass.fake_request = fake_request
37
- subclass
38
- end
39
-
40
- subject(:strategy) { strategy_class.new(server) }
41
-
42
- it "provides a request implementation" do
43
- expect(strategy.request).to eq fake_request
44
- end
45
-
46
- it "authorizes the request" do
47
- expect(fake_request).to receive :authorize
48
- strategy.authorize
49
- end
50
- end
51
- end
52
- end
53
- end
@@ -1,49 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe Doorkeeper::Server do
4
- let(:fake_class) { double :fake_class }
5
-
6
- subject do
7
- described_class.new
8
- end
9
-
10
- describe '.authorization_request' do
11
- it 'raises error when strategy does not exist' do
12
- expect do
13
- subject.authorization_request(:duh)
14
- end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
15
- end
16
-
17
- it 'raises error when strategy does not match phase' do
18
- expect do
19
- subject.token_request(:code)
20
- end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
21
- end
22
-
23
- context 'when only Authorization Code strategy is enabled' do
24
- before do
25
- allow(Doorkeeper.configuration).
26
- to receive(:grant_flows).
27
- and_return(['authorization_code'])
28
- end
29
-
30
- it 'raises error when using the disabled Implicit strategy' do
31
- expect do
32
- subject.authorization_request(:token)
33
- end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
34
- end
35
-
36
- it 'raises error when using the disabled Client Credentials strategy' do
37
- expect do
38
- subject.token_request(:client_credentials)
39
- end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
40
- end
41
- end
42
-
43
- it 'builds the request with selected strategy' do
44
- stub_const 'Doorkeeper::Request::Code', fake_class
45
- expect(fake_class).to receive(:new).with(subject)
46
- subject.authorization_request :code
47
- end
48
- end
49
- end
@@ -1,36 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe Doorkeeper::AccessGrant do
4
- subject { FactoryGirl.build(:access_grant) }
5
-
6
- it { expect(subject).to be_valid }
7
-
8
- it_behaves_like 'an accessible token'
9
- it_behaves_like 'a revocable token'
10
- it_behaves_like 'a unique token' do
11
- let(:factory_name) { :access_grant }
12
- end
13
-
14
- describe 'validations' do
15
- it 'is invalid without resource_owner_id' do
16
- subject.resource_owner_id = nil
17
- expect(subject).not_to be_valid
18
- end
19
-
20
- it 'is invalid without application_id' do
21
- subject.application_id = nil
22
- expect(subject).not_to be_valid
23
- end
24
-
25
- it 'is invalid without token' do
26
- subject.save
27
- subject.token = nil
28
- expect(subject).not_to be_valid
29
- end
30
-
31
- it 'is invalid without expires_in' do
32
- subject.expires_in = nil
33
- expect(subject).not_to be_valid
34
- end
35
- end
36
- end
@@ -1,394 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- module Doorkeeper
4
- describe AccessToken do
5
- subject { FactoryGirl.build(:access_token) }
6
-
7
- it { expect(subject).to be_valid }
8
-
9
- it_behaves_like 'an accessible token'
10
- it_behaves_like 'a revocable token'
11
- it_behaves_like 'a unique token' do
12
- let(:factory_name) { :access_token }
13
- end
14
-
15
- module CustomGeneratorArgs
16
- def self.generate
17
- end
18
- end
19
-
20
- describe :generate_token do
21
- it 'generates a token using the default method' do
22
- FactoryGirl.create :access_token
23
-
24
- token = FactoryGirl.create :access_token
25
- expect(token.token).to be_a(String)
26
- end
27
-
28
- it 'generates a token using a custom object' do
29
- eigenclass = class << CustomGeneratorArgs; self; end
30
- eigenclass.class_eval do
31
- remove_method :generate
32
- end
33
- module CustomGeneratorArgs
34
- def self.generate(opts = {})
35
- "custom_generator_token_#{opts[:resource_owner_id]}"
36
- end
37
- end
38
-
39
- Doorkeeper.configure do
40
- orm DOORKEEPER_ORM
41
- access_token_generator "Doorkeeper::CustomGeneratorArgs"
42
- end
43
-
44
- token = FactoryGirl.create :access_token
45
- expect(token.token).to match(%r{custom_generator_token_\d+})
46
- end
47
-
48
- it 'allows the custom generator to access the application details' do
49
- eigenclass = class << CustomGeneratorArgs; self; end
50
- eigenclass.class_eval do
51
- remove_method :generate
52
- end
53
- module CustomGeneratorArgs
54
- def self.generate(opts = {})
55
- "custom_generator_token_#{opts[:application].name}"
56
- end
57
- end
58
-
59
- Doorkeeper.configure do
60
- orm DOORKEEPER_ORM
61
- access_token_generator "Doorkeeper::CustomGeneratorArgs"
62
- end
63
-
64
- token = FactoryGirl.create :access_token
65
- expect(token.token).to match(%r{custom_generator_token_Application \d+})
66
- end
67
-
68
- it 'allows the custom generator to access the scopes' do
69
- eigenclass = class << CustomGeneratorArgs; self; end
70
- eigenclass.class_eval do
71
- remove_method :generate
72
- end
73
- module CustomGeneratorArgs
74
- def self.generate(opts = {})
75
- "custom_generator_token_#{opts[:scopes].count}_#{opts[:scopes]}"
76
- end
77
- end
78
-
79
- Doorkeeper.configure do
80
- orm DOORKEEPER_ORM
81
- access_token_generator "Doorkeeper::CustomGeneratorArgs"
82
- end
83
-
84
- token = FactoryGirl.create :access_token, scopes: 'public write'
85
-
86
- expect(token.token).to eq 'custom_generator_token_2_public write'
87
- end
88
-
89
- it 'allows the custom generator to access the expiry length' do
90
- eigenclass = class << CustomGeneratorArgs; self; end
91
- eigenclass.class_eval do
92
- remove_method :generate
93
- end
94
- module CustomGeneratorArgs
95
- def self.generate(opts = {})
96
- "custom_generator_token_#{opts[:expires_in]}"
97
- end
98
- end
99
-
100
- Doorkeeper.configure do
101
- orm DOORKEEPER_ORM
102
- access_token_generator "Doorkeeper::CustomGeneratorArgs"
103
- end
104
-
105
- token = FactoryGirl.create :access_token
106
- expect(token.token).to eq 'custom_generator_token_7200'
107
- end
108
-
109
- it 'allows the custom generator to access the created time' do
110
- module CustomGeneratorArgs
111
- def self.generate(opts = {})
112
- "custom_generator_token_#{opts[:created_at].to_i}"
113
- end
114
- end
115
-
116
- Doorkeeper.configure do
117
- orm DOORKEEPER_ORM
118
- access_token_generator "Doorkeeper::CustomGeneratorArgs"
119
- end
120
-
121
- token = FactoryGirl.create :access_token
122
- created_at = token.created_at
123
- expect(token.token).to eq "custom_generator_token_#{created_at.to_i}"
124
- end
125
-
126
- it 'raises an error if the custom object does not support generate' do
127
- module NoGenerate
128
- end
129
-
130
- Doorkeeper.configure do
131
- orm DOORKEEPER_ORM
132
- access_token_generator "Doorkeeper::NoGenerate"
133
- end
134
-
135
- expect { FactoryGirl.create :access_token }.to(
136
- raise_error(Doorkeeper::Errors::UnableToGenerateToken))
137
- end
138
-
139
- it 'raises an error if the custom object does not exist' do
140
- Doorkeeper.configure do
141
- orm DOORKEEPER_ORM
142
- access_token_generator "Doorkeeper::NotReal"
143
- end
144
-
145
- expect { FactoryGirl.create :access_token }.to(
146
- raise_error(Doorkeeper::Errors::TokenGeneratorNotFound))
147
- end
148
- end
149
-
150
- describe :refresh_token do
151
- it 'has empty refresh token if it was not required' do
152
- token = FactoryGirl.create :access_token
153
- expect(token.refresh_token).to be_nil
154
- end
155
-
156
- it 'generates a refresh token if it was requested' do
157
- token = FactoryGirl.create :access_token, use_refresh_token: true
158
- expect(token.refresh_token).not_to be_nil
159
- end
160
-
161
- it 'is not valid if token exists' do
162
- token1 = FactoryGirl.create :access_token, use_refresh_token: true
163
- token2 = FactoryGirl.create :access_token, use_refresh_token: true
164
- token2.refresh_token = token1.refresh_token
165
- expect(token2).not_to be_valid
166
- end
167
-
168
- it 'expects database to raise an error if refresh tokens are the same' do
169
- token1 = FactoryGirl.create :access_token, use_refresh_token: true
170
- token2 = FactoryGirl.create :access_token, use_refresh_token: true
171
- expect do
172
- token2.refresh_token = token1.refresh_token
173
- token2.save(validate: false)
174
- end.to raise_error(uniqueness_error)
175
- end
176
- end
177
-
178
- describe 'validations' do
179
- it 'is valid without resource_owner_id' do
180
- # For client credentials flow
181
- subject.resource_owner_id = nil
182
- expect(subject).to be_valid
183
- end
184
-
185
- it 'is valid without application_id' do
186
- # For resource owner credentials flow
187
- subject.application_id = nil
188
- expect(subject).to be_valid
189
- end
190
- end
191
-
192
- describe '#same_credential?' do
193
-
194
- context 'with default parameters' do
195
-
196
- let(:resource_owner_id) { 100 }
197
- let(:application) { FactoryGirl.create :application }
198
- let(:default_attributes) do
199
- { application: application, resource_owner_id: resource_owner_id }
200
- end
201
- let(:access_token1) { FactoryGirl.create :access_token, default_attributes }
202
-
203
- context 'the second token has the same owner and same app' do
204
- let(:access_token2) { FactoryGirl.create :access_token, default_attributes }
205
- it 'success' do
206
- expect(access_token1.same_credential?(access_token2)).to be_truthy
207
- end
208
- end
209
-
210
- context 'the second token has same owner and different app' do
211
- let(:other_application) { FactoryGirl.create :application }
212
- let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: resource_owner_id }
213
-
214
- it 'fail' do
215
- expect(access_token1.same_credential?(access_token2)).to be_falsey
216
- end
217
- end
218
-
219
- context 'the second token has different owner and different app' do
220
-
221
- let(:other_application) { FactoryGirl.create :application }
222
- let(:access_token2) { FactoryGirl.create :access_token, application: other_application, resource_owner_id: 42 }
223
-
224
- it 'fail' do
225
- expect(access_token1.same_credential?(access_token2)).to be_falsey
226
- end
227
- end
228
-
229
- context 'the second token has different owner and same app' do
230
- let(:access_token2) { FactoryGirl.create :access_token, application: application, resource_owner_id: 42 }
231
-
232
- it 'fail' do
233
- expect(access_token1.same_credential?(access_token2)).to be_falsey
234
- end
235
- end
236
- end
237
- end
238
-
239
- describe '#acceptable?' do
240
- context 'a token that is not accessible' do
241
- let(:token) { FactoryGirl.create(:access_token, created_at: 6.hours.ago) }
242
-
243
- it 'should return false' do
244
- expect(token.acceptable?(nil)).to be false
245
- end
246
- end
247
-
248
- context 'a token that has the incorrect scopes' do
249
- let(:token) { FactoryGirl.create(:access_token) }
250
-
251
- it 'should return false' do
252
- expect(token.acceptable?(['public'])).to be false
253
- end
254
- end
255
-
256
- context 'a token is acceptable with the correct scopes' do
257
- let(:token) do
258
- token = FactoryGirl.create(:access_token)
259
- token[:scopes] = 'public'
260
- token
261
- end
262
-
263
- it 'should return true' do
264
- expect(token.acceptable?(['public'])).to be true
265
- end
266
- end
267
- end
268
-
269
- describe '.revoke_all_for' do
270
- let(:resource_owner) { double(id: 100) }
271
- let(:application) { FactoryGirl.create :application }
272
- let(:default_attributes) do
273
- { application: application, resource_owner_id: resource_owner.id }
274
- end
275
-
276
- it 'revokes all tokens for given application and resource owner' do
277
- FactoryGirl.create :access_token, default_attributes
278
- AccessToken.revoke_all_for application.id, resource_owner
279
- AccessToken.all.each do |token|
280
- expect(token).to be_revoked
281
- end
282
- end
283
-
284
- it 'matches application' do
285
- FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
286
- AccessToken.revoke_all_for application.id, resource_owner
287
- expect(AccessToken.all).not_to be_empty
288
- end
289
-
290
- it 'matches resource owner' do
291
- FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 90)
292
- AccessToken.revoke_all_for application.id, resource_owner
293
- expect(AccessToken.all).not_to be_empty
294
- end
295
- end
296
-
297
- describe '.matching_token_for' do
298
- let(:resource_owner_id) { 100 }
299
- let(:application) { FactoryGirl.create :application }
300
- let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public write') }
301
- let(:default_attributes) do
302
- {
303
- application: application,
304
- resource_owner_id: resource_owner_id,
305
- scopes: scopes.to_s
306
- }
307
- end
308
-
309
- it 'returns only one token' do
310
- token = FactoryGirl.create :access_token, default_attributes
311
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
312
- expect(last_token).to eq(token)
313
- end
314
-
315
- it 'accepts resource owner as object' do
316
- resource_owner = double(to_key: true, id: 100)
317
- token = FactoryGirl.create :access_token, default_attributes
318
- last_token = AccessToken.matching_token_for(application, resource_owner, scopes)
319
- expect(last_token).to eq(token)
320
- end
321
-
322
- it 'accepts nil as resource owner' do
323
- token = FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: nil)
324
- last_token = AccessToken.matching_token_for(application, nil, scopes)
325
- expect(last_token).to eq(token)
326
- end
327
-
328
- it 'excludes revoked tokens' do
329
- FactoryGirl.create :access_token, default_attributes.merge(revoked_at: 1.day.ago)
330
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
331
- expect(last_token).to be_nil
332
- end
333
-
334
- it 'matches the application' do
335
- FactoryGirl.create :access_token, default_attributes.merge(application: FactoryGirl.create(:application))
336
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
337
- expect(last_token).to be_nil
338
- end
339
-
340
- it 'matches the resource owner' do
341
- FactoryGirl.create :access_token, default_attributes.merge(resource_owner_id: 2)
342
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
343
- expect(last_token).to be_nil
344
- end
345
-
346
- it 'matches token with fewer scopes' do
347
- FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public')
348
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
349
- expect(last_token).to be_nil
350
- end
351
-
352
- it 'matches token with different scopes' do
353
- FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public email')
354
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
355
- expect(last_token).to be_nil
356
- end
357
-
358
- it 'matches token with more scopes' do
359
- FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public write email')
360
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
361
- expect(last_token).to be_nil
362
- end
363
-
364
- it 'matches application scopes' do
365
- application = FactoryGirl.create :application, scopes: "private read"
366
- FactoryGirl.create :access_token, default_attributes.merge(
367
- application: application
368
- )
369
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
370
- expect(last_token).to be_nil
371
- end
372
-
373
- it 'returns the last created token' do
374
- FactoryGirl.create :access_token, default_attributes.merge(created_at: 1.day.ago)
375
- token = FactoryGirl.create :access_token, default_attributes
376
- last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
377
- expect(last_token).to eq(token)
378
- end
379
-
380
- it 'returns as_json hash' do
381
- token = FactoryGirl.create :access_token, default_attributes
382
- token_hash = {
383
- resource_owner_id: token.resource_owner_id,
384
- scopes: token.scopes,
385
- expires_in_seconds: token.expires_in_seconds,
386
- application: { uid: token.application.uid },
387
- created_at: token.created_at.to_i,
388
- }
389
- expect(token.as_json).to eq token_hash
390
- end
391
- end
392
-
393
- end
394
- end