doorkeeper 4.2.6 → 5.5.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1049 -0
- data/README.md +110 -353
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +6 -7
- data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
- data/app/controllers/doorkeeper/applications_controller.rb +65 -16
- data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
- data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
- data/app/controllers/doorkeeper/tokens_controller.rb +115 -38
- data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
- data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
- data/app/views/doorkeeper/applications/_form.html.erb +33 -21
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +40 -16
- data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +6 -0
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
- data/config/locales/en.yml +34 -7
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +82 -0
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +514 -167
- data/lib/doorkeeper/engine.rb +11 -5
- data/lib/doorkeeper/errors.rb +25 -16
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
- data/lib/doorkeeper/grape/helpers.rb +23 -12
- data/lib/doorkeeper/helpers/controller.rb +51 -14
- data/lib/doorkeeper/models/access_grant_mixin.rb +94 -27
- data/lib/doorkeeper/models/access_token_mixin.rb +284 -96
- data/lib/doorkeeper/models/application_mixin.rb +58 -27
- data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +12 -6
- data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +3 -27
- data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
- data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
- data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +7 -5
- data/lib/doorkeeper/oauth/authorization_code_request.rb +63 -10
- data/lib/doorkeeper/oauth/base_request.rb +35 -19
- data/lib/doorkeeper/oauth/base_response.rb +2 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +9 -7
- data/lib/doorkeeper/oauth/client.rb +10 -11
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -11
- data/lib/doorkeeper/oauth/code_request.rb +8 -12
- data/lib/doorkeeper/oauth/code_response.rb +27 -15
- data/lib/doorkeeper/oauth/error.rb +5 -3
- data/lib/doorkeeper/oauth/error_response.rb +35 -15
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +29 -5
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +44 -10
- data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
- data/lib/doorkeeper/oauth/refresh_token_request.rb +60 -31
- data/lib/doorkeeper/oauth/scopes.rb +26 -12
- data/lib/doorkeeper/oauth/token.rb +13 -9
- data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
- data/lib/doorkeeper/oauth/token_request.rb +8 -20
- data/lib/doorkeeper/oauth/token_response.rb +14 -10
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
- data/lib/doorkeeper/orm/active_record/access_token.rb +5 -42
- data/lib/doorkeeper/orm/active_record/application.rb +6 -20
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
- data/lib/doorkeeper/orm/active_record.rb +37 -8
- data/lib/doorkeeper/rails/helpers.rb +14 -13
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
- data/lib/doorkeeper/rails/routes/mapping.rb +9 -7
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +41 -28
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +11 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/authorization_code.rb +6 -4
- data/lib/doorkeeper/request/client_credentials.rb +3 -3
- data/lib/doorkeeper/request/code.rb +1 -1
- data/lib/doorkeeper/request/password.rb +5 -14
- data/lib/doorkeeper/request/refresh_token.rb +6 -5
- data/lib/doorkeeper/request/strategy.rb +4 -2
- data/lib/doorkeeper/request/token.rb +1 -1
- data/lib/doorkeeper/request.rb +62 -29
- data/lib/doorkeeper/secret_storing/base.rb +64 -0
- data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
- data/lib/doorkeeper/secret_storing/plain.rb +33 -0
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
- data/lib/doorkeeper/server.rb +9 -11
- data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
- data/lib/doorkeeper/validations.rb +5 -2
- data/lib/doorkeeper/version.rb +12 -1
- data/lib/doorkeeper.rb +111 -62
- data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/install_generator.rb +19 -9
- data/lib/generators/doorkeeper/migration_generator.rb +27 -10
- data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
- data/{spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb → lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +412 -33
- data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
- data/lib/generators/doorkeeper/views_generator.rb +8 -4
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +114 -276
- data/.coveralls.yml +0 -1
- data/.gitignore +0 -19
- data/.hound.yml +0 -13
- data/.rspec +0 -1
- data/.travis.yml +0 -26
- data/Appraisals +0 -14
- data/CONTRIBUTING.md +0 -47
- data/Gemfile +0 -10
- data/NEWS.md +0 -606
- data/RELEASING.md +0 -10
- data/Rakefile +0 -20
- data/app/validators/redirect_uri_validator.rb +0 -34
- data/doorkeeper.gemspec +0 -29
- data/gemfiles/rails_4_2.gemfile +0 -11
- data/gemfiles/rails_5_0.gemfile +0 -12
- data/gemfiles/rails_5_1.gemfile +0 -13
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb +0 -11
- data/lib/generators/doorkeeper/templates/migration.rb +0 -68
- data/spec/controllers/application_metal_controller.rb +0 -10
- data/spec/controllers/applications_controller_spec.rb +0 -58
- data/spec/controllers/authorizations_controller_spec.rb +0 -218
- data/spec/controllers/protected_resources_controller_spec.rb +0 -300
- data/spec/controllers/token_info_controller_spec.rb +0 -52
- data/spec/controllers/tokens_controller_spec.rb +0 -88
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -5
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -23
- data/spec/dummy/config/boot.rb +0 -9
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -44
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/schema.rb +0 -67
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/factories.rb +0 -28
- data/spec/generators/application_owner_generator_spec.rb +0 -22
- data/spec/generators/install_generator_spec.rb +0 -31
- data/spec/generators/migration_generator_spec.rb +0 -20
- data/spec/generators/templates/routes.rb +0 -3
- data/spec/generators/views_generator_spec.rb +0 -27
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
- data/spec/lib/config_spec.rb +0 -334
- data/spec/lib/doorkeeper_spec.rb +0 -150
- data/spec/lib/models/expirable_spec.rb +0 -50
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -43
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -41
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
- data/spec/lib/oauth/base_request_spec.rb +0 -160
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -88
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
- data/spec/lib/oauth/client_spec.rb +0 -39
- data/spec/lib/oauth/code_request_spec.rb +0 -45
- data/spec/lib/oauth/code_response_spec.rb +0 -34
- data/spec/lib/oauth/error_response_spec.rb +0 -61
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -56
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
- data/spec/lib/oauth/scopes_spec.rb +0 -122
- data/spec/lib/oauth/token_request_spec.rb +0 -98
- data/spec/lib/oauth/token_response_spec.rb +0 -85
- data/spec/lib/oauth/token_spec.rb +0 -116
- data/spec/lib/request/strategy_spec.rb +0 -53
- data/spec/lib/server_spec.rb +0 -49
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
- data/spec/models/doorkeeper/access_token_spec.rb +0 -394
- data/spec/models/doorkeeper/application_spec.rb +0 -179
- data/spec/requests/applications/applications_request_spec.rb +0 -94
- data/spec/requests/applications/authorized_applications_spec.rb +0 -30
- data/spec/requests/endpoints/authorization_spec.rb +0 -71
- data/spec/requests/endpoints/token_spec.rb +0 -64
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -76
- data/spec/requests/flows/authorization_code_spec.rb +0 -148
- data/spec/requests/flows/client_credentials_spec.rb +0 -58
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
- data/spec/requests/flows/implicit_grant_spec.rb +0 -61
- data/spec/requests/flows/password_spec.rb +0 -115
- data/spec/requests/flows/refresh_token_spec.rb +0 -174
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -59
- data/spec/requests/protected_resources/metal_spec.rb +0 -14
- data/spec/requests/protected_resources/private_api_spec.rb +0 -81
- data/spec/routing/custom_controller_routes_spec.rb +0 -71
- data/spec/routing/default_routes_spec.rb +0 -35
- data/spec/routing/scoped_routes_spec.rb +0 -31
- data/spec/spec_helper.rb +0 -4
- data/spec/spec_helper_integration.rb +0 -63
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/access_token_request_helper.rb +0 -11
- data/spec/support/helpers/authorization_request_helper.rb +0 -41
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -67
- data/spec/support/helpers/request_spec_helper.rb +0 -84
- data/spec/support/helpers/url_helper.rb +0 -55
- data/spec/support/http_method_shim.rb +0 -38
- data/spec/support/orm/active_record.rb +0 -3
- data/spec/support/shared/controllers_shared_context.rb +0 -69
- data/spec/support/shared/models_shared_examples.rb +0 -52
- data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,179 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
module Doorkeeper
|
4
|
-
describe Application do
|
5
|
-
let(:require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', true) }
|
6
|
-
let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set('@confirm_application_owner', false) }
|
7
|
-
let(:new_application) { FactoryGirl.build(:application) }
|
8
|
-
|
9
|
-
let(:uid) { SecureRandom.hex(8) }
|
10
|
-
let(:secret) { SecureRandom.hex(8) }
|
11
|
-
|
12
|
-
context 'application_owner is enabled' do
|
13
|
-
before do
|
14
|
-
Doorkeeper.configure do
|
15
|
-
orm DOORKEEPER_ORM
|
16
|
-
enable_application_owner
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
context 'application owner is not required' do
|
21
|
-
before(:each) do
|
22
|
-
unset_require_owner
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'is valid given valid attributes' do
|
26
|
-
expect(new_application).to be_valid
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
context 'application owner is required' do
|
31
|
-
before(:each) do
|
32
|
-
require_owner
|
33
|
-
@owner = FactoryGirl.build_stubbed(:doorkeeper_testing_user)
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'is invalid without an owner' do
|
37
|
-
expect(new_application).not_to be_valid
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'is valid with an owner' do
|
41
|
-
new_application.owner = @owner
|
42
|
-
expect(new_application).to be_valid
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
it 'is invalid without a name' do
|
48
|
-
new_application.name = nil
|
49
|
-
expect(new_application).not_to be_valid
|
50
|
-
end
|
51
|
-
|
52
|
-
it 'generates uid on create' do
|
53
|
-
expect(new_application.uid).to be_nil
|
54
|
-
new_application.save
|
55
|
-
expect(new_application.uid).not_to be_nil
|
56
|
-
end
|
57
|
-
|
58
|
-
it 'generates uid on create if an empty string' do
|
59
|
-
new_application.uid = ''
|
60
|
-
new_application.save
|
61
|
-
expect(new_application.uid).not_to be_blank
|
62
|
-
end
|
63
|
-
|
64
|
-
it 'generates uid on create unless one is set' do
|
65
|
-
new_application.uid = uid
|
66
|
-
new_application.save
|
67
|
-
expect(new_application.uid).to eq(uid)
|
68
|
-
end
|
69
|
-
|
70
|
-
it 'is invalid without uid' do
|
71
|
-
new_application.save
|
72
|
-
new_application.uid = nil
|
73
|
-
expect(new_application).not_to be_valid
|
74
|
-
end
|
75
|
-
|
76
|
-
it 'is invalid without redirect_uri' do
|
77
|
-
new_application.save
|
78
|
-
new_application.redirect_uri = nil
|
79
|
-
expect(new_application).not_to be_valid
|
80
|
-
end
|
81
|
-
|
82
|
-
it 'checks uniqueness of uid' do
|
83
|
-
app1 = FactoryGirl.create(:application)
|
84
|
-
app2 = FactoryGirl.create(:application)
|
85
|
-
app2.uid = app1.uid
|
86
|
-
expect(app2).not_to be_valid
|
87
|
-
end
|
88
|
-
|
89
|
-
it 'expects database to throw an error when uids are the same' do
|
90
|
-
app1 = FactoryGirl.create(:application)
|
91
|
-
app2 = FactoryGirl.create(:application)
|
92
|
-
app2.uid = app1.uid
|
93
|
-
expect { app2.save!(validate: false) }.to raise_error(uniqueness_error)
|
94
|
-
end
|
95
|
-
|
96
|
-
it 'generate secret on create' do
|
97
|
-
expect(new_application.secret).to be_nil
|
98
|
-
new_application.save
|
99
|
-
expect(new_application.secret).not_to be_nil
|
100
|
-
end
|
101
|
-
|
102
|
-
it 'generate secret on create if is blank string' do
|
103
|
-
new_application.secret = ''
|
104
|
-
new_application.save
|
105
|
-
expect(new_application.secret).not_to be_blank
|
106
|
-
end
|
107
|
-
|
108
|
-
it 'generate secret on create unless one is set' do
|
109
|
-
new_application.secret = secret
|
110
|
-
new_application.save
|
111
|
-
expect(new_application.secret).to eq(secret)
|
112
|
-
end
|
113
|
-
|
114
|
-
it 'is invalid without secret' do
|
115
|
-
new_application.save
|
116
|
-
new_application.secret = nil
|
117
|
-
expect(new_application).not_to be_valid
|
118
|
-
end
|
119
|
-
|
120
|
-
describe 'destroy related models on cascade' do
|
121
|
-
before(:each) do
|
122
|
-
new_application.save
|
123
|
-
end
|
124
|
-
|
125
|
-
it 'should destroy its access grants' do
|
126
|
-
FactoryGirl.create(:access_grant, application: new_application)
|
127
|
-
expect { new_application.destroy }.to change { Doorkeeper::AccessGrant.count }.by(-1)
|
128
|
-
end
|
129
|
-
|
130
|
-
it 'should destroy its access tokens' do
|
131
|
-
FactoryGirl.create(:access_token, application: new_application)
|
132
|
-
FactoryGirl.create(:access_token, application: new_application, revoked_at: Time.now.utc)
|
133
|
-
expect do
|
134
|
-
new_application.destroy
|
135
|
-
end.to change { Doorkeeper::AccessToken.count }.by(-2)
|
136
|
-
end
|
137
|
-
end
|
138
|
-
|
139
|
-
describe :authorized_for do
|
140
|
-
let(:resource_owner) { double(:resource_owner, id: 10) }
|
141
|
-
|
142
|
-
it 'is empty if the application is not authorized for anyone' do
|
143
|
-
expect(Application.authorized_for(resource_owner)).to be_empty
|
144
|
-
end
|
145
|
-
|
146
|
-
it 'returns only application for a specific resource owner' do
|
147
|
-
FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id + 1)
|
148
|
-
token = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
|
149
|
-
expect(Application.authorized_for(resource_owner)).to eq([token.application])
|
150
|
-
end
|
151
|
-
|
152
|
-
it 'excludes revoked tokens' do
|
153
|
-
FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, revoked_at: 2.days.ago)
|
154
|
-
expect(Application.authorized_for(resource_owner)).to be_empty
|
155
|
-
end
|
156
|
-
|
157
|
-
it 'returns all applications that have been authorized' do
|
158
|
-
token1 = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
|
159
|
-
token2 = FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id)
|
160
|
-
expect(Application.authorized_for(resource_owner)).to eq([token1.application, token2.application])
|
161
|
-
end
|
162
|
-
|
163
|
-
it 'returns only one application even if it has been authorized twice' do
|
164
|
-
application = FactoryGirl.create(:application)
|
165
|
-
FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, application: application)
|
166
|
-
FactoryGirl.create(:access_token, resource_owner_id: resource_owner.id, application: application)
|
167
|
-
expect(Application.authorized_for(resource_owner)).to eq([application])
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
describe :authenticate do
|
172
|
-
it 'finds the application via uid/secret' do
|
173
|
-
app = FactoryGirl.create :application
|
174
|
-
authenticated = Application.by_uid_and_secret(app.uid, app.secret)
|
175
|
-
expect(authenticated).to eq(app)
|
176
|
-
end
|
177
|
-
end
|
178
|
-
end
|
179
|
-
end
|
@@ -1,94 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
feature 'Adding applications' do
|
4
|
-
context 'in application form' do
|
5
|
-
background do
|
6
|
-
visit '/oauth/applications/new'
|
7
|
-
end
|
8
|
-
|
9
|
-
scenario 'adding a valid app' do
|
10
|
-
fill_in 'doorkeeper_application[name]', with: 'My Application'
|
11
|
-
fill_in 'doorkeeper_application[redirect_uri]',
|
12
|
-
with: 'https://example.com'
|
13
|
-
|
14
|
-
click_button 'Submit'
|
15
|
-
i_should_see 'Application created'
|
16
|
-
i_should_see 'My Application'
|
17
|
-
end
|
18
|
-
|
19
|
-
scenario 'adding invalid app' do
|
20
|
-
click_button 'Submit'
|
21
|
-
i_should_see 'Whoops! Check your form for possible errors'
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
feature 'Listing applications' do
|
27
|
-
background do
|
28
|
-
FactoryGirl.create :application, name: 'Oauth Dude'
|
29
|
-
FactoryGirl.create :application, name: 'Awesome App'
|
30
|
-
end
|
31
|
-
|
32
|
-
scenario 'application list' do
|
33
|
-
visit '/oauth/applications'
|
34
|
-
i_should_see 'Awesome App'
|
35
|
-
i_should_see 'Oauth Dude'
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
feature 'Show application' do
|
40
|
-
given :app do
|
41
|
-
FactoryGirl.create :application, name: 'Just another oauth app'
|
42
|
-
end
|
43
|
-
|
44
|
-
scenario 'visiting application page' do
|
45
|
-
visit "/oauth/applications/#{app.id}"
|
46
|
-
i_should_see 'Just another oauth app'
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
feature 'Edit application' do
|
51
|
-
let :app do
|
52
|
-
FactoryGirl.create :application, name: 'OMG my app'
|
53
|
-
end
|
54
|
-
|
55
|
-
background do
|
56
|
-
visit "/oauth/applications/#{app.id}/edit"
|
57
|
-
end
|
58
|
-
|
59
|
-
scenario 'updating a valid app' do
|
60
|
-
fill_in 'doorkeeper_application[name]', with: 'Serious app'
|
61
|
-
click_button 'Submit'
|
62
|
-
i_should_see 'Application updated'
|
63
|
-
i_should_see 'Serious app'
|
64
|
-
i_should_not_see 'OMG my app'
|
65
|
-
end
|
66
|
-
|
67
|
-
scenario 'updating an invalid app' do
|
68
|
-
fill_in 'doorkeeper_application[name]', with: ''
|
69
|
-
click_button 'Submit'
|
70
|
-
i_should_see 'Whoops! Check your form for possible errors'
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
feature 'Remove application' do
|
75
|
-
background do
|
76
|
-
@app = FactoryGirl.create :application
|
77
|
-
end
|
78
|
-
|
79
|
-
scenario 'deleting an application from list' do
|
80
|
-
visit '/oauth/applications'
|
81
|
-
i_should_see @app.name
|
82
|
-
within(:css, "tr#application_#{@app.id}") do
|
83
|
-
click_button 'Destroy'
|
84
|
-
end
|
85
|
-
i_should_see 'Application deleted'
|
86
|
-
i_should_not_see @app.name
|
87
|
-
end
|
88
|
-
|
89
|
-
scenario 'deleting an application from show' do
|
90
|
-
visit "/oauth/applications/#{@app.id}"
|
91
|
-
click_button 'Destroy'
|
92
|
-
i_should_see 'Application deleted'
|
93
|
-
end
|
94
|
-
end
|
@@ -1,30 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
feature 'Authorized applications' do
|
4
|
-
background do
|
5
|
-
@user = User.create!(name: 'Joe', password: 'sekret')
|
6
|
-
@client = client_exists(name: 'Amazing Client App')
|
7
|
-
resource_owner_is_authenticated @user
|
8
|
-
client_is_authorized @client, @user
|
9
|
-
end
|
10
|
-
|
11
|
-
scenario 'display user\'s authorized applications' do
|
12
|
-
visit '/oauth/authorized_applications'
|
13
|
-
i_should_see 'Amazing Client App'
|
14
|
-
end
|
15
|
-
|
16
|
-
scenario 'do not display other user\'s authorized applications' do
|
17
|
-
client = client_exists(name: 'Another Client App')
|
18
|
-
client_is_authorized client, User.create!(name: 'Joe', password: 'sekret')
|
19
|
-
visit '/oauth/authorized_applications'
|
20
|
-
i_should_not_see 'Another Client App'
|
21
|
-
end
|
22
|
-
|
23
|
-
scenario 'user revoke access to application' do
|
24
|
-
visit '/oauth/authorized_applications'
|
25
|
-
i_should_see 'Amazing Client App'
|
26
|
-
click_on 'Revoke'
|
27
|
-
i_should_see 'Application revoked'
|
28
|
-
i_should_not_see 'Amazing Client App'
|
29
|
-
end
|
30
|
-
end
|
@@ -1,71 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
feature 'Authorization endpoint' do
|
4
|
-
background do
|
5
|
-
config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
|
6
|
-
client_exists(name: 'MyApp')
|
7
|
-
end
|
8
|
-
|
9
|
-
scenario 'requires resource owner to be authenticated' do
|
10
|
-
visit authorization_endpoint_url(client: @client)
|
11
|
-
i_should_see 'Sign in'
|
12
|
-
i_should_be_on '/'
|
13
|
-
end
|
14
|
-
|
15
|
-
context 'with authenticated resource owner' do
|
16
|
-
background do
|
17
|
-
create_resource_owner
|
18
|
-
sign_in
|
19
|
-
end
|
20
|
-
|
21
|
-
scenario 'displays the authorization form' do
|
22
|
-
visit authorization_endpoint_url(client: @client)
|
23
|
-
i_should_see 'Authorize MyApp to use your account?'
|
24
|
-
end
|
25
|
-
|
26
|
-
scenario 'displays all requested scopes' do
|
27
|
-
default_scopes_exist :public
|
28
|
-
optional_scopes_exist :write
|
29
|
-
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
30
|
-
i_should_see 'Access your public data'
|
31
|
-
i_should_see 'Update your data'
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
context 'with a invalid request' do
|
36
|
-
background do
|
37
|
-
create_resource_owner
|
38
|
-
sign_in
|
39
|
-
end
|
40
|
-
|
41
|
-
scenario 'displays the related error' do
|
42
|
-
visit authorization_endpoint_url(client: @client, response_type: '')
|
43
|
-
i_should_not_see 'Authorize'
|
44
|
-
i_should_see_translated_error_message :unsupported_response_type
|
45
|
-
end
|
46
|
-
|
47
|
-
scenario "displays unsupported_response_type error when using a disabled response type" do
|
48
|
-
config_is_set(:grant_flows, ['implicit'])
|
49
|
-
visit authorization_endpoint_url(client: @client, response_type: 'code')
|
50
|
-
i_should_not_see "Authorize"
|
51
|
-
i_should_see_translated_error_message :unsupported_response_type
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
context 'forgery protection enabled' do
|
56
|
-
background do
|
57
|
-
create_resource_owner
|
58
|
-
sign_in
|
59
|
-
end
|
60
|
-
|
61
|
-
scenario 'raises exception on forged requests' do
|
62
|
-
allowing_forgery_protection do
|
63
|
-
expect {
|
64
|
-
page.driver.post authorization_endpoint_url(client_id: @client.uid,
|
65
|
-
redirect_uri: @client.redirect_uri,
|
66
|
-
response_type: 'code')
|
67
|
-
}.to raise_error(ActionController::InvalidAuthenticityToken)
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
describe 'Token endpoint' do
|
4
|
-
before do
|
5
|
-
client_exists
|
6
|
-
authorization_code_exists application: @client, scopes: 'public'
|
7
|
-
end
|
8
|
-
|
9
|
-
it 'respond with correct headers' do
|
10
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
11
|
-
should_have_header 'Pragma', 'no-cache'
|
12
|
-
should_have_header 'Cache-Control', 'no-store'
|
13
|
-
should_have_header 'Content-Type', 'application/json; charset=utf-8'
|
14
|
-
end
|
15
|
-
|
16
|
-
it 'accepts client credentials with basic auth header' do
|
17
|
-
post token_endpoint_url(
|
18
|
-
code: @authorization.token,
|
19
|
-
redirect_uri: @client.redirect_uri
|
20
|
-
), {}, 'HTTP_AUTHORIZATION' => basic_auth_header_for_client(@client)
|
21
|
-
|
22
|
-
should_have_json 'access_token', Doorkeeper::AccessToken.first.token
|
23
|
-
end
|
24
|
-
|
25
|
-
it 'returns null for expires_in when a permanent token is set' do
|
26
|
-
config_is_set(:access_token_expires_in, nil)
|
27
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
28
|
-
should_have_json 'access_token', Doorkeeper::AccessToken.first.token
|
29
|
-
should_not_have_json 'expires_in'
|
30
|
-
end
|
31
|
-
|
32
|
-
it 'returns unsupported_grant_type for invalid grant_type param' do
|
33
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'nothing')
|
34
|
-
|
35
|
-
should_not_have_json 'access_token'
|
36
|
-
should_have_json 'error', 'unsupported_grant_type'
|
37
|
-
should_have_json 'error_description', translated_error_message('unsupported_grant_type')
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'returns unsupported_grant_type for disabled grant flows' do
|
41
|
-
config_is_set(:grant_flows, ['implicit'])
|
42
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'authorization_code')
|
43
|
-
|
44
|
-
should_not_have_json 'access_token'
|
45
|
-
should_have_json 'error', 'unsupported_grant_type'
|
46
|
-
should_have_json 'error_description', translated_error_message('unsupported_grant_type')
|
47
|
-
end
|
48
|
-
|
49
|
-
it 'returns unsupported_grant_type when refresh_token is not in use' do
|
50
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'refresh_token')
|
51
|
-
|
52
|
-
should_not_have_json 'access_token'
|
53
|
-
should_have_json 'error', 'unsupported_grant_type'
|
54
|
-
should_have_json 'error_description', translated_error_message('unsupported_grant_type')
|
55
|
-
end
|
56
|
-
|
57
|
-
it 'returns invalid_request if grant_type is missing' do
|
58
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: '')
|
59
|
-
|
60
|
-
should_not_have_json 'access_token'
|
61
|
-
should_have_json 'error', 'invalid_request'
|
62
|
-
should_have_json 'error_description', translated_error_message('invalid_request')
|
63
|
-
end
|
64
|
-
end
|
@@ -1,76 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
feature 'Authorization Code Flow Errors' do
|
4
|
-
let(:client_params) { {} }
|
5
|
-
background do
|
6
|
-
config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
|
7
|
-
client_exists client_params
|
8
|
-
create_resource_owner
|
9
|
-
sign_in
|
10
|
-
end
|
11
|
-
|
12
|
-
after do
|
13
|
-
access_grant_should_not_exist
|
14
|
-
end
|
15
|
-
|
16
|
-
context "with a client trying to xss resource owner" do
|
17
|
-
let(:client_name) { "<div id='xss'>XSS</div>" }
|
18
|
-
let(:client_params) { { name: client_name } }
|
19
|
-
scenario "resource owner visit authorization endpoint" do
|
20
|
-
visit authorization_endpoint_url(client: @client)
|
21
|
-
expect(page).not_to have_css("#xss")
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
context 'when access was denied' do
|
26
|
-
scenario 'redirects with error' do
|
27
|
-
visit authorization_endpoint_url(client: @client)
|
28
|
-
click_on 'Deny'
|
29
|
-
|
30
|
-
i_should_be_on_client_callback @client
|
31
|
-
url_should_not_have_param 'code'
|
32
|
-
url_should_have_param 'error', 'access_denied'
|
33
|
-
url_should_have_param 'error_description', translated_error_message(:access_denied)
|
34
|
-
end
|
35
|
-
|
36
|
-
scenario 'redirects with state parameter' do
|
37
|
-
visit authorization_endpoint_url(client: @client, state: 'return-this')
|
38
|
-
click_on 'Deny'
|
39
|
-
|
40
|
-
i_should_be_on_client_callback @client
|
41
|
-
url_should_not_have_param 'code'
|
42
|
-
url_should_have_param 'state', 'return-this'
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
describe 'Authorization Code Flow Errors', 'after authorization' do
|
48
|
-
before do
|
49
|
-
client_exists
|
50
|
-
authorization_code_exists application: @client
|
51
|
-
end
|
52
|
-
|
53
|
-
it 'returns :invalid_grant error when posting an already revoked grant code' do
|
54
|
-
# First successful request
|
55
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
56
|
-
|
57
|
-
# Second attempt with same token
|
58
|
-
expect do
|
59
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
60
|
-
end.to_not change { Doorkeeper::AccessToken.count }
|
61
|
-
|
62
|
-
should_not_have_json 'access_token'
|
63
|
-
should_have_json 'error', 'invalid_grant'
|
64
|
-
should_have_json 'error_description', translated_error_message('invalid_grant')
|
65
|
-
end
|
66
|
-
|
67
|
-
it 'returns :invalid_grant error for invalid grant code' do
|
68
|
-
post token_endpoint_url(code: 'invalid', client: @client)
|
69
|
-
|
70
|
-
access_token_should_not_exist
|
71
|
-
|
72
|
-
should_not_have_json 'access_token'
|
73
|
-
should_have_json 'error', 'invalid_grant'
|
74
|
-
should_have_json 'error_description', translated_error_message('invalid_grant')
|
75
|
-
end
|
76
|
-
end
|
@@ -1,148 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
feature 'Authorization Code Flow' do
|
4
|
-
background do
|
5
|
-
config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
|
6
|
-
client_exists
|
7
|
-
create_resource_owner
|
8
|
-
sign_in
|
9
|
-
end
|
10
|
-
|
11
|
-
scenario 'resource owner authorizes the client' do
|
12
|
-
visit authorization_endpoint_url(client: @client)
|
13
|
-
click_on 'Authorize'
|
14
|
-
|
15
|
-
access_grant_should_exist_for(@client, @resource_owner)
|
16
|
-
|
17
|
-
i_should_be_on_client_callback(@client)
|
18
|
-
|
19
|
-
url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
|
20
|
-
url_should_not_have_param('state')
|
21
|
-
url_should_not_have_param('error')
|
22
|
-
end
|
23
|
-
|
24
|
-
scenario 'resource owner authorizes using test url' do
|
25
|
-
@client.redirect_uri = Doorkeeper.configuration.native_redirect_uri
|
26
|
-
@client.save!
|
27
|
-
visit authorization_endpoint_url(client: @client)
|
28
|
-
click_on 'Authorize'
|
29
|
-
|
30
|
-
access_grant_should_exist_for(@client, @resource_owner)
|
31
|
-
|
32
|
-
i_should_see 'Authorization code:'
|
33
|
-
i_should_see Doorkeeper::AccessGrant.first.token
|
34
|
-
end
|
35
|
-
|
36
|
-
scenario 'resource owner authorizes the client with state parameter set' do
|
37
|
-
visit authorization_endpoint_url(client: @client, state: 'return-me')
|
38
|
-
click_on 'Authorize'
|
39
|
-
url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
|
40
|
-
url_should_have_param('state', 'return-me')
|
41
|
-
end
|
42
|
-
|
43
|
-
scenario 'resource owner requests an access token with authorization code' do
|
44
|
-
visit authorization_endpoint_url(client: @client)
|
45
|
-
click_on 'Authorize'
|
46
|
-
|
47
|
-
authorization_code = Doorkeeper::AccessGrant.first.token
|
48
|
-
create_access_token authorization_code, @client
|
49
|
-
|
50
|
-
access_token_should_exist_for(@client, @resource_owner)
|
51
|
-
|
52
|
-
should_not_have_json 'error'
|
53
|
-
|
54
|
-
should_have_json 'access_token', Doorkeeper::AccessToken.first.token
|
55
|
-
should_have_json 'token_type', 'bearer'
|
56
|
-
should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
|
57
|
-
end
|
58
|
-
|
59
|
-
context 'with scopes' do
|
60
|
-
background do
|
61
|
-
default_scopes_exist :public
|
62
|
-
optional_scopes_exist :write
|
63
|
-
end
|
64
|
-
|
65
|
-
scenario 'resource owner authorizes the client with default scopes' do
|
66
|
-
visit authorization_endpoint_url(client: @client)
|
67
|
-
click_on 'Authorize'
|
68
|
-
access_grant_should_exist_for(@client, @resource_owner)
|
69
|
-
access_grant_should_have_scopes :public
|
70
|
-
end
|
71
|
-
|
72
|
-
scenario 'resource owner authorizes the client with required scopes' do
|
73
|
-
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
74
|
-
click_on 'Authorize'
|
75
|
-
access_grant_should_have_scopes :public, :write
|
76
|
-
end
|
77
|
-
|
78
|
-
scenario 'resource owner authorizes the client with required scopes (without defaults)' do
|
79
|
-
visit authorization_endpoint_url(client: @client, scope: 'write')
|
80
|
-
click_on 'Authorize'
|
81
|
-
access_grant_should_have_scopes :write
|
82
|
-
end
|
83
|
-
|
84
|
-
scenario 'new access token matches required scopes' do
|
85
|
-
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
86
|
-
click_on 'Authorize'
|
87
|
-
|
88
|
-
authorization_code = Doorkeeper::AccessGrant.first.token
|
89
|
-
create_access_token authorization_code, @client
|
90
|
-
|
91
|
-
access_token_should_exist_for(@client, @resource_owner)
|
92
|
-
access_token_should_have_scopes :public, :write
|
93
|
-
end
|
94
|
-
|
95
|
-
scenario 'returns new token if scopes have changed' do
|
96
|
-
client_is_authorized(@client, @resource_owner, scopes: 'public write')
|
97
|
-
visit authorization_endpoint_url(client: @client, scope: 'public')
|
98
|
-
click_on 'Authorize'
|
99
|
-
|
100
|
-
authorization_code = Doorkeeper::AccessGrant.first.token
|
101
|
-
create_access_token authorization_code, @client
|
102
|
-
|
103
|
-
expect(Doorkeeper::AccessToken.count).to be(2)
|
104
|
-
|
105
|
-
should_have_json 'access_token', Doorkeeper::AccessToken.last.token
|
106
|
-
end
|
107
|
-
|
108
|
-
scenario 'resource owner authorizes the client with extra scopes' do
|
109
|
-
client_is_authorized(@client, @resource_owner, scopes: 'public')
|
110
|
-
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
111
|
-
click_on 'Authorize'
|
112
|
-
|
113
|
-
authorization_code = Doorkeeper::AccessGrant.first.token
|
114
|
-
create_access_token authorization_code, @client
|
115
|
-
|
116
|
-
expect(Doorkeeper::AccessToken.count).to be(2)
|
117
|
-
|
118
|
-
should_have_json 'access_token', Doorkeeper::AccessToken.last.token
|
119
|
-
access_token_should_have_scopes :public, :write
|
120
|
-
end
|
121
|
-
end
|
122
|
-
end
|
123
|
-
|
124
|
-
describe 'Authorization Code Flow' do
|
125
|
-
before do
|
126
|
-
Doorkeeper.configure do
|
127
|
-
orm DOORKEEPER_ORM
|
128
|
-
use_refresh_token
|
129
|
-
end
|
130
|
-
client_exists
|
131
|
-
end
|
132
|
-
|
133
|
-
context 'issuing a refresh token' do
|
134
|
-
before do
|
135
|
-
authorization_code_exists application: @client
|
136
|
-
end
|
137
|
-
|
138
|
-
it 'second of simultaneous client requests get an error for revoked acccess token' do
|
139
|
-
authorization_code = Doorkeeper::AccessGrant.first.token
|
140
|
-
allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:revoked?).and_return(false, true)
|
141
|
-
|
142
|
-
post token_endpoint_url(code: authorization_code, client: @client)
|
143
|
-
|
144
|
-
should_not_have_json 'access_token'
|
145
|
-
should_have_json 'error', 'invalid_grant'
|
146
|
-
end
|
147
|
-
end
|
148
|
-
end
|