doorkeeper 4.4.0 → 5.6.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (284) hide show
  1. checksums.yaml +5 -5
  2. data/{NEWS.md → CHANGELOG.md} +471 -16
  3. data/README.md +108 -403
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +8 -5
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
  7. data/app/controllers/doorkeeper/applications_controller.rb +62 -27
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +112 -18
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +104 -35
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +9 -7
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
  14. data/app/views/doorkeeper/applications/_form.html.erb +27 -26
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +17 -7
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +38 -17
  19. data/app/views/doorkeeper/authorizations/error.html.erb +4 -2
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +16 -10
  22. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  23. data/config/locales/en.yml +28 -5
  24. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  25. data/lib/doorkeeper/config/option.rb +82 -0
  26. data/lib/doorkeeper/config/validations.rb +53 -0
  27. data/lib/doorkeeper/config.rb +477 -142
  28. data/lib/doorkeeper/engine.rb +17 -4
  29. data/lib/doorkeeper/errors.rb +25 -16
  30. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  31. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  32. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  33. data/lib/doorkeeper/grant_flow.rb +45 -0
  34. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  35. data/lib/doorkeeper/grape/helpers.rb +13 -7
  36. data/lib/doorkeeper/helpers/controller.rb +43 -10
  37. data/lib/doorkeeper/models/access_grant_mixin.rb +97 -3
  38. data/lib/doorkeeper/models/access_token_mixin.rb +273 -67
  39. data/lib/doorkeeper/models/application_mixin.rb +50 -5
  40. data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
  41. data/lib/doorkeeper/models/concerns/expirable.rb +7 -3
  42. data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
  43. data/lib/doorkeeper/models/concerns/orderable.rb +2 -0
  44. data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
  45. data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
  46. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  47. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  48. data/lib/doorkeeper/models/concerns/revocable.rb +3 -27
  49. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  50. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  51. data/lib/doorkeeper/oauth/authorization/code.rb +54 -12
  52. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  53. data/lib/doorkeeper/oauth/authorization/token.rb +64 -24
  54. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +7 -5
  55. data/lib/doorkeeper/oauth/authorization_code_request.rb +69 -11
  56. data/lib/doorkeeper/oauth/base_request.rb +36 -24
  57. data/lib/doorkeeper/oauth/base_response.rb +2 -0
  58. data/lib/doorkeeper/oauth/client/credentials.rb +5 -5
  59. data/lib/doorkeeper/oauth/client.rb +10 -11
  60. data/lib/doorkeeper/oauth/client_credentials/creator.rb +44 -4
  61. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
  62. data/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
  63. data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -11
  64. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  65. data/lib/doorkeeper/oauth/code_response.rb +27 -15
  66. data/lib/doorkeeper/oauth/error.rb +3 -1
  67. data/lib/doorkeeper/oauth/error_response.rb +34 -14
  68. data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
  69. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
  70. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  71. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +42 -6
  72. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  73. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  74. data/lib/doorkeeper/oauth/invalid_token_response.rb +29 -4
  75. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  76. data/lib/doorkeeper/oauth/password_access_token_request.rb +43 -10
  77. data/lib/doorkeeper/oauth/pre_authorization.rb +136 -26
  78. data/lib/doorkeeper/oauth/refresh_token_request.rb +67 -31
  79. data/lib/doorkeeper/oauth/scopes.rb +8 -4
  80. data/lib/doorkeeper/oauth/token.rb +12 -8
  81. data/lib/doorkeeper/oauth/token_introspection.rb +99 -25
  82. data/lib/doorkeeper/oauth/token_request.rb +8 -20
  83. data/lib/doorkeeper/oauth/token_response.rb +13 -10
  84. data/lib/doorkeeper/oauth.rb +13 -0
  85. data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -30
  86. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -43
  87. data/lib/doorkeeper/orm/active_record/application.rb +6 -57
  88. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +63 -0
  89. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +77 -0
  90. data/lib/doorkeeper/orm/active_record/mixins/application.rb +210 -0
  91. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  92. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +36 -0
  93. data/lib/doorkeeper/orm/active_record.rb +31 -20
  94. data/lib/doorkeeper/rails/helpers.rb +10 -8
  95. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  96. data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
  97. data/lib/doorkeeper/rails/routes/mapping.rb +9 -7
  98. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  99. data/lib/doorkeeper/rails/routes.rb +45 -25
  100. data/lib/doorkeeper/rake/db.rake +40 -0
  101. data/lib/doorkeeper/rake/setup.rake +6 -0
  102. data/lib/doorkeeper/rake.rb +14 -0
  103. data/lib/doorkeeper/request/authorization_code.rb +6 -4
  104. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  105. data/lib/doorkeeper/request/code.rb +1 -1
  106. data/lib/doorkeeper/request/password.rb +4 -3
  107. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  108. data/lib/doorkeeper/request/strategy.rb +4 -2
  109. data/lib/doorkeeper/request/token.rb +1 -1
  110. data/lib/doorkeeper/request.rb +61 -34
  111. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  112. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  113. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  114. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  115. data/lib/doorkeeper/server.rb +9 -11
  116. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  117. data/lib/doorkeeper/validations.rb +2 -0
  118. data/lib/doorkeeper/version.rb +7 -29
  119. data/lib/doorkeeper.rb +180 -65
  120. data/lib/generators/doorkeeper/application_owner_generator.rb +24 -18
  121. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  122. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  123. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  124. data/lib/generators/doorkeeper/migration_generator.rb +23 -18
  125. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  126. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +28 -22
  127. data/{spec/dummy/db/migrate/20180210183654_add_confidential_to_application.rb → lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb} +2 -2
  128. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  129. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  130. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  131. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  132. data/lib/generators/doorkeeper/templates/initializer.rb +402 -32
  133. data/lib/generators/doorkeeper/templates/migration.rb.erb +47 -18
  134. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  135. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  136. metadata +97 -309
  137. data/.coveralls.yml +0 -1
  138. data/.github/ISSUE_TEMPLATE.md +0 -25
  139. data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
  140. data/.gitignore +0 -19
  141. data/.hound.yml +0 -2
  142. data/.rspec +0 -1
  143. data/.rubocop.yml +0 -17
  144. data/.travis.yml +0 -38
  145. data/Appraisals +0 -18
  146. data/CODE_OF_CONDUCT.md +0 -46
  147. data/CONTRIBUTING.md +0 -47
  148. data/Gemfile +0 -10
  149. data/RELEASING.md +0 -10
  150. data/Rakefile +0 -20
  151. data/SECURITY.md +0 -15
  152. data/app/validators/redirect_uri_validator.rb +0 -44
  153. data/doorkeeper.gemspec +0 -32
  154. data/gemfiles/rails_4_2.gemfile +0 -13
  155. data/gemfiles/rails_5_0.gemfile +0 -12
  156. data/gemfiles/rails_5_1.gemfile +0 -12
  157. data/gemfiles/rails_5_2.gemfile +0 -12
  158. data/gemfiles/rails_master.gemfile +0 -14
  159. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  160. data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +0 -31
  161. data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +0 -11
  162. data/spec/controllers/application_metal_controller.rb +0 -10
  163. data/spec/controllers/applications_controller_spec.rb +0 -69
  164. data/spec/controllers/authorizations_controller_spec.rb +0 -218
  165. data/spec/controllers/protected_resources_controller_spec.rb +0 -309
  166. data/spec/controllers/token_info_controller_spec.rb +0 -56
  167. data/spec/controllers/tokens_controller_spec.rb +0 -274
  168. data/spec/dummy/Rakefile +0 -7
  169. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  170. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  171. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  172. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  173. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  174. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  175. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  176. data/spec/dummy/app/models/user.rb +0 -5
  177. data/spec/dummy/app/views/home/index.html.erb +0 -0
  178. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  179. data/spec/dummy/config/application.rb +0 -23
  180. data/spec/dummy/config/boot.rb +0 -9
  181. data/spec/dummy/config/database.yml +0 -15
  182. data/spec/dummy/config/environment.rb +0 -5
  183. data/spec/dummy/config/environments/development.rb +0 -29
  184. data/spec/dummy/config/environments/production.rb +0 -62
  185. data/spec/dummy/config/environments/test.rb +0 -44
  186. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  187. data/spec/dummy/config/initializers/doorkeeper.rb +0 -107
  188. data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -6
  189. data/spec/dummy/config/initializers/secret_token.rb +0 -8
  190. data/spec/dummy/config/initializers/session_store.rb +0 -8
  191. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  192. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  193. data/spec/dummy/config/routes.rb +0 -52
  194. data/spec/dummy/config.ru +0 -4
  195. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  196. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  197. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -62
  198. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  199. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  200. data/spec/dummy/db/schema.rb +0 -68
  201. data/spec/dummy/public/404.html +0 -26
  202. data/spec/dummy/public/422.html +0 -26
  203. data/spec/dummy/public/500.html +0 -26
  204. data/spec/dummy/public/favicon.ico +0 -0
  205. data/spec/dummy/script/rails +0 -6
  206. data/spec/factories.rb +0 -28
  207. data/spec/generators/application_owner_generator_spec.rb +0 -41
  208. data/spec/generators/install_generator_spec.rb +0 -31
  209. data/spec/generators/migration_generator_spec.rb +0 -41
  210. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -57
  211. data/spec/generators/templates/routes.rb +0 -3
  212. data/spec/generators/views_generator_spec.rb +0 -27
  213. data/spec/grape/grape_integration_spec.rb +0 -135
  214. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  215. data/spec/lib/config_spec.rb +0 -437
  216. data/spec/lib/doorkeeper_spec.rb +0 -150
  217. data/spec/lib/models/expirable_spec.rb +0 -50
  218. data/spec/lib/models/revocable_spec.rb +0 -59
  219. data/spec/lib/models/scopes_spec.rb +0 -43
  220. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -41
  221. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -108
  222. data/spec/lib/oauth/base_request_spec.rb +0 -155
  223. data/spec/lib/oauth/base_response_spec.rb +0 -45
  224. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  225. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  226. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  227. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  228. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  229. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -105
  230. data/spec/lib/oauth/client_spec.rb +0 -39
  231. data/spec/lib/oauth/code_request_spec.rb +0 -43
  232. data/spec/lib/oauth/code_response_spec.rb +0 -34
  233. data/spec/lib/oauth/error_response_spec.rb +0 -61
  234. data/spec/lib/oauth/error_spec.rb +0 -23
  235. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  236. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  237. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  238. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -213
  239. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -56
  240. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -96
  241. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  242. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  243. data/spec/lib/oauth/scopes_spec.rb +0 -149
  244. data/spec/lib/oauth/token_request_spec.rb +0 -96
  245. data/spec/lib/oauth/token_response_spec.rb +0 -85
  246. data/spec/lib/oauth/token_spec.rb +0 -116
  247. data/spec/lib/request/strategy_spec.rb +0 -53
  248. data/spec/lib/server_spec.rb +0 -59
  249. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  250. data/spec/models/doorkeeper/access_token_spec.rb +0 -418
  251. data/spec/models/doorkeeper/application_spec.rb +0 -286
  252. data/spec/requests/applications/applications_request_spec.rb +0 -94
  253. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  254. data/spec/requests/endpoints/authorization_spec.rb +0 -71
  255. data/spec/requests/endpoints/token_spec.rb +0 -71
  256. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -76
  257. data/spec/requests/flows/authorization_code_spec.rb +0 -149
  258. data/spec/requests/flows/client_credentials_spec.rb +0 -86
  259. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  260. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  261. data/spec/requests/flows/password_spec.rb +0 -197
  262. data/spec/requests/flows/refresh_token_spec.rb +0 -174
  263. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  264. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  265. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  266. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  267. data/spec/routing/custom_controller_routes_spec.rb +0 -75
  268. data/spec/routing/default_routes_spec.rb +0 -39
  269. data/spec/routing/scoped_routes_spec.rb +0 -31
  270. data/spec/spec_helper.rb +0 -4
  271. data/spec/spec_helper_integration.rb +0 -74
  272. data/spec/support/dependencies/factory_girl.rb +0 -2
  273. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  274. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  275. data/spec/support/helpers/config_helper.rb +0 -9
  276. data/spec/support/helpers/model_helper.rb +0 -72
  277. data/spec/support/helpers/request_spec_helper.rb +0 -88
  278. data/spec/support/helpers/url_helper.rb +0 -56
  279. data/spec/support/http_method_shim.rb +0 -38
  280. data/spec/support/orm/active_record.rb +0 -3
  281. data/spec/support/shared/controllers_shared_context.rb +0 -65
  282. data/spec/support/shared/models_shared_examples.rb +0 -52
  283. data/spec/validators/redirect_uri_validator_spec.rb +0 -123
  284. data/spec/version/version_spec.rb +0 -15
@@ -1,64 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_support/core_ext/string'
3
- require 'doorkeeper/oauth/helpers/scope_checker'
4
- require 'doorkeeper/oauth/scopes'
5
-
6
- module Doorkeeper::OAuth::Helpers
7
- describe ScopeChecker, '.valid?' do
8
- let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
9
-
10
- it 'is valid if scope is present' do
11
- server_scopes.add :scope
12
- expect(ScopeChecker.valid?('scope', server_scopes)).to be_truthy
13
- end
14
-
15
- it 'is invalid if includes tabs space' do
16
- expect(ScopeChecker.valid?("\tsomething", server_scopes)).to be_falsey
17
- end
18
-
19
- it 'is invalid if scope is not present' do
20
- expect(ScopeChecker.valid?(nil, server_scopes)).to be_falsey
21
- end
22
-
23
- it 'is invalid if scope is blank' do
24
- expect(ScopeChecker.valid?(' ', server_scopes)).to be_falsey
25
- end
26
-
27
- it 'is invalid if includes return space' do
28
- expect(ScopeChecker.valid?("scope\r", server_scopes)).to be_falsey
29
- end
30
-
31
- it 'is invalid if includes new lines' do
32
- expect(ScopeChecker.valid?("scope\nanother", server_scopes)).to be_falsey
33
- end
34
-
35
- it 'is invalid if any scope is not included in server scopes' do
36
- expect(ScopeChecker.valid?('scope another', server_scopes)).to be_falsey
37
- end
38
-
39
- context 'with application_scopes' do
40
- let(:server_scopes) do
41
- Doorkeeper::OAuth::Scopes.from_string 'common svr'
42
- end
43
- let(:application_scopes) do
44
- Doorkeeper::OAuth::Scopes.from_string 'app123'
45
- end
46
-
47
- it 'is valid if scope is included in the application scope list' do
48
- expect(ScopeChecker.valid?(
49
- 'app123',
50
- server_scopes,
51
- application_scopes
52
- )).to be_truthy
53
- end
54
-
55
- it 'is invalid if any scope is not included in the application' do
56
- expect(ScopeChecker.valid?(
57
- 'svr',
58
- server_scopes,
59
- application_scopes
60
- )).to be_falsey
61
- end
62
- end
63
- end
64
- end
@@ -1,20 +0,0 @@
1
- require 'spec_helper'
2
- require 'doorkeeper/oauth/helpers/unique_token'
3
-
4
- module Doorkeeper::OAuth::Helpers
5
- describe UniqueToken do
6
- let :generator do
7
- ->(size) { 'a' * size }
8
- end
9
-
10
- it 'is able to customize the generator method' do
11
- token = UniqueToken.generate(generator: generator)
12
- expect(token).to eq('a' * 32)
13
- end
14
-
15
- it 'is able to customize the size of the token' do
16
- token = UniqueToken.generate(generator: generator, size: 2)
17
- expect(token).to eq('aa')
18
- end
19
- end
20
- end
@@ -1,213 +0,0 @@
1
- require 'spec_helper'
2
- require 'uri'
3
- require 'doorkeeper/oauth/helpers/uri_checker'
4
-
5
- module Doorkeeper::OAuth::Helpers
6
- describe URIChecker do
7
- describe '.valid?' do
8
- it 'is valid for valid uris' do
9
- uri = 'http://app.co'
10
- expect(URIChecker.valid?(uri)).to be_truthy
11
- end
12
-
13
- it 'is valid if include path param' do
14
- uri = 'http://app.co/path'
15
- expect(URIChecker.valid?(uri)).to be_truthy
16
- end
17
-
18
- it 'is valid if include query param' do
19
- uri = 'http://app.co/?query=1'
20
- expect(URIChecker.valid?(uri)).to be_truthy
21
- end
22
-
23
- it 'is invalid if uri includes fragment' do
24
- uri = 'http://app.co/test#fragment'
25
- expect(URIChecker.valid?(uri)).to be_falsey
26
- end
27
-
28
- it 'is invalid if scheme is missing' do
29
- uri = 'app.co'
30
- expect(URIChecker.valid?(uri)).to be_falsey
31
- end
32
-
33
- it 'is invalid if is a relative uri' do
34
- uri = '/abc/123'
35
- expect(URIChecker.valid?(uri)).to be_falsey
36
- end
37
-
38
- it 'is invalid if is not a url' do
39
- uri = 'http://'
40
- expect(URIChecker.valid?(uri)).to be_falsey
41
- end
42
-
43
- it 'is invalid if is not an uri' do
44
- uri = ' '
45
- expect(URIChecker.valid?(uri)).to be_falsey
46
- end
47
- end
48
-
49
- describe '.matches?' do
50
- it 'is true if both url matches' do
51
- uri = client_uri = 'http://app.co/aaa'
52
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
53
- end
54
-
55
- it 'ignores query parameter on comparsion' do
56
- uri = 'http://app.co/?query=hello'
57
- client_uri = 'http://app.co'
58
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
59
- end
60
-
61
- it 'doesn\'t allow non-matching domains through' do
62
- uri = 'http://app.abc/?query=hello'
63
- client_uri = 'http://app.co'
64
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
65
- end
66
-
67
- it 'doesn\'t allow non-matching domains that don\'t start at the beginning' do
68
- uri = 'http://app.co/?query=hello'
69
- client_uri = 'http://example.com?app.co=test'
70
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
71
- end
72
-
73
- context "client registered query params" do
74
- it "doesn't allow query being absent" do
75
- uri = 'http://app.co'
76
- client_uri = 'http://app.co/?vendorId=AJ4L7XXW9'
77
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
78
- end
79
-
80
- it "is false if query values differ but key same" do
81
- uri = 'http://app.co/?vendorId=pancakes'
82
- client_uri = 'http://app.co/?vendorId=waffles'
83
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
84
- end
85
-
86
- it "is false if query values same but key differs" do
87
- uri = 'http://app.co/?foo=pancakes'
88
- client_uri = 'http://app.co/?bar=pancakes'
89
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
90
- end
91
-
92
- it "is false if query present and match, but unknown queries present" do
93
- uri = 'http://app.co/?vendorId=pancakes&unknown=query'
94
- client_uri = 'http://app.co/?vendorId=waffles'
95
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
96
- end
97
-
98
- it "is true if queries are present and matche" do
99
- uri = 'http://app.co/?vendorId=AJ4L7XXW9&foo=bar'
100
- client_uri = 'http://app.co/?vendorId=AJ4L7XXW9&foo=bar'
101
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
102
- end
103
-
104
- it "is true if queries are present, match and in different order" do
105
- uri = 'http://app.co/?bing=bang&foo=bar'
106
- client_uri = 'http://app.co/?foo=bar&bing=bang'
107
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
108
- end
109
- end
110
- end
111
-
112
- describe '.valid_for_authorization?' do
113
- it 'is true if valid and matches' do
114
- uri = client_uri = 'http://app.co/aaa'
115
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
116
- end
117
-
118
- it 'is false if valid and mismatches' do
119
- uri = 'http://app.co/aaa'
120
- client_uri = 'http://app.co/bbb'
121
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
122
- end
123
-
124
- it 'is true if valid and included in array' do
125
- uri = 'http://app.co/aaa'
126
- client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
127
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
128
- end
129
-
130
- it 'is false if valid and not included in array' do
131
- uri = 'http://app.co/aaa'
132
- client_uri = "http://example.com/bbb\nhttp://app.co/cc"
133
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
134
- end
135
-
136
- it 'is true if valid and matches' do
137
- uri = client_uri = 'http://app.co/aaa'
138
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be true
139
- end
140
-
141
- it 'is false if invalid' do
142
- uri = 'http://app.co/aaa?pankcakes=abc'
143
- client_uri = 'http://app.co/aaa?waffles=abc'
144
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false
145
- end
146
-
147
- it 'calls .matches?' do
148
- uri = 'http://app.co/aaa?pankcakes=abc'
149
- client_uri = 'http://app.co/aaa?waffles=abc'
150
- expect(URIChecker).to receive(:matches?).with(uri, client_uri).once
151
- URIChecker.valid_for_authorization?(uri, client_uri)
152
- end
153
-
154
- it 'calls .valid?' do
155
- uri = 'http://app.co/aaa?pankcakes=abc'
156
- client_uri = 'http://app.co/aaa?waffles=abc'
157
- expect(URIChecker).to receive(:valid?).with(uri).once
158
- URIChecker.valid_for_authorization?(uri, client_uri)
159
- end
160
- end
161
-
162
- describe '.query_matches?' do
163
- it 'is true if no queries' do
164
- expect(URIChecker.query_matches?('', '')).to be_truthy
165
- expect(URIChecker.query_matches?(nil, nil)).to be_truthy
166
- end
167
-
168
- it 'is true if same query' do
169
- expect(URIChecker.query_matches?('foo', 'foo')).to be_truthy
170
- end
171
-
172
- it 'is false if different query' do
173
- expect(URIChecker.query_matches?('foo', 'bar')).to be_falsey
174
- end
175
-
176
- it 'is true if same queries' do
177
- expect(URIChecker.query_matches?('foo&bar', 'foo&bar')).to be_truthy
178
- end
179
-
180
- it 'is true if same queries, different order' do
181
- expect(URIChecker.query_matches?('foo&bar', 'bar&foo')).to be_truthy
182
- end
183
-
184
- it 'is false if one different query' do
185
- expect(URIChecker.query_matches?('foo&bang', 'foo&bing')).to be_falsey
186
- end
187
-
188
- it 'is true if same query with same value' do
189
- expect(URIChecker.query_matches?('foo=bar', 'foo=bar')).to be_truthy
190
- end
191
-
192
- it 'is true if same queries with same values' do
193
- expect(URIChecker.query_matches?('foo=bar&bing=bang', 'foo=bar&bing=bang')).to be_truthy
194
- end
195
-
196
- it 'is true if same queries with same values, different order' do
197
- expect(URIChecker.query_matches?('foo=bar&bing=bang', 'bing=bang&foo=bar')).to be_truthy
198
- end
199
-
200
- it 'is false if same query with different value' do
201
- expect(URIChecker.query_matches?('foo=bar', 'foo=bang')).to be_falsey
202
- end
203
-
204
- it 'is false if some queries missing' do
205
- expect(URIChecker.query_matches?('foo=bar', 'foo=bar&bing=bang')).to be_falsey
206
- end
207
-
208
- it 'is false if some queries different value' do
209
- expect(URIChecker.query_matches?('foo=bar&bing=bang', 'foo=bar&bing=banana')).to be_falsey
210
- end
211
- end
212
- end
213
- end
@@ -1,56 +0,0 @@
1
- require 'spec_helper'
2
- require 'active_model'
3
- require 'doorkeeper'
4
- require 'doorkeeper/oauth/invalid_token_response'
5
-
6
- module Doorkeeper::OAuth
7
- describe InvalidTokenResponse do
8
- describe "#name" do
9
- it { expect(subject.name).to eq(:invalid_token) }
10
- end
11
-
12
- describe "#status" do
13
- it { expect(subject.status).to eq(:unauthorized) }
14
- end
15
-
16
- describe :from_access_token do
17
- let(:response) { InvalidTokenResponse.from_access_token(access_token) }
18
-
19
- context "revoked" do
20
- let(:access_token) { double(revoked?: true, expired?: true) }
21
-
22
- it "sets a description" do
23
- expect(response.description).to include("revoked")
24
- end
25
-
26
- it "sets the reason" do
27
- expect(response.reason).to eq(:revoked)
28
- end
29
- end
30
-
31
- context "expired" do
32
- let(:access_token) { double(revoked?: false, expired?: true) }
33
-
34
- it "sets a description" do
35
- expect(response.description).to include("expired")
36
- end
37
-
38
- it "sets the reason" do
39
- expect(response.reason).to eq(:expired)
40
- end
41
- end
42
-
43
- context "unknown" do
44
- let(:access_token) { double(revoked?: false, expired?: false) }
45
-
46
- it "sets a description" do
47
- expect(response.description).to include("invalid")
48
- end
49
-
50
- it "sets the reason" do
51
- expect(response.reason).to eq(:unknown)
52
- end
53
- end
54
- end
55
- end
56
- end
@@ -1,96 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- module Doorkeeper::OAuth
4
- describe PasswordAccessTokenRequest do
5
- let(:server) do
6
- double(
7
- :server,
8
- default_scopes: Doorkeeper::OAuth::Scopes.new,
9
- access_token_expires_in: 2.hours,
10
- refresh_token_enabled?: false,
11
- custom_access_token_expires_in: ->(_app) { nil }
12
- )
13
- end
14
- let(:client) { FactoryBot.create(:application) }
15
- let(:owner) { double :owner, id: 99 }
16
-
17
- subject do
18
- PasswordAccessTokenRequest.new(server, client, owner)
19
- end
20
-
21
- it 'issues a new token for the client' do
22
- expect do
23
- subject.authorize
24
- end.to change { client.reload.access_tokens.count }.by(1)
25
- end
26
-
27
- it 'issues a new token without a client' do
28
- expect do
29
- subject.client = nil
30
- subject.authorize
31
- end.to change { Doorkeeper::AccessToken.count }.by(1)
32
- end
33
-
34
- it 'does not issue a new token with an invalid client' do
35
- expect do
36
- subject.client = nil
37
- subject.parameters = { client_id: 'bad_id' }
38
- subject.authorize
39
- end.to_not change { Doorkeeper::AccessToken.count }
40
-
41
- expect(subject.error).to eq(:invalid_client)
42
- end
43
-
44
- it 'requires the owner' do
45
- subject.resource_owner = nil
46
- subject.validate
47
- expect(subject.error).to eq(:invalid_grant)
48
- end
49
-
50
- it 'optionally accepts the client' do
51
- subject.client = nil
52
- expect(subject).to be_valid
53
- end
54
-
55
- it 'creates token even when there is already one (default)' do
56
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
57
- expect do
58
- subject.authorize
59
- end.to change { Doorkeeper::AccessToken.count }.by(1)
60
- end
61
-
62
- it 'skips token creation if there is already one' do
63
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
64
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
65
- expect do
66
- subject.authorize
67
- end.to_not change { Doorkeeper::AccessToken.count }
68
- end
69
-
70
- it "calls configured request callback methods" do
71
- expect(Doorkeeper.configuration.before_successful_strategy_response).to receive(:call).with(subject).once
72
- expect(Doorkeeper.configuration.after_successful_strategy_response).to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
73
- subject.authorize
74
- end
75
-
76
- describe 'with scopes' do
77
- subject do
78
- PasswordAccessTokenRequest.new(server, client, owner, scope: 'public')
79
- end
80
-
81
- it 'validates the current scope' do
82
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('another'))
83
- subject.validate
84
- expect(subject.error).to eq(:invalid_scope)
85
- end
86
-
87
- it 'creates the token with scopes' do
88
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public'))
89
- expect do
90
- subject.authorize
91
- end.to change { Doorkeeper::AccessToken.count }.by(1)
92
- expect(Doorkeeper::AccessToken.last.scopes).to include('public')
93
- end
94
- end
95
- end
96
- end
@@ -1,155 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- module Doorkeeper::OAuth
4
- describe PreAuthorization do
5
- let(:server) {
6
- server = Doorkeeper.configuration
7
- allow(server).to receive(:default_scopes).and_return(Scopes.new)
8
- allow(server).to receive(:scopes).and_return(Scopes.from_string('public profile'))
9
- server
10
- }
11
-
12
- let(:application) do
13
- application = double :application
14
- allow(application).to receive(:scopes).and_return(Scopes.from_string(''))
15
- application
16
- end
17
-
18
- let(:client) do
19
- double :client, redirect_uri: 'http://tst.com/auth', application: application
20
- end
21
-
22
- let :attributes do
23
- {
24
- response_type: 'code',
25
- redirect_uri: 'http://tst.com/auth',
26
- state: 'save-this'
27
- }
28
- end
29
-
30
- subject do
31
- PreAuthorization.new(server, client, attributes)
32
- end
33
-
34
- it 'is authorizable when request is valid' do
35
- expect(subject).to be_authorizable
36
- end
37
-
38
- it 'accepts code as response type' do
39
- subject.response_type = 'code'
40
- expect(subject).to be_authorizable
41
- end
42
-
43
- it 'accepts token as response type' do
44
- allow(server).to receive(:grant_flows).and_return(['implicit'])
45
- subject.response_type = 'token'
46
- expect(subject).to be_authorizable
47
- end
48
-
49
- context 'when using default grant flows' do
50
- it 'accepts "code" as response type' do
51
- subject.response_type = 'code'
52
- expect(subject).to be_authorizable
53
- end
54
-
55
- it 'accepts "token" as response type' do
56
- allow(server).to receive(:grant_flows).and_return(['implicit'])
57
- subject.response_type = 'token'
58
- expect(subject).to be_authorizable
59
- end
60
- end
61
-
62
- context 'when authorization code grant flow is disabled' do
63
- before do
64
- allow(server).to receive(:grant_flows).and_return(['implicit'])
65
- end
66
-
67
- it 'does not accept "code" as response type' do
68
- subject.response_type = 'code'
69
- expect(subject).not_to be_authorizable
70
- end
71
- end
72
-
73
- context 'when implicit grant flow is disabled' do
74
- before do
75
- allow(server).to receive(:grant_flows).and_return(['authorization_code'])
76
- end
77
-
78
- it 'does not accept "token" as response type' do
79
- subject.response_type = 'token'
80
- expect(subject).not_to be_authorizable
81
- end
82
- end
83
-
84
- context 'client application does not restrict valid scopes' do
85
- it 'accepts valid scopes' do
86
- subject.scope = 'public'
87
- expect(subject).to be_authorizable
88
- end
89
-
90
- it 'rejects (globally) non-valid scopes' do
91
- subject.scope = 'invalid'
92
- expect(subject).not_to be_authorizable
93
- end
94
- end
95
-
96
- context 'client application restricts valid scopes' do
97
- let(:application) do
98
- application = double :application
99
- allow(application).to receive(:scopes).and_return(Scopes.from_string('public nonsense'))
100
- application
101
- end
102
-
103
- it 'accepts valid scopes' do
104
- subject.scope = 'public'
105
- expect(subject).to be_authorizable
106
- end
107
-
108
- it 'rejects (globally) non-valid scopes' do
109
- subject.scope = 'invalid'
110
- expect(subject).not_to be_authorizable
111
- end
112
-
113
- it 'rejects (application level) non-valid scopes' do
114
- subject.scope = 'profile'
115
- expect(subject).to_not be_authorizable
116
- end
117
- end
118
-
119
- it 'uses default scopes when none is required' do
120
- allow(server).to receive(:default_scopes).and_return(Scopes.from_string('default'))
121
- subject.scope = nil
122
- expect(subject.scope).to eq('default')
123
- expect(subject.scopes).to eq(Scopes.from_string('default'))
124
- end
125
-
126
- it 'accepts test uri' do
127
- subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
128
- expect(subject).to be_authorizable
129
- end
130
-
131
- it 'matches the redirect uri against client\'s one' do
132
- subject.redirect_uri = 'http://nothesame.com'
133
- expect(subject).not_to be_authorizable
134
- end
135
-
136
- it 'stores the state' do
137
- expect(subject.state).to eq('save-this')
138
- end
139
-
140
- it 'rejects if response type is not allowed' do
141
- subject.response_type = 'whops'
142
- expect(subject).not_to be_authorizable
143
- end
144
-
145
- it 'requires an existing client' do
146
- subject.client = nil
147
- expect(subject).not_to be_authorizable
148
- end
149
-
150
- it 'requires a redirect uri' do
151
- subject.redirect_uri = nil
152
- expect(subject).not_to be_authorizable
153
- end
154
- end
155
- end