doorkeeper 4.4.3 → 5.0.0.rc1

data/spec/requests/flows/revoke_token_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe 'Revoke Token Flow' do
   before do
@@ -24,7 +24,7 @@ describe 'Revoke Token Flow' do
       end
 
       it 'should revoke the access token provided' do
-        post revocation_token_endpoint_url, { token: access_token.token }, headers
+        post revocation_token_endpoint_url, params: { token: access_token.token }, headers: headers
 
         access_token.reload
 
@@ -33,7 +33,7 @@ describe 'Revoke Token Flow' do
       end
 
       it 'should revoke the refresh token provided' do
-        post revocation_token_endpoint_url, { token: access_token.refresh_token }, headers
+        post revocation_token_endpoint_url, params: { token: access_token.refresh_token }, headers: headers
 
         access_token.reload
 
@@ -44,7 +44,7 @@ describe 'Revoke Token Flow' do
       context 'with invalid token to revoke' do
         it 'should not revoke any tokens and respond successfully' do
           num_prev_revoked_tokens = Doorkeeper::AccessToken.where(revoked_at: nil).count
-          post revocation_token_endpoint_url, { token: 'I_AM_AN_INVALID_TOKEN' }, headers
+          post revocation_token_endpoint_url, params: { token: 'I_AM_AN_INVALID_TOKEN' }, headers: headers
 
           # The authorization server responds with HTTP status code 200 even if
           # token is invalid
@@ -60,7 +60,7 @@ describe 'Revoke Token Flow' do
           { 'HTTP_AUTHORIZATION' => "Basic #{credentials}" }
         end
         it 'should not revoke any tokens and respond successfully' do
-          post revocation_token_endpoint_url, { token: access_token.token }, headers
+          post revocation_token_endpoint_url, params: { token: access_token.token }, headers: headers
 
           access_token.reload
 
@@ -71,7 +71,7 @@ describe 'Revoke Token Flow' do
 
       context 'with no credentials and a valid token' do
         it 'should not revoke any tokens and respond successfully' do
-          post revocation_token_endpoint_url, { token: access_token.token }
+          post revocation_token_endpoint_url, params: { token: access_token.token }
 
           access_token.reload
 
@@ -90,7 +90,7 @@ describe 'Revoke Token Flow' do
         end
 
         it 'should not revoke the token as its unauthorized' do
-          post revocation_token_endpoint_url, { token: access_token.token }, headers
+          post revocation_token_endpoint_url, params: { token: access_token.token }, headers: headers
 
           access_token.reload
 
@@ -109,7 +109,7 @@ describe 'Revoke Token Flow' do
       end
 
       it 'should revoke the access token provided' do
-        post revocation_token_endpoint_url, { token: access_token.token }
+        post revocation_token_endpoint_url, params: { token: access_token.token }
 
         access_token.reload
 
@@ -118,7 +118,7 @@ describe 'Revoke Token Flow' do
       end
 
       it 'should revoke the refresh token provided' do
-        post revocation_token_endpoint_url, { token: access_token.refresh_token }
+        post revocation_token_endpoint_url, params: { token: access_token.refresh_token }
 
         access_token.reload
 
@@ -135,7 +135,7 @@ describe 'Revoke Token Flow' do
         end
 
         it 'should not revoke the access token provided' do
-          post revocation_token_endpoint_url, { token: access_token.token }
+          post revocation_token_endpoint_url, params: { token: access_token.token }
 
           access_token.reload
 
@@ -144,7 +144,7 @@ describe 'Revoke Token Flow' do
         end
 
         it 'should not revoke the refresh token provided' do
-          post revocation_token_endpoint_url, { token: access_token.token }
+          post revocation_token_endpoint_url, params: { token: access_token.token }
 
           access_token.reload
 

data/spec/requests/flows/skip_authorization_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 feature 'Skip authorization form' do
   background do
@@ -15,13 +15,24 @@ feature 'Skip authorization form' do
     end
 
     scenario 'skips the authorization and return a new grant code' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public')
-      visit authorization_endpoint_url(client: @client)
+      client_is_authorized(@client, @resource_owner, scopes: "public")
+      visit authorization_endpoint_url(client: @client, scope: "public")
+
+      i_should_not_see "Authorize"
+      client_should_be_authorized @client
+      i_should_be_on_client_callback @client
+      url_should_have_param "code", Doorkeeper::AccessGrant.first.token
+    end
+
+    scenario "skips the authorization if other scopes are not requested" do
+      client_exists scopes: "public read write"
+      client_is_authorized(@client, @resource_owner, scopes: "public")
+      visit authorization_endpoint_url(client: @client, scope: "public")
 
-      i_should_not_see 'Authorize'
+      i_should_not_see "Authorize"
       client_should_be_authorized @client
       i_should_be_on_client_callback @client
-      url_should_have_param 'code', Doorkeeper::AccessGrant.first.token
+      url_should_have_param "code", Doorkeeper::AccessGrant.first.token
     end
 
     scenario 'does not skip authorization when scopes differ (new request has fewer scopes)' do
@@ -43,12 +54,6 @@ feature 'Skip authorization form' do
       access_grant_should_have_scopes :public
     end
 
-    scenario 'doesn not skip authorization when scopes are greater' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public')
-      visit authorization_endpoint_url(client: @client, scope: 'public write')
-      i_should_see 'Authorize'
-    end
-
     scenario 'creates grant with new scope when scopes are greater' do
       client_is_authorized(@client, @resource_owner, scopes: 'public')
       visit authorization_endpoint_url(client: @client, scope: 'public write')

data/spec/requests/protected_resources/metal_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe 'ActionController::Metal API' do
   before do

data/spec/requests/protected_resources/private_api_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 feature 'Private API' do
   background do

data/spec/routing/custom_controller_routes_spec.rb

@@ -1,27 +1,79 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe 'Custom controller for routes' do
-  it 'GET /space/scope/authorize routes to custom authorizations controller' do
+  before :all do
+    Rails.application.routes.disable_clear_and_finalize = true
+
+    Rails.application.routes.draw do
+      scope 'inner_space' do
+        use_doorkeeper scope: 'scope' do
+          controllers authorizations: 'custom_authorizations',
+                      tokens: 'custom_authorizations',
+                      applications: 'custom_authorizations',
+                      token_info: 'custom_authorizations'
+
+          as authorizations: 'custom_auth',
+             tokens: 'custom_token',
+             token_info: 'custom_token_info'
+        end
+      end
+
+      scope 'space' do
+        use_doorkeeper do
+          controllers authorizations: 'custom_authorizations',
+                      tokens: 'custom_authorizations',
+                      applications: 'custom_authorizations',
+                      token_info: 'custom_authorizations'
+
+          as authorizations: 'custom_auth',
+             tokens: 'custom_token',
+             token_info: 'custom_token_info'
+        end
+      end
+
+      scope 'outer_space' do
+        use_doorkeeper do
+          controllers authorizations: 'custom_authorizations',
+                      tokens: 'custom_authorizations',
+                      token_info: 'custom_authorizations'
+
+          as authorizations: 'custom_auth',
+             tokens: 'custom_token',
+             token_info: 'custom_token_info'
+
+          skip_controllers :tokens, :applications, :token_info
+        end
+      end
+    end
+  end
+
+  after :all do
+    Rails.application.routes.clear!
+
+    load File.expand_path('../dummy/config/routes.rb', __dir__)
+  end
+
+  it 'GET /inner_space/scope/authorize routes to custom authorizations controller' do
     expect(get('/inner_space/scope/authorize')).to route_to('custom_authorizations#new')
   end
 
-  it 'POST /space/scope/authorize routes to custom authorizations controller' do
+  it 'POST /inner_space/scope/authorize routes to custom authorizations controller' do
     expect(post('/inner_space/scope/authorize')).to route_to('custom_authorizations#create')
   end
 
-  it 'DELETE /space/scope/authorize routes to custom authorizations controller' do
+  it 'DELETE /inner_space/scope/authorize routes to custom authorizations controller' do
     expect(delete('/inner_space/scope/authorize')).to route_to('custom_authorizations#destroy')
   end
 
-  it 'POST /space/scope/token routes to tokens controller' do
+  it 'POST /inner_space/scope/token routes to tokens controller' do
     expect(post('/inner_space/scope/token')).to route_to('custom_authorizations#create')
   end
 
-  it 'GET /space/scope/applications routes to applications controller' do
+  it 'GET /inner_space/scope/applications routes to applications controller' do
     expect(get('/inner_space/scope/applications')).to route_to('custom_authorizations#index')
   end
 
-  it 'GET /space/scope/token/info routes to the token_info controller' do
+  it 'GET /inner_space/scope/token/info routes to the token_info controller' do
     expect(get('/inner_space/scope/token/info')).to route_to('custom_authorizations#show')
   end
 

data/spec/routing/default_routes_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe 'Default routes' do
   it 'GET /oauth/authorize routes to authorizations controller' do
@@ -33,7 +33,7 @@ describe 'Default routes' do
     expect(get('/oauth/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
   end
 
-  it 'GET /oauth/token/info route to authorized tokeninfo controller' do
+  it 'GET /oauth/token/info route to authorized TokenInfo controller' do
     expect(get('/oauth/token/info')).to route_to('doorkeeper/token_info#show')
   end
 end

data/spec/routing/scoped_routes_spec.rb

@@ -1,6 +1,20 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe 'Scoped routes' do
+  before :all do
+    Rails.application.routes.disable_clear_and_finalize = true
+
+    Rails.application.routes.draw do
+      use_doorkeeper scope: 'scope'
+    end
+  end
+
+  after :all do
+    Rails.application.routes.clear!
+
+    load File.expand_path('../dummy/config/routes.rb', __dir__)
+  end
+
   it 'GET /scope/authorize routes to authorizations controller' do
     expect(get('/scope/authorize')).to route_to('doorkeeper/authorizations#new')
   end
@@ -25,7 +39,7 @@ describe 'Scoped routes' do
     expect(get('/scope/authorized_applications')).to route_to('doorkeeper/authorized_applications#index')
   end
 
-  it 'GET /scope/token/info route to authorzed tokeninfo controller' do
+  it 'GET /scope/token/info route to authorized TokenInfo controller' do
     expect(get('/scope/token/info')).to route_to('doorkeeper/token_info#show')
   end
 end

data/spec/spec_helper.rb

@@ -1,4 +1,55 @@
-$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../lib'))
-$LOAD_PATH.unshift File.expand_path(File.join(File.dirname(__FILE__), '../app'))
+require 'coveralls'
 
-require 'doorkeeper'
+Coveralls.wear!('rails') do
+  add_filter('/spec/')
+  add_filter('/lib/generators/doorkeeper/templates/')
+end
+
+ENV['RAILS_ENV'] ||= 'test'
+
+$LOAD_PATH.unshift File.dirname(__FILE__)
+
+require "#{File.dirname(__FILE__)}/support/doorkeeper_rspec.rb"
+
+DOORKEEPER_ORM = Doorkeeper::RSpec.detect_orm
+
+require 'dummy/config/environment'
+require 'rspec/rails'
+require 'capybara/rspec'
+require 'database_cleaner'
+require 'generator_spec/test_case'
+
+# Load JRuby SQLite3 if in that platform
+if defined? JRUBY_VERSION
+  require 'jdbc/sqlite3'
+  Jdbc::SQLite3.load_driver
+end
+
+Doorkeeper::RSpec.print_configuration_info
+
+# Remove after dropping support of Rails 4.2
+require "#{File.dirname(__FILE__)}/support/http_method_shim.rb"
+
+require "support/orm/#{DOORKEEPER_ORM}"
+
+Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |file| require file }
+
+RSpec.configure do |config|
+  config.infer_spec_type_from_file_location!
+  config.mock_with :rspec
+
+  config.infer_base_class_for_anonymous_controllers = false
+
+  config.include RSpec::Rails::RequestExampleGroup, type: :request
+
+  config.before do
+    DatabaseCleaner.start
+    Doorkeeper.configure { orm DOORKEEPER_ORM }
+  end
+
+  config.after do
+    DatabaseCleaner.clean
+  end
+
+  config.order = 'random'
+end

data/spec/spec_helper_integration.rb

@@ -1,74 +1,2 @@
-if ENV['TRAVIS']
-  require 'coveralls'
-
-  Coveralls.wear!('rails') do
-    add_filter('/spec/')
-    add_filter('/lib/generators/doorkeeper/templates/')
-  end
-else
-  require 'simplecov'
-
-  SimpleCov.start do
-    add_filter('/spec/')
-    add_filter('/lib/generators/doorkeeper/templates/')
-  end
-end
-
-ENV['RAILS_ENV'] ||= 'test'
-TABLE_NAME_PREFIX = ENV['table_name_prefix'] || nil
-TABLE_NAME_SUFFIX = ENV['table_name_suffix'] || nil
-
-orm = (ENV['BUNDLE_GEMFILE'] || '').match(/Gemfile\.(.+)\.rb/)
-DOORKEEPER_ORM = (orm && orm[1] || :active_record).to_sym
-
-$LOAD_PATH.unshift File.dirname(__FILE__)
-
-require 'capybara/rspec'
-require 'dummy/config/environment'
-require 'rspec/rails'
-require 'generator_spec/test_case'
-require 'database_cleaner'
-
-# Load JRuby SQLite3 if in that platform
-begin
-  require 'jdbc/sqlite3'
-  Jdbc::SQLite3.load_driver
-rescue LoadError
-end
-
-Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm}"
-if Doorkeeper.configuration.orm == :active_record
-  Rails.logger.info "======> active_record.table_name_prefix = #{Rails.configuration.active_record.table_name_prefix}"
-  Rails.logger.info "======> active_record.table_name_suffix = #{Rails.configuration.active_record.table_name_suffix}"
-end
-Rails.logger.info "====> Rails version: #{Rails.version}"
-Rails.logger.info "====> Ruby version: #{RUBY_VERSION}"
-
-require "support/orm/#{DOORKEEPER_ORM}"
-
-ENGINE_RAILS_ROOT = File.join(File.dirname(__FILE__), '../')
-
-Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |f| require f }
-
-# Remove after dropping support of Rails 4.2
-require "#{File.dirname(__FILE__)}/support/http_method_shim.rb"
-
-RSpec.configure do |config|
-  config.infer_spec_type_from_file_location!
-  config.mock_with :rspec
-
-  config.infer_base_class_for_anonymous_controllers = false
-
-  config.include RSpec::Rails::RequestExampleGroup, type: :request
-
-  config.before do
-    DatabaseCleaner.start
-    Doorkeeper.configure { orm DOORKEEPER_ORM }
-  end
-
-  config.after do
-    DatabaseCleaner.clean
-  end
-
-  config.order = 'random'
-end
+# For compatibility only
+require 'spec_helper'

data/spec/support/doorkeeper_rspec.rb

@@ -0,0 +1,19 @@
+module Doorkeeper
+  class RSpec
+    # Print's useful information about env: Ruby / Rails versions,
+    # Doorkeeper configuration, etc.
+    def self.print_configuration_info
+      puts <<-INFO.strip_heredoc
+        ====> Doorkeeper ORM = #{Doorkeeper.configuration.orm}
+        ====> Rails version: #{::Rails.version}
+        ====> Ruby version: #{RUBY_VERSION} on #{RUBY_PLATFORM}
+      INFO
+    end
+
+    # Tries to find ORM from the Gemfile used to run test suite
+    def self.detect_orm
+      orm = (ENV['BUNDLE_GEMFILE'] || '').match(/Gemfile\.(.+)\.rb/)
+      (orm && orm[1] || :active_record).to_sym
+    end
+  end
+end

data/spec/support/helpers/authorization_request_helper.rb

@@ -28,13 +28,13 @@ module AuthorizationRequestHelper
     expect(client.redirect_uri).to eq("#{current_uri.scheme}://#{current_uri.host}#{current_uri.path}")
   end
 
-  def allowing_forgery_protection(&block)
-    _original_value = ActionController::Base.allow_forgery_protection
+  def allowing_forgery_protection(&_block)
+    original_value = ActionController::Base.allow_forgery_protection
     ActionController::Base.allow_forgery_protection = true
 
-    block.call
+    yield
   ensure
-    ActionController::Base.allow_forgery_protection = _original_value
+    ActionController::Base.allow_forgery_protection = original_value
   end
 end
 

data/spec/support/helpers/request_spec_helper.rb

@@ -68,8 +68,8 @@ module RequestSpecHelper
     click_on 'Sign in'
   end
 
-  def create_access_token(authorization_code, client)
-    page.driver.post token_endpoint_url(code: authorization_code, client: client)
+  def create_access_token(authorization_code, client, code_verifier = nil)
+    page.driver.post token_endpoint_url(code: authorization_code, client: client, code_verifier: code_verifier)
   end
 
   def i_should_see_translated_error_message(key)

data/spec/support/helpers/url_helper.rb

@@ -5,8 +5,10 @@ module UrlHelper
       client_id: options[:client_id] || (options[:client] ? options[:client].uid : nil),
       client_secret: options[:client_secret] || (options[:client] ? options[:client].secret : nil),
       redirect_uri: options[:redirect_uri]  || (options[:client] ? options[:client].redirect_uri : nil),
-      grant_type: options[:grant_type] || 'authorization_code'
-    }
+      grant_type: options[:grant_type] || 'authorization_code',
+      code_verifier: options[:code_verifier],
+      code_challenge_method: options[:code_challenge_method]
+    }.reject { |_, v| v.blank? }
     "/oauth/token?#{build_query(parameters)}"
   end
 
@@ -29,7 +31,9 @@ module UrlHelper
       redirect_uri: options[:redirect_uri] || options[:client].redirect_uri,
       response_type: options[:response_type] || 'code',
       scope: options[:scope],
-      state: options[:state]
+      state: options[:state],
+      code_challenge: options[:code_challenge],
+      code_challenge_method: options[:code_challenge_method]
     }.reject { |_, v| v.blank? }
     "/oauth/authorize?#{build_query(parameters)}"
   end

data/spec/support/http_method_shim.rb

@@ -3,34 +3,30 @@
 # supported in Rails 5+. Since we support back to 4, we need some sort of shim
 # to avoid super noisy deprecations when running tests.
 module RoutingHTTPMethodShim
-  def get(path, params = {}, headers = nil)
-    super(path, params: params, headers: headers)
+  def get(path, **args)
+    super(path, args[:params], args[:headers])
   end
 
-  def post(path, params = {}, headers = nil)
-    super(path, params: params, headers: headers)
+  def post(path, **args)
+    super(path, args[:params], args[:headers])
   end
 
-  def put(path, params = {}, headers = nil)
-    super(path, params: params, headers: headers)
+  def put(path, **args)
+    super(path, args[:params], args[:headers])
   end
 end
 
 module ControllerHTTPMethodShim
-  def get(path, params = {})
-    super(path, params: params)
-  end
-
-  def post(path, params = {})
-    super(path, params: params)
-  end
+  def process(action, http_method = 'GET', **args)
+    if (as = args.delete(:as))
+      @request.headers['Content-Type'] = Mime[as].to_s
+    end
 
-  def put(path, params = {})
-    super(path, params: params)
+    super(action, http_method, args[:params], args[:session], args[:flash])
   end
 end
 
-if ::Rails::VERSION::MAJOR >= 5
+if ::Rails::VERSION::MAJOR < 5
   RSpec.configure do |config|
     config.include ControllerHTTPMethodShim, type: :controller
     config.include RoutingHTTPMethodShim, type: :request

data/spec/validators/redirect_uri_validator_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe RedirectUriValidator do
   subject do
@@ -87,8 +87,14 @@ describe RedirectUriValidator do
       application = FactoryBot.build(:application, redirect_uri: 'http://localhost/callback')
       expect(application).to be_valid
 
+      application = FactoryBot.build(:application, redirect_uri: 'https://test.com/callback')
+      expect(application).to be_valid
+
       application = FactoryBot.build(:application, redirect_uri: 'http://localhost2/callback')
       expect(application).not_to be_valid
+
+      application = FactoryBot.build(:application, redirect_uri: 'https://test.com/callback')
+      expect(application).to be_valid
     end
 
     it 'forbids redirect uri if required' do

data/spec/version/version_spec.rb

@@ -1,6 +1,6 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
-describe 'Doorkeeper version' do
+describe Doorkeeper::VERSION do
   context '#gem_version' do
     it 'returns Gem::Version instance' do
       expect(Doorkeeper.gem_version).to be_an_instance_of(Gem::Version)
@@ -9,7 +9,7 @@ describe 'Doorkeeper version' do
 
   context 'VERSION' do
     it 'returns gem version string' do
-      expect(Doorkeeper::VERSION::STRING).to match(/^\d+\.\d+\.\d+[.\w]?$/)
+      expect(Doorkeeper::VERSION::STRING).to match(/^\d+\.\d+\.\d+(\.\w+)?$/)
     end
   end
 end