doorkeeper 4.4.3 → 5.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.travis.yml +2 -0
- data/Appraisals +2 -2
- data/Gemfile +1 -1
- data/NEWS.md +36 -17
- data/README.md +85 -3
- data/Rakefile +6 -0
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +4 -3
- data/app/controllers/doorkeeper/application_metal_controller.rb +4 -0
- data/app/controllers/doorkeeper/applications_controller.rb +42 -22
- data/app/controllers/doorkeeper/authorizations_controller.rb +55 -12
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +15 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +12 -15
- data/app/helpers/doorkeeper/dashboard_helper.rb +7 -7
- data/app/validators/redirect_uri_validator.rb +3 -2
- data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
- data/app/views/doorkeeper/applications/_form.html.erb +25 -24
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +17 -7
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +6 -6
- data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +4 -0
- data/app/views/layouts/doorkeeper/admin.html.erb +15 -15
- data/config/locales/en.yml +9 -1
- data/doorkeeper.gemspec +0 -2
- data/gemfiles/rails_5_2.gemfile +1 -1
- data/lib/doorkeeper/config.rb +58 -35
- data/lib/doorkeeper/engine.rb +4 -0
- data/lib/doorkeeper/errors.rb +2 -5
- data/lib/doorkeeper/grape/helpers.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +7 -2
- data/lib/doorkeeper/models/access_grant_mixin.rb +56 -0
- data/lib/doorkeeper/models/access_token_mixin.rb +38 -21
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/code.rb +31 -8
- data/lib/doorkeeper/oauth/authorization/context.rb +15 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +23 -6
- data/lib/doorkeeper/oauth/authorization_code_request.rb +27 -2
- data/lib/doorkeeper/oauth/base_request.rb +18 -8
- data/lib/doorkeeper/oauth/client/credentials.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +6 -1
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +4 -2
- data/lib/doorkeeper/oauth/error_response.rb +11 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +0 -8
- data/lib/doorkeeper/oauth/password_access_token_request.rb +7 -4
- data/lib/doorkeeper/oauth/pre_authorization.rb +41 -11
- data/lib/doorkeeper/oauth/refresh_token_request.rb +6 -1
- data/lib/doorkeeper/oauth/scopes.rb +1 -1
- data/lib/doorkeeper/oauth/token.rb +5 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +2 -2
- data/lib/doorkeeper/oauth/token_response.rb +4 -2
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/application.rb +13 -16
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +26 -0
- data/lib/doorkeeper/orm/active_record.rb +2 -0
- data/lib/doorkeeper/rails/helpers.rb +2 -4
- data/lib/doorkeeper/rails/routes.rb +14 -6
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +6 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request.rb +28 -28
- data/lib/doorkeeper/version.rb +5 -25
- data/lib/doorkeeper.rb +4 -17
- data/lib/generators/doorkeeper/application_owner_generator.rb +23 -18
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +32 -0
- data/lib/generators/doorkeeper/install_generator.rb +17 -9
- data/lib/generators/doorkeeper/migration_generator.rb +23 -18
- data/lib/generators/doorkeeper/pkce_generator.rb +32 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +29 -24
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +6 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +60 -9
- data/lib/generators/doorkeeper/views_generator.rb +3 -1
- data/spec/controllers/application_metal_controller_spec.rb +50 -0
- data/spec/controllers/applications_controller_spec.rb +126 -13
- data/spec/controllers/authorizations_controller_spec.rb +252 -49
- data/spec/controllers/protected_resources_controller_spec.rb +16 -16
- data/spec/controllers/token_info_controller_spec.rb +4 -12
- data/spec/controllers/tokens_controller_spec.rb +19 -73
- data/spec/dummy/app/assets/config/manifest.js +2 -0
- data/spec/dummy/config/environments/test.rb +4 -5
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -4
- data/spec/dummy/config/initializers/new_framework_defaults.rb +4 -0
- data/spec/dummy/config/routes.rb +3 -42
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +6 -0
- data/spec/dummy/db/migrate/{20180210183654_add_confidential_to_application.rb → 20180210183654_add_confidential_to_applications.rb} +1 -1
- data/spec/dummy/db/schema.rb +36 -36
- data/spec/generators/application_owner_generator_spec.rb +1 -1
- data/spec/generators/confidential_applications_generator_spec.rb +45 -0
- data/spec/generators/install_generator_spec.rb +1 -1
- data/spec/generators/migration_generator_spec.rb +1 -1
- data/spec/generators/pkce_generator_spec.rb +43 -0
- data/spec/generators/previous_refresh_token_generator_spec.rb +1 -1
- data/spec/generators/views_generator_spec.rb +1 -1
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +51 -31
- data/spec/lib/doorkeeper_spec.rb +1 -126
- data/spec/lib/models/expirable_spec.rb +0 -3
- data/spec/lib/models/revocable_spec.rb +0 -2
- data/spec/lib/models/scopes_spec.rb +0 -4
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -4
- data/spec/lib/oauth/authorization_code_request_spec.rb +9 -2
- data/spec/lib/oauth/base_request_spec.rb +16 -2
- data/spec/lib/oauth/base_response_spec.rb +1 -1
- data/spec/lib/oauth/client/credentials_spec.rb +1 -3
- data/spec/lib/oauth/client_credentials/creator_spec.rb +5 -1
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +26 -7
- data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -3
- data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials_request_spec.rb +3 -5
- data/spec/lib/oauth/client_spec.rb +0 -3
- data/spec/lib/oauth/code_request_spec.rb +4 -2
- data/spec/lib/oauth/error_response_spec.rb +0 -3
- data/spec/lib/oauth/error_spec.rb +0 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +1 -4
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -3
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -1
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +5 -7
- data/spec/lib/oauth/invalid_token_response_spec.rb +1 -4
- data/spec/lib/oauth/password_access_token_request_spec.rb +37 -2
- data/spec/lib/oauth/pre_authorization_spec.rb +33 -4
- data/spec/lib/oauth/refresh_token_request_spec.rb +11 -7
- data/spec/lib/oauth/scopes_spec.rb +0 -3
- data/spec/lib/oauth/token_request_spec.rb +4 -5
- data/spec/lib/oauth/token_response_spec.rb +0 -1
- data/spec/lib/oauth/token_spec.rb +37 -14
- data/spec/lib/orm/active_record/stale_records_cleaner_spec.rb +79 -0
- data/spec/lib/request/strategy_spec.rb +0 -1
- data/spec/lib/server_spec.rb +1 -1
- data/spec/models/doorkeeper/access_grant_spec.rb +1 -1
- data/spec/models/doorkeeper/access_token_spec.rb +50 -16
- data/spec/models/doorkeeper/application_spec.rb +1 -47
- data/spec/requests/applications/applications_request_spec.rb +89 -1
- data/spec/requests/applications/authorized_applications_spec.rb +1 -1
- data/spec/requests/endpoints/authorization_spec.rb +1 -1
- data/spec/requests/endpoints/token_spec.rb +7 -5
- data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
- data/spec/requests/flows/authorization_code_spec.rb +198 -2
- data/spec/requests/flows/client_credentials_spec.rb +46 -6
- data/spec/requests/flows/implicit_grant_errors_spec.rb +1 -1
- data/spec/requests/flows/implicit_grant_spec.rb +38 -11
- data/spec/requests/flows/password_spec.rb +56 -2
- data/spec/requests/flows/refresh_token_spec.rb +2 -2
- data/spec/requests/flows/revoke_token_spec.rb +11 -11
- data/spec/requests/flows/skip_authorization_spec.rb +16 -11
- data/spec/requests/protected_resources/metal_spec.rb +1 -1
- data/spec/requests/protected_resources/private_api_spec.rb +1 -1
- data/spec/routing/custom_controller_routes_spec.rb +59 -7
- data/spec/routing/default_routes_spec.rb +2 -2
- data/spec/routing/scoped_routes_spec.rb +16 -2
- data/spec/spec_helper.rb +54 -3
- data/spec/spec_helper_integration.rb +2 -74
- data/spec/support/dependencies/{factory_girl.rb → factory_bot.rb} +0 -0
- data/spec/support/doorkeeper_rspec.rb +19 -0
- data/spec/support/helpers/authorization_request_helper.rb +4 -4
- data/spec/support/helpers/request_spec_helper.rb +2 -2
- data/spec/support/helpers/url_helper.rb +7 -3
- data/spec/support/http_method_shim.rb +12 -16
- data/spec/validators/redirect_uri_validator_spec.rb +7 -1
- data/spec/version/version_spec.rb +3 -3
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +33 -31
- data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +0 -31
- data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +0 -11
- data/spec/controllers/application_metal_controller.rb +0 -10
@@ -1,12 +1,9 @@
|
|
1
|
-
require '
|
1
|
+
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Doorkeeper::TokensController do
|
4
4
|
describe 'when authorization has succeeded' do
|
5
5
|
let(:token) { double(:token, authorize: true) }
|
6
6
|
|
7
|
-
before do
|
8
|
-
allow(controller).to receive(:token) { token }
|
9
|
-
end
|
10
7
|
|
11
8
|
it 'returns the authorization' do
|
12
9
|
skip 'verify need of these specs'
|
@@ -59,67 +56,15 @@ describe Doorkeeper::TokensController do
|
|
59
56
|
end
|
60
57
|
end
|
61
58
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
before(:each) do
|
68
|
-
allow(controller).to receive(:token) { access_token }
|
69
|
-
end
|
70
|
-
|
71
|
-
context 'when associated app is public' do
|
72
|
-
let(:client) { FactoryBot.create(:application, confidential: false) }
|
73
|
-
|
74
|
-
it 'returns 200' do
|
75
|
-
post :revoke
|
76
|
-
|
77
|
-
expect(response.status).to eq 200
|
78
|
-
end
|
79
|
-
|
80
|
-
it 'revokes the access token' do
|
81
|
-
post :revoke
|
82
|
-
|
83
|
-
expect(access_token.reload).to have_attributes(revoked?: true)
|
84
|
-
end
|
85
|
-
end
|
86
|
-
|
87
|
-
context 'when associated app is confidential' do
|
88
|
-
let(:client) { FactoryBot.create(:application, confidential: true) }
|
89
|
-
let(:oauth_client) { Doorkeeper::OAuth::Client.new(client) }
|
90
|
-
|
91
|
-
before(:each) do
|
92
|
-
allow_any_instance_of(Doorkeeper::Server).to receive(:client) { oauth_client }
|
93
|
-
end
|
94
|
-
|
95
|
-
it 'returns 200' do
|
96
|
-
post :revoke
|
97
|
-
|
98
|
-
expect(response.status).to eq 200
|
99
|
-
end
|
100
|
-
|
101
|
-
it 'revokes the access token' do
|
102
|
-
post :revoke
|
103
|
-
|
104
|
-
expect(access_token.reload).to have_attributes(revoked?: true)
|
105
|
-
end
|
106
|
-
|
107
|
-
context 'when authorization fails' do
|
108
|
-
let(:some_other_client) { FactoryBot.create(:application, confidential: true) }
|
109
|
-
let(:oauth_client) { Doorkeeper::OAuth::Client.new(some_other_client) }
|
110
|
-
|
111
|
-
it 'returns 200' do
|
112
|
-
post :revoke
|
113
|
-
|
114
|
-
expect(response.status).to eq 200
|
115
|
-
end
|
59
|
+
describe 'when revoke authorization has failed' do
|
60
|
+
# http://tools.ietf.org/html/rfc7009#section-2.2
|
61
|
+
it 'returns no error response' do
|
62
|
+
token = double(:token, authorize: false, application_id?: true)
|
63
|
+
allow(controller).to receive(:token) { token }
|
116
64
|
|
117
|
-
|
118
|
-
post :revoke
|
65
|
+
post :revoke
|
119
66
|
|
120
|
-
|
121
|
-
end
|
122
|
-
end
|
67
|
+
expect(response.status).to eq 200
|
123
68
|
end
|
124
69
|
end
|
125
70
|
|
@@ -129,7 +74,8 @@ describe Doorkeeper::TokensController do
|
|
129
74
|
expect(strategy).to receive(:authorize).once
|
130
75
|
allow(controller).to receive(:strategy) { strategy }
|
131
76
|
allow(controller).to receive(:create) do
|
132
|
-
controller.send :authorize_response
|
77
|
+
2.times { controller.send :authorize_response }
|
78
|
+
controller.render json: {}, status: :ok
|
133
79
|
end
|
134
80
|
|
135
81
|
post :create
|
@@ -144,7 +90,7 @@ describe Doorkeeper::TokensController do
|
|
144
90
|
it 'responds with full token introspection' do
|
145
91
|
request.headers['Authorization'] = "Bearer #{access_token.token}"
|
146
92
|
|
147
|
-
post :introspect, token: access_token.token
|
93
|
+
post :introspect, params: { token: access_token.token }
|
148
94
|
|
149
95
|
should_have_json 'active', true
|
150
96
|
expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
|
@@ -158,7 +104,7 @@ describe Doorkeeper::TokensController do
|
|
158
104
|
it 'responds with full token introspection' do
|
159
105
|
request.headers['Authorization'] = basic_auth_header_for_client(client)
|
160
106
|
|
161
|
-
post :introspect, token: access_token.token
|
107
|
+
post :introspect, params: { token: access_token.token }
|
162
108
|
|
163
109
|
should_have_json 'active', true
|
164
110
|
expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
|
@@ -173,7 +119,7 @@ describe Doorkeeper::TokensController do
|
|
173
119
|
it 'responds with full token introspection' do
|
174
120
|
request.headers['Authorization'] = basic_auth_header_for_client(client)
|
175
121
|
|
176
|
-
post :introspect, token: access_token.token
|
122
|
+
post :introspect, params: { token: access_token.token }
|
177
123
|
|
178
124
|
should_have_json 'active', true
|
179
125
|
expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
|
@@ -189,7 +135,7 @@ describe Doorkeeper::TokensController do
|
|
189
135
|
it 'responds with only active state' do
|
190
136
|
request.headers['Authorization'] = basic_auth_header_for_client(different_client)
|
191
137
|
|
192
|
-
post :introspect, token: access_token.token
|
138
|
+
post :introspect, params: { token: access_token.token }
|
193
139
|
|
194
140
|
expect(response).to be_successful
|
195
141
|
|
@@ -205,7 +151,7 @@ describe Doorkeeper::TokensController do
|
|
205
151
|
it 'responds with invalid_client error' do
|
206
152
|
request.headers['Authorization'] = basic_auth_header_for_client(client)
|
207
153
|
|
208
|
-
post :introspect, token: access_token.token
|
154
|
+
post :introspect, params: { token: access_token.token }
|
209
155
|
|
210
156
|
expect(response).not_to be_successful
|
211
157
|
response_status_should_be 401
|
@@ -222,7 +168,7 @@ describe Doorkeeper::TokensController do
|
|
222
168
|
it 'responds with only active state' do
|
223
169
|
request.headers['Authorization'] = basic_auth_header_for_client(client)
|
224
170
|
|
225
|
-
post :introspect, token: SecureRandom.hex(16)
|
171
|
+
post :introspect, params: { token: SecureRandom.hex(16) }
|
226
172
|
|
227
173
|
should_have_json 'active', false
|
228
174
|
expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
|
@@ -236,7 +182,7 @@ describe Doorkeeper::TokensController do
|
|
236
182
|
it 'responds with only active state' do
|
237
183
|
request.headers['Authorization'] = basic_auth_header_for_client(client)
|
238
184
|
|
239
|
-
post :introspect, token: access_token.token
|
185
|
+
post :introspect, params: { token: access_token.token }
|
240
186
|
|
241
187
|
should_have_json 'active', false
|
242
188
|
expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
|
@@ -250,7 +196,7 @@ describe Doorkeeper::TokensController do
|
|
250
196
|
it 'responds with only active state' do
|
251
197
|
request.headers['Authorization'] = basic_auth_header_for_client(client)
|
252
198
|
|
253
|
-
post :introspect, token: access_token.token
|
199
|
+
post :introspect, params: { token: access_token.token }
|
254
200
|
|
255
201
|
should_have_json 'active', false
|
256
202
|
expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
|
@@ -261,7 +207,7 @@ describe Doorkeeper::TokensController do
|
|
261
207
|
let(:access_token) { FactoryBot.create(:access_token) }
|
262
208
|
|
263
209
|
it 'responds with invalid_request error' do
|
264
|
-
post :introspect, token: access_token.token
|
210
|
+
post :introspect, params: { token: access_token.token }
|
265
211
|
|
266
212
|
expect(response).not_to be_successful
|
267
213
|
response_status_should_be 401
|
@@ -7,6 +7,10 @@ Dummy::Application.configure do
|
|
7
7
|
# and recreated between test runs. Don't rely on the data there!
|
8
8
|
config.cache_classes = true
|
9
9
|
|
10
|
+
config.assets.enabled = true
|
11
|
+
config.assets.version = '1.0'
|
12
|
+
config.assets.digest = false
|
13
|
+
|
10
14
|
# Do not eager load code on boot. This avoids loading your whole application
|
11
15
|
# just for the purpose of running a single test. If you are using a tool that
|
12
16
|
# preloads Rails for running tests, you may have to set it to true.
|
@@ -36,9 +40,4 @@ Dummy::Application.configure do
|
|
36
40
|
config.active_support.deprecation = :stderr
|
37
41
|
|
38
42
|
config.eager_load = true
|
39
|
-
|
40
|
-
if DOORKEEPER_ORM == :active_record
|
41
|
-
config.active_record.table_name_prefix = TABLE_NAME_PREFIX.to_s
|
42
|
-
config.active_record.table_name_suffix = TABLE_NAME_SUFFIX.to_s
|
43
|
-
end
|
44
43
|
end
|
@@ -29,10 +29,11 @@ Doorkeeper.configure do
|
|
29
29
|
# Issue access tokens with refresh token (disabled by default)
|
30
30
|
use_refresh_token
|
31
31
|
|
32
|
-
#
|
33
|
-
#
|
34
|
-
#
|
35
|
-
#
|
32
|
+
# Forbids creating/updating applications with arbitrary scopes that are
|
33
|
+
# not in configuration, i.e. `default_scopes` or `optional_scopes`.
|
34
|
+
# (disabled by default)
|
35
|
+
#
|
36
|
+
# enforce_configured_scopes
|
36
37
|
|
37
38
|
# Provide support for an owner to be assigned to each registered application (disabled by default)
|
38
39
|
# Optional parameter confirmation: true (default false) if you want to enforce ownership of
|
@@ -3,4 +3,8 @@
|
|
3
3
|
# made on earlier versions of Rails are not affected when upgrading.
|
4
4
|
if Rails::VERSION::MAJOR >= 5
|
5
5
|
Rails.application.config.active_record.belongs_to_required_by_default = true
|
6
|
+
|
7
|
+
if Rails::VERSION::MINOR >= 2
|
8
|
+
Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
|
9
|
+
end
|
6
10
|
end
|
data/spec/dummy/config/routes.rb
CHANGED
@@ -1,52 +1,13 @@
|
|
1
1
|
Rails.application.routes.draw do
|
2
2
|
use_doorkeeper
|
3
|
-
use_doorkeeper scope: 'scope'
|
4
3
|
|
5
|
-
|
6
|
-
|
7
|
-
controllers authorizations: 'custom_authorizations',
|
8
|
-
tokens: 'custom_authorizations',
|
9
|
-
applications: 'custom_authorizations',
|
10
|
-
token_info: 'custom_authorizations'
|
11
|
-
|
12
|
-
as authorizations: 'custom_auth',
|
13
|
-
tokens: 'custom_token',
|
14
|
-
token_info: 'custom_token_info'
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
scope 'space' do
|
19
|
-
use_doorkeeper do
|
20
|
-
controllers authorizations: 'custom_authorizations',
|
21
|
-
tokens: 'custom_authorizations',
|
22
|
-
applications: 'custom_authorizations',
|
23
|
-
token_info: 'custom_authorizations'
|
24
|
-
|
25
|
-
as authorizations: 'custom_auth',
|
26
|
-
tokens: 'custom_token',
|
27
|
-
token_info: 'custom_token_info'
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
scope 'outer_space' do
|
32
|
-
use_doorkeeper do
|
33
|
-
controllers authorizations: 'custom_authorizations',
|
34
|
-
tokens: 'custom_authorizations',
|
35
|
-
token_info: 'custom_authorizations'
|
36
|
-
|
37
|
-
as authorizations: 'custom_auth',
|
38
|
-
tokens: 'custom_token',
|
39
|
-
token_info: 'custom_token_info'
|
40
|
-
|
41
|
-
skip_controllers :tokens, :applications, :token_info
|
42
|
-
end
|
43
|
-
end
|
4
|
+
resources :semi_protected_resources
|
5
|
+
resources :full_protected_resources
|
44
6
|
|
45
7
|
get 'metal.json' => 'metal#index'
|
46
8
|
|
47
9
|
get '/callback', to: 'home#callback'
|
48
10
|
get '/sign_in', to: 'home#sign_in'
|
49
|
-
|
50
|
-
resources :full_protected_resources
|
11
|
+
|
51
12
|
root to: 'home#index'
|
52
13
|
end
|
data/spec/dummy/db/schema.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
# encoding: UTF-8
|
2
1
|
# This file is auto-generated from the current state of the database. Instead
|
3
2
|
# of editing this file, please use the migrations feature of Active Record to
|
4
3
|
# incrementally modify your database, and then regenerate this schema definition.
|
@@ -14,55 +13,56 @@
|
|
14
13
|
ActiveRecord::Schema.define(version: 20180210183654) do
|
15
14
|
|
16
15
|
create_table "oauth_access_grants", force: :cascade do |t|
|
17
|
-
t.integer
|
18
|
-
t.integer
|
19
|
-
t.string
|
20
|
-
t.integer
|
21
|
-
t.text
|
22
|
-
t.datetime "created_at",
|
16
|
+
t.integer "resource_owner_id", null: false
|
17
|
+
t.integer "application_id", null: false
|
18
|
+
t.string "token", null: false
|
19
|
+
t.integer "expires_in", null: false
|
20
|
+
t.text "redirect_uri", null: false
|
21
|
+
t.datetime "created_at", null: false
|
23
22
|
t.datetime "revoked_at"
|
24
|
-
t.string
|
23
|
+
t.string "scopes"
|
24
|
+
unless ENV['WITHOUT_PKCE']
|
25
|
+
t.string "code_challenge"
|
26
|
+
t.string "code_challenge_method"
|
27
|
+
end
|
28
|
+
t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
|
25
29
|
end
|
26
30
|
|
27
|
-
add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true
|
28
|
-
|
29
31
|
create_table "oauth_access_tokens", force: :cascade do |t|
|
30
|
-
t.integer
|
31
|
-
t.integer
|
32
|
-
t.string
|
33
|
-
t.string
|
34
|
-
t.integer
|
32
|
+
t.integer "resource_owner_id"
|
33
|
+
t.integer "application_id"
|
34
|
+
t.string "token", null: false
|
35
|
+
t.string "refresh_token"
|
36
|
+
t.integer "expires_in"
|
35
37
|
t.datetime "revoked_at"
|
36
|
-
t.datetime "created_at",
|
37
|
-
t.string
|
38
|
-
t.string
|
38
|
+
t.datetime "created_at", null: false
|
39
|
+
t.string "scopes"
|
40
|
+
t.string "previous_refresh_token", default: "", null: false
|
41
|
+
t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
|
42
|
+
t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
|
43
|
+
t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
|
39
44
|
end
|
40
45
|
|
41
|
-
add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
|
42
|
-
add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
|
43
|
-
add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true
|
44
|
-
|
45
46
|
create_table "oauth_applications", force: :cascade do |t|
|
46
|
-
t.string
|
47
|
-
t.string
|
48
|
-
t.string
|
49
|
-
t.text
|
50
|
-
t.string
|
51
|
-
t.datetime "created_at"
|
52
|
-
t.datetime "updated_at"
|
53
|
-
t.integer
|
54
|
-
t.string
|
47
|
+
t.string "name", null: false
|
48
|
+
t.string "uid", null: false
|
49
|
+
t.string "secret", null: false
|
50
|
+
t.text "redirect_uri", null: false
|
51
|
+
t.string "scopes", default: "", null: false
|
52
|
+
t.datetime "created_at", null: false
|
53
|
+
t.datetime "updated_at", null: false
|
54
|
+
t.integer "owner_id"
|
55
|
+
t.string "owner_type"
|
55
56
|
t.boolean "confidential", default: true, null: false
|
57
|
+
t.index ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
|
58
|
+
t.index ["uid"], name: "index_oauth_applications_on_uid", unique: true
|
56
59
|
end
|
57
60
|
|
58
|
-
add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
|
59
|
-
add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true
|
60
|
-
|
61
61
|
create_table "users", force: :cascade do |t|
|
62
|
-
t.string
|
62
|
+
t.string "name"
|
63
63
|
t.datetime "created_at"
|
64
64
|
t.datetime "updated_at"
|
65
|
-
t.string
|
65
|
+
t.string "password"
|
66
66
|
end
|
67
67
|
|
68
68
|
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
require 'generators/doorkeeper/confidential_applications_generator'
|
5
|
+
|
6
|
+
describe 'Doorkeeper::ConfidentialApplicationsGenerator' do
|
7
|
+
include GeneratorSpec::TestCase
|
8
|
+
|
9
|
+
tests Doorkeeper::ConfidentialApplicationsGenerator
|
10
|
+
destination ::File.expand_path('../tmp/dummy', __FILE__)
|
11
|
+
|
12
|
+
describe 'after running the generator' do
|
13
|
+
before :each do
|
14
|
+
prepare_destination
|
15
|
+
end
|
16
|
+
|
17
|
+
context 'pre Rails 5.0.0' do
|
18
|
+
it 'creates a migration with no version specifier' do
|
19
|
+
stub_const("ActiveRecord::VERSION::MAJOR", 4)
|
20
|
+
stub_const("ActiveRecord::VERSION::MINOR", 2)
|
21
|
+
|
22
|
+
run_generator
|
23
|
+
|
24
|
+
assert_migration 'db/migrate/add_confidential_to_applications.rb' do |migration|
|
25
|
+
assert migration.include?("ActiveRecord::Migration\n")
|
26
|
+
assert migration.include?(':confidential')
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
context 'post Rails 5.0.0' do
|
32
|
+
it 'creates a migration with a version specifier' do
|
33
|
+
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
34
|
+
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
35
|
+
|
36
|
+
run_generator
|
37
|
+
|
38
|
+
assert_migration 'db/migrate/add_confidential_to_applications.rb' do |migration|
|
39
|
+
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
40
|
+
assert migration.include?(':confidential')
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
require 'generators/doorkeeper/pkce_generator'
|
5
|
+
|
6
|
+
describe 'Doorkeeper::PkceGenerator' do
|
7
|
+
include GeneratorSpec::TestCase
|
8
|
+
|
9
|
+
tests Doorkeeper::PkceGenerator
|
10
|
+
destination ::File.expand_path('../tmp/dummy', __FILE__)
|
11
|
+
|
12
|
+
describe 'after running the generator' do
|
13
|
+
before :each do
|
14
|
+
prepare_destination
|
15
|
+
end
|
16
|
+
|
17
|
+
context 'pre Rails 5.0.0' do
|
18
|
+
it 'creates a migration with no version specifier' do
|
19
|
+
stub_const("ActiveRecord::VERSION::MAJOR", 4)
|
20
|
+
stub_const("ActiveRecord::VERSION::MINOR", 2)
|
21
|
+
|
22
|
+
run_generator
|
23
|
+
|
24
|
+
assert_migration 'db/migrate/enable_pkce.rb' do |migration|
|
25
|
+
assert migration.include?("ActiveRecord::Migration\n")
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context 'post Rails 5.0.0' do
|
31
|
+
it 'creates a migration with a version specifier' do
|
32
|
+
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
33
|
+
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
34
|
+
|
35
|
+
run_generator
|
36
|
+
|
37
|
+
assert_migration 'db/migrate/enable_pkce.rb' do |migration|
|
38
|
+
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|