RubyGems - doorkeeper - Versions diffs - 4.4.3 → 5.0.0 - Mend

doorkeeper 4.4.3 → 5.0.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (181) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.gitlab-ci.yml +16 -0
data/.travis.yml +2 -0
data/Appraisals +2 -2
data/Gemfile +1 -1
data/NEWS.md +61 -8
data/README.md +92 -9
data/Rakefile +6 -0
data/UPGRADE.md +2 -0
data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
data/app/controllers/doorkeeper/application_controller.rb +4 -3
data/app/controllers/doorkeeper/application_metal_controller.rb +4 -0
data/app/controllers/doorkeeper/applications_controller.rb +42 -22
data/app/controllers/doorkeeper/authorizations_controller.rb +55 -12
data/app/controllers/doorkeeper/authorized_applications_controller.rb +19 -2
data/app/controllers/doorkeeper/tokens_controller.rb +2 -6
data/app/helpers/doorkeeper/dashboard_helper.rb +7 -7
data/app/validators/redirect_uri_validator.rb +3 -2
data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
data/app/views/doorkeeper/applications/_form.html.erb +25 -24
data/app/views/doorkeeper/applications/edit.html.erb +1 -1
data/app/views/doorkeeper/applications/index.html.erb +17 -7
data/app/views/doorkeeper/applications/new.html.erb +1 -1
data/app/views/doorkeeper/applications/show.html.erb +6 -6
data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +4 -0
data/app/views/layouts/doorkeeper/admin.html.erb +15 -15
data/config/locales/en.yml +10 -1
data/doorkeeper.gemspec +18 -20
data/gemfiles/rails_5_2.gemfile +1 -1
data/gemfiles/rails_master.gemfile +4 -1
data/lib/doorkeeper/config.rb +75 -39
data/lib/doorkeeper/engine.rb +4 -0
data/lib/doorkeeper/errors.rb +2 -5
data/lib/doorkeeper/grape/helpers.rb +1 -1
data/lib/doorkeeper/helpers/controller.rb +7 -2
data/lib/doorkeeper/models/access_grant_mixin.rb +71 -0
data/lib/doorkeeper/models/access_token_mixin.rb +39 -22
data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
data/lib/doorkeeper/oauth/authorization/code.rb +31 -8
data/lib/doorkeeper/oauth/authorization/context.rb +15 -0
data/lib/doorkeeper/oauth/authorization/token.rb +36 -14
data/lib/doorkeeper/oauth/authorization_code_request.rb +27 -2
data/lib/doorkeeper/oauth/base_request.rb +20 -9
data/lib/doorkeeper/oauth/client/credentials.rb +1 -1
data/lib/doorkeeper/oauth/client.rb +0 -2
data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -1
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +6 -3
data/lib/doorkeeper/oauth/client_credentials/validation.rb +4 -6
data/lib/doorkeeper/oauth/client_credentials_request.rb +0 -4
data/lib/doorkeeper/oauth/error_response.rb +11 -3
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +0 -8
data/lib/doorkeeper/oauth/password_access_token_request.rb +7 -4
data/lib/doorkeeper/oauth/pre_authorization.rb +41 -11
data/lib/doorkeeper/oauth/refresh_token_request.rb +6 -1
data/lib/doorkeeper/oauth/scopes.rb +1 -1
data/lib/doorkeeper/oauth/token.rb +5 -2
data/lib/doorkeeper/oauth/token_introspection.rb +2 -2
data/lib/doorkeeper/oauth/token_response.rb +4 -2
data/lib/doorkeeper/oauth.rb +13 -0
data/lib/doorkeeper/orm/active_record/application.rb +22 -14
data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +26 -0
data/lib/doorkeeper/orm/active_record.rb +2 -0
data/lib/doorkeeper/rails/helpers.rb +2 -4
data/lib/doorkeeper/rails/routes.rb +14 -6
data/lib/doorkeeper/rake/db.rake +40 -0
data/lib/doorkeeper/rake/setup.rake +6 -0
data/lib/doorkeeper/rake.rb +14 -0
data/lib/doorkeeper/request/authorization_code.rb +0 -2
data/lib/doorkeeper/request/client_credentials.rb +0 -2
data/lib/doorkeeper/request/code.rb +0 -2
data/lib/doorkeeper/request/password.rb +0 -2
data/lib/doorkeeper/request/refresh_token.rb +0 -2
data/lib/doorkeeper/request/token.rb +0 -2
data/lib/doorkeeper/request.rb +28 -35
data/lib/doorkeeper/version.rb +5 -25
data/lib/doorkeeper.rb +19 -17
data/lib/generators/doorkeeper/application_owner_generator.rb +23 -18
data/lib/generators/doorkeeper/confidential_applications_generator.rb +32 -0
data/lib/generators/doorkeeper/install_generator.rb +17 -9
data/lib/generators/doorkeeper/migration_generator.rb +23 -18
data/lib/generators/doorkeeper/pkce_generator.rb +32 -0
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +29 -24
data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +6 -0
data/lib/generators/doorkeeper/templates/initializer.rb +76 -11
data/lib/generators/doorkeeper/views_generator.rb +3 -1
data/spec/controllers/application_metal_controller_spec.rb +50 -0
data/spec/controllers/applications_controller_spec.rb +126 -13
data/spec/controllers/authorizations_controller_spec.rb +277 -47
data/spec/controllers/protected_resources_controller_spec.rb +16 -16
data/spec/controllers/token_info_controller_spec.rb +4 -12
data/spec/controllers/tokens_controller_spec.rb +13 -15
data/spec/dummy/app/assets/config/manifest.js +2 -0
data/spec/dummy/config/environments/test.rb +4 -5
data/spec/dummy/config/initializers/doorkeeper.rb +10 -5
data/spec/dummy/config/initializers/new_framework_defaults.rb +4 -0
data/spec/dummy/config/routes.rb +3 -42
data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +6 -0
data/spec/dummy/db/migrate/{20180210183654_add_confidential_to_application.rb → 20180210183654_add_confidential_to_applications.rb} +1 -1
data/spec/dummy/db/schema.rb +36 -36
data/spec/generators/application_owner_generator_spec.rb +1 -1
data/spec/generators/confidential_applications_generator_spec.rb +45 -0
data/spec/generators/install_generator_spec.rb +1 -1
data/spec/generators/migration_generator_spec.rb +1 -1
data/spec/generators/pkce_generator_spec.rb +43 -0
data/spec/generators/previous_refresh_token_generator_spec.rb +1 -1
data/spec/generators/views_generator_spec.rb +1 -1
data/spec/grape/grape_integration_spec.rb +1 -1
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +80 -31
data/spec/lib/doorkeeper_spec.rb +1 -126
data/spec/lib/models/expirable_spec.rb +0 -3
data/spec/lib/models/revocable_spec.rb +0 -2
data/spec/lib/models/scopes_spec.rb +0 -4
data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -4
data/spec/lib/oauth/authorization_code_request_spec.rb +9 -2
data/spec/lib/oauth/base_request_spec.rb +40 -2
data/spec/lib/oauth/base_response_spec.rb +1 -1
data/spec/lib/oauth/client/credentials_spec.rb +1 -3
data/spec/lib/oauth/client_credentials/creator_spec.rb +5 -1
data/spec/lib/oauth/client_credentials/issuer_spec.rb +26 -7
data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -3
data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
data/spec/lib/oauth/client_credentials_request_spec.rb +3 -5
data/spec/lib/oauth/client_spec.rb +0 -3
data/spec/lib/oauth/code_request_spec.rb +4 -2
data/spec/lib/oauth/error_response_spec.rb +0 -3
data/spec/lib/oauth/error_spec.rb +0 -2
data/spec/lib/oauth/forbidden_token_response_spec.rb +1 -4
data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -3
data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -1
data/spec/lib/oauth/helpers/uri_checker_spec.rb +5 -7
data/spec/lib/oauth/invalid_token_response_spec.rb +1 -4
data/spec/lib/oauth/password_access_token_request_spec.rb +37 -2
data/spec/lib/oauth/pre_authorization_spec.rb +33 -4
data/spec/lib/oauth/refresh_token_request_spec.rb +11 -7
data/spec/lib/oauth/scopes_spec.rb +0 -3
data/spec/lib/oauth/token_request_spec.rb +4 -5
data/spec/lib/oauth/token_response_spec.rb +0 -1
data/spec/lib/oauth/token_spec.rb +37 -14
data/spec/lib/orm/active_record/stale_records_cleaner_spec.rb +79 -0
data/spec/lib/request/strategy_spec.rb +0 -1
data/spec/lib/server_spec.rb +1 -1
data/spec/models/doorkeeper/access_grant_spec.rb +44 -1
data/spec/models/doorkeeper/access_token_spec.rb +66 -22
data/spec/models/doorkeeper/application_spec.rb +14 -47
data/spec/requests/applications/applications_request_spec.rb +134 -1
data/spec/requests/applications/authorized_applications_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +1 -1
data/spec/requests/endpoints/token_spec.rb +7 -5
data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
data/spec/requests/flows/authorization_code_spec.rb +197 -1
data/spec/requests/flows/client_credentials_spec.rb +46 -6
data/spec/requests/flows/implicit_grant_errors_spec.rb +1 -1
data/spec/requests/flows/implicit_grant_spec.rb +38 -11
data/spec/requests/flows/password_spec.rb +56 -2
data/spec/requests/flows/refresh_token_spec.rb +2 -2
data/spec/requests/flows/revoke_token_spec.rb +11 -11
data/spec/requests/flows/skip_authorization_spec.rb +16 -11
data/spec/requests/protected_resources/metal_spec.rb +1 -1
data/spec/requests/protected_resources/private_api_spec.rb +1 -1
data/spec/routing/custom_controller_routes_spec.rb +59 -7
data/spec/routing/default_routes_spec.rb +2 -2
data/spec/routing/scoped_routes_spec.rb +16 -2
data/spec/spec_helper.rb +54 -3
data/spec/spec_helper_integration.rb +2 -74
data/spec/support/dependencies/{factory_girl.rb → factory_bot.rb} +0 -0
data/spec/support/doorkeeper_rspec.rb +19 -0
data/spec/support/helpers/authorization_request_helper.rb +4 -4
data/spec/support/helpers/request_spec_helper.rb +10 -2
data/spec/support/helpers/url_helper.rb +7 -3
data/spec/support/http_method_shim.rb +12 -16
data/spec/validators/redirect_uri_validator_spec.rb +7 -1
data/spec/version/version_spec.rb +3 -3
data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
metadata +37 -33
data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +0 -31
data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +0 -11
data/spec/controllers/application_metal_controller.rb +0 -10

data/spec/models/doorkeeper/access_token_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper
   describe AccessToken do
@@ -144,7 +144,7 @@ module Doorkeeper
         end
         module CustomGeneratorArgs
-          def self.generate(opts = {})
+          def self.generate(_opts = {})
             raise LoadError, 'custom behaviour'
           end
         end
@@ -218,7 +218,7 @@ module Doorkeeper
       context 'with default parameters' do
         let(:resource_owner_id) { 100 }
-        let(:application)    { FactoryBot.create :application }
+        let(:application) { FactoryBot.create :application }
         let(:default_attributes) do
           { application: application, resource_owner_id: resource_owner_id }
         end
@@ -306,15 +306,25 @@ module Doorkeeper
       end
       it 'matches application' do
-        FactoryBot.create :access_token, default_attributes.merge(application: FactoryBot.create(:application))
+        access_token_for_different_app = FactoryBot.create(
+          :access_token,
+          default_attributes.merge(application: FactoryBot.create(:application))
+        )
         AccessToken.revoke_all_for application.id, resource_owner
-        expect(AccessToken.all).not_to be_empty
+        expect(access_token_for_different_app.reload).not_to be_revoked
       end
       it 'matches resource owner' do
-        FactoryBot.create :access_token, default_attributes.merge(resource_owner_id: 90)
+        access_token_for_different_owner = FactoryBot.create(
+          :access_token,
+          default_attributes.merge(resource_owner_id: 90)
+        )
         AccessToken.revoke_all_for application.id, resource_owner
-        expect(AccessToken.all).not_to be_empty
+        expect(access_token_for_different_owner.reload).not_to be_revoked
       end
     end
@@ -330,6 +340,10 @@ module Doorkeeper
         }
       end
+      before do
+        default_scopes_exist(*scopes.all)
+      end
       it 'returns only one token' do
         token = FactoryBot.create :access_token, default_attributes
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
@@ -355,37 +369,45 @@ module Doorkeeper
         expect(last_token).to be_nil
       end
-      it 'matches the application' do
+      it "excludes tokens with a different application" do
         FactoryBot.create :access_token, default_attributes.merge(application: FactoryBot.create(:application))
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
-      it 'matches the resource owner' do
+      it "excludes tokens with a different resource owner" do
         FactoryBot.create :access_token, default_attributes.merge(resource_owner_id: 2)
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
-      it 'matches token with fewer scopes' do
+      it "excludes tokens with fewer scopes" do
         FactoryBot.create :access_token, default_attributes.merge(scopes: 'public')
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
-      it 'matches token with different scopes' do
+      it 'excludes tokens with different scopes' do
         FactoryBot.create :access_token, default_attributes.merge(scopes: 'public email')
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
-      it 'matches token with more scopes' do
+      it 'excludes tokens with additional scopes' do
         FactoryBot.create :access_token, default_attributes.merge(scopes: 'public write email')
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
       end
-      it 'matches application scopes' do
+      it 'excludes tokens with scopes that are not present in server scopes' do
+        FactoryBot.create :access_token, default_attributes.merge(
+          application: application, scopes: 'public read'
+        )
+        last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
+        expect(last_token).to be_nil
+      end
+      it 'excludes tokens with scopes that are not present in application scopes' do
         application = FactoryBot.create :application, scopes: "private read"
         FactoryBot.create :access_token, default_attributes.merge(
           application: application
@@ -394,25 +416,47 @@ module Doorkeeper
         expect(last_token).to be_nil
       end
-      it 'returns the last created token' do
+      it 'does not match token if empty scope requested and token/app scopes present' do
+        application = FactoryBot.create :application, scopes: "sample:scope"
+        app_params = {
+          application_id: application.id, scopes: "sample:scope",
+          resource_owner_id: 100
+        }
+        FactoryBot.create :access_token, app_params
+        empty_scopes = Doorkeeper::OAuth::Scopes.from_string("")
+        last_token = AccessToken.matching_token_for(application, 100, empty_scopes)
+        expect(last_token).to be_nil
+      end
+      it 'matches token if empty scope requested and no token scopes present' do
+        empty_scopes = Doorkeeper::OAuth::Scopes.from_string("")
+        token = FactoryBot.create :access_token, default_attributes.merge(scopes: empty_scopes)
+        last_token = AccessToken.matching_token_for(application, 100, empty_scopes)
+        expect(last_token).to eq(token)
+      end
+      it 'returns the last matching token' do
         FactoryBot.create :access_token, default_attributes.merge(created_at: 1.day.ago)
-        token = FactoryBot.create :access_token, default_attributes
+        matching_token = FactoryBot.create :access_token, default_attributes
+        FactoryBot.create :access_token, default_attributes.merge(scopes: 'public')
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
-        expect(last_token).to eq(token)
+        expect(last_token).to eq(matching_token)
       end
+    end
-      it 'returns as_json hash' do
-        token = FactoryBot.create :access_token, default_attributes
+    describe "#as_json" do
+      it "returns as_json hash" do
+        token = FactoryBot.create :access_token
         token_hash = {
           resource_owner_id:  token.resource_owner_id,
-          scopes:             token.scopes,
-          expires_in_seconds: token.expires_in_seconds,
+          scope:              token.scopes,
+          expires_in:         token.expires_in_seconds,
           application:        { uid: token.application.uid },
-          created_at:         token.created_at.to_i,
+          created_at:         token.created_at.to_i
         }
         expect(token.as_json).to eq token_hash
       end
     end
   end
 end

data/spec/models/doorkeeper/application_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper
   describe Application do
@@ -206,6 +206,19 @@ module Doorkeeper
       end
     end
+    describe :revoke_tokens_and_grants_for do
+      it 'revokes all access tokens and access grants' do
+        application_id = 42
+        resource_owner = double
+        expect(Doorkeeper::AccessToken).
+          to receive(:revoke_all_for).with(application_id, resource_owner)
+        expect(Doorkeeper::AccessGrant).
+          to receive(:revoke_all_for).with(application_id, resource_owner)
+        Application.revoke_tokens_and_grants_for(application_id, resource_owner)
+      end
+    end
     describe :by_uid_and_secret do
       context "when application is private/confidential" do
         it "finds the application via uid/secret" do
@@ -253,51 +266,5 @@ module Doorkeeper
         it { expect(subject).to eq(false) }
       end
     end
-    describe :confidential do
-      subject { FactoryBot.create(:application, confidential: confidential).confidential }
-      context 'when application is private/confidential' do
-        let(:confidential) { true }
-        it { expect(subject).to eq(true) }
-      end
-      context 'when application is public/non-confidential' do
-        let(:confidential) { false }
-        it { expect(subject).to eq(false) }
-      end
-      context 'when the application does not support confidentiality' do
-        let(:confidential) { false }
-        before { allow(Application).to receive(:supports_confidentiality?).and_return(false) }
-        it 'warns of the CVE' do
-          expect(ActiveSupport::Deprecation).to receive(:warn).with(
-            'You are susceptible to security bug ' \
-            'CVE-2018-1000211. Please follow instructions outlined in ' \
-            'Doorkeeper::CVE_2018_1000211_WARNING'
-          )
-          Application.new.confidential
-        end
-        it { expect(subject).to eq(true) }
-      end
-    end
-    describe :supports_confidentiality? do
-      context 'when no column' do
-        it 'returns false' do
-          expect(Application).to receive(:column_names).and_return(%w[foo bar])
-          expect(Application.supports_confidentiality?).to eq(false)
-        end
-      end
-      context 'when column' do
-        it 'returns true' do
-          expect(Application).to receive(:column_names).and_return(%w[foo bar confidential])
-          expect(Application.supports_confidentiality?).to eq(true)
-        end
-      end
-    end
   end
 end

data/spec/requests/applications/applications_request_spec.rb CHANGED Viewed

@@ -1,8 +1,9 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 feature 'Adding applications' do
   context 'in application form' do
     background do
+      i_am_logged_in
       visit '/oauth/applications/new'
     end
@@ -20,29 +21,123 @@ feature 'Adding applications' do
       click_button 'Submit'
       i_should_see 'Whoops! Check your form for possible errors'
     end
+    scenario "adding app ignoring bad scope" do
+      config_is_set("enforce_configured_scopes", false)
+      fill_in "doorkeeper_application[name]", with: "My Application"
+      fill_in "doorkeeper_application[redirect_uri]",
+              with: "https://example.com"
+      fill_in "doorkeeper_application[scopes]", with: "blahblah"
+      click_button "Submit"
+      i_should_see "Application created"
+      i_should_see "My Application"
+    end
+    scenario "adding app validating bad scope" do
+      config_is_set("enforce_configured_scopes", true)
+      fill_in "doorkeeper_application[name]", with: "My Application"
+      fill_in "doorkeeper_application[redirect_uri]",
+              with: "https://example.com"
+      fill_in "doorkeeper_application[scopes]", with: "blahblah"
+      click_button "Submit"
+      i_should_see "Whoops! Check your form for possible errors"
+    end
+    scenario "adding app validating scope, blank scope is accepted" do
+      config_is_set("enforce_configured_scopes", true)
+      fill_in "doorkeeper_application[name]", with: "My Application"
+      fill_in "doorkeeper_application[redirect_uri]",
+              with: "https://example.com"
+      fill_in "doorkeeper_application[scopes]", with: ""
+      click_button "Submit"
+      i_should_see "Application created"
+      i_should_see "My Application"
+    end
+    scenario "adding app validating scope, multiple scopes configured" do
+      config_is_set("enforce_configured_scopes", true)
+      scopes = Doorkeeper::OAuth::Scopes.from_array(%w(read write admin))
+      config_is_set("optional_scopes", scopes)
+      fill_in "doorkeeper_application[name]", with: "My Application"
+      fill_in "doorkeeper_application[redirect_uri]",
+              with: "https://example.com"
+      fill_in "doorkeeper_application[scopes]", with: "read write"
+      click_button "Submit"
+      i_should_see "Application created"
+      i_should_see "My Application"
+    end
+    scenario "adding app validating scope, bad scope with multiple scopes configured" do
+      config_is_set("enforce_configured_scopes", true)
+      scopes = Doorkeeper::OAuth::Scopes.from_array(%w(read write admin))
+      config_is_set("optional_scopes", scopes)
+      fill_in "doorkeeper_application[name]", with: "My Application"
+      fill_in "doorkeeper_application[redirect_uri]",
+              with: "https://example.com"
+      fill_in "doorkeeper_application[scopes]", with: "read blah"
+      click_button "Submit"
+      i_should_see "Whoops! Check your form for possible errors"
+      i_should_see Regexp.new(
+        I18n.t('activerecord.errors.models.doorkeeper/application.attributes.scopes.not_match_configured'),
+        true
+      )
+    end
   end
 end
 feature 'Listing applications' do
   background do
+    i_am_logged_in
     FactoryBot.create :application, name: 'Oauth Dude'
     FactoryBot.create :application, name: 'Awesome App'
   end
   scenario 'application list' do
     visit '/oauth/applications'
     i_should_see 'Awesome App'
     i_should_see 'Oauth Dude'
   end
 end
+feature 'Renders assets' do
+  scenario 'admin stylesheets' do
+    visit '/assets/doorkeeper/admin/application.css'
+    i_should_see 'Bootstrap'
+    i_should_see '.doorkeeper-admin'
+  end
+  scenario 'application stylesheets' do
+    visit '/assets/doorkeeper/application.css'
+    i_should_see 'Bootstrap'
+    i_should_see '#oauth-permissions'
+    i_should_see '#container'
+  end
+end
 feature 'Show application' do
   given :app do
+    i_am_logged_in
     FactoryBot.create :application, name: 'Just another oauth app'
   end
   scenario 'visiting application page' do
     visit "/oauth/applications/#{app.id}"
     i_should_see 'Just another oauth app'
   end
 end
@@ -53,12 +148,15 @@ feature 'Edit application' do
   end
   background do
+    i_am_logged_in
     visit "/oauth/applications/#{app.id}/edit"
   end
   scenario 'updating a valid app' do
     fill_in 'doorkeeper_application[name]', with: 'Serious app'
     click_button 'Submit'
     i_should_see 'Application updated'
     i_should_see 'Serious app'
     i_should_not_see 'OMG my app'
@@ -67,21 +165,27 @@ feature 'Edit application' do
   scenario 'updating an invalid app' do
     fill_in 'doorkeeper_application[name]', with: ''
     click_button 'Submit'
     i_should_see 'Whoops! Check your form for possible errors'
   end
 end
 feature 'Remove application' do
   background do
+    i_am_logged_in
     @app = FactoryBot.create :application
   end
   scenario 'deleting an application from list' do
     visit '/oauth/applications'
     i_should_see @app.name
     within(:css, "tr#application_#{@app.id}") do
       click_button 'Destroy'
     end
     i_should_see 'Application deleted'
     i_should_not_see @app.name
   end
@@ -89,6 +193,35 @@ feature 'Remove application' do
   scenario 'deleting an application from show' do
     visit "/oauth/applications/#{@app.id}"
     click_button 'Destroy'
     i_should_see 'Application deleted'
   end
 end
+context 'when admin authenticator block is default' do
+  let(:app) { FactoryBot.create :application, name: 'app' }
+  feature 'application list' do
+    scenario 'fails with forbidden' do
+      visit '/oauth/applications'
+      should_have_status 403
+    end
+  end
+  feature 'adding an app' do
+    scenario 'fails with forbidden' do
+      visit '/oauth/applications/new'
+      should_have_status 403
+    end
+  end
+  feature 'editing an app' do
+    scenario 'fails with forbidden' do
+      visit "/oauth/applications/#{app.id}/edit"
+      should_have_status 403
+    end
+  end
+end

data/spec/requests/applications/authorized_applications_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 feature 'Authorized applications' do
   background do

data/spec/requests/endpoints/authorization_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 feature 'Authorization endpoint' do
   background do

data/spec/requests/endpoints/token_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 describe 'Token endpoint' do
   before do
@@ -21,10 +21,12 @@ describe 'Token endpoint' do
   end
   it 'accepts client credentials with basic auth header' do
-    post token_endpoint_url(
-      code: @authorization.token,
-      redirect_uri: @client.redirect_uri
-    ), {}, 'HTTP_AUTHORIZATION' => basic_auth_header_for_client(@client)
+    post token_endpoint_url,
+         params: {
+           code: @authorization.token,
+           redirect_uri: @client.redirect_uri
+         },
+         headers: { 'HTTP_AUTHORIZATION' => basic_auth_header_for_client(@client) }
     should_have_json 'access_token', Doorkeeper::AccessToken.first.token
   end

data/spec/requests/flows/authorization_code_errors_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 feature 'Authorization Code Flow Errors' do
   let(:client_params) { {} }