doorkeeper 4.4.3 → 5.0.0

data/spec/lib/config_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe Doorkeeper, 'configuration' do
   subject { Doorkeeper.configuration }
@@ -66,6 +66,17 @@ describe Doorkeeper, 'configuration' do
   end
 
   describe 'admin_authenticator' do
+    it 'sets the block that is accessible via authenticate_admin' do
+      default_behaviour = 'default behaviour'
+      allow(Doorkeeper::Config).to receive(:head).and_return(default_behaviour)
+
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+      end
+
+      expect(subject.authenticate_admin.call({})).to eq(default_behaviour)
+    end
+
     it 'sets the block that is accessible via authenticate_admin' do
       block = proc {}
       Doorkeeper.configure do
@@ -122,7 +133,7 @@ describe Doorkeeper, 'configuration' do
     it 'has all scopes' do
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        default_scopes  :normal
+        default_scopes :normal
         optional_scopes :admin
       end
 
@@ -132,7 +143,7 @@ describe Doorkeeper, 'configuration' do
 
   describe 'use_refresh_token' do
     it 'is false by default' do
-      expect(subject.refresh_token_enabled?).to be_falsey
+      expect(subject.refresh_token_enabled?).to eq(false)
     end
 
     it 'can change the value' do
@@ -141,7 +152,25 @@ describe Doorkeeper, 'configuration' do
         use_refresh_token
       end
 
-      expect(subject.refresh_token_enabled?).to be_truthy
+      expect(subject.refresh_token_enabled?).to eq(true)
+    end
+
+    it 'can accept a boolean parameter' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        use_refresh_token false
+      end
+
+      expect(subject.refresh_token_enabled?).to eq(false)
+    end
+
+    it 'can accept a block parameter' do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        use_refresh_token { |_context| nil }
+      end
+
+      expect(subject.refresh_token_enabled?).to be_a(Proc)
     end
 
     it "does not includes 'refresh_token' in authorization_response_types" do
@@ -162,28 +191,18 @@ describe Doorkeeper, 'configuration' do
     end
   end
 
-  describe 'opt_out_native_route_change' do
-    around(:each) do |example|
-      Doorkeeper.configure do
-        orm DOORKEEPER_ORM
-        opt_out_native_route_change
-      end
-
-      Rails.application.reload_routes!
-
-      subject { Doorkeeper.configuration }
-
-      example.run
+  describe 'enforce_configured_scopes' do
+    it 'is false by default' do
+      expect(subject.enforce_configured_scopes?).to eq(false)
+    end
 
+    it 'can change the value' do
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
+        enforce_configured_scopes
       end
 
-      Rails.application.reload_routes!
-    end
-
-    it 'sets the native authorization code route /:code' do
-      expect(subject.native_authorization_code_route).to eq('/:code')
+      expect(subject.enforce_configured_scopes?).to eq(true)
     end
   end
 
@@ -204,7 +223,7 @@ describe Doorkeeper, 'configuration' do
 
   describe 'force_ssl_in_redirect_uri' do
     it 'is true by default in non-development environments' do
-      expect(subject.force_ssl_in_redirect_uri).to be_truthy
+      expect(subject.force_ssl_in_redirect_uri).to eq(true)
     end
 
     it 'can change the value' do
@@ -213,7 +232,7 @@ describe Doorkeeper, 'configuration' do
         force_ssl_in_redirect_uri(false)
       end
 
-      expect(subject.force_ssl_in_redirect_uri).to be_falsey
+      expect(subject.force_ssl_in_redirect_uri).to eq(false)
     end
 
     it 'can be a callable object' do
@@ -224,7 +243,7 @@ describe Doorkeeper, 'configuration' do
       end
 
       expect(subject.force_ssl_in_redirect_uri).to eq(block)
-      expect(subject.force_ssl_in_redirect_uri.call).to be_falsey
+      expect(subject.force_ssl_in_redirect_uri.call).to eq(false)
     end
   end
 
@@ -245,7 +264,7 @@ describe Doorkeeper, 'configuration' do
 
   describe 'forbid_redirect_uri' do
     it 'is false by default' do
-      expect(subject.forbid_redirect_uri.call(URI.parse('https://localhost'))).to be_falsey
+      expect(subject.forbid_redirect_uri.call(URI.parse('https://localhost'))).to eq(false)
     end
 
     it 'can be a callable object' do
@@ -256,13 +275,13 @@ describe Doorkeeper, 'configuration' do
       end
 
       expect(subject.forbid_redirect_uri).to eq(block)
-      expect(subject.forbid_redirect_uri.call).to be_truthy
+      expect(subject.forbid_redirect_uri.call).to eq(true)
     end
   end
 
   describe 'enable_application_owner' do
     it 'is disabled by default' do
-      expect(Doorkeeper.configuration.enable_application_owner?).not_to be_truthy
+      expect(Doorkeeper.configuration.enable_application_owner?).not_to eq(true)
     end
 
     context 'when enabled without confirmation' do
@@ -278,7 +297,7 @@ describe Doorkeeper, 'configuration' do
       end
 
       it 'Doorkeeper.configuration.confirm_application_owner? returns false' do
-        expect(Doorkeeper.configuration.confirm_application_owner?).not_to be_truthy
+        expect(Doorkeeper.configuration.confirm_application_owner?).not_to eq(true)
       end
     end
 
@@ -295,7 +314,7 @@ describe Doorkeeper, 'configuration' do
       end
 
       it 'Doorkeeper.configuration.confirm_application_owner? returns true' do
-        expect(Doorkeeper.configuration.confirm_application_owner?).to be_truthy
+        expect(Doorkeeper.configuration.confirm_application_owner?).to eq(true)
       end
     end
   end
@@ -324,10 +343,10 @@ describe Doorkeeper, 'configuration' do
     it "can change the value" do
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        grant_flows ['authorization_code', 'implicit']
+        grant_flows %w[authorization_code implicit]
       end
 
-      expect(subject.grant_flows).to eq ['authorization_code', 'implicit']
+      expect(subject.grant_flows).to eq %w[authorization_code implicit]
     end
 
     context "when including 'authorization_code'" do
@@ -459,4 +478,34 @@ describe Doorkeeper, 'configuration' do
       end
     end
   end
+
+  describe "api_only" do
+    it "is false by default" do
+      expect(subject.api_only).to eq(false)
+    end
+
+    it "can change the value" do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        api_only
+      end
+
+      expect(subject.api_only).to eq(true)
+    end
+  end
+
+  describe 'strict_content_type' do
+    it 'is false by default' do
+      expect(subject.enforce_content_type).to eq(false)
+    end
+
+    it "can change the value" do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        enforce_content_type
+      end
+
+      expect(subject.enforce_content_type).to eq(true)
+    end
+  end
 end

data/spec/lib/doorkeeper_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 describe Doorkeeper do
   describe "#authenticate" do
@@ -22,129 +22,4 @@ describe Doorkeeper do
       Doorkeeper.authenticate(request, token_strategies)
     end
   end
-
-  describe "#configured?" do
-    after do
-      Doorkeeper.remove_instance_variable(:@config)
-    end
-
-    context "@config is set" do
-      it "returns true" do
-        Doorkeeper.instance_variable_set(:@config, "hi")
-
-        expect(Doorkeeper.configured?).to eq(true)
-      end
-    end
-
-    context "@config is not set" do
-      it "returns false" do
-        Doorkeeper.instance_variable_set(:@config, nil)
-
-        expect(Doorkeeper.configured?).to eq(false)
-      end
-    end
-
-    it "is deprecated" do
-      expect(ActiveSupport::Deprecation).to receive(:warn).
-        with("Method `Doorkeeper#configured?` has been deprecated without replacement.")
-
-      Doorkeeper.configured?
-    end
-  end
-
-  describe "#database_installed?" do
-    before do
-      ["AccessToken", "AccessGrant", "Application"].each do |klass|
-        @original_classes ||= {}
-        @original_classes[klass] = Doorkeeper.const_get(klass)
-        Doorkeeper.send(:remove_const, klass)
-      end
-    end
-
-    after do
-      ["AccessToken", "AccessGrant", "Application"].each do |klass|
-        Doorkeeper.send(:remove_const, klass)
-        Doorkeeper.const_set(klass, @original_classes[klass])
-      end
-    end
-
-    context "all tables exist" do
-      before do
-        klass = double table_exists?: true
-
-        Doorkeeper.const_set(:AccessToken, klass)
-        Doorkeeper.const_set(:AccessGrant, klass)
-        Doorkeeper.const_set(:Application, klass)
-      end
-
-      it "returns true" do
-        expect(Doorkeeper.database_installed?).to eq(true)
-      end
-
-      it "is deprecated" do
-        expect(ActiveSupport::Deprecation).to receive(:warn).
-          with("Method `Doorkeeper#database_installed?` has been deprecated without replacement.")
-
-        Doorkeeper.database_installed?
-      end
-    end
-
-    context "all tables do not exist" do
-      before do
-        klass = double table_exists?: false
-
-        Doorkeeper.const_set(:AccessToken, klass)
-        Doorkeeper.const_set(:AccessGrant, klass)
-        Doorkeeper.const_set(:Application, klass)
-      end
-
-      it "returns false" do
-        expect(Doorkeeper.database_installed?).to eq(false)
-      end
-
-      it "is deprecated" do
-        expect(ActiveSupport::Deprecation).to receive(:warn).
-          with("Method `Doorkeeper#database_installed?` has been deprecated without replacement.")
-
-        Doorkeeper.database_installed?
-      end
-    end
-  end
-
-  describe "#installed?" do
-    context "methods return true" do
-      before do
-        allow(Doorkeeper).to receive(:configured?).and_return(true).once
-        allow(Doorkeeper).to receive(:database_installed?).and_return(true).once
-      end
-
-      it "returns true" do
-        expect(Doorkeeper.installed?).to eq(true)
-      end
-    end
-
-    context "methods return false" do
-      before do
-        allow(Doorkeeper).to receive(:configured?).and_return(false).once
-        allow(Doorkeeper).to receive(:database_installed?).and_return(false).once
-      end
-
-      it "returns false" do
-        expect(Doorkeeper.installed?).to eq(false)
-      end
-    end
-
-    it "is deprecated" do
-      expect(ActiveSupport::Deprecation).to receive(:warn).
-        with("Method `Doorkeeper#configured?` has been deprecated without replacement.")
-
-      expect(ActiveSupport::Deprecation).to receive(:warn).
-        with("Method `Doorkeeper#database_installed?` has been deprecated without replacement.")
-
-      expect(ActiveSupport::Deprecation).to receive(:warn).
-        with("Method `Doorkeeper#installed?` has been deprecated without replacement.")
-
-      Doorkeeper.installed?
-    end
-  end
 end

data/spec/lib/models/expirable_spec.rb

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/time'
-require 'doorkeeper/models/concerns/expirable'
 
 describe 'Expirable' do
   subject do
@@ -45,6 +43,5 @@ describe 'Expirable' do
       allow(subject).to receive(:expires_in).and_return(nil)
       expect(subject.expires_in_seconds).to be_nil
     end
-
   end
 end

data/spec/lib/models/revocable_spec.rb

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/object/blank'
-require 'doorkeeper/models/concerns/revocable'
 
 describe 'Revocable' do
   subject do

data/spec/lib/models/scopes_spec.rb

@@ -1,8 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/module/delegation'
-require 'active_support/core_ext/object/blank'
-require 'doorkeeper/oauth/scopes'
-require 'doorkeeper/models/concerns/scopes'
 
 describe 'Doorkeeper::Models::Scopes' do
   subject do

data/spec/lib/oauth/authorization/uri_builder_spec.rb

@@ -1,8 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/string'
-require 'uri'
-require 'rack/utils'
-require 'doorkeeper/oauth/authorization/uri_builder'
 
 module Doorkeeper::OAuth::Authorization
   describe URIBuilder do

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 module Doorkeeper::OAuth
   describe AuthorizationCodeRequest do
@@ -6,7 +6,9 @@ module Doorkeeper::OAuth
       double :server,
              access_token_expires_in: 2.days,
              refresh_token_enabled?: false,
-             custom_access_token_expires_in: ->(_app) { nil }
+             custom_access_token_expires_in: lambda { |context|
+               context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
+             }
     end
 
     let(:grant)  { FactoryBot.create :access_grant }
@@ -22,6 +24,8 @@ module Doorkeeper::OAuth
       expect do
         subject.authorize
       end.to change { client.reload.access_tokens.count }.by(1)
+
+      expect(client.reload.access_tokens.sort_by(&:created_at).last.expires_in).to eq(1234)
     end
 
     it "issues the token with same grant's scopes" do
@@ -70,9 +74,12 @@ module Doorkeeper::OAuth
     end
 
     it 'skips token creation if there is a matching one' do
+      scopes = grant.scopes
+
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
         reuse_access_token
+        default_scopes(*scopes)
       end
 
       FactoryBot.create(:access_token, application_id: client.id,

data/spec/lib/oauth/base_request_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 module Doorkeeper::OAuth
   describe BaseRequest do
@@ -20,7 +20,7 @@ module Doorkeeper::OAuth
     let(:server) do
       double :server,
         access_token_expires_in: 100,
-        custom_access_token_expires_in: ->(_) { nil },
+        custom_access_token_expires_in: ->(_context) { nil },
         refresh_token_enabled?: false
     end
 
@@ -105,6 +105,44 @@ module Doorkeeper::OAuth
 
         expect(result).to be_an_instance_of(Doorkeeper::AccessToken)
       end
+
+      it "respects custom_access_token_expires_in" do
+        server = double(:server,
+                        access_token_expires_in: 100,
+                        custom_access_token_expires_in: ->(context) { context.scopes == "public" ? 500 : nil },
+                        refresh_token_enabled?: false)
+        result = subject.find_or_create_access_token(
+          client,
+          "1",
+          "public",
+          server
+        )
+        expect(result.expires_in).to eql(500)
+      end
+
+      it "respects use_refresh_token with a block" do
+        server = double(:server,
+                        access_token_expires_in: 100,
+                        custom_access_token_expires_in: ->(_context) { nil },
+                        refresh_token_enabled?: lambda { |context|
+                          context.scopes == "public"
+                        })
+        result = subject.find_or_create_access_token(
+          client,
+          "1",
+          "public",
+          server
+        )
+        expect(result.refresh_token).to_not be_nil
+
+        result = subject.find_or_create_access_token(
+          client,
+          "1",
+          "private",
+          server
+        )
+        expect(result.refresh_token).to be_nil
+      end
     end
 
     describe "#scopes" do

data/spec/lib/oauth/base_response_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 module Doorkeeper::OAuth
   describe BaseResponse do

data/spec/lib/oauth/client/credentials_spec.rb

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/string'
-require 'doorkeeper/oauth/client'
 
 class Doorkeeper::OAuth::Client
   describe Credentials do
@@ -18,7 +16,7 @@ class Doorkeeper::OAuth::Client
       let(:request) { double.as_null_object }
 
       let(:method) do
-        ->(_request) { return 'uid', 'secret' }
+        ->(_request) { ['uid', 'secret'] }
       end
 
       it 'accepts anything that responds to #call' do

data/spec/lib/oauth/client_credentials/creator_spec.rb

@@ -1,10 +1,14 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 class Doorkeeper::OAuth::ClientCredentialsRequest
   describe Creator do
     let(:client) { FactoryBot.create :application }
     let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public') }
 
+    before do
+      default_scopes_exist :public
+    end
+
     it 'creates a new token' do
       expect do
         subject.call(client, scopes)

data/spec/lib/oauth/client_credentials/issuer_spec.rb

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/all'
-require 'doorkeeper/oauth/client_credentials/issuer'
 
 class Doorkeeper::OAuth::ClientCredentialsRequest
   describe Issuer do
@@ -9,7 +7,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
       double(
         :server,
         access_token_expires_in: 100,
-        custom_access_token_expires_in: ->(_app) { nil }
+        custom_access_token_expires_in: ->(_context) { nil }
       )
     end
     let(:validation) { double :validation, valid?: true }
@@ -63,23 +61,44 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
       end
 
       context 'with custom expirations' do
-        let(:custom_ttl) { 1233 }
+        let(:custom_ttl_grant) { 1234 }
+        let(:custom_ttl_scope) { 1235 }
+        let(:custom_scope) { 'special' }
         let(:server) do
           double(
             :server,
-            custom_access_token_expires_in: ->(_app) { custom_ttl }
+            custom_access_token_expires_in: lambda { |context|
+              # scopes is normally an object but is a string in this test
+              if context.scopes == custom_scope
+                custom_ttl_scope
+              elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
+                custom_ttl_grant
+              else
+                nil
+              end
+            }
           )
         end
 
-        it 'creates with correct token parameters' do
+        it 'respects grant based rules' do
           expect(creator).to receive(:call).with(
             client,
             scopes,
-            expires_in: custom_ttl,
+            expires_in: custom_ttl_grant,
             use_refresh_token: false
           )
           subject.create client, scopes, creator
         end
+
+        it 'respects scope based rules' do
+          expect(creator).to receive(:call).with(
+            client,
+            custom_scope,
+            expires_in: custom_ttl_scope,
+            use_refresh_token: false
+          )
+          subject.create client, custom_scope, creator
+        end
       end
     end
   end

data/spec/lib/oauth/client_credentials/validation_spec.rb

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/all'
-require 'doorkeeper/oauth/client_credentials/validation'
 
 class Doorkeeper::OAuth::ClientCredentialsRequest
   describe Validation do
@@ -45,7 +43,8 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
           allow(application).to receive(:scopes).and_return(application_scopes)
           allow(server).to receive(:scopes).and_return(server_scopes)
           allow(request).to receive(:scopes).and_return(
-            Doorkeeper::OAuth::Scopes.from_string 'email')
+            Doorkeeper::OAuth::Scopes.from_string('email')
+          )
           expect(subject).not_to be_valid
         end
       end

data/spec/lib/oauth/client_credentials_integration_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 module Doorkeeper::OAuth
   describe ClientCredentialsRequest do

data/spec/lib/oauth/client_credentials_request_spec.rb

@@ -1,18 +1,16 @@
 require 'spec_helper'
-require 'active_support/all'
-require 'active_model'
-require 'doorkeeper/oauth/client_credentials_request'
 
 module Doorkeeper::OAuth
   describe ClientCredentialsRequest do
     let(:server) do
       double(
         default_scopes: nil,
-        custom_access_token_expires_in: ->(_app) { nil }
+        access_token_expires_in: 2.hours,
+        custom_access_token_expires_in: ->(_context) { nil }
       )
     end
 
-    let(:application)   { double :application, scopes: Scopes.from_string('') }
+    let(:application)   { FactoryBot.create(:application, scopes: '') }
     let(:client)        { double :client, application: application }
     let(:token_creator) { double :issuer, create: true, token: double }
 

data/spec/lib/oauth/client_spec.rb

@@ -1,7 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/module/delegation'
-require 'active_support/core_ext/string'
-require 'doorkeeper/oauth/client'
 
 module Doorkeeper::OAuth
   describe Client do

data/spec/lib/oauth/code_request_spec.rb

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 
 module Doorkeeper::OAuth
   describe CodeRequest do
@@ -10,7 +10,9 @@ module Doorkeeper::OAuth
         scopes: nil,
         state: nil,
         error: nil,
-        authorizable?: true
+        authorizable?: true,
+        code_challenge: nil,
+        code_challenge_method: nil,
       )
     end
 

data/spec/lib/oauth/error_response_spec.rb

@@ -1,7 +1,4 @@
 require 'spec_helper'
-require 'active_model'
-require 'doorkeeper/oauth/error'
-require 'doorkeeper/oauth/error_response'
 
 module Doorkeeper::OAuth
   describe ErrorResponse do

data/spec/lib/oauth/error_spec.rb

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/i18n'
-require 'doorkeeper/oauth/error'
 
 module Doorkeeper::OAuth
   describe Error do