RubyGems - doorkeeper - Versions diffs - 4.4.3 → 5.0.3 - Mend

doorkeeper 4.4.3 → 5.0.3

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (223) hide show

checksums.yaml +5 -5
data/.gitignore +1 -0
data/.gitlab-ci.yml +16 -0
data/.travis.yml +7 -0
data/Appraisals +2 -2
data/Dangerfile +64 -0
data/Gemfile +1 -1
data/NEWS.md +98 -8
data/README.md +110 -12
data/Rakefile +6 -0
data/UPGRADE.md +2 -0
data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
data/app/controllers/doorkeeper/application_controller.rb +6 -3
data/app/controllers/doorkeeper/application_metal_controller.rb +6 -0
data/app/controllers/doorkeeper/applications_controller.rb +46 -24
data/app/controllers/doorkeeper/authorizations_controller.rb +55 -12
data/app/controllers/doorkeeper/authorized_applications_controller.rb +21 -2
data/app/controllers/doorkeeper/token_info_controller.rb +2 -0
data/app/controllers/doorkeeper/tokens_controller.rb +4 -6
data/app/helpers/doorkeeper/dashboard_helper.rb +9 -7
data/app/validators/redirect_uri_validator.rb +5 -2
data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
data/app/views/doorkeeper/applications/_form.html.erb +25 -24
data/app/views/doorkeeper/applications/edit.html.erb +1 -1
data/app/views/doorkeeper/applications/index.html.erb +17 -7
data/app/views/doorkeeper/applications/new.html.erb +1 -1
data/app/views/doorkeeper/applications/show.html.erb +6 -6
data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +4 -0
data/app/views/layouts/doorkeeper/admin.html.erb +15 -15
data/config/locales/en.yml +10 -1
data/doorkeeper.gemspec +25 -26
data/gemfiles/rails_5_2.gemfile +1 -1
data/gemfiles/rails_master.gemfile +4 -1
data/lib/doorkeeper/config.rb +81 -40
data/lib/doorkeeper/engine.rb +6 -0
data/lib/doorkeeper/errors.rb +17 -3
data/lib/doorkeeper/grape/authorization_decorator.rb +2 -0
data/lib/doorkeeper/grape/helpers.rb +3 -1
data/lib/doorkeeper/helpers/controller.rb +9 -2
data/lib/doorkeeper/models/access_grant_mixin.rb +73 -0
data/lib/doorkeeper/models/access_token_mixin.rb +44 -25
data/lib/doorkeeper/models/application_mixin.rb +2 -0
data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
data/lib/doorkeeper/models/concerns/expirable.rb +2 -0
data/lib/doorkeeper/models/concerns/orderable.rb +2 -0
data/lib/doorkeeper/models/concerns/ownership.rb +2 -0
data/lib/doorkeeper/models/concerns/revocable.rb +2 -0
data/lib/doorkeeper/models/concerns/scopes.rb +3 -1
data/lib/doorkeeper/oauth/authorization/code.rb +33 -8
data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
data/lib/doorkeeper/oauth/authorization/token.rb +38 -14
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +2 -0
data/lib/doorkeeper/oauth/authorization_code_request.rb +29 -2
data/lib/doorkeeper/oauth/base_request.rb +22 -9
data/lib/doorkeeper/oauth/base_response.rb +2 -0
data/lib/doorkeeper/oauth/client/credentials.rb +3 -1
data/lib/doorkeeper/oauth/client.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/creator.rb +4 -1
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -2
data/lib/doorkeeper/oauth/client_credentials/validation.rb +5 -5
data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -3
data/lib/doorkeeper/oauth/code_request.rb +2 -0
data/lib/doorkeeper/oauth/code_response.rb +2 -0
data/lib/doorkeeper/oauth/error.rb +2 -0
data/lib/doorkeeper/oauth/error_response.rb +21 -3
data/lib/doorkeeper/oauth/forbidden_token_response.rb +9 -2
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -0
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +5 -2
data/lib/doorkeeper/oauth/invalid_token_response.rb +18 -0
data/lib/doorkeeper/oauth/password_access_token_request.rb +9 -4
data/lib/doorkeeper/oauth/pre_authorization.rb +43 -11
data/lib/doorkeeper/oauth/refresh_token_request.rb +16 -3
data/lib/doorkeeper/oauth/scopes.rb +3 -1
data/lib/doorkeeper/oauth/token.rb +7 -2
data/lib/doorkeeper/oauth/token_introspection.rb +4 -2
data/lib/doorkeeper/oauth/token_request.rb +2 -0
data/lib/doorkeeper/oauth/token_response.rb +6 -2
data/lib/doorkeeper/oauth.rb +13 -0
data/lib/doorkeeper/orm/active_record/application.rb +75 -12
data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +26 -0
data/lib/doorkeeper/orm/active_record.rb +4 -0
data/lib/doorkeeper/rails/helpers.rb +6 -4
data/lib/doorkeeper/rails/routes/mapper.rb +2 -0
data/lib/doorkeeper/rails/routes/mapping.rb +2 -0
data/lib/doorkeeper/rails/routes.rb +23 -8
data/lib/doorkeeper/rake/db.rake +40 -0
data/lib/doorkeeper/rake/setup.rake +6 -0
data/lib/doorkeeper/rake.rb +14 -0
data/lib/doorkeeper/request/authorization_code.rb +1 -1
data/lib/doorkeeper/request/client_credentials.rb +1 -1
data/lib/doorkeeper/request/code.rb +1 -1
data/lib/doorkeeper/request/password.rb +1 -1
data/lib/doorkeeper/request/refresh_token.rb +1 -1
data/lib/doorkeeper/request/strategy.rb +2 -0
data/lib/doorkeeper/request/token.rb +1 -1
data/lib/doorkeeper/request.rb +29 -34
data/lib/doorkeeper/server.rb +2 -0
data/lib/doorkeeper/stale_records_cleaner.rb +20 -0
data/lib/doorkeeper/validations.rb +2 -0
data/lib/doorkeeper/version.rb +6 -24
data/lib/doorkeeper.rb +20 -17
data/lib/generators/doorkeeper/application_owner_generator.rb +23 -18
data/lib/generators/doorkeeper/confidential_applications_generator.rb +32 -0
data/lib/generators/doorkeeper/install_generator.rb +17 -9
data/lib/generators/doorkeeper/migration_generator.rb +23 -18
data/lib/generators/doorkeeper/pkce_generator.rb +32 -0
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +29 -24
data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +6 -0
data/lib/generators/doorkeeper/templates/initializer.rb +96 -13
data/lib/generators/doorkeeper/templates/migration.rb.erb +2 -3
data/lib/generators/doorkeeper/views_generator.rb +3 -1
data/spec/controllers/application_metal_controller_spec.rb +50 -0
data/spec/controllers/applications_controller_spec.rb +123 -14
data/spec/controllers/authorizations_controller_spec.rb +334 -51
data/spec/controllers/protected_resources_controller_spec.rb +60 -18
data/spec/controllers/token_info_controller_spec.rb +4 -12
data/spec/controllers/tokens_controller_spec.rb +17 -20
data/spec/dummy/Rakefile +1 -1
data/spec/dummy/app/assets/config/manifest.js +2 -0
data/spec/dummy/app/controllers/custom_authorizations_controller.rb +1 -1
data/spec/dummy/app/controllers/home_controller.rb +1 -2
data/spec/dummy/config/application.rb +1 -1
data/spec/dummy/config/boot.rb +2 -4
data/spec/dummy/config/environment.rb +1 -1
data/spec/dummy/config/environments/test.rb +5 -6
data/spec/dummy/config/initializers/doorkeeper.rb +12 -6
data/spec/dummy/config/initializers/new_framework_defaults.rb +2 -0
data/spec/dummy/config/initializers/secret_token.rb +1 -1
data/spec/dummy/config/routes.rb +3 -42
data/spec/dummy/config.ru +1 -1
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +4 -4
data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +1 -1
data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +6 -0
data/spec/dummy/db/migrate/{20180210183654_add_confidential_to_application.rb → 20180210183654_add_confidential_to_applications.rb} +1 -1
data/spec/dummy/db/schema.rb +36 -36
data/spec/dummy/script/rails +4 -3
data/spec/factories.rb +6 -6
data/spec/generators/application_owner_generator_spec.rb +1 -1
data/spec/generators/confidential_applications_generator_spec.rb +45 -0
data/spec/generators/install_generator_spec.rb +5 -2
data/spec/generators/migration_generator_spec.rb +1 -1
data/spec/generators/pkce_generator_spec.rb +43 -0
data/spec/generators/previous_refresh_token_generator_spec.rb +1 -1
data/spec/generators/templates/routes.rb +0 -1
data/spec/generators/views_generator_spec.rb +2 -2
data/spec/grape/grape_integration_spec.rb +2 -2
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +105 -39
data/spec/lib/doorkeeper_spec.rb +6 -131
data/spec/lib/models/expirable_spec.rb +0 -3
data/spec/lib/models/revocable_spec.rb +0 -2
data/spec/lib/models/scopes_spec.rb +0 -4
data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -4
data/spec/lib/oauth/authorization_code_request_spec.rb +17 -7
data/spec/lib/oauth/base_request_spec.rb +49 -11
data/spec/lib/oauth/base_response_spec.rb +1 -1
data/spec/lib/oauth/client/credentials_spec.rb +2 -4
data/spec/lib/oauth/client_credentials/creator_spec.rb +5 -1
data/spec/lib/oauth/client_credentials/issuer_spec.rb +24 -7
data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
data/spec/lib/oauth/client_credentials_integration_spec.rb +2 -2
data/spec/lib/oauth/client_credentials_request_spec.rb +3 -5
data/spec/lib/oauth/client_spec.rb +0 -3
data/spec/lib/oauth/code_request_spec.rb +5 -3
data/spec/lib/oauth/code_response_spec.rb +1 -1
data/spec/lib/oauth/error_response_spec.rb +0 -3
data/spec/lib/oauth/error_spec.rb +0 -2
data/spec/lib/oauth/forbidden_token_response_spec.rb +1 -4
data/spec/lib/oauth/helpers/scope_checker_spec.rb +8 -11
data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -1
data/spec/lib/oauth/helpers/uri_checker_spec.rb +22 -13
data/spec/lib/oauth/invalid_token_response_spec.rb +1 -4
data/spec/lib/oauth/password_access_token_request_spec.rb +53 -6
data/spec/lib/oauth/pre_authorization_spec.rb +33 -4
data/spec/lib/oauth/refresh_token_request_spec.rb +22 -14
data/spec/lib/oauth/scopes_spec.rb +0 -3
data/spec/lib/oauth/token_request_spec.rb +8 -9
data/spec/lib/oauth/token_response_spec.rb +0 -1
data/spec/lib/oauth/token_spec.rb +40 -14
data/spec/lib/request/strategy_spec.rb +0 -1
data/spec/lib/server_spec.rb +7 -7
data/spec/lib/stale_records_cleaner_spec.rb +89 -0
data/spec/models/doorkeeper/access_grant_spec.rb +44 -1
data/spec/models/doorkeeper/access_token_spec.rb +80 -32
data/spec/models/doorkeeper/application_spec.rb +293 -221
data/spec/requests/applications/applications_request_spec.rb +134 -1
data/spec/requests/applications/authorized_applications_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +3 -3
data/spec/requests/endpoints/token_spec.rb +7 -5
data/spec/requests/flows/authorization_code_errors_spec.rb +2 -2
data/spec/requests/flows/authorization_code_spec.rb +258 -2
data/spec/requests/flows/client_credentials_spec.rb +46 -6
data/spec/requests/flows/implicit_grant_errors_spec.rb +3 -3
data/spec/requests/flows/implicit_grant_spec.rb +38 -11
data/spec/requests/flows/password_spec.rb +61 -3
data/spec/requests/flows/refresh_token_spec.rb +59 -2
data/spec/requests/flows/revoke_token_spec.rb +20 -20
data/spec/requests/flows/skip_authorization_spec.rb +16 -11
data/spec/requests/protected_resources/metal_spec.rb +1 -1
data/spec/requests/protected_resources/private_api_spec.rb +3 -3
data/spec/routing/custom_controller_routes_spec.rb +59 -7
data/spec/routing/default_routes_spec.rb +2 -2
data/spec/routing/scoped_routes_spec.rb +16 -2
data/spec/spec_helper.rb +54 -3
data/spec/spec_helper_integration.rb +2 -74
data/spec/support/dependencies/{factory_girl.rb → factory_bot.rb} +0 -0
data/spec/support/doorkeeper_rspec.rb +20 -0
data/spec/support/helpers/authorization_request_helper.rb +4 -4
data/spec/support/helpers/model_helper.rb +8 -4
data/spec/support/helpers/request_spec_helper.rb +10 -2
data/spec/support/helpers/url_helper.rb +18 -14
data/spec/support/http_method_shim.rb +12 -16
data/spec/support/shared/controllers_shared_context.rb +56 -0
data/spec/validators/redirect_uri_validator_spec.rb +9 -3
data/spec/version/version_spec.rb +3 -3
data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
metadata +54 -35
data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +0 -31
data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +0 -11
data/spec/controllers/application_metal_controller.rb +0 -10

data/spec/lib/oauth/base_request_spec.rb CHANGED Viewed

@@ -1,16 +1,16 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper::OAuth
   describe BaseRequest do
     let(:access_token) do
       double :access_token,
-        token:              "some-token",
-        expires_in:         "3600",
-        expires_in_seconds: "300",
-        scopes_string:      "two scopes",
-        refresh_token:      "some-refresh-token",
-        token_type:         "bearer",
-        created_at:         0
+             token:              "some-token",
+             expires_in:         "3600",
+             expires_in_seconds: "300",
+             scopes_string:      "two scopes",
+             refresh_token:      "some-refresh-token",
+             token_type:         "bearer",
+             created_at:         0
     end
     let(:client) { double :client, id: '1' }
@@ -19,9 +19,9 @@ module Doorkeeper::OAuth
     let(:server) do
       double :server,
-        access_token_expires_in: 100,
-        custom_access_token_expires_in: ->(_) { nil },
-        refresh_token_enabled?: false
+             access_token_expires_in: 100,
+             custom_access_token_expires_in: ->(_context) { nil },
+             refresh_token_enabled?: false
     end
     subject do
@@ -105,6 +105,44 @@ module Doorkeeper::OAuth
         expect(result).to be_an_instance_of(Doorkeeper::AccessToken)
       end
+      it "respects custom_access_token_expires_in" do
+        server = double(:server,
+                        access_token_expires_in: 100,
+                        custom_access_token_expires_in: ->(context) { context.scopes == "public" ? 500 : nil },
+                        refresh_token_enabled?: false)
+        result = subject.find_or_create_access_token(
+          client,
+          "1",
+          "public",
+          server
+        )
+        expect(result.expires_in).to eql(500)
+      end
+      it "respects use_refresh_token with a block" do
+        server = double(:server,
+                        access_token_expires_in: 100,
+                        custom_access_token_expires_in: ->(_context) { nil },
+                        refresh_token_enabled?: lambda { |context|
+                          context.scopes == "public"
+                        })
+        result = subject.find_or_create_access_token(
+          client,
+          "1",
+          "public",
+          server
+        )
+        expect(result.refresh_token).to_not be_nil
+        result = subject.find_or_create_access_token(
+          client,
+          "1",
+          "private",
+          server
+        )
+        expect(result.refresh_token).to be_nil
+      end
     end
     describe "#scopes" do

data/spec/lib/oauth/base_response_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper::OAuth
   describe BaseResponse do

data/spec/lib/oauth/client/credentials_spec.rb CHANGED Viewed

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/string'
-require 'doorkeeper/oauth/client'
 class Doorkeeper::OAuth::Client
   describe Credentials do
@@ -18,7 +16,7 @@ class Doorkeeper::OAuth::Client
       let(:request) { double.as_null_object }
       let(:method) do
-        ->(_request) { return 'uid', 'secret' }
+        ->(_request) { %w[uid secret] }
       end
       it 'accepts anything that responds to #call' do
@@ -79,7 +77,7 @@ class Doorkeeper::OAuth::Client
       end
       it 'is blank if Authorization is not Basic' do
-        request     = double authorization: "#{credentials}"
+        request     = double authorization: credentials.to_s
         uid, secret = Credentials.from_basic(request)
         expect(uid).to    be_blank

data/spec/lib/oauth/client_credentials/creator_spec.rb CHANGED Viewed

@@ -1,10 +1,14 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 class Doorkeeper::OAuth::ClientCredentialsRequest
   describe Creator do
     let(:client) { FactoryBot.create :application }
     let(:scopes) { Doorkeeper::OAuth::Scopes.from_string('public') }
+    before do
+      default_scopes_exist :public
+    end
     it 'creates a new token' do
       expect do
         subject.call(client, scopes)

data/spec/lib/oauth/client_credentials/issuer_spec.rb CHANGED Viewed

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/all'
-require 'doorkeeper/oauth/client_credentials/issuer'
 class Doorkeeper::OAuth::ClientCredentialsRequest
   describe Issuer do
@@ -9,7 +7,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
       double(
         :server,
         access_token_expires_in: 100,
-        custom_access_token_expires_in: ->(_app) { nil }
+        custom_access_token_expires_in: ->(_context) { nil }
       )
     end
     let(:validation) { double :validation, valid?: true }
@@ -63,23 +61,42 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
       end
       context 'with custom expirations' do
-        let(:custom_ttl) { 1233 }
+        let(:custom_ttl_grant) { 1234 }
+        let(:custom_ttl_scope) { 1235 }
+        let(:custom_scope) { 'special' }
         let(:server) do
           double(
             :server,
-            custom_access_token_expires_in: ->(_app) { custom_ttl }
+            custom_access_token_expires_in: lambda { |context|
+              # scopes is normally an object but is a string in this test
+              if context.scopes == custom_scope
+                custom_ttl_scope
+              elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
+                custom_ttl_grant
+              end
+            }
           )
         end
-        it 'creates with correct token parameters' do
+        it 'respects grant based rules' do
           expect(creator).to receive(:call).with(
             client,
             scopes,
-            expires_in: custom_ttl,
+            expires_in: custom_ttl_grant,
             use_refresh_token: false
           )
           subject.create client, scopes, creator
         end
+        it 'respects scope based rules' do
+          expect(creator).to receive(:call).with(
+            client,
+            custom_scope,
+            expires_in: custom_ttl_scope,
+            use_refresh_token: false
+          )
+          subject.create client, custom_scope, creator
+        end
       end
     end
   end

data/spec/lib/oauth/client_credentials/validation_spec.rb CHANGED Viewed

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/all'
-require 'doorkeeper/oauth/client_credentials/validation'
 class Doorkeeper::OAuth::ClientCredentialsRequest
   describe Validation do
@@ -25,7 +23,8 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
         server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email'
         allow(server).to receive(:scopes).and_return(server_scopes)
         allow(request).to receive(:scopes).and_return(
-          Doorkeeper::OAuth::Scopes.from_string 'invalid')
+          Doorkeeper::OAuth::Scopes.from_string('invalid')
+        )
         expect(subject).not_to be_valid
       end
@@ -45,7 +44,8 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
           allow(application).to receive(:scopes).and_return(application_scopes)
           allow(server).to receive(:scopes).and_return(server_scopes)
           allow(request).to receive(:scopes).and_return(
-            Doorkeeper::OAuth::Scopes.from_string 'email')
+            Doorkeeper::OAuth::Scopes.from_string('email')
+          )
           expect(subject).not_to be_valid
         end
       end

data/spec/lib/oauth/client_credentials_integration_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper::OAuth
   describe ClientCredentialsRequest do
@@ -20,7 +20,7 @@ module Doorkeeper::OAuth
         request = ClientCredentialsRequest.new(server, nil, {})
         expect do
           request.authorize
-        end.to_not change { Doorkeeper::AccessToken.count }
+        end.to_not(change { Doorkeeper::AccessToken.count })
       end
     end
   end

data/spec/lib/oauth/client_credentials_request_spec.rb CHANGED Viewed

@@ -1,18 +1,16 @@
 require 'spec_helper'
-require 'active_support/all'
-require 'active_model'
-require 'doorkeeper/oauth/client_credentials_request'
 module Doorkeeper::OAuth
   describe ClientCredentialsRequest do
     let(:server) do
       double(
         default_scopes: nil,
-        custom_access_token_expires_in: ->(_app) { nil }
+        access_token_expires_in: 2.hours,
+        custom_access_token_expires_in: ->(_context) { nil }
       )
     end
-    let(:application)   { double :application, scopes: Scopes.from_string('') }
+    let(:application)   { FactoryBot.create(:application, scopes: '') }
     let(:client)        { double :client, application: application }
     let(:token_creator) { double :issuer, create: true, token: double }

data/spec/lib/oauth/client_spec.rb CHANGED Viewed

@@ -1,7 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/module/delegation'
-require 'active_support/core_ext/string'
-require 'doorkeeper/oauth/client'
 module Doorkeeper::OAuth
   describe Client do

data/spec/lib/oauth/code_request_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper::OAuth
   describe CodeRequest do
@@ -10,7 +10,9 @@ module Doorkeeper::OAuth
         scopes: nil,
         state: nil,
         error: nil,
-        authorizable?: true
+        authorizable?: true,
+        code_challenge: nil,
+        code_challenge_method: nil
       )
     end
@@ -32,7 +34,7 @@ module Doorkeeper::OAuth
     it 'does not create grant when not authorizable' do
       allow(pre_auth).to receive(:authorizable?).and_return(false)
-      expect { subject.authorize }.not_to change { Doorkeeper::AccessGrant.count }
+      expect { subject.authorize }.not_to(change { Doorkeeper::AccessGrant.count })
     end
     it 'returns a error response' do

data/spec/lib/oauth/code_response_spec.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Doorkeeper
               client: double(:application, id: 1),
               redirect_uri: 'http://tst.com/cb',
               state: nil,
-              scopes: Scopes.from_string('public'),
+              scopes: Scopes.from_string('public')
             )
           end

data/spec/lib/oauth/error_response_spec.rb CHANGED Viewed

@@ -1,7 +1,4 @@
 require 'spec_helper'
-require 'active_model'
-require 'doorkeeper/oauth/error'
-require 'doorkeeper/oauth/error_response'
 module Doorkeeper::OAuth
   describe ErrorResponse do

data/spec/lib/oauth/error_spec.rb CHANGED Viewed

@@ -1,6 +1,4 @@
 require 'spec_helper'
-require 'active_support/i18n'
-require 'doorkeeper/oauth/error'
 module Doorkeeper::OAuth
   describe Error do

data/spec/lib/oauth/forbidden_token_response_spec.rb CHANGED Viewed

@@ -1,12 +1,9 @@
 require 'spec_helper'
-require 'active_model'
-require 'doorkeeper'
-require 'doorkeeper/oauth/forbidden_token_response'
 module Doorkeeper::OAuth
   describe ForbiddenTokenResponse do
     describe '#name' do
-      it  { expect(subject.name).to eq(:invalid_scope) }
+      it { expect(subject.name).to eq(:invalid_scope) }
     end
     describe '#status' do

data/spec/lib/oauth/helpers/scope_checker_spec.rb CHANGED Viewed

@@ -1,7 +1,4 @@
 require 'spec_helper'
-require 'active_support/core_ext/string'
-require 'doorkeeper/oauth/helpers/scope_checker'
-require 'doorkeeper/oauth/scopes'
 module Doorkeeper::OAuth::Helpers
   describe ScopeChecker, '.valid?' do
@@ -46,18 +43,18 @@ module Doorkeeper::OAuth::Helpers
       it 'is valid if scope is included in the application scope list' do
         expect(ScopeChecker.valid?(
-          'app123',
-          server_scopes,
-          application_scopes
-        )).to be_truthy
+                 'app123',
+                 server_scopes,
+                 application_scopes
+               )).to be_truthy
       end
       it 'is invalid if any scope is not included in the application' do
         expect(ScopeChecker.valid?(
-          'svr',
-          server_scopes,
-          application_scopes
-        )).to be_falsey
+                 'svr',
+                 server_scopes,
+                 application_scopes
+               )).to be_falsey
       end
     end
   end

data/spec/lib/oauth/helpers/unique_token_spec.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'doorkeeper/oauth/helpers/unique_token'
 module Doorkeeper::OAuth::Helpers
   describe UniqueToken do

data/spec/lib/oauth/helpers/uri_checker_spec.rb CHANGED Viewed

@@ -1,15 +1,8 @@
 require 'spec_helper'
-require 'uri'
-require 'doorkeeper/oauth/helpers/uri_checker'
 module Doorkeeper::OAuth::Helpers
   describe URIChecker do
     describe '.valid?' do
-      it 'is valid for native uris' do
-        uri = 'urn:ietf:wg:oauth:2.0:oob'
-        expect(URIChecker.valid?(uri)).to be_truthy
-      end
       it 'is valid for valid uris' do
         uri = 'http://app.co'
         expect(URIChecker.valid?(uri)).to be_truthy
@@ -49,6 +42,11 @@ module Doorkeeper::OAuth::Helpers
         uri = '   '
         expect(URIChecker.valid?(uri)).to be_falsey
       end
+      it 'is valid for native uris' do
+        uri = 'urn:ietf:wg:oauth:2.0:oob'
+        expect(URIChecker.valid?(uri)).to be_truthy
+      end
     end
     describe '.matches?' do
@@ -118,6 +116,22 @@ module Doorkeeper::OAuth::Helpers
       it 'is true if valid and matches' do
         uri = client_uri = 'http://app.co/aaa'
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
+        uri = client_uri = 'http://app.co/aaa?b=c'
+        expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
+      end
+      it 'is true if uri includes blank query' do
+        uri = client_uri = 'http://app.co/aaa?'
+        expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
+        uri = 'http://app.co/aaa?'
+        client_uri = 'http://app.co/aaa'
+        expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
+        uri = 'http://app.co/aaa'
+        client_uri = 'http://app.co/aaa?'
+        expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
       end
       it 'is false if valid and mismatches' do
@@ -138,12 +152,7 @@ module Doorkeeper::OAuth::Helpers
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
       end
-      it 'is true if valid and matches' do
-        uri = client_uri = 'http://app.co/aaa'
-        expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be true
-      end
-      it 'is false if invalid' do
+      it 'is false if queries does not match' do
         uri = 'http://app.co/aaa?pankcakes=abc'
         client_uri = 'http://app.co/aaa?waffles=abc'
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false

data/spec/lib/oauth/invalid_token_response_spec.rb CHANGED Viewed

@@ -1,12 +1,9 @@
 require 'spec_helper'
-require 'active_model'
-require 'doorkeeper'
-require 'doorkeeper/oauth/invalid_token_response'
 module Doorkeeper::OAuth
   describe InvalidTokenResponse do
     describe "#name" do
-      it  { expect(subject.name).to eq(:invalid_token) }
+      it { expect(subject.name).to eq(:invalid_token) }
     end
     describe "#status" do

data/spec/lib/oauth/password_access_token_request_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper::OAuth
   describe PasswordAccessTokenRequest do
@@ -8,7 +8,9 @@ module Doorkeeper::OAuth
         default_scopes: Doorkeeper::OAuth::Scopes.new,
         access_token_expires_in: 2.hours,
         refresh_token_enabled?: false,
-        custom_access_token_expires_in: ->(_app) { nil }
+        custom_access_token_expires_in: lambda { |context|
+          context.grant_type == Doorkeeper::OAuth::PASSWORD ? 1234 : nil
+        }
       )
     end
     let(:client) { FactoryBot.create(:application) }
@@ -22,6 +24,8 @@ module Doorkeeper::OAuth
       expect do
         subject.authorize
       end.to change { client.reload.access_tokens.count }.by(1)
+      expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
     end
     it 'issues a new token without a client' do
@@ -36,7 +40,7 @@ module Doorkeeper::OAuth
         subject.client = nil
         subject.parameters = { client_id: 'bad_id' }
         subject.authorize
-      end.to_not change { Doorkeeper::AccessToken.count }
+      end.not_to(change { Doorkeeper::AccessToken.count })
       expect(subject.error).to eq(:invalid_client)
     end
@@ -54,6 +58,7 @@ module Doorkeeper::OAuth
     it 'creates token even when there is already one (default)' do
       FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
       expect do
         subject.authorize
       end.to change { Doorkeeper::AccessToken.count }.by(1)
@@ -62,14 +67,19 @@ module Doorkeeper::OAuth
     it 'skips token creation if there is already one' do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
       FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
       expect do
         subject.authorize
-      end.to_not change { Doorkeeper::AccessToken.count }
+      end.not_to(change { Doorkeeper::AccessToken.count })
     end
     it "calls configured request callback methods" do
-      expect(Doorkeeper.configuration.before_successful_strategy_response).to receive(:call).with(subject).once
-      expect(Doorkeeper.configuration.after_successful_strategy_response).to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
+      expect(Doorkeeper.configuration.before_successful_strategy_response)
+        .to receive(:call).with(subject).once
+      expect(Doorkeeper.configuration.after_successful_strategy_response)
+        .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
       subject.authorize
     end
@@ -89,8 +99,45 @@ module Doorkeeper::OAuth
         expect do
           subject.authorize
         end.to change { Doorkeeper::AccessToken.count }.by(1)
         expect(Doorkeeper::AccessToken.last.scopes).to include('public')
       end
     end
+    describe 'with custom expiry' do
+      let(:server) do
+        double(
+          :server,
+          default_scopes: Doorkeeper::OAuth::Scopes.new,
+          access_token_expires_in: 2.hours,
+          refresh_token_enabled?: false,
+          custom_access_token_expires_in: lambda { |context|
+            context.scopes.exists?('public') ? 222 : nil
+          }
+        )
+      end
+      it 'checks scopes' do
+        subject = PasswordAccessTokenRequest.new(server, client, owner, scope: 'public')
+        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public'))
+        expect do
+          subject.authorize
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+        expect(Doorkeeper::AccessToken.last.expires_in).to eq(222)
+      end
+      it 'falls back to the default otherwise' do
+        subject = PasswordAccessTokenRequest.new(server, client, owner, scope: 'private')
+        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('private'))
+        expect do
+          subject.authorize
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+        expect(Doorkeeper::AccessToken.last.expires_in).to eq(2.hours)
+      end
+    end
   end
 end

data/spec/lib/oauth/pre_authorization_spec.rb CHANGED Viewed

@@ -1,13 +1,13 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module Doorkeeper::OAuth
   describe PreAuthorization do
-    let(:server) {
+    let(:server) do
       server = Doorkeeper.configuration
       allow(server).to receive(:default_scopes).and_return(Scopes.new)
       allow(server).to receive(:scopes).and_return(Scopes.from_string('public profile'))
       server
-    }
+    end
     let(:application) do
       application = double :application
@@ -133,11 +133,16 @@ module Doorkeeper::OAuth
       end
       it 'invalidates redirect_uri when it does\'n match with the client' do
-        subject.redirect_uri = native_redirect_uri
+        subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
         expect(subject).not_to be_authorizable
       end
     end
+    it 'matches the redirect uri against client\'s one' do
+      subject.redirect_uri = 'http://nothesame.com'
+      expect(subject).not_to be_authorizable
+    end
     it 'stores the state' do
       expect(subject.state).to eq('save-this')
     end
@@ -156,5 +161,29 @@ module Doorkeeper::OAuth
       subject.redirect_uri = nil
       expect(subject).not_to be_authorizable
     end
+    describe "as_json" do
+      let(:client_id) { "client_uid_123" }
+      let(:client_name) { "Acme Co." }
+      before do
+        allow(client).to receive(:uid).and_return client_id
+        allow(client).to receive(:name).and_return client_name
+      end
+      let(:json) { subject.as_json({}) }
+      it { is_expected.to respond_to :as_json }
+      it "returns correct values" do
+        expect(json[:client_id]).to eq client_id
+        expect(json[:redirect_uri]).to eq subject.redirect_uri
+        expect(json[:state]).to eq subject.state
+        expect(json[:response_type]).to eq subject.response_type
+        expect(json[:scope]).to eq subject.scope
+        expect(json[:client_name]).to eq client_name
+        expect(json[:status]).to eq I18n.t('doorkeeper.pre_authorization.status')
+      end
+    end
   end
 end