RubyGems - doorkeeper - Versions diffs - 4.4.3 → 5.0.3 - Mend

doorkeeper 4.4.3 → 5.0.3

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (223) hide show

checksums.yaml +5 -5
data/.gitignore +1 -0
data/.gitlab-ci.yml +16 -0
data/.travis.yml +7 -0
data/Appraisals +2 -2
data/Dangerfile +64 -0
data/Gemfile +1 -1
data/NEWS.md +98 -8
data/README.md +110 -12
data/Rakefile +6 -0
data/UPGRADE.md +2 -0
data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
data/app/controllers/doorkeeper/application_controller.rb +6 -3
data/app/controllers/doorkeeper/application_metal_controller.rb +6 -0
data/app/controllers/doorkeeper/applications_controller.rb +46 -24
data/app/controllers/doorkeeper/authorizations_controller.rb +55 -12
data/app/controllers/doorkeeper/authorized_applications_controller.rb +21 -2
data/app/controllers/doorkeeper/token_info_controller.rb +2 -0
data/app/controllers/doorkeeper/tokens_controller.rb +4 -6
data/app/helpers/doorkeeper/dashboard_helper.rb +9 -7
data/app/validators/redirect_uri_validator.rb +5 -2
data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
data/app/views/doorkeeper/applications/_form.html.erb +25 -24
data/app/views/doorkeeper/applications/edit.html.erb +1 -1
data/app/views/doorkeeper/applications/index.html.erb +17 -7
data/app/views/doorkeeper/applications/new.html.erb +1 -1
data/app/views/doorkeeper/applications/show.html.erb +6 -6
data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +4 -0
data/app/views/layouts/doorkeeper/admin.html.erb +15 -15
data/config/locales/en.yml +10 -1
data/doorkeeper.gemspec +25 -26
data/gemfiles/rails_5_2.gemfile +1 -1
data/gemfiles/rails_master.gemfile +4 -1
data/lib/doorkeeper/config.rb +81 -40
data/lib/doorkeeper/engine.rb +6 -0
data/lib/doorkeeper/errors.rb +17 -3
data/lib/doorkeeper/grape/authorization_decorator.rb +2 -0
data/lib/doorkeeper/grape/helpers.rb +3 -1
data/lib/doorkeeper/helpers/controller.rb +9 -2
data/lib/doorkeeper/models/access_grant_mixin.rb +73 -0
data/lib/doorkeeper/models/access_token_mixin.rb +44 -25
data/lib/doorkeeper/models/application_mixin.rb +2 -0
data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
data/lib/doorkeeper/models/concerns/expirable.rb +2 -0
data/lib/doorkeeper/models/concerns/orderable.rb +2 -0
data/lib/doorkeeper/models/concerns/ownership.rb +2 -0
data/lib/doorkeeper/models/concerns/revocable.rb +2 -0
data/lib/doorkeeper/models/concerns/scopes.rb +3 -1
data/lib/doorkeeper/oauth/authorization/code.rb +33 -8
data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
data/lib/doorkeeper/oauth/authorization/token.rb +38 -14
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +2 -0
data/lib/doorkeeper/oauth/authorization_code_request.rb +29 -2
data/lib/doorkeeper/oauth/base_request.rb +22 -9
data/lib/doorkeeper/oauth/base_response.rb +2 -0
data/lib/doorkeeper/oauth/client/credentials.rb +3 -1
data/lib/doorkeeper/oauth/client.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/creator.rb +4 -1
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -2
data/lib/doorkeeper/oauth/client_credentials/validation.rb +5 -5
data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -3
data/lib/doorkeeper/oauth/code_request.rb +2 -0
data/lib/doorkeeper/oauth/code_response.rb +2 -0
data/lib/doorkeeper/oauth/error.rb +2 -0
data/lib/doorkeeper/oauth/error_response.rb +21 -3
data/lib/doorkeeper/oauth/forbidden_token_response.rb +9 -2
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -0
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +5 -2
data/lib/doorkeeper/oauth/invalid_token_response.rb +18 -0
data/lib/doorkeeper/oauth/password_access_token_request.rb +9 -4
data/lib/doorkeeper/oauth/pre_authorization.rb +43 -11
data/lib/doorkeeper/oauth/refresh_token_request.rb +16 -3
data/lib/doorkeeper/oauth/scopes.rb +3 -1
data/lib/doorkeeper/oauth/token.rb +7 -2
data/lib/doorkeeper/oauth/token_introspection.rb +4 -2
data/lib/doorkeeper/oauth/token_request.rb +2 -0
data/lib/doorkeeper/oauth/token_response.rb +6 -2
data/lib/doorkeeper/oauth.rb +13 -0
data/lib/doorkeeper/orm/active_record/application.rb +75 -12
data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +26 -0
data/lib/doorkeeper/orm/active_record.rb +4 -0
data/lib/doorkeeper/rails/helpers.rb +6 -4
data/lib/doorkeeper/rails/routes/mapper.rb +2 -0
data/lib/doorkeeper/rails/routes/mapping.rb +2 -0
data/lib/doorkeeper/rails/routes.rb +23 -8
data/lib/doorkeeper/rake/db.rake +40 -0
data/lib/doorkeeper/rake/setup.rake +6 -0
data/lib/doorkeeper/rake.rb +14 -0
data/lib/doorkeeper/request/authorization_code.rb +1 -1
data/lib/doorkeeper/request/client_credentials.rb +1 -1
data/lib/doorkeeper/request/code.rb +1 -1
data/lib/doorkeeper/request/password.rb +1 -1
data/lib/doorkeeper/request/refresh_token.rb +1 -1
data/lib/doorkeeper/request/strategy.rb +2 -0
data/lib/doorkeeper/request/token.rb +1 -1
data/lib/doorkeeper/request.rb +29 -34
data/lib/doorkeeper/server.rb +2 -0
data/lib/doorkeeper/stale_records_cleaner.rb +20 -0
data/lib/doorkeeper/validations.rb +2 -0
data/lib/doorkeeper/version.rb +6 -24
data/lib/doorkeeper.rb +20 -17
data/lib/generators/doorkeeper/application_owner_generator.rb +23 -18
data/lib/generators/doorkeeper/confidential_applications_generator.rb +32 -0
data/lib/generators/doorkeeper/install_generator.rb +17 -9
data/lib/generators/doorkeeper/migration_generator.rb +23 -18
data/lib/generators/doorkeeper/pkce_generator.rb +32 -0
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +29 -24
data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +6 -0
data/lib/generators/doorkeeper/templates/initializer.rb +96 -13
data/lib/generators/doorkeeper/templates/migration.rb.erb +2 -3
data/lib/generators/doorkeeper/views_generator.rb +3 -1
data/spec/controllers/application_metal_controller_spec.rb +50 -0
data/spec/controllers/applications_controller_spec.rb +123 -14
data/spec/controllers/authorizations_controller_spec.rb +334 -51
data/spec/controllers/protected_resources_controller_spec.rb +60 -18
data/spec/controllers/token_info_controller_spec.rb +4 -12
data/spec/controllers/tokens_controller_spec.rb +17 -20
data/spec/dummy/Rakefile +1 -1
data/spec/dummy/app/assets/config/manifest.js +2 -0
data/spec/dummy/app/controllers/custom_authorizations_controller.rb +1 -1
data/spec/dummy/app/controllers/home_controller.rb +1 -2
data/spec/dummy/config/application.rb +1 -1
data/spec/dummy/config/boot.rb +2 -4
data/spec/dummy/config/environment.rb +1 -1
data/spec/dummy/config/environments/test.rb +5 -6
data/spec/dummy/config/initializers/doorkeeper.rb +12 -6
data/spec/dummy/config/initializers/new_framework_defaults.rb +2 -0
data/spec/dummy/config/initializers/secret_token.rb +1 -1
data/spec/dummy/config/routes.rb +3 -42
data/spec/dummy/config.ru +1 -1
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +4 -4
data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +1 -1
data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +6 -0
data/spec/dummy/db/migrate/{20180210183654_add_confidential_to_application.rb → 20180210183654_add_confidential_to_applications.rb} +1 -1
data/spec/dummy/db/schema.rb +36 -36
data/spec/dummy/script/rails +4 -3
data/spec/factories.rb +6 -6
data/spec/generators/application_owner_generator_spec.rb +1 -1
data/spec/generators/confidential_applications_generator_spec.rb +45 -0
data/spec/generators/install_generator_spec.rb +5 -2
data/spec/generators/migration_generator_spec.rb +1 -1
data/spec/generators/pkce_generator_spec.rb +43 -0
data/spec/generators/previous_refresh_token_generator_spec.rb +1 -1
data/spec/generators/templates/routes.rb +0 -1
data/spec/generators/views_generator_spec.rb +2 -2
data/spec/grape/grape_integration_spec.rb +2 -2
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +105 -39
data/spec/lib/doorkeeper_spec.rb +6 -131
data/spec/lib/models/expirable_spec.rb +0 -3
data/spec/lib/models/revocable_spec.rb +0 -2
data/spec/lib/models/scopes_spec.rb +0 -4
data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -4
data/spec/lib/oauth/authorization_code_request_spec.rb +17 -7
data/spec/lib/oauth/base_request_spec.rb +49 -11
data/spec/lib/oauth/base_response_spec.rb +1 -1
data/spec/lib/oauth/client/credentials_spec.rb +2 -4
data/spec/lib/oauth/client_credentials/creator_spec.rb +5 -1
data/spec/lib/oauth/client_credentials/issuer_spec.rb +24 -7
data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
data/spec/lib/oauth/client_credentials_integration_spec.rb +2 -2
data/spec/lib/oauth/client_credentials_request_spec.rb +3 -5
data/spec/lib/oauth/client_spec.rb +0 -3
data/spec/lib/oauth/code_request_spec.rb +5 -3
data/spec/lib/oauth/code_response_spec.rb +1 -1
data/spec/lib/oauth/error_response_spec.rb +0 -3
data/spec/lib/oauth/error_spec.rb +0 -2
data/spec/lib/oauth/forbidden_token_response_spec.rb +1 -4
data/spec/lib/oauth/helpers/scope_checker_spec.rb +8 -11
data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -1
data/spec/lib/oauth/helpers/uri_checker_spec.rb +22 -13
data/spec/lib/oauth/invalid_token_response_spec.rb +1 -4
data/spec/lib/oauth/password_access_token_request_spec.rb +53 -6
data/spec/lib/oauth/pre_authorization_spec.rb +33 -4
data/spec/lib/oauth/refresh_token_request_spec.rb +22 -14
data/spec/lib/oauth/scopes_spec.rb +0 -3
data/spec/lib/oauth/token_request_spec.rb +8 -9
data/spec/lib/oauth/token_response_spec.rb +0 -1
data/spec/lib/oauth/token_spec.rb +40 -14
data/spec/lib/request/strategy_spec.rb +0 -1
data/spec/lib/server_spec.rb +7 -7
data/spec/lib/stale_records_cleaner_spec.rb +89 -0
data/spec/models/doorkeeper/access_grant_spec.rb +44 -1
data/spec/models/doorkeeper/access_token_spec.rb +80 -32
data/spec/models/doorkeeper/application_spec.rb +293 -221
data/spec/requests/applications/applications_request_spec.rb +134 -1
data/spec/requests/applications/authorized_applications_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +3 -3
data/spec/requests/endpoints/token_spec.rb +7 -5
data/spec/requests/flows/authorization_code_errors_spec.rb +2 -2
data/spec/requests/flows/authorization_code_spec.rb +258 -2
data/spec/requests/flows/client_credentials_spec.rb +46 -6
data/spec/requests/flows/implicit_grant_errors_spec.rb +3 -3
data/spec/requests/flows/implicit_grant_spec.rb +38 -11
data/spec/requests/flows/password_spec.rb +61 -3
data/spec/requests/flows/refresh_token_spec.rb +59 -2
data/spec/requests/flows/revoke_token_spec.rb +20 -20
data/spec/requests/flows/skip_authorization_spec.rb +16 -11
data/spec/requests/protected_resources/metal_spec.rb +1 -1
data/spec/requests/protected_resources/private_api_spec.rb +3 -3
data/spec/routing/custom_controller_routes_spec.rb +59 -7
data/spec/routing/default_routes_spec.rb +2 -2
data/spec/routing/scoped_routes_spec.rb +16 -2
data/spec/spec_helper.rb +54 -3
data/spec/spec_helper_integration.rb +2 -74
data/spec/support/dependencies/{factory_girl.rb → factory_bot.rb} +0 -0
data/spec/support/doorkeeper_rspec.rb +20 -0
data/spec/support/helpers/authorization_request_helper.rb +4 -4
data/spec/support/helpers/model_helper.rb +8 -4
data/spec/support/helpers/request_spec_helper.rb +10 -2
data/spec/support/helpers/url_helper.rb +18 -14
data/spec/support/http_method_shim.rb +12 -16
data/spec/support/shared/controllers_shared_context.rb +56 -0
data/spec/validators/redirect_uri_validator_spec.rb +9 -3
data/spec/version/version_spec.rb +3 -3
data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
metadata +54 -35
data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +0 -31
data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +0 -11
data/spec/controllers/application_metal_controller.rb +0 -10

data/spec/controllers/authorizations_controller_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   include AuthorizationRequestHelper
@@ -6,7 +6,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   if Rails::VERSION::MAJOR >= 5
     class ActionDispatch::TestResponse
       def query_params
-        @_query_params ||= begin
+        @query_params ||= begin
           fragment = URI.parse(location).fragment
           Rack::Utils.parse_query(fragment)
         end
@@ -15,7 +15,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   else
     class ActionController::TestResponse
       def query_params
-        @_query_params ||= begin
+        @query_params ||= begin
           fragment = URI.parse(location).fragment
           Rack::Utils.parse_query(fragment)
         end
@@ -34,11 +34,14 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   before do
     allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
     allow(controller).to receive(:current_resource_owner).and_return(user)
+    allow(Doorkeeper.configuration).to receive(:custom_access_token_expires_in).and_return(proc { |context|
+      context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
+    })
   end
   describe 'POST #create' do
     before do
-      post :create, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
     end
     it 'redirects after authorization' do
@@ -46,7 +49,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
     it 'redirects to client redirect uri' do
-      expect(response.location).to match(%r{^#{client.redirect_uri}})
+      expect(response.location).to match(/^#{client.redirect_uri}/)
     end
     it 'includes access token in fragment' do
@@ -58,7 +61,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
     it 'includes token expiration in fragment' do
-      expect(response.query_params['expires_in'].to_i).to eq(2.hours.to_i)
+      expect(response.query_params['expires_in'].to_i).to eq(1234)
     end
     it 'issues the token for the current client' do
@@ -70,10 +73,54 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe "POST #create in API mode" do
+    before do
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
+    end
+    let(:response_json_body) { JSON.parse(response.body) }
+    let(:redirect_uri) { response_json_body["redirect_uri"] }
+    it "renders success after authorization" do
+      expect(response).to be_successful
+    end
+    it "renders correct redirect uri" do
+      expect(redirect_uri).to match(/^#{client.redirect_uri}/)
+    end
+    it "includes access token in fragment" do
+      expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)[1]).to eq(Doorkeeper::AccessToken.first.token)
+    end
+    it "includes token type in fragment" do
+      expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
+    end
+    it "includes token expiration in fragment" do
+      expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
+    end
+    it "issues the token for the current client" do
+      expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
+    end
+    it "issues the token for the current resource owner" do
+      expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
+    end
+  end
   describe 'POST #create with errors' do
     before do
       default_scopes_exist :public
-      post :create, client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri
+      post :create, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        scope: 'invalid',
+        redirect_uri: client.redirect_uri
+      }
     end
     it 'redirects after authorization' do
@@ -81,7 +128,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
     it 'redirects to client redirect uri' do
-      expect(response.location).to match(%r{^#{client.redirect_uri}})
+      expect(response.location).to match(/^#{client.redirect_uri}/)
     end
     it 'does not include access token in fragment' do
@@ -101,12 +148,58 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'POST #create in API mode with errors' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      default_scopes_exist :public
+      post :create, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        scope: 'invalid',
+        redirect_uri: client.redirect_uri
+      }
+    end
+    let(:response_json_body) { JSON.parse(response.body) }
+    let(:redirect_uri) { response_json_body['redirect_uri'] }
+    it 'renders 400 error' do
+      expect(response.status).to eq 401
+    end
+    it 'includes correct redirect URI' do
+      expect(redirect_uri).to match(/^#{client.redirect_uri}/)
+    end
+    it 'does not include access token in fragment' do
+      expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)).to be_nil
+    end
+    it 'includes error in redirect uri' do
+      expect(redirect_uri.match(/error=([a-z_]+)&?/)[1]).to eq 'invalid_scope'
+    end
+    it 'includes error description in redirect uri' do
+      expect(redirect_uri.match(/error_description=(.+)&?/)[1]).to_not be_nil
+    end
+    it 'does not issue any access token' do
+      expect(Doorkeeper::AccessToken.all).to be_empty
+    end
+  end
   describe 'POST #create with application already authorized' do
     before do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
       access_token.save!
-      post :create, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      post :create, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
     it 'returns the existing access token in a fragment' do
@@ -118,18 +211,64 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'POST #create with callbacks' do
+    after do
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+    end
+    describe 'when successful' do
+      after do
+        post :create, params: {
+          client_id: client.uid,
+          response_type: 'token',
+          redirect_uri: client.redirect_uri
+        }
+      end
+      it 'should call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+      end
+      it 'should call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
+      end
+    end
+    describe 'with errors' do
+      after do
+        post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: 'bad_uri' }
+      end
+      it 'should not call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
+      end
+      it 'should not call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
+      end
+    end
+  end
   describe 'GET #new token request with native url and skip_authorization true' do
     before do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
       client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
-      get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
     it 'should redirect immediately' do
       expect(response).to be_redirect
-      expect(response.location).to match(/oauth\/token\/info\?access_token=/)
+      expect(response.location).to match(%r{/oauth/token/info\?access_token=})
     end
     it 'should not issue a grant' do
@@ -143,18 +282,24 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   describe 'GET #new code request with native url and skip_authorization true' do
     before do
-      allow(Doorkeeper.configuration).to receive(:grant_flows).
-        and_return(%w[authorization_code])
+      allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(%w[authorization_code])
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
       client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
-      get :new, client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'code',
+        redirect_uri: client.redirect_uri
+      }
     end
     it 'should redirect immediately' do
       expect(response).to be_redirect
-      expect(response.location).to match(/oauth\/authorize\/native\?code=#{Doorkeeper::AccessGrant.first.token}/)
+      expect(response.location)
+        .to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
     end
     it 'should issue a grant' do
@@ -164,38 +309,6 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     it 'should not issue a token' do
       expect(Doorkeeper::AccessToken.count).to be 0
     end
-    context 'with opt_out_native_route_change' do
-      around(:each) do |example|
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-          opt_out_native_route_change
-        end
-        Rails.application.reload_routes!
-        example.run
-        Doorkeeper.configure do
-          orm DOORKEEPER_ORM
-        end
-        Rails.application.reload_routes!
-      end
-      it 'should redirect immediately' do
-        expect(response).to be_redirect
-        expect(response.location).to match(/oauth\/authorize\/#{Doorkeeper::AccessGrant.first.token}/)
-      end
-      it 'should issue a grant' do
-        expect(Doorkeeper::AccessGrant.count).to be 1
-      end
-      it 'should not issue a token' do
-        expect(Doorkeeper::AccessToken.count).to be 0
-      end
-    end
   end
   describe 'GET #new with skip_authorization true' do
@@ -203,12 +316,17 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
-      get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
     it 'should redirect immediately' do
       expect(response).to be_redirect
-      expect(response.location).to match(%r{^#{client.redirect_uri}})
+      expect(response.location).to match(/^#{client.redirect_uri}/)
     end
     it 'should issue a token' do
@@ -220,7 +338,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
     it 'includes token expiration in fragment' do
-      expect(response.query_params['expires_in'].to_i).to eq(2.hours.to_i)
+      expect(response.query_params['expires_in'].to_i).to eq(1234)
     end
     it 'issues the token for the current client' do
@@ -232,10 +350,81 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
   end
+  describe 'GET #new in API mode' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
+    end
+    it 'should render success' do
+      expect(response).to be_successful
+    end
+    it "sets status to pre-authorization" do
+      expect(json_response["status"]).to eq(I18n.t('doorkeeper.pre_authorization.status'))
+    end
+    it "sets correct values" do
+      expect(json_response['client_id']).to eq(client.uid)
+      expect(json_response['redirect_uri']).to eq(client.redirect_uri)
+      expect(json_response['state']).to be_nil
+      expect(json_response['response_type']).to eq('token')
+      expect(json_response['scope']).to eq('')
+    end
+  end
+  describe 'GET #new in API mode with skip_authorization true' do
+    before do
+      allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
+    end
+    it 'should render success' do
+      expect(response).to be_successful
+    end
+    it 'should issue a token' do
+      expect(Doorkeeper::AccessToken.count).to be 1
+    end
+    it "sets status to redirect" do
+      expect(JSON.parse(response.body)["status"]).to eq("redirect")
+    end
+    it "sets redirect_uri to correct value" do
+      redirect_uri = JSON.parse(response.body)["redirect_uri"]
+      expect(redirect_uri).to_not be_nil
+      expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
+      expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
+      expect(
+        redirect_uri.match(/access_token=([a-f0-9]+)&?/)[1]
+      ).to eq Doorkeeper::AccessToken.first.token
+    end
+    it "issues the token for the current client" do
+      expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
+    end
+    it "issues the token for the current resource owner" do
+      expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
+    end
+  end
   describe 'GET #new with errors' do
     before do
       default_scopes_exist :public
-      get :new, an_invalid: 'request'
+      get :new, params: { an_invalid: 'request' }
     end
     it 'does not redirect' do
@@ -247,4 +436,98 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       expect(Doorkeeper::AccessToken.count).to eq 0
     end
   end
+  describe 'GET #new in API mode with errors' do
+    let(:response_json_body) { JSON.parse(response.body) }
+    before do
+      default_scopes_exist :public
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      get :new, params: { an_invalid: 'request' }
+    end
+    it 'should render bad request' do
+      expect(response).to have_http_status(:bad_request)
+    end
+    it 'includes error in body' do
+      expect(response_json_body['error']).to eq('unsupported_response_type')
+    end
+    it 'includes error description in body' do
+      expect(response_json_body['error_description'])
+        .to eq(translated_error_message(:unsupported_response_type))
+    end
+    it 'does not issue any token' do
+      expect(Doorkeeper::AccessGrant.count).to eq 0
+      expect(Doorkeeper::AccessToken.count).to eq 0
+    end
+  end
+  describe 'GET #new with callbacks' do
+    after do
+      client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
+      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+    end
+    describe 'when authorizing' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
+      end
+      it 'should call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+      end
+      it 'should call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
+      end
+    end
+    describe 'when not authorizing' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
+      end
+      it 'should not call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
+      end
+      it 'should not call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
+      end
+    end
+    describe 'when not authorizing in api mode' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
+        allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      end
+      it 'should not call :before_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
+      end
+      it 'should not call :after_successful_authorization callback' do
+        expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
+      end
+    end
+  end
+  describe 'authorize response memoization' do
+    it 'memoizes the result of the authorization' do
+      strategy = double(:strategy, authorize: true)
+      expect(strategy).to receive(:authorize).once
+      allow(controller).to receive(:strategy) { strategy }
+      allow(controller).to receive(:create) do
+        2.times { controller.send :authorize_response }
+        controller.render json: {}, status: :ok
+      end
+      post :create
+    end
+  end
 end

data/spec/controllers/protected_resources_controller_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'spec_helper_integration'
+require 'spec_helper'
 module ControllerActions
   def index
@@ -33,12 +33,12 @@ describe 'doorkeeper authorize filter' do
     it 'access_token param' do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
-      get :index, access_token: token_string
+      get :index, params: { access_token: token_string }
     end
     it 'bearer_token param' do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
-      get :index, bearer_token: token_string
+      get :index, params: { bearer_token: token_string }
     end
     it 'Authorization header' do
@@ -57,7 +57,7 @@ describe 'doorkeeper authorize filter' do
       expect(Doorkeeper::AccessToken).to receive(:by_token).exactly(2).times.and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
-      controller.send(:remove_instance_variable, :@_doorkeeper_token)
+      controller.send(:remove_instance_variable, :@doorkeeper_token)
       get :index
     end
   end
@@ -71,25 +71,25 @@ describe 'doorkeeper authorize filter' do
     context 'with valid token', token: :valid do
       it 'allows into index action' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response).to be_successful
       end
       it 'allows into show action' do
-        get :show, id: '4', access_token: token_string
+        get :show, params: { id: '4', access_token: token_string }
         expect(response).to be_successful
       end
     end
     context 'with invalid token', token: :invalid do
       it 'does not allow into index action' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
       end
       it 'does not allow into show action' do
-        get :show, id: '4', access_token: token_string
+        get :show, params: { id: '4', access_token: token_string }
         expect(response.status).to eq 401
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
       end
@@ -115,7 +115,7 @@ describe 'doorkeeper authorize filter' do
         Doorkeeper::AccessToken
       ).to receive(:by_token).with(token_string).and_return(token)
-      get :index, access_token: token_string
+      get :index, params: { access_token: token_string }
       expect(response).to be_successful
     end
@@ -129,7 +129,7 @@ describe 'doorkeeper authorize filter' do
       ).to receive(:by_token).with(token_string).and_return(token)
       expect(token).to receive(:acceptable?).with([:write]).and_return(false)
-      get :index, access_token: token_string
+      get :index, params: { access_token: token_string }
       expect(response.status).to eq 403
       expect(response.header).to_not include('WWW-Authenticate')
     end
@@ -157,13 +157,12 @@ describe 'doorkeeper authorize filter' do
         module ControllerActions
           remove_method :doorkeeper_unauthorized_render_options
-          def doorkeeper_unauthorized_render_options(error: nil)
-          end
+          def doorkeeper_unauthorized_render_options(error: nil); end
         end
       end
       it 'it renders a custom JSON response', token: :invalid do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.content_type).to eq('application/json')
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
@@ -193,7 +192,7 @@ describe 'doorkeeper authorize filter' do
       end
       it 'it renders a custom text response', token: :invalid do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
         expect(response.content_type).to eq('text/plain')
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
@@ -243,7 +242,7 @@ describe 'doorkeeper authorize filter' do
       end
       it 'renders a custom JSON response' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.header).to_not include('WWW-Authenticate')
         expect(response.content_type).to eq('application/json')
         expect(response.status).to eq 403
@@ -265,7 +264,7 @@ describe 'doorkeeper authorize filter' do
       end
       it 'overrides the default status code' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 404
       end
     end
@@ -282,7 +281,7 @@ describe 'doorkeeper authorize filter' do
       end
       it 'renders a custom status code and text response' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.header).to_not include('WWW-Authenticate')
         expect(response.status).to eq 403
         expect(response.body).to eq('Forbidden')
@@ -301,9 +300,52 @@ describe 'doorkeeper authorize filter' do
       end
       it 'overrides the default status code' do
-        get :index, access_token: token_string
+        get :index, params: { access_token: token_string }
         expect(response.status).to eq 404
       end
     end
   end
+  context 'when handle_auth_errors option is set to :raise' do
+    subject { get :index, params: { access_token: token_string } }
+    before do
+      config_is_set(:handle_auth_errors, :raise)
+    end
+    controller do
+      before_action :doorkeeper_authorize!
+      include ControllerActions
+    end
+    context 'when token is unknown' do
+      it 'raises Doorkeeper::Errors::TokenUnknown exception', token: :invalid do
+        expect { subject }.to raise_error(Doorkeeper::Errors::TokenUnknown)
+      end
+    end
+    context 'when token is expired' do
+      it 'raises Doorkeeper::Errors::TokenExpired exception', token: :expired do
+        expect { subject }.to raise_error(Doorkeeper::Errors::TokenExpired)
+      end
+    end
+    context 'when token is revoked' do
+      it 'raises Doorkeeper::Errors::TokenRevoked exception', token: :revoked do
+        expect { subject }.to raise_error(Doorkeeper::Errors::TokenRevoked)
+      end
+    end
+    context 'when token is forbidden' do
+      it 'raises Doorkeeper::Errors::TokenForbidden exception', token: :forbidden do
+        expect { subject }.to raise_error(Doorkeeper::Errors::TokenForbidden)
+      end
+    end
+    context 'when token is valid' do
+      it 'allows into index action', token: :valid do
+        expect(response).to be_successful
+      end
+    end
+  end
 end