doorkeeper 5.0.0 → 5.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/Dangerfile +57 -0
- data/NEWS.md +32 -1
- data/README.md +18 -3
- data/app/controllers/doorkeeper/application_controller.rb +2 -0
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -0
- data/app/controllers/doorkeeper/applications_controller.rb +4 -2
- data/app/controllers/doorkeeper/authorizations_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -0
- data/app/controllers/doorkeeper/token_info_controller.rb +2 -0
- data/app/controllers/doorkeeper/tokens_controller.rb +2 -0
- data/app/helpers/doorkeeper/dashboard_helper.rb +2 -0
- data/app/validators/redirect_uri_validator.rb +2 -0
- data/doorkeeper.gemspec +23 -22
- data/lib/doorkeeper.rb +1 -0
- data/lib/doorkeeper/config.rb +7 -2
- data/lib/doorkeeper/engine.rb +2 -0
- data/lib/doorkeeper/errors.rb +17 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +2 -0
- data/lib/doorkeeper/grape/helpers.rb +2 -0
- data/lib/doorkeeper/helpers/controller.rb +2 -0
- data/lib/doorkeeper/models/access_grant_mixin.rb +5 -3
- data/lib/doorkeeper/models/access_token_mixin.rb +5 -3
- data/lib/doorkeeper/models/application_mixin.rb +2 -0
- data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +2 -0
- data/lib/doorkeeper/models/concerns/orderable.rb +2 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +2 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -0
- data/lib/doorkeeper/models/concerns/scopes.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/context.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +2 -0
- data/lib/doorkeeper/oauth/authorization_code_request.rb +2 -0
- data/lib/doorkeeper/oauth/base_request.rb +2 -0
- data/lib/doorkeeper/oauth/base_response.rb +2 -0
- data/lib/doorkeeper/oauth/client.rb +2 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +2 -0
- data/lib/doorkeeper/oauth/code_request.rb +2 -0
- data/lib/doorkeeper/oauth/code_response.rb +2 -0
- data/lib/doorkeeper/oauth/error.rb +2 -0
- data/lib/doorkeeper/oauth/error_response.rb +10 -0
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +9 -2
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -0
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -0
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +5 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +18 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +2 -0
- data/lib/doorkeeper/oauth/pre_authorization.rb +2 -0
- data/lib/doorkeeper/oauth/refresh_token_request.rb +10 -2
- data/lib/doorkeeper/oauth/scopes.rb +2 -0
- data/lib/doorkeeper/oauth/token.rb +2 -0
- data/lib/doorkeeper/oauth/token_introspection.rb +2 -0
- data/lib/doorkeeper/oauth/token_request.rb +2 -0
- data/lib/doorkeeper/oauth/token_response.rb +2 -0
- data/lib/doorkeeper/orm/active_record.rb +2 -0
- data/lib/doorkeeper/rails/helpers.rb +4 -0
- data/lib/doorkeeper/rails/routes.rb +9 -2
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -0
- data/lib/doorkeeper/rails/routes/mapping.rb +2 -0
- data/lib/doorkeeper/rake/db.rake +4 -4
- data/lib/doorkeeper/request.rb +2 -0
- data/lib/doorkeeper/request/authorization_code.rb +2 -0
- data/lib/doorkeeper/request/client_credentials.rb +2 -0
- data/lib/doorkeeper/request/code.rb +2 -0
- data/lib/doorkeeper/request/password.rb +2 -0
- data/lib/doorkeeper/request/refresh_token.rb +2 -0
- data/lib/doorkeeper/request/strategy.rb +2 -0
- data/lib/doorkeeper/request/token.rb +2 -0
- data/lib/doorkeeper/server.rb +2 -0
- data/lib/doorkeeper/stale_records_cleaner.rb +20 -0
- data/lib/doorkeeper/validations.rb +2 -0
- data/lib/doorkeeper/version.rb +3 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +20 -2
- data/lib/generators/doorkeeper/templates/migration.rb.erb +2 -2
- data/spec/controllers/applications_controller_spec.rb +37 -41
- data/spec/controllers/authorizations_controller_spec.rb +71 -18
- data/spec/controllers/protected_resources_controller_spec.rb +44 -2
- data/spec/controllers/tokens_controller_spec.rb +4 -5
- data/spec/dummy/Rakefile +1 -1
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +1 -1
- data/spec/dummy/app/controllers/home_controller.rb +1 -2
- data/spec/dummy/config.ru +1 -1
- data/spec/dummy/config/application.rb +1 -1
- data/spec/dummy/config/boot.rb +2 -4
- data/spec/dummy/config/environment.rb +1 -1
- data/spec/dummy/config/environments/test.rb +1 -1
- data/spec/dummy/config/initializers/doorkeeper.rb +2 -1
- data/spec/dummy/config/initializers/new_framework_defaults.rb +1 -3
- data/spec/dummy/config/initializers/secret_token.rb +1 -1
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +4 -4
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +1 -1
- data/spec/dummy/script/rails +4 -3
- data/spec/factories.rb +6 -6
- data/spec/generators/install_generator_spec.rb +4 -1
- data/spec/generators/templates/routes.rb +0 -1
- data/spec/generators/views_generator_spec.rb +1 -1
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/lib/config_spec.rb +25 -8
- data/spec/lib/doorkeeper_spec.rb +5 -5
- data/spec/lib/oauth/authorization_code_request_spec.rb +9 -6
- data/spec/lib/oauth/base_request_spec.rb +10 -10
- data/spec/lib/oauth/client/credentials_spec.rb +2 -2
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -2
- data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -1
- data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
- data/spec/lib/oauth/code_request_spec.rb +2 -2
- data/spec/lib/oauth/code_response_spec.rb +1 -1
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +8 -8
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +17 -6
- data/spec/lib/oauth/password_access_token_request_spec.rb +17 -5
- data/spec/lib/oauth/refresh_token_request_spec.rb +11 -7
- data/spec/lib/oauth/token_request_spec.rb +5 -5
- data/spec/lib/oauth/token_spec.rb +4 -1
- data/spec/lib/server_spec.rb +6 -6
- data/spec/lib/{orm/active_record/stale_records_cleaner_spec.rb → stale_records_cleaner_spec.rb} +14 -4
- data/spec/models/doorkeeper/access_token_spec.rb +14 -10
- data/spec/models/doorkeeper/application_spec.rb +4 -4
- data/spec/requests/applications/applications_request_spec.rb +2 -2
- data/spec/requests/endpoints/authorization_spec.rb +2 -2
- data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
- data/spec/requests/flows/authorization_code_spec.rb +75 -15
- data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
- data/spec/requests/flows/password_spec.rb +6 -2
- data/spec/requests/flows/refresh_token_spec.rb +57 -0
- data/spec/requests/flows/revoke_token_spec.rb +9 -9
- data/spec/requests/protected_resources/private_api_spec.rb +2 -2
- data/spec/support/doorkeeper_rspec.rb +2 -1
- data/spec/support/helpers/model_helper.rb +8 -4
- data/spec/support/helpers/url_helper.rb +11 -11
- data/spec/support/shared/controllers_shared_context.rb +56 -0
- data/spec/validators/redirect_uri_validator_spec.rb +2 -2
- metadata +20 -4
data/lib/doorkeeper/rake/db.rake
CHANGED
@@ -13,26 +13,26 @@ namespace :doorkeeper do
|
|
13
13
|
namespace :cleanup do
|
14
14
|
desc 'Removes stale access tokens'
|
15
15
|
task revoked_tokens: 'doorkeeper:setup' do
|
16
|
-
cleaner = Doorkeeper::
|
16
|
+
cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessToken)
|
17
17
|
cleaner.clean_revoked
|
18
18
|
end
|
19
19
|
|
20
20
|
desc 'Removes expired (TTL passed) access tokens'
|
21
21
|
task expired_tokens: 'doorkeeper:setup' do
|
22
22
|
expirable_tokens = Doorkeeper::AccessToken.where(refresh_token: nil)
|
23
|
-
cleaner = Doorkeeper::
|
23
|
+
cleaner = Doorkeeper::StaleRecordsCleaner.new(expirable_tokens)
|
24
24
|
cleaner.clean_expired(Doorkeeper.configuration.access_token_expires_in)
|
25
25
|
end
|
26
26
|
|
27
27
|
desc 'Removes stale access grants'
|
28
28
|
task revoked_grants: 'doorkeeper:setup' do
|
29
|
-
cleaner = Doorkeeper::
|
29
|
+
cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
|
30
30
|
cleaner.clean_revoked
|
31
31
|
end
|
32
32
|
|
33
33
|
desc 'Removes expired (TTL passed) access grants'
|
34
34
|
task expired_grants: 'doorkeeper:setup' do
|
35
|
-
cleaner = Doorkeeper::
|
35
|
+
cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
|
36
36
|
cleaner.clean_expired(Doorkeeper.configuration.authorization_code_expires_in)
|
37
37
|
end
|
38
38
|
end
|
data/lib/doorkeeper/request.rb
CHANGED
data/lib/doorkeeper/server.rb
CHANGED
@@ -0,0 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Doorkeeper
|
4
|
+
class StaleRecordsCleaner
|
5
|
+
CLEANER_CLASS = 'StaleRecordsCleaner'.freeze
|
6
|
+
|
7
|
+
def self.for(base_scope)
|
8
|
+
orm_adapter = "doorkeeper/orm/#{Doorkeeper.configuration.orm}".classify
|
9
|
+
|
10
|
+
orm_cleaner = "#{orm_adapter}::#{CLEANER_CLASS}".constantize
|
11
|
+
orm_cleaner.new(base_scope)
|
12
|
+
rescue NameError
|
13
|
+
raise Doorkeeper::Errors::NoOrmCleaner, "'#{Doorkeeper.configuration.orm}' ORM has no cleaner!"
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.new(base_scope)
|
17
|
+
self.for(base_scope)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
data/lib/doorkeeper/version.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
def self.gem_version
|
3
5
|
Gem::Version.new VERSION::STRING
|
@@ -7,7 +9,7 @@ module Doorkeeper
|
|
7
9
|
# Semantic versioning
|
8
10
|
MAJOR = 5
|
9
11
|
MINOR = 0
|
10
|
-
TINY =
|
12
|
+
TINY = 1
|
11
13
|
PRE = nil
|
12
14
|
|
13
15
|
# Full version number
|
@@ -68,7 +68,11 @@ Doorkeeper.configure do
|
|
68
68
|
#
|
69
69
|
# base_controller 'ApplicationController'
|
70
70
|
|
71
|
-
# Reuse access token for the same resource owner within an application (disabled by default)
|
71
|
+
# Reuse access token for the same resource owner within an application (disabled by default).
|
72
|
+
#
|
73
|
+
# This option protects your application from creating new tokens before old valid one becomes
|
74
|
+
# expired so your database doesn't bloat. Keep in mind that when this option is `on` Doorkeeper
|
75
|
+
# doesn't updates existing token expiration time, it will create a new token instead.
|
72
76
|
# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
|
73
77
|
#
|
74
78
|
# reuse_access_token
|
@@ -121,7 +125,8 @@ Doorkeeper.configure do
|
|
121
125
|
# access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
|
122
126
|
|
123
127
|
# Change the native redirect uri for client apps
|
124
|
-
# When clients register with the following redirect uri, they won't be redirected to any server and
|
128
|
+
# When clients register with the following redirect uri, they won't be redirected to any server and
|
129
|
+
# the authorizationcode will be displayed within the provider
|
125
130
|
# The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
|
126
131
|
# (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
|
127
132
|
#
|
@@ -147,6 +152,19 @@ Doorkeeper.configure do
|
|
147
152
|
#
|
148
153
|
# forbid_redirect_uri { |uri| uri.scheme.to_s.downcase == 'javascript' }
|
149
154
|
|
155
|
+
# Specify how authorization errors should be handled.
|
156
|
+
# By default, doorkeeper renders json errors when access token
|
157
|
+
# is invalid, expired, revoked or has invalid scopes.
|
158
|
+
#
|
159
|
+
# If you want to render error response yourself (i.e. rescue exceptions),
|
160
|
+
# set handle_auth_errors to `:raise` and rescue Doorkeeper::Errors::InvalidToken
|
161
|
+
# or following specific errors:
|
162
|
+
#
|
163
|
+
# Doorkeeper::Errors::TokenForbidden, Doorkeeper::Errors::TokenExpired,
|
164
|
+
# Doorkeeper::Errors::TokenRevoked, Doorkeeper::Errors::TokenUnknown
|
165
|
+
#
|
166
|
+
# handle_auth_errors = :raise
|
167
|
+
|
150
168
|
# Specify what grant flows are enabled in array of Strings. The valid
|
151
169
|
# strings and the flows they enable are:
|
152
170
|
#
|
@@ -13,7 +13,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
13
13
|
add_index :oauth_applications, :uid, unique: true
|
14
14
|
|
15
15
|
create_table :oauth_access_grants do |t|
|
16
|
-
t.
|
16
|
+
t.references :resource_owner, null: false
|
17
17
|
t.references :application, null: false
|
18
18
|
t.string :token, null: false
|
19
19
|
t.integer :expires_in, null: false
|
@@ -31,7 +31,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
31
31
|
)
|
32
32
|
|
33
33
|
create_table :oauth_access_tokens do |t|
|
34
|
-
t.
|
34
|
+
t.references :resource_owner
|
35
35
|
t.references :application
|
36
36
|
|
37
37
|
# If you use a custom token generator you may need to change this column
|
@@ -13,12 +13,12 @@ module Doorkeeper
|
|
13
13
|
it 'creates an application' do
|
14
14
|
expect do
|
15
15
|
post :create, params: {
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
end.to
|
16
|
+
doorkeeper_application: {
|
17
|
+
name: 'Example',
|
18
|
+
redirect_uri: 'https://example.com'
|
19
|
+
}, format: :json
|
20
|
+
}
|
21
|
+
end.to(change { Doorkeeper::Application.count })
|
22
22
|
|
23
23
|
expect(response).to be_successful
|
24
24
|
|
@@ -31,11 +31,11 @@ module Doorkeeper
|
|
31
31
|
it 'returns validation errors on wrong create params' do
|
32
32
|
expect do
|
33
33
|
post :create, params: {
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
end.not_to
|
34
|
+
doorkeeper_application: {
|
35
|
+
name: 'Example'
|
36
|
+
}, format: :json
|
37
|
+
}
|
38
|
+
end.not_to(change { Doorkeeper::Application.count })
|
39
39
|
|
40
40
|
expect(response).to have_http_status(422)
|
41
41
|
|
@@ -108,14 +108,13 @@ module Doorkeeper
|
|
108
108
|
|
109
109
|
it 'does not create application' do
|
110
110
|
expect do
|
111
|
-
post :create,
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
end.not_to change { Doorkeeper::Application.count }
|
111
|
+
post :create, params: {
|
112
|
+
doorkeeper_application: {
|
113
|
+
name: 'Example',
|
114
|
+
redirect_uri: 'https://example.com'
|
115
|
+
}
|
116
|
+
}
|
117
|
+
end.not_to(change { Doorkeeper::Application.count })
|
119
118
|
end
|
120
119
|
end
|
121
120
|
|
@@ -139,13 +138,12 @@ module Doorkeeper
|
|
139
138
|
|
140
139
|
it 'creates application' do
|
141
140
|
expect do
|
142
|
-
post :create,
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
}
|
141
|
+
post :create, params: {
|
142
|
+
doorkeeper_application: {
|
143
|
+
name: 'Example',
|
144
|
+
redirect_uri: 'https://example.com'
|
145
|
+
}
|
146
|
+
}
|
149
147
|
end.to change { Doorkeeper::Application.count }.by(1)
|
150
148
|
|
151
149
|
expect(response).to be_redirect
|
@@ -153,27 +151,25 @@ module Doorkeeper
|
|
153
151
|
|
154
152
|
it 'does not allow mass assignment of uid or secret' do
|
155
153
|
application = FactoryBot.create(:application)
|
156
|
-
put :update,
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
}
|
154
|
+
put :update, params: {
|
155
|
+
id: application.id,
|
156
|
+
doorkeeper_application: {
|
157
|
+
uid: '1A2B3C4D',
|
158
|
+
secret: '1A2B3C4D'
|
159
|
+
}
|
160
|
+
}
|
164
161
|
|
165
162
|
expect(application.reload.uid).not_to eq '1A2B3C4D'
|
166
163
|
end
|
167
164
|
|
168
165
|
it 'updates application' do
|
169
166
|
application = FactoryBot.create(:application)
|
170
|
-
put :update,
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
}
|
167
|
+
put :update, params: {
|
168
|
+
id: application.id, doorkeeper_application: {
|
169
|
+
name: 'Example',
|
170
|
+
redirect_uri: 'https://example.com'
|
171
|
+
}
|
172
|
+
}
|
177
173
|
|
178
174
|
expect(application.reload.name).to eq 'Example'
|
179
175
|
end
|
@@ -49,7 +49,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
49
49
|
end
|
50
50
|
|
51
51
|
it 'redirects to client redirect uri' do
|
52
|
-
expect(response.location).to match(
|
52
|
+
expect(response.location).to match(/^#{client.redirect_uri}/)
|
53
53
|
end
|
54
54
|
|
55
55
|
it 'includes access token in fragment' do
|
@@ -114,7 +114,13 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
114
114
|
describe 'POST #create with errors' do
|
115
115
|
before do
|
116
116
|
default_scopes_exist :public
|
117
|
-
|
117
|
+
|
118
|
+
post :create, params: {
|
119
|
+
client_id: client.uid,
|
120
|
+
response_type: 'token',
|
121
|
+
scope: 'invalid',
|
122
|
+
redirect_uri: client.redirect_uri
|
123
|
+
}
|
118
124
|
end
|
119
125
|
|
120
126
|
it 'redirects after authorization' do
|
@@ -146,7 +152,13 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
146
152
|
before do
|
147
153
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
148
154
|
default_scopes_exist :public
|
149
|
-
|
155
|
+
|
156
|
+
post :create, params: {
|
157
|
+
client_id: client.uid,
|
158
|
+
response_type: 'token',
|
159
|
+
scope: 'invalid',
|
160
|
+
redirect_uri: client.redirect_uri
|
161
|
+
}
|
150
162
|
end
|
151
163
|
|
152
164
|
let(:response_json_body) { JSON.parse(response.body) }
|
@@ -182,7 +194,12 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
182
194
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
183
195
|
|
184
196
|
access_token.save!
|
185
|
-
|
197
|
+
|
198
|
+
post :create, params: {
|
199
|
+
client_id: client.uid,
|
200
|
+
response_type: 'token',
|
201
|
+
redirect_uri: client.redirect_uri
|
202
|
+
}
|
186
203
|
end
|
187
204
|
|
188
205
|
it 'returns the existing access token in a fragment' do
|
@@ -201,15 +218,21 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
201
218
|
|
202
219
|
describe 'when successful' do
|
203
220
|
after do
|
204
|
-
post :create, params: {
|
221
|
+
post :create, params: {
|
222
|
+
client_id: client.uid,
|
223
|
+
response_type: 'token',
|
224
|
+
redirect_uri: client.redirect_uri
|
225
|
+
}
|
205
226
|
end
|
206
227
|
|
207
228
|
it 'should call :before_successful_authorization callback' do
|
208
|
-
expect(Doorkeeper.configuration)
|
229
|
+
expect(Doorkeeper.configuration)
|
230
|
+
.to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
|
209
231
|
end
|
210
232
|
|
211
233
|
it 'should call :after_successful_authorization callback' do
|
212
|
-
expect(Doorkeeper.configuration)
|
234
|
+
expect(Doorkeeper.configuration)
|
235
|
+
.to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
|
213
236
|
end
|
214
237
|
end
|
215
238
|
|
@@ -233,13 +256,19 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
233
256
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
234
257
|
true
|
235
258
|
end)
|
259
|
+
|
236
260
|
client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
|
237
|
-
|
261
|
+
|
262
|
+
get :new, params: {
|
263
|
+
client_id: client.uid,
|
264
|
+
response_type: 'token',
|
265
|
+
redirect_uri: client.redirect_uri
|
266
|
+
}
|
238
267
|
end
|
239
268
|
|
240
269
|
it 'should redirect immediately' do
|
241
270
|
expect(response).to be_redirect
|
242
|
-
expect(response.location).to match(/oauth
|
271
|
+
expect(response.location).to match(%r{/oauth/token/info\?access_token=})
|
243
272
|
end
|
244
273
|
|
245
274
|
it 'should not issue a grant' do
|
@@ -257,13 +286,20 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
257
286
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
258
287
|
true
|
259
288
|
end)
|
289
|
+
|
260
290
|
client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
|
261
|
-
|
291
|
+
|
292
|
+
get :new, params: {
|
293
|
+
client_id: client.uid,
|
294
|
+
response_type: 'code',
|
295
|
+
redirect_uri: client.redirect_uri
|
296
|
+
}
|
262
297
|
end
|
263
298
|
|
264
299
|
it 'should redirect immediately' do
|
265
300
|
expect(response).to be_redirect
|
266
|
-
expect(response.location)
|
301
|
+
expect(response.location)
|
302
|
+
.to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
|
267
303
|
end
|
268
304
|
|
269
305
|
it 'should issue a grant' do
|
@@ -280,12 +316,17 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
280
316
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
281
317
|
true
|
282
318
|
end)
|
283
|
-
|
319
|
+
|
320
|
+
get :new, params: {
|
321
|
+
client_id: client.uid,
|
322
|
+
response_type: 'token',
|
323
|
+
redirect_uri: client.redirect_uri
|
324
|
+
}
|
284
325
|
end
|
285
326
|
|
286
327
|
it 'should redirect immediately' do
|
287
328
|
expect(response).to be_redirect
|
288
|
-
expect(response.location).to match(
|
329
|
+
expect(response.location).to match(/^#{client.redirect_uri}/)
|
289
330
|
end
|
290
331
|
|
291
332
|
it 'should issue a token' do
|
@@ -312,7 +353,12 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
312
353
|
describe 'GET #new in API mode' do
|
313
354
|
before do
|
314
355
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
315
|
-
|
356
|
+
|
357
|
+
get :new, params: {
|
358
|
+
client_id: client.uid,
|
359
|
+
response_type: 'token',
|
360
|
+
redirect_uri: client.redirect_uri
|
361
|
+
}
|
316
362
|
end
|
317
363
|
|
318
364
|
it 'should render success' do
|
@@ -337,7 +383,11 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
337
383
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
|
338
384
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
339
385
|
|
340
|
-
get :new, params: {
|
386
|
+
get :new, params: {
|
387
|
+
client_id: client.uid,
|
388
|
+
response_type: 'token',
|
389
|
+
redirect_uri: client.redirect_uri
|
390
|
+
}
|
341
391
|
end
|
342
392
|
|
343
393
|
it 'should render success' do
|
@@ -405,7 +455,8 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
405
455
|
end
|
406
456
|
|
407
457
|
it 'includes error description in body' do
|
408
|
-
expect(response_json_body['error_description'])
|
458
|
+
expect(response_json_body['error_description'])
|
459
|
+
.to eq(translated_error_message(:unsupported_response_type))
|
409
460
|
end
|
410
461
|
|
411
462
|
it 'does not issue any token' do
|
@@ -426,11 +477,13 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
426
477
|
end
|
427
478
|
|
428
479
|
it 'should call :before_successful_authorization callback' do
|
429
|
-
expect(Doorkeeper.configuration)
|
480
|
+
expect(Doorkeeper.configuration)
|
481
|
+
.to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
|
430
482
|
end
|
431
483
|
|
432
484
|
it 'should call :after_successful_authorization callback' do
|
433
|
-
expect(Doorkeeper.configuration)
|
485
|
+
expect(Doorkeeper.configuration)
|
486
|
+
.to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
|
434
487
|
end
|
435
488
|
end
|
436
489
|
|