doorkeeper 5.0.0 → 5.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/Dangerfile +57 -0
- data/NEWS.md +32 -1
- data/README.md +18 -3
- data/app/controllers/doorkeeper/application_controller.rb +2 -0
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -0
- data/app/controllers/doorkeeper/applications_controller.rb +4 -2
- data/app/controllers/doorkeeper/authorizations_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -0
- data/app/controllers/doorkeeper/token_info_controller.rb +2 -0
- data/app/controllers/doorkeeper/tokens_controller.rb +2 -0
- data/app/helpers/doorkeeper/dashboard_helper.rb +2 -0
- data/app/validators/redirect_uri_validator.rb +2 -0
- data/doorkeeper.gemspec +23 -22
- data/lib/doorkeeper.rb +1 -0
- data/lib/doorkeeper/config.rb +7 -2
- data/lib/doorkeeper/engine.rb +2 -0
- data/lib/doorkeeper/errors.rb +17 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +2 -0
- data/lib/doorkeeper/grape/helpers.rb +2 -0
- data/lib/doorkeeper/helpers/controller.rb +2 -0
- data/lib/doorkeeper/models/access_grant_mixin.rb +5 -3
- data/lib/doorkeeper/models/access_token_mixin.rb +5 -3
- data/lib/doorkeeper/models/application_mixin.rb +2 -0
- data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +2 -0
- data/lib/doorkeeper/models/concerns/orderable.rb +2 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +2 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -0
- data/lib/doorkeeper/models/concerns/scopes.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/context.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +2 -0
- data/lib/doorkeeper/oauth/authorization_code_request.rb +2 -0
- data/lib/doorkeeper/oauth/base_request.rb +2 -0
- data/lib/doorkeeper/oauth/base_response.rb +2 -0
- data/lib/doorkeeper/oauth/client.rb +2 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +2 -0
- data/lib/doorkeeper/oauth/code_request.rb +2 -0
- data/lib/doorkeeper/oauth/code_response.rb +2 -0
- data/lib/doorkeeper/oauth/error.rb +2 -0
- data/lib/doorkeeper/oauth/error_response.rb +10 -0
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +9 -2
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -0
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -0
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +5 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +18 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +2 -0
- data/lib/doorkeeper/oauth/pre_authorization.rb +2 -0
- data/lib/doorkeeper/oauth/refresh_token_request.rb +10 -2
- data/lib/doorkeeper/oauth/scopes.rb +2 -0
- data/lib/doorkeeper/oauth/token.rb +2 -0
- data/lib/doorkeeper/oauth/token_introspection.rb +2 -0
- data/lib/doorkeeper/oauth/token_request.rb +2 -0
- data/lib/doorkeeper/oauth/token_response.rb +2 -0
- data/lib/doorkeeper/orm/active_record.rb +2 -0
- data/lib/doorkeeper/rails/helpers.rb +4 -0
- data/lib/doorkeeper/rails/routes.rb +9 -2
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -0
- data/lib/doorkeeper/rails/routes/mapping.rb +2 -0
- data/lib/doorkeeper/rake/db.rake +4 -4
- data/lib/doorkeeper/request.rb +2 -0
- data/lib/doorkeeper/request/authorization_code.rb +2 -0
- data/lib/doorkeeper/request/client_credentials.rb +2 -0
- data/lib/doorkeeper/request/code.rb +2 -0
- data/lib/doorkeeper/request/password.rb +2 -0
- data/lib/doorkeeper/request/refresh_token.rb +2 -0
- data/lib/doorkeeper/request/strategy.rb +2 -0
- data/lib/doorkeeper/request/token.rb +2 -0
- data/lib/doorkeeper/server.rb +2 -0
- data/lib/doorkeeper/stale_records_cleaner.rb +20 -0
- data/lib/doorkeeper/validations.rb +2 -0
- data/lib/doorkeeper/version.rb +3 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +20 -2
- data/lib/generators/doorkeeper/templates/migration.rb.erb +2 -2
- data/spec/controllers/applications_controller_spec.rb +37 -41
- data/spec/controllers/authorizations_controller_spec.rb +71 -18
- data/spec/controllers/protected_resources_controller_spec.rb +44 -2
- data/spec/controllers/tokens_controller_spec.rb +4 -5
- data/spec/dummy/Rakefile +1 -1
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +1 -1
- data/spec/dummy/app/controllers/home_controller.rb +1 -2
- data/spec/dummy/config.ru +1 -1
- data/spec/dummy/config/application.rb +1 -1
- data/spec/dummy/config/boot.rb +2 -4
- data/spec/dummy/config/environment.rb +1 -1
- data/spec/dummy/config/environments/test.rb +1 -1
- data/spec/dummy/config/initializers/doorkeeper.rb +2 -1
- data/spec/dummy/config/initializers/new_framework_defaults.rb +1 -3
- data/spec/dummy/config/initializers/secret_token.rb +1 -1
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +4 -4
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +1 -1
- data/spec/dummy/script/rails +4 -3
- data/spec/factories.rb +6 -6
- data/spec/generators/install_generator_spec.rb +4 -1
- data/spec/generators/templates/routes.rb +0 -1
- data/spec/generators/views_generator_spec.rb +1 -1
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/lib/config_spec.rb +25 -8
- data/spec/lib/doorkeeper_spec.rb +5 -5
- data/spec/lib/oauth/authorization_code_request_spec.rb +9 -6
- data/spec/lib/oauth/base_request_spec.rb +10 -10
- data/spec/lib/oauth/client/credentials_spec.rb +2 -2
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -2
- data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -1
- data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
- data/spec/lib/oauth/code_request_spec.rb +2 -2
- data/spec/lib/oauth/code_response_spec.rb +1 -1
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +8 -8
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +17 -6
- data/spec/lib/oauth/password_access_token_request_spec.rb +17 -5
- data/spec/lib/oauth/refresh_token_request_spec.rb +11 -7
- data/spec/lib/oauth/token_request_spec.rb +5 -5
- data/spec/lib/oauth/token_spec.rb +4 -1
- data/spec/lib/server_spec.rb +6 -6
- data/spec/lib/{orm/active_record/stale_records_cleaner_spec.rb → stale_records_cleaner_spec.rb} +14 -4
- data/spec/models/doorkeeper/access_token_spec.rb +14 -10
- data/spec/models/doorkeeper/application_spec.rb +4 -4
- data/spec/requests/applications/applications_request_spec.rb +2 -2
- data/spec/requests/endpoints/authorization_spec.rb +2 -2
- data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
- data/spec/requests/flows/authorization_code_spec.rb +75 -15
- data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
- data/spec/requests/flows/password_spec.rb +6 -2
- data/spec/requests/flows/refresh_token_spec.rb +57 -0
- data/spec/requests/flows/revoke_token_spec.rb +9 -9
- data/spec/requests/protected_resources/private_api_spec.rb +2 -2
- data/spec/support/doorkeeper_rspec.rb +2 -1
- data/spec/support/helpers/model_helper.rb +8 -4
- data/spec/support/helpers/url_helper.rb +11 -11
- data/spec/support/shared/controllers_shared_context.rb +56 -0
- data/spec/validators/redirect_uri_validator_spec.rb +2 -2
- metadata +20 -4
@@ -157,8 +157,7 @@ describe 'doorkeeper authorize filter' do
|
|
157
157
|
module ControllerActions
|
158
158
|
remove_method :doorkeeper_unauthorized_render_options
|
159
159
|
|
160
|
-
def doorkeeper_unauthorized_render_options(error: nil)
|
161
|
-
end
|
160
|
+
def doorkeeper_unauthorized_render_options(error: nil); end
|
162
161
|
end
|
163
162
|
end
|
164
163
|
|
@@ -306,4 +305,47 @@ describe 'doorkeeper authorize filter' do
|
|
306
305
|
end
|
307
306
|
end
|
308
307
|
end
|
308
|
+
|
309
|
+
context 'when handle_auth_errors option is set to :raise' do
|
310
|
+
subject { get :index, params: { access_token: token_string } }
|
311
|
+
|
312
|
+
before do
|
313
|
+
config_is_set(:handle_auth_errors, :raise)
|
314
|
+
end
|
315
|
+
|
316
|
+
controller do
|
317
|
+
before_action :doorkeeper_authorize!
|
318
|
+
include ControllerActions
|
319
|
+
end
|
320
|
+
|
321
|
+
context 'when token is unknown' do
|
322
|
+
it 'raises Doorkeeper::Errors::TokenUnknown exception', token: :invalid do
|
323
|
+
expect { subject }.to raise_error(Doorkeeper::Errors::TokenUnknown)
|
324
|
+
end
|
325
|
+
end
|
326
|
+
|
327
|
+
context 'when token is expired' do
|
328
|
+
it 'raises Doorkeeper::Errors::TokenExpired exception', token: :expired do
|
329
|
+
expect { subject }.to raise_error(Doorkeeper::Errors::TokenExpired)
|
330
|
+
end
|
331
|
+
end
|
332
|
+
|
333
|
+
context 'when token is revoked' do
|
334
|
+
it 'raises Doorkeeper::Errors::TokenRevoked exception', token: :revoked do
|
335
|
+
expect { subject }.to raise_error(Doorkeeper::Errors::TokenRevoked)
|
336
|
+
end
|
337
|
+
end
|
338
|
+
|
339
|
+
context 'when token is forbidden' do
|
340
|
+
it 'raises Doorkeeper::Errors::TokenForbidden exception', token: :forbidden do
|
341
|
+
expect { subject }.to raise_error(Doorkeeper::Errors::TokenForbidden)
|
342
|
+
end
|
343
|
+
end
|
344
|
+
|
345
|
+
context 'when token is valid' do
|
346
|
+
it 'allows into index action', token: :valid do
|
347
|
+
expect(response).to be_successful
|
348
|
+
end
|
349
|
+
end
|
350
|
+
end
|
309
351
|
end
|
@@ -4,7 +4,6 @@ describe Doorkeeper::TokensController do
|
|
4
4
|
describe 'when authorization has succeeded' do
|
5
5
|
let(:token) { double(:token, authorize: true) }
|
6
6
|
|
7
|
-
|
8
7
|
it 'returns the authorization' do
|
9
8
|
skip 'verify need of these specs'
|
10
9
|
|
@@ -30,12 +29,12 @@ describe Doorkeeper::TokensController do
|
|
30
29
|
it 'returns the error response with a custom message' do
|
31
30
|
# I18n looks for `doorkeeper.errors.messages.custom_message` in locale files
|
32
31
|
custom_message = "my_message"
|
33
|
-
allow(I18n).to receive(:translate)
|
34
|
-
with(
|
32
|
+
allow(I18n).to receive(:translate)
|
33
|
+
.with(
|
35
34
|
custom_message,
|
36
35
|
hash_including(scope: %i[doorkeeper errors messages])
|
37
|
-
)
|
38
|
-
and_return('Authorization custom message')
|
36
|
+
)
|
37
|
+
.and_return('Authorization custom message')
|
39
38
|
|
40
39
|
doorkeeper_error = Doorkeeper::Errors::DoorkeeperError.new(custom_message)
|
41
40
|
|
data/spec/dummy/Rakefile
CHANGED
@@ -2,6 +2,6 @@
|
|
2
2
|
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
3
|
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
4
|
|
5
|
-
require File.expand_path('
|
5
|
+
require File.expand_path('config/application', __dir__)
|
6
6
|
|
7
7
|
Dummy::Application.load_tasks
|
data/spec/dummy/config.ru
CHANGED
data/spec/dummy/config/boot.rb
CHANGED
@@ -2,8 +2,6 @@ require 'rubygems'
|
|
2
2
|
require 'bundler/setup'
|
3
3
|
|
4
4
|
orm = ENV['BUNDLE_GEMFILE'].match(/Gemfile\.(.+)\.rb/)
|
5
|
-
unless defined?(DOORKEEPER_ORM)
|
6
|
-
DOORKEEPER_ORM = (orm && orm[1]) || :active_record
|
7
|
-
end
|
5
|
+
DOORKEEPER_ORM = (orm && orm[1]) || :active_record unless defined?(DOORKEEPER_ORM)
|
8
6
|
|
9
|
-
$LOAD_PATH.unshift File.expand_path('
|
7
|
+
$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)
|
@@ -24,7 +24,7 @@ Dummy::Application.configure do
|
|
24
24
|
config.action_dispatch.show_exceptions = false
|
25
25
|
|
26
26
|
# Disable request forgery protection in test environment
|
27
|
-
config.action_controller.allow_forgery_protection
|
27
|
+
config.action_controller.allow_forgery_protection = false
|
28
28
|
|
29
29
|
# Tell Action Mailer not to deliver emails to the real world.
|
30
30
|
# The :test delivery method accumulates sent emails in the
|
@@ -64,7 +64,8 @@ Doorkeeper.configure do
|
|
64
64
|
# access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
|
65
65
|
|
66
66
|
# Change the native redirect uri for client apps
|
67
|
-
# When clients register with the following redirect uri, they won't be redirected to any server and
|
67
|
+
# When clients register with the following redirect uri, they won't be redirected to any server and
|
68
|
+
# the authorization code will be displayed within the provider
|
68
69
|
# The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
|
69
70
|
# (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
|
70
71
|
#
|
@@ -4,7 +4,5 @@
|
|
4
4
|
if Rails::VERSION::MAJOR >= 5
|
5
5
|
Rails.application.config.active_record.belongs_to_required_by_default = true
|
6
6
|
|
7
|
-
if Rails::VERSION::MINOR >= 2
|
8
|
-
Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
|
9
|
-
end
|
7
|
+
Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true if Rails::VERSION::MINOR >= 2
|
10
8
|
end
|
@@ -5,4 +5,4 @@
|
|
5
5
|
# Make sure the secret is at least 30 characters and all random,
|
6
6
|
# no regular words or you'll be exposed to dictionary attacks.
|
7
7
|
Dummy::Application.config.secret_key_base =
|
8
|
-
'
|
8
|
+
'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159'
|
@@ -28,7 +28,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
|
|
28
28
|
add_foreign_key(
|
29
29
|
:oauth_access_grants,
|
30
30
|
:oauth_applications,
|
31
|
-
column: :application_id
|
31
|
+
column: :application_id
|
32
32
|
)
|
33
33
|
|
34
34
|
create_table :oauth_access_tokens do |t|
|
@@ -41,12 +41,12 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
|
|
41
41
|
# https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
|
42
42
|
#
|
43
43
|
# t.text :token, null: false
|
44
|
-
t.string :token,
|
44
|
+
t.string :token, null: false
|
45
45
|
|
46
46
|
t.string :refresh_token
|
47
47
|
t.integer :expires_in
|
48
48
|
t.datetime :revoked_at
|
49
|
-
t.datetime :created_at,
|
49
|
+
t.datetime :created_at, null: false
|
50
50
|
t.string :scopes
|
51
51
|
end
|
52
52
|
|
@@ -56,7 +56,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
|
|
56
56
|
add_foreign_key(
|
57
57
|
:oauth_access_tokens,
|
58
58
|
:oauth_applications,
|
59
|
-
column: :application_id
|
59
|
+
column: :application_id
|
60
60
|
)
|
61
61
|
end
|
62
62
|
end
|
@@ -4,6 +4,6 @@ class AddOwnerToApplication < ActiveRecord::Migration[4.2]
|
|
4
4
|
def change
|
5
5
|
add_column :oauth_applications, :owner_id, :integer, null: true
|
6
6
|
add_column :oauth_applications, :owner_type, :string, null: true
|
7
|
-
add_index :oauth_applications, [
|
7
|
+
add_index :oauth_applications, %i[owner_id owner_type]
|
8
8
|
end
|
9
9
|
end
|
data/spec/dummy/script/rails
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
-
# This command will automatically be run when you run "rails" with Rails 3 gems
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems
|
3
|
+
# installed from the root of your application.
|
3
4
|
|
4
|
-
APP_PATH = File.expand_path('
|
5
|
-
require File.expand_path('
|
5
|
+
APP_PATH = File.expand_path('../config/application', __dir__)
|
6
|
+
require File.expand_path('../config/boot', __dir__)
|
6
7
|
require 'rails/commands'
|
data/spec/factories.rb
CHANGED
@@ -2,24 +2,24 @@ FactoryBot.define do
|
|
2
2
|
factory :access_grant, class: Doorkeeper::AccessGrant do
|
3
3
|
sequence(:resource_owner_id) { |n| n }
|
4
4
|
application
|
5
|
-
redirect_uri 'https://app.com/callback'
|
6
|
-
expires_in 100
|
7
|
-
scopes 'public write'
|
5
|
+
redirect_uri { 'https://app.com/callback' }
|
6
|
+
expires_in { 100 }
|
7
|
+
scopes { 'public write' }
|
8
8
|
end
|
9
9
|
|
10
10
|
factory :access_token, class: Doorkeeper::AccessToken do
|
11
11
|
sequence(:resource_owner_id) { |n| n }
|
12
12
|
application
|
13
|
-
expires_in 2.hours
|
13
|
+
expires_in { 2.hours }
|
14
14
|
|
15
15
|
factory :clientless_access_token do
|
16
|
-
application nil
|
16
|
+
application { nil }
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
20
|
factory :application, class: Doorkeeper::Application do
|
21
21
|
sequence(:name) { |n| "Application #{n}" }
|
22
|
-
redirect_uri 'https://app.com/callback'
|
22
|
+
redirect_uri { 'https://app.com/callback' }
|
23
23
|
end
|
24
24
|
|
25
25
|
# do not name this factory :user, otherwise it will conflict with factories
|
@@ -12,7 +12,10 @@ describe 'Doorkeeper::InstallGenerator' do
|
|
12
12
|
prepare_destination
|
13
13
|
FileUtils.mkdir(::File.expand_path('config', Pathname(destination_root)))
|
14
14
|
FileUtils.mkdir(::File.expand_path('db', Pathname(destination_root)))
|
15
|
-
FileUtils.copy_file(
|
15
|
+
FileUtils.copy_file(
|
16
|
+
::File.expand_path('../templates/routes.rb', __FILE__),
|
17
|
+
::File.expand_path('config/routes.rb', Pathname.new(destination_root))
|
18
|
+
)
|
16
19
|
run_generator
|
17
20
|
end
|
18
21
|
|
@@ -5,7 +5,7 @@ describe Doorkeeper::Generators::ViewsGenerator do
|
|
5
5
|
include GeneratorSpec::TestCase
|
6
6
|
|
7
7
|
tests Doorkeeper::Generators::ViewsGenerator
|
8
|
-
destination File.expand_path('
|
8
|
+
destination File.expand_path('tmp/dummy', __dir__)
|
9
9
|
|
10
10
|
before :each do
|
11
11
|
prepare_destination
|
@@ -68,7 +68,7 @@ describe 'Grape integration' do
|
|
68
68
|
def json_body
|
69
69
|
JSON.parse(last_response.body)
|
70
70
|
end
|
71
|
-
|
71
|
+
|
72
72
|
let(:client) { FactoryBot.create(:application) }
|
73
73
|
let(:resource) { FactoryBot.create(:doorkeeper_testing_user, name: 'Joe', password: 'sekret') }
|
74
74
|
let(:access_token) { client_is_authorized(client, resource) }
|
data/spec/lib/config_spec.rb
CHANGED
@@ -179,10 +179,10 @@ describe Doorkeeper, 'configuration' do
|
|
179
179
|
|
180
180
|
context "is enabled" do
|
181
181
|
before do
|
182
|
-
Doorkeeper.configure
|
182
|
+
Doorkeeper.configure do
|
183
183
|
orm DOORKEEPER_ORM
|
184
184
|
use_refresh_token
|
185
|
-
|
185
|
+
end
|
186
186
|
end
|
187
187
|
|
188
188
|
it "includes 'refresh_token' in authorization_response_types" do
|
@@ -208,7 +208,8 @@ describe Doorkeeper, 'configuration' do
|
|
208
208
|
|
209
209
|
describe 'client_credentials' do
|
210
210
|
it 'has defaults order' do
|
211
|
-
expect(subject.client_credentials_methods)
|
211
|
+
expect(subject.client_credentials_methods)
|
212
|
+
.to eq(%i[from_basic from_params])
|
212
213
|
end
|
213
214
|
|
214
215
|
it 'can change the value' do
|
@@ -217,7 +218,8 @@ describe Doorkeeper, 'configuration' do
|
|
217
218
|
client_credentials :from_digest, :from_params
|
218
219
|
end
|
219
220
|
|
220
|
-
expect(subject.client_credentials_methods)
|
221
|
+
expect(subject.client_credentials_methods)
|
222
|
+
.to eq(%i[from_digest from_params])
|
221
223
|
end
|
222
224
|
end
|
223
225
|
|
@@ -249,7 +251,8 @@ describe Doorkeeper, 'configuration' do
|
|
249
251
|
|
250
252
|
describe 'access_token_methods' do
|
251
253
|
it 'has defaults order' do
|
252
|
-
expect(subject.access_token_methods)
|
254
|
+
expect(subject.access_token_methods)
|
255
|
+
.to eq(%i[from_bearer_authorization from_access_token_param from_bearer_param])
|
253
256
|
end
|
254
257
|
|
255
258
|
it 'can change the value' do
|
@@ -258,7 +261,8 @@ describe Doorkeeper, 'configuration' do
|
|
258
261
|
access_token_methods :from_access_token_param, :from_bearer_param
|
259
262
|
end
|
260
263
|
|
261
|
-
expect(subject.access_token_methods)
|
264
|
+
expect(subject.access_token_methods)
|
265
|
+
.to eq(%i[from_access_token_param from_bearer_param])
|
262
266
|
end
|
263
267
|
end
|
264
268
|
|
@@ -336,8 +340,8 @@ describe Doorkeeper, 'configuration' do
|
|
336
340
|
|
337
341
|
describe "grant_flows" do
|
338
342
|
it "is set to all grant flows by default" do
|
339
|
-
expect(Doorkeeper.configuration.grant_flows)
|
340
|
-
to eq(%w[authorization_code client_credentials])
|
343
|
+
expect(Doorkeeper.configuration.grant_flows)
|
344
|
+
.to eq(%w[authorization_code client_credentials])
|
341
345
|
end
|
342
346
|
|
343
347
|
it "can change the value" do
|
@@ -508,4 +512,17 @@ describe Doorkeeper, 'configuration' do
|
|
508
512
|
expect(subject.enforce_content_type).to eq(true)
|
509
513
|
end
|
510
514
|
end
|
515
|
+
|
516
|
+
describe 'handle_auth_errors' do
|
517
|
+
it 'is set to render by default' do
|
518
|
+
expect(Doorkeeper.configuration.handle_auth_errors).to eq(:render)
|
519
|
+
end
|
520
|
+
it 'can change the value' do
|
521
|
+
Doorkeeper.configure do
|
522
|
+
orm DOORKEEPER_ORM
|
523
|
+
handle_auth_errors :raise
|
524
|
+
end
|
525
|
+
expect(subject.handle_auth_errors).to eq(:raise)
|
526
|
+
end
|
527
|
+
end
|
511
528
|
end
|
data/spec/lib/doorkeeper_spec.rb
CHANGED
@@ -7,17 +7,17 @@ describe Doorkeeper do
|
|
7
7
|
it "calls OAuth::Token#authenticate" do
|
8
8
|
token_strategies = Doorkeeper.configuration.access_token_methods
|
9
9
|
|
10
|
-
expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
|
11
|
-
with(request, *token_strategies)
|
10
|
+
expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
|
11
|
+
.with(request, *token_strategies)
|
12
12
|
|
13
13
|
Doorkeeper.authenticate(request)
|
14
14
|
end
|
15
15
|
|
16
16
|
it "accepts custom token strategies" do
|
17
|
-
token_strategies = [
|
17
|
+
token_strategies = %i[first_way second_way]
|
18
18
|
|
19
|
-
expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
|
20
|
-
with(request, *token_strategies)
|
19
|
+
expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
|
20
|
+
.with(request, *token_strategies)
|
21
21
|
|
22
22
|
Doorkeeper.authenticate(request, token_strategies)
|
23
23
|
end
|
@@ -25,7 +25,7 @@ module Doorkeeper::OAuth
|
|
25
25
|
subject.authorize
|
26
26
|
end.to change { client.reload.access_tokens.count }.by(1)
|
27
27
|
|
28
|
-
expect(client.reload.access_tokens.
|
28
|
+
expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
|
29
29
|
end
|
30
30
|
|
31
31
|
it "issues the token with same grant's scopes" do
|
@@ -34,7 +34,7 @@ module Doorkeeper::OAuth
|
|
34
34
|
end
|
35
35
|
|
36
36
|
it 'revokes the grant' do
|
37
|
-
expect { subject.authorize }.to
|
37
|
+
expect { subject.authorize }.to(change { grant.reload.accessible? })
|
38
38
|
end
|
39
39
|
|
40
40
|
it 'requires the grant to be accessible' do
|
@@ -83,14 +83,17 @@ module Doorkeeper::OAuth
|
|
83
83
|
end
|
84
84
|
|
85
85
|
FactoryBot.create(:access_token, application_id: client.id,
|
86
|
-
|
86
|
+
resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s)
|
87
87
|
|
88
|
-
expect { subject.authorize }.to_not
|
88
|
+
expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
|
89
89
|
end
|
90
90
|
|
91
91
|
it "calls configured request callback methods" do
|
92
|
-
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
93
|
-
|
92
|
+
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
93
|
+
.to receive(:call).with(subject).once
|
94
|
+
expect(Doorkeeper.configuration.after_successful_strategy_response)
|
95
|
+
.to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
|
96
|
+
|
94
97
|
subject.authorize
|
95
98
|
end
|
96
99
|
|
@@ -4,13 +4,13 @@ module Doorkeeper::OAuth
|
|
4
4
|
describe BaseRequest do
|
5
5
|
let(:access_token) do
|
6
6
|
double :access_token,
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
7
|
+
token: "some-token",
|
8
|
+
expires_in: "3600",
|
9
|
+
expires_in_seconds: "300",
|
10
|
+
scopes_string: "two scopes",
|
11
|
+
refresh_token: "some-refresh-token",
|
12
|
+
token_type: "bearer",
|
13
|
+
created_at: 0
|
14
14
|
end
|
15
15
|
|
16
16
|
let(:client) { double :client, id: '1' }
|
@@ -19,9 +19,9 @@ module Doorkeeper::OAuth
|
|
19
19
|
|
20
20
|
let(:server) do
|
21
21
|
double :server,
|
22
|
-
|
23
|
-
|
24
|
-
|
22
|
+
access_token_expires_in: 100,
|
23
|
+
custom_access_token_expires_in: ->(_context) { nil },
|
24
|
+
refresh_token_enabled?: false
|
25
25
|
end
|
26
26
|
|
27
27
|
subject do
|