doorkeeper 5.0.0 → 5.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/Dangerfile +57 -0
- data/NEWS.md +32 -1
- data/README.md +18 -3
- data/app/controllers/doorkeeper/application_controller.rb +2 -0
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -0
- data/app/controllers/doorkeeper/applications_controller.rb +4 -2
- data/app/controllers/doorkeeper/authorizations_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -0
- data/app/controllers/doorkeeper/token_info_controller.rb +2 -0
- data/app/controllers/doorkeeper/tokens_controller.rb +2 -0
- data/app/helpers/doorkeeper/dashboard_helper.rb +2 -0
- data/app/validators/redirect_uri_validator.rb +2 -0
- data/doorkeeper.gemspec +23 -22
- data/lib/doorkeeper.rb +1 -0
- data/lib/doorkeeper/config.rb +7 -2
- data/lib/doorkeeper/engine.rb +2 -0
- data/lib/doorkeeper/errors.rb +17 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +2 -0
- data/lib/doorkeeper/grape/helpers.rb +2 -0
- data/lib/doorkeeper/helpers/controller.rb +2 -0
- data/lib/doorkeeper/models/access_grant_mixin.rb +5 -3
- data/lib/doorkeeper/models/access_token_mixin.rb +5 -3
- data/lib/doorkeeper/models/application_mixin.rb +2 -0
- data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +2 -0
- data/lib/doorkeeper/models/concerns/orderable.rb +2 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +2 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -0
- data/lib/doorkeeper/models/concerns/scopes.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/context.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +2 -0
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +2 -0
- data/lib/doorkeeper/oauth/authorization_code_request.rb +2 -0
- data/lib/doorkeeper/oauth/base_request.rb +2 -0
- data/lib/doorkeeper/oauth/base_response.rb +2 -0
- data/lib/doorkeeper/oauth/client.rb +2 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +2 -0
- data/lib/doorkeeper/oauth/code_request.rb +2 -0
- data/lib/doorkeeper/oauth/code_response.rb +2 -0
- data/lib/doorkeeper/oauth/error.rb +2 -0
- data/lib/doorkeeper/oauth/error_response.rb +10 -0
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +9 -2
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -0
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -0
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +5 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +18 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +2 -0
- data/lib/doorkeeper/oauth/pre_authorization.rb +2 -0
- data/lib/doorkeeper/oauth/refresh_token_request.rb +10 -2
- data/lib/doorkeeper/oauth/scopes.rb +2 -0
- data/lib/doorkeeper/oauth/token.rb +2 -0
- data/lib/doorkeeper/oauth/token_introspection.rb +2 -0
- data/lib/doorkeeper/oauth/token_request.rb +2 -0
- data/lib/doorkeeper/oauth/token_response.rb +2 -0
- data/lib/doorkeeper/orm/active_record.rb +2 -0
- data/lib/doorkeeper/rails/helpers.rb +4 -0
- data/lib/doorkeeper/rails/routes.rb +9 -2
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -0
- data/lib/doorkeeper/rails/routes/mapping.rb +2 -0
- data/lib/doorkeeper/rake/db.rake +4 -4
- data/lib/doorkeeper/request.rb +2 -0
- data/lib/doorkeeper/request/authorization_code.rb +2 -0
- data/lib/doorkeeper/request/client_credentials.rb +2 -0
- data/lib/doorkeeper/request/code.rb +2 -0
- data/lib/doorkeeper/request/password.rb +2 -0
- data/lib/doorkeeper/request/refresh_token.rb +2 -0
- data/lib/doorkeeper/request/strategy.rb +2 -0
- data/lib/doorkeeper/request/token.rb +2 -0
- data/lib/doorkeeper/server.rb +2 -0
- data/lib/doorkeeper/stale_records_cleaner.rb +20 -0
- data/lib/doorkeeper/validations.rb +2 -0
- data/lib/doorkeeper/version.rb +3 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +20 -2
- data/lib/generators/doorkeeper/templates/migration.rb.erb +2 -2
- data/spec/controllers/applications_controller_spec.rb +37 -41
- data/spec/controllers/authorizations_controller_spec.rb +71 -18
- data/spec/controllers/protected_resources_controller_spec.rb +44 -2
- data/spec/controllers/tokens_controller_spec.rb +4 -5
- data/spec/dummy/Rakefile +1 -1
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +1 -1
- data/spec/dummy/app/controllers/home_controller.rb +1 -2
- data/spec/dummy/config.ru +1 -1
- data/spec/dummy/config/application.rb +1 -1
- data/spec/dummy/config/boot.rb +2 -4
- data/spec/dummy/config/environment.rb +1 -1
- data/spec/dummy/config/environments/test.rb +1 -1
- data/spec/dummy/config/initializers/doorkeeper.rb +2 -1
- data/spec/dummy/config/initializers/new_framework_defaults.rb +1 -3
- data/spec/dummy/config/initializers/secret_token.rb +1 -1
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +4 -4
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +1 -1
- data/spec/dummy/script/rails +4 -3
- data/spec/factories.rb +6 -6
- data/spec/generators/install_generator_spec.rb +4 -1
- data/spec/generators/templates/routes.rb +0 -1
- data/spec/generators/views_generator_spec.rb +1 -1
- data/spec/grape/grape_integration_spec.rb +1 -1
- data/spec/lib/config_spec.rb +25 -8
- data/spec/lib/doorkeeper_spec.rb +5 -5
- data/spec/lib/oauth/authorization_code_request_spec.rb +9 -6
- data/spec/lib/oauth/base_request_spec.rb +10 -10
- data/spec/lib/oauth/client/credentials_spec.rb +2 -2
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -2
- data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -1
- data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
- data/spec/lib/oauth/code_request_spec.rb +2 -2
- data/spec/lib/oauth/code_response_spec.rb +1 -1
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +8 -8
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +17 -6
- data/spec/lib/oauth/password_access_token_request_spec.rb +17 -5
- data/spec/lib/oauth/refresh_token_request_spec.rb +11 -7
- data/spec/lib/oauth/token_request_spec.rb +5 -5
- data/spec/lib/oauth/token_spec.rb +4 -1
- data/spec/lib/server_spec.rb +6 -6
- data/spec/lib/{orm/active_record/stale_records_cleaner_spec.rb → stale_records_cleaner_spec.rb} +14 -4
- data/spec/models/doorkeeper/access_token_spec.rb +14 -10
- data/spec/models/doorkeeper/application_spec.rb +4 -4
- data/spec/requests/applications/applications_request_spec.rb +2 -2
- data/spec/requests/endpoints/authorization_spec.rb +2 -2
- data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
- data/spec/requests/flows/authorization_code_spec.rb +75 -15
- data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
- data/spec/requests/flows/password_spec.rb +6 -2
- data/spec/requests/flows/refresh_token_spec.rb +57 -0
- data/spec/requests/flows/revoke_token_spec.rb +9 -9
- data/spec/requests/protected_resources/private_api_spec.rb +2 -2
- data/spec/support/doorkeeper_rspec.rb +2 -1
- data/spec/support/helpers/model_helper.rb +8 -4
- data/spec/support/helpers/url_helper.rb +11 -11
- data/spec/support/shared/controllers_shared_context.rb +56 -0
- data/spec/validators/redirect_uri_validator_spec.rb +2 -2
- metadata +20 -4
|
@@ -16,7 +16,7 @@ class Doorkeeper::OAuth::Client
|
|
|
16
16
|
let(:request) { double.as_null_object }
|
|
17
17
|
|
|
18
18
|
let(:method) do
|
|
19
|
-
->(_request) { [
|
|
19
|
+
->(_request) { %w[uid secret] }
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
it 'accepts anything that responds to #call' do
|
|
@@ -77,7 +77,7 @@ class Doorkeeper::OAuth::Client
|
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
it 'is blank if Authorization is not Basic' do
|
|
80
|
-
request = double authorization:
|
|
80
|
+
request = double authorization: credentials.to_s
|
|
81
81
|
uid, secret = Credentials.from_basic(request)
|
|
82
82
|
|
|
83
83
|
expect(uid).to be_blank
|
|
@@ -23,7 +23,8 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
|
23
23
|
server_scopes = Doorkeeper::OAuth::Scopes.from_string 'email'
|
|
24
24
|
allow(server).to receive(:scopes).and_return(server_scopes)
|
|
25
25
|
allow(request).to receive(:scopes).and_return(
|
|
26
|
-
Doorkeeper::OAuth::Scopes.from_string
|
|
26
|
+
Doorkeeper::OAuth::Scopes.from_string('invalid')
|
|
27
|
+
)
|
|
27
28
|
expect(subject).not_to be_valid
|
|
28
29
|
end
|
|
29
30
|
|
|
@@ -12,7 +12,7 @@ module Doorkeeper::OAuth
|
|
|
12
12
|
error: nil,
|
|
13
13
|
authorizable?: true,
|
|
14
14
|
code_challenge: nil,
|
|
15
|
-
code_challenge_method: nil
|
|
15
|
+
code_challenge_method: nil
|
|
16
16
|
)
|
|
17
17
|
end
|
|
18
18
|
|
|
@@ -34,7 +34,7 @@ module Doorkeeper::OAuth
|
|
|
34
34
|
|
|
35
35
|
it 'does not create grant when not authorizable' do
|
|
36
36
|
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
|
37
|
-
expect { subject.authorize }.not_to
|
|
37
|
+
expect { subject.authorize }.not_to(change { Doorkeeper::AccessGrant.count })
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
it 'returns a error response' do
|
|
@@ -43,18 +43,18 @@ module Doorkeeper::OAuth::Helpers
|
|
|
43
43
|
|
|
44
44
|
it 'is valid if scope is included in the application scope list' do
|
|
45
45
|
expect(ScopeChecker.valid?(
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
46
|
+
'app123',
|
|
47
|
+
server_scopes,
|
|
48
|
+
application_scopes
|
|
49
|
+
)).to be_truthy
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
it 'is invalid if any scope is not included in the application' do
|
|
53
53
|
expect(ScopeChecker.valid?(
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
54
|
+
'svr',
|
|
55
|
+
server_scopes,
|
|
56
|
+
application_scopes
|
|
57
|
+
)).to be_falsey
|
|
58
58
|
end
|
|
59
59
|
end
|
|
60
60
|
end
|
|
@@ -116,6 +116,22 @@ module Doorkeeper::OAuth::Helpers
|
|
|
116
116
|
it 'is true if valid and matches' do
|
|
117
117
|
uri = client_uri = 'http://app.co/aaa'
|
|
118
118
|
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
119
|
+
|
|
120
|
+
uri = client_uri = 'http://app.co/aaa?b=c'
|
|
121
|
+
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
it 'is true if uri includes blank query' do
|
|
125
|
+
uri = client_uri = 'http://app.co/aaa?'
|
|
126
|
+
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
127
|
+
|
|
128
|
+
uri = 'http://app.co/aaa?'
|
|
129
|
+
client_uri = 'http://app.co/aaa'
|
|
130
|
+
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
131
|
+
|
|
132
|
+
uri = 'http://app.co/aaa'
|
|
133
|
+
client_uri = 'http://app.co/aaa?'
|
|
134
|
+
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
119
135
|
end
|
|
120
136
|
|
|
121
137
|
it 'is false if valid and mismatches' do
|
|
@@ -136,12 +152,7 @@ module Doorkeeper::OAuth::Helpers
|
|
|
136
152
|
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
|
|
137
153
|
end
|
|
138
154
|
|
|
139
|
-
it 'is
|
|
140
|
-
uri = client_uri = 'http://app.co/aaa'
|
|
141
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be true
|
|
142
|
-
end
|
|
143
|
-
|
|
144
|
-
it 'is false if invalid' do
|
|
155
|
+
it 'is false if queries does not match' do
|
|
145
156
|
uri = 'http://app.co/aaa?pankcakes=abc'
|
|
146
157
|
client_uri = 'http://app.co/aaa?waffles=abc'
|
|
147
158
|
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false
|
|
@@ -24,7 +24,8 @@ module Doorkeeper::OAuth
|
|
|
24
24
|
expect do
|
|
25
25
|
subject.authorize
|
|
26
26
|
end.to change { client.reload.access_tokens.count }.by(1)
|
|
27
|
-
|
|
27
|
+
|
|
28
|
+
expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
|
|
28
29
|
end
|
|
29
30
|
|
|
30
31
|
it 'issues a new token without a client' do
|
|
@@ -39,7 +40,7 @@ module Doorkeeper::OAuth
|
|
|
39
40
|
subject.client = nil
|
|
40
41
|
subject.parameters = { client_id: 'bad_id' }
|
|
41
42
|
subject.authorize
|
|
42
|
-
end.
|
|
43
|
+
end.not_to(change { Doorkeeper::AccessToken.count })
|
|
43
44
|
|
|
44
45
|
expect(subject.error).to eq(:invalid_client)
|
|
45
46
|
end
|
|
@@ -57,6 +58,7 @@ module Doorkeeper::OAuth
|
|
|
57
58
|
|
|
58
59
|
it 'creates token even when there is already one (default)' do
|
|
59
60
|
FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
|
|
61
|
+
|
|
60
62
|
expect do
|
|
61
63
|
subject.authorize
|
|
62
64
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
|
@@ -65,14 +67,19 @@ module Doorkeeper::OAuth
|
|
|
65
67
|
it 'skips token creation if there is already one' do
|
|
66
68
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
|
67
69
|
FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
|
|
70
|
+
|
|
68
71
|
expect do
|
|
69
72
|
subject.authorize
|
|
70
|
-
end.
|
|
73
|
+
end.not_to(change { Doorkeeper::AccessToken.count })
|
|
71
74
|
end
|
|
72
75
|
|
|
73
76
|
it "calls configured request callback methods" do
|
|
74
|
-
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
|
75
|
-
|
|
77
|
+
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
|
78
|
+
.to receive(:call).with(subject).once
|
|
79
|
+
|
|
80
|
+
expect(Doorkeeper.configuration.after_successful_strategy_response)
|
|
81
|
+
.to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
|
|
82
|
+
|
|
76
83
|
subject.authorize
|
|
77
84
|
end
|
|
78
85
|
|
|
@@ -92,6 +99,7 @@ module Doorkeeper::OAuth
|
|
|
92
99
|
expect do
|
|
93
100
|
subject.authorize
|
|
94
101
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
|
102
|
+
|
|
95
103
|
expect(Doorkeeper::AccessToken.last.scopes).to include('public')
|
|
96
104
|
end
|
|
97
105
|
end
|
|
@@ -112,18 +120,22 @@ module Doorkeeper::OAuth
|
|
|
112
120
|
it 'checks scopes' do
|
|
113
121
|
subject = PasswordAccessTokenRequest.new(server, client, owner, scope: 'public')
|
|
114
122
|
allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public'))
|
|
123
|
+
|
|
115
124
|
expect do
|
|
116
125
|
subject.authorize
|
|
117
126
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
|
127
|
+
|
|
118
128
|
expect(Doorkeeper::AccessToken.last.expires_in).to eq(222)
|
|
119
129
|
end
|
|
120
130
|
|
|
121
131
|
it 'falls back to the default otherwise' do
|
|
122
132
|
subject = PasswordAccessTokenRequest.new(server, client, owner, scope: 'private')
|
|
123
133
|
allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('private'))
|
|
134
|
+
|
|
124
135
|
expect do
|
|
125
136
|
subject.authorize
|
|
126
137
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
|
138
|
+
|
|
127
139
|
expect(Doorkeeper::AccessToken.last.expires_in).to eq(2.hours)
|
|
128
140
|
end
|
|
129
141
|
end
|
|
@@ -24,7 +24,7 @@ module Doorkeeper::OAuth
|
|
|
24
24
|
it 'issues a new token for the client' do
|
|
25
25
|
expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
|
|
26
26
|
# #sort_by used for MongoDB ORM extensions for valid ordering
|
|
27
|
-
expect(client.reload.access_tokens.
|
|
27
|
+
expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(120)
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
it 'issues a new token for the client with custom expires_in' do
|
|
@@ -39,7 +39,7 @@ module Doorkeeper::OAuth
|
|
|
39
39
|
RefreshTokenRequest.new(server, refresh_token, credentials).authorize
|
|
40
40
|
|
|
41
41
|
# #sort_by used for MongoDB ORM extensions for valid ordering
|
|
42
|
-
expect(client.reload.access_tokens.
|
|
42
|
+
expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
it 'revokes the previous token' do
|
|
@@ -47,8 +47,12 @@ module Doorkeeper::OAuth
|
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
it "calls configured request callback methods" do
|
|
50
|
-
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
|
51
|
-
|
|
50
|
+
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
|
51
|
+
.to receive(:call).with(subject).once
|
|
52
|
+
|
|
53
|
+
expect(Doorkeeper.configuration.after_successful_strategy_response)
|
|
54
|
+
.to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
|
|
55
|
+
|
|
52
56
|
subject.authorize
|
|
53
57
|
end
|
|
54
58
|
|
|
@@ -109,7 +113,7 @@ module Doorkeeper::OAuth
|
|
|
109
113
|
subject.authorize
|
|
110
114
|
expect(
|
|
111
115
|
# #sort_by used for MongoDB ORM extensions for valid ordering
|
|
112
|
-
client.access_tokens.
|
|
116
|
+
client.access_tokens.max_by(&:created_at).previous_refresh_token
|
|
113
117
|
).to eq(refresh_token.refresh_token)
|
|
114
118
|
end
|
|
115
119
|
end
|
|
@@ -127,8 +131,8 @@ module Doorkeeper::OAuth
|
|
|
127
131
|
context 'with scopes' do
|
|
128
132
|
let(:refresh_token) do
|
|
129
133
|
FactoryBot.create :access_token,
|
|
130
|
-
|
|
131
|
-
|
|
134
|
+
use_refresh_token: true,
|
|
135
|
+
scopes: 'public write'
|
|
132
136
|
end
|
|
133
137
|
let(:parameters) { {} }
|
|
134
138
|
subject { RefreshTokenRequest.new server, refresh_token, credentials, parameters }
|
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
|
3
3
|
module Doorkeeper::OAuth
|
|
4
4
|
describe TokenRequest do
|
|
5
5
|
let :application do
|
|
6
|
-
FactoryBot.create(:application, scopes:
|
|
6
|
+
FactoryBot.create(:application, scopes: 'public')
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
let :pre_auth do
|
|
@@ -38,7 +38,7 @@ module Doorkeeper::OAuth
|
|
|
38
38
|
|
|
39
39
|
it 'does not create token when not authorizable' do
|
|
40
40
|
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
|
41
|
-
expect { subject.authorize }.not_to
|
|
41
|
+
expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
it 'returns a error response' do
|
|
@@ -74,7 +74,7 @@ module Doorkeeper::OAuth
|
|
|
74
74
|
it 'creates a new token if scopes do not match' do
|
|
75
75
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
|
76
76
|
FactoryBot.create(:access_token, application_id: pre_auth.client.id,
|
|
77
|
-
|
|
77
|
+
resource_owner_id: owner.id, scopes: '')
|
|
78
78
|
expect do
|
|
79
79
|
subject.authorize
|
|
80
80
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
|
@@ -86,9 +86,9 @@ module Doorkeeper::OAuth
|
|
|
86
86
|
allow(application.scopes).to receive(:all?).and_return(true)
|
|
87
87
|
|
|
88
88
|
FactoryBot.create(:access_token, application_id: pre_auth.client.id,
|
|
89
|
-
|
|
89
|
+
resource_owner_id: owner.id, scopes: 'public')
|
|
90
90
|
|
|
91
|
-
expect { subject.authorize }.not_to
|
|
91
|
+
expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
|
|
92
92
|
end
|
|
93
93
|
end
|
|
94
94
|
end
|
|
@@ -115,7 +115,10 @@ module Doorkeeper
|
|
|
115
115
|
|
|
116
116
|
context 'refresh tokens are enabled' do
|
|
117
117
|
before do
|
|
118
|
-
Doorkeeper.configure
|
|
118
|
+
Doorkeeper.configure do
|
|
119
|
+
orm DOORKEEPER_ORM
|
|
120
|
+
use_refresh_token
|
|
121
|
+
end
|
|
119
122
|
end
|
|
120
123
|
|
|
121
124
|
it 'revokes previous refresh_token if token was found' do
|
data/spec/lib/server_spec.rb
CHANGED
|
@@ -22,9 +22,9 @@ describe Doorkeeper::Server do
|
|
|
22
22
|
|
|
23
23
|
context 'when only Authorization Code strategy is enabled' do
|
|
24
24
|
before do
|
|
25
|
-
allow(Doorkeeper.configuration)
|
|
26
|
-
to receive(:grant_flows)
|
|
27
|
-
and_return(['authorization_code'])
|
|
25
|
+
allow(Doorkeeper.configuration)
|
|
26
|
+
.to receive(:grant_flows)
|
|
27
|
+
.and_return(['authorization_code'])
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
it 'raises error when using the disabled Implicit strategy' do
|
|
@@ -47,9 +47,9 @@ describe Doorkeeper::Server do
|
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
it 'builds the request with composite strategy name' do
|
|
50
|
-
allow(Doorkeeper.configuration)
|
|
51
|
-
to receive(:authorization_response_types)
|
|
52
|
-
and_return(['id_token token'])
|
|
50
|
+
allow(Doorkeeper.configuration)
|
|
51
|
+
.to receive(:authorization_response_types)
|
|
52
|
+
.and_return(['id_token token'])
|
|
53
53
|
|
|
54
54
|
stub_const 'Doorkeeper::Request::IdTokenToken', fake_class
|
|
55
55
|
expect(fake_class).to receive(:new).with(subject)
|
data/spec/lib/{orm/active_record/stale_records_cleaner_spec.rb → stale_records_cleaner_spec.rb}
RENAMED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
require 'spec_helper'
|
|
4
4
|
|
|
5
|
-
describe Doorkeeper::
|
|
5
|
+
describe Doorkeeper::StaleRecordsCleaner do
|
|
6
6
|
let(:cleaner) { described_class.new(model) }
|
|
7
7
|
let(:models_by_name) do
|
|
8
8
|
{
|
|
@@ -11,6 +11,16 @@ describe Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner do
|
|
|
11
11
|
}
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
+
context 'when ORM has no cleaner class' do
|
|
15
|
+
it 'raises an error' do
|
|
16
|
+
allow_any_instance_of(Doorkeeper::Config).to receive(:orm).and_return('hibernate')
|
|
17
|
+
|
|
18
|
+
expect do
|
|
19
|
+
described_class.for(Doorkeeper::AccessToken)
|
|
20
|
+
end.to raise_error(Doorkeeper::Errors::NoOrmCleaner, /has no cleaner/)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
14
24
|
%i[access_token access_grant].each do |model_name|
|
|
15
25
|
context "(#{model_name})" do
|
|
16
26
|
let(:model) { models_by_name.fetch(model_name) }
|
|
@@ -34,7 +44,7 @@ describe Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner do
|
|
|
34
44
|
end
|
|
35
45
|
|
|
36
46
|
it 'keeps the record' do
|
|
37
|
-
expect { subject }.not_to
|
|
47
|
+
expect { subject }.not_to(change { model.count })
|
|
38
48
|
end
|
|
39
49
|
end
|
|
40
50
|
|
|
@@ -44,7 +54,7 @@ describe Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner do
|
|
|
44
54
|
end
|
|
45
55
|
|
|
46
56
|
it 'keeps the record' do
|
|
47
|
-
expect { subject }.not_to
|
|
57
|
+
expect { subject }.not_to(change { model.count })
|
|
48
58
|
end
|
|
49
59
|
end
|
|
50
60
|
end
|
|
@@ -70,7 +80,7 @@ describe Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner do
|
|
|
70
80
|
end
|
|
71
81
|
|
|
72
82
|
it 'keeps the record' do
|
|
73
|
-
expect { subject }.not_to
|
|
83
|
+
expect { subject }.not_to(change { model.count })
|
|
74
84
|
end
|
|
75
85
|
end
|
|
76
86
|
end
|
|
@@ -13,8 +13,7 @@ module Doorkeeper
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
module CustomGeneratorArgs
|
|
16
|
-
def self.generate
|
|
17
|
-
end
|
|
16
|
+
def self.generate; end
|
|
18
17
|
end
|
|
19
18
|
|
|
20
19
|
describe :generate_token do
|
|
@@ -42,7 +41,7 @@ module Doorkeeper
|
|
|
42
41
|
end
|
|
43
42
|
|
|
44
43
|
token = FactoryBot.create :access_token
|
|
45
|
-
expect(token.token).to match(
|
|
44
|
+
expect(token.token).to match(/custom_generator_token_\d+/)
|
|
46
45
|
end
|
|
47
46
|
|
|
48
47
|
it 'allows the custom generator to access the application details' do
|
|
@@ -62,7 +61,7 @@ module Doorkeeper
|
|
|
62
61
|
end
|
|
63
62
|
|
|
64
63
|
token = FactoryBot.create :access_token
|
|
65
|
-
expect(token.token).to match(
|
|
64
|
+
expect(token.token).to match(/custom_generator_token_Application \d+/)
|
|
66
65
|
end
|
|
67
66
|
|
|
68
67
|
it 'allows the custom generator to access the scopes' do
|
|
@@ -214,9 +213,7 @@ module Doorkeeper
|
|
|
214
213
|
end
|
|
215
214
|
|
|
216
215
|
describe '#same_credential?' do
|
|
217
|
-
|
|
218
216
|
context 'with default parameters' do
|
|
219
|
-
|
|
220
217
|
let(:resource_owner_id) { 100 }
|
|
221
218
|
let(:application) { FactoryBot.create :application }
|
|
222
219
|
let(:default_attributes) do
|
|
@@ -233,7 +230,11 @@ module Doorkeeper
|
|
|
233
230
|
|
|
234
231
|
context 'the second token has same owner and different app' do
|
|
235
232
|
let(:other_application) { FactoryBot.create :application }
|
|
236
|
-
let(:access_token2)
|
|
233
|
+
let(:access_token2) do
|
|
234
|
+
FactoryBot.create :access_token,
|
|
235
|
+
application: other_application,
|
|
236
|
+
resource_owner_id: resource_owner_id
|
|
237
|
+
end
|
|
237
238
|
|
|
238
239
|
it 'fail' do
|
|
239
240
|
expect(access_token1.same_credential?(access_token2)).to be_falsey
|
|
@@ -241,9 +242,10 @@ module Doorkeeper
|
|
|
241
242
|
end
|
|
242
243
|
|
|
243
244
|
context 'the second token has different owner and different app' do
|
|
244
|
-
|
|
245
245
|
let(:other_application) { FactoryBot.create :application }
|
|
246
|
-
let(:access_token2)
|
|
246
|
+
let(:access_token2) do
|
|
247
|
+
FactoryBot.create :access_token, application: other_application, resource_owner_id: 42
|
|
248
|
+
end
|
|
247
249
|
|
|
248
250
|
it 'fail' do
|
|
249
251
|
expect(access_token1.same_credential?(access_token2)).to be_falsey
|
|
@@ -251,7 +253,9 @@ module Doorkeeper
|
|
|
251
253
|
end
|
|
252
254
|
|
|
253
255
|
context 'the second token has different owner and same app' do
|
|
254
|
-
let(:access_token2)
|
|
256
|
+
let(:access_token2) do
|
|
257
|
+
FactoryBot.create :access_token, application: application, resource_owner_id: 42
|
|
258
|
+
end
|
|
255
259
|
|
|
256
260
|
it 'fail' do
|
|
257
261
|
expect(access_token1.same_credential?(access_token2)).to be_falsey
|