doorkeeper 5.1.0.rc2 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.hound.yml +2 -1
- data/.rubocop.yml +37 -4
- data/.travis.yml +4 -27
- data/Appraisals +8 -12
- data/Gemfile +6 -2
- data/NEWS.md +16 -0
- data/README.md +11 -2
- data/Rakefile +10 -8
- data/app/controllers/doorkeeper/application_controller.rb +1 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
- data/app/controllers/doorkeeper/applications_controller.rb +17 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/validators/redirect_uri_validator.rb +5 -2
- data/app/views/doorkeeper/applications/_form.html.erb +6 -0
- data/bin/console +5 -4
- data/config/locales/en.yml +1 -0
- data/doorkeeper.gemspec +24 -22
- data/gemfiles/rails_5_0.gemfile +2 -1
- data/gemfiles/rails_5_1.gemfile +2 -1
- data/gemfiles/rails_5_2.gemfile +2 -1
- data/gemfiles/rails_6_0.gemfile +1 -0
- data/gemfiles/rails_master.gemfile +1 -0
- data/lib/doorkeeper.rb +68 -66
- data/lib/doorkeeper/config.rb +53 -90
- data/lib/doorkeeper/config/option.rb +64 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
- data/lib/doorkeeper/grape/helpers.rb +3 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
- data/lib/doorkeeper/models/application_mixin.rb +1 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
- data/lib/doorkeeper/oauth.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/scopes.rb +5 -3
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
- data/lib/doorkeeper/oauth/token_response.rb +9 -9
- data/lib/doorkeeper/orm/active_record.rb +6 -6
- data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
- data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
- data/lib/doorkeeper/orm/active_record/application.rb +6 -5
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
- data/lib/doorkeeper/rails/helpers.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +11 -11
- data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
- data/lib/doorkeeper/rake.rb +1 -1
- data/lib/doorkeeper/rake/db.rake +13 -13
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/secret_storing/base.rb +7 -6
- data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
- data/lib/doorkeeper/secret_storing/plain.rb +4 -4
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
- data/lib/generators/doorkeeper/install_generator.rb +11 -9
- data/lib/generators/doorkeeper/migration_generator.rb +9 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
- data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
- data/lib/generators/doorkeeper/views_generator.rb +6 -4
- data/spec/controllers/application_metal_controller_spec.rb +10 -10
- data/spec/controllers/applications_controller_spec.rb +54 -52
- data/spec/controllers/authorizations_controller_spec.rb +136 -142
- data/spec/controllers/protected_resources_controller_spec.rb +78 -76
- data/spec/controllers/token_info_controller_spec.rb +13 -11
- data/spec/controllers/tokens_controller_spec.rb +109 -94
- data/spec/dummy/Rakefile +3 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/controllers/home_controller.rb +5 -3
- data/spec/dummy/app/controllers/metal_controller.rb +2 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +2 -0
- data/spec/dummy/config.ru +3 -1
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/environments/development.rb +2 -0
- data/spec/dummy/config/environments/production.rb +2 -0
- data/spec/dummy/config/environments/test.rb +3 -1
- data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
- data/spec/dummy/config/initializers/secret_token.rb +3 -1
- data/spec/dummy/config/initializers/session_store.rb +3 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
- data/spec/dummy/db/schema.rb +1 -1
- data/spec/dummy/script/rails +5 -3
- data/spec/factories.rb +5 -3
- data/spec/generators/application_owner_generator_spec.rb +13 -26
- data/spec/generators/confidential_applications_generator_spec.rb +12 -28
- data/spec/generators/install_generator_spec.rb +17 -15
- data/spec/generators/migration_generator_spec.rb +13 -26
- data/spec/generators/pkce_generator_spec.rb +11 -26
- data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
- data/spec/generators/templates/routes.rb +2 -0
- data/spec/generators/views_generator_spec.rb +14 -12
- data/spec/grape/grape_integration_spec.rb +34 -32
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
- data/spec/lib/config_spec.rb +137 -136
- data/spec/lib/doorkeeper_spec.rb +3 -1
- data/spec/lib/models/expirable_spec.rb +12 -10
- data/spec/lib/models/reusable_spec.rb +6 -6
- data/spec/lib/models/revocable_spec.rb +8 -6
- data/spec/lib/models/scopes_spec.rb +19 -17
- data/spec/lib/models/secret_storable_spec.rb +71 -49
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
- data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
- data/spec/lib/oauth/base_request_spec.rb +20 -8
- data/spec/lib/oauth/base_response_spec.rb +3 -1
- data/spec/lib/oauth/client/credentials_spec.rb +24 -22
- data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
- data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
- data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
- data/spec/lib/oauth/client_spec.rb +15 -13
- data/spec/lib/oauth/code_request_spec.rb +8 -6
- data/spec/lib/oauth/code_response_spec.rb +9 -7
- data/spec/lib/oauth/error_response_spec.rb +14 -12
- data/spec/lib/oauth/error_spec.rb +4 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
- data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
- data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
- data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
- data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
- data/spec/lib/oauth/scopes_spec.rb +63 -61
- data/spec/lib/oauth/token_request_spec.rb +66 -26
- data/spec/lib/oauth/token_response_spec.rb +39 -37
- data/spec/lib/oauth/token_spec.rb +51 -49
- data/spec/lib/request/strategy_spec.rb +3 -1
- data/spec/lib/secret_storing/base_spec.rb +23 -23
- data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
- data/spec/lib/secret_storing/plain_spec.rb +17 -17
- data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
- data/spec/lib/server_spec.rb +16 -14
- data/spec/lib/stale_records_cleaner_spec.rb +17 -17
- data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
- data/spec/models/doorkeeper/access_token_spec.rb +97 -95
- data/spec/models/doorkeeper/application_spec.rb +98 -57
- data/spec/requests/applications/applications_request_spec.rb +98 -66
- data/spec/requests/applications/authorized_applications_spec.rb +20 -18
- data/spec/requests/endpoints/authorization_spec.rb +25 -23
- data/spec/requests/endpoints/token_spec.rb +38 -36
- data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
- data/spec/requests/flows/authorization_code_spec.rb +161 -159
- data/spec/requests/flows/client_credentials_spec.rb +53 -51
- data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
- data/spec/requests/flows/implicit_grant_spec.rb +27 -25
- data/spec/requests/flows/password_spec.rb +56 -54
- data/spec/requests/flows/refresh_token_spec.rb +45 -43
- data/spec/requests/flows/revoke_token_spec.rb +29 -27
- data/spec/requests/flows/skip_authorization_spec.rb +23 -21
- data/spec/requests/protected_resources/metal_spec.rb +7 -5
- data/spec/requests/protected_resources/private_api_spec.rb +35 -33
- data/spec/routing/custom_controller_routes_spec.rb +67 -65
- data/spec/routing/default_routes_spec.rb +22 -20
- data/spec/routing/scoped_routes_spec.rb +20 -18
- data/spec/spec_helper.rb +14 -13
- data/spec/spec_helper_integration.rb +3 -1
- data/spec/support/dependencies/factory_bot.rb +3 -1
- data/spec/support/doorkeeper_rspec.rb +3 -1
- data/spec/support/helpers/access_token_request_helper.rb +3 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -2
- data/spec/support/helpers/config_helper.rb +2 -0
- data/spec/support/helpers/model_helper.rb +3 -1
- data/spec/support/helpers/request_spec_helper.rb +5 -3
- data/spec/support/helpers/url_helper.rb +9 -7
- data/spec/support/http_method_shim.rb +4 -9
- data/spec/support/orm/active_record.rb +3 -1
- data/spec/support/shared/controllers_shared_context.rb +18 -16
- data/spec/support/shared/hashing_shared_context.rb +3 -3
- data/spec/support/shared/models_shared_examples.rb +12 -10
- data/spec/validators/redirect_uri_validator_spec.rb +74 -45
- data/spec/version/version_spec.rb +7 -5
- metadata +12 -16
- data/gemfiles/rails_4_2.gemfile +0 -17
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
- data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe AuthorizationCodeRequest do
|
@@ -16,11 +18,15 @@ module Doorkeeper::OAuth
|
|
16
18
|
let(:redirect_uri) { client.redirect_uri }
|
17
19
|
let(:params) { { redirect_uri: redirect_uri } }
|
18
20
|
|
21
|
+
before do
|
22
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
23
|
+
end
|
24
|
+
|
19
25
|
subject do
|
20
26
|
AuthorizationCodeRequest.new server, grant, client, params
|
21
27
|
end
|
22
28
|
|
23
|
-
it
|
29
|
+
it "issues a new token for the client" do
|
24
30
|
expect do
|
25
31
|
subject.authorize
|
26
32
|
end.to change { client.reload.access_tokens.count }.by(1)
|
@@ -33,36 +39,36 @@ module Doorkeeper::OAuth
|
|
33
39
|
expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
|
34
40
|
end
|
35
41
|
|
36
|
-
it
|
42
|
+
it "revokes the grant" do
|
37
43
|
expect { subject.authorize }.to(change { grant.reload.accessible? })
|
38
44
|
end
|
39
45
|
|
40
|
-
it
|
46
|
+
it "requires the grant to be accessible" do
|
41
47
|
grant.revoke
|
42
48
|
subject.validate
|
43
49
|
expect(subject.error).to eq(:invalid_grant)
|
44
50
|
end
|
45
51
|
|
46
|
-
it
|
52
|
+
it "requires the grant" do
|
47
53
|
subject.grant = nil
|
48
54
|
subject.validate
|
49
55
|
expect(subject.error).to eq(:invalid_grant)
|
50
56
|
end
|
51
57
|
|
52
|
-
it
|
58
|
+
it "requires the client" do
|
53
59
|
subject.client = nil
|
54
60
|
subject.validate
|
55
61
|
expect(subject.error).to eq(:invalid_client)
|
56
62
|
end
|
57
63
|
|
58
|
-
it
|
64
|
+
it "requires the redirect_uri" do
|
59
65
|
subject.redirect_uri = nil
|
60
66
|
subject.validate
|
61
67
|
expect(subject.error).to eq(:invalid_request)
|
62
68
|
end
|
63
69
|
|
64
70
|
it "matches the redirect_uri with grant's one" do
|
65
|
-
subject.redirect_uri =
|
71
|
+
subject.redirect_uri = "http://other.com"
|
66
72
|
subject.validate
|
67
73
|
expect(subject.error).to eq(:invalid_grant)
|
68
74
|
end
|
@@ -73,7 +79,7 @@ module Doorkeeper::OAuth
|
|
73
79
|
expect(subject.error).to eq(:invalid_grant)
|
74
80
|
end
|
75
81
|
|
76
|
-
it
|
82
|
+
it "skips token creation if there is a matching one reusable" do
|
77
83
|
scopes = grant.scopes
|
78
84
|
|
79
85
|
Doorkeeper.configure do
|
@@ -88,7 +94,7 @@ module Doorkeeper::OAuth
|
|
88
94
|
expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
|
89
95
|
end
|
90
96
|
|
91
|
-
it
|
97
|
+
it "creates token if there is a matching one but non reusable" do
|
92
98
|
scopes = grant.scopes
|
93
99
|
|
94
100
|
Doorkeeper.configure do
|
@@ -124,7 +130,7 @@ module Doorkeeper::OAuth
|
|
124
130
|
end
|
125
131
|
|
126
132
|
context "when redirect_uri is not an URI" do
|
127
|
-
let(:redirect_uri) {
|
133
|
+
let(:redirect_uri) { "123d#!s" }
|
128
134
|
|
129
135
|
it "responds with invalid_grant" do
|
130
136
|
subject.validate
|
@@ -133,7 +139,7 @@ module Doorkeeper::OAuth
|
|
133
139
|
end
|
134
140
|
|
135
141
|
context "when redirect_uri is the native one" do
|
136
|
-
let(:redirect_uri) {
|
142
|
+
let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
|
137
143
|
|
138
144
|
it "invalidates when redirect_uri of the grant is not native" do
|
139
145
|
subject.validate
|
@@ -1,19 +1,21 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe BaseRequest do
|
5
7
|
let(:access_token) do
|
6
8
|
double :access_token,
|
7
|
-
plaintext_token:
|
8
|
-
expires_in:
|
9
|
-
expires_in_seconds:
|
10
|
-
scopes_string:
|
9
|
+
plaintext_token: "some-token",
|
10
|
+
expires_in: "3600",
|
11
|
+
expires_in_seconds: "300",
|
12
|
+
scopes_string: "two scopes",
|
11
13
|
plaintext_refresh_token: "some-refresh-token",
|
12
|
-
token_type:
|
13
|
-
created_at:
|
14
|
+
token_type: "bearer",
|
15
|
+
created_at: 0
|
14
16
|
end
|
15
17
|
|
16
|
-
let(:client) { double :client, id:
|
18
|
+
let(:client) { double :client, id: "1" }
|
17
19
|
|
18
20
|
let(:scopes_array) { %w[public write] }
|
19
21
|
|
@@ -24,6 +26,10 @@ module Doorkeeper::OAuth
|
|
24
26
|
refresh_token_enabled?: false
|
25
27
|
end
|
26
28
|
|
29
|
+
before do
|
30
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
31
|
+
end
|
32
|
+
|
27
33
|
subject do
|
28
34
|
BaseRequest.new
|
29
35
|
end
|
@@ -111,6 +117,9 @@ module Doorkeeper::OAuth
|
|
111
117
|
access_token_expires_in: 100,
|
112
118
|
custom_access_token_expires_in: ->(context) { context.scopes == "public" ? 500 : nil },
|
113
119
|
refresh_token_enabled?: false)
|
120
|
+
|
121
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
122
|
+
|
114
123
|
result = subject.find_or_create_access_token(
|
115
124
|
client,
|
116
125
|
"1",
|
@@ -127,6 +136,9 @@ module Doorkeeper::OAuth
|
|
127
136
|
refresh_token_enabled?: lambda { |context|
|
128
137
|
context.scopes == "public"
|
129
138
|
})
|
139
|
+
|
140
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
141
|
+
|
130
142
|
result = subject.find_or_create_access_token(
|
131
143
|
client,
|
132
144
|
"1",
|
@@ -1,15 +1,17 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
class Doorkeeper::OAuth::Client
|
4
6
|
describe Credentials do
|
5
|
-
let(:client_id) {
|
6
|
-
let(:client_secret) {
|
7
|
+
let(:client_id) { "some-uid" }
|
8
|
+
let(:client_secret) { "some-secret" }
|
7
9
|
|
8
|
-
it
|
10
|
+
it "is blank when the uid in credentials is blank" do
|
9
11
|
expect(Credentials.new(nil, nil)).to be_blank
|
10
|
-
expect(Credentials.new(nil,
|
11
|
-
expect(Credentials.new(
|
12
|
-
expect(Credentials.new(
|
12
|
+
expect(Credentials.new(nil, "something")).to be_blank
|
13
|
+
expect(Credentials.new("something", nil)).to be_present
|
14
|
+
expect(Credentials.new("something", "something")).to be_present
|
13
15
|
end
|
14
16
|
|
15
17
|
describe :from_request do
|
@@ -19,44 +21,44 @@ class Doorkeeper::OAuth::Client
|
|
19
21
|
->(_request) { %w[uid secret] }
|
20
22
|
end
|
21
23
|
|
22
|
-
it
|
24
|
+
it "accepts anything that responds to #call" do
|
23
25
|
expect(method).to receive(:call).with(request)
|
24
26
|
Credentials.from_request request, method
|
25
27
|
end
|
26
28
|
|
27
|
-
it
|
29
|
+
it "delegates methods received as symbols to Credentials class" do
|
28
30
|
expect(Credentials).to receive(:from_params).with(request)
|
29
31
|
Credentials.from_request request, :from_params
|
30
32
|
end
|
31
33
|
|
32
|
-
it
|
34
|
+
it "stops at the first credentials found" do
|
33
35
|
not_called_method = double
|
34
36
|
expect(not_called_method).not_to receive(:call)
|
35
37
|
Credentials.from_request request, ->(_) {}, method, not_called_method
|
36
38
|
end
|
37
39
|
|
38
|
-
it
|
40
|
+
it "returns new Credentials" do
|
39
41
|
credentials = Credentials.from_request request, method
|
40
42
|
expect(credentials).to be_a(Credentials)
|
41
43
|
end
|
42
44
|
|
43
|
-
it
|
45
|
+
it "returns uid and secret from extractor method" do
|
44
46
|
credentials = Credentials.from_request request, method
|
45
|
-
expect(credentials.uid).to eq(
|
46
|
-
expect(credentials.secret).to eq(
|
47
|
+
expect(credentials.uid).to eq("uid")
|
48
|
+
expect(credentials.secret).to eq("secret")
|
47
49
|
end
|
48
50
|
end
|
49
51
|
|
50
52
|
describe :from_params do
|
51
|
-
it
|
53
|
+
it "returns credentials from parameters when Authorization header is not available" do
|
52
54
|
request = double parameters: { client_id: client_id, client_secret: client_secret }
|
53
55
|
uid, secret = Credentials.from_params(request)
|
54
56
|
|
55
|
-
expect(uid).to eq(
|
56
|
-
expect(secret).to eq(
|
57
|
+
expect(uid).to eq("some-uid")
|
58
|
+
expect(secret).to eq("some-secret")
|
57
59
|
end
|
58
60
|
|
59
|
-
it
|
61
|
+
it "is blank when there are no credentials" do
|
60
62
|
request = double parameters: {}
|
61
63
|
uid, secret = Credentials.from_params(request)
|
62
64
|
|
@@ -68,15 +70,15 @@ class Doorkeeper::OAuth::Client
|
|
68
70
|
describe :from_basic do
|
69
71
|
let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
|
70
72
|
|
71
|
-
it
|
73
|
+
it "decodes the credentials" do
|
72
74
|
request = double authorization: "Basic #{credentials}"
|
73
75
|
uid, secret = Credentials.from_basic(request)
|
74
76
|
|
75
|
-
expect(uid).to eq(
|
76
|
-
expect(secret).to eq(
|
77
|
+
expect(uid).to eq("some-uid")
|
78
|
+
expect(secret).to eq("some-secret")
|
77
79
|
end
|
78
80
|
|
79
|
-
it
|
81
|
+
it "is blank if Authorization is not Basic" do
|
80
82
|
request = double authorization: credentials.to_s
|
81
83
|
uid, secret = Credentials.from_basic(request)
|
82
84
|
|
@@ -1,23 +1,25 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
class Doorkeeper::OAuth::ClientCredentialsRequest
|
4
6
|
describe Creator do
|
5
7
|
let(:client) { FactoryBot.create :application }
|
6
|
-
let(:scopes) { Doorkeeper::OAuth::Scopes.from_string(
|
8
|
+
let(:scopes) { Doorkeeper::OAuth::Scopes.from_string("public") }
|
7
9
|
|
8
10
|
before do
|
9
11
|
default_scopes_exist :public
|
10
12
|
end
|
11
13
|
|
12
|
-
it
|
14
|
+
it "creates a new token" do
|
13
15
|
expect do
|
14
16
|
subject.call(client, scopes)
|
15
17
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
16
18
|
end
|
17
19
|
|
18
|
-
context
|
19
|
-
context
|
20
|
-
it
|
20
|
+
context "when reuse_access_token is true" do
|
21
|
+
context "when expiration is disabled" do
|
22
|
+
it "returns the existing valid token" do
|
21
23
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
22
24
|
existing_token = subject.call(client, scopes)
|
23
25
|
|
@@ -28,8 +30,8 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
28
30
|
end
|
29
31
|
end
|
30
32
|
|
31
|
-
context
|
32
|
-
it
|
33
|
+
context "when existing token has not crossed token_reuse_limit" do
|
34
|
+
it "returns the existing valid token" do
|
33
35
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
34
36
|
allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
|
35
37
|
existing_token = subject.call(client, scopes, expires_in: 1000)
|
@@ -42,7 +44,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
42
44
|
end
|
43
45
|
end
|
44
46
|
|
45
|
-
context
|
47
|
+
context "when existing token has crossed token_reuse_limit" do
|
46
48
|
it "returns a new token" do
|
47
49
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
48
50
|
allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
|
@@ -56,7 +58,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
56
58
|
end
|
57
59
|
end
|
58
60
|
|
59
|
-
context
|
61
|
+
context "when existing token has been expired" do
|
60
62
|
it "returns a new token" do
|
61
63
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
62
64
|
allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
|
@@ -83,7 +85,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
83
85
|
end
|
84
86
|
end
|
85
87
|
|
86
|
-
it
|
88
|
+
it "returns false if creation fails" do
|
87
89
|
expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
|
88
90
|
created = subject.call(client, scopes)
|
89
91
|
expect(created).to be_falsey
|
@@ -1,31 +1,36 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
class Doorkeeper::OAuth::ClientCredentialsRequest
|
4
6
|
describe Issuer do
|
5
|
-
let(:creator) { double :
|
7
|
+
let(:creator) { double :access_token_creator }
|
6
8
|
let(:server) do
|
7
9
|
double(
|
8
10
|
:server,
|
9
|
-
access_token_expires_in: 100
|
10
|
-
custom_access_token_expires_in: ->(_context) { nil }
|
11
|
+
access_token_expires_in: 100
|
11
12
|
)
|
12
13
|
end
|
13
14
|
let(:validation) { double :validation, valid?: true }
|
14
15
|
|
16
|
+
before do
|
17
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
|
18
|
+
end
|
19
|
+
|
15
20
|
subject { Issuer.new(server, validation) }
|
16
21
|
|
17
22
|
describe :create do
|
18
|
-
let(:client) { double :client, id:
|
19
|
-
let(:scopes) {
|
23
|
+
let(:client) { double :client, id: "some-id" }
|
24
|
+
let(:scopes) { "some scope" }
|
20
25
|
|
21
|
-
it
|
22
|
-
expect(creator).to receive(:call).and_return(
|
26
|
+
it "creates and sets the token" do
|
27
|
+
expect(creator).to receive(:call).and_return("token")
|
23
28
|
subject.create client, scopes, creator
|
24
29
|
|
25
|
-
expect(subject.token).to eq(
|
30
|
+
expect(subject.token).to eq("token")
|
26
31
|
end
|
27
32
|
|
28
|
-
it
|
33
|
+
it "creates with correct token parameters" do
|
29
34
|
expect(creator).to receive(:call).with(
|
30
35
|
client,
|
31
36
|
scopes,
|
@@ -36,34 +41,34 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
36
41
|
subject.create client, scopes, creator
|
37
42
|
end
|
38
43
|
|
39
|
-
it
|
44
|
+
it "has error set to :server_error if creator fails" do
|
40
45
|
expect(creator).to receive(:call).and_return(false)
|
41
46
|
subject.create client, scopes, creator
|
42
47
|
|
43
48
|
expect(subject.error).to eq(:server_error)
|
44
49
|
end
|
45
50
|
|
46
|
-
context
|
51
|
+
context "when validation fails" do
|
47
52
|
before do
|
48
53
|
allow(validation).to receive(:valid?).and_return(false)
|
49
54
|
allow(validation).to receive(:error).and_return(:validation_error)
|
50
55
|
expect(creator).not_to receive(:create)
|
51
56
|
end
|
52
57
|
|
53
|
-
it
|
58
|
+
it "has error set from validation" do
|
54
59
|
subject.create client, scopes, creator
|
55
60
|
expect(subject.error).to eq(:validation_error)
|
56
61
|
end
|
57
62
|
|
58
|
-
it
|
63
|
+
it "returns false" do
|
59
64
|
expect(subject.create(client, scopes, creator)).to be_falsey
|
60
65
|
end
|
61
66
|
end
|
62
67
|
|
63
|
-
context
|
68
|
+
context "with custom expirations" do
|
64
69
|
let(:custom_ttl_grant) { 1234 }
|
65
70
|
let(:custom_ttl_scope) { 1235 }
|
66
|
-
let(:custom_scope) {
|
71
|
+
let(:custom_scope) { "special" }
|
67
72
|
let(:server) do
|
68
73
|
double(
|
69
74
|
:server,
|
@@ -78,7 +83,11 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
78
83
|
)
|
79
84
|
end
|
80
85
|
|
81
|
-
|
86
|
+
before do
|
87
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
88
|
+
end
|
89
|
+
|
90
|
+
it "respects grant based rules" do
|
82
91
|
expect(creator).to receive(:call).with(
|
83
92
|
client,
|
84
93
|
scopes,
|
@@ -88,7 +97,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
88
97
|
subject.create client, scopes, creator
|
89
98
|
end
|
90
99
|
|
91
|
-
it
|
100
|
+
it "respects scope based rules" do
|
92
101
|
expect(creator).to receive(:call).with(
|
93
102
|
client,
|
94
103
|
custom_scope,
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
class Doorkeeper::OAuth::ClientCredentialsRequest
|
4
6
|
describe Validation do
|
@@ -9,30 +11,30 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
9
11
|
|
10
12
|
subject { Validation.new(server, request) }
|
11
13
|
|
12
|
-
it
|
14
|
+
it "is valid with valid request" do
|
13
15
|
expect(subject).to be_valid
|
14
16
|
end
|
15
17
|
|
16
|
-
it
|
18
|
+
it "is invalid when client is not present" do
|
17
19
|
allow(request).to receive(:client).and_return(nil)
|
18
20
|
expect(subject).not_to be_valid
|
19
21
|
end
|
20
22
|
|
21
|
-
context
|
22
|
-
it
|
23
|
-
server_scopes = Doorkeeper::OAuth::Scopes.from_string
|
23
|
+
context "with scopes" do
|
24
|
+
it "is invalid when scopes are not included in the server" do
|
25
|
+
server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
|
24
26
|
allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
|
25
27
|
allow(server).to receive(:scopes).and_return(server_scopes)
|
26
28
|
allow(request).to receive(:scopes).and_return(
|
27
|
-
Doorkeeper::OAuth::Scopes.from_string(
|
29
|
+
Doorkeeper::OAuth::Scopes.from_string("invalid")
|
28
30
|
)
|
29
31
|
expect(subject).not_to be_valid
|
30
32
|
end
|
31
33
|
|
32
|
-
context
|
33
|
-
it
|
34
|
-
application_scopes = Doorkeeper::OAuth::Scopes.from_string
|
35
|
-
server_scopes = Doorkeeper::OAuth::Scopes.from_string
|
34
|
+
context "with application scopes" do
|
35
|
+
it "is valid when scopes are included in the application" do
|
36
|
+
application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
|
37
|
+
server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
|
36
38
|
allow(application).to receive(:scopes).and_return(application_scopes)
|
37
39
|
allow(server).to receive(:scopes).and_return(server_scopes)
|
38
40
|
allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
|
@@ -40,14 +42,14 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
40
42
|
expect(subject).to be_valid
|
41
43
|
end
|
42
44
|
|
43
|
-
it
|
44
|
-
application_scopes = Doorkeeper::OAuth::Scopes.from_string
|
45
|
-
server_scopes = Doorkeeper::OAuth::Scopes.from_string
|
45
|
+
it "is invalid when scopes are not included in the application" do
|
46
|
+
application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
|
47
|
+
server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
|
46
48
|
allow(application).to receive(:scopes).and_return(application_scopes)
|
47
49
|
allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
|
48
50
|
allow(server).to receive(:scopes).and_return(server_scopes)
|
49
51
|
allow(request).to receive(:scopes).and_return(
|
50
|
-
Doorkeeper::OAuth::Scopes.from_string(
|
52
|
+
Doorkeeper::OAuth::Scopes.from_string("email")
|
51
53
|
)
|
52
54
|
expect(subject).not_to be_valid
|
53
55
|
end
|