doorkeeper 5.1.0.rc2 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.hound.yml +2 -1
- data/.rubocop.yml +37 -4
- data/.travis.yml +4 -27
- data/Appraisals +8 -12
- data/Gemfile +6 -2
- data/NEWS.md +16 -0
- data/README.md +11 -2
- data/Rakefile +10 -8
- data/app/controllers/doorkeeper/application_controller.rb +1 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
- data/app/controllers/doorkeeper/applications_controller.rb +17 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/validators/redirect_uri_validator.rb +5 -2
- data/app/views/doorkeeper/applications/_form.html.erb +6 -0
- data/bin/console +5 -4
- data/config/locales/en.yml +1 -0
- data/doorkeeper.gemspec +24 -22
- data/gemfiles/rails_5_0.gemfile +2 -1
- data/gemfiles/rails_5_1.gemfile +2 -1
- data/gemfiles/rails_5_2.gemfile +2 -1
- data/gemfiles/rails_6_0.gemfile +1 -0
- data/gemfiles/rails_master.gemfile +1 -0
- data/lib/doorkeeper.rb +68 -66
- data/lib/doorkeeper/config.rb +53 -90
- data/lib/doorkeeper/config/option.rb +64 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
- data/lib/doorkeeper/grape/helpers.rb +3 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
- data/lib/doorkeeper/models/application_mixin.rb +1 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
- data/lib/doorkeeper/oauth.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/scopes.rb +5 -3
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
- data/lib/doorkeeper/oauth/token_response.rb +9 -9
- data/lib/doorkeeper/orm/active_record.rb +6 -6
- data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
- data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
- data/lib/doorkeeper/orm/active_record/application.rb +6 -5
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
- data/lib/doorkeeper/rails/helpers.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +11 -11
- data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
- data/lib/doorkeeper/rake.rb +1 -1
- data/lib/doorkeeper/rake/db.rake +13 -13
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/secret_storing/base.rb +7 -6
- data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
- data/lib/doorkeeper/secret_storing/plain.rb +4 -4
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
- data/lib/generators/doorkeeper/install_generator.rb +11 -9
- data/lib/generators/doorkeeper/migration_generator.rb +9 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
- data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
- data/lib/generators/doorkeeper/views_generator.rb +6 -4
- data/spec/controllers/application_metal_controller_spec.rb +10 -10
- data/spec/controllers/applications_controller_spec.rb +54 -52
- data/spec/controllers/authorizations_controller_spec.rb +136 -142
- data/spec/controllers/protected_resources_controller_spec.rb +78 -76
- data/spec/controllers/token_info_controller_spec.rb +13 -11
- data/spec/controllers/tokens_controller_spec.rb +109 -94
- data/spec/dummy/Rakefile +3 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/controllers/home_controller.rb +5 -3
- data/spec/dummy/app/controllers/metal_controller.rb +2 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +2 -0
- data/spec/dummy/config.ru +3 -1
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/environments/development.rb +2 -0
- data/spec/dummy/config/environments/production.rb +2 -0
- data/spec/dummy/config/environments/test.rb +3 -1
- data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
- data/spec/dummy/config/initializers/secret_token.rb +3 -1
- data/spec/dummy/config/initializers/session_store.rb +3 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
- data/spec/dummy/db/schema.rb +1 -1
- data/spec/dummy/script/rails +5 -3
- data/spec/factories.rb +5 -3
- data/spec/generators/application_owner_generator_spec.rb +13 -26
- data/spec/generators/confidential_applications_generator_spec.rb +12 -28
- data/spec/generators/install_generator_spec.rb +17 -15
- data/spec/generators/migration_generator_spec.rb +13 -26
- data/spec/generators/pkce_generator_spec.rb +11 -26
- data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
- data/spec/generators/templates/routes.rb +2 -0
- data/spec/generators/views_generator_spec.rb +14 -12
- data/spec/grape/grape_integration_spec.rb +34 -32
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
- data/spec/lib/config_spec.rb +137 -136
- data/spec/lib/doorkeeper_spec.rb +3 -1
- data/spec/lib/models/expirable_spec.rb +12 -10
- data/spec/lib/models/reusable_spec.rb +6 -6
- data/spec/lib/models/revocable_spec.rb +8 -6
- data/spec/lib/models/scopes_spec.rb +19 -17
- data/spec/lib/models/secret_storable_spec.rb +71 -49
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
- data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
- data/spec/lib/oauth/base_request_spec.rb +20 -8
- data/spec/lib/oauth/base_response_spec.rb +3 -1
- data/spec/lib/oauth/client/credentials_spec.rb +24 -22
- data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
- data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
- data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
- data/spec/lib/oauth/client_spec.rb +15 -13
- data/spec/lib/oauth/code_request_spec.rb +8 -6
- data/spec/lib/oauth/code_response_spec.rb +9 -7
- data/spec/lib/oauth/error_response_spec.rb +14 -12
- data/spec/lib/oauth/error_spec.rb +4 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
- data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
- data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
- data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
- data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
- data/spec/lib/oauth/scopes_spec.rb +63 -61
- data/spec/lib/oauth/token_request_spec.rb +66 -26
- data/spec/lib/oauth/token_response_spec.rb +39 -37
- data/spec/lib/oauth/token_spec.rb +51 -49
- data/spec/lib/request/strategy_spec.rb +3 -1
- data/spec/lib/secret_storing/base_spec.rb +23 -23
- data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
- data/spec/lib/secret_storing/plain_spec.rb +17 -17
- data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
- data/spec/lib/server_spec.rb +16 -14
- data/spec/lib/stale_records_cleaner_spec.rb +17 -17
- data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
- data/spec/models/doorkeeper/access_token_spec.rb +97 -95
- data/spec/models/doorkeeper/application_spec.rb +98 -57
- data/spec/requests/applications/applications_request_spec.rb +98 -66
- data/spec/requests/applications/authorized_applications_spec.rb +20 -18
- data/spec/requests/endpoints/authorization_spec.rb +25 -23
- data/spec/requests/endpoints/token_spec.rb +38 -36
- data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
- data/spec/requests/flows/authorization_code_spec.rb +161 -159
- data/spec/requests/flows/client_credentials_spec.rb +53 -51
- data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
- data/spec/requests/flows/implicit_grant_spec.rb +27 -25
- data/spec/requests/flows/password_spec.rb +56 -54
- data/spec/requests/flows/refresh_token_spec.rb +45 -43
- data/spec/requests/flows/revoke_token_spec.rb +29 -27
- data/spec/requests/flows/skip_authorization_spec.rb +23 -21
- data/spec/requests/protected_resources/metal_spec.rb +7 -5
- data/spec/requests/protected_resources/private_api_spec.rb +35 -33
- data/spec/routing/custom_controller_routes_spec.rb +67 -65
- data/spec/routing/default_routes_spec.rb +22 -20
- data/spec/routing/scoped_routes_spec.rb +20 -18
- data/spec/spec_helper.rb +14 -13
- data/spec/spec_helper_integration.rb +3 -1
- data/spec/support/dependencies/factory_bot.rb +3 -1
- data/spec/support/doorkeeper_rspec.rb +3 -1
- data/spec/support/helpers/access_token_request_helper.rb +3 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -2
- data/spec/support/helpers/config_helper.rb +2 -0
- data/spec/support/helpers/model_helper.rb +3 -1
- data/spec/support/helpers/request_spec_helper.rb +5 -3
- data/spec/support/helpers/url_helper.rb +9 -7
- data/spec/support/http_method_shim.rb +4 -9
- data/spec/support/orm/active_record.rb +3 -1
- data/spec/support/shared/controllers_shared_context.rb +18 -16
- data/spec/support/shared/hashing_shared_context.rb +3 -3
- data/spec/support/shared/models_shared_examples.rb +12 -10
- data/spec/validators/redirect_uri_validator_spec.rb +74 -45
- data/spec/version/version_spec.rb +7 -5
- metadata +12 -16
- data/gemfiles/rails_4_2.gemfile +0 -17
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
- data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14
@@ -1,13 +1,15 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe ClientCredentialsRequest do
|
5
7
|
let(:server) { Doorkeeper.configuration }
|
6
8
|
|
7
|
-
context
|
9
|
+
context "with a valid request" do
|
8
10
|
let(:client) { FactoryBot.create :application }
|
9
11
|
|
10
|
-
it
|
12
|
+
it "issues an access token" do
|
11
13
|
request = ClientCredentialsRequest.new(server, client, {})
|
12
14
|
expect do
|
13
15
|
request.authorize
|
@@ -15,8 +17,8 @@ module Doorkeeper::OAuth
|
|
15
17
|
end
|
16
18
|
end
|
17
19
|
|
18
|
-
describe
|
19
|
-
it
|
20
|
+
describe "with an invalid request" do
|
21
|
+
it "does not issue an access token" do
|
20
22
|
request = ClientCredentialsRequest.new(server, nil, {})
|
21
23
|
expect do
|
22
24
|
request.authorize
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe ClientCredentialsRequest do
|
@@ -10,71 +12,75 @@ module Doorkeeper::OAuth
|
|
10
12
|
)
|
11
13
|
end
|
12
14
|
|
13
|
-
let(:application) { FactoryBot.create(:application, scopes:
|
15
|
+
let(:application) { FactoryBot.create(:application, scopes: "") }
|
14
16
|
let(:client) { double :client, application: application }
|
15
17
|
let(:token_creator) { double :issuer, create: true, token: double }
|
16
18
|
|
19
|
+
before do
|
20
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
21
|
+
end
|
22
|
+
|
17
23
|
subject { ClientCredentialsRequest.new(server, client) }
|
18
24
|
|
19
25
|
before do
|
20
26
|
subject.issuer = token_creator
|
21
27
|
end
|
22
28
|
|
23
|
-
it
|
29
|
+
it "issues an access token for the current client" do
|
24
30
|
expect(token_creator).to receive(:create).with(client, nil)
|
25
31
|
subject.authorize
|
26
32
|
end
|
27
33
|
|
28
|
-
it
|
34
|
+
it "has successful response when issue was created" do
|
29
35
|
subject.authorize
|
30
36
|
expect(subject.response).to be_a(TokenResponse)
|
31
37
|
end
|
32
38
|
|
33
|
-
context
|
39
|
+
context "if issue was not created" do
|
34
40
|
before do
|
35
41
|
subject.issuer = double create: false, error: :invalid
|
36
42
|
end
|
37
43
|
|
38
|
-
it
|
44
|
+
it "has an error response" do
|
39
45
|
subject.authorize
|
40
46
|
expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
|
41
47
|
end
|
42
48
|
|
43
|
-
it
|
49
|
+
it "delegates the error to issuer" do
|
44
50
|
subject.authorize
|
45
51
|
expect(subject.error).to eq(:invalid)
|
46
52
|
end
|
47
53
|
end
|
48
54
|
|
49
|
-
context
|
50
|
-
let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string(
|
55
|
+
context "with scopes" do
|
56
|
+
let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
|
51
57
|
|
52
58
|
before do
|
53
59
|
allow(server).to receive(:default_scopes).and_return(default_scopes)
|
54
60
|
end
|
55
61
|
|
56
|
-
it
|
62
|
+
it "issues an access token with default scopes if none was requested" do
|
57
63
|
expect(token_creator).to receive(:create).with(client, default_scopes)
|
58
64
|
subject.authorize
|
59
65
|
end
|
60
66
|
|
61
|
-
it
|
62
|
-
subject = ClientCredentialsRequest.new(server, client, scope:
|
67
|
+
it "issues an access token with requested scopes" do
|
68
|
+
subject = ClientCredentialsRequest.new(server, client, scope: "email")
|
63
69
|
subject.issuer = token_creator
|
64
|
-
expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string(
|
70
|
+
expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
|
65
71
|
subject.authorize
|
66
72
|
end
|
67
73
|
end
|
68
74
|
|
69
|
-
context
|
75
|
+
context "with restricted client" do
|
70
76
|
let(:default_scopes) do
|
71
|
-
Doorkeeper::OAuth::Scopes.from_string(
|
77
|
+
Doorkeeper::OAuth::Scopes.from_string("public email")
|
72
78
|
end
|
73
79
|
let(:server_scopes) do
|
74
|
-
Doorkeeper::OAuth::Scopes.from_string(
|
80
|
+
Doorkeeper::OAuth::Scopes.from_string("public email phone")
|
75
81
|
end
|
76
82
|
let(:client_scopes) do
|
77
|
-
Doorkeeper::OAuth::Scopes.from_string(
|
83
|
+
Doorkeeper::OAuth::Scopes.from_string("public phone")
|
78
84
|
end
|
79
85
|
|
80
86
|
before do
|
@@ -85,18 +91,18 @@ module Doorkeeper::OAuth
|
|
85
91
|
allow(client).to receive(:id).and_return(nil)
|
86
92
|
end
|
87
93
|
|
88
|
-
it
|
94
|
+
it "delegates the error to issuer if no scope was requested" do
|
89
95
|
subject = ClientCredentialsRequest.new(server, client)
|
90
96
|
subject.authorize
|
91
97
|
expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
|
92
98
|
expect(subject.error).to eq(:invalid_scope)
|
93
99
|
end
|
94
100
|
|
95
|
-
it
|
96
|
-
subject = ClientCredentialsRequest.new(server, client, scope:
|
101
|
+
it "issues an access token with requested scopes" do
|
102
|
+
subject = ClientCredentialsRequest.new(server, client, scope: "phone")
|
97
103
|
subject.authorize
|
98
104
|
expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
|
99
|
-
expect(subject.response.token.scopes_string).to eq(
|
105
|
+
expect(subject.response.token.scopes_string).to eq("phone")
|
100
106
|
end
|
101
107
|
end
|
102
108
|
end
|
@@ -1,34 +1,36 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe Client do
|
5
7
|
describe :find do
|
6
8
|
let(:method) { double }
|
7
9
|
|
8
|
-
it
|
10
|
+
it "finds the client via uid" do
|
9
11
|
client = double
|
10
|
-
expect(method).to receive(:call).with(
|
11
|
-
expect(Client.find(
|
12
|
+
expect(method).to receive(:call).with("uid").and_return(client)
|
13
|
+
expect(Client.find("uid", method)).to be_a(Client)
|
12
14
|
end
|
13
15
|
|
14
|
-
it
|
15
|
-
expect(method).to receive(:call).with(
|
16
|
-
expect(Client.find(
|
16
|
+
it "returns nil if client was not found" do
|
17
|
+
expect(method).to receive(:call).with("uid").and_return(nil)
|
18
|
+
expect(Client.find("uid", method)).to be_nil
|
17
19
|
end
|
18
20
|
end
|
19
21
|
|
20
22
|
describe :authenticate do
|
21
|
-
it
|
22
|
-
credentials = Client::Credentials.new(
|
23
|
+
it "returns the authenticated client via credentials" do
|
24
|
+
credentials = Client::Credentials.new("some-uid", "some-secret")
|
23
25
|
authenticator = double
|
24
|
-
expect(authenticator).to receive(:call).with(
|
26
|
+
expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
|
25
27
|
expect(Client.authenticate(credentials, authenticator)).to be_a(Client)
|
26
28
|
end
|
27
29
|
|
28
|
-
it
|
29
|
-
credentials = Client::Credentials.new(
|
30
|
+
it "returns nil if client was not authenticated" do
|
31
|
+
credentials = Client::Credentials.new("some-uid", "some-secret")
|
30
32
|
authenticator = double
|
31
|
-
expect(authenticator).to receive(:call).with(
|
33
|
+
expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
|
32
34
|
expect(Client.authenticate(credentials, authenticator)).to be_nil
|
33
35
|
end
|
34
36
|
end
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe CodeRequest do
|
@@ -6,7 +8,7 @@ module Doorkeeper::OAuth
|
|
6
8
|
double(
|
7
9
|
:pre_auth,
|
8
10
|
client: double(:application, id: 9990),
|
9
|
-
redirect_uri:
|
11
|
+
redirect_uri: "http://tst.com/cb",
|
10
12
|
scopes: nil,
|
11
13
|
state: nil,
|
12
14
|
error: nil,
|
@@ -22,22 +24,22 @@ module Doorkeeper::OAuth
|
|
22
24
|
CodeRequest.new(pre_auth, owner)
|
23
25
|
end
|
24
26
|
|
25
|
-
it
|
27
|
+
it "creates an access grant" do
|
26
28
|
expect do
|
27
29
|
subject.authorize
|
28
30
|
end.to change { Doorkeeper::AccessGrant.count }.by(1)
|
29
31
|
end
|
30
32
|
|
31
|
-
it
|
33
|
+
it "returns a code response" do
|
32
34
|
expect(subject.authorize).to be_a(CodeResponse)
|
33
35
|
end
|
34
36
|
|
35
|
-
it
|
37
|
+
it "does not create grant when not authorizable" do
|
36
38
|
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
37
39
|
expect { subject.authorize }.not_to(change { Doorkeeper::AccessGrant.count })
|
38
40
|
end
|
39
41
|
|
40
|
-
it
|
42
|
+
it "returns a error response" do
|
41
43
|
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
42
44
|
expect(subject.authorize).to be_a(ErrorResponse)
|
43
45
|
end
|
@@ -1,17 +1,19 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper
|
4
6
|
module OAuth
|
5
7
|
describe CodeResponse do
|
6
|
-
describe
|
7
|
-
context
|
8
|
+
describe ".redirect_uri" do
|
9
|
+
context "when generating the redirect URI for an implicit grant" do
|
8
10
|
let :pre_auth do
|
9
11
|
double(
|
10
12
|
:pre_auth,
|
11
13
|
client: double(:application, id: 1),
|
12
|
-
redirect_uri:
|
14
|
+
redirect_uri: "http://tst.com/cb",
|
13
15
|
state: nil,
|
14
|
-
scopes: Scopes.from_string(
|
16
|
+
scopes: Scopes.from_string("public")
|
15
17
|
)
|
16
18
|
end
|
17
19
|
|
@@ -24,8 +26,8 @@ module Doorkeeper
|
|
24
26
|
|
25
27
|
subject { CodeResponse.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
|
26
28
|
|
27
|
-
it
|
28
|
-
expect(subject).to include(
|
29
|
+
it "includes the remaining TTL of the token relative to the time the token was generated" do
|
30
|
+
expect(subject).to include("expires_in=3600")
|
29
31
|
end
|
30
32
|
end
|
31
33
|
end
|
@@ -1,13 +1,15 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe ErrorResponse do
|
5
|
-
describe
|
6
|
-
it
|
7
|
+
describe "#status" do
|
8
|
+
it "should have a status of bad_request" do
|
7
9
|
expect(subject.status).to eq(:bad_request)
|
8
10
|
end
|
9
11
|
|
10
|
-
it
|
12
|
+
it "should have a status of unauthorized for an invalid_client error" do
|
11
13
|
subject = described_class.new(name: :invalid_client)
|
12
14
|
|
13
15
|
expect(subject.status).to eq(:unauthorized)
|
@@ -15,42 +17,42 @@ module Doorkeeper::OAuth
|
|
15
17
|
end
|
16
18
|
|
17
19
|
describe :from_request do
|
18
|
-
it
|
20
|
+
it "has the error from request" do
|
19
21
|
error = ErrorResponse.from_request double(error: :some_error)
|
20
22
|
expect(error.name).to eq(:some_error)
|
21
23
|
end
|
22
24
|
|
23
|
-
it
|
25
|
+
it "ignores state if request does not respond to state" do
|
24
26
|
error = ErrorResponse.from_request double(error: :some_error)
|
25
27
|
expect(error.state).to be_nil
|
26
28
|
end
|
27
29
|
|
28
|
-
it
|
30
|
+
it "has state if request responds to state" do
|
29
31
|
error = ErrorResponse.from_request double(error: :some_error, state: :hello)
|
30
32
|
expect(error.state).to eq(:hello)
|
31
33
|
end
|
32
34
|
end
|
33
35
|
|
34
|
-
it
|
36
|
+
it "ignores empty error values" do
|
35
37
|
subject = ErrorResponse.new(error: :some_error, state: nil)
|
36
38
|
expect(subject.body).not_to have_key(:state)
|
37
39
|
end
|
38
40
|
|
39
|
-
describe
|
41
|
+
describe ".body" do
|
40
42
|
subject { ErrorResponse.new(name: :some_error, state: :some_state).body }
|
41
43
|
|
42
|
-
describe
|
44
|
+
describe "#body" do
|
43
45
|
it { expect(subject).to have_key(:error) }
|
44
46
|
it { expect(subject).to have_key(:error_description) }
|
45
47
|
it { expect(subject).to have_key(:state) }
|
46
48
|
end
|
47
49
|
end
|
48
50
|
|
49
|
-
describe
|
51
|
+
describe ".headers" do
|
50
52
|
let(:error_response) { ErrorResponse.new(name: :some_error, state: :some_state) }
|
51
53
|
subject { error_response.headers }
|
52
54
|
|
53
|
-
it { expect(subject).to include
|
55
|
+
it { expect(subject).to include "WWW-Authenticate" }
|
54
56
|
|
55
57
|
describe "WWW-Authenticate header" do
|
56
58
|
subject { error_response.headers["WWW-Authenticate"] }
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe Error do
|
@@ -8,7 +10,7 @@ module Doorkeeper::OAuth
|
|
8
10
|
it { expect(subject).to respond_to(:state) }
|
9
11
|
|
10
12
|
describe :description do
|
11
|
-
it
|
13
|
+
it "is translated from translation messages" do
|
12
14
|
expect(I18n).to receive(:translate).with(
|
13
15
|
:some_error,
|
14
16
|
scope: %i[doorkeeper errors messages],
|
@@ -1,19 +1,21 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe ForbiddenTokenResponse do
|
5
|
-
describe
|
7
|
+
describe "#name" do
|
6
8
|
it { expect(subject.name).to eq(:invalid_scope) }
|
7
9
|
end
|
8
10
|
|
9
|
-
describe
|
11
|
+
describe "#status" do
|
10
12
|
it { expect(subject.status).to eq(:forbidden) }
|
11
13
|
end
|
12
14
|
|
13
15
|
describe :from_scopes do
|
14
|
-
it
|
16
|
+
it "should have a list of acceptable scopes" do
|
15
17
|
response = ForbiddenTokenResponse.from_scopes(["public"])
|
16
|
-
expect(response.description).to include(
|
18
|
+
expect(response.description).to include("public")
|
17
19
|
end
|
18
20
|
end
|
19
21
|
end
|
@@ -1,92 +1,94 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth::Helpers
|
4
|
-
describe ScopeChecker,
|
6
|
+
describe ScopeChecker, ".valid?" do
|
5
7
|
let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
|
6
8
|
|
7
|
-
it
|
9
|
+
it "is valid if scope is present" do
|
8
10
|
server_scopes.add :scope
|
9
|
-
expect(ScopeChecker.valid?(scope_str:
|
11
|
+
expect(ScopeChecker.valid?(scope_str: "scope", server_scopes: server_scopes)).to be_truthy
|
10
12
|
end
|
11
13
|
|
12
|
-
it
|
14
|
+
it "is invalid if includes tabs space" do
|
13
15
|
expect(ScopeChecker.valid?(scope_str: "\tsomething", server_scopes: server_scopes)).to be_falsey
|
14
16
|
end
|
15
17
|
|
16
|
-
it
|
18
|
+
it "is invalid if scope is not present" do
|
17
19
|
expect(ScopeChecker.valid?(scope_str: nil, server_scopes: server_scopes)).to be_falsey
|
18
20
|
end
|
19
21
|
|
20
|
-
it
|
21
|
-
expect(ScopeChecker.valid?(scope_str:
|
22
|
+
it "is invalid if scope is blank" do
|
23
|
+
expect(ScopeChecker.valid?(scope_str: " ", server_scopes: server_scopes)).to be_falsey
|
22
24
|
end
|
23
25
|
|
24
|
-
it
|
26
|
+
it "is invalid if includes return space" do
|
25
27
|
expect(ScopeChecker.valid?(scope_str: "scope\r", server_scopes: server_scopes)).to be_falsey
|
26
28
|
end
|
27
29
|
|
28
|
-
it
|
30
|
+
it "is invalid if includes new lines" do
|
29
31
|
expect(ScopeChecker.valid?(scope_str: "scope\nanother", server_scopes: server_scopes)).to be_falsey
|
30
32
|
end
|
31
33
|
|
32
|
-
it
|
33
|
-
expect(ScopeChecker.valid?(scope_str:
|
34
|
+
it "is invalid if any scope is not included in server scopes" do
|
35
|
+
expect(ScopeChecker.valid?(scope_str: "scope another", server_scopes: server_scopes)).to be_falsey
|
34
36
|
end
|
35
37
|
|
36
|
-
context
|
38
|
+
context "with application_scopes" do
|
37
39
|
let(:server_scopes) do
|
38
|
-
Doorkeeper::OAuth::Scopes.from_string
|
40
|
+
Doorkeeper::OAuth::Scopes.from_string "common svr"
|
39
41
|
end
|
40
42
|
let(:application_scopes) do
|
41
|
-
Doorkeeper::OAuth::Scopes.from_string
|
43
|
+
Doorkeeper::OAuth::Scopes.from_string "app123"
|
42
44
|
end
|
43
45
|
|
44
|
-
it
|
45
|
-
expect(ScopeChecker.valid?(scope_str:
|
46
|
+
it "is valid if scope is included in the application scope list" do
|
47
|
+
expect(ScopeChecker.valid?(scope_str: "app123",
|
46
48
|
server_scopes: server_scopes,
|
47
49
|
app_scopes: application_scopes)).to be_truthy
|
48
50
|
end
|
49
51
|
|
50
|
-
it
|
51
|
-
expect(ScopeChecker.valid?(scope_str:
|
52
|
+
it "is invalid if any scope is not included in the application" do
|
53
|
+
expect(ScopeChecker.valid?(scope_str: "svr",
|
52
54
|
server_scopes: server_scopes,
|
53
55
|
app_scopes: application_scopes)).to be_falsey
|
54
56
|
end
|
55
57
|
end
|
56
58
|
|
57
|
-
context
|
59
|
+
context "with grant_type" do
|
58
60
|
let(:server_scopes) do
|
59
|
-
Doorkeeper::OAuth::Scopes.from_string
|
61
|
+
Doorkeeper::OAuth::Scopes.from_string "scope1 scope2"
|
60
62
|
end
|
61
63
|
|
62
|
-
context
|
63
|
-
it
|
64
|
-
expect(ScopeChecker.valid?(scope_str:
|
64
|
+
context "with scopes_by_grant_type not configured for grant_type" do
|
65
|
+
it "is valid if the scope is in server scopes" do
|
66
|
+
expect(ScopeChecker.valid?(scope_str: "scope1",
|
65
67
|
server_scopes: server_scopes,
|
66
68
|
grant_type: Doorkeeper::OAuth::PASSWORD)).to be_truthy
|
67
69
|
end
|
68
70
|
|
69
|
-
it
|
70
|
-
expect(ScopeChecker.valid?(scope_str:
|
71
|
+
it "is invalid if the scope is not in server scopes" do
|
72
|
+
expect(ScopeChecker.valid?(scope_str: "unknown",
|
71
73
|
server_scopes: server_scopes,
|
72
74
|
grant_type: Doorkeeper::OAuth::PASSWORD)).to be_falsey
|
73
75
|
end
|
74
76
|
end
|
75
77
|
|
76
|
-
context
|
78
|
+
context "when scopes_by_grant_type configured for grant_type" do
|
77
79
|
before do
|
78
|
-
allow(Doorkeeper.configuration).to receive(:scopes_by_grant_type)
|
79
|
-
and_return(password: [:scope1])
|
80
|
+
allow(Doorkeeper.configuration).to receive(:scopes_by_grant_type)
|
81
|
+
.and_return(password: [:scope1])
|
80
82
|
end
|
81
83
|
|
82
|
-
it
|
83
|
-
expect(ScopeChecker.valid?(scope_str:
|
84
|
+
it "is valid if the scope is permitted for grant_type" do
|
85
|
+
expect(ScopeChecker.valid?(scope_str: "scope1",
|
84
86
|
server_scopes: server_scopes,
|
85
87
|
grant_type: Doorkeeper::OAuth::PASSWORD)).to be_truthy
|
86
88
|
end
|
87
89
|
|
88
|
-
it
|
89
|
-
expect(ScopeChecker.valid?(scope_str:
|
90
|
+
it "is invalid if the scope is permitted for grant_type" do
|
91
|
+
expect(ScopeChecker.valid?(scope_str: "scope2",
|
90
92
|
server_scopes: server_scopes,
|
91
93
|
grant_type: Doorkeeper::OAuth::PASSWORD)).to be_falsey
|
92
94
|
end
|