doorkeeper 5.1.0.rc2 → 5.1.0

data/spec/lib/oauth/helpers/unique_token_spec.rb

@@ -1,19 +1,21 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module Doorkeeper::OAuth::Helpers
   describe UniqueToken do
     let :generator do
-      ->(size) { 'a' * size }
+      ->(size) { "a" * size }
     end
 
-    it 'is able to customize the generator method' do
+    it "is able to customize the generator method" do
       token = UniqueToken.generate(generator: generator)
-      expect(token).to eq('a' * 32)
+      expect(token).to eq("a" * 32)
     end
 
-    it 'is able to customize the size of the token' do
+    it "is able to customize the size of the token" do
       token = UniqueToken.generate(generator: generator, size: 2)
-      expect(token).to eq('aa')
+      expect(token).to eq("aa")
     end
   end
 end

data/spec/lib/oauth/helpers/uri_checker_spec.rb

@@ -1,244 +1,246 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module Doorkeeper::OAuth::Helpers
   describe URIChecker do
-    describe '.valid?' do
-      it 'is valid for valid uris' do
-        uri = 'http://app.co'
+    describe ".valid?" do
+      it "is valid for valid uris" do
+        uri = "http://app.co"
         expect(URIChecker.valid?(uri)).to be_truthy
       end
 
-      it 'is valid if include path param' do
-        uri = 'http://app.co/path'
+      it "is valid if include path param" do
+        uri = "http://app.co/path"
         expect(URIChecker.valid?(uri)).to be_truthy
       end
 
-      it 'is valid if include query param' do
-        uri = 'http://app.co/?query=1'
+      it "is valid if include query param" do
+        uri = "http://app.co/?query=1"
         expect(URIChecker.valid?(uri)).to be_truthy
       end
 
-      it 'is invalid if uri includes fragment' do
-        uri = 'http://app.co/test#fragment'
+      it "is invalid if uri includes fragment" do
+        uri = "http://app.co/test#fragment"
         expect(URIChecker.valid?(uri)).to be_falsey
       end
 
-      it 'is invalid if scheme is missing' do
-        uri = 'app.co'
+      it "is invalid if scheme is missing" do
+        uri = "app.co"
         expect(URIChecker.valid?(uri)).to be_falsey
       end
 
-      it 'is invalid if is a relative uri' do
-        uri = '/abc/123'
+      it "is invalid if is a relative uri" do
+        uri = "/abc/123"
         expect(URIChecker.valid?(uri)).to be_falsey
       end
 
-      it 'is invalid if is not a url' do
-        uri = 'http://'
+      it "is invalid if is not a url" do
+        uri = "http://"
         expect(URIChecker.valid?(uri)).to be_falsey
       end
 
-      it 'is invalid if is not an uri' do
-        uri = '   '
+      it "is invalid if is not an uri" do
+        uri = "   "
         expect(URIChecker.valid?(uri)).to be_falsey
       end
 
-      it 'is valid for native uris' do
-        uri = 'urn:ietf:wg:oauth:2.0:oob'
+      it "is valid for native uris" do
+        uri = "urn:ietf:wg:oauth:2.0:oob"
         expect(URIChecker.valid?(uri)).to be_truthy
       end
     end
 
-    describe '.matches?' do
-      it 'is true if both url matches' do
-        uri = client_uri = 'http://app.co/aaa'
+    describe ".matches?" do
+      it "is true if both url matches" do
+        uri = client_uri = "http://app.co/aaa"
         expect(URIChecker.matches?(uri, client_uri)).to be_truthy
       end
 
-      it 'ignores query parameter on comparsion' do
-        uri = 'http://app.co/?query=hello'
-        client_uri = 'http://app.co'
+      it "ignores query parameter on comparsion" do
+        uri = "http://app.co/?query=hello"
+        client_uri = "http://app.co"
         expect(URIChecker.matches?(uri, client_uri)).to be_truthy
       end
 
       it "doesn't allow non-matching domains through" do
-        uri = 'http://app.abc/?query=hello'
-        client_uri = 'http://app.co'
+        uri = "http://app.abc/?query=hello"
+        client_uri = "http://app.co"
         expect(URIChecker.matches?(uri, client_uri)).to be_falsey
       end
 
       it "doesn't allow non-matching domains that don't start at the beginning" do
-        uri = 'http://app.co/?query=hello'
-        client_uri = 'http://example.com?app.co=test'
+        uri = "http://app.co/?query=hello"
+        client_uri = "http://example.com?app.co=test"
         expect(URIChecker.matches?(uri, client_uri)).to be_falsey
       end
 
-      context 'loopback IP redirect URIs' do
-        it 'ignores port for same URIs' do
-          uri = 'http://127.0.0.1:5555/auth/callback'
-          client_uri = 'http://127.0.0.1:48599/auth/callback'
+      context "loopback IP redirect URIs" do
+        it "ignores port for same URIs" do
+          uri = "http://127.0.0.1:5555/auth/callback"
+          client_uri = "http://127.0.0.1:48599/auth/callback"
           expect(URIChecker.matches?(uri, client_uri)).to be_truthy
 
-          uri = 'http://[::1]:5555/auth/callback'
-          client_uri = 'http://[::1]:5555/auth/callback'
+          uri = "http://[::1]:5555/auth/callback"
+          client_uri = "http://[::1]:5555/auth/callback"
           expect(URIChecker.matches?(uri, client_uri)).to be_truthy
         end
 
         it "doesn't ignore port for URIs with different queries" do
-          uri = 'http://127.0.0.1:5555/auth/callback'
-          client_uri = 'http://127.0.0.1:48599/auth/callback2'
+          uri = "http://127.0.0.1:5555/auth/callback"
+          client_uri = "http://127.0.0.1:48599/auth/callback2"
           expect(URIChecker.matches?(uri, client_uri)).to be_falsey
         end
       end
 
       context "client registered query params" do
         it "doesn't allow query being absent" do
-          uri = 'http://app.co'
-          client_uri = 'http://app.co/?vendorId=AJ4L7XXW9'
+          uri = "http://app.co"
+          client_uri = "http://app.co/?vendorId=AJ4L7XXW9"
           expect(URIChecker.matches?(uri, client_uri)).to be_falsey
         end
 
         it "is false if query values differ but key same" do
-          uri = 'http://app.co/?vendorId=pancakes'
-          client_uri = 'http://app.co/?vendorId=waffles'
+          uri = "http://app.co/?vendorId=pancakes"
+          client_uri = "http://app.co/?vendorId=waffles"
           expect(URIChecker.matches?(uri, client_uri)).to be_falsey
         end
 
         it "is false if query values same but key differs" do
-          uri = 'http://app.co/?foo=pancakes'
-          client_uri = 'http://app.co/?bar=pancakes'
+          uri = "http://app.co/?foo=pancakes"
+          client_uri = "http://app.co/?bar=pancakes"
           expect(URIChecker.matches?(uri, client_uri)).to be_falsey
         end
 
         it "is false if query present and match, but unknown queries present" do
-          uri = 'http://app.co/?vendorId=pancakes&unknown=query'
-          client_uri = 'http://app.co/?vendorId=waffles'
+          uri = "http://app.co/?vendorId=pancakes&unknown=query"
+          client_uri = "http://app.co/?vendorId=waffles"
           expect(URIChecker.matches?(uri, client_uri)).to be_falsey
         end
 
         it "is true if queries are present and matche" do
-          uri = 'http://app.co/?vendorId=AJ4L7XXW9&foo=bar'
-          client_uri = 'http://app.co/?vendorId=AJ4L7XXW9&foo=bar'
+          uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
+          client_uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
           expect(URIChecker.matches?(uri, client_uri)).to be_truthy
         end
 
         it "is true if queries are present, match and in different order" do
-          uri = 'http://app.co/?bing=bang&foo=bar'
-          client_uri = 'http://app.co/?foo=bar&bing=bang'
+          uri = "http://app.co/?bing=bang&foo=bar"
+          client_uri = "http://app.co/?foo=bar&bing=bang"
           expect(URIChecker.matches?(uri, client_uri)).to be_truthy
         end
       end
     end
 
-    describe '.valid_for_authorization?' do
-      it 'is true if valid and matches' do
-        uri = client_uri = 'http://app.co/aaa'
+    describe ".valid_for_authorization?" do
+      it "is true if valid and matches" do
+        uri = client_uri = "http://app.co/aaa"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
 
-        uri = client_uri = 'http://app.co/aaa?b=c'
+        uri = client_uri = "http://app.co/aaa?b=c"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
       end
 
-      it 'is true if uri includes blank query' do
-        uri = client_uri = 'http://app.co/aaa?'
+      it "is true if uri includes blank query" do
+        uri = client_uri = "http://app.co/aaa?"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
 
-        uri = 'http://app.co/aaa?'
-        client_uri = 'http://app.co/aaa'
+        uri = "http://app.co/aaa?"
+        client_uri = "http://app.co/aaa"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
 
-        uri = 'http://app.co/aaa'
-        client_uri = 'http://app.co/aaa?'
+        uri = "http://app.co/aaa"
+        client_uri = "http://app.co/aaa?"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
       end
 
-      it 'is false if valid and mismatches' do
-        uri = 'http://app.co/aaa'
-        client_uri = 'http://app.co/bbb'
+      it "is false if valid and mismatches" do
+        uri = "http://app.co/aaa"
+        client_uri = "http://app.co/bbb"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
       end
 
-      it 'is true if valid and included in array' do
-        uri = 'http://app.co/aaa'
+      it "is true if valid and included in array" do
+        uri = "http://app.co/aaa"
         client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
       end
 
-      it 'is false if valid and not included in array' do
-        uri = 'http://app.co/aaa'
+      it "is false if valid and not included in array" do
+        uri = "http://app.co/aaa"
         client_uri = "http://example.com/bbb\nhttp://app.co/cc"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
       end
 
-      it 'is false if queries does not match' do
-        uri = 'http://app.co/aaa?pankcakes=abc'
-        client_uri = 'http://app.co/aaa?waffles=abc'
+      it "is false if queries does not match" do
+        uri = "http://app.co/aaa?pankcakes=abc"
+        client_uri = "http://app.co/aaa?waffles=abc"
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false
       end
 
-      it 'calls .matches?' do
-        uri = 'http://app.co/aaa?pankcakes=abc'
-        client_uri = 'http://app.co/aaa?waffles=abc'
+      it "calls .matches?" do
+        uri = "http://app.co/aaa?pankcakes=abc"
+        client_uri = "http://app.co/aaa?waffles=abc"
         expect(URIChecker).to receive(:matches?).with(uri, client_uri).once
         URIChecker.valid_for_authorization?(uri, client_uri)
       end
 
-      it 'calls .valid?' do
-        uri = 'http://app.co/aaa?pankcakes=abc'
-        client_uri = 'http://app.co/aaa?waffles=abc'
+      it "calls .valid?" do
+        uri = "http://app.co/aaa?pankcakes=abc"
+        client_uri = "http://app.co/aaa?waffles=abc"
         expect(URIChecker).to receive(:valid?).with(uri).once
         URIChecker.valid_for_authorization?(uri, client_uri)
       end
     end
 
-    describe '.query_matches?' do
-      it 'is true if no queries' do
-        expect(URIChecker.query_matches?('', '')).to be_truthy
+    describe ".query_matches?" do
+      it "is true if no queries" do
+        expect(URIChecker.query_matches?("", "")).to be_truthy
         expect(URIChecker.query_matches?(nil, nil)).to be_truthy
       end
 
-      it 'is true if same query' do
-        expect(URIChecker.query_matches?('foo', 'foo')).to be_truthy
+      it "is true if same query" do
+        expect(URIChecker.query_matches?("foo", "foo")).to be_truthy
       end
 
-      it 'is false if different query' do
-        expect(URIChecker.query_matches?('foo', 'bar')).to be_falsey
+      it "is false if different query" do
+        expect(URIChecker.query_matches?("foo", "bar")).to be_falsey
       end
 
-      it 'is true if same queries' do
-        expect(URIChecker.query_matches?('foo&bar', 'foo&bar')).to be_truthy
+      it "is true if same queries" do
+        expect(URIChecker.query_matches?("foo&bar", "foo&bar")).to be_truthy
       end
 
-      it 'is true if same queries, different order' do
-        expect(URIChecker.query_matches?('foo&bar', 'bar&foo')).to be_truthy
+      it "is true if same queries, different order" do
+        expect(URIChecker.query_matches?("foo&bar", "bar&foo")).to be_truthy
       end
 
-      it 'is false if one different query' do
-        expect(URIChecker.query_matches?('foo&bang', 'foo&bing')).to be_falsey
+      it "is false if one different query" do
+        expect(URIChecker.query_matches?("foo&bang", "foo&bing")).to be_falsey
       end
 
-      it 'is true if same query with same value' do
-        expect(URIChecker.query_matches?('foo=bar', 'foo=bar')).to be_truthy
+      it "is true if same query with same value" do
+        expect(URIChecker.query_matches?("foo=bar", "foo=bar")).to be_truthy
       end
 
-      it 'is true if same queries with same values' do
-        expect(URIChecker.query_matches?('foo=bar&bing=bang', 'foo=bar&bing=bang')).to be_truthy
+      it "is true if same queries with same values" do
+        expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=bang")).to be_truthy
       end
 
-      it 'is true if same queries with same values, different order' do
-        expect(URIChecker.query_matches?('foo=bar&bing=bang', 'bing=bang&foo=bar')).to be_truthy
+      it "is true if same queries with same values, different order" do
+        expect(URIChecker.query_matches?("foo=bar&bing=bang", "bing=bang&foo=bar")).to be_truthy
       end
 
-      it 'is false if same query with different value' do
-        expect(URIChecker.query_matches?('foo=bar', 'foo=bang')).to be_falsey
+      it "is false if same query with different value" do
+        expect(URIChecker.query_matches?("foo=bar", "foo=bang")).to be_falsey
       end
 
-      it 'is false if some queries missing' do
-        expect(URIChecker.query_matches?('foo=bar', 'foo=bar&bing=bang')).to be_falsey
+      it "is false if some queries missing" do
+        expect(URIChecker.query_matches?("foo=bar", "foo=bar&bing=bang")).to be_falsey
       end
 
-      it 'is false if some queries different value' do
-        expect(URIChecker.query_matches?('foo=bar&bing=bang', 'foo=bar&bing=banana')).to be_falsey
+      it "is false if some queries different value" do
+        expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=banana")).to be_falsey
       end
     end
   end

data/spec/lib/oauth/invalid_token_response_spec.rb

@@ -1,4 +1,6 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module Doorkeeper::OAuth
   describe InvalidTokenResponse do

data/spec/lib/oauth/password_access_token_request_spec.rb

@@ -1,4 +1,6 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module Doorkeeper::OAuth
   describe PasswordAccessTokenRequest do
@@ -16,11 +18,15 @@ module Doorkeeper::OAuth
     let(:client) { FactoryBot.create(:application) }
     let(:owner)  { double :owner, id: 99 }
 
+    before do
+      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
+    end
+
     subject do
       PasswordAccessTokenRequest.new(server, client, owner)
     end
 
-    it 'issues a new token for the client' do
+    it "issues a new token for the client" do
       expect do
         subject.authorize
       end.to change { client.reload.access_tokens.count }.by(1)
@@ -28,35 +34,35 @@ module Doorkeeper::OAuth
       expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
     end
 
-    it 'issues a new token without a client' do
+    it "issues a new token without a client" do
       expect do
         subject.client = nil
         subject.authorize
       end.to change { Doorkeeper::AccessToken.count }.by(1)
     end
 
-    it 'does not issue a new token with an invalid client' do
+    it "does not issue a new token with an invalid client" do
       expect do
         subject.client = nil
-        subject.parameters = { client_id: 'bad_id' }
+        subject.parameters = { client_id: "bad_id" }
         subject.authorize
       end.not_to(change { Doorkeeper::AccessToken.count })
 
       expect(subject.error).to eq(:invalid_client)
     end
 
-    it 'requires the owner' do
+    it "requires the owner" do
       subject.resource_owner = nil
       subject.validate
       expect(subject.error).to eq(:invalid_grant)
     end
 
-    it 'optionally accepts the client' do
+    it "optionally accepts the client" do
       subject.client = nil
       expect(subject).to be_valid
     end
 
-    it 'creates token even when there is already one (default)' do
+    it "creates token even when there is already one (default)" do
       FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
 
       expect do
@@ -64,7 +70,7 @@ module Doorkeeper::OAuth
       end.to change { Doorkeeper::AccessToken.count }.by(1)
     end
 
-    it 'skips token creation if there is already one reusable' do
+    it "skips token creation if there is already one reusable" do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
       FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
 
@@ -73,7 +79,7 @@ module Doorkeeper::OAuth
       end.not_to(change { Doorkeeper::AccessToken.count })
     end
 
-    it 'creates token when there is already one but non reusable' do
+    it "creates token when there is already one but non reusable" do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
       FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
       allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
@@ -93,49 +99,53 @@ module Doorkeeper::OAuth
       subject.authorize
     end
 
-    describe 'with scopes' do
+    describe "with scopes" do
       subject do
-        PasswordAccessTokenRequest.new(server, client, owner, scope: 'public')
+        PasswordAccessTokenRequest.new(server, client, owner, scope: "public")
       end
 
-      context 'when scopes_by_grant_type is not configured for grant_type' do
-        it 'returns error when scopes are invalid' do
-          allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('another'))
+      context "when scopes_by_grant_type is not configured for grant_type" do
+        it "returns error when scopes are invalid" do
+          allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("another"))
           subject.validate
           expect(subject.error).to eq(:invalid_scope)
         end
 
-        it 'creates the token with scopes if scopes are valid' do
-          allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public'))
+        it "creates the token with scopes if scopes are valid" do
+          allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
           expect do
             subject.authorize
           end.to change { Doorkeeper::AccessToken.count }.by(1)
 
-          expect(Doorkeeper::AccessToken.last.scopes).to include('public')
+          expect(Doorkeeper::AccessToken.last.scopes).to include("public")
         end
       end
 
-      context 'when scopes_by_grant_type is configured for grant_type' do
-        it 'returns error when scopes are valid but not permitted for grant_type' do
-          allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public'))
-          allow(Doorkeeper.configuration).to receive(:scopes_by_grant_type).and_return(password: 'another')
+      context "when scopes_by_grant_type is configured for grant_type" do
+        it "returns error when scopes are valid but not permitted for grant_type" do
+          allow(server)
+            .to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
+          allow(Doorkeeper.configuration)
+            .to receive(:scopes_by_grant_type).and_return(password: "another")
           subject.validate
           expect(subject.error).to eq(:invalid_scope)
         end
 
-        it 'creates the token with scopes if scopes are valid and permitted for grant_type' do
-          allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public'))
-          allow(Doorkeeper.configuration).to receive(:scopes_by_grant_type).and_return(password: [:public])
+        it "creates the token with scopes if scopes are valid and permitted for grant_type" do
+          allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
+          allow(Doorkeeper.configuration)
+            .to receive(:scopes_by_grant_type).and_return(password: [:public])
+
           expect do
             subject.authorize
           end.to change { Doorkeeper::AccessToken.count }.by(1)
 
-          expect(Doorkeeper::AccessToken.last.scopes).to include('public')
+          expect(Doorkeeper::AccessToken.last.scopes).to include("public")
         end
       end
     end
 
-    describe 'with custom expiry' do
+    describe "with custom expiry" do
       let(:server) do
         double(
           :server,
@@ -143,14 +153,22 @@ module Doorkeeper::OAuth
           access_token_expires_in: 2.hours,
           refresh_token_enabled?: false,
           custom_access_token_expires_in: lambda { |context|
-            context.scopes.exists?('public') ? 222 : nil
+            if context.scopes.exists?("public")
+              222
+            elsif context.scopes.exists?("magic")
+              Float::INFINITY
+            end
           }
         )
       end
 
-      it 'checks scopes' do
-        subject = PasswordAccessTokenRequest.new(server, client, owner, scope: 'public')
-        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('public'))
+      before do
+        allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
+      end
+
+      it "checks scopes" do
+        subject = PasswordAccessTokenRequest.new(server, client, owner, scope: "public")
+        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
 
         expect do
           subject.authorize
@@ -159,9 +177,9 @@ module Doorkeeper::OAuth
         expect(Doorkeeper::AccessToken.last.expires_in).to eq(222)
       end
 
-      it 'falls back to the default otherwise' do
-        subject = PasswordAccessTokenRequest.new(server, client, owner, scope: 'private')
-        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string('private'))
+      it "falls back to the default otherwise" do
+        subject = PasswordAccessTokenRequest.new(server, client, owner, scope: "private")
+        allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("private"))
 
         expect do
           subject.authorize