doorkeeper 5.1.0.rc2 → 5.1.0

data/spec/lib/oauth/pre_authorization_spec.rb

@@ -1,29 +1,31 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module Doorkeeper::OAuth
   describe PreAuthorization do
     let(:server) do
       server = Doorkeeper.configuration
       allow(server).to receive(:default_scopes).and_return(Scopes.new)
-      allow(server).to receive(:scopes).and_return(Scopes.from_string('public profile'))
+      allow(server).to receive(:scopes).and_return(Scopes.from_string("public profile"))
       server
     end
 
     let(:application) do
       application = double :application
-      allow(application).to receive(:scopes).and_return(Scopes.from_string(''))
+      allow(application).to receive(:scopes).and_return(Scopes.from_string(""))
       application
     end
 
     let(:client) do
-      double :client, redirect_uri: 'http://tst.com/auth', application: application
+      double :client, redirect_uri: "http://tst.com/auth", application: application
     end
 
     let :attributes do
       {
-        response_type: 'code',
-        redirect_uri: 'http://tst.com/auth',
-        state: 'save-this'
+        response_type: "code",
+        redirect_uri: "http://tst.com/auth",
+        state: "save-this",
       }
     end
 
@@ -31,157 +33,157 @@ module Doorkeeper::OAuth
       PreAuthorization.new(server, client, attributes)
     end
 
-    it 'is authorizable when request is valid' do
+    it "is authorizable when request is valid" do
       expect(subject).to be_authorizable
     end
 
-    it 'accepts code as response type' do
-      subject.response_type = 'code'
+    it "accepts code as response type" do
+      subject.response_type = "code"
       expect(subject).to be_authorizable
     end
 
-    it 'accepts token as response type' do
-      allow(server).to receive(:grant_flows).and_return(['implicit'])
-      subject.response_type = 'token'
+    it "accepts token as response type" do
+      allow(server).to receive(:grant_flows).and_return(["implicit"])
+      subject.response_type = "token"
       expect(subject).to be_authorizable
     end
 
-    context 'when using default grant flows' do
+    context "when using default grant flows" do
       it 'accepts "code" as response type' do
-        subject.response_type = 'code'
+        subject.response_type = "code"
         expect(subject).to be_authorizable
       end
 
       it 'accepts "token" as response type' do
-        allow(server).to receive(:grant_flows).and_return(['implicit'])
-        subject.response_type = 'token'
+        allow(server).to receive(:grant_flows).and_return(["implicit"])
+        subject.response_type = "token"
         expect(subject).to be_authorizable
       end
     end
 
-    context 'when authorization code grant flow is disabled' do
+    context "when authorization code grant flow is disabled" do
       before do
-        allow(server).to receive(:grant_flows).and_return(['implicit'])
+        allow(server).to receive(:grant_flows).and_return(["implicit"])
       end
 
       it 'does not accept "code" as response type' do
-        subject.response_type = 'code'
+        subject.response_type = "code"
         expect(subject).not_to be_authorizable
       end
     end
 
-    context 'when implicit grant flow is disabled' do
+    context "when implicit grant flow is disabled" do
       before do
-        allow(server).to receive(:grant_flows).and_return(['authorization_code'])
+        allow(server).to receive(:grant_flows).and_return(["authorization_code"])
       end
 
       it 'does not accept "token" as response type' do
-        subject.response_type = 'token'
+        subject.response_type = "token"
         expect(subject).not_to be_authorizable
       end
     end
 
-    context 'client application does not restrict valid scopes' do
-      it 'accepts valid scopes' do
-        subject.scope = 'public'
+    context "client application does not restrict valid scopes" do
+      it "accepts valid scopes" do
+        subject.scope = "public"
         expect(subject).to be_authorizable
       end
 
-      it 'rejects (globally) non-valid scopes' do
-        subject.scope = 'invalid'
+      it "rejects (globally) non-valid scopes" do
+        subject.scope = "invalid"
         expect(subject).not_to be_authorizable
       end
 
-      it 'accepts scopes which are permitted for grant_type' do
+      it "accepts scopes which are permitted for grant_type" do
         allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:public])
-        subject.scope = 'public'
+        subject.scope = "public"
         expect(subject).to be_authorizable
       end
 
-      it 'rejects scopes which are not permitted for grant_type' do
+      it "rejects scopes which are not permitted for grant_type" do
         allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:profile])
-        subject.scope = 'public'
+        subject.scope = "public"
         expect(subject).not_to be_authorizable
       end
     end
 
-    context 'client application restricts valid scopes' do
+    context "client application restricts valid scopes" do
       let(:application) do
         application = double :application
-        allow(application).to receive(:scopes).and_return(Scopes.from_string('public nonsense'))
+        allow(application).to receive(:scopes).and_return(Scopes.from_string("public nonsense"))
         application
       end
 
-      it 'accepts valid scopes' do
-        subject.scope = 'public'
+      it "accepts valid scopes" do
+        subject.scope = "public"
         expect(subject).to be_authorizable
       end
 
-      it 'rejects (globally) non-valid scopes' do
-        subject.scope = 'invalid'
+      it "rejects (globally) non-valid scopes" do
+        subject.scope = "invalid"
         expect(subject).not_to be_authorizable
       end
 
-      it 'rejects (application level) non-valid scopes' do
-        subject.scope = 'profile'
+      it "rejects (application level) non-valid scopes" do
+        subject.scope = "profile"
         expect(subject).to_not be_authorizable
       end
 
-      it 'accepts scopes which are permitted for grant_type' do
+      it "accepts scopes which are permitted for grant_type" do
         allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:public])
-        subject.scope = 'public'
+        subject.scope = "public"
         expect(subject).to be_authorizable
       end
 
-      it 'rejects scopes which are not permitted for grant_type' do
+      it "rejects scopes which are not permitted for grant_type" do
         allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:profile])
-        subject.scope = 'public'
+        subject.scope = "public"
         expect(subject).not_to be_authorizable
       end
     end
 
-    it 'uses default scopes when none is required' do
-      allow(server).to receive(:default_scopes).and_return(Scopes.from_string('default'))
+    it "uses default scopes when none is required" do
+      allow(server).to receive(:default_scopes).and_return(Scopes.from_string("default"))
       subject.scope = nil
-      expect(subject.scope).to eq('default')
-      expect(subject.scopes).to eq(Scopes.from_string('default'))
+      expect(subject.scope).to eq("default")
+      expect(subject.scopes).to eq(Scopes.from_string("default"))
     end
 
-    context 'with native redirect uri' do
-      let(:native_redirect_uri) { 'urn:ietf:wg:oauth:2.0:oob' }
+    context "with native redirect uri" do
+      let(:native_redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
 
-      it 'accepts redirect_uri when it matches with the client' do
+      it "accepts redirect_uri when it matches with the client" do
         subject.redirect_uri = native_redirect_uri
         allow(subject.client).to receive(:redirect_uri) { native_redirect_uri }
         expect(subject).to be_authorizable
       end
 
-      it 'invalidates redirect_uri when it does\'n match with the client' do
-        subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
+      it "invalidates redirect_uri when it does'n match with the client" do
+        subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
         expect(subject).not_to be_authorizable
       end
     end
 
-    it 'matches the redirect uri against client\'s one' do
-      subject.redirect_uri = 'http://nothesame.com'
+    it "matches the redirect uri against client's one" do
+      subject.redirect_uri = "http://nothesame.com"
       expect(subject).not_to be_authorizable
     end
 
-    it 'stores the state' do
-      expect(subject.state).to eq('save-this')
+    it "stores the state" do
+      expect(subject.state).to eq("save-this")
     end
 
-    it 'rejects if response type is not allowed' do
-      subject.response_type = 'whops'
+    it "rejects if response type is not allowed" do
+      subject.response_type = "whops"
       expect(subject).not_to be_authorizable
     end
 
-    it 'requires an existing client' do
+    it "requires an existing client" do
       subject.client = nil
       expect(subject).not_to be_authorizable
     end
 
-    it 'requires a redirect uri' do
+    it "requires a redirect uri" do
       subject.redirect_uri = nil
       expect(subject).not_to be_authorizable
     end
@@ -206,7 +208,7 @@ module Doorkeeper::OAuth
         expect(json[:response_type]).to eq subject.response_type
         expect(json[:scope]).to eq subject.scope
         expect(json[:client_name]).to eq client_name
-        expect(json[:status]).to eq I18n.t('doorkeeper.pre_authorization.status')
+        expect(json[:status]).to eq I18n.t("doorkeeper.pre_authorization.status")
       end
     end
   end

data/spec/lib/oauth/refresh_token_request_spec.rb

@@ -1,15 +1,12 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module Doorkeeper::OAuth
   describe RefreshTokenRequest do
-    before do
-      allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
-    end
-
     let(:server) do
       double :server,
-             access_token_expires_in: 2.minutes,
-             custom_access_token_expires_in: ->(_context) { nil }
+             access_token_expires_in: 2.minutes
     end
 
     let(:refresh_token) do
@@ -19,21 +16,27 @@ module Doorkeeper::OAuth
     let(:client) { refresh_token.application }
     let(:credentials) { Client::Credentials.new(client.uid, client.secret) }
 
+    before do
+      allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
+      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
+    end
+
     subject { RefreshTokenRequest.new server, refresh_token, credentials }
 
-    it 'issues a new token for the client' do
+    it "issues a new token for the client" do
       expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
       # #sort_by used for MongoDB ORM extensions for valid ordering
       expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(120)
     end
 
-    it 'issues a new token for the client with custom expires_in' do
+    it "issues a new token for the client with custom expires_in" do
       server = double :server,
                       access_token_expires_in: 2.minutes,
                       custom_access_token_expires_in: lambda { |context|
                         context.grant_type == Doorkeeper::OAuth::REFRESH_TOKEN ? 1234 : nil
                       }
 
+      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
       allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
 
       RefreshTokenRequest.new(server, refresh_token, credentials).authorize
@@ -42,7 +45,7 @@ module Doorkeeper::OAuth
       expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
     end
 
-    it 'revokes the previous token' do
+    it "revokes the previous token" do
       expect { subject.authorize }.to change { refresh_token.revoked? }.from(false).to(true)
     end
 
@@ -56,13 +59,13 @@ module Doorkeeper::OAuth
       subject.authorize
     end
 
-    it 'requires the refresh token' do
+    it "requires the refresh token" do
       subject.refresh_token = nil
       subject.validate
       expect(subject.error).to eq(:invalid_request)
     end
 
-    it 'requires credentials to be valid if provided' do
+    it "requires credentials to be valid if provided" do
       subject.client = nil
       subject.validate
       expect(subject.error).to eq(:invalid_client)
@@ -74,20 +77,20 @@ module Doorkeeper::OAuth
       expect(subject.error).to eq(:invalid_grant)
     end
 
-    it 'rejects revoked tokens' do
+    it "rejects revoked tokens" do
       refresh_token.revoke
       subject.validate
       expect(subject.error).to eq(:invalid_grant)
     end
 
-    it 'accepts expired tokens' do
+    it "accepts expired tokens" do
       refresh_token.expires_in = -1
       refresh_token.save
       subject.validate
       expect(subject).to be_valid
     end
 
-    context 'refresh tokens expire on access token use' do
+    context "refresh tokens expire on access token use" do
       let(:server) do
         double :server,
                access_token_expires_in: 2.minutes,
@@ -100,16 +103,16 @@ module Doorkeeper::OAuth
         allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(true)
       end
 
-      it 'issues a new token for the client' do
+      it "issues a new token for the client" do
         expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
       end
 
-      it 'does not revoke the previous token' do
+      it "does not revoke the previous token" do
         subject.authorize
         expect(refresh_token).not_to be_revoked
       end
 
-      it 'sets the previous refresh token in the new access token' do
+      it "sets the previous refresh token in the new access token" do
         subject.authorize
         expect(
           # #sort_by used for MongoDB ORM extensions for valid ordering
@@ -118,53 +121,53 @@ module Doorkeeper::OAuth
       end
     end
 
-    context 'clientless access tokens' do
+    context "clientless access tokens" do
       let!(:refresh_token) { FactoryBot.create(:clientless_access_token, use_refresh_token: true) }
 
       subject { RefreshTokenRequest.new server, refresh_token, nil }
 
-      it 'issues a new token without a client' do
+      it "issues a new token without a client" do
         expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
       end
     end
 
-    context 'with scopes' do
+    context "with scopes" do
       let(:refresh_token) do
         FactoryBot.create :access_token,
                           use_refresh_token: true,
-                          scopes: 'public write'
+                          scopes: "public write"
       end
       let(:parameters) { {} }
       subject { RefreshTokenRequest.new server, refresh_token, credentials, parameters }
 
-      it 'transfers scopes from the old token to the new token' do
+      it "transfers scopes from the old token to the new token" do
         subject.authorize
         expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public write])
       end
 
-      it 'reduces scopes to the provided scopes' do
-        parameters[:scopes] = 'public'
+      it "reduces scopes to the provided scopes" do
+        parameters[:scopes] = "public"
         subject.authorize
         expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public])
       end
 
-      it 'validates that scopes are included in the original access token' do
-        parameters[:scopes] = 'public update'
+      it "validates that scopes are included in the original access token" do
+        parameters[:scopes] = "public update"
 
         subject.validate
         expect(subject.error).to eq(:invalid_scope)
       end
 
-      it 'uses params[:scope] in favor of scopes if present (valid)' do
-        parameters[:scopes] = 'public update'
-        parameters[:scope] = 'public'
+      it "uses params[:scope] in favor of scopes if present (valid)" do
+        parameters[:scopes] = "public update"
+        parameters[:scope] = "public"
         subject.authorize
         expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public])
       end
 
-      it 'uses params[:scope] in favor of scopes if present (invalid)' do
-        parameters[:scopes] = 'public'
-        parameters[:scope] = 'public update'
+      it "uses params[:scope] in favor of scopes if present (invalid)" do
+        parameters[:scopes] = "public"
+        parameters[:scope] = "public update"
 
         subject.validate
         expect(subject.error).to eq(:invalid_scope)

data/spec/lib/oauth/scopes_spec.rb

@@ -1,113 +1,115 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module Doorkeeper::OAuth
   describe Scopes do
-    describe '#add' do
-      it 'allows you to add scopes with symbols' do
+    describe "#add" do
+      it "allows you to add scopes with symbols" do
         subject.add :public
-        expect(subject.all).to eq(['public'])
+        expect(subject.all).to eq(["public"])
       end
 
-      it 'allows you to add scopes with strings' do
-        subject.add 'public'
-        expect(subject.all).to eq(['public'])
+      it "allows you to add scopes with strings" do
+        subject.add "public"
+        expect(subject.all).to eq(["public"])
       end
 
-      it 'do not add already included scopes' do
+      it "do not add already included scopes" do
         subject.add :public
         subject.add :public
-        expect(subject.all).to eq(['public'])
+        expect(subject.all).to eq(["public"])
       end
     end
 
-    describe '#exists' do
+    describe "#exists" do
       before do
         subject.add :public
       end
 
-      it 'returns true if scope with given name is present' do
-        expect(subject.exists?('public')).to be_truthy
+      it "returns true if scope with given name is present" do
+        expect(subject.exists?("public")).to be_truthy
       end
 
-      it 'returns false if scope with given name does not exist' do
-        expect(subject.exists?('other')).to be_falsey
+      it "returns false if scope with given name does not exist" do
+        expect(subject.exists?("other")).to be_falsey
       end
 
-      it 'handles symbols' do
+      it "handles symbols" do
         expect(subject.exists?(:public)).to be_truthy
         expect(subject.exists?(:other)).to be_falsey
       end
     end
 
-    describe '.from_string' do
-      let(:string) { 'public write' }
+    describe ".from_string" do
+      let(:string) { "public write" }
 
       subject { Scopes.from_string(string) }
 
       it { expect(subject).to be_a(Scopes) }
 
-      describe '#all' do
-        it 'should be an array of the expected scopes' do
+      describe "#all" do
+        it "should be an array of the expected scopes" do
           scopes_array = subject.all
           expect(scopes_array.size).to eq(2)
-          expect(scopes_array).to include('public')
-          expect(scopes_array).to include('write')
+          expect(scopes_array).to include("public")
+          expect(scopes_array).to include("write")
         end
       end
     end
 
-    describe '#+' do
-      it 'can add to another scope object' do
-        scopes = Scopes.from_string('public') + Scopes.from_string('admin')
+    describe "#+" do
+      it "can add to another scope object" do
+        scopes = Scopes.from_string("public") + Scopes.from_string("admin")
         expect(scopes.all).to eq(%w[public admin])
       end
 
-      it 'does not change the existing object' do
-        origin = Scopes.from_string('public')
-        expect(origin.to_s).to eq('public')
+      it "does not change the existing object" do
+        origin = Scopes.from_string("public")
+        expect(origin.to_s).to eq("public")
       end
 
-      it 'can add an array to a scope object' do
-        scopes = Scopes.from_string('public') + ['admin']
+      it "can add an array to a scope object" do
+        scopes = Scopes.from_string("public") + ["admin"]
         expect(scopes.all).to eq(%w[public admin])
       end
 
-      it 'raises an error if cannot handle addition' do
+      it "raises an error if cannot handle addition" do
         expect do
-          Scopes.from_string('public') + 'admin'
+          Scopes.from_string("public") + "admin"
         end.to raise_error(NoMethodError)
       end
     end
 
-    describe '#&' do
-      it 'can get intersection with another scope object' do
-        scopes = Scopes.from_string('public admin') & Scopes.from_string('write admin')
+    describe "#&" do
+      it "can get intersection with another scope object" do
+        scopes = Scopes.from_string("public admin") & Scopes.from_string("write admin")
         expect(scopes.all).to eq(%w[admin])
       end
 
-      it 'does not change the existing object' do
-        origin = Scopes.from_string('public admin')
-        origin & Scopes.from_string('write admin')
-        expect(origin.to_s).to eq('public admin')
+      it "does not change the existing object" do
+        origin = Scopes.from_string("public admin")
+        origin & Scopes.from_string("write admin")
+        expect(origin.to_s).to eq("public admin")
       end
 
-      it 'can get intersection with an array' do
-        scopes = Scopes.from_string('public admin') & %w[write admin]
+      it "can get intersection with an array" do
+        scopes = Scopes.from_string("public admin") & %w[write admin]
         expect(scopes.all).to eq(%w[admin])
       end
     end
 
-    describe '#==' do
-      it 'is equal to another set of scopes' do
-        expect(Scopes.from_string('public')).to eq(Scopes.from_string('public'))
+    describe "#==" do
+      it "is equal to another set of scopes" do
+        expect(Scopes.from_string("public")).to eq(Scopes.from_string("public"))
       end
 
-      it 'is equal to another set of scopes with no particular order' do
-        expect(Scopes.from_string('public write')).to eq(Scopes.from_string('write public'))
+      it "is equal to another set of scopes with no particular order" do
+        expect(Scopes.from_string("public write")).to eq(Scopes.from_string("write public"))
       end
 
-      it 'differs from another set of scopes when scopes are not the same' do
-        expect(Scopes.from_string('public write')).not_to eq(Scopes.from_string('write'))
+      it "differs from another set of scopes when scopes are not the same" do
+        expect(Scopes.from_string("public write")).not_to eq(Scopes.from_string("write"))
       end
 
       it "does not raise an error when compared to a non-enumerable object" do
@@ -115,31 +117,31 @@ module Doorkeeper::OAuth
       end
     end
 
-    describe '#has_scopes?' do
-      subject { Scopes.from_string('public admin') }
+    describe "#has_scopes?" do
+      subject { Scopes.from_string("public admin") }
 
-      it 'returns true when at least one scope is included' do
-        expect(subject.has_scopes?(Scopes.from_string('public'))).to be_truthy
+      it "returns true when at least one scope is included" do
+        expect(subject.has_scopes?(Scopes.from_string("public"))).to be_truthy
       end
 
-      it 'returns true when all scopes are included' do
-        expect(subject.has_scopes?(Scopes.from_string('public admin'))).to be_truthy
+      it "returns true when all scopes are included" do
+        expect(subject.has_scopes?(Scopes.from_string("public admin"))).to be_truthy
       end
 
-      it 'is true if all scopes are included in any order' do
-        expect(subject.has_scopes?(Scopes.from_string('admin public'))).to be_truthy
+      it "is true if all scopes are included in any order" do
+        expect(subject.has_scopes?(Scopes.from_string("admin public"))).to be_truthy
       end
 
-      it 'is false if no scopes are included' do
-        expect(subject.has_scopes?(Scopes.from_string('notexistent'))).to be_falsey
+      it "is false if no scopes are included" do
+        expect(subject.has_scopes?(Scopes.from_string("notexistent"))).to be_falsey
       end
 
-      it 'returns false when any scope is not included' do
-        expect(subject.has_scopes?(Scopes.from_string('public nope'))).to be_falsey
+      it "returns false when any scope is not included" do
+        expect(subject.has_scopes?(Scopes.from_string("public nope"))).to be_falsey
       end
 
-      it 'is false if no scopes are included even for existing ones' do
-        expect(subject.has_scopes?(Scopes.from_string('public admin notexistent'))).to be_falsey
+      it "is false if no scopes are included even for existing ones" do
+        expect(subject.has_scopes?(Scopes.from_string("public admin notexistent"))).to be_falsey
       end
     end
   end