doorkeeper 5.1.0.rc2 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.hound.yml +2 -1
- data/.rubocop.yml +37 -4
- data/.travis.yml +4 -27
- data/Appraisals +8 -12
- data/Gemfile +6 -2
- data/NEWS.md +16 -0
- data/README.md +11 -2
- data/Rakefile +10 -8
- data/app/controllers/doorkeeper/application_controller.rb +1 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
- data/app/controllers/doorkeeper/applications_controller.rb +17 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/validators/redirect_uri_validator.rb +5 -2
- data/app/views/doorkeeper/applications/_form.html.erb +6 -0
- data/bin/console +5 -4
- data/config/locales/en.yml +1 -0
- data/doorkeeper.gemspec +24 -22
- data/gemfiles/rails_5_0.gemfile +2 -1
- data/gemfiles/rails_5_1.gemfile +2 -1
- data/gemfiles/rails_5_2.gemfile +2 -1
- data/gemfiles/rails_6_0.gemfile +1 -0
- data/gemfiles/rails_master.gemfile +1 -0
- data/lib/doorkeeper.rb +68 -66
- data/lib/doorkeeper/config.rb +53 -90
- data/lib/doorkeeper/config/option.rb +64 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
- data/lib/doorkeeper/grape/helpers.rb +3 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
- data/lib/doorkeeper/models/application_mixin.rb +1 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
- data/lib/doorkeeper/oauth.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/scopes.rb +5 -3
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
- data/lib/doorkeeper/oauth/token_response.rb +9 -9
- data/lib/doorkeeper/orm/active_record.rb +6 -6
- data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
- data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
- data/lib/doorkeeper/orm/active_record/application.rb +6 -5
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
- data/lib/doorkeeper/rails/helpers.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +11 -11
- data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
- data/lib/doorkeeper/rake.rb +1 -1
- data/lib/doorkeeper/rake/db.rake +13 -13
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/secret_storing/base.rb +7 -6
- data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
- data/lib/doorkeeper/secret_storing/plain.rb +4 -4
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
- data/lib/generators/doorkeeper/install_generator.rb +11 -9
- data/lib/generators/doorkeeper/migration_generator.rb +9 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
- data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
- data/lib/generators/doorkeeper/views_generator.rb +6 -4
- data/spec/controllers/application_metal_controller_spec.rb +10 -10
- data/spec/controllers/applications_controller_spec.rb +54 -52
- data/spec/controllers/authorizations_controller_spec.rb +136 -142
- data/spec/controllers/protected_resources_controller_spec.rb +78 -76
- data/spec/controllers/token_info_controller_spec.rb +13 -11
- data/spec/controllers/tokens_controller_spec.rb +109 -94
- data/spec/dummy/Rakefile +3 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/controllers/home_controller.rb +5 -3
- data/spec/dummy/app/controllers/metal_controller.rb +2 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +2 -0
- data/spec/dummy/config.ru +3 -1
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/environments/development.rb +2 -0
- data/spec/dummy/config/environments/production.rb +2 -0
- data/spec/dummy/config/environments/test.rb +3 -1
- data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
- data/spec/dummy/config/initializers/secret_token.rb +3 -1
- data/spec/dummy/config/initializers/session_store.rb +3 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
- data/spec/dummy/db/schema.rb +1 -1
- data/spec/dummy/script/rails +5 -3
- data/spec/factories.rb +5 -3
- data/spec/generators/application_owner_generator_spec.rb +13 -26
- data/spec/generators/confidential_applications_generator_spec.rb +12 -28
- data/spec/generators/install_generator_spec.rb +17 -15
- data/spec/generators/migration_generator_spec.rb +13 -26
- data/spec/generators/pkce_generator_spec.rb +11 -26
- data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
- data/spec/generators/templates/routes.rb +2 -0
- data/spec/generators/views_generator_spec.rb +14 -12
- data/spec/grape/grape_integration_spec.rb +34 -32
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
- data/spec/lib/config_spec.rb +137 -136
- data/spec/lib/doorkeeper_spec.rb +3 -1
- data/spec/lib/models/expirable_spec.rb +12 -10
- data/spec/lib/models/reusable_spec.rb +6 -6
- data/spec/lib/models/revocable_spec.rb +8 -6
- data/spec/lib/models/scopes_spec.rb +19 -17
- data/spec/lib/models/secret_storable_spec.rb +71 -49
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
- data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
- data/spec/lib/oauth/base_request_spec.rb +20 -8
- data/spec/lib/oauth/base_response_spec.rb +3 -1
- data/spec/lib/oauth/client/credentials_spec.rb +24 -22
- data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
- data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
- data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
- data/spec/lib/oauth/client_spec.rb +15 -13
- data/spec/lib/oauth/code_request_spec.rb +8 -6
- data/spec/lib/oauth/code_response_spec.rb +9 -7
- data/spec/lib/oauth/error_response_spec.rb +14 -12
- data/spec/lib/oauth/error_spec.rb +4 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
- data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
- data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
- data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
- data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
- data/spec/lib/oauth/scopes_spec.rb +63 -61
- data/spec/lib/oauth/token_request_spec.rb +66 -26
- data/spec/lib/oauth/token_response_spec.rb +39 -37
- data/spec/lib/oauth/token_spec.rb +51 -49
- data/spec/lib/request/strategy_spec.rb +3 -1
- data/spec/lib/secret_storing/base_spec.rb +23 -23
- data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
- data/spec/lib/secret_storing/plain_spec.rb +17 -17
- data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
- data/spec/lib/server_spec.rb +16 -14
- data/spec/lib/stale_records_cleaner_spec.rb +17 -17
- data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
- data/spec/models/doorkeeper/access_token_spec.rb +97 -95
- data/spec/models/doorkeeper/application_spec.rb +98 -57
- data/spec/requests/applications/applications_request_spec.rb +98 -66
- data/spec/requests/applications/authorized_applications_spec.rb +20 -18
- data/spec/requests/endpoints/authorization_spec.rb +25 -23
- data/spec/requests/endpoints/token_spec.rb +38 -36
- data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
- data/spec/requests/flows/authorization_code_spec.rb +161 -159
- data/spec/requests/flows/client_credentials_spec.rb +53 -51
- data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
- data/spec/requests/flows/implicit_grant_spec.rb +27 -25
- data/spec/requests/flows/password_spec.rb +56 -54
- data/spec/requests/flows/refresh_token_spec.rb +45 -43
- data/spec/requests/flows/revoke_token_spec.rb +29 -27
- data/spec/requests/flows/skip_authorization_spec.rb +23 -21
- data/spec/requests/protected_resources/metal_spec.rb +7 -5
- data/spec/requests/protected_resources/private_api_spec.rb +35 -33
- data/spec/routing/custom_controller_routes_spec.rb +67 -65
- data/spec/routing/default_routes_spec.rb +22 -20
- data/spec/routing/scoped_routes_spec.rb +20 -18
- data/spec/spec_helper.rb +14 -13
- data/spec/spec_helper_integration.rb +3 -1
- data/spec/support/dependencies/factory_bot.rb +3 -1
- data/spec/support/doorkeeper_rspec.rb +3 -1
- data/spec/support/helpers/access_token_request_helper.rb +3 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -2
- data/spec/support/helpers/config_helper.rb +2 -0
- data/spec/support/helpers/model_helper.rb +3 -1
- data/spec/support/helpers/request_spec_helper.rb +5 -3
- data/spec/support/helpers/url_helper.rb +9 -7
- data/spec/support/http_method_shim.rb +4 -9
- data/spec/support/orm/active_record.rb +3 -1
- data/spec/support/shared/controllers_shared_context.rb +18 -16
- data/spec/support/shared/hashing_shared_context.rb +3 -3
- data/spec/support/shared/models_shared_examples.rb +12 -10
- data/spec/validators/redirect_uri_validator_spec.rb +74 -45
- data/spec/version/version_spec.rb +7 -5
- metadata +12 -16
- data/gemfiles/rails_4_2.gemfile +0 -17
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
- data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14
@@ -1,18 +1,20 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe TokenRequest do
|
5
7
|
let :application do
|
6
|
-
FactoryBot.create(:application, scopes:
|
8
|
+
FactoryBot.create(:application, scopes: "public")
|
7
9
|
end
|
8
10
|
|
9
11
|
let :pre_auth do
|
10
12
|
double(
|
11
13
|
:pre_auth,
|
12
14
|
client: application,
|
13
|
-
redirect_uri:
|
15
|
+
redirect_uri: "http://tst.com/cb",
|
14
16
|
state: nil,
|
15
|
-
scopes: Scopes.from_string(
|
17
|
+
scopes: Scopes.from_string("public"),
|
16
18
|
error: nil,
|
17
19
|
authorizable?: true
|
18
20
|
)
|
@@ -26,78 +28,116 @@ module Doorkeeper::OAuth
|
|
26
28
|
TokenRequest.new(pre_auth, owner)
|
27
29
|
end
|
28
30
|
|
29
|
-
it
|
31
|
+
it "creates an access token" do
|
30
32
|
expect do
|
31
33
|
subject.authorize
|
32
34
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
33
35
|
end
|
34
36
|
|
35
|
-
it
|
37
|
+
it "returns a code response" do
|
36
38
|
expect(subject.authorize).to be_a(CodeResponse)
|
37
39
|
end
|
38
40
|
|
39
|
-
it
|
41
|
+
it "does not create token when not authorizable" do
|
40
42
|
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
41
43
|
expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
|
42
44
|
end
|
43
45
|
|
44
|
-
it
|
46
|
+
it "returns a error response" do
|
45
47
|
allow(pre_auth).to receive(:authorizable?).and_return(false)
|
46
48
|
expect(subject.authorize).to be_a(ErrorResponse)
|
47
49
|
end
|
48
50
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
51
|
+
describe "with custom expiration" do
|
52
|
+
context "when proper TTL returned" do
|
53
|
+
before do
|
54
|
+
Doorkeeper.configure do
|
55
|
+
orm DOORKEEPER_ORM
|
56
|
+
custom_access_token_expires_in do |context|
|
57
|
+
context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
|
58
|
+
end
|
55
59
|
end
|
56
60
|
end
|
61
|
+
|
62
|
+
it "should use the custom ttl" do
|
63
|
+
subject.authorize
|
64
|
+
token = Doorkeeper::AccessToken.first
|
65
|
+
expect(token.expires_in).to eq(1234)
|
66
|
+
end
|
57
67
|
end
|
58
68
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
69
|
+
context "when nil TTL returned" do
|
70
|
+
before do
|
71
|
+
Doorkeeper.configure do
|
72
|
+
orm DOORKEEPER_ORM
|
73
|
+
access_token_expires_in 654
|
74
|
+
custom_access_token_expires_in do |_context|
|
75
|
+
nil
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
it "should fallback to access_token_expires_in" do
|
81
|
+
subject.authorize
|
82
|
+
token = Doorkeeper::AccessToken.first
|
83
|
+
expect(token.expires_in).to eq(654)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
context "when infinite TTL returned" do
|
88
|
+
before do
|
89
|
+
Doorkeeper.configure do
|
90
|
+
orm DOORKEEPER_ORM
|
91
|
+
access_token_expires_in 654
|
92
|
+
custom_access_token_expires_in do |_context|
|
93
|
+
Float::INFINITY
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
it "should fallback to access_token_expires_in" do
|
99
|
+
subject.authorize
|
100
|
+
token = Doorkeeper::AccessToken.first
|
101
|
+
expect(token.expires_in).to be_nil
|
102
|
+
end
|
63
103
|
end
|
64
104
|
end
|
65
105
|
|
66
|
-
context
|
67
|
-
it
|
106
|
+
context "token reuse" do
|
107
|
+
it "creates a new token if there are no matching tokens" do
|
68
108
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
69
109
|
expect do
|
70
110
|
subject.authorize
|
71
111
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
72
112
|
end
|
73
113
|
|
74
|
-
it
|
114
|
+
it "creates a new token if scopes do not match" do
|
75
115
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
76
116
|
FactoryBot.create(:access_token, application_id: pre_auth.client.id,
|
77
|
-
resource_owner_id: owner.id, scopes:
|
117
|
+
resource_owner_id: owner.id, scopes: "")
|
78
118
|
expect do
|
79
119
|
subject.authorize
|
80
120
|
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
81
121
|
end
|
82
122
|
|
83
|
-
it
|
123
|
+
it "skips token creation if there is a matching one reusable" do
|
84
124
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
85
125
|
allow(application.scopes).to receive(:has_scopes?).and_return(true)
|
86
126
|
allow(application.scopes).to receive(:all?).and_return(true)
|
87
127
|
|
88
128
|
FactoryBot.create(:access_token, application_id: pre_auth.client.id,
|
89
|
-
resource_owner_id: owner.id, scopes:
|
129
|
+
resource_owner_id: owner.id, scopes: "public")
|
90
130
|
|
91
131
|
expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
|
92
132
|
end
|
93
133
|
|
94
|
-
it
|
134
|
+
it "creates new token if there is a matching one but non reusable" do
|
95
135
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
96
136
|
allow(application.scopes).to receive(:has_scopes?).and_return(true)
|
97
137
|
allow(application.scopes).to receive(:all?).and_return(true)
|
98
138
|
|
99
139
|
FactoryBot.create(:access_token, application_id: pre_auth.client.id,
|
100
|
-
resource_owner_id: owner.id, scopes:
|
140
|
+
resource_owner_id: owner.id, scopes: "public")
|
101
141
|
|
102
142
|
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
|
103
143
|
|
@@ -1,83 +1,85 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper::OAuth
|
4
6
|
describe TokenResponse do
|
5
7
|
subject { TokenResponse.new(double.as_null_object) }
|
6
8
|
|
7
|
-
it
|
9
|
+
it "includes access token response headers" do
|
8
10
|
headers = subject.headers
|
9
|
-
expect(headers.fetch(
|
10
|
-
expect(headers.fetch(
|
11
|
+
expect(headers.fetch("Cache-Control")).to eq("no-store")
|
12
|
+
expect(headers.fetch("Pragma")).to eq("no-cache")
|
11
13
|
end
|
12
14
|
|
13
|
-
it
|
15
|
+
it "status is ok" do
|
14
16
|
expect(subject.status).to eq(:ok)
|
15
17
|
end
|
16
18
|
|
17
|
-
describe
|
19
|
+
describe ".body" do
|
18
20
|
let(:access_token) do
|
19
21
|
double :access_token,
|
20
|
-
plaintext_token:
|
21
|
-
expires_in:
|
22
|
-
expires_in_seconds:
|
23
|
-
scopes_string:
|
22
|
+
plaintext_token: "some-token",
|
23
|
+
expires_in: "3600",
|
24
|
+
expires_in_seconds: "300",
|
25
|
+
scopes_string: "two scopes",
|
24
26
|
plaintext_refresh_token: "some-refresh-token",
|
25
|
-
token_type:
|
26
|
-
created_at:
|
27
|
+
token_type: "bearer",
|
28
|
+
created_at: 0
|
27
29
|
end
|
28
30
|
|
29
31
|
subject { TokenResponse.new(access_token).body }
|
30
32
|
|
31
|
-
it
|
32
|
-
expect(subject[
|
33
|
+
it "includes :access_token" do
|
34
|
+
expect(subject["access_token"]).to eq("some-token")
|
33
35
|
end
|
34
36
|
|
35
|
-
it
|
36
|
-
expect(subject[
|
37
|
+
it "includes :token_type" do
|
38
|
+
expect(subject["token_type"]).to eq("bearer")
|
37
39
|
end
|
38
40
|
|
39
41
|
# expires_in_seconds is returned as `expires_in` in order to match
|
40
42
|
# the OAuth spec (section 4.2.2)
|
41
|
-
it
|
42
|
-
expect(subject[
|
43
|
+
it "includes :expires_in" do
|
44
|
+
expect(subject["expires_in"]).to eq("300")
|
43
45
|
end
|
44
46
|
|
45
|
-
it
|
46
|
-
expect(subject[
|
47
|
+
it "includes :scope" do
|
48
|
+
expect(subject["scope"]).to eq("two scopes")
|
47
49
|
end
|
48
50
|
|
49
|
-
it
|
50
|
-
expect(subject[
|
51
|
+
it "includes :refresh_token" do
|
52
|
+
expect(subject["refresh_token"]).to eq("some-refresh-token")
|
51
53
|
end
|
52
54
|
|
53
|
-
it
|
54
|
-
expect(subject[
|
55
|
+
it "includes :created_at" do
|
56
|
+
expect(subject["created_at"]).to eq(0)
|
55
57
|
end
|
56
58
|
end
|
57
59
|
|
58
|
-
describe
|
60
|
+
describe ".body filters out empty values" do
|
59
61
|
let(:access_token) do
|
60
62
|
double :access_token,
|
61
|
-
plaintext_token:
|
62
|
-
expires_in_seconds:
|
63
|
-
scopes_string:
|
64
|
-
plaintext_refresh_token:
|
65
|
-
token_type:
|
66
|
-
created_at:
|
63
|
+
plaintext_token: "some-token",
|
64
|
+
expires_in_seconds: "",
|
65
|
+
scopes_string: "",
|
66
|
+
plaintext_refresh_token: "",
|
67
|
+
token_type: "bearer",
|
68
|
+
created_at: 0
|
67
69
|
end
|
68
70
|
|
69
71
|
subject { TokenResponse.new(access_token).body }
|
70
72
|
|
71
|
-
it
|
72
|
-
expect(subject[
|
73
|
+
it "includes :expires_in" do
|
74
|
+
expect(subject["expires_in"]).to be_nil
|
73
75
|
end
|
74
76
|
|
75
|
-
it
|
76
|
-
expect(subject[
|
77
|
+
it "includes :scope" do
|
78
|
+
expect(subject["scope"]).to be_nil
|
77
79
|
end
|
78
80
|
|
79
|
-
it
|
80
|
-
expect(subject[
|
81
|
+
it "includes :refresh_token" do
|
82
|
+
expect(subject["refresh_token"]).to be_nil
|
81
83
|
end
|
82
84
|
end
|
83
85
|
end
|
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper
|
4
6
|
unless defined?(AccessToken)
|
@@ -12,114 +14,114 @@ module Doorkeeper
|
|
12
14
|
let(:request) { double.as_null_object }
|
13
15
|
|
14
16
|
let(:method) do
|
15
|
-
->(*) {
|
17
|
+
->(*) { "token-value" }
|
16
18
|
end
|
17
19
|
|
18
|
-
it
|
20
|
+
it "accepts anything that responds to #call" do
|
19
21
|
expect(method).to receive(:call).with(request)
|
20
22
|
Token.from_request request, method
|
21
23
|
end
|
22
24
|
|
23
|
-
it
|
25
|
+
it "delegates methods received as symbols to Token class" do
|
24
26
|
expect(Token).to receive(:from_params).with(request)
|
25
27
|
Token.from_request request, :from_params
|
26
28
|
end
|
27
29
|
|
28
|
-
it
|
30
|
+
it "stops at the first credentials found" do
|
29
31
|
not_called_method = double
|
30
32
|
expect(not_called_method).not_to receive(:call)
|
31
33
|
Token.from_request request, ->(_r) {}, method, not_called_method
|
32
34
|
end
|
33
35
|
|
34
|
-
it
|
36
|
+
it "returns the credential from extractor method" do
|
35
37
|
credentials = Token.from_request request, method
|
36
|
-
expect(credentials).to eq(
|
38
|
+
expect(credentials).to eq("token-value")
|
37
39
|
end
|
38
40
|
end
|
39
41
|
|
40
42
|
describe :from_access_token_param do
|
41
|
-
it
|
42
|
-
request = double parameters: { access_token:
|
43
|
+
it "returns token from access_token parameter" do
|
44
|
+
request = double parameters: { access_token: "some-token" }
|
43
45
|
token = Token.from_access_token_param(request)
|
44
|
-
expect(token).to eq(
|
46
|
+
expect(token).to eq("some-token")
|
45
47
|
end
|
46
48
|
end
|
47
49
|
|
48
50
|
describe :from_bearer_param do
|
49
|
-
it
|
50
|
-
request = double parameters: { bearer_token:
|
51
|
+
it "returns token from bearer_token parameter" do
|
52
|
+
request = double parameters: { bearer_token: "some-token" }
|
51
53
|
token = Token.from_bearer_param(request)
|
52
|
-
expect(token).to eq(
|
54
|
+
expect(token).to eq("some-token")
|
53
55
|
end
|
54
56
|
end
|
55
57
|
|
56
58
|
describe :from_bearer_authorization do
|
57
|
-
it
|
58
|
-
request = double authorization:
|
59
|
+
it "returns token from capitalized authorization bearer" do
|
60
|
+
request = double authorization: "Bearer SomeToken"
|
59
61
|
token = Token.from_bearer_authorization(request)
|
60
|
-
expect(token).to eq(
|
62
|
+
expect(token).to eq("SomeToken")
|
61
63
|
end
|
62
64
|
|
63
|
-
it
|
64
|
-
request = double authorization:
|
65
|
+
it "returns token from lowercased authorization bearer" do
|
66
|
+
request = double authorization: "bearer SomeToken"
|
65
67
|
token = Token.from_bearer_authorization(request)
|
66
|
-
expect(token).to eq(
|
68
|
+
expect(token).to eq("SomeToken")
|
67
69
|
end
|
68
70
|
|
69
|
-
it
|
70
|
-
request = double authorization:
|
71
|
+
it "does not return token if authorization is not bearer" do
|
72
|
+
request = double authorization: "MAC SomeToken"
|
71
73
|
token = Token.from_bearer_authorization(request)
|
72
74
|
expect(token).to be_blank
|
73
75
|
end
|
74
76
|
end
|
75
77
|
|
76
78
|
describe :from_basic_authorization do
|
77
|
-
it
|
78
|
-
request = double authorization: "Basic #{Base64.encode64
|
79
|
+
it "returns token from capitalized authorization basic" do
|
80
|
+
request = double authorization: "Basic #{Base64.encode64 "SomeToken:"}"
|
79
81
|
token = Token.from_basic_authorization(request)
|
80
|
-
expect(token).to eq(
|
82
|
+
expect(token).to eq("SomeToken")
|
81
83
|
end
|
82
84
|
|
83
|
-
it
|
84
|
-
request = double authorization: "basic #{Base64.encode64
|
85
|
+
it "returns token from lowercased authorization basic" do
|
86
|
+
request = double authorization: "basic #{Base64.encode64 "SomeToken:"}"
|
85
87
|
token = Token.from_basic_authorization(request)
|
86
|
-
expect(token).to eq(
|
88
|
+
expect(token).to eq("SomeToken")
|
87
89
|
end
|
88
90
|
|
89
|
-
it
|
90
|
-
request = double authorization: "MAC #{Base64.encode64
|
91
|
+
it "does not return token if authorization is not basic" do
|
92
|
+
request = double authorization: "MAC #{Base64.encode64 "SomeToken:"}"
|
91
93
|
token = Token.from_basic_authorization(request)
|
92
94
|
expect(token).to be_blank
|
93
95
|
end
|
94
96
|
end
|
95
97
|
|
96
98
|
describe :authenticate do
|
97
|
-
context
|
98
|
-
context
|
99
|
-
it
|
100
|
-
token = ->(_r) {
|
99
|
+
context "refresh tokens are disabled (default)" do
|
100
|
+
context "refresh tokens are enabled" do
|
101
|
+
it "does not revoke previous refresh_token if token was found" do
|
102
|
+
token = ->(_r) { "token" }
|
101
103
|
expect(
|
102
104
|
AccessToken
|
103
|
-
).to receive(:by_token).with(
|
105
|
+
).to receive(:by_token).with("token").and_return(token)
|
104
106
|
expect(token).not_to receive(:revoke_previous_refresh_token!)
|
105
107
|
Token.authenticate double, token
|
106
108
|
end
|
107
109
|
end
|
108
110
|
|
109
|
-
it
|
110
|
-
token = ->(_r) {
|
111
|
-
expect(AccessToken).to receive(:by_token).with(
|
111
|
+
it "calls the finder if token was returned" do
|
112
|
+
token = ->(_r) { "token" }
|
113
|
+
expect(AccessToken).to receive(:by_token).with("token")
|
112
114
|
Token.authenticate double, token
|
113
115
|
end
|
114
116
|
end
|
115
117
|
|
116
|
-
context
|
117
|
-
include_context
|
118
|
+
context "token hashing is enabled" do
|
119
|
+
include_context "with token hashing enabled"
|
118
120
|
|
119
|
-
let(:hashed_token) { hashed_or_plain_token_func.call(
|
120
|
-
let(:token) { ->(_r) {
|
121
|
+
let(:hashed_token) { hashed_or_plain_token_func.call("token") }
|
122
|
+
let(:token) { ->(_r) { "token" } }
|
121
123
|
|
122
|
-
it
|
124
|
+
it "searches with the hashed token" do
|
123
125
|
expect(
|
124
126
|
AccessToken
|
125
127
|
).to receive(:find_by).with(token: hashed_token).and_return(token)
|
@@ -127,7 +129,7 @@ module Doorkeeper
|
|
127
129
|
end
|
128
130
|
end
|
129
131
|
|
130
|
-
context
|
132
|
+
context "refresh tokens are enabled" do
|
131
133
|
before do
|
132
134
|
Doorkeeper.configure do
|
133
135
|
orm DOORKEEPER_ORM
|
@@ -135,18 +137,18 @@ module Doorkeeper
|
|
135
137
|
end
|
136
138
|
end
|
137
139
|
|
138
|
-
it
|
139
|
-
token = ->(_r) {
|
140
|
+
it "revokes previous refresh_token if token was found" do
|
141
|
+
token = ->(_r) { "token" }
|
140
142
|
expect(
|
141
143
|
AccessToken
|
142
|
-
).to receive(:by_token).with(
|
144
|
+
).to receive(:by_token).with("token").and_return(token)
|
143
145
|
expect(token).to receive(:revoke_previous_refresh_token!)
|
144
146
|
Token.authenticate double, token
|
145
147
|
end
|
146
148
|
|
147
|
-
it
|
148
|
-
token = ->(_r) {
|
149
|
-
expect(AccessToken).to receive(:by_token).with(
|
149
|
+
it "calls the finder if token was returned" do
|
150
|
+
token = ->(_r) { "token" }
|
151
|
+
expect(AccessToken).to receive(:by_token).with("token")
|
150
152
|
Token.authenticate double, token
|
151
153
|
end
|
152
154
|
end
|