doorkeeper 5.1.0.rc2 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.hound.yml +2 -1
- data/.rubocop.yml +37 -4
- data/.travis.yml +4 -27
- data/Appraisals +8 -12
- data/Gemfile +6 -2
- data/NEWS.md +16 -0
- data/README.md +11 -2
- data/Rakefile +10 -8
- data/app/controllers/doorkeeper/application_controller.rb +1 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
- data/app/controllers/doorkeeper/applications_controller.rb +17 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/validators/redirect_uri_validator.rb +5 -2
- data/app/views/doorkeeper/applications/_form.html.erb +6 -0
- data/bin/console +5 -4
- data/config/locales/en.yml +1 -0
- data/doorkeeper.gemspec +24 -22
- data/gemfiles/rails_5_0.gemfile +2 -1
- data/gemfiles/rails_5_1.gemfile +2 -1
- data/gemfiles/rails_5_2.gemfile +2 -1
- data/gemfiles/rails_6_0.gemfile +1 -0
- data/gemfiles/rails_master.gemfile +1 -0
- data/lib/doorkeeper.rb +68 -66
- data/lib/doorkeeper/config.rb +53 -90
- data/lib/doorkeeper/config/option.rb +64 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
- data/lib/doorkeeper/grape/helpers.rb +3 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
- data/lib/doorkeeper/models/application_mixin.rb +1 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
- data/lib/doorkeeper/oauth.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/scopes.rb +5 -3
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
- data/lib/doorkeeper/oauth/token_response.rb +9 -9
- data/lib/doorkeeper/orm/active_record.rb +6 -6
- data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
- data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
- data/lib/doorkeeper/orm/active_record/application.rb +6 -5
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
- data/lib/doorkeeper/rails/helpers.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +11 -11
- data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
- data/lib/doorkeeper/rake.rb +1 -1
- data/lib/doorkeeper/rake/db.rake +13 -13
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/secret_storing/base.rb +7 -6
- data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
- data/lib/doorkeeper/secret_storing/plain.rb +4 -4
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
- data/lib/generators/doorkeeper/install_generator.rb +11 -9
- data/lib/generators/doorkeeper/migration_generator.rb +9 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
- data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
- data/lib/generators/doorkeeper/views_generator.rb +6 -4
- data/spec/controllers/application_metal_controller_spec.rb +10 -10
- data/spec/controllers/applications_controller_spec.rb +54 -52
- data/spec/controllers/authorizations_controller_spec.rb +136 -142
- data/spec/controllers/protected_resources_controller_spec.rb +78 -76
- data/spec/controllers/token_info_controller_spec.rb +13 -11
- data/spec/controllers/tokens_controller_spec.rb +109 -94
- data/spec/dummy/Rakefile +3 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/controllers/home_controller.rb +5 -3
- data/spec/dummy/app/controllers/metal_controller.rb +2 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +2 -0
- data/spec/dummy/config.ru +3 -1
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/environments/development.rb +2 -0
- data/spec/dummy/config/environments/production.rb +2 -0
- data/spec/dummy/config/environments/test.rb +3 -1
- data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
- data/spec/dummy/config/initializers/secret_token.rb +3 -1
- data/spec/dummy/config/initializers/session_store.rb +3 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
- data/spec/dummy/db/schema.rb +1 -1
- data/spec/dummy/script/rails +5 -3
- data/spec/factories.rb +5 -3
- data/spec/generators/application_owner_generator_spec.rb +13 -26
- data/spec/generators/confidential_applications_generator_spec.rb +12 -28
- data/spec/generators/install_generator_spec.rb +17 -15
- data/spec/generators/migration_generator_spec.rb +13 -26
- data/spec/generators/pkce_generator_spec.rb +11 -26
- data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
- data/spec/generators/templates/routes.rb +2 -0
- data/spec/generators/views_generator_spec.rb +14 -12
- data/spec/grape/grape_integration_spec.rb +34 -32
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
- data/spec/lib/config_spec.rb +137 -136
- data/spec/lib/doorkeeper_spec.rb +3 -1
- data/spec/lib/models/expirable_spec.rb +12 -10
- data/spec/lib/models/reusable_spec.rb +6 -6
- data/spec/lib/models/revocable_spec.rb +8 -6
- data/spec/lib/models/scopes_spec.rb +19 -17
- data/spec/lib/models/secret_storable_spec.rb +71 -49
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
- data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
- data/spec/lib/oauth/base_request_spec.rb +20 -8
- data/spec/lib/oauth/base_response_spec.rb +3 -1
- data/spec/lib/oauth/client/credentials_spec.rb +24 -22
- data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
- data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
- data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
- data/spec/lib/oauth/client_spec.rb +15 -13
- data/spec/lib/oauth/code_request_spec.rb +8 -6
- data/spec/lib/oauth/code_response_spec.rb +9 -7
- data/spec/lib/oauth/error_response_spec.rb +14 -12
- data/spec/lib/oauth/error_spec.rb +4 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
- data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
- data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
- data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
- data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
- data/spec/lib/oauth/scopes_spec.rb +63 -61
- data/spec/lib/oauth/token_request_spec.rb +66 -26
- data/spec/lib/oauth/token_response_spec.rb +39 -37
- data/spec/lib/oauth/token_spec.rb +51 -49
- data/spec/lib/request/strategy_spec.rb +3 -1
- data/spec/lib/secret_storing/base_spec.rb +23 -23
- data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
- data/spec/lib/secret_storing/plain_spec.rb +17 -17
- data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
- data/spec/lib/server_spec.rb +16 -14
- data/spec/lib/stale_records_cleaner_spec.rb +17 -17
- data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
- data/spec/models/doorkeeper/access_token_spec.rb +97 -95
- data/spec/models/doorkeeper/application_spec.rb +98 -57
- data/spec/requests/applications/applications_request_spec.rb +98 -66
- data/spec/requests/applications/authorized_applications_spec.rb +20 -18
- data/spec/requests/endpoints/authorization_spec.rb +25 -23
- data/spec/requests/endpoints/token_spec.rb +38 -36
- data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
- data/spec/requests/flows/authorization_code_spec.rb +161 -159
- data/spec/requests/flows/client_credentials_spec.rb +53 -51
- data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
- data/spec/requests/flows/implicit_grant_spec.rb +27 -25
- data/spec/requests/flows/password_spec.rb +56 -54
- data/spec/requests/flows/refresh_token_spec.rb +45 -43
- data/spec/requests/flows/revoke_token_spec.rb +29 -27
- data/spec/requests/flows/skip_authorization_spec.rb +23 -21
- data/spec/requests/protected_resources/metal_spec.rb +7 -5
- data/spec/requests/protected_resources/private_api_spec.rb +35 -33
- data/spec/routing/custom_controller_routes_spec.rb +67 -65
- data/spec/routing/default_routes_spec.rb +22 -20
- data/spec/routing/scoped_routes_spec.rb +20 -18
- data/spec/spec_helper.rb +14 -13
- data/spec/spec_helper_integration.rb +3 -1
- data/spec/support/dependencies/factory_bot.rb +3 -1
- data/spec/support/doorkeeper_rspec.rb +3 -1
- data/spec/support/helpers/access_token_request_helper.rb +3 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -2
- data/spec/support/helpers/config_helper.rb +2 -0
- data/spec/support/helpers/model_helper.rb +3 -1
- data/spec/support/helpers/request_spec_helper.rb +5 -3
- data/spec/support/helpers/url_helper.rb +9 -7
- data/spec/support/http_method_shim.rb +4 -9
- data/spec/support/orm/active_record.rb +3 -1
- data/spec/support/shared/controllers_shared_context.rb +18 -16
- data/spec/support/shared/hashing_shared_context.rb +3 -3
- data/spec/support/shared/models_shared_examples.rb +12 -10
- data/spec/validators/redirect_uri_validator_spec.rb +74 -45
- data/spec/version/version_spec.rb +7 -5
- metadata +12 -16
- data/gemfiles/rails_4_2.gemfile +0 -17
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
- data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14
@@ -1,60 +1,60 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "spec_helper"
|
4
4
|
|
5
5
|
describe ::Doorkeeper::SecretStoring::Base do
|
6
|
-
let(:instance) { double(
|
6
|
+
let(:instance) { double("instance", token: "foo") }
|
7
7
|
subject { described_class }
|
8
8
|
|
9
|
-
describe
|
10
|
-
it
|
11
|
-
expect { subject.transform_secret(
|
9
|
+
describe "#transform_secret" do
|
10
|
+
it "raises" do
|
11
|
+
expect { subject.transform_secret("foo") }.to raise_error(NotImplementedError)
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
-
describe
|
16
|
-
it
|
15
|
+
describe "#store_secret" do
|
16
|
+
it "sends to response of #transform_secret to the instance" do
|
17
17
|
expect(described_class)
|
18
|
-
.to receive(:transform_secret).with(
|
19
|
-
.and_return
|
18
|
+
.to receive(:transform_secret).with("bar")
|
19
|
+
.and_return "bar+transform"
|
20
20
|
|
21
|
-
expect(instance).to receive(:token=).with
|
22
|
-
result = subject.store_secret instance, :token,
|
23
|
-
expect(result).to eq
|
21
|
+
expect(instance).to receive(:token=).with "bar+transform"
|
22
|
+
result = subject.store_secret instance, :token, "bar"
|
23
|
+
expect(result).to eq "bar+transform"
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
describe
|
28
|
-
it
|
27
|
+
describe "#restore_secret" do
|
28
|
+
it "raises" do
|
29
29
|
expect { subject.restore_secret(subject, :token) }.to raise_error(NotImplementedError)
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
|
-
describe
|
34
|
-
it
|
33
|
+
describe "#allows_restoring_secrets?" do
|
34
|
+
it "does not allow it" do
|
35
35
|
expect(subject.allows_restoring_secrets?).to eq false
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
39
|
-
describe
|
40
|
-
it
|
39
|
+
describe "validate_for" do
|
40
|
+
it "allows for valid model" do
|
41
41
|
expect(subject.validate_for(:application)).to eq true
|
42
42
|
expect(subject.validate_for(:token)).to eq true
|
43
43
|
end
|
44
44
|
|
45
|
-
it
|
45
|
+
it "raises for invalid model" do
|
46
46
|
expect { subject.validate_for(:wat) }.to raise_error(ArgumentError, /can not be used for wat/)
|
47
47
|
end
|
48
48
|
end
|
49
49
|
|
50
|
-
describe
|
50
|
+
describe "secret_matches?" do
|
51
51
|
before do
|
52
52
|
allow(subject).to receive(:transform_secret) { |input| "transformed: #{input}" }
|
53
53
|
end
|
54
54
|
|
55
|
-
it
|
56
|
-
expect(subject.secret_matches?(
|
57
|
-
expect(subject.secret_matches?(
|
55
|
+
it "compares input with #transform_secret" do
|
56
|
+
expect(subject.secret_matches?("input", "input")).to eq false
|
57
|
+
expect(subject.secret_matches?("a", "transformed: a")).to eq true
|
58
58
|
end
|
59
59
|
end
|
60
60
|
end
|
@@ -1,36 +1,36 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "spec_helper"
|
4
|
+
require "bcrypt"
|
5
5
|
|
6
6
|
describe ::Doorkeeper::SecretStoring::BCrypt do
|
7
7
|
subject { described_class }
|
8
|
-
let(:instance) { double(
|
8
|
+
let(:instance) { double("instance", token: "foo") }
|
9
9
|
|
10
|
-
describe
|
11
|
-
it
|
12
|
-
expect(subject.transform_secret(
|
10
|
+
describe "#transform_secret" do
|
11
|
+
it "creates a bcrypt password" do
|
12
|
+
expect(subject.transform_secret("foo")).to be_a BCrypt::Password
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
|
-
describe
|
17
|
-
it
|
16
|
+
describe "#restore_secret" do
|
17
|
+
it "raises" do
|
18
18
|
expect { subject.restore_secret(instance, :token) }.to raise_error(NotImplementedError)
|
19
19
|
end
|
20
20
|
end
|
21
21
|
|
22
|
-
describe
|
23
|
-
it
|
22
|
+
describe "#allows_restoring_secrets?" do
|
23
|
+
it "does not allow it" do
|
24
24
|
expect(subject.allows_restoring_secrets?).to eq false
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
28
|
-
describe
|
29
|
-
it
|
28
|
+
describe "validate_for" do
|
29
|
+
it "allows for valid model" do
|
30
30
|
expect(subject.validate_for(:application)).to eq true
|
31
31
|
end
|
32
32
|
|
33
|
-
it
|
33
|
+
it "raises for invalid model" do
|
34
34
|
expect { subject.validate_for(:wat) }
|
35
35
|
.to raise_error(ArgumentError, /can only be used for storing application secrets/)
|
36
36
|
expect { subject.validate_for(:token) }
|
@@ -38,12 +38,12 @@ describe ::Doorkeeper::SecretStoring::BCrypt do
|
|
38
38
|
end
|
39
39
|
end
|
40
40
|
|
41
|
-
describe
|
42
|
-
it
|
43
|
-
expect(subject.secret_matches?(
|
41
|
+
describe "secret_matches?" do
|
42
|
+
it "compares input with #transform_secret" do
|
43
|
+
expect(subject.secret_matches?("input", "input")).to eq false
|
44
44
|
|
45
|
-
password = BCrypt::Password.create
|
46
|
-
expect(subject.secret_matches?(
|
45
|
+
password = BCrypt::Password.create "foobar"
|
46
|
+
expect(subject.secret_matches?("foobar", password.to_s)).to eq true
|
47
47
|
end
|
48
48
|
end
|
49
49
|
end
|
@@ -1,44 +1,44 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "spec_helper"
|
4
4
|
|
5
5
|
describe ::Doorkeeper::SecretStoring::Plain do
|
6
6
|
subject { described_class }
|
7
|
-
let(:instance) { double(
|
7
|
+
let(:instance) { double("instance", token: "foo") }
|
8
8
|
|
9
|
-
describe
|
10
|
-
it
|
11
|
-
expect(subject.transform_secret(
|
9
|
+
describe "#transform_secret" do
|
10
|
+
it "raises" do
|
11
|
+
expect(subject.transform_secret("foo")).to eq "foo"
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
-
describe
|
16
|
-
it
|
17
|
-
expect(subject.restore_secret(instance, :token)).to eq
|
15
|
+
describe "#restore_secret" do
|
16
|
+
it "raises" do
|
17
|
+
expect(subject.restore_secret(instance, :token)).to eq "foo"
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
21
|
-
describe
|
22
|
-
it
|
21
|
+
describe "#allows_restoring_secrets?" do
|
22
|
+
it "does allow it" do
|
23
23
|
expect(subject.allows_restoring_secrets?).to eq true
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
describe
|
28
|
-
it
|
27
|
+
describe "validate_for" do
|
28
|
+
it "allows for valid model" do
|
29
29
|
expect(subject.validate_for(:application)).to eq true
|
30
30
|
expect(subject.validate_for(:token)).to eq true
|
31
31
|
end
|
32
32
|
|
33
|
-
it
|
33
|
+
it "raises for invalid model" do
|
34
34
|
expect { subject.validate_for(:wat) }.to raise_error(ArgumentError, /can not be used for wat/)
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
38
|
-
describe
|
39
|
-
it
|
40
|
-
expect(subject.secret_matches?(
|
41
|
-
expect(subject.secret_matches?(
|
38
|
+
describe "secret_matches?" do
|
39
|
+
it "compares input with #transform_secret" do
|
40
|
+
expect(subject.secret_matches?("input", "input")).to eq true
|
41
|
+
expect(subject.secret_matches?("a", "b")).to eq false
|
42
42
|
end
|
43
43
|
end
|
44
44
|
end
|
@@ -1,48 +1,48 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "spec_helper"
|
4
4
|
|
5
5
|
describe ::Doorkeeper::SecretStoring::Sha256Hash do
|
6
6
|
subject { described_class }
|
7
|
-
let(:instance) { double(
|
7
|
+
let(:instance) { double("instance") }
|
8
8
|
|
9
9
|
let(:hash_function) do
|
10
10
|
->(input) { ::Digest::SHA256.hexdigest(input) }
|
11
11
|
end
|
12
12
|
|
13
|
-
describe
|
14
|
-
it
|
15
|
-
expect(subject.transform_secret(
|
13
|
+
describe "#transform_secret" do
|
14
|
+
it "raises" do
|
15
|
+
expect(subject.transform_secret("foo")).to eq hash_function.call("foo")
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
|
-
describe
|
20
|
-
it
|
19
|
+
describe "#restore_secret" do
|
20
|
+
it "raises" do
|
21
21
|
expect { subject.restore_secret(instance, :token) }.to raise_error(NotImplementedError)
|
22
22
|
end
|
23
23
|
end
|
24
24
|
|
25
|
-
describe
|
26
|
-
it
|
25
|
+
describe "#allows_restoring_secrets?" do
|
26
|
+
it "does not allow it" do
|
27
27
|
expect(subject.allows_restoring_secrets?).to eq false
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
31
|
-
describe
|
32
|
-
it
|
31
|
+
describe "validate_for" do
|
32
|
+
it "allows for valid model" do
|
33
33
|
expect(subject.validate_for(:application)).to eq true
|
34
34
|
expect(subject.validate_for(:token)).to eq true
|
35
35
|
end
|
36
36
|
|
37
|
-
it
|
37
|
+
it "raises for invalid model" do
|
38
38
|
expect { subject.validate_for(:wat) }.to raise_error(ArgumentError, /can not be used for wat/)
|
39
39
|
end
|
40
40
|
end
|
41
41
|
|
42
|
-
describe
|
43
|
-
it
|
44
|
-
expect(subject.secret_matches?(
|
45
|
-
expect(subject.secret_matches?(
|
42
|
+
describe "secret_matches?" do
|
43
|
+
it "compares input with #transform_secret" do
|
44
|
+
expect(subject.secret_matches?("input", "input")).to eq false
|
45
|
+
expect(subject.secret_matches?("a", hash_function.call("a"))).to eq true
|
46
46
|
end
|
47
47
|
end
|
48
48
|
end
|
data/spec/lib/server_spec.rb
CHANGED
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
describe Doorkeeper::Server do
|
4
6
|
let(:fake_class) { double :fake_class }
|
@@ -7,53 +9,53 @@ describe Doorkeeper::Server do
|
|
7
9
|
described_class.new
|
8
10
|
end
|
9
11
|
|
10
|
-
describe
|
11
|
-
it
|
12
|
+
describe ".authorization_request" do
|
13
|
+
it "raises error when strategy does not exist" do
|
12
14
|
expect do
|
13
15
|
subject.authorization_request(:duh)
|
14
16
|
end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
|
15
17
|
end
|
16
18
|
|
17
|
-
it
|
19
|
+
it "raises error when strategy does not match phase" do
|
18
20
|
expect do
|
19
21
|
subject.token_request(:code)
|
20
22
|
end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
|
21
23
|
end
|
22
24
|
|
23
|
-
context
|
25
|
+
context "when only Authorization Code strategy is enabled" do
|
24
26
|
before do
|
25
27
|
allow(Doorkeeper.configuration)
|
26
28
|
.to receive(:grant_flows)
|
27
|
-
.and_return([
|
29
|
+
.and_return(["authorization_code"])
|
28
30
|
end
|
29
31
|
|
30
|
-
it
|
32
|
+
it "raises error when using the disabled Implicit strategy" do
|
31
33
|
expect do
|
32
34
|
subject.authorization_request(:token)
|
33
35
|
end.to raise_error(Doorkeeper::Errors::InvalidAuthorizationStrategy)
|
34
36
|
end
|
35
37
|
|
36
|
-
it
|
38
|
+
it "raises error when using the disabled Client Credentials strategy" do
|
37
39
|
expect do
|
38
40
|
subject.token_request(:client_credentials)
|
39
41
|
end.to raise_error(Doorkeeper::Errors::InvalidTokenStrategy)
|
40
42
|
end
|
41
43
|
end
|
42
44
|
|
43
|
-
it
|
44
|
-
stub_const
|
45
|
+
it "builds the request with selected strategy" do
|
46
|
+
stub_const "Doorkeeper::Request::Code", fake_class
|
45
47
|
expect(fake_class).to receive(:new).with(subject)
|
46
48
|
subject.authorization_request :code
|
47
49
|
end
|
48
50
|
|
49
|
-
it
|
51
|
+
it "builds the request with composite strategy name" do
|
50
52
|
allow(Doorkeeper.configuration)
|
51
53
|
.to receive(:authorization_response_types)
|
52
|
-
.and_return([
|
54
|
+
.and_return(["id_token token"])
|
53
55
|
|
54
|
-
stub_const
|
56
|
+
stub_const "Doorkeeper::Request::IdTokenToken", fake_class
|
55
57
|
expect(fake_class).to receive(:new).with(subject)
|
56
|
-
subject.authorization_request
|
58
|
+
subject.authorization_request "id_token token"
|
57
59
|
end
|
58
60
|
end
|
59
61
|
end
|
@@ -1,19 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "spec_helper"
|
4
4
|
|
5
5
|
describe Doorkeeper::StaleRecordsCleaner do
|
6
6
|
let(:cleaner) { described_class.new(model) }
|
7
7
|
let(:models_by_name) do
|
8
8
|
{
|
9
9
|
access_token: Doorkeeper::AccessToken,
|
10
|
-
access_grant: Doorkeeper::AccessGrant
|
10
|
+
access_grant: Doorkeeper::AccessGrant,
|
11
11
|
}
|
12
12
|
end
|
13
13
|
|
14
|
-
context
|
15
|
-
it
|
16
|
-
allow_any_instance_of(Doorkeeper::Config).to receive(:orm).and_return(
|
14
|
+
context "when ORM has no cleaner class" do
|
15
|
+
it "raises an error" do
|
16
|
+
allow_any_instance_of(Doorkeeper::Config).to receive(:orm).and_return("hibernate")
|
17
17
|
|
18
18
|
expect do
|
19
19
|
described_class.for(Doorkeeper::AccessToken)
|
@@ -25,61 +25,61 @@ describe Doorkeeper::StaleRecordsCleaner do
|
|
25
25
|
context "(#{model_name})" do
|
26
26
|
let(:model) { models_by_name.fetch(model_name) }
|
27
27
|
|
28
|
-
describe
|
28
|
+
describe "#clean_revoked" do
|
29
29
|
subject { cleaner.clean_revoked }
|
30
30
|
|
31
|
-
context
|
31
|
+
context "with revoked record" do
|
32
32
|
before do
|
33
33
|
FactoryBot.create model_name, revoked_at: Time.current - 1.minute
|
34
34
|
end
|
35
35
|
|
36
|
-
it
|
36
|
+
it "removes the record" do
|
37
37
|
expect { subject }.to change { model.count }.to(0)
|
38
38
|
end
|
39
39
|
end
|
40
40
|
|
41
|
-
context
|
41
|
+
context "with record revoked in the future" do
|
42
42
|
before do
|
43
43
|
FactoryBot.create model_name, revoked_at: Time.current + 1.minute
|
44
44
|
end
|
45
45
|
|
46
|
-
it
|
46
|
+
it "keeps the record" do
|
47
47
|
expect { subject }.not_to(change { model.count })
|
48
48
|
end
|
49
49
|
end
|
50
50
|
|
51
|
-
context
|
51
|
+
context "with unrevoked record" do
|
52
52
|
before do
|
53
53
|
FactoryBot.create model_name, revoked_at: nil
|
54
54
|
end
|
55
55
|
|
56
|
-
it
|
56
|
+
it "keeps the record" do
|
57
57
|
expect { subject }.not_to(change { model.count })
|
58
58
|
end
|
59
59
|
end
|
60
60
|
end
|
61
61
|
|
62
|
-
describe
|
62
|
+
describe "#clean_expired" do
|
63
63
|
subject { cleaner.clean_expired(ttl) }
|
64
64
|
let(:ttl) { 500 }
|
65
65
|
let(:expiry_border) { ttl.seconds.ago }
|
66
66
|
|
67
|
-
context
|
67
|
+
context "with record that is expired" do
|
68
68
|
before do
|
69
69
|
FactoryBot.create model_name, created_at: expiry_border - 1.minute
|
70
70
|
end
|
71
71
|
|
72
|
-
it
|
72
|
+
it "removes the record" do
|
73
73
|
expect { subject }.to change { model.count }.to(0)
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
-
context
|
77
|
+
context "with record that is not expired" do
|
78
78
|
before do
|
79
79
|
FactoryBot.create model_name, created_at: expiry_border + 1.minute
|
80
80
|
end
|
81
81
|
|
82
|
-
it
|
82
|
+
it "keeps the record" do
|
83
83
|
expect { subject }.not_to(change { model.count })
|
84
84
|
end
|
85
85
|
end
|