doorkeeper 5.1.0.rc2 → 5.1.0

data/spec/requests/flows/client_credentials_spec.rb

@@ -1,62 +1,64 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-describe 'Client Credentials Request' do
+require "spec_helper"
+
+describe "Client Credentials Request" do
   let(:client) { FactoryBot.create :application }
 
-  context 'a valid request' do
-    it 'authorizes the client and returns the token response' do
+  context "a valid request" do
+    it "authorizes the client and returns the token response" do
       headers = authorization client.uid, client.secret
-      params  = { grant_type: 'client_credentials' }
+      params  = { grant_type: "client_credentials" }
 
-      post '/oauth/token', params: params, headers: headers
+      post "/oauth/token", params: params, headers: headers
 
-      should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-      should_have_json_within 'expires_in', Doorkeeper.configuration.access_token_expires_in, 1
-      should_not_have_json 'scope'
-      should_not_have_json 'refresh_token'
+      should_have_json "access_token", Doorkeeper::AccessToken.first.token
+      should_have_json_within "expires_in", Doorkeeper.configuration.access_token_expires_in, 1
+      should_not_have_json "scope"
+      should_not_have_json "refresh_token"
 
-      should_not_have_json 'error'
-      should_not_have_json 'error_description'
+      should_not_have_json "error"
+      should_not_have_json "error_description"
     end
 
-    context 'with scopes' do
+    context "with scopes" do
       before do
         optional_scopes_exist :write
         default_scopes_exist :public
       end
 
-      it 'adds the scope to the token an returns in the response' do
+      it "adds the scope to the token an returns in the response" do
         headers = authorization client.uid, client.secret
-        params  = { grant_type: 'client_credentials', scope: 'write' }
+        params  = { grant_type: "client_credentials", scope: "write" }
 
-        post '/oauth/token', params: params, headers: headers
+        post "/oauth/token", params: params, headers: headers
 
-        should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-        should_have_json 'scope', 'write'
+        should_have_json "access_token", Doorkeeper::AccessToken.first.token
+        should_have_json "scope", "write"
       end
 
-      context 'that are default' do
-        it 'adds the scope to the token an returns in the response' do
+      context "that are default" do
+        it "adds the scope to the token an returns in the response" do
           headers = authorization client.uid, client.secret
-          params  = { grant_type: 'client_credentials', scope: 'public' }
+          params  = { grant_type: "client_credentials", scope: "public" }
 
-          post '/oauth/token', params: params, headers: headers
+          post "/oauth/token", params: params, headers: headers
 
-          should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-          should_have_json 'scope', 'public'
+          should_have_json "access_token", Doorkeeper::AccessToken.first.token
+          should_have_json "scope", "public"
         end
       end
 
-      context 'that are invalid' do
-        it 'does not authorize the client and returns the error' do
+      context "that are invalid" do
+        it "does not authorize the client and returns the error" do
           headers = authorization client.uid, client.secret
-          params  = { grant_type: 'client_credentials', scope: 'random' }
+          params  = { grant_type: "client_credentials", scope: "random" }
 
-          post '/oauth/token', params: params, headers: headers
+          post "/oauth/token", params: params, headers: headers
 
-          should_have_json 'error', 'invalid_scope'
-          should_have_json 'error_description', translated_error_message(:invalid_scope)
-          should_not_have_json 'access_token'
+          should_have_json "error", "invalid_scope"
+          should_have_json "error_description", translated_error_message(:invalid_scope)
+          should_not_have_json "access_token"
 
           expect(response.status).to eq(400)
         end
@@ -64,56 +66,56 @@ describe 'Client Credentials Request' do
     end
   end
 
-  context 'when application scopes contain some of the default scopes and no scope is passed' do
+  context "when application scopes contain some of the default scopes and no scope is passed" do
     before do
-      client.update(scopes: 'read write public')
+      client.update(scopes: "read write public")
     end
 
-    it 'issues new token with one default scope that are present in application scopes' do
+    it "issues new token with one default scope that are present in application scopes" do
       default_scopes_exist :public
 
       headers = authorization client.uid, client.secret
-      params  = { grant_type: 'client_credentials' }
+      params  = { grant_type: "client_credentials" }
 
       expect do
-        post '/oauth/token', params: params, headers: headers
+        post "/oauth/token", params: params, headers: headers
       end.to change { Doorkeeper::AccessToken.count }.by(1)
 
       token = Doorkeeper::AccessToken.first
 
       expect(token.application_id).to eq client.id
-      should_have_json 'access_token', token.token
-      should_have_json 'scope', 'public'
+      should_have_json "access_token", token.token
+      should_have_json "scope", "public"
     end
 
-    it 'issues new token with multiple default scopes that are present in application scopes' do
+    it "issues new token with multiple default scopes that are present in application scopes" do
       default_scopes_exist :public, :read, :update
 
       headers = authorization client.uid, client.secret
-      params  = { grant_type: 'client_credentials' }
+      params  = { grant_type: "client_credentials" }
 
       expect do
-        post '/oauth/token', params: params, headers: headers
+        post "/oauth/token", params: params, headers: headers
       end.to change { Doorkeeper::AccessToken.count }.by(1)
 
       token = Doorkeeper::AccessToken.first
 
       expect(token.application_id).to eq client.id
-      should_have_json 'access_token', token.token
-      should_have_json 'scope', 'public read'
+      should_have_json "access_token", token.token
+      should_have_json "scope", "public read"
     end
   end
 
-  context 'an invalid request' do
-    it 'does not authorize the client and returns the error' do
+  context "an invalid request" do
+    it "does not authorize the client and returns the error" do
       headers = {}
-      params  = { grant_type: 'client_credentials' }
+      params  = { grant_type: "client_credentials" }
 
-      post '/oauth/token', params: params, headers: headers
+      post "/oauth/token", params: params, headers: headers
 
-      should_have_json 'error', 'invalid_client'
-      should_have_json 'error_description', translated_error_message(:invalid_client)
-      should_not_have_json 'access_token'
+      should_have_json "error", "invalid_client"
+      should_have_json "error_description", translated_error_message(:invalid_client)
+      should_not_have_json "access_token"
 
       expect(response.status).to eq(401)
     end
@@ -121,6 +123,6 @@ describe 'Client Credentials Request' do
 
   def authorization(username, password)
     credentials = ActionController::HttpAuthentication::Basic.encode_credentials username, password
-    { 'HTTP_AUTHORIZATION' => credentials }
+    { "HTTP_AUTHORIZATION" => credentials }
   end
 end

data/spec/requests/flows/implicit_grant_errors_spec.rb

@@ -1,8 +1,10 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-feature 'Implicit Grant Flow Errors' do
+require "spec_helper"
+
+feature "Implicit Grant Flow Errors" do
   background do
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
     config_is_set(:grant_flows, ["implicit"])
     client_exists
     create_resource_owner
@@ -15,17 +17,17 @@ feature 'Implicit Grant Flow Errors' do
 
   [
     %i[client_id invalid_client],
-    %i[redirect_uri invalid_redirect_uri]
+    %i[redirect_uri invalid_redirect_uri],
   ].each do |error|
     scenario "displays #{error.last} error for invalid #{error.first}" do
-      visit authorization_endpoint_url(client: @client, error.first => 'invalid', response_type: 'token')
-      i_should_not_see 'Authorize'
+      visit authorization_endpoint_url(client: @client, error.first => "invalid", response_type: "token")
+      i_should_not_see "Authorize"
       i_should_see_translated_error_message error.last
     end
 
     scenario "displays #{error.last} error when #{error.first} is missing" do
-      visit authorization_endpoint_url(client: @client, error.first => '', response_type: 'token')
-      i_should_not_see 'Authorize'
+      visit authorization_endpoint_url(client: @client, error.first => "", response_type: "token")
+      i_should_not_see "Authorize"
       i_should_see_translated_error_message error.last
     end
   end

data/spec/requests/flows/implicit_grant_spec.rb

@@ -1,57 +1,59 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-feature 'Implicit Grant Flow (feature spec)' do
+require "spec_helper"
+
+feature "Implicit Grant Flow (feature spec)" do
   background do
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
     config_is_set(:grant_flows, ["implicit"])
     client_exists
     create_resource_owner
     sign_in
   end
 
-  scenario 'resource owner authorizes the client' do
-    visit authorization_endpoint_url(client: @client, response_type: 'token')
-    click_on 'Authorize'
+  scenario "resource owner authorizes the client" do
+    visit authorization_endpoint_url(client: @client, response_type: "token")
+    click_on "Authorize"
 
     access_token_should_exist_for @client, @resource_owner
 
     i_should_be_on_client_callback @client
   end
 
-  context 'when application scopes are present and no scope is passed' do
+  context "when application scopes are present and no scope is passed" do
     background do
-      @client.update(scopes: 'public write read')
+      @client.update(scopes: "public write read")
     end
 
-    scenario 'access token has no scopes' do
+    scenario "access token has no scopes" do
       default_scopes_exist :admin
-      visit authorization_endpoint_url(client: @client, response_type: 'token')
-      click_on 'Authorize'
+      visit authorization_endpoint_url(client: @client, response_type: "token")
+      click_on "Authorize"
       access_token_should_exist_for @client, @resource_owner
       token = Doorkeeper::AccessToken.first
       expect(token.scopes).to be_empty
     end
 
-    scenario 'access token has scopes which are common in application scopees and default scopes' do
+    scenario "access token has scopes which are common in application scopees and default scopes" do
       default_scopes_exist :public, :write
-      visit authorization_endpoint_url(client: @client, response_type: 'token')
-      click_on 'Authorize'
+      visit authorization_endpoint_url(client: @client, response_type: "token")
+      click_on "Authorize"
       access_token_should_exist_for @client, @resource_owner
       access_token_should_have_scopes :public, :write
     end
   end
 end
 
-describe 'Implicit Grant Flow (request spec)' do
+describe "Implicit Grant Flow (request spec)" do
   before do
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
     config_is_set(:grant_flows, ["implicit"])
     client_exists
     create_resource_owner
   end
 
-  context 'token reuse' do
-    it 'should return a new token each request' do
+  context "token reuse" do
+    it "should return a new token each request" do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(false)
 
       token = client_is_authorized(@client, @resource_owner)
@@ -59,16 +61,16 @@ describe 'Implicit Grant Flow (request spec)' do
       post "/oauth/authorize",
            params: {
              client_id: @client.uid,
-             state: '',
+             state: "",
              redirect_uri: @client.redirect_uri,
-             response_type: 'token',
-             commit: 'Authorize'
+             response_type: "token",
+             commit: "Authorize",
            }
 
       expect(response.location).not_to include(token.token)
     end
 
-    it 'should return the same token if it is still accessible' do
+    it "should return the same token if it is still accessible" do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
 
       token = client_is_authorized(@client, @resource_owner)
@@ -76,10 +78,10 @@ describe 'Implicit Grant Flow (request spec)' do
       post "/oauth/authorize",
            params: {
              client_id: @client.uid,
-             state: '',
+             state: "",
              redirect_uri: @client.redirect_uri,
-             response_type: 'token',
-             commit: 'Authorize'
+             response_type: "token",
+             commit: "Authorize",
            }
 
       expect(response.location).to include(token.token)

data/spec/requests/flows/password_spec.rb

@@ -1,13 +1,15 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-describe 'Resource Owner Password Credentials Flow not set up' do
+require "spec_helper"
+
+describe "Resource Owner Password Credentials Flow not set up" do
   before do
     client_exists
     create_resource_owner
   end
 
-  context 'with valid user credentials' do
-    it 'does not issue new token' do
+  context "with valid user credentials" do
+    it "does not issue new token" do
       expect do
         post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
       end.to_not(change { Doorkeeper::AccessToken.count })
@@ -15,8 +17,8 @@ describe 'Resource Owner Password Credentials Flow not set up' do
   end
 end
 
-describe 'Resource Owner Password Credentials Flow' do
-  let(:client_attributes) { {} }
+describe "Resource Owner Password Credentials Flow" do
+  let(:client_attributes) { { redirect_uri: nil } }
 
   before do
     config_is_set(:grant_flows, ["password"])
@@ -25,7 +27,7 @@ describe 'Resource Owner Password Credentials Flow' do
     create_resource_owner
   end
 
-  context 'with valid user credentials' do
+  context "with valid user credentials" do
     context "with non-confidential/public client" do
       let(:client_attributes) { { confidential: false } }
 
@@ -38,7 +40,7 @@ describe 'Resource Owner Password Credentials Flow' do
           token = Doorkeeper::AccessToken.first
 
           expect(token.application_id).to eq @client.id
-          should_have_json 'access_token', token.token
+          should_have_json "access_token", token.token
         end
       end
 
@@ -51,7 +53,7 @@ describe 'Resource Owner Password Credentials Flow' do
           token = Doorkeeper::AccessToken.first
 
           expect(token.application_id).to eq @client.id
-          should_have_json 'access_token', token.token
+          should_have_json "access_token", token.token
         end
 
         context "when client_secret incorrect" do
@@ -59,13 +61,13 @@ describe 'Resource Owner Password Credentials Flow' do
             expect do
               post password_token_endpoint_url(
                 client_id: @client.uid,
-                client_secret: 'foobar',
+                client_secret: "foobar",
                 resource_owner: @resource_owner
               )
             end.not_to(change { Doorkeeper::AccessToken.count })
 
             expect(response.status).to eq(401)
-            should_have_json 'error', 'invalid_client'
+            should_have_json "error", "invalid_client"
           end
         end
       end
@@ -80,7 +82,7 @@ describe 'Resource Owner Password Credentials Flow' do
         token = Doorkeeper::AccessToken.first
 
         expect(token.application_id).to eq @client.id
-        should_have_json 'access_token', token.token
+        should_have_json "access_token", token.token
       end
 
       context "when client_secret absent" do
@@ -90,12 +92,12 @@ describe 'Resource Owner Password Credentials Flow' do
           end.not_to(change { Doorkeeper::AccessToken.count })
 
           expect(response.status).to eq(401)
-          should_have_json 'error', 'invalid_client'
+          should_have_json "error", "invalid_client"
         end
       end
     end
 
-    it 'should issue new token without client credentials' do
+    it "should issue new token without client credentials" do
       expect do
         post password_token_endpoint_url(resource_owner: @resource_owner)
       end.to(change { Doorkeeper::AccessToken.count }.by(1))
@@ -103,20 +105,20 @@ describe 'Resource Owner Password Credentials Flow' do
       token = Doorkeeper::AccessToken.first
 
       expect(token.application_id).to be_nil
-      should_have_json 'access_token', token.token
+      should_have_json "access_token", token.token
     end
 
-    it 'should issue a refresh token if enabled' do
+    it "should issue a refresh token if enabled" do
       config_is_set(:refresh_token_enabled, true)
 
       post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
 
       token = Doorkeeper::AccessToken.first
 
-      should_have_json 'refresh_token', token.refresh_token
+      should_have_json "refresh_token", token.refresh_token
     end
 
-    it 'should return the same token if it is still accessible' do
+    it "should return the same token if it is still accessible" do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
 
       client_is_authorized(@client, @resource_owner)
@@ -124,35 +126,35 @@ describe 'Resource Owner Password Credentials Flow' do
       post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
 
       expect(Doorkeeper::AccessToken.count).to be(1)
-      should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+      should_have_json "access_token", Doorkeeper::AccessToken.first.token
     end
 
-    context 'with valid, default scope' do
+    context "with valid, default scope" do
       before do
         default_scopes_exist :public
       end
 
-      it 'should issue new token' do
+      it "should issue new token" do
         expect do
-          post password_token_endpoint_url(client: @client, resource_owner: @resource_owner, scope: 'public')
+          post password_token_endpoint_url(client: @client, resource_owner: @resource_owner, scope: "public")
         end.to change { Doorkeeper::AccessToken.count }.by(1)
 
         token = Doorkeeper::AccessToken.first
 
         expect(token.application_id).to eq @client.id
-        should_have_json 'access_token', token.token
-        should_have_json 'scope', 'public'
+        should_have_json "access_token", token.token
+        should_have_json "scope", "public"
       end
     end
   end
 
-  context 'when application scopes are present and differs from configured default scopes and no scope is passed' do
+  context "when application scopes are present and differs from configured default scopes and no scope is passed" do
     before do
       default_scopes_exist :public
-      @client.update(scopes: 'abc')
+      @client.update(scopes: "abc")
     end
 
-    it 'issues new token without any scope' do
+    it "issues new token without any scope" do
       expect do
         post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
       end.to change { Doorkeeper::AccessToken.count }.by(1)
@@ -161,17 +163,17 @@ describe 'Resource Owner Password Credentials Flow' do
 
       expect(token.application_id).to eq @client.id
       expect(token.scopes).to be_empty
-      should_have_json 'access_token', token.token
-      should_not_have_json 'scope'
+      should_have_json "access_token", token.token
+      should_not_have_json "scope"
     end
   end
 
-  context 'when application scopes contain some of the default scopes and no scope is passed' do
+  context "when application scopes contain some of the default scopes and no scope is passed" do
     before do
-      @client.update(scopes: 'read write public')
+      @client.update(scopes: "read write public")
     end
 
-    it 'issues new token with one default scope that are present in application scopes' do
+    it "issues new token with one default scope that are present in application scopes" do
       default_scopes_exist :public, :admin
 
       expect do
@@ -181,11 +183,11 @@ describe 'Resource Owner Password Credentials Flow' do
       token = Doorkeeper::AccessToken.first
 
       expect(token.application_id).to eq @client.id
-      should_have_json 'access_token', token.token
-      should_have_json 'scope', 'public'
+      should_have_json "access_token", token.token
+      should_have_json "scope", "public"
     end
 
-    it 'issues new token with multiple default scopes that are present in application scopes' do
+    it "issues new token with multiple default scopes that are present in application scopes" do
       default_scopes_exist :public, :read, :update
 
       expect do
@@ -195,62 +197,62 @@ describe 'Resource Owner Password Credentials Flow' do
       token = Doorkeeper::AccessToken.first
 
       expect(token.application_id).to eq @client.id
-      should_have_json 'access_token', token.token
-      should_have_json 'scope', 'public read'
+      should_have_json "access_token", token.token
+      should_have_json "scope", "public read"
     end
   end
 
-  context 'with invalid scopes' do
+  context "with invalid scopes" do
     subject do
       post password_token_endpoint_url(client: @client,
                                        resource_owner: @resource_owner,
-                                       scope: 'random')
+                                       scope: "random")
     end
 
-    it 'should not issue new token' do
+    it "should not issue new token" do
       expect { subject }.to_not(change { Doorkeeper::AccessToken.count })
     end
 
-    it 'should return invalid_scope error' do
+    it "should return invalid_scope error" do
       subject
-      should_have_json 'error', 'invalid_scope'
-      should_have_json 'error_description', translated_error_message(:invalid_scope)
-      should_not_have_json 'access_token'
+      should_have_json "error", "invalid_scope"
+      should_have_json "error_description", translated_error_message(:invalid_scope)
+      should_not_have_json "access_token"
 
       expect(response.status).to eq(400)
     end
   end
 
-  context 'with invalid user credentials' do
-    it 'should not issue new token with bad password' do
+  context "with invalid user credentials" do
+    it "should not issue new token with bad password" do
       expect do
         post password_token_endpoint_url(client: @client,
                                          resource_owner_username: @resource_owner.name,
-                                         resource_owner_password: 'wrongpassword')
+                                         resource_owner_password: "wrongpassword")
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
 
-    it 'should not issue new token without credentials' do
+    it "should not issue new token without credentials" do
       expect do
         post password_token_endpoint_url(client: @client)
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
   end
 
-  context 'with invalid confidential client credentials' do
-    it 'should not issue new token with bad client credentials' do
+  context "with invalid confidential client credentials" do
+    it "should not issue new token with bad client credentials" do
       expect do
         post password_token_endpoint_url(client_id: @client.uid,
-                                         client_secret: 'bad_secret',
+                                         client_secret: "bad_secret",
                                          resource_owner: @resource_owner)
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
   end
 
-  context 'with invalid public client id' do
-    it 'should not issue new token with bad client id' do
+  context "with invalid public client id" do
+    it "should not issue new token with bad client id" do
       expect do
-        post password_token_endpoint_url(client_id: 'bad_id', resource_owner: @resource_owner)
+        post password_token_endpoint_url(client_id: "bad_id", resource_owner: @resource_owner)
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
   end