RubyGems - doorkeeper - Versions diffs - 5.1.0.rc2 → 5.1.0 - Mend

doorkeeper 5.1.0.rc2 → 5.1.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (208) hide show

checksums.yaml +4 -4
data/.hound.yml +2 -1
data/.rubocop.yml +37 -4
data/.travis.yml +4 -27
data/Appraisals +8 -12
data/Gemfile +6 -2
data/NEWS.md +16 -0
data/README.md +11 -2
data/Rakefile +10 -8
data/app/controllers/doorkeeper/application_controller.rb +1 -2
data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
data/app/controllers/doorkeeper/applications_controller.rb +17 -5
data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
data/app/validators/redirect_uri_validator.rb +5 -2
data/app/views/doorkeeper/applications/_form.html.erb +6 -0
data/bin/console +5 -4
data/config/locales/en.yml +1 -0
data/doorkeeper.gemspec +24 -22
data/gemfiles/rails_5_0.gemfile +2 -1
data/gemfiles/rails_5_1.gemfile +2 -1
data/gemfiles/rails_5_2.gemfile +2 -1
data/gemfiles/rails_6_0.gemfile +1 -0
data/gemfiles/rails_master.gemfile +1 -0
data/lib/doorkeeper.rb +68 -66
data/lib/doorkeeper/config.rb +53 -90
data/lib/doorkeeper/config/option.rb +64 -0
data/lib/doorkeeper/engine.rb +1 -1
data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
data/lib/doorkeeper/grape/helpers.rb +3 -3
data/lib/doorkeeper/helpers/controller.rb +1 -1
data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
data/lib/doorkeeper/models/application_mixin.rb +1 -0
data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
data/lib/doorkeeper/oauth.rb +5 -5
data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
data/lib/doorkeeper/oauth/error_response.rb +5 -5
data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
data/lib/doorkeeper/oauth/scopes.rb +5 -3
data/lib/doorkeeper/oauth/token.rb +2 -2
data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
data/lib/doorkeeper/oauth/token_response.rb +9 -9
data/lib/doorkeeper/orm/active_record.rb +6 -6
data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
data/lib/doorkeeper/orm/active_record/application.rb +6 -5
data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
data/lib/doorkeeper/rails/helpers.rb +1 -1
data/lib/doorkeeper/rails/routes.rb +11 -11
data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
data/lib/doorkeeper/rake.rb +1 -1
data/lib/doorkeeper/rake/db.rake +13 -13
data/lib/doorkeeper/request.rb +1 -1
data/lib/doorkeeper/secret_storing/base.rb +7 -6
data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
data/lib/doorkeeper/secret_storing/plain.rb +4 -4
data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
data/lib/doorkeeper/version.rb +2 -2
data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
data/lib/generators/doorkeeper/install_generator.rb +11 -9
data/lib/generators/doorkeeper/migration_generator.rb +9 -9
data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
data/lib/generators/doorkeeper/views_generator.rb +6 -4
data/spec/controllers/application_metal_controller_spec.rb +10 -10
data/spec/controllers/applications_controller_spec.rb +54 -52
data/spec/controllers/authorizations_controller_spec.rb +136 -142
data/spec/controllers/protected_resources_controller_spec.rb +78 -76
data/spec/controllers/token_info_controller_spec.rb +13 -11
data/spec/controllers/tokens_controller_spec.rb +109 -94
data/spec/dummy/Rakefile +3 -1
data/spec/dummy/app/controllers/application_controller.rb +2 -0
data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
data/spec/dummy/app/controllers/home_controller.rb +5 -3
data/spec/dummy/app/controllers/metal_controller.rb +2 -0
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
data/spec/dummy/app/helpers/application_helper.rb +2 -0
data/spec/dummy/app/models/user.rb +2 -0
data/spec/dummy/config.ru +3 -1
data/spec/dummy/config/application.rb +13 -0
data/spec/dummy/config/environments/development.rb +2 -0
data/spec/dummy/config/environments/production.rb +2 -0
data/spec/dummy/config/environments/test.rb +3 -1
data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
data/spec/dummy/config/initializers/secret_token.rb +3 -1
data/spec/dummy/config/initializers/session_store.rb +3 -1
data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
data/spec/dummy/db/schema.rb +1 -1
data/spec/dummy/script/rails +5 -3
data/spec/factories.rb +5 -3
data/spec/generators/application_owner_generator_spec.rb +13 -26
data/spec/generators/confidential_applications_generator_spec.rb +12 -28
data/spec/generators/install_generator_spec.rb +17 -15
data/spec/generators/migration_generator_spec.rb +13 -26
data/spec/generators/pkce_generator_spec.rb +11 -26
data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
data/spec/generators/templates/routes.rb +2 -0
data/spec/generators/views_generator_spec.rb +14 -12
data/spec/grape/grape_integration_spec.rb +34 -32
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
data/spec/lib/config_spec.rb +137 -136
data/spec/lib/doorkeeper_spec.rb +3 -1
data/spec/lib/models/expirable_spec.rb +12 -10
data/spec/lib/models/reusable_spec.rb +6 -6
data/spec/lib/models/revocable_spec.rb +8 -6
data/spec/lib/models/scopes_spec.rb +19 -17
data/spec/lib/models/secret_storable_spec.rb +71 -49
data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
data/spec/lib/oauth/base_request_spec.rb +20 -8
data/spec/lib/oauth/base_response_spec.rb +3 -1
data/spec/lib/oauth/client/credentials_spec.rb +24 -22
data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
data/spec/lib/oauth/client_spec.rb +15 -13
data/spec/lib/oauth/code_request_spec.rb +8 -6
data/spec/lib/oauth/code_response_spec.rb +9 -7
data/spec/lib/oauth/error_response_spec.rb +14 -12
data/spec/lib/oauth/error_spec.rb +4 -2
data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
data/spec/lib/oauth/scopes_spec.rb +63 -61
data/spec/lib/oauth/token_request_spec.rb +66 -26
data/spec/lib/oauth/token_response_spec.rb +39 -37
data/spec/lib/oauth/token_spec.rb +51 -49
data/spec/lib/request/strategy_spec.rb +3 -1
data/spec/lib/secret_storing/base_spec.rb +23 -23
data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
data/spec/lib/secret_storing/plain_spec.rb +17 -17
data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
data/spec/lib/server_spec.rb +16 -14
data/spec/lib/stale_records_cleaner_spec.rb +17 -17
data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
data/spec/models/doorkeeper/access_token_spec.rb +97 -95
data/spec/models/doorkeeper/application_spec.rb +98 -57
data/spec/requests/applications/applications_request_spec.rb +98 -66
data/spec/requests/applications/authorized_applications_spec.rb +20 -18
data/spec/requests/endpoints/authorization_spec.rb +25 -23
data/spec/requests/endpoints/token_spec.rb +38 -36
data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
data/spec/requests/flows/authorization_code_spec.rb +161 -159
data/spec/requests/flows/client_credentials_spec.rb +53 -51
data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
data/spec/requests/flows/implicit_grant_spec.rb +27 -25
data/spec/requests/flows/password_spec.rb +56 -54
data/spec/requests/flows/refresh_token_spec.rb +45 -43
data/spec/requests/flows/revoke_token_spec.rb +29 -27
data/spec/requests/flows/skip_authorization_spec.rb +23 -21
data/spec/requests/protected_resources/metal_spec.rb +7 -5
data/spec/requests/protected_resources/private_api_spec.rb +35 -33
data/spec/routing/custom_controller_routes_spec.rb +67 -65
data/spec/routing/default_routes_spec.rb +22 -20
data/spec/routing/scoped_routes_spec.rb +20 -18
data/spec/spec_helper.rb +14 -13
data/spec/spec_helper_integration.rb +3 -1
data/spec/support/dependencies/factory_bot.rb +3 -1
data/spec/support/doorkeeper_rspec.rb +3 -1
data/spec/support/helpers/access_token_request_helper.rb +3 -1
data/spec/support/helpers/authorization_request_helper.rb +4 -2
data/spec/support/helpers/config_helper.rb +2 -0
data/spec/support/helpers/model_helper.rb +3 -1
data/spec/support/helpers/request_spec_helper.rb +5 -3
data/spec/support/helpers/url_helper.rb +9 -7
data/spec/support/http_method_shim.rb +4 -9
data/spec/support/orm/active_record.rb +3 -1
data/spec/support/shared/controllers_shared_context.rb +18 -16
data/spec/support/shared/hashing_shared_context.rb +3 -3
data/spec/support/shared/models_shared_examples.rb +12 -10
data/spec/validators/redirect_uri_validator_spec.rb +74 -45
data/spec/version/version_spec.rb +7 -5
metadata +12 -16
data/gemfiles/rails_4_2.gemfile +0 -17
data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14

@@ -1,11 +1,13 @@
-require 'coveralls'
+# frozen_string_literal: true
-Coveralls.wear!('rails') do
-  add_filter('/spec/')
-  add_filter('/lib/generators/doorkeeper/templates/')
+require "coveralls"
+Coveralls.wear!("rails") do
+  add_filter("/spec/")
+  add_filter("/lib/generators/doorkeeper/templates/")
 end
-ENV['RAILS_ENV'] ||= 'test'
+ENV["RAILS_ENV"] ||= "test"
 $LOAD_PATH.unshift File.dirname(__FILE__)
@@ -13,15 +15,15 @@ require "#{File.dirname(__FILE__)}/support/doorkeeper_rspec.rb"
 DOORKEEPER_ORM = Doorkeeper::RSpec.detect_orm
-require 'dummy/config/environment'
-require 'rspec/rails'
-require 'capybara/rspec'
-require 'database_cleaner'
-require 'generator_spec/test_case'
+require "dummy/config/environment"
+require "rspec/rails"
+require "capybara/rspec"
+require "database_cleaner"
+require "generator_spec/test_case"
 # Load JRuby SQLite3 if in that platform
 if defined? JRUBY_VERSION
-  require 'jdbc/sqlite3'
+  require "jdbc/sqlite3"
   Jdbc::SQLite3.load_driver
 end
@@ -29,7 +31,6 @@ Doorkeeper::RSpec.print_configuration_info
 # Remove after dropping support of Rails 4.2
 require "#{File.dirname(__FILE__)}/support/http_method_shim"
-require "#{File.dirname(__FILE__)}/support/ruby_2_6_rails_4_2_patch"
 require "support/orm/#{DOORKEEPER_ORM}"
@@ -52,5 +53,5 @@ RSpec.configure do |config|
     DatabaseCleaner.clean
   end
-  config.order = 'random'
+  config.order = "random"
 end

data/spec/spec_helper_integration.rb CHANGED

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
 # For compatibility only
-require 'spec_helper'
+require "spec_helper"

data/spec/support/dependencies/factory_bot.rb CHANGED

@@ -1,2 +1,4 @@
-require 'factory_bot'
+# frozen_string_literal: true
+require "factory_bot"
 FactoryBot.find_definitions

data/spec/support/doorkeeper_rspec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Doorkeeper
   class RSpec
     # Print's useful information about env: Ruby / Rails versions,
@@ -13,7 +15,7 @@ module Doorkeeper
     # Tries to find ORM from the Gemfile used to run test suite
     def self.detect_orm
-      orm = (ENV['BUNDLE_GEMFILE'] || '').match(/Gemfile\.(.+)\.rb/)
+      orm = (ENV["BUNDLE_GEMFILE"] || "").match(/Gemfile\.(.+)\.rb/)
       (orm && orm[1] || :active_record).to_sym
     end
   end

data/spec/support/helpers/access_token_request_helper.rb CHANGED

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
 module AccessTokenRequestHelper
   def client_is_authorized(client, resource_owner, access_token_attributes = {})
     attributes = {
       application: client,
-      resource_owner_id: resource_owner.id
+      resource_owner_id: resource_owner.id,
     }.merge(access_token_attributes)
     FactoryBot.create(:access_token, attributes)
   end

data/spec/support/helpers/authorization_request_helper.rb CHANGED

@@ -1,11 +1,13 @@
+# frozen_string_literal: true
 module AuthorizationRequestHelper
   def resource_owner_is_authenticated(resource_owner = nil)
-    resource_owner ||= User.create!(name: 'Joe', password: 'sekret')
+    resource_owner ||= User.create!(name: "Joe", password: "sekret")
     Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { resource_owner })
   end
   def resource_owner_is_not_authenticated
-    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to('/sign_in') })
+    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to("/sign_in") })
   end
   def default_scopes_exist(*scopes)

data/spec/support/helpers/config_helper.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module ConfigHelper
   def config_is_set(setting, value = nil, &block)
     setting_ivar = "@#{setting}"

data/spec/support/helpers/model_helper.rb CHANGED

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
 module ModelHelper
   def client_exists(client_attributes = {})
     @client = FactoryBot.create(:application, client_attributes)
   end
   def create_resource_owner
-    @resource_owner = User.create!(name: 'Joe', password: 'sekret')
+    @resource_owner = User.create!(name: "Joe", password: "sekret")
   end
   def authorization_code_exists(options = {})

data/spec/support/helpers/request_spec_helper.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module RequestSpecHelper
   def i_am_logged_in
     allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) {})
@@ -48,7 +50,7 @@ module RequestSpecHelper
   end
   def with_access_token_header(token)
-    with_header 'Authorization', "Bearer #{token}"
+    with_header "Authorization", "Bearer #{token}"
   end
   def with_header(header, value)
@@ -72,8 +74,8 @@ module RequestSpecHelper
   end
   def sign_in
-    visit '/'
-    click_on 'Sign in'
+    visit "/"
+    click_on "Sign in"
   end
   def create_access_token(authorization_code, client, code_verifier = nil)

data/spec/support/helpers/url_helper.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module UrlHelper
   def token_endpoint_url(options = {})
     parameters = {
@@ -5,9 +7,9 @@ module UrlHelper
       client_id: options[:client_id] || options[:client].try(:uid),
       client_secret: options[:client_secret] || options[:client].try(:secret),
       redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
-      grant_type: options[:grant_type] || 'authorization_code',
+      grant_type: options[:grant_type] || "authorization_code",
       code_verifier: options[:code_verifier],
-      code_challenge_method: options[:code_challenge_method]
+      code_challenge_method: options[:code_challenge_method],
     }.reject { |_, v| v.blank? }
     "/oauth/token?#{build_query(parameters)}"
   end
@@ -20,7 +22,7 @@ module UrlHelper
       username: options[:resource_owner_username] || options[:resource_owner].try(:name),
       password: options[:resource_owner_password] || options[:resource_owner].try(:password),
       scope: options[:scope],
-      grant_type: 'password'
+      grant_type: "password",
     }
     "/oauth/token?#{build_query(parameters)}"
   end
@@ -29,11 +31,11 @@ module UrlHelper
     parameters = {
       client_id: options[:client_id] || options[:client].try(:uid),
       redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
-      response_type: options[:response_type] || 'code',
+      response_type: options[:response_type] || "code",
       scope: options[:scope],
       state: options[:state],
       code_challenge: options[:code_challenge],
-      code_challenge_method: options[:code_challenge_method]
+      code_challenge_method: options[:code_challenge_method],
     }.reject { |_, v| v.blank? }
     "/oauth/authorize?#{build_query(parameters)}"
   end
@@ -43,13 +45,13 @@ module UrlHelper
       refresh_token: options[:refresh_token],
       client_id: options[:client_id] || options[:client].try(:uid),
       client_secret: options[:client_secret] || options[:client].try(:secret),
-      grant_type: options[:grant_type] || 'refresh_token'
+      grant_type: options[:grant_type] || "refresh_token",
     }
     "/oauth/token?#{build_query(parameters)}"
   end
   def revocation_token_endpoint_url
-    '/oauth/revoke'
+    "/oauth/revoke"
   end
   def build_query(hash)

data/spec/support/http_method_shim.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Rails 5 deprecates calling HTTP action methods with positional arguments
 # in favor of keyword arguments. However, the keyword argument form is only
 # supported in Rails 5+. Since we support back to 4, we need some sort of shim
@@ -17,18 +19,11 @@ module RoutingHTTPMethodShim
 end
 module ControllerHTTPMethodShim
-  def process(action, http_method = 'GET', **args)
+  def process(action, http_method = "GET", **args)
     if (as = args.delete(:as))
-      @request.headers['Content-Type'] = Mime[as].to_s
+      @request.headers["Content-Type"] = Mime[as].to_s
     end
     super(action, http_method, args[:params], args[:session], args[:flash])
   end
 end
-if ::Rails::VERSION::MAJOR < 5
-  RSpec.configure do |config|
-    config.include ControllerHTTPMethodShim, type: :controller
-    config.include RoutingHTTPMethodShim, type: :request
-  end
-end

data/spec/support/orm/active_record.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # load schema to in memory sqlite
 ActiveRecord::Migration.verbose = false
-load Rails.root + 'db/schema.rb'
+load Rails.root + "db/schema.rb"

data/spec/support/shared/controllers_shared_context.rb CHANGED

@@ -1,5 +1,7 @@
-shared_context 'valid token', token: :valid do
-  let(:token_string) { '1A2B3C4D' }
+# frozen_string_literal: true
+shared_context "valid token", token: :valid do
+  let(:token_string) { "1A2B3C4D" }
   let :token do
     double(Doorkeeper::AccessToken,
@@ -14,8 +16,8 @@ shared_context 'valid token', token: :valid do
   end
 end
-shared_context 'invalid token', token: :invalid do
-  let(:token_string) { '1A2B3C4D' }
+shared_context "invalid token", token: :invalid do
+  let(:token_string) { "1A2B3C4D" }
   let :token do
     double(Doorkeeper::AccessToken,
@@ -31,22 +33,22 @@ shared_context 'invalid token', token: :invalid do
   end
 end
-shared_context 'authenticated resource owner' do
+shared_context "authenticated resource owner" do
   before do
     user = double(:resource, id: 1)
     allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
   end
 end
-shared_context 'not authenticated resource owner' do
+shared_context "not authenticated resource owner" do
   before do
-    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to '/' } }
+    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to "/" } }
   end
 end
-shared_context 'valid authorization request' do
+shared_context "valid authorization request" do
   let :authorization do
-    double(:authorization, valid?: true, authorize: true, success_redirect_uri: 'http://something.com/cb?code=token')
+    double(:authorization, valid?: true, authorize: true, success_redirect_uri: "http://something.com/cb?code=token")
   end
   before do
@@ -54,7 +56,7 @@ shared_context 'valid authorization request' do
   end
 end
-shared_context 'invalid authorization request' do
+shared_context "invalid authorization request" do
   let :authorization do
     double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
   end
@@ -64,9 +66,9 @@ shared_context 'invalid authorization request' do
   end
 end
-shared_context 'expired token', token: :expired do
+shared_context "expired token", token: :expired do
   let :token_string do
-    '1A2B3C4DEXP'
+    "1A2B3C4DEXP"
   end
   let :token do
@@ -83,9 +85,9 @@ shared_context 'expired token', token: :expired do
   end
 end
-shared_context 'revoked token', token: :revoked do
+shared_context "revoked token", token: :revoked do
   let :token_string do
-    '1A2B3C4DREV'
+    "1A2B3C4DREV"
   end
   let :token do
@@ -102,9 +104,9 @@ shared_context 'revoked token', token: :revoked do
   end
 end
-shared_context 'forbidden token', token: :forbidden do
+shared_context "forbidden token", token: :forbidden do
   let :token_string do
-    '1A2B3C4DFORB'
+    "1A2B3C4DFORB"
   end
   let :token do

data/spec/support/shared/hashing_shared_context.rb CHANGED

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-shared_context 'with token hashing enabled' do
+shared_context "with token hashing enabled" do
   let(:hashed_or_plain_token_func) do
     Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
   end
@@ -12,7 +12,7 @@ shared_context 'with token hashing enabled' do
   end
 end
-shared_context 'with token hashing and fallback lookup enabled' do
+shared_context "with token hashing and fallback lookup enabled" do
   let(:hashed_or_plain_token_func) do
     Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
   end
@@ -24,7 +24,7 @@ shared_context 'with token hashing and fallback lookup enabled' do
   end
 end
-shared_context 'with application hashing enabled' do
+shared_context "with application hashing enabled" do
   let(:hashed_or_plain_token_func) do
     Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
   end

data/spec/support/shared/models_shared_examples.rb CHANGED

@@ -1,46 +1,48 @@
-shared_examples 'an accessible token' do
+# frozen_string_literal: true
+shared_examples "an accessible token" do
   describe :accessible? do
-    it 'is accessible if token is not expired' do
+    it "is accessible if token is not expired" do
       allow(subject).to receive(:expired?).and_return(false)
       should be_accessible
     end
-    it 'is not accessible if token is expired' do
+    it "is not accessible if token is expired" do
       allow(subject).to receive(:expired?).and_return(true)
       should_not be_accessible
     end
   end
 end
-shared_examples 'a revocable token' do
+shared_examples "a revocable token" do
   describe :accessible? do
     before { subject.save! }
-    it 'is accessible if token is not revoked' do
+    it "is accessible if token is not revoked" do
       expect(subject).to be_accessible
     end
-    it 'is not accessible if token is revoked' do
+    it "is not accessible if token is revoked" do
       subject.revoke
       expect(subject).not_to be_accessible
     end
   end
 end
-shared_examples 'a unique token' do
+shared_examples "a unique token" do
   describe :token do
-    it 'is generated before validation' do
+    it "is generated before validation" do
       expect { subject.valid? }.to change { subject.token }.from(nil)
     end
-    it 'is not valid if token exists' do
+    it "is not valid if token exists" do
       token1 = FactoryBot.create factory_name
       token2 = FactoryBot.create factory_name
       token2.token = token1.token
       expect(token2).not_to be_valid
     end
-    it 'expects database to throw an error when tokens are the same' do
+    it "expects database to throw an error when tokens are the same" do
       token1 = FactoryBot.create factory_name
       token2 = FactoryBot.create factory_name
       token2.token = token1.token

data/spec/validators/redirect_uri_validator_spec.rb CHANGED

@@ -1,12 +1,14 @@
-require 'spec_helper'
+# frozen_string_literal: true
+require "spec_helper"
 describe RedirectUriValidator do
   subject do
     FactoryBot.create(:application)
   end
-  it 'is valid when the uri is a uri' do
-    subject.redirect_uri = 'https://example.com/callback'
+  it "is valid when the uri is a uri" do
+    subject.redirect_uri = "https://example.com/callback"
     expect(subject).to be_valid
   end
@@ -15,115 +17,142 @@ describe RedirectUriValidator do
   # the system browser.
   #
   # @see https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/
-  it 'is valid when the uri is custom native URI' do
-    subject.redirect_uri = 'myapp://callback'
+  it "is valid when the uri is custom native URI" do
+    subject.redirect_uri = "myapp://callback"
     expect(subject).to be_valid
   end
-  it 'is valid when the uri has a query parameter' do
-    subject.redirect_uri = 'https://example.com/abcd?xyz=123'
+  it "is valid when the uri has a query parameter" do
+    subject.redirect_uri = "https://example.com/abcd?xyz=123"
     expect(subject).to be_valid
   end
-  it 'accepts native redirect uri' do
-    subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
+  it "accepts native redirect uri" do
+    subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
     expect(subject).to be_valid
   end
-  it 'rejects if test uri is disabled' do
+  it "rejects if test uri is disabled" do
     allow(RedirectUriValidator).to receive(:native_redirect_uri).and_return(nil)
-    subject.redirect_uri = 'urn:some:test'
+    subject.redirect_uri = "urn:some:test"
     expect(subject).not_to be_valid
   end
-  it 'is invalid when the uri is not a uri' do
-    subject.redirect_uri = ']'
+  it "is invalid when the uri is not a uri" do
+    subject.redirect_uri = "]"
     expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq('must be a valid URI.')
+    expect(subject.errors[:redirect_uri].first).to eq("must be a valid URI.")
   end
-  it 'is invalid when the uri is relative' do
-    subject.redirect_uri = '/abcd'
+  it "is invalid when the uri is relative" do
+    subject.redirect_uri = "/abcd"
     expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq('must be an absolute URI.')
+    expect(subject.errors[:redirect_uri].first).to eq("must be an absolute URI.")
   end
-  it 'is invalid when the uri has a fragment' do
-    subject.redirect_uri = 'https://example.com/abcd#xyz'
+  it "is invalid when the uri has a fragment" do
+    subject.redirect_uri = "https://example.com/abcd#xyz"
     expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq('cannot contain a fragment.')
+    expect(subject.errors[:redirect_uri].first).to eq("cannot contain a fragment.")
   end
-  context 'force secured uri' do
-    it 'accepts an valid uri' do
-      subject.redirect_uri = 'https://example.com/callback'
+  context "force secured uri" do
+    it "accepts an valid uri" do
+      subject.redirect_uri = "https://example.com/callback"
       expect(subject).to be_valid
     end
-    it 'accepts native redirect uri' do
-      subject.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
+    it "accepts native redirect uri" do
+      subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
       expect(subject).to be_valid
     end
-    it 'accepts app redirect uri' do
-      subject.redirect_uri = 'some-awesome-app://oauth/callback'
+    it "accepts app redirect uri" do
+      subject.redirect_uri = "some-awesome-app://oauth/callback"
       expect(subject).to be_valid
     end
-    it 'accepts a non secured protocol when disabled' do
-      subject.redirect_uri = 'http://example.com/callback'
+    it "accepts a non secured protocol when disabled" do
+      subject.redirect_uri = "http://example.com/callback"
       allow(Doorkeeper.configuration).to receive(
         :force_ssl_in_redirect_uri
       ).and_return(false)
       expect(subject).to be_valid
     end
-    it 'accepts a non secured protocol when conditional option defined' do
+    it "accepts a non secured protocol when conditional option defined" do
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        force_ssl_in_redirect_uri { |uri| uri.host != 'localhost' }
+        force_ssl_in_redirect_uri { |uri| uri.host != "localhost" }
       end
-      application = FactoryBot.build(:application, redirect_uri: 'http://localhost/callback')
+      application = FactoryBot.build(:application, redirect_uri: "http://localhost/callback")
       expect(application).to be_valid
-      application = FactoryBot.build(:application, redirect_uri: 'https://test.com/callback')
+      application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
       expect(application).to be_valid
-      application = FactoryBot.build(:application, redirect_uri: 'http://localhost2/callback')
+      application = FactoryBot.build(:application, redirect_uri: "http://localhost2/callback")
       expect(application).not_to be_valid
-      application = FactoryBot.build(:application, redirect_uri: 'https://test.com/callback')
+      application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
       expect(application).to be_valid
     end
-    it 'forbids redirect uri if required' do
-      subject.redirect_uri = 'javascript://document.cookie'
+    it "forbids redirect uri if required" do
+      subject.redirect_uri = "javascript://document.cookie"
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        forbid_redirect_uri { |uri| uri.scheme == 'javascript' }
+        forbid_redirect_uri { |uri| uri.scheme == "javascript" }
       end
       expect(subject).to be_invalid
-      expect(subject.errors[:redirect_uri].first).to eq('is forbidden by the server.')
+      expect(subject.errors[:redirect_uri].first).to eq("is forbidden by the server.")
-      subject.redirect_uri = 'https://localhost/callback'
+      subject.redirect_uri = "https://localhost/callback"
       expect(subject).to be_valid
     end
-    it 'invalidates the uri when the uri does not use a secure protocol' do
-      subject.redirect_uri = 'http://example.com/callback'
+    it "invalidates the uri when the uri does not use a secure protocol" do
+      subject.redirect_uri = "http://example.com/callback"
       expect(subject).not_to be_valid
       error = subject.errors[:redirect_uri].first
-      expect(error).to eq('must be an HTTPS/SSL URI.')
+      expect(error).to eq("must be an HTTPS/SSL URI.")
     end
   end
-  context 'multiple redirect uri' do
-    it 'invalidates the second uri when the first uri is native uri' do
+  context "multiple redirect uri" do
+    it "invalidates the second uri when the first uri is native uri" do
       subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob\nexample.com/callback"
       expect(subject).to be_invalid
     end
   end
+  context "blank redirect URI" do
+    it "forbids blank redirect uri by default" do
+      subject.redirect_uri = ""
+      expect(subject).to be_invalid
+      expect(subject.errors[:redirect_uri]).not_to be_blank
+    end
+    it "forbids blank redirect uri by custom condition" do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        allow_blank_redirect_uri do |_grant_flows, application|
+          application.name == "admin app"
+        end
+      end
+      subject.name = "test app"
+      subject.redirect_uri = ""
+      expect(subject).to be_invalid
+      expect(subject.errors[:redirect_uri]).not_to be_blank
+      subject.name = "admin app"
+      expect(subject).to be_valid
+    end
+  end
 end