doorkeeper 5.1.0.rc2 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.hound.yml +2 -1
- data/.rubocop.yml +37 -4
- data/.travis.yml +4 -27
- data/Appraisals +8 -12
- data/Gemfile +6 -2
- data/NEWS.md +16 -0
- data/README.md +11 -2
- data/Rakefile +10 -8
- data/app/controllers/doorkeeper/application_controller.rb +1 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
- data/app/controllers/doorkeeper/applications_controller.rb +17 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/validators/redirect_uri_validator.rb +5 -2
- data/app/views/doorkeeper/applications/_form.html.erb +6 -0
- data/bin/console +5 -4
- data/config/locales/en.yml +1 -0
- data/doorkeeper.gemspec +24 -22
- data/gemfiles/rails_5_0.gemfile +2 -1
- data/gemfiles/rails_5_1.gemfile +2 -1
- data/gemfiles/rails_5_2.gemfile +2 -1
- data/gemfiles/rails_6_0.gemfile +1 -0
- data/gemfiles/rails_master.gemfile +1 -0
- data/lib/doorkeeper.rb +68 -66
- data/lib/doorkeeper/config.rb +53 -90
- data/lib/doorkeeper/config/option.rb +64 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
- data/lib/doorkeeper/grape/helpers.rb +3 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
- data/lib/doorkeeper/models/application_mixin.rb +1 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
- data/lib/doorkeeper/oauth.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/scopes.rb +5 -3
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
- data/lib/doorkeeper/oauth/token_response.rb +9 -9
- data/lib/doorkeeper/orm/active_record.rb +6 -6
- data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
- data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
- data/lib/doorkeeper/orm/active_record/application.rb +6 -5
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
- data/lib/doorkeeper/rails/helpers.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +11 -11
- data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
- data/lib/doorkeeper/rake.rb +1 -1
- data/lib/doorkeeper/rake/db.rake +13 -13
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/secret_storing/base.rb +7 -6
- data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
- data/lib/doorkeeper/secret_storing/plain.rb +4 -4
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
- data/lib/generators/doorkeeper/install_generator.rb +11 -9
- data/lib/generators/doorkeeper/migration_generator.rb +9 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
- data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
- data/lib/generators/doorkeeper/views_generator.rb +6 -4
- data/spec/controllers/application_metal_controller_spec.rb +10 -10
- data/spec/controllers/applications_controller_spec.rb +54 -52
- data/spec/controllers/authorizations_controller_spec.rb +136 -142
- data/spec/controllers/protected_resources_controller_spec.rb +78 -76
- data/spec/controllers/token_info_controller_spec.rb +13 -11
- data/spec/controllers/tokens_controller_spec.rb +109 -94
- data/spec/dummy/Rakefile +3 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/controllers/home_controller.rb +5 -3
- data/spec/dummy/app/controllers/metal_controller.rb +2 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +2 -0
- data/spec/dummy/config.ru +3 -1
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/environments/development.rb +2 -0
- data/spec/dummy/config/environments/production.rb +2 -0
- data/spec/dummy/config/environments/test.rb +3 -1
- data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
- data/spec/dummy/config/initializers/secret_token.rb +3 -1
- data/spec/dummy/config/initializers/session_store.rb +3 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
- data/spec/dummy/db/schema.rb +1 -1
- data/spec/dummy/script/rails +5 -3
- data/spec/factories.rb +5 -3
- data/spec/generators/application_owner_generator_spec.rb +13 -26
- data/spec/generators/confidential_applications_generator_spec.rb +12 -28
- data/spec/generators/install_generator_spec.rb +17 -15
- data/spec/generators/migration_generator_spec.rb +13 -26
- data/spec/generators/pkce_generator_spec.rb +11 -26
- data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
- data/spec/generators/templates/routes.rb +2 -0
- data/spec/generators/views_generator_spec.rb +14 -12
- data/spec/grape/grape_integration_spec.rb +34 -32
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
- data/spec/lib/config_spec.rb +137 -136
- data/spec/lib/doorkeeper_spec.rb +3 -1
- data/spec/lib/models/expirable_spec.rb +12 -10
- data/spec/lib/models/reusable_spec.rb +6 -6
- data/spec/lib/models/revocable_spec.rb +8 -6
- data/spec/lib/models/scopes_spec.rb +19 -17
- data/spec/lib/models/secret_storable_spec.rb +71 -49
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
- data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
- data/spec/lib/oauth/base_request_spec.rb +20 -8
- data/spec/lib/oauth/base_response_spec.rb +3 -1
- data/spec/lib/oauth/client/credentials_spec.rb +24 -22
- data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
- data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
- data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
- data/spec/lib/oauth/client_spec.rb +15 -13
- data/spec/lib/oauth/code_request_spec.rb +8 -6
- data/spec/lib/oauth/code_response_spec.rb +9 -7
- data/spec/lib/oauth/error_response_spec.rb +14 -12
- data/spec/lib/oauth/error_spec.rb +4 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
- data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
- data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
- data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
- data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
- data/spec/lib/oauth/scopes_spec.rb +63 -61
- data/spec/lib/oauth/token_request_spec.rb +66 -26
- data/spec/lib/oauth/token_response_spec.rb +39 -37
- data/spec/lib/oauth/token_spec.rb +51 -49
- data/spec/lib/request/strategy_spec.rb +3 -1
- data/spec/lib/secret_storing/base_spec.rb +23 -23
- data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
- data/spec/lib/secret_storing/plain_spec.rb +17 -17
- data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
- data/spec/lib/server_spec.rb +16 -14
- data/spec/lib/stale_records_cleaner_spec.rb +17 -17
- data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
- data/spec/models/doorkeeper/access_token_spec.rb +97 -95
- data/spec/models/doorkeeper/application_spec.rb +98 -57
- data/spec/requests/applications/applications_request_spec.rb +98 -66
- data/spec/requests/applications/authorized_applications_spec.rb +20 -18
- data/spec/requests/endpoints/authorization_spec.rb +25 -23
- data/spec/requests/endpoints/token_spec.rb +38 -36
- data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
- data/spec/requests/flows/authorization_code_spec.rb +161 -159
- data/spec/requests/flows/client_credentials_spec.rb +53 -51
- data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
- data/spec/requests/flows/implicit_grant_spec.rb +27 -25
- data/spec/requests/flows/password_spec.rb +56 -54
- data/spec/requests/flows/refresh_token_spec.rb +45 -43
- data/spec/requests/flows/revoke_token_spec.rb +29 -27
- data/spec/requests/flows/skip_authorization_spec.rb +23 -21
- data/spec/requests/protected_resources/metal_spec.rb +7 -5
- data/spec/requests/protected_resources/private_api_spec.rb +35 -33
- data/spec/routing/custom_controller_routes_spec.rb +67 -65
- data/spec/routing/default_routes_spec.rb +22 -20
- data/spec/routing/scoped_routes_spec.rb +20 -18
- data/spec/spec_helper.rb +14 -13
- data/spec/spec_helper_integration.rb +3 -1
- data/spec/support/dependencies/factory_bot.rb +3 -1
- data/spec/support/doorkeeper_rspec.rb +3 -1
- data/spec/support/helpers/access_token_request_helper.rb +3 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -2
- data/spec/support/helpers/config_helper.rb +2 -0
- data/spec/support/helpers/model_helper.rb +3 -1
- data/spec/support/helpers/request_spec_helper.rb +5 -3
- data/spec/support/helpers/url_helper.rb +9 -7
- data/spec/support/http_method_shim.rb +4 -9
- data/spec/support/orm/active_record.rb +3 -1
- data/spec/support/shared/controllers_shared_context.rb +18 -16
- data/spec/support/shared/hashing_shared_context.rb +3 -3
- data/spec/support/shared/models_shared_examples.rb +12 -10
- data/spec/validators/redirect_uri_validator_spec.rb +74 -45
- data/spec/version/version_spec.rb +7 -5
- metadata +12 -16
- data/gemfiles/rails_4_2.gemfile +0 -17
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
- data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14
@@ -2,14 +2,16 @@
|
|
2
2
|
|
3
3
|
module Doorkeeper
|
4
4
|
module Generators
|
5
|
+
# Generates doorkeeper views for Rails application
|
6
|
+
#
|
5
7
|
class ViewsGenerator < ::Rails::Generators::Base
|
6
|
-
source_root File.expand_path(
|
8
|
+
source_root File.expand_path("../../../app/views", __dir__)
|
7
9
|
|
8
|
-
desc
|
10
|
+
desc "Copies default Doorkeeper views and layouts to your application."
|
9
11
|
|
10
12
|
def manifest
|
11
|
-
directory
|
12
|
-
directory
|
13
|
+
directory "doorkeeper", "app/views/doorkeeper"
|
14
|
+
directory "layouts/doorkeeper", "app/views/layouts/doorkeeper"
|
13
15
|
end
|
14
16
|
end
|
15
17
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "spec_helper_integration"
|
4
4
|
|
5
5
|
describe Doorkeeper::ApplicationMetalController do
|
6
6
|
controller(Doorkeeper::ApplicationMetalController) do
|
@@ -20,42 +20,42 @@ describe Doorkeeper::ApplicationMetalController do
|
|
20
20
|
expect(i).to eq 1
|
21
21
|
end
|
22
22
|
|
23
|
-
describe
|
23
|
+
describe "enforce_content_type" do
|
24
24
|
before { allow(Doorkeeper.configuration).to receive(:enforce_content_type).and_return(flag) }
|
25
25
|
|
26
|
-
context
|
26
|
+
context "enabled" do
|
27
27
|
let(:flag) { true }
|
28
28
|
|
29
|
-
it
|
29
|
+
it "returns a 200 for the requests without body" do
|
30
30
|
get :index, params: {}
|
31
31
|
expect(response).to have_http_status 200
|
32
32
|
end
|
33
33
|
|
34
|
-
it
|
34
|
+
it "returns a 200 for the requests with body and correct media type" do
|
35
35
|
post :create, params: {}, as: :url_encoded_form
|
36
36
|
expect(response).to have_http_status 200
|
37
37
|
end
|
38
38
|
|
39
|
-
it
|
39
|
+
it "returns a 415 for the requests with body and incorrect media type" do
|
40
40
|
post :create, params: {}, as: :json
|
41
41
|
expect(response).to have_http_status 415
|
42
42
|
end
|
43
43
|
end
|
44
44
|
|
45
|
-
context
|
45
|
+
context "disabled" do
|
46
46
|
let(:flag) { false }
|
47
47
|
|
48
|
-
it
|
48
|
+
it "returns a 200 for the correct media type" do
|
49
49
|
get :index, as: :url_encoded_form
|
50
50
|
expect(response).to have_http_status 200
|
51
51
|
end
|
52
52
|
|
53
|
-
it
|
53
|
+
it "returns a 200 for an incorrect media type" do
|
54
54
|
get :index, as: :json
|
55
55
|
expect(response).to have_http_status 200
|
56
56
|
end
|
57
57
|
|
58
|
-
it
|
58
|
+
it "returns a 200 for the requests with body and incorrect media type" do
|
59
59
|
post :create, params: {}, as: :json
|
60
60
|
expect(response).to have_http_status 200
|
61
61
|
end
|
@@ -1,8 +1,10 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
2
4
|
|
3
5
|
module Doorkeeper
|
4
6
|
describe ApplicationsController do
|
5
|
-
context
|
7
|
+
context "JSON API" do
|
6
8
|
render_views
|
7
9
|
|
8
10
|
before do
|
@@ -10,81 +12,81 @@ module Doorkeeper
|
|
10
12
|
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
|
11
13
|
end
|
12
14
|
|
13
|
-
it
|
15
|
+
it "creates an application" do
|
14
16
|
expect do
|
15
17
|
post :create, params: {
|
16
18
|
doorkeeper_application: {
|
17
|
-
name:
|
18
|
-
redirect_uri:
|
19
|
-
}, format: :json
|
19
|
+
name: "Example",
|
20
|
+
redirect_uri: "https://example.com",
|
21
|
+
}, format: :json,
|
20
22
|
}
|
21
23
|
end.to(change { Doorkeeper::Application.count })
|
22
24
|
|
23
25
|
expect(response).to be_successful
|
24
26
|
|
25
|
-
expect(json_response).to include(
|
27
|
+
expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
|
26
28
|
|
27
|
-
expect(json_response[
|
28
|
-
expect(json_response[
|
29
|
+
expect(json_response["name"]).to eq("Example")
|
30
|
+
expect(json_response["redirect_uri"]).to eq("https://example.com")
|
29
31
|
end
|
30
32
|
|
31
|
-
it
|
33
|
+
it "returns validation errors on wrong create params" do
|
32
34
|
expect do
|
33
35
|
post :create, params: {
|
34
36
|
doorkeeper_application: {
|
35
|
-
name:
|
36
|
-
}, format: :json
|
37
|
+
name: "Example",
|
38
|
+
}, format: :json,
|
37
39
|
}
|
38
40
|
end.not_to(change { Doorkeeper::Application.count })
|
39
41
|
|
40
42
|
expect(response).to have_http_status(422)
|
41
43
|
|
42
|
-
expect(json_response).to include(
|
44
|
+
expect(json_response).to include("errors")
|
43
45
|
end
|
44
46
|
|
45
|
-
it
|
46
|
-
application = FactoryBot.create(:application, name:
|
47
|
+
it "returns application info" do
|
48
|
+
application = FactoryBot.create(:application, name: "Change me")
|
47
49
|
|
48
50
|
get :show, params: { id: application.id, format: :json }
|
49
51
|
|
50
52
|
expect(response).to be_successful
|
51
53
|
|
52
|
-
expect(json_response).to include(
|
54
|
+
expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
|
53
55
|
end
|
54
56
|
|
55
|
-
it
|
56
|
-
application = FactoryBot.create(:application, name:
|
57
|
+
it "updates application" do
|
58
|
+
application = FactoryBot.create(:application, name: "Change me")
|
57
59
|
|
58
60
|
put :update, params: {
|
59
61
|
id: application.id,
|
60
62
|
doorkeeper_application: {
|
61
|
-
name:
|
62
|
-
redirect_uri:
|
63
|
-
}, format: :json
|
63
|
+
name: "Example App",
|
64
|
+
redirect_uri: "https://example.com",
|
65
|
+
}, format: :json,
|
64
66
|
}
|
65
67
|
|
66
|
-
expect(application.reload.name).to eq
|
68
|
+
expect(application.reload.name).to eq "Example App"
|
67
69
|
|
68
|
-
expect(json_response).to include(
|
70
|
+
expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
|
69
71
|
end
|
70
72
|
|
71
|
-
it
|
72
|
-
application = FactoryBot.create(:application, name:
|
73
|
+
it "returns validation errors on wrong update params" do
|
74
|
+
application = FactoryBot.create(:application, name: "Change me")
|
73
75
|
|
74
76
|
put :update, params: {
|
75
77
|
id: application.id,
|
76
78
|
doorkeeper_application: {
|
77
|
-
name:
|
78
|
-
redirect_uri:
|
79
|
-
}, format: :json
|
79
|
+
name: "Example App",
|
80
|
+
redirect_uri: "localhost:3000",
|
81
|
+
}, format: :json,
|
80
82
|
}
|
81
83
|
|
82
84
|
expect(response).to have_http_status(422)
|
83
85
|
|
84
|
-
expect(json_response).to include(
|
86
|
+
expect(json_response).to include("errors")
|
85
87
|
end
|
86
88
|
|
87
|
-
it
|
89
|
+
it "destroys an application" do
|
88
90
|
application = FactoryBot.create(:application)
|
89
91
|
|
90
92
|
delete :destroy, params: { id: application.id, format: :json }
|
@@ -94,38 +96,38 @@ module Doorkeeper
|
|
94
96
|
end
|
95
97
|
end
|
96
98
|
|
97
|
-
context
|
99
|
+
context "when admin is not authenticated" do
|
98
100
|
before do
|
99
101
|
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
|
100
102
|
redirect_to main_app.root_url
|
101
103
|
end)
|
102
104
|
end
|
103
105
|
|
104
|
-
it
|
106
|
+
it "redirects as set in Doorkeeper.authenticate_admin" do
|
105
107
|
get :index
|
106
108
|
expect(response).to redirect_to(controller.main_app.root_url)
|
107
109
|
end
|
108
110
|
|
109
|
-
it
|
111
|
+
it "does not create application" do
|
110
112
|
expect do
|
111
113
|
post :create, params: {
|
112
114
|
doorkeeper_application: {
|
113
|
-
name:
|
114
|
-
redirect_uri:
|
115
|
-
}
|
115
|
+
name: "Example",
|
116
|
+
redirect_uri: "https://example.com",
|
117
|
+
},
|
116
118
|
}
|
117
119
|
end.not_to(change { Doorkeeper::Application.count })
|
118
120
|
end
|
119
121
|
end
|
120
122
|
|
121
|
-
context
|
123
|
+
context "when admin is authenticated" do
|
122
124
|
render_views
|
123
125
|
|
124
126
|
before do
|
125
127
|
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
|
126
128
|
end
|
127
129
|
|
128
|
-
it
|
130
|
+
it "sorts applications by created_at" do
|
129
131
|
first_application = FactoryBot.create(:application)
|
130
132
|
second_application = FactoryBot.create(:application)
|
131
133
|
expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
|
@@ -136,42 +138,42 @@ module Doorkeeper
|
|
136
138
|
expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
|
137
139
|
end
|
138
140
|
|
139
|
-
it
|
141
|
+
it "creates application" do
|
140
142
|
expect do
|
141
143
|
post :create, params: {
|
142
144
|
doorkeeper_application: {
|
143
|
-
name:
|
144
|
-
redirect_uri:
|
145
|
-
}
|
145
|
+
name: "Example",
|
146
|
+
redirect_uri: "https://example.com",
|
147
|
+
},
|
146
148
|
}
|
147
149
|
end.to change { Doorkeeper::Application.count }.by(1)
|
148
150
|
|
149
151
|
expect(response).to be_redirect
|
150
152
|
end
|
151
153
|
|
152
|
-
it
|
154
|
+
it "does not allow mass assignment of uid or secret" do
|
153
155
|
application = FactoryBot.create(:application)
|
154
156
|
put :update, params: {
|
155
157
|
id: application.id,
|
156
158
|
doorkeeper_application: {
|
157
|
-
uid:
|
158
|
-
secret:
|
159
|
-
}
|
159
|
+
uid: "1A2B3C4D",
|
160
|
+
secret: "1A2B3C4D",
|
161
|
+
},
|
160
162
|
}
|
161
163
|
|
162
|
-
expect(application.reload.uid).not_to eq
|
164
|
+
expect(application.reload.uid).not_to eq "1A2B3C4D"
|
163
165
|
end
|
164
166
|
|
165
|
-
it
|
167
|
+
it "updates application" do
|
166
168
|
application = FactoryBot.create(:application)
|
167
169
|
put :update, params: {
|
168
170
|
id: application.id, doorkeeper_application: {
|
169
|
-
name:
|
170
|
-
redirect_uri:
|
171
|
-
}
|
171
|
+
name: "Example",
|
172
|
+
redirect_uri: "https://example.com",
|
173
|
+
},
|
172
174
|
}
|
173
175
|
|
174
|
-
expect(application.reload.name).to eq
|
176
|
+
expect(application.reload.name).to eq "Example"
|
175
177
|
end
|
176
178
|
end
|
177
179
|
end
|
@@ -1,24 +1,15 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
3
|
+
require "spec_helper"
|
4
|
+
|
5
|
+
describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
4
6
|
include AuthorizationRequestHelper
|
5
7
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
Rack::Utils.parse_query(fragment)
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
else
|
16
|
-
class ActionController::TestResponse
|
17
|
-
def query_params
|
18
|
-
@query_params ||= begin
|
19
|
-
fragment = URI.parse(location).fragment
|
20
|
-
Rack::Utils.parse_query(fragment)
|
21
|
-
end
|
8
|
+
class ActionDispatch::TestResponse
|
9
|
+
def query_params
|
10
|
+
@query_params ||= begin
|
11
|
+
fragment = URI.parse(location).fragment
|
12
|
+
Rack::Utils.parse_query(fragment)
|
22
13
|
end
|
23
14
|
end
|
24
15
|
end
|
@@ -28,47 +19,50 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
28
19
|
end
|
29
20
|
|
30
21
|
let(:client) { FactoryBot.create :application }
|
31
|
-
let(:user) { User.create!(name:
|
22
|
+
let(:user) { User.create!(name: "Joe", password: "sekret") }
|
32
23
|
let(:access_token) { FactoryBot.build :access_token, resource_owner_id: user.id, application_id: client.id }
|
33
24
|
|
34
25
|
before do
|
26
|
+
Doorkeeper.configure do
|
27
|
+
custom_access_token_expires_in(lambda do |context|
|
28
|
+
context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
|
29
|
+
end)
|
30
|
+
end
|
31
|
+
|
35
32
|
allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
|
36
33
|
allow(controller).to receive(:current_resource_owner).and_return(user)
|
37
|
-
allow(Doorkeeper.configuration).to receive(:custom_access_token_expires_in).and_return(proc { |context|
|
38
|
-
context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
|
39
|
-
})
|
40
34
|
end
|
41
35
|
|
42
|
-
describe
|
36
|
+
describe "POST #create" do
|
43
37
|
before do
|
44
|
-
post :create, params: { client_id: client.uid, response_type:
|
38
|
+
post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
|
45
39
|
end
|
46
40
|
|
47
|
-
it
|
41
|
+
it "redirects after authorization" do
|
48
42
|
expect(response).to be_redirect
|
49
43
|
end
|
50
44
|
|
51
|
-
it
|
45
|
+
it "redirects to client redirect uri" do
|
52
46
|
expect(response.location).to match(/^#{client.redirect_uri}/)
|
53
47
|
end
|
54
48
|
|
55
|
-
it
|
56
|
-
expect(response.query_params[
|
49
|
+
it "includes access token in fragment" do
|
50
|
+
expect(response.query_params["access_token"]).to eq(Doorkeeper::AccessToken.first.token)
|
57
51
|
end
|
58
52
|
|
59
|
-
it
|
60
|
-
expect(response.query_params[
|
53
|
+
it "includes token type in fragment" do
|
54
|
+
expect(response.query_params["token_type"]).to eq("Bearer")
|
61
55
|
end
|
62
56
|
|
63
|
-
it
|
64
|
-
expect(response.query_params[
|
57
|
+
it "includes token expiration in fragment" do
|
58
|
+
expect(response.query_params["expires_in"].to_i).to eq(1234)
|
65
59
|
end
|
66
60
|
|
67
|
-
it
|
61
|
+
it "issues the token for the current client" do
|
68
62
|
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
69
63
|
end
|
70
64
|
|
71
|
-
it
|
65
|
+
it "issues the token for the current resource owner" do
|
72
66
|
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
73
67
|
end
|
74
68
|
end
|
@@ -111,85 +105,85 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
111
105
|
end
|
112
106
|
end
|
113
107
|
|
114
|
-
describe
|
108
|
+
describe "POST #create with errors" do
|
115
109
|
before do
|
116
110
|
default_scopes_exist :public
|
117
111
|
|
118
112
|
post :create, params: {
|
119
113
|
client_id: client.uid,
|
120
|
-
response_type:
|
121
|
-
scope:
|
122
|
-
redirect_uri: client.redirect_uri
|
114
|
+
response_type: "token",
|
115
|
+
scope: "invalid",
|
116
|
+
redirect_uri: client.redirect_uri,
|
123
117
|
}
|
124
118
|
end
|
125
119
|
|
126
|
-
it
|
120
|
+
it "redirects after authorization" do
|
127
121
|
expect(response).to be_redirect
|
128
122
|
end
|
129
123
|
|
130
|
-
it
|
124
|
+
it "redirects to client redirect uri" do
|
131
125
|
expect(response.location).to match(/^#{client.redirect_uri}/)
|
132
126
|
end
|
133
127
|
|
134
|
-
it
|
135
|
-
expect(response.query_params[
|
128
|
+
it "does not include access token in fragment" do
|
129
|
+
expect(response.query_params["access_token"]).to be_nil
|
136
130
|
end
|
137
131
|
|
138
|
-
it
|
139
|
-
expect(response.query_params[
|
132
|
+
it "includes error in fragment" do
|
133
|
+
expect(response.query_params["error"]).to eq("invalid_scope")
|
140
134
|
end
|
141
135
|
|
142
|
-
it
|
143
|
-
expect(response.query_params[
|
136
|
+
it "includes error description in fragment" do
|
137
|
+
expect(response.query_params["error_description"]).to eq(translated_error_message(:invalid_scope))
|
144
138
|
end
|
145
139
|
|
146
|
-
it
|
140
|
+
it "does not issue any access token" do
|
147
141
|
expect(Doorkeeper::AccessToken.all).to be_empty
|
148
142
|
end
|
149
143
|
end
|
150
144
|
|
151
|
-
describe
|
145
|
+
describe "POST #create in API mode with errors" do
|
152
146
|
before do
|
153
147
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
154
148
|
default_scopes_exist :public
|
155
149
|
|
156
150
|
post :create, params: {
|
157
151
|
client_id: client.uid,
|
158
|
-
response_type:
|
159
|
-
scope:
|
160
|
-
redirect_uri: client.redirect_uri
|
152
|
+
response_type: "token",
|
153
|
+
scope: "invalid",
|
154
|
+
redirect_uri: client.redirect_uri,
|
161
155
|
}
|
162
156
|
end
|
163
157
|
|
164
158
|
let(:response_json_body) { JSON.parse(response.body) }
|
165
|
-
let(:redirect_uri) { response_json_body[
|
159
|
+
let(:redirect_uri) { response_json_body["redirect_uri"] }
|
166
160
|
|
167
|
-
it
|
161
|
+
it "renders 400 error" do
|
168
162
|
expect(response.status).to eq 400
|
169
163
|
end
|
170
164
|
|
171
|
-
it
|
165
|
+
it "includes correct redirect URI" do
|
172
166
|
expect(redirect_uri).to match(/^#{client.redirect_uri}/)
|
173
167
|
end
|
174
168
|
|
175
|
-
it
|
169
|
+
it "does not include access token in fragment" do
|
176
170
|
expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)).to be_nil
|
177
171
|
end
|
178
172
|
|
179
|
-
it
|
180
|
-
expect(redirect_uri.match(/error=([a-z_]+)&?/)[1]).to eq
|
173
|
+
it "includes error in redirect uri" do
|
174
|
+
expect(redirect_uri.match(/error=([a-z_]+)&?/)[1]).to eq "invalid_scope"
|
181
175
|
end
|
182
176
|
|
183
|
-
it
|
177
|
+
it "includes error description in redirect uri" do
|
184
178
|
expect(redirect_uri.match(/error_description=(.+)&?/)[1]).to_not be_nil
|
185
179
|
end
|
186
180
|
|
187
|
-
it
|
181
|
+
it "does not issue any access token" do
|
188
182
|
expect(Doorkeeper::AccessToken.all).to be_empty
|
189
183
|
end
|
190
184
|
end
|
191
185
|
|
192
|
-
describe
|
186
|
+
describe "POST #create with application already authorized" do
|
193
187
|
before do
|
194
188
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
195
189
|
|
@@ -197,121 +191,121 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
197
191
|
|
198
192
|
post :create, params: {
|
199
193
|
client_id: client.uid,
|
200
|
-
response_type:
|
201
|
-
redirect_uri: client.redirect_uri
|
194
|
+
response_type: "token",
|
195
|
+
redirect_uri: client.redirect_uri,
|
202
196
|
}
|
203
197
|
end
|
204
198
|
|
205
|
-
it
|
206
|
-
expect(response.query_params[
|
199
|
+
it "returns the existing access token in a fragment" do
|
200
|
+
expect(response.query_params["access_token"]).to eq(access_token.token)
|
207
201
|
end
|
208
202
|
|
209
|
-
it
|
203
|
+
it "does not creates a new access token" do
|
210
204
|
expect(Doorkeeper::AccessToken.count).to eq(1)
|
211
205
|
end
|
212
206
|
end
|
213
207
|
|
214
|
-
describe
|
208
|
+
describe "POST #create with callbacks" do
|
215
209
|
after do
|
216
|
-
client.update_attribute :redirect_uri,
|
210
|
+
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
217
211
|
end
|
218
212
|
|
219
|
-
describe
|
213
|
+
describe "when successful" do
|
220
214
|
after do
|
221
215
|
post :create, params: {
|
222
216
|
client_id: client.uid,
|
223
|
-
response_type:
|
224
|
-
redirect_uri: client.redirect_uri
|
217
|
+
response_type: "token",
|
218
|
+
redirect_uri: client.redirect_uri,
|
225
219
|
}
|
226
220
|
end
|
227
221
|
|
228
|
-
it
|
222
|
+
it "should call :before_successful_authorization callback" do
|
229
223
|
expect(Doorkeeper.configuration)
|
230
224
|
.to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
|
231
225
|
end
|
232
226
|
|
233
|
-
it
|
227
|
+
it "should call :after_successful_authorization callback" do
|
234
228
|
expect(Doorkeeper.configuration)
|
235
229
|
.to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
|
236
230
|
end
|
237
231
|
end
|
238
232
|
|
239
|
-
describe
|
233
|
+
describe "with errors" do
|
240
234
|
after do
|
241
|
-
post :create, params: { client_id: client.uid, response_type:
|
235
|
+
post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: "bad_uri" }
|
242
236
|
end
|
243
237
|
|
244
|
-
it
|
238
|
+
it "should not call :before_successful_authorization callback" do
|
245
239
|
expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
|
246
240
|
end
|
247
241
|
|
248
|
-
it
|
242
|
+
it "should not call :after_successful_authorization callback" do
|
249
243
|
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
250
244
|
end
|
251
245
|
end
|
252
246
|
end
|
253
247
|
|
254
|
-
describe
|
248
|
+
describe "GET #new token request with native url and skip_authorization true" do
|
255
249
|
before do
|
256
250
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
257
251
|
true
|
258
252
|
end)
|
259
253
|
|
260
|
-
client.update_attribute :redirect_uri,
|
254
|
+
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
261
255
|
|
262
256
|
get :new, params: {
|
263
257
|
client_id: client.uid,
|
264
|
-
response_type:
|
265
|
-
redirect_uri: client.redirect_uri
|
258
|
+
response_type: "token",
|
259
|
+
redirect_uri: client.redirect_uri,
|
266
260
|
}
|
267
261
|
end
|
268
262
|
|
269
|
-
it
|
263
|
+
it "should redirect immediately" do
|
270
264
|
expect(response).to be_redirect
|
271
265
|
expect(response.location).to match(%r{/oauth/token/info\?access_token=})
|
272
266
|
end
|
273
267
|
|
274
|
-
it
|
268
|
+
it "should not issue a grant" do
|
275
269
|
expect(Doorkeeper::AccessGrant.count).to be 0
|
276
270
|
end
|
277
271
|
|
278
|
-
it
|
272
|
+
it "should issue a token" do
|
279
273
|
expect(Doorkeeper::AccessToken.count).to be 1
|
280
274
|
end
|
281
275
|
end
|
282
276
|
|
283
|
-
describe
|
277
|
+
describe "GET #new code request with native url and skip_authorization true" do
|
284
278
|
before do
|
285
279
|
allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(%w[authorization_code])
|
286
280
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
287
281
|
true
|
288
282
|
end)
|
289
283
|
|
290
|
-
client.update_attribute :redirect_uri,
|
284
|
+
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
291
285
|
|
292
286
|
get :new, params: {
|
293
287
|
client_id: client.uid,
|
294
|
-
response_type:
|
295
|
-
redirect_uri: client.redirect_uri
|
288
|
+
response_type: "code",
|
289
|
+
redirect_uri: client.redirect_uri,
|
296
290
|
}
|
297
291
|
end
|
298
292
|
|
299
|
-
it
|
293
|
+
it "should redirect immediately" do
|
300
294
|
expect(response).to be_redirect
|
301
295
|
expect(response.location)
|
302
296
|
.to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
|
303
297
|
end
|
304
298
|
|
305
|
-
it
|
299
|
+
it "should issue a grant" do
|
306
300
|
expect(Doorkeeper::AccessGrant.count).to be 1
|
307
301
|
end
|
308
302
|
|
309
|
-
it
|
303
|
+
it "should not issue a token" do
|
310
304
|
expect(Doorkeeper::AccessToken.count).to be 0
|
311
305
|
end
|
312
306
|
end
|
313
307
|
|
314
|
-
describe
|
308
|
+
describe "GET #new with skip_authorization true" do
|
315
309
|
before do
|
316
310
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
317
311
|
true
|
@@ -319,82 +313,82 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
319
313
|
|
320
314
|
get :new, params: {
|
321
315
|
client_id: client.uid,
|
322
|
-
response_type:
|
323
|
-
redirect_uri: client.redirect_uri
|
316
|
+
response_type: "token",
|
317
|
+
redirect_uri: client.redirect_uri,
|
324
318
|
}
|
325
319
|
end
|
326
320
|
|
327
|
-
it
|
321
|
+
it "should redirect immediately" do
|
328
322
|
expect(response).to be_redirect
|
329
323
|
expect(response.location).to match(/^#{client.redirect_uri}/)
|
330
324
|
end
|
331
325
|
|
332
|
-
it
|
326
|
+
it "should issue a token" do
|
333
327
|
expect(Doorkeeper::AccessToken.count).to be 1
|
334
328
|
end
|
335
329
|
|
336
|
-
it
|
337
|
-
expect(response.query_params[
|
330
|
+
it "includes token type in fragment" do
|
331
|
+
expect(response.query_params["token_type"]).to eq("Bearer")
|
338
332
|
end
|
339
333
|
|
340
|
-
it
|
341
|
-
expect(response.query_params[
|
334
|
+
it "includes token expiration in fragment" do
|
335
|
+
expect(response.query_params["expires_in"].to_i).to eq(1234)
|
342
336
|
end
|
343
337
|
|
344
|
-
it
|
338
|
+
it "issues the token for the current client" do
|
345
339
|
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
346
340
|
end
|
347
341
|
|
348
|
-
it
|
342
|
+
it "issues the token for the current resource owner" do
|
349
343
|
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
350
344
|
end
|
351
345
|
end
|
352
346
|
|
353
|
-
describe
|
347
|
+
describe "GET #new in API mode" do
|
354
348
|
before do
|
355
349
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
356
350
|
|
357
351
|
get :new, params: {
|
358
352
|
client_id: client.uid,
|
359
|
-
response_type:
|
360
|
-
redirect_uri: client.redirect_uri
|
353
|
+
response_type: "token",
|
354
|
+
redirect_uri: client.redirect_uri,
|
361
355
|
}
|
362
356
|
end
|
363
357
|
|
364
|
-
it
|
358
|
+
it "should render success" do
|
365
359
|
expect(response).to be_successful
|
366
360
|
end
|
367
361
|
|
368
362
|
it "sets status to pre-authorization" do
|
369
|
-
expect(json_response["status"]).to eq(I18n.t(
|
363
|
+
expect(json_response["status"]).to eq(I18n.t("doorkeeper.pre_authorization.status"))
|
370
364
|
end
|
371
365
|
|
372
366
|
it "sets correct values" do
|
373
|
-
expect(json_response[
|
374
|
-
expect(json_response[
|
375
|
-
expect(json_response[
|
376
|
-
expect(json_response[
|
377
|
-
expect(json_response[
|
367
|
+
expect(json_response["client_id"]).to eq(client.uid)
|
368
|
+
expect(json_response["redirect_uri"]).to eq(client.redirect_uri)
|
369
|
+
expect(json_response["state"]).to be_nil
|
370
|
+
expect(json_response["response_type"]).to eq("token")
|
371
|
+
expect(json_response["scope"]).to eq("")
|
378
372
|
end
|
379
373
|
end
|
380
374
|
|
381
|
-
describe
|
375
|
+
describe "GET #new in API mode with skip_authorization true" do
|
382
376
|
before do
|
383
377
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
|
384
378
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
385
379
|
|
386
380
|
get :new, params: {
|
387
381
|
client_id: client.uid,
|
388
|
-
response_type:
|
389
|
-
redirect_uri: client.redirect_uri
|
382
|
+
response_type: "token",
|
383
|
+
redirect_uri: client.redirect_uri,
|
390
384
|
}
|
391
385
|
end
|
392
386
|
|
393
|
-
it
|
387
|
+
it "should render success" do
|
394
388
|
expect(response).to be_successful
|
395
389
|
end
|
396
390
|
|
397
|
-
it
|
391
|
+
it "should issue a token" do
|
398
392
|
expect(Doorkeeper::AccessToken.count).to be 1
|
399
393
|
end
|
400
394
|
|
@@ -421,104 +415,104 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
421
415
|
end
|
422
416
|
end
|
423
417
|
|
424
|
-
describe
|
418
|
+
describe "GET #new with errors" do
|
425
419
|
before do
|
426
420
|
default_scopes_exist :public
|
427
|
-
get :new, params: { an_invalid:
|
421
|
+
get :new, params: { an_invalid: "request" }
|
428
422
|
end
|
429
423
|
|
430
|
-
it
|
424
|
+
it "does not redirect" do
|
431
425
|
expect(response).to_not be_redirect
|
432
426
|
end
|
433
427
|
|
434
|
-
it
|
428
|
+
it "does not issue any token" do
|
435
429
|
expect(Doorkeeper::AccessGrant.count).to eq 0
|
436
430
|
expect(Doorkeeper::AccessToken.count).to eq 0
|
437
431
|
end
|
438
432
|
end
|
439
433
|
|
440
|
-
describe
|
434
|
+
describe "GET #new in API mode with errors" do
|
441
435
|
let(:response_json_body) { JSON.parse(response.body) }
|
442
436
|
|
443
437
|
before do
|
444
438
|
default_scopes_exist :public
|
445
439
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
446
|
-
get :new, params: { an_invalid:
|
440
|
+
get :new, params: { an_invalid: "request" }
|
447
441
|
end
|
448
442
|
|
449
|
-
it
|
443
|
+
it "should render bad request" do
|
450
444
|
expect(response).to have_http_status(:bad_request)
|
451
445
|
end
|
452
446
|
|
453
|
-
it
|
454
|
-
expect(response_json_body[
|
447
|
+
it "includes error in body" do
|
448
|
+
expect(response_json_body["error"]).to eq("unsupported_response_type")
|
455
449
|
end
|
456
450
|
|
457
|
-
it
|
458
|
-
expect(response_json_body[
|
451
|
+
it "includes error description in body" do
|
452
|
+
expect(response_json_body["error_description"])
|
459
453
|
.to eq(translated_error_message(:unsupported_response_type))
|
460
454
|
end
|
461
455
|
|
462
|
-
it
|
456
|
+
it "does not issue any token" do
|
463
457
|
expect(Doorkeeper::AccessGrant.count).to eq 0
|
464
458
|
expect(Doorkeeper::AccessToken.count).to eq 0
|
465
459
|
end
|
466
460
|
end
|
467
461
|
|
468
|
-
describe
|
462
|
+
describe "GET #new with callbacks" do
|
469
463
|
after do
|
470
|
-
client.update_attribute :redirect_uri,
|
471
|
-
get :new, params: { client_id: client.uid, response_type:
|
464
|
+
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
465
|
+
get :new, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
|
472
466
|
end
|
473
467
|
|
474
|
-
describe
|
468
|
+
describe "when authorizing" do
|
475
469
|
before do
|
476
470
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
|
477
471
|
end
|
478
472
|
|
479
|
-
it
|
473
|
+
it "should call :before_successful_authorization callback" do
|
480
474
|
expect(Doorkeeper.configuration)
|
481
475
|
.to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
|
482
476
|
end
|
483
477
|
|
484
|
-
it
|
478
|
+
it "should call :after_successful_authorization callback" do
|
485
479
|
expect(Doorkeeper.configuration)
|
486
480
|
.to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
|
487
481
|
end
|
488
482
|
end
|
489
483
|
|
490
|
-
describe
|
484
|
+
describe "when not authorizing" do
|
491
485
|
before do
|
492
486
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
|
493
487
|
end
|
494
488
|
|
495
|
-
it
|
489
|
+
it "should not call :before_successful_authorization callback" do
|
496
490
|
expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
|
497
491
|
end
|
498
492
|
|
499
|
-
it
|
493
|
+
it "should not call :after_successful_authorization callback" do
|
500
494
|
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
501
495
|
end
|
502
496
|
end
|
503
497
|
|
504
|
-
describe
|
498
|
+
describe "when not authorizing in api mode" do
|
505
499
|
before do
|
506
500
|
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
|
507
501
|
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
508
502
|
end
|
509
503
|
|
510
|
-
it
|
504
|
+
it "should not call :before_successful_authorization callback" do
|
511
505
|
expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
|
512
506
|
end
|
513
507
|
|
514
|
-
it
|
508
|
+
it "should not call :after_successful_authorization callback" do
|
515
509
|
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
516
510
|
end
|
517
511
|
end
|
518
512
|
end
|
519
513
|
|
520
|
-
describe
|
521
|
-
it
|
514
|
+
describe "authorize response memoization" do
|
515
|
+
it "memoizes the result of the authorization" do
|
522
516
|
strategy = double(:strategy, authorize: true)
|
523
517
|
expect(strategy).to receive(:authorize).once
|
524
518
|
allow(controller).to receive(:strategy) { strategy }
|