doorkeeper 5.1.0 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (265) hide show
  1. checksums.yaml +4 -4
  2. data/{NEWS.md → CHANGELOG.md} +234 -25
  3. data/README.md +21 -11
  4. data/app/controllers/doorkeeper/application_controller.rb +2 -2
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
  6. data/app/controllers/doorkeeper/applications_controller.rb +8 -7
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +56 -19
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +5 -5
  9. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  10. data/app/controllers/doorkeeper/tokens_controller.rb +93 -25
  11. data/app/views/doorkeeper/applications/_form.html.erb +1 -7
  12. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  13. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  14. data/config/locales/en.yml +13 -3
  15. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  16. data/lib/doorkeeper/config/option.rb +20 -2
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/config.rb +291 -121
  19. data/lib/doorkeeper/engine.rb +1 -1
  20. data/lib/doorkeeper/errors.rb +13 -18
  21. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  22. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  23. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  24. data/lib/doorkeeper/grant_flow.rb +45 -0
  25. data/lib/doorkeeper/grape/helpers.rb +7 -3
  26. data/lib/doorkeeper/helpers/controller.rb +36 -11
  27. data/lib/doorkeeper/models/access_grant_mixin.rb +22 -18
  28. data/lib/doorkeeper/models/access_token_mixin.rb +194 -51
  29. data/lib/doorkeeper/models/application_mixin.rb +8 -7
  30. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  31. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  32. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  33. data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
  34. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  35. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  36. data/lib/doorkeeper/oauth/authorization/code.rb +25 -14
  37. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  38. data/lib/doorkeeper/oauth/authorization/token.rb +24 -19
  39. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  40. data/lib/doorkeeper/oauth/authorization_code_request.rb +40 -21
  41. data/lib/doorkeeper/oauth/base_request.rb +21 -23
  42. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  43. data/lib/doorkeeper/oauth/client.rb +8 -9
  44. data/lib/doorkeeper/oauth/client_credentials/creator.rb +45 -5
  45. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
  46. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +13 -3
  47. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  48. data/lib/doorkeeper/oauth/code_request.rb +6 -12
  49. data/lib/doorkeeper/oauth/code_response.rb +24 -14
  50. data/lib/doorkeeper/oauth/error.rb +1 -1
  51. data/lib/doorkeeper/oauth/error_response.rb +10 -11
  52. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
  53. data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
  54. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +19 -5
  55. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  56. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  57. data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
  58. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  59. data/lib/doorkeeper/oauth/password_access_token_request.rb +32 -10
  60. data/lib/doorkeeper/oauth/pre_authorization.rb +111 -42
  61. data/lib/doorkeeper/oauth/refresh_token_request.rb +45 -33
  62. data/lib/doorkeeper/oauth/token.rb +6 -7
  63. data/lib/doorkeeper/oauth/token_introspection.rb +24 -18
  64. data/lib/doorkeeper/oauth/token_request.rb +6 -20
  65. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  66. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  67. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  68. data/lib/doorkeeper/orm/active_record/application.rb +5 -83
  69. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
  70. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
  71. data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
  72. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  73. data/lib/doorkeeper/orm/active_record.rb +20 -6
  74. data/lib/doorkeeper/rails/helpers.rb +4 -4
  75. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  76. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  77. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  78. data/lib/doorkeeper/rails/routes.rb +17 -25
  79. data/lib/doorkeeper/rake/db.rake +6 -6
  80. data/lib/doorkeeper/rake/setup.rake +5 -0
  81. data/lib/doorkeeper/request/authorization_code.rb +5 -3
  82. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  83. data/lib/doorkeeper/request/password.rb +2 -2
  84. data/lib/doorkeeper/request/refresh_token.rb +5 -4
  85. data/lib/doorkeeper/request/strategy.rb +2 -2
  86. data/lib/doorkeeper/request.rb +49 -17
  87. data/lib/doorkeeper/server.rb +7 -11
  88. data/lib/doorkeeper/stale_records_cleaner.rb +6 -2
  89. data/lib/doorkeeper/version.rb +1 -5
  90. data/lib/doorkeeper.rb +114 -79
  91. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  92. data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
  93. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  94. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  95. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  96. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -7
  97. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  98. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  99. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  100. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  101. data/lib/generators/doorkeeper/templates/initializer.rb +205 -43
  102. data/lib/generators/doorkeeper/templates/migration.rb.erb +18 -6
  103. metadata +43 -310
  104. data/.coveralls.yml +0 -1
  105. data/.github/ISSUE_TEMPLATE.md +0 -25
  106. data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
  107. data/.gitignore +0 -20
  108. data/.gitlab-ci.yml +0 -16
  109. data/.hound.yml +0 -3
  110. data/.rspec +0 -1
  111. data/.rubocop.yml +0 -50
  112. data/.travis.yml +0 -35
  113. data/Appraisals +0 -40
  114. data/CODE_OF_CONDUCT.md +0 -46
  115. data/CONTRIBUTING.md +0 -47
  116. data/Dangerfile +0 -67
  117. data/Gemfile +0 -24
  118. data/RELEASING.md +0 -10
  119. data/Rakefile +0 -28
  120. data/SECURITY.md +0 -15
  121. data/UPGRADE.md +0 -2
  122. data/app/validators/redirect_uri_validator.rb +0 -50
  123. data/bin/console +0 -16
  124. data/doorkeeper.gemspec +0 -34
  125. data/gemfiles/rails_5_0.gemfile +0 -17
  126. data/gemfiles/rails_5_1.gemfile +0 -17
  127. data/gemfiles/rails_5_2.gemfile +0 -17
  128. data/gemfiles/rails_6_0.gemfile +0 -17
  129. data/gemfiles/rails_master.gemfile +0 -17
  130. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  131. data/spec/controllers/applications_controller_spec.rb +0 -180
  132. data/spec/controllers/authorizations_controller_spec.rb +0 -527
  133. data/spec/controllers/protected_resources_controller_spec.rb +0 -353
  134. data/spec/controllers/token_info_controller_spec.rb +0 -50
  135. data/spec/controllers/tokens_controller_spec.rb +0 -330
  136. data/spec/dummy/Rakefile +0 -9
  137. data/spec/dummy/app/assets/config/manifest.js +0 -2
  138. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  139. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  140. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  141. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  142. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  143. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  144. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  145. data/spec/dummy/app/models/user.rb +0 -7
  146. data/spec/dummy/app/views/home/index.html.erb +0 -0
  147. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  148. data/spec/dummy/config/application.rb +0 -47
  149. data/spec/dummy/config/boot.rb +0 -7
  150. data/spec/dummy/config/database.yml +0 -15
  151. data/spec/dummy/config/environment.rb +0 -5
  152. data/spec/dummy/config/environments/development.rb +0 -31
  153. data/spec/dummy/config/environments/production.rb +0 -64
  154. data/spec/dummy/config/environments/test.rb +0 -45
  155. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  156. data/spec/dummy/config/initializers/doorkeeper.rb +0 -121
  157. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  158. data/spec/dummy/config/initializers/session_store.rb +0 -10
  159. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  160. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  161. data/spec/dummy/config/routes.rb +0 -13
  162. data/spec/dummy/config.ru +0 -6
  163. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  164. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  165. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  166. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  167. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  168. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  169. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  170. data/spec/dummy/db/schema.rb +0 -68
  171. data/spec/dummy/public/404.html +0 -26
  172. data/spec/dummy/public/422.html +0 -26
  173. data/spec/dummy/public/500.html +0 -26
  174. data/spec/dummy/public/favicon.ico +0 -0
  175. data/spec/dummy/script/rails +0 -9
  176. data/spec/factories.rb +0 -30
  177. data/spec/generators/application_owner_generator_spec.rb +0 -28
  178. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  179. data/spec/generators/install_generator_spec.rb +0 -36
  180. data/spec/generators/migration_generator_spec.rb +0 -28
  181. data/spec/generators/pkce_generator_spec.rb +0 -28
  182. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  183. data/spec/generators/templates/routes.rb +0 -4
  184. data/spec/generators/views_generator_spec.rb +0 -29
  185. data/spec/grape/grape_integration_spec.rb +0 -137
  186. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  187. data/spec/lib/config_spec.rb +0 -697
  188. data/spec/lib/doorkeeper_spec.rb +0 -27
  189. data/spec/lib/models/expirable_spec.rb +0 -61
  190. data/spec/lib/models/reusable_spec.rb +0 -40
  191. data/spec/lib/models/revocable_spec.rb +0 -59
  192. data/spec/lib/models/scopes_spec.rb +0 -53
  193. data/spec/lib/models/secret_storable_spec.rb +0 -135
  194. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  195. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -156
  196. data/spec/lib/oauth/base_request_spec.rb +0 -205
  197. data/spec/lib/oauth/base_response_spec.rb +0 -47
  198. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  199. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -94
  200. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  201. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  202. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
  203. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
  204. data/spec/lib/oauth/client_spec.rb +0 -38
  205. data/spec/lib/oauth/code_request_spec.rb +0 -47
  206. data/spec/lib/oauth/code_response_spec.rb +0 -36
  207. data/spec/lib/oauth/error_response_spec.rb +0 -66
  208. data/spec/lib/oauth/error_spec.rb +0 -23
  209. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
  210. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
  211. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  212. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -247
  213. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
  214. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
  215. data/spec/lib/oauth/pre_authorization_spec.rb +0 -215
  216. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  217. data/spec/lib/oauth/scopes_spec.rb +0 -148
  218. data/spec/lib/oauth/token_request_spec.rb +0 -150
  219. data/spec/lib/oauth/token_response_spec.rb +0 -86
  220. data/spec/lib/oauth/token_spec.rb +0 -158
  221. data/spec/lib/request/strategy_spec.rb +0 -54
  222. data/spec/lib/secret_storing/base_spec.rb +0 -60
  223. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  224. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  225. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  226. data/spec/lib/server_spec.rb +0 -61
  227. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  228. data/spec/models/doorkeeper/access_grant_spec.rb +0 -144
  229. data/spec/models/doorkeeper/access_token_spec.rb +0 -591
  230. data/spec/models/doorkeeper/application_spec.rb +0 -367
  231. data/spec/requests/applications/applications_request_spec.rb +0 -259
  232. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  233. data/spec/requests/endpoints/authorization_spec.rb +0 -73
  234. data/spec/requests/endpoints/token_spec.rb +0 -75
  235. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -78
  236. data/spec/requests/flows/authorization_code_spec.rb +0 -447
  237. data/spec/requests/flows/client_credentials_spec.rb +0 -128
  238. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -34
  239. data/spec/requests/flows/implicit_grant_spec.rb +0 -90
  240. data/spec/requests/flows/password_spec.rb +0 -259
  241. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  242. data/spec/requests/flows/revoke_token_spec.rb +0 -143
  243. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  244. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  245. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  246. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  247. data/spec/routing/default_routes_spec.rb +0 -41
  248. data/spec/routing/scoped_routes_spec.rb +0 -47
  249. data/spec/spec_helper.rb +0 -57
  250. data/spec/spec_helper_integration.rb +0 -4
  251. data/spec/support/dependencies/factory_bot.rb +0 -4
  252. data/spec/support/doorkeeper_rspec.rb +0 -22
  253. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  254. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  255. data/spec/support/helpers/config_helper.rb +0 -11
  256. data/spec/support/helpers/model_helper.rb +0 -78
  257. data/spec/support/helpers/request_spec_helper.rb +0 -98
  258. data/spec/support/helpers/url_helper.rb +0 -62
  259. data/spec/support/http_method_shim.rb +0 -29
  260. data/spec/support/orm/active_record.rb +0 -5
  261. data/spec/support/shared/controllers_shared_context.rb +0 -123
  262. data/spec/support/shared/hashing_shared_context.rb +0 -36
  263. data/spec/support/shared/models_shared_examples.rb +0 -54
  264. data/spec/validators/redirect_uri_validator_spec.rb +0 -158
  265. data/spec/version/version_spec.rb +0 -17
@@ -1,180 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper
6
- describe ApplicationsController do
7
- context "JSON API" do
8
- render_views
9
-
10
- before do
11
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
12
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
13
- end
14
-
15
- it "creates an application" do
16
- expect do
17
- post :create, params: {
18
- doorkeeper_application: {
19
- name: "Example",
20
- redirect_uri: "https://example.com",
21
- }, format: :json,
22
- }
23
- end.to(change { Doorkeeper::Application.count })
24
-
25
- expect(response).to be_successful
26
-
27
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
28
-
29
- expect(json_response["name"]).to eq("Example")
30
- expect(json_response["redirect_uri"]).to eq("https://example.com")
31
- end
32
-
33
- it "returns validation errors on wrong create params" do
34
- expect do
35
- post :create, params: {
36
- doorkeeper_application: {
37
- name: "Example",
38
- }, format: :json,
39
- }
40
- end.not_to(change { Doorkeeper::Application.count })
41
-
42
- expect(response).to have_http_status(422)
43
-
44
- expect(json_response).to include("errors")
45
- end
46
-
47
- it "returns application info" do
48
- application = FactoryBot.create(:application, name: "Change me")
49
-
50
- get :show, params: { id: application.id, format: :json }
51
-
52
- expect(response).to be_successful
53
-
54
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
55
- end
56
-
57
- it "updates application" do
58
- application = FactoryBot.create(:application, name: "Change me")
59
-
60
- put :update, params: {
61
- id: application.id,
62
- doorkeeper_application: {
63
- name: "Example App",
64
- redirect_uri: "https://example.com",
65
- }, format: :json,
66
- }
67
-
68
- expect(application.reload.name).to eq "Example App"
69
-
70
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
71
- end
72
-
73
- it "returns validation errors on wrong update params" do
74
- application = FactoryBot.create(:application, name: "Change me")
75
-
76
- put :update, params: {
77
- id: application.id,
78
- doorkeeper_application: {
79
- name: "Example App",
80
- redirect_uri: "localhost:3000",
81
- }, format: :json,
82
- }
83
-
84
- expect(response).to have_http_status(422)
85
-
86
- expect(json_response).to include("errors")
87
- end
88
-
89
- it "destroys an application" do
90
- application = FactoryBot.create(:application)
91
-
92
- delete :destroy, params: { id: application.id, format: :json }
93
-
94
- expect(response).to have_http_status(204)
95
- expect(Application.count).to be_zero
96
- end
97
- end
98
-
99
- context "when admin is not authenticated" do
100
- before do
101
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
102
- redirect_to main_app.root_url
103
- end)
104
- end
105
-
106
- it "redirects as set in Doorkeeper.authenticate_admin" do
107
- get :index
108
- expect(response).to redirect_to(controller.main_app.root_url)
109
- end
110
-
111
- it "does not create application" do
112
- expect do
113
- post :create, params: {
114
- doorkeeper_application: {
115
- name: "Example",
116
- redirect_uri: "https://example.com",
117
- },
118
- }
119
- end.not_to(change { Doorkeeper::Application.count })
120
- end
121
- end
122
-
123
- context "when admin is authenticated" do
124
- render_views
125
-
126
- before do
127
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
128
- end
129
-
130
- it "sorts applications by created_at" do
131
- first_application = FactoryBot.create(:application)
132
- second_application = FactoryBot.create(:application)
133
- expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
134
-
135
- get :index
136
-
137
- expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
138
- expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
139
- end
140
-
141
- it "creates application" do
142
- expect do
143
- post :create, params: {
144
- doorkeeper_application: {
145
- name: "Example",
146
- redirect_uri: "https://example.com",
147
- },
148
- }
149
- end.to change { Doorkeeper::Application.count }.by(1)
150
-
151
- expect(response).to be_redirect
152
- end
153
-
154
- it "does not allow mass assignment of uid or secret" do
155
- application = FactoryBot.create(:application)
156
- put :update, params: {
157
- id: application.id,
158
- doorkeeper_application: {
159
- uid: "1A2B3C4D",
160
- secret: "1A2B3C4D",
161
- },
162
- }
163
-
164
- expect(application.reload.uid).not_to eq "1A2B3C4D"
165
- end
166
-
167
- it "updates application" do
168
- application = FactoryBot.create(:application)
169
- put :update, params: {
170
- id: application.id, doorkeeper_application: {
171
- name: "Example",
172
- redirect_uri: "https://example.com",
173
- },
174
- }
175
-
176
- expect(application.reload.name).to eq "Example"
177
- end
178
- end
179
- end
180
- end
@@ -1,527 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
6
- include AuthorizationRequestHelper
7
-
8
- class ActionDispatch::TestResponse
9
- def query_params
10
- @query_params ||= begin
11
- fragment = URI.parse(location).fragment
12
- Rack::Utils.parse_query(fragment)
13
- end
14
- end
15
- end
16
-
17
- def translated_error_message(key)
18
- I18n.translate key, scope: %i[doorkeeper errors messages]
19
- end
20
-
21
- let(:client) { FactoryBot.create :application }
22
- let(:user) { User.create!(name: "Joe", password: "sekret") }
23
- let(:access_token) { FactoryBot.build :access_token, resource_owner_id: user.id, application_id: client.id }
24
-
25
- before do
26
- Doorkeeper.configure do
27
- custom_access_token_expires_in(lambda do |context|
28
- context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
29
- end)
30
- end
31
-
32
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
33
- allow(controller).to receive(:current_resource_owner).and_return(user)
34
- end
35
-
36
- describe "POST #create" do
37
- before do
38
- post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
39
- end
40
-
41
- it "redirects after authorization" do
42
- expect(response).to be_redirect
43
- end
44
-
45
- it "redirects to client redirect uri" do
46
- expect(response.location).to match(/^#{client.redirect_uri}/)
47
- end
48
-
49
- it "includes access token in fragment" do
50
- expect(response.query_params["access_token"]).to eq(Doorkeeper::AccessToken.first.token)
51
- end
52
-
53
- it "includes token type in fragment" do
54
- expect(response.query_params["token_type"]).to eq("Bearer")
55
- end
56
-
57
- it "includes token expiration in fragment" do
58
- expect(response.query_params["expires_in"].to_i).to eq(1234)
59
- end
60
-
61
- it "issues the token for the current client" do
62
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
63
- end
64
-
65
- it "issues the token for the current resource owner" do
66
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
67
- end
68
- end
69
-
70
- describe "POST #create in API mode" do
71
- before do
72
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
73
- post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
74
- end
75
-
76
- let(:response_json_body) { JSON.parse(response.body) }
77
- let(:redirect_uri) { response_json_body["redirect_uri"] }
78
-
79
- it "renders success after authorization" do
80
- expect(response).to be_successful
81
- end
82
-
83
- it "renders correct redirect uri" do
84
- expect(redirect_uri).to match(/^#{client.redirect_uri}/)
85
- end
86
-
87
- it "includes access token in fragment" do
88
- expect(redirect_uri.match(/access_token=([a-zA-Z0-9\-_]+)&?/)[1]).to eq(Doorkeeper::AccessToken.first.token)
89
- end
90
-
91
- it "includes token type in fragment" do
92
- expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
93
- end
94
-
95
- it "includes token expiration in fragment" do
96
- expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
97
- end
98
-
99
- it "issues the token for the current client" do
100
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
101
- end
102
-
103
- it "issues the token for the current resource owner" do
104
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
105
- end
106
- end
107
-
108
- describe "POST #create with errors" do
109
- before do
110
- default_scopes_exist :public
111
-
112
- post :create, params: {
113
- client_id: client.uid,
114
- response_type: "token",
115
- scope: "invalid",
116
- redirect_uri: client.redirect_uri,
117
- }
118
- end
119
-
120
- it "redirects after authorization" do
121
- expect(response).to be_redirect
122
- end
123
-
124
- it "redirects to client redirect uri" do
125
- expect(response.location).to match(/^#{client.redirect_uri}/)
126
- end
127
-
128
- it "does not include access token in fragment" do
129
- expect(response.query_params["access_token"]).to be_nil
130
- end
131
-
132
- it "includes error in fragment" do
133
- expect(response.query_params["error"]).to eq("invalid_scope")
134
- end
135
-
136
- it "includes error description in fragment" do
137
- expect(response.query_params["error_description"]).to eq(translated_error_message(:invalid_scope))
138
- end
139
-
140
- it "does not issue any access token" do
141
- expect(Doorkeeper::AccessToken.all).to be_empty
142
- end
143
- end
144
-
145
- describe "POST #create in API mode with errors" do
146
- before do
147
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
148
- default_scopes_exist :public
149
-
150
- post :create, params: {
151
- client_id: client.uid,
152
- response_type: "token",
153
- scope: "invalid",
154
- redirect_uri: client.redirect_uri,
155
- }
156
- end
157
-
158
- let(:response_json_body) { JSON.parse(response.body) }
159
- let(:redirect_uri) { response_json_body["redirect_uri"] }
160
-
161
- it "renders 400 error" do
162
- expect(response.status).to eq 400
163
- end
164
-
165
- it "includes correct redirect URI" do
166
- expect(redirect_uri).to match(/^#{client.redirect_uri}/)
167
- end
168
-
169
- it "does not include access token in fragment" do
170
- expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)).to be_nil
171
- end
172
-
173
- it "includes error in redirect uri" do
174
- expect(redirect_uri.match(/error=([a-z_]+)&?/)[1]).to eq "invalid_scope"
175
- end
176
-
177
- it "includes error description in redirect uri" do
178
- expect(redirect_uri.match(/error_description=(.+)&?/)[1]).to_not be_nil
179
- end
180
-
181
- it "does not issue any access token" do
182
- expect(Doorkeeper::AccessToken.all).to be_empty
183
- end
184
- end
185
-
186
- describe "POST #create with application already authorized" do
187
- before do
188
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
189
-
190
- access_token.save!
191
-
192
- post :create, params: {
193
- client_id: client.uid,
194
- response_type: "token",
195
- redirect_uri: client.redirect_uri,
196
- }
197
- end
198
-
199
- it "returns the existing access token in a fragment" do
200
- expect(response.query_params["access_token"]).to eq(access_token.token)
201
- end
202
-
203
- it "does not creates a new access token" do
204
- expect(Doorkeeper::AccessToken.count).to eq(1)
205
- end
206
- end
207
-
208
- describe "POST #create with callbacks" do
209
- after do
210
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
211
- end
212
-
213
- describe "when successful" do
214
- after do
215
- post :create, params: {
216
- client_id: client.uid,
217
- response_type: "token",
218
- redirect_uri: client.redirect_uri,
219
- }
220
- end
221
-
222
- it "should call :before_successful_authorization callback" do
223
- expect(Doorkeeper.configuration)
224
- .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
225
- end
226
-
227
- it "should call :after_successful_authorization callback" do
228
- expect(Doorkeeper.configuration)
229
- .to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
230
- end
231
- end
232
-
233
- describe "with errors" do
234
- after do
235
- post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: "bad_uri" }
236
- end
237
-
238
- it "should not call :before_successful_authorization callback" do
239
- expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
240
- end
241
-
242
- it "should not call :after_successful_authorization callback" do
243
- expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
244
- end
245
- end
246
- end
247
-
248
- describe "GET #new token request with native url and skip_authorization true" do
249
- before do
250
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
251
- true
252
- end)
253
-
254
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
255
-
256
- get :new, params: {
257
- client_id: client.uid,
258
- response_type: "token",
259
- redirect_uri: client.redirect_uri,
260
- }
261
- end
262
-
263
- it "should redirect immediately" do
264
- expect(response).to be_redirect
265
- expect(response.location).to match(%r{/oauth/token/info\?access_token=})
266
- end
267
-
268
- it "should not issue a grant" do
269
- expect(Doorkeeper::AccessGrant.count).to be 0
270
- end
271
-
272
- it "should issue a token" do
273
- expect(Doorkeeper::AccessToken.count).to be 1
274
- end
275
- end
276
-
277
- describe "GET #new code request with native url and skip_authorization true" do
278
- before do
279
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(%w[authorization_code])
280
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
281
- true
282
- end)
283
-
284
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
285
-
286
- get :new, params: {
287
- client_id: client.uid,
288
- response_type: "code",
289
- redirect_uri: client.redirect_uri,
290
- }
291
- end
292
-
293
- it "should redirect immediately" do
294
- expect(response).to be_redirect
295
- expect(response.location)
296
- .to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
297
- end
298
-
299
- it "should issue a grant" do
300
- expect(Doorkeeper::AccessGrant.count).to be 1
301
- end
302
-
303
- it "should not issue a token" do
304
- expect(Doorkeeper::AccessToken.count).to be 0
305
- end
306
- end
307
-
308
- describe "GET #new with skip_authorization true" do
309
- before do
310
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
311
- true
312
- end)
313
-
314
- get :new, params: {
315
- client_id: client.uid,
316
- response_type: "token",
317
- redirect_uri: client.redirect_uri,
318
- }
319
- end
320
-
321
- it "should redirect immediately" do
322
- expect(response).to be_redirect
323
- expect(response.location).to match(/^#{client.redirect_uri}/)
324
- end
325
-
326
- it "should issue a token" do
327
- expect(Doorkeeper::AccessToken.count).to be 1
328
- end
329
-
330
- it "includes token type in fragment" do
331
- expect(response.query_params["token_type"]).to eq("Bearer")
332
- end
333
-
334
- it "includes token expiration in fragment" do
335
- expect(response.query_params["expires_in"].to_i).to eq(1234)
336
- end
337
-
338
- it "issues the token for the current client" do
339
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
340
- end
341
-
342
- it "issues the token for the current resource owner" do
343
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
344
- end
345
- end
346
-
347
- describe "GET #new in API mode" do
348
- before do
349
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
350
-
351
- get :new, params: {
352
- client_id: client.uid,
353
- response_type: "token",
354
- redirect_uri: client.redirect_uri,
355
- }
356
- end
357
-
358
- it "should render success" do
359
- expect(response).to be_successful
360
- end
361
-
362
- it "sets status to pre-authorization" do
363
- expect(json_response["status"]).to eq(I18n.t("doorkeeper.pre_authorization.status"))
364
- end
365
-
366
- it "sets correct values" do
367
- expect(json_response["client_id"]).to eq(client.uid)
368
- expect(json_response["redirect_uri"]).to eq(client.redirect_uri)
369
- expect(json_response["state"]).to be_nil
370
- expect(json_response["response_type"]).to eq("token")
371
- expect(json_response["scope"]).to eq("")
372
- end
373
- end
374
-
375
- describe "GET #new in API mode with skip_authorization true" do
376
- before do
377
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
378
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
379
-
380
- get :new, params: {
381
- client_id: client.uid,
382
- response_type: "token",
383
- redirect_uri: client.redirect_uri,
384
- }
385
- end
386
-
387
- it "should render success" do
388
- expect(response).to be_successful
389
- end
390
-
391
- it "should issue a token" do
392
- expect(Doorkeeper::AccessToken.count).to be 1
393
- end
394
-
395
- it "sets status to redirect" do
396
- expect(JSON.parse(response.body)["status"]).to eq("redirect")
397
- end
398
-
399
- it "sets redirect_uri to correct value" do
400
- redirect_uri = JSON.parse(response.body)["redirect_uri"]
401
- expect(redirect_uri).to_not be_nil
402
- expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
403
- expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
404
- expect(
405
- redirect_uri.match(/access_token=([a-zA-Z0-9\-_]+)&?/)[1]
406
- ).to eq Doorkeeper::AccessToken.first.token
407
- end
408
-
409
- it "issues the token for the current client" do
410
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
411
- end
412
-
413
- it "issues the token for the current resource owner" do
414
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
415
- end
416
- end
417
-
418
- describe "GET #new with errors" do
419
- before do
420
- default_scopes_exist :public
421
- get :new, params: { an_invalid: "request" }
422
- end
423
-
424
- it "does not redirect" do
425
- expect(response).to_not be_redirect
426
- end
427
-
428
- it "does not issue any token" do
429
- expect(Doorkeeper::AccessGrant.count).to eq 0
430
- expect(Doorkeeper::AccessToken.count).to eq 0
431
- end
432
- end
433
-
434
- describe "GET #new in API mode with errors" do
435
- let(:response_json_body) { JSON.parse(response.body) }
436
-
437
- before do
438
- default_scopes_exist :public
439
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
440
- get :new, params: { an_invalid: "request" }
441
- end
442
-
443
- it "should render bad request" do
444
- expect(response).to have_http_status(:bad_request)
445
- end
446
-
447
- it "includes error in body" do
448
- expect(response_json_body["error"]).to eq("unsupported_response_type")
449
- end
450
-
451
- it "includes error description in body" do
452
- expect(response_json_body["error_description"])
453
- .to eq(translated_error_message(:unsupported_response_type))
454
- end
455
-
456
- it "does not issue any token" do
457
- expect(Doorkeeper::AccessGrant.count).to eq 0
458
- expect(Doorkeeper::AccessToken.count).to eq 0
459
- end
460
- end
461
-
462
- describe "GET #new with callbacks" do
463
- after do
464
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
465
- get :new, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
466
- end
467
-
468
- describe "when authorizing" do
469
- before do
470
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
471
- end
472
-
473
- it "should call :before_successful_authorization callback" do
474
- expect(Doorkeeper.configuration)
475
- .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
476
- end
477
-
478
- it "should call :after_successful_authorization callback" do
479
- expect(Doorkeeper.configuration)
480
- .to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
481
- end
482
- end
483
-
484
- describe "when not authorizing" do
485
- before do
486
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
487
- end
488
-
489
- it "should not call :before_successful_authorization callback" do
490
- expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
491
- end
492
-
493
- it "should not call :after_successful_authorization callback" do
494
- expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
495
- end
496
- end
497
-
498
- describe "when not authorizing in api mode" do
499
- before do
500
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
501
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
502
- end
503
-
504
- it "should not call :before_successful_authorization callback" do
505
- expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
506
- end
507
-
508
- it "should not call :after_successful_authorization callback" do
509
- expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
510
- end
511
- end
512
- end
513
-
514
- describe "authorize response memoization" do
515
- it "memoizes the result of the authorization" do
516
- strategy = double(:strategy, authorize: true)
517
- expect(strategy).to receive(:authorize).once
518
- allow(controller).to receive(:strategy) { strategy }
519
- allow(controller).to receive(:create) do
520
- 2.times { controller.send :authorize_response }
521
- controller.render json: {}, status: :ok
522
- end
523
-
524
- post :create
525
- end
526
- end
527
- end