doorkeeper 5.1.0 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (265) hide show
  1. checksums.yaml +4 -4
  2. data/{NEWS.md → CHANGELOG.md} +234 -25
  3. data/README.md +21 -11
  4. data/app/controllers/doorkeeper/application_controller.rb +2 -2
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
  6. data/app/controllers/doorkeeper/applications_controller.rb +8 -7
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +56 -19
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +5 -5
  9. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  10. data/app/controllers/doorkeeper/tokens_controller.rb +93 -25
  11. data/app/views/doorkeeper/applications/_form.html.erb +1 -7
  12. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  13. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  14. data/config/locales/en.yml +13 -3
  15. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  16. data/lib/doorkeeper/config/option.rb +20 -2
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/config.rb +291 -121
  19. data/lib/doorkeeper/engine.rb +1 -1
  20. data/lib/doorkeeper/errors.rb +13 -18
  21. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  22. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  23. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  24. data/lib/doorkeeper/grant_flow.rb +45 -0
  25. data/lib/doorkeeper/grape/helpers.rb +7 -3
  26. data/lib/doorkeeper/helpers/controller.rb +36 -11
  27. data/lib/doorkeeper/models/access_grant_mixin.rb +22 -18
  28. data/lib/doorkeeper/models/access_token_mixin.rb +194 -51
  29. data/lib/doorkeeper/models/application_mixin.rb +8 -7
  30. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  31. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  32. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  33. data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
  34. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  35. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  36. data/lib/doorkeeper/oauth/authorization/code.rb +25 -14
  37. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  38. data/lib/doorkeeper/oauth/authorization/token.rb +24 -19
  39. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  40. data/lib/doorkeeper/oauth/authorization_code_request.rb +40 -21
  41. data/lib/doorkeeper/oauth/base_request.rb +21 -23
  42. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  43. data/lib/doorkeeper/oauth/client.rb +8 -9
  44. data/lib/doorkeeper/oauth/client_credentials/creator.rb +45 -5
  45. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
  46. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +13 -3
  47. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  48. data/lib/doorkeeper/oauth/code_request.rb +6 -12
  49. data/lib/doorkeeper/oauth/code_response.rb +24 -14
  50. data/lib/doorkeeper/oauth/error.rb +1 -1
  51. data/lib/doorkeeper/oauth/error_response.rb +10 -11
  52. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
  53. data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
  54. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +19 -5
  55. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  56. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  57. data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
  58. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  59. data/lib/doorkeeper/oauth/password_access_token_request.rb +32 -10
  60. data/lib/doorkeeper/oauth/pre_authorization.rb +111 -42
  61. data/lib/doorkeeper/oauth/refresh_token_request.rb +45 -33
  62. data/lib/doorkeeper/oauth/token.rb +6 -7
  63. data/lib/doorkeeper/oauth/token_introspection.rb +24 -18
  64. data/lib/doorkeeper/oauth/token_request.rb +6 -20
  65. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  66. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  67. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  68. data/lib/doorkeeper/orm/active_record/application.rb +5 -83
  69. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
  70. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
  71. data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
  72. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  73. data/lib/doorkeeper/orm/active_record.rb +20 -6
  74. data/lib/doorkeeper/rails/helpers.rb +4 -4
  75. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  76. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  77. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  78. data/lib/doorkeeper/rails/routes.rb +17 -25
  79. data/lib/doorkeeper/rake/db.rake +6 -6
  80. data/lib/doorkeeper/rake/setup.rake +5 -0
  81. data/lib/doorkeeper/request/authorization_code.rb +5 -3
  82. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  83. data/lib/doorkeeper/request/password.rb +2 -2
  84. data/lib/doorkeeper/request/refresh_token.rb +5 -4
  85. data/lib/doorkeeper/request/strategy.rb +2 -2
  86. data/lib/doorkeeper/request.rb +49 -17
  87. data/lib/doorkeeper/server.rb +7 -11
  88. data/lib/doorkeeper/stale_records_cleaner.rb +6 -2
  89. data/lib/doorkeeper/version.rb +1 -5
  90. data/lib/doorkeeper.rb +114 -79
  91. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  92. data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
  93. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  94. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  95. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  96. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -7
  97. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  98. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  99. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  100. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  101. data/lib/generators/doorkeeper/templates/initializer.rb +205 -43
  102. data/lib/generators/doorkeeper/templates/migration.rb.erb +18 -6
  103. metadata +43 -310
  104. data/.coveralls.yml +0 -1
  105. data/.github/ISSUE_TEMPLATE.md +0 -25
  106. data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
  107. data/.gitignore +0 -20
  108. data/.gitlab-ci.yml +0 -16
  109. data/.hound.yml +0 -3
  110. data/.rspec +0 -1
  111. data/.rubocop.yml +0 -50
  112. data/.travis.yml +0 -35
  113. data/Appraisals +0 -40
  114. data/CODE_OF_CONDUCT.md +0 -46
  115. data/CONTRIBUTING.md +0 -47
  116. data/Dangerfile +0 -67
  117. data/Gemfile +0 -24
  118. data/RELEASING.md +0 -10
  119. data/Rakefile +0 -28
  120. data/SECURITY.md +0 -15
  121. data/UPGRADE.md +0 -2
  122. data/app/validators/redirect_uri_validator.rb +0 -50
  123. data/bin/console +0 -16
  124. data/doorkeeper.gemspec +0 -34
  125. data/gemfiles/rails_5_0.gemfile +0 -17
  126. data/gemfiles/rails_5_1.gemfile +0 -17
  127. data/gemfiles/rails_5_2.gemfile +0 -17
  128. data/gemfiles/rails_6_0.gemfile +0 -17
  129. data/gemfiles/rails_master.gemfile +0 -17
  130. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  131. data/spec/controllers/applications_controller_spec.rb +0 -180
  132. data/spec/controllers/authorizations_controller_spec.rb +0 -527
  133. data/spec/controllers/protected_resources_controller_spec.rb +0 -353
  134. data/spec/controllers/token_info_controller_spec.rb +0 -50
  135. data/spec/controllers/tokens_controller_spec.rb +0 -330
  136. data/spec/dummy/Rakefile +0 -9
  137. data/spec/dummy/app/assets/config/manifest.js +0 -2
  138. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  139. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  140. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  141. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  142. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  143. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  144. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  145. data/spec/dummy/app/models/user.rb +0 -7
  146. data/spec/dummy/app/views/home/index.html.erb +0 -0
  147. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  148. data/spec/dummy/config/application.rb +0 -47
  149. data/spec/dummy/config/boot.rb +0 -7
  150. data/spec/dummy/config/database.yml +0 -15
  151. data/spec/dummy/config/environment.rb +0 -5
  152. data/spec/dummy/config/environments/development.rb +0 -31
  153. data/spec/dummy/config/environments/production.rb +0 -64
  154. data/spec/dummy/config/environments/test.rb +0 -45
  155. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  156. data/spec/dummy/config/initializers/doorkeeper.rb +0 -121
  157. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  158. data/spec/dummy/config/initializers/session_store.rb +0 -10
  159. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  160. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  161. data/spec/dummy/config/routes.rb +0 -13
  162. data/spec/dummy/config.ru +0 -6
  163. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  164. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  165. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  166. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  167. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  168. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  169. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  170. data/spec/dummy/db/schema.rb +0 -68
  171. data/spec/dummy/public/404.html +0 -26
  172. data/spec/dummy/public/422.html +0 -26
  173. data/spec/dummy/public/500.html +0 -26
  174. data/spec/dummy/public/favicon.ico +0 -0
  175. data/spec/dummy/script/rails +0 -9
  176. data/spec/factories.rb +0 -30
  177. data/spec/generators/application_owner_generator_spec.rb +0 -28
  178. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  179. data/spec/generators/install_generator_spec.rb +0 -36
  180. data/spec/generators/migration_generator_spec.rb +0 -28
  181. data/spec/generators/pkce_generator_spec.rb +0 -28
  182. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  183. data/spec/generators/templates/routes.rb +0 -4
  184. data/spec/generators/views_generator_spec.rb +0 -29
  185. data/spec/grape/grape_integration_spec.rb +0 -137
  186. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  187. data/spec/lib/config_spec.rb +0 -697
  188. data/spec/lib/doorkeeper_spec.rb +0 -27
  189. data/spec/lib/models/expirable_spec.rb +0 -61
  190. data/spec/lib/models/reusable_spec.rb +0 -40
  191. data/spec/lib/models/revocable_spec.rb +0 -59
  192. data/spec/lib/models/scopes_spec.rb +0 -53
  193. data/spec/lib/models/secret_storable_spec.rb +0 -135
  194. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  195. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -156
  196. data/spec/lib/oauth/base_request_spec.rb +0 -205
  197. data/spec/lib/oauth/base_response_spec.rb +0 -47
  198. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  199. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -94
  200. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  201. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  202. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
  203. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
  204. data/spec/lib/oauth/client_spec.rb +0 -38
  205. data/spec/lib/oauth/code_request_spec.rb +0 -47
  206. data/spec/lib/oauth/code_response_spec.rb +0 -36
  207. data/spec/lib/oauth/error_response_spec.rb +0 -66
  208. data/spec/lib/oauth/error_spec.rb +0 -23
  209. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
  210. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
  211. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  212. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -247
  213. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
  214. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
  215. data/spec/lib/oauth/pre_authorization_spec.rb +0 -215
  216. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  217. data/spec/lib/oauth/scopes_spec.rb +0 -148
  218. data/spec/lib/oauth/token_request_spec.rb +0 -150
  219. data/spec/lib/oauth/token_response_spec.rb +0 -86
  220. data/spec/lib/oauth/token_spec.rb +0 -158
  221. data/spec/lib/request/strategy_spec.rb +0 -54
  222. data/spec/lib/secret_storing/base_spec.rb +0 -60
  223. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  224. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  225. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  226. data/spec/lib/server_spec.rb +0 -61
  227. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  228. data/spec/models/doorkeeper/access_grant_spec.rb +0 -144
  229. data/spec/models/doorkeeper/access_token_spec.rb +0 -591
  230. data/spec/models/doorkeeper/application_spec.rb +0 -367
  231. data/spec/requests/applications/applications_request_spec.rb +0 -259
  232. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  233. data/spec/requests/endpoints/authorization_spec.rb +0 -73
  234. data/spec/requests/endpoints/token_spec.rb +0 -75
  235. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -78
  236. data/spec/requests/flows/authorization_code_spec.rb +0 -447
  237. data/spec/requests/flows/client_credentials_spec.rb +0 -128
  238. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -34
  239. data/spec/requests/flows/implicit_grant_spec.rb +0 -90
  240. data/spec/requests/flows/password_spec.rb +0 -259
  241. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  242. data/spec/requests/flows/revoke_token_spec.rb +0 -143
  243. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  244. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  245. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  246. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  247. data/spec/routing/default_routes_spec.rb +0 -41
  248. data/spec/routing/scoped_routes_spec.rb +0 -47
  249. data/spec/spec_helper.rb +0 -57
  250. data/spec/spec_helper_integration.rb +0 -4
  251. data/spec/support/dependencies/factory_bot.rb +0 -4
  252. data/spec/support/doorkeeper_rspec.rb +0 -22
  253. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  254. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  255. data/spec/support/helpers/config_helper.rb +0 -11
  256. data/spec/support/helpers/model_helper.rb +0 -78
  257. data/spec/support/helpers/request_spec_helper.rb +0 -98
  258. data/spec/support/helpers/url_helper.rb +0 -62
  259. data/spec/support/http_method_shim.rb +0 -29
  260. data/spec/support/orm/active_record.rb +0 -5
  261. data/spec/support/shared/controllers_shared_context.rb +0 -123
  262. data/spec/support/shared/hashing_shared_context.rb +0 -36
  263. data/spec/support/shared/models_shared_examples.rb +0 -54
  264. data/spec/validators/redirect_uri_validator_spec.rb +0 -158
  265. data/spec/version/version_spec.rb +0 -17
@@ -1,367 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
- require "bcrypt"
5
-
6
- module Doorkeeper
7
- describe Application do
8
- let(:clazz) { Doorkeeper::Application }
9
- let(:require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", true) }
10
- let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", false) }
11
- let(:new_application) { FactoryBot.build(:application) }
12
-
13
- let(:uid) { SecureRandom.hex(8) }
14
- let(:secret) { SecureRandom.hex(8) }
15
-
16
- context "application_owner is enabled" do
17
- before do
18
- Doorkeeper.configure do
19
- orm DOORKEEPER_ORM
20
- enable_application_owner
21
- end
22
- end
23
-
24
- context "application owner is not required" do
25
- before(:each) do
26
- unset_require_owner
27
- end
28
-
29
- it "is valid given valid attributes" do
30
- expect(new_application).to be_valid
31
- end
32
- end
33
-
34
- context "application owner is required" do
35
- before(:each) do
36
- require_owner
37
- @owner = FactoryBot.build_stubbed(:doorkeeper_testing_user)
38
- end
39
-
40
- it "is invalid without an owner" do
41
- expect(new_application).not_to be_valid
42
- end
43
-
44
- it "is valid with an owner" do
45
- new_application.owner = @owner
46
- expect(new_application).to be_valid
47
- end
48
- end
49
- end
50
-
51
- it "is invalid without a name" do
52
- new_application.name = nil
53
- expect(new_application).not_to be_valid
54
- end
55
-
56
- it "is invalid without determining confidentiality" do
57
- new_application.confidential = nil
58
- expect(new_application).not_to be_valid
59
- end
60
-
61
- it "generates uid on create" do
62
- expect(new_application.uid).to be_nil
63
- new_application.save
64
- expect(new_application.uid).not_to be_nil
65
- end
66
-
67
- it "generates uid on create if an empty string" do
68
- new_application.uid = ""
69
- new_application.save
70
- expect(new_application.uid).not_to be_blank
71
- end
72
-
73
- it "generates uid on create unless one is set" do
74
- new_application.uid = uid
75
- new_application.save
76
- expect(new_application.uid).to eq(uid)
77
- end
78
-
79
- it "is invalid without uid" do
80
- new_application.save
81
- new_application.uid = nil
82
- expect(new_application).not_to be_valid
83
- end
84
-
85
- context "redirect URI" do
86
- context "when grant flows allow blank redirect URI" do
87
- before do
88
- Doorkeeper.configure do
89
- grant_flows %w[password client_credentials]
90
- end
91
- end
92
-
93
- it "is valid without redirect_uri" do
94
- new_application.save
95
- new_application.redirect_uri = nil
96
- expect(new_application).to be_valid
97
- end
98
- end
99
-
100
- context "when grant flows require redirect URI" do
101
- before do
102
- Doorkeeper.configure do
103
- grant_flows %w[password client_credentials authorization_code]
104
- end
105
- end
106
-
107
- it "is invalid without redirect_uri" do
108
- new_application.save
109
- new_application.redirect_uri = nil
110
- expect(new_application).not_to be_valid
111
- end
112
- end
113
-
114
- context "when blank URI option disabled" do
115
- before do
116
- Doorkeeper.configure do
117
- grant_flows %w[password client_credentials]
118
- allow_blank_redirect_uri false
119
- end
120
- end
121
-
122
- it "is invalid without redirect_uri" do
123
- new_application.save
124
- new_application.redirect_uri = nil
125
- expect(new_application).not_to be_valid
126
- end
127
- end
128
- end
129
-
130
- it "checks uniqueness of uid" do
131
- app1 = FactoryBot.create(:application)
132
- app2 = FactoryBot.create(:application)
133
- app2.uid = app1.uid
134
- expect(app2).not_to be_valid
135
- end
136
-
137
- it "expects database to throw an error when uids are the same" do
138
- app1 = FactoryBot.create(:application)
139
- app2 = FactoryBot.create(:application)
140
- app2.uid = app1.uid
141
- expect { app2.save!(validate: false) }.to raise_error(uniqueness_error)
142
- end
143
-
144
- it "generate secret on create" do
145
- expect(new_application.secret).to be_nil
146
- new_application.save
147
- expect(new_application.secret).not_to be_nil
148
- end
149
-
150
- it "generate secret on create if is blank string" do
151
- new_application.secret = ""
152
- new_application.save
153
- expect(new_application.secret).not_to be_blank
154
- end
155
-
156
- it "generate secret on create unless one is set" do
157
- new_application.secret = secret
158
- new_application.save
159
- expect(new_application.secret).to eq(secret)
160
- end
161
-
162
- it "is invalid without secret" do
163
- new_application.save
164
- new_application.secret = nil
165
- expect(new_application).not_to be_valid
166
- end
167
-
168
- context "with hashing enabled" do
169
- include_context "with application hashing enabled"
170
- let(:app) { FactoryBot.create :application }
171
- let(:default_strategy) { Doorkeeper::SecretStoring::Sha256Hash }
172
-
173
- it "uses SHA256 to avoid additional dependencies" do
174
- # Ensure token was generated
175
- app.validate
176
- expect(app.secret).to eq(default_strategy.transform_secret(app.plaintext_secret))
177
- end
178
-
179
- context "when bcrypt strategy is configured" do
180
- # In this text context, we have bcrypt loaded so `bcrypt_present?`
181
- # will always be true
182
- before do
183
- Doorkeeper.configure do
184
- hash_application_secrets using: "Doorkeeper::SecretStoring::BCrypt"
185
- end
186
- end
187
-
188
- it "holds a volatile plaintext and BCrypt secret" do
189
- expect(app.secret_strategy).to eq Doorkeeper::SecretStoring::BCrypt
190
- expect(app.plaintext_secret).to be_a(String)
191
- expect(app.secret).not_to eq(app.plaintext_secret)
192
- expect { ::BCrypt::Password.create(app.secret) }.not_to raise_error
193
- end
194
- end
195
-
196
- it "does not fallback to plain lookup by default" do
197
- lookup = clazz.by_uid_and_secret(app.uid, app.secret)
198
- expect(lookup).to eq(nil)
199
-
200
- lookup = clazz.by_uid_and_secret(app.uid, app.plaintext_secret)
201
- expect(lookup).to eq(app)
202
- end
203
-
204
- context "with fallback enabled" do
205
- include_context "with token hashing and fallback lookup enabled"
206
-
207
- it "provides plain and hashed lookup" do
208
- lookup = clazz.by_uid_and_secret(app.uid, app.secret)
209
- expect(lookup).to eq(app)
210
-
211
- lookup = clazz.by_uid_and_secret(app.uid, app.plaintext_secret)
212
- expect(lookup).to eq(app)
213
- end
214
- end
215
-
216
- it "does not provide access to secret after loading" do
217
- lookup = clazz.by_uid_and_secret(app.uid, app.plaintext_secret)
218
- expect(lookup.plaintext_secret).to be_nil
219
- end
220
- end
221
-
222
- describe "destroy related models on cascade" do
223
- before(:each) do
224
- new_application.save
225
- end
226
-
227
- it "should destroy its access grants" do
228
- FactoryBot.create(:access_grant, application: new_application)
229
- expect { new_application.destroy }.to change { Doorkeeper::AccessGrant.count }.by(-1)
230
- end
231
-
232
- it "should destroy its access tokens" do
233
- FactoryBot.create(:access_token, application: new_application)
234
- FactoryBot.create(:access_token, application: new_application, revoked_at: Time.now.utc)
235
- expect do
236
- new_application.destroy
237
- end.to change { Doorkeeper::AccessToken.count }.by(-2)
238
- end
239
- end
240
-
241
- describe :ordered_by do
242
- let(:applications) { FactoryBot.create_list(:application, 5) }
243
-
244
- context "when a direction is not specified" do
245
- it "calls order with a default order of asc" do
246
- names = applications.map(&:name).sort
247
- expect(Application.ordered_by(:name).map(&:name)).to eq(names)
248
- end
249
- end
250
-
251
- context "when a direction is specified" do
252
- it "calls order with specified direction" do
253
- names = applications.map(&:name).sort.reverse
254
- expect(Application.ordered_by(:name, :desc).map(&:name)).to eq(names)
255
- end
256
- end
257
- end
258
-
259
- describe "#redirect_uri=" do
260
- context "when array of valid redirect_uris" do
261
- it "should join by newline" do
262
- new_application.redirect_uri = ["http://localhost/callback1", "http://localhost/callback2"]
263
- expect(new_application.redirect_uri).to eq("http://localhost/callback1\nhttp://localhost/callback2")
264
- end
265
- end
266
- context "when string of valid redirect_uris" do
267
- it "should store as-is" do
268
- new_application.redirect_uri = "http://localhost/callback1\nhttp://localhost/callback2"
269
- expect(new_application.redirect_uri).to eq("http://localhost/callback1\nhttp://localhost/callback2")
270
- end
271
- end
272
- end
273
-
274
- describe :authorized_for do
275
- let(:resource_owner) { double(:resource_owner, id: 10) }
276
-
277
- it "is empty if the application is not authorized for anyone" do
278
- expect(Application.authorized_for(resource_owner)).to be_empty
279
- end
280
-
281
- it "returns only application for a specific resource owner" do
282
- FactoryBot.create(:access_token, resource_owner_id: resource_owner.id + 1)
283
- token = FactoryBot.create(:access_token, resource_owner_id: resource_owner.id)
284
- expect(Application.authorized_for(resource_owner)).to eq([token.application])
285
- end
286
-
287
- it "excludes revoked tokens" do
288
- FactoryBot.create(:access_token, resource_owner_id: resource_owner.id, revoked_at: 2.days.ago)
289
- expect(Application.authorized_for(resource_owner)).to be_empty
290
- end
291
-
292
- it "returns all applications that have been authorized" do
293
- token1 = FactoryBot.create(:access_token, resource_owner_id: resource_owner.id)
294
- token2 = FactoryBot.create(:access_token, resource_owner_id: resource_owner.id)
295
- expect(Application.authorized_for(resource_owner)).to eq([token1.application, token2.application])
296
- end
297
-
298
- it "returns only one application even if it has been authorized twice" do
299
- application = FactoryBot.create(:application)
300
- FactoryBot.create(:access_token, resource_owner_id: resource_owner.id, application: application)
301
- FactoryBot.create(:access_token, resource_owner_id: resource_owner.id, application: application)
302
- expect(Application.authorized_for(resource_owner)).to eq([application])
303
- end
304
- end
305
-
306
- describe :revoke_tokens_and_grants_for do
307
- it "revokes all access tokens and access grants" do
308
- application_id = 42
309
- resource_owner = double
310
- expect(Doorkeeper::AccessToken)
311
- .to receive(:revoke_all_for).with(application_id, resource_owner)
312
- expect(Doorkeeper::AccessGrant)
313
- .to receive(:revoke_all_for).with(application_id, resource_owner)
314
-
315
- Application.revoke_tokens_and_grants_for(application_id, resource_owner)
316
- end
317
- end
318
-
319
- describe :by_uid_and_secret do
320
- context "when application is private/confidential" do
321
- it "finds the application via uid/secret" do
322
- app = FactoryBot.create :application
323
- authenticated = Application.by_uid_and_secret(app.uid, app.secret)
324
- expect(authenticated).to eq(app)
325
- end
326
- context "when secret is wrong" do
327
- it "should not find the application" do
328
- app = FactoryBot.create :application
329
- authenticated = Application.by_uid_and_secret(app.uid, "bad")
330
- expect(authenticated).to eq(nil)
331
- end
332
- end
333
- end
334
-
335
- context "when application is public/non-confidential" do
336
- context "when secret is blank" do
337
- it "should find the application" do
338
- app = FactoryBot.create :application, confidential: false
339
- authenticated = Application.by_uid_and_secret(app.uid, nil)
340
- expect(authenticated).to eq(app)
341
- end
342
- end
343
- context "when secret is wrong" do
344
- it "should not find the application" do
345
- app = FactoryBot.create :application, confidential: false
346
- authenticated = Application.by_uid_and_secret(app.uid, "bad")
347
- expect(authenticated).to eq(nil)
348
- end
349
- end
350
- end
351
- end
352
-
353
- describe :confidential? do
354
- subject { FactoryBot.create(:application, confidential: confidential).confidential? }
355
-
356
- context "when application is private/confidential" do
357
- let(:confidential) { true }
358
- it { expect(subject).to eq(true) }
359
- end
360
-
361
- context "when application is public/non-confidential" do
362
- let(:confidential) { false }
363
- it { expect(subject).to eq(false) }
364
- end
365
- end
366
- end
367
- end
@@ -1,259 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- feature "Adding applications" do
6
- context "in application form" do
7
- background do
8
- i_am_logged_in
9
- visit "/oauth/applications/new"
10
- end
11
-
12
- scenario "adding a valid app" do
13
- fill_in "doorkeeper_application[name]", with: "My Application"
14
- fill_in "doorkeeper_application[redirect_uri]",
15
- with: "https://example.com"
16
-
17
- click_button "Submit"
18
- i_should_see "Application created"
19
- i_should_see "My Application"
20
- end
21
-
22
- scenario "adding invalid app" do
23
- click_button "Submit"
24
- i_should_see "Whoops! Check your form for possible errors"
25
- end
26
-
27
- scenario "adding app ignoring bad scope" do
28
- config_is_set("enforce_configured_scopes", false)
29
-
30
- fill_in "doorkeeper_application[name]", with: "My Application"
31
- fill_in "doorkeeper_application[redirect_uri]",
32
- with: "https://example.com"
33
- fill_in "doorkeeper_application[scopes]", with: "blahblah"
34
-
35
- click_button "Submit"
36
- i_should_see "Application created"
37
- i_should_see "My Application"
38
- end
39
-
40
- scenario "adding app validating bad scope" do
41
- config_is_set("enforce_configured_scopes", true)
42
-
43
- fill_in "doorkeeper_application[name]", with: "My Application"
44
- fill_in "doorkeeper_application[redirect_uri]",
45
- with: "https://example.com"
46
- fill_in "doorkeeper_application[scopes]", with: "blahblah"
47
-
48
- click_button "Submit"
49
- i_should_see "Whoops! Check your form for possible errors"
50
- end
51
-
52
- scenario "adding app validating scope, blank scope is accepted" do
53
- config_is_set("enforce_configured_scopes", true)
54
-
55
- fill_in "doorkeeper_application[name]", with: "My Application"
56
- fill_in "doorkeeper_application[redirect_uri]",
57
- with: "https://example.com"
58
- fill_in "doorkeeper_application[scopes]", with: ""
59
-
60
- click_button "Submit"
61
- i_should_see "Application created"
62
- i_should_see "My Application"
63
- end
64
-
65
- scenario "adding app validating scope, multiple scopes configured" do
66
- config_is_set("enforce_configured_scopes", true)
67
- scopes = Doorkeeper::OAuth::Scopes.from_array(%w[read write admin])
68
- config_is_set("optional_scopes", scopes)
69
-
70
- fill_in "doorkeeper_application[name]", with: "My Application"
71
- fill_in "doorkeeper_application[redirect_uri]",
72
- with: "https://example.com"
73
- fill_in "doorkeeper_application[scopes]", with: "read write"
74
-
75
- click_button "Submit"
76
- i_should_see "Application created"
77
- i_should_see "My Application"
78
- end
79
-
80
- scenario "adding app validating scope, bad scope with multiple scopes configured" do
81
- config_is_set("enforce_configured_scopes", true)
82
- scopes = Doorkeeper::OAuth::Scopes.from_array(%w[read write admin])
83
- config_is_set("optional_scopes", scopes)
84
-
85
- fill_in "doorkeeper_application[name]", with: "My Application"
86
- fill_in "doorkeeper_application[redirect_uri]",
87
- with: "https://example.com"
88
- fill_in "doorkeeper_application[scopes]", with: "read blah"
89
-
90
- click_button "Submit"
91
- i_should_see "Whoops! Check your form for possible errors"
92
- i_should_see Regexp.new(
93
- I18n.t("activerecord.errors.models.doorkeeper/application.attributes.scopes.not_match_configured"),
94
- true
95
- )
96
- end
97
-
98
- context "redirect URI" do
99
- scenario "adding app with blank redirect URI when configured flows requires redirect uri" do
100
- config_is_set("grant_flows", %w[authorization_code implicit client_credentials])
101
-
102
- fill_in "doorkeeper_application[name]", with: "My Application"
103
- fill_in "doorkeeper_application[redirect_uri]",
104
- with: ""
105
-
106
- click_button "Submit"
107
- i_should_see "Whoops! Check your form for possible errors"
108
- end
109
-
110
- scenario "adding app with blank redirect URI when configured flows without redirect uri" do
111
- config_is_set("grant_flows", %w[client_credentials password])
112
-
113
- # Visit it once again to consider grant flows
114
- visit "/oauth/applications/new"
115
-
116
- i_should_see I18n.t("doorkeeper.applications.help.blank_redirect_uri")
117
-
118
- fill_in "doorkeeper_application[name]", with: "My Application"
119
- fill_in "doorkeeper_application[redirect_uri]",
120
- with: ""
121
-
122
- click_button "Submit"
123
- i_should_see "Application created"
124
- i_should_see "My Application"
125
- end
126
- end
127
- end
128
- end
129
-
130
- feature "Listing applications" do
131
- background do
132
- i_am_logged_in
133
-
134
- FactoryBot.create :application, name: "Oauth Dude"
135
- FactoryBot.create :application, name: "Awesome App"
136
- end
137
-
138
- scenario "application list" do
139
- visit "/oauth/applications"
140
-
141
- i_should_see "Awesome App"
142
- i_should_see "Oauth Dude"
143
- end
144
- end
145
-
146
- feature "Renders assets" do
147
- scenario "admin stylesheets" do
148
- visit "/assets/doorkeeper/admin/application.css"
149
-
150
- i_should_see "Bootstrap"
151
- i_should_see ".doorkeeper-admin"
152
- end
153
-
154
- scenario "application stylesheets" do
155
- visit "/assets/doorkeeper/application.css"
156
-
157
- i_should_see "Bootstrap"
158
- i_should_see "#oauth-permissions"
159
- i_should_see "#container"
160
- end
161
- end
162
-
163
- feature "Show application" do
164
- given :app do
165
- i_am_logged_in
166
-
167
- FactoryBot.create :application, name: "Just another oauth app"
168
- end
169
-
170
- scenario "visiting application page" do
171
- visit "/oauth/applications/#{app.id}"
172
-
173
- i_should_see "Just another oauth app"
174
- end
175
- end
176
-
177
- feature "Edit application" do
178
- let :app do
179
- FactoryBot.create :application, name: "OMG my app"
180
- end
181
-
182
- background do
183
- i_am_logged_in
184
-
185
- visit "/oauth/applications/#{app.id}/edit"
186
- end
187
-
188
- scenario "updating a valid app" do
189
- fill_in "doorkeeper_application[name]", with: "Serious app"
190
- click_button "Submit"
191
-
192
- i_should_see "Application updated"
193
- i_should_see "Serious app"
194
- i_should_not_see "OMG my app"
195
- end
196
-
197
- scenario "updating an invalid app" do
198
- fill_in "doorkeeper_application[name]", with: ""
199
- click_button "Submit"
200
-
201
- i_should_see "Whoops! Check your form for possible errors"
202
- end
203
- end
204
-
205
- feature "Remove application" do
206
- background do
207
- i_am_logged_in
208
-
209
- @app = FactoryBot.create :application
210
- end
211
-
212
- scenario "deleting an application from list" do
213
- visit "/oauth/applications"
214
-
215
- i_should_see @app.name
216
-
217
- within(:css, "tr#application_#{@app.id}") do
218
- click_button "Destroy"
219
- end
220
-
221
- i_should_see "Application deleted"
222
- i_should_not_see @app.name
223
- end
224
-
225
- scenario "deleting an application from show" do
226
- visit "/oauth/applications/#{@app.id}"
227
- click_button "Destroy"
228
-
229
- i_should_see "Application deleted"
230
- end
231
- end
232
-
233
- context "when admin authenticator block is default" do
234
- let(:app) { FactoryBot.create :application, name: "app" }
235
-
236
- feature "application list" do
237
- scenario "fails with forbidden" do
238
- visit "/oauth/applications"
239
-
240
- should_have_status 403
241
- end
242
- end
243
-
244
- feature "adding an app" do
245
- scenario "fails with forbidden" do
246
- visit "/oauth/applications/new"
247
-
248
- should_have_status 403
249
- end
250
- end
251
-
252
- feature "editing an app" do
253
- scenario "fails with forbidden" do
254
- visit "/oauth/applications/#{app.id}/edit"
255
-
256
- should_have_status 403
257
- end
258
- end
259
- end
@@ -1,32 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- feature "Authorized applications" do
6
- background do
7
- @user = User.create!(name: "Joe", password: "sekret")
8
- @client = client_exists(name: "Amazing Client App")
9
- resource_owner_is_authenticated @user
10
- client_is_authorized @client, @user
11
- end
12
-
13
- scenario "display user's authorized applications" do
14
- visit "/oauth/authorized_applications"
15
- i_should_see "Amazing Client App"
16
- end
17
-
18
- scenario "do not display other user's authorized applications" do
19
- client = client_exists(name: "Another Client App")
20
- client_is_authorized client, User.create!(name: "Joe", password: "sekret")
21
- visit "/oauth/authorized_applications"
22
- i_should_not_see "Another Client App"
23
- end
24
-
25
- scenario "user revoke access to application" do
26
- visit "/oauth/authorized_applications"
27
- i_should_see "Amazing Client App"
28
- click_on "Revoke"
29
- i_should_see "Application revoked"
30
- i_should_not_see "Amazing Client App"
31
- end
32
- end