doorkeeper 5.1.0 → 5.5.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (265) hide show
  1. checksums.yaml +4 -4
  2. data/{NEWS.md → CHANGELOG.md} +242 -25
  3. data/README.md +21 -11
  4. data/app/controllers/doorkeeper/application_controller.rb +3 -2
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
  6. data/app/controllers/doorkeeper/applications_controller.rb +8 -7
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +56 -19
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +6 -6
  9. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  10. data/app/controllers/doorkeeper/tokens_controller.rb +93 -25
  11. data/app/views/doorkeeper/applications/_form.html.erb +1 -7
  12. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  13. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  14. data/config/locales/en.yml +13 -3
  15. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  16. data/lib/doorkeeper/config/option.rb +20 -2
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/config.rb +295 -121
  19. data/lib/doorkeeper/engine.rb +1 -1
  20. data/lib/doorkeeper/errors.rb +13 -18
  21. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  22. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  23. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  24. data/lib/doorkeeper/grant_flow.rb +45 -0
  25. data/lib/doorkeeper/grape/helpers.rb +7 -3
  26. data/lib/doorkeeper/helpers/controller.rb +36 -11
  27. data/lib/doorkeeper/models/access_grant_mixin.rb +22 -18
  28. data/lib/doorkeeper/models/access_token_mixin.rb +194 -51
  29. data/lib/doorkeeper/models/application_mixin.rb +8 -7
  30. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  31. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  32. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  33. data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
  34. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  35. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  36. data/lib/doorkeeper/oauth/authorization/code.rb +25 -14
  37. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  38. data/lib/doorkeeper/oauth/authorization/token.rb +24 -19
  39. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  40. data/lib/doorkeeper/oauth/authorization_code_request.rb +40 -21
  41. data/lib/doorkeeper/oauth/base_request.rb +21 -23
  42. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  43. data/lib/doorkeeper/oauth/client.rb +8 -9
  44. data/lib/doorkeeper/oauth/client_credentials/creator.rb +45 -5
  45. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
  46. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +13 -3
  47. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  48. data/lib/doorkeeper/oauth/code_request.rb +6 -12
  49. data/lib/doorkeeper/oauth/code_response.rb +24 -14
  50. data/lib/doorkeeper/oauth/error.rb +1 -1
  51. data/lib/doorkeeper/oauth/error_response.rb +10 -11
  52. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
  53. data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
  54. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +19 -5
  55. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  56. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  57. data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
  58. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  59. data/lib/doorkeeper/oauth/password_access_token_request.rb +34 -11
  60. data/lib/doorkeeper/oauth/pre_authorization.rb +111 -42
  61. data/lib/doorkeeper/oauth/refresh_token_request.rb +45 -33
  62. data/lib/doorkeeper/oauth/token.rb +6 -7
  63. data/lib/doorkeeper/oauth/token_introspection.rb +24 -18
  64. data/lib/doorkeeper/oauth/token_request.rb +6 -20
  65. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  66. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  67. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  68. data/lib/doorkeeper/orm/active_record/application.rb +5 -83
  69. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
  70. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
  71. data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
  72. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  73. data/lib/doorkeeper/orm/active_record.rb +20 -6
  74. data/lib/doorkeeper/rails/helpers.rb +4 -4
  75. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  76. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  77. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  78. data/lib/doorkeeper/rails/routes.rb +17 -25
  79. data/lib/doorkeeper/rake/db.rake +6 -6
  80. data/lib/doorkeeper/rake/setup.rake +5 -0
  81. data/lib/doorkeeper/request/authorization_code.rb +5 -3
  82. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  83. data/lib/doorkeeper/request/password.rb +3 -2
  84. data/lib/doorkeeper/request/refresh_token.rb +5 -4
  85. data/lib/doorkeeper/request/strategy.rb +2 -2
  86. data/lib/doorkeeper/request.rb +49 -17
  87. data/lib/doorkeeper/server.rb +7 -11
  88. data/lib/doorkeeper/stale_records_cleaner.rb +6 -2
  89. data/lib/doorkeeper/version.rb +2 -6
  90. data/lib/doorkeeper.rb +114 -79
  91. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  92. data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
  93. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  94. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  95. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  96. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -7
  97. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  98. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  99. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  100. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  101. data/lib/generators/doorkeeper/templates/initializer.rb +205 -43
  102. data/lib/generators/doorkeeper/templates/migration.rb.erb +18 -6
  103. metadata +45 -312
  104. data/.coveralls.yml +0 -1
  105. data/.github/ISSUE_TEMPLATE.md +0 -25
  106. data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
  107. data/.gitignore +0 -20
  108. data/.gitlab-ci.yml +0 -16
  109. data/.hound.yml +0 -3
  110. data/.rspec +0 -1
  111. data/.rubocop.yml +0 -50
  112. data/.travis.yml +0 -35
  113. data/Appraisals +0 -40
  114. data/CODE_OF_CONDUCT.md +0 -46
  115. data/CONTRIBUTING.md +0 -47
  116. data/Dangerfile +0 -67
  117. data/Gemfile +0 -24
  118. data/RELEASING.md +0 -10
  119. data/Rakefile +0 -28
  120. data/SECURITY.md +0 -15
  121. data/UPGRADE.md +0 -2
  122. data/app/validators/redirect_uri_validator.rb +0 -50
  123. data/bin/console +0 -16
  124. data/doorkeeper.gemspec +0 -34
  125. data/gemfiles/rails_5_0.gemfile +0 -17
  126. data/gemfiles/rails_5_1.gemfile +0 -17
  127. data/gemfiles/rails_5_2.gemfile +0 -17
  128. data/gemfiles/rails_6_0.gemfile +0 -17
  129. data/gemfiles/rails_master.gemfile +0 -17
  130. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  131. data/spec/controllers/applications_controller_spec.rb +0 -180
  132. data/spec/controllers/authorizations_controller_spec.rb +0 -527
  133. data/spec/controllers/protected_resources_controller_spec.rb +0 -353
  134. data/spec/controllers/token_info_controller_spec.rb +0 -50
  135. data/spec/controllers/tokens_controller_spec.rb +0 -330
  136. data/spec/dummy/Rakefile +0 -9
  137. data/spec/dummy/app/assets/config/manifest.js +0 -2
  138. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  139. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  140. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  141. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  142. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  143. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  144. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  145. data/spec/dummy/app/models/user.rb +0 -7
  146. data/spec/dummy/app/views/home/index.html.erb +0 -0
  147. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  148. data/spec/dummy/config/application.rb +0 -47
  149. data/spec/dummy/config/boot.rb +0 -7
  150. data/spec/dummy/config/database.yml +0 -15
  151. data/spec/dummy/config/environment.rb +0 -5
  152. data/spec/dummy/config/environments/development.rb +0 -31
  153. data/spec/dummy/config/environments/production.rb +0 -64
  154. data/spec/dummy/config/environments/test.rb +0 -45
  155. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  156. data/spec/dummy/config/initializers/doorkeeper.rb +0 -121
  157. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  158. data/spec/dummy/config/initializers/session_store.rb +0 -10
  159. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  160. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  161. data/spec/dummy/config/routes.rb +0 -13
  162. data/spec/dummy/config.ru +0 -6
  163. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  164. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  165. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  166. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  167. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  168. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  169. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  170. data/spec/dummy/db/schema.rb +0 -68
  171. data/spec/dummy/public/404.html +0 -26
  172. data/spec/dummy/public/422.html +0 -26
  173. data/spec/dummy/public/500.html +0 -26
  174. data/spec/dummy/public/favicon.ico +0 -0
  175. data/spec/dummy/script/rails +0 -9
  176. data/spec/factories.rb +0 -30
  177. data/spec/generators/application_owner_generator_spec.rb +0 -28
  178. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  179. data/spec/generators/install_generator_spec.rb +0 -36
  180. data/spec/generators/migration_generator_spec.rb +0 -28
  181. data/spec/generators/pkce_generator_spec.rb +0 -28
  182. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  183. data/spec/generators/templates/routes.rb +0 -4
  184. data/spec/generators/views_generator_spec.rb +0 -29
  185. data/spec/grape/grape_integration_spec.rb +0 -137
  186. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  187. data/spec/lib/config_spec.rb +0 -697
  188. data/spec/lib/doorkeeper_spec.rb +0 -27
  189. data/spec/lib/models/expirable_spec.rb +0 -61
  190. data/spec/lib/models/reusable_spec.rb +0 -40
  191. data/spec/lib/models/revocable_spec.rb +0 -59
  192. data/spec/lib/models/scopes_spec.rb +0 -53
  193. data/spec/lib/models/secret_storable_spec.rb +0 -135
  194. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  195. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -156
  196. data/spec/lib/oauth/base_request_spec.rb +0 -205
  197. data/spec/lib/oauth/base_response_spec.rb +0 -47
  198. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  199. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -94
  200. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  201. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  202. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
  203. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
  204. data/spec/lib/oauth/client_spec.rb +0 -38
  205. data/spec/lib/oauth/code_request_spec.rb +0 -47
  206. data/spec/lib/oauth/code_response_spec.rb +0 -36
  207. data/spec/lib/oauth/error_response_spec.rb +0 -66
  208. data/spec/lib/oauth/error_spec.rb +0 -23
  209. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
  210. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
  211. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  212. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -247
  213. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
  214. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
  215. data/spec/lib/oauth/pre_authorization_spec.rb +0 -215
  216. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  217. data/spec/lib/oauth/scopes_spec.rb +0 -148
  218. data/spec/lib/oauth/token_request_spec.rb +0 -150
  219. data/spec/lib/oauth/token_response_spec.rb +0 -86
  220. data/spec/lib/oauth/token_spec.rb +0 -158
  221. data/spec/lib/request/strategy_spec.rb +0 -54
  222. data/spec/lib/secret_storing/base_spec.rb +0 -60
  223. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  224. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  225. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  226. data/spec/lib/server_spec.rb +0 -61
  227. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  228. data/spec/models/doorkeeper/access_grant_spec.rb +0 -144
  229. data/spec/models/doorkeeper/access_token_spec.rb +0 -591
  230. data/spec/models/doorkeeper/application_spec.rb +0 -367
  231. data/spec/requests/applications/applications_request_spec.rb +0 -259
  232. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  233. data/spec/requests/endpoints/authorization_spec.rb +0 -73
  234. data/spec/requests/endpoints/token_spec.rb +0 -75
  235. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -78
  236. data/spec/requests/flows/authorization_code_spec.rb +0 -447
  237. data/spec/requests/flows/client_credentials_spec.rb +0 -128
  238. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -34
  239. data/spec/requests/flows/implicit_grant_spec.rb +0 -90
  240. data/spec/requests/flows/password_spec.rb +0 -259
  241. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  242. data/spec/requests/flows/revoke_token_spec.rb +0 -143
  243. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  244. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  245. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  246. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  247. data/spec/routing/default_routes_spec.rb +0 -41
  248. data/spec/routing/scoped_routes_spec.rb +0 -47
  249. data/spec/spec_helper.rb +0 -57
  250. data/spec/spec_helper_integration.rb +0 -4
  251. data/spec/support/dependencies/factory_bot.rb +0 -4
  252. data/spec/support/doorkeeper_rspec.rb +0 -22
  253. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  254. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  255. data/spec/support/helpers/config_helper.rb +0 -11
  256. data/spec/support/helpers/model_helper.rb +0 -78
  257. data/spec/support/helpers/request_spec_helper.rb +0 -98
  258. data/spec/support/helpers/url_helper.rb +0 -62
  259. data/spec/support/http_method_shim.rb +0 -29
  260. data/spec/support/orm/active_record.rb +0 -5
  261. data/spec/support/shared/controllers_shared_context.rb +0 -123
  262. data/spec/support/shared/hashing_shared_context.rb +0 -36
  263. data/spec/support/shared/models_shared_examples.rb +0 -54
  264. data/spec/validators/redirect_uri_validator_spec.rb +0 -158
  265. data/spec/version/version_spec.rb +0 -17
@@ -1,247 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth::Helpers
6
- describe URIChecker do
7
- describe ".valid?" do
8
- it "is valid for valid uris" do
9
- uri = "http://app.co"
10
- expect(URIChecker.valid?(uri)).to be_truthy
11
- end
12
-
13
- it "is valid if include path param" do
14
- uri = "http://app.co/path"
15
- expect(URIChecker.valid?(uri)).to be_truthy
16
- end
17
-
18
- it "is valid if include query param" do
19
- uri = "http://app.co/?query=1"
20
- expect(URIChecker.valid?(uri)).to be_truthy
21
- end
22
-
23
- it "is invalid if uri includes fragment" do
24
- uri = "http://app.co/test#fragment"
25
- expect(URIChecker.valid?(uri)).to be_falsey
26
- end
27
-
28
- it "is invalid if scheme is missing" do
29
- uri = "app.co"
30
- expect(URIChecker.valid?(uri)).to be_falsey
31
- end
32
-
33
- it "is invalid if is a relative uri" do
34
- uri = "/abc/123"
35
- expect(URIChecker.valid?(uri)).to be_falsey
36
- end
37
-
38
- it "is invalid if is not a url" do
39
- uri = "http://"
40
- expect(URIChecker.valid?(uri)).to be_falsey
41
- end
42
-
43
- it "is invalid if is not an uri" do
44
- uri = " "
45
- expect(URIChecker.valid?(uri)).to be_falsey
46
- end
47
-
48
- it "is valid for native uris" do
49
- uri = "urn:ietf:wg:oauth:2.0:oob"
50
- expect(URIChecker.valid?(uri)).to be_truthy
51
- end
52
- end
53
-
54
- describe ".matches?" do
55
- it "is true if both url matches" do
56
- uri = client_uri = "http://app.co/aaa"
57
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
58
- end
59
-
60
- it "ignores query parameter on comparsion" do
61
- uri = "http://app.co/?query=hello"
62
- client_uri = "http://app.co"
63
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
64
- end
65
-
66
- it "doesn't allow non-matching domains through" do
67
- uri = "http://app.abc/?query=hello"
68
- client_uri = "http://app.co"
69
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
70
- end
71
-
72
- it "doesn't allow non-matching domains that don't start at the beginning" do
73
- uri = "http://app.co/?query=hello"
74
- client_uri = "http://example.com?app.co=test"
75
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
76
- end
77
-
78
- context "loopback IP redirect URIs" do
79
- it "ignores port for same URIs" do
80
- uri = "http://127.0.0.1:5555/auth/callback"
81
- client_uri = "http://127.0.0.1:48599/auth/callback"
82
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
83
-
84
- uri = "http://[::1]:5555/auth/callback"
85
- client_uri = "http://[::1]:5555/auth/callback"
86
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
87
- end
88
-
89
- it "doesn't ignore port for URIs with different queries" do
90
- uri = "http://127.0.0.1:5555/auth/callback"
91
- client_uri = "http://127.0.0.1:48599/auth/callback2"
92
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
93
- end
94
- end
95
-
96
- context "client registered query params" do
97
- it "doesn't allow query being absent" do
98
- uri = "http://app.co"
99
- client_uri = "http://app.co/?vendorId=AJ4L7XXW9"
100
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
101
- end
102
-
103
- it "is false if query values differ but key same" do
104
- uri = "http://app.co/?vendorId=pancakes"
105
- client_uri = "http://app.co/?vendorId=waffles"
106
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
107
- end
108
-
109
- it "is false if query values same but key differs" do
110
- uri = "http://app.co/?foo=pancakes"
111
- client_uri = "http://app.co/?bar=pancakes"
112
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
113
- end
114
-
115
- it "is false if query present and match, but unknown queries present" do
116
- uri = "http://app.co/?vendorId=pancakes&unknown=query"
117
- client_uri = "http://app.co/?vendorId=waffles"
118
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
119
- end
120
-
121
- it "is true if queries are present and matche" do
122
- uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
123
- client_uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
124
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
125
- end
126
-
127
- it "is true if queries are present, match and in different order" do
128
- uri = "http://app.co/?bing=bang&foo=bar"
129
- client_uri = "http://app.co/?foo=bar&bing=bang"
130
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
131
- end
132
- end
133
- end
134
-
135
- describe ".valid_for_authorization?" do
136
- it "is true if valid and matches" do
137
- uri = client_uri = "http://app.co/aaa"
138
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
139
-
140
- uri = client_uri = "http://app.co/aaa?b=c"
141
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
142
- end
143
-
144
- it "is true if uri includes blank query" do
145
- uri = client_uri = "http://app.co/aaa?"
146
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
147
-
148
- uri = "http://app.co/aaa?"
149
- client_uri = "http://app.co/aaa"
150
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
151
-
152
- uri = "http://app.co/aaa"
153
- client_uri = "http://app.co/aaa?"
154
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
155
- end
156
-
157
- it "is false if valid and mismatches" do
158
- uri = "http://app.co/aaa"
159
- client_uri = "http://app.co/bbb"
160
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
161
- end
162
-
163
- it "is true if valid and included in array" do
164
- uri = "http://app.co/aaa"
165
- client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
166
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
167
- end
168
-
169
- it "is false if valid and not included in array" do
170
- uri = "http://app.co/aaa"
171
- client_uri = "http://example.com/bbb\nhttp://app.co/cc"
172
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
173
- end
174
-
175
- it "is false if queries does not match" do
176
- uri = "http://app.co/aaa?pankcakes=abc"
177
- client_uri = "http://app.co/aaa?waffles=abc"
178
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false
179
- end
180
-
181
- it "calls .matches?" do
182
- uri = "http://app.co/aaa?pankcakes=abc"
183
- client_uri = "http://app.co/aaa?waffles=abc"
184
- expect(URIChecker).to receive(:matches?).with(uri, client_uri).once
185
- URIChecker.valid_for_authorization?(uri, client_uri)
186
- end
187
-
188
- it "calls .valid?" do
189
- uri = "http://app.co/aaa?pankcakes=abc"
190
- client_uri = "http://app.co/aaa?waffles=abc"
191
- expect(URIChecker).to receive(:valid?).with(uri).once
192
- URIChecker.valid_for_authorization?(uri, client_uri)
193
- end
194
- end
195
-
196
- describe ".query_matches?" do
197
- it "is true if no queries" do
198
- expect(URIChecker.query_matches?("", "")).to be_truthy
199
- expect(URIChecker.query_matches?(nil, nil)).to be_truthy
200
- end
201
-
202
- it "is true if same query" do
203
- expect(URIChecker.query_matches?("foo", "foo")).to be_truthy
204
- end
205
-
206
- it "is false if different query" do
207
- expect(URIChecker.query_matches?("foo", "bar")).to be_falsey
208
- end
209
-
210
- it "is true if same queries" do
211
- expect(URIChecker.query_matches?("foo&bar", "foo&bar")).to be_truthy
212
- end
213
-
214
- it "is true if same queries, different order" do
215
- expect(URIChecker.query_matches?("foo&bar", "bar&foo")).to be_truthy
216
- end
217
-
218
- it "is false if one different query" do
219
- expect(URIChecker.query_matches?("foo&bang", "foo&bing")).to be_falsey
220
- end
221
-
222
- it "is true if same query with same value" do
223
- expect(URIChecker.query_matches?("foo=bar", "foo=bar")).to be_truthy
224
- end
225
-
226
- it "is true if same queries with same values" do
227
- expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=bang")).to be_truthy
228
- end
229
-
230
- it "is true if same queries with same values, different order" do
231
- expect(URIChecker.query_matches?("foo=bar&bing=bang", "bing=bang&foo=bar")).to be_truthy
232
- end
233
-
234
- it "is false if same query with different value" do
235
- expect(URIChecker.query_matches?("foo=bar", "foo=bang")).to be_falsey
236
- end
237
-
238
- it "is false if some queries missing" do
239
- expect(URIChecker.query_matches?("foo=bar", "foo=bar&bing=bang")).to be_falsey
240
- end
241
-
242
- it "is false if some queries different value" do
243
- expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=banana")).to be_falsey
244
- end
245
- end
246
- end
247
- end
@@ -1,55 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth
6
- describe InvalidTokenResponse do
7
- describe "#name" do
8
- it { expect(subject.name).to eq(:invalid_token) }
9
- end
10
-
11
- describe "#status" do
12
- it { expect(subject.status).to eq(:unauthorized) }
13
- end
14
-
15
- describe :from_access_token do
16
- let(:response) { InvalidTokenResponse.from_access_token(access_token) }
17
-
18
- context "revoked" do
19
- let(:access_token) { double(revoked?: true, expired?: true) }
20
-
21
- it "sets a description" do
22
- expect(response.description).to include("revoked")
23
- end
24
-
25
- it "sets the reason" do
26
- expect(response.reason).to eq(:revoked)
27
- end
28
- end
29
-
30
- context "expired" do
31
- let(:access_token) { double(revoked?: false, expired?: true) }
32
-
33
- it "sets a description" do
34
- expect(response.description).to include("expired")
35
- end
36
-
37
- it "sets the reason" do
38
- expect(response.reason).to eq(:expired)
39
- end
40
- end
41
-
42
- context "unknown" do
43
- let(:access_token) { double(revoked?: false, expired?: false) }
44
-
45
- it "sets a description" do
46
- expect(response.description).to include("invalid")
47
- end
48
-
49
- it "sets the reason" do
50
- expect(response.reason).to eq(:unknown)
51
- end
52
- end
53
- end
54
- end
55
- end
@@ -1,192 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth
6
- describe PasswordAccessTokenRequest do
7
- let(:server) do
8
- double(
9
- :server,
10
- default_scopes: Doorkeeper::OAuth::Scopes.new,
11
- access_token_expires_in: 2.hours,
12
- refresh_token_enabled?: false,
13
- custom_access_token_expires_in: lambda { |context|
14
- context.grant_type == Doorkeeper::OAuth::PASSWORD ? 1234 : nil
15
- }
16
- )
17
- end
18
- let(:client) { FactoryBot.create(:application) }
19
- let(:owner) { double :owner, id: 99 }
20
-
21
- before do
22
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
23
- end
24
-
25
- subject do
26
- PasswordAccessTokenRequest.new(server, client, owner)
27
- end
28
-
29
- it "issues a new token for the client" do
30
- expect do
31
- subject.authorize
32
- end.to change { client.reload.access_tokens.count }.by(1)
33
-
34
- expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
35
- end
36
-
37
- it "issues a new token without a client" do
38
- expect do
39
- subject.client = nil
40
- subject.authorize
41
- end.to change { Doorkeeper::AccessToken.count }.by(1)
42
- end
43
-
44
- it "does not issue a new token with an invalid client" do
45
- expect do
46
- subject.client = nil
47
- subject.parameters = { client_id: "bad_id" }
48
- subject.authorize
49
- end.not_to(change { Doorkeeper::AccessToken.count })
50
-
51
- expect(subject.error).to eq(:invalid_client)
52
- end
53
-
54
- it "requires the owner" do
55
- subject.resource_owner = nil
56
- subject.validate
57
- expect(subject.error).to eq(:invalid_grant)
58
- end
59
-
60
- it "optionally accepts the client" do
61
- subject.client = nil
62
- expect(subject).to be_valid
63
- end
64
-
65
- it "creates token even when there is already one (default)" do
66
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
67
-
68
- expect do
69
- subject.authorize
70
- end.to change { Doorkeeper::AccessToken.count }.by(1)
71
- end
72
-
73
- it "skips token creation if there is already one reusable" do
74
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
75
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
76
-
77
- expect do
78
- subject.authorize
79
- end.not_to(change { Doorkeeper::AccessToken.count })
80
- end
81
-
82
- it "creates token when there is already one but non reusable" do
83
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
84
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
85
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
86
-
87
- expect do
88
- subject.authorize
89
- end.to change { Doorkeeper::AccessToken.count }.by(1)
90
- end
91
-
92
- it "calls configured request callback methods" do
93
- expect(Doorkeeper.configuration.before_successful_strategy_response)
94
- .to receive(:call).with(subject).once
95
-
96
- expect(Doorkeeper.configuration.after_successful_strategy_response)
97
- .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
98
-
99
- subject.authorize
100
- end
101
-
102
- describe "with scopes" do
103
- subject do
104
- PasswordAccessTokenRequest.new(server, client, owner, scope: "public")
105
- end
106
-
107
- context "when scopes_by_grant_type is not configured for grant_type" do
108
- it "returns error when scopes are invalid" do
109
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("another"))
110
- subject.validate
111
- expect(subject.error).to eq(:invalid_scope)
112
- end
113
-
114
- it "creates the token with scopes if scopes are valid" do
115
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
116
- expect do
117
- subject.authorize
118
- end.to change { Doorkeeper::AccessToken.count }.by(1)
119
-
120
- expect(Doorkeeper::AccessToken.last.scopes).to include("public")
121
- end
122
- end
123
-
124
- context "when scopes_by_grant_type is configured for grant_type" do
125
- it "returns error when scopes are valid but not permitted for grant_type" do
126
- allow(server)
127
- .to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
128
- allow(Doorkeeper.configuration)
129
- .to receive(:scopes_by_grant_type).and_return(password: "another")
130
- subject.validate
131
- expect(subject.error).to eq(:invalid_scope)
132
- end
133
-
134
- it "creates the token with scopes if scopes are valid and permitted for grant_type" do
135
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
136
- allow(Doorkeeper.configuration)
137
- .to receive(:scopes_by_grant_type).and_return(password: [:public])
138
-
139
- expect do
140
- subject.authorize
141
- end.to change { Doorkeeper::AccessToken.count }.by(1)
142
-
143
- expect(Doorkeeper::AccessToken.last.scopes).to include("public")
144
- end
145
- end
146
- end
147
-
148
- describe "with custom expiry" do
149
- let(:server) do
150
- double(
151
- :server,
152
- default_scopes: Doorkeeper::OAuth::Scopes.new,
153
- access_token_expires_in: 2.hours,
154
- refresh_token_enabled?: false,
155
- custom_access_token_expires_in: lambda { |context|
156
- if context.scopes.exists?("public")
157
- 222
158
- elsif context.scopes.exists?("magic")
159
- Float::INFINITY
160
- end
161
- }
162
- )
163
- end
164
-
165
- before do
166
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
167
- end
168
-
169
- it "checks scopes" do
170
- subject = PasswordAccessTokenRequest.new(server, client, owner, scope: "public")
171
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
172
-
173
- expect do
174
- subject.authorize
175
- end.to change { Doorkeeper::AccessToken.count }.by(1)
176
-
177
- expect(Doorkeeper::AccessToken.last.expires_in).to eq(222)
178
- end
179
-
180
- it "falls back to the default otherwise" do
181
- subject = PasswordAccessTokenRequest.new(server, client, owner, scope: "private")
182
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("private"))
183
-
184
- expect do
185
- subject.authorize
186
- end.to change { Doorkeeper::AccessToken.count }.by(1)
187
-
188
- expect(Doorkeeper::AccessToken.last.expires_in).to eq(2.hours)
189
- end
190
- end
191
- end
192
- end