doorkeeper 5.1.2 → 5.6.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/{NEWS.md → CHANGELOG.md} +314 -27
- data/README.md +39 -22
- data/app/controllers/doorkeeper/application_controller.rb +3 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
- data/app/controllers/doorkeeper/applications_controller.rb +5 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +76 -25
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +5 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +99 -28
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -7
- data/app/views/doorkeeper/applications/show.html.erb +35 -14
- data/app/views/doorkeeper/authorizations/error.html.erb +3 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +16 -14
- data/config/locales/en.yml +16 -3
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +20 -2
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +300 -136
- data/lib/doorkeeper/engine.rb +10 -3
- data/lib/doorkeeper/errors.rb +13 -18
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/helpers.rb +7 -3
- data/lib/doorkeeper/helpers/controller.rb +36 -11
- data/lib/doorkeeper/models/access_grant_mixin.rb +23 -19
- data/lib/doorkeeper/models/access_token_mixin.rb +195 -52
- data/lib/doorkeeper/models/application_mixin.rb +8 -7
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +31 -14
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +30 -19
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +51 -22
- data/lib/doorkeeper/oauth/base_request.rb +21 -22
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client.rb +8 -9
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +42 -5
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
- data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +14 -5
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +6 -12
- data/lib/doorkeeper/oauth/code_response.rb +24 -14
- data/lib/doorkeeper/oauth/error.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +11 -13
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +10 -7
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +19 -23
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +34 -11
- data/lib/doorkeeper/oauth/pre_authorization.rb +114 -44
- data/lib/doorkeeper/oauth/refresh_token_request.rb +54 -34
- data/lib/doorkeeper/oauth/token.rb +6 -7
- data/lib/doorkeeper/oauth/token_introspection.rb +28 -22
- data/lib/doorkeeper/oauth/token_request.rb +6 -20
- data/lib/doorkeeper/oauth/token_response.rb +2 -3
- data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
- data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
- data/lib/doorkeeper/orm/active_record/application.rb +5 -149
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +63 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +77 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +210 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +5 -2
- data/lib/doorkeeper/orm/active_record.rb +29 -22
- data/lib/doorkeeper/rails/helpers.rb +4 -4
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +28 -27
- data/lib/doorkeeper/rake/db.rake +6 -6
- data/lib/doorkeeper/request/authorization_code.rb +5 -3
- data/lib/doorkeeper/request/client_credentials.rb +2 -2
- data/lib/doorkeeper/request/password.rb +3 -2
- data/lib/doorkeeper/request/refresh_token.rb +5 -4
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/request.rb +49 -17
- data/lib/doorkeeper/server.rb +7 -11
- data/lib/doorkeeper/stale_records_cleaner.rb +6 -2
- data/lib/doorkeeper/version.rb +2 -6
- data/lib/doorkeeper.rb +183 -80
- data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/migration_generator.rb +1 -1
- data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -7
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +230 -50
- data/lib/generators/doorkeeper/templates/migration.rb.erb +31 -9
- metadata +61 -327
- data/.coveralls.yml +0 -1
- data/.github/ISSUE_TEMPLATE.md +0 -25
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
- data/.gitignore +0 -20
- data/.gitlab-ci.yml +0 -16
- data/.hound.yml +0 -3
- data/.rspec +0 -1
- data/.rubocop.yml +0 -50
- data/.travis.yml +0 -35
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -47
- data/Dangerfile +0 -67
- data/Gemfile +0 -24
- data/RELEASING.md +0 -10
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/app/validators/redirect_uri_validator.rb +0 -50
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -34
- data/gemfiles/rails_5_0.gemfile +0 -17
- data/gemfiles/rails_5_1.gemfile +0 -17
- data/gemfiles/rails_5_2.gemfile +0 -17
- data/gemfiles/rails_6_0.gemfile +0 -17
- data/gemfiles/rails_master.gemfile +0 -17
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -180
- data/spec/controllers/authorizations_controller_spec.rb +0 -527
- data/spec/controllers/protected_resources_controller_spec.rb +0 -353
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -330
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -47
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -121
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -697
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -156
- data/spec/lib/oauth/base_request_spec.rb +0 -205
- data/spec/lib/oauth/base_response_spec.rb +0 -47
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -94
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -47
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -66
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -247
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -215
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
- data/spec/lib/oauth/scopes_spec.rb +0 -148
- data/spec/lib/oauth/token_request_spec.rb +0 -150
- data/spec/lib/oauth/token_response_spec.rb +0 -86
- data/spec/lib/oauth/token_spec.rb +0 -158
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -61
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -144
- data/spec/models/doorkeeper/access_token_spec.rb +0 -591
- data/spec/models/doorkeeper/application_spec.rb +0 -472
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -73
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -78
- data/spec/requests/flows/authorization_code_spec.rb +0 -447
- data/spec/requests/flows/client_credentials_spec.rb +0 -128
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -34
- data/spec/requests/flows/implicit_grant_spec.rb +0 -90
- data/spec/requests/flows/password_spec.rb +0 -259
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -143
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -57
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -98
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/http_method_shim.rb +0 -29
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -123
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -158
- data/spec/version/version_spec.rb +0 -17
|
@@ -1,259 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
feature "Adding applications" do
|
|
6
|
-
context "in application form" do
|
|
7
|
-
background do
|
|
8
|
-
i_am_logged_in
|
|
9
|
-
visit "/oauth/applications/new"
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
scenario "adding a valid app" do
|
|
13
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
14
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
15
|
-
with: "https://example.com"
|
|
16
|
-
|
|
17
|
-
click_button "Submit"
|
|
18
|
-
i_should_see "Application created"
|
|
19
|
-
i_should_see "My Application"
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
scenario "adding invalid app" do
|
|
23
|
-
click_button "Submit"
|
|
24
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
scenario "adding app ignoring bad scope" do
|
|
28
|
-
config_is_set("enforce_configured_scopes", false)
|
|
29
|
-
|
|
30
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
31
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
32
|
-
with: "https://example.com"
|
|
33
|
-
fill_in "doorkeeper_application[scopes]", with: "blahblah"
|
|
34
|
-
|
|
35
|
-
click_button "Submit"
|
|
36
|
-
i_should_see "Application created"
|
|
37
|
-
i_should_see "My Application"
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
scenario "adding app validating bad scope" do
|
|
41
|
-
config_is_set("enforce_configured_scopes", true)
|
|
42
|
-
|
|
43
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
44
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
45
|
-
with: "https://example.com"
|
|
46
|
-
fill_in "doorkeeper_application[scopes]", with: "blahblah"
|
|
47
|
-
|
|
48
|
-
click_button "Submit"
|
|
49
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
scenario "adding app validating scope, blank scope is accepted" do
|
|
53
|
-
config_is_set("enforce_configured_scopes", true)
|
|
54
|
-
|
|
55
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
56
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
57
|
-
with: "https://example.com"
|
|
58
|
-
fill_in "doorkeeper_application[scopes]", with: ""
|
|
59
|
-
|
|
60
|
-
click_button "Submit"
|
|
61
|
-
i_should_see "Application created"
|
|
62
|
-
i_should_see "My Application"
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
scenario "adding app validating scope, multiple scopes configured" do
|
|
66
|
-
config_is_set("enforce_configured_scopes", true)
|
|
67
|
-
scopes = Doorkeeper::OAuth::Scopes.from_array(%w[read write admin])
|
|
68
|
-
config_is_set("optional_scopes", scopes)
|
|
69
|
-
|
|
70
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
71
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
72
|
-
with: "https://example.com"
|
|
73
|
-
fill_in "doorkeeper_application[scopes]", with: "read write"
|
|
74
|
-
|
|
75
|
-
click_button "Submit"
|
|
76
|
-
i_should_see "Application created"
|
|
77
|
-
i_should_see "My Application"
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
scenario "adding app validating scope, bad scope with multiple scopes configured" do
|
|
81
|
-
config_is_set("enforce_configured_scopes", true)
|
|
82
|
-
scopes = Doorkeeper::OAuth::Scopes.from_array(%w[read write admin])
|
|
83
|
-
config_is_set("optional_scopes", scopes)
|
|
84
|
-
|
|
85
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
86
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
87
|
-
with: "https://example.com"
|
|
88
|
-
fill_in "doorkeeper_application[scopes]", with: "read blah"
|
|
89
|
-
|
|
90
|
-
click_button "Submit"
|
|
91
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
92
|
-
i_should_see Regexp.new(
|
|
93
|
-
I18n.t("activerecord.errors.models.doorkeeper/application.attributes.scopes.not_match_configured"),
|
|
94
|
-
true
|
|
95
|
-
)
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
context "redirect URI" do
|
|
99
|
-
scenario "adding app with blank redirect URI when configured flows requires redirect uri" do
|
|
100
|
-
config_is_set("grant_flows", %w[authorization_code implicit client_credentials])
|
|
101
|
-
|
|
102
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
103
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
104
|
-
with: ""
|
|
105
|
-
|
|
106
|
-
click_button "Submit"
|
|
107
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
scenario "adding app with blank redirect URI when configured flows without redirect uri" do
|
|
111
|
-
config_is_set("grant_flows", %w[client_credentials password])
|
|
112
|
-
|
|
113
|
-
# Visit it once again to consider grant flows
|
|
114
|
-
visit "/oauth/applications/new"
|
|
115
|
-
|
|
116
|
-
i_should_see I18n.t("doorkeeper.applications.help.blank_redirect_uri")
|
|
117
|
-
|
|
118
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
119
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
120
|
-
with: ""
|
|
121
|
-
|
|
122
|
-
click_button "Submit"
|
|
123
|
-
i_should_see "Application created"
|
|
124
|
-
i_should_see "My Application"
|
|
125
|
-
end
|
|
126
|
-
end
|
|
127
|
-
end
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
feature "Listing applications" do
|
|
131
|
-
background do
|
|
132
|
-
i_am_logged_in
|
|
133
|
-
|
|
134
|
-
FactoryBot.create :application, name: "Oauth Dude"
|
|
135
|
-
FactoryBot.create :application, name: "Awesome App"
|
|
136
|
-
end
|
|
137
|
-
|
|
138
|
-
scenario "application list" do
|
|
139
|
-
visit "/oauth/applications"
|
|
140
|
-
|
|
141
|
-
i_should_see "Awesome App"
|
|
142
|
-
i_should_see "Oauth Dude"
|
|
143
|
-
end
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
feature "Renders assets" do
|
|
147
|
-
scenario "admin stylesheets" do
|
|
148
|
-
visit "/assets/doorkeeper/admin/application.css"
|
|
149
|
-
|
|
150
|
-
i_should_see "Bootstrap"
|
|
151
|
-
i_should_see ".doorkeeper-admin"
|
|
152
|
-
end
|
|
153
|
-
|
|
154
|
-
scenario "application stylesheets" do
|
|
155
|
-
visit "/assets/doorkeeper/application.css"
|
|
156
|
-
|
|
157
|
-
i_should_see "Bootstrap"
|
|
158
|
-
i_should_see "#oauth-permissions"
|
|
159
|
-
i_should_see "#container"
|
|
160
|
-
end
|
|
161
|
-
end
|
|
162
|
-
|
|
163
|
-
feature "Show application" do
|
|
164
|
-
given :app do
|
|
165
|
-
i_am_logged_in
|
|
166
|
-
|
|
167
|
-
FactoryBot.create :application, name: "Just another oauth app"
|
|
168
|
-
end
|
|
169
|
-
|
|
170
|
-
scenario "visiting application page" do
|
|
171
|
-
visit "/oauth/applications/#{app.id}"
|
|
172
|
-
|
|
173
|
-
i_should_see "Just another oauth app"
|
|
174
|
-
end
|
|
175
|
-
end
|
|
176
|
-
|
|
177
|
-
feature "Edit application" do
|
|
178
|
-
let :app do
|
|
179
|
-
FactoryBot.create :application, name: "OMG my app"
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
background do
|
|
183
|
-
i_am_logged_in
|
|
184
|
-
|
|
185
|
-
visit "/oauth/applications/#{app.id}/edit"
|
|
186
|
-
end
|
|
187
|
-
|
|
188
|
-
scenario "updating a valid app" do
|
|
189
|
-
fill_in "doorkeeper_application[name]", with: "Serious app"
|
|
190
|
-
click_button "Submit"
|
|
191
|
-
|
|
192
|
-
i_should_see "Application updated"
|
|
193
|
-
i_should_see "Serious app"
|
|
194
|
-
i_should_not_see "OMG my app"
|
|
195
|
-
end
|
|
196
|
-
|
|
197
|
-
scenario "updating an invalid app" do
|
|
198
|
-
fill_in "doorkeeper_application[name]", with: ""
|
|
199
|
-
click_button "Submit"
|
|
200
|
-
|
|
201
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
202
|
-
end
|
|
203
|
-
end
|
|
204
|
-
|
|
205
|
-
feature "Remove application" do
|
|
206
|
-
background do
|
|
207
|
-
i_am_logged_in
|
|
208
|
-
|
|
209
|
-
@app = FactoryBot.create :application
|
|
210
|
-
end
|
|
211
|
-
|
|
212
|
-
scenario "deleting an application from list" do
|
|
213
|
-
visit "/oauth/applications"
|
|
214
|
-
|
|
215
|
-
i_should_see @app.name
|
|
216
|
-
|
|
217
|
-
within(:css, "tr#application_#{@app.id}") do
|
|
218
|
-
click_button "Destroy"
|
|
219
|
-
end
|
|
220
|
-
|
|
221
|
-
i_should_see "Application deleted"
|
|
222
|
-
i_should_not_see @app.name
|
|
223
|
-
end
|
|
224
|
-
|
|
225
|
-
scenario "deleting an application from show" do
|
|
226
|
-
visit "/oauth/applications/#{@app.id}"
|
|
227
|
-
click_button "Destroy"
|
|
228
|
-
|
|
229
|
-
i_should_see "Application deleted"
|
|
230
|
-
end
|
|
231
|
-
end
|
|
232
|
-
|
|
233
|
-
context "when admin authenticator block is default" do
|
|
234
|
-
let(:app) { FactoryBot.create :application, name: "app" }
|
|
235
|
-
|
|
236
|
-
feature "application list" do
|
|
237
|
-
scenario "fails with forbidden" do
|
|
238
|
-
visit "/oauth/applications"
|
|
239
|
-
|
|
240
|
-
should_have_status 403
|
|
241
|
-
end
|
|
242
|
-
end
|
|
243
|
-
|
|
244
|
-
feature "adding an app" do
|
|
245
|
-
scenario "fails with forbidden" do
|
|
246
|
-
visit "/oauth/applications/new"
|
|
247
|
-
|
|
248
|
-
should_have_status 403
|
|
249
|
-
end
|
|
250
|
-
end
|
|
251
|
-
|
|
252
|
-
feature "editing an app" do
|
|
253
|
-
scenario "fails with forbidden" do
|
|
254
|
-
visit "/oauth/applications/#{app.id}/edit"
|
|
255
|
-
|
|
256
|
-
should_have_status 403
|
|
257
|
-
end
|
|
258
|
-
end
|
|
259
|
-
end
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
feature "Authorized applications" do
|
|
6
|
-
background do
|
|
7
|
-
@user = User.create!(name: "Joe", password: "sekret")
|
|
8
|
-
@client = client_exists(name: "Amazing Client App")
|
|
9
|
-
resource_owner_is_authenticated @user
|
|
10
|
-
client_is_authorized @client, @user
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
scenario "display user's authorized applications" do
|
|
14
|
-
visit "/oauth/authorized_applications"
|
|
15
|
-
i_should_see "Amazing Client App"
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
scenario "do not display other user's authorized applications" do
|
|
19
|
-
client = client_exists(name: "Another Client App")
|
|
20
|
-
client_is_authorized client, User.create!(name: "Joe", password: "sekret")
|
|
21
|
-
visit "/oauth/authorized_applications"
|
|
22
|
-
i_should_not_see "Another Client App"
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
scenario "user revoke access to application" do
|
|
26
|
-
visit "/oauth/authorized_applications"
|
|
27
|
-
i_should_see "Amazing Client App"
|
|
28
|
-
click_on "Revoke"
|
|
29
|
-
i_should_see "Application revoked"
|
|
30
|
-
i_should_not_see "Amazing Client App"
|
|
31
|
-
end
|
|
32
|
-
end
|
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
feature "Authorization endpoint" do
|
|
6
|
-
background do
|
|
7
|
-
config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
|
|
8
|
-
client_exists(name: "MyApp")
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
scenario "requires resource owner to be authenticated" do
|
|
12
|
-
visit authorization_endpoint_url(client: @client)
|
|
13
|
-
i_should_see "Sign in"
|
|
14
|
-
i_should_be_on "/"
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
context "with authenticated resource owner" do
|
|
18
|
-
background do
|
|
19
|
-
create_resource_owner
|
|
20
|
-
sign_in
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
scenario "displays the authorization form" do
|
|
24
|
-
visit authorization_endpoint_url(client: @client)
|
|
25
|
-
i_should_see "Authorize MyApp to use your account?"
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
scenario "displays all requested scopes" do
|
|
29
|
-
default_scopes_exist :public
|
|
30
|
-
optional_scopes_exist :write
|
|
31
|
-
visit authorization_endpoint_url(client: @client, scope: "public write")
|
|
32
|
-
i_should_see "Access your public data"
|
|
33
|
-
i_should_see "Update your data"
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
context "with a invalid request" do
|
|
38
|
-
background do
|
|
39
|
-
create_resource_owner
|
|
40
|
-
sign_in
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
scenario "displays the related error" do
|
|
44
|
-
visit authorization_endpoint_url(client: @client, response_type: "")
|
|
45
|
-
i_should_not_see "Authorize"
|
|
46
|
-
i_should_see_translated_error_message :unsupported_response_type
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
scenario "displays unsupported_response_type error when using a disabled response type" do
|
|
50
|
-
config_is_set(:grant_flows, ["implicit"])
|
|
51
|
-
visit authorization_endpoint_url(client: @client, response_type: "code")
|
|
52
|
-
i_should_not_see "Authorize"
|
|
53
|
-
i_should_see_translated_error_message :unsupported_response_type
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
context "forgery protection enabled" do
|
|
58
|
-
background do
|
|
59
|
-
create_resource_owner
|
|
60
|
-
sign_in
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
scenario "raises exception on forged requests" do
|
|
64
|
-
allowing_forgery_protection do
|
|
65
|
-
expect do
|
|
66
|
-
page.driver.post authorization_endpoint_url(client_id: @client.uid,
|
|
67
|
-
redirect_uri: @client.redirect_uri,
|
|
68
|
-
response_type: "code")
|
|
69
|
-
end.to raise_error(ActionController::InvalidAuthenticityToken)
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
end
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
describe "Token endpoint" do
|
|
6
|
-
before do
|
|
7
|
-
client_exists
|
|
8
|
-
authorization_code_exists application: @client, scopes: "public"
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
it "respond with correct headers" do
|
|
12
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
13
|
-
should_have_header "Pragma", "no-cache"
|
|
14
|
-
|
|
15
|
-
# Rails 5.2 changed headers
|
|
16
|
-
if ::Rails::VERSION::MAJOR >= 5 && ::Rails::VERSION::MINOR >= 2 || ::Rails::VERSION::MAJOR >= 6
|
|
17
|
-
should_have_header "Cache-Control", "private, no-store"
|
|
18
|
-
else
|
|
19
|
-
should_have_header "Cache-Control", "no-store"
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
should_have_header "Content-Type", "application/json; charset=utf-8"
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "accepts client credentials with basic auth header" do
|
|
26
|
-
post token_endpoint_url,
|
|
27
|
-
params: {
|
|
28
|
-
code: @authorization.token,
|
|
29
|
-
redirect_uri: @client.redirect_uri,
|
|
30
|
-
},
|
|
31
|
-
headers: { "HTTP_AUTHORIZATION" => basic_auth_header_for_client(@client) }
|
|
32
|
-
|
|
33
|
-
should_have_json "access_token", Doorkeeper::AccessToken.first.token
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
it "returns null for expires_in when a permanent token is set" do
|
|
37
|
-
config_is_set(:access_token_expires_in, nil)
|
|
38
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
39
|
-
should_have_json "access_token", Doorkeeper::AccessToken.first.token
|
|
40
|
-
should_not_have_json "expires_in"
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
it "returns unsupported_grant_type for invalid grant_type param" do
|
|
44
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "nothing")
|
|
45
|
-
|
|
46
|
-
should_not_have_json "access_token"
|
|
47
|
-
should_have_json "error", "unsupported_grant_type"
|
|
48
|
-
should_have_json "error_description", translated_error_message("unsupported_grant_type")
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
it "returns unsupported_grant_type for disabled grant flows" do
|
|
52
|
-
config_is_set(:grant_flows, ["implicit"])
|
|
53
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "authorization_code")
|
|
54
|
-
|
|
55
|
-
should_not_have_json "access_token"
|
|
56
|
-
should_have_json "error", "unsupported_grant_type"
|
|
57
|
-
should_have_json "error_description", translated_error_message("unsupported_grant_type")
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
it "returns unsupported_grant_type when refresh_token is not in use" do
|
|
61
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "refresh_token")
|
|
62
|
-
|
|
63
|
-
should_not_have_json "access_token"
|
|
64
|
-
should_have_json "error", "unsupported_grant_type"
|
|
65
|
-
should_have_json "error_description", translated_error_message("unsupported_grant_type")
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
it "returns invalid_request if grant_type is missing" do
|
|
69
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "")
|
|
70
|
-
|
|
71
|
-
should_not_have_json "access_token"
|
|
72
|
-
should_have_json "error", "invalid_request"
|
|
73
|
-
should_have_json "error_description", translated_error_message("invalid_request")
|
|
74
|
-
end
|
|
75
|
-
end
|
|
@@ -1,78 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
feature "Authorization Code Flow Errors" do
|
|
6
|
-
let(:client_params) { {} }
|
|
7
|
-
background do
|
|
8
|
-
config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
|
|
9
|
-
client_exists client_params
|
|
10
|
-
create_resource_owner
|
|
11
|
-
sign_in
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
after do
|
|
15
|
-
access_grant_should_not_exist
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
context "with a client trying to xss resource owner" do
|
|
19
|
-
let(:client_name) { "<div id='xss'>XSS</div>" }
|
|
20
|
-
let(:client_params) { { name: client_name } }
|
|
21
|
-
scenario "resource owner visit authorization endpoint" do
|
|
22
|
-
visit authorization_endpoint_url(client: @client)
|
|
23
|
-
expect(page).not_to have_css("#xss")
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
context "when access was denied" do
|
|
28
|
-
scenario "redirects with error" do
|
|
29
|
-
visit authorization_endpoint_url(client: @client)
|
|
30
|
-
click_on "Deny"
|
|
31
|
-
|
|
32
|
-
i_should_be_on_client_callback @client
|
|
33
|
-
url_should_not_have_param "code"
|
|
34
|
-
url_should_have_param "error", "access_denied"
|
|
35
|
-
url_should_have_param "error_description", translated_error_message(:access_denied)
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
scenario "redirects with state parameter" do
|
|
39
|
-
visit authorization_endpoint_url(client: @client, state: "return-this")
|
|
40
|
-
click_on "Deny"
|
|
41
|
-
|
|
42
|
-
i_should_be_on_client_callback @client
|
|
43
|
-
url_should_not_have_param "code"
|
|
44
|
-
url_should_have_param "state", "return-this"
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
describe "Authorization Code Flow Errors", "after authorization" do
|
|
50
|
-
before do
|
|
51
|
-
client_exists
|
|
52
|
-
authorization_code_exists application: @client
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
it "returns :invalid_grant error when posting an already revoked grant code" do
|
|
56
|
-
# First successful request
|
|
57
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
58
|
-
|
|
59
|
-
# Second attempt with same token
|
|
60
|
-
expect do
|
|
61
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
62
|
-
end.to_not(change { Doorkeeper::AccessToken.count })
|
|
63
|
-
|
|
64
|
-
should_not_have_json "access_token"
|
|
65
|
-
should_have_json "error", "invalid_grant"
|
|
66
|
-
should_have_json "error_description", translated_error_message("invalid_grant")
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
it "returns :invalid_grant error for invalid grant code" do
|
|
70
|
-
post token_endpoint_url(code: "invalid", client: @client)
|
|
71
|
-
|
|
72
|
-
access_token_should_not_exist
|
|
73
|
-
|
|
74
|
-
should_not_have_json "access_token"
|
|
75
|
-
should_have_json "error", "invalid_grant"
|
|
76
|
-
should_have_json "error_description", translated_error_message("invalid_grant")
|
|
77
|
-
end
|
|
78
|
-
end
|