doorkeeper 5.1.2 → 5.6.6

data/spec/requests/protected_resources/metal_spec.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "ActionController::Metal API" do
-  before do
-    @client   = FactoryBot.create(:application)
-    @resource = User.create!(name: "Joe", password: "sekret")
-    @token    = client_is_authorized(@client, @resource)
-  end
-
-  it "client requests protected resource with valid token" do
-    get "/metal.json?access_token=#{@token.token}"
-    should_have_json "ok", true
-  end
-end

data/spec/requests/protected_resources/private_api_spec.rb

@@ -1,83 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-feature "Private API" do
-  background do
-    @client   = FactoryBot.create(:application)
-    @resource = User.create!(name: "Joe", password: "sekret")
-    @token    = client_is_authorized(@client, @resource)
-  end
-
-  scenario "client requests protected resource with valid token" do
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    expect(page.body).to have_content("index")
-  end
-
-  scenario "client requests protected resource with disabled header authentication" do
-    config_is_set :access_token_methods, [:from_access_token_param]
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    response_status_should_be 401
-  end
-
-  scenario "client attempts to request protected resource with invalid token" do
-    with_access_token_header "invalid"
-    visit "/full_protected_resources"
-    response_status_should_be 401
-  end
-
-  scenario "client attempts to request protected resource with expired token" do
-    @token.update_attribute :expires_in, -100 # expires token
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    response_status_should_be 401
-  end
-
-  scenario "client requests protected resource with permanent token" do
-    @token.update_attribute :expires_in, nil # never expires
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    expect(page.body).to have_content("index")
-  end
-
-  scenario "access token with no default scopes" do
-    Doorkeeper.configuration.instance_eval do
-      @default_scopes = Doorkeeper::OAuth::Scopes.from_array([:public])
-      @scopes = default_scopes + optional_scopes
-    end
-    @token.update_attribute :scopes, "dummy"
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    response_status_should_be 403
-  end
-
-  scenario "access token with no allowed scopes" do
-    @token.update_attribute :scopes, nil
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    response_status_should_be 403
-  end
-
-  scenario "access token with one of allowed scopes" do
-    @token.update_attribute :scopes, "admin"
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    expect(page.body).to have_content("show")
-  end
-
-  scenario "access token with another of allowed scopes" do
-    @token.update_attribute :scopes, "write"
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    expect(page.body).to have_content("show")
-  end
-
-  scenario "access token with both allowed scopes" do
-    @token.update_attribute :scopes, "write admin"
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    expect(page.body).to have_content("show")
-  end
-end

data/spec/routing/custom_controller_routes_spec.rb

@@ -1,133 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Custom controller for routes" do
-  before :all do
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-    end
-
-    Rails.application.routes.disable_clear_and_finalize = true
-
-    Rails.application.routes.draw do
-      scope "inner_space" do
-        use_doorkeeper scope: "scope" do
-          controllers authorizations: "custom_authorizations",
-                      tokens: "custom_authorizations",
-                      applications: "custom_authorizations",
-                      token_info: "custom_authorizations"
-
-          as authorizations: "custom_auth",
-             tokens: "custom_token",
-             token_info: "custom_token_info"
-        end
-      end
-
-      scope "space" do
-        use_doorkeeper do
-          controllers authorizations: "custom_authorizations",
-                      tokens: "custom_authorizations",
-                      applications: "custom_authorizations",
-                      token_info: "custom_authorizations"
-
-          as authorizations: "custom_auth",
-             tokens: "custom_token",
-             token_info: "custom_token_info"
-        end
-      end
-
-      scope "outer_space" do
-        use_doorkeeper do
-          controllers authorizations: "custom_authorizations",
-                      tokens: "custom_authorizations",
-                      token_info: "custom_authorizations"
-
-          as authorizations: "custom_auth",
-             tokens: "custom_token",
-             token_info: "custom_token_info"
-
-          skip_controllers :tokens, :applications, :token_info
-        end
-      end
-    end
-  end
-
-  after :all do
-    Rails.application.routes.clear!
-
-    load File.expand_path("../dummy/config/routes.rb", __dir__)
-  end
-
-  it "GET /inner_space/scope/authorize routes to custom authorizations controller" do
-    expect(get("/inner_space/scope/authorize")).to route_to("custom_authorizations#new")
-  end
-
-  it "POST /inner_space/scope/authorize routes to custom authorizations controller" do
-    expect(post("/inner_space/scope/authorize")).to route_to("custom_authorizations#create")
-  end
-
-  it "DELETE /inner_space/scope/authorize routes to custom authorizations controller" do
-    expect(delete("/inner_space/scope/authorize")).to route_to("custom_authorizations#destroy")
-  end
-
-  it "POST /inner_space/scope/token routes to tokens controller" do
-    expect(post("/inner_space/scope/token")).to route_to("custom_authorizations#create")
-  end
-
-  it "GET /inner_space/scope/applications routes to applications controller" do
-    expect(get("/inner_space/scope/applications")).to route_to("custom_authorizations#index")
-  end
-
-  it "GET /inner_space/scope/token/info routes to the token_info controller" do
-    expect(get("/inner_space/scope/token/info")).to route_to("custom_authorizations#show")
-  end
-
-  it "GET /space/oauth/authorize routes to custom authorizations controller" do
-    expect(get("/space/oauth/authorize")).to route_to("custom_authorizations#new")
-  end
-
-  it "POST /space/oauth/authorize routes to custom authorizations controller" do
-    expect(post("/space/oauth/authorize")).to route_to("custom_authorizations#create")
-  end
-
-  it "DELETE /space/oauth/authorize routes to custom authorizations controller" do
-    expect(delete("/space/oauth/authorize")).to route_to("custom_authorizations#destroy")
-  end
-
-  it "POST /space/oauth/token routes to tokens controller" do
-    expect(post("/space/oauth/token")).to route_to("custom_authorizations#create")
-  end
-
-  it "POST /space/oauth/revoke routes to tokens controller" do
-    expect(post("/space/oauth/revoke")).to route_to("custom_authorizations#revoke")
-  end
-
-  it "POST /space/oauth/introspect routes to tokens controller" do
-    expect(post("/space/oauth/introspect")).to route_to("custom_authorizations#introspect")
-  end
-
-  it "GET /space/oauth/applications routes to applications controller" do
-    expect(get("/space/oauth/applications")).to route_to("custom_authorizations#index")
-  end
-
-  it "GET /space/oauth/token/info routes to the token_info controller" do
-    expect(get("/space/oauth/token/info")).to route_to("custom_authorizations#show")
-  end
-
-  it "POST /outer_space/oauth/token is not be routable" do
-    expect(post("/outer_space/oauth/token")).not_to be_routable
-  end
-
-  it "GET /outer_space/oauth/authorize routes to custom authorizations controller" do
-    expect(get("/outer_space/oauth/authorize")).to be_routable
-  end
-
-  it "GET /outer_space/oauth/applications is not routable" do
-    expect(get("/outer_space/oauth/applications")).not_to be_routable
-  end
-
-  it "GET /outer_space/oauth/token_info is not routable" do
-    expect(get("/outer_space/oauth/token/info")).not_to be_routable
-  end
-end

data/spec/routing/default_routes_spec.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Default routes" do
-  it "GET /oauth/authorize routes to authorizations controller" do
-    expect(get("/oauth/authorize")).to route_to("doorkeeper/authorizations#new")
-  end
-
-  it "POST /oauth/authorize routes to authorizations controller" do
-    expect(post("/oauth/authorize")).to route_to("doorkeeper/authorizations#create")
-  end
-
-  it "DELETE /oauth/authorize routes to authorizations controller" do
-    expect(delete("/oauth/authorize")).to route_to("doorkeeper/authorizations#destroy")
-  end
-
-  it "POST /oauth/token routes to tokens controller" do
-    expect(post("/oauth/token")).to route_to("doorkeeper/tokens#create")
-  end
-
-  it "POST /oauth/revoke routes to tokens controller" do
-    expect(post("/oauth/revoke")).to route_to("doorkeeper/tokens#revoke")
-  end
-
-  it "POST /oauth/introspect routes to tokens controller" do
-    expect(post("/oauth/introspect")).to route_to("doorkeeper/tokens#introspect")
-  end
-
-  it "GET /oauth/applications routes to applications controller" do
-    expect(get("/oauth/applications")).to route_to("doorkeeper/applications#index")
-  end
-
-  it "GET /oauth/authorized_applications routes to authorized applications controller" do
-    expect(get("/oauth/authorized_applications")).to route_to("doorkeeper/authorized_applications#index")
-  end
-
-  it "GET /oauth/token/info route to authorized TokenInfo controller" do
-    expect(get("/oauth/token/info")).to route_to("doorkeeper/token_info#show")
-  end
-end

data/spec/routing/scoped_routes_spec.rb

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Scoped routes" do
-  before :all do
-    Rails.application.routes.disable_clear_and_finalize = true
-
-    Rails.application.routes.draw do
-      use_doorkeeper scope: "scope"
-    end
-  end
-
-  after :all do
-    Rails.application.routes.clear!
-
-    load File.expand_path("../dummy/config/routes.rb", __dir__)
-  end
-
-  it "GET /scope/authorize routes to authorizations controller" do
-    expect(get("/scope/authorize")).to route_to("doorkeeper/authorizations#new")
-  end
-
-  it "POST /scope/authorize routes to authorizations controller" do
-    expect(post("/scope/authorize")).to route_to("doorkeeper/authorizations#create")
-  end
-
-  it "DELETE /scope/authorize routes to authorizations controller" do
-    expect(delete("/scope/authorize")).to route_to("doorkeeper/authorizations#destroy")
-  end
-
-  it "POST /scope/token routes to tokens controller" do
-    expect(post("/scope/token")).to route_to("doorkeeper/tokens#create")
-  end
-
-  it "GET /scope/applications routes to applications controller" do
-    expect(get("/scope/applications")).to route_to("doorkeeper/applications#index")
-  end
-
-  it "GET /scope/authorized_applications routes to authorized applications controller" do
-    expect(get("/scope/authorized_applications")).to route_to("doorkeeper/authorized_applications#index")
-  end
-
-  it "GET /scope/token/info route to authorized TokenInfo controller" do
-    expect(get("/scope/token/info")).to route_to("doorkeeper/token_info#show")
-  end
-end

data/spec/spec_helper.rb

@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-require "coveralls"
-
-Coveralls.wear!("rails") do
-  add_filter("/spec/")
-  add_filter("/lib/generators/doorkeeper/templates/")
-end
-
-ENV["RAILS_ENV"] ||= "test"
-
-$LOAD_PATH.unshift File.dirname(__FILE__)
-
-require "#{File.dirname(__FILE__)}/support/doorkeeper_rspec.rb"
-
-DOORKEEPER_ORM = Doorkeeper::RSpec.detect_orm
-
-require "dummy/config/environment"
-require "rspec/rails"
-require "capybara/rspec"
-require "database_cleaner"
-require "generator_spec/test_case"
-
-# Load JRuby SQLite3 if in that platform
-if defined? JRUBY_VERSION
-  require "jdbc/sqlite3"
-  Jdbc::SQLite3.load_driver
-end
-
-Doorkeeper::RSpec.print_configuration_info
-
-# Remove after dropping support of Rails 4.2
-require "#{File.dirname(__FILE__)}/support/http_method_shim"
-
-require "support/orm/#{DOORKEEPER_ORM}"
-
-Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].each { |file| require file }
-
-RSpec.configure do |config|
-  config.infer_spec_type_from_file_location!
-  config.mock_with :rspec
-
-  config.infer_base_class_for_anonymous_controllers = false
-
-  config.include RSpec::Rails::RequestExampleGroup, type: :request
-
-  config.before do
-    DatabaseCleaner.start
-    Doorkeeper.configure { orm DOORKEEPER_ORM }
-  end
-
-  config.after do
-    DatabaseCleaner.clean
-  end
-
-  config.order = "random"
-end

data/spec/spec_helper_integration.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-# For compatibility only
-require "spec_helper"

data/spec/support/dependencies/factory_bot.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-require "factory_bot"
-FactoryBot.find_definitions

data/spec/support/doorkeeper_rspec.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
-  class RSpec
-    # Print's useful information about env: Ruby / Rails versions,
-    # Doorkeeper configuration, etc.
-    def self.print_configuration_info
-      puts <<-INFO.strip_heredoc
-        ====> Doorkeeper ORM: '#{Doorkeeper.configuration.orm}'
-        ====> Doorkeeper version: #{Doorkeeper.gem_version}
-        ====> Rails version: #{::Rails.version}
-        ====> Ruby version: #{RUBY_VERSION} on #{RUBY_PLATFORM}
-      INFO
-    end
-
-    # Tries to find ORM from the Gemfile used to run test suite
-    def self.detect_orm
-      orm = (ENV["BUNDLE_GEMFILE"] || "").match(/Gemfile\.(.+)\.rb/)
-      (orm && orm[1] || :active_record).to_sym
-    end
-  end
-end

data/spec/support/helpers/access_token_request_helper.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-module AccessTokenRequestHelper
-  def client_is_authorized(client, resource_owner, access_token_attributes = {})
-    attributes = {
-      application: client,
-      resource_owner_id: resource_owner.id,
-    }.merge(access_token_attributes)
-    FactoryBot.create(:access_token, attributes)
-  end
-end
-
-RSpec.configuration.send :include, AccessTokenRequestHelper

data/spec/support/helpers/authorization_request_helper.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-module AuthorizationRequestHelper
-  def resource_owner_is_authenticated(resource_owner = nil)
-    resource_owner ||= User.create!(name: "Joe", password: "sekret")
-    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { resource_owner })
-  end
-
-  def resource_owner_is_not_authenticated
-    Doorkeeper.configuration.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to("/sign_in") })
-  end
-
-  def default_scopes_exist(*scopes)
-    Doorkeeper.configuration.instance_variable_set(:@default_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
-  end
-
-  def optional_scopes_exist(*scopes)
-    Doorkeeper.configuration.instance_variable_set(:@optional_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
-  end
-
-  def client_should_be_authorized(client)
-    expect(client.access_grants.size).to eq(1)
-  end
-
-  def client_should_not_be_authorized(client)
-    expect(client.size).to eq(0)
-  end
-
-  def i_should_be_on_client_callback(client)
-    expect(client.redirect_uri).to eq("#{current_uri.scheme}://#{current_uri.host}#{current_uri.path}")
-  end
-
-  def allowing_forgery_protection(&_block)
-    original_value = ActionController::Base.allow_forgery_protection
-    ActionController::Base.allow_forgery_protection = true
-
-    yield
-  ensure
-    ActionController::Base.allow_forgery_protection = original_value
-  end
-end
-
-RSpec.configuration.send :include, AuthorizationRequestHelper

data/spec/support/helpers/config_helper.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module ConfigHelper
-  def config_is_set(setting, value = nil, &block)
-    setting_ivar = "@#{setting}"
-    value = block_given? ? block : value
-    Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
-  end
-end
-
-RSpec.configuration.send :include, ConfigHelper

data/spec/support/helpers/model_helper.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-module ModelHelper
-  def client_exists(client_attributes = {})
-    @client = FactoryBot.create(:application, client_attributes)
-  end
-
-  def create_resource_owner
-    @resource_owner = User.create!(name: "Joe", password: "sekret")
-  end
-
-  def authorization_code_exists(options = {})
-    @authorization = FactoryBot.create(:access_grant, options)
-  end
-
-  def access_token_exists(options = {})
-    @access_token = FactoryBot.create(:access_token, options)
-  end
-
-  def access_grant_should_exist_for(client, resource_owner)
-    grant = Doorkeeper::AccessGrant.first
-
-    expect(grant.application).to have_attributes(id: client.id)
-      .and(be_instance_of(Doorkeeper::Application))
-
-    expect(grant.resource_owner_id).to eq(resource_owner.id)
-  end
-
-  def access_token_should_exist_for(client, resource_owner)
-    token = Doorkeeper::AccessToken.first
-
-    expect(token.application).to have_attributes(id: client.id)
-      .and(be_instance_of(Doorkeeper::Application))
-
-    expect(token.resource_owner_id).to eq(resource_owner.id)
-  end
-
-  def access_grant_should_not_exist
-    expect(Doorkeeper::AccessGrant.all).to be_empty
-  end
-
-  def access_token_should_not_exist
-    expect(Doorkeeper::AccessToken.all).to be_empty
-  end
-
-  def access_grant_should_have_scopes(*args)
-    grant = Doorkeeper::AccessGrant.first
-    expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
-  end
-
-  def access_token_should_have_scopes(*args)
-    grant = Doorkeeper::AccessToken.last
-    expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
-  end
-
-  def uniqueness_error
-    case DOORKEEPER_ORM
-    when :active_record
-      ActiveRecord::RecordNotUnique
-    when :sequel
-      error_classes = [Sequel::UniqueConstraintViolation, Sequel::ValidationFailed]
-      proc { |error| expect(error.class).to be_in(error_classes) }
-    when :mongo_mapper
-      error_classes = [MongoMapper::DocumentNotValid, Mongo::OperationFailure]
-      proc { |error| expect(error.class).to be_in(error_classes) }
-    when /mongoid/
-      error_classes = [Mongoid::Errors::Validations]
-      error_classes << Moped::Errors::OperationFailure if defined?(::Moped) # Mongoid 4
-      error_classes << Mongo::Error::OperationFailure if defined?(::Mongo) # Mongoid 5
-
-      proc { |error| expect(error.class).to be_in(error_classes) }
-    else
-      raise "'#{DOORKEEPER_ORM}' ORM is not supported!"
-    end
-  end
-end
-
-RSpec.configuration.send :include, ModelHelper

data/spec/support/helpers/request_spec_helper.rb

@@ -1,98 +0,0 @@
-# frozen_string_literal: true
-
-module RequestSpecHelper
-  def i_am_logged_in
-    allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) {})
-  end
-
-  def i_should_see(content)
-    expect(page).to have_content(content)
-  end
-
-  def i_should_not_see(content)
-    expect(page).to have_no_content(content)
-  end
-
-  def i_should_be_on(path)
-    expect(current_path).to eq(path)
-  end
-
-  def url_should_have_param(param, value)
-    expect(current_params[param]).to eq(value)
-  end
-
-  def url_should_not_have_param(param)
-    expect(current_params).not_to have_key(param)
-  end
-
-  def current_params
-    Rack::Utils.parse_query(current_uri.query)
-  end
-
-  def current_uri
-    URI.parse(page.current_url)
-  end
-
-  def request_response
-    respond_to?(:response) ? response : page.driver.response
-  end
-
-  def json_response
-    JSON.parse(request_response.body)
-  end
-
-  def should_have_header(header, value)
-    expect(headers[header]).to eq(value)
-  end
-
-  def should_have_status(status)
-    expect(page.driver.response.status).to eq(status)
-  end
-
-  def with_access_token_header(token)
-    with_header "Authorization", "Bearer #{token}"
-  end
-
-  def with_header(header, value)
-    page.driver.header header, value
-  end
-
-  def basic_auth_header_for_client(client)
-    ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
-  end
-
-  def should_have_json(key, value)
-    expect(json_response.fetch(key)).to eq(value)
-  end
-
-  def should_have_json_within(key, value, range)
-    expect(json_response.fetch(key)).to be_within(range).of(value)
-  end
-
-  def should_not_have_json(key)
-    expect(json_response).not_to have_key(key)
-  end
-
-  def sign_in
-    visit "/"
-    click_on "Sign in"
-  end
-
-  def create_access_token(authorization_code, client, code_verifier = nil)
-    page.driver.post token_endpoint_url(code: authorization_code, client: client, code_verifier: code_verifier)
-  end
-
-  def i_should_see_translated_error_message(key)
-    i_should_see translated_error_message(key)
-  end
-
-  def translated_error_message(key)
-    I18n.translate key, scope: %i[doorkeeper errors messages]
-  end
-
-  def response_status_should_be(status)
-    expect(request_response.status.to_i).to eq(status)
-  end
-end
-
-RSpec.configuration.send :include, RequestSpecHelper