doorkeeper 5.1.2 → 5.6.6

data/spec/support/helpers/url_helper.rb

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-
-module UrlHelper
-  def token_endpoint_url(options = {})
-    parameters = {
-      code: options[:code],
-      client_id: options[:client_id] || options[:client].try(:uid),
-      client_secret: options[:client_secret] || options[:client].try(:secret),
-      redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
-      grant_type: options[:grant_type] || "authorization_code",
-      code_verifier: options[:code_verifier],
-      code_challenge_method: options[:code_challenge_method],
-    }.reject { |_, v| v.blank? }
-    "/oauth/token?#{build_query(parameters)}"
-  end
-
-  def password_token_endpoint_url(options = {})
-    parameters = {
-      code: options[:code],
-      client_id: options[:client_id] || options[:client].try(:uid),
-      client_secret: options[:client_secret] || options[:client].try(:secret),
-      username: options[:resource_owner_username] || options[:resource_owner].try(:name),
-      password: options[:resource_owner_password] || options[:resource_owner].try(:password),
-      scope: options[:scope],
-      grant_type: "password",
-    }
-    "/oauth/token?#{build_query(parameters)}"
-  end
-
-  def authorization_endpoint_url(options = {})
-    parameters = {
-      client_id: options[:client_id] || options[:client].try(:uid),
-      redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
-      response_type: options[:response_type] || "code",
-      scope: options[:scope],
-      state: options[:state],
-      code_challenge: options[:code_challenge],
-      code_challenge_method: options[:code_challenge_method],
-    }.reject { |_, v| v.blank? }
-    "/oauth/authorize?#{build_query(parameters)}"
-  end
-
-  def refresh_token_endpoint_url(options = {})
-    parameters = {
-      refresh_token: options[:refresh_token],
-      client_id: options[:client_id] || options[:client].try(:uid),
-      client_secret: options[:client_secret] || options[:client].try(:secret),
-      grant_type: options[:grant_type] || "refresh_token",
-    }
-    "/oauth/token?#{build_query(parameters)}"
-  end
-
-  def revocation_token_endpoint_url
-    "/oauth/revoke"
-  end
-
-  def build_query(hash)
-    Rack::Utils.build_query(hash)
-  end
-end
-
-RSpec.configuration.send :include, UrlHelper

data/spec/support/http_method_shim.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-# Rails 5 deprecates calling HTTP action methods with positional arguments
-# in favor of keyword arguments. However, the keyword argument form is only
-# supported in Rails 5+. Since we support back to 4, we need some sort of shim
-# to avoid super noisy deprecations when running tests.
-module RoutingHTTPMethodShim
-  def get(path, **args)
-    super(path, args[:params], args[:headers])
-  end
-
-  def post(path, **args)
-    super(path, args[:params], args[:headers])
-  end
-
-  def put(path, **args)
-    super(path, args[:params], args[:headers])
-  end
-end
-
-module ControllerHTTPMethodShim
-  def process(action, http_method = "GET", **args)
-    if (as = args.delete(:as))
-      @request.headers["Content-Type"] = Mime[as].to_s
-    end
-
-    super(action, http_method, args[:params], args[:session], args[:flash])
-  end
-end

data/spec/support/orm/active_record.rb

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-# load schema to in memory sqlite
-ActiveRecord::Migration.verbose = false
-load Rails.root + "db/schema.rb"

data/spec/support/shared/controllers_shared_context.rb

@@ -1,123 +0,0 @@
-# frozen_string_literal: true
-
-shared_context "valid token", token: :valid do
-  let(:token_string) { "1A2B3C4D" }
-
-  let :token do
-    double(Doorkeeper::AccessToken,
-           accessible?: true, includes_scope?: true, acceptable?: true,
-           previous_refresh_token: "", revoke_previous_refresh_token!: true)
-  end
-
-  before :each do
-    allow(
-      Doorkeeper::AccessToken
-    ).to receive(:by_token).with(token_string).and_return(token)
-  end
-end
-
-shared_context "invalid token", token: :invalid do
-  let(:token_string) { "1A2B3C4D" }
-
-  let :token do
-    double(Doorkeeper::AccessToken,
-           accessible?: false, revoked?: false, expired?: false,
-           includes_scope?: false, acceptable?: false,
-           previous_refresh_token: "", revoke_previous_refresh_token!: true)
-  end
-
-  before :each do
-    allow(
-      Doorkeeper::AccessToken
-    ).to receive(:by_token).with(token_string).and_return(token)
-  end
-end
-
-shared_context "authenticated resource owner" do
-  before do
-    user = double(:resource, id: 1)
-    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
-  end
-end
-
-shared_context "not authenticated resource owner" do
-  before do
-    allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to "/" } }
-  end
-end
-
-shared_context "valid authorization request" do
-  let :authorization do
-    double(:authorization, valid?: true, authorize: true, success_redirect_uri: "http://something.com/cb?code=token")
-  end
-
-  before do
-    allow(controller).to receive(:authorization) { authorization }
-  end
-end
-
-shared_context "invalid authorization request" do
-  let :authorization do
-    double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
-  end
-
-  before do
-    allow(controller).to receive(:authorization) { authorization }
-  end
-end
-
-shared_context "expired token", token: :expired do
-  let :token_string do
-    "1A2B3C4DEXP"
-  end
-
-  let :token do
-    double(Doorkeeper::AccessToken,
-           accessible?: false, revoked?: false, expired?: true,
-           includes_scope?: false, acceptable?: false,
-           previous_refresh_token: "", revoke_previous_refresh_token!: true)
-  end
-
-  before :each do
-    allow(
-      Doorkeeper::AccessToken
-    ).to receive(:by_token).with(token_string).and_return(token)
-  end
-end
-
-shared_context "revoked token", token: :revoked do
-  let :token_string do
-    "1A2B3C4DREV"
-  end
-
-  let :token do
-    double(Doorkeeper::AccessToken,
-           accessible?: false, revoked?: true, expired?: false,
-           includes_scope?: false, acceptable?: false,
-           previous_refresh_token: "", revoke_previous_refresh_token!: true)
-  end
-
-  before :each do
-    allow(
-      Doorkeeper::AccessToken
-    ).to receive(:by_token).with(token_string).and_return(token)
-  end
-end
-
-shared_context "forbidden token", token: :forbidden do
-  let :token_string do
-    "1A2B3C4DFORB"
-  end
-
-  let :token do
-    double(Doorkeeper::AccessToken,
-           accessible?: true, includes_scope?: true, acceptable?: false,
-           previous_refresh_token: "", revoke_previous_refresh_token!: true)
-  end
-
-  before :each do
-    allow(
-      Doorkeeper::AccessToken
-    ).to receive(:by_token).with(token_string).and_return(token)
-  end
-end

data/spec/support/shared/hashing_shared_context.rb

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-shared_context "with token hashing enabled" do
-  let(:hashed_or_plain_token_func) do
-    Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
-  end
-
-  before do
-    Doorkeeper.configure do
-      hash_token_secrets
-    end
-  end
-end
-
-shared_context "with token hashing and fallback lookup enabled" do
-  let(:hashed_or_plain_token_func) do
-    Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
-  end
-
-  before do
-    Doorkeeper.configure do
-      hash_token_secrets fallback: :plain
-    end
-  end
-end
-
-shared_context "with application hashing enabled" do
-  let(:hashed_or_plain_token_func) do
-    Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
-  end
-  before do
-    Doorkeeper.configure do
-      hash_application_secrets
-    end
-  end
-end

data/spec/support/shared/models_shared_examples.rb

@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-shared_examples "an accessible token" do
-  describe :accessible? do
-    it "is accessible if token is not expired" do
-      allow(subject).to receive(:expired?).and_return(false)
-      should be_accessible
-    end
-
-    it "is not accessible if token is expired" do
-      allow(subject).to receive(:expired?).and_return(true)
-      should_not be_accessible
-    end
-  end
-end
-
-shared_examples "a revocable token" do
-  describe :accessible? do
-    before { subject.save! }
-
-    it "is accessible if token is not revoked" do
-      expect(subject).to be_accessible
-    end
-
-    it "is not accessible if token is revoked" do
-      subject.revoke
-      expect(subject).not_to be_accessible
-    end
-  end
-end
-
-shared_examples "a unique token" do
-  describe :token do
-    it "is generated before validation" do
-      expect { subject.valid? }.to change { subject.token }.from(nil)
-    end
-
-    it "is not valid if token exists" do
-      token1 = FactoryBot.create factory_name
-      token2 = FactoryBot.create factory_name
-      token2.token = token1.token
-      expect(token2).not_to be_valid
-    end
-
-    it "expects database to throw an error when tokens are the same" do
-      token1 = FactoryBot.create factory_name
-      token2 = FactoryBot.create factory_name
-      token2.token = token1.token
-      expect do
-        token2.save!(validate: false)
-      end.to raise_error(uniqueness_error)
-    end
-  end
-end

data/spec/validators/redirect_uri_validator_spec.rb

@@ -1,158 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe RedirectUriValidator do
-  subject do
-    FactoryBot.create(:application)
-  end
-
-  it "is valid when the uri is a uri" do
-    subject.redirect_uri = "https://example.com/callback"
-    expect(subject).to be_valid
-  end
-
-  # Most mobile and desktop operating systems allow apps to register a custom URL
-  # scheme that will launch the app when a URL with that scheme is visited from
-  # the system browser.
-  #
-  # @see https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/
-  it "is valid when the uri is custom native URI" do
-    subject.redirect_uri = "myapp://callback"
-    expect(subject).to be_valid
-  end
-
-  it "is valid when the uri has a query parameter" do
-    subject.redirect_uri = "https://example.com/abcd?xyz=123"
-    expect(subject).to be_valid
-  end
-
-  it "accepts native redirect uri" do
-    subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
-    expect(subject).to be_valid
-  end
-
-  it "rejects if test uri is disabled" do
-    allow(RedirectUriValidator).to receive(:native_redirect_uri).and_return(nil)
-    subject.redirect_uri = "urn:some:test"
-    expect(subject).not_to be_valid
-  end
-
-  it "is invalid when the uri is not a uri" do
-    subject.redirect_uri = "]"
-    expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq("must be a valid URI.")
-  end
-
-  it "is invalid when the uri is relative" do
-    subject.redirect_uri = "/abcd"
-    expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq("must be an absolute URI.")
-  end
-
-  it "is invalid when the uri has a fragment" do
-    subject.redirect_uri = "https://example.com/abcd#xyz"
-    expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq("cannot contain a fragment.")
-  end
-
-  context "force secured uri" do
-    it "accepts an valid uri" do
-      subject.redirect_uri = "https://example.com/callback"
-      expect(subject).to be_valid
-    end
-
-    it "accepts native redirect uri" do
-      subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
-      expect(subject).to be_valid
-    end
-
-    it "accepts app redirect uri" do
-      subject.redirect_uri = "some-awesome-app://oauth/callback"
-      expect(subject).to be_valid
-    end
-
-    it "accepts a non secured protocol when disabled" do
-      subject.redirect_uri = "http://example.com/callback"
-      allow(Doorkeeper.configuration).to receive(
-        :force_ssl_in_redirect_uri
-      ).and_return(false)
-      expect(subject).to be_valid
-    end
-
-    it "accepts a non secured protocol when conditional option defined" do
-      Doorkeeper.configure do
-        orm DOORKEEPER_ORM
-        force_ssl_in_redirect_uri { |uri| uri.host != "localhost" }
-      end
-
-      application = FactoryBot.build(:application, redirect_uri: "http://localhost/callback")
-      expect(application).to be_valid
-
-      application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
-      expect(application).to be_valid
-
-      application = FactoryBot.build(:application, redirect_uri: "http://localhost2/callback")
-      expect(application).not_to be_valid
-
-      application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
-      expect(application).to be_valid
-    end
-
-    it "forbids redirect uri if required" do
-      subject.redirect_uri = "javascript://document.cookie"
-
-      Doorkeeper.configure do
-        orm DOORKEEPER_ORM
-        forbid_redirect_uri { |uri| uri.scheme == "javascript" }
-      end
-
-      expect(subject).to be_invalid
-      expect(subject.errors[:redirect_uri].first).to eq("is forbidden by the server.")
-
-      subject.redirect_uri = "https://localhost/callback"
-      expect(subject).to be_valid
-    end
-
-    it "invalidates the uri when the uri does not use a secure protocol" do
-      subject.redirect_uri = "http://example.com/callback"
-      expect(subject).not_to be_valid
-      error = subject.errors[:redirect_uri].first
-      expect(error).to eq("must be an HTTPS/SSL URI.")
-    end
-  end
-
-  context "multiple redirect uri" do
-    it "invalidates the second uri when the first uri is native uri" do
-      subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob\nexample.com/callback"
-      expect(subject).to be_invalid
-    end
-  end
-
-  context "blank redirect URI" do
-    it "forbids blank redirect uri by default" do
-      subject.redirect_uri = ""
-
-      expect(subject).to be_invalid
-      expect(subject.errors[:redirect_uri]).not_to be_blank
-    end
-
-    it "forbids blank redirect uri by custom condition" do
-      Doorkeeper.configure do
-        orm DOORKEEPER_ORM
-        allow_blank_redirect_uri do |_grant_flows, application|
-          application.name == "admin app"
-        end
-      end
-
-      subject.name = "test app"
-      subject.redirect_uri = ""
-
-      expect(subject).to be_invalid
-      expect(subject.errors[:redirect_uri]).not_to be_blank
-
-      subject.name = "admin app"
-      expect(subject).to be_valid
-    end
-  end
-end

data/spec/version/version_spec.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe Doorkeeper::VERSION do
-  context "#gem_version" do
-    it "returns Gem::Version instance" do
-      expect(Doorkeeper.gem_version).to be_an_instance_of(Gem::Version)
-    end
-  end
-
-  context "VERSION" do
-    it "returns gem version string" do
-      expect(Doorkeeper::VERSION::STRING).to match(/^\d+\.\d+\.\d+(\.\w+)?$/)
-    end
-  end
-end