doorkeeper 5.2.2 → 5.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (260) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +198 -3
  3. data/README.md +28 -20
  4. data/app/controllers/doorkeeper/application_controller.rb +3 -2
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
  6. data/app/controllers/doorkeeper/applications_controller.rb +7 -8
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +48 -18
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +6 -6
  9. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  10. data/app/controllers/doorkeeper/tokens_controller.rb +70 -25
  11. data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
  12. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  13. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  14. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  15. data/app/views/doorkeeper/authorizations/new.html.erb +2 -0
  16. data/config/locales/en.yml +9 -2
  17. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  18. data/lib/doorkeeper/config/option.rb +26 -14
  19. data/lib/doorkeeper/config/validations.rb +53 -0
  20. data/lib/doorkeeper/config.rb +214 -122
  21. data/lib/doorkeeper/engine.rb +1 -1
  22. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  23. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  24. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  25. data/lib/doorkeeper/grant_flow.rb +45 -0
  26. data/lib/doorkeeper/grape/helpers.rb +2 -2
  27. data/lib/doorkeeper/helpers/controller.rb +18 -12
  28. data/lib/doorkeeper/models/access_grant_mixin.rb +23 -19
  29. data/lib/doorkeeper/models/access_token_mixin.rb +157 -55
  30. data/lib/doorkeeper/models/application_mixin.rb +8 -7
  31. data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
  32. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  33. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  34. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  35. data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
  36. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  37. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  38. data/lib/doorkeeper/oauth/authorization/code.rb +22 -9
  39. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  40. data/lib/doorkeeper/oauth/authorization/token.rb +23 -18
  41. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  42. data/lib/doorkeeper/oauth/authorization_code_request.rb +30 -20
  43. data/lib/doorkeeper/oauth/base_request.rb +19 -23
  44. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  45. data/lib/doorkeeper/oauth/client.rb +8 -9
  46. data/lib/doorkeeper/oauth/client_credentials/creator.rb +38 -12
  47. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
  48. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +7 -5
  49. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  50. data/lib/doorkeeper/oauth/code_request.rb +4 -4
  51. data/lib/doorkeeper/oauth/code_response.rb +24 -14
  52. data/lib/doorkeeper/oauth/error.rb +1 -1
  53. data/lib/doorkeeper/oauth/error_response.rb +10 -11
  54. data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
  55. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
  56. data/lib/doorkeeper/oauth/helpers/unique_token.rb +10 -7
  57. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -19
  58. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  59. data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
  60. data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
  61. data/lib/doorkeeper/oauth/password_access_token_request.rb +28 -10
  62. data/lib/doorkeeper/oauth/pre_authorization.rb +73 -37
  63. data/lib/doorkeeper/oauth/refresh_token_request.rb +35 -26
  64. data/lib/doorkeeper/oauth/token.rb +6 -7
  65. data/lib/doorkeeper/oauth/token_introspection.rb +12 -16
  66. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  67. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  68. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  69. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  70. data/lib/doorkeeper/orm/active_record/application.rb +5 -95
  71. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  72. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
  73. data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
  74. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +8 -3
  75. data/lib/doorkeeper/orm/active_record.rb +5 -7
  76. data/lib/doorkeeper/rails/helpers.rb +4 -4
  77. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  78. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  79. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  80. data/lib/doorkeeper/rails/routes.rb +17 -25
  81. data/lib/doorkeeper/rake/db.rake +6 -6
  82. data/lib/doorkeeper/rake/setup.rake +5 -0
  83. data/lib/doorkeeper/request/authorization_code.rb +3 -3
  84. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  85. data/lib/doorkeeper/request/password.rb +3 -2
  86. data/lib/doorkeeper/request/refresh_token.rb +5 -4
  87. data/lib/doorkeeper/request/strategy.rb +2 -2
  88. data/lib/doorkeeper/request.rb +49 -12
  89. data/lib/doorkeeper/server.rb +5 -5
  90. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  91. data/lib/doorkeeper/version.rb +2 -6
  92. data/lib/doorkeeper.rb +112 -81
  93. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  94. data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
  95. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  96. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  97. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  98. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
  99. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  100. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  101. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  102. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  103. data/lib/generators/doorkeeper/templates/initializer.rb +99 -14
  104. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  105. metadata +37 -306
  106. data/Appraisals +0 -40
  107. data/CODE_OF_CONDUCT.md +0 -46
  108. data/CONTRIBUTING.md +0 -49
  109. data/Dangerfile +0 -67
  110. data/Dockerfile +0 -29
  111. data/Gemfile +0 -25
  112. data/NEWS.md +0 -1
  113. data/RELEASING.md +0 -11
  114. data/Rakefile +0 -28
  115. data/SECURITY.md +0 -15
  116. data/UPGRADE.md +0 -2
  117. data/bin/console +0 -16
  118. data/doorkeeper.gemspec +0 -42
  119. data/gemfiles/rails_5_0.gemfile +0 -18
  120. data/gemfiles/rails_5_1.gemfile +0 -18
  121. data/gemfiles/rails_5_2.gemfile +0 -18
  122. data/gemfiles/rails_6_0.gemfile +0 -18
  123. data/gemfiles/rails_master.gemfile +0 -18
  124. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  125. data/spec/controllers/applications_controller_spec.rb +0 -273
  126. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  127. data/spec/controllers/protected_resources_controller_spec.rb +0 -353
  128. data/spec/controllers/token_info_controller_spec.rb +0 -50
  129. data/spec/controllers/tokens_controller_spec.rb +0 -498
  130. data/spec/dummy/Rakefile +0 -9
  131. data/spec/dummy/app/assets/config/manifest.js +0 -2
  132. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  133. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  134. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  135. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  136. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  137. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  138. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  139. data/spec/dummy/app/models/user.rb +0 -7
  140. data/spec/dummy/app/views/home/index.html.erb +0 -0
  141. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  142. data/spec/dummy/config/application.rb +0 -49
  143. data/spec/dummy/config/boot.rb +0 -7
  144. data/spec/dummy/config/database.yml +0 -15
  145. data/spec/dummy/config/environment.rb +0 -5
  146. data/spec/dummy/config/environments/development.rb +0 -31
  147. data/spec/dummy/config/environments/production.rb +0 -64
  148. data/spec/dummy/config/environments/test.rb +0 -45
  149. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  150. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  151. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  152. data/spec/dummy/config/initializers/session_store.rb +0 -10
  153. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  154. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  155. data/spec/dummy/config/routes.rb +0 -13
  156. data/spec/dummy/config.ru +0 -6
  157. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  158. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  159. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  160. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  161. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  162. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  163. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  164. data/spec/dummy/db/schema.rb +0 -68
  165. data/spec/dummy/public/404.html +0 -26
  166. data/spec/dummy/public/422.html +0 -26
  167. data/spec/dummy/public/500.html +0 -26
  168. data/spec/dummy/public/favicon.ico +0 -0
  169. data/spec/dummy/script/rails +0 -9
  170. data/spec/factories.rb +0 -30
  171. data/spec/generators/application_owner_generator_spec.rb +0 -28
  172. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  173. data/spec/generators/install_generator_spec.rb +0 -36
  174. data/spec/generators/migration_generator_spec.rb +0 -28
  175. data/spec/generators/pkce_generator_spec.rb +0 -28
  176. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  177. data/spec/generators/templates/routes.rb +0 -4
  178. data/spec/generators/views_generator_spec.rb +0 -29
  179. data/spec/grape/grape_integration_spec.rb +0 -137
  180. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  181. data/spec/lib/config_spec.rb +0 -739
  182. data/spec/lib/doorkeeper_spec.rb +0 -27
  183. data/spec/lib/models/expirable_spec.rb +0 -61
  184. data/spec/lib/models/reusable_spec.rb +0 -40
  185. data/spec/lib/models/revocable_spec.rb +0 -59
  186. data/spec/lib/models/scopes_spec.rb +0 -53
  187. data/spec/lib/models/secret_storable_spec.rb +0 -135
  188. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  189. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -168
  190. data/spec/lib/oauth/base_request_spec.rb +0 -222
  191. data/spec/lib/oauth/base_response_spec.rb +0 -47
  192. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  193. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -97
  194. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  195. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  196. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
  197. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
  198. data/spec/lib/oauth/client_spec.rb +0 -38
  199. data/spec/lib/oauth/code_request_spec.rb +0 -46
  200. data/spec/lib/oauth/code_response_spec.rb +0 -36
  201. data/spec/lib/oauth/error_response_spec.rb +0 -66
  202. data/spec/lib/oauth/error_spec.rb +0 -23
  203. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
  204. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
  205. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  206. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  207. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -75
  208. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
  209. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
  210. data/spec/lib/oauth/pre_authorization_spec.rb +0 -225
  211. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -178
  212. data/spec/lib/oauth/scopes_spec.rb +0 -148
  213. data/spec/lib/oauth/token_request_spec.rb +0 -153
  214. data/spec/lib/oauth/token_response_spec.rb +0 -86
  215. data/spec/lib/oauth/token_spec.rb +0 -158
  216. data/spec/lib/request/strategy_spec.rb +0 -54
  217. data/spec/lib/secret_storing/base_spec.rb +0 -60
  218. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  219. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  220. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  221. data/spec/lib/server_spec.rb +0 -49
  222. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  223. data/spec/models/doorkeeper/access_grant_spec.rb +0 -163
  224. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  225. data/spec/models/doorkeeper/application_spec.rb +0 -377
  226. data/spec/requests/applications/applications_request_spec.rb +0 -259
  227. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  228. data/spec/requests/endpoints/authorization_spec.rb +0 -89
  229. data/spec/requests/endpoints/token_spec.rb +0 -75
  230. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  231. data/spec/requests/flows/authorization_code_spec.rb +0 -513
  232. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  233. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  234. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  235. data/spec/requests/flows/password_spec.rb +0 -296
  236. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  237. data/spec/requests/flows/revoke_token_spec.rb +0 -151
  238. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  239. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  240. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  241. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  242. data/spec/routing/default_routes_spec.rb +0 -41
  243. data/spec/routing/scoped_routes_spec.rb +0 -47
  244. data/spec/spec_helper.rb +0 -57
  245. data/spec/spec_helper_integration.rb +0 -4
  246. data/spec/support/dependencies/factory_bot.rb +0 -4
  247. data/spec/support/doorkeeper_rspec.rb +0 -22
  248. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  249. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  250. data/spec/support/helpers/config_helper.rb +0 -11
  251. data/spec/support/helpers/model_helper.rb +0 -78
  252. data/spec/support/helpers/request_spec_helper.rb +0 -110
  253. data/spec/support/helpers/url_helper.rb +0 -62
  254. data/spec/support/http_method_shim.rb +0 -29
  255. data/spec/support/orm/active_record.rb +0 -5
  256. data/spec/support/shared/controllers_shared_context.rb +0 -123
  257. data/spec/support/shared/hashing_shared_context.rb +0 -36
  258. data/spec/support/shared/models_shared_examples.rb +0 -54
  259. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  260. data/spec/version/version_spec.rb +0 -17
@@ -1,273 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper
6
- describe ApplicationsController do
7
- context "JSON API" do
8
- render_views
9
-
10
- before do
11
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
12
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
13
- end
14
-
15
- it "creates an application" do
16
- expect do
17
- post :create, params: {
18
- doorkeeper_application: {
19
- name: "Example",
20
- redirect_uri: "https://example.com",
21
- }, format: :json,
22
- }
23
- end.to(change { Doorkeeper::Application.count })
24
-
25
- expect(response).to be_successful
26
-
27
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
28
-
29
- application = Application.last
30
- secret_from_response = json_response["secret"]
31
- expect(application.secret_matches?(secret_from_response)).to be_truthy
32
-
33
- expect(json_response["name"]).to eq("Example")
34
- expect(json_response["redirect_uri"]).to eq("https://example.com")
35
- end
36
-
37
- it "returns validation errors on wrong create params" do
38
- expect do
39
- post :create, params: {
40
- doorkeeper_application: {
41
- name: "Example",
42
- }, format: :json,
43
- }
44
- end.not_to(change { Doorkeeper::Application.count })
45
-
46
- expect(response).to have_http_status(422)
47
-
48
- expect(json_response).to include("errors")
49
- end
50
-
51
- it "returns validations on wrong create params (unspecified scheme)" do
52
- expect do
53
- post :create, params: {
54
- doorkeeper_application: {
55
- name: "Example",
56
- redirect_uri: "app.com:80",
57
- }, format: :json,
58
- }
59
- end.not_to(change { Doorkeeper::Application.count })
60
-
61
- expect(response).to have_http_status(422)
62
-
63
- expect(json_response).to include("errors")
64
- end
65
-
66
- it "returns application info" do
67
- application = FactoryBot.create(:application, name: "Change me")
68
-
69
- get :show, params: { id: application.id, format: :json }
70
-
71
- expect(response).to be_successful
72
-
73
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
74
- end
75
-
76
- it "updates application" do
77
- application = FactoryBot.create(:application, name: "Change me")
78
-
79
- put :update, params: {
80
- id: application.id,
81
- doorkeeper_application: {
82
- name: "Example App",
83
- redirect_uri: "https://example.com",
84
- }, format: :json,
85
- }
86
-
87
- expect(application.reload.name).to eq "Example App"
88
-
89
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
90
- end
91
-
92
- it "returns validation errors on wrong update params" do
93
- application = FactoryBot.create(:application, name: "Change me")
94
-
95
- put :update, params: {
96
- id: application.id,
97
- doorkeeper_application: {
98
- name: "Example App",
99
- redirect_uri: "localhost:3000",
100
- }, format: :json,
101
- }
102
-
103
- expect(response).to have_http_status(422)
104
-
105
- expect(json_response).to include("errors")
106
- end
107
-
108
- it "destroys an application" do
109
- application = FactoryBot.create(:application)
110
-
111
- delete :destroy, params: { id: application.id, format: :json }
112
-
113
- expect(response).to have_http_status(204)
114
- expect(Application.count).to be_zero
115
- end
116
- end
117
-
118
- context "when admin is not authenticated" do
119
- before do
120
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
121
- redirect_to main_app.root_url
122
- end)
123
- end
124
-
125
- it "redirects as set in Doorkeeper.authenticate_admin" do
126
- get :index
127
- expect(response).to redirect_to(controller.main_app.root_url)
128
- end
129
-
130
- it "does not create application" do
131
- expect do
132
- post :create, params: {
133
- doorkeeper_application: {
134
- name: "Example",
135
- redirect_uri: "https://example.com",
136
- },
137
- }
138
- end.not_to(change { Doorkeeper::Application.count })
139
- end
140
- end
141
-
142
- context "when admin is authenticated" do
143
- context "when application secrets are hashed" do
144
- before do
145
- allow(Doorkeeper.configuration).to receive(:application_secret_strategy).and_return(Doorkeeper::SecretStoring::Sha256Hash)
146
- end
147
-
148
- it "shows the application secret after creating a new application" do
149
- expect do
150
- post :create, params: {
151
- doorkeeper_application: {
152
- name: "Example",
153
- redirect_uri: "https://example.com",
154
- },
155
- }
156
- end.to change { Doorkeeper::Application.count }.by(1)
157
-
158
- application = Application.last
159
-
160
- secret_from_flash = flash[:application_secret]
161
- expect(secret_from_flash).not_to be_empty
162
- expect(application.secret_matches?(secret_from_flash)).to be_truthy
163
- expect(response).to redirect_to(controller.main_app.oauth_application_url(application.id))
164
-
165
- get :show, params: { id: application.id, format: :html }
166
-
167
- # We don't know the application secret here (because its hashed) so we can not assert its text on the page
168
- # Instead, we read it from the page and then check if it matches the application secret
169
- code_element = %r{<code.*id="secret".*>(.*)<\/code>}.match(response.body)
170
- secret_from_page = code_element[1]
171
-
172
- expect(response.body).to have_selector("code#application_id", text: application.uid)
173
- expect(response.body).to have_selector("code#secret")
174
- expect(secret_from_page).not_to be_empty
175
- expect(application.secret_matches?(secret_from_page)).to be_truthy
176
- end
177
-
178
- it "does not show an application secret when application did already exist" do
179
- application = FactoryBot.create(:application)
180
- get :show, params: { id: application.id, format: :html }
181
-
182
- expect(response.body).to have_selector("code#application_id", text: application.uid)
183
- expect(response.body).to have_selector("code#secret", text: "")
184
- end
185
-
186
- it "returns the application details in a json response" do
187
- expect do
188
- post :create, params: {
189
- doorkeeper_application: {
190
- name: "Example",
191
- redirect_uri: "https://example.com",
192
- }, format: :json,
193
- }
194
- end.to(change { Doorkeeper::Application.count })
195
-
196
- expect(response).to be_successful
197
-
198
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
199
-
200
- application = Application.last
201
- secret_from_response = json_response["secret"]
202
- expect(application.secret_matches?(secret_from_response)).to be_truthy
203
-
204
- expect(json_response["name"]).to eq("Example")
205
- expect(json_response["redirect_uri"]).to eq("https://example.com")
206
- end
207
- end
208
-
209
- render_views
210
-
211
- before do
212
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
213
- end
214
-
215
- it "sorts applications by created_at" do
216
- first_application = FactoryBot.create(:application)
217
- second_application = FactoryBot.create(:application)
218
- expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
219
-
220
- get :index
221
-
222
- expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
223
- expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
224
- end
225
-
226
- it "creates application" do
227
- expect do
228
- post :create, params: {
229
- doorkeeper_application: {
230
- name: "Example",
231
- redirect_uri: "https://example.com",
232
- },
233
- }
234
- end.to change { Doorkeeper::Application.count }.by(1)
235
-
236
- expect(response).to be_redirect
237
- end
238
-
239
- it "shows application details" do
240
- application = FactoryBot.create(:application)
241
- get :show, params: { id: application.id, format: :html }
242
-
243
- expect(response.body).to have_selector("code#application_id", text: application.uid)
244
- expect(response.body).to have_selector("code#secret", text: application.plaintext_secret)
245
- end
246
-
247
- it "does not allow mass assignment of uid or secret" do
248
- application = FactoryBot.create(:application)
249
- put :update, params: {
250
- id: application.id,
251
- doorkeeper_application: {
252
- uid: "1A2B3C4D",
253
- secret: "1A2B3C4D",
254
- },
255
- }
256
-
257
- expect(application.reload.uid).not_to eq "1A2B3C4D"
258
- end
259
-
260
- it "updates application" do
261
- application = FactoryBot.create(:application)
262
- put :update, params: {
263
- id: application.id, doorkeeper_application: {
264
- name: "Example",
265
- redirect_uri: "https://example.com",
266
- },
267
- }
268
-
269
- expect(application.reload.name).to eq "Example"
270
- end
271
- end
272
- end
273
- end