doorkeeper 5.2.2 → 5.5.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (260) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +198 -3
  3. data/README.md +28 -20
  4. data/app/controllers/doorkeeper/application_controller.rb +3 -2
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
  6. data/app/controllers/doorkeeper/applications_controller.rb +7 -8
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +48 -18
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +6 -6
  9. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  10. data/app/controllers/doorkeeper/tokens_controller.rb +70 -25
  11. data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
  12. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  13. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  14. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  15. data/app/views/doorkeeper/authorizations/new.html.erb +2 -0
  16. data/config/locales/en.yml +9 -2
  17. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  18. data/lib/doorkeeper/config/option.rb +26 -14
  19. data/lib/doorkeeper/config/validations.rb +53 -0
  20. data/lib/doorkeeper/config.rb +214 -122
  21. data/lib/doorkeeper/engine.rb +1 -1
  22. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  23. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  24. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  25. data/lib/doorkeeper/grant_flow.rb +45 -0
  26. data/lib/doorkeeper/grape/helpers.rb +2 -2
  27. data/lib/doorkeeper/helpers/controller.rb +18 -12
  28. data/lib/doorkeeper/models/access_grant_mixin.rb +23 -19
  29. data/lib/doorkeeper/models/access_token_mixin.rb +157 -55
  30. data/lib/doorkeeper/models/application_mixin.rb +8 -7
  31. data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
  32. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  33. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  34. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  35. data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
  36. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  37. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  38. data/lib/doorkeeper/oauth/authorization/code.rb +22 -9
  39. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  40. data/lib/doorkeeper/oauth/authorization/token.rb +23 -18
  41. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  42. data/lib/doorkeeper/oauth/authorization_code_request.rb +30 -20
  43. data/lib/doorkeeper/oauth/base_request.rb +19 -23
  44. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  45. data/lib/doorkeeper/oauth/client.rb +8 -9
  46. data/lib/doorkeeper/oauth/client_credentials/creator.rb +38 -12
  47. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
  48. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +7 -5
  49. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  50. data/lib/doorkeeper/oauth/code_request.rb +4 -4
  51. data/lib/doorkeeper/oauth/code_response.rb +24 -14
  52. data/lib/doorkeeper/oauth/error.rb +1 -1
  53. data/lib/doorkeeper/oauth/error_response.rb +10 -11
  54. data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
  55. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
  56. data/lib/doorkeeper/oauth/helpers/unique_token.rb +10 -7
  57. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -19
  58. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  59. data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
  60. data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
  61. data/lib/doorkeeper/oauth/password_access_token_request.rb +28 -10
  62. data/lib/doorkeeper/oauth/pre_authorization.rb +73 -37
  63. data/lib/doorkeeper/oauth/refresh_token_request.rb +35 -26
  64. data/lib/doorkeeper/oauth/token.rb +6 -7
  65. data/lib/doorkeeper/oauth/token_introspection.rb +12 -16
  66. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  67. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  68. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  69. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  70. data/lib/doorkeeper/orm/active_record/application.rb +5 -95
  71. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  72. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
  73. data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
  74. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +8 -3
  75. data/lib/doorkeeper/orm/active_record.rb +5 -7
  76. data/lib/doorkeeper/rails/helpers.rb +4 -4
  77. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  78. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  79. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  80. data/lib/doorkeeper/rails/routes.rb +17 -25
  81. data/lib/doorkeeper/rake/db.rake +6 -6
  82. data/lib/doorkeeper/rake/setup.rake +5 -0
  83. data/lib/doorkeeper/request/authorization_code.rb +3 -3
  84. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  85. data/lib/doorkeeper/request/password.rb +3 -2
  86. data/lib/doorkeeper/request/refresh_token.rb +5 -4
  87. data/lib/doorkeeper/request/strategy.rb +2 -2
  88. data/lib/doorkeeper/request.rb +49 -12
  89. data/lib/doorkeeper/server.rb +5 -5
  90. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  91. data/lib/doorkeeper/version.rb +2 -6
  92. data/lib/doorkeeper.rb +112 -81
  93. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  94. data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
  95. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  96. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  97. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  98. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
  99. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  100. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  101. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  102. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  103. data/lib/generators/doorkeeper/templates/initializer.rb +99 -14
  104. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  105. metadata +37 -306
  106. data/Appraisals +0 -40
  107. data/CODE_OF_CONDUCT.md +0 -46
  108. data/CONTRIBUTING.md +0 -49
  109. data/Dangerfile +0 -67
  110. data/Dockerfile +0 -29
  111. data/Gemfile +0 -25
  112. data/NEWS.md +0 -1
  113. data/RELEASING.md +0 -11
  114. data/Rakefile +0 -28
  115. data/SECURITY.md +0 -15
  116. data/UPGRADE.md +0 -2
  117. data/bin/console +0 -16
  118. data/doorkeeper.gemspec +0 -42
  119. data/gemfiles/rails_5_0.gemfile +0 -18
  120. data/gemfiles/rails_5_1.gemfile +0 -18
  121. data/gemfiles/rails_5_2.gemfile +0 -18
  122. data/gemfiles/rails_6_0.gemfile +0 -18
  123. data/gemfiles/rails_master.gemfile +0 -18
  124. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  125. data/spec/controllers/applications_controller_spec.rb +0 -273
  126. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  127. data/spec/controllers/protected_resources_controller_spec.rb +0 -353
  128. data/spec/controllers/token_info_controller_spec.rb +0 -50
  129. data/spec/controllers/tokens_controller_spec.rb +0 -498
  130. data/spec/dummy/Rakefile +0 -9
  131. data/spec/dummy/app/assets/config/manifest.js +0 -2
  132. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  133. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  134. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  135. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  136. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  137. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  138. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  139. data/spec/dummy/app/models/user.rb +0 -7
  140. data/spec/dummy/app/views/home/index.html.erb +0 -0
  141. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  142. data/spec/dummy/config/application.rb +0 -49
  143. data/spec/dummy/config/boot.rb +0 -7
  144. data/spec/dummy/config/database.yml +0 -15
  145. data/spec/dummy/config/environment.rb +0 -5
  146. data/spec/dummy/config/environments/development.rb +0 -31
  147. data/spec/dummy/config/environments/production.rb +0 -64
  148. data/spec/dummy/config/environments/test.rb +0 -45
  149. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  150. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  151. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  152. data/spec/dummy/config/initializers/session_store.rb +0 -10
  153. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  154. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  155. data/spec/dummy/config/routes.rb +0 -13
  156. data/spec/dummy/config.ru +0 -6
  157. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  158. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  159. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  160. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  161. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  162. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  163. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  164. data/spec/dummy/db/schema.rb +0 -68
  165. data/spec/dummy/public/404.html +0 -26
  166. data/spec/dummy/public/422.html +0 -26
  167. data/spec/dummy/public/500.html +0 -26
  168. data/spec/dummy/public/favicon.ico +0 -0
  169. data/spec/dummy/script/rails +0 -9
  170. data/spec/factories.rb +0 -30
  171. data/spec/generators/application_owner_generator_spec.rb +0 -28
  172. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  173. data/spec/generators/install_generator_spec.rb +0 -36
  174. data/spec/generators/migration_generator_spec.rb +0 -28
  175. data/spec/generators/pkce_generator_spec.rb +0 -28
  176. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  177. data/spec/generators/templates/routes.rb +0 -4
  178. data/spec/generators/views_generator_spec.rb +0 -29
  179. data/spec/grape/grape_integration_spec.rb +0 -137
  180. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  181. data/spec/lib/config_spec.rb +0 -739
  182. data/spec/lib/doorkeeper_spec.rb +0 -27
  183. data/spec/lib/models/expirable_spec.rb +0 -61
  184. data/spec/lib/models/reusable_spec.rb +0 -40
  185. data/spec/lib/models/revocable_spec.rb +0 -59
  186. data/spec/lib/models/scopes_spec.rb +0 -53
  187. data/spec/lib/models/secret_storable_spec.rb +0 -135
  188. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  189. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -168
  190. data/spec/lib/oauth/base_request_spec.rb +0 -222
  191. data/spec/lib/oauth/base_response_spec.rb +0 -47
  192. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  193. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -97
  194. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  195. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  196. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
  197. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
  198. data/spec/lib/oauth/client_spec.rb +0 -38
  199. data/spec/lib/oauth/code_request_spec.rb +0 -46
  200. data/spec/lib/oauth/code_response_spec.rb +0 -36
  201. data/spec/lib/oauth/error_response_spec.rb +0 -66
  202. data/spec/lib/oauth/error_spec.rb +0 -23
  203. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
  204. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
  205. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  206. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  207. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -75
  208. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
  209. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
  210. data/spec/lib/oauth/pre_authorization_spec.rb +0 -225
  211. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -178
  212. data/spec/lib/oauth/scopes_spec.rb +0 -148
  213. data/spec/lib/oauth/token_request_spec.rb +0 -153
  214. data/spec/lib/oauth/token_response_spec.rb +0 -86
  215. data/spec/lib/oauth/token_spec.rb +0 -158
  216. data/spec/lib/request/strategy_spec.rb +0 -54
  217. data/spec/lib/secret_storing/base_spec.rb +0 -60
  218. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  219. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  220. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  221. data/spec/lib/server_spec.rb +0 -49
  222. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  223. data/spec/models/doorkeeper/access_grant_spec.rb +0 -163
  224. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  225. data/spec/models/doorkeeper/application_spec.rb +0 -377
  226. data/spec/requests/applications/applications_request_spec.rb +0 -259
  227. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  228. data/spec/requests/endpoints/authorization_spec.rb +0 -89
  229. data/spec/requests/endpoints/token_spec.rb +0 -75
  230. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  231. data/spec/requests/flows/authorization_code_spec.rb +0 -513
  232. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  233. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  234. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  235. data/spec/requests/flows/password_spec.rb +0 -296
  236. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  237. data/spec/requests/flows/revoke_token_spec.rb +0 -151
  238. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  239. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  240. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  241. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  242. data/spec/routing/default_routes_spec.rb +0 -41
  243. data/spec/routing/scoped_routes_spec.rb +0 -47
  244. data/spec/spec_helper.rb +0 -57
  245. data/spec/spec_helper_integration.rb +0 -4
  246. data/spec/support/dependencies/factory_bot.rb +0 -4
  247. data/spec/support/doorkeeper_rspec.rb +0 -22
  248. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  249. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  250. data/spec/support/helpers/config_helper.rb +0 -11
  251. data/spec/support/helpers/model_helper.rb +0 -78
  252. data/spec/support/helpers/request_spec_helper.rb +0 -110
  253. data/spec/support/helpers/url_helper.rb +0 -62
  254. data/spec/support/http_method_shim.rb +0 -29
  255. data/spec/support/orm/active_record.rb +0 -5
  256. data/spec/support/shared/controllers_shared_context.rb +0 -123
  257. data/spec/support/shared/hashing_shared_context.rb +0 -36
  258. data/spec/support/shared/models_shared_examples.rb +0 -54
  259. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  260. data/spec/version/version_spec.rb +0 -17
@@ -1,353 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module ControllerActions
6
- def index
7
- render plain: "index"
8
- end
9
-
10
- def show
11
- render plain: "show"
12
- end
13
-
14
- def doorkeeper_unauthorized_render_options(*); end
15
-
16
- def doorkeeper_forbidden_render_options(*); end
17
- end
18
-
19
- describe "doorkeeper authorize filter" do
20
- context "accepts token code specified as" do
21
- controller do
22
- before_action :doorkeeper_authorize!
23
-
24
- def index
25
- render plain: "index"
26
- end
27
- end
28
-
29
- let(:token_string) { "1A2BC3" }
30
- let(:token) do
31
- double(Doorkeeper::AccessToken,
32
- acceptable?: true, previous_refresh_token: "",
33
- revoke_previous_refresh_token!: true)
34
- end
35
-
36
- it "access_token param" do
37
- expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
38
- get :index, params: { access_token: token_string }
39
- end
40
-
41
- it "bearer_token param" do
42
- expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
43
- get :index, params: { bearer_token: token_string }
44
- end
45
-
46
- it "Authorization header" do
47
- expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
48
- request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
49
- get :index
50
- end
51
-
52
- it "different kind of Authorization header" do
53
- expect(Doorkeeper::AccessToken).not_to receive(:by_token)
54
- request.env["HTTP_AUTHORIZATION"] = "MAC #{token_string}"
55
- get :index
56
- end
57
-
58
- it "does not change Authorization header value" do
59
- expect(Doorkeeper::AccessToken).to receive(:by_token).exactly(2).times.and_return(token)
60
- request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
61
- get :index
62
- controller.send(:remove_instance_variable, :@doorkeeper_token)
63
- get :index
64
- end
65
- end
66
-
67
- context "defined for all actions" do
68
- controller do
69
- before_action :doorkeeper_authorize!
70
-
71
- include ControllerActions
72
- end
73
-
74
- context "with valid token", token: :valid do
75
- it "allows into index action" do
76
- get :index, params: { access_token: token_string }
77
- expect(response).to be_successful
78
- end
79
-
80
- it "allows into show action" do
81
- get :show, params: { id: "4", access_token: token_string }
82
- expect(response).to be_successful
83
- end
84
- end
85
-
86
- context "with invalid token", token: :invalid do
87
- it "does not allow into index action" do
88
- get :index, params: { access_token: token_string }
89
- expect(response.status).to eq 401
90
- expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
91
- end
92
-
93
- it "does not allow into show action" do
94
- get :show, params: { id: "4", access_token: token_string }
95
- expect(response.status).to eq 401
96
- expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
97
- end
98
- end
99
- end
100
-
101
- context "defined with scopes" do
102
- controller do
103
- before_action -> { doorkeeper_authorize! :write }
104
-
105
- include ControllerActions
106
- end
107
-
108
- let(:token_string) { "1A2DUWE" }
109
-
110
- it "allows if the token has particular scopes" do
111
- token = double(Doorkeeper::AccessToken,
112
- accessible?: true, scopes: %w[write public],
113
- previous_refresh_token: "",
114
- revoke_previous_refresh_token!: true)
115
- expect(token).to receive(:acceptable?).with([:write]).and_return(true)
116
- expect(
117
- Doorkeeper::AccessToken
118
- ).to receive(:by_token).with(token_string).and_return(token)
119
-
120
- get :index, params: { access_token: token_string }
121
- expect(response).to be_successful
122
- end
123
-
124
- it "does not allow if the token does not include given scope" do
125
- token = double(Doorkeeper::AccessToken,
126
- accessible?: true, scopes: ["public"], revoked?: false,
127
- expired?: false, previous_refresh_token: "",
128
- revoke_previous_refresh_token!: true)
129
- expect(
130
- Doorkeeper::AccessToken
131
- ).to receive(:by_token).with(token_string).and_return(token)
132
- expect(token).to receive(:acceptable?).with([:write]).and_return(false)
133
-
134
- get :index, params: { access_token: token_string }
135
- expect(response.status).to eq 403
136
- expect(response.header).to_not include("WWW-Authenticate")
137
- end
138
- end
139
-
140
- context "when custom unauthorized render options are configured" do
141
- controller do
142
- before_action :doorkeeper_authorize!
143
-
144
- include ControllerActions
145
- end
146
-
147
- context "with a JSON custom render", token: :invalid do
148
- before do
149
- module ControllerActions
150
- remove_method :doorkeeper_unauthorized_render_options
151
-
152
- def doorkeeper_unauthorized_render_options(error: nil)
153
- { json: ActiveSupport::JSON.encode(error_message: error.description) }
154
- end
155
- end
156
- end
157
-
158
- after do
159
- module ControllerActions
160
- remove_method :doorkeeper_unauthorized_render_options
161
-
162
- def doorkeeper_unauthorized_render_options(error: nil); end
163
- end
164
- end
165
-
166
- it "it renders a custom JSON response", token: :invalid do
167
- get :index, params: { access_token: token_string }
168
- expect(response.status).to eq 401
169
- expect(response.content_type).to include("application/json")
170
- expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
171
-
172
- expect(json_response).not_to be_nil
173
- expect(json_response["error_message"]).to match("token is invalid")
174
- end
175
- end
176
-
177
- context "with a text custom render", token: :invalid do
178
- before do
179
- module ControllerActions
180
- remove_method :doorkeeper_unauthorized_render_options
181
-
182
- def doorkeeper_unauthorized_render_options(**)
183
- { plain: "Unauthorized" }
184
- end
185
- end
186
- end
187
-
188
- after do
189
- module ControllerActions
190
- remove_method :doorkeeper_unauthorized_render_options
191
-
192
- def doorkeeper_unauthorized_render_options(error: nil); end
193
- end
194
- end
195
-
196
- it "it renders a custom text response", token: :invalid do
197
- get :index, params: { access_token: token_string }
198
- expect(response.status).to eq 401
199
- expect(response.content_type).to include("text/plain")
200
- expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
201
- expect(response.body).to eq("Unauthorized")
202
- end
203
- end
204
- end
205
-
206
- context "when custom forbidden render options are configured" do
207
- before do
208
- expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
209
- expect(token).to receive(:acceptable?).with([:write]).and_return(false)
210
- end
211
-
212
- after do
213
- module ControllerActions
214
- remove_method :doorkeeper_forbidden_render_options
215
-
216
- def doorkeeper_forbidden_render_options(*); end
217
- end
218
- end
219
-
220
- controller do
221
- before_action -> { doorkeeper_authorize! :write }
222
-
223
- include ControllerActions
224
- end
225
-
226
- let(:token) do
227
- double(Doorkeeper::AccessToken,
228
- accessible?: true, scopes: ["public"], revoked?: false,
229
- expired?: false, previous_refresh_token: "",
230
- revoke_previous_refresh_token!: true)
231
- end
232
-
233
- let(:token_string) { "1A2DUWE" }
234
-
235
- context "with a JSON custom render" do
236
- before do
237
- module ControllerActions
238
- remove_method :doorkeeper_forbidden_render_options
239
-
240
- def doorkeeper_forbidden_render_options(*)
241
- { json: { error_message: "Forbidden" } }
242
- end
243
- end
244
- end
245
-
246
- it "renders a custom JSON response" do
247
- get :index, params: { access_token: token_string }
248
- expect(response.header).to_not include("WWW-Authenticate")
249
- expect(response.content_type).to include("application/json")
250
- expect(response.status).to eq 403
251
-
252
- expect(json_response).not_to be_nil
253
- expect(json_response["error_message"]).to match("Forbidden")
254
- end
255
- end
256
-
257
- context "with a status and JSON custom render" do
258
- before do
259
- module ControllerActions
260
- remove_method :doorkeeper_forbidden_render_options
261
- def doorkeeper_forbidden_render_options(*)
262
- { json: { error_message: "Not Found" },
263
- respond_not_found_when_forbidden: true, }
264
- end
265
- end
266
- end
267
-
268
- it "overrides the default status code" do
269
- get :index, params: { access_token: token_string }
270
- expect(response.status).to eq 404
271
- end
272
- end
273
-
274
- context "with a text custom render" do
275
- before do
276
- module ControllerActions
277
- remove_method :doorkeeper_forbidden_render_options
278
-
279
- def doorkeeper_forbidden_render_options(*)
280
- { plain: "Forbidden" }
281
- end
282
- end
283
- end
284
-
285
- it "renders a custom status code and text response" do
286
- get :index, params: { access_token: token_string }
287
- expect(response.header).to_not include("WWW-Authenticate")
288
- expect(response.status).to eq 403
289
- expect(response.body).to eq("Forbidden")
290
- end
291
- end
292
-
293
- context "with a status and text custom render" do
294
- before do
295
- module ControllerActions
296
- remove_method :doorkeeper_forbidden_render_options
297
-
298
- def doorkeeper_forbidden_render_options(*)
299
- { respond_not_found_when_forbidden: true, plain: "Not Found" }
300
- end
301
- end
302
- end
303
-
304
- it "overrides the default status code" do
305
- get :index, params: { access_token: token_string }
306
- expect(response.status).to eq 404
307
- end
308
- end
309
- end
310
-
311
- context "when handle_auth_errors option is set to :raise" do
312
- subject { get :index, params: { access_token: token_string } }
313
-
314
- before do
315
- config_is_set(:handle_auth_errors, :raise)
316
- end
317
-
318
- controller do
319
- before_action :doorkeeper_authorize!
320
- include ControllerActions
321
- end
322
-
323
- context "when token is unknown" do
324
- it "raises Doorkeeper::Errors::TokenUnknown exception", token: :invalid do
325
- expect { subject }.to raise_error(Doorkeeper::Errors::TokenUnknown)
326
- end
327
- end
328
-
329
- context "when token is expired" do
330
- it "raises Doorkeeper::Errors::TokenExpired exception", token: :expired do
331
- expect { subject }.to raise_error(Doorkeeper::Errors::TokenExpired)
332
- end
333
- end
334
-
335
- context "when token is revoked" do
336
- it "raises Doorkeeper::Errors::TokenRevoked exception", token: :revoked do
337
- expect { subject }.to raise_error(Doorkeeper::Errors::TokenRevoked)
338
- end
339
- end
340
-
341
- context "when token is forbidden" do
342
- it "raises Doorkeeper::Errors::TokenForbidden exception", token: :forbidden do
343
- expect { subject }.to raise_error(Doorkeeper::Errors::TokenForbidden)
344
- end
345
- end
346
-
347
- context "when token is valid" do
348
- it "allows into index action", token: :valid do
349
- expect(response).to be_successful
350
- end
351
- end
352
- end
353
- end
@@ -1,50 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::TokenInfoController do
6
- describe "when requesting token info with valid token" do
7
- let(:doorkeeper_token) { FactoryBot.create(:access_token) }
8
-
9
- describe "successful request" do
10
- it "responds with token info" do
11
- get :show, params: { access_token: doorkeeper_token.token }
12
-
13
- expect(response.body).to eq(doorkeeper_token.to_json)
14
- end
15
-
16
- it "responds with a 200 status" do
17
- get :show, params: { access_token: doorkeeper_token.token }
18
-
19
- expect(response.status).to eq 200
20
- end
21
- end
22
-
23
- describe "invalid token response" do
24
- it "responds with 401 when doorkeeper_token is not valid" do
25
- get :show
26
-
27
- expect(response.status).to eq 401
28
- expect(response.headers["WWW-Authenticate"]).to match(/^Bearer/)
29
- end
30
-
31
- it "responds with 401 when doorkeeper_token is invalid, expired or revoked" do
32
- allow(controller).to receive(:doorkeeper_token).and_return(doorkeeper_token)
33
- allow(doorkeeper_token).to receive(:accessible?).and_return(false)
34
-
35
- get :show
36
-
37
- expect(response.status).to eq 401
38
- expect(response.headers["WWW-Authenticate"]).to match(/^Bearer/)
39
- end
40
-
41
- it "responds body message for error" do
42
- get :show
43
-
44
- expect(response.body).to eq(
45
- Doorkeeper::OAuth::InvalidTokenResponse.new.body.to_json
46
- )
47
- end
48
- end
49
- end
50
- end