doorkeeper 5.2.6 → 5.3.0

data/spec/lib/oauth/token_request_spec.rb

@@ -2,152 +2,156 @@
 
 require "spec_helper"
 
-module Doorkeeper::OAuth
-  describe TokenRequest do
-    let :application do
-      FactoryBot.create(:application, scopes: "public")
-    end
+describe Doorkeeper::OAuth::TokenRequest do
+  let :application do
+    FactoryBot.create(:application, scopes: "public")
+  end
 
-    let :pre_auth do
-      server = Doorkeeper.configuration
-      allow(server).to receive(:default_scopes).and_return(Scopes.from_string("public"))
-      allow(server).to receive(:grant_flows).and_return(Scopes.from_string("implicit"))
+  let :pre_auth do
+    server = Doorkeeper.configuration
+    allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
+    allow(server).to receive(:grant_flows).and_return(Doorkeeper::OAuth::Scopes.from_string("implicit"))
 
-      client = Doorkeeper::OAuth::Client.new(application)
+    client = Doorkeeper::OAuth::Client.new(application)
 
-      attributes = {
-        client_id: client.uid,
-        response_type: "token",
-        redirect_uri: "https://app.com/callback",
-      }
+    attributes = {
+      client_id: client.uid,
+      response_type: "token",
+      redirect_uri: "https://app.com/callback",
+    }
 
-      pre_auth = PreAuthorization.new(server, attributes)
-      pre_auth.authorizable?
-      pre_auth
-    end
+    pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
+    pre_auth.authorizable?
+    pre_auth
+  end
 
-    let :owner do
-      double :owner, id: 7866
-    end
+  let :owner do
+    double :owner, id: 7866
+  end
 
-    subject do
-      TokenRequest.new(pre_auth, owner)
-    end
+  subject do
+    described_class.new(pre_auth, owner)
+  end
 
-    it "creates an access token" do
-      expect do
-        subject.authorize
-      end.to change { Doorkeeper::AccessToken.count }.by(1)
-    end
+  it "creates an access token" do
+    expect do
+      subject.authorize
+    end.to change { Doorkeeper::AccessToken.count }.by(1)
+  end
 
-    it "returns a code response" do
-      expect(subject.authorize).to be_a(CodeResponse)
-    end
+  it "returns a code response" do
+    expect(subject.authorize).to be_a(Doorkeeper::OAuth::CodeResponse)
+  end
 
-    context "when pre_auth is denied" do
-      it "does not create token and returns a error response" do
-        expect { subject.deny }.not_to(change { Doorkeeper::AccessToken.count })
-        expect(subject.deny).to be_a(ErrorResponse)
-      end
+  context "when pre_auth is denied" do
+    it "does not create token and returns a error response" do
+      expect { subject.deny }.not_to(change { Doorkeeper::AccessToken.count })
+      expect(subject.deny).to be_a(Doorkeeper::OAuth::ErrorResponse)
     end
+  end
 
-    describe "with custom expiration" do
-      context "when proper TTL returned" do
-        before do
-          Doorkeeper.configure do
-            orm DOORKEEPER_ORM
-            custom_access_token_expires_in do |context|
-              context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
-            end
+  describe "with custom expiration" do
+    context "when proper TTL returned" do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          custom_access_token_expires_in do |context|
+            context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
           end
         end
+      end
 
-        it "should use the custom ttl" do
-          subject.authorize
-          token = Doorkeeper::AccessToken.first
-          expect(token.expires_in).to eq(1234)
-        end
+      it "should use the custom ttl" do
+        subject.authorize
+        token = Doorkeeper::AccessToken.first
+        expect(token.expires_in).to eq(1234)
       end
+    end
 
-      context "when nil TTL returned" do
-        before do
-          Doorkeeper.configure do
-            orm DOORKEEPER_ORM
-            access_token_expires_in 654
-            custom_access_token_expires_in do |_context|
-              nil
-            end
+    context "when nil TTL returned" do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_expires_in 654
+          custom_access_token_expires_in do |_context|
+            nil
           end
         end
+      end
 
-        it "should fallback to access_token_expires_in" do
-          subject.authorize
-          token = Doorkeeper::AccessToken.first
-          expect(token.expires_in).to eq(654)
-        end
+      it "should fallback to access_token_expires_in" do
+        subject.authorize
+        token = Doorkeeper::AccessToken.first
+        expect(token.expires_in).to eq(654)
       end
+    end
 
-      context "when infinite TTL returned" do
-        before do
-          Doorkeeper.configure do
-            orm DOORKEEPER_ORM
-            access_token_expires_in 654
-            custom_access_token_expires_in do |_context|
-              Float::INFINITY
-            end
+    context "when infinite TTL returned" do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_expires_in 654
+          custom_access_token_expires_in do |_context|
+            Float::INFINITY
           end
         end
+      end
 
-        it "should fallback to access_token_expires_in" do
-          subject.authorize
-          token = Doorkeeper::AccessToken.first
-          expect(token.expires_in).to be_nil
-        end
+      it "should fallback to access_token_expires_in" do
+        subject.authorize
+        token = Doorkeeper::AccessToken.first
+        expect(token.expires_in).to be_nil
       end
     end
+  end
 
-    context "token reuse" do
-      it "creates a new token if there are no matching tokens" do
-        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-        expect do
-          subject.authorize
-        end.to change { Doorkeeper::AccessToken.count }.by(1)
-      end
+  context "token reuse" do
+    it "creates a new token if there are no matching tokens" do
+      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
 
-      it "creates a new token if scopes do not match" do
-        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-        FactoryBot.create(:access_token, application_id: pre_auth.client.id,
-                                         resource_owner_id: owner.id, scopes: "")
-        expect do
-          subject.authorize
-        end.to change { Doorkeeper::AccessToken.count }.by(1)
-      end
+    it "creates a new token if scopes do not match" do
+      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+      FactoryBot.create(
+        :access_token, application_id: pre_auth.client.id,
+                       resource_owner_id: owner.id, scopes: "",
+      )
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
 
-      it "skips token creation if there is a matching one reusable" do
-        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-        allow(application.scopes).to receive(:has_scopes?).and_return(true)
-        allow(application.scopes).to receive(:all?).and_return(true)
+    it "skips token creation if there is a matching one reusable" do
+      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+      allow(application.scopes).to receive(:has_scopes?).and_return(true)
+      allow(application.scopes).to receive(:all?).and_return(true)
 
-        FactoryBot.create(:access_token, application_id: pre_auth.client.id,
-                                         resource_owner_id: owner.id, scopes: "public")
+      FactoryBot.create(
+        :access_token, application_id: pre_auth.client.id,
+                       resource_owner_id: owner.id, scopes: "public",
+      )
 
-        expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
-      end
+      expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
+    end
 
-      it "creates new token if there is a matching one but non reusable" do
-        allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
-        allow(application.scopes).to receive(:has_scopes?).and_return(true)
-        allow(application.scopes).to receive(:all?).and_return(true)
+    it "creates new token if there is a matching one but non reusable" do
+      allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+      allow(application.scopes).to receive(:has_scopes?).and_return(true)
+      allow(application.scopes).to receive(:all?).and_return(true)
 
-        FactoryBot.create(:access_token, application_id: pre_auth.client.id,
-                                         resource_owner_id: owner.id, scopes: "public")
+      FactoryBot.create(
+        :access_token, application_id: pre_auth.client.id,
+                       resource_owner_id: owner.id, scopes: "public",
+      )
 
-        allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
+      allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
 
-        expect do
-          subject.authorize
-        end.to change { Doorkeeper::AccessToken.count }.by(1)
-      end
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
     end
   end
 end

data/spec/lib/oauth/token_response_spec.rb

@@ -2,85 +2,83 @@
 
 require "spec_helper"
 
-module Doorkeeper::OAuth
-  describe TokenResponse do
-    subject { TokenResponse.new(double.as_null_object) }
-
-    it "includes access token response headers" do
-      headers = subject.headers
-      expect(headers.fetch("Cache-Control")).to eq("no-store")
-      expect(headers.fetch("Pragma")).to eq("no-cache")
+describe Doorkeeper::OAuth::TokenResponse do
+  subject { described_class.new(double.as_null_object) }
+
+  it "includes access token response headers" do
+    headers = subject.headers
+    expect(headers.fetch("Cache-Control")).to eq("no-store")
+    expect(headers.fetch("Pragma")).to eq("no-cache")
+  end
+
+  it "status is ok" do
+    expect(subject.status).to eq(:ok)
+  end
+
+  describe ".body" do
+    let(:access_token) do
+      double :access_token,
+             plaintext_token: "some-token",
+             expires_in: "3600",
+             expires_in_seconds: "300",
+             scopes_string: "two scopes",
+             plaintext_refresh_token: "some-refresh-token",
+             token_type: "bearer",
+             created_at: 0
+    end
+
+    subject { described_class.new(access_token).body }
+
+    it "includes :access_token" do
+      expect(subject["access_token"]).to eq("some-token")
+    end
+
+    it "includes :token_type" do
+      expect(subject["token_type"]).to eq("bearer")
+    end
+
+    # expires_in_seconds is returned as `expires_in` in order to match
+    # the OAuth spec (section 4.2.2)
+    it "includes :expires_in" do
+      expect(subject["expires_in"]).to eq("300")
+    end
+
+    it "includes :scope" do
+      expect(subject["scope"]).to eq("two scopes")
     end
 
-    it "status is ok" do
-      expect(subject.status).to eq(:ok)
+    it "includes :refresh_token" do
+      expect(subject["refresh_token"]).to eq("some-refresh-token")
+    end
+
+    it "includes :created_at" do
+      expect(subject["created_at"]).to eq(0)
+    end
+  end
+
+  describe ".body filters out empty values" do
+    let(:access_token) do
+      double :access_token,
+             plaintext_token: "some-token",
+             expires_in_seconds: "",
+             scopes_string: "",
+             plaintext_refresh_token: "",
+             token_type: "bearer",
+             created_at: 0
+    end
+
+    subject { described_class.new(access_token).body }
+
+    it "includes :expires_in" do
+      expect(subject["expires_in"]).to be_nil
     end
 
-    describe ".body" do
-      let(:access_token) do
-        double :access_token,
-               plaintext_token: "some-token",
-               expires_in: "3600",
-               expires_in_seconds: "300",
-               scopes_string: "two scopes",
-               plaintext_refresh_token: "some-refresh-token",
-               token_type: "bearer",
-               created_at: 0
-      end
-
-      subject { TokenResponse.new(access_token).body }
-
-      it "includes :access_token" do
-        expect(subject["access_token"]).to eq("some-token")
-      end
-
-      it "includes :token_type" do
-        expect(subject["token_type"]).to eq("bearer")
-      end
-
-      # expires_in_seconds is returned as `expires_in` in order to match
-      # the OAuth spec (section 4.2.2)
-      it "includes :expires_in" do
-        expect(subject["expires_in"]).to eq("300")
-      end
-
-      it "includes :scope" do
-        expect(subject["scope"]).to eq("two scopes")
-      end
-
-      it "includes :refresh_token" do
-        expect(subject["refresh_token"]).to eq("some-refresh-token")
-      end
-
-      it "includes :created_at" do
-        expect(subject["created_at"]).to eq(0)
-      end
+    it "includes :scope" do
+      expect(subject["scope"]).to be_nil
     end
 
-    describe ".body filters out empty values" do
-      let(:access_token) do
-        double :access_token,
-               plaintext_token: "some-token",
-               expires_in_seconds: "",
-               scopes_string: "",
-               plaintext_refresh_token: "",
-               token_type: "bearer",
-               created_at: 0
-      end
-
-      subject { TokenResponse.new(access_token).body }
-
-      it "includes :expires_in" do
-        expect(subject["expires_in"]).to be_nil
-      end
-
-      it "includes :scope" do
-        expect(subject["scope"]).to be_nil
-      end
-
-      it "includes :refresh_token" do
-        expect(subject["refresh_token"]).to be_nil
-      end
+    it "includes :refresh_token" do
+      expect(subject["refresh_token"]).to be_nil
     end
   end
 end

data/spec/lib/oauth/token_spec.rb

@@ -7,152 +7,150 @@ module Doorkeeper
     class AccessToken
     end
   end
+end
 
-  module OAuth
-    describe Token do
-      describe :from_request do
-        let(:request) { double.as_null_object }
+describe Doorkeeper::OAuth::Token do
+  describe ".from_request" do
+    let(:request) { double.as_null_object }
 
-        let(:method) do
-          ->(*) { "token-value" }
-        end
+    let(:method) do
+      ->(*) { "token-value" }
+    end
 
-        it "accepts anything that responds to #call" do
-          expect(method).to receive(:call).with(request)
-          Token.from_request request, method
-        end
+    it "accepts anything that responds to #call" do
+      expect(method).to receive(:call).with(request)
+      described_class.from_request request, method
+    end
 
-        it "delegates methods received as symbols to Token class" do
-          expect(Token).to receive(:from_params).with(request)
-          Token.from_request request, :from_params
-        end
+    it "delegates methods received as symbols to described_class class" do
+      expect(described_class).to receive(:from_params).with(request)
+      described_class.from_request request, :from_params
+    end
 
-        it "stops at the first credentials found" do
-          not_called_method = double
-          expect(not_called_method).not_to receive(:call)
-          Token.from_request request, ->(_r) {}, method, not_called_method
-        end
+    it "stops at the first credentials found" do
+      not_called_method = double
+      expect(not_called_method).not_to receive(:call)
+      described_class.from_request request, ->(_r) {}, method, not_called_method
+    end
 
-        it "returns the credential from extractor method" do
-          credentials = Token.from_request request, method
-          expect(credentials).to eq("token-value")
-        end
-      end
+    it "returns the credential from extractor method" do
+      credentials = described_class.from_request request, method
+      expect(credentials).to eq("token-value")
+    end
+  end
 
-      describe :from_access_token_param do
-        it "returns token from access_token parameter" do
-          request = double parameters: { access_token: "some-token" }
-          token   = Token.from_access_token_param(request)
-          expect(token).to eq("some-token")
-        end
-      end
+  describe ".from_access_token_param" do
+    it "returns token from access_token parameter" do
+      request = double parameters: { access_token: "some-token" }
+      token   = described_class.from_access_token_param(request)
+      expect(token).to eq("some-token")
+    end
+  end
 
-      describe :from_bearer_param do
-        it "returns token from bearer_token parameter" do
-          request = double parameters: { bearer_token: "some-token" }
-          token   = Token.from_bearer_param(request)
-          expect(token).to eq("some-token")
-        end
-      end
+  describe ".from_bearer_param" do
+    it "returns token from bearer_token parameter" do
+      request = double parameters: { bearer_token: "some-token" }
+      token   = described_class.from_bearer_param(request)
+      expect(token).to eq("some-token")
+    end
+  end
 
-      describe :from_bearer_authorization do
-        it "returns token from capitalized authorization bearer" do
-          request = double authorization: "Bearer SomeToken"
-          token   = Token.from_bearer_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+  describe ".from_bearer_authorization" do
+    it "returns token from capitalized authorization bearer" do
+      request = double authorization: "Bearer SomeToken"
+      token   = described_class.from_bearer_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
 
-        it "returns token from lowercased authorization bearer" do
-          request = double authorization: "bearer SomeToken"
-          token   = Token.from_bearer_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+    it "returns token from lowercased authorization bearer" do
+      request = double authorization: "bearer SomeToken"
+      token   = described_class.from_bearer_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
 
-        it "does not return token if authorization is not bearer" do
-          request = double authorization: "MAC SomeToken"
-          token   = Token.from_bearer_authorization(request)
-          expect(token).to be_blank
-        end
-      end
+    it "does not return token if authorization is not bearer" do
+      request = double authorization: "MAC SomeToken"
+      token   = described_class.from_bearer_authorization(request)
+      expect(token).to be_blank
+    end
+  end
 
-      describe :from_basic_authorization do
-        it "returns token from capitalized authorization basic" do
-          request = double authorization: "Basic #{Base64.encode64 "SomeToken:"}"
-          token   = Token.from_basic_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+  describe ".from_basic_authorization" do
+    it "returns token from capitalized authorization basic" do
+      request = double authorization: "Basic #{Base64.encode64 "SomeToken:"}"
+      token   = described_class.from_basic_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
 
-        it "returns token from lowercased authorization basic" do
-          request = double authorization: "basic #{Base64.encode64 "SomeToken:"}"
-          token   = Token.from_basic_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+    it "returns token from lowercased authorization basic" do
+      request = double authorization: "basic #{Base64.encode64 "SomeToken:"}"
+      token   = described_class.from_basic_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
 
-        it "does not return token if authorization is not basic" do
-          request = double authorization: "MAC #{Base64.encode64 "SomeToken:"}"
-          token   = Token.from_basic_authorization(request)
-          expect(token).to be_blank
+    it "does not return token if authorization is not basic" do
+      request = double authorization: "MAC #{Base64.encode64 "SomeToken:"}"
+      token   = described_class.from_basic_authorization(request)
+      expect(token).to be_blank
+    end
+  end
+
+  describe ".authenticate" do
+    context "refresh tokens are disabled (default)" do
+      context "refresh tokens are enabled" do
+        it "does not revoke previous refresh_token if token was found" do
+          token = ->(_r) { "token" }
+          expect(
+            Doorkeeper::AccessToken,
+          ).to receive(:by_token).with("token").and_return(token)
+          expect(token).not_to receive(:revoke_previous_refresh_token!)
+          described_class.authenticate double, token
         end
       end
 
-      describe :authenticate do
-        context "refresh tokens are disabled (default)" do
-          context "refresh tokens are enabled" do
-            it "does not revoke previous refresh_token if token was found" do
-              token = ->(_r) { "token" }
-              expect(
-                AccessToken
-              ).to receive(:by_token).with("token").and_return(token)
-              expect(token).not_to receive(:revoke_previous_refresh_token!)
-              Token.authenticate double, token
-            end
-          end
-
-          it "calls the finder if token was returned" do
-            token = ->(_r) { "token" }
-            expect(AccessToken).to receive(:by_token).with("token")
-            Token.authenticate double, token
-          end
-        end
+      it "calls the finder if token was returned" do
+        token = ->(_r) { "token" }
+        expect(Doorkeeper::AccessToken).to receive(:by_token).with("token")
+        described_class.authenticate double, token
+      end
+    end
 
-        context "token hashing is enabled" do
-          include_context "with token hashing enabled"
+    context "token hashing is enabled" do
+      include_context "with token hashing enabled"
 
-          let(:hashed_token) { hashed_or_plain_token_func.call("token") }
-          let(:token) { ->(_r) { "token" } }
+      let(:hashed_token) { hashed_or_plain_token_func.call("token") }
+      let(:token) { ->(_r) { "token" } }
 
-          it "searches with the hashed token" do
-            expect(
-              AccessToken
-            ).to receive(:find_by).with(token: hashed_token).and_return(token)
-            Token.authenticate double, token
-          end
-        end
+      it "searches with the hashed token" do
+        expect(
+          Doorkeeper::AccessToken,
+        ).to receive(:find_by).with(token: hashed_token).and_return(token)
+        described_class.authenticate double, token
+      end
+    end
 
-        context "refresh tokens are enabled" do
-          before do
-            Doorkeeper.configure do
-              orm DOORKEEPER_ORM
-              use_refresh_token
-            end
-          end
-
-          it "revokes previous refresh_token if token was found" do
-            token = ->(_r) { "token" }
-            expect(
-              AccessToken
-            ).to receive(:by_token).with("token").and_return(token)
-            expect(token).to receive(:revoke_previous_refresh_token!)
-            Token.authenticate double, token
-          end
-
-          it "calls the finder if token was returned" do
-            token = ->(_r) { "token" }
-            expect(AccessToken).to receive(:by_token).with("token")
-            Token.authenticate double, token
-          end
+    context "refresh tokens are enabled" do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          use_refresh_token
         end
       end
+
+      it "revokes previous refresh_token if token was found" do
+        token = ->(_r) { "token" }
+        expect(
+          Doorkeeper::AccessToken,
+        ).to receive(:by_token).with("token").and_return(token)
+        expect(token).to receive(:revoke_previous_refresh_token!)
+        described_class.authenticate double, token
+      end
+
+      it "calls the finder if token was returned" do
+        token = ->(_r) { "token" }
+        expect(Doorkeeper::AccessToken).to receive(:by_token).with("token")
+        described_class.authenticate double, token
+      end
     end
   end
 end