RubyGems - doorkeeper - Versions diffs - 5.2.6 → 5.3.0 - Mend

doorkeeper 5.2.6 → 5.3.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (126) hide show

checksums.yaml +4 -4
data/Appraisals +2 -2
data/CHANGELOG.md +15 -14
data/Gemfile +2 -2
data/app/controllers/doorkeeper/application_controller.rb +2 -2
data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
data/app/controllers/doorkeeper/applications_controller.rb +3 -3
data/app/controllers/doorkeeper/authorizations_controller.rb +2 -2
data/app/controllers/doorkeeper/authorized_applications_controller.rb +3 -3
data/gemfiles/rails_5_0.gemfile +2 -2
data/gemfiles/rails_5_1.gemfile +2 -2
data/gemfiles/rails_5_2.gemfile +2 -2
data/gemfiles/rails_6_0.gemfile +2 -2
data/gemfiles/rails_master.gemfile +2 -2
data/lib/doorkeeper.rb +2 -3
data/lib/doorkeeper/config.rb +71 -39
data/lib/doorkeeper/grape/helpers.rb +1 -1
data/lib/doorkeeper/helpers/controller.rb +10 -8
data/lib/doorkeeper/models/access_grant_mixin.rb +7 -6
data/lib/doorkeeper/models/access_token_mixin.rb +55 -18
data/lib/doorkeeper/models/application_mixin.rb +3 -3
data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
data/lib/doorkeeper/models/concerns/revocable.rb +0 -27
data/lib/doorkeeper/oauth/authorization/code.rb +4 -4
data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
data/lib/doorkeeper/oauth/authorization_code_request.rb +13 -6
data/lib/doorkeeper/oauth/base_request.rb +8 -4
data/lib/doorkeeper/oauth/client.rb +7 -8
data/lib/doorkeeper/oauth/client_credentials/creator.rb +16 -9
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -7
data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +4 -4
data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
data/lib/doorkeeper/oauth/code_response.rb +2 -2
data/lib/doorkeeper/oauth/error.rb +1 -1
data/lib/doorkeeper/oauth/error_response.rb +5 -5
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +7 -5
data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -2
data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
data/lib/doorkeeper/oauth/pre_authorization.rb +7 -5
data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
data/lib/doorkeeper/oauth/token.rb +2 -2
data/lib/doorkeeper/oauth/token_introspection.rb +6 -6
data/lib/doorkeeper/orm/active_record.rb +3 -3
data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
data/lib/doorkeeper/orm/active_record/application.rb +3 -155
data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +53 -0
data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +47 -0
data/lib/doorkeeper/orm/active_record/mixins/application.rb +128 -0
data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +3 -3
data/lib/doorkeeper/rails/helpers.rb +4 -4
data/lib/doorkeeper/rails/routes.rb +5 -7
data/lib/doorkeeper/rake/db.rake +3 -3
data/lib/doorkeeper/request.rb +1 -1
data/lib/doorkeeper/request/authorization_code.rb +3 -3
data/lib/doorkeeper/request/client_credentials.rb +2 -2
data/lib/doorkeeper/request/password.rb +2 -2
data/lib/doorkeeper/request/refresh_token.rb +3 -3
data/lib/doorkeeper/server.rb +1 -1
data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
data/lib/doorkeeper/version.rb +2 -2
data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
data/lib/generators/doorkeeper/migration_generator.rb +1 -1
data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
data/lib/generators/doorkeeper/templates/initializer.rb +39 -8
data/spec/controllers/application_metal_controller_spec.rb +1 -1
data/spec/controllers/applications_controller_spec.rb +3 -2
data/spec/controllers/authorizations_controller_spec.rb +18 -18
data/spec/controllers/protected_resources_controller_spec.rb +25 -17
data/spec/controllers/token_info_controller_spec.rb +1 -1
data/spec/controllers/tokens_controller_spec.rb +1 -1
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -3
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +1 -1
data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +1 -1
data/spec/generators/install_generator_spec.rb +1 -1
data/spec/generators/previous_refresh_token_generator_spec.rb +2 -2
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +61 -21
data/spec/lib/doorkeeper_spec.rb +1 -1
data/spec/lib/models/revocable_spec.rb +3 -3
data/spec/lib/oauth/authorization_code_request_spec.rb +127 -125
data/spec/lib/oauth/base_request_spec.rb +160 -158
data/spec/lib/oauth/base_response_spec.rb +27 -29
data/spec/lib/oauth/client/credentials_spec.rb +1 -1
data/spec/lib/oauth/client_credentials/creator_spec.rb +42 -5
data/spec/lib/oauth/client_credentials/issuer_spec.rb +12 -12
data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
data/spec/lib/oauth/client_credentials_integration_spec.rb +16 -18
data/spec/lib/oauth/client_credentials_request_spec.rb +78 -80
data/spec/lib/oauth/client_spec.rb +26 -26
data/spec/lib/oauth/code_request_spec.rb +34 -34
data/spec/lib/oauth/code_response_spec.rb +21 -25
data/spec/lib/oauth/error_response_spec.rb +42 -44
data/spec/lib/oauth/error_spec.rb +12 -14
data/spec/lib/oauth/forbidden_token_response_spec.rb +11 -13
data/spec/lib/oauth/helpers/scope_checker_spec.rb +30 -18
data/spec/lib/oauth/invalid_request_response_spec.rb +48 -50
data/spec/lib/oauth/invalid_token_response_spec.rb +32 -34
data/spec/lib/oauth/password_access_token_request_spec.rb +145 -147
data/spec/lib/oauth/pre_authorization_spec.rb +159 -161
data/spec/lib/oauth/refresh_token_request_spec.rb +138 -139
data/spec/lib/oauth/scopes_spec.rb +104 -106
data/spec/lib/oauth/token_request_spec.rb +115 -111
data/spec/lib/oauth/token_response_spec.rb +71 -73
data/spec/lib/oauth/token_spec.rb +121 -123
data/spec/models/doorkeeper/access_grant_spec.rb +3 -5
data/spec/models/doorkeeper/access_token_spec.rb +7 -7
data/spec/models/doorkeeper/application_spec.rb +295 -373
data/spec/requests/applications/applications_request_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +5 -3
data/spec/requests/flows/authorization_code_spec.rb +34 -22
data/spec/requests/flows/client_credentials_spec.rb +1 -1
data/spec/requests/flows/password_spec.rb +32 -12
data/spec/requests/flows/refresh_token_spec.rb +19 -19
data/spec/requests/flows/revoke_token_spec.rb +18 -12
data/spec/spec_helper.rb +1 -4
data/spec/support/shared/controllers_shared_context.rb +33 -23
data/spec/validators/redirect_uri_validator_spec.rb +1 -1
metadata +6 -5
data/spec/support/http_method_shim.rb +0 -29

data/spec/requests/applications/applications_request_spec.rb CHANGED

@@ -91,7 +91,7 @@ feature "Adding applications" do
       i_should_see "Whoops! Check your form for possible errors"
       i_should_see Regexp.new(
         I18n.t("activerecord.errors.models.doorkeeper/application.attributes.scopes.not_match_configured"),
-        true
+        true,
       )
     end

data/spec/requests/endpoints/authorization_spec.rb CHANGED

@@ -79,9 +79,11 @@ feature "Authorization endpoint" do
     scenario "raises exception on forged requests" do
       allowing_forgery_protection do
         expect do
-          page.driver.post authorization_endpoint_url(client_id: @client.uid,
-                                                      redirect_uri: @client.redirect_uri,
-                                                      response_type: "code")
+          page.driver.post authorization_endpoint_url(
+            client_id: @client.uid,
+            redirect_uri: @client.redirect_uri,
+            response_type: "code",
+          )
         end.to raise_error(ActionController::InvalidAuthenticityToken)
       end
     end

data/spec/requests/flows/authorization_code_spec.rb CHANGED

@@ -149,8 +149,10 @@ feature "Authorization Code Flow" do
     click_on "Authorize"
     authorization_code = Doorkeeper::AccessGrant.first.token
-    page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid,
-                                        redirect_uri: @client.redirect_uri)
+    page.driver.post token_endpoint_url(
+      code: authorization_code, client_id: @client.uid,
+      redirect_uri: @client.redirect_uri,
+    )
     expect(Doorkeeper::AccessToken.count).to be_zero
@@ -163,8 +165,10 @@ feature "Authorization Code Flow" do
     click_on "Authorize"
     authorization_code = Doorkeeper::AccessGrant.first.token
-    page.driver.post token_endpoint_url(code: authorization_code, client_secret: @client.secret,
-                                        redirect_uri: @client.redirect_uri)
+    page.driver.post token_endpoint_url(
+      code: authorization_code, client_secret: @client.secret,
+      redirect_uri: @client.redirect_uri,
+    )
     expect(Doorkeeper::AccessToken.count).to be_zero
@@ -195,7 +199,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "plain"
+          code_challenge_method: "plain",
         )
         click_on "Authorize"
@@ -219,7 +223,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "plain"
+          code_challenge_method: "plain",
         )
         click_on "Authorize"
@@ -236,9 +240,11 @@ feature "Authorization Code Flow" do
       end
       scenario "mobile app requests an access token with authorization code but without code_verifier" do
-        visit authorization_endpoint_url(client: @client,
-                                         code_challenge: code_challenge,
-                                         code_challenge_method: "plain")
+        visit authorization_endpoint_url(
+          client: @client,
+          code_challenge: code_challenge,
+          code_challenge_method: "plain",
+        )
         click_on "Authorize"
         authorization_code = current_params["code"]
@@ -250,9 +256,11 @@ feature "Authorization Code Flow" do
       end
       scenario "mobile app requests an access token with authorization code with wrong code_verifier" do
-        visit authorization_endpoint_url(client: @client,
-                                         code_challenge: code_challenge,
-                                         code_challenge_method: "plain")
+        visit authorization_endpoint_url(
+          client: @client,
+          code_challenge: code_challenge,
+          code_challenge_method: "plain",
+        )
         click_on "Authorize"
         authorization_code = current_params["code"]
@@ -272,7 +280,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -285,7 +293,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -305,13 +313,17 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
         authorization_code = current_params["code"]
-        page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid,
-                                            redirect_uri: @client.redirect_uri, code_verifier: code_verifier)
+        page.driver.post token_endpoint_url(
+          code: authorization_code,
+          client_id: @client.uid,
+          redirect_uri: @client.redirect_uri,
+          code_verifier: code_verifier,
+        )
         should_not_have_json "access_token"
         should_have_json "error", "invalid_client"
         should_have_json "error_description", translated_error_message(:invalid_client)
@@ -327,7 +339,7 @@ feature "Authorization Code Flow" do
           code: authorization_code,
           client_id: @client.uid,
           redirect_uri: @client.redirect_uri,
-          code_verifier: code_verifier
+          code_verifier: code_verifier,
         )
         should_not_have_json "error"
@@ -340,7 +352,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -356,7 +368,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -372,7 +384,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -381,7 +393,7 @@ feature "Authorization Code Flow" do
           code: authorization_code,
           client: @client,
           code_verifier: code_challenge,
-          code_challenge_method: "plain"
+          code_challenge_method: "plain",
         )
         should_not_have_json "access_token"

data/spec/requests/flows/client_credentials_spec.rb CHANGED

@@ -70,7 +70,7 @@ describe "Client Credentials Request" do
     before do
       Doorkeeper.configuration.instance_variable_set(
         :@allow_grant_flow_for_client,
-        ->(_grant_flow, client) { client.name == "admin" }
+        ->(_grant_flow, client) { client.name == "admin" },
       )
     end

data/spec/requests/flows/password_spec.rb CHANGED

@@ -35,7 +35,7 @@ describe "Resource Owner Password Credentials Flow" do
         before do
           Doorkeeper.configuration.instance_variable_set(
             :@allow_grant_flow_for_client,
-            ->(_grant_flow, client) { client.name == "admin" }
+            ->(_grant_flow, client) { client.name == "admin" },
           )
         end
@@ -46,7 +46,7 @@ describe "Resource Owner Password Credentials Flow" do
             post password_token_endpoint_url(
               client_id: @client.uid,
               client_secret: "foobar",
-              resource_owner: @resource_owner
+              resource_owner: @resource_owner,
             )
           end.not_to(change { Doorkeeper::AccessToken.count })
@@ -99,7 +99,7 @@ describe "Resource Owner Password Credentials Flow" do
               post password_token_endpoint_url(
                 client_id: @client.uid,
                 client_secret: "foobar",
-                resource_owner: @resource_owner
+                resource_owner: @resource_owner,
               )
             end.not_to(change { Doorkeeper::AccessToken.count })
@@ -241,9 +241,11 @@ describe "Resource Owner Password Credentials Flow" do
   context "with invalid scopes" do
     subject do
-      post password_token_endpoint_url(client: @client,
-                                       resource_owner: @resource_owner,
-                                       scope: "random")
+      post password_token_endpoint_url(
+        client: @client,
+        resource_owner: @resource_owner,
+        scope: "random",
+      )
     end
     it "should not issue new token" do
@@ -263,9 +265,11 @@ describe "Resource Owner Password Credentials Flow" do
   context "with invalid user credentials" do
     it "should not issue new token with bad password" do
       expect do
-        post password_token_endpoint_url(client: @client,
-                                         resource_owner_username: @resource_owner.name,
-                                         resource_owner_password: "wrongpassword")
+        post password_token_endpoint_url(
+          client: @client,
+          resource_owner_username: @resource_owner.name,
+          resource_owner_password: "wrongpassword",
+        )
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
@@ -274,14 +278,30 @@ describe "Resource Owner Password Credentials Flow" do
         post password_token_endpoint_url(client: @client)
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
+    it "should not issue new token if resource_owner_from_credentials returned false or nil" do
+      config_is_set(:resource_owner_from_credentials) { false }
+      expect do
+        post password_token_endpoint_url(client: @client)
+      end.to_not(change { Doorkeeper::AccessToken.count })
+      config_is_set(:resource_owner_from_credentials) { nil }
+      expect do
+        post password_token_endpoint_url(client: @client)
+      end.to_not(change { Doorkeeper::AccessToken.count })
+    end
   end
   context "with invalid confidential client credentials" do
     it "should not issue new token with bad client credentials" do
       expect do
-        post password_token_endpoint_url(client_id: @client.uid,
-                                         client_secret: "bad_secret",
-                                         resource_owner: @resource_owner)
+        post password_token_endpoint_url(
+          client_id: @client.uid,
+          client_secret: "bad_secret",
+          resource_owner: @resource_owner,
+        )
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
   end

data/spec/requests/flows/refresh_token_spec.rb CHANGED

@@ -44,17 +44,17 @@ describe "Refresh Token Flow" do
         :access_token,
         application: @client,
         resource_owner_id: 1,
-        use_refresh_token: true
+        use_refresh_token: true,
       )
     end
     context "refresh_token revoked on use" do
       it "client request a token with refresh token" do
         post refresh_token_endpoint_url(
-          client: @client, refresh_token: @token.refresh_token
+          client: @client, refresh_token: @token.refresh_token,
         )
         should_have_json(
-          "refresh_token", Doorkeeper::AccessToken.last.refresh_token
+          "refresh_token", Doorkeeper::AccessToken.last.refresh_token,
         )
         expect(@token.reload).not_to be_revoked
       end
@@ -62,10 +62,10 @@ describe "Refresh Token Flow" do
       it "client request a token with expired access token" do
         @token.update_attribute :expires_in, -100
         post refresh_token_endpoint_url(
-          client: @client, refresh_token: @token.refresh_token
+          client: @client, refresh_token: @token.refresh_token,
         )
         should_have_json(
-          "refresh_token", Doorkeeper::AccessToken.last.refresh_token
+          "refresh_token", Doorkeeper::AccessToken.last.refresh_token,
         )
         expect(@token.reload).not_to be_revoked
       end
@@ -78,10 +78,10 @@ describe "Refresh Token Flow" do
       it "client request a token with refresh token" do
         post refresh_token_endpoint_url(
-          client: @client, refresh_token: @token.refresh_token
+          client: @client, refresh_token: @token.refresh_token,
         )
         should_have_json(
-          "refresh_token", Doorkeeper::AccessToken.last.refresh_token
+          "refresh_token", Doorkeeper::AccessToken.last.refresh_token,
         )
         expect(@token.reload).to be_revoked
       end
@@ -89,10 +89,10 @@ describe "Refresh Token Flow" do
       it "client request a token with expired access token" do
         @token.update_attribute :expires_in, -100
         post refresh_token_endpoint_url(
-          client: @client, refresh_token: @token.refresh_token
+          client: @client, refresh_token: @token.refresh_token,
         )
         should_have_json(
-          "refresh_token", Doorkeeper::AccessToken.last.refresh_token
+          "refresh_token", Doorkeeper::AccessToken.last.refresh_token,
         )
         expect(@token.reload).to be_revoked
       end
@@ -102,7 +102,7 @@ describe "Refresh Token Flow" do
       let(:public_client) do
         FactoryBot.create(
           :application,
-          confidential: false
+          confidential: false,
         )
       end
@@ -111,7 +111,7 @@ describe "Refresh Token Flow" do
           :access_token,
           application: @client,
           resource_owner_id: 1,
-          use_refresh_token: true
+          use_refresh_token: true,
         )
       end
@@ -120,14 +120,14 @@ describe "Refresh Token Flow" do
           :access_token,
           application: public_client,
           resource_owner_id: 1,
-          use_refresh_token: true
+          use_refresh_token: true,
         )
       end
       it "issues a new token without client_secret when refresh token was issued to a public client" do
         post refresh_token_endpoint_url(
           client_id: public_client.uid,
-          refresh_token: token_for_public_client.refresh_token
+          refresh_token: token_for_public_client.refresh_token,
         )
         new_token = Doorkeeper::AccessToken.last
@@ -146,7 +146,7 @@ describe "Refresh Token Flow" do
         post refresh_token_endpoint_url(
           client_id: "1",
           client_secret: "1",
-          refresh_token: token_for_private_client.refresh_token
+          refresh_token: token_for_private_client.refresh_token,
         )
         should_not_have_json "refresh_token"
@@ -185,7 +185,7 @@ describe "Refresh Token Flow" do
       end
       create_resource_owner
       _another_token = post password_token_endpoint_url(
-        client: @client, resource_owner: @resource_owner
+        client: @client, resource_owner: @resource_owner,
       )
       last_token.update_attribute :created_at, 5.seconds.ago
@@ -193,7 +193,7 @@ describe "Refresh Token Flow" do
         :access_token,
         application: @client,
         resource_owner_id: @resource_owner.id,
-        use_refresh_token: true
+        use_refresh_token: true,
       )
       @token.update_attribute :expires_in, -100
     end
@@ -201,7 +201,7 @@ describe "Refresh Token Flow" do
     context "refresh_token revoked on use" do
       it "client request a token after creating another token with the same user" do
         post refresh_token_endpoint_url(
-          client: @client, refresh_token: @token.refresh_token
+          client: @client, refresh_token: @token.refresh_token,
         )
         should_have_json "refresh_token", last_token.refresh_token
@@ -216,7 +216,7 @@ describe "Refresh Token Flow" do
       it "client request a token after creating another token with the same user" do
         post refresh_token_endpoint_url(
-          client: @client, refresh_token: @token.refresh_token
+          client: @client, refresh_token: @token.refresh_token,
         )
         should_have_json "refresh_token", last_token.refresh_token
@@ -226,7 +226,7 @@ describe "Refresh Token Flow" do
     def last_token
       Doorkeeper::AccessToken.last_authorized_token_for(
-        @client.id, @resource_owner.id
+        @client.id, @resource_owner.id,
       )
     end
   end

data/spec/requests/flows/revoke_token_spec.rb CHANGED

@@ -11,10 +11,12 @@ describe "Revoke Token Flow" do
     let(:client_application) { FactoryBot.create :application }
     let(:resource_owner) { User.create!(name: "John", password: "sekret") }
     let(:access_token) do
-      FactoryBot.create(:access_token,
-                        application: client_application,
-                        resource_owner_id: resource_owner.id,
-                        use_refresh_token: true)
+      FactoryBot.create(
+        :access_token,
+        application: client_application,
+        resource_owner_id: resource_owner.id,
+        use_refresh_token: true,
+      )
     end
     context "with authenticated, confidential OAuth 2.0 client/application" do
@@ -100,10 +102,12 @@ describe "Revoke Token Flow" do
     context "with public OAuth 2.0 client/application" do
       let(:access_token) do
-        FactoryBot.create(:access_token,
-                          application: nil,
-                          resource_owner_id: resource_owner.id,
-                          use_refresh_token: true)
+        FactoryBot.create(
+          :access_token,
+          application: nil,
+          resource_owner_id: resource_owner.id,
+          use_refresh_token: true,
+        )
       end
       it "should revoke the access token provided" do
@@ -122,10 +126,12 @@ describe "Revoke Token Flow" do
       context "with a valid token issued for a confidential client" do
         let(:access_token) do
-          FactoryBot.create(:access_token,
-                            application: client_application,
-                            resource_owner_id: resource_owner.id,
-                            use_refresh_token: true)
+          FactoryBot.create(
+            :access_token,
+            application: client_application,
+            resource_owner_id: resource_owner.id,
+            use_refresh_token: true,
+          )
         end
         it "should not revoke the access token provided" do