doorkeeper 5.2.6 → 5.3.0

data/spec/controllers/protected_resources_controller_spec.rb

@@ -28,9 +28,11 @@ describe "doorkeeper authorize filter" do
 
     let(:token_string) { "1A2BC3" }
     let(:token) do
-      double(Doorkeeper::AccessToken,
-             acceptable?: true, previous_refresh_token: "",
-             revoke_previous_refresh_token!: true)
+      double(
+        Doorkeeper::AccessToken,
+        acceptable?: true, previous_refresh_token: "",
+        revoke_previous_refresh_token!: true,
+      )
     end
 
     it "access_token param" do
@@ -108,13 +110,15 @@ describe "doorkeeper authorize filter" do
     let(:token_string) { "1A2DUWE" }
 
     it "allows if the token has particular scopes" do
-      token = double(Doorkeeper::AccessToken,
-                     accessible?: true, scopes: %w[write public],
-                     previous_refresh_token: "",
-                     revoke_previous_refresh_token!: true)
+      token = double(
+        Doorkeeper::AccessToken,
+        accessible?: true, scopes: %w[write public],
+        previous_refresh_token: "",
+        revoke_previous_refresh_token!: true,
+      )
       expect(token).to receive(:acceptable?).with([:write]).and_return(true)
       expect(
-        Doorkeeper::AccessToken
+        Doorkeeper::AccessToken,
       ).to receive(:by_token).with(token_string).and_return(token)
 
       get :index, params: { access_token: token_string }
@@ -122,12 +126,14 @@ describe "doorkeeper authorize filter" do
     end
 
     it "does not allow if the token does not include given scope" do
-      token = double(Doorkeeper::AccessToken,
-                     accessible?: true, scopes: ["public"], revoked?: false,
-                     expired?: false, previous_refresh_token: "",
-                     revoke_previous_refresh_token!: true)
+      token = double(
+        Doorkeeper::AccessToken,
+        accessible?: true, scopes: ["public"], revoked?: false,
+        expired?: false, previous_refresh_token: "",
+        revoke_previous_refresh_token!: true,
+      )
       expect(
-        Doorkeeper::AccessToken
+        Doorkeeper::AccessToken,
       ).to receive(:by_token).with(token_string).and_return(token)
       expect(token).to receive(:acceptable?).with([:write]).and_return(false)
 
@@ -224,10 +230,12 @@ describe "doorkeeper authorize filter" do
     end
 
     let(:token) do
-      double(Doorkeeper::AccessToken,
-             accessible?: true, scopes: ["public"], revoked?: false,
-             expired?: false, previous_refresh_token: "",
-             revoke_previous_refresh_token!: true)
+      double(
+        Doorkeeper::AccessToken,
+        accessible?: true, scopes: ["public"], revoked?: false,
+        expired?: false, previous_refresh_token: "",
+        revoke_previous_refresh_token!: true,
+      )
     end
 
     let(:token_string) { "1A2DUWE" }

data/spec/controllers/token_info_controller_spec.rb

@@ -42,7 +42,7 @@ describe Doorkeeper::TokenInfoController do
         get :show
 
         expect(response.body).to eq(
-          Doorkeeper::OAuth::InvalidTokenResponse.new.body.to_json
+          Doorkeeper::OAuth::InvalidTokenResponse.new.body.to_json,
         )
       end
     end

data/spec/controllers/tokens_controller_spec.rb

@@ -142,7 +142,7 @@ describe Doorkeeper::TokensController do
       allow(I18n).to receive(:translate)
         .with(
           custom_message,
-          hash_including(scope: %i[doorkeeper errors messages])
+          hash_including(scope: %i[doorkeeper errors messages]),
         )
         .and_return("Authorization custom message")
 

data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb

@@ -25,14 +25,14 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
       t.text     :redirect_uri,      null: false
       t.datetime :created_at,        null: false
       t.datetime :revoked_at
-      t.string   :scopes,            null: false, default: ""
+      t.string   :scopes, null: false, default: ""
     end
 
     add_index :oauth_access_grants, :token, unique: true
     add_foreign_key(
       :oauth_access_grants,
       :oauth_applications,
-      column: :application_id
+      column: :application_id,
     )
 
     create_table :oauth_access_tokens do |t|
@@ -59,7 +59,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
     add_foreign_key(
       :oauth_access_tokens,
       :oauth_applications,
-      column: :application_id
+      column: :application_id,
     )
 
     # Uncomment below to ensure a valid reference to the resource owner's table

data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb

@@ -7,7 +7,7 @@ class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration[4.2]
       :previous_refresh_token,
       :string,
       default: "",
-      null: false
+      null: false,
     )
   end
 end

data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb

@@ -7,7 +7,7 @@ class AddConfidentialToApplications < ActiveRecord::Migration[5.1]
       :confidential,
       :boolean,
       null: false,
-      default: true # maintaining backwards compatibility: require secrets
+      default: true, # maintaining backwards compatibility: require secrets
     )
   end
 end

data/spec/generators/install_generator_spec.rb

@@ -16,7 +16,7 @@ describe "Doorkeeper::InstallGenerator" do
       FileUtils.mkdir(::File.expand_path("db", Pathname(destination_root)))
       FileUtils.copy_file(
         ::File.expand_path("../templates/routes.rb", __FILE__),
-        ::File.expand_path("config/routes.rb", Pathname.new(destination_root))
+        ::File.expand_path("config/routes.rb", Pathname.new(destination_root)),
       )
       run_generator
     end

data/spec/generators/previous_refresh_token_generator_spec.rb

@@ -14,7 +14,7 @@ describe "Doorkeeper::PreviousRefreshTokenGenerator" do
       prepare_destination
 
       allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
-        receive(:no_previous_refresh_token_column?).and_return(true)
+        receive(:no_previous_refresh_token_column?).and_return(true),
       )
     end
 
@@ -32,7 +32,7 @@ describe "Doorkeeper::PreviousRefreshTokenGenerator" do
     context "already exist" do
       it "does not create a migration" do
         allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
-          receive(:no_previous_refresh_token_column?).and_call_original
+          receive(:no_previous_refresh_token_column?).and_call_original,
         )
 
         run_generator

data/spec/helpers/doorkeeper/dashboard_helper_spec.rb

@@ -11,7 +11,7 @@ describe Doorkeeper::DashboardHelper do
       it "returns error messages" do
         messages.each do |message|
           expect(helper.doorkeeper_errors_for(object, :method)).to include(
-            message.capitalize
+            message.capitalize,
           )
         end
       end

data/spec/lib/config_spec.rb

@@ -22,7 +22,7 @@ describe Doorkeeper, "configuration" do
       end
 
       expect(Rails.logger).to receive(:warn).with(
-        I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured")
+        I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured"),
       )
       subject.authenticate_resource_owner.call(nil)
     end
@@ -45,7 +45,7 @@ describe Doorkeeper, "configuration" do
       end
 
       expect(Rails.logger).to receive(:warn).with(
-        I18n.t("doorkeeper.errors.messages.credential_flow_not_configured")
+        I18n.t("doorkeeper.errors.messages.credential_flow_not_configured"),
       )
       subject.resource_owner_from_credentials.call(nil)
     end
@@ -471,7 +471,7 @@ describe Doorkeeper, "configuration" do
   describe "access_token_generator" do
     it "is 'Doorkeeper::OAuth::Helpers::UniqueToken' by default" do
       expect(Doorkeeper.configuration.access_token_generator).to(
-        eq("Doorkeeper::OAuth::Helpers::UniqueToken")
+        eq("Doorkeeper::OAuth::Helpers::UniqueToken"),
       )
     end
 
@@ -549,6 +549,8 @@ describe Doorkeeper, "configuration" do
   end
 
   if DOORKEEPER_ORM == :active_record
+    class FakeCustomModel; end
+
     describe "active_record_options" do
       let(:models) { [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application] }
 
@@ -566,40 +568,76 @@ describe Doorkeeper, "configuration" do
         Doorkeeper.configure do
           orm DOORKEEPER_ORM
           active_record_options(
-            establish_connection: Rails.configuration.database_configuration[Rails.env]
+            establish_connection: Rails.configuration.database_configuration[Rails.env],
           )
         end
       end
     end
-  end
 
-  describe "api_only" do
-    it "is false by default" do
-      expect(subject.api_only).to eq(false)
+    describe "access_token_class" do
+      it "uses default doorkeeper value" do
+        expect(subject.access_token_class).to eq("Doorkeeper::AccessToken")
+        expect(subject.access_token_model).to be(Doorkeeper::AccessToken)
+      end
+
+      it "can change the value" do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_token_class "FakeCustomModel"
+        end
+
+        expect(subject.access_token_class).to eq("FakeCustomModel")
+        expect(subject.access_token_model).to be(FakeCustomModel)
+      end
     end
 
-    it "can change the value" do
-      Doorkeeper.configure do
-        orm DOORKEEPER_ORM
-        api_only
+    describe "access_grant_class" do
+      it "uses default doorkeeper value" do
+        expect(subject.access_grant_class).to eq("Doorkeeper::AccessGrant")
+        expect(subject.access_grant_model).to be(Doorkeeper::AccessGrant)
       end
 
-      expect(subject.api_only).to eq(true)
+      it "can change the value" do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          access_grant_class "FakeCustomModel"
+        end
+
+        expect(subject.access_grant_class).to eq("FakeCustomModel")
+        expect(subject.access_grant_model).to be(FakeCustomModel)
+      end
+    end
+
+    describe "application_class" do
+      it "uses default doorkeeper value" do
+        expect(subject.application_class).to eq("Doorkeeper::Application")
+        expect(subject.application_model).to be(Doorkeeper::Application)
+      end
+
+      it "can change the value" do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          application_class "FakeCustomModel"
+        end
+
+        expect(subject.application_class).to eq("FakeCustomModel")
+        expect(subject.application_model).to be(FakeCustomModel)
+      end
     end
   end
 
-  describe "token_lookup_batch_size" do
-    it "uses default doorkeeper value" do
-      expect(subject.token_lookup_batch_size).to eq(10_000)
+  describe "api_only" do
+    it "is false by default" do
+      expect(subject.api_only).to eq(false)
     end
 
     it "can change the value" do
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        token_lookup_batch_size 100_000
+        api_only
       end
 
-      expect(subject.token_lookup_batch_size).to eq(100_000)
+      expect(subject.api_only).to eq(true)
     end
   end
 
@@ -666,8 +704,10 @@ describe Doorkeeper, "configuration" do
           Doorkeeper.configure do
             hash_token_secrets using: "Doorkeeper::SecretStoring::BCrypt"
           end
-        end.to raise_error(ArgumentError,
-                           /can only be used for storing application secrets/)
+        end.to raise_error(
+          ArgumentError,
+          /can only be used for storing application secrets/,
+        )
       end
     end
 
@@ -744,7 +784,7 @@ describe Doorkeeper, "configuration" do
   describe "options deprecation" do
     it "prints a warning message when an option is deprecated" do
       expect(Kernel).to receive(:warn).with(
-        "[DOORKEEPER] native_redirect_uri has been deprecated and will soon be removed"
+        "[DOORKEEPER] native_redirect_uri has been deprecated and will soon be removed",
       )
       Doorkeeper.configure do
         native_redirect_uri "urn:ietf:wg:oauth:2.0:oob"

data/spec/lib/doorkeeper_spec.rb

@@ -7,7 +7,7 @@ describe Doorkeeper do
     let(:request) { double }
 
     it "calls OAuth::Token#authenticate" do
-      token_strategies = Doorkeeper.configuration.access_token_methods
+      token_strategies = Doorkeeper.config.access_token_methods
 
       expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
         .with(request, *token_strategies)

data/spec/lib/models/revocable_spec.rb

@@ -40,15 +40,15 @@ describe "Revocable" do
       `previous_refresh_token` attribute" do
       previous_token = FactoryBot.create(
         :access_token,
-        refresh_token: "refresh_token"
+        refresh_token: "refresh_token",
       )
       current_token = FactoryBot.create(
         :access_token,
-        previous_refresh_token: previous_token.refresh_token
+        previous_refresh_token: previous_token.refresh_token,
       )
 
       expect_any_instance_of(
-        Doorkeeper::AccessToken
+        Doorkeeper::AccessToken,
       ).to receive(:revoke).and_call_original
       current_token.revoke_previous_refresh_token!
 

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -2,167 +2,169 @@
 
 require "spec_helper"
 
-module Doorkeeper::OAuth
-  describe AuthorizationCodeRequest do
-    let(:server) do
-      double :server,
-             access_token_expires_in: 2.days,
-             refresh_token_enabled?: false,
-             custom_access_token_expires_in: lambda { |context|
-               context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
-             }
-    end
+describe Doorkeeper::OAuth::AuthorizationCodeRequest do
+  let(:server) do
+    double :server,
+           access_token_expires_in: 2.days,
+           refresh_token_enabled?: false,
+           custom_access_token_expires_in: lambda { |context|
+             context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
+           }
+  end
 
-    let(:grant)  { FactoryBot.create :access_grant }
-    let(:client) { grant.application }
-    let(:redirect_uri) { client.redirect_uri }
-    let(:params) { { redirect_uri: redirect_uri } }
+  let(:grant)  { FactoryBot.create :access_grant }
+  let(:client) { grant.application }
+  let(:redirect_uri) { client.redirect_uri }
+  let(:params) { { redirect_uri: redirect_uri } }
 
-    before do
-      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-    end
+  before do
+    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
+  end
 
-    subject do
-      AuthorizationCodeRequest.new(server, grant, client, params)
-    end
+  subject do
+    described_class.new(server, grant, client, params)
+  end
 
-    it "issues a new token for the client" do
-      expect do
-        subject.authorize
-      end.to change { client.reload.access_tokens.count }.by(1)
+  it "issues a new token for the client" do
+    expect do
+      subject.authorize
+    end.to change { client.reload.access_tokens.count }.by(1)
 
-      expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
-    end
+    expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
+  end
 
-    it "issues the token with same grant's scopes" do
-      subject.authorize
-      expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
-    end
+  it "issues the token with same grant's scopes" do
+    subject.authorize
+    expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
+  end
 
-    it "revokes the grant" do
-      expect { subject.authorize }.to(change { grant.reload.accessible? })
-    end
+  it "revokes the grant" do
+    expect { subject.authorize }.to(change { grant.reload.accessible? })
+  end
 
-    it "requires the grant to be accessible" do
-      grant.revoke
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
+  it "requires the grant to be accessible" do
+    grant.revoke
+    subject.validate
+    expect(subject.error).to eq(:invalid_grant)
+  end
 
-    it "requires the grant" do
-      subject.grant = nil
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
+  it "requires the grant" do
+    subject.grant = nil
+    subject.validate
+    expect(subject.error).to eq(:invalid_grant)
+  end
 
-    it "requires the client" do
-      subject.client = nil
-      subject.validate
-      expect(subject.error).to eq(:invalid_client)
-    end
+  it "requires the client" do
+    subject.client = nil
+    subject.validate
+    expect(subject.error).to eq(:invalid_client)
+  end
 
-    it "requires the redirect_uri" do
-      subject.redirect_uri = nil
-      subject.validate
-      expect(subject.error).to eq(:invalid_request)
-      expect(subject.missing_param).to eq(:redirect_uri)
-    end
+  it "requires the redirect_uri" do
+    subject.redirect_uri = nil
+    subject.validate
+    expect(subject.error).to eq(:invalid_request)
+    expect(subject.missing_param).to eq(:redirect_uri)
+  end
 
-    it "invalid code_verifier param because server does not support pkce" do
-      # Some other ORMs work relies on #respond_to? so it's not a good idea to stub it :\
-      allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(anything).and_call_original
-      allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(:code_challenge).and_return(false)
+  it "invalid code_verifier param because server does not support pkce" do
+    # Some other ORMs work relies on #respond_to? so it's not a good idea to stub it :\
+    allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(anything).and_call_original
+    allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(:code_challenge).and_return(false)
 
-      subject.code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
-      subject.validate
-      expect(subject.error).to eq(:invalid_request)
-      expect(subject.invalid_request_reason).to eq(:not_support_pkce)
-    end
+    subject.code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
+    subject.validate
+    expect(subject.error).to eq(:invalid_request)
+    expect(subject.invalid_request_reason).to eq(:not_support_pkce)
+  end
 
-    it "matches the redirect_uri with grant's one" do
-      subject.redirect_uri = "http://other.com"
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
+  it "matches the redirect_uri with grant's one" do
+    subject.redirect_uri = "http://other.com"
+    subject.validate
+    expect(subject.error).to eq(:invalid_grant)
+  end
 
-    it "matches the client with grant's one" do
-      subject.client = FactoryBot.create :application
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
+  it "matches the client with grant's one" do
+    subject.client = FactoryBot.create :application
+    subject.validate
+    expect(subject.error).to eq(:invalid_grant)
+  end
+
+  it "skips token creation if there is a matching one reusable" do
+    scopes = grant.scopes
+
+    Doorkeeper.configure do
+      orm DOORKEEPER_ORM
+      reuse_access_token
+      default_scopes(*scopes)
     end
 
-    it "skips token creation if there is a matching one reusable" do
-      scopes = grant.scopes
+    FactoryBot.create(
+      :access_token, application_id: client.id,
+                     resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
+    )
 
-      Doorkeeper.configure do
-        orm DOORKEEPER_ORM
-        reuse_access_token
-        default_scopes(*scopes)
-      end
+    expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
+  end
 
-      FactoryBot.create(:access_token, application_id: client.id,
-                                       resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s)
+  it "creates token if there is a matching one but non reusable" do
+    scopes = grant.scopes
 
-      expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
+    Doorkeeper.configure do
+      orm DOORKEEPER_ORM
+      reuse_access_token
+      default_scopes(*scopes)
     end
 
-    it "creates token if there is a matching one but non reusable" do
-      scopes = grant.scopes
+    FactoryBot.create(
+      :access_token, application_id: client.id,
+                     resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
+    )
 
-      Doorkeeper.configure do
-        orm DOORKEEPER_ORM
-        reuse_access_token
-        default_scopes(*scopes)
-      end
+    allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
 
-      FactoryBot.create(:access_token, application_id: client.id,
-                                       resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s)
+    expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
+  end
 
-      allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
+  it "calls configured request callback methods" do
+    expect(Doorkeeper.configuration.before_successful_strategy_response)
+      .to receive(:call).with(subject).once
+    expect(Doorkeeper.configuration.after_successful_strategy_response)
+      .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
 
-      expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
-    end
+    subject.authorize
+  end
 
-    it "calls configured request callback methods" do
-      expect(Doorkeeper.configuration.before_successful_strategy_response)
-        .to receive(:call).with(subject).once
-      expect(Doorkeeper.configuration.after_successful_strategy_response)
-        .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
+  context "when redirect_uri contains some query params" do
+    let(:redirect_uri) { client.redirect_uri + "?query=q" }
 
-      subject.authorize
+    it "compares only host part with grant's redirect_uri" do
+      subject.validate
+      expect(subject.error).to eq(nil)
     end
+  end
 
-    context "when redirect_uri contains some query params" do
-      let(:redirect_uri) { client.redirect_uri + "?query=q" }
+  context "when redirect_uri is not an URI" do
+    let(:redirect_uri) { "123d#!s" }
 
-      it "compares only host part with grant's redirect_uri" do
-        subject.validate
-        expect(subject.error).to eq(nil)
-      end
+    it "responds with invalid_grant" do
+      subject.validate
+      expect(subject.error).to eq(:invalid_grant)
     end
+  end
 
-    context "when redirect_uri is not an URI" do
-      let(:redirect_uri) { "123d#!s" }
+  context "when redirect_uri is the native one" do
+    let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
 
-      it "responds with invalid_grant" do
-        subject.validate
-        expect(subject.error).to eq(:invalid_grant)
-      end
+    it "invalidates when redirect_uri of the grant is not native" do
+      subject.validate
+      expect(subject.error).to eq(:invalid_grant)
     end
 
-    context "when redirect_uri is the native one" do
-      let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
-
-      it "invalidates when redirect_uri of the grant is not native" do
-        subject.validate
-        expect(subject.error).to eq(:invalid_grant)
-      end
-
-      it "validates when redirect_uri of the grant is also native" do
-        allow(grant).to receive(:redirect_uri) { redirect_uri }
-        subject.validate
-        expect(subject.error).to eq(nil)
-      end
+    it "validates when redirect_uri of the grant is also native" do
+      allow(grant).to receive(:redirect_uri) { redirect_uri }
+      subject.validate
+      expect(subject.error).to eq(nil)
     end
   end
 end