RubyGems - doorkeeper - Versions diffs - 5.2.6 → 5.3.0 - Mend

doorkeeper 5.2.6 → 5.3.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (126) hide show

checksums.yaml +4 -4
data/Appraisals +2 -2
data/CHANGELOG.md +15 -14
data/Gemfile +2 -2
data/app/controllers/doorkeeper/application_controller.rb +2 -2
data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
data/app/controllers/doorkeeper/applications_controller.rb +3 -3
data/app/controllers/doorkeeper/authorizations_controller.rb +2 -2
data/app/controllers/doorkeeper/authorized_applications_controller.rb +3 -3
data/gemfiles/rails_5_0.gemfile +2 -2
data/gemfiles/rails_5_1.gemfile +2 -2
data/gemfiles/rails_5_2.gemfile +2 -2
data/gemfiles/rails_6_0.gemfile +2 -2
data/gemfiles/rails_master.gemfile +2 -2
data/lib/doorkeeper.rb +2 -3
data/lib/doorkeeper/config.rb +71 -39
data/lib/doorkeeper/grape/helpers.rb +1 -1
data/lib/doorkeeper/helpers/controller.rb +10 -8
data/lib/doorkeeper/models/access_grant_mixin.rb +7 -6
data/lib/doorkeeper/models/access_token_mixin.rb +55 -18
data/lib/doorkeeper/models/application_mixin.rb +3 -3
data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
data/lib/doorkeeper/models/concerns/revocable.rb +0 -27
data/lib/doorkeeper/oauth/authorization/code.rb +4 -4
data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
data/lib/doorkeeper/oauth/authorization_code_request.rb +13 -6
data/lib/doorkeeper/oauth/base_request.rb +8 -4
data/lib/doorkeeper/oauth/client.rb +7 -8
data/lib/doorkeeper/oauth/client_credentials/creator.rb +16 -9
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -7
data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +4 -4
data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
data/lib/doorkeeper/oauth/code_response.rb +2 -2
data/lib/doorkeeper/oauth/error.rb +1 -1
data/lib/doorkeeper/oauth/error_response.rb +5 -5
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +7 -5
data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -2
data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
data/lib/doorkeeper/oauth/pre_authorization.rb +7 -5
data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
data/lib/doorkeeper/oauth/token.rb +2 -2
data/lib/doorkeeper/oauth/token_introspection.rb +6 -6
data/lib/doorkeeper/orm/active_record.rb +3 -3
data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
data/lib/doorkeeper/orm/active_record/application.rb +3 -155
data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +53 -0
data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +47 -0
data/lib/doorkeeper/orm/active_record/mixins/application.rb +128 -0
data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +3 -3
data/lib/doorkeeper/rails/helpers.rb +4 -4
data/lib/doorkeeper/rails/routes.rb +5 -7
data/lib/doorkeeper/rake/db.rake +3 -3
data/lib/doorkeeper/request.rb +1 -1
data/lib/doorkeeper/request/authorization_code.rb +3 -3
data/lib/doorkeeper/request/client_credentials.rb +2 -2
data/lib/doorkeeper/request/password.rb +2 -2
data/lib/doorkeeper/request/refresh_token.rb +3 -3
data/lib/doorkeeper/server.rb +1 -1
data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
data/lib/doorkeeper/version.rb +2 -2
data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
data/lib/generators/doorkeeper/migration_generator.rb +1 -1
data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
data/lib/generators/doorkeeper/templates/initializer.rb +39 -8
data/spec/controllers/application_metal_controller_spec.rb +1 -1
data/spec/controllers/applications_controller_spec.rb +3 -2
data/spec/controllers/authorizations_controller_spec.rb +18 -18
data/spec/controllers/protected_resources_controller_spec.rb +25 -17
data/spec/controllers/token_info_controller_spec.rb +1 -1
data/spec/controllers/tokens_controller_spec.rb +1 -1
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -3
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +1 -1
data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +1 -1
data/spec/generators/install_generator_spec.rb +1 -1
data/spec/generators/previous_refresh_token_generator_spec.rb +2 -2
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +61 -21
data/spec/lib/doorkeeper_spec.rb +1 -1
data/spec/lib/models/revocable_spec.rb +3 -3
data/spec/lib/oauth/authorization_code_request_spec.rb +127 -125
data/spec/lib/oauth/base_request_spec.rb +160 -158
data/spec/lib/oauth/base_response_spec.rb +27 -29
data/spec/lib/oauth/client/credentials_spec.rb +1 -1
data/spec/lib/oauth/client_credentials/creator_spec.rb +42 -5
data/spec/lib/oauth/client_credentials/issuer_spec.rb +12 -12
data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
data/spec/lib/oauth/client_credentials_integration_spec.rb +16 -18
data/spec/lib/oauth/client_credentials_request_spec.rb +78 -80
data/spec/lib/oauth/client_spec.rb +26 -26
data/spec/lib/oauth/code_request_spec.rb +34 -34
data/spec/lib/oauth/code_response_spec.rb +21 -25
data/spec/lib/oauth/error_response_spec.rb +42 -44
data/spec/lib/oauth/error_spec.rb +12 -14
data/spec/lib/oauth/forbidden_token_response_spec.rb +11 -13
data/spec/lib/oauth/helpers/scope_checker_spec.rb +30 -18
data/spec/lib/oauth/invalid_request_response_spec.rb +48 -50
data/spec/lib/oauth/invalid_token_response_spec.rb +32 -34
data/spec/lib/oauth/password_access_token_request_spec.rb +145 -147
data/spec/lib/oauth/pre_authorization_spec.rb +159 -161
data/spec/lib/oauth/refresh_token_request_spec.rb +138 -139
data/spec/lib/oauth/scopes_spec.rb +104 -106
data/spec/lib/oauth/token_request_spec.rb +115 -111
data/spec/lib/oauth/token_response_spec.rb +71 -73
data/spec/lib/oauth/token_spec.rb +121 -123
data/spec/models/doorkeeper/access_grant_spec.rb +3 -5
data/spec/models/doorkeeper/access_token_spec.rb +7 -7
data/spec/models/doorkeeper/application_spec.rb +295 -373
data/spec/requests/applications/applications_request_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +5 -3
data/spec/requests/flows/authorization_code_spec.rb +34 -22
data/spec/requests/flows/client_credentials_spec.rb +1 -1
data/spec/requests/flows/password_spec.rb +32 -12
data/spec/requests/flows/refresh_token_spec.rb +19 -19
data/spec/requests/flows/revoke_token_spec.rb +18 -12
data/spec/spec_helper.rb +1 -4
data/spec/support/shared/controllers_shared_context.rb +33 -23
data/spec/validators/redirect_uri_validator_spec.rb +1 -1
metadata +6 -5
data/spec/support/http_method_shim.rb +0 -29

data/spec/lib/oauth/client/credentials_spec.rb CHANGED

@@ -14,7 +14,7 @@ class Doorkeeper::OAuth::Client
       expect(Credentials.new("something", "something")).to be_present
     end
-    describe :from_request do
+    describe ".from_request" do
       let(:request) { double.as_null_object }
       let(:method) do

data/spec/lib/oauth/client_credentials/creator_spec.rb CHANGED

@@ -31,17 +31,31 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
       end
       context "when existing token has not crossed token_reuse_limit" do
-        it "returns the existing valid token" do
+        let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
+        before do
           allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
           allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
-          existing_token = subject.call(client, scopes, expires_in: 1000)
           allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(600)
+        end
+        it "returns the existing valid token" do
           result = subject.call(client, scopes, expires_in: 1000)
           expect(Doorkeeper::AccessToken.count).to eq(1)
           expect(result).to eq(existing_token)
         end
+        context "and when revoke_previous_client_credentials_token is true" do
+          before do
+            allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(false)
+          end
+          it "does not revoke the existing valid token" do
+            subject.call(client, scopes, expires_in: 1000)
+            expect(existing_token.reload).not_to be_revoked
+          end
+        end
       end
       context "when existing token has crossed token_reuse_limit" do
@@ -55,7 +69,6 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
           expect(Doorkeeper::AccessToken.count).to eq(2)
           expect(result).not_to eq(existing_token)
-          expect(existing_token.reload).to be_revoked
         end
       end
@@ -70,7 +83,6 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
           expect(Doorkeeper::AccessToken.count).to eq(2)
           expect(result).not_to eq(existing_token)
-          expect(existing_token.reload).to be_revoked
         end
       end
     end
@@ -84,10 +96,35 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
         expect(Doorkeeper::AccessToken.count).to eq(2)
         expect(result).not_to eq(existing_token)
+      end
+    end
+    context "when revoke_previous_client_credentials_token is true" do
+      let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
+      before do
+        allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(true)
+      end
+      it "revokes the existing token" do
+        subject.call(client, scopes, expires_in: 1000)
         expect(existing_token.reload).to be_revoked
       end
     end
+    context "when revoke_previous_client_credentials_token is false" do
+      let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
+      before do
+        allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(false)
+      end
+      it "does not revoke the existing token" do
+        subject.call(client, scopes, expires_in: 1000)
+        expect(existing_token.reload).not_to be_revoked
+      end
+    end
     it "returns false if creation fails" do
       expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
       created = subject.call(client, scopes)

data/spec/lib/oauth/client_credentials/issuer_spec.rb CHANGED

@@ -8,16 +8,16 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
     let(:server) do
       double(
         :server,
-        access_token_expires_in: 100
+        access_token_expires_in: 100,
       )
     end
-    let(:validation) { double :validation, valid?: true }
+    let(:validator) { double :validator, valid?: true }
     before do
       allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
     end
-    subject { Issuer.new(server, validation) }
+    subject { Issuer.new(server, validator) }
     describe :create do
       let(:client) { double :client, id: "some-id" }
@@ -35,7 +35,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
           client,
           scopes,
           expires_in: 100,
-          use_refresh_token: false
+          use_refresh_token: false,
         )
         subject.create client, scopes, creator
@@ -48,14 +48,14 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
         expect(subject.error).to eq(:server_error)
       end
-      context "when validation fails" do
+      context "when validator fails" do
         before do
-          allow(validation).to receive(:valid?).and_return(false)
-          allow(validation).to receive(:error).and_return(:validation_error)
+          allow(validator).to receive(:valid?).and_return(false)
+          allow(validator).to receive(:error).and_return(:validation_error)
           expect(creator).not_to receive(:create)
         end
-        it "has error set from validation" do
+        it "has error set from validator" do
           subject.create client, scopes, creator
           expect(subject.error).to eq(:validation_error)
         end
@@ -65,7 +65,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
         end
       end
-      context "with custom expirations" do
+      context "with custom expiration" do
         let(:custom_ttl_grant) { 1234 }
         let(:custom_ttl_scope) { 1235 }
         let(:custom_scope) { "special" }
@@ -79,7 +79,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
               elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
                 custom_ttl_grant
               end
-            }
+            },
           )
         end
@@ -92,7 +92,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
             client,
             scopes,
             expires_in: custom_ttl_grant,
-            use_refresh_token: false
+            use_refresh_token: false,
           )
           subject.create client, scopes, creator
         end
@@ -102,7 +102,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
             client,
             custom_scope,
             expires_in: custom_ttl_scope,
-            use_refresh_token: false
+            use_refresh_token: false,
           )
           subject.create client, custom_scope, creator
         end

data/spec/lib/oauth/client_credentials/validation_spec.rb CHANGED

@@ -3,13 +3,13 @@
 require "spec_helper"
 class Doorkeeper::OAuth::ClientCredentialsRequest
-  describe Validation do
+  describe Validator do
     let(:server)      { double :server, scopes: nil }
     let(:application) { double scopes: nil }
     let(:client)      { double application: application }
     let(:request)     { double :request, client: client, scopes: nil }
-    subject { Validation.new(server, request) }
+    subject { described_class.new(server, request) }
     it "is valid with valid request" do
       expect(subject).to be_valid
@@ -26,7 +26,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
         allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
         allow(server).to receive(:scopes).and_return(server_scopes)
         allow(request).to receive(:scopes).and_return(
-          Doorkeeper::OAuth::Scopes.from_string("invalid")
+          Doorkeeper::OAuth::Scopes.from_string("invalid"),
         )
         expect(subject).not_to be_valid
       end
@@ -49,7 +49,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
           allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
           allow(server).to receive(:scopes).and_return(server_scopes)
           allow(request).to receive(:scopes).and_return(
-            Doorkeeper::OAuth::Scopes.from_string("email")
+            Doorkeeper::OAuth::Scopes.from_string("email"),
           )
           expect(subject).not_to be_valid
         end

data/spec/lib/oauth/client_credentials_integration_spec.rb CHANGED

@@ -2,28 +2,26 @@
 require "spec_helper"
-module Doorkeeper::OAuth
-  describe ClientCredentialsRequest do
-    let(:server) { Doorkeeper.configuration }
+describe Doorkeeper::OAuth::ClientCredentialsRequest do
+  let(:server) { Doorkeeper.configuration }
-    context "with a valid request" do
-      let(:client) { FactoryBot.create :application }
+  context "with a valid request" do
+    let(:client) { FactoryBot.create :application }
-      it "issues an access token" do
-        request = ClientCredentialsRequest.new(server, client, {})
-        expect do
-          request.authorize
-        end.to change { Doorkeeper::AccessToken.count }.by(1)
-      end
+    it "issues an access token" do
+      request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, {})
+      expect do
+        request.authorize
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
     end
+  end
-    describe "with an invalid request" do
-      it "does not issue an access token" do
-        request = ClientCredentialsRequest.new(server, nil, {})
-        expect do
-          request.authorize
-        end.to_not(change { Doorkeeper::AccessToken.count })
-      end
+  describe "with an invalid request" do
+    it "does not issue an access token" do
+      request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, nil, {})
+      expect do
+        request.authorize
+      end.to_not(change { Doorkeeper::AccessToken.count })
     end
   end
 end

data/spec/lib/oauth/client_credentials_request_spec.rb CHANGED

@@ -2,108 +2,106 @@
 require "spec_helper"
-module Doorkeeper::OAuth
-  describe ClientCredentialsRequest do
-    let(:server) do
-      double(
-        default_scopes: nil,
-        access_token_expires_in: 2.hours,
-        custom_access_token_expires_in: ->(_context) { nil }
-      )
-    end
+describe Doorkeeper::OAuth::ClientCredentialsRequest do
+  let(:server) do
+    double(
+      default_scopes: nil,
+      access_token_expires_in: 2.hours,
+      custom_access_token_expires_in: ->(_context) { nil },
+    )
+  end
-    let(:application)   { FactoryBot.create(:application, scopes: "") }
-    let(:client)        { double :client, application: application }
-    let(:token_creator) { double :issuer, create: true, token: double }
+  let(:application)   { FactoryBot.create(:application, scopes: "") }
+  let(:client)        { double :client, application: application }
+  let(:token_creator) { double :issuer, create: true, token: double }
-    before do
-      allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-    end
+  before do
+    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
+  end
+  subject { Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client) }
+  before do
+    subject.issuer = token_creator
+  end
+  it "issues an access token for the current client" do
+    expect(token_creator).to receive(:create).with(client, nil)
+    subject.authorize
+  end
-    subject { ClientCredentialsRequest.new(server, client) }
+  it "has successful response when issue was created" do
+    subject.authorize
+    expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
+  end
+  context "if issue was not created" do
     before do
-      subject.issuer = token_creator
+      subject.issuer = double create: false, error: :invalid
     end
-    it "issues an access token for the current client" do
-      expect(token_creator).to receive(:create).with(client, nil)
+    it "has an error response" do
       subject.authorize
+      expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
     end
-    it "has successful response when issue was created" do
+    it "delegates the error to issuer" do
       subject.authorize
-      expect(subject.response).to be_a(TokenResponse)
+      expect(subject.error).to eq(:invalid)
     end
+  end
-    context "if issue was not created" do
-      before do
-        subject.issuer = double create: false, error: :invalid
-      end
+  context "with scopes" do
+    let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
-      it "has an error response" do
-        subject.authorize
-        expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
-      end
+    before do
+      allow(server).to receive(:default_scopes).and_return(default_scopes)
+    end
-      it "delegates the error to issuer" do
-        subject.authorize
-        expect(subject.error).to eq(:invalid)
-      end
+    it "issues an access token with default scopes if none was requested" do
+      expect(token_creator).to receive(:create).with(client, default_scopes)
+      subject.authorize
     end
-    context "with scopes" do
-      let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
+    it "issues an access token with requested scopes" do
+      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "email")
+      subject.issuer = token_creator
+      expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
+      subject.authorize
+    end
+  end
-      before do
-        allow(server).to receive(:default_scopes).and_return(default_scopes)
-      end
+  context "with restricted client" do
+    let(:default_scopes) do
+      Doorkeeper::OAuth::Scopes.from_string("public email")
+    end
+    let(:server_scopes) do
+      Doorkeeper::OAuth::Scopes.from_string("public email phone")
+    end
+    let(:client_scopes) do
+      Doorkeeper::OAuth::Scopes.from_string("public phone")
+    end
-      it "issues an access token with default scopes if none was requested" do
-        expect(token_creator).to receive(:create).with(client, default_scopes)
-        subject.authorize
-      end
+    before do
+      allow(server).to receive(:default_scopes).and_return(default_scopes)
+      allow(server).to receive(:scopes).and_return(server_scopes)
+      allow(server).to receive(:access_token_expires_in).and_return(100)
+      allow(application).to receive(:scopes).and_return(client_scopes)
+      allow(client).to receive(:id).and_return(nil)
+    end
-      it "issues an access token with requested scopes" do
-        subject = ClientCredentialsRequest.new(server, client, scope: "email")
-        subject.issuer = token_creator
-        expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
-        subject.authorize
-      end
+    it "delegates the error to issuer if no scope was requested" do
+      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client)
+      subject.authorize
+      expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
+      expect(subject.error).to eq(:invalid_scope)
     end
-    context "with restricted client" do
-      let(:default_scopes) do
-        Doorkeeper::OAuth::Scopes.from_string("public email")
-      end
-      let(:server_scopes) do
-        Doorkeeper::OAuth::Scopes.from_string("public email phone")
-      end
-      let(:client_scopes) do
-        Doorkeeper::OAuth::Scopes.from_string("public phone")
-      end
-      before do
-        allow(server).to receive(:default_scopes).and_return(default_scopes)
-        allow(server).to receive(:scopes).and_return(server_scopes)
-        allow(server).to receive(:access_token_expires_in).and_return(100)
-        allow(application).to receive(:scopes).and_return(client_scopes)
-        allow(client).to receive(:id).and_return(nil)
-      end
-      it "delegates the error to issuer if no scope was requested" do
-        subject = ClientCredentialsRequest.new(server, client)
-        subject.authorize
-        expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
-        expect(subject.error).to eq(:invalid_scope)
-      end
-      it "issues an access token with requested scopes" do
-        subject = ClientCredentialsRequest.new(server, client, scope: "phone")
-        subject.authorize
-        expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
-        expect(subject.response.token.scopes_string).to eq("phone")
-      end
+    it "issues an access token with requested scopes" do
+      subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "phone")
+      subject.authorize
+      expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
+      expect(subject.response.token.scopes_string).to eq("phone")
     end
   end
 end

data/spec/lib/oauth/client_spec.rb CHANGED

@@ -2,37 +2,37 @@
 require "spec_helper"
-module Doorkeeper::OAuth
-  describe Client do
-    describe :find do
-      let(:method) { double }
+describe Doorkeeper::OAuth::Client do
+  describe :find do
+    let(:method) { double }
-      it "finds the client via uid" do
-        client = double
-        expect(method).to receive(:call).with("uid").and_return(client)
-        expect(Client.find("uid", method)).to be_a(Client)
-      end
+    it "finds the client via uid" do
+      client = double
+      expect(method).to receive(:call).with("uid").and_return(client)
+      expect(Doorkeeper::OAuth::Client.find("uid", method))
+        .to be_a(Doorkeeper::OAuth::Client)
+    end
-      it "returns nil if client was not found" do
-        expect(method).to receive(:call).with("uid").and_return(nil)
-        expect(Client.find("uid", method)).to be_nil
-      end
+    it "returns nil if client was not found" do
+      expect(method).to receive(:call).with("uid").and_return(nil)
+      expect(Doorkeeper::OAuth::Client.find("uid", method)).to be_nil
     end
+  end
-    describe :authenticate do
-      it "returns the authenticated client via credentials" do
-        credentials = Client::Credentials.new("some-uid", "some-secret")
-        authenticator = double
-        expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
-        expect(Client.authenticate(credentials, authenticator)).to be_a(Client)
-      end
+  describe ".authenticate" do
+    it "returns the authenticated client via credentials" do
+      credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
+      authenticator = double
+      expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
+      expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator))
+        .to be_a(Doorkeeper::OAuth::Client)
+    end
-      it "returns nil if client was not authenticated" do
-        credentials = Client::Credentials.new("some-uid", "some-secret")
-        authenticator = double
-        expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
-        expect(Client.authenticate(credentials, authenticator)).to be_nil
-      end
+    it "returns nil if client was not authenticated" do
+      credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
+      authenticator = double
+      expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
+      expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator)).to be_nil
     end
   end
 end