doorkeeper 5.2.6 → 5.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Appraisals +2 -2
- data/CHANGELOG.md +15 -14
- data/Gemfile +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +2 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
- data/app/controllers/doorkeeper/applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorizations_controller.rb +2 -2
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +3 -3
- data/gemfiles/rails_5_0.gemfile +2 -2
- data/gemfiles/rails_5_1.gemfile +2 -2
- data/gemfiles/rails_5_2.gemfile +2 -2
- data/gemfiles/rails_6_0.gemfile +2 -2
- data/gemfiles/rails_master.gemfile +2 -2
- data/lib/doorkeeper.rb +2 -3
- data/lib/doorkeeper/config.rb +71 -39
- data/lib/doorkeeper/grape/helpers.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +10 -8
- data/lib/doorkeeper/models/access_grant_mixin.rb +7 -6
- data/lib/doorkeeper/models/access_token_mixin.rb +55 -18
- data/lib/doorkeeper/models/application_mixin.rb +3 -3
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
- data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
- data/lib/doorkeeper/models/concerns/revocable.rb +0 -27
- data/lib/doorkeeper/oauth/authorization/code.rb +4 -4
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization_code_request.rb +13 -6
- data/lib/doorkeeper/oauth/base_request.rb +8 -4
- data/lib/doorkeeper/oauth/client.rb +7 -8
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +16 -9
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -7
- data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +4 -4
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/code_response.rb +2 -2
- data/lib/doorkeeper/oauth/error.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +7 -5
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
- data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
- data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -2
- data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
- data/lib/doorkeeper/oauth/pre_authorization.rb +7 -5
- data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +6 -6
- data/lib/doorkeeper/orm/active_record.rb +3 -3
- data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
- data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
- data/lib/doorkeeper/orm/active_record/application.rb +3 -155
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +53 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +47 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +128 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +3 -3
- data/lib/doorkeeper/rails/helpers.rb +4 -4
- data/lib/doorkeeper/rails/routes.rb +5 -7
- data/lib/doorkeeper/rake/db.rake +3 -3
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/request/authorization_code.rb +3 -3
- data/lib/doorkeeper/request/client_credentials.rb +2 -2
- data/lib/doorkeeper/request/password.rb +2 -2
- data/lib/doorkeeper/request/refresh_token.rb +3 -3
- data/lib/doorkeeper/server.rb +1 -1
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
- data/lib/generators/doorkeeper/migration_generator.rb +1 -1
- data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
- data/lib/generators/doorkeeper/templates/initializer.rb +39 -8
- data/spec/controllers/application_metal_controller_spec.rb +1 -1
- data/spec/controllers/applications_controller_spec.rb +3 -2
- data/spec/controllers/authorizations_controller_spec.rb +18 -18
- data/spec/controllers/protected_resources_controller_spec.rb +25 -17
- data/spec/controllers/token_info_controller_spec.rb +1 -1
- data/spec/controllers/tokens_controller_spec.rb +1 -1
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -3
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +1 -1
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +1 -1
- data/spec/generators/install_generator_spec.rb +1 -1
- data/spec/generators/previous_refresh_token_generator_spec.rb +2 -2
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
- data/spec/lib/config_spec.rb +61 -21
- data/spec/lib/doorkeeper_spec.rb +1 -1
- data/spec/lib/models/revocable_spec.rb +3 -3
- data/spec/lib/oauth/authorization_code_request_spec.rb +127 -125
- data/spec/lib/oauth/base_request_spec.rb +160 -158
- data/spec/lib/oauth/base_response_spec.rb +27 -29
- data/spec/lib/oauth/client/credentials_spec.rb +1 -1
- data/spec/lib/oauth/client_credentials/creator_spec.rb +42 -5
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +12 -12
- data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
- data/spec/lib/oauth/client_credentials_integration_spec.rb +16 -18
- data/spec/lib/oauth/client_credentials_request_spec.rb +78 -80
- data/spec/lib/oauth/client_spec.rb +26 -26
- data/spec/lib/oauth/code_request_spec.rb +34 -34
- data/spec/lib/oauth/code_response_spec.rb +21 -25
- data/spec/lib/oauth/error_response_spec.rb +42 -44
- data/spec/lib/oauth/error_spec.rb +12 -14
- data/spec/lib/oauth/forbidden_token_response_spec.rb +11 -13
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +30 -18
- data/spec/lib/oauth/invalid_request_response_spec.rb +48 -50
- data/spec/lib/oauth/invalid_token_response_spec.rb +32 -34
- data/spec/lib/oauth/password_access_token_request_spec.rb +145 -147
- data/spec/lib/oauth/pre_authorization_spec.rb +159 -161
- data/spec/lib/oauth/refresh_token_request_spec.rb +138 -139
- data/spec/lib/oauth/scopes_spec.rb +104 -106
- data/spec/lib/oauth/token_request_spec.rb +115 -111
- data/spec/lib/oauth/token_response_spec.rb +71 -73
- data/spec/lib/oauth/token_spec.rb +121 -123
- data/spec/models/doorkeeper/access_grant_spec.rb +3 -5
- data/spec/models/doorkeeper/access_token_spec.rb +7 -7
- data/spec/models/doorkeeper/application_spec.rb +295 -373
- data/spec/requests/applications/applications_request_spec.rb +1 -1
- data/spec/requests/endpoints/authorization_spec.rb +5 -3
- data/spec/requests/flows/authorization_code_spec.rb +34 -22
- data/spec/requests/flows/client_credentials_spec.rb +1 -1
- data/spec/requests/flows/password_spec.rb +32 -12
- data/spec/requests/flows/refresh_token_spec.rb +19 -19
- data/spec/requests/flows/revoke_token_spec.rb +18 -12
- data/spec/spec_helper.rb +1 -4
- data/spec/support/shared/controllers_shared_context.rb +33 -23
- data/spec/validators/redirect_uri_validator_spec.rb +1 -1
- metadata +6 -5
- data/spec/support/http_method_shim.rb +0 -29
@@ -31,17 +31,31 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
31
31
|
end
|
32
32
|
|
33
33
|
context "when existing token has not crossed token_reuse_limit" do
|
34
|
-
|
34
|
+
let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
|
35
|
+
|
36
|
+
before do
|
35
37
|
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
36
38
|
allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
|
37
|
-
existing_token = subject.call(client, scopes, expires_in: 1000)
|
38
|
-
|
39
39
|
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(600)
|
40
|
+
end
|
41
|
+
|
42
|
+
it "returns the existing valid token" do
|
40
43
|
result = subject.call(client, scopes, expires_in: 1000)
|
41
44
|
|
42
45
|
expect(Doorkeeper::AccessToken.count).to eq(1)
|
43
46
|
expect(result).to eq(existing_token)
|
44
47
|
end
|
48
|
+
|
49
|
+
context "and when revoke_previous_client_credentials_token is true" do
|
50
|
+
before do
|
51
|
+
allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(false)
|
52
|
+
end
|
53
|
+
|
54
|
+
it "does not revoke the existing valid token" do
|
55
|
+
subject.call(client, scopes, expires_in: 1000)
|
56
|
+
expect(existing_token.reload).not_to be_revoked
|
57
|
+
end
|
58
|
+
end
|
45
59
|
end
|
46
60
|
|
47
61
|
context "when existing token has crossed token_reuse_limit" do
|
@@ -55,7 +69,6 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
55
69
|
|
56
70
|
expect(Doorkeeper::AccessToken.count).to eq(2)
|
57
71
|
expect(result).not_to eq(existing_token)
|
58
|
-
expect(existing_token.reload).to be_revoked
|
59
72
|
end
|
60
73
|
end
|
61
74
|
|
@@ -70,7 +83,6 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
70
83
|
|
71
84
|
expect(Doorkeeper::AccessToken.count).to eq(2)
|
72
85
|
expect(result).not_to eq(existing_token)
|
73
|
-
expect(existing_token.reload).to be_revoked
|
74
86
|
end
|
75
87
|
end
|
76
88
|
end
|
@@ -84,10 +96,35 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
84
96
|
|
85
97
|
expect(Doorkeeper::AccessToken.count).to eq(2)
|
86
98
|
expect(result).not_to eq(existing_token)
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
context "when revoke_previous_client_credentials_token is true" do
|
103
|
+
let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
|
104
|
+
|
105
|
+
before do
|
106
|
+
allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(true)
|
107
|
+
end
|
108
|
+
|
109
|
+
it "revokes the existing token" do
|
110
|
+
subject.call(client, scopes, expires_in: 1000)
|
87
111
|
expect(existing_token.reload).to be_revoked
|
88
112
|
end
|
89
113
|
end
|
90
114
|
|
115
|
+
context "when revoke_previous_client_credentials_token is false" do
|
116
|
+
let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
|
117
|
+
|
118
|
+
before do
|
119
|
+
allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(false)
|
120
|
+
end
|
121
|
+
|
122
|
+
it "does not revoke the existing token" do
|
123
|
+
subject.call(client, scopes, expires_in: 1000)
|
124
|
+
expect(existing_token.reload).not_to be_revoked
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
91
128
|
it "returns false if creation fails" do
|
92
129
|
expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
|
93
130
|
created = subject.call(client, scopes)
|
@@ -8,16 +8,16 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
8
8
|
let(:server) do
|
9
9
|
double(
|
10
10
|
:server,
|
11
|
-
access_token_expires_in: 100
|
11
|
+
access_token_expires_in: 100,
|
12
12
|
)
|
13
13
|
end
|
14
|
-
let(:
|
14
|
+
let(:validator) { double :validator, valid?: true }
|
15
15
|
|
16
16
|
before do
|
17
17
|
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
|
18
18
|
end
|
19
19
|
|
20
|
-
subject { Issuer.new(server,
|
20
|
+
subject { Issuer.new(server, validator) }
|
21
21
|
|
22
22
|
describe :create do
|
23
23
|
let(:client) { double :client, id: "some-id" }
|
@@ -35,7 +35,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
35
35
|
client,
|
36
36
|
scopes,
|
37
37
|
expires_in: 100,
|
38
|
-
use_refresh_token: false
|
38
|
+
use_refresh_token: false,
|
39
39
|
)
|
40
40
|
|
41
41
|
subject.create client, scopes, creator
|
@@ -48,14 +48,14 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
48
48
|
expect(subject.error).to eq(:server_error)
|
49
49
|
end
|
50
50
|
|
51
|
-
context "when
|
51
|
+
context "when validator fails" do
|
52
52
|
before do
|
53
|
-
allow(
|
54
|
-
allow(
|
53
|
+
allow(validator).to receive(:valid?).and_return(false)
|
54
|
+
allow(validator).to receive(:error).and_return(:validation_error)
|
55
55
|
expect(creator).not_to receive(:create)
|
56
56
|
end
|
57
57
|
|
58
|
-
it "has error set from
|
58
|
+
it "has error set from validator" do
|
59
59
|
subject.create client, scopes, creator
|
60
60
|
expect(subject.error).to eq(:validation_error)
|
61
61
|
end
|
@@ -65,7 +65,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
65
65
|
end
|
66
66
|
end
|
67
67
|
|
68
|
-
context "with custom
|
68
|
+
context "with custom expiration" do
|
69
69
|
let(:custom_ttl_grant) { 1234 }
|
70
70
|
let(:custom_ttl_scope) { 1235 }
|
71
71
|
let(:custom_scope) { "special" }
|
@@ -79,7 +79,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
79
79
|
elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
|
80
80
|
custom_ttl_grant
|
81
81
|
end
|
82
|
-
}
|
82
|
+
},
|
83
83
|
)
|
84
84
|
end
|
85
85
|
|
@@ -92,7 +92,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
92
92
|
client,
|
93
93
|
scopes,
|
94
94
|
expires_in: custom_ttl_grant,
|
95
|
-
use_refresh_token: false
|
95
|
+
use_refresh_token: false,
|
96
96
|
)
|
97
97
|
subject.create client, scopes, creator
|
98
98
|
end
|
@@ -102,7 +102,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
102
102
|
client,
|
103
103
|
custom_scope,
|
104
104
|
expires_in: custom_ttl_scope,
|
105
|
-
use_refresh_token: false
|
105
|
+
use_refresh_token: false,
|
106
106
|
)
|
107
107
|
subject.create client, custom_scope, creator
|
108
108
|
end
|
@@ -3,13 +3,13 @@
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
5
|
class Doorkeeper::OAuth::ClientCredentialsRequest
|
6
|
-
describe
|
6
|
+
describe Validator do
|
7
7
|
let(:server) { double :server, scopes: nil }
|
8
8
|
let(:application) { double scopes: nil }
|
9
9
|
let(:client) { double application: application }
|
10
10
|
let(:request) { double :request, client: client, scopes: nil }
|
11
11
|
|
12
|
-
subject {
|
12
|
+
subject { described_class.new(server, request) }
|
13
13
|
|
14
14
|
it "is valid with valid request" do
|
15
15
|
expect(subject).to be_valid
|
@@ -26,7 +26,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
26
26
|
allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
|
27
27
|
allow(server).to receive(:scopes).and_return(server_scopes)
|
28
28
|
allow(request).to receive(:scopes).and_return(
|
29
|
-
Doorkeeper::OAuth::Scopes.from_string("invalid")
|
29
|
+
Doorkeeper::OAuth::Scopes.from_string("invalid"),
|
30
30
|
)
|
31
31
|
expect(subject).not_to be_valid
|
32
32
|
end
|
@@ -49,7 +49,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
|
|
49
49
|
allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
|
50
50
|
allow(server).to receive(:scopes).and_return(server_scopes)
|
51
51
|
allow(request).to receive(:scopes).and_return(
|
52
|
-
Doorkeeper::OAuth::Scopes.from_string("email")
|
52
|
+
Doorkeeper::OAuth::Scopes.from_string("email"),
|
53
53
|
)
|
54
54
|
expect(subject).not_to be_valid
|
55
55
|
end
|
@@ -2,28 +2,26 @@
|
|
2
2
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
let(:server) { Doorkeeper.configuration }
|
5
|
+
describe Doorkeeper::OAuth::ClientCredentialsRequest do
|
6
|
+
let(:server) { Doorkeeper.configuration }
|
8
7
|
|
9
|
-
|
10
|
-
|
8
|
+
context "with a valid request" do
|
9
|
+
let(:client) { FactoryBot.create :application }
|
11
10
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
end
|
11
|
+
it "issues an access token" do
|
12
|
+
request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, {})
|
13
|
+
expect do
|
14
|
+
request.authorize
|
15
|
+
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
18
16
|
end
|
17
|
+
end
|
19
18
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
end
|
19
|
+
describe "with an invalid request" do
|
20
|
+
it "does not issue an access token" do
|
21
|
+
request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, nil, {})
|
22
|
+
expect do
|
23
|
+
request.authorize
|
24
|
+
end.to_not(change { Doorkeeper::AccessToken.count })
|
27
25
|
end
|
28
26
|
end
|
29
27
|
end
|
@@ -2,108 +2,106 @@
|
|
2
2
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
end
|
5
|
+
describe Doorkeeper::OAuth::ClientCredentialsRequest do
|
6
|
+
let(:server) do
|
7
|
+
double(
|
8
|
+
default_scopes: nil,
|
9
|
+
access_token_expires_in: 2.hours,
|
10
|
+
custom_access_token_expires_in: ->(_context) { nil },
|
11
|
+
)
|
12
|
+
end
|
14
13
|
|
15
|
-
|
16
|
-
|
17
|
-
|
14
|
+
let(:application) { FactoryBot.create(:application, scopes: "") }
|
15
|
+
let(:client) { double :client, application: application }
|
16
|
+
let(:token_creator) { double :issuer, create: true, token: double }
|
18
17
|
|
19
|
-
|
20
|
-
|
21
|
-
|
18
|
+
before do
|
19
|
+
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
20
|
+
end
|
21
|
+
|
22
|
+
subject { Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client) }
|
23
|
+
|
24
|
+
before do
|
25
|
+
subject.issuer = token_creator
|
26
|
+
end
|
27
|
+
|
28
|
+
it "issues an access token for the current client" do
|
29
|
+
expect(token_creator).to receive(:create).with(client, nil)
|
30
|
+
subject.authorize
|
31
|
+
end
|
22
32
|
|
23
|
-
|
33
|
+
it "has successful response when issue was created" do
|
34
|
+
subject.authorize
|
35
|
+
expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
|
36
|
+
end
|
24
37
|
|
38
|
+
context "if issue was not created" do
|
25
39
|
before do
|
26
|
-
subject.issuer =
|
40
|
+
subject.issuer = double create: false, error: :invalid
|
27
41
|
end
|
28
42
|
|
29
|
-
it "
|
30
|
-
expect(token_creator).to receive(:create).with(client, nil)
|
43
|
+
it "has an error response" do
|
31
44
|
subject.authorize
|
45
|
+
expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
|
32
46
|
end
|
33
47
|
|
34
|
-
it "
|
48
|
+
it "delegates the error to issuer" do
|
35
49
|
subject.authorize
|
36
|
-
expect(subject.
|
50
|
+
expect(subject.error).to eq(:invalid)
|
37
51
|
end
|
52
|
+
end
|
38
53
|
|
39
|
-
|
40
|
-
|
41
|
-
subject.issuer = double create: false, error: :invalid
|
42
|
-
end
|
54
|
+
context "with scopes" do
|
55
|
+
let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
|
43
56
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
end
|
57
|
+
before do
|
58
|
+
allow(server).to receive(:default_scopes).and_return(default_scopes)
|
59
|
+
end
|
48
60
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
end
|
61
|
+
it "issues an access token with default scopes if none was requested" do
|
62
|
+
expect(token_creator).to receive(:create).with(client, default_scopes)
|
63
|
+
subject.authorize
|
53
64
|
end
|
54
65
|
|
55
|
-
|
56
|
-
|
66
|
+
it "issues an access token with requested scopes" do
|
67
|
+
subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "email")
|
68
|
+
subject.issuer = token_creator
|
69
|
+
expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
|
70
|
+
subject.authorize
|
71
|
+
end
|
72
|
+
end
|
57
73
|
|
58
|
-
|
59
|
-
|
60
|
-
|
74
|
+
context "with restricted client" do
|
75
|
+
let(:default_scopes) do
|
76
|
+
Doorkeeper::OAuth::Scopes.from_string("public email")
|
77
|
+
end
|
78
|
+
let(:server_scopes) do
|
79
|
+
Doorkeeper::OAuth::Scopes.from_string("public email phone")
|
80
|
+
end
|
81
|
+
let(:client_scopes) do
|
82
|
+
Doorkeeper::OAuth::Scopes.from_string("public phone")
|
83
|
+
end
|
61
84
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
85
|
+
before do
|
86
|
+
allow(server).to receive(:default_scopes).and_return(default_scopes)
|
87
|
+
allow(server).to receive(:scopes).and_return(server_scopes)
|
88
|
+
allow(server).to receive(:access_token_expires_in).and_return(100)
|
89
|
+
allow(application).to receive(:scopes).and_return(client_scopes)
|
90
|
+
allow(client).to receive(:id).and_return(nil)
|
91
|
+
end
|
66
92
|
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
end
|
93
|
+
it "delegates the error to issuer if no scope was requested" do
|
94
|
+
subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client)
|
95
|
+
subject.authorize
|
96
|
+
expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
|
97
|
+
expect(subject.error).to eq(:invalid_scope)
|
73
98
|
end
|
74
99
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
Doorkeeper::OAuth::Scopes.from_string("public email phone")
|
81
|
-
end
|
82
|
-
let(:client_scopes) do
|
83
|
-
Doorkeeper::OAuth::Scopes.from_string("public phone")
|
84
|
-
end
|
85
|
-
|
86
|
-
before do
|
87
|
-
allow(server).to receive(:default_scopes).and_return(default_scopes)
|
88
|
-
allow(server).to receive(:scopes).and_return(server_scopes)
|
89
|
-
allow(server).to receive(:access_token_expires_in).and_return(100)
|
90
|
-
allow(application).to receive(:scopes).and_return(client_scopes)
|
91
|
-
allow(client).to receive(:id).and_return(nil)
|
92
|
-
end
|
93
|
-
|
94
|
-
it "delegates the error to issuer if no scope was requested" do
|
95
|
-
subject = ClientCredentialsRequest.new(server, client)
|
96
|
-
subject.authorize
|
97
|
-
expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
|
98
|
-
expect(subject.error).to eq(:invalid_scope)
|
99
|
-
end
|
100
|
-
|
101
|
-
it "issues an access token with requested scopes" do
|
102
|
-
subject = ClientCredentialsRequest.new(server, client, scope: "phone")
|
103
|
-
subject.authorize
|
104
|
-
expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
|
105
|
-
expect(subject.response.token.scopes_string).to eq("phone")
|
106
|
-
end
|
100
|
+
it "issues an access token with requested scopes" do
|
101
|
+
subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "phone")
|
102
|
+
subject.authorize
|
103
|
+
expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
|
104
|
+
expect(subject.response.token.scopes_string).to eq("phone")
|
107
105
|
end
|
108
106
|
end
|
109
107
|
end
|
@@ -2,37 +2,37 @@
|
|
2
2
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
|
-
|
6
|
-
describe
|
7
|
-
|
8
|
-
let(:method) { double }
|
5
|
+
describe Doorkeeper::OAuth::Client do
|
6
|
+
describe :find do
|
7
|
+
let(:method) { double }
|
9
8
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
9
|
+
it "finds the client via uid" do
|
10
|
+
client = double
|
11
|
+
expect(method).to receive(:call).with("uid").and_return(client)
|
12
|
+
expect(Doorkeeper::OAuth::Client.find("uid", method))
|
13
|
+
.to be_a(Doorkeeper::OAuth::Client)
|
14
|
+
end
|
15
15
|
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
end
|
16
|
+
it "returns nil if client was not found" do
|
17
|
+
expect(method).to receive(:call).with("uid").and_return(nil)
|
18
|
+
expect(Doorkeeper::OAuth::Client.find("uid", method)).to be_nil
|
20
19
|
end
|
20
|
+
end
|
21
21
|
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
22
|
+
describe ".authenticate" do
|
23
|
+
it "returns the authenticated client via credentials" do
|
24
|
+
credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
|
25
|
+
authenticator = double
|
26
|
+
expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
|
27
|
+
expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator))
|
28
|
+
.to be_a(Doorkeeper::OAuth::Client)
|
29
|
+
end
|
29
30
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
end
|
31
|
+
it "returns nil if client was not authenticated" do
|
32
|
+
credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
|
33
|
+
authenticator = double
|
34
|
+
expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
|
35
|
+
expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator)).to be_nil
|
36
36
|
end
|
37
37
|
end
|
38
38
|
end
|