RubyGems - doorkeeper - Versions diffs - 5.2.6 → 5.3.3 - Mend

doorkeeper 5.2.6 → 5.3.3

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (125) hide show

checksums.yaml +4 -4
data/Appraisals +2 -2
data/CHANGELOG.md +24 -5
data/Gemfile +2 -2
data/app/controllers/doorkeeper/application_controller.rb +2 -2
data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
data/app/controllers/doorkeeper/authorizations_controller.rb +2 -2
data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
data/gemfiles/rails_5_0.gemfile +2 -2
data/gemfiles/rails_5_1.gemfile +2 -2
data/gemfiles/rails_5_2.gemfile +2 -2
data/gemfiles/rails_6_0.gemfile +2 -2
data/gemfiles/rails_master.gemfile +2 -2
data/lib/doorkeeper/config.rb +71 -38
data/lib/doorkeeper/grape/helpers.rb +1 -1
data/lib/doorkeeper/helpers/controller.rb +10 -8
data/lib/doorkeeper/models/access_grant_mixin.rb +7 -6
data/lib/doorkeeper/models/access_token_mixin.rb +54 -16
data/lib/doorkeeper/models/application_mixin.rb +3 -3
data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
data/lib/doorkeeper/models/concerns/revocable.rb +0 -27
data/lib/doorkeeper/oauth/authorization/code.rb +4 -4
data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
data/lib/doorkeeper/oauth/authorization_code_request.rb +13 -6
data/lib/doorkeeper/oauth/base_request.rb +8 -4
data/lib/doorkeeper/oauth/client.rb +7 -8
data/lib/doorkeeper/oauth/client_credentials/creator.rb +16 -9
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -7
data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +4 -4
data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
data/lib/doorkeeper/oauth/code_response.rb +2 -2
data/lib/doorkeeper/oauth/error.rb +1 -1
data/lib/doorkeeper/oauth/error_response.rb +5 -5
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +7 -5
data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -2
data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
data/lib/doorkeeper/oauth/pre_authorization.rb +7 -5
data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
data/lib/doorkeeper/oauth/token.rb +2 -2
data/lib/doorkeeper/oauth/token_introspection.rb +6 -6
data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
data/lib/doorkeeper/orm/active_record/application.rb +3 -155
data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +53 -0
data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +47 -0
data/lib/doorkeeper/orm/active_record/mixins/application.rb +187 -0
data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +3 -3
data/lib/doorkeeper/orm/active_record.rb +3 -3
data/lib/doorkeeper/rails/helpers.rb +4 -4
data/lib/doorkeeper/rails/routes.rb +5 -7
data/lib/doorkeeper/rake/db.rake +3 -3
data/lib/doorkeeper/request/authorization_code.rb +3 -3
data/lib/doorkeeper/request/client_credentials.rb +2 -2
data/lib/doorkeeper/request/password.rb +2 -2
data/lib/doorkeeper/request/refresh_token.rb +3 -3
data/lib/doorkeeper/request.rb +1 -1
data/lib/doorkeeper/server.rb +1 -1
data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
data/lib/doorkeeper/version.rb +2 -2
data/lib/doorkeeper.rb +2 -3
data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
data/lib/generators/doorkeeper/migration_generator.rb +1 -1
data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
data/lib/generators/doorkeeper/templates/initializer.rb +39 -0
data/spec/controllers/application_metal_controller_spec.rb +1 -1
data/spec/controllers/applications_controller_spec.rb +3 -2
data/spec/controllers/authorizations_controller_spec.rb +18 -18
data/spec/controllers/protected_resources_controller_spec.rb +25 -17
data/spec/controllers/token_info_controller_spec.rb +1 -1
data/spec/controllers/tokens_controller_spec.rb +1 -1
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -3
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +1 -1
data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +1 -1
data/spec/generators/install_generator_spec.rb +1 -1
data/spec/generators/previous_refresh_token_generator_spec.rb +2 -2
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +62 -7
data/spec/lib/doorkeeper_spec.rb +1 -1
data/spec/lib/models/revocable_spec.rb +3 -3
data/spec/lib/oauth/authorization_code_request_spec.rb +127 -125
data/spec/lib/oauth/base_request_spec.rb +160 -158
data/spec/lib/oauth/base_response_spec.rb +27 -29
data/spec/lib/oauth/client/credentials_spec.rb +1 -1
data/spec/lib/oauth/client_credentials/creator_spec.rb +42 -5
data/spec/lib/oauth/client_credentials/issuer_spec.rb +12 -12
data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
data/spec/lib/oauth/client_credentials_integration_spec.rb +16 -18
data/spec/lib/oauth/client_credentials_request_spec.rb +78 -80
data/spec/lib/oauth/client_spec.rb +26 -26
data/spec/lib/oauth/code_request_spec.rb +34 -34
data/spec/lib/oauth/code_response_spec.rb +21 -25
data/spec/lib/oauth/error_response_spec.rb +42 -44
data/spec/lib/oauth/error_spec.rb +12 -14
data/spec/lib/oauth/forbidden_token_response_spec.rb +11 -13
data/spec/lib/oauth/helpers/scope_checker_spec.rb +30 -18
data/spec/lib/oauth/invalid_request_response_spec.rb +48 -50
data/spec/lib/oauth/invalid_token_response_spec.rb +32 -34
data/spec/lib/oauth/password_access_token_request_spec.rb +145 -147
data/spec/lib/oauth/pre_authorization_spec.rb +159 -161
data/spec/lib/oauth/refresh_token_request_spec.rb +138 -139
data/spec/lib/oauth/scopes_spec.rb +104 -106
data/spec/lib/oauth/token_request_spec.rb +115 -111
data/spec/lib/oauth/token_response_spec.rb +71 -73
data/spec/lib/oauth/token_spec.rb +121 -123
data/spec/models/doorkeeper/access_grant_spec.rb +3 -5
data/spec/models/doorkeeper/access_token_spec.rb +7 -7
data/spec/models/doorkeeper/application_spec.rb +2 -2
data/spec/requests/applications/applications_request_spec.rb +1 -1
data/spec/requests/endpoints/authorization_spec.rb +5 -3
data/spec/requests/flows/authorization_code_spec.rb +34 -22
data/spec/requests/flows/client_credentials_spec.rb +1 -1
data/spec/requests/flows/password_spec.rb +32 -12
data/spec/requests/flows/refresh_token_spec.rb +19 -19
data/spec/requests/flows/revoke_token_spec.rb +18 -12
data/spec/spec_helper.rb +1 -4
data/spec/support/shared/controllers_shared_context.rb +33 -23
data/spec/validators/redirect_uri_validator_spec.rb +1 -1
metadata +6 -5
data/spec/support/http_method_shim.rb +0 -29

data/spec/lib/oauth/token_spec.rb CHANGED Viewed

@@ -7,152 +7,150 @@ module Doorkeeper
     class AccessToken
     end
   end
+end
-  module OAuth
-    describe Token do
-      describe :from_request do
-        let(:request) { double.as_null_object }
+describe Doorkeeper::OAuth::Token do
+  describe ".from_request" do
+    let(:request) { double.as_null_object }
-        let(:method) do
-          ->(*) { "token-value" }
-        end
+    let(:method) do
+      ->(*) { "token-value" }
+    end
-        it "accepts anything that responds to #call" do
-          expect(method).to receive(:call).with(request)
-          Token.from_request request, method
-        end
+    it "accepts anything that responds to #call" do
+      expect(method).to receive(:call).with(request)
+      described_class.from_request request, method
+    end
-        it "delegates methods received as symbols to Token class" do
-          expect(Token).to receive(:from_params).with(request)
-          Token.from_request request, :from_params
-        end
+    it "delegates methods received as symbols to described_class class" do
+      expect(described_class).to receive(:from_params).with(request)
+      described_class.from_request request, :from_params
+    end
-        it "stops at the first credentials found" do
-          not_called_method = double
-          expect(not_called_method).not_to receive(:call)
-          Token.from_request request, ->(_r) {}, method, not_called_method
-        end
+    it "stops at the first credentials found" do
+      not_called_method = double
+      expect(not_called_method).not_to receive(:call)
+      described_class.from_request request, ->(_r) {}, method, not_called_method
+    end
-        it "returns the credential from extractor method" do
-          credentials = Token.from_request request, method
-          expect(credentials).to eq("token-value")
-        end
-      end
+    it "returns the credential from extractor method" do
+      credentials = described_class.from_request request, method
+      expect(credentials).to eq("token-value")
+    end
+  end
-      describe :from_access_token_param do
-        it "returns token from access_token parameter" do
-          request = double parameters: { access_token: "some-token" }
-          token   = Token.from_access_token_param(request)
-          expect(token).to eq("some-token")
-        end
-      end
+  describe ".from_access_token_param" do
+    it "returns token from access_token parameter" do
+      request = double parameters: { access_token: "some-token" }
+      token   = described_class.from_access_token_param(request)
+      expect(token).to eq("some-token")
+    end
+  end
-      describe :from_bearer_param do
-        it "returns token from bearer_token parameter" do
-          request = double parameters: { bearer_token: "some-token" }
-          token   = Token.from_bearer_param(request)
-          expect(token).to eq("some-token")
-        end
-      end
+  describe ".from_bearer_param" do
+    it "returns token from bearer_token parameter" do
+      request = double parameters: { bearer_token: "some-token" }
+      token   = described_class.from_bearer_param(request)
+      expect(token).to eq("some-token")
+    end
+  end
-      describe :from_bearer_authorization do
-        it "returns token from capitalized authorization bearer" do
-          request = double authorization: "Bearer SomeToken"
-          token   = Token.from_bearer_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+  describe ".from_bearer_authorization" do
+    it "returns token from capitalized authorization bearer" do
+      request = double authorization: "Bearer SomeToken"
+      token   = described_class.from_bearer_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
-        it "returns token from lowercased authorization bearer" do
-          request = double authorization: "bearer SomeToken"
-          token   = Token.from_bearer_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+    it "returns token from lowercased authorization bearer" do
+      request = double authorization: "bearer SomeToken"
+      token   = described_class.from_bearer_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
-        it "does not return token if authorization is not bearer" do
-          request = double authorization: "MAC SomeToken"
-          token   = Token.from_bearer_authorization(request)
-          expect(token).to be_blank
-        end
-      end
+    it "does not return token if authorization is not bearer" do
+      request = double authorization: "MAC SomeToken"
+      token   = described_class.from_bearer_authorization(request)
+      expect(token).to be_blank
+    end
+  end
-      describe :from_basic_authorization do
-        it "returns token from capitalized authorization basic" do
-          request = double authorization: "Basic #{Base64.encode64 "SomeToken:"}"
-          token   = Token.from_basic_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+  describe ".from_basic_authorization" do
+    it "returns token from capitalized authorization basic" do
+      request = double authorization: "Basic #{Base64.encode64 "SomeToken:"}"
+      token   = described_class.from_basic_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
-        it "returns token from lowercased authorization basic" do
-          request = double authorization: "basic #{Base64.encode64 "SomeToken:"}"
-          token   = Token.from_basic_authorization(request)
-          expect(token).to eq("SomeToken")
-        end
+    it "returns token from lowercased authorization basic" do
+      request = double authorization: "basic #{Base64.encode64 "SomeToken:"}"
+      token   = described_class.from_basic_authorization(request)
+      expect(token).to eq("SomeToken")
+    end
-        it "does not return token if authorization is not basic" do
-          request = double authorization: "MAC #{Base64.encode64 "SomeToken:"}"
-          token   = Token.from_basic_authorization(request)
-          expect(token).to be_blank
+    it "does not return token if authorization is not basic" do
+      request = double authorization: "MAC #{Base64.encode64 "SomeToken:"}"
+      token   = described_class.from_basic_authorization(request)
+      expect(token).to be_blank
+    end
+  end
+  describe ".authenticate" do
+    context "refresh tokens are disabled (default)" do
+      context "refresh tokens are enabled" do
+        it "does not revoke previous refresh_token if token was found" do
+          token = ->(_r) { "token" }
+          expect(
+            Doorkeeper::AccessToken,
+          ).to receive(:by_token).with("token").and_return(token)
+          expect(token).not_to receive(:revoke_previous_refresh_token!)
+          described_class.authenticate double, token
         end
       end
-      describe :authenticate do
-        context "refresh tokens are disabled (default)" do
-          context "refresh tokens are enabled" do
-            it "does not revoke previous refresh_token if token was found" do
-              token = ->(_r) { "token" }
-              expect(
-                AccessToken
-              ).to receive(:by_token).with("token").and_return(token)
-              expect(token).not_to receive(:revoke_previous_refresh_token!)
-              Token.authenticate double, token
-            end
-          end
-          it "calls the finder if token was returned" do
-            token = ->(_r) { "token" }
-            expect(AccessToken).to receive(:by_token).with("token")
-            Token.authenticate double, token
-          end
-        end
+      it "calls the finder if token was returned" do
+        token = ->(_r) { "token" }
+        expect(Doorkeeper::AccessToken).to receive(:by_token).with("token")
+        described_class.authenticate double, token
+      end
+    end
-        context "token hashing is enabled" do
-          include_context "with token hashing enabled"
+    context "token hashing is enabled" do
+      include_context "with token hashing enabled"
-          let(:hashed_token) { hashed_or_plain_token_func.call("token") }
-          let(:token) { ->(_r) { "token" } }
+      let(:hashed_token) { hashed_or_plain_token_func.call("token") }
+      let(:token) { ->(_r) { "token" } }
-          it "searches with the hashed token" do
-            expect(
-              AccessToken
-            ).to receive(:find_by).with(token: hashed_token).and_return(token)
-            Token.authenticate double, token
-          end
-        end
+      it "searches with the hashed token" do
+        expect(
+          Doorkeeper::AccessToken,
+        ).to receive(:find_by).with(token: hashed_token).and_return(token)
+        described_class.authenticate double, token
+      end
+    end
-        context "refresh tokens are enabled" do
-          before do
-            Doorkeeper.configure do
-              orm DOORKEEPER_ORM
-              use_refresh_token
-            end
-          end
-          it "revokes previous refresh_token if token was found" do
-            token = ->(_r) { "token" }
-            expect(
-              AccessToken
-            ).to receive(:by_token).with("token").and_return(token)
-            expect(token).to receive(:revoke_previous_refresh_token!)
-            Token.authenticate double, token
-          end
-          it "calls the finder if token was returned" do
-            token = ->(_r) { "token" }
-            expect(AccessToken).to receive(:by_token).with("token")
-            Token.authenticate double, token
-          end
+    context "refresh tokens are enabled" do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          use_refresh_token
         end
       end
+      it "revokes previous refresh_token if token was found" do
+        token = ->(_r) { "token" }
+        expect(
+          Doorkeeper::AccessToken,
+        ).to receive(:by_token).with("token").and_return(token)
+        expect(token).to receive(:revoke_previous_refresh_token!)
+        described_class.authenticate double, token
+      end
+      it "calls the finder if token was returned" do
+        token = ->(_r) { "token" }
+        expect(Doorkeeper::AccessToken).to receive(:by_token).with("token")
+        described_class.authenticate double, token
+      end
     end
   end
 end

data/spec/models/doorkeeper/access_grant_spec.rb CHANGED Viewed

@@ -81,9 +81,7 @@ describe Doorkeeper::AccessGrant do
             )
           # Not all the ORM support :id PK
-          if grant.respond_to?(:id)
-            expect(clazz.by_token(plain_text_token).id).to eq(grant.id)
-          end
+          expect(clazz.by_token(plain_text_token).id).to eq(grant.id) if grant.respond_to?(:id)
           # And it modifies the token value
           grant.reload
@@ -141,7 +139,7 @@ describe Doorkeeper::AccessGrant do
     it "matches application" do
       access_grant_for_different_app = FactoryBot.create(
         :access_grant,
-        default_attributes.merge(application: FactoryBot.create(:application))
+        default_attributes.merge(application: FactoryBot.create(:application)),
       )
       described_class.revoke_all_for(application.id, resource_owner)
@@ -152,7 +150,7 @@ describe Doorkeeper::AccessGrant do
     it "matches resource owner" do
       access_grant_for_different_owner = FactoryBot.create(
         :access_grant,
-        default_attributes.merge(resource_owner_id: 90)
+        default_attributes.merge(resource_owner_id: 90),
       )
       described_class.revoke_all_for application.id, resource_owner

data/spec/models/doorkeeper/access_token_spec.rb CHANGED Viewed

@@ -212,7 +212,7 @@ module Doorkeeper
         end
         expect { FactoryBot.create :access_token }.to(
-          raise_error(Doorkeeper::Errors::UnableToGenerateToken)
+          raise_error(Doorkeeper::Errors::UnableToGenerateToken),
         )
       end
@@ -234,7 +234,7 @@ module Doorkeeper
         end
         expect { FactoryBot.create :access_token }.to(
-          raise_error(LoadError)
+          raise_error(LoadError),
         )
       end
@@ -245,7 +245,7 @@ module Doorkeeper
         end
         expect { FactoryBot.create :access_token }.to(
-          raise_error(Doorkeeper::Errors::TokenGeneratorNotFound, /NotReal/)
+          raise_error(Doorkeeper::Errors::TokenGeneratorNotFound, /NotReal/),
         )
       end
     end
@@ -468,7 +468,7 @@ module Doorkeeper
       it "matches application" do
         access_token_for_different_app = FactoryBot.create(
           :access_token,
-          default_attributes.merge(application: FactoryBot.create(:application))
+          default_attributes.merge(application: FactoryBot.create(:application)),
         )
         AccessToken.revoke_all_for application.id, resource_owner
@@ -479,7 +479,7 @@ module Doorkeeper
       it "matches resource owner" do
         access_token_for_different_owner = FactoryBot.create(
           :access_token,
-          default_attributes.merge(resource_owner_id: 90)
+          default_attributes.merge(resource_owner_id: 90),
         )
         AccessToken.revoke_all_for application.id, resource_owner
@@ -561,7 +561,7 @@ module Doorkeeper
       it "excludes tokens with scopes that are not present in server scopes" do
         FactoryBot.create :access_token, default_attributes.merge(
-          application: application, scopes: "public read"
+          application: application, scopes: "public read",
         )
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil
@@ -570,7 +570,7 @@ module Doorkeeper
       it "excludes tokens with scopes that are not present in application scopes" do
         application = FactoryBot.create :application, scopes: "private read"
         FactoryBot.create :access_token, default_attributes.merge(
-          application: application
+          application: application,
         )
         last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
         expect(last_token).to be_nil

data/spec/models/doorkeeper/application_spec.rb CHANGED Viewed

@@ -4,8 +4,8 @@ require "spec_helper"
 require "bcrypt"
 describe Doorkeeper::Application do
-  let(:require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", true) }
-  let(:unset_require_owner) { Doorkeeper.configuration.instance_variable_set("@confirm_application_owner", false) }
+  let(:require_owner) { Doorkeeper.config.instance_variable_set("@confirm_application_owner", true) }
+  let(:unset_require_owner) { Doorkeeper.config.instance_variable_set("@confirm_application_owner", false) }
   let(:new_application) { FactoryBot.build(:application) }
   let(:uid) { SecureRandom.hex(8) }

data/spec/requests/applications/applications_request_spec.rb CHANGED Viewed

@@ -91,7 +91,7 @@ feature "Adding applications" do
       i_should_see "Whoops! Check your form for possible errors"
       i_should_see Regexp.new(
         I18n.t("activerecord.errors.models.doorkeeper/application.attributes.scopes.not_match_configured"),
-        true
+        true,
       )
     end

data/spec/requests/endpoints/authorization_spec.rb CHANGED Viewed

@@ -79,9 +79,11 @@ feature "Authorization endpoint" do
     scenario "raises exception on forged requests" do
       allowing_forgery_protection do
         expect do
-          page.driver.post authorization_endpoint_url(client_id: @client.uid,
-                                                      redirect_uri: @client.redirect_uri,
-                                                      response_type: "code")
+          page.driver.post authorization_endpoint_url(
+            client_id: @client.uid,
+            redirect_uri: @client.redirect_uri,
+            response_type: "code",
+          )
         end.to raise_error(ActionController::InvalidAuthenticityToken)
       end
     end

data/spec/requests/flows/authorization_code_spec.rb CHANGED Viewed

@@ -149,8 +149,10 @@ feature "Authorization Code Flow" do
     click_on "Authorize"
     authorization_code = Doorkeeper::AccessGrant.first.token
-    page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid,
-                                        redirect_uri: @client.redirect_uri)
+    page.driver.post token_endpoint_url(
+      code: authorization_code, client_id: @client.uid,
+      redirect_uri: @client.redirect_uri,
+    )
     expect(Doorkeeper::AccessToken.count).to be_zero
@@ -163,8 +165,10 @@ feature "Authorization Code Flow" do
     click_on "Authorize"
     authorization_code = Doorkeeper::AccessGrant.first.token
-    page.driver.post token_endpoint_url(code: authorization_code, client_secret: @client.secret,
-                                        redirect_uri: @client.redirect_uri)
+    page.driver.post token_endpoint_url(
+      code: authorization_code, client_secret: @client.secret,
+      redirect_uri: @client.redirect_uri,
+    )
     expect(Doorkeeper::AccessToken.count).to be_zero
@@ -195,7 +199,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "plain"
+          code_challenge_method: "plain",
         )
         click_on "Authorize"
@@ -219,7 +223,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "plain"
+          code_challenge_method: "plain",
         )
         click_on "Authorize"
@@ -236,9 +240,11 @@ feature "Authorization Code Flow" do
       end
       scenario "mobile app requests an access token with authorization code but without code_verifier" do
-        visit authorization_endpoint_url(client: @client,
-                                         code_challenge: code_challenge,
-                                         code_challenge_method: "plain")
+        visit authorization_endpoint_url(
+          client: @client,
+          code_challenge: code_challenge,
+          code_challenge_method: "plain",
+        )
         click_on "Authorize"
         authorization_code = current_params["code"]
@@ -250,9 +256,11 @@ feature "Authorization Code Flow" do
       end
       scenario "mobile app requests an access token with authorization code with wrong code_verifier" do
-        visit authorization_endpoint_url(client: @client,
-                                         code_challenge: code_challenge,
-                                         code_challenge_method: "plain")
+        visit authorization_endpoint_url(
+          client: @client,
+          code_challenge: code_challenge,
+          code_challenge_method: "plain",
+        )
         click_on "Authorize"
         authorization_code = current_params["code"]
@@ -272,7 +280,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -285,7 +293,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -305,13 +313,17 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
         authorization_code = current_params["code"]
-        page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid,
-                                            redirect_uri: @client.redirect_uri, code_verifier: code_verifier)
+        page.driver.post token_endpoint_url(
+          code: authorization_code,
+          client_id: @client.uid,
+          redirect_uri: @client.redirect_uri,
+          code_verifier: code_verifier,
+        )
         should_not_have_json "access_token"
         should_have_json "error", "invalid_client"
         should_have_json "error_description", translated_error_message(:invalid_client)
@@ -327,7 +339,7 @@ feature "Authorization Code Flow" do
           code: authorization_code,
           client_id: @client.uid,
           redirect_uri: @client.redirect_uri,
-          code_verifier: code_verifier
+          code_verifier: code_verifier,
         )
         should_not_have_json "error"
@@ -340,7 +352,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -356,7 +368,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -372,7 +384,7 @@ feature "Authorization Code Flow" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: "S256",
         )
         click_on "Authorize"
@@ -381,7 +393,7 @@ feature "Authorization Code Flow" do
           code: authorization_code,
           client: @client,
           code_verifier: code_challenge,
-          code_challenge_method: "plain"
+          code_challenge_method: "plain",
         )
         should_not_have_json "access_token"

data/spec/requests/flows/client_credentials_spec.rb CHANGED Viewed

@@ -70,7 +70,7 @@ describe "Client Credentials Request" do
     before do
       Doorkeeper.configuration.instance_variable_set(
         :@allow_grant_flow_for_client,
-        ->(_grant_flow, client) { client.name == "admin" }
+        ->(_grant_flow, client) { client.name == "admin" },
       )
     end

data/spec/requests/flows/password_spec.rb CHANGED Viewed

@@ -35,7 +35,7 @@ describe "Resource Owner Password Credentials Flow" do
         before do
           Doorkeeper.configuration.instance_variable_set(
             :@allow_grant_flow_for_client,
-            ->(_grant_flow, client) { client.name == "admin" }
+            ->(_grant_flow, client) { client.name == "admin" },
           )
         end
@@ -46,7 +46,7 @@ describe "Resource Owner Password Credentials Flow" do
             post password_token_endpoint_url(
               client_id: @client.uid,
               client_secret: "foobar",
-              resource_owner: @resource_owner
+              resource_owner: @resource_owner,
             )
           end.not_to(change { Doorkeeper::AccessToken.count })
@@ -99,7 +99,7 @@ describe "Resource Owner Password Credentials Flow" do
               post password_token_endpoint_url(
                 client_id: @client.uid,
                 client_secret: "foobar",
-                resource_owner: @resource_owner
+                resource_owner: @resource_owner,
               )
             end.not_to(change { Doorkeeper::AccessToken.count })
@@ -241,9 +241,11 @@ describe "Resource Owner Password Credentials Flow" do
   context "with invalid scopes" do
     subject do
-      post password_token_endpoint_url(client: @client,
-                                       resource_owner: @resource_owner,
-                                       scope: "random")
+      post password_token_endpoint_url(
+        client: @client,
+        resource_owner: @resource_owner,
+        scope: "random",
+      )
     end
     it "should not issue new token" do
@@ -263,9 +265,11 @@ describe "Resource Owner Password Credentials Flow" do
   context "with invalid user credentials" do
     it "should not issue new token with bad password" do
       expect do
-        post password_token_endpoint_url(client: @client,
-                                         resource_owner_username: @resource_owner.name,
-                                         resource_owner_password: "wrongpassword")
+        post password_token_endpoint_url(
+          client: @client,
+          resource_owner_username: @resource_owner.name,
+          resource_owner_password: "wrongpassword",
+        )
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
@@ -274,14 +278,30 @@ describe "Resource Owner Password Credentials Flow" do
         post password_token_endpoint_url(client: @client)
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
+    it "should not issue new token if resource_owner_from_credentials returned false or nil" do
+      config_is_set(:resource_owner_from_credentials) { false }
+      expect do
+        post password_token_endpoint_url(client: @client)
+      end.to_not(change { Doorkeeper::AccessToken.count })
+      config_is_set(:resource_owner_from_credentials) { nil }
+      expect do
+        post password_token_endpoint_url(client: @client)
+      end.to_not(change { Doorkeeper::AccessToken.count })
+    end
   end
   context "with invalid confidential client credentials" do
     it "should not issue new token with bad client credentials" do
       expect do
-        post password_token_endpoint_url(client_id: @client.uid,
-                                         client_secret: "bad_secret",
-                                         resource_owner: @resource_owner)
+        post password_token_endpoint_url(
+          client_id: @client.uid,
+          client_secret: "bad_secret",
+          resource_owner: @resource_owner,
+        )
       end.to_not(change { Doorkeeper::AccessToken.count })
     end
   end