doorkeeper 5.3.2 → 5.4.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +84 -2
- data/README.md +6 -4
- data/app/controllers/doorkeeper/applications_controller.rb +4 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +31 -12
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +57 -20
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +19 -2
- data/config/locales/en.yml +3 -1
- data/lib/doorkeeper.rb +106 -79
- data/lib/doorkeeper/config.rb +64 -35
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +28 -14
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/helpers.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +4 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +20 -16
- data/lib/doorkeeper/models/access_token_mixin.rb +108 -45
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +15 -6
- data/lib/doorkeeper/oauth/authorization/context.rb +2 -2
- data/lib/doorkeeper/oauth/authorization/token.rb +8 -12
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +18 -8
- data/lib/doorkeeper/oauth/base_request.rb +11 -19
- data/lib/doorkeeper/oauth/client.rb +1 -1
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +26 -8
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +3 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +3 -3
- data/lib/doorkeeper/oauth/code_response.rb +6 -2
- data/lib/doorkeeper/oauth/error_response.rb +2 -4
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -5
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
- data/lib/doorkeeper/oauth/password_access_token_request.rb +4 -6
- data/lib/doorkeeper/oauth/pre_authorization.rb +36 -30
- data/lib/doorkeeper/oauth/refresh_token_request.rb +18 -22
- data/lib/doorkeeper/oauth/token.rb +5 -6
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
- data/lib/doorkeeper/oauth/token_request.rb +3 -3
- data/lib/doorkeeper/oauth/token_response.rb +1 -1
- data/lib/doorkeeper/orm/active_record.rb +10 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +20 -16
- data/lib/doorkeeper/rails/routes.rb +13 -17
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/server.rb +4 -4
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +39 -3
- data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
- metadata +12 -295
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -18
- data/gemfiles/rails_5_1.gemfile +0 -18
- data/gemfiles/rails_5_2.gemfile +0 -18
- data/gemfiles/rails_6_0.gemfile +0 -18
- data/gemfiles/rails_master.gemfile +0 -18
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -608
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -498
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -49
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -809
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
- data/spec/lib/oauth/base_request_spec.rb +0 -224
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -32
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -157
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
- data/spec/models/doorkeeper/access_token_spec.rb +0 -622
- data/spec/models/doorkeeper/application_spec.rb +0 -482
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_spec.rb +0 -525
- data/spec/requests/flows/client_credentials_spec.rb +0 -166
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
@@ -1,36 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/install_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::InstallGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::InstallGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
FileUtils.mkdir(::File.expand_path("config", Pathname(destination_root)))
|
16
|
-
FileUtils.mkdir(::File.expand_path("db", Pathname(destination_root)))
|
17
|
-
FileUtils.copy_file(
|
18
|
-
::File.expand_path("../templates/routes.rb", __FILE__),
|
19
|
-
::File.expand_path("config/routes.rb", Pathname.new(destination_root)),
|
20
|
-
)
|
21
|
-
run_generator
|
22
|
-
end
|
23
|
-
|
24
|
-
it "creates an initializer file" do
|
25
|
-
assert_file "config/initializers/doorkeeper.rb"
|
26
|
-
end
|
27
|
-
|
28
|
-
it "copies the locale file" do
|
29
|
-
assert_file "config/locales/doorkeeper.en.yml"
|
30
|
-
end
|
31
|
-
|
32
|
-
it "adds sample route" do
|
33
|
-
assert_file "config/routes.rb", /use_doorkeeper/
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/migration_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::MigrationGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::MigrationGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
end
|
16
|
-
|
17
|
-
it "creates a migration with a version specifier" do
|
18
|
-
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
19
|
-
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
20
|
-
|
21
|
-
run_generator
|
22
|
-
|
23
|
-
assert_migration "db/migrate/create_doorkeeper_tables.rb" do |migration|
|
24
|
-
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/pkce_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::PkceGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::PkceGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
end
|
16
|
-
|
17
|
-
it "creates a migration with a version specifier" do
|
18
|
-
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
19
|
-
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
20
|
-
|
21
|
-
run_generator
|
22
|
-
|
23
|
-
assert_migration "db/migrate/enable_pkce.rb" do |migration|
|
24
|
-
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/previous_refresh_token_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::PreviousRefreshTokenGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::PreviousRefreshTokenGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
|
16
|
-
allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
|
17
|
-
receive(:no_previous_refresh_token_column?).and_return(true),
|
18
|
-
)
|
19
|
-
end
|
20
|
-
|
21
|
-
it "creates a migration with a version specifier" do
|
22
|
-
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
23
|
-
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
24
|
-
|
25
|
-
run_generator
|
26
|
-
|
27
|
-
assert_migration "db/migrate/add_previous_refresh_token_to_access_tokens.rb" do |migration|
|
28
|
-
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
context "already exist" do
|
33
|
-
it "does not create a migration" do
|
34
|
-
allow_any_instance_of(Doorkeeper::PreviousRefreshTokenGenerator).to(
|
35
|
-
receive(:no_previous_refresh_token_column?).and_call_original,
|
36
|
-
)
|
37
|
-
|
38
|
-
run_generator
|
39
|
-
|
40
|
-
assert_no_migration "db/migrate/add_previous_refresh_token_to_access_tokens.rb"
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
@@ -1,29 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/views_generator"
|
5
|
-
|
6
|
-
describe Doorkeeper::Generators::ViewsGenerator do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::Generators::ViewsGenerator
|
10
|
-
destination File.expand_path("tmp/dummy", __dir__)
|
11
|
-
|
12
|
-
before :each do
|
13
|
-
prepare_destination
|
14
|
-
end
|
15
|
-
|
16
|
-
it "create all views" do
|
17
|
-
run_generator
|
18
|
-
assert_file "app/views/doorkeeper/applications/_form.html.erb"
|
19
|
-
assert_file "app/views/doorkeeper/applications/edit.html.erb"
|
20
|
-
assert_file "app/views/doorkeeper/applications/index.html.erb"
|
21
|
-
assert_file "app/views/doorkeeper/applications/new.html.erb"
|
22
|
-
assert_file "app/views/doorkeeper/applications/show.html.erb"
|
23
|
-
|
24
|
-
assert_file "app/views/doorkeeper/authorizations/error.html.erb"
|
25
|
-
assert_file "app/views/doorkeeper/authorizations/new.html.erb"
|
26
|
-
|
27
|
-
assert_file "app/views/doorkeeper/authorized_applications/index.html.erb"
|
28
|
-
end
|
29
|
-
end
|
@@ -1,137 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "grape"
|
5
|
-
require "rack/test"
|
6
|
-
require "doorkeeper/grape/helpers"
|
7
|
-
|
8
|
-
# Test Grape API application
|
9
|
-
module GrapeApp
|
10
|
-
class API < Grape::API
|
11
|
-
version "v1", using: :path
|
12
|
-
format :json
|
13
|
-
prefix :api
|
14
|
-
|
15
|
-
helpers Doorkeeper::Grape::Helpers
|
16
|
-
|
17
|
-
resource :protected do
|
18
|
-
before do
|
19
|
-
doorkeeper_authorize!
|
20
|
-
end
|
21
|
-
|
22
|
-
desc "Protected resource, requires token."
|
23
|
-
|
24
|
-
get :status do
|
25
|
-
{ token: doorkeeper_token.token }
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
resource :protected_with_endpoint_scopes do
|
30
|
-
before do
|
31
|
-
doorkeeper_authorize!
|
32
|
-
end
|
33
|
-
|
34
|
-
desc "Protected resource, requires token with scopes (defined in endpoint)."
|
35
|
-
|
36
|
-
get :status, scopes: [:admin] do
|
37
|
-
{ response: "OK" }
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
resource :protected_with_helper_scopes do
|
42
|
-
before do
|
43
|
-
doorkeeper_authorize! :admin
|
44
|
-
end
|
45
|
-
|
46
|
-
desc "Protected resource, requires token with scopes (defined in helper)."
|
47
|
-
|
48
|
-
get :status do
|
49
|
-
{ response: "OK" }
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
resource :public do
|
54
|
-
desc "Public resource, no token required."
|
55
|
-
|
56
|
-
get :status do
|
57
|
-
{ response: "OK" }
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
describe "Grape integration" do
|
64
|
-
include Rack::Test::Methods
|
65
|
-
|
66
|
-
def app
|
67
|
-
GrapeApp::API
|
68
|
-
end
|
69
|
-
|
70
|
-
def json_body
|
71
|
-
JSON.parse(last_response.body)
|
72
|
-
end
|
73
|
-
|
74
|
-
let(:client) { FactoryBot.create(:application) }
|
75
|
-
let(:resource) { FactoryBot.create(:doorkeeper_testing_user, name: "Joe", password: "sekret") }
|
76
|
-
let(:access_token) { client_is_authorized(client, resource) }
|
77
|
-
|
78
|
-
context "with valid Access Token" do
|
79
|
-
it "successfully requests protected resource" do
|
80
|
-
get "api/v1/protected/status.json?access_token=#{access_token.token}"
|
81
|
-
|
82
|
-
expect(last_response).to be_successful
|
83
|
-
|
84
|
-
expect(json_body["token"]).to eq(access_token.token)
|
85
|
-
end
|
86
|
-
|
87
|
-
it "successfully requests protected resource with token that has required scopes (Grape endpoint)" do
|
88
|
-
access_token = client_is_authorized(client, resource, scopes: "admin")
|
89
|
-
|
90
|
-
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
|
91
|
-
|
92
|
-
expect(last_response).to be_successful
|
93
|
-
expect(json_body).to have_key("response")
|
94
|
-
end
|
95
|
-
|
96
|
-
it "successfully requests protected resource with token that has required scopes (Doorkeeper helper)" do
|
97
|
-
access_token = client_is_authorized(client, resource, scopes: "admin")
|
98
|
-
|
99
|
-
get "api/v1/protected_with_helper_scopes/status.json?access_token=#{access_token.token}"
|
100
|
-
|
101
|
-
expect(last_response).to be_successful
|
102
|
-
expect(json_body).to have_key("response")
|
103
|
-
end
|
104
|
-
|
105
|
-
it "successfully requests public resource" do
|
106
|
-
get "api/v1/public/status.json"
|
107
|
-
|
108
|
-
expect(last_response).to be_successful
|
109
|
-
expect(json_body).to have_key("response")
|
110
|
-
end
|
111
|
-
end
|
112
|
-
|
113
|
-
context "with invalid Access Token" do
|
114
|
-
it "fails without access token" do
|
115
|
-
get "api/v1/protected/status.json"
|
116
|
-
|
117
|
-
expect(last_response).not_to be_successful
|
118
|
-
expect(json_body).to have_key("error")
|
119
|
-
end
|
120
|
-
|
121
|
-
it "fails for access token without scopes" do
|
122
|
-
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
|
123
|
-
|
124
|
-
expect(last_response).not_to be_successful
|
125
|
-
expect(json_body).to have_key("error")
|
126
|
-
end
|
127
|
-
|
128
|
-
it "fails for access token with invalid scopes" do
|
129
|
-
access_token = client_is_authorized(client, resource, scopes: "read write")
|
130
|
-
|
131
|
-
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
|
132
|
-
|
133
|
-
expect(last_response).not_to be_successful
|
134
|
-
expect(json_body).to have_key("error")
|
135
|
-
end
|
136
|
-
end
|
137
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper::DashboardHelper do
|
6
|
-
describe "#doorkeeper_errors_for" do
|
7
|
-
let(:object) { double errors: { method: messages } }
|
8
|
-
let(:messages) { ["first message", "second message"] }
|
9
|
-
|
10
|
-
context "when object has errors" do
|
11
|
-
it "returns error messages" do
|
12
|
-
messages.each do |message|
|
13
|
-
expect(helper.doorkeeper_errors_for(object, :method)).to include(
|
14
|
-
message.capitalize,
|
15
|
-
)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
context "when object has no errors" do
|
21
|
-
it "returns nil" do
|
22
|
-
expect(helper.doorkeeper_errors_for(object, :amonter_method)).to be_nil
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
data/spec/lib/config_spec.rb
DELETED
@@ -1,809 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper, "configuration" do
|
6
|
-
subject { Doorkeeper.configuration }
|
7
|
-
|
8
|
-
describe "resource_owner_authenticator" do
|
9
|
-
it "sets the block that is accessible via authenticate_resource_owner" do
|
10
|
-
block = proc {}
|
11
|
-
Doorkeeper.configure do
|
12
|
-
orm DOORKEEPER_ORM
|
13
|
-
resource_owner_authenticator(&block)
|
14
|
-
end
|
15
|
-
|
16
|
-
expect(subject.authenticate_resource_owner).to eq(block)
|
17
|
-
end
|
18
|
-
|
19
|
-
it "prints warning message by default" do
|
20
|
-
Doorkeeper.configure do
|
21
|
-
orm DOORKEEPER_ORM
|
22
|
-
end
|
23
|
-
|
24
|
-
expect(Rails.logger).to receive(:warn).with(
|
25
|
-
I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured"),
|
26
|
-
)
|
27
|
-
subject.authenticate_resource_owner.call(nil)
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
describe "resource_owner_from_credentials" do
|
32
|
-
it "sets the block that is accessible via authenticate_resource_owner" do
|
33
|
-
block = proc {}
|
34
|
-
Doorkeeper.configure do
|
35
|
-
orm DOORKEEPER_ORM
|
36
|
-
resource_owner_from_credentials(&block)
|
37
|
-
end
|
38
|
-
|
39
|
-
expect(subject.resource_owner_from_credentials).to eq(block)
|
40
|
-
end
|
41
|
-
|
42
|
-
it "prints warning message by default" do
|
43
|
-
Doorkeeper.configure do
|
44
|
-
orm DOORKEEPER_ORM
|
45
|
-
end
|
46
|
-
|
47
|
-
expect(Rails.logger).to receive(:warn).with(
|
48
|
-
I18n.t("doorkeeper.errors.messages.credential_flow_not_configured"),
|
49
|
-
)
|
50
|
-
subject.resource_owner_from_credentials.call(nil)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
describe "setup_orm_adapter" do
|
55
|
-
it "adds specific error message to NameError exception" do
|
56
|
-
expect do
|
57
|
-
Doorkeeper.configure { orm "hibernate" }
|
58
|
-
end.to raise_error(NameError, /ORM adapter not found \(hibernate\)/)
|
59
|
-
end
|
60
|
-
|
61
|
-
it "does not change other exceptions" do
|
62
|
-
allow(Doorkeeper).to receive(:setup_orm_adapter) { raise NoMethodError }
|
63
|
-
|
64
|
-
expect do
|
65
|
-
Doorkeeper.configure { orm "hibernate" }
|
66
|
-
end.to raise_error(NoMethodError)
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
describe "admin_authenticator" do
|
71
|
-
it "sets the block that is accessible via authenticate_admin" do
|
72
|
-
default_behaviour = "default behaviour"
|
73
|
-
allow(Doorkeeper::Config).to receive(:head).and_return(default_behaviour)
|
74
|
-
|
75
|
-
Doorkeeper.configure do
|
76
|
-
orm DOORKEEPER_ORM
|
77
|
-
end
|
78
|
-
|
79
|
-
expect(subject.authenticate_admin.call({})).to eq(default_behaviour)
|
80
|
-
end
|
81
|
-
|
82
|
-
it "sets the block that is accessible via authenticate_admin" do
|
83
|
-
block = proc {}
|
84
|
-
Doorkeeper.configure do
|
85
|
-
orm DOORKEEPER_ORM
|
86
|
-
admin_authenticator(&block)
|
87
|
-
end
|
88
|
-
|
89
|
-
expect(subject.authenticate_admin).to eq(block)
|
90
|
-
end
|
91
|
-
end
|
92
|
-
|
93
|
-
describe "access_token_expires_in" do
|
94
|
-
it "has 2 hours by default" do
|
95
|
-
expect(subject.access_token_expires_in).to eq(2.hours)
|
96
|
-
end
|
97
|
-
|
98
|
-
it "can change the value" do
|
99
|
-
Doorkeeper.configure do
|
100
|
-
orm DOORKEEPER_ORM
|
101
|
-
access_token_expires_in 4.hours
|
102
|
-
end
|
103
|
-
expect(subject.access_token_expires_in).to eq(4.hours)
|
104
|
-
end
|
105
|
-
|
106
|
-
it "can be set to nil" do
|
107
|
-
Doorkeeper.configure do
|
108
|
-
orm DOORKEEPER_ORM
|
109
|
-
access_token_expires_in nil
|
110
|
-
end
|
111
|
-
|
112
|
-
expect(subject.access_token_expires_in).to be_nil
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
describe "scopes" do
|
117
|
-
it "has default scopes" do
|
118
|
-
Doorkeeper.configure do
|
119
|
-
orm DOORKEEPER_ORM
|
120
|
-
default_scopes :public
|
121
|
-
end
|
122
|
-
|
123
|
-
expect(subject.default_scopes).to include("public")
|
124
|
-
end
|
125
|
-
|
126
|
-
it "has optional scopes" do
|
127
|
-
Doorkeeper.configure do
|
128
|
-
orm DOORKEEPER_ORM
|
129
|
-
optional_scopes :write, :update
|
130
|
-
end
|
131
|
-
|
132
|
-
expect(subject.optional_scopes).to include("write", "update")
|
133
|
-
end
|
134
|
-
|
135
|
-
it "has all scopes" do
|
136
|
-
Doorkeeper.configure do
|
137
|
-
orm DOORKEEPER_ORM
|
138
|
-
default_scopes :normal
|
139
|
-
optional_scopes :admin
|
140
|
-
end
|
141
|
-
|
142
|
-
expect(subject.scopes).to include("normal", "admin")
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
describe "scopes_by_grant_type" do
|
147
|
-
it "is {} by default" do
|
148
|
-
expect(subject.scopes_by_grant_type).to eq({})
|
149
|
-
end
|
150
|
-
|
151
|
-
it "has hash value" do
|
152
|
-
hash = {}
|
153
|
-
Doorkeeper.configure do
|
154
|
-
orm DOORKEEPER_ORM
|
155
|
-
scopes_by_grant_type hash
|
156
|
-
end
|
157
|
-
|
158
|
-
expect(subject.scopes_by_grant_type).to eq(hash)
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
|
-
describe "use_refresh_token" do
|
163
|
-
it "is false by default" do
|
164
|
-
expect(subject.refresh_token_enabled?).to eq(false)
|
165
|
-
end
|
166
|
-
|
167
|
-
it "can change the value" do
|
168
|
-
Doorkeeper.configure do
|
169
|
-
orm DOORKEEPER_ORM
|
170
|
-
use_refresh_token
|
171
|
-
end
|
172
|
-
|
173
|
-
expect(subject.refresh_token_enabled?).to eq(true)
|
174
|
-
end
|
175
|
-
|
176
|
-
it "can accept a boolean parameter" do
|
177
|
-
Doorkeeper.configure do
|
178
|
-
orm DOORKEEPER_ORM
|
179
|
-
use_refresh_token false
|
180
|
-
end
|
181
|
-
|
182
|
-
expect(subject.refresh_token_enabled?).to eq(false)
|
183
|
-
end
|
184
|
-
|
185
|
-
it "can accept a block parameter" do
|
186
|
-
Doorkeeper.configure do
|
187
|
-
orm DOORKEEPER_ORM
|
188
|
-
use_refresh_token { |_context| nil }
|
189
|
-
end
|
190
|
-
|
191
|
-
expect(subject.refresh_token_enabled?).to be_a(Proc)
|
192
|
-
end
|
193
|
-
|
194
|
-
it "does not includes 'refresh_token' in authorization_response_types" do
|
195
|
-
expect(subject.token_grant_types).not_to include "refresh_token"
|
196
|
-
end
|
197
|
-
|
198
|
-
context "is enabled" do
|
199
|
-
before do
|
200
|
-
Doorkeeper.configure do
|
201
|
-
orm DOORKEEPER_ORM
|
202
|
-
use_refresh_token
|
203
|
-
end
|
204
|
-
end
|
205
|
-
|
206
|
-
it "includes 'refresh_token' in authorization_response_types" do
|
207
|
-
expect(subject.token_grant_types).to include "refresh_token"
|
208
|
-
end
|
209
|
-
end
|
210
|
-
end
|
211
|
-
|
212
|
-
describe "token_reuse_limit" do
|
213
|
-
it "is 100 by default" do
|
214
|
-
expect(subject.token_reuse_limit).to eq(100)
|
215
|
-
end
|
216
|
-
|
217
|
-
it "can change the value" do
|
218
|
-
Doorkeeper.configure do
|
219
|
-
token_reuse_limit 90
|
220
|
-
end
|
221
|
-
|
222
|
-
expect(subject.token_reuse_limit).to eq(90)
|
223
|
-
end
|
224
|
-
|
225
|
-
it "sets the value to 100 if invalid value is being set" do
|
226
|
-
expect(Rails.logger).to receive(:warn).with(/will be set to default 100/)
|
227
|
-
|
228
|
-
Doorkeeper.configure do
|
229
|
-
reuse_access_token
|
230
|
-
token_reuse_limit 110
|
231
|
-
end
|
232
|
-
|
233
|
-
expect(subject.token_reuse_limit).to eq(100)
|
234
|
-
end
|
235
|
-
end
|
236
|
-
|
237
|
-
describe "enforce_configured_scopes" do
|
238
|
-
it "is false by default" do
|
239
|
-
expect(subject.enforce_configured_scopes?).to eq(false)
|
240
|
-
end
|
241
|
-
|
242
|
-
it "can change the value" do
|
243
|
-
Doorkeeper.configure do
|
244
|
-
orm DOORKEEPER_ORM
|
245
|
-
enforce_configured_scopes
|
246
|
-
end
|
247
|
-
|
248
|
-
expect(subject.enforce_configured_scopes?).to eq(true)
|
249
|
-
end
|
250
|
-
end
|
251
|
-
|
252
|
-
describe "client_credentials" do
|
253
|
-
it "has defaults order" do
|
254
|
-
expect(subject.client_credentials_methods)
|
255
|
-
.to eq(%i[from_basic from_params])
|
256
|
-
end
|
257
|
-
|
258
|
-
it "can change the value" do
|
259
|
-
Doorkeeper.configure do
|
260
|
-
orm DOORKEEPER_ORM
|
261
|
-
client_credentials :from_digest, :from_params
|
262
|
-
end
|
263
|
-
|
264
|
-
expect(subject.client_credentials_methods)
|
265
|
-
.to eq(%i[from_digest from_params])
|
266
|
-
end
|
267
|
-
end
|
268
|
-
|
269
|
-
describe "force_ssl_in_redirect_uri" do
|
270
|
-
it "is true by default in non-development environments" do
|
271
|
-
expect(subject.force_ssl_in_redirect_uri).to eq(true)
|
272
|
-
end
|
273
|
-
|
274
|
-
it "can change the value" do
|
275
|
-
Doorkeeper.configure do
|
276
|
-
orm DOORKEEPER_ORM
|
277
|
-
force_ssl_in_redirect_uri(false)
|
278
|
-
end
|
279
|
-
|
280
|
-
expect(subject.force_ssl_in_redirect_uri).to eq(false)
|
281
|
-
end
|
282
|
-
|
283
|
-
it "can be a callable object" do
|
284
|
-
block = proc { false }
|
285
|
-
Doorkeeper.configure do
|
286
|
-
orm DOORKEEPER_ORM
|
287
|
-
force_ssl_in_redirect_uri(&block)
|
288
|
-
end
|
289
|
-
|
290
|
-
expect(subject.force_ssl_in_redirect_uri).to eq(block)
|
291
|
-
expect(subject.force_ssl_in_redirect_uri.call).to eq(false)
|
292
|
-
end
|
293
|
-
end
|
294
|
-
|
295
|
-
describe "access_token_methods" do
|
296
|
-
it "has defaults order" do
|
297
|
-
expect(subject.access_token_methods)
|
298
|
-
.to eq(%i[from_bearer_authorization from_access_token_param from_bearer_param])
|
299
|
-
end
|
300
|
-
|
301
|
-
it "can change the value" do
|
302
|
-
Doorkeeper.configure do
|
303
|
-
orm DOORKEEPER_ORM
|
304
|
-
access_token_methods :from_access_token_param, :from_bearer_param
|
305
|
-
end
|
306
|
-
|
307
|
-
expect(subject.access_token_methods)
|
308
|
-
.to eq(%i[from_access_token_param from_bearer_param])
|
309
|
-
end
|
310
|
-
end
|
311
|
-
|
312
|
-
describe "forbid_redirect_uri" do
|
313
|
-
it "is false by default" do
|
314
|
-
expect(subject.forbid_redirect_uri.call(URI.parse("https://localhost"))).to eq(false)
|
315
|
-
end
|
316
|
-
|
317
|
-
it "can be a callable object" do
|
318
|
-
block = proc { true }
|
319
|
-
Doorkeeper.configure do
|
320
|
-
orm DOORKEEPER_ORM
|
321
|
-
forbid_redirect_uri(&block)
|
322
|
-
end
|
323
|
-
|
324
|
-
expect(subject.forbid_redirect_uri).to eq(block)
|
325
|
-
expect(subject.forbid_redirect_uri.call).to eq(true)
|
326
|
-
end
|
327
|
-
end
|
328
|
-
|
329
|
-
describe "enable_application_owner" do
|
330
|
-
it "is disabled by default" do
|
331
|
-
expect(Doorkeeper.configuration.enable_application_owner?).not_to eq(true)
|
332
|
-
end
|
333
|
-
|
334
|
-
context "when enabled without confirmation" do
|
335
|
-
before do
|
336
|
-
Doorkeeper.configure do
|
337
|
-
orm DOORKEEPER_ORM
|
338
|
-
enable_application_owner
|
339
|
-
end
|
340
|
-
end
|
341
|
-
|
342
|
-
it "adds support for application owner" do
|
343
|
-
expect(Doorkeeper::Application.new).to respond_to :owner
|
344
|
-
end
|
345
|
-
|
346
|
-
it "Doorkeeper.configuration.confirm_application_owner? returns false" do
|
347
|
-
expect(Doorkeeper.configuration.confirm_application_owner?).not_to eq(true)
|
348
|
-
end
|
349
|
-
end
|
350
|
-
|
351
|
-
context "when enabled with confirmation set to true" do
|
352
|
-
before do
|
353
|
-
Doorkeeper.configure do
|
354
|
-
orm DOORKEEPER_ORM
|
355
|
-
enable_application_owner confirmation: true
|
356
|
-
end
|
357
|
-
end
|
358
|
-
|
359
|
-
it "adds support for application owner" do
|
360
|
-
expect(Doorkeeper::Application.new).to respond_to :owner
|
361
|
-
end
|
362
|
-
|
363
|
-
it "Doorkeeper.configuration.confirm_application_owner? returns true" do
|
364
|
-
expect(Doorkeeper.configuration.confirm_application_owner?).to eq(true)
|
365
|
-
end
|
366
|
-
end
|
367
|
-
end
|
368
|
-
|
369
|
-
describe "realm" do
|
370
|
-
it "is 'Doorkeeper' by default" do
|
371
|
-
expect(Doorkeeper.configuration.realm).to eq("Doorkeeper")
|
372
|
-
end
|
373
|
-
|
374
|
-
it "can change the value" do
|
375
|
-
Doorkeeper.configure do
|
376
|
-
orm DOORKEEPER_ORM
|
377
|
-
realm "Example"
|
378
|
-
end
|
379
|
-
|
380
|
-
expect(subject.realm).to eq("Example")
|
381
|
-
end
|
382
|
-
end
|
383
|
-
|
384
|
-
describe "grant_flows" do
|
385
|
-
it "is set to all grant flows by default" do
|
386
|
-
expect(Doorkeeper.configuration.grant_flows)
|
387
|
-
.to eq(%w[authorization_code client_credentials])
|
388
|
-
end
|
389
|
-
|
390
|
-
it "can change the value" do
|
391
|
-
Doorkeeper.configure do
|
392
|
-
orm DOORKEEPER_ORM
|
393
|
-
grant_flows %w[authorization_code implicit]
|
394
|
-
end
|
395
|
-
|
396
|
-
expect(subject.grant_flows).to eq %w[authorization_code implicit]
|
397
|
-
end
|
398
|
-
|
399
|
-
context "when including 'authorization_code'" do
|
400
|
-
before do
|
401
|
-
Doorkeeper.configure do
|
402
|
-
orm DOORKEEPER_ORM
|
403
|
-
grant_flows ["authorization_code"]
|
404
|
-
end
|
405
|
-
end
|
406
|
-
|
407
|
-
it "includes 'code' in authorization_response_types" do
|
408
|
-
expect(subject.authorization_response_types).to include "code"
|
409
|
-
end
|
410
|
-
|
411
|
-
it "includes 'authorization_code' in token_grant_types" do
|
412
|
-
expect(subject.token_grant_types).to include "authorization_code"
|
413
|
-
end
|
414
|
-
end
|
415
|
-
|
416
|
-
context "when including 'implicit'" do
|
417
|
-
before do
|
418
|
-
Doorkeeper.configure do
|
419
|
-
orm DOORKEEPER_ORM
|
420
|
-
grant_flows ["implicit"]
|
421
|
-
end
|
422
|
-
end
|
423
|
-
|
424
|
-
it "includes 'token' in authorization_response_types" do
|
425
|
-
expect(subject.authorization_response_types).to include "token"
|
426
|
-
end
|
427
|
-
end
|
428
|
-
|
429
|
-
context "when including 'password'" do
|
430
|
-
before do
|
431
|
-
Doorkeeper.configure do
|
432
|
-
orm DOORKEEPER_ORM
|
433
|
-
grant_flows ["password"]
|
434
|
-
end
|
435
|
-
end
|
436
|
-
|
437
|
-
it "includes 'password' in token_grant_types" do
|
438
|
-
expect(subject.token_grant_types).to include "password"
|
439
|
-
end
|
440
|
-
end
|
441
|
-
|
442
|
-
context "when including 'client_credentials'" do
|
443
|
-
before do
|
444
|
-
Doorkeeper.configure do
|
445
|
-
orm DOORKEEPER_ORM
|
446
|
-
grant_flows ["client_credentials"]
|
447
|
-
end
|
448
|
-
end
|
449
|
-
|
450
|
-
it "includes 'client_credentials' in token_grant_types" do
|
451
|
-
expect(subject.token_grant_types).to include "client_credentials"
|
452
|
-
end
|
453
|
-
end
|
454
|
-
end
|
455
|
-
|
456
|
-
it "raises an exception when configuration is not set" do
|
457
|
-
old_config = Doorkeeper.configuration
|
458
|
-
Doorkeeper.module_eval do
|
459
|
-
@config = nil
|
460
|
-
end
|
461
|
-
|
462
|
-
expect do
|
463
|
-
Doorkeeper.configuration
|
464
|
-
end.to raise_error Doorkeeper::MissingConfiguration
|
465
|
-
|
466
|
-
Doorkeeper.module_eval do
|
467
|
-
@config = old_config
|
468
|
-
end
|
469
|
-
end
|
470
|
-
|
471
|
-
describe "access_token_generator" do
|
472
|
-
it "is 'Doorkeeper::OAuth::Helpers::UniqueToken' by default" do
|
473
|
-
expect(Doorkeeper.configuration.access_token_generator).to(
|
474
|
-
eq("Doorkeeper::OAuth::Helpers::UniqueToken"),
|
475
|
-
)
|
476
|
-
end
|
477
|
-
|
478
|
-
it "can change the value" do
|
479
|
-
Doorkeeper.configure do
|
480
|
-
orm DOORKEEPER_ORM
|
481
|
-
access_token_generator "Example"
|
482
|
-
end
|
483
|
-
expect(subject.access_token_generator).to eq("Example")
|
484
|
-
end
|
485
|
-
end
|
486
|
-
|
487
|
-
describe "default_generator_method" do
|
488
|
-
it "is :urlsafe_base64 by default" do
|
489
|
-
expect(Doorkeeper.configuration.default_generator_method)
|
490
|
-
.to eq(:urlsafe_base64)
|
491
|
-
end
|
492
|
-
|
493
|
-
it "can change the value" do
|
494
|
-
Doorkeeper.configure do
|
495
|
-
orm DOORKEEPER_ORM
|
496
|
-
default_generator_method :hex
|
497
|
-
end
|
498
|
-
|
499
|
-
expect(subject.default_generator_method).to eq(:hex)
|
500
|
-
end
|
501
|
-
end
|
502
|
-
|
503
|
-
describe "base_controller" do
|
504
|
-
context "default" do
|
505
|
-
it { expect(Doorkeeper.configuration.base_controller).to be_an_instance_of(Proc) }
|
506
|
-
|
507
|
-
it "resolves to a ApplicationController::Base in default mode" do
|
508
|
-
expect(Doorkeeper.configuration.resolve_controller(:base))
|
509
|
-
.to eq(ActionController::Base)
|
510
|
-
end
|
511
|
-
|
512
|
-
it "resolves to a ApplicationController::API in api_only mode" do
|
513
|
-
Doorkeeper.configure do
|
514
|
-
api_only
|
515
|
-
end
|
516
|
-
|
517
|
-
expect(Doorkeeper.configuration.resolve_controller(:base))
|
518
|
-
.to eq(ActionController::API)
|
519
|
-
end
|
520
|
-
end
|
521
|
-
|
522
|
-
context "custom" do
|
523
|
-
before do
|
524
|
-
Doorkeeper.configure do
|
525
|
-
orm DOORKEEPER_ORM
|
526
|
-
base_controller "ApplicationController"
|
527
|
-
end
|
528
|
-
end
|
529
|
-
|
530
|
-
it { expect(Doorkeeper.configuration.base_controller).to eq("ApplicationController") }
|
531
|
-
end
|
532
|
-
end
|
533
|
-
|
534
|
-
describe "base_metal_controller" do
|
535
|
-
context "default" do
|
536
|
-
it { expect(Doorkeeper.configuration.base_metal_controller).to eq("ActionController::API") }
|
537
|
-
end
|
538
|
-
|
539
|
-
context "custom" do
|
540
|
-
before do
|
541
|
-
Doorkeeper.configure do
|
542
|
-
orm DOORKEEPER_ORM
|
543
|
-
base_metal_controller { "ApplicationController" }
|
544
|
-
end
|
545
|
-
end
|
546
|
-
|
547
|
-
it { expect(Doorkeeper.configuration.resolve_controller(:base_metal)).to eq(ApplicationController) }
|
548
|
-
end
|
549
|
-
end
|
550
|
-
|
551
|
-
if DOORKEEPER_ORM == :active_record
|
552
|
-
class FakeCustomModel; end
|
553
|
-
|
554
|
-
describe "active_record_options" do
|
555
|
-
let(:models) { [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application] }
|
556
|
-
|
557
|
-
before do
|
558
|
-
models.each do |model|
|
559
|
-
allow(model).to receive(:establish_connection).and_return(true)
|
560
|
-
end
|
561
|
-
end
|
562
|
-
|
563
|
-
it "establishes connection for Doorkeeper models based on options" do
|
564
|
-
models.each do |model|
|
565
|
-
expect(model).to receive(:establish_connection)
|
566
|
-
end
|
567
|
-
|
568
|
-
Doorkeeper.configure do
|
569
|
-
orm DOORKEEPER_ORM
|
570
|
-
active_record_options(
|
571
|
-
establish_connection: Rails.configuration.database_configuration[Rails.env],
|
572
|
-
)
|
573
|
-
end
|
574
|
-
end
|
575
|
-
end
|
576
|
-
|
577
|
-
describe "access_token_class" do
|
578
|
-
it "uses default doorkeeper value" do
|
579
|
-
expect(subject.access_token_class).to eq("Doorkeeper::AccessToken")
|
580
|
-
expect(subject.access_token_model).to be(Doorkeeper::AccessToken)
|
581
|
-
end
|
582
|
-
|
583
|
-
it "can change the value" do
|
584
|
-
Doorkeeper.configure do
|
585
|
-
orm DOORKEEPER_ORM
|
586
|
-
access_token_class "FakeCustomModel"
|
587
|
-
end
|
588
|
-
|
589
|
-
expect(subject.access_token_class).to eq("FakeCustomModel")
|
590
|
-
expect(subject.access_token_model).to be(FakeCustomModel)
|
591
|
-
end
|
592
|
-
end
|
593
|
-
|
594
|
-
describe "access_grant_class" do
|
595
|
-
it "uses default doorkeeper value" do
|
596
|
-
expect(subject.access_grant_class).to eq("Doorkeeper::AccessGrant")
|
597
|
-
expect(subject.access_grant_model).to be(Doorkeeper::AccessGrant)
|
598
|
-
end
|
599
|
-
|
600
|
-
it "can change the value" do
|
601
|
-
Doorkeeper.configure do
|
602
|
-
orm DOORKEEPER_ORM
|
603
|
-
access_grant_class "FakeCustomModel"
|
604
|
-
end
|
605
|
-
|
606
|
-
expect(subject.access_grant_class).to eq("FakeCustomModel")
|
607
|
-
expect(subject.access_grant_model).to be(FakeCustomModel)
|
608
|
-
end
|
609
|
-
end
|
610
|
-
|
611
|
-
describe "application_class" do
|
612
|
-
it "uses default doorkeeper value" do
|
613
|
-
expect(subject.application_class).to eq("Doorkeeper::Application")
|
614
|
-
expect(subject.application_model).to be(Doorkeeper::Application)
|
615
|
-
end
|
616
|
-
|
617
|
-
it "can change the value" do
|
618
|
-
Doorkeeper.configure do
|
619
|
-
orm DOORKEEPER_ORM
|
620
|
-
application_class "FakeCustomModel"
|
621
|
-
end
|
622
|
-
|
623
|
-
expect(subject.application_class).to eq("FakeCustomModel")
|
624
|
-
expect(subject.application_model).to be(FakeCustomModel)
|
625
|
-
end
|
626
|
-
end
|
627
|
-
end
|
628
|
-
|
629
|
-
describe "api_only" do
|
630
|
-
it "is false by default" do
|
631
|
-
expect(subject.api_only).to eq(false)
|
632
|
-
end
|
633
|
-
|
634
|
-
it "can change the value" do
|
635
|
-
Doorkeeper.configure do
|
636
|
-
orm DOORKEEPER_ORM
|
637
|
-
api_only
|
638
|
-
end
|
639
|
-
|
640
|
-
expect(subject.api_only).to eq(true)
|
641
|
-
end
|
642
|
-
end
|
643
|
-
|
644
|
-
describe "token_lookup_batch_size" do
|
645
|
-
it "uses default doorkeeper value" do
|
646
|
-
expect(subject.token_lookup_batch_size).to eq(10_000)
|
647
|
-
end
|
648
|
-
|
649
|
-
it "can change the value" do
|
650
|
-
Doorkeeper.configure do
|
651
|
-
orm DOORKEEPER_ORM
|
652
|
-
token_lookup_batch_size 100_000
|
653
|
-
end
|
654
|
-
|
655
|
-
expect(subject.token_lookup_batch_size).to eq(100_000)
|
656
|
-
end
|
657
|
-
end
|
658
|
-
|
659
|
-
describe "strict_content_type" do
|
660
|
-
it "is false by default" do
|
661
|
-
expect(subject.enforce_content_type).to eq(false)
|
662
|
-
end
|
663
|
-
|
664
|
-
it "can change the value" do
|
665
|
-
Doorkeeper.configure do
|
666
|
-
orm DOORKEEPER_ORM
|
667
|
-
enforce_content_type
|
668
|
-
end
|
669
|
-
|
670
|
-
expect(subject.enforce_content_type).to eq(true)
|
671
|
-
end
|
672
|
-
end
|
673
|
-
|
674
|
-
describe "handle_auth_errors" do
|
675
|
-
it "is set to render by default" do
|
676
|
-
expect(Doorkeeper.configuration.handle_auth_errors).to eq(:render)
|
677
|
-
end
|
678
|
-
it "can change the value" do
|
679
|
-
Doorkeeper.configure do
|
680
|
-
orm DOORKEEPER_ORM
|
681
|
-
handle_auth_errors :raise
|
682
|
-
end
|
683
|
-
expect(subject.handle_auth_errors).to eq(:raise)
|
684
|
-
end
|
685
|
-
end
|
686
|
-
|
687
|
-
describe "token_secret_strategy" do
|
688
|
-
it "is plain by default" do
|
689
|
-
expect(subject.token_secret_strategy).to eq(Doorkeeper::SecretStoring::Plain)
|
690
|
-
expect(subject.token_secret_fallback_strategy).to eq(nil)
|
691
|
-
end
|
692
|
-
|
693
|
-
context "when provided" do
|
694
|
-
before do
|
695
|
-
Doorkeeper.configure do
|
696
|
-
hash_token_secrets
|
697
|
-
end
|
698
|
-
end
|
699
|
-
|
700
|
-
it "will enable hashing for applications" do
|
701
|
-
expect(subject.token_secret_strategy).to eq(Doorkeeper::SecretStoring::Sha256Hash)
|
702
|
-
expect(subject.token_secret_fallback_strategy).to eq(nil)
|
703
|
-
end
|
704
|
-
end
|
705
|
-
|
706
|
-
context "when manually provided with invalid constant" do
|
707
|
-
it "raises an exception" do
|
708
|
-
expect do
|
709
|
-
Doorkeeper.configure do
|
710
|
-
hash_token_secrets using: "does not exist"
|
711
|
-
end
|
712
|
-
end.to raise_error(NameError)
|
713
|
-
end
|
714
|
-
end
|
715
|
-
|
716
|
-
context "when manually provided with invalid option" do
|
717
|
-
it "raises an exception" do
|
718
|
-
expect do
|
719
|
-
Doorkeeper.configure do
|
720
|
-
hash_token_secrets using: "Doorkeeper::SecretStoring::BCrypt"
|
721
|
-
end
|
722
|
-
end.to raise_error(
|
723
|
-
ArgumentError,
|
724
|
-
/can only be used for storing application secrets/,
|
725
|
-
)
|
726
|
-
end
|
727
|
-
end
|
728
|
-
|
729
|
-
context "when provided with fallback" do
|
730
|
-
before do
|
731
|
-
Doorkeeper.configure do
|
732
|
-
hash_token_secrets fallback: :plain
|
733
|
-
end
|
734
|
-
end
|
735
|
-
|
736
|
-
it "will enable hashing for applications" do
|
737
|
-
expect(subject.token_secret_strategy).to eq(Doorkeeper::SecretStoring::Sha256Hash)
|
738
|
-
expect(subject.token_secret_fallback_strategy).to eq(Doorkeeper::SecretStoring::Plain)
|
739
|
-
end
|
740
|
-
end
|
741
|
-
|
742
|
-
describe "hash_token_secrets together with reuse_access_token" do
|
743
|
-
it "will disable reuse_access_token" do
|
744
|
-
expect(Rails.logger).to receive(:warn).with(/reuse_access_token will be disabled/)
|
745
|
-
|
746
|
-
Doorkeeper.configure do
|
747
|
-
reuse_access_token
|
748
|
-
hash_token_secrets
|
749
|
-
end
|
750
|
-
|
751
|
-
expect(subject.reuse_access_token).to eq(false)
|
752
|
-
end
|
753
|
-
end
|
754
|
-
end
|
755
|
-
|
756
|
-
describe "application_secret_strategy" do
|
757
|
-
it "is plain by default" do
|
758
|
-
expect(subject.application_secret_strategy).to eq(Doorkeeper::SecretStoring::Plain)
|
759
|
-
expect(subject.application_secret_fallback_strategy).to eq(nil)
|
760
|
-
end
|
761
|
-
|
762
|
-
context "when provided" do
|
763
|
-
before do
|
764
|
-
Doorkeeper.configure do
|
765
|
-
hash_application_secrets
|
766
|
-
end
|
767
|
-
end
|
768
|
-
|
769
|
-
it "will enable hashing for applications" do
|
770
|
-
expect(subject.application_secret_strategy).to eq(Doorkeeper::SecretStoring::Sha256Hash)
|
771
|
-
expect(subject.application_secret_fallback_strategy).to eq(nil)
|
772
|
-
end
|
773
|
-
end
|
774
|
-
|
775
|
-
context "when manually provided with invalid constant" do
|
776
|
-
it "raises an exception" do
|
777
|
-
expect do
|
778
|
-
Doorkeeper.configure do
|
779
|
-
hash_application_secrets using: "does not exist"
|
780
|
-
end
|
781
|
-
end.to raise_error(NameError)
|
782
|
-
end
|
783
|
-
end
|
784
|
-
|
785
|
-
context "when provided with fallback" do
|
786
|
-
before do
|
787
|
-
Doorkeeper.configure do
|
788
|
-
hash_application_secrets fallback: :plain
|
789
|
-
end
|
790
|
-
end
|
791
|
-
|
792
|
-
it "will enable hashing for applications" do
|
793
|
-
expect(subject.application_secret_strategy).to eq(Doorkeeper::SecretStoring::Sha256Hash)
|
794
|
-
expect(subject.application_secret_fallback_strategy).to eq(Doorkeeper::SecretStoring::Plain)
|
795
|
-
end
|
796
|
-
end
|
797
|
-
end
|
798
|
-
|
799
|
-
describe "options deprecation" do
|
800
|
-
it "prints a warning message when an option is deprecated" do
|
801
|
-
expect(Kernel).to receive(:warn).with(
|
802
|
-
"[DOORKEEPER] native_redirect_uri has been deprecated and will soon be removed",
|
803
|
-
)
|
804
|
-
Doorkeeper.configure do
|
805
|
-
native_redirect_uri "urn:ietf:wg:oauth:2.0:oob"
|
806
|
-
end
|
807
|
-
end
|
808
|
-
end
|
809
|
-
end
|