doorkeeper 5.3.2 → 5.5.0.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (231) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +106 -2
  3. data/README.md +6 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +4 -4
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +32 -12
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/tokens_controller.rb +60 -20
  8. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  9. data/app/views/doorkeeper/applications/show.html.erb +19 -2
  10. data/config/locales/en.yml +3 -2
  11. data/lib/doorkeeper.rb +107 -79
  12. data/lib/doorkeeper/config.rb +140 -94
  13. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  14. data/lib/doorkeeper/config/option.rb +26 -14
  15. data/lib/doorkeeper/config/validations.rb +53 -0
  16. data/lib/doorkeeper/engine.rb +1 -1
  17. data/lib/doorkeeper/grant_flow.rb +43 -0
  18. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  19. data/lib/doorkeeper/grant_flow/flow.rb +34 -0
  20. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  21. data/lib/doorkeeper/grape/helpers.rb +1 -1
  22. data/lib/doorkeeper/helpers/controller.rb +6 -4
  23. data/lib/doorkeeper/models/access_grant_mixin.rb +20 -16
  24. data/lib/doorkeeper/models/access_token_mixin.rb +110 -47
  25. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  26. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  29. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  30. data/lib/doorkeeper/oauth/authorization/code.rb +15 -6
  31. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  32. data/lib/doorkeeper/oauth/authorization/token.rb +14 -16
  33. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  34. data/lib/doorkeeper/oauth/authorization_code_request.rb +17 -14
  35. data/lib/doorkeeper/oauth/base_request.rb +12 -20
  36. data/lib/doorkeeper/oauth/client.rb +1 -1
  37. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  38. data/lib/doorkeeper/oauth/client_credentials/creator.rb +27 -8
  39. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
  40. data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
  41. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  42. data/lib/doorkeeper/oauth/code_request.rb +3 -3
  43. data/lib/doorkeeper/oauth/code_response.rb +28 -14
  44. data/lib/doorkeeper/oauth/error_response.rb +6 -7
  45. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
  46. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  47. data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
  48. data/lib/doorkeeper/oauth/password_access_token_request.rb +24 -7
  49. data/lib/doorkeeper/oauth/pre_authorization.rb +41 -31
  50. data/lib/doorkeeper/oauth/refresh_token_request.rb +31 -22
  51. data/lib/doorkeeper/oauth/token.rb +5 -6
  52. data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
  53. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  54. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  55. data/lib/doorkeeper/orm/active_record.rb +10 -2
  56. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
  57. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
  58. data/lib/doorkeeper/orm/active_record/mixins/application.rb +20 -16
  59. data/lib/doorkeeper/rails/routes.rb +14 -18
  60. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  61. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  62. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  63. data/lib/doorkeeper/request.rb +49 -12
  64. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  65. data/lib/doorkeeper/request/strategy.rb +2 -2
  66. data/lib/doorkeeper/server.rb +4 -4
  67. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  68. data/lib/doorkeeper/version.rb +3 -3
  69. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  70. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  71. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +2 -0
  72. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  73. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  74. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  75. data/lib/generators/doorkeeper/templates/initializer.rb +48 -10
  76. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  77. metadata +21 -299
  78. data/Appraisals +0 -40
  79. data/CODE_OF_CONDUCT.md +0 -46
  80. data/CONTRIBUTING.md +0 -49
  81. data/Dangerfile +0 -67
  82. data/Dockerfile +0 -29
  83. data/Gemfile +0 -25
  84. data/NEWS.md +0 -1
  85. data/RELEASING.md +0 -11
  86. data/Rakefile +0 -28
  87. data/SECURITY.md +0 -15
  88. data/UPGRADE.md +0 -2
  89. data/bin/console +0 -16
  90. data/doorkeeper.gemspec +0 -42
  91. data/gemfiles/rails_5_0.gemfile +0 -18
  92. data/gemfiles/rails_5_1.gemfile +0 -18
  93. data/gemfiles/rails_5_2.gemfile +0 -18
  94. data/gemfiles/rails_6_0.gemfile +0 -18
  95. data/gemfiles/rails_master.gemfile +0 -18
  96. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  97. data/spec/controllers/applications_controller_spec.rb +0 -274
  98. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  99. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  100. data/spec/controllers/token_info_controller_spec.rb +0 -50
  101. data/spec/controllers/tokens_controller_spec.rb +0 -498
  102. data/spec/dummy/Rakefile +0 -9
  103. data/spec/dummy/app/assets/config/manifest.js +0 -2
  104. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  105. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  106. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  107. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  108. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  109. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  110. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  111. data/spec/dummy/app/models/user.rb +0 -7
  112. data/spec/dummy/app/views/home/index.html.erb +0 -0
  113. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  114. data/spec/dummy/config.ru +0 -6
  115. data/spec/dummy/config/application.rb +0 -49
  116. data/spec/dummy/config/boot.rb +0 -7
  117. data/spec/dummy/config/database.yml +0 -15
  118. data/spec/dummy/config/environment.rb +0 -5
  119. data/spec/dummy/config/environments/development.rb +0 -31
  120. data/spec/dummy/config/environments/production.rb +0 -64
  121. data/spec/dummy/config/environments/test.rb +0 -45
  122. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  123. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  124. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  125. data/spec/dummy/config/initializers/session_store.rb +0 -10
  126. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  127. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  128. data/spec/dummy/config/routes.rb +0 -13
  129. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  130. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  131. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  132. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  133. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  134. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  135. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  136. data/spec/dummy/db/schema.rb +0 -68
  137. data/spec/dummy/public/404.html +0 -26
  138. data/spec/dummy/public/422.html +0 -26
  139. data/spec/dummy/public/500.html +0 -26
  140. data/spec/dummy/public/favicon.ico +0 -0
  141. data/spec/dummy/script/rails +0 -9
  142. data/spec/factories.rb +0 -30
  143. data/spec/generators/application_owner_generator_spec.rb +0 -28
  144. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  145. data/spec/generators/install_generator_spec.rb +0 -36
  146. data/spec/generators/migration_generator_spec.rb +0 -28
  147. data/spec/generators/pkce_generator_spec.rb +0 -28
  148. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  149. data/spec/generators/templates/routes.rb +0 -4
  150. data/spec/generators/views_generator_spec.rb +0 -29
  151. data/spec/grape/grape_integration_spec.rb +0 -137
  152. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  153. data/spec/lib/config_spec.rb +0 -809
  154. data/spec/lib/doorkeeper_spec.rb +0 -27
  155. data/spec/lib/models/expirable_spec.rb +0 -61
  156. data/spec/lib/models/reusable_spec.rb +0 -40
  157. data/spec/lib/models/revocable_spec.rb +0 -59
  158. data/spec/lib/models/scopes_spec.rb +0 -53
  159. data/spec/lib/models/secret_storable_spec.rb +0 -135
  160. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  161. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
  162. data/spec/lib/oauth/base_request_spec.rb +0 -224
  163. data/spec/lib/oauth/base_response_spec.rb +0 -45
  164. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  165. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
  166. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  167. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  168. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  169. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
  170. data/spec/lib/oauth/client_spec.rb +0 -38
  171. data/spec/lib/oauth/code_request_spec.rb +0 -46
  172. data/spec/lib/oauth/code_response_spec.rb +0 -32
  173. data/spec/lib/oauth/error_response_spec.rb +0 -64
  174. data/spec/lib/oauth/error_spec.rb +0 -21
  175. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  176. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  177. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  178. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  179. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  180. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  181. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
  182. data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
  183. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  184. data/spec/lib/oauth/scopes_spec.rb +0 -146
  185. data/spec/lib/oauth/token_request_spec.rb +0 -157
  186. data/spec/lib/oauth/token_response_spec.rb +0 -84
  187. data/spec/lib/oauth/token_spec.rb +0 -156
  188. data/spec/lib/request/strategy_spec.rb +0 -54
  189. data/spec/lib/secret_storing/base_spec.rb +0 -60
  190. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  191. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  192. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  193. data/spec/lib/server_spec.rb +0 -49
  194. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  195. data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
  196. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  197. data/spec/models/doorkeeper/application_spec.rb +0 -482
  198. data/spec/requests/applications/applications_request_spec.rb +0 -259
  199. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  200. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  201. data/spec/requests/endpoints/token_spec.rb +0 -75
  202. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  203. data/spec/requests/flows/authorization_code_spec.rb +0 -525
  204. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  205. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  206. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  207. data/spec/requests/flows/password_spec.rb +0 -316
  208. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  209. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  210. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  211. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  212. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  213. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  214. data/spec/routing/default_routes_spec.rb +0 -41
  215. data/spec/routing/scoped_routes_spec.rb +0 -47
  216. data/spec/spec_helper.rb +0 -54
  217. data/spec/spec_helper_integration.rb +0 -4
  218. data/spec/support/dependencies/factory_bot.rb +0 -4
  219. data/spec/support/doorkeeper_rspec.rb +0 -22
  220. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  221. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  222. data/spec/support/helpers/config_helper.rb +0 -11
  223. data/spec/support/helpers/model_helper.rb +0 -78
  224. data/spec/support/helpers/request_spec_helper.rb +0 -110
  225. data/spec/support/helpers/url_helper.rb +0 -62
  226. data/spec/support/orm/active_record.rb +0 -5
  227. data/spec/support/shared/controllers_shared_context.rb +0 -133
  228. data/spec/support/shared/hashing_shared_context.rb +0 -36
  229. data/spec/support/shared/models_shared_examples.rb +0 -54
  230. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  231. data/spec/version/version_spec.rb +0 -17
@@ -1,27 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper do
6
- describe "#authenticate" do
7
- let(:request) { double }
8
-
9
- it "calls OAuth::Token#authenticate" do
10
- token_strategies = Doorkeeper.config.access_token_methods
11
-
12
- expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
13
- .with(request, *token_strategies)
14
-
15
- Doorkeeper.authenticate(request)
16
- end
17
-
18
- it "accepts custom token strategies" do
19
- token_strategies = %i[first_way second_way]
20
-
21
- expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
22
- .with(request, *token_strategies)
23
-
24
- Doorkeeper.authenticate(request, token_strategies)
25
- end
26
- end
27
- end
@@ -1,61 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Expirable" do
6
- subject do
7
- Class.new do
8
- include Doorkeeper::Models::Expirable
9
- end.new
10
- end
11
-
12
- before do
13
- allow(subject).to receive(:created_at).and_return(1.minute.ago)
14
- end
15
-
16
- describe :expired? do
17
- it "is not expired if time has not passed" do
18
- allow(subject).to receive(:expires_in).and_return(2.minutes)
19
- expect(subject).not_to be_expired
20
- end
21
-
22
- it "is expired if time has passed" do
23
- allow(subject).to receive(:expires_in).and_return(10.seconds)
24
- expect(subject).to be_expired
25
- end
26
-
27
- it "is not expired if expires_in is not set" do
28
- allow(subject).to receive(:expires_in).and_return(nil)
29
- expect(subject).not_to be_expired
30
- end
31
- end
32
-
33
- describe :expires_in_seconds do
34
- it "should return the amount of time remaining until the token is expired" do
35
- allow(subject).to receive(:expires_in).and_return(2.minutes)
36
- expect(subject.expires_in_seconds).to eq(60)
37
- end
38
-
39
- it "should return 0 when expired" do
40
- allow(subject).to receive(:expires_in).and_return(30.seconds)
41
- expect(subject.expires_in_seconds).to eq(0)
42
- end
43
-
44
- it "should return nil when expires_in is nil" do
45
- allow(subject).to receive(:expires_in).and_return(nil)
46
- expect(subject.expires_in_seconds).to be_nil
47
- end
48
- end
49
-
50
- describe :expires_at do
51
- it "should return the expiration time of the token" do
52
- allow(subject).to receive(:expires_in).and_return(2.minutes)
53
- expect(subject.expires_at).to be_a(Time)
54
- end
55
-
56
- it "should return nil when expires_in is nil" do
57
- allow(subject).to receive(:expires_in).and_return(nil)
58
- expect(subject.expires_at).to be_nil
59
- end
60
- end
61
- end
@@ -1,40 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Reusable" do
6
- subject do
7
- Class.new do
8
- include Doorkeeper::Models::Reusable
9
- end.new
10
- end
11
-
12
- describe :reusable? do
13
- it "is reusable if its expires_in is nil" do
14
- allow(subject).to receive(:expired?).and_return(false)
15
- allow(subject).to receive(:expires_in).and_return(nil)
16
- expect(subject).to be_reusable
17
- end
18
-
19
- it "is reusable if its expiry has crossed reusable limit" do
20
- allow(subject).to receive(:expired?).and_return(false)
21
- allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
22
- allow(subject).to receive(:expires_in).and_return(100.seconds)
23
- allow(subject).to receive(:expires_in_seconds).and_return(20.seconds)
24
- expect(subject).to be_reusable
25
- end
26
-
27
- it "is not reusable if its expiry has crossed reusable limit" do
28
- allow(subject).to receive(:expired?).and_return(false)
29
- allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
30
- allow(subject).to receive(:expires_in).and_return(100.seconds)
31
- allow(subject).to receive(:expires_in_seconds).and_return(5.seconds)
32
- expect(subject).not_to be_reusable
33
- end
34
-
35
- it "is not reusable if it is already expired" do
36
- allow(subject).to receive(:expired?).and_return(true)
37
- expect(subject).not_to be_reusable
38
- end
39
- end
40
- end
@@ -1,59 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Revocable" do
6
- subject do
7
- Class.new do
8
- include Doorkeeper::Models::Revocable
9
- end.new
10
- end
11
-
12
- describe :revoke do
13
- it "updates :revoked_at attribute with current time" do
14
- utc = double utc: double
15
- clock = double now: utc
16
- expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now.utc)
17
- subject.revoke(clock)
18
- end
19
- end
20
-
21
- describe :revoked? do
22
- it "is revoked if :revoked_at has passed" do
23
- allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
24
- expect(subject).to be_revoked
25
- end
26
-
27
- it "is not revoked if :revoked_at has not passed" do
28
- allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
29
- expect(subject).not_to be_revoked
30
- end
31
-
32
- it "is not revoked if :revoked_at is not set" do
33
- allow(subject).to receive(:revoked_at).and_return(nil)
34
- expect(subject).not_to be_revoked
35
- end
36
- end
37
-
38
- describe :revoke_previous_refresh_token! do
39
- it "revokes the previous token if existing, and resets the
40
- `previous_refresh_token` attribute" do
41
- previous_token = FactoryBot.create(
42
- :access_token,
43
- refresh_token: "refresh_token",
44
- )
45
- current_token = FactoryBot.create(
46
- :access_token,
47
- previous_refresh_token: previous_token.refresh_token,
48
- )
49
-
50
- expect_any_instance_of(
51
- Doorkeeper::AccessToken,
52
- ).to receive(:revoke).and_call_original
53
- current_token.revoke_previous_refresh_token!
54
-
55
- expect(current_token.previous_refresh_token).to be_empty
56
- expect(previous_token.reload).to be_revoked
57
- end
58
- end
59
- end
@@ -1,53 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Doorkeeper::Models::Scopes" do
6
- subject do
7
- Class.new(Struct.new(:scopes)) do
8
- include Doorkeeper::Models::Scopes
9
- end.new
10
- end
11
-
12
- before do
13
- subject[:scopes] = "public admin"
14
- end
15
-
16
- describe :scopes do
17
- it "is a `Scopes` class" do
18
- expect(subject.scopes).to be_a(Doorkeeper::OAuth::Scopes)
19
- end
20
-
21
- it "includes scopes" do
22
- expect(subject.scopes).to include("public")
23
- end
24
- end
25
-
26
- describe :scopes= do
27
- it "accepts String" do
28
- subject.scopes = "private admin"
29
- expect(subject.scopes_string).to eq("private admin")
30
- end
31
-
32
- it "accepts Array" do
33
- subject.scopes = %w[private admin]
34
- expect(subject.scopes_string).to eq("private admin")
35
- end
36
- end
37
-
38
- describe :scopes_string do
39
- it "is a `Scopes` class" do
40
- expect(subject.scopes_string).to eq("public admin")
41
- end
42
- end
43
-
44
- describe :includes_scope? do
45
- it "should return true if at least one scope is included" do
46
- expect(subject.includes_scope?("public", "private")).to be true
47
- end
48
-
49
- it "should return false if no scopes are included" do
50
- expect(subject.includes_scope?("teacher", "student")).to be false
51
- end
52
- end
53
- end
@@ -1,135 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "SecretStorable" do
6
- let(:clazz) do
7
- Class.new do
8
- include Doorkeeper::Models::SecretStorable
9
-
10
- def self.find_by(*)
11
- raise "stub this"
12
- end
13
-
14
- def update_column(*)
15
- raise "stub this"
16
- end
17
-
18
- def token
19
- raise "stub this"
20
- end
21
- end
22
- end
23
- let(:strategy) { clazz.secret_strategy }
24
-
25
- describe :find_by_plaintext_token do
26
- subject { clazz.send(:find_by_plaintext_token, "attr", "input") }
27
-
28
- it "forwards to the secret_strategy" do
29
- expect(strategy)
30
- .to receive(:transform_secret)
31
- .with("input")
32
- .and_return "found"
33
-
34
- expect(clazz)
35
- .to receive(:find_by)
36
- .with("attr" => "found")
37
- .and_return "result"
38
-
39
- expect(subject).to eq "result"
40
- end
41
-
42
- it "calls find_by_fallback_token if not found" do
43
- expect(clazz)
44
- .to receive(:find_by)
45
- .with("attr" => "input")
46
- .and_return nil
47
-
48
- expect(clazz)
49
- .to receive(:find_by_fallback_token)
50
- .with("attr", "input")
51
- .and_return "fallback"
52
-
53
- expect(subject).to eq "fallback"
54
- end
55
- end
56
-
57
- describe :find_by_fallback_token do
58
- subject { clazz.send(:find_by_fallback_token, "attr", "input") }
59
- let(:fallback) { double(::Doorkeeper::SecretStoring::Plain) }
60
-
61
- it "returns nil if none defined" do
62
- expect(clazz.fallback_secret_strategy).to eq nil
63
- expect(subject).to eq nil
64
- end
65
-
66
- context "if a fallback strategy is defined" do
67
- before do
68
- allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
69
- end
70
-
71
- context "if a resource is defined" do
72
- let(:resource) { double("Token model") }
73
-
74
- it "calls the strategy for lookup" do
75
- expect(clazz)
76
- .to receive(:find_by)
77
- .with("attr" => "fallback")
78
- .and_return(resource)
79
-
80
- expect(fallback)
81
- .to receive(:transform_secret)
82
- .with("input")
83
- .and_return("fallback")
84
-
85
- # store_secret will call the resource
86
- expect(resource)
87
- .to receive(:attr=)
88
- .with("new value")
89
-
90
- # It will upgrade the secret automtically using the current strategy
91
- expect(strategy)
92
- .to receive(:transform_secret)
93
- .with("input")
94
- .and_return("new value")
95
-
96
- expect(resource).to receive(:update).with("attr" => "new value")
97
- expect(subject).to eq resource
98
- end
99
- end
100
-
101
- context "if a resource is not defined" do
102
- before do
103
- allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
104
- end
105
-
106
- it "returns nil" do
107
- expect(clazz)
108
- .to receive(:find_by)
109
- .with("attr" => "fallback")
110
- .and_return(nil)
111
-
112
- expect(fallback)
113
- .to receive(:transform_secret)
114
- .with("input")
115
- .and_return("fallback")
116
-
117
- # It does not find a token even with the fallback method
118
- expect(subject).to be_nil
119
- end
120
- end
121
- end
122
- end
123
-
124
- describe :secret_strategy do
125
- it "defaults to plain strategy" do
126
- expect(strategy).to eq Doorkeeper::SecretStoring::Plain
127
- end
128
- end
129
-
130
- describe :fallback_secret_strategy do
131
- it "defaults to nil" do
132
- expect(clazz.fallback_secret_strategy).to eq nil
133
- end
134
- end
135
- end
@@ -1,39 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth::Authorization
6
- describe URIBuilder do
7
- subject { URIBuilder }
8
-
9
- describe :uri_with_query do
10
- it "returns the uri with query" do
11
- uri = subject.uri_with_query "http://example.com/", parameter: "value"
12
- expect(uri).to eq("http://example.com/?parameter=value")
13
- end
14
-
15
- it "rejects nil values" do
16
- uri = subject.uri_with_query "http://example.com/", parameter: ""
17
- expect(uri).to eq("http://example.com/?")
18
- end
19
-
20
- it "preserves original query parameters" do
21
- uri = subject.uri_with_query "http://example.com/?query1=value", parameter: "value"
22
- expect(uri).to match(/query1=value/)
23
- expect(uri).to match(/parameter=value/)
24
- end
25
- end
26
-
27
- describe :uri_with_fragment do
28
- it "returns uri with parameters as fragments" do
29
- uri = subject.uri_with_fragment "http://example.com/", parameter: "value"
30
- expect(uri).to eq("http://example.com/#parameter=value")
31
- end
32
-
33
- it "preserves original query parameters" do
34
- uri = subject.uri_with_fragment "http://example.com/?query1=value1", parameter: "value"
35
- expect(uri).to eq("http://example.com/?query1=value1#parameter=value")
36
- end
37
- end
38
- end
39
- end
@@ -1,170 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::AuthorizationCodeRequest do
6
- let(:server) do
7
- double :server,
8
- access_token_expires_in: 2.days,
9
- refresh_token_enabled?: false,
10
- custom_access_token_expires_in: lambda { |context|
11
- context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
12
- }
13
- end
14
-
15
- let(:grant) { FactoryBot.create :access_grant }
16
- let(:client) { grant.application }
17
- let(:redirect_uri) { client.redirect_uri }
18
- let(:params) { { redirect_uri: redirect_uri } }
19
-
20
- before do
21
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
22
- end
23
-
24
- subject do
25
- described_class.new(server, grant, client, params)
26
- end
27
-
28
- it "issues a new token for the client" do
29
- expect do
30
- subject.authorize
31
- end.to change { client.reload.access_tokens.count }.by(1)
32
-
33
- expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
34
- end
35
-
36
- it "issues the token with same grant's scopes" do
37
- subject.authorize
38
- expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
39
- end
40
-
41
- it "revokes the grant" do
42
- expect { subject.authorize }.to(change { grant.reload.accessible? })
43
- end
44
-
45
- it "requires the grant to be accessible" do
46
- grant.revoke
47
- subject.validate
48
- expect(subject.error).to eq(:invalid_grant)
49
- end
50
-
51
- it "requires the grant" do
52
- subject.grant = nil
53
- subject.validate
54
- expect(subject.error).to eq(:invalid_grant)
55
- end
56
-
57
- it "requires the client" do
58
- subject.client = nil
59
- subject.validate
60
- expect(subject.error).to eq(:invalid_client)
61
- end
62
-
63
- it "requires the redirect_uri" do
64
- subject.redirect_uri = nil
65
- subject.validate
66
- expect(subject.error).to eq(:invalid_request)
67
- expect(subject.missing_param).to eq(:redirect_uri)
68
- end
69
-
70
- it "invalid code_verifier param because server does not support pkce" do
71
- # Some other ORMs work relies on #respond_to? so it's not a good idea to stub it :\
72
- allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(anything).and_call_original
73
- allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(:code_challenge).and_return(false)
74
-
75
- subject.code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
76
- subject.validate
77
- expect(subject.error).to eq(:invalid_request)
78
- expect(subject.invalid_request_reason).to eq(:not_support_pkce)
79
- end
80
-
81
- it "matches the redirect_uri with grant's one" do
82
- subject.redirect_uri = "http://other.com"
83
- subject.validate
84
- expect(subject.error).to eq(:invalid_grant)
85
- end
86
-
87
- it "matches the client with grant's one" do
88
- subject.client = FactoryBot.create :application
89
- subject.validate
90
- expect(subject.error).to eq(:invalid_grant)
91
- end
92
-
93
- it "skips token creation if there is a matching one reusable" do
94
- scopes = grant.scopes
95
-
96
- Doorkeeper.configure do
97
- orm DOORKEEPER_ORM
98
- reuse_access_token
99
- default_scopes(*scopes)
100
- end
101
-
102
- FactoryBot.create(
103
- :access_token, application_id: client.id,
104
- resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
105
- )
106
-
107
- expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
108
- end
109
-
110
- it "creates token if there is a matching one but non reusable" do
111
- scopes = grant.scopes
112
-
113
- Doorkeeper.configure do
114
- orm DOORKEEPER_ORM
115
- reuse_access_token
116
- default_scopes(*scopes)
117
- end
118
-
119
- FactoryBot.create(
120
- :access_token, application_id: client.id,
121
- resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
122
- )
123
-
124
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
125
-
126
- expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
127
- end
128
-
129
- it "calls configured request callback methods" do
130
- expect(Doorkeeper.configuration.before_successful_strategy_response)
131
- .to receive(:call).with(subject).once
132
- expect(Doorkeeper.configuration.after_successful_strategy_response)
133
- .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
134
-
135
- subject.authorize
136
- end
137
-
138
- context "when redirect_uri contains some query params" do
139
- let(:redirect_uri) { client.redirect_uri + "?query=q" }
140
-
141
- it "compares only host part with grant's redirect_uri" do
142
- subject.validate
143
- expect(subject.error).to eq(nil)
144
- end
145
- end
146
-
147
- context "when redirect_uri is not an URI" do
148
- let(:redirect_uri) { "123d#!s" }
149
-
150
- it "responds with invalid_grant" do
151
- subject.validate
152
- expect(subject.error).to eq(:invalid_grant)
153
- end
154
- end
155
-
156
- context "when redirect_uri is the native one" do
157
- let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
158
-
159
- it "invalidates when redirect_uri of the grant is not native" do
160
- subject.validate
161
- expect(subject.error).to eq(:invalid_grant)
162
- end
163
-
164
- it "validates when redirect_uri of the grant is also native" do
165
- allow(grant).to receive(:redirect_uri) { redirect_uri }
166
- subject.validate
167
- expect(subject.error).to eq(nil)
168
- end
169
- end
170
- end