doorkeeper 5.3.2 → 5.5.0.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (231) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +106 -2
  3. data/README.md +6 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +4 -4
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +32 -12
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/tokens_controller.rb +60 -20
  8. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  9. data/app/views/doorkeeper/applications/show.html.erb +19 -2
  10. data/config/locales/en.yml +3 -2
  11. data/lib/doorkeeper.rb +107 -79
  12. data/lib/doorkeeper/config.rb +140 -94
  13. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  14. data/lib/doorkeeper/config/option.rb +26 -14
  15. data/lib/doorkeeper/config/validations.rb +53 -0
  16. data/lib/doorkeeper/engine.rb +1 -1
  17. data/lib/doorkeeper/grant_flow.rb +43 -0
  18. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  19. data/lib/doorkeeper/grant_flow/flow.rb +34 -0
  20. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  21. data/lib/doorkeeper/grape/helpers.rb +1 -1
  22. data/lib/doorkeeper/helpers/controller.rb +6 -4
  23. data/lib/doorkeeper/models/access_grant_mixin.rb +20 -16
  24. data/lib/doorkeeper/models/access_token_mixin.rb +110 -47
  25. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  26. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  29. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  30. data/lib/doorkeeper/oauth/authorization/code.rb +15 -6
  31. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  32. data/lib/doorkeeper/oauth/authorization/token.rb +14 -16
  33. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  34. data/lib/doorkeeper/oauth/authorization_code_request.rb +17 -14
  35. data/lib/doorkeeper/oauth/base_request.rb +12 -20
  36. data/lib/doorkeeper/oauth/client.rb +1 -1
  37. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  38. data/lib/doorkeeper/oauth/client_credentials/creator.rb +27 -8
  39. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
  40. data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
  41. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  42. data/lib/doorkeeper/oauth/code_request.rb +3 -3
  43. data/lib/doorkeeper/oauth/code_response.rb +28 -14
  44. data/lib/doorkeeper/oauth/error_response.rb +6 -7
  45. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
  46. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  47. data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
  48. data/lib/doorkeeper/oauth/password_access_token_request.rb +24 -7
  49. data/lib/doorkeeper/oauth/pre_authorization.rb +41 -31
  50. data/lib/doorkeeper/oauth/refresh_token_request.rb +31 -22
  51. data/lib/doorkeeper/oauth/token.rb +5 -6
  52. data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
  53. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  54. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  55. data/lib/doorkeeper/orm/active_record.rb +10 -2
  56. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
  57. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
  58. data/lib/doorkeeper/orm/active_record/mixins/application.rb +20 -16
  59. data/lib/doorkeeper/rails/routes.rb +14 -18
  60. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  61. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  62. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  63. data/lib/doorkeeper/request.rb +49 -12
  64. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  65. data/lib/doorkeeper/request/strategy.rb +2 -2
  66. data/lib/doorkeeper/server.rb +4 -4
  67. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  68. data/lib/doorkeeper/version.rb +3 -3
  69. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  70. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  71. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +2 -0
  72. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  73. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  74. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  75. data/lib/generators/doorkeeper/templates/initializer.rb +48 -10
  76. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  77. metadata +21 -299
  78. data/Appraisals +0 -40
  79. data/CODE_OF_CONDUCT.md +0 -46
  80. data/CONTRIBUTING.md +0 -49
  81. data/Dangerfile +0 -67
  82. data/Dockerfile +0 -29
  83. data/Gemfile +0 -25
  84. data/NEWS.md +0 -1
  85. data/RELEASING.md +0 -11
  86. data/Rakefile +0 -28
  87. data/SECURITY.md +0 -15
  88. data/UPGRADE.md +0 -2
  89. data/bin/console +0 -16
  90. data/doorkeeper.gemspec +0 -42
  91. data/gemfiles/rails_5_0.gemfile +0 -18
  92. data/gemfiles/rails_5_1.gemfile +0 -18
  93. data/gemfiles/rails_5_2.gemfile +0 -18
  94. data/gemfiles/rails_6_0.gemfile +0 -18
  95. data/gemfiles/rails_master.gemfile +0 -18
  96. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  97. data/spec/controllers/applications_controller_spec.rb +0 -274
  98. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  99. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  100. data/spec/controllers/token_info_controller_spec.rb +0 -50
  101. data/spec/controllers/tokens_controller_spec.rb +0 -498
  102. data/spec/dummy/Rakefile +0 -9
  103. data/spec/dummy/app/assets/config/manifest.js +0 -2
  104. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  105. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  106. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  107. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  108. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  109. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  110. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  111. data/spec/dummy/app/models/user.rb +0 -7
  112. data/spec/dummy/app/views/home/index.html.erb +0 -0
  113. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  114. data/spec/dummy/config.ru +0 -6
  115. data/spec/dummy/config/application.rb +0 -49
  116. data/spec/dummy/config/boot.rb +0 -7
  117. data/spec/dummy/config/database.yml +0 -15
  118. data/spec/dummy/config/environment.rb +0 -5
  119. data/spec/dummy/config/environments/development.rb +0 -31
  120. data/spec/dummy/config/environments/production.rb +0 -64
  121. data/spec/dummy/config/environments/test.rb +0 -45
  122. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  123. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  124. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  125. data/spec/dummy/config/initializers/session_store.rb +0 -10
  126. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  127. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  128. data/spec/dummy/config/routes.rb +0 -13
  129. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  130. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  131. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  132. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  133. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  134. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  135. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  136. data/spec/dummy/db/schema.rb +0 -68
  137. data/spec/dummy/public/404.html +0 -26
  138. data/spec/dummy/public/422.html +0 -26
  139. data/spec/dummy/public/500.html +0 -26
  140. data/spec/dummy/public/favicon.ico +0 -0
  141. data/spec/dummy/script/rails +0 -9
  142. data/spec/factories.rb +0 -30
  143. data/spec/generators/application_owner_generator_spec.rb +0 -28
  144. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  145. data/spec/generators/install_generator_spec.rb +0 -36
  146. data/spec/generators/migration_generator_spec.rb +0 -28
  147. data/spec/generators/pkce_generator_spec.rb +0 -28
  148. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  149. data/spec/generators/templates/routes.rb +0 -4
  150. data/spec/generators/views_generator_spec.rb +0 -29
  151. data/spec/grape/grape_integration_spec.rb +0 -137
  152. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  153. data/spec/lib/config_spec.rb +0 -809
  154. data/spec/lib/doorkeeper_spec.rb +0 -27
  155. data/spec/lib/models/expirable_spec.rb +0 -61
  156. data/spec/lib/models/reusable_spec.rb +0 -40
  157. data/spec/lib/models/revocable_spec.rb +0 -59
  158. data/spec/lib/models/scopes_spec.rb +0 -53
  159. data/spec/lib/models/secret_storable_spec.rb +0 -135
  160. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  161. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
  162. data/spec/lib/oauth/base_request_spec.rb +0 -224
  163. data/spec/lib/oauth/base_response_spec.rb +0 -45
  164. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  165. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
  166. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  167. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  168. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  169. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
  170. data/spec/lib/oauth/client_spec.rb +0 -38
  171. data/spec/lib/oauth/code_request_spec.rb +0 -46
  172. data/spec/lib/oauth/code_response_spec.rb +0 -32
  173. data/spec/lib/oauth/error_response_spec.rb +0 -64
  174. data/spec/lib/oauth/error_spec.rb +0 -21
  175. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  176. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  177. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  178. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  179. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  180. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  181. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
  182. data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
  183. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  184. data/spec/lib/oauth/scopes_spec.rb +0 -146
  185. data/spec/lib/oauth/token_request_spec.rb +0 -157
  186. data/spec/lib/oauth/token_response_spec.rb +0 -84
  187. data/spec/lib/oauth/token_spec.rb +0 -156
  188. data/spec/lib/request/strategy_spec.rb +0 -54
  189. data/spec/lib/secret_storing/base_spec.rb +0 -60
  190. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  191. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  192. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  193. data/spec/lib/server_spec.rb +0 -49
  194. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  195. data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
  196. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  197. data/spec/models/doorkeeper/application_spec.rb +0 -482
  198. data/spec/requests/applications/applications_request_spec.rb +0 -259
  199. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  200. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  201. data/spec/requests/endpoints/token_spec.rb +0 -75
  202. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  203. data/spec/requests/flows/authorization_code_spec.rb +0 -525
  204. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  205. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  206. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  207. data/spec/requests/flows/password_spec.rb +0 -316
  208. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  209. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  210. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  211. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  212. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  213. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  214. data/spec/routing/default_routes_spec.rb +0 -41
  215. data/spec/routing/scoped_routes_spec.rb +0 -47
  216. data/spec/spec_helper.rb +0 -54
  217. data/spec/spec_helper_integration.rb +0 -4
  218. data/spec/support/dependencies/factory_bot.rb +0 -4
  219. data/spec/support/doorkeeper_rspec.rb +0 -22
  220. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  221. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  222. data/spec/support/helpers/config_helper.rb +0 -11
  223. data/spec/support/helpers/model_helper.rb +0 -78
  224. data/spec/support/helpers/request_spec_helper.rb +0 -110
  225. data/spec/support/helpers/url_helper.rb +0 -62
  226. data/spec/support/orm/active_record.rb +0 -5
  227. data/spec/support/shared/controllers_shared_context.rb +0 -133
  228. data/spec/support/shared/hashing_shared_context.rb +0 -36
  229. data/spec/support/shared/models_shared_examples.rb +0 -54
  230. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  231. data/spec/version/version_spec.rb +0 -17
@@ -1,21 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::Error do
6
- subject(:error) { described_class.new(:some_error, :some_state) }
7
-
8
- it { expect(subject).to respond_to(:name) }
9
- it { expect(subject).to respond_to(:state) }
10
-
11
- describe "#description" do
12
- it "is translated from translation messages" do
13
- expect(I18n).to receive(:translate).with(
14
- :some_error,
15
- scope: %i[doorkeeper errors messages],
16
- default: :server_error,
17
- )
18
- error.description
19
- end
20
- end
21
- end
@@ -1,20 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ForbiddenTokenResponse do
6
- describe "#name" do
7
- it { expect(subject.name).to eq(:invalid_scope) }
8
- end
9
-
10
- describe "#status" do
11
- it { expect(subject.status).to eq(:forbidden) }
12
- end
13
-
14
- describe ".from_scopes" do
15
- it "should have a list of acceptable scopes" do
16
- response = described_class.from_scopes(["public"])
17
- expect(response.description).to include("public")
18
- end
19
- end
20
- end
@@ -1,110 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth::Helpers
6
- describe ScopeChecker, ".valid?" do
7
- let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
8
-
9
- it "is valid if scope is present" do
10
- server_scopes.add :scope
11
- expect(ScopeChecker.valid?(scope_str: "scope", server_scopes: server_scopes)).to be_truthy
12
- end
13
-
14
- it "is invalid if includes tabs space" do
15
- expect(ScopeChecker.valid?(scope_str: "\tsomething", server_scopes: server_scopes)).to be_falsey
16
- end
17
-
18
- it "is invalid if scope is not present" do
19
- expect(ScopeChecker.valid?(scope_str: nil, server_scopes: server_scopes)).to be_falsey
20
- end
21
-
22
- it "is invalid if scope is blank" do
23
- expect(ScopeChecker.valid?(scope_str: " ", server_scopes: server_scopes)).to be_falsey
24
- end
25
-
26
- it "is invalid if includes return space" do
27
- expect(ScopeChecker.valid?(scope_str: "scope\r", server_scopes: server_scopes)).to be_falsey
28
- end
29
-
30
- it "is invalid if includes new lines" do
31
- expect(ScopeChecker.valid?(scope_str: "scope\nanother", server_scopes: server_scopes)).to be_falsey
32
- end
33
-
34
- it "is invalid if any scope is not included in server scopes" do
35
- expect(ScopeChecker.valid?(scope_str: "scope another", server_scopes: server_scopes)).to be_falsey
36
- end
37
-
38
- context "with application_scopes" do
39
- let(:server_scopes) do
40
- Doorkeeper::OAuth::Scopes.from_string "common svr"
41
- end
42
- let(:application_scopes) do
43
- Doorkeeper::OAuth::Scopes.from_string "app123"
44
- end
45
-
46
- it "is valid if scope is included in the application scope list" do
47
- expect(ScopeChecker.valid?(
48
- scope_str: "app123",
49
- server_scopes: server_scopes,
50
- app_scopes: application_scopes,
51
- )).to be_truthy
52
- end
53
-
54
- it "is invalid if any scope is not included in the application" do
55
- expect(ScopeChecker.valid?(
56
- scope_str: "svr",
57
- server_scopes: server_scopes,
58
- app_scopes: application_scopes,
59
- )).to be_falsey
60
- end
61
- end
62
-
63
- context "with grant_type" do
64
- let(:server_scopes) do
65
- Doorkeeper::OAuth::Scopes.from_string "scope1 scope2"
66
- end
67
-
68
- context "with scopes_by_grant_type not configured for grant_type" do
69
- it "is valid if the scope is in server scopes" do
70
- expect(ScopeChecker.valid?(
71
- scope_str: "scope1",
72
- server_scopes: server_scopes,
73
- grant_type: Doorkeeper::OAuth::PASSWORD,
74
- )).to be_truthy
75
- end
76
-
77
- it "is invalid if the scope is not in server scopes" do
78
- expect(ScopeChecker.valid?(
79
- scope_str: "unknown",
80
- server_scopes: server_scopes,
81
- grant_type: Doorkeeper::OAuth::PASSWORD,
82
- )).to be_falsey
83
- end
84
- end
85
-
86
- context "when scopes_by_grant_type configured for grant_type" do
87
- before do
88
- allow(Doorkeeper.configuration).to receive(:scopes_by_grant_type)
89
- .and_return(password: [:scope1])
90
- end
91
-
92
- it "is valid if the scope is permitted for grant_type" do
93
- expect(ScopeChecker.valid?(
94
- scope_str: "scope1",
95
- server_scopes: server_scopes,
96
- grant_type: Doorkeeper::OAuth::PASSWORD,
97
- )).to be_truthy
98
- end
99
-
100
- it "is invalid if the scope is permitted for grant_type" do
101
- expect(ScopeChecker.valid?(
102
- scope_str: "scope2",
103
- server_scopes: server_scopes,
104
- grant_type: Doorkeeper::OAuth::PASSWORD,
105
- )).to be_falsey
106
- end
107
- end
108
- end
109
- end
110
- end
@@ -1,21 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth::Helpers
6
- describe UniqueToken do
7
- let :generator do
8
- ->(size) { "a" * size }
9
- end
10
-
11
- it "is able to customize the generator method" do
12
- token = UniqueToken.generate(generator: generator)
13
- expect(token).to eq("a" * 32)
14
- end
15
-
16
- it "is able to customize the size of the token" do
17
- token = UniqueToken.generate(generator: generator, size: 2)
18
- expect(token).to eq("aa")
19
- end
20
- end
21
- end
@@ -1,262 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth::Helpers
6
- describe URIChecker do
7
- describe ".valid?" do
8
- it "is valid for valid uris" do
9
- uri = "http://app.co"
10
- expect(URIChecker.valid?(uri)).to be_truthy
11
- end
12
-
13
- it "is valid if include path param" do
14
- uri = "http://app.co/path"
15
- expect(URIChecker.valid?(uri)).to be_truthy
16
- end
17
-
18
- it "is valid if include query param" do
19
- uri = "http://app.co/?query=1"
20
- expect(URIChecker.valid?(uri)).to be_truthy
21
- end
22
-
23
- it "is invalid if uri includes fragment" do
24
- uri = "http://app.co/test#fragment"
25
- expect(URIChecker.valid?(uri)).to be_falsey
26
- end
27
-
28
- it "is invalid if scheme is missing" do
29
- uri = "app.co"
30
- expect(URIChecker.valid?(uri)).to be_falsey
31
- end
32
-
33
- it "is invalid if is a relative uri" do
34
- uri = "/abc/123"
35
- expect(URIChecker.valid?(uri)).to be_falsey
36
- end
37
-
38
- it "is invalid if is not a url" do
39
- uri = "http://"
40
- expect(URIChecker.valid?(uri)).to be_falsey
41
- end
42
-
43
- it "is invalid if localhost is resolved as as scheme (no scheme specified)" do
44
- uri = "localhost:8080"
45
- expect(URIChecker.valid?(uri)).to be_falsey
46
- end
47
-
48
- it "is invalid if scheme is missing #2" do
49
- uri = "app.co:80"
50
- expect(URIChecker.valid?(uri)).to be_falsey
51
- end
52
-
53
- it "is invalid if is not an uri" do
54
- uri = " "
55
- expect(URIChecker.valid?(uri)).to be_falsey
56
- end
57
-
58
- it "is valid for custom schemes" do
59
- uri = "com.example.app:/test"
60
- expect(URIChecker.valid?(uri)).to be_truthy
61
- end
62
-
63
- it "is valid for custom schemes with authority marker (common misconfiguration)" do
64
- uri = "com.example.app://test"
65
- expect(URIChecker.valid?(uri)).to be_truthy
66
- end
67
- end
68
-
69
- describe ".matches?" do
70
- it "is true if both url matches" do
71
- uri = client_uri = "http://app.co/aaa"
72
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
73
- end
74
-
75
- it "ignores query parameter on comparsion" do
76
- uri = "http://app.co/?query=hello"
77
- client_uri = "http://app.co"
78
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
79
- end
80
-
81
- it "doesn't allow non-matching domains through" do
82
- uri = "http://app.abc/?query=hello"
83
- client_uri = "http://app.co"
84
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
85
- end
86
-
87
- it "doesn't allow non-matching domains that don't start at the beginning" do
88
- uri = "http://app.co/?query=hello"
89
- client_uri = "http://example.com?app.co=test"
90
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
91
- end
92
-
93
- context "loopback IP redirect URIs" do
94
- it "ignores port for same URIs" do
95
- uri = "http://127.0.0.1:5555/auth/callback"
96
- client_uri = "http://127.0.0.1:48599/auth/callback"
97
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
98
-
99
- uri = "http://[::1]:5555/auth/callback"
100
- client_uri = "http://[::1]:5555/auth/callback"
101
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
102
- end
103
-
104
- it "doesn't ignore port for URIs with different queries" do
105
- uri = "http://127.0.0.1:5555/auth/callback"
106
- client_uri = "http://127.0.0.1:48599/auth/callback2"
107
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
108
- end
109
- end
110
-
111
- context "client registered query params" do
112
- it "doesn't allow query being absent" do
113
- uri = "http://app.co"
114
- client_uri = "http://app.co/?vendorId=AJ4L7XXW9"
115
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
116
- end
117
-
118
- it "is false if query values differ but key same" do
119
- uri = "http://app.co/?vendorId=pancakes"
120
- client_uri = "http://app.co/?vendorId=waffles"
121
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
122
- end
123
-
124
- it "is false if query values same but key differs" do
125
- uri = "http://app.co/?foo=pancakes"
126
- client_uri = "http://app.co/?bar=pancakes"
127
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
128
- end
129
-
130
- it "is false if query present and match, but unknown queries present" do
131
- uri = "http://app.co/?vendorId=pancakes&unknown=query"
132
- client_uri = "http://app.co/?vendorId=waffles"
133
- expect(URIChecker.matches?(uri, client_uri)).to be_falsey
134
- end
135
-
136
- it "is true if queries are present and matche" do
137
- uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
138
- client_uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
139
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
140
- end
141
-
142
- it "is true if queries are present, match and in different order" do
143
- uri = "http://app.co/?bing=bang&foo=bar"
144
- client_uri = "http://app.co/?foo=bar&bing=bang"
145
- expect(URIChecker.matches?(uri, client_uri)).to be_truthy
146
- end
147
- end
148
- end
149
-
150
- describe ".valid_for_authorization?" do
151
- it "is true if valid and matches" do
152
- uri = client_uri = "http://app.co/aaa"
153
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
154
-
155
- uri = client_uri = "http://app.co/aaa?b=c"
156
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
157
- end
158
-
159
- it "is true if uri includes blank query" do
160
- uri = client_uri = "http://app.co/aaa?"
161
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
162
-
163
- uri = "http://app.co/aaa?"
164
- client_uri = "http://app.co/aaa"
165
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
166
-
167
- uri = "http://app.co/aaa"
168
- client_uri = "http://app.co/aaa?"
169
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
170
- end
171
-
172
- it "is false if valid and mismatches" do
173
- uri = "http://app.co/aaa"
174
- client_uri = "http://app.co/bbb"
175
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
176
- end
177
-
178
- it "is true if valid and included in array" do
179
- uri = "http://app.co/aaa"
180
- client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
181
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
182
- end
183
-
184
- it "is false if valid and not included in array" do
185
- uri = "http://app.co/aaa"
186
- client_uri = "http://example.com/bbb\nhttp://app.co/cc"
187
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
188
- end
189
-
190
- it "is false if queries does not match" do
191
- uri = "http://app.co/aaa?pankcakes=abc"
192
- client_uri = "http://app.co/aaa?waffles=abc"
193
- expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false
194
- end
195
-
196
- it "calls .matches?" do
197
- uri = "http://app.co/aaa?pankcakes=abc"
198
- client_uri = "http://app.co/aaa?waffles=abc"
199
- expect(URIChecker).to receive(:matches?).with(uri, client_uri).once
200
- URIChecker.valid_for_authorization?(uri, client_uri)
201
- end
202
-
203
- it "calls .valid?" do
204
- uri = "http://app.co/aaa?pankcakes=abc"
205
- client_uri = "http://app.co/aaa?waffles=abc"
206
- expect(URIChecker).to receive(:valid?).with(uri).once
207
- URIChecker.valid_for_authorization?(uri, client_uri)
208
- end
209
- end
210
-
211
- describe ".query_matches?" do
212
- it "is true if no queries" do
213
- expect(URIChecker.query_matches?("", "")).to be_truthy
214
- expect(URIChecker.query_matches?(nil, nil)).to be_truthy
215
- end
216
-
217
- it "is true if same query" do
218
- expect(URIChecker.query_matches?("foo", "foo")).to be_truthy
219
- end
220
-
221
- it "is false if different query" do
222
- expect(URIChecker.query_matches?("foo", "bar")).to be_falsey
223
- end
224
-
225
- it "is true if same queries" do
226
- expect(URIChecker.query_matches?("foo&bar", "foo&bar")).to be_truthy
227
- end
228
-
229
- it "is true if same queries, different order" do
230
- expect(URIChecker.query_matches?("foo&bar", "bar&foo")).to be_truthy
231
- end
232
-
233
- it "is false if one different query" do
234
- expect(URIChecker.query_matches?("foo&bang", "foo&bing")).to be_falsey
235
- end
236
-
237
- it "is true if same query with same value" do
238
- expect(URIChecker.query_matches?("foo=bar", "foo=bar")).to be_truthy
239
- end
240
-
241
- it "is true if same queries with same values" do
242
- expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=bang")).to be_truthy
243
- end
244
-
245
- it "is true if same queries with same values, different order" do
246
- expect(URIChecker.query_matches?("foo=bar&bing=bang", "bing=bang&foo=bar")).to be_truthy
247
- end
248
-
249
- it "is false if same query with different value" do
250
- expect(URIChecker.query_matches?("foo=bar", "foo=bang")).to be_falsey
251
- end
252
-
253
- it "is false if some queries missing" do
254
- expect(URIChecker.query_matches?("foo=bar", "foo=bar&bing=bang")).to be_falsey
255
- end
256
-
257
- it "is false if some queries different value" do
258
- expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=banana")).to be_falsey
259
- end
260
- end
261
- end
262
- end
@@ -1,73 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::InvalidRequestResponse do
6
- describe "#name" do
7
- it { expect(subject.name).to eq(:invalid_request) }
8
- end
9
-
10
- describe "#status" do
11
- it { expect(subject.status).to eq(:bad_request) }
12
- end
13
-
14
- describe ".from_request" do
15
- let(:response) { described_class.from_request(request) }
16
-
17
- context "missing param" do
18
- let(:request) { double(missing_param: "some_param") }
19
-
20
- it "sets a description" do
21
- expect(response.description).to eq(
22
- I18n.t(:missing_param, scope: %i[doorkeeper errors messages invalid_request], value: "some_param"),
23
- )
24
- end
25
-
26
- it "sets the reason" do
27
- expect(response.reason).to eq(:missing_param)
28
- end
29
- end
30
-
31
- context "server doesn't support_pkce" do
32
- let(:request) { double(invalid_request_reason: :not_support_pkce) }
33
-
34
- it "sets a description" do
35
- expect(response.description).to eq(
36
- I18n.t(:not_support_pkce, scope: %i[doorkeeper errors messages invalid_request]),
37
- )
38
- end
39
-
40
- it "sets the reason" do
41
- expect(response.reason).to eq(:not_support_pkce)
42
- end
43
- end
44
-
45
- context "request is not authorized" do
46
- let(:request) { double(invalid_request_reason: :request_not_authorized) }
47
-
48
- it "sets a description" do
49
- expect(response.description).to eq(
50
- I18n.t(:request_not_authorized, scope: %i[doorkeeper errors messages invalid_request]),
51
- )
52
- end
53
-
54
- it "sets the reason" do
55
- expect(response.reason).to eq(:request_not_authorized)
56
- end
57
- end
58
-
59
- context "unknown reason" do
60
- let(:request) { double(invalid_request_reason: :unknown_reason) }
61
-
62
- it "sets a description" do
63
- expect(response.description).to eq(
64
- I18n.t(:unknown, scope: %i[doorkeeper errors messages invalid_request]),
65
- )
66
- end
67
-
68
- it "unknown reason" do
69
- expect(response.reason).to eq(:unknown_reason)
70
- end
71
- end
72
- end
73
- end