doorkeeper 5.3.2 → 5.5.0.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (231) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +106 -2
  3. data/README.md +6 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +4 -4
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +32 -12
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/tokens_controller.rb +60 -20
  8. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  9. data/app/views/doorkeeper/applications/show.html.erb +19 -2
  10. data/config/locales/en.yml +3 -2
  11. data/lib/doorkeeper.rb +107 -79
  12. data/lib/doorkeeper/config.rb +140 -94
  13. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  14. data/lib/doorkeeper/config/option.rb +26 -14
  15. data/lib/doorkeeper/config/validations.rb +53 -0
  16. data/lib/doorkeeper/engine.rb +1 -1
  17. data/lib/doorkeeper/grant_flow.rb +43 -0
  18. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  19. data/lib/doorkeeper/grant_flow/flow.rb +34 -0
  20. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  21. data/lib/doorkeeper/grape/helpers.rb +1 -1
  22. data/lib/doorkeeper/helpers/controller.rb +6 -4
  23. data/lib/doorkeeper/models/access_grant_mixin.rb +20 -16
  24. data/lib/doorkeeper/models/access_token_mixin.rb +110 -47
  25. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  26. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  29. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  30. data/lib/doorkeeper/oauth/authorization/code.rb +15 -6
  31. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  32. data/lib/doorkeeper/oauth/authorization/token.rb +14 -16
  33. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  34. data/lib/doorkeeper/oauth/authorization_code_request.rb +17 -14
  35. data/lib/doorkeeper/oauth/base_request.rb +12 -20
  36. data/lib/doorkeeper/oauth/client.rb +1 -1
  37. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  38. data/lib/doorkeeper/oauth/client_credentials/creator.rb +27 -8
  39. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
  40. data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
  41. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  42. data/lib/doorkeeper/oauth/code_request.rb +3 -3
  43. data/lib/doorkeeper/oauth/code_response.rb +28 -14
  44. data/lib/doorkeeper/oauth/error_response.rb +6 -7
  45. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
  46. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  47. data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
  48. data/lib/doorkeeper/oauth/password_access_token_request.rb +24 -7
  49. data/lib/doorkeeper/oauth/pre_authorization.rb +41 -31
  50. data/lib/doorkeeper/oauth/refresh_token_request.rb +31 -22
  51. data/lib/doorkeeper/oauth/token.rb +5 -6
  52. data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
  53. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  54. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  55. data/lib/doorkeeper/orm/active_record.rb +10 -2
  56. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
  57. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
  58. data/lib/doorkeeper/orm/active_record/mixins/application.rb +20 -16
  59. data/lib/doorkeeper/rails/routes.rb +14 -18
  60. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  61. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  62. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  63. data/lib/doorkeeper/request.rb +49 -12
  64. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  65. data/lib/doorkeeper/request/strategy.rb +2 -2
  66. data/lib/doorkeeper/server.rb +4 -4
  67. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  68. data/lib/doorkeeper/version.rb +3 -3
  69. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  70. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  71. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +2 -0
  72. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  73. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  74. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  75. data/lib/generators/doorkeeper/templates/initializer.rb +48 -10
  76. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  77. metadata +21 -299
  78. data/Appraisals +0 -40
  79. data/CODE_OF_CONDUCT.md +0 -46
  80. data/CONTRIBUTING.md +0 -49
  81. data/Dangerfile +0 -67
  82. data/Dockerfile +0 -29
  83. data/Gemfile +0 -25
  84. data/NEWS.md +0 -1
  85. data/RELEASING.md +0 -11
  86. data/Rakefile +0 -28
  87. data/SECURITY.md +0 -15
  88. data/UPGRADE.md +0 -2
  89. data/bin/console +0 -16
  90. data/doorkeeper.gemspec +0 -42
  91. data/gemfiles/rails_5_0.gemfile +0 -18
  92. data/gemfiles/rails_5_1.gemfile +0 -18
  93. data/gemfiles/rails_5_2.gemfile +0 -18
  94. data/gemfiles/rails_6_0.gemfile +0 -18
  95. data/gemfiles/rails_master.gemfile +0 -18
  96. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  97. data/spec/controllers/applications_controller_spec.rb +0 -274
  98. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  99. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  100. data/spec/controllers/token_info_controller_spec.rb +0 -50
  101. data/spec/controllers/tokens_controller_spec.rb +0 -498
  102. data/spec/dummy/Rakefile +0 -9
  103. data/spec/dummy/app/assets/config/manifest.js +0 -2
  104. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  105. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  106. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  107. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  108. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  109. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  110. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  111. data/spec/dummy/app/models/user.rb +0 -7
  112. data/spec/dummy/app/views/home/index.html.erb +0 -0
  113. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  114. data/spec/dummy/config.ru +0 -6
  115. data/spec/dummy/config/application.rb +0 -49
  116. data/spec/dummy/config/boot.rb +0 -7
  117. data/spec/dummy/config/database.yml +0 -15
  118. data/spec/dummy/config/environment.rb +0 -5
  119. data/spec/dummy/config/environments/development.rb +0 -31
  120. data/spec/dummy/config/environments/production.rb +0 -64
  121. data/spec/dummy/config/environments/test.rb +0 -45
  122. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  123. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  124. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  125. data/spec/dummy/config/initializers/session_store.rb +0 -10
  126. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  127. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  128. data/spec/dummy/config/routes.rb +0 -13
  129. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  130. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  131. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  132. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  133. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  134. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  135. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  136. data/spec/dummy/db/schema.rb +0 -68
  137. data/spec/dummy/public/404.html +0 -26
  138. data/spec/dummy/public/422.html +0 -26
  139. data/spec/dummy/public/500.html +0 -26
  140. data/spec/dummy/public/favicon.ico +0 -0
  141. data/spec/dummy/script/rails +0 -9
  142. data/spec/factories.rb +0 -30
  143. data/spec/generators/application_owner_generator_spec.rb +0 -28
  144. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  145. data/spec/generators/install_generator_spec.rb +0 -36
  146. data/spec/generators/migration_generator_spec.rb +0 -28
  147. data/spec/generators/pkce_generator_spec.rb +0 -28
  148. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  149. data/spec/generators/templates/routes.rb +0 -4
  150. data/spec/generators/views_generator_spec.rb +0 -29
  151. data/spec/grape/grape_integration_spec.rb +0 -137
  152. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  153. data/spec/lib/config_spec.rb +0 -809
  154. data/spec/lib/doorkeeper_spec.rb +0 -27
  155. data/spec/lib/models/expirable_spec.rb +0 -61
  156. data/spec/lib/models/reusable_spec.rb +0 -40
  157. data/spec/lib/models/revocable_spec.rb +0 -59
  158. data/spec/lib/models/scopes_spec.rb +0 -53
  159. data/spec/lib/models/secret_storable_spec.rb +0 -135
  160. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  161. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
  162. data/spec/lib/oauth/base_request_spec.rb +0 -224
  163. data/spec/lib/oauth/base_response_spec.rb +0 -45
  164. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  165. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
  166. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  167. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  168. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  169. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
  170. data/spec/lib/oauth/client_spec.rb +0 -38
  171. data/spec/lib/oauth/code_request_spec.rb +0 -46
  172. data/spec/lib/oauth/code_response_spec.rb +0 -32
  173. data/spec/lib/oauth/error_response_spec.rb +0 -64
  174. data/spec/lib/oauth/error_spec.rb +0 -21
  175. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  176. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  177. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  178. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  179. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  180. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  181. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
  182. data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
  183. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  184. data/spec/lib/oauth/scopes_spec.rb +0 -146
  185. data/spec/lib/oauth/token_request_spec.rb +0 -157
  186. data/spec/lib/oauth/token_response_spec.rb +0 -84
  187. data/spec/lib/oauth/token_spec.rb +0 -156
  188. data/spec/lib/request/strategy_spec.rb +0 -54
  189. data/spec/lib/secret_storing/base_spec.rb +0 -60
  190. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  191. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  192. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  193. data/spec/lib/server_spec.rb +0 -49
  194. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  195. data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
  196. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  197. data/spec/models/doorkeeper/application_spec.rb +0 -482
  198. data/spec/requests/applications/applications_request_spec.rb +0 -259
  199. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  200. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  201. data/spec/requests/endpoints/token_spec.rb +0 -75
  202. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  203. data/spec/requests/flows/authorization_code_spec.rb +0 -525
  204. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  205. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  206. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  207. data/spec/requests/flows/password_spec.rb +0 -316
  208. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  209. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  210. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  211. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  212. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  213. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  214. data/spec/routing/default_routes_spec.rb +0 -41
  215. data/spec/routing/scoped_routes_spec.rb +0 -47
  216. data/spec/spec_helper.rb +0 -54
  217. data/spec/spec_helper_integration.rb +0 -4
  218. data/spec/support/dependencies/factory_bot.rb +0 -4
  219. data/spec/support/doorkeeper_rspec.rb +0 -22
  220. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  221. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  222. data/spec/support/helpers/config_helper.rb +0 -11
  223. data/spec/support/helpers/model_helper.rb +0 -78
  224. data/spec/support/helpers/request_spec_helper.rb +0 -110
  225. data/spec/support/helpers/url_helper.rb +0 -62
  226. data/spec/support/orm/active_record.rb +0 -5
  227. data/spec/support/shared/controllers_shared_context.rb +0 -133
  228. data/spec/support/shared/hashing_shared_context.rb +0 -36
  229. data/spec/support/shared/models_shared_examples.rb +0 -54
  230. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  231. data/spec/version/version_spec.rb +0 -17
@@ -1,11 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ConfigHelper
4
- def config_is_set(setting, value = nil, &block)
5
- setting_ivar = "@#{setting}"
6
- value = block_given? ? block : value
7
- Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
8
- end
9
- end
10
-
11
- RSpec.configuration.send :include, ConfigHelper
@@ -1,78 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ModelHelper
4
- def client_exists(client_attributes = {})
5
- @client = FactoryBot.create(:application, client_attributes)
6
- end
7
-
8
- def create_resource_owner
9
- @resource_owner = User.create!(name: "Joe", password: "sekret")
10
- end
11
-
12
- def authorization_code_exists(options = {})
13
- @authorization = FactoryBot.create(:access_grant, options)
14
- end
15
-
16
- def access_token_exists(options = {})
17
- @access_token = FactoryBot.create(:access_token, options)
18
- end
19
-
20
- def access_grant_should_exist_for(client, resource_owner)
21
- grant = Doorkeeper::AccessGrant.first
22
-
23
- expect(grant.application).to have_attributes(id: client.id)
24
- .and(be_instance_of(Doorkeeper::Application))
25
-
26
- expect(grant.resource_owner_id).to eq(resource_owner.id)
27
- end
28
-
29
- def access_token_should_exist_for(client, resource_owner)
30
- token = Doorkeeper::AccessToken.first
31
-
32
- expect(token.application).to have_attributes(id: client.id)
33
- .and(be_instance_of(Doorkeeper::Application))
34
-
35
- expect(token.resource_owner_id).to eq(resource_owner.id)
36
- end
37
-
38
- def access_grant_should_not_exist
39
- expect(Doorkeeper::AccessGrant.all).to be_empty
40
- end
41
-
42
- def access_token_should_not_exist
43
- expect(Doorkeeper::AccessToken.all).to be_empty
44
- end
45
-
46
- def access_grant_should_have_scopes(*args)
47
- grant = Doorkeeper::AccessGrant.first
48
- expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
49
- end
50
-
51
- def access_token_should_have_scopes(*args)
52
- grant = Doorkeeper::AccessToken.last
53
- expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
54
- end
55
-
56
- def uniqueness_error
57
- case DOORKEEPER_ORM
58
- when :active_record
59
- ActiveRecord::RecordNotUnique
60
- when :sequel
61
- error_classes = [Sequel::UniqueConstraintViolation, Sequel::ValidationFailed]
62
- proc { |error| expect(error.class).to be_in(error_classes) }
63
- when :mongo_mapper
64
- error_classes = [MongoMapper::DocumentNotValid, Mongo::OperationFailure]
65
- proc { |error| expect(error.class).to be_in(error_classes) }
66
- when /mongoid/
67
- error_classes = [Mongoid::Errors::Validations]
68
- error_classes << Moped::Errors::OperationFailure if defined?(::Moped) # Mongoid 4
69
- error_classes << Mongo::Error::OperationFailure if defined?(::Mongo) # Mongoid 5
70
-
71
- proc { |error| expect(error.class).to be_in(error_classes) }
72
- else
73
- raise "'#{DOORKEEPER_ORM}' ORM is not supported!"
74
- end
75
- end
76
- end
77
-
78
- RSpec.configuration.send :include, ModelHelper
@@ -1,110 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module RequestSpecHelper
4
- def i_am_logged_in
5
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) {})
6
- end
7
-
8
- def i_should_see(content)
9
- expect(page).to have_content(content)
10
- end
11
-
12
- def i_should_not_see(content)
13
- expect(page).to have_no_content(content)
14
- end
15
-
16
- def i_should_be_on(path)
17
- expect(current_path).to eq(path)
18
- end
19
-
20
- def url_should_have_param(param, value)
21
- expect(current_params[param]).to eq(value)
22
- end
23
-
24
- def url_should_not_have_param(param)
25
- expect(current_params).not_to have_key(param)
26
- end
27
-
28
- def current_params
29
- Rack::Utils.parse_query(current_uri.query)
30
- end
31
-
32
- def current_uri
33
- URI.parse(page.current_url)
34
- end
35
-
36
- def request_response
37
- respond_to?(:response) ? response : page.driver.response
38
- end
39
-
40
- def json_response
41
- JSON.parse(request_response.body)
42
- end
43
-
44
- def should_have_header(header, value)
45
- expect(headers[header]).to eq(value)
46
- end
47
-
48
- def should_have_status(status)
49
- expect(page.driver.response.status).to eq(status)
50
- end
51
-
52
- def with_access_token_header(token)
53
- with_header "Authorization", "Bearer #{token}"
54
- end
55
-
56
- def with_header(header, value)
57
- page.driver.header(header, value)
58
- end
59
-
60
- def basic_auth_header_for_client(client)
61
- ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
62
- end
63
-
64
- def should_have_json(key, value)
65
- expect(json_response.fetch(key)).to eq(value)
66
- end
67
-
68
- def should_have_json_within(key, value, range)
69
- expect(json_response.fetch(key)).to be_within(range).of(value)
70
- end
71
-
72
- def should_not_have_json(key)
73
- expect(json_response).not_to have_key(key)
74
- end
75
-
76
- def sign_in
77
- visit "/"
78
- click_on "Sign in"
79
- end
80
-
81
- def create_access_token(authorization_code, client, code_verifier = nil)
82
- page.driver.post token_endpoint_url(code: authorization_code, client: client, code_verifier: code_verifier)
83
- end
84
-
85
- def i_should_see_translated_error_message(key)
86
- i_should_see translated_error_message(key)
87
- end
88
-
89
- def i_should_not_see_translated_error_message(key)
90
- i_should_not_see translated_error_message(key)
91
- end
92
-
93
- def translated_error_message(key)
94
- I18n.translate(key, scope: %i[doorkeeper errors messages])
95
- end
96
-
97
- def i_should_see_translated_invalid_request_error_message(key, value)
98
- i_should_see translated_invalid_request_error_message(key, value)
99
- end
100
-
101
- def translated_invalid_request_error_message(key, value)
102
- I18n.translate key, scope: %i[doorkeeper errors messages invalid_request], value: value
103
- end
104
-
105
- def response_status_should_be(status)
106
- expect(request_response.status.to_i).to eq(status)
107
- end
108
- end
109
-
110
- RSpec.configuration.send :include, RequestSpecHelper
@@ -1,62 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module UrlHelper
4
- def token_endpoint_url(options = {})
5
- parameters = {
6
- code: options[:code],
7
- client_id: options[:client_id] || options[:client].try(:uid),
8
- client_secret: options[:client_secret] || options[:client].try(:secret),
9
- redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
10
- grant_type: options[:grant_type] || "authorization_code",
11
- code_verifier: options[:code_verifier],
12
- code_challenge_method: options[:code_challenge_method],
13
- }.reject { |_, v| v.blank? }
14
- "/oauth/token?#{build_query(parameters)}"
15
- end
16
-
17
- def password_token_endpoint_url(options = {})
18
- parameters = {
19
- code: options[:code],
20
- client_id: options[:client_id] || options[:client].try(:uid),
21
- client_secret: options[:client_secret] || options[:client].try(:secret),
22
- username: options[:resource_owner_username] || options[:resource_owner].try(:name),
23
- password: options[:resource_owner_password] || options[:resource_owner].try(:password),
24
- scope: options[:scope],
25
- grant_type: "password",
26
- }
27
- "/oauth/token?#{build_query(parameters)}"
28
- end
29
-
30
- def authorization_endpoint_url(options = {})
31
- parameters = {
32
- client_id: options[:client_id] || options[:client].try(:uid),
33
- redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
34
- response_type: options[:response_type] || "code",
35
- scope: options[:scope],
36
- state: options[:state],
37
- code_challenge: options[:code_challenge],
38
- code_challenge_method: options[:code_challenge_method],
39
- }.reject { |_, v| v.blank? }
40
- "/oauth/authorize?#{build_query(parameters)}"
41
- end
42
-
43
- def refresh_token_endpoint_url(options = {})
44
- parameters = {
45
- refresh_token: options[:refresh_token],
46
- client_id: options[:client_id] || options[:client].try(:uid),
47
- client_secret: options[:client_secret] || options[:client].try(:secret),
48
- grant_type: options[:grant_type] || "refresh_token",
49
- }
50
- "/oauth/token?#{build_query(parameters)}"
51
- end
52
-
53
- def revocation_token_endpoint_url
54
- "/oauth/revoke"
55
- end
56
-
57
- def build_query(hash)
58
- Rack::Utils.build_query(hash)
59
- end
60
- end
61
-
62
- RSpec.configuration.send :include, UrlHelper
@@ -1,5 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # load schema to in memory sqlite
4
- ActiveRecord::Migration.verbose = false
5
- load Rails.root + "db/schema.rb"
@@ -1,133 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- shared_context "valid token", token: :valid do
4
- let(:token_string) { "1A2B3C4D" }
5
-
6
- let :token do
7
- double(
8
- Doorkeeper::AccessToken,
9
- accessible?: true, includes_scope?: true, acceptable?: true,
10
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
11
- )
12
- end
13
-
14
- before :each do
15
- allow(
16
- Doorkeeper::AccessToken,
17
- ).to receive(:by_token).with(token_string).and_return(token)
18
- end
19
- end
20
-
21
- shared_context "invalid token", token: :invalid do
22
- let(:token_string) { "1A2B3C4D" }
23
-
24
- let :token do
25
- double(
26
- Doorkeeper::AccessToken,
27
- accessible?: false, revoked?: false, expired?: false,
28
- includes_scope?: false, acceptable?: false,
29
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
30
- )
31
- end
32
-
33
- before :each do
34
- allow(
35
- Doorkeeper::AccessToken,
36
- ).to receive(:by_token).with(token_string).and_return(token)
37
- end
38
- end
39
-
40
- shared_context "authenticated resource owner" do
41
- before do
42
- user = double(:resource, id: 1)
43
- allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
44
- end
45
- end
46
-
47
- shared_context "not authenticated resource owner" do
48
- before do
49
- allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to "/" } }
50
- end
51
- end
52
-
53
- shared_context "valid authorization request" do
54
- let :authorization do
55
- double(:authorization, valid?: true, authorize: true, success_redirect_uri: "http://something.com/cb?code=token")
56
- end
57
-
58
- before do
59
- allow(controller).to receive(:authorization) { authorization }
60
- end
61
- end
62
-
63
- shared_context "invalid authorization request" do
64
- let :authorization do
65
- double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
66
- end
67
-
68
- before do
69
- allow(controller).to receive(:authorization) { authorization }
70
- end
71
- end
72
-
73
- shared_context "expired token", token: :expired do
74
- let :token_string do
75
- "1A2B3C4DEXP"
76
- end
77
-
78
- let :token do
79
- double(
80
- Doorkeeper::AccessToken,
81
- accessible?: false, revoked?: false, expired?: true,
82
- includes_scope?: false, acceptable?: false,
83
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
84
- )
85
- end
86
-
87
- before :each do
88
- allow(
89
- Doorkeeper::AccessToken,
90
- ).to receive(:by_token).with(token_string).and_return(token)
91
- end
92
- end
93
-
94
- shared_context "revoked token", token: :revoked do
95
- let :token_string do
96
- "1A2B3C4DREV"
97
- end
98
-
99
- let :token do
100
- double(
101
- Doorkeeper::AccessToken,
102
- accessible?: false, revoked?: true, expired?: false,
103
- includes_scope?: false, acceptable?: false,
104
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
105
- )
106
- end
107
-
108
- before :each do
109
- allow(
110
- Doorkeeper::AccessToken,
111
- ).to receive(:by_token).with(token_string).and_return(token)
112
- end
113
- end
114
-
115
- shared_context "forbidden token", token: :forbidden do
116
- let :token_string do
117
- "1A2B3C4DFORB"
118
- end
119
-
120
- let :token do
121
- double(
122
- Doorkeeper::AccessToken,
123
- accessible?: true, includes_scope?: true, acceptable?: false,
124
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
125
- )
126
- end
127
-
128
- before :each do
129
- allow(
130
- Doorkeeper::AccessToken,
131
- ).to receive(:by_token).with(token_string).and_return(token)
132
- end
133
- end
@@ -1,36 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- shared_context "with token hashing enabled" do
4
- let(:hashed_or_plain_token_func) do
5
- Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
6
- end
7
-
8
- before do
9
- Doorkeeper.configure do
10
- hash_token_secrets
11
- end
12
- end
13
- end
14
-
15
- shared_context "with token hashing and fallback lookup enabled" do
16
- let(:hashed_or_plain_token_func) do
17
- Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
18
- end
19
-
20
- before do
21
- Doorkeeper.configure do
22
- hash_token_secrets fallback: :plain
23
- end
24
- end
25
- end
26
-
27
- shared_context "with application hashing enabled" do
28
- let(:hashed_or_plain_token_func) do
29
- Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
30
- end
31
- before do
32
- Doorkeeper.configure do
33
- hash_application_secrets
34
- end
35
- end
36
- end
@@ -1,54 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- shared_examples "an accessible token" do
4
- describe :accessible? do
5
- it "is accessible if token is not expired" do
6
- allow(subject).to receive(:expired?).and_return(false)
7
- should be_accessible
8
- end
9
-
10
- it "is not accessible if token is expired" do
11
- allow(subject).to receive(:expired?).and_return(true)
12
- should_not be_accessible
13
- end
14
- end
15
- end
16
-
17
- shared_examples "a revocable token" do
18
- describe :accessible? do
19
- before { subject.save! }
20
-
21
- it "is accessible if token is not revoked" do
22
- expect(subject).to be_accessible
23
- end
24
-
25
- it "is not accessible if token is revoked" do
26
- subject.revoke
27
- expect(subject).not_to be_accessible
28
- end
29
- end
30
- end
31
-
32
- shared_examples "a unique token" do
33
- describe :token do
34
- it "is generated before validation" do
35
- expect { subject.valid? }.to change { subject.token }.from(nil)
36
- end
37
-
38
- it "is not valid if token exists" do
39
- token1 = FactoryBot.create factory_name
40
- token2 = FactoryBot.create factory_name
41
- token2.token = token1.token
42
- expect(token2).not_to be_valid
43
- end
44
-
45
- it "expects database to throw an error when tokens are the same" do
46
- token1 = FactoryBot.create factory_name
47
- token2 = FactoryBot.create factory_name
48
- token2.token = token1.token
49
- expect do
50
- token2.save!(validate: false)
51
- end.to raise_error(uniqueness_error)
52
- end
53
- end
54
- end