doorkeeper 5.3.3 → 5.4.0.rc1

data/spec/controllers/tokens_controller_spec.rb

@@ -106,12 +106,13 @@ describe Doorkeeper::TokensController do
 
       it "should call :before_successful_authorization callback" do
         expect(Doorkeeper.configuration)
-          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class), nil)
       end
 
       it "should call :after_successful_authorization callback" do
         expect(Doorkeeper.configuration)
-          .to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
+          .to receive_message_chain(:after_successful_authorization, :call)
+          .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
       end
     end
 
@@ -126,7 +127,7 @@ describe Doorkeeper::TokensController do
 
       it "should call :before_successful_authorization callback" do
         expect(Doorkeeper.configuration)
-          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class), nil)
       end
 
       it "should not call :after_successful_authorization callback" do
@@ -174,13 +175,13 @@ describe Doorkeeper::TokensController do
       let(:client) { FactoryBot.create(:application, confidential: false) }
 
       it "returns 200" do
-        post :revoke, params: { token: access_token.token }
+        post :revoke, params: { client_id: client.uid, token: access_token.token }
 
         expect(response.status).to eq 200
       end
 
       it "revokes the access token" do
-        post :revoke, params: { token: access_token.token }
+        post :revoke, params: { client_id: client.uid, token: access_token.token }
 
         expect(access_token.reload).to have_attributes(revoked?: true)
       end

data/spec/dummy/app/helpers/application_helper.rb

@@ -2,6 +2,6 @@
 
 module ApplicationHelper
   def current_user
-    @current_user ||= User.find_by_id(session[:user_id])
+    @current_user ||= User.find_by(id: session[:user_id])
   end
 end

data/spec/dummy/app/models/user.rb

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 
-class User < ActiveRecord::Base
+class ApplicationRecord < ::ActiveRecord::Base
+  self.abstract_class = true
+end
+
+class User < ApplicationRecord
   def self.authenticate!(name, password)
     User.where(name: name, password: password).first
   end

data/spec/dummy/config/application.rb

@@ -1,4 +1,4 @@
-require File.expand_path('boot', __dir__)
+require File.expand_path("boot", __dir__)
 
 require "rails"
 
@@ -17,7 +17,7 @@ end
 
 Bundler.require(*Rails.groups)
 
-require 'yaml'
+require "yaml"
 
 orm = if DOORKEEPER_ORM =~ /mongoid/
         Mongoid.load!(File.join(File.dirname(File.expand_path(__FILE__)), "#{DOORKEEPER_ORM}.yml"))
@@ -29,13 +29,15 @@ require "#{orm}/railtie"
 
 module Dummy
   class Application < Rails::Application
-    if Rails.gem_version < Gem::Version.new('5.1')
+    if Rails.gem_version < Gem::Version.new("5.1")
       config.action_controller.per_form_csrf_tokens = true
       config.action_controller.forgery_protection_origin_check = true
 
       ActiveSupport.to_time_preserves_timezone = true
 
-      config.active_record.belongs_to_required_by_default = true
+      if DOORKEEPER_ORM =~ /active_record/
+        config.active_record.belongs_to_required_by_default = true
+      end
 
       config.ssl_options = { hsts: { subdomains: true } }
     else

data/spec/dummy/config/boot.rb

@@ -1,7 +1,7 @@
-require 'rubygems'
-require 'bundler/setup'
+require "rubygems"
+require "bundler/setup"
 
-orm = ENV['BUNDLE_GEMFILE'].match(/Gemfile\.(.+)\.rb/)
+orm = ENV["BUNDLE_GEMFILE"].match(/Gemfile\.(.+)\.rb/)
 DOORKEEPER_ORM = (orm && orm[1]) || :active_record unless defined?(DOORKEEPER_ORM)
 
-$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)
+$LOAD_PATH.unshift File.expand_path("../../../lib", __dir__)

data/spec/dummy/config/environment.rb

@@ -1,5 +1,5 @@
 # Load the rails application
-require File.expand_path('application', __dir__)
+require File.expand_path("application", __dir__)
 
 # Initialize the rails application
 Rails.application.initialize!

data/spec/dummy/config/routes.rb

@@ -4,10 +4,10 @@ Rails.application.routes.draw do
   resources :semi_protected_resources
   resources :full_protected_resources
 
-  get 'metal.json' => 'metal#index'
+  get "metal.json" => "metal#index"
 
-  get '/callback', to: 'home#callback'
-  get '/sign_in',  to: 'home#sign_in'
+  get "/callback", to: "home#callback"
+  get "/sign_in",  to: "home#sign_in"
 
-  root to: 'home#index'
+  root to: "home#index"
 end

data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb

@@ -18,7 +18,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
     add_index :oauth_applications, :uid, unique: true
 
     create_table :oauth_access_grants do |t|
-      t.references :resource_owner,  null: false
+      t.references :resource_owner,  null: false, polymorphic: true
       t.references :application,     null: false
       t.string   :token,             null: false
       t.integer  :expires_in,        null: false
@@ -36,7 +36,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
     )
 
     create_table :oauth_access_tokens do |t|
-      t.references :resource_owner, index: true
+      t.references :resource_owner, index: true, polymorphic: true
       t.references :application,    null: false
 
       # If you use a custom token generator you may need to change this column

data/spec/dummy/db/schema.rb

@@ -14,6 +14,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
 
   create_table "oauth_access_grants", force: :cascade do |t|
     t.integer "resource_owner_id", null: false
+    t.string "resource_owner_type" # [NOTE] null: false skipped to allow test pass
     t.integer "application_id", null: false
     t.string "token", null: false
     t.integer "expires_in", null: false
@@ -21,7 +22,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.datetime "created_at", null: false
     t.datetime "revoked_at"
     t.string "scopes"
-    unless ENV['WITHOUT_PKCE']
+    unless ENV["WITHOUT_PKCE"]
       t.string   "code_challenge"
       t.string   "code_challenge_method"
     end
@@ -30,6 +31,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
 
   create_table "oauth_access_tokens", force: :cascade do |t|
     t.integer "resource_owner_id"
+    t.string "resource_owner_type"
     t.integer "application_id"
     t.string "token", null: false
     t.string "refresh_token"

data/spec/factories.rb

@@ -26,5 +26,5 @@ FactoryBot.define do
 
   # do not name this factory :user, otherwise it will conflict with factories
   # from applications that use doorkeeper factories in their own tests
-  factory :doorkeeper_testing_user, class: :user
+  factory :doorkeeper_testing_user, class: :user, aliases: [:resource_owner]
 end

data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+require "generators/doorkeeper/enable_polymorphic_resource_owner_generator"
+
+describe "Doorkeeper::EnablePolymorphicResourceOwnerGenerator" do
+  include GeneratorSpec::TestCase
+
+  tests Doorkeeper::EnablePolymorphicResourceOwnerGenerator
+  destination ::File.expand_path("../tmp/dummy", __FILE__)
+
+  describe "after running the generator" do
+    before :each do
+      prepare_destination
+      FileUtils.mkdir_p(::File.expand_path("config/initializers", Pathname(destination_root)))
+      FileUtils.copy_file(
+        ::File.expand_path("../../lib/generators/doorkeeper/templates/initializer.rb", __dir__),
+        ::File.expand_path("config/initializers/doorkeeper.rb", Pathname.new(destination_root)),
+      )
+    end
+
+    it "creates a migration with a version specifier and changes the initializer" do
+      stub_const("ActiveRecord::VERSION::MAJOR", 5)
+      stub_const("ActiveRecord::VERSION::MINOR", 0)
+
+      run_generator
+
+      assert_migration "db/migrate/enable_polymorphic_resource_owner.rb" do |migration|
+        assert migration.include?("ActiveRecord::Migration[5.0]\n")
+      end
+
+      # generator_spec gem requires such block definition :(
+      #
+      # rubocop:disable Style/BlockDelimiters
+      expect(destination_root).to(have_structure {
+        directory "config" do
+          directory "initializers" do
+            file "doorkeeper.rb" do
+              contains "  use_polymorphic_resource_owner"
+            end
+          end
+        end
+      })
+      # rubocop:enable Style/BlockDelimiters
+    end
+  end
+end

data/spec/lib/config_spec.rb

@@ -3,7 +3,7 @@
 require "spec_helper"
 
 describe Doorkeeper, "configuration" do
-  subject { Doorkeeper.configuration }
+  subject { Doorkeeper.config }
 
   describe "resource_owner_authenticator" do
     it "sets the block that is accessible via authenticate_resource_owner" do
@@ -328,7 +328,7 @@ describe Doorkeeper, "configuration" do
 
   describe "enable_application_owner" do
     it "is disabled by default" do
-      expect(Doorkeeper.configuration.enable_application_owner?).not_to eq(true)
+      expect(Doorkeeper.config.enable_application_owner?).not_to eq(true)
     end
 
     context "when enabled without confirmation" do
@@ -344,7 +344,7 @@ describe Doorkeeper, "configuration" do
       end
 
       it "Doorkeeper.configuration.confirm_application_owner? returns false" do
-        expect(Doorkeeper.configuration.confirm_application_owner?).not_to eq(true)
+        expect(Doorkeeper.config.confirm_application_owner?).not_to eq(true)
       end
     end
 
@@ -361,14 +361,14 @@ describe Doorkeeper, "configuration" do
       end
 
       it "Doorkeeper.configuration.confirm_application_owner? returns true" do
-        expect(Doorkeeper.configuration.confirm_application_owner?).to eq(true)
+        expect(Doorkeeper.config.confirm_application_owner?).to eq(true)
       end
     end
   end
 
   describe "realm" do
     it "is 'Doorkeeper' by default" do
-      expect(Doorkeeper.configuration.realm).to eq("Doorkeeper")
+      expect(Doorkeeper.config.realm).to eq("Doorkeeper")
     end
 
     it "can change the value" do
@@ -383,7 +383,7 @@ describe Doorkeeper, "configuration" do
 
   describe "grant_flows" do
     it "is set to all grant flows by default" do
-      expect(Doorkeeper.configuration.grant_flows)
+      expect(Doorkeeper.config.grant_flows)
         .to eq(%w[authorization_code client_credentials])
     end
 
@@ -454,13 +454,13 @@ describe Doorkeeper, "configuration" do
   end
 
   it "raises an exception when configuration is not set" do
-    old_config = Doorkeeper.configuration
+    old_config = Doorkeeper.config
     Doorkeeper.module_eval do
       @config = nil
     end
 
     expect do
-      Doorkeeper.configuration
+      Doorkeeper.config
     end.to raise_error Doorkeeper::MissingConfiguration
 
     Doorkeeper.module_eval do
@@ -527,13 +527,13 @@ describe Doorkeeper, "configuration" do
         end
       end
 
-      it { expect(Doorkeeper.configuration.base_controller).to eq("ApplicationController") }
+      it { expect(Doorkeeper.config.base_controller).to eq("ApplicationController") }
     end
   end
 
   describe "base_metal_controller" do
     context "default" do
-      it { expect(Doorkeeper.configuration.base_metal_controller).to eq("ActionController::API") }
+      it { expect(Doorkeeper.config.base_metal_controller).to eq("ActionController::API") }
     end
 
     context "custom" do
@@ -565,6 +565,10 @@ describe Doorkeeper, "configuration" do
           expect(model).to receive(:establish_connection)
         end
 
+        expect(Kernel).to receive(:warn).with(
+          /\[DOORKEEPER\] active_record_options has been deprecated and will soon be removed/,
+        )
+
         Doorkeeper.configure do
           orm DOORKEEPER_ORM
           active_record_options(
@@ -673,7 +677,7 @@ describe Doorkeeper, "configuration" do
 
   describe "handle_auth_errors" do
     it "is set to render by default" do
-      expect(Doorkeeper.configuration.handle_auth_errors).to eq(:render)
+      expect(Doorkeeper.config.handle_auth_errors).to eq(:render)
     end
     it "can change the value" do
       Doorkeeper.configure do

data/spec/lib/models/revocable_spec.rb

@@ -13,7 +13,7 @@ describe "Revocable" do
     it "updates :revoked_at attribute with current time" do
       utc = double utc: double
       clock = double now: utc
-      expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now.utc)
+      expect(subject).to receive(:update_column).with(:revoked_at, clock.now.utc)
       subject.revoke(clock)
     end
   end
@@ -36,8 +36,7 @@ describe "Revocable" do
   end
 
   describe :revoke_previous_refresh_token! do
-    it "revokes the previous token if existing, and resets the
-      `previous_refresh_token` attribute" do
+    it "revokes the previous token if exists and resets the `previous_refresh_token` attribute" do
       previous_token = FactoryBot.create(
         :access_token,
         refresh_token: "refresh_token",

data/spec/lib/models/scopes_spec.rb

@@ -33,6 +33,14 @@ describe "Doorkeeper::Models::Scopes" do
       subject.scopes = %w[private admin]
       expect(subject.scopes_string).to eq("private admin")
     end
+
+    it "ignores duplicated scopes" do
+      subject.scopes = %w[private admin admin]
+      expect(subject.scopes_string).to eq("private admin")
+
+      subject.scopes = "private admin admin"
+      expect(subject.scopes_string).to eq("private admin")
+    end
   end
 
   describe :scopes_string do

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -12,7 +12,12 @@ describe Doorkeeper::OAuth::AuthorizationCodeRequest do
            }
   end
 
-  let(:grant)  { FactoryBot.create :access_grant }
+  let(:resource_owner) { FactoryBot.create :resource_owner }
+  let(:grant) do
+    FactoryBot.create :access_grant,
+                      resource_owner_id: resource_owner.id,
+                      resource_owner_type: resource_owner.class.name
+  end
   let(:client) { grant.application }
   let(:redirect_uri) { client.redirect_uri }
   let(:params) { { redirect_uri: redirect_uri } }
@@ -49,43 +54,42 @@ describe Doorkeeper::OAuth::AuthorizationCodeRequest do
   end
 
   it "requires the grant" do
-    subject.grant = nil
+    subject = described_class.new(server, nil, client, params)
     subject.validate
     expect(subject.error).to eq(:invalid_grant)
   end
 
   it "requires the client" do
-    subject.client = nil
+    subject = described_class.new(server, grant, nil, params)
     subject.validate
     expect(subject.error).to eq(:invalid_client)
   end
 
   it "requires the redirect_uri" do
-    subject.redirect_uri = nil
+    subject = described_class.new(server, grant, nil, params.except(:redirect_uri))
     subject.validate
     expect(subject.error).to eq(:invalid_request)
     expect(subject.missing_param).to eq(:redirect_uri)
   end
 
   it "invalid code_verifier param because server does not support pkce" do
-    # Some other ORMs work relies on #respond_to? so it's not a good idea to stub it :\
-    allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(anything).and_call_original
-    allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(:code_challenge).and_return(false)
-
-    subject.code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
+    allow(Doorkeeper::AccessGrant).to receive(:pkce_supported?).and_return(false)
+    code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
+    subject = described_class.new(server, grant, client, params.merge(code_verifier: code_verifier))
     subject.validate
     expect(subject.error).to eq(:invalid_request)
     expect(subject.invalid_request_reason).to eq(:not_support_pkce)
   end
 
   it "matches the redirect_uri with grant's one" do
-    subject.redirect_uri = "http://other.com"
+    subject = described_class.new(server, grant, client, params.merge(redirect_uri: "http://other.com"))
     subject.validate
     expect(subject.error).to eq(:invalid_grant)
   end
 
   it "matches the client with grant's one" do
-    subject.client = FactoryBot.create :application
+    other_client = FactoryBot.create :application
+    subject = described_class.new(server, grant, other_client, params)
     subject.validate
     expect(subject.error).to eq(:invalid_grant)
   end
@@ -100,8 +104,11 @@ describe Doorkeeper::OAuth::AuthorizationCodeRequest do
     end
 
     FactoryBot.create(
-      :access_token, application_id: client.id,
-                     resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
+      :access_token,
+      application_id: client.id,
+      resource_owner_id: grant.resource_owner_id,
+      resource_owner_type: grant.resource_owner_type,
+      scopes: grant.scopes.to_s,
     )
 
     expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
@@ -117,8 +124,11 @@ describe Doorkeeper::OAuth::AuthorizationCodeRequest do
     end
 
     FactoryBot.create(
-      :access_token, application_id: client.id,
-                     resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
+      :access_token,
+      application_id: client.id,
+      resource_owner_id: grant.resource_owner_id,
+      resource_owner_type: grant.resource_owner_type,
+      scopes: grant.scopes.to_s,
     )
 
     allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)