doorkeeper 5.3.3 → 5.5.0.rc2

data/spec/lib/doorkeeper_spec.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe Doorkeeper do
-  describe "#authenticate" do
-    let(:request) { double }
-
-    it "calls OAuth::Token#authenticate" do
-      token_strategies = Doorkeeper.config.access_token_methods
-
-      expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
-        .with(request, *token_strategies)
-
-      Doorkeeper.authenticate(request)
-    end
-
-    it "accepts custom token strategies" do
-      token_strategies = %i[first_way second_way]
-
-      expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
-        .with(request, *token_strategies)
-
-      Doorkeeper.authenticate(request, token_strategies)
-    end
-  end
-end

data/spec/lib/models/expirable_spec.rb

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Expirable" do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Expirable
-    end.new
-  end
-
-  before do
-    allow(subject).to receive(:created_at).and_return(1.minute.ago)
-  end
-
-  describe :expired? do
-    it "is not expired if time has not passed" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject).not_to be_expired
-    end
-
-    it "is expired if time has passed" do
-      allow(subject).to receive(:expires_in).and_return(10.seconds)
-      expect(subject).to be_expired
-    end
-
-    it "is not expired if expires_in is not set" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject).not_to be_expired
-    end
-  end
-
-  describe :expires_in_seconds do
-    it "should return the amount of time remaining until the token is expired" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject.expires_in_seconds).to eq(60)
-    end
-
-    it "should return 0 when expired" do
-      allow(subject).to receive(:expires_in).and_return(30.seconds)
-      expect(subject.expires_in_seconds).to eq(0)
-    end
-
-    it "should return nil when expires_in is nil" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject.expires_in_seconds).to be_nil
-    end
-  end
-
-  describe :expires_at do
-    it "should return the expiration time of the token" do
-      allow(subject).to receive(:expires_in).and_return(2.minutes)
-      expect(subject.expires_at).to be_a(Time)
-    end
-
-    it "should return nil when expires_in is nil" do
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject.expires_at).to be_nil
-    end
-  end
-end

data/spec/lib/models/reusable_spec.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Reusable" do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Reusable
-    end.new
-  end
-
-  describe :reusable? do
-    it "is reusable if its expires_in is nil" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(subject).to receive(:expires_in).and_return(nil)
-      expect(subject).to be_reusable
-    end
-
-    it "is reusable if its expiry has crossed reusable limit" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
-      allow(subject).to receive(:expires_in).and_return(100.seconds)
-      allow(subject).to receive(:expires_in_seconds).and_return(20.seconds)
-      expect(subject).to be_reusable
-    end
-
-    it "is not reusable if its expiry has crossed reusable limit" do
-      allow(subject).to receive(:expired?).and_return(false)
-      allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
-      allow(subject).to receive(:expires_in).and_return(100.seconds)
-      allow(subject).to receive(:expires_in_seconds).and_return(5.seconds)
-      expect(subject).not_to be_reusable
-    end
-
-    it "is not reusable if it is already expired" do
-      allow(subject).to receive(:expired?).and_return(true)
-      expect(subject).not_to be_reusable
-    end
-  end
-end

data/spec/lib/models/revocable_spec.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Revocable" do
-  subject do
-    Class.new do
-      include Doorkeeper::Models::Revocable
-    end.new
-  end
-
-  describe :revoke do
-    it "updates :revoked_at attribute with current time" do
-      utc = double utc: double
-      clock = double now: utc
-      expect(subject).to receive(:update_attribute).with(:revoked_at, clock.now.utc)
-      subject.revoke(clock)
-    end
-  end
-
-  describe :revoked? do
-    it "is revoked if :revoked_at has passed" do
-      allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
-      expect(subject).to be_revoked
-    end
-
-    it "is not revoked if :revoked_at has not passed" do
-      allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
-      expect(subject).not_to be_revoked
-    end
-
-    it "is not revoked if :revoked_at is not set" do
-      allow(subject).to receive(:revoked_at).and_return(nil)
-      expect(subject).not_to be_revoked
-    end
-  end
-
-  describe :revoke_previous_refresh_token! do
-    it "revokes the previous token if existing, and resets the
-      `previous_refresh_token` attribute" do
-      previous_token = FactoryBot.create(
-        :access_token,
-        refresh_token: "refresh_token",
-      )
-      current_token = FactoryBot.create(
-        :access_token,
-        previous_refresh_token: previous_token.refresh_token,
-      )
-
-      expect_any_instance_of(
-        Doorkeeper::AccessToken,
-      ).to receive(:revoke).and_call_original
-      current_token.revoke_previous_refresh_token!
-
-      expect(current_token.previous_refresh_token).to be_empty
-      expect(previous_token.reload).to be_revoked
-    end
-  end
-end

data/spec/lib/models/scopes_spec.rb

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Doorkeeper::Models::Scopes" do
-  subject do
-    Class.new(Struct.new(:scopes)) do
-      include Doorkeeper::Models::Scopes
-    end.new
-  end
-
-  before do
-    subject[:scopes] = "public admin"
-  end
-
-  describe :scopes do
-    it "is a `Scopes` class" do
-      expect(subject.scopes).to be_a(Doorkeeper::OAuth::Scopes)
-    end
-
-    it "includes scopes" do
-      expect(subject.scopes).to include("public")
-    end
-  end
-
-  describe :scopes= do
-    it "accepts String" do
-      subject.scopes = "private admin"
-      expect(subject.scopes_string).to eq("private admin")
-    end
-
-    it "accepts Array" do
-      subject.scopes = %w[private admin]
-      expect(subject.scopes_string).to eq("private admin")
-    end
-  end
-
-  describe :scopes_string do
-    it "is a `Scopes` class" do
-      expect(subject.scopes_string).to eq("public admin")
-    end
-  end
-
-  describe :includes_scope? do
-    it "should return true if at least one scope is included" do
-      expect(subject.includes_scope?("public", "private")).to be true
-    end
-
-    it "should return false if no scopes are included" do
-      expect(subject.includes_scope?("teacher", "student")).to be false
-    end
-  end
-end

data/spec/lib/models/secret_storable_spec.rb

@@ -1,135 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "SecretStorable" do
-  let(:clazz) do
-    Class.new do
-      include Doorkeeper::Models::SecretStorable
-
-      def self.find_by(*)
-        raise "stub this"
-      end
-
-      def update_column(*)
-        raise "stub this"
-      end
-
-      def token
-        raise "stub this"
-      end
-    end
-  end
-  let(:strategy) { clazz.secret_strategy }
-
-  describe :find_by_plaintext_token do
-    subject { clazz.send(:find_by_plaintext_token, "attr", "input") }
-
-    it "forwards to the secret_strategy" do
-      expect(strategy)
-        .to receive(:transform_secret)
-        .with("input")
-        .and_return "found"
-
-      expect(clazz)
-        .to receive(:find_by)
-        .with("attr" => "found")
-        .and_return "result"
-
-      expect(subject).to eq "result"
-    end
-
-    it "calls find_by_fallback_token if not found" do
-      expect(clazz)
-        .to receive(:find_by)
-        .with("attr" => "input")
-        .and_return nil
-
-      expect(clazz)
-        .to receive(:find_by_fallback_token)
-        .with("attr", "input")
-        .and_return "fallback"
-
-      expect(subject).to eq "fallback"
-    end
-  end
-
-  describe :find_by_fallback_token do
-    subject { clazz.send(:find_by_fallback_token, "attr", "input") }
-    let(:fallback) { double(::Doorkeeper::SecretStoring::Plain) }
-
-    it "returns nil if none defined" do
-      expect(clazz.fallback_secret_strategy).to eq nil
-      expect(subject).to eq nil
-    end
-
-    context "if a fallback strategy is defined" do
-      before do
-        allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
-      end
-
-      context "if a resource is defined" do
-        let(:resource) { double("Token model") }
-
-        it "calls the strategy for lookup" do
-          expect(clazz)
-            .to receive(:find_by)
-            .with("attr" => "fallback")
-            .and_return(resource)
-
-          expect(fallback)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("fallback")
-
-          # store_secret will call the resource
-          expect(resource)
-            .to receive(:attr=)
-            .with("new value")
-
-          # It will upgrade the secret automtically using the current strategy
-          expect(strategy)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("new value")
-
-          expect(resource).to receive(:update).with("attr" => "new value")
-          expect(subject).to eq resource
-        end
-      end
-
-      context "if a resource is not defined" do
-        before do
-          allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
-        end
-
-        it "returns nil" do
-          expect(clazz)
-            .to receive(:find_by)
-            .with("attr" => "fallback")
-            .and_return(nil)
-
-          expect(fallback)
-            .to receive(:transform_secret)
-            .with("input")
-            .and_return("fallback")
-
-          # It does not find a token even with the fallback method
-          expect(subject).to be_nil
-        end
-      end
-    end
-  end
-
-  describe :secret_strategy do
-    it "defaults to plain strategy" do
-      expect(strategy).to eq Doorkeeper::SecretStoring::Plain
-    end
-  end
-
-  describe :fallback_secret_strategy do
-    it "defaults to nil" do
-      expect(clazz.fallback_secret_strategy).to eq nil
-    end
-  end
-end

data/spec/lib/oauth/authorization/uri_builder_spec.rb

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-module Doorkeeper::OAuth::Authorization
-  describe URIBuilder do
-    subject { URIBuilder }
-
-    describe :uri_with_query do
-      it "returns the uri with query" do
-        uri = subject.uri_with_query "http://example.com/", parameter: "value"
-        expect(uri).to eq("http://example.com/?parameter=value")
-      end
-
-      it "rejects nil values" do
-        uri = subject.uri_with_query "http://example.com/", parameter: ""
-        expect(uri).to eq("http://example.com/?")
-      end
-
-      it "preserves original query parameters" do
-        uri = subject.uri_with_query "http://example.com/?query1=value", parameter: "value"
-        expect(uri).to match(/query1=value/)
-        expect(uri).to match(/parameter=value/)
-      end
-    end
-
-    describe :uri_with_fragment do
-      it "returns uri with parameters as fragments" do
-        uri = subject.uri_with_fragment "http://example.com/", parameter: "value"
-        expect(uri).to eq("http://example.com/#parameter=value")
-      end
-
-      it "preserves original query parameters" do
-        uri = subject.uri_with_fragment "http://example.com/?query1=value1", parameter: "value"
-        expect(uri).to eq("http://example.com/?query1=value1#parameter=value")
-      end
-    end
-  end
-end

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -1,170 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe Doorkeeper::OAuth::AuthorizationCodeRequest do
-  let(:server) do
-    double :server,
-           access_token_expires_in: 2.days,
-           refresh_token_enabled?: false,
-           custom_access_token_expires_in: lambda { |context|
-             context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
-           }
-  end
-
-  let(:grant)  { FactoryBot.create :access_grant }
-  let(:client) { grant.application }
-  let(:redirect_uri) { client.redirect_uri }
-  let(:params) { { redirect_uri: redirect_uri } }
-
-  before do
-    allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
-  end
-
-  subject do
-    described_class.new(server, grant, client, params)
-  end
-
-  it "issues a new token for the client" do
-    expect do
-      subject.authorize
-    end.to change { client.reload.access_tokens.count }.by(1)
-
-    expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
-  end
-
-  it "issues the token with same grant's scopes" do
-    subject.authorize
-    expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
-  end
-
-  it "revokes the grant" do
-    expect { subject.authorize }.to(change { grant.reload.accessible? })
-  end
-
-  it "requires the grant to be accessible" do
-    grant.revoke
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-
-  it "requires the grant" do
-    subject.grant = nil
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-
-  it "requires the client" do
-    subject.client = nil
-    subject.validate
-    expect(subject.error).to eq(:invalid_client)
-  end
-
-  it "requires the redirect_uri" do
-    subject.redirect_uri = nil
-    subject.validate
-    expect(subject.error).to eq(:invalid_request)
-    expect(subject.missing_param).to eq(:redirect_uri)
-  end
-
-  it "invalid code_verifier param because server does not support pkce" do
-    # Some other ORMs work relies on #respond_to? so it's not a good idea to stub it :\
-    allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(anything).and_call_original
-    allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(:code_challenge).and_return(false)
-
-    subject.code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
-    subject.validate
-    expect(subject.error).to eq(:invalid_request)
-    expect(subject.invalid_request_reason).to eq(:not_support_pkce)
-  end
-
-  it "matches the redirect_uri with grant's one" do
-    subject.redirect_uri = "http://other.com"
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-
-  it "matches the client with grant's one" do
-    subject.client = FactoryBot.create :application
-    subject.validate
-    expect(subject.error).to eq(:invalid_grant)
-  end
-
-  it "skips token creation if there is a matching one reusable" do
-    scopes = grant.scopes
-
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-      reuse_access_token
-      default_scopes(*scopes)
-    end
-
-    FactoryBot.create(
-      :access_token, application_id: client.id,
-                     resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
-    )
-
-    expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
-  end
-
-  it "creates token if there is a matching one but non reusable" do
-    scopes = grant.scopes
-
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-      reuse_access_token
-      default_scopes(*scopes)
-    end
-
-    FactoryBot.create(
-      :access_token, application_id: client.id,
-                     resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s,
-    )
-
-    allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
-
-    expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
-  end
-
-  it "calls configured request callback methods" do
-    expect(Doorkeeper.configuration.before_successful_strategy_response)
-      .to receive(:call).with(subject).once
-    expect(Doorkeeper.configuration.after_successful_strategy_response)
-      .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
-
-    subject.authorize
-  end
-
-  context "when redirect_uri contains some query params" do
-    let(:redirect_uri) { client.redirect_uri + "?query=q" }
-
-    it "compares only host part with grant's redirect_uri" do
-      subject.validate
-      expect(subject.error).to eq(nil)
-    end
-  end
-
-  context "when redirect_uri is not an URI" do
-    let(:redirect_uri) { "123d#!s" }
-
-    it "responds with invalid_grant" do
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
-  end
-
-  context "when redirect_uri is the native one" do
-    let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
-
-    it "invalidates when redirect_uri of the grant is not native" do
-      subject.validate
-      expect(subject.error).to eq(:invalid_grant)
-    end
-
-    it "validates when redirect_uri of the grant is also native" do
-      allow(grant).to receive(:redirect_uri) { redirect_uri }
-      subject.validate
-      expect(subject.error).to eq(nil)
-    end
-  end
-end