doorkeeper 5.3.3 → 5.5.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (233) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +125 -7
  3. data/README.md +6 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +4 -4
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +46 -16
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/tokens_controller.rb +67 -22
  8. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  9. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  10. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  11. data/config/locales/en.yml +6 -2
  12. data/lib/doorkeeper.rb +111 -79
  13. data/lib/doorkeeper/config.rb +148 -94
  14. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  15. data/lib/doorkeeper/config/option.rb +26 -14
  16. data/lib/doorkeeper/config/validations.rb +53 -0
  17. data/lib/doorkeeper/engine.rb +1 -1
  18. data/lib/doorkeeper/grant_flow.rb +45 -0
  19. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  20. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  21. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  22. data/lib/doorkeeper/grape/helpers.rb +1 -1
  23. data/lib/doorkeeper/helpers/controller.rb +8 -4
  24. data/lib/doorkeeper/models/access_grant_mixin.rb +21 -18
  25. data/lib/doorkeeper/models/access_token_mixin.rb +110 -47
  26. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  27. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  28. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  29. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  30. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  31. data/lib/doorkeeper/oauth/authorization/code.rb +19 -6
  32. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  33. data/lib/doorkeeper/oauth/authorization/token.rb +18 -16
  34. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  35. data/lib/doorkeeper/oauth/authorization_code_request.rb +17 -14
  36. data/lib/doorkeeper/oauth/base_request.rb +12 -20
  37. data/lib/doorkeeper/oauth/client.rb +1 -1
  38. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  39. data/lib/doorkeeper/oauth/client_credentials/creator.rb +27 -8
  40. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
  41. data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
  42. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  43. data/lib/doorkeeper/oauth/code_request.rb +3 -3
  44. data/lib/doorkeeper/oauth/code_response.rb +22 -12
  45. data/lib/doorkeeper/oauth/error_response.rb +6 -7
  46. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
  47. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  48. data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
  49. data/lib/doorkeeper/oauth/password_access_token_request.rb +24 -7
  50. data/lib/doorkeeper/oauth/pre_authorization.rb +63 -32
  51. data/lib/doorkeeper/oauth/refresh_token_request.rb +31 -22
  52. data/lib/doorkeeper/oauth/token.rb +5 -6
  53. data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
  54. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  55. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  56. data/lib/doorkeeper/orm/active_record.rb +14 -7
  57. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
  58. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
  59. data/lib/doorkeeper/orm/active_record/mixins/application.rb +6 -3
  60. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
  61. data/lib/doorkeeper/rails/routes.rb +14 -20
  62. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  63. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  64. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  65. data/lib/doorkeeper/request.rb +49 -12
  66. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  67. data/lib/doorkeeper/request/strategy.rb +2 -2
  68. data/lib/doorkeeper/server.rb +4 -4
  69. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  70. data/lib/doorkeeper/version.rb +3 -7
  71. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  72. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  73. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  74. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  75. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  76. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  77. data/lib/generators/doorkeeper/templates/initializer.rb +48 -10
  78. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  79. metadata +30 -300
  80. data/Appraisals +0 -40
  81. data/CODE_OF_CONDUCT.md +0 -46
  82. data/CONTRIBUTING.md +0 -49
  83. data/Dangerfile +0 -67
  84. data/Dockerfile +0 -29
  85. data/Gemfile +0 -25
  86. data/NEWS.md +0 -1
  87. data/RELEASING.md +0 -11
  88. data/Rakefile +0 -28
  89. data/SECURITY.md +0 -15
  90. data/UPGRADE.md +0 -2
  91. data/bin/console +0 -16
  92. data/doorkeeper.gemspec +0 -42
  93. data/gemfiles/rails_5_0.gemfile +0 -18
  94. data/gemfiles/rails_5_1.gemfile +0 -18
  95. data/gemfiles/rails_5_2.gemfile +0 -18
  96. data/gemfiles/rails_6_0.gemfile +0 -18
  97. data/gemfiles/rails_master.gemfile +0 -18
  98. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  99. data/spec/controllers/applications_controller_spec.rb +0 -274
  100. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  101. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  102. data/spec/controllers/token_info_controller_spec.rb +0 -50
  103. data/spec/controllers/tokens_controller_spec.rb +0 -498
  104. data/spec/dummy/Rakefile +0 -9
  105. data/spec/dummy/app/assets/config/manifest.js +0 -2
  106. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  107. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  108. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  109. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  110. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  111. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  112. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  113. data/spec/dummy/app/models/user.rb +0 -7
  114. data/spec/dummy/app/views/home/index.html.erb +0 -0
  115. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  116. data/spec/dummy/config.ru +0 -6
  117. data/spec/dummy/config/application.rb +0 -49
  118. data/spec/dummy/config/boot.rb +0 -7
  119. data/spec/dummy/config/database.yml +0 -15
  120. data/spec/dummy/config/environment.rb +0 -5
  121. data/spec/dummy/config/environments/development.rb +0 -31
  122. data/spec/dummy/config/environments/production.rb +0 -64
  123. data/spec/dummy/config/environments/test.rb +0 -45
  124. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  125. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  126. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  127. data/spec/dummy/config/initializers/session_store.rb +0 -10
  128. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  129. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  130. data/spec/dummy/config/routes.rb +0 -13
  131. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  132. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  133. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  134. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  135. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  136. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  137. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  138. data/spec/dummy/db/schema.rb +0 -68
  139. data/spec/dummy/public/404.html +0 -26
  140. data/spec/dummy/public/422.html +0 -26
  141. data/spec/dummy/public/500.html +0 -26
  142. data/spec/dummy/public/favicon.ico +0 -0
  143. data/spec/dummy/script/rails +0 -9
  144. data/spec/factories.rb +0 -30
  145. data/spec/generators/application_owner_generator_spec.rb +0 -28
  146. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  147. data/spec/generators/install_generator_spec.rb +0 -36
  148. data/spec/generators/migration_generator_spec.rb +0 -28
  149. data/spec/generators/pkce_generator_spec.rb +0 -28
  150. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  151. data/spec/generators/templates/routes.rb +0 -4
  152. data/spec/generators/views_generator_spec.rb +0 -29
  153. data/spec/grape/grape_integration_spec.rb +0 -137
  154. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  155. data/spec/lib/config_spec.rb +0 -809
  156. data/spec/lib/doorkeeper_spec.rb +0 -27
  157. data/spec/lib/models/expirable_spec.rb +0 -61
  158. data/spec/lib/models/reusable_spec.rb +0 -40
  159. data/spec/lib/models/revocable_spec.rb +0 -59
  160. data/spec/lib/models/scopes_spec.rb +0 -53
  161. data/spec/lib/models/secret_storable_spec.rb +0 -135
  162. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  163. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
  164. data/spec/lib/oauth/base_request_spec.rb +0 -224
  165. data/spec/lib/oauth/base_response_spec.rb +0 -45
  166. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  167. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
  168. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  169. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  170. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  171. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
  172. data/spec/lib/oauth/client_spec.rb +0 -38
  173. data/spec/lib/oauth/code_request_spec.rb +0 -46
  174. data/spec/lib/oauth/code_response_spec.rb +0 -32
  175. data/spec/lib/oauth/error_response_spec.rb +0 -64
  176. data/spec/lib/oauth/error_spec.rb +0 -21
  177. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  178. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  179. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  180. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  181. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  182. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  183. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
  184. data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
  185. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  186. data/spec/lib/oauth/scopes_spec.rb +0 -146
  187. data/spec/lib/oauth/token_request_spec.rb +0 -157
  188. data/spec/lib/oauth/token_response_spec.rb +0 -84
  189. data/spec/lib/oauth/token_spec.rb +0 -156
  190. data/spec/lib/request/strategy_spec.rb +0 -54
  191. data/spec/lib/secret_storing/base_spec.rb +0 -60
  192. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  193. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  194. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  195. data/spec/lib/server_spec.rb +0 -49
  196. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  197. data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
  198. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  199. data/spec/models/doorkeeper/application_spec.rb +0 -482
  200. data/spec/requests/applications/applications_request_spec.rb +0 -259
  201. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  202. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  203. data/spec/requests/endpoints/token_spec.rb +0 -75
  204. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  205. data/spec/requests/flows/authorization_code_spec.rb +0 -525
  206. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  207. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  208. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  209. data/spec/requests/flows/password_spec.rb +0 -316
  210. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  211. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  212. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  213. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  214. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  215. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  216. data/spec/routing/default_routes_spec.rb +0 -41
  217. data/spec/routing/scoped_routes_spec.rb +0 -47
  218. data/spec/spec_helper.rb +0 -54
  219. data/spec/spec_helper_integration.rb +0 -4
  220. data/spec/support/dependencies/factory_bot.rb +0 -4
  221. data/spec/support/doorkeeper_rspec.rb +0 -22
  222. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  223. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  224. data/spec/support/helpers/config_helper.rb +0 -11
  225. data/spec/support/helpers/model_helper.rb +0 -78
  226. data/spec/support/helpers/request_spec_helper.rb +0 -110
  227. data/spec/support/helpers/url_helper.rb +0 -62
  228. data/spec/support/orm/active_record.rb +0 -5
  229. data/spec/support/shared/controllers_shared_context.rb +0 -133
  230. data/spec/support/shared/hashing_shared_context.rb +0 -36
  231. data/spec/support/shared/models_shared_examples.rb +0 -54
  232. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  233. data/spec/version/version_spec.rb +0 -17
@@ -1,112 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- class Doorkeeper::OAuth::ClientCredentialsRequest
6
- describe Issuer do
7
- let(:creator) { double :access_token_creator }
8
- let(:server) do
9
- double(
10
- :server,
11
- access_token_expires_in: 100,
12
- )
13
- end
14
- let(:validator) { double :validator, valid?: true }
15
-
16
- before do
17
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
18
- end
19
-
20
- subject { Issuer.new(server, validator) }
21
-
22
- describe :create do
23
- let(:client) { double :client, id: "some-id" }
24
- let(:scopes) { "some scope" }
25
-
26
- it "creates and sets the token" do
27
- expect(creator).to receive(:call).and_return("token")
28
- subject.create client, scopes, creator
29
-
30
- expect(subject.token).to eq("token")
31
- end
32
-
33
- it "creates with correct token parameters" do
34
- expect(creator).to receive(:call).with(
35
- client,
36
- scopes,
37
- expires_in: 100,
38
- use_refresh_token: false,
39
- )
40
-
41
- subject.create client, scopes, creator
42
- end
43
-
44
- it "has error set to :server_error if creator fails" do
45
- expect(creator).to receive(:call).and_return(false)
46
- subject.create client, scopes, creator
47
-
48
- expect(subject.error).to eq(:server_error)
49
- end
50
-
51
- context "when validator fails" do
52
- before do
53
- allow(validator).to receive(:valid?).and_return(false)
54
- allow(validator).to receive(:error).and_return(:validation_error)
55
- expect(creator).not_to receive(:create)
56
- end
57
-
58
- it "has error set from validator" do
59
- subject.create client, scopes, creator
60
- expect(subject.error).to eq(:validation_error)
61
- end
62
-
63
- it "returns false" do
64
- expect(subject.create(client, scopes, creator)).to be_falsey
65
- end
66
- end
67
-
68
- context "with custom expiration" do
69
- let(:custom_ttl_grant) { 1234 }
70
- let(:custom_ttl_scope) { 1235 }
71
- let(:custom_scope) { "special" }
72
- let(:server) do
73
- double(
74
- :server,
75
- custom_access_token_expires_in: lambda { |context|
76
- # scopes is normally an object but is a string in this test
77
- if context.scopes == custom_scope
78
- custom_ttl_scope
79
- elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
80
- custom_ttl_grant
81
- end
82
- },
83
- )
84
- end
85
-
86
- before do
87
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
88
- end
89
-
90
- it "respects grant based rules" do
91
- expect(creator).to receive(:call).with(
92
- client,
93
- scopes,
94
- expires_in: custom_ttl_grant,
95
- use_refresh_token: false,
96
- )
97
- subject.create client, scopes, creator
98
- end
99
-
100
- it "respects scope based rules" do
101
- expect(creator).to receive(:call).with(
102
- client,
103
- custom_scope,
104
- expires_in: custom_ttl_scope,
105
- use_refresh_token: false,
106
- )
107
- subject.create client, custom_scope, creator
108
- end
109
- end
110
- end
111
- end
112
- end
@@ -1,59 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- class Doorkeeper::OAuth::ClientCredentialsRequest
6
- describe Validator do
7
- let(:server) { double :server, scopes: nil }
8
- let(:application) { double scopes: nil }
9
- let(:client) { double application: application }
10
- let(:request) { double :request, client: client, scopes: nil }
11
-
12
- subject { described_class.new(server, request) }
13
-
14
- it "is valid with valid request" do
15
- expect(subject).to be_valid
16
- end
17
-
18
- it "is invalid when client is not present" do
19
- allow(request).to receive(:client).and_return(nil)
20
- expect(subject).not_to be_valid
21
- end
22
-
23
- context "with scopes" do
24
- it "is invalid when scopes are not included in the server" do
25
- server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
26
- allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
27
- allow(server).to receive(:scopes).and_return(server_scopes)
28
- allow(request).to receive(:scopes).and_return(
29
- Doorkeeper::OAuth::Scopes.from_string("invalid"),
30
- )
31
- expect(subject).not_to be_valid
32
- end
33
-
34
- context "with application scopes" do
35
- it "is valid when scopes are included in the application" do
36
- application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
37
- server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
38
- allow(application).to receive(:scopes).and_return(application_scopes)
39
- allow(server).to receive(:scopes).and_return(server_scopes)
40
- allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
41
- allow(request).to receive(:scopes).and_return(application_scopes)
42
- expect(subject).to be_valid
43
- end
44
-
45
- it "is invalid when scopes are not included in the application" do
46
- application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
47
- server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
48
- allow(application).to receive(:scopes).and_return(application_scopes)
49
- allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
50
- allow(server).to receive(:scopes).and_return(server_scopes)
51
- allow(request).to receive(:scopes).and_return(
52
- Doorkeeper::OAuth::Scopes.from_string("email"),
53
- )
54
- expect(subject).not_to be_valid
55
- end
56
- end
57
- end
58
- end
59
- end
@@ -1,27 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ClientCredentialsRequest do
6
- let(:server) { Doorkeeper.configuration }
7
-
8
- context "with a valid request" do
9
- let(:client) { FactoryBot.create :application }
10
-
11
- it "issues an access token" do
12
- request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, {})
13
- expect do
14
- request.authorize
15
- end.to change { Doorkeeper::AccessToken.count }.by(1)
16
- end
17
- end
18
-
19
- describe "with an invalid request" do
20
- it "does not issue an access token" do
21
- request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, nil, {})
22
- expect do
23
- request.authorize
24
- end.to_not(change { Doorkeeper::AccessToken.count })
25
- end
26
- end
27
- end
@@ -1,107 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ClientCredentialsRequest do
6
- let(:server) do
7
- double(
8
- default_scopes: nil,
9
- access_token_expires_in: 2.hours,
10
- custom_access_token_expires_in: ->(_context) { nil },
11
- )
12
- end
13
-
14
- let(:application) { FactoryBot.create(:application, scopes: "") }
15
- let(:client) { double :client, application: application }
16
- let(:token_creator) { double :issuer, create: true, token: double }
17
-
18
- before do
19
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
20
- end
21
-
22
- subject { Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client) }
23
-
24
- before do
25
- subject.issuer = token_creator
26
- end
27
-
28
- it "issues an access token for the current client" do
29
- expect(token_creator).to receive(:create).with(client, nil)
30
- subject.authorize
31
- end
32
-
33
- it "has successful response when issue was created" do
34
- subject.authorize
35
- expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
36
- end
37
-
38
- context "if issue was not created" do
39
- before do
40
- subject.issuer = double create: false, error: :invalid
41
- end
42
-
43
- it "has an error response" do
44
- subject.authorize
45
- expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
46
- end
47
-
48
- it "delegates the error to issuer" do
49
- subject.authorize
50
- expect(subject.error).to eq(:invalid)
51
- end
52
- end
53
-
54
- context "with scopes" do
55
- let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
56
-
57
- before do
58
- allow(server).to receive(:default_scopes).and_return(default_scopes)
59
- end
60
-
61
- it "issues an access token with default scopes if none was requested" do
62
- expect(token_creator).to receive(:create).with(client, default_scopes)
63
- subject.authorize
64
- end
65
-
66
- it "issues an access token with requested scopes" do
67
- subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "email")
68
- subject.issuer = token_creator
69
- expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
70
- subject.authorize
71
- end
72
- end
73
-
74
- context "with restricted client" do
75
- let(:default_scopes) do
76
- Doorkeeper::OAuth::Scopes.from_string("public email")
77
- end
78
- let(:server_scopes) do
79
- Doorkeeper::OAuth::Scopes.from_string("public email phone")
80
- end
81
- let(:client_scopes) do
82
- Doorkeeper::OAuth::Scopes.from_string("public phone")
83
- end
84
-
85
- before do
86
- allow(server).to receive(:default_scopes).and_return(default_scopes)
87
- allow(server).to receive(:scopes).and_return(server_scopes)
88
- allow(server).to receive(:access_token_expires_in).and_return(100)
89
- allow(application).to receive(:scopes).and_return(client_scopes)
90
- allow(client).to receive(:id).and_return(nil)
91
- end
92
-
93
- it "delegates the error to issuer if no scope was requested" do
94
- subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client)
95
- subject.authorize
96
- expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
97
- expect(subject.error).to eq(:invalid_scope)
98
- end
99
-
100
- it "issues an access token with requested scopes" do
101
- subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "phone")
102
- subject.authorize
103
- expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
104
- expect(subject.response.token.scopes_string).to eq("phone")
105
- end
106
- end
107
- end
@@ -1,38 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::Client do
6
- describe :find do
7
- let(:method) { double }
8
-
9
- it "finds the client via uid" do
10
- client = double
11
- expect(method).to receive(:call).with("uid").and_return(client)
12
- expect(Doorkeeper::OAuth::Client.find("uid", method))
13
- .to be_a(Doorkeeper::OAuth::Client)
14
- end
15
-
16
- it "returns nil if client was not found" do
17
- expect(method).to receive(:call).with("uid").and_return(nil)
18
- expect(Doorkeeper::OAuth::Client.find("uid", method)).to be_nil
19
- end
20
- end
21
-
22
- describe ".authenticate" do
23
- it "returns the authenticated client via credentials" do
24
- credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
25
- authenticator = double
26
- expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
27
- expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator))
28
- .to be_a(Doorkeeper::OAuth::Client)
29
- end
30
-
31
- it "returns nil if client was not authenticated" do
32
- credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
33
- authenticator = double
34
- expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
35
- expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator)).to be_nil
36
- end
37
- end
38
- end
@@ -1,46 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::CodeRequest do
6
- let(:pre_auth) do
7
- server = Doorkeeper.configuration
8
- allow(server)
9
- .to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
10
- allow(server)
11
- .to receive(:grant_flows).and_return(Doorkeeper::OAuth::Scopes.from_string("authorization_code"))
12
-
13
- application = FactoryBot.create(:application, scopes: "public")
14
- client = Doorkeeper::OAuth::Client.new(application)
15
-
16
- attributes = {
17
- client_id: client.uid,
18
- response_type: "code",
19
- redirect_uri: "https://app.com/callback",
20
- }
21
-
22
- pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
23
- pre_auth.authorizable?
24
- pre_auth
25
- end
26
-
27
- let(:owner) { double :owner, id: 8900 }
28
-
29
- subject do
30
- described_class.new(pre_auth, owner)
31
- end
32
-
33
- context "when pre_auth is authorized" do
34
- it "creates an access grant and returns a code response" do
35
- expect { subject.authorize }.to change { Doorkeeper::AccessGrant.count }.by(1)
36
- expect(subject.authorize).to be_a(Doorkeeper::OAuth::CodeResponse)
37
- end
38
- end
39
-
40
- context "when pre_auth is denied" do
41
- it "does not create access grant and returns a error response" do
42
- expect { subject.deny }.not_to(change { Doorkeeper::AccessGrant.count })
43
- expect(subject.deny).to be_a(Doorkeeper::OAuth::ErrorResponse)
44
- end
45
- end
46
- end
@@ -1,32 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::CodeResponse do
6
- describe "#redirect_uri" do
7
- context "when generating the redirect URI for an implicit grant" do
8
- let :pre_auth do
9
- double(
10
- :pre_auth,
11
- client: double(:application, id: 1),
12
- redirect_uri: "http://tst.com/cb",
13
- state: nil,
14
- scopes: Doorkeeper::OAuth::Scopes.from_string("public"),
15
- )
16
- end
17
-
18
- let :auth do
19
- Doorkeeper::OAuth::Authorization::Token.new(pre_auth, double(id: 1)).tap do |c|
20
- c.issue_token
21
- allow(c.token).to receive(:expires_in_seconds).and_return(3600)
22
- end
23
- end
24
-
25
- subject { described_class.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
26
-
27
- it "includes the remaining TTL of the token relative to the time the token was generated" do
28
- expect(subject).to include("expires_in=3600")
29
- end
30
- end
31
- end
32
- end
@@ -1,64 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ErrorResponse do
6
- describe "#status" do
7
- it "should have a status of bad_request" do
8
- expect(subject.status).to eq(:bad_request)
9
- end
10
-
11
- it "should have a status of unauthorized for an invalid_client error" do
12
- subject = described_class.new(name: :invalid_client)
13
-
14
- expect(subject.status).to eq(:unauthorized)
15
- end
16
- end
17
-
18
- describe ".from_request" do
19
- it "has the error from request" do
20
- error = described_class.from_request double(error: :some_error)
21
- expect(error.name).to eq(:some_error)
22
- end
23
-
24
- it "ignores state if request does not respond to state" do
25
- error = described_class.from_request double(error: :some_error)
26
- expect(error.state).to be_nil
27
- end
28
-
29
- it "has state if request responds to state" do
30
- error = described_class.from_request double(error: :some_error, state: :hello)
31
- expect(error.state).to eq(:hello)
32
- end
33
- end
34
-
35
- it "ignores empty error values" do
36
- subject = described_class.new(error: :some_error, state: nil)
37
- expect(subject.body).not_to have_key(:state)
38
- end
39
-
40
- describe ".body" do
41
- subject { described_class.new(name: :some_error, state: :some_state).body }
42
-
43
- describe "#body" do
44
- it { expect(subject).to have_key(:error) }
45
- it { expect(subject).to have_key(:error_description) }
46
- it { expect(subject).to have_key(:state) }
47
- end
48
- end
49
-
50
- describe ".headers" do
51
- let(:error_response) { described_class.new(name: :some_error, state: :some_state) }
52
- subject { error_response.headers }
53
-
54
- it { expect(subject).to include "WWW-Authenticate" }
55
-
56
- describe "WWW-Authenticate header" do
57
- subject { error_response.headers["WWW-Authenticate"] }
58
-
59
- it { expect(subject).to include("realm=\"#{error_response.realm}\"") }
60
- it { expect(subject).to include("error=\"#{error_response.name}\"") }
61
- it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
62
- end
63
- end
64
- end