doorkeeper 5.3.3 → 5.5.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (233) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +125 -7
  3. data/README.md +6 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +4 -4
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +46 -16
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/tokens_controller.rb +67 -22
  8. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  9. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  10. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  11. data/config/locales/en.yml +6 -2
  12. data/lib/doorkeeper.rb +111 -79
  13. data/lib/doorkeeper/config.rb +148 -94
  14. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  15. data/lib/doorkeeper/config/option.rb +26 -14
  16. data/lib/doorkeeper/config/validations.rb +53 -0
  17. data/lib/doorkeeper/engine.rb +1 -1
  18. data/lib/doorkeeper/grant_flow.rb +45 -0
  19. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  20. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  21. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  22. data/lib/doorkeeper/grape/helpers.rb +1 -1
  23. data/lib/doorkeeper/helpers/controller.rb +8 -4
  24. data/lib/doorkeeper/models/access_grant_mixin.rb +21 -18
  25. data/lib/doorkeeper/models/access_token_mixin.rb +110 -47
  26. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  27. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  28. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  29. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  30. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  31. data/lib/doorkeeper/oauth/authorization/code.rb +19 -6
  32. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  33. data/lib/doorkeeper/oauth/authorization/token.rb +18 -16
  34. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  35. data/lib/doorkeeper/oauth/authorization_code_request.rb +17 -14
  36. data/lib/doorkeeper/oauth/base_request.rb +12 -20
  37. data/lib/doorkeeper/oauth/client.rb +1 -1
  38. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  39. data/lib/doorkeeper/oauth/client_credentials/creator.rb +27 -8
  40. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
  41. data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
  42. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  43. data/lib/doorkeeper/oauth/code_request.rb +3 -3
  44. data/lib/doorkeeper/oauth/code_response.rb +22 -12
  45. data/lib/doorkeeper/oauth/error_response.rb +6 -7
  46. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
  47. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  48. data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
  49. data/lib/doorkeeper/oauth/password_access_token_request.rb +24 -7
  50. data/lib/doorkeeper/oauth/pre_authorization.rb +63 -32
  51. data/lib/doorkeeper/oauth/refresh_token_request.rb +31 -22
  52. data/lib/doorkeeper/oauth/token.rb +5 -6
  53. data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
  54. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  55. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  56. data/lib/doorkeeper/orm/active_record.rb +14 -7
  57. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
  58. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
  59. data/lib/doorkeeper/orm/active_record/mixins/application.rb +6 -3
  60. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
  61. data/lib/doorkeeper/rails/routes.rb +14 -20
  62. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  63. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  64. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  65. data/lib/doorkeeper/request.rb +49 -12
  66. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  67. data/lib/doorkeeper/request/strategy.rb +2 -2
  68. data/lib/doorkeeper/server.rb +4 -4
  69. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  70. data/lib/doorkeeper/version.rb +3 -7
  71. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  72. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  73. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  74. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  75. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  76. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  77. data/lib/generators/doorkeeper/templates/initializer.rb +48 -10
  78. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  79. metadata +30 -300
  80. data/Appraisals +0 -40
  81. data/CODE_OF_CONDUCT.md +0 -46
  82. data/CONTRIBUTING.md +0 -49
  83. data/Dangerfile +0 -67
  84. data/Dockerfile +0 -29
  85. data/Gemfile +0 -25
  86. data/NEWS.md +0 -1
  87. data/RELEASING.md +0 -11
  88. data/Rakefile +0 -28
  89. data/SECURITY.md +0 -15
  90. data/UPGRADE.md +0 -2
  91. data/bin/console +0 -16
  92. data/doorkeeper.gemspec +0 -42
  93. data/gemfiles/rails_5_0.gemfile +0 -18
  94. data/gemfiles/rails_5_1.gemfile +0 -18
  95. data/gemfiles/rails_5_2.gemfile +0 -18
  96. data/gemfiles/rails_6_0.gemfile +0 -18
  97. data/gemfiles/rails_master.gemfile +0 -18
  98. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  99. data/spec/controllers/applications_controller_spec.rb +0 -274
  100. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  101. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  102. data/spec/controllers/token_info_controller_spec.rb +0 -50
  103. data/spec/controllers/tokens_controller_spec.rb +0 -498
  104. data/spec/dummy/Rakefile +0 -9
  105. data/spec/dummy/app/assets/config/manifest.js +0 -2
  106. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  107. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  108. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  109. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  110. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  111. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  112. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  113. data/spec/dummy/app/models/user.rb +0 -7
  114. data/spec/dummy/app/views/home/index.html.erb +0 -0
  115. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  116. data/spec/dummy/config.ru +0 -6
  117. data/spec/dummy/config/application.rb +0 -49
  118. data/spec/dummy/config/boot.rb +0 -7
  119. data/spec/dummy/config/database.yml +0 -15
  120. data/spec/dummy/config/environment.rb +0 -5
  121. data/spec/dummy/config/environments/development.rb +0 -31
  122. data/spec/dummy/config/environments/production.rb +0 -64
  123. data/spec/dummy/config/environments/test.rb +0 -45
  124. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  125. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  126. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  127. data/spec/dummy/config/initializers/session_store.rb +0 -10
  128. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  129. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  130. data/spec/dummy/config/routes.rb +0 -13
  131. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  132. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  133. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  134. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  135. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  136. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  137. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  138. data/spec/dummy/db/schema.rb +0 -68
  139. data/spec/dummy/public/404.html +0 -26
  140. data/spec/dummy/public/422.html +0 -26
  141. data/spec/dummy/public/500.html +0 -26
  142. data/spec/dummy/public/favicon.ico +0 -0
  143. data/spec/dummy/script/rails +0 -9
  144. data/spec/factories.rb +0 -30
  145. data/spec/generators/application_owner_generator_spec.rb +0 -28
  146. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  147. data/spec/generators/install_generator_spec.rb +0 -36
  148. data/spec/generators/migration_generator_spec.rb +0 -28
  149. data/spec/generators/pkce_generator_spec.rb +0 -28
  150. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  151. data/spec/generators/templates/routes.rb +0 -4
  152. data/spec/generators/views_generator_spec.rb +0 -29
  153. data/spec/grape/grape_integration_spec.rb +0 -137
  154. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  155. data/spec/lib/config_spec.rb +0 -809
  156. data/spec/lib/doorkeeper_spec.rb +0 -27
  157. data/spec/lib/models/expirable_spec.rb +0 -61
  158. data/spec/lib/models/reusable_spec.rb +0 -40
  159. data/spec/lib/models/revocable_spec.rb +0 -59
  160. data/spec/lib/models/scopes_spec.rb +0 -53
  161. data/spec/lib/models/secret_storable_spec.rb +0 -135
  162. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  163. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
  164. data/spec/lib/oauth/base_request_spec.rb +0 -224
  165. data/spec/lib/oauth/base_response_spec.rb +0 -45
  166. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  167. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
  168. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  169. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  170. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  171. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
  172. data/spec/lib/oauth/client_spec.rb +0 -38
  173. data/spec/lib/oauth/code_request_spec.rb +0 -46
  174. data/spec/lib/oauth/code_response_spec.rb +0 -32
  175. data/spec/lib/oauth/error_response_spec.rb +0 -64
  176. data/spec/lib/oauth/error_spec.rb +0 -21
  177. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  178. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  179. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  180. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  181. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  182. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  183. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
  184. data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
  185. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  186. data/spec/lib/oauth/scopes_spec.rb +0 -146
  187. data/spec/lib/oauth/token_request_spec.rb +0 -157
  188. data/spec/lib/oauth/token_response_spec.rb +0 -84
  189. data/spec/lib/oauth/token_spec.rb +0 -156
  190. data/spec/lib/request/strategy_spec.rb +0 -54
  191. data/spec/lib/secret_storing/base_spec.rb +0 -60
  192. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  193. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  194. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  195. data/spec/lib/server_spec.rb +0 -49
  196. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  197. data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
  198. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  199. data/spec/models/doorkeeper/application_spec.rb +0 -482
  200. data/spec/requests/applications/applications_request_spec.rb +0 -259
  201. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  202. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  203. data/spec/requests/endpoints/token_spec.rb +0 -75
  204. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  205. data/spec/requests/flows/authorization_code_spec.rb +0 -525
  206. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  207. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  208. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  209. data/spec/requests/flows/password_spec.rb +0 -316
  210. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  211. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  212. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  213. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  214. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  215. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  216. data/spec/routing/default_routes_spec.rb +0 -41
  217. data/spec/routing/scoped_routes_spec.rb +0 -47
  218. data/spec/spec_helper.rb +0 -54
  219. data/spec/spec_helper_integration.rb +0 -4
  220. data/spec/support/dependencies/factory_bot.rb +0 -4
  221. data/spec/support/doorkeeper_rspec.rb +0 -22
  222. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  223. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  224. data/spec/support/helpers/config_helper.rb +0 -11
  225. data/spec/support/helpers/model_helper.rb +0 -78
  226. data/spec/support/helpers/request_spec_helper.rb +0 -110
  227. data/spec/support/helpers/url_helper.rb +0 -62
  228. data/spec/support/orm/active_record.rb +0 -5
  229. data/spec/support/shared/controllers_shared_context.rb +0 -133
  230. data/spec/support/shared/hashing_shared_context.rb +0 -36
  231. data/spec/support/shared/models_shared_examples.rb +0 -54
  232. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  233. data/spec/version/version_spec.rb +0 -17
@@ -1,53 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::InvalidTokenResponse do
6
- describe "#name" do
7
- it { expect(subject.name).to eq(:invalid_token) }
8
- end
9
-
10
- describe "#status" do
11
- it { expect(subject.status).to eq(:unauthorized) }
12
- end
13
-
14
- describe ".from_access_token" do
15
- let(:response) { described_class.from_access_token(access_token) }
16
-
17
- context "revoked" do
18
- let(:access_token) { double(revoked?: true, expired?: true) }
19
-
20
- it "sets a description" do
21
- expect(response.description).to include("revoked")
22
- end
23
-
24
- it "sets the reason" do
25
- expect(response.reason).to eq(:revoked)
26
- end
27
- end
28
-
29
- context "expired" do
30
- let(:access_token) { double(revoked?: false, expired?: true) }
31
-
32
- it "sets a description" do
33
- expect(response.description).to include("expired")
34
- end
35
-
36
- it "sets the reason" do
37
- expect(response.reason).to eq(:expired)
38
- end
39
- end
40
-
41
- context "unknown" do
42
- let(:access_token) { double(revoked?: false, expired?: false) }
43
-
44
- it "sets a description" do
45
- expect(response.description).to include("invalid")
46
- end
47
-
48
- it "sets the reason" do
49
- expect(response.reason).to eq(:unknown)
50
- end
51
- end
52
- end
53
- end
@@ -1,190 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::PasswordAccessTokenRequest do
6
- let(:server) do
7
- double(
8
- :server,
9
- default_scopes: Doorkeeper::OAuth::Scopes.new,
10
- access_token_expires_in: 2.hours,
11
- refresh_token_enabled?: false,
12
- custom_access_token_expires_in: lambda { |context|
13
- context.grant_type == Doorkeeper::OAuth::PASSWORD ? 1234 : nil
14
- },
15
- )
16
- end
17
- let(:client) { FactoryBot.create(:application) }
18
- let(:owner) { double :owner, id: 99 }
19
-
20
- before do
21
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
22
- end
23
-
24
- subject do
25
- described_class.new(server, client, owner)
26
- end
27
-
28
- it "issues a new token for the client" do
29
- expect do
30
- subject.authorize
31
- end.to change { client.reload.access_tokens.count }.by(1)
32
-
33
- expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
34
- end
35
-
36
- it "issues a new token without a client" do
37
- expect do
38
- subject.client = nil
39
- subject.authorize
40
- end.to change { Doorkeeper::AccessToken.count }.by(1)
41
- end
42
-
43
- it "does not issue a new token with an invalid client" do
44
- expect do
45
- subject.client = nil
46
- subject.parameters = { client_id: "bad_id" }
47
- subject.authorize
48
- end.not_to(change { Doorkeeper::AccessToken.count })
49
-
50
- expect(subject.error).to eq(:invalid_client)
51
- end
52
-
53
- it "requires the owner" do
54
- subject.resource_owner = nil
55
- subject.validate
56
- expect(subject.error).to eq(:invalid_grant)
57
- end
58
-
59
- it "optionally accepts the client" do
60
- subject.client = nil
61
- expect(subject).to be_valid
62
- end
63
-
64
- it "creates token even when there is already one (default)" do
65
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
66
-
67
- expect do
68
- subject.authorize
69
- end.to change { Doorkeeper::AccessToken.count }.by(1)
70
- end
71
-
72
- it "skips token creation if there is already one reusable" do
73
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
74
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
75
-
76
- expect do
77
- subject.authorize
78
- end.not_to(change { Doorkeeper::AccessToken.count })
79
- end
80
-
81
- it "creates token when there is already one but non reusable" do
82
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
83
- FactoryBot.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
84
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
85
-
86
- expect do
87
- subject.authorize
88
- end.to change { Doorkeeper::AccessToken.count }.by(1)
89
- end
90
-
91
- it "calls configured request callback methods" do
92
- expect(Doorkeeper.configuration.before_successful_strategy_response)
93
- .to receive(:call).with(subject).once
94
-
95
- expect(Doorkeeper.configuration.after_successful_strategy_response)
96
- .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
97
-
98
- subject.authorize
99
- end
100
-
101
- describe "with scopes" do
102
- subject do
103
- described_class.new(server, client, owner, scope: "public")
104
- end
105
-
106
- context "when scopes_by_grant_type is not configured for grant_type" do
107
- it "returns error when scopes are invalid" do
108
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("another"))
109
- subject.validate
110
- expect(subject.error).to eq(:invalid_scope)
111
- end
112
-
113
- it "creates the token with scopes if scopes are valid" do
114
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
115
- expect do
116
- subject.authorize
117
- end.to change { Doorkeeper::AccessToken.count }.by(1)
118
-
119
- expect(Doorkeeper::AccessToken.last.scopes).to include("public")
120
- end
121
- end
122
-
123
- context "when scopes_by_grant_type is configured for grant_type" do
124
- it "returns error when scopes are valid but not permitted for grant_type" do
125
- allow(server)
126
- .to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
127
- allow(Doorkeeper.configuration)
128
- .to receive(:scopes_by_grant_type).and_return(password: "another")
129
- subject.validate
130
- expect(subject.error).to eq(:invalid_scope)
131
- end
132
-
133
- it "creates the token with scopes if scopes are valid and permitted for grant_type" do
134
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
135
- allow(Doorkeeper.configuration)
136
- .to receive(:scopes_by_grant_type).and_return(password: [:public])
137
-
138
- expect do
139
- subject.authorize
140
- end.to change { Doorkeeper::AccessToken.count }.by(1)
141
-
142
- expect(Doorkeeper::AccessToken.last.scopes).to include("public")
143
- end
144
- end
145
- end
146
-
147
- describe "with custom expiry" do
148
- let(:server) do
149
- double(
150
- :server,
151
- default_scopes: Doorkeeper::OAuth::Scopes.new,
152
- access_token_expires_in: 2.hours,
153
- refresh_token_enabled?: false,
154
- custom_access_token_expires_in: lambda { |context|
155
- if context.scopes.exists?("public")
156
- 222
157
- elsif context.scopes.exists?("magic")
158
- Float::INFINITY
159
- end
160
- },
161
- )
162
- end
163
-
164
- before do
165
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
166
- end
167
-
168
- it "checks scopes" do
169
- subject = described_class.new(server, client, owner, scope: "public")
170
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
171
-
172
- expect do
173
- subject.authorize
174
- end.to change { Doorkeeper::AccessToken.count }.by(1)
175
-
176
- expect(Doorkeeper::AccessToken.last.expires_in).to eq(222)
177
- end
178
-
179
- it "falls back to the default otherwise" do
180
- subject = described_class.new(server, client, owner, scope: "private")
181
- allow(server).to receive(:scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("private"))
182
-
183
- expect do
184
- subject.authorize
185
- end.to change { Doorkeeper::AccessToken.count }.by(1)
186
-
187
- expect(Doorkeeper::AccessToken.last.expires_in).to eq(2.hours)
188
- end
189
- end
190
- end
@@ -1,223 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::PreAuthorization do
6
- let(:server) do
7
- server = Doorkeeper.configuration
8
- allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("default"))
9
- allow(server).to receive(:optional_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public profile"))
10
- server
11
- end
12
-
13
- let(:application) { FactoryBot.create(:application, redirect_uri: "https://app.com/callback") }
14
- let(:client) { Doorkeeper::OAuth::Client.find(application.uid) }
15
-
16
- let :attributes do
17
- {
18
- client_id: client.uid,
19
- response_type: "code",
20
- redirect_uri: "https://app.com/callback",
21
- state: "save-this",
22
- }
23
- end
24
-
25
- subject do
26
- described_class.new(server, attributes)
27
- end
28
-
29
- it "is authorizable when request is valid" do
30
- expect(subject).to be_authorizable
31
- end
32
-
33
- it "accepts code as response type" do
34
- attributes[:response_type] = "code"
35
- expect(subject).to be_authorizable
36
- end
37
-
38
- it "accepts token as response type" do
39
- allow(server).to receive(:grant_flows).and_return(["implicit"])
40
- attributes[:response_type] = "token"
41
- expect(subject).to be_authorizable
42
- end
43
-
44
- context "when using default grant flows" do
45
- it 'accepts "code" as response type' do
46
- attributes[:response_type] = "code"
47
- expect(subject).to be_authorizable
48
- end
49
-
50
- it 'accepts "token" as response type' do
51
- allow(server).to receive(:grant_flows).and_return(["implicit"])
52
- attributes[:response_type] = "token"
53
- expect(subject).to be_authorizable
54
- end
55
- end
56
-
57
- context "when authorization code grant flow is disabled" do
58
- before do
59
- allow(server).to receive(:grant_flows).and_return(["implicit"])
60
- end
61
-
62
- it 'does not accept "code" as response type' do
63
- attributes[:response_type] = "code"
64
- expect(subject).not_to be_authorizable
65
- end
66
- end
67
-
68
- context "when implicit grant flow is disabled" do
69
- before do
70
- allow(server).to receive(:grant_flows).and_return(["authorization_code"])
71
- end
72
-
73
- it 'does not accept "token" as response type' do
74
- attributes[:response_type] = "token"
75
- expect(subject).not_to be_authorizable
76
- end
77
- end
78
-
79
- context "client application does not restrict valid scopes" do
80
- it "accepts valid scopes" do
81
- attributes[:scope] = "public"
82
- expect(subject).to be_authorizable
83
- end
84
-
85
- it "rejects (globally) non-valid scopes" do
86
- attributes[:scope] = "invalid"
87
- expect(subject).not_to be_authorizable
88
- end
89
-
90
- it "accepts scopes which are permitted for grant_type" do
91
- allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:public])
92
- attributes[:scope] = "public"
93
- expect(subject).to be_authorizable
94
- end
95
-
96
- it "rejects scopes which are not permitted for grant_type" do
97
- allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:profile])
98
- attributes[:scope] = "public"
99
- expect(subject).not_to be_authorizable
100
- end
101
- end
102
-
103
- context "client application restricts valid scopes" do
104
- let(:application) do
105
- FactoryBot.create(:application, scopes: Doorkeeper::OAuth::Scopes.from_string("public nonsense"))
106
- end
107
-
108
- it "accepts valid scopes" do
109
- attributes[:scope] = "public"
110
- expect(subject).to be_authorizable
111
- end
112
-
113
- it "rejects (globally) non-valid scopes" do
114
- attributes[:scope] = "invalid"
115
- expect(subject).not_to be_authorizable
116
- end
117
-
118
- it "rejects (application level) non-valid scopes" do
119
- attributes[:scope] = "profile"
120
- expect(subject).to_not be_authorizable
121
- end
122
-
123
- it "accepts scopes which are permitted for grant_type" do
124
- allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:public])
125
- attributes[:scope] = "public"
126
- expect(subject).to be_authorizable
127
- end
128
-
129
- it "rejects scopes which are not permitted for grant_type" do
130
- allow(server).to receive(:scopes_by_grant_type).and_return(authorization_code: [:profile])
131
- attributes[:scope] = "public"
132
- expect(subject).not_to be_authorizable
133
- end
134
- end
135
-
136
- context "when scope is not provided to pre_authorization" do
137
- before { attributes[:scope] = nil }
138
-
139
- context "when default scopes is provided" do
140
- it "uses default scopes" do
141
- allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("default_scope"))
142
- expect(subject).to be_authorizable
143
- expect(subject.scope).to eq("default_scope")
144
- expect(subject.scopes).to eq(Doorkeeper::OAuth::Scopes.from_string("default_scope"))
145
- end
146
- end
147
-
148
- context "when default scopes is none" do
149
- it "not be authorizable when none default scope" do
150
- allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.new)
151
- expect(subject).not_to be_authorizable
152
- end
153
- end
154
- end
155
-
156
- it "matches the redirect uri against client's one" do
157
- attributes[:redirect_uri] = "http://nothesame.com"
158
- expect(subject).not_to be_authorizable
159
- end
160
-
161
- it "stores the state" do
162
- expect(subject.state).to eq("save-this")
163
- end
164
-
165
- it "rejects if response type is not allowed" do
166
- attributes[:response_type] = "whops"
167
- expect(subject).not_to be_authorizable
168
- end
169
-
170
- it "requires an existing client" do
171
- attributes[:client_id] = nil
172
- expect(subject).not_to be_authorizable
173
- end
174
-
175
- it "requires a redirect uri" do
176
- attributes[:redirect_uri] = nil
177
- expect(subject).not_to be_authorizable
178
- end
179
-
180
- describe "as_json" do
181
- before { subject.authorizable? }
182
-
183
- it { is_expected.to respond_to :as_json }
184
-
185
- shared_examples "returns the pre authorization" do
186
- it "returns the pre authorization" do
187
- expect(json[:client_id]).to eq client.uid
188
- expect(json[:redirect_uri]).to eq subject.redirect_uri
189
- expect(json[:state]).to eq subject.state
190
- expect(json[:response_type]).to eq subject.response_type
191
- expect(json[:scope]).to eq subject.scope
192
- expect(json[:client_name]).to eq client.name
193
- expect(json[:status]).to eq I18n.t("doorkeeper.pre_authorization.status")
194
- end
195
- end
196
-
197
- context "when attributes param is not passed" do
198
- let(:json) { subject.as_json }
199
-
200
- include_examples "returns the pre authorization"
201
- end
202
-
203
- context "when attributes param is passed" do
204
- context "when attributes is a hash" do
205
- let(:custom_attributes) { { custom_id: "1234", custom_name: "a pretty good name" } }
206
- let(:json) { subject.as_json(custom_attributes) }
207
-
208
- include_examples "returns the pre authorization"
209
-
210
- it "merges the attributes in params" do
211
- expect(json[:custom_id]).to eq custom_attributes[:custom_id]
212
- expect(json[:custom_name]).to eq custom_attributes[:custom_name]
213
- end
214
- end
215
-
216
- context "when attributes is not a hash" do
217
- let(:json) { subject.as_json(nil) }
218
-
219
- include_examples "returns the pre authorization"
220
- end
221
- end
222
- end
223
- end