doorkeeper 5.3.3 → 5.5.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +125 -7
- data/README.md +6 -4
- data/app/controllers/doorkeeper/applications_controller.rb +4 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +46 -16
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +67 -22
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +35 -14
- data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
- data/config/locales/en.yml +6 -2
- data/lib/doorkeeper.rb +111 -79
- data/lib/doorkeeper/config.rb +148 -94
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +26 -14
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grape/helpers.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +8 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +21 -18
- data/lib/doorkeeper/models/access_token_mixin.rb +110 -47
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +19 -6
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +18 -16
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +17 -14
- data/lib/doorkeeper/oauth/base_request.rb +12 -20
- data/lib/doorkeeper/oauth/client.rb +1 -1
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +27 -8
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +3 -3
- data/lib/doorkeeper/oauth/code_response.rb +22 -12
- data/lib/doorkeeper/oauth/error_response.rb +6 -7
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
- data/lib/doorkeeper/oauth/password_access_token_request.rb +24 -7
- data/lib/doorkeeper/oauth/pre_authorization.rb +63 -32
- data/lib/doorkeeper/oauth/refresh_token_request.rb +31 -22
- data/lib/doorkeeper/oauth/token.rb +5 -6
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
- data/lib/doorkeeper/oauth/token_request.rb +3 -3
- data/lib/doorkeeper/oauth/token_response.rb +1 -1
- data/lib/doorkeeper/orm/active_record.rb +14 -7
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +6 -3
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
- data/lib/doorkeeper/rails/routes.rb +14 -20
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/request.rb +49 -12
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/server.rb +4 -4
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +3 -7
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +48 -10
- data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
- metadata +30 -300
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -18
- data/gemfiles/rails_5_1.gemfile +0 -18
- data/gemfiles/rails_5_2.gemfile +0 -18
- data/gemfiles/rails_6_0.gemfile +0 -18
- data/gemfiles/rails_master.gemfile +0 -18
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -608
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -498
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -49
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -809
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
- data/spec/lib/oauth/base_request_spec.rb +0 -224
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -32
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -157
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
- data/spec/models/doorkeeper/access_token_spec.rb +0 -622
- data/spec/models/doorkeeper/application_spec.rb +0 -482
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_spec.rb +0 -525
- data/spec/requests/flows/client_credentials_spec.rb +0 -166
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
|
@@ -1,259 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
feature "Adding applications" do
|
|
6
|
-
context "in application form" do
|
|
7
|
-
background do
|
|
8
|
-
i_am_logged_in
|
|
9
|
-
visit "/oauth/applications/new"
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
scenario "adding a valid app" do
|
|
13
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
14
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
15
|
-
with: "https://example.com"
|
|
16
|
-
|
|
17
|
-
click_button "Submit"
|
|
18
|
-
i_should_see "Application created"
|
|
19
|
-
i_should_see "My Application"
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
scenario "adding invalid app" do
|
|
23
|
-
click_button "Submit"
|
|
24
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
scenario "adding app ignoring bad scope" do
|
|
28
|
-
config_is_set("enforce_configured_scopes", false)
|
|
29
|
-
|
|
30
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
31
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
32
|
-
with: "https://example.com"
|
|
33
|
-
fill_in "doorkeeper_application[scopes]", with: "blahblah"
|
|
34
|
-
|
|
35
|
-
click_button "Submit"
|
|
36
|
-
i_should_see "Application created"
|
|
37
|
-
i_should_see "My Application"
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
scenario "adding app validating bad scope" do
|
|
41
|
-
config_is_set("enforce_configured_scopes", true)
|
|
42
|
-
|
|
43
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
44
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
45
|
-
with: "https://example.com"
|
|
46
|
-
fill_in "doorkeeper_application[scopes]", with: "blahblah"
|
|
47
|
-
|
|
48
|
-
click_button "Submit"
|
|
49
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
scenario "adding app validating scope, blank scope is accepted" do
|
|
53
|
-
config_is_set("enforce_configured_scopes", true)
|
|
54
|
-
|
|
55
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
56
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
57
|
-
with: "https://example.com"
|
|
58
|
-
fill_in "doorkeeper_application[scopes]", with: ""
|
|
59
|
-
|
|
60
|
-
click_button "Submit"
|
|
61
|
-
i_should_see "Application created"
|
|
62
|
-
i_should_see "My Application"
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
scenario "adding app validating scope, multiple scopes configured" do
|
|
66
|
-
config_is_set("enforce_configured_scopes", true)
|
|
67
|
-
scopes = Doorkeeper::OAuth::Scopes.from_array(%w[read write admin])
|
|
68
|
-
config_is_set("optional_scopes", scopes)
|
|
69
|
-
|
|
70
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
71
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
72
|
-
with: "https://example.com"
|
|
73
|
-
fill_in "doorkeeper_application[scopes]", with: "read write"
|
|
74
|
-
|
|
75
|
-
click_button "Submit"
|
|
76
|
-
i_should_see "Application created"
|
|
77
|
-
i_should_see "My Application"
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
scenario "adding app validating scope, bad scope with multiple scopes configured" do
|
|
81
|
-
config_is_set("enforce_configured_scopes", true)
|
|
82
|
-
scopes = Doorkeeper::OAuth::Scopes.from_array(%w[read write admin])
|
|
83
|
-
config_is_set("optional_scopes", scopes)
|
|
84
|
-
|
|
85
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
86
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
87
|
-
with: "https://example.com"
|
|
88
|
-
fill_in "doorkeeper_application[scopes]", with: "read blah"
|
|
89
|
-
|
|
90
|
-
click_button "Submit"
|
|
91
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
92
|
-
i_should_see Regexp.new(
|
|
93
|
-
I18n.t("activerecord.errors.models.doorkeeper/application.attributes.scopes.not_match_configured"),
|
|
94
|
-
true,
|
|
95
|
-
)
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
context "redirect URI" do
|
|
99
|
-
scenario "adding app with blank redirect URI when configured flows requires redirect uri" do
|
|
100
|
-
config_is_set("grant_flows", %w[authorization_code implicit client_credentials])
|
|
101
|
-
|
|
102
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
103
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
104
|
-
with: ""
|
|
105
|
-
|
|
106
|
-
click_button "Submit"
|
|
107
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
108
|
-
end
|
|
109
|
-
|
|
110
|
-
scenario "adding app with blank redirect URI when configured flows without redirect uri" do
|
|
111
|
-
config_is_set("grant_flows", %w[client_credentials password])
|
|
112
|
-
|
|
113
|
-
# Visit it once again to consider grant flows
|
|
114
|
-
visit "/oauth/applications/new"
|
|
115
|
-
|
|
116
|
-
i_should_see I18n.t("doorkeeper.applications.help.blank_redirect_uri")
|
|
117
|
-
|
|
118
|
-
fill_in "doorkeeper_application[name]", with: "My Application"
|
|
119
|
-
fill_in "doorkeeper_application[redirect_uri]",
|
|
120
|
-
with: ""
|
|
121
|
-
|
|
122
|
-
click_button "Submit"
|
|
123
|
-
i_should_see "Application created"
|
|
124
|
-
i_should_see "My Application"
|
|
125
|
-
end
|
|
126
|
-
end
|
|
127
|
-
end
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
feature "Listing applications" do
|
|
131
|
-
background do
|
|
132
|
-
i_am_logged_in
|
|
133
|
-
|
|
134
|
-
FactoryBot.create :application, name: "Oauth Dude"
|
|
135
|
-
FactoryBot.create :application, name: "Awesome App"
|
|
136
|
-
end
|
|
137
|
-
|
|
138
|
-
scenario "application list" do
|
|
139
|
-
visit "/oauth/applications"
|
|
140
|
-
|
|
141
|
-
i_should_see "Awesome App"
|
|
142
|
-
i_should_see "Oauth Dude"
|
|
143
|
-
end
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
feature "Renders assets" do
|
|
147
|
-
scenario "admin stylesheets" do
|
|
148
|
-
visit "/assets/doorkeeper/admin/application.css"
|
|
149
|
-
|
|
150
|
-
i_should_see "Bootstrap"
|
|
151
|
-
i_should_see ".doorkeeper-admin"
|
|
152
|
-
end
|
|
153
|
-
|
|
154
|
-
scenario "application stylesheets" do
|
|
155
|
-
visit "/assets/doorkeeper/application.css"
|
|
156
|
-
|
|
157
|
-
i_should_see "Bootstrap"
|
|
158
|
-
i_should_see "#oauth-permissions"
|
|
159
|
-
i_should_see "#container"
|
|
160
|
-
end
|
|
161
|
-
end
|
|
162
|
-
|
|
163
|
-
feature "Show application" do
|
|
164
|
-
given :app do
|
|
165
|
-
i_am_logged_in
|
|
166
|
-
|
|
167
|
-
FactoryBot.create :application, name: "Just another oauth app"
|
|
168
|
-
end
|
|
169
|
-
|
|
170
|
-
scenario "visiting application page" do
|
|
171
|
-
visit "/oauth/applications/#{app.id}"
|
|
172
|
-
|
|
173
|
-
i_should_see "Just another oauth app"
|
|
174
|
-
end
|
|
175
|
-
end
|
|
176
|
-
|
|
177
|
-
feature "Edit application" do
|
|
178
|
-
let :app do
|
|
179
|
-
FactoryBot.create :application, name: "OMG my app"
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
background do
|
|
183
|
-
i_am_logged_in
|
|
184
|
-
|
|
185
|
-
visit "/oauth/applications/#{app.id}/edit"
|
|
186
|
-
end
|
|
187
|
-
|
|
188
|
-
scenario "updating a valid app" do
|
|
189
|
-
fill_in "doorkeeper_application[name]", with: "Serious app"
|
|
190
|
-
click_button "Submit"
|
|
191
|
-
|
|
192
|
-
i_should_see "Application updated"
|
|
193
|
-
i_should_see "Serious app"
|
|
194
|
-
i_should_not_see "OMG my app"
|
|
195
|
-
end
|
|
196
|
-
|
|
197
|
-
scenario "updating an invalid app" do
|
|
198
|
-
fill_in "doorkeeper_application[name]", with: ""
|
|
199
|
-
click_button "Submit"
|
|
200
|
-
|
|
201
|
-
i_should_see "Whoops! Check your form for possible errors"
|
|
202
|
-
end
|
|
203
|
-
end
|
|
204
|
-
|
|
205
|
-
feature "Remove application" do
|
|
206
|
-
background do
|
|
207
|
-
i_am_logged_in
|
|
208
|
-
|
|
209
|
-
@app = FactoryBot.create :application
|
|
210
|
-
end
|
|
211
|
-
|
|
212
|
-
scenario "deleting an application from list" do
|
|
213
|
-
visit "/oauth/applications"
|
|
214
|
-
|
|
215
|
-
i_should_see @app.name
|
|
216
|
-
|
|
217
|
-
within(:css, "tr#application_#{@app.id}") do
|
|
218
|
-
click_button "Destroy"
|
|
219
|
-
end
|
|
220
|
-
|
|
221
|
-
i_should_see "Application deleted"
|
|
222
|
-
i_should_not_see @app.name
|
|
223
|
-
end
|
|
224
|
-
|
|
225
|
-
scenario "deleting an application from show" do
|
|
226
|
-
visit "/oauth/applications/#{@app.id}"
|
|
227
|
-
click_button "Destroy"
|
|
228
|
-
|
|
229
|
-
i_should_see "Application deleted"
|
|
230
|
-
end
|
|
231
|
-
end
|
|
232
|
-
|
|
233
|
-
context "when admin authenticator block is default" do
|
|
234
|
-
let(:app) { FactoryBot.create :application, name: "app" }
|
|
235
|
-
|
|
236
|
-
feature "application list" do
|
|
237
|
-
scenario "fails with forbidden" do
|
|
238
|
-
visit "/oauth/applications"
|
|
239
|
-
|
|
240
|
-
should_have_status 403
|
|
241
|
-
end
|
|
242
|
-
end
|
|
243
|
-
|
|
244
|
-
feature "adding an app" do
|
|
245
|
-
scenario "fails with forbidden" do
|
|
246
|
-
visit "/oauth/applications/new"
|
|
247
|
-
|
|
248
|
-
should_have_status 403
|
|
249
|
-
end
|
|
250
|
-
end
|
|
251
|
-
|
|
252
|
-
feature "editing an app" do
|
|
253
|
-
scenario "fails with forbidden" do
|
|
254
|
-
visit "/oauth/applications/#{app.id}/edit"
|
|
255
|
-
|
|
256
|
-
should_have_status 403
|
|
257
|
-
end
|
|
258
|
-
end
|
|
259
|
-
end
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
feature "Authorized applications" do
|
|
6
|
-
background do
|
|
7
|
-
@user = User.create!(name: "Joe", password: "sekret")
|
|
8
|
-
@client = client_exists(name: "Amazing Client App")
|
|
9
|
-
resource_owner_is_authenticated @user
|
|
10
|
-
client_is_authorized @client, @user
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
scenario "display user's authorized applications" do
|
|
14
|
-
visit "/oauth/authorized_applications"
|
|
15
|
-
i_should_see "Amazing Client App"
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
scenario "do not display other user's authorized applications" do
|
|
19
|
-
client = client_exists(name: "Another Client App")
|
|
20
|
-
client_is_authorized client, User.create!(name: "Joe", password: "sekret")
|
|
21
|
-
visit "/oauth/authorized_applications"
|
|
22
|
-
i_should_not_see "Another Client App"
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
scenario "user revoke access to application" do
|
|
26
|
-
visit "/oauth/authorized_applications"
|
|
27
|
-
i_should_see "Amazing Client App"
|
|
28
|
-
click_on "Revoke"
|
|
29
|
-
i_should_see "Application revoked"
|
|
30
|
-
i_should_not_see "Amazing Client App"
|
|
31
|
-
end
|
|
32
|
-
end
|
|
@@ -1,91 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
feature "Authorization endpoint" do
|
|
6
|
-
background do
|
|
7
|
-
default_scopes_exist :default
|
|
8
|
-
config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
|
|
9
|
-
client_exists(name: "MyApp")
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
scenario "requires resource owner to be authenticated" do
|
|
13
|
-
visit authorization_endpoint_url(client: @client)
|
|
14
|
-
i_should_see "Sign in"
|
|
15
|
-
i_should_be_on "/"
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
context "with authenticated resource owner" do
|
|
19
|
-
background do
|
|
20
|
-
create_resource_owner
|
|
21
|
-
sign_in
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
scenario "displays the authorization form" do
|
|
25
|
-
visit authorization_endpoint_url(client: @client)
|
|
26
|
-
i_should_see "Authorize MyApp to use your account?"
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
scenario "displays all requested scopes" do
|
|
30
|
-
default_scopes_exist :public
|
|
31
|
-
optional_scopes_exist :write
|
|
32
|
-
visit authorization_endpoint_url(client: @client, scope: "public write")
|
|
33
|
-
i_should_see "Access your public data"
|
|
34
|
-
i_should_see "Update your data"
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
context "with a invalid request's param" do
|
|
39
|
-
background do
|
|
40
|
-
create_resource_owner
|
|
41
|
-
sign_in
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
context "when missing required param" do
|
|
45
|
-
scenario "displays invalid_request error when missing client" do
|
|
46
|
-
visit authorization_endpoint_url(client: nil, response_type: "code")
|
|
47
|
-
i_should_not_see "Authorize"
|
|
48
|
-
i_should_see_translated_invalid_request_error_message :missing_param, :client_id
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
scenario "displays invalid_request error when missing response_type param" do
|
|
52
|
-
visit authorization_endpoint_url(client: @client, response_type: "")
|
|
53
|
-
i_should_not_see "Authorize"
|
|
54
|
-
i_should_see_translated_invalid_request_error_message :missing_param, :response_type
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
scenario "displays invalid_request error when missing scope param and authorization server has no default scopes" do
|
|
58
|
-
config_is_set(:default_scopes, [])
|
|
59
|
-
visit authorization_endpoint_url(client: @client, response_type: "code", scope: "")
|
|
60
|
-
i_should_not_see "Authorize"
|
|
61
|
-
i_should_see_translated_invalid_request_error_message :missing_param, :scope
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
scenario "displays unsupported_response_type error when using a disabled response type" do
|
|
66
|
-
config_is_set(:grant_flows, ["implicit"])
|
|
67
|
-
visit authorization_endpoint_url(client: @client, response_type: "code")
|
|
68
|
-
i_should_not_see "Authorize"
|
|
69
|
-
i_should_see_translated_error_message :unsupported_response_type
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
context "forgery protection enabled" do
|
|
74
|
-
background do
|
|
75
|
-
create_resource_owner
|
|
76
|
-
sign_in
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
scenario "raises exception on forged requests" do
|
|
80
|
-
allowing_forgery_protection do
|
|
81
|
-
expect do
|
|
82
|
-
page.driver.post authorization_endpoint_url(
|
|
83
|
-
client_id: @client.uid,
|
|
84
|
-
redirect_uri: @client.redirect_uri,
|
|
85
|
-
response_type: "code",
|
|
86
|
-
)
|
|
87
|
-
end.to raise_error(ActionController::InvalidAuthenticityToken)
|
|
88
|
-
end
|
|
89
|
-
end
|
|
90
|
-
end
|
|
91
|
-
end
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
describe "Token endpoint" do
|
|
6
|
-
before do
|
|
7
|
-
client_exists
|
|
8
|
-
authorization_code_exists application: @client, scopes: "public"
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
it "respond with correct headers" do
|
|
12
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
13
|
-
should_have_header "Pragma", "no-cache"
|
|
14
|
-
|
|
15
|
-
# Rails 5.2 changed headers
|
|
16
|
-
if ::Rails::VERSION::MAJOR >= 5 && ::Rails::VERSION::MINOR >= 2 || ::Rails::VERSION::MAJOR >= 6
|
|
17
|
-
should_have_header "Cache-Control", "private, no-store"
|
|
18
|
-
else
|
|
19
|
-
should_have_header "Cache-Control", "no-store"
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
should_have_header "Content-Type", "application/json; charset=utf-8"
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "accepts client credentials with basic auth header" do
|
|
26
|
-
post token_endpoint_url,
|
|
27
|
-
params: {
|
|
28
|
-
code: @authorization.token,
|
|
29
|
-
redirect_uri: @client.redirect_uri,
|
|
30
|
-
},
|
|
31
|
-
headers: { "HTTP_AUTHORIZATION" => basic_auth_header_for_client(@client) }
|
|
32
|
-
|
|
33
|
-
should_have_json "access_token", Doorkeeper::AccessToken.first.token
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
it "returns null for expires_in when a permanent token is set" do
|
|
37
|
-
config_is_set(:access_token_expires_in, nil)
|
|
38
|
-
post token_endpoint_url(code: @authorization.token, client: @client)
|
|
39
|
-
should_have_json "access_token", Doorkeeper::AccessToken.first.token
|
|
40
|
-
should_not_have_json "expires_in"
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
it "returns unsupported_grant_type for invalid grant_type param" do
|
|
44
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "nothing")
|
|
45
|
-
|
|
46
|
-
should_not_have_json "access_token"
|
|
47
|
-
should_have_json "error", "unsupported_grant_type"
|
|
48
|
-
should_have_json "error_description", translated_error_message("unsupported_grant_type")
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
it "returns unsupported_grant_type for disabled grant flows" do
|
|
52
|
-
config_is_set(:grant_flows, ["implicit"])
|
|
53
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "authorization_code")
|
|
54
|
-
|
|
55
|
-
should_not_have_json "access_token"
|
|
56
|
-
should_have_json "error", "unsupported_grant_type"
|
|
57
|
-
should_have_json "error_description", translated_error_message("unsupported_grant_type")
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
it "returns unsupported_grant_type when refresh_token is not in use" do
|
|
61
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "refresh_token")
|
|
62
|
-
|
|
63
|
-
should_not_have_json "access_token"
|
|
64
|
-
should_have_json "error", "unsupported_grant_type"
|
|
65
|
-
should_have_json "error_description", translated_error_message("unsupported_grant_type")
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
it "returns invalid_request if grant_type is missing" do
|
|
69
|
-
post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "")
|
|
70
|
-
|
|
71
|
-
should_not_have_json "access_token"
|
|
72
|
-
should_have_json "error", "invalid_request"
|
|
73
|
-
should_have_json "error_description", translated_invalid_request_error_message(:missing_param, :grant_type)
|
|
74
|
-
end
|
|
75
|
-
end
|