doorkeeper 5.3.3 → 5.5.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +125 -7
- data/README.md +6 -4
- data/app/controllers/doorkeeper/applications_controller.rb +4 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +46 -16
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +67 -22
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +35 -14
- data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
- data/config/locales/en.yml +6 -2
- data/lib/doorkeeper.rb +111 -79
- data/lib/doorkeeper/config.rb +148 -94
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +26 -14
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grape/helpers.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +8 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +21 -18
- data/lib/doorkeeper/models/access_token_mixin.rb +110 -47
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +19 -6
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +18 -16
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +17 -14
- data/lib/doorkeeper/oauth/base_request.rb +12 -20
- data/lib/doorkeeper/oauth/client.rb +1 -1
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +27 -8
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +3 -3
- data/lib/doorkeeper/oauth/code_response.rb +22 -12
- data/lib/doorkeeper/oauth/error_response.rb +6 -7
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
- data/lib/doorkeeper/oauth/password_access_token_request.rb +24 -7
- data/lib/doorkeeper/oauth/pre_authorization.rb +63 -32
- data/lib/doorkeeper/oauth/refresh_token_request.rb +31 -22
- data/lib/doorkeeper/oauth/token.rb +5 -6
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
- data/lib/doorkeeper/oauth/token_request.rb +3 -3
- data/lib/doorkeeper/oauth/token_response.rb +1 -1
- data/lib/doorkeeper/orm/active_record.rb +14 -7
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +6 -3
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
- data/lib/doorkeeper/rails/routes.rb +14 -20
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/request.rb +49 -12
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/server.rb +4 -4
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +3 -7
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +48 -10
- data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
- metadata +30 -300
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -18
- data/gemfiles/rails_5_1.gemfile +0 -18
- data/gemfiles/rails_5_2.gemfile +0 -18
- data/gemfiles/rails_6_0.gemfile +0 -18
- data/gemfiles/rails_master.gemfile +0 -18
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -608
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -498
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -49
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -809
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
- data/spec/lib/oauth/base_request_spec.rb +0 -224
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -32
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -157
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
- data/spec/models/doorkeeper/access_token_spec.rb +0 -622
- data/spec/models/doorkeeper/application_spec.rb +0 -482
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_spec.rb +0 -525
- data/spec/requests/flows/client_credentials_spec.rb +0 -166
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
@@ -1,11 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module ConfigHelper
|
4
|
-
def config_is_set(setting, value = nil, &block)
|
5
|
-
setting_ivar = "@#{setting}"
|
6
|
-
value = block_given? ? block : value
|
7
|
-
Doorkeeper.configuration.instance_variable_set(setting_ivar, value)
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
RSpec.configuration.send :include, ConfigHelper
|
@@ -1,78 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module ModelHelper
|
4
|
-
def client_exists(client_attributes = {})
|
5
|
-
@client = FactoryBot.create(:application, client_attributes)
|
6
|
-
end
|
7
|
-
|
8
|
-
def create_resource_owner
|
9
|
-
@resource_owner = User.create!(name: "Joe", password: "sekret")
|
10
|
-
end
|
11
|
-
|
12
|
-
def authorization_code_exists(options = {})
|
13
|
-
@authorization = FactoryBot.create(:access_grant, options)
|
14
|
-
end
|
15
|
-
|
16
|
-
def access_token_exists(options = {})
|
17
|
-
@access_token = FactoryBot.create(:access_token, options)
|
18
|
-
end
|
19
|
-
|
20
|
-
def access_grant_should_exist_for(client, resource_owner)
|
21
|
-
grant = Doorkeeper::AccessGrant.first
|
22
|
-
|
23
|
-
expect(grant.application).to have_attributes(id: client.id)
|
24
|
-
.and(be_instance_of(Doorkeeper::Application))
|
25
|
-
|
26
|
-
expect(grant.resource_owner_id).to eq(resource_owner.id)
|
27
|
-
end
|
28
|
-
|
29
|
-
def access_token_should_exist_for(client, resource_owner)
|
30
|
-
token = Doorkeeper::AccessToken.first
|
31
|
-
|
32
|
-
expect(token.application).to have_attributes(id: client.id)
|
33
|
-
.and(be_instance_of(Doorkeeper::Application))
|
34
|
-
|
35
|
-
expect(token.resource_owner_id).to eq(resource_owner.id)
|
36
|
-
end
|
37
|
-
|
38
|
-
def access_grant_should_not_exist
|
39
|
-
expect(Doorkeeper::AccessGrant.all).to be_empty
|
40
|
-
end
|
41
|
-
|
42
|
-
def access_token_should_not_exist
|
43
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
44
|
-
end
|
45
|
-
|
46
|
-
def access_grant_should_have_scopes(*args)
|
47
|
-
grant = Doorkeeper::AccessGrant.first
|
48
|
-
expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
|
49
|
-
end
|
50
|
-
|
51
|
-
def access_token_should_have_scopes(*args)
|
52
|
-
grant = Doorkeeper::AccessToken.last
|
53
|
-
expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
|
54
|
-
end
|
55
|
-
|
56
|
-
def uniqueness_error
|
57
|
-
case DOORKEEPER_ORM
|
58
|
-
when :active_record
|
59
|
-
ActiveRecord::RecordNotUnique
|
60
|
-
when :sequel
|
61
|
-
error_classes = [Sequel::UniqueConstraintViolation, Sequel::ValidationFailed]
|
62
|
-
proc { |error| expect(error.class).to be_in(error_classes) }
|
63
|
-
when :mongo_mapper
|
64
|
-
error_classes = [MongoMapper::DocumentNotValid, Mongo::OperationFailure]
|
65
|
-
proc { |error| expect(error.class).to be_in(error_classes) }
|
66
|
-
when /mongoid/
|
67
|
-
error_classes = [Mongoid::Errors::Validations]
|
68
|
-
error_classes << Moped::Errors::OperationFailure if defined?(::Moped) # Mongoid 4
|
69
|
-
error_classes << Mongo::Error::OperationFailure if defined?(::Mongo) # Mongoid 5
|
70
|
-
|
71
|
-
proc { |error| expect(error.class).to be_in(error_classes) }
|
72
|
-
else
|
73
|
-
raise "'#{DOORKEEPER_ORM}' ORM is not supported!"
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
RSpec.configuration.send :include, ModelHelper
|
@@ -1,110 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module RequestSpecHelper
|
4
|
-
def i_am_logged_in
|
5
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) {})
|
6
|
-
end
|
7
|
-
|
8
|
-
def i_should_see(content)
|
9
|
-
expect(page).to have_content(content)
|
10
|
-
end
|
11
|
-
|
12
|
-
def i_should_not_see(content)
|
13
|
-
expect(page).to have_no_content(content)
|
14
|
-
end
|
15
|
-
|
16
|
-
def i_should_be_on(path)
|
17
|
-
expect(current_path).to eq(path)
|
18
|
-
end
|
19
|
-
|
20
|
-
def url_should_have_param(param, value)
|
21
|
-
expect(current_params[param]).to eq(value)
|
22
|
-
end
|
23
|
-
|
24
|
-
def url_should_not_have_param(param)
|
25
|
-
expect(current_params).not_to have_key(param)
|
26
|
-
end
|
27
|
-
|
28
|
-
def current_params
|
29
|
-
Rack::Utils.parse_query(current_uri.query)
|
30
|
-
end
|
31
|
-
|
32
|
-
def current_uri
|
33
|
-
URI.parse(page.current_url)
|
34
|
-
end
|
35
|
-
|
36
|
-
def request_response
|
37
|
-
respond_to?(:response) ? response : page.driver.response
|
38
|
-
end
|
39
|
-
|
40
|
-
def json_response
|
41
|
-
JSON.parse(request_response.body)
|
42
|
-
end
|
43
|
-
|
44
|
-
def should_have_header(header, value)
|
45
|
-
expect(headers[header]).to eq(value)
|
46
|
-
end
|
47
|
-
|
48
|
-
def should_have_status(status)
|
49
|
-
expect(page.driver.response.status).to eq(status)
|
50
|
-
end
|
51
|
-
|
52
|
-
def with_access_token_header(token)
|
53
|
-
with_header "Authorization", "Bearer #{token}"
|
54
|
-
end
|
55
|
-
|
56
|
-
def with_header(header, value)
|
57
|
-
page.driver.header(header, value)
|
58
|
-
end
|
59
|
-
|
60
|
-
def basic_auth_header_for_client(client)
|
61
|
-
ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
|
62
|
-
end
|
63
|
-
|
64
|
-
def should_have_json(key, value)
|
65
|
-
expect(json_response.fetch(key)).to eq(value)
|
66
|
-
end
|
67
|
-
|
68
|
-
def should_have_json_within(key, value, range)
|
69
|
-
expect(json_response.fetch(key)).to be_within(range).of(value)
|
70
|
-
end
|
71
|
-
|
72
|
-
def should_not_have_json(key)
|
73
|
-
expect(json_response).not_to have_key(key)
|
74
|
-
end
|
75
|
-
|
76
|
-
def sign_in
|
77
|
-
visit "/"
|
78
|
-
click_on "Sign in"
|
79
|
-
end
|
80
|
-
|
81
|
-
def create_access_token(authorization_code, client, code_verifier = nil)
|
82
|
-
page.driver.post token_endpoint_url(code: authorization_code, client: client, code_verifier: code_verifier)
|
83
|
-
end
|
84
|
-
|
85
|
-
def i_should_see_translated_error_message(key)
|
86
|
-
i_should_see translated_error_message(key)
|
87
|
-
end
|
88
|
-
|
89
|
-
def i_should_not_see_translated_error_message(key)
|
90
|
-
i_should_not_see translated_error_message(key)
|
91
|
-
end
|
92
|
-
|
93
|
-
def translated_error_message(key)
|
94
|
-
I18n.translate(key, scope: %i[doorkeeper errors messages])
|
95
|
-
end
|
96
|
-
|
97
|
-
def i_should_see_translated_invalid_request_error_message(key, value)
|
98
|
-
i_should_see translated_invalid_request_error_message(key, value)
|
99
|
-
end
|
100
|
-
|
101
|
-
def translated_invalid_request_error_message(key, value)
|
102
|
-
I18n.translate key, scope: %i[doorkeeper errors messages invalid_request], value: value
|
103
|
-
end
|
104
|
-
|
105
|
-
def response_status_should_be(status)
|
106
|
-
expect(request_response.status.to_i).to eq(status)
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
|
-
RSpec.configuration.send :include, RequestSpecHelper
|
@@ -1,62 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module UrlHelper
|
4
|
-
def token_endpoint_url(options = {})
|
5
|
-
parameters = {
|
6
|
-
code: options[:code],
|
7
|
-
client_id: options[:client_id] || options[:client].try(:uid),
|
8
|
-
client_secret: options[:client_secret] || options[:client].try(:secret),
|
9
|
-
redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
|
10
|
-
grant_type: options[:grant_type] || "authorization_code",
|
11
|
-
code_verifier: options[:code_verifier],
|
12
|
-
code_challenge_method: options[:code_challenge_method],
|
13
|
-
}.reject { |_, v| v.blank? }
|
14
|
-
"/oauth/token?#{build_query(parameters)}"
|
15
|
-
end
|
16
|
-
|
17
|
-
def password_token_endpoint_url(options = {})
|
18
|
-
parameters = {
|
19
|
-
code: options[:code],
|
20
|
-
client_id: options[:client_id] || options[:client].try(:uid),
|
21
|
-
client_secret: options[:client_secret] || options[:client].try(:secret),
|
22
|
-
username: options[:resource_owner_username] || options[:resource_owner].try(:name),
|
23
|
-
password: options[:resource_owner_password] || options[:resource_owner].try(:password),
|
24
|
-
scope: options[:scope],
|
25
|
-
grant_type: "password",
|
26
|
-
}
|
27
|
-
"/oauth/token?#{build_query(parameters)}"
|
28
|
-
end
|
29
|
-
|
30
|
-
def authorization_endpoint_url(options = {})
|
31
|
-
parameters = {
|
32
|
-
client_id: options[:client_id] || options[:client].try(:uid),
|
33
|
-
redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
|
34
|
-
response_type: options[:response_type] || "code",
|
35
|
-
scope: options[:scope],
|
36
|
-
state: options[:state],
|
37
|
-
code_challenge: options[:code_challenge],
|
38
|
-
code_challenge_method: options[:code_challenge_method],
|
39
|
-
}.reject { |_, v| v.blank? }
|
40
|
-
"/oauth/authorize?#{build_query(parameters)}"
|
41
|
-
end
|
42
|
-
|
43
|
-
def refresh_token_endpoint_url(options = {})
|
44
|
-
parameters = {
|
45
|
-
refresh_token: options[:refresh_token],
|
46
|
-
client_id: options[:client_id] || options[:client].try(:uid),
|
47
|
-
client_secret: options[:client_secret] || options[:client].try(:secret),
|
48
|
-
grant_type: options[:grant_type] || "refresh_token",
|
49
|
-
}
|
50
|
-
"/oauth/token?#{build_query(parameters)}"
|
51
|
-
end
|
52
|
-
|
53
|
-
def revocation_token_endpoint_url
|
54
|
-
"/oauth/revoke"
|
55
|
-
end
|
56
|
-
|
57
|
-
def build_query(hash)
|
58
|
-
Rack::Utils.build_query(hash)
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
RSpec.configuration.send :include, UrlHelper
|
@@ -1,133 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
shared_context "valid token", token: :valid do
|
4
|
-
let(:token_string) { "1A2B3C4D" }
|
5
|
-
|
6
|
-
let :token do
|
7
|
-
double(
|
8
|
-
Doorkeeper::AccessToken,
|
9
|
-
accessible?: true, includes_scope?: true, acceptable?: true,
|
10
|
-
previous_refresh_token: "", revoke_previous_refresh_token!: true,
|
11
|
-
)
|
12
|
-
end
|
13
|
-
|
14
|
-
before :each do
|
15
|
-
allow(
|
16
|
-
Doorkeeper::AccessToken,
|
17
|
-
).to receive(:by_token).with(token_string).and_return(token)
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
shared_context "invalid token", token: :invalid do
|
22
|
-
let(:token_string) { "1A2B3C4D" }
|
23
|
-
|
24
|
-
let :token do
|
25
|
-
double(
|
26
|
-
Doorkeeper::AccessToken,
|
27
|
-
accessible?: false, revoked?: false, expired?: false,
|
28
|
-
includes_scope?: false, acceptable?: false,
|
29
|
-
previous_refresh_token: "", revoke_previous_refresh_token!: true,
|
30
|
-
)
|
31
|
-
end
|
32
|
-
|
33
|
-
before :each do
|
34
|
-
allow(
|
35
|
-
Doorkeeper::AccessToken,
|
36
|
-
).to receive(:by_token).with(token_string).and_return(token)
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
shared_context "authenticated resource owner" do
|
41
|
-
before do
|
42
|
-
user = double(:resource, id: 1)
|
43
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { user } }
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
shared_context "not authenticated resource owner" do
|
48
|
-
before do
|
49
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner) { proc { redirect_to "/" } }
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
shared_context "valid authorization request" do
|
54
|
-
let :authorization do
|
55
|
-
double(:authorization, valid?: true, authorize: true, success_redirect_uri: "http://something.com/cb?code=token")
|
56
|
-
end
|
57
|
-
|
58
|
-
before do
|
59
|
-
allow(controller).to receive(:authorization) { authorization }
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
shared_context "invalid authorization request" do
|
64
|
-
let :authorization do
|
65
|
-
double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
|
66
|
-
end
|
67
|
-
|
68
|
-
before do
|
69
|
-
allow(controller).to receive(:authorization) { authorization }
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
shared_context "expired token", token: :expired do
|
74
|
-
let :token_string do
|
75
|
-
"1A2B3C4DEXP"
|
76
|
-
end
|
77
|
-
|
78
|
-
let :token do
|
79
|
-
double(
|
80
|
-
Doorkeeper::AccessToken,
|
81
|
-
accessible?: false, revoked?: false, expired?: true,
|
82
|
-
includes_scope?: false, acceptable?: false,
|
83
|
-
previous_refresh_token: "", revoke_previous_refresh_token!: true,
|
84
|
-
)
|
85
|
-
end
|
86
|
-
|
87
|
-
before :each do
|
88
|
-
allow(
|
89
|
-
Doorkeeper::AccessToken,
|
90
|
-
).to receive(:by_token).with(token_string).and_return(token)
|
91
|
-
end
|
92
|
-
end
|
93
|
-
|
94
|
-
shared_context "revoked token", token: :revoked do
|
95
|
-
let :token_string do
|
96
|
-
"1A2B3C4DREV"
|
97
|
-
end
|
98
|
-
|
99
|
-
let :token do
|
100
|
-
double(
|
101
|
-
Doorkeeper::AccessToken,
|
102
|
-
accessible?: false, revoked?: true, expired?: false,
|
103
|
-
includes_scope?: false, acceptable?: false,
|
104
|
-
previous_refresh_token: "", revoke_previous_refresh_token!: true,
|
105
|
-
)
|
106
|
-
end
|
107
|
-
|
108
|
-
before :each do
|
109
|
-
allow(
|
110
|
-
Doorkeeper::AccessToken,
|
111
|
-
).to receive(:by_token).with(token_string).and_return(token)
|
112
|
-
end
|
113
|
-
end
|
114
|
-
|
115
|
-
shared_context "forbidden token", token: :forbidden do
|
116
|
-
let :token_string do
|
117
|
-
"1A2B3C4DFORB"
|
118
|
-
end
|
119
|
-
|
120
|
-
let :token do
|
121
|
-
double(
|
122
|
-
Doorkeeper::AccessToken,
|
123
|
-
accessible?: true, includes_scope?: true, acceptable?: false,
|
124
|
-
previous_refresh_token: "", revoke_previous_refresh_token!: true,
|
125
|
-
)
|
126
|
-
end
|
127
|
-
|
128
|
-
before :each do
|
129
|
-
allow(
|
130
|
-
Doorkeeper::AccessToken,
|
131
|
-
).to receive(:by_token).with(token_string).and_return(token)
|
132
|
-
end
|
133
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
shared_context "with token hashing enabled" do
|
4
|
-
let(:hashed_or_plain_token_func) do
|
5
|
-
Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
|
6
|
-
end
|
7
|
-
|
8
|
-
before do
|
9
|
-
Doorkeeper.configure do
|
10
|
-
hash_token_secrets
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
shared_context "with token hashing and fallback lookup enabled" do
|
16
|
-
let(:hashed_or_plain_token_func) do
|
17
|
-
Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
|
18
|
-
end
|
19
|
-
|
20
|
-
before do
|
21
|
-
Doorkeeper.configure do
|
22
|
-
hash_token_secrets fallback: :plain
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
shared_context "with application hashing enabled" do
|
28
|
-
let(:hashed_or_plain_token_func) do
|
29
|
-
Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
|
30
|
-
end
|
31
|
-
before do
|
32
|
-
Doorkeeper.configure do
|
33
|
-
hash_application_secrets
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,54 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
shared_examples "an accessible token" do
|
4
|
-
describe :accessible? do
|
5
|
-
it "is accessible if token is not expired" do
|
6
|
-
allow(subject).to receive(:expired?).and_return(false)
|
7
|
-
should be_accessible
|
8
|
-
end
|
9
|
-
|
10
|
-
it "is not accessible if token is expired" do
|
11
|
-
allow(subject).to receive(:expired?).and_return(true)
|
12
|
-
should_not be_accessible
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
shared_examples "a revocable token" do
|
18
|
-
describe :accessible? do
|
19
|
-
before { subject.save! }
|
20
|
-
|
21
|
-
it "is accessible if token is not revoked" do
|
22
|
-
expect(subject).to be_accessible
|
23
|
-
end
|
24
|
-
|
25
|
-
it "is not accessible if token is revoked" do
|
26
|
-
subject.revoke
|
27
|
-
expect(subject).not_to be_accessible
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
shared_examples "a unique token" do
|
33
|
-
describe :token do
|
34
|
-
it "is generated before validation" do
|
35
|
-
expect { subject.valid? }.to change { subject.token }.from(nil)
|
36
|
-
end
|
37
|
-
|
38
|
-
it "is not valid if token exists" do
|
39
|
-
token1 = FactoryBot.create factory_name
|
40
|
-
token2 = FactoryBot.create factory_name
|
41
|
-
token2.token = token1.token
|
42
|
-
expect(token2).not_to be_valid
|
43
|
-
end
|
44
|
-
|
45
|
-
it "expects database to throw an error when tokens are the same" do
|
46
|
-
token1 = FactoryBot.create factory_name
|
47
|
-
token2 = FactoryBot.create factory_name
|
48
|
-
token2.token = token1.token
|
49
|
-
expect do
|
50
|
-
token2.save!(validate: false)
|
51
|
-
end.to raise_error(uniqueness_error)
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|