doorkeeper 5.4.0.rc1 → 5.4.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -1
- data/app/controllers/doorkeeper/applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/lib/doorkeeper.rb +1 -1
- data/lib/doorkeeper/config.rb +24 -18
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +4 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +11 -5
- data/lib/doorkeeper/models/access_token_mixin.rb +9 -5
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
- data/lib/doorkeeper/oauth/password_access_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +5 -4
- data/lib/doorkeeper/oauth/token.rb +1 -2
- data/lib/doorkeeper/orm/active_record.rb +10 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +64 -9
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/version.rb +1 -1
- data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
- metadata +5 -299
- data/Appraisals +0 -26
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -30
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -19
- data/gemfiles/rails_5_1.gemfile +0 -19
- data/gemfiles/rails_5_2.gemfile +0 -19
- data/gemfiles/rails_6_0.gemfile +0 -19
- data/gemfiles/rails_master.gemfile +0 -19
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -743
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -499
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -11
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -51
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -70
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -813
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -58
- data/spec/lib/models/scopes_spec.rb +0 -61
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
- data/spec/lib/oauth/base_request_spec.rb +0 -210
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -164
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/option_spec.rb +0 -51
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -102
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
- data/spec/models/doorkeeper/access_token_spec.rb +0 -650
- data/spec/models/doorkeeper/application_spec.rb +0 -442
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
- data/spec/requests/flows/authorization_code_spec.rb +0 -530
- data/spec/requests/flows/client_credentials_spec.rb +0 -207
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -241
- data/spec/requests/flows/revoke_token_spec.rb +0 -196
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -14
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -56
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
|
@@ -1,183 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
describe Doorkeeper::RedirectUriValidator do
|
|
6
|
-
subject do
|
|
7
|
-
FactoryBot.create(:application)
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
it "is valid when the uri is a uri" do
|
|
11
|
-
subject.redirect_uri = "https://example.com/callback"
|
|
12
|
-
expect(subject).to be_valid
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
# Most mobile and desktop operating systems allow apps to register a custom URL
|
|
16
|
-
# scheme that will launch the app when a URL with that scheme is visited from
|
|
17
|
-
# the system browser.
|
|
18
|
-
#
|
|
19
|
-
# @see https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/
|
|
20
|
-
it "is valid when the uri is custom native URI" do
|
|
21
|
-
subject.redirect_uri = "myapp:/callback"
|
|
22
|
-
expect(subject).to be_valid
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "is valid when the uri has a query parameter" do
|
|
26
|
-
subject.redirect_uri = "https://example.com/abcd?xyz=123"
|
|
27
|
-
expect(subject).to be_valid
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
it "accepts nonstandard oob redirect uri" do
|
|
31
|
-
subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
|
|
32
|
-
expect(subject).to be_valid
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
it "accepts nonstandard oob:auto redirect uri" do
|
|
36
|
-
subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob:auto"
|
|
37
|
-
expect(subject).to be_valid
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
it "is invalid when the uri is not a uri" do
|
|
41
|
-
subject.redirect_uri = "]"
|
|
42
|
-
expect(subject).not_to be_valid
|
|
43
|
-
expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.invalid_uri"))
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
it "is invalid when the uri is relative" do
|
|
47
|
-
subject.redirect_uri = "/abcd"
|
|
48
|
-
expect(subject).not_to be_valid
|
|
49
|
-
expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.relative_uri"))
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
it "is invalid when the uri has a fragment" do
|
|
53
|
-
subject.redirect_uri = "https://example.com/abcd#xyz"
|
|
54
|
-
expect(subject).not_to be_valid
|
|
55
|
-
expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.fragment_present"))
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
it "is invalid when scheme resolves to localhost (needs an explict scheme)" do
|
|
59
|
-
subject.redirect_uri = "localhost:80"
|
|
60
|
-
expect(subject).to be_invalid
|
|
61
|
-
expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.unspecified_scheme"))
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
it "is invalid if an ip address" do
|
|
65
|
-
subject.redirect_uri = "127.0.0.1:8080"
|
|
66
|
-
expect(subject).to be_invalid
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
it "accepts an ip address based URI if a scheme is specified" do
|
|
70
|
-
subject.redirect_uri = "https://127.0.0.1:8080"
|
|
71
|
-
expect(subject).to be_valid
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
context "force secured uri" do
|
|
75
|
-
it "accepts an valid uri" do
|
|
76
|
-
subject.redirect_uri = "https://example.com/callback"
|
|
77
|
-
expect(subject).to be_valid
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
it "accepts custom scheme redirect uri (as per rfc8252 section 7.1)" do
|
|
81
|
-
subject.redirect_uri = "com.example.app:/oauth/callback"
|
|
82
|
-
expect(subject).to be_valid
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
it "accepts custom scheme redirect uri (as per rfc8252 section 7.1) #2" do
|
|
86
|
-
subject.redirect_uri = "com.example.app:/test"
|
|
87
|
-
expect(subject).to be_valid
|
|
88
|
-
end
|
|
89
|
-
|
|
90
|
-
it "accepts custom scheme redirect uri (common misconfiguration we have decided to allow)" do
|
|
91
|
-
subject.redirect_uri = "com.example.app://oauth/callback"
|
|
92
|
-
expect(subject).to be_valid
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
it "accepts custom scheme redirect uri (common misconfiguration we have decided to allow) #2" do
|
|
96
|
-
subject.redirect_uri = "com.example.app://test"
|
|
97
|
-
expect(subject).to be_valid
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
it "accepts a non secured protocol when disabled" do
|
|
101
|
-
subject.redirect_uri = "http://example.com/callback"
|
|
102
|
-
allow(Doorkeeper.configuration).to receive(
|
|
103
|
-
:force_ssl_in_redirect_uri,
|
|
104
|
-
).and_return(false)
|
|
105
|
-
expect(subject).to be_valid
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
it "accepts a non secured protocol when conditional option defined" do
|
|
109
|
-
Doorkeeper.configure do
|
|
110
|
-
orm DOORKEEPER_ORM
|
|
111
|
-
force_ssl_in_redirect_uri { |uri| uri.host != "localhost" }
|
|
112
|
-
end
|
|
113
|
-
|
|
114
|
-
application = FactoryBot.build(:application, redirect_uri: "http://localhost/callback")
|
|
115
|
-
expect(application).to be_valid
|
|
116
|
-
|
|
117
|
-
application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
|
|
118
|
-
expect(application).to be_valid
|
|
119
|
-
|
|
120
|
-
application = FactoryBot.build(:application, redirect_uri: "http://localhost2/callback")
|
|
121
|
-
expect(application).not_to be_valid
|
|
122
|
-
|
|
123
|
-
application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
|
|
124
|
-
expect(application).to be_valid
|
|
125
|
-
end
|
|
126
|
-
|
|
127
|
-
it "forbids redirect uri if required" do
|
|
128
|
-
subject.redirect_uri = "javascript://document.cookie"
|
|
129
|
-
|
|
130
|
-
Doorkeeper.configure do
|
|
131
|
-
orm DOORKEEPER_ORM
|
|
132
|
-
forbid_redirect_uri { |uri| uri.scheme == "javascript" }
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
expect(subject).to be_invalid
|
|
136
|
-
expect(subject.errors[:redirect_uri].first).to eq("is forbidden by the server.")
|
|
137
|
-
|
|
138
|
-
subject.redirect_uri = "https://localhost/callback"
|
|
139
|
-
expect(subject).to be_valid
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
it "invalidates the uri when the uri does not use a secure protocol" do
|
|
143
|
-
subject.redirect_uri = "http://example.com/callback"
|
|
144
|
-
expect(subject).not_to be_valid
|
|
145
|
-
error = subject.errors[:redirect_uri].first
|
|
146
|
-
expect(error).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.secured_uri"))
|
|
147
|
-
end
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
context "multiple redirect uri" do
|
|
151
|
-
it "invalidates the second uri when the first uri is native uri" do
|
|
152
|
-
subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob\nexample.com/callback"
|
|
153
|
-
expect(subject).to be_invalid
|
|
154
|
-
end
|
|
155
|
-
end
|
|
156
|
-
|
|
157
|
-
context "blank redirect URI" do
|
|
158
|
-
it "forbids blank redirect uri by default" do
|
|
159
|
-
subject.redirect_uri = ""
|
|
160
|
-
|
|
161
|
-
expect(subject).to be_invalid
|
|
162
|
-
expect(subject.errors[:redirect_uri]).not_to be_blank
|
|
163
|
-
end
|
|
164
|
-
|
|
165
|
-
it "forbids blank redirect uri by custom condition" do
|
|
166
|
-
Doorkeeper.configure do
|
|
167
|
-
orm DOORKEEPER_ORM
|
|
168
|
-
allow_blank_redirect_uri do |_grant_flows, application|
|
|
169
|
-
application.name == "admin app"
|
|
170
|
-
end
|
|
171
|
-
end
|
|
172
|
-
|
|
173
|
-
subject.name = "test app"
|
|
174
|
-
subject.redirect_uri = ""
|
|
175
|
-
|
|
176
|
-
expect(subject).to be_invalid
|
|
177
|
-
expect(subject.errors[:redirect_uri]).not_to be_blank
|
|
178
|
-
|
|
179
|
-
subject.name = "admin app"
|
|
180
|
-
expect(subject).to be_valid
|
|
181
|
-
end
|
|
182
|
-
end
|
|
183
|
-
end
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
describe Doorkeeper::VERSION do
|
|
6
|
-
context "#gem_version" do
|
|
7
|
-
it "returns Gem::Version instance" do
|
|
8
|
-
expect(Doorkeeper.gem_version).to be_an_instance_of(Gem::Version)
|
|
9
|
-
end
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
context "VERSION" do
|
|
13
|
-
it "returns gem version string" do
|
|
14
|
-
expect(Doorkeeper::VERSION::STRING).to match(/^\d+\.\d+\.\d+(\.\w+)?$/)
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
end
|