doorkeeper 5.4.0.rc1 → 5.4.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -1
- data/app/controllers/doorkeeper/applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/lib/doorkeeper.rb +1 -1
- data/lib/doorkeeper/config.rb +24 -18
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +4 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +11 -5
- data/lib/doorkeeper/models/access_token_mixin.rb +9 -5
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
- data/lib/doorkeeper/oauth/password_access_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +5 -4
- data/lib/doorkeeper/oauth/token.rb +1 -2
- data/lib/doorkeeper/orm/active_record.rb +10 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +64 -9
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/version.rb +1 -1
- data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
- metadata +5 -299
- data/Appraisals +0 -26
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -30
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -19
- data/gemfiles/rails_5_1.gemfile +0 -19
- data/gemfiles/rails_5_2.gemfile +0 -19
- data/gemfiles/rails_6_0.gemfile +0 -19
- data/gemfiles/rails_master.gemfile +0 -19
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -743
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -499
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -11
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -51
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -70
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -813
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -58
- data/spec/lib/models/scopes_spec.rb +0 -61
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
- data/spec/lib/oauth/base_request_spec.rb +0 -210
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -164
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/option_spec.rb +0 -51
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -102
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
- data/spec/models/doorkeeper/access_token_spec.rb +0 -650
- data/spec/models/doorkeeper/application_spec.rb +0 -442
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
- data/spec/requests/flows/authorization_code_spec.rb +0 -530
- data/spec/requests/flows/client_credentials_spec.rb +0 -207
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -241
- data/spec/requests/flows/revoke_token_spec.rb +0 -196
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -14
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -56
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
data/gemfiles/rails_6_0.gemfile
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
# This file was generated by Appraisal
|
2
|
-
|
3
|
-
source "https://rubygems.org"
|
4
|
-
|
5
|
-
gem "rails", "~> 6.0.0"
|
6
|
-
gem "rspec-core"
|
7
|
-
gem "rspec-expectations"
|
8
|
-
gem "rspec-mocks"
|
9
|
-
gem "rspec-rails", "~> 4.0"
|
10
|
-
gem "rspec-support"
|
11
|
-
gem "rubocop", "~> 0.80"
|
12
|
-
gem "rubocop-performance", require: false
|
13
|
-
gem "rubocop-rails", require: false
|
14
|
-
gem "bcrypt", "~> 3.1", require: false
|
15
|
-
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
16
|
-
gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
17
|
-
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
|
18
|
-
|
19
|
-
gemspec path: "../"
|
@@ -1,19 +0,0 @@
|
|
1
|
-
# This file was generated by Appraisal
|
2
|
-
|
3
|
-
source "https://rubygems.org"
|
4
|
-
|
5
|
-
gem "rails", git: "https://github.com/rails/rails"
|
6
|
-
gem "rspec-core"
|
7
|
-
gem "rspec-expectations"
|
8
|
-
gem "rspec-mocks"
|
9
|
-
gem "rspec-rails", "~> 4.0"
|
10
|
-
gem "rspec-support"
|
11
|
-
gem "rubocop", "~> 0.80"
|
12
|
-
gem "rubocop-performance", require: false
|
13
|
-
gem "rubocop-rails", require: false
|
14
|
-
gem "bcrypt", "~> 3.1", require: false
|
15
|
-
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
16
|
-
gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
17
|
-
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
|
18
|
-
|
19
|
-
gemspec path: "../"
|
@@ -1,64 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper_integration"
|
4
|
-
|
5
|
-
describe Doorkeeper::ApplicationMetalController do
|
6
|
-
controller(Doorkeeper::ApplicationMetalController) do
|
7
|
-
def index
|
8
|
-
render json: {}, status: 200
|
9
|
-
end
|
10
|
-
|
11
|
-
def create
|
12
|
-
render json: {}, status: 200
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
it "lazy run hooks" do
|
17
|
-
i = 0
|
18
|
-
ActiveSupport.on_load(:doorkeeper_metal_controller) { i += 1 }
|
19
|
-
|
20
|
-
expect(i).to eq 1
|
21
|
-
end
|
22
|
-
|
23
|
-
describe "enforce_content_type" do
|
24
|
-
before { allow(Doorkeeper.config).to receive(:enforce_content_type).and_return(flag) }
|
25
|
-
|
26
|
-
context "enabled" do
|
27
|
-
let(:flag) { true }
|
28
|
-
|
29
|
-
it "returns a 200 for the requests without body" do
|
30
|
-
get :index, params: {}
|
31
|
-
expect(response).to have_http_status 200
|
32
|
-
end
|
33
|
-
|
34
|
-
it "returns a 200 for the requests with body and correct media type" do
|
35
|
-
post :create, params: {}, as: :url_encoded_form
|
36
|
-
expect(response).to have_http_status 200
|
37
|
-
end
|
38
|
-
|
39
|
-
it "returns a 415 for the requests with body and incorrect media type" do
|
40
|
-
post :create, params: {}, as: :json
|
41
|
-
expect(response).to have_http_status 415
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
context "disabled" do
|
46
|
-
let(:flag) { false }
|
47
|
-
|
48
|
-
it "returns a 200 for the correct media type" do
|
49
|
-
get :index, as: :url_encoded_form
|
50
|
-
expect(response).to have_http_status 200
|
51
|
-
end
|
52
|
-
|
53
|
-
it "returns a 200 for an incorrect media type" do
|
54
|
-
get :index, as: :json
|
55
|
-
expect(response).to have_http_status 200
|
56
|
-
end
|
57
|
-
|
58
|
-
it "returns a 200 for the requests with body and incorrect media type" do
|
59
|
-
post :create, params: {}, as: :json
|
60
|
-
expect(response).to have_http_status 200
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
@@ -1,274 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
module Doorkeeper
|
6
|
-
describe ApplicationsController do
|
7
|
-
context "JSON API" do
|
8
|
-
render_views
|
9
|
-
|
10
|
-
before do
|
11
|
-
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
12
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
|
13
|
-
end
|
14
|
-
|
15
|
-
it "creates an application" do
|
16
|
-
expect do
|
17
|
-
post :create, params: {
|
18
|
-
doorkeeper_application: {
|
19
|
-
name: "Example",
|
20
|
-
redirect_uri: "https://example.com",
|
21
|
-
}, format: :json,
|
22
|
-
}
|
23
|
-
end.to(change { Doorkeeper::Application.count })
|
24
|
-
|
25
|
-
expect(response).to be_successful
|
26
|
-
|
27
|
-
expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
|
28
|
-
|
29
|
-
application = Application.last
|
30
|
-
secret_from_response = json_response["secret"]
|
31
|
-
expect(application.secret_matches?(secret_from_response)).to be_truthy
|
32
|
-
|
33
|
-
expect(json_response["name"]).to eq("Example")
|
34
|
-
expect(json_response["redirect_uri"]).to eq("https://example.com")
|
35
|
-
end
|
36
|
-
|
37
|
-
it "returns validation errors on wrong create params" do
|
38
|
-
expect do
|
39
|
-
post :create, params: {
|
40
|
-
doorkeeper_application: {
|
41
|
-
name: "Example",
|
42
|
-
}, format: :json,
|
43
|
-
}
|
44
|
-
end.not_to(change { Doorkeeper::Application.count })
|
45
|
-
|
46
|
-
expect(response).to have_http_status(422)
|
47
|
-
|
48
|
-
expect(json_response).to include("errors")
|
49
|
-
end
|
50
|
-
|
51
|
-
it "returns validations on wrong create params (unspecified scheme)" do
|
52
|
-
expect do
|
53
|
-
post :create, params: {
|
54
|
-
doorkeeper_application: {
|
55
|
-
name: "Example",
|
56
|
-
redirect_uri: "app.com:80",
|
57
|
-
}, format: :json,
|
58
|
-
}
|
59
|
-
end.not_to(change { Doorkeeper::Application.count })
|
60
|
-
|
61
|
-
expect(response).to have_http_status(422)
|
62
|
-
|
63
|
-
expect(json_response).to include("errors")
|
64
|
-
end
|
65
|
-
|
66
|
-
it "returns application info" do
|
67
|
-
application = FactoryBot.create(:application, name: "Change me")
|
68
|
-
|
69
|
-
get :show, params: { id: application.id, format: :json }
|
70
|
-
|
71
|
-
expect(response).to be_successful
|
72
|
-
|
73
|
-
expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
|
74
|
-
end
|
75
|
-
|
76
|
-
it "updates application" do
|
77
|
-
application = FactoryBot.create(:application, name: "Change me")
|
78
|
-
|
79
|
-
put :update, params: {
|
80
|
-
id: application.id,
|
81
|
-
doorkeeper_application: {
|
82
|
-
name: "Example App",
|
83
|
-
redirect_uri: "https://example.com",
|
84
|
-
}, format: :json,
|
85
|
-
}
|
86
|
-
|
87
|
-
expect(application.reload.name).to eq "Example App"
|
88
|
-
|
89
|
-
expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
|
90
|
-
end
|
91
|
-
|
92
|
-
it "returns validation errors on wrong update params" do
|
93
|
-
application = FactoryBot.create(:application, name: "Change me")
|
94
|
-
|
95
|
-
put :update, params: {
|
96
|
-
id: application.id,
|
97
|
-
doorkeeper_application: {
|
98
|
-
name: "Example App",
|
99
|
-
redirect_uri: "localhost:3000",
|
100
|
-
}, format: :json,
|
101
|
-
}
|
102
|
-
|
103
|
-
expect(response).to have_http_status(422)
|
104
|
-
|
105
|
-
expect(json_response).to include("errors")
|
106
|
-
end
|
107
|
-
|
108
|
-
it "destroys an application" do
|
109
|
-
application = FactoryBot.create(:application)
|
110
|
-
|
111
|
-
delete :destroy, params: { id: application.id, format: :json }
|
112
|
-
|
113
|
-
expect(response).to have_http_status(204)
|
114
|
-
expect(Application.count).to be_zero
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
context "when admin is not authenticated" do
|
119
|
-
before do
|
120
|
-
allow(Doorkeeper.config).to receive(:authenticate_admin).and_return(proc do
|
121
|
-
redirect_to main_app.root_url
|
122
|
-
end)
|
123
|
-
end
|
124
|
-
|
125
|
-
it "redirects as set in Doorkeeper.authenticate_admin" do
|
126
|
-
get :index
|
127
|
-
expect(response).to redirect_to(controller.main_app.root_url)
|
128
|
-
end
|
129
|
-
|
130
|
-
it "does not create application" do
|
131
|
-
expect do
|
132
|
-
post :create, params: {
|
133
|
-
doorkeeper_application: {
|
134
|
-
name: "Example",
|
135
|
-
redirect_uri: "https://example.com",
|
136
|
-
},
|
137
|
-
}
|
138
|
-
end.not_to(change { Doorkeeper::Application.count })
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
|
-
context "when admin is authenticated" do
|
143
|
-
context "when application secrets are hashed" do
|
144
|
-
before do
|
145
|
-
allow(Doorkeeper.configuration)
|
146
|
-
.to receive(:application_secret_strategy).and_return(Doorkeeper::SecretStoring::Sha256Hash)
|
147
|
-
end
|
148
|
-
|
149
|
-
it "shows the application secret after creating a new application" do
|
150
|
-
expect do
|
151
|
-
post :create, params: {
|
152
|
-
doorkeeper_application: {
|
153
|
-
name: "Example",
|
154
|
-
redirect_uri: "https://example.com",
|
155
|
-
},
|
156
|
-
}
|
157
|
-
end.to change { Doorkeeper::Application.count }.by(1)
|
158
|
-
|
159
|
-
application = Application.last
|
160
|
-
|
161
|
-
secret_from_flash = flash[:application_secret]
|
162
|
-
expect(secret_from_flash).not_to be_empty
|
163
|
-
expect(application.secret_matches?(secret_from_flash)).to be_truthy
|
164
|
-
expect(response).to redirect_to(controller.main_app.oauth_application_url(application.id))
|
165
|
-
|
166
|
-
get :show, params: { id: application.id, format: :html }
|
167
|
-
|
168
|
-
# We don't know the application secret here (because its hashed) so we can not assert its text on the page
|
169
|
-
# Instead, we read it from the page and then check if it matches the application secret
|
170
|
-
code_element = /code.*id="secret">\s*\K([^<]*)/m.match(response.body)
|
171
|
-
secret_from_page = code_element[1].strip
|
172
|
-
|
173
|
-
expect(response.body).to have_selector("code#application_id", text: application.uid)
|
174
|
-
expect(response.body).to have_selector("code#secret")
|
175
|
-
expect(secret_from_page).not_to be_empty
|
176
|
-
expect(application.secret_matches?(secret_from_page)).to be_truthy
|
177
|
-
end
|
178
|
-
|
179
|
-
it "does not show an application secret when application did already exist" do
|
180
|
-
application = FactoryBot.create(:application)
|
181
|
-
get :show, params: { id: application.id, format: :html }
|
182
|
-
|
183
|
-
expect(response.body).to have_selector("code#application_id", text: application.uid)
|
184
|
-
expect(response.body).to have_selector("code#secret", text: "")
|
185
|
-
end
|
186
|
-
|
187
|
-
it "returns the application details in a json response" do
|
188
|
-
expect do
|
189
|
-
post :create, params: {
|
190
|
-
doorkeeper_application: {
|
191
|
-
name: "Example",
|
192
|
-
redirect_uri: "https://example.com",
|
193
|
-
}, format: :json,
|
194
|
-
}
|
195
|
-
end.to(change { Doorkeeper::Application.count })
|
196
|
-
|
197
|
-
expect(response).to be_successful
|
198
|
-
|
199
|
-
expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
|
200
|
-
|
201
|
-
application = Application.last
|
202
|
-
secret_from_response = json_response["secret"]
|
203
|
-
expect(application.secret_matches?(secret_from_response)).to be_truthy
|
204
|
-
|
205
|
-
expect(json_response["name"]).to eq("Example")
|
206
|
-
expect(json_response["redirect_uri"]).to eq("https://example.com")
|
207
|
-
end
|
208
|
-
end
|
209
|
-
|
210
|
-
render_views
|
211
|
-
|
212
|
-
before do
|
213
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
|
214
|
-
end
|
215
|
-
|
216
|
-
it "sorts applications by created_at" do
|
217
|
-
first_application = FactoryBot.create(:application)
|
218
|
-
second_application = FactoryBot.create(:application)
|
219
|
-
expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
|
220
|
-
|
221
|
-
get :index
|
222
|
-
|
223
|
-
expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
|
224
|
-
expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
|
225
|
-
end
|
226
|
-
|
227
|
-
it "creates application" do
|
228
|
-
expect do
|
229
|
-
post :create, params: {
|
230
|
-
doorkeeper_application: {
|
231
|
-
name: "Example",
|
232
|
-
redirect_uri: "https://example.com",
|
233
|
-
},
|
234
|
-
}
|
235
|
-
end.to change { Doorkeeper::Application.count }.by(1)
|
236
|
-
|
237
|
-
expect(response).to be_redirect
|
238
|
-
end
|
239
|
-
|
240
|
-
it "shows application details" do
|
241
|
-
application = FactoryBot.create(:application)
|
242
|
-
get :show, params: { id: application.id, format: :html }
|
243
|
-
|
244
|
-
expect(response.body).to have_selector("code#application_id", text: application.uid)
|
245
|
-
expect(response.body).to have_selector("code#secret", text: application.plaintext_secret)
|
246
|
-
end
|
247
|
-
|
248
|
-
it "does not allow mass assignment of uid or secret" do
|
249
|
-
application = FactoryBot.create(:application)
|
250
|
-
put :update, params: {
|
251
|
-
id: application.id,
|
252
|
-
doorkeeper_application: {
|
253
|
-
uid: "1A2B3C4D",
|
254
|
-
secret: "1A2B3C4D",
|
255
|
-
},
|
256
|
-
}
|
257
|
-
|
258
|
-
expect(application.reload.uid).not_to eq "1A2B3C4D"
|
259
|
-
end
|
260
|
-
|
261
|
-
it "updates application" do
|
262
|
-
application = FactoryBot.create(:application)
|
263
|
-
put :update, params: {
|
264
|
-
id: application.id, doorkeeper_application: {
|
265
|
-
name: "Example",
|
266
|
-
redirect_uri: "https://example.com",
|
267
|
-
},
|
268
|
-
}
|
269
|
-
|
270
|
-
expect(application.reload.name).to eq "Example"
|
271
|
-
end
|
272
|
-
end
|
273
|
-
end
|
274
|
-
end
|
@@ -1,743 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
|
6
|
-
include AuthorizationRequestHelper
|
7
|
-
|
8
|
-
class ActionDispatch::TestResponse
|
9
|
-
def query_params
|
10
|
-
@query_params ||= begin
|
11
|
-
fragment = URI.parse(location).fragment
|
12
|
-
Rack::Utils.parse_query(fragment)
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
let(:client) { FactoryBot.create :application }
|
18
|
-
let(:user) { User.create!(name: "Joe", password: "sekret") }
|
19
|
-
|
20
|
-
let(:access_token) do
|
21
|
-
FactoryBot.build :access_token,
|
22
|
-
resource_owner_id: user.id,
|
23
|
-
resource_owner_type: user.class.name,
|
24
|
-
application_id: client.id,
|
25
|
-
scopes: "default"
|
26
|
-
end
|
27
|
-
|
28
|
-
before do
|
29
|
-
Doorkeeper.configure do
|
30
|
-
default_scopes :default
|
31
|
-
|
32
|
-
custom_access_token_expires_in(lambda do |context|
|
33
|
-
context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
|
34
|
-
end)
|
35
|
-
end
|
36
|
-
|
37
|
-
allow(Doorkeeper.config).to receive(:grant_flows).and_return(["implicit"])
|
38
|
-
allow(Doorkeeper.config).to receive(:authenticate_resource_owner).and_return(->(_) { authenticator_method })
|
39
|
-
allow(controller).to receive(:authenticator_method).and_return(user)
|
40
|
-
expect(controller).to receive(:authenticator_method).at_most(:once)
|
41
|
-
end
|
42
|
-
|
43
|
-
describe "POST #create" do
|
44
|
-
before do
|
45
|
-
post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
|
46
|
-
end
|
47
|
-
|
48
|
-
it "redirects after authorization" do
|
49
|
-
expect(response).to be_redirect
|
50
|
-
end
|
51
|
-
|
52
|
-
it "redirects to client redirect uri" do
|
53
|
-
expect(response.location).to match(/^#{client.redirect_uri}/)
|
54
|
-
end
|
55
|
-
|
56
|
-
it "includes access token in fragment" do
|
57
|
-
expect(response.query_params["access_token"]).to eq(Doorkeeper::AccessToken.first.token)
|
58
|
-
end
|
59
|
-
|
60
|
-
it "includes token type in fragment" do
|
61
|
-
expect(response.query_params["token_type"]).to eq("Bearer")
|
62
|
-
end
|
63
|
-
|
64
|
-
it "includes token expiration in fragment" do
|
65
|
-
expect(response.query_params["expires_in"].to_i).to eq(1234)
|
66
|
-
end
|
67
|
-
|
68
|
-
it "issues the token for the current client" do
|
69
|
-
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
70
|
-
end
|
71
|
-
|
72
|
-
it "issues the token for the current resource owner" do
|
73
|
-
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
describe "POST #create in API mode" do
|
78
|
-
before do
|
79
|
-
allow(Doorkeeper.config).to receive(:api_only).and_return(true)
|
80
|
-
post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
|
81
|
-
end
|
82
|
-
|
83
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
84
|
-
let(:redirect_uri) { response_json_body["redirect_uri"] }
|
85
|
-
|
86
|
-
it "renders success after authorization" do
|
87
|
-
expect(response).to be_successful
|
88
|
-
end
|
89
|
-
|
90
|
-
it "renders correct redirect uri" do
|
91
|
-
expect(redirect_uri).to match(/^#{client.redirect_uri}/)
|
92
|
-
end
|
93
|
-
|
94
|
-
it "includes access token in fragment" do
|
95
|
-
expect(redirect_uri.match(/access_token=([a-zA-Z0-9\-_]+)&?/)[1]).to eq(Doorkeeper::AccessToken.first.token)
|
96
|
-
end
|
97
|
-
|
98
|
-
it "includes token type in fragment" do
|
99
|
-
expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
|
100
|
-
end
|
101
|
-
|
102
|
-
it "includes token expiration in fragment" do
|
103
|
-
expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
|
104
|
-
end
|
105
|
-
|
106
|
-
it "issues the token for the current client" do
|
107
|
-
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
108
|
-
end
|
109
|
-
|
110
|
-
it "issues the token for the current resource owner" do
|
111
|
-
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
112
|
-
end
|
113
|
-
end
|
114
|
-
|
115
|
-
describe "POST #create with errors" do
|
116
|
-
context "when missing client_id" do
|
117
|
-
before do
|
118
|
-
post :create, params: {
|
119
|
-
client_id: "",
|
120
|
-
response_type: "token",
|
121
|
-
redirect_uri: client.redirect_uri,
|
122
|
-
}
|
123
|
-
end
|
124
|
-
|
125
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
126
|
-
|
127
|
-
it "renders 400 error" do
|
128
|
-
expect(response.status).to eq 400
|
129
|
-
end
|
130
|
-
|
131
|
-
it "includes error name" do
|
132
|
-
expect(response_json_body["error"]).to eq("invalid_request")
|
133
|
-
end
|
134
|
-
|
135
|
-
it "includes error description" do
|
136
|
-
expect(response_json_body["error_description"]).to eq(
|
137
|
-
translated_invalid_request_error_message(:missing_param, :client_id),
|
138
|
-
)
|
139
|
-
end
|
140
|
-
|
141
|
-
it "does not issue any access token" do
|
142
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
context "when user cannot access application" do
|
147
|
-
before do
|
148
|
-
allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
|
149
|
-
post :create, params: {
|
150
|
-
client_id: client.uid,
|
151
|
-
response_type: "token",
|
152
|
-
redirect_uri: client.redirect_uri,
|
153
|
-
}
|
154
|
-
end
|
155
|
-
|
156
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
157
|
-
|
158
|
-
it "renders 400 error" do
|
159
|
-
expect(response.status).to eq 401
|
160
|
-
end
|
161
|
-
|
162
|
-
it "includes error name" do
|
163
|
-
expect(response_json_body["error"]).to eq("invalid_client")
|
164
|
-
end
|
165
|
-
|
166
|
-
it "includes error description" do
|
167
|
-
expect(response_json_body["error_description"]).to eq(
|
168
|
-
translated_error_message(:invalid_client),
|
169
|
-
)
|
170
|
-
end
|
171
|
-
|
172
|
-
it "does not issue any access token" do
|
173
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
174
|
-
end
|
175
|
-
end
|
176
|
-
|
177
|
-
context "when other error happens" do
|
178
|
-
before do
|
179
|
-
default_scopes_exist :public
|
180
|
-
|
181
|
-
post :create, params: {
|
182
|
-
client_id: client.uid,
|
183
|
-
response_type: "token",
|
184
|
-
scope: "invalid",
|
185
|
-
redirect_uri: client.redirect_uri,
|
186
|
-
}
|
187
|
-
end
|
188
|
-
|
189
|
-
it "redirects after authorization" do
|
190
|
-
expect(response).to be_redirect
|
191
|
-
end
|
192
|
-
|
193
|
-
it "redirects to client redirect uri" do
|
194
|
-
expect(response.location).to match(/^#{client.redirect_uri}/)
|
195
|
-
end
|
196
|
-
|
197
|
-
it "does not include access token in fragment" do
|
198
|
-
expect(response.query_params["access_token"]).to be_nil
|
199
|
-
end
|
200
|
-
|
201
|
-
it "includes error in fragment" do
|
202
|
-
expect(response.query_params["error"]).to eq("invalid_scope")
|
203
|
-
end
|
204
|
-
|
205
|
-
it "includes error description in fragment" do
|
206
|
-
expect(response.query_params["error_description"]).to eq(translated_error_message(:invalid_scope))
|
207
|
-
end
|
208
|
-
|
209
|
-
it "does not issue any access token" do
|
210
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
211
|
-
end
|
212
|
-
end
|
213
|
-
end
|
214
|
-
|
215
|
-
describe "POST #create in API mode with errors" do
|
216
|
-
context "when missing client_id" do
|
217
|
-
before do
|
218
|
-
allow(Doorkeeper.config).to receive(:api_only).and_return(true)
|
219
|
-
|
220
|
-
post :create, params: {
|
221
|
-
client_id: "",
|
222
|
-
response_type: "token",
|
223
|
-
redirect_uri: client.redirect_uri,
|
224
|
-
}
|
225
|
-
end
|
226
|
-
|
227
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
228
|
-
|
229
|
-
it "renders 400 error" do
|
230
|
-
expect(response.status).to eq 400
|
231
|
-
end
|
232
|
-
|
233
|
-
it "includes error name" do
|
234
|
-
expect(response_json_body["error"]).to eq("invalid_request")
|
235
|
-
end
|
236
|
-
|
237
|
-
it "includes error description" do
|
238
|
-
expect(response_json_body["error_description"]).to eq(
|
239
|
-
translated_invalid_request_error_message(:missing_param, :client_id),
|
240
|
-
)
|
241
|
-
end
|
242
|
-
|
243
|
-
it "does not issue any access token" do
|
244
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
245
|
-
end
|
246
|
-
end
|
247
|
-
|
248
|
-
context "when user cannot access application" do
|
249
|
-
before do
|
250
|
-
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
251
|
-
allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
|
252
|
-
|
253
|
-
post :create, params: {
|
254
|
-
client_id: client.uid,
|
255
|
-
response_type: "token",
|
256
|
-
redirect_uri: client.redirect_uri,
|
257
|
-
}
|
258
|
-
end
|
259
|
-
|
260
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
261
|
-
|
262
|
-
it "renders 400 error" do
|
263
|
-
expect(response.status).to eq 401
|
264
|
-
end
|
265
|
-
|
266
|
-
it "includes error name" do
|
267
|
-
expect(response_json_body["error"]).to eq("invalid_client")
|
268
|
-
end
|
269
|
-
|
270
|
-
it "includes error description" do
|
271
|
-
expect(response_json_body["error_description"]).to eq(
|
272
|
-
translated_error_message(:invalid_client),
|
273
|
-
)
|
274
|
-
end
|
275
|
-
|
276
|
-
it "does not issue any access token" do
|
277
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
278
|
-
end
|
279
|
-
end
|
280
|
-
|
281
|
-
context "when other error happens" do
|
282
|
-
before do
|
283
|
-
allow(Doorkeeper.config).to receive(:api_only).and_return(true)
|
284
|
-
default_scopes_exist :public
|
285
|
-
|
286
|
-
post :create, params: {
|
287
|
-
client_id: client.uid,
|
288
|
-
response_type: "token",
|
289
|
-
scope: "invalid",
|
290
|
-
redirect_uri: client.redirect_uri,
|
291
|
-
}
|
292
|
-
end
|
293
|
-
|
294
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
295
|
-
let(:redirect_uri) { response_json_body["redirect_uri"] }
|
296
|
-
|
297
|
-
it "renders 400 error" do
|
298
|
-
expect(response.status).to eq 400
|
299
|
-
end
|
300
|
-
|
301
|
-
it "includes correct redirect URI" do
|
302
|
-
expect(redirect_uri).to match(/^#{client.redirect_uri}/)
|
303
|
-
end
|
304
|
-
|
305
|
-
it "does not include access token in fragment" do
|
306
|
-
expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)).to be_nil
|
307
|
-
end
|
308
|
-
|
309
|
-
it "includes error in redirect uri" do
|
310
|
-
expect(redirect_uri.match(/error=([a-z_]+)&?/)[1]).to eq "invalid_scope"
|
311
|
-
end
|
312
|
-
|
313
|
-
it "includes error description in redirect uri" do
|
314
|
-
expect(redirect_uri.match(/error_description=(.+)&?/)[1]).to_not be_nil
|
315
|
-
end
|
316
|
-
|
317
|
-
it "does not issue any access token" do
|
318
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
319
|
-
end
|
320
|
-
end
|
321
|
-
end
|
322
|
-
|
323
|
-
describe "POST #create with application already authorized" do
|
324
|
-
before do
|
325
|
-
allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(true)
|
326
|
-
|
327
|
-
access_token.save!
|
328
|
-
|
329
|
-
post :create, params: {
|
330
|
-
client_id: client.uid,
|
331
|
-
response_type: "token",
|
332
|
-
redirect_uri: client.redirect_uri,
|
333
|
-
}
|
334
|
-
end
|
335
|
-
|
336
|
-
it "returns the existing access token in a fragment" do
|
337
|
-
expect(response.query_params["access_token"]).to eq(access_token.token)
|
338
|
-
end
|
339
|
-
|
340
|
-
it "does not creates a new access token" do
|
341
|
-
expect(Doorkeeper::AccessToken.count).to eq(1)
|
342
|
-
end
|
343
|
-
end
|
344
|
-
|
345
|
-
describe "POST #create with callbacks" do
|
346
|
-
after do
|
347
|
-
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
348
|
-
end
|
349
|
-
|
350
|
-
describe "when successful" do
|
351
|
-
after do
|
352
|
-
post :create, params: {
|
353
|
-
client_id: client.uid,
|
354
|
-
response_type: "token",
|
355
|
-
redirect_uri: client.redirect_uri,
|
356
|
-
}
|
357
|
-
end
|
358
|
-
|
359
|
-
it "should call :before_successful_authorization callback" do
|
360
|
-
expect(Doorkeeper.config)
|
361
|
-
.to receive_message_chain(:before_successful_authorization, :call)
|
362
|
-
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
363
|
-
end
|
364
|
-
|
365
|
-
it "should call :after_successful_authorization callback" do
|
366
|
-
expect(Doorkeeper.config)
|
367
|
-
.to receive_message_chain(:after_successful_authorization, :call)
|
368
|
-
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
369
|
-
end
|
370
|
-
end
|
371
|
-
|
372
|
-
describe "with errors" do
|
373
|
-
after do
|
374
|
-
post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: "bad_uri" }
|
375
|
-
end
|
376
|
-
|
377
|
-
it "should not call :before_successful_authorization callback" do
|
378
|
-
expect(Doorkeeper.config).not_to receive(:before_successful_authorization)
|
379
|
-
end
|
380
|
-
|
381
|
-
it "should not call :after_successful_authorization callback" do
|
382
|
-
expect(Doorkeeper.config).not_to receive(:after_successful_authorization)
|
383
|
-
end
|
384
|
-
end
|
385
|
-
end
|
386
|
-
|
387
|
-
describe "GET #new token request with native url and skip_authorization true" do
|
388
|
-
before do
|
389
|
-
allow(Doorkeeper.config).to receive(:skip_authorization).and_return(proc do
|
390
|
-
true
|
391
|
-
end)
|
392
|
-
|
393
|
-
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
394
|
-
|
395
|
-
get :new, params: {
|
396
|
-
client_id: client.uid,
|
397
|
-
response_type: "token",
|
398
|
-
redirect_uri: client.redirect_uri,
|
399
|
-
}
|
400
|
-
end
|
401
|
-
|
402
|
-
it "should redirect immediately" do
|
403
|
-
expect(response).to be_redirect
|
404
|
-
expect(response.location).to match(%r{/oauth/token/info\?access_token=})
|
405
|
-
end
|
406
|
-
|
407
|
-
it "should not issue a grant" do
|
408
|
-
expect(Doorkeeper::AccessGrant.count).to be 0
|
409
|
-
end
|
410
|
-
|
411
|
-
it "should issue a token" do
|
412
|
-
expect(Doorkeeper::AccessToken.count).to be 1
|
413
|
-
end
|
414
|
-
end
|
415
|
-
|
416
|
-
describe "GET #new code request with native url and skip_authorization true" do
|
417
|
-
before do
|
418
|
-
allow(Doorkeeper.config).to receive(:grant_flows).and_return(%w[authorization_code])
|
419
|
-
allow(Doorkeeper.config).to receive(:skip_authorization).and_return(proc do
|
420
|
-
true
|
421
|
-
end)
|
422
|
-
|
423
|
-
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
424
|
-
|
425
|
-
get :new, params: {
|
426
|
-
client_id: client.uid,
|
427
|
-
response_type: "code",
|
428
|
-
redirect_uri: client.redirect_uri,
|
429
|
-
}
|
430
|
-
end
|
431
|
-
|
432
|
-
it "should redirect immediately" do
|
433
|
-
expect(response).to be_redirect
|
434
|
-
expect(response.location)
|
435
|
-
.to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
|
436
|
-
end
|
437
|
-
|
438
|
-
it "should issue a grant" do
|
439
|
-
expect(Doorkeeper::AccessGrant.count).to be 1
|
440
|
-
end
|
441
|
-
|
442
|
-
it "should not issue a token" do
|
443
|
-
expect(Doorkeeper::AccessToken.count).to be 0
|
444
|
-
end
|
445
|
-
end
|
446
|
-
|
447
|
-
describe "GET #new with skip_authorization true" do
|
448
|
-
before do
|
449
|
-
allow(Doorkeeper.config).to receive(:skip_authorization).and_return(proc do
|
450
|
-
true
|
451
|
-
end)
|
452
|
-
|
453
|
-
get :new, params: {
|
454
|
-
client_id: client.uid,
|
455
|
-
response_type: "token",
|
456
|
-
redirect_uri: client.redirect_uri,
|
457
|
-
}
|
458
|
-
end
|
459
|
-
|
460
|
-
it "should redirect immediately" do
|
461
|
-
expect(response).to be_redirect
|
462
|
-
expect(response.location).to match(/^#{client.redirect_uri}/)
|
463
|
-
end
|
464
|
-
|
465
|
-
it "should issue a token" do
|
466
|
-
expect(Doorkeeper::AccessToken.count).to be 1
|
467
|
-
end
|
468
|
-
|
469
|
-
it "includes token type in fragment" do
|
470
|
-
expect(response.query_params["token_type"]).to eq("Bearer")
|
471
|
-
end
|
472
|
-
|
473
|
-
it "includes token expiration in fragment" do
|
474
|
-
expect(response.query_params["expires_in"].to_i).to eq(1234)
|
475
|
-
end
|
476
|
-
|
477
|
-
it "issues the token for the current client" do
|
478
|
-
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
479
|
-
end
|
480
|
-
|
481
|
-
it "issues the token for the current resource owner" do
|
482
|
-
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
483
|
-
end
|
484
|
-
end
|
485
|
-
|
486
|
-
describe "GET #new in API mode" do
|
487
|
-
before do
|
488
|
-
allow(Doorkeeper.config).to receive(:api_only).and_return(true)
|
489
|
-
|
490
|
-
get :new, params: {
|
491
|
-
client_id: client.uid,
|
492
|
-
response_type: "token",
|
493
|
-
redirect_uri: client.redirect_uri,
|
494
|
-
}
|
495
|
-
end
|
496
|
-
|
497
|
-
it "should render success" do
|
498
|
-
expect(response).to be_successful
|
499
|
-
end
|
500
|
-
|
501
|
-
it "sets status to pre-authorization" do
|
502
|
-
expect(json_response["status"]).to eq(I18n.t("doorkeeper.pre_authorization.status"))
|
503
|
-
end
|
504
|
-
|
505
|
-
it "sets correct values" do
|
506
|
-
expect(json_response["client_id"]).to eq(client.uid)
|
507
|
-
expect(json_response["redirect_uri"]).to eq(client.redirect_uri)
|
508
|
-
expect(json_response["state"]).to be_nil
|
509
|
-
expect(json_response["response_type"]).to eq("token")
|
510
|
-
expect(json_response["scope"]).to eq("default")
|
511
|
-
end
|
512
|
-
end
|
513
|
-
|
514
|
-
describe "GET #new in API mode with skip_authorization true" do
|
515
|
-
before do
|
516
|
-
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
|
517
|
-
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
518
|
-
|
519
|
-
get :new, params: {
|
520
|
-
client_id: client.uid,
|
521
|
-
response_type: "token",
|
522
|
-
redirect_uri: client.redirect_uri,
|
523
|
-
}
|
524
|
-
end
|
525
|
-
|
526
|
-
it "should render success" do
|
527
|
-
expect(response).to be_successful
|
528
|
-
end
|
529
|
-
|
530
|
-
it "should issue a token" do
|
531
|
-
expect(Doorkeeper::AccessToken.count).to be 1
|
532
|
-
end
|
533
|
-
|
534
|
-
it "sets status to redirect" do
|
535
|
-
expect(JSON.parse(response.body)["status"]).to eq("redirect")
|
536
|
-
end
|
537
|
-
|
538
|
-
it "sets redirect_uri to correct value" do
|
539
|
-
redirect_uri = JSON.parse(response.body)["redirect_uri"]
|
540
|
-
expect(redirect_uri).to_not be_nil
|
541
|
-
expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
|
542
|
-
expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
|
543
|
-
expect(
|
544
|
-
redirect_uri.match(/access_token=([a-zA-Z0-9\-_]+)&?/)[1],
|
545
|
-
).to eq Doorkeeper::AccessToken.first.token
|
546
|
-
end
|
547
|
-
|
548
|
-
it "issues the token for the current client" do
|
549
|
-
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
550
|
-
end
|
551
|
-
|
552
|
-
it "issues the token for the current resource owner" do
|
553
|
-
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
554
|
-
end
|
555
|
-
end
|
556
|
-
|
557
|
-
describe "GET #new with errors" do
|
558
|
-
context "without valid params" do
|
559
|
-
before do
|
560
|
-
default_scopes_exist :public
|
561
|
-
get :new, params: { an_invalid: "request" }
|
562
|
-
end
|
563
|
-
|
564
|
-
it "does not redirect" do
|
565
|
-
expect(response).to_not be_redirect
|
566
|
-
end
|
567
|
-
|
568
|
-
it "does not issue any token" do
|
569
|
-
expect(Doorkeeper::AccessGrant.count).to eq 0
|
570
|
-
expect(Doorkeeper::AccessToken.count).to eq 0
|
571
|
-
end
|
572
|
-
end
|
573
|
-
|
574
|
-
context "when user cannot access application" do
|
575
|
-
before do
|
576
|
-
allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
|
577
|
-
|
578
|
-
get :new, params: {
|
579
|
-
client_id: client.uid,
|
580
|
-
response_type: "token",
|
581
|
-
redirect_uri: client.redirect_uri,
|
582
|
-
}
|
583
|
-
end
|
584
|
-
|
585
|
-
it "does not redirect" do
|
586
|
-
expect(response).to_not be_redirect
|
587
|
-
end
|
588
|
-
|
589
|
-
it "does not issue any token" do
|
590
|
-
expect(Doorkeeper::AccessGrant.count).to eq 0
|
591
|
-
expect(Doorkeeper::AccessToken.count).to eq 0
|
592
|
-
end
|
593
|
-
end
|
594
|
-
end
|
595
|
-
|
596
|
-
describe "GET #new in API mode with errors" do
|
597
|
-
before do
|
598
|
-
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
599
|
-
default_scopes_exist :public
|
600
|
-
end
|
601
|
-
|
602
|
-
context "without valid params" do
|
603
|
-
before do
|
604
|
-
get :new, params: { an_invalid: "request" }
|
605
|
-
end
|
606
|
-
|
607
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
608
|
-
|
609
|
-
it "should render bad request" do
|
610
|
-
expect(response).to have_http_status(:bad_request)
|
611
|
-
end
|
612
|
-
|
613
|
-
it "includes error in body" do
|
614
|
-
expect(response_json_body["error"]).to eq("invalid_request")
|
615
|
-
end
|
616
|
-
|
617
|
-
it "includes error description in body" do
|
618
|
-
expect(response_json_body["error_description"])
|
619
|
-
.to eq(translated_invalid_request_error_message(:missing_param, :client_id))
|
620
|
-
end
|
621
|
-
|
622
|
-
it "does not issue any token" do
|
623
|
-
expect(Doorkeeper::AccessGrant.count).to eq 0
|
624
|
-
expect(Doorkeeper::AccessToken.count).to eq 0
|
625
|
-
end
|
626
|
-
end
|
627
|
-
|
628
|
-
context "when user cannot access application" do
|
629
|
-
before do
|
630
|
-
allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
|
631
|
-
|
632
|
-
get :new, params: {
|
633
|
-
client_id: client.uid,
|
634
|
-
response_type: "token",
|
635
|
-
redirect_uri: client.redirect_uri,
|
636
|
-
}
|
637
|
-
end
|
638
|
-
|
639
|
-
let(:response_json_body) { JSON.parse(response.body) }
|
640
|
-
|
641
|
-
it "should render bad request" do
|
642
|
-
expect(response).to have_http_status(:bad_request)
|
643
|
-
end
|
644
|
-
|
645
|
-
it "includes error in body" do
|
646
|
-
expect(response_json_body["error"]).to eq("invalid_client")
|
647
|
-
end
|
648
|
-
|
649
|
-
it "includes error description in body" do
|
650
|
-
expect(response_json_body["error_description"])
|
651
|
-
.to eq(translated_error_message(:invalid_client))
|
652
|
-
end
|
653
|
-
|
654
|
-
it "does not issue any token" do
|
655
|
-
expect(Doorkeeper::AccessGrant.count).to eq 0
|
656
|
-
expect(Doorkeeper::AccessToken.count).to eq 0
|
657
|
-
end
|
658
|
-
end
|
659
|
-
end
|
660
|
-
|
661
|
-
describe "GET #new with callbacks" do
|
662
|
-
after do
|
663
|
-
client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
|
664
|
-
get :new, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
|
665
|
-
end
|
666
|
-
|
667
|
-
describe "when authorizing" do
|
668
|
-
before do
|
669
|
-
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
|
670
|
-
end
|
671
|
-
|
672
|
-
it "should call :before_successful_authorization callback" do
|
673
|
-
expect(Doorkeeper.configuration)
|
674
|
-
.to receive_message_chain(:before_successful_authorization, :call)
|
675
|
-
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
676
|
-
end
|
677
|
-
|
678
|
-
it "should call :after_successful_authorization callback" do
|
679
|
-
expect(Doorkeeper.configuration)
|
680
|
-
.to receive_message_chain(:after_successful_authorization, :call)
|
681
|
-
.with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
|
682
|
-
end
|
683
|
-
end
|
684
|
-
|
685
|
-
describe "when not authorizing" do
|
686
|
-
before do
|
687
|
-
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
|
688
|
-
end
|
689
|
-
|
690
|
-
it "should not call :before_successful_authorization callback" do
|
691
|
-
expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
|
692
|
-
end
|
693
|
-
|
694
|
-
it "should not call :after_successful_authorization callback" do
|
695
|
-
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
696
|
-
end
|
697
|
-
end
|
698
|
-
|
699
|
-
describe "when not authorizing in api mode" do
|
700
|
-
before do
|
701
|
-
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
|
702
|
-
allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
|
703
|
-
end
|
704
|
-
|
705
|
-
it "should not call :before_successful_authorization callback" do
|
706
|
-
expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
|
707
|
-
end
|
708
|
-
|
709
|
-
it "should not call :after_successful_authorization callback" do
|
710
|
-
expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
|
711
|
-
end
|
712
|
-
end
|
713
|
-
end
|
714
|
-
|
715
|
-
describe "authorize response memoization" do
|
716
|
-
it "memoizes the result of the authorization" do
|
717
|
-
pre_auth = double(:pre_auth, authorizable?: true)
|
718
|
-
allow(controller).to receive(:pre_auth) { pre_auth }
|
719
|
-
strategy = double(:strategy, authorize: true)
|
720
|
-
expect(strategy).to receive(:authorize).once
|
721
|
-
allow(controller).to receive(:strategy) { strategy }
|
722
|
-
allow(controller).to receive(:create) do
|
723
|
-
2.times { controller.send :authorize_response }
|
724
|
-
controller.render json: {}, status: :ok
|
725
|
-
end
|
726
|
-
|
727
|
-
post :create
|
728
|
-
end
|
729
|
-
end
|
730
|
-
|
731
|
-
describe "strong parameters" do
|
732
|
-
it "ignores non-scalar scope parameter" do
|
733
|
-
get :new, params: {
|
734
|
-
client_id: client.uid,
|
735
|
-
response_type: "token",
|
736
|
-
redirect_uri: client.redirect_uri,
|
737
|
-
scope: { "0" => "profile" },
|
738
|
-
}
|
739
|
-
|
740
|
-
expect(response).to be_successful
|
741
|
-
end
|
742
|
-
end
|
743
|
-
end
|