doorkeeper 5.4.0.rc1 → 5.4.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (181) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +28 -1
  3. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  4. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  5. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  6. data/lib/doorkeeper.rb +1 -1
  7. data/lib/doorkeeper/config.rb +24 -18
  8. data/lib/doorkeeper/config/abstract_builder.rb +1 -1
  9. data/lib/doorkeeper/helpers/controller.rb +4 -4
  10. data/lib/doorkeeper/models/access_grant_mixin.rb +11 -5
  11. data/lib/doorkeeper/models/access_token_mixin.rb +9 -5
  12. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  13. data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -2
  14. data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
  15. data/lib/doorkeeper/oauth/password_access_token_request.rb +1 -1
  16. data/lib/doorkeeper/oauth/pre_authorization.rb +5 -4
  17. data/lib/doorkeeper/oauth/token.rb +1 -2
  18. data/lib/doorkeeper/orm/active_record.rb +10 -2
  19. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +1 -1
  20. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +1 -1
  21. data/lib/doorkeeper/orm/active_record/mixins/application.rb +64 -9
  22. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  23. data/lib/doorkeeper/version.rb +1 -1
  24. data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
  25. metadata +5 -299
  26. data/Appraisals +0 -26
  27. data/CODE_OF_CONDUCT.md +0 -46
  28. data/CONTRIBUTING.md +0 -49
  29. data/Dangerfile +0 -67
  30. data/Dockerfile +0 -29
  31. data/Gemfile +0 -25
  32. data/NEWS.md +0 -1
  33. data/RELEASING.md +0 -11
  34. data/Rakefile +0 -28
  35. data/SECURITY.md +0 -15
  36. data/UPGRADE.md +0 -2
  37. data/bin/console +0 -30
  38. data/doorkeeper.gemspec +0 -42
  39. data/gemfiles/rails_5_0.gemfile +0 -19
  40. data/gemfiles/rails_5_1.gemfile +0 -19
  41. data/gemfiles/rails_5_2.gemfile +0 -19
  42. data/gemfiles/rails_6_0.gemfile +0 -19
  43. data/gemfiles/rails_master.gemfile +0 -19
  44. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  45. data/spec/controllers/applications_controller_spec.rb +0 -274
  46. data/spec/controllers/authorizations_controller_spec.rb +0 -743
  47. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  48. data/spec/controllers/token_info_controller_spec.rb +0 -50
  49. data/spec/controllers/tokens_controller_spec.rb +0 -499
  50. data/spec/dummy/Rakefile +0 -9
  51. data/spec/dummy/app/assets/config/manifest.js +0 -2
  52. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  53. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  54. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  55. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  56. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  57. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  58. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  59. data/spec/dummy/app/models/user.rb +0 -11
  60. data/spec/dummy/app/views/home/index.html.erb +0 -0
  61. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  62. data/spec/dummy/config.ru +0 -6
  63. data/spec/dummy/config/application.rb +0 -51
  64. data/spec/dummy/config/boot.rb +0 -7
  65. data/spec/dummy/config/database.yml +0 -15
  66. data/spec/dummy/config/environment.rb +0 -5
  67. data/spec/dummy/config/environments/development.rb +0 -31
  68. data/spec/dummy/config/environments/production.rb +0 -64
  69. data/spec/dummy/config/environments/test.rb +0 -45
  70. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  71. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  72. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  73. data/spec/dummy/config/initializers/session_store.rb +0 -10
  74. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  75. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  76. data/spec/dummy/config/routes.rb +0 -13
  77. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  78. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  79. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  80. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  81. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  82. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  83. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  84. data/spec/dummy/db/schema.rb +0 -70
  85. data/spec/dummy/public/404.html +0 -26
  86. data/spec/dummy/public/422.html +0 -26
  87. data/spec/dummy/public/500.html +0 -26
  88. data/spec/dummy/public/favicon.ico +0 -0
  89. data/spec/dummy/script/rails +0 -9
  90. data/spec/factories.rb +0 -30
  91. data/spec/generators/application_owner_generator_spec.rb +0 -28
  92. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  93. data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
  94. data/spec/generators/install_generator_spec.rb +0 -36
  95. data/spec/generators/migration_generator_spec.rb +0 -28
  96. data/spec/generators/pkce_generator_spec.rb +0 -28
  97. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  98. data/spec/generators/templates/routes.rb +0 -4
  99. data/spec/generators/views_generator_spec.rb +0 -29
  100. data/spec/grape/grape_integration_spec.rb +0 -137
  101. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  102. data/spec/lib/config_spec.rb +0 -813
  103. data/spec/lib/doorkeeper_spec.rb +0 -27
  104. data/spec/lib/models/expirable_spec.rb +0 -61
  105. data/spec/lib/models/reusable_spec.rb +0 -40
  106. data/spec/lib/models/revocable_spec.rb +0 -58
  107. data/spec/lib/models/scopes_spec.rb +0 -61
  108. data/spec/lib/models/secret_storable_spec.rb +0 -135
  109. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  110. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
  111. data/spec/lib/oauth/base_request_spec.rb +0 -210
  112. data/spec/lib/oauth/base_response_spec.rb +0 -45
  113. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  114. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
  115. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
  116. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
  117. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  118. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
  119. data/spec/lib/oauth/client_spec.rb +0 -38
  120. data/spec/lib/oauth/code_request_spec.rb +0 -46
  121. data/spec/lib/oauth/code_response_spec.rb +0 -36
  122. data/spec/lib/oauth/error_response_spec.rb +0 -64
  123. data/spec/lib/oauth/error_spec.rb +0 -21
  124. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  125. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  126. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  127. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  128. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  129. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  130. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
  131. data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
  132. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  133. data/spec/lib/oauth/scopes_spec.rb +0 -146
  134. data/spec/lib/oauth/token_request_spec.rb +0 -164
  135. data/spec/lib/oauth/token_response_spec.rb +0 -84
  136. data/spec/lib/oauth/token_spec.rb +0 -156
  137. data/spec/lib/option_spec.rb +0 -51
  138. data/spec/lib/request/strategy_spec.rb +0 -54
  139. data/spec/lib/secret_storing/base_spec.rb +0 -60
  140. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  141. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  142. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  143. data/spec/lib/server_spec.rb +0 -49
  144. data/spec/lib/stale_records_cleaner_spec.rb +0 -102
  145. data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
  146. data/spec/models/doorkeeper/access_token_spec.rb +0 -650
  147. data/spec/models/doorkeeper/application_spec.rb +0 -442
  148. data/spec/requests/applications/applications_request_spec.rb +0 -259
  149. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  150. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  151. data/spec/requests/endpoints/token_spec.rb +0 -79
  152. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
  153. data/spec/requests/flows/authorization_code_spec.rb +0 -530
  154. data/spec/requests/flows/client_credentials_spec.rb +0 -207
  155. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  156. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  157. data/spec/requests/flows/password_spec.rb +0 -316
  158. data/spec/requests/flows/refresh_token_spec.rb +0 -241
  159. data/spec/requests/flows/revoke_token_spec.rb +0 -196
  160. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  161. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  162. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  163. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  164. data/spec/routing/default_routes_spec.rb +0 -41
  165. data/spec/routing/scoped_routes_spec.rb +0 -47
  166. data/spec/spec_helper.rb +0 -54
  167. data/spec/spec_helper_integration.rb +0 -4
  168. data/spec/support/dependencies/factory_bot.rb +0 -4
  169. data/spec/support/doorkeeper_rspec.rb +0 -22
  170. data/spec/support/helpers/access_token_request_helper.rb +0 -14
  171. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  172. data/spec/support/helpers/config_helper.rb +0 -11
  173. data/spec/support/helpers/model_helper.rb +0 -78
  174. data/spec/support/helpers/request_spec_helper.rb +0 -110
  175. data/spec/support/helpers/url_helper.rb +0 -62
  176. data/spec/support/orm/active_record.rb +0 -5
  177. data/spec/support/shared/controllers_shared_context.rb +0 -133
  178. data/spec/support/shared/hashing_shared_context.rb +0 -36
  179. data/spec/support/shared/models_shared_examples.rb +0 -56
  180. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  181. data/spec/version/version_spec.rb +0 -17
@@ -1,27 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper do
6
- describe "#authenticate" do
7
- let(:request) { double }
8
-
9
- it "calls OAuth::Token#authenticate" do
10
- token_strategies = Doorkeeper.config.access_token_methods
11
-
12
- expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
13
- .with(request, *token_strategies)
14
-
15
- Doorkeeper.authenticate(request)
16
- end
17
-
18
- it "accepts custom token strategies" do
19
- token_strategies = %i[first_way second_way]
20
-
21
- expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
22
- .with(request, *token_strategies)
23
-
24
- Doorkeeper.authenticate(request, token_strategies)
25
- end
26
- end
27
- end
@@ -1,61 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Expirable" do
6
- subject do
7
- Class.new do
8
- include Doorkeeper::Models::Expirable
9
- end.new
10
- end
11
-
12
- before do
13
- allow(subject).to receive(:created_at).and_return(1.minute.ago)
14
- end
15
-
16
- describe :expired? do
17
- it "is not expired if time has not passed" do
18
- allow(subject).to receive(:expires_in).and_return(2.minutes)
19
- expect(subject).not_to be_expired
20
- end
21
-
22
- it "is expired if time has passed" do
23
- allow(subject).to receive(:expires_in).and_return(10.seconds)
24
- expect(subject).to be_expired
25
- end
26
-
27
- it "is not expired if expires_in is not set" do
28
- allow(subject).to receive(:expires_in).and_return(nil)
29
- expect(subject).not_to be_expired
30
- end
31
- end
32
-
33
- describe :expires_in_seconds do
34
- it "should return the amount of time remaining until the token is expired" do
35
- allow(subject).to receive(:expires_in).and_return(2.minutes)
36
- expect(subject.expires_in_seconds).to eq(60)
37
- end
38
-
39
- it "should return 0 when expired" do
40
- allow(subject).to receive(:expires_in).and_return(30.seconds)
41
- expect(subject.expires_in_seconds).to eq(0)
42
- end
43
-
44
- it "should return nil when expires_in is nil" do
45
- allow(subject).to receive(:expires_in).and_return(nil)
46
- expect(subject.expires_in_seconds).to be_nil
47
- end
48
- end
49
-
50
- describe :expires_at do
51
- it "should return the expiration time of the token" do
52
- allow(subject).to receive(:expires_in).and_return(2.minutes)
53
- expect(subject.expires_at).to be_a(Time)
54
- end
55
-
56
- it "should return nil when expires_in is nil" do
57
- allow(subject).to receive(:expires_in).and_return(nil)
58
- expect(subject.expires_at).to be_nil
59
- end
60
- end
61
- end
@@ -1,40 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Reusable" do
6
- subject do
7
- Class.new do
8
- include Doorkeeper::Models::Reusable
9
- end.new
10
- end
11
-
12
- describe :reusable? do
13
- it "is reusable if its expires_in is nil" do
14
- allow(subject).to receive(:expired?).and_return(false)
15
- allow(subject).to receive(:expires_in).and_return(nil)
16
- expect(subject).to be_reusable
17
- end
18
-
19
- it "is reusable if its expiry has crossed reusable limit" do
20
- allow(subject).to receive(:expired?).and_return(false)
21
- allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
22
- allow(subject).to receive(:expires_in).and_return(100.seconds)
23
- allow(subject).to receive(:expires_in_seconds).and_return(20.seconds)
24
- expect(subject).to be_reusable
25
- end
26
-
27
- it "is not reusable if its expiry has crossed reusable limit" do
28
- allow(subject).to receive(:expired?).and_return(false)
29
- allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
30
- allow(subject).to receive(:expires_in).and_return(100.seconds)
31
- allow(subject).to receive(:expires_in_seconds).and_return(5.seconds)
32
- expect(subject).not_to be_reusable
33
- end
34
-
35
- it "is not reusable if it is already expired" do
36
- allow(subject).to receive(:expired?).and_return(true)
37
- expect(subject).not_to be_reusable
38
- end
39
- end
40
- end
@@ -1,58 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Revocable" do
6
- subject do
7
- Class.new do
8
- include Doorkeeper::Models::Revocable
9
- end.new
10
- end
11
-
12
- describe :revoke do
13
- it "updates :revoked_at attribute with current time" do
14
- utc = double utc: double
15
- clock = double now: utc
16
- expect(subject).to receive(:update_column).with(:revoked_at, clock.now.utc)
17
- subject.revoke(clock)
18
- end
19
- end
20
-
21
- describe :revoked? do
22
- it "is revoked if :revoked_at has passed" do
23
- allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
24
- expect(subject).to be_revoked
25
- end
26
-
27
- it "is not revoked if :revoked_at has not passed" do
28
- allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
29
- expect(subject).not_to be_revoked
30
- end
31
-
32
- it "is not revoked if :revoked_at is not set" do
33
- allow(subject).to receive(:revoked_at).and_return(nil)
34
- expect(subject).not_to be_revoked
35
- end
36
- end
37
-
38
- describe :revoke_previous_refresh_token! do
39
- it "revokes the previous token if exists and resets the `previous_refresh_token` attribute" do
40
- previous_token = FactoryBot.create(
41
- :access_token,
42
- refresh_token: "refresh_token",
43
- )
44
- current_token = FactoryBot.create(
45
- :access_token,
46
- previous_refresh_token: previous_token.refresh_token,
47
- )
48
-
49
- expect_any_instance_of(
50
- Doorkeeper::AccessToken,
51
- ).to receive(:revoke).and_call_original
52
- current_token.revoke_previous_refresh_token!
53
-
54
- expect(current_token.previous_refresh_token).to be_empty
55
- expect(previous_token.reload).to be_revoked
56
- end
57
- end
58
- end
@@ -1,61 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "Doorkeeper::Models::Scopes" do
6
- subject do
7
- Class.new(Struct.new(:scopes)) do
8
- include Doorkeeper::Models::Scopes
9
- end.new
10
- end
11
-
12
- before do
13
- subject[:scopes] = "public admin"
14
- end
15
-
16
- describe :scopes do
17
- it "is a `Scopes` class" do
18
- expect(subject.scopes).to be_a(Doorkeeper::OAuth::Scopes)
19
- end
20
-
21
- it "includes scopes" do
22
- expect(subject.scopes).to include("public")
23
- end
24
- end
25
-
26
- describe :scopes= do
27
- it "accepts String" do
28
- subject.scopes = "private admin"
29
- expect(subject.scopes_string).to eq("private admin")
30
- end
31
-
32
- it "accepts Array" do
33
- subject.scopes = %w[private admin]
34
- expect(subject.scopes_string).to eq("private admin")
35
- end
36
-
37
- it "ignores duplicated scopes" do
38
- subject.scopes = %w[private admin admin]
39
- expect(subject.scopes_string).to eq("private admin")
40
-
41
- subject.scopes = "private admin admin"
42
- expect(subject.scopes_string).to eq("private admin")
43
- end
44
- end
45
-
46
- describe :scopes_string do
47
- it "is a `Scopes` class" do
48
- expect(subject.scopes_string).to eq("public admin")
49
- end
50
- end
51
-
52
- describe :includes_scope? do
53
- it "should return true if at least one scope is included" do
54
- expect(subject.includes_scope?("public", "private")).to be true
55
- end
56
-
57
- it "should return false if no scopes are included" do
58
- expect(subject.includes_scope?("teacher", "student")).to be false
59
- end
60
- end
61
- end
@@ -1,135 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe "SecretStorable" do
6
- let(:clazz) do
7
- Class.new do
8
- include Doorkeeper::Models::SecretStorable
9
-
10
- def self.find_by(*)
11
- raise "stub this"
12
- end
13
-
14
- def update_column(*)
15
- raise "stub this"
16
- end
17
-
18
- def token
19
- raise "stub this"
20
- end
21
- end
22
- end
23
- let(:strategy) { clazz.secret_strategy }
24
-
25
- describe :find_by_plaintext_token do
26
- subject { clazz.send(:find_by_plaintext_token, "attr", "input") }
27
-
28
- it "forwards to the secret_strategy" do
29
- expect(strategy)
30
- .to receive(:transform_secret)
31
- .with("input")
32
- .and_return "found"
33
-
34
- expect(clazz)
35
- .to receive(:find_by)
36
- .with("attr" => "found")
37
- .and_return "result"
38
-
39
- expect(subject).to eq "result"
40
- end
41
-
42
- it "calls find_by_fallback_token if not found" do
43
- expect(clazz)
44
- .to receive(:find_by)
45
- .with("attr" => "input")
46
- .and_return nil
47
-
48
- expect(clazz)
49
- .to receive(:find_by_fallback_token)
50
- .with("attr", "input")
51
- .and_return "fallback"
52
-
53
- expect(subject).to eq "fallback"
54
- end
55
- end
56
-
57
- describe :find_by_fallback_token do
58
- subject { clazz.send(:find_by_fallback_token, "attr", "input") }
59
- let(:fallback) { double(::Doorkeeper::SecretStoring::Plain) }
60
-
61
- it "returns nil if none defined" do
62
- expect(clazz.fallback_secret_strategy).to eq nil
63
- expect(subject).to eq nil
64
- end
65
-
66
- context "if a fallback strategy is defined" do
67
- before do
68
- allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
69
- end
70
-
71
- context "if a resource is defined" do
72
- let(:resource) { double("Token model") }
73
-
74
- it "calls the strategy for lookup" do
75
- expect(clazz)
76
- .to receive(:find_by)
77
- .with("attr" => "fallback")
78
- .and_return(resource)
79
-
80
- expect(fallback)
81
- .to receive(:transform_secret)
82
- .with("input")
83
- .and_return("fallback")
84
-
85
- # store_secret will call the resource
86
- expect(resource)
87
- .to receive(:attr=)
88
- .with("new value")
89
-
90
- # It will upgrade the secret automtically using the current strategy
91
- expect(strategy)
92
- .to receive(:transform_secret)
93
- .with("input")
94
- .and_return("new value")
95
-
96
- expect(resource).to receive(:update).with("attr" => "new value")
97
- expect(subject).to eq resource
98
- end
99
- end
100
-
101
- context "if a resource is not defined" do
102
- before do
103
- allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
104
- end
105
-
106
- it "returns nil" do
107
- expect(clazz)
108
- .to receive(:find_by)
109
- .with("attr" => "fallback")
110
- .and_return(nil)
111
-
112
- expect(fallback)
113
- .to receive(:transform_secret)
114
- .with("input")
115
- .and_return("fallback")
116
-
117
- # It does not find a token even with the fallback method
118
- expect(subject).to be_nil
119
- end
120
- end
121
- end
122
- end
123
-
124
- describe :secret_strategy do
125
- it "defaults to plain strategy" do
126
- expect(strategy).to eq Doorkeeper::SecretStoring::Plain
127
- end
128
- end
129
-
130
- describe :fallback_secret_strategy do
131
- it "defaults to nil" do
132
- expect(clazz.fallback_secret_strategy).to eq nil
133
- end
134
- end
135
- end
@@ -1,39 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper::OAuth::Authorization
6
- describe URIBuilder do
7
- subject { URIBuilder }
8
-
9
- describe :uri_with_query do
10
- it "returns the uri with query" do
11
- uri = subject.uri_with_query "http://example.com/", parameter: "value"
12
- expect(uri).to eq("http://example.com/?parameter=value")
13
- end
14
-
15
- it "rejects nil values" do
16
- uri = subject.uri_with_query "http://example.com/", parameter: ""
17
- expect(uri).to eq("http://example.com/?")
18
- end
19
-
20
- it "preserves original query parameters" do
21
- uri = subject.uri_with_query "http://example.com/?query1=value", parameter: "value"
22
- expect(uri).to match(/query1=value/)
23
- expect(uri).to match(/parameter=value/)
24
- end
25
- end
26
-
27
- describe :uri_with_fragment do
28
- it "returns uri with parameters as fragments" do
29
- uri = subject.uri_with_fragment "http://example.com/", parameter: "value"
30
- expect(uri).to eq("http://example.com/#parameter=value")
31
- end
32
-
33
- it "preserves original query parameters" do
34
- uri = subject.uri_with_fragment "http://example.com/?query1=value1", parameter: "value"
35
- expect(uri).to eq("http://example.com/?query1=value1#parameter=value")
36
- end
37
- end
38
- end
39
- end
@@ -1,180 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::AuthorizationCodeRequest do
6
- let(:server) do
7
- double :server,
8
- access_token_expires_in: 2.days,
9
- refresh_token_enabled?: false,
10
- custom_access_token_expires_in: lambda { |context|
11
- context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
12
- }
13
- end
14
-
15
- let(:resource_owner) { FactoryBot.create :resource_owner }
16
- let(:grant) do
17
- FactoryBot.create :access_grant,
18
- resource_owner_id: resource_owner.id,
19
- resource_owner_type: resource_owner.class.name
20
- end
21
- let(:client) { grant.application }
22
- let(:redirect_uri) { client.redirect_uri }
23
- let(:params) { { redirect_uri: redirect_uri } }
24
-
25
- before do
26
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
27
- end
28
-
29
- subject do
30
- described_class.new(server, grant, client, params)
31
- end
32
-
33
- it "issues a new token for the client" do
34
- expect do
35
- subject.authorize
36
- end.to change { client.reload.access_tokens.count }.by(1)
37
-
38
- expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
39
- end
40
-
41
- it "issues the token with same grant's scopes" do
42
- subject.authorize
43
- expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
44
- end
45
-
46
- it "revokes the grant" do
47
- expect { subject.authorize }.to(change { grant.reload.accessible? })
48
- end
49
-
50
- it "requires the grant to be accessible" do
51
- grant.revoke
52
- subject.validate
53
- expect(subject.error).to eq(:invalid_grant)
54
- end
55
-
56
- it "requires the grant" do
57
- subject = described_class.new(server, nil, client, params)
58
- subject.validate
59
- expect(subject.error).to eq(:invalid_grant)
60
- end
61
-
62
- it "requires the client" do
63
- subject = described_class.new(server, grant, nil, params)
64
- subject.validate
65
- expect(subject.error).to eq(:invalid_client)
66
- end
67
-
68
- it "requires the redirect_uri" do
69
- subject = described_class.new(server, grant, nil, params.except(:redirect_uri))
70
- subject.validate
71
- expect(subject.error).to eq(:invalid_request)
72
- expect(subject.missing_param).to eq(:redirect_uri)
73
- end
74
-
75
- it "invalid code_verifier param because server does not support pkce" do
76
- allow(Doorkeeper::AccessGrant).to receive(:pkce_supported?).and_return(false)
77
- code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
78
- subject = described_class.new(server, grant, client, params.merge(code_verifier: code_verifier))
79
- subject.validate
80
- expect(subject.error).to eq(:invalid_request)
81
- expect(subject.invalid_request_reason).to eq(:not_support_pkce)
82
- end
83
-
84
- it "matches the redirect_uri with grant's one" do
85
- subject = described_class.new(server, grant, client, params.merge(redirect_uri: "http://other.com"))
86
- subject.validate
87
- expect(subject.error).to eq(:invalid_grant)
88
- end
89
-
90
- it "matches the client with grant's one" do
91
- other_client = FactoryBot.create :application
92
- subject = described_class.new(server, grant, other_client, params)
93
- subject.validate
94
- expect(subject.error).to eq(:invalid_grant)
95
- end
96
-
97
- it "skips token creation if there is a matching one reusable" do
98
- scopes = grant.scopes
99
-
100
- Doorkeeper.configure do
101
- orm DOORKEEPER_ORM
102
- reuse_access_token
103
- default_scopes(*scopes)
104
- end
105
-
106
- FactoryBot.create(
107
- :access_token,
108
- application_id: client.id,
109
- resource_owner_id: grant.resource_owner_id,
110
- resource_owner_type: grant.resource_owner_type,
111
- scopes: grant.scopes.to_s,
112
- )
113
-
114
- expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
115
- end
116
-
117
- it "creates token if there is a matching one but non reusable" do
118
- scopes = grant.scopes
119
-
120
- Doorkeeper.configure do
121
- orm DOORKEEPER_ORM
122
- reuse_access_token
123
- default_scopes(*scopes)
124
- end
125
-
126
- FactoryBot.create(
127
- :access_token,
128
- application_id: client.id,
129
- resource_owner_id: grant.resource_owner_id,
130
- resource_owner_type: grant.resource_owner_type,
131
- scopes: grant.scopes.to_s,
132
- )
133
-
134
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
135
-
136
- expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
137
- end
138
-
139
- it "calls configured request callback methods" do
140
- expect(Doorkeeper.configuration.before_successful_strategy_response)
141
- .to receive(:call).with(subject).once
142
- expect(Doorkeeper.configuration.after_successful_strategy_response)
143
- .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
144
-
145
- subject.authorize
146
- end
147
-
148
- context "when redirect_uri contains some query params" do
149
- let(:redirect_uri) { client.redirect_uri + "?query=q" }
150
-
151
- it "compares only host part with grant's redirect_uri" do
152
- subject.validate
153
- expect(subject.error).to eq(nil)
154
- end
155
- end
156
-
157
- context "when redirect_uri is not an URI" do
158
- let(:redirect_uri) { "123d#!s" }
159
-
160
- it "responds with invalid_grant" do
161
- subject.validate
162
- expect(subject.error).to eq(:invalid_grant)
163
- end
164
- end
165
-
166
- context "when redirect_uri is the native one" do
167
- let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
168
-
169
- it "invalidates when redirect_uri of the grant is not native" do
170
- subject.validate
171
- expect(subject.error).to eq(:invalid_grant)
172
- end
173
-
174
- it "validates when redirect_uri of the grant is also native" do
175
- allow(grant).to receive(:redirect_uri) { redirect_uri }
176
- subject.validate
177
- expect(subject.error).to eq(nil)
178
- end
179
- end
180
- end