doorkeeper 5.4.0.rc1 → 5.4.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -1
- data/app/controllers/doorkeeper/applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/lib/doorkeeper.rb +1 -1
- data/lib/doorkeeper/config.rb +24 -18
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +4 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +11 -5
- data/lib/doorkeeper/models/access_token_mixin.rb +9 -5
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
- data/lib/doorkeeper/oauth/password_access_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +5 -4
- data/lib/doorkeeper/oauth/token.rb +1 -2
- data/lib/doorkeeper/orm/active_record.rb +10 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +64 -9
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/version.rb +1 -1
- data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
- metadata +5 -299
- data/Appraisals +0 -26
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -30
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -19
- data/gemfiles/rails_5_1.gemfile +0 -19
- data/gemfiles/rails_5_2.gemfile +0 -19
- data/gemfiles/rails_6_0.gemfile +0 -19
- data/gemfiles/rails_master.gemfile +0 -19
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -743
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -499
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -11
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -51
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -70
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -813
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -58
- data/spec/lib/models/scopes_spec.rb +0 -61
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
- data/spec/lib/oauth/base_request_spec.rb +0 -210
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -164
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/option_spec.rb +0 -51
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -102
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
- data/spec/models/doorkeeper/access_token_spec.rb +0 -650
- data/spec/models/doorkeeper/application_spec.rb +0 -442
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
- data/spec/requests/flows/authorization_code_spec.rb +0 -530
- data/spec/requests/flows/client_credentials_spec.rb +0 -207
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -241
- data/spec/requests/flows/revoke_token_spec.rb +0 -196
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -14
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -56
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
data/spec/lib/doorkeeper_spec.rb
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper do
|
6
|
-
describe "#authenticate" do
|
7
|
-
let(:request) { double }
|
8
|
-
|
9
|
-
it "calls OAuth::Token#authenticate" do
|
10
|
-
token_strategies = Doorkeeper.config.access_token_methods
|
11
|
-
|
12
|
-
expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
|
13
|
-
.with(request, *token_strategies)
|
14
|
-
|
15
|
-
Doorkeeper.authenticate(request)
|
16
|
-
end
|
17
|
-
|
18
|
-
it "accepts custom token strategies" do
|
19
|
-
token_strategies = %i[first_way second_way]
|
20
|
-
|
21
|
-
expect(Doorkeeper::OAuth::Token).to receive(:authenticate)
|
22
|
-
.with(request, *token_strategies)
|
23
|
-
|
24
|
-
Doorkeeper.authenticate(request, token_strategies)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,61 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe "Expirable" do
|
6
|
-
subject do
|
7
|
-
Class.new do
|
8
|
-
include Doorkeeper::Models::Expirable
|
9
|
-
end.new
|
10
|
-
end
|
11
|
-
|
12
|
-
before do
|
13
|
-
allow(subject).to receive(:created_at).and_return(1.minute.ago)
|
14
|
-
end
|
15
|
-
|
16
|
-
describe :expired? do
|
17
|
-
it "is not expired if time has not passed" do
|
18
|
-
allow(subject).to receive(:expires_in).and_return(2.minutes)
|
19
|
-
expect(subject).not_to be_expired
|
20
|
-
end
|
21
|
-
|
22
|
-
it "is expired if time has passed" do
|
23
|
-
allow(subject).to receive(:expires_in).and_return(10.seconds)
|
24
|
-
expect(subject).to be_expired
|
25
|
-
end
|
26
|
-
|
27
|
-
it "is not expired if expires_in is not set" do
|
28
|
-
allow(subject).to receive(:expires_in).and_return(nil)
|
29
|
-
expect(subject).not_to be_expired
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
describe :expires_in_seconds do
|
34
|
-
it "should return the amount of time remaining until the token is expired" do
|
35
|
-
allow(subject).to receive(:expires_in).and_return(2.minutes)
|
36
|
-
expect(subject.expires_in_seconds).to eq(60)
|
37
|
-
end
|
38
|
-
|
39
|
-
it "should return 0 when expired" do
|
40
|
-
allow(subject).to receive(:expires_in).and_return(30.seconds)
|
41
|
-
expect(subject.expires_in_seconds).to eq(0)
|
42
|
-
end
|
43
|
-
|
44
|
-
it "should return nil when expires_in is nil" do
|
45
|
-
allow(subject).to receive(:expires_in).and_return(nil)
|
46
|
-
expect(subject.expires_in_seconds).to be_nil
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
describe :expires_at do
|
51
|
-
it "should return the expiration time of the token" do
|
52
|
-
allow(subject).to receive(:expires_in).and_return(2.minutes)
|
53
|
-
expect(subject.expires_at).to be_a(Time)
|
54
|
-
end
|
55
|
-
|
56
|
-
it "should return nil when expires_in is nil" do
|
57
|
-
allow(subject).to receive(:expires_in).and_return(nil)
|
58
|
-
expect(subject.expires_at).to be_nil
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
@@ -1,40 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe "Reusable" do
|
6
|
-
subject do
|
7
|
-
Class.new do
|
8
|
-
include Doorkeeper::Models::Reusable
|
9
|
-
end.new
|
10
|
-
end
|
11
|
-
|
12
|
-
describe :reusable? do
|
13
|
-
it "is reusable if its expires_in is nil" do
|
14
|
-
allow(subject).to receive(:expired?).and_return(false)
|
15
|
-
allow(subject).to receive(:expires_in).and_return(nil)
|
16
|
-
expect(subject).to be_reusable
|
17
|
-
end
|
18
|
-
|
19
|
-
it "is reusable if its expiry has crossed reusable limit" do
|
20
|
-
allow(subject).to receive(:expired?).and_return(false)
|
21
|
-
allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
|
22
|
-
allow(subject).to receive(:expires_in).and_return(100.seconds)
|
23
|
-
allow(subject).to receive(:expires_in_seconds).and_return(20.seconds)
|
24
|
-
expect(subject).to be_reusable
|
25
|
-
end
|
26
|
-
|
27
|
-
it "is not reusable if its expiry has crossed reusable limit" do
|
28
|
-
allow(subject).to receive(:expired?).and_return(false)
|
29
|
-
allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(90)
|
30
|
-
allow(subject).to receive(:expires_in).and_return(100.seconds)
|
31
|
-
allow(subject).to receive(:expires_in_seconds).and_return(5.seconds)
|
32
|
-
expect(subject).not_to be_reusable
|
33
|
-
end
|
34
|
-
|
35
|
-
it "is not reusable if it is already expired" do
|
36
|
-
allow(subject).to receive(:expired?).and_return(true)
|
37
|
-
expect(subject).not_to be_reusable
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
@@ -1,58 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe "Revocable" do
|
6
|
-
subject do
|
7
|
-
Class.new do
|
8
|
-
include Doorkeeper::Models::Revocable
|
9
|
-
end.new
|
10
|
-
end
|
11
|
-
|
12
|
-
describe :revoke do
|
13
|
-
it "updates :revoked_at attribute with current time" do
|
14
|
-
utc = double utc: double
|
15
|
-
clock = double now: utc
|
16
|
-
expect(subject).to receive(:update_column).with(:revoked_at, clock.now.utc)
|
17
|
-
subject.revoke(clock)
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
describe :revoked? do
|
22
|
-
it "is revoked if :revoked_at has passed" do
|
23
|
-
allow(subject).to receive(:revoked_at).and_return(Time.now.utc - 1000)
|
24
|
-
expect(subject).to be_revoked
|
25
|
-
end
|
26
|
-
|
27
|
-
it "is not revoked if :revoked_at has not passed" do
|
28
|
-
allow(subject).to receive(:revoked_at).and_return(Time.now.utc + 1000)
|
29
|
-
expect(subject).not_to be_revoked
|
30
|
-
end
|
31
|
-
|
32
|
-
it "is not revoked if :revoked_at is not set" do
|
33
|
-
allow(subject).to receive(:revoked_at).and_return(nil)
|
34
|
-
expect(subject).not_to be_revoked
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
describe :revoke_previous_refresh_token! do
|
39
|
-
it "revokes the previous token if exists and resets the `previous_refresh_token` attribute" do
|
40
|
-
previous_token = FactoryBot.create(
|
41
|
-
:access_token,
|
42
|
-
refresh_token: "refresh_token",
|
43
|
-
)
|
44
|
-
current_token = FactoryBot.create(
|
45
|
-
:access_token,
|
46
|
-
previous_refresh_token: previous_token.refresh_token,
|
47
|
-
)
|
48
|
-
|
49
|
-
expect_any_instance_of(
|
50
|
-
Doorkeeper::AccessToken,
|
51
|
-
).to receive(:revoke).and_call_original
|
52
|
-
current_token.revoke_previous_refresh_token!
|
53
|
-
|
54
|
-
expect(current_token.previous_refresh_token).to be_empty
|
55
|
-
expect(previous_token.reload).to be_revoked
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
@@ -1,61 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe "Doorkeeper::Models::Scopes" do
|
6
|
-
subject do
|
7
|
-
Class.new(Struct.new(:scopes)) do
|
8
|
-
include Doorkeeper::Models::Scopes
|
9
|
-
end.new
|
10
|
-
end
|
11
|
-
|
12
|
-
before do
|
13
|
-
subject[:scopes] = "public admin"
|
14
|
-
end
|
15
|
-
|
16
|
-
describe :scopes do
|
17
|
-
it "is a `Scopes` class" do
|
18
|
-
expect(subject.scopes).to be_a(Doorkeeper::OAuth::Scopes)
|
19
|
-
end
|
20
|
-
|
21
|
-
it "includes scopes" do
|
22
|
-
expect(subject.scopes).to include("public")
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
describe :scopes= do
|
27
|
-
it "accepts String" do
|
28
|
-
subject.scopes = "private admin"
|
29
|
-
expect(subject.scopes_string).to eq("private admin")
|
30
|
-
end
|
31
|
-
|
32
|
-
it "accepts Array" do
|
33
|
-
subject.scopes = %w[private admin]
|
34
|
-
expect(subject.scopes_string).to eq("private admin")
|
35
|
-
end
|
36
|
-
|
37
|
-
it "ignores duplicated scopes" do
|
38
|
-
subject.scopes = %w[private admin admin]
|
39
|
-
expect(subject.scopes_string).to eq("private admin")
|
40
|
-
|
41
|
-
subject.scopes = "private admin admin"
|
42
|
-
expect(subject.scopes_string).to eq("private admin")
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
describe :scopes_string do
|
47
|
-
it "is a `Scopes` class" do
|
48
|
-
expect(subject.scopes_string).to eq("public admin")
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
describe :includes_scope? do
|
53
|
-
it "should return true if at least one scope is included" do
|
54
|
-
expect(subject.includes_scope?("public", "private")).to be true
|
55
|
-
end
|
56
|
-
|
57
|
-
it "should return false if no scopes are included" do
|
58
|
-
expect(subject.includes_scope?("teacher", "student")).to be false
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
@@ -1,135 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe "SecretStorable" do
|
6
|
-
let(:clazz) do
|
7
|
-
Class.new do
|
8
|
-
include Doorkeeper::Models::SecretStorable
|
9
|
-
|
10
|
-
def self.find_by(*)
|
11
|
-
raise "stub this"
|
12
|
-
end
|
13
|
-
|
14
|
-
def update_column(*)
|
15
|
-
raise "stub this"
|
16
|
-
end
|
17
|
-
|
18
|
-
def token
|
19
|
-
raise "stub this"
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
let(:strategy) { clazz.secret_strategy }
|
24
|
-
|
25
|
-
describe :find_by_plaintext_token do
|
26
|
-
subject { clazz.send(:find_by_plaintext_token, "attr", "input") }
|
27
|
-
|
28
|
-
it "forwards to the secret_strategy" do
|
29
|
-
expect(strategy)
|
30
|
-
.to receive(:transform_secret)
|
31
|
-
.with("input")
|
32
|
-
.and_return "found"
|
33
|
-
|
34
|
-
expect(clazz)
|
35
|
-
.to receive(:find_by)
|
36
|
-
.with("attr" => "found")
|
37
|
-
.and_return "result"
|
38
|
-
|
39
|
-
expect(subject).to eq "result"
|
40
|
-
end
|
41
|
-
|
42
|
-
it "calls find_by_fallback_token if not found" do
|
43
|
-
expect(clazz)
|
44
|
-
.to receive(:find_by)
|
45
|
-
.with("attr" => "input")
|
46
|
-
.and_return nil
|
47
|
-
|
48
|
-
expect(clazz)
|
49
|
-
.to receive(:find_by_fallback_token)
|
50
|
-
.with("attr", "input")
|
51
|
-
.and_return "fallback"
|
52
|
-
|
53
|
-
expect(subject).to eq "fallback"
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
describe :find_by_fallback_token do
|
58
|
-
subject { clazz.send(:find_by_fallback_token, "attr", "input") }
|
59
|
-
let(:fallback) { double(::Doorkeeper::SecretStoring::Plain) }
|
60
|
-
|
61
|
-
it "returns nil if none defined" do
|
62
|
-
expect(clazz.fallback_secret_strategy).to eq nil
|
63
|
-
expect(subject).to eq nil
|
64
|
-
end
|
65
|
-
|
66
|
-
context "if a fallback strategy is defined" do
|
67
|
-
before do
|
68
|
-
allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
|
69
|
-
end
|
70
|
-
|
71
|
-
context "if a resource is defined" do
|
72
|
-
let(:resource) { double("Token model") }
|
73
|
-
|
74
|
-
it "calls the strategy for lookup" do
|
75
|
-
expect(clazz)
|
76
|
-
.to receive(:find_by)
|
77
|
-
.with("attr" => "fallback")
|
78
|
-
.and_return(resource)
|
79
|
-
|
80
|
-
expect(fallback)
|
81
|
-
.to receive(:transform_secret)
|
82
|
-
.with("input")
|
83
|
-
.and_return("fallback")
|
84
|
-
|
85
|
-
# store_secret will call the resource
|
86
|
-
expect(resource)
|
87
|
-
.to receive(:attr=)
|
88
|
-
.with("new value")
|
89
|
-
|
90
|
-
# It will upgrade the secret automtically using the current strategy
|
91
|
-
expect(strategy)
|
92
|
-
.to receive(:transform_secret)
|
93
|
-
.with("input")
|
94
|
-
.and_return("new value")
|
95
|
-
|
96
|
-
expect(resource).to receive(:update).with("attr" => "new value")
|
97
|
-
expect(subject).to eq resource
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
context "if a resource is not defined" do
|
102
|
-
before do
|
103
|
-
allow(clazz).to receive(:fallback_secret_strategy).and_return(fallback)
|
104
|
-
end
|
105
|
-
|
106
|
-
it "returns nil" do
|
107
|
-
expect(clazz)
|
108
|
-
.to receive(:find_by)
|
109
|
-
.with("attr" => "fallback")
|
110
|
-
.and_return(nil)
|
111
|
-
|
112
|
-
expect(fallback)
|
113
|
-
.to receive(:transform_secret)
|
114
|
-
.with("input")
|
115
|
-
.and_return("fallback")
|
116
|
-
|
117
|
-
# It does not find a token even with the fallback method
|
118
|
-
expect(subject).to be_nil
|
119
|
-
end
|
120
|
-
end
|
121
|
-
end
|
122
|
-
end
|
123
|
-
|
124
|
-
describe :secret_strategy do
|
125
|
-
it "defaults to plain strategy" do
|
126
|
-
expect(strategy).to eq Doorkeeper::SecretStoring::Plain
|
127
|
-
end
|
128
|
-
end
|
129
|
-
|
130
|
-
describe :fallback_secret_strategy do
|
131
|
-
it "defaults to nil" do
|
132
|
-
expect(clazz.fallback_secret_strategy).to eq nil
|
133
|
-
end
|
134
|
-
end
|
135
|
-
end
|
@@ -1,39 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
module Doorkeeper::OAuth::Authorization
|
6
|
-
describe URIBuilder do
|
7
|
-
subject { URIBuilder }
|
8
|
-
|
9
|
-
describe :uri_with_query do
|
10
|
-
it "returns the uri with query" do
|
11
|
-
uri = subject.uri_with_query "http://example.com/", parameter: "value"
|
12
|
-
expect(uri).to eq("http://example.com/?parameter=value")
|
13
|
-
end
|
14
|
-
|
15
|
-
it "rejects nil values" do
|
16
|
-
uri = subject.uri_with_query "http://example.com/", parameter: ""
|
17
|
-
expect(uri).to eq("http://example.com/?")
|
18
|
-
end
|
19
|
-
|
20
|
-
it "preserves original query parameters" do
|
21
|
-
uri = subject.uri_with_query "http://example.com/?query1=value", parameter: "value"
|
22
|
-
expect(uri).to match(/query1=value/)
|
23
|
-
expect(uri).to match(/parameter=value/)
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
describe :uri_with_fragment do
|
28
|
-
it "returns uri with parameters as fragments" do
|
29
|
-
uri = subject.uri_with_fragment "http://example.com/", parameter: "value"
|
30
|
-
expect(uri).to eq("http://example.com/#parameter=value")
|
31
|
-
end
|
32
|
-
|
33
|
-
it "preserves original query parameters" do
|
34
|
-
uri = subject.uri_with_fragment "http://example.com/?query1=value1", parameter: "value"
|
35
|
-
expect(uri).to eq("http://example.com/?query1=value1#parameter=value")
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
@@ -1,180 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper::OAuth::AuthorizationCodeRequest do
|
6
|
-
let(:server) do
|
7
|
-
double :server,
|
8
|
-
access_token_expires_in: 2.days,
|
9
|
-
refresh_token_enabled?: false,
|
10
|
-
custom_access_token_expires_in: lambda { |context|
|
11
|
-
context.grant_type == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil
|
12
|
-
}
|
13
|
-
end
|
14
|
-
|
15
|
-
let(:resource_owner) { FactoryBot.create :resource_owner }
|
16
|
-
let(:grant) do
|
17
|
-
FactoryBot.create :access_grant,
|
18
|
-
resource_owner_id: resource_owner.id,
|
19
|
-
resource_owner_type: resource_owner.class.name
|
20
|
-
end
|
21
|
-
let(:client) { grant.application }
|
22
|
-
let(:redirect_uri) { client.redirect_uri }
|
23
|
-
let(:params) { { redirect_uri: redirect_uri } }
|
24
|
-
|
25
|
-
before do
|
26
|
-
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
27
|
-
end
|
28
|
-
|
29
|
-
subject do
|
30
|
-
described_class.new(server, grant, client, params)
|
31
|
-
end
|
32
|
-
|
33
|
-
it "issues a new token for the client" do
|
34
|
-
expect do
|
35
|
-
subject.authorize
|
36
|
-
end.to change { client.reload.access_tokens.count }.by(1)
|
37
|
-
|
38
|
-
expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(1234)
|
39
|
-
end
|
40
|
-
|
41
|
-
it "issues the token with same grant's scopes" do
|
42
|
-
subject.authorize
|
43
|
-
expect(Doorkeeper::AccessToken.last.scopes).to eq(grant.scopes)
|
44
|
-
end
|
45
|
-
|
46
|
-
it "revokes the grant" do
|
47
|
-
expect { subject.authorize }.to(change { grant.reload.accessible? })
|
48
|
-
end
|
49
|
-
|
50
|
-
it "requires the grant to be accessible" do
|
51
|
-
grant.revoke
|
52
|
-
subject.validate
|
53
|
-
expect(subject.error).to eq(:invalid_grant)
|
54
|
-
end
|
55
|
-
|
56
|
-
it "requires the grant" do
|
57
|
-
subject = described_class.new(server, nil, client, params)
|
58
|
-
subject.validate
|
59
|
-
expect(subject.error).to eq(:invalid_grant)
|
60
|
-
end
|
61
|
-
|
62
|
-
it "requires the client" do
|
63
|
-
subject = described_class.new(server, grant, nil, params)
|
64
|
-
subject.validate
|
65
|
-
expect(subject.error).to eq(:invalid_client)
|
66
|
-
end
|
67
|
-
|
68
|
-
it "requires the redirect_uri" do
|
69
|
-
subject = described_class.new(server, grant, nil, params.except(:redirect_uri))
|
70
|
-
subject.validate
|
71
|
-
expect(subject.error).to eq(:invalid_request)
|
72
|
-
expect(subject.missing_param).to eq(:redirect_uri)
|
73
|
-
end
|
74
|
-
|
75
|
-
it "invalid code_verifier param because server does not support pkce" do
|
76
|
-
allow(Doorkeeper::AccessGrant).to receive(:pkce_supported?).and_return(false)
|
77
|
-
code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
|
78
|
-
subject = described_class.new(server, grant, client, params.merge(code_verifier: code_verifier))
|
79
|
-
subject.validate
|
80
|
-
expect(subject.error).to eq(:invalid_request)
|
81
|
-
expect(subject.invalid_request_reason).to eq(:not_support_pkce)
|
82
|
-
end
|
83
|
-
|
84
|
-
it "matches the redirect_uri with grant's one" do
|
85
|
-
subject = described_class.new(server, grant, client, params.merge(redirect_uri: "http://other.com"))
|
86
|
-
subject.validate
|
87
|
-
expect(subject.error).to eq(:invalid_grant)
|
88
|
-
end
|
89
|
-
|
90
|
-
it "matches the client with grant's one" do
|
91
|
-
other_client = FactoryBot.create :application
|
92
|
-
subject = described_class.new(server, grant, other_client, params)
|
93
|
-
subject.validate
|
94
|
-
expect(subject.error).to eq(:invalid_grant)
|
95
|
-
end
|
96
|
-
|
97
|
-
it "skips token creation if there is a matching one reusable" do
|
98
|
-
scopes = grant.scopes
|
99
|
-
|
100
|
-
Doorkeeper.configure do
|
101
|
-
orm DOORKEEPER_ORM
|
102
|
-
reuse_access_token
|
103
|
-
default_scopes(*scopes)
|
104
|
-
end
|
105
|
-
|
106
|
-
FactoryBot.create(
|
107
|
-
:access_token,
|
108
|
-
application_id: client.id,
|
109
|
-
resource_owner_id: grant.resource_owner_id,
|
110
|
-
resource_owner_type: grant.resource_owner_type,
|
111
|
-
scopes: grant.scopes.to_s,
|
112
|
-
)
|
113
|
-
|
114
|
-
expect { subject.authorize }.to_not(change { Doorkeeper::AccessToken.count })
|
115
|
-
end
|
116
|
-
|
117
|
-
it "creates token if there is a matching one but non reusable" do
|
118
|
-
scopes = grant.scopes
|
119
|
-
|
120
|
-
Doorkeeper.configure do
|
121
|
-
orm DOORKEEPER_ORM
|
122
|
-
reuse_access_token
|
123
|
-
default_scopes(*scopes)
|
124
|
-
end
|
125
|
-
|
126
|
-
FactoryBot.create(
|
127
|
-
:access_token,
|
128
|
-
application_id: client.id,
|
129
|
-
resource_owner_id: grant.resource_owner_id,
|
130
|
-
resource_owner_type: grant.resource_owner_type,
|
131
|
-
scopes: grant.scopes.to_s,
|
132
|
-
)
|
133
|
-
|
134
|
-
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
|
135
|
-
|
136
|
-
expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
|
137
|
-
end
|
138
|
-
|
139
|
-
it "calls configured request callback methods" do
|
140
|
-
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
141
|
-
.to receive(:call).with(subject).once
|
142
|
-
expect(Doorkeeper.configuration.after_successful_strategy_response)
|
143
|
-
.to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
|
144
|
-
|
145
|
-
subject.authorize
|
146
|
-
end
|
147
|
-
|
148
|
-
context "when redirect_uri contains some query params" do
|
149
|
-
let(:redirect_uri) { client.redirect_uri + "?query=q" }
|
150
|
-
|
151
|
-
it "compares only host part with grant's redirect_uri" do
|
152
|
-
subject.validate
|
153
|
-
expect(subject.error).to eq(nil)
|
154
|
-
end
|
155
|
-
end
|
156
|
-
|
157
|
-
context "when redirect_uri is not an URI" do
|
158
|
-
let(:redirect_uri) { "123d#!s" }
|
159
|
-
|
160
|
-
it "responds with invalid_grant" do
|
161
|
-
subject.validate
|
162
|
-
expect(subject.error).to eq(:invalid_grant)
|
163
|
-
end
|
164
|
-
end
|
165
|
-
|
166
|
-
context "when redirect_uri is the native one" do
|
167
|
-
let(:redirect_uri) { "urn:ietf:wg:oauth:2.0:oob" }
|
168
|
-
|
169
|
-
it "invalidates when redirect_uri of the grant is not native" do
|
170
|
-
subject.validate
|
171
|
-
expect(subject.error).to eq(:invalid_grant)
|
172
|
-
end
|
173
|
-
|
174
|
-
it "validates when redirect_uri of the grant is also native" do
|
175
|
-
allow(grant).to receive(:redirect_uri) { redirect_uri }
|
176
|
-
subject.validate
|
177
|
-
expect(subject.error).to eq(nil)
|
178
|
-
end
|
179
|
-
end
|
180
|
-
end
|