doorkeeper 5.4.0.rc1 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (219) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +108 -9
  3. data/README.md +4 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  7. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  8. data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
  9. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  10. data/app/views/doorkeeper/applications/show.html.erb +16 -12
  11. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  12. data/config/locales/en.yml +3 -1
  13. data/lib/doorkeeper.rb +6 -1
  14. data/lib/doorkeeper/config.rb +109 -78
  15. data/lib/doorkeeper/config/abstract_builder.rb +1 -1
  16. data/lib/doorkeeper/config/option.rb +1 -3
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/engine.rb +1 -1
  19. data/lib/doorkeeper/grant_flow.rb +45 -0
  20. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  21. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  22. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  23. data/lib/doorkeeper/helpers/controller.rb +8 -4
  24. data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
  25. data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
  26. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
  29. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  30. data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
  31. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
  32. data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
  33. data/lib/doorkeeper/oauth/base_request.rb +1 -1
  34. data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
  35. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
  36. data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
  37. data/lib/doorkeeper/oauth/code_request.rb +2 -2
  38. data/lib/doorkeeper/oauth/code_response.rb +17 -11
  39. data/lib/doorkeeper/oauth/error_response.rb +4 -3
  40. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
  41. data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
  42. data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
  43. data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
  44. data/lib/doorkeeper/oauth/token.rb +4 -5
  45. data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
  46. data/lib/doorkeeper/oauth/token_request.rb +1 -1
  47. data/lib/doorkeeper/orm/active_record.rb +5 -6
  48. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
  49. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
  50. data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
  51. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
  52. data/lib/doorkeeper/rails/routes.rb +1 -3
  53. data/lib/doorkeeper/rake/db.rake +3 -3
  54. data/lib/doorkeeper/rake/setup.rake +5 -0
  55. data/lib/doorkeeper/request.rb +49 -12
  56. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  57. data/lib/doorkeeper/server.rb +1 -1
  58. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  59. data/lib/doorkeeper/version.rb +2 -6
  60. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
  61. data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
  62. data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
  63. metadata +25 -306
  64. data/Appraisals +0 -26
  65. data/CODE_OF_CONDUCT.md +0 -46
  66. data/CONTRIBUTING.md +0 -49
  67. data/Dangerfile +0 -67
  68. data/Dockerfile +0 -29
  69. data/Gemfile +0 -25
  70. data/NEWS.md +0 -1
  71. data/RELEASING.md +0 -11
  72. data/Rakefile +0 -28
  73. data/SECURITY.md +0 -15
  74. data/UPGRADE.md +0 -2
  75. data/bin/console +0 -30
  76. data/doorkeeper.gemspec +0 -42
  77. data/gemfiles/rails_5_0.gemfile +0 -19
  78. data/gemfiles/rails_5_1.gemfile +0 -19
  79. data/gemfiles/rails_5_2.gemfile +0 -19
  80. data/gemfiles/rails_6_0.gemfile +0 -19
  81. data/gemfiles/rails_master.gemfile +0 -19
  82. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  83. data/spec/controllers/applications_controller_spec.rb +0 -274
  84. data/spec/controllers/authorizations_controller_spec.rb +0 -743
  85. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  86. data/spec/controllers/token_info_controller_spec.rb +0 -50
  87. data/spec/controllers/tokens_controller_spec.rb +0 -499
  88. data/spec/dummy/Rakefile +0 -9
  89. data/spec/dummy/app/assets/config/manifest.js +0 -2
  90. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  91. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  92. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  93. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  94. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  95. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  96. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  97. data/spec/dummy/app/models/user.rb +0 -11
  98. data/spec/dummy/app/views/home/index.html.erb +0 -0
  99. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  100. data/spec/dummy/config.ru +0 -6
  101. data/spec/dummy/config/application.rb +0 -51
  102. data/spec/dummy/config/boot.rb +0 -7
  103. data/spec/dummy/config/database.yml +0 -15
  104. data/spec/dummy/config/environment.rb +0 -5
  105. data/spec/dummy/config/environments/development.rb +0 -31
  106. data/spec/dummy/config/environments/production.rb +0 -64
  107. data/spec/dummy/config/environments/test.rb +0 -45
  108. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  109. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  110. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  111. data/spec/dummy/config/initializers/session_store.rb +0 -10
  112. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  113. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  114. data/spec/dummy/config/routes.rb +0 -13
  115. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  116. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  117. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  118. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  119. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  120. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  121. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  122. data/spec/dummy/db/schema.rb +0 -70
  123. data/spec/dummy/public/404.html +0 -26
  124. data/spec/dummy/public/422.html +0 -26
  125. data/spec/dummy/public/500.html +0 -26
  126. data/spec/dummy/public/favicon.ico +0 -0
  127. data/spec/dummy/script/rails +0 -9
  128. data/spec/factories.rb +0 -30
  129. data/spec/generators/application_owner_generator_spec.rb +0 -28
  130. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  131. data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
  132. data/spec/generators/install_generator_spec.rb +0 -36
  133. data/spec/generators/migration_generator_spec.rb +0 -28
  134. data/spec/generators/pkce_generator_spec.rb +0 -28
  135. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  136. data/spec/generators/templates/routes.rb +0 -4
  137. data/spec/generators/views_generator_spec.rb +0 -29
  138. data/spec/grape/grape_integration_spec.rb +0 -137
  139. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  140. data/spec/lib/config_spec.rb +0 -813
  141. data/spec/lib/doorkeeper_spec.rb +0 -27
  142. data/spec/lib/models/expirable_spec.rb +0 -61
  143. data/spec/lib/models/reusable_spec.rb +0 -40
  144. data/spec/lib/models/revocable_spec.rb +0 -58
  145. data/spec/lib/models/scopes_spec.rb +0 -61
  146. data/spec/lib/models/secret_storable_spec.rb +0 -135
  147. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  148. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
  149. data/spec/lib/oauth/base_request_spec.rb +0 -210
  150. data/spec/lib/oauth/base_response_spec.rb +0 -45
  151. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  152. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
  153. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
  154. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
  155. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  156. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
  157. data/spec/lib/oauth/client_spec.rb +0 -38
  158. data/spec/lib/oauth/code_request_spec.rb +0 -46
  159. data/spec/lib/oauth/code_response_spec.rb +0 -36
  160. data/spec/lib/oauth/error_response_spec.rb +0 -64
  161. data/spec/lib/oauth/error_spec.rb +0 -21
  162. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  163. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  164. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  165. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  166. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  167. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  168. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
  169. data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
  170. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  171. data/spec/lib/oauth/scopes_spec.rb +0 -146
  172. data/spec/lib/oauth/token_request_spec.rb +0 -164
  173. data/spec/lib/oauth/token_response_spec.rb +0 -84
  174. data/spec/lib/oauth/token_spec.rb +0 -156
  175. data/spec/lib/option_spec.rb +0 -51
  176. data/spec/lib/request/strategy_spec.rb +0 -54
  177. data/spec/lib/secret_storing/base_spec.rb +0 -60
  178. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  179. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  180. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  181. data/spec/lib/server_spec.rb +0 -49
  182. data/spec/lib/stale_records_cleaner_spec.rb +0 -102
  183. data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
  184. data/spec/models/doorkeeper/access_token_spec.rb +0 -650
  185. data/spec/models/doorkeeper/application_spec.rb +0 -442
  186. data/spec/requests/applications/applications_request_spec.rb +0 -259
  187. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  188. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  189. data/spec/requests/endpoints/token_spec.rb +0 -79
  190. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
  191. data/spec/requests/flows/authorization_code_spec.rb +0 -530
  192. data/spec/requests/flows/client_credentials_spec.rb +0 -207
  193. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  194. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  195. data/spec/requests/flows/password_spec.rb +0 -316
  196. data/spec/requests/flows/refresh_token_spec.rb +0 -241
  197. data/spec/requests/flows/revoke_token_spec.rb +0 -196
  198. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  199. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  200. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  201. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  202. data/spec/routing/default_routes_spec.rb +0 -41
  203. data/spec/routing/scoped_routes_spec.rb +0 -47
  204. data/spec/spec_helper.rb +0 -54
  205. data/spec/spec_helper_integration.rb +0 -4
  206. data/spec/support/dependencies/factory_bot.rb +0 -4
  207. data/spec/support/doorkeeper_rspec.rb +0 -22
  208. data/spec/support/helpers/access_token_request_helper.rb +0 -14
  209. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  210. data/spec/support/helpers/config_helper.rb +0 -11
  211. data/spec/support/helpers/model_helper.rb +0 -78
  212. data/spec/support/helpers/request_spec_helper.rb +0 -110
  213. data/spec/support/helpers/url_helper.rb +0 -62
  214. data/spec/support/orm/active_record.rb +0 -5
  215. data/spec/support/shared/controllers_shared_context.rb +0 -133
  216. data/spec/support/shared/hashing_shared_context.rb +0 -36
  217. data/spec/support/shared/models_shared_examples.rb +0 -56
  218. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  219. data/spec/version/version_spec.rb +0 -17
@@ -1,210 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::BaseRequest do
6
- let(:access_token) do
7
- double :access_token,
8
- plaintext_token: "some-token",
9
- expires_in: "3600",
10
- expires_in_seconds: "300",
11
- scopes_string: "two scopes",
12
- plaintext_refresh_token: "some-refresh-token",
13
- token_type: "bearer",
14
- created_at: 0
15
- end
16
-
17
- let(:client) { double :client, id: "1" }
18
-
19
- let(:scopes_array) { %w[public write] }
20
-
21
- let(:server) do
22
- double :server,
23
- access_token_expires_in: 100,
24
- custom_access_token_expires_in: ->(_context) { nil },
25
- refresh_token_enabled?: false
26
- end
27
-
28
- before do
29
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
30
- end
31
-
32
- subject do
33
- described_class.new
34
- end
35
-
36
- describe "#authorize" do
37
- before do
38
- allow(subject).to receive(:access_token).and_return(access_token)
39
- end
40
-
41
- it "validates itself" do
42
- expect(subject).to receive(:validate).once
43
- subject.authorize
44
- end
45
-
46
- context "valid" do
47
- before do
48
- allow(subject).to receive(:valid?).and_return(true)
49
- end
50
-
51
- it "calls callback methods" do
52
- expect(subject).to receive(:before_successful_response).once
53
- expect(subject).to receive(:after_successful_response).once
54
- subject.authorize
55
- end
56
-
57
- it "returns a TokenResponse object" do
58
- result = subject.authorize
59
-
60
- expect(result).to be_an_instance_of(Doorkeeper::OAuth::TokenResponse)
61
- expect(result.body).to eq(
62
- Doorkeeper::OAuth::TokenResponse.new(access_token).body,
63
- )
64
- end
65
- end
66
-
67
- context "invalid" do
68
- context "with error other than invalid_request" do
69
- before do
70
- allow(subject).to receive(:valid?).and_return(false)
71
- allow(subject).to receive(:error).and_return(:server_error)
72
- allow(subject).to receive(:state).and_return("hello")
73
- end
74
-
75
- it "returns an ErrorResponse object" do
76
- result = subject.authorize
77
-
78
- expect(result).to be_an_instance_of(Doorkeeper::OAuth::ErrorResponse)
79
-
80
- expect(result.body).to eq(
81
- error: :server_error,
82
- error_description: translated_error_message(:server_error),
83
- state: "hello",
84
- )
85
- end
86
- end
87
-
88
- context "with invalid_request error" do
89
- before do
90
- allow(subject).to receive(:valid?).and_return(false)
91
- allow(subject).to receive(:error).and_return(:invalid_request)
92
- allow(subject).to receive(:state).and_return("hello")
93
- end
94
-
95
- it "returns an InvalidRequestResponse object" do
96
- result = subject.authorize
97
-
98
- expect(result).to be_an_instance_of(Doorkeeper::OAuth::InvalidRequestResponse)
99
-
100
- expect(result.body).to eq(
101
- error: :invalid_request,
102
- error_description: translated_invalid_request_error_message(:unknown, :unknown),
103
- state: "hello",
104
- )
105
- end
106
- end
107
- end
108
- end
109
-
110
- describe "#default_scopes" do
111
- it "delegates to the server" do
112
- expect(subject).to receive(:server).and_return(server).once
113
- expect(server).to receive(:default_scopes).once
114
-
115
- subject.default_scopes
116
- end
117
- end
118
-
119
- describe "#find_or_create_access_token" do
120
- let(:resource_owner) { FactoryBot.build_stubbed(:resource_owner) }
121
-
122
- it "returns an instance of AccessToken" do
123
- result = subject.find_or_create_access_token(
124
- client,
125
- resource_owner,
126
- "public",
127
- server,
128
- )
129
-
130
- expect(result).to be_an_instance_of(Doorkeeper::AccessToken)
131
- end
132
-
133
- it "respects custom_access_token_expires_in" do
134
- server = double(
135
- :server,
136
- access_token_expires_in: 100,
137
- custom_access_token_expires_in: ->(context) { context.scopes == "public" ? 500 : nil },
138
- refresh_token_enabled?: false,
139
- )
140
-
141
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
142
-
143
- result = subject.find_or_create_access_token(
144
- client,
145
- resource_owner,
146
- "public",
147
- server,
148
- )
149
- expect(result.expires_in).to eql(500)
150
- end
151
-
152
- it "respects use_refresh_token with a block" do
153
- server = double(
154
- :server,
155
- access_token_expires_in: 100,
156
- custom_access_token_expires_in: ->(_context) { nil },
157
- refresh_token_enabled?: lambda { |context|
158
- context.scopes == "public"
159
- },
160
- )
161
-
162
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
163
-
164
- result = subject.find_or_create_access_token(
165
- client,
166
- resource_owner,
167
- "public",
168
- server,
169
- )
170
- expect(result.refresh_token).to_not be_nil
171
-
172
- result = subject.find_or_create_access_token(
173
- client,
174
- resource_owner,
175
- "private",
176
- server,
177
- )
178
- expect(result.refresh_token).to be_nil
179
- end
180
- end
181
-
182
- describe "#scopes" do
183
- context "@original_scopes is present" do
184
- before do
185
- subject.instance_variable_set(:@original_scopes, "public write")
186
- end
187
-
188
- it "returns array of @original_scopes" do
189
- result = subject.scopes
190
-
191
- expect(result).to eq(scopes_array)
192
- end
193
- end
194
-
195
- context "@original_scopes is not present" do
196
- before do
197
- subject.instance_variable_set(:@original_scopes, "")
198
- end
199
-
200
- it "calls #default_scopes" do
201
- allow(subject).to receive(:server).and_return(server).once
202
- allow(server).to receive(:default_scopes).and_return(scopes_array).once
203
-
204
- result = subject.scopes
205
-
206
- expect(result).to eq(scopes_array)
207
- end
208
- end
209
- end
210
- end
@@ -1,45 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::BaseResponse do
6
- subject do
7
- Doorkeeper::OAuth::BaseResponse.new
8
- end
9
-
10
- describe "#body" do
11
- it "returns an empty Hash" do
12
- expect(subject.body).to eq({})
13
- end
14
- end
15
-
16
- describe "#description" do
17
- it "returns an empty String" do
18
- expect(subject.description).to eq("")
19
- end
20
- end
21
-
22
- describe "#headers" do
23
- it "returns an empty Hash" do
24
- expect(subject.headers).to eq({})
25
- end
26
- end
27
-
28
- describe "#redirectable?" do
29
- it "returns false" do
30
- expect(subject.redirectable?).to eq(false)
31
- end
32
- end
33
-
34
- describe "#redirect_uri" do
35
- it "returns an empty String" do
36
- expect(subject.redirect_uri).to eq("")
37
- end
38
- end
39
-
40
- describe "#status" do
41
- it "returns :ok" do
42
- expect(subject.status).to eq(:ok)
43
- end
44
- end
45
- end
@@ -1,90 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- class Doorkeeper::OAuth::Client
6
- describe Credentials do
7
- let(:client_id) { "some-uid" }
8
- let(:client_secret) { "some-secret" }
9
-
10
- it "is blank when the uid in credentials is blank" do
11
- expect(Credentials.new(nil, nil)).to be_blank
12
- expect(Credentials.new(nil, "something")).to be_blank
13
- expect(Credentials.new("something", nil)).to be_present
14
- expect(Credentials.new("something", "something")).to be_present
15
- end
16
-
17
- describe ".from_request" do
18
- let(:request) { double.as_null_object }
19
-
20
- let(:method) do
21
- ->(_request) { %w[uid secret] }
22
- end
23
-
24
- it "accepts anything that responds to #call" do
25
- expect(method).to receive(:call).with(request)
26
- Credentials.from_request request, method
27
- end
28
-
29
- it "delegates methods received as symbols to Credentials class" do
30
- expect(Credentials).to receive(:from_params).with(request)
31
- Credentials.from_request request, :from_params
32
- end
33
-
34
- it "stops at the first credentials found" do
35
- not_called_method = double
36
- expect(not_called_method).not_to receive(:call)
37
- Credentials.from_request request, ->(_) {}, method, not_called_method
38
- end
39
-
40
- it "returns new Credentials" do
41
- credentials = Credentials.from_request request, method
42
- expect(credentials).to be_a(Credentials)
43
- end
44
-
45
- it "returns uid and secret from extractor method" do
46
- credentials = Credentials.from_request request, method
47
- expect(credentials.uid).to eq("uid")
48
- expect(credentials.secret).to eq("secret")
49
- end
50
- end
51
-
52
- describe :from_params do
53
- it "returns credentials from parameters when Authorization header is not available" do
54
- request = double parameters: { client_id: client_id, client_secret: client_secret }
55
- uid, secret = Credentials.from_params(request)
56
-
57
- expect(uid).to eq("some-uid")
58
- expect(secret).to eq("some-secret")
59
- end
60
-
61
- it "is blank when there are no credentials" do
62
- request = double parameters: {}
63
- uid, secret = Credentials.from_params(request)
64
-
65
- expect(uid).to be_blank
66
- expect(secret).to be_blank
67
- end
68
- end
69
-
70
- describe :from_basic do
71
- let(:credentials) { Base64.encode64("#{client_id}:#{client_secret}") }
72
-
73
- it "decodes the credentials" do
74
- request = double authorization: "Basic #{credentials}"
75
- uid, secret = Credentials.from_basic(request)
76
-
77
- expect(uid).to eq("some-uid")
78
- expect(secret).to eq("some-secret")
79
- end
80
-
81
- it "is blank if Authorization is not Basic" do
82
- request = double authorization: credentials.to_s
83
- uid, secret = Credentials.from_basic(request)
84
-
85
- expect(uid).to be_blank
86
- expect(secret).to be_blank
87
- end
88
- end
89
- end
90
- end
@@ -1,135 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ClientCredentials::Creator do
6
- let(:client) { FactoryBot.create :application }
7
- let(:scopes) { Doorkeeper::OAuth::Scopes.from_string("public") }
8
-
9
- before do
10
- default_scopes_exist :public
11
- end
12
-
13
- it "creates a new token" do
14
- expect do
15
- subject.call(client, scopes)
16
- end.to change { Doorkeeper::AccessToken.count }.by(1)
17
- end
18
-
19
- context "when reuse_access_token is true" do
20
- before do
21
- allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(true)
22
- end
23
-
24
- context "when expiration is disabled" do
25
- it "returns the existing valid token" do
26
- existing_token = subject.call(client, scopes)
27
-
28
- result = subject.call(client, scopes)
29
-
30
- expect(Doorkeeper::AccessToken.count).to eq(1)
31
- expect(result).to eq(existing_token)
32
- end
33
- end
34
-
35
- context "when existing token has not crossed token_reuse_limit" do
36
- let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
37
-
38
- before do
39
- allow(Doorkeeper.config).to receive(:token_reuse_limit).and_return(50)
40
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(600)
41
- end
42
-
43
- it "returns the existing valid token" do
44
- result = subject.call(client, scopes, expires_in: 1000)
45
-
46
- expect(Doorkeeper::AccessToken.count).to eq(1)
47
- expect(result).to eq(existing_token)
48
- end
49
-
50
- context "and when revoke_previous_client_credentials_token is false" do
51
- before do
52
- allow(Doorkeeper.config).to receive(:revoke_previous_client_credentials_token).and_return(false)
53
- end
54
-
55
- it "does not revoke the existing valid token" do
56
- subject.call(client, scopes, expires_in: 1000)
57
- expect(existing_token.reload).not_to be_revoked
58
- end
59
- end
60
- end
61
-
62
- context "when existing token has crossed token_reuse_limit" do
63
- it "returns a new token" do
64
- allow(Doorkeeper.config).to receive(:token_reuse_limit).and_return(50)
65
- existing_token = subject.call(client, scopes, expires_in: 1000)
66
-
67
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expires_in_seconds).and_return(400)
68
- result = subject.call(client, scopes, expires_in: 1000)
69
-
70
- expect(Doorkeeper::AccessToken.count).to eq(2)
71
- expect(result).not_to eq(existing_token)
72
- end
73
- end
74
-
75
- context "when existing token has been expired" do
76
- it "returns a new token" do
77
- allow(Doorkeeper.configuration).to receive(:token_reuse_limit).and_return(50)
78
- existing_token = subject.call(client, scopes, expires_in: 1000)
79
-
80
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:expired?).and_return(true)
81
- result = subject.call(client, scopes, expires_in: 1000)
82
-
83
- expect(Doorkeeper::AccessToken.count).to eq(2)
84
- expect(result).not_to eq(existing_token)
85
- end
86
- end
87
- end
88
-
89
- context "when reuse_access_token is false" do
90
- before do
91
- allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(false)
92
- end
93
-
94
- it "returns a new token" do
95
- existing_token = subject.call(client, scopes)
96
-
97
- result = subject.call(client, scopes)
98
-
99
- expect(Doorkeeper::AccessToken.count).to eq(2)
100
- expect(result).not_to eq(existing_token)
101
- end
102
- end
103
-
104
- context "when revoke_previous_client_credentials_token is true" do
105
- let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
106
-
107
- before do
108
- allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(true)
109
- end
110
-
111
- it "revokes the existing token" do
112
- subject.call(client, scopes, expires_in: 1000)
113
- expect(existing_token.reload).to be_revoked
114
- end
115
- end
116
-
117
- context "when revoke_previous_client_credentials_token is false" do
118
- let!(:existing_token) { subject.call(client, scopes, expires_in: 1000) }
119
-
120
- before do
121
- allow(Doorkeeper.configuration).to receive(:revoke_previous_client_credentials_token).and_return(false)
122
- end
123
-
124
- it "does not revoke the existing token" do
125
- subject.call(client, scopes, expires_in: 1000)
126
- expect(existing_token.reload).not_to be_revoked
127
- end
128
- end
129
-
130
- it "returns false if creation fails" do
131
- expect(Doorkeeper::AccessToken).to receive(:find_or_create_for).and_return(false)
132
- created = subject.call(client, scopes)
133
- expect(created).to be_falsey
134
- end
135
- end