doorkeeper 5.4.0.rc1 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (219) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +108 -9
  3. data/README.md +4 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  7. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  8. data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
  9. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  10. data/app/views/doorkeeper/applications/show.html.erb +16 -12
  11. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  12. data/config/locales/en.yml +3 -1
  13. data/lib/doorkeeper.rb +6 -1
  14. data/lib/doorkeeper/config.rb +109 -78
  15. data/lib/doorkeeper/config/abstract_builder.rb +1 -1
  16. data/lib/doorkeeper/config/option.rb +1 -3
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/engine.rb +1 -1
  19. data/lib/doorkeeper/grant_flow.rb +45 -0
  20. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  21. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  22. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  23. data/lib/doorkeeper/helpers/controller.rb +8 -4
  24. data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
  25. data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
  26. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
  29. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  30. data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
  31. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
  32. data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
  33. data/lib/doorkeeper/oauth/base_request.rb +1 -1
  34. data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
  35. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
  36. data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
  37. data/lib/doorkeeper/oauth/code_request.rb +2 -2
  38. data/lib/doorkeeper/oauth/code_response.rb +17 -11
  39. data/lib/doorkeeper/oauth/error_response.rb +4 -3
  40. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
  41. data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
  42. data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
  43. data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
  44. data/lib/doorkeeper/oauth/token.rb +4 -5
  45. data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
  46. data/lib/doorkeeper/oauth/token_request.rb +1 -1
  47. data/lib/doorkeeper/orm/active_record.rb +5 -6
  48. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
  49. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
  50. data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
  51. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
  52. data/lib/doorkeeper/rails/routes.rb +1 -3
  53. data/lib/doorkeeper/rake/db.rake +3 -3
  54. data/lib/doorkeeper/rake/setup.rake +5 -0
  55. data/lib/doorkeeper/request.rb +49 -12
  56. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  57. data/lib/doorkeeper/server.rb +1 -1
  58. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  59. data/lib/doorkeeper/version.rb +2 -6
  60. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
  61. data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
  62. data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
  63. metadata +25 -306
  64. data/Appraisals +0 -26
  65. data/CODE_OF_CONDUCT.md +0 -46
  66. data/CONTRIBUTING.md +0 -49
  67. data/Dangerfile +0 -67
  68. data/Dockerfile +0 -29
  69. data/Gemfile +0 -25
  70. data/NEWS.md +0 -1
  71. data/RELEASING.md +0 -11
  72. data/Rakefile +0 -28
  73. data/SECURITY.md +0 -15
  74. data/UPGRADE.md +0 -2
  75. data/bin/console +0 -30
  76. data/doorkeeper.gemspec +0 -42
  77. data/gemfiles/rails_5_0.gemfile +0 -19
  78. data/gemfiles/rails_5_1.gemfile +0 -19
  79. data/gemfiles/rails_5_2.gemfile +0 -19
  80. data/gemfiles/rails_6_0.gemfile +0 -19
  81. data/gemfiles/rails_master.gemfile +0 -19
  82. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  83. data/spec/controllers/applications_controller_spec.rb +0 -274
  84. data/spec/controllers/authorizations_controller_spec.rb +0 -743
  85. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  86. data/spec/controllers/token_info_controller_spec.rb +0 -50
  87. data/spec/controllers/tokens_controller_spec.rb +0 -499
  88. data/spec/dummy/Rakefile +0 -9
  89. data/spec/dummy/app/assets/config/manifest.js +0 -2
  90. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  91. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  92. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  93. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  94. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  95. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  96. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  97. data/spec/dummy/app/models/user.rb +0 -11
  98. data/spec/dummy/app/views/home/index.html.erb +0 -0
  99. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  100. data/spec/dummy/config.ru +0 -6
  101. data/spec/dummy/config/application.rb +0 -51
  102. data/spec/dummy/config/boot.rb +0 -7
  103. data/spec/dummy/config/database.yml +0 -15
  104. data/spec/dummy/config/environment.rb +0 -5
  105. data/spec/dummy/config/environments/development.rb +0 -31
  106. data/spec/dummy/config/environments/production.rb +0 -64
  107. data/spec/dummy/config/environments/test.rb +0 -45
  108. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  109. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  110. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  111. data/spec/dummy/config/initializers/session_store.rb +0 -10
  112. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  113. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  114. data/spec/dummy/config/routes.rb +0 -13
  115. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  116. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  117. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  118. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  119. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  120. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  121. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  122. data/spec/dummy/db/schema.rb +0 -70
  123. data/spec/dummy/public/404.html +0 -26
  124. data/spec/dummy/public/422.html +0 -26
  125. data/spec/dummy/public/500.html +0 -26
  126. data/spec/dummy/public/favicon.ico +0 -0
  127. data/spec/dummy/script/rails +0 -9
  128. data/spec/factories.rb +0 -30
  129. data/spec/generators/application_owner_generator_spec.rb +0 -28
  130. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  131. data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
  132. data/spec/generators/install_generator_spec.rb +0 -36
  133. data/spec/generators/migration_generator_spec.rb +0 -28
  134. data/spec/generators/pkce_generator_spec.rb +0 -28
  135. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  136. data/spec/generators/templates/routes.rb +0 -4
  137. data/spec/generators/views_generator_spec.rb +0 -29
  138. data/spec/grape/grape_integration_spec.rb +0 -137
  139. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  140. data/spec/lib/config_spec.rb +0 -813
  141. data/spec/lib/doorkeeper_spec.rb +0 -27
  142. data/spec/lib/models/expirable_spec.rb +0 -61
  143. data/spec/lib/models/reusable_spec.rb +0 -40
  144. data/spec/lib/models/revocable_spec.rb +0 -58
  145. data/spec/lib/models/scopes_spec.rb +0 -61
  146. data/spec/lib/models/secret_storable_spec.rb +0 -135
  147. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  148. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
  149. data/spec/lib/oauth/base_request_spec.rb +0 -210
  150. data/spec/lib/oauth/base_response_spec.rb +0 -45
  151. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  152. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
  153. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
  154. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
  155. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  156. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
  157. data/spec/lib/oauth/client_spec.rb +0 -38
  158. data/spec/lib/oauth/code_request_spec.rb +0 -46
  159. data/spec/lib/oauth/code_response_spec.rb +0 -36
  160. data/spec/lib/oauth/error_response_spec.rb +0 -64
  161. data/spec/lib/oauth/error_spec.rb +0 -21
  162. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  163. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  164. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  165. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  166. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  167. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  168. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
  169. data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
  170. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  171. data/spec/lib/oauth/scopes_spec.rb +0 -146
  172. data/spec/lib/oauth/token_request_spec.rb +0 -164
  173. data/spec/lib/oauth/token_response_spec.rb +0 -84
  174. data/spec/lib/oauth/token_spec.rb +0 -156
  175. data/spec/lib/option_spec.rb +0 -51
  176. data/spec/lib/request/strategy_spec.rb +0 -54
  177. data/spec/lib/secret_storing/base_spec.rb +0 -60
  178. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  179. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  180. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  181. data/spec/lib/server_spec.rb +0 -49
  182. data/spec/lib/stale_records_cleaner_spec.rb +0 -102
  183. data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
  184. data/spec/models/doorkeeper/access_token_spec.rb +0 -650
  185. data/spec/models/doorkeeper/application_spec.rb +0 -442
  186. data/spec/requests/applications/applications_request_spec.rb +0 -259
  187. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  188. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  189. data/spec/requests/endpoints/token_spec.rb +0 -79
  190. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
  191. data/spec/requests/flows/authorization_code_spec.rb +0 -530
  192. data/spec/requests/flows/client_credentials_spec.rb +0 -207
  193. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  194. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  195. data/spec/requests/flows/password_spec.rb +0 -316
  196. data/spec/requests/flows/refresh_token_spec.rb +0 -241
  197. data/spec/requests/flows/revoke_token_spec.rb +0 -196
  198. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  199. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  200. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  201. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  202. data/spec/routing/default_routes_spec.rb +0 -41
  203. data/spec/routing/scoped_routes_spec.rb +0 -47
  204. data/spec/spec_helper.rb +0 -54
  205. data/spec/spec_helper_integration.rb +0 -4
  206. data/spec/support/dependencies/factory_bot.rb +0 -4
  207. data/spec/support/doorkeeper_rspec.rb +0 -22
  208. data/spec/support/helpers/access_token_request_helper.rb +0 -14
  209. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  210. data/spec/support/helpers/config_helper.rb +0 -11
  211. data/spec/support/helpers/model_helper.rb +0 -78
  212. data/spec/support/helpers/request_spec_helper.rb +0 -110
  213. data/spec/support/helpers/url_helper.rb +0 -62
  214. data/spec/support/orm/active_record.rb +0 -5
  215. data/spec/support/shared/controllers_shared_context.rb +0 -133
  216. data/spec/support/shared/hashing_shared_context.rb +0 -36
  217. data/spec/support/shared/models_shared_examples.rb +0 -56
  218. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  219. data/spec/version/version_spec.rb +0 -17
@@ -1,110 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ClientCredentials::Issuer do
6
- let(:creator) { double :access_token_creator }
7
- let(:server) do
8
- double(
9
- :server,
10
- access_token_expires_in: 100,
11
- )
12
- end
13
- let(:validator) { double :validator, valid?: true }
14
-
15
- before do
16
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
17
- end
18
-
19
- subject { described_class.new(server, validator) }
20
-
21
- describe "#create" do
22
- let(:client) { double :client, id: "some-id" }
23
- let(:scopes) { "some scope" }
24
-
25
- it "creates and sets the token" do
26
- expect(creator).to receive(:call).and_return("token")
27
- subject.create client, scopes, creator
28
-
29
- expect(subject.token).to eq("token")
30
- end
31
-
32
- it "creates with correct token parameters" do
33
- expect(creator).to receive(:call).with(
34
- client,
35
- scopes,
36
- expires_in: 100,
37
- use_refresh_token: false,
38
- )
39
-
40
- subject.create client, scopes, creator
41
- end
42
-
43
- it "has error set to :server_error if creator fails" do
44
- expect(creator).to receive(:call).and_return(false)
45
- subject.create client, scopes, creator
46
-
47
- expect(subject.error).to eq(:server_error)
48
- end
49
-
50
- context "when validator fails" do
51
- before do
52
- allow(validator).to receive(:valid?).and_return(false)
53
- allow(validator).to receive(:error).and_return(:validation_error)
54
- expect(creator).not_to receive(:create)
55
- end
56
-
57
- it "has error set from validator" do
58
- subject.create client, scopes, creator
59
- expect(subject.error).to eq(:validation_error)
60
- end
61
-
62
- it "returns false" do
63
- expect(subject.create(client, scopes, creator)).to be_falsey
64
- end
65
- end
66
-
67
- context "with custom expiration" do
68
- let(:custom_ttl_grant) { 1234 }
69
- let(:custom_ttl_scope) { 1235 }
70
- let(:custom_scope) { "special" }
71
- let(:server) do
72
- double(
73
- :server,
74
- custom_access_token_expires_in: lambda { |context|
75
- # scopes is normally an object but is a string in this test
76
- if context.scopes == custom_scope
77
- custom_ttl_scope
78
- elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS
79
- custom_ttl_grant
80
- end
81
- },
82
- )
83
- end
84
-
85
- before do
86
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
87
- end
88
-
89
- it "respects grant based rules" do
90
- expect(creator).to receive(:call).with(
91
- client,
92
- scopes,
93
- expires_in: custom_ttl_grant,
94
- use_refresh_token: false,
95
- )
96
- subject.create client, scopes, creator
97
- end
98
-
99
- it "respects scope based rules" do
100
- expect(creator).to receive(:call).with(
101
- client,
102
- custom_scope,
103
- expires_in: custom_ttl_scope,
104
- use_refresh_token: false,
105
- )
106
- subject.create client, custom_scope, creator
107
- end
108
- end
109
- end
110
- end
@@ -1,57 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ClientCredentials::Validator do
6
- let(:server) { double :server, scopes: nil }
7
- let(:application) { double scopes: nil }
8
- let(:client) { double application: application }
9
- let(:request) { double :request, client: client, scopes: nil }
10
-
11
- subject { described_class.new(server, request) }
12
-
13
- it "is valid with valid request" do
14
- expect(subject).to be_valid
15
- end
16
-
17
- it "is invalid when client is not present" do
18
- allow(request).to receive(:client).and_return(nil)
19
- expect(subject).not_to be_valid
20
- end
21
-
22
- context "with scopes" do
23
- it "is invalid when scopes are not included in the server" do
24
- server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"
25
- allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
26
- allow(server).to receive(:scopes).and_return(server_scopes)
27
- allow(request).to receive(:scopes).and_return(
28
- Doorkeeper::OAuth::Scopes.from_string("invalid"),
29
- )
30
- expect(subject).not_to be_valid
31
- end
32
-
33
- context "with application scopes" do
34
- it "is valid when scopes are included in the application" do
35
- application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
36
- server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
37
- allow(application).to receive(:scopes).and_return(application_scopes)
38
- allow(server).to receive(:scopes).and_return(server_scopes)
39
- allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
40
- allow(request).to receive(:scopes).and_return(application_scopes)
41
- expect(subject).to be_valid
42
- end
43
-
44
- it "is invalid when scopes are not included in the application" do
45
- application_scopes = Doorkeeper::OAuth::Scopes.from_string "app"
46
- server_scopes = Doorkeeper::OAuth::Scopes.from_string "email app"
47
- allow(application).to receive(:scopes).and_return(application_scopes)
48
- allow(request).to receive(:grant_type).and_return(Doorkeeper::OAuth::CLIENT_CREDENTIALS)
49
- allow(server).to receive(:scopes).and_return(server_scopes)
50
- allow(request).to receive(:scopes).and_return(
51
- Doorkeeper::OAuth::Scopes.from_string("email"),
52
- )
53
- expect(subject).not_to be_valid
54
- end
55
- end
56
- end
57
- end
@@ -1,27 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ClientCredentialsRequest do
6
- let(:server) { Doorkeeper.configuration }
7
-
8
- context "with a valid request" do
9
- let(:client) { FactoryBot.create :application }
10
-
11
- it "issues an access token" do
12
- request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, {})
13
- expect do
14
- request.authorize
15
- end.to change { Doorkeeper::AccessToken.count }.by(1)
16
- end
17
- end
18
-
19
- describe "with an invalid request" do
20
- it "does not issue an access token" do
21
- request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, nil, {})
22
- expect do
23
- request.authorize
24
- end.to_not(change { Doorkeeper::AccessToken.count })
25
- end
26
- end
27
- end
@@ -1,108 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ClientCredentialsRequest do
6
- let(:server) do
7
- double(
8
- default_scopes: nil,
9
- access_token_expires_in: 2.hours,
10
- custom_access_token_expires_in: ->(_context) { nil },
11
- )
12
- end
13
-
14
- let(:application) { FactoryBot.create(:application, scopes: "") }
15
- let(:client) { double :client, application: application, scopes: "" }
16
- let(:token_creator) { double :issuer, create: true, token: double }
17
-
18
- before do
19
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
20
- end
21
-
22
- subject { Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client) }
23
-
24
- before do
25
- allow(subject).to receive(:issuer).and_return(token_creator)
26
- end
27
-
28
- it "issues an access token for the current client" do
29
- expect(token_creator).to receive(:create).with(client, nil)
30
- subject.authorize
31
- end
32
-
33
- it "has successful response when issue was created" do
34
- subject.authorize
35
- expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
36
- end
37
-
38
- context "if issue was not created" do
39
- before do
40
- issuer = double create: false, error: :invalid
41
- allow(subject).to receive(:issuer).and_return(issuer)
42
- end
43
-
44
- it "has an error response" do
45
- subject.authorize
46
- expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
47
- end
48
-
49
- it "delegates the error to issuer" do
50
- subject.authorize
51
- expect(subject.error).to eq(:invalid)
52
- end
53
- end
54
-
55
- context "with scopes" do
56
- let(:default_scopes) { Doorkeeper::OAuth::Scopes.from_string("public email") }
57
-
58
- before do
59
- allow(server).to receive(:default_scopes).and_return(default_scopes)
60
- end
61
-
62
- it "issues an access token with default scopes if none was requested" do
63
- expect(token_creator).to receive(:create).with(client, default_scopes)
64
- subject.authorize
65
- end
66
-
67
- it "issues an access token with requested scopes" do
68
- subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "email")
69
- allow(subject).to receive(:issuer).and_return(token_creator)
70
- expect(token_creator).to receive(:create).with(client, Doorkeeper::OAuth::Scopes.from_string("email"))
71
- subject.authorize
72
- end
73
- end
74
-
75
- context "with restricted client" do
76
- let(:default_scopes) do
77
- Doorkeeper::OAuth::Scopes.from_string("public email")
78
- end
79
- let(:server_scopes) do
80
- Doorkeeper::OAuth::Scopes.from_string("public email phone")
81
- end
82
- let(:client_scopes) do
83
- Doorkeeper::OAuth::Scopes.from_string("public phone")
84
- end
85
-
86
- before do
87
- allow(server).to receive(:default_scopes).and_return(default_scopes)
88
- allow(server).to receive(:scopes).and_return(server_scopes)
89
- allow(server).to receive(:access_token_expires_in).and_return(100)
90
- allow(application).to receive(:scopes).and_return(client_scopes)
91
- allow(client).to receive(:id).and_return(nil)
92
- end
93
-
94
- it "delegates the error to issuer if no scope was requested" do
95
- subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client)
96
- subject.authorize
97
- expect(subject.response).to be_a(Doorkeeper::OAuth::ErrorResponse)
98
- expect(subject.error).to eq(:invalid_scope)
99
- end
100
-
101
- it "issues an access token with requested scopes" do
102
- subject = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, scope: "phone")
103
- subject.authorize
104
- expect(subject.response).to be_a(Doorkeeper::OAuth::TokenResponse)
105
- expect(subject.response.token.scopes_string).to eq("phone")
106
- end
107
- end
108
- end
@@ -1,38 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::Client do
6
- describe :find do
7
- let(:method) { double }
8
-
9
- it "finds the client via uid" do
10
- client = double
11
- expect(method).to receive(:call).with("uid").and_return(client)
12
- expect(Doorkeeper::OAuth::Client.find("uid", method))
13
- .to be_a(Doorkeeper::OAuth::Client)
14
- end
15
-
16
- it "returns nil if client was not found" do
17
- expect(method).to receive(:call).with("uid").and_return(nil)
18
- expect(Doorkeeper::OAuth::Client.find("uid", method)).to be_nil
19
- end
20
- end
21
-
22
- describe ".authenticate" do
23
- it "returns the authenticated client via credentials" do
24
- credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
25
- authenticator = double
26
- expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(double)
27
- expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator))
28
- .to be_a(Doorkeeper::OAuth::Client)
29
- end
30
-
31
- it "returns nil if client was not authenticated" do
32
- credentials = Doorkeeper::OAuth::Client::Credentials.new("some-uid", "some-secret")
33
- authenticator = double
34
- expect(authenticator).to receive(:call).with("some-uid", "some-secret").and_return(nil)
35
- expect(Doorkeeper::OAuth::Client.authenticate(credentials, authenticator)).to be_nil
36
- end
37
- end
38
- end
@@ -1,46 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::CodeRequest do
6
- let(:pre_auth) do
7
- server = Doorkeeper.configuration
8
- allow(server)
9
- .to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
10
- allow(server)
11
- .to receive(:grant_flows).and_return(Doorkeeper::OAuth::Scopes.from_string("authorization_code"))
12
-
13
- application = FactoryBot.create(:application, scopes: "public")
14
- client = Doorkeeper::OAuth::Client.new(application)
15
-
16
- attributes = {
17
- client_id: client.uid,
18
- response_type: "code",
19
- redirect_uri: "https://app.com/callback",
20
- }
21
-
22
- pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
23
- pre_auth.authorizable?
24
- pre_auth
25
- end
26
-
27
- let(:owner) { FactoryBot.create(:resource_owner) }
28
-
29
- subject do
30
- described_class.new(pre_auth, owner)
31
- end
32
-
33
- context "when pre_auth is authorized" do
34
- it "creates an access grant and returns a code response" do
35
- expect { subject.authorize }.to change { Doorkeeper::AccessGrant.count }.by(1)
36
- expect(subject.authorize).to be_a(Doorkeeper::OAuth::CodeResponse)
37
- end
38
- end
39
-
40
- context "when pre_auth is denied" do
41
- it "does not create access grant and returns a error response" do
42
- expect { subject.deny }.not_to(change { Doorkeeper::AccessGrant.count })
43
- expect(subject.deny).to be_a(Doorkeeper::OAuth::ErrorResponse)
44
- end
45
- end
46
- end
@@ -1,36 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::CodeResponse do
6
- describe "#redirect_uri" do
7
- context "when generating the redirect URI for an implicit grant" do
8
- let :pre_auth do
9
- double(
10
- :pre_auth,
11
- client: double(:application, id: 1),
12
- redirect_uri: "http://tst.com/cb",
13
- state: nil,
14
- scopes: Doorkeeper::OAuth::Scopes.from_string("public"),
15
- )
16
- end
17
-
18
- let :owner do
19
- FactoryBot.create(:resource_owner)
20
- end
21
-
22
- let :auth do
23
- Doorkeeper::OAuth::Authorization::Token.new(pre_auth, owner).tap do |c|
24
- c.issue_token
25
- allow(c.token).to receive(:expires_in_seconds).and_return(3600)
26
- end
27
- end
28
-
29
- subject { described_class.new(pre_auth, auth, response_on_fragment: true).redirect_uri }
30
-
31
- it "includes the remaining TTL of the token relative to the time the token was generated" do
32
- expect(subject).to include("expires_in=3600")
33
- end
34
- end
35
- end
36
- end
@@ -1,64 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::ErrorResponse do
6
- describe "#status" do
7
- it "should have a status of bad_request" do
8
- expect(subject.status).to eq(:bad_request)
9
- end
10
-
11
- it "should have a status of unauthorized for an invalid_client error" do
12
- subject = described_class.new(name: :invalid_client)
13
-
14
- expect(subject.status).to eq(:unauthorized)
15
- end
16
- end
17
-
18
- describe ".from_request" do
19
- it "has the error from request" do
20
- error = described_class.from_request double(error: :some_error)
21
- expect(error.name).to eq(:some_error)
22
- end
23
-
24
- it "ignores state if request does not respond to state" do
25
- error = described_class.from_request double(error: :some_error)
26
- expect(error.state).to be_nil
27
- end
28
-
29
- it "has state if request responds to state" do
30
- error = described_class.from_request double(error: :some_error, state: :hello)
31
- expect(error.state).to eq(:hello)
32
- end
33
- end
34
-
35
- it "ignores empty error values" do
36
- subject = described_class.new(error: :some_error, state: nil)
37
- expect(subject.body).not_to have_key(:state)
38
- end
39
-
40
- describe ".body" do
41
- subject { described_class.new(name: :some_error, state: :some_state).body }
42
-
43
- describe "#body" do
44
- it { expect(subject).to have_key(:error) }
45
- it { expect(subject).to have_key(:error_description) }
46
- it { expect(subject).to have_key(:state) }
47
- end
48
- end
49
-
50
- describe ".headers" do
51
- let(:error_response) { described_class.new(name: :some_error, state: :some_state) }
52
- subject { error_response.headers }
53
-
54
- it { expect(subject).to include "WWW-Authenticate" }
55
-
56
- describe "WWW-Authenticate header" do
57
- subject { error_response.headers["WWW-Authenticate"] }
58
-
59
- it { expect(subject).to include("realm=\"#{error_response.send(:realm)}\"") }
60
- it { expect(subject).to include("error=\"#{error_response.name}\"") }
61
- it { expect(subject).to include("error_description=\"#{error_response.description}\"") }
62
- end
63
- end
64
- end