doorkeeper 5.4.0.rc1 → 5.5.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +108 -9
- data/README.md +4 -4
- data/app/controllers/doorkeeper/applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +16 -12
- data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
- data/config/locales/en.yml +3 -1
- data/lib/doorkeeper.rb +6 -1
- data/lib/doorkeeper/config.rb +109 -78
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/config/option.rb +1 -3
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/helpers/controller.rb +8 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
- data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
- data/lib/doorkeeper/oauth/base_request.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
- data/lib/doorkeeper/oauth/code_request.rb +2 -2
- data/lib/doorkeeper/oauth/code_response.rb +17 -11
- data/lib/doorkeeper/oauth/error_response.rb +4 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
- data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
- data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
- data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
- data/lib/doorkeeper/oauth/token.rb +4 -5
- data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
- data/lib/doorkeeper/oauth/token_request.rb +1 -1
- data/lib/doorkeeper/orm/active_record.rb +5 -6
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
- data/lib/doorkeeper/rails/routes.rb +1 -3
- data/lib/doorkeeper/rake/db.rake +3 -3
- data/lib/doorkeeper/rake/setup.rake +5 -0
- data/lib/doorkeeper/request.rb +49 -12
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/server.rb +1 -1
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +2 -6
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
- data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
- metadata +25 -306
- data/Appraisals +0 -26
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -30
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -19
- data/gemfiles/rails_5_1.gemfile +0 -19
- data/gemfiles/rails_5_2.gemfile +0 -19
- data/gemfiles/rails_6_0.gemfile +0 -19
- data/gemfiles/rails_master.gemfile +0 -19
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -743
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -499
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -11
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -51
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -70
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -813
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -58
- data/spec/lib/models/scopes_spec.rb +0 -61
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
- data/spec/lib/oauth/base_request_spec.rb +0 -210
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -164
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/option_spec.rb +0 -51
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -102
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
- data/spec/models/doorkeeper/access_token_spec.rb +0 -650
- data/spec/models/doorkeeper/application_spec.rb +0 -442
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
- data/spec/requests/flows/authorization_code_spec.rb +0 -530
- data/spec/requests/flows/client_credentials_spec.rb +0 -207
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -241
- data/spec/requests/flows/revoke_token_spec.rb +0 -196
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -14
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -56
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
describe Doorkeeper::OAuth::Error do
|
|
6
|
-
subject(:error) { described_class.new(:some_error, :some_state) }
|
|
7
|
-
|
|
8
|
-
it { expect(subject).to respond_to(:name) }
|
|
9
|
-
it { expect(subject).to respond_to(:state) }
|
|
10
|
-
|
|
11
|
-
describe "#description" do
|
|
12
|
-
it "is translated from translation messages" do
|
|
13
|
-
expect(I18n).to receive(:translate).with(
|
|
14
|
-
:some_error,
|
|
15
|
-
scope: %i[doorkeeper errors messages],
|
|
16
|
-
default: :server_error,
|
|
17
|
-
)
|
|
18
|
-
error.description
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
describe Doorkeeper::OAuth::ForbiddenTokenResponse do
|
|
6
|
-
describe "#name" do
|
|
7
|
-
it { expect(subject.name).to eq(:invalid_scope) }
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
describe "#status" do
|
|
11
|
-
it { expect(subject.status).to eq(:forbidden) }
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
describe ".from_scopes" do
|
|
15
|
-
it "should have a list of acceptable scopes" do
|
|
16
|
-
response = described_class.from_scopes(["public"])
|
|
17
|
-
expect(response.description).to include("public")
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
end
|
|
@@ -1,110 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
module Doorkeeper::OAuth::Helpers
|
|
6
|
-
describe ScopeChecker, ".valid?" do
|
|
7
|
-
let(:server_scopes) { Doorkeeper::OAuth::Scopes.new }
|
|
8
|
-
|
|
9
|
-
it "is valid if scope is present" do
|
|
10
|
-
server_scopes.add :scope
|
|
11
|
-
expect(ScopeChecker.valid?(scope_str: "scope", server_scopes: server_scopes)).to be_truthy
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
it "is invalid if includes tabs space" do
|
|
15
|
-
expect(ScopeChecker.valid?(scope_str: "\tsomething", server_scopes: server_scopes)).to be_falsey
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
it "is invalid if scope is not present" do
|
|
19
|
-
expect(ScopeChecker.valid?(scope_str: nil, server_scopes: server_scopes)).to be_falsey
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
it "is invalid if scope is blank" do
|
|
23
|
-
expect(ScopeChecker.valid?(scope_str: " ", server_scopes: server_scopes)).to be_falsey
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
it "is invalid if includes return space" do
|
|
27
|
-
expect(ScopeChecker.valid?(scope_str: "scope\r", server_scopes: server_scopes)).to be_falsey
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
it "is invalid if includes new lines" do
|
|
31
|
-
expect(ScopeChecker.valid?(scope_str: "scope\nanother", server_scopes: server_scopes)).to be_falsey
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
it "is invalid if any scope is not included in server scopes" do
|
|
35
|
-
expect(ScopeChecker.valid?(scope_str: "scope another", server_scopes: server_scopes)).to be_falsey
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
context "with application_scopes" do
|
|
39
|
-
let(:server_scopes) do
|
|
40
|
-
Doorkeeper::OAuth::Scopes.from_string "common svr"
|
|
41
|
-
end
|
|
42
|
-
let(:application_scopes) do
|
|
43
|
-
Doorkeeper::OAuth::Scopes.from_string "app123"
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
it "is valid if scope is included in the application scope list" do
|
|
47
|
-
expect(ScopeChecker.valid?(
|
|
48
|
-
scope_str: "app123",
|
|
49
|
-
server_scopes: server_scopes,
|
|
50
|
-
app_scopes: application_scopes,
|
|
51
|
-
)).to be_truthy
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
it "is invalid if any scope is not included in the application" do
|
|
55
|
-
expect(ScopeChecker.valid?(
|
|
56
|
-
scope_str: "svr",
|
|
57
|
-
server_scopes: server_scopes,
|
|
58
|
-
app_scopes: application_scopes,
|
|
59
|
-
)).to be_falsey
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
context "with grant_type" do
|
|
64
|
-
let(:server_scopes) do
|
|
65
|
-
Doorkeeper::OAuth::Scopes.from_string "scope1 scope2"
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
context "with scopes_by_grant_type not configured for grant_type" do
|
|
69
|
-
it "is valid if the scope is in server scopes" do
|
|
70
|
-
expect(ScopeChecker.valid?(
|
|
71
|
-
scope_str: "scope1",
|
|
72
|
-
server_scopes: server_scopes,
|
|
73
|
-
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
74
|
-
)).to be_truthy
|
|
75
|
-
end
|
|
76
|
-
|
|
77
|
-
it "is invalid if the scope is not in server scopes" do
|
|
78
|
-
expect(ScopeChecker.valid?(
|
|
79
|
-
scope_str: "unknown",
|
|
80
|
-
server_scopes: server_scopes,
|
|
81
|
-
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
82
|
-
)).to be_falsey
|
|
83
|
-
end
|
|
84
|
-
end
|
|
85
|
-
|
|
86
|
-
context "when scopes_by_grant_type configured for grant_type" do
|
|
87
|
-
before do
|
|
88
|
-
allow(Doorkeeper.configuration).to receive(:scopes_by_grant_type)
|
|
89
|
-
.and_return(password: [:scope1])
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
it "is valid if the scope is permitted for grant_type" do
|
|
93
|
-
expect(ScopeChecker.valid?(
|
|
94
|
-
scope_str: "scope1",
|
|
95
|
-
server_scopes: server_scopes,
|
|
96
|
-
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
97
|
-
)).to be_truthy
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
it "is invalid if the scope is permitted for grant_type" do
|
|
101
|
-
expect(ScopeChecker.valid?(
|
|
102
|
-
scope_str: "scope2",
|
|
103
|
-
server_scopes: server_scopes,
|
|
104
|
-
grant_type: Doorkeeper::OAuth::PASSWORD,
|
|
105
|
-
)).to be_falsey
|
|
106
|
-
end
|
|
107
|
-
end
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
end
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
module Doorkeeper::OAuth::Helpers
|
|
6
|
-
describe UniqueToken do
|
|
7
|
-
let :generator do
|
|
8
|
-
->(size) { "a" * size }
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
it "is able to customize the generator method" do
|
|
12
|
-
token = UniqueToken.generate(generator: generator)
|
|
13
|
-
expect(token).to eq("a" * 32)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
it "is able to customize the size of the token" do
|
|
17
|
-
token = UniqueToken.generate(generator: generator, size: 2)
|
|
18
|
-
expect(token).to eq("aa")
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
@@ -1,262 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
module Doorkeeper::OAuth::Helpers
|
|
6
|
-
describe URIChecker do
|
|
7
|
-
describe ".valid?" do
|
|
8
|
-
it "is valid for valid uris" do
|
|
9
|
-
uri = "http://app.co"
|
|
10
|
-
expect(URIChecker.valid?(uri)).to be_truthy
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it "is valid if include path param" do
|
|
14
|
-
uri = "http://app.co/path"
|
|
15
|
-
expect(URIChecker.valid?(uri)).to be_truthy
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
it "is valid if include query param" do
|
|
19
|
-
uri = "http://app.co/?query=1"
|
|
20
|
-
expect(URIChecker.valid?(uri)).to be_truthy
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
it "is invalid if uri includes fragment" do
|
|
24
|
-
uri = "http://app.co/test#fragment"
|
|
25
|
-
expect(URIChecker.valid?(uri)).to be_falsey
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
it "is invalid if scheme is missing" do
|
|
29
|
-
uri = "app.co"
|
|
30
|
-
expect(URIChecker.valid?(uri)).to be_falsey
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
it "is invalid if is a relative uri" do
|
|
34
|
-
uri = "/abc/123"
|
|
35
|
-
expect(URIChecker.valid?(uri)).to be_falsey
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
it "is invalid if is not a url" do
|
|
39
|
-
uri = "http://"
|
|
40
|
-
expect(URIChecker.valid?(uri)).to be_falsey
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
it "is invalid if localhost is resolved as as scheme (no scheme specified)" do
|
|
44
|
-
uri = "localhost:8080"
|
|
45
|
-
expect(URIChecker.valid?(uri)).to be_falsey
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
it "is invalid if scheme is missing #2" do
|
|
49
|
-
uri = "app.co:80"
|
|
50
|
-
expect(URIChecker.valid?(uri)).to be_falsey
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
it "is invalid if is not an uri" do
|
|
54
|
-
uri = " "
|
|
55
|
-
expect(URIChecker.valid?(uri)).to be_falsey
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
it "is valid for custom schemes" do
|
|
59
|
-
uri = "com.example.app:/test"
|
|
60
|
-
expect(URIChecker.valid?(uri)).to be_truthy
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
it "is valid for custom schemes with authority marker (common misconfiguration)" do
|
|
64
|
-
uri = "com.example.app://test"
|
|
65
|
-
expect(URIChecker.valid?(uri)).to be_truthy
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
describe ".matches?" do
|
|
70
|
-
it "is true if both url matches" do
|
|
71
|
-
uri = client_uri = "http://app.co/aaa"
|
|
72
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_truthy
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
it "ignores query parameter on comparsion" do
|
|
76
|
-
uri = "http://app.co/?query=hello"
|
|
77
|
-
client_uri = "http://app.co"
|
|
78
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_truthy
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
it "doesn't allow non-matching domains through" do
|
|
82
|
-
uri = "http://app.abc/?query=hello"
|
|
83
|
-
client_uri = "http://app.co"
|
|
84
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_falsey
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
it "doesn't allow non-matching domains that don't start at the beginning" do
|
|
88
|
-
uri = "http://app.co/?query=hello"
|
|
89
|
-
client_uri = "http://example.com?app.co=test"
|
|
90
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_falsey
|
|
91
|
-
end
|
|
92
|
-
|
|
93
|
-
context "loopback IP redirect URIs" do
|
|
94
|
-
it "ignores port for same URIs" do
|
|
95
|
-
uri = "http://127.0.0.1:5555/auth/callback"
|
|
96
|
-
client_uri = "http://127.0.0.1:48599/auth/callback"
|
|
97
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_truthy
|
|
98
|
-
|
|
99
|
-
uri = "http://[::1]:5555/auth/callback"
|
|
100
|
-
client_uri = "http://[::1]:5555/auth/callback"
|
|
101
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_truthy
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
it "doesn't ignore port for URIs with different queries" do
|
|
105
|
-
uri = "http://127.0.0.1:5555/auth/callback"
|
|
106
|
-
client_uri = "http://127.0.0.1:48599/auth/callback2"
|
|
107
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_falsey
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
context "client registered query params" do
|
|
112
|
-
it "doesn't allow query being absent" do
|
|
113
|
-
uri = "http://app.co"
|
|
114
|
-
client_uri = "http://app.co/?vendorId=AJ4L7XXW9"
|
|
115
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_falsey
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
it "is false if query values differ but key same" do
|
|
119
|
-
uri = "http://app.co/?vendorId=pancakes"
|
|
120
|
-
client_uri = "http://app.co/?vendorId=waffles"
|
|
121
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_falsey
|
|
122
|
-
end
|
|
123
|
-
|
|
124
|
-
it "is false if query values same but key differs" do
|
|
125
|
-
uri = "http://app.co/?foo=pancakes"
|
|
126
|
-
client_uri = "http://app.co/?bar=pancakes"
|
|
127
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_falsey
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
it "is false if query present and match, but unknown queries present" do
|
|
131
|
-
uri = "http://app.co/?vendorId=pancakes&unknown=query"
|
|
132
|
-
client_uri = "http://app.co/?vendorId=waffles"
|
|
133
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_falsey
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
it "is true if queries are present and matche" do
|
|
137
|
-
uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
|
|
138
|
-
client_uri = "http://app.co/?vendorId=AJ4L7XXW9&foo=bar"
|
|
139
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_truthy
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
it "is true if queries are present, match and in different order" do
|
|
143
|
-
uri = "http://app.co/?bing=bang&foo=bar"
|
|
144
|
-
client_uri = "http://app.co/?foo=bar&bing=bang"
|
|
145
|
-
expect(URIChecker.matches?(uri, client_uri)).to be_truthy
|
|
146
|
-
end
|
|
147
|
-
end
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
describe ".valid_for_authorization?" do
|
|
151
|
-
it "is true if valid and matches" do
|
|
152
|
-
uri = client_uri = "http://app.co/aaa"
|
|
153
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
154
|
-
|
|
155
|
-
uri = client_uri = "http://app.co/aaa?b=c"
|
|
156
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
157
|
-
end
|
|
158
|
-
|
|
159
|
-
it "is true if uri includes blank query" do
|
|
160
|
-
uri = client_uri = "http://app.co/aaa?"
|
|
161
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
162
|
-
|
|
163
|
-
uri = "http://app.co/aaa?"
|
|
164
|
-
client_uri = "http://app.co/aaa"
|
|
165
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
166
|
-
|
|
167
|
-
uri = "http://app.co/aaa"
|
|
168
|
-
client_uri = "http://app.co/aaa?"
|
|
169
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
it "is false if valid and mismatches" do
|
|
173
|
-
uri = "http://app.co/aaa"
|
|
174
|
-
client_uri = "http://app.co/bbb"
|
|
175
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
|
|
176
|
-
end
|
|
177
|
-
|
|
178
|
-
it "is true if valid and included in array" do
|
|
179
|
-
uri = "http://app.co/aaa"
|
|
180
|
-
client_uri = "http://example.com/bbb\nhttp://app.co/aaa"
|
|
181
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_truthy
|
|
182
|
-
end
|
|
183
|
-
|
|
184
|
-
it "is false if valid and not included in array" do
|
|
185
|
-
uri = "http://app.co/aaa"
|
|
186
|
-
client_uri = "http://example.com/bbb\nhttp://app.co/cc"
|
|
187
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be_falsey
|
|
188
|
-
end
|
|
189
|
-
|
|
190
|
-
it "is false if queries does not match" do
|
|
191
|
-
uri = "http://app.co/aaa?pankcakes=abc"
|
|
192
|
-
client_uri = "http://app.co/aaa?waffles=abc"
|
|
193
|
-
expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false
|
|
194
|
-
end
|
|
195
|
-
|
|
196
|
-
it "calls .matches?" do
|
|
197
|
-
uri = "http://app.co/aaa?pankcakes=abc"
|
|
198
|
-
client_uri = "http://app.co/aaa?waffles=abc"
|
|
199
|
-
expect(URIChecker).to receive(:matches?).with(uri, client_uri).once
|
|
200
|
-
URIChecker.valid_for_authorization?(uri, client_uri)
|
|
201
|
-
end
|
|
202
|
-
|
|
203
|
-
it "calls .valid?" do
|
|
204
|
-
uri = "http://app.co/aaa?pankcakes=abc"
|
|
205
|
-
client_uri = "http://app.co/aaa?waffles=abc"
|
|
206
|
-
expect(URIChecker).to receive(:valid?).with(uri).once
|
|
207
|
-
URIChecker.valid_for_authorization?(uri, client_uri)
|
|
208
|
-
end
|
|
209
|
-
end
|
|
210
|
-
|
|
211
|
-
describe ".query_matches?" do
|
|
212
|
-
it "is true if no queries" do
|
|
213
|
-
expect(URIChecker.query_matches?("", "")).to be_truthy
|
|
214
|
-
expect(URIChecker.query_matches?(nil, nil)).to be_truthy
|
|
215
|
-
end
|
|
216
|
-
|
|
217
|
-
it "is true if same query" do
|
|
218
|
-
expect(URIChecker.query_matches?("foo", "foo")).to be_truthy
|
|
219
|
-
end
|
|
220
|
-
|
|
221
|
-
it "is false if different query" do
|
|
222
|
-
expect(URIChecker.query_matches?("foo", "bar")).to be_falsey
|
|
223
|
-
end
|
|
224
|
-
|
|
225
|
-
it "is true if same queries" do
|
|
226
|
-
expect(URIChecker.query_matches?("foo&bar", "foo&bar")).to be_truthy
|
|
227
|
-
end
|
|
228
|
-
|
|
229
|
-
it "is true if same queries, different order" do
|
|
230
|
-
expect(URIChecker.query_matches?("foo&bar", "bar&foo")).to be_truthy
|
|
231
|
-
end
|
|
232
|
-
|
|
233
|
-
it "is false if one different query" do
|
|
234
|
-
expect(URIChecker.query_matches?("foo&bang", "foo&bing")).to be_falsey
|
|
235
|
-
end
|
|
236
|
-
|
|
237
|
-
it "is true if same query with same value" do
|
|
238
|
-
expect(URIChecker.query_matches?("foo=bar", "foo=bar")).to be_truthy
|
|
239
|
-
end
|
|
240
|
-
|
|
241
|
-
it "is true if same queries with same values" do
|
|
242
|
-
expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=bang")).to be_truthy
|
|
243
|
-
end
|
|
244
|
-
|
|
245
|
-
it "is true if same queries with same values, different order" do
|
|
246
|
-
expect(URIChecker.query_matches?("foo=bar&bing=bang", "bing=bang&foo=bar")).to be_truthy
|
|
247
|
-
end
|
|
248
|
-
|
|
249
|
-
it "is false if same query with different value" do
|
|
250
|
-
expect(URIChecker.query_matches?("foo=bar", "foo=bang")).to be_falsey
|
|
251
|
-
end
|
|
252
|
-
|
|
253
|
-
it "is false if some queries missing" do
|
|
254
|
-
expect(URIChecker.query_matches?("foo=bar", "foo=bar&bing=bang")).to be_falsey
|
|
255
|
-
end
|
|
256
|
-
|
|
257
|
-
it "is false if some queries different value" do
|
|
258
|
-
expect(URIChecker.query_matches?("foo=bar&bing=bang", "foo=bar&bing=banana")).to be_falsey
|
|
259
|
-
end
|
|
260
|
-
end
|
|
261
|
-
end
|
|
262
|
-
end
|
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "spec_helper"
|
|
4
|
-
|
|
5
|
-
describe Doorkeeper::OAuth::InvalidRequestResponse do
|
|
6
|
-
describe "#name" do
|
|
7
|
-
it { expect(subject.name).to eq(:invalid_request) }
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
describe "#status" do
|
|
11
|
-
it { expect(subject.status).to eq(:bad_request) }
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
describe ".from_request" do
|
|
15
|
-
let(:response) { described_class.from_request(request) }
|
|
16
|
-
|
|
17
|
-
context "missing param" do
|
|
18
|
-
let(:request) { double(missing_param: "some_param") }
|
|
19
|
-
|
|
20
|
-
it "sets a description" do
|
|
21
|
-
expect(response.description).to eq(
|
|
22
|
-
I18n.t(:missing_param, scope: %i[doorkeeper errors messages invalid_request], value: "some_param"),
|
|
23
|
-
)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
it "sets the reason" do
|
|
27
|
-
expect(response.reason).to eq(:missing_param)
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
context "server doesn't support_pkce" do
|
|
32
|
-
let(:request) { double(invalid_request_reason: :not_support_pkce) }
|
|
33
|
-
|
|
34
|
-
it "sets a description" do
|
|
35
|
-
expect(response.description).to eq(
|
|
36
|
-
I18n.t(:not_support_pkce, scope: %i[doorkeeper errors messages invalid_request]),
|
|
37
|
-
)
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
it "sets the reason" do
|
|
41
|
-
expect(response.reason).to eq(:not_support_pkce)
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
context "request is not authorized" do
|
|
46
|
-
let(:request) { double(invalid_request_reason: :request_not_authorized) }
|
|
47
|
-
|
|
48
|
-
it "sets a description" do
|
|
49
|
-
expect(response.description).to eq(
|
|
50
|
-
I18n.t(:request_not_authorized, scope: %i[doorkeeper errors messages invalid_request]),
|
|
51
|
-
)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
it "sets the reason" do
|
|
55
|
-
expect(response.reason).to eq(:request_not_authorized)
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
context "unknown reason" do
|
|
60
|
-
let(:request) { double(invalid_request_reason: :unknown_reason) }
|
|
61
|
-
|
|
62
|
-
it "sets a description" do
|
|
63
|
-
expect(response.description).to eq(
|
|
64
|
-
I18n.t(:unknown, scope: %i[doorkeeper errors messages invalid_request]),
|
|
65
|
-
)
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
it "unknown reason" do
|
|
69
|
-
expect(response.reason).to eq(:unknown_reason)
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
end
|