doorkeeper 5.4.0.rc1 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (219) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +108 -9
  3. data/README.md +4 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  7. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  8. data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
  9. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  10. data/app/views/doorkeeper/applications/show.html.erb +16 -12
  11. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  12. data/config/locales/en.yml +3 -1
  13. data/lib/doorkeeper.rb +6 -1
  14. data/lib/doorkeeper/config.rb +109 -78
  15. data/lib/doorkeeper/config/abstract_builder.rb +1 -1
  16. data/lib/doorkeeper/config/option.rb +1 -3
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/engine.rb +1 -1
  19. data/lib/doorkeeper/grant_flow.rb +45 -0
  20. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  21. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  22. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  23. data/lib/doorkeeper/helpers/controller.rb +8 -4
  24. data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
  25. data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
  26. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
  29. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  30. data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
  31. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
  32. data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
  33. data/lib/doorkeeper/oauth/base_request.rb +1 -1
  34. data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
  35. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
  36. data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
  37. data/lib/doorkeeper/oauth/code_request.rb +2 -2
  38. data/lib/doorkeeper/oauth/code_response.rb +17 -11
  39. data/lib/doorkeeper/oauth/error_response.rb +4 -3
  40. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
  41. data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
  42. data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
  43. data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
  44. data/lib/doorkeeper/oauth/token.rb +4 -5
  45. data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
  46. data/lib/doorkeeper/oauth/token_request.rb +1 -1
  47. data/lib/doorkeeper/orm/active_record.rb +5 -6
  48. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
  49. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
  50. data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
  51. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
  52. data/lib/doorkeeper/rails/routes.rb +1 -3
  53. data/lib/doorkeeper/rake/db.rake +3 -3
  54. data/lib/doorkeeper/rake/setup.rake +5 -0
  55. data/lib/doorkeeper/request.rb +49 -12
  56. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  57. data/lib/doorkeeper/server.rb +1 -1
  58. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  59. data/lib/doorkeeper/version.rb +2 -6
  60. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
  61. data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
  62. data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
  63. metadata +25 -306
  64. data/Appraisals +0 -26
  65. data/CODE_OF_CONDUCT.md +0 -46
  66. data/CONTRIBUTING.md +0 -49
  67. data/Dangerfile +0 -67
  68. data/Dockerfile +0 -29
  69. data/Gemfile +0 -25
  70. data/NEWS.md +0 -1
  71. data/RELEASING.md +0 -11
  72. data/Rakefile +0 -28
  73. data/SECURITY.md +0 -15
  74. data/UPGRADE.md +0 -2
  75. data/bin/console +0 -30
  76. data/doorkeeper.gemspec +0 -42
  77. data/gemfiles/rails_5_0.gemfile +0 -19
  78. data/gemfiles/rails_5_1.gemfile +0 -19
  79. data/gemfiles/rails_5_2.gemfile +0 -19
  80. data/gemfiles/rails_6_0.gemfile +0 -19
  81. data/gemfiles/rails_master.gemfile +0 -19
  82. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  83. data/spec/controllers/applications_controller_spec.rb +0 -274
  84. data/spec/controllers/authorizations_controller_spec.rb +0 -743
  85. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  86. data/spec/controllers/token_info_controller_spec.rb +0 -50
  87. data/spec/controllers/tokens_controller_spec.rb +0 -499
  88. data/spec/dummy/Rakefile +0 -9
  89. data/spec/dummy/app/assets/config/manifest.js +0 -2
  90. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  91. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  92. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  93. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  94. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  95. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  96. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  97. data/spec/dummy/app/models/user.rb +0 -11
  98. data/spec/dummy/app/views/home/index.html.erb +0 -0
  99. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  100. data/spec/dummy/config.ru +0 -6
  101. data/spec/dummy/config/application.rb +0 -51
  102. data/spec/dummy/config/boot.rb +0 -7
  103. data/spec/dummy/config/database.yml +0 -15
  104. data/spec/dummy/config/environment.rb +0 -5
  105. data/spec/dummy/config/environments/development.rb +0 -31
  106. data/spec/dummy/config/environments/production.rb +0 -64
  107. data/spec/dummy/config/environments/test.rb +0 -45
  108. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  109. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  110. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  111. data/spec/dummy/config/initializers/session_store.rb +0 -10
  112. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  113. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  114. data/spec/dummy/config/routes.rb +0 -13
  115. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  116. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  117. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  118. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  119. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  120. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  121. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  122. data/spec/dummy/db/schema.rb +0 -70
  123. data/spec/dummy/public/404.html +0 -26
  124. data/spec/dummy/public/422.html +0 -26
  125. data/spec/dummy/public/500.html +0 -26
  126. data/spec/dummy/public/favicon.ico +0 -0
  127. data/spec/dummy/script/rails +0 -9
  128. data/spec/factories.rb +0 -30
  129. data/spec/generators/application_owner_generator_spec.rb +0 -28
  130. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  131. data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
  132. data/spec/generators/install_generator_spec.rb +0 -36
  133. data/spec/generators/migration_generator_spec.rb +0 -28
  134. data/spec/generators/pkce_generator_spec.rb +0 -28
  135. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  136. data/spec/generators/templates/routes.rb +0 -4
  137. data/spec/generators/views_generator_spec.rb +0 -29
  138. data/spec/grape/grape_integration_spec.rb +0 -137
  139. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  140. data/spec/lib/config_spec.rb +0 -813
  141. data/spec/lib/doorkeeper_spec.rb +0 -27
  142. data/spec/lib/models/expirable_spec.rb +0 -61
  143. data/spec/lib/models/reusable_spec.rb +0 -40
  144. data/spec/lib/models/revocable_spec.rb +0 -58
  145. data/spec/lib/models/scopes_spec.rb +0 -61
  146. data/spec/lib/models/secret_storable_spec.rb +0 -135
  147. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  148. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
  149. data/spec/lib/oauth/base_request_spec.rb +0 -210
  150. data/spec/lib/oauth/base_response_spec.rb +0 -45
  151. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  152. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
  153. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
  154. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
  155. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  156. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
  157. data/spec/lib/oauth/client_spec.rb +0 -38
  158. data/spec/lib/oauth/code_request_spec.rb +0 -46
  159. data/spec/lib/oauth/code_response_spec.rb +0 -36
  160. data/spec/lib/oauth/error_response_spec.rb +0 -64
  161. data/spec/lib/oauth/error_spec.rb +0 -21
  162. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  163. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  164. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  165. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  166. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  167. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  168. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
  169. data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
  170. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  171. data/spec/lib/oauth/scopes_spec.rb +0 -146
  172. data/spec/lib/oauth/token_request_spec.rb +0 -164
  173. data/spec/lib/oauth/token_response_spec.rb +0 -84
  174. data/spec/lib/oauth/token_spec.rb +0 -156
  175. data/spec/lib/option_spec.rb +0 -51
  176. data/spec/lib/request/strategy_spec.rb +0 -54
  177. data/spec/lib/secret_storing/base_spec.rb +0 -60
  178. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  179. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  180. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  181. data/spec/lib/server_spec.rb +0 -49
  182. data/spec/lib/stale_records_cleaner_spec.rb +0 -102
  183. data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
  184. data/spec/models/doorkeeper/access_token_spec.rb +0 -650
  185. data/spec/models/doorkeeper/application_spec.rb +0 -442
  186. data/spec/requests/applications/applications_request_spec.rb +0 -259
  187. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  188. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  189. data/spec/requests/endpoints/token_spec.rb +0 -79
  190. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
  191. data/spec/requests/flows/authorization_code_spec.rb +0 -530
  192. data/spec/requests/flows/client_credentials_spec.rb +0 -207
  193. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  194. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  195. data/spec/requests/flows/password_spec.rb +0 -316
  196. data/spec/requests/flows/refresh_token_spec.rb +0 -241
  197. data/spec/requests/flows/revoke_token_spec.rb +0 -196
  198. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  199. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  200. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  201. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  202. data/spec/routing/default_routes_spec.rb +0 -41
  203. data/spec/routing/scoped_routes_spec.rb +0 -47
  204. data/spec/spec_helper.rb +0 -54
  205. data/spec/spec_helper_integration.rb +0 -4
  206. data/spec/support/dependencies/factory_bot.rb +0 -4
  207. data/spec/support/doorkeeper_rspec.rb +0 -22
  208. data/spec/support/helpers/access_token_request_helper.rb +0 -14
  209. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  210. data/spec/support/helpers/config_helper.rb +0 -11
  211. data/spec/support/helpers/model_helper.rb +0 -78
  212. data/spec/support/helpers/request_spec_helper.rb +0 -110
  213. data/spec/support/helpers/url_helper.rb +0 -62
  214. data/spec/support/orm/active_record.rb +0 -5
  215. data/spec/support/shared/controllers_shared_context.rb +0 -133
  216. data/spec/support/shared/hashing_shared_context.rb +0 -36
  217. data/spec/support/shared/models_shared_examples.rb +0 -56
  218. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  219. data/spec/version/version_spec.rb +0 -17
@@ -1,166 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::RefreshTokenRequest do
6
- let(:server) do
7
- double :server, access_token_expires_in: 2.minutes
8
- end
9
-
10
- let(:refresh_token) do
11
- FactoryBot.create(:access_token, use_refresh_token: true)
12
- end
13
-
14
- let(:client) { refresh_token.application }
15
- let(:credentials) { Doorkeeper::OAuth::Client::Credentials.new(client.uid, client.secret) }
16
-
17
- before do
18
- allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
19
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
20
- end
21
-
22
- subject { described_class.new(server, refresh_token, credentials) }
23
-
24
- it "issues a new token for the client" do
25
- expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
26
- # #sort_by used for MongoDB ORM extensions for valid ordering
27
- expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(refresh_token.expires_in)
28
- end
29
-
30
- it "issues a new token for the client with the same expiry as of original token" do
31
- allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
32
- allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
33
-
34
- described_class.new(server, refresh_token, credentials).authorize
35
-
36
- # #sort_by used for MongoDB ORM extensions for valid ordering
37
- expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(refresh_token.expires_in)
38
- end
39
-
40
- it "revokes the previous token" do
41
- expect { subject.authorize }.to change { refresh_token.revoked? }.from(false).to(true)
42
- end
43
-
44
- it "calls configured request callback methods" do
45
- expect(Doorkeeper.configuration.before_successful_strategy_response)
46
- .to receive(:call).with(subject).once
47
-
48
- expect(Doorkeeper.configuration.after_successful_strategy_response)
49
- .to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
50
-
51
- subject.authorize
52
- end
53
-
54
- it "requires the refresh token" do
55
- request = described_class.new(server, nil, credentials)
56
- request.validate
57
- expect(request.error).to eq(:invalid_request)
58
- expect(request.missing_param).to eq(:refresh_token)
59
- end
60
-
61
- it "requires credentials to be valid if provided" do
62
- credentials = Doorkeeper::OAuth::Client::Credentials.new("invalid", "invalid")
63
- request = described_class.new(server, refresh_token, credentials)
64
- request.validate
65
- expect(request.error).to eq(:invalid_client)
66
- end
67
-
68
- it "requires the token's client and current client to match" do
69
- other_app = FactoryBot.create(:application)
70
- credentials = Doorkeeper::OAuth::Client::Credentials.new(other_app.uid, other_app.secret)
71
-
72
- request = described_class.new(server, refresh_token, credentials)
73
- request.validate
74
- expect(request.error).to eq(:invalid_grant)
75
- end
76
-
77
- it "rejects revoked tokens" do
78
- refresh_token.revoke
79
- subject.validate
80
- expect(subject.error).to eq(:invalid_grant)
81
- end
82
-
83
- it "accepts expired tokens" do
84
- refresh_token.expires_in = -1
85
- refresh_token.save
86
- subject.validate
87
- expect(subject).to be_valid
88
- end
89
-
90
- context "refresh tokens expire on access token use" do
91
- before do
92
- allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(true)
93
- end
94
-
95
- it "issues a new token for the client" do
96
- expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
97
- end
98
-
99
- it "does not revoke the previous token" do
100
- subject.authorize
101
- expect(refresh_token).not_to be_revoked
102
- end
103
-
104
- it "sets the previous refresh token in the new access token" do
105
- subject.authorize
106
- expect(
107
- # #sort_by used for MongoDB ORM extensions for valid ordering
108
- client.access_tokens.max_by(&:created_at).previous_refresh_token,
109
- ).to eq(refresh_token.refresh_token)
110
- end
111
- end
112
-
113
- context "clientless access tokens" do
114
- let!(:refresh_token) { FactoryBot.create(:clientless_access_token, use_refresh_token: true) }
115
-
116
- subject { described_class.new server, refresh_token, nil }
117
-
118
- it "issues a new token without a client" do
119
- expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
120
- end
121
- end
122
-
123
- context "with scopes" do
124
- let(:refresh_token) do
125
- FactoryBot.create :access_token,
126
- use_refresh_token: true,
127
- scopes: "public write"
128
- end
129
- let(:parameters) { {} }
130
-
131
- subject { described_class.new server, refresh_token, credentials, parameters }
132
-
133
- it "transfers scopes from the old token to the new token" do
134
- subject.authorize
135
- expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public write])
136
- end
137
-
138
- it "reduces scopes to the provided scopes" do
139
- parameters[:scopes] = "public"
140
- subject.authorize
141
- expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public])
142
- end
143
-
144
- it "validates that scopes are included in the original access token" do
145
- parameters[:scopes] = "public update"
146
-
147
- subject.validate
148
- expect(subject.error).to eq(:invalid_scope)
149
- end
150
-
151
- it "uses params[:scope] in favor of scopes if present (valid)" do
152
- parameters[:scopes] = "public update"
153
- parameters[:scope] = "public"
154
- subject.authorize
155
- expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public])
156
- end
157
-
158
- it "uses params[:scope] in favor of scopes if present (invalid)" do
159
- parameters[:scopes] = "public"
160
- parameters[:scope] = "public update"
161
-
162
- subject.validate
163
- expect(subject.error).to eq(:invalid_scope)
164
- end
165
- end
166
- end
@@ -1,146 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::Scopes do
6
- describe "#add" do
7
- it "allows you to add scopes with symbols" do
8
- subject.add :public
9
- expect(subject.all).to eq(["public"])
10
- end
11
-
12
- it "allows you to add scopes with strings" do
13
- subject.add "public"
14
- expect(subject.all).to eq(["public"])
15
- end
16
-
17
- it "do not add already included scopes" do
18
- subject.add :public
19
- subject.add :public
20
- expect(subject.all).to eq(["public"])
21
- end
22
- end
23
-
24
- describe "#exists" do
25
- before do
26
- subject.add :public
27
- end
28
-
29
- it "returns true if scope with given name is present" do
30
- expect(subject.exists?("public")).to be_truthy
31
- end
32
-
33
- it "returns false if scope with given name does not exist" do
34
- expect(subject.exists?("other")).to be_falsey
35
- end
36
-
37
- it "handles symbols" do
38
- expect(subject.exists?(:public)).to be_truthy
39
- expect(subject.exists?(:other)).to be_falsey
40
- end
41
- end
42
-
43
- describe ".from_string" do
44
- let(:string) { "public write" }
45
-
46
- subject { described_class.from_string(string) }
47
-
48
- it { expect(subject).to be_a(described_class) }
49
-
50
- describe "#all" do
51
- it "should be an array of the expected scopes" do
52
- scopes_array = subject.all
53
- expect(scopes_array.size).to eq(2)
54
- expect(scopes_array).to include("public")
55
- expect(scopes_array).to include("write")
56
- end
57
- end
58
- end
59
-
60
- describe "#+" do
61
- it "can add to another scope object" do
62
- scopes = described_class.from_string("public") + described_class.from_string("admin")
63
- expect(scopes.all).to eq(%w[public admin])
64
- end
65
-
66
- it "does not change the existing object" do
67
- origin = described_class.from_string("public")
68
- expect(origin.to_s).to eq("public")
69
- end
70
-
71
- it "can add an array to a scope object" do
72
- scopes = described_class.from_string("public") + ["admin"]
73
- expect(scopes.all).to eq(%w[public admin])
74
- end
75
-
76
- it "raises an error if cannot handle addition" do
77
- expect do
78
- described_class.from_string("public") + "admin"
79
- end.to raise_error(NoMethodError)
80
- end
81
- end
82
-
83
- describe "#&" do
84
- it "can get intersection with another scope object" do
85
- scopes = described_class.from_string("public admin") & described_class.from_string("write admin")
86
- expect(scopes.all).to eq(%w[admin])
87
- end
88
-
89
- it "does not change the existing object" do
90
- origin = described_class.from_string("public admin")
91
- origin & described_class.from_string("write admin")
92
- expect(origin.to_s).to eq("public admin")
93
- end
94
-
95
- it "can get intersection with an array" do
96
- scopes = described_class.from_string("public admin") & %w[write admin]
97
- expect(scopes.all).to eq(%w[admin])
98
- end
99
- end
100
-
101
- describe "#==" do
102
- it "is equal to another set of scopes" do
103
- expect(described_class.from_string("public")).to eq(described_class.from_string("public"))
104
- end
105
-
106
- it "is equal to another set of scopes with no particular order" do
107
- expect(described_class.from_string("public write")).to eq(described_class.from_string("write public"))
108
- end
109
-
110
- it "differs from another set of scopes when scopes are not the same" do
111
- expect(described_class.from_string("public write")).not_to eq(described_class.from_string("write"))
112
- end
113
-
114
- it "does not raise an error when compared to a non-enumerable object" do
115
- expect { described_class.from_string("public") == false }.not_to raise_error
116
- end
117
- end
118
-
119
- describe "#has_scopes?" do
120
- subject { described_class.from_string("public admin") }
121
-
122
- it "returns true when at least one scope is included" do
123
- expect(subject.has_scopes?(described_class.from_string("public"))).to be_truthy
124
- end
125
-
126
- it "returns true when all scopes are included" do
127
- expect(subject.has_scopes?(described_class.from_string("public admin"))).to be_truthy
128
- end
129
-
130
- it "is true if all scopes are included in any order" do
131
- expect(subject.has_scopes?(described_class.from_string("admin public"))).to be_truthy
132
- end
133
-
134
- it "is false if no scopes are included" do
135
- expect(subject.has_scopes?(described_class.from_string("notexistent"))).to be_falsey
136
- end
137
-
138
- it "returns false when any scope is not included" do
139
- expect(subject.has_scopes?(described_class.from_string("public nope"))).to be_falsey
140
- end
141
-
142
- it "is false if no scopes are included even for existing ones" do
143
- expect(subject.has_scopes?(described_class.from_string("public admin notexistent"))).to be_falsey
144
- end
145
- end
146
- end
@@ -1,164 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::OAuth::TokenRequest do
6
- let :application do
7
- FactoryBot.create(:application, scopes: "public")
8
- end
9
-
10
- let :pre_auth do
11
- server = Doorkeeper.config
12
- allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
13
- allow(server).to receive(:grant_flows).and_return(Doorkeeper::OAuth::Scopes.from_string("implicit"))
14
-
15
- client = Doorkeeper::OAuth::Client.new(application)
16
-
17
- attributes = {
18
- client_id: client.uid,
19
- response_type: "token",
20
- redirect_uri: "https://app.com/callback",
21
- }
22
-
23
- pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
24
- pre_auth.authorizable?
25
- pre_auth
26
- end
27
-
28
- let :owner do
29
- FactoryBot.create(:doorkeeper_testing_user)
30
- end
31
-
32
- subject do
33
- described_class.new(pre_auth, owner)
34
- end
35
-
36
- it "creates an access token" do
37
- expect do
38
- subject.authorize
39
- end.to change { Doorkeeper::AccessToken.count }.by(1)
40
- end
41
-
42
- it "returns a code response" do
43
- expect(subject.authorize).to be_a(Doorkeeper::OAuth::CodeResponse)
44
- end
45
-
46
- context "when pre_auth is denied" do
47
- it "does not create token and returns a error response" do
48
- expect { subject.deny }.not_to(change { Doorkeeper::AccessToken.count })
49
- expect(subject.deny).to be_a(Doorkeeper::OAuth::ErrorResponse)
50
- end
51
- end
52
-
53
- describe "with custom expiration" do
54
- context "when proper TTL returned" do
55
- before do
56
- Doorkeeper.configure do
57
- orm DOORKEEPER_ORM
58
- custom_access_token_expires_in do |context|
59
- context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
60
- end
61
- end
62
- end
63
-
64
- it "should use the custom ttl" do
65
- subject.authorize
66
- token = Doorkeeper::AccessToken.first
67
- expect(token.expires_in).to eq(1234)
68
- end
69
- end
70
-
71
- context "when nil TTL returned" do
72
- before do
73
- Doorkeeper.configure do
74
- orm DOORKEEPER_ORM
75
- access_token_expires_in 654
76
- custom_access_token_expires_in do |_context|
77
- nil
78
- end
79
- end
80
- end
81
-
82
- it "should fallback to access_token_expires_in" do
83
- subject.authorize
84
- token = Doorkeeper::AccessToken.first
85
- expect(token.expires_in).to eq(654)
86
- end
87
- end
88
-
89
- context "when infinite TTL returned" do
90
- before do
91
- Doorkeeper.configure do
92
- orm DOORKEEPER_ORM
93
- access_token_expires_in 654
94
- custom_access_token_expires_in do |_context|
95
- Float::INFINITY
96
- end
97
- end
98
- end
99
-
100
- it "should fallback to access_token_expires_in" do
101
- subject.authorize
102
- token = Doorkeeper::AccessToken.first
103
- expect(token.expires_in).to be_nil
104
- end
105
- end
106
- end
107
-
108
- context "token reuse" do
109
- it "creates a new token if there are no matching tokens" do
110
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
111
- expect do
112
- subject.authorize
113
- end.to change { Doorkeeper::AccessToken.count }.by(1)
114
- end
115
-
116
- it "creates a new token if scopes do not match" do
117
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
118
- FactoryBot.create(
119
- :access_token,
120
- application_id: pre_auth.client.id,
121
- resource_owner_id: owner.id,
122
- resource_owner_type: owner.class.name,
123
- scopes: "",
124
- )
125
-
126
- expect do
127
- subject.authorize
128
- end.to change { Doorkeeper::AccessToken.count }.by(1)
129
- end
130
-
131
- it "skips token creation if there is a matching one reusable" do
132
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
133
- allow(application.scopes).to receive(:has_scopes?).and_return(true)
134
- allow(application.scopes).to receive(:all?).and_return(true)
135
-
136
- FactoryBot.create(
137
- :access_token, application_id: pre_auth.client.id,
138
- resource_owner_id: owner.id, resource_owner_type: owner.class.name, scopes: "public",
139
- )
140
-
141
- expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
142
- end
143
-
144
- it "creates new token if there is a matching one but non reusable" do
145
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
146
- allow(application.scopes).to receive(:has_scopes?).and_return(true)
147
- allow(application.scopes).to receive(:all?).and_return(true)
148
-
149
- FactoryBot.create(
150
- :access_token,
151
- application_id: pre_auth.client.id,
152
- resource_owner_id: owner.id,
153
- resource_owner_type: owner.class.name,
154
- scopes: "public",
155
- )
156
-
157
- allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
158
-
159
- expect do
160
- subject.authorize
161
- end.to change { Doorkeeper::AccessToken.count }.by(1)
162
- end
163
- end
164
- end