doorkeeper 5.4.0.rc1 → 5.5.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +108 -9
- data/README.md +4 -4
- data/app/controllers/doorkeeper/applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +16 -12
- data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
- data/config/locales/en.yml +3 -1
- data/lib/doorkeeper.rb +6 -1
- data/lib/doorkeeper/config.rb +109 -78
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/config/option.rb +1 -3
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/helpers/controller.rb +8 -4
- data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
- data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
- data/lib/doorkeeper/oauth/base_request.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
- data/lib/doorkeeper/oauth/code_request.rb +2 -2
- data/lib/doorkeeper/oauth/code_response.rb +17 -11
- data/lib/doorkeeper/oauth/error_response.rb +4 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
- data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
- data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
- data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
- data/lib/doorkeeper/oauth/token.rb +4 -5
- data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
- data/lib/doorkeeper/oauth/token_request.rb +1 -1
- data/lib/doorkeeper/orm/active_record.rb +5 -6
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
- data/lib/doorkeeper/rails/routes.rb +1 -3
- data/lib/doorkeeper/rake/db.rake +3 -3
- data/lib/doorkeeper/rake/setup.rake +5 -0
- data/lib/doorkeeper/request.rb +49 -12
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/server.rb +1 -1
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +2 -6
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
- data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
- metadata +25 -306
- data/Appraisals +0 -26
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -30
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -19
- data/gemfiles/rails_5_1.gemfile +0 -19
- data/gemfiles/rails_5_2.gemfile +0 -19
- data/gemfiles/rails_6_0.gemfile +0 -19
- data/gemfiles/rails_master.gemfile +0 -19
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -743
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -499
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -11
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/config/application.rb +0 -51
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -70
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -813
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -58
- data/spec/lib/models/scopes_spec.rb +0 -61
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
- data/spec/lib/oauth/base_request_spec.rb +0 -210
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -164
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/option_spec.rb +0 -51
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -102
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
- data/spec/models/doorkeeper/access_token_spec.rb +0 -650
- data/spec/models/doorkeeper/application_spec.rb +0 -442
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
- data/spec/requests/flows/authorization_code_spec.rb +0 -530
- data/spec/requests/flows/client_credentials_spec.rb +0 -207
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -241
- data/spec/requests/flows/revoke_token_spec.rb +0 -196
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -14
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -56
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
@@ -1,166 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper::OAuth::RefreshTokenRequest do
|
6
|
-
let(:server) do
|
7
|
-
double :server, access_token_expires_in: 2.minutes
|
8
|
-
end
|
9
|
-
|
10
|
-
let(:refresh_token) do
|
11
|
-
FactoryBot.create(:access_token, use_refresh_token: true)
|
12
|
-
end
|
13
|
-
|
14
|
-
let(:client) { refresh_token.application }
|
15
|
-
let(:credentials) { Doorkeeper::OAuth::Client::Credentials.new(client.uid, client.secret) }
|
16
|
-
|
17
|
-
before do
|
18
|
-
allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
|
19
|
-
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(false)
|
20
|
-
end
|
21
|
-
|
22
|
-
subject { described_class.new(server, refresh_token, credentials) }
|
23
|
-
|
24
|
-
it "issues a new token for the client" do
|
25
|
-
expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
|
26
|
-
# #sort_by used for MongoDB ORM extensions for valid ordering
|
27
|
-
expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(refresh_token.expires_in)
|
28
|
-
end
|
29
|
-
|
30
|
-
it "issues a new token for the client with the same expiry as of original token" do
|
31
|
-
allow(server).to receive(:option_defined?).with(:custom_access_token_expires_in).and_return(true)
|
32
|
-
allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(false)
|
33
|
-
|
34
|
-
described_class.new(server, refresh_token, credentials).authorize
|
35
|
-
|
36
|
-
# #sort_by used for MongoDB ORM extensions for valid ordering
|
37
|
-
expect(client.reload.access_tokens.max_by(&:created_at).expires_in).to eq(refresh_token.expires_in)
|
38
|
-
end
|
39
|
-
|
40
|
-
it "revokes the previous token" do
|
41
|
-
expect { subject.authorize }.to change { refresh_token.revoked? }.from(false).to(true)
|
42
|
-
end
|
43
|
-
|
44
|
-
it "calls configured request callback methods" do
|
45
|
-
expect(Doorkeeper.configuration.before_successful_strategy_response)
|
46
|
-
.to receive(:call).with(subject).once
|
47
|
-
|
48
|
-
expect(Doorkeeper.configuration.after_successful_strategy_response)
|
49
|
-
.to receive(:call).with(subject, instance_of(Doorkeeper::OAuth::TokenResponse)).once
|
50
|
-
|
51
|
-
subject.authorize
|
52
|
-
end
|
53
|
-
|
54
|
-
it "requires the refresh token" do
|
55
|
-
request = described_class.new(server, nil, credentials)
|
56
|
-
request.validate
|
57
|
-
expect(request.error).to eq(:invalid_request)
|
58
|
-
expect(request.missing_param).to eq(:refresh_token)
|
59
|
-
end
|
60
|
-
|
61
|
-
it "requires credentials to be valid if provided" do
|
62
|
-
credentials = Doorkeeper::OAuth::Client::Credentials.new("invalid", "invalid")
|
63
|
-
request = described_class.new(server, refresh_token, credentials)
|
64
|
-
request.validate
|
65
|
-
expect(request.error).to eq(:invalid_client)
|
66
|
-
end
|
67
|
-
|
68
|
-
it "requires the token's client and current client to match" do
|
69
|
-
other_app = FactoryBot.create(:application)
|
70
|
-
credentials = Doorkeeper::OAuth::Client::Credentials.new(other_app.uid, other_app.secret)
|
71
|
-
|
72
|
-
request = described_class.new(server, refresh_token, credentials)
|
73
|
-
request.validate
|
74
|
-
expect(request.error).to eq(:invalid_grant)
|
75
|
-
end
|
76
|
-
|
77
|
-
it "rejects revoked tokens" do
|
78
|
-
refresh_token.revoke
|
79
|
-
subject.validate
|
80
|
-
expect(subject.error).to eq(:invalid_grant)
|
81
|
-
end
|
82
|
-
|
83
|
-
it "accepts expired tokens" do
|
84
|
-
refresh_token.expires_in = -1
|
85
|
-
refresh_token.save
|
86
|
-
subject.validate
|
87
|
-
expect(subject).to be_valid
|
88
|
-
end
|
89
|
-
|
90
|
-
context "refresh tokens expire on access token use" do
|
91
|
-
before do
|
92
|
-
allow(Doorkeeper::AccessToken).to receive(:refresh_token_revoked_on_use?).and_return(true)
|
93
|
-
end
|
94
|
-
|
95
|
-
it "issues a new token for the client" do
|
96
|
-
expect { subject.authorize }.to change { client.reload.access_tokens.count }.by(1)
|
97
|
-
end
|
98
|
-
|
99
|
-
it "does not revoke the previous token" do
|
100
|
-
subject.authorize
|
101
|
-
expect(refresh_token).not_to be_revoked
|
102
|
-
end
|
103
|
-
|
104
|
-
it "sets the previous refresh token in the new access token" do
|
105
|
-
subject.authorize
|
106
|
-
expect(
|
107
|
-
# #sort_by used for MongoDB ORM extensions for valid ordering
|
108
|
-
client.access_tokens.max_by(&:created_at).previous_refresh_token,
|
109
|
-
).to eq(refresh_token.refresh_token)
|
110
|
-
end
|
111
|
-
end
|
112
|
-
|
113
|
-
context "clientless access tokens" do
|
114
|
-
let!(:refresh_token) { FactoryBot.create(:clientless_access_token, use_refresh_token: true) }
|
115
|
-
|
116
|
-
subject { described_class.new server, refresh_token, nil }
|
117
|
-
|
118
|
-
it "issues a new token without a client" do
|
119
|
-
expect { subject.authorize }.to change { Doorkeeper::AccessToken.count }.by(1)
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
|
-
context "with scopes" do
|
124
|
-
let(:refresh_token) do
|
125
|
-
FactoryBot.create :access_token,
|
126
|
-
use_refresh_token: true,
|
127
|
-
scopes: "public write"
|
128
|
-
end
|
129
|
-
let(:parameters) { {} }
|
130
|
-
|
131
|
-
subject { described_class.new server, refresh_token, credentials, parameters }
|
132
|
-
|
133
|
-
it "transfers scopes from the old token to the new token" do
|
134
|
-
subject.authorize
|
135
|
-
expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public write])
|
136
|
-
end
|
137
|
-
|
138
|
-
it "reduces scopes to the provided scopes" do
|
139
|
-
parameters[:scopes] = "public"
|
140
|
-
subject.authorize
|
141
|
-
expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public])
|
142
|
-
end
|
143
|
-
|
144
|
-
it "validates that scopes are included in the original access token" do
|
145
|
-
parameters[:scopes] = "public update"
|
146
|
-
|
147
|
-
subject.validate
|
148
|
-
expect(subject.error).to eq(:invalid_scope)
|
149
|
-
end
|
150
|
-
|
151
|
-
it "uses params[:scope] in favor of scopes if present (valid)" do
|
152
|
-
parameters[:scopes] = "public update"
|
153
|
-
parameters[:scope] = "public"
|
154
|
-
subject.authorize
|
155
|
-
expect(Doorkeeper::AccessToken.last.scopes).to eq(%i[public])
|
156
|
-
end
|
157
|
-
|
158
|
-
it "uses params[:scope] in favor of scopes if present (invalid)" do
|
159
|
-
parameters[:scopes] = "public"
|
160
|
-
parameters[:scope] = "public update"
|
161
|
-
|
162
|
-
subject.validate
|
163
|
-
expect(subject.error).to eq(:invalid_scope)
|
164
|
-
end
|
165
|
-
end
|
166
|
-
end
|
@@ -1,146 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper::OAuth::Scopes do
|
6
|
-
describe "#add" do
|
7
|
-
it "allows you to add scopes with symbols" do
|
8
|
-
subject.add :public
|
9
|
-
expect(subject.all).to eq(["public"])
|
10
|
-
end
|
11
|
-
|
12
|
-
it "allows you to add scopes with strings" do
|
13
|
-
subject.add "public"
|
14
|
-
expect(subject.all).to eq(["public"])
|
15
|
-
end
|
16
|
-
|
17
|
-
it "do not add already included scopes" do
|
18
|
-
subject.add :public
|
19
|
-
subject.add :public
|
20
|
-
expect(subject.all).to eq(["public"])
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
describe "#exists" do
|
25
|
-
before do
|
26
|
-
subject.add :public
|
27
|
-
end
|
28
|
-
|
29
|
-
it "returns true if scope with given name is present" do
|
30
|
-
expect(subject.exists?("public")).to be_truthy
|
31
|
-
end
|
32
|
-
|
33
|
-
it "returns false if scope with given name does not exist" do
|
34
|
-
expect(subject.exists?("other")).to be_falsey
|
35
|
-
end
|
36
|
-
|
37
|
-
it "handles symbols" do
|
38
|
-
expect(subject.exists?(:public)).to be_truthy
|
39
|
-
expect(subject.exists?(:other)).to be_falsey
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
describe ".from_string" do
|
44
|
-
let(:string) { "public write" }
|
45
|
-
|
46
|
-
subject { described_class.from_string(string) }
|
47
|
-
|
48
|
-
it { expect(subject).to be_a(described_class) }
|
49
|
-
|
50
|
-
describe "#all" do
|
51
|
-
it "should be an array of the expected scopes" do
|
52
|
-
scopes_array = subject.all
|
53
|
-
expect(scopes_array.size).to eq(2)
|
54
|
-
expect(scopes_array).to include("public")
|
55
|
-
expect(scopes_array).to include("write")
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
describe "#+" do
|
61
|
-
it "can add to another scope object" do
|
62
|
-
scopes = described_class.from_string("public") + described_class.from_string("admin")
|
63
|
-
expect(scopes.all).to eq(%w[public admin])
|
64
|
-
end
|
65
|
-
|
66
|
-
it "does not change the existing object" do
|
67
|
-
origin = described_class.from_string("public")
|
68
|
-
expect(origin.to_s).to eq("public")
|
69
|
-
end
|
70
|
-
|
71
|
-
it "can add an array to a scope object" do
|
72
|
-
scopes = described_class.from_string("public") + ["admin"]
|
73
|
-
expect(scopes.all).to eq(%w[public admin])
|
74
|
-
end
|
75
|
-
|
76
|
-
it "raises an error if cannot handle addition" do
|
77
|
-
expect do
|
78
|
-
described_class.from_string("public") + "admin"
|
79
|
-
end.to raise_error(NoMethodError)
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
|
-
describe "#&" do
|
84
|
-
it "can get intersection with another scope object" do
|
85
|
-
scopes = described_class.from_string("public admin") & described_class.from_string("write admin")
|
86
|
-
expect(scopes.all).to eq(%w[admin])
|
87
|
-
end
|
88
|
-
|
89
|
-
it "does not change the existing object" do
|
90
|
-
origin = described_class.from_string("public admin")
|
91
|
-
origin & described_class.from_string("write admin")
|
92
|
-
expect(origin.to_s).to eq("public admin")
|
93
|
-
end
|
94
|
-
|
95
|
-
it "can get intersection with an array" do
|
96
|
-
scopes = described_class.from_string("public admin") & %w[write admin]
|
97
|
-
expect(scopes.all).to eq(%w[admin])
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
describe "#==" do
|
102
|
-
it "is equal to another set of scopes" do
|
103
|
-
expect(described_class.from_string("public")).to eq(described_class.from_string("public"))
|
104
|
-
end
|
105
|
-
|
106
|
-
it "is equal to another set of scopes with no particular order" do
|
107
|
-
expect(described_class.from_string("public write")).to eq(described_class.from_string("write public"))
|
108
|
-
end
|
109
|
-
|
110
|
-
it "differs from another set of scopes when scopes are not the same" do
|
111
|
-
expect(described_class.from_string("public write")).not_to eq(described_class.from_string("write"))
|
112
|
-
end
|
113
|
-
|
114
|
-
it "does not raise an error when compared to a non-enumerable object" do
|
115
|
-
expect { described_class.from_string("public") == false }.not_to raise_error
|
116
|
-
end
|
117
|
-
end
|
118
|
-
|
119
|
-
describe "#has_scopes?" do
|
120
|
-
subject { described_class.from_string("public admin") }
|
121
|
-
|
122
|
-
it "returns true when at least one scope is included" do
|
123
|
-
expect(subject.has_scopes?(described_class.from_string("public"))).to be_truthy
|
124
|
-
end
|
125
|
-
|
126
|
-
it "returns true when all scopes are included" do
|
127
|
-
expect(subject.has_scopes?(described_class.from_string("public admin"))).to be_truthy
|
128
|
-
end
|
129
|
-
|
130
|
-
it "is true if all scopes are included in any order" do
|
131
|
-
expect(subject.has_scopes?(described_class.from_string("admin public"))).to be_truthy
|
132
|
-
end
|
133
|
-
|
134
|
-
it "is false if no scopes are included" do
|
135
|
-
expect(subject.has_scopes?(described_class.from_string("notexistent"))).to be_falsey
|
136
|
-
end
|
137
|
-
|
138
|
-
it "returns false when any scope is not included" do
|
139
|
-
expect(subject.has_scopes?(described_class.from_string("public nope"))).to be_falsey
|
140
|
-
end
|
141
|
-
|
142
|
-
it "is false if no scopes are included even for existing ones" do
|
143
|
-
expect(subject.has_scopes?(described_class.from_string("public admin notexistent"))).to be_falsey
|
144
|
-
end
|
145
|
-
end
|
146
|
-
end
|
@@ -1,164 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
|
5
|
-
describe Doorkeeper::OAuth::TokenRequest do
|
6
|
-
let :application do
|
7
|
-
FactoryBot.create(:application, scopes: "public")
|
8
|
-
end
|
9
|
-
|
10
|
-
let :pre_auth do
|
11
|
-
server = Doorkeeper.config
|
12
|
-
allow(server).to receive(:default_scopes).and_return(Doorkeeper::OAuth::Scopes.from_string("public"))
|
13
|
-
allow(server).to receive(:grant_flows).and_return(Doorkeeper::OAuth::Scopes.from_string("implicit"))
|
14
|
-
|
15
|
-
client = Doorkeeper::OAuth::Client.new(application)
|
16
|
-
|
17
|
-
attributes = {
|
18
|
-
client_id: client.uid,
|
19
|
-
response_type: "token",
|
20
|
-
redirect_uri: "https://app.com/callback",
|
21
|
-
}
|
22
|
-
|
23
|
-
pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
|
24
|
-
pre_auth.authorizable?
|
25
|
-
pre_auth
|
26
|
-
end
|
27
|
-
|
28
|
-
let :owner do
|
29
|
-
FactoryBot.create(:doorkeeper_testing_user)
|
30
|
-
end
|
31
|
-
|
32
|
-
subject do
|
33
|
-
described_class.new(pre_auth, owner)
|
34
|
-
end
|
35
|
-
|
36
|
-
it "creates an access token" do
|
37
|
-
expect do
|
38
|
-
subject.authorize
|
39
|
-
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
40
|
-
end
|
41
|
-
|
42
|
-
it "returns a code response" do
|
43
|
-
expect(subject.authorize).to be_a(Doorkeeper::OAuth::CodeResponse)
|
44
|
-
end
|
45
|
-
|
46
|
-
context "when pre_auth is denied" do
|
47
|
-
it "does not create token and returns a error response" do
|
48
|
-
expect { subject.deny }.not_to(change { Doorkeeper::AccessToken.count })
|
49
|
-
expect(subject.deny).to be_a(Doorkeeper::OAuth::ErrorResponse)
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
describe "with custom expiration" do
|
54
|
-
context "when proper TTL returned" do
|
55
|
-
before do
|
56
|
-
Doorkeeper.configure do
|
57
|
-
orm DOORKEEPER_ORM
|
58
|
-
custom_access_token_expires_in do |context|
|
59
|
-
context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
it "should use the custom ttl" do
|
65
|
-
subject.authorize
|
66
|
-
token = Doorkeeper::AccessToken.first
|
67
|
-
expect(token.expires_in).to eq(1234)
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
|
-
context "when nil TTL returned" do
|
72
|
-
before do
|
73
|
-
Doorkeeper.configure do
|
74
|
-
orm DOORKEEPER_ORM
|
75
|
-
access_token_expires_in 654
|
76
|
-
custom_access_token_expires_in do |_context|
|
77
|
-
nil
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
it "should fallback to access_token_expires_in" do
|
83
|
-
subject.authorize
|
84
|
-
token = Doorkeeper::AccessToken.first
|
85
|
-
expect(token.expires_in).to eq(654)
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
context "when infinite TTL returned" do
|
90
|
-
before do
|
91
|
-
Doorkeeper.configure do
|
92
|
-
orm DOORKEEPER_ORM
|
93
|
-
access_token_expires_in 654
|
94
|
-
custom_access_token_expires_in do |_context|
|
95
|
-
Float::INFINITY
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
100
|
-
it "should fallback to access_token_expires_in" do
|
101
|
-
subject.authorize
|
102
|
-
token = Doorkeeper::AccessToken.first
|
103
|
-
expect(token.expires_in).to be_nil
|
104
|
-
end
|
105
|
-
end
|
106
|
-
end
|
107
|
-
|
108
|
-
context "token reuse" do
|
109
|
-
it "creates a new token if there are no matching tokens" do
|
110
|
-
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
111
|
-
expect do
|
112
|
-
subject.authorize
|
113
|
-
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
114
|
-
end
|
115
|
-
|
116
|
-
it "creates a new token if scopes do not match" do
|
117
|
-
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
118
|
-
FactoryBot.create(
|
119
|
-
:access_token,
|
120
|
-
application_id: pre_auth.client.id,
|
121
|
-
resource_owner_id: owner.id,
|
122
|
-
resource_owner_type: owner.class.name,
|
123
|
-
scopes: "",
|
124
|
-
)
|
125
|
-
|
126
|
-
expect do
|
127
|
-
subject.authorize
|
128
|
-
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
129
|
-
end
|
130
|
-
|
131
|
-
it "skips token creation if there is a matching one reusable" do
|
132
|
-
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
133
|
-
allow(application.scopes).to receive(:has_scopes?).and_return(true)
|
134
|
-
allow(application.scopes).to receive(:all?).and_return(true)
|
135
|
-
|
136
|
-
FactoryBot.create(
|
137
|
-
:access_token, application_id: pre_auth.client.id,
|
138
|
-
resource_owner_id: owner.id, resource_owner_type: owner.class.name, scopes: "public",
|
139
|
-
)
|
140
|
-
|
141
|
-
expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
|
142
|
-
end
|
143
|
-
|
144
|
-
it "creates new token if there is a matching one but non reusable" do
|
145
|
-
allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
|
146
|
-
allow(application.scopes).to receive(:has_scopes?).and_return(true)
|
147
|
-
allow(application.scopes).to receive(:all?).and_return(true)
|
148
|
-
|
149
|
-
FactoryBot.create(
|
150
|
-
:access_token,
|
151
|
-
application_id: pre_auth.client.id,
|
152
|
-
resource_owner_id: owner.id,
|
153
|
-
resource_owner_type: owner.class.name,
|
154
|
-
scopes: "public",
|
155
|
-
)
|
156
|
-
|
157
|
-
allow_any_instance_of(Doorkeeper::AccessToken).to receive(:reusable?).and_return(false)
|
158
|
-
|
159
|
-
expect do
|
160
|
-
subject.authorize
|
161
|
-
end.to change { Doorkeeper::AccessToken.count }.by(1)
|
162
|
-
end
|
163
|
-
end
|
164
|
-
end
|