doorkeeper 5.4.0.rc1 → 5.5.0

data/spec/requests/protected_resources/metal_spec.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "ActionController::Metal API" do
-  before do
-    @client   = FactoryBot.create(:application)
-    @resource = User.create!(name: "Joe", password: "sekret")
-    @token    = client_is_authorized(@client, @resource)
-  end
-
-  it "client requests protected resource with valid token" do
-    get "/metal.json?access_token=#{@token.token}"
-    should_have_json "ok", true
-  end
-end

data/spec/requests/protected_resources/private_api_spec.rb

@@ -1,83 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-feature "Private API" do
-  background do
-    @client   = FactoryBot.create(:application)
-    @resource = User.create!(name: "Joe", password: "sekret")
-    @token    = client_is_authorized(@client, @resource)
-  end
-
-  scenario "client requests protected resource with valid token" do
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    expect(page.body).to have_content("index")
-  end
-
-  scenario "client requests protected resource with disabled header authentication" do
-    config_is_set :access_token_methods, [:from_access_token_param]
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    response_status_should_be 401
-  end
-
-  scenario "client attempts to request protected resource with invalid token" do
-    with_access_token_header "invalid"
-    visit "/full_protected_resources"
-    response_status_should_be 401
-  end
-
-  scenario "client attempts to request protected resource with expired token" do
-    @token.update_attribute :expires_in, -100 # expires token
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    response_status_should_be 401
-  end
-
-  scenario "client requests protected resource with permanent token" do
-    @token.update_attribute :expires_in, nil # never expires
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    expect(page.body).to have_content("index")
-  end
-
-  scenario "access token with no default scopes" do
-    Doorkeeper.configuration.instance_eval do
-      @default_scopes = Doorkeeper::OAuth::Scopes.from_array([:public])
-      @scopes = default_scopes + optional_scopes
-    end
-    @token.update_attribute :scopes, "dummy"
-    with_access_token_header @token.token
-    visit "/full_protected_resources"
-    response_status_should_be 403
-  end
-
-  scenario "access token with no allowed scopes" do
-    @token.update_attribute :scopes, nil
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    response_status_should_be 403
-  end
-
-  scenario "access token with one of allowed scopes" do
-    @token.update_attribute :scopes, "admin"
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    expect(page.body).to have_content("show")
-  end
-
-  scenario "access token with another of allowed scopes" do
-    @token.update_attribute :scopes, "write"
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    expect(page.body).to have_content("show")
-  end
-
-  scenario "access token with both allowed scopes" do
-    @token.update_attribute :scopes, "write admin"
-    with_access_token_header @token.token
-    visit "/full_protected_resources/1.json"
-    expect(page.body).to have_content("show")
-  end
-end

data/spec/routing/custom_controller_routes_spec.rb

@@ -1,133 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Custom controller for routes" do
-  before :all do
-    Doorkeeper.configure do
-      orm DOORKEEPER_ORM
-    end
-
-    Rails.application.routes.disable_clear_and_finalize = true
-
-    Rails.application.routes.draw do
-      scope "inner_space" do
-        use_doorkeeper scope: "scope" do
-          controllers authorizations: "custom_authorizations",
-                      tokens: "custom_authorizations",
-                      applications: "custom_authorizations",
-                      token_info: "custom_authorizations"
-
-          as authorizations: "custom_auth",
-             tokens: "custom_token",
-             token_info: "custom_token_info"
-        end
-      end
-
-      scope "space" do
-        use_doorkeeper do
-          controllers authorizations: "custom_authorizations",
-                      tokens: "custom_authorizations",
-                      applications: "custom_authorizations",
-                      token_info: "custom_authorizations"
-
-          as authorizations: "custom_auth",
-             tokens: "custom_token",
-             token_info: "custom_token_info"
-        end
-      end
-
-      scope "outer_space" do
-        use_doorkeeper do
-          controllers authorizations: "custom_authorizations",
-                      tokens: "custom_authorizations",
-                      token_info: "custom_authorizations"
-
-          as authorizations: "custom_auth",
-             tokens: "custom_token",
-             token_info: "custom_token_info"
-
-          skip_controllers :tokens, :applications, :token_info
-        end
-      end
-    end
-  end
-
-  after :all do
-    Rails.application.routes.clear!
-
-    load File.expand_path("../dummy/config/routes.rb", __dir__)
-  end
-
-  it "GET /inner_space/scope/authorize routes to custom authorizations controller" do
-    expect(get("/inner_space/scope/authorize")).to route_to("custom_authorizations#new")
-  end
-
-  it "POST /inner_space/scope/authorize routes to custom authorizations controller" do
-    expect(post("/inner_space/scope/authorize")).to route_to("custom_authorizations#create")
-  end
-
-  it "DELETE /inner_space/scope/authorize routes to custom authorizations controller" do
-    expect(delete("/inner_space/scope/authorize")).to route_to("custom_authorizations#destroy")
-  end
-
-  it "POST /inner_space/scope/token routes to tokens controller" do
-    expect(post("/inner_space/scope/token")).to route_to("custom_authorizations#create")
-  end
-
-  it "GET /inner_space/scope/applications routes to applications controller" do
-    expect(get("/inner_space/scope/applications")).to route_to("custom_authorizations#index")
-  end
-
-  it "GET /inner_space/scope/token/info routes to the token_info controller" do
-    expect(get("/inner_space/scope/token/info")).to route_to("custom_authorizations#show")
-  end
-
-  it "GET /space/oauth/authorize routes to custom authorizations controller" do
-    expect(get("/space/oauth/authorize")).to route_to("custom_authorizations#new")
-  end
-
-  it "POST /space/oauth/authorize routes to custom authorizations controller" do
-    expect(post("/space/oauth/authorize")).to route_to("custom_authorizations#create")
-  end
-
-  it "DELETE /space/oauth/authorize routes to custom authorizations controller" do
-    expect(delete("/space/oauth/authorize")).to route_to("custom_authorizations#destroy")
-  end
-
-  it "POST /space/oauth/token routes to tokens controller" do
-    expect(post("/space/oauth/token")).to route_to("custom_authorizations#create")
-  end
-
-  it "POST /space/oauth/revoke routes to tokens controller" do
-    expect(post("/space/oauth/revoke")).to route_to("custom_authorizations#revoke")
-  end
-
-  it "POST /space/oauth/introspect routes to tokens controller" do
-    expect(post("/space/oauth/introspect")).to route_to("custom_authorizations#introspect")
-  end
-
-  it "GET /space/oauth/applications routes to applications controller" do
-    expect(get("/space/oauth/applications")).to route_to("custom_authorizations#index")
-  end
-
-  it "GET /space/oauth/token/info routes to the token_info controller" do
-    expect(get("/space/oauth/token/info")).to route_to("custom_authorizations#show")
-  end
-
-  it "POST /outer_space/oauth/token is not be routable" do
-    expect(post("/outer_space/oauth/token")).not_to be_routable
-  end
-
-  it "GET /outer_space/oauth/authorize routes to custom authorizations controller" do
-    expect(get("/outer_space/oauth/authorize")).to be_routable
-  end
-
-  it "GET /outer_space/oauth/applications is not routable" do
-    expect(get("/outer_space/oauth/applications")).not_to be_routable
-  end
-
-  it "GET /outer_space/oauth/token_info is not routable" do
-    expect(get("/outer_space/oauth/token/info")).not_to be_routable
-  end
-end

data/spec/routing/default_routes_spec.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Default routes" do
-  it "GET /oauth/authorize routes to authorizations controller" do
-    expect(get("/oauth/authorize")).to route_to("doorkeeper/authorizations#new")
-  end
-
-  it "POST /oauth/authorize routes to authorizations controller" do
-    expect(post("/oauth/authorize")).to route_to("doorkeeper/authorizations#create")
-  end
-
-  it "DELETE /oauth/authorize routes to authorizations controller" do
-    expect(delete("/oauth/authorize")).to route_to("doorkeeper/authorizations#destroy")
-  end
-
-  it "POST /oauth/token routes to tokens controller" do
-    expect(post("/oauth/token")).to route_to("doorkeeper/tokens#create")
-  end
-
-  it "POST /oauth/revoke routes to tokens controller" do
-    expect(post("/oauth/revoke")).to route_to("doorkeeper/tokens#revoke")
-  end
-
-  it "POST /oauth/introspect routes to tokens controller" do
-    expect(post("/oauth/introspect")).to route_to("doorkeeper/tokens#introspect")
-  end
-
-  it "GET /oauth/applications routes to applications controller" do
-    expect(get("/oauth/applications")).to route_to("doorkeeper/applications#index")
-  end
-
-  it "GET /oauth/authorized_applications routes to authorized applications controller" do
-    expect(get("/oauth/authorized_applications")).to route_to("doorkeeper/authorized_applications#index")
-  end
-
-  it "GET /oauth/token/info route to authorized TokenInfo controller" do
-    expect(get("/oauth/token/info")).to route_to("doorkeeper/token_info#show")
-  end
-end

data/spec/routing/scoped_routes_spec.rb

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe "Scoped routes" do
-  before :all do
-    Rails.application.routes.disable_clear_and_finalize = true
-
-    Rails.application.routes.draw do
-      use_doorkeeper scope: "scope"
-    end
-  end
-
-  after :all do
-    Rails.application.routes.clear!
-
-    load File.expand_path("../dummy/config/routes.rb", __dir__)
-  end
-
-  it "GET /scope/authorize routes to authorizations controller" do
-    expect(get("/scope/authorize")).to route_to("doorkeeper/authorizations#new")
-  end
-
-  it "POST /scope/authorize routes to authorizations controller" do
-    expect(post("/scope/authorize")).to route_to("doorkeeper/authorizations#create")
-  end
-
-  it "DELETE /scope/authorize routes to authorizations controller" do
-    expect(delete("/scope/authorize")).to route_to("doorkeeper/authorizations#destroy")
-  end
-
-  it "POST /scope/token routes to tokens controller" do
-    expect(post("/scope/token")).to route_to("doorkeeper/tokens#create")
-  end
-
-  it "GET /scope/applications routes to applications controller" do
-    expect(get("/scope/applications")).to route_to("doorkeeper/applications#index")
-  end
-
-  it "GET /scope/authorized_applications routes to authorized applications controller" do
-    expect(get("/scope/authorized_applications")).to route_to("doorkeeper/authorized_applications#index")
-  end
-
-  it "GET /scope/token/info route to authorized TokenInfo controller" do
-    expect(get("/scope/token/info")).to route_to("doorkeeper/token_info#show")
-  end
-end

data/spec/spec_helper.rb

@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-require "coveralls"
-
-Coveralls.wear!("rails") do
-  add_filter("/spec/")
-  add_filter("/lib/generators/doorkeeper/templates/")
-end
-
-ENV["RAILS_ENV"] ||= "test"
-
-$LOAD_PATH.unshift File.dirname(__FILE__)
-
-require "#{File.dirname(__FILE__)}/support/doorkeeper_rspec.rb"
-
-DOORKEEPER_ORM = Doorkeeper::RSpec.detect_orm
-
-require "dummy/config/environment"
-require "rspec/rails"
-require "capybara/rspec"
-require "database_cleaner"
-require "generator_spec/test_case"
-
-# Load JRuby SQLite3 if in that platform
-if defined? JRUBY_VERSION
-  require "jdbc/sqlite3"
-  Jdbc::SQLite3.load_driver
-end
-
-Doorkeeper::RSpec.print_configuration_info
-
-require "support/orm/#{DOORKEEPER_ORM}"
-
-Dir["#{File.dirname(__FILE__)}/support/{dependencies,helpers,shared}/*.rb"].sort.each { |file| require file }
-
-RSpec.configure do |config|
-  config.infer_spec_type_from_file_location!
-  config.mock_with :rspec
-
-  config.infer_base_class_for_anonymous_controllers = false
-
-  config.include RSpec::Rails::RequestExampleGroup, type: :request
-
-  config.before do
-    DatabaseCleaner.start
-    Doorkeeper.configure { orm DOORKEEPER_ORM }
-  end
-
-  config.after do
-    DatabaseCleaner.clean
-  end
-
-  config.order = "random"
-end

data/spec/spec_helper_integration.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-# For compatibility only
-require "spec_helper"

data/spec/support/dependencies/factory_bot.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-require "factory_bot"
-FactoryBot.find_definitions

data/spec/support/doorkeeper_rspec.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
-  class RSpec
-    # Print's useful information about env: Ruby / Rails versions,
-    # Doorkeeper configuration, etc.
-    def self.print_configuration_info
-      puts <<-INFO.strip_heredoc
-        ====> Doorkeeper ORM: '#{Doorkeeper.configuration.orm}'
-        ====> Doorkeeper version: #{Doorkeeper.gem_version}
-        ====> Rails version: #{::Rails.version}
-        ====> Ruby version: #{RUBY_VERSION} on #{RUBY_PLATFORM}
-      INFO
-    end
-
-    # Tries to find ORM from the Gemfile used to run test suite
-    def self.detect_orm
-      orm = (ENV["BUNDLE_GEMFILE"] || "").match(/Gemfile\.(.+)\.rb/)
-      (orm && orm[1] || ENV["ORM"] || :active_record).to_sym
-    end
-  end
-end

data/spec/support/helpers/access_token_request_helper.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module AccessTokenRequestHelper
-  def client_is_authorized(client, resource_owner, access_token_attributes = {})
-    attributes = {
-      application: client,
-      resource_owner_id: resource_owner.id,
-      resource_owner_type: resource_owner.class.name,
-    }.merge(access_token_attributes)
-    FactoryBot.create(:access_token, attributes)
-  end
-end
-
-RSpec.configuration.send :include, AccessTokenRequestHelper

data/spec/support/helpers/authorization_request_helper.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-module AuthorizationRequestHelper
-  def resource_owner_is_authenticated(resource_owner = nil)
-    resource_owner ||= User.create!(name: "Joe", password: "sekret")
-    Doorkeeper.config.instance_variable_set(:@authenticate_resource_owner, proc { resource_owner })
-  end
-
-  def resource_owner_is_not_authenticated
-    Doorkeeper.config.instance_variable_set(:@authenticate_resource_owner, proc { redirect_to("/sign_in") })
-  end
-
-  def default_scopes_exist(*scopes)
-    Doorkeeper.config.instance_variable_set(:@default_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
-  end
-
-  def optional_scopes_exist(*scopes)
-    Doorkeeper.config.instance_variable_set(:@optional_scopes, Doorkeeper::OAuth::Scopes.from_array(scopes))
-  end
-
-  def client_should_be_authorized(client)
-    expect(client.access_grants.size).to eq(1)
-  end
-
-  def client_should_not_be_authorized(client)
-    expect(client.size).to eq(0)
-  end
-
-  def i_should_be_on_client_callback(client)
-    expect(client.redirect_uri).to eq("#{current_uri.scheme}://#{current_uri.host}#{current_uri.path}")
-  end
-
-  def allowing_forgery_protection(&_block)
-    original_value = ActionController::Base.allow_forgery_protection
-    ActionController::Base.allow_forgery_protection = true
-
-    yield
-  ensure
-    ActionController::Base.allow_forgery_protection = original_value
-  end
-end
-
-RSpec.configuration.send :include, AuthorizationRequestHelper