doorkeeper 5.4.0.rc1 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (219) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +108 -9
  3. data/README.md +4 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  7. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  8. data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
  9. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  10. data/app/views/doorkeeper/applications/show.html.erb +16 -12
  11. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  12. data/config/locales/en.yml +3 -1
  13. data/lib/doorkeeper.rb +6 -1
  14. data/lib/doorkeeper/config.rb +109 -78
  15. data/lib/doorkeeper/config/abstract_builder.rb +1 -1
  16. data/lib/doorkeeper/config/option.rb +1 -3
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/engine.rb +1 -1
  19. data/lib/doorkeeper/grant_flow.rb +45 -0
  20. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  21. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  22. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  23. data/lib/doorkeeper/helpers/controller.rb +8 -4
  24. data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
  25. data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
  26. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
  29. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  30. data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
  31. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
  32. data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
  33. data/lib/doorkeeper/oauth/base_request.rb +1 -1
  34. data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
  35. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
  36. data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
  37. data/lib/doorkeeper/oauth/code_request.rb +2 -2
  38. data/lib/doorkeeper/oauth/code_response.rb +17 -11
  39. data/lib/doorkeeper/oauth/error_response.rb +4 -3
  40. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
  41. data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
  42. data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
  43. data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
  44. data/lib/doorkeeper/oauth/token.rb +4 -5
  45. data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
  46. data/lib/doorkeeper/oauth/token_request.rb +1 -1
  47. data/lib/doorkeeper/orm/active_record.rb +5 -6
  48. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
  49. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
  50. data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
  51. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
  52. data/lib/doorkeeper/rails/routes.rb +1 -3
  53. data/lib/doorkeeper/rake/db.rake +3 -3
  54. data/lib/doorkeeper/rake/setup.rake +5 -0
  55. data/lib/doorkeeper/request.rb +49 -12
  56. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  57. data/lib/doorkeeper/server.rb +1 -1
  58. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  59. data/lib/doorkeeper/version.rb +2 -6
  60. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
  61. data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
  62. data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
  63. metadata +25 -306
  64. data/Appraisals +0 -26
  65. data/CODE_OF_CONDUCT.md +0 -46
  66. data/CONTRIBUTING.md +0 -49
  67. data/Dangerfile +0 -67
  68. data/Dockerfile +0 -29
  69. data/Gemfile +0 -25
  70. data/NEWS.md +0 -1
  71. data/RELEASING.md +0 -11
  72. data/Rakefile +0 -28
  73. data/SECURITY.md +0 -15
  74. data/UPGRADE.md +0 -2
  75. data/bin/console +0 -30
  76. data/doorkeeper.gemspec +0 -42
  77. data/gemfiles/rails_5_0.gemfile +0 -19
  78. data/gemfiles/rails_5_1.gemfile +0 -19
  79. data/gemfiles/rails_5_2.gemfile +0 -19
  80. data/gemfiles/rails_6_0.gemfile +0 -19
  81. data/gemfiles/rails_master.gemfile +0 -19
  82. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  83. data/spec/controllers/applications_controller_spec.rb +0 -274
  84. data/spec/controllers/authorizations_controller_spec.rb +0 -743
  85. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  86. data/spec/controllers/token_info_controller_spec.rb +0 -50
  87. data/spec/controllers/tokens_controller_spec.rb +0 -499
  88. data/spec/dummy/Rakefile +0 -9
  89. data/spec/dummy/app/assets/config/manifest.js +0 -2
  90. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  91. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  92. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  93. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  94. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  95. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  96. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  97. data/spec/dummy/app/models/user.rb +0 -11
  98. data/spec/dummy/app/views/home/index.html.erb +0 -0
  99. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  100. data/spec/dummy/config.ru +0 -6
  101. data/spec/dummy/config/application.rb +0 -51
  102. data/spec/dummy/config/boot.rb +0 -7
  103. data/spec/dummy/config/database.yml +0 -15
  104. data/spec/dummy/config/environment.rb +0 -5
  105. data/spec/dummy/config/environments/development.rb +0 -31
  106. data/spec/dummy/config/environments/production.rb +0 -64
  107. data/spec/dummy/config/environments/test.rb +0 -45
  108. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  109. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  110. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  111. data/spec/dummy/config/initializers/session_store.rb +0 -10
  112. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  113. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  114. data/spec/dummy/config/routes.rb +0 -13
  115. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  116. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  117. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  118. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  119. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  120. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  121. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  122. data/spec/dummy/db/schema.rb +0 -70
  123. data/spec/dummy/public/404.html +0 -26
  124. data/spec/dummy/public/422.html +0 -26
  125. data/spec/dummy/public/500.html +0 -26
  126. data/spec/dummy/public/favicon.ico +0 -0
  127. data/spec/dummy/script/rails +0 -9
  128. data/spec/factories.rb +0 -30
  129. data/spec/generators/application_owner_generator_spec.rb +0 -28
  130. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  131. data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
  132. data/spec/generators/install_generator_spec.rb +0 -36
  133. data/spec/generators/migration_generator_spec.rb +0 -28
  134. data/spec/generators/pkce_generator_spec.rb +0 -28
  135. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  136. data/spec/generators/templates/routes.rb +0 -4
  137. data/spec/generators/views_generator_spec.rb +0 -29
  138. data/spec/grape/grape_integration_spec.rb +0 -137
  139. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  140. data/spec/lib/config_spec.rb +0 -813
  141. data/spec/lib/doorkeeper_spec.rb +0 -27
  142. data/spec/lib/models/expirable_spec.rb +0 -61
  143. data/spec/lib/models/reusable_spec.rb +0 -40
  144. data/spec/lib/models/revocable_spec.rb +0 -58
  145. data/spec/lib/models/scopes_spec.rb +0 -61
  146. data/spec/lib/models/secret_storable_spec.rb +0 -135
  147. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  148. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
  149. data/spec/lib/oauth/base_request_spec.rb +0 -210
  150. data/spec/lib/oauth/base_response_spec.rb +0 -45
  151. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  152. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
  153. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
  154. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
  155. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  156. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
  157. data/spec/lib/oauth/client_spec.rb +0 -38
  158. data/spec/lib/oauth/code_request_spec.rb +0 -46
  159. data/spec/lib/oauth/code_response_spec.rb +0 -36
  160. data/spec/lib/oauth/error_response_spec.rb +0 -64
  161. data/spec/lib/oauth/error_spec.rb +0 -21
  162. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  163. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  164. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  165. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  166. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  167. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  168. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
  169. data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
  170. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  171. data/spec/lib/oauth/scopes_spec.rb +0 -146
  172. data/spec/lib/oauth/token_request_spec.rb +0 -164
  173. data/spec/lib/oauth/token_response_spec.rb +0 -84
  174. data/spec/lib/oauth/token_spec.rb +0 -156
  175. data/spec/lib/option_spec.rb +0 -51
  176. data/spec/lib/request/strategy_spec.rb +0 -54
  177. data/spec/lib/secret_storing/base_spec.rb +0 -60
  178. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  179. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  180. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  181. data/spec/lib/server_spec.rb +0 -49
  182. data/spec/lib/stale_records_cleaner_spec.rb +0 -102
  183. data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
  184. data/spec/models/doorkeeper/access_token_spec.rb +0 -650
  185. data/spec/models/doorkeeper/application_spec.rb +0 -442
  186. data/spec/requests/applications/applications_request_spec.rb +0 -259
  187. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  188. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  189. data/spec/requests/endpoints/token_spec.rb +0 -79
  190. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
  191. data/spec/requests/flows/authorization_code_spec.rb +0 -530
  192. data/spec/requests/flows/client_credentials_spec.rb +0 -207
  193. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  194. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  195. data/spec/requests/flows/password_spec.rb +0 -316
  196. data/spec/requests/flows/refresh_token_spec.rb +0 -241
  197. data/spec/requests/flows/revoke_token_spec.rb +0 -196
  198. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  199. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  200. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  201. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  202. data/spec/routing/default_routes_spec.rb +0 -41
  203. data/spec/routing/scoped_routes_spec.rb +0 -47
  204. data/spec/spec_helper.rb +0 -54
  205. data/spec/spec_helper_integration.rb +0 -4
  206. data/spec/support/dependencies/factory_bot.rb +0 -4
  207. data/spec/support/doorkeeper_rspec.rb +0 -22
  208. data/spec/support/helpers/access_token_request_helper.rb +0 -14
  209. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  210. data/spec/support/helpers/config_helper.rb +0 -11
  211. data/spec/support/helpers/model_helper.rb +0 -78
  212. data/spec/support/helpers/request_spec_helper.rb +0 -110
  213. data/spec/support/helpers/url_helper.rb +0 -62
  214. data/spec/support/orm/active_record.rb +0 -5
  215. data/spec/support/shared/controllers_shared_context.rb +0 -133
  216. data/spec/support/shared/hashing_shared_context.rb +0 -36
  217. data/spec/support/shared/models_shared_examples.rb +0 -56
  218. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  219. data/spec/version/version_spec.rb +0 -17
@@ -1,11 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ConfigHelper
4
- def config_is_set(setting, value = nil, &block)
5
- setting_ivar = "@#{setting}"
6
- value = block_given? ? block : value
7
- Doorkeeper.config.instance_variable_set(setting_ivar, value)
8
- end
9
- end
10
-
11
- RSpec.configuration.send :include, ConfigHelper
@@ -1,78 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ModelHelper
4
- def client_exists(client_attributes = {})
5
- @client = FactoryBot.create(:application, client_attributes)
6
- end
7
-
8
- def create_resource_owner
9
- @resource_owner = User.create!(name: "Joe", password: "sekret")
10
- end
11
-
12
- def authorization_code_exists(options = {})
13
- @authorization = FactoryBot.create(:access_grant, options)
14
- end
15
-
16
- def access_token_exists(options = {})
17
- @access_token = FactoryBot.create(:access_token, options)
18
- end
19
-
20
- def access_grant_should_exist_for(client, resource_owner)
21
- grant = Doorkeeper::AccessGrant.first
22
-
23
- expect(grant.application).to have_attributes(id: client.id)
24
- .and(be_instance_of(Doorkeeper::Application))
25
-
26
- expect(grant.resource_owner_id).to eq(resource_owner.id)
27
- end
28
-
29
- def access_token_should_exist_for(client, resource_owner)
30
- token = Doorkeeper::AccessToken.first
31
-
32
- expect(token.application).to have_attributes(id: client.id)
33
- .and(be_instance_of(Doorkeeper::Application))
34
-
35
- expect(token.resource_owner_id).to eq(resource_owner.id)
36
- end
37
-
38
- def access_grant_should_not_exist
39
- expect(Doorkeeper::AccessGrant.all).to be_empty
40
- end
41
-
42
- def access_token_should_not_exist
43
- expect(Doorkeeper::AccessToken.all).to be_empty
44
- end
45
-
46
- def access_grant_should_have_scopes(*args)
47
- grant = Doorkeeper::AccessGrant.first
48
- expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
49
- end
50
-
51
- def access_token_should_have_scopes(*args)
52
- grant = Doorkeeper::AccessToken.last
53
- expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
54
- end
55
-
56
- def uniqueness_error
57
- case DOORKEEPER_ORM
58
- when :active_record
59
- ActiveRecord::RecordNotUnique
60
- when :sequel
61
- error_classes = [Sequel::UniqueConstraintViolation, Sequel::ValidationFailed]
62
- proc { |error| expect(error.class).to be_in(error_classes) }
63
- when :mongo_mapper
64
- error_classes = [MongoMapper::DocumentNotValid, Mongo::OperationFailure]
65
- proc { |error| expect(error.class).to be_in(error_classes) }
66
- when /mongoid/
67
- error_classes = [Mongoid::Errors::Validations]
68
- error_classes << Moped::Errors::OperationFailure if defined?(::Moped) # Mongoid 4
69
- error_classes << Mongo::Error::OperationFailure if defined?(::Mongo) # Mongoid 5
70
-
71
- proc { |error| expect(error.class).to be_in(error_classes) }
72
- else
73
- raise "'#{DOORKEEPER_ORM}' ORM is not supported!"
74
- end
75
- end
76
- end
77
-
78
- RSpec.configuration.send :include, ModelHelper
@@ -1,110 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module RequestSpecHelper
4
- def i_am_logged_in
5
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) {})
6
- end
7
-
8
- def i_should_see(content)
9
- expect(page).to have_content(content)
10
- end
11
-
12
- def i_should_not_see(content)
13
- expect(page).to have_no_content(content)
14
- end
15
-
16
- def i_should_be_on(path)
17
- expect(current_path).to eq(path)
18
- end
19
-
20
- def url_should_have_param(param, value)
21
- expect(current_params[param]).to eq(value)
22
- end
23
-
24
- def url_should_not_have_param(param)
25
- expect(current_params).not_to have_key(param)
26
- end
27
-
28
- def current_params
29
- Rack::Utils.parse_query(current_uri.query)
30
- end
31
-
32
- def current_uri
33
- URI.parse(page.current_url)
34
- end
35
-
36
- def request_response
37
- respond_to?(:response) ? response : page.driver.response
38
- end
39
-
40
- def json_response
41
- JSON.parse(request_response.body)
42
- end
43
-
44
- def should_have_header(header, value)
45
- expect(headers[header]).to eq(value)
46
- end
47
-
48
- def should_have_status(status)
49
- expect(page.driver.response.status).to eq(status)
50
- end
51
-
52
- def with_access_token_header(token)
53
- with_header "Authorization", "Bearer #{token}"
54
- end
55
-
56
- def with_header(header, value)
57
- page.driver.header(header, value)
58
- end
59
-
60
- def basic_auth_header_for_client(client)
61
- ActionController::HttpAuthentication::Basic.encode_credentials client.uid, client.secret
62
- end
63
-
64
- def should_have_json(key, value)
65
- expect(json_response.fetch(key)).to eq(value)
66
- end
67
-
68
- def should_have_json_within(key, value, range)
69
- expect(json_response.fetch(key)).to be_within(range).of(value)
70
- end
71
-
72
- def should_not_have_json(key)
73
- expect(json_response).not_to have_key(key)
74
- end
75
-
76
- def sign_in
77
- visit "/"
78
- click_on "Sign in"
79
- end
80
-
81
- def create_access_token(authorization_code, client, code_verifier = nil)
82
- page.driver.post token_endpoint_url(code: authorization_code, client: client, code_verifier: code_verifier)
83
- end
84
-
85
- def i_should_see_translated_error_message(key)
86
- i_should_see translated_error_message(key)
87
- end
88
-
89
- def i_should_not_see_translated_error_message(key)
90
- i_should_not_see translated_error_message(key)
91
- end
92
-
93
- def translated_error_message(key)
94
- I18n.translate(key, scope: %i[doorkeeper errors messages])
95
- end
96
-
97
- def i_should_see_translated_invalid_request_error_message(key, value)
98
- i_should_see translated_invalid_request_error_message(key, value)
99
- end
100
-
101
- def translated_invalid_request_error_message(key, value)
102
- I18n.translate key, scope: %i[doorkeeper errors messages invalid_request], value: value
103
- end
104
-
105
- def response_status_should_be(status)
106
- expect(request_response.status.to_i).to eq(status)
107
- end
108
- end
109
-
110
- RSpec.configuration.send :include, RequestSpecHelper
@@ -1,62 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module UrlHelper
4
- def token_endpoint_url(options = {})
5
- parameters = {
6
- code: options[:code],
7
- client_id: options[:client_id] || options[:client].try(:uid),
8
- client_secret: options[:client_secret] || options[:client].try(:secret),
9
- redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
10
- grant_type: options[:grant_type] || "authorization_code",
11
- code_verifier: options[:code_verifier],
12
- code_challenge_method: options[:code_challenge_method],
13
- }.reject { |_, v| v.blank? }
14
- "/oauth/token?#{build_query(parameters)}"
15
- end
16
-
17
- def password_token_endpoint_url(options = {})
18
- parameters = {
19
- code: options[:code],
20
- client_id: options[:client_id] || options[:client].try(:uid),
21
- client_secret: options[:client_secret] || options[:client].try(:secret),
22
- username: options[:resource_owner_username] || options[:resource_owner].try(:name),
23
- password: options[:resource_owner_password] || options[:resource_owner].try(:password),
24
- scope: options[:scope],
25
- grant_type: "password",
26
- }
27
- "/oauth/token?#{build_query(parameters)}"
28
- end
29
-
30
- def authorization_endpoint_url(options = {})
31
- parameters = {
32
- client_id: options[:client_id] || options[:client].try(:uid),
33
- redirect_uri: options[:redirect_uri] || options[:client].try(:redirect_uri),
34
- response_type: options[:response_type] || "code",
35
- scope: options[:scope],
36
- state: options[:state],
37
- code_challenge: options[:code_challenge],
38
- code_challenge_method: options[:code_challenge_method],
39
- }.reject { |_, v| v.blank? }
40
- "/oauth/authorize?#{build_query(parameters)}"
41
- end
42
-
43
- def refresh_token_endpoint_url(options = {})
44
- parameters = {
45
- refresh_token: options[:refresh_token],
46
- client_id: options[:client_id] || options[:client].try(:uid),
47
- client_secret: options[:client_secret] || options[:client].try(:secret),
48
- grant_type: options[:grant_type] || "refresh_token",
49
- }
50
- "/oauth/token?#{build_query(parameters)}"
51
- end
52
-
53
- def revocation_token_endpoint_url
54
- "/oauth/revoke"
55
- end
56
-
57
- def build_query(hash)
58
- Rack::Utils.build_query(hash)
59
- end
60
- end
61
-
62
- RSpec.configuration.send :include, UrlHelper
@@ -1,5 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # load schema to in memory sqlite
4
- ActiveRecord::Migration.verbose = false
5
- load Rails.root + "db/schema.rb"
@@ -1,133 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- shared_context "valid token", token: :valid do
4
- let(:token_string) { "1A2B3C4D" }
5
-
6
- let :token do
7
- double(
8
- Doorkeeper::AccessToken,
9
- accessible?: true, includes_scope?: true, acceptable?: true,
10
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
11
- )
12
- end
13
-
14
- before :each do
15
- allow(
16
- Doorkeeper::AccessToken,
17
- ).to receive(:by_token).with(token_string).and_return(token)
18
- end
19
- end
20
-
21
- shared_context "invalid token", token: :invalid do
22
- let(:token_string) { "1A2B3C4D" }
23
-
24
- let :token do
25
- double(
26
- Doorkeeper::AccessToken,
27
- accessible?: false, revoked?: false, expired?: false,
28
- includes_scope?: false, acceptable?: false,
29
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
30
- )
31
- end
32
-
33
- before :each do
34
- allow(
35
- Doorkeeper::AccessToken,
36
- ).to receive(:by_token).with(token_string).and_return(token)
37
- end
38
- end
39
-
40
- shared_context "authenticated resource owner" do
41
- before do
42
- user = double(:resource, id: 1)
43
- allow(Doorkeeper.config).to receive(:authenticate_resource_owner) { proc { user } }
44
- end
45
- end
46
-
47
- shared_context "not authenticated resource owner" do
48
- before do
49
- allow(Doorkeeper.config).to receive(:authenticate_resource_owner) { proc { redirect_to "/" } }
50
- end
51
- end
52
-
53
- shared_context "valid authorization request" do
54
- let :authorization do
55
- double(:authorization, valid?: true, authorize: true, success_redirect_uri: "http://something.com/cb?code=token")
56
- end
57
-
58
- before do
59
- allow(controller).to receive(:authorization) { authorization }
60
- end
61
- end
62
-
63
- shared_context "invalid authorization request" do
64
- let :authorization do
65
- double(:authorization, valid?: false, authorize: false, redirect_on_error?: false)
66
- end
67
-
68
- before do
69
- allow(controller).to receive(:authorization) { authorization }
70
- end
71
- end
72
-
73
- shared_context "expired token", token: :expired do
74
- let :token_string do
75
- "1A2B3C4DEXP"
76
- end
77
-
78
- let :token do
79
- double(
80
- Doorkeeper::AccessToken,
81
- accessible?: false, revoked?: false, expired?: true,
82
- includes_scope?: false, acceptable?: false,
83
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
84
- )
85
- end
86
-
87
- before :each do
88
- allow(
89
- Doorkeeper::AccessToken,
90
- ).to receive(:by_token).with(token_string).and_return(token)
91
- end
92
- end
93
-
94
- shared_context "revoked token", token: :revoked do
95
- let :token_string do
96
- "1A2B3C4DREV"
97
- end
98
-
99
- let :token do
100
- double(
101
- Doorkeeper::AccessToken,
102
- accessible?: false, revoked?: true, expired?: false,
103
- includes_scope?: false, acceptable?: false,
104
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
105
- )
106
- end
107
-
108
- before :each do
109
- allow(
110
- Doorkeeper::AccessToken,
111
- ).to receive(:by_token).with(token_string).and_return(token)
112
- end
113
- end
114
-
115
- shared_context "forbidden token", token: :forbidden do
116
- let :token_string do
117
- "1A2B3C4DFORB"
118
- end
119
-
120
- let :token do
121
- double(
122
- Doorkeeper::AccessToken,
123
- accessible?: true, includes_scope?: true, acceptable?: false,
124
- previous_refresh_token: "", revoke_previous_refresh_token!: true,
125
- )
126
- end
127
-
128
- before :each do
129
- allow(
130
- Doorkeeper::AccessToken,
131
- ).to receive(:by_token).with(token_string).and_return(token)
132
- end
133
- end
@@ -1,36 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- shared_context "with token hashing enabled" do
4
- let(:hashed_or_plain_token_func) do
5
- Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
6
- end
7
-
8
- before do
9
- Doorkeeper.configure do
10
- hash_token_secrets
11
- end
12
- end
13
- end
14
-
15
- shared_context "with token hashing and fallback lookup enabled" do
16
- let(:hashed_or_plain_token_func) do
17
- Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
18
- end
19
-
20
- before do
21
- Doorkeeper.configure do
22
- hash_token_secrets fallback: :plain
23
- end
24
- end
25
- end
26
-
27
- shared_context "with application hashing enabled" do
28
- let(:hashed_or_plain_token_func) do
29
- Doorkeeper::SecretStoring::Sha256Hash.method(:transform_secret)
30
- end
31
- before do
32
- Doorkeeper.configure do
33
- hash_application_secrets
34
- end
35
- end
36
- end
@@ -1,56 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- shared_examples "an accessible token" do
4
- describe :accessible? do
5
- it "is accessible if token is not expired" do
6
- allow(subject).to receive(:expired?).and_return(false)
7
- should be_accessible
8
- end
9
-
10
- it "is not accessible if token is expired" do
11
- allow(subject).to receive(:expired?).and_return(true)
12
- should_not be_accessible
13
- end
14
- end
15
- end
16
-
17
- shared_examples "a revocable token" do
18
- describe :accessible? do
19
- before { subject.save! }
20
-
21
- it "is accessible if token is not revoked" do
22
- expect(subject).to be_accessible
23
- end
24
-
25
- it "is not accessible if token is revoked" do
26
- subject.revoke
27
- expect(subject).not_to be_accessible
28
- end
29
- end
30
- end
31
-
32
- shared_examples "a unique token" do
33
- describe :token do
34
- let(:owner) { FactoryBot.create(:resource_owner) }
35
-
36
- it "is generated before validation" do
37
- expect { subject.valid? }.to change { subject.token }.from(nil)
38
- end
39
-
40
- it "is not valid if token exists" do
41
- token1 = FactoryBot.create factory_name, resource_owner_id: owner.id, resource_owner_type: owner.class.name
42
- token2 = FactoryBot.create factory_name, resource_owner_id: owner.id, resource_owner_type: owner.class.name
43
- token2.token = token1.token
44
- expect(token2).not_to be_valid
45
- end
46
-
47
- it "expects database to throw an error when tokens are the same" do
48
- token1 = FactoryBot.create factory_name, resource_owner_id: owner.id, resource_owner_type: owner.class.name
49
- token2 = FactoryBot.create factory_name, resource_owner_id: owner.id, resource_owner_type: owner.class.name
50
- token2.token = token1.token
51
- expect do
52
- token2.save!(validate: false)
53
- end.to raise_error(uniqueness_error)
54
- end
55
- end
56
- end