doorkeeper 5.4.0.rc1 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (219) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +108 -9
  3. data/README.md +4 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  7. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  8. data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
  9. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  10. data/app/views/doorkeeper/applications/show.html.erb +16 -12
  11. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  12. data/config/locales/en.yml +3 -1
  13. data/lib/doorkeeper.rb +6 -1
  14. data/lib/doorkeeper/config.rb +109 -78
  15. data/lib/doorkeeper/config/abstract_builder.rb +1 -1
  16. data/lib/doorkeeper/config/option.rb +1 -3
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/engine.rb +1 -1
  19. data/lib/doorkeeper/grant_flow.rb +45 -0
  20. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  21. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  22. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  23. data/lib/doorkeeper/helpers/controller.rb +8 -4
  24. data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
  25. data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
  26. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  27. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  28. data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
  29. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  30. data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
  31. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
  32. data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
  33. data/lib/doorkeeper/oauth/base_request.rb +1 -1
  34. data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
  35. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
  36. data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
  37. data/lib/doorkeeper/oauth/code_request.rb +2 -2
  38. data/lib/doorkeeper/oauth/code_response.rb +17 -11
  39. data/lib/doorkeeper/oauth/error_response.rb +4 -3
  40. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
  41. data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
  42. data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
  43. data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
  44. data/lib/doorkeeper/oauth/token.rb +4 -5
  45. data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
  46. data/lib/doorkeeper/oauth/token_request.rb +1 -1
  47. data/lib/doorkeeper/orm/active_record.rb +5 -6
  48. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
  49. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
  50. data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
  51. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
  52. data/lib/doorkeeper/rails/routes.rb +1 -3
  53. data/lib/doorkeeper/rake/db.rake +3 -3
  54. data/lib/doorkeeper/rake/setup.rake +5 -0
  55. data/lib/doorkeeper/request.rb +49 -12
  56. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  57. data/lib/doorkeeper/server.rb +1 -1
  58. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  59. data/lib/doorkeeper/version.rb +2 -6
  60. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
  61. data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
  62. data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
  63. metadata +25 -306
  64. data/Appraisals +0 -26
  65. data/CODE_OF_CONDUCT.md +0 -46
  66. data/CONTRIBUTING.md +0 -49
  67. data/Dangerfile +0 -67
  68. data/Dockerfile +0 -29
  69. data/Gemfile +0 -25
  70. data/NEWS.md +0 -1
  71. data/RELEASING.md +0 -11
  72. data/Rakefile +0 -28
  73. data/SECURITY.md +0 -15
  74. data/UPGRADE.md +0 -2
  75. data/bin/console +0 -30
  76. data/doorkeeper.gemspec +0 -42
  77. data/gemfiles/rails_5_0.gemfile +0 -19
  78. data/gemfiles/rails_5_1.gemfile +0 -19
  79. data/gemfiles/rails_5_2.gemfile +0 -19
  80. data/gemfiles/rails_6_0.gemfile +0 -19
  81. data/gemfiles/rails_master.gemfile +0 -19
  82. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  83. data/spec/controllers/applications_controller_spec.rb +0 -274
  84. data/spec/controllers/authorizations_controller_spec.rb +0 -743
  85. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  86. data/spec/controllers/token_info_controller_spec.rb +0 -50
  87. data/spec/controllers/tokens_controller_spec.rb +0 -499
  88. data/spec/dummy/Rakefile +0 -9
  89. data/spec/dummy/app/assets/config/manifest.js +0 -2
  90. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  91. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  92. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  93. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  94. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  95. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  96. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  97. data/spec/dummy/app/models/user.rb +0 -11
  98. data/spec/dummy/app/views/home/index.html.erb +0 -0
  99. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  100. data/spec/dummy/config.ru +0 -6
  101. data/spec/dummy/config/application.rb +0 -51
  102. data/spec/dummy/config/boot.rb +0 -7
  103. data/spec/dummy/config/database.yml +0 -15
  104. data/spec/dummy/config/environment.rb +0 -5
  105. data/spec/dummy/config/environments/development.rb +0 -31
  106. data/spec/dummy/config/environments/production.rb +0 -64
  107. data/spec/dummy/config/environments/test.rb +0 -45
  108. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  109. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  110. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  111. data/spec/dummy/config/initializers/session_store.rb +0 -10
  112. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  113. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  114. data/spec/dummy/config/routes.rb +0 -13
  115. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  116. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  117. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  118. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  119. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  120. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  121. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  122. data/spec/dummy/db/schema.rb +0 -70
  123. data/spec/dummy/public/404.html +0 -26
  124. data/spec/dummy/public/422.html +0 -26
  125. data/spec/dummy/public/500.html +0 -26
  126. data/spec/dummy/public/favicon.ico +0 -0
  127. data/spec/dummy/script/rails +0 -9
  128. data/spec/factories.rb +0 -30
  129. data/spec/generators/application_owner_generator_spec.rb +0 -28
  130. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  131. data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
  132. data/spec/generators/install_generator_spec.rb +0 -36
  133. data/spec/generators/migration_generator_spec.rb +0 -28
  134. data/spec/generators/pkce_generator_spec.rb +0 -28
  135. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  136. data/spec/generators/templates/routes.rb +0 -4
  137. data/spec/generators/views_generator_spec.rb +0 -29
  138. data/spec/grape/grape_integration_spec.rb +0 -137
  139. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  140. data/spec/lib/config_spec.rb +0 -813
  141. data/spec/lib/doorkeeper_spec.rb +0 -27
  142. data/spec/lib/models/expirable_spec.rb +0 -61
  143. data/spec/lib/models/reusable_spec.rb +0 -40
  144. data/spec/lib/models/revocable_spec.rb +0 -58
  145. data/spec/lib/models/scopes_spec.rb +0 -61
  146. data/spec/lib/models/secret_storable_spec.rb +0 -135
  147. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  148. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
  149. data/spec/lib/oauth/base_request_spec.rb +0 -210
  150. data/spec/lib/oauth/base_response_spec.rb +0 -45
  151. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  152. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
  153. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
  154. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
  155. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  156. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
  157. data/spec/lib/oauth/client_spec.rb +0 -38
  158. data/spec/lib/oauth/code_request_spec.rb +0 -46
  159. data/spec/lib/oauth/code_response_spec.rb +0 -36
  160. data/spec/lib/oauth/error_response_spec.rb +0 -64
  161. data/spec/lib/oauth/error_spec.rb +0 -21
  162. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  163. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  164. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  165. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  166. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  167. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  168. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
  169. data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
  170. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  171. data/spec/lib/oauth/scopes_spec.rb +0 -146
  172. data/spec/lib/oauth/token_request_spec.rb +0 -164
  173. data/spec/lib/oauth/token_response_spec.rb +0 -84
  174. data/spec/lib/oauth/token_spec.rb +0 -156
  175. data/spec/lib/option_spec.rb +0 -51
  176. data/spec/lib/request/strategy_spec.rb +0 -54
  177. data/spec/lib/secret_storing/base_spec.rb +0 -60
  178. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  179. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  180. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  181. data/spec/lib/server_spec.rb +0 -49
  182. data/spec/lib/stale_records_cleaner_spec.rb +0 -102
  183. data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
  184. data/spec/models/doorkeeper/access_token_spec.rb +0 -650
  185. data/spec/models/doorkeeper/application_spec.rb +0 -442
  186. data/spec/requests/applications/applications_request_spec.rb +0 -259
  187. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  188. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  189. data/spec/requests/endpoints/token_spec.rb +0 -79
  190. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
  191. data/spec/requests/flows/authorization_code_spec.rb +0 -530
  192. data/spec/requests/flows/client_credentials_spec.rb +0 -207
  193. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  194. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  195. data/spec/requests/flows/password_spec.rb +0 -316
  196. data/spec/requests/flows/refresh_token_spec.rb +0 -241
  197. data/spec/requests/flows/revoke_token_spec.rb +0 -196
  198. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  199. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  200. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  201. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  202. data/spec/routing/default_routes_spec.rb +0 -41
  203. data/spec/routing/scoped_routes_spec.rb +0 -47
  204. data/spec/spec_helper.rb +0 -54
  205. data/spec/spec_helper_integration.rb +0 -4
  206. data/spec/support/dependencies/factory_bot.rb +0 -4
  207. data/spec/support/doorkeeper_rspec.rb +0 -22
  208. data/spec/support/helpers/access_token_request_helper.rb +0 -14
  209. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  210. data/spec/support/helpers/config_helper.rb +0 -11
  211. data/spec/support/helpers/model_helper.rb +0 -78
  212. data/spec/support/helpers/request_spec_helper.rb +0 -110
  213. data/spec/support/helpers/url_helper.rb +0 -62
  214. data/spec/support/orm/active_record.rb +0 -5
  215. data/spec/support/shared/controllers_shared_context.rb +0 -133
  216. data/spec/support/shared/hashing_shared_context.rb +0 -36
  217. data/spec/support/shared/models_shared_examples.rb +0 -56
  218. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  219. data/spec/version/version_spec.rb +0 -17
@@ -1,19 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "rails", "~> 6.0.0"
6
- gem "rspec-core"
7
- gem "rspec-expectations"
8
- gem "rspec-mocks"
9
- gem "rspec-rails", "~> 4.0"
10
- gem "rspec-support"
11
- gem "rubocop", "~> 0.80"
12
- gem "rubocop-performance", require: false
13
- gem "rubocop-rails", require: false
14
- gem "bcrypt", "~> 3.1", require: false
15
- gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
16
- gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
17
- gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
18
-
19
- gemspec path: "../"
@@ -1,19 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "rails", git: "https://github.com/rails/rails"
6
- gem "rspec-core"
7
- gem "rspec-expectations"
8
- gem "rspec-mocks"
9
- gem "rspec-rails", "~> 4.0"
10
- gem "rspec-support"
11
- gem "rubocop", "~> 0.80"
12
- gem "rubocop-performance", require: false
13
- gem "rubocop-rails", require: false
14
- gem "bcrypt", "~> 3.1", require: false
15
- gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
16
- gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
17
- gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
18
-
19
- gemspec path: "../"
@@ -1,64 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper_integration"
4
-
5
- describe Doorkeeper::ApplicationMetalController do
6
- controller(Doorkeeper::ApplicationMetalController) do
7
- def index
8
- render json: {}, status: 200
9
- end
10
-
11
- def create
12
- render json: {}, status: 200
13
- end
14
- end
15
-
16
- it "lazy run hooks" do
17
- i = 0
18
- ActiveSupport.on_load(:doorkeeper_metal_controller) { i += 1 }
19
-
20
- expect(i).to eq 1
21
- end
22
-
23
- describe "enforce_content_type" do
24
- before { allow(Doorkeeper.config).to receive(:enforce_content_type).and_return(flag) }
25
-
26
- context "enabled" do
27
- let(:flag) { true }
28
-
29
- it "returns a 200 for the requests without body" do
30
- get :index, params: {}
31
- expect(response).to have_http_status 200
32
- end
33
-
34
- it "returns a 200 for the requests with body and correct media type" do
35
- post :create, params: {}, as: :url_encoded_form
36
- expect(response).to have_http_status 200
37
- end
38
-
39
- it "returns a 415 for the requests with body and incorrect media type" do
40
- post :create, params: {}, as: :json
41
- expect(response).to have_http_status 415
42
- end
43
- end
44
-
45
- context "disabled" do
46
- let(:flag) { false }
47
-
48
- it "returns a 200 for the correct media type" do
49
- get :index, as: :url_encoded_form
50
- expect(response).to have_http_status 200
51
- end
52
-
53
- it "returns a 200 for an incorrect media type" do
54
- get :index, as: :json
55
- expect(response).to have_http_status 200
56
- end
57
-
58
- it "returns a 200 for the requests with body and incorrect media type" do
59
- post :create, params: {}, as: :json
60
- expect(response).to have_http_status 200
61
- end
62
- end
63
- end
64
- end
@@ -1,274 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- module Doorkeeper
6
- describe ApplicationsController do
7
- context "JSON API" do
8
- render_views
9
-
10
- before do
11
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
12
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
13
- end
14
-
15
- it "creates an application" do
16
- expect do
17
- post :create, params: {
18
- doorkeeper_application: {
19
- name: "Example",
20
- redirect_uri: "https://example.com",
21
- }, format: :json,
22
- }
23
- end.to(change { Doorkeeper::Application.count })
24
-
25
- expect(response).to be_successful
26
-
27
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
28
-
29
- application = Application.last
30
- secret_from_response = json_response["secret"]
31
- expect(application.secret_matches?(secret_from_response)).to be_truthy
32
-
33
- expect(json_response["name"]).to eq("Example")
34
- expect(json_response["redirect_uri"]).to eq("https://example.com")
35
- end
36
-
37
- it "returns validation errors on wrong create params" do
38
- expect do
39
- post :create, params: {
40
- doorkeeper_application: {
41
- name: "Example",
42
- }, format: :json,
43
- }
44
- end.not_to(change { Doorkeeper::Application.count })
45
-
46
- expect(response).to have_http_status(422)
47
-
48
- expect(json_response).to include("errors")
49
- end
50
-
51
- it "returns validations on wrong create params (unspecified scheme)" do
52
- expect do
53
- post :create, params: {
54
- doorkeeper_application: {
55
- name: "Example",
56
- redirect_uri: "app.com:80",
57
- }, format: :json,
58
- }
59
- end.not_to(change { Doorkeeper::Application.count })
60
-
61
- expect(response).to have_http_status(422)
62
-
63
- expect(json_response).to include("errors")
64
- end
65
-
66
- it "returns application info" do
67
- application = FactoryBot.create(:application, name: "Change me")
68
-
69
- get :show, params: { id: application.id, format: :json }
70
-
71
- expect(response).to be_successful
72
-
73
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
74
- end
75
-
76
- it "updates application" do
77
- application = FactoryBot.create(:application, name: "Change me")
78
-
79
- put :update, params: {
80
- id: application.id,
81
- doorkeeper_application: {
82
- name: "Example App",
83
- redirect_uri: "https://example.com",
84
- }, format: :json,
85
- }
86
-
87
- expect(application.reload.name).to eq "Example App"
88
-
89
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
90
- end
91
-
92
- it "returns validation errors on wrong update params" do
93
- application = FactoryBot.create(:application, name: "Change me")
94
-
95
- put :update, params: {
96
- id: application.id,
97
- doorkeeper_application: {
98
- name: "Example App",
99
- redirect_uri: "localhost:3000",
100
- }, format: :json,
101
- }
102
-
103
- expect(response).to have_http_status(422)
104
-
105
- expect(json_response).to include("errors")
106
- end
107
-
108
- it "destroys an application" do
109
- application = FactoryBot.create(:application)
110
-
111
- delete :destroy, params: { id: application.id, format: :json }
112
-
113
- expect(response).to have_http_status(204)
114
- expect(Application.count).to be_zero
115
- end
116
- end
117
-
118
- context "when admin is not authenticated" do
119
- before do
120
- allow(Doorkeeper.config).to receive(:authenticate_admin).and_return(proc do
121
- redirect_to main_app.root_url
122
- end)
123
- end
124
-
125
- it "redirects as set in Doorkeeper.authenticate_admin" do
126
- get :index
127
- expect(response).to redirect_to(controller.main_app.root_url)
128
- end
129
-
130
- it "does not create application" do
131
- expect do
132
- post :create, params: {
133
- doorkeeper_application: {
134
- name: "Example",
135
- redirect_uri: "https://example.com",
136
- },
137
- }
138
- end.not_to(change { Doorkeeper::Application.count })
139
- end
140
- end
141
-
142
- context "when admin is authenticated" do
143
- context "when application secrets are hashed" do
144
- before do
145
- allow(Doorkeeper.configuration)
146
- .to receive(:application_secret_strategy).and_return(Doorkeeper::SecretStoring::Sha256Hash)
147
- end
148
-
149
- it "shows the application secret after creating a new application" do
150
- expect do
151
- post :create, params: {
152
- doorkeeper_application: {
153
- name: "Example",
154
- redirect_uri: "https://example.com",
155
- },
156
- }
157
- end.to change { Doorkeeper::Application.count }.by(1)
158
-
159
- application = Application.last
160
-
161
- secret_from_flash = flash[:application_secret]
162
- expect(secret_from_flash).not_to be_empty
163
- expect(application.secret_matches?(secret_from_flash)).to be_truthy
164
- expect(response).to redirect_to(controller.main_app.oauth_application_url(application.id))
165
-
166
- get :show, params: { id: application.id, format: :html }
167
-
168
- # We don't know the application secret here (because its hashed) so we can not assert its text on the page
169
- # Instead, we read it from the page and then check if it matches the application secret
170
- code_element = /code.*id="secret">\s*\K([^<]*)/m.match(response.body)
171
- secret_from_page = code_element[1].strip
172
-
173
- expect(response.body).to have_selector("code#application_id", text: application.uid)
174
- expect(response.body).to have_selector("code#secret")
175
- expect(secret_from_page).not_to be_empty
176
- expect(application.secret_matches?(secret_from_page)).to be_truthy
177
- end
178
-
179
- it "does not show an application secret when application did already exist" do
180
- application = FactoryBot.create(:application)
181
- get :show, params: { id: application.id, format: :html }
182
-
183
- expect(response.body).to have_selector("code#application_id", text: application.uid)
184
- expect(response.body).to have_selector("code#secret", text: "")
185
- end
186
-
187
- it "returns the application details in a json response" do
188
- expect do
189
- post :create, params: {
190
- doorkeeper_application: {
191
- name: "Example",
192
- redirect_uri: "https://example.com",
193
- }, format: :json,
194
- }
195
- end.to(change { Doorkeeper::Application.count })
196
-
197
- expect(response).to be_successful
198
-
199
- expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
200
-
201
- application = Application.last
202
- secret_from_response = json_response["secret"]
203
- expect(application.secret_matches?(secret_from_response)).to be_truthy
204
-
205
- expect(json_response["name"]).to eq("Example")
206
- expect(json_response["redirect_uri"]).to eq("https://example.com")
207
- end
208
- end
209
-
210
- render_views
211
-
212
- before do
213
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
214
- end
215
-
216
- it "sorts applications by created_at" do
217
- first_application = FactoryBot.create(:application)
218
- second_application = FactoryBot.create(:application)
219
- expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
220
-
221
- get :index
222
-
223
- expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
224
- expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
225
- end
226
-
227
- it "creates application" do
228
- expect do
229
- post :create, params: {
230
- doorkeeper_application: {
231
- name: "Example",
232
- redirect_uri: "https://example.com",
233
- },
234
- }
235
- end.to change { Doorkeeper::Application.count }.by(1)
236
-
237
- expect(response).to be_redirect
238
- end
239
-
240
- it "shows application details" do
241
- application = FactoryBot.create(:application)
242
- get :show, params: { id: application.id, format: :html }
243
-
244
- expect(response.body).to have_selector("code#application_id", text: application.uid)
245
- expect(response.body).to have_selector("code#secret", text: application.plaintext_secret)
246
- end
247
-
248
- it "does not allow mass assignment of uid or secret" do
249
- application = FactoryBot.create(:application)
250
- put :update, params: {
251
- id: application.id,
252
- doorkeeper_application: {
253
- uid: "1A2B3C4D",
254
- secret: "1A2B3C4D",
255
- },
256
- }
257
-
258
- expect(application.reload.uid).not_to eq "1A2B3C4D"
259
- end
260
-
261
- it "updates application" do
262
- application = FactoryBot.create(:application)
263
- put :update, params: {
264
- id: application.id, doorkeeper_application: {
265
- name: "Example",
266
- redirect_uri: "https://example.com",
267
- },
268
- }
269
-
270
- expect(application.reload.name).to eq "Example"
271
- end
272
- end
273
- end
274
- end
@@ -1,743 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
6
- include AuthorizationRequestHelper
7
-
8
- class ActionDispatch::TestResponse
9
- def query_params
10
- @query_params ||= begin
11
- fragment = URI.parse(location).fragment
12
- Rack::Utils.parse_query(fragment)
13
- end
14
- end
15
- end
16
-
17
- let(:client) { FactoryBot.create :application }
18
- let(:user) { User.create!(name: "Joe", password: "sekret") }
19
-
20
- let(:access_token) do
21
- FactoryBot.build :access_token,
22
- resource_owner_id: user.id,
23
- resource_owner_type: user.class.name,
24
- application_id: client.id,
25
- scopes: "default"
26
- end
27
-
28
- before do
29
- Doorkeeper.configure do
30
- default_scopes :default
31
-
32
- custom_access_token_expires_in(lambda do |context|
33
- context.grant_type == Doorkeeper::OAuth::IMPLICIT ? 1234 : nil
34
- end)
35
- end
36
-
37
- allow(Doorkeeper.config).to receive(:grant_flows).and_return(["implicit"])
38
- allow(Doorkeeper.config).to receive(:authenticate_resource_owner).and_return(->(_) { authenticator_method })
39
- allow(controller).to receive(:authenticator_method).and_return(user)
40
- expect(controller).to receive(:authenticator_method).at_most(:once)
41
- end
42
-
43
- describe "POST #create" do
44
- before do
45
- post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
46
- end
47
-
48
- it "redirects after authorization" do
49
- expect(response).to be_redirect
50
- end
51
-
52
- it "redirects to client redirect uri" do
53
- expect(response.location).to match(/^#{client.redirect_uri}/)
54
- end
55
-
56
- it "includes access token in fragment" do
57
- expect(response.query_params["access_token"]).to eq(Doorkeeper::AccessToken.first.token)
58
- end
59
-
60
- it "includes token type in fragment" do
61
- expect(response.query_params["token_type"]).to eq("Bearer")
62
- end
63
-
64
- it "includes token expiration in fragment" do
65
- expect(response.query_params["expires_in"].to_i).to eq(1234)
66
- end
67
-
68
- it "issues the token for the current client" do
69
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
70
- end
71
-
72
- it "issues the token for the current resource owner" do
73
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
74
- end
75
- end
76
-
77
- describe "POST #create in API mode" do
78
- before do
79
- allow(Doorkeeper.config).to receive(:api_only).and_return(true)
80
- post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
81
- end
82
-
83
- let(:response_json_body) { JSON.parse(response.body) }
84
- let(:redirect_uri) { response_json_body["redirect_uri"] }
85
-
86
- it "renders success after authorization" do
87
- expect(response).to be_successful
88
- end
89
-
90
- it "renders correct redirect uri" do
91
- expect(redirect_uri).to match(/^#{client.redirect_uri}/)
92
- end
93
-
94
- it "includes access token in fragment" do
95
- expect(redirect_uri.match(/access_token=([a-zA-Z0-9\-_]+)&?/)[1]).to eq(Doorkeeper::AccessToken.first.token)
96
- end
97
-
98
- it "includes token type in fragment" do
99
- expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
100
- end
101
-
102
- it "includes token expiration in fragment" do
103
- expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
104
- end
105
-
106
- it "issues the token for the current client" do
107
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
108
- end
109
-
110
- it "issues the token for the current resource owner" do
111
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
112
- end
113
- end
114
-
115
- describe "POST #create with errors" do
116
- context "when missing client_id" do
117
- before do
118
- post :create, params: {
119
- client_id: "",
120
- response_type: "token",
121
- redirect_uri: client.redirect_uri,
122
- }
123
- end
124
-
125
- let(:response_json_body) { JSON.parse(response.body) }
126
-
127
- it "renders 400 error" do
128
- expect(response.status).to eq 400
129
- end
130
-
131
- it "includes error name" do
132
- expect(response_json_body["error"]).to eq("invalid_request")
133
- end
134
-
135
- it "includes error description" do
136
- expect(response_json_body["error_description"]).to eq(
137
- translated_invalid_request_error_message(:missing_param, :client_id),
138
- )
139
- end
140
-
141
- it "does not issue any access token" do
142
- expect(Doorkeeper::AccessToken.all).to be_empty
143
- end
144
- end
145
-
146
- context "when user cannot access application" do
147
- before do
148
- allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
149
- post :create, params: {
150
- client_id: client.uid,
151
- response_type: "token",
152
- redirect_uri: client.redirect_uri,
153
- }
154
- end
155
-
156
- let(:response_json_body) { JSON.parse(response.body) }
157
-
158
- it "renders 400 error" do
159
- expect(response.status).to eq 401
160
- end
161
-
162
- it "includes error name" do
163
- expect(response_json_body["error"]).to eq("invalid_client")
164
- end
165
-
166
- it "includes error description" do
167
- expect(response_json_body["error_description"]).to eq(
168
- translated_error_message(:invalid_client),
169
- )
170
- end
171
-
172
- it "does not issue any access token" do
173
- expect(Doorkeeper::AccessToken.all).to be_empty
174
- end
175
- end
176
-
177
- context "when other error happens" do
178
- before do
179
- default_scopes_exist :public
180
-
181
- post :create, params: {
182
- client_id: client.uid,
183
- response_type: "token",
184
- scope: "invalid",
185
- redirect_uri: client.redirect_uri,
186
- }
187
- end
188
-
189
- it "redirects after authorization" do
190
- expect(response).to be_redirect
191
- end
192
-
193
- it "redirects to client redirect uri" do
194
- expect(response.location).to match(/^#{client.redirect_uri}/)
195
- end
196
-
197
- it "does not include access token in fragment" do
198
- expect(response.query_params["access_token"]).to be_nil
199
- end
200
-
201
- it "includes error in fragment" do
202
- expect(response.query_params["error"]).to eq("invalid_scope")
203
- end
204
-
205
- it "includes error description in fragment" do
206
- expect(response.query_params["error_description"]).to eq(translated_error_message(:invalid_scope))
207
- end
208
-
209
- it "does not issue any access token" do
210
- expect(Doorkeeper::AccessToken.all).to be_empty
211
- end
212
- end
213
- end
214
-
215
- describe "POST #create in API mode with errors" do
216
- context "when missing client_id" do
217
- before do
218
- allow(Doorkeeper.config).to receive(:api_only).and_return(true)
219
-
220
- post :create, params: {
221
- client_id: "",
222
- response_type: "token",
223
- redirect_uri: client.redirect_uri,
224
- }
225
- end
226
-
227
- let(:response_json_body) { JSON.parse(response.body) }
228
-
229
- it "renders 400 error" do
230
- expect(response.status).to eq 400
231
- end
232
-
233
- it "includes error name" do
234
- expect(response_json_body["error"]).to eq("invalid_request")
235
- end
236
-
237
- it "includes error description" do
238
- expect(response_json_body["error_description"]).to eq(
239
- translated_invalid_request_error_message(:missing_param, :client_id),
240
- )
241
- end
242
-
243
- it "does not issue any access token" do
244
- expect(Doorkeeper::AccessToken.all).to be_empty
245
- end
246
- end
247
-
248
- context "when user cannot access application" do
249
- before do
250
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
251
- allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
252
-
253
- post :create, params: {
254
- client_id: client.uid,
255
- response_type: "token",
256
- redirect_uri: client.redirect_uri,
257
- }
258
- end
259
-
260
- let(:response_json_body) { JSON.parse(response.body) }
261
-
262
- it "renders 400 error" do
263
- expect(response.status).to eq 401
264
- end
265
-
266
- it "includes error name" do
267
- expect(response_json_body["error"]).to eq("invalid_client")
268
- end
269
-
270
- it "includes error description" do
271
- expect(response_json_body["error_description"]).to eq(
272
- translated_error_message(:invalid_client),
273
- )
274
- end
275
-
276
- it "does not issue any access token" do
277
- expect(Doorkeeper::AccessToken.all).to be_empty
278
- end
279
- end
280
-
281
- context "when other error happens" do
282
- before do
283
- allow(Doorkeeper.config).to receive(:api_only).and_return(true)
284
- default_scopes_exist :public
285
-
286
- post :create, params: {
287
- client_id: client.uid,
288
- response_type: "token",
289
- scope: "invalid",
290
- redirect_uri: client.redirect_uri,
291
- }
292
- end
293
-
294
- let(:response_json_body) { JSON.parse(response.body) }
295
- let(:redirect_uri) { response_json_body["redirect_uri"] }
296
-
297
- it "renders 400 error" do
298
- expect(response.status).to eq 400
299
- end
300
-
301
- it "includes correct redirect URI" do
302
- expect(redirect_uri).to match(/^#{client.redirect_uri}/)
303
- end
304
-
305
- it "does not include access token in fragment" do
306
- expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)).to be_nil
307
- end
308
-
309
- it "includes error in redirect uri" do
310
- expect(redirect_uri.match(/error=([a-z_]+)&?/)[1]).to eq "invalid_scope"
311
- end
312
-
313
- it "includes error description in redirect uri" do
314
- expect(redirect_uri.match(/error_description=(.+)&?/)[1]).to_not be_nil
315
- end
316
-
317
- it "does not issue any access token" do
318
- expect(Doorkeeper::AccessToken.all).to be_empty
319
- end
320
- end
321
- end
322
-
323
- describe "POST #create with application already authorized" do
324
- before do
325
- allow(Doorkeeper.config).to receive(:reuse_access_token).and_return(true)
326
-
327
- access_token.save!
328
-
329
- post :create, params: {
330
- client_id: client.uid,
331
- response_type: "token",
332
- redirect_uri: client.redirect_uri,
333
- }
334
- end
335
-
336
- it "returns the existing access token in a fragment" do
337
- expect(response.query_params["access_token"]).to eq(access_token.token)
338
- end
339
-
340
- it "does not creates a new access token" do
341
- expect(Doorkeeper::AccessToken.count).to eq(1)
342
- end
343
- end
344
-
345
- describe "POST #create with callbacks" do
346
- after do
347
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
348
- end
349
-
350
- describe "when successful" do
351
- after do
352
- post :create, params: {
353
- client_id: client.uid,
354
- response_type: "token",
355
- redirect_uri: client.redirect_uri,
356
- }
357
- end
358
-
359
- it "should call :before_successful_authorization callback" do
360
- expect(Doorkeeper.config)
361
- .to receive_message_chain(:before_successful_authorization, :call)
362
- .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
363
- end
364
-
365
- it "should call :after_successful_authorization callback" do
366
- expect(Doorkeeper.config)
367
- .to receive_message_chain(:after_successful_authorization, :call)
368
- .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
369
- end
370
- end
371
-
372
- describe "with errors" do
373
- after do
374
- post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: "bad_uri" }
375
- end
376
-
377
- it "should not call :before_successful_authorization callback" do
378
- expect(Doorkeeper.config).not_to receive(:before_successful_authorization)
379
- end
380
-
381
- it "should not call :after_successful_authorization callback" do
382
- expect(Doorkeeper.config).not_to receive(:after_successful_authorization)
383
- end
384
- end
385
- end
386
-
387
- describe "GET #new token request with native url and skip_authorization true" do
388
- before do
389
- allow(Doorkeeper.config).to receive(:skip_authorization).and_return(proc do
390
- true
391
- end)
392
-
393
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
394
-
395
- get :new, params: {
396
- client_id: client.uid,
397
- response_type: "token",
398
- redirect_uri: client.redirect_uri,
399
- }
400
- end
401
-
402
- it "should redirect immediately" do
403
- expect(response).to be_redirect
404
- expect(response.location).to match(%r{/oauth/token/info\?access_token=})
405
- end
406
-
407
- it "should not issue a grant" do
408
- expect(Doorkeeper::AccessGrant.count).to be 0
409
- end
410
-
411
- it "should issue a token" do
412
- expect(Doorkeeper::AccessToken.count).to be 1
413
- end
414
- end
415
-
416
- describe "GET #new code request with native url and skip_authorization true" do
417
- before do
418
- allow(Doorkeeper.config).to receive(:grant_flows).and_return(%w[authorization_code])
419
- allow(Doorkeeper.config).to receive(:skip_authorization).and_return(proc do
420
- true
421
- end)
422
-
423
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
424
-
425
- get :new, params: {
426
- client_id: client.uid,
427
- response_type: "code",
428
- redirect_uri: client.redirect_uri,
429
- }
430
- end
431
-
432
- it "should redirect immediately" do
433
- expect(response).to be_redirect
434
- expect(response.location)
435
- .to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
436
- end
437
-
438
- it "should issue a grant" do
439
- expect(Doorkeeper::AccessGrant.count).to be 1
440
- end
441
-
442
- it "should not issue a token" do
443
- expect(Doorkeeper::AccessToken.count).to be 0
444
- end
445
- end
446
-
447
- describe "GET #new with skip_authorization true" do
448
- before do
449
- allow(Doorkeeper.config).to receive(:skip_authorization).and_return(proc do
450
- true
451
- end)
452
-
453
- get :new, params: {
454
- client_id: client.uid,
455
- response_type: "token",
456
- redirect_uri: client.redirect_uri,
457
- }
458
- end
459
-
460
- it "should redirect immediately" do
461
- expect(response).to be_redirect
462
- expect(response.location).to match(/^#{client.redirect_uri}/)
463
- end
464
-
465
- it "should issue a token" do
466
- expect(Doorkeeper::AccessToken.count).to be 1
467
- end
468
-
469
- it "includes token type in fragment" do
470
- expect(response.query_params["token_type"]).to eq("Bearer")
471
- end
472
-
473
- it "includes token expiration in fragment" do
474
- expect(response.query_params["expires_in"].to_i).to eq(1234)
475
- end
476
-
477
- it "issues the token for the current client" do
478
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
479
- end
480
-
481
- it "issues the token for the current resource owner" do
482
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
483
- end
484
- end
485
-
486
- describe "GET #new in API mode" do
487
- before do
488
- allow(Doorkeeper.config).to receive(:api_only).and_return(true)
489
-
490
- get :new, params: {
491
- client_id: client.uid,
492
- response_type: "token",
493
- redirect_uri: client.redirect_uri,
494
- }
495
- end
496
-
497
- it "should render success" do
498
- expect(response).to be_successful
499
- end
500
-
501
- it "sets status to pre-authorization" do
502
- expect(json_response["status"]).to eq(I18n.t("doorkeeper.pre_authorization.status"))
503
- end
504
-
505
- it "sets correct values" do
506
- expect(json_response["client_id"]).to eq(client.uid)
507
- expect(json_response["redirect_uri"]).to eq(client.redirect_uri)
508
- expect(json_response["state"]).to be_nil
509
- expect(json_response["response_type"]).to eq("token")
510
- expect(json_response["scope"]).to eq("default")
511
- end
512
- end
513
-
514
- describe "GET #new in API mode with skip_authorization true" do
515
- before do
516
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
517
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
518
-
519
- get :new, params: {
520
- client_id: client.uid,
521
- response_type: "token",
522
- redirect_uri: client.redirect_uri,
523
- }
524
- end
525
-
526
- it "should render success" do
527
- expect(response).to be_successful
528
- end
529
-
530
- it "should issue a token" do
531
- expect(Doorkeeper::AccessToken.count).to be 1
532
- end
533
-
534
- it "sets status to redirect" do
535
- expect(JSON.parse(response.body)["status"]).to eq("redirect")
536
- end
537
-
538
- it "sets redirect_uri to correct value" do
539
- redirect_uri = JSON.parse(response.body)["redirect_uri"]
540
- expect(redirect_uri).to_not be_nil
541
- expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer"
542
- expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234
543
- expect(
544
- redirect_uri.match(/access_token=([a-zA-Z0-9\-_]+)&?/)[1],
545
- ).to eq Doorkeeper::AccessToken.first.token
546
- end
547
-
548
- it "issues the token for the current client" do
549
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
550
- end
551
-
552
- it "issues the token for the current resource owner" do
553
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
554
- end
555
- end
556
-
557
- describe "GET #new with errors" do
558
- context "without valid params" do
559
- before do
560
- default_scopes_exist :public
561
- get :new, params: { an_invalid: "request" }
562
- end
563
-
564
- it "does not redirect" do
565
- expect(response).to_not be_redirect
566
- end
567
-
568
- it "does not issue any token" do
569
- expect(Doorkeeper::AccessGrant.count).to eq 0
570
- expect(Doorkeeper::AccessToken.count).to eq 0
571
- end
572
- end
573
-
574
- context "when user cannot access application" do
575
- before do
576
- allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
577
-
578
- get :new, params: {
579
- client_id: client.uid,
580
- response_type: "token",
581
- redirect_uri: client.redirect_uri,
582
- }
583
- end
584
-
585
- it "does not redirect" do
586
- expect(response).to_not be_redirect
587
- end
588
-
589
- it "does not issue any token" do
590
- expect(Doorkeeper::AccessGrant.count).to eq 0
591
- expect(Doorkeeper::AccessToken.count).to eq 0
592
- end
593
- end
594
- end
595
-
596
- describe "GET #new in API mode with errors" do
597
- before do
598
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
599
- default_scopes_exist :public
600
- end
601
-
602
- context "without valid params" do
603
- before do
604
- get :new, params: { an_invalid: "request" }
605
- end
606
-
607
- let(:response_json_body) { JSON.parse(response.body) }
608
-
609
- it "should render bad request" do
610
- expect(response).to have_http_status(:bad_request)
611
- end
612
-
613
- it "includes error in body" do
614
- expect(response_json_body["error"]).to eq("invalid_request")
615
- end
616
-
617
- it "includes error description in body" do
618
- expect(response_json_body["error_description"])
619
- .to eq(translated_invalid_request_error_message(:missing_param, :client_id))
620
- end
621
-
622
- it "does not issue any token" do
623
- expect(Doorkeeper::AccessGrant.count).to eq 0
624
- expect(Doorkeeper::AccessToken.count).to eq 0
625
- end
626
- end
627
-
628
- context "when user cannot access application" do
629
- before do
630
- allow(Doorkeeper.configuration).to receive(:authorize_resource_owner_for_client).and_return(->(*_) { false })
631
-
632
- get :new, params: {
633
- client_id: client.uid,
634
- response_type: "token",
635
- redirect_uri: client.redirect_uri,
636
- }
637
- end
638
-
639
- let(:response_json_body) { JSON.parse(response.body) }
640
-
641
- it "should render bad request" do
642
- expect(response).to have_http_status(:bad_request)
643
- end
644
-
645
- it "includes error in body" do
646
- expect(response_json_body["error"]).to eq("invalid_client")
647
- end
648
-
649
- it "includes error description in body" do
650
- expect(response_json_body["error_description"])
651
- .to eq(translated_error_message(:invalid_client))
652
- end
653
-
654
- it "does not issue any token" do
655
- expect(Doorkeeper::AccessGrant.count).to eq 0
656
- expect(Doorkeeper::AccessToken.count).to eq 0
657
- end
658
- end
659
- end
660
-
661
- describe "GET #new with callbacks" do
662
- after do
663
- client.update_attribute :redirect_uri, "urn:ietf:wg:oauth:2.0:oob"
664
- get :new, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri }
665
- end
666
-
667
- describe "when authorizing" do
668
- before do
669
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
670
- end
671
-
672
- it "should call :before_successful_authorization callback" do
673
- expect(Doorkeeper.configuration)
674
- .to receive_message_chain(:before_successful_authorization, :call)
675
- .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
676
- end
677
-
678
- it "should call :after_successful_authorization callback" do
679
- expect(Doorkeeper.configuration)
680
- .to receive_message_chain(:after_successful_authorization, :call)
681
- .with(instance_of(described_class), instance_of(Doorkeeper::OAuth::Hooks::Context))
682
- end
683
- end
684
-
685
- describe "when not authorizing" do
686
- before do
687
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
688
- end
689
-
690
- it "should not call :before_successful_authorization callback" do
691
- expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
692
- end
693
-
694
- it "should not call :after_successful_authorization callback" do
695
- expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
696
- end
697
- end
698
-
699
- describe "when not authorizing in api mode" do
700
- before do
701
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { false })
702
- allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
703
- end
704
-
705
- it "should not call :before_successful_authorization callback" do
706
- expect(Doorkeeper.configuration).not_to receive(:before_successful_authorization)
707
- end
708
-
709
- it "should not call :after_successful_authorization callback" do
710
- expect(Doorkeeper.configuration).not_to receive(:after_successful_authorization)
711
- end
712
- end
713
- end
714
-
715
- describe "authorize response memoization" do
716
- it "memoizes the result of the authorization" do
717
- pre_auth = double(:pre_auth, authorizable?: true)
718
- allow(controller).to receive(:pre_auth) { pre_auth }
719
- strategy = double(:strategy, authorize: true)
720
- expect(strategy).to receive(:authorize).once
721
- allow(controller).to receive(:strategy) { strategy }
722
- allow(controller).to receive(:create) do
723
- 2.times { controller.send :authorize_response }
724
- controller.render json: {}, status: :ok
725
- end
726
-
727
- post :create
728
- end
729
- end
730
-
731
- describe "strong parameters" do
732
- it "ignores non-scalar scope parameter" do
733
- get :new, params: {
734
- client_id: client.uid,
735
- response_type: "token",
736
- redirect_uri: client.redirect_uri,
737
- scope: { "0" => "profile" },
738
- }
739
-
740
- expect(response).to be_successful
741
- end
742
- end
743
- end