diff --git a/lib/doorkeeper/version.rb b/lib/doorkeeper/version.rb index bbab99ac4..d92812a71 100644 --- a/lib/doorkeeper/version.rb +++ b/lib/doorkeeper/version.rb @@ -28,7 +28,7 @@ module VERSION # Semantic versioning MAJOR = 4 MINOR = 4 - TINY = 0 + TINY = 1 # Full version number STRING = [MAJOR, MINOR, TINY].compact.join('.') diff --git a/spec/controllers/authorizations_controller_spec.rb b/spec/controllers/authorizations_controller_spec.rb index 707d7ab19..50e5e0258 100644 --- a/spec/controllers/authorizations_controller_spec.rb +++ b/spec/controllers/authorizations_controller_spec.rb @@ -70,47 +70,6 @@ def translated_error_message(key) end end -<<<<<<< HEAD -======= - describe "POST #create in API mode" do - before do - allow(Doorkeeper.configuration).to receive(:api_only).and_return(true) - post :create, params: { client_id: client.uid, response_type: "token", redirect_uri: client.redirect_uri } - end - - let(:response_json_body) { JSON.parse(response.body) } - let(:redirect_uri) { response_json_body["redirect_uri"] } - - it "renders success after authorization" do - expect(response).to be_successful - end - - it "renders correct redirect uri" do - expect(redirect_uri).to match(/^#{client.redirect_uri}/) - end - - it "includes access token in fragment" do - expect(redirect_uri.match(/access_token=([a-f0-9]+)&?/)[1]).to eq(Doorkeeper::AccessToken.first.token) - end - - it "includes token type in fragment" do - expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer" - end - - it "includes token expiration in fragment" do - expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234 - end - - it "issues the token for the current client" do - expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id) - end - - it "issues the token for the current resource owner" do - expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id) - end - end - ->>>>>>> 9a42b98... Change the token_type initials of the Banner Token to uppercase. describe 'POST #create with errors' do before do default_scopes_exist :public @@ -241,71 +200,6 @@ def translated_error_message(key) end end -<<<<<<< HEAD -======= - describe 'GET #new in API mode' do - before do - allow(Doorkeeper.configuration).to receive(:api_only).and_return(true) - get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri } - end - - it 'should render success' do - expect(response).to be_successful - end - - it "sets status to pre-authorization" do - expect(json_response["status"]).to eq(I18n.t('doorkeeper.pre_authorization.status')) - end - - it "sets correct values" do - expect(json_response['client_id']).to eq(client.uid) - expect(json_response['redirect_uri']).to eq(client.redirect_uri) - expect(json_response['state']).to be_nil - expect(json_response['response_type']).to eq('token') - expect(json_response['scope']).to eq('') - end - end - - describe 'GET #new in API mode with skip_authorization true' do - before do - allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true }) - allow(Doorkeeper.configuration).to receive(:api_only).and_return(true) - - get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri } - end - - it 'should render success' do - expect(response).to be_successful - end - - it 'should issue a token' do - expect(Doorkeeper::AccessToken.count).to be 1 - end - - it "sets status to redirect" do - expect(JSON.parse(response.body)["status"]).to eq("redirect") - end - - it "sets redirect_uri to correct value" do - redirect_uri = JSON.parse(response.body)["redirect_uri"] - expect(redirect_uri).to_not be_nil - expect(redirect_uri.match(/token_type=(\w+)&?/)[1]).to eq "Bearer" - expect(redirect_uri.match(/expires_in=(\d+)&?/)[1].to_i).to eq 1234 - expect( - redirect_uri.match(/access_token=([a-f0-9]+)&?/)[1] - ).to eq Doorkeeper::AccessToken.first.token - end - - it "issues the token for the current client" do - expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id) - end - - it "issues the token for the current resource owner" do - expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id) - end - end - ->>>>>>> 9a42b98... Change the token_type initials of the Banner Token to uppercase. describe 'GET #new with errors' do before do default_scopes_exist :public diff --git a/spec/requests/flows/authorization_code_spec.rb b/spec/requests/flows/authorization_code_spec.rb index 3c9d03d8b..8cd41f5bf 100644 --- a/spec/requests/flows/authorization_code_spec.rb +++ b/spec/requests/flows/authorization_code_spec.rb @@ -57,204 +57,6 @@ should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1 end -<<<<<<< HEAD -======= - scenario 'resource owner requests an access token with authorization code but without secret' do - visit authorization_endpoint_url(client: @client) - click_on 'Authorize' - - authorization_code = Doorkeeper::AccessGrant.first.token - page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid, - redirect_uri: @client.redirect_uri) - - expect(Doorkeeper::AccessToken).not_to exist - - should_have_json 'error', 'invalid_client' - end - - context 'with PKCE' do - context 'plain' do - let(:code_challenge) { 'a45a9fea-0676-477e-95b1-a40f72ac3cfb' } - let(:code_verifier) { 'a45a9fea-0676-477e-95b1-a40f72ac3cfb' } - - scenario 'resource owner authorizes the client with code_challenge parameter set' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'plain') - click_on 'Authorize' - - url_should_have_param('code', Doorkeeper::AccessGrant.first.token) - url_should_not_have_param('code_challenge_method') - url_should_not_have_param('code_challenge') - end - - scenario 'mobile app requests an access token with authorization code but not pkce token' do - visit authorization_endpoint_url(client: @client) - click_on 'Authorize' - - authorization_code = current_params['code'] - create_access_token authorization_code, @client, code_verifier - - should_have_json 'error', 'invalid_grant' - end - - scenario 'mobile app requests an access token with authorization code and plain code challenge method' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'plain') - click_on 'Authorize' - - authorization_code = current_params['code'] - create_access_token authorization_code, @client, code_verifier - - access_token_should_exist_for(@client, @resource_owner) - - should_not_have_json 'error' - - should_have_json 'access_token', Doorkeeper::AccessToken.first.token - should_have_json 'token_type', 'Bearer' - should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1 - end - - scenario 'mobile app requests an access token with authorization code and code_challenge' do - visit authorization_endpoint_url(client: @client, - code_challenge: code_verifier, - code_challenge_method: 'plain') - click_on 'Authorize' - - authorization_code = current_params['code'] - create_access_token authorization_code, @client, code_verifier: nil - - should_not_have_json 'access_token' - should_have_json 'error', 'invalid_grant' - end - end - - context 's256' do - let(:code_challenge) { 'Oz733NtQ0rJP8b04fgZMJMwprn6Iw8sMCT_9bR1q4tA' } - let(:code_verifier) { 'a45a9fea-0676-477e-95b1-a40f72ac3cfb' } - - scenario 'resource owner authorizes the client with code_challenge parameter set' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - - url_should_have_param('code', Doorkeeper::AccessGrant.first.token) - url_should_not_have_param('code_challenge_method') - url_should_not_have_param('code_challenge') - end - - scenario 'mobile app requests an access token with authorization code and S256 code challenge method' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - - authorization_code = current_params['code'] - create_access_token authorization_code, @client, code_verifier - - access_token_should_exist_for(@client, @resource_owner) - - should_not_have_json 'error' - - should_have_json 'access_token', Doorkeeper::AccessToken.first.token - should_have_json 'token_type', 'Bearer' - should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1 - end - - scenario 'mobile app requests an access token with authorization code and without code_verifier' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - authorization_code = current_params['code'] - create_access_token authorization_code, @client - should_have_json 'error', 'invalid_request' - should_not_have_json 'access_token' - end - - scenario 'mobile app requests an access token with authorization code and without secret' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - - authorization_code = current_params['code'] - page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid, - redirect_uri: @client.redirect_uri, code_verifier: code_verifier) - should_have_json 'error', 'invalid_client' - should_not_have_json 'access_token' - end - - scenario 'mobile app requests an access token with authorization code and without secret but is marked as not confidential' do - @client.update_attribute :confidential, false - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - - authorization_code = current_params['code'] - page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid, - redirect_uri: @client.redirect_uri, code_verifier: code_verifier) - should_not_have_json 'error' - - should_have_json 'access_token', Doorkeeper::AccessToken.first.token - should_have_json 'token_type', 'Bearer' - should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1 - end - - scenario 'mobile app requests an access token with authorization code but no code verifier' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - - authorization_code = current_params['code'] - create_access_token authorization_code, @client - - should_not_have_json 'access_token' - should_have_json 'error', 'invalid_request' - end - - scenario 'mobile app requests an access token with authorization code with wrong verifier' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - - authorization_code = current_params['code'] - create_access_token authorization_code, @client, 'incorrect-code-verifier' - - should_not_have_json 'access_token' - should_have_json 'error', 'invalid_grant' - end - - scenario 'code_challenge_mehthod in token request is totally ignored' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256') - click_on 'Authorize' - - authorization_code = current_params['code'] - page.driver.post token_endpoint_url(code: authorization_code, client: @client, code_verifier: code_challenge, - code_challenge_method: 'plain') - - should_not_have_json 'access_token' - should_have_json 'error', 'invalid_grant' - end - - scenario 'expects to set code_challenge_method explicitely without fallback' do - visit authorization_endpoint_url(client: @client, code_challenge: code_challenge) - expect(page).to have_content('The code challenge method must be plain or S256.') - end - end - end - - context 'when application scopes are present and no scope is passed' do - background do - @client.update_attributes(scopes: 'public write read') - end - - scenario 'access grant has no scope' do - default_scopes_exist :admin - visit authorization_endpoint_url(client: @client) - click_on 'Authorize' - access_grant_should_exist_for(@client, @resource_owner) - grant = Doorkeeper::AccessGrant.first - expect(grant.scopes).to be_empty - end - - scenario 'access grant have scopes which are common in application scopees and default scopes' do - default_scopes_exist :public, :write - visit authorization_endpoint_url(client: @client) - click_on 'Authorize' - access_grant_should_exist_for(@client, @resource_owner) - access_grant_should_have_scopes :public, :write - end - end - ->>>>>>> 9a42b98... Change the token_type initials of the Banner Token to uppercase. context 'with scopes' do background do default_scopes_exist :public