spec/requests/flows/password_spec.rb in doorkeeper-4.0.0.rc3 vs spec/requests/flows/password_spec.rb in doorkeeper-4.0.0.rc4

@@ -22,38 +22,51 @@
     client_exists
     create_resource_owner
   end
 
   context 'with valid user credentials' do
-    it 'should issue new token' do
+    it 'should issue new token with confidential client' do
       expect do
         post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
       end.to change { Doorkeeper::AccessToken.count }.by(1)
 
       token = Doorkeeper::AccessToken.first
 
-      should_have_json 'access_token',  token.token
+      expect(token.application_id).to eq @client.id
+      should_have_json 'access_token', token.token
     end
 
+    it 'should issue new token with public client (only client_id present)' do
+      expect do
+        post password_token_endpoint_url(client_id: @client.uid, resource_owner: @resource_owner)
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+
+      token = Doorkeeper::AccessToken.first
+
+      expect(token.application_id).to eq @client.id
+      should_have_json 'access_token', token.token
+    end
+
     it 'should issue new token without client credentials' do
       expect do
         post password_token_endpoint_url(resource_owner: @resource_owner)
       end.to change { Doorkeeper::AccessToken.count }.by(1)
 
       token = Doorkeeper::AccessToken.first
 
-      should_have_json 'access_token',  token.token
+      expect(token.application_id).to be_nil
+      should_have_json 'access_token', token.token
     end
 
     it 'should issue a refresh token if enabled' do
       config_is_set(:refresh_token_enabled, true)
 
       post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
 
       token = Doorkeeper::AccessToken.first
 
-      should_have_json 'refresh_token',  token.refresh_token
+      should_have_json 'refresh_token', token.refresh_token
     end
 
     it 'should return the same token if it is still accessible' do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
 
@@ -80,15 +93,23 @@
         post password_token_endpoint_url(client: @client)
       end.to_not change { Doorkeeper::AccessToken.count }
     end
   end
 
-  context 'with invalid client credentials' do
+  context 'with invalid confidential client credentials' do
     it 'should not issue new token with bad client credentials' do
       expect do
         post password_token_endpoint_url(client_id: @client.uid,
                                          client_secret: 'bad_secret',
                                          resource_owner: @resource_owner)
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
+  end
+
+  context 'with invalid public client id' do
+    it 'should not issue new token with bad client id' do
+      expect do
+        post password_token_endpoint_url(client_id: 'bad_id', resource_owner: @resource_owner)
       end.to_not change { Doorkeeper::AccessToken.count }
     end
   end
 end