spec/requests/flows/password_spec.rb in doorkeeper-5.2.6 vs spec/requests/flows/password_spec.rb in doorkeeper-5.3.0
- old
+ new
@@ -33,22 +33,22 @@
context "when configured to check application supported grant flow" do
before do
Doorkeeper.configuration.instance_variable_set(
:@allow_grant_flow_for_client,
- ->(_grant_flow, client) { client.name == "admin" }
+ ->(_grant_flow, client) { client.name == "admin" },
)
end
scenario "forbids the request when doesn't satisfy condition" do
@client.update(name: "sample app")
expect do
post password_token_endpoint_url(
client_id: @client.uid,
client_secret: "foobar",
- resource_owner: @resource_owner
+ resource_owner: @resource_owner,
)
end.not_to(change { Doorkeeper::AccessToken.count })
expect(response.status).to eq(401)
should_have_json "error", "invalid_client"
@@ -97,11 +97,11 @@
it "should not issue new token" do
expect do
post password_token_endpoint_url(
client_id: @client.uid,
client_secret: "foobar",
- resource_owner: @resource_owner
+ resource_owner: @resource_owner,
)
end.not_to(change { Doorkeeper::AccessToken.count })
expect(response.status).to eq(401)
should_have_json "error", "invalid_client"
@@ -239,13 +239,15 @@
end
end
context "with invalid scopes" do
subject do
- post password_token_endpoint_url(client: @client,
- resource_owner: @resource_owner,
- scope: "random")
+ post password_token_endpoint_url(
+ client: @client,
+ resource_owner: @resource_owner,
+ scope: "random",
+ )
end
it "should not issue new token" do
expect { subject }.to_not(change { Doorkeeper::AccessToken.count })
end
@@ -261,28 +263,46 @@
end
context "with invalid user credentials" do
it "should not issue new token with bad password" do
expect do
- post password_token_endpoint_url(client: @client,
- resource_owner_username: @resource_owner.name,
- resource_owner_password: "wrongpassword")
+ post password_token_endpoint_url(
+ client: @client,
+ resource_owner_username: @resource_owner.name,
+ resource_owner_password: "wrongpassword",
+ )
end.to_not(change { Doorkeeper::AccessToken.count })
end
it "should not issue new token without credentials" do
expect do
post password_token_endpoint_url(client: @client)
end.to_not(change { Doorkeeper::AccessToken.count })
end
+
+ it "should not issue new token if resource_owner_from_credentials returned false or nil" do
+ config_is_set(:resource_owner_from_credentials) { false }
+
+ expect do
+ post password_token_endpoint_url(client: @client)
+ end.to_not(change { Doorkeeper::AccessToken.count })
+
+ config_is_set(:resource_owner_from_credentials) { nil }
+
+ expect do
+ post password_token_endpoint_url(client: @client)
+ end.to_not(change { Doorkeeper::AccessToken.count })
+ end
end
context "with invalid confidential client credentials" do
it "should not issue new token with bad client credentials" do
expect do
- post password_token_endpoint_url(client_id: @client.uid,
- client_secret: "bad_secret",
- resource_owner: @resource_owner)
+ post password_token_endpoint_url(
+ client_id: @client.uid,
+ client_secret: "bad_secret",
+ resource_owner: @resource_owner,
+ )
end.to_not(change { Doorkeeper::AccessToken.count })
end
end
context "with invalid public client id" do