Merge pull request #1400 from aclemons/client_credentials_validation

Yield application to allow_grant_flow_for_client? client credentials …

Author: nbulaj

CHANGELOG.md

@@ -10,6 +10,7 @@ User-visible changes worth mentioning.
 - [#1395] Fix `NameError: uninitialized constant Doorkeeper::AccessToken` for Rake tasks.
 - [#1397] Add `as: :doorkeeper_application` on Doorkeeper application form in order to support
   custom configured application model.
+- [#1400] Correctly yield the application to allow_grant_flow_for_client? (Fixes #1398)
 
 ## 5.4.0.rc1
 - [#1366] Sets expiry of token generated using `refresh_token` to that of original token. (Fixes #1364) 

lib/doorkeeper/oauth/client_credentials/validator.rb

@@ -26,9 +26,11 @@ def validate_client
         end
 
         def validate_client_supports_grant_flow
+          return if @client.blank?
+
           Doorkeeper.config.allow_grant_flow_for_client?(
             Doorkeeper::OAuth::CLIENT_CREDENTIALS,
-            @client,
+            @client.application,
           )
         end
 

spec/lib/oauth/client_credentials/validation_spec.rb

@@ -19,6 +19,33 @@
     expect(subject).not_to be_valid
   end
 
+  context "when a grant flow check is configured" do
+    let(:callback) { double("callback") }
+
+    before do
+      allow(Doorkeeper.config).to receive(:option_defined?).with(:allow_grant_flow_for_client).and_return(true)
+      allow(Doorkeeper.config).to receive(:allow_grant_flow_for_client).and_return(callback)
+
+      expect(callback).to receive(:call).twice.with(Doorkeeper::OAuth::CLIENT_CREDENTIALS, application).and_return(callback_response)
+    end
+
+    context "when the callback rejects the grant flow" do
+      let(:callback_response) { false }
+
+      it "is invalid" do
+        expect(subject).not_to be_valid
+      end
+    end
+
+    context "when the callback allows the grant flow" do
+      let(:callback_response) { true }
+
+      it "is invalid" do
+        expect(subject).to be_valid
+      end
+    end
+  end
+
   context "with scopes" do
     it "is invalid when scopes are not included in the server" do
       server_scopes = Doorkeeper::OAuth::Scopes.from_string "email"

spec/lib/oauth/client_credentials_integration_spec.rb

@@ -6,7 +6,7 @@
   let(:server) { Doorkeeper.configuration }
 
   context "with a valid request" do
-    let(:client) { FactoryBot.create :application }
+    let(:client) { Doorkeeper::OAuth::Client.new(FactoryBot.build_stubbed(:application)) }
 
     it "issues an access token" do
       request = Doorkeeper::OAuth::ClientCredentialsRequest.new(server, client, {})