Open ThisIsMissEm opened 1 month ago
Looks like the failures for JSON.parse are due to: https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization
So we likely need something like Rails.application.config.hosts = [ 'www.example.com' ]
, as all the tests are using that, and the HTML response reads: Blocked hosts: www.example.com
With this diff I was able to significantly reduce the failures down to 1196 examples, 6 failures:
diff --git a/spec/dummy/config/environments/development.rb b/spec/dummy/config/environments/development.rb
index 0702a8b1..87d65102 100644
--- a/spec/dummy/config/environments/development.rb
+++ b/spec/dummy/config/environments/development.rb
@@ -28,4 +28,6 @@ Dummy::Application.configure do
config.assets.debug = true
config.eager_load = false
+
+ config.hosts << 'www.example.com'
end
diff --git a/spec/dummy/config/environments/production.rb b/spec/dummy/config/environments/production.rb
index 5365afb9..eef5028b 100644
--- a/spec/dummy/config/environments/production.rb
+++ b/spec/dummy/config/environments/production.rb
@@ -61,4 +61,6 @@ Dummy::Application.configure do
config.active_support.deprecation = :notify
config.eager_load = true
+
+ config.hosts << 'www.example.com'
end
diff --git a/spec/dummy/config/environments/test.rb b/spec/dummy/config/environments/test.rb
index b184dff9..915f5f3a 100644
--- a/spec/dummy/config/environments/test.rb
+++ b/spec/dummy/config/environments/test.rb
@@ -42,4 +42,6 @@ Dummy::Application.configure do
config.active_support.deprecation = :stderr
config.eager_load = true
+
+ config.hosts << 'www.example.com'
end
Failures:
1) Authorization endpoint when forgery protection enabled raises exception on forged requests
Failure/Error:
expect do
page.driver.post authorization_endpoint_url(
client_id: @client.uid,
redirect_uri: @client.redirect_uri,
response_type: "code",
)
end.to raise_error(ActionController::InvalidAuthenticityToken)
expected ActionController::InvalidAuthenticityToken but nothing was raised
# ./spec/requests/endpoints/authorization_spec.rb:87:in `block (4 levels) in <top (required)>'
# ./spec/support/helpers/authorization_request_helper.rb:37:in `allowing_forgery_protection'
# ./spec/requests/endpoints/authorization_spec.rb:86:in `block (3 levels) in <top (required)>'
2) Doorkeeper::RedirectUriValidator when force secured uri configured invalidates the uri when the uri does not use a secure protocol
Failure/Error: expect(client).not_to be_valid
expected #<Doorkeeper::Application id: 1, name: "Application 511", uid: "GDXul7I7lBLhOJ5fsegc8RcECRt2-sjudYcA8i4EOgU", secret: "RCxVU8dlrVU9CRSN24qLyaw2GtNf4du6Rtehp9jc4vg", redirect_uri: "http://example.com/callback", scopes: "", created_at: "2024-07-27 17:01:37.366199000 +0000", updated_at: "2024-07-27 17:01:37.366199000 +0000", owner_id: nil, owner_type: nil, confidential: true> not to be valid
# ./spec/doorkeeper/redirect_uri_validator_spec.rb:150:in `block (3 levels) in <top (required)>'
3) Implicit Grant Flow (request spec) when reuse_access_token enabled returns a new token each request
Failure/Error: expect(response.location).not_to include(token.token)
expected nil not to include "UfikQJ3aYJSB_nucFqaf_LyfxE66BrhCO8dh-FdYHrU", but it does not respond to `include?`
# ./spec/requests/flows/implicit_grant_spec.rb:71:in `block (3 levels) in <top (required)>'
4) Implicit Grant Flow (request spec) when reuse_access_token enabled returns the same token if it is still accessible
Failure/Error: expect(response.location).to include(token.token)
expected nil to include "y2bw-a0KT5YfInpdjekBZtbZbHKLycDZkaNBNe3ob8Y", but it does not respond to `include?`
# ./spec/requests/flows/implicit_grant_spec.rb:88:in `block (3 levels) in <top (required)>'
5) Doorkeeper::Config force_ssl_in_redirect_uri is true by default in non-development environments
Failure/Error: expect(config.force_ssl_in_redirect_uri).to eq(true)
expected: true
got: false
(compared using ==)
Diff:
@@ -1 +1 @@
-true
+false
# ./spec/lib/config_spec.rb:300:in `block (3 levels) in <top (required)>'
6) Authorization Code Flow silently authorizes if active matching token exists
Failure/Error: expect(request_response.status.to_i).to eq(status)
expected: 200
got: 403
(compared using ==)
# ./spec/support/helpers/request_spec_helper.rb:90:in `response_status_should_be'
# ./spec/requests/flows/authorization_code_spec.rb:202:in `block (2 levels) in <top (required)>'
But I'm not sure what these failures are
I workaround the sqlite
issue by tweaking the following when I run specific specs locally fwiw
diff --git a/Gemfile b/Gemfile
index f2cdb76b..bf59f529 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,7 +23,7 @@ gem "rubocop-rspec", require: false
gem "bcrypt", "~> 3.1", require: false
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
-gem "sqlite3", "~> 2.0", platform: %i[ruby mswin mingw x64_mingw]
+gem "sqlite3", "~> 1.7", platform: %i[ruby mswin mingw x64_mingw]
gem "tzinfo-data", platforms: %i[mingw mswin x64_mingw]
gem "timecop"
Steps to reproduce (local)
bundle install
rake spec
Fails with a huge number of errors:
Steps to reproduce (docker)
docker build --pull -t doorkeeper:test .
Fails with:
It seems the Dockerfile is still using ruby 2.6, when the project dropped 2.6 support 19 months ago in https://github.com/doorkeeper-gem/doorkeeper/pull/1622
I managed to "fix" the dockerfile by upgrading ruby and bundle to 3.3.4 and 2.5.11 respectively, and fixed the ENV warnings:
However, upon running
docker run -it --rm doorkeeper:test
the tests once again failed:Other Notes
I also tried running the specs like they are run from GitHub Actions with:
This still failed with (wrapped for readability):
The errors all seem to be related to
Failure/Error: JSON.parse(request_response.body)
whererequest_response.body
is a HTML string: