diff --git a/app/views/doorkeeper/applications/_delete_form.html.erb b/app/views/doorkeeper/applications/_delete_form.html.erb
new file mode 100644
index 0000000000..b6377d35f5
--- /dev/null
+++ b/app/views/doorkeeper/applications/_delete_form.html.erb
@@ -0,0 +1,6 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag oauth_application_path(application), method: :delete do %>
+ <%= submit_tag t('doorkeeper.applications.buttons.destroy'),
+ onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')",
+ class: submit_btn_css, style: "border-radius: 0;" %>
+<% end %>
\ No newline at end of file
diff --git a/app/views/doorkeeper/applications/_form.html.erb b/app/views/doorkeeper/applications/_form.html.erb
new file mode 100644
index 0000000000..5aeeeaf9ab
--- /dev/null
+++ b/app/views/doorkeeper/applications/_form.html.erb
@@ -0,0 +1,42 @@
+<%= form_for application, url: doorkeeper_submit_path(application), as: :doorkeeper_application, html: { role: 'form' } do |f| %>
+ <% if application.errors.any? %>
+
<%= t('doorkeeper.applications.form.error') %>
+ <% end %>
+
+
+
+
+
+
+
+
+<% end %>
\ No newline at end of file
diff --git a/app/views/doorkeeper/applications/edit.html.erb b/app/views/doorkeeper/applications/edit.html.erb
new file mode 100644
index 0000000000..95fb9ab2d5
--- /dev/null
+++ b/app/views/doorkeeper/applications/edit.html.erb
@@ -0,0 +1,5 @@
+
+
<%= t('.title') %>
+
+
+<%= render 'form', application: @application %>
\ No newline at end of file
diff --git a/app/views/doorkeeper/applications/index.html.erb b/app/views/doorkeeper/applications/index.html.erb
new file mode 100644
index 0000000000..835e0d917f
--- /dev/null
+++ b/app/views/doorkeeper/applications/index.html.erb
@@ -0,0 +1,34 @@
+
+
<%= t('.title') %>
+
+
+
<%= link_to t('.new'), new_oauth_application_path, class: 'btn btn-secondary', style: "border-radius: 0;" %>
+
+
+
+
+ | <%= t('.name') %> |
+ <%= t('.callback_url') %> |
+ <%= t('.actions') %> |
+ |
+
+
+
+ <% @applications.each do |application| %>
+
+ |
+ <%= link_to application.name, oauth_application_path(application) %>
+ |
+
+ <%= simple_format(application.redirect_uri) %>
+ |
+
+ <%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %>
+ |
+
+ <%= render 'delete_form', application: application %>
+ |
+
+ <% end %>
+
+
\ No newline at end of file
diff --git a/app/views/doorkeeper/applications/new.html.erb b/app/views/doorkeeper/applications/new.html.erb
new file mode 100644
index 0000000000..95fb9ab2d5
--- /dev/null
+++ b/app/views/doorkeeper/applications/new.html.erb
@@ -0,0 +1,5 @@
+
+
<%= t('.title') %>
+
+
+<%= render 'form', application: @application %>
\ No newline at end of file
diff --git a/app/views/doorkeeper/applications/show.html.erb b/app/views/doorkeeper/applications/show.html.erb
new file mode 100644
index 0000000000..71e06b573e
--- /dev/null
+++ b/app/views/doorkeeper/applications/show.html.erb
@@ -0,0 +1,42 @@
+<%= fields_for @application, as: :doorkeeper_application, html: { role: 'form' } do |f| %>
+
+
+
+
+
+
+
+
+
+
+
+<% end %>
\ No newline at end of file
diff --git a/app/views/doorkeeper/authorizations/error.html.erb b/app/views/doorkeeper/authorizations/error.html.erb
new file mode 100644
index 0000000000..4173caf8f2
--- /dev/null
+++ b/app/views/doorkeeper/authorizations/error.html.erb
@@ -0,0 +1,9 @@
+
+
<%= t('doorkeeper.authorizations.error.title') %>
+
+
+
+
+ <%= (local_assigns[:error_response] ? error_response : @pre_auth.error_response).body[:error_description] %>
+
+
\ No newline at end of file
diff --git a/app/views/doorkeeper/authorizations/form_post.html.erb b/app/views/doorkeeper/authorizations/form_post.html.erb
new file mode 100644
index 0000000000..4b0df6c0c6
--- /dev/null
+++ b/app/views/doorkeeper/authorizations/form_post.html.erb
@@ -0,0 +1,15 @@
+
+
+<%= form_tag @pre_auth.redirect_uri, method: :post, name: :redirect_form, authenticity_token: false do %>
+ <% auth.body.compact.each do |key, value| %>
+ <%= hidden_field_tag key, value %>
+ <% end %>
+<% end %>
+
+
\ No newline at end of file
diff --git a/app/views/doorkeeper/authorizations/new.html.erb b/app/views/doorkeeper/authorizations/new.html.erb
new file mode 100644
index 0000000000..c7b8d0f224
--- /dev/null
+++ b/app/views/doorkeeper/authorizations/new.html.erb
@@ -0,0 +1,46 @@
+
+
+
+
+ <%= raw t('.prompt', client_name: content_tag(:strong, class: 'text-info') { @pre_auth.client.name }) %>
+
+
+ <% if @pre_auth.scopes.count > 0 %>
+
+
<%= t('.able_to') %>:
+
+
+ <% @pre_auth.scopes.each do |scope| %>
+ - <%= t(scope, scope: [:doorkeeper, :scopes]) + " your plans" %>
+ <% end %>
+
+
+ <%= form_tag oauth_authorization_path, method: :post do %>
+ <%= hidden_field_tag :client_id, @pre_auth.client.uid, id: nil %>
+ <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri, id: nil %>
+ <%= hidden_field_tag :state, @pre_auth.state, id: nil %>
+ <%= hidden_field_tag :response_type, @pre_auth.response_type, id: nil %>
+ <%= hidden_field_tag :response_mode, @pre_auth.response_mode, id: nil %>
+ <%= hidden_field_tag :scope, @pre_auth.scope, id: nil %>
+ <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge, id: nil %>
+ <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method, id: nil %>
+ <%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success mt-3 mb-3", style: "border-radius: 0;" %>
+ <% end %>
+ <%= form_tag oauth_authorization_path, method: :delete do %>
+ <%= hidden_field_tag :client_id, @pre_auth.client.uid, id: nil %>
+ <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri, id: nil %>
+ <%= hidden_field_tag :state, @pre_auth.state, id: nil %>
+ <%= hidden_field_tag :response_type, @pre_auth.response_type, id: nil %>
+ <%= hidden_field_tag :response_mode, @pre_auth.response_mode, id: nil %>
+ <%= hidden_field_tag :scope, @pre_auth.scope, id: nil %>
+ <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge, id: nil %>
+ <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method, id: nil %>
+ <%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger", style: "border-radius: 0;" %>
+ <% end %>
+
+
\ No newline at end of file
diff --git a/app/views/doorkeeper/authorizations/show.html.erb b/app/views/doorkeeper/authorizations/show.html.erb
new file mode 100644
index 0000000000..385fc9f24b
--- /dev/null
+++ b/app/views/doorkeeper/authorizations/show.html.erb
@@ -0,0 +1,7 @@
+
+
+
+ <%= params[:code] %>
+
\ No newline at end of file
diff --git a/app/views/doorkeeper/authorized_applications/_delete_form.html.erb b/app/views/doorkeeper/authorized_applications/_delete_form.html.erb
new file mode 100644
index 0000000000..b39ef93edb
--- /dev/null
+++ b/app/views/doorkeeper/authorized_applications/_delete_form.html.erb
@@ -0,0 +1,4 @@
+<%- submit_btn_css ||= 'btn btn-link' %>
+<%= form_tag oauth_authorized_application_path(application), method: :delete do %>
+ <%= submit_tag t('doorkeeper.authorized_applications.buttons.revoke'), onclick: "return confirm('#{ t('doorkeeper.authorized_applications.confirmations.revoke') }')", class: submit_btn_css %>
+<% end %>
\ No newline at end of file
diff --git a/app/views/doorkeeper/authorized_applications/index.html.erb b/app/views/doorkeeper/authorized_applications/index.html.erb
new file mode 100644
index 0000000000..08e8429fd2
--- /dev/null
+++ b/app/views/doorkeeper/authorized_applications/index.html.erb
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+ | <%= t('doorkeeper.authorized_applications.index.application') %> |
+ <%= t('doorkeeper.authorized_applications.index.created_at') %> |
+ |
+
+
+
+ <% @applications.each do |application| %>
+
+ | <%= application.name %> |
+ <%= application.created_at.strftime(t('doorkeeper.authorized_applications.index.date_format')) %> |
+ <%= render 'delete_form', application: application %> |
+
+ <% end %>
+
+
+
\ No newline at end of file
diff --git a/app/views/layouts/_branding.html.erb b/app/views/layouts/_branding.html.erb
index 8d451c38be..1d0fa96909 100644
--- a/app/views/layouts/_branding.html.erb
+++ b/app/views/layouts/_branding.html.erb
@@ -121,6 +121,9 @@
<% end %>
<% if current_user.can_super_admin? %>
+
+ <%= link_to _('OAuth Applications'), oauth_applications_path, class: 'nav-link dropdown-item px-3' %>
+
>
<%= link_to(_('Api Clients'), super_admin_api_clients_path) %>
diff --git a/app/views/users/refresh_token.js.erb b/app/views/users/refresh_token.js.erb
index 1c7f52e44a..76f409f940 100644
--- a/app/views/users/refresh_token.js.erb
+++ b/app/views/users/refresh_token.js.erb
@@ -1,6 +1,8 @@
-var msg = '<%= @success ? _("Successfully regenerate your API token.") : _("Unable to regenerate your API token.") %>';
+// This view is called by both InternalUserAccessTokensController#create (provides @v2_token)
+// and UsersController#refresh_token (does not provide @v2_token).
+var msg = '<%= @success ? _("Successfully regenerated your API token.") : _("Unable to regenerate your API token.") %>';
-var context = $('#api-token');
-context.html('<%= escape_javascript(render partial: "/devise/registrations/api_token", locals: { user: current_user }) %>');
+var context = $('#api-tokens');
+context.html('<%= escape_javascript(render partial: "/devise/registrations/api_token", locals: { user: current_user, v2_token: @v2_token }) %>');
renderNotice(msg);
toggleSpinner(false);
diff --git a/config/application.rb b/config/application.rb
index 792dd4b0d2..87745f74aa 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -103,5 +103,12 @@ class Application < Rails::Application
# customized templates. For this reason we are specifying in the
# documentation the funder that
config.default_funder_id = Rails.application.secrets.default_funder_id.to_i
+
+ # apply application styling to doorkeeper views
+ config.to_prepare do
+ Doorkeeper::ApplicationsController.layout "application"
+ Doorkeeper::AuthorizationsController.layout "application"
+ Doorkeeper::AuthorizedApplicationsController.layout "application"
+ end
end
end
diff --git a/config/initializers/_dmproadmap.rb b/config/initializers/_dmproadmap.rb
index 23b5fcf13c..50fb61bfed 100644
--- a/config/initializers/_dmproadmap.rb
+++ b/config/initializers/_dmproadmap.rb
@@ -64,6 +64,8 @@ class Application < Rails::Application
# Used throughout the system via ApplicationService.application_name
config.x.application.name = 'DMP Assistant'
+ # Name of the internal Doorkeeper OAuth application for v2 API access tokens
+ config.x.application.internal_oauth_app_name = 'Internal v2 API Client'
# Used as the default domain when 'archiving' (aka anonymizing) a user account
# for example `jane.doe@uni.edu` becomes `1234@removed_accounts-example.org`
config.x.application.archived_accounts_email_suffix = '@removed_accounts-example.org'
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
new file mode 100644
index 0000000000..887239f1fd
--- /dev/null
+++ b/config/initializers/doorkeeper.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+Doorkeeper.configure do
+ # set the object-relational-model (ORM)
+ orm :active_record
+
+ # ensure resource owner is authenticated
+ resource_owner_authenticator do
+ if request.path == native_oauth_authorization_path
+ # Deactivate native_oauth_authorization_path (intended for mobile devices)
+ redirect_to root_path, alert: "You are not authorized to perform this action."
+ else
+ # https://doorkeeper.gitbook.io/guides/ruby-on-rails/configuration
+ current_user || warden.authenticate!(scope: :user)
+ end
+ end
+
+ # ensure only super-admins can manage oauth applications
+ admin_authenticator do |_routes|
+ redirect_to root_path, alert: "You are not authorized to perform this action." unless current_user&.can_super_admin?
+ end
+
+ # grant flows enabled
+ # Authorization Code Grant Flow (ACGF)
+ grant_flows %w[authorization_code client_credentials]
+
+ # allow for redirect-uri to be blank
+ # (required for client_credentials apps for org-admins)
+ allow_blank_redirect_uri true
+
+ # scopes enabled
+ default_scopes :read
+
+ # ensure client apps cannot ask for scopes outwith those specified here
+ enforce_configured_scopes
+
+ # set the token endpoint configurations
+ access_token_expires_in 2.hours
+
+ # enable refresh tokens of duration 90 days
+ use_refresh_token expiry: 90.days
+
+ # enable ssl requirement for redirect url
+ # - Allow HTTP in test and development environments
+ force_ssl_in_redirect_uri !(Rails.env.test? || Rails.env.development?)
+
+ hash_application_secrets
+ hash_token_secrets
+end
diff --git a/config/locales/.translation_io b/config/locales/.translation_io
index 153210ff4c..58a904ba80 100644
--- a/config/locales/.translation_io
+++ b/config/locales/.translation_io
@@ -1,2 +1,2 @@
---
-timestamp: 1676485914
+timestamp: 1770842278
diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
new file mode 100644
index 0000000000..b3c4b2c660
--- /dev/null
+++ b/config/locales/doorkeeper.en.yml
@@ -0,0 +1,154 @@
+en:
+ activerecord:
+ attributes:
+ doorkeeper/application:
+ name: 'Name'
+ redirect_uri: 'Redirect URI'
+ errors:
+ models:
+ doorkeeper/application:
+ attributes:
+ redirect_uri:
+ fragment_present: 'cannot contain a fragment.'
+ invalid_uri: 'must be a valid URI.'
+ unspecified_scheme: 'must specify a scheme.'
+ relative_uri: 'must be an absolute URI.'
+ secured_uri: 'must be an HTTPS/SSL URI.'
+ forbidden_uri: 'is forbidden by the server.'
+ scopes:
+ not_match_configured: "doesn't match configured on the server."
+
+ doorkeeper:
+ applications:
+ confirmations:
+ destroy: 'Are you sure?'
+ buttons:
+ edit: 'Edit'
+ destroy: 'Destroy'
+ submit: 'Submit'
+ cancel: 'Cancel'
+ authorize: 'Authorize'
+ form:
+ error: 'Whoops! Check your form for possible errors'
+ help:
+ confidential: 'Application will be used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential.'
+ redirect_uri: 'Use one line per URI'
+ blank_redirect_uri: "Leave it blank if you configured your provider to use Client Credentials, Resource Owner Password Credentials or any other grant type that doesn't require redirect URI."
+ scopes: 'Separate scopes with spaces. Leave blank to use the default scopes.'
+ edit:
+ title: 'Edit application'
+ index:
+ title: 'Your applications'
+ new: 'New Application'
+ name: 'Name'
+ callback_url: 'Callback URL'
+ confidential: 'Confidential?'
+ actions: 'Actions'
+ confidentiality:
+ 'yes': 'Yes'
+ 'no': 'No'
+ new:
+ title: 'New Application'
+ show:
+ title: 'Application: %{name}'
+ application_id: 'UID'
+ secret: 'Secret'
+ secret_hashed: 'Secret hashed'
+ scopes: 'Scopes'
+ confidential: 'Confidential'
+ callback_urls: 'Callback urls'
+ actions: 'Actions'
+ not_defined: 'Not defined'
+
+ authorizations:
+ buttons:
+ authorize: 'Authorize'
+ deny: 'Deny'
+ error:
+ title: 'An error has occurred'
+ new:
+ title: 'Authorization required'
+ prompt: 'Authorize %{client_name} to use your account?'
+ able_to: 'This application will be able to'
+ show:
+ title: 'Authorization code'
+ form_post:
+ title: 'Submit this form'
+
+ authorized_applications:
+ confirmations:
+ revoke: 'Are you sure?'
+ buttons:
+ revoke: 'Revoke'
+ index:
+ title: 'Your authorized applications'
+ application: 'Application'
+ created_at: 'Created At'
+ date_format: '%Y-%m-%d %H:%M:%S'
+
+ pre_authorization:
+ status: 'Pre-authorization'
+
+ errors:
+ messages:
+ # Common error messages
+ invalid_request:
+ unknown: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
+ missing_param: 'Missing required parameter: %{value}.'
+ request_not_authorized: 'Request need to be authorized. Required parameter for authorizing request is missing or invalid.'
+ invalid_redirect_uri: "The requested redirect uri is malformed or doesn't match client redirect URI."
+ unauthorized_client: 'The client is not authorized to perform this request using this method.'
+ access_denied: 'The resource owner or authorization server denied the request.'
+ invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
+ invalid_code_challenge_method:
+ zero: 'The authorization server does not support PKCE as there are no accepted code_challenge_method values.'
+ one: 'The code_challenge_method must be %{challenge_methods}.'
+ other: 'The code_challenge_method must be one of %{challenge_methods}.'
+ server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
+ temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
+
+ # Configuration error messages
+ credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
+ resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfigured.'
+ admin_authenticator_not_configured: 'Access to admin panel is forbidden due to Doorkeeper.configure.admin_authenticator being unconfigured.'
+
+ # Access grant errors
+ unsupported_response_type: 'The authorization server does not support this response type.'
+ unsupported_response_mode: 'The authorization server does not support this response mode.'
+
+ # Access token errors
+ invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
+ invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
+ unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
+
+ invalid_token:
+ revoked: "The access token was revoked"
+ expired: "The access token expired"
+ unknown: "The access token is invalid"
+ revoke:
+ unauthorized: "You are not authorized to revoke this token"
+
+ forbidden_token:
+ missing_scope: 'Access to this resource requires scope "%{oauth_scopes}".'
+
+ flash:
+ applications:
+ create:
+ notice: 'Application created.'
+ destroy:
+ notice: 'Application deleted.'
+ update:
+ notice: 'Application updated.'
+ authorized_applications:
+ destroy:
+ notice: 'Application revoked.'
+
+ layouts:
+ admin:
+ title: 'Doorkeeper'
+ nav:
+ oauth2_provider: 'OAuth2 Provider'
+ applications: 'Applications'
+ home: 'Home'
+ application:
+ title: 'OAuth authorization required'
diff --git a/config/locales/localization.en-CA.yml b/config/locales/localization.en-CA.yml
index 5182a9f0f5..c176fa139c 100644
--- a/config/locales/localization.en-CA.yml
+++ b/config/locales/localization.en-CA.yml
@@ -67,10 +67,3 @@ en-CA:
default: "%a, %d %b %Y %H:%M:%S %z"
long: "%d %B, %Y %H:%M"
short: "%d %b %H:%M"
- devise:
- registrations:
- signed_up: Welcome! You have signed up successfully.
- sessions:
- already_signed_out: Signed out successfully.
- signed_in: Signed in successfully.
- signed_out: Signed out successfully.
diff --git a/config/locales/localization.fr-CA.yml b/config/locales/localization.fr-CA.yml
index 2d80ac843e..00513632f1 100644
--- a/config/locales/localization.fr-CA.yml
+++ b/config/locales/localization.fr-CA.yml
@@ -90,10 +90,3 @@ fr-CA:
spree:
date_picker:
first_day: 0
- devise:
- registrations:
- signed_up: Bienvenue ! Vous vous êtes enregistré(e) avec succès.
- sessions:
- already_signed_out: Déconnecté(e).
- signed_in: Connecté(e) avec succès.
- signed_out: Déconnecté(e) avec succès.
diff --git a/config/locales/translation.en-CA.yml b/config/locales/translation.en-CA.yml
index f6b002c8bd..9d4b63f736 100644
--- a/config/locales/translation.en-CA.yml
+++ b/config/locales/translation.en-CA.yml
@@ -128,11 +128,27 @@ en-CA:
activerecord:
errors:
messages:
- complexity: "complexity requirement not met."
record_invalid: 'Validation failed: %{errors}'
restrict_dependent_destroy:
has_one: Cannot delete record because a dependent %{record} exists
has_many: Cannot delete record because dependent %{record} exist
+ complexity: complexity requirement not met.
+ models:
+ doorkeeper/application:
+ attributes:
+ redirect_uri:
+ fragment_present: cannot contain a fragment.
+ invalid_uri: must be a valid URI.
+ unspecified_scheme: must specify a scheme.
+ relative_uri: must be an absolute URI.
+ secured_uri: must be an HTTPS/SSL URI.
+ forbidden_uri: is forbidden by the server.
+ scopes:
+ not_match_configured: doesn't match configured on the server.
+ attributes:
+ doorkeeper/application:
+ name: Name
+ redirect_uri: Redirect URI
datetime:
distance_in_words:
half_a_minute: half a minute
@@ -343,3 +359,140 @@ en-CA:
previous: "‹ Prev"
next: Next ›
truncate: "…"
+ doorkeeper:
+ applications:
+ confirmations:
+ destroy: Are you sure?
+ buttons:
+ edit: Edit
+ destroy: Destroy
+ submit: Submit
+ cancel: Cancel
+ authorize: Authorize
+ form:
+ error: Whoops! Check your form for possible errors
+ help:
+ confidential: Application will be used where the client secret can be kept
+ confidential. Native mobile apps and Single Page Apps are considered non-confidential.
+ redirect_uri: Use one line per URI
+ blank_redirect_uri: Leave it blank if you configured your provider to use
+ Client Credentials, Resource Owner Password Credentials or any other grant
+ type that doesn't require redirect URI.
+ scopes: Separate scopes with spaces. Leave blank to use the default scopes.
+ edit:
+ title: Edit application
+ index:
+ title: Your applications
+ new: New Application
+ name: Name
+ callback_url: Callback URL
+ confidential: Confidential?
+ actions: Actions
+ confidentiality:
+ 'yes': 'Yes'
+ 'no': 'No'
+ new:
+ title: New Application
+ show:
+ title: 'Application: %{name}'
+ application_id: Application UID
+ secret: Secret
+ secret_hashed:
+ scopes: Scopes
+ confidential: Confidential
+ callback_urls: Callback urls
+ actions: Actions
+ not_defined:
+ authorizations:
+ buttons:
+ authorize: Authorize
+ deny: Deny
+ error:
+ title: An error has occurred
+ new:
+ title: Authorization required
+ prompt: Authorize %{client_name} to use your account?
+ able_to: This application will be able to
+ show:
+ title: Authorization code
+ form_post:
+ title:
+ authorized_applications:
+ confirmations:
+ revoke: Are you sure?
+ buttons:
+ revoke: Revoke
+ index:
+ title: Your authorized applications
+ application: Application
+ created_at: Created At
+ date_format: "%Y-%m-%d %H:%M:%S"
+ pre_authorization:
+ status: Pre-authorization
+ errors:
+ messages:
+ invalid_request:
+ unknown: The request is missing a required parameter, includes an unsupported
+ parameter value, or is otherwise malformed.
+ missing_param: 'Missing required parameter: %{value}.'
+ request_not_authorized: Request need to be authorized. Required parameter
+ for authorizing request is missing or invalid.
+ invalid_code_challenge:
+ invalid_redirect_uri: The requested redirect uri is malformed or doesn't match
+ client redirect URI.
+ unauthorized_client: The client is not authorized to perform this request
+ using this method.
+ access_denied: The resource owner or authorization server denied the request.
+ invalid_scope: The requested scope is invalid, unknown, or malformed.
+ invalid_code_challenge_method:
+ zero:
+ one:
+ other:
+ server_error: The authorization server encountered an unexpected condition
+ which prevented it from fulfilling the request.
+ temporarily_unavailable: The authorization server is currently unable to handle
+ the request due to a temporary overloading or maintenance of the server.
+ credential_flow_not_configured: Resource Owner Password Credentials flow failed
+ due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.
+ resource_owner_authenticator_not_configured: Resource Owner find failed due
+ to Doorkeeper.configure.resource_owner_authenticator being unconfigured.
+ admin_authenticator_not_configured: Access to admin panel is forbidden due
+ to Doorkeeper.configure.admin_authenticator being unconfigured.
+ unsupported_response_type: The authorization server does not support this
+ response type.
+ unsupported_response_mode:
+ invalid_client: Client authentication failed due to unknown client, no client
+ authentication included, or unsupported authentication method.
+ invalid_grant: The provided authorization grant is invalid, expired, revoked,
+ does not match the redirection URI used in the authorization request, or
+ was issued to another client.
+ unsupported_grant_type: The authorization grant type is not supported by the
+ authorization server.
+ invalid_token:
+ revoked: The access token was revoked
+ expired: The access token expired
+ unknown: The access token is invalid
+ revoke:
+ unauthorized: You are not authorized to revoke this token
+ forbidden_token:
+ missing_scope:
+ flash:
+ applications:
+ create:
+ notice: Application created.
+ destroy:
+ notice: Application deleted.
+ update:
+ notice: Application updated.
+ authorized_applications:
+ destroy:
+ notice: Application revoked.
+ layouts:
+ admin:
+ title: Doorkeeper
+ nav:
+ oauth2_provider: OAuth2 Provider
+ applications: Applications
+ home: Home
+ application:
+ title: OAuth authorization required
diff --git a/config/locales/translation.fr-CA.yml b/config/locales/translation.fr-CA.yml
index 8d72ae013e..54505d4a93 100644
--- a/config/locales/translation.fr-CA.yml
+++ b/config/locales/translation.fr-CA.yml
@@ -136,13 +136,29 @@ fr-CA:
activerecord:
errors:
messages:
- complexity: ' Le mot de passe ne respecte pas les exigences de complexité.'
record_invalid: 'La validation a échoué : %{errors}'
restrict_dependent_destroy:
has_one: Vous ne pouvez pas supprimer l'enregistrement car un(e) %{record}
dépendant(e) existe
has_many: Vous ne pouvez pas supprimer l'enregistrement parce que les %{record}
dépendants existent
+ complexity: " Le mot de passe ne respecte pas les exigences de complexité."
+ models:
+ doorkeeper/application:
+ attributes:
+ redirect_uri:
+ fragment_present: ne peut contenir un fragment.
+ invalid_uri: doit être une URL valide.
+ unspecified_scheme: doit spécifier un schéma.
+ relative_uri: doit être une URL absolue.
+ secured_uri: doit être une URL HTTP/SSL.
+ forbidden_uri: est interdit par le serveur.
+ scopes:
+ not_match_configured: doesn't match configured on the server.
+ attributes:
+ doorkeeper/application:
+ name: Nom
+ redirect_uri: L'URL de redirection
datetime:
distance_in_words:
half_a_minute: une demi-minute
@@ -365,3 +381,148 @@ fr-CA:
previous: "‹ précédent(e)"
next: "› suivant(e)"
truncate: "…"
+ doorkeeper:
+ applications:
+ confirmations:
+ destroy: Êtes-vous certain?
+ buttons:
+ edit: Modifier
+ destroy: Supprimer
+ submit: Envoyer
+ cancel: Annuler
+ authorize: Autoriser
+ form:
+ error: Oups! Vérifier votre formulaire pour des erreurs possibles
+ help:
+ confidential: |
+ L'application sera utilisée quand la confidentialité du secret pourra
+ être maintenue. Les application mobile native, et les Applications
+ mono-page ne sont pas considérées comme sûr.
+ redirect_uri: Utiliser une ligne par URL
+ blank_redirect_uri: Leave it blank if you configured your provider to use
+ Client Credentials, Resource Owner Password Credentials or any other grant
+ type that doesn't require redirect URI.
+ scopes: Utilisez un espace entre chaque portée. Laissez vide pour utiliser
+ la portée par defaut
+ edit:
+ title: Modifier l'application
+ index:
+ title: Vos applications
+ new: Nouvelle application
+ name: Nom
+ callback_url: URL de retour d'appel
+ confidential: Confidential?
+ actions: Actions
+ confidentiality:
+ 'yes': Oui
+ 'no': Non
+ new:
+ title: Nouvelle application
+ show:
+ title: 'Application : %{name}'
+ application_id: ID de l'application
+ secret: Secret
+ secret_hashed:
+ scopes: Portées
+ confidential: Confidential
+ callback_urls: URL du retour d'appel
+ actions: Actions
+ not_defined:
+ authorizations:
+ buttons:
+ authorize: Autoriser
+ deny: Refuser
+ error:
+ title: Une erreur est survenue
+ new:
+ title: Autorisation requise
+ prompt: Autorisez %{client_name} à utiliser votre compte?
+ able_to: Cette application pourra
+ show:
+ title: Code d'autorisation
+ form_post:
+ title:
+ authorized_applications:
+ confirmations:
+ revoke: Êtes-vous certain?
+ buttons:
+ revoke: Annuler
+ index:
+ title: Vos applications autorisées
+ application: Application
+ created_at: Créé le
+ date_format: "%Y-%m-%d %H:%M:%S"
+ pre_authorization:
+ status: Pre-authorization
+ errors:
+ messages:
+ invalid_request:
+ unknown: La demande manque un paramètre requis, inclut une valeur de paramètre
+ non prise en charge, ou est autrement mal formée.
+ missing_param: 'Missing required parameter: %{value}.'
+ request_not_authorized: Request need to be authorized. Required parameter
+ for authorizing request is missing or invalid.
+ invalid_code_challenge:
+ invalid_redirect_uri: L'URL de redirection n'est pas valide.
+ unauthorized_client: Le client n'est pas autorisé à effectuer cette demande
+ à l'aide de cette méthode.
+ access_denied: Le propriétaire de la ressource ou le serveur d'autorisation
+ a refusé la demande.
+ invalid_scope: Le scope demandé n'est pas valide, est inconnu, ou est mal
+ formé.
+ invalid_code_challenge_method:
+ zero:
+ one:
+ other:
+ server_error: Le serveur d'autorisation a rencontré une condition inattendue
+ qui l'a empêché de remplir la demande.
+ temporarily_unavailable: Le serveur d'autorisation est actuellement incapable
+ de traiter la demande à cause d'une surcharge ou d'un entretien temporaire
+ du serveur.
+ credential_flow_not_configured: Le flux des identifiants du mot de passe du
+ propriétaire de la ressource a échoué en raison de Doorkeeper.configure.resource_owner_from_credentials
+ n'est pas configuré.
+ resource_owner_authenticator_not_configured: La recherche du propriétaire
+ de la ressource a échoué en raison de Doorkeeper.configure.resource_owner_authenticator
+ n'est pas configuré.
+ admin_authenticator_not_configured: Access to admin panel is forbidden due
+ to Doorkeeper.configure.admin_authenticator being unconfigured.
+ unsupported_response_type: Le serveur d'autorisation ne prend pas en charge
+ ce type de réponse.
+ unsupported_response_mode:
+ invalid_client: L'authentification du client a échoué à cause d'un client
+ inconnu, d'aucune authentification de client incluse, ou d'une méthode d'authentification
+ non prise en charge.
+ invalid_grant: Le consentement d'autorisation accordé n'est pas valide, a
+ expiré, est annulé, ne concorde pas avec l'URL de redirection utilisée dans
+ la demande d'autorisation, ou a été émis à un autre client.
+ unsupported_grant_type: Le type de consentement d'autorisation n'est pas pris
+ en charge par le serveur d'autorisation.
+ invalid_token:
+ revoked: Le jeton d'accès a été annulé
+ expired: Le jeton d'accès a expiré
+ unknown: Le jeton d'accès n'est pas valide
+ revoke:
+ unauthorized: Vous n'êtes pas autorisé à révoquer ce jeton
+ forbidden_token:
+ missing_scope:
+ flash:
+ applications:
+ create:
+ notice: Application créée.
+ destroy:
+ notice: Application supprimée.
+ update:
+ notice: Application mise à jour.
+ authorized_applications:
+ destroy:
+ notice: Application annulée.
+ layouts:
+ admin:
+ title: Doorkeeper
+ nav:
+ oauth2_provider: Fournisseur OAuth2
+ applications: Applications
+ home: Home
+ application:
+ title: Autorisation OAuth requise
diff --git a/config/routes.rb b/config/routes.rb
index daf0d3e1a7..0991ecb08d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -2,6 +2,7 @@
# rubocop:disable Metrics/BlockLength
Rails.application.routes.draw do
+ use_doorkeeper
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
devise_for(:users, controllers: {
@@ -208,6 +209,15 @@
namespace :ca_dashboard do
resources :stats, only: [:index]
end
+
+ namespace :v2 do
+ get :heartbeat, controller: :base_api
+ get :me, controller: :base_api
+
+ resources :plans, only: %i[index show]
+ resources :templates, only: :index
+ resource :internal_user_access_token, only: :create, defaults: { format: :js }
+ end
end
namespace :paginable do
diff --git a/db/migrate/20260211183556_create_doorkeeper_tables.rb b/db/migrate/20260211183556_create_doorkeeper_tables.rb
new file mode 100644
index 0000000000..4dd60d10bf
--- /dev/null
+++ b/db/migrate/20260211183556_create_doorkeeper_tables.rb
@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+class CreateDoorkeeperTables < ActiveRecord::Migration[6.1]
+ def change
+ create_table :oauth_applications do |t|
+ t.string :name, null: false
+ t.string :uid, null: false
+ # Remove `null: false` or use conditional constraint if you are planning to use public clients.
+ t.string :secret, null: false
+
+ # Remove `null: false` if you are planning to use grant flows
+ # that doesn't require redirect URI to be used during authorization
+ # like Client Credentials flow or Resource Owner Password.
+ t.text :redirect_uri, null: false
+ t.string :scopes, null: false, default: ''
+ t.boolean :confidential, null: false, default: true
+ t.timestamps null: false
+ end
+
+ add_index :oauth_applications, :uid, unique: true
+
+ create_table :oauth_access_grants do |t|
+ t.references :resource_owner, null: false
+ t.references :application, null: false
+ t.string :token, null: false
+ t.integer :expires_in, null: false
+ t.text :redirect_uri, null: false
+ t.string :scopes, null: false, default: ''
+ t.datetime :created_at, null: false
+ t.datetime :revoked_at
+ end
+
+ add_index :oauth_access_grants, :token, unique: true
+ add_foreign_key(
+ :oauth_access_grants,
+ :oauth_applications,
+ column: :application_id
+ )
+
+ create_table :oauth_access_tokens do |t|
+ t.references :resource_owner, index: true
+
+ # Remove `null: false` if you are planning to use Password
+ # Credentials Grant flow that doesn't require an application.
+ t.references :application, null: false
+
+ # If you use a custom token generator you may need to change this column
+ # from string to text, so that it accepts tokens larger than 255
+ # characters. More info on custom token generators in:
+ # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+ #
+ # t.text :token, null: false
+ t.string :token, null: false
+
+ t.string :refresh_token
+ t.integer :expires_in
+ t.string :scopes
+ t.datetime :created_at, null: false
+ t.datetime :revoked_at
+
+ # The authorization server MAY issue a new refresh token, in which case
+ # *the client MUST discard the old refresh token* and replace it with the
+ # new refresh token. The authorization server MAY revoke the old
+ # refresh token after issuing a new refresh token to the client.
+ # @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+ #
+ # Doorkeeper implementation: if there is a `previous_refresh_token` column,
+ # refresh tokens will be revoked after a related access token is used.
+ # If there is no `previous_refresh_token` column, previous tokens are
+ # revoked as soon as a new access token is created.
+ #
+ # Comment out this line if you want refresh tokens to be instantly
+ # revoked after use.
+ t.string :previous_refresh_token, null: false, default: ""
+ end
+
+ add_index :oauth_access_tokens, :token, unique: true
+
+ # See https://github.com/doorkeeper-gem/doorkeeper/issues/1592
+ if ActiveRecord::Base.connection.adapter_name == "SQLServer"
+ execute <<~SQL.squish
+ CREATE UNIQUE NONCLUSTERED INDEX index_oauth_access_tokens_on_refresh_token ON oauth_access_tokens(refresh_token)
+ WHERE refresh_token IS NOT NULL
+ SQL
+ else
+ add_index :oauth_access_tokens, :refresh_token, unique: true
+ end
+
+ add_foreign_key(
+ :oauth_access_tokens,
+ :oauth_applications,
+ column: :application_id
+ )
+
+ # Uncomment below to ensure a valid reference to the resource owner's table
+ add_foreign_key :oauth_access_grants, :users, column: :resource_owner_id
+ add_foreign_key :oauth_access_tokens, :users, column: :resource_owner_id
+ end
+end
diff --git a/db/migrate/20260219200258_allow_null_redirect_uri_in_oauth_applications.rb b/db/migrate/20260219200258_allow_null_redirect_uri_in_oauth_applications.rb
new file mode 100644
index 0000000000..1c67c7cf1d
--- /dev/null
+++ b/db/migrate/20260219200258_allow_null_redirect_uri_in_oauth_applications.rb
@@ -0,0 +1,9 @@
+class AllowNullRedirectUriInOauthApplications < ActiveRecord::Migration[6.1]
+ def change
+ # We currently have `allow_blank_redirect_uri true` in
+ # `config/initializers/doorkeeper.rb`. Removing the NOT NULL constraint
+ # allows us to save OAuthApplications with blank redirect_uri values
+ # https://github.com/doorkeeper-gem/doorkeeper/wiki/Allow-blank-redirect-URI-for-Applications
+ change_column_null :oauth_applications, :redirect_uri, true
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 466b1fbda9..fdd8b29448 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2024_08_20_190548) do
+ActiveRecord::Schema.define(version: 2026_02_19_200258) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
@@ -315,6 +315,48 @@
t.boolean "enabled", default: true
end
+ create_table "oauth_access_grants", force: :cascade do |t|
+ t.bigint "resource_owner_id", null: false
+ t.bigint "application_id", null: false
+ t.string "token", null: false
+ t.integer "expires_in", null: false
+ t.text "redirect_uri", null: false
+ t.string "scopes", default: "", null: false
+ t.datetime "created_at", null: false
+ t.datetime "revoked_at"
+ t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
+ t.index ["resource_owner_id"], name: "index_oauth_access_grants_on_resource_owner_id"
+ t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
+ end
+
+ create_table "oauth_access_tokens", force: :cascade do |t|
+ t.bigint "resource_owner_id"
+ t.bigint "application_id", null: false
+ t.string "token", null: false
+ t.string "refresh_token"
+ t.integer "expires_in"
+ t.string "scopes"
+ t.datetime "created_at", null: false
+ t.datetime "revoked_at"
+ t.string "previous_refresh_token", default: "", null: false
+ t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
+ t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
+ t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
+ t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
+ end
+
+ create_table "oauth_applications", force: :cascade do |t|
+ t.string "name", null: false
+ t.string "uid", null: false
+ t.string "secret", null: false
+ t.text "redirect_uri"
+ t.string "scopes", default: "", null: false
+ t.boolean "confidential", default: true, null: false
+ t.datetime "created_at", precision: 6, null: false
+ t.datetime "updated_at", precision: 6, null: false
+ t.index ["uid"], name: "index_oauth_applications_on_uid", unique: true
+ end
+
create_table "option_warnings", id: :serial, force: :cascade do |t|
t.integer "organisation_id"
t.integer "option_id"
@@ -879,6 +921,10 @@
add_foreign_key "notes", "users"
add_foreign_key "notification_acknowledgements", "notifications"
add_foreign_key "notification_acknowledgements", "users"
+ add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
+ add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
+ add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
+ add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
add_foreign_key "org_token_permissions", "orgs"
add_foreign_key "org_token_permissions", "token_permission_types"
add_foreign_key "orgs", "languages"
diff --git a/lib/tasks/doorkeeper.rake b/lib/tasks/doorkeeper.rake
new file mode 100644
index 0000000000..60b279eb71
--- /dev/null
+++ b/lib/tasks/doorkeeper.rake
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+namespace :doorkeeper do
+ desc 'Ensure internal OAuth application exists'
+ task ensure_internal_app: :environment do
+ app = Doorkeeper::Application.find_or_create_by!(
+ name: Rails.application.config.x.application.internal_oauth_app_name
+ ) do |a|
+ a.scopes = 'read'
+ a.confidential = true
+ end
+
+ puts "Internal OAuth app ready (id=#{app.id}, uid=#{app.uid})"
+ end
+end
diff --git a/spec/factories/identifier_schemes.rb b/spec/factories/identifier_schemes.rb
index d9e3de64bb..03b1e38726 100644
--- a/spec/factories/identifier_schemes.rb
+++ b/spec/factories/identifier_schemes.rb
@@ -38,5 +38,19 @@
description { 'CILogon' }
identifier_prefix { 'https://www.cilogon.org/' }
end
+
+ %i[
+ authentication
+ orgs
+ plans
+ users
+ contributors
+ identification
+ research_outputs
+ ].each do |context|
+ trait :"for_#{context}" do
+ add_attribute(:"for_#{context}") { true }
+ end
+ end
end
end
diff --git a/spec/factories/oauth_access_grants.rb b/spec/factories/oauth_access_grants.rb
new file mode 100644
index 0000000000..2cd8dc8875
--- /dev/null
+++ b/spec/factories/oauth_access_grants.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: oauth_access_grants
+#
+# id :integer not null, primary key
+# resource_owner_id :integer not null
+# application_id :integer not null
+# token :string not null
+# expires_in :integer
+# revoked_at :datetime
+# created_at :datetime not null
+# scopes :string not null
+#
+# Indexes
+#
+# index_oauth_access_grants_on_token (token)
+#
+# Foreign Keys
+#
+# fk_rails_... (resource_owner_id => users.id)
+# fk_rails_... (application_id => oauth_applications.id)
+
+FactoryBot.define do
+ factory :oauth_access_grant, class: 'doorkeeper/access_grant' do
+ token { SecureRandom.uuid }
+ expires_in { Faker::Number.number(digits: 8) }
+ scopes { Doorkeeper.config.default_scopes + Doorkeeper.config.optional_scopes }
+ redirect_uri { Faker::Internet.url }
+
+ trait :revoked do
+ revoked_at { 2.hours.ago }
+ end
+ end
+end
diff --git a/spec/factories/oauth_access_tokens.rb b/spec/factories/oauth_access_tokens.rb
new file mode 100644
index 0000000000..aa94d6b373
--- /dev/null
+++ b/spec/factories/oauth_access_tokens.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: oauth_access_tokens
+#
+# id :integer not null, primary key
+# resource_owner_id :integer not null
+# application_id :integer not null
+# token :string not null
+# refresh_token :string
+# expires_in :integer
+# revoked_at :datetime
+# created_at :datetime not null
+# scopes :string not null
+# previous_refresh_token :string
+#
+# Indexes
+#
+# index_oauth_access_tokens_on_token (token)
+#
+# Foreign Keys
+#
+# fk_rails_... (resource_owner_id => users.id)
+# fk_rails_... (application_id => oauth_applications.id)
+
+FactoryBot.define do
+ factory :oauth_access_token, class: 'doorkeeper/access_token' do
+ token { SecureRandom.uuid }
+ refresh_token { SecureRandom.uuid }
+ expires_in { Faker::Number.number(digits: 8) }
+ scopes { Doorkeeper.config.default_scopes + Doorkeeper.config.optional_scopes }
+
+ trait :revoked do
+ revoked_at { 2.hours.ago }
+ end
+ end
+end
diff --git a/spec/factories/oauth_applications.rb b/spec/factories/oauth_applications.rb
new file mode 100644
index 0000000000..469dd66269
--- /dev/null
+++ b/spec/factories/oauth_applications.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: oauth_application
+#
+# id: :integer
+# name: :string
+# uid: :string
+# secret: :string
+# redirect_uri: :text
+# scopes: :string
+# confidential: :boolean
+# created_at: :datetime
+# updated_at: :datetime
+
+FactoryBot.define do
+ factory :oauth_application, class: 'doorkeeper/application' do
+ name { Faker::Lorem.unique.word }
+ uid { SecureRandom.uuid }
+ secret { SecureRandom.uuid }
+ redirect_uri { "https://#{Faker::Internet.unique.domain_name}/callback" }
+ scopes { 'read' }
+ end
+end
diff --git a/spec/factories/research_domains.rb b/spec/factories/research_domains.rb
index 7d4017f924..23049903be 100644
--- a/spec/factories/research_domains.rb
+++ b/spec/factories/research_domains.rb
@@ -23,6 +23,5 @@
factory :research_domain do
identifier { SecureRandom.uuid }
label { Faker::Lorem.unique.word }
- uri { Faker::Internet.url }
end
end
diff --git a/spec/requests/api/v2/internal_user_access_tokens_controller_spec.rb b/spec/requests/api/v2/internal_user_access_tokens_controller_spec.rb
new file mode 100644
index 0000000000..3a59becfb3
--- /dev/null
+++ b/spec/requests/api/v2/internal_user_access_tokens_controller_spec.rb
@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::V2::InternalUserAccessTokensController do
+ let(:user) { create(:user) }
+ let(:app_name) { Rails.application.config.x.application.internal_oauth_app_name }
+ let!(:oauth_app) { create(:oauth_application, name: app_name) }
+
+ describe 'POST #create' do
+ def post_create_token
+ post api_v2_internal_user_access_token_path
+ end
+
+ context 'when user is not authenticated' do
+ # In production, CSRF protection would reject the request with a 422 error
+ # before it reaches Pundit. However, RSpec bypasses CSRF checks, so this
+ # test verifies that Pundit raises NotDefinedError when authorize is called
+ # with nil. This error won't occur in production due to CSRF protection.
+ it 'raises Pundit::NotDefinedError and does not create a token' do
+ expect do
+ expect do
+ post_create_token
+ end.to raise_error(Pundit::NotDefinedError)
+ end.not_to change { Doorkeeper::AccessToken.count }
+ end
+ end
+
+ context 'when user is authenticated' do
+ before { sign_in(user) }
+
+ it 'rotates the user token' do
+ post_create_token
+
+ expect(response).to have_http_status(:ok)
+ end
+
+ it 'creates a new token' do
+ expect do
+ post_create_token
+ end.to change { Doorkeeper::AccessToken.count }.by(1)
+ end
+
+ it 'assigns the plaintext token' do
+ post_create_token
+
+ expect(assigns(:v2_token)).to be_a(String)
+ expect(assigns(:v2_token)).not_to be_blank
+ end
+
+ it 'renders the refresh_token template' do
+ post_create_token
+
+ expect(response).to render_template('users/refresh_token')
+ end
+
+ context 'when a token already exists' do
+ let!(:old_token) do
+ create(:oauth_access_token, application: oauth_app, resource_owner_id: user.id, scopes: 'read')
+ end
+
+ it 'revokes the old token' do
+ post_create_token
+
+ old_token.reload
+ expect(old_token.revoked_at).not_to be_nil
+ end
+
+ it 'creates a new token' do
+ post_create_token
+
+ new_token = assigns(:token)
+ expect(new_token).not_to eq(old_token)
+ end
+ end
+ end
+
+ context 'when the internal OAuth application is missing' do
+ before do
+ sign_in(user)
+ oauth_app.destroy
+ end
+
+ it 'raises a StandardError' do
+ expect do
+ post_create_token
+ end.to raise_error(StandardError, /not found/)
+ end
+ end
+ end
+end
diff --git a/spec/requests/api/v2/plans_controller_spec.rb b/spec/requests/api/v2/plans_controller_spec.rb
new file mode 100644
index 0000000000..dc528ca179
--- /dev/null
+++ b/spec/requests/api/v2/plans_controller_spec.rb
@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::V2::PlansController do
+ include ApiHelper
+ include Mocks::ApiV2JsonSamples
+ include Webmocks
+ include IdentifierHelper
+
+ context 'OAuth (authorization_code grant type) — on behalf of a user' do
+ before do
+ @user = create(:user)
+ @client = create(:oauth_application)
+ token = mock_authorization_code_token(oauth_application: @client, user: @user).plaintext_token
+
+ @headers = {
+ Accept: 'application/json',
+ 'Content-Type': 'application/json',
+ Authorization: "Bearer #{token}"
+ }
+ end
+
+ def fetch_plans_json_response
+ get(api_v2_plans_path, headers: @headers)
+ expect(response).to render_template('api/v2/_standard_response')
+ expect(response).to render_template('api/v2/plans/index')
+ JSON.parse(response.body).with_indifferent_access
+ end
+
+ describe 'GET /api/v2/plans (index)' do
+ context 'an invalid API token is included' do
+ it 'returns a 401 and the expected Oauth 2.0 headers' do
+ # Swap actual token with a random string
+ @headers['Authorization'] = "Bearer #{SecureRandom.uuid}"
+ get(api_v2_plans_path, headers: @headers)
+
+ expect(response.code).to eql('401')
+ expect(response.body).to be_empty
+
+ # Expect Doorkeeper to return the standard OAuth 2.0 WWW-Authenticate header for invalid tokens
+ expect(response.headers['WWW-Authenticate']).to match(
+ /Bearer realm="Doorkeeper", error="invalid_token", error_description="The access token is invalid"/
+ )
+ end
+ end
+
+ context 'a valid API token is included' do
+ let(:json) { fetch_plans_json_response }
+ it 'returns a 200 and the expected response body' do
+ # Items array is empty
+ expect(json[:items]).to eq([])
+
+ # total_items reflects that nothing is returned
+ expect(json[:total_items]).to eq(0)
+
+ # Status code and message are correct
+ expect(json[:code]).to eq(200)
+ expect(json[:message]).to eq('OK')
+
+ # Application and source are present and sensible
+ expect(json[:application]).to eq(ApplicationService.application_name)
+ expect(json[:source]).to eq('GET /api/v2/plans')
+
+ # Time is present and parseable
+ expect { Time.iso8601(json[:time]) }.not_to raise_error
+
+ # Caller is included
+ expect(json[:caller]).to eq(@client.name)
+ end
+
+ it 'returns an empty array if no plans are available' do
+ # Items array is empty
+ expect(json[:items]).to eq([])
+
+ # total_items reflects that nothing is returned
+ expect(json[:total_items]).to eq(0)
+ end
+
+ it 'returns the expected plans' do
+ # See `app/policies/api/v2/plans_policy.rb for plans included/excluded via `GET api/v2/plans`
+
+ # Create the included plans
+ included_plans = [create(:plan, org: @user.org), create(:plan)]
+ included_plans[0].add_user!(@user.id, :creator)
+ # Add multiple roles for testing (ensure duplicate plans will not returned)
+ included_plans[1].add_user!(@user.id, :editor)
+ included_plans[1].add_user!(@user.id, :commenter)
+
+ # Created the excluded plans
+ create(:plan, :creator, org: @user.org)
+ inactive_plan = create(:plan, :creator)
+ inactive_plan.add_user!(@user.id, :editor)
+ Role.where(plan_id: inactive_plan.id, user_id: @user.id).update(active: false)
+
+ expect(json[:items].length).to be(included_plans.length)
+
+ # Api::V2::PlanPresenter.identifier uses api_v2_plan_url(@plan) to set the "identifier".
+ # That url is constructed using `request.host` / "www.example.com"
+ # api_v2_plan_url(@plan) within this test will construct the url via
+ # default_url_options[:host] / "example.org"
+ # Because the urls are misaligned, we will only compare the paths here.
+ # TODO: Consider aligning default_url_options[:host] (in test.rb) with `request.host`
+ returned_identifiers = json[:items].map { |item| item[:dmp][:dmp_id][:identifier] }
+ returned_paths = returned_identifiers.map { |url| URI(url).path }
+ expected_paths = included_plans.map { |plan| api_v2_plan_path(plan) }
+ expect(returned_paths).to eq(expected_paths)
+ end
+
+ it 'allows for paging' do
+ original_page_size = Rails.configuration.x.application.api_max_page_size
+ Rails.configuration.x.application.api_max_page_size = 10
+
+ create_list(:plan, 11, :publicly_visible) do |plan|
+ plan.add_user!(@user.id, :commenter)
+ end
+ json = fetch_plans_json_response
+
+ test_paging(json: json, headers: @headers)
+
+ Rails.configuration.x.application.api_max_page_size = original_page_size
+ end
+ end
+ end
+ end
+end
diff --git a/spec/requests/api/v2/templates_controller_spec.rb b/spec/requests/api/v2/templates_controller_spec.rb
new file mode 100644
index 0000000000..e84825ae51
--- /dev/null
+++ b/spec/requests/api/v2/templates_controller_spec.rb
@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::V2::TemplatesController do
+ include ApiHelper
+
+ before do
+ @user = create(:user)
+ @client = create(:oauth_application)
+ token = mock_authorization_code_token(oauth_application: @client, user: @user).plaintext_token
+
+ @headers = {
+ Accept: 'application/json',
+ 'Content-Type': 'application/json',
+ Authorization: "Bearer #{token}"
+ }
+ end
+
+ def fetch_templates_json_response
+ get(api_v2_templates_path, headers: @headers)
+ expect(response).to render_template('api/v2/_standard_response')
+ expect(response).to render_template('api/v2/templates/index')
+ JSON.parse(response.body).with_indifferent_access
+ end
+
+ describe 'GET /api/v2/templates (index)' do
+ context 'an invalid API token is included' do
+ it 'returns 401 if the token is invalid' do
+ @headers['Authorization'] = "Bearer #{SecureRandom.uuid}"
+ get(api_v2_templates_path, headers: @headers)
+
+ expect(response.code).to eql('401')
+ expect(response.body).to be_empty
+
+ # Expect Doorkeeper to return the standard OAuth 2.0 WWW-Authenticate header for invalid tokens
+ expect(response.headers['WWW-Authenticate']).to match(
+ /Bearer realm="Doorkeeper", error="invalid_token", error_description="The access token is invalid"/
+ )
+ end
+ end
+
+ context 'a valid API token is included' do
+ it 'returns a 200 and the expected response body' do
+ json = fetch_templates_json_response
+
+ # Items array is empty
+ expect(json[:items]).to eq([])
+
+ # total_items reflects that nothing is returned
+ expect(json[:total_items]).to eq(0)
+
+ # Status code and message are correct
+ expect(json[:code]).to eq(200)
+ expect(json[:message]).to eq('OK')
+
+ # Application and source are present and sensible
+ expect(json[:application]).to eq(ApplicationService.application_name)
+ expect(json[:source]).to eq('GET /api/v2/templates')
+
+ # Time is present and parseable
+ expect { Time.iso8601(json[:time]) }.not_to raise_error
+
+ # Caller is included
+ expect(json[:caller]).to eq(@client.name)
+ end
+
+ it 'returns an empty array if no templates are available' do
+ get(api_v2_templates_path, headers: @headers)
+
+ expect(response.code).to eql('200')
+ expect(response).to render_template('api/v2/_standard_response')
+ expect(response).to render_template('api/v2/templates/index')
+
+ json = JSON.parse(response.body).with_indifferent_access
+ expect(json[:items].empty?).to be(true)
+ expect(json[:errors].nil?).to be(true)
+ end
+
+ it 'returns the expected templates' do
+ # See `app/policies/api/v2/templates_policy.rb for templates included/excluded via `GET api/v2/templates`
+
+ # All included templates must be published and are either:
+ # - 1) organisationally_visible and template.org_id == user.org_id
+ # - 2) publicly_visible and customization of == nil
+
+ public_template = create(:template, :publicly_visible, published: true)
+
+ included_templates = [
+ public_template,
+ create(:template, :organisationally_visible, published: true, org: @user.org)
+ ]
+
+ # excluded_templates
+ # unpublished template
+ create(:template, :publicly_visible, published: false, org: @user.org)
+ # organisationally_visible and template.org_id != user.org_id
+ create(:template, :organisationally_visible, published: true)
+ # publicly_visible and customization of != nil
+ create(:template, :publicly_visible, published: true, customization_of: public_template.family_id)
+
+ json = fetch_templates_json_response
+
+ expect(json[:items].length).to be(2)
+ template_ids = json[:items].map { |item| item[:dmp_template][:template_id][:identifier] }
+ expect(template_ids).to match_array(included_templates.map { |t| t.id.to_s })
+ end
+
+ it 'allows for paging' do
+ original_page_size = Rails.configuration.x.application.api_max_page_size
+ Rails.configuration.x.application.api_max_page_size = 10
+ create_list(:template, 11, visibility: 1, published: true)
+ get(api_v2_templates_path, headers: @headers)
+
+ test_paging(json: JSON.parse(response.body), headers: @headers)
+ Rails.configuration.x.application.api_max_page_size = original_page_size
+ end
+ end
+ end
+end
diff --git a/spec/services/api/v2/internal_user_access_token_service_spec.rb b/spec/services/api/v2/internal_user_access_token_service_spec.rb
new file mode 100644
index 0000000000..7455771740
--- /dev/null
+++ b/spec/services/api/v2/internal_user_access_token_service_spec.rb
@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Api::V2::InternalUserAccessTokenService do
+ let(:user) { create(:user) }
+ let(:app_name) { Rails.application.config.x.application.internal_oauth_app_name }
+ let!(:oauth_app) { create(:oauth_application, name: app_name) }
+
+ def create_internal_user_access_token
+ create(:oauth_access_token, application: oauth_app, resource_owner_id: user.id, scopes: 'read')
+ end
+
+ describe '#rotate!' do
+ def rotate_token_expectations(plaintext_token, old_token = nil) # rubocop:disable Metrics/AbcSize
+ # Doorkeeper hashes token via Digest::SHA256
+ hashed = Digest::SHA256.hexdigest(plaintext_token)
+ new_token = Doorkeeper::AccessToken.find_by!(token: hashed)
+ expect(new_token).to be_present
+ expect(new_token.resource_owner_id).to eq(user.id)
+ expect(new_token.revoked_at).to be_nil
+ expect(new_token.scopes.to_s).to include('read')
+ expect(old_token.revoked_at).not_to be_nil if old_token
+ end
+
+ shared_examples 'token rotation' do |has_old_token|
+ it "#{if has_old_token
+ 'revokes the old token and creates a new one'
+ else
+ 'creates a new token'
+ end}
+ (returns plaintext)" do
+ plaintext_token = nil
+ # Ensure .rotate!(user) creates a new AccessToken db entry for user
+ expect { plaintext_token = described_class.rotate!(user) }
+ .to change { Doorkeeper::AccessToken.where(resource_owner_id: user.id).count }
+ .by(1)
+ if has_old_token
+ old_token.reload
+ rotate_token_expectations(plaintext_token, old_token)
+ else
+ rotate_token_expectations(plaintext_token)
+ end
+ end
+ end
+
+ context 'when a token already exists' do
+ let!(:old_token) { create_internal_user_access_token }
+ include_examples 'token rotation', true
+ end
+
+ context 'when no token exists' do
+ include_examples 'token rotation', false
+ end
+ end
+
+ describe '#application_present?' do
+ context 'when the app exists' do
+ it 'returns true' do
+ expect(described_class.application_present?).to be true
+ end
+ end
+
+ context 'when the app does not exist' do
+ before { oauth_app.destroy }
+
+ it 'returns false' do
+ expect(described_class.application_present?).to be false
+ end
+ end
+ end
+end
diff --git a/spec/support/helpers/api.rb b/spec/support/helpers/api.rb
index c87931c12e..2a2398dfe7 100644
--- a/spec/support/helpers/api.rb
+++ b/spec/support/helpers/api.rb
@@ -18,4 +18,44 @@ def mock_authorization_for_user(user: nil)
Api::V1::BaseApiController.any_instance.stubs(:authorize_request).returns(true)
Api::V1::BaseApiController.any_instance.stubs(:client).returns(user)
end
+
+ # API V2+ - Oauth authorization_code grant flow (on behalf of a user)
+ def mock_authorization_code_token(oauth_application: create(:oauth_application), user: create(:user),
+ scopes: 'read')
+ create(:oauth_access_grant, application_id: oauth_application.id, resource_owner_id: user.id, scopes: scopes)
+ create(:oauth_access_token, application: oauth_application, resource_owner_id: user.id, scopes: scopes)
+ end
+
+ # Tests the standard pagination functionality
+ # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+ def test_paging(json: {}, headers: {})
+ json = json.with_indifferent_access
+ original = json[:items].first
+ if json[:next].present?
+ # Move to the next page
+ get(json[:next], headers: headers)
+ expect(response.code).to eql('200')
+ next_json = JSON.parse(response.body).with_indifferent_access
+ expect(next_json[:prev].present?).to be(true)
+ expect(next_json[:items].first).not_to eql(original)
+ # Move back to previous page
+ get(next_json[:prev], headers: headers)
+ expect(response.code).to eql('200')
+ prev_json = JSON.parse(response.body).with_indifferent_access
+ expect(prev_json[:items].first).to eql(original)
+ elsif json[:prev].present?
+ get(json[:prev], headers: headers)
+ expect(response.code).to eql('200')
+ prev_json = JSON.parse(response.body).with_indifferent_access
+ expect(prev_json[:next].present?).to be(true)
+ expect(next_json[:items].first).not_to eql(original)
+ get(prev_json[:next], headers: headers)
+ expect(response.code).to eql('200')
+ next_json = JSON.parse(response.body).with_indifferent_access
+ expect(next_json[:items].first).to eql(original)
+ else
+ raise StandardError, 'Expected to test API pagination but there are not enough items!'
+ end
+ end
+ # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
end
diff --git a/spec/support/mocks/api_v2_json_samples.rb b/spec/support/mocks/api_v2_json_samples.rb
new file mode 100644
index 0000000000..aaec320811
--- /dev/null
+++ b/spec/support/mocks/api_v2_json_samples.rb
@@ -0,0 +1,215 @@
+# frozen_string_literal: true
+
+# Mock JSON submissions
+module Mocks
+ # Disabling rubocop checks here since its basically just large hashes and
+ # would be difficult to read if broken up into multiple smaller functions.
+ # One option might be to store them as .json files and then just load them here
+ # but we would lose the use of Faker
+
+ # rubocop:disable Metrics/ModuleLength, Metrics/MethodLength
+ module ApiV2JsonSamples
+ ROLES = %w[Investigation Project_administration Data_curation].freeze
+
+ def mock_identifier_schemes
+ create(:identifier_scheme, name: 'ror')
+ create(:identifier_scheme, name: 'fundref')
+ create(:identifier_scheme, name: 'orcid')
+ create(:identifier_scheme, name: 'grant')
+ end
+
+ def minimal_update_json
+ {
+ total_items: 1,
+ items: [
+ {
+ dmp: {
+ title: Faker::Lorem.sentence,
+ contact: {
+ mbox: Faker::Internet.email,
+ affiliation: { name: Faker::Movies::StarWars.planet }
+ },
+ dataset: [{
+ title: Faker::Lorem.sentence
+ }],
+ dmp_id: {
+ type: 'doi',
+ identifier: SecureRandom.uuid
+ }
+ }
+ }
+ ]
+ }.to_json
+ end
+
+ def minimal_create_json
+ {
+ dmp: {
+ title: Faker::Lorem.sentence,
+ contact: {
+ mbox: Faker::Internet.email,
+ affiliation: { name: Faker::Movies::StarWars.planet }
+ },
+ dataset: [{
+ title: Faker::Lorem.sentence
+ }],
+ extension: [
+ "#{ApplicationService.application_name.split('-').first}": {
+ template: {
+ id: Template.last.id,
+ title: Faker::Lorem.sentence
+ }
+ }
+ ]
+ }
+ }.to_json
+ end
+
+ # rubocop:disable Metrics/AbcSize
+ def complete_create_json(client: nil)
+ template = create(:template, :published, :publicly_visible)
+ lang = Language.all.pluck(:abbreviation).sample || 'en-UK'
+ ror_scheme = IdentifierScheme.find_or_create_by(name: 'ror')
+ fundref_scheme = IdentifierScheme.find_or_create_by(name: 'fundref')
+ ror = create(:identifier, identifiable: create(:org), identifier_scheme: ror_scheme)
+ fundref = create(:identifier, identifiable: create(:org), identifier_scheme: fundref_scheme)
+
+ contact = {
+ name: [
+ Faker::TvShows::Simpsons.character.split.first,
+ Faker::TvShows::Simpsons.character.split.last
+ ].join(' '),
+ email: Faker::Internet.email,
+ id: SecureRandom.uuid
+ }
+
+ {
+ dmp: {
+ created: 3.months.ago.to_formatted_s(:iso8601),
+ title: Faker::Lorem.sentence,
+ description: Faker::Lorem.paragraph,
+ language: Api::V1::LanguagePresenter.three_char_code(lang: lang),
+ ethical_issues_exist: %w[yes no unknown].sample,
+ ethical_issues_description: Faker::Lorem.paragraph,
+ ethical_issues_report: Faker::Internet.url,
+ dmp_id: {
+ type: client.present? ? client.name.downcase : 'other',
+ identifier: SecureRandom.uuid
+ },
+ contact: {
+ name: contact[:name],
+ mbox: contact[:email],
+ affiliation: {
+ name: ror.identifiable.name,
+ abbreviation: ror.identifiable.abbreviation,
+ region: Faker::Space.planet,
+ affiliation_id: {
+ type: 'ror',
+ identifier: ror.value
+ }
+ },
+ contact_id: {
+ type: 'orcid',
+ identifier: contact[:id]
+ }
+ },
+ contributor: [{
+ role: [
+ 'http://credit.niso.org/contributor-roles/project-administration',
+ 'http://credit.niso.org/contributor-roles/investigation',
+ 'other'
+ ],
+ name: Faker::Movies::StarWars.character,
+ mbox: Faker::Internet.email,
+ affiliation: {
+ name: Faker::Movies::StarWars.planet,
+ abbreviation: Faker::Lorem.word.upcase,
+ affiliation_id: {
+ type: 'ror',
+ identifier: SecureRandom.uuid
+ }
+ },
+ contributor_id: {
+ type: 'orcid',
+ identifier: SecureRandom.uuid
+ }
+ }, {
+ role: [
+ 'http://credit.niso.org/contributor-roles/investigation'
+ ],
+ name: contact[:name],
+ mbox: contact[:email],
+ affiliation: {
+ name: ror.identifiable.name,
+ abbreviation: ror.identifiable.abbreviation,
+ affiliation_id: {
+ type: 'ror',
+ identifier: ror.value
+ }
+ },
+ contributor_id: {
+ type: 'orcid',
+ identifier: contact[:id]
+ }
+ }],
+ project: [{
+ title: Faker::Lorem.sentence,
+ description: Faker::Lorem.paragraph,
+ start: 3.months.from_now.to_formatted_s(:iso8601),
+ end: 2.years.from_now.to_formatted_s(:iso8601),
+ funding: [{
+ name: fundref.identifiable.name,
+ funder_id: {
+ type: 'fundref',
+ identifier: fundref.value
+ },
+ grant_id: {
+ type: 'other',
+ identifier: SecureRandom.uuid
+ },
+ dmproadmap_funding_opportunity_id: {
+ type: 'other',
+ identifier: SecureRandom.uuid
+ },
+ funding_status: %w[planned rejected granted].sample
+ }]
+ }],
+ dataset: [{
+ title: Faker::Lorem.sentence,
+ description: Faker::Lorem.paragraph,
+ personal_data: %w[yes no unknown].sample,
+ sensitive_data: %w[yes no unknown].sample,
+ issued: 6.months.from_now.to_formatted_s(:iso8601),
+ dataset_id: {
+ type: 'url',
+ identifier: Faker::Internet.url
+ },
+ distribution: [{
+ title: Faker::Lorem.sentence,
+ byte_size: Faker::Number.number(digits: 6),
+ data_access: %w[open embargoed restricted closed].sample,
+ host: {
+ title: Faker::Company.name,
+ description: Faker::Lorem.paragraph,
+ url: Faker::Internet.url,
+ dmproadmap_host_id: {
+ type: 'url',
+ identifier: Faker::Internet.url
+ }
+ },
+ license: [
+ {
+ license_ref: 'http://spdx.org/licenses/CC0-1.0.json',
+ start_date: 6.months.from_now.to_formatted_s(:iso8601)
+ }
+ ]
+ }]
+ }],
+ dmproadmap_template: { id: template.family_id, title: template.title }
+ }
+ }.to_json
+ end
+ # rubocop:enable Metrics/AbcSize
+ end
+ # rubocop:enable Metrics/ModuleLength, Metrics/MethodLength
+end
diff --git a/spec/views/api/v2/_standard_response.json_jbuilder_spec.rb b/spec/views/api/v2/_standard_response.json_jbuilder_spec.rb
new file mode 100644
index 0000000000..2758d51d22
--- /dev/null
+++ b/spec/views/api/v2/_standard_response.json_jbuilder_spec.rb
@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/_standard_response.json.jbuilder' do
+ before do
+ @application = Faker::Lorem.word
+ # @caller = Faker::Lorem.word
+ @url = Faker::Internet.url
+ @code = 200
+
+ assign :application, @application
+ # assign :caller, @caller
+
+ @response = OpenStruct.new(status: @code)
+ @request = Net::HTTPGenericRequest.new('GET', nil, nil, @url)
+ end
+
+ describe 'standard response items - Also the same as: GET /heartbeat' do
+ before do
+ render partial: 'api/v2/standard_response',
+ locals: { response: @response, request: @request }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes the :code' do
+ expect(@json[:code]).to eql(@code)
+ end
+
+ it 'includes the :message' do
+ expect(@json[:message]).to eql(Rack::Utils::HTTP_STATUS_CODES[@code])
+ end
+
+ it 'includes the :time' do
+ expect(@json[:time].present?).to be(true)
+ end
+
+ it ':time is in UTC format' do
+ expect(Date.parse(@json[:time]).is_a?(Date)).to be(true)
+ end
+
+ # it 'includes the :caller' do
+ # expect(@json[:caller]).to eql(@caller)
+ # end
+
+ it 'includes the :source' do
+ expect(@json[:source].include?(@url)).to be(true)
+ end
+
+ it 'includes the :total_items' do
+ expect(@json[:total_items]).to be(0)
+ end
+ end
+
+ context 'responses with pagination' do
+ describe 'On the 1st page and there is only one page' do
+ before do
+ assign :page, 1
+ assign :per_page, 3
+
+ render partial: 'api/v2/standard_response',
+ locals: { response: @response, request: @request,
+ total_items: 3 }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'shows the correct page number' do
+ expect(@json[:page]).to be(1)
+ end
+
+ it 'includes the per_page number' do
+ expect(@json[:per_page]).to be(3)
+ end
+
+ it 'includes the :total_items' do
+ expect(@json[:total_items]).to be(3)
+ end
+
+ it "does not show a 'prev' page link" do
+ expect(@json[:prev].present?).to be(false)
+ end
+
+ it "does not show a 'next' page link" do
+ expect(@json[:prev].present?).to be(false)
+ end
+ end
+
+ describe 'On the 1st page and there multiple pages' do
+ before do
+ assign :page, 1
+ assign :per_page, 3
+
+ render partial: 'api/v2/standard_response',
+ locals: { response: @response, request: @request,
+ total_items: 4 }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'shows the correct page number' do
+ expect(@json[:page]).to be(1)
+ end
+
+ it 'includes the per_page number' do
+ expect(@json[:per_page]).to be(3)
+ end
+
+ it 'includes the :total_items' do
+ expect(@json[:total_items]).to be(4)
+ end
+
+ it "does not show a 'prev' page link" do
+ expect(@json[:prev].present?).to be(false)
+ end
+
+ it "does not show a 'next' page link" do
+ expect(@json[:next].present?).to be(true)
+ end
+ end
+
+ describe 'On the 2nd page and there more than 2 pages' do
+ before do
+ assign :page, 2
+ assign :per_page, 3
+
+ render partial: 'api/v2/standard_response',
+ locals: { response: @response, request: @request,
+ total_items: 7 }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'shows the correct page number' do
+ expect(@json[:page]).to be(2)
+ end
+
+ it 'includes the per_page number' do
+ expect(@json[:per_page]).to be(3)
+ end
+
+ it 'includes the :total_items' do
+ expect(@json[:total_items]).to be(7)
+ end
+
+ it "does not show a 'prev' page link" do
+ expect(@json[:prev].present?).to be(true)
+ end
+
+ it "does not show a 'next' page link" do
+ expect(@json[:next].present?).to be(true)
+ end
+ end
+
+ describe 'On the last page' do
+ before do
+ assign :page, 2
+ assign :per_page, 3
+
+ render partial: 'api/v2/standard_response',
+ locals: { response: @response, request: @request,
+ total_items: 5 }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'shows the correct page number' do
+ expect(@json[:page]).to be(2)
+ end
+
+ it 'includes the per_page number' do
+ expect(@json[:per_page]).to be(3)
+ end
+
+ it 'includes the :total_items' do
+ expect(@json[:total_items]).to be(5)
+ end
+
+ it "does not show a 'prev' page link" do
+ expect(@json[:prev].present?).to be(true)
+ end
+
+ it "does not show a 'next' page link" do
+ expect(@json[:next].present?).to be(false)
+ end
+ end
+ end
+end
diff --git a/spec/views/api/v2/contributors/_show.json.jbuilder_spec.rb b/spec/views/api/v2/contributors/_show.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..c2652decaf
--- /dev/null
+++ b/spec/views/api/v2/contributors/_show.json.jbuilder_spec.rb
@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/contributors/_show.json.jbuilder' do
+ before do
+ @plan = create(:plan)
+ scheme = create(:identifier_scheme, name: 'orcid')
+ @contact = create(:contributor, org: create(:org), plan: @plan, roles_count: 0,
+ data_curation: true)
+ @ident = create(:identifier, identifiable: @contact, value: Faker::Lorem.word,
+ identifier_scheme: scheme)
+ @contact.reload
+ end
+
+ describe 'includes all of the Contributor attributes' do
+ before do
+ render partial: 'api/v2/contributors/show', locals: { contributor: @contact }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes the :name' do
+ expect(@json[:name]).to eql(@contact.name)
+ end
+
+ it 'includes the :mbox' do
+ expect(@json[:mbox]).to eql(@contact.email)
+ end
+
+ it 'includes the :role' do
+ expect(@json[:role].first.ends_with?('data-curation')).to be(true)
+ end
+
+ it 'includes :affiliation' do
+ expect(@json[:affiliation][:name]).to eql(@contact.org.name)
+ end
+
+ it 'includes :contributor_id' do
+ expect(@json[:contributor_id][:type]).to eql(@ident.identifier_format)
+ expect(@json[:contributor_id][:identifier]).to eql(@ident.value)
+ end
+
+ it 'ignores non-orcid identifiers :contributor_id' do
+ scheme = create(:identifier_scheme, name: 'shibboleth')
+ create(:identifier, value: Faker::Lorem.word, identifiable: @contact,
+ identifier_scheme: scheme)
+ @contact.reload
+ expect(@json[:contributor_id][:type]).to eql(@ident.identifier_format)
+ expect(@json[:contributor_id][:identifier]).to eql(@ident.value)
+ end
+ end
+
+ describe 'includes all of the Contact attributes' do
+ before do
+ render partial: 'api/v2/contributors/show', locals: { contributor: @contact,
+ is_contact: true }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes the :name' do
+ expect(@json[:name]).to eql(@contact.name)
+ end
+
+ it 'includes the :mbox' do
+ expect(@json[:mbox]).to eql(@contact.email)
+ end
+
+ it 'does NOT include the :role' do
+ expect(@json[:role]).to be_nil
+ end
+
+ it 'includes :affiliation' do
+ expect(@json[:affiliation][:name]).to eql(@contact.org.name)
+ end
+
+ it 'includes :contact_id' do
+ expect(@json[:contact_id][:type]).to eql(@ident.identifier_format)
+ expect(@json[:contact_id][:identifier]).to eql(@ident.value)
+ end
+
+ it 'ignores non-orcid identifiers :contact_id' do
+ scheme = create(:identifier_scheme, name: 'shibboleth')
+ create(:identifier, value: Faker::Lorem.word, identifiable: @contact,
+ identifier_scheme: scheme)
+ @contact.reload
+ expect(@json[:contact_id][:type]).to eql(@ident.identifier_format)
+ expect(@json[:contact_id][:identifier]).to eql(@ident.value)
+ end
+ end
+end
diff --git a/spec/views/api/v2/datasets/_show.json.jbuilder_spec.rb b/spec/views/api/v2/datasets/_show.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..fc1b7d4e7b
--- /dev/null
+++ b/spec/views/api/v2/datasets/_show.json.jbuilder_spec.rb
@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/datasets/_show.json.jbuilder' do
+ context ':output is a ResearchOutput' do
+ describe 'includes all of the dataset attributes' do
+ before do
+ @research_output = create(:research_output, plan: create(:plan))
+ @presenter = Api::V2::ResearchOutputPresenter.new(output: @research_output)
+ end
+
+ describe 'base :dataset attributes' do
+ before do
+ render partial: 'api/v2/datasets/show', locals: { output: @research_output }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes :type' do
+ expect(@json[:type]).to eql(@research_output.output_type)
+ end
+
+ it 'includes :title' do
+ expect(@json[:title]).to eql(@research_output.title)
+ end
+
+ it 'includes :description' do
+ expect(@json[:description]).to eql(@research_output.description)
+ end
+
+ it 'includes :personal_data' do
+ val = Api::V2::ApiPresenter.boolean_to_yes_no_unknown(value: @research_output.personal_data)
+ expect(@json[:personal_data]).to eql(val)
+ end
+
+ it 'includes :sensitive_data' do
+ val = Api::V2::ApiPresenter.boolean_to_yes_no_unknown(value: @research_output.sensitive_data)
+ expect(@json[:sensitive_data]).to eql(val)
+ end
+
+ it 'includes :issued' do
+ expect(@json[:issued]).to eql(@research_output.release_date.to_formatted_s(:iso8601))
+ end
+
+ it 'includes :preservation_statement' do
+ expect(@json[:preservation_statement]).to eql(@presenter.preservation_statement)
+ end
+
+ it 'includes :security_and_privacy' do
+ expect(@json[:security_and_privacy]).to eql(@presenter.security_and_privacy)
+ end
+
+ it 'includes :data_quality_assurance' do
+ expect(@json[:data_quality_assurance]).to eql(@presenter.data_quality_assurance)
+ end
+ end
+
+ describe ':distribution' do
+ before do
+ @repo = @research_output.repositories.first
+ @license = create(:license)
+ @research_output.license_id = @license.id
+
+ render partial: 'api/v2/datasets/show', locals: { output: @research_output }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes :distributions' do
+ expect(@json[:distribution].any?).to be(true)
+ end
+
+ it 'includes :title' do
+ expected = "Anticipated distribution for #{@research_output.title}"
+ expect(@json[:distribution].first[:title]).to eql(expected)
+ end
+
+ it 'includes :byte_size' do
+ expect(@json[:distribution].first[:byte_size]).to eql(@research_output.byte_size)
+ end
+
+ it 'includes :data_access' do
+ expect(@json[:distribution].first[:data_access]).to eql(@research_output.access)
+ end
+
+ it 'includes host[:title]' do
+ expect(@json[:distribution].first[:host][:title]).to eql(@repo.name)
+ end
+
+ it 'includes host[:description]' do
+ expect(@json[:distribution].first[:host][:description]).to eql(@repo.description)
+ end
+
+ it 'includes host[:url]' do
+ expect(@json[:distribution].first[:host][:url]).to eql(@repo.homepage)
+ end
+
+ it 'includes host[:dmproadmap_host_id]' do
+ result = @json[:distribution].first[:host][:dmproadmap_host_id][:identifier]
+ expect(result).to eql(@repo.uri)
+ end
+
+ it 'includes license[:license_ref]' do
+ expect(@json[:distribution].first[:license].first[:license_ref]).to eql(@license.uri)
+ end
+
+ it 'includes license[:start_date]' do
+ expected = @research_output.release_date.to_formatted_s(:iso8601)
+ expect(@json[:distribution].first[:license].first[:start_date]).to eql(expected)
+ end
+ end
+
+ describe ':metadata' do
+ before do
+ @standard = create(:metadata_standard)
+ @research_output.metadata_standards << @standard
+
+ render partial: 'api/v2/datasets/show', locals: { output: @research_output }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes :metadata' do
+ expect(@json[:metadata].any?).to be(true)
+ end
+
+ it 'includes :description' do
+ uri = @standard.uri
+ metadata = @json[:metadata].select { |ms| ms[:metadata_standard_id][:identifier] == uri }
+ expected = "#{@standard.title} - #{@standard.description}"
+ expect(metadata.first[:description].start_with?(expected)).to be(true)
+ expect(metadata.first[:metadata_standard_id].present?).to be(true)
+ expect(metadata.first[:metadata_standard_id][:type]).to eql('url')
+ expect(metadata.first[:metadata_standard_id][:identifier]).to eql(uri)
+ end
+ end
+
+ describe ':technical_resources' do
+ it 'is always an empty array because this has not been implemented' do
+ render partial: 'api/v2/datasets/show', locals: { output: @research_output }
+ @json = JSON.parse(rendered).with_indifferent_access
+ expect(@json[:technical_resource].any?).to be(false)
+ end
+ end
+
+ describe ':keyword' do
+ it 'includes the ResearchDomain' do
+ research_domain = create(:research_domain)
+ @research_output.plan.research_domain_id = research_domain.id
+ render partial: 'api/v2/datasets/show', locals: { output: @research_output }
+ @json = JSON.parse(rendered).with_indifferent_access
+ expect(@json[:keyword].any?).to be(true)
+ expect(@json[:keyword].include?(research_domain.label))
+ expect(@json[:keyword].include?("#{research_domain.identifier} - #{research_domain.label}"))
+ end
+
+ it 'is not included if no ResearchDomain is defined' do
+ render partial: 'api/v2/datasets/show', locals: { output: @research_output }
+ @json = JSON.parse(rendered).with_indifferent_access
+ expect(@json[:keyword].present?).to be(false)
+ end
+ end
+ end
+ end
+
+ context ':output is a Plan' do
+ describe 'includes all of the dataset attributes' do
+ before do
+ @plan = create(:plan)
+ @research_domain = create(:research_domain)
+ @plan.research_domain_id = @research_domain.id
+
+ render partial: 'api/v2/datasets/show', locals: { output: @plan }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes :type' do
+ expect(@json[:type]).to eql('dataset')
+ end
+
+ it 'includes :title' do
+ expect(@json[:title]).to eql('Generic dataset')
+ end
+
+ it 'includes :description' do
+ expect(@json[:description]).to eql('No individual datasets have been defined for this DMP.')
+ end
+
+ describe ':keyword' do
+ it 'includes the ResearchDomain' do
+ expect(@json[:keyword].any?).to be(true)
+ expect(@json[:keyword].include?(@research_domain.label))
+ expect(@json[:keyword].include?("#{@research_domain.identifier} - #{@research_domain.label}"))
+ end
+ end
+ end
+ end
+end
diff --git a/spec/views/api/v2/error.json.jbuilder_spec.rb b/spec/views/api/v2/error.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..ca2337ff6d
--- /dev/null
+++ b/spec/views/api/v2/error.json.jbuilder_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/error.json.jbuilder' do
+ before do
+ @url = Faker::Internet.url
+ @code = [200, 400, 404, 500].sample
+ @errors = [Faker::Lorem.sentence, Faker::Lorem.sentence]
+
+ assign :payload, { message: @errors }
+
+ @resp = OpenStruct.new(status: @code)
+ @req = Net::HTTPGenericRequest.new('GET', nil, nil, @url)
+
+ render template: 'api/v2/error', locals: { response: @resp, request: @req }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ describe 'error responses from controllers' do
+ it 'renders the standard_response partial' do
+ expect(response).to render_template(partial: 'api/v2/_standard_response')
+ end
+
+ it ':errors contains an array of error messages' do
+ expect(@json[:message]).to eql(@errors)
+ end
+ end
+end
diff --git a/spec/views/api/v2/heartbeat.json.jbuilder_spec.rb b/spec/views/api/v2/heartbeat.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..1808117b19
--- /dev/null
+++ b/spec/views/api/v2/heartbeat.json.jbuilder_spec.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/heartbeat.json.jbuilder' do
+ before do
+ render template: 'api/v2/heartbeat', locals: { response: @resp, request: @req }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'renders the _standard_response template' do
+ expect(response).to render_template('api/v2/_standard_response')
+ end
+
+ it ':items array to be empty' do
+ expect(@json[:items]).to eql([])
+ end
+end
diff --git a/spec/views/api/v2/identifiers/_show.json.jbuilder_spec.rb b/spec/views/api/v2/identifiers/_show.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..602169fd75
--- /dev/null
+++ b/spec/views/api/v2/identifiers/_show.json.jbuilder_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/identifiers/_show.json.jbuilder' do
+ before do
+ @scheme = create(:identifier_scheme)
+ @identifier = create(:identifier, value: Faker::Lorem.word,
+ identifier_scheme: @scheme)
+ render partial: 'api/v2/identifiers/show', locals: { identifier: @identifier }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ describe 'includes all of the identifier attributes' do
+ it 'includes :type' do
+ expect(@json[:type]).to eql(@identifier.identifier_format)
+ end
+
+ it 'includes :identifier' do
+ expect(@json[:identifier]).to eql(@identifier.value)
+ end
+ end
+end
diff --git a/spec/views/api/v2/orgs/_show.json.jbuilder_spec.rb b/spec/views/api/v2/orgs/_show.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..5480ae0ee1
--- /dev/null
+++ b/spec/views/api/v2/orgs/_show.json.jbuilder_spec.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/orgs/_show.json.jbuilder' do
+ before do
+ scheme = create(:identifier_scheme, name: 'ror')
+ @org = create(:org)
+ @ident = create(:identifier, value: Faker::Lorem.word, identifiable: @org,
+ identifier_scheme: scheme)
+ @org.reload
+ render partial: 'api/v2/orgs/show', locals: { org: @org }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ describe 'includes all of the org attributes' do
+ it 'includes :name' do
+ expect(@json[:name]).to eql(@org.name)
+ end
+
+ it 'includes :abbreviation' do
+ expect(@json[:abbreviation]).to eql(@org.abbreviation)
+ end
+
+ it 'includes :region' do
+ expect(@json[:region]).to eql(@org.region.abbreviation)
+ end
+
+ it 'includes :affiliation_id' do
+ expect(@json[:affiliation_id][:type]).to eql(@ident.identifier_format)
+ expect(@json[:affiliation_id][:identifier]).to eql(@ident.value)
+ end
+
+ it 'uses the ROR over the FundRef :affiliation_id' do
+ scheme = create(:identifier_scheme, name: 'fundref')
+ create(:identifier, value: Faker::Lorem.word, identifiable: @org,
+ identifier_scheme: scheme)
+ @org.reload
+ expect(@json[:affiliation_id][:type]).to eql(@ident.identifier_format)
+ expect(@json[:affiliation_id][:identifier]).to eql(@ident.value)
+ end
+ end
+end
diff --git a/spec/views/api/v2/plans/_cost.json.jbuilder_spec.rb b/spec/views/api/v2/plans/_cost.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..712e9300e9
--- /dev/null
+++ b/spec/views/api/v2/plans/_cost.json.jbuilder_spec.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/plans/_cost.json.jbuilder' do
+ before do
+ # TODO: Implement this once the Currency question and Cost theme are in place
+ # and the PlanPresenter is extracting the info
+ @cost = {
+ title: Faker::Lorem.sentence,
+ description: Faker::Lorem.paragraph,
+ currency_code: Faker::Currency.code,
+ value: Faker::Number.decimal(l_digits: 2)
+ }.with_indifferent_access
+
+ render partial: 'api/v2/plans/cost', locals: { cost: @cost }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ describe 'includes all of the cost attributes' do
+ it 'includes :title' do
+ expect(@json[:title]).to eql(@cost[:title])
+ end
+
+ it 'includes :description' do
+ expect(@json[:description]).to eql(@cost[:description])
+ end
+
+ it 'includes :currency_code' do
+ expect(@json[:currency_code]).to eql(@cost[:currency_code])
+ end
+
+ it 'includes :value' do
+ expect(@json[:value]).to eql(@cost[:value])
+ end
+ end
+end
diff --git a/spec/views/api/v2/plans/_funding.json.jbuilder_spec.rb b/spec/views/api/v2/plans/_funding.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..c9fe9ea015
--- /dev/null
+++ b/spec/views/api/v2/plans/_funding.json.jbuilder_spec.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/plans/_funding.json.jbuilder' do
+ before do
+ @funder = create(:org, :funder)
+ create(:identifier, identifiable: @funder,
+ identifier_scheme: create(:identifier_scheme, name: 'fundref'))
+ @funder.reload
+ @plan = create(:plan, funder: @funder, org: create(:org), identifier: SecureRandom.uuid)
+ create(:identifier, identifiable: @plan.org,
+ identifier_scheme: create(:identifier_scheme, name: 'ror'))
+ @grant = create(:identifier, identifiable: @plan)
+ @plan.update(grant_id: @grant.id, funding_status: 'funded')
+ @plan.reload
+
+ render partial: 'api/v2/plans/funding', locals: { plan: @plan }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ describe 'includes all of the funding attributes' do
+ it 'includes :name' do
+ expect(@json[:name]).to eql(@funder.name)
+ end
+
+ it 'includes :funding_status' do
+ expected = Api::V2::FundingPresenter.status(plan: @plan)
+ expect(@json[:funding_status]).to eql(expected)
+ end
+
+ it 'includes :funder_ids' do
+ id = @funder.identifiers.first
+ expect(@json[:funder_id][:type]).to eql(id.identifier_format)
+ expect(@json[:funder_id][:identifier]).to eql(id.value)
+ end
+
+ it 'includes :dmproadmap_funding_opportunity_identifier' do
+ identifier = @plan.identifier
+ expect(@json[:dmproadmap_funding_opportunity_id][:type]).to eql('other')
+ expect(@json[:dmproadmap_funding_opportunity_id][:identifier]).to eql(identifier)
+ end
+
+ it 'includes :grant_ids' do
+ expect(@json[:grant_id][:type]).to eql(@grant.identifier_format)
+ expect(@json[:grant_id][:identifier]).to eql(@grant.value)
+ end
+
+ it 'includes :dmproadmap_funded_affiliations' do
+ org = @plan.org
+ expect(@json[:dmproadmap_funded_affiliations].any?).to be(true)
+ affil = @json[:dmproadmap_funded_affiliations].last
+ expect(affil[:name]).to eql(org.name)
+ expect(affil[:affiliation_id][:type]).to eql(org.identifiers.last.identifier_format)
+ expect(affil[:affiliation_id][:identifier]).to eql(org.identifiers.last.value)
+ end
+ end
+end
diff --git a/spec/views/api/v2/plans/_project.json.jbuilder_spec.rb b/spec/views/api/v2/plans/_project.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..53af088379
--- /dev/null
+++ b/spec/views/api/v2/plans/_project.json.jbuilder_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/plans/_project.json.jbuilder' do
+ before do
+ @plan = build(:plan, funder: build(:org, :funder))
+ render partial: 'api/v2/plans/project', locals: { plan: @plan }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ describe 'includes all of the project attributes' do
+ it 'includes :title' do
+ expect(@json[:title]).to eql(@plan.title)
+ end
+
+ it 'includes :description' do
+ expect(@json[:description]).to eql(@plan.description)
+ end
+
+ it 'includes :start' do
+ expect(@json[:start]).to eql(@plan.start_date.to_formatted_s(:iso8601))
+ end
+
+ it 'includes :end' do
+ expect(@json[:end]).to eql(@plan.end_date.to_formatted_s(:iso8601))
+ end
+
+ it 'includes the :funder' do
+ expect(@json[:funding].length).to be(1)
+ end
+ end
+end
diff --git a/spec/views/api/v2/plans/_show.json.jbuilder_spec.rb b/spec/views/api/v2/plans/_show.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..c706ca3bb6
--- /dev/null
+++ b/spec/views/api/v2/plans/_show.json.jbuilder_spec.rb
@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/plans/_show.json.jbuilder' do
+ before do
+ Rails.configuration.x.madmp.enable_dmp_id_registration = true
+
+ @plan = create(:plan)
+ @data_contact = create(:contributor, data_curation: true, plan: @plan)
+ @pi = create(:contributor, investigation: true, plan: @plan)
+ @plan.contributors = [@data_contact, @pi]
+ create(:identifier, identifiable: @plan)
+
+ # Create an Api Client and connect it to the Plan
+ @client = create(:api_client)
+ scheme = create(:identifier_scheme, :for_plans, name: @client.name.downcase)
+ @client_identifier = create(:identifier, identifier_scheme: scheme, identifiable: @plan)
+
+ @plan.save
+ @plan.reload
+ @presenter = Api::V2::PlanPresenter.new(plan: @plan)
+ end
+
+ describe 'includes all of the DMP attributes' do
+ before do
+ render partial: 'api/v2/plans/show', locals: { client: @client, plan: @plan }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'includes the :title' do
+ expect(@json[:title]).to eql(@plan.title)
+ end
+
+ it 'includes the :description' do
+ expect(@json[:description]).to eql(@plan.description)
+ end
+
+ it 'includes the :language' do
+ # Set @plan.owner
+ @plan.roles << create(:role, :creator, user: create(:user))
+ expected = Api::V2::LanguagePresenter.three_char_code(
+ lang: @plan.owner&.language&.abbreviation
+ )
+ expect(@json[:language]).to eql(expected)
+ end
+
+ it 'includes the :created' do
+ expect(@json[:created]).to eql(@plan.created_at.to_formatted_s(:iso8601))
+ end
+
+ it 'includes the :modified' do
+ expect(@json[:modified]).to eql(@plan.updated_at.to_formatted_s(:iso8601))
+ end
+
+ it 'includes :ethical_issues' do
+ expected = Api::V2::ConversionService.boolean_to_yes_no_unknown(@plan.ethical_issues)
+ expect(@json[:ethical_issues_exist]).to eql(expected)
+ end
+
+ it 'includes :ethical_issues_description' do
+ expect(@json[:ethical_issues_description]).to eql(@plan.ethical_issues_description)
+ end
+
+ it 'includes :ethical_issues_report' do
+ expect(@json[:ethical_issues_report]).to eql(@plan.ethical_issues_report)
+ end
+
+ it 'returns the URL of the plan as the :dmp_id if no DMP ID is defined' do
+ expected = Rails.application.routes.url_helpers.api_v2_plan_url(@plan)
+ expect(@json[:dmp_id][:type]).to eql('url')
+ expect(@json[:dmp_id][:identifier]).to eql(expected)
+ end
+
+ it 'includes the :contact' do
+ expect(@json[:contact][:mbox]).to eql(@data_contact.email)
+ end
+
+ it 'includes the :contributors' do
+ emails = @json[:contributor].pluck(:mbox)
+ expect(emails.include?(@pi.email)).to be(true)
+ end
+
+ # TODO: make sure this is working once the new Cost theme and Currency
+ # question type have been implemented
+ it 'includes the :cost' do
+ expect(@json[:cost]).to be_nil
+ end
+
+ it 'includes the :project' do
+ expect(@json[:project].length).to be(1)
+ end
+
+ it 'includes the :dataset' do
+ expect(@json[:dataset].length).to be(1)
+ end
+ end
+
+ describe 'when the system mints DMP IDs', skip: 'DmpIdService not implemented' do
+ before do
+ scheme = create(:identifier_scheme)
+ DmpIdService.expects(:identifier_scheme).at_least(1).returns(scheme)
+ @doi = create(:identifier, value: '10.9999/123abc.zy/x23', identifiable: @plan,
+ identifier_scheme: scheme)
+ @plan.reload
+ render partial: 'api/v2/plans/show', locals: { client: @client, plan: @plan }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'returns the DMP ID for the :dmp_id if one is present' do
+ expect(@json[:dmp_id][:type]).to eql('doi')
+ expect(@json[:dmp_id][:identifier]).to eql(@doi.value)
+ end
+ end
+end
diff --git a/spec/views/api/v2/plans/index.json.jbuilder_spec.rb b/spec/views/api/v2/plans/index.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..5d47770c52
--- /dev/null
+++ b/spec/views/api/v2/plans/index.json.jbuilder_spec.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/plans/index.json.jbuilder' do
+ before do
+ @plan = create(:plan)
+
+ @client = create(:api_client)
+ @items = [@plan]
+ @total_items = 1
+
+ render template: 'api/v2/plans/index'
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+
+ it 'renders the _standard_response template' do
+ expect(response).to render_template('api/v2/_standard_response')
+ end
+
+ it ':items array to be empty' do
+ expect(@json[:items].length).to be(1)
+ expect(@json[:items].first[:dmp][:title]).to eql(@plan.title)
+ end
+end
diff --git a/spec/views/api/v2/templates/index.json.jbuilder_spec.rb b/spec/views/api/v2/templates/index.json.jbuilder_spec.rb
new file mode 100644
index 0000000000..99b35375ec
--- /dev/null
+++ b/spec/views/api/v2/templates/index.json.jbuilder_spec.rb
@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'api/v2/templates/index.json.jbuilder' do
+ before do
+ @application = Faker::Lorem.word
+ @url = Faker::Internet.url
+ @code = [200, 400, 404, 500].sample
+
+ @template1 = create(:template, :published, org: create(:org), phases: 1)
+ @template2 = create(:template, :published)
+
+ assign :server, @application
+ assign :items, [@template1, @template2]
+
+ @resp = OpenStruct.new(status: @code)
+ @req = Net::HTTPGenericRequest.new('GET', nil, nil, @url)
+ end
+
+ describe 'includes all of the Template attributes' do
+ before do
+ render template: 'api/v2/templates/index',
+ locals: { response: @resp, request: @req }
+ @json = JSON.parse(rendered).with_indifferent_access
+
+ @template = @json[:items].first[:dmp_template]
+ end
+
+ it 'includes both templates' do
+ expect(@json[:items].length).to be(2)
+ end
+
+ it 'includes the :title' do
+ expect(@template[:title]).to eql(@template1.title)
+ end
+
+ it 'includes the :description' do
+ expect(@template[:description]).to eql(@template1.description)
+ end
+
+ it 'includes the :version' do
+ expect(@template[:version]).to eql(@template1.version)
+ end
+
+ it 'includes the :created' do
+ expect(@template[:created]).to eql(@template1.created_at.to_formatted_s(:iso8601))
+ end
+
+ it 'includes the :modified' do
+ expect(@template[:modified]).to eql(@template1.updated_at.to_formatted_s(:iso8601))
+ end
+
+ it 'includes the :affiliation' do
+ expect(@template[:affiliation][:name]).to eql(@template1.org.name)
+ end
+
+ it 'includes the :template_ids' do
+ expect(@template[:template_id][:identifier]).to eql(@template1.id.to_s)
+ expect(@template[:template_id][:type]).to eql('other')
+ end
+
+ # The show_url parameter is either false or not included
+ it 'includes the :phases' do
+ expect(@json[:items].first[:dmp_template][:phases]).to be_nil
+ end
+ end
+
+ # The show_url parameter is true
+ describe 'when the show_phases url parameter is true' do
+ before do
+ @show_phases = true
+ render template: 'api/v2/templates/index',
+ locals: { response: @resp, request: @req, show_phases: @show_phases }
+ @json = JSON.parse(rendered).with_indifferent_access
+ end
+ end
+end
diff --git a/spec/views/devise/registrations/_api_token.html.erb_spec.rb b/spec/views/devise/registrations/_api_token.html.erb_spec.rb
new file mode 100644
index 0000000000..e543ba83f7
--- /dev/null
+++ b/spec/views/devise/registrations/_api_token.html.erb_spec.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'devise/registrations/_api_token.html.erb' do
+ let(:app_name) { Rails.application.config.x.application.internal_oauth_app_name }
+ let!(:oauth_app) { create(:oauth_application, name: app_name) }
+
+ context 'When a user has the `use_api` permission' do
+ it 'renders both the v2 and legacy API token sections' do
+ user = create(:user, :org_admin)
+
+ render partial: 'devise/registrations/api_token', locals: { user: user }
+
+ expect(rendered).to have_selector('#v2-api-token')
+ expect(rendered).to have_selector('#legacy-api-token')
+ end
+ end
+
+ context 'When a user does not have the `use_api` permission' do
+ it 'renders only the v2 API token section' do
+ user = create(:user)
+
+ render partial: 'devise/registrations/api_token', locals: { user: user }
+
+ expect(rendered).to have_selector('#v2-api-token')
+ expect(rendered).not_to have_selector('#legacy-api-token')
+ end
+ end
+end
diff --git a/spec/views/devise/registrations/_v2_api_token.html.erb_spec.rb b/spec/views/devise/registrations/_v2_api_token.html.erb_spec.rb
new file mode 100644
index 0000000000..712431bd60
--- /dev/null
+++ b/spec/views/devise/registrations/_v2_api_token.html.erb_spec.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'devise/registrations/_v2_api_token.html.erb' do
+ let(:user) { create(:user) }
+ let(:app_name) { Rails.application.config.x.application.internal_oauth_app_name }
+
+ def render_token_partial(token: nil)
+ render partial: 'devise/registrations/v2_api_token', locals: { user: user, token: token }
+ end
+
+ context 'when the OAuth application exists' do
+ let!(:oauth_app) { create(:oauth_application, name: app_name) }
+
+ it 'displays the regenerate button when no token is present' do
+ render_token_partial(token: nil)
+ expect(rendered).to have_selector('button', text: 'Regenerate token')
+ end
+
+ context 'when user has a token' do
+ let(:plaintext_token) { 'plaintext-token-value' }
+
+ it 'displays the token and disables the regenerate button' do
+ render_token_partial(token: plaintext_token)
+ expect(rendered).to have_selector('#api-token-val')
+ expect(rendered).not_to have_content('Click the button below to generate an API token')
+ expect(rendered).to have_selector('button[disabled]', text: 'Regenerate token')
+ end
+ end
+
+ context 'when user does not have a token' do
+ it 'displays the generate message' do
+ render_token_partial(token: nil)
+ expect(rendered).to have_content('Click the button below to generate an API token')
+ expect(rendered).not_to have_selector('#api-token-val')
+ end
+ end
+ end
+
+ context 'when the OAuth application does not exist' do
+ it 'displays the warning message and helpdesk email link' do
+ render_token_partial(token: nil)
+ expect(rendered).to have_selector('.alert-warning')
+ expect(rendered).to have_content('V2 API token service is currently unavailable')
+ expect(rendered).to have_link(href: "mailto:#{Rails.application.config.x.organisation.helpdesk_email}")
+ end
+
+ it 'does not display the token or regenerate button' do
+ render_token_partial(token: nil)
+ expect(rendered).not_to have_selector('button', text: 'Regenerate token')
+ expect(rendered).not_to have_selector('code')
+ end
+ end
+end