Merge pull request #41 from danschultzer/application-wide-access-token

Ensure application wide access tokens can be authenticated

lib/ex_oauth2_provider.ex

@@ -75,9 +75,9 @@ defmodule ExOauth2Provider do
   defp load_resource({:ok, access_token}) do
     access_token = repo().preload(access_token, :resource_owner)
 
-    case access_token.resource_owner do
-      nil -> {:error, :no_association_found}
-      _   -> {:ok, access_token}
+    case is_nil(access_token.resource_owner_id) || not is_nil(access_token.resource_owner) do
+      true  -> {:ok, access_token}
+      false -> {:error, :no_association_found}
     end
   end
 

mix.exs

@@ -39,7 +39,7 @@ defmodule ExOauth2Provider.Mixfile do
 
   defp deps do
     [{:ecto, ">= 2.1.0 or < 2.3.0"},
-     {:plug, ">= 1.0.0 and < 1.7.0"},
+     {:plug, ">= 1.0.0 and < 1.8.0"},
      {:jason, "~> 1.1"},
      {:postgrex, ">= 0.11.1", optional: true},
 

test/ex_oauth2_provider_test.exs

@@ -4,7 +4,6 @@ defmodule ExOauth2ProviderTest do
 
   alias ExOauth2Provider.Test.{ConfigHelpers, Fixtures, QueryHelpers}
   alias ExOauth2Provider.{OauthAccessTokens, OauthAccessTokens.OauthAccessToken}
-  alias Ecto.Changeset
 
   test "authenticate_token/1 error when invalid" do
     assert ExOauth2Provider.authenticate_token(nil) == {:error, :token_inaccessible}
@@ -14,6 +13,15 @@ defmodule ExOauth2ProviderTest do
   test "authenticate_token/1 authenticates" do
     access_token = Fixtures.access_token(Fixtures.resource_owner())
     assert ExOauth2Provider.authenticate_token(access_token.token) == {:ok, access_token}
+    assert access_token.resource_owner
+  end
+
+  test "authenticate_token/1 authenticates with application-wide token" do
+    application = Fixtures.application(Fixtures.resource_owner())
+    access_token = Fixtures.access_token(application)
+
+    assert {:ok, access_token} = ExOauth2Provider.authenticate_token(access_token.token)
+    refute access_token.resource_owner
   end
 
   test "authenticate_token/1 revokes previous refresh token" do
@@ -61,13 +69,10 @@ defmodule ExOauth2ProviderTest do
     assert ExOauth2Provider.authenticate_token(access_token.token) == {:error, :token_inaccessible}
   end
 
-  test "authenticate_token/1 error when no resource owner" do
+  test "authenticate_token/1 error when invalid resource owner" do
     resource_owner_id = (if is_nil(System.get_env("UUID")), do: 0, else: "09b58e2b-8fff-4b8d-ba94-18a06dd4fc29")
-
-    access_token = Fixtures.resource_owner()
-                   |> Fixtures.access_token(%{})
-                   |> Changeset.change(resource_owner_id: resource_owner_id)
-                   |> ExOauth2Provider.repo.update!()
+    user = %{Fixtures.resource_owner() | id: resource_owner_id}
+    access_token = Fixtures.access_token(user)
 
     assert ExOauth2Provider.authenticate_token(access_token.token) == {:error, :no_association_found}
   end