Merge pull request #1511 from nhosoya/fix/response_mode-is-fragment

Fix that authorization code is returned by fragment if response_mode is fragament

CHANGELOG.md

@@ -11,6 +11,7 @@ User-visible changes worth mentioning.
 - [#1502] Drop support for Ruby 2.4 because of EOL.
 - [#1504] Updated the url fragment in the comment.
 - [#1512] Fix form behavior when response mode is form_post.
+- [#1511] Fix that authorization code is returned by fragment if response_mode is fragament.
 
 ## 5.5.1
 

lib/doorkeeper/oauth/code_request.rb

@@ -13,7 +13,7 @@ def initialize(pre_auth, resource_owner)
       def authorize
         auth = Authorization::Code.new(pre_auth, resource_owner)
         auth.issue_token!
-        CodeResponse.new(pre_auth, auth)
+        CodeResponse.new(pre_auth, auth, response_on_fragment: pre_auth.response_mode == "fragment")
       end
 
       def deny

spec/lib/oauth/code_request_spec.rb

@@ -20,19 +20,30 @@
       client_id: client.uid,
       response_type: "code",
       redirect_uri: "https://app.com/callback",
-    }
+      response_mode: response_mode,
+    }.compact
 
     pre_auth = Doorkeeper::OAuth::PreAuthorization.new(Doorkeeper.config, attributes)
     pre_auth.authorizable?
     pre_auth
   end
 
+  let(:response_mode) { nil }
   let(:owner) { FactoryBot.create(:resource_owner) }
 
   context "when pre_auth is authorized" do
     it "creates an access grant and returns a code response" do
       expect { request.authorize }.to change { Doorkeeper::AccessGrant.count }.by(1)
       expect(request.authorize).to be_a(Doorkeeper::OAuth::CodeResponse)
+      expect(request.authorize.response_on_fragment).to be false
+    end
+
+    context "with 'fragment' as response_mode" do
+      let(:response_mode) { "fragment" }
+
+      it "returns a code response with response_on_fragment set to true" do
+        expect(request.authorize.response_on_fragment).to be true
+      end
     end
   end