couchkeeper 0.6.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (240) hide show
  1. data/.gitignore +14 -0
  2. data/.rspec +1 -0
  3. data/.travis.yml +28 -0
  4. data/CHANGELOG.md +198 -0
  5. data/Gemfile +32 -0
  6. data/MIT-LICENSE +20 -0
  7. data/README.md +290 -0
  8. data/Rakefile +18 -0
  9. data/app/assets/javascripts/doorkeeper/application.js +2 -0
  10. data/app/assets/stylesheets/doorkeeper/application.css +18 -0
  11. data/app/assets/stylesheets/doorkeeper/form.css +13 -0
  12. data/app/controllers/doorkeeper/application_controller.rb +7 -0
  13. data/app/controllers/doorkeeper/applications_controller.rb +60 -0
  14. data/app/controllers/doorkeeper/authorizations_controller.rb +57 -0
  15. data/app/controllers/doorkeeper/authorized_applications_controller.rb +12 -0
  16. data/app/controllers/doorkeeper/token_info_controller.rb +12 -0
  17. data/app/controllers/doorkeeper/tokens_controller.rb +20 -0
  18. data/app/helpers/doorkeeper/form_errors_helper.rb +9 -0
  19. data/app/validators/redirect_uri_validator.rb +23 -0
  20. data/app/views/doorkeeper/applications/_form.html.erb +34 -0
  21. data/app/views/doorkeeper/applications/edit.html.erb +13 -0
  22. data/app/views/doorkeeper/applications/index.html.erb +29 -0
  23. data/app/views/doorkeeper/applications/new.html.erb +13 -0
  24. data/app/views/doorkeeper/applications/show.html.erb +26 -0
  25. data/app/views/doorkeeper/authorizations/error.html.erb +6 -0
  26. data/app/views/doorkeeper/authorizations/new.html.erb +37 -0
  27. data/app/views/doorkeeper/authorizations/show.html.erb +4 -0
  28. data/app/views/doorkeeper/authorized_applications/index.html.erb +25 -0
  29. data/app/views/layouts/doorkeeper/application.html.erb +33 -0
  30. data/config/locales/en.yml +68 -0
  31. data/doorkeeper.gemspec +28 -0
  32. data/lib/doorkeeper.rb +64 -0
  33. data/lib/doorkeeper/config.rb +194 -0
  34. data/lib/doorkeeper/doorkeeper_for.rb +76 -0
  35. data/lib/doorkeeper/engine.rb +19 -0
  36. data/lib/doorkeeper/errors.rb +15 -0
  37. data/lib/doorkeeper/helpers/controller.rb +58 -0
  38. data/lib/doorkeeper/helpers/filter.rb +38 -0
  39. data/lib/doorkeeper/models/access_grant.rb +24 -0
  40. data/lib/doorkeeper/models/access_token.rb +95 -0
  41. data/lib/doorkeeper/models/accessible.rb +9 -0
  42. data/lib/doorkeeper/models/active_record/access_grant.rb +5 -0
  43. data/lib/doorkeeper/models/active_record/access_token.rb +21 -0
  44. data/lib/doorkeeper/models/active_record/application.rb +20 -0
  45. data/lib/doorkeeper/models/application.rb +33 -0
  46. data/lib/doorkeeper/models/couchbase/access_grant.rb +10 -0
  47. data/lib/doorkeeper/models/couchbase/access_token.rb +7 -0
  48. data/lib/doorkeeper/models/couchbase/application.rb +35 -0
  49. data/lib/doorkeeper/models/doorkeeper_access_grant/by_token/map.js +5 -0
  50. data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id/map.js +5 -0
  51. data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id_and_resource_owner_id/map.js +5 -0
  52. data/lib/doorkeeper/models/doorkeeper_access_token/by_refresh_token/map.js +5 -0
  53. data/lib/doorkeeper/models/doorkeeper_access_token/by_resource_owner_id/map.js +5 -0
  54. data/lib/doorkeeper/models/doorkeeper_access_token/by_token/map.js +5 -0
  55. data/lib/doorkeeper/models/doorkeeper_application/by_uid/map.js +5 -0
  56. data/lib/doorkeeper/models/doorkeeper_application/by_uid_and_secret/map.js +5 -0
  57. data/lib/doorkeeper/models/doorkeeper_application/show_all/map.js +6 -0
  58. data/lib/doorkeeper/models/expirable.rb +21 -0
  59. data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +28 -0
  60. data/lib/doorkeeper/models/mongo_mapper/access_token.rb +51 -0
  61. data/lib/doorkeeper/models/mongo_mapper/application.rb +30 -0
  62. data/lib/doorkeeper/models/mongo_mapper/revocable.rb +15 -0
  63. data/lib/doorkeeper/models/mongoid/revocable.rb +15 -0
  64. data/lib/doorkeeper/models/mongoid/scopes.rb +15 -0
  65. data/lib/doorkeeper/models/mongoid2/access_grant.rb +22 -0
  66. data/lib/doorkeeper/models/mongoid2/access_token.rb +41 -0
  67. data/lib/doorkeeper/models/mongoid2/application.rb +22 -0
  68. data/lib/doorkeeper/models/mongoid3/access_grant.rb +22 -0
  69. data/lib/doorkeeper/models/mongoid3/access_token.rb +41 -0
  70. data/lib/doorkeeper/models/mongoid3/application.rb +22 -0
  71. data/lib/doorkeeper/models/ownership.rb +16 -0
  72. data/lib/doorkeeper/models/scopes.rb +17 -0
  73. data/lib/doorkeeper/oauth/authorization.rb +10 -0
  74. data/lib/doorkeeper/oauth/authorization/code.rb +32 -0
  75. data/lib/doorkeeper/oauth/authorization/token.rb +28 -0
  76. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +29 -0
  77. data/lib/doorkeeper/oauth/authorization_code_request.rb +82 -0
  78. data/lib/doorkeeper/oauth/client.rb +29 -0
  79. data/lib/doorkeeper/oauth/client/credentials.rb +21 -0
  80. data/lib/doorkeeper/oauth/client/methods.rb +18 -0
  81. data/lib/doorkeeper/oauth/client_credentials/creator.rb +29 -0
  82. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +35 -0
  83. data/lib/doorkeeper/oauth/client_credentials/validation.rb +33 -0
  84. data/lib/doorkeeper/oauth/client_credentials_request.rb +47 -0
  85. data/lib/doorkeeper/oauth/code_request.rb +28 -0
  86. data/lib/doorkeeper/oauth/code_response.rb +37 -0
  87. data/lib/doorkeeper/oauth/error.rb +9 -0
  88. data/lib/doorkeeper/oauth/error_response.rb +44 -0
  89. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +18 -0
  90. data/lib/doorkeeper/oauth/helpers/unique_token.rb +13 -0
  91. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +32 -0
  92. data/lib/doorkeeper/oauth/password_access_token_request.rb +84 -0
  93. data/lib/doorkeeper/oauth/pre_authorization.rb +62 -0
  94. data/lib/doorkeeper/oauth/refresh_token_request.rb +58 -0
  95. data/lib/doorkeeper/oauth/scopes.rb +60 -0
  96. data/lib/doorkeeper/oauth/token.rb +36 -0
  97. data/lib/doorkeeper/oauth/token_request.rb +28 -0
  98. data/lib/doorkeeper/oauth/token_response.rb +29 -0
  99. data/lib/doorkeeper/rails/routes.rb +90 -0
  100. data/lib/doorkeeper/rails/routes/mapper.rb +28 -0
  101. data/lib/doorkeeper/rails/routes/mapping.rb +39 -0
  102. data/lib/doorkeeper/request.rb +33 -0
  103. data/lib/doorkeeper/request/authorization_code.rb +23 -0
  104. data/lib/doorkeeper/request/client_credentials.rb +23 -0
  105. data/lib/doorkeeper/request/code.rb +24 -0
  106. data/lib/doorkeeper/request/password.rb +23 -0
  107. data/lib/doorkeeper/request/refresh_token.rb +23 -0
  108. data/lib/doorkeeper/request/token.rb +24 -0
  109. data/lib/doorkeeper/server.rb +54 -0
  110. data/lib/doorkeeper/validations.rb +30 -0
  111. data/lib/doorkeeper/version.rb +3 -0
  112. data/lib/generators/doorkeeper/application_owner_generator.rb +15 -0
  113. data/lib/generators/doorkeeper/install_generator.rb +12 -0
  114. data/lib/generators/doorkeeper/migration_generator.rb +15 -0
  115. data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb +12 -0
  116. data/lib/generators/doorkeeper/templates/README +44 -0
  117. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +7 -0
  118. data/lib/generators/doorkeeper/templates/indexes.rb +3 -0
  119. data/lib/generators/doorkeeper/templates/initializer.rb +67 -0
  120. data/lib/generators/doorkeeper/templates/migration.rb +42 -0
  121. data/lib/generators/doorkeeper/views_generator.rb +15 -0
  122. data/script/rails +6 -0
  123. data/script/run_all +14 -0
  124. data/spec/controllers/applications_controller_spec.rb +18 -0
  125. data/spec/controllers/authorizations_controller_spec.rb +154 -0
  126. data/spec/controllers/protected_resources_controller_spec.rb +304 -0
  127. data/spec/controllers/token_info_controller_spec.rb +54 -0
  128. data/spec/controllers/tokens_controller_spec.rb +36 -0
  129. data/spec/dummy/Rakefile +7 -0
  130. data/spec/dummy/app/assets/javascripts/application.js +9 -0
  131. data/spec/dummy/app/assets/stylesheets/application.css +7 -0
  132. data/spec/dummy/app/controllers/application_controller.rb +3 -0
  133. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +7 -0
  134. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
  135. data/spec/dummy/app/controllers/home_controller.rb +17 -0
  136. data/spec/dummy/app/controllers/metal_controller.rb +11 -0
  137. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
  138. data/spec/dummy/app/helpers/application_helper.rb +5 -0
  139. data/spec/dummy/app/models/user.rb +27 -0
  140. data/spec/dummy/app/views/home/index.html.erb +0 -0
  141. data/spec/dummy/app/views/layouts/application.html.erb +16 -0
  142. data/spec/dummy/config.ru +4 -0
  143. data/spec/dummy/config/application.rb +54 -0
  144. data/spec/dummy/config/boot.rb +6 -0
  145. data/spec/dummy/config/database.yml +15 -0
  146. data/spec/dummy/config/environment.rb +5 -0
  147. data/spec/dummy/config/environments/development.rb +30 -0
  148. data/spec/dummy/config/environments/production.rb +60 -0
  149. data/spec/dummy/config/environments/test.rb +39 -0
  150. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  151. data/spec/dummy/config/initializers/doorkeeper.rb +56 -0
  152. data/spec/dummy/config/initializers/secret_token.rb +9 -0
  153. data/spec/dummy/config/initializers/session_store.rb +8 -0
  154. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  155. data/spec/dummy/config/locales/doorkeeper.en.yml +5 -0
  156. data/spec/dummy/config/mongo.yml +11 -0
  157. data/spec/dummy/config/mongoid2.yml +9 -0
  158. data/spec/dummy/config/mongoid3.yml +18 -0
  159. data/spec/dummy/config/routes.rb +38 -0
  160. data/spec/dummy/db/migrate/20111122132257_create_users.rb +9 -0
  161. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +5 -0
  162. data/spec/dummy/db/migrate/20120524202412_create_doorkeeper_tables.rb +44 -0
  163. data/spec/dummy/db/schema.rb +64 -0
  164. data/spec/dummy/public/404.html +26 -0
  165. data/spec/dummy/public/422.html +26 -0
  166. data/spec/dummy/public/500.html +26 -0
  167. data/spec/dummy/public/favicon.ico +0 -0
  168. data/spec/dummy/script/rails +6 -0
  169. data/spec/factories/access_grant.rb +9 -0
  170. data/spec/factories/access_token.rb +7 -0
  171. data/spec/factories/application.rb +6 -0
  172. data/spec/generators/application_owner_generator_spec.rb +23 -0
  173. data/spec/generators/install_generator_spec.rb +31 -0
  174. data/spec/generators/migration_generator_spec.rb +20 -0
  175. data/spec/generators/templates/routes.rb +3 -0
  176. data/spec/generators/views_generator_spec.rb +27 -0
  177. data/spec/lib/config_spec.rb +170 -0
  178. data/spec/lib/models/expirable_spec.rb +51 -0
  179. data/spec/lib/models/revocable_spec.rb +31 -0
  180. data/spec/lib/models/scopes_spec.rb +32 -0
  181. data/spec/lib/oauth/authorization/uri_builder_spec.rb +37 -0
  182. data/spec/lib/oauth/authorization_code_request_spec.rb +80 -0
  183. data/spec/lib/oauth/client/credentials_spec.rb +47 -0
  184. data/spec/lib/oauth/client/methods_spec.rb +54 -0
  185. data/spec/lib/oauth/client_credentials/creator_spec.rb +47 -0
  186. data/spec/lib/oauth/client_credentials/issuer_spec.rb +57 -0
  187. data/spec/lib/oauth/client_credentials/validation_spec.rb +29 -0
  188. data/spec/lib/oauth/client_credentials_integration_spec.rb +27 -0
  189. data/spec/lib/oauth/client_credentials_request_spec.rb +64 -0
  190. data/spec/lib/oauth/client_spec.rb +39 -0
  191. data/spec/lib/oauth/code_request_spec.rb +44 -0
  192. data/spec/lib/oauth/error_response_spec.rb +40 -0
  193. data/spec/lib/oauth/error_spec.rb +19 -0
  194. data/spec/lib/oauth/helpers/scope_checker_spec.rb +74 -0
  195. data/spec/lib/oauth/helpers/unique_token_spec.rb +20 -0
  196. data/spec/lib/oauth/helpers/uri_checker_spec.rb +64 -0
  197. data/spec/lib/oauth/password_access_token_request_spec.rb +65 -0
  198. data/spec/lib/oauth/pre_authorization_spec.rb +80 -0
  199. data/spec/lib/oauth/refresh_token_request_spec.rb +56 -0
  200. data/spec/lib/oauth/scopes_spec.rb +115 -0
  201. data/spec/lib/oauth/token_request_spec.rb +46 -0
  202. data/spec/lib/oauth/token_response_spec.rb +52 -0
  203. data/spec/lib/oauth/token_spec.rb +83 -0
  204. data/spec/lib/server_spec.rb +24 -0
  205. data/spec/models/doorkeeper/access_grant_spec.rb +36 -0
  206. data/spec/models/doorkeeper/access_token_spec.rb +153 -0
  207. data/spec/models/doorkeeper/application_spec.rb +162 -0
  208. data/spec/requests/applications/applications_request_spec.rb +92 -0
  209. data/spec/requests/applications/authorized_applications_spec.rb +30 -0
  210. data/spec/requests/endpoints/authorization_spec.rb +47 -0
  211. data/spec/requests/endpoints/token_spec.rb +46 -0
  212. data/spec/requests/flows/authorization_code_errors_spec.rb +66 -0
  213. data/spec/requests/flows/authorization_code_spec.rb +135 -0
  214. data/spec/requests/flows/client_credentials_spec.rb +58 -0
  215. data/spec/requests/flows/implicit_grant_errors_spec.rb +31 -0
  216. data/spec/requests/flows/implicit_grant_spec.rb +19 -0
  217. data/spec/requests/flows/password_spec.rb +78 -0
  218. data/spec/requests/flows/refresh_token_spec.rb +71 -0
  219. data/spec/requests/flows/skip_authorization_spec.rb +40 -0
  220. data/spec/requests/protected_resources/metal_spec.rb +14 -0
  221. data/spec/requests/protected_resources/private_api_spec.rb +50 -0
  222. data/spec/routing/custom_controller_routes_spec.rb +44 -0
  223. data/spec/routing/default_routes_spec.rb +32 -0
  224. data/spec/spec_helper.rb +2 -0
  225. data/spec/spec_helper_integration.rb +40 -0
  226. data/spec/support/dependencies/factory_girl.rb +2 -0
  227. data/spec/support/helpers/access_token_request_helper.rb +11 -0
  228. data/spec/support/helpers/authorization_request_helper.rb +32 -0
  229. data/spec/support/helpers/config_helper.rb +9 -0
  230. data/spec/support/helpers/model_helper.rb +45 -0
  231. data/spec/support/helpers/request_spec_helper.rb +72 -0
  232. data/spec/support/helpers/url_helper.rb +51 -0
  233. data/spec/support/orm/active_record.rb +11 -0
  234. data/spec/support/orm/mongo_mapper.rb +26 -0
  235. data/spec/support/orm/mongoid.rb +31 -0
  236. data/spec/support/shared/controllers_shared_context.rb +60 -0
  237. data/spec/support/shared/models_shared_examples.rb +60 -0
  238. data/spec/validators/redirect_uri_validator_spec.rb +47 -0
  239. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +356 -0
  240. metadata +430 -0
@@ -0,0 +1,14 @@
1
+ .bundle/
2
+ .rbx
3
+ *.rbc
4
+ log/*.log
5
+ pkg/
6
+ spec/dummy/db/*.sqlite3
7
+ spec/dummy/log/*.log
8
+ spec/dummy/tmp/
9
+ Gemfile.lock
10
+ gemfiles/*.lock
11
+ spec/generators/tmp
12
+ .rvmrc
13
+ *.swp
14
+
data/.rspec ADDED
@@ -0,0 +1 @@
1
+ --colour
@@ -0,0 +1,28 @@
1
+ language: ruby
2
+ rvm:
3
+ - 1.8.7
4
+ - 1.9.2
5
+ - 1.9.3
6
+ - 2.0.0
7
+ env:
8
+ - rails=3.2.8
9
+ - rails=3.2.13
10
+ - rails=3.1.8
11
+ - rails=edge
12
+ - orm=mongoid2
13
+ - orm=mongoid3
14
+ - orm=mongo_mapper
15
+ services:
16
+ - mongodb
17
+ matrix:
18
+ allow_failures:
19
+ - env: orm=mongoid2
20
+ exclude:
21
+ - rvm: 1.8.7
22
+ env: orm=mongoid3
23
+ - rvm: 1.9.2
24
+ env: orm=mongoid3
25
+ - rvm: 1.8.7
26
+ env: rails=edge
27
+ - rvm: 1.9.2
28
+ env: rails=edge
@@ -0,0 +1,198 @@
1
+ # Changelog
2
+
3
+ ## 0.6.7
4
+
5
+ - internals
6
+ - [#188] Add IDs to the show views for integration testing [@egtann](https://github.com/egtann)
7
+
8
+ ## 0.6.6
9
+
10
+ - enhancements
11
+ - [#187] Raise error if configuration is not set
12
+
13
+ ## 0.6.5
14
+
15
+ - enhancements
16
+ - [#184] Vendor the Bootstrap CSS [@tylerhunt](https://github.com/tylerhunt)
17
+
18
+ ## 0.6.4
19
+
20
+ - bug
21
+ - [#180] Add localization to authorized_applications destroy notice [@aalvarado](https://github.com/aalvarado)
22
+
23
+ ## 0.6.3
24
+
25
+ - bugfixes
26
+ - [#163] Error response content-type header should be application/json [@ggayan](https://github.com/ggayan)
27
+ - [#175] Make token.expires_in_seconds return nil when expires_in is nil [@miyagawa](https://github.com/miyagawa)
28
+ - enhancements
29
+ - [#166, #172, #174] Behavior to automatically authorize based on a configured proc
30
+ - internals
31
+ - [#168] Using expectation syntax for controller specs [@rdsoze](https://github.com/rdsoze)
32
+
33
+ ## 0.6.2
34
+
35
+ - bugfixes
36
+ - [#162] Remove ownership columns from base migration template [@rdsoze](https://github.com/rdsoze)
37
+
38
+ ## 0.6.1
39
+
40
+ - bugfixes
41
+ - [#160] Removed |routes| argument from initializer authenticator blocks
42
+ - documentation
43
+ - [#160] Fixed description of context of authenticator blocks
44
+
45
+ ## 0.6.0
46
+
47
+ - enhancements
48
+ - Mongoid `orm` configuration accepts only :mongoid2 or :mongoid3
49
+ - Authorization endpoint does not redirect in #new action anymore. It wasn't specified by OAuth spec
50
+ - TokensController now inherits from ActionController::Metal. There might be performance upgrades
51
+ - Add link to authorization in Applications scaffold
52
+ - [#116] MongoMapper support [@carols10cents](https://github.com/carols10cents)
53
+ - [#122] Mongoid3 support [@petergoldstein](https://github.com/petergoldstein)
54
+ - [#150] Introduce test redirect uri for applications
55
+ - bugfixes
56
+ - [#157] Response token status should be `:ok`, not `:success` [@theycallmeswift](https://github.com/theycallmeswift)
57
+ - [#159] Remove ActionView::Base.field_error_proc override (fixes #145)
58
+ - internals
59
+ - Update development dependencies
60
+ - Several refactorings
61
+ - Rails/ORM are easily swichable with env vars (rails and orm)
62
+ - Travis now tests against Mongoid v2
63
+
64
+ ## 0.5.0.rc1
65
+
66
+ Official support for rubinius was removed.
67
+
68
+ - enhancements
69
+ - Configure the way access token is retrieved from request (default to bearer header)
70
+ - Authorization Code expiration time is now configurable
71
+ - Add support for mongoid
72
+ - [#78, #128, #137, #138] Application Ownership
73
+ - [#92] Allow users to skip controllers
74
+ - [#99] Remove deprecated warnings for data-* attributes [@towerhe](https://github.com/towerhe)
75
+ - [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
76
+ - [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
77
+ - [#107] Fix typos in initializer
78
+ - [#123] i18n for validator, flash messages [@petergoldstein](https://github.com/petergoldstein)
79
+ - [#140] ActiveRecord is the default value for the ORM [@petergoldstein](https://github.com/petergoldstein)
80
+ - internals
81
+ - [#112, #120] Replacing update_attribute with update_column to eliminate deprecation warnings [@rmoriz](https://github.com/rmoriz), [@petergoldstein](https://github.com/petergoldstein)
82
+ - [#121] Updating all development dependencies to recent versions. [@petergoldstein](https://github.com/petergoldstein)
83
+ - [#144] Adding MongoDB dependency to .travis.yml [@petergoldstein](https://github.com/petergoldstein)
84
+ - [#143] Displays errors for unconfigured error messages [@timgaleckas](https://github.com/timgaleckas)
85
+ - bugfixes
86
+ - [#102] Not returning 401 when access token generation fails [@cslew](https://github.com/cslew)
87
+ - [#125] Doorkeeper is using ActiveRecord version of as_json in ORM agnostic code [@petergoldstein](https://github.com/petergoldstein)
88
+ - [#142] Prevent double submission of password based authentication [@bdurand](https://github.com/bdurand)
89
+ - documentation
90
+ - [#141] Add rack-cors middleware to readme [@gottfrois](https://github.com/gottfrois)
91
+
92
+ ## 0.4.2
93
+
94
+ - bugfixes:
95
+ - [#94] Uninitialized Constant in Password Flow
96
+
97
+ ## 0.4.1
98
+
99
+ - enhancements:
100
+ - Backport: Move doorkeeper_for extension to Filter helper
101
+
102
+ ## 0.4.0
103
+
104
+ - deprecation
105
+ - Deprecate authorization_scopes
106
+ - database changes
107
+ - AccessToken#resource_owner_id is not nullable
108
+ - enhancements
109
+ - [#83] Add Resource Owner Password Credentials flow [@jaimeiniesta](https://github.com/jaimeiniesta)
110
+ - [#76] Allow token expiration to be disabled [@mattgreen](https://github.com/mattgreen)
111
+ - [#89] Configure the way client credentials are retrieved from request
112
+ - [#b6470a] Add Client Credentials flow
113
+ - internals
114
+ - [#2ece8d, #f93778] Introduce Client and ErrorResponse classes
115
+
116
+ ## 0.3.4
117
+
118
+ - Fix attr_accessible for rails 3.2.x
119
+
120
+ ## 0.3.3
121
+
122
+ - [#86] shrink gem package size
123
+
124
+ ## 0.3.2
125
+
126
+ - enhancements
127
+ - [#54] Ignore Authorization: headers that are not Bearer [@miyagawa](https://github.com/miyagawa)
128
+ - [#58, #64] Add destroy action to applications endpoint [@jaimeiniesta](https://github.com/jaimeiniesta), [@davidfrey](https://github.com/davidfrey)
129
+ - [#63] TokensController responds with `401 unauthorized` [@jaimeiniesta](https://github.com/jaimeiniesta)
130
+ - [#67, #72] Fix for mass-assignment [@cicloid](https://github.com/cicloid)
131
+ - internals
132
+ - [#49] Add Gemnasium status image to README [@laserlemon](https://github.com/laserlemon)
133
+ - [#50] Fix typos [@tomekw](https://github.com/tomekw)
134
+ - [#51] Updated the factory_girl_rails dependency, fix expires_in response which returned a float number instead of integer [@antekpiechnik](https://github.com/antekpiechnik)
135
+ - [#62] Typos, .gitignore [@jaimeiniesta](https://github.com/jaimeiniesta)
136
+ - [#65] Change _path redirections to _url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
137
+ - [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
138
+ - Remove application link in authorized app view
139
+
140
+ ## 0.3.1
141
+
142
+ - enhancements
143
+ - [#48] Add if, else options to doorkeeper_for
144
+ - Add views generator
145
+ - internals
146
+ - Namespace models
147
+
148
+ ## 0.3.0
149
+
150
+ - enhancements
151
+ - [#17, #31] Add support for client credentials in basic auth header [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
152
+ - [#28] Add indices to migration [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
153
+ - [#29] Allow doorkeeper to run with rails 3.2 [@john-griffin](https://github.com/john-griffin)
154
+ - [#30] Improve client's redirect uri validation [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
155
+ - [#32] Add token (implicit grant) flow [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
156
+ - [#34] Add support for custom unathorized responses [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
157
+ - [#36] Remove repetitions from the Authorised Applications view [@carvil](https://github.com/carvil)
158
+ - When user revoke an application, all tokens for that application are revoked
159
+ - Error messages now can be translated
160
+ - Install generator copies the error messages localization file
161
+ - internals
162
+ - Fix deprecation warnings in ActiveSupport::Base64
163
+ - Remove deprecation in doorkeeper_for that handles hash arguments
164
+ - Depends on railties instead of whole rails framework
165
+ - CI now integrates with rails 3.1 and 3.2
166
+
167
+ ## 0.2.0
168
+
169
+ - enhancements
170
+ - [#4] Add authorized applications endpoint
171
+ - [#5, #11] Add access token scopes
172
+ - [#10] Add access token expiration by default
173
+ - [#9, #12] Add refresh token flow
174
+ - internals
175
+ - [#7] Improve configuration options with :default
176
+ - Improve configuration options with :builder
177
+ - Refactor config class
178
+ - Improve coverage of authorization request integration
179
+ - bug fixes
180
+ - [#6, #20] Fix access token response headers
181
+ - Fix issue with state parameter
182
+ - deprecation
183
+ - deprecate :only and :except options in doorkeeper_for
184
+
185
+ ## 0.1.1
186
+
187
+ - enhancements
188
+ - [#3] Authorization code must be short lived and single use
189
+ - [#2] Improve views provided by doorkeeper
190
+ - [#1] Skips authorization form if the client has been authorized by the resource owner
191
+ - Improve readme
192
+ - bugfixes
193
+ - Fix issue when creating the access token (wrong client id)
194
+
195
+ ## 0.1.0
196
+
197
+ - Authorization Code flow
198
+ - OAuth applications endpoint
data/Gemfile ADDED
@@ -0,0 +1,32 @@
1
+ # Defaults. For supported versions check .travis.yml
2
+ ENV['rails'] ||= '3.2.8'
3
+ ENV['orm'] ||= 'active_record'
4
+
5
+ source 'https://rubygems.org'
6
+
7
+ gem 'jquery-rails'
8
+
9
+ # Define Rails version
10
+ rails_version = ENV['rails'].match(/edge/) ? {:github => 'rails/rails'} : ENV['rails']
11
+ gem 'rails', rails_version
12
+
13
+ gem 'database_cleaner', '~> 1.0.0.RC1' if rails_version.is_a?(Hash)
14
+
15
+ case ENV['orm']
16
+ when 'active_record'
17
+ gem 'activerecord'
18
+
19
+ when 'mongoid2'
20
+ gem 'mongoid', '2.5.1'
21
+ gem 'bson_ext', '~> 1.7'
22
+
23
+ when 'mongoid3'
24
+ gem 'mongoid', '3.0.10'
25
+
26
+ when 'mongo_mapper'
27
+ gem 'mongo_mapper', '0.12.0'
28
+ gem 'bson_ext', '~> 1.7'
29
+
30
+ end
31
+
32
+ gemspec
@@ -0,0 +1,20 @@
1
+ Copyright 2011 Applicake. http://applicake.com
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,290 @@
1
+ # Doorkeeper - awesome oauth provider for your Rails app.
2
+
3
+ [![Build Status](https://travis-ci.org/applicake/doorkeeper.png?branch=master)](https://travis-ci.org/applicake/doorkeeper)
4
+ [![Dependency Status](https://gemnasium.com/applicake/doorkeeper.png?travis)](https://gemnasium.com/applicake/doorkeeper)
5
+ [![Code Climate](https://codeclimate.com/github/applicake/doorkeeper.png)](https://codeclimate.com/github/applicake/doorkeeper)
6
+ [![Gem Version](https://badge.fury.io/rb/doorkeeper.png)](https://rubygems.org/gems/doorkeeper)
7
+
8
+ Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionality to your application.
9
+
10
+ The gem is under constant development. It is based in the [version 22 of the OAuth specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-22) and it still does not support all OAuth features.
11
+
12
+ ## Useful links
13
+
14
+ - For documentation, please check out our [wiki](https://github.com/applicake/doorkeeper/wiki)
15
+ - For general questions, please post it in our [google groups](https://groups.google.com/forum/?fromgroups#!forum/doorkeeper-gem) or [stack overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
16
+
17
+ ## Requirements
18
+
19
+ - Ruby 1.8.7, 1.9.2 or 1.9.3
20
+ - Rails 3.1.x or 3.2.x
21
+ - ORM ActiveRecord, Mongoid 2, Mongoid 3 or MongoMapper
22
+
23
+ ## Installation
24
+
25
+ Put this in your Gemfile:
26
+
27
+ ``` ruby
28
+ gem 'doorkeeper', '~> 0.6.7'
29
+ ```
30
+
31
+ Run the installation generator with:
32
+
33
+ rails generate doorkeeper:install
34
+
35
+ This will install the doorkeeper initializer into `config/initializers/doorkeeper.rb`.
36
+
37
+ ## Configuration
38
+
39
+ ### Active Record
40
+
41
+ By default doorkeeper is configured to use active record, so to start you have to generate the migration tables:
42
+
43
+ rails generate doorkeeper:migration
44
+
45
+ Don't forget to run the migration with:
46
+
47
+ rake db:migrate
48
+
49
+ ### Mongoid / MongoMapper
50
+
51
+ Doorkeeper currently supports MongoMapper, Mongoid 2 and 3. To start using it, you have to set the `orm` configuration:
52
+
53
+ ``` ruby
54
+ Doorkeeper.configure do
55
+ orm :mongoid2 # or :mongoid3, :mongo_mapper
56
+ end
57
+ ```
58
+
59
+ #### Mongoid indexes
60
+
61
+ Make sure you create indexes for doorkeeper models. You can do this either by running `rake db:mongoid:create_indexes` or (if you're using Mongoid 2) by adding `autocreate_indexes: true` to your `config/mongoid.yml`
62
+
63
+ #### MongoMapper indexes
64
+
65
+ Generate the `db/indexes.rb` file and create indexes for the doorkeeper models:
66
+
67
+ rails generate doorkeeper:mongo_mapper:indexes
68
+ rake db:index
69
+
70
+ ### Routes
71
+
72
+ The installation script will also automatically add the Doorkeeper routes into your app, like this:
73
+
74
+ ``` ruby
75
+ Rails.application.routes.draw do
76
+ use_doorkeeper
77
+ # your routes
78
+ end
79
+ ```
80
+
81
+ This will mount following routes:
82
+
83
+ GET /oauth/authorize
84
+ POST /oauth/authorize
85
+ DELETE /oauth/authorize
86
+ POST /oauth/token
87
+ resources /oauth/applications
88
+
89
+ For more information on how to customize routes, check out [this page on the wiki](https://github.com/applicake/doorkeeper/wiki/Customizing-routes).
90
+
91
+ ### Authenticating
92
+
93
+ You need to configure Doorkeeper in order to provide resource_owner model and authentication block `initializers/doorkeeper.rb`
94
+
95
+ ``` ruby
96
+ Doorkeeper.configure do
97
+ resource_owner_authenticator do
98
+ User.find(session[:current_user_id]) || redirect_to(login_url)
99
+ end
100
+ end
101
+ ```
102
+
103
+ This code is run in the context of your application so you have access to your models, session or routes helpers. However,
104
+ since this code is not run in the context of your application's ApplicationController it doesn't have access
105
+ to the methods defined over there.
106
+
107
+ If you use [devise](https://github.com/plataformatec/devise), you may want to use warden to authenticate the block:
108
+
109
+ ``` ruby
110
+ resource_owner_authenticator do
111
+ current_user || warden.authenticate!(:scope => :user)
112
+ end
113
+ ```
114
+
115
+ Side note: when using devise you have access to current_user as devise extends entire ActionController::Base with the current_#{mapping}.
116
+
117
+ If you are not using devise, you may want to check other ways of authentication [here](https://github.com/applicake/doorkeeper/wiki/Authenticating-using-Clearance-DIY).
118
+
119
+ ## Protecting resources with OAuth (a.k.a your API endpoint)
120
+
121
+ To protect your API with OAuth, doorkeeper only requires you to call `doorkeeper_for` helper, specifying the actions you want to protect.
122
+
123
+ For example, if you have a products controller under api/v1, you can require the OAuth authentication with:
124
+
125
+ ``` ruby
126
+ class Api::V1::ProductsController < Api::V1::ApiController
127
+ doorkeeper_for :all # Require access token for all actions
128
+ doorkeeper_for :all, :except => :index # All actions except index
129
+ doorkeeper_for :index, :show # Only for index and show action
130
+
131
+ # your actions
132
+ end
133
+ ```
134
+
135
+ You don't need to setup any before filter, `doorkeeper_for` will handle that for you.
136
+
137
+ You can pass `if` or `unless` blocks that would specify when doorkeeper has to guard the access.
138
+
139
+ ``` ruby
140
+ class Api::V1::ProductsController < Api::V1::ApiController
141
+ doorkeeper_for :all, :if => lambda { request.xhr? }
142
+ end
143
+ ```
144
+
145
+ ### ActionController::Metal integration and other integrations
146
+
147
+ The `doorkeeper_for` filter is intended to work with ActionController::Metal too. You only need to include the required `ActionController` modules:
148
+
149
+ ```ruby
150
+ class MetalController < ActionController::Metal
151
+ include AbstractController::Callbacks
152
+ include ActionController::Head
153
+ include Doorkeeper::Helpers::Filter
154
+
155
+ doorkeeper_for :all
156
+ end
157
+ ```
158
+
159
+ For more information about integration and other integrations, check out [the related wiki page](https://github.com/applicake/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
160
+
161
+ ### Access Token Scopes
162
+
163
+ You can also require the access token to have specific scopes in certain actions:
164
+
165
+ First configure the scopes in `initializers/doorkeeper.rb`
166
+
167
+ ```ruby
168
+ Doorkeeper.configure do
169
+ default_scopes :public # if no scope was requested, this will be the default
170
+ optional_scopes :admin, :write
171
+ end
172
+ ```
173
+
174
+ The in your controllers:
175
+
176
+ ```ruby
177
+ class Api::V1::ProductsController < Api::V1::ApiController
178
+ doorkeeper_for :index, :show, :scopes => [:public]
179
+ doorkeeper_for :update, :create, :scopes => [:admin, :write]
180
+ end
181
+ ```
182
+
183
+ For a more detailed explanation about scopes usage, check out the related [page in the wiki](https://github.com/applicake/doorkeeper/wiki/Using-Scopes).
184
+
185
+ ### Authenticated resource owner
186
+
187
+ If you want to return data based on the current resource owner, in other words, the access token owner, you may want to define a method in your controller that returns the resource owner instance:
188
+
189
+ ``` ruby
190
+ class Api::V1::CredentialsController < Api::V1::ApiController
191
+ doorkeeper_for :all
192
+ respond_to :json
193
+
194
+ # GET /me.json
195
+ def me
196
+ respond_with current_resource_owner
197
+ end
198
+
199
+ private
200
+
201
+ # Find the user that owns the access token
202
+ def current_resource_owner
203
+ User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
204
+ end
205
+ end
206
+ ```
207
+
208
+ In this example, we're returning the credentials (`me.json`) of the access token owner.
209
+
210
+ ### Applications list
211
+
212
+ By default, the applications list (`/oauth/applications`) is public available. To protect the endpoint you should uncomment these lines:
213
+
214
+ ```ruby
215
+ # config/initializers/doorkeeper.rb
216
+ Doorkeeper.configure do
217
+ admin_authenticator do |routes|
218
+ Admin.find_by_id(session[:admin_id]) || redirect_to(routes.new_admin_session_url)
219
+ end
220
+ end
221
+ ```
222
+
223
+ The logic is the same as the `resource_owner_authenticator` block. **Note:** since the application list is just a scaffold, it's recommended to either customize the controller used by the list or skip the controller at all. For more information see the page [in the wiki](https://github.com/applicake/doorkeeper/wiki/Customizing-routes).
224
+
225
+ ## Other customizations
226
+
227
+ - [Associate users to OAuth applications (ownership)](https://github.com/applicake/doorkeeper/wiki/Associate-users-to-OAuth-applications-%28ownership%29)
228
+ - [CORS - Cross Origin Resource Sharing](https://github.com/applicake/doorkeeper/wiki/%5BCORS%5D-Cross-Origin-Resource-Sharing)
229
+
230
+ ## Upgrading
231
+
232
+ If you want to upgrade doorkeeper to a new version, check out the [upgrading notes](https://github.com/applicake/doorkeeper/wiki/Migration-from-old-versions) and take a look at the [changelog](https://github.com/applicake/doorkeeper/blob/master/CHANGELOG.md).
233
+
234
+ ### Development
235
+
236
+ To run the local engine server:
237
+
238
+ ```
239
+ rails=3.2.8 orm=active_record bundle install
240
+ rails=3.2.8 orm=active_record bundle exec rails server
241
+ ````
242
+
243
+ By default, it uses the latest Rails version with ActiveRecord. To run the tests:
244
+
245
+ ```
246
+ rails=3.2.8 orm=active_record bundle exec rake
247
+ ```
248
+
249
+ Or you might prefer to run `script/run_all` to integrate against all ORMs.
250
+
251
+ ### Contributing
252
+
253
+ Want to contribute and don't know where to start? Check out [features we're missing](https://github.com/applicake/doorkeeper/wiki/Supported-Features), create [example apps](https://github.com/applicake/doorkeeper/wiki/Example-Applications), integrate the gem with your app and let us know!
254
+
255
+ Also, check out our [contributing guidelines page](https://github.com/applicake/doorkeeper/wiki/Contributing).
256
+
257
+ ## Other resources
258
+
259
+ ### Wiki
260
+
261
+ You can find everything about doorkeeper in our [wiki here](https://github.com/applicake/doorkeeper/wiki).
262
+
263
+ ### Live demo
264
+
265
+ Check out this [live demo](http://doorkeeper-provider.herokuapp.com) hosted on heroku. For more demos check out [the wiki](https://github.com/applicake/doorkeeper/wiki/Example-Applications).
266
+
267
+ ### Screencast
268
+
269
+ Check out this screencast from [railscasts.com](http://railscasts.com/): [#353 OAuth with Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
270
+
271
+ ### Client applications
272
+
273
+ After you set up the provider, you may want to create a client application to test the integration. Check out these [client examples](https://github.com/applicake/doorkeeper/wiki/Example-Applications) in our wiki or follow this [tutorial here](https://github.com/applicake/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
274
+
275
+ ### Supported ruby versions
276
+
277
+ All supported ruby versions are [listed here](https://github.com/applicake/doorkeeper/wiki/Supported-Ruby-&-Rails-versions).
278
+
279
+ ### Maintainers
280
+
281
+ - Felipe Elias Philipp - [coderwall.com/felipeelias](http://coderwall.com/felipeelias)
282
+ - Piotr Jakubowski - [coderwall.com/piotrj](http://coderwall.com/piotrj)
283
+
284
+ ### Contributors
285
+
286
+ Thanks to all our [awesome contributors](https://github.com/applicake/doorkeeper/contributors)!
287
+
288
+ ### License
289
+
290
+ MIT License. Copyright 2011 Applicake. [http://applicake.com](http://applicake.com)