couchkeeper 0.6.7

data/.gitignore

@@ -0,0 +1,14 @@
+.bundle/
+.rbx
+*.rbc
+log/*.log
+pkg/
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp/
+Gemfile.lock
+gemfiles/*.lock
+spec/generators/tmp
+.rvmrc
+*.swp
+

data/.rspec

@@ -0,0 +1 @@
+--colour

data/.travis.yml

@@ -0,0 +1,28 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.2
+  - 1.9.3
+  - 2.0.0
+env:
+  - rails=3.2.8
+  - rails=3.2.13
+  - rails=3.1.8
+  - rails=edge
+  - orm=mongoid2
+  - orm=mongoid3
+  - orm=mongo_mapper
+services:
+  - mongodb
+matrix:
+  allow_failures:
+    - env: orm=mongoid2
+  exclude:
+    - rvm: 1.8.7
+      env: orm=mongoid3
+    - rvm: 1.9.2
+      env: orm=mongoid3
+    - rvm: 1.8.7
+      env: rails=edge
+    - rvm: 1.9.2
+      env: rails=edge

data/CHANGELOG.md

@@ -0,0 +1,198 @@
+# Changelog
+
+## 0.6.7
+
+- internals
+  - [#188] Add IDs to the show views for integration testing [@egtann](https://github.com/egtann)
+
+## 0.6.6
+
+- enhancements
+  - [#187] Raise error if configuration is not set
+
+## 0.6.5
+
+- enhancements
+  - [#184] Vendor the Bootstrap CSS [@tylerhunt](https://github.com/tylerhunt)
+
+## 0.6.4
+
+- bug
+  - [#180] Add localization to authorized_applications destroy notice [@aalvarado](https://github.com/aalvarado)
+
+## 0.6.3
+
+- bugfixes
+  - [#163] Error response content-type header should be application/json [@ggayan](https://github.com/ggayan)
+  - [#175] Make token.expires_in_seconds return nil when expires_in is nil [@miyagawa](https://github.com/miyagawa)
+- enhancements
+  - [#166, #172, #174] Behavior to automatically authorize based on a configured proc
+- internals
+  - [#168] Using expectation syntax for controller specs [@rdsoze](https://github.com/rdsoze)
+
+## 0.6.2
+
+- bugfixes
+  - [#162] Remove ownership columns from base migration template [@rdsoze](https://github.com/rdsoze)
+
+## 0.6.1
+
+- bugfixes
+  - [#160] Removed |routes| argument from initializer authenticator blocks
+- documentation
+  - [#160] Fixed description of context of authenticator blocks
+
+## 0.6.0
+
+- enhancements
+  - Mongoid `orm` configuration accepts only :mongoid2 or :mongoid3
+  - Authorization endpoint does not redirect in #new action anymore. It wasn't specified by OAuth spec
+  - TokensController now inherits from ActionController::Metal. There might be performance upgrades
+  - Add link to authorization in Applications scaffold
+  - [#116] MongoMapper support [@carols10cents](https://github.com/carols10cents)
+  - [#122] Mongoid3 support [@petergoldstein](https://github.com/petergoldstein)
+  - [#150] Introduce test redirect uri for applications
+- bugfixes
+  - [#157] Response token status should be `:ok`, not `:success` [@theycallmeswift](https://github.com/theycallmeswift)
+  - [#159] Remove ActionView::Base.field_error_proc override (fixes #145)
+- internals
+  - Update development dependencies
+  - Several refactorings
+  - Rails/ORM are easily swichable with env vars (rails and orm)
+  - Travis now tests against Mongoid v2
+
+## 0.5.0.rc1
+
+Official support for rubinius was removed.
+
+- enhancements
+  - Configure the way access token is retrieved from request (default to bearer header)
+  - Authorization Code expiration time is now configurable
+  - Add support for mongoid
+  - [#78, #128, #137, #138] Application Ownership
+  - [#92] Allow users to skip controllers
+  - [#99] Remove deprecated warnings for data-* attributes [@towerhe](https://github.com/towerhe)
+  - [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
+  - [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
+  - [#107] Fix typos in initializer
+  - [#123] i18n for validator, flash messages [@petergoldstein](https://github.com/petergoldstein)
+  - [#140] ActiveRecord is the default value for the ORM [@petergoldstein](https://github.com/petergoldstein)
+- internals
+  - [#112, #120] Replacing update_attribute with update_column to eliminate deprecation warnings [@rmoriz](https://github.com/rmoriz), [@petergoldstein](https://github.com/petergoldstein)
+  - [#121] Updating all development dependencies to recent versions. [@petergoldstein](https://github.com/petergoldstein)
+  - [#144] Adding MongoDB dependency to .travis.yml [@petergoldstein](https://github.com/petergoldstein)
+  - [#143] Displays errors for unconfigured error messages [@timgaleckas](https://github.com/timgaleckas)
+- bugfixes
+  - [#102] Not returning 401 when access token generation fails [@cslew](https://github.com/cslew)
+  - [#125] Doorkeeper is using ActiveRecord version of as_json in ORM agnostic code [@petergoldstein](https://github.com/petergoldstein)
+  - [#142] Prevent double submission of password based authentication [@bdurand](https://github.com/bdurand)
+- documentation
+  - [#141] Add rack-cors middleware to readme [@gottfrois](https://github.com/gottfrois)
+
+## 0.4.2
+
+- bugfixes:
+  - [#94] Uninitialized Constant in Password Flow
+
+## 0.4.1
+
+- enhancements:
+  - Backport: Move doorkeeper_for extension to Filter helper
+
+## 0.4.0
+
+- deprecation
+  - Deprecate authorization_scopes
+- database changes
+  - AccessToken#resource_owner_id is not nullable
+- enhancements
+  - [#83] Add Resource Owner Password Credentials flow [@jaimeiniesta](https://github.com/jaimeiniesta)
+  - [#76] Allow token expiration to be disabled [@mattgreen](https://github.com/mattgreen)
+  - [#89] Configure the way client credentials are retrieved from request
+  - [#b6470a] Add Client Credentials flow
+- internals
+  - [#2ece8d, #f93778] Introduce Client and ErrorResponse classes
+
+## 0.3.4
+
+- Fix attr_accessible for rails 3.2.x
+
+## 0.3.3
+
+- [#86] shrink gem package size
+
+## 0.3.2
+
+- enhancements
+  - [#54] Ignore Authorization: headers that are not Bearer [@miyagawa](https://github.com/miyagawa)
+  - [#58, #64] Add destroy action to applications endpoint [@jaimeiniesta](https://github.com/jaimeiniesta), [@davidfrey](https://github.com/davidfrey)
+  - [#63] TokensController responds with `401 unauthorized` [@jaimeiniesta](https://github.com/jaimeiniesta)
+  - [#67, #72] Fix for mass-assignment [@cicloid](https://github.com/cicloid)
+- internals
+  - [#49] Add Gemnasium status image to README [@laserlemon](https://github.com/laserlemon)
+  - [#50] Fix typos [@tomekw](https://github.com/tomekw)
+  - [#51] Updated the factory_girl_rails dependency, fix expires_in response which returned a float number instead of integer [@antekpiechnik](https://github.com/antekpiechnik)
+  - [#62] Typos, .gitignore [@jaimeiniesta](https://github.com/jaimeiniesta)
+  - [#65] Change _path redirections to _url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
+  - [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
+  - Remove application link in authorized app view
+
+## 0.3.1
+
+- enhancements
+  - [#48] Add if, else options to doorkeeper_for
+  - Add views generator
+- internals
+  - Namespace models
+
+## 0.3.0
+
+- enhancements
+  - [#17, #31] Add support for client credentials in basic auth header [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+  - [#28] Add indices to migration [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+  - [#29] Allow doorkeeper to run with rails 3.2 [@john-griffin](https://github.com/john-griffin)
+  - [#30] Improve client's redirect uri validation [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+  - [#32] Add token (implicit grant) flow [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+  - [#34] Add support for custom unathorized responses [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
+  - [#36] Remove repetitions from the Authorised Applications view [@carvil](https://github.com/carvil)
+  - When user revoke an application, all tokens for that application are revoked
+  - Error messages now can be translated
+  - Install generator copies the error messages localization file
+- internals
+  - Fix deprecation warnings in ActiveSupport::Base64
+  - Remove deprecation in doorkeeper_for that handles hash arguments
+  - Depends on railties instead of whole rails framework
+  - CI now integrates with rails 3.1 and 3.2
+
+## 0.2.0
+
+- enhancements
+  - [#4] Add authorized applications endpoint
+  - [#5, #11] Add access token scopes
+  - [#10] Add access token expiration by default
+  - [#9, #12] Add refresh token flow
+- internals
+  - [#7] Improve configuration options with :default
+  - Improve configuration options with :builder
+  - Refactor config class
+  - Improve coverage of authorization request integration
+- bug fixes
+  - [#6, #20] Fix access token response headers
+  - Fix issue with state parameter
+- deprecation
+  - deprecate :only and :except options in doorkeeper_for
+
+## 0.1.1
+
+- enhancements
+  - [#3] Authorization code must be short lived and single use
+  - [#2] Improve views provided by doorkeeper
+  - [#1] Skips authorization form if the client has been authorized by the resource owner
+  - Improve readme
+- bugfixes
+  - Fix issue when creating the access token (wrong client id)
+
+## 0.1.0
+
+- Authorization Code flow
+- OAuth applications endpoint

data/Gemfile

@@ -0,0 +1,32 @@
+# Defaults. For supported versions check .travis.yml
+ENV['rails'] ||= '3.2.8'
+ENV['orm']   ||= 'active_record'
+
+source 'https://rubygems.org'
+
+gem 'jquery-rails'
+
+# Define Rails version
+rails_version = ENV['rails'].match(/edge/) ? {:github => 'rails/rails'} : ENV['rails']
+gem 'rails', rails_version
+
+gem 'database_cleaner', '~> 1.0.0.RC1' if rails_version.is_a?(Hash)
+
+case ENV['orm']
+when 'active_record'
+  gem 'activerecord'
+
+when 'mongoid2'
+  gem 'mongoid', '2.5.1'
+  gem 'bson_ext', '~> 1.7'
+
+when 'mongoid3'
+  gem 'mongoid', '3.0.10'
+
+when 'mongo_mapper'
+  gem 'mongo_mapper', '0.12.0'
+  gem 'bson_ext', '~> 1.7'
+
+end
+
+gemspec

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2011 Applicake. http://applicake.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,290 @@
+# Doorkeeper - awesome oauth provider for your Rails app.
+
+[![Build Status](https://travis-ci.org/applicake/doorkeeper.png?branch=master)](https://travis-ci.org/applicake/doorkeeper)
+[![Dependency Status](https://gemnasium.com/applicake/doorkeeper.png?travis)](https://gemnasium.com/applicake/doorkeeper)
+[![Code Climate](https://codeclimate.com/github/applicake/doorkeeper.png)](https://codeclimate.com/github/applicake/doorkeeper)
+[![Gem Version](https://badge.fury.io/rb/doorkeeper.png)](https://rubygems.org/gems/doorkeeper)
+
+Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionality to your application.
+
+The gem is under constant development. It is based in the [version 22 of the OAuth specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-22) and it still does not support all OAuth features.
+
+## Useful links
+
+- For documentation, please check out our [wiki](https://github.com/applicake/doorkeeper/wiki)
+- For general questions, please post it in our [google groups](https://groups.google.com/forum/?fromgroups#!forum/doorkeeper-gem) or [stack overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
+
+## Requirements
+
+- Ruby 1.8.7, 1.9.2 or 1.9.3
+- Rails 3.1.x or 3.2.x
+- ORM ActiveRecord, Mongoid 2, Mongoid 3 or MongoMapper
+
+## Installation
+
+Put this in your Gemfile:
+
+``` ruby
+gem 'doorkeeper', '~> 0.6.7'
+```
+
+Run the installation generator with:
+
+    rails generate doorkeeper:install
+
+This will install the doorkeeper initializer into `config/initializers/doorkeeper.rb`.
+
+## Configuration
+
+### Active Record
+
+By default doorkeeper is configured to use active record, so to start you have to generate the migration tables:
+
+    rails generate doorkeeper:migration
+
+Don't forget to run the migration with:
+
+    rake db:migrate
+
+### Mongoid / MongoMapper
+
+Doorkeeper currently supports MongoMapper, Mongoid 2 and 3. To start using it, you have to set the `orm` configuration:
+
+``` ruby
+Doorkeeper.configure do
+  orm :mongoid2 # or :mongoid3, :mongo_mapper
+end
+```
+
+#### Mongoid indexes
+
+Make sure you create indexes for doorkeeper models. You can do this either by running `rake db:mongoid:create_indexes` or (if you're using Mongoid 2) by adding `autocreate_indexes: true` to your `config/mongoid.yml`
+
+#### MongoMapper indexes
+
+Generate the `db/indexes.rb` file and create indexes for the doorkeeper models:
+
+    rails generate doorkeeper:mongo_mapper:indexes
+    rake db:index
+
+### Routes
+
+The installation script will also automatically add the Doorkeeper routes into your app, like this:
+
+``` ruby
+Rails.application.routes.draw do
+  use_doorkeeper
+  # your routes
+end
+```
+
+This will mount following routes:
+
+    GET       /oauth/authorize
+    POST      /oauth/authorize
+    DELETE    /oauth/authorize
+    POST      /oauth/token
+    resources /oauth/applications
+
+For more information on how to customize routes, check out [this page on the wiki](https://github.com/applicake/doorkeeper/wiki/Customizing-routes).
+
+### Authenticating
+
+You need to configure Doorkeeper in order to provide resource_owner model and authentication block `initializers/doorkeeper.rb`
+
+``` ruby
+Doorkeeper.configure do
+  resource_owner_authenticator do
+    User.find(session[:current_user_id]) || redirect_to(login_url)
+  end
+end
+```
+
+This code is run in the context of your application so you have access to your models, session or routes helpers. However,
+since this code is not run in the context of your application's ApplicationController it doesn't have access
+to the methods defined over there.
+
+If you use [devise](https://github.com/plataformatec/devise), you may want to use warden to authenticate the block:
+
+``` ruby
+resource_owner_authenticator do
+  current_user || warden.authenticate!(:scope => :user)
+end
+```
+
+Side note: when using devise you have access to current_user as devise extends entire ActionController::Base with the current_#{mapping}.
+
+If you are not using devise, you may want to check other ways of authentication [here](https://github.com/applicake/doorkeeper/wiki/Authenticating-using-Clearance-DIY).
+
+## Protecting resources with OAuth (a.k.a your API endpoint)
+
+To protect your API with OAuth, doorkeeper only requires you to call `doorkeeper_for` helper, specifying the actions you want to protect.
+
+For example, if you have a products controller under api/v1, you can require the OAuth authentication with:
+
+``` ruby
+class Api::V1::ProductsController < Api::V1::ApiController
+  doorkeeper_for :all                     # Require access token for all actions
+  doorkeeper_for :all, :except => :index  # All actions except index
+  doorkeeper_for :index, :show            # Only for index and show action
+
+  # your actions
+end
+```
+
+You don't need to setup any before filter, `doorkeeper_for` will handle that for you.
+
+You can pass `if` or `unless` blocks that would specify when doorkeeper has to guard the access.
+
+``` ruby
+class Api::V1::ProductsController < Api::V1::ApiController
+  doorkeeper_for :all, :if => lambda { request.xhr? }
+end
+```
+
+### ActionController::Metal integration and other integrations
+
+The `doorkeeper_for` filter is intended to work with ActionController::Metal too. You only need to include the required `ActionController` modules:
+
+```ruby
+class MetalController < ActionController::Metal
+  include AbstractController::Callbacks
+  include ActionController::Head
+  include Doorkeeper::Helpers::Filter
+
+  doorkeeper_for :all
+end
+```
+
+For more information about integration and other integrations, check out [the related wiki page](https://github.com/applicake/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
+
+### Access Token Scopes
+
+You can also require the access token to have specific scopes in certain actions:
+
+First configure the scopes in `initializers/doorkeeper.rb`
+
+```ruby
+Doorkeeper.configure do
+  default_scopes :public # if no scope was requested, this will be the default
+  optional_scopes :admin, :write
+end
+```
+
+The in your controllers:
+
+```ruby
+class Api::V1::ProductsController < Api::V1::ApiController
+  doorkeeper_for :index, :show,    :scopes => [:public]
+  doorkeeper_for :update, :create, :scopes => [:admin, :write]
+end
+```
+
+For a more detailed explanation about scopes usage, check out the related [page in the wiki](https://github.com/applicake/doorkeeper/wiki/Using-Scopes).
+
+### Authenticated resource owner
+
+If you want to return data based on the current resource owner, in other words, the access token owner, you may want to define a method in your controller that returns the resource owner instance:
+
+``` ruby
+class Api::V1::CredentialsController < Api::V1::ApiController
+  doorkeeper_for :all
+  respond_to     :json
+
+  # GET /me.json
+  def me
+    respond_with current_resource_owner
+  end
+
+  private
+
+  # Find the user that owns the access token
+  def current_resource_owner
+    User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+  end
+end
+```
+
+In this example, we're returning the credentials (`me.json`) of the access token owner.
+
+### Applications list
+
+By default, the applications list (`/oauth/applications`) is public available. To protect the endpoint you should uncomment these lines:
+
+```ruby
+# config/initializers/doorkeeper.rb
+Doorkeeper.configure do
+  admin_authenticator do |routes|
+    Admin.find_by_id(session[:admin_id]) || redirect_to(routes.new_admin_session_url)
+  end
+end
+```
+
+The logic is the same as the `resource_owner_authenticator` block. **Note:** since the application list is just a scaffold, it's recommended to either customize the controller used by the list or skip the controller at all. For more information see the page [in the wiki](https://github.com/applicake/doorkeeper/wiki/Customizing-routes).
+
+## Other customizations
+
+- [Associate users to OAuth applications (ownership)](https://github.com/applicake/doorkeeper/wiki/Associate-users-to-OAuth-applications-%28ownership%29)
+- [CORS - Cross Origin Resource Sharing](https://github.com/applicake/doorkeeper/wiki/%5BCORS%5D-Cross-Origin-Resource-Sharing)
+
+## Upgrading
+
+If you want to upgrade doorkeeper to a new version, check out the [upgrading notes](https://github.com/applicake/doorkeeper/wiki/Migration-from-old-versions) and take a look at the [changelog](https://github.com/applicake/doorkeeper/blob/master/CHANGELOG.md).
+
+### Development
+
+To run the local engine server:
+
+```
+rails=3.2.8 orm=active_record bundle install
+rails=3.2.8 orm=active_record bundle exec rails server
+````
+
+By default, it uses the latest Rails version with ActiveRecord. To run the tests:
+
+```
+rails=3.2.8 orm=active_record bundle exec rake
+```
+
+Or you might prefer to run `script/run_all` to integrate against all ORMs.
+
+### Contributing
+
+Want to contribute and don't know where to start? Check out [features we're missing](https://github.com/applicake/doorkeeper/wiki/Supported-Features), create [example apps](https://github.com/applicake/doorkeeper/wiki/Example-Applications), integrate the gem with your app and let us know!
+
+Also, check out our [contributing guidelines page](https://github.com/applicake/doorkeeper/wiki/Contributing).
+
+## Other resources
+
+### Wiki
+
+You can find everything about doorkeeper in our [wiki here](https://github.com/applicake/doorkeeper/wiki).
+
+### Live demo
+
+Check out this [live demo](http://doorkeeper-provider.herokuapp.com) hosted on heroku. For more demos check out [the wiki](https://github.com/applicake/doorkeeper/wiki/Example-Applications).
+
+### Screencast
+
+Check out this screencast from [railscasts.com](http://railscasts.com/): [#353 OAuth with Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
+
+### Client applications
+
+After you set up the provider, you may want to create a client application to test the integration. Check out these [client examples](https://github.com/applicake/doorkeeper/wiki/Example-Applications) in our wiki or follow this [tutorial here](https://github.com/applicake/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
+
+### Supported ruby versions
+
+All supported ruby versions are [listed here](https://github.com/applicake/doorkeeper/wiki/Supported-Ruby-&-Rails-versions).
+
+### Maintainers
+
+- Felipe Elias Philipp - [coderwall.com/felipeelias](http://coderwall.com/felipeelias)
+- Piotr Jakubowski - [coderwall.com/piotrj](http://coderwall.com/piotrj)
+
+### Contributors
+
+Thanks to all our [awesome contributors](https://github.com/applicake/doorkeeper/contributors)!
+
+### License
+
+MIT License. Copyright 2011 Applicake. [http://applicake.com](http://applicake.com)