devise-doorkeeper 1.1.2.ci.123.1 → 1.1.2.ci.129.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ec70e2d73ecc69bd9b4bef262671443b770a3984e12895c3c43d81987a2e1f0
-  data.tar.gz: 0bf231a00ff0f75ce2ec1d5736d9a4f3acf1bddc594cbbd31ea7b955ec26e62a
+  metadata.gz: 443328b2b197e80b47460a63a483fccde2204cbb32c9a2f113c8a5078dd71128
+  data.tar.gz: dbc5e6aa9e9d37f3d92e645d03aa1230190ad789e4ed95560603deed5696e91c
 SHA512:
-  metadata.gz: 814ff27b58558cf4dfab00dd89c780f0d10386e17ea50a6c26057f6b3d8d0ad2e8a7a7af71e856d7bd5e22225104eda74a0e6c5749d4f90eabfba6b1d1e1028c
-  data.tar.gz: 319f9bcdba1a5e0ab1943a3d47417cc878d838b3fcd8bdf14b64f1b5a5cdb013ad0d6ec369c7e4c0b5c7c64704e2b9ffcdab7a0d73077d6f0256e39f4bce1b8a
+  metadata.gz: bee9e8edbcf6e3c3b481b934887c769eaea1fbcc4024bbfc3aaf90208c3617c80569cbc569768bd737295a7f409b81b888f7a1079feb3302d5dc39fff3e0e42a
+  data.tar.gz: 520f78f01c13c587c335a2d54395d44fce444b02805531a10ca8339aa49970aa66e648f0d983f708713a90ee0b68b844ecb52c7d1cf9c34320d3ba4eca31df74

data/devise-doorkeeper.gemspec

@@ -18,9 +18,9 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'rails', '~> 5.0.0'
-  spec.add_dependency 'devise', '~> 4.7'
-  spec.add_dependency 'doorkeeper', '~> 5.5'
+  spec.add_dependency 'rails'
+  spec.add_dependency 'devise'
+  spec.add_dependency 'doorkeeper'
 
   spec.add_development_dependency 'bundler', '~> 2.2'
   spec.add_development_dependency 'rspec-rails', '~> 4.0'

data/lib/devise/doorkeeper/doorkeeper_failure_app.rb

@@ -1,4 +1,5 @@
 require 'devise/strategies/doorkeeper'
+require 'devise/doorkeeper/unconfirmed_resource_response'
 
 module Devise
   module Doorkeeper
@@ -6,6 +7,8 @@ module Devise
       def respond
         if oauth_error?
           invalid_oauth_token
+        elsif unconfirmed_resource?
+          unconfirmed_resource
         else
           super
         end
@@ -17,12 +20,23 @@ module Devise
         warden_message == Devise::Strategies::Doorkeeper::WARDEN_INVALID_TOKEN_MESSAGE
       end
 
+      def unconfirmed_resource?
+        warden_message == Devise::Strategies::Doorkeeper::WARDEN_UNCONFIRMED_RESOURCE_MESSAGE
+      end
+
       def invalid_oauth_token
         error = ::Doorkeeper::OAuth::InvalidTokenResponse.new
         headers.merge! error.headers
         self.response_body = error.body.to_json
         self.status = error.status
       end
+
+      def unconfirmed_resource
+        error = UnconfirmedResourceResponse.new
+        headers.merge! error.headers
+        self.response_body = error.body.to_json
+        self.status = error.status
+      end
     end
   end
 end

data/lib/devise/doorkeeper/unconfirmed_resource_response.rb

@@ -0,0 +1,19 @@
+require 'devise/strategies/doorkeeper'
+
+module Devise
+  module Doorkeeper
+    class UnconfirmedResourceResponse < ::Doorkeeper::OAuth::ErrorResponse
+      def initialize(attributes = {})
+        super(attributes.merge(name: :unconfirmed_resource, state: :locked))
+      end
+
+      def status
+        :locked
+      end
+
+      def exception_class
+        ::Doorkeeper::Errors::DoorkeeperError
+      end
+    end
+  end
+end

data/lib/devise/strategies/doorkeeper.rb

@@ -7,6 +7,7 @@ module Devise
   module Strategies
     class Doorkeeper < ::Devise::Strategies::Authenticatable
       WARDEN_INVALID_TOKEN_MESSAGE = :invalid_token
+      WARDEN_UNCONFIRMED_RESOURCE_MESSAGE = :unconfirmed_resource
 
       def valid?
         credentials = ::Doorkeeper::OAuth::Token.from_request(request, *access_token_methods)
@@ -17,7 +18,11 @@ module Devise
         resource = resource_from_token
         if validate(resource)
           request.env['devise.skip_trackable'] = true
-          success!(resource)
+          if resource.active_for_authentication?
+            success!(resource)
+          else
+            unconfirmed_resource
+          end
         else
           invalid_token
         end
@@ -48,6 +53,11 @@ module Devise
         mapping.to.find(token.resource_owner_id)
       end
 
+      def unconfirmed_resource
+        fail!(WARDEN_UNCONFIRMED_RESOURCE_MESSAGE)
+        throw :warden
+      end
+
       def invalid_token
         fail!(WARDEN_INVALID_TOKEN_MESSAGE)
         throw :warden

data/spec/dummy/app/models/user.rb

@@ -2,6 +2,10 @@ class User < ActiveRecord::Base
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :trackable, :validatable, :confirmable
   devise :database_authenticatable, :doorkeeper
+
+  def send_confirmation_notification?
+    false
+  end
 end

data/spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb

@@ -0,0 +1,11 @@
+class AddConfirmableFieldToUsers < ActiveRecord::Migration[5.0]
+  def change
+    change_table(:users) do |t|
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+    end
+  end
+end

data/spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20210301163315) do
+ActiveRecord::Schema.define(version: 20210301204550) do
 
   create_table "oauth_access_grants", force: :cascade do |t|
     t.integer  "resource_owner_id", null: false
@@ -63,6 +63,10 @@ ActiveRecord::Schema.define(version: 20210301163315) do
     t.datetime "last_sign_in_at"
     t.string   "current_sign_in_ip"
     t.string   "last_sign_in_ip"
+    t.string   "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string   "unconfirmed_email"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end

data/spec/factories/users.rb

@@ -4,5 +4,10 @@ FactoryBot.define do
   factory :user do
     email { Faker::Internet.email }
     password { Faker::Internet.password }
+    confirmed_at { Time.current }
+
+    trait :when_unconfirmed do
+      confirmed_at { nil }
+    end
   end
 end

data/spec/requests/oauth/bearer_tokens_spec.rb

@@ -3,28 +3,43 @@ require 'rails_helper'
 RSpec.describe 'OAuth bearer token requests', type: :request do
   let(:request_path) { '/example.json' }
   context 'with valid access token' do
-    with :access_token
-    let(:headers) do
-      {
-        'Authorization' => "Bearer #{access_token.token}"
-      }
-    end
-    let(:params) { {} }
-    before do
-      @original_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
-      get request_path, params, headers
-    end
-    it { expect(response.status).to eq 200 }
-    it 'does not send Set-Cookie headers' do
-      expect(response.headers).to_not include 'Set-Cookie'
+    context 'when user confirmed' do
+      let(:access_token) { create(:access_token) }
+      let(:headers) do
+        {
+          'Authorization' => "Bearer #{access_token.token}"
+        }
+      end
+      let(:params) { {} }
+      before do
+        @original_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
+        get request_path, params: params, headers: headers
+      end
+      it { expect(response.status).to eq 200 }
+      it 'does not send Set-Cookie headers' do
+        expect(response.headers).to_not include 'Set-Cookie'
+      end
+      it 'does not update the user last_signin_at timestamp' do
+        new_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
+        expect(new_timestamp).to eq @original_timestamp
+      end
     end
-    it 'does not update the user last_signin_at timestamp' do
-      new_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
-      expect(new_timestamp).to eq @original_timestamp
+    context 'when user unconfirmed' do
+      let(:user) { create(:user, :when_unconfirmed) }
+      let(:access_token) { create(:access_token, resource_owner_id: user.id) }
+      let(:headers) do
+        {
+          'Authorization' => "Bearer #{access_token.token}"
+        }
+      end
+      before do
+        get request_path, headers: headers
+      end
+      it { expect(response.status).to eq 423 }
     end
   end
   context 'with expired access token' do
-    with :access_token, expires_in: 0
+    let(:access_token) { create(:access_token, expires_in: 0) }
     let(:headers) do
       {
         'Authorization' => "Bearer #{access_token.token}"
@@ -32,14 +47,14 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
     end
     let(:params) { {} }
     before do
-      get request_path, params, headers
+      get request_path, params: params, headers: headers
     end
     it { expect(response.status).to eq 401 }
     it { expect(response.headers['WWW-Authenticate']).to eq 'Bearer realm="DeviseDoorkeeperApp", error="invalid_token", error_description="The access token is invalid"' }
     it { expect(response.body).to eq '{"error":"invalid_token","error_description":"The access token is invalid","state":"unauthorized"}' }
   end
   context 'with revoked access token' do
-    with :access_token, revoked_at: 1.year.ago
+    let(:access_token) { create(:access_token, revoked_at: 1.year.ago) }
     let(:headers) do
       {
         'Authorization' => "Bearer #{access_token.token}"
@@ -47,7 +62,7 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
     end
     let(:params) { {} }
     before do
-      get request_path, params, headers
+      get request_path, params: params, headers: headers
     end
     it { expect(response.status).to eq 401 }
   end
@@ -60,7 +75,7 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
     end
     let(:params) { {} }
     before do
-      get request_path, params, headers
+      get request_path, params: params, headers: headers
     end
     it { expect(response.status).to eq 401 }
   end

data/spec/requests/oauth/password_grant_spec.rb

@@ -23,7 +23,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
       }.to_json
     end
     before do
-      post '/oauth/token', params, headers
+      post '/oauth/token', params: params, headers: headers
       @new_token = Doorkeeper::AccessToken.last
     end
     it { expect(response.status).to eq 200 }
@@ -43,7 +43,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
     end
     let(:headers) { {} }
     before do
-      post '/oauth/token', params, headers
+      post '/oauth/token', params: params, headers: headers
     end
     it { expect(response.status).to eq 400 }
   end
@@ -61,7 +61,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
     end
     let(:headers) { {} }
     before do
-      post '/oauth/token', params, headers
+      post '/oauth/token', params: params, headers: headers
     end
     it { expect(response.status).to eq 400 }
   end

metadata

@@ -1,57 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: devise-doorkeeper
 version: !ruby/object:Gem::Version
-  version: 1.1.2.ci.123.1
+  version: 1.1.2.ci.129.1
 platform: ruby
 authors:
 - BetterUp
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-02 00:00:00.000000000 Z
+date: 2021-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.7'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.7'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: doorkeeper
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.5'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.5'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -224,6 +224,7 @@ files:
 - devise-doorkeeper.gemspec
 - lib/devise/doorkeeper.rb
 - lib/devise/doorkeeper/doorkeeper_failure_app.rb
+- lib/devise/doorkeeper/unconfirmed_resource_response.rb
 - lib/devise/doorkeeper/version.rb
 - lib/devise/strategies/doorkeeper.rb
 - spec/dummy/.rspec
@@ -275,6 +276,7 @@ files:
 - spec/dummy/db/migrate/20150120154657_create_doorkeeper_tables.rb
 - spec/dummy/db/migrate/20150120162830_add_devise_to_users.rb
 - spec/dummy/db/migrate/20210301163315_add_confidential_to_doorkeeper_application.rb
+- spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.keep
 - spec/dummy/log/.keep
@@ -366,6 +368,7 @@ test_files:
 - spec/dummy/db/migrate/20150120154657_create_doorkeeper_tables.rb
 - spec/dummy/db/migrate/20150120162830_add_devise_to_users.rb
 - spec/dummy/db/migrate/20210301163315_add_confidential_to_doorkeeper_application.rb
+- spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.keep
 - spec/dummy/log/.keep