doorkeeper-mongodb 5.2.1 → 5.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d0a38ac3113c658f1734bcafc4400ad23b43868a9eed97e7e132d05dd25a6a5
-  data.tar.gz: 74e4f1804b455188ecb88401e934e5c8074d8d3bf9836e009c8ee7c24c0e961b
+  metadata.gz: f2798483ff1a989a1b8cefc2e94771e735c08f52879675c69b1808a912e2f730
+  data.tar.gz: ee24b6384a5378b6353a0a9006648feea656ab9d2c17d5fd596f6bf8637cadc9
 SHA512:
-  metadata.gz: c8749be507eea672fb6cc7f19ce28595c9ef675a0b5bb1e739f2faf5aae4537fe0275d43c4acba3f7507225102ff2bca2796b58f630edc438e229d31ae4bd799
-  data.tar.gz: 2b09f98f420b2993cbe903773a9cb5aac22281235a55515afbbb98c596a5ad2562612700b20d5a477fa52f4df924e7c9ff9ff913677947629dfe8a854432390d
+  metadata.gz: 260955b7a8b92403cf62913ee6eea0cd230b7f19cb030d8432a04916c821e392609641fc13f080e097703a1c96a8139df6e1800034e499b342c53940fdf40054
+  data.tar.gz: 3c79d4fdfbc2968716d2940c5f732a3476950cb5bcbc4120b040538fbd246299e398069a81fc5b2a001277af0fe2d4e48dcd08d0a7fc9a972de2e3e0ac82817d

data/README.md

@@ -9,26 +9,15 @@ of doorkeeper-mongodb you are using in: https://github.com/doorkeeper-gem/doorke
 
 ## Installation
 
-`doorkeeper-mongodb` provides [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) support to [Mongoid](https://github.com/mongodb/mongoid)
-(2, 3, 4 and 5 for doorkeeper-mongodb `3.0` and 4, 5, 6 and 7 for version `4.0` and higher). To start using it, add
-to your Gemfile:
+`doorkeeper-mongodb` provides [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) support
+for [Mongoid](https://github.com/mongodb/mongoid) versions 6 and later. Earlier versions of Mongoid
+are supported on earlier versions of `doorkeeper-mongodb`.
 
-``` ruby
-# For Doorkeeper >= 5.2
-gem 'doorkeeper', '~> 5.2'
-gem 'doorkeeper-mongodb', '~> 5.2'
+To start using it, add both `doorkeeper` and `doorkeeper-mongodb` to your Gemfile:
 
-# For Doorkeeper >= 5.0
-gem 'doorkeeper', '~> 5.0'
-gem 'doorkeeper-mongodb', '~> 5.0'
-
-# For Doorkeeper >= 4.4 && < 5.0
-gem 'doorkeeper', '~> 4.4'
-gem 'doorkeeper-mongodb', '~> 4.2'
-
-# For Doorkeeper < 4.4
-gem 'doorkeeper', '~> 4.3'
-gem 'doorkeeper-mongodb', '~> 4.1.0'
+```ruby
+gem 'doorkeeper'
+gem 'doorkeeper-mongodb'
 
 # or if you want to use cutting edge version:
 # gem 'doorkeeper-mongodb', github: 'doorkeeper-gem/doorkeeper-mongodb'
@@ -36,7 +25,9 @@ gem 'doorkeeper-mongodb', '~> 4.1.0'
 
 Run [doorkeeper’s installation generator]:
 
-    rails generate doorkeeper:install
+```bash
+$ rails generate doorkeeper:install
+```
 
 [doorkeeper’s installation generator]: https://github.com/doorkeeper-gem/doorkeeper#installation
 
@@ -45,20 +36,14 @@ This will install the doorkeeper initializer into
 
 Set the ORM configuration:
 
-``` ruby
+```ruby
 Doorkeeper.configure do
   orm :mongoid7 # or any other version of mongoid
 end
 ```
 
-## MongoMapper
-
-**NOTE**: Support of MongoMapper gem was dropped.
-
 ## Indexes
 
-### Mongoid
-
 Make sure you create indexes for doorkeeper models. You can do this either by
 running `rake db:mongoid:create_indexes` or (if you're using Mongoid 2) by
 adding `autocreate_indexes: true` to your `config/mongoid.yml`
@@ -71,7 +56,7 @@ variables defined in `.travis.yml` file.
 
 To run locally, you need to choose a gemfile, with a command similar to:
 
-```
+```bash
 $ export RAILS=5.1
 $ export BUNDLE_GEMFILE=$PWD/gemfiles/Gemfile.mongoid6.rb
 ```

data/lib/doorkeeper/orm/concerns/mongoid/ownership.rb

@@ -13,7 +13,7 @@ module Doorkeeper
             belongs_to_options[:optional] = true if ::Mongoid::VERSION[0].to_i >= 6
 
             belongs_to :owner, belongs_to_options
-            validates :owner, presence: true, if: :validate_owner?
+            validates_presence_of :owner, if: :validate_owner?
           end
 
           def validate_owner?

data/lib/doorkeeper/orm/concerns/mongoid/resource_ownerable.rb

@@ -19,7 +19,7 @@ module Doorkeeper
             #
             def by_resource_owner(resource_owner)
               if DoorkeeperMongodb.doorkeeper_version?(5, 3) &&
-                Doorkeeper.configuration.try(:polymorphic_resource_owner?)
+                 Doorkeeper.configuration.try(:polymorphic_resource_owner?)
                 where(resource_owner: resource_owner)
               else
                 where(resource_owner_id: resource_owner_id_for(resource_owner))

data/lib/doorkeeper/orm/mongoid4.rb

@@ -5,7 +5,22 @@ require "active_support/lazy_load_hooks"
 module Doorkeeper
   module Orm
     module Mongoid4
+      def self.run_hooks
+        lazy_load do
+          require "doorkeeper/orm/mongoid4/access_grant"
+          require "doorkeeper/orm/mongoid4/access_token"
+          require "doorkeeper/orm/mongoid4/application"
+          require "doorkeeper/orm/mongoid4/stale_records_cleaner"
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+        @initialized_hooks = true
+      end
+
+      # @deprecated
       def self.initialize_models!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/mongoid4/access_grant"
           require "doorkeeper/orm/mongoid4/access_token"
@@ -14,7 +29,10 @@ module Doorkeeper
         end
       end
 
+      # @deprecated
       def self.initialize_application_owner!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/concerns/mongoid/ownership"
 

data/lib/doorkeeper/orm/mongoid5.rb

@@ -5,7 +5,22 @@ require "active_support/lazy_load_hooks"
 module Doorkeeper
   module Orm
     module Mongoid5
+      def self.run_hooks
+        lazy_load do
+          require "doorkeeper/orm/mongoid5/access_grant"
+          require "doorkeeper/orm/mongoid5/access_token"
+          require "doorkeeper/orm/mongoid5/application"
+          require "doorkeeper/orm/mongoid5/stale_records_cleaner"
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+        @initialized_hooks = true
+      end
+
+      # @deprecated
       def self.initialize_models!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/mongoid5/access_grant"
           require "doorkeeper/orm/mongoid5/access_token"
@@ -14,7 +29,10 @@ module Doorkeeper
         end
       end
 
+      # @deprecated
       def self.initialize_application_owner!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/concerns/mongoid/ownership"
 

data/lib/doorkeeper/orm/mongoid6.rb

@@ -5,7 +5,22 @@ require "active_support/lazy_load_hooks"
 module Doorkeeper
   module Orm
     module Mongoid6
+      def self.run_hooks
+        lazy_load do
+          require "doorkeeper/orm/mongoid6/access_grant"
+          require "doorkeeper/orm/mongoid6/access_token"
+          require "doorkeeper/orm/mongoid6/application"
+          require "doorkeeper/orm/mongoid6/stale_records_cleaner"
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+        @initialized_hooks = true
+      end
+
+      # @deprecated
       def self.initialize_models!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/mongoid6/access_grant"
           require "doorkeeper/orm/mongoid6/access_token"
@@ -14,7 +29,10 @@ module Doorkeeper
         end
       end
 
+      # @deprecated
       def self.initialize_application_owner!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/concerns/mongoid/ownership"
 

data/lib/doorkeeper/orm/mongoid7.rb

@@ -5,7 +5,22 @@ require "active_support/lazy_load_hooks"
 module Doorkeeper
   module Orm
     module Mongoid7
+      def self.run_hooks
+        lazy_load do
+          require "doorkeeper/orm/mongoid7/access_grant"
+          require "doorkeeper/orm/mongoid7/access_token"
+          require "doorkeeper/orm/mongoid7/application"
+          require "doorkeeper/orm/mongoid7/stale_records_cleaner"
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+        @initialized_hooks = true
+      end
+
+      # @deprecated
       def self.initialize_models!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/mongoid7/access_grant"
           require "doorkeeper/orm/mongoid7/access_token"
@@ -14,7 +29,10 @@ module Doorkeeper
         end
       end
 
+      # @deprecated
       def self.initialize_application_owner!
+        return if @initialized_hooks
+
         lazy_load do
           require "doorkeeper/orm/concerns/mongoid/ownership"
 

data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb

@@ -14,6 +14,7 @@ module DoorkeeperMongodb
         include Doorkeeper::Models::SecretStorable
         include Doorkeeper::Orm::Concerns::Mongoid::ResourceOwnerable
         include BaseMixin
+        include JsonSerializable
 
         included do
           belongs_to_opts = {
@@ -35,8 +36,9 @@ module DoorkeeperMongodb
             belongs_to :resource_owner, polymorphic: true
           end
 
-          validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, presence: true
-          validates :token, uniqueness: true
+          validates_presence_of :resource_owner_id, :application_id, :token,
+                                :expires_in, :redirect_uri
+          validates_uniqueness_of :token
 
           before_validation :generate_token, on: :create
         end
@@ -122,15 +124,14 @@ module DoorkeeperMongodb
 
           # @param code_verifier [#to_s] a one time use value (any object that responds to `#to_s`)
           #
-          # @return [#to_s] An encoded code challenge based on the provided verifier suitable for PKCE validation
+          # @return [#to_s] An encoded code challenge based on the provided verifier suitable
+          #   for PKCE validation
           def generate_code_challenge(code_verifier)
             padded_result = Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier))
             padded_result.split("=")[0] # Remove any trailing '='
           end
 
-          def pkce_supported?
-            new.pkce_supported?
-          end
+          delegate :pkce_supported?, to: :new
 
           ##
           # Determines the secret storing transformer

data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb

@@ -15,6 +15,7 @@ module DoorkeeperMongodb
         include Doorkeeper::Models::SecretStorable
         include Doorkeeper::Orm::Concerns::Mongoid::ResourceOwnerable
         include BaseMixin
+        include JsonSerializable
 
         included do
           belongs_to_opts = {
@@ -40,8 +41,9 @@ module DoorkeeperMongodb
             belongs_to :resource_owner, opts
           end
 
-          validates :token, presence: true, uniqueness: true
-          validates :refresh_token, uniqueness: true, if: :use_refresh_token?
+          validates_presence_of :token
+          validates_uniqueness_of :token
+          validates_uniqueness_of :refresh_token, if: :use_refresh_token?
 
           # @attr_writer [Boolean, nil] use_refresh_token
           #   indicates the possibility of using refresh token
@@ -367,10 +369,10 @@ module DoorkeeperMongodb
         # and clears `:previous_refresh_token` attribute.
         #
         def revoke_previous_refresh_token!
-          return unless self.class.refresh_token_revoked_on_use?
+          return if !self.class.refresh_token_revoked_on_use? || previous_refresh_token.blank?
 
           old_refresh_token&.revoke
-          update(previous_refresh_token: "")
+          update_attribute(:previous_refresh_token, "")
         end
 
         private
@@ -418,7 +420,8 @@ module DoorkeeperMongodb
 
           return generator if generator.respond_to?(:generate)
 
-          raise Doorkeeper::Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
+          raise Doorkeeper::Errors::UnableToGenerateToken,
+                "#{generator} does not respond to `.generate`."
         rescue NameError
           raise Doorkeeper::Errors::TokenGeneratorNotFound, "#{generator_name} not found"
         end

data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb

@@ -36,8 +36,8 @@ module DoorkeeperMongodb
           has_many :access_grants, has_many_options.merge(class_name: access_grants_class_name)
           has_many :access_tokens, has_many_options.merge(class_name: access_tokens_class_name)
 
-          validates :name, :secret, :uid, presence: true
-          validates :uid, uniqueness: true
+          validates_presence_of :name, :secret, :uid
+          validates_uniqueness_of :uid
 
           # Before Doorkeeper 5.2.3
           if defined?(::RedirectUriValidator)
@@ -46,11 +46,87 @@ module DoorkeeperMongodb
             validates :redirect_uri, "doorkeeper/redirect_uri": true
           end
 
-          validates :confidential, inclusion: { in: [true, false] }
+          validates_inclusion_of :confidential, in: [true, false]
 
           validate :scopes_match_configured, if: :enforce_scopes?
 
           before_validation :generate_uid, :generate_secret, on: :create
+
+          # Represents client as set of it's attributes in JSON format.
+          # This is the right way how we want to override ActiveRecord #to_json.
+          #
+          # Respects privacy settings and serializes minimum set of attributes
+          # for public/private clients and full set for authorized owners.
+          #
+          # @return [Hash] entity attributes for JSON
+          #
+          def as_json(options = {})
+            # if application belongs to some owner we need to check if it's the same as
+            # the one passed in the options or check if we render the client as an owner
+            if (respond_to?(:owner) && owner && owner == options[:current_resource_owner]) ||
+               options[:as_owner]
+              # Owners can see all the client attributes, fallback to ActiveModel serialization
+              super
+            else
+              # if application has no owner or it's owner doesn't match one from the options
+              # we render only minimum set of attributes that could be exposed to a public
+              only = extract_serializable_attributes(options)
+              super(options.merge(only: only))
+            end
+          end
+
+          def serializable_hash(options = nil)
+            hash = super
+            if hash.key?("_id")
+              hash["id"] = hash.delete("_id")
+            elsif options && Array.wrap(options[:only].map(&:to_sym)).include?(:id)
+              hash["id"] = id.to_s
+            end
+            hash
+          end
+
+          # Helper method to extract collection of serializable attribute names
+          # considering serialization options (like `only`, `except` and so on).
+          #
+          # @param options [Hash] serialization options
+          #
+          # @return [Array<String>]
+          #   collection of attributes to be serialized using #as_json
+          #
+          def extract_serializable_attributes(options = {})
+            opts = options.try(:dup) || {}
+            only = Array.wrap(opts[:only]).map(&:to_s)
+
+            only = if only.blank?
+                     serializable_attributes
+                   else
+                     only & serializable_attributes
+                   end
+
+            only -= Array.wrap(opts[:except]).map(&:to_s) if opts.key?(:except)
+            only.uniq
+          end
+
+          # We need to hook into this method to allow serializing plan-text secrets
+          # when secrets hashing enabled.
+          #
+          # @param key [String] attribute name
+          #
+          def read_attribute_for_serialization(key)
+            return super unless key.to_s == "secret"
+
+            plaintext_secret || secret
+          end
+
+          # Collection of attributes that could be serialized for public.
+          # Override this method if you need additional attributes to be serialized.
+          #
+          # @return [Array<String>] collection of serializable attributes
+          def serializable_attributes
+            attributes = %w[id name created_at]
+            attributes << "uid" unless confidential?
+            attributes
+          end
         end
 
         module ClassMethods
@@ -166,7 +242,7 @@ module DoorkeeperMongodb
         end
 
         def generate_secret
-          return unless secret.blank?
+          return if secret.present?
 
           @raw_secret = UniqueToken.generate
           secret_strategy.store_secret(self, :secret, @raw_secret)
@@ -174,7 +250,8 @@ module DoorkeeperMongodb
 
         def scopes_match_configured
           if scopes.present? &&
-             !ScopeChecker.valid?(scope_str: scopes.to_s, server_scopes: Doorkeeper.configuration.scopes)
+             !ScopeChecker.valid?(scope_str: scopes.to_s,
+                                  server_scopes: Doorkeeper.configuration.scopes,)
             errors.add(:scopes, :not_match_configured)
           end
         end

data/lib/doorkeeper-mongodb/mixins/mongoid/base_mixin.rb

@@ -17,14 +17,6 @@ module DoorkeeperMongodb
             nil
           end
         end
-
-        def as_json(*args)
-          json_response = super
-
-          json_response["id"] = json_response["_id"]
-
-          json_response
-        end
       end
     end
   end

data/lib/doorkeeper-mongodb/mixins/mongoid/json_serializable.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module DoorkeeperMongodb
+  module Mixins
+    module Mongoid
+      module JsonSerializable
+        extend ActiveSupport::Concern
+
+        def as_json(*args)
+          json = super
+          json["id"] = json.delete("_id") if json.key?("_id")
+          json
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper-mongodb/version.rb

@@ -9,7 +9,7 @@ module DoorkeeperMongodb
     # Semver
     MAJOR = 5
     MINOR = 2
-    TINY = 1
+    TINY = 3
 
     # Full version number
     STRING = [MAJOR, MINOR, TINY].compact.join(".")

data/lib/doorkeeper-mongodb.rb

@@ -17,6 +17,7 @@ require "doorkeeper/orm/concerns/mongoid/ownership"
 require "doorkeeper/orm/concerns/mongoid/resource_ownerable"
 
 require "doorkeeper-mongodb/mixins/mongoid/base_mixin"
+require "doorkeeper-mongodb/mixins/mongoid/json_serializable"
 require "doorkeeper-mongodb/mixins/mongoid/access_grant_mixin"
 require "doorkeeper-mongodb/mixins/mongoid/access_token_mixin"
 require "doorkeeper-mongodb/mixins/mongoid/application_mixin"

data/spec/controllers/application_metal_controller_spec.rb

@@ -2,8 +2,8 @@
 
 require "spec_helper_integration"
 
-describe Doorkeeper::ApplicationMetalController do
-  controller(Doorkeeper::ApplicationMetalController) do
+RSpec.describe Doorkeeper::ApplicationMetalController do
+  controller(described_class) do
     def index
       render json: {}, status: 200
     end
@@ -23,7 +23,7 @@ describe Doorkeeper::ApplicationMetalController do
   describe "enforce_content_type" do
     before { allow(Doorkeeper.config).to receive(:enforce_content_type).and_return(flag) }
 
-    context "enabled" do
+    context "when enabled" do
       let(:flag) { true }
 
       it "returns a 200 for the requests without body" do
@@ -42,7 +42,7 @@ describe Doorkeeper::ApplicationMetalController do
       end
     end
 
-    context "disabled" do
+    context "when disabled" do
       let(:flag) { false }
 
       it "returns a 200 for the correct media type" do