doorkeeper-mongodb 5.2.3 → 5.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2798483ff1a989a1b8cefc2e94771e735c08f52879675c69b1808a912e2f730
-  data.tar.gz: ee24b6384a5378b6353a0a9006648feea656ab9d2c17d5fd596f6bf8637cadc9
+  metadata.gz: 43ffb322969c5c4a6eac7e397e0198423fecfda21d73fa7c239f04bab34650c2
+  data.tar.gz: 7cc3e393c6192a4bd7fd7ba5c7d64061b1163b5c5f4d9468587b2f03d7bdfc2a
 SHA512:
-  metadata.gz: 260955b7a8b92403cf62913ee6eea0cd230b7f19cb030d8432a04916c821e392609641fc13f080e097703a1c96a8139df6e1800034e499b342c53940fdf40054
-  data.tar.gz: 3c79d4fdfbc2968716d2940c5f732a3476950cb5bcbc4120b040538fbd246299e398069a81fc5b2a001277af0fe2d4e48dcd08d0a7fc9a972de2e3e0ac82817d
+  metadata.gz: 68e449f5f8746d4537e81ddf4848b8c87d0dc610e9fe89f0a44a12718b7c26e057a7322929b8a053f5d8fce4e41e234ecc7c73d501e692c47acef99668892f74
+  data.tar.gz: 591b86f5d37eb1474d42d4efe14fc2ff03082724c18893eb2133d8764e57f25b734ea17dce636271311cffa87022147d52a96c0f869e499bbd5e83707dfb71ea

data/README.md

@@ -38,7 +38,7 @@ Set the ORM configuration:
 
 ```ruby
 Doorkeeper.configure do
-  orm :mongoid7 # or any other version of mongoid
+  orm :mongoid8 # or any other version of mongoid
 end
 ```
 
@@ -57,8 +57,8 @@ variables defined in `.travis.yml` file.
 To run locally, you need to choose a gemfile, with a command similar to:
 
 ```bash
-$ export RAILS=5.1
-$ export BUNDLE_GEMFILE=$PWD/gemfiles/Gemfile.mongoid6.rb
+$ export RAILS=6.0
+$ export BUNDLE_GEMFILE=$PWD/gemfiles/Gemfile.mongoid7.rb
 ```
 
 ---

data/Rakefile

@@ -3,16 +3,30 @@
 require "bundler/setup"
 require "rspec/core/rake_task"
 
+class ExtensionIntegrator
+  def self.gsub(filepath, pattern, value)
+    file = File.read(filepath)
+    updated_file = file.gsub(pattern, value)
+    File.open(filepath, "w") { |line| line.puts(updated_file) }
+  end
+end
+
 task :load_doorkeeper do
   `rm -rf spec/`
   `git checkout spec`
-  unless Dir.exist?("doorkeeper")
-    `git submodule init`
-    `git submodule update`
+  if Dir["doorkeeper/*"].empty?
+    puts `git submodule init`
+    puts `git submodule update`
   end
   `cp -r -n doorkeeper/spec .`
   `rm -rf spec/generators/` # we are not ActiveRecord
   `rm -rf spec/validators/`
+  ExtensionIntegrator.gsub(
+    "spec/spec_helper.rb",
+    'require "database_cleaner"',
+    "",
+  )
+  `rm ./spec/models/doorkeeper/application_spec.rb`
   `bundle exec rspec`
 end
 
@@ -20,7 +34,7 @@ desc "Update Git submodules."
 task :update_submodules do
   Rake::Task["load_doorkeeper"].invoke if Dir["doorkeeper/*"].empty?
 
-  `git submodule foreach git pull origin master`
+  `git submodule foreach git pull origin main`
 end
 
 desc "Default: run specs."

data/lib/doorkeeper/orm/mongoid8/access_grant.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class AccessGrant
+    include Mongoid::Document
+    include Mongoid::Timestamps
+
+    include DoorkeeperMongodb::Compatible
+
+    include DoorkeeperMongodb::Shared::Scopes
+    include DoorkeeperMongodb::Mixins::Mongoid::AccessGrantMixin
+
+    store_in collection: :oauth_access_grants
+
+    field :resource_owner_id, type: BSON::ObjectId
+    field :resource_owner_type, type: String
+    field :token, type: String
+    field :expires_in, type: Integer
+    field :redirect_uri, type: String
+    field :revoked_at, type: DateTime
+    field :code_challenge, type: String
+    field :code_challenge_method, type: String
+
+    index({ token: 1 }, unique: true)
+  end
+end

data/lib/doorkeeper/orm/mongoid8/access_token.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class AccessToken
+    include Mongoid::Document
+    include Mongoid::Timestamps
+
+    include DoorkeeperMongodb::Compatible
+
+    include DoorkeeperMongodb::Shared::Scopes
+    include DoorkeeperMongodb::Mixins::Mongoid::AccessTokenMixin
+
+    store_in collection: :oauth_access_tokens
+
+    field :resource_owner_id, type: BSON::ObjectId
+    field :resource_owner_type, type: String
+    field :token, type: String
+    field :refresh_token, type: String
+    field :previous_refresh_token, type: String
+    field :expires_in, type: Integer
+    field :revoked_at, type: DateTime
+
+    index({ token: 1 }, unique: true)
+    index({ refresh_token: 1 }, unique: true, sparse: true)
+
+    def self.order_method
+      :order_by
+    end
+
+    def self.refresh_token_revoked_on_use?
+      fields.collect { |field| field[0] }.include?("previous_refresh_token")
+    end
+
+    def self.created_at_desc
+      %i[created_at desc]
+    end
+  end
+end

data/lib/doorkeeper/orm/mongoid8/application.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class Application
+    include Mongoid::Document
+    include Mongoid::Timestamps
+
+    include DoorkeeperMongodb::Compatible
+
+    include DoorkeeperMongodb::Shared::Scopes
+    include DoorkeeperMongodb::Mixins::Mongoid::ApplicationMixin
+
+    store_in collection: :oauth_applications
+
+    field :name, type: String
+    field :uid, type: String
+    field :secret, type: String
+    field :redirect_uri, type: String
+    field :confidential, type: Boolean, default: true
+
+    index({ uid: 1 }, unique: true)
+
+    has_many_opts = {
+      class_name: "Doorkeeper::AccessToken",
+    }
+
+    # Doorkeeper 5.3 has custom classes for defining OAuth roles
+    if DoorkeeperMongodb.doorkeeper_version?(5, 3)
+      has_many_opts[:class_name] = Doorkeeper.config.access_token_class
+    end
+
+    has_many :authorized_tokens, has_many_opts
+
+    def self.authorized_for(resource_owner)
+      ids = AccessToken.where(
+        resource_owner_id: resource_owner.id,
+        revoked_at: nil,
+      ).map(&:application_id)
+
+      find(ids)
+    end
+  end
+end

data/lib/doorkeeper/orm/mongoid8/stale_records_cleaner.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  module Orm
+    module Mongoid8
+      class StaleRecordsCleaner
+        include DoorkeeperMongodb::Mixins::Mongoid::StaleRecordsCleanerMixin
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/mongoid8.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "active_support/lazy_load_hooks"
+
+module Doorkeeper
+  module Orm
+    module Mongoid8
+      def self.run_hooks
+        lazy_load do
+          require "doorkeeper/orm/mongoid8/access_grant"
+          require "doorkeeper/orm/mongoid8/access_token"
+          require "doorkeeper/orm/mongoid8/application"
+          require "doorkeeper/orm/mongoid8/stale_records_cleaner"
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+        @initialized_hooks = true
+      end
+
+      # @deprecated
+      def self.initialize_models!
+        return if @initialized_hooks
+
+        lazy_load do
+          require "doorkeeper/orm/mongoid8/access_grant"
+          require "doorkeeper/orm/mongoid8/access_token"
+          require "doorkeeper/orm/mongoid8/application"
+          require "doorkeeper/orm/mongoid8/stale_records_cleaner"
+        end
+      end
+
+      # @deprecated
+      def self.initialize_application_owner!
+        return if @initialized_hooks
+
+        lazy_load do
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+      end
+
+      def self.check_requirements!(_config); end
+
+      def self.lazy_load(&block)
+        ActiveSupport.on_load(:mongoid, {}, &block)
+      end
+    end
+  end
+end

data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb

@@ -53,6 +53,26 @@ module DoorkeeperMongodb
           before_validation :generate_refresh_token,
                             on: :create,
                             if: :use_refresh_token?
+
+          # Returns non-expired and non-revoked access tokens
+          scope :not_expired, -> {
+            relation = where(revoked_at: nil)
+
+            relation.where(
+              {
+                "$expr": {
+                  "$gt": [
+                    {
+                      "$add": ["$created_at", { "$multiply": ["$expires_in", 1000] }],
+                    },
+                    Time.now.utc,
+                  ],
+                },
+              },
+            ).or(
+              relation.where(expires_in: nil),
+            )
+          }
         end
 
         module ClassMethods
@@ -113,8 +133,9 @@ module DoorkeeperMongodb
           # @return [Doorkeeper::AccessToken, nil] Access Token instance or
           #   nil if matching record was not found
           #
-          def matching_token_for(application, resource_owner, scopes)
+          def matching_token_for(application, resource_owner, scopes, include_expired: true)
             tokens = authorized_tokens_for(application&.id, resource_owner)
+            tokens = tokens.not_expired unless include_expired
             find_matching_token(tokens, application, scopes)
           end
 
@@ -191,6 +212,10 @@ module DoorkeeperMongodb
             expires_in = attributes[:expires_in]
             use_refresh_token = attributes[:use_refresh_token]
 
+            token_attributes = attributes.except(
+              :application, :resource_owner, :scopes, :expires_in, :use_refresh_token
+            )
+
             if Doorkeeper.configuration.reuse_access_token
               access_token = matching_token_for(application, resource_owner, scopes)
 
@@ -203,6 +228,7 @@ module DoorkeeperMongodb
               scopes: scopes,
               expires_in: expires_in,
               use_refresh_token: use_refresh_token,
+              **token_attributes,
             )
           end
 
@@ -403,15 +429,29 @@ module DoorkeeperMongodb
         def generate_token
           self.created_at ||= Time.now.utc
 
-          @raw_token = token_generator.generate(
+          @raw_token = token_generator.generate(attributes_for_token_generator)
+          secret_strategy.store_secret(self, :token, @raw_token)
+          @raw_token
+        end
+
+        def attributes_for_token_generator
+          {
             resource_owner_id: resource_owner_id,
             scopes: scopes,
             application: application,
             expires_in: expires_in,
             created_at: created_at,
-          )
-          secret_strategy.store_secret(self, :token, @raw_token)
-          @raw_token
+          }.tap do |attributes|
+            if Doorkeeper.config.try(:polymorphic_resource_owner?)
+              attributes[:resource_owner] = resource_owner
+            end
+
+            if Doorkeeper.config.respond_to?(:custom_access_token_attributes)
+              Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
+                attributes[attribute_name] = public_send(attribute_name)
+              end
+            end
+          end
         end
 
         def token_generator

data/lib/doorkeeper-mongodb/version.rb

@@ -8,8 +8,8 @@ module DoorkeeperMongodb
   module VERSION
     # Semver
     MAJOR = 5
-    MINOR = 2
-    TINY = 3
+    MINOR = 4
+    TINY = 0
 
     # Full version number
     STRING = [MAJOR, MINOR, TINY].compact.join(".")

data/lib/doorkeeper-mongodb.rb

@@ -28,6 +28,7 @@ require "doorkeeper/orm/mongoid4"
 require "doorkeeper/orm/mongoid5"
 require "doorkeeper/orm/mongoid6"
 require "doorkeeper/orm/mongoid7"
+require "doorkeeper/orm/mongoid8"
 
 module DoorkeeperMongodb
   def load_locales

data/spec/dummy/config/initializers/doorkeeper.rb

@@ -41,6 +41,11 @@ Doorkeeper.configure do
   #
   # enforce_configured_scopes
 
+  # Use the url path for the native authorization code flow. Enabling this flag sets the authorization
+  # code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>.
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
+  # use_url_path_for_native_authorization
+
   # Provide support for an owner to be assigned to each registered application (disabled by default)
   # Optional parameter confirmation: true (default false) if you want to enforce ownership of
   # a registered application
@@ -84,8 +89,8 @@ Doorkeeper.configure do
   #
   # implicit and password grant flows have risks that you should understand
   # before enabling:
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.2
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.3
   #
   # grant_flows %w[authorization_code client_credentials]
 

data/spec/dummy/config/mongoid8.yml

@@ -0,0 +1,19 @@
+development:
+  clients:
+    default:
+      database: doorkeeper-mongoid8-development
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1
+
+test:
+  clients:
+    default:
+      database: doorkeeper-mongoid7-test
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1

data/spec/dummy/config.ru

@@ -2,5 +2,5 @@
 
 # This file is used by Rack-based servers to start the application.
 
-require ::File.expand_path("../config/environment", __FILE__)
+require ::File.expand_path('config/environment', __dir__)
 run Dummy::Application

data/spec/dummy/db/migrate/20230205064514_add_custom_attributes.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class AddCustomAttributes < ActiveRecord::Migration[4.2]
+  def change
+    add_column :oauth_access_grants, :tenant_name, :string
+    add_column :oauth_access_tokens, :tenant_name, :string
+  end
+end

data/spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180210183654) do
+ActiveRecord::Schema.define(version: 20230205064514) do
 
   create_table "oauth_access_grants", force: :cascade do |t|
     t.integer "resource_owner_id", null: false
@@ -22,6 +22,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.datetime "created_at", null: false
     t.datetime "revoked_at"
     t.string "scopes"
+    t.string "tenant_name"
     unless ENV["WITHOUT_PKCE"]
       t.string   "code_challenge"
       t.string   "code_challenge_method"
@@ -40,6 +41,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.datetime "created_at", null: false
     t.string "scopes"
     t.string "previous_refresh_token", default: "", null: false
+    t.string "tenant_name"
     t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
     t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
     t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true