doorkeeper-mongodb 5.3.0 → 5.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bdae346c1e6046eb82cbef6ae0156ba60f8c0317b8135038cc26abe6db11995a
-  data.tar.gz: d8ce523eb6a7326cd694ece68b1151268c2e93ff9e06162a52fd075046291d08
+  metadata.gz: 31397e2cb87670cde0c3c5eb8bd487a864e14c11dfcedc868c5fd1e2b4683e87
+  data.tar.gz: 534a2ce1dd42bc361839b31e96a54491b2142b1366a46590a719ee071b835b36
 SHA512:
-  metadata.gz: a839777bae4797e6355e3cc548d674ed2d3f6c87de6678b2e99b45ac243c59cdd2043fbbe557134aa4a7207bdac9cb5e07ceff6f7fa5718a9bc39f8c1d3e800e
-  data.tar.gz: b0ea7a54f37369afbfa5b94bc04327f61642154dadc9f937a9faef1a4859170a42fdfd923c52982117a2793a0c9a3bfd03d399d66781ffc74ac980042bb78932
+  metadata.gz: 2debfbe47ca1743bae09ae241245438a56454b4850cf6d833c337fe8e1e79a21e396fbaaafd52ec7eb14c49a7342c573f45d4e2feac4ca8ebdb2cddb285dfadb
+  data.tar.gz: 5a74a5c8666980b4af1c88427ab692d2aecb049fe918605558223eee48a3b9df1403ab13a3b3448c8645804ec46c67966f0e07e0925bb99ce92fb9ca1cf4830d

data/README.md

@@ -38,7 +38,7 @@ Set the ORM configuration:
 
 ```ruby
 Doorkeeper.configure do
-  orm :mongoid8 # or any other version of mongoid
+  orm :mongoid9 # or any other version of mongoid
 end
 ```
 
@@ -57,8 +57,8 @@ variables defined in `.travis.yml` file.
 To run locally, you need to choose a gemfile, with a command similar to:
 
 ```bash
-$ export RAILS=5.1
-$ export BUNDLE_GEMFILE=$PWD/gemfiles/Gemfile.mongoid6.rb
+$ export RAILS=6.0
+$ export BUNDLE_GEMFILE=$PWD/gemfiles/Gemfile.mongoid7.rb
 ```
 
 ---

data/Rakefile

@@ -3,16 +3,30 @@
 require "bundler/setup"
 require "rspec/core/rake_task"
 
+class ExtensionIntegrator
+  def self.gsub(filepath, pattern, value)
+    file = File.read(filepath)
+    updated_file = file.gsub(pattern, value)
+    File.open(filepath, "w") { |line| line.puts(updated_file) }
+  end
+end
+
 task :load_doorkeeper do
   `rm -rf spec/`
   `git checkout spec`
-  unless Dir.exist?("doorkeeper")
-    `git submodule init`
-    `git submodule update`
+  if Dir["doorkeeper/*"].empty?
+    puts `git submodule init`
+    puts `git submodule update`
   end
   `cp -r -n doorkeeper/spec .`
   `rm -rf spec/generators/` # we are not ActiveRecord
   `rm -rf spec/validators/`
+  ExtensionIntegrator.gsub(
+    "spec/spec_helper.rb",
+    'require "database_cleaner"',
+    "",
+  )
+  `rm ./spec/models/doorkeeper/application_spec.rb`
   `bundle exec rspec`
 end
 
@@ -20,7 +34,7 @@ desc "Update Git submodules."
 task :update_submodules do
   Rake::Task["load_doorkeeper"].invoke if Dir["doorkeeper/*"].empty?
 
-  `git submodule foreach git pull origin master`
+  `git submodule foreach git pull origin main`
 end
 
 desc "Default: run specs."

data/lib/doorkeeper/orm/mongoid9/access_grant.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class AccessGrant
+    include Mongoid::Document
+    include Mongoid::Timestamps
+
+    include DoorkeeperMongodb::Compatible
+
+    include DoorkeeperMongodb::Shared::Scopes
+    include DoorkeeperMongodb::Mixins::Mongoid::AccessGrantMixin
+
+    store_in collection: :oauth_access_grants
+
+    field :resource_owner_id, type: BSON::ObjectId
+    field :resource_owner_type, type: String
+    field :token, type: String
+    field :expires_in, type: Integer
+    field :redirect_uri, type: String
+    field :revoked_at, type: DateTime
+    field :code_challenge, type: String
+    field :code_challenge_method, type: String
+
+    index({ token: 1 }, unique: true)
+  end
+end

data/lib/doorkeeper/orm/mongoid9/access_token.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class AccessToken
+    include Mongoid::Document
+    include Mongoid::Timestamps
+
+    include DoorkeeperMongodb::Compatible
+
+    include DoorkeeperMongodb::Shared::Scopes
+    include DoorkeeperMongodb::Mixins::Mongoid::AccessTokenMixin
+
+    store_in collection: :oauth_access_tokens
+
+    field :resource_owner_id, type: BSON::ObjectId
+    field :resource_owner_type, type: String
+    field :token, type: String
+    field :refresh_token, type: String
+    field :previous_refresh_token, type: String
+    field :expires_in, type: Integer
+    field :revoked_at, type: DateTime
+
+    index({ token: 1 }, unique: true)
+    index({ refresh_token: 1 }, unique: true, sparse: true)
+
+    def self.order_method
+      :order_by
+    end
+
+    def self.refresh_token_revoked_on_use?
+      fields.collect { |field| field[0] }.include?("previous_refresh_token")
+    end
+
+    def self.created_at_desc
+      %i[created_at desc]
+    end
+  end
+end

data/lib/doorkeeper/orm/mongoid9/application.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class Application
+    include Mongoid::Document
+    include Mongoid::Timestamps
+
+    include DoorkeeperMongodb::Compatible
+
+    include DoorkeeperMongodb::Shared::Scopes
+    include DoorkeeperMongodb::Mixins::Mongoid::ApplicationMixin
+
+    store_in collection: :oauth_applications
+
+    field :name, type: String
+    field :uid, type: String
+    field :secret, type: String
+    field :redirect_uri, type: String
+    field :confidential, type: Boolean, default: true
+
+    index({ uid: 1 }, unique: true)
+
+    has_many_opts = {
+      class_name: "Doorkeeper::AccessToken",
+    }
+
+    # Doorkeeper 5.3 has custom classes for defining OAuth roles
+    if DoorkeeperMongodb.doorkeeper_version?(5, 3)
+      has_many_opts[:class_name] = Doorkeeper.config.access_token_class
+    end
+
+    has_many :authorized_tokens, has_many_opts
+
+    def self.authorized_for(resource_owner)
+      ids = AccessToken.where(
+        resource_owner_id: resource_owner.id,
+        revoked_at: nil,
+      ).map(&:application_id)
+
+      find(ids)
+    end
+  end
+end

data/lib/doorkeeper/orm/mongoid9/stale_records_cleaner.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  module Orm
+    module Mongoid9
+      class StaleRecordsCleaner
+        include DoorkeeperMongodb::Mixins::Mongoid::StaleRecordsCleanerMixin
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/mongoid9.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "active_support/lazy_load_hooks"
+
+module Doorkeeper
+  module Orm
+    module Mongoid9
+      def self.run_hooks
+        lazy_load do
+          require "doorkeeper/orm/mongoid9/access_grant"
+          require "doorkeeper/orm/mongoid9/access_token"
+          require "doorkeeper/orm/mongoid9/application"
+          require "doorkeeper/orm/mongoid9/stale_records_cleaner"
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+        @initialized_hooks = true
+      end
+
+      # @deprecated
+      def self.initialize_models!
+        return if @initialized_hooks
+
+        lazy_load do
+          require "doorkeeper/orm/mongoid9/access_grant"
+          require "doorkeeper/orm/mongoid9/access_token"
+          require "doorkeeper/orm/mongoid9/application"
+          require "doorkeeper/orm/mongoid9/stale_records_cleaner"
+        end
+      end
+
+      # @deprecated
+      def self.initialize_application_owner!
+        return if @initialized_hooks
+
+        lazy_load do
+          require "doorkeeper/orm/concerns/mongoid/ownership"
+
+          Doorkeeper::Application.include Doorkeeper::Orm::Concerns::Mongoid::Ownership
+        end
+      end
+
+      def self.check_requirements!(_config); end
+
+      def self.lazy_load(&block)
+        ActiveSupport.on_load(:mongoid, {}, &block)
+      end
+    end
+  end
+end

data/lib/doorkeeper-mongodb/mixins/mongoid/access_grant_mixin.rb

@@ -27,13 +27,17 @@ module DoorkeeperMongodb
             belongs_to_opts[:class_name] = Doorkeeper.config.application_class
           end
 
-          # optional associations added in Mongoid 6
+          # optional associations added in Mongoid 6+
           belongs_to_opts[:optional] = true if ::Mongoid::VERSION[0].to_i >= 6
 
           belongs_to :application, belongs_to_opts
 
           if Doorkeeper.configuration.try(:polymorphic_resource_owner?)
-            belongs_to :resource_owner, polymorphic: true
+            opts = { polymorphic: true }
+
+            opts[:optional] = true if ::Mongoid::VERSION[0].to_i >= 6
+
+            belongs_to :resource_owner, opts
           end
 
           validates_presence_of :resource_owner_id, :application_id, :token,

data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb

@@ -28,7 +28,7 @@ module DoorkeeperMongodb
             belongs_to_opts[:class_name] = Doorkeeper.config.application_class
           end
 
-          # optional associations added in Mongoid 6
+          # optional associations added in Mongoid 6+
           belongs_to_opts[:optional] = true if ::Mongoid::VERSION[0].to_i >= 6
 
           belongs_to :application, belongs_to_opts
@@ -53,6 +53,26 @@ module DoorkeeperMongodb
           before_validation :generate_refresh_token,
                             on: :create,
                             if: :use_refresh_token?
+
+          # Returns non-expired and non-revoked access tokens
+          scope :not_expired, -> {
+            relation = where(revoked_at: nil)
+
+            relation.where(
+              {
+                "$expr": {
+                  "$gt": [
+                    {
+                      "$add": ["$created_at", { "$multiply": ["$expires_in", 1000] }],
+                    },
+                    Time.now.utc,
+                  ],
+                },
+              },
+            ).or(
+              relation.where(expires_in: nil),
+            )
+          }
         end
 
         module ClassMethods
@@ -113,8 +133,9 @@ module DoorkeeperMongodb
           # @return [Doorkeeper::AccessToken, nil] Access Token instance or
           #   nil if matching record was not found
           #
-          def matching_token_for(application, resource_owner, scopes)
+          def matching_token_for(application, resource_owner, scopes, include_expired: true)
             tokens = authorized_tokens_for(application&.id, resource_owner)
+            tokens = tokens.not_expired unless include_expired
             find_matching_token(tokens, application, scopes)
           end
 
@@ -191,6 +212,10 @@ module DoorkeeperMongodb
             expires_in = attributes[:expires_in]
             use_refresh_token = attributes[:use_refresh_token]
 
+            token_attributes = attributes.except(
+              :application, :resource_owner, :scopes, :expires_in, :use_refresh_token
+            )
+
             if Doorkeeper.configuration.reuse_access_token
               access_token = matching_token_for(application, resource_owner, scopes)
 
@@ -203,6 +228,7 @@ module DoorkeeperMongodb
               scopes: scopes,
               expires_in: expires_in,
               use_refresh_token: use_refresh_token,
+              **token_attributes,
             )
           end
 
@@ -403,15 +429,29 @@ module DoorkeeperMongodb
         def generate_token
           self.created_at ||= Time.now.utc
 
-          @raw_token = token_generator.generate(
+          @raw_token = token_generator.generate(attributes_for_token_generator)
+          secret_strategy.store_secret(self, :token, @raw_token)
+          @raw_token
+        end
+
+        def attributes_for_token_generator
+          {
             resource_owner_id: resource_owner_id,
             scopes: scopes,
             application: application,
             expires_in: expires_in,
             created_at: created_at,
-          )
-          secret_strategy.store_secret(self, :token, @raw_token)
-          @raw_token
+          }.tap do |attributes|
+            if Doorkeeper.config.try(:polymorphic_resource_owner?)
+              attributes[:resource_owner] = resource_owner
+            end
+
+            if Doorkeeper.config.respond_to?(:custom_access_token_attributes)
+              Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
+                attributes[attribute_name] = public_send(attribute_name)
+              end
+            end
+          end
         end
 
         def token_generator

data/lib/doorkeeper-mongodb/mixins/mongoid/application_mixin.rb

@@ -14,10 +14,10 @@ module DoorkeeperMongodb
         included do
           has_many_options = {
             dependent: :delete,
-
+            inverse_of: :application,
           }
 
-          # Mongoid7 dropped :delete option
+          # Mongoid7+ uses :delete_all instead of :delete
           has_many_options[:dependent] = :delete_all if ::Mongoid::VERSION[0].to_i >= 7
 
           # Doorkeeper 5.3 has custom classes for defining OAuth roles

data/lib/doorkeeper-mongodb/version.rb

@@ -8,7 +8,7 @@ module DoorkeeperMongodb
   module VERSION
     # Semver
     MAJOR = 5
-    MINOR = 3
+    MINOR = 5
     TINY = 0
 
     # Full version number

data/lib/doorkeeper-mongodb.rb

@@ -29,6 +29,7 @@ require "doorkeeper/orm/mongoid5"
 require "doorkeeper/orm/mongoid6"
 require "doorkeeper/orm/mongoid7"
 require "doorkeeper/orm/mongoid8"
+require "doorkeeper/orm/mongoid9"
 
 module DoorkeeperMongodb
   def load_locales

data/spec/dummy/config/initializers/doorkeeper.rb

@@ -41,6 +41,11 @@ Doorkeeper.configure do
   #
   # enforce_configured_scopes
 
+  # Use the url path for the native authorization code flow. Enabling this flag sets the authorization
+  # code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>.
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
+  # use_url_path_for_native_authorization
+
   # Provide support for an owner to be assigned to each registered application (disabled by default)
   # Optional parameter confirmation: true (default false) if you want to enforce ownership of
   # a registered application
@@ -84,8 +89,8 @@ Doorkeeper.configure do
   #
   # implicit and password grant flows have risks that you should understand
   # before enabling:
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.2
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.3
   #
   # grant_flows %w[authorization_code client_credentials]
 

data/spec/dummy/config/mongoid8.yml

@@ -0,0 +1,19 @@
+development:
+  clients:
+    default:
+      database: doorkeeper-mongoid8-development
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1
+
+test:
+  clients:
+    default:
+      database: doorkeeper-mongoid8-test
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1

data/spec/dummy/config/mongoid9.yml

@@ -0,0 +1,19 @@
+development:
+  clients:
+    default:
+      database: doorkeeper-mongoid9-development
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1
+
+test:
+  clients:
+    default:
+      database: doorkeeper-mongoid9-test
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1

data/spec/dummy/config.ru

@@ -2,5 +2,5 @@
 
 # This file is used by Rack-based servers to start the application.
 
-require ::File.expand_path("../config/environment", __FILE__)
+require ::File.expand_path('config/environment', __dir__)
 run Dummy::Application

data/spec/dummy/db/migrate/20230205064514_add_custom_attributes.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class AddCustomAttributes < ActiveRecord::Migration[4.2]
+  def change
+    add_column :oauth_access_grants, :tenant_name, :string
+    add_column :oauth_access_tokens, :tenant_name, :string
+  end
+end

data/spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180210183654) do
+ActiveRecord::Schema.define(version: 20230205064514) do
 
   create_table "oauth_access_grants", force: :cascade do |t|
     t.integer "resource_owner_id", null: false
@@ -22,6 +22,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.datetime "created_at", null: false
     t.datetime "revoked_at"
     t.string "scopes"
+    t.string "tenant_name"
     unless ENV["WITHOUT_PKCE"]
       t.string   "code_challenge"
       t.string   "code_challenge_method"
@@ -40,6 +41,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.datetime "created_at", null: false
     t.string "scopes"
     t.string "previous_refresh_token", default: "", null: false
+    t.string "tenant_name"
     t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
     t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
     t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true