doorkeeper-mongodb 5.3.0 → 5.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bdae346c1e6046eb82cbef6ae0156ba60f8c0317b8135038cc26abe6db11995a
-  data.tar.gz: d8ce523eb6a7326cd694ece68b1151268c2e93ff9e06162a52fd075046291d08
+  metadata.gz: 43ffb322969c5c4a6eac7e397e0198423fecfda21d73fa7c239f04bab34650c2
+  data.tar.gz: 7cc3e393c6192a4bd7fd7ba5c7d64061b1163b5c5f4d9468587b2f03d7bdfc2a
 SHA512:
-  metadata.gz: a839777bae4797e6355e3cc548d674ed2d3f6c87de6678b2e99b45ac243c59cdd2043fbbe557134aa4a7207bdac9cb5e07ceff6f7fa5718a9bc39f8c1d3e800e
-  data.tar.gz: b0ea7a54f37369afbfa5b94bc04327f61642154dadc9f937a9faef1a4859170a42fdfd923c52982117a2793a0c9a3bfd03d399d66781ffc74ac980042bb78932
+  metadata.gz: 68e449f5f8746d4537e81ddf4848b8c87d0dc610e9fe89f0a44a12718b7c26e057a7322929b8a053f5d8fce4e41e234ecc7c73d501e692c47acef99668892f74
+  data.tar.gz: 591b86f5d37eb1474d42d4efe14fc2ff03082724c18893eb2133d8764e57f25b734ea17dce636271311cffa87022147d52a96c0f869e499bbd5e83707dfb71ea

data/README.md

@@ -57,8 +57,8 @@ variables defined in `.travis.yml` file.
 To run locally, you need to choose a gemfile, with a command similar to:
 
 ```bash
-$ export RAILS=5.1
-$ export BUNDLE_GEMFILE=$PWD/gemfiles/Gemfile.mongoid6.rb
+$ export RAILS=6.0
+$ export BUNDLE_GEMFILE=$PWD/gemfiles/Gemfile.mongoid7.rb
 ```
 
 ---

data/Rakefile

@@ -3,16 +3,30 @@
 require "bundler/setup"
 require "rspec/core/rake_task"
 
+class ExtensionIntegrator
+  def self.gsub(filepath, pattern, value)
+    file = File.read(filepath)
+    updated_file = file.gsub(pattern, value)
+    File.open(filepath, "w") { |line| line.puts(updated_file) }
+  end
+end
+
 task :load_doorkeeper do
   `rm -rf spec/`
   `git checkout spec`
-  unless Dir.exist?("doorkeeper")
-    `git submodule init`
-    `git submodule update`
+  if Dir["doorkeeper/*"].empty?
+    puts `git submodule init`
+    puts `git submodule update`
   end
   `cp -r -n doorkeeper/spec .`
   `rm -rf spec/generators/` # we are not ActiveRecord
   `rm -rf spec/validators/`
+  ExtensionIntegrator.gsub(
+    "spec/spec_helper.rb",
+    'require "database_cleaner"',
+    "",
+  )
+  `rm ./spec/models/doorkeeper/application_spec.rb`
   `bundle exec rspec`
 end
 
@@ -20,7 +34,7 @@ desc "Update Git submodules."
 task :update_submodules do
   Rake::Task["load_doorkeeper"].invoke if Dir["doorkeeper/*"].empty?
 
-  `git submodule foreach git pull origin master`
+  `git submodule foreach git pull origin main`
 end
 
 desc "Default: run specs."

data/lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb

@@ -53,6 +53,26 @@ module DoorkeeperMongodb
           before_validation :generate_refresh_token,
                             on: :create,
                             if: :use_refresh_token?
+
+          # Returns non-expired and non-revoked access tokens
+          scope :not_expired, -> {
+            relation = where(revoked_at: nil)
+
+            relation.where(
+              {
+                "$expr": {
+                  "$gt": [
+                    {
+                      "$add": ["$created_at", { "$multiply": ["$expires_in", 1000] }],
+                    },
+                    Time.now.utc,
+                  ],
+                },
+              },
+            ).or(
+              relation.where(expires_in: nil),
+            )
+          }
         end
 
         module ClassMethods
@@ -113,8 +133,9 @@ module DoorkeeperMongodb
           # @return [Doorkeeper::AccessToken, nil] Access Token instance or
           #   nil if matching record was not found
           #
-          def matching_token_for(application, resource_owner, scopes)
+          def matching_token_for(application, resource_owner, scopes, include_expired: true)
             tokens = authorized_tokens_for(application&.id, resource_owner)
+            tokens = tokens.not_expired unless include_expired
             find_matching_token(tokens, application, scopes)
           end
 
@@ -191,6 +212,10 @@ module DoorkeeperMongodb
             expires_in = attributes[:expires_in]
             use_refresh_token = attributes[:use_refresh_token]
 
+            token_attributes = attributes.except(
+              :application, :resource_owner, :scopes, :expires_in, :use_refresh_token
+            )
+
             if Doorkeeper.configuration.reuse_access_token
               access_token = matching_token_for(application, resource_owner, scopes)
 
@@ -203,6 +228,7 @@ module DoorkeeperMongodb
               scopes: scopes,
               expires_in: expires_in,
               use_refresh_token: use_refresh_token,
+              **token_attributes,
             )
           end
 
@@ -403,15 +429,29 @@ module DoorkeeperMongodb
         def generate_token
           self.created_at ||= Time.now.utc
 
-          @raw_token = token_generator.generate(
+          @raw_token = token_generator.generate(attributes_for_token_generator)
+          secret_strategy.store_secret(self, :token, @raw_token)
+          @raw_token
+        end
+
+        def attributes_for_token_generator
+          {
             resource_owner_id: resource_owner_id,
             scopes: scopes,
             application: application,
             expires_in: expires_in,
             created_at: created_at,
-          )
-          secret_strategy.store_secret(self, :token, @raw_token)
-          @raw_token
+          }.tap do |attributes|
+            if Doorkeeper.config.try(:polymorphic_resource_owner?)
+              attributes[:resource_owner] = resource_owner
+            end
+
+            if Doorkeeper.config.respond_to?(:custom_access_token_attributes)
+              Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
+                attributes[attribute_name] = public_send(attribute_name)
+              end
+            end
+          end
         end
 
         def token_generator

data/lib/doorkeeper-mongodb/version.rb

@@ -8,7 +8,7 @@ module DoorkeeperMongodb
   module VERSION
     # Semver
     MAJOR = 5
-    MINOR = 3
+    MINOR = 4
     TINY = 0
 
     # Full version number

data/spec/dummy/config/initializers/doorkeeper.rb

@@ -41,6 +41,11 @@ Doorkeeper.configure do
   #
   # enforce_configured_scopes
 
+  # Use the url path for the native authorization code flow. Enabling this flag sets the authorization
+  # code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>.
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
+  # use_url_path_for_native_authorization
+
   # Provide support for an owner to be assigned to each registered application (disabled by default)
   # Optional parameter confirmation: true (default false) if you want to enforce ownership of
   # a registered application
@@ -84,8 +89,8 @@ Doorkeeper.configure do
   #
   # implicit and password grant flows have risks that you should understand
   # before enabling:
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.2
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.3
   #
   # grant_flows %w[authorization_code client_credentials]
 

data/spec/dummy/config/mongoid8.yml

@@ -0,0 +1,19 @@
+development:
+  clients:
+    default:
+      database: doorkeeper-mongoid8-development
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1
+
+test:
+  clients:
+    default:
+      database: doorkeeper-mongoid7-test
+      hosts:
+        - localhost:27017
+      options:
+        write:
+          w: 1

data/spec/dummy/config.ru

@@ -2,5 +2,5 @@
 
 # This file is used by Rack-based servers to start the application.
 
-require ::File.expand_path("../config/environment", __FILE__)
+require ::File.expand_path('config/environment', __dir__)
 run Dummy::Application

data/spec/dummy/db/migrate/20230205064514_add_custom_attributes.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class AddCustomAttributes < ActiveRecord::Migration[4.2]
+  def change
+    add_column :oauth_access_grants, :tenant_name, :string
+    add_column :oauth_access_tokens, :tenant_name, :string
+  end
+end

data/spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180210183654) do
+ActiveRecord::Schema.define(version: 20230205064514) do
 
   create_table "oauth_access_grants", force: :cascade do |t|
     t.integer "resource_owner_id", null: false
@@ -22,6 +22,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.datetime "created_at", null: false
     t.datetime "revoked_at"
     t.string "scopes"
+    t.string "tenant_name"
     unless ENV["WITHOUT_PKCE"]
       t.string   "code_challenge"
       t.string   "code_challenge_method"
@@ -40,6 +41,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.datetime "created_at", null: false
     t.string "scopes"
     t.string "previous_refresh_token", default: "", null: false
+    t.string "tenant_name"
     t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
     t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
     t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true