RubyGems - doorkeeper-sequel - Versions diffs - 1.2.1 - Mend

doorkeeper-sequel 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

data/lib/doorkeeper/orm/sequel/models/access_token_mixin.rb ADDED Viewed

@@ -0,0 +1,163 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module AccessTokenMixin
+        extend ActiveSupport::Concern
+        include SequelCompat
+        include OAuth::Helpers
+        include Models::Expirable
+        include Models::Revocable
+        include Models::Accessible
+        include Models::Scopes
+        included do
+          plugin :validation_helpers
+          plugin :timestamps
+          many_to_one :application, class: 'Doorkeeper::Application'
+          attr_writer :use_refresh_token
+          set_allowed_columns :application_id, :resource_owner_id, :expires_in,
+                              :scopes, :use_refresh_token, :previous_refresh_token
+          def before_validation
+            if new?
+              generate_token
+              generate_refresh_token if use_refresh_token?
+            end
+            super
+          end
+          def validate
+            super
+            validates_presence [:token]
+            validates_unique [:token]
+            validates_unique [:refresh_token] if use_refresh_token?
+          end
+          def application_id?
+            application_id.present?
+          end
+        end
+        module ClassMethods
+          def by_token(token)
+            find(token: token.to_s)
+          end
+          def by_refresh_token(refresh_token)
+            find(refresh_token: refresh_token.to_s)
+          end
+          def revoke_all_for(application_id, resource_owner)
+            where(application_id: application_id,
+                  resource_owner_id: resource_owner.id,
+                  revoked_at: nil)
+              .each(&:revoke)
+          end
+          def matching_token_for(application, resource_owner_or_id, scopes)
+            resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
+                                  resource_owner_or_id.id
+                                else
+                                  resource_owner_or_id
+                                end
+            token = last_authorized_token_for(application.try(:id), resource_owner_id)
+            if token && scopes_match?(token.scopes, scopes, application.try(:scopes))
+              token
+            end
+          end
+          def scopes_match?(token_scopes, param_scopes, app_scopes)
+            (!token_scopes.present? && !param_scopes.present?) ||
+              Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
+                token_scopes.to_s,
+                param_scopes,
+                app_scopes
+              )
+          end
+          def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
+            if Doorkeeper.configuration.reuse_access_token
+              access_token = matching_token_for(application, resource_owner_id, scopes)
+              if access_token && !access_token.expired?
+                return access_token
+              end
+            end
+            create!(
+              application_id: application.try(:id),
+              resource_owner_id: resource_owner_id,
+              scopes: scopes.to_s,
+              expires_in: expires_in,
+              use_refresh_token: use_refresh_token
+            )
+          end
+          def last_authorized_token_for(application_id, resource_owner_id)
+            where(application_id: application_id,
+                  resource_owner_id: resource_owner_id,
+                  revoked_at: nil)
+              .send(order_method, created_at_desc)
+              .first
+          end
+        end
+        def token_type
+          'bearer'
+        end
+        def use_refresh_token?
+          !!@use_refresh_token
+        end
+        def as_json(_options = {})
+          {
+            resource_owner_id: resource_owner_id,
+            scopes: scopes,
+            expires_in_seconds: expires_in_seconds,
+            application: { uid: application.try(:uid) },
+            created_at: created_at.to_i
+          }
+        end
+        # It indicates whether the tokens have the same credential
+        def same_credential?(access_token)
+          application_id == access_token.application_id &&
+            resource_owner_id == access_token.resource_owner_id
+        end
+        def acceptable?(scopes)
+          accessible? && includes_scope?(*scopes)
+        end
+        private
+        def generate_refresh_token
+          self[:refresh_token] = UniqueToken.generate
+        end
+        def generate_token
+          self[:created_at] ||= Time.now.utc
+          generator = Doorkeeper.configuration.access_token_generator.constantize
+          self[:token] = generator.generate(
+            resource_owner_id: resource_owner_id,
+            scopes: scopes,
+            application: application,
+            expires_in: expires_in,
+            created_at: created_at
+          )
+        rescue NoMethodError
+          raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
+        rescue NameError
+          raise Errors::TokenGeneratorNotFound, "#{generator} not found"
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/models/application_mixin.rb ADDED Viewed

@@ -0,0 +1,70 @@
+require_relative '../validators/redirect_uri_validator'
+module Doorkeeper
+  module Orm
+    module Sequel
+      module ApplicationMixin
+        extend ActiveSupport::Concern
+        include SequelCompat
+        include OAuth::Helpers
+        include Models::Scopes
+        include Doorkeeper::Orm::Sequel::RedirectUriValidator
+        included do
+          plugin :validation_helpers
+          plugin :timestamps
+          plugin :association_dependencies
+          one_to_many :access_grants, class: 'Doorkeeper::AccessGrant'
+          one_to_many :access_tokens, class: 'Doorkeeper::AccessToken'
+          add_association_dependencies access_grants: :delete, access_tokens: :delete
+          set_allowed_columns :name, :redirect_uri, :scopes
+          def before_validation
+            generate_uid
+            generate_secret
+            super
+          end
+          def validate
+            super
+            validates_presence [:name, :secret, :uid]
+            validates_unique [:uid]
+            validates_redirect_uri :redirect_uri
+            if respond_to?(:validate_owner?)
+              validates_presence [:owner_id] if validate_owner?
+            end
+          end
+        end
+        module ClassMethods
+          def by_uid_and_secret(uid, secret)
+            find(uid: uid.to_s, secret: secret.to_s)
+          end
+          def by_uid(uid)
+            find(uid: uid.to_s)
+          end
+        end
+        private
+        def has_scopes?
+          Doorkeeper::Application.columns.include?('scopes')
+        end
+        def generate_uid
+          self.uid = UniqueToken.generate if uid.blank? && new?
+        end
+        def generate_secret
+          self.secret = UniqueToken.generate if secret.blank? && new?
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/models/concerns/ownership.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module Ownership
+        extend ActiveSupport::Concern
+        included do
+          plugin :polymorphic
+          many_to_one :owner, polymorphic: true
+          def validate_owner?
+            Doorkeeper.configuration.confirm_application_owner?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/models/concerns/sequel_compat.rb ADDED Viewed

@@ -0,0 +1,40 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module SequelCompat
+        extend ActiveSupport::Concern
+        # ActiveRecord methods used by Doorkeeper outside the ORM.
+        # Should be extracted at the architectural level.
+        included do
+          plugin :active_model
+          self.raise_on_save_failure = false
+          def update_attribute(column, value)
+            self[column] = value
+            save(columns: [column.to_sym], validate: false)
+          end
+          def update_attributes(*args)
+            update(*args)
+          end
+          def save!(*)
+            save(raise_on_failure: true)
+          end
+          def transaction(opts = {}, &block)
+            db.transaction(opts, &block)
+          end
+        end
+        module ClassMethods
+          def create!(values = {}, &block)
+            new(values, &block).save(raise_on_failure: true)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/validators/redirect_uri_validator.rb ADDED Viewed

@@ -0,0 +1,49 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module RedirectUriValidator
+        extend ActiveSupport::Concern
+        included do
+          def validates_redirect_uri(attribute)
+            value = self[attribute]
+            if value.blank?
+              errors.add(attribute, I18n.t(:blank, scope: redirect_uri_errors))
+            else
+              value.split.each do |val|
+                uri = ::URI.parse(val)
+                return true if native_redirect_uri?(uri)
+                errors.add(attribute, I18n.t(:fragment_present, scope: redirect_uri_errors)) unless uri.fragment.nil?
+                errors.add(attribute, I18n.t(:relative_uri, scope: redirect_uri_errors)) if uri.scheme.nil? || uri.host.nil?
+                errors.add(attribute, I18n.t(:secured_uri, scope: redirect_uri_errors)) if invalid_ssl_uri?(uri)
+              end
+            end
+          rescue URI::InvalidURIError
+            errors.add(attribute, I18n.t(:invalid_uri, scope: redirect_uri_errors))
+          end
+          private
+          def native_redirect_uri?(uri)
+            native_redirect_uri.present? && uri.to_s == native_redirect_uri.to_s
+          end
+          def invalid_ssl_uri?(uri)
+            forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
+            forces_ssl && uri.try(:scheme) == 'http'
+          end
+          def native_redirect_uri
+            Doorkeeper.configuration.native_redirect_uri
+          end
+          # TODO: plugin? Merge to DEFAULT_OPTIONS?
+          def redirect_uri_errors
+            'sequel.errors.models.doorkeeper/application.attributes.redirect_uri'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      def self.initialize_models!
+        require 'doorkeeper/orm/sequel/models/concerns/sequel_compat'
+        require 'doorkeeper/orm/sequel/access_grant'
+        require 'doorkeeper/orm/sequel/access_token'
+        require 'doorkeeper/orm/sequel/application'
+      end
+      def self.initialize_application_owner!
+        require 'doorkeeper/orm/sequel/models/concerns/ownership'
+        Doorkeeper::Application.send :include, Doorkeeper::Orm::Sequel::Ownership
+      end
+    end
+  end
+end

data/lib/doorkeeper-sequel/gem_version.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module DoorkeeperSequel
+  def self.gem_version
+    Gem::Version.new VERSION::STRING
+  end
+  module VERSION
+    MAJOR = 1
+    MINOR = 2
+    TINY  = 1
+    STRING = [MAJOR, MINOR, TINY].compact.join('.')
+  end
+end

data/lib/doorkeeper-sequel/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+require_relative 'gem_version'
+module DoorkeeperSequel
+  def self.version
+    gem_version
+  end
+end

data/lib/doorkeeper-sequel.rb ADDED Viewed

@@ -0,0 +1,18 @@
+require 'doorkeeper-sequel/version'
+require 'doorkeeper'
+require 'doorkeeper/orm/sequel'
+module DoorkeeperSequel
+  def load_locales
+    locales_dir = File.expand_path('../../config/locales', __FILE__)
+    locales = Dir[File.join(locales_dir, '*.yml')]
+    I18n.load_path |= locales
+  end
+  module_function :load_locales
+end
+DoorkeeperSequel.load_locales

data/lib/generators/doorkeeper/sequel/application_owner_generator.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Sequel
+    class ApplicationOwnerGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      desc 'Provide support for client application ownership.'
+      def install
+        copy_file 'add_owner_to_application.rb', migration_file_name
+      end
+      private
+      def migration_file_name
+        "db/migrate/#{migration_timestamp}_add_owner_to_application.rb"
+      end
+      def migration_timestamp
+        Time.current.strftime('%Y%m%d%H%M%S')
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/migration_generator.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Sequel
+    class MigrationGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      desc 'Installs Doorkeeper Sequel migration file.'
+      def install
+        copy_file 'migration.rb', migration_file_name
+      end
+      private
+      def migration_file_name
+        "db/migrate/#{migration_timestamp}_create_doorkeeper_tables.rb"
+      end
+      def migration_timestamp
+        Time.current.strftime('%Y%m%d%H%M%S')
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/previous_refresh_token_generator.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Sequel
+    class PreviousRefreshTokenGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      desc 'Support revoke refresh token on access token use'
+      def install
+        copy_file 'add_previous_refresh_token_to_access_tokens.rb', migration_file_name
+      end
+      private
+      def migration_file_name
+        "db/migrate/#{migration_timestamp}_add_previous_refresh_token_to_access_tokens.rb"
+      end
+      def migration_timestamp
+        Time.current.strftime('%Y%m%d%H%M%S')
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/templates/add_owner_to_application.rb ADDED Viewed

@@ -0,0 +1,9 @@
+Sequel.migration do
+  change do
+    alter_table(:oauth_applications) do
+      add_column :owner_id, Integer, null: true
+      add_column :owner_type, String, null: true
+      add_index [:owner_id, :owner_type]
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/templates/add_previous_refresh_token_to_access_tokens.rb ADDED Viewed

@@ -0,0 +1,7 @@
+Sequel.migration do
+  change do
+    alter_table(:oauth_access_tokens) do
+      add_column :previous_refresh_token, String, default: '', null: false
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/templates/migration.rb ADDED Viewed

@@ -0,0 +1,59 @@
+Sequel.migration do
+  change do
+    create_table :oauth_applications do
+      primary_key :id
+      column :name, String, size: 255, null: false
+      column :uid, String, size: 255, null: false, index: { unique: true }
+      column :secret, String, size: 255, null: false
+      column :scopes, String, size: 255, null: false, default: ''
+      column :redirect_uri, String
+      column :created_at, DateTime
+      column :updated_at, DateTime
+    end
+    create_table :oauth_access_grants do
+      primary_key :id
+      foreign_key :application_id, :oauth_applications, null: false, on_delete: :cascade
+      column :resource_owner_id, Integer, null: false
+      column :token, String, size: 255, null: false, index: { unique: true }
+      column :expires_in, Integer, null: false
+      column :redirect_uri, String, null: false
+      column :created_at, DateTime, null: false
+      column :revoked_at, DateTime
+      column :scopes, String, size: 255
+    end
+    create_table :oauth_access_tokens do
+      primary_key :id
+      foreign_key :application_id, :oauth_applications, null: false, on_delete: :cascade
+      column :resource_owner_id, Integer, index: true
+      # If you use a custom token generator you may need to change this column
+      # from string to text, so that it accepts tokens larger than 255
+      # characters. More info on custom token generators in:
+      # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+      #
+      # column :token, String, null: false
+      column :token, String, size: 255, null: false, index: { unique: true }
+      column :refresh_token, String, size: 255, index: { unique: true }
+      # If there is a previous_refresh_token column,
+      # refresh tokens will be revoked after a related access token is used.
+      # If there is no previous_refresh_token column,
+      # previous tokens are revoked as soon as a new access token is created.
+      # Comment out this line if you'd rather have refresh tokens
+      # instantly revoked.
+      column :previous_refresh_token, String, size: 255, null: false, default: ''
+      column :expires_in, Integer
+      column :revoked_at, DateTime
+      column :created_at, DateTime, null: false
+      column :scopes, String, size: 255
+    end
+  end
+end

data/spec/controllers/application_metal_controller.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require "spec_helper_integration"
+describe Doorkeeper::ApplicationMetalController do
+  it "lazy run hooks" do
+    i = 0
+    ActiveSupport.on_load(:doorkeeper_metal_controller) { i += 1 }
+    expect(i).to eq 1
+  end
+end

data/spec/controllers/applications_controller_spec.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'spec_helper_integration'
+module Doorkeeper
+  describe ApplicationsController do
+    context 'when admin is not authenticated' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
+          redirect_to main_app.root_url
+        end)
+      end
+      it 'redirects as set in Doorkeeper.authenticate_admin' do
+        get :index
+        expect(response).to redirect_to(controller.main_app.root_url)
+      end
+      it 'does not create application' do
+        expect do
+          post :create, doorkeeper_application: {
+            name: 'Example',
+            redirect_uri: 'https://example.com' }
+        end.to_not change { Doorkeeper::Application.count }
+      end
+    end
+    context 'when admin is authenticated' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(arg) { true })
+      end
+      it 'creates application' do
+        expect do
+          post :create, doorkeeper_application: {
+            name: 'Example',
+            redirect_uri: 'https://example.com' }
+        end.to change { Doorkeeper::Application.count }.by(1)
+        expect(response).to be_redirect
+      end
+      it 'does not allow mass assignment of uid or secret' do
+        application = FactoryGirl.create(:application)
+        put :update, id: application.id, doorkeeper_application: {
+          uid: '1A2B3C4D',
+          secret: '1A2B3C4D' }
+        expect(application.reload.uid).not_to eq '1A2B3C4D'
+      end
+      it 'updates application' do
+        application = FactoryGirl.create(:application)
+        put :update, id: application.id, doorkeeper_application: {
+          name: 'Example',
+          redirect_uri: 'https://example.com' }
+        expect(application.reload.name).to eq 'Example'
+      end
+    end
+  end
+end