doorkeeper-sequel 1.2.1

data/lib/doorkeeper/orm/sequel/models/access_token_mixin.rb

@@ -0,0 +1,163 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module AccessTokenMixin
+        extend ActiveSupport::Concern
+
+        include SequelCompat
+        include OAuth::Helpers
+        include Models::Expirable
+        include Models::Revocable
+        include Models::Accessible
+        include Models::Scopes
+
+        included do
+          plugin :validation_helpers
+          plugin :timestamps
+
+          many_to_one :application, class: 'Doorkeeper::Application'
+
+          attr_writer :use_refresh_token
+
+          set_allowed_columns :application_id, :resource_owner_id, :expires_in,
+                              :scopes, :use_refresh_token, :previous_refresh_token
+
+          def before_validation
+            if new?
+              generate_token
+              generate_refresh_token if use_refresh_token?
+            end
+
+            super
+          end
+
+          def validate
+            super
+            validates_presence [:token]
+            validates_unique [:token]
+
+            validates_unique [:refresh_token] if use_refresh_token?
+          end
+
+          def application_id?
+            application_id.present?
+          end
+        end
+
+        module ClassMethods
+          def by_token(token)
+            find(token: token.to_s)
+          end
+
+          def by_refresh_token(refresh_token)
+            find(refresh_token: refresh_token.to_s)
+          end
+
+          def revoke_all_for(application_id, resource_owner)
+            where(application_id: application_id,
+                  resource_owner_id: resource_owner.id,
+                  revoked_at: nil)
+              .each(&:revoke)
+          end
+
+          def matching_token_for(application, resource_owner_or_id, scopes)
+            resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
+                                  resource_owner_or_id.id
+                                else
+                                  resource_owner_or_id
+                                end
+            token = last_authorized_token_for(application.try(:id), resource_owner_id)
+            if token && scopes_match?(token.scopes, scopes, application.try(:scopes))
+              token
+            end
+          end
+
+          def scopes_match?(token_scopes, param_scopes, app_scopes)
+            (!token_scopes.present? && !param_scopes.present?) ||
+              Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
+                token_scopes.to_s,
+                param_scopes,
+                app_scopes
+              )
+          end
+
+          def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
+            if Doorkeeper.configuration.reuse_access_token
+              access_token = matching_token_for(application, resource_owner_id, scopes)
+              if access_token && !access_token.expired?
+                return access_token
+              end
+            end
+
+            create!(
+              application_id: application.try(:id),
+              resource_owner_id: resource_owner_id,
+              scopes: scopes.to_s,
+              expires_in: expires_in,
+              use_refresh_token: use_refresh_token
+            )
+          end
+
+          def last_authorized_token_for(application_id, resource_owner_id)
+            where(application_id: application_id,
+                  resource_owner_id: resource_owner_id,
+                  revoked_at: nil)
+              .send(order_method, created_at_desc)
+              .first
+          end
+        end
+
+        def token_type
+          'bearer'
+        end
+
+        def use_refresh_token?
+          !!@use_refresh_token
+        end
+
+        def as_json(_options = {})
+          {
+            resource_owner_id: resource_owner_id,
+            scopes: scopes,
+            expires_in_seconds: expires_in_seconds,
+            application: { uid: application.try(:uid) },
+            created_at: created_at.to_i
+          }
+        end
+
+        # It indicates whether the tokens have the same credential
+        def same_credential?(access_token)
+          application_id == access_token.application_id &&
+            resource_owner_id == access_token.resource_owner_id
+        end
+
+        def acceptable?(scopes)
+          accessible? && includes_scope?(*scopes)
+        end
+
+        private
+
+        def generate_refresh_token
+          self[:refresh_token] = UniqueToken.generate
+        end
+
+        def generate_token
+          self[:created_at] ||= Time.now.utc
+
+          generator = Doorkeeper.configuration.access_token_generator.constantize
+          self[:token] = generator.generate(
+            resource_owner_id: resource_owner_id,
+            scopes: scopes,
+            application: application,
+            expires_in: expires_in,
+            created_at: created_at
+          )
+        rescue NoMethodError
+          raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
+        rescue NameError
+          raise Errors::TokenGeneratorNotFound, "#{generator} not found"
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/models/application_mixin.rb

@@ -0,0 +1,70 @@
+require_relative '../validators/redirect_uri_validator'
+
+module Doorkeeper
+  module Orm
+    module Sequel
+      module ApplicationMixin
+        extend ActiveSupport::Concern
+
+        include SequelCompat
+        include OAuth::Helpers
+        include Models::Scopes
+        include Doorkeeper::Orm::Sequel::RedirectUriValidator
+
+        included do
+          plugin :validation_helpers
+          plugin :timestamps
+          plugin :association_dependencies
+
+          one_to_many :access_grants, class: 'Doorkeeper::AccessGrant'
+          one_to_many :access_tokens, class: 'Doorkeeper::AccessToken'
+
+          add_association_dependencies access_grants: :delete, access_tokens: :delete
+
+          set_allowed_columns :name, :redirect_uri, :scopes
+
+          def before_validation
+            generate_uid
+            generate_secret
+            super
+          end
+
+          def validate
+            super
+            validates_presence [:name, :secret, :uid]
+            validates_unique [:uid]
+            validates_redirect_uri :redirect_uri
+
+            if respond_to?(:validate_owner?)
+              validates_presence [:owner_id] if validate_owner?
+            end
+          end
+        end
+
+        module ClassMethods
+          def by_uid_and_secret(uid, secret)
+            find(uid: uid.to_s, secret: secret.to_s)
+          end
+
+          def by_uid(uid)
+            find(uid: uid.to_s)
+          end
+        end
+
+        private
+
+        def has_scopes?
+          Doorkeeper::Application.columns.include?('scopes')
+        end
+
+        def generate_uid
+          self.uid = UniqueToken.generate if uid.blank? && new?
+        end
+
+        def generate_secret
+          self.secret = UniqueToken.generate if secret.blank? && new?
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/models/concerns/ownership.rb

@@ -0,0 +1,19 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module Ownership
+        extend ActiveSupport::Concern
+
+        included do
+          plugin :polymorphic
+
+          many_to_one :owner, polymorphic: true
+
+          def validate_owner?
+            Doorkeeper.configuration.confirm_application_owner?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/models/concerns/sequel_compat.rb

@@ -0,0 +1,40 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module SequelCompat
+        extend ActiveSupport::Concern
+
+        # ActiveRecord methods used by Doorkeeper outside the ORM.
+        # Should be extracted at the architectural level.
+        included do
+          plugin :active_model
+
+          self.raise_on_save_failure = false
+
+          def update_attribute(column, value)
+            self[column] = value
+            save(columns: [column.to_sym], validate: false)
+          end
+
+          def update_attributes(*args)
+            update(*args)
+          end
+
+          def save!(*)
+            save(raise_on_failure: true)
+          end
+
+          def transaction(opts = {}, &block)
+            db.transaction(opts, &block)
+          end
+        end
+
+        module ClassMethods
+          def create!(values = {}, &block)
+            new(values, &block).save(raise_on_failure: true)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel/validators/redirect_uri_validator.rb

@@ -0,0 +1,49 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      module RedirectUriValidator
+        extend ActiveSupport::Concern
+
+        included do
+          def validates_redirect_uri(attribute)
+            value = self[attribute]
+
+            if value.blank?
+              errors.add(attribute, I18n.t(:blank, scope: redirect_uri_errors))
+            else
+              value.split.each do |val|
+                uri = ::URI.parse(val)
+                return true if native_redirect_uri?(uri)
+                errors.add(attribute, I18n.t(:fragment_present, scope: redirect_uri_errors)) unless uri.fragment.nil?
+                errors.add(attribute, I18n.t(:relative_uri, scope: redirect_uri_errors)) if uri.scheme.nil? || uri.host.nil?
+                errors.add(attribute, I18n.t(:secured_uri, scope: redirect_uri_errors)) if invalid_ssl_uri?(uri)
+              end
+            end
+          rescue URI::InvalidURIError
+            errors.add(attribute, I18n.t(:invalid_uri, scope: redirect_uri_errors))
+          end
+
+          private
+
+          def native_redirect_uri?(uri)
+            native_redirect_uri.present? && uri.to_s == native_redirect_uri.to_s
+          end
+
+          def invalid_ssl_uri?(uri)
+            forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
+            forces_ssl && uri.try(:scheme) == 'http'
+          end
+
+          def native_redirect_uri
+            Doorkeeper.configuration.native_redirect_uri
+          end
+
+          # TODO: plugin? Merge to DEFAULT_OPTIONS?
+          def redirect_uri_errors
+            'sequel.errors.models.doorkeeper/application.attributes.redirect_uri'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/sequel.rb

@@ -0,0 +1,18 @@
+module Doorkeeper
+  module Orm
+    module Sequel
+      def self.initialize_models!
+        require 'doorkeeper/orm/sequel/models/concerns/sequel_compat'
+        require 'doorkeeper/orm/sequel/access_grant'
+        require 'doorkeeper/orm/sequel/access_token'
+        require 'doorkeeper/orm/sequel/application'
+      end
+
+      def self.initialize_application_owner!
+        require 'doorkeeper/orm/sequel/models/concerns/ownership'
+
+        Doorkeeper::Application.send :include, Doorkeeper::Orm::Sequel::Ownership
+      end
+    end
+  end
+end

data/lib/doorkeeper-sequel/gem_version.rb

@@ -0,0 +1,13 @@
+module DoorkeeperSequel
+  def self.gem_version
+    Gem::Version.new VERSION::STRING
+  end
+
+  module VERSION
+    MAJOR = 1
+    MINOR = 2
+    TINY  = 1
+
+    STRING = [MAJOR, MINOR, TINY].compact.join('.')
+  end
+end

data/lib/doorkeeper-sequel/version.rb

@@ -0,0 +1,7 @@
+require_relative 'gem_version'
+
+module DoorkeeperSequel
+  def self.version
+    gem_version
+  end
+end

data/lib/doorkeeper-sequel.rb

@@ -0,0 +1,18 @@
+require 'doorkeeper-sequel/version'
+
+require 'doorkeeper'
+
+require 'doorkeeper/orm/sequel'
+
+module DoorkeeperSequel
+  def load_locales
+    locales_dir = File.expand_path('../../config/locales', __FILE__)
+    locales = Dir[File.join(locales_dir, '*.yml')]
+
+    I18n.load_path |= locales
+  end
+
+  module_function :load_locales
+end
+
+DoorkeeperSequel.load_locales

data/lib/generators/doorkeeper/sequel/application_owner_generator.rb

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Sequel
+    class ApplicationOwnerGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      desc 'Provide support for client application ownership.'
+
+      def install
+        copy_file 'add_owner_to_application.rb', migration_file_name
+      end
+
+      private
+
+      def migration_file_name
+        "db/migrate/#{migration_timestamp}_add_owner_to_application.rb"
+      end
+
+      def migration_timestamp
+        Time.current.strftime('%Y%m%d%H%M%S')
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/migration_generator.rb

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Sequel
+    class MigrationGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      desc 'Installs Doorkeeper Sequel migration file.'
+
+      def install
+        copy_file 'migration.rb', migration_file_name
+      end
+
+      private
+
+      def migration_file_name
+        "db/migrate/#{migration_timestamp}_create_doorkeeper_tables.rb"
+      end
+
+      def migration_timestamp
+        Time.current.strftime('%Y%m%d%H%M%S')
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/previous_refresh_token_generator.rb

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Sequel
+    class PreviousRefreshTokenGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      desc 'Support revoke refresh token on access token use'
+
+      def install
+        copy_file 'add_previous_refresh_token_to_access_tokens.rb', migration_file_name
+      end
+
+      private
+
+      def migration_file_name
+        "db/migrate/#{migration_timestamp}_add_previous_refresh_token_to_access_tokens.rb"
+      end
+
+      def migration_timestamp
+        Time.current.strftime('%Y%m%d%H%M%S')
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/templates/add_owner_to_application.rb

@@ -0,0 +1,9 @@
+Sequel.migration do
+  change do
+    alter_table(:oauth_applications) do
+      add_column :owner_id, Integer, null: true
+      add_column :owner_type, String, null: true
+      add_index [:owner_id, :owner_type]
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/templates/add_previous_refresh_token_to_access_tokens.rb

@@ -0,0 +1,7 @@
+Sequel.migration do
+  change do
+    alter_table(:oauth_access_tokens) do
+      add_column :previous_refresh_token, String, default: '', null: false
+    end
+  end
+end

data/lib/generators/doorkeeper/sequel/templates/migration.rb

@@ -0,0 +1,59 @@
+Sequel.migration do
+  change do
+    create_table :oauth_applications do
+      primary_key :id
+
+      column :name, String, size: 255, null: false
+      column :uid, String, size: 255, null: false, index: { unique: true }
+      column :secret, String, size: 255, null: false
+
+      column :scopes, String, size: 255, null: false, default: ''
+      column :redirect_uri, String
+
+      column :created_at, DateTime
+      column :updated_at, DateTime
+    end
+
+    create_table :oauth_access_grants do
+      primary_key :id
+      foreign_key :application_id, :oauth_applications, null: false, on_delete: :cascade
+
+      column :resource_owner_id, Integer, null: false
+
+      column :token, String, size: 255, null: false, index: { unique: true }
+      column :expires_in, Integer, null: false
+      column :redirect_uri, String, null: false
+      column :created_at, DateTime, null: false
+      column :revoked_at, DateTime
+      column :scopes, String, size: 255
+    end
+
+    create_table :oauth_access_tokens do
+      primary_key :id
+      foreign_key :application_id, :oauth_applications, null: false, on_delete: :cascade
+
+      column :resource_owner_id, Integer, index: true
+
+      # If you use a custom token generator you may need to change this column
+      # from string to text, so that it accepts tokens larger than 255
+      # characters. More info on custom token generators in:
+      # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+      #
+      # column :token, String, null: false
+      column :token, String, size: 255, null: false, index: { unique: true }
+
+      column :refresh_token, String, size: 255, index: { unique: true }
+      # If there is a previous_refresh_token column,
+      # refresh tokens will be revoked after a related access token is used.
+      # If there is no previous_refresh_token column,
+      # previous tokens are revoked as soon as a new access token is created.
+      # Comment out this line if you'd rather have refresh tokens
+      # instantly revoked.
+      column :previous_refresh_token, String, size: 255, null: false, default: ''
+      column :expires_in, Integer
+      column :revoked_at, DateTime
+      column :created_at, DateTime, null: false
+      column :scopes, String, size: 255
+    end
+  end
+end

data/spec/controllers/application_metal_controller.rb

@@ -0,0 +1,10 @@
+require "spec_helper_integration"
+
+describe Doorkeeper::ApplicationMetalController do
+  it "lazy run hooks" do
+    i = 0
+    ActiveSupport.on_load(:doorkeeper_metal_controller) { i += 1 }
+
+    expect(i).to eq 1
+  end
+end

data/spec/controllers/applications_controller_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper_integration'
+
+module Doorkeeper
+  describe ApplicationsController do
+    context 'when admin is not authenticated' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
+          redirect_to main_app.root_url
+        end)
+      end
+
+      it 'redirects as set in Doorkeeper.authenticate_admin' do
+        get :index
+        expect(response).to redirect_to(controller.main_app.root_url)
+      end
+
+      it 'does not create application' do
+        expect do
+          post :create, doorkeeper_application: {
+            name: 'Example',
+            redirect_uri: 'https://example.com' }
+        end.to_not change { Doorkeeper::Application.count }
+      end
+    end
+
+    context 'when admin is authenticated' do
+      before do
+        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(arg) { true })
+      end
+
+      it 'creates application' do
+        expect do
+          post :create, doorkeeper_application: {
+            name: 'Example',
+            redirect_uri: 'https://example.com' }
+        end.to change { Doorkeeper::Application.count }.by(1)
+        expect(response).to be_redirect
+      end
+
+      it 'does not allow mass assignment of uid or secret' do
+        application = FactoryGirl.create(:application)
+        put :update, id: application.id, doorkeeper_application: {
+          uid: '1A2B3C4D',
+          secret: '1A2B3C4D' }
+
+        expect(application.reload.uid).not_to eq '1A2B3C4D'
+      end
+
+      it 'updates application' do
+        application = FactoryGirl.create(:application)
+        put :update, id: application.id, doorkeeper_application: {
+          name: 'Example',
+          redirect_uri: 'https://example.com' }
+        expect(application.reload.name).to eq 'Example'
+      end
+    end
+  end
+end