doorkeeper-sequel 1.2.1

data/spec/dummy/app/controllers/semi_protected_resources_controller.rb

@@ -0,0 +1,11 @@
+class SemiProtectedResourcesController < ApplicationController
+  before_action :doorkeeper_authorize!, only: :index
+
+  def index
+    render plain: 'protected index'
+  end
+
+  def show
+    render plain: 'non protected show'
+  end
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,5 @@
+module ApplicationHelper
+  def current_user
+    @current_user ||= User.find_by_id(session[:user_id])
+  end
+end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,11 @@
+class User < Sequel::Model
+  class << self
+    def authenticate!(name, password)
+      User.where(name: name, password: password).first
+    end
+
+    def create!(values = {}, &block)
+      new(values, &block).save(raise_on_failure: true)
+    end
+  end
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= link_to "Sign in", '/sign_in' %>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/config/application.rb

@@ -0,0 +1,29 @@
+require File.expand_path('../boot', __FILE__)
+
+require "rails"
+
+%w(
+  action_controller
+  action_view
+  action_mailer
+  active_job
+  rails/test_unit
+  sprockets
+).each do |framework|
+  begin
+    require "#{framework}/railtie"
+  rescue LoadError
+  end
+end
+
+Bundler.require(*Rails.groups)
+
+require 'yaml'
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'bundler/setup'
+
+orm = ENV['BUNDLE_GEMFILE'].match(/Gemfile\.(.+)\.rb/)
+unless defined?(DOORKEEPER_ORM)
+  DOORKEEPER_ORM = (orm && orm[1]) || :active_record
+end
+
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,15 @@
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+test:
+  adapter: sqlite3
+  database: ":memory:"
+  timeout: 500
+
+production:
+  adapter: sqlite3
+  database: ":memory:"
+  timeout: 500

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Rails.application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,29 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+
+  config.eager_load = false
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,62 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to Rails.root.join("public/assets")
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Use a different logger for distributed setups
+  # config.logger = SyslogLogger.new
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  config.eager_load = true
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,44 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  # config.action_mailer.delivery_method = :test
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+
+  config.eager_load = true
+
+  if DOORKEEPER_ORM == :active_record
+    config.active_record.table_name_prefix = TABLE_NAME_PREFIX.to_s
+    config.active_record.table_name_suffix = TABLE_NAME_SUFFIX.to_s
+  end
+end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/db.rb

@@ -0,0 +1,74 @@
+# SQLite memory database
+DB = if defined?(JRUBY_VERSION)
+       Sequel.connect('jdbc:sqlite::memory:')
+     else
+       Sequel.sqlite
+     end
+
+DB.create_table :oauth_applications do
+  primary_key :id
+
+  column :name, String, size: 255, null: false
+  column :uid, String, size: 255, null: false, index: { unique: true }
+  column :secret, String, size: 255, null: false
+
+  column :scopes, String, size: 255, null: false, default: ''
+  column :redirect_uri, String
+
+  column :created_at, DateTime
+  column :updated_at, DateTime
+
+  column :owner_id, Integer
+  column :owner_type, String
+  index [:owner_id, :owner_type]
+end
+
+DB.create_table :oauth_access_grants do
+  primary_key :id
+  column :application_id, Integer
+
+  column :resource_owner_id, Integer, null: false
+
+  column :token, String, size: 255, null: false, index: { unique: true }
+  column :expires_in, Integer, null: false
+  column :redirect_uri, String, null: false
+  column :created_at, DateTime, null: false
+  column :revoked_at, DateTime
+  column :scopes, String, size: 255
+end
+
+DB.create_table :oauth_access_tokens do
+  primary_key :id
+  column :application_id, Integer
+
+  column :resource_owner_id, Integer, index: true
+
+  # If you use a custom token generator you may need to change this column
+  # from string to text, so that it accepts tokens larger than 255
+  # characters. More info on custom token generators in:
+  # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+  #
+  # column :token, String, null: false
+  column :token, String, size: 255, null: false, index: { unique: true }
+
+  column :refresh_token, String, size: 255, index: { unique: true }
+  # If there is a previous_refresh_token column,
+  # refresh tokens will be revoked after a related access token is used.
+  # If there is no previous_refresh_token column,
+  # previous tokens are revoked as soon as a new access token is created.
+  # Comment out this line if you'd rather have refresh tokens
+  # instantly revoked.
+  column :previous_refresh_token, String, size: 255, null: false, default: ''
+  column :expires_in, Integer
+  column :revoked_at, DateTime
+  column :created_at, DateTime, null: false
+  column :scopes, String, size: 255
+end
+
+DB.create_table :users do
+  primary_key :id
+  column :name, String, size: 255
+  column :created_at, DateTime
+  column :updated_at, DateTime
+  column :password, String, size: 255
+end

data/spec/dummy/config/initializers/doorkeeper.rb

@@ -0,0 +1,96 @@
+Doorkeeper.configure do
+  # Change the ORM that doorkeeper will use.
+  orm DOORKEEPER_ORM
+
+  # This block will be called to check whether the resource owner is authenticated or not.
+  resource_owner_authenticator do
+    # Put your resource owner authentication logic here.
+    User.where(id: session[:user_id]).first || redirect_to(root_url, alert: 'Needs sign in.')
+  end
+
+  # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
+  # admin_authenticator do
+  #   # Put your admin authentication logic here.
+  #   # Example implementation:
+  #   Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
+  # end
+
+  # Authorization Code expiration time (default 10 minutes).
+  # authorization_code_expires_in 10.minutes
+
+  # Access token expiration time (default 2 hours).
+  # If you want to disable expiration, set this to nil.
+  # access_token_expires_in 2.hours
+
+  # Reuse access token for the same resource owner within an application (disabled by default)
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
+  # reuse_access_token
+
+  # Issue access tokens with refresh token (disabled by default)
+  use_refresh_token
+
+  # Provide support for an owner to be assigned to each registered application (disabled by default)
+  # Optional parameter confirmation: true (default false) if you want to enforce ownership of
+  # a registered application
+  # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
+  # enable_application_owner confirmation: false
+
+  # Define access token scopes for your provider
+  # For more information go to
+  # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+  default_scopes  :public
+  optional_scopes :write, :update
+
+  # Change the way client credentials are retrieved from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:client_id` and `:client_secret` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # client_credentials :from_basic, :from_params
+
+  # Change the way access token is authenticated from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+
+  # Change the native redirect uri for client apps
+  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+  #
+  # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
+
+  # Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
+  # by default in non-development environments). OAuth2 delegates security in
+  # communication to the HTTPS protocol so it is wise to keep this enabled.
+  #
+  # force_ssl_in_redirect_uri !Rails.env.development?
+
+  # Specify what grant flows are enabled in array of Strings. The valid
+  # strings and the flows they enable are:
+  #
+  # "authorization_code" => Authorization Code Grant Flow
+  # "implicit"           => Implicit Grant Flow
+  # "password"           => Resource Owner Password Credentials Grant Flow
+  # "client_credentials" => Client Credentials Grant Flow
+  #
+  # If not specified, Doorkeeper enables authorization_code and
+  # client_credentials.
+  #
+  # implicit and password grant flows have risks that you should understand
+  # before enabling:
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #
+  # grant_flows %w(authorization_code client_credentials)
+
+  # Under some circumstances you might want to have applications auto-approved,
+  # so that the user skips the authorization step.
+  # For example if dealing with a trusted application.
+  # skip_authorization do |resource_owner, client|
+  #   client.superapp? or resource_owner.admin?
+  # end
+
+  # WWW-Authenticate Realm (default "Doorkeeper").
+  realm "Doorkeeper"
+end

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,9 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_key_base =
+  Dummy::Application.config.secret_token =
+  'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json]
+end
+
+# Disable root element in JSON by default.
+ActiveSupport.on_load(:active_record) do
+  self.include_root_in_json = false
+end

data/spec/dummy/config/locales/doorkeeper.en.yml

@@ -0,0 +1,5 @@
+en:
+  doorkeeper:
+    scopes:
+      public: "Access your public data"
+      write:  "Update your data"

data/spec/dummy/config/routes.rb

@@ -0,0 +1,52 @@
+Rails.application.routes.draw do
+  use_doorkeeper
+  use_doorkeeper scope: 'scope'
+
+  scope 'inner_space' do
+    use_doorkeeper scope: 'scope' do
+      controllers authorizations: 'custom_authorizations',
+                  tokens: 'custom_authorizations',
+                  applications: 'custom_authorizations',
+                  token_info: 'custom_authorizations'
+
+      as authorizations: 'custom_auth',
+         tokens: 'custom_token',
+         token_info: 'custom_token_info'
+    end
+  end
+
+  scope 'space' do
+    use_doorkeeper do
+      controllers authorizations: 'custom_authorizations',
+                  tokens: 'custom_authorizations',
+                  applications: 'custom_authorizations',
+                  token_info: 'custom_authorizations'
+
+      as authorizations: 'custom_auth',
+         tokens: 'custom_token',
+         token_info: 'custom_token_info'
+    end
+  end
+
+  scope 'outer_space' do
+    use_doorkeeper do
+      controllers authorizations: 'custom_authorizations',
+                  tokens: 'custom_authorizations',
+                  token_info: 'custom_authorizations'
+
+      as authorizations: 'custom_auth',
+         tokens: 'custom_token',
+         token_info: 'custom_token_info'
+
+      skip_controllers :tokens, :applications, :token_info
+    end
+  end
+
+  get 'metal.json' => 'metal#index'
+
+  get '/callback', to: 'home#callback'
+  get '/sign_in',  to: 'home#sign_in'
+  resources :semi_protected_resources
+  resources :full_protected_resources
+  root to: 'home#index'
+end

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/spec/dummy/db/migrate/20111122132257_create_users.rb

@@ -0,0 +1,9 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+
+      t.timestamps
+    end
+  end
+end

data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb

@@ -0,0 +1,5 @@
+class AddPasswordToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :password, :string
+  end
+end

data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb

@@ -0,0 +1,60 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         null: false
+      t.string  :uid,          null: false
+      t.string  :secret,       null: false
+      t.text    :redirect_uri, null: false
+      t.string  :scopes,       null: false, default: ''
+      t.timestamps             null: false
+    end
+
+    add_index :oauth_applications, :uid, unique: true
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, null: false
+      t.references :application,     null: false
+      t.string   :token,             null: false
+      t.integer  :expires_in,        null: false
+      t.text     :redirect_uri,      null: false
+      t.datetime :created_at,        null: false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_grants, :token, unique: true
+    add_foreign_key(
+      :oauth_access_grants,
+      :oauth_applications,
+      column: :application_id,
+    )
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.references :application
+
+      # If you use a custom token generator you may need to change this column
+      # from string to text, so that it accepts tokens larger than 255
+      # characters. More info on custom token generators in:
+      # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+      #
+      # t.text     :token,             null: false
+      t.string   :token,             null: false
+
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        null: false
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+    add_foreign_key(
+      :oauth_access_tokens,
+      :oauth_applications,
+      column: :application_id,
+    )
+  end
+end

data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb

@@ -0,0 +1,7 @@
+class AddOwnerToApplication < ActiveRecord::Migration
+  def change
+    add_column :oauth_applications, :owner_id, :integer, null: true
+    add_column :oauth_applications, :owner_type, :string, null: true
+    add_index :oauth_applications, [:owner_id, :owner_type]
+  end
+end

data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb

@@ -0,0 +1,11 @@
+class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration
+  def change
+    add_column(
+      :oauth_access_tokens,
+      :previous_refresh_token,
+      :string,
+      default: "",
+      null: false
+    )
+  end
+end