doorkeeper-sequel 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. checksums.yaml +4 -4
  2. data/.gitmodules +1 -0
  3. data/CHANGELOG.md +6 -0
  4. data/README.md +4 -3
  5. data/Rakefile +1 -0
  6. data/config/locales/en.yml +1 -0
  7. data/doorkeeper-sequel.gemspec +1 -2
  8. data/lib/doorkeeper-sequel.rb +12 -7
  9. data/lib/doorkeeper-sequel/gem_version.rb +1 -1
  10. data/lib/doorkeeper-sequel/generators/confidential_applications_generator.rb +14 -0
  11. data/lib/doorkeeper-sequel/generators/templates/add_confidential_to_application_migration.rb +7 -0
  12. data/lib/doorkeeper-sequel/generators/templates/create_doorkeeper_tables.rb +1 -0
  13. data/lib/doorkeeper-sequel/mixins/access_grant_mixin.rb +46 -0
  14. data/lib/doorkeeper-sequel/mixins/access_token_mixin.rb +164 -0
  15. data/lib/doorkeeper-sequel/mixins/application_mixin.rb +93 -0
  16. data/lib/doorkeeper-sequel/mixins/concerns/ownership.rb +15 -0
  17. data/lib/doorkeeper-sequel/mixins/concerns/sequel_compat.rb +63 -0
  18. data/lib/doorkeeper-sequel/validators/redirect_uri_validator.rb +65 -0
  19. data/lib/doorkeeper/orm/sequel.rb +2 -3
  20. data/lib/doorkeeper/orm/sequel/access_grant.rb +1 -3
  21. data/lib/doorkeeper/orm/sequel/access_token.rb +1 -8
  22. data/lib/doorkeeper/orm/sequel/application.rb +5 -3
  23. data/spec/stubs/config/initializers/db.rb +1 -0
  24. data/spec/stubs/models/user.rb +1 -1
  25. metadata +62 -36
  26. data/lib/doorkeeper/orm/sequel/models/access_grant_mixin.rb +0 -50
  27. data/lib/doorkeeper/orm/sequel/models/access_token_mixin.rb +0 -168
  28. data/lib/doorkeeper/orm/sequel/models/application_mixin.rb +0 -70
  29. data/lib/doorkeeper/orm/sequel/models/concerns/ownership.rb +0 -19
  30. data/lib/doorkeeper/orm/sequel/models/concerns/sequel_compat.rb +0 -59
  31. data/lib/doorkeeper/orm/sequel/validators/redirect_uri_validator.rb +0 -57
@@ -1,168 +0,0 @@
1
- module Doorkeeper
2
- module Orm
3
- module Sequel
4
- module AccessTokenMixin
5
- extend ActiveSupport::Concern
6
-
7
- include SequelCompat
8
- include OAuth::Helpers
9
- include Models::Expirable
10
- include Models::Revocable
11
- include Models::Accessible
12
- include Models::Scopes
13
-
14
- included do
15
- plugin :validation_helpers
16
- plugin :timestamps
17
-
18
- many_to_one :application, class: 'Doorkeeper::Application'
19
-
20
- attr_writer :use_refresh_token
21
-
22
- set_allowed_columns :application_id, :resource_owner_id, :expires_in,
23
- :scopes, :use_refresh_token, :previous_refresh_token
24
-
25
- def before_validation
26
- if new?
27
- generate_token
28
- generate_refresh_token if use_refresh_token?
29
- end
30
-
31
- super
32
- end
33
-
34
- def validate
35
- super
36
- validates_presence [:token]
37
- validates_unique [:token]
38
-
39
- validates_unique [:refresh_token] if use_refresh_token?
40
- end
41
-
42
- def application_id?
43
- application_id.present?
44
- end
45
- end
46
-
47
- module ClassMethods
48
- def by_token(token)
49
- first(token: token.to_s)
50
- end
51
-
52
- def by_refresh_token(refresh_token)
53
- first(refresh_token: refresh_token.to_s)
54
- end
55
-
56
- def revoke_all_for(application_id, resource_owner, clock = Time)
57
- where(application_id: application_id,
58
- resource_owner_id: resource_owner.id,
59
- revoked_at: nil)
60
- .update(revoked_at: clock.now.utc)
61
- end
62
-
63
- def matching_token_for(application, resource_owner_or_id, scopes)
64
- resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
65
- resource_owner_or_id.id
66
- else
67
- resource_owner_or_id
68
- end
69
- token = last_authorized_token_for(application.try(:id), resource_owner_id)
70
- if token && scopes_match?(token.scopes, scopes, application.try(:scopes))
71
- token
72
- end
73
- end
74
-
75
- def scopes_match?(token_scopes, param_scopes, app_scopes)
76
- (token_scopes.blank? && param_scopes.blank?) ||
77
- Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
78
- token_scopes.to_s,
79
- param_scopes,
80
- app_scopes
81
- )
82
- end
83
-
84
- def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
85
- if Doorkeeper.configuration.reuse_access_token
86
- access_token = matching_token_for(application, resource_owner_id, scopes)
87
- return access_token if access_token && !access_token.expired?
88
- end
89
-
90
- create!(
91
- application_id: application.try(:id),
92
- resource_owner_id: resource_owner_id,
93
- scopes: scopes.to_s,
94
- expires_in: expires_in,
95
- use_refresh_token: use_refresh_token
96
- )
97
- end
98
-
99
- def last_authorized_token_for(application_id, resource_owner_id)
100
- where(application_id: application_id,
101
- resource_owner_id: resource_owner_id,
102
- revoked_at: nil)
103
- .send(order_method, created_at_desc)
104
- .first
105
- end
106
- end
107
-
108
- def token_type
109
- 'bearer'
110
- end
111
-
112
- def use_refresh_token?
113
- !!@use_refresh_token
114
- end
115
-
116
- def as_json(_options = {})
117
- {
118
- resource_owner_id: resource_owner_id,
119
- scopes: scopes,
120
- expires_in_seconds: expires_in_seconds,
121
- application: { uid: application.try(:uid) },
122
- created_at: created_at.to_i
123
- }
124
- end
125
-
126
- # It indicates whether the tokens have the same credential
127
- def same_credential?(access_token)
128
- application_id == access_token.application_id &&
129
- resource_owner_id == access_token.resource_owner_id
130
- end
131
-
132
- def acceptable?(scopes)
133
- accessible? && includes_scope?(*scopes)
134
- end
135
-
136
- private
137
-
138
- def generate_refresh_token
139
- self[:refresh_token] = UniqueToken.generate
140
- end
141
-
142
- def generate_token
143
- self[:created_at] ||= Time.now.utc
144
-
145
- generator = token_generator
146
- unless generator.respond_to?(:generate)
147
- raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
148
- end
149
-
150
- self[:token] = generator.generate(
151
- resource_owner_id: resource_owner_id,
152
- scopes: scopes,
153
- application: application,
154
- expires_in: expires_in,
155
- created_at: created_at
156
- )
157
- end
158
-
159
- def token_generator
160
- generator_name = Doorkeeper.configuration.access_token_generator
161
- generator_name.constantize
162
- rescue NameError
163
- raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
164
- end
165
- end
166
- end
167
- end
168
- end
@@ -1,70 +0,0 @@
1
- require_relative '../validators/redirect_uri_validator'
2
-
3
- module Doorkeeper
4
- module Orm
5
- module Sequel
6
- module ApplicationMixin
7
- extend ActiveSupport::Concern
8
-
9
- include SequelCompat
10
- include OAuth::Helpers
11
- include Models::Scopes
12
- include Doorkeeper::Orm::Sequel::RedirectUriValidator
13
-
14
- included do
15
- plugin :validation_helpers
16
- plugin :timestamps
17
- plugin :association_dependencies
18
-
19
- one_to_many :access_grants, class: 'Doorkeeper::AccessGrant'
20
- one_to_many :access_tokens, class: 'Doorkeeper::AccessToken'
21
-
22
- add_association_dependencies access_grants: :delete, access_tokens: :delete
23
-
24
- set_allowed_columns :name, :redirect_uri, :scopes
25
-
26
- def before_validation
27
- generate_uid
28
- generate_secret
29
- super
30
- end
31
-
32
- def validate
33
- super
34
- validates_presence [:name, :secret, :uid]
35
- validates_unique [:uid]
36
- validates_redirect_uri :redirect_uri
37
-
38
- if respond_to?(:validate_owner?)
39
- validates_presence [:owner_id] if validate_owner?
40
- end
41
- end
42
- end
43
-
44
- module ClassMethods
45
- def by_uid_and_secret(uid, secret)
46
- first(uid: uid.to_s, secret: secret.to_s)
47
- end
48
-
49
- def by_uid(uid)
50
- first(uid: uid.to_s)
51
- end
52
- end
53
-
54
- private
55
-
56
- def has_scopes?
57
- Doorkeeper::Application.columns.include?('scopes')
58
- end
59
-
60
- def generate_uid
61
- self.uid = UniqueToken.generate if uid.blank? && new?
62
- end
63
-
64
- def generate_secret
65
- self.secret = UniqueToken.generate if secret.blank? && new?
66
- end
67
- end
68
- end
69
- end
70
- end
@@ -1,19 +0,0 @@
1
- module Doorkeeper
2
- module Orm
3
- module Sequel
4
- module Ownership
5
- extend ActiveSupport::Concern
6
-
7
- included do
8
- plugin :polymorphic
9
-
10
- many_to_one :owner, polymorphic: true
11
-
12
- def validate_owner?
13
- Doorkeeper.configuration.confirm_application_owner?
14
- end
15
- end
16
- end
17
- end
18
- end
19
- end
@@ -1,59 +0,0 @@
1
- module Doorkeeper
2
- module Orm
3
- module Sequel
4
- module SequelCompat
5
- extend ActiveSupport::Concern
6
-
7
- # ActiveRecord methods used by Doorkeeper outside the ORM.
8
- # Should be extracted at the architectural level.
9
- included do
10
- plugin :active_model
11
-
12
- # Sequel 4.47 and higher deprecated #set_allowed_columns
13
- if (::Sequel::MAJOR >= 4 && ::Sequel::MINOR >= 47) || ::Sequel::MAJOR >= 5
14
- plugin :whitelist_security
15
- end
16
-
17
- self.raise_on_save_failure = false
18
-
19
- def update_attribute(column, value)
20
- self[column] = value
21
- save(columns: [column.to_sym], validate: false)
22
- end
23
-
24
- def update_attributes(*args)
25
- update(*args)
26
- end
27
-
28
- def save!(*)
29
- save(raise_on_failure: true)
30
- end
31
-
32
- def transaction(opts = {}, &block)
33
- db.transaction(opts, &block)
34
- end
35
- end
36
-
37
- module ClassMethods
38
- def create!(values = {}, &block)
39
- new(values, &block).save(raise_on_failure: true)
40
- end
41
-
42
- def table_exists?
43
- db.table_exists?(table_name)
44
- end
45
-
46
- # find(1) or find("1") - will work like find(id: 1)
47
- # find(name: 'John') - will work like find(name: 'John')
48
- def find(*args, &block)
49
- if args.first.is_a?(Hash)
50
- super(*args, &block)
51
- else
52
- super(id: args)
53
- end
54
- end
55
- end
56
- end
57
- end
58
- end
59
- end
@@ -1,57 +0,0 @@
1
- module Doorkeeper
2
- module Orm
3
- module Sequel
4
- module RedirectUriValidator
5
- extend ActiveSupport::Concern
6
-
7
- included do
8
- def validates_redirect_uri(attribute)
9
- value = self[attribute]
10
-
11
- if value.blank?
12
- add_error(attribute, :blank)
13
- else
14
- value.split.each do |val|
15
- uri = ::URI.parse(val)
16
- return true if native_redirect_uri?(uri)
17
- validate_uri(uri, attribute)
18
- end
19
- end
20
- rescue URI::InvalidURIError
21
- add_error(attribute, :invalid_uri)
22
- end
23
-
24
- private
25
-
26
- def native_redirect_uri?(uri)
27
- native_redirect_uri.present? && uri.to_s == native_redirect_uri.to_s
28
- end
29
-
30
- def validate_uri(uri, attribute)
31
- {
32
- fragment_present: uri.fragment.present?,
33
- relative_uri: uri.scheme.nil? || uri.host.nil?,
34
- secured_uri: invalid_ssl_uri?(uri)
35
- }.each do |error, condition|
36
- add_error(attribute, error) if condition
37
- end
38
- end
39
-
40
- def invalid_ssl_uri?(uri)
41
- forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
42
- forces_ssl && uri.try(:scheme) == 'http'
43
- end
44
-
45
- def native_redirect_uri
46
- Doorkeeper.configuration.native_redirect_uri
47
- end
48
-
49
- def add_error(attribute, error)
50
- scope = 'sequel.errors.models.doorkeeper/application.attributes.redirect_uri'
51
- errors.add(attribute, I18n.t(error, scope: scope))
52
- end
53
- end
54
- end
55
- end
56
- end
57
- end