doorkeeper-sequel 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitmodules +1 -0
- data/CHANGELOG.md +6 -0
- data/README.md +4 -3
- data/Rakefile +1 -0
- data/config/locales/en.yml +1 -0
- data/doorkeeper-sequel.gemspec +1 -2
- data/lib/doorkeeper-sequel.rb +12 -7
- data/lib/doorkeeper-sequel/gem_version.rb +1 -1
- data/lib/doorkeeper-sequel/generators/confidential_applications_generator.rb +14 -0
- data/lib/doorkeeper-sequel/generators/templates/add_confidential_to_application_migration.rb +7 -0
- data/lib/doorkeeper-sequel/generators/templates/create_doorkeeper_tables.rb +1 -0
- data/lib/doorkeeper-sequel/mixins/access_grant_mixin.rb +46 -0
- data/lib/doorkeeper-sequel/mixins/access_token_mixin.rb +164 -0
- data/lib/doorkeeper-sequel/mixins/application_mixin.rb +93 -0
- data/lib/doorkeeper-sequel/mixins/concerns/ownership.rb +15 -0
- data/lib/doorkeeper-sequel/mixins/concerns/sequel_compat.rb +63 -0
- data/lib/doorkeeper-sequel/validators/redirect_uri_validator.rb +65 -0
- data/lib/doorkeeper/orm/sequel.rb +2 -3
- data/lib/doorkeeper/orm/sequel/access_grant.rb +1 -3
- data/lib/doorkeeper/orm/sequel/access_token.rb +1 -8
- data/lib/doorkeeper/orm/sequel/application.rb +5 -3
- data/spec/stubs/config/initializers/db.rb +1 -0
- data/spec/stubs/models/user.rb +1 -1
- metadata +62 -36
- data/lib/doorkeeper/orm/sequel/models/access_grant_mixin.rb +0 -50
- data/lib/doorkeeper/orm/sequel/models/access_token_mixin.rb +0 -168
- data/lib/doorkeeper/orm/sequel/models/application_mixin.rb +0 -70
- data/lib/doorkeeper/orm/sequel/models/concerns/ownership.rb +0 -19
- data/lib/doorkeeper/orm/sequel/models/concerns/sequel_compat.rb +0 -59
- data/lib/doorkeeper/orm/sequel/validators/redirect_uri_validator.rb +0 -57
@@ -1,168 +0,0 @@
|
|
1
|
-
module Doorkeeper
|
2
|
-
module Orm
|
3
|
-
module Sequel
|
4
|
-
module AccessTokenMixin
|
5
|
-
extend ActiveSupport::Concern
|
6
|
-
|
7
|
-
include SequelCompat
|
8
|
-
include OAuth::Helpers
|
9
|
-
include Models::Expirable
|
10
|
-
include Models::Revocable
|
11
|
-
include Models::Accessible
|
12
|
-
include Models::Scopes
|
13
|
-
|
14
|
-
included do
|
15
|
-
plugin :validation_helpers
|
16
|
-
plugin :timestamps
|
17
|
-
|
18
|
-
many_to_one :application, class: 'Doorkeeper::Application'
|
19
|
-
|
20
|
-
attr_writer :use_refresh_token
|
21
|
-
|
22
|
-
set_allowed_columns :application_id, :resource_owner_id, :expires_in,
|
23
|
-
:scopes, :use_refresh_token, :previous_refresh_token
|
24
|
-
|
25
|
-
def before_validation
|
26
|
-
if new?
|
27
|
-
generate_token
|
28
|
-
generate_refresh_token if use_refresh_token?
|
29
|
-
end
|
30
|
-
|
31
|
-
super
|
32
|
-
end
|
33
|
-
|
34
|
-
def validate
|
35
|
-
super
|
36
|
-
validates_presence [:token]
|
37
|
-
validates_unique [:token]
|
38
|
-
|
39
|
-
validates_unique [:refresh_token] if use_refresh_token?
|
40
|
-
end
|
41
|
-
|
42
|
-
def application_id?
|
43
|
-
application_id.present?
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
module ClassMethods
|
48
|
-
def by_token(token)
|
49
|
-
first(token: token.to_s)
|
50
|
-
end
|
51
|
-
|
52
|
-
def by_refresh_token(refresh_token)
|
53
|
-
first(refresh_token: refresh_token.to_s)
|
54
|
-
end
|
55
|
-
|
56
|
-
def revoke_all_for(application_id, resource_owner, clock = Time)
|
57
|
-
where(application_id: application_id,
|
58
|
-
resource_owner_id: resource_owner.id,
|
59
|
-
revoked_at: nil)
|
60
|
-
.update(revoked_at: clock.now.utc)
|
61
|
-
end
|
62
|
-
|
63
|
-
def matching_token_for(application, resource_owner_or_id, scopes)
|
64
|
-
resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
|
65
|
-
resource_owner_or_id.id
|
66
|
-
else
|
67
|
-
resource_owner_or_id
|
68
|
-
end
|
69
|
-
token = last_authorized_token_for(application.try(:id), resource_owner_id)
|
70
|
-
if token && scopes_match?(token.scopes, scopes, application.try(:scopes))
|
71
|
-
token
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
def scopes_match?(token_scopes, param_scopes, app_scopes)
|
76
|
-
(token_scopes.blank? && param_scopes.blank?) ||
|
77
|
-
Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
|
78
|
-
token_scopes.to_s,
|
79
|
-
param_scopes,
|
80
|
-
app_scopes
|
81
|
-
)
|
82
|
-
end
|
83
|
-
|
84
|
-
def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
|
85
|
-
if Doorkeeper.configuration.reuse_access_token
|
86
|
-
access_token = matching_token_for(application, resource_owner_id, scopes)
|
87
|
-
return access_token if access_token && !access_token.expired?
|
88
|
-
end
|
89
|
-
|
90
|
-
create!(
|
91
|
-
application_id: application.try(:id),
|
92
|
-
resource_owner_id: resource_owner_id,
|
93
|
-
scopes: scopes.to_s,
|
94
|
-
expires_in: expires_in,
|
95
|
-
use_refresh_token: use_refresh_token
|
96
|
-
)
|
97
|
-
end
|
98
|
-
|
99
|
-
def last_authorized_token_for(application_id, resource_owner_id)
|
100
|
-
where(application_id: application_id,
|
101
|
-
resource_owner_id: resource_owner_id,
|
102
|
-
revoked_at: nil)
|
103
|
-
.send(order_method, created_at_desc)
|
104
|
-
.first
|
105
|
-
end
|
106
|
-
end
|
107
|
-
|
108
|
-
def token_type
|
109
|
-
'bearer'
|
110
|
-
end
|
111
|
-
|
112
|
-
def use_refresh_token?
|
113
|
-
!!@use_refresh_token
|
114
|
-
end
|
115
|
-
|
116
|
-
def as_json(_options = {})
|
117
|
-
{
|
118
|
-
resource_owner_id: resource_owner_id,
|
119
|
-
scopes: scopes,
|
120
|
-
expires_in_seconds: expires_in_seconds,
|
121
|
-
application: { uid: application.try(:uid) },
|
122
|
-
created_at: created_at.to_i
|
123
|
-
}
|
124
|
-
end
|
125
|
-
|
126
|
-
# It indicates whether the tokens have the same credential
|
127
|
-
def same_credential?(access_token)
|
128
|
-
application_id == access_token.application_id &&
|
129
|
-
resource_owner_id == access_token.resource_owner_id
|
130
|
-
end
|
131
|
-
|
132
|
-
def acceptable?(scopes)
|
133
|
-
accessible? && includes_scope?(*scopes)
|
134
|
-
end
|
135
|
-
|
136
|
-
private
|
137
|
-
|
138
|
-
def generate_refresh_token
|
139
|
-
self[:refresh_token] = UniqueToken.generate
|
140
|
-
end
|
141
|
-
|
142
|
-
def generate_token
|
143
|
-
self[:created_at] ||= Time.now.utc
|
144
|
-
|
145
|
-
generator = token_generator
|
146
|
-
unless generator.respond_to?(:generate)
|
147
|
-
raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
|
148
|
-
end
|
149
|
-
|
150
|
-
self[:token] = generator.generate(
|
151
|
-
resource_owner_id: resource_owner_id,
|
152
|
-
scopes: scopes,
|
153
|
-
application: application,
|
154
|
-
expires_in: expires_in,
|
155
|
-
created_at: created_at
|
156
|
-
)
|
157
|
-
end
|
158
|
-
|
159
|
-
def token_generator
|
160
|
-
generator_name = Doorkeeper.configuration.access_token_generator
|
161
|
-
generator_name.constantize
|
162
|
-
rescue NameError
|
163
|
-
raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
|
164
|
-
end
|
165
|
-
end
|
166
|
-
end
|
167
|
-
end
|
168
|
-
end
|
@@ -1,70 +0,0 @@
|
|
1
|
-
require_relative '../validators/redirect_uri_validator'
|
2
|
-
|
3
|
-
module Doorkeeper
|
4
|
-
module Orm
|
5
|
-
module Sequel
|
6
|
-
module ApplicationMixin
|
7
|
-
extend ActiveSupport::Concern
|
8
|
-
|
9
|
-
include SequelCompat
|
10
|
-
include OAuth::Helpers
|
11
|
-
include Models::Scopes
|
12
|
-
include Doorkeeper::Orm::Sequel::RedirectUriValidator
|
13
|
-
|
14
|
-
included do
|
15
|
-
plugin :validation_helpers
|
16
|
-
plugin :timestamps
|
17
|
-
plugin :association_dependencies
|
18
|
-
|
19
|
-
one_to_many :access_grants, class: 'Doorkeeper::AccessGrant'
|
20
|
-
one_to_many :access_tokens, class: 'Doorkeeper::AccessToken'
|
21
|
-
|
22
|
-
add_association_dependencies access_grants: :delete, access_tokens: :delete
|
23
|
-
|
24
|
-
set_allowed_columns :name, :redirect_uri, :scopes
|
25
|
-
|
26
|
-
def before_validation
|
27
|
-
generate_uid
|
28
|
-
generate_secret
|
29
|
-
super
|
30
|
-
end
|
31
|
-
|
32
|
-
def validate
|
33
|
-
super
|
34
|
-
validates_presence [:name, :secret, :uid]
|
35
|
-
validates_unique [:uid]
|
36
|
-
validates_redirect_uri :redirect_uri
|
37
|
-
|
38
|
-
if respond_to?(:validate_owner?)
|
39
|
-
validates_presence [:owner_id] if validate_owner?
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
module ClassMethods
|
45
|
-
def by_uid_and_secret(uid, secret)
|
46
|
-
first(uid: uid.to_s, secret: secret.to_s)
|
47
|
-
end
|
48
|
-
|
49
|
-
def by_uid(uid)
|
50
|
-
first(uid: uid.to_s)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
private
|
55
|
-
|
56
|
-
def has_scopes?
|
57
|
-
Doorkeeper::Application.columns.include?('scopes')
|
58
|
-
end
|
59
|
-
|
60
|
-
def generate_uid
|
61
|
-
self.uid = UniqueToken.generate if uid.blank? && new?
|
62
|
-
end
|
63
|
-
|
64
|
-
def generate_secret
|
65
|
-
self.secret = UniqueToken.generate if secret.blank? && new?
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
@@ -1,19 +0,0 @@
|
|
1
|
-
module Doorkeeper
|
2
|
-
module Orm
|
3
|
-
module Sequel
|
4
|
-
module Ownership
|
5
|
-
extend ActiveSupport::Concern
|
6
|
-
|
7
|
-
included do
|
8
|
-
plugin :polymorphic
|
9
|
-
|
10
|
-
many_to_one :owner, polymorphic: true
|
11
|
-
|
12
|
-
def validate_owner?
|
13
|
-
Doorkeeper.configuration.confirm_application_owner?
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,59 +0,0 @@
|
|
1
|
-
module Doorkeeper
|
2
|
-
module Orm
|
3
|
-
module Sequel
|
4
|
-
module SequelCompat
|
5
|
-
extend ActiveSupport::Concern
|
6
|
-
|
7
|
-
# ActiveRecord methods used by Doorkeeper outside the ORM.
|
8
|
-
# Should be extracted at the architectural level.
|
9
|
-
included do
|
10
|
-
plugin :active_model
|
11
|
-
|
12
|
-
# Sequel 4.47 and higher deprecated #set_allowed_columns
|
13
|
-
if (::Sequel::MAJOR >= 4 && ::Sequel::MINOR >= 47) || ::Sequel::MAJOR >= 5
|
14
|
-
plugin :whitelist_security
|
15
|
-
end
|
16
|
-
|
17
|
-
self.raise_on_save_failure = false
|
18
|
-
|
19
|
-
def update_attribute(column, value)
|
20
|
-
self[column] = value
|
21
|
-
save(columns: [column.to_sym], validate: false)
|
22
|
-
end
|
23
|
-
|
24
|
-
def update_attributes(*args)
|
25
|
-
update(*args)
|
26
|
-
end
|
27
|
-
|
28
|
-
def save!(*)
|
29
|
-
save(raise_on_failure: true)
|
30
|
-
end
|
31
|
-
|
32
|
-
def transaction(opts = {}, &block)
|
33
|
-
db.transaction(opts, &block)
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
module ClassMethods
|
38
|
-
def create!(values = {}, &block)
|
39
|
-
new(values, &block).save(raise_on_failure: true)
|
40
|
-
end
|
41
|
-
|
42
|
-
def table_exists?
|
43
|
-
db.table_exists?(table_name)
|
44
|
-
end
|
45
|
-
|
46
|
-
# find(1) or find("1") - will work like find(id: 1)
|
47
|
-
# find(name: 'John') - will work like find(name: 'John')
|
48
|
-
def find(*args, &block)
|
49
|
-
if args.first.is_a?(Hash)
|
50
|
-
super(*args, &block)
|
51
|
-
else
|
52
|
-
super(id: args)
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
@@ -1,57 +0,0 @@
|
|
1
|
-
module Doorkeeper
|
2
|
-
module Orm
|
3
|
-
module Sequel
|
4
|
-
module RedirectUriValidator
|
5
|
-
extend ActiveSupport::Concern
|
6
|
-
|
7
|
-
included do
|
8
|
-
def validates_redirect_uri(attribute)
|
9
|
-
value = self[attribute]
|
10
|
-
|
11
|
-
if value.blank?
|
12
|
-
add_error(attribute, :blank)
|
13
|
-
else
|
14
|
-
value.split.each do |val|
|
15
|
-
uri = ::URI.parse(val)
|
16
|
-
return true if native_redirect_uri?(uri)
|
17
|
-
validate_uri(uri, attribute)
|
18
|
-
end
|
19
|
-
end
|
20
|
-
rescue URI::InvalidURIError
|
21
|
-
add_error(attribute, :invalid_uri)
|
22
|
-
end
|
23
|
-
|
24
|
-
private
|
25
|
-
|
26
|
-
def native_redirect_uri?(uri)
|
27
|
-
native_redirect_uri.present? && uri.to_s == native_redirect_uri.to_s
|
28
|
-
end
|
29
|
-
|
30
|
-
def validate_uri(uri, attribute)
|
31
|
-
{
|
32
|
-
fragment_present: uri.fragment.present?,
|
33
|
-
relative_uri: uri.scheme.nil? || uri.host.nil?,
|
34
|
-
secured_uri: invalid_ssl_uri?(uri)
|
35
|
-
}.each do |error, condition|
|
36
|
-
add_error(attribute, error) if condition
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
def invalid_ssl_uri?(uri)
|
41
|
-
forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
|
42
|
-
forces_ssl && uri.try(:scheme) == 'http'
|
43
|
-
end
|
44
|
-
|
45
|
-
def native_redirect_uri
|
46
|
-
Doorkeeper.configuration.native_redirect_uri
|
47
|
-
end
|
48
|
-
|
49
|
-
def add_error(attribute, error)
|
50
|
-
scope = 'sequel.errors.models.doorkeeper/application.attributes.redirect_uri'
|
51
|
-
errors.add(attribute, I18n.t(error, scope: scope))
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|