doorkeeper 0.1.1 → 0.2.0

data/lib/doorkeeper/config/scope.rb

@@ -0,0 +1,11 @@
+module Doorkeeper
+  class Scope
+    attr_reader :name, :default, :description
+
+    def initialize(name, options = {})
+      @name = name
+      @default = options[:default] || false
+      @description = options[:description]
+    end
+  end
+end

data/lib/doorkeeper/config/scopes.rb

@@ -0,0 +1,57 @@
+module Doorkeeper
+  class Scopes
+    include Enumerable
+    REQUIRED_ELEMENT_METHOD = [:name, :default]
+
+    class IllegalElement < StandardError; end
+
+    delegate :each, :to => :@scopes
+
+    def initialize
+      @scopes = []
+    end
+
+    def [](name)
+      select do |scope|
+        scope.name.to_sym == name.to_sym
+      end.first
+    end
+
+    def exists? (scope)
+      self[scope].present?
+    end
+
+    def add (scope)
+      raise IllegalElement unless valid_element?(scope)
+      @scopes << scope
+    end
+
+    def all
+      @scopes
+    end
+
+    def defaults
+      select do |scope|
+        scope.default
+      end
+    end
+
+    def default_scope_string
+      defaults.map(&:name).join(" ")
+    end
+
+    def with_names(*names)
+      names = names.map(&:to_sym)
+      select do |scope|
+        names.include? scope.name.to_sym
+      end
+    end
+
+    private
+    def valid_element?(scope)
+      REQUIRED_ELEMENT_METHOD.all? do |method|
+        scope.respond_to? method
+      end
+    end
+  end
+end

data/lib/doorkeeper/config/scopes_builder.rb

@@ -0,0 +1,18 @@
+module Doorkeeper
+  class Config
+    class ScopesBuilder
+      def initialize(&block)
+        @scopes = Doorkeeper::Scopes.new
+        instance_eval &block
+      end
+
+      def build
+        @scopes
+      end
+
+      def scope(name, options)
+        @scopes.add Doorkeeper::Scope.new(name, options)
+      end
+    end
+  end
+end

data/lib/doorkeeper/doorkeeper_for.rb

@@ -1,28 +1,108 @@
 module Doorkeeper
+  class InvalidSyntax < StandardError; end
+  class DoorkeeperFor
+    def initialize(options)
+      options ||= {}
+      raise InvalidSyntax unless options.is_a? Hash
+
+      options.each do |k, v|
+        self.send(k, v)
+      end
+    end
+
+
+    def validate_token(token)
+      return false unless token
+      token.accessible? and validate_token_scopes(token)
+    end
+
+    def filter_options
+      {}
+    end
+
+    private
+    def scopes(scopes)
+      @scopes = scopes
+    end
+
+    def validate_token_scopes(token)
+      return true if @scopes.blank?
+      token.scopes.any? { |scope| @scopes.include? scope}
+    end
+  end
+
+  class AllDoorkeeperFor < DoorkeeperFor
+    def filter_options
+      @except ? {:except => @except} : {}
+    end
+
+    private
+    def except(actions)
+      @except = actions
+    end
+  end
+
+  class SelectedDoorkeeperFor < DoorkeeperFor
+    def initialize(*args)
+      options = args.pop if args.last.is_a? Hash
+      only(args)
+      super(options)
+    end
+
+    def filter_options
+      {:only => @only}
+    end
+
+    private
+    def only(actions)
+      @only = actions
+    end
+  end
+
+  class DoorkeeperForBuilder
+    def self.create_doorkeeper_for(*args)
+      case args.first
+      when :all
+        AllDoorkeeperFor.new(args[1] || {})
+      when Hash
+        handle_hash(args.first)
+      when nil
+        raise InvalidSyntax
+      else
+        SelectedDoorkeeperFor.new(*args)
+      end
+    end
+
+    def self.handle_hash(hash)
+      if hash.has_key?(:only)
+        warn "DEPRECATED: :only option. Put the actions you want doorkeeper to take care of after doorkeeper_for eg: doorkeeper_for :index, :new"
+        args = [hash[:only], hash.except(:only)]
+        return create_doorkeeper_for(*args)
+      end
+
+      if hash.has_key?(:except)
+        warn "DEPRECATED: :except option. Use in connection with :all -> doorkeeper_for :all, :except => "
+        return create_doorkeeper_for(:all, hash)
+      end
+
+      raise InvalidSyntax
+    end
+  end
+
   module Controller
     module ClassMethods
-      def doorkeeper_for(options)
-        raise "You have to specify some option for doorkeeper_for method" unless options.present?
-        options = nil if options == :all
-        if options
-          before_filter :doorkeeper_before_filter, options
-        else
-          before_filter :doorkeeper_before_filter
+      def doorkeeper_for(*args)
+        doorkeeper_for = DoorkeeperForBuilder.create_doorkeeper_for(*args)
+
+        before_filter doorkeeper_for.filter_options do
+          head :unauthorized unless doorkeeper_for.validate_token(doorkeeper_token)
         end
       end
     end
 
     def self.included(base)
       base.extend ClassMethods
-      base.send(:private, :doorkeeper_before_filter, :doorkeeper_token, :doorkeeper_valid_token, :get_doorkeeper_token)
-    end
-
-    def doorkeeper_before_filter
-      head :unauthorized unless doorkeeper_valid_token
-    end
-
-    def doorkeeper_valid_token
-      doorkeeper_token and doorkeeper_token.accessible?
+      base.send(:private, :doorkeeper_token, :get_doorkeeper_token)
     end
 
     def doorkeeper_token

data/lib/doorkeeper/oauth/access_token_request.rb

@@ -8,12 +8,14 @@ module Doorkeeper::OAuth
       :grant_type,
       :code,
       :redirect_uri,
+      :refresh_token,
     ]
 
-    validate :attributes, :error => :invalid_request
-    validate :client,     :error => :invalid_client
-    validate :grant,      :error => :invalid_grant
-    validate :grant_type, :error => :unsupported_grant_type
+    validate :attributes,   :error => :invalid_request
+    validate :grant_type,   :error => :unsupported_grant_type
+    validate :client,       :error => :invalid_client
+    validate :grant,        :error => :invalid_grant
+    validate :redirect_uri, :error => :invalid_grant
 
     attr_accessor *ATTRIBUTES
 
@@ -24,15 +26,19 @@ module Doorkeeper::OAuth
 
     def authorize
       if valid?
-        revoke_grant
+        revoke_base_token
         create_access_token
       end
     end
 
     def authorization
-      { 'access_token' => access_token,
-        'token_type'   => token_type
+      auth = {
+        'access_token' => access_token.token,
+        'token_type'   => token_type,
+        'expires_in'   => access_token.expires_in,
       }
+      auth.merge!({'refresh_token' => access_token.refresh_token}) if refresh_token_enabled?
+      auth
     end
 
     def valid?
@@ -40,7 +46,7 @@ module Doorkeeper::OAuth
     end
 
     def access_token
-      @access_token.token
+      @access_token
     end
 
     def token_type
@@ -53,27 +59,51 @@ module Doorkeeper::OAuth
 
     private
 
-    def grant
-      @grant ||= AccessGrant.find_by_token(@code)
-    end
-
-    def revoke_grant
-      grant.revoke
+    def revoke_base_token
+      base_token.revoke
     end
 
     def client
       @client ||= Application.find_by_uid_and_secret(@client_id, @client_secret)
     end
 
+    def base_token
+      @base_token ||= refresh_token? ? token_via_refresh_token : token_via_authorization_code
+    end
+
+    def token_via_authorization_code
+      AccessGrant.find_by_token(code)
+    end
+
+    def token_via_refresh_token
+      AccessToken.find_by_refresh_token(refresh_token)
+    end
+
     def create_access_token
       @access_token = AccessToken.create!({
         :application_id    => client.id,
-        :resource_owner_id => grant.resource_owner_id,
+        :resource_owner_id => base_token.resource_owner_id,
+        :scopes            => base_token.scopes_string,
+        :expires_in        => configuration.access_token_expires_in,
+        :use_refresh_token => refresh_token_enabled?
       })
     end
 
     def validate_attributes
-      code.present? && grant_type.present? && redirect_uri.present?
+      return false unless grant_type.present?
+      if refresh_token_enabled? && refresh_token?
+        refresh_token.present?
+      else
+        code.present? && redirect_uri.present?
+      end
+    end
+
+    def refresh_token_enabled?
+      configuration.refresh_token_enabled?
+    end
+
+    def refresh_token?
+      grant_type == "refresh_token"
     end
 
     def validate_client
@@ -81,11 +111,20 @@ module Doorkeeper::OAuth
     end
 
     def validate_grant
-      grant && grant.accessible? && grant.application_id == client.id && grant.redirect_uri == redirect_uri
+      return false unless base_token && base_token.application_id == client.id
+      refresh_token? ? !base_token.revoked? : base_token.accessible?
+    end
+
+    def validate_redirect_uri
+      refresh_token? ? true : base_token.redirect_uri == redirect_uri
     end
 
     def validate_grant_type
-      grant_type == "authorization_code"
+      %w(authorization_code refresh_token).include? grant_type
+    end
+
+    def configuration
+      Doorkeeper.configuration
     end
   end
 end

data/lib/doorkeeper/oauth/access_token_request.rbc

@@ -130,7 +130,7 @@ x
 18
 AccessTokenRequest
 i
-339
+367
 5
 66
 5
@@ -388,9 +388,9 @@ i
 15
 99
 7
-18
-7
 43
+7
+44
 65
 67
 49
@@ -402,7 +402,7 @@ i
 15
 99
 7
-44
+18
 7
 45
 65
@@ -469,6 +469,34 @@ i
 49
 28
 4
+15
+99
+7
+54
+7
+55
+65
+67
+49
+27
+0
+49
+28
+4
+15
+99
+7
+56
+7
+57
+65
+67
+49
+27
+0
+49
+28
+4
 11
 I
 7
@@ -480,7 +508,7 @@ I
 0
 n
 p
-54
+58
 x
 10
 Doorkeeper
@@ -739,19 +767,23 @@ x
 9
 authorize
 i
-14
+18
 5
 47
 49
 0
 0
 9
-12
+16
 5
 48
 1
+15
+5
+48
+2
 8
-13
+17
 1
 11
 I
@@ -764,15 +796,18 @@ I
 0
 n
 p
-2
+3
 x
 6
 valid?
 x
+12
+revoke_grant
+x
 19
 create_access_token
 p
-7
+13
 I
 -1
 I
@@ -782,11 +817,23 @@ I
 I
 1a
 I
-d
+7
+I
+1b
+I
+b
+I
+1c
+I
+10
+I
+1a
+I
+11
 I
 0
 I
-e
+12
 x
 84
 /Users/felipeelias/Applicake/doorkeeper/lib/doorkeeper/oauth/access_token_request.rb
@@ -871,19 +918,19 @@ p
 I
 -1
 I
-1d
+20
 I
 0
 I
-20
+23
 I
 8
 I
-1e
+21
 I
 13
 I
-1f
+22
 I
 1e
 x
@@ -933,11 +980,11 @@ p
 I
 -1
 I
-23
+26
 I
 0
 I
-24
+27
 I
 8
 x
@@ -985,11 +1032,11 @@ p
 I
 -1
 I
-27
+2a
 I
 0
 I
-28
+2b
 I
 6
 x
@@ -1032,11 +1079,11 @@ p
 I
 -1
 I
-2b
+2e
 I
 0
 I
-2c
+2f
 I
 4
 x
@@ -1112,11 +1159,11 @@ p
 I
 -1
 I
-2f
+32
 I
 0
 I
-30
+33
 I
 16
 x
@@ -1182,11 +1229,11 @@ p
 I
 -1
 I
-35
+38
 I
 0
 I
-36
+39
 I
 11
 x
@@ -1194,6 +1241,59 @@ x
 /Users/felipeelias/Applicake/doorkeeper/lib/doorkeeper/oauth/access_token_request.rb
 p
 0
+x
+12
+revoke_grant
+M
+1
+n
+n
+x
+12
+revoke_grant
+i
+7
+5
+48
+0
+49
+1
+0
+11
+I
+1
+I
+0
+I
+0
+I
+0
+n
+p
+2
+x
+5
+grant
+x
+6
+revoke
+p
+5
+I
+-1
+I
+3c
+I
+0
+I
+3d
+I
+7
+x
+84
+/Users/felipeelias/Applicake/doorkeeper/lib/doorkeeper/oauth/access_token_request.rb
+p
+0
 M
 1
 n
@@ -1254,11 +1354,11 @@ p
 I
 -1
 I
-39
+40
 I
 0
 I
-3a
+41
 I
 13
 x
@@ -1277,14 +1377,15 @@ x
 19
 create_access_token
 i
-42
+56
 45
 0
 1
 44
 43
 2
-80
+4
+3
 49
 3
 1
@@ -1314,11 +1415,24 @@ i
 7
 2
 15
-49
+13
+7
 10
+5
+48
+11
+49
+12
+0
+49
+7
+2
+15
+49
+13
 1
 38
-11
+14
 11
 I
 5
@@ -1330,7 +1444,7 @@ I
 0
 n
 p
-12
+15
 x
 11
 AccessToken
@@ -1348,8 +1462,8 @@ x
 6
 client
 x
-3
-uid
+2
+id
 x
 3
 []=
@@ -1360,39 +1474,52 @@ x
 5
 grant
 x
+10
+expires_in
+x
+13
+configuration
+x
+23
+access_token_expires_in
+x
 7
 create!
 x
 13
 @access_token
 p
-13
+15
 I
 -1
 I
-3d
+44
 I
 0
 I
-3e
+45
 I
 3
 I
-41
+49
 I
-b
+c
 I
-3f
+46
 I
-18
+19
 I
-40
+47
 I
-24
+26
 I
-3e
+48
 I
-2a
+32
+I
+45
+I
+38
 x
 84
 /Users/felipeelias/Applicake/doorkeeper/lib/doorkeeper/oauth/access_token_request.rb
@@ -1465,11 +1592,11 @@ p
 I
 -1
 I
-44
+4c
 I
 0
 I
-45
+4d
 I
 1b
 x
@@ -1524,11 +1651,11 @@ p
 I
 -1
 I
-48
+50
 I
 0
 I
-49
+51
 I
 10
 x
@@ -1632,11 +1759,11 @@ p
 I
 -1
 I
-4c
+54
 I
 0
 I
-4d
+55
 I
 2f
 x
@@ -1690,11 +1817,11 @@ p
 I
 -1
 I
-50
+58
 I
 0
 I
-51
+59
 I
 9
 x
@@ -1702,8 +1829,62 @@ x
 /Users/felipeelias/Applicake/doorkeeper/lib/doorkeeper/oauth/access_token_request.rb
 p
 0
+x
+13
+configuration
+M
+1
+n
+n
+x
+13
+configuration
+i
+7
+45
+0
+1
+49
+2
+0
+11
+I
+1
+I
+0
+I
+0
+I
+0
+n
+p
+3
+x
+10
+Doorkeeper
+n
+x
+13
+configuration
+p
+5
+I
+-1
+I
+5c
+I
+0
+I
+5d
+I
+7
+x
+84
+/Users/felipeelias/Applicake/doorkeeper/lib/doorkeeper/oauth/access_token_request.rb
+p
+0
 p
-55
+59
 I
 2
 I
@@ -1763,39 +1944,39 @@ I
 I
 a7
 I
-1d
+20
 I
 b5
 I
-23
+26
 I
 c3
 I
-27
+2a
 I
 d1
 I
-2b
+2e
 I
 df
 I
-2f
+32
 I
 ed
 I
-33
+36
 I
 f1
 I
-35
+38
 I
 ff
 I
-39
+3c
 I
 10d
 I
-3d
+40
 I
 11b
 I
@@ -1803,17 +1984,25 @@ I
 I
 129
 I
-48
+4c
 I
 137
 I
-4c
+50
 I
 145
 I
-50
+54
 I
 153
+I
+58
+I
+161
+I
+5c
+I
+16f
 x
 84
 /Users/felipeelias/Applicake/doorkeeper/lib/doorkeeper/oauth/access_token_request.rb