doorkeeper 0.2.0 → 0.3.0

data/README.md

@@ -13,7 +13,7 @@ For more information about the supported features, check out the related [page i
 Put this in your Gemfile:
 
 ``` ruby
-gem 'doorkeeper'
+gem 'doorkeeper', '~> 0.3.0'
 ```
 
 Run the installation generator with:
@@ -144,6 +144,10 @@ All supported ruby versions are [listed here](https://github.com/applicake/doork
 - Felipe Elias Philipp ([github.com/felipeelias](https://github.com/felipeelias))
 - Piotr Jakubowski ([github.com/piotrj](https://github.com/piotrj))
 
+### Contributors
+
+Thanks to all our [awesome contributors](https://github.com/applicake/doorkeeper/contributors)!
+
 ### License
 
 MIT License. Copyright 2011 Applicake. [http://applicake.com](http://applicake.com)

data/app/controllers/doorkeeper/application_controller.rb

@@ -2,6 +2,17 @@ module Doorkeeper
   class ApplicationController < ActionController::Base
     private
 
+    def parse_client_info_from_basic_auth
+      auth_header = request.env['HTTP_AUTHORIZATION']
+      return unless auth_header && auth_header =~ /^Basic (.*)/m
+      client_info = Base64.decode64($1).split(/:/, 2)
+      client_id = client_info[0]
+      client_secret = client_info[1]
+      return if client_id.nil? || client_secret.nil?
+      params[:client_id] = client_id
+      params[:client_secret] = client_secret
+    end
+
     def authenticate_resource_owner!
       current_resource_owner
     end

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -7,6 +7,8 @@ class Doorkeeper::AuthorizationsController < Doorkeeper::ApplicationController
         authorization.authorize
         redirect_to authorization.success_redirect_uri
       end
+    elsif authorization.redirect_on_error?
+      redirect_to authorization.invalid_redirect_uri
     else
       render :error
     end
@@ -15,6 +17,8 @@ class Doorkeeper::AuthorizationsController < Doorkeeper::ApplicationController
   def create
     if authorization.authorize
       redirect_to authorization.success_redirect_uri
+    elsif authorization.redirect_on_error?
+      redirect_to authorization.invalid_redirect_uri
     else
       render :error
     end

data/app/controllers/doorkeeper/authorized_applications_controller.rb

@@ -6,8 +6,7 @@ class Doorkeeper::AuthorizedApplicationsController < Doorkeeper::ApplicationCont
   end
 
   def destroy
-    token = AccessToken.authorized_for(params[:id], current_resource_owner)
-    token.revoke
+    AccessToken.revoke_all_for params[:id], current_resource_owner
     redirect_to authorized_applications_path, :notice => "Application revoked."
   end
 end

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -1,4 +1,7 @@
 class Doorkeeper::TokensController < Doorkeeper::ApplicationController
+
+  before_filter :parse_client_info_from_basic_auth, :only => :create
+
   def create
     response.headers.merge!({
       'Pragma'        => 'no-cache',

data/app/models/access_grant.rb

@@ -1,7 +1,9 @@
 class AccessGrant < ActiveRecord::Base
-  include Doorkeeper::OAuth::RandomString
+  include Doorkeeper::OAuth::Helpers
+  include Doorkeeper::Models::Expirable
+  include Doorkeeper::Models::Revocable
 
-  set_table_name :oauth_access_grants
+  self.table_name = :oauth_access_grants
 
   belongs_to :application
 
@@ -9,24 +11,12 @@ class AccessGrant < ActiveRecord::Base
 
   before_validation :generate_token, :on => :create
 
-  def expired?
-    expires_in.present? && Time.now > expired_time
-  end
-
   def accessible?
     !expired? && !revoked?
   end
 
-  def revoke
-    update_attribute :revoked_at, DateTime.now
-  end
-
-  def revoked?
-    revoked_at.present?
-  end
-
   def scopes
-    self[:scopes].split(" ").map(&:to_sym)
+    self[:scopes].split(" ").map(&:to_sym) if self[:scopes]
   end
 
   def scopes_string
@@ -35,11 +25,7 @@ class AccessGrant < ActiveRecord::Base
 
   private
 
-  def expired_time
-    self.created_at + expires_in.seconds
-  end
-
   def generate_token
-    self.token = unique_random_string_for(:token)
+    self.token = UniqueToken.generate_for :token, self.class
   end
 end

data/app/models/access_token.rb

@@ -1,7 +1,9 @@
 class AccessToken < ActiveRecord::Base
-  include Doorkeeper::OAuth::RandomString
+  include Doorkeeper::OAuth::Helpers
+  include Doorkeeper::Models::Expirable
+  include Doorkeeper::Models::Revocable
 
-  set_table_name :oauth_access_tokens
+  self.table_name = :oauth_access_tokens
 
   belongs_to :application
 
@@ -14,20 +16,29 @@ class AccessToken < ActiveRecord::Base
   before_validation :generate_token, :on => :create
   before_validation :generate_refresh_token, :on => :create, :if => :use_refresh_token?
 
-  def self.authorized_for(application_id, resource_owner_id)
-    accessible.where(:application_id => application_id, :resource_owner_id => resource_owner_id).first
+  def self.revoke_all_for(application_id, resource_owner)
+    where(:application_id => application_id,
+            :resource_owner_id => resource_owner.id).delete_all
   end
 
-  def revoke
-    update_attribute :revoked_at, DateTime.now
+  def self.matching_token_for(application, resource_owner_or_id, scopes)
+    token = last_authorized_token_for(application, resource_owner_or_id)
+    token if token && ScopeChecker.matches?(token.scopes, scopes)
   end
 
-  def revoked?
-    self.revoked_at.present?
+  def self.last_authorized_token_for(application, resource_owner_or_id)
+    resource_owner_id = resource_owner_or_id.kind_of?(ActiveRecord::Base) ? resource_owner_or_id.id : resource_owner_or_id
+    accessible.
+      where(:application_id => application.id,
+            :resource_owner_id => resource_owner_id).
+      order("created_at desc").
+      limit(1).
+      first
   end
+  private_class_method :last_authorized_token_for
 
-  def expired?
-    expires_in.present? && Time.now > expired_time
+  def token_type
+    "bearer"
   end
 
   def accessible?
@@ -49,15 +60,11 @@ class AccessToken < ActiveRecord::Base
 
   private
 
-  def expired_time
-    self.created_at + expires_in.seconds
-  end
-
   def generate_refresh_token
-    self.refresh_token = unique_random_string_for(:refresh_token)
+    self.refresh_token = UniqueToken.generate_for :refresh_token, self.class
   end
 
   def generate_token
-    self.token = unique_random_string_for(:token)
+    self.token = UniqueToken.generate_for :token, self.class
   end
 end

data/app/models/application.rb

@@ -1,7 +1,7 @@
 class Application < ActiveRecord::Base
-  include Doorkeeper::OAuth::RandomString
+  include Doorkeeper::OAuth::Helpers
 
-  set_table_name :oauth_applications
+  self.table_name = :oauth_applications
 
   has_many :access_grants
   has_many :authorized_tokens, :class_name => "AccessToken", :conditions => { :revoked_at => nil }
@@ -9,19 +9,37 @@ class Application < ActiveRecord::Base
 
   validates :name, :secret, :redirect_uri, :presence => true
   validates :uid, :presence => true, :uniqueness => true
+  validate :validate_redirect_uri
 
   before_validation :generate_uid, :generate_secret, :on => :create
 
+  def self.column_names_with_table
+    self.column_names.map { |c| "oauth_applications.#{c}" }
+  end
+
   def self.authorized_for(resource_owner)
-    joins(:authorized_applications).where(:oauth_access_tokens => { :resource_owner_id => resource_owner.id })
+    joins(:authorized_applications).
+      where(:oauth_access_tokens => { :resource_owner_id => resource_owner.id }).
+      group(column_names_with_table.join(','))
+  end
+
+  def validate_redirect_uri
+    return unless redirect_uri
+    uri = URI.parse(redirect_uri)
+    errors.add(:redirect_uri, "cannot contain a fragment.") unless uri.fragment.nil?
+    errors.add(:redirect_uri, "must be an absolute URL.") if uri.scheme.nil? || uri.host.nil?
+    errors.add(:redirect_uri, "cannot contain a query parameter.") unless uri.query.nil?
+  rescue URI::InvalidURIError => e
+    errors.add(:redirect_uri, "must be a valid URI.")
   end
 
   private
+
   def generate_uid
-    self.uid = unique_random_string_for(:uid)
+    self.uid = UniqueToken.generate_for :uid, self.class
   end
 
   def generate_secret
-    self.secret = random_string
+    self.secret = UniqueToken.generate_for :secret, self.class
   end
 end

data/app/views/doorkeeper/authorizations/error.html.erb

@@ -1 +1,6 @@
-<p>An error has occurred</p>
+<div class="span16">
+  <h2>An error has occurred</h2>
+  <p>
+    <pre><%= t @authorization.error, :scope => [:doorkeeper, :errors, :messages] %></pre>
+  </p>
+</div>

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -2,8 +2,6 @@
   <h2>Authorize <%= @authorization.client.name %> to use your account?</h2>
 </div>
 
-
-
 <div class="span16">
   <% if @authorization.scopes %>
   <p>

data/config/locales/en.yml

@@ -0,0 +1,20 @@
+en:
+  doorkeeper:
+    errors:
+      messages:
+        # Common error messages
+        invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
+        invalid_redirect_uri: 'The redirect uri included is not valid.'
+        unauthorized_client: 'The client is not authorized to perform this request using this method.'
+        access_denied: 'The resource owner or authorization server denied the request.'
+        invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
+        server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
+        temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
+
+        # Access grant errors
+        unsupported_response_type: 'The authorization server does not support this response type.'
+
+        # Access token errors
+        invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
+        invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
+        unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'

data/lib/doorkeeper.rb

@@ -6,14 +6,19 @@ module Doorkeeper
   autoload :Validations, "doorkeeper/validations"
 
   module OAuth
-    class MismatchRedirectURI < StandardError; end
-
-    autoload :RandomString,         "doorkeeper/oauth/random_string"
     autoload :AuthorizationRequest, "doorkeeper/oauth/authorization_request"
     autoload :AccessTokenRequest,   "doorkeeper/oauth/access_token_request"
+    autoload :Authorization,        "doorkeeper/oauth/authorization"
+
+    module Helpers
+      autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
+      autoload :URIChecker,   "doorkeeper/oauth/helpers/uri_checker"
+      autoload :UniqueToken,  "doorkeeper/oauth/helpers/unique_token"
+    end
   end
 
-  def self.setup
-    yield self
+  module Models
+    autoload :Expirable, "doorkeeper/models/expirable"
+    autoload :Revocable, "doorkeeper/models/revocable"
   end
 end

data/lib/doorkeeper/config/scopes.rb

@@ -21,6 +21,10 @@ module Doorkeeper
       self[scope].present?
     end
 
+    def all_included?(scopes_string)
+      scopes_string.split(" ").all? { |s| self.exists?(s) }
+    end
+
     def add (scope)
       raise IllegalElement unless valid_element?(scope)
       @scopes << scope

data/lib/doorkeeper/doorkeeper_for.rb

@@ -64,29 +64,12 @@ module Doorkeeper
       case args.first
       when :all
         AllDoorkeeperFor.new(args[1] || {})
-      when Hash
-        handle_hash(args.first)
-      when nil
+      when Hash, nil
         raise InvalidSyntax
       else
         SelectedDoorkeeperFor.new(*args)
       end
     end
-
-    def self.handle_hash(hash)
-      if hash.has_key?(:only)
-        warn "DEPRECATED: :only option. Put the actions you want doorkeeper to take care of after doorkeeper_for eg: doorkeeper_for :index, :new"
-        args = [hash[:only], hash.except(:only)]
-        return create_doorkeeper_for(*args)
-      end
-
-      if hash.has_key?(:except)
-        warn "DEPRECATED: :except option. Use in connection with :all -> doorkeeper_for :all, :except => "
-        return create_doorkeeper_for(:all, hash)
-      end
-
-      raise InvalidSyntax
-    end
   end
 
   module Controller
@@ -95,7 +78,15 @@ module Doorkeeper
         doorkeeper_for = DoorkeeperForBuilder.create_doorkeeper_for(*args)
 
         before_filter doorkeeper_for.filter_options do
-          head :unauthorized unless doorkeeper_for.validate_token(doorkeeper_token)
+          return if doorkeeper_for.validate_token(doorkeeper_token)
+          render_options = doorkeeper_unauthorized_render_options
+          if render_options.nil? || render_options.empty?
+            head :unauthorized
+          else
+            render_options[:status] = :unauthorized
+            render_options[:layout] = false if render_options[:layout].nil?
+            render render_options
+          end
         end
       end
     end
@@ -113,8 +104,12 @@ module Doorkeeper
       token = params[:access_token] || params[:bearer_token] || request.env['HTTP_AUTHORIZATION']
       if token
         token.gsub!(/Bearer /, '')
+        AccessToken.find_by_token(token)
       end
-      AccessToken.find_by_token(token)
+    end
+
+    def doorkeeper_unauthorized_render_options
+      nil
     end
   end
 end

data/lib/doorkeeper/models/expirable.rb

@@ -0,0 +1,18 @@
+module Doorkeeper
+  module Models
+    module Expirable
+      def expired?
+        expires_in && Time.now > expired_time
+      end
+
+      def time_left
+        expired? ? 0 : expired_time - Time.now
+      end
+
+      def expired_time
+        created_at + expires_in.seconds
+      end
+      private :expired_time
+    end
+  end
+end

data/lib/doorkeeper/models/revocable.rb

@@ -0,0 +1,13 @@
+module Doorkeeper
+  module Models
+    module Revocable
+      def revoke(clock = DateTime)
+        update_attribute :revoked_at, clock.now
+      end
+
+      def revoked?
+        revoked_at.present?
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/access_token_request.rb

@@ -27,14 +27,14 @@ module Doorkeeper::OAuth
     def authorize
       if valid?
         revoke_base_token
-        create_access_token
+        find_or_create_access_token
       end
     end
 
     def authorization
       auth = {
         'access_token' => access_token.token,
-        'token_type'   => token_type,
+        'token_type'   => access_token.token_type,
         'expires_in'   => access_token.expires_in,
       }
       auth.merge!({'refresh_token' => access_token.refresh_token}) if refresh_token_enabled?
@@ -46,7 +46,7 @@ module Doorkeeper::OAuth
     end
 
     def access_token
-      @access_token
+      @access_token ||= AccessToken.matching_token_for client, base_token.resource_owner_id, base_token.scopes_string
     end
 
     def token_type
@@ -54,11 +54,27 @@ module Doorkeeper::OAuth
     end
 
     def error_response
-      { 'error' => error.to_s }
+      {
+        'error' => error.to_s,
+        'error_description' => error_description
+      }
     end
 
     private
 
+    def find_or_create_access_token
+      if access_token
+        access_token.expired? ? revoke_and_create_access_token : access_token
+      else
+        create_access_token
+      end
+    end
+
+    def revoke_and_create_access_token
+      access_token.revoke
+      create_access_token
+    end
+
     def revoke_base_token
       base_token.revoke
     end
@@ -123,6 +139,10 @@ module Doorkeeper::OAuth
       %w(authorization_code refresh_token).include? grant_type
     end
 
+    def error_description
+      I18n.translate error, :scope => [:doorkeeper, :errors, :messages]
+    end
+
     def configuration
       Doorkeeper.configuration
     end

data/lib/doorkeeper/oauth/authorization.rb

@@ -0,0 +1,9 @@
+module Doorkeeper
+  module OAuth
+    module Authorization
+      autoload :Code,       "doorkeeper/oauth/authorization/code"
+      autoload :Token,      "doorkeeper/oauth/authorization/token"
+      autoload :URIBuilder, "doorkeeper/oauth/authorization/uri_builder"
+    end
+  end
+end

data/lib/doorkeeper/oauth/authorization/code.rb

@@ -0,0 +1,34 @@
+module Doorkeeper
+  module OAuth
+    module Authorization
+      class Code
+        include URIBuilder
+
+        DEFAULT_EXPIRATION_TIME = 600
+
+        attr_accessor :authorization, :grant
+
+        def initialize(authorization)
+          @authorization = authorization
+        end
+
+        def issue_token
+          @grant ||= AccessGrant.create!(
+            :application_id    => authorization.client.id,
+            :resource_owner_id => authorization.resource_owner.id,
+            :expires_in        => DEFAULT_EXPIRATION_TIME,
+            :redirect_uri      => authorization.redirect_uri,
+            :scopes            => authorization.scope
+          )
+        end
+
+        def callback
+          uri_with_query(authorization.redirect_uri, {
+            :code  => grant.token,
+            :state => authorization.state
+          })
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/authorization/token.rb

@@ -0,0 +1,38 @@
+module Doorkeeper
+  module OAuth
+    module Authorization
+      class Token
+        include URIBuilder
+
+        attr_accessor :authorization, :access_token
+
+        def initialize(authorization)
+          @authorization = authorization
+        end
+
+        def callback
+          uri_with_fragment(authorization.redirect_uri, {
+            :access_token => access_token.token,
+            :token_type   => access_token.token_type,
+            :expires_in   => access_token.time_left,
+            :state => authorization.state
+          })
+        end
+
+        def issue_token
+          @access_token ||= AccessToken.create!({
+            :application_id    => authorization.client.id,
+            :resource_owner_id => authorization.resource_owner.id,
+            :scopes            => authorization.scope,
+            :expires_in        => configuration.access_token_expires_in,
+            :use_refresh_token => false
+          })
+        end
+
+        def configuration
+          Doorkeeper.configuration
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/authorization/uri_builder.rb

@@ -0,0 +1,27 @@
+module Doorkeeper
+  module OAuth
+    module Authorization
+      module URIBuilder
+        include Rack::Utils
+
+        def uri_with_query(url, parameters = {})
+          uri            = URI.parse(url)
+          original_query = parse_query(uri.query)
+          uri.query      = build_query(original_query.merge(parameters))
+          uri.to_s
+        end
+
+        def uri_with_fragment(url, parameters = {})
+          uri = URI.parse(url)
+          uri.fragment = build_query(parameters)
+          uri.to_s
+        end
+
+        def build_query(parameters = {})
+          parameters = parameters.reject { |k, v| v.blank? }
+          super parameters
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/authorization_request.rb

@@ -1,8 +1,8 @@
 module Doorkeeper::OAuth
   class AuthorizationRequest
     include Doorkeeper::Validations
-
-    DEFAULT_EXPIRATION_TIME = 600
+    include Doorkeeper::OAuth::Authorization::URIBuilder
+    include Doorkeeper::OAuth::Helpers
 
     ATTRIBUTES = [
       :response_type,
@@ -12,9 +12,9 @@ module Doorkeeper::OAuth
       :state
     ]
 
-    validate :attributes,    :error => :invalid_request
     validate :client,        :error => :invalid_client
     validate :redirect_uri,  :error => :invalid_redirect_uri
+    validate :attributes,    :error => :invalid_request
     validate :response_type, :error => :unsupported_response_type
     validate :scope,         :error => :invalid_scope
 
@@ -24,17 +24,18 @@ module Doorkeeper::OAuth
     def initialize(resource_owner, attributes)
       ATTRIBUTES.each { |attr| instance_variable_set("@#{attr}", attributes[attr]) }
       @resource_owner = resource_owner
-      @grant          = nil
       @scope          ||= Doorkeeper.configuration.default_scope_string
       validate
     end
 
     def authorize
-      create_authorization if valid?
+      return false unless valid?
+      @authorization = authorization_method.new(self)
+      @authorization.issue_token
     end
 
     def access_token_exists?
-      access_token.present? && access_token_scope_matches?
+      AccessToken.matching_token_for(client, resource_owner, scope).present?
     end
 
     def deny
@@ -42,19 +43,20 @@ module Doorkeeper::OAuth
     end
 
     def success_redirect_uri
-      build_uri do |uri|
-        query = "code=#{token}"
-        query << "&state=#{state}" if has_state?
-        uri.query = query
-      end
+      @authorization.callback
     end
 
     def invalid_redirect_uri
-      build_uri do |uri|
-        query = "error=#{error}"
-        query << "&state=#{state}" if has_state?
-        uri.query = query
-      end
+      uri_builder = is_token_request? ? :uri_with_fragment : :uri_with_query
+      send(uri_builder, redirect_uri, {
+        :error => error,
+        :error_description => error_description,
+        :state => state
+      })
+    end
+
+    def redirect_on_error?
+      (error != :invalid_redirect_uri) && (error != :invalid_client)
     end
 
     def client
@@ -67,36 +69,12 @@ module Doorkeeper::OAuth
 
     private
 
-    def create_authorization
-      @grant = AccessGrant.create!(
-        :application_id    => client.id,
-        :resource_owner_id => resource_owner.id,
-        :expires_in        => DEFAULT_EXPIRATION_TIME,
-        :redirect_uri      => redirect_uri,
-        :scopes            => scope
-      )
-    end
-
-    def has_state?
-      state.present?
-    end
-
     def has_scope?
       Doorkeeper.configuration.scopes.all.present?
     end
 
-    def token
-      @grant.token
-    end
-
-    def build_uri
-      uri = URI.parse(client.redirect_uri)
-      yield uri
-      uri.to_s
-    end
-
     def validate_attributes
-      %w(response_type client_id redirect_uri).all? { |attr| send(attr).present? }
+      response_type.present?
     end
 
     def validate_client
@@ -104,24 +82,38 @@ module Doorkeeper::OAuth
     end
 
     def validate_redirect_uri
-      client.redirect_uri == redirect_uri
+      return false unless redirect_uri
+      URIChecker.valid_for_authorization?(redirect_uri, client.redirect_uri)
     end
 
     def validate_response_type
-      response_type == "code"
+      is_code_request? || is_token_request?
     end
 
     def validate_scope
       return true unless has_scope?
-      scope.present? && scope !~ /[\n|\r|\t]/ && scope.split(" ").all? { |s| Doorkeeper.configuration.scopes.exists?(s) }
+      ScopeChecker.valid?(scope, configuration.scopes)
+    end
+
+    def is_code_request?
+      response_type == "code"
+    end
+
+    def is_token_request?
+      response_type == "token"
+    end
+
+    def error_description
+      I18n.translate error, :scope => [:doorkeeper, :errors, :messages]
     end
 
-    def access_token
-      AccessToken.accessible.where(:application_id => client.id, :resource_owner_id => resource_owner.id).first
+    def configuration
+      Doorkeeper.configuration
     end
 
-    def access_token_scope_matches?
-      (access_token.scopes - scope.split(" ").map(&:to_sym)).empty?
+    def authorization_method
+      klass = is_code_request? ? "Code" : "Token"
+      "Doorkeeper::OAuth::Authorization::#{klass}".constantize
     end
   end
 end

data/lib/doorkeeper/oauth/helpers/scope_checker.rb

@@ -0,0 +1,18 @@
+module Doorkeeper
+  module OAuth
+    module Helpers
+      module ScopeChecker
+        def self.matches?(current_scopes, scopes)
+          return false if current_scopes.nil? || scopes.nil?
+          current_scopes.map(&:to_s).sort == scopes.split(" ").sort
+        end
+
+        def self.valid?(scope, server_scopes)
+          scope.present? &&
+          scope !~ /[\n|\r|\t]/ &&
+          server_scopes.all_included?(scope)
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/helpers/unique_token.rb

@@ -0,0 +1,16 @@
+module Doorkeeper
+  module OAuth
+    module Helpers
+      module UniqueToken
+        def self.generate_for(attribute, klass, options = {})
+          generator_method = options.delete(:generator) || SecureRandom.method(:hex)
+          token_size       = options.delete(:size)      || 32
+          loop do
+            token = generator_method.call(token_size)
+            break token unless klass.send("find_by_#{attribute}", token)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/helpers/uri_checker.rb

@@ -0,0 +1,28 @@
+module Doorkeeper
+  module OAuth
+    module Helpers
+      module URIChecker
+        def self.valid?(url)
+          uri = as_uri(url)
+          uri.fragment.nil? && !uri.host.nil? && !uri.scheme.nil?
+        rescue URI::InvalidURIError
+          false
+        end
+
+        def self.matches?(url, client_url)
+          url, client_url = as_uri(url), as_uri(client_url)
+          url.query = nil
+          url == client_url
+        end
+
+        def self.valid_for_authorization?(url, client_url)
+          valid?(url) && matches?(url, client_url)
+        end
+
+        def self.as_uri(url)
+          URI.parse(url)
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/version.rb

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/lib/generators/doorkeeper/install_generator.rb

@@ -7,6 +7,7 @@ class Doorkeeper::InstallGenerator < Rails::Generators::Base
   def install
     migration_template 'migration.rb', 'db/migrate/create_doorkeeper_tables.rb'
     template "initializer.rb", "config/initializers/doorkeeper.rb"
+    copy_file "../../../../config/locales/en.yml", "config/locales/doorkeeper.en.yml"
     route "mount Doorkeeper::Engine => '/oauth'"
     readme "README"
   end

data/lib/generators/doorkeeper/templates/migration.rb

@@ -8,6 +8,8 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.timestamps
     end
 
+    add_index :oauth_applications, :uid, :unique => true
+
     create_table :oauth_access_grants do |t|
       t.integer  :resource_owner_id, :null => false
       t.integer  :application_id,    :null => false
@@ -19,6 +21,8 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.string   :scopes
     end
 
+    add_index :oauth_access_grants, :token, :unique => true
+
     create_table :oauth_access_tokens do |t|
       t.integer  :resource_owner_id, :null => false
       t.integer  :application_id,    :null => false
@@ -29,5 +33,10 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.datetime :created_at,        :null => false
       t.string   :scopes
     end
+
+    add_index :oauth_access_tokens, :token, :unique => true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, :unique => true
+
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,96 +10,96 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-12-17 00:00:00.000000000 Z
+date: 2012-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
-  requirement: &70330040514360 !ruby/object:Gem::Requirement
+  name: railties
+  requirement: &70362054833440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 3.1.1
+        version: '3.1'
   type: :runtime
   prerelease: false
-  version_requirements: *70330040514360
+  version_requirements: *70362054833440
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70330040513880 !ruby/object:Gem::Requirement
+  requirement: &70362054832720 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.5
   type: :development
   prerelease: false
-  version_requirements: *70330040513880
+  version_requirements: *70362054832720
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70330040513400 !ruby/object:Gem::Requirement
+  requirement: &70362054831840 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.8.1
   type: :development
   prerelease: false
-  version_requirements: *70330040513400
+  version_requirements: *70362054831840
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &70330040512980 !ruby/object:Gem::Requirement
+  requirement: &70362054831180 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.1.2
   type: :development
   prerelease: false
-  version_requirements: *70330040512980
+  version_requirements: *70362054831180
 - !ruby/object:Gem::Dependency
   name: generator_spec
-  requirement: &70330040528920 !ruby/object:Gem::Requirement
+  requirement: &70362054830420 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.8.5
   type: :development
   prerelease: false
-  version_requirements: *70330040528920
+  version_requirements: *70362054830420
 - !ruby/object:Gem::Dependency
   name: factory_girl_rails
-  requirement: &70330040528460 !ruby/object:Gem::Requirement
+  requirement: &70362054829800 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.4.0
   type: :development
   prerelease: false
-  version_requirements: *70330040528460
+  version_requirements: *70362054829800
 - !ruby/object:Gem::Dependency
   name: timecop
-  requirement: &70330040528000 !ruby/object:Gem::Requirement
+  requirement: &70362054829180 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.3.5
   type: :development
   prerelease: false
-  version_requirements: *70330040528000
+  version_requirements: *70362054829180
 - !ruby/object:Gem::Dependency
   name: database_cleaner
-  requirement: &70330040527560 !ruby/object:Gem::Requirement
+  requirement: &70362054828560 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.7.1
   type: :development
   prerelease: false
-  version_requirements: *70330040527560
+  version_requirements: *70362054828560
 description: Doorkeeper is an OAuth 2 provider for Rails.
 email:
 - felipe@applicake.com
@@ -140,6 +140,7 @@ files:
 - app/views/layouts/doorkeeper/application.html.erb
 - config/initializers/form_errors.rb
 - config/initializers/form_errors.rbc
+- config/locales/en.yml
 - config/routes.rb
 - config/routes.rbc
 - lib/doorkeeper/config/scope.rb
@@ -151,11 +152,19 @@ files:
 - lib/doorkeeper/doorkeeper_for.rbc
 - lib/doorkeeper/engine.rb
 - lib/doorkeeper/engine.rbc
+- lib/doorkeeper/models/expirable.rb
+- lib/doorkeeper/models/revocable.rb
 - lib/doorkeeper/oauth/access_token_request.rb
 - lib/doorkeeper/oauth/access_token_request.rbc
+- lib/doorkeeper/oauth/authorization/code.rb
+- lib/doorkeeper/oauth/authorization/token.rb
+- lib/doorkeeper/oauth/authorization/uri_builder.rb
+- lib/doorkeeper/oauth/authorization.rb
 - lib/doorkeeper/oauth/authorization_request.rb
 - lib/doorkeeper/oauth/authorization_request.rbc
-- lib/doorkeeper/oauth/random_string.rb
+- lib/doorkeeper/oauth/helpers/scope_checker.rb
+- lib/doorkeeper/oauth/helpers/unique_token.rb
+- lib/doorkeeper/oauth/helpers/uri_checker.rb
 - lib/doorkeeper/oauth/random_string.rbc
 - lib/doorkeeper/validations.rb
 - lib/doorkeeper/validations.rbc
@@ -187,7 +196,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4506102143272219054
+      hash: 2535613111185415722
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -196,10 +205,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -4506102143272219054
+      hash: 2535613111185415722
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.11
+rubygems_version: 1.8.12
 signing_key: 
 specification_version: 3
 summary: Doorkeeper is an OAuth 2 provider for Rails.

data/lib/doorkeeper/oauth/random_string.rb

@@ -1,15 +0,0 @@
-module Doorkeeper::OAuth
-  module RandomString
-    def random_string
-      SecureRandom.hex(32)
-    end
-
-    def unique_random_string_for(attribute)
-      loop do
-        token = random_string
-        break token unless self.class.send("find_by_#{attribute}", token)
-      end
-    end
-  end
-end
-