doorkeeper 0.3.0 → 0.3.1

data/README.md

@@ -79,6 +79,14 @@ end
 
 You don't need to setup any before filter, `doorkeeper_for` will handle that for you.
 
+You can pass `if` or `unless` blocks that would specify when doorkeeper has to guard the access.
+
+``` ruby
+class Api::V1::ProductsController < Api::V1::ApiController
+  doorkeeper_for :all, :if => lambda { request.xhr? }
+end
+```
+
 ### Access Token Scopes
 
 You can also require the access token to have specific scopes in certain actions:

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -32,6 +32,7 @@ class Doorkeeper::AuthorizationsController < Doorkeeper::ApplicationController
   private
 
   def authorization
-    @authorization ||= Doorkeeper::OAuth::AuthorizationRequest.new(current_resource_owner, params)
+    authorization_params = params.has_key?(:authorization) ? params[:authorization] : params
+    @authorization ||= Doorkeeper::OAuth::AuthorizationRequest.new(current_resource_owner, authorization_params)
   end
 end

data/app/controllers/doorkeeper/authorized_applications_controller.rb

@@ -2,11 +2,11 @@ class Doorkeeper::AuthorizedApplicationsController < Doorkeeper::ApplicationCont
   before_filter :authenticate_resource_owner!
 
   def index
-    @applications = Application.authorized_for(current_resource_owner)
+    @applications = Doorkeeper::Application.authorized_for(current_resource_owner)
   end
 
   def destroy
-    AccessToken.revoke_all_for params[:id], current_resource_owner
+    Doorkeeper::AccessToken.revoke_all_for params[:id], current_resource_owner
     redirect_to authorized_applications_path, :notice => "Application revoked."
   end
 end

data/app/models/doorkeeper/access_grant.rb

@@ -0,0 +1,33 @@
+module Doorkeeper
+  class AccessGrant < ActiveRecord::Base
+    include Doorkeeper::OAuth::Helpers
+    include Doorkeeper::Models::Expirable
+    include Doorkeeper::Models::Revocable
+
+    self.table_name = :oauth_access_grants
+
+    belongs_to :application
+
+    validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, :presence => true
+
+    before_validation :generate_token, :on => :create
+
+    def accessible?
+      !expired? && !revoked?
+    end
+
+    def scopes
+      self[:scopes].split(" ").map(&:to_sym) if self[:scopes]
+    end
+
+    def scopes_string
+      self[:scopes]
+    end
+
+    private
+
+    def generate_token
+      self.token = UniqueToken.generate_for :token, self.class
+    end
+  end
+end

data/app/models/doorkeeper/access_token.rb

@@ -0,0 +1,72 @@
+module Doorkeeper
+  class AccessToken < ActiveRecord::Base
+    include Doorkeeper::OAuth::Helpers
+    include Doorkeeper::Models::Expirable
+    include Doorkeeper::Models::Revocable
+
+    self.table_name = :oauth_access_tokens
+
+    belongs_to :application
+
+    scope :accessible, where(:revoked_at => nil)
+
+    validates :application_id, :resource_owner_id, :token, :presence => true
+
+    attr_accessor :use_refresh_token
+
+    before_validation :generate_token, :on => :create
+    before_validation :generate_refresh_token, :on => :create, :if => :use_refresh_token?
+
+    def self.revoke_all_for(application_id, resource_owner)
+      where(:application_id => application_id,
+              :resource_owner_id => resource_owner.id).delete_all
+    end
+
+    def self.matching_token_for(application, resource_owner_or_id, scopes)
+      token = last_authorized_token_for(application, resource_owner_or_id)
+      token if token && ScopeChecker.matches?(token.scopes, scopes)
+    end
+
+    def self.last_authorized_token_for(application, resource_owner_or_id)
+      resource_owner_id = resource_owner_or_id.kind_of?(ActiveRecord::Base) ? resource_owner_or_id.id : resource_owner_or_id
+      accessible.
+        where(:application_id => application.id,
+              :resource_owner_id => resource_owner_id).
+        order("created_at desc").
+        limit(1).
+        first
+    end
+    private_class_method :last_authorized_token_for
+
+    def token_type
+      "bearer"
+    end
+
+    def accessible?
+      !expired? && !revoked?
+    end
+
+    def scopes
+      scope_string = self[:scopes] || ""
+      scope_string.split(" ").map(&:to_sym)
+    end
+
+    def scopes_string
+      self[:scopes]
+    end
+
+    def use_refresh_token?
+      self.use_refresh_token
+    end
+
+    private
+
+    def generate_refresh_token
+      self.refresh_token = UniqueToken.generate_for :refresh_token, self.class
+    end
+
+    def generate_token
+      self.token = UniqueToken.generate_for :token, self.class
+    end
+  end
+end

data/app/models/doorkeeper/application.rb

@@ -0,0 +1,47 @@
+module Doorkeeper
+  class Application < ActiveRecord::Base
+    include Doorkeeper::OAuth::Helpers
+
+    self.table_name = :oauth_applications
+
+    has_many :access_grants
+    has_many :authorized_tokens, :class_name => "AccessToken", :conditions => { :revoked_at => nil }
+    has_many :authorized_applications, :through => :authorized_tokens, :source => :application
+
+    validates :name, :secret, :redirect_uri, :presence => true
+    validates :uid, :presence => true, :uniqueness => true
+    validate :validate_redirect_uri
+
+    before_validation :generate_uid, :generate_secret, :on => :create
+
+    def self.column_names_with_table
+      self.column_names.map { |c| "oauth_applications.#{c}" }
+    end
+
+    def self.authorized_for(resource_owner)
+      joins(:authorized_applications).
+        where(:oauth_access_tokens => { :resource_owner_id => resource_owner.id }).
+        group(column_names_with_table.join(','))
+    end
+
+    def validate_redirect_uri
+      return unless redirect_uri
+      uri = URI.parse(redirect_uri)
+      errors.add(:redirect_uri, "cannot contain a fragment.") unless uri.fragment.nil?
+      errors.add(:redirect_uri, "must be an absolute URL.") if uri.scheme.nil? || uri.host.nil?
+      errors.add(:redirect_uri, "cannot contain a query parameter.") unless uri.query.nil?
+    rescue URI::InvalidURIError => e
+      errors.add(:redirect_uri, "must be a valid URI.")
+    end
+
+    private
+
+    def generate_uid
+      self.uid = UniqueToken.generate_for :uid, self.class
+    end
+
+    def generate_secret
+      self.secret = UniqueToken.generate_for :secret, self.class
+    end
+  end
+end

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -15,23 +15,23 @@
   <% end %>
 
   <div class="inline_block">
-    <%= form_tag authorization_path do %>
-      <%= hidden_field_tag :client_id, @authorization.client_id %>
-      <%= hidden_field_tag :redirect_uri, @authorization.redirect_uri %>
-      <%= hidden_field_tag :state, @authorization.state %>
-      <%= hidden_field_tag :response_type, @authorization.response_type %>
-      <%= hidden_field_tag :scope, @authorization.scope %>
-      <%= submit_tag "Authorize", :class => "btn success" %> or
+    <%= form_for @authorization, :as => :authorization, :url => authorization_path, :method => :post do |f| %>
+      <%= f.hidden_field :client_id %>
+      <%= f.hidden_field :redirect_uri %>
+      <%= f.hidden_field :state %>
+      <%= f.hidden_field :response_type %>
+      <%= f.hidden_field :scope %>
+      <%= f.submit "Authorize", :class => "btn success" %> or
     <% end %>
   </div>
   <div class="inline_block">
-    <%= form_tag authorization_path, :method => :delete do %>
-      <%= hidden_field_tag :client_id, @authorization.client_id %>
-      <%= hidden_field_tag :redirect_uri, @authorization.redirect_uri %>
-      <%= hidden_field_tag :state, @authorization.state %>
-      <%= hidden_field_tag :response_type, @authorization.response_type %>
-      <%= hidden_field_tag :scope, @authorization.scope %>
-      <%= button_tag "Deny", :class => "btn" %>
+    <%= form_for @authorization, :as => :authorization, :url => authorization_path, :method => :delete do |f| %>
+      <%= f.hidden_field :client_id %>
+      <%= f.hidden_field :redirect_uri %>
+      <%= f.hidden_field :state %>
+      <%= f.hidden_field :response_type %>
+      <%= f.hidden_field :scope %>
+      <%= f.submit "Deny", :class => "btn" %>
     <% end %>
   </div>
 </div>

data/lib/doorkeeper/doorkeeper_for.rb

@@ -4,20 +4,20 @@ module Doorkeeper
     def initialize(options)
       options ||= {}
       raise InvalidSyntax unless options.is_a? Hash
+      @filter_options = {}
 
       options.each do |k, v|
         self.send(k, v)
       end
     end
 
-
     def validate_token(token)
       return false unless token
       token.accessible? and validate_token_scopes(token)
     end
 
     def filter_options
-      {}
+      @filter_options
     end
 
     private
@@ -25,6 +25,14 @@ module Doorkeeper
       @scopes = scopes
     end
 
+    def if(if_block)
+      @filter_options[:if] = if_block
+    end
+
+    def unless(unless_block)
+      @filter_options[:unless] = unless_block
+    end
+
     def validate_token_scopes(token)
       return true if @scopes.blank?
       token.scopes.any? { |scope| @scopes.include? scope}
@@ -32,30 +40,22 @@ module Doorkeeper
   end
 
   class AllDoorkeeperFor < DoorkeeperFor
-    def filter_options
-      @except ? {:except => @except} : {}
-    end
-
     private
     def except(actions)
-      @except = actions
+      @filter_options[:except] = actions
     end
   end
 
   class SelectedDoorkeeperFor < DoorkeeperFor
     def initialize(*args)
       options = args.pop if args.last.is_a? Hash
-      only(args)
       super(options)
-    end
-
-    def filter_options
-      {:only => @only}
+      only(args)
     end
 
     private
     def only(actions)
-      @only = actions
+      @filter_options[:only] = actions
     end
   end
 

data/lib/doorkeeper/oauth/access_token_request.rb

@@ -46,7 +46,7 @@ module Doorkeeper::OAuth
     end
 
     def access_token
-      @access_token ||= AccessToken.matching_token_for client, base_token.resource_owner_id, base_token.scopes_string
+      @access_token ||= Doorkeeper::AccessToken.matching_token_for client, base_token.resource_owner_id, base_token.scopes_string
     end
 
     def token_type
@@ -80,7 +80,7 @@ module Doorkeeper::OAuth
     end
 
     def client
-      @client ||= Application.find_by_uid_and_secret(@client_id, @client_secret)
+      @client ||= Doorkeeper::Application.find_by_uid_and_secret(@client_id, @client_secret)
     end
 
     def base_token
@@ -88,15 +88,15 @@ module Doorkeeper::OAuth
     end
 
     def token_via_authorization_code
-      AccessGrant.find_by_token(code)
+      Doorkeeper::AccessGrant.find_by_token(code)
     end
 
     def token_via_refresh_token
-      AccessToken.find_by_refresh_token(refresh_token)
+      Doorkeeper::AccessToken.find_by_refresh_token(refresh_token)
     end
 
     def create_access_token
-      @access_token = AccessToken.create!({
+      @access_token = Doorkeeper::AccessToken.create!({
         :application_id    => client.id,
         :resource_owner_id => base_token.resource_owner_id,
         :scopes            => base_token.scopes_string,

data/lib/doorkeeper/oauth/authorization_request.rb

@@ -35,7 +35,7 @@ module Doorkeeper::OAuth
     end
 
     def access_token_exists?
-      AccessToken.matching_token_for(client, resource_owner, scope).present?
+      Doorkeeper::AccessToken.matching_token_for(client, resource_owner, scope).present?
     end
 
     def deny
@@ -60,7 +60,7 @@ module Doorkeeper::OAuth
     end
 
     def client
-      @client ||= Application.find_by_uid(client_id)
+      @client ||= Doorkeeper::Application.find_by_uid(client_id)
     end
 
     def scopes

data/lib/doorkeeper/version.rb

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

data/lib/generators/doorkeeper/install_generator.rb

@@ -3,6 +3,7 @@ require 'rails/generators/active_record'
 class Doorkeeper::InstallGenerator < Rails::Generators::Base
   include Rails::Generators::Migration
   source_root File.expand_path('../templates', __FILE__)
+  desc "Installs Doorkeeper."
 
   def install
     migration_template 'migration.rb', 'db/migrate/create_doorkeeper_tables.rb'

data/lib/generators/doorkeeper/templates/initializer.rb

@@ -7,7 +7,7 @@ Doorkeeper.configure do
     # If you want to use named routes from your app you need
     # to call them on routes object eg.
     # routes.new_user_session_path
-    # e.g. User.find_by_id(session[:user_id]) || redirect_to routes.new_user_seesion_path
+    # e.g. User.find_by_id(session[:user_id]) || redirect_to(routes.new_user_session_path)
   end
 
   # If you want to restrict the access to the web interface for
@@ -18,7 +18,7 @@ Doorkeeper.configure do
   #   # If you want to use named routes from your app you need
   #   # to call them on routes object eg.
   #   # routes.new_admin_session_path
-  #   Admin.find_by_id(session[:admin_id]) || redirect_to routes.new_admin_session_path
+  #   Admin.find_by_id(session[:admin_id]) || redirect_to(routes.new_admin_session_path)
   # end
 
   # Access token expiration time (default 2 hours)

data/lib/generators/doorkeeper/views_generator.rb

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module Generators
+    class ViewsGenerator < Rails::Generators::Base
+      source_root File.expand_path('../../../../app/views/doorkeeper', __FILE__)
+
+      desc "Copies default Doorkeeper views to your application."
+
+      def manifest
+        directory 'applications', 'app/views/doorkeeper/applications'
+        directory 'authorizations', 'app/views/doorkeeper/authorizations'
+        directory 'authorized_applications', 'app/views/doorkeeper/authorized_applications'
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-11 00:00:00.000000000 Z
+date: 2012-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
-  requirement: &70362054833440 !ruby/object:Gem::Requirement
+  requirement: &70236642092660 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -22,10 +22,10 @@ dependencies:
         version: '3.1'
   type: :runtime
   prerelease: false
-  version_requirements: *70362054833440
+  version_requirements: *70236642092660
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70362054832720 !ruby/object:Gem::Requirement
+  requirement: &70236642091820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -33,10 +33,10 @@ dependencies:
         version: 1.3.5
   type: :development
   prerelease: false
-  version_requirements: *70362054832720
+  version_requirements: *70236642091820
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70362054831840 !ruby/object:Gem::Requirement
+  requirement: &70236642091180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -44,10 +44,10 @@ dependencies:
         version: 2.8.1
   type: :development
   prerelease: false
-  version_requirements: *70362054831840
+  version_requirements: *70236642091180
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &70362054831180 !ruby/object:Gem::Requirement
+  requirement: &70236642090640 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -55,10 +55,10 @@ dependencies:
         version: 1.1.2
   type: :development
   prerelease: false
-  version_requirements: *70362054831180
+  version_requirements: *70236642090640
 - !ruby/object:Gem::Dependency
   name: generator_spec
-  requirement: &70362054830420 !ruby/object:Gem::Requirement
+  requirement: &70236642090080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -66,10 +66,10 @@ dependencies:
         version: 0.8.5
   type: :development
   prerelease: false
-  version_requirements: *70362054830420
+  version_requirements: *70236642090080
 - !ruby/object:Gem::Dependency
   name: factory_girl_rails
-  requirement: &70362054829800 !ruby/object:Gem::Requirement
+  requirement: &70236642089500 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -77,10 +77,10 @@ dependencies:
         version: 1.4.0
   type: :development
   prerelease: false
-  version_requirements: *70362054829800
+  version_requirements: *70236642089500
 - !ruby/object:Gem::Dependency
   name: timecop
-  requirement: &70362054829180 !ruby/object:Gem::Requirement
+  requirement: &70236642088800 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -88,10 +88,10 @@ dependencies:
         version: 0.3.5
   type: :development
   prerelease: false
-  version_requirements: *70362054829180
+  version_requirements: *70236642088800
 - !ruby/object:Gem::Dependency
   name: database_cleaner
-  requirement: &70362054828560 !ruby/object:Gem::Requirement
+  requirement: &70236642087420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -99,7 +99,7 @@ dependencies:
         version: 0.7.1
   type: :development
   prerelease: false
-  version_requirements: *70362054828560
+  version_requirements: *70236642087420
 description: Doorkeeper is an OAuth 2 provider for Rails.
 email:
 - felipe@applicake.com
@@ -123,12 +123,12 @@ files:
 - app/controllers/doorkeeper/tokens_controller.rbc
 - app/helpers/doorkeeper/application_helper.rb
 - app/helpers/doorkeeper/application_helper.rbc
-- app/models/access_grant.rb
 - app/models/access_grant.rbc
-- app/models/access_token.rb
 - app/models/access_token.rbc
-- app/models/application.rb
 - app/models/application.rbc
+- app/models/doorkeeper/access_grant.rb
+- app/models/doorkeeper/access_token.rb
+- app/models/doorkeeper/application.rb
 - app/views/doorkeeper/applications/_form.html.erb
 - app/views/doorkeeper/applications/edit.html.erb
 - app/views/doorkeeper/applications/index.html.erb
@@ -177,6 +177,7 @@ files:
 - lib/generators/doorkeeper/templates/initializer.rb
 - lib/generators/doorkeeper/templates/migration.rb
 - lib/generators/doorkeeper/templates/README
+- lib/generators/doorkeeper/views_generator.rb
 - lib/tasks/doorkeeper_tasks.rake
 - lib/tasks/doorkeeper_tasks.rake.compiled.rbc
 - MIT-LICENSE
@@ -196,7 +197,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2535613111185415722
+      hash: 2595534068459567857
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -205,7 +206,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2535613111185415722
+      hash: 2595534068459567857
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.12

data/app/models/access_grant.rb

@@ -1,31 +0,0 @@
-class AccessGrant < ActiveRecord::Base
-  include Doorkeeper::OAuth::Helpers
-  include Doorkeeper::Models::Expirable
-  include Doorkeeper::Models::Revocable
-
-  self.table_name = :oauth_access_grants
-
-  belongs_to :application
-
-  validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, :presence => true
-
-  before_validation :generate_token, :on => :create
-
-  def accessible?
-    !expired? && !revoked?
-  end
-
-  def scopes
-    self[:scopes].split(" ").map(&:to_sym) if self[:scopes]
-  end
-
-  def scopes_string
-    self[:scopes]
-  end
-
-  private
-
-  def generate_token
-    self.token = UniqueToken.generate_for :token, self.class
-  end
-end

data/app/models/access_token.rb

@@ -1,70 +0,0 @@
-class AccessToken < ActiveRecord::Base
-  include Doorkeeper::OAuth::Helpers
-  include Doorkeeper::Models::Expirable
-  include Doorkeeper::Models::Revocable
-
-  self.table_name = :oauth_access_tokens
-
-  belongs_to :application
-
-  scope :accessible, where(:revoked_at => nil)
-
-  validates :application_id, :resource_owner_id, :token, :presence => true
-
-  attr_accessor :use_refresh_token
-
-  before_validation :generate_token, :on => :create
-  before_validation :generate_refresh_token, :on => :create, :if => :use_refresh_token?
-
-  def self.revoke_all_for(application_id, resource_owner)
-    where(:application_id => application_id,
-            :resource_owner_id => resource_owner.id).delete_all
-  end
-
-  def self.matching_token_for(application, resource_owner_or_id, scopes)
-    token = last_authorized_token_for(application, resource_owner_or_id)
-    token if token && ScopeChecker.matches?(token.scopes, scopes)
-  end
-
-  def self.last_authorized_token_for(application, resource_owner_or_id)
-    resource_owner_id = resource_owner_or_id.kind_of?(ActiveRecord::Base) ? resource_owner_or_id.id : resource_owner_or_id
-    accessible.
-      where(:application_id => application.id,
-            :resource_owner_id => resource_owner_id).
-      order("created_at desc").
-      limit(1).
-      first
-  end
-  private_class_method :last_authorized_token_for
-
-  def token_type
-    "bearer"
-  end
-
-  def accessible?
-    !expired? && !revoked?
-  end
-
-  def scopes
-    scope_string = self[:scopes] || ""
-    scope_string.split(" ").map(&:to_sym)
-  end
-
-  def scopes_string
-    self[:scopes]
-  end
-
-  def use_refresh_token?
-    self.use_refresh_token
-  end
-
-  private
-
-  def generate_refresh_token
-    self.refresh_token = UniqueToken.generate_for :refresh_token, self.class
-  end
-
-  def generate_token
-    self.token = UniqueToken.generate_for :token, self.class
-  end
-end

data/app/models/application.rb

@@ -1,45 +0,0 @@
-class Application < ActiveRecord::Base
-  include Doorkeeper::OAuth::Helpers
-
-  self.table_name = :oauth_applications
-
-  has_many :access_grants
-  has_many :authorized_tokens, :class_name => "AccessToken", :conditions => { :revoked_at => nil }
-  has_many :authorized_applications, :through => :authorized_tokens, :source => :application
-
-  validates :name, :secret, :redirect_uri, :presence => true
-  validates :uid, :presence => true, :uniqueness => true
-  validate :validate_redirect_uri
-
-  before_validation :generate_uid, :generate_secret, :on => :create
-
-  def self.column_names_with_table
-    self.column_names.map { |c| "oauth_applications.#{c}" }
-  end
-
-  def self.authorized_for(resource_owner)
-    joins(:authorized_applications).
-      where(:oauth_access_tokens => { :resource_owner_id => resource_owner.id }).
-      group(column_names_with_table.join(','))
-  end
-
-  def validate_redirect_uri
-    return unless redirect_uri
-    uri = URI.parse(redirect_uri)
-    errors.add(:redirect_uri, "cannot contain a fragment.") unless uri.fragment.nil?
-    errors.add(:redirect_uri, "must be an absolute URL.") if uri.scheme.nil? || uri.host.nil?
-    errors.add(:redirect_uri, "cannot contain a query parameter.") unless uri.query.nil?
-  rescue URI::InvalidURIError => e
-    errors.add(:redirect_uri, "must be a valid URI.")
-  end
-
-  private
-
-  def generate_uid
-    self.uid = UniqueToken.generate_for :uid, self.class
-  end
-
-  def generate_secret
-    self.secret = UniqueToken.generate_for :secret, self.class
-  end
-end