RubyGems - doorkeeper - Versions diffs - 0.3.4 → 0.4.0 - Mend

doorkeeper 0.3.4 → 0.4.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (92) hide show

data/CHANGELOG.md +13 -0
data/README.md +32 -5
data/app/controllers/doorkeeper/application_controller.rb +4 -11
data/app/controllers/doorkeeper/authorizations_controller.rb +11 -2
data/app/controllers/doorkeeper/tokens_controller.rb +19 -5
data/app/models/doorkeeper/access_grant.rb +1 -8
data/app/models/doorkeeper/access_token.rb +2 -10
data/app/models/doorkeeper/application.rb +4 -0
data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +1 -1
data/config/locales/en.yml +3 -0
data/doorkeeper.gemspec +2 -1
data/lib/doorkeeper.rb +23 -3
data/lib/doorkeeper/config.rb +73 -12
data/lib/doorkeeper/doorkeeper_for.rb +1 -1
data/lib/doorkeeper/engine.rb +28 -0
data/lib/doorkeeper/models/scopes.rb +13 -0
data/lib/doorkeeper/oauth/access_token_request.rb +5 -16
data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
data/lib/doorkeeper/oauth/authorization/token.rb +1 -1
data/lib/doorkeeper/oauth/authorization_request.rb +18 -23
data/lib/doorkeeper/oauth/client.rb +27 -0
data/lib/doorkeeper/oauth/client/credentials.rb +21 -0
data/lib/doorkeeper/oauth/client/methods.rb +18 -0
data/lib/doorkeeper/oauth/client_credentials/creator.rb +29 -0
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +35 -0
data/lib/doorkeeper/oauth/client_credentials/response.rb +42 -0
data/lib/doorkeeper/oauth/client_credentials/validation.rb +33 -0
data/lib/doorkeeper/oauth/client_credentials_request.rb +46 -0
data/lib/doorkeeper/oauth/error.rb +9 -0
data/lib/doorkeeper/oauth/error_response.rb +30 -0
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -2
data/lib/doorkeeper/oauth/password_access_token_request.rb +130 -0
data/lib/doorkeeper/oauth/scopes.rb +60 -0
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/templates/initializer.rb +10 -5
data/lib/generators/doorkeeper/templates/migration.rb +1 -1
data/script/run_all +11 -0
data/spec/controllers/authorizations_controller_spec.rb +3 -3
data/spec/controllers/protected_resources_controller_spec.rb +7 -0
data/spec/controllers/tokens_controller_spec.rb +1 -1
data/spec/dummy/app/controllers/home_controller.rb +1 -1
data/spec/dummy/app/models/user.rb +9 -0
data/spec/dummy/config/application.rb +2 -0
data/spec/dummy/config/initializers/doorkeeper.rb +12 -5
data/spec/dummy/config/locales/doorkeeper.en.yml +5 -0
data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +5 -0
data/spec/dummy/db/migrate/{20111206151426_create_doorkeeper_tables.rb → 20120524202412_create_doorkeeper_tables.rb} +10 -1
data/spec/dummy/db/schema.rb +15 -6
data/spec/lib/config_spec.rb +29 -13
data/spec/lib/models/scopes_spec.rb +32 -0
data/spec/lib/oauth/access_token_request_spec.rb +15 -29
data/spec/lib/oauth/authorization_request_spec.rb +22 -72
data/spec/lib/oauth/client/credentials_spec.rb +47 -0
data/spec/lib/oauth/client/methods_spec.rb +54 -0
data/spec/lib/oauth/client_credentials/creator_spec.rb +47 -0
data/spec/lib/oauth/client_credentials/issuer_spec.rb +57 -0
data/spec/lib/oauth/client_credentials/response_spec.rb +58 -0
data/spec/lib/oauth/client_credentials/validation_spec.rb +29 -0
data/spec/lib/oauth/client_credentials_integration_spec.rb +27 -0
data/spec/lib/oauth/client_credentials_request_spec.rb +60 -0
data/spec/lib/oauth/client_spec.rb +42 -0
data/spec/lib/oauth/error_response_spec.rb +40 -0
data/spec/lib/oauth/error_spec.rb +19 -0
data/spec/lib/oauth/helpers/scope_checker_spec.rb +15 -10
data/spec/lib/oauth/password_access_token_request_spec.rb +152 -0
data/spec/lib/oauth/scopes_spec.rb +115 -0
data/spec/models/doorkeeper/access_grant_spec.rb +0 -15
data/spec/models/doorkeeper/access_token_spec.rb +11 -4
data/spec/requests/applications/authorized_applications_spec.rb +2 -2
data/spec/requests/endpoints/authorization_spec.rb +2 -2
data/spec/requests/endpoints/token_spec.rb +7 -0
data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
data/spec/requests/flows/authorization_code_spec.rb +8 -2
data/spec/requests/flows/client_credentials_spec.rb +56 -0
data/spec/requests/flows/password_spec.rb +52 -0
data/spec/requests/flows/skip_authorization_spec.rb +2 -2
data/spec/requests/protected_resources/private_api_spec.rb +9 -2
data/spec/spec_helper_integration.rb +3 -0
data/spec/support/helpers/authorization_request_helper.rb +7 -5
data/spec/support/helpers/model_helper.rb +3 -3
data/spec/support/helpers/request_spec_helper.rb +1 -1
data/spec/support/helpers/url_helper.rb +12 -0
metadata +65 -30
data/lib/doorkeeper/config/scope.rb +0 -11
data/lib/doorkeeper/config/scopes.rb +0 -61
data/lib/doorkeeper/config/scopes_builder.rb +0 -18
data/spec/dummy/config/initializers/inflections.rb +0 -10
data/spec/dummy/config/initializers/mime_types.rb +0 -5
data/spec/lib/config/scope_spec.rb +0 -45
data/spec/lib/config/scopes_builder_spec.rb +0 -27
data/spec/lib/config/scopes_spec.rb +0 -180

data/lib/doorkeeper/doorkeeper_for.rb CHANGED

@@ -109,7 +109,7 @@ module Doorkeeper
     def authorization_bearer_token
       header = request.env['HTTP_AUTHORIZATION']
-      header.gsub!(/^Bearer /, '') unless header.nil?
+      header.gsub(/^Bearer /, '') if header && header.match(/^Bearer /)
     end
     def doorkeeper_unauthorized_render_options

data/lib/doorkeeper/engine.rb CHANGED

@@ -5,5 +5,33 @@ module Doorkeeper
     config.generators do |g|
       g.test_framework :rspec, :view_specs => false
     end
+    initializer "doorkeeper.deprecations" do
+      if Doorkeeper.installed?
+        if Doorkeeper.configuration.authorization_scopes.present?
+          warning = <<-WARN
+[DOORKEEPER]
+  Configuration for `authorization_scopes` will no longer be supported. Use default_scopes/optional_scopes instead.
+  ATTENTION: The :description option could not be migrated because doorkeeper now uses localization files.
+  Place this in your config/locales/en.yml
+en:
+  doorkeeper:
+    scopes:
+WARN
+          puts warning
+          Doorkeeper.configuration.authorization_scopes.translations.each do |scope, translation|
+            puts "      #{scope}: #{translation}"
+          end
+        end
+        if Doorkeeper::AccessToken.columns_hash["resource_owner_id"].null == false
+          warn <<-WARN
+[DOORKEEPER]
+  In order to use the Client Credentials flow, you have to migrate the oauth_access_tokens table:
+  change_column :oauth_access_tokens, :resource_owner_id, :integer, :null => true
+WARN
+        end
+      end
+    end
   end
 end

data/lib/doorkeeper/models/scopes.rb ADDED

@@ -0,0 +1,13 @@
+module Doorkeeper
+  module Models
+    module Scopes
+      def scopes
+        Doorkeeper::OAuth::Scopes.from_string(self[:scopes])
+      end
+      def scopes_string
+        Doorkeeper::OAuth::Scopes.from_string(self[:scopes]).to_s
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/access_token_request.rb CHANGED

@@ -3,8 +3,6 @@ module Doorkeeper::OAuth
     include Doorkeeper::Validations
     ATTRIBUTES = [
-      :client_id,
-      :client_secret,
       :grant_type,
       :code,
       :redirect_uri,
@@ -18,9 +16,11 @@ module Doorkeeper::OAuth
     validate :redirect_uri, :error => :invalid_grant
     attr_accessor *ATTRIBUTES
+    attr_accessor :client
-    def initialize(attributes = {})
+    def initialize(client, attributes = {})
       ATTRIBUTES.each { |attr| instance_variable_set("@#{attr}", attributes[attr]) }
+      @client = client
       validate
     end
@@ -46,7 +46,7 @@ module Doorkeeper::OAuth
     end
     def access_token
-      @access_token ||= Doorkeeper::AccessToken.matching_token_for client, base_token.resource_owner_id, base_token.scopes_string
+      @access_token ||= Doorkeeper::AccessToken.matching_token_for client, base_token.resource_owner_id, base_token.scopes
     end
     def token_type
@@ -54,10 +54,7 @@ module Doorkeeper::OAuth
     end
     def error_response
-      {
-        'error' => error.to_s,
-        'error_description' => error_description
-      }
+      Doorkeeper::OAuth::ErrorResponse.from_request(self)
     end
     private
@@ -79,10 +76,6 @@ module Doorkeeper::OAuth
       base_token.revoke
     end
-    def client
-      @client ||= Doorkeeper::Application.find_by_uid_and_secret(@client_id, @client_secret)
-    end
     def base_token
       @base_token ||= refresh_token? ? token_via_refresh_token : token_via_authorization_code
     end
@@ -139,10 +132,6 @@ module Doorkeeper::OAuth
       %w(authorization_code refresh_token).include? grant_type
     end
-    def error_description
-      I18n.translate error, :scope => [:doorkeeper, :errors, :messages]
-    end
     def configuration
       Doorkeeper.configuration
     end

data/lib/doorkeeper/oauth/authorization/code.rb CHANGED

@@ -18,7 +18,7 @@ module Doorkeeper
             :resource_owner_id => authorization.resource_owner.id,
             :expires_in        => DEFAULT_EXPIRATION_TIME,
             :redirect_uri      => authorization.redirect_uri,
-            :scopes            => authorization.scope
+            :scopes            => authorization.scopes.to_s
           )
         end

data/lib/doorkeeper/oauth/authorization/token.rb CHANGED

@@ -23,7 +23,7 @@ module Doorkeeper
           @access_token ||= AccessToken.create!({
             :application_id    => authorization.client.id,
             :resource_owner_id => authorization.resource_owner.id,
-            :scopes            => authorization.scope,
+            :scopes            => authorization.scopes.to_s,
             :expires_in        => configuration.access_token_expires_in,
             :use_refresh_token => false
           })

data/lib/doorkeeper/oauth/authorization_request.rb CHANGED

@@ -6,7 +6,6 @@ module Doorkeeper::OAuth
     ATTRIBUTES = [
       :response_type,
-      :client_id,
       :redirect_uri,
       :scope,
       :state
@@ -19,12 +18,12 @@ module Doorkeeper::OAuth
     validate :scope,         :error => :invalid_scope
     attr_accessor *ATTRIBUTES
-    attr_accessor :resource_owner, :error
+    attr_accessor :resource_owner, :client, :error
-    def initialize(resource_owner, attributes)
+    def initialize(client, resource_owner, attributes)
       ATTRIBUTES.each { |attr| instance_variable_set("@#{attr}", attributes[attr]) }
       @resource_owner = resource_owner
-      @scope          ||= Doorkeeper.configuration.default_scope_string
+      @client         = client
       validate
     end
@@ -35,44 +34,44 @@ module Doorkeeper::OAuth
     end
     def access_token_exists?
-      Doorkeeper::AccessToken.matching_token_for(client, resource_owner, scope).present?
+      Doorkeeper::AccessToken.matching_token_for(client, resource_owner, scopes).present?
     end
     def deny
       self.error = :access_denied
     end
+    def error_response
+      Doorkeeper::OAuth::ErrorResponse.from_request(self)
+    end
     def success_redirect_uri
       @authorization.callback
     end
     def invalid_redirect_uri
       uri_builder = is_token_request? ? :uri_with_fragment : :uri_with_query
-      send(uri_builder, redirect_uri, {
-        :error => error,
-        :error_description => error_description,
-        :state => state
-      })
+      send(uri_builder, redirect_uri, error_response.attributes)
     end
     def redirect_on_error?
       (error != :invalid_redirect_uri) && (error != :invalid_client)
     end
-    def client
-      @client ||= Doorkeeper::Application.find_by_uid(client_id)
+    def scopes
+      @scopes ||= if scope.present?
+        Doorkeeper::OAuth::Scopes.from_string(scope)
+      else
+        Doorkeeper.configuration.default_scopes
+      end
     end
-    def scopes
-      Doorkeeper.configuration.scopes.with_names(*scope.split(" ")) if has_scope?
+    def client_id
+      client.uid
     end
     private
-    def has_scope?
-      Doorkeeper.configuration.scopes.all.present?
-    end
     def validate_attributes
       response_type.present?
     end
@@ -91,7 +90,7 @@ module Doorkeeper::OAuth
     end
     def validate_scope
-      return true unless has_scope?
+      return true unless scope.present?
       ScopeChecker.valid?(scope, configuration.scopes)
     end
@@ -103,10 +102,6 @@ module Doorkeeper::OAuth
       response_type == "token"
     end
-    def error_description
-      I18n.translate error, :scope => [:doorkeeper, :errors, :messages]
-    end
     def configuration
       Doorkeeper.configuration
     end

data/lib/doorkeeper/oauth/client.rb ADDED

@@ -0,0 +1,27 @@
+require 'doorkeeper/oauth/client/methods'
+require 'doorkeeper/oauth/client/credentials'
+module Doorkeeper
+  module OAuth
+    class Client
+      def self.find(uid)
+        if application = Doorkeeper::Application.find_by_uid(uid)
+          new(application)
+        end
+      end
+      def self.authenticate(credentials, method = Doorkeeper::Application.method(:authenticate))
+        return false if credentials.blank?
+        if application = method.call(credentials.uid, credentials.secret)
+          new(application)
+        end
+      end
+      delegate :id, :name, :uid, :redirect_uri, :to => :@application
+      def initialize(application)
+        @application = application
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/client/credentials.rb ADDED

@@ -0,0 +1,21 @@
+module Doorkeeper
+  module OAuth
+    class Client
+      class Credentials < Struct.new(:uid, :secret)
+        extend Methods
+        def self.from_request(request, *credentials_methods)
+          credentials_methods.inject(nil) do |credentials, method|
+            method = self.method(method) if method.is_a?(Symbol)
+            credentials = Credentials.new *method.call(request)
+            break credentials unless credentials.blank?
+          end
+        end
+        def blank?
+          uid.blank? || secret.blank?
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/client/methods.rb ADDED

@@ -0,0 +1,18 @@
+module Doorkeeper
+  module OAuth
+    class Client
+      module Methods
+        def from_params(request)
+          request.parameters.values_at(:client_id, :client_secret)
+        end
+        def from_basic(request)
+          authorization = request.authorization
+          if authorization.present? && authorization =~ /^Basic (.*)/m
+            Base64.decode64($1).split(/:/, 2)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/client_credentials/creator.rb ADDED

@@ -0,0 +1,29 @@
+module Doorkeeper
+  module OAuth
+    class ClientCredentialsRequest
+      class Creator
+        def call(client, scopes, attributes = {})
+          existing_token = existing_token_for(client, scopes)
+          if existing_token
+            return existing_token if existing_token.accessible?
+            existing_token.revoke
+          end
+          create(client, scopes, attributes)
+        end
+      private
+        def existing_token_for(client, scopes)
+          Doorkeeper::AccessToken.matching_token_for client, nil, scopes
+        end
+        def create(client, scopes, attributes = {})
+          Doorkeeper::AccessToken.create(attributes.merge({
+            :application_id => client.id,
+            :scopes         => scopes.to_s
+          }))
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/client_credentials/issuer.rb ADDED

@@ -0,0 +1,35 @@
+require 'doorkeeper/oauth/client_credentials/validation'
+module Doorkeeper
+  module OAuth
+    class ClientCredentialsRequest
+      class Issuer
+        attr_accessor :token, :validation, :error
+        def initialize(server, validation)
+          @server, @validation = server, validation
+        end
+        def create(client, scopes, creator = Creator.new)
+          if validation.valid?
+            @token = create_token(client, scopes, creator)
+            @error = :server_error unless @token
+          else
+            @token = false
+            @error = validation.error
+          end
+          @token
+        end
+        private
+        def create_token(client, scopes, creator)
+          creator.call(client, scopes, {
+            :use_refresh_token => false,
+            :expires_in        => @server.access_token_expires_in
+          })
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/client_credentials/response.rb ADDED

@@ -0,0 +1,42 @@
+require 'active_model'
+module Doorkeeper
+  module OAuth
+    class ClientCredentialsRequest
+      class Response
+        include ActiveModel::Serializers::JSON
+        self.include_root_in_json = false
+        delegate :token, :expires_in, :scopes_string, :to => :@token
+        alias    :access_token :token
+        alias    :scope :scopes_string
+        def initialize(token)
+          @token = token
+        end
+        def attributes
+          {
+            'access_token' => token,
+            'token_type'   => token_type,
+            'expires_in'   => expires_in,
+            'scope'        => scopes_string
+          }
+        end
+        def status
+          :success
+        end
+        def token_type
+          'bearer'
+        end
+        def headers
+          { 'Cache-Control' => 'no-store', 'Pragma' => 'no-cache' }
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/client_credentials/validation.rb ADDED

@@ -0,0 +1,33 @@
+require 'doorkeeper/validations'
+require 'doorkeeper/oauth/scopes'
+require 'doorkeeper/oauth/helpers/scope_checker'
+module Doorkeeper
+  module OAuth
+    class ClientCredentialsRequest
+      class Validation
+        include Doorkeeper::Validations
+        include Doorkeeper::OAuth::Helpers
+        validate :client, :error => :invalid_client
+        validate :scopes, :error => :invalid_scope
+        def initialize(server, request)
+          @server, @request = server, request
+          validate
+        end
+        private
+        def validate_client
+          @request.client.present?
+        end
+        def validate_scopes
+          return true unless @request.original_scopes.present?
+          ScopeChecker.valid?(@request.original_scopes, @server.scopes)
+        end
+      end
+    end
+  end
+end