RubyGems - doorkeeper - Versions diffs - 0.3.4 → 0.4.0 - Mend

doorkeeper 0.3.4 → 0.4.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (92) hide show

data/CHANGELOG.md +13 -0
data/README.md +32 -5
data/app/controllers/doorkeeper/application_controller.rb +4 -11
data/app/controllers/doorkeeper/authorizations_controller.rb +11 -2
data/app/controllers/doorkeeper/tokens_controller.rb +19 -5
data/app/models/doorkeeper/access_grant.rb +1 -8
data/app/models/doorkeeper/access_token.rb +2 -10
data/app/models/doorkeeper/application.rb +4 -0
data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +1 -1
data/config/locales/en.yml +3 -0
data/doorkeeper.gemspec +2 -1
data/lib/doorkeeper.rb +23 -3
data/lib/doorkeeper/config.rb +73 -12
data/lib/doorkeeper/doorkeeper_for.rb +1 -1
data/lib/doorkeeper/engine.rb +28 -0
data/lib/doorkeeper/models/scopes.rb +13 -0
data/lib/doorkeeper/oauth/access_token_request.rb +5 -16
data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
data/lib/doorkeeper/oauth/authorization/token.rb +1 -1
data/lib/doorkeeper/oauth/authorization_request.rb +18 -23
data/lib/doorkeeper/oauth/client.rb +27 -0
data/lib/doorkeeper/oauth/client/credentials.rb +21 -0
data/lib/doorkeeper/oauth/client/methods.rb +18 -0
data/lib/doorkeeper/oauth/client_credentials/creator.rb +29 -0
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +35 -0
data/lib/doorkeeper/oauth/client_credentials/response.rb +42 -0
data/lib/doorkeeper/oauth/client_credentials/validation.rb +33 -0
data/lib/doorkeeper/oauth/client_credentials_request.rb +46 -0
data/lib/doorkeeper/oauth/error.rb +9 -0
data/lib/doorkeeper/oauth/error_response.rb +30 -0
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -2
data/lib/doorkeeper/oauth/password_access_token_request.rb +130 -0
data/lib/doorkeeper/oauth/scopes.rb +60 -0
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/templates/initializer.rb +10 -5
data/lib/generators/doorkeeper/templates/migration.rb +1 -1
data/script/run_all +11 -0
data/spec/controllers/authorizations_controller_spec.rb +3 -3
data/spec/controllers/protected_resources_controller_spec.rb +7 -0
data/spec/controllers/tokens_controller_spec.rb +1 -1
data/spec/dummy/app/controllers/home_controller.rb +1 -1
data/spec/dummy/app/models/user.rb +9 -0
data/spec/dummy/config/application.rb +2 -0
data/spec/dummy/config/initializers/doorkeeper.rb +12 -5
data/spec/dummy/config/locales/doorkeeper.en.yml +5 -0
data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +5 -0
data/spec/dummy/db/migrate/{20111206151426_create_doorkeeper_tables.rb → 20120524202412_create_doorkeeper_tables.rb} +10 -1
data/spec/dummy/db/schema.rb +15 -6
data/spec/lib/config_spec.rb +29 -13
data/spec/lib/models/scopes_spec.rb +32 -0
data/spec/lib/oauth/access_token_request_spec.rb +15 -29
data/spec/lib/oauth/authorization_request_spec.rb +22 -72
data/spec/lib/oauth/client/credentials_spec.rb +47 -0
data/spec/lib/oauth/client/methods_spec.rb +54 -0
data/spec/lib/oauth/client_credentials/creator_spec.rb +47 -0
data/spec/lib/oauth/client_credentials/issuer_spec.rb +57 -0
data/spec/lib/oauth/client_credentials/response_spec.rb +58 -0
data/spec/lib/oauth/client_credentials/validation_spec.rb +29 -0
data/spec/lib/oauth/client_credentials_integration_spec.rb +27 -0
data/spec/lib/oauth/client_credentials_request_spec.rb +60 -0
data/spec/lib/oauth/client_spec.rb +42 -0
data/spec/lib/oauth/error_response_spec.rb +40 -0
data/spec/lib/oauth/error_spec.rb +19 -0
data/spec/lib/oauth/helpers/scope_checker_spec.rb +15 -10
data/spec/lib/oauth/password_access_token_request_spec.rb +152 -0
data/spec/lib/oauth/scopes_spec.rb +115 -0
data/spec/models/doorkeeper/access_grant_spec.rb +0 -15
data/spec/models/doorkeeper/access_token_spec.rb +11 -4
data/spec/requests/applications/authorized_applications_spec.rb +2 -2
data/spec/requests/endpoints/authorization_spec.rb +2 -2
data/spec/requests/endpoints/token_spec.rb +7 -0
data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
data/spec/requests/flows/authorization_code_spec.rb +8 -2
data/spec/requests/flows/client_credentials_spec.rb +56 -0
data/spec/requests/flows/password_spec.rb +52 -0
data/spec/requests/flows/skip_authorization_spec.rb +2 -2
data/spec/requests/protected_resources/private_api_spec.rb +9 -2
data/spec/spec_helper_integration.rb +3 -0
data/spec/support/helpers/authorization_request_helper.rb +7 -5
data/spec/support/helpers/model_helper.rb +3 -3
data/spec/support/helpers/request_spec_helper.rb +1 -1
data/spec/support/helpers/url_helper.rb +12 -0
metadata +65 -30
data/lib/doorkeeper/config/scope.rb +0 -11
data/lib/doorkeeper/config/scopes.rb +0 -61
data/lib/doorkeeper/config/scopes_builder.rb +0 -18
data/spec/dummy/config/initializers/inflections.rb +0 -10
data/spec/dummy/config/initializers/mime_types.rb +0 -5
data/spec/lib/config/scope_spec.rb +0 -45
data/spec/lib/config/scopes_builder_spec.rb +0 -27
data/spec/lib/config/scopes_spec.rb +0 -180

data/lib/doorkeeper/oauth/client_credentials_request.rb ADDED

@@ -0,0 +1,46 @@
+require 'doorkeeper/oauth/error'
+require 'doorkeeper/oauth/error_response'
+require 'doorkeeper/oauth/scopes'
+require 'doorkeeper/oauth/client_credentials/creator'
+require 'doorkeeper/oauth/client_credentials/issuer'
+require 'doorkeeper/oauth/client_credentials/response'
+require 'doorkeeper/oauth/client_credentials/validation'
+module Doorkeeper
+  module OAuth
+    class ClientCredentialsRequest
+      attr_accessor :issuer, :server, :client, :original_scopes, :scopes
+      attr_reader   :response
+      alias         :authorization :response  # Remove this when API is consistent
+      alias         :error_response :response
+      delegate :error, :to => :issuer
+      def issuer
+        @issuer ||= Issuer.new(server, Validation.new(server, self))
+      end
+      def initialize(server, client, parameters = {})
+        @client, @server = client, server
+        @response        = nil
+        @original_scopes = parameters[:scope]
+      end
+      def authorize
+        @response = if issuer.create(client, scopes)
+          Response.new(issuer.token)
+        else
+          ErrorResponse.from_request(self)
+        end
+      end
+      def scopes
+        @scopes ||= if @original_scopes.present?
+          Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
+        else
+          server.default_scopes
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/error.rb ADDED

@@ -0,0 +1,9 @@
+module Doorkeeper
+  module OAuth
+    class Error < Struct.new(:name, :state)
+      def description
+        I18n.translate name, :scope => [:doorkeeper, :errors, :messages]
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/error_response.rb ADDED

@@ -0,0 +1,30 @@
+module Doorkeeper
+  module OAuth
+    class ErrorResponse
+      include ActiveModel::Serializers::JSON
+      self.include_root_in_json = false
+      def self.from_request(request)
+        state = request.state if request.respond_to?(:state)
+        new(:name => request.error, :state => state)
+      end
+      delegate :name, :description, :state, :to => :@error
+      alias    :error :name
+      alias    :error_description :description
+      def initialize(attributes = {})
+        @error = Doorkeeper::OAuth::Error.new(*attributes.values_at(:name, :state))
+      end
+      def attributes
+        { 'error' => name, 'error_description' => description, 'state' => state }.reject { |k, v| v.blank? }
+      end
+      def status
+        :unauthorized
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/helpers/scope_checker.rb CHANGED

@@ -4,13 +4,13 @@ module Doorkeeper
       module ScopeChecker
         def self.matches?(current_scopes, scopes)
           return false if current_scopes.nil? || scopes.nil?
-          current_scopes.map(&:to_s).sort == scopes.split(" ").sort
+          current_scopes == scopes
         end
         def self.valid?(scope, server_scopes)
           scope.present? &&
           scope !~ /[\n|\r|\t]/ &&
-          server_scopes.all_included?(scope)
+          server_scopes.has_scopes?(Doorkeeper::OAuth::Scopes.from_string(scope))
         end
       end
     end

data/lib/doorkeeper/oauth/password_access_token_request.rb ADDED

@@ -0,0 +1,130 @@
+# coding: utf-8
+# TODO: refactor to DRY up, this is very similar to AccessTokenRequest
+module Doorkeeper::OAuth
+  class PasswordAccessTokenRequest
+    include Doorkeeper::Validations
+    ATTRIBUTES = [
+      :grant_type,
+      :username,
+      :password,
+      :scope,
+      :refresh_token
+    ]
+    validate :attributes,     :error => :invalid_request
+    validate :grant_type,     :error => :unsupported_grant_type
+    validate :client,         :error => :invalid_client
+    validate :resource_owner, :error => :invalid_resource_owner
+    validate :scope,          :error => :invalid_scope
+    attr_accessor *ATTRIBUTES
+    attr_accessor :resource_owner, :client
+    def initialize(client, owner, attributes = {})
+      ATTRIBUTES.each { |attr| instance_variable_set("@#{attr}", attributes[attr]) }
+      @resource_owner = owner
+      @client = client
+      validate
+    end
+    def authorize
+      if valid?
+        find_or_create_access_token
+      end
+    end
+    def authorization
+      auth = {
+        'access_token' => access_token.token,
+        'token_type'   => access_token.token_type,
+        'expires_in'   => access_token.expires_in,
+      }
+      auth.merge!({'refresh_token' => access_token.refresh_token}) if refresh_token_enabled?
+      auth
+    end
+    def valid?
+      self.error.nil?
+    end
+    def access_token
+      @access_token
+    end
+    def token_type
+      "bearer"
+    end
+    def error_response
+      Doorkeeper::OAuth::ErrorResponse.from_request(self)
+    end
+    def scopes
+      @scopes ||= if scope.present?
+        Doorkeeper::OAuth::Scopes.from_string(scope)
+      else
+        Doorkeeper.configuration.default_scopes
+      end
+    end
+    private
+    def find_or_create_access_token
+      if access_token
+        access_token.expired? ? revoke_and_create_access_token : access_token
+      else
+        create_access_token
+      end
+    end
+    def revoke_and_create_access_token
+      access_token.revoke
+      create_access_token
+    end
+    def revoke_base_token
+      base_token.revoke
+    end
+    def create_access_token
+      @access_token = Doorkeeper::AccessToken.create!({
+        :application_id     => client.id,
+        :resource_owner_id  => resource_owner.id,
+        :scopes             => scopes.to_s,
+        :expires_in         => configuration.access_token_expires_in,
+        :use_refresh_token  => refresh_token_enabled?
+      })
+    end
+    def validate_attributes
+      grant_type.present?
+    end
+    def refresh_token_enabled?
+      configuration.refresh_token_enabled?
+    end
+    def validate_client
+      !!client
+    end
+    def validate_scope
+      return true unless scope.present?
+      ScopeChecker.valid?(scope, configuration.scopes)
+    end
+    def validate_grant_type
+      grant_type == 'password'
+    end
+    def validate_resource_owner
+      !!resource_owner
+    end
+    def configuration
+      Doorkeeper.configuration
+    end
+  end
+end

data/lib/doorkeeper/oauth/scopes.rb ADDED

@@ -0,0 +1,60 @@
+module Doorkeeper
+  module OAuth
+    class Scopes
+      include Enumerable
+      include Comparable
+      def self.from_string(string)
+        string ||= ""
+        new.tap do |scope|
+          scope.add *string.split
+        end
+      end
+      def self.from_array(array)
+        new.tap do |scope|
+          scope.add *array
+        end
+      end
+      delegate :each, :to => :@scopes
+      def initialize
+        @scopes = []
+      end
+      def exists?(scope)
+        @scopes.include? scope.to_sym
+      end
+      def add(*scopes)
+        @scopes.push *scopes.map(&:to_sym)
+        @scopes.uniq!
+      end
+      def all
+        @scopes
+      end
+      def to_s
+        @scopes.join(" ")
+      end
+      def has_scopes?(scopes)
+        scopes.all? { |s| exists?(s) }
+      end
+      def +(other)
+        if other.is_a? Scopes
+          self.class.from_array(self.all + other.all)
+        else
+          super(other)
+        end
+      end
+      def <=>(other)
+        self.map(&:to_s).sort <=> other.map(&:to_s).sort
+      end
+    end
+  end
+end

data/lib/doorkeeper/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = "0.3.4"
+  VERSION = "0.4.0"
 end

data/lib/generators/doorkeeper/templates/initializer.rb CHANGED

@@ -21,7 +21,8 @@ Doorkeeper.configure do
   #   Admin.find_by_id(session[:admin_id]) || redirect_to(routes.new_admin_session_url)
   # end
-  # Access token expiration time (default 2 hours)
+  # Access token expiration time (default 2 hours).
+  # If you want to disable expiration, set this to nil.
   # access_token_expires_in 2.hours
   # Issue access tokens with refresh token (disabled by default)
@@ -29,8 +30,12 @@ Doorkeeper.configure do
   # Define access token scopes for your provider
   # For more information go to https://github.com/applicake/doorkeeper/wiki/Using-Scopes
-  # authorization_scopes do
-  #   scope :public, :default => true, :description => "The public one"
-  #   scope :write,  :description => "Updating information"
-  # end
+  # default_scopes  :public
+  # optional_scopes :write, :update
+  # Change the way client credentials are retrieved from the request object.
+  # By default it retrieves first from `HTTP_AUTHORIZATION` header and
+  # fallsback to `:client_id` and `:client_secret` from `params` object
+  # Check out the wiki for mor information on customization
+  # client_credentials :from_basic, :from_params
 end

data/lib/generators/doorkeeper/templates/migration.rb CHANGED

@@ -24,7 +24,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
     add_index :oauth_access_grants, :token, :unique => true
     create_table :oauth_access_tokens do |t|
-      t.integer  :resource_owner_id, :null => false
+      t.integer  :resource_owner_id
       t.integer  :application_id,    :null => false
       t.string   :token,             :null => false
       t.string   :refresh_token

data/script/run_all ADDED

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -e
+RBENV_VERSION=1.8.7-p352 bundle install --quiet
+RBENV_VERSION=1.8.7-p352 bundle exec rake
+RBENV_VERSION=1.9.2-p290 bundle install --quiet
+RBENV_VERSION=1.9.2-p290 bundle exec rake
+RBENV_VERSION=1.9.3-p0 bundle install --quiet
+RBENV_VERSION=1.9.3-p0 bundle exec rake

data/spec/controllers/authorizations_controller_spec.rb CHANGED

@@ -13,7 +13,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
   end
   let(:client) { FactoryGirl.create :application }
-  let(:user)   { User.create! }
+  let(:user)   { User.create!(:name => "Joe", :password => "sekret") }
   before do
     controller.stub :current_resource_owner => user
@@ -55,7 +55,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
   describe "POST #create with errors" do
     before do
-      scope_exists :public
+      default_scopes_exist :public
       post :create, :client_id => client.uid, :response_type => "token", :scope => "invalid", :redirect_uri => client.redirect_uri, :use_route => :doorkeeper
     end
@@ -100,7 +100,7 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
   describe "GET #new with errors" do
     before do
-      scope_exists :public
+      default_scopes_exist :public
       get :new, :client_id => client.uid, :response_type => "token", :scope => "invalid", :redirect_uri => client.redirect_uri, :use_route => :doorkeeper
     end

data/spec/controllers/protected_resources_controller_spec.rb CHANGED

@@ -99,6 +99,13 @@ describe "Doorkeeper_for helper" do
       request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64.encode64("foo:bar")}"
       get :index
     end
+    it "doesn't change Authorization header value" do
+      Doorkeeper::AccessToken.should_receive(:find_by_token).exactly(2).times
+      request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
+      get :index
+      get :index
+    end
   end
   context "defined for all actions" do

data/spec/controllers/tokens_controller_spec.rb CHANGED

@@ -26,7 +26,7 @@ describe Doorkeeper::TokensController do
     end
     it "returns the error response" do
-      token.should_receive(:error_response)
+      token.stub(:error_response => stub(:to_json => [], :status => :unauthorized))
       post :create, :use_route => :doorkeeper
       response.status.should == 401
     end

data/spec/dummy/app/controllers/home_controller.rb CHANGED

@@ -4,7 +4,7 @@ class HomeController < ApplicationController
   def sign_in
     session[:user_id] = if Rails.env.development?
-      User.first || User.create!
+      User.first || User.create!(:name => "Joe", :password => "sekret")
     else
       User.first
     end

data/spec/dummy/app/models/user.rb CHANGED

@@ -1,2 +1,11 @@
 class User < ActiveRecord::Base
+  has_secure_password
+  validates_presence_of :password, :on => :create
+  attr_accessible :name, :password
+  def self.authenticate!(name, password)
+    owner = User.find_by_name(name)
+    owner.authenticate(password) if owner
+  end
 end

data/spec/dummy/config/application.rb CHANGED

@@ -27,6 +27,8 @@ module Dummy
     # Activate observers that should always be running.
     # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+    config.active_record.whitelist_attributes = true
     # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
     # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
     # config.time_zone = 'Central Time (US & Canada)'

data/spec/dummy/config/initializers/doorkeeper.rb CHANGED

@@ -21,14 +21,21 @@ Doorkeeper.configure do
   #   Admin.find_by_id(session[:admin_id]) || redirect_to(routes.new_admin_session_url)
   # end
-  authorization_scopes do
-    scope :public, :default => true, :description => "The public one"
-    scope :write, :description => "Updating information"
-  end
   # Access token expiration time (default 2 hours)
+  # If you want to disable expiration, set this to nil.
   # access_token_expires_in 2.hours
   # Issue access tokens with refresh token (disabled by default)
   use_refresh_token
+  # Define access token scopes for your provider
+  # For more information go to https://github.com/applicake/doorkeeper/wiki/Using-Scopes
+  default_scopes  :public
+  optional_scopes :write, :update
+  # Change the way client credentials are retrieved from the request object.
+  # By default it retrieves first from `HTTP_AUTHORIZATION` header and
+  # fallsback to `:client_id` and `:client_secret` from `params` object
+  # Check out the wiki for mor information on customization
+  # client_credentials :from_basic, :from_params
 end