doorkeeper 0.4.2 → 0.5.0.rc1

data/.gitignore

@@ -10,3 +10,5 @@ Gemfile.lock
 gemfiles/*.lock
 spec/generators/tmp
 .rvmrc
+*.swp
+

data/.travis.yml

@@ -2,7 +2,11 @@ rvm:
   - 1.9.3
   - 1.8.7
   - 1.9.2
-  - rbx
+env:
+  - DOORKEEPER_ORM=active_record
+  - DOORKEEPER_ORM=mongoid
 gemfile:
   - gemfiles/gemfile.rails-3.1.x
   - gemfiles/gemfile.rails-3.2.x
+services:
+  - mongodb

data/CHANGELOG.md

@@ -1,5 +1,33 @@
 # Changelog
 
+## 0.5.0.rc1
+
+Official support for rubinius was removed.
+
+- enhancements
+  - Configure the way access token is retrieved from request (default to bearer header)
+  - Authorization Code expiration time is now configurable
+  - Add support for mongoid
+  - [#78, #128, #137, #138] Application Ownership
+  - [#92] Allow users to skip controllers
+  - [#99] Remove deprecated warnings for data-* attributes [@towerhe](https://github.com/towerhe)
+  - [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
+  - [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
+  - [#107] Fix typos in initializer
+  - [#123] i18n for validator, flash messages [@petergoldstein](https://github.com/petergoldstein)
+  - [#140] ActiveRecord is the default value for the ORM [@petergoldstein](https://github.com/petergoldstein)
+- internals
+  - [#112, #120] Replacing update_attribute with update_column to eliminate deprecation warnings [@rmoriz](https://github.com/rmoriz), [@petergoldstein](https://github.com/petergoldstein)
+  - [#121] Updating all development dependencies to recent versions. [@petergoldstein](https://github.com/petergoldstein)
+  - [#144] Adding MongoDB dependency to .travis.yml [@petergoldstein](https://github.com/petergoldstein)
+  - [#143] Displays errors for unconfigured error messages [@timgaleckas](https://github.com/timgaleckas)
+- bugfixes
+  - [#102] Not returning 401 when access token generation fails [@cslew](https://github.com/cslew)
+  - [#125] Doorkeeper is using ActiveRecord version of as_json in ORM agnostic code [@petergoldstein](https://github.com/petergoldstein)
+  - [#142] Prevent double submission of password based authentication [@bdurand](https://github.com/bdurand)
+- documentation
+  - [#141] Add rack-cors middleware to readme [@gottfrois](https://github.com/gottfrois)
+
 ## 0.4.2
 
 - bugfixes:
@@ -19,6 +47,7 @@
 - enhancements
   - [#83] Add Resource Owner Password Credentials flow [@jaimeiniesta](https://github.com/jaimeiniesta)
   - [#76] Allow token expiration to be disabled [@mattgreen](https://github.com/mattgreen)
+  - [#89] Configure the way client credentials are retrieved from request
   - [#b6470a] Add Client Credentials flow
 - internals
   - [#2ece8d, #f93778] Introduce Client and ErrorResponse classes

data/Gemfile

@@ -1,6 +1,14 @@
-source "http://rubygems.org"
+source 'http://rubygems.org'
 
-gemspec
+gem 'jquery-rails'
+
+group :mongoid do
+  gem 'mongoid', '~> 2.4'
+  gem 'bson_ext', '~> 1.6.0'
+end
 
-# jquery-rails is used by the dummy application
-gem "jquery-rails"
+group :active_record do
+  gem 'activerecord', '~> 3.1'
+end
+
+gemspec

data/README.md

@@ -2,6 +2,7 @@
 
 [![Build Status](https://secure.travis-ci.org/applicake/doorkeeper.png)](http://travis-ci.org/applicake/doorkeeper)
 [![Dependency Status](https://gemnasium.com/applicake/doorkeeper.png)](https://gemnasium.com/applicake/doorkeeper)
+[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/applicake/doorkeeper)
 
 Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionality to your application.
 
@@ -9,29 +10,67 @@ The gem is under constant development. It is based in the [version 22 of the OAu
 
 For more information about the supported features, check out the related [page in the wiki](https://github.com/applicake/doorkeeper/wiki/Supported-Features). For more information about OAuth 2 go to [OAuth 2 Specs (Draft)](http://tools.ietf.org/html/draft-ietf-oauth-v2-22).
 
+## Requirements
+
+### Ruby
+
+- 1.8.7, 1.9.2 or 1.9.3
+
+### Rails
+
+- 3.1.x or 3.2.x
+
+### ORM
+
+- ActiveRecord
+- Mongoid 2 (only for doorkeeper v0.5+)
+
 ## Installation
 
 Put this in your Gemfile:
 
 ``` ruby
-gem 'doorkeeper', '~> 0.4.0'
+gem 'doorkeeper', '~> 0.5.0.rc1'
 ```
 
 Run the installation generator with:
 
     rails generate doorkeeper:install
 
-This will generate the doorkeeper initializer and the OAuth tables migration. Don't forget to run the migration in your application:
+This will install the doorkeeper initializer into `config/initializers/doorkeeper.rb`.
+
+## Configuration
+
+### Active Record
+
+By default doorkeeper is configured to use active record, so to start you have to generate the migration tables:
+
+    rails generate doorkeeper:migration
+
+Don't forget to run the migration with:
 
     rake db:migrate
 
-## Configuration
+### Mongoid (only doorkeeper v0.5+)
+
+Doorkeeper currently supports Mongoid 2. To start using it, you have to set the `orm` configuration:
+
+``` ruby
+Doorkeeper.configure do
+  orm :mongoid
+end
+```
+
+**Note:** Make sure you create indexes for doorkeeper models. You can do this either by running `db:mongoid:create_indexes`
+or by adding `autocreate_indexes: true` to your `config/mongoid.yml`
+
+### Routes
 
-The installation script will automatically add the Doorkeeper routes into your app, like this:
+The installation script will also automatically add the Doorkeeper routes into your app, like this:
 
 ``` ruby
 Rails.application.routes.draw do
-  mount Doorkeeper::Engine => "/oauth"
+  use_doorkeeper
   # your routes
 end
 ```
@@ -44,6 +83,10 @@ This will mount following routes:
     POST      /oauth/token
     resources /oauth/applications
 
+For more information on how to customize routes, check out [this page on the wiki](https://github.com/applicake/doorkeeper/wiki/Customizing-routes).
+
+### Authenticating
+
 You need to configure Doorkeeper in order to provide resource_owner model and authentication block `initializers/doorkeeper.rb`
 
 ``` ruby
@@ -92,6 +135,22 @@ class Api::V1::ProductsController < Api::V1::ApiController
 end
 ```
 
+### ActionController::Metal integration and other integrations
+
+The `doorkeeper_for` filter is intended to work with ActionController::Metal too. You only need to include the required `ActionController` modules:
+
+```ruby
+class MetalController < ActionController::Metal
+  include AbstractController::Callbacks
+  include ActionController::Head
+  include Doorkeeper::Helpers::Filter
+
+  doorkeeper_for :all
+end
+```
+
+For more information about integration and other integrations, check out [the related wiki page](https://github.com/applicake/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
+
 ### Access Token Scopes
 
 You can also require the access token to have specific scopes in certain actions:
@@ -100,8 +159,8 @@ First configure the scopes in `initializers/doorkeeper.rb`
 
 ```ruby
 Doorkeeper.configure do
-  default_scope :public # if no scope was requested, this will be the default
-  optional_scope :admin, :write
+  default_scopes :public # if no scope was requested, this will be the default
+  optional_scopes :admin, :write
 end
 ```
 
@@ -175,6 +234,16 @@ All supported ruby versions are [listed here](https://github.com/applicake/doork
 
 ## Additional information
 
+### Cross Origin Resource Sharing
+
+You might want to use Doorkeeper to protect an API and want an other application running in a different context (like a mobile application) to request on your API.
+
+For mobile application, you might have to setup Cross Origin Resource Sharing. More info [here](http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/)
+
+In order to setup the bahavior, you can take a look at [rack-cors](https://github.com/cyu/rack-cors). It's a rack middleware that will set http headers for you in order to be able to make cross domain requests to your doorkeeper protected application (usualy your API).
+
+[Here](https://github.com/gottfrois/doorkeeper-provider-app) is a demo application where rack-cors has been setup.
+
 ### Maintainers
 
 - Felipe Elias Philipp ([github.com/felipeelias](https://github.com/felipeelias), [twitter.com/felipeelias](https://twitter.com/felipeelias))

data/Rakefile

@@ -1,25 +1,4 @@
-#!/usr/bin/env rake
-begin
-  require 'bundler/setup'
-rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
-begin
-  require 'rdoc/task'
-rescue LoadError
-  require 'rdoc/rdoc'
-  require 'rake/rdoctask'
-  RDoc::Task = Rake::RDocTask
-end
-
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Doorkeeper'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.rdoc')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
+require 'bundler/setup'
 require 'rspec/core/rake_task'
 
 desc 'Default: run specs.'
@@ -36,7 +15,4 @@ namespace :doorkeeper do
   end
 end
 
-APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
-load 'rails/tasks/engine.rake'
-
 Bundler::GemHelper.install_tasks

data/app/assets/javascripts/doorkeeper/application.js

@@ -1,9 +1,2 @@
-// This is a manifest file that'll be compiled into including all the files listed below.
-// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
-// be included in the compiled file accessible from http://example.com/assets/application.js
-// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-// the compiled file.
-//
 //= require jquery
 //= require jquery_ujs
-//= require_tree .

data/app/controllers/doorkeeper/application_controller.rb

@@ -1,31 +1,5 @@
 module Doorkeeper
   class ApplicationController < ActionController::Base
-    private
-
-    def authenticate_resource_owner!
-      current_resource_owner
-    end
-
-    def current_resource_owner
-      instance_exec(main_app, &Doorkeeper.configuration.authenticate_resource_owner)
-    end
-
-    def resource_owner_from_credentials
-      instance_exec(main_app, &Doorkeeper.configuration.resource_owner_from_credentials)
-    end
-
-    def authenticate_admin!
-      if block = Doorkeeper.configuration.authenticate_admin
-        instance_exec(main_app, &block)
-      end
-    end
-
-    def method_missing(method, *args, &block)
-      if method =~ /_(url|path)$/
-        raise "Your path has not been found. Didn't you mean to call routes.#{method} in doorkeeper configuration blocks?"
-      else
-        super
-      end
-    end
+    include Doorkeeper::Helpers::Controller
   end
 end

data/app/controllers/doorkeeper/applications_controller.rb

@@ -14,8 +14,12 @@ module Doorkeeper
 
     def create
       @application = Application.new(params[:application])
-      flash[:notice] = "Application created" if @application.save
-      respond_with @application
+      if @application.save
+        flash[:notice] = I18n.t(:notice, :scope => [:doorkeeper, :flash, :applications, :create])
+        respond_with [:oauth, @application]
+      else
+        render :new
+      end
     end
 
     def show
@@ -28,14 +32,18 @@ module Doorkeeper
 
     def update
       @application = Application.find(params[:id])
-      flash[:notice] = "Application updated" if @application.update_attributes(params[:application])
-      respond_with @application
+      if @application.update_attributes(params[:application])
+        flash[:notice] = I18n.t(:notice, :scope => [:doorkeeper, :flash, :applications, :update])
+        respond_with [:oauth, @application]
+      else
+        render :edit
+      end
     end
 
     def destroy
       @application = Application.find(params[:id])
-      flash[:notice] = "Application deleted" if @application.destroy
-      redirect_to applications_url
+      flash[:notice] = I18n.t(:notice, :scope => [:doorkeeper, :flash, :applications, :destroy]) if @application.destroy
+      redirect_to oauth_applications_url
     end
   end
 end

data/app/controllers/doorkeeper/authorized_applications_controller.rb

@@ -7,6 +7,6 @@ class Doorkeeper::AuthorizedApplicationsController < Doorkeeper::ApplicationCont
 
   def destroy
     Doorkeeper::AccessToken.revoke_all_for params[:id], current_resource_owner
-    redirect_to authorized_applications_url, :notice => "Application revoked."
+    redirect_to oauth_authorized_applications_url, :notice => "Application revoked."
   end
 end

data/app/controllers/doorkeeper/token_info_controller.rb

@@ -0,0 +1,11 @@
+class Doorkeeper::TokenInfoController < Doorkeeper::ApplicationController
+
+  def show
+    if doorkeeper_token && doorkeeper_token.accessible?
+      render :json => doorkeeper_token, :status => :ok
+    else
+      render :json => Doorkeeper::OAuth::ErrorResponse.new(:name => :invalid_request), :status => :unauthorized
+    end 
+  end
+
+end

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -23,14 +23,17 @@ class Doorkeeper::TokensController < Doorkeeper::ApplicationController
   end
 
   def token
-    case params[:grant_type]
-    when 'password'
-      owner = resource_owner_from_credentials
-      @token ||= Doorkeeper::OAuth::PasswordAccessTokenRequest.new(client, owner, params)
-    when 'client_credentials'
-      @token ||= Doorkeeper::OAuth::ClientCredentialsRequest.new(Doorkeeper.configuration, client, params)
-    else
-      @token ||= Doorkeeper::OAuth::AccessTokenRequest.new(client, params)
+    unless defined?(@token) && @token
+      case params[:grant_type]
+      when 'password'
+        owner = resource_owner_from_credentials
+        @token = Doorkeeper::OAuth::PasswordAccessTokenRequest.new(client, owner, params)
+      when 'client_credentials'
+        @token = Doorkeeper::OAuth::ClientCredentialsRequest.new(Doorkeeper.configuration, client, params)
+      else
+        @token = Doorkeeper::OAuth::AccessTokenRequest.new(client, params)
+      end
     end
+    @token
   end
 end

data/app/validators/redirect_uri_validator.rb

@@ -0,0 +1,12 @@
+require 'uri'
+
+class RedirectUriValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    uri = ::URI.parse(value)
+    record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
+    record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
+    record.errors.add(attribute, :has_query_parameter) unless uri.query.nil?
+  rescue URI::InvalidURIError => e
+    record.errors.add(attribute, :invalid_uri)
+  end
+end

data/app/views/doorkeeper/applications/_form.html.erb

@@ -1,6 +1,6 @@
-<%= form_for(application) do |f| %>
+<%= form_for([:oauth, application]) do |f| %>
   <fieldset>
-    <% if @application.errors.any? %>
+    <% if application.errors.any? %>
       <div class="alert-message error" data-alert><a class="close" href="#">×</a><p>Whoops! Check your form for possible errors</p></div>
     <% end %>
 
@@ -20,7 +20,7 @@
 
     <div class="actions">
       <%= f.submit :Submit, :class => "btn primary" %>
-      <%= link_to "Cancel", applications_path, :class => "btn" %>
+      <%= link_to "Cancel", oauth_applications_path, :class => "btn" %>
     </div>
   </fieldset>
 <% end %>

data/app/views/doorkeeper/applications/edit.html.erb

@@ -8,6 +8,6 @@
 
 <div class="span6">
   <h3>Actions</h3>
-  <p><%= link_to 'Back to application list', applications_path %></p>
+  <p><%= link_to 'Back to application list', oauth_applications_path %></p>
 </div>
 

data/app/views/doorkeeper/applications/index.html.erb

@@ -3,7 +3,7 @@
     <h2>Your applications</h2>
   </header>
 
-  <p><%= link_to 'New Application', new_application_path %></p>
+  <p><%= link_to 'New Application', new_oauth_application_path %></p>
 
   <table class="zebra-striped">
     <thead>
@@ -17,10 +17,10 @@
     <tbody>
       <% @applications.each do |application| %>
         <tr id="application_<%= application.id %>">
-          <td><%= link_to application.name, application %></td>
+          <td><%= link_to application.name, [:oauth, application] %></td>
           <td><%= application.redirect_uri %></td>
-          <td><%= link_to 'Edit', edit_application_path(application) %></td>
-          <td><%= link_to 'Destroy', application, :confirm => 'Are you sure?', :method => :delete %></td>
+          <td><%= link_to 'Edit', edit_oauth_application_path(application) %></td>
+          <td><%= link_to 'Destroy', [:oauth, application], :data => { :confirm => 'Are you sure?' }, :method => :delete %></td>
         </tr>
       <% end %>
     </tbody>