doorkeeper 0.4.2 → 0.5.0.rc1

data/app/views/doorkeeper/applications/new.html.erb

@@ -8,6 +8,6 @@
 
 <div class="span6">
   <h3>Actions</h3>
-  <p><%= link_to 'Back to application list', applications_path %></p>
+  <p><%= link_to 'Back to application list', oauth_applications_path %></p>
 </div>
 

data/app/views/doorkeeper/applications/show.html.erb

@@ -17,7 +17,7 @@
 
 <div class="span6">
   <h3>Actions</h3>
-  <p><%= link_to 'List all', applications_path %></p>
-  <p><%= link_to 'Edit', edit_application_path(@application) %></p>
-  <p><%= link_to 'Remove', @application, :method => :delete, :confirm => "Are you sure?" %></p>
+  <p><%= link_to 'List all', oauth_applications_path %></p>
+  <p><%= link_to 'Edit', edit_oauth_application_path(@application) %></p>
+  <p><%= link_to 'Remove', [:oauth, @application], :method => :delete, :data => { :confirm => "Are you sure?" } %></p>
 </div>

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -15,7 +15,7 @@
   <% end %>
 
   <div class="inline_block">
-    <%= form_for @authorization, :as => :authorization, :url => authorization_path, :method => :post do |f| %>
+    <%= form_for @authorization, :as => :authorization, :url => oauth_authorization_path, :method => :post do |f| %>
       <%= f.hidden_field :client_id %>
       <%= f.hidden_field :redirect_uri %>
       <%= f.hidden_field :state %>
@@ -25,7 +25,7 @@
     <% end %>
   </div>
   <div class="inline_block">
-    <%= form_for @authorization, :as => :authorization, :url => authorization_path, :method => :delete do |f| %>
+    <%= form_for @authorization, :as => :authorization, :url => oauth_authorization_path, :method => :delete do |f| %>
       <%= f.hidden_field :client_id %>
       <%= f.hidden_field :redirect_uri %>
       <%= f.hidden_field :state %>

data/app/views/doorkeeper/authorized_applications/index.html.erb

@@ -17,7 +17,7 @@
         <tr>
           <td><%= application.name %></td>
           <td><%= application.created_at %></td>
-          <td><%= link_to 'Revoke', authorized_application_path(application), :confirm => 'Are you sure?', :method => :delete, :class => 'btn danger' %></td>
+          <td><%= link_to 'Revoke', oauth_authorized_application_path(application), :data => { :confirm => 'Are you sure?' }, :method => :delete, :class => 'btn danger' %></td>
         </tr>
       <% end %>
     </tbody>

data/config/locales/en.yml

@@ -1,4 +1,24 @@
 en:
+  activerecord:
+    errors:
+      models:
+        application:
+          attributes:
+            redirect_uri:
+              fragment_present: 'cannot contain a fragment.'
+              has_query_parameter: 'cannot contain a query parameter.'
+              invalid_uri: 'must be a valid URI.'
+              relative_uri: 'must be an absolute URI.'
+  mongoid:
+    errors:
+      models:
+        application:
+          attributes:
+            redirect_uri:
+              fragment_present: 'cannot contain a fragment.'
+              has_query_parameter: 'cannot contain a query parameter.'
+              invalid_uri: 'must be a valid URI.'
+              relative_uri: 'must be an absolute URI.'
   doorkeeper:
     errors:
       messages:
@@ -11,6 +31,10 @@ en:
         server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
         temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
 
+        #configuration error messages
+        credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
+        resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'
+
         # Access grant errors
         unsupported_response_type: 'The authorization server does not support this response type.'
 
@@ -21,3 +45,14 @@ en:
 
         # Password Access token errors
         invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
+    flash:
+      applications:
+        create:
+          notice: 'Application created.'
+        destroy:
+          notice: 'Application deleted.'
+        update:
+          notice: 'Application updated.'
+      authorized_applications:
+        destroy:
+          notice: 'Application revoked.'

data/doorkeeper.gemspec

@@ -18,11 +18,11 @@ Gem::Specification.new do |s|
   s.add_dependency "railties", "~> 3.1"
 
   s.add_development_dependency "sqlite3", "~> 1.3.5"
-  s.add_development_dependency "rspec-rails", "~> 2.10.0"
+  s.add_development_dependency "rspec-rails", "~> 2.11.0"
   s.add_development_dependency "capybara", "~> 1.1.2"
   s.add_development_dependency "generator_spec", "~> 0.8.5"
   s.add_development_dependency "factory_girl", "~> 2.6.4"
-  s.add_development_dependency "timecop", "~> 0.3.5"
-  s.add_development_dependency "database_cleaner", "~> 0.7.1"
+  s.add_development_dependency "timecop", "~> 0.4.3"
+  s.add_development_dependency "database_cleaner", "~> 0.8"
   s.add_development_dependency "bcrypt-ruby", "~> 3.0.1"
 end

data/gemfiles/gemfile.rails-3.1.x

@@ -2,6 +2,16 @@ source 'http://rubygems.org'
 
 gem 'rails', '~> 3.1.0'
 gem 'jquery-rails'
+
+group :mongoid do
+  gem 'mongoid', '~> 2.4'
+  gem 'bson_ext', '~> 1.6.0'
+end
+
+group :active_record do
+  gem 'activerecord', '~> 3.1'
+end
+
 gem 'doorkeeper', :path => '../'
 
 gemspec :path => '../'

data/gemfiles/gemfile.rails-3.2.x

@@ -2,6 +2,16 @@ source 'http://rubygems.org'
 
 gem 'rails', '~> 3.2.0'
 gem 'jquery-rails'
+
+group :mongoid do
+  gem 'mongoid', '~> 2.4'
+  gem 'bson_ext', '~> 1.6.0'
+end
+
+group :active_record do
+  gem 'activerecord', '~> 3.1'
+end
+
 gem 'doorkeeper', :path => '../'
 
 gemspec :path => '../'

data/lib/doorkeeper.rb

@@ -16,6 +16,7 @@ module Doorkeeper
     autoload :ClientCredentialsRequest,   "doorkeeper/oauth/client_credentials_request"
     autoload :Authorization,              "doorkeeper/oauth/authorization"
     autoload :Client,                     "doorkeeper/oauth/client"
+    autoload :Token,                      "doorkeeper/oauth/token"
 
     module Helpers
       autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
@@ -25,13 +26,19 @@ module Doorkeeper
   end
 
   module Models
-    autoload :Expirable, "doorkeeper/models/expirable"
-    autoload :Revocable, "doorkeeper/models/revocable"
-    autoload :Scopes,    "doorkeeper/models/scopes"
+    autoload :Scopes,     'doorkeeper/models/scopes'
+    autoload :Expirable,  'doorkeeper/models/expirable'
+    autoload :Revocable,  'doorkeeper/models/revocable'
+    autoload :Accessible, 'doorkeeper/models/accessible'
   end
 
   module Helpers
     autoload :Filter, "doorkeeper/helpers/filter"
+    autoload :Controller, "doorkeeper/helpers/controller"
+  end
+
+  module Rails
+    autoload :Routes, "doorkeeper/rails/routes"
   end
 
   def self.configured?

data/lib/doorkeeper/config.rb

@@ -1,37 +1,30 @@
 module Doorkeeper
   def self.configure(&block)
     @config = Config::Builder.new(&block).build
+    enable_orm
+    setup_application_owner if @config.enable_application_owner?
   end
 
   def self.configuration
     @config
   end
 
-  class Config
-    class Builder
-      # Helper class to migrate scopes using authorization_scopes block
-      # It will be removed in v0.5.x
-      class ScopesMigrator
-        attr_accessor :default_scopes, :optional_scopes, :translations
-
-        def initialize
-          @default_scopes, @optional_scopes, @translations = [], [], {}
-        end
-
-        def scope(scope, options = {})
-          if options[:default]
-            @optional_scopes << scope
-          else
-            @default_scopes << scope
-          end
-          @translations[scope] = options[:description]
-        end
+  def self.enable_orm
+    require "doorkeeper/models/#{@config.orm}/access_grant"
+    require "doorkeeper/models/#{@config.orm}/access_token"
+    require "doorkeeper/models/#{@config.orm}/application"
+    require 'doorkeeper/models/access_grant'
+    require 'doorkeeper/models/access_token'
+    require 'doorkeeper/models/application'
+  end
 
-        def migrate(&block)
-          self.instance_eval(&block)
-        end
-      end
+  def self.setup_application_owner
+    require File.join(File.dirname(__FILE__), 'models', 'ownership')
+    Doorkeeper::Application.send :include, Doorkeeper::Models::Ownership
+  end
 
+  class Config
+    class Builder
       def initialize(&block)
         @config = Config.new
         instance_eval(&block)
@@ -41,6 +34,15 @@ module Doorkeeper
         @config
       end
 
+      def enable_application_owner(opts={})
+        @config.instance_variable_set("@enable_application_owner", true)
+        confirm_application_owner if opts[:confirmation].present? && opts[:confirmation]
+      end
+
+      def confirm_application_owner
+        @config.instance_variable_set("@confirm_application_owner", true)
+      end
+
       def default_scopes(*scopes)
         @config.instance_variable_set("@default_scopes", Doorkeeper::OAuth::Scopes.from_array(scopes))
       end
@@ -53,17 +55,12 @@ module Doorkeeper
         @config.instance_variable_set("@client_credentials", methods)
       end
 
-      def use_refresh_token
-        @config.instance_variable_set("@refresh_token_enabled", true)
+      def access_token_methods(*methods)
+        @config.instance_variable_set("@access_token_methods", methods)
       end
 
-      # DEPRECATED: use default/optional scopes
-      def authorization_scopes(&block)
-        migrator = ScopesMigrator.new
-        migrator.migrate(&block)
-        self.default_scopes *migrator.default_scopes
-        self.optional_scopes *migrator.optional_scopes
-        @config.instance_variable_set("@authorization_scopes", migrator)
+      def use_refresh_token
+        @config.instance_variable_set("@refresh_token_enabled", true)
       end
     end
 
@@ -102,6 +99,7 @@ module Doorkeeper
 
         Builder.instance_eval do
           define_method name do |*args, &block|
+            # TODO: is builder_class option being used?
             value = unless attribute_builder
               block ? block : args.first
             else
@@ -130,15 +128,36 @@ module Doorkeeper
 
     extend Option
 
-    option :resource_owner_authenticator, :as => :authenticate_resource_owner
-    option :admin_authenticator,          :as => :authenticate_admin
-    option :resource_owner_from_credentials
+    option :resource_owner_authenticator,
+           :as => :authenticate_resource_owner,
+           :default => lambda{|routes|
+             logger.warn(I18n.translate('doorkeeper.errors.messages.resource_owner_authenticator_not_configured'))
+             nil
+           }
+    option :admin_authenticator,
+           :as => :authenticate_admin,
+           :default => lambda{|routes| }
+    option :resource_owner_from_credentials,
+           :default => lambda{|routes|
+             logger.warn(I18n.translate('doorkeeper.errors.messages.credential_flow_not_configured'))
+             nil
+           }
     option :access_token_expires_in,      :default => 7200
+    option :authorization_code_expires_in,:default => 600
+    option :orm, :default => :active_record
 
     def refresh_token_enabled?
       !!@refresh_token_enabled
     end
 
+    def enable_application_owner?
+      !!@enable_application_owner
+    end
+
+    def confirm_application_owner?
+      !!@confirm_application_owner
+    end
+
     def default_scopes
       @default_scopes ||= Doorkeeper::OAuth::Scopes.new
     end
@@ -155,9 +174,8 @@ module Doorkeeper
       @client_credentials ||= [:from_basic, :from_params]
     end
 
-    # DEPRECATED: use default/optional scopes
-    def authorization_scopes
-      @authorization_scopes
+    def access_token_methods
+      @access_token_methods ||= [:from_bearer_authorization, :from_access_token_param, :from_bearer_param]
     end
   end
 end

data/lib/doorkeeper/doorkeeper_for.rb

@@ -11,6 +11,7 @@ module Doorkeeper
       end
     end
 
+    # TODO: move this to Token class
     def validate_token(token)
       return false unless token
       token.accessible? and validate_token_scopes(token)
@@ -33,6 +34,7 @@ module Doorkeeper
       @filter_options[:unless] = unless_block
     end
 
+    # TODO: move this to Token class
     def validate_token_scopes(token)
       return true if @scopes.blank?
       token.scopes.any? { |scope| @scopes.include? scope}

data/lib/doorkeeper/engine.rb

@@ -1,37 +1,8 @@
 module Doorkeeper
   class Engine < Rails::Engine
-    isolate_namespace Doorkeeper
-
-    config.generators do |g|
-      g.test_framework :rspec, :view_specs => false
-    end
-
-    initializer "doorkeeper.deprecations" do
-      if Doorkeeper.installed?
-        if Doorkeeper.configuration.authorization_scopes.present?
-          warning = <<-WARN
-[DOORKEEPER]
-  Configuration for `authorization_scopes` will no longer be supported. Use default_scopes/optional_scopes instead.
-  ATTENTION: The :description option could not be migrated because doorkeeper now uses localization files.
-  Place this in your config/locales/en.yml
-en:
-  doorkeeper:
-    scopes:
-WARN
-          puts warning
-          Doorkeeper.configuration.authorization_scopes.translations.each do |scope, translation|
-            puts "      #{scope}: #{translation}"
-          end
-        end
-
-        if Doorkeeper::AccessToken.columns_hash["resource_owner_id"].null == false
-          warn <<-WARN
-[DOORKEEPER]
-  In order to use the Client Credentials flow, you have to migrate the oauth_access_tokens table:
-  change_column :oauth_access_tokens, :resource_owner_id, :integer, :null => true
-WARN
-        end
-      end
+    initializer "doorkeeper.routes" do
+      Doorkeeper::Rails::Routes.warn_if_using_mount_method!
+      Doorkeeper::Rails::Routes.install!
     end
 
     initializer "doorkeeper.helpers" do

data/lib/doorkeeper/helpers/controller.rb

@@ -0,0 +1,29 @@
+module Doorkeeper
+  module Helpers
+    module Controller
+      def self.included(base)
+        base.send :private,
+                  :authenticate_resource_owner!,
+                  :authenticate_admin!,
+                  :current_resource_owner,
+                  :resource_owner_from_credentials
+      end
+
+      def authenticate_resource_owner!
+        current_resource_owner
+      end
+
+      def current_resource_owner
+        instance_eval &Doorkeeper.configuration.authenticate_resource_owner
+      end
+
+      def resource_owner_from_credentials
+        instance_eval &Doorkeeper.configuration.resource_owner_from_credentials
+      end
+
+      def authenticate_admin!
+        instance_eval &Doorkeeper.configuration.authenticate_admin
+      end
+    end
+  end
+end

data/lib/doorkeeper/helpers/filter.rb

@@ -7,6 +7,7 @@ module Doorkeeper
 
           before_filter doorkeeper_for.filter_options do
             return if doorkeeper_for.validate_token(doorkeeper_token)
+            # TODO: use ErrorRespose class for this
             render_options = doorkeeper_unauthorized_render_options
             if render_options.nil? || render_options.empty?
               head :unauthorized
@@ -21,27 +22,12 @@ module Doorkeeper
 
       def self.included(base)
         base.extend ClassMethods
-        base.send :private,
-                  :doorkeeper_token,
-                  :get_doorkeeper_token,
-                  :authorization_bearer_token,
-                  :doorkeeper_unauthorized_render_options
+        base.send :private, :doorkeeper_token, :doorkeeper_unauthorized_render_options
       end
 
       def doorkeeper_token
-        @token ||= get_doorkeeper_token
-      end
-
-      def get_doorkeeper_token
-        token = params[:access_token] || params[:bearer_token] || authorization_bearer_token
-        if token
-          AccessToken.find_by_token(token)
-        end
-      end
-
-      def authorization_bearer_token
-        header = request.env['HTTP_AUTHORIZATION']
-        header.gsub(/^Bearer /, '') if header && header.match(/^Bearer /)
+        methods = Doorkeeper.configuration.access_token_methods
+        @token ||= OAuth::Token.authenticate request, *methods
       end
 
       def doorkeeper_unauthorized_render_options