doorkeeper 0.4.2 → 0.5.0.rc1

data/{app/models/doorkeeper → lib/doorkeeper/models}/access_grant.rb

@@ -1,28 +1,28 @@
 module Doorkeeper
-  class AccessGrant < ActiveRecord::Base
+  class AccessGrant
     include Doorkeeper::OAuth::Helpers
     include Doorkeeper::Models::Expirable
     include Doorkeeper::Models::Revocable
+    include Doorkeeper::Models::Accessible
     include Doorkeeper::Models::Scopes
 
-    self.table_name = :oauth_access_grants
-
-    belongs_to :application
+    belongs_to :application, :class_name => "Doorkeeper::Application"
 
     attr_accessible :resource_owner_id, :application_id, :expires_in, :redirect_uri, :scopes
 
     validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, :presence => true
+    validates :token, :uniqueness => true
 
     before_validation :generate_token, :on => :create
 
-    def accessible?
-      !expired? && !revoked?
+    def self.authenticate(token)
+      where(:token => token).first
     end
 
     private
 
     def generate_token
-      self.token = UniqueToken.generate_for :token, self.class
+      self.token = UniqueToken.generate
     end
   end
 end

data/{app/models/doorkeeper → lib/doorkeeper/models}/access_token.rb

@@ -1,17 +1,16 @@
 module Doorkeeper
-  class AccessToken < ActiveRecord::Base
+  class AccessToken
     include Doorkeeper::OAuth::Helpers
     include Doorkeeper::Models::Expirable
     include Doorkeeper::Models::Revocable
+    include Doorkeeper::Models::Accessible
     include Doorkeeper::Models::Scopes
 
-    self.table_name = :oauth_access_tokens
-
-    belongs_to :application
-
-    scope :accessible, where(:revoked_at => nil)
+    belongs_to :application, :class_name => "Doorkeeper::Application"
 
     validates :application_id, :token, :presence => true
+    validates :token, :uniqueness => true
+    validates :refresh_token, :uniqueness => true, :if => :use_refresh_token?
 
     attr_accessor :use_refresh_token
     attr_accessible :application_id, :resource_owner_id, :expires_in, :scopes, :use_refresh_token
@@ -19,47 +18,51 @@ module Doorkeeper
     before_validation :generate_token, :on => :create
     before_validation :generate_refresh_token, :on => :create, :if => :use_refresh_token?
 
+    def self.authenticate(token)
+      where(:token => token).first
+    end
+
+    def self.by_refresh_token(refresh_token)
+      where(:refresh_token => refresh_token).first
+    end
+
     def self.revoke_all_for(application_id, resource_owner)
       where(:application_id => application_id,
               :resource_owner_id => resource_owner.id).delete_all
     end
 
     def self.matching_token_for(application, resource_owner_or_id, scopes)
-      token = last_authorized_token_for(application, resource_owner_or_id)
+      resource_owner_id = resource_owner_or_id.respond_to?(:to_key) ? resource_owner_or_id.id : resource_owner_or_id
+      token = last_authorized_token_for(application, resource_owner_id)
       token if token && ScopeChecker.matches?(token.scopes, scopes)
     end
 
-    def self.last_authorized_token_for(application, resource_owner_or_id)
-      resource_owner_id = resource_owner_or_id.kind_of?(ActiveRecord::Base) ? resource_owner_or_id.id : resource_owner_or_id
-      accessible.
-        where(:application_id => application.id,
-              :resource_owner_id => resource_owner_id).
-        order("created_at desc").
-        limit(1).
-        first
-    end
-    private_class_method :last_authorized_token_for
-
     def token_type
       "bearer"
     end
 
-    def accessible?
-      !expired? && !revoked?
-    end
-
     def use_refresh_token?
       self.use_refresh_token
     end
 
+    def as_json(options={})
+      {
+        :resource_owner_id => self.resource_owner_id,
+        :scopes => self.scopes,
+        :expires_in_seconds => self.expires_in_seconds,
+        :application => { :uid => self.application.uid }
+      }
+    end
+
     private
 
     def generate_refresh_token
-      self.refresh_token = UniqueToken.generate_for :refresh_token, self.class
+      write_attribute :refresh_token, UniqueToken.generate
     end
 
     def generate_token
-      self.token = UniqueToken.generate_for :token, self.class
+      self.token = UniqueToken.generate
     end
+
   end
 end

data/lib/doorkeeper/models/accessible.rb

@@ -0,0 +1,9 @@
+module Doorkeeper
+  module Models
+    module Accessible
+      def accessible?
+        !expired? && !revoked?
+      end
+    end
+  end
+end

data/lib/doorkeeper/models/active_record/access_grant.rb

@@ -0,0 +1,5 @@
+module Doorkeeper
+  class AccessGrant < ActiveRecord::Base
+    self.table_name = :oauth_access_grants
+  end
+end

data/lib/doorkeeper/models/active_record/access_token.rb

@@ -0,0 +1,15 @@
+module Doorkeeper
+  class AccessToken < ActiveRecord::Base
+    self.table_name = :oauth_access_tokens
+
+    def self.last_authorized_token_for(application, resource_owner_id)
+      where(:application_id => application.id,
+            :resource_owner_id => resource_owner_id,
+            :revoked_at => nil).
+      order('created_at desc').
+      limit(1).
+      first
+    end
+    private_class_method :last_authorized_token_for
+  end
+end

data/lib/doorkeeper/models/active_record/application.rb

@@ -0,0 +1,18 @@
+module Doorkeeper
+  class Application < ActiveRecord::Base
+    self.table_name = :oauth_applications
+
+    has_many :authorized_tokens, :class_name => "AccessToken", :conditions => { :revoked_at => nil }
+    has_many :authorized_applications, :through => :authorized_tokens, :source => :application
+
+    def self.column_names_with_table
+      self.column_names.map { |c| "oauth_applications.#{c}" }
+    end
+
+    def self.authorized_for(resource_owner)
+      joins(:authorized_applications).
+        where(:oauth_access_tokens => { :resource_owner_id => resource_owner.id, :revoked_at => nil }).
+        group(column_names_with_table.join(','))
+    end
+  end
+end

data/lib/doorkeeper/models/application.rb

@@ -0,0 +1,38 @@
+module Doorkeeper
+  class Application
+    include Doorkeeper::OAuth::Helpers
+
+    has_many :access_grants, :dependent => :destroy, :class_name => "Doorkeeper::AccessGrant"
+    has_many :access_tokens, :dependent => :destroy, :class_name => "Doorkeeper::AccessToken"
+
+    validates :name, :secret, :uid, :redirect_uri, :presence => true
+    validates :uid, :uniqueness => true
+    validates :redirect_uri, :redirect_uri => true
+
+    before_validation :generate_uid, :generate_secret, :on => :create
+
+    attr_accessible :name, :redirect_uri
+
+    def self.model_name
+      ActiveModel::Name.new(self, Doorkeeper, 'Application')
+    end
+
+    def self.authenticate(uid, secret)
+      self.where(:uid => uid, :secret => secret).first
+    end
+
+    def self.by_uid(uid)
+      self.where(:uid => uid).first
+    end
+
+    private
+
+    def generate_uid
+      self.uid = UniqueToken.generate
+    end
+
+    def generate_secret
+      self.secret = UniqueToken.generate
+    end
+  end
+end

data/lib/doorkeeper/models/expirable.rb

@@ -5,13 +5,15 @@ module Doorkeeper
         expires_in && Time.now > expired_time
       end
 
-      def time_left
-        expired? ? 0 : expired_time - Time.now
-      end
-
       def expired_time
         created_at + expires_in.seconds
       end
+
+      def expires_in_seconds
+        expires = (created_at + expires_in.seconds) - Time.now
+        expires_sec = expires.seconds.round(0)
+        expires_sec > 0 ? expires_sec : 0  
+      end
       private :expired_time
     end
   end

data/lib/doorkeeper/models/mongoid/access_grant.rb

@@ -0,0 +1,22 @@
+require 'doorkeeper/models/mongoid/revocable'
+require 'doorkeeper/models/mongoid/scopes'
+
+module Doorkeeper
+  class AccessGrant
+    include Mongoid::Document
+    include Mongoid::Timestamps
+    include Doorkeeper::Models::Mongoid::Revocable
+    include Doorkeeper::Models::Mongoid::Scopes
+
+    self.store_in :oauth_access_grants
+
+    field :resource_owner_id, :type => Hash
+    field :application_id, :type => Hash
+    field :token, :type => String
+    field :expires_in, :type => Integer
+    field :redirect_uri, :type => String
+    field :revoked_at, :type => DateTime
+
+    index :token, :unique => true
+  end
+end

data/lib/doorkeeper/models/mongoid/access_token.rb

@@ -0,0 +1,35 @@
+require 'doorkeeper/models/mongoid/revocable'
+require 'doorkeeper/models/mongoid/scopes'
+
+module Doorkeeper
+  class AccessToken
+    include Mongoid::Document
+    include Mongoid::Timestamps
+    include Doorkeeper::Models::Mongoid::Revocable
+    include Doorkeeper::Models::Mongoid::Scopes
+
+    self.store_in :oauth_access_tokens
+
+    field :resource_owner_id, :type => Integer
+    field :token, :type => String
+    field :expires_in, :type => Integer
+    field :revoked_at, :type => DateTime
+
+    index :token, :unique => true
+    index :refresh_token, :unique => true, :sparse => true
+
+    def self.last_authorized_token_for(application, resource_owner_id)
+      where(:application_id => application.id,
+            :resource_owner_id => resource_owner_id,
+            :revoked_at => nil).
+      order_by([:created_at, :desc]).
+      limit(1).
+      first
+    end
+    private_class_method :last_authorized_token_for
+
+    def refresh_token
+      self[:refresh_token]
+    end
+  end
+end

data/lib/doorkeeper/models/mongoid/application.rb

@@ -0,0 +1,22 @@
+module Doorkeeper
+  class Application
+    include Mongoid::Document
+    include Mongoid::Timestamps
+
+    self.store_in :oauth_applications
+
+    has_many :authorized_tokens, :class_name => "Doorkeeper::AccessToken"
+
+    field :name, :type => String
+    field :uid, :type => String
+    field :secret, :type => String
+    field :redirect_uri, :type => String
+
+    index :uid, :unique => true
+
+    def self.authorized_for(resource_owner)
+      ids = AccessToken.where(:resource_owner_id => resource_owner.id, :revoked_at => nil).map(&:application_id)
+      find(ids)
+    end
+  end
+end

data/lib/doorkeeper/models/mongoid/revocable.rb

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module Models
+    module Mongoid
+      module Revocable
+        def self.included(base)
+          base.class_eval do
+            def update_column(attr, val)
+              update_attribute attr, val
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/models/mongoid/scopes.rb

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module Models
+    module Mongoid
+      module Scopes
+        def self.included(base)
+          base.class_eval do
+            def scopes=(value)
+              write_attribute :scopes, value if value.present?
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/models/ownership.rb

@@ -0,0 +1,16 @@
+module Doorkeeper
+  module Models
+    module Ownership
+      def validate_owner?
+        Doorkeeper.configuration.confirm_application_owner?
+      end    
+  
+      def self.included(base)
+        base.class_eval do
+          belongs_to :owner, :polymorphic => true
+          validates :owner, :presence => true, :if => :validate_owner?      
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/models/revocable.rb

@@ -2,7 +2,7 @@ module Doorkeeper
   module Models
     module Revocable
       def revoke(clock = DateTime)
-        update_attribute :revoked_at, clock.now
+        update_column :revoked_at, clock.now
       end
 
       def revoked?

data/lib/doorkeeper/models/scopes.rb

@@ -1,12 +1,16 @@
 module Doorkeeper
   module Models
     module Scopes
-      def scopes
-        Doorkeeper::OAuth::Scopes.from_string(self[:scopes])
-      end
+      def self.included(base)
+        base.class_eval do
+          define_method :scopes do
+            Doorkeeper::OAuth::Scopes.from_string(self[:scopes])
+          end
 
-      def scopes_string
-        Doorkeeper::OAuth::Scopes.from_string(self[:scopes]).to_s
+          define_method :scopes_string do
+            Doorkeeper::OAuth::Scopes.from_string(self[:scopes]).to_s
+          end
+        end
       end
     end
   end

data/lib/doorkeeper/oauth/access_token_request.rb

@@ -81,11 +81,11 @@ module Doorkeeper::OAuth
     end
 
     def token_via_authorization_code
-      Doorkeeper::AccessGrant.find_by_token(code)
+      Doorkeeper::AccessGrant.authenticate(code)
     end
 
     def token_via_refresh_token
-      Doorkeeper::AccessToken.find_by_refresh_token(refresh_token)
+      Doorkeeper::AccessToken.by_refresh_token(refresh_token)
     end
 
     def create_access_token

data/lib/doorkeeper/oauth/authorization.rb

@@ -1,5 +1,6 @@
 module Doorkeeper
   module OAuth
+    # TODO: move this to doorkeeper.rb
     module Authorization
       autoload :Code,       "doorkeeper/oauth/authorization/code"
       autoload :Token,      "doorkeeper/oauth/authorization/token"

data/lib/doorkeeper/oauth/authorization/code.rb

@@ -4,8 +4,6 @@ module Doorkeeper
       class Code
         include URIBuilder
 
-        DEFAULT_EXPIRATION_TIME = 600
-
         attr_accessor :authorization, :grant
 
         def initialize(authorization)
@@ -16,7 +14,7 @@ module Doorkeeper
           @grant ||= AccessGrant.create!(
             :application_id    => authorization.client.id,
             :resource_owner_id => authorization.resource_owner.id,
-            :expires_in        => DEFAULT_EXPIRATION_TIME,
+            :expires_in        => configuration.authorization_code_expires_in,
             :redirect_uri      => authorization.redirect_uri,
             :scopes            => authorization.scopes.to_s
           )
@@ -28,6 +26,10 @@ module Doorkeeper
             :state => authorization.state
           })
         end
+
+        def configuration
+          Doorkeeper.configuration
+        end
       end
     end
   end