doorkeeper 0.5.0 → 0.6.0.rc1

data/app/views/doorkeeper/applications/edit.html.erb

@@ -2,11 +2,11 @@
   <header class="page-header"><h2>Edit application</h2></header>
 </div>
 
-<div class="span10">
+<div class="span12">
   <%= render 'form', :application => @application %>
 </div>
 
-<div class="span6">
+<div class="span4">
   <h3>Actions</h3>
   <p><%= link_to 'Back to application list', oauth_applications_path %></p>
 </div>

data/app/views/doorkeeper/applications/new.html.erb

@@ -2,11 +2,11 @@
   <header class="page-header"><h2>New application</h2></header>
 </div>
 
-<div class="span10">
+<div class="span12">
   <%= render 'form', :application => @application %>
 </div>
 
-<div class="span6">
+<div class="span4">
   <h3>Actions</h3>
   <p><%= link_to 'Back to application list', oauth_applications_path %></p>
 </div>

data/app/views/doorkeeper/applications/show.html.erb

@@ -6,13 +6,16 @@
 
 <div class="span10">
   <h4>Callback url:</h4>
-  <p><%= @application.redirect_uri %></p>
+  <p><code><%= @application.redirect_uri %></code></p>
 
   <h4>Application Id:</h4>
   <p><code><%= @application.uid %></code></p>
 
   <h4>Secret:</h4>
   <p><code><%= @application.secret %></code></p>
+
+  <h4>Link to authorization code:</h4>
+  <p><%= link_to 'Authorize', oauth_authorization_path(:client_id => @application.uid, :redirect_uri => @application.redirect_uri, :response_type => 'code' ) %></p>
 </div>
 
 <div class="span6">

data/app/views/doorkeeper/authorizations/error.html.erb

@@ -1,6 +1,6 @@
 <div class="span16">
   <h2>An error has occurred</h2>
   <p>
-    <pre><%= @error.description %></pre>
+    <pre><%= @pre_auth.error_response.body[:error_description] %></pre>
   </p>
 </div>

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -1,37 +1,37 @@
 <div class="span16">
-  <h2>Authorize <%= @authorization.client.name %> to use your account?</h2>
+  <h2>Authorize <%= @pre_auth.client.name %> to use your account?</h2>
 </div>
 
 <div class="span16">
-  <% if @authorization.scopes %>
+  <% if @pre_auth.scopes %>
   <p>
     This application will be able to:
   </p>
   <ul>
-    <% @authorization.scopes.each do |scope| %>
+    <% @pre_auth.scopes.each do |scope| %>
       <li><%= t scope, :scope => [:doorkeeper, :scopes]  %></li>
     <% end %>
   </ul>
   <% end %>
 
   <div class="inline_block">
-    <%= form_for @authorization, :as => :authorization, :url => oauth_authorization_path, :method => :post do |f| %>
-      <%= f.hidden_field :client_id %>
-      <%= f.hidden_field :redirect_uri %>
-      <%= f.hidden_field :state %>
-      <%= f.hidden_field :response_type %>
-      <%= f.hidden_field :scope %>
-      <%= f.submit "Authorize", :class => "btn success" %> or
+    <%= form_tag oauth_authorization_path, :method => :post do %>
+      <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+      <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+      <%= hidden_field_tag :state, @pre_auth.state %>
+      <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= submit_tag "Authorize", :class => "btn success" %> or
     <% end %>
   </div>
   <div class="inline_block">
-    <%= form_for @authorization, :as => :authorization, :url => oauth_authorization_path, :method => :delete do |f| %>
-      <%= f.hidden_field :client_id %>
-      <%= f.hidden_field :redirect_uri %>
-      <%= f.hidden_field :state %>
-      <%= f.hidden_field :response_type %>
-      <%= f.hidden_field :scope %>
-      <%= f.submit "Deny", :class => "btn" %>
+    <%= form_tag oauth_authorization_path, :method => :delete do %>
+      <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
+      <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
+      <%= hidden_field_tag :state, @pre_auth.state %>
+      <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :scope, @pre_auth.scope %>
+      <%= submit_tag "Deny", :class => "btn" %>
     <% end %>
   </div>
 </div>

data/app/views/doorkeeper/authorizations/show.html.erb

@@ -0,0 +1,4 @@
+<div class="span16">
+  <h3>Authorization code:</h3>
+  <code><%= params[:code] %></code>
+</div>

data/config/locales/en.yml

@@ -19,6 +19,16 @@ en:
               has_query_parameter: 'cannot contain a query parameter.'
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
+  mongo_mapper:
+    errors:
+      models:
+        application:
+          attributes:
+            redirect_uri:
+              fragment_present: 'cannot contain a fragment.'
+              has_query_parameter: 'cannot contain a query parameter.'
+              invalid_uri: 'must be a valid URI.'
+              relative_uri: 'must be an absolute URI.'
   doorkeeper:
     errors:
       messages:

data/doorkeeper.gemspec

@@ -18,11 +18,11 @@ Gem::Specification.new do |s|
   s.add_dependency "railties", "~> 3.1"
 
   s.add_development_dependency "sqlite3", "~> 1.3.5"
-  s.add_development_dependency "rspec-rails", "~> 2.11.0"
+  s.add_development_dependency "rspec-rails", "~> 2.11.4"
   s.add_development_dependency "capybara", "~> 1.1.2"
   s.add_development_dependency "generator_spec", "~> 0.8.5"
   s.add_development_dependency "factory_girl", "~> 2.6.4"
-  s.add_development_dependency "timecop", "~> 0.4.3"
-  s.add_development_dependency "database_cleaner", "~> 0.8"
+  s.add_development_dependency "timecop", "~> 0.5.2"
+  s.add_development_dependency "database_cleaner", "~> 0.9.1"
   s.add_development_dependency "bcrypt-ruby", "~> 3.0.1"
 end

data/lib/doorkeeper.rb

@@ -3,18 +3,27 @@ require "doorkeeper/engine"
 require "doorkeeper/config"
 require "doorkeeper/doorkeeper_for"
 
+require 'doorkeeper/errors'
+require 'doorkeeper/server'
+require 'doorkeeper/request'
+
 module Doorkeeper
   autoload :Validations, "doorkeeper/validations"
 
   module OAuth
     autoload :Scopes,                     "doorkeeper/oauth/scopes"
     autoload :Error,                      "doorkeeper/oauth/error"
+    autoload :CodeResponse,               "doorkeeper/oauth/code_response"
+    autoload :TokenResponse,              "doorkeeper/oauth/token_response"
     autoload :ErrorResponse,              "doorkeeper/oauth/error_response"
-    autoload :AuthorizationRequest,       "doorkeeper/oauth/authorization_request"
-    autoload :AccessTokenRequest,         "doorkeeper/oauth/access_token_request"
+    autoload :PreAuthorization,           "doorkeeper/oauth/pre_authorization"
+    autoload :AuthorizationCodeRequest,   "doorkeeper/oauth/authorization_code_request"
+    autoload :RefreshTokenRequest,        "doorkeeper/oauth/refresh_token_request"
     autoload :PasswordAccessTokenRequest, "doorkeeper/oauth/password_access_token_request"
     autoload :ClientCredentialsRequest,   "doorkeeper/oauth/client_credentials_request"
     autoload :Authorization,              "doorkeeper/oauth/authorization"
+    autoload :CodeRequest,                "doorkeeper/oauth/code_request"
+    autoload :TokenRequest,               "doorkeeper/oauth/token_request"
     autoload :Client,                     "doorkeeper/oauth/client"
     autoload :Token,                      "doorkeeper/oauth/token"
 

data/lib/doorkeeper/config.rb

@@ -139,12 +139,13 @@ module Doorkeeper
            :default => lambda{|routes| }
     option :resource_owner_from_credentials,
            :default => lambda{|routes|
-             logger.warn(I18n.translate('doorkeeper.errors.messages.credential_flow_not_configured'))
+             warn(I18n.translate('doorkeeper.errors.messages.credential_flow_not_configured'))
              nil
            }
     option :access_token_expires_in,      :default => 7200
     option :authorization_code_expires_in,:default => 600
     option :orm, :default => :active_record
+    option :test_redirect_uri, :default => 'urn:ietf:wg:oauth:2.0:oob'
 
     def refresh_token_enabled?
       !!@refresh_token_enabled
@@ -170,6 +171,10 @@ module Doorkeeper
       @scopes ||= default_scopes + optional_scopes
     end
 
+    def orm_name
+      [:mongoid2, :mongoid3].include?(orm) ? :mongoid : orm
+    end
+
     def client_credentials_methods
       @client_credentials ||= [:from_basic, :from_params]
     end

data/lib/doorkeeper/errors.rb

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module Errors
+    class DoorkeeperError < StandardError
+    end
+
+    class InvalidAuthorizationStrategy < DoorkeeperError
+    end
+
+    class InvalidTokenStrategy < DoorkeeperError
+    end
+
+    class MissingRequestStrategy < DoorkeeperError
+    end
+  end
+end

data/lib/doorkeeper/helpers/controller.rb

@@ -24,6 +24,30 @@ module Doorkeeper
       def authenticate_admin!
         instance_eval &Doorkeeper.configuration.authenticate_admin
       end
+
+      def server
+        @server ||= Server.new(self)
+      end
+
+      def get_error_response_from_exception(exception)
+        error_name = case exception
+        when Errors::InvalidTokenStrategy
+          :unsupported_grant_type
+        when Errors::InvalidAuthorizationStrategy
+          :unsupported_response_type
+        when Errors::MissingRequestStrategy
+          :invalid_request
+        end
+
+        OAuth::ErrorResponse.new :name => error_name, :state => params[:state]
+      end
+
+      def handle_token_exception(exception)
+        error = get_error_response_from_exception exception
+        self.headers.merge!  error.headers
+        self.response_body = error.body.to_json
+        self.status        = error.status
+      end
     end
   end
 end

data/lib/doorkeeper/models/access_grant.rb

@@ -6,7 +6,7 @@ module Doorkeeper
     include Doorkeeper::Models::Accessible
     include Doorkeeper::Models::Scopes
 
-    belongs_to :application, :class_name => "Doorkeeper::Application"
+    belongs_to :application, :class_name => "Doorkeeper::Application", :inverse_of => :access_grants
 
     attr_accessible :resource_owner_id, :application_id, :expires_in, :redirect_uri, :scopes
 

data/lib/doorkeeper/models/access_token.rb

@@ -6,7 +6,7 @@ module Doorkeeper
     include Doorkeeper::Models::Accessible
     include Doorkeeper::Models::Scopes
 
-    belongs_to :application, :class_name => "Doorkeeper::Application"
+    belongs_to :application, :class_name => "Doorkeeper::Application", :inverse_of => :access_tokens
 
     validates :application_id, :token, :presence => true
     validates :token, :uniqueness => true
@@ -27,8 +27,7 @@ module Doorkeeper
     end
 
     def self.revoke_all_for(application_id, resource_owner)
-      where(:application_id => application_id,
-              :resource_owner_id => resource_owner.id).delete_all
+      delete_all_for(application_id, resource_owner)
     end
 
     def self.matching_token_for(application, resource_owner_or_id, scopes)

data/lib/doorkeeper/models/active_record/access_token.rb

@@ -2,6 +2,12 @@ module Doorkeeper
   class AccessToken < ActiveRecord::Base
     self.table_name = :oauth_access_tokens
 
+    def self.delete_all_for(application_id, resource_owner)
+      where(:application_id => application_id,
+            :resource_owner_id => resource_owner.id).delete_all
+    end
+    private_class_method :delete_all_for
+
     def self.last_authorized_token_for(application, resource_owner_id)
       where(:application_id => application.id,
             :resource_owner_id => resource_owner_id,

data/lib/doorkeeper/models/mongo_mapper/access_grant.rb

@@ -0,0 +1,28 @@
+require 'doorkeeper/models/mongo_mapper/revocable'
+
+module Doorkeeper
+  class AccessGrant
+    include MongoMapper::Document
+    include Doorkeeper::Models::MongoMapper::Revocable
+    safe
+    timestamps!
+
+    set_collection_name "oauth_access_grants"
+
+    key :resource_owner_id, ObjectId
+    key :application_id,    ObjectId
+    key :token,             String
+    key :expires_in,        Integer
+    key :redirect_uri,      String
+    key :revoked_at,        DateTime
+    key :scopes,            String
+
+    def scopes=(value)
+      write_attribute :scopes, value if value.present?
+    end
+
+    def self.create_indexes
+      ensure_index :token, :unique => true
+    end
+  end
+end

data/lib/doorkeeper/models/mongo_mapper/access_token.rb

@@ -0,0 +1,51 @@
+require 'doorkeeper/models/mongo_mapper/revocable'
+
+module Doorkeeper
+  class AccessToken
+    include MongoMapper::Document
+    include Doorkeeper::Models::MongoMapper::Revocable
+    safe
+    timestamps!
+
+    set_collection_name "oauth_access_tokens"
+
+    key :resource_owner_id, ObjectId
+    key :token,             String
+    key :expires_in,        Integer
+    key :revoked_at,        DateTime
+    key :scopes,            String
+
+    def scopes=(value)
+      write_attribute :scopes, value if value.present?
+    end
+
+    def self.last
+      self.sort(:created_at).last
+    end
+
+    def self.delete_all_for(application_id, resource_owner)
+      delete_all(:application_id => application_id,
+                 :resource_owner_id => resource_owner.id)
+    end
+    private_class_method :delete_all_for
+
+    def self.last_authorized_token_for(application, resource_owner_id)
+      where(:application_id => application.id,
+            :resource_owner_id => resource_owner_id,
+            :revoked_at => nil).
+      sort(:created_at.desc).
+      limit(1).
+      first
+    end
+    private_class_method :last_authorized_token_for
+
+    def refresh_token
+      self[:refresh_token]
+    end
+
+    def self.create_indexes
+      ensure_index :token, :unique => true
+      ensure_index [[:refresh_token, 1]], :unique => true, :sparse => true
+    end
+  end
+end

data/lib/doorkeeper/models/mongo_mapper/application.rb

@@ -0,0 +1,30 @@
+module Doorkeeper
+  class Application
+    include MongoMapper::Document
+    safe
+    timestamps!
+
+    set_collection_name "oauth_applications"
+
+    many :authorized_tokens, :class_name => "Doorkeeper::AccessToken"
+
+    key :name,         String
+    key :uid,          String
+    key :secret,       String
+    key :redirect_uri, String
+    key :scopes,       String
+
+    def scopes=(value)
+      write_attribute :scopes, value if value.present?
+    end
+
+    def self.authorized_for(resource_owner)
+      ids = AccessToken.where(:resource_owner_id => resource_owner.id, :revoked_at => nil).map(&:application_id)
+      find(ids)
+    end
+
+    def self.create_indexes
+      ensure_index :uid, :unique => true
+    end
+  end
+end

data/lib/doorkeeper/models/mongo_mapper/revocable.rb

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module Models
+    module MongoMapper
+      module Revocable
+        def self.included(base)
+          base.class_eval do
+            def update_column(attr, val)
+              update_attribute attr, val
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/models/{mongoid → mongoid2}/access_grant.rb

@@ -10,7 +10,7 @@ module Doorkeeper
 
     self.store_in :oauth_access_grants
 
-    field :resource_owner_id, :type => Hash
+    field :resource_owner_id, :type => Integer
     field :application_id, :type => Hash
     field :token, :type => String
     field :expires_in, :type => Integer