RubyGems - doorkeeper - Versions diffs - 0.5.0 → 0.6.0.rc1 - Mend

doorkeeper 0.5.0 → 0.6.0.rc1

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (105) hide show

data/.travis.yml +15 -6
data/CHANGELOG.md +19 -1
data/Gemfile +23 -7
data/README.md +62 -27
data/app/controllers/doorkeeper/application_controller.rb +1 -1
data/app/controllers/doorkeeper/authorizations_controller.rb +45 -35
data/app/controllers/doorkeeper/token_info_controller.rb +10 -9
data/app/controllers/doorkeeper/tokens_controller.rb +13 -32
data/app/validators/redirect_uri_validator.rb +11 -0
data/app/views/doorkeeper/applications/_form.html.erb +6 -1
data/app/views/doorkeeper/applications/edit.html.erb +2 -2
data/app/views/doorkeeper/applications/new.html.erb +2 -2
data/app/views/doorkeeper/applications/show.html.erb +4 -1
data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
data/app/views/doorkeeper/authorizations/new.html.erb +17 -17
data/app/views/doorkeeper/authorizations/show.html.erb +4 -0
data/config/locales/en.yml +10 -0
data/doorkeeper.gemspec +3 -3
data/lib/doorkeeper.rb +11 -2
data/lib/doorkeeper/config.rb +6 -1
data/lib/doorkeeper/errors.rb +15 -0
data/lib/doorkeeper/helpers/controller.rb +24 -0
data/lib/doorkeeper/models/access_grant.rb +1 -1
data/lib/doorkeeper/models/access_token.rb +2 -3
data/lib/doorkeeper/models/active_record/access_token.rb +6 -0
data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +28 -0
data/lib/doorkeeper/models/mongo_mapper/access_token.rb +51 -0
data/lib/doorkeeper/models/mongo_mapper/application.rb +30 -0
data/lib/doorkeeper/models/mongo_mapper/revocable.rb +15 -0
data/lib/doorkeeper/models/{mongoid → mongoid2}/access_grant.rb +1 -1
data/lib/doorkeeper/models/{mongoid → mongoid2}/access_token.rb +6 -0
data/lib/doorkeeper/models/{mongoid → mongoid2}/application.rb +2 -2
data/lib/doorkeeper/models/mongoid3/access_grant.rb +22 -0
data/lib/doorkeeper/models/mongoid3/access_token.rb +41 -0
data/lib/doorkeeper/models/mongoid3/application.rb +22 -0
data/lib/doorkeeper/oauth/authorization/code.rb +9 -17
data/lib/doorkeeper/oauth/authorization/token.rb +8 -18
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +2 -0
data/lib/doorkeeper/oauth/authorization_code_request.rb +82 -0
data/lib/doorkeeper/oauth/client_credentials_request.rb +2 -4
data/lib/doorkeeper/oauth/code_request.rb +28 -0
data/lib/doorkeeper/oauth/code_response.rb +37 -0
data/lib/doorkeeper/oauth/error_response.rb +23 -9
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +4 -0
data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -65
data/lib/doorkeeper/oauth/pre_authorization.rb +62 -0
data/lib/doorkeeper/oauth/refresh_token_request.rb +58 -0
data/lib/doorkeeper/oauth/token_request.rb +28 -0
data/lib/doorkeeper/oauth/token_response.rb +29 -0
data/lib/doorkeeper/rails/routes.rb +4 -3
data/lib/doorkeeper/request.rb +33 -0
data/lib/doorkeeper/request/authorization_code.rb +23 -0
data/lib/doorkeeper/request/client_credentials.rb +23 -0
data/lib/doorkeeper/request/code.rb +24 -0
data/lib/doorkeeper/request/password.rb +23 -0
data/lib/doorkeeper/request/refresh_token.rb +23 -0
data/lib/doorkeeper/request/token.rb +24 -0
data/lib/doorkeeper/server.rb +54 -0
data/lib/doorkeeper/validations.rb +1 -0
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb +12 -0
data/lib/generators/doorkeeper/templates/README +15 -1
data/lib/generators/doorkeeper/templates/indexes.rb +3 -0
data/lib/generators/doorkeeper/templates/initializer.rb +8 -1
data/script/run_all +9 -9
data/spec/controllers/authorizations_controller_spec.rb +8 -19
data/spec/controllers/token_info_controller_spec.rb +9 -9
data/spec/controllers/tokens_controller_spec.rb +2 -1
data/spec/dummy/app/models/user.rb +11 -4
data/spec/dummy/config/application.rb +8 -1
data/spec/dummy/config/boot.rb +1 -1
data/spec/dummy/config/initializers/doorkeeper.rb +9 -1
data/spec/dummy/config/mongo.yml +11 -0
data/spec/dummy/config/{mongoid.yml → mongoid2.yml} +3 -1
data/spec/dummy/config/mongoid3.yml +18 -0
data/spec/generators/install_generator_spec.rb +1 -0
data/spec/lib/oauth/authorization_code_request_spec.rb +80 -0
data/spec/lib/oauth/client_credentials_request_spec.rb +1 -3
data/spec/lib/oauth/code_request_spec.rb +44 -0
data/spec/lib/oauth/error_response_spec.rb +7 -7
data/spec/lib/oauth/password_access_token_request_spec.rb +30 -143
data/spec/lib/oauth/pre_authorization_spec.rb +80 -0
data/spec/lib/oauth/refresh_token_request_spec.rb +56 -0
data/spec/lib/oauth/token_request_spec.rb +46 -0
data/spec/lib/oauth/{client_credentials/response_spec.rb → token_response_spec.rb} +13 -19
data/spec/lib/server_spec.rb +24 -0
data/spec/requests/endpoints/authorization_spec.rb +11 -27
data/spec/requests/endpoints/token_spec.rb +17 -0
data/spec/requests/flows/authorization_code_errors_spec.rb +0 -45
data/spec/requests/flows/authorization_code_spec.rb +12 -2
data/spec/requests/flows/client_credentials_spec.rb +1 -1
data/spec/requests/flows/password_spec.rb +1 -0
data/spec/requests/flows/refresh_token_spec.rb +6 -4
data/spec/spec_helper_integration.rb +4 -2
data/spec/support/orm/mongo_mapper.rb +26 -0
data/spec/support/orm/mongoid.rb +7 -2
data/spec/validators/redirect_uri_validator_spec.rb +11 -4
metadata +67 -42
data/gemfiles/gemfile.rails-3.1.x +0 -17
data/gemfiles/gemfile.rails-3.2.x +0 -17
data/lib/doorkeeper/oauth/access_token_request.rb +0 -139
data/lib/doorkeeper/oauth/authorization_request.rb +0 -114
data/lib/doorkeeper/oauth/client_credentials/response.rb +0 -42
data/spec/lib/oauth/access_token_request_spec.rb +0 -246
data/spec/lib/oauth/authorization_request_spec.rb +0 -287

data/lib/doorkeeper/request/password.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Request
+    class Password
+      def self.build(server)
+        new(server.client, server.resource_owner, server)
+      end
+      attr_accessor :client, :resource_owner, :server
+      def initialize(client, resource_owner, server)
+        @client, @resource_owner, @server = client, resource_owner, server
+      end
+      def request
+        @request ||= OAuth::PasswordAccessTokenRequest.new(Doorkeeper.configuration, client, resource_owner, server.parameters)
+      end
+      def authorize
+        request.authorize
+      end
+    end
+  end
+end

data/lib/doorkeeper/request/refresh_token.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Doorkeeper
+  module Request
+    class RefreshToken
+      def self.build(server)
+        new(server.current_refresh_token, server.client)
+      end
+      attr_accessor :refresh_token, :client
+      def initialize(refresh_token, client)
+        @refresh_token, @client = refresh_token, client
+      end
+      def request
+        @request ||= OAuth::RefreshTokenRequest.new(Doorkeeper.configuration, refresh_token, client)
+      end
+      def authorize
+        request.authorize
+      end
+    end
+  end
+end

data/lib/doorkeeper/request/token.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Doorkeeper
+  module Request
+    class Token
+      # TODO: this is so wrong!
+      def self.build(server)
+        new(server.context.send(:pre_auth), server)
+      end
+      attr_accessor :pre_auth, :server
+      def initialize(pre_auth, server)
+        @pre_auth, @server = pre_auth, server
+      end
+      def request
+        @request ||= OAuth::TokenRequest.new(pre_auth, server.current_resource_owner)
+      end
+      def authorize
+        request.authorize
+      end
+    end
+  end
+end

data/lib/doorkeeper/server.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module Doorkeeper
+  class Server
+    attr_accessor :context
+    def initialize(context = nil)
+      @context = context
+    end
+    def authorization_request(strategy)
+      klass = Request.authorization_strategy strategy
+      klass.build self
+    end
+    def token_request(strategy)
+      klass = Request.token_strategy strategy
+      klass.build self
+    end
+    # TODO: context should be the request
+    def parameters
+      context.request.parameters
+    end
+    def client
+      @client ||= OAuth::Client.authenticate(credentials)
+    end
+    def client_via_uid
+      @client_via_uid ||= OAuth::Client.find(parameters[:client_id])
+    end
+    def current_resource_owner
+      context.send :current_resource_owner
+    end
+    def current_refresh_token
+      Doorkeeper::AccessToken.by_refresh_token(parameters[:refresh_token])
+    end
+    def grant
+      Doorkeeper::AccessGrant.authenticate(parameters[:code])
+    end
+    # TODO: Use configuration and evaluate proper context on block
+    def resource_owner
+      context.send :resource_owner_from_credentials
+    end
+    def credentials
+      methods = Doorkeeper.configuration.client_credentials_methods
+      @credentials ||= OAuth::Client::Credentials.from_request(context.request, *methods)
+    end
+  end
+end

data/lib/doorkeeper/validations.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module Doorkeeper
     end
     def valid?
+      validate
       @error.nil?
     end

data/lib/doorkeeper/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = "0.5.0"
+  VERSION = "0.6.0.rc1"
 end

data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Doorkeeper
+  module MongoMapper
+    class IndexesGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('../../templates', __FILE__)
+      desc "Creates an indexes file for use with MongoMapper's rake db:index"
+      def install
+        template "indexes.rb", "db/indexes.rb"
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/templates/README CHANGED Viewed

@@ -17,12 +17,26 @@ And run
   rake db:migrate
-If you want to use Mongoid, configure the orm in initializers/doorkeeper.rb
+If you want to use Mongoid, configure the orm in initializers/doorkeeper.rb:
+# Mongoid
 Doorkeeper.configure do
   orm :mongoid
 end
+If you want to use MongoMapper, configure the orm in
+initializers/doorkeeper.rb:
+# MongoMapper
+Doorkeeper.configure do
+  orm :mongo_mapper
+end
+And run
+  rails generate doorkeeper:mongo_mapper:indexes
+  rake db:index
 Step 3.
 That's it, that's all. Enjoy!

data/lib/generators/doorkeeper/templates/indexes.rb ADDED Viewed

@@ -0,0 +1,3 @@
+Doorkeeper::Application.create_indexes
+Doorkeeper::AccessGrant.create_indexes
+Doorkeeper::AccessToken.create_indexes

data/lib/generators/doorkeeper/templates/initializer.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 Doorkeeper.configure do
   # Change the ORM that doorkeeper will use.
-  # Currently supported options are :active_record and :mongoid
+  # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
   orm :active_record
   # This block will be called to check whether the resource owner is authenticated or not.
@@ -54,4 +54,11 @@ Doorkeeper.configure do
   # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
   # Check out the wiki for mor information on customization
   # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+  # Change the test redirect uri for client apps
+  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+  #
+  # test_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
 end

data/script/run_all CHANGED Viewed

@@ -1,14 +1,14 @@
 #!/usr/bin/env bash
 set -e
-RBENV_VERSION=1.8.7-p352 bundle install --quiet
-RBENV_VERSION=1.8.7-p352 bundle exec rake
-RBENV_VERSION=1.8.7-p352 DOORKEEPER_ORM=mongoid bundle exec rake
+rails=3.2.8 orm=active_record bundle install --quiet
+rails=3.2.8 orm=active_record bundle exec rake
-RBENV_VERSION=1.9.2-p290 bundle install --quiet
-RBENV_VERSION=1.9.2-p290 bundle exec rake
-RBENV_VERSION=1.9.2-p290 DOORKEEPER_ORM=mongoid bundle exec rake
+rails=3.2.8 orm=mongoid2 bundle install --quiet
+rails=3.2.8 orm=mongoid2 bundle exec rake
-RBENV_VERSION=1.9.3-p0 bundle install --quiet
-RBENV_VERSION=1.9.3-p0 bundle exec rake
-RBENV_VERSION=1.9.3-p0 DOORKEEPER_ORM=mongoid bundle exec rake
+rails=3.2.8 orm=mongoid3 bundle install --quiet
+rails=3.2.8 orm=mongoid3 bundle exec rake
+rails=3.2.8 orm=mongo_mapper bundle install --quiet
+rails=3.2.8 orm=mongo_mapper bundle exec rake

data/spec/controllers/authorizations_controller_spec.rb CHANGED Viewed

@@ -101,31 +101,20 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
   describe "GET #new with errors" do
     before do
       default_scopes_exist :public
-      get :new, :client_id => client.uid, :response_type => "token", :scope => "invalid", :redirect_uri => client.redirect_uri
+      get :new, :an_invalid => 'request'
     end
-    it "redirects after authorization" do
-      response.should be_redirect
-    end
-    it "redirects to client redirect uri" do
-      response.location.should =~ %r[^#{client.redirect_uri}]
-    end
-    it "does not include access token in fragment" do
-      fragments("access_token").should be_nil
+    it "does not redirect" do
+      response.should_not be_redirect
     end
-    it "includes error in fragment" do
-      fragments("error").should == "invalid_scope"
+    it 'renders error template' do
+      response.should render_template(:error)
     end
-    it "includes error description in fragment" do
-      fragments("error_description").should == translated_error_message(:invalid_scope)
-    end
-    it "does not issue any access token" do
-      Doorkeeper::AccessToken.all.should be_empty
+    it 'does not issue any token' do
+      Doorkeeper::AccessGrant.count.should be 0
+      Doorkeeper::AccessToken.count.should be 0
     end
   end
 end

data/spec/controllers/token_info_controller_spec.rb CHANGED Viewed

@@ -1,13 +1,13 @@
 require 'spec_helper_integration'
 describe Doorkeeper::TokenInfoController do
   describe "when requesting tokeninfo with valid token" do
     let(:doorkeeper_token) { FactoryGirl.create(:access_token) }
     before(:each) do
-      controller.stub(:doorkeeper_token) { doorkeeper_token }
+      controller.stub(:doorkeeper_token) { doorkeeper_token }
     end
     def do_get
@@ -17,13 +17,13 @@ describe Doorkeeper::TokenInfoController do
     describe "successful request" do
       it "responds with tokeninfo" do
-        do_get
+        do_get
         response.body.should eq doorkeeper_token.to_json
       end
       it "responds with a 200 status" do
-        do_get
-        response.status.should eq 200
+        do_get
+        response.status.should eq 200
       end
     end
@@ -33,19 +33,19 @@ describe Doorkeeper::TokenInfoController do
       end
       it "responds with 401 when doorkeeper_token is not valid" do
         do_get
-        response.status.should eq 401
+        response.status.should eq 401
       end
       it "responds with 401 when doorkeeper_token is invalid, expired or revoked" do
         controller.stub(:doorkeeper_token => doorkeeper_token)
-        doorkeeper_token.stub(:accessible? => false)
+        doorkeeper_token.stub(:accessible? => false)
         do_get
-        response.status.should eq 401
+        response.status.should eq 401
       end
       it "responds body message for error" do
         do_get
-        response.body.should eq Doorkeeper::OAuth::ErrorResponse.new(:name => :invalid_request, :status => :unauthorized).attributes.to_json
+        response.body.should eq Doorkeeper::OAuth::ErrorResponse.new(:name => :invalid_request, :status => :unauthorized).body.to_json
       end
     end

data/spec/controllers/tokens_controller_spec.rb CHANGED Viewed

@@ -11,6 +11,7 @@ describe Doorkeeper::TokensController do
     end
     it "returns the authorization" do
+      pending 'verify need of these specs'
       token.should_receive(:authorization)
       post :create
     end
@@ -26,10 +27,10 @@ describe Doorkeeper::TokensController do
     end
     it "returns the error response" do
+      pending 'verify need of these specs'
       token.stub(:error_response => stub(:to_json => [], :status => :unauthorized))
       post :create
       response.status.should == 401
     end
   end
 end

data/spec/dummy/app/models/user.rb CHANGED Viewed

@@ -1,9 +1,8 @@
-if defined? ActiveRecord
+case DOORKEEPER_ORM
+when :active_record
   class User < ActiveRecord::Base
   end
-end
-if defined? Mongoid
+when :mongoid2, :mongoid3
   class User
     include Mongoid::Document
     include Mongoid::Timestamps
@@ -11,6 +10,14 @@ if defined? Mongoid
     field :name, :type => String
     field :password, :type => String
   end
+when :mongo_mapper
+  class User
+    include MongoMapper::Document
+    timestamps!
+    key :name,     String
+    key :password, String
+  end
 end
 class User

data/spec/dummy/config/application.rb CHANGED Viewed

@@ -6,7 +6,14 @@ require "sprockets/railtie"
 Bundler.require :default
-require "#{DOORKEEPER_ORM}/railtie"
+orm = if [:mongoid2, :mongoid3].include?(DOORKEEPER_ORM)
+  Mongoid.load!(File.join(File.dirname(File.expand_path(__FILE__)), "#{DOORKEEPER_ORM}.yml"))
+  :mongoid
+else
+  DOORKEEPER_ORM
+end
+require "#{orm}/railtie"
 module Dummy
   class Application < Rails::Application

data/spec/dummy/config/boot.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'rubygems'
 require 'bundler/setup'
-DOORKEEPER_ORM = (ENV['DOORKEEPER_ORM'] || :active_record).to_sym unless defined?(DOORKEEPER_ORM)
+DOORKEEPER_ORM = (ENV['orm'] || :active_record).to_sym unless defined?(DOORKEEPER_ORM)
 $:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/initializers/doorkeeper.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 Doorkeeper.configure do
   # Change the ORM that doorkeeper will use
-  # Currently supported => :active_record, :mongoid
+  # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
   orm DOORKEEPER_ORM
   # This block will be called to check whether the
@@ -51,4 +51,12 @@ Doorkeeper.configure do
   # fallsback to `:access_token` or `:bearer_token` from `params` object
   # Check out the wiki for mor information on customization
   # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+  # Change the test redirect uri for client apps
+  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+  #
+  # test_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
 end

data/spec/dummy/config/mongo.yml ADDED Viewed

@@ -0,0 +1,11 @@
+defaults: &defaults
+  host: 127.0.0.1
+  port: 27017
+development:
+  <<: *defaults
+  database: doorkeeper-mongomapper-development
+test:
+  <<: *defaults
+  database: doorkeeper-mongomapper-test-suite