doorkeeper 0.7.4 → 1.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2eb5da9c49a3a0600451b34d688aec2da2dbf1df
-  data.tar.gz: 9f9db27f7d5278e3c213818861ffcbbefdd10272
+  metadata.gz: 9c87a791f0146a97560be08975e4e0fd05b72e2d
+  data.tar.gz: 19030e24765e04a10ef4338dee46b6d9faf13620
 SHA512:
-  metadata.gz: 80d9b5f9faca1ee0b45a824d0938bbbf6f644062093e098297b263a9849b6c7447f5ab639839048345b19e046a76a23e2eeb8cc5c54d5700a4735104af47efb9
-  data.tar.gz: 852f0663b33a4fb1ace5ab88dbac330e1b7fcdc5ac28f59b5d6397dbe7562adf38ffc975680603f9f99057c7bb86ad76d3884dba0e71ed66a51fa56762e3c8d9
+  metadata.gz: 1a12c6bec0463233f4b7dd69dfc33f88b2a3b42e94fe9fb9bc542c94aadd51f2c39c29f73921616424493d68bc3100f6f937c032119438e72d9a083a4607c13b
+  data.tar.gz: 1b7ce3260177a092ed16e511750f751ec3f8f172cd372c0b31de46d65eaab2c04a5f7d9524c6344dd5ee73938275651d78181f8a0618fee5fb83cfbd99c9b90b

data/CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+## 1.0.0.rc1
+
+- bug (spec)
+  - [#228] token response `expires_in` value is now in seconds, relative to
+    request time
+  - [#296] client is optional for password grant type.
+  - [#319] If client credentials are present on password grant type they are validated
+  - [#326] If client credentials are present in refresh token they are validated
+  - [#326] If authenticated client does not match original client that
+    obtained a refresh token it responds `invalid_grant` instead of
+    `invalid_client`. Previous usage was invalid according to Section 5.2 of
+    the spec.
+  - [#329] access tokens' `scopes` string wa being compared against
+    `default_scopes` symbols, always unauthorizing.
+- enhancements
+  - [#293] Adds ActionController::Instrumentation in TokensController
+  - [#313] `AccessToken.revoke_all_for` actually revokes all non-revoked
+    tokens for an application/owner instead of deleting them.
+    [@bryanrite](https://github.com/bryanrite)
+- internals
+  - Removes jQuery dependency [fixes #300] [PR #312 is related]
+  - [#294] Client uid and secret will be generated only if not present.
+  - [#316] Test warnings addressed.
+
 ## 0.7.4
 
 - bug

data/Gemfile

@@ -4,8 +4,6 @@ ENV['orm']   ||= 'active_record'
 
 source 'https://rubygems.org'
 
-gem 'jquery-rails'
-
 # Define Rails version
 gem 'rails', ENV['rails']
 

data/README.md

@@ -98,7 +98,7 @@ You need to configure Doorkeeper in order to provide resource_owner model and au
 ``` ruby
 Doorkeeper.configure do
   resource_owner_authenticator do
-    User.find(session[:current_user_id]) || redirect_to(login_url)
+    User.find_by_id(session[:current_user_id]) || redirect_to(login_url)
   end
 end
 ```

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -1,6 +1,8 @@
 module Doorkeeper
   class TokensController < ActionController::Metal
     include Helpers::Controller
+    include ActionController::RackDelegation
+    include ActionController::Instrumentation
 
     def create
       response = strategy.authorize

data/app/views/doorkeeper/applications/_delete_form.html.erb

@@ -0,0 +1,16 @@
+<style>
+input[type=submit] {
+  padding: 0;
+  border: none;
+  box-shadow: none;
+  background: none;
+  color: #0069d6;
+}
+input[type=submit]:hover {
+  text-decoration: underline;
+}
+</style>
+<%= form_for [:oauth, application] do |f| %>
+  <input type="hidden" name="_method" value="delete">
+  <%= f.submit value: 'Remove', onclick: "return confirm('Are you sure?')" %>
+<% end %>

data/app/views/doorkeeper/applications/index.html.erb

@@ -1,3 +1,8 @@
+<style>
+input[type=submit] {
+  margin-top: 15px;
+}
+</style>
 <div class="span16">
   <header class="page-header">
     <h2>Your applications</h2>
@@ -20,10 +25,9 @@
           <td><%= link_to application.name, [:oauth, application] %></td>
           <td><%= application.redirect_uri %></td>
           <td><%= link_to 'Edit', edit_oauth_application_path(application) %></td>
-          <td><%= link_to 'Destroy', [:oauth, application], :data => { :confirm => 'Are you sure?' }, :method => :delete %></td>
+          <td><%= render 'delete_form', application: application %></td>
         </tr>
       <% end %>
     </tbody>
   </table>
-
 </div>

data/app/views/doorkeeper/applications/show.html.erb

@@ -22,5 +22,5 @@
   <h3>Actions</h3>
   <p><%= link_to 'List all', oauth_applications_path %></p>
   <p><%= link_to 'Edit', edit_oauth_application_path(@application) %></p>
-  <p><%= link_to 'Remove', [:oauth, @application], :method => :delete, :data => { :confirm => "Are you sure?" } %></p>
+  <p><%= render 'delete_form', application: @application %></p>
 </div>

data/app/views/doorkeeper/authorized_applications/index.html.erb

@@ -7,7 +7,7 @@
     <thead>
       <tr>
         <th>Application</th>
-        <th>Authorized at</th>
+        <th>Created At</th>
         <th></th>
         <th></th>
       </tr>

data/app/views/layouts/doorkeeper/application.html.erb

@@ -3,7 +3,6 @@
 <head>
   <title>Doorkeeper</title>
   <%= stylesheet_link_tag    "doorkeeper/application" %>
-  <%= javascript_include_tag "doorkeeper/application" %>
   <%= csrf_meta_tags %>
 </head>
 <body>

data/doorkeeper.gemspec

@@ -17,7 +17,6 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
 
   s.add_dependency "railties", ">= 3.1"
-  s.add_dependency "jquery-rails", ">= 2.0.2"
 
   s.add_development_dependency "sqlite3", "~> 1.3.5"
   s.add_development_dependency "rspec-rails", ">= 2.11.4"

data/lib/doorkeeper/doorkeeper_for.rb

@@ -23,7 +23,7 @@ module Doorkeeper
 
     private
     def scopes(scopes)
-      @scopes = scopes
+      @scopes = scopes.map(&:to_s)
     end
 
     def if(if_block)
@@ -37,7 +37,7 @@ module Doorkeeper
     # TODO: move this to Token class
     def validate_token_scopes(token)
       return true if @scopes.blank?
-      token.scopes.any? { |scope| @scopes.include? scope}
+      token.scopes.any? { |scope| @scopes.include? scope }
     end
   end
 

data/lib/doorkeeper/models/access_token.rb

@@ -8,7 +8,7 @@ module Doorkeeper
 
     belongs_to :application, :class_name => "Doorkeeper::Application", :inverse_of => :access_tokens
 
-    validates :application_id, :token, :presence => true
+    validates :token, :presence => true
     validates :token, :uniqueness => true
     validates :refresh_token, :uniqueness => true, :if => :use_refresh_token?
 
@@ -29,7 +29,10 @@ module Doorkeeper
     end
 
     def self.revoke_all_for(application_id, resource_owner)
-      delete_all_for(application_id, resource_owner)
+      where(:application_id => application_id,
+            :resource_owner_id => resource_owner.id,
+            :revoked_at => nil)
+      .map(&:revoke)
     end
 
     def self.matching_token_for(application, resource_owner_or_id, scopes)

data/lib/doorkeeper/models/application.rb

@@ -30,11 +30,11 @@ module Doorkeeper
     private
 
     def generate_uid
-      self.uid = UniqueToken.generate
+      self.uid ||= UniqueToken.generate
     end
 
     def generate_secret
-      self.secret = UniqueToken.generate
+      self.secret ||= UniqueToken.generate
     end
   end
 end

data/lib/doorkeeper/oauth/password_access_token_request.rb

@@ -7,13 +7,16 @@ module Doorkeeper::OAuth
     validate :resource_owner, :error => :invalid_resource_owner
     validate :scopes,         :error => :invalid_scope
 
-    attr_accessor :server, :resource_owner, :client, :access_token
+    attr_accessor :server, :resource_owner, :credentials, :access_token
+    attr_accessor :client
 
-    def initialize(server, client, resource_owner, parameters = {})
+    def initialize(server, credentials, resource_owner, parameters = {})
       @server          = server
       @resource_owner  = resource_owner
-      @client          = client
+      @credentials     = credentials
       @original_scopes = parameters[:scope]
+
+      @client = Doorkeeper::Application.authenticate(credentials.uid, credentials.secret) if credentials
     end
 
     def authorize
@@ -41,8 +44,10 @@ module Doorkeeper::OAuth
   private
 
     def issue_token
+      application_id = client.id if client
+
       @access_token = Doorkeeper::AccessToken.create!({
-        :application_id     => client.id,
+        :application_id     => application_id,
         :resource_owner_id  => resource_owner.id,
         :scopes             => scopes.to_s,
         :expires_in         => server.access_token_expires_in,
@@ -50,10 +55,6 @@ module Doorkeeper::OAuth
       })
     end
 
-    def validate_client
-      !!client
-    end
-
     def validate_scopes
       return true unless @original_scopes.present?
       ScopeChecker.valid?(@original_scopes, @server.scopes)
@@ -62,5 +63,9 @@ module Doorkeeper::OAuth
     def validate_resource_owner
       !!resource_owner
     end
+
+    def validate_client
+      !credentials || !!client
+    end
   end
 end

data/lib/doorkeeper/oauth/refresh_token_request.rb

@@ -2,26 +2,32 @@ module Doorkeeper
   module OAuth
     class RefreshTokenRequest
       include Doorkeeper::Validations
+      include Doorkeeper::OAuth::Helpers
 
-      validate :token,  :error => :invalid_request
-      validate :client, :error => :invalid_client
+      validate :token,        :error => :invalid_request
+      validate :client,       :error => :invalid_client
+      validate :client_match, :error => :invalid_grant
+      validate :scope,        :error => :invalid_scope
 
-      attr_accessor :server, :refresh_token, :client, :access_token
+      attr_accessor :server, :refresh_token, :credentials, :access_token
+      attr_accessor :client
 
-      # TODO: refresh token can receive scope as parameters
-      def initialize(server, refresh_token, client)
-        @server        = server
-        @refresh_token = refresh_token
-        @client        = client
+      def initialize(server, refresh_token, credentials, parameters = {})
+        @server           = server
+        @refresh_token    = refresh_token
+        @credentials      = credentials
+        @requested_scopes = parameters[:scopes]
+
+        @client = Doorkeeper::Application.authenticate(credentials.uid, credentials.secret) if credentials
       end
 
       def authorize
         validate
         @response = if valid?
           revoke_and_create_access_token
-          OAuth::TokenResponse.new access_token
+          TokenResponse.new access_token
         else
-          OAuth::ErrorResponse.from_request(self)
+          ErrorResponse.from_request self
         end
       end
 
@@ -29,6 +35,14 @@ module Doorkeeper
         self.error.nil?
       end
 
+      def scopes
+        @scopes ||= if @requested_scopes.present?
+          Scopes.from_string @requested_scopes
+        else
+          refresh_token.scopes
+        end
+      end
+
     private
 
       def revoke_and_create_access_token
@@ -40,7 +54,7 @@ module Doorkeeper
         @access_token = Doorkeeper::AccessToken.create!({
           :application_id    => refresh_token.application_id,
           :resource_owner_id => refresh_token.resource_owner_id,
-          :scopes            => refresh_token.scopes_string,
+          :scopes            => scopes.to_s,
           :expires_in        => server.access_token_expires_in,
           :use_refresh_token => true
         })
@@ -51,7 +65,19 @@ module Doorkeeper
       end
 
       def validate_client
-        client.present? && refresh_token.application_id == client.id
+        (!credentials || !!client)
+      end
+
+      def validate_client_match
+        !client || refresh_token.application_id == client.id
+      end
+
+      def validate_scope
+        if @requested_scopes.present?
+          ScopeChecker.valid?(@requested_scopes, refresh_token.scopes)
+        else
+          true
+        end
       end
     end
   end

data/lib/doorkeeper/oauth/token_response.rb

@@ -11,7 +11,7 @@ module Doorkeeper
         {
           'access_token'  => token.token,
           'token_type'    => token.token_type,
-          'expires_in'    => token.expires_in,
+          'expires_in'    => token.expires_in_seconds,
           'refresh_token' => token.refresh_token,
           'scope'         => token.scopes_string
         }.reject { |_, value| value.blank? }

data/lib/doorkeeper/request/password.rb

@@ -2,17 +2,17 @@ module Doorkeeper
   module Request
     class Password
       def self.build(server)
-        new(server.client, server.resource_owner, server)
+        new(server.credentials, server.resource_owner, server)
       end
 
-      attr_accessor :client, :resource_owner, :server
+      attr_accessor :credentials, :resource_owner, :server
 
-      def initialize(client, resource_owner, server)
-        @client, @resource_owner, @server = client, resource_owner, server
+      def initialize(credentials, resource_owner, server)
+        @credentials, @resource_owner, @server = credentials, resource_owner, server
       end
 
       def request
-        @request ||= OAuth::PasswordAccessTokenRequest.new(Doorkeeper.configuration, client, resource_owner, server.parameters)
+        @request ||= OAuth::PasswordAccessTokenRequest.new(Doorkeeper.configuration, credentials, resource_owner, server.parameters)
       end
 
       def authorize

data/lib/doorkeeper/request/refresh_token.rb

@@ -2,17 +2,17 @@ module Doorkeeper
   module Request
     class RefreshToken
       def self.build(server)
-        new(server.current_refresh_token, server.client)
+        new(server.current_refresh_token, server.credentials, server)
       end
 
-      attr_accessor :refresh_token, :client
+      attr_accessor :refresh_token, :credentials, :server
 
-      def initialize(refresh_token, client)
-        @refresh_token, @client = refresh_token, client
+      def initialize(refresh_token, credentials, server)
+        @refresh_token, @credentials, @server = refresh_token, credentials, server
       end
 
       def request
-        @request ||= OAuth::RefreshTokenRequest.new(Doorkeeper.configuration, refresh_token, client)
+        @request ||= OAuth::RefreshTokenRequest.new(Doorkeeper.configuration, refresh_token, credentials, server.parameters)
       end
 
       def authorize

data/lib/doorkeeper/version.rb

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '0.7.4'
+  VERSION = '1.0.0.rc1'
 end

data/lib/generators/doorkeeper/templates/migration.rb

@@ -25,7 +25,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
 
     create_table :oauth_access_tokens do |t|
       t.integer  :resource_owner_id
-      t.integer  :application_id,    :null => false
+      t.integer  :application_id
       t.string   :token,             :null => false
       t.string   :refresh_token
       t.integer  :expires_in

data/spec/controllers/applications_controller_spec.rb

@@ -37,6 +37,15 @@ module Doorkeeper
         expect(response).to be_redirect
       end
 
+      it "does not allow mass assignment of uid or secret" do
+        application = FactoryGirl.create(:application)
+        put :update, id: application.id, application: {
+          uid: '1A2B3C4D',
+          secret: '1A2B3C4D' }
+
+        application.reload.uid.should_not eq '1A2B3C4D'
+      end
+
       it "updates application" do
         application = FactoryGirl.create(:application)
         put :update, id: application.id, application: {

data/spec/controllers/protected_resources_controller_spec.rb

@@ -167,14 +167,14 @@ describe "Doorkeeper_for helper" do
     let(:token_string) { "1A2DUWE" }
 
     it "allows if the token has particular scopes" do
-      token = double(Doorkeeper::AccessToken, :accessible? => true, :scopes => [:write, :public])
+      token = double(Doorkeeper::AccessToken, :accessible? => true, :scopes => ['write', 'public'])
       Doorkeeper::AccessToken.should_receive(:authenticate).with(token_string).and_return(token)
       get :index, :access_token => token_string
       expect(response).to be_success
     end
 
     it "does not allow if the token does not include given scope" do
-      token = double(Doorkeeper::AccessToken, :accessible? => true, :scopes => [:public])
+      token = double(Doorkeeper::AccessToken, :accessible? => true, :scopes => ['public'])
       Doorkeeper::AccessToken.should_receive(:authenticate).with(token_string).and_return(token)
       get :index, :access_token => token_string
       expect(response.status).to eq 401