doorkeeper 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5932eba602c89d1c69d2255da6feb6c617fe969c
-  data.tar.gz: bc86b1d997b36876f7f3adb05f6043b069c79528
+  metadata.gz: 923df84b3da199e68a3cce57633ad6b0e1257aab
+  data.tar.gz: 16f3055a34246abe9db2b2110e1c9ca0c00a5f60
 SHA512:
-  metadata.gz: 5e2cd77f86d3c8ca56317b562502f186e54633c6decc945fd50e52ca7ad34133f52190129db1171d59e014d878abb1390ae2082d0fb3438a18315a3c09d734b1
-  data.tar.gz: 6c484a19b386a02d24ffebbc62ad80d6c9e7cda67d94baa49afe25fd010a51eec4d4c8bfe0ef59f8fa95265ca66b6e7fbb337260f7473170d4502cbc3c96ee49
+  metadata.gz: 2e69a18ef913b226db002e6bf5b7f850dd49a6fe8db9c78b74862e6b726b2ccdc79e03e03b303e38306244589540716540464b9d1b5240f4f9a9b14484202473
+  data.tar.gz: 4dbd9358b6d3ecf463947ff299000e5ed43b71f8bb7d624c370f34b32a627abea2ac17c412df679b3a3218dd570ee05981a8cdb1dce6488feb9a9f40e0758a5c

data/.travis.yml

@@ -3,8 +3,8 @@ before_install:
   - gem install bundler -v '= 1.5.1'
 rvm:
   - 1.9.3
-  - 2.0.0
-  - 2.1.0
+  - 2.0
+  - 2.1
 env:
   - rails=3.1.8
   - rails=3.2.8

data/CHANGELOG.md

@@ -1,6 +1,18 @@
 # Changelog
 
-## 1.1.0 (not yet released)
+## 1.2.0
+
+- enhancements
+  - [#376] Allow users to enable basic header authorization for access tokens.
+  - [#374] Token revocation implementation [RFC 7009]
+  - [#295] Only enable specific grant flows.
+- internals
+  - [#381] Locale source fix.
+  - [#380] Renames `errors_for` to `doorkeeper_errors_for`.
+  - [#390] Style adjustments in accordance with Ruby Style Guide form
+    Thoughtbot.
+
+## 1.1.0
 
 - enhancements
   - [#336] mongoid4 support.
@@ -47,7 +59,7 @@
   - [#204] Allow to overwrite scope in routes
 - internals
   - Returns only present keys in Token Response (may imply a backwards
-    incompatible change). https://github.com/applicake/doorkeeper/issues/220
+    incompatible change). https://github.com/doorkeeper-gem/doorkeeper/issues/220
 - bug
   - [#290] Support for Rails 4 when 'protected_attributes' gem is present.
 

data/README.md

@@ -1,6 +1,6 @@
 # Doorkeeper - awesome oauth provider for your Rails app.
 
-[![Build Status](https://travis-ci.org/applicake/doorkeeper.png?branch=master)](https://travis-ci.org/applicake/doorkeeper)
+[![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.png?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
 [![Dependency Status](https://gemnasium.com/applicake/doorkeeper.png?travis)](https://gemnasium.com/applicake/doorkeeper)
 [![Code Climate](https://codeclimate.com/github/applicake/doorkeeper.png)](https://codeclimate.com/github/applicake/doorkeeper)
 [![Gem Version](https://badge.fury.io/rb/doorkeeper.png)](https://rubygems.org/gems/doorkeeper)
@@ -38,14 +38,14 @@ Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionali
 
 ## Useful links
 
-- For documentation, please check out our [wiki](https://github.com/applicake/doorkeeper/wiki)
+- For documentation, please check out our [wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
 - For general questions, please post it in [stack overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
 
 ## Requirements
 
 - Ruby >1.9.3
 - Rails >3.1
-- ORM ActiveRecord, Mongoid 2, Mongoid 3, MongoMapper
+- ORM ActiveRecord, Mongoid, MongoMapper
 
 ## Installation
 
@@ -65,7 +65,8 @@ This will install the doorkeeper initializer into `config/initializers/doorkeepe
 
 ### Active Record
 
-By default doorkeeper is configured to use active record, so to start you have to generate the migration tables:
+By default doorkeeper is configured to use active record, so to start you have
+to generate the migration tables:
 
     rails generate doorkeeper:migration
 
@@ -75,7 +76,8 @@ Don't forget to run the migration with:
 
 ### Mongoid / MongoMapper
 
-Doorkeeper currently supports MongoMapper, Mongoid 2 and 3. To start using it, you have to set the `orm` configuration:
+Doorkeeper currently supports MongoMapper, Mongoid 2 and 3. To start using it,
+you have to set the `orm` configuration:
 
 ``` ruby
 Doorkeeper.configure do
@@ -85,7 +87,9 @@ end
 
 #### Mongoid indexes
 
-Make sure you create indexes for doorkeeper models. You can do this either by running `rake db:mongoid:create_indexes` or (if you're using Mongoid 2) by adding `autocreate_indexes: true` to your `config/mongoid.yml`
+Make sure you create indexes for doorkeeper models. You can do this either by
+running `rake db:mongoid:create_indexes` or (if you're using Mongoid 2) by
+adding `autocreate_indexes: true` to your `config/mongoid.yml`
 
 #### MongoMapper indexes
 
@@ -96,7 +100,8 @@ Generate the `db/indexes.rb` file and create indexes for the doorkeeper models:
 
 ### Routes
 
-The installation script will also automatically add the Doorkeeper routes into your app, like this:
+The installation script will also automatically add the Doorkeeper routes into
+your app, like this:
 
 ``` ruby
 Rails.application.routes.draw do
@@ -111,16 +116,19 @@ This will mount following routes:
     POST      /oauth/authorize
     DELETE    /oauth/authorize
     POST      /oauth/token
+    POST      /oauth/revoke
     resources /oauth/applications
     GET       /oauth/authorized_applications
     DELETE    /oauth/authorized_applications/:id
     GET       /oauth/token/info
 
-For more information on how to customize routes, check out [this page on the wiki](https://github.com/applicake/doorkeeper/wiki/Customizing-routes).
+For more information on how to customize routes, check out [this page on the
+wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
 
 ### Authenticating
 
-You need to configure Doorkeeper in order to provide resource_owner model and authentication block `initializers/doorkeeper.rb`
+You need to configure Doorkeeper in order to provide `resource_owner` model
+and authentication block `initializers/doorkeeper.rb`
 
 ``` ruby
 Doorkeeper.configure do
@@ -130,11 +138,13 @@ Doorkeeper.configure do
 end
 ```
 
-This code is run in the context of your application so you have access to your models, session or routes helpers. However,
-since this code is not run in the context of your application's ApplicationController it doesn't have access
-to the methods defined over there.
+This code is run in the context of your application so you have access to your
+models, session or routes helpers. However, since this code is not run in the
+context of your application's `ApplicationController` it doesn't have access to
+the methods defined over there.
 
-If you use [devise](https://github.com/plataformatec/devise), you may want to use warden to authenticate the block:
+If you use [devise](https://github.com/plataformatec/devise), you may want to
+use warden to authenticate the block:
 
 ``` ruby
 resource_owner_authenticator do
@@ -142,29 +152,36 @@ resource_owner_authenticator do
 end
 ```
 
-Side note: when using devise you have access to current_user as devise extends entire ActionController::Base with the current_#{mapping}.
+Side note: when using devise you have access to `current_user` as devise extends
+entire `ActionController::Base` with the `current_#{mapping}`.
 
-If you are not using devise, you may want to check other ways of authentication [here](https://github.com/applicake/doorkeeper/wiki/Authenticating-using-Clearance-or-DIY).
+If you are not using devise, you may want to check other ways of
+authentication
+[here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Authenticating-using-Clearance-or-DIY).
 
 ## Protecting resources with OAuth (a.k.a your API endpoint)
 
-To protect your API with OAuth, doorkeeper only requires you to call `doorkeeper_for` helper, specifying the actions you want to protect.
+To protect your API with OAuth, doorkeeper only requires you to call
+`doorkeeper_for` helper, specifying the actions you want to protect.
 
-For example, if you have a products controller under api/v1, you can require the OAuth authentication with:
+For example, if you have a products controller under api/v1, you can require
+the OAuth authentication with:
 
 ``` ruby
 class Api::V1::ProductsController < Api::V1::ApiController
-  doorkeeper_for :all                     # Require access token for all actions
-  doorkeeper_for :all, :except => :index  # All actions except index
-  doorkeeper_for :index, :show            # Only for index and show action
+  doorkeeper_for :all                 # Require access token for all actions
+  doorkeeper_for :all, except: :index # All actions except index
+  doorkeeper_for :index, :show        # Only for index and show action
 
   # your actions
 end
 ```
 
-You don't need to setup any before filter, `doorkeeper_for` will handle that for you.
+You don't need to setup any before filter, `doorkeeper_for` will handle that
+for you.
 
-You can pass `if` or `unless` blocks that would specify when doorkeeper has to guard the access.
+You can pass `if` or `unless` blocks that would specify when doorkeeper has to
+guard the access.
 
 ``` ruby
 class Api::V1::ProductsController < Api::V1::ApiController
@@ -174,7 +191,8 @@ end
 
 ### ActionController::Metal integration and other integrations
 
-The `doorkeeper_for` filter is intended to work with ActionController::Metal too. You only need to include the required `ActionController` modules:
+The `doorkeeper_for` filter is intended to work with ActionController::Metal
+too. You only need to include the required `ActionController` modules:
 
 ```ruby
 class MetalController < ActionController::Metal
@@ -186,11 +204,14 @@ class MetalController < ActionController::Metal
 end
 ```
 
-For more information about integration and other integrations, check out [the related wiki page](https://github.com/applicake/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
+For more information about integration and other integrations, check out [the
+related wiki
+page](https://github.com/doorkeeper-gem/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
 
 ### Access Token Scopes
 
-You can also require the access token to have specific scopes in certain actions:
+You can also require the access token to have specific scopes in certain
+actions:
 
 First configure the scopes in `initializers/doorkeeper.rb`
 
@@ -210,11 +231,15 @@ class Api::V1::ProductsController < Api::V1::ApiController
 end
 ```
 
-For a more detailed explanation about scopes usage, check out the related [page in the wiki](https://github.com/applicake/doorkeeper/wiki/Using-Scopes).
+For a more detailed explanation about scopes usage, check out the related
+[page in the
+wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes).
 
 ### Authenticated resource owner
 
-If you want to return data based on the current resource owner, in other words, the access token owner, you may want to define a method in your controller that returns the resource owner instance:
+If you want to return data based on the current resource owner, in other
+words, the access token owner, you may want to define a method in your
+controller that returns the resource owner instance:
 
 ``` ruby
 class Api::V1::CredentialsController < Api::V1::ApiController
@@ -235,11 +260,13 @@ class Api::V1::CredentialsController < Api::V1::ApiController
 end
 ```
 
-In this example, we're returning the credentials (`me.json`) of the access token owner.
+In this example, we're returning the credentials (`me.json`) of the access
+token owner.
 
 ### Applications list
 
-By default, the applications list (`/oauth/applications`) is public available. To protect the endpoint you should uncomment these lines:
+By default, the applications list (`/oauth/applications`) is public available.
+To protect the endpoint you should uncomment these lines:
 
 ```ruby
 # config/initializers/doorkeeper.rb
@@ -250,16 +277,23 @@ Doorkeeper.configure do
 end
 ```
 
-The logic is the same as the `resource_owner_authenticator` block. **Note:** since the application list is just a scaffold, it's recommended to either customize the controller used by the list or skip the controller at all. For more information see the page [in the wiki](https://github.com/applicake/doorkeeper/wiki/Customizing-routes).
+The logic is the same as the `resource_owner_authenticator` block. **Note:**
+since the application list is just a scaffold, it's recommended to either
+customize the controller used by the list or skip the controller at all. For
+more information see the page [in the
+wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
 
 ## Other customizations
 
-- [Associate users to OAuth applications (ownership)](https://github.com/applicake/doorkeeper/wiki/Associate-users-to-OAuth-applications-%28ownership%29)
-- [CORS - Cross Origin Resource Sharing](https://github.com/applicake/doorkeeper/wiki/%5BCORS%5D-Cross-Origin-Resource-Sharing)
+- [Associate users to OAuth applications (ownership)](https://github.com/doorkeeper-gem/doorkeeper/wiki/Associate-users-to-OAuth-applications-%28ownership%29)
+- [CORS - Cross Origin Resource Sharing](https://github.com/doorkeeper-gem/doorkeeper/wiki/%5BCORS%5D-Cross-Origin-Resource-Sharing)
 
 ## Upgrading
 
-If you want to upgrade doorkeeper to a new version, check out the [upgrading notes](https://github.com/applicake/doorkeeper/wiki/Migration-from-old-versions) and take a look at the [changelog](https://github.com/applicake/doorkeeper/blob/master/CHANGELOG.md).
+If you want to upgrade doorkeeper to a new version, check out the [upgrading
+notes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
+and take a look at the
+[changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md).
 
 ## Development
 
@@ -270,7 +304,8 @@ rails=3.2.8 orm=active_record bundle install
 rails=3.2.8 orm=active_record bundle exec rails server
 ````
 
-By default, it uses the latest Rails version with ActiveRecord. To run the tests:
+By default, it uses the latest Rails version with ActiveRecord. To run the
+tests:
 
 ```
 rails=3.2.8 orm=active_record bundle exec rake
@@ -280,32 +315,48 @@ Or you might prefer to run `script/run_all` to integrate against all ORMs.
 
 ## Contributing
 
-Want to contribute and don't know where to start? Check out [features we're missing](https://github.com/applicake/doorkeeper/wiki/Supported-Features), create [example apps](https://github.com/applicake/doorkeeper/wiki/Example-Applications), integrate the gem with your app and let us know!
+Want to contribute and don't know where to start? Check out [features we're
+missing](https://github.com/doorkeeper-gem/doorkeeper/wiki/Supported-Features),
+create [example
+apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
+integrate the gem with your app and let us know!
 
-Also, check out our [contributing guidelines page](https://github.com/applicake/doorkeeper/wiki/Contributing).
+Also, check out our [contributing guidelines
+page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
 
 ## Other resources
 
 ### Wiki
 
-You can find everything about doorkeeper in our [wiki here](https://github.com/applicake/doorkeeper/wiki).
+You can find everything about doorkeeper in our [wiki
+here](https://github.com/doorkeeper-gem/doorkeeper/wiki).
 
 ### Live demo
 
-Check out this [live demo](http://doorkeeper-provider.herokuapp.com) hosted on heroku. For more demos check out [the wiki](https://github.com/applicake/doorkeeper/wiki/Example-Applications).
+Check out this [live demo](http://doorkeeper-provider.herokuapp.com) hosted on
+heroku. For more demos check out [the
+wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications).
 
 ### Screencast
 
-Check out this screencast from [railscasts.com](http://railscasts.com/): [#353 OAuth with Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
+Check out this screencast from [railscasts.com](http://railscasts.com/): [#353
+OAuth with
+Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
 
 ### Client applications
 
-After you set up the provider, you may want to create a client application to test the integration. Check out these [client examples](https://github.com/applicake/doorkeeper/wiki/Example-Applications) in our wiki or follow this [tutorial here](https://github.com/applicake/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
+After you set up the provider, you may want to create a client application to
+test the integration. Check out these [client
+examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications)
+in our wiki or follow this [tutorial
+here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
 
 ### Contributors
 
-Thanks to all our [awesome contributors](https://github.com/applicake/doorkeeper/contributors)!
+Thanks to all our [awesome
+contributors](https://github.com/doorkeeper-gem/doorkeeper/contributors)!
 
 ### License
 
-MIT License. Copyright 2011 Applicake. [http://applicake.com](http://applicake.com)
+MIT License. Copyright 2011 Applicake.
+[http://applicake.com](http://applicake.com)

data/app/controllers/doorkeeper/application_controller.rb

@@ -2,6 +2,6 @@ module Doorkeeper
   class ApplicationController < ActionController::Base
     include Helpers::Controller
 
-    helper "doorkeeper/form_errors"
+    helper 'doorkeeper/form_errors'
   end
 end

data/app/controllers/doorkeeper/applications_controller.rb

@@ -4,7 +4,7 @@ module Doorkeeper
     respond_to :html
 
     before_filter :authenticate_admin!
-    before_filter :set_application, :only => [:show, :edit, :update, :destroy]
+    before_filter :set_application, only: [:show, :edit, :update, :destroy]
 
     def index
       @applications = Application.all
@@ -17,7 +17,7 @@ module Doorkeeper
     def create
       @application = Application.new(application_params)
       if @application.save
-        flash[:notice] = I18n.t(:notice, :scope => [:doorkeeper, :flash, :applications, :create])
+        flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
         respond_with [:oauth, @application]
       else
         render :new
@@ -32,7 +32,7 @@ module Doorkeeper
 
     def update
       if @application.update_attributes(application_params)
-        flash[:notice] = I18n.t(:notice, :scope => [:doorkeeper, :flash, :applications, :update])
+        flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :update])
         respond_with [:oauth, @application]
       else
         render :edit
@@ -40,7 +40,7 @@ module Doorkeeper
     end
 
     def destroy
-      flash[:notice] = I18n.t(:notice, :scope => [:doorkeeper, :flash, :applications, :destroy]) if @application.destroy
+      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy]) if @application.destroy
       redirect_to oauth_applications_url
     end
 

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -25,7 +25,7 @@ module Doorkeeper
       if auth.redirectable?
         redirect_to auth.redirect_uri
       else
-        render :json => auth.body, :status => auth.status
+        render json: auth.body, status: auth.status
       end
     end
 
@@ -35,11 +35,11 @@ module Doorkeeper
       if auth.redirectable?
         redirect_to auth.redirect_uri
       else
-        render :json => auth.body, :status => auth.status
+        render json: auth.body, status: auth.status
       end
     end
 
-  private
+    private
 
     def pre_auth
       @pre_auth ||= OAuth::PreAuthorization.new(Doorkeeper.configuration, server.client_via_uid, params)

data/app/controllers/doorkeeper/authorized_applications_controller.rb

@@ -7,6 +7,6 @@ class Doorkeeper::AuthorizedApplicationsController < Doorkeeper::ApplicationCont
 
   def destroy
     Doorkeeper::AccessToken.revoke_all_for params[:id], current_resource_owner
-    redirect_to oauth_authorized_applications_url, :notice => I18n.t(:notice, :scope => [:doorkeeper, :flash, :authorized_applications, :destroy])
+    redirect_to oauth_authorized_applications_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy])
   end
 end

data/app/controllers/doorkeeper/token_info_controller.rb

@@ -2,11 +2,11 @@ module Doorkeeper
   class TokenInfoController < ::Doorkeeper::ApplicationController
     def show
       if doorkeeper_token && doorkeeper_token.accessible?
-        render :json => doorkeeper_token, :status => :ok
+        render json: doorkeeper_token, status: :ok
       else
-        error = OAuth::ErrorResponse.new(:name => :invalid_request)
+        error = OAuth::ErrorResponse.new(name: :invalid_request)
         response.headers.merge!(error.headers)
-        render :json => error.body, :status => error.status
+        render json: error.body, status: error.status
       end
     end
   end

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -1,5 +1,5 @@
 module Doorkeeper
-  class TokensController < ActionController::Metal
+  class TokensController < ::Doorkeeper::ApplicationController
     include Helpers::Controller
     include ActionController::RackDelegation
     include ActionController::Instrumentation
@@ -13,7 +13,34 @@ module Doorkeeper
       handle_token_exception e
     end
 
-  private
+    #############################################
+    #   RFC 7009 - OAuth 2.0 Token Revocation   #
+    #                                           #
+    #    http://tools.ietf.org/html/rfc7009     #
+    #############################################
+    def revoke
+      # The authorization server first validates the client credentials
+      if doorkeeper_token && doorkeeper_token.accessible?
+        # Doorkeeper does not use the token_type_hint logic described in the RFC 7009
+        # due to the refresh token implementation that is a field in the access token model.
+        revoke_token(request.POST['token']) if request.POST['token']
+      end
+      # The authorization server responds with HTTP status code 200 if the
+      # token has been revoked sucessfully or if the client submitted an invalid token
+      render json: {}, status: 200
+    end
+
+    private
+
+    def revoke_token(token)
+      token = Doorkeeper::AccessToken.authenticate(token) || Doorkeeper::AccessToken.by_refresh_token(token)
+      if token && doorkeeper_token.same_credential?(token)
+        token.revoke
+        true
+      else
+        false
+      end
+    end
 
     def strategy
       @strategy ||= server.token_request params[:grant_type]