doorkeeper 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +2 -2
- data/CHANGELOG.md +14 -2
- data/README.md +93 -42
- data/app/controllers/doorkeeper/application_controller.rb +1 -1
- data/app/controllers/doorkeeper/applications_controller.rb +4 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +3 -3
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/controllers/doorkeeper/token_info_controller.rb +3 -3
- data/app/controllers/doorkeeper/tokens_controller.rb +29 -2
- data/app/helpers/doorkeeper/form_errors_helper.rb +2 -2
- data/app/validators/redirect_uri_validator.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +3 -3
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +5 -5
- data/doorkeeper.gemspec +1 -1
- data/lib/doorkeeper.rb +31 -31
- data/lib/doorkeeper/config.rb +66 -37
- data/lib/doorkeeper/doorkeeper_for.rb +6 -3
- data/lib/doorkeeper/engine.rb +2 -2
- data/lib/doorkeeper/helpers/controller.rb +9 -9
- data/lib/doorkeeper/helpers/filter.rb +1 -1
- data/lib/doorkeeper/models/access_grant.rb +5 -5
- data/lib/doorkeeper/models/access_token.rb +22 -18
- data/lib/doorkeeper/models/active_record/access_token.rb +8 -8
- data/lib/doorkeeper/models/active_record/application.rb +5 -5
- data/lib/doorkeeper/models/application.rb +8 -9
- data/lib/doorkeeper/models/expirable.rb +1 -1
- data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +2 -2
- data/lib/doorkeeper/models/mongo_mapper/access_token.rb +11 -11
- data/lib/doorkeeper/models/mongo_mapper/application.rb +4 -4
- data/lib/doorkeeper/models/mongoid/version.rb +2 -2
- data/lib/doorkeeper/models/mongoid2/access_grant.rb +7 -7
- data/lib/doorkeeper/models/mongoid2/access_token.rb +14 -14
- data/lib/doorkeeper/models/mongoid2/application.rb +7 -7
- data/lib/doorkeeper/models/mongoid3_4/access_grant.rb +7 -7
- data/lib/doorkeeper/models/mongoid3_4/access_token.rb +13 -13
- data/lib/doorkeeper/models/mongoid3_4/application.rb +6 -6
- data/lib/doorkeeper/models/ownership.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +7 -7
- data/lib/doorkeeper/oauth/authorization_code_request.rb +18 -19
- data/lib/doorkeeper/oauth/client.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +4 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +6 -4
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -2
- data/lib/doorkeeper/oauth/client_credentials_request.rb +11 -15
- data/lib/doorkeeper/oauth/code_request.rb +5 -4
- data/lib/doorkeeper/oauth/code_response.rb +8 -7
- data/lib/doorkeeper/oauth/error.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
- data/lib/doorkeeper/oauth/invalid_token_response.rb +10 -10
- data/lib/doorkeeper/oauth/password_access_token_request.rb +57 -54
- data/lib/doorkeeper/oauth/pre_authorization.rb +7 -7
- data/lib/doorkeeper/oauth/refresh_token_request.rb +27 -24
- data/lib/doorkeeper/oauth/scopes.rb +3 -3
- data/lib/doorkeeper/oauth/token.rb +27 -1
- data/lib/doorkeeper/oauth/token_request.rb +14 -4
- data/lib/doorkeeper/rails/routes.rb +31 -22
- data/lib/doorkeeper/rails/routes/mapping.rb +11 -12
- data/lib/doorkeeper/request.rb +5 -5
- data/lib/doorkeeper/version.rb +1 -1
- data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
- data/lib/generators/doorkeeper/install_generator.rb +5 -5
- data/lib/generators/doorkeeper/migration_generator.rb +1 -1
- data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb +2 -2
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +2 -2
- data/lib/generators/doorkeeper/templates/initializer.rb +16 -3
- data/lib/generators/doorkeeper/templates/migration.rb +16 -17
- data/lib/generators/doorkeeper/views_generator.rb +1 -1
- data/spec/controllers/applications_controller_spec.rb +7 -7
- data/spec/controllers/authorizations_controller_spec.rb +48 -48
- data/spec/controllers/protected_resources_controller_spec.rb +108 -107
- data/spec/controllers/token_info_controller_spec.rb +11 -11
- data/spec/controllers/tokens_controller_spec.rb +8 -8
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -2
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +3 -3
- data/spec/dummy/app/controllers/home_controller.rb +5 -5
- data/spec/dummy/app/controllers/metal_controller.rb +1 -1
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +2 -2
- data/spec/dummy/app/models/user.rb +3 -3
- data/spec/dummy/config/application.rb +8 -9
- data/spec/dummy/config/boot.rb +1 -1
- data/spec/dummy/config/environments/test.rb +1 -1
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -5
- data/spec/dummy/config/initializers/session_store.rb +1 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +1 -1
- data/spec/dummy/config/routes.rb +27 -27
- data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +16 -17
- data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +3 -3
- data/spec/dummy/db/schema.rb +39 -39
- data/spec/factories/access_grant.rb +3 -3
- data/spec/factories/access_token.rb +1 -1
- data/spec/factories/application.rb +3 -3
- data/spec/generators/application_owner_generator_spec.rb +6 -7
- data/spec/generators/install_generator_spec.rb +9 -9
- data/spec/generators/migration_generator_spec.rb +4 -4
- data/spec/lib/config_spec.rb +136 -44
- data/spec/lib/models/expirable_spec.rb +9 -9
- data/spec/lib/models/revocable_spec.rb +4 -4
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +4 -4
- data/spec/lib/oauth/authorization_code_request_spec.rb +2 -2
- data/spec/lib/oauth/client/credentials_spec.rb +4 -4
- data/spec/lib/oauth/client/methods_spec.rb +10 -10
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +9 -7
- data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -2
- data/spec/lib/oauth/client_credentials_request_spec.rb +6 -6
- data/spec/lib/oauth/client_spec.rb +4 -4
- data/spec/lib/oauth/code_request_spec.rb +10 -9
- data/spec/lib/oauth/error_response_spec.rb +8 -8
- data/spec/lib/oauth/error_spec.rb +1 -1
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +17 -17
- data/spec/lib/oauth/helpers/unique_token_spec.rb +7 -7
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +33 -33
- data/spec/lib/oauth/invalid_token_response_spec.rb +4 -4
- data/spec/lib/oauth/password_access_token_request_spec.rb +13 -13
- data/spec/lib/oauth/pre_authorization_spec.rb +47 -7
- data/spec/lib/oauth/refresh_token_request_spec.rb +11 -21
- data/spec/lib/oauth/scopes_spec.rb +32 -32
- data/spec/lib/oauth/token_request_spec.rb +10 -9
- data/spec/lib/oauth/token_response_spec.rb +13 -15
- data/spec/lib/oauth/token_spec.rb +24 -10
- data/spec/lib/server_spec.rb +24 -2
- data/spec/models/doorkeeper/access_grant_spec.rb +8 -8
- data/spec/models/doorkeeper/access_token_spec.rb +79 -33
- data/spec/models/doorkeeper/application_spec.rb +29 -29
- data/spec/requests/applications/applications_request_spec.rb +15 -15
- data/spec/requests/applications/authorized_applications_spec.rb +7 -7
- data/spec/requests/endpoints/authorization_spec.rb +19 -12
- data/spec/requests/endpoints/token_spec.rb +26 -8
- data/spec/requests/flows/authorization_code_errors_spec.rb +17 -17
- data/spec/requests/flows/authorization_code_spec.rb +28 -28
- data/spec/requests/flows/client_credentials_spec.rb +3 -3
- data/spec/requests/flows/implicit_grant_errors_spec.rb +5 -5
- data/spec/requests/flows/implicit_grant_spec.rb +2 -2
- data/spec/requests/flows/password_spec.rb +32 -32
- data/spec/requests/flows/refresh_token_spec.rb +23 -23
- data/spec/requests/flows/revoke_token_spec.rb +165 -0
- data/spec/requests/flows/skip_authorization_spec.rb +10 -10
- data/spec/requests/protected_resources/metal_spec.rb +1 -1
- data/spec/requests/protected_resources/private_api_spec.rb +5 -5
- data/spec/routing/custom_controller_routes_spec.rb +4 -0
- data/spec/routing/default_routes_spec.rb +5 -1
- data/spec/spec_helper.rb +2 -2
- data/spec/spec_helper_integration.rb +8 -10
- data/spec/support/helpers/access_token_request_helper.rb +3 -3
- data/spec/support/helpers/authorization_request_helper.rb +3 -3
- data/spec/support/helpers/config_helper.rb +1 -1
- data/spec/support/helpers/model_helper.rb +2 -2
- data/spec/support/helpers/request_spec_helper.rb +3 -3
- data/spec/support/helpers/url_helper.rb +25 -21
- data/spec/support/orm/active_record.rb +4 -4
- data/spec/support/orm/mongo_mapper.rb +2 -3
- data/spec/support/orm/mongoid.rb +5 -6
- data/spec/support/shared/controllers_shared_context.rb +15 -15
- data/spec/support/shared/models_shared_examples.rb +13 -13
- data/spec/validators/redirect_uri_validator_spec.rb +9 -9
- metadata +5 -4
|
@@ -1,71 +1,74 @@
|
|
|
1
|
-
module Doorkeeper
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class PasswordAccessTokenRequest
|
|
4
|
+
include Doorkeeper::Validations
|
|
5
|
+
include Doorkeeper::OAuth::Helpers
|
|
5
6
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
validate :client, error: :invalid_client
|
|
8
|
+
validate :resource_owner, error: :invalid_resource_owner
|
|
9
|
+
validate :scopes, error: :invalid_scope
|
|
9
10
|
|
|
10
|
-
|
|
11
|
-
|
|
11
|
+
attr_accessor :server, :resource_owner, :credentials, :access_token
|
|
12
|
+
attr_accessor :client
|
|
12
13
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
14
|
+
def initialize(server, credentials, resource_owner, parameters = {})
|
|
15
|
+
@server = server
|
|
16
|
+
@resource_owner = resource_owner
|
|
17
|
+
@credentials = credentials
|
|
18
|
+
@original_scopes = parameters[:scope]
|
|
18
19
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
validate
|
|
24
|
-
@response = if valid?
|
|
25
|
-
issue_token
|
|
26
|
-
TokenResponse.new access_token
|
|
27
|
-
else
|
|
28
|
-
ErrorResponse.from_request self
|
|
20
|
+
if credentials
|
|
21
|
+
@client = Doorkeeper::Application.authenticate credentials.uid,
|
|
22
|
+
credentials.secret
|
|
23
|
+
end
|
|
29
24
|
end
|
|
30
|
-
end
|
|
31
25
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
26
|
+
def authorize
|
|
27
|
+
validate
|
|
28
|
+
@response = if valid?
|
|
29
|
+
issue_token
|
|
30
|
+
TokenResponse.new access_token
|
|
31
|
+
else
|
|
32
|
+
ErrorResponse.from_request self
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
|
|
39
|
-
else
|
|
40
|
-
server.default_scopes
|
|
36
|
+
def valid?
|
|
37
|
+
error.nil?
|
|
41
38
|
end
|
|
42
|
-
end
|
|
43
39
|
|
|
44
|
-
|
|
40
|
+
def scopes
|
|
41
|
+
@scopes ||= if @original_scopes.present?
|
|
42
|
+
Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
|
|
43
|
+
else
|
|
44
|
+
server.default_scopes
|
|
45
|
+
end
|
|
46
|
+
end
|
|
45
47
|
|
|
46
|
-
|
|
47
|
-
application_id = client.id if client
|
|
48
|
+
private
|
|
48
49
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
50
|
+
def issue_token
|
|
51
|
+
@access_token = Doorkeeper::AccessToken.create!(
|
|
52
|
+
application_id: client.try(:id),
|
|
53
|
+
resource_owner_id: resource_owner.id,
|
|
54
|
+
scopes: scopes.to_s,
|
|
55
|
+
expires_in: server.access_token_expires_in,
|
|
56
|
+
use_refresh_token: server.refresh_token_enabled?
|
|
57
|
+
)
|
|
58
|
+
end
|
|
57
59
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
60
|
+
def validate_scopes
|
|
61
|
+
return true unless @original_scopes.present?
|
|
62
|
+
ScopeChecker.valid?(@original_scopes, @server.scopes)
|
|
63
|
+
end
|
|
62
64
|
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
65
|
+
def validate_resource_owner
|
|
66
|
+
!!resource_owner
|
|
67
|
+
end
|
|
66
68
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
+
def validate_client
|
|
70
|
+
!credentials || !!client
|
|
71
|
+
end
|
|
69
72
|
end
|
|
70
73
|
end
|
|
71
74
|
end
|
|
@@ -3,10 +3,10 @@ module Doorkeeper
|
|
|
3
3
|
class PreAuthorization
|
|
4
4
|
include Doorkeeper::Validations
|
|
5
5
|
|
|
6
|
-
validate :response_type, :
|
|
7
|
-
validate :client, :
|
|
8
|
-
validate :scopes, :
|
|
9
|
-
validate :redirect_uri, :
|
|
6
|
+
validate :response_type, error: :unsupported_response_type
|
|
7
|
+
validate :client, error: :invalid_client
|
|
8
|
+
validate :scopes, error: :invalid_scope
|
|
9
|
+
validate :redirect_uri, error: :invalid_redirect_uri
|
|
10
10
|
|
|
11
11
|
attr_accessor :server, :client, :response_type, :redirect_uri, :state
|
|
12
12
|
attr_writer :scope
|
|
@@ -36,10 +36,10 @@ module Doorkeeper
|
|
|
36
36
|
Doorkeeper::OAuth::ErrorResponse.from_request(self)
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
private
|
|
40
40
|
|
|
41
41
|
def validate_response_type
|
|
42
|
-
|
|
42
|
+
server.authorization_response_types.include? response_type
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
def validate_client
|
|
@@ -55,7 +55,7 @@ module Doorkeeper
|
|
|
55
55
|
def validate_redirect_uri
|
|
56
56
|
return false unless redirect_uri.present?
|
|
57
57
|
Helpers::URIChecker.test_uri?(redirect_uri) ||
|
|
58
|
-
|
|
58
|
+
Helpers::URIChecker.valid_for_authorization?(redirect_uri, client.redirect_uri)
|
|
59
59
|
end
|
|
60
60
|
end
|
|
61
61
|
end
|
|
@@ -4,10 +4,10 @@ module Doorkeeper
|
|
|
4
4
|
include Doorkeeper::Validations
|
|
5
5
|
include Doorkeeper::OAuth::Helpers
|
|
6
6
|
|
|
7
|
-
validate :token, :
|
|
8
|
-
validate :client, :
|
|
9
|
-
validate :client_match, :
|
|
10
|
-
validate :scope, :
|
|
7
|
+
validate :token, error: :invalid_request
|
|
8
|
+
validate :client, error: :invalid_client
|
|
9
|
+
validate :client_match, error: :invalid_grant
|
|
10
|
+
validate :scope, error: :invalid_scope
|
|
11
11
|
|
|
12
12
|
attr_accessor :server, :refresh_token, :credentials, :access_token
|
|
13
13
|
attr_accessor :client
|
|
@@ -18,32 +18,35 @@ module Doorkeeper
|
|
|
18
18
|
@credentials = credentials
|
|
19
19
|
@requested_scopes = parameters[:scopes]
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
if credentials
|
|
22
|
+
@client = Doorkeeper::Application.authenticate credentials.uid,
|
|
23
|
+
credentials.secret
|
|
24
|
+
end
|
|
22
25
|
end
|
|
23
26
|
|
|
24
27
|
def authorize
|
|
25
28
|
validate
|
|
26
29
|
@response = if valid?
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
30
|
+
revoke_and_create_access_token
|
|
31
|
+
TokenResponse.new access_token
|
|
32
|
+
else
|
|
33
|
+
ErrorResponse.from_request self
|
|
34
|
+
end
|
|
32
35
|
end
|
|
33
36
|
|
|
34
37
|
def valid?
|
|
35
|
-
|
|
38
|
+
error.nil?
|
|
36
39
|
end
|
|
37
40
|
|
|
38
41
|
def scopes
|
|
39
42
|
@scopes ||= if @requested_scopes.present?
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
43
|
+
Scopes.from_string @requested_scopes
|
|
44
|
+
else
|
|
45
|
+
refresh_token.scopes
|
|
46
|
+
end
|
|
44
47
|
end
|
|
45
48
|
|
|
46
|
-
|
|
49
|
+
private
|
|
47
50
|
|
|
48
51
|
def revoke_and_create_access_token
|
|
49
52
|
refresh_token.revoke
|
|
@@ -51,13 +54,13 @@ module Doorkeeper
|
|
|
51
54
|
end
|
|
52
55
|
|
|
53
56
|
def create_access_token
|
|
54
|
-
@access_token = Doorkeeper::AccessToken.create!(
|
|
55
|
-
:
|
|
56
|
-
:
|
|
57
|
-
:
|
|
58
|
-
:
|
|
59
|
-
:
|
|
60
|
-
|
|
57
|
+
@access_token = Doorkeeper::AccessToken.create!(
|
|
58
|
+
application_id: refresh_token.application_id,
|
|
59
|
+
resource_owner_id: refresh_token.resource_owner_id,
|
|
60
|
+
scopes: scopes.to_s,
|
|
61
|
+
expires_in: server.access_token_expires_in,
|
|
62
|
+
use_refresh_token: true
|
|
63
|
+
)
|
|
61
64
|
end
|
|
62
65
|
|
|
63
66
|
def validate_token
|
|
@@ -65,7 +68,7 @@ module Doorkeeper
|
|
|
65
68
|
end
|
|
66
69
|
|
|
67
70
|
def validate_client
|
|
68
|
-
|
|
71
|
+
!credentials || !!client
|
|
69
72
|
end
|
|
70
73
|
|
|
71
74
|
def validate_client_match
|
|
@@ -5,7 +5,7 @@ module Doorkeeper
|
|
|
5
5
|
include Comparable
|
|
6
6
|
|
|
7
7
|
def self.from_string(string)
|
|
8
|
-
string ||=
|
|
8
|
+
string ||= ''
|
|
9
9
|
new.tap do |scope|
|
|
10
10
|
scope.add(*string.split)
|
|
11
11
|
end
|
|
@@ -17,7 +17,7 @@ module Doorkeeper
|
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
delegate :each, :
|
|
20
|
+
delegate :each, to: :@scopes
|
|
21
21
|
|
|
22
22
|
def initialize
|
|
23
23
|
@scopes = []
|
|
@@ -37,7 +37,7 @@ module Doorkeeper
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def to_s
|
|
40
|
-
@scopes.join(
|
|
40
|
+
@scopes.join(' ')
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def has_scopes?(scopes)
|
|
@@ -13,7 +13,33 @@ module Doorkeeper
|
|
|
13
13
|
def from_bearer_authorization(request)
|
|
14
14
|
pattern = /^Bearer /
|
|
15
15
|
header = request.authorization
|
|
16
|
-
header
|
|
16
|
+
token_from_header(header, pattern) if match?(header, pattern)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def from_basic_authorization(request)
|
|
20
|
+
pattern = /^Basic /
|
|
21
|
+
header = request.authorization
|
|
22
|
+
token_from_basic_header(header, pattern) if match?(header, pattern)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
|
|
27
|
+
def token_from_basic_header(header, pattern)
|
|
28
|
+
encoded_header = token_from_header(header, pattern)
|
|
29
|
+
token, _ = decode_basic_credentials(encoded_header)
|
|
30
|
+
token
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def decode_basic_credentials(encoded_header)
|
|
34
|
+
Base64.decode64(encoded_header).split(/:/, 2)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def token_from_header(header, pattern)
|
|
38
|
+
header.gsub pattern, ''
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def match?(header, pattern)
|
|
42
|
+
header && header.match(pattern)
|
|
17
43
|
end
|
|
18
44
|
end
|
|
19
45
|
|
|
@@ -10,18 +10,28 @@ module Doorkeeper
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def authorize
|
|
13
|
-
|
|
13
|
+
if pre_auth.authorizable?
|
|
14
14
|
auth = Authorization::Token.new(pre_auth, resource_owner)
|
|
15
15
|
auth.issue_token
|
|
16
|
-
CodeResponse.new pre_auth,
|
|
16
|
+
@response = CodeResponse.new pre_auth,
|
|
17
|
+
auth,
|
|
18
|
+
response_on_fragment: true
|
|
17
19
|
else
|
|
18
|
-
|
|
20
|
+
@response = error_response
|
|
19
21
|
end
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
def deny
|
|
23
25
|
pre_auth.error = :access_denied
|
|
24
|
-
|
|
26
|
+
error_response
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def error_response
|
|
32
|
+
ErrorResponse.from_request pre_auth,
|
|
33
|
+
redirect_uri: pre_auth.redirect_uri,
|
|
34
|
+
response_on_fragment: true
|
|
25
35
|
end
|
|
26
36
|
end
|
|
27
37
|
end
|
|
@@ -16,11 +16,11 @@ module Doorkeeper
|
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def self.warn_if_using_mount_method!
|
|
19
|
-
paths = ::Rails.application.config.paths[
|
|
20
|
-
::Rails.application.config.paths[
|
|
19
|
+
paths = ::Rails.application.config.paths['config/routes'] ||
|
|
20
|
+
::Rails.application.config.paths['config/routes.rb']
|
|
21
21
|
|
|
22
22
|
paths.each do |path|
|
|
23
|
-
if File.read(::Rails.root.join(path)) =~ %r
|
|
23
|
+
if File.read(::Rails.root.join(path)) =~ %r{mount Doorkeeper::Engine}
|
|
24
24
|
warn "\n[DOORKEEPER] `mount Doorkeeper::Engine` is not being used anymore. Please replace it with `use_doorkeeper` in your #{path} file\n"
|
|
25
25
|
end
|
|
26
26
|
end
|
|
@@ -34,16 +34,18 @@ module Doorkeeper
|
|
|
34
34
|
|
|
35
35
|
def generate_routes!(options)
|
|
36
36
|
@mapping = Mapper.new.map(&@block)
|
|
37
|
-
routes.scope options[:scope] || 'oauth', :
|
|
37
|
+
routes.scope options[:scope] || 'oauth', as: 'oauth' do
|
|
38
38
|
map_route(:authorizations, :authorization_routes)
|
|
39
39
|
map_route(:tokens, :token_routes)
|
|
40
|
+
map_route(:tokens, :revoke_routes)
|
|
40
41
|
map_route(:applications, :application_routes)
|
|
41
42
|
map_route(:authorized_applications, :authorized_applications_routes)
|
|
42
43
|
map_route(:token_info, :token_info_routes)
|
|
43
44
|
end
|
|
44
45
|
end
|
|
45
46
|
|
|
46
|
-
|
|
47
|
+
private
|
|
48
|
+
|
|
47
49
|
def map_route(name, method)
|
|
48
50
|
unless @mapping.skipped?(name)
|
|
49
51
|
send method, @mapping[name]
|
|
@@ -51,39 +53,46 @@ module Doorkeeper
|
|
|
51
53
|
end
|
|
52
54
|
|
|
53
55
|
def authorization_routes(mapping)
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
56
|
+
routes.resource(
|
|
57
|
+
:authorization,
|
|
58
|
+
path: 'authorize',
|
|
59
|
+
only: [:create, :update, :destroy],
|
|
60
|
+
as: mapping[:as],
|
|
61
|
+
controller: mapping[:controllers]
|
|
62
|
+
) do
|
|
63
|
+
routes.get '/:code', action: :show, on: :member
|
|
64
|
+
routes.get '/', action: :new, on: :member
|
|
65
|
+
end
|
|
63
66
|
end
|
|
64
67
|
|
|
65
68
|
def token_routes(mapping)
|
|
66
69
|
routes.resource(
|
|
67
|
-
:token,
|
|
68
|
-
:
|
|
69
|
-
:
|
|
70
|
+
:token,
|
|
71
|
+
path: 'token',
|
|
72
|
+
only: [:create], as: mapping[:as],
|
|
73
|
+
controller: mapping[:controllers]
|
|
70
74
|
)
|
|
71
75
|
end
|
|
72
76
|
|
|
77
|
+
def revoke_routes(mapping)
|
|
78
|
+
routes.post 'revoke', controller: mapping[:controllers], action: :revoke
|
|
79
|
+
end
|
|
80
|
+
|
|
73
81
|
def token_info_routes(mapping)
|
|
74
82
|
routes.resource(
|
|
75
|
-
:token_info,
|
|
76
|
-
:
|
|
77
|
-
:
|
|
83
|
+
:token_info,
|
|
84
|
+
path: 'token/info',
|
|
85
|
+
only: [:show], as: mapping[:as],
|
|
86
|
+
controller: mapping[:controllers]
|
|
78
87
|
)
|
|
79
88
|
end
|
|
80
89
|
|
|
81
90
|
def application_routes(mapping)
|
|
82
|
-
routes.resources :applications, :
|
|
91
|
+
routes.resources :applications, controller: mapping[:controllers]
|
|
83
92
|
end
|
|
84
93
|
|
|
85
94
|
def authorized_applications_routes(mapping)
|
|
86
|
-
routes.resources :authorized_applications, :
|
|
95
|
+
routes.resources :authorized_applications, only: [:index, :destroy], controller: mapping[:controllers]
|
|
87
96
|
end
|
|
88
97
|
end
|
|
89
98
|
end
|