RubyGems - doorkeeper - Versions diffs - 1.2.0 → 1.3.0 - Mend

doorkeeper 1.2.0 → 1.3.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (27) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/lib/doorkeeper.rb +1 -0
data/lib/doorkeeper/config.rb +6 -0
data/lib/doorkeeper/models/access_token.rb +37 -11
data/lib/doorkeeper/models/active_record/access_token.rb +2 -2
data/lib/doorkeeper/models/mongo_mapper/access_token.rb +2 -2
data/lib/doorkeeper/models/mongoid2/access_token.rb +2 -2
data/lib/doorkeeper/models/mongoid3_4/access_token.rb +2 -2
data/lib/doorkeeper/oauth/authorization_code_request.rb +7 -22
data/lib/doorkeeper/oauth/client_credentials_request.rb +12 -8
data/lib/doorkeeper/oauth/code_response.rb +3 -1
data/lib/doorkeeper/oauth/error_response.rb +7 -2
data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -1
data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -30
data/lib/doorkeeper/oauth/refresh_token_request.rb +10 -28
data/lib/doorkeeper/oauth/request_concern.rb +43 -0
data/lib/doorkeeper/oauth/token_response.rb +3 -1
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/templates/initializer.rb +4 -0
data/spec/lib/oauth/authorization_code_request_spec.rb +9 -0
data/spec/lib/oauth/password_access_token_request_spec.rb +15 -0
data/spec/models/doorkeeper/access_grant_spec.rb +1 -1
data/spec/models/doorkeeper/access_token_spec.rb +1 -1
data/spec/requests/flows/password_spec.rb +12 -0
data/spec/support/shared/models_shared_examples.rb +1 -9
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 923df84b3da199e68a3cce57633ad6b0e1257aab
-  data.tar.gz: 16f3055a34246abe9db2b2110e1c9ca0c00a5f60
+  metadata.gz: 598bf74d593976f9ffe96a0e511f9b75b0e6f1e4
+  data.tar.gz: cddda3ef65df20171860bba9cbecb8097873f039
 SHA512:
-  metadata.gz: 2e69a18ef913b226db002e6bf5b7f850dd49a6fe8db9c78b74862e6b726b2ccdc79e03e03b303e38306244589540716540464b9d1b5240f4f9a9b14484202473
-  data.tar.gz: 4dbd9358b6d3ecf463947ff299000e5ed43b71f8bb7d624c370f34b32a627abea2ac17c412df679b3a3218dd570ee05981a8cdb1dce6488feb9a9f40e0758a5c
+  metadata.gz: 8b66fe347a4767a45fe3ede635b53de57ca8a20e201a03872d5e80295d5a3701f33fdc78ba5437e3e8e13b2c7ba3eb7f04f87ff52708a9d04ea29ca2ae819984
+  data.tar.gz: 74a12fac73bb6e735bb16a3eea2d050299e6204a4f095fab95c605d178ebaec0f47871e4d815b30a873b5a7bc4e1dadeaaf7c9c23cc1ea3d15fc598569114530

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,10 @@
 # Changelog
+## 1.3.0
+- enhancements
+  - [#387] Adds reuse_access_token configuration option.
 ## 1.2.0
 - enhancements

data/lib/doorkeeper.rb CHANGED Viewed

@@ -21,6 +21,7 @@ require 'doorkeeper/oauth/code_response'
 require 'doorkeeper/oauth/token_response'
 require 'doorkeeper/oauth/error_response'
 require 'doorkeeper/oauth/pre_authorization'
+require 'doorkeeper/oauth/request_concern'
 require 'doorkeeper/oauth/authorization_code_request'
 require 'doorkeeper/oauth/refresh_token_request'
 require 'doorkeeper/oauth/password_access_token_request'

data/lib/doorkeeper/config.rb CHANGED Viewed

@@ -81,6 +81,10 @@ module Doorkeeper
       def realm(realm)
         @config.instance_variable_set('@realm', realm)
       end
+      def reuse_access_token
+        @config.instance_variable_set("@reuse_access_token", true)
+      end
     end
     module Option
@@ -171,6 +175,8 @@ module Doorkeeper
     option :grant_flows,
            default: %w(authorization_code implicit password client_credentials)
+    attr_reader :reuse_access_token
     def refresh_token_enabled?
       !!@refresh_token_enabled
     end

data/lib/doorkeeper/models/access_token.rb CHANGED Viewed

@@ -6,7 +6,9 @@ module Doorkeeper
     include Doorkeeper::Models::Accessible
     include Doorkeeper::Models::Scopes
-    belongs_to :application, class_name: 'Doorkeeper::Application', inverse_of: :access_tokens
+    belongs_to :application,
+               class_name: 'Doorkeeper::Application',
+               inverse_of: :access_tokens
     validates :token, presence: true
     validates :token, uniqueness: true
@@ -14,11 +16,14 @@ module Doorkeeper
     attr_accessor :use_refresh_token
     if ::Rails.version.to_i < 4 || defined?(ProtectedAttributes)
-      attr_accessible :application_id, :resource_owner_id, :expires_in, :scopes, :use_refresh_token
+      attr_accessible :application_id, :resource_owner_id, :expires_in,
+                      :scopes, :use_refresh_token
     end
     before_validation :generate_token, on: :create
-    before_validation :generate_refresh_token, on: :create, if: :use_refresh_token?
+    before_validation :generate_refresh_token,
+                      on: :create,
+                      if: :use_refresh_token?
     def self.authenticate(token)
       where(token: token).first
@@ -36,31 +41,52 @@ module Doorkeeper
     end
     def self.matching_token_for(application, resource_owner_or_id, scopes)
-      resource_owner_id = resource_owner_or_id.respond_to?(:to_key) ? resource_owner_or_id.id : resource_owner_or_id
-      token = last_authorized_token_for(application, resource_owner_id)
+      resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
+                            resource_owner_or_id.id
+                          else
+                            resource_owner_or_id
+                          end
+      token = last_authorized_token_for(application.id, resource_owner_id)
       token if token && ScopeChecker.matches?(token.scopes, scopes)
     end
+    def self.find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
+      if Doorkeeper.configuration.reuse_access_token
+        access_token = matching_token_for(application, resource_owner_id, scopes)
+        if access_token && !access_token.expired?
+          return access_token
+        end
+      end
+      create!(
+        application_id:    application.try(:id),
+        resource_owner_id: resource_owner_id,
+        scopes:            scopes.to_s,
+        expires_in:        expires_in,
+        use_refresh_token: use_refresh_token
+      )
+    end
     def token_type
       'bearer'
     end
     def use_refresh_token?
-      self.use_refresh_token
+      use_refresh_token
     end
     def as_json(options = {})
       {
-        resource_owner_id: self.resource_owner_id,
-        scopes: self.scopes,
-        expires_in_seconds: self.expires_in_seconds,
-        application: { uid: self.application.uid }
+        resource_owner_id: resource_owner_id,
+        scopes: scopes,
+        expires_in_seconds: expires_in_seconds,
+        application: { uid: application.uid }
       }
     end
     # It indicates whether the tokens have the same credential
     def same_credential?(access_token)
-      application_id == access_token.application_id && resource_owner_id == access_token.resource_owner_id
+      application_id == access_token.application_id &&
+        resource_owner_id == access_token.resource_owner_id
     end
     private

data/lib/doorkeeper/models/active_record/access_token.rb CHANGED Viewed

@@ -12,8 +12,8 @@ module Doorkeeper
     end
     private_class_method :delete_all_for
-    def self.last_authorized_token_for(application, resource_owner_id)
-      where(application_id: application.id,
+    def self.last_authorized_token_for(application_id, resource_owner_id)
+      where(application_id: application_id,
             resource_owner_id: resource_owner_id,
             revoked_at: nil).
         order('created_at desc').

data/lib/doorkeeper/models/mongo_mapper/access_token.rb CHANGED Viewed

@@ -29,8 +29,8 @@ module Doorkeeper
     end
     private_class_method :delete_all_for
-    def self.last_authorized_token_for(application, resource_owner_id)
-      where(application_id: application.id,
+    def self.last_authorized_token_for(application_id, resource_owner_id)
+      where(application_id: application_id,
             resource_owner_id: resource_owner_id,
             revoked_at: nil).
         sort(:created_at.desc).

data/lib/doorkeeper/models/mongoid2/access_token.rb CHANGED Viewed

@@ -24,8 +24,8 @@ module Doorkeeper
     end
     private_class_method :delete_all_for
-    def self.last_authorized_token_for(application, resource_owner_id)
-      where(application_id: application.id,
+    def self.last_authorized_token_for(application_id, resource_owner_id)
+      where(application_id: application_id,
             resource_owner_id: resource_owner_id,
             revoked_at: nil).
         order_by([:created_at, :desc]).

data/lib/doorkeeper/models/mongoid3_4/access_token.rb CHANGED Viewed

@@ -31,8 +31,8 @@ module Doorkeeper
     end
     private_class_method :delete_all_for
-    def self.last_authorized_token_for(application, resource_owner_id)
-      where(application_id: application.id,
+    def self.last_authorized_token_for(application_id, resource_owner_id)
+      where(application_id: application_id,
             resource_owner_id: resource_owner_id,
             revoked_at: nil).
         order_by([:created_at, :desc]).

data/lib/doorkeeper/oauth/authorization_code_request.rb CHANGED Viewed

@@ -2,6 +2,7 @@ module Doorkeeper
   module OAuth
     class AuthorizationCodeRequest
       include Doorkeeper::Validations
+      include Doorkeeper::OAuth::RequestConcern
       validate :attributes,   error: :invalid_request
       validate :client,       error: :invalid_client
@@ -17,30 +18,14 @@ module Doorkeeper
         @redirect_uri = parameters[:redirect_uri]
       end
-      def authorize
-        validate
-        @response = if valid?
-                      grant.revoke
-                      issue_token
-                      TokenResponse.new access_token
-                    else
-                      ErrorResponse.from_request self
-                    end
-      end
-      def valid?
-        error.nil?
-      end
       private
-      def issue_token
-        @access_token = Doorkeeper::AccessToken.create!(
-          application_id:    grant.application_id,
-          resource_owner_id: grant.resource_owner_id,
-          scopes:            grant.scopes_string,
-          expires_in:        server.access_token_expires_in,
-          use_refresh_token: server.refresh_token_enabled?)
+      def on_successful_authorization
+        grant.revoke
+        find_or_create_access_token(grant.application,
+                                    grant.resource_owner_id,
+                                    grant.scopes,
+                                    server)
       end
       def validate_attributes

data/lib/doorkeeper/oauth/client_credentials_request.rb CHANGED Viewed

@@ -5,6 +5,9 @@ require 'doorkeeper/oauth/client_credentials/validation'
 module Doorkeeper
   module OAuth
     class ClientCredentialsRequest
+      include Doorkeeper::Validations
+      include Doorkeeper::OAuth::RequestConcern
       attr_accessor :issuer, :server, :client, :original_scopes, :scopes
       attr_reader :response
       alias :error_response :response
@@ -21,16 +24,11 @@ module Doorkeeper
         @original_scopes = parameters[:scope]
       end
-      def authorize
-        status = issuer.create(client, scopes)
-        @response = if status
-                      TokenResponse.new(issuer.token)
-                    else
-                      ErrorResponse.from_request(self)
-                    end
+      def access_token
+        issuer.token
       end
-      # TODO: duplicated code in all flows
+      # TODO: Why can't it use RequestConcern's implementation?
       def scopes
         @scopes ||= if @original_scopes.present?
                       Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
@@ -38,6 +36,12 @@ module Doorkeeper
                       server.default_scopes
                     end
       end
+      private
+      def valid?
+        issuer.create(client, scopes)
+      end
     end
   end
 end

data/lib/doorkeeper/oauth/code_response.rb CHANGED Viewed

@@ -29,7 +29,9 @@ module Doorkeeper
               state: pre_auth.state
             )
           else
-            uri_with_query pre_auth.redirect_uri, code: auth.token.token, state: pre_auth.state
+            uri_with_query pre_auth.redirect_uri,
+                           code: auth.token.token,
+                           state: pre_auth.state
           end
         end
       end

data/lib/doorkeeper/oauth/error_response.rb CHANGED Viewed

@@ -18,7 +18,11 @@ module Doorkeeper
       end
       def body
-        { error: name, error_description: description, state: state }.reject { |k, v| v.blank? }
+        {
+          error: name,
+          error_description: description,
+          state: state
+        }.reject { |_, v| v.blank? }
       end
       def status
@@ -26,7 +30,8 @@ module Doorkeeper
       end
       def redirectable?
-        (name != :invalid_redirect_uri) && (name != :invalid_client) && !URIChecker.test_uri?(@redirect_uri)
+        name != :invalid_redirect_uri && name != :invalid_client &&
+          !URIChecker.test_uri?(@redirect_uri)
       end
       def redirect_uri

data/lib/doorkeeper/oauth/invalid_token_response.rb CHANGED Viewed

@@ -20,7 +20,8 @@ module Doorkeeper
       end
       def description
-        @description ||= I18n.translate @reason, scope: [:doorkeeper, :errors, :messages, :invalid_token]
+        scope = { scope: [:doorkeeper, :errors, :messages, :invalid_token] }
+        @description ||= I18n.translate @reason, scope
       end
     end
   end

data/lib/doorkeeper/oauth/password_access_token_request.rb CHANGED Viewed

@@ -2,6 +2,7 @@ module Doorkeeper
   module OAuth
     class PasswordAccessTokenRequest
       include Doorkeeper::Validations
+      include Doorkeeper::OAuth::RequestConcern
       include Doorkeeper::OAuth::Helpers
       validate :client,         error: :invalid_client
@@ -23,38 +24,10 @@ module Doorkeeper
         end
       end
-      def authorize
-        validate
-        @response = if valid?
-                      issue_token
-                      TokenResponse.new access_token
-                    else
-                      ErrorResponse.from_request self
-                    end
-      end
-      def valid?
-        error.nil?
-      end
-      def scopes
-        @scopes ||= if @original_scopes.present?
-                      Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
-                    else
-                      server.default_scopes
-                    end
-      end
       private
-      def issue_token
-        @access_token = Doorkeeper::AccessToken.create!(
-          application_id:    client.try(:id),
-          resource_owner_id: resource_owner.id,
-          scopes:            scopes.to_s,
-          expires_in:        server.access_token_expires_in,
-          use_refresh_token: server.refresh_token_enabled?
-        )
+      def on_successful_authorization
+        find_or_create_access_token(client, resource_owner.id, scopes, server)
       end
       def validate_scopes

data/lib/doorkeeper/oauth/refresh_token_request.rb CHANGED Viewed

@@ -2,6 +2,7 @@ module Doorkeeper
   module OAuth
     class RefreshTokenRequest
       include Doorkeeper::Validations
+      include Doorkeeper::OAuth::RequestConcern
       include Doorkeeper::OAuth::Helpers
       validate :token,        error: :invalid_request
@@ -16,7 +17,7 @@ module Doorkeeper
         @server           = server
         @refresh_token    = refresh_token
         @credentials      = credentials
-        @requested_scopes = parameters[:scopes]
+        @original_scopes  = parameters[:scopes]
         if credentials
           @client = Doorkeeper::Application.authenticate credentials.uid,
@@ -24,43 +25,24 @@ module Doorkeeper
         end
       end
-      def authorize
-        validate
-        @response = if valid?
-                      revoke_and_create_access_token
-                      TokenResponse.new access_token
-                    else
-                      ErrorResponse.from_request self
-                    end
-      end
-      def valid?
-        error.nil?
-      end
-      def scopes
-        @scopes ||= if @requested_scopes.present?
-                      Scopes.from_string @requested_scopes
-                    else
-                      refresh_token.scopes
-                    end
-      end
       private
-      def revoke_and_create_access_token
+      def on_successful_authorization
         refresh_token.revoke
         create_access_token
       end
+      def default_scopes
+        refresh_token.scopes
+      end
       def create_access_token
         @access_token = Doorkeeper::AccessToken.create!(
           application_id:    refresh_token.application_id,
           resource_owner_id: refresh_token.resource_owner_id,
           scopes:            scopes.to_s,
           expires_in:        server.access_token_expires_in,
-          use_refresh_token: true
-        )
+          use_refresh_token: true)
       end
       def validate_token
@@ -76,8 +58,8 @@ module Doorkeeper
       end
       def validate_scope
-        if @requested_scopes.present?
-          ScopeChecker.valid?(@requested_scopes, refresh_token.scopes)
+        if @original_scopes.present?
+          ScopeChecker.valid?(@original_scopes, refresh_token.scopes)
         else
           true
         end

data/lib/doorkeeper/oauth/request_concern.rb ADDED Viewed

@@ -0,0 +1,43 @@
+module Doorkeeper
+  module OAuth
+    module RequestConcern
+      def authorize
+        validate
+        if valid?
+          on_successful_authorization
+          @response = TokenResponse.new(access_token)
+        else
+          @response = ErrorResponse.from_request(self)
+        end
+      end
+      def scopes
+        @scopes ||= if @original_scopes.present?
+                      Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
+                    else
+                      default_scopes
+                    end
+      end
+      def default_scopes
+        server.default_scopes
+      end
+      def valid?
+        error.nil?
+      end
+      def find_or_create_access_token(client, resource_owner_id, scopes, server)
+        @access_token = Doorkeeper::AccessToken.find_or_create_for(
+          client,
+          resource_owner_id,
+          scopes,
+          server.access_token_expires_in,
+          server.refresh_token_enabled?)
+      end
+      def on_successful_authorization
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/token_response.rb CHANGED Viewed

@@ -22,7 +22,9 @@ module Doorkeeper
       end
       def headers
-        { 'Cache-Control' => 'no-store', 'Pragma' => 'no-cache', 'Content-Type' => 'application/json; charset=utf-8' }
+        { 'Cache-Control' => 'no-store',
+          'Pragma' => 'no-cache',
+          'Content-Type' => 'application/json; charset=utf-8' }
       end
     end
   end

data/lib/doorkeeper/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '1.2.0'
+  VERSION = '1.3.0'
 end

data/lib/generators/doorkeeper/templates/initializer.rb CHANGED Viewed

@@ -25,6 +25,10 @@ Doorkeeper.configure do
   # If you want to disable expiration, set this to nil.
   # access_token_expires_in 2.hours
+  # Reuse access token for the same resource owner within an application (disabled by default)
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
+  # reuse_access_token
   # Issue access tokens with refresh token (disabled by default)
   # use_refresh_token

data/spec/lib/oauth/authorization_code_request_spec.rb CHANGED Viewed

@@ -62,5 +62,14 @@ module Doorkeeper::OAuth
       subject.validate
       expect(subject.error).to eq(:invalid_grant)
     end
+    it 'skips token creation if there is a matching one' do
+      Doorkeeper.configuration.stub(:reuse_access_token).and_return(true)
+      FactoryGirl.create(:access_token, application_id: client.id,
+        resource_owner_id: grant.resource_owner_id, scopes: grant.scopes.to_s)
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
   end
 end

data/spec/lib/oauth/password_access_token_request_spec.rb CHANGED Viewed

@@ -44,6 +44,21 @@ module Doorkeeper::OAuth
       expect(subject).to be_valid
     end
+    it 'creates token even when there is already one (default)' do
+      FactoryGirl.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
+      expect do
+        subject.authorize
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+    end
+    it 'skips token creation if there is already one' do
+      Doorkeeper.configuration.stub(:reuse_access_token).and_return(true)
+      FactoryGirl.create(:access_token, application_id: client.id, resource_owner_id: owner.id)
+      expect do
+        subject.authorize
+      end.to_not change { Doorkeeper::AccessToken.count }
+    end
     describe 'with scopes' do
       subject do
         PasswordAccessTokenRequest.new(server, client, owner, scope: 'public')

data/spec/models/doorkeeper/access_grant_spec.rb CHANGED Viewed

@@ -7,7 +7,7 @@ describe Doorkeeper::AccessGrant do
   it_behaves_like 'an accessible token'
   it_behaves_like 'a revocable token'
-  it_behaves_like 'an unique token' do
+  it_behaves_like 'a unique token' do
     let(:factory_name) { :access_grant }
   end

data/spec/models/doorkeeper/access_token_spec.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Doorkeeper
     it_behaves_like 'an accessible token'
     it_behaves_like 'a revocable token'
-    it_behaves_like 'an unique token' do
+    it_behaves_like 'a unique token' do
       let(:factory_name) { :access_token }
     end

data/spec/requests/flows/password_spec.rb CHANGED Viewed

@@ -58,6 +58,18 @@ feature 'Resource Owner Password Credentials Flow' do
       should_have_json 'refresh_token',  token.refresh_token
     end
+    scenario 'should return the same token if it is still accessible' do
+      Doorkeeper.configuration.stub(:reuse_access_token).and_return(true)
+      client_is_authorized(@client, @resource_owner)
+      post password_token_endpoint_url(client: @client, resource_owner: @resource_owner)
+      Doorkeeper::AccessToken.count.should be(1)
+      should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+    end
   end
   context 'with invalid user credentials' do

data/spec/support/shared/models_shared_examples.rb CHANGED Viewed

@@ -27,16 +27,8 @@ shared_examples 'a revocable token' do
   end
 end
-shared_examples 'an unique token' do
+shared_examples 'a unique token' do
   describe :token do
-    it 'is unique' do
-      tokens = []
-      3.times do
-        token = FactoryGirl.create(factory_name).token
-        expect(tokens).not_to include(token)
-      end
-    end
     it 'is generated before validation' do
       expect { subject.valid? }.to change { subject.token }.from(nil)
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-05-03 00:00:00.000000000 Z
+date: 2014-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -231,6 +231,7 @@ files:
 - lib/doorkeeper/oauth/password_access_token_request.rb
 - lib/doorkeeper/oauth/pre_authorization.rb
 - lib/doorkeeper/oauth/refresh_token_request.rb
+- lib/doorkeeper/oauth/request_concern.rb
 - lib/doorkeeper/oauth/scopes.rb
 - lib/doorkeeper/oauth/token.rb
 - lib/doorkeeper/oauth/token_request.rb