doorkeeper 1.3.1 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/.hound.yml +4 -1
  3. data/CHANGELOG.md +18 -0
  4. data/README.md +2 -1
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +16 -0
  6. data/app/controllers/doorkeeper/applications_controller.rb +0 -6
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +14 -15
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +10 -8
  9. data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
  10. data/app/controllers/doorkeeper/tokens_controller.rb +3 -11
  11. data/app/validators/redirect_uri_validator.rb +0 -1
  12. data/config/locales/en.yml +0 -3
  13. data/doorkeeper.gemspec +1 -0
  14. data/lib/doorkeeper.rb +1 -0
  15. data/lib/doorkeeper/config.rb +5 -5
  16. data/lib/doorkeeper/doorkeeper_for.rb +7 -17
  17. data/lib/doorkeeper/helpers/controller.rb +11 -8
  18. data/lib/doorkeeper/helpers/filter.rb +35 -13
  19. data/lib/doorkeeper/models/access_grant.rb +5 -5
  20. data/lib/doorkeeper/models/access_token.rb +9 -5
  21. data/lib/doorkeeper/models/active_record/access_grant.rb +1 -1
  22. data/lib/doorkeeper/models/active_record/access_token.rb +1 -1
  23. data/lib/doorkeeper/models/active_record/application.rb +3 -3
  24. data/lib/doorkeeper/models/application.rb +1 -1
  25. data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +0 -3
  26. data/lib/doorkeeper/models/mongo_mapper/access_token.rb +0 -3
  27. data/lib/doorkeeper/models/mongoid2/access_grant.rb +1 -3
  28. data/lib/doorkeeper/models/mongoid2/access_token.rb +1 -3
  29. data/lib/doorkeeper/models/mongoid3_4/access_grant.rb +2 -4
  30. data/lib/doorkeeper/models/mongoid3_4/access_token.rb +2 -4
  31. data/lib/doorkeeper/models/revocable.rb +1 -1
  32. data/lib/doorkeeper/models/scopes.rb +6 -2
  33. data/lib/doorkeeper/oauth/authorization/code.rb +4 -0
  34. data/lib/doorkeeper/oauth/authorization/token.rb +8 -0
  35. data/lib/doorkeeper/oauth/authorization_code_request.rb +2 -2
  36. data/lib/doorkeeper/oauth/client.rb +2 -2
  37. data/lib/doorkeeper/oauth/client_credentials/creator.rb +1 -1
  38. data/lib/doorkeeper/oauth/client_credentials/validation.rb +2 -2
  39. data/lib/doorkeeper/oauth/client_credentials_request.rb +3 -12
  40. data/lib/doorkeeper/oauth/code_response.rb +3 -4
  41. data/lib/doorkeeper/oauth/error_response.rb +3 -3
  42. data/lib/doorkeeper/oauth/forbidden_token_response.rb +29 -0
  43. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
  44. data/lib/doorkeeper/oauth/password_access_token_request.rb +5 -5
  45. data/lib/doorkeeper/oauth/pre_authorization.rb +2 -2
  46. data/lib/doorkeeper/oauth/refresh_token_request.rb +6 -6
  47. data/lib/doorkeeper/oauth/request_concern.rb +2 -2
  48. data/lib/doorkeeper/oauth/token.rb +1 -1
  49. data/lib/doorkeeper/server.rb +2 -2
  50. data/lib/doorkeeper/version.rb +1 -1
  51. data/spec/controllers/authorizations_controller_spec.rb +46 -0
  52. data/spec/controllers/protected_resources_controller_spec.rb +13 -6
  53. data/spec/lib/models/revocable_spec.rb +1 -1
  54. data/spec/lib/models/scopes_spec.rb +11 -0
  55. data/spec/lib/oauth/authorization/uri_builder_spec.rb +5 -0
  56. data/spec/lib/oauth/forbidden_token_response_spec.rb +23 -0
  57. data/spec/models/doorkeeper/access_token_spec.rb +30 -0
  58. data/spec/requests/flows/refresh_token_spec.rb +2 -2
  59. data/spec/requests/protected_resources/private_api_spec.rb +5 -5
  60. data/spec/support/shared/controllers_shared_context.rb +2 -2
  61. data/spec/validators/redirect_uri_validator_spec.rb +1 -2
  62. metadata +19 -4
  63. data/lib/doorkeeper/models/mongo_mapper/revocable.rb +0 -15
  64. data/lib/doorkeeper/models/mongoid/revocable.rb +0 -15
@@ -1,10 +1,10 @@
1
1
  module Doorkeeper
2
2
  class AccessGrant
3
- include Doorkeeper::OAuth::Helpers
4
- include Doorkeeper::Models::Expirable
5
- include Doorkeeper::Models::Revocable
6
- include Doorkeeper::Models::Accessible
7
- include Doorkeeper::Models::Scopes
3
+ include OAuth::Helpers
4
+ include Models::Expirable
5
+ include Models::Revocable
6
+ include Models::Accessible
7
+ include Models::Scopes
8
8
 
9
9
  belongs_to :application, class_name: 'Doorkeeper::Application', inverse_of: :access_grants
10
10
 
@@ -1,10 +1,10 @@
1
1
  module Doorkeeper
2
2
  class AccessToken
3
- include Doorkeeper::OAuth::Helpers
4
- include Doorkeeper::Models::Expirable
5
- include Doorkeeper::Models::Revocable
6
- include Doorkeeper::Models::Accessible
7
- include Doorkeeper::Models::Scopes
3
+ include OAuth::Helpers
4
+ include Models::Expirable
5
+ include Models::Revocable
6
+ include Models::Accessible
7
+ include Models::Scopes
8
8
 
9
9
  belongs_to :application,
10
10
  class_name: 'Doorkeeper::Application',
@@ -89,6 +89,10 @@ module Doorkeeper
89
89
  resource_owner_id == access_token.resource_owner_id
90
90
  end
91
91
 
92
+ def acceptable?(scopes)
93
+ accessible? && includes_scope?(scopes)
94
+ end
95
+
92
96
  private
93
97
 
94
98
  def generate_refresh_token
@@ -4,6 +4,6 @@ module Doorkeeper
4
4
  establish_connection Doorkeeper.configuration.active_record_options[:establish_connection]
5
5
  end
6
6
 
7
- self.table_name = "#{self.table_name_prefix}oauth_access_grants#{self.table_name_suffix}".to_sym
7
+ self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}".to_sym
8
8
  end
9
9
  end
@@ -4,7 +4,7 @@ module Doorkeeper
4
4
  establish_connection Doorkeeper.configuration.active_record_options[:establish_connection]
5
5
  end
6
6
 
7
- self.table_name = "#{self.table_name_prefix}oauth_access_tokens#{self.table_name_suffix}".to_sym
7
+ self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}".to_sym
8
8
 
9
9
  def self.delete_all_for(application_id, resource_owner)
10
10
  where(application_id: application_id,
@@ -4,7 +4,7 @@ module Doorkeeper
4
4
  establish_connection Doorkeeper.configuration.active_record_options[:establish_connection]
5
5
  end
6
6
 
7
- self.table_name = "#{self.table_name_prefix}oauth_applications#{self.table_name_suffix}".to_sym
7
+ self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}".to_sym
8
8
 
9
9
  if ActiveRecord::VERSION::MAJOR >= 4
10
10
  has_many :authorized_tokens, -> { where(revoked_at: nil) }, class_name: 'AccessToken'
@@ -14,12 +14,12 @@ module Doorkeeper
14
14
  has_many :authorized_applications, through: :authorized_tokens, source: :application
15
15
 
16
16
  def self.column_names_with_table
17
- self.column_names.map { |c| "#{self.table_name}.#{c}" }
17
+ self.column_names.map { |c| "#{table_name}.#{c}" }
18
18
  end
19
19
 
20
20
  def self.authorized_for(resource_owner)
21
21
  joins(:authorized_applications).
22
- where(Doorkeeper::AccessToken.table_name => { resource_owner_id: resource_owner.id, revoked_at: nil }).
22
+ where(AccessToken.table_name => { resource_owner_id: resource_owner.id, revoked_at: nil }).
23
23
  group(column_names_with_table.join(','))
24
24
  end
25
25
  end
@@ -1,6 +1,6 @@
1
1
  module Doorkeeper
2
2
  class Application
3
- include Doorkeeper::OAuth::Helpers
3
+ include OAuth::Helpers
4
4
 
5
5
  has_many :access_grants, dependent: :destroy, class_name: 'Doorkeeper::AccessGrant'
6
6
  has_many :access_tokens, dependent: :destroy, class_name: 'Doorkeeper::AccessToken'
@@ -1,9 +1,6 @@
1
- require 'doorkeeper/models/mongo_mapper/revocable'
2
-
3
1
  module Doorkeeper
4
2
  class AccessGrant
5
3
  include MongoMapper::Document
6
- include Doorkeeper::Models::MongoMapper::Revocable
7
4
  safe
8
5
  timestamps!
9
6
 
@@ -1,9 +1,6 @@
1
- require 'doorkeeper/models/mongo_mapper/revocable'
2
-
3
1
  module Doorkeeper
4
2
  class AccessToken
5
3
  include MongoMapper::Document
6
- include Doorkeeper::Models::MongoMapper::Revocable
7
4
  safe
8
5
  timestamps!
9
6
 
@@ -1,12 +1,10 @@
1
- require 'doorkeeper/models/mongoid/revocable'
2
1
  require 'doorkeeper/models/mongoid/scopes'
3
2
 
4
3
  module Doorkeeper
5
4
  class AccessGrant
6
5
  include Mongoid::Document
7
6
  include Mongoid::Timestamps
8
- include Doorkeeper::Models::Mongoid::Revocable
9
- include Doorkeeper::Models::Mongoid::Scopes
7
+ include Models::Mongoid::Scopes
10
8
 
11
9
  self.store_in :oauth_access_grants
12
10
 
@@ -1,12 +1,10 @@
1
- require 'doorkeeper/models/mongoid/revocable'
2
1
  require 'doorkeeper/models/mongoid/scopes'
3
2
 
4
3
  module Doorkeeper
5
4
  class AccessToken
6
5
  include Mongoid::Document
7
6
  include Mongoid::Timestamps
8
- include Doorkeeper::Models::Mongoid::Revocable
9
- include Doorkeeper::Models::Mongoid::Scopes
7
+ include Models::Mongoid::Scopes
10
8
 
11
9
  self.store_in :oauth_access_tokens
12
10
 
@@ -1,4 +1,3 @@
1
- require 'doorkeeper/models/mongoid/revocable'
2
1
  require 'doorkeeper/models/mongoid/scopes'
3
2
  require 'doorkeeper/models/mongoid/version'
4
3
 
@@ -6,9 +5,8 @@ module Doorkeeper
6
5
  class AccessGrant
7
6
  include Mongoid::Document
8
7
  include Mongoid::Timestamps
9
- include Doorkeeper::Models::Mongoid::Revocable
10
- include Doorkeeper::Models::Mongoid::Scopes
11
- extend Doorkeeper::Models::Mongoid::Version
8
+ include Models::Mongoid::Scopes
9
+ extend Models::Mongoid::Version
12
10
 
13
11
  self.store_in collection: :oauth_access_grants
14
12
 
@@ -1,4 +1,3 @@
1
- require 'doorkeeper/models/mongoid/revocable'
2
1
  require 'doorkeeper/models/mongoid/scopes'
3
2
  require 'doorkeeper/models/mongoid/version'
4
3
 
@@ -6,9 +5,8 @@ module Doorkeeper
6
5
  class AccessToken
7
6
  include Mongoid::Document
8
7
  include Mongoid::Timestamps
9
- include Doorkeeper::Models::Mongoid::Revocable
10
- include Doorkeeper::Models::Mongoid::Scopes
11
- extend Doorkeeper::Models::Mongoid::Version
8
+ include Models::Mongoid::Scopes
9
+ extend Models::Mongoid::Version
12
10
 
13
11
  self.store_in collection: :oauth_access_tokens
14
12
 
@@ -2,7 +2,7 @@ module Doorkeeper
2
2
  module Models
3
3
  module Revocable
4
4
  def revoke(clock = DateTime)
5
- update_column :revoked_at, clock.now
5
+ update_attribute :revoked_at, clock.now
6
6
  end
7
7
 
8
8
  def revoked?
@@ -4,11 +4,15 @@ module Doorkeeper
4
4
  def self.included(base)
5
5
  base.class_eval do
6
6
  define_method :scopes do
7
- Doorkeeper::OAuth::Scopes.from_string(self[:scopes])
7
+ OAuth::Scopes.from_string(self[:scopes])
8
8
  end
9
9
 
10
10
  define_method :scopes_string do
11
- Doorkeeper::OAuth::Scopes.from_string(self[:scopes]).to_s
11
+ OAuth::Scopes.from_string(self[:scopes]).to_s
12
+ end
13
+
14
+ define_method :includes_scope? do |required_scopes|
15
+ required_scopes.blank? || required_scopes.any? { |s| scopes.exists?(s) }
12
16
  end
13
17
  end
14
18
  end
@@ -19,6 +19,10 @@ module Doorkeeper
19
19
  )
20
20
  end
21
21
 
22
+ def native_redirect
23
+ { action: :show, code: token.token }
24
+ end
25
+
22
26
  def configuration
23
27
  Doorkeeper.configuration
24
28
  end
@@ -19,6 +19,14 @@ module Doorkeeper
19
19
  )
20
20
  end
21
21
 
22
+ def native_redirect
23
+ {
24
+ controller: 'doorkeeper/token_info',
25
+ action: :show,
26
+ access_token: token.token
27
+ }
28
+ end
29
+
22
30
  def configuration
23
31
  Doorkeeper.configuration
24
32
  end
@@ -1,8 +1,8 @@
1
1
  module Doorkeeper
2
2
  module OAuth
3
3
  class AuthorizationCodeRequest
4
- include Doorkeeper::Validations
5
- include Doorkeeper::OAuth::RequestConcern
4
+ include Validations
5
+ include OAuth::RequestConcern
6
6
 
7
7
  validate :attributes, error: :invalid_request
8
8
  validate :client, error: :invalid_client
@@ -4,13 +4,13 @@ require 'doorkeeper/oauth/client/credentials'
4
4
  module Doorkeeper
5
5
  module OAuth
6
6
  class Client
7
- def self.find(uid, method = Doorkeeper::Application.method(:by_uid))
7
+ def self.find(uid, method = Application.method(:by_uid))
8
8
  if application = method.call(uid)
9
9
  new(application)
10
10
  end
11
11
  end
12
12
 
13
- def self.authenticate(credentials, method = Doorkeeper::Application.method(:authenticate))
13
+ def self.authenticate(credentials, method = Application.method(:authenticate))
14
14
  return false if credentials.blank?
15
15
  if application = method.call(credentials.uid, credentials.secret)
16
16
  new(application)
@@ -3,7 +3,7 @@ module Doorkeeper
3
3
  class ClientCredentialsRequest
4
4
  class Creator
5
5
  def call(client, scopes, attributes = {})
6
- Doorkeeper::AccessToken.create(attributes.merge(
6
+ AccessToken.create(attributes.merge(
7
7
  application_id: client.id,
8
8
  scopes: scopes.to_s
9
9
  ))
@@ -6,8 +6,8 @@ module Doorkeeper
6
6
  module OAuth
7
7
  class ClientCredentialsRequest
8
8
  class Validation
9
- include Doorkeeper::Validations
10
- include Doorkeeper::OAuth::Helpers
9
+ include Validations
10
+ include OAuth::Helpers
11
11
 
12
12
  validate :client, error: :invalid_client
13
13
  validate :scopes, error: :invalid_scope
@@ -5,10 +5,10 @@ require 'doorkeeper/oauth/client_credentials/validation'
5
5
  module Doorkeeper
6
6
  module OAuth
7
7
  class ClientCredentialsRequest
8
- include Doorkeeper::Validations
9
- include Doorkeeper::OAuth::RequestConcern
8
+ include Validations
9
+ include OAuth::RequestConcern
10
10
 
11
- attr_accessor :issuer, :server, :client, :original_scopes, :scopes
11
+ attr_accessor :issuer, :server, :client, :original_scopes
12
12
  attr_reader :response
13
13
  alias :error_response :response
14
14
 
@@ -28,15 +28,6 @@ module Doorkeeper
28
28
  issuer.token
29
29
  end
30
30
 
31
- # TODO: Why can't it use RequestConcern's implementation?
32
- def scopes
33
- @scopes ||= if @original_scopes.present?
34
- Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
35
- else
36
- server.default_scopes
37
- end
38
- end
39
-
40
31
  private
41
32
 
42
33
  def valid?
@@ -1,8 +1,8 @@
1
1
  module Doorkeeper
2
2
  module OAuth
3
3
  class CodeResponse
4
- include Doorkeeper::OAuth::Authorization::URIBuilder
5
- include Doorkeeper::OAuth::Helpers
4
+ include OAuth::Authorization::URIBuilder
5
+ include OAuth::Helpers
6
6
 
7
7
  attr_accessor :pre_auth, :auth, :response_on_fragment
8
8
 
@@ -15,10 +15,9 @@ module Doorkeeper
15
15
  true
16
16
  end
17
17
 
18
- # TODO: configure the test oauth path?
19
18
  def redirect_uri
20
19
  if URIChecker.native_uri? pre_auth.redirect_uri
21
- { action: :show, code: auth.token.token }
20
+ auth.native_redirect
22
21
  else
23
22
  if response_on_fragment
24
23
  uri_with_fragment(
@@ -1,8 +1,8 @@
1
1
  module Doorkeeper
2
2
  module OAuth
3
3
  class ErrorResponse
4
- include Doorkeeper::OAuth::Authorization::URIBuilder
5
- include Doorkeeper::OAuth::Helpers
4
+ include OAuth::Authorization::URIBuilder
5
+ include OAuth::Helpers
6
6
 
7
7
  def self.from_request(request, attributes = {})
8
8
  state = request.state if request.respond_to?(:state)
@@ -12,7 +12,7 @@ module Doorkeeper
12
12
  delegate :name, :description, :state, to: :@error
13
13
 
14
14
  def initialize(attributes = {})
15
- @error = Doorkeeper::OAuth::Error.new(*attributes.values_at(:name, :state))
15
+ @error = OAuth::Error.new(*attributes.values_at(:name, :state))
16
16
  @redirect_uri = attributes[:redirect_uri]
17
17
  @response_on_fragment = attributes[:response_on_fragment]
18
18
  end
@@ -0,0 +1,29 @@
1
+ module Doorkeeper
2
+ module OAuth
3
+ class ForbiddenTokenResponse < ErrorResponse
4
+ def self.from_scopes(scopes, attributes = {})
5
+ new(attributes.merge(scopes: scopes))
6
+ end
7
+
8
+ def initialize(attributes = {})
9
+ super(attributes.merge(name: :invalid_scope, state: :forbidden))
10
+ @scopes = attributes[:scopes]
11
+ end
12
+
13
+ def status
14
+ :forbidden
15
+ end
16
+
17
+ def headers
18
+ headers = super
19
+ headers.delete 'WWW-Authenticate'
20
+ headers
21
+ end
22
+
23
+ def description
24
+ scope = { scope: [:doorkeeper, :scopes] }
25
+ @description ||= @scopes.map { |r| I18n.translate r, scope }.join('\n')
26
+ end
27
+ end
28
+ end
29
+ end
@@ -10,7 +10,7 @@ module Doorkeeper
10
10
  def self.valid?(scope, server_scopes)
11
11
  scope.present? &&
12
12
  scope !~ /[\n|\r|\t]/ &&
13
- server_scopes.has_scopes?(Doorkeeper::OAuth::Scopes.from_string(scope))
13
+ server_scopes.has_scopes?(OAuth::Scopes.from_string(scope))
14
14
  end
15
15
  end
16
16
  end
@@ -1,9 +1,9 @@
1
1
  module Doorkeeper
2
2
  module OAuth
3
3
  class PasswordAccessTokenRequest
4
- include Doorkeeper::Validations
5
- include Doorkeeper::OAuth::RequestConcern
6
- include Doorkeeper::OAuth::Helpers
4
+ include Validations
5
+ include OAuth::RequestConcern
6
+ include OAuth::Helpers
7
7
 
8
8
  validate :client, error: :invalid_client
9
9
  validate :resource_owner, error: :invalid_resource_owner
@@ -19,8 +19,8 @@ module Doorkeeper
19
19
  @original_scopes = parameters[:scope]
20
20
 
21
21
  if credentials
22
- @client = Doorkeeper::Application.authenticate credentials.uid,
23
- credentials.secret
22
+ @client = Application.authenticate credentials.uid,
23
+ credentials.secret
24
24
  end
25
25
  end
26
26
 
@@ -1,7 +1,7 @@
1
1
  module Doorkeeper
2
2
  module OAuth
3
3
  class PreAuthorization
4
- include Doorkeeper::Validations
4
+ include Validations
5
5
 
6
6
  validate :response_type, error: :unsupported_response_type
7
7
  validate :client, error: :invalid_client
@@ -33,7 +33,7 @@ module Doorkeeper
33
33
  end
34
34
 
35
35
  def error_response
36
- Doorkeeper::OAuth::ErrorResponse.from_request(self)
36
+ OAuth::ErrorResponse.from_request(self)
37
37
  end
38
38
 
39
39
  private
@@ -1,9 +1,9 @@
1
1
  module Doorkeeper
2
2
  module OAuth
3
3
  class RefreshTokenRequest
4
- include Doorkeeper::Validations
5
- include Doorkeeper::OAuth::RequestConcern
6
- include Doorkeeper::OAuth::Helpers
4
+ include Validations
5
+ include OAuth::RequestConcern
6
+ include OAuth::Helpers
7
7
 
8
8
  validate :token, error: :invalid_request
9
9
  validate :client, error: :invalid_client
@@ -20,8 +20,8 @@ module Doorkeeper
20
20
  @original_scopes = parameters[:scopes]
21
21
 
22
22
  if credentials
23
- @client = Doorkeeper::Application.authenticate credentials.uid,
24
- credentials.secret
23
+ @client = Application.authenticate credentials.uid,
24
+ credentials.secret
25
25
  end
26
26
  end
27
27
 
@@ -37,7 +37,7 @@ module Doorkeeper
37
37
  end
38
38
 
39
39
  def create_access_token
40
- @access_token = Doorkeeper::AccessToken.create!(
40
+ @access_token = AccessToken.create!(
41
41
  application_id: refresh_token.application_id,
42
42
  resource_owner_id: refresh_token.resource_owner_id,
43
43
  scopes: scopes.to_s,