doorkeeper 1.4.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3980ae7bb2071ab9aa5f29952fc42fd5b04c0d7e
-  data.tar.gz: 71725d944d80d72391f12ab12056f28ae3a6e963
+  metadata.gz: bb6985f71c5db8c5a96f9205a290aa6d36956177
+  data.tar.gz: 4d96f1493d890735bdeaf379c6345a949ecd0857
 SHA512:
-  metadata.gz: 48254ea12523bc9c00a1e07b512987357887453d490f9dac13b1266044c674fb713089abacb3e8213b5d1e8f1038d82d4ad8a9024f6cc9be93b11a679203d935
-  data.tar.gz: fa222e77888ed9373bb60e50981ba91bfeb301f548b4c8a0286593a94a6cb358a23acde563b91fde38b07e23c37b523f86c93b1b6f1bc6c18218b83d13dfa8c9
+  metadata.gz: 0efb46569e591675b5a208a7cae0d72eb746a17ea99573359e7788374afdcc9b052ef38577abba6681aecb89ddc95e7d6dc0b09bb7201beeb2ac0c4f671d899f
+  data.tar.gz: c3786d7fb5f6c2867fddd0d67948bfdc0292451f82aec9fcb1075b08d37c1a439028984c11e2100f1a2cff7ddd8e223e0da8dfb11ae511085bec9fa9b5c1486a

data/.hound.yml

@@ -4,3 +4,6 @@ LineLength:
 
 StringLiterals:
   Enabled: false
+
+TrailingBlankLines:
+  Enabled: true

data/.travis.yml

@@ -1,18 +1,46 @@
 language: ruby
+sudo: false
+cache: bundler
+
 rvm:
   - 1.9.3
   - 2.0
   - 2.1
+
 env:
-  - rails=3.1.12
-  - rails=3.2.18
-  - rails=4.0.5
-  - rails=4.1.1
-  - orm=mongoid2
-  - orm=mongoid3
-  - orm=mongoid4
-  - orm=mongo_mapper
-  - table_name_prefix=h_
-  - table_name_suffix=_h
+  # - rails=3.1 # Don't need it in the CI matrix
+  - rails=3.2.0
+  - rails=4.0.0
+  - rails=4.1.0
+  - rails=4.2.0.rc2
+
+gemfile:
+  - Gemfile
+  - gemfiles/Gemfile.mongoid2.rb
+  - gemfiles/Gemfile.mongoid3.rb
+  - gemfiles/Gemfile.mongoid4.rb
+  - gemfiles/Gemfile.mongo_mapper.rb
+
 services:
   - mongodb
+
+matrix:
+  exclude:
+    - gemfile: gemfiles/Gemfile.mongoid2.rb
+      env: rails=4.0.0
+    - gemfile: gemfiles/Gemfile.mongoid2.rb
+      env: rails=4.1.0
+    - gemfile: gemfiles/Gemfile.mongoid2.rb
+      env: rails=4.2.0.rc2
+
+    - gemfile: gemfiles/Gemfile.mongoid3.rb
+      env: rails=4.0.0
+    - gemfile: gemfiles/Gemfile.mongoid3.rb
+      env: rails=4.1.0
+    - gemfile: gemfiles/Gemfile.mongoid3.rb
+      env: rails=4.2.0.rc2
+
+    - gemfile: gemfiles/Gemfile.mongoid4.rb
+      env: rails=3.1.0
+    - gemfile: gemfiles/Gemfile.mongoid4.rb
+      env: rails=3.2.0

data/CHANGELOG.md

@@ -1,6 +1,48 @@
 # Changelog
 
-## master
+## 2.0.0
+
+### Backward incompatible changes
+
+- [#448] Removes `doorkeeper_for` helper. Now we use
+  `before_action :doorkeeper_authorize!`.
+- [#469] Allow client applications to restrict the set of allowable scopes.
+  Fixes #317. `oauth_applications` relation needs a new `scopes` string column,
+  non nullable, which defaults to an empty string. To add the column run:
+
+  ```
+  rails generate doorkeeper:application_scopes
+  ```
+
+  If you’d rather do it by hand, your ActiveRecord migration should contain:
+
+  ```ruby
+  add_column :oauth_applications, :scopes, :string, null: false, default: ‘’
+  ```
+
+### Removed deprecations
+
+- Removes `test_redirect_uri` option. It is now called `native_redirect_uri`.
+- [#446] Removes `mount Doorkeeper::Engine`. Now we use `use_doorkeeper`.
+
+### Other changes/enhancements
+
+- [#484] Performance improvement - avoid performing order_by when not required.
+- [#450] When password is invalid in Password Credentials Grant, Doorkeeper
+  returned 'invalid_resource_owner' instead of 'invalid_grant', as the spec
+  declares. Fixes #444.
+- [#452] Allows `revoked_at` to be set in the future, for future expiry.
+  Rationale: https://github.com/doorkeeper-gem/doorkeeper/pull/452#issuecomment-51431459
+- [#480] For Implicit grant flow, access tokens can now be reused. Fixes #421.
+- [#491] Reworks of @jasl's #454 and #478. ORM refactor that allows doorkeeper
+  to be extended more easily with unsupported ORMs. It also marks the boundaries
+  between shared model code and ORM specifics inside of the gem.
+- [#496] Tests with Rails 4.2.
+- [#489] Adds `force_ssl_in_redirect_uri` to force the usage of the HTTPS
+  protocol in non-native redirect uris.
+- [#516] Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
+- [#518] Fix random failures in mongodb.
+
 
 ## 1.4.0
 

data/CONTRIBUTING.md

@@ -0,0 +1,35 @@
+# Contributing
+
+We love pull requests. Here's a quick guide.
+
+Fork, then clone the repo:
+
+    git clone git@github.com:your-username/doorkeeper.git
+
+Set up Ruby dependencies via Bundler
+
+    bundle install
+
+Make sure the tests pass:
+
+    rake
+
+Make your change. Add tests for your change. Make the tests pass:
+
+    rake
+
+Push to your fork and submit a pull request.
+
+At this point you're waiting on us. We like to at least comment on pull requests
+within three business days (and, typically, one business day). We may suggest
+some changes or improvements or alternatives.
+
+Some things that will increase the chance that your pull request is accepted:
+
+* Write tests.
+* Follow our [style guide][style]. Address Hound CI comments unless you have a
+  good reason not to.
+* Write a [good commit message][commit].
+
+[style]: https://github.com/thoughtbot/guides/tree/master/style
+[commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html

data/Gemfile

@@ -1,33 +1,11 @@
-# Defaults. For supported versions check .travis.yml
-ENV['rails'] ||= ENV['orm'] == "mongoid4" ? '4.0.2' : '3.2.13'
-ENV['orm']   ||= 'active_record'
+ENV['rails'] ||= '4.2.0.rc2'
 
 source 'https://rubygems.org'
 
-# Define Rails version
-gem 'rails', ENV['rails']
-
-gem 'database_cleaner', '~> 1.0.0.RC1' if ENV['rails'][0] == '4'
-
-case ENV['orm']
-when 'active_record'
-  gem 'activerecord'
-
-when 'mongoid2'
-  gem 'mongoid', '2.5.1'
-  gem 'bson_ext', '~> 1.7'
-
-when 'mongoid3'
-  gem 'mongoid', '3.0.10'
-
-when 'mongoid4'
-  gem 'mongoid', '4.0.0.beta1'
-  gem 'moped'
-
-when 'mongo_mapper'
-  gem 'mongo_mapper', '0.12.0'
-  gem 'bson_ext', '~> 1.7'
+gem 'rails', "~> #{ENV['rails']}"
 
+if ENV['rails'][0] == '4'
+  gem 'database_cleaner'
 end
 
 gemspec

data/README.md

@@ -1,12 +1,17 @@
 # Doorkeeper - awesome oauth provider for your Rails app.
 
-[![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.png?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
-[![Dependency Status](https://gemnasium.com/applicake/doorkeeper.png?travis)](https://gemnasium.com/applicake/doorkeeper)
-[![Code Climate](https://codeclimate.com/github/applicake/doorkeeper.png)](https://codeclimate.com/github/applicake/doorkeeper)
-[![Gem Version](https://badge.fury.io/rb/doorkeeper.png)](https://rubygems.org/gems/doorkeeper)
+[![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
+[![Dependency Status](https://gemnasium.com/applicake/doorkeeper.svg?travis)](https://gemnasium.com/applicake/doorkeeper)
+[![Code Climate](https://codeclimate.com/github/applicake/doorkeeper.svg)](https://codeclimate.com/github/applicake/doorkeeper)
+[![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
 
 Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionality to your application.
 
+## Documentation valid for `master` branch
+
+Please check the documentation for the version of doorkeeper you are using in:
+https://github.com/doorkeeper-gem/doorkeeper/releases.
+
 ## Table of Contents
 
 - [Useful links](#useful-links)
@@ -146,66 +151,25 @@ models, session or routes helpers. However, since this code is not run in the
 context of your application's `ApplicationController` it doesn't have access to
 the methods defined over there.
 
-If you use [devise](https://github.com/plataformatec/devise), you may want to
-use warden to authenticate the block:
-
-``` ruby
-resource_owner_authenticator do
-  current_user || warden.authenticate!(:scope => :user)
-end
-```
-
-Side note: when using devise you have access to `current_user` as devise extends
-entire `ActionController::Base` with the `current_#{mapping}`.
-
-If you are not using devise, you may want to check other ways of
-authentication
+You may want to check other ways of authentication
 [here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Authenticating-using-Clearance-or-DIY).
 
 ## Protecting resources with OAuth (a.k.a your API endpoint)
 
-To protect your API with OAuth, doorkeeper only requires you to call
-`doorkeeper_for` helper, specifying the actions you want to protect.
-
-For example, if you have a products controller under api/v1, you can require
-the OAuth authentication with:
+To protect your API with OAuth, you just need to setup `before_action`s
+specifying the actions you want to protect. For example:
 
 ``` ruby
 class Api::V1::ProductsController < Api::V1::ApiController
-  doorkeeper_for :all                 # Require access token for all actions
-  doorkeeper_for :all, except: :index # All actions except index
-  doorkeeper_for :index, :show        # Only for index and show action
+  before_action :doorkeeper_authorize! # Require access token for all actions
 
   # your actions
 end
 ```
 
-You don't need to setup any before filter, `doorkeeper_for` will handle that
-for you.
-
-You can pass `if` or `unless` blocks that would specify when doorkeeper has to
-guard the access.
-
-``` ruby
-class Api::V1::ProductsController < Api::V1::ApiController
-  doorkeeper_for :all, :if => lambda { request.xhr? }
-end
-```
-
-### ActionController::Metal integration
+You can pass any option `before_action` accepts, such as `if`, `only`,
+`except`, and others.
 
-The `doorkeeper_for` filter is intended to work with ActionController::Metal
-too. You only need to include the required `ActionController` modules:
-
-```ruby
-class MetalController < ActionController::Metal
-  include AbstractController::Callbacks
-  include ActionController::Head
-  include Doorkeeper::Helpers::Filter
-
-  doorkeeper_for :all
-end
-```
 
 ### Route Constraints and other integrations
 
@@ -248,8 +212,10 @@ And in your controllers:
 
 ```ruby
 class Api::V1::ProductsController < Api::V1::ApiController
-  doorkeeper_for :index, :show,    :scopes => [:public]
-  doorkeeper_for :update, :create, :scopes => [:admin, :write]
+  before_action -> { doorkeeper_authorize! :public }, only: :index
+  before_action only: [:create, :update, :destroy] do
+    doorkeeper_authorize! :admin, :write
+  end
 end
 ```
 
@@ -265,8 +231,8 @@ controller that returns the resource owner instance:
 
 ``` ruby
 class Api::V1::CredentialsController < Api::V1::ApiController
-  doorkeeper_for :all
-  respond_to     :json
+  before_action :doorkeeper_authorize!
+  respond_to    :json
 
   # GET /me.json
   def me

data/Rakefile

@@ -5,7 +5,9 @@ desc 'Default: run specs.'
 task :default => :spec
 
 desc "Run all specs"
-RSpec::Core::RakeTask.new(:spec)
+RSpec::Core::RakeTask.new(:spec) do |config|
+  config.verbose = false
+end
 
 namespace :doorkeeper do
   desc "Install doorkeeper in dummy app"

data/app/controllers/doorkeeper/application_controller.rb

@@ -2,12 +2,12 @@ module Doorkeeper
   class ApplicationController < ActionController::Base
     include Helpers::Controller
 
-    helper 'doorkeeper/form_errors'
-
     if ::Rails.version.to_i < 4
       protect_from_forgery
     else
       protect_from_forgery with: :exception
     end
+
+    helper 'doorkeeper/dashboard'
   end
 end

data/app/controllers/doorkeeper/applications_controller.rb

@@ -1,7 +1,6 @@
 module Doorkeeper
   class ApplicationsController < Doorkeeper::ApplicationController
     layout 'doorkeeper/admin'
-    respond_to :html
 
     before_filter :authenticate_admin!
     before_filter :set_application, only: [:show, :edit, :update, :destroy]
@@ -18,7 +17,7 @@ module Doorkeeper
       @application = Application.new(application_params)
       if @application.save
         flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
-        respond_with [:oauth, @application]
+        redirect_to oauth_application_url(@application)
       else
         render :new
       end
@@ -27,7 +26,7 @@ module Doorkeeper
     def update
       if @application.update_attributes(application_params)
         flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :update])
-        respond_with [:oauth, @application]
+        redirect_to oauth_application_url(@application)
       else
         render :edit
       end
@@ -46,9 +45,9 @@ module Doorkeeper
 
     def application_params
       if params.respond_to?(:permit)
-        params.require(:application).permit(:name, :redirect_uri)
+        params.require(:doorkeeper_application).permit(:name, :redirect_uri)
       else
-        params[:application].slice(:name, :redirect_uri) rescue nil
+        params[:doorkeeper_application].slice(:name, :redirect_uri) rescue nil
       end
     end
   end

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -4,7 +4,7 @@ module Doorkeeper
 
     def new
       if pre_auth.authorizable?
-        if matching_token? || skip_authorization?
+        if skip_authorization? || matching_token?
           auth = authorization.authorize
           redirect_to auth.redirect_uri
         else
@@ -41,7 +41,9 @@ module Doorkeeper
     end
 
     def pre_auth
-      @pre_auth ||= OAuth::PreAuthorization.new(Doorkeeper.configuration, server.client_via_uid, params)
+      @pre_auth ||= OAuth::PreAuthorization.new(Doorkeeper.configuration,
+                                                server.client_via_uid,
+                                                params)
     end
 
     def authorization

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -18,14 +18,14 @@ module Doorkeeper
         revoke_token(request.POST['token']) if request.POST['token']
       end
       # The authorization server responds with HTTP status code 200 if the
-      # token has been revoked sucessfully or if the client submitted an invalid token
+      # token has been revoked successfully or if the client submitted an invalid token
       render json: {}, status: 200
     end
 
     private
 
     def revoke_token(token)
-      token = AccessToken.authenticate(token) || AccessToken.by_refresh_token(token)
+      token = AccessToken.by_token(token) || AccessToken.by_refresh_token(token)
       if token && doorkeeper_token.same_credential?(token)
         token.revoke
         true

data/app/helpers/doorkeeper/{form_errors_helper.rb → dashboard_helper.rb}

@@ -1,4 +1,4 @@
-module Doorkeeper::FormErrorsHelper
+module Doorkeeper::DashboardHelper
   def doorkeeper_errors_for(object, method)
     if object.errors[method].present?
       object.errors[method].map do |msg|
@@ -8,4 +8,8 @@ module Doorkeeper::FormErrorsHelper
       end.reduce(&:join).html_safe
     end
   end
+
+  def doorkeeper_submit_path(application)
+    application.persisted? ? oauth_application_path(application) : oauth_applications_path
+  end
 end

data/app/validators/redirect_uri_validator.rb

@@ -14,6 +14,7 @@ class RedirectUriValidator < ActiveModel::EachValidator
         return if native_redirect_uri?(uri)
         record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
         record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
+        record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
       end
     end
   rescue URI::InvalidURIError
@@ -25,4 +26,9 @@ class RedirectUriValidator < ActiveModel::EachValidator
   def native_redirect_uri?(uri)
     self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
   end
+
+  def invalid_ssl_uri?(uri)
+    forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
+    forces_ssl && uri.try(:scheme) != 'https'
+  end
 end

data/app/views/doorkeeper/applications/_delete_form.html.erb

@@ -1,5 +1,5 @@
 <%- submit_btn_css ||= 'btn btn-link' %>
-<%= form_tag [:oauth, application] do %>
+<%= form_tag oauth_application_path(application) do %>
   <input type="hidden" name="_method" value="delete">
   <%= submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
 <% end %>

data/app/views/doorkeeper/applications/_form.html.erb

@@ -1,10 +1,10 @@
-<%= form_for [:oauth, application], html: {class: 'form-horizontal', role: 'form'} do |f| %>
+<%= form_for application, url: doorkeeper_submit_path(application), html: {class: 'form-horizontal', role: 'form'} do |f| %>
   <% if application.errors.any? %>
     <div class="alert alert-danger" data-alert><p>Whoops! Check your form for possible errors</p></div>
   <% end %>
 
   <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:name].present?}" do %>
-    <%= f.label :name, class: 'col-sm-2 control-label', for: 'application_name' %>
+    <%= f.label :name, class: 'col-sm-2 control-label' %>
     <div class="col-sm-10">
       <%= f.text_field :name, class: 'form-control' %>
       <%= doorkeeper_errors_for application, :name %>
@@ -12,7 +12,7 @@
   <% end %>
 
   <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:redirect_uri].present?}" do %>
-    <%= f.label :redirect_uri, class: 'col-sm-2 control-label', for: 'application_redirect_uri' %>
+    <%= f.label :redirect_uri, class: 'col-sm-2 control-label' %>
     <div class="col-sm-10">
       <%= f.text_area :redirect_uri, class: 'form-control' %>
       <%= doorkeeper_errors_for application, :redirect_uri %>

data/app/views/doorkeeper/applications/index.html.erb

@@ -16,7 +16,7 @@
   <tbody>
   <% @applications.each do |application| %>
     <tr id="application_<%= application.id %>">
-      <td><%= link_to application.name, [:oauth, application] %></td>
+      <td><%= link_to application.name, oauth_application_path(application) %></td>
       <td><%= application.redirect_uri %></td>
       <td><%= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link' %></td>
       <td><%= render 'delete_form', application: application %></td>

data/config/locales/en.yml

@@ -2,30 +2,33 @@ en:
   activerecord:
     errors:
       models:
-        application:
+        doorkeeper/application:
           attributes:
             redirect_uri:
               fragment_present: 'cannot contain a fragment.'
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
+              secured_uri: 'must be an HTTPS/SSL URI.'
   mongoid:
     errors:
       models:
-        application:
+        doorkeeper/application:
           attributes:
             redirect_uri:
               fragment_present: 'cannot contain a fragment.'
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
+              secured_uri: 'must be an HTTPS/SSL URI.'
   mongo_mapper:
     errors:
       models:
-        application:
+        doorkeeper/application:
           attributes:
             redirect_uri:
               fragment_present: 'cannot contain a fragment.'
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
+              secured_uri: 'must be an HTTPS/SSL URI.'
   doorkeeper:
     errors:
       messages:

data/doorkeeper.gemspec

@@ -5,8 +5,8 @@ require "doorkeeper/version"
 Gem::Specification.new do |s|
   s.name        = "doorkeeper"
   s.version     = Doorkeeper::VERSION
-  s.authors     = ["Felipe Elias Philipp", "Piotr Jakubowski"]
-  s.email       = ["felipe@applicake.com", "piotr.jakubowski@applicake.com"]
+  s.authors     = ["Felipe Elias Philipp", "Tute Costa"]
+  s.email       = %w(tutecosta@gmail.com)
   s.homepage    = "https://github.com/doorkeeper-gem/doorkeeper"
   s.summary     = "Doorkeeper is an OAuth 2 provider for Rails."
   s.description = "Doorkeeper is an OAuth 2 provider for Rails."
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency "rspec-rails", "~> 2.99.0"
   s.add_development_dependency "capybara", "~> 2.3.0"
   s.add_development_dependency "generator_spec", "~> 0.9.0"
-  s.add_development_dependency "factory_girl", "~> 4.4.0"
+  s.add_development_dependency "factory_girl", "~> 4.5.0"
   s.add_development_dependency "timecop", "~> 0.7.0"
   s.add_development_dependency "database_cleaner", "~> 1.3.0"
   s.add_development_dependency "rspec-activemodel-mocks", "~> 1.0.0"

data/gemfiles/Gemfile.common.rb

@@ -0,0 +1,11 @@
+ENV['rails'] ||= '4.2.0.rc2'
+
+source 'https://rubygems.org'
+
+gem 'rails', "~> #{ENV['rails']}"
+
+if ENV['rails'][0] == '4'
+  gem 'database_cleaner'
+end
+
+gemspec path: '../'

data/gemfiles/Gemfile.mongo_mapper.rb

@@ -0,0 +1,5 @@
+gemfile = 'gemfiles/Gemfile.common.rb'
+instance_eval IO.read(gemfile), gemfile
+
+gem 'mongo_mapper', '~> 0.12'
+gem 'bson_ext', '~> 1.7'

data/gemfiles/Gemfile.mongoid2.rb

@@ -0,0 +1,5 @@
+gemfile = 'gemfiles/Gemfile.common.rb'
+instance_eval IO.read(gemfile), gemfile
+
+gem 'mongoid', '~> 2'
+gem 'bson_ext', '~> 1.7'

data/gemfiles/Gemfile.mongoid3.rb

@@ -0,0 +1,4 @@
+gemfile = 'gemfiles/Gemfile.common.rb'
+instance_eval IO.read(gemfile), gemfile
+
+gem 'mongoid', '~> 3'

data/gemfiles/Gemfile.mongoid4.rb

@@ -0,0 +1,5 @@
+gemfile = 'gemfiles/Gemfile.common.rb'
+instance_eval IO.read(gemfile), gemfile
+
+gem 'mongoid', '~> 4'
+gem 'moped'