RubyGems - doorkeeper - Versions diffs - 1.4.2 → 2.0.0.alpha1 - Mend

doorkeeper 1.4.2 → 2.0.0.alpha1

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (95) hide show

checksums.yaml +4 -4
data/.hound.yml +3 -0
data/CHANGELOG.md +18 -11
data/Gemfile +7 -7
data/README.md +20 -41
data/app/controllers/doorkeeper/application_controller.rb +1 -7
data/app/controllers/doorkeeper/applications_controller.rb +4 -5
data/app/controllers/doorkeeper/tokens_controller.rb +2 -2
data/app/helpers/doorkeeper/{form_errors_helper.rb → dashboard_helper.rb} +5 -1
data/app/views/doorkeeper/applications/_delete_form.html.erb +1 -1
data/app/views/doorkeeper/applications/_form.html.erb +1 -1
data/app/views/doorkeeper/applications/index.html.erb +1 -1
data/config/locales/en.yml +3 -3
data/lib/doorkeeper.rb +15 -6
data/lib/doorkeeper/config.rb +18 -24
data/lib/doorkeeper/engine.rb +1 -6
data/lib/doorkeeper/generators/doorkeeper/mongo_mapper/indexes_generator.rb +12 -0
data/lib/{generators/doorkeeper → doorkeeper/generators/doorkeeper/mongo_mapper}/templates/indexes.rb +0 -0
data/lib/doorkeeper/models/access_grant_mixin.rb +36 -0
data/lib/doorkeeper/models/access_token_mixin.rb +121 -0
data/lib/doorkeeper/models/application_mixin.rb +42 -0
data/lib/doorkeeper/models/{accessible.rb → concerns/accessible.rb} +0 -0
data/lib/doorkeeper/models/{expirable.rb → concerns/expirable.rb} +6 -5
data/lib/doorkeeper/models/{ownership.rb → concerns/ownership.rb} +7 -7
data/lib/doorkeeper/models/{revocable.rb → concerns/revocable.rb} +1 -1
data/lib/doorkeeper/models/concerns/scopes.rb +17 -0
data/lib/doorkeeper/oauth/authorization/token.rb +6 -6
data/lib/doorkeeper/oauth/client.rb +1 -1
data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
data/lib/doorkeeper/oauth/refresh_token_request.rb +6 -6
data/lib/doorkeeper/oauth/token.rb +3 -2
data/lib/doorkeeper/orm/active_record.rb +17 -0
data/lib/doorkeeper/orm/active_record/access_grant.rb +7 -0
data/lib/doorkeeper/orm/active_record/access_token.rb +20 -0
data/lib/doorkeeper/{models → orm}/active_record/application.rb +1 -3
data/lib/doorkeeper/orm/mongo_mapper.rb +11 -0
data/lib/doorkeeper/{models → orm}/mongo_mapper/access_grant.rb +4 -5
data/lib/doorkeeper/{models → orm}/mongo_mapper/access_token.rb +5 -8
data/lib/doorkeeper/{models → orm}/mongo_mapper/application.rb +3 -4
data/lib/doorkeeper/orm/mongoid2.rb +11 -0
data/lib/doorkeeper/{models → orm}/mongoid2/access_grant.rb +5 -3
data/lib/doorkeeper/{models → orm}/mongoid2/access_token.rb +10 -13
data/lib/doorkeeper/{models → orm}/mongoid2/application.rb +2 -0
data/lib/doorkeeper/orm/mongoid2/concerns/scopes.rb +30 -0
data/lib/doorkeeper/orm/mongoid3.rb +11 -0
data/lib/doorkeeper/orm/mongoid3/access_grant.rb +22 -0
data/lib/doorkeeper/orm/mongoid3/access_token.rb +36 -0
data/lib/doorkeeper/{models/mongoid3_4 → orm/mongoid3}/application.rb +2 -0
data/lib/doorkeeper/orm/mongoid3/concerns/scopes.rb +30 -0
data/lib/doorkeeper/orm/mongoid4.rb +11 -0
data/lib/doorkeeper/orm/mongoid4/access_grant.rb +22 -0
data/lib/doorkeeper/orm/mongoid4/access_token.rb +36 -0
data/lib/doorkeeper/orm/mongoid4/application.rb +24 -0
data/lib/doorkeeper/orm/mongoid4/concerns/scopes.rb +17 -0
data/lib/doorkeeper/rails/helpers.rb +63 -0
data/lib/doorkeeper/rails/routes.rb +1 -12
data/lib/doorkeeper/request/code.rb +0 -1
data/lib/doorkeeper/request/token.rb +0 -1
data/lib/doorkeeper/server.rb +1 -1
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/templates/initializer.rb +2 -1
data/spec/controllers/applications_controller_spec.rb +4 -4
data/spec/controllers/protected_resources_controller_spec.rb +25 -175
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +2 -2
data/spec/dummy/app/controllers/metal_controller.rb +2 -2
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +2 -2
data/spec/dummy/config/application.rb +2 -0
data/spec/lib/config_spec.rb +16 -10
data/spec/lib/models/expirable_spec.rb +1 -1
data/spec/lib/models/revocable_spec.rb +8 -3
data/spec/lib/models/scopes_spec.rb +3 -3
data/spec/lib/oauth/password_access_token_request_spec.rb +1 -1
data/spec/lib/oauth/token_request_spec.rb +28 -1
data/spec/lib/oauth/token_spec.rb +1 -1
data/spec/models/doorkeeper/application_spec.rb +1 -1
data/spec/requests/applications/applications_request_spec.rb +4 -4
data/spec/requests/endpoints/authorization_spec.rb +0 -23
data/spec/requests/flows/implicit_grant_spec.rb +32 -0
data/spec/support/shared/controllers_shared_context.rb +2 -2
metadata +40 -35
data/lib/doorkeeper/doorkeeper_for.rb +0 -69
data/lib/doorkeeper/helpers/filter.rb +0 -64
data/lib/doorkeeper/models/access_grant.rb +0 -30
data/lib/doorkeeper/models/access_token.rb +0 -106
data/lib/doorkeeper/models/active_record/access_grant.rb +0 -9
data/lib/doorkeeper/models/active_record/access_token.rb +0 -25
data/lib/doorkeeper/models/application.rb +0 -40
data/lib/doorkeeper/models/mongoid/scopes.rb +0 -15
data/lib/doorkeeper/models/mongoid/version.rb +0 -15
data/lib/doorkeeper/models/mongoid3_4/access_grant.rb +0 -27
data/lib/doorkeeper/models/mongoid3_4/access_token.rb +0 -46
data/lib/doorkeeper/models/scopes.rb +0 -21
data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb +0 -12
data/script/rails +0 -5
data/script/run_all +0 -14

data/lib/doorkeeper/generators/doorkeeper/mongo_mapper/indexes_generator.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Doorkeeper
+  module MongoMapper
+    class IndexesGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('templates', __FILE__)
+      desc "'Creates an indexes file for use with MongoMapper's rake db:index'"
+      def install
+        template 'indexes.rb', 'db/indexes.rb'
+      end
+    end
+  end
+end

data/lib/{generators/doorkeeper → doorkeeper/generators/doorkeeper/mongo_mapper}/templates/indexes.rb RENAMED Viewed

File without changes

data/lib/doorkeeper/models/access_grant_mixin.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module Doorkeeper
+  module AccessGrantMixin
+    extend ActiveSupport::Concern
+    include OAuth::Helpers
+    include Models::Expirable
+    include Models::Revocable
+    include Models::Accessible
+    include Models::Scopes
+    included do
+      belongs_to :application, class_name: 'Doorkeeper::Application', inverse_of: :access_grants
+      if ::Rails.version.to_i < 4 || defined?(::ProtectedAttributes)
+        attr_accessible :resource_owner_id, :application_id, :expires_in, :redirect_uri, :scopes
+      end
+      validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, presence: true
+      validates :token, uniqueness: true
+      before_validation :generate_token, on: :create
+    end
+    module ClassMethods
+      def by_token(token)
+        where(token: token).first
+      end
+    end
+    private
+    def generate_token
+      self.token = UniqueToken.generate
+    end
+  end
+end

data/lib/doorkeeper/models/access_token_mixin.rb ADDED Viewed

@@ -0,0 +1,121 @@
+module Doorkeeper
+  module AccessTokenMixin
+    extend ActiveSupport::Concern
+    include OAuth::Helpers
+    include Models::Expirable
+    include Models::Revocable
+    include Models::Accessible
+    include Models::Scopes
+    included do
+      belongs_to :application,
+                 class_name: 'Doorkeeper::Application',
+                 inverse_of: :access_tokens
+      validates :token, presence: true, uniqueness: true
+      validates :refresh_token, uniqueness: true, if: :use_refresh_token?
+      attr_writer :use_refresh_token
+      if ::Rails.version.to_i < 4 || defined?(::ProtectedAttributes)
+        attr_accessible :application_id, :resource_owner_id, :expires_in,
+                        :scopes, :use_refresh_token
+      end
+      before_validation :generate_token, on: :create
+      before_validation :generate_refresh_token,
+                        on: :create,
+                        if: :use_refresh_token?
+    end
+    module ClassMethods
+      def by_token(token)
+        where(token: token).first
+      end
+      def by_refresh_token(refresh_token)
+        where(refresh_token: refresh_token).first
+      end
+      def revoke_all_for(application_id, resource_owner)
+        where(application_id: application_id,
+              resource_owner_id: resource_owner.id,
+              revoked_at: nil).
+          map(&:revoke)
+      end
+      def matching_token_for(application, resource_owner_or_id, scopes)
+        resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
+                              resource_owner_or_id.id
+                            else
+                              resource_owner_or_id
+                            end
+        token = last_authorized_token_for(application.try(:id), resource_owner_id)
+        token if token && Doorkeeper::OAuth::Helpers::ScopeChecker.matches?(token.scopes, scopes)
+      end
+      def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
+        if Doorkeeper.configuration.reuse_access_token
+          access_token = matching_token_for(application, resource_owner_id, scopes)
+          if access_token && !access_token.expired?
+            return access_token
+          end
+        end
+        create!(
+          application_id:    application.try(:id),
+          resource_owner_id: resource_owner_id,
+          scopes:            scopes.to_s,
+          expires_in:        expires_in,
+          use_refresh_token: use_refresh_token
+        )
+      end
+      def last_authorized_token_for(application_id, resource_owner_id)
+        where(application_id: application_id,
+              resource_owner_id: resource_owner_id,
+              revoked_at: nil).
+          send(order_method, created_at_desc).
+          limit(1).
+          first
+      end
+    end
+    def token_type
+      'bearer'
+    end
+    def use_refresh_token?
+      !!@use_refresh_token
+    end
+    def as_json(_options = {})
+      {
+        resource_owner_id: resource_owner_id,
+        scopes: scopes,
+        expires_in_seconds: expires_in_seconds,
+        application: { uid: application.try(:uid) }
+      }
+    end
+    # It indicates whether the tokens have the same credential
+    def same_credential?(access_token)
+      application_id == access_token.application_id &&
+        resource_owner_id == access_token.resource_owner_id
+    end
+    def acceptable?(scopes)
+      accessible? && includes_scope?(*scopes)
+    end
+    private
+    def generate_refresh_token
+      write_attribute :refresh_token, UniqueToken.generate
+    end
+    def generate_token
+      self.token = UniqueToken.generate
+    end
+  end
+end

data/lib/doorkeeper/models/application_mixin.rb ADDED Viewed

@@ -0,0 +1,42 @@
+module Doorkeeper
+  module ApplicationMixin
+    extend ActiveSupport::Concern
+    include OAuth::Helpers
+    included do
+      has_many :access_grants, dependent: :destroy, class_name: 'Doorkeeper::AccessGrant'
+      has_many :access_tokens, dependent: :destroy, class_name: 'Doorkeeper::AccessToken'
+      validates :name, :secret, :uid, presence: true
+      validates :uid, uniqueness: true
+      validates :redirect_uri, redirect_uri: true
+      before_validation :generate_uid, :generate_secret, on: :create
+      if ::Rails.version.to_i < 4 || defined?(::ProtectedAttributes)
+        attr_accessible :name, :redirect_uri
+      end
+    end
+    module ClassMethods
+      def by_uid_and_secret(uid, secret)
+        where(uid: uid, secret: secret).first
+      end
+      def by_uid(uid)
+        where(uid: uid).first
+      end
+    end
+    private
+    def generate_uid
+      self.uid ||= UniqueToken.generate
+    end
+    def generate_secret
+      self.secret ||= UniqueToken.generate
+    end
+  end
+end

data/lib/doorkeeper/models/{accessible.rb → concerns/accessible.rb} RENAMED Viewed

File without changes

data/lib/doorkeeper/models/{expirable.rb → concerns/expirable.rb} RENAMED Viewed

@@ -5,17 +5,18 @@ module Doorkeeper
         expires_in && Time.now > expired_time
       end
-      def expired_time
-        created_at + expires_in.seconds
-      end
       def expires_in_seconds
         return nil if expires_in.nil?
         expires = (created_at + expires_in.seconds) - Time.now
         expires_sec = expires.seconds.round(0)
         expires_sec > 0 ? expires_sec : 0
       end
-      private :expired_time
+      private
+      def expired_time
+        created_at + expires_in.seconds
+      end
     end
   end
 end

data/lib/doorkeeper/models/{ownership.rb → concerns/ownership.rb} RENAMED Viewed

@@ -1,15 +1,15 @@
 module Doorkeeper
   module Models
     module Ownership
-      def validate_owner?
-        Doorkeeper.configuration.confirm_application_owner?
+      extend ActiveSupport::Concern
+      included do
+        belongs_to :owner, polymorphic: true
+        validates :owner, presence: true, if: :validate_owner?
       end
-      def self.included(base)
-        base.class_eval do
-          belongs_to :owner, polymorphic: true
-          validates :owner, presence: true, if: :validate_owner?
-        end
+      def validate_owner?
+        Doorkeeper.configuration.confirm_application_owner?
       end
     end
   end

data/lib/doorkeeper/models/{revocable.rb → concerns/revocable.rb} RENAMED Viewed

@@ -6,7 +6,7 @@ module Doorkeeper
       end
       def revoked?
-        revoked_at.present?
+        !!(revoked_at && revoked_at <= DateTime.now)
       end
     end
   end

data/lib/doorkeeper/models/concerns/scopes.rb ADDED Viewed

@@ -0,0 +1,17 @@
+module Doorkeeper
+  module Models
+    module Scopes
+      def scopes
+        OAuth::Scopes.from_string(self[:scopes])
+      end
+      def scopes_string
+        self[:scopes]
+      end
+      def includes_scope?(*required_scopes)
+        required_scopes.blank? || required_scopes.any? { |s| scopes.exists?(s.to_s) }
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/authorization/token.rb CHANGED Viewed

@@ -10,12 +10,12 @@ module Doorkeeper
         end
         def issue_token
-          @token ||= AccessToken.create!(
-            application_id: pre_auth.client.id,
-            resource_owner_id: resource_owner.id,
-            scopes: pre_auth.scopes.to_s,
-            expires_in: configuration.access_token_expires_in,
-            use_refresh_token: false
+          @token ||= AccessToken.find_or_create_for(
+              pre_auth.client,
+              resource_owner.id,
+              pre_auth.scopes,
+              configuration.access_token_expires_in,
+              false
           )
         end

data/lib/doorkeeper/oauth/client.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Doorkeeper
         end
       end
-      def self.authenticate(credentials, method = Application.method(:authenticate))
+      def self.authenticate(credentials, method = Application.method(:by_uid_and_secret))
         return false if credentials.blank?
         if application = method.call(credentials.uid, credentials.secret)
           new(application)

data/lib/doorkeeper/oauth/password_access_token_request.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Doorkeeper
       include OAuth::Helpers
       validate :client,         error: :invalid_client
-      validate :resource_owner, error: :invalid_resource_owner
+      validate :resource_owner, error: :invalid_grant
       validate :scopes,         error: :invalid_scope
       attr_accessor :server, :resource_owner, :credentials, :access_token
@@ -19,8 +19,8 @@ module Doorkeeper
         @original_scopes = parameters[:scope]
         if credentials
-          @client = Application.authenticate credentials.uid,
-                                             credentials.secret
+          @client = Application.by_uid_and_secret credentials.uid,
+                                                  credentials.secret
         end
       end

data/lib/doorkeeper/oauth/refresh_token_request.rb CHANGED Viewed

@@ -14,14 +14,14 @@ module Doorkeeper
       attr_accessor :client
       def initialize(server, refresh_token, credentials, parameters = {})
-        @server           = server
-        @refresh_token    = refresh_token
-        @credentials      = credentials
-        @original_scopes  = parameters[:scopes]
+        @server          = server
+        @refresh_token   = refresh_token
+        @credentials     = credentials
+        @original_scopes = parameters[:scopes]
         if credentials
-          @client = Application.authenticate credentials.uid,
-                                             credentials.secret
+          @client = Application.by_uid_and_secret credentials.uid,
+                                                  credentials.secret
         end
       end

data/lib/doorkeeper/oauth/token.rb CHANGED Viewed

@@ -54,8 +54,9 @@ module Doorkeeper
       end
       def self.authenticate(request, *methods)
-        token = from_request request, *methods
-        AccessToken.authenticate(token) if token
+        if token = from_request(request, *methods)
+          AccessToken.by_token(token)
+        end
       end
     end
   end

data/lib/doorkeeper/orm/active_record.rb ADDED Viewed

@@ -0,0 +1,17 @@
+module Doorkeeper
+  module Orm
+    module ActiveRecord
+      def self.initialize_models!
+        require 'doorkeeper/orm/active_record/access_grant'
+        require 'doorkeeper/orm/active_record/access_token'
+        require 'doorkeeper/orm/active_record/application'
+        if Doorkeeper.configuration.active_record_options[:establish_connection]
+          [Doorkeeper::AccessGrant, Doorkeeper::Application, Doorkeeper::AccessGrant].each do |c|
+            c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/active_record/access_grant.rb ADDED Viewed

@@ -0,0 +1,7 @@
+module Doorkeeper
+  class AccessGrant < ActiveRecord::Base
+    include AccessGrantMixin
+    self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}".to_sym
+  end
+end

data/lib/doorkeeper/orm/active_record/access_token.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module Doorkeeper
+  class AccessToken < ActiveRecord::Base
+    include AccessTokenMixin
+    self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}".to_sym
+    def self.delete_all_for(application_id, resource_owner)
+      where(application_id: application_id,
+            resource_owner_id: resource_owner.id).delete_all
+    end
+    private_class_method :delete_all_for
+    def self.order_method
+      :order
+    end
+    def self.created_at_desc
+      'created_at desc'
+    end
+  end
+end

data/lib/doorkeeper/{models → orm}/active_record/application.rb RENAMED Viewed

@@ -1,8 +1,6 @@
 module Doorkeeper
   class Application < ActiveRecord::Base
-    if Doorkeeper.configuration.active_record_options[:establish_connection]
-      establish_connection Doorkeeper.configuration.active_record_options[:establish_connection]
-    end
+    include ApplicationMixin
     self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}".to_sym