doorkeeper 1.4.2 → 2.0.0.alpha1

data/lib/doorkeeper/rails/helpers.rb

@@ -0,0 +1,63 @@
+module Doorkeeper
+  module Rails
+    module Helpers
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def doorkeeper_for(*args, &block)
+          fail Errors::DoorkeeperError, "`doorkeeper_for` no longer available", <<-eos
+\nStarting in version 2.0.0 of doorkeeper gem, `doorkeeper_for` is no longer
+available. Please change `doorkeeper_for` calls in your application with:
+
+  before_action :doorkeeper_authorize!
+
+For more information check the README:
+https://github.com/doorkeeper-gem/doorkeeper#protecting-resources-with-oauth-aka-your-api-endpoint\n
+          eos
+        end
+      end
+
+      def doorkeeper_token
+        @_doorkeeper_token ||= OAuth::Token.authenticate request, *Doorkeeper.configuration.access_token_methods
+      end
+
+      def valid_doorkeeper_token?(*scopes)
+        doorkeeper_token && doorkeeper_token.acceptable?(scopes)
+      end
+
+      def doorkeeper_authorize!(*scopes)
+        scopes ||= Doorkeeper.configuration.default_scopes
+
+        unless valid_doorkeeper_token?(*scopes)
+          if !doorkeeper_token || !doorkeeper_token.accessible?
+            error = OAuth::InvalidTokenResponse.from_access_token(doorkeeper_token)
+            options = doorkeeper_unauthorized_render_options
+          else
+            error = OAuth::ForbiddenTokenResponse.from_scopes(scopes)
+            options = doorkeeper_forbidden_render_options
+          end
+          headers.merge!(error.headers.reject { |k| ['Content-Type'].include? k })
+          doorkeeper_error_renderer(error, options)
+        end
+      end
+
+      def doorkeeper_unauthorized_render_options
+        nil
+      end
+
+      def doorkeeper_forbidden_render_options
+        nil
+      end
+
+      def doorkeeper_error_renderer(error, options = {})
+        if options.blank?
+          head error.status
+        else
+          options[:status] = error.status
+          options[:layout] = false if options[:layout].nil?
+          render options
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/rails/routes.rb

@@ -15,17 +15,6 @@ module Doorkeeper
         ActionDispatch::Routing::Mapper.send :include, Doorkeeper::Rails::Routes::Helper
       end
 
-      def self.warn_if_using_mount_method!
-        paths = ::Rails.application.config.paths['config/routes'] ||
-          ::Rails.application.config.paths['config/routes.rb']
-
-        paths.each do |path|
-          if File.read(::Rails.root.join(path)) =~ %r{mount Doorkeeper::Engine}
-            warn "\n[DOORKEEPER] `mount Doorkeeper::Engine` is not being used anymore. Please replace it with `use_doorkeeper` in your #{path} file\n"
-          end
-        end
-      end
-
       attr_accessor :routes
 
       def initialize(routes, &block)
@@ -88,7 +77,7 @@ module Doorkeeper
       end
 
       def application_routes(mapping)
-        routes.resources :applications, controller: mapping[:controllers]
+        routes.resources :doorkeeper_applications, controller: mapping[:controllers], as: :applications, path: 'applications'
       end
 
       def authorized_applications_routes(mapping)

data/lib/doorkeeper/request/code.rb

@@ -1,7 +1,6 @@
 module Doorkeeper
   module Request
     class Code
-      # TODO: this is so wrong!
       def self.build(server)
         new(server.context.send(:pre_auth), server)
       end

data/lib/doorkeeper/request/token.rb

@@ -1,7 +1,6 @@
 module Doorkeeper
   module Request
     class Token
-      # TODO: this is so wrong!
       def self.build(server)
         new(server.context.send(:pre_auth), server)
       end

data/lib/doorkeeper/server.rb

@@ -38,7 +38,7 @@ module Doorkeeper
     end
 
     def grant
-      AccessGrant.authenticate(parameters[:code])
+      AccessGrant.by_token(parameters[:code])
     end
 
     # TODO: Use configuration and evaluate proper context on block

data/lib/doorkeeper/version.rb

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '1.4.2'
+  VERSION = '2.0.0.alpha1'
 end

data/lib/generators/doorkeeper/templates/initializer.rb

@@ -1,6 +1,7 @@
 Doorkeeper.configure do
   # Change the ORM that doorkeeper will use.
-  # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
+  # Currently supported options are :active_record, :mongoid2, :mongoid3,
+  # :mongoid4, :mongo_mapper
   orm :active_record
 
   # This block will be called to check whether the resource owner is authenticated or not.

data/spec/controllers/applications_controller_spec.rb

@@ -16,7 +16,7 @@ module Doorkeeper
 
       it 'does not create application' do
         expect do
-          post :create, application: {
+          post :create, doorkeeper_application: {
             name: 'Example',
             redirect_uri: 'http://example.com' }
         end.to_not change { Doorkeeper::Application.count }
@@ -30,7 +30,7 @@ module Doorkeeper
 
       it 'creates application' do
         expect do
-          post :create, application: {
+          post :create, doorkeeper_application: {
             name: 'Example',
             redirect_uri: 'http://example.com' }
         end.to change { Doorkeeper::Application.count }.by(1)
@@ -39,7 +39,7 @@ module Doorkeeper
 
       it 'does not allow mass assignment of uid or secret' do
         application = FactoryGirl.create(:application)
-        put :update, id: application.id, application: {
+        put :update, id: application.id, doorkeeper_application: {
           uid: '1A2B3C4D',
           secret: '1A2B3C4D' }
 
@@ -48,7 +48,7 @@ module Doorkeeper
 
       it 'updates application' do
         application = FactoryGirl.create(:application)
-        put :update, id: application.id, application: {
+        put :update, id: application.id, doorkeeper_application: {
           name: 'Example',
           redirect_uri: 'http://example.com' }
         expect(application.reload.name).to eq 'Example'

data/spec/controllers/protected_resources_controller_spec.rb

@@ -10,66 +10,10 @@ module ControllerActions
   end
 end
 
-shared_examples 'specified for particular actions' do
-  context 'with valid token', token: :valid do
-    it 'allows into index action' do
-      get :index, access_token: token_string
-      expect(response).to be_success
-    end
-
-    it 'allows into show action' do
-      get :show, id: '3', access_token: token_string
-      expect(response).to be_success
-    end
-  end
-
-  context 'with invalid token', token: :invalid do
-    include_context 'invalid token'
-
-    it 'does not allow into index action' do
-      get :index, access_token: token_string
-      expect(response.status).to eq 401
-      expect(response.headers['WWW-Authenticate']).to match(/^Bearer/)
-    end
-
-    it 'allows into show action' do
-      get :show, id: '5', access_token: token_string
-      expect(response).to be_success
-    end
-  end
-end
-
-shared_examples 'specified with except' do
-  context 'with valid token', token: :valid do
-    it 'allows into index action' do
-      get :index, access_token: token_string
-      expect(response).to be_success
-    end
-
-    it 'allows into show action' do
-      get :show, id: '4', access_token: token_string
-      expect(response).to be_success
-    end
-  end
-
-  context 'with invalid token', token: :invalid do
-    it 'allows into index action' do
-      get :index, access_token: token_string
-      expect(response).to be_success
-    end
-
-    it 'does not allow into show action' do
-      get :show, id: '14', access_token: token_string
-      expect(response.status).to eq 401
-      expect(response.headers['WWW-Authenticate']).to match(/^Bearer/)
-    end
-  end
-end
-
-describe 'Doorkeeper_for helper' do
+describe 'doorkeeper authorize filter' do
   context 'accepts token code specified as' do
     controller do
-      doorkeeper_for :all
+      before_filter :doorkeeper_authorize!
 
       def index
         render text: 'index'
@@ -82,39 +26,39 @@ describe 'Doorkeeper_for helper' do
     end
 
     it 'access_token param' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+      expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
       get :index, access_token: token_string
     end
 
     it 'bearer_token param' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+      expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
       get :index, bearer_token: token_string
     end
 
     it 'Authorization header' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+      expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
     end
 
     it 'different kind of Authorization header' do
-      expect(Doorkeeper::AccessToken).not_to receive(:authenticate)
+      expect(Doorkeeper::AccessToken).not_to receive(:by_token)
       request.env['HTTP_AUTHORIZATION'] = "MAC #{token_string}"
       get :index
     end
 
     it 'does not change Authorization header value' do
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).exactly(2).times.and_return(token)
+      expect(Doorkeeper::AccessToken).to receive(:by_token).exactly(2).times.and_return(token)
       request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
       get :index
-      controller.send(:remove_instance_variable, :@token)
+      controller.send(:remove_instance_variable, :@_doorkeeper_token)
       get :index
     end
   end
 
   context 'defined for all actions' do
     controller do
-      doorkeeper_for :all
+      before_filter :doorkeeper_authorize!
 
       include ControllerActions
     end
@@ -146,27 +90,9 @@ describe 'Doorkeeper_for helper' do
     end
   end
 
-  context 'defined only for index action' do
-    controller do
-      doorkeeper_for :index
-
-      include ControllerActions
-    end
-    include_examples 'specified for particular actions'
-  end
-
-  context 'defined for actions except index' do
-    controller do
-      doorkeeper_for :all, except: :index
-
-      include ControllerActions
-    end
-    include_examples 'specified with except'
-  end
-
   context 'defined with scopes' do
     controller do
-      doorkeeper_for :all, scopes: [:write]
+      before_filter -> { doorkeeper_authorize! :write }
 
       include ControllerActions
     end
@@ -175,16 +101,16 @@ describe 'Doorkeeper_for helper' do
 
     it 'allows if the token has particular scopes' do
       token = double(Doorkeeper::AccessToken, accessible?: true, scopes: %w(write public))
-      expect(token).to receive(:acceptable?).with(['write']).and_return(true)
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
+      expect(token).to receive(:acceptable?).with([:write]).and_return(true)
+      expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
       get :index, access_token: token_string
       expect(response).to be_success
     end
 
     it 'does not allow if the token does not include given scope' do
       token = double(Doorkeeper::AccessToken, accessible?: true, scopes: ['public'], revoked?: false, expired?: false)
-      expect(Doorkeeper::AccessToken).to receive(:authenticate).with(token_string).and_return(token)
-      expect(token).to receive(:acceptable?).with(['write']).and_return(false)
+      expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
+      expect(token).to receive(:acceptable?).with([:write]).and_return(false)
       get :index, access_token: token_string
       expect(response.status).to eq 403
       expect(response.header).to_not include('WWW-Authenticate')
@@ -193,7 +119,7 @@ describe 'Doorkeeper_for helper' do
 
   context 'when custom unauthorized render options are configured' do
     controller do
-      doorkeeper_for :all
+      before_filter :doorkeeper_authorize!
 
       include ControllerActions
     end
@@ -212,7 +138,6 @@ describe 'Doorkeeper_for helper' do
         expect(parsed_body).not_to be_nil
         expect(parsed_body['error']).to eq('Unauthorized')
       end
-
     end
 
     context 'with a text custom render', token: :invalid do
@@ -230,91 +155,16 @@ describe 'Doorkeeper_for helper' do
     end
   end
 
-  context 'when defined with conditional if block' do
-    controller do
-      doorkeeper_for :index, if: -> { the_false }
-      doorkeeper_for :show,  if: -> { the_true }
-
-      include ControllerActions
-
-      private
-
-      def the_true
-        true
-      end
-
-      def the_false
-        false
-      end
-    end
-
-    context 'with valid token', token: :valid do
-      it 'enables access if passed block evaluates to false' do
-        get :index, access_token: token_string
-        expect(response).to be_success
-      end
-
-      it 'enables access if passed block evaluates to true' do
-        get :show, id: 1, access_token: token_string
-        expect(response).to be_success
-      end
-    end
-
-    context 'with invalid token', token: :invalid do
-      it 'enables access if passed block evaluates to false' do
-        get :index, access_token: token_string
-        expect(response).to be_success
-      end
-
-      it 'does not enable access if passed block evaluates to true' do
-        get :show, id: 3, access_token: token_string
-        expect(response.status).to eq 401
-        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
-      end
-    end
-  end
-
-  context 'when defined with conditional unless block' do
-    controller do
-      doorkeeper_for :index, unless: -> { the_false }
-      doorkeeper_for :show, unless: -> { the_true }
-
-      include ControllerActions
-
-      def the_true
-        true
-      end
-
-      private
-
-      def the_false
-        false
-      end
-    end
-
-    context 'with valid token', token: :valid do
-      it 'allows access if passed block evaluates to false' do
-        get :index, access_token: token_string
-        expect(response).to be_success
-      end
-
-      it 'allows access if passed block evaluates to true' do
-        get :show, id: 1, access_token: token_string
-        expect(response).to be_success
-      end
-    end
-
-    context 'with invalid token', token: :invalid do
-      it 'does not allow access if passed block evaluates to false' do
-        get :index, access_token: token_string
-        expect(response.status).to eq 401
-        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
-      end
-
-      it 'allows access if passed block evaluates to true' do
-        get :show, id: 3, access_token: token_string
-        expect(response).to be_success
-      end
+  context 'defined for all actions' do
+    controller {}
+
+    it 'it renders a custom JSON response', token: :invalid do
+      expect do
+        controller.class.doorkeeper_for
+      end.to raise_error(
+        Doorkeeper::Errors::DoorkeeperError,
+        /`doorkeeper_for` no longer available/
+      )
     end
   end
 end