doorkeeper 2.0.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e5697ec3a04462d5358c1551c6f680db931b8c8c
-  data.tar.gz: 56ca7ac02a951739cbb542f196846348c70ec9a6
+  metadata.gz: b0abbae8c4f801c1aa44f9fc72f4a3831bd3e73b
+  data.tar.gz: d746e44cad2903afa1e5554addd63b9079607c40
 SHA512:
-  metadata.gz: a2d526b396039082b9d44088e9ea4f6fd2e93768bd0902c0c2db5a13acad465a833c3fc51e892677c414ff6eda1b3009270e640a7527c9f93d036e09c45a2adf
-  data.tar.gz: c289752a5643c475821720211e1d0251ddd1c434c77a67b1a7f57072830d0597bc6cd98e9d8d1c1244be165e74aee65331f9107d765cb70715ecb8a608f3f45d
+  metadata.gz: 8559b5207473daae2568caa506588cc9857d5e9c93f34f0bed25c91a8fce7f579b645d26cf7f4e7006d3f477f84600b8df6046c4daab84a25be5fc984d98eb67
+  data.tar.gz: 76bdef782af41cd9fd349f30c2a0736e0e06ebc6aed80ae3c1e14b225d2bee900e22a8c4105a7e209965f4934b939cfbf92ed08b979c30ba87a82637b3b5aef4

data/.travis.yml

@@ -12,7 +12,7 @@ env:
   - rails=3.2.0
   - rails=4.0.0
   - rails=4.1.0
-  - rails=4.2.0.rc2
+  - rails=4.2.0
 
 gemfile:
   - Gemfile
@@ -31,14 +31,14 @@ matrix:
     - gemfile: gemfiles/Gemfile.mongoid2.rb
       env: rails=4.1.0
     - gemfile: gemfiles/Gemfile.mongoid2.rb
-      env: rails=4.2.0.rc2
+      env: rails=4.2.0
 
     - gemfile: gemfiles/Gemfile.mongoid3.rb
       env: rails=4.0.0
     - gemfile: gemfiles/Gemfile.mongoid3.rb
       env: rails=4.1.0
     - gemfile: gemfiles/Gemfile.mongoid3.rb
-      env: rails=4.2.0.rc2
+      env: rails=4.2.0
 
     - gemfile: gemfiles/Gemfile.mongoid4.rb
       env: rails=3.1.0

data/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## master
+
+
+## 2.1.0
+
+- [#540] Include `created_at` in response.
+- [#538] Check application-level scopes in client_credentials and password flow.
+- [5596227] Check application scopes in AccessToken when present. Fixes a bug in
+  doorkeeper 2.0.0 and 2.0.1 referring to application specific scopes.
+- [#534] Internationalizes doorkeeper views.
+- Enable by default `authorization_code` and `client_credentials` grant flows.
+  Disables implicit and password grant flows by default.
+- [#510, #544, 722113f] Revoked refresh token response bugfix.
+- [#545] Ensure there is a connection to the database before checking for
+  missing columns
+- [#546] Use `Doorkeeper::` prefix when referencing `Application` to avoid
+  possible application model name conflict.
+- [#538] Test with Rails ~> 4.2.
+
 ## 2.0.1
 
 - [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.

data/README.md

@@ -344,6 +344,12 @@ here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-wi
 Thanks to all our [awesome
 contributors](https://github.com/doorkeeper-gem/doorkeeper/contributors)!
 
+
+### IETF Standards
+
+* [The OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749)
+* [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
+
 ### License
 
 MIT License. Copyright 2011 Applicake.

data/app/views/doorkeeper/applications/_delete_form.html.erb

@@ -1,5 +1,5 @@
 <%- submit_btn_css ||= 'btn btn-link' %>
 <%= form_tag oauth_application_path(application) do %>
   <input type="hidden" name="_method" value="delete">
-  <%= submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
+  <%= submit_tag t('doorkeeper.applications.buttons.destroy'), onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')", class: submit_btn_css %>
 <% end %>

data/app/views/doorkeeper/applications/_form.html.erb

@@ -1,6 +1,6 @@
 <%= form_for application, url: doorkeeper_submit_path(application), html: {class: 'form-horizontal', role: 'form'} do |f| %>
   <% if application.errors.any? %>
-    <div class="alert alert-danger" data-alert><p>Whoops! Check your form for possible errors</p></div>
+    <div class="alert alert-danger" data-alert><p><%= t('doorkeeper.applications.form.error') %></p></div>
   <% end %>
 
   <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:name].present?}" do %>
@@ -17,11 +17,11 @@
       <%= f.text_area :redirect_uri, class: 'form-control' %>
       <%= doorkeeper_errors_for application, :redirect_uri %>
       <span class="help-block">
-         Use one line per URI
+         <%= t('doorkeeper.applications.help.redirect_uri') %>
         </span>
       <% if Doorkeeper.configuration.native_redirect_uri %>
           <span class="help-block">
-            Use <code><%= Doorkeeper.configuration.native_redirect_uri %></code> for local tests
+            <%= raw t('doorkeeper.applications.help.native_redirect_uri', native_redirect_uri: "<code>#{ Doorkeeper.configuration.native_redirect_uri }</code>") %>
           </span>
       <% end %>
     </div>
@@ -29,9 +29,8 @@
 
   <div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
-      <%= f.submit 'Submit', class: "btn btn-primary" %>
-      <%= link_to "Cancel", oauth_applications_path, :class => "btn btn-default" %>
+      <%= f.submit t('doorkeeper.applications.buttons.submit'), class: "btn btn-primary" %>
+      <%= link_to t('doorkeeper.applications.buttons.cancel'), oauth_applications_path, :class => "btn btn-default" %>
     </div>
   </div>
 <% end %>
-

data/app/views/doorkeeper/applications/edit.html.erb

@@ -1,5 +1,5 @@
 <div class="page-header">
-  <h1>Edit application</h1>
+  <h1><%= t('.title') %></h1>
 </div>
 
 <%= render 'form', application: @application %>

data/app/views/doorkeeper/applications/index.html.erb

@@ -1,14 +1,14 @@
 <div class="page-header">
-  <h1>Your applications</h1>
+  <h1><%= t('.title') %></h1>
 </div>
 
-<p><%= link_to 'New Application', new_oauth_application_path, class: 'btn btn-success' %></p>
+<p><%= link_to t('.new'), new_oauth_application_path, class: 'btn btn-success' %></p>
 
 <table class="table table-striped">
   <thead>
   <tr>
-    <th>Name</th>
-    <th>Callback URL</th>
+    <th><%= t('.name') %></th>
+    <th><%= t('.callback_url') %></th>
     <th></th>
     <th></th>
   </tr>
@@ -18,7 +18,7 @@
     <tr id="application_<%= application.id %>">
       <td><%= link_to application.name, oauth_application_path(application) %></td>
       <td><%= application.redirect_uri %></td>
-      <td><%= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link' %></td>
+      <td><%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %></td>
       <td><%= render 'delete_form', application: application %></td>
     </tr>
   <% end %>

data/app/views/doorkeeper/applications/new.html.erb

@@ -1,5 +1,5 @@
 <div class="page-header">
-  <h1>New application</h1>
+  <h1><%= t('.title') %></h1>
 </div>
 
 <%= render 'form', application: @application %>

data/app/views/doorkeeper/applications/show.html.erb

@@ -1,18 +1,18 @@
 <div class="page-header">
-  <h1>Application: <%= @application.name %></h1>
+  <h1><%= t('.title', name: @application.name) %></h1>
 </div>
 
 <div class="row">
   <div class="col-md-8">
-    <h4>Application Id:</h4>
+    <h4><%= t('.application_id') %>:</h4>
 
     <p><code id="application_id"><%= @application.uid %></code></p>
 
-    <h4>Secret:</h4>
+    <h4><%= t('.secret') %>:</h4>
 
     <p><code id="secret"><%= @application.secret %></code></p>
 
-    <h4>Callback urls:</h4>
+    <h4><%= t('.callback_urls') %>:</h4>
 
     <table>
       <% @application.redirect_uri.split.each do |uri| %>
@@ -21,7 +21,7 @@
             <code><%= uri %></code>
           </td>
           <td>
-            <%= link_to 'Authorize', oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code'), class: 'btn btn-success', target: '_blank' %>
+            <%= link_to t('doorkeeper.applications.buttons.authorize'), oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code'), class: 'btn btn-success', target: '_blank' %>
           </td>
         </tr>
       <% end %>
@@ -29,9 +29,9 @@
   </div>
 
   <div class="col-md-4">
-    <h3>Actions</h3>
+    <h3><%= t('.actions') %></h3>
 
-    <p><%= link_to 'Edit', edit_oauth_application_path(@application), class: 'btn btn-primary' %></p>
+    <p><%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(@application), class: 'btn btn-primary' %></p>
 
     <p><%= render 'delete_form', application: @application, submit_btn_css: 'btn btn-danger' %></p>
   </div>

data/app/views/doorkeeper/authorizations/error.html.erb

@@ -1,5 +1,5 @@
 <div class="page-header">
-  <h1>An error has occurred</h1>
+  <h1><%= t('doorkeeper.authorizations.error.title') %></h1>
 </div>
 
 <main role="main">

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -1,15 +1,15 @@
 <header class="page-header" role="banner">
-  <h1>Authorize required</h1>
+  <h1><%= t('.title') %></h1>
 </header>
 
 <main role="main">
   <p class="h4">
-    Authorize <strong class="text-info"><%= @pre_auth.client.name %></strong> to use your account?
+    <%= raw t('.prompt', client_name: "<strong class=\"text-info\">#{ @pre_auth.client.name }</strong>") %>
   </p>
 
   <% if @pre_auth.scopes %>
     <div id="oauth-permissions">
-      <p>This application will be able to:</p>
+      <p><%= t('.able_to') %>:</p>
 
       <ul class="text-info">
         <% @pre_auth.scopes.each do |scope| %>
@@ -26,7 +26,7 @@
       <%= hidden_field_tag :state, @pre_auth.state %>
       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
       <%= hidden_field_tag :scope, @pre_auth.scope %>
-      <%= submit_tag "Authorize", class: "btn btn-success btn-lg btn-block" %>
+      <%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
     <% end %>
     <%= form_tag oauth_authorization_path, method: :delete do %>
       <%= hidden_field_tag :client_id, @pre_auth.client.uid %>
@@ -34,7 +34,7 @@
       <%= hidden_field_tag :state, @pre_auth.state %>
       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
       <%= hidden_field_tag :scope, @pre_auth.scope %>
-      <%= submit_tag "Deny", class: "btn btn-danger btn-lg btn-block" %>
+      <%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
     <% end %>
   </div>
 </main>

data/app/views/doorkeeper/authorizations/show.html.erb

@@ -1,5 +1,5 @@
 <header class="page-header">
-  <h1>Authorization code:</h1>
+  <h1><%= t('.title') %>:</h1>
 </header>
 
 <main role="main">

data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb

@@ -1,5 +1,5 @@
 <%- submit_btn_css ||= 'btn btn-link' %>
 <%= form_tag oauth_authorized_application_path(application) do %>
   <input type="hidden" name="_method" value="delete">
-  <%= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
+  <%= submit_tag t('doorkeeper.authorized_applications.buttons.revoke'), onclick: "return confirm('#{ t('doorkeeper.authorized_applications.confirmations.revoke') }')", class: submit_btn_css %>
 <% end %>

data/app/views/doorkeeper/authorized_applications/index.html.erb

@@ -1,13 +1,13 @@
 <header class="page-header">
-  <h1>Your authorized applications</h1>
+  <h1><%= t('doorkeeper.authorized_applications.index.title') %></h1>
 </header>
 
 <main role="main">
   <table class="table table-striped">
     <thead>
     <tr>
-      <th>Application</th>
-      <th>Created At</th>
+      <th><%= t('doorkeeper.authorized_applications.index.application') %></th>
+      <th><%= t('doorkeeper.authorized_applications.index.created_at') %></th>
       <th></th>
       <th></th>
     </tr>
@@ -16,7 +16,7 @@
     <% @applications.each do |application| %>
       <tr>
         <td><%= application.name %></td>
-        <td><%= application.created_at.strftime('%Y-%m-%d %H:%M:%S') %></td>
+        <td><%= application.created_at.strftime(t('doorkeeper.authorized_applications.index.date_format')) %></td>
         <td><%= render 'delete_form', application: application %></td>
       </tr>
     <% end %>

data/app/views/layouts/doorkeeper/admin.html.erb

@@ -12,11 +12,11 @@
 <div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
   <div class="container">
     <div class="navbar-header">
-      <%= link_to 'OAuth2 Provider', oauth_applications_path, class: 'navbar-brand' %>
+      <%= link_to t('doorkeeper.layouts.admin.nav.oauth2_provider'), oauth_applications_path, class: 'navbar-brand' %>
     </div>
     <ul class="nav navbar-nav">
       <%= content_tag :li, class: "#{'active' if request.path == oauth_applications_path}" do %>
-        <%= link_to 'Applications', oauth_applications_path %>
+        <%= link_to t('doorkeeper.layouts.admin.nav.applications'), oauth_applications_path %>
       <% end %>
     </ul>
   </div>

data/app/views/layouts/doorkeeper/application.html.erb

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-  <title>OAuth authorize required</title>
+  <title><%= t('doorkeeper.layouts.application.title') %></title>
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">

data/config/locales/en.yml

@@ -1,5 +1,9 @@
 en:
   activerecord:
+    attributes:
+      doorkeeper/application:
+        name: 'Name'
+        redirect_uri: 'Redirect URI'
     errors:
       models:
         doorkeeper/application:
@@ -9,7 +13,12 @@ en:
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
               secured_uri: 'must be an HTTPS/SSL URI.'
+
   mongoid:
+    attributes:
+      doorkeeper/application:
+        name: 'Name'
+        redirect_uri: 'Redirect URI'
     errors:
       models:
         doorkeeper/application:
@@ -19,7 +28,12 @@ en:
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
               secured_uri: 'must be an HTTPS/SSL URI.'
+
   mongo_mapper:
+    attributes:
+      doorkeeper/application:
+        name: 'Name'
+        redirect_uri: 'Redirect URI'
     errors:
       models:
         doorkeeper/application:
@@ -29,7 +43,62 @@ en:
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
               secured_uri: 'must be an HTTPS/SSL URI.'
+
   doorkeeper:
+    applications:
+      confirmations:
+        destroy: 'Are you sure?'
+      buttons:
+        edit: 'Edit'
+        destroy: 'Destroy'
+        submit: 'Submit'
+        cancel: 'Cancel'
+        authorize: 'Authorize'
+      form:
+        error: 'Whoops! Check your form for possible errors'
+      help:
+        redirect_uri: 'Use one line per URI'
+        native_redirect_uri: 'Use %{native_redirect_uri} for local tests'
+      edit:
+        title: 'Edit application'
+      index:
+        title: 'Your applications'
+        new: 'New Application'
+        name: 'Name'
+        callback_url: 'Callback URL'
+      new:
+        title: 'New Application'
+      show:
+        title: 'Application: %{name}'
+        application_id: 'Application Id'
+        secret: 'Secret'
+        callback_urls: 'Callback urls'
+        actions: 'Actions'
+
+    authorizations:
+      buttons:
+        authorize: 'Authorize'
+        deny: 'Deny'
+      error:
+        title: 'An error has occurred'
+      new:
+        title: 'Authorize required'
+        prompt: 'Authorize %{client_name} to use your account?'
+        able_to: 'This application will be able to'
+      show:
+        title: 'Authorization code'
+
+    authorized_applications:
+      confirmations:
+        revoke: 'Are you sure?'
+      buttons:
+        revoke: 'Revoke'
+      index:
+        title: 'Your authorized applications'
+        application: 'Application'
+        created_at: 'Created At'
+        date_format: '%Y-%m-%d %H:%M:%S'
+
     errors:
       messages:
         # Common error messages
@@ -72,3 +141,11 @@ en:
       authorized_applications:
         destroy:
           notice: 'Application revoked.'
+
+    layouts:
+      admin:
+        nav:
+          oauth2_provider: 'OAuth2 Provider'
+          applications: 'Applications'
+      application:
+        title: 'OAuth authorize required'

data/gemfiles/Gemfile.common.rb

@@ -5,7 +5,7 @@ source 'https://rubygems.org'
 gem 'rails', "~> #{ENV['rails']}"
 
 if ENV['rails'][0] == '4'
-  gem 'database_cleaner'
+  gem 'database_cleaner', '~> 1.3.0'
 end
 
 gemspec path: '../'

data/lib/doorkeeper/config.rb

@@ -18,16 +18,15 @@ module Doorkeeper
 
   def self.check_for_missing_columns
     if Doorkeeper.configuration.orm == :active_record &&
-        !Application.new.attributes.include?("scopes")
+        ActiveRecord::Base.connected? &&
+        !Doorkeeper::Application.new.attributes.include?("scopes")
 
       puts <<-MSG.squish
-[doorkeeper] Missing column: `applications.scopes`.
+[doorkeeper] Missing column: `oauth_applications.scopes`.
 If you are using ActiveRecord run `rails generate doorkeeper:application_scopes
 && rake db:migrate` to add it.
       MSG
     end
-  rescue ActiveRecord::StatementInvalid, ActiveRecord::NoDatabaseError
-    # trap error when DB is not yet setup
   end
 
   def self.enable_orm
@@ -194,8 +193,7 @@ and that your `initialize_models!` method doesn't raise any errors.\n
     option :realm,                         default: 'Doorkeeper'
     option :wildcard_redirect_uri,         default: false
     option :force_ssl_in_redirect_uri,     default: !Rails.env.development?
-    option :grant_flows,
-           default: %w(authorization_code implicit password client_credentials)
+    option :grant_flows,                   default: %w(authorization_code client_credentials)
 
     attr_reader :reuse_access_token