doorkeeper 2.1.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b0abbae8c4f801c1aa44f9fc72f4a3831bd3e73b
-  data.tar.gz: d746e44cad2903afa1e5554addd63b9079607c40
+  metadata.gz: a4d649c16871a07497bf4fbb26a1eae87d1828a7
+  data.tar.gz: 899cec3d7c504467b362bfdaaa74b7e3b529509a
 SHA512:
-  metadata.gz: 8559b5207473daae2568caa506588cc9857d5e9c93f34f0bed25c91a8fce7f579b645d26cf7f4e7006d3f477f84600b8df6046c4daab84a25be5fc984d98eb67
-  data.tar.gz: 76bdef782af41cd9fd349f30c2a0736e0e06ebc6aed80ae3c1e14b225d2bee900e22a8c4105a7e209965f4934b939cfbf92ed08b979c30ba87a82637b3b5aef4
+  metadata.gz: 06ff7fe06ae799a23b2c656573b85f682c2aea2a3c831634d99adc88490cbe261712b3c56ecf6bcaef21ec66cc86d42f503a4ee6b53f2eca155265cf45c13368
+  data.tar.gz: 75f543fcc22b8036a4dab36cc8119ab76b459a9b6a18dcd1442d0eaa400f2ed91074b38b62234743a244cad7cf7163c75e656178caa5a1d7c6757f0d708f2391

data/CHANGELOG.md

@@ -1,6 +1,12 @@
 # Changelog
 
-## master
+## 2.2.0 (unreleased)
+
+- Remove `wildcard_redirect_url` option
+- [#481] Customize token flow OAuth expirations with a config lambda
+- [#568] TokensController: Memoize strategy.authorize_response result to enable
+    subclasses to use the response object.
+- [#571] Fix database initialization issues in some configurations.
 
 
 ## 2.1.0
@@ -10,19 +16,24 @@
 - [5596227] Check application scopes in AccessToken when present. Fixes a bug in
   doorkeeper 2.0.0 and 2.0.1 referring to application specific scopes.
 - [#534] Internationalizes doorkeeper views.
-- Enable by default `authorization_code` and `client_credentials` grant flows.
-  Disables implicit and password grant flows by default.
-- [#510, #544, 722113f] Revoked refresh token response bugfix.
 - [#545] Ensure there is a connection to the database before checking for
   missing columns
 - [#546] Use `Doorkeeper::` prefix when referencing `Application` to avoid
   possible application model name conflict.
 - [#538] Test with Rails ~> 4.2.
 
+### Potentially backward incompatible changes
+
+- Enable by default `authorization_code` and `client_credentials` grant flows.
+  Disables implicit and password grant flows by default.
+- [#510, #544, 722113f] Revoked refresh token response bugfix.
+
+
 ## 2.0.1
 
 - [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.
 
+
 ## 2.0.0
 
 ### Backward incompatible changes

data/README.md

@@ -25,7 +25,6 @@ https://github.com/doorkeeper-gem/doorkeeper/releases.
     - [Routes](#routes)
     - [Authenticating](#authenticating)
 - [Protecting resources with OAuth (a.k.a your API endpoint)](#protecting-resources-with-oauth-aka-your-api-endpoint)
-    - [ActionController::Metal integration](#actioncontrollermetal-integration)
     - [Route Constraints and other integrations](#route-constraints-and-other-integrations)
     - [Access Token Scopes](#access-token-scopes)
     - [Authenticated resource owner](#authenticated-resource-owner)

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -1,7 +1,7 @@
 module Doorkeeper
   class TokensController < Doorkeeper::ApplicationMetalController
     def create
-      response = strategy.authorize
+      response = authorize_response
       self.headers.merge! response.headers
       self.response_body = response.body.to_json
       self.status        = response.status
@@ -37,5 +37,9 @@ module Doorkeeper
     def strategy
       @strategy ||= server.token_request params[:grant_type]
     end
+
+    def authorize_response
+      @authorize_response ||= strategy.authorize
+    end
   end
 end

data/lib/doorkeeper/config.rb

@@ -19,6 +19,9 @@ module Doorkeeper
   def self.check_for_missing_columns
     if Doorkeeper.configuration.orm == :active_record &&
         ActiveRecord::Base.connected? &&
+        ActiveRecord::Base.connection.table_exists?(
+          Doorkeeper::Application.table_name
+        ) &&
         !Doorkeeper::Application.new.attributes.include?("scopes")
 
       puts <<-MSG.squish
@@ -172,28 +175,29 @@ and that your `initialize_models!` method doesn't raise any errors.\n
 
     option :resource_owner_authenticator,
            as: :authenticate_resource_owner,
-           default: (lambda do |routes|
+           default: (lambda do |_routes|
              logger.warn(I18n.translate('doorkeeper.errors.messages.resource_owner_authenticator_not_configured'))
              nil
            end)
     option :admin_authenticator,
            as: :authenticate_admin,
-           default: ->(routes) {}
+           default: ->(_routes) {}
     option :resource_owner_from_credentials,
-           default: (lambda do |routes|
+           default: (lambda do |_routes|
              warn(I18n.translate('doorkeeper.errors.messages.credential_flow_not_configured'))
              nil
            end)
-    option :skip_authorization,            default: ->(routes) {}
-    option :access_token_expires_in,       default: 7200
-    option :authorization_code_expires_in, default: 600
-    option :orm,                           default: :active_record
-    option :native_redirect_uri,           default: 'urn:ietf:wg:oauth:2.0:oob'
-    option :active_record_options,         default: {}
-    option :realm,                         default: 'Doorkeeper'
-    option :wildcard_redirect_uri,         default: false
-    option :force_ssl_in_redirect_uri,     default: !Rails.env.development?
-    option :grant_flows,                   default: %w(authorization_code client_credentials)
+
+    option :skip_authorization,             default: ->(_routes) {}
+    option :access_token_expires_in,        default: 7200
+    option :custom_access_token_expires_in, default: lambda { |_app| nil }
+    option :authorization_code_expires_in,  default: 600
+    option :orm,                            default: :active_record
+    option :native_redirect_uri,            default: 'urn:ietf:wg:oauth:2.0:oob'
+    option :active_record_options,          default: {}
+    option :realm,                          default: 'Doorkeeper'
+    option :force_ssl_in_redirect_uri,      default: !Rails.env.development?
+    option :grant_flows,                    default: %w(authorization_code client_credentials)
 
     attr_reader :reuse_access_token
 

data/lib/doorkeeper/oauth/authorization/token.rb

@@ -9,13 +9,24 @@ module Doorkeeper
           @resource_owner = resource_owner
         end
 
+        def self.access_token_expires_in(server, pre_auth)
+          custom_expiration = server.
+            custom_access_token_expires_in.call(pre_auth)
+
+          if custom_expiration
+            custom_expiration
+          else
+            server.access_token_expires_in
+          end
+        end
+
         def issue_token
           @token ||= AccessToken.find_or_create_for(
-              pre_auth.client,
-              resource_owner.id,
-              pre_auth.scopes,
-              configuration.access_token_expires_in,
-              false
+            pre_auth.client,
+            resource_owner.id,
+            pre_auth.scopes,
+            self.class.access_token_expires_in(configuration, pre_auth),
+            false
           )
         end
 

data/lib/doorkeeper/oauth/helpers/uri_checker.rb

@@ -11,13 +11,8 @@ module Doorkeeper
 
         def self.matches?(url, client_url)
           url, client_url = as_uri(url), as_uri(client_url)
-          if Doorkeeper.configuration.wildcard_redirect_uri
-            return true if url.to_s =~ /^#{Regexp.escape(client_url.to_s)}/
-            false
-          else
-            url.query = nil
-            url == client_url
-          end
+          url.query = nil
+          url == client_url
         end
 
         def self.valid_for_authorization?(url, client_url)

data/lib/doorkeeper/oauth/request_concern.rb

@@ -34,7 +34,7 @@ module Doorkeeper
           client,
           resource_owner_id,
           scopes,
-          server.access_token_expires_in,
+          Authorization::Token.access_token_expires_in(server, client),
           server.refresh_token_enabled?)
       end
 

data/lib/doorkeeper/version.rb

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '2.1.0'
+  VERSION = '2.1.1'
 end

data/lib/generators/doorkeeper/templates/initializer.rb

@@ -26,6 +26,11 @@ Doorkeeper.configure do
   # If you want to disable expiration, set this to nil.
   # access_token_expires_in 2.hours
 
+  # Assign a custom TTL for implicit grants.
+  # custom_access_token_expires_in do |oauth_client|
+  #   oauth_client.application.additional_settings.implicit_oauth_expiration
+  # end
+
   # Reuse access token for the same resource owner within an application (disabled by default)
   # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
   # reuse_access_token
@@ -90,16 +95,11 @@ Doorkeeper.configure do
 
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.
-  # For example if dealing with trusted a application.
+  # For example if dealing with a trusted application.
   # skip_authorization do |resource_owner, client|
   #   client.superapp? or resource_owner.admin?
   # end
 
   # WWW-Authenticate Realm (default "Doorkeeper").
   # realm "Doorkeeper"
-
-  # Allow dynamic query parameters (disabled by default)
-  # Some applications require dynamic query parameters on their request_uri
-  # set to true if you want this to be allowed
-  # wildcard_redirect_uri false
 end

data/spec/controllers/tokens_controller_spec.rb

@@ -40,4 +40,18 @@ describe Doorkeeper::TokensController do
       expect(response.status).to eq 200
     end
   end
+
+  describe 'authorize response memoization' do
+    it "memoizes the result of the authorization" do
+      strategy = double(:strategy, authorize: true)
+      expect(strategy).to receive(:authorize).once
+      allow(controller).to receive(:strategy) { strategy }
+
+      controller.stub(:create) do
+        controller.send :authorize_response
+        controller.send :authorize_response
+      end
+      post :create
+    end
+  end
 end

data/spec/dummy/config/initializers/doorkeeper.rb

@@ -88,16 +88,11 @@ Doorkeeper.configure do
 
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.
-  # For example if dealing with trusted a application.
+  # For example if dealing with a trusted application.
   # skip_authorization do |resource_owner, client|
   #   client.superapp? or resource_owner.admin?
   # end
 
   # WWW-Authenticate Realm (default "Doorkeeper").
   realm "Doorkeeper"
-
-  # Allow dynamic query parameters (disabled by default)
-  # Some applications require dynamic query parameters on their request_uri
-  # set to true if you want this to be allowed
-  # wildcard_redirect_uri false
 end

data/spec/lib/config_spec.rb

@@ -199,12 +199,6 @@ describe Doorkeeper, 'configuration' do
     end
   end
 
-  describe 'wildcard_redirect_uri' do
-    it 'is disabled by default' do
-      Doorkeeper.configuration.wildcard_redirect_uri.should be_falsey
-    end
-  end
-
   describe 'realm' do
     it 'is \'Doorkeeper\' by default' do
       expect(Doorkeeper.configuration.realm).to eq('Doorkeeper')

data/spec/lib/oauth/authorization_code_request_spec.rb

@@ -2,7 +2,12 @@ require 'spec_helper_integration'
 
 module Doorkeeper::OAuth
   describe AuthorizationCodeRequest do
-    let(:server) { double :server, access_token_expires_in: 2.days, refresh_token_enabled?: false }
+    let(:server) do
+      double :server,
+             access_token_expires_in: 2.days,
+             refresh_token_enabled?: false,
+             custom_access_token_expires_in: ->(_app) { nil }
+    end
     let(:grant)  { FactoryGirl.create :access_grant }
     let(:client) { grant.application }
 

data/spec/lib/oauth/helpers/uri_checker_spec.rb

@@ -53,28 +53,16 @@ module Doorkeeper::OAuth::Helpers
         expect(URIChecker.matches?(uri, client_uri)).to be_truthy
       end
 
-      context 'allows wildcard redirect_uri' do
-        before do
-          Doorkeeper.configuration.stub(wildcard_redirect_uri: true)
-        end
-
-        it 'ignores query parameter on comparison' do
-          uri = 'http://app.co/?query=hello'
-          client_uri = 'http://app.co'
-          expect(URIChecker.matches?(uri, client_uri)).to be true
-        end
-
-        it 'doesn\'t allow non-matching domains through' do
-          uri = 'http://app.abc/?query=hello'
-          client_uri = 'http://app.co'
-          expect(URIChecker.matches?(uri, client_uri)).to be false
-        end
-
-        it 'doesn\'t allow non-matching domains that don\'t start at the beginning' do
-          uri = 'http://app.co/?query=hello'
-          client_uri = 'http://example.com?app.co=test'
-          expect(URIChecker.matches?(uri, client_uri)).to be false
-        end
+      it 'doesn\'t allow non-matching domains through' do
+        uri = 'http://app.abc/?query=hello'
+        client_uri = 'http://app.co'
+        expect(URIChecker.matches?(uri, client_uri)).to be_falsey
+      end
+
+      it 'doesn\'t allow non-matching domains that don\'t start at the beginning' do
+        uri = 'http://app.co/?query=hello'
+        client_uri = 'http://example.com?app.co=test'
+        expect(URIChecker.matches?(uri, client_uri)).to be_falsey
       end
     end
 
@@ -111,17 +99,6 @@ module Doorkeeper::OAuth::Helpers
         uri = client_uri = 'http://app.co/aaa?waffles=abc'
         expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be false
       end
-
-      context 'allows wildcard redirect_uri' do
-        before do
-          Doorkeeper.configuration.stub(wildcard_redirect_uri: true)
-        end
-
-        it 'is true if valid, matches and contains a query parameter' do
-          uri = client_uri = 'http://app.co/aaa?waffles=abc'
-          expect(URIChecker.valid_for_authorization?(uri, client_uri)).to be true
-        end
-      end
     end
   end
 end

data/spec/lib/oauth/password_access_token_request_spec.rb

@@ -7,7 +7,8 @@ module Doorkeeper::OAuth
         :server,
         default_scopes: Doorkeeper::OAuth::Scopes.new,
         access_token_expires_in: 2.hours,
-        refresh_token_enabled?: false
+        refresh_token_enabled?: false,
+        custom_access_token_expires_in: ->(_app) { nil }
       )
     end
     let(:credentials) { Client::Credentials.new(client.uid, client.secret) }

data/spec/lib/oauth/refresh_token_request_spec.rb

@@ -16,7 +16,7 @@ module Doorkeeper::OAuth
     end
 
     it 'revokes the previous token' do
-      expect { subject.authorize } .to change { refresh_token.revoked? }.from(false).to(true)
+      expect { subject.authorize }.to change { refresh_token.revoked? }.from(false).to(true)
     end
 
     it 'requires the refresh token' do

data/spec/lib/oauth/token_request_spec.rb

@@ -48,6 +48,23 @@ module Doorkeeper::OAuth
       expect(subject.authorize).to be_a(ErrorResponse)
     end
 
+    context 'with custom expirations' do
+      before do
+        Doorkeeper.configure do
+          orm DOORKEEPER_ORM
+          custom_access_token_expires_in do |_oauth_client|
+            1234
+          end
+        end
+      end
+
+      it 'should use the custom ttl' do
+        subject.authorize
+        token = Doorkeeper::AccessToken.first
+        expect(token.expires_in).to eq(1234)
+      end
+    end
+
     context 'token reuse' do
       it 'creates a new token if there are no matching tokens' do
         Doorkeeper.configuration.stub(:reuse_access_token).and_return(true)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-13 00:00:00.000000000 Z
+date: 2015-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties