doorkeeper 2.1.1 → 2.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a4d649c16871a07497bf4fbb26a1eae87d1828a7
-  data.tar.gz: 899cec3d7c504467b362bfdaaa74b7e3b529509a
+  metadata.gz: d01017121a759c48e73796768589be94d4b30483
+  data.tar.gz: 34ff11b0a073fa7fac25a650e412c1d273e3d035
 SHA512:
-  metadata.gz: 06ff7fe06ae799a23b2c656573b85f682c2aea2a3c831634d99adc88490cbe261712b3c56ecf6bcaef21ec66cc86d42f503a4ee6b53f2eca155265cf45c13368
-  data.tar.gz: 75f543fcc22b8036a4dab36cc8119ab76b459a9b6a18dcd1442d0eaa400f2ed91074b38b62234743a244cad7cf7163c75e656178caa5a1d7c6757f0d708f2391
+  metadata.gz: 66f566988c4106206e84b287aece9b3595bfbca30b51b65a18ae5e534051b1896b967c6830d8765ac7c7c49e94745474c0777c41618bf73b0559762fb1e31e47
+  data.tar.gz: 0b44401eebd4070efbbda7227174f8b9fd7b943444683c8bfe1bf83d67efa5ae0935986e9be440e046230a41ea2ab21230c496cb32368a51509cfab8f5068fde

data/.travis.yml

@@ -3,14 +3,12 @@ sudo: false
 cache: bundler
 
 rvm:
-  - 1.9.3
   - 2.0
   - 2.1
+  - 2.2
 
 env:
-  # - rails=3.1 # Don't need it in the CI matrix
   - rails=3.2.0
-  - rails=4.0.0
   - rails=4.1.0
   - rails=4.2.0
 
@@ -26,21 +24,18 @@ services:
 
 matrix:
   exclude:
-    - gemfile: gemfiles/Gemfile.mongoid2.rb
-      env: rails=4.0.0
+    - env: rails=3.2.0
+      rvm: 2.2
+
     - gemfile: gemfiles/Gemfile.mongoid2.rb
       env: rails=4.1.0
     - gemfile: gemfiles/Gemfile.mongoid2.rb
       env: rails=4.2.0
 
-    - gemfile: gemfiles/Gemfile.mongoid3.rb
-      env: rails=4.0.0
     - gemfile: gemfiles/Gemfile.mongoid3.rb
       env: rails=4.1.0
     - gemfile: gemfiles/Gemfile.mongoid3.rb
       env: rails=4.2.0
 
-    - gemfile: gemfiles/Gemfile.mongoid4.rb
-      env: rails=3.1.0
     - gemfile: gemfiles/Gemfile.mongoid4.rb
       env: rails=3.2.0

data/CHANGELOG.md

@@ -1,12 +1,22 @@
 # Changelog
 
-## 2.2.0 (unreleased)
+## 2.1.2
+
+- [#574] Remove unused update authorization route.
+- [#576] Filter out sensitive parameters from logs.
+- [#582] The Authorization HTTP header fields are now case insensitive.
+- [#583] Database connection bugfix in certain scenarios.
+- Testing improvements
+
+
+## 2.1.1
 
 - Remove `wildcard_redirect_url` option
 - [#481] Customize token flow OAuth expirations with a config lambda
 - [#568] TokensController: Memoize strategy.authorize_response result to enable
     subclasses to use the response object.
 - [#571] Fix database initialization issues in some configurations.
+- Documentation improvements
 
 
 ## 2.1.0

data/Gemfile

@@ -7,5 +7,8 @@ gem 'rails', "~> #{ENV['rails']}"
 if ENV['rails'][0] == '4'
   gem 'database_cleaner'
 end
+if ENV['rails'] =~ /4.0|3.2/
+  gem 'rubysl-test-unit'
+end
 
 gemspec

data/README.md

@@ -48,8 +48,8 @@ https://github.com/doorkeeper-gem/doorkeeper/releases.
 
 ## Requirements
 
-- Ruby >1.9.3
-- Rails >3.1
+- Ruby >= 2.0.0
+- Rails >= 3.2
 - ORM ActiveRecord, Mongoid, MongoMapper
 
 ## Installation
@@ -287,15 +287,15 @@ and take a look at the
 To run the local engine server:
 
 ```
-rails=3.2.8 orm=active_record bundle install
-rails=3.2.8 orm=active_record bundle exec rails server
+bundle install
+bundle exec rails server
 ````
 
 By default, it uses the latest Rails version with ActiveRecord. To run the
-tests:
+tests with a specific ORM and Rails version:
 
 ```
-rails=3.2.8 orm=active_record bundle exec rake
+rails=4.2.0 orm=active_record bundle exec rake
 ```
 
 Or you might prefer to run `script/run_all` to integrate against all ORMs.

data/gemfiles/Gemfile.common.rb

@@ -7,5 +7,8 @@ gem 'rails', "~> #{ENV['rails']}"
 if ENV['rails'][0] == '4'
   gem 'database_cleaner', '~> 1.3.0'
 end
+if ENV['rails'] =~ /4.0|3.2/
+  gem 'rubysl-test-unit'
+end
 
 gemspec path: '../'

data/lib/doorkeeper/engine.rb

@@ -1,10 +1,14 @@
 module Doorkeeper
   class Engine < Rails::Engine
-    initializer 'doorkeeper.routes' do
+    initializer "doorkeeper.params.filter" do |app|
+      app.config.filter_parameters += %i(client_secret code token)
+    end
+
+    initializer "doorkeeper.routes" do
       Doorkeeper::Rails::Routes.install!
     end
 
-    initializer 'doorkeeper.helpers' do
+    initializer "doorkeeper.helpers" do
       ActiveSupport.on_load(:action_controller) do
         include Doorkeeper::Rails::Helpers
       end

data/lib/doorkeeper/oauth/token.rb

@@ -11,13 +11,13 @@ module Doorkeeper
         end
 
         def from_bearer_authorization(request)
-          pattern = /^Bearer /
+          pattern = /^Bearer /i
           header  = request.authorization
           token_from_header(header, pattern) if match?(header, pattern)
         end
 
         def from_basic_authorization(request)
-          pattern = /^Basic /
+          pattern = /^Basic /i
           header  = request.authorization
           token_from_basic_header(header, pattern) if match?(header, pattern)
         end

data/lib/doorkeeper/orm/active_record.rb

@@ -7,7 +7,7 @@ module Doorkeeper
         require 'doorkeeper/orm/active_record/application'
 
         if Doorkeeper.configuration.active_record_options[:establish_connection]
-          [Doorkeeper::AccessGrant, Doorkeeper::Application, Doorkeeper::AccessGrant].each do |c|
+          [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application].each do |c|
             c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
           end
         end

data/lib/doorkeeper/rails/helpers.rb

@@ -3,53 +3,36 @@ module Doorkeeper
     module Helpers
       extend ActiveSupport::Concern
 
-      module ClassMethods
-        def doorkeeper_for(*args, &block)
-          fail Errors::DoorkeeperError, "`doorkeeper_for` no longer available", <<-eos
-\nStarting in version 2.0.0 of doorkeeper gem, `doorkeeper_for` is no longer
-available. Please change `doorkeeper_for` calls in your application with:
-
-  before_action :doorkeeper_authorize!
+      def doorkeeper_authorize!(*scopes)
+        @_doorkeeper_scopes = scopes || Doorkeeper.configuration.default_scopes
 
-For more information check the README:
-https://github.com/doorkeeper-gem/doorkeeper#protecting-resources-with-oauth-aka-your-api-endpoint\n
-          eos
+        if doorkeeper_token_is_invalid?
+          doorkeeper_render_error
         end
       end
 
-      def doorkeeper_token
-        @_doorkeeper_token ||= OAuth::Token.authenticate request, *Doorkeeper.configuration.access_token_methods
+      def doorkeeper_unauthorized_render_options
+        nil
       end
 
-      def valid_doorkeeper_token?(*scopes)
-        doorkeeper_token && doorkeeper_token.acceptable?(scopes)
+      def doorkeeper_forbidden_render_options
+        nil
       end
 
-      def doorkeeper_authorize!(*scopes)
-        scopes ||= Doorkeeper.configuration.default_scopes
-
-        unless valid_doorkeeper_token?(*scopes)
-          if !doorkeeper_token || !doorkeeper_token.accessible?
-            error = OAuth::InvalidTokenResponse.from_access_token(doorkeeper_token)
-            options = doorkeeper_unauthorized_render_options
-          else
-            error = OAuth::ForbiddenTokenResponse.from_scopes(scopes)
-            options = doorkeeper_forbidden_render_options
-          end
-          headers.merge!(error.headers.reject { |k| ['Content-Type'].include? k })
-          doorkeeper_error_renderer(error, options)
-        end
-      end
+      private
 
-      def doorkeeper_unauthorized_render_options
-        nil
+      def doorkeeper_token_is_invalid?
+        !doorkeeper_token || !doorkeeper_token.acceptable?(@_doorkeeper_scopes)
       end
 
-      def doorkeeper_forbidden_render_options
-        nil
+      def doorkeeper_render_error
+        error = doorkeeper_error
+        headers.merge! error.headers.reject { |k| "Content-Type" == k }
+        doorkeeper_render_error_with(error)
       end
 
-      def doorkeeper_error_renderer(error, options = {})
+      def doorkeeper_render_error_with(error)
+        options = doorkeeper_render_options || {}
         if options.blank?
           head error.status
         else
@@ -58,6 +41,51 @@ https://github.com/doorkeeper-gem/doorkeeper#protecting-resources-with-oauth-aka
           render options
         end
       end
+
+      def doorkeeper_error
+        if doorkeeper_invalid_token_response?
+          OAuth::InvalidTokenResponse.from_access_token(doorkeeper_token)
+        else
+          OAuth::ForbiddenTokenResponse.from_scopes(@_doorkeeper_scopes)
+        end
+      end
+
+      def doorkeeper_render_options
+        if doorkeeper_invalid_token_response?
+          doorkeeper_unauthorized_render_options
+        else
+          doorkeeper_forbidden_render_options
+        end
+      end
+
+      def doorkeeper_invalid_token_response?
+        !doorkeeper_token || !doorkeeper_token.accessible?
+      end
+
+      def doorkeeper_token
+        @_doorkeeper_token ||= OAuth::Token.authenticate(
+          request,
+          *Doorkeeper.configuration.access_token_methods
+        )
+      end
+
+      module ClassMethods
+        def doorkeeper_for(*_args)
+          fail(
+            Errors::DoorkeeperError,
+            "`doorkeeper_for` no longer available",
+            <<-eos
+\nStarting in version 2.0.0 of doorkeeper gem, `doorkeeper_for` is no longer
+available. Please change `doorkeeper_for` calls in your application with:
+
+  before_action :doorkeeper_authorize!
+
+For more information check the README:
+https://github.com/doorkeeper-gem/doorkeeper#protecting-resources-with-oauth-aka-your-api-endpoint\n
+eos
+          )
+        end
+      end
     end
   end
 end

data/lib/doorkeeper/rails/routes.rb

@@ -45,7 +45,7 @@ module Doorkeeper
         routes.resource(
           :authorization,
           path: 'authorize',
-          only: [:create, :update, :destroy],
+          only: [:create, :destroy],
           as: mapping[:as],
           controller: mapping[:controllers]
         ) do

data/lib/doorkeeper/version.rb

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '2.1.1'
+  VERSION = '2.1.2'
 end

data/spec/lib/oauth/token_spec.rb

@@ -56,12 +56,18 @@ module Doorkeeper
       end
 
       describe :from_bearer_authorization do
-        it 'returns token from authorization bearer' do
+        it 'returns token from capitalized authorization bearer' do
           request = double authorization: 'Bearer SomeToken'
           token   = Token.from_bearer_authorization(request)
           expect(token).to eq('SomeToken')
         end
 
+        it 'returns token from lowercased authorization bearer' do
+          request = double authorization: 'bearer SomeToken'
+          token   = Token.from_bearer_authorization(request)
+          expect(token).to eq('SomeToken')
+        end
+
         it 'does not return token if authorization is not bearer' do
           request = double authorization: 'MAC SomeToken'
           token   = Token.from_bearer_authorization(request)
@@ -70,12 +76,18 @@ module Doorkeeper
       end
 
       describe :from_basic_authorization do
-        it 'returns token from authorization basic' do
+        it 'returns token from capitalized authorization basic' do
           request = double authorization: "Basic #{Base64.encode64 'SomeToken:'}"
           token   = Token.from_basic_authorization(request)
           expect(token).to eq('SomeToken')
         end
 
+        it 'returns token from lowercased authorization basic' do
+          request = double authorization: "basic #{Base64.encode64 'SomeToken:'}"
+          token   = Token.from_basic_authorization(request)
+          expect(token).to eq('SomeToken')
+        end
+
         it 'does not return token if authorization is not basic' do
           request = double authorization: "MAC #{Base64.encode64 'SomeToken:'}"
           token   = Token.from_basic_authorization(request)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.1.2
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-06 00:00:00.000000000 Z
+date: 2015-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties