doorkeeper 2.1.4 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f81bfc8acb70b14d07f1d1cfa39d608b70488890
-  data.tar.gz: e27b15693c23faf2348358e307757a0cdf088e7d
+  metadata.gz: 03417189314de7b84fcfa05699c35a0346a55035
+  data.tar.gz: e4026de8e9ed39d2bb270abc9efc4e1ccca20775
 SHA512:
-  metadata.gz: f0981eb39aba13e7191309b2d6703d58c175dd28df746867b1b466f9a62c9e5978f705f7df617268d082a210ff4bc5da1206a17849a0e1b0ee87746cf96d77fb
-  data.tar.gz: 207f6e7ec14a8369e3c27ee9af38a87d273556681438938c61c80454dd23628c838b2ff4c8e462e49ce6ed0cdfcf99481fb9c54b5b8752422a598c9bf238d78b
+  metadata.gz: bbe0a1693809bfc8802a66c50df30a128a527a3f239114ffdc69d46e948ac0516594fe3872f3624157632e91078a0ad64aa1f98932b26bdf389228b22bed246b
+  data.tar.gz: 6d434e7dc34b65d1022914f8fd348c9d1c8e6ef41bb30761411eb0c693531ccb12c87c237c1e54fbcbee11a8dd0bf68c82768a6801f273dab2bcaf1fe96afea6

data/.hound.yml

@@ -1,3 +1,7 @@
+AllCops:
+  Exclude:
+    - "spec/dummy/db/*"
+
 LineLength:
   Exclude:
     - spec/**/*

data/.travis.yml

@@ -1,41 +1,22 @@
+cache: bundler
 language: ruby
 sudo: false
-cache: bundler
 
 rvm:
   - 2.0
   - 2.1
   - 2.2
+  - jruby-head
 
 env:
   - rails=3.2.0
   - rails=4.1.0
   - rails=4.2.0
 
-gemfile:
-  - Gemfile
-  - gemfiles/Gemfile.mongoid2.rb
-  - gemfiles/Gemfile.mongoid3.rb
-  - gemfiles/Gemfile.mongoid4.rb
-  - gemfiles/Gemfile.mongo_mapper.rb
-
-services:
-  - mongodb
-
 matrix:
+  exclude:
+    - env: rails=3.2.0
+      rvm: jruby-head
   exclude:
     - env: rails=3.2.0
       rvm: 2.2
-
-    - gemfile: gemfiles/Gemfile.mongoid2.rb
-      env: rails=4.1.0
-    - gemfile: gemfiles/Gemfile.mongoid2.rb
-      env: rails=4.2.0
-
-    - gemfile: gemfiles/Gemfile.mongoid3.rb
-      env: rails=4.1.0
-    - gemfile: gemfiles/Gemfile.mongoid3.rb
-      env: rails=4.2.0
-
-    - gemfile: gemfiles/Gemfile.mongoid4.rb
-      env: rails=3.2.0

data/CONTRIBUTING.md

@@ -1,6 +1,9 @@
 # Contributing
 
-We love pull requests. Here's a quick guide.
+We love pull requests from everyone. By participating in this project, you agree
+to abide by the thoughtbot [code of conduct].
+
+[code of conduct]: https://thoughtbot.com/open-source-code-of-conduct
 
 Fork, then clone the repo:
 
@@ -14,22 +17,29 @@ Make sure the tests pass:
 
     rake
 
-Make your change. Add tests for your change. Make the tests pass:
+Make your change.
+Write tests.
+Follow our [style guide][style].
+Make the tests pass:
+
+[style]: https://github.com/thoughtbot/guides/tree/master/style
 
     rake
 
-Push to your fork and submit a pull request.
+Write a [good commit message][commit].
+Push to your fork.
+[Submit a pull request][pr].
 
-At this point you're waiting on us. We like to at least comment on pull requests
-within three business days (and, typically, one business day). We may suggest
-some changes or improvements or alternatives.
+[commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[pr]: https://github.com/doorkeeper-gem/doorkeeper/compare/
 
-Some things that will increase the chance that your pull request is accepted:
+If [Hound] catches style violations,
+fix them.
 
-* Write tests.
-* Follow our [style guide][style]. Address Hound CI comments unless you have a
-  good reason not to.
-* Write a [good commit message][commit].
+[hound]: https://houndci.com
 
-[style]: https://github.com/thoughtbot/guides/tree/master/style
-[commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+Wait for us.
+We try to at least comment on pull requests within one business day.
+We may suggest changes.
+
+Thank you for your contribution!

data/Gemfile

@@ -1,14 +1,10 @@
-ENV['rails'] ||= '4.2.0.rc2'
+ENV['rails'] ||= '4.2.0'
 
 source 'https://rubygems.org'
 
 gem 'rails', "~> #{ENV['rails']}"
 
-if ENV['rails'][0] == '4'
-  gem 'database_cleaner'
-end
-if ENV['rails'] =~ /4.0|3.2/
-  gem 'rubysl-test-unit'
-end
+gem "sqlite3", platform: [:ruby, :mswin, :mingw]
+gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 
 gemspec

data/{CHANGELOG.md → NEWS.md}

@@ -1,6 +1,96 @@
-# Changelog
+# News
 
-## 2.1.4
+User-visible changes worth mentioning.
+
+---
+
+## 3.1.0
+
+- [#736] Existing valid tokens are now reused in client_credentials flow
+- [#749] Allow user to raise authorization error with custom messages.
+  Under `resource_owner_authenticator` block a user can
+  `raise Doorkeeper::Errors::DoorkeeperError.new('custom_message')`
+- [#762] Check doesn’t abort the actual migration, so it runs
+- [#722] `doorkeeper_forbidden_render_options` now supports returning a 404 by
+  specifying `respond_not_found_when_forbidden: true` in the
+  `doorkeeper_forbidden_render_options` method.
+- [#734] Simplify and remove duplication in request strategy classes
+
+## 3.0.1
+
+- [#712] Wrap exchange of grant token for access token and access token refresh
+  in transactions
+- [#704] Allow applications scopes to be mass assigned
+- [#707] Fixed order of Mixin inclusion and table_name configuration in models
+- [#712] Wrap access token and refresh grants in transactions
+- Adds JRuby support
+- Specs, views and documentation adjustments
+
+## 3.0.0
+
+### Other changes
+
+- [#693] Updates `en.yml`.
+
+## 3.0.0 (rc2)
+
+### Backward incompatible changes
+
+- [#678] Change application-specific scopes to take precedence over server-wide
+  scopes. This removes the previous behavior where the intersection between
+  application and server scopes was used.
+
+### Other changes
+
+- [#671] Fixes `NoMethodError - undefined method 'getlocal'` when calling
+  the /oauth/token path. Switch from using a DateTime object to update
+  AR to using a Time object. (Issue #668)
+- [#677] Support editing application-specific scopes via the standard forms
+- [#682] Pass error hash to Grape `error!`
+- [#683] Generate application secret/UID if fields are blank strings
+
+## 3.0.0 (rc1)
+
+### Backward incompatible changes
+
+- [#648] Extracts mongodb ORMs to
+  https://github.com/doorkeeper-gem/doorkeeper-mongodb. If you use ActiveRecord
+  you don’t need to do any change, otherwise you will need to install the new
+  plugin.
+- [#665] `doorkeeper_unauthorized_render_options(error:)` and
+  `doorkeeper_forbidden_render_options(error:)` now accept `error` keyword
+  argument.
+
+### Removed deprecations
+
+- Removes `doorkeeper_for` deprecation notice.
+- Remove `applications.scopes` upgrade notice.
+
+
+## 2.2.2 (unreleased)
+
+- [#541] Fixed `undefined method attr_accessible` problem on Rails 4
+    (happens only when ProtectedAttributes gem is used) in #599
+
+## 2.2.1
+
+- [#636] `custom_access_token_expires_in` bugfixes
+- [#641] syntax error fix (Issue #612)
+- [#633] Send extra details to Custom Token Generator
+- [#628] Refactor: improve orm adapters to ease extension
+- [#637] Upgrade to rspec to 3.2
+
+## 2.2.0 - 2015-04-19
+
+- [#611] Allow custom access token generators to be used
+- [#632] Properly fallback to `default_scopes` when no scope is specified
+- [#622] Clarify that there is a logical OR between scopes for authorizing
+- [#635] Upgrade to rspec 3
+- [#627] i18n fallbacks to english
+- Moved CHANGELOG to NEWS.md
+
+
+## 2.1.4 - 2015-03-27
 
 - [#595] HTTP spec: Add `scope` for refresh token scope param
 - [#596] Limit scopes in app scopes for client credentials
@@ -8,12 +98,12 @@
 - [#606] Add custom access token expiration support for Client Credentials flow
 
 
-## 2.1.3
+## 2.1.3 - 2015-03-01
 
 - [#588] Fixes scopes_match? bug that skipped authorization form in some cases
 
 
-## 2.1.2
+## 2.1.2 - 2015-02-25
 
 - [#574] Remove unused update authorization route.
 - [#576] Filter out sensitive parameters from logs.
@@ -22,7 +112,7 @@
 - Testing improvements
 
 
-## 2.1.1
+## 2.1.1 - 2015-02-06
 
 - Remove `wildcard_redirect_url` option
 - [#481] Customize token flow OAuth expirations with a config lambda
@@ -32,7 +122,7 @@
 - Documentation improvements
 
 
-## 2.1.0
+## 2.1.0 - 2015-01-13
 
 - [#540] Include `created_at` in response.
 - [#538] Check application-level scopes in client_credentials and password flow.
@@ -52,12 +142,12 @@
 - [#510, #544, 722113f] Revoked refresh token response bugfix.
 
 
-## 2.0.1
+## 2.0.1 - 2014-12-17
 
 - [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.
 
 
-## 2.0.0
+## 2.0.0 - 2014-12-16
 
 ### Backward incompatible changes
 
@@ -100,13 +190,17 @@
 - [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
 - [#518] Fix random failures in mongodb.
 
+---
 
-## 1.4.1
+## 1.4.2 - 2015-03-02
 
-- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
+- [#576] Filter out sensitive parameters from logs
 
+## 1.4.1 - 2014-12-17
 
-## 1.4.0
+- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
+
+## 1.4.0 - 2014-07-31
 
 - internals
   - [#427] Adds specs expectations.
@@ -122,7 +216,7 @@
 - enhancements
   - [#432] Keeps query parameters
 
-## 1.3.1
+## 1.3.1 - 2014-07-06
 
 - enhancements
   - [#405] Adds facade to more easily get the token from a request in a route
@@ -138,12 +232,12 @@
   - [#413] fixes #340, routing scope is now taken into account in redirect.
   - [#401] and [#425] application is not required any longer for access_token.
 
-## 1.3.0
+## 1.3.0 - 2014-05-23
 
 - enhancements
   - [#387] Adds reuse_access_token configuration option.
 
-## 1.2.0
+## 1.2.0 - 2014-05-02
 
 - enhancements
   - [#376] Allow users to enable basic header authorization for access tokens.
@@ -155,7 +249,7 @@
   - [#390] Style adjustments in accordance with Ruby Style Guide form
     Thoughtbot.
 
-## 1.1.0
+## 1.1.0 - 2014-03-29
 
 - enhancements
   - [#336] mongoid4 support.
@@ -164,7 +258,7 @@
   - [#343] separate OAuth's admin and user end-point to different layouts, upgrade theme to Bootstrap 3.1.
   - [#348] Move render_options in filter after `@error` has been set
 
-## 1.0.0
+## 1.0.0 - 2014-01-13
 
 - bug (spec)
   - [#228] token response `expires_in` value is now in seconds, relative to
@@ -191,12 +285,14 @@
   - [#316] Test warnings addressed.
   - [#338] Rspec 3 syntax.
 
-## 0.7.4
+---
+
+## 0.7.4 - 2013-12-01
 
 - bug
   - Symbols instead of strings for user input.
 
-## 0.7.3
+## 0.7.3 - 2013-10-04
 
 - enhancements
   - [#204] Allow to overwrite scope in routes
@@ -206,8 +302,7 @@
 - bug
   - [#290] Support for Rails 4 when 'protected_attributes' gem is present.
 
-
-## 0.7.2
+## 0.7.2 - 2013-09-11
 
 - enhancements
   - [#272] Allow issuing multiple access_tokens for one user/application for multiple devices
@@ -215,12 +310,12 @@
   - [#239] Do not try to load unavailable Request class for the current phase.
   - [#273] Relax jquery-rails gem dependency
 
-## 0.7.1
+## 0.7.1 - 2013-08-30
 
 - bug
   - [#269] Rails 3.2 raised `ActiveModel::MassAssignmentSecurity::Error`.
 
-## 0.7.0
+## 0.7.0 - 2013-08-21
 
 - enhancements
   - [#229] Rails 4!
@@ -232,27 +327,27 @@
   - [#263] Add a configuration for ActiveRecord.establish_connection
   - Deprecation and Ruby warnings (PRs merged outside of GitHub).
 
-## 0.6.7
+## 0.6.7 - 2013-01-13
 
 - internals
   - [#188] Add IDs to the show views for integration testing [@egtann](https://github.com/egtann)
 
-## 0.6.6
+## 0.6.6 - 2013-01-04
 
 - enhancements
   - [#187] Raise error if configuration is not set
 
-## 0.6.5
+## 0.6.5 - 2012-12-26
 
 - enhancements
   - [#184] Vendor the Bootstrap CSS [@tylerhunt](https://github.com/tylerhunt)
 
-## 0.6.4
+## 0.6.4 - 2012-12-15
 
 - bug
   - [#180] Add localization to authorized_applications destroy notice [@aalvarado](https://github.com/aalvarado)
 
-## 0.6.3
+## 0.6.3 - 2012-12-07
 
 - bugfixes
   - [#163] Error response content-type header should be application/json [@ggayan](https://github.com/ggayan)
@@ -262,19 +357,19 @@
 - internals
   - [#168] Using expectation syntax for controller specs [@rdsoze](https://github.com/rdsoze)
 
-## 0.6.2
+## 0.6.2 - 2012-11-10
 
 - bugfixes
   - [#162] Remove ownership columns from base migration template [@rdsoze](https://github.com/rdsoze)
 
-## 0.6.1
+## 0.6.1 - 2012-11-07
 
 - bugfixes
   - [#160] Removed |routes| argument from initializer authenticator blocks
 - documentation
   - [#160] Fixed description of context of authenticator blocks
 
-## 0.6.0
+## 0.6.0 - 2012-11-05
 
 - enhancements
   - Mongoid `orm` configuration accepts only :mongoid2 or :mongoid3
@@ -293,7 +388,7 @@
   - Rails/ORM are easily swichable with env vars (rails and orm)
   - Travis now tests against Mongoid v2
 
-## 0.5.0.rc1
+## 0.5.0 - 2012-10-20
 
 Official support for rubinius was removed.
 
@@ -321,17 +416,17 @@ Official support for rubinius was removed.
 - documentation
   - [#141] Add rack-cors middleware to readme [@gottfrois](https://github.com/gottfrois)
 
-## 0.4.2
+## 0.4.2 - 2012-06-05
 
 - bugfixes:
   - [#94] Uninitialized Constant in Password Flow
 
-## 0.4.1
+## 0.4.1 - 2012-06-02
 
 - enhancements:
   - Backport: Move doorkeeper_for extension to Filter helper
 
-## 0.4.0
+## 0.4.0 - 2012-05-26
 
 - deprecation
   - Deprecate authorization_scopes
@@ -345,15 +440,15 @@ Official support for rubinius was removed.
 - internals
   - [#2ece8d, #f93778] Introduce Client and ErrorResponse classes
 
-## 0.3.4
+## 0.3.4 - 2012-05-24
 
 - Fix attr_accessible for rails 3.2.x
 
-## 0.3.3
+## 0.3.3 - 2012-05-07
 
 - [#86] shrink gem package size
 
-## 0.3.2
+## 0.3.2 - 2012-04-29
 
 - enhancements
   - [#54] Ignore Authorization: headers that are not Bearer [@miyagawa](https://github.com/miyagawa)
@@ -369,7 +464,7 @@ Official support for rubinius was removed.
   - [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
   - Remove application link in authorized app view
 
-## 0.3.1
+## 0.3.1 - 2012-02-17
 
 - enhancements
   - [#48] Add if, else options to doorkeeper_for
@@ -377,7 +472,7 @@ Official support for rubinius was removed.
 - internals
   - Namespace models
 
-## 0.3.0
+## 0.3.0 - 2012-02-11
 
 - enhancements
   - [#17, #31] Add support for client credentials in basic auth header [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
@@ -396,7 +491,7 @@ Official support for rubinius was removed.
   - Depends on railties instead of whole rails framework
   - CI now integrates with rails 3.1 and 3.2
 
-## 0.2.0
+## 0.2.0 - 2011-12-17
 
 - enhancements
   - [#4] Add authorized applications endpoint
@@ -414,7 +509,7 @@ Official support for rubinius was removed.
 - deprecation
   - deprecate :only and :except options in doorkeeper_for
 
-## 0.1.1
+## 0.1.1 - 2011-11-30
 
 - enhancements
   - [#3] Authorization code must be short lived and single use
@@ -424,7 +519,7 @@ Official support for rubinius was removed.
 - bugfixes
   - Fix issue when creating the access token (wrong client id)
 
-## 0.1.0
+## 0.1.0 - 2011-11-25
 
 - Authorization Code flow
 - OAuth applications endpoint