RubyGems - doorkeeper - Versions diffs - 3.0.0 → 3.0.1 - Mend

doorkeeper 3.0.0 → 3.0.1

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (24) hide show

checksums.yaml +4 -4
data/.travis.yml +1 -1
data/Gemfile +3 -0
data/NEWS.md +10 -0
data/README.md +1 -1
data/RELEASING.md +2 -2
data/app/views/doorkeeper/authorizations/new.html.erb +1 -1
data/doorkeeper.gemspec +0 -1
data/lib/doorkeeper/errors.rb +6 -0
data/lib/doorkeeper/helpers/controller.rb +4 -0
data/lib/doorkeeper/models/application_mixin.rb +1 -1
data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -5
data/lib/doorkeeper/oauth/refresh_token_request.rb +7 -2
data/lib/doorkeeper/orm/active_record/access_grant.rb +2 -2
data/lib/doorkeeper/orm/active_record/access_token.rb +2 -2
data/lib/doorkeeper/orm/active_record/application.rb +2 -2
data/lib/doorkeeper/version.rb +1 -1
data/spec/models/doorkeeper/access_token_spec.rb +3 -3
data/spec/models/doorkeeper/application_spec.rb +1 -1
data/spec/requests/flows/authorization_code_spec.rb +26 -0
data/spec/requests/flows/refresh_token_spec.rb +8 -0
data/spec/spec_helper_integration.rb +7 -0
data/spec/support/shared/models_shared_examples.rb +1 -1
metadata +3 -18

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cf516340589e1681a0f18d5452292381e95588a8
-  data.tar.gz: b68ffee6988edc433345fabf79177b3415552a47
+  metadata.gz: 6a81fba54edf374cfc12827a6de4b83736c0ad02
+  data.tar.gz: 90ac8eaf779f57d66a1957bbb245d29fec53ecfa
 SHA512:
-  metadata.gz: 5df594f849f22a2369d0de9b14c9d58e4870b1588a6b5a0d708229b44872393b8cddea1ddb0c499939ef522408cc7f78867ef6595d77eb641758ec0a2d0e15b8
-  data.tar.gz: cdcfd5e55d97f04636d7af18407194f89495d408c0fd353f53735f2e05e289837f5fa0c6f21a2cba485cbbd17e0e82cde44d0c4c2da70265e512f73769194f5d
+  metadata.gz: b5fe713de5da62552891c73ad8ccd85f07f3e71ec03418c5d9ae363ea762cae8cdb73d1ab976a602af172cca120e4db3845f27ea9307b980ce5ff34ef2fa5c2a
+  data.tar.gz: 861e8d86128858ca338912e096737267c0254092ae4c5054c97b2193be467c42d7487fd7e464646bca648a8ccc2be631936f65d93a77697d67f1ef4e14864820

data/.travis.yml CHANGED

@@ -1,11 +1,11 @@
 language: ruby
-sudo: false
 cache: bundler
 rvm:
   - 2.0
   - 2.1
   - 2.2
+  - jruby-head
 env:
   - rails=3.2.0

data/Gemfile CHANGED

@@ -4,4 +4,7 @@ source 'https://rubygems.org'
 gem 'rails', "~> #{ENV['rails']}"
+gem "sqlite3", platform: [:ruby, :mswin, :mingw]
+gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gemspec

data/NEWS.md CHANGED

@@ -4,6 +4,16 @@ User-visible changes worth mentioning.
 ---
+## 3.0.1
+- [#712] Wrap exchange of grant token for access token and access token refresh
+  in transactions
+- [#704] Allow applications scopes to be mass assigned
+- [#707] Fixed order of Mixin inclusion and table_name configuration in models
+- [#712] Wrap access token and refresh grants in transactions
+- Adds JRuby support
+- Specs, views and documentation adjustments
 ## 3.0.0
 ### Other changes

data/README.md CHANGED

@@ -331,7 +331,7 @@ wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
 If you want to upgrade doorkeeper to a new version, check out the [upgrading
 notes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
 and take a look at the
-[changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md).
+[changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/NEWS.md).
 ## Development

data/RELEASING.md CHANGED

@@ -4,8 +4,8 @@
 2. Update `NEWS.md` to reflect the changes since last release.
 3. Commit changes. There shouldn’t be code changes, and thus CI doesn’t need to
    run, you can then add “[ci skip]” to the commit message.
-4. Tag the release: `git tag vVERSION`
-5. Push changes: `git push --tags`
+4. Tag the release: `git tag vVERSION -m "Release vVERSION"`
+5. Push changes: `git push && git push --tags`
 6. Build and publish the gem:
    ```bash

data/app/views/doorkeeper/authorizations/new.html.erb CHANGED

@@ -7,7 +7,7 @@
     <%= raw t('.prompt', client_name: "<strong class=\"text-info\">#{ @pre_auth.client.name }</strong>") %>
   </p>
-  <% if @pre_auth.scopes %>
+  <% if @pre_auth.scopes.count > 0 %>
     <div id="oauth-permissions">
       <p><%= t('.able_to') %>:</p>

data/doorkeeper.gemspec CHANGED

@@ -18,7 +18,6 @@ Gem::Specification.new do |s|
   s.add_dependency "railties", ">= 3.2"
-  s.add_development_dependency "sqlite3", "~> 1.3.5"
   s.add_development_dependency "rspec-rails", "~> 3.2.0"
   s.add_development_dependency "capybara", "~> 2.3.0"
   s.add_development_dependency "generator_spec", "~> 0.9.0"

data/lib/doorkeeper/errors.rb CHANGED

@@ -6,6 +6,12 @@ module Doorkeeper
     class InvalidAuthorizationStrategy < DoorkeeperError
     end
+    class InvalidTokenReuse < DoorkeeperError
+    end
+    class InvalidGrantReuse < DoorkeeperError
+    end
     class InvalidTokenStrategy < DoorkeeperError
     end

data/lib/doorkeeper/helpers/controller.rb CHANGED

@@ -41,6 +41,10 @@ module Doorkeeper
                        :unsupported_response_type
                      when Errors::MissingRequestStrategy
                        :invalid_request
+                     when Errors::InvalidTokenReuse
+                       :invalid_request
+                     when Errors::InvalidGrantReuse
+                       :invalid_grant
                      end
         OAuth::ErrorResponse.new name: error_name, state: params[:state]

data/lib/doorkeeper/models/application_mixin.rb CHANGED

@@ -17,7 +17,7 @@ module Doorkeeper
       before_validation :generate_uid, :generate_secret, on: :create
       if respond_to?(:attr_accessible)
-        attr_accessible :name, :redirect_uri
+        attr_accessible :name, :redirect_uri, :scopes
       end
     end

data/lib/doorkeeper/oauth/authorization_code_request.rb CHANGED

@@ -21,11 +21,16 @@ module Doorkeeper
       private
       def before_successful_response
-        grant.revoke
-        find_or_create_access_token(grant.application,
-                                    grant.resource_owner_id,
-                                    grant.scopes,
-                                    server)
+        grant.transaction do
+          grant.lock!
+          raise Errors::InvalidGrantReuse if grant.revoked?
+          grant.revoke
+          find_or_create_access_token(grant.application,
+                                      grant.resource_owner_id,
+                                      grant.scopes,
+                                      server)
+        end
       end
       def validate_attributes

data/lib/doorkeeper/oauth/refresh_token_request.rb CHANGED

@@ -32,8 +32,13 @@ module Doorkeeper
       attr_reader :refresh_token_parameter
       def before_successful_response
-        refresh_token.revoke
-        create_access_token
+        refresh_token.transaction do
+          refresh_token.lock!
+          raise Errors::InvalidTokenReuse if refresh_token.revoked?
+          refresh_token.revoke
+          create_access_token
+        end
       end
       def default_scopes

data/lib/doorkeeper/orm/active_record/access_grant.rb CHANGED

@@ -1,7 +1,7 @@
 module Doorkeeper
   class AccessGrant < ActiveRecord::Base
-    include AccessGrantMixin
     self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}".to_sym
+    include AccessGrantMixin
   end
 end

data/lib/doorkeeper/orm/active_record/access_token.rb CHANGED

@@ -1,9 +1,9 @@
 module Doorkeeper
   class AccessToken < ActiveRecord::Base
-    include AccessTokenMixin
     self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}".to_sym
+    include AccessTokenMixin
     def self.delete_all_for(application_id, resource_owner)
       where(application_id: application_id,
             resource_owner_id: resource_owner.id).delete_all

data/lib/doorkeeper/orm/active_record/application.rb CHANGED

@@ -1,9 +1,9 @@
 module Doorkeeper
   class Application < ActiveRecord::Base
-    include ApplicationMixin
     self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}".to_sym
+    include ApplicationMixin
     if ActiveRecord::VERSION::MAJOR >= 4
       has_many :authorized_tokens, -> { where(revoked_at: nil) }, class_name: 'AccessToken'
     else

data/lib/doorkeeper/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '3.0.0'
+  VERSION = '3.0.1'
 end

data/spec/models/doorkeeper/access_token_spec.rb CHANGED

@@ -123,7 +123,7 @@ module Doorkeeper
       it 'is not valid if token exists' do
         token1 = FactoryGirl.create :access_token, use_refresh_token: true
         token2 = FactoryGirl.create :access_token, use_refresh_token: true
-        token2.send :write_attribute, :refresh_token, token1.refresh_token
+        token2.refresh_token = token1.refresh_token
         expect(token2).not_to be_valid
       end
@@ -131,9 +131,9 @@ module Doorkeeper
         token1 = FactoryGirl.create :access_token, use_refresh_token: true
         token2 = FactoryGirl.create :access_token, use_refresh_token: true
         expect do
-          token2.write_attribute :refresh_token, token1.refresh_token
+          token2.refresh_token = token1.refresh_token
           token2.save(validate: false)
-        end.to raise_error
+        end.to raise_error(ActiveRecord::RecordNotUnique)
       end
     end

data/spec/models/doorkeeper/application_spec.rb CHANGED

@@ -90,7 +90,7 @@ module Doorkeeper
       app1 = FactoryGirl.create(:application)
       app2 = FactoryGirl.create(:application)
       app2.uid = app1.uid
-      expect { app2.save!(validate: false) }.to raise_error
+      expect { app2.save!(validate: false) }.to raise_error(ActiveRecord::RecordNotUnique)
     end
     it 'generate secret on create' do

data/spec/requests/flows/authorization_code_spec.rb CHANGED

@@ -128,3 +128,29 @@ feature 'Authorization Code Flow' do
     end
   end
 end
+describe 'Authorization Code Flow' do
+  before do
+    Doorkeeper.configure do
+      orm DOORKEEPER_ORM
+      use_refresh_token
+    end
+    client_exists
+  end
+  context 'issuing a refresh token' do
+    before do
+      authorization_code_exists application: @client
+    end
+    it 'second of simultaneous client requests get an error for revoked acccess token' do
+      authorization_code = Doorkeeper::AccessGrant.first.token
+      allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:revoked?).and_return(false, true)
+      post token_endpoint_url(code: authorization_code, client: @client)
+      should_not_have_json 'access_token'
+      should_have_json 'error', 'invalid_grant'
+    end
+  end
+end

data/spec/requests/flows/refresh_token_spec.rb CHANGED

@@ -65,6 +65,14 @@ describe 'Refresh Token Flow' do
       should_not_have_json 'refresh_token'
       should_have_json 'error', 'invalid_grant'
     end
+    it 'second of simultaneous client requests get an error for revoked acccess token' do
+      allow_any_instance_of(Doorkeeper::AccessToken).to receive(:revoked?).and_return(false, true)
+      post refresh_token_endpoint_url(client: @client, refresh_token: @token.refresh_token)
+      should_not_have_json 'refresh_token'
+      should_have_json 'error', 'invalid_request'
+    end
   end
   context 'refreshing the token with multiple sessions (devices)' do

data/spec/spec_helper_integration.rb CHANGED

@@ -14,6 +14,13 @@ require 'generator_spec/test_case'
 require 'timecop'
 require 'database_cleaner'
+# Load JRuby SQLite3 if in that platform
+begin
+  require 'jdbc/sqlite3'
+  Jdbc::SQLite3.load_driver
+rescue LoadError
+end
 Rails.logger.info "====> Doorkeeper.orm = #{Doorkeeper.configuration.orm.inspect}"
 if Doorkeeper.configuration.orm == :active_record
   Rails.logger.info "======> active_record.table_name_prefix = #{Rails.configuration.active_record.table_name_prefix.inspect}"

data/spec/support/shared/models_shared_examples.rb CHANGED

@@ -46,7 +46,7 @@ shared_examples 'a unique token' do
       token2.token = token1.token
       expect do
         token2.save!(validate: false)
-      end.to raise_error
+      end.to raise_error(ActiveRecord::RecordNotUnique)
     end
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.0.1
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-07-30 00:00:00.000000000 Z
+date: 2015-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -25,20 +25,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.3.5
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.3.5
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -373,7 +359,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.5
+rubygems_version: 2.4.5.1
 signing_key:
 specification_version: 4
 summary: OAuth 2 provider for Rails and Grape
@@ -492,4 +478,3 @@ test_files:
 - spec/support/shared/controllers_shared_context.rb
 - spec/support/shared/models_shared_examples.rb
 - spec/validators/redirect_uri_validator_spec.rb
-has_rdoc: