doorkeeper 3.1.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 03417189314de7b84fcfa05699c35a0346a55035
-  data.tar.gz: e4026de8e9ed39d2bb270abc9efc4e1ccca20775
+  metadata.gz: 68df4a2a59a456f294e58416fb229932a8ea08c3
+  data.tar.gz: 30ff755d1ec25a53119b419ad1d0be3a69bedd7d
 SHA512:
-  metadata.gz: bbe0a1693809bfc8802a66c50df30a128a527a3f239114ffdc69d46e948ac0516594fe3872f3624157632e91078a0ad64aa1f98932b26bdf389228b22bed246b
-  data.tar.gz: 6d434e7dc34b65d1022914f8fd348c9d1c8e6ef41bb30761411eb0c693531ccb12c87c237c1e54fbcbee11a8dd0bf68c82768a6801f273dab2bcaf1fe96afea6
+  metadata.gz: df0bc1f0075ede4a575d2c007806ae887ef11d746204df8bda6345b73abf504911fd8bde1c22e6cbf55066553a3c7f9f10653d127a79ead3c2b5fa204dc9b0d1
+  data.tar.gz: becadfd542de1ee8c6863f4dcb4a53db12ea737687942f0699519eb5299a7c22ecac9beb8026a9833dd3dd166810cf6bf0213602fa5696def66fefe6cc5dbb38

data/.travis.yml

@@ -3,20 +3,18 @@ language: ruby
 sudo: false
 
 rvm:
-  - 2.0
   - 2.1
-  - 2.2
-  - jruby-head
+  - 2.2.4
+  - 2.3.0
+
+before_install:
+  - gem install bundler -v '~> 1.10'
 
 env:
-  - rails=3.2.0
-  - rails=4.1.0
   - rails=4.2.0
+  - rails=5.0.0
 
 matrix:
   exclude:
-    - env: rails=3.2.0
-      rvm: jruby-head
-  exclude:
-    - env: rails=3.2.0
-      rvm: 2.2
+    - env: rails=5.0.0
+      rvm: 2.1

data/CONTRIBUTING.md

@@ -26,6 +26,8 @@ Make the tests pass:
 
     rake
 
+Add notes on your change to the `NEWS.md` file.
+
 Write a [good commit message][commit].
 Push to your fork.
 [Submit a pull request][pr].

data/Gemfile

@@ -1,10 +1,14 @@
-ENV['rails'] ||= '4.2.0'
+ENV["rails"] ||= "4.2.0"
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem 'rails', "~> #{ENV['rails']}"
+gem "rails", "~> #{ENV["rails"]}"
+
+if ENV['rails'].start_with?('5')
+  gem 'rspec-rails', '3.5.0.beta3'
+end
 
-gem "sqlite3", platform: [:ruby, :mswin, :mingw]
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
+gem "sqlite3", platform: [:ruby, :mswin, :mingw]
 
 gemspec

data/NEWS.md

@@ -2,7 +2,62 @@
 
 User-visible changes worth mentioning.
 
----
+## master
+
+## 4.0.0
+
+- [#834] Fix AssetNotPrecompiled error with Sprockets 4
+- [#843] Revert "Fix validation error messages"
+- [#847] Specify Null option to timestamps
+
+## 4.0.0.rc4
+
+- [#777] Add support for public client in password grant flow
+- [#823] Make configuration and specs ORM independent
+- [#745] Add created_at timestamp to token generation options
+- [#838] Drop `Application#scopes` generator and warning, introduced for
+  upgrading doorkeeper from v2 to v3.
+- [#801] Fix Rails 5 warning messages
+- Test against Rails 5 RC1
+
+## 4.0.0.rc3
+
+- [#769] Revoke refresh token on access token use. To make use of the new config
+  add `previous_refresh_token` column to `oauth_access_tokens`:
+
+  ```
+  rails generate doorkeeper:previous_refresh_token
+  ```
+- [#811] Toughen parameters filter with exact match
+- [#813] Applications admin bugfix
+- [#799] Fix Ruby Warnings
+- Drop `attr_accessible` from models
+
+### Backward incompatible changes
+
+- [#730] Force all timezones to use UTC to prevent comparison issues.
+- [#802] Remove `config.i18n.fallbacks` from engine
+
+## 4.0.0.rc2
+
+- Fix optional belongs_to for Rails 5
+- Fix Ruby warnings
+
+## 4.0.0.rc1
+
+### Backward incompatible changes
+
+- Drops support for Rails 4.1 and earlier
+- Drops support for Ruby 2.0
+- [#778] Bug fix: use the remaining time that a token is still valid when
+  building the redirect URI for the implicit grant flow
+
+### Other changes
+
+- [#771] Validation error messages fixes
+- Adds foreign key constraints in generated migrations between tokens and
+  grants, and applications
+- Support Rails 5
 
 ## 3.1.0
 
@@ -67,7 +122,7 @@ User-visible changes worth mentioning.
 - Remove `applications.scopes` upgrade notice.
 
 
-## 2.2.2 (unreleased)
+## 2.2.2
 
 - [#541] Fixed `undefined method attr_accessible` problem on Rails 4
     (happens only when ProtectedAttributes gem is used) in #599

data/README.md

@@ -1,8 +1,8 @@
 # Doorkeeper - awesome oauth provider for your Rails app.
 
 [![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
-[![Dependency Status](https://gemnasium.com/applicake/doorkeeper.svg?travis)](https://gemnasium.com/applicake/doorkeeper)
-[![Code Climate](https://codeclimate.com/github/applicake/doorkeeper.svg)](https://codeclimate.com/github/applicake/doorkeeper)
+[![Dependency Status](https://gemnasium.com/doorkeeper-gem/doorkeeper.svg?travis)](https://gemnasium.com/doorkeeper-gem/doorkeeper)
+[![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
 [![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
 
 Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider
@@ -16,43 +16,41 @@ functionality to your Rails or Grape application.
 Please check the documentation for the version of doorkeeper you are using in:
 https://github.com/doorkeeper-gem/doorkeeper/releases
 
+- See the [wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
+- For general questions, please post in [Stack Overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
+
 ## Table of Contents
 
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
-- [Useful links](#useful-links)
+
 - [Installation](#installation)
 - [Configuration](#configuration)
-    - [Active Record](#active-record)
-    - [Other ORMs](#other-orms)
-    - [Routes](#routes)
-    - [Authenticating](#authenticating)
-    - [Internationalization (I18n)](#internationalization-i18n)
+  - [Active Record](#active-record)
+  - [Other ORMs](#other-orms)
+  - [Routes](#routes)
+  - [Authenticating](#authenticating)
+  - [Internationalization (I18n)](#internationalization-i18n)
 - [Protecting resources with OAuth (a.k.a your API endpoint)](#protecting-resources-with-oauth-aka-your-api-endpoint)
-    - [Protect your API with OAuth when using Grape](#protect-your-api-with-oauth-when-using-grape)
-    - [Route Constraints and other integrations](#route-constraints-and-other-integrations)
-    - [Access Token Scopes](#access-token-scopes)
-    - [Custom Access Token Generator](#custom-access-token-generator)
-    - [Authenticated resource owner](#authenticated-resource-owner)
-    - [Applications list](#applications-list)
+  - [Protect your API with OAuth when using Grape](#protect-your-api-with-oauth-when-using-grape)
+  - [Route Constraints and other integrations](#route-constraints-and-other-integrations)
+  - [Access Token Scopes](#access-token-scopes)
+  - [Custom Access Token Generator](#custom-access-token-generator)
+  - [Authenticated resource owner](#authenticated-resource-owner)
+  - [Applications list](#applications-list)
 - [Other customizations](#other-customizations)
 - [Upgrading](#upgrading)
 - [Development](#development)
 - [Contributing](#contributing)
 - [Other resources](#other-resources)
-    - [Wiki](#wiki)
-    - [Screencast](#screencast)
-    - [Client applications](#client-applications)
-    - [Contributors](#contributors)
-    - [IETF Standards](#ietf-standards)
-    - [License](#license)
-<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+  - [Wiki](#wiki)
+  - [Screencast](#screencast)
+  - [Client applications](#client-applications)
+  - [Contributors](#contributors)
+  - [IETF Standards](#ietf-standards)
+  - [License](#license)
 
-
-## Useful links
-
-- For documentation, please check out our [wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
-- For general questions, please post it in [stack overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
 ## Installation
 
@@ -77,9 +75,19 @@ to generate the migration tables:
 
     rails generate doorkeeper:migration
 
-Don't forget to run the migration with:
+You may want to add foreign keys to your migration. For example, if you plan on
+using `User` as the resource owner, add the following line to the migration file
+for each table that includes a `resource_owner_id` column:
 
-    rake db:migrate
+```ruby
+add_foreign_key :table_name, :users, column: :resource_owner_id
+```
+
+Then run migrations:
+
+```sh
+rake db:migrate
+```
 
 ### Other ORMs
 
@@ -119,7 +127,7 @@ wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
 ### Authenticating
 
 You need to configure Doorkeeper in order to provide `resource_owner` model
-and authentication block `initializers/doorkeeper.rb`
+and authentication block in `config/initializers/doorkeeper.rb`:
 
 ``` ruby
 Doorkeeper.configure do
@@ -238,13 +246,13 @@ class Api::V1::ProductsController < Api::V1::ApiController
 end
 ```
 
-Please note that there is a logical OR between multiple required scopes. In
+Please note that there is a logical OR between multiple required scopes. In the
 above example, `doorkeeper_authorize! :admin, :write` means that the access
-token is required to have either `:admin` scope or `:write` scope, but not need
-have both of them.
+token is required to have either `:admin` scope or `:write` scope, but does not
+need have both of them.
 
-If want to require the access token to have multiple scopes at the same time,
-use multiple `doorkeeper_authorize!`, for example:
+If you want to require the access token to have multiple scopes at the same
+time, use multiple `doorkeeper_authorize!`, for example:
 
 ```ruby
 class Api::V1::ProductsController < Api::V1::ApiController
@@ -256,8 +264,8 @@ class Api::V1::ProductsController < Api::V1::ApiController
 end
 ```
 
-In above example, a client can call `:create` action only if its access token
-have both `:admin` and `:write` scopes.
+In the above example, a client can call `:create` action only if its access token
+has both `:admin` and `:write` scopes.
 
 ### Custom Access Token Generator
 
@@ -305,7 +313,7 @@ token owner.
 
 ### Applications list
 
-By default, the applications list (`/oauth/applications`) is public available.
+By default, the applications list (`/oauth/applications`) is publicly available.
 To protect the endpoint you should uncomment these lines:
 
 ```ruby
@@ -319,9 +327,9 @@ end
 
 The logic is the same as the `resource_owner_authenticator` block. **Note:**
 since the application list is just a scaffold, it's recommended to either
-customize the controller used by the list or skip the controller at all. For
-more information see the page [in the
-wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
+customize the controller used by the list or skip the controller all together.
+For more information see the page
+[in the wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
 
 ## Other customizations
 

data/Rakefile

@@ -2,7 +2,7 @@ require 'bundler/setup'
 require 'rspec/core/rake_task'
 
 desc 'Default: run specs.'
-task :default => :spec
+task default: :spec
 
 desc "Run all specs"
 RSpec::Core::RakeTask.new(:spec) do |config|

data/app/controllers/doorkeeper/application_metal_controller.rb

@@ -1,13 +1,12 @@
 module Doorkeeper
   class ApplicationMetalController < ActionController::Metal
     MODULES = [
-      ActionController::RackDelegation,
       ActionController::Instrumentation,
       AbstractController::Rendering,
       ActionController::Rendering,
       ActionController::Renderers::All,
       Helpers::Controller
-    ]
+    ].freeze
 
     MODULES.each do |mod|
       include mod

data/app/controllers/doorkeeper/applications_controller.rb

@@ -2,8 +2,8 @@ module Doorkeeper
   class ApplicationsController < Doorkeeper::ApplicationController
     layout 'doorkeeper/admin'
 
-    before_filter :authenticate_admin!
-    before_filter :set_application, only: [:show, :edit, :update, :destroy]
+    before_action :authenticate_admin!
+    before_action :set_application, only: [:show, :edit, :update, :destroy]
 
     def index
       @applications = Application.all

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -1,6 +1,6 @@
 module Doorkeeper
   class AuthorizationsController < Doorkeeper::ApplicationController
-    before_filter :authenticate_resource_owner!
+    before_action :authenticate_resource_owner!
 
     def new
       if pre_auth.authorizable?

data/app/controllers/doorkeeper/authorized_applications_controller.rb

@@ -1,6 +1,6 @@
 module Doorkeeper
   class AuthorizedApplicationsController < Doorkeeper::ApplicationController
-    before_filter :authenticate_resource_owner!
+    before_action :authenticate_resource_owner!
 
     def index
       @applications = Application.authorized_for(current_resource_owner)

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -2,7 +2,7 @@ module Doorkeeper
   class TokensController < Doorkeeper::ApplicationMetalController
     def create
       response = authorize_response
-      self.headers.merge! response.headers
+      headers.merge! response.headers
       self.response_body = response.body.to_json
       self.status        = response.status
     rescue Errors::DoorkeeperError => e

data/app/helpers/doorkeeper/dashboard_helper.rb

@@ -1,15 +1,17 @@
-module Doorkeeper::DashboardHelper
-  def doorkeeper_errors_for(object, method)
-    if object.errors[method].present?
-      object.errors[method].map do |msg|
-        content_tag(:span, class: 'help-block') do
-          msg.capitalize
-        end
-      end.join.html_safe
+module Doorkeeper
+  module DashboardHelper
+    def doorkeeper_errors_for(object, method)
+      if object.errors[method].present?
+        object.errors[method].map do |msg|
+          content_tag(:span, class: 'help-block') do
+            msg.capitalize
+          end
+        end.join.html_safe
+      end
     end
-  end
 
-  def doorkeeper_submit_path(application)
-    application.persisted? ? oauth_application_path(application) : oauth_applications_path
+    def doorkeeper_submit_path(application)
+      application.persisted? ? oauth_application_path(application) : oauth_applications_path
+    end
   end
 end

data/app/views/doorkeeper/applications/show.html.erb

@@ -22,7 +22,7 @@
             <code><%= uri %></code>
           </td>
           <td>
-            <%= link_to t('doorkeeper.applications.buttons.authorize'), oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code'), class: 'btn btn-success', target: '_blank' %>
+            <%= link_to t('doorkeeper.applications.buttons.authorize'), oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code', scope: @application.scopes), class: 'btn btn-success', target: '_blank' %>
           </td>
         </tr>
       <% end %>

data/app/views/layouts/doorkeeper/admin.html.erb

@@ -19,7 +19,7 @@
         <%= link_to t('doorkeeper.layouts.admin.nav.applications'), oauth_applications_path %>
       <% end %>
       <%= content_tag :li do %>
-        <%= link_to 'Home', root_path %>
+        <%= link_to t('doorkeeper.layouts.admin.nav.home'), root_path %>
       <% end %>
     </ul>
   </div>

data/config/locales/en.yml

@@ -119,5 +119,6 @@ en:
         nav:
           oauth2_provider: 'OAuth2 Provider'
           applications: 'Applications'
+          home: 'Home'
       application:
         title: 'OAuth authorization required'

data/doorkeeper.gemspec

@@ -1,4 +1,4 @@
-$:.push File.expand_path("../lib", __FILE__)
+$LOAD_PATH.push File.expand_path("../lib", __FILE__)
 
 require "doorkeeper/version"
 
@@ -16,12 +16,13 @@ Gem::Specification.new do |s|
   s.test_files    = `git ls-files -- spec/*`.split("\n")
   s.require_paths = ["lib"]
 
-  s.add_dependency "railties", ">= 3.2"
+  s.add_dependency "railties", ">= 4.2"
 
-  s.add_development_dependency "rspec-rails", "~> 3.4.0"
-  s.add_development_dependency "capybara", "~> 2.3.0"
-  s.add_development_dependency "generator_spec", "~> 0.9.0"
+  s.add_development_dependency "capybara"
+  s.add_development_dependency "database_cleaner", "~> 1.3.0"
   s.add_development_dependency "factory_girl", "~> 4.5.0"
+  s.add_development_dependency "generator_spec", "~> 0.9.0"
+  s.add_development_dependency "rake", "> 10.5.0"
+  s.add_development_dependency "rspec-rails"
   s.add_development_dependency "timecop", "~> 0.7.0"
-  s.add_development_dependency "database_cleaner", "~> 1.3.0"
 end

data/lib/doorkeeper/config.rb

@@ -10,15 +10,10 @@ module Doorkeeper
     setup_orm_adapter
     setup_orm_models
     setup_application_owner if @config.enable_application_owner?
-    check_requirements
   end
 
   def self.configuration
-    @config || (fail MissingConfiguration.new)
-  end
-
-  def self.check_requirements
-    @orm_adapter.check_requirements!(configuration)
+    @config || (fail MissingConfiguration)
   end
 
   def self.setup_orm_adapter
@@ -133,19 +128,20 @@ doorkeeper.
         attribute_builder = options[:builder_class]
 
         Builder.instance_eval do
+          remove_method name if method_defined?(name)
           define_method name do |*args, &block|
             # TODO: is builder_class option being used?
-            value = unless attribute_builder
-                      block ? block : args.first
-                    else
+            value = if attribute_builder
                       attribute_builder.new(&block).build
+                    else
+                      block ? block : args.first
                     end
 
             @config.instance_variable_set(:"@#{attribute}", value)
           end
         end
 
-        define_method attribute do |*args|
+        define_method attribute do |*_args|
           if instance_variable_defined?(:"@#{attribute}")
             instance_variable_get(:"@#{attribute}")
           else
@@ -180,7 +176,7 @@ doorkeeper.
 
     option :skip_authorization,             default: ->(_routes) {}
     option :access_token_expires_in,        default: 7200
-    option :custom_access_token_expires_in, default: lambda { |_app| nil }
+    option :custom_access_token_expires_in, default: ->(_app) { nil }
     option :authorization_code_expires_in,  default: 600
     option :orm,                            default: :active_record
     option :native_redirect_uri,            default: 'urn:ietf:wg:oauth:2.0:oob'
@@ -193,14 +189,17 @@ doorkeeper.
     attr_reader :reuse_access_token
 
     def refresh_token_enabled?
+      @refresh_token_enabled ||= false
       !!@refresh_token_enabled
     end
 
     def enable_application_owner?
+      @enable_application_owner ||= false
       !!@enable_application_owner
     end
 
     def confirm_application_owner?
+      @confirm_application_owner ||= false
       !!@confirm_application_owner
     end
 
@@ -224,10 +223,6 @@ doorkeeper.
       @access_token_methods ||= [:from_bearer_authorization, :from_access_token_param, :from_bearer_param]
     end
 
-    def realm
-      @realm ||= 'Doorkeeper'
-    end
-
     def authorization_response_types
       @authorization_response_types ||= calculate_authorization_response_types
     end

data/lib/doorkeeper/engine.rb

@@ -1,13 +1,8 @@
 module Doorkeeper
   class Engine < Rails::Engine
     initializer "doorkeeper.params.filter" do |app|
-      app.config.filter_parameters += [:client_secret, :code, :token]
-    end
-
-    initializer "doorkeeper.locales" do |app|
-      if app.config.i18n.fallbacks.blank?
-        app.config.i18n.fallbacks = [:en]
-      end
+      parameters = %w(client_secret code authentication_token access_token refresh_token)
+      app.config.filter_parameters << /^(#{Regexp.union parameters})$/
     end
 
     initializer "doorkeeper.routes" do
@@ -19,5 +14,14 @@ module Doorkeeper
         include Doorkeeper::Rails::Helpers
       end
     end
+
+    if defined?(Sprockets) && Sprockets::VERSION.chr.to_i >= 4
+      initializer 'doorkeeper.assets.precompile' do |app|
+        app.config.assets.precompile += %w(
+          doorkeeper/application.css
+          doorkeeper/admin/application.css
+        )
+      end
+    end
   end
 end

data/lib/doorkeeper/helpers/controller.rb

@@ -54,7 +54,7 @@ module Doorkeeper
 
       def handle_token_exception(exception)
         error = get_error_response_from_exception exception
-        self.headers.merge! error.headers
+        headers.merge! error.headers
         self.response_body = error.body.to_json
         self.status        = error.status
       end

data/lib/doorkeeper/models/access_grant_mixin.rb

@@ -10,12 +10,16 @@ module Doorkeeper
     include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
 
     included do
-      belongs_to :application, class_name: 'Doorkeeper::Application', inverse_of: :access_grants
-
-      if respond_to?(:attr_accessible)
-        attr_accessible :resource_owner_id, :application_id, :expires_in, :redirect_uri, :scopes
+      belongs_to_options = {
+        class_name: 'Doorkeeper::Application',
+        inverse_of: :access_grants
+      }
+      if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
+        belongs_to_options[:optional] = true
       end
 
+      belongs_to :application, belongs_to_options
+
       validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, presence: true
       validates :token, uniqueness: true
 
@@ -24,7 +28,7 @@ module Doorkeeper
 
     module ClassMethods
       def by_token(token)
-        where(token: token.to_s).limit(1).to_a.first
+        find_by(token: token.to_s)
       end
     end