RubyGems - doorkeeper - Versions diffs - 3.1.0 → 4.0.0 - Mend

doorkeeper 3.1.0 → 4.0.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (89) hide show

checksums.yaml +4 -4
data/.travis.yml +8 -10
data/CONTRIBUTING.md +2 -0
data/Gemfile +8 -4
data/NEWS.md +57 -2
data/README.md +48 -40
data/Rakefile +1 -1
data/app/controllers/doorkeeper/application_metal_controller.rb +1 -2
data/app/controllers/doorkeeper/applications_controller.rb +2 -2
data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +1 -1
data/app/helpers/doorkeeper/dashboard_helper.rb +13 -11
data/app/views/doorkeeper/applications/show.html.erb +1 -1
data/app/views/layouts/doorkeeper/admin.html.erb +1 -1
data/config/locales/en.yml +1 -0
data/doorkeeper.gemspec +7 -6
data/lib/doorkeeper/config.rb +10 -15
data/lib/doorkeeper/engine.rb +11 -7
data/lib/doorkeeper/helpers/controller.rb +1 -1
data/lib/doorkeeper/models/access_grant_mixin.rb +9 -5
data/lib/doorkeeper/models/access_token_mixin.rb +28 -22
data/lib/doorkeeper/models/application_mixin.rb +3 -7
data/lib/doorkeeper/models/concerns/expirable.rb +2 -2
data/lib/doorkeeper/models/concerns/ownership.rb +6 -1
data/lib/doorkeeper/models/concerns/revocable.rb +19 -2
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
data/lib/doorkeeper/oauth/client/credentials.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +2 -1
data/lib/doorkeeper/oauth/client_credentials_request.rb +7 -4
data/lib/doorkeeper/oauth/code_response.rb +13 -14
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +2 -1
data/lib/doorkeeper/oauth/password_access_token_request.rb +6 -10
data/lib/doorkeeper/oauth/refresh_token_request.rb +23 -11
data/lib/doorkeeper/oauth/scopes.rb +2 -2
data/lib/doorkeeper/oauth/token.rb +6 -5
data/lib/doorkeeper/oauth/token_response.rb +1 -1
data/lib/doorkeeper/orm/active_record/access_token.rb +8 -0
data/lib/doorkeeper/orm/active_record/application.rb +2 -7
data/lib/doorkeeper/orm/active_record.rb +0 -16
data/lib/doorkeeper/rails/helpers.rb +1 -1
data/lib/doorkeeper/rails/routes/mapper.rb +1 -1
data/lib/doorkeeper/rails/routes.rb +2 -1
data/lib/doorkeeper/request/password.rb +11 -1
data/lib/doorkeeper/version.rb +1 -1
data/lib/doorkeeper.rb +1 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +29 -0
data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +1 -1
data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb +11 -0
data/lib/generators/doorkeeper/templates/initializer.rb +2 -2
data/lib/generators/doorkeeper/templates/migration.rb +23 -5
data/spec/controllers/authorizations_controller_spec.rb +0 -14
data/spec/controllers/protected_resources_controller_spec.rb +47 -18
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -4
data/spec/dummy/app/controllers/home_controller.rb +1 -1
data/spec/dummy/app/controllers/metal_controller.rb +1 -1
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +3 -3
data/spec/dummy/app/models/user.rb +0 -4
data/spec/dummy/config/application.rb +2 -36
data/spec/dummy/config/environment.rb +1 -1
data/spec/dummy/config/environments/test.rb +4 -15
data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +6 -0
data/spec/dummy/config/initializers/doorkeeper.rb +2 -2
data/spec/dummy/db/migrate/{20130902165751_create_doorkeeper_tables.rb → 20151223192035_create_doorkeeper_tables.rb} +24 -5
data/spec/dummy/db/migrate/{20130902175349_add_owner_to_application.rb → 20151223200000_add_owner_to_application.rb} +0 -0
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +11 -0
data/spec/dummy/db/schema.rb +23 -22
data/spec/lib/config_spec.rb +2 -2
data/spec/lib/models/revocable_spec.rb +27 -4
data/spec/lib/oauth/authorization_code_request_spec.rb +1 -1
data/spec/lib/oauth/code_response_spec.rb +34 -0
data/spec/lib/oauth/password_access_token_request_spec.rb +5 -5
data/spec/lib/oauth/refresh_token_request_spec.rb +34 -3
data/spec/lib/oauth/scopes_spec.rb +0 -1
data/spec/lib/oauth/token_spec.rb +12 -5
data/spec/models/doorkeeper/access_token_spec.rb +45 -1
data/spec/models/doorkeeper/application_spec.rb +2 -10
data/spec/requests/flows/password_spec.rb +26 -5
data/spec/requests/flows/refresh_token_spec.rb +87 -17
data/spec/spec_helper_integration.rb +3 -0
data/spec/support/helpers/model_helper.rb +27 -5
data/spec/support/http_method_shim.rb +24 -0
data/spec/support/shared/controllers_shared_context.rb +13 -4
data/spec/support/shared/models_shared_examples.rb +1 -1
metadata +52 -32
data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5

data/lib/generators/doorkeeper/templates/initializer.rb CHANGED Viewed

@@ -41,10 +41,10 @@ Doorkeeper.configure do
   # use_refresh_token
   # Provide support for an owner to be assigned to each registered application (disabled by default)
-  # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+  # Optional parameter confirmation: true (default false) if you want to enforce ownership of
   # a registered application
   # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
-  # enable_application_owner :confirmation => false
+  # enable_application_owner confirmation: false
   # Define access token scopes for your provider
   # For more information go to

data/lib/generators/doorkeeper/templates/migration.rb CHANGED Viewed

@@ -6,14 +6,14 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.string  :secret,       null: false
       t.text    :redirect_uri, null: false
       t.string  :scopes,       null: false, default: ''
-      t.timestamps
+      t.timestamps             null: false
     end
     add_index :oauth_applications, :uid, unique: true
     create_table :oauth_access_grants do |t|
       t.integer  :resource_owner_id, null: false
-      t.integer  :application_id,    null: false
+      t.references :application,     null: false
       t.string   :token,             null: false
       t.integer  :expires_in,        null: false
       t.text     :redirect_uri,      null: false
@@ -23,10 +23,15 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
     end
     add_index :oauth_access_grants, :token, unique: true
+    add_foreign_key(
+      :oauth_access_grants,
+      :oauth_applications,
+      column: :application_id
+    )
     create_table :oauth_access_tokens do |t|
       t.integer  :resource_owner_id
-      t.integer  :application_id
+      t.references :application
       # If you use a custom token generator you may need to change this column
       # from string to text, so that it accepts tokens larger than 255
@@ -34,17 +39,30 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
       #
       # t.text     :token,             null: false
-      t.string   :token,             null: false
+      t.string   :token,                  null: false
       t.string   :refresh_token
       t.integer  :expires_in
       t.datetime :revoked_at
-      t.datetime :created_at,        null: false
+      t.datetime :created_at,             null: false
       t.string   :scopes
+      # If there is a previous_refresh_token column,
+      # refresh tokens will be revoked after a related access token is used.
+      # If there is no previous_refresh_token column,
+      # previous tokens are revoked as soon as a new access token is created.
+      # Comment out this line if you'd rather have refresh tokens
+      # instantly revoked.
+      t.string   :previous_refresh_token, null: false, default: ""
     end
     add_index :oauth_access_tokens, :token, unique: true
     add_index :oauth_access_tokens, :resource_owner_id
     add_index :oauth_access_tokens, :refresh_token, unique: true
+    add_foreign_key(
+      :oauth_access_tokens,
+      :oauth_applications,
+      column: :application_id
+    )
   end
 end

data/spec/controllers/authorizations_controller_spec.rb CHANGED Viewed

@@ -89,16 +89,6 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     it 'returns the existing access token in a fragment'
   end
-  describe 'GET #new' do
-    before do
-      get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
-    end
-    it 'renders new template' do
-      expect(response).to render_template(:new)
-    end
-  end
   describe 'GET #new token request with native url and skip_authorization true' do
     before do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
@@ -191,10 +181,6 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       expect(response).to_not be_redirect
     end
-    it 'renders error template' do
-      expect(response).to render_template(:error)
-    end
     it 'does not issue any token' do
       expect(Doorkeeper::AccessGrant.count).to eq 0
       expect(Doorkeeper::AccessToken.count).to eq 0

data/spec/controllers/protected_resources_controller_spec.rb CHANGED Viewed

@@ -2,27 +2,35 @@ require 'spec_helper_integration'
 module ControllerActions
   def index
-    render text: 'index'
+    render plain: 'index'
   end
   def show
-    render text: 'show'
+    render plain: 'show'
+  end
+  def doorkeeper_unauthorized_render_options(*)
+  end
+  def doorkeeper_forbidden_render_options(*)
   end
 end
 describe 'doorkeeper authorize filter' do
   context 'accepts token code specified as' do
     controller do
-      before_filter :doorkeeper_authorize!
+      before_action :doorkeeper_authorize!
       def index
-        render text: 'index'
+        render plain: 'index'
       end
     end
     let(:token_string) { '1A2BC3' }
     let(:token) do
-      double(Doorkeeper::AccessToken, acceptable?: true)
+      double(Doorkeeper::AccessToken,
+             acceptable?: true, previous_refresh_token: "",
+             revoke_previous_refresh_token!: true)
     end
     it 'access_token param' do
@@ -58,7 +66,7 @@ describe 'doorkeeper authorize filter' do
   context 'defined for all actions' do
     controller do
-      before_filter :doorkeeper_authorize!
+      before_action :doorkeeper_authorize!
       include ControllerActions
     end
@@ -92,7 +100,7 @@ describe 'doorkeeper authorize filter' do
   context 'defined with scopes' do
     controller do
-      before_filter -> { doorkeeper_authorize! :write }
+      before_action -> { doorkeeper_authorize! :write }
       include ControllerActions
     end
@@ -100,16 +108,26 @@ describe 'doorkeeper authorize filter' do
     let(:token_string) { '1A2DUWE' }
     it 'allows if the token has particular scopes' do
-      token = double(Doorkeeper::AccessToken, accessible?: true, scopes: %w(write public))
+      token = double(Doorkeeper::AccessToken,
+                     accessible?: true, scopes: %w(write public),
+                     previous_refresh_token: "",
+                     revoke_previous_refresh_token!: true)
       expect(token).to receive(:acceptable?).with([:write]).and_return(true)
-      expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
+      expect(
+        Doorkeeper::AccessToken
+      ).to receive(:by_token).with(token_string).and_return(token)
       get :index, access_token: token_string
       expect(response).to be_success
     end
     it 'does not allow if the token does not include given scope' do
-      token = double(Doorkeeper::AccessToken, accessible?: true, scopes: ['public'], revoked?: false, expired?: false)
-      expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
+      token = double(Doorkeeper::AccessToken,
+                     accessible?: true, scopes: ['public'], revoked?: false,
+                     expired?: false, previous_refresh_token: "",
+                     revoke_previous_refresh_token!: true)
+      expect(
+        Doorkeeper::AccessToken
+      ).to receive(:by_token).with(token_string).and_return(token)
       expect(token).to receive(:acceptable?).with([:write]).and_return(false)
       get :index, access_token: token_string
       expect(response.status).to eq 403
@@ -119,7 +137,7 @@ describe 'doorkeeper authorize filter' do
   context 'when custom unauthorized render options are configured' do
     controller do
-      before_filter :doorkeeper_authorize!
+      before_action :doorkeeper_authorize!
       include ControllerActions
     end
@@ -127,6 +145,7 @@ describe 'doorkeeper authorize filter' do
     context 'with a JSON custom render', token: :invalid do
       before do
         module ControllerActions
+          remove_method :doorkeeper_unauthorized_render_options
           def doorkeeper_unauthorized_render_options(error: nil)
             { json: ActiveSupport::JSON.encode(error_message: error.description) }
           end
@@ -134,6 +153,7 @@ describe 'doorkeeper authorize filter' do
       end
       after do
         module ControllerActions
+          remove_method :doorkeeper_unauthorized_render_options
           def doorkeeper_unauthorized_render_options(error: nil)
           end
         end
@@ -153,13 +173,15 @@ describe 'doorkeeper authorize filter' do
     context 'with a text custom render', token: :invalid do
       before do
         module ControllerActions
+          remove_method :doorkeeper_unauthorized_render_options
           def doorkeeper_unauthorized_render_options(error: nil)
-            { text: 'Unauthorized' }
+            { plain: 'Unauthorized' }
           end
         end
       end
       after do
         module ControllerActions
+          remove_method :doorkeeper_unauthorized_render_options
           def doorkeeper_unauthorized_render_options(error: nil)
           end
         end
@@ -168,7 +190,7 @@ describe 'doorkeeper authorize filter' do
       it 'it renders a custom text response', token: :invalid do
         get :index, access_token: token_string
         expect(response.status).to eq 401
-        expect(response.content_type).to eq('text/html')
+        expect(response.content_type).to eq('text/plain')
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
         expect(response.body).to eq('Unauthorized')
       end
@@ -183,26 +205,30 @@ describe 'doorkeeper authorize filter' do
     after do
       module ControllerActions
+        remove_method :doorkeeper_forbidden_render_options
         def doorkeeper_forbidden_render_options(*)
         end
       end
     end
     controller do
-      before_filter -> { doorkeeper_authorize! :write }
+      before_action -> { doorkeeper_authorize! :write }
       include ControllerActions
     end
     let(:token) do
       double(Doorkeeper::AccessToken,
-             accessible?: true, scopes: ['public'], revoked?: false, expired?: false)
+             accessible?: true, scopes: ['public'], revoked?: false,
+             expired?: false, previous_refresh_token: "",
+             revoke_previous_refresh_token!: true)
     end
     let(:token_string) { '1A2DUWE' }
     context 'with a JSON custom render' do
       before do
         module ControllerActions
+          remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
             { json: { error_message: 'Forbidden' } }
           end
@@ -223,6 +249,7 @@ describe 'doorkeeper authorize filter' do
     context 'with a status and JSON custom render' do
       before do
         module ControllerActions
+          remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
             { json: { error_message: 'Not Found' },
               respond_not_found_when_forbidden: true }
@@ -239,8 +266,9 @@ describe 'doorkeeper authorize filter' do
     context 'with a text custom render' do
       before do
         module ControllerActions
+          remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
-            { text: 'Forbidden' }
+            { plain: 'Forbidden' }
           end
         end
       end
@@ -256,8 +284,9 @@ describe 'doorkeeper authorize filter' do
     context 'with a status and text custom render' do
       before do
         module ControllerActions
+          remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
-            { respond_not_found_when_forbidden: true, text: 'Not Found' }
+            { respond_not_found_when_forbidden: true, plain: 'Not Found' }
           end
         end
       end

data/spec/dummy/app/controllers/full_protected_resources_controller.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 class FullProtectedResourcesController < ApplicationController
-  before_filter -> { doorkeeper_authorize! :write, :admin }, only: :show
-  before_filter :doorkeeper_authorize!, only: :index
+  before_action -> { doorkeeper_authorize! :write, :admin }, only: :show
+  before_action :doorkeeper_authorize!, only: :index
   def index
-    render text: 'index'
+    render plain: 'index'
   end
   def show
-    render text: 'show'
+    render plain: 'show'
   end
 end

data/spec/dummy/app/controllers/home_controller.rb CHANGED Viewed

@@ -12,6 +12,6 @@ class HomeController < ApplicationController
   end
   def callback
-    render text: 'ok'
+    render plain: 'ok'
   end
 end

data/spec/dummy/app/controllers/metal_controller.rb CHANGED Viewed

@@ -3,7 +3,7 @@ class MetalController < ActionController::Metal
   include ActionController::Head
   include Doorkeeper::Rails::Helpers
-  before_filter :doorkeeper_authorize!
+  before_action :doorkeeper_authorize!
   def index
     self.response_body = { ok: true }.to_json

data/spec/dummy/app/controllers/semi_protected_resources_controller.rb CHANGED Viewed

@@ -1,11 +1,11 @@
 class SemiProtectedResourcesController < ApplicationController
-  before_filter :doorkeeper_authorize!, only: :index
+  before_action :doorkeeper_authorize!, only: :index
   def index
-    render text: 'protected index'
+    render plain: 'protected index'
   end
   def show
-    render text: 'non protected show'
+    render plain: 'non protected show'
   end
 end

data/spec/dummy/app/models/user.rb CHANGED Viewed

@@ -1,8 +1,4 @@
 class User < ActiveRecord::Base
-  if respond_to?(:attr_accessible)
-    attr_accessible :name, :password
-  end
   def self.authenticate!(name, password)
     User.where(name: name, password: password).first
   end

data/spec/dummy/config/application.rb CHANGED Viewed

@@ -1,9 +1,8 @@
 require File.expand_path('../boot', __FILE__)
-require 'action_controller/railtie'
-require 'sprockets/railtie'
+require 'rails/all'
-Bundler.require :default
+Bundler.require(*Rails.groups)
 require 'yaml'
@@ -20,38 +19,5 @@ module Dummy
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
-    # Only load the plugins named here, in the order given (default is alphabetical).
-    # :all can be used as a placeholder for all plugins not explicitly named.
-    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
-    # Activate observers that should always be running.
-    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
-    if defined?(ActiveRecord) && Rails.version.to_i < 4
-      config.active_record.whitelist_attributes = true
-    end
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    # config.time_zone = 'Central Time (US & Canada)'
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    config.i18n.load_path += Dir[Rails.root.join('../../', 'config/locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :en
-    # Configure the default encoding used in templates for Ruby 1.9.
-    config.encoding = 'utf-8'
-    # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password]
-    # Enable the asset pipeline
-    config.assets.enabled = true
-    # Version of your assets, change this if you want to expire all your assets
-    config.assets.version = '1.0'
-    I18n.enforce_available_locales = false
   end
 end

data/spec/dummy/config/environment.rb CHANGED Viewed

@@ -2,4 +2,4 @@
 require File.expand_path('../application', __FILE__)
 # Initialize the rails application
-Dummy::Application.initialize!
+Rails.application.initialize!

data/spec/dummy/config/environments/test.rb CHANGED Viewed

@@ -7,21 +7,10 @@ Dummy::Application.configure do
   # and recreated between test runs.  Don't rely on the data there!
   config.cache_classes = true
-  # Configure static asset server for tests with Cache-Control for performance
-  config.static_cache_control = 'public, max-age=3600'
-  if Rails.version.to_i < 4
-    # Log error messages when you accidentally call methods on nil
-    config.whiny_nils = true
-  end
-  if Rails.version.to_i >= 4
-    # Do not eager load code on boot. This avoids loading your whole application
-    # just for the purpose of running a single test. If you are using a tool that
-    # preloads Rails for running tests, you may have to set it to true.
-    config.eager_load = false
-    config.i18n.enforce_available_locales = true
-  end
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true

data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# Require `belongs_to` associations by default. This is a new Rails 5.0
+# default, so it is introduced as a configuration option to ensure that apps
+# made on earlier versions of Rails are not affected when upgrading.
+if Rails.version.to_i >= 5
+  Rails.application.config.active_record.belongs_to_required_by_default = true
+end

data/spec/dummy/config/initializers/doorkeeper.rb CHANGED Viewed

@@ -30,10 +30,10 @@ Doorkeeper.configure do
   use_refresh_token
   # Provide support for an owner to be assigned to each registered application (disabled by default)
-  # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+  # Optional parameter confirmation: true (default false) if you want to enforce ownership of
   # a registered application
   # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
-  # enable_application_owner :confirmation => false
+  # enable_application_owner confirmation: false
   # Define access token scopes for your provider
   # For more information go to

data/spec/dummy/db/migrate/{20130902165751_create_doorkeeper_tables.rb → 20151223192035_create_doorkeeper_tables.rb} RENAMED Viewed

@@ -4,29 +4,43 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.string  :name,         null: false
       t.string  :uid,          null: false
       t.string  :secret,       null: false
-      t.string  :redirect_uri, null: false, limit: 2048
-      t.timestamps
+      t.text    :redirect_uri, null: false
+      t.string  :scopes,       null: false, default: ''
+      t.timestamps             null: false
     end
     add_index :oauth_applications, :uid, unique: true
     create_table :oauth_access_grants do |t|
       t.integer  :resource_owner_id, null: false
-      t.integer  :application_id,    null: false
+      t.references :application,     null: false
       t.string   :token,             null: false
       t.integer  :expires_in,        null: false
-      t.string   :redirect_uri,      null: false, limit: 2048
+      t.text     :redirect_uri,      null: false
       t.datetime :created_at,        null: false
       t.datetime :revoked_at
       t.string   :scopes
     end
     add_index :oauth_access_grants, :token, unique: true
+    add_foreign_key(
+      :oauth_access_grants,
+      :oauth_applications,
+      column: :application_id,
+    )
     create_table :oauth_access_tokens do |t|
       t.integer  :resource_owner_id
-      t.integer  :application_id
+      t.references :application
+      # If you use a custom token generator you may need to change this column
+      # from string to text, so that it accepts tokens larger than 255
+      # characters. More info on custom token generators in:
+      # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+      #
+      # t.text     :token,             null: false
       t.string   :token,             null: false
       t.string   :refresh_token
       t.integer  :expires_in
       t.datetime :revoked_at
@@ -37,5 +51,10 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
     add_index :oauth_access_tokens, :token, unique: true
     add_index :oauth_access_tokens, :resource_owner_id
     add_index :oauth_access_tokens, :refresh_token, unique: true
+    add_foreign_key(
+      :oauth_access_tokens,
+      :oauth_applications,
+      column: :application_id,
+    )
   end
 end

data/spec/dummy/db/migrate/{20130902175349_add_owner_to_application.rb → 20151223200000_add_owner_to_application.rb} RENAMED Viewed

File without changes

data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration
+  def change
+    add_column(
+      :oauth_access_tokens,
+      :previous_refresh_token,
+      :string,
+      default: "",
+      null: false
+    )
+  end
+end

data/spec/dummy/db/schema.rb CHANGED Viewed

@@ -11,55 +11,56 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20141209001746) do
+ActiveRecord::Schema.define(version: 20160320211015) do
-  create_table "oauth_access_grants", force: true do |t|
-    t.integer  "resource_owner_id",              null: false
-    t.integer  "application_id",                 null: false
-    t.string   "token",                          null: false
-    t.integer  "expires_in",                     null: false
-    t.string   "redirect_uri",      limit: 2048, null: false
-    t.datetime "created_at",                     null: false
+  create_table "oauth_access_grants", force: :cascade do |t|
+    t.integer  "resource_owner_id", null: false
+    t.integer  "application_id",    null: false
+    t.string   "token",             null: false
+    t.integer  "expires_in",        null: false
+    t.text     "redirect_uri",      null: false
+    t.datetime "created_at",        null: false
     t.datetime "revoked_at"
     t.string   "scopes"
   end
   add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true
-  create_table "oauth_access_tokens", force: true do |t|
+  create_table "oauth_access_tokens", force: :cascade do |t|
     t.integer  "resource_owner_id"
     t.integer  "application_id"
-    t.string   "token",             null: false
+    t.string   "token",                               null: false
     t.string   "refresh_token"
     t.integer  "expires_in"
     t.datetime "revoked_at"
-    t.datetime "created_at",        null: false
+    t.datetime "created_at",                          null: false
     t.string   "scopes"
+    t.string   "previous_refresh_token", default: "", null: false
   end
   add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
   add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
   add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true
-  create_table "oauth_applications", force: true do |t|
-    t.string   "name",                                   null: false
-    t.string   "uid",                                    null: false
-    t.string   "secret",                                 null: false
-    t.string   "redirect_uri", limit: 2048,              null: false
-    t.datetime "created_at",                             null: false
-    t.datetime "updated_at",                             null: false
+  create_table "oauth_applications", force: :cascade do |t|
+    t.string   "name",                      null: false
+    t.string   "uid",                       null: false
+    t.string   "secret",                    null: false
+    t.text     "redirect_uri",              null: false
+    t.string   "scopes",       default: "", null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
     t.integer  "owner_id"
     t.string   "owner_type"
-    t.string   "scopes",                    default: "", null: false
   end
   add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
   add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true
-  create_table "users", force: true do |t|
+  create_table "users", force: :cascade do |t|
     t.string   "name"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
     t.string   "password"
   end

data/spec/lib/config_spec.rb CHANGED Viewed

@@ -8,7 +8,7 @@ describe Doorkeeper, 'configuration' do
       block = proc {}
       Doorkeeper.configure do
         orm DOORKEEPER_ORM
-        resource_owner_authenticator &block
+        resource_owner_authenticator(&block)
       end
       expect(subject.authenticate_resource_owner).to eq(block)
     end
@@ -149,7 +149,7 @@ describe Doorkeeper, 'configuration' do
     end
   end
-  describe 'access_token_credentials' do
+  describe 'access_token_methods' do
     it 'has defaults order' do
       expect(subject.access_token_methods).to eq([:from_bearer_authorization, :from_access_token_param, :from_bearer_param])
     end