doorkeeper 3.1.0 → 4.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 03417189314de7b84fcfa05699c35a0346a55035
-  data.tar.gz: e4026de8e9ed39d2bb270abc9efc4e1ccca20775
+  metadata.gz: 8d8d3550d8406d4abb224c4960d1d6e8a0c4c706
+  data.tar.gz: b12408cb8b0dc2b14ee69b57798943b5c1bfaa30
 SHA512:
-  metadata.gz: bbe0a1693809bfc8802a66c50df30a128a527a3f239114ffdc69d46e948ac0516594fe3872f3624157632e91078a0ad64aa1f98932b26bdf389228b22bed246b
-  data.tar.gz: 6d434e7dc34b65d1022914f8fd348c9d1c8e6ef41bb30761411eb0c693531ccb12c87c237c1e54fbcbee11a8dd0bf68c82768a6801f273dab2bcaf1fe96afea6
+  metadata.gz: 0674af950f6070d6457e09f73fc89736b092ae6595e484ca6e67e7f126912ea007509d9249fdc4eb01e66bf981c1e49da33712203d8428d10401a43faabd1cfd
+  data.tar.gz: e447513c202dfde4c622b898da2a98dff64272193136fe399b890bb97488e7915156a2588caa6de3566db411f4c7dfa89e88be3a8b8d0a76511251f2f980c382

data/.coveralls.yml

@@ -0,0 +1 @@
+service_name: travis-ci

data/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,25 @@
+### Steps to reproduce
+What we need to do to see your problem or bug?
+
+The more detailed the issue, the more likely that we will fix it ASAP.
+
+Don't use GitHub issues for questions like "How can I do that?" —
+use [StackOverflow](https://stackoverflow.com/questions/tagged/doorkeeper)
+instead with the corresponding tag.
+
+### Expected behavior
+Tell us what should happen
+
+### Actual behavior
+Tell us what happens instead
+
+### System configuration
+You can help us to understand your problem if you will share some very
+useful information about your project environment (don't forget to
+remove any confidential data if it exists).
+
+**Doorkeeper initializer**:
+
+**Ruby version**:
+
+**Gemfile.lock**:

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,17 @@
+### Summary
+
+Provide a general description of the code changes in your pull
+request... were there any bugs you had fixed? If so, mention them. If
+these bugs have open GitHub issues, be sure to tag them here as well,
+to keep the conversation linked together.
+
+### Other Information
+
+If there's anything else that's important and relevant to your pull
+request, mention that information here. This could include
+benchmarks, or other information.
+
+If you are updating NEWS.md file or are asked to update it by reviewers,
+please add the changelog entry at the top of the file.
+
+Thanks for contributing to Doorkeeper project!

data/.gitignore

@@ -6,9 +6,14 @@ pkg/
 spec/dummy/db/*.sqlite3
 spec/dummy/log/*.log
 spec/dummy/tmp/
+spec/generators/tmp
 Gemfile.lock
 gemfiles/*.lock
-spec/generators/tmp
 .rvmrc
 *.swp
 .idea
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+coverage

data/.hound.yml

@@ -1,13 +1,2 @@
-AllCops:
-  Exclude:
-    - "spec/dummy/db/*"
-
-LineLength:
-  Exclude:
-    - spec/**/*
-
-StringLiterals:
-  Enabled: false
-
-TrailingBlankLines:
-  Enabled: true
+ruby:
+  config_file: .rubocop.yml

data/.rubocop.yml

@@ -0,0 +1,17 @@
+AllCops:
+  Exclude:
+    - "spec/dummy/db/*"
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*
+
+LineLength:
+  Exclude:
+    - spec/**/*
+
+StringLiterals:
+  Enabled: false
+
+TrailingBlankLines:
+  Enabled: true

data/.travis.yml

@@ -3,20 +3,36 @@ language: ruby
 sudo: false
 
 rvm:
-  - 2.0
   - 2.1
   - 2.2
-  - jruby-head
+  - 2.3
+  - 2.4
+  - 2.5
 
-env:
-  - rails=3.2.0
-  - rails=4.1.0
-  - rails=4.2.0
+before_install:
+  - gem update --system # Need for Ruby 2.5.0. https://github.com/travis-ci/travis-ci/issues/8978
+  - gem install bundler -v '~> 1.10'
+
+gemfile:
+  - gemfiles/rails_4_2.gemfile
+  - gemfiles/rails_5_0.gemfile
+  - gemfiles/rails_5_1.gemfile
+  - gemfiles/rails_5_2.gemfile
+  - gemfiles/rails_master.gemfile
 
 matrix:
   exclude:
-    - env: rails=3.2.0
-      rvm: jruby-head
-  exclude:
-    - env: rails=3.2.0
+    - gemfile: gemfiles/rails_5_0.gemfile
+      rvm: 2.1
+    - gemfile: gemfiles/rails_5_1.gemfile
+      rvm: 2.1
+    - gemfile: gemfiles/rails_5_2.gemfile
+      rvm: 2.1
+    - gemfile: gemfiles/rails_master.gemfile
+      rvm: 2.1
+    - gemfile: gemfiles/rails_master.gemfile
       rvm: 2.2
+    - gemfile: gemfiles/rails_master.gemfile
+      rvm: 2.3
+  allow_failures:
+    - gemfile: gemfiles/rails_master.gemfile

data/Appraisals

@@ -0,0 +1,18 @@
+appraise "rails-4-2" do
+  gem "rails", "~> 4.2.0"
+end
+
+appraise "rails-5-0" do
+  gem "rails", "~> 5.0.0"
+  gem "rspec-rails", "~> 3.5"
+end
+
+appraise "rails-5-1" do
+  gem "rails", "~> 5.1.0"
+  gem "rspec-rails", "~> 3.5"
+end
+
+appraise "rails-master" do
+  gem "rails", git: 'https://github.com/rails/rails'
+  gem "arel", git: 'https://github.com/rails/arel'
+end

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team members or current maintainer email, specified in gemspec. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/CONTRIBUTING.md

@@ -26,6 +26,8 @@ Make the tests pass:
 
     rake
 
+Add notes on your change to the `NEWS.md` file.
+
 Write a [good commit message][commit].
 Push to your fork.
 [Submit a pull request][pr].

data/Gemfile

@@ -1,10 +1,10 @@
-ENV['rails'] ||= '4.2.0'
+source "https://rubygems.org"
 
-source 'https://rubygems.org'
+gem "rails", "~> 5.1"
 
-gem 'rails', "~> #{ENV['rails']}"
+gem "appraisal"
 
-gem "sqlite3", platform: [:ruby, :mswin, :mingw]
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
-
+gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw]
 gemspec

data/NEWS.md

@@ -2,7 +2,146 @@
 
 User-visible changes worth mentioning.
 
----
+## master
+
+## 4.4.3
+- [#1143] Adds a config option opt_out_native_route_change to opt out of the
+  breaking api changed introduced in
+  https://github.com/doorkeeper-gem/doorkeeper/pull/1003
+
+## 4.4.2
+- [#1130] Backport fix for native redirect_uri from 5.x.
+
+## 4.4.1
+
+- [#1127] Backport token type to comply with the RFC6750 specification.
+- [#1125] Backport Quote surround I18n yes/no keys
+
+## 4.4.0
+
+- [#1120] Backport security fix from 5.x for token revocation when using public clients
+
+## 4.3.2
+
+- [#1053] Support authorizing with query params in the request `redirect_uri` if explicitly present in app's `Application#redirect_uri`
+
+## 4.3.1
+
+- Remove `BaseRecord` and introduce additional concern for ordering methods to fix
+  braking changes for Doorkeeper models.
+- [#1032] Refactor BaseRequest callbacks into configurable lambdas
+- [#1040] Clear mixins from ActiveRecord DSL and save only overridable API. It
+  allows to use this mixins in Doorkeeper ORM extensions with minimum code boilerplate.
+
+## 4.3.0
+
+- [#976] Fix to invalidate the second redirect URI when the first URI is the native URI
+- [#1035] Allow `Application#redirect_uri=` to handle array of URIs.
+- [#1036] Allow to forbid Application redirect URI's with specific rules.
+- [#1029] Deprecate `order_method` and introduce `ordered_by`. Sort applications
+  by `created_at` in index action.
+- [#1033] Allow Doorkeeper configuration option #force_ssl_in_redirect_uri to be a callable object.
+- Fix Grape integration & add specs for it
+- [#913] Deferred ORM (ActiveRecord) models loading
+- [#943] Fix Access Token token generation when certain errors occur in custom token generators
+- [#1026] Implement RFC7662 - OAuth 2.0 Token Introspection
+- [#985] Generate valid migration files for Rails >= 5
+- [#972] Replace Struct subclassing with block-form initialization
+- [#1003] Use URL query param to pass through native redirect auth code so automated apps can find it.
+- [#868] `Scopes#&` and `Scopes#+` now take an array or any other enumerable
+  object.
+- [#1019] Remove translation not in use: `invalid_resource_owner`.
+- Use Ruby 2 hash style syntax (min required Ruby version = 2.1)
+- [#948] Make Scopes.<=> work with any "other" value.
+- [#974] Redirect URI is checked without query params within AuthorizationCodeRequest.
+- [#1004] More explicit help text for `native_redirect_uri`.
+- [#1023] Update Ruby versions and test against 2.5.0 on Travis CI.
+- [#1024] Migrate from FactoryGirl to FactoryBot.
+- [#1025] Improve documentation for adding foreign keys
+- [#1028] Make it possible to have composite strategy names.
+
+## 4.2.6
+
+- [#970] Escape certain attributes in authorization forms.
+
+## 4.2.5
+
+- [#936] Deprecate `Doorkeeper#configured?`, `Doorkeeper#database_installed?`, and
+  `Doorkeeper#installed?`
+- [#909] Add `InvalidTokenResponse#reason` reader method to allow read the kind
+  of invalid token error.
+- [#928] Test against more recent Ruby versions
+- Small refactorings within the codebase
+- [#921] Switch to Appraisal, and test against Rails master
+- [#892] Add minimum Ruby version requirement
+
+## 4.2.0
+
+- Security fix: Address CVE-2016-6582, implement token revocation according to
+    spec (tokens might not be revoked if client follows the spec).
+- [#873] Add hooks to Doorkeeper::ApplicationMetalController
+- [#871] Allow downstream users to better utilize doorkeeper spec factories by
+  eliminating name conflict on `:user` factory.
+
+## 4.1.0
+
+- [#845] Allow customising the `Doorkeeper::ApplicationController` base
+  controller
+
+## 4.0.0
+
+- [#834] Fix AssetNotPrecompiled error with Sprockets 4
+- [#843] Revert "Fix validation error messages"
+- [#847] Specify Null option to timestamps
+
+## 4.0.0.rc4
+
+- [#777] Add support for public client in password grant flow
+- [#823] Make configuration and specs ORM independent
+- [#745] Add created_at timestamp to token generation options
+- [#838] Drop `Application#scopes` generator and warning, introduced for
+  upgrading doorkeeper from v2 to v3.
+- [#801] Fix Rails 5 warning messages
+- Test against Rails 5 RC1
+
+## 4.0.0.rc3
+
+- [#769] Revoke refresh token on access token use. To make use of the new config
+  add `previous_refresh_token` column to `oauth_access_tokens`:
+
+  ```
+  rails generate doorkeeper:previous_refresh_token
+  ```
+- [#811] Toughen parameters filter with exact match
+- [#813] Applications admin bugfix
+- [#799] Fix Ruby Warnings
+- Drop `attr_accessible` from models
+
+### Backward incompatible changes
+
+- [#730] Force all timezones to use UTC to prevent comparison issues.
+- [#802] Remove `config.i18n.fallbacks` from engine
+
+## 4.0.0.rc2
+
+- Fix optional belongs_to for Rails 5
+- Fix Ruby warnings
+
+## 4.0.0.rc1
+
+### Backward incompatible changes
+
+- Drops support for Rails 4.1 and earlier
+- Drops support for Ruby 2.0
+- [#778] Bug fix: use the remaining time that a token is still valid when
+  building the redirect URI for the implicit grant flow
+
+### Other changes
+
+- [#771] Validation error messages fixes
+- Adds foreign key constraints in generated migrations between tokens and
+  grants, and applications
+- Support Rails 5
 
 ## 3.1.0
 
@@ -67,7 +206,7 @@ User-visible changes worth mentioning.
 - Remove `applications.scopes` upgrade notice.
 
 
-## 2.2.2 (unreleased)
+## 2.2.2
 
 - [#541] Fixed `undefined method attr_accessible` problem on Rails 4
     (happens only when ProtectedAttributes gem is used) in #599