RubyGems - doorkeeper - Versions diffs - 3.1.0 → 4.4.3 - Mend

doorkeeper 3.1.0 → 4.4.3

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (195) hide show

checksums.yaml +4 -4
data/.coveralls.yml +1 -0
data/.github/ISSUE_TEMPLATE.md +25 -0
data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
data/.gitignore +6 -1
data/.hound.yml +2 -13
data/.rubocop.yml +17 -0
data/.travis.yml +26 -10
data/Appraisals +18 -0
data/CODE_OF_CONDUCT.md +46 -0
data/CONTRIBUTING.md +2 -0
data/Gemfile +5 -5
data/NEWS.md +141 -2
data/README.md +149 -66
data/RELEASING.md +5 -12
data/Rakefile +1 -1
data/SECURITY.md +15 -0
data/app/controllers/doorkeeper/application_controller.rb +4 -6
data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
data/app/controllers/doorkeeper/applications_controller.rb +18 -8
data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +62 -15
data/app/helpers/doorkeeper/dashboard_helper.rb +14 -10
data/app/validators/redirect_uri_validator.rb +12 -2
data/app/views/doorkeeper/applications/_delete_form.html.erb +1 -2
data/app/views/doorkeeper/applications/_form.html.erb +13 -2
data/app/views/doorkeeper/applications/index.html.erb +2 -0
data/app/views/doorkeeper/applications/show.html.erb +4 -1
data/app/views/doorkeeper/authorizations/new.html.erb +1 -1
data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
data/app/views/layouts/doorkeeper/admin.html.erb +1 -1
data/config/locales/en.yml +12 -7
data/doorkeeper.gemspec +16 -11
data/gemfiles/rails_4_2.gemfile +13 -0
data/gemfiles/rails_5_0.gemfile +12 -0
data/gemfiles/rails_5_1.gemfile +12 -0
data/gemfiles/rails_5_2.gemfile +12 -0
data/gemfiles/rails_master.gemfile +14 -0
data/lib/doorkeeper/config.rb +119 -46
data/lib/doorkeeper/engine.rb +11 -7
data/lib/doorkeeper/errors.rb +18 -0
data/lib/doorkeeper/grape/helpers.rb +14 -8
data/lib/doorkeeper/helpers/controller.rb +8 -19
data/lib/doorkeeper/models/access_grant_mixin.rb +10 -21
data/lib/doorkeeper/models/access_token_mixin.rb +147 -43
data/lib/doorkeeper/models/application_mixin.rb +33 -35
data/lib/doorkeeper/models/concerns/accessible.rb +4 -0
data/lib/doorkeeper/models/concerns/expirable.rb +15 -5
data/lib/doorkeeper/models/concerns/orderable.rb +13 -0
data/lib/doorkeeper/models/concerns/ownership.rb +6 -1
data/lib/doorkeeper/models/concerns/revocable.rb +37 -2
data/lib/doorkeeper/oauth/authorization/token.rb +22 -18
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +20 -18
data/lib/doorkeeper/oauth/authorization_code_request.rb +7 -5
data/lib/doorkeeper/oauth/{request_concern.rb → base_request.rb} +9 -2
data/lib/doorkeeper/oauth/base_response.rb +29 -0
data/lib/doorkeeper/oauth/client/credentials.rb +21 -8
data/lib/doorkeeper/oauth/client.rb +2 -3
data/lib/doorkeeper/oauth/client_credentials/creator.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +3 -2
data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -8
data/lib/doorkeeper/oauth/code_response.rb +16 -16
data/lib/doorkeeper/oauth/error.rb +2 -2
data/lib/doorkeeper/oauth/error_response.rb +10 -10
data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +17 -1
data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -4
data/lib/doorkeeper/oauth/password_access_token_request.rb +8 -13
data/lib/doorkeeper/oauth/pre_authorization.rb +5 -3
data/lib/doorkeeper/oauth/refresh_token_request.rb +23 -14
data/lib/doorkeeper/oauth/scopes.rb +18 -8
data/lib/doorkeeper/oauth/token.rb +20 -21
data/lib/doorkeeper/oauth/token_introspection.rb +128 -0
data/lib/doorkeeper/oauth/token_request.rb +1 -2
data/lib/doorkeeper/oauth/token_response.rb +1 -1
data/lib/doorkeeper/orm/active_record/access_grant.rb +27 -0
data/lib/doorkeeper/orm/active_record/access_token.rb +34 -8
data/lib/doorkeeper/orm/active_record/application.rb +48 -11
data/lib/doorkeeper/orm/active_record.rb +17 -22
data/lib/doorkeeper/rails/helpers.rb +6 -9
data/lib/doorkeeper/rails/routes/mapper.rb +4 -4
data/lib/doorkeeper/rails/routes/mapping.rb +1 -1
data/lib/doorkeeper/rails/routes.rb +17 -11
data/lib/doorkeeper/request/authorization_code.rb +7 -1
data/lib/doorkeeper/request/password.rb +2 -2
data/lib/doorkeeper/request/refresh_token.rb +1 -1
data/lib/doorkeeper/request.rb +7 -1
data/lib/doorkeeper/server.rb +0 -8
data/lib/doorkeeper/validations.rb +3 -2
data/lib/doorkeeper/version.rb +34 -1
data/lib/doorkeeper.rb +10 -2
data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb +31 -0
data/lib/generators/doorkeeper/application_owner_generator.rb +11 -2
data/lib/generators/doorkeeper/migration_generator.rb +13 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +35 -0
data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb +11 -0
data/{spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb → lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb} +1 -1
data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +11 -0
data/lib/generators/doorkeeper/templates/initializer.rb +38 -6
data/lib/generators/doorkeeper/templates/migration.rb.erb +69 -0
data/spec/controllers/application_metal_controller.rb +10 -0
data/spec/controllers/applications_controller_spec.rb +15 -4
data/spec/controllers/authorizations_controller_spec.rb +74 -27
data/spec/controllers/protected_resources_controller_spec.rb +70 -32
data/spec/controllers/token_info_controller_spec.rb +17 -13
data/spec/controllers/tokens_controller_spec.rb +198 -12
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -4
data/spec/dummy/app/controllers/home_controller.rb +1 -1
data/spec/dummy/app/controllers/metal_controller.rb +1 -1
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +3 -3
data/spec/dummy/app/models/user.rb +0 -4
data/spec/dummy/config/application.rb +2 -36
data/spec/dummy/config/environment.rb +1 -1
data/spec/dummy/config/environments/test.rb +4 -15
data/spec/dummy/config/initializers/doorkeeper.rb +19 -3
data/spec/dummy/config/initializers/new_framework_defaults.rb +6 -0
data/spec/dummy/config/initializers/secret_token.rb +0 -1
data/spec/dummy/db/migrate/20111122132257_create_users.rb +3 -1
data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +3 -1
data/{lib/generators/doorkeeper/templates/migration.rb → spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb} +16 -4
data/{lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb → spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb} +4 -2
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +13 -0
data/spec/dummy/db/migrate/20180210183654_add_confidential_to_application.rb +13 -0
data/spec/dummy/db/schema.rb +24 -22
data/spec/factories.rb +4 -2
data/spec/generators/application_owner_generator_spec.rb +24 -5
data/spec/generators/migration_generator_spec.rb +24 -3
data/spec/generators/previous_refresh_token_generator_spec.rb +57 -0
data/spec/grape/grape_integration_spec.rb +135 -0
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +159 -14
data/spec/lib/doorkeeper_spec.rb +135 -13
data/spec/lib/models/expirable_spec.rb +0 -1
data/spec/lib/models/revocable_spec.rb +27 -4
data/spec/lib/oauth/authorization/uri_builder_spec.rb +1 -2
data/spec/lib/oauth/authorization_code_request_spec.rb +55 -12
data/spec/lib/oauth/base_request_spec.rb +155 -0
data/spec/lib/oauth/base_response_spec.rb +45 -0
data/spec/lib/oauth/client/credentials_spec.rb +45 -2
data/spec/lib/oauth/client_credentials/creator_spec.rb +1 -1
data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
data/spec/lib/oauth/client_credentials_request_spec.rb +1 -0
data/spec/lib/oauth/code_request_spec.rb +1 -3
data/spec/lib/oauth/code_response_spec.rb +34 -0
data/spec/lib/oauth/error_response_spec.rb +9 -9
data/spec/lib/oauth/error_spec.rb +1 -1
data/spec/lib/oauth/helpers/uri_checker_spec.rb +115 -1
data/spec/lib/oauth/invalid_token_response_spec.rb +36 -8
data/spec/lib/oauth/password_access_token_request_spec.rb +14 -8
data/spec/lib/oauth/pre_authorization_spec.rb +12 -7
data/spec/lib/oauth/refresh_token_request_spec.rb +52 -9
data/spec/lib/oauth/scopes_spec.rb +28 -2
data/spec/lib/oauth/token_request_spec.rb +6 -8
data/spec/lib/oauth/token_spec.rb +12 -5
data/spec/lib/server_spec.rb +10 -3
data/spec/models/doorkeeper/access_grant_spec.rb +1 -1
data/spec/models/doorkeeper/access_token_spec.rb +116 -48
data/spec/models/doorkeeper/application_spec.rb +145 -29
data/spec/requests/applications/applications_request_spec.rb +5 -5
data/spec/requests/endpoints/authorization_spec.rb +5 -6
data/spec/requests/endpoints/token_spec.rb +8 -1
data/spec/requests/flows/authorization_code_errors_spec.rb +11 -1
data/spec/requests/flows/authorization_code_spec.rb +6 -13
data/spec/requests/flows/client_credentials_spec.rb +29 -1
data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
data/spec/requests/flows/password_spec.rb +118 -15
data/spec/requests/flows/refresh_token_spec.rb +89 -19
data/spec/requests/flows/revoke_token_spec.rb +105 -91
data/spec/requests/protected_resources/metal_spec.rb +1 -1
data/spec/requests/protected_resources/private_api_spec.rb +1 -1
data/spec/routing/custom_controller_routes_spec.rb +4 -0
data/spec/routing/default_routes_spec.rb +5 -1
data/spec/spec_helper.rb +2 -0
data/spec/spec_helper_integration.rb +22 -4
data/spec/support/dependencies/factory_girl.rb +2 -2
data/spec/support/helpers/access_token_request_helper.rb +1 -1
data/spec/support/helpers/model_helper.rb +34 -7
data/spec/support/helpers/request_spec_helper.rb +17 -5
data/spec/support/helpers/url_helper.rb +9 -8
data/spec/support/http_method_shim.rb +38 -0
data/spec/support/shared/controllers_shared_context.rb +15 -10
data/spec/support/shared/models_shared_examples.rb +5 -5
data/spec/validators/redirect_uri_validator_spec.rb +51 -6
data/spec/version/version_spec.rb +15 -0
metadata +128 -46
data/lib/doorkeeper/oauth/client/methods.rb +0 -18
data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
data/spec/lib/oauth/client/methods_spec.rb +0 -54

data/spec/controllers/tokens_controller_spec.rb CHANGED Viewed

@@ -2,9 +2,7 @@ require 'spec_helper_integration'
 describe Doorkeeper::TokensController do
   describe 'when authorization has succeeded' do
-    let :token do
-      double(:token, authorize: true)
-    end
+    let(:token) { double(:token, authorize: true) }
     before do
       allow(controller).to receive(:token) { token }
@@ -38,7 +36,7 @@ describe Doorkeeper::TokensController do
       allow(I18n).to receive(:translate).
         with(
           custom_message,
-          hash_including(scope: [:doorkeeper, :errors, :messages]),
+          hash_including(scope: %i[doorkeeper errors messages]),
         ).
         and_return('Authorization custom message')
@@ -57,19 +55,71 @@ describe Doorkeeper::TokensController do
       }
       expect(response.status).to eq 401
       expect(response.headers['WWW-Authenticate']).to match(/Bearer/)
-      expect(JSON.load(response.body)).to eq expected_response_body
+      expect(JSON.parse(response.body)).to eq expected_response_body
     end
   end
-  describe 'when revoke authorization has failed' do
-    # http://tools.ietf.org/html/rfc7009#section-2.2
-    it 'returns no error response' do
-      token = double(:token, authorize: false)
-      allow(controller).to receive(:token) { token }
+  # http://tools.ietf.org/html/rfc7009#section-2.2
+  describe 'revoking tokens' do
+    let(:client) { FactoryBot.create(:application) }
+    let(:access_token) { FactoryBot.create(:access_token, application: client) }
+    before(:each) do
+      allow(controller).to receive(:token) { access_token }
+    end
+    context 'when associated app is public' do
+      let(:client) { FactoryBot.create(:application, confidential: false) }
+      it 'returns 200' do
+        post :revoke
+        expect(response.status).to eq 200
+      end
+      it 'revokes the access token' do
+        post :revoke
+        expect(access_token.reload).to have_attributes(revoked?: true)
+      end
+    end
+    context 'when associated app is confidential' do
+      let(:client) { FactoryBot.create(:application, confidential: true) }
+      let(:oauth_client) { Doorkeeper::OAuth::Client.new(client) }
+      before(:each) do
+        allow_any_instance_of(Doorkeeper::Server).to receive(:client) { oauth_client }
+      end
+      it 'returns 200' do
+        post :revoke
+        expect(response.status).to eq 200
+      end
+      it 'revokes the access token' do
+        post :revoke
+        expect(access_token.reload).to have_attributes(revoked?: true)
+      end
+      context 'when authorization fails' do
+        let(:some_other_client) { FactoryBot.create(:application, confidential: true) }
+        let(:oauth_client) { Doorkeeper::OAuth::Client.new(some_other_client) }
+        it 'returns 200' do
+          post :revoke
-      post :revoke
+          expect(response.status).to eq 200
+        end
-      expect(response.status).to eq 200
+        it 'does not revoke the access token' do
+          post :revoke
+          expect(access_token.reload).to have_attributes(revoked?: false)
+        end
+      end
     end
   end
@@ -85,4 +135,140 @@ describe Doorkeeper::TokensController do
       post :create
     end
   end
+  describe 'when requested token introspection' do
+    context 'authorized using Bearer token' do
+      let(:client) { FactoryBot.create(:application) }
+      let(:access_token) { FactoryBot.create(:access_token, application: client) }
+      it 'responds with full token introspection' do
+        request.headers['Authorization'] = "Bearer #{access_token.token}"
+        post :introspect, token: access_token.token
+        should_have_json 'active', true
+        expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
+      end
+    end
+    context 'authorized using Client Authentication' do
+      let(:client) { FactoryBot.create(:application) }
+      let(:access_token) { FactoryBot.create(:access_token, application: client) }
+      it 'responds with full token introspection' do
+        request.headers['Authorization'] = basic_auth_header_for_client(client)
+        post :introspect, token: access_token.token
+        should_have_json 'active', true
+        expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
+        should_have_json 'client_id', client.uid
+      end
+    end
+    context 'public access token' do
+      let(:client) { FactoryBot.create(:application) }
+      let(:access_token) { FactoryBot.create(:access_token, application: nil) }
+      it 'responds with full token introspection' do
+        request.headers['Authorization'] = basic_auth_header_for_client(client)
+        post :introspect, token: access_token.token
+        should_have_json 'active', true
+        expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
+        should_have_json 'client_id', nil
+      end
+    end
+    context 'token was issued to a different client than is making this request' do
+      let(:client) { FactoryBot.create(:application) }
+      let(:different_client) { FactoryBot.create(:application) }
+      let(:access_token) { FactoryBot.create(:access_token, application: client) }
+      it 'responds with only active state' do
+        request.headers['Authorization'] = basic_auth_header_for_client(different_client)
+        post :introspect, token: access_token.token
+        expect(response).to be_successful
+        should_have_json 'active', false
+        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+      end
+    end
+    context 'using invalid credentials to authorize' do
+      let(:client) { double(uid: '123123', secret: '666999') }
+      let(:access_token) { FactoryBot.create(:access_token) }
+      it 'responds with invalid_client error' do
+        request.headers['Authorization'] = basic_auth_header_for_client(client)
+        post :introspect, token: access_token.token
+        expect(response).not_to be_successful
+        response_status_should_be 401
+        should_not_have_json 'active'
+        should_have_json 'error', 'invalid_client'
+      end
+    end
+    context 'using wrong token value' do
+      let(:client) { FactoryBot.create(:application) }
+      let(:access_token) { FactoryBot.create(:access_token, application: client) }
+      it 'responds with only active state' do
+        request.headers['Authorization'] = basic_auth_header_for_client(client)
+        post :introspect, token: SecureRandom.hex(16)
+        should_have_json 'active', false
+        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+      end
+    end
+    context 'when requested Access Token expired' do
+      let(:client) { FactoryBot.create(:application) }
+      let(:access_token) { FactoryBot.create(:access_token, application: client, created_at: 1.year.ago) }
+      it 'responds with only active state' do
+        request.headers['Authorization'] = basic_auth_header_for_client(client)
+        post :introspect, token: access_token.token
+        should_have_json 'active', false
+        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+      end
+    end
+    context 'when requested Access Token revoked' do
+      let(:client) { FactoryBot.create(:application) }
+      let(:access_token) { FactoryBot.create(:access_token, application: client, revoked_at: 1.year.ago) }
+      it 'responds with only active state' do
+        request.headers['Authorization'] = basic_auth_header_for_client(client)
+        post :introspect, token: access_token.token
+        should_have_json 'active', false
+        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+      end
+    end
+    context 'unauthorized (no bearer token or client credentials)' do
+      let(:access_token) { FactoryBot.create(:access_token) }
+      it 'responds with invalid_request error' do
+        post :introspect, token: access_token.token
+        expect(response).not_to be_successful
+        response_status_should_be 401
+        should_not_have_json 'active'
+        should_have_json 'error', 'invalid_request'
+      end
+    end
+  end
 end

data/spec/dummy/app/controllers/full_protected_resources_controller.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 class FullProtectedResourcesController < ApplicationController
-  before_filter -> { doorkeeper_authorize! :write, :admin }, only: :show
-  before_filter :doorkeeper_authorize!, only: :index
+  before_action -> { doorkeeper_authorize! :write, :admin }, only: :show
+  before_action :doorkeeper_authorize!, only: :index
   def index
-    render text: 'index'
+    render plain: 'index'
   end
   def show
-    render text: 'show'
+    render plain: 'show'
   end
 end

data/spec/dummy/app/controllers/home_controller.rb CHANGED Viewed

@@ -12,6 +12,6 @@ class HomeController < ApplicationController
   end
   def callback
-    render text: 'ok'
+    render plain: 'ok'
   end
 end

data/spec/dummy/app/controllers/metal_controller.rb CHANGED Viewed

@@ -3,7 +3,7 @@ class MetalController < ActionController::Metal
   include ActionController::Head
   include Doorkeeper::Rails::Helpers
-  before_filter :doorkeeper_authorize!
+  before_action :doorkeeper_authorize!
   def index
     self.response_body = { ok: true }.to_json

data/spec/dummy/app/controllers/semi_protected_resources_controller.rb CHANGED Viewed

@@ -1,11 +1,11 @@
 class SemiProtectedResourcesController < ApplicationController
-  before_filter :doorkeeper_authorize!, only: :index
+  before_action :doorkeeper_authorize!, only: :index
   def index
-    render text: 'protected index'
+    render plain: 'protected index'
   end
   def show
-    render text: 'non protected show'
+    render plain: 'non protected show'
   end
 end

data/spec/dummy/app/models/user.rb CHANGED Viewed

@@ -1,8 +1,4 @@
 class User < ActiveRecord::Base
-  if respond_to?(:attr_accessible)
-    attr_accessible :name, :password
-  end
   def self.authenticate!(name, password)
     User.where(name: name, password: password).first
   end

data/spec/dummy/config/application.rb CHANGED Viewed

@@ -1,9 +1,8 @@
 require File.expand_path('../boot', __FILE__)
-require 'action_controller/railtie'
-require 'sprockets/railtie'
+require 'rails/all'
-Bundler.require :default
+Bundler.require(*Rails.groups)
 require 'yaml'
@@ -20,38 +19,5 @@ module Dummy
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
-    # Only load the plugins named here, in the order given (default is alphabetical).
-    # :all can be used as a placeholder for all plugins not explicitly named.
-    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
-    # Activate observers that should always be running.
-    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
-    if defined?(ActiveRecord) && Rails.version.to_i < 4
-      config.active_record.whitelist_attributes = true
-    end
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    # config.time_zone = 'Central Time (US & Canada)'
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    config.i18n.load_path += Dir[Rails.root.join('../../', 'config/locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :en
-    # Configure the default encoding used in templates for Ruby 1.9.
-    config.encoding = 'utf-8'
-    # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password]
-    # Enable the asset pipeline
-    config.assets.enabled = true
-    # Version of your assets, change this if you want to expire all your assets
-    config.assets.version = '1.0'
-    I18n.enforce_available_locales = false
   end
 end

data/spec/dummy/config/environment.rb CHANGED Viewed

@@ -2,4 +2,4 @@
 require File.expand_path('../application', __FILE__)
 # Initialize the rails application
-Dummy::Application.initialize!
+Rails.application.initialize!

data/spec/dummy/config/environments/test.rb CHANGED Viewed

@@ -7,21 +7,10 @@ Dummy::Application.configure do
   # and recreated between test runs.  Don't rely on the data there!
   config.cache_classes = true
-  # Configure static asset server for tests with Cache-Control for performance
-  config.static_cache_control = 'public, max-age=3600'
-  if Rails.version.to_i < 4
-    # Log error messages when you accidentally call methods on nil
-    config.whiny_nils = true
-  end
-  if Rails.version.to_i >= 4
-    # Do not eager load code on boot. This avoids loading your whole application
-    # just for the purpose of running a single test. If you are using a tool that
-    # preloads Rails for running tests, you may have to set it to true.
-    config.eager_load = false
-    config.i18n.enforce_available_locales = true
-  end
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
   # Show full error reports and disable caching
   config.consider_all_requests_local       = true

data/spec/dummy/config/initializers/doorkeeper.rb CHANGED Viewed

@@ -29,11 +29,16 @@ Doorkeeper.configure do
   # Issue access tokens with refresh token (disabled by default)
   use_refresh_token
+  # Opt out of breaking api change to the native authorization code flow. Opting out sets the authorization
+  # code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>.
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
+  # opt_out_native_route_change
   # Provide support for an owner to be assigned to each registered application (disabled by default)
-  # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+  # Optional parameter confirmation: true (default false) if you want to enforce ownership of
   # a registered application
   # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
-  # enable_application_owner :confirmation => false
+  # enable_application_owner confirmation: false
   # Define access token scopes for your provider
   # For more information go to
@@ -82,7 +87,18 @@ Doorkeeper.configure do
   #   http://tools.ietf.org/html/rfc6819#section-4.4.2
   #   http://tools.ietf.org/html/rfc6819#section-4.4.3
   #
-  # grant_flows %w(authorization_code client_credentials)
+  # grant_flows %w[authorization_code client_credentials]
+  # Hook into the strategies' request & response life-cycle in case your
+  # application needs advanced customization or logging:
+  #
+  # before_successful_strategy_response do |request|
+  #   puts "BEFORE HOOK FIRED! #{request}"
+  # end
+  #
+  # after_successful_strategy_response do |request, response|
+  #   puts "AFTER HOOK FIRED! #{request}, #{response}"
+  # end
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.

data/spec/dummy/config/initializers/new_framework_defaults.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# Require `belongs_to` associations by default. This is a new Rails 5.0
+# default, so it is introduced as a configuration option to ensure that apps
+# made on earlier versions of Rails are not affected when upgrading.
+if Rails::VERSION::MAJOR >= 5
+  Rails.application.config.active_record.belongs_to_required_by_default = true
+end

data/spec/dummy/config/initializers/secret_token.rb CHANGED Viewed

@@ -5,5 +5,4 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 Dummy::Application.config.secret_key_base =
-  Dummy::Application.config.secret_token =
   'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'

data/spec/dummy/db/migrate/20111122132257_create_users.rb CHANGED Viewed

@@ -1,4 +1,6 @@
-class CreateUsers < ActiveRecord::Migration
+# frozen_string_literal: true
+class CreateUsers < ActiveRecord::Migration[4.2]
   def change
     create_table :users do |t|
       t.string :name

data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb CHANGED Viewed

@@ -1,4 +1,6 @@
-class AddPasswordToUsers < ActiveRecord::Migration
+# frozen_string_literal: true
+class AddPasswordToUsers < ActiveRecord::Migration[4.2]
   def change
     add_column :users, :password, :string
   end

data/{lib/generators/doorkeeper/templates/migration.rb → spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb} RENAMED Viewed

@@ -1,4 +1,6 @@
-class CreateDoorkeeperTables < ActiveRecord::Migration
+# frozen_string_literal: true
+class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
   def change
     create_table :oauth_applications do |t|
       t.string  :name,         null: false
@@ -6,14 +8,14 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
       t.string  :secret,       null: false
       t.text    :redirect_uri, null: false
       t.string  :scopes,       null: false, default: ''
-      t.timestamps
+      t.timestamps             null: false
     end
     add_index :oauth_applications, :uid, unique: true
     create_table :oauth_access_grants do |t|
       t.integer  :resource_owner_id, null: false
-      t.integer  :application_id,    null: false
+      t.references :application,     null: false
       t.string   :token,             null: false
       t.integer  :expires_in,        null: false
       t.text     :redirect_uri,      null: false
@@ -23,10 +25,15 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
     end
     add_index :oauth_access_grants, :token, unique: true
+    add_foreign_key(
+      :oauth_access_grants,
+      :oauth_applications,
+      column: :application_id,
+    )
     create_table :oauth_access_tokens do |t|
       t.integer  :resource_owner_id
-      t.integer  :application_id
+      t.references :application
       # If you use a custom token generator you may need to change this column
       # from string to text, so that it accepts tokens larger than 255
@@ -46,5 +53,10 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
     add_index :oauth_access_tokens, :token, unique: true
     add_index :oauth_access_tokens, :resource_owner_id
     add_index :oauth_access_tokens, :refresh_token, unique: true
+    add_foreign_key(
+      :oauth_access_tokens,
+      :oauth_applications,
+      column: :application_id,
+    )
   end
 end

data/{lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb → spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb} RENAMED Viewed

@@ -1,7 +1,9 @@
-class AddOwnerToApplication < ActiveRecord::Migration
+# frozen_string_literal: true
+class AddOwnerToApplication < ActiveRecord::Migration[4.2]
   def change
     add_column :oauth_applications, :owner_id, :integer, null: true
     add_column :oauth_applications, :owner_type, :string, null: true
     add_index :oauth_applications, [:owner_id, :owner_type]
   end
-end
+end

data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration[4.2]
+  def change
+    add_column(
+      :oauth_access_tokens,
+      :previous_refresh_token,
+      :string,
+      default: "",
+      null: false
+    )
+  end
+end

data/spec/dummy/db/migrate/20180210183654_add_confidential_to_application.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+class AddConfidentialToApplication < ActiveRecord::Migration[5.1]
+  def change
+    add_column(
+      :oauth_applications,
+      :confidential,
+      :boolean,
+      null: false,
+      default: true # maintaining backwards compatibility: require secrets
+    )
+  end
+end

data/spec/dummy/db/schema.rb CHANGED Viewed

@@ -11,55 +11,57 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20141209001746) do
+ActiveRecord::Schema.define(version: 20180210183654) do
-  create_table "oauth_access_grants", force: true do |t|
-    t.integer  "resource_owner_id",              null: false
-    t.integer  "application_id",                 null: false
-    t.string   "token",                          null: false
-    t.integer  "expires_in",                     null: false
-    t.string   "redirect_uri",      limit: 2048, null: false
-    t.datetime "created_at",                     null: false
+  create_table "oauth_access_grants", force: :cascade do |t|
+    t.integer  "resource_owner_id", null: false
+    t.integer  "application_id",    null: false
+    t.string   "token",             null: false
+    t.integer  "expires_in",        null: false
+    t.text     "redirect_uri",      null: false
+    t.datetime "created_at",        null: false
     t.datetime "revoked_at"
     t.string   "scopes"
   end
   add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true
-  create_table "oauth_access_tokens", force: true do |t|
+  create_table "oauth_access_tokens", force: :cascade do |t|
     t.integer  "resource_owner_id"
     t.integer  "application_id"
-    t.string   "token",             null: false
+    t.string   "token",                               null: false
     t.string   "refresh_token"
     t.integer  "expires_in"
     t.datetime "revoked_at"
-    t.datetime "created_at",        null: false
+    t.datetime "created_at",                          null: false
     t.string   "scopes"
+    t.string   "previous_refresh_token", default: "", null: false
   end
   add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
   add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
   add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true
-  create_table "oauth_applications", force: true do |t|
-    t.string   "name",                                   null: false
-    t.string   "uid",                                    null: false
-    t.string   "secret",                                 null: false
-    t.string   "redirect_uri", limit: 2048,              null: false
-    t.datetime "created_at",                             null: false
-    t.datetime "updated_at",                             null: false
+  create_table "oauth_applications", force: :cascade do |t|
+    t.string   "name",                      null: false
+    t.string   "uid",                       null: false
+    t.string   "secret",                    null: false
+    t.text     "redirect_uri",              null: false
+    t.string   "scopes",       default: "", null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
     t.integer  "owner_id"
     t.string   "owner_type"
-    t.string   "scopes",                    default: "", null: false
+    t.boolean "confidential", default: true, null: false
   end
   add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
   add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true
-  create_table "users", force: true do |t|
+  create_table "users", force: :cascade do |t|
     t.string   "name"
-    t.datetime "created_at", null: false
-    t.datetime "updated_at", null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
     t.string   "password"
   end

data/spec/factories.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-FactoryGirl.define do
+FactoryBot.define do
   factory :access_grant, class: Doorkeeper::AccessGrant do
     sequence(:resource_owner_id) { |n| n }
     application
@@ -22,5 +22,7 @@ FactoryGirl.define do
     redirect_uri 'https://app.com/callback'
   end
-  factory :user
+  # do not name this factory :user, otherwise it will conflict with factories
+  # from applications that use doorkeeper factories in their own tests
+  factory :doorkeeper_testing_user, class: :user
 end