doorkeeper 3.1.0 → 5.6.2

data/lib/doorkeeper/stale_records_cleaner.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class StaleRecordsCleaner
+    CLEANER_CLASS = "StaleRecordsCleaner"
+
+    def self.for(base_scope)
+      orm_adapter = "doorkeeper/orm/#{configured_orm}".classify
+
+      orm_cleaner = "#{orm_adapter}::#{CLEANER_CLASS}".constantize
+      orm_cleaner.new(base_scope)
+    rescue NameError
+      raise Doorkeeper::Errors::NoOrmCleaner, "'#{configured_orm}' ORM has no cleaner!"
+    end
+
+    def self.new(base_scope)
+      self.for(base_scope)
+    end
+
+    def self.configured_orm
+      Doorkeeper.config.orm
+    end
+  end
+end

data/lib/doorkeeper/validations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Validations
     extend ActiveSupport::Concern
@@ -6,9 +8,10 @@ module Doorkeeper
 
     def validate
       @error = nil
+
       self.class.validations.each do |validation|
+        @error = validation[:options][:error] unless send("validate_#{validation[:attribute]}")
         break if @error
-        @error = validation.last unless send("validate_#{validation.first}")
       end
     end
 
@@ -19,7 +22,7 @@ module Doorkeeper
 
     module ClassMethods
       def validate(attribute, options = {})
-        validations << [attribute, options[:error]]
+        validations << { attribute: attribute, options: options }
       end
 
       def validations

data/lib/doorkeeper/version.rb

@@ -1,3 +1,14 @@
+# frozen_string_literal: true
+
 module Doorkeeper
-  VERSION = "3.1.0"
+  module VERSION
+    # Semantic versioning
+    MAJOR = 5
+    MINOR = 6
+    TINY = 2
+    PRE = nil
+
+    # Full version number
+    STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+  end
 end

data/lib/doorkeeper.rb

@@ -1,67 +1,123 @@
-require 'doorkeeper/version'
-require 'doorkeeper/engine'
-require 'doorkeeper/config'
-
-require 'doorkeeper/errors'
-require 'doorkeeper/server'
-require 'doorkeeper/request'
-require 'doorkeeper/validations'
-
-require 'doorkeeper/oauth/authorization/code'
-require 'doorkeeper/oauth/authorization/token'
-require 'doorkeeper/oauth/authorization/uri_builder'
-require 'doorkeeper/oauth/helpers/scope_checker'
-require 'doorkeeper/oauth/helpers/uri_checker'
-require 'doorkeeper/oauth/helpers/unique_token'
-
-require 'doorkeeper/oauth/scopes'
-require 'doorkeeper/oauth/error'
-require 'doorkeeper/oauth/code_response'
-require 'doorkeeper/oauth/token_response'
-require 'doorkeeper/oauth/error_response'
-require 'doorkeeper/oauth/pre_authorization'
-require 'doorkeeper/oauth/request_concern'
-require 'doorkeeper/oauth/authorization_code_request'
-require 'doorkeeper/oauth/refresh_token_request'
-require 'doorkeeper/oauth/password_access_token_request'
-require 'doorkeeper/oauth/client_credentials_request'
-require 'doorkeeper/oauth/code_request'
-require 'doorkeeper/oauth/token_request'
-require 'doorkeeper/oauth/client'
-require 'doorkeeper/oauth/token'
-require 'doorkeeper/oauth/invalid_token_response'
-require 'doorkeeper/oauth/forbidden_token_response'
-
-require 'doorkeeper/models/concerns/scopes'
-require 'doorkeeper/models/concerns/expirable'
-require 'doorkeeper/models/concerns/revocable'
-require 'doorkeeper/models/concerns/accessible'
-
-require 'doorkeeper/models/access_grant_mixin'
-require 'doorkeeper/models/access_token_mixin'
-require 'doorkeeper/models/application_mixin'
-
-require 'doorkeeper/helpers/controller'
-
-require 'doorkeeper/rails/routes'
-require 'doorkeeper/rails/helpers'
-
-require 'doorkeeper/orm/active_record'
+# frozen_string_literal: true
 
+require "doorkeeper/config"
+require "doorkeeper/engine"
+
+# Main Doorkeeper namespace.
+#
 module Doorkeeper
-  def self.configured?
-    @config.present?
+  autoload :Errors, "doorkeeper/errors"
+  autoload :GrantFlow, "doorkeeper/grant_flow"
+  autoload :OAuth, "doorkeeper/oauth"
+  autoload :Rake, "doorkeeper/rake"
+  autoload :Request, "doorkeeper/request"
+  autoload :Server, "doorkeeper/server"
+  autoload :StaleRecordsCleaner, "doorkeeper/stale_records_cleaner"
+  autoload :Validations, "doorkeeper/validations"
+  autoload :VERSION, "doorkeeper/version"
+
+  autoload :AccessGrantMixin, "doorkeeper/models/access_grant_mixin"
+  autoload :AccessTokenMixin, "doorkeeper/models/access_token_mixin"
+  autoload :ApplicationMixin, "doorkeeper/models/application_mixin"
+
+  module Helpers
+    autoload :Controller, "doorkeeper/helpers/controller"
+  end
+
+  module Request
+    autoload :Strategy, "doorkeeper/request/strategy"
+    autoload :AuthorizationCode, "doorkeeper/request/authorization_code"
+    autoload :ClientCredentials, "doorkeeper/request/client_credentials"
+    autoload :Code, "doorkeeper/request/code"
+    autoload :Password, "doorkeeper/request/password"
+    autoload :RefreshToken, "doorkeeper/request/refresh_token"
+    autoload :Token, "doorkeeper/request/token"
+  end
+
+  module OAuth
+    autoload :BaseRequest, "doorkeeper/oauth/base_request"
+    autoload :AuthorizationCodeRequest, "doorkeeper/oauth/authorization_code_request"
+    autoload :BaseResponse, "doorkeeper/oauth/base_response"
+    autoload :CodeResponse, "doorkeeper/oauth/code_response"
+    autoload :Client, "doorkeeper/oauth/client"
+    autoload :ClientCredentialsRequest, "doorkeeper/oauth/client_credentials_request"
+    autoload :CodeRequest, "doorkeeper/oauth/code_request"
+    autoload :ErrorResponse, "doorkeeper/oauth/error_response"
+    autoload :Error, "doorkeeper/oauth/error"
+    autoload :InvalidTokenResponse, "doorkeeper/oauth/invalid_token_response"
+    autoload :InvalidRequestResponse, "doorkeeper/oauth/invalid_request_response"
+    autoload :ForbiddenTokenResponse, "doorkeeper/oauth/forbidden_token_response"
+    autoload :NonStandard, "doorkeeper/oauth/nonstandard"
+    autoload :PasswordAccessTokenRequest, "doorkeeper/oauth/password_access_token_request"
+    autoload :PreAuthorization, "doorkeeper/oauth/pre_authorization"
+    autoload :RefreshTokenRequest, "doorkeeper/oauth/refresh_token_request"
+    autoload :Scopes, "doorkeeper/oauth/scopes"
+    autoload :Token, "doorkeeper/oauth/token"
+    autoload :TokenIntrospection, "doorkeeper/oauth/token_introspection"
+    autoload :TokenRequest, "doorkeeper/oauth/token_request"
+    autoload :TokenResponse, "doorkeeper/oauth/token_response"
+
+    module Authorization
+      autoload :Code, "doorkeeper/oauth/authorization/code"
+      autoload :Context, "doorkeeper/oauth/authorization/context"
+      autoload :Token, "doorkeeper/oauth/authorization/token"
+      autoload :URIBuilder, "doorkeeper/oauth/authorization/uri_builder"
+    end
+
+    class Client
+      autoload :Credentials, "doorkeeper/oauth/client/credentials"
+    end
+
+    module ClientCredentials
+      autoload :Validator, "doorkeeper/oauth/client_credentials/validator"
+      autoload :Creator, "doorkeeper/oauth/client_credentials/creator"
+      autoload :Issuer, "doorkeeper/oauth/client_credentials/issuer"
+    end
+
+    module Helpers
+      autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
+      autoload :URIChecker, "doorkeeper/oauth/helpers/uri_checker"
+      autoload :UniqueToken, "doorkeeper/oauth/helpers/unique_token"
+    end
+
+    module Hooks
+      autoload :Context, "doorkeeper/oauth/hooks/context"
+    end
+  end
+
+  module Models
+    autoload :Accessible, "doorkeeper/models/concerns/accessible"
+    autoload :Expirable, "doorkeeper/models/concerns/expirable"
+    autoload :ExpirationTimeSqlMath, "doorkeeper/models/concerns/expiration_time_sql_math"
+    autoload :Orderable, "doorkeeper/models/concerns/orderable"
+    autoload :Scopes, "doorkeeper/models/concerns/scopes"
+    autoload :Reusable, "doorkeeper/models/concerns/reusable"
+    autoload :ResourceOwnerable, "doorkeeper/models/concerns/resource_ownerable"
+    autoload :Revocable, "doorkeeper/models/concerns/revocable"
+    autoload :SecretStorable, "doorkeeper/models/concerns/secret_storable"
   end
 
-  def self.database_installed?
-    [AccessToken, AccessGrant, Application].all? { |model| model.table_exists? }
+  module Orm
+    autoload :ActiveRecord, "doorkeeper/orm/active_record"
   end
 
-  def self.installed?
-    configured? && database_installed?
+  module Rails
+    autoload :Helpers, "doorkeeper/rails/helpers"
+    autoload :Routes, "doorkeeper/rails/routes"
   end
 
-  def self.authenticate(request, methods = Doorkeeper.configuration.access_token_methods)
+  module SecretStoring
+    autoload :Base, "doorkeeper/secret_storing/base"
+    autoload :Plain, "doorkeeper/secret_storing/plain"
+    autoload :Sha256Hash, "doorkeeper/secret_storing/sha256_hash"
+    autoload :BCrypt, "doorkeeper/secret_storing/bcrypt"
+  end
+
+  def self.authenticate(request, methods = Doorkeeper.config.access_token_methods)
     OAuth::Token.authenticate(request, *methods)
   end
+
+  def self.gem_version
+    ::Gem::Version.new(::Doorkeeper::VERSION::STRING)
+  end
 end

data/lib/generators/doorkeeper/application_owner_generator.rb

@@ -1,18 +1,33 @@
-require 'rails/generators/active_record'
+# frozen_string_literal: true
 
-class Doorkeeper::ApplicationOwnerGenerator < Rails::Generators::Base
-  include Rails::Generators::Migration
-  source_root File.expand_path('../templates', __FILE__)
-  desc 'Provide support for client application ownership.'
+require "rails/generators"
+require "rails/generators/active_record"
 
-  def application_owner
-    migration_template(
-      'add_owner_to_application_migration.rb',
-      'db/migrate/add_owner_to_application.rb'
-    )
-  end
+module Doorkeeper
+  # Generates migration to add reference to owner of the
+  # Doorkeeper application.
+  #
+  class ApplicationOwnerGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Provide support for client application ownership."
+
+    def application_owner
+      migration_template(
+        "add_owner_to_application_migration.rb.erb",
+        "db/migrate/add_owner_to_application.rb",
+        migration_version: migration_version,
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
 
-  def self.next_migration_number(dirname)
-    ActiveRecord::Generators::Base.next_migration_number(dirname)
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
   end
 end

data/lib/generators/doorkeeper/confidential_applications_generator.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Generates migration to add confidential column to Doorkeeper
+  # applications table.
+  #
+  class ConfidentialApplicationsGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Add confidential column to Doorkeeper applications"
+
+    def confidential_applications
+      migration_template(
+        "add_confidential_to_applications.rb.erb",
+        "db/migrate/add_confidential_to_applications.rb",
+        migration_version: migration_version,
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+end

data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Generates migration with polymorphic resource owner required
+  # database columns for Doorkeeper Access Token and Access Grant
+  # models.
+  #
+  class EnablePolymorphicResourceOwnerGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Provide support for polymorphic Resource Owner."
+
+    def enable_polymorphic_resource_owner
+      migration_template(
+        "enable_polymorphic_resource_owner_migration.rb.erb",
+        "db/migrate/enable_polymorphic_resource_owner.rb",
+        migration_version: migration_version,
+      )
+      gsub_file(
+        "config/initializers/doorkeeper.rb",
+        "# use_polymorphic_resource_owner",
+        "use_polymorphic_resource_owner",
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+end

data/lib/generators/doorkeeper/install_generator.rb

@@ -1,12 +1,22 @@
-class Doorkeeper::InstallGenerator < ::Rails::Generators::Base
-  include Rails::Generators::Migration
-  source_root File.expand_path('../templates', __FILE__)
-  desc 'Installs Doorkeeper.'
+# frozen_string_literal: true
 
-  def install
-    template 'initializer.rb', 'config/initializers/doorkeeper.rb'
-    copy_file File.expand_path('../../../../config/locales/en.yml', __FILE__), 'config/locales/doorkeeper.en.yml'
-    route 'use_doorkeeper'
-    readme 'README'
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Setup doorkeeper into Rails application: locales, routes, etc.
+  #
+  class InstallGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Installs Doorkeeper."
+
+    def install
+      template "initializer.rb", "config/initializers/doorkeeper.rb"
+      copy_file File.expand_path("../../../config/locales/en.yml", __dir__),
+                "config/locales/doorkeeper.en.yml"
+      route "use_doorkeeper"
+      readme "README"
+    end
   end
 end

data/lib/generators/doorkeeper/migration_generator.rb

@@ -1,15 +1,32 @@
-require 'rails/generators/active_record'
+# frozen_string_literal: true
 
-class Doorkeeper::MigrationGenerator < ::Rails::Generators::Base
-  include Rails::Generators::Migration
-  source_root File.expand_path('../templates', __FILE__)
-  desc 'Installs Doorkeeper migration file.'
+require "rails/generators"
+require "rails/generators/active_record"
 
-  def install
-    migration_template 'migration.rb', 'db/migrate/create_doorkeeper_tables.rb'
-  end
+module Doorkeeper
+  # Copies main Doorkeeper migration into parent Rails application.
+  #
+  class MigrationGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Installs Doorkeeper migration file."
+
+    def install
+      migration_template(
+        "migration.rb.erb",
+        "db/migrate/create_doorkeeper_tables.rb",
+        migration_version: migration_version,
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
 
-  def self.next_migration_number(dirname)
-    ActiveRecord::Generators::Base.next_migration_number(dirname)
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
   end
 end

data/lib/generators/doorkeeper/pkce_generator.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Generates migration with PKCE required database columns for
+  # Doorkeeper tables.
+  #
+  class PkceGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Provide support for PKCE."
+
+    def pkce
+      migration_template(
+        "enable_pkce_migration.rb.erb",
+        "db/migrate/enable_pkce.rb",
+        migration_version: migration_version,
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+end

data/lib/generators/doorkeeper/previous_refresh_token_generator.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Generates migration to add previous refresh token column to the
+  # database for Doorkeeper tables.
+  #
+  class PreviousRefreshTokenGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Support revoke refresh token on access token use"
+
+    def self.next_migration_number(path)
+      ActiveRecord::Generators::Base.next_migration_number(path)
+    end
+
+    def previous_refresh_token
+      return unless no_previous_refresh_token_column?
+
+      migration_template(
+        "add_previous_refresh_token_to_access_tokens.rb.erb",
+        "db/migrate/add_previous_refresh_token_to_access_tokens.rb",
+      )
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+
+    def no_previous_refresh_token_column?
+      !ActiveRecord::Base.connection.column_exists?(
+        :oauth_access_tokens,
+        :previous_refresh_token,
+      )
+    end
+  end
+end

data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class AddConfidentialToApplications < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column(
+      :oauth_applications,
+      :confidential,
+      :boolean,
+      null: false,
+      default: true
+    )
+  end
+end

data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class AddOwnerToApplication < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :oauth_applications, :owner_id, :bigint, null: true
+    add_column :oauth_applications, :owner_type, :string, null: true
+    add_index :oauth_applications, [:owner_id, :owner_type]
+  end
+end

data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column(
+      :oauth_access_tokens,
+      :previous_refresh_token,
+      :string,
+      default: "",
+      null: false
+    )
+  end
+end

data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class EnablePkce < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :oauth_access_grants, :code_challenge, :string, null: true
+    add_column :oauth_access_grants, :code_challenge_method, :string, null: true
+  end
+end

data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class EnablePolymorphicResourceOwner < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :oauth_access_tokens, :resource_owner_type, :string
+    add_column :oauth_access_grants, :resource_owner_type, :string
+    change_column_null :oauth_access_grants, :resource_owner_type, false
+
+    add_index :oauth_access_tokens,
+              [:resource_owner_id, :resource_owner_type],
+              name: 'polymorphic_owner_oauth_access_tokens'
+
+    add_index :oauth_access_grants,
+              [:resource_owner_id, :resource_owner_type],
+              name: 'polymorphic_owner_oauth_access_grants'
+  end
+end