doorkeeper 3.1.0 → 5.6.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (270) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1079 -0
  3. data/README.md +114 -326
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +7 -6
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +9 -12
  7. data/app/controllers/doorkeeper/applications_controller.rb +66 -21
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +100 -18
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +23 -4
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +138 -22
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +15 -9
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +17 -11
  22. data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
  23. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  24. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  25. data/config/locales/en.yml +37 -9
  26. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  27. data/lib/doorkeeper/config/option.rb +82 -0
  28. data/lib/doorkeeper/config/validations.rb +53 -0
  29. data/lib/doorkeeper/config.rb +602 -142
  30. data/lib/doorkeeper/engine.rb +22 -7
  31. data/lib/doorkeeper/errors.rb +37 -10
  32. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  33. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  34. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  35. data/lib/doorkeeper/grant_flow.rb +45 -0
  36. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  37. data/lib/doorkeeper/grape/helpers.rb +24 -12
  38. data/lib/doorkeeper/helpers/controller.rb +49 -27
  39. data/lib/doorkeeper/models/access_grant_mixin.rb +99 -16
  40. data/lib/doorkeeper/models/access_token_mixin.rb +386 -77
  41. data/lib/doorkeeper/models/application_mixin.rb +73 -30
  42. data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
  43. data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
  44. data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
  45. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  46. data/lib/doorkeeper/models/concerns/ownership.rb +4 -2
  47. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  48. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  49. data/lib/doorkeeper/models/concerns/revocable.rb +13 -2
  50. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  51. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  52. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  53. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  54. data/lib/doorkeeper/oauth/authorization/token.rb +72 -28
  55. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
  56. data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
  57. data/lib/doorkeeper/oauth/base_request.rb +66 -0
  58. data/lib/doorkeeper/oauth/base_response.rb +31 -0
  59. data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
  60. data/lib/doorkeeper/oauth/client.rb +10 -12
  61. data/lib/doorkeeper/oauth/client_credentials/creator.rb +48 -4
  62. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +17 -9
  63. data/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
  64. data/lib/doorkeeper/oauth/client_credentials_request.rb +14 -15
  65. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  66. data/lib/doorkeeper/oauth/code_response.rb +31 -19
  67. data/lib/doorkeeper/oauth/error.rb +5 -3
  68. data/lib/doorkeeper/oauth/error_response.rb +41 -20
  69. data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
  70. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +24 -19
  71. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  72. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +55 -4
  73. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  74. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  75. data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
  76. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  77. data/lib/doorkeeper/oauth/password_access_token_request.rb +46 -18
  78. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  79. data/lib/doorkeeper/oauth/refresh_token_request.rb +67 -30
  80. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  81. data/lib/doorkeeper/oauth/token.rb +28 -25
  82. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  83. data/lib/doorkeeper/oauth/token_request.rb +8 -21
  84. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  85. data/lib/doorkeeper/oauth.rb +13 -0
  86. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  87. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -17
  88. data/lib/doorkeeper/orm/active_record/application.rb +6 -20
  89. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  90. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +81 -0
  91. data/lib/doorkeeper/orm/active_record/mixins/application.rb +214 -0
  92. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  93. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  94. data/lib/doorkeeper/orm/active_record.rb +36 -26
  95. data/lib/doorkeeper/rails/helpers.rb +14 -15
  96. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  97. data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
  98. data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
  99. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  100. data/lib/doorkeeper/rails/routes.rb +45 -28
  101. data/lib/doorkeeper/rake/db.rake +40 -0
  102. data/lib/doorkeeper/rake/setup.rake +6 -0
  103. data/lib/doorkeeper/rake.rb +14 -0
  104. data/lib/doorkeeper/request/authorization_code.rb +12 -4
  105. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  106. data/lib/doorkeeper/request/code.rb +1 -1
  107. data/lib/doorkeeper/request/password.rb +5 -4
  108. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  109. data/lib/doorkeeper/request/strategy.rb +4 -2
  110. data/lib/doorkeeper/request/token.rb +1 -1
  111. data/lib/doorkeeper/request.rb +62 -29
  112. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  113. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  114. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  115. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  116. data/lib/doorkeeper/server.rb +9 -19
  117. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  118. data/lib/doorkeeper/validations.rb +5 -2
  119. data/lib/doorkeeper/version.rb +12 -1
  120. data/lib/doorkeeper.rb +112 -56
  121. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  122. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  123. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  124. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  125. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  126. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  127. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +41 -0
  128. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  129. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  130. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +13 -0
  131. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  132. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  133. data/lib/generators/doorkeeper/templates/initializer.rb +417 -32
  134. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  135. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  136. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  137. metadata +163 -280
  138. data/.gitignore +0 -14
  139. data/.hound.yml +0 -13
  140. data/.rspec +0 -1
  141. data/.travis.yml +0 -22
  142. data/CONTRIBUTING.md +0 -45
  143. data/Gemfile +0 -10
  144. data/NEWS.md +0 -525
  145. data/RELEASING.md +0 -17
  146. data/Rakefile +0 -20
  147. data/app/validators/redirect_uri_validator.rb +0 -34
  148. data/doorkeeper.gemspec +0 -27
  149. data/lib/doorkeeper/oauth/client/methods.rb +0 -18
  150. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  151. data/lib/doorkeeper/oauth/request_concern.rb +0 -48
  152. data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
  153. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  154. data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5
  155. data/lib/generators/doorkeeper/templates/migration.rb +0 -50
  156. data/spec/controllers/applications_controller_spec.rb +0 -58
  157. data/spec/controllers/authorizations_controller_spec.rb +0 -203
  158. data/spec/controllers/protected_resources_controller_spec.rb +0 -271
  159. data/spec/controllers/token_info_controller_spec.rb +0 -52
  160. data/spec/controllers/tokens_controller_spec.rb +0 -88
  161. data/spec/dummy/Rakefile +0 -7
  162. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  163. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  164. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  165. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  166. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  167. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  168. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  169. data/spec/dummy/app/models/user.rb +0 -9
  170. data/spec/dummy/app/views/home/index.html.erb +0 -0
  171. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  172. data/spec/dummy/config/application.rb +0 -57
  173. data/spec/dummy/config/boot.rb +0 -9
  174. data/spec/dummy/config/database.yml +0 -15
  175. data/spec/dummy/config/environment.rb +0 -5
  176. data/spec/dummy/config/environments/development.rb +0 -29
  177. data/spec/dummy/config/environments/production.rb +0 -62
  178. data/spec/dummy/config/environments/test.rb +0 -55
  179. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  180. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  181. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  182. data/spec/dummy/config/initializers/session_store.rb +0 -8
  183. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  184. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  185. data/spec/dummy/config/routes.rb +0 -52
  186. data/spec/dummy/config.ru +0 -4
  187. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  188. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  189. data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +0 -41
  190. data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +0 -7
  191. data/spec/dummy/db/migrate/20141209001746_add_scopes_to_oauth_applications.rb +0 -5
  192. data/spec/dummy/db/schema.rb +0 -66
  193. data/spec/dummy/public/404.html +0 -26
  194. data/spec/dummy/public/422.html +0 -26
  195. data/spec/dummy/public/500.html +0 -26
  196. data/spec/dummy/public/favicon.ico +0 -0
  197. data/spec/dummy/script/rails +0 -6
  198. data/spec/factories.rb +0 -26
  199. data/spec/generators/application_owner_generator_spec.rb +0 -22
  200. data/spec/generators/install_generator_spec.rb +0 -31
  201. data/spec/generators/migration_generator_spec.rb +0 -20
  202. data/spec/generators/templates/routes.rb +0 -3
  203. data/spec/generators/views_generator_spec.rb +0 -27
  204. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  205. data/spec/lib/config_spec.rb +0 -317
  206. data/spec/lib/doorkeeper_spec.rb +0 -28
  207. data/spec/lib/models/expirable_spec.rb +0 -51
  208. data/spec/lib/models/revocable_spec.rb +0 -36
  209. data/spec/lib/models/scopes_spec.rb +0 -43
  210. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
  211. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  212. data/spec/lib/oauth/client/credentials_spec.rb +0 -47
  213. data/spec/lib/oauth/client/methods_spec.rb +0 -54
  214. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  215. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  216. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  217. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  218. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  219. data/spec/lib/oauth/client_spec.rb +0 -39
  220. data/spec/lib/oauth/code_request_spec.rb +0 -45
  221. data/spec/lib/oauth/error_response_spec.rb +0 -61
  222. data/spec/lib/oauth/error_spec.rb +0 -23
  223. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  224. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  225. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  226. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  227. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
  228. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  229. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  230. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -123
  231. data/spec/lib/oauth/scopes_spec.rb +0 -123
  232. data/spec/lib/oauth/token_request_spec.rb +0 -98
  233. data/spec/lib/oauth/token_response_spec.rb +0 -85
  234. data/spec/lib/oauth/token_spec.rb +0 -109
  235. data/spec/lib/request/strategy_spec.rb +0 -53
  236. data/spec/lib/server_spec.rb +0 -52
  237. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  238. data/spec/models/doorkeeper/access_token_spec.rb +0 -350
  239. data/spec/models/doorkeeper/application_spec.rb +0 -187
  240. data/spec/requests/applications/applications_request_spec.rb +0 -94
  241. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  242. data/spec/requests/endpoints/authorization_spec.rb +0 -72
  243. data/spec/requests/endpoints/token_spec.rb +0 -64
  244. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
  245. data/spec/requests/flows/authorization_code_spec.rb +0 -156
  246. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  247. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  248. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  249. data/spec/requests/flows/password_spec.rb +0 -94
  250. data/spec/requests/flows/refresh_token_spec.rb +0 -104
  251. data/spec/requests/flows/revoke_token_spec.rb +0 -143
  252. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  253. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  254. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  255. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  256. data/spec/routing/default_routes_spec.rb +0 -35
  257. data/spec/routing/scoped_routes_spec.rb +0 -31
  258. data/spec/spec_helper.rb +0 -2
  259. data/spec/spec_helper_integration.rb +0 -56
  260. data/spec/support/dependencies/factory_girl.rb +0 -2
  261. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  262. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  263. data/spec/support/helpers/config_helper.rb +0 -9
  264. data/spec/support/helpers/model_helper.rb +0 -45
  265. data/spec/support/helpers/request_spec_helper.rb +0 -76
  266. data/spec/support/helpers/url_helper.rb +0 -55
  267. data/spec/support/orm/active_record.rb +0 -3
  268. data/spec/support/shared/controllers_shared_context.rb +0 -60
  269. data/spec/support/shared/models_shared_examples.rb +0 -52
  270. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,81 +1,335 @@
1
+ # frozen_string_literal: true
2
+
1
3
  Doorkeeper.configure do
2
- # Change the ORM that doorkeeper will use (needs plugins)
4
+ # Change the ORM that doorkeeper will use (requires ORM extensions installed).
5
+ # Check the list of supported ORMs here: https://github.com/doorkeeper-gem/doorkeeper#orms
3
6
  orm :active_record
4
7
 
5
8
  # This block will be called to check whether the resource owner is authenticated or not.
6
9
  resource_owner_authenticator do
7
- fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
10
+ raise "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
8
11
  # Put your resource owner authentication logic here.
9
12
  # Example implementation:
10
- # User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
13
+ # User.find_by(id: session[:user_id]) || redirect_to(new_user_session_url)
11
14
  end
12
15
 
13
- # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
16
+ # If you didn't skip applications controller from Doorkeeper routes in your application routes.rb
17
+ # file then you need to declare this block in order to restrict access to the web interface for
18
+ # adding oauth authorized applications. In other case it will return 403 Forbidden response
19
+ # every time somebody will try to access the admin web interface.
20
+ #
14
21
  # admin_authenticator do
15
22
  # # Put your admin authentication logic here.
16
23
  # # Example implementation:
17
- # Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
24
+ #
25
+ # if current_user
26
+ # head :forbidden unless current_user.admin?
27
+ # else
28
+ # redirect_to sign_in_url
29
+ # end
18
30
  # end
19
31
 
20
- # Authorization Code expiration time (default 10 minutes).
32
+ # You can use your own model classes if you need to extend (or even override) default
33
+ # Doorkeeper models such as `Application`, `AccessToken` and `AccessGrant.
34
+ #
35
+ # Be default Doorkeeper ActiveRecord ORM uses it's own classes:
36
+ #
37
+ # access_token_class "Doorkeeper::AccessToken"
38
+ # access_grant_class "Doorkeeper::AccessGrant"
39
+ # application_class "Doorkeeper::Application"
40
+ #
41
+ # Don't forget to include Doorkeeper ORM mixins into your custom models:
42
+ #
43
+ # * ::Doorkeeper::Orm::ActiveRecord::Mixins::AccessToken - for access token
44
+ # * ::Doorkeeper::Orm::ActiveRecord::Mixins::AccessGrant - for access grant
45
+ # * ::Doorkeeper::Orm::ActiveRecord::Mixins::Application - for application (OAuth2 clients)
46
+ #
47
+ # For example:
48
+ #
49
+ # access_token_class "MyAccessToken"
50
+ #
51
+ # class MyAccessToken < ApplicationRecord
52
+ # include ::Doorkeeper::Orm::ActiveRecord::Mixins::AccessToken
53
+ #
54
+ # self.table_name = "hey_i_wanna_my_name"
55
+ #
56
+ # def destroy_me!
57
+ # destroy
58
+ # end
59
+ # end
60
+
61
+ # Enables polymorphic Resource Owner association for Access Tokens and Access Grants.
62
+ # By default this option is disabled.
63
+ #
64
+ # Make sure you properly setup you database and have all the required columns (run
65
+ # `bundle exec rails generate doorkeeper:enable_polymorphic_resource_owner` and execute Rails
66
+ # migrations).
67
+ #
68
+ # If this option enabled, Doorkeeper will store not only Resource Owner primary key
69
+ # value, but also it's type (class name). See "Polymorphic Associations" section of
70
+ # Rails guides: https://guides.rubyonrails.org/association_basics.html#polymorphic-associations
71
+ #
72
+ # [NOTE] If you apply this option on already existing project don't forget to manually
73
+ # update `resource_owner_type` column in the database and fix migration template as it will
74
+ # set NOT NULL constraint for Access Grants table.
75
+ #
76
+ # use_polymorphic_resource_owner
77
+
78
+ # If you are planning to use Doorkeeper in Rails 5 API-only application, then you might
79
+ # want to use API mode that will skip all the views management and change the way how
80
+ # Doorkeeper responds to a requests.
81
+ #
82
+ # api_only
83
+
84
+ # Enforce token request content type to application/x-www-form-urlencoded.
85
+ # It is not enabled by default to not break prior versions of the gem.
86
+ #
87
+ # enforce_content_type
88
+
89
+ # Authorization Code expiration time (default: 10 minutes).
90
+ #
21
91
  # authorization_code_expires_in 10.minutes
22
92
 
23
- # Access token expiration time (default 2 hours).
24
- # If you want to disable expiration, set this to nil.
93
+ # Access token expiration time (default: 2 hours).
94
+ # If you want to disable expiration, set this to `nil`.
95
+ #
25
96
  # access_token_expires_in 2.hours
26
97
 
27
- # Assign a custom TTL for implicit grants.
28
- # custom_access_token_expires_in do |oauth_client|
29
- # oauth_client.application.additional_settings.implicit_oauth_expiration
98
+ # Assign custom TTL for access tokens. Will be used instead of access_token_expires_in
99
+ # option if defined. In case the block returns `nil` value Doorkeeper fallbacks to
100
+ # +access_token_expires_in+ configuration option value. If you really need to issue a
101
+ # non-expiring access token (which is not recommended) then you need to return
102
+ # Float::INFINITY from this block.
103
+ #
104
+ # `context` has the following properties available:
105
+ #
106
+ # * `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
107
+ # * `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
108
+ # * `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
109
+ # * `resource_owner` - authorized resource owner instance (if present)
110
+ #
111
+ # custom_access_token_expires_in do |context|
112
+ # context.client.additional_settings.implicit_oauth_expiration
30
113
  # end
31
114
 
32
115
  # Use a custom class for generating the access token.
33
- # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
34
- # access_token_generator "::Doorkeeper::JWT"
116
+ # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-access-token-generator
117
+ #
118
+ # access_token_generator '::Doorkeeper::JWT'
35
119
 
36
- # Reuse access token for the same resource owner within an application (disabled by default)
120
+ # The controller +Doorkeeper::ApplicationController+ inherits from.
121
+ # Defaults to +ActionController::Base+ unless +api_only+ is set, which changes the default to
122
+ # +ActionController::API+. The return value of this option must be a stringified class name.
123
+ # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-controllers
124
+ #
125
+ # base_controller 'ApplicationController'
126
+
127
+ # Reuse access token for the same resource owner within an application (disabled by default).
128
+ #
129
+ # This option protects your application from creating new tokens before old **valid** one becomes
130
+ # expired so your database doesn't bloat. Keep in mind that when this option is enabled Doorkeeper
131
+ # doesn't update existing token expiration time, it will create a new token instead if no active matching
132
+ # token found for the application, resources owner and/or set of scopes.
37
133
  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
134
+ #
135
+ # You can not enable this option together with +hash_token_secrets+.
136
+ #
38
137
  # reuse_access_token
39
138
 
40
- # Issue access tokens with refresh token (disabled by default)
139
+ # In case you enabled `reuse_access_token` option Doorkeeper will try to find matching
140
+ # token using `matching_token_for` Access Token API that searches for valid records
141
+ # in batches in order not to pollute the memory with all the database records. By default
142
+ # Doorkeeper uses batch size of 10 000 records. You can increase or decrease this value
143
+ # depending on your needs and server capabilities.
144
+ #
145
+ # token_lookup_batch_size 10_000
146
+
147
+ # Set a limit for token_reuse if using reuse_access_token option
148
+ #
149
+ # This option limits token_reusability to some extent.
150
+ # If not set then access_token will be reused unless it expires.
151
+ # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
152
+ #
153
+ # This option should be a percentage(i.e. (0,100])
154
+ #
155
+ # token_reuse_limit 100
156
+
157
+ # Only allow one valid access token obtained via client credentials
158
+ # per client. If a new access token is obtained before the old one
159
+ # expired, the old one gets revoked (disabled by default)
160
+ #
161
+ # When enabling this option, make sure that you do not expect multiple processes
162
+ # using the same credentials at the same time (e.g. web servers spanning
163
+ # multiple machines and/or processes).
164
+ #
165
+ # revoke_previous_client_credentials_token
166
+
167
+ # Hash access and refresh tokens before persisting them.
168
+ # This will disable the possibility to use +reuse_access_token+
169
+ # since plain values can no longer be retrieved.
170
+ #
171
+ # Note: If you are already a user of doorkeeper and have existing tokens
172
+ # in your installation, they will be invalid without adding 'fallback: :plain'.
173
+ #
174
+ # hash_token_secrets
175
+ # By default, token secrets will be hashed using the
176
+ # +Doorkeeper::Hashing::SHA256+ strategy.
177
+ #
178
+ # If you wish to use another hashing implementation, you can override
179
+ # this strategy as follows:
180
+ #
181
+ # hash_token_secrets using: '::Doorkeeper::Hashing::MyCustomHashImpl'
182
+ #
183
+ # Keep in mind that changing the hashing function will invalidate all existing
184
+ # secrets, if there are any.
185
+
186
+ # Hash application secrets before persisting them.
187
+ #
188
+ # hash_application_secrets
189
+ #
190
+ # By default, applications will be hashed
191
+ # with the +Doorkeeper::SecretStoring::SHA256+ strategy.
192
+ #
193
+ # If you wish to use bcrypt for application secret hashing, uncomment
194
+ # this line instead:
195
+ #
196
+ # hash_application_secrets using: '::Doorkeeper::SecretStoring::BCrypt'
197
+
198
+ # When the above option is enabled, and a hashed token or secret is not found,
199
+ # you can allow to fall back to another strategy. For users upgrading
200
+ # doorkeeper and wishing to enable hashing, you will probably want to enable
201
+ # the fallback to plain tokens.
202
+ #
203
+ # This will ensure that old access tokens and secrets
204
+ # will remain valid even if the hashing above is enabled.
205
+ #
206
+ # This can be done by adding 'fallback: plain', e.g. :
207
+ #
208
+ # hash_application_secrets using: '::Doorkeeper::SecretStoring::BCrypt', fallback: :plain
209
+
210
+ # Issue access tokens with refresh token (disabled by default), you may also
211
+ # pass a block which accepts `context` to customize when to give a refresh
212
+ # token or not. Similar to +custom_access_token_expires_in+, `context` has
213
+ # the following properties:
214
+ #
215
+ # `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
216
+ # `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
217
+ # `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
218
+ #
41
219
  # use_refresh_token
42
220
 
43
221
  # Provide support for an owner to be assigned to each registered application (disabled by default)
44
- # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
222
+ # Optional parameter confirmation: true (default: false) if you want to enforce ownership of
45
223
  # a registered application
46
- # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
47
- # enable_application_owner :confirmation => false
224
+ # NOTE: you must also run the rails g doorkeeper:application_owner generator
225
+ # to provide the necessary support
226
+ #
227
+ # enable_application_owner confirmation: false
48
228
 
49
229
  # Define access token scopes for your provider
50
230
  # For more information go to
51
- # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
231
+ # https://doorkeeper.gitbook.io/guides/ruby-on-rails/scopes
232
+ #
52
233
  # default_scopes :public
53
234
  # optional_scopes :write, :update
54
235
 
236
+ # Allows to restrict only certain scopes for grant_type.
237
+ # By default, all the scopes will be available for all the grant types.
238
+ #
239
+ # Keys to this hash should be the name of grant_type and
240
+ # values should be the array of scopes for that grant type.
241
+ # Note: scopes should be from configured_scopes (i.e. default or optional)
242
+ #
243
+ # scopes_by_grant_type password: [:write], client_credentials: [:update]
244
+
245
+ # Forbids creating/updating applications with arbitrary scopes that are
246
+ # not in configuration, i.e. +default_scopes+ or +optional_scopes+.
247
+ # (disabled by default)
248
+ #
249
+ # enforce_configured_scopes
250
+
55
251
  # Change the way client credentials are retrieved from the request object.
56
252
  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
57
253
  # falls back to the `:client_id` and `:client_secret` params from the `params` object.
58
- # Check out the wiki for more information on customization
254
+ # Check out https://github.com/doorkeeper-gem/doorkeeper/wiki/Changing-how-clients-are-authenticated
255
+ # for more information on customization
256
+ #
59
257
  # client_credentials :from_basic, :from_params
60
258
 
61
259
  # Change the way access token is authenticated from the request object.
62
260
  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
63
261
  # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
64
- # Check out the wiki for more information on customization
65
- # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
66
-
67
- # Change the native redirect uri for client apps
68
- # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
69
- # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
70
- # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
262
+ # Check out https://github.com/doorkeeper-gem/doorkeeper/wiki/Changing-how-clients-are-authenticated
263
+ # for more information on customization
71
264
  #
72
- # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
265
+ # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
73
266
 
74
267
  # Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
75
268
  # by default in non-development environments). OAuth2 delegates security in
76
269
  # communication to the HTTPS protocol so it is wise to keep this enabled.
77
270
  #
271
+ # Callable objects such as proc, lambda, block or any object that responds to
272
+ # #call can be used in order to allow conditional checks (to allow non-SSL
273
+ # redirects to localhost for example).
274
+ #
78
275
  # force_ssl_in_redirect_uri !Rails.env.development?
276
+ #
277
+ # force_ssl_in_redirect_uri { |uri| uri.host != 'localhost' }
278
+
279
+ # Specify what redirect URI's you want to block during Application creation.
280
+ # Any redirect URI is allowed by default.
281
+ #
282
+ # You can use this option in order to forbid URI's with 'javascript' scheme
283
+ # for example.
284
+ #
285
+ # forbid_redirect_uri { |uri| uri.scheme.to_s.downcase == 'javascript' }
286
+
287
+ # Allows to set blank redirect URIs for Applications in case Doorkeeper configured
288
+ # to use URI-less OAuth grant flows like Client Credentials or Resource Owner
289
+ # Password Credentials. The option is on by default and checks configured grant
290
+ # types, but you **need** to manually drop `NOT NULL` constraint from `redirect_uri`
291
+ # column for `oauth_applications` database table.
292
+ #
293
+ # You can completely disable this feature with:
294
+ #
295
+ # allow_blank_redirect_uri false
296
+ #
297
+ # Or you can define your custom check:
298
+ #
299
+ # allow_blank_redirect_uri do |grant_flows, client|
300
+ # client.superapp?
301
+ # end
302
+
303
+ # Specify how authorization errors should be handled.
304
+ # By default, doorkeeper renders json errors when access token
305
+ # is invalid, expired, revoked or has invalid scopes.
306
+ #
307
+ # If you want to render error response yourself (i.e. rescue exceptions),
308
+ # set +handle_auth_errors+ to `:raise` and rescue Doorkeeper::Errors::InvalidToken
309
+ # or following specific errors:
310
+ #
311
+ # Doorkeeper::Errors::TokenForbidden, Doorkeeper::Errors::TokenExpired,
312
+ # Doorkeeper::Errors::TokenRevoked, Doorkeeper::Errors::TokenUnknown
313
+ #
314
+ # handle_auth_errors :raise
315
+
316
+ # Customize token introspection response.
317
+ # Allows to add your own fields to default one that are required by the OAuth spec
318
+ # for the introspection response. It could be `sub`, `aud` and so on.
319
+ # This configuration option can be a proc, lambda or any Ruby object responds
320
+ # to `.call` method and result of it's invocation must be a Hash.
321
+ #
322
+ # custom_introspection_response do |token, context|
323
+ # {
324
+ # "sub": "Z5O3upPC88QrAjx00dis",
325
+ # "aud": "https://protected.example.net/resource",
326
+ # "username": User.find(token.resource_owner_id).username
327
+ # }
328
+ # end
329
+ #
330
+ # or
331
+ #
332
+ # custom_introspection_response CustomIntrospectionResponder
79
333
 
80
334
  # Specify what grant flows are enabled in array of Strings. The valid
81
335
  # strings and the flows they enable are:
@@ -90,18 +344,149 @@ Doorkeeper.configure do
90
344
  #
91
345
  # implicit and password grant flows have risks that you should understand
92
346
  # before enabling:
93
- # http://tools.ietf.org/html/rfc6819#section-4.4.2
94
- # http://tools.ietf.org/html/rfc6819#section-4.4.3
347
+ # https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.2
348
+ # https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.3
95
349
  #
96
- # grant_flows %w(authorization_code client_credentials)
350
+ # grant_flows %w[authorization_code client_credentials]
351
+
352
+ # Allows to customize OAuth grant flows that +each+ application support.
353
+ # You can configure a custom block (or use a class respond to `#call`) that must
354
+ # return `true` in case Application instance supports requested OAuth grant flow
355
+ # during the authorization request to the server. This configuration +doesn't+
356
+ # set flows per application, it only allows to check if application supports
357
+ # specific grant flow.
358
+ #
359
+ # For example you can add an additional database column to `oauth_applications` table,
360
+ # say `t.array :grant_flows, default: []`, and store allowed grant flows that can
361
+ # be used with this application there. Then when authorization requested Doorkeeper
362
+ # will call this block to check if specific Application (passed with client_id and/or
363
+ # client_secret) is allowed to perform the request for the specific grant type
364
+ # (authorization, password, client_credentials, etc).
365
+ #
366
+ # Example of the block:
367
+ #
368
+ # ->(flow, client) { client.grant_flows.include?(flow) }
369
+ #
370
+ # In case this option invocation result is `false`, Doorkeeper server returns
371
+ # :unauthorized_client error and stops the request.
372
+ #
373
+ # @param allow_grant_flow_for_client [Proc] Block or any object respond to #call
374
+ # @return [Boolean] `true` if allow or `false` if forbid the request
375
+ #
376
+ # allow_grant_flow_for_client do |grant_flow, client|
377
+ # # `grant_flows` is an Array column with grant
378
+ # # flows that application supports
379
+ #
380
+ # client.grant_flows.include?(grant_flow)
381
+ # end
382
+
383
+ # If you need arbitrary Resource Owner-Client authorization you can enable this option
384
+ # and implement the check your need. Config option must respond to #call and return
385
+ # true in case resource owner authorized for the specific application or false in other
386
+ # cases.
387
+ #
388
+ # Be default all Resource Owners are authorized to any Client (application).
389
+ #
390
+ # authorize_resource_owner_for_client do |client, resource_owner|
391
+ # resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
392
+ # end
393
+
394
+ # Hook into the strategies' request & response life-cycle in case your
395
+ # application needs advanced customization or logging:
396
+ #
397
+ # before_successful_strategy_response do |request|
398
+ # puts "BEFORE HOOK FIRED! #{request}"
399
+ # end
400
+ #
401
+ # after_successful_strategy_response do |request, response|
402
+ # puts "AFTER HOOK FIRED! #{request}, #{response}"
403
+ # end
404
+
405
+ # Hook into Authorization flow in order to implement Single Sign Out
406
+ # or add any other functionality. Inside the block you have an access
407
+ # to `controller` (authorizations controller instance) and `context`
408
+ # (Doorkeeper::OAuth::Hooks::Context instance) which provides pre auth
409
+ # or auth objects with issued token based on hook type (before or after).
410
+ #
411
+ # before_successful_authorization do |controller, context|
412
+ # Rails.logger.info(controller.request.params.inspect)
413
+ #
414
+ # Rails.logger.info(context.pre_auth.inspect)
415
+ # end
416
+ #
417
+ # after_successful_authorization do |controller, context|
418
+ # controller.session[:logout_urls] <<
419
+ # Doorkeeper::Application
420
+ # .find_by(controller.request.params.slice(:redirect_uri))
421
+ # .logout_uri
422
+ #
423
+ # Rails.logger.info(context.auth.inspect)
424
+ # Rails.logger.info(context.issued_token)
425
+ # end
97
426
 
98
427
  # Under some circumstances you might want to have applications auto-approved,
99
428
  # so that the user skips the authorization step.
100
429
  # For example if dealing with a trusted application.
430
+ #
101
431
  # skip_authorization do |resource_owner, client|
102
432
  # client.superapp? or resource_owner.admin?
103
433
  # end
104
434
 
105
- # WWW-Authenticate Realm (default "Doorkeeper").
435
+ # Configure custom constraints for the Token Introspection request.
436
+ # By default this configuration option allows to introspect a token by another
437
+ # token of the same application, OR to introspect the token that belongs to
438
+ # authorized client (from authenticated client) OR when token doesn't
439
+ # belong to any client (public token). Otherwise requester has no access to the
440
+ # introspection and it will return response as stated in the RFC.
441
+ #
442
+ # Block arguments:
443
+ #
444
+ # @param token [Doorkeeper::AccessToken]
445
+ # token to be introspected
446
+ #
447
+ # @param authorized_client [Doorkeeper::Application]
448
+ # authorized client (if request is authorized using Basic auth with
449
+ # Client Credentials for example)
450
+ #
451
+ # @param authorized_token [Doorkeeper::AccessToken]
452
+ # Bearer token used to authorize the request
453
+ #
454
+ # In case the block returns `nil` or `false` introspection responses with 401 status code
455
+ # when using authorized token to introspect, or you'll get 200 with { "active": false } body
456
+ # when using authorized client to introspect as stated in the
457
+ # RFC 7662 section 2.2. Introspection Response.
458
+ #
459
+ # Using with caution:
460
+ # Keep in mind that these three parameters pass to block can be nil as following case:
461
+ # `authorized_client` is nil if and only if `authorized_token` is present, and vice versa.
462
+ # `token` will be nil if and only if `authorized_token` is present.
463
+ # So remember to use `&` or check if it is present before calling method on
464
+ # them to make sure you doesn't get NoMethodError exception.
465
+ #
466
+ # You can define your custom check:
467
+ #
468
+ # allow_token_introspection do |token, authorized_client, authorized_token|
469
+ # if authorized_token
470
+ # # customize: require `introspection` scope
471
+ # authorized_token.application == token&.application ||
472
+ # authorized_token.scopes.include?("introspection")
473
+ # elsif token.application
474
+ # # `protected_resource` is a new database boolean column, for example
475
+ # authorized_client == token.application || authorized_client.protected_resource?
476
+ # else
477
+ # # public token (when token.application is nil, token doesn't belong to any application)
478
+ # true
479
+ # end
480
+ # end
481
+ #
482
+ # Or you can completely disable any token introspection:
483
+ #
484
+ # allow_token_introspection false
485
+ #
486
+ # If you need to block the request at all, then configure your routes.rb or web-server
487
+ # like nginx to forbid the request.
488
+
489
+ # WWW-Authenticate Realm (default: "Doorkeeper").
490
+ #
106
491
  # realm "Doorkeeper"
107
492
  end
@@ -0,0 +1,88 @@
1
+ # frozen_string_literal: true
2
+
3
+ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
4
+ def change
5
+ create_table :oauth_applications do |t|
6
+ t.string :name, null: false
7
+ t.string :uid, null: false
8
+ t.string :secret, null: false
9
+
10
+ # Remove `null: false` if you are planning to use grant flows
11
+ # that doesn't require redirect URI to be used during authorization
12
+ # like Client Credentials flow or Resource Owner Password.
13
+ t.text :redirect_uri, null: false
14
+ t.string :scopes, null: false, default: ''
15
+ t.boolean :confidential, null: false, default: true
16
+ t.timestamps null: false
17
+ end
18
+
19
+ add_index :oauth_applications, :uid, unique: true
20
+
21
+ create_table :oauth_access_grants do |t|
22
+ t.references :resource_owner, null: false
23
+ t.references :application, null: false
24
+ t.string :token, null: false
25
+ t.integer :expires_in, null: false
26
+ t.text :redirect_uri, null: false
27
+ t.datetime :created_at, null: false
28
+ t.datetime :revoked_at
29
+ t.string :scopes, null: false, default: ''
30
+ end
31
+
32
+ add_index :oauth_access_grants, :token, unique: true
33
+ add_foreign_key(
34
+ :oauth_access_grants,
35
+ :oauth_applications,
36
+ column: :application_id
37
+ )
38
+
39
+ create_table :oauth_access_tokens do |t|
40
+ t.references :resource_owner, index: true
41
+
42
+ # Remove `null: false` if you are planning to use Password
43
+ # Credentials Grant flow that doesn't require an application.
44
+ t.references :application, null: false
45
+
46
+ # If you use a custom token generator you may need to change this column
47
+ # from string to text, so that it accepts tokens larger than 255
48
+ # characters. More info on custom token generators in:
49
+ # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
50
+ #
51
+ # t.text :token, null: false
52
+ t.string :token, null: false
53
+
54
+ t.string :refresh_token
55
+ t.integer :expires_in
56
+ t.datetime :revoked_at
57
+ t.datetime :created_at, null: false
58
+ t.string :scopes
59
+
60
+ # The authorization server MAY issue a new refresh token, in which case
61
+ # *the client MUST discard the old refresh token* and replace it with the
62
+ # new refresh token. The authorization server MAY revoke the old
63
+ # refresh token after issuing a new refresh token to the client.
64
+ # @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
65
+ #
66
+ # Doorkeeper implementation: if there is a `previous_refresh_token` column,
67
+ # refresh tokens will be revoked after a related access token is used.
68
+ # If there is no `previous_refresh_token` column, previous tokens are
69
+ # revoked as soon as a new access token is created.
70
+ #
71
+ # Comment out this line if you want refresh tokens to be instantly
72
+ # revoked after use.
73
+ t.string :previous_refresh_token, null: false, default: ""
74
+ end
75
+
76
+ add_index :oauth_access_tokens, :token, unique: true
77
+ add_index :oauth_access_tokens, :refresh_token, unique: true
78
+ add_foreign_key(
79
+ :oauth_access_tokens,
80
+ :oauth_applications,
81
+ column: :application_id
82
+ )
83
+
84
+ # Uncomment below to ensure a valid reference to the resource owner's table
85
+ # add_foreign_key :oauth_access_grants, <model>, column: :resource_owner_id
86
+ # add_foreign_key :oauth_access_tokens, <model>, column: :resource_owner_id
87
+ end
88
+ end
@@ -1,13 +1,17 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module Generators
5
+ # Generates doorkeeper views for Rails application
6
+ #
3
7
  class ViewsGenerator < ::Rails::Generators::Base
4
- source_root File.expand_path('../../../../app/views', __FILE__)
8
+ source_root File.expand_path("../../../app/views", __dir__)
5
9
 
6
- desc 'Copies default Doorkeeper views and layouts to your application.'
10
+ desc "Copies default Doorkeeper views and layouts to your application."
7
11
 
8
12
  def manifest
9
- directory 'doorkeeper', 'app/views/doorkeeper'
10
- directory 'layouts/doorkeeper', 'app/views/layouts/doorkeeper'
13
+ directory "doorkeeper", "app/views/doorkeeper"
14
+ directory "layouts/doorkeeper", "app/views/layouts/doorkeeper"
11
15
  end
12
16
  end
13
17
  end