doorkeeper 4.2.0 → 4.2.5

data/lib/doorkeeper/models/access_grant_mixin.rb

@@ -27,6 +27,14 @@ module Doorkeeper
     end
 
     module ClassMethods
+      # Searches for Doorkeeper::AccessGrant record with the
+      # specific token value.
+      #
+      # @param token [#to_s] token value (any object that responds to `#to_s`)
+      #
+      # @return [Doorkeeper::AccessGrant, nil] AccessGrant object or nil
+      #   if there is no record with such token
+      #
       def by_token(token)
         find_by(token: token.to_s)
       end
@@ -34,6 +42,10 @@ module Doorkeeper
 
     private
 
+    # Generates token value with UniqueToken class.
+    #
+    # @return [String] token value
+    #
     def generate_token
       self.token = UniqueToken.generate
     end

data/lib/doorkeeper/models/access_token_mixin.rb

@@ -23,6 +23,8 @@ module Doorkeeper
       validates :token, presence: true, uniqueness: true
       validates :refresh_token, uniqueness: true, if: :use_refresh_token?
 
+      # @attr_writer [Boolean, nil] use_refresh_token
+      #   indicates the possibility of using refresh token
       attr_writer :use_refresh_token
 
       before_validation :generate_token, on: :create
@@ -32,14 +34,40 @@ module Doorkeeper
     end
 
     module ClassMethods
+      # Returns an instance of the Doorkeeper::AccessToken with
+      # specific token value.
+      #
+      # @param token [#to_s]
+      #   token value (any object that responds to `#to_s`)
+      #
+      # @return [Doorkeeper::AccessToken, nil] AccessToken object or nil
+      #   if there is no record with such token
+      #
       def by_token(token)
         find_by(token: token.to_s)
       end
 
+      # Returns an instance of the Doorkeeper::AccessToken
+      # with specific token value.
+      #
+      # @param refresh_token [#to_s]
+      #   refresh token value (any object that responds to `#to_s`)
+      #
+      # @return [Doorkeeper::AccessToken, nil] AccessToken object or nil
+      #   if there is no record with such refresh token
+      #
       def by_refresh_token(refresh_token)
         find_by(refresh_token: refresh_token.to_s)
       end
 
+      # Revokes AccessToken records that have not been revoked and associated
+      # with the specific Application and Resource Owner.
+      #
+      # @param application_id [Integer]
+      #   ID of the Application
+      # @param resource_owner [ActiveRecord::Base]
+      #   instance of the Resource Owner model
+      #
       def revoke_all_for(application_id, resource_owner)
         where(application_id: application_id,
               resource_owner_id: resource_owner.id,
@@ -47,6 +75,19 @@ module Doorkeeper
           each(&:revoke)
       end
 
+      # Looking for not expired Access Token with a matching set of scopes
+      # that belongs to specific Application and Resource Owner.
+      #
+      # @param application [Doorkeeper::Application]
+      #   Application instance
+      # @param resource_owner_or_id [ActiveRecord::Base, Integer]
+      #   Resource Owner model instance or it's ID
+      # @param scopes [String, Doorkeeper::OAuth::Scopes]
+      #   set of scopes
+      #
+      # @return [Doorkeeper::AccessToken, nil] Access Token instance or
+      #   nil if matching record was not found
+      #
       def matching_token_for(application, resource_owner_or_id, scopes)
         resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
                               resource_owner_or_id.id
@@ -59,6 +100,19 @@ module Doorkeeper
         end
       end
 
+      # Checks whether the token scopes match the scopes from the parameters or
+      # Application scopes (if present).
+      #
+      # @param token_scopes [#to_s]
+      #   set of scopes (any object that responds to `#to_s`)
+      # @param param_scopes [String]
+      #   scopes from params
+      # @param app_scopes [String]
+      #   Application scopes
+      #
+      # @return [Boolean] true if all scopes and blank or matches
+      #   and false in other cases
+      #
       def scopes_match?(token_scopes, param_scopes, app_scopes)
         (!token_scopes.present? && !param_scopes.present?) ||
           Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
@@ -68,6 +122,23 @@ module Doorkeeper
           )
       end
 
+      # Looking for not expired AccessToken record with a matching set of
+      # scopes that belongs to specific Application and Resource Owner.
+      # If it doesn't exists - then creates it.
+      #
+      # @param application [Doorkeeper::Application]
+      #   Application instance
+      # @param resource_owner_id [ActiveRecord::Base, Integer]
+      #   Resource Owner model instance or it's ID
+      # @param scopes [#to_s]
+      #   set of scopes (any object that responds to `#to_s`)
+      # @param expires_in [Integer]
+      #   token lifetime in seconds
+      # @param use_refresh_token [Boolean]
+      #   whether to use the refresh token
+      #
+      # @return [Doorkeeper::AccessToken] existing record or a new one
+      #
       def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
         if Doorkeeper.configuration.reuse_access_token
           access_token = matching_token_for(application, resource_owner_id, scopes)
@@ -85,6 +156,17 @@ module Doorkeeper
         )
       end
 
+      # Looking for not revoked Access Token record that belongs to specific
+      # Application and Resource Owner.
+      #
+      # @param application_id [Integer]
+      #   ID of the Application model instance
+      # @param resource_owner_id [Integer]
+      #   ID of the Resource Owner model instance
+      #
+      # @return [Doorkeeper::AccessToken, nil] matching AccessToken object or
+      #   nil if nothing was found
+      #
       def last_authorized_token_for(application_id, resource_owner_id)
         send(order_method, created_at_desc).
           find_by(application_id: application_id,
@@ -93,6 +175,10 @@ module Doorkeeper
       end
     end
 
+    # Access Token type: Bearer.
+    # @see https://tools.ietf.org/html/rfc6750
+    #   The OAuth 2.0 Authorization Framework: Bearer Token Usage
+    #
     def token_type
       'bearer'
     end
@@ -102,6 +188,9 @@ module Doorkeeper
       !!@use_refresh_token
     end
 
+    # JSON representation of the Access Token instance.
+    #
+    # @return [Hash] hash with token data
     def as_json(_options = {})
       {
         resource_owner_id:  resource_owner_id,
@@ -112,22 +201,49 @@ module Doorkeeper
       }
     end
 
-    # It indicates whether the tokens have the same credential
+    # Indicates whether the token instance have the same credential
+    # as the other Access Token.
+    #
+    # @param access_token [Doorkeeper::AccessToken] other token
+    #
+    # @return [Boolean] true if credentials are same of false in other cases
+    #
     def same_credential?(access_token)
       application_id == access_token.application_id &&
         resource_owner_id == access_token.resource_owner_id
     end
 
+    # Indicates if token is acceptable for specific scopes.
+    #
+    # @param scopes [Array<String>] scopes
+    #
+    # @return [Boolean] true if record is accessible and includes scopes or
+    #   false in other cases
+    #
     def acceptable?(scopes)
       accessible? && includes_scope?(*scopes)
     end
 
     private
 
+    # Generates refresh token with UniqueToken generator.
+    #
+    # @return [String] refresh token value
+    #
     def generate_refresh_token
       write_attribute :refresh_token, UniqueToken.generate
     end
 
+    # Generates and sets the token value with the
+    # configured Generator class (see Doorkeeper.configuration).
+    #
+    # @return [String] generated token value
+    #
+    # @raise [Doorkeeper::Errors::UnableToGenerateToken]
+    #   custom class doesn't implement .generate method
+    # @raise [Doorkeeper::Errors::TokenGeneratorNotFound]
+    #   custom class doesn't exist
+    #
     def generate_token
       self.created_at ||= Time.now.utc
 

data/lib/doorkeeper/models/application_mixin.rb

@@ -7,8 +7,8 @@ module Doorkeeper
     include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
 
     included do
-      has_many :access_grants, dependent: :destroy, class_name: 'Doorkeeper::AccessGrant'
-      has_many :access_tokens, dependent: :destroy, class_name: 'Doorkeeper::AccessToken'
+      has_many :access_grants, dependent: :delete_all, class_name: 'Doorkeeper::AccessGrant'
+      has_many :access_tokens, dependent: :delete_all, class_name: 'Doorkeeper::AccessToken'
 
       validates :name, :secret, :uid, presence: true
       validates :uid, uniqueness: true
@@ -18,10 +18,26 @@ module Doorkeeper
     end
 
     module ClassMethods
+      # Returns an instance of the Doorkeeper::Application with
+      # specific UID and secret.
+      #
+      # @param uid [#to_s] UID (any object that responds to `#to_s`)
+      # @param secret [#to_s] secret (any object that responds to `#to_s`)
+      #
+      # @return [Doorkeeper::Application, nil] Application instance or nil
+      #   if there is no record with such credentials
+      #
       def by_uid_and_secret(uid, secret)
         find_by(uid: uid.to_s, secret: secret.to_s)
       end
 
+      # Returns an instance of the Doorkeeper::Application with specific UID.
+      #
+      # @param uid [#to_s] UID (any object that responds to `#to_s`)
+      #
+      # @return [Doorkeeper::Application, nil] Application instance or nil
+      #   if there is no record with such UID
+      #
       def by_uid(uid)
         find_by(uid: uid.to_s)
       end

data/lib/doorkeeper/models/concerns/accessible.rb

@@ -1,6 +1,10 @@
 module Doorkeeper
   module Models
     module Accessible
+      # Indicates whether the object is accessible (not expired and not revoked).
+      #
+      # @return [Boolean] true if object accessible or false in other case
+      #
       def accessible?
         !expired? && !revoked?
       end

data/lib/doorkeeper/models/concerns/expirable.rb

@@ -1,10 +1,18 @@
 module Doorkeeper
   module Models
     module Expirable
+      # Indicates whether the object is expired (`#expires_in` present and
+      # expiration time has come).
+      #
+      # @return [Boolean] true if object expired and false in other case
       def expired?
         expires_in && Time.now.utc > expired_time
       end
 
+      # Calculates expiration time in seconds.
+      #
+      # @return [Integer, nil] number of seconds if object has expiration time
+      #   or nil if object never expires.
       def expires_in_seconds
         return nil if expires_in.nil?
         expires = (created_at + expires_in.seconds) - Time.now.utc

data/lib/doorkeeper/models/concerns/revocable.rb

@@ -1,14 +1,26 @@
 module Doorkeeper
   module Models
     module Revocable
+      # Revokes the object (updates `:revoked_at` attribute setting its value
+      # to the specific time).
+      #
+      # @param clock [Time] time object
+      #
       def revoke(clock = Time)
         update_attribute :revoked_at, clock.now.utc
       end
 
+      # Indicates whether the object has been revoked.
+      #
+      # @return [Boolean] true if revoked, false in other case
+      #
       def revoked?
         !!(revoked_at && revoked_at <= Time.now.utc)
       end
 
+      # Revokes token with `:refresh_token` equal to `:previous_refresh_token`
+      # and clears `:previous_refresh_token` attribute.
+      #
       def revoke_previous_refresh_token!
         return unless refresh_token_revoked_on_use?
         old_refresh_token.revoke if old_refresh_token
@@ -17,6 +29,12 @@ module Doorkeeper
 
       private
 
+      # Searches for Access Token record with `:refresh_token` equal to
+      # `:previous_refresh_token` value.
+      #
+      # @return [Doorkeeper::AccessToken, nil]
+      #   Access Token record or nil if nothing found
+      #
       def old_refresh_token
         @old_refresh_token ||=
           AccessToken.by_refresh_token(previous_refresh_token)

data/lib/doorkeeper/oauth/authorization/uri_builder.rb

@@ -1,27 +1,29 @@
+require 'rack/utils'
+
 module Doorkeeper
   module OAuth
     module Authorization
-      module URIBuilder
-        include Rack::Utils
-
-        extend self
+      class URIBuilder
+        class << self
+          def uri_with_query(url, parameters = {})
+            uri            = URI.parse(url)
+            original_query = Rack::Utils.parse_query(uri.query)
+            uri.query      = build_query(original_query.merge(parameters))
+            uri.to_s
+          end
 
-        def uri_with_query(url, parameters = {})
-          uri            = URI.parse(url)
-          original_query = parse_query(uri.query)
-          uri.query      = build_query(original_query.merge(parameters))
-          uri.to_s
-        end
+          def uri_with_fragment(url, parameters = {})
+            uri = URI.parse(url)
+            uri.fragment = build_query(parameters)
+            uri.to_s
+          end
 
-        def uri_with_fragment(url, parameters = {})
-          uri = URI.parse(url)
-          uri.fragment = build_query(parameters)
-          uri.to_s
-        end
+          private
 
-        def build_query(parameters = {})
-          parameters = parameters.reject { |_, v| v.blank? }
-          super parameters
+          def build_query(parameters = {})
+            parameters = parameters.reject { |_, v| v.blank? }
+            Rack::Utils.build_query parameters
+          end
         end
       end
     end

data/lib/doorkeeper/oauth/authorization_code_request.rb

@@ -1,9 +1,6 @@
 module Doorkeeper
   module OAuth
-    class AuthorizationCodeRequest
-      include Validations
-      include OAuth::RequestConcern
-
+    class AuthorizationCodeRequest < BaseRequest
       validate :attributes,   error: :invalid_request
       validate :client,       error: :invalid_client
       validate :grant,        error: :invalid_grant

data/lib/doorkeeper/oauth/{request_concern.rb → base_request.rb}

@@ -1,6 +1,8 @@
 module Doorkeeper
   module OAuth
-    module RequestConcern
+    class BaseRequest
+      include Validations
+
       def authorize
         validate
         if valid?

data/lib/doorkeeper/oauth/base_response.rb

@@ -0,0 +1,29 @@
+module Doorkeeper
+  module OAuth
+    class BaseResponse
+      def body
+        {}
+      end
+
+      def description
+        ""
+      end
+
+      def headers
+        {}
+      end
+
+      def redirectable?
+        false
+      end
+
+      def redirect_uri
+        ""
+      end
+
+      def status
+        :ok
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/client.rb

@@ -1,4 +1,3 @@
-require 'doorkeeper/oauth/client/methods'
 require 'doorkeeper/oauth/client/credentials'
 
 module Doorkeeper

data/lib/doorkeeper/oauth/client/credentials.rb

@@ -2,13 +2,24 @@ module Doorkeeper
   module OAuth
     class Client
       class Credentials < Struct.new(:uid, :secret)
-        extend Methods
+        class << self
+          def from_request(request, *credentials_methods)
+            credentials_methods.inject(nil) do |credentials, method|
+              method = self.method(method) if method.is_a?(Symbol)
+              credentials = Credentials.new(*method.call(request))
+              break credentials unless credentials.blank?
+            end
+          end
+
+          def from_params(request)
+            request.parameters.values_at(:client_id, :client_secret)
+          end
 
-        def self.from_request(request, *credentials_methods)
-          credentials_methods.inject(nil) do |credentials, method|
-            method = self.method(method) if method.is_a?(Symbol)
-            credentials = Credentials.new(*method.call(request))
-            break credentials unless credentials.blank?
+          def from_basic(request)
+            authorization = request.authorization
+            if authorization.present? && authorization =~ /^Basic (.*)/m
+              Base64.decode64($1).split(/:/, 2)
+            end
           end
         end