doorkeeper 4.2.0 → 5.5.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1038 -0
- data/README.md +110 -348
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +6 -7
- data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
- data/app/controllers/doorkeeper/applications_controller.rb +65 -20
- data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
- data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
- data/app/controllers/doorkeeper/tokens_controller.rb +112 -35
- data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
- data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
- data/app/views/doorkeeper/applications/_form.html.erb +33 -21
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +40 -16
- data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +7 -1
- data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
- data/config/locales/en.yml +33 -9
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +82 -0
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +545 -143
- data/lib/doorkeeper/engine.rb +11 -5
- data/lib/doorkeeper/errors.rb +37 -10
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
- data/lib/doorkeeper/grape/helpers.rb +24 -12
- data/lib/doorkeeper/helpers/controller.rb +49 -27
- data/lib/doorkeeper/models/access_grant_mixin.rb +100 -21
- data/lib/doorkeeper/models/access_token_mixin.rb +379 -75
- data/lib/doorkeeper/models/application_mixin.rb +72 -25
- data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
- data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +12 -18
- data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
- data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
- data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
- data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
- data/lib/doorkeeper/oauth/base_request.rb +66 -0
- data/lib/doorkeeper/oauth/base_response.rb +31 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
- data/lib/doorkeeper/oauth/client.rb +10 -12
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +11 -15
- data/lib/doorkeeper/oauth/code_request.rb +8 -12
- data/lib/doorkeeper/oauth/code_response.rb +28 -15
- data/lib/doorkeeper/oauth/error.rb +5 -3
- data/lib/doorkeeper/oauth/error_response.rb +41 -20
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +10 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +45 -13
- data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
- data/lib/doorkeeper/oauth/refresh_token_request.rb +61 -36
- data/lib/doorkeeper/oauth/scopes.rb +26 -12
- data/lib/doorkeeper/oauth/token.rb +25 -23
- data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
- data/lib/doorkeeper/oauth/token_request.rb +8 -21
- data/lib/doorkeeper/oauth/token_response.rb +14 -10
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
- data/lib/doorkeeper/orm/active_record/access_token.rb +5 -25
- data/lib/doorkeeper/orm/active_record/application.rb +6 -15
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
- data/lib/doorkeeper/orm/active_record.rb +37 -8
- data/lib/doorkeeper/rails/helpers.rb +14 -15
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +3 -1
- data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +42 -30
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +11 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/authorization_code.rb +12 -4
- data/lib/doorkeeper/request/client_credentials.rb +3 -3
- data/lib/doorkeeper/request/code.rb +1 -1
- data/lib/doorkeeper/request/password.rb +5 -14
- data/lib/doorkeeper/request/refresh_token.rb +6 -5
- data/lib/doorkeeper/request/strategy.rb +4 -2
- data/lib/doorkeeper/request/token.rb +1 -1
- data/lib/doorkeeper/request.rb +62 -29
- data/lib/doorkeeper/secret_storing/base.rb +64 -0
- data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
- data/lib/doorkeeper/secret_storing/plain.rb +33 -0
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
- data/lib/doorkeeper/server.rb +9 -19
- data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
- data/lib/doorkeeper/validations.rb +5 -2
- data/lib/doorkeeper/version.rb +12 -1
- data/lib/doorkeeper.rb +111 -56
- data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/install_generator.rb +19 -9
- data/lib/generators/doorkeeper/migration_generator.rb +27 -10
- data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
- data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +410 -31
- data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
- data/lib/generators/doorkeeper/views_generator.rb +8 -4
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +132 -286
- data/.gitignore +0 -14
- data/.hound.yml +0 -13
- data/.rspec +0 -1
- data/.travis.yml +0 -20
- data/CONTRIBUTING.md +0 -47
- data/Gemfile +0 -14
- data/NEWS.md +0 -593
- data/RELEASING.md +0 -17
- data/Rakefile +0 -20
- data/app/validators/redirect_uri_validator.rb +0 -34
- data/doorkeeper.gemspec +0 -28
- data/lib/doorkeeper/oauth/client/methods.rb +0 -18
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
- data/lib/doorkeeper/oauth/request_concern.rb +0 -48
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
- data/lib/generators/doorkeeper/templates/migration.rb +0 -68
- data/spec/controllers/application_metal_controller.rb +0 -10
- data/spec/controllers/applications_controller_spec.rb +0 -58
- data/spec/controllers/authorizations_controller_spec.rb +0 -189
- data/spec/controllers/protected_resources_controller_spec.rb +0 -300
- data/spec/controllers/token_info_controller_spec.rb +0 -52
- data/spec/controllers/tokens_controller_spec.rb +0 -88
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -5
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -23
- data/spec/dummy/config/boot.rb +0 -9
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -44
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -11
- data/spec/dummy/db/schema.rb +0 -67
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/factories.rb +0 -28
- data/spec/generators/application_owner_generator_spec.rb +0 -22
- data/spec/generators/install_generator_spec.rb +0 -31
- data/spec/generators/migration_generator_spec.rb +0 -20
- data/spec/generators/templates/routes.rb +0 -3
- data/spec/generators/views_generator_spec.rb +0 -27
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
- data/spec/lib/config_spec.rb +0 -334
- data/spec/lib/doorkeeper_spec.rb +0 -28
- data/spec/lib/models/expirable_spec.rb +0 -51
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -43
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
- data/spec/lib/oauth/client/credentials_spec.rb +0 -47
- data/spec/lib/oauth/client/methods_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
- data/spec/lib/oauth/client_spec.rb +0 -39
- data/spec/lib/oauth/code_request_spec.rb +0 -45
- data/spec/lib/oauth/code_response_spec.rb +0 -34
- data/spec/lib/oauth/error_response_spec.rb +0 -61
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
- data/spec/lib/oauth/scopes_spec.rb +0 -122
- data/spec/lib/oauth/token_request_spec.rb +0 -98
- data/spec/lib/oauth/token_response_spec.rb +0 -85
- data/spec/lib/oauth/token_spec.rb +0 -116
- data/spec/lib/request/strategy_spec.rb +0 -53
- data/spec/lib/server_spec.rb +0 -52
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
- data/spec/models/doorkeeper/access_token_spec.rb +0 -394
- data/spec/models/doorkeeper/application_spec.rb +0 -179
- data/spec/requests/applications/applications_request_spec.rb +0 -94
- data/spec/requests/applications/authorized_applications_spec.rb +0 -30
- data/spec/requests/endpoints/authorization_spec.rb +0 -72
- data/spec/requests/endpoints/token_spec.rb +0 -64
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
- data/spec/requests/flows/authorization_code_spec.rb +0 -156
- data/spec/requests/flows/client_credentials_spec.rb +0 -58
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
- data/spec/requests/flows/implicit_grant_spec.rb +0 -61
- data/spec/requests/flows/password_spec.rb +0 -115
- data/spec/requests/flows/refresh_token_spec.rb +0 -174
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -59
- data/spec/requests/protected_resources/metal_spec.rb +0 -14
- data/spec/requests/protected_resources/private_api_spec.rb +0 -81
- data/spec/routing/custom_controller_routes_spec.rb +0 -71
- data/spec/routing/default_routes_spec.rb +0 -35
- data/spec/routing/scoped_routes_spec.rb +0 -31
- data/spec/spec_helper.rb +0 -2
- data/spec/spec_helper_integration.rb +0 -59
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/access_token_request_helper.rb +0 -11
- data/spec/support/helpers/authorization_request_helper.rb +0 -41
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -67
- data/spec/support/helpers/request_spec_helper.rb +0 -76
- data/spec/support/helpers/url_helper.rb +0 -55
- data/spec/support/http_method_shim.rb +0 -24
- data/spec/support/orm/active_record.rb +0 -3
- data/spec/support/shared/controllers_shared_context.rb +0 -69
- data/spec/support/shared/models_shared_examples.rb +0 -52
- data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,34 +0,0 @@
|
|
1
|
-
require 'uri'
|
2
|
-
|
3
|
-
class RedirectUriValidator < ActiveModel::EachValidator
|
4
|
-
def self.native_redirect_uri
|
5
|
-
Doorkeeper.configuration.native_redirect_uri
|
6
|
-
end
|
7
|
-
|
8
|
-
def validate_each(record, attribute, value)
|
9
|
-
if value.blank?
|
10
|
-
record.errors.add(attribute, :blank)
|
11
|
-
else
|
12
|
-
value.split.each do |val|
|
13
|
-
uri = ::URI.parse(val)
|
14
|
-
return if native_redirect_uri?(uri)
|
15
|
-
record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
|
16
|
-
record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
|
17
|
-
record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
|
18
|
-
end
|
19
|
-
end
|
20
|
-
rescue URI::InvalidURIError
|
21
|
-
record.errors.add(attribute, :invalid_uri)
|
22
|
-
end
|
23
|
-
|
24
|
-
private
|
25
|
-
|
26
|
-
def native_redirect_uri?(uri)
|
27
|
-
self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
|
28
|
-
end
|
29
|
-
|
30
|
-
def invalid_ssl_uri?(uri)
|
31
|
-
forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
|
32
|
-
forces_ssl && uri.try(:scheme) == 'http'
|
33
|
-
end
|
34
|
-
end
|
data/doorkeeper.gemspec
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
$LOAD_PATH.push File.expand_path("../lib", __FILE__)
|
2
|
-
|
3
|
-
require "doorkeeper/version"
|
4
|
-
|
5
|
-
Gem::Specification.new do |s|
|
6
|
-
s.name = "doorkeeper"
|
7
|
-
s.version = Doorkeeper::VERSION
|
8
|
-
s.authors = ["Felipe Elias Philipp", "Tute Costa"]
|
9
|
-
s.email = %w(tutecosta@gmail.com)
|
10
|
-
s.homepage = "https://github.com/doorkeeper-gem/doorkeeper"
|
11
|
-
s.summary = "OAuth 2 provider for Rails and Grape"
|
12
|
-
s.description = "Doorkeeper is an OAuth 2 provider for Rails and Grape."
|
13
|
-
s.license = 'MIT'
|
14
|
-
|
15
|
-
s.files = `git ls-files`.split("\n")
|
16
|
-
s.test_files = `git ls-files -- spec/*`.split("\n")
|
17
|
-
s.require_paths = ["lib"]
|
18
|
-
|
19
|
-
s.add_dependency "railties", ">= 4.2"
|
20
|
-
|
21
|
-
s.add_development_dependency "capybara"
|
22
|
-
s.add_development_dependency "database_cleaner", "~> 1.3.0"
|
23
|
-
s.add_development_dependency "factory_girl", "~> 4.5.0"
|
24
|
-
s.add_development_dependency "generator_spec", "~> 0.9.0"
|
25
|
-
s.add_development_dependency "rake", "> 10.5.0"
|
26
|
-
s.add_development_dependency "rspec-rails"
|
27
|
-
s.add_development_dependency "timecop", "~> 0.7.0"
|
28
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
module Doorkeeper
|
2
|
-
module OAuth
|
3
|
-
class Client
|
4
|
-
module Methods
|
5
|
-
def from_params(request)
|
6
|
-
request.parameters.values_at(:client_id, :client_secret)
|
7
|
-
end
|
8
|
-
|
9
|
-
def from_basic(request)
|
10
|
-
authorization = request.authorization
|
11
|
-
if authorization.present? && authorization =~ /^Basic (.*)/m
|
12
|
-
Base64.decode64($1).split(/:/, 2)
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
require 'doorkeeper/validations'
|
2
|
-
require 'doorkeeper/oauth/scopes'
|
3
|
-
require 'doorkeeper/oauth/helpers/scope_checker'
|
4
|
-
|
5
|
-
module Doorkeeper
|
6
|
-
module OAuth
|
7
|
-
class ClientCredentialsRequest
|
8
|
-
class Validation
|
9
|
-
include Validations
|
10
|
-
include OAuth::Helpers
|
11
|
-
|
12
|
-
validate :client, error: :invalid_client
|
13
|
-
validate :scopes, error: :invalid_scope
|
14
|
-
|
15
|
-
def initialize(server, request)
|
16
|
-
@server, @request, @client = server, request, request.client
|
17
|
-
|
18
|
-
validate
|
19
|
-
end
|
20
|
-
|
21
|
-
private
|
22
|
-
|
23
|
-
def validate_client
|
24
|
-
@client.present?
|
25
|
-
end
|
26
|
-
|
27
|
-
def validate_scopes
|
28
|
-
return true unless @request.scopes.present?
|
29
|
-
|
30
|
-
application_scopes = if @client.present?
|
31
|
-
@client.application.scopes
|
32
|
-
else
|
33
|
-
''
|
34
|
-
end
|
35
|
-
|
36
|
-
ScopeChecker.valid?(
|
37
|
-
@request.scopes.to_s,
|
38
|
-
@server.scopes,
|
39
|
-
application_scopes
|
40
|
-
)
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,48 +0,0 @@
|
|
1
|
-
module Doorkeeper
|
2
|
-
module OAuth
|
3
|
-
module RequestConcern
|
4
|
-
def authorize
|
5
|
-
validate
|
6
|
-
if valid?
|
7
|
-
before_successful_response
|
8
|
-
@response = TokenResponse.new(access_token)
|
9
|
-
after_successful_response
|
10
|
-
@response
|
11
|
-
else
|
12
|
-
@response = ErrorResponse.from_request(self)
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
def scopes
|
17
|
-
@scopes ||= if @original_scopes.present?
|
18
|
-
OAuth::Scopes.from_string(@original_scopes)
|
19
|
-
else
|
20
|
-
default_scopes
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
def default_scopes
|
25
|
-
server.default_scopes
|
26
|
-
end
|
27
|
-
|
28
|
-
def valid?
|
29
|
-
error.nil?
|
30
|
-
end
|
31
|
-
|
32
|
-
def find_or_create_access_token(client, resource_owner_id, scopes, server)
|
33
|
-
@access_token = AccessToken.find_or_create_for(
|
34
|
-
client,
|
35
|
-
resource_owner_id,
|
36
|
-
scopes,
|
37
|
-
Authorization::Token.access_token_expires_in(server, client),
|
38
|
-
server.refresh_token_enabled?)
|
39
|
-
end
|
40
|
-
|
41
|
-
def before_successful_response
|
42
|
-
end
|
43
|
-
|
44
|
-
def after_successful_response
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
@@ -1,7 +0,0 @@
|
|
1
|
-
class AddOwnerToApplication < ActiveRecord::Migration
|
2
|
-
def change
|
3
|
-
add_column :oauth_applications, :owner_id, :integer, null: true
|
4
|
-
add_column :oauth_applications, :owner_type, :string, null: true
|
5
|
-
add_index :oauth_applications, [:owner_id, :owner_type]
|
6
|
-
end
|
7
|
-
end
|
@@ -1,68 +0,0 @@
|
|
1
|
-
class CreateDoorkeeperTables < ActiveRecord::Migration
|
2
|
-
def change
|
3
|
-
create_table :oauth_applications do |t|
|
4
|
-
t.string :name, null: false
|
5
|
-
t.string :uid, null: false
|
6
|
-
t.string :secret, null: false
|
7
|
-
t.text :redirect_uri, null: false
|
8
|
-
t.string :scopes, null: false, default: ''
|
9
|
-
t.timestamps null: false
|
10
|
-
end
|
11
|
-
|
12
|
-
add_index :oauth_applications, :uid, unique: true
|
13
|
-
|
14
|
-
create_table :oauth_access_grants do |t|
|
15
|
-
t.integer :resource_owner_id, null: false
|
16
|
-
t.references :application, null: false
|
17
|
-
t.string :token, null: false
|
18
|
-
t.integer :expires_in, null: false
|
19
|
-
t.text :redirect_uri, null: false
|
20
|
-
t.datetime :created_at, null: false
|
21
|
-
t.datetime :revoked_at
|
22
|
-
t.string :scopes
|
23
|
-
end
|
24
|
-
|
25
|
-
add_index :oauth_access_grants, :token, unique: true
|
26
|
-
add_foreign_key(
|
27
|
-
:oauth_access_grants,
|
28
|
-
:oauth_applications,
|
29
|
-
column: :application_id
|
30
|
-
)
|
31
|
-
|
32
|
-
create_table :oauth_access_tokens do |t|
|
33
|
-
t.integer :resource_owner_id
|
34
|
-
t.references :application
|
35
|
-
|
36
|
-
# If you use a custom token generator you may need to change this column
|
37
|
-
# from string to text, so that it accepts tokens larger than 255
|
38
|
-
# characters. More info on custom token generators in:
|
39
|
-
# https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
|
40
|
-
#
|
41
|
-
# t.text :token, null: false
|
42
|
-
t.string :token, null: false
|
43
|
-
|
44
|
-
t.string :refresh_token
|
45
|
-
t.integer :expires_in
|
46
|
-
t.datetime :revoked_at
|
47
|
-
t.datetime :created_at, null: false
|
48
|
-
t.string :scopes
|
49
|
-
|
50
|
-
# If there is a previous_refresh_token column,
|
51
|
-
# refresh tokens will be revoked after a related access token is used.
|
52
|
-
# If there is no previous_refresh_token column,
|
53
|
-
# previous tokens are revoked as soon as a new access token is created.
|
54
|
-
# Comment out this line if you'd rather have refresh tokens
|
55
|
-
# instantly revoked.
|
56
|
-
t.string :previous_refresh_token, null: false, default: ""
|
57
|
-
end
|
58
|
-
|
59
|
-
add_index :oauth_access_tokens, :token, unique: true
|
60
|
-
add_index :oauth_access_tokens, :resource_owner_id
|
61
|
-
add_index :oauth_access_tokens, :refresh_token, unique: true
|
62
|
-
add_foreign_key(
|
63
|
-
:oauth_access_tokens,
|
64
|
-
:oauth_applications,
|
65
|
-
column: :application_id
|
66
|
-
)
|
67
|
-
end
|
68
|
-
end
|
@@ -1,58 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
module Doorkeeper
|
4
|
-
describe ApplicationsController do
|
5
|
-
context 'when admin is not authenticated' do
|
6
|
-
before do
|
7
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
|
8
|
-
redirect_to main_app.root_url
|
9
|
-
end)
|
10
|
-
end
|
11
|
-
|
12
|
-
it 'redirects as set in Doorkeeper.authenticate_admin' do
|
13
|
-
get :index
|
14
|
-
expect(response).to redirect_to(controller.main_app.root_url)
|
15
|
-
end
|
16
|
-
|
17
|
-
it 'does not create application' do
|
18
|
-
expect do
|
19
|
-
post :create, doorkeeper_application: {
|
20
|
-
name: 'Example',
|
21
|
-
redirect_uri: 'https://example.com' }
|
22
|
-
end.to_not change { Doorkeeper::Application.count }
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
context 'when admin is authenticated' do
|
27
|
-
before do
|
28
|
-
allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(arg) { true })
|
29
|
-
end
|
30
|
-
|
31
|
-
it 'creates application' do
|
32
|
-
expect do
|
33
|
-
post :create, doorkeeper_application: {
|
34
|
-
name: 'Example',
|
35
|
-
redirect_uri: 'https://example.com' }
|
36
|
-
end.to change { Doorkeeper::Application.count }.by(1)
|
37
|
-
expect(response).to be_redirect
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'does not allow mass assignment of uid or secret' do
|
41
|
-
application = FactoryGirl.create(:application)
|
42
|
-
put :update, id: application.id, doorkeeper_application: {
|
43
|
-
uid: '1A2B3C4D',
|
44
|
-
secret: '1A2B3C4D' }
|
45
|
-
|
46
|
-
expect(application.reload.uid).not_to eq '1A2B3C4D'
|
47
|
-
end
|
48
|
-
|
49
|
-
it 'updates application' do
|
50
|
-
application = FactoryGirl.create(:application)
|
51
|
-
put :update, id: application.id, doorkeeper_application: {
|
52
|
-
name: 'Example',
|
53
|
-
redirect_uri: 'https://example.com' }
|
54
|
-
expect(application.reload.name).to eq 'Example'
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
@@ -1,189 +0,0 @@
|
|
1
|
-
require 'spec_helper_integration'
|
2
|
-
|
3
|
-
describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
4
|
-
include AuthorizationRequestHelper
|
5
|
-
|
6
|
-
def fragments(param)
|
7
|
-
fragment = URI.parse(response.location).fragment
|
8
|
-
Rack::Utils.parse_query(fragment)[param]
|
9
|
-
end
|
10
|
-
|
11
|
-
def translated_error_message(key)
|
12
|
-
I18n.translate key, scope: [:doorkeeper, :errors, :messages]
|
13
|
-
end
|
14
|
-
|
15
|
-
let(:client) { FactoryGirl.create :application }
|
16
|
-
let(:user) { User.create!(name: 'Joe', password: 'sekret') }
|
17
|
-
|
18
|
-
before do
|
19
|
-
allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
|
20
|
-
allow(controller).to receive(:current_resource_owner).and_return(user)
|
21
|
-
end
|
22
|
-
|
23
|
-
describe 'POST #create' do
|
24
|
-
before do
|
25
|
-
post :create, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
|
26
|
-
end
|
27
|
-
|
28
|
-
it 'redirects after authorization' do
|
29
|
-
expect(response).to be_redirect
|
30
|
-
end
|
31
|
-
|
32
|
-
it 'redirects to client redirect uri' do
|
33
|
-
expect(response.location).to match(%r{^#{client.redirect_uri}})
|
34
|
-
end
|
35
|
-
|
36
|
-
it 'includes access token in fragment' do
|
37
|
-
expect(fragments('access_token')).to eq(Doorkeeper::AccessToken.first.token)
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'includes token type in fragment' do
|
41
|
-
expect(fragments('token_type')).to eq('bearer')
|
42
|
-
end
|
43
|
-
|
44
|
-
it 'includes token expiration in fragment' do
|
45
|
-
expect(fragments('expires_in').to_i).to eq(2.hours.to_i)
|
46
|
-
end
|
47
|
-
|
48
|
-
it 'issues the token for the current client' do
|
49
|
-
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
50
|
-
end
|
51
|
-
|
52
|
-
it 'issues the token for the current resource owner' do
|
53
|
-
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
describe 'POST #create with errors' do
|
58
|
-
before do
|
59
|
-
default_scopes_exist :public
|
60
|
-
post :create, client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri
|
61
|
-
end
|
62
|
-
|
63
|
-
it 'redirects after authorization' do
|
64
|
-
expect(response).to be_redirect
|
65
|
-
end
|
66
|
-
|
67
|
-
it 'redirects to client redirect uri' do
|
68
|
-
expect(response.location).to match(%r{^#{client.redirect_uri}})
|
69
|
-
end
|
70
|
-
|
71
|
-
it 'does not include access token in fragment' do
|
72
|
-
expect(fragments('access_token')).to be_nil
|
73
|
-
end
|
74
|
-
|
75
|
-
it 'includes error in fragment' do
|
76
|
-
expect(fragments('error')).to eq('invalid_scope')
|
77
|
-
end
|
78
|
-
|
79
|
-
it 'includes error description in fragment' do
|
80
|
-
expect(fragments('error_description')).to eq(translated_error_message(:invalid_scope))
|
81
|
-
end
|
82
|
-
|
83
|
-
it 'does not issue any access token' do
|
84
|
-
expect(Doorkeeper::AccessToken.all).to be_empty
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
describe 'POST #create with application already authorized' do
|
89
|
-
it 'returns the existing access token in a fragment'
|
90
|
-
end
|
91
|
-
|
92
|
-
describe 'GET #new token request with native url and skip_authorization true' do
|
93
|
-
before do
|
94
|
-
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
95
|
-
true
|
96
|
-
end)
|
97
|
-
client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
|
98
|
-
get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
|
99
|
-
end
|
100
|
-
|
101
|
-
it 'should redirect immediately' do
|
102
|
-
expect(response).to be_redirect
|
103
|
-
expect(response.location).to match(/oauth\/token\/info\?access_token=/)
|
104
|
-
end
|
105
|
-
|
106
|
-
it 'should not issue a grant' do
|
107
|
-
expect(Doorkeeper::AccessGrant.count).to be 0
|
108
|
-
end
|
109
|
-
|
110
|
-
it 'should issue a token' do
|
111
|
-
expect(Doorkeeper::AccessToken.count).to be 1
|
112
|
-
end
|
113
|
-
end
|
114
|
-
|
115
|
-
describe 'GET #new code request with native url and skip_authorization true' do
|
116
|
-
before do
|
117
|
-
allow(Doorkeeper.configuration).to receive(:grant_flows).
|
118
|
-
and_return(%w(authorization_code))
|
119
|
-
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
120
|
-
true
|
121
|
-
end)
|
122
|
-
client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
|
123
|
-
get :new, client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri
|
124
|
-
end
|
125
|
-
|
126
|
-
it 'should redirect immediately' do
|
127
|
-
expect(response).to be_redirect
|
128
|
-
expect(response.location).to match(/oauth\/authorize\//)
|
129
|
-
end
|
130
|
-
|
131
|
-
it 'should issue a grant' do
|
132
|
-
expect(Doorkeeper::AccessGrant.count).to be 1
|
133
|
-
end
|
134
|
-
|
135
|
-
it 'should not issue a token' do
|
136
|
-
expect(Doorkeeper::AccessToken.count).to be 0
|
137
|
-
end
|
138
|
-
end
|
139
|
-
|
140
|
-
describe 'GET #new with skip_authorization true' do
|
141
|
-
before do
|
142
|
-
allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
|
143
|
-
true
|
144
|
-
end)
|
145
|
-
get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
|
146
|
-
end
|
147
|
-
|
148
|
-
it 'should redirect immediately' do
|
149
|
-
expect(response).to be_redirect
|
150
|
-
expect(response.location).to match(%r{^#{client.redirect_uri}})
|
151
|
-
end
|
152
|
-
|
153
|
-
it 'should issue a token' do
|
154
|
-
expect(Doorkeeper::AccessToken.count).to be 1
|
155
|
-
end
|
156
|
-
|
157
|
-
it 'includes token type in fragment' do
|
158
|
-
expect(fragments('token_type')).to eq('bearer')
|
159
|
-
end
|
160
|
-
|
161
|
-
it 'includes token expiration in fragment' do
|
162
|
-
expect(fragments('expires_in').to_i).to eq(2.hours.to_i)
|
163
|
-
end
|
164
|
-
|
165
|
-
it 'issues the token for the current client' do
|
166
|
-
expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
|
167
|
-
end
|
168
|
-
|
169
|
-
it 'issues the token for the current resource owner' do
|
170
|
-
expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
|
171
|
-
end
|
172
|
-
end
|
173
|
-
|
174
|
-
describe 'GET #new with errors' do
|
175
|
-
before do
|
176
|
-
default_scopes_exist :public
|
177
|
-
get :new, an_invalid: 'request'
|
178
|
-
end
|
179
|
-
|
180
|
-
it 'does not redirect' do
|
181
|
-
expect(response).to_not be_redirect
|
182
|
-
end
|
183
|
-
|
184
|
-
it 'does not issue any token' do
|
185
|
-
expect(Doorkeeper::AccessGrant.count).to eq 0
|
186
|
-
expect(Doorkeeper::AccessToken.count).to eq 0
|
187
|
-
end
|
188
|
-
end
|
189
|
-
end
|