doorkeeper 4.2.0 → 5.5.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (271) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1038 -0
  3. data/README.md +110 -348
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +6 -7
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
  7. data/app/controllers/doorkeeper/applications_controller.rb +65 -20
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +112 -35
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +7 -1
  22. data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
  23. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  24. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  25. data/config/locales/en.yml +33 -9
  26. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  27. data/lib/doorkeeper/config/option.rb +82 -0
  28. data/lib/doorkeeper/config/validations.rb +53 -0
  29. data/lib/doorkeeper/config.rb +545 -143
  30. data/lib/doorkeeper/engine.rb +11 -5
  31. data/lib/doorkeeper/errors.rb +37 -10
  32. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  33. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  34. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  35. data/lib/doorkeeper/grant_flow.rb +45 -0
  36. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  37. data/lib/doorkeeper/grape/helpers.rb +24 -12
  38. data/lib/doorkeeper/helpers/controller.rb +49 -27
  39. data/lib/doorkeeper/models/access_grant_mixin.rb +100 -21
  40. data/lib/doorkeeper/models/access_token_mixin.rb +379 -75
  41. data/lib/doorkeeper/models/application_mixin.rb +72 -25
  42. data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
  43. data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
  44. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  45. data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
  46. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  47. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  48. data/lib/doorkeeper/models/concerns/revocable.rb +12 -18
  49. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  50. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  51. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  52. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  53. data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
  54. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
  55. data/lib/doorkeeper/oauth/authorization_code_request.rb +64 -14
  56. data/lib/doorkeeper/oauth/base_request.rb +66 -0
  57. data/lib/doorkeeper/oauth/base_response.rb +31 -0
  58. data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
  59. data/lib/doorkeeper/oauth/client.rb +10 -12
  60. data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
  61. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
  62. data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
  63. data/lib/doorkeeper/oauth/client_credentials_request.rb +11 -15
  64. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  65. data/lib/doorkeeper/oauth/code_response.rb +28 -15
  66. data/lib/doorkeeper/oauth/error.rb +5 -3
  67. data/lib/doorkeeper/oauth/error_response.rb +41 -20
  68. data/lib/doorkeeper/oauth/forbidden_token_response.rb +10 -3
  69. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
  70. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  71. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
  72. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  73. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  74. data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
  75. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  76. data/lib/doorkeeper/oauth/password_access_token_request.rb +45 -13
  77. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  78. data/lib/doorkeeper/oauth/refresh_token_request.rb +61 -36
  79. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  80. data/lib/doorkeeper/oauth/token.rb +25 -23
  81. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  82. data/lib/doorkeeper/oauth/token_request.rb +8 -21
  83. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  84. data/lib/doorkeeper/oauth.rb +13 -0
  85. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  86. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -25
  87. data/lib/doorkeeper/orm/active_record/application.rb +6 -15
  88. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
  89. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
  90. data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
  91. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  92. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  93. data/lib/doorkeeper/orm/active_record.rb +37 -8
  94. data/lib/doorkeeper/rails/helpers.rb +14 -15
  95. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  96. data/lib/doorkeeper/rails/routes/mapper.rb +3 -1
  97. data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
  98. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  99. data/lib/doorkeeper/rails/routes.rb +42 -30
  100. data/lib/doorkeeper/rake/db.rake +40 -0
  101. data/lib/doorkeeper/rake/setup.rake +11 -0
  102. data/lib/doorkeeper/rake.rb +14 -0
  103. data/lib/doorkeeper/request/authorization_code.rb +12 -4
  104. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  105. data/lib/doorkeeper/request/code.rb +1 -1
  106. data/lib/doorkeeper/request/password.rb +5 -14
  107. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  108. data/lib/doorkeeper/request/strategy.rb +4 -2
  109. data/lib/doorkeeper/request/token.rb +1 -1
  110. data/lib/doorkeeper/request.rb +62 -29
  111. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  112. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  113. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  114. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  115. data/lib/doorkeeper/server.rb +9 -19
  116. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  117. data/lib/doorkeeper/validations.rb +5 -2
  118. data/lib/doorkeeper/version.rb +12 -1
  119. data/lib/doorkeeper.rb +111 -56
  120. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  121. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  122. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  123. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  124. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  125. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  126. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
  127. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  128. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  129. data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
  130. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  131. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  132. data/lib/generators/doorkeeper/templates/initializer.rb +410 -31
  133. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  134. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  135. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  136. metadata +132 -286
  137. data/.gitignore +0 -14
  138. data/.hound.yml +0 -13
  139. data/.rspec +0 -1
  140. data/.travis.yml +0 -20
  141. data/CONTRIBUTING.md +0 -47
  142. data/Gemfile +0 -14
  143. data/NEWS.md +0 -593
  144. data/RELEASING.md +0 -17
  145. data/Rakefile +0 -20
  146. data/app/validators/redirect_uri_validator.rb +0 -34
  147. data/doorkeeper.gemspec +0 -28
  148. data/lib/doorkeeper/oauth/client/methods.rb +0 -18
  149. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  150. data/lib/doorkeeper/oauth/request_concern.rb +0 -48
  151. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  152. data/lib/generators/doorkeeper/templates/migration.rb +0 -68
  153. data/spec/controllers/application_metal_controller.rb +0 -10
  154. data/spec/controllers/applications_controller_spec.rb +0 -58
  155. data/spec/controllers/authorizations_controller_spec.rb +0 -189
  156. data/spec/controllers/protected_resources_controller_spec.rb +0 -300
  157. data/spec/controllers/token_info_controller_spec.rb +0 -52
  158. data/spec/controllers/tokens_controller_spec.rb +0 -88
  159. data/spec/dummy/Rakefile +0 -7
  160. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  161. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  162. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  163. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  164. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  165. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  166. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  167. data/spec/dummy/app/models/user.rb +0 -5
  168. data/spec/dummy/app/views/home/index.html.erb +0 -0
  169. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  170. data/spec/dummy/config/application.rb +0 -23
  171. data/spec/dummy/config/boot.rb +0 -9
  172. data/spec/dummy/config/database.yml +0 -15
  173. data/spec/dummy/config/environment.rb +0 -5
  174. data/spec/dummy/config/environments/development.rb +0 -29
  175. data/spec/dummy/config/environments/production.rb +0 -62
  176. data/spec/dummy/config/environments/test.rb +0 -44
  177. data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
  178. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  179. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  180. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  181. data/spec/dummy/config/initializers/session_store.rb +0 -8
  182. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  183. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  184. data/spec/dummy/config/routes.rb +0 -52
  185. data/spec/dummy/config.ru +0 -4
  186. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  187. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  188. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
  189. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
  190. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -11
  191. data/spec/dummy/db/schema.rb +0 -67
  192. data/spec/dummy/public/404.html +0 -26
  193. data/spec/dummy/public/422.html +0 -26
  194. data/spec/dummy/public/500.html +0 -26
  195. data/spec/dummy/public/favicon.ico +0 -0
  196. data/spec/dummy/script/rails +0 -6
  197. data/spec/factories.rb +0 -28
  198. data/spec/generators/application_owner_generator_spec.rb +0 -22
  199. data/spec/generators/install_generator_spec.rb +0 -31
  200. data/spec/generators/migration_generator_spec.rb +0 -20
  201. data/spec/generators/templates/routes.rb +0 -3
  202. data/spec/generators/views_generator_spec.rb +0 -27
  203. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  204. data/spec/lib/config_spec.rb +0 -334
  205. data/spec/lib/doorkeeper_spec.rb +0 -28
  206. data/spec/lib/models/expirable_spec.rb +0 -51
  207. data/spec/lib/models/revocable_spec.rb +0 -59
  208. data/spec/lib/models/scopes_spec.rb +0 -43
  209. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
  210. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  211. data/spec/lib/oauth/client/credentials_spec.rb +0 -47
  212. data/spec/lib/oauth/client/methods_spec.rb +0 -54
  213. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  214. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  215. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  216. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  217. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  218. data/spec/lib/oauth/client_spec.rb +0 -39
  219. data/spec/lib/oauth/code_request_spec.rb +0 -45
  220. data/spec/lib/oauth/code_response_spec.rb +0 -34
  221. data/spec/lib/oauth/error_response_spec.rb +0 -61
  222. data/spec/lib/oauth/error_spec.rb +0 -23
  223. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  224. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  225. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  226. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  227. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
  228. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  229. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  230. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
  231. data/spec/lib/oauth/scopes_spec.rb +0 -122
  232. data/spec/lib/oauth/token_request_spec.rb +0 -98
  233. data/spec/lib/oauth/token_response_spec.rb +0 -85
  234. data/spec/lib/oauth/token_spec.rb +0 -116
  235. data/spec/lib/request/strategy_spec.rb +0 -53
  236. data/spec/lib/server_spec.rb +0 -52
  237. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  238. data/spec/models/doorkeeper/access_token_spec.rb +0 -394
  239. data/spec/models/doorkeeper/application_spec.rb +0 -179
  240. data/spec/requests/applications/applications_request_spec.rb +0 -94
  241. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  242. data/spec/requests/endpoints/authorization_spec.rb +0 -72
  243. data/spec/requests/endpoints/token_spec.rb +0 -64
  244. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
  245. data/spec/requests/flows/authorization_code_spec.rb +0 -156
  246. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  247. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  248. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  249. data/spec/requests/flows/password_spec.rb +0 -115
  250. data/spec/requests/flows/refresh_token_spec.rb +0 -174
  251. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  252. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  253. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  254. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  255. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  256. data/spec/routing/default_routes_spec.rb +0 -35
  257. data/spec/routing/scoped_routes_spec.rb +0 -31
  258. data/spec/spec_helper.rb +0 -2
  259. data/spec/spec_helper_integration.rb +0 -59
  260. data/spec/support/dependencies/factory_girl.rb +0 -2
  261. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  262. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  263. data/spec/support/helpers/config_helper.rb +0 -9
  264. data/spec/support/helpers/model_helper.rb +0 -67
  265. data/spec/support/helpers/request_spec_helper.rb +0 -76
  266. data/spec/support/helpers/url_helper.rb +0 -55
  267. data/spec/support/http_method_shim.rb +0 -24
  268. data/spec/support/orm/active_record.rb +0 -3
  269. data/spec/support/shared/controllers_shared_context.rb +0 -69
  270. data/spec/support/shared/models_shared_examples.rb +0 -52
  271. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,34 +0,0 @@
1
- require 'uri'
2
-
3
- class RedirectUriValidator < ActiveModel::EachValidator
4
- def self.native_redirect_uri
5
- Doorkeeper.configuration.native_redirect_uri
6
- end
7
-
8
- def validate_each(record, attribute, value)
9
- if value.blank?
10
- record.errors.add(attribute, :blank)
11
- else
12
- value.split.each do |val|
13
- uri = ::URI.parse(val)
14
- return if native_redirect_uri?(uri)
15
- record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
16
- record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
17
- record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
18
- end
19
- end
20
- rescue URI::InvalidURIError
21
- record.errors.add(attribute, :invalid_uri)
22
- end
23
-
24
- private
25
-
26
- def native_redirect_uri?(uri)
27
- self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
28
- end
29
-
30
- def invalid_ssl_uri?(uri)
31
- forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
32
- forces_ssl && uri.try(:scheme) == 'http'
33
- end
34
- end
data/doorkeeper.gemspec DELETED
@@ -1,28 +0,0 @@
1
- $LOAD_PATH.push File.expand_path("../lib", __FILE__)
2
-
3
- require "doorkeeper/version"
4
-
5
- Gem::Specification.new do |s|
6
- s.name = "doorkeeper"
7
- s.version = Doorkeeper::VERSION
8
- s.authors = ["Felipe Elias Philipp", "Tute Costa"]
9
- s.email = %w(tutecosta@gmail.com)
10
- s.homepage = "https://github.com/doorkeeper-gem/doorkeeper"
11
- s.summary = "OAuth 2 provider for Rails and Grape"
12
- s.description = "Doorkeeper is an OAuth 2 provider for Rails and Grape."
13
- s.license = 'MIT'
14
-
15
- s.files = `git ls-files`.split("\n")
16
- s.test_files = `git ls-files -- spec/*`.split("\n")
17
- s.require_paths = ["lib"]
18
-
19
- s.add_dependency "railties", ">= 4.2"
20
-
21
- s.add_development_dependency "capybara"
22
- s.add_development_dependency "database_cleaner", "~> 1.3.0"
23
- s.add_development_dependency "factory_girl", "~> 4.5.0"
24
- s.add_development_dependency "generator_spec", "~> 0.9.0"
25
- s.add_development_dependency "rake", "> 10.5.0"
26
- s.add_development_dependency "rspec-rails"
27
- s.add_development_dependency "timecop", "~> 0.7.0"
28
- end
@@ -1,18 +0,0 @@
1
- module Doorkeeper
2
- module OAuth
3
- class Client
4
- module Methods
5
- def from_params(request)
6
- request.parameters.values_at(:client_id, :client_secret)
7
- end
8
-
9
- def from_basic(request)
10
- authorization = request.authorization
11
- if authorization.present? && authorization =~ /^Basic (.*)/m
12
- Base64.decode64($1).split(/:/, 2)
13
- end
14
- end
15
- end
16
- end
17
- end
18
- end
@@ -1,45 +0,0 @@
1
- require 'doorkeeper/validations'
2
- require 'doorkeeper/oauth/scopes'
3
- require 'doorkeeper/oauth/helpers/scope_checker'
4
-
5
- module Doorkeeper
6
- module OAuth
7
- class ClientCredentialsRequest
8
- class Validation
9
- include Validations
10
- include OAuth::Helpers
11
-
12
- validate :client, error: :invalid_client
13
- validate :scopes, error: :invalid_scope
14
-
15
- def initialize(server, request)
16
- @server, @request, @client = server, request, request.client
17
-
18
- validate
19
- end
20
-
21
- private
22
-
23
- def validate_client
24
- @client.present?
25
- end
26
-
27
- def validate_scopes
28
- return true unless @request.scopes.present?
29
-
30
- application_scopes = if @client.present?
31
- @client.application.scopes
32
- else
33
- ''
34
- end
35
-
36
- ScopeChecker.valid?(
37
- @request.scopes.to_s,
38
- @server.scopes,
39
- application_scopes
40
- )
41
- end
42
- end
43
- end
44
- end
45
- end
@@ -1,48 +0,0 @@
1
- module Doorkeeper
2
- module OAuth
3
- module RequestConcern
4
- def authorize
5
- validate
6
- if valid?
7
- before_successful_response
8
- @response = TokenResponse.new(access_token)
9
- after_successful_response
10
- @response
11
- else
12
- @response = ErrorResponse.from_request(self)
13
- end
14
- end
15
-
16
- def scopes
17
- @scopes ||= if @original_scopes.present?
18
- OAuth::Scopes.from_string(@original_scopes)
19
- else
20
- default_scopes
21
- end
22
- end
23
-
24
- def default_scopes
25
- server.default_scopes
26
- end
27
-
28
- def valid?
29
- error.nil?
30
- end
31
-
32
- def find_or_create_access_token(client, resource_owner_id, scopes, server)
33
- @access_token = AccessToken.find_or_create_for(
34
- client,
35
- resource_owner_id,
36
- scopes,
37
- Authorization::Token.access_token_expires_in(server, client),
38
- server.refresh_token_enabled?)
39
- end
40
-
41
- def before_successful_response
42
- end
43
-
44
- def after_successful_response
45
- end
46
- end
47
- end
48
- end
@@ -1,7 +0,0 @@
1
- class AddOwnerToApplication < ActiveRecord::Migration
2
- def change
3
- add_column :oauth_applications, :owner_id, :integer, null: true
4
- add_column :oauth_applications, :owner_type, :string, null: true
5
- add_index :oauth_applications, [:owner_id, :owner_type]
6
- end
7
- end
@@ -1,68 +0,0 @@
1
- class CreateDoorkeeperTables < ActiveRecord::Migration
2
- def change
3
- create_table :oauth_applications do |t|
4
- t.string :name, null: false
5
- t.string :uid, null: false
6
- t.string :secret, null: false
7
- t.text :redirect_uri, null: false
8
- t.string :scopes, null: false, default: ''
9
- t.timestamps null: false
10
- end
11
-
12
- add_index :oauth_applications, :uid, unique: true
13
-
14
- create_table :oauth_access_grants do |t|
15
- t.integer :resource_owner_id, null: false
16
- t.references :application, null: false
17
- t.string :token, null: false
18
- t.integer :expires_in, null: false
19
- t.text :redirect_uri, null: false
20
- t.datetime :created_at, null: false
21
- t.datetime :revoked_at
22
- t.string :scopes
23
- end
24
-
25
- add_index :oauth_access_grants, :token, unique: true
26
- add_foreign_key(
27
- :oauth_access_grants,
28
- :oauth_applications,
29
- column: :application_id
30
- )
31
-
32
- create_table :oauth_access_tokens do |t|
33
- t.integer :resource_owner_id
34
- t.references :application
35
-
36
- # If you use a custom token generator you may need to change this column
37
- # from string to text, so that it accepts tokens larger than 255
38
- # characters. More info on custom token generators in:
39
- # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
40
- #
41
- # t.text :token, null: false
42
- t.string :token, null: false
43
-
44
- t.string :refresh_token
45
- t.integer :expires_in
46
- t.datetime :revoked_at
47
- t.datetime :created_at, null: false
48
- t.string :scopes
49
-
50
- # If there is a previous_refresh_token column,
51
- # refresh tokens will be revoked after a related access token is used.
52
- # If there is no previous_refresh_token column,
53
- # previous tokens are revoked as soon as a new access token is created.
54
- # Comment out this line if you'd rather have refresh tokens
55
- # instantly revoked.
56
- t.string :previous_refresh_token, null: false, default: ""
57
- end
58
-
59
- add_index :oauth_access_tokens, :token, unique: true
60
- add_index :oauth_access_tokens, :resource_owner_id
61
- add_index :oauth_access_tokens, :refresh_token, unique: true
62
- add_foreign_key(
63
- :oauth_access_tokens,
64
- :oauth_applications,
65
- column: :application_id
66
- )
67
- end
68
- end
@@ -1,10 +0,0 @@
1
- require "spec_helper_integration"
2
-
3
- describe Doorkeeper::ApplicationMetalController do
4
- it "lazy run hooks" do
5
- i = 0
6
- ActiveSupport.on_load(:doorkeeper_metal_controller) { i += 1 }
7
-
8
- expect(i).to eq 1
9
- end
10
- end
@@ -1,58 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- module Doorkeeper
4
- describe ApplicationsController do
5
- context 'when admin is not authenticated' do
6
- before do
7
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
8
- redirect_to main_app.root_url
9
- end)
10
- end
11
-
12
- it 'redirects as set in Doorkeeper.authenticate_admin' do
13
- get :index
14
- expect(response).to redirect_to(controller.main_app.root_url)
15
- end
16
-
17
- it 'does not create application' do
18
- expect do
19
- post :create, doorkeeper_application: {
20
- name: 'Example',
21
- redirect_uri: 'https://example.com' }
22
- end.to_not change { Doorkeeper::Application.count }
23
- end
24
- end
25
-
26
- context 'when admin is authenticated' do
27
- before do
28
- allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(arg) { true })
29
- end
30
-
31
- it 'creates application' do
32
- expect do
33
- post :create, doorkeeper_application: {
34
- name: 'Example',
35
- redirect_uri: 'https://example.com' }
36
- end.to change { Doorkeeper::Application.count }.by(1)
37
- expect(response).to be_redirect
38
- end
39
-
40
- it 'does not allow mass assignment of uid or secret' do
41
- application = FactoryGirl.create(:application)
42
- put :update, id: application.id, doorkeeper_application: {
43
- uid: '1A2B3C4D',
44
- secret: '1A2B3C4D' }
45
-
46
- expect(application.reload.uid).not_to eq '1A2B3C4D'
47
- end
48
-
49
- it 'updates application' do
50
- application = FactoryGirl.create(:application)
51
- put :update, id: application.id, doorkeeper_application: {
52
- name: 'Example',
53
- redirect_uri: 'https://example.com' }
54
- expect(application.reload.name).to eq 'Example'
55
- end
56
- end
57
- end
58
- end
@@ -1,189 +0,0 @@
1
- require 'spec_helper_integration'
2
-
3
- describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
4
- include AuthorizationRequestHelper
5
-
6
- def fragments(param)
7
- fragment = URI.parse(response.location).fragment
8
- Rack::Utils.parse_query(fragment)[param]
9
- end
10
-
11
- def translated_error_message(key)
12
- I18n.translate key, scope: [:doorkeeper, :errors, :messages]
13
- end
14
-
15
- let(:client) { FactoryGirl.create :application }
16
- let(:user) { User.create!(name: 'Joe', password: 'sekret') }
17
-
18
- before do
19
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
20
- allow(controller).to receive(:current_resource_owner).and_return(user)
21
- end
22
-
23
- describe 'POST #create' do
24
- before do
25
- post :create, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
26
- end
27
-
28
- it 'redirects after authorization' do
29
- expect(response).to be_redirect
30
- end
31
-
32
- it 'redirects to client redirect uri' do
33
- expect(response.location).to match(%r{^#{client.redirect_uri}})
34
- end
35
-
36
- it 'includes access token in fragment' do
37
- expect(fragments('access_token')).to eq(Doorkeeper::AccessToken.first.token)
38
- end
39
-
40
- it 'includes token type in fragment' do
41
- expect(fragments('token_type')).to eq('bearer')
42
- end
43
-
44
- it 'includes token expiration in fragment' do
45
- expect(fragments('expires_in').to_i).to eq(2.hours.to_i)
46
- end
47
-
48
- it 'issues the token for the current client' do
49
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
50
- end
51
-
52
- it 'issues the token for the current resource owner' do
53
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
54
- end
55
- end
56
-
57
- describe 'POST #create with errors' do
58
- before do
59
- default_scopes_exist :public
60
- post :create, client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri
61
- end
62
-
63
- it 'redirects after authorization' do
64
- expect(response).to be_redirect
65
- end
66
-
67
- it 'redirects to client redirect uri' do
68
- expect(response.location).to match(%r{^#{client.redirect_uri}})
69
- end
70
-
71
- it 'does not include access token in fragment' do
72
- expect(fragments('access_token')).to be_nil
73
- end
74
-
75
- it 'includes error in fragment' do
76
- expect(fragments('error')).to eq('invalid_scope')
77
- end
78
-
79
- it 'includes error description in fragment' do
80
- expect(fragments('error_description')).to eq(translated_error_message(:invalid_scope))
81
- end
82
-
83
- it 'does not issue any access token' do
84
- expect(Doorkeeper::AccessToken.all).to be_empty
85
- end
86
- end
87
-
88
- describe 'POST #create with application already authorized' do
89
- it 'returns the existing access token in a fragment'
90
- end
91
-
92
- describe 'GET #new token request with native url and skip_authorization true' do
93
- before do
94
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
95
- true
96
- end)
97
- client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
98
- get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
99
- end
100
-
101
- it 'should redirect immediately' do
102
- expect(response).to be_redirect
103
- expect(response.location).to match(/oauth\/token\/info\?access_token=/)
104
- end
105
-
106
- it 'should not issue a grant' do
107
- expect(Doorkeeper::AccessGrant.count).to be 0
108
- end
109
-
110
- it 'should issue a token' do
111
- expect(Doorkeeper::AccessToken.count).to be 1
112
- end
113
- end
114
-
115
- describe 'GET #new code request with native url and skip_authorization true' do
116
- before do
117
- allow(Doorkeeper.configuration).to receive(:grant_flows).
118
- and_return(%w(authorization_code))
119
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
120
- true
121
- end)
122
- client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
123
- get :new, client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri
124
- end
125
-
126
- it 'should redirect immediately' do
127
- expect(response).to be_redirect
128
- expect(response.location).to match(/oauth\/authorize\//)
129
- end
130
-
131
- it 'should issue a grant' do
132
- expect(Doorkeeper::AccessGrant.count).to be 1
133
- end
134
-
135
- it 'should not issue a token' do
136
- expect(Doorkeeper::AccessToken.count).to be 0
137
- end
138
- end
139
-
140
- describe 'GET #new with skip_authorization true' do
141
- before do
142
- allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
143
- true
144
- end)
145
- get :new, client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri
146
- end
147
-
148
- it 'should redirect immediately' do
149
- expect(response).to be_redirect
150
- expect(response.location).to match(%r{^#{client.redirect_uri}})
151
- end
152
-
153
- it 'should issue a token' do
154
- expect(Doorkeeper::AccessToken.count).to be 1
155
- end
156
-
157
- it 'includes token type in fragment' do
158
- expect(fragments('token_type')).to eq('bearer')
159
- end
160
-
161
- it 'includes token expiration in fragment' do
162
- expect(fragments('expires_in').to_i).to eq(2.hours.to_i)
163
- end
164
-
165
- it 'issues the token for the current client' do
166
- expect(Doorkeeper::AccessToken.first.application_id).to eq(client.id)
167
- end
168
-
169
- it 'issues the token for the current resource owner' do
170
- expect(Doorkeeper::AccessToken.first.resource_owner_id).to eq(user.id)
171
- end
172
- end
173
-
174
- describe 'GET #new with errors' do
175
- before do
176
- default_scopes_exist :public
177
- get :new, an_invalid: 'request'
178
- end
179
-
180
- it 'does not redirect' do
181
- expect(response).to_not be_redirect
182
- end
183
-
184
- it 'does not issue any token' do
185
- expect(Doorkeeper::AccessGrant.count).to eq 0
186
- expect(Doorkeeper::AccessToken.count).to eq 0
187
- end
188
- end
189
- end