doorkeeper 4.2.0 → 5.6.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1119 -0
- data/README.md +112 -349
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +6 -7
- data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
- data/app/controllers/doorkeeper/applications_controller.rb +65 -20
- data/app/controllers/doorkeeper/authorizations_controller.rb +115 -18
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
- data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
- data/app/controllers/doorkeeper/tokens_controller.rb +118 -38
- data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
- data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
- data/app/views/doorkeeper/applications/_form.html.erb +33 -21
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +40 -16
- data/app/views/doorkeeper/authorizations/error.html.erb +4 -2
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +17 -11
- data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
- data/config/locales/en.yml +36 -9
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +82 -0
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +551 -155
- data/lib/doorkeeper/engine.rb +19 -6
- data/lib/doorkeeper/errors.rb +55 -10
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
- data/lib/doorkeeper/grape/helpers.rb +24 -12
- data/lib/doorkeeper/helpers/controller.rb +49 -27
- data/lib/doorkeeper/models/access_grant_mixin.rb +100 -21
- data/lib/doorkeeper/models/access_token_mixin.rb +383 -75
- data/lib/doorkeeper/models/application_mixin.rb +72 -25
- data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +12 -18
- data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
- data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +54 -12
- data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +72 -28
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
- data/lib/doorkeeper/oauth/authorization_code_request.rb +77 -17
- data/lib/doorkeeper/oauth/base_request.rb +67 -0
- data/lib/doorkeeper/oauth/base_response.rb +31 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
- data/lib/doorkeeper/oauth/client.rb +10 -12
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +44 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +21 -13
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +20 -16
- data/lib/doorkeeper/oauth/code_request.rb +9 -13
- data/lib/doorkeeper/oauth/code_response.rb +28 -15
- data/lib/doorkeeper/oauth/error.rb +5 -3
- data/lib/doorkeeper/oauth/error_response.rb +43 -20
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +47 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +46 -14
- data/lib/doorkeeper/oauth/pre_authorization.rb +138 -28
- data/lib/doorkeeper/oauth/refresh_token_request.rb +74 -41
- data/lib/doorkeeper/oauth/scopes.rb +26 -12
- data/lib/doorkeeper/oauth/token.rb +25 -23
- data/lib/doorkeeper/oauth/token_introspection.rb +204 -0
- data/lib/doorkeeper/oauth/token_request.rb +9 -22
- data/lib/doorkeeper/oauth/token_response.rb +13 -10
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
- data/lib/doorkeeper/orm/active_record/access_token.rb +5 -25
- data/lib/doorkeeper/orm/active_record/application.rb +6 -15
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +63 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +77 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +210 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +36 -0
- data/lib/doorkeeper/orm/active_record.rb +34 -12
- data/lib/doorkeeper/rails/helpers.rb +14 -15
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +3 -1
- data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +50 -29
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +6 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/authorization_code.rb +12 -4
- data/lib/doorkeeper/request/client_credentials.rb +3 -3
- data/lib/doorkeeper/request/code.rb +1 -1
- data/lib/doorkeeper/request/password.rb +5 -14
- data/lib/doorkeeper/request/refresh_token.rb +6 -5
- data/lib/doorkeeper/request/strategy.rb +4 -2
- data/lib/doorkeeper/request/token.rb +1 -1
- data/lib/doorkeeper/request.rb +62 -29
- data/lib/doorkeeper/secret_storing/base.rb +64 -0
- data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
- data/lib/doorkeeper/secret_storing/plain.rb +33 -0
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
- data/lib/doorkeeper/server.rb +9 -19
- data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
- data/lib/doorkeeper/validations.rb +5 -2
- data/lib/doorkeeper/version.rb +12 -1
- data/lib/doorkeeper.rb +180 -57
- data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/install_generator.rb +19 -9
- data/lib/generators/doorkeeper/migration_generator.rb +27 -10
- data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
- data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +436 -33
- data/lib/generators/doorkeeper/templates/migration.rb.erb +98 -0
- data/lib/generators/doorkeeper/views_generator.rb +8 -4
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +129 -281
- data/.gitignore +0 -14
- data/.hound.yml +0 -13
- data/.rspec +0 -1
- data/.travis.yml +0 -20
- data/CONTRIBUTING.md +0 -47
- data/Gemfile +0 -14
- data/NEWS.md +0 -593
- data/RELEASING.md +0 -17
- data/Rakefile +0 -20
- data/app/validators/redirect_uri_validator.rb +0 -34
- data/doorkeeper.gemspec +0 -28
- data/lib/doorkeeper/oauth/client/methods.rb +0 -18
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
- data/lib/doorkeeper/oauth/request_concern.rb +0 -48
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
- data/lib/generators/doorkeeper/templates/migration.rb +0 -68
- data/spec/controllers/application_metal_controller.rb +0 -10
- data/spec/controllers/applications_controller_spec.rb +0 -58
- data/spec/controllers/authorizations_controller_spec.rb +0 -189
- data/spec/controllers/protected_resources_controller_spec.rb +0 -300
- data/spec/controllers/token_info_controller_spec.rb +0 -52
- data/spec/controllers/tokens_controller_spec.rb +0 -88
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -5
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -23
- data/spec/dummy/config/boot.rb +0 -9
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -44
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -11
- data/spec/dummy/db/schema.rb +0 -67
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/factories.rb +0 -28
- data/spec/generators/application_owner_generator_spec.rb +0 -22
- data/spec/generators/install_generator_spec.rb +0 -31
- data/spec/generators/migration_generator_spec.rb +0 -20
- data/spec/generators/templates/routes.rb +0 -3
- data/spec/generators/views_generator_spec.rb +0 -27
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
- data/spec/lib/config_spec.rb +0 -334
- data/spec/lib/doorkeeper_spec.rb +0 -28
- data/spec/lib/models/expirable_spec.rb +0 -51
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -43
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
- data/spec/lib/oauth/client/credentials_spec.rb +0 -47
- data/spec/lib/oauth/client/methods_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
- data/spec/lib/oauth/client_spec.rb +0 -39
- data/spec/lib/oauth/code_request_spec.rb +0 -45
- data/spec/lib/oauth/code_response_spec.rb +0 -34
- data/spec/lib/oauth/error_response_spec.rb +0 -61
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
- data/spec/lib/oauth/scopes_spec.rb +0 -122
- data/spec/lib/oauth/token_request_spec.rb +0 -98
- data/spec/lib/oauth/token_response_spec.rb +0 -85
- data/spec/lib/oauth/token_spec.rb +0 -116
- data/spec/lib/request/strategy_spec.rb +0 -53
- data/spec/lib/server_spec.rb +0 -52
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
- data/spec/models/doorkeeper/access_token_spec.rb +0 -394
- data/spec/models/doorkeeper/application_spec.rb +0 -179
- data/spec/requests/applications/applications_request_spec.rb +0 -94
- data/spec/requests/applications/authorized_applications_spec.rb +0 -30
- data/spec/requests/endpoints/authorization_spec.rb +0 -72
- data/spec/requests/endpoints/token_spec.rb +0 -64
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
- data/spec/requests/flows/authorization_code_spec.rb +0 -156
- data/spec/requests/flows/client_credentials_spec.rb +0 -58
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
- data/spec/requests/flows/implicit_grant_spec.rb +0 -61
- data/spec/requests/flows/password_spec.rb +0 -115
- data/spec/requests/flows/refresh_token_spec.rb +0 -174
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -59
- data/spec/requests/protected_resources/metal_spec.rb +0 -14
- data/spec/requests/protected_resources/private_api_spec.rb +0 -81
- data/spec/routing/custom_controller_routes_spec.rb +0 -71
- data/spec/routing/default_routes_spec.rb +0 -35
- data/spec/routing/scoped_routes_spec.rb +0 -31
- data/spec/spec_helper.rb +0 -2
- data/spec/spec_helper_integration.rb +0 -59
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/access_token_request_helper.rb +0 -11
- data/spec/support/helpers/authorization_request_helper.rb +0 -41
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -67
- data/spec/support/helpers/request_spec_helper.rb +0 -76
- data/spec/support/helpers/url_helper.rb +0 -55
- data/spec/support/http_method_shim.rb +0 -24
- data/spec/support/orm/active_record.rb +0 -3
- data/spec/support/shared/controllers_shared_context.rb +0 -69
- data/spec/support/shared/models_shared_examples.rb +0 -52
- data/spec/validators/redirect_uri_validator_spec.rb +0 -78
data/CONTRIBUTING.md
DELETED
@@ -1,47 +0,0 @@
|
|
1
|
-
# Contributing
|
2
|
-
|
3
|
-
We love pull requests from everyone. By participating in this project, you agree
|
4
|
-
to abide by the thoughtbot [code of conduct].
|
5
|
-
|
6
|
-
[code of conduct]: https://thoughtbot.com/open-source-code-of-conduct
|
7
|
-
|
8
|
-
Fork, then clone the repo:
|
9
|
-
|
10
|
-
git clone git@github.com:your-username/doorkeeper.git
|
11
|
-
|
12
|
-
Set up Ruby dependencies via Bundler
|
13
|
-
|
14
|
-
bundle install
|
15
|
-
|
16
|
-
Make sure the tests pass:
|
17
|
-
|
18
|
-
rake
|
19
|
-
|
20
|
-
Make your change.
|
21
|
-
Write tests.
|
22
|
-
Follow our [style guide][style].
|
23
|
-
Make the tests pass:
|
24
|
-
|
25
|
-
[style]: https://github.com/thoughtbot/guides/tree/master/style
|
26
|
-
|
27
|
-
rake
|
28
|
-
|
29
|
-
Add notes on your change to the `NEWS.md` file.
|
30
|
-
|
31
|
-
Write a [good commit message][commit].
|
32
|
-
Push to your fork.
|
33
|
-
[Submit a pull request][pr].
|
34
|
-
|
35
|
-
[commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
|
36
|
-
[pr]: https://github.com/doorkeeper-gem/doorkeeper/compare/
|
37
|
-
|
38
|
-
If [Hound] catches style violations,
|
39
|
-
fix them.
|
40
|
-
|
41
|
-
[hound]: https://houndci.com
|
42
|
-
|
43
|
-
Wait for us.
|
44
|
-
We try to at least comment on pull requests within one business day.
|
45
|
-
We may suggest changes.
|
46
|
-
|
47
|
-
Thank you for your contribution!
|
data/Gemfile
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
ENV["rails"] ||= "4.2.0"
|
2
|
-
|
3
|
-
source "https://rubygems.org"
|
4
|
-
|
5
|
-
gem "rails", "~> #{ENV["rails"]}"
|
6
|
-
|
7
|
-
if ENV['rails'].start_with?('5')
|
8
|
-
gem "rspec-rails", "3.5.1"
|
9
|
-
end
|
10
|
-
|
11
|
-
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
12
|
-
gem "sqlite3", platform: [:ruby, :mswin, :mingw]
|
13
|
-
|
14
|
-
gemspec
|
data/NEWS.md
DELETED
@@ -1,593 +0,0 @@
|
|
1
|
-
# News
|
2
|
-
|
3
|
-
User-visible changes worth mentioning.
|
4
|
-
|
5
|
-
## master
|
6
|
-
|
7
|
-
## 4.2.0
|
8
|
-
|
9
|
-
- Security fix: Address CVE-2016-6582, implement token revocation according to
|
10
|
-
spec (tokens might not be revoked if client follows the spec).
|
11
|
-
- [#873] Add hooks to Doorkeeper::ApplicationMetalController
|
12
|
-
- [#871] Allow downstream users to better utilize doorkeeper spec factories by
|
13
|
-
eliminating name conflict on `:user` factory.
|
14
|
-
|
15
|
-
## 4.1.0
|
16
|
-
|
17
|
-
- [#845] Allow customising the `Doorkeeper::ApplicationController` base
|
18
|
-
controller
|
19
|
-
|
20
|
-
## 4.0.0
|
21
|
-
|
22
|
-
- [#834] Fix AssetNotPrecompiled error with Sprockets 4
|
23
|
-
- [#843] Revert "Fix validation error messages"
|
24
|
-
- [#847] Specify Null option to timestamps
|
25
|
-
|
26
|
-
## 4.0.0.rc4
|
27
|
-
|
28
|
-
- [#777] Add support for public client in password grant flow
|
29
|
-
- [#823] Make configuration and specs ORM independent
|
30
|
-
- [#745] Add created_at timestamp to token generation options
|
31
|
-
- [#838] Drop `Application#scopes` generator and warning, introduced for
|
32
|
-
upgrading doorkeeper from v2 to v3.
|
33
|
-
- [#801] Fix Rails 5 warning messages
|
34
|
-
- Test against Rails 5 RC1
|
35
|
-
|
36
|
-
## 4.0.0.rc3
|
37
|
-
|
38
|
-
- [#769] Revoke refresh token on access token use. To make use of the new config
|
39
|
-
add `previous_refresh_token` column to `oauth_access_tokens`:
|
40
|
-
|
41
|
-
```
|
42
|
-
rails generate doorkeeper:previous_refresh_token
|
43
|
-
```
|
44
|
-
- [#811] Toughen parameters filter with exact match
|
45
|
-
- [#813] Applications admin bugfix
|
46
|
-
- [#799] Fix Ruby Warnings
|
47
|
-
- Drop `attr_accessible` from models
|
48
|
-
|
49
|
-
### Backward incompatible changes
|
50
|
-
|
51
|
-
- [#730] Force all timezones to use UTC to prevent comparison issues.
|
52
|
-
- [#802] Remove `config.i18n.fallbacks` from engine
|
53
|
-
|
54
|
-
## 4.0.0.rc2
|
55
|
-
|
56
|
-
- Fix optional belongs_to for Rails 5
|
57
|
-
- Fix Ruby warnings
|
58
|
-
|
59
|
-
## 4.0.0.rc1
|
60
|
-
|
61
|
-
### Backward incompatible changes
|
62
|
-
|
63
|
-
- Drops support for Rails 4.1 and earlier
|
64
|
-
- Drops support for Ruby 2.0
|
65
|
-
- [#778] Bug fix: use the remaining time that a token is still valid when
|
66
|
-
building the redirect URI for the implicit grant flow
|
67
|
-
|
68
|
-
### Other changes
|
69
|
-
|
70
|
-
- [#771] Validation error messages fixes
|
71
|
-
- Adds foreign key constraints in generated migrations between tokens and
|
72
|
-
grants, and applications
|
73
|
-
- Support Rails 5
|
74
|
-
|
75
|
-
## 3.1.0
|
76
|
-
|
77
|
-
- [#736] Existing valid tokens are now reused in client_credentials flow
|
78
|
-
- [#749] Allow user to raise authorization error with custom messages.
|
79
|
-
Under `resource_owner_authenticator` block a user can
|
80
|
-
`raise Doorkeeper::Errors::DoorkeeperError.new('custom_message')`
|
81
|
-
- [#762] Check doesn’t abort the actual migration, so it runs
|
82
|
-
- [#722] `doorkeeper_forbidden_render_options` now supports returning a 404 by
|
83
|
-
specifying `respond_not_found_when_forbidden: true` in the
|
84
|
-
`doorkeeper_forbidden_render_options` method.
|
85
|
-
- [#734] Simplify and remove duplication in request strategy classes
|
86
|
-
|
87
|
-
## 3.0.1
|
88
|
-
|
89
|
-
- [#712] Wrap exchange of grant token for access token and access token refresh
|
90
|
-
in transactions
|
91
|
-
- [#704] Allow applications scopes to be mass assigned
|
92
|
-
- [#707] Fixed order of Mixin inclusion and table_name configuration in models
|
93
|
-
- [#712] Wrap access token and refresh grants in transactions
|
94
|
-
- Adds JRuby support
|
95
|
-
- Specs, views and documentation adjustments
|
96
|
-
|
97
|
-
## 3.0.0
|
98
|
-
|
99
|
-
### Other changes
|
100
|
-
|
101
|
-
- [#693] Updates `en.yml`.
|
102
|
-
|
103
|
-
## 3.0.0 (rc2)
|
104
|
-
|
105
|
-
### Backward incompatible changes
|
106
|
-
|
107
|
-
- [#678] Change application-specific scopes to take precedence over server-wide
|
108
|
-
scopes. This removes the previous behavior where the intersection between
|
109
|
-
application and server scopes was used.
|
110
|
-
|
111
|
-
### Other changes
|
112
|
-
|
113
|
-
- [#671] Fixes `NoMethodError - undefined method 'getlocal'` when calling
|
114
|
-
the /oauth/token path. Switch from using a DateTime object to update
|
115
|
-
AR to using a Time object. (Issue #668)
|
116
|
-
- [#677] Support editing application-specific scopes via the standard forms
|
117
|
-
- [#682] Pass error hash to Grape `error!`
|
118
|
-
- [#683] Generate application secret/UID if fields are blank strings
|
119
|
-
|
120
|
-
## 3.0.0 (rc1)
|
121
|
-
|
122
|
-
### Backward incompatible changes
|
123
|
-
|
124
|
-
- [#648] Extracts mongodb ORMs to
|
125
|
-
https://github.com/doorkeeper-gem/doorkeeper-mongodb. If you use ActiveRecord
|
126
|
-
you don’t need to do any change, otherwise you will need to install the new
|
127
|
-
plugin.
|
128
|
-
- [#665] `doorkeeper_unauthorized_render_options(error:)` and
|
129
|
-
`doorkeeper_forbidden_render_options(error:)` now accept `error` keyword
|
130
|
-
argument.
|
131
|
-
|
132
|
-
### Removed deprecations
|
133
|
-
|
134
|
-
- Removes `doorkeeper_for` deprecation notice.
|
135
|
-
- Remove `applications.scopes` upgrade notice.
|
136
|
-
|
137
|
-
|
138
|
-
## 2.2.2
|
139
|
-
|
140
|
-
- [#541] Fixed `undefined method attr_accessible` problem on Rails 4
|
141
|
-
(happens only when ProtectedAttributes gem is used) in #599
|
142
|
-
|
143
|
-
## 2.2.1
|
144
|
-
|
145
|
-
- [#636] `custom_access_token_expires_in` bugfixes
|
146
|
-
- [#641] syntax error fix (Issue #612)
|
147
|
-
- [#633] Send extra details to Custom Token Generator
|
148
|
-
- [#628] Refactor: improve orm adapters to ease extension
|
149
|
-
- [#637] Upgrade to rspec to 3.2
|
150
|
-
|
151
|
-
## 2.2.0 - 2015-04-19
|
152
|
-
|
153
|
-
- [#611] Allow custom access token generators to be used
|
154
|
-
- [#632] Properly fallback to `default_scopes` when no scope is specified
|
155
|
-
- [#622] Clarify that there is a logical OR between scopes for authorizing
|
156
|
-
- [#635] Upgrade to rspec 3
|
157
|
-
- [#627] i18n fallbacks to english
|
158
|
-
- Moved CHANGELOG to NEWS.md
|
159
|
-
|
160
|
-
|
161
|
-
## 2.1.4 - 2015-03-27
|
162
|
-
|
163
|
-
- [#595] HTTP spec: Add `scope` for refresh token scope param
|
164
|
-
- [#596] Limit scopes in app scopes for client credentials
|
165
|
-
- [#567] Add Grape helpers for easier integration with Grape framework
|
166
|
-
- [#606] Add custom access token expiration support for Client Credentials flow
|
167
|
-
|
168
|
-
|
169
|
-
## 2.1.3 - 2015-03-01
|
170
|
-
|
171
|
-
- [#588] Fixes scopes_match? bug that skipped authorization form in some cases
|
172
|
-
|
173
|
-
|
174
|
-
## 2.1.2 - 2015-02-25
|
175
|
-
|
176
|
-
- [#574] Remove unused update authorization route.
|
177
|
-
- [#576] Filter out sensitive parameters from logs.
|
178
|
-
- [#582] The Authorization HTTP header fields are now case insensitive.
|
179
|
-
- [#583] Database connection bugfix in certain scenarios.
|
180
|
-
- Testing improvements
|
181
|
-
|
182
|
-
|
183
|
-
## 2.1.1 - 2015-02-06
|
184
|
-
|
185
|
-
- Remove `wildcard_redirect_url` option
|
186
|
-
- [#481] Customize token flow OAuth expirations with a config lambda
|
187
|
-
- [#568] TokensController: Memoize strategy.authorize_response result to enable
|
188
|
-
subclasses to use the response object.
|
189
|
-
- [#571] Fix database initialization issues in some configurations.
|
190
|
-
- Documentation improvements
|
191
|
-
|
192
|
-
|
193
|
-
## 2.1.0 - 2015-01-13
|
194
|
-
|
195
|
-
- [#540] Include `created_at` in response.
|
196
|
-
- [#538] Check application-level scopes in client_credentials and password flow.
|
197
|
-
- [5596227] Check application scopes in AccessToken when present. Fixes a bug in
|
198
|
-
doorkeeper 2.0.0 and 2.0.1 referring to application specific scopes.
|
199
|
-
- [#534] Internationalizes doorkeeper views.
|
200
|
-
- [#545] Ensure there is a connection to the database before checking for
|
201
|
-
missing columns
|
202
|
-
- [#546] Use `Doorkeeper::` prefix when referencing `Application` to avoid
|
203
|
-
possible application model name conflict.
|
204
|
-
- [#538] Test with Rails ~> 4.2.
|
205
|
-
|
206
|
-
### Potentially backward incompatible changes
|
207
|
-
|
208
|
-
- Enable by default `authorization_code` and `client_credentials` grant flows.
|
209
|
-
Disables implicit and password grant flows by default.
|
210
|
-
- [#510, #544, 722113f] Revoked refresh token response bugfix.
|
211
|
-
|
212
|
-
|
213
|
-
## 2.0.1 - 2014-12-17
|
214
|
-
|
215
|
-
- [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.
|
216
|
-
|
217
|
-
|
218
|
-
## 2.0.0 - 2014-12-16
|
219
|
-
|
220
|
-
### Backward incompatible changes
|
221
|
-
|
222
|
-
- [#448] Removes `doorkeeper_for` helper. Now we use
|
223
|
-
`before_action :doorkeeper_authorize!`.
|
224
|
-
- [#469] Allow client applications to restrict the set of allowable scopes.
|
225
|
-
Fixes #317. `oauth_applications` relation needs a new `scopes` string column,
|
226
|
-
non nullable, which defaults to an empty string. To add the column run:
|
227
|
-
|
228
|
-
```
|
229
|
-
rails generate doorkeeper:application_scopes
|
230
|
-
```
|
231
|
-
|
232
|
-
If you’d rather do it by hand, your ActiveRecord migration should contain:
|
233
|
-
|
234
|
-
```ruby
|
235
|
-
add_column :oauth_applications, :scopes, :string, null: false, default: ‘’
|
236
|
-
```
|
237
|
-
|
238
|
-
### Removed deprecations
|
239
|
-
|
240
|
-
- Removes `test_redirect_uri` option. It is now called `native_redirect_uri`.
|
241
|
-
- [#446] Removes `mount Doorkeeper::Engine`. Now we use `use_doorkeeper`.
|
242
|
-
|
243
|
-
### Others
|
244
|
-
|
245
|
-
- [#484] Performance improvement - avoid performing order_by when not required.
|
246
|
-
- [#450] When password is invalid in Password Credentials Grant, Doorkeeper
|
247
|
-
returned 'invalid_resource_owner' instead of 'invalid_grant', as the spec
|
248
|
-
declares. Fixes #444.
|
249
|
-
- [#452] Allows `revoked_at` to be set in the future, for future expiry.
|
250
|
-
Rationale: https://github.com/doorkeeper-gem/doorkeeper/pull/452#issuecomment-51431459
|
251
|
-
- [#480] For Implicit grant flow, access tokens can now be reused. Fixes #421.
|
252
|
-
- [#491] Reworks of @jasl's #454 and #478. ORM refactor that allows doorkeeper
|
253
|
-
to be extended more easily with unsupported ORMs. It also marks the boundaries
|
254
|
-
between shared model code and ORM specifics inside of the gem.
|
255
|
-
- [#496] Tests with Rails 4.2.
|
256
|
-
- [#489] Adds `force_ssl_in_redirect_uri` to force the usage of the HTTPS
|
257
|
-
protocol in non-native redirect uris.
|
258
|
-
- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
|
259
|
-
- [#518] Fix random failures in mongodb.
|
260
|
-
|
261
|
-
---
|
262
|
-
|
263
|
-
## 1.4.2 - 2015-03-02
|
264
|
-
|
265
|
-
- [#576] Filter out sensitive parameters from logs
|
266
|
-
|
267
|
-
## 1.4.1 - 2014-12-17
|
268
|
-
|
269
|
-
- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
|
270
|
-
|
271
|
-
## 1.4.0 - 2014-07-31
|
272
|
-
|
273
|
-
- internals
|
274
|
-
- [#427] Adds specs expectations.
|
275
|
-
- [#428] Error response refactor.
|
276
|
-
- [#417] Moves token validation into Access Token class.
|
277
|
-
- [#439] Removes redundant module includes.
|
278
|
-
- [#443] TokensController and TokenInfoController inherit from ActionController::Metal
|
279
|
-
- bug
|
280
|
-
- [#418] fixes #243, requests with insufficient scope now respond 403 instead
|
281
|
-
of 401. (API change)
|
282
|
-
- [#438] fixes #398, native redirect for implicit token grant bug.
|
283
|
-
- [#440] namespace fixes
|
284
|
-
- enhancements
|
285
|
-
- [#432] Keeps query parameters
|
286
|
-
|
287
|
-
## 1.3.1 - 2014-07-06
|
288
|
-
|
289
|
-
- enhancements
|
290
|
-
- [#405] Adds facade to more easily get the token from a request in a route
|
291
|
-
constraint.
|
292
|
-
- [#415] Extend Doorkeeper TokenResponse with an `after_successful_response`
|
293
|
-
callback that allows handling of `response` object.
|
294
|
-
- internals
|
295
|
-
- [#409] Deprecates `test_redirect_uri` in favor of `native_redirect_uri`.
|
296
|
-
See discussion in: [#351].
|
297
|
-
- [#411] Clean rspec deprecations. General test improvements.
|
298
|
-
- [#412] rspec line width can go longer than 80 (hound CI config).
|
299
|
-
- bug
|
300
|
-
- [#413] fixes #340, routing scope is now taken into account in redirect.
|
301
|
-
- [#401] and [#425] application is not required any longer for access_token.
|
302
|
-
|
303
|
-
## 1.3.0 - 2014-05-23
|
304
|
-
|
305
|
-
- enhancements
|
306
|
-
- [#387] Adds reuse_access_token configuration option.
|
307
|
-
|
308
|
-
## 1.2.0 - 2014-05-02
|
309
|
-
|
310
|
-
- enhancements
|
311
|
-
- [#376] Allow users to enable basic header authorization for access tokens.
|
312
|
-
- [#374] Token revocation implementation [RFC 7009]
|
313
|
-
- [#295] Only enable specific grant flows.
|
314
|
-
- internals
|
315
|
-
- [#381] Locale source fix.
|
316
|
-
- [#380] Renames `errors_for` to `doorkeeper_errors_for`.
|
317
|
-
- [#390] Style adjustments in accordance with Ruby Style Guide form
|
318
|
-
Thoughtbot.
|
319
|
-
|
320
|
-
## 1.1.0 - 2014-03-29
|
321
|
-
|
322
|
-
- enhancements
|
323
|
-
- [#336] mongoid4 support.
|
324
|
-
- [#372] Allow users to set ActiveRecord table_name_prefix/suffix options
|
325
|
-
- internals
|
326
|
-
- [#343] separate OAuth's admin and user end-point to different layouts, upgrade theme to Bootstrap 3.1.
|
327
|
-
- [#348] Move render_options in filter after `@error` has been set
|
328
|
-
|
329
|
-
## 1.0.0 - 2014-01-13
|
330
|
-
|
331
|
-
- bug (spec)
|
332
|
-
- [#228] token response `expires_in` value is now in seconds, relative to
|
333
|
-
request time
|
334
|
-
- [#296] client is optional for password grant type.
|
335
|
-
- [#319] If client credentials are present on password grant type they are validated
|
336
|
-
- [#326] If client credentials are present in refresh token they are validated
|
337
|
-
- [#326] If authenticated client does not match original client that
|
338
|
-
obtained a refresh token it responds `invalid_grant` instead of
|
339
|
-
`invalid_client`. Previous usage was invalid according to Section 5.2 of
|
340
|
-
the spec.
|
341
|
-
- [#329] access tokens' `scopes` string wa being compared against
|
342
|
-
`default_scopes` symbols, always unauthorizing.
|
343
|
-
- [#318] Include "WWW-Authenticate" header with Unauthorized responses
|
344
|
-
- enhancements
|
345
|
-
- [#293] Adds ActionController::Instrumentation in TokensController
|
346
|
-
- [#298] Support for multiple redirect_uris added.
|
347
|
-
- [#313] `AccessToken.revoke_all_for` actually revokes all non-revoked
|
348
|
-
tokens for an application/owner instead of deleting them.
|
349
|
-
- [#333] Rails 4.1 support
|
350
|
-
- internals
|
351
|
-
- Removes jQuery dependency [fixes #300] [PR #312 is related]
|
352
|
-
- [#294] Client uid and secret will be generated only if not present.
|
353
|
-
- [#316] Test warnings addressed.
|
354
|
-
- [#338] Rspec 3 syntax.
|
355
|
-
|
356
|
-
---
|
357
|
-
|
358
|
-
## 0.7.4 - 2013-12-01
|
359
|
-
|
360
|
-
- bug
|
361
|
-
- Symbols instead of strings for user input.
|
362
|
-
|
363
|
-
## 0.7.3 - 2013-10-04
|
364
|
-
|
365
|
-
- enhancements
|
366
|
-
- [#204] Allow to overwrite scope in routes
|
367
|
-
- internals
|
368
|
-
- Returns only present keys in Token Response (may imply a backwards
|
369
|
-
incompatible change). https://github.com/doorkeeper-gem/doorkeeper/issues/220
|
370
|
-
- bug
|
371
|
-
- [#290] Support for Rails 4 when 'protected_attributes' gem is present.
|
372
|
-
|
373
|
-
## 0.7.2 - 2013-09-11
|
374
|
-
|
375
|
-
- enhancements
|
376
|
-
- [#272] Allow issuing multiple access_tokens for one user/application for multiple devices
|
377
|
-
- [#170] Increase length of allowed redirect URIs
|
378
|
-
- [#239] Do not try to load unavailable Request class for the current phase.
|
379
|
-
- [#273] Relax jquery-rails gem dependency
|
380
|
-
|
381
|
-
## 0.7.1 - 2013-08-30
|
382
|
-
|
383
|
-
- bug
|
384
|
-
- [#269] Rails 3.2 raised `ActiveModel::MassAssignmentSecurity::Error`.
|
385
|
-
|
386
|
-
## 0.7.0 - 2013-08-21
|
387
|
-
|
388
|
-
- enhancements
|
389
|
-
- [#229] Rails 4!
|
390
|
-
- internals
|
391
|
-
- [#203] Changing table name to be specific in column_names_with_table
|
392
|
-
- [#215] README update
|
393
|
-
- [#227] Use Rails.config.paths["config/routes"] instead of assuming "config/routes.rb" exists
|
394
|
-
- [#262] Add jquery as gem dependency
|
395
|
-
- [#263] Add a configuration for ActiveRecord.establish_connection
|
396
|
-
- Deprecation and Ruby warnings (PRs merged outside of GitHub).
|
397
|
-
|
398
|
-
## 0.6.7 - 2013-01-13
|
399
|
-
|
400
|
-
- internals
|
401
|
-
- [#188] Add IDs to the show views for integration testing [@egtann](https://github.com/egtann)
|
402
|
-
|
403
|
-
## 0.6.6 - 2013-01-04
|
404
|
-
|
405
|
-
- enhancements
|
406
|
-
- [#187] Raise error if configuration is not set
|
407
|
-
|
408
|
-
## 0.6.5 - 2012-12-26
|
409
|
-
|
410
|
-
- enhancements
|
411
|
-
- [#184] Vendor the Bootstrap CSS [@tylerhunt](https://github.com/tylerhunt)
|
412
|
-
|
413
|
-
## 0.6.4 - 2012-12-15
|
414
|
-
|
415
|
-
- bug
|
416
|
-
- [#180] Add localization to authorized_applications destroy notice [@aalvarado](https://github.com/aalvarado)
|
417
|
-
|
418
|
-
## 0.6.3 - 2012-12-07
|
419
|
-
|
420
|
-
- bugfixes
|
421
|
-
- [#163] Error response content-type header should be application/json [@ggayan](https://github.com/ggayan)
|
422
|
-
- [#175] Make token.expires_in_seconds return nil when expires_in is nil [@miyagawa](https://github.com/miyagawa)
|
423
|
-
- enhancements
|
424
|
-
- [#166, #172, #174] Behavior to automatically authorize based on a configured proc
|
425
|
-
- internals
|
426
|
-
- [#168] Using expectation syntax for controller specs [@rdsoze](https://github.com/rdsoze)
|
427
|
-
|
428
|
-
## 0.6.2 - 2012-11-10
|
429
|
-
|
430
|
-
- bugfixes
|
431
|
-
- [#162] Remove ownership columns from base migration template [@rdsoze](https://github.com/rdsoze)
|
432
|
-
|
433
|
-
## 0.6.1 - 2012-11-07
|
434
|
-
|
435
|
-
- bugfixes
|
436
|
-
- [#160] Removed |routes| argument from initializer authenticator blocks
|
437
|
-
- documentation
|
438
|
-
- [#160] Fixed description of context of authenticator blocks
|
439
|
-
|
440
|
-
## 0.6.0 - 2012-11-05
|
441
|
-
|
442
|
-
- enhancements
|
443
|
-
- Mongoid `orm` configuration accepts only :mongoid2 or :mongoid3
|
444
|
-
- Authorization endpoint does not redirect in #new action anymore. It wasn't specified by OAuth spec
|
445
|
-
- TokensController now inherits from ActionController::Metal. There might be performance upgrades
|
446
|
-
- Add link to authorization in Applications scaffold
|
447
|
-
- [#116] MongoMapper support [@carols10cents](https://github.com/carols10cents)
|
448
|
-
- [#122] Mongoid3 support [@petergoldstein](https://github.com/petergoldstein)
|
449
|
-
- [#150] Introduce test redirect uri for applications
|
450
|
-
- bugfixes
|
451
|
-
- [#157] Response token status should be `:ok`, not `:success` [@theycallmeswift](https://github.com/theycallmeswift)
|
452
|
-
- [#159] Remove ActionView::Base.field_error_proc override (fixes #145)
|
453
|
-
- internals
|
454
|
-
- Update development dependencies
|
455
|
-
- Several refactorings
|
456
|
-
- Rails/ORM are easily swichable with env vars (rails and orm)
|
457
|
-
- Travis now tests against Mongoid v2
|
458
|
-
|
459
|
-
## 0.5.0 - 2012-10-20
|
460
|
-
|
461
|
-
Official support for rubinius was removed.
|
462
|
-
|
463
|
-
- enhancements
|
464
|
-
- Configure the way access token is retrieved from request (default to bearer header)
|
465
|
-
- Authorization Code expiration time is now configurable
|
466
|
-
- Add support for mongoid
|
467
|
-
- [#78, #128, #137, #138] Application Ownership
|
468
|
-
- [#92] Allow users to skip controllers
|
469
|
-
- [#99] Remove deprecated warnings for data-* attributes [@towerhe](https://github.com/towerhe)
|
470
|
-
- [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
|
471
|
-
- [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
|
472
|
-
- [#107] Fix typos in initializer
|
473
|
-
- [#123] i18n for validator, flash messages [@petergoldstein](https://github.com/petergoldstein)
|
474
|
-
- [#140] ActiveRecord is the default value for the ORM [@petergoldstein](https://github.com/petergoldstein)
|
475
|
-
- internals
|
476
|
-
- [#112, #120] Replacing update_attribute with update_column to eliminate deprecation warnings [@rmoriz](https://github.com/rmoriz), [@petergoldstein](https://github.com/petergoldstein)
|
477
|
-
- [#121] Updating all development dependencies to recent versions. [@petergoldstein](https://github.com/petergoldstein)
|
478
|
-
- [#144] Adding MongoDB dependency to .travis.yml [@petergoldstein](https://github.com/petergoldstein)
|
479
|
-
- [#143] Displays errors for unconfigured error messages [@timgaleckas](https://github.com/timgaleckas)
|
480
|
-
- bugfixes
|
481
|
-
- [#102] Not returning 401 when access token generation fails [@cslew](https://github.com/cslew)
|
482
|
-
- [#125] Doorkeeper is using ActiveRecord version of as_json in ORM agnostic code [@petergoldstein](https://github.com/petergoldstein)
|
483
|
-
- [#142] Prevent double submission of password based authentication [@bdurand](https://github.com/bdurand)
|
484
|
-
- documentation
|
485
|
-
- [#141] Add rack-cors middleware to readme [@gottfrois](https://github.com/gottfrois)
|
486
|
-
|
487
|
-
## 0.4.2 - 2012-06-05
|
488
|
-
|
489
|
-
- bugfixes:
|
490
|
-
- [#94] Uninitialized Constant in Password Flow
|
491
|
-
|
492
|
-
## 0.4.1 - 2012-06-02
|
493
|
-
|
494
|
-
- enhancements:
|
495
|
-
- Backport: Move doorkeeper_for extension to Filter helper
|
496
|
-
|
497
|
-
## 0.4.0 - 2012-05-26
|
498
|
-
|
499
|
-
- deprecation
|
500
|
-
- Deprecate authorization_scopes
|
501
|
-
- database changes
|
502
|
-
- AccessToken#resource_owner_id is not nullable
|
503
|
-
- enhancements
|
504
|
-
- [#83] Add Resource Owner Password Credentials flow [@jaimeiniesta](https://github.com/jaimeiniesta)
|
505
|
-
- [#76] Allow token expiration to be disabled [@mattgreen](https://github.com/mattgreen)
|
506
|
-
- [#89] Configure the way client credentials are retrieved from request
|
507
|
-
- [#b6470a] Add Client Credentials flow
|
508
|
-
- internals
|
509
|
-
- [#2ece8d, #f93778] Introduce Client and ErrorResponse classes
|
510
|
-
|
511
|
-
## 0.3.4 - 2012-05-24
|
512
|
-
|
513
|
-
- Fix attr_accessible for rails 3.2.x
|
514
|
-
|
515
|
-
## 0.3.3 - 2012-05-07
|
516
|
-
|
517
|
-
- [#86] shrink gem package size
|
518
|
-
|
519
|
-
## 0.3.2 - 2012-04-29
|
520
|
-
|
521
|
-
- enhancements
|
522
|
-
- [#54] Ignore Authorization: headers that are not Bearer [@miyagawa](https://github.com/miyagawa)
|
523
|
-
- [#58, #64] Add destroy action to applications endpoint [@jaimeiniesta](https://github.com/jaimeiniesta), [@davidfrey](https://github.com/davidfrey)
|
524
|
-
- [#63] TokensController responds with `401 unauthorized` [@jaimeiniesta](https://github.com/jaimeiniesta)
|
525
|
-
- [#67, #72] Fix for mass-assignment [@cicloid](https://github.com/cicloid)
|
526
|
-
- internals
|
527
|
-
- [#49] Add Gemnasium status image to README [@laserlemon](https://github.com/laserlemon)
|
528
|
-
- [#50] Fix typos [@tomekw](https://github.com/tomekw)
|
529
|
-
- [#51] Updated the factory_girl_rails dependency, fix expires_in response which returned a float number instead of integer [@antekpiechnik](https://github.com/antekpiechnik)
|
530
|
-
- [#62] Typos, .gitignore [@jaimeiniesta](https://github.com/jaimeiniesta)
|
531
|
-
- [#65] Change _path redirections to _url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
|
532
|
-
- [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
|
533
|
-
- Remove application link in authorized app view
|
534
|
-
|
535
|
-
## 0.3.1 - 2012-02-17
|
536
|
-
|
537
|
-
- enhancements
|
538
|
-
- [#48] Add if, else options to doorkeeper_for
|
539
|
-
- Add views generator
|
540
|
-
- internals
|
541
|
-
- Namespace models
|
542
|
-
|
543
|
-
## 0.3.0 - 2012-02-11
|
544
|
-
|
545
|
-
- enhancements
|
546
|
-
- [#17, #31] Add support for client credentials in basic auth header [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
547
|
-
- [#28] Add indices to migration [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
548
|
-
- [#29] Allow doorkeeper to run with rails 3.2 [@john-griffin](https://github.com/john-griffin)
|
549
|
-
- [#30] Improve client's redirect uri validation [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
550
|
-
- [#32] Add token (implicit grant) flow [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
551
|
-
- [#34] Add support for custom unathorized responses [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
552
|
-
- [#36] Remove repetitions from the Authorised Applications view [@carvil](https://github.com/carvil)
|
553
|
-
- When user revoke an application, all tokens for that application are revoked
|
554
|
-
- Error messages now can be translated
|
555
|
-
- Install generator copies the error messages localization file
|
556
|
-
- internals
|
557
|
-
- Fix deprecation warnings in ActiveSupport::Base64
|
558
|
-
- Remove deprecation in doorkeeper_for that handles hash arguments
|
559
|
-
- Depends on railties instead of whole rails framework
|
560
|
-
- CI now integrates with rails 3.1 and 3.2
|
561
|
-
|
562
|
-
## 0.2.0 - 2011-12-17
|
563
|
-
|
564
|
-
- enhancements
|
565
|
-
- [#4] Add authorized applications endpoint
|
566
|
-
- [#5, #11] Add access token scopes
|
567
|
-
- [#10] Add access token expiration by default
|
568
|
-
- [#9, #12] Add refresh token flow
|
569
|
-
- internals
|
570
|
-
- [#7] Improve configuration options with :default
|
571
|
-
- Improve configuration options with :builder
|
572
|
-
- Refactor config class
|
573
|
-
- Improve coverage of authorization request integration
|
574
|
-
- bug fixes
|
575
|
-
- [#6, #20] Fix access token response headers
|
576
|
-
- Fix issue with state parameter
|
577
|
-
- deprecation
|
578
|
-
- deprecate :only and :except options in doorkeeper_for
|
579
|
-
|
580
|
-
## 0.1.1 - 2011-11-30
|
581
|
-
|
582
|
-
- enhancements
|
583
|
-
- [#3] Authorization code must be short lived and single use
|
584
|
-
- [#2] Improve views provided by doorkeeper
|
585
|
-
- [#1] Skips authorization form if the client has been authorized by the resource owner
|
586
|
-
- Improve readme
|
587
|
-
- bugfixes
|
588
|
-
- Fix issue when creating the access token (wrong client id)
|
589
|
-
|
590
|
-
## 0.1.0 - 2011-11-25
|
591
|
-
|
592
|
-
- Authorization Code flow
|
593
|
-
- OAuth applications endpoint
|
data/RELEASING.md
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
# Releasing doorkeeper
|
2
|
-
|
3
|
-
1. Update `lib/doorkeeper/version.rb` file accordingly.
|
4
|
-
2. Update `NEWS.md` to reflect the changes since last release.
|
5
|
-
3. Commit changes. There shouldn’t be code changes, and thus CI doesn’t need to
|
6
|
-
run, you can then add “[ci skip]” to the commit message.
|
7
|
-
4. Tag the release: `git tag vVERSION -m "Release vVERSION"`
|
8
|
-
5. Push changes: `git push && git push --tags`
|
9
|
-
6. Build and publish the gem:
|
10
|
-
|
11
|
-
```bash
|
12
|
-
gem build doorkeeper.gemspec
|
13
|
-
gem push doorkeeper-*.gem
|
14
|
-
```
|
15
|
-
|
16
|
-
7. Announce the new release, making sure to say “thank you” to the contributors
|
17
|
-
who helped shape this version!
|
data/Rakefile
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
require 'bundler/setup'
|
2
|
-
require 'rspec/core/rake_task'
|
3
|
-
|
4
|
-
desc 'Default: run specs.'
|
5
|
-
task default: :spec
|
6
|
-
|
7
|
-
desc "Run all specs"
|
8
|
-
RSpec::Core::RakeTask.new(:spec) do |config|
|
9
|
-
config.verbose = false
|
10
|
-
end
|
11
|
-
|
12
|
-
namespace :doorkeeper do
|
13
|
-
desc "Install doorkeeper in dummy app"
|
14
|
-
task :install do
|
15
|
-
cd 'spec/dummy'
|
16
|
-
system 'bundle exec rails g doorkeeper:install --force'
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
Bundler::GemHelper.install_tasks
|