doorkeeper 4.2.0 → 5.6.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1119 -0
- data/README.md +112 -349
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +6 -7
- data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
- data/app/controllers/doorkeeper/applications_controller.rb +65 -20
- data/app/controllers/doorkeeper/authorizations_controller.rb +115 -18
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
- data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
- data/app/controllers/doorkeeper/tokens_controller.rb +118 -38
- data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
- data/app/views/doorkeeper/applications/_delete_form.html.erb +4 -3
- data/app/views/doorkeeper/applications/_form.html.erb +33 -21
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +40 -16
- data/app/views/doorkeeper/authorizations/error.html.erb +4 -2
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +17 -11
- data/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +1 -2
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
- data/config/locales/en.yml +36 -9
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +82 -0
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +551 -155
- data/lib/doorkeeper/engine.rb +19 -6
- data/lib/doorkeeper/errors.rb +55 -10
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
- data/lib/doorkeeper/grape/helpers.rb +24 -12
- data/lib/doorkeeper/helpers/controller.rb +49 -27
- data/lib/doorkeeper/models/access_grant_mixin.rb +100 -21
- data/lib/doorkeeper/models/access_token_mixin.rb +383 -75
- data/lib/doorkeeper/models/application_mixin.rb +72 -25
- data/lib/doorkeeper/models/concerns/accessible.rb +6 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +20 -6
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +12 -18
- data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
- data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +54 -12
- data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +72 -28
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +22 -18
- data/lib/doorkeeper/oauth/authorization_code_request.rb +77 -17
- data/lib/doorkeeper/oauth/base_request.rb +67 -0
- data/lib/doorkeeper/oauth/base_response.rb +31 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +23 -10
- data/lib/doorkeeper/oauth/client.rb +10 -12
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +44 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +21 -13
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +20 -16
- data/lib/doorkeeper/oauth/code_request.rb +9 -13
- data/lib/doorkeeper/oauth/code_response.rb +28 -15
- data/lib/doorkeeper/oauth/error.rb +5 -3
- data/lib/doorkeeper/oauth/error_response.rb +43 -20
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +47 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +31 -5
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +46 -14
- data/lib/doorkeeper/oauth/pre_authorization.rb +138 -28
- data/lib/doorkeeper/oauth/refresh_token_request.rb +74 -41
- data/lib/doorkeeper/oauth/scopes.rb +26 -12
- data/lib/doorkeeper/oauth/token.rb +25 -23
- data/lib/doorkeeper/oauth/token_introspection.rb +204 -0
- data/lib/doorkeeper/oauth/token_request.rb +9 -22
- data/lib/doorkeeper/oauth/token_response.rb +13 -10
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
- data/lib/doorkeeper/orm/active_record/access_token.rb +5 -25
- data/lib/doorkeeper/orm/active_record/application.rb +6 -15
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +63 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +77 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +210 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +36 -0
- data/lib/doorkeeper/orm/active_record.rb +34 -12
- data/lib/doorkeeper/rails/helpers.rb +14 -15
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +3 -1
- data/lib/doorkeeper/rails/routes/mapping.rb +10 -8
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +50 -29
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +6 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/authorization_code.rb +12 -4
- data/lib/doorkeeper/request/client_credentials.rb +3 -3
- data/lib/doorkeeper/request/code.rb +1 -1
- data/lib/doorkeeper/request/password.rb +5 -14
- data/lib/doorkeeper/request/refresh_token.rb +6 -5
- data/lib/doorkeeper/request/strategy.rb +4 -2
- data/lib/doorkeeper/request/token.rb +1 -1
- data/lib/doorkeeper/request.rb +62 -29
- data/lib/doorkeeper/secret_storing/base.rb +64 -0
- data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
- data/lib/doorkeeper/secret_storing/plain.rb +33 -0
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
- data/lib/doorkeeper/server.rb +9 -19
- data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
- data/lib/doorkeeper/validations.rb +5 -2
- data/lib/doorkeeper/version.rb +12 -1
- data/lib/doorkeeper.rb +180 -57
- data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/install_generator.rb +19 -9
- data/lib/generators/doorkeeper/migration_generator.rb +27 -10
- data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
- data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +436 -33
- data/lib/generators/doorkeeper/templates/migration.rb.erb +98 -0
- data/lib/generators/doorkeeper/views_generator.rb +8 -4
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +129 -281
- data/.gitignore +0 -14
- data/.hound.yml +0 -13
- data/.rspec +0 -1
- data/.travis.yml +0 -20
- data/CONTRIBUTING.md +0 -47
- data/Gemfile +0 -14
- data/NEWS.md +0 -593
- data/RELEASING.md +0 -17
- data/Rakefile +0 -20
- data/app/validators/redirect_uri_validator.rb +0 -34
- data/doorkeeper.gemspec +0 -28
- data/lib/doorkeeper/oauth/client/methods.rb +0 -18
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
- data/lib/doorkeeper/oauth/request_concern.rb +0 -48
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
- data/lib/generators/doorkeeper/templates/migration.rb +0 -68
- data/spec/controllers/application_metal_controller.rb +0 -10
- data/spec/controllers/applications_controller_spec.rb +0 -58
- data/spec/controllers/authorizations_controller_spec.rb +0 -189
- data/spec/controllers/protected_resources_controller_spec.rb +0 -300
- data/spec/controllers/token_info_controller_spec.rb +0 -52
- data/spec/controllers/tokens_controller_spec.rb +0 -88
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -5
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -23
- data/spec/dummy/config/boot.rb +0 -9
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -44
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -11
- data/spec/dummy/db/schema.rb +0 -67
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/factories.rb +0 -28
- data/spec/generators/application_owner_generator_spec.rb +0 -22
- data/spec/generators/install_generator_spec.rb +0 -31
- data/spec/generators/migration_generator_spec.rb +0 -20
- data/spec/generators/templates/routes.rb +0 -3
- data/spec/generators/views_generator_spec.rb +0 -27
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
- data/spec/lib/config_spec.rb +0 -334
- data/spec/lib/doorkeeper_spec.rb +0 -28
- data/spec/lib/models/expirable_spec.rb +0 -51
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -43
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -42
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
- data/spec/lib/oauth/client/credentials_spec.rb +0 -47
- data/spec/lib/oauth/client/methods_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
- data/spec/lib/oauth/client_spec.rb +0 -39
- data/spec/lib/oauth/code_request_spec.rb +0 -45
- data/spec/lib/oauth/code_response_spec.rb +0 -34
- data/spec/lib/oauth/error_response_spec.rb +0 -61
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -28
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
- data/spec/lib/oauth/scopes_spec.rb +0 -122
- data/spec/lib/oauth/token_request_spec.rb +0 -98
- data/spec/lib/oauth/token_response_spec.rb +0 -85
- data/spec/lib/oauth/token_spec.rb +0 -116
- data/spec/lib/request/strategy_spec.rb +0 -53
- data/spec/lib/server_spec.rb +0 -52
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
- data/spec/models/doorkeeper/access_token_spec.rb +0 -394
- data/spec/models/doorkeeper/application_spec.rb +0 -179
- data/spec/requests/applications/applications_request_spec.rb +0 -94
- data/spec/requests/applications/authorized_applications_spec.rb +0 -30
- data/spec/requests/endpoints/authorization_spec.rb +0 -72
- data/spec/requests/endpoints/token_spec.rb +0 -64
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -66
- data/spec/requests/flows/authorization_code_spec.rb +0 -156
- data/spec/requests/flows/client_credentials_spec.rb +0 -58
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
- data/spec/requests/flows/implicit_grant_spec.rb +0 -61
- data/spec/requests/flows/password_spec.rb +0 -115
- data/spec/requests/flows/refresh_token_spec.rb +0 -174
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -59
- data/spec/requests/protected_resources/metal_spec.rb +0 -14
- data/spec/requests/protected_resources/private_api_spec.rb +0 -81
- data/spec/routing/custom_controller_routes_spec.rb +0 -71
- data/spec/routing/default_routes_spec.rb +0 -35
- data/spec/routing/scoped_routes_spec.rb +0 -31
- data/spec/spec_helper.rb +0 -2
- data/spec/spec_helper_integration.rb +0 -59
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/access_token_request_helper.rb +0 -11
- data/spec/support/helpers/authorization_request_helper.rb +0 -41
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -67
- data/spec/support/helpers/request_spec_helper.rb +0 -76
- data/spec/support/helpers/url_helper.rb +0 -55
- data/spec/support/http_method_shim.rb +0 -24
- data/spec/support/orm/active_record.rb +0 -3
- data/spec/support/shared/controllers_shared_context.rb +0 -69
- data/spec/support/shared/models_shared_examples.rb +0 -52
- data/spec/validators/redirect_uri_validator_spec.rb +0 -78
data/README.md
CHANGED
@@ -1,366 +1,155 @@
|
|
1
|
-
# Doorkeeper
|
1
|
+
# Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
|
2
2
|
|
3
|
-
[![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
|
4
|
-
[![Dependency Status](https://gemnasium.com/doorkeeper-gem/doorkeeper.svg?travis)](https://gemnasium.com/doorkeeper-gem/doorkeeper)
|
5
|
-
[![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
|
6
3
|
[![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
|
7
|
-
[![
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
[
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
-
|
21
|
-
-
|
4
|
+
[![CI](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml/badge.svg)](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml)
|
5
|
+
[![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
|
6
|
+
[![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
|
7
|
+
[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
|
8
|
+
[![GuardRails badge](https://badges.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
|
9
|
+
[![Dependabot](https://img.shields.io/badge/dependabot-enabled-success.svg)](https://dependabot.com)
|
10
|
+
|
11
|
+
Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider
|
12
|
+
functionality to your Ruby on Rails or Grape application.
|
13
|
+
|
14
|
+
Supported features:
|
15
|
+
|
16
|
+
- [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
|
17
|
+
- [Authorization Code Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
|
18
|
+
- [Access Token Scopes](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3)
|
19
|
+
- [Refresh token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)
|
20
|
+
- [Implicit grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2)
|
21
|
+
- [Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3)
|
22
|
+
- [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
|
23
|
+
- [OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
|
24
|
+
- [OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662)
|
25
|
+
- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
|
26
|
+
- [OAuth 2.0 for Native Apps](https://datatracker.ietf.org/doc/html/rfc8252)
|
27
|
+
- [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)
|
22
28
|
|
23
29
|
## Table of Contents
|
24
30
|
|
25
31
|
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
26
32
|
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
27
33
|
|
34
|
+
|
35
|
+
- [Documentation](#documentation)
|
28
36
|
- [Installation](#installation)
|
29
|
-
- [
|
30
|
-
- [
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
- [
|
36
|
-
- [Protect your API with OAuth when using Grape](#protect-your-api-with-oauth-when-using-grape)
|
37
|
-
- [Route Constraints and other integrations](#route-constraints-and-other-integrations)
|
38
|
-
- [Access Token Scopes](#access-token-scopes)
|
39
|
-
- [Custom Access Token Generator](#custom-access-token-generator)
|
40
|
-
- [Authenticated resource owner](#authenticated-resource-owner)
|
41
|
-
- [Applications list](#applications-list)
|
42
|
-
- [Other customizations](#other-customizations)
|
43
|
-
- [Upgrading](#upgrading)
|
37
|
+
- [Ruby on Rails](#ruby-on-rails)
|
38
|
+
- [Grape](#grape)
|
39
|
+
- [ORMs](#orms)
|
40
|
+
- [Extensions](#extensions)
|
41
|
+
- [Example Applications](#example-applications)
|
42
|
+
- [Tutorials](#tutorials)
|
43
|
+
- [Sponsors](#sponsors)
|
44
44
|
- [Development](#development)
|
45
45
|
- [Contributing](#contributing)
|
46
|
-
- [
|
47
|
-
|
48
|
-
- [Screencast](#screencast)
|
49
|
-
- [Client applications](#client-applications)
|
50
|
-
- [Contributors](#contributors)
|
51
|
-
- [IETF Standards](#ietf-standards)
|
52
|
-
- [License](#license)
|
46
|
+
- [Contributors](#contributors)
|
47
|
+
- [License](#license)
|
53
48
|
|
54
49
|
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
55
50
|
|
56
|
-
##
|
57
|
-
|
58
|
-
Put this in your Gemfile:
|
59
|
-
|
60
|
-
``` ruby
|
61
|
-
gem 'doorkeeper'
|
62
|
-
```
|
63
|
-
|
64
|
-
Run the installation generator with:
|
65
|
-
|
66
|
-
rails generate doorkeeper:install
|
67
|
-
|
68
|
-
This will install the doorkeeper initializer into `config/initializers/doorkeeper.rb`.
|
69
|
-
|
70
|
-
## Configuration
|
71
|
-
|
72
|
-
### Active Record
|
73
|
-
|
74
|
-
By default doorkeeper is configured to use active record, so to start you have
|
75
|
-
to generate the migration tables:
|
76
|
-
|
77
|
-
rails generate doorkeeper:migration
|
78
|
-
|
79
|
-
You may want to add foreign keys to your migration. For example, if you plan on
|
80
|
-
using `User` as the resource owner, add the following line to the migration file
|
81
|
-
for each table that includes a `resource_owner_id` column:
|
82
|
-
|
83
|
-
```ruby
|
84
|
-
add_foreign_key :table_name, :users, column: :resource_owner_id
|
85
|
-
```
|
86
|
-
|
87
|
-
Then run migrations:
|
88
|
-
|
89
|
-
```sh
|
90
|
-
rake db:migrate
|
91
|
-
```
|
92
|
-
|
93
|
-
### Other ORMs
|
94
|
-
|
95
|
-
See [doorkeeper-mongodb project] for Mongoid and MongoMapper support. Follow along
|
96
|
-
the implementation in that repository to extend doorkeeper with other ORMs.
|
97
|
-
|
98
|
-
[doorkeeper-mongodb project]: https://github.com/doorkeeper-gem/doorkeeper-mongodb
|
99
|
-
|
100
|
-
If you are using [Sequel gem] then you can add [doorkeeper-sequel extension] to your project.
|
101
|
-
Follow configuration instructions for setting up the necessary Doorkeeper ORM.
|
102
|
-
|
103
|
-
[Sequel gem]: https://github.com/jeremyevans/sequel/
|
104
|
-
[doorkeeper-sequel extension]: https://github.com/nbulaj/doorkeeper-sequel
|
105
|
-
|
106
|
-
### Routes
|
107
|
-
|
108
|
-
The installation script will also automatically add the Doorkeeper routes into
|
109
|
-
your app, like this:
|
110
|
-
|
111
|
-
``` ruby
|
112
|
-
Rails.application.routes.draw do
|
113
|
-
use_doorkeeper
|
114
|
-
# your routes
|
115
|
-
end
|
116
|
-
```
|
117
|
-
|
118
|
-
This will mount following routes:
|
119
|
-
|
120
|
-
GET /oauth/authorize/:code
|
121
|
-
GET /oauth/authorize
|
122
|
-
POST /oauth/authorize
|
123
|
-
DELETE /oauth/authorize
|
124
|
-
POST /oauth/token
|
125
|
-
POST /oauth/revoke
|
126
|
-
resources /oauth/applications
|
127
|
-
GET /oauth/authorized_applications
|
128
|
-
DELETE /oauth/authorized_applications/:id
|
129
|
-
GET /oauth/token/info
|
130
|
-
|
131
|
-
For more information on how to customize routes, check out [this page on the
|
132
|
-
wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
|
133
|
-
|
134
|
-
### Authenticating
|
135
|
-
|
136
|
-
You need to configure Doorkeeper in order to provide `resource_owner` model
|
137
|
-
and authentication block in `config/initializers/doorkeeper.rb`:
|
138
|
-
|
139
|
-
``` ruby
|
140
|
-
Doorkeeper.configure do
|
141
|
-
resource_owner_authenticator do
|
142
|
-
User.find_by_id(session[:current_user_id]) || redirect_to(login_url)
|
143
|
-
end
|
144
|
-
end
|
145
|
-
```
|
146
|
-
|
147
|
-
This code is run in the context of your application so you have access to your
|
148
|
-
models, session or routes helpers. However, since this code is not run in the
|
149
|
-
context of your application's `ApplicationController` it doesn't have access to
|
150
|
-
the methods defined over there.
|
151
|
-
|
152
|
-
You may want to check other ways of authentication
|
153
|
-
[here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Authenticating-using-Clearance-or-DIY).
|
154
|
-
|
155
|
-
|
156
|
-
### Internationalization (I18n)
|
157
|
-
|
158
|
-
See language files in [the I18n repository](https://github.com/doorkeeper-gem/doorkeeper-i18n).
|
159
|
-
|
160
|
-
|
161
|
-
## Protecting resources with OAuth (a.k.a your API endpoint)
|
162
|
-
|
163
|
-
To protect your API with OAuth, you just need to setup `before_action`s
|
164
|
-
specifying the actions you want to protect. For example:
|
165
|
-
|
166
|
-
``` ruby
|
167
|
-
class Api::V1::ProductsController < Api::V1::ApiController
|
168
|
-
before_action :doorkeeper_authorize! # Require access token for all actions
|
169
|
-
|
170
|
-
# your actions
|
171
|
-
end
|
172
|
-
```
|
173
|
-
|
174
|
-
You can pass any option `before_action` accepts, such as `if`, `only`,
|
175
|
-
`except`, and others.
|
51
|
+
## Documentation
|
176
52
|
|
177
|
-
|
53
|
+
This documentation is valid for `main` branch. Please check the documentation for the version of doorkeeper you are using in:
|
54
|
+
https://github.com/doorkeeper-gem/doorkeeper/releases.
|
178
55
|
|
179
|
-
|
180
|
-
`doorkeeper_authorize!` and can be used in a similar way as an example above.
|
181
|
-
Note that you have to use `require 'doorkeeper/grape/helpers'` and
|
182
|
-
`helpers Doorkeeper::Grape::Helpers`.
|
183
|
-
|
184
|
-
For more information about integration with Grape see the [Wiki].
|
185
|
-
|
186
|
-
[PR 567]: https://github.com/doorkeeper-gem/doorkeeper/pull/567
|
187
|
-
[Wiki]: https://github.com/doorkeeper-gem/doorkeeper/wiki/Grape-Integration
|
188
|
-
|
189
|
-
``` ruby
|
190
|
-
require 'doorkeeper/grape/helpers'
|
191
|
-
|
192
|
-
module API
|
193
|
-
module V1
|
194
|
-
class Users < Grape::API
|
195
|
-
helpers Doorkeeper::Grape::Helpers
|
196
|
-
|
197
|
-
before do
|
198
|
-
doorkeeper_authorize!
|
199
|
-
end
|
200
|
-
|
201
|
-
# ...
|
202
|
-
end
|
203
|
-
end
|
204
|
-
end
|
205
|
-
```
|
56
|
+
Additionally, other resources can be found on:
|
206
57
|
|
58
|
+
- [Guides](https://doorkeeper.gitbook.io/guides/) with how-to get started and configuration documentation
|
59
|
+
- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki) with articles and other documentation
|
60
|
+
- Screencast from [railscasts.com](http://railscasts.com/): [#353
|
61
|
+
OAuth with
|
62
|
+
Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
|
63
|
+
- See [upgrade guides](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
|
64
|
+
- For general questions, please post on [Stack Overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
|
65
|
+
- See [SECURITY.md](SECURITY.md) for this project's security disclose
|
66
|
+
policy
|
207
67
|
|
208
|
-
|
68
|
+
## Installation
|
209
69
|
|
210
|
-
|
211
|
-
`Doorkeeper::OAuth::Token` based on the current request. You can then ensure
|
212
|
-
that token is still good, find its associated `#resource_owner_id`, etc.
|
70
|
+
Installation depends on the framework you're using. The first step is to add the following to your Gemfile:
|
213
71
|
|
214
72
|
```ruby
|
215
|
-
|
216
|
-
class Authenticated
|
217
|
-
|
218
|
-
def matches?(request)
|
219
|
-
token = Doorkeeper.authenticate(request)
|
220
|
-
token && token.accessible?
|
221
|
-
end
|
222
|
-
|
223
|
-
end
|
224
|
-
end
|
73
|
+
gem 'doorkeeper'
|
225
74
|
```
|
226
75
|
|
227
|
-
|
228
|
-
related wiki
|
229
|
-
page](https://github.com/doorkeeper-gem/doorkeeper/wiki/ActionController::Metal-with-doorkeeper).
|
76
|
+
And run `bundle install`. After this, check out the guide related to the framework you're using.
|
230
77
|
|
231
|
-
###
|
78
|
+
### Ruby on Rails
|
232
79
|
|
233
|
-
|
234
|
-
actions:
|
80
|
+
Doorkeeper currently supports Ruby on Rails >= 5.0. See the guide [here](https://doorkeeper.gitbook.io/guides/ruby-on-rails/getting-started).
|
235
81
|
|
236
|
-
|
82
|
+
### Grape
|
237
83
|
|
238
|
-
|
239
|
-
Doorkeeper.configure do
|
240
|
-
default_scopes :public # if no scope was requested, this will be the default
|
241
|
-
optional_scopes :admin, :write
|
242
|
-
end
|
243
|
-
```
|
84
|
+
Guide for integration with Grape framework can be found [here](https://doorkeeper.gitbook.io/guides/grape/grape).
|
244
85
|
|
245
|
-
|
86
|
+
## ORMs
|
246
87
|
|
247
|
-
|
248
|
-
class Api::V1::ProductsController < Api::V1::ApiController
|
249
|
-
before_action -> { doorkeeper_authorize! :public }, only: :index
|
250
|
-
before_action only: [:create, :update, :destroy] do
|
251
|
-
doorkeeper_authorize! :admin, :write
|
252
|
-
end
|
253
|
-
end
|
254
|
-
```
|
88
|
+
Doorkeeper supports Active Record by default, but can be configured to work with the following ORMs:
|
255
89
|
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
90
|
+
| ORM | Support via |
|
91
|
+
| :--- | :--- |
|
92
|
+
| Active Record | by default |
|
93
|
+
| MongoDB | [doorkeeper-gem/doorkeeper-mongodb](https://github.com/doorkeeper-gem/doorkeeper-mongodb) |
|
94
|
+
| Sequel | [nbulaj/doorkeeper-sequel](https://github.com/nbulaj/doorkeeper-sequel) |
|
95
|
+
| Couchbase | [acaprojects/doorkeeper-couchbase](https://github.com/acaprojects/doorkeeper-couchbase) |
|
96
|
+
| RethinkDB | [aca-labs/doorkeeper-rethinkdb](https://github.com/aca-labs/doorkeeper-rethinkdb) |
|
260
97
|
|
261
|
-
|
262
|
-
time, use multiple `doorkeeper_authorize!`, for example:
|
98
|
+
## Extensions
|
263
99
|
|
264
|
-
|
265
|
-
class Api::V1::ProductsController < Api::V1::ApiController
|
266
|
-
before_action -> { doorkeeper_authorize! :public }, only: :index
|
267
|
-
before_action only: [:create, :update, :destroy] do
|
268
|
-
doorkeeper_authorize! :admin
|
269
|
-
doorkeeper_authorize! :write
|
270
|
-
end
|
271
|
-
end
|
272
|
-
```
|
100
|
+
Extensions that are not included by default and can be installed separately.
|
273
101
|
|
274
|
-
|
275
|
-
|
102
|
+
| | Link |
|
103
|
+
| :--- | :--- |
|
104
|
+
| OpenID Connect extension | [doorkeeper-gem/doorkeeper-openid\_connect](https://github.com/doorkeeper-gem/doorkeeper-openid_connect) |
|
105
|
+
| JWT Token support | [doorkeeper-gem/doorkeeper-jwt](https://github.com/doorkeeper-gem/doorkeeper-jwt) |
|
106
|
+
| Assertion grant extension | [doorkeeper-gem/doorkeeper-grants\_assertion](https://github.com/doorkeeper-gem/doorkeeper-grants_assertion) |
|
107
|
+
| I18n translations | [doorkeeper-gem/doorkeeper-i18n](https://github.com/doorkeeper-gem/doorkeeper-i18n) |
|
108
|
+
| CIBA - Client Initiated Backchannel Authentication Flow extension | [doorkeeper-ciba](https://github.com/autoseg/doorkeeper-ciba) |
|
109
|
+
| Device Authorization Grant | [doorkeeper-device_authorization_grant](https://github.com/exop-group/doorkeeper-device_authorization_grant) |
|
276
110
|
|
277
|
-
|
111
|
+
## Example Applications
|
278
112
|
|
279
|
-
|
280
|
-
token, such as [JWT](http://jwt.io), specify an object that responds to
|
281
|
-
`.generate(options = {})` and returns a string to be used as the token.
|
113
|
+
These applications show how Doorkeeper works and how to integrate with it. Start with the oAuth2 server and use the clients to connect with the server.
|
282
114
|
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
JWT token support is available with
|
290
|
-
[Doorkeeper-JWT](https://github.com/chriswarren/doorkeeper-jwt).
|
291
|
-
|
292
|
-
### Custom Base Controller
|
115
|
+
| Application | Link |
|
116
|
+
| :--- | :--- |
|
117
|
+
| OAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
|
118
|
+
| Sinatra Client connected to Provider App | [doorkeeper-gem/doorkeeper-sinatra-client](https://github.com/doorkeeper-gem/doorkeeper-sinatra-client) |
|
119
|
+
| Devise + Omniauth Client | [doorkeeper-gem/doorkeeper-devise-client](https://github.com/doorkeeper-gem/doorkeeper-devise-client) |
|
293
120
|
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
base_controller 'ApplicationController'
|
300
|
-
end
|
301
|
-
```
|
121
|
+
You may want to create a client application to
|
122
|
+
test the integration. Check out these [client
|
123
|
+
examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications)
|
124
|
+
in our wiki or follow this [tutorial
|
125
|
+
here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
|
302
126
|
|
303
|
-
|
127
|
+
## Tutorials
|
304
128
|
|
305
|
-
|
306
|
-
words, the access token owner, you may want to define a method in your
|
307
|
-
controller that returns the resource owner instance:
|
129
|
+
See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-tos--tutorials) in order to learn how to use the gem or integrate it with other solutions / gems.
|
308
130
|
|
309
|
-
|
310
|
-
class Api::V1::CredentialsController < Api::V1::ApiController
|
311
|
-
before_action :doorkeeper_authorize!
|
312
|
-
respond_to :json
|
131
|
+
## Sponsors
|
313
132
|
|
314
|
-
|
315
|
-
|
316
|
-
respond_with current_resource_owner
|
317
|
-
end
|
133
|
+
[![OpenCollective](https://opencollective.com/doorkeeper-gem/backers/badge.svg)](#backers)
|
134
|
+
[![OpenCollective](https://opencollective.com/doorkeeper-gem/sponsors/badge.svg)](#sponsors)
|
318
135
|
|
319
|
-
|
136
|
+
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/doorkeeper-gem#sponsor)]
|
320
137
|
|
321
|
-
|
322
|
-
def current_resource_owner
|
323
|
-
User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
|
324
|
-
end
|
325
|
-
end
|
326
|
-
```
|
138
|
+
<a href="https://codecademy.com/about/careers?utm_source=doorkeeper-gem" target="_blank"><img src="https://static-assets.codecademy.com/marketing/codecademy_logo_padded.png"/></a>
|
327
139
|
|
328
|
-
|
329
|
-
token owner.
|
140
|
+
> Codecademy supports open source as part of its mission to democratize tech. Come help us build the education the world deserves: [https://codecademy.com/about/careers](https://codecademy.com/about/careers?utm_source=doorkeeper-gem)
|
330
141
|
|
331
|
-
|
142
|
+
<br>
|
332
143
|
|
333
|
-
|
334
|
-
To protect the endpoint you should uncomment these lines:
|
144
|
+
<a href="https://oauth.io/?utm_source=doorkeeper-gem" target="_blank"><img src="https://oauth.io/img/logo_text.png"/></a>
|
335
145
|
|
336
|
-
|
337
|
-
# config/initializers/doorkeeper.rb
|
338
|
-
Doorkeeper.configure do
|
339
|
-
admin_authenticator do |routes|
|
340
|
-
Admin.find_by_id(session[:admin_id]) || redirect_to(routes.new_admin_session_url)
|
341
|
-
end
|
342
|
-
end
|
343
|
-
```
|
146
|
+
> If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)
|
344
147
|
|
345
|
-
|
346
|
-
since the application list is just a scaffold, it's recommended to either
|
347
|
-
customize the controller used by the list or skip the controller all together.
|
348
|
-
For more information see the page
|
349
|
-
[in the wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
|
148
|
+
<br>
|
350
149
|
|
351
|
-
|
150
|
+
<a href="https://www.wealthsimple.com/?utm_source=doorkeeper-gem" target="_blank"><img src="https://wealthsimple.s3.amazonaws.com/branding/medium-black.svg"/></a>
|
352
151
|
|
353
|
-
|
354
|
-
- [CORS - Cross Origin Resource Sharing](https://github.com/doorkeeper-gem/doorkeeper/wiki/%5BCORS%5D-Cross-Origin-Resource-Sharing)
|
355
|
-
|
356
|
-
## Upgrading
|
357
|
-
|
358
|
-
If you want to upgrade doorkeeper to a new version, check out the [upgrading
|
359
|
-
notes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
|
360
|
-
and take a look at the
|
361
|
-
[changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/NEWS.md).
|
362
|
-
|
363
|
-
Doorkeeper follows [semantic versioning](http://semver.org/).
|
152
|
+
> Wealthsimple is a financial company on a mission to help everyone achieve financial freedom by providing products and advice that are accessible and affordable. Using smart technology, Wealthsimple takes financial services that are often confusing, opaque and expensive and makes them simple, transparent, and low-cost. See what Investing on Autopilot is all about: [https://www.wealthsimple.com](https://www.wealthsimple.com/?utm_source=doorkeeper-gem)
|
364
153
|
|
365
154
|
## Development
|
366
155
|
|
@@ -368,17 +157,18 @@ To run the local engine server:
|
|
368
157
|
|
369
158
|
```
|
370
159
|
bundle install
|
371
|
-
bundle exec
|
160
|
+
bundle exec rake doorkeeper:server
|
372
161
|
````
|
373
162
|
|
374
163
|
By default, it uses the latest Rails version with ActiveRecord. To run the
|
375
|
-
tests with a specific
|
164
|
+
tests with a specific Rails version:
|
376
165
|
|
377
166
|
```
|
378
|
-
|
167
|
+
BUNDLE_GEMFILE=gemfiles/rails_6_0.gemfile bundle exec rake
|
379
168
|
```
|
380
169
|
|
381
|
-
|
170
|
+
You can also experiment with the changes using `bin/console`. It uses in-memory SQLite database and default
|
171
|
+
Doorkeeper config, but you can reestablish connection or reconfigure the gem if you need.
|
382
172
|
|
383
173
|
## Contributing
|
384
174
|
|
@@ -388,42 +178,15 @@ create [example
|
|
388
178
|
apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
|
389
179
|
integrate the gem with your app and let us know!
|
390
180
|
|
391
|
-
Also, check out our [contributing guidelines
|
392
|
-
page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
|
393
|
-
|
394
|
-
## Other resources
|
395
|
-
|
396
|
-
### Wiki
|
397
|
-
|
398
|
-
You can find everything about doorkeeper in our [wiki
|
399
|
-
here](https://github.com/doorkeeper-gem/doorkeeper/wiki).
|
181
|
+
Also, check out our [contributing guidelines page](CONTRIBUTING.md).
|
400
182
|
|
401
|
-
|
402
|
-
|
403
|
-
Check out this screencast from [railscasts.com](http://railscasts.com/): [#353
|
404
|
-
OAuth with
|
405
|
-
Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
|
406
|
-
|
407
|
-
### Client applications
|
408
|
-
|
409
|
-
After you set up the provider, you may want to create a client application to
|
410
|
-
test the integration. Check out these [client
|
411
|
-
examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications)
|
412
|
-
in our wiki or follow this [tutorial
|
413
|
-
here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
|
414
|
-
|
415
|
-
### Contributors
|
183
|
+
## Contributors
|
416
184
|
|
417
185
|
Thanks to all our [awesome
|
418
186
|
contributors](https://github.com/doorkeeper-gem/doorkeeper/graphs/contributors)!
|
419
187
|
|
188
|
+
<a href="https://github.com/doorkeeper-gem/doorkeeper/graphs/contributors"><img src="https://opencollective.com/doorkeeper-gem/contributors.svg?width=890&button=false" /></a>
|
420
189
|
|
421
|
-
|
422
|
-
|
423
|
-
* [The OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749)
|
424
|
-
* [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
|
425
|
-
* [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
|
426
|
-
|
427
|
-
### License
|
190
|
+
## License
|
428
191
|
|
429
|
-
MIT License.
|
192
|
+
MIT License. Created in Applicake. Maintained by the community.
|
@@ -1,15 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
class ApplicationController <
|
3
|
-
Doorkeeper.
|
4
|
-
|
5
|
+
Doorkeeper.config.resolve_controller(:base)
|
5
6
|
include Helpers::Controller
|
7
|
+
include ActionController::MimeResponds if Doorkeeper.config.api_only
|
6
8
|
|
7
|
-
|
8
|
-
protect_from_forgery
|
9
|
-
else
|
9
|
+
unless Doorkeeper.config.api_only
|
10
10
|
protect_from_forgery with: :exception
|
11
|
+
helper "doorkeeper/dashboard"
|
11
12
|
end
|
12
|
-
|
13
|
-
helper 'doorkeeper/dashboard'
|
14
13
|
end
|
15
14
|
end
|
@@ -1,16 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
|
-
class ApplicationMetalController <
|
3
|
-
|
4
|
-
|
5
|
-
AbstractController::Rendering,
|
6
|
-
ActionController::Rendering,
|
7
|
-
ActionController::Renderers::All,
|
8
|
-
Helpers::Controller
|
9
|
-
].freeze
|
4
|
+
class ApplicationMetalController <
|
5
|
+
Doorkeeper.config.resolve_controller(:base_metal)
|
6
|
+
include Helpers::Controller
|
10
7
|
|
11
|
-
|
12
|
-
|
13
|
-
end
|
8
|
+
before_action :enforce_content_type,
|
9
|
+
if: -> { Doorkeeper.config.enforce_content_type }
|
14
10
|
|
15
11
|
ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
|
16
12
|
end
|