RubyGems - doorkeeper - Versions diffs - 4.2.6 → 4.3.0 - Mend

doorkeeper 4.2.6 → 4.3.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (120) hide show

checksums.yaml +4 -4
data/.github/ISSUE_TEMPLATE.md +19 -0
data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
data/.gitignore +1 -1
data/.hound.yml +2 -13
data/.rubocop.yml +13 -0
data/.travis.yml +13 -5
data/Appraisals +6 -2
data/CODE_OF_CONDUCT.md +46 -0
data/Gemfile +1 -1
data/NEWS.md +24 -0
data/README.md +39 -9
data/SECURITY.md +13 -0
data/app/controllers/doorkeeper/application_controller.rb +1 -5
data/app/controllers/doorkeeper/applications_controller.rb +14 -1
data/app/controllers/doorkeeper/tokens_controller.rb +13 -1
data/app/helpers/doorkeeper/dashboard_helper.rb +4 -2
data/app/validators/redirect_uri_validator.rb +12 -2
data/app/views/doorkeeper/applications/_form.html.erb +1 -1
data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
data/config/locales/en.yml +3 -5
data/doorkeeper.gemspec +4 -3
data/gemfiles/rails_4_2.gemfile +6 -4
data/gemfiles/rails_5_0.gemfile +4 -4
data/gemfiles/rails_5_1.gemfile +6 -7
data/gemfiles/rails_5_2.gemfile +12 -0
data/gemfiles/rails_master.gemfile +14 -0
data/lib/doorkeeper.rb +1 -0
data/lib/doorkeeper/config.rb +55 -55
data/lib/doorkeeper/engine.rb +3 -3
data/lib/doorkeeper/grape/helpers.rb +13 -8
data/lib/doorkeeper/helpers/controller.rb +8 -4
data/lib/doorkeeper/models/access_token_mixin.rb +14 -7
data/lib/doorkeeper/models/application_mixin.rb +11 -6
data/lib/doorkeeper/models/concerns/expirable.rb +7 -5
data/lib/doorkeeper/oauth/authorization/token.rb +22 -18
data/lib/doorkeeper/oauth/authorization_code_request.rb +6 -1
data/lib/doorkeeper/oauth/base_request.rb +5 -5
data/lib/doorkeeper/oauth/client.rb +2 -2
data/lib/doorkeeper/oauth/client/credentials.rb +2 -2
data/lib/doorkeeper/oauth/error.rb +2 -2
data/lib/doorkeeper/oauth/error_response.rb +1 -2
data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -3
data/lib/doorkeeper/oauth/password_access_token_request.rb +1 -0
data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -0
data/lib/doorkeeper/oauth/scopes.rb +18 -8
data/lib/doorkeeper/oauth/token.rb +1 -1
data/lib/doorkeeper/oauth/token_introspection.rb +128 -0
data/lib/doorkeeper/orm/active_record.rb +20 -8
data/lib/doorkeeper/orm/active_record/access_grant.rb +1 -1
data/lib/doorkeeper/orm/active_record/access_token.rb +1 -23
data/lib/doorkeeper/orm/active_record/application.rb +1 -1
data/lib/doorkeeper/orm/active_record/base_record.rb +11 -0
data/lib/doorkeeper/rails/helpers.rb +5 -6
data/lib/doorkeeper/rails/routes.rb +9 -7
data/lib/doorkeeper/request.rb +7 -1
data/lib/doorkeeper/validations.rb +3 -2
data/lib/doorkeeper/version.rb +13 -1
data/lib/generators/doorkeeper/application_owner_generator.rb +11 -2
data/lib/generators/doorkeeper/migration_generator.rb +13 -1
data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -1
data/lib/generators/doorkeeper/templates/{add_owner_to_application_migration.rb → add_owner_to_application_migration.rb.erb} +1 -1
data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +1 -1
data/lib/generators/doorkeeper/templates/initializer.rb +19 -3
data/lib/generators/doorkeeper/templates/{migration.rb → migration.rb.erb} +1 -1
data/spec/controllers/applications_controller_spec.rb +15 -4
data/spec/controllers/authorizations_controller_spec.rb +5 -5
data/spec/controllers/protected_resources_controller_spec.rb +28 -19
data/spec/controllers/token_info_controller_spec.rb +17 -13
data/spec/controllers/tokens_controller_spec.rb +138 -4
data/spec/dummy/config/initializers/doorkeeper.rb +1 -1
data/spec/dummy/config/initializers/{active_record_belongs_to_required_by_default.rb → new_framework_defaults.rb} +1 -1
data/spec/dummy/config/initializers/secret_token.rb +0 -1
data/spec/factories.rb +1 -1
data/spec/generators/application_owner_generator_spec.rb +24 -5
data/spec/generators/migration_generator_spec.rb +24 -3
data/spec/generators/previous_refresh_token_generator_spec.rb +57 -0
data/spec/grape/grape_integration_spec.rb +135 -0
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
data/spec/lib/config_spec.rb +115 -12
data/spec/lib/models/revocable_spec.rb +2 -2
data/spec/lib/oauth/authorization_code_request_spec.rb +39 -11
data/spec/lib/oauth/base_request_spec.rb +2 -7
data/spec/lib/oauth/client_credentials/creator_spec.rb +1 -1
data/spec/lib/oauth/client_credentials_integration_spec.rb +1 -1
data/spec/lib/oauth/client_credentials_request_spec.rb +1 -0
data/spec/lib/oauth/code_request_spec.rb +1 -3
data/spec/lib/oauth/helpers/uri_checker_spec.rb +5 -0
data/spec/lib/oauth/invalid_token_response_spec.rb +1 -1
data/spec/lib/oauth/password_access_token_request_spec.rb +9 -3
data/spec/lib/oauth/refresh_token_request_spec.rb +19 -7
data/spec/lib/oauth/scopes_spec.rb +28 -1
data/spec/lib/oauth/token_request_spec.rb +6 -8
data/spec/lib/server_spec.rb +10 -0
data/spec/models/doorkeeper/access_grant_spec.rb +1 -1
data/spec/models/doorkeeper/access_token_spec.rb +72 -48
data/spec/models/doorkeeper/application_spec.rb +51 -18
data/spec/requests/applications/applications_request_spec.rb +5 -5
data/spec/requests/endpoints/token_spec.rb +8 -1
data/spec/requests/flows/authorization_code_spec.rb +1 -0
data/spec/requests/flows/client_credentials_spec.rb +1 -1
data/spec/requests/flows/implicit_grant_errors_spec.rb +2 -2
data/spec/requests/flows/refresh_token_spec.rb +4 -4
data/spec/requests/flows/revoke_token_spec.rb +15 -15
data/spec/requests/protected_resources/metal_spec.rb +1 -1
data/spec/requests/protected_resources/private_api_spec.rb +1 -1
data/spec/routing/custom_controller_routes_spec.rb +4 -0
data/spec/routing/default_routes_spec.rb +5 -1
data/spec/spec_helper_integration.rb +15 -4
data/spec/support/dependencies/factory_girl.rb +2 -2
data/spec/support/helpers/access_token_request_helper.rb +1 -1
data/spec/support/helpers/model_helper.rb +9 -4
data/spec/support/helpers/request_spec_helper.rb +7 -3
data/spec/support/helpers/url_helper.rb +8 -8
data/spec/support/shared/controllers_shared_context.rb +2 -6
data/spec/support/shared/models_shared_examples.rb +4 -4
data/spec/validators/redirect_uri_validator_spec.rb +51 -6
data/spec/version/version_spec.rb +15 -0
metadata +42 -13

data/app/validators/redirect_uri_validator.rb CHANGED

@@ -11,7 +11,8 @@ class RedirectUriValidator < ActiveModel::EachValidator
     else
       value.split.each do |val|
         uri = ::URI.parse(val)
-        return if native_redirect_uri?(uri)
+        next if native_redirect_uri?(uri)
+        record.errors.add(attribute, :forbidden_uri) if forbidden_uri?(uri)
         record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
         record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
         record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
@@ -27,8 +28,17 @@ class RedirectUriValidator < ActiveModel::EachValidator
     self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
   end
+  def forbidden_uri?(uri)
+    Doorkeeper.configuration.forbid_redirect_uri.call(uri)
+  end
   def invalid_ssl_uri?(uri)
     forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
-    forces_ssl && uri.try(:scheme) == 'http'
+    if forces_ssl.respond_to?(:call)
+      forces_ssl.call(uri)
+    else
+      forces_ssl && uri.try(:scheme) == 'http'
+    end
   end
 end

data/app/views/doorkeeper/applications/_form.html.erb CHANGED

@@ -41,7 +41,7 @@
   <div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
       <%= f.submit t('doorkeeper.applications.buttons.submit'), class: "btn btn-primary" %>
-      <%= link_to t('doorkeeper.applications.buttons.cancel'), oauth_applications_path, :class => "btn btn-default" %>
+      <%= link_to t('doorkeeper.applications.buttons.cancel'), oauth_applications_path, class: "btn btn-default" %>
     </div>
   </div>
 <% end %>

data/app/views/doorkeeper/authorized_applications/index.html.erb CHANGED

@@ -9,7 +9,6 @@
       <th><%= t('doorkeeper.authorized_applications.index.application') %></th>
       <th><%= t('doorkeeper.authorized_applications.index.created_at') %></th>
       <th></th>
-      <th></th>
     </tr>
     </thead>
     <tbody>

data/config/locales/en.yml CHANGED

@@ -13,6 +13,7 @@ en:
               invalid_uri: 'must be a valid URI.'
               relative_uri: 'must be an absolute URI.'
               secured_uri: 'must be an HTTPS/SSL URI.'
+              forbidden_uri: 'is forbidden by the server.'
   doorkeeper:
     applications:
@@ -28,7 +29,7 @@ en:
         error: 'Whoops! Check your form for possible errors'
       help:
         redirect_uri: 'Use one line per URI'
-        native_redirect_uri: 'Use %{native_redirect_uri} for local tests'
+        native_redirect_uri: 'Use %{native_redirect_uri} if you want to add localhost URIs for development purposes'
         scopes: 'Separate scopes with spaces. Leave blank to use the default scopes.'
       edit:
         title: 'Edit application'
@@ -75,7 +76,7 @@ en:
       messages:
         # Common error messages
         invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
-        invalid_redirect_uri: 'The redirect uri included is not valid.'
+        invalid_redirect_uri: "The requested redirect uri is malformed or doesn't match client redirect URI."
         unauthorized_client: 'The client is not authorized to perform this request using this method.'
         access_denied: 'The resource owner or authorization server denied the request.'
         invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
@@ -94,9 +95,6 @@ en:
         invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
         unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
-        # Password Access token errors
-        invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
         invalid_token:
           revoked: "The access token was revoked"
           expired: "The access token expired"

data/doorkeeper.gemspec CHANGED

@@ -4,7 +4,7 @@ require "doorkeeper/version"
 Gem::Specification.new do |s|
   s.name        = "doorkeeper"
-  s.version     = Doorkeeper::VERSION
+  s.version     = Doorkeeper.gem_version
   s.authors     = ["Felipe Elias Philipp", "Tute Costa", "Jon Moss"]
   s.email       = %w(me@jonathanmoss.me)
   s.homepage    = "https://github.com/doorkeeper-gem/doorkeeper"
@@ -21,8 +21,9 @@ Gem::Specification.new do |s|
   s.add_development_dependency "capybara"
   s.add_development_dependency "coveralls"
-  s.add_development_dependency "database_cleaner", "~> 1.5.3"
-  s.add_development_dependency "factory_girl", "~> 4.7.0"
+  s.add_development_dependency "grape"
+  s.add_development_dependency "database_cleaner", "~> 1.6"
+  s.add_development_dependency "factory_bot", "~> 4.8"
   s.add_development_dependency "generator_spec", "~> 0.9.3"
   s.add_development_dependency "rake", ">= 11.3.0"
   s.add_development_dependency "rspec-rails"

data/gemfiles/rails_4_2.gemfile CHANGED

@@ -4,8 +4,10 @@ source "https://rubygems.org"
 gem "rails", "~> 4.2.0"
 gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", :platform => :jruby
-gem "sqlite3", :platform => [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", :platforms => [:mingw, :mswin, :x64_mingw]
+gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
+gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
+gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
+# Older Grape requires Ruby >= 2.2.2
+gem "grape", '~> 0.16', '< 0.19.2'
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_5_0.gemfile CHANGED

@@ -4,9 +4,9 @@ source "https://rubygems.org"
 gem "rails", "~> 5.0.0"
 gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", :platform => :jruby
-gem "sqlite3", :platform => [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", :platforms => [:mingw, :mswin, :x64_mingw]
+gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
+gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
+gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
 gem "rspec-rails", "~> 3.5"
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_5_1.gemfile CHANGED

@@ -2,12 +2,11 @@
 source "https://rubygems.org"
-gem "rails", :github => "rails/rails"
+gem "rails", "~> 5.1.0"
 gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", :platform => :jruby
-gem "sqlite3", :platform => [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", :platforms => [:mingw, :mswin, :x64_mingw]
-gem "arel", :github => "rails/arel"
-gem "rspec-rails", "~> 3.5"
+gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
+gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
+gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
+gem "rspec-rails", "~> 3.7"
-gemspec :path => "../"
+gemspec path: "../"

data/gemfiles/rails_5_2.gemfile ADDED

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+source "https://rubygems.org"
+gem "rails", "5.2.0.rc1"
+gem "appraisal"
+gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
+gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
+gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
+gem "rspec-rails", "~> 3.7"
+gemspec path: "../"

data/gemfiles/rails_master.gemfile ADDED

@@ -0,0 +1,14 @@
+# This file was generated by Appraisal
+source "https://rubygems.org"
+gem "rails", git: 'https://github.com/rails/rails'
+gem "arel", git: 'https://github.com/rails/arel'
+gem "appraisal"
+gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
+gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
+gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
+gem "rspec-rails", "~> 3.7"
+gemspec path: "../"

data/lib/doorkeeper.rb CHANGED

@@ -30,6 +30,7 @@ require 'doorkeeper/oauth/code_request'
 require 'doorkeeper/oauth/token_request'
 require 'doorkeeper/oauth/client'
 require 'doorkeeper/oauth/token'
+require 'doorkeeper/oauth/token_introspection'
 require 'doorkeeper/oauth/invalid_token_response'
 require 'doorkeeper/oauth/forbidden_token_response'

data/lib/doorkeeper/config.rb CHANGED

@@ -59,12 +59,12 @@ doorkeeper.
       # @option opts[Boolean] :confirmation (false)
       #   Set confirm_application_owner variable
       def enable_application_owner(opts = {})
-        @config.instance_variable_set('@enable_application_owner', true)
+        @config.instance_variable_set(:@enable_application_owner, true)
         confirm_application_owner if opts[:confirmation].present? && opts[:confirmation]
       end
       def confirm_application_owner
-        @config.instance_variable_set('@confirm_application_owner', true)
+        @config.instance_variable_set(:@confirm_application_owner, true)
       end
       # Define default access token scopes for your provider
@@ -72,7 +72,7 @@ doorkeeper.
       # @param scopes [Array] Default set of access (OAuth::Scopes.new)
       # token scopes
       def default_scopes(*scopes)
-        @config.instance_variable_set('@default_scopes', OAuth::Scopes.from_array(scopes))
+        @config.instance_variable_set(:@default_scopes, OAuth::Scopes.from_array(scopes))
       end
       # Define default access token scopes for your provider
@@ -80,7 +80,7 @@ doorkeeper.
       # @param scopes [Array] Optional set of access (OAuth::Scopes.new)
       # token scopes
       def optional_scopes(*scopes)
-        @config.instance_variable_set('@optional_scopes', OAuth::Scopes.from_array(scopes))
+        @config.instance_variable_set(:@optional_scopes, OAuth::Scopes.from_array(scopes))
       end
       # Change the way client credentials are retrieved from the request object.
@@ -90,7 +90,7 @@ doorkeeper.
       #
       # @param methods [Array] Define client credentials
       def client_credentials(*methods)
-        @config.instance_variable_set('@client_credentials', methods)
+        @config.instance_variable_set(:@client_credentials, methods)
       end
       # Change the way access token is authenticated from the request object.
@@ -100,57 +100,19 @@ doorkeeper.
       #
       # @param methods [Array] Define access token methods
       def access_token_methods(*methods)
-        @config.instance_variable_set('@access_token_methods', methods)
+        @config.instance_variable_set(:@access_token_methods, methods)
       end
       # Issue access tokens with refresh token (disabled by default)
       def use_refresh_token
-        @config.instance_variable_set('@refresh_token_enabled', true)
-      end
-      # WWW-Authenticate Realm (default "Doorkeeper").
-      #
-      # @param realm [String] ("Doorkeeper") Authentication realm
-      def realm(realm)
-        @config.instance_variable_set('@realm', realm)
+        @config.instance_variable_set(:@refresh_token_enabled, true)
       end
       # Reuse access token for the same resource owner within an application
       # (disabled by default)
       # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
       def reuse_access_token
-        @config.instance_variable_set("@reuse_access_token", true)
-      end
-      # Forces the usage of the HTTPS protocol in non-native redirect uris
-      # (enabled by default in non-development environments). OAuth2
-      # delegates security in communication to the HTTPS protocol so it is
-      # wise to keep this enabled.
-      #
-      # @param [Boolean] boolean value for the parameter, true by default in
-      # non-development environment
-      def force_ssl_in_redirect_uri(boolean)
-        @config.instance_variable_set("@force_ssl_in_redirect_uri", boolean)
-      end
-      # Use a custom class for generating the access token.
-      # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
-      #
-      # @param access_token_generator [String]
-      #   the name of the access token generator class
-      def access_token_generator(access_token_generator)
-        @config.instance_variable_set(
-          '@access_token_generator', access_token_generator
-        )
-      end
-      # The controller Doorkeeper::ApplicationController inherits from.
-      # Defaults to ActionController::Base.
-      # https://github.com/doorkeeper-gem/doorkeeper#custom-base-controller
-      #
-      # @param base_controller [String] the name of the base controller
-      def base_controller(base_controller)
-        @config.instance_variable_set('@base_controller', base_controller)
+        @config.instance_variable_set(:@reuse_access_token, true)
       end
     end
@@ -210,10 +172,6 @@ doorkeeper.
         public attribute
       end
-      def extended(base)
-        base.send(:private, :option)
-      end
     end
     extend Option
@@ -221,15 +179,17 @@ doorkeeper.
     option :resource_owner_authenticator,
            as: :authenticate_resource_owner,
            default: (lambda do |_routes|
-             logger.warn(I18n.translate('doorkeeper.errors.messages.resource_owner_authenticator_not_configured'))
+             ::Rails.logger.warn(I18n.t('doorkeeper.errors.messages.resource_owner_authenticator_not_configured'))
              nil
            end)
     option :admin_authenticator,
            as: :authenticate_admin,
            default: ->(_routes) {}
     option :resource_owner_from_credentials,
            default: (lambda do |_routes|
-             warn(I18n.translate('doorkeeper.errors.messages.credential_flow_not_configured'))
+             ::Rails.logger.warn(I18n.t('doorkeeper.errors.messages.credential_flow_not_configured'))
              nil
            end)
@@ -240,11 +200,51 @@ doorkeeper.
     option :orm,                            default: :active_record
     option :native_redirect_uri,            default: 'urn:ietf:wg:oauth:2.0:oob'
     option :active_record_options,          default: {}
+    option :grant_flows,                    default: %w[authorization_code client_credentials]
+    # Allows to forbid specific Application redirect URI's by custom rules.
+    # Doesn't forbid any URI by default.
+    #
+    # @param forbid_redirect_uri [Proc] Block or any object respond to #call
+    #
+    option :forbid_redirect_uri,            default: ->(_uri) { false }
+    # WWW-Authenticate Realm (default "Doorkeeper").
+    #
+    # @param realm [String] ("Doorkeeper") Authentication realm
+    #
     option :realm,                          default: 'Doorkeeper'
+    # Forces the usage of the HTTPS protocol in non-native redirect uris
+    # (enabled by default in non-development environments). OAuth2
+    # delegates security in communication to the HTTPS protocol so it is
+    # wise to keep this enabled.
+    #
+    # @param [Boolean] boolean_or_block value for the parameter, true by default in
+    # non-development environment
+    #
+    # @yield [uri] Conditional usage of SSL redirect uris.
+    # @yieldparam [URI] Redirect URI
+    # @yieldreturn [Boolean] Indicates necessity of usage of the HTTPS protocol
+    #   in non-native redirect uris
+    #
     option :force_ssl_in_redirect_uri,      default: !Rails.env.development?
-    option :grant_flows,                    default: %w(authorization_code client_credentials)
+    # Use a custom class for generating the access token.
+    # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
+    #
+    # @param access_token_generator [String]
+    #   the name of the access token generator class
+    #
     option :access_token_generator,
            default: 'Doorkeeper::OAuth::Helpers::UniqueToken'
+    # The controller Doorkeeper::ApplicationController inherits from.
+    # Defaults to ActionController::Base.
+    # https://github.com/doorkeeper-gem/doorkeeper#custom-base-controller
+    #
+    # @param base_controller [String] the name of the base controller
     option :base_controller,
            default: 'ActionController::Base'
@@ -278,11 +278,11 @@ doorkeeper.
     end
     def client_credentials_methods
-      @client_credentials ||= [:from_basic, :from_params]
+      @client_credentials ||= %i[from_basic from_params]
     end
     def access_token_methods
-      @access_token_methods ||= [:from_bearer_authorization, :from_access_token_param, :from_bearer_param]
+      @access_token_methods ||= %i[from_bearer_authorization from_access_token_param from_bearer_param]
     end
     def authorization_response_types

data/lib/doorkeeper/engine.rb CHANGED

@@ -1,7 +1,7 @@
 module Doorkeeper
   class Engine < Rails::Engine
     initializer "doorkeeper.params.filter" do |app|
-      parameters = %w(client_secret code authentication_token access_token refresh_token)
+      parameters = %w[client_secret code authentication_token access_token refresh_token]
       app.config.filter_parameters << /^(#{Regexp.union parameters})$/
     end
@@ -17,10 +17,10 @@ module Doorkeeper
     if defined?(Sprockets) && Sprockets::VERSION.chr.to_i >= 4
       initializer 'doorkeeper.assets.precompile' do |app|
-        app.config.assets.precompile += %w(
+        app.config.assets.precompile += %w[
           doorkeeper/application.css
           doorkeeper/admin/application.css
-        )
+        ]
       end
     end
   end

data/lib/doorkeeper/grape/helpers.rb CHANGED

@@ -9,7 +9,7 @@ module Doorkeeper
       # endpoint specific scopes > parameter scopes > default scopes
       def doorkeeper_authorize!(*scopes)
-        endpoint_scopes = env["api.endpoint"].route_setting(:scopes)
+        endpoint_scopes = endpoint.route_setting(:scopes) || endpoint.options[:route_options][:scopes]
         scopes = if endpoint_scopes
                    Doorkeeper::OAuth::Scopes.from_array(endpoint_scopes)
                  elsif scopes && !scopes.empty?
@@ -20,18 +20,16 @@ module Doorkeeper
       end
       def doorkeeper_render_error_with(error)
-        status_code = case error.status
-                      when :unauthorized
-                        401
-                      when :forbidden
-                        403
-                      end
+        status_code = error_status_codes[error.status]
         error!({ error: error.description }, status_code, error.headers)
       end
       private
+      def endpoint
+        env['api.endpoint']
+      end
       def doorkeeper_token
         @_doorkeeper_token ||= OAuth::Token.authenticate(
           decorated_request,
@@ -42,6 +40,13 @@ module Doorkeeper
       def decorated_request
         AuthorizationDecorator.new(request)
       end
+      def error_status_codes
+        {
+          unauthorized: 401,
+          forbidden: 403
+        }
+      end
     end
   end
 end