doorkeeper 4.2.6 → 4.3.0

data/lib/doorkeeper/orm/active_record.rb

@@ -1,22 +1,34 @@
+require 'active_support/lazy_load_hooks'
+
 module Doorkeeper
   module Orm
     module ActiveRecord
       def self.initialize_models!
-        require 'doorkeeper/orm/active_record/access_grant'
-        require 'doorkeeper/orm/active_record/access_token'
-        require 'doorkeeper/orm/active_record/application'
+        lazy_load do
+          require 'doorkeeper/orm/active_record/base_record'
+          require 'doorkeeper/orm/active_record/access_grant'
+          require 'doorkeeper/orm/active_record/access_token'
+          require 'doorkeeper/orm/active_record/application'
 
-        if Doorkeeper.configuration.active_record_options[:establish_connection]
-          [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application].each do |c|
-            c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
+          if Doorkeeper.configuration.active_record_options[:establish_connection]
+            [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application].each do |model|
+              options = Doorkeeper.configuration.active_record_options[:establish_connection]
+              model.establish_connection(options)
+            end
           end
         end
       end
 
       def self.initialize_application_owner!
-        require 'doorkeeper/models/concerns/ownership'
+        lazy_load do
+          require 'doorkeeper/models/concerns/ownership'
+
+          Doorkeeper::Application.send :include, Doorkeeper::Models::Ownership
+        end
+      end
 
-        Doorkeeper::Application.send :include, Doorkeeper::Models::Ownership
+      def self.lazy_load(&block)
+        ActiveSupport.on_load(:active_record, {}, &block)
       end
     end
   end

data/lib/doorkeeper/orm/active_record/access_grant.rb

@@ -1,5 +1,5 @@
 module Doorkeeper
-  class AccessGrant < ActiveRecord::Base
+  class AccessGrant < BaseRecord
     self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}".to_sym
 
     include AccessGrantMixin

data/lib/doorkeeper/orm/active_record/access_token.rb

@@ -1,21 +1,9 @@
 module Doorkeeper
-  class AccessToken < ActiveRecord::Base
+  class AccessToken < BaseRecord
     self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}".to_sym
 
     include AccessTokenMixin
 
-    # Deletes all the Access Tokens created for the specific
-    # Application and Resource Owner.
-    #
-    # @param application_id [Integer] Application ID
-    # @param resource_owner [ActiveRecord::Base] Resource Owner model instance
-    #
-    def self.delete_all_for(application_id, resource_owner)
-      where(application_id: application_id,
-            resource_owner_id: resource_owner.id).delete_all
-    end
-    private_class_method :delete_all_for
-
     # Searches for not revoked Access Tokens associated with the
     # specific Resource Owner.
     #
@@ -29,18 +17,8 @@ module Doorkeeper
       where(resource_owner_id: resource_owner.id, revoked_at: nil)
     end
 
-    # ORM-specific order method.
-    def self.order_method
-      :order
-    end
-
     def self.refresh_token_revoked_on_use?
       column_names.include?('previous_refresh_token')
     end
-
-    # ORM-specific DESC order for `:created_at` column.
-    def self.created_at_desc
-      'created_at desc'
-    end
   end
 end

data/lib/doorkeeper/orm/active_record/application.rb

@@ -1,5 +1,5 @@
 module Doorkeeper
-  class Application < ActiveRecord::Base
+  class Application < BaseRecord
     self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}".to_sym
 
     include ApplicationMixin

data/lib/doorkeeper/orm/active_record/base_record.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class BaseRecord < ActiveRecord::Base
+    self.abstract_class = true
+
+    def self.ordered_by(attribute, direction = :asc)
+      order(attribute => direction)
+    end
+  end
+end

data/lib/doorkeeper/rails/helpers.rb

@@ -9,11 +9,9 @@ module Doorkeeper
         end
       end
 
-      def doorkeeper_unauthorized_render_options(error: nil)
-      end
+      def doorkeeper_unauthorized_render_options(**); end
 
-      def doorkeeper_forbidden_render_options(error: nil)
-      end
+      def doorkeeper_forbidden_render_options(**); end
 
       def valid_doorkeeper_token?
         doorkeeper_token && doorkeeper_token.acceptable?(@_doorkeeper_scopes)
@@ -23,14 +21,15 @@ module Doorkeeper
 
       def doorkeeper_render_error
         error = doorkeeper_error
-        headers.merge! error.headers.reject { |k| "Content-Type" == k }
+        headers.merge!(error.headers.reject { |k| k == "Content-Type" })
         doorkeeper_render_error_with(error)
       end
 
       def doorkeeper_render_error_with(error)
         options = doorkeeper_render_options(error) || {}
         status = doorkeeper_status_for_error(
-          error, options.delete(:respond_not_found_when_forbidden))
+          error, options.delete(:respond_not_found_when_forbidden)
+        )
         if options.blank?
           head status
         else

data/lib/doorkeeper/rails/routes.rb

@@ -5,7 +5,6 @@ module Doorkeeper
   module Rails
     class Routes # :nodoc:
       module Helper
-        # TODO: options hash is not being used
         def use_doorkeeper(options = {}, &block)
           Doorkeeper::Rails::Routes.new(self, &block).generate_routes!(options)
         end
@@ -27,6 +26,7 @@ module Doorkeeper
           map_route(:authorizations, :authorization_routes)
           map_route(:tokens, :token_routes)
           map_route(:tokens, :revoke_routes)
+          map_route(:tokens, :introspect_routes)
           map_route(:applications, :application_routes)
           map_route(:authorized_applications, :authorized_applications_routes)
           map_route(:token_info, :token_info_routes)
@@ -36,20 +36,18 @@ module Doorkeeper
       private
 
       def map_route(name, method)
-        unless @mapping.skipped?(name)
-          send method, @mapping[name]
-        end
+        send(method, @mapping[name]) unless @mapping.skipped?(name)
       end
 
       def authorization_routes(mapping)
         routes.resource(
           :authorization,
           path: 'authorize',
-          only: [:create, :destroy],
+          only: %i[create destroy],
           as: mapping[:as],
           controller: mapping[:controllers]
         ) do
-          routes.get '/:code', action: :show, on: :member
+          routes.get '/native', action: :show, on: :member
           routes.get '/', action: :new, on: :member
         end
       end
@@ -67,6 +65,10 @@ module Doorkeeper
         routes.post 'revoke', controller: mapping[:controllers], action: :revoke
       end
 
+      def introspect_routes(mapping)
+        routes.post 'introspect', controller: mapping[:controllers], action: :introspect
+      end
+
       def token_info_routes(mapping)
         routes.resource(
           :token_info,
@@ -81,7 +83,7 @@ module Doorkeeper
       end
 
       def authorized_applications_routes(mapping)
-        routes.resources :authorized_applications, only: [:index, :destroy], controller: mapping[:controllers]
+        routes.resources :authorized_applications, only: %i[index destroy], controller: mapping[:controllers]
       end
     end
   end

data/lib/doorkeeper/request.rb

@@ -24,7 +24,7 @@ module Doorkeeper
     def get_strategy(grant_or_request_type, available)
       fail Errors::MissingRequestStrategy unless grant_or_request_type.present?
       fail NameError unless available.include?(grant_or_request_type.to_s)
-      "Doorkeeper::Request::#{grant_or_request_type.to_s.camelize}".constantize
+      strategy_class(grant_or_request_type)
     end
 
     def authorization_response_types
@@ -36,5 +36,11 @@ module Doorkeeper
       Doorkeeper.configuration.token_grant_types
     end
     private_class_method :token_grant_types
+
+    def strategy_class(grant_or_request_type)
+      strategy_class_name = grant_or_request_type.to_s.tr(' ', '_').camelize
+      "Doorkeeper::Request::#{strategy_class_name}".constantize
+    end
+    private_class_method :strategy_class
   end
 end

data/lib/doorkeeper/validations.rb

@@ -6,9 +6,10 @@ module Doorkeeper
 
     def validate
       @error = nil
+
       self.class.validations.each do |validation|
+        @error = validation[:options][:error] unless send("validate_#{validation[:attribute]}")
         break if @error
-        @error = validation.last unless send("validate_#{validation.first}")
       end
     end
 
@@ -19,7 +20,7 @@ module Doorkeeper
 
     module ClassMethods
       def validate(attribute, options = {})
-        validations << [attribute, options[:error]]
+        validations << { attribute: attribute, options: options }
       end
 
       def validations

data/lib/doorkeeper/version.rb

@@ -1,3 +1,15 @@
 module Doorkeeper
-  VERSION = "4.2.6".freeze
+  def self.gem_version
+    Gem::Version.new VERSION::STRING
+  end
+
+  module VERSION
+    # Semantic versioning
+    MAJOR = 4
+    MINOR = 3
+    TINY = 0
+
+    # Full version number
+    STRING = [MAJOR, MINOR, TINY].compact.join('.')
+  end
 end

data/lib/generators/doorkeeper/application_owner_generator.rb

@@ -7,12 +7,21 @@ class Doorkeeper::ApplicationOwnerGenerator < Rails::Generators::Base
 
   def application_owner
     migration_template(
-      'add_owner_to_application_migration.rb',
-      'db/migrate/add_owner_to_application.rb'
+      'add_owner_to_application_migration.rb.erb',
+      'db/migrate/add_owner_to_application.rb',
+      migration_version: migration_version
     )
   end
 
   def self.next_migration_number(dirname)
     ActiveRecord::Generators::Base.next_migration_number(dirname)
   end
+
+  private
+
+  def migration_version
+    if ActiveRecord::VERSION::MAJOR >= 5
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
 end

data/lib/generators/doorkeeper/migration_generator.rb

@@ -6,10 +6,22 @@ class Doorkeeper::MigrationGenerator < ::Rails::Generators::Base
   desc 'Installs Doorkeeper migration file.'
 
   def install
-    migration_template 'migration.rb', 'db/migrate/create_doorkeeper_tables.rb'
+    migration_template(
+      'migration.rb.erb',
+      'db/migrate/create_doorkeeper_tables.rb',
+      migration_version: migration_version
+    )
   end
 
   def self.next_migration_number(dirname)
     ActiveRecord::Generators::Base.next_migration_number(dirname)
   end
+
+  private
+
+  def migration_version
+    if ActiveRecord::VERSION::MAJOR >= 5
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
 end

data/lib/generators/doorkeeper/previous_refresh_token_generator.rb

@@ -12,7 +12,7 @@ class Doorkeeper::PreviousRefreshTokenGenerator < Rails::Generators::Base
   def previous_refresh_token
     if no_previous_refresh_token_column?
       migration_template(
-        'add_previous_refresh_token_to_access_tokens.rb',
+        'add_previous_refresh_token_to_access_tokens.rb.erb',
         'db/migrate/add_previous_refresh_token_to_access_tokens.rb'
       )
     end
@@ -20,6 +20,12 @@ class Doorkeeper::PreviousRefreshTokenGenerator < Rails::Generators::Base
 
   private
 
+  def migration_version
+    if ActiveRecord::VERSION::MAJOR >= 5
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+
   def no_previous_refresh_token_column?
     !ActiveRecord::Base.connection.column_exists?(
       :oauth_access_tokens,

data/lib/generators/doorkeeper/templates/{add_owner_to_application_migration.rb → add_owner_to_application_migration.rb.erb}

@@ -1,4 +1,4 @@
-class AddOwnerToApplication < ActiveRecord::Migration
+class AddOwnerToApplication < ActiveRecord::Migration<%= migration_version %>
   def change
     add_column :oauth_applications, :owner_id, :integer, null: true
     add_column :oauth_applications, :owner_type, :string, null: true

data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb}

@@ -1,4 +1,4 @@
-class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration
+class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration<%= migration_version %>
   def change
     add_column(
       :oauth_access_tokens,

data/lib/generators/doorkeeper/templates/initializer.rb

@@ -60,13 +60,15 @@ Doorkeeper.configure do
   # Change the way client credentials are retrieved from the request object.
   # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
   # falls back to the `:client_id` and `:client_secret` params from the `params` object.
-  # Check out the wiki for more information on customization
+  # Check out https://github.com/doorkeeper-gem/doorkeeper/wiki/Changing-how-clients-are-authenticated
+  # for more information on customization
   # client_credentials :from_basic, :from_params
 
   # Change the way access token is authenticated from the request object.
   # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
   # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
-  # Check out the wiki for more information on customization
+  # Check out https://github.com/doorkeeper-gem/doorkeeper/wiki/Changing-how-clients-are-authenticated
+  # for more information on customization
   # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
 
   # Change the native redirect uri for client apps
@@ -80,7 +82,21 @@ Doorkeeper.configure do
   # by default in non-development environments). OAuth2 delegates security in
   # communication to the HTTPS protocol so it is wise to keep this enabled.
   #
+  # Callable objects such as proc, lambda, block or any object that responds to
+  # #call can be used in order to allow conditional checks (to allow non-SSL
+  # redirects to localhost for example).
+  #
   # force_ssl_in_redirect_uri !Rails.env.development?
+  #
+  # force_ssl_in_redirect_uri { |uri| uri.host != 'localhost' }
+
+  # Specify what redirect URI's you want to block during creation. Any redirect
+  # URI is whitelisted by default.
+  #
+  # You can use this option in order to forbid URI's with 'javascript' scheme
+  # for example.
+  #
+  # forbid_redirect_uri { |uri| uri.scheme.to_s.downcase == 'javascript' }
 
   # Specify what grant flows are enabled in array of Strings. The valid
   # strings and the flows they enable are:
@@ -98,7 +114,7 @@ Doorkeeper.configure do
   #   http://tools.ietf.org/html/rfc6819#section-4.4.2
   #   http://tools.ietf.org/html/rfc6819#section-4.4.3
   #
-  # grant_flows %w(authorization_code client_credentials)
+  # grant_flows %w[authorization_code client_credentials]
 
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.

data/lib/generators/doorkeeper/templates/{migration.rb → migration.rb.erb}

@@ -1,4 +1,4 @@
-class CreateDoorkeeperTables < ActiveRecord::Migration
+class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
   def change
     create_table :oauth_applications do |t|
       t.string  :name,         null: false

data/spec/controllers/applications_controller_spec.rb

@@ -19,13 +19,24 @@ module Doorkeeper
           post :create, doorkeeper_application: {
             name: 'Example',
             redirect_uri: 'https://example.com' }
-        end.to_not change { Doorkeeper::Application.count }
+        end.not_to change { Doorkeeper::Application.count }
       end
     end
 
     context 'when admin is authenticated' do
+      render_views
+
       before do
-        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(arg) { true })
+        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
+      end
+
+      it 'sorts applications by created_at' do
+        first_application = FactoryBot.create(:application)
+        second_application = FactoryBot.create(:application)
+        expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
+        get :index
+        expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
+        expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
       end
 
       it 'creates application' do
@@ -38,7 +49,7 @@ module Doorkeeper
       end
 
       it 'does not allow mass assignment of uid or secret' do
-        application = FactoryGirl.create(:application)
+        application = FactoryBot.create(:application)
         put :update, id: application.id, doorkeeper_application: {
           uid: '1A2B3C4D',
           secret: '1A2B3C4D' }
@@ -47,7 +58,7 @@ module Doorkeeper
       end
 
       it 'updates application' do
-        application = FactoryGirl.create(:application)
+        application = FactoryBot.create(:application)
         put :update, id: application.id, doorkeeper_application: {
           name: 'Example',
           redirect_uri: 'https://example.com' }