doorkeeper 4.2.6 → 5.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b4b94e7f1fb4975a36ad84ccfda9bcfb0b5e2bd7
-  data.tar.gz: fc5914c689e55572a9313caa07f2644c29f37574
+  metadata.gz: 1294d2df3309f8b266a7b9de07d4ebf8dd96fe27
+  data.tar.gz: 9eea101d6a9b5e72412a373224e8160d0d4cd897
 SHA512:
-  metadata.gz: f90cc508667ce0ec9693925a187fbc9ae5b9eeaf95b74648c9981ceea9eaef305d9981f75d48a8b8f0e00929bcc748a51da4b013b814ffa8a9344a4fc44257e1
-  data.tar.gz: 433cafea0488b8d0ab2d7d9b164b9510191f9a6d6534443674064e60c8ea2c0007494a9015b8c9d96a44b603182217496d4221db752c21d1cc5e56b1e377ae86
+  metadata.gz: a7146828263c150652126e56c7a4a177bfaecf44a02d93f7f630d99edbc5a91767e4e86964b52f68c590022ff85375dd5004b78cd621b386b9c767cc67b90a3c
+  data.tar.gz: 15d04141cfc2bc9161531bc5b2a5cd98ee55f8cb144b76878ffe7fffb790c6de380a3857cc30813cd979a6c301bec188da6554dcb04d2d2e910b2cb0f240e857

data/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,25 @@
+### Steps to reproduce
+What we need to do to see your problem or bug?
+
+The more detailed the issue, the more likely that we will fix it ASAP.
+
+Don't use GitHub issues for questions like "How can I do that?" —
+use [StackOverflow](https://stackoverflow.com/questions/tagged/doorkeeper)
+instead with the corresponding tag.
+
+### Expected behavior
+Tell us what should happen
+
+### Actual behavior
+Tell us what happens instead
+
+### System configuration
+You can help us to understand your problem if you will share some very
+useful information about your project environment (don't forget to
+remove any confidential data if it exists).
+
+**Doorkeeper initializer**:
+
+**Ruby version**:
+
+**Gemfile.lock**:

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,17 @@
+### Summary
+
+Provide a general description of the code changes in your pull
+request... were there any bugs you had fixed? If so, mention them. If
+these bugs have open GitHub issues, be sure to tag them here as well,
+to keep the conversation linked together.
+
+### Other Information
+
+If there's anything else that's important and relevant to your pull
+request, mention that information here. This could include
+benchmarks, or other information.
+
+If you are updating NEWS.md file or are asked to update it by reviewers,
+please add the changelog entry at the top of the file.
+
+Thanks for contributing to Doorkeeper project!

data/.gitignore

@@ -6,9 +6,9 @@ pkg/
 spec/dummy/db/*.sqlite3
 spec/dummy/log/*.log
 spec/dummy/tmp/
+spec/generators/tmp
 Gemfile.lock
 gemfiles/*.lock
-spec/generators/tmp
 .rvmrc
 *.swp
 .idea
@@ -17,3 +17,4 @@ spec/generators/tmp
 /doc/
 /rdoc/
 coverage
+*.gem

data/.hound.yml

@@ -1,13 +1,2 @@
-AllCops:
-  Exclude:
-    - "spec/dummy/db/*"
-
-LineLength:
-  Exclude:
-    - spec/**/*
-
-StringLiterals:
-  Enabled: false
-
-TrailingBlankLines:
-  Enabled: true
+ruby:
+  config_file: .rubocop.yml

data/.rubocop.yml

@@ -0,0 +1,17 @@
+AllCops:
+  Exclude:
+    - "spec/dummy/db/*"
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*
+
+LineLength:
+  Exclude:
+    - spec/**/*
+
+StringLiterals:
+  Enabled: false
+
+TrailingBlankLines:
+  Enabled: true

data/.travis.yml

@@ -4,23 +4,37 @@ sudo: false
 
 rvm:
   - 2.1
-  - 2.2.6
-  - 2.3.3
-  - 2.4.0
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.5
+  - ruby-2.6.0-preview1
 
 before_install:
+  - gem update --system # Need for Ruby 2.5.0. https://github.com/travis-ci/travis-ci/issues/8978
   - gem install bundler -v '~> 1.10'
 
 gemfile:
   - gemfiles/rails_4_2.gemfile
   - gemfiles/rails_5_0.gemfile
   - gemfiles/rails_5_1.gemfile
+  - gemfiles/rails_5_2.gemfile
+  - gemfiles/rails_master.gemfile
 
 matrix:
+  fast_finish: true
   exclude:
     - gemfile: gemfiles/rails_5_0.gemfile
       rvm: 2.1
     - gemfile: gemfiles/rails_5_1.gemfile
       rvm: 2.1
-  allowed_failures:
-    - gemfile: gemfiles/rails_5_1.gemfile
+    - gemfile: gemfiles/rails_5_2.gemfile
+      rvm: 2.1
+    - gemfile: gemfiles/rails_master.gemfile
+      rvm: 2.1
+    - gemfile: gemfiles/rails_master.gemfile
+      rvm: 2.2
+    - gemfile: gemfiles/rails_master.gemfile
+      rvm: 2.3
+  allow_failures:
+    - gemfile: gemfiles/rails_master.gemfile

data/Appraisals

@@ -4,11 +4,15 @@ end
 
 appraise "rails-5-0" do
   gem "rails", "~> 5.0.0"
-  gem "rspec-rails", "~> 3.5"
+  gem "rspec-rails", "~> 3.7"
 end
 
 appraise "rails-5-1" do
-  gem "rails", github: "rails/rails"
-  gem "arel", github: "rails/arel"
-  gem "rspec-rails", "~> 3.5"
+  gem "rails", "~> 5.1.0"
+  gem "rspec-rails", "~> 3.7"
+end
+
+appraise "rails-master" do
+  gem "rails", git: 'https://github.com/rails/rails'
+  gem "arel", git: 'https://github.com/rails/arel'
 end

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team members or current maintainer email, specified in gemspec. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "rails", "~> 4.2.0"
+gem "rails", "~> 5.2"
 
 gem "appraisal"
 

data/NEWS.md

@@ -1,8 +1,85 @@
 # News
 
+See https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions for
+upgrade guides.
+
 User-visible changes worth mentioning.
 
 ## master
+- [#1089] Removed enable_pkce_without_secret configuration option
+- [#1102] Expiration time based on scopes
+- [#1099] All the configuration variables in `Doorkeeper.configuration` now
+          always return a non-nil value (`true` or `false`)
+- [#1099] ORM / Query optimization: Do not revoke the refresh token if it is not enabled
+          in `doorkeeper.rb`
+- [#996] Expiration Time Base On Grant Type
+- [#997] Allow PKCE authorization_code flow as specified in RFC7636
+- [#907] Fix lookup for matching tokens in certain edge-cases
+- [#992] Add API option to use Doorkeeper without management views for API only
+  Rails applications (`api_only`)
+- [#1045] Validate redirect_uri as the native URI when making authorization code requests
+- [#1048] Remove deprecated `Doorkeeper#configured?`, `Doorkeeper#database_installed?`, and
+  `Doorkeeper#installed?` method
+- [#1031] Allow public clients to authenticate without `client_secret`. Define an app as
+  either public or private/confidential
+- [#1010] Add configuration to enforce configured scopes (`default_scopes` and
+  `optional_scopes`) for applications
+- [#1060] Ensure that the native redirect_uri parameter matches with redirect_uri of the client
+- [#1064] Add :before_successful_authorization and :after_successful_authorization hooks
+- [#1069] Upgrade Bootstrap to 4 for Admin
+- [#1068] Add rake task to cleanup databases that can become large over time
+- [#1072] AuthorizationsController: Memoize strategy.authorize_response result to enable
+  subclasses to use the response object.
+- [#1075] Call `before_successful_authorization` and `after_successful_authorization` hooks
+  on `create` action as well as `new`
+- [#1082] Fix #916: remember routes mapping and use it required places (fix error with
+  customized Token Info route).
+- [#1086, #1088] Fix bug with receiving default scopes in the token even if they are
+  not present in the application scopes (use scopes intersection).
+- [#1076] Add config to enforce content type to application/x-www-form-urlencoded
+- Fix bug with `force_ssl_in_redirect_uri` when it breaks existing applications with an
+  SSL redirect_uri.
+
+## 4.3.2
+
+- [#1053] Support authorizing with query params in the request `redirect_uri` if explicitly present in app's `Application#redirect_uri`
+
+## 4.3.1
+
+- Remove `BaseRecord` and introduce additional concern for ordering methods to fix
+  braking changes for Doorkeeper models.
+- [#1032] Refactor BaseRequest callbacks into configurable lambdas
+- [#1040] Clear mixins from ActiveRecord DSL and save only overridable API. It
+  allows to use this mixins in Doorkeeper ORM extensions with minimum code boilerplate.
+
+## 4.3.0
+
+- [#976] Fix to invalidate the second redirect URI when the first URI is the native URI
+- [#1035] Allow `Application#redirect_uri=` to handle array of URIs.
+- [#1036] Allow to forbid Application redirect URI's with specific rules.
+- [#1029] Deprecate `order_method` and introduce `ordered_by`. Sort applications
+  by `created_at` in index action.
+- [#1033] Allow Doorkeeper configuration option #force_ssl_in_redirect_uri to be a callable object.
+- Fix Grape integration & add specs for it
+- [#913] Deferred ORM (ActiveRecord) models loading
+- [#943] Fix Access Token token generation when certain errors occur in custom token generators
+- [#1026] Implement RFC7662 - OAuth 2.0 Token Introspection
+- [#985] Generate valid migration files for Rails >= 5
+- [#972] Replace Struct subclassing with block-form initialization
+- [#1003] Use URL query param to pass through native redirect auth code so automated apps can find it.
+- [#868] `Scopes#&` and `Scopes#+` now take an array or any other enumerable
+  object.
+- [#1019] Remove translation not in use: `invalid_resource_owner`.
+- Use Ruby 2 hash style syntax (min required Ruby version = 2.1)
+- [#948] Make Scopes.<=> work with any "other" value.
+- [#974] Redirect URI is checked without query params within AuthorizationCodeRequest.
+- [#1004] More explicit help text for `native_redirect_uri`.
+- [#1023] Update Ruby versions and test against 2.5.0 on Travis CI.
+- [#1024] Migrate from FactoryGirl to FactoryBot.
+- [#1025] Improve documentation for adding foreign keys
+- [#1028] Make it possible to have composite strategy names.
+
+## 4.2.6
 
 - [#970] Escape certain attributes in authorization forms.