doorkeeper 4.2.6 → 5.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE.md +25 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +17 -0
- data/.gitignore +2 -1
- data/.hound.yml +2 -13
- data/.rubocop.yml +17 -0
- data/.travis.yml +19 -5
- data/Appraisals +8 -4
- data/CODE_OF_CONDUCT.md +46 -0
- data/Gemfile +1 -1
- data/NEWS.md +77 -0
- data/README.md +169 -34
- data/Rakefile +6 -0
- data/SECURITY.md +15 -0
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +2 -5
- data/app/controllers/doorkeeper/application_metal_controller.rb +4 -0
- data/app/controllers/doorkeeper/applications_controller.rb +47 -13
- data/app/controllers/doorkeeper/authorizations_controller.rb +55 -12
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +15 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +15 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +8 -6
- data/app/validators/redirect_uri_validator.rb +13 -2
- data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
- data/app/views/doorkeeper/applications/_form.html.erb +31 -19
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +8 -5
- data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +4 -0
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +15 -15
- data/config/locales/en.yml +18 -6
- data/doorkeeper.gemspec +6 -5
- data/gemfiles/rails_4_2.gemfile +6 -4
- data/gemfiles/rails_5_0.gemfile +4 -4
- data/gemfiles/rails_5_1.gemfile +6 -7
- data/gemfiles/rails_5_2.gemfile +12 -0
- data/gemfiles/rails_master.gemfile +14 -0
- data/lib/doorkeeper/config.rb +107 -68
- data/lib/doorkeeper/engine.rb +7 -3
- data/lib/doorkeeper/errors.rb +2 -5
- data/lib/doorkeeper/grape/helpers.rb +14 -9
- data/lib/doorkeeper/helpers/controller.rb +15 -6
- data/lib/doorkeeper/models/access_grant_mixin.rb +52 -23
- data/lib/doorkeeper/models/access_token_mixin.rb +51 -52
- data/lib/doorkeeper/models/application_mixin.rb +16 -30
- data/lib/doorkeeper/models/concerns/expirable.rb +7 -5
- data/lib/doorkeeper/models/concerns/orderable.rb +13 -0
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/code.rb +31 -8
- data/lib/doorkeeper/oauth/authorization/context.rb +15 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +41 -20
- data/lib/doorkeeper/oauth/authorization_code_request.rb +33 -3
- data/lib/doorkeeper/oauth/base_request.rb +22 -7
- data/lib/doorkeeper/oauth/client/credentials.rb +6 -4
- data/lib/doorkeeper/oauth/client.rb +2 -2
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +6 -1
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +4 -2
- data/lib/doorkeeper/oauth/error.rb +2 -2
- data/lib/doorkeeper/oauth/error_response.rb +11 -4
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +0 -8
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +15 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +3 -4
- data/lib/doorkeeper/oauth/password_access_token_request.rb +8 -4
- data/lib/doorkeeper/oauth/pre_authorization.rb +45 -13
- data/lib/doorkeeper/oauth/refresh_token_request.rb +7 -1
- data/lib/doorkeeper/oauth/scopes.rb +19 -9
- data/lib/doorkeeper/oauth/token.rb +6 -3
- data/lib/doorkeeper/oauth/token_introspection.rb +128 -0
- data/lib/doorkeeper/oauth/token_response.rb +4 -2
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +27 -0
- data/lib/doorkeeper/orm/active_record/access_token.rb +21 -20
- data/lib/doorkeeper/orm/active_record/application.rb +34 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +26 -0
- data/lib/doorkeeper/orm/active_record.rb +21 -8
- data/lib/doorkeeper/rails/helpers.rb +7 -10
- data/lib/doorkeeper/rails/routes.rb +21 -7
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +6 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/password.rb +1 -11
- data/lib/doorkeeper/request.rb +29 -23
- data/lib/doorkeeper/validations.rb +3 -2
- data/lib/doorkeeper/version.rb +14 -1
- data/lib/doorkeeper.rb +6 -17
- data/lib/generators/doorkeeper/application_owner_generator.rb +26 -12
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +32 -0
- data/lib/generators/doorkeeper/install_generator.rb +17 -9
- data/lib/generators/doorkeeper/migration_generator.rb +26 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +32 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -20
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/{add_owner_to_application_migration.rb → add_owner_to_application_migration.rb.erb} +1 -1
- data/lib/generators/doorkeeper/templates/{add_previous_refresh_token_to_access_tokens.rb → add_previous_refresh_token_to_access_tokens.rb.erb} +1 -1
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +6 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +88 -10
- data/lib/generators/doorkeeper/templates/{migration.rb → migration.rb.erb} +2 -1
- data/lib/generators/doorkeeper/views_generator.rb +3 -1
- data/spec/controllers/application_metal_controller_spec.rb +50 -0
- data/spec/controllers/applications_controller_spec.rb +141 -17
- data/spec/controllers/authorizations_controller_spec.rb +255 -20
- data/spec/controllers/protected_resources_controller_spec.rb +44 -35
- data/spec/controllers/token_info_controller_spec.rb +17 -21
- data/spec/controllers/tokens_controller_spec.rb +142 -10
- data/spec/dummy/app/assets/config/manifest.js +2 -0
- data/spec/dummy/config/environments/test.rb +4 -5
- data/spec/dummy/config/initializers/doorkeeper.rb +18 -1
- data/spec/dummy/config/initializers/{active_record_belongs_to_required_by_default.rb → new_framework_defaults.rb} +5 -1
- data/spec/dummy/config/initializers/secret_token.rb +0 -1
- data/spec/dummy/config/routes.rb +3 -42
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +3 -1
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +3 -1
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -1
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +3 -1
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +3 -1
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +6 -0
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +13 -0
- data/spec/dummy/db/schema.rb +38 -37
- data/spec/factories.rb +1 -1
- data/spec/generators/application_owner_generator_spec.rb +25 -6
- data/spec/generators/confidential_applications_generator_spec.rb +45 -0
- data/spec/generators/install_generator_spec.rb +1 -1
- data/spec/generators/migration_generator_spec.rb +25 -4
- data/spec/generators/pkce_generator_spec.rb +43 -0
- data/spec/generators/previous_refresh_token_generator_spec.rb +57 -0
- data/spec/generators/views_generator_spec.rb +1 -1
- data/spec/grape/grape_integration_spec.rb +135 -0
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +2 -2
- data/spec/lib/config_spec.rb +170 -22
- data/spec/lib/doorkeeper_spec.rb +1 -126
- data/spec/lib/models/expirable_spec.rb +0 -3
- data/spec/lib/models/revocable_spec.rb +2 -4
- data/spec/lib/models/scopes_spec.rb +0 -4
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -4
- data/spec/lib/oauth/authorization_code_request_spec.rb +63 -13
- data/spec/lib/oauth/base_request_spec.rb +19 -10
- data/spec/lib/oauth/base_response_spec.rb +1 -1
- data/spec/lib/oauth/client/credentials_spec.rb +5 -5
- data/spec/lib/oauth/client_credentials/creator_spec.rb +6 -2
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +26 -7
- data/spec/lib/oauth/client_credentials/validation_spec.rb +2 -3
- data/spec/lib/oauth/client_credentials_integration_spec.rb +2 -2
- data/spec/lib/oauth/client_credentials_request_spec.rb +4 -5
- data/spec/lib/oauth/client_spec.rb +0 -3
- data/spec/lib/oauth/code_request_spec.rb +5 -5
- data/spec/lib/oauth/error_response_spec.rb +0 -3
- data/spec/lib/oauth/error_spec.rb +1 -3
- data/spec/lib/oauth/forbidden_token_response_spec.rb +1 -4
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -3
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -1
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +115 -3
- data/spec/lib/oauth/invalid_token_response_spec.rb +2 -5
- data/spec/lib/oauth/password_access_token_request_spec.rb +46 -5
- data/spec/lib/oauth/pre_authorization_spec.rb +40 -6
- data/spec/lib/oauth/refresh_token_request_spec.rb +30 -14
- data/spec/lib/oauth/scopes_spec.rb +28 -4
- data/spec/lib/oauth/token_request_spec.rb +10 -13
- data/spec/lib/oauth/token_response_spec.rb +0 -1
- data/spec/lib/oauth/token_spec.rb +37 -14
- data/spec/lib/orm/active_record/stale_records_cleaner_spec.rb +79 -0
- data/spec/lib/request/strategy_spec.rb +0 -1
- data/spec/lib/server_spec.rb +10 -0
- data/spec/models/doorkeeper/access_grant_spec.rb +2 -2
- data/spec/models/doorkeeper/access_token_spec.rb +118 -60
- data/spec/models/doorkeeper/application_spec.rb +101 -23
- data/spec/requests/applications/applications_request_spec.rb +94 -6
- data/spec/requests/applications/authorized_applications_spec.rb +1 -1
- data/spec/requests/endpoints/authorization_spec.rb +1 -1
- data/spec/requests/endpoints/token_spec.rb +15 -6
- data/spec/requests/flows/authorization_code_errors_spec.rb +1 -1
- data/spec/requests/flows/authorization_code_spec.rb +198 -1
- data/spec/requests/flows/client_credentials_spec.rb +73 -5
- data/spec/requests/flows/implicit_grant_errors_spec.rb +3 -3
- data/spec/requests/flows/implicit_grant_spec.rb +38 -11
- data/spec/requests/flows/password_spec.rb +160 -24
- data/spec/requests/flows/refresh_token_spec.rb +6 -6
- data/spec/requests/flows/revoke_token_spec.rb +26 -26
- data/spec/requests/flows/skip_authorization_spec.rb +16 -11
- data/spec/requests/protected_resources/metal_spec.rb +2 -2
- data/spec/requests/protected_resources/private_api_spec.rb +2 -2
- data/spec/routing/custom_controller_routes_spec.rb +63 -7
- data/spec/routing/default_routes_spec.rb +6 -2
- data/spec/routing/scoped_routes_spec.rb +16 -2
- data/spec/spec_helper.rb +54 -3
- data/spec/spec_helper_integration.rb +2 -63
- data/spec/support/dependencies/factory_bot.rb +2 -0
- data/spec/support/doorkeeper_rspec.rb +19 -0
- data/spec/support/helpers/access_token_request_helper.rb +1 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -4
- data/spec/support/helpers/model_helper.rb +9 -4
- data/spec/support/helpers/request_spec_helper.rb +10 -6
- data/spec/support/helpers/url_helper.rb +15 -10
- data/spec/support/http_method_shim.rb +12 -16
- data/spec/support/shared/controllers_shared_context.rb +2 -6
- data/spec/support/shared/models_shared_examples.rb +4 -4
- data/spec/validators/redirect_uri_validator_spec.rb +58 -7
- data/spec/version/version_spec.rb +15 -0
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +73 -19
- data/spec/controllers/application_metal_controller.rb +0 -10
- data/spec/support/dependencies/factory_girl.rb +0 -2
|
@@ -4,7 +4,7 @@ module Doorkeeper
|
|
|
4
4
|
response = authorize_response
|
|
5
5
|
headers.merge! response.headers
|
|
6
6
|
self.response_body = response.body.to_json
|
|
7
|
-
self.status
|
|
7
|
+
self.status = response.status
|
|
8
8
|
rescue Errors::DoorkeeperError => e
|
|
9
9
|
handle_token_exception e
|
|
10
10
|
end
|
|
@@ -17,9 +17,7 @@ module Doorkeeper
|
|
|
17
17
|
# Doorkeeper does not use the token_type_hint logic described in the
|
|
18
18
|
# RFC 7009 due to the refresh token implementation that is a field in
|
|
19
19
|
# the access token model.
|
|
20
|
-
if authorized?
|
|
21
|
-
revoke_token
|
|
22
|
-
end
|
|
20
|
+
revoke_token if authorized?
|
|
23
21
|
|
|
24
22
|
# The authorization server responds with HTTP status code 200 if the token
|
|
25
23
|
# has been revoked successfully or if the client submitted an invalid
|
|
@@ -27,6 +25,18 @@ module Doorkeeper
|
|
|
27
25
|
render json: {}, status: 200
|
|
28
26
|
end
|
|
29
27
|
|
|
28
|
+
def introspect
|
|
29
|
+
introspection = OAuth::TokenIntrospection.new(server, token)
|
|
30
|
+
|
|
31
|
+
if introspection.authorized?
|
|
32
|
+
render json: introspection.to_json, status: 200
|
|
33
|
+
else
|
|
34
|
+
error = OAuth::ErrorResponse.new(name: introspection.error)
|
|
35
|
+
response.headers.merge!(error.headers)
|
|
36
|
+
render json: error.body, status: error.status
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
30
40
|
private
|
|
31
41
|
|
|
32
42
|
# OAuth 2.0 Section 2.1 defines two client types, "public" & "confidential".
|
|
@@ -60,9 +70,7 @@ module Doorkeeper
|
|
|
60
70
|
end
|
|
61
71
|
|
|
62
72
|
def revoke_token
|
|
63
|
-
if token.accessible?
|
|
64
|
-
token.revoke
|
|
65
|
-
end
|
|
73
|
+
token.revoke if token.accessible?
|
|
66
74
|
end
|
|
67
75
|
|
|
68
76
|
def token
|
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
module Doorkeeper
|
|
2
2
|
module DashboardHelper
|
|
3
3
|
def doorkeeper_errors_for(object, method)
|
|
4
|
-
if object.errors[method].
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
end
|
|
4
|
+
return if object.errors[method].blank?
|
|
5
|
+
|
|
6
|
+
output = object.errors[method].map do |msg|
|
|
7
|
+
content_tag(:span, class: 'form-text') do
|
|
8
|
+
msg.capitalize
|
|
9
|
+
end
|
|
10
10
|
end
|
|
11
|
+
|
|
12
|
+
safe_join(output)
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
def doorkeeper_submit_path(application)
|
|
@@ -11,7 +11,8 @@ class RedirectUriValidator < ActiveModel::EachValidator
|
|
|
11
11
|
else
|
|
12
12
|
value.split.each do |val|
|
|
13
13
|
uri = ::URI.parse(val)
|
|
14
|
-
|
|
14
|
+
next if native_redirect_uri?(uri)
|
|
15
|
+
record.errors.add(attribute, :forbidden_uri) if forbidden_uri?(uri)
|
|
15
16
|
record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
|
|
16
17
|
record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
|
|
17
18
|
record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
|
|
@@ -27,8 +28,18 @@ class RedirectUriValidator < ActiveModel::EachValidator
|
|
|
27
28
|
self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
|
|
28
29
|
end
|
|
29
30
|
|
|
31
|
+
def forbidden_uri?(uri)
|
|
32
|
+
Doorkeeper.configuration.forbid_redirect_uri.call(uri)
|
|
33
|
+
end
|
|
34
|
+
|
|
30
35
|
def invalid_ssl_uri?(uri)
|
|
31
36
|
forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
|
|
32
|
-
|
|
37
|
+
non_https = uri.try(:scheme) == 'http'
|
|
38
|
+
|
|
39
|
+
if forces_ssl.respond_to?(:call)
|
|
40
|
+
forces_ssl.call(uri) && non_https
|
|
41
|
+
else
|
|
42
|
+
forces_ssl && non_https
|
|
43
|
+
end
|
|
33
44
|
end
|
|
34
45
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
<%- submit_btn_css ||= 'btn btn-link' %>
|
|
2
2
|
<%= form_tag oauth_application_path(application), method: :delete do %>
|
|
3
|
-
<%= submit_tag t('doorkeeper.applications.buttons.destroy'),
|
|
3
|
+
<%= submit_tag t('doorkeeper.applications.buttons.destroy'),
|
|
4
|
+
onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')",
|
|
5
|
+
class: submit_btn_css %>
|
|
4
6
|
<% end %>
|
|
@@ -1,47 +1,59 @@
|
|
|
1
|
-
<%= form_for application, url: doorkeeper_submit_path(application), html: {
|
|
1
|
+
<%= form_for application, url: doorkeeper_submit_path(application), html: { role: 'form' } do |f| %>
|
|
2
2
|
<% if application.errors.any? %>
|
|
3
3
|
<div class="alert alert-danger" data-alert><p><%= t('doorkeeper.applications.form.error') %></p></div>
|
|
4
4
|
<% end %>
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
<%= f.label :name, class: 'col-sm-2
|
|
6
|
+
<div class="form-group row">
|
|
7
|
+
<%= f.label :name, class: 'col-sm-2 col-form-label font-weight-bold' %>
|
|
8
8
|
<div class="col-sm-10">
|
|
9
|
-
<%= f.text_field :name, class:
|
|
9
|
+
<%= f.text_field :name, class: "form-control #{ 'is-invalid' if application.errors[:name].present? }", required: true %>
|
|
10
10
|
<%= doorkeeper_errors_for application, :name %>
|
|
11
11
|
</div>
|
|
12
|
-
|
|
12
|
+
</div>
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
<%= f.label :redirect_uri, class: 'col-sm-2
|
|
14
|
+
<div class="form-group row">
|
|
15
|
+
<%= f.label :redirect_uri, class: 'col-sm-2 col-form-label font-weight-bold' %>
|
|
16
16
|
<div class="col-sm-10">
|
|
17
|
-
<%= f.text_area :redirect_uri, class:
|
|
17
|
+
<%= f.text_area :redirect_uri, class: "form-control #{ 'is-invalid' if application.errors[:redirect_uri].present? }" %>
|
|
18
18
|
<%= doorkeeper_errors_for application, :redirect_uri %>
|
|
19
|
-
<span class="
|
|
19
|
+
<span class="form-text text-secondary">
|
|
20
20
|
<%= t('doorkeeper.applications.help.redirect_uri') %>
|
|
21
21
|
</span>
|
|
22
|
+
|
|
22
23
|
<% if Doorkeeper.configuration.native_redirect_uri %>
|
|
23
|
-
<span class="
|
|
24
|
-
<%= raw t('doorkeeper.applications.help.native_redirect_uri', native_redirect_uri: content_tag(:code) { Doorkeeper.configuration.native_redirect_uri }) %>
|
|
24
|
+
<span class="form-text text-secondary">
|
|
25
|
+
<%= raw t('doorkeeper.applications.help.native_redirect_uri', native_redirect_uri: content_tag(:code, class: 'bg-light') { Doorkeeper.configuration.native_redirect_uri }) %>
|
|
25
26
|
</span>
|
|
26
27
|
<% end %>
|
|
27
28
|
</div>
|
|
28
|
-
|
|
29
|
+
</div>
|
|
30
|
+
|
|
31
|
+
<div class="form-group row">
|
|
32
|
+
<%= f.label :confidential, class: 'col-sm-2 form-check-label font-weight-bold' %>
|
|
33
|
+
<div class="col-sm-10">
|
|
34
|
+
<%= f.check_box :confidential, class: "checkbox #{ 'is-invalid' if application.errors[:confidential].present? }" %>
|
|
35
|
+
<%= doorkeeper_errors_for application, :confidential %>
|
|
36
|
+
<span class="form-text text-secondary">
|
|
37
|
+
<%= t('doorkeeper.applications.help.confidential') %>
|
|
38
|
+
</span>
|
|
39
|
+
</div>
|
|
40
|
+
</div>
|
|
29
41
|
|
|
30
|
-
|
|
31
|
-
<%= f.label :scopes, class: 'col-sm-2
|
|
42
|
+
<div class="form-group row">
|
|
43
|
+
<%= f.label :scopes, class: 'col-sm-2 col-form-label font-weight-bold' %>
|
|
32
44
|
<div class="col-sm-10">
|
|
33
|
-
<%= f.text_field :scopes, class:
|
|
45
|
+
<%= f.text_field :scopes, class: "form-control #{ 'has-error' if application.errors[:scopes].present? }" %>
|
|
34
46
|
<%= doorkeeper_errors_for application, :scopes %>
|
|
35
|
-
<span class="
|
|
47
|
+
<span class="form-text text-secondary">
|
|
36
48
|
<%= t('doorkeeper.applications.help.scopes') %>
|
|
37
49
|
</span>
|
|
38
50
|
</div>
|
|
39
|
-
|
|
51
|
+
</div>
|
|
40
52
|
|
|
41
53
|
<div class="form-group">
|
|
42
54
|
<div class="col-sm-offset-2 col-sm-10">
|
|
43
|
-
<%= f.submit t('doorkeeper.applications.buttons.submit'), class:
|
|
44
|
-
<%= link_to t('doorkeeper.applications.buttons.cancel'), oauth_applications_path, :
|
|
55
|
+
<%= f.submit t('doorkeeper.applications.buttons.submit'), class: 'btn btn-primary' %>
|
|
56
|
+
<%= link_to t('doorkeeper.applications.buttons.cancel'), oauth_applications_path, class: 'btn btn-secondary' %>
|
|
45
57
|
</div>
|
|
46
58
|
</div>
|
|
47
59
|
<% end %>
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
<div class="
|
|
1
|
+
<div class="border-bottom mb-4">
|
|
2
2
|
<h1><%= t('.title') %></h1>
|
|
3
3
|
</div>
|
|
4
4
|
|
|
@@ -9,17 +9,29 @@
|
|
|
9
9
|
<tr>
|
|
10
10
|
<th><%= t('.name') %></th>
|
|
11
11
|
<th><%= t('.callback_url') %></th>
|
|
12
|
-
<th
|
|
12
|
+
<th><%= t('.confidential') %></th>
|
|
13
|
+
<th><%= t('.actions') %></th>
|
|
13
14
|
<th></th>
|
|
14
15
|
</tr>
|
|
15
16
|
</thead>
|
|
16
17
|
<tbody>
|
|
17
18
|
<% @applications.each do |application| %>
|
|
18
19
|
<tr id="application_<%= application.id %>">
|
|
19
|
-
<td
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
<td
|
|
20
|
+
<td class="align-middle">
|
|
21
|
+
<%= link_to application.name, oauth_application_path(application) %>
|
|
22
|
+
</td>
|
|
23
|
+
<td class="align-middle">
|
|
24
|
+
<%= application.redirect_uri %>
|
|
25
|
+
</td>
|
|
26
|
+
<td class="align-middle">
|
|
27
|
+
<%= application.confidential? ? t('doorkeeper.applications.index.confidentiality.yes') : t('doorkeeper.applications.index.confidentiality.no') %>
|
|
28
|
+
</td>
|
|
29
|
+
<td class="align-middle">
|
|
30
|
+
<%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %>
|
|
31
|
+
</td>
|
|
32
|
+
<td class="align-middle">
|
|
33
|
+
<%= render 'delete_form', application: application %>
|
|
34
|
+
</td>
|
|
23
35
|
</tr>
|
|
24
36
|
<% end %>
|
|
25
37
|
</tbody>
|
|
@@ -1,17 +1,20 @@
|
|
|
1
|
-
<div class="
|
|
1
|
+
<div class="border-bottom mb-4">
|
|
2
2
|
<h1><%= t('.title', name: @application.name) %></h1>
|
|
3
3
|
</div>
|
|
4
4
|
|
|
5
5
|
<div class="row">
|
|
6
6
|
<div class="col-md-8">
|
|
7
7
|
<h4><%= t('.application_id') %>:</h4>
|
|
8
|
-
<p><code id="application_id"><%= @application.uid %></code></p>
|
|
8
|
+
<p><code class="bg-light" id="application_id"><%= @application.uid %></code></p>
|
|
9
9
|
|
|
10
10
|
<h4><%= t('.secret') %>:</h4>
|
|
11
|
-
<p><code id="secret"><%= @application.secret %></code></p>
|
|
11
|
+
<p><code class="bg-light" id="secret"><%= @application.secret %></code></p>
|
|
12
12
|
|
|
13
13
|
<h4><%= t('.scopes') %>:</h4>
|
|
14
|
-
<p><code id="scopes"><%= @application.scopes %></code></p>
|
|
14
|
+
<p><code class="bg-light" id="scopes"><%= @application.scopes.presence || raw(' ') %></code></p>
|
|
15
|
+
|
|
16
|
+
<h4><%= t('.confidential') %>:</h4>
|
|
17
|
+
<p><code class="bg-light" id="confidential"><%= @application.confidential? %></code></p>
|
|
15
18
|
|
|
16
19
|
<h4><%= t('.callback_urls') %>:</h4>
|
|
17
20
|
|
|
@@ -19,7 +22,7 @@
|
|
|
19
22
|
<% @application.redirect_uri.split.each do |uri| %>
|
|
20
23
|
<tr>
|
|
21
24
|
<td>
|
|
22
|
-
<code><%= uri %></code>
|
|
25
|
+
<code class="bg-light"><%= uri %></code>
|
|
23
26
|
</td>
|
|
24
27
|
<td>
|
|
25
28
|
<%= link_to t('doorkeeper.applications.buttons.authorize'), oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code', scope: @application.scopes), class: 'btn btn-success', target: '_blank' %>
|
|
@@ -26,6 +26,8 @@
|
|
|
26
26
|
<%= hidden_field_tag :state, @pre_auth.state %>
|
|
27
27
|
<%= hidden_field_tag :response_type, @pre_auth.response_type %>
|
|
28
28
|
<%= hidden_field_tag :scope, @pre_auth.scope %>
|
|
29
|
+
<%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
|
|
30
|
+
<%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>
|
|
29
31
|
<%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
|
|
30
32
|
<% end %>
|
|
31
33
|
<%= form_tag oauth_authorization_path, method: :delete do %>
|
|
@@ -34,6 +36,8 @@
|
|
|
34
36
|
<%= hidden_field_tag :state, @pre_auth.state %>
|
|
35
37
|
<%= hidden_field_tag :response_type, @pre_auth.response_type %>
|
|
36
38
|
<%= hidden_field_tag :scope, @pre_auth.scope %>
|
|
39
|
+
<%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
|
|
40
|
+
<%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>
|
|
37
41
|
<%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
|
|
38
42
|
<% end %>
|
|
39
43
|
</div>
|
|
@@ -4,27 +4,27 @@
|
|
|
4
4
|
<meta charset="utf-8">
|
|
5
5
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
6
6
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
7
|
-
<title
|
|
7
|
+
<title><%= t('doorkeeper.layouts.admin.title') %></title>
|
|
8
8
|
<%= stylesheet_link_tag "doorkeeper/admin/application" %>
|
|
9
9
|
<%= csrf_meta_tags %>
|
|
10
10
|
</head>
|
|
11
11
|
<body>
|
|
12
|
-
<
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
<% end %>
|
|
12
|
+
<nav class="navbar navbar-expand-lg navbar-dark bg-dark mb-5">
|
|
13
|
+
<%= link_to t('doorkeeper.layouts.admin.nav.oauth2_provider'), oauth_applications_path, class: 'navbar-brand' %>
|
|
14
|
+
|
|
15
|
+
<div class="collapse navbar-collapse">
|
|
16
|
+
<ul class="navbar-nav mr-auto">
|
|
17
|
+
<li class="nav-item <%= 'active' if request.path == oauth_applications_path %>">
|
|
18
|
+
<%= link_to t('doorkeeper.layouts.admin.nav.applications'), oauth_applications_path, class: 'nav-link' %>
|
|
19
|
+
</li>
|
|
20
|
+
<li class="nav-item">
|
|
21
|
+
<%= link_to t('doorkeeper.layouts.admin.nav.home'), root_path, class: 'nav-link' %>
|
|
22
|
+
</li>
|
|
24
23
|
</ul>
|
|
25
24
|
</div>
|
|
26
|
-
</
|
|
27
|
-
|
|
25
|
+
</nav>
|
|
26
|
+
|
|
27
|
+
<div class="doorkeeper-admin container">
|
|
28
28
|
<%- if flash[:notice].present? %>
|
|
29
29
|
<div class="alert alert-info">
|
|
30
30
|
<%= flash[:notice] %>
|
data/config/locales/en.yml
CHANGED
|
@@ -13,6 +13,9 @@ en:
|
|
|
13
13
|
invalid_uri: 'must be a valid URI.'
|
|
14
14
|
relative_uri: 'must be an absolute URI.'
|
|
15
15
|
secured_uri: 'must be an HTTPS/SSL URI.'
|
|
16
|
+
forbidden_uri: 'is forbidden by the server.'
|
|
17
|
+
scopes:
|
|
18
|
+
not_match_configured: "doesn't match configured on the server."
|
|
16
19
|
|
|
17
20
|
doorkeeper:
|
|
18
21
|
applications:
|
|
@@ -27,8 +30,9 @@ en:
|
|
|
27
30
|
form:
|
|
28
31
|
error: 'Whoops! Check your form for possible errors'
|
|
29
32
|
help:
|
|
33
|
+
confidential: 'Application will be used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential.'
|
|
30
34
|
redirect_uri: 'Use one line per URI'
|
|
31
|
-
native_redirect_uri: 'Use %{native_redirect_uri} for
|
|
35
|
+
native_redirect_uri: 'Use %{native_redirect_uri} if you want to add localhost URIs for development purposes'
|
|
32
36
|
scopes: 'Separate scopes with spaces. Leave blank to use the default scopes.'
|
|
33
37
|
edit:
|
|
34
38
|
title: 'Edit application'
|
|
@@ -37,13 +41,19 @@ en:
|
|
|
37
41
|
new: 'New Application'
|
|
38
42
|
name: 'Name'
|
|
39
43
|
callback_url: 'Callback URL'
|
|
44
|
+
confidential: 'Confidential?'
|
|
45
|
+
actions: 'Actions'
|
|
46
|
+
confidentiality:
|
|
47
|
+
'yes': 'Yes'
|
|
48
|
+
'no': 'No'
|
|
40
49
|
new:
|
|
41
50
|
title: 'New Application'
|
|
42
51
|
show:
|
|
43
52
|
title: 'Application: %{name}'
|
|
44
|
-
application_id: 'Application
|
|
53
|
+
application_id: 'Application UID'
|
|
45
54
|
secret: 'Secret'
|
|
46
55
|
scopes: 'Scopes'
|
|
56
|
+
confidential: 'Confidential'
|
|
47
57
|
callback_urls: 'Callback urls'
|
|
48
58
|
actions: 'Actions'
|
|
49
59
|
|
|
@@ -71,14 +81,18 @@ en:
|
|
|
71
81
|
created_at: 'Created At'
|
|
72
82
|
date_format: '%Y-%m-%d %H:%M:%S'
|
|
73
83
|
|
|
84
|
+
pre_authorization:
|
|
85
|
+
status: 'Pre-authorization'
|
|
86
|
+
|
|
74
87
|
errors:
|
|
75
88
|
messages:
|
|
76
89
|
# Common error messages
|
|
77
90
|
invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
|
|
78
|
-
invalid_redirect_uri:
|
|
91
|
+
invalid_redirect_uri: "The requested redirect uri is malformed or doesn't match client redirect URI."
|
|
79
92
|
unauthorized_client: 'The client is not authorized to perform this request using this method.'
|
|
80
93
|
access_denied: 'The resource owner or authorization server denied the request.'
|
|
81
94
|
invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
|
|
95
|
+
invalid_code_challenge_method: 'The code challenge method must be plain or S256.'
|
|
82
96
|
server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
|
|
83
97
|
temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
|
|
84
98
|
|
|
@@ -94,9 +108,6 @@ en:
|
|
|
94
108
|
invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
|
|
95
109
|
unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
|
|
96
110
|
|
|
97
|
-
# Password Access token errors
|
|
98
|
-
invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
|
|
99
|
-
|
|
100
111
|
invalid_token:
|
|
101
112
|
revoked: "The access token was revoked"
|
|
102
113
|
expired: "The access token expired"
|
|
@@ -116,6 +127,7 @@ en:
|
|
|
116
127
|
|
|
117
128
|
layouts:
|
|
118
129
|
admin:
|
|
130
|
+
title: 'Doorkeeper'
|
|
119
131
|
nav:
|
|
120
132
|
oauth2_provider: 'OAuth2 Provider'
|
|
121
133
|
applications: 'Applications'
|
data/doorkeeper.gemspec
CHANGED
|
@@ -4,9 +4,9 @@ require "doorkeeper/version"
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |s|
|
|
6
6
|
s.name = "doorkeeper"
|
|
7
|
-
s.version = Doorkeeper
|
|
8
|
-
s.authors = ["Felipe Elias Philipp", "Tute Costa", "Jon Moss"]
|
|
9
|
-
s.email = %w(
|
|
7
|
+
s.version = Doorkeeper.gem_version
|
|
8
|
+
s.authors = ["Felipe Elias Philipp", "Tute Costa", "Jon Moss", "Nikita Bulai"]
|
|
9
|
+
s.email = %w(bulaj.nikita@gmail.com)
|
|
10
10
|
s.homepage = "https://github.com/doorkeeper-gem/doorkeeper"
|
|
11
11
|
s.summary = "OAuth 2 provider for Rails and Grape"
|
|
12
12
|
s.description = "Doorkeeper is an OAuth 2 provider for Rails and Grape."
|
|
@@ -21,8 +21,9 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
|
|
22
22
|
s.add_development_dependency "capybara"
|
|
23
23
|
s.add_development_dependency "coveralls"
|
|
24
|
-
s.add_development_dependency "
|
|
25
|
-
s.add_development_dependency "
|
|
24
|
+
s.add_development_dependency "grape"
|
|
25
|
+
s.add_development_dependency "database_cleaner", "~> 1.6"
|
|
26
|
+
s.add_development_dependency "factory_bot", "~> 4.8"
|
|
26
27
|
s.add_development_dependency "generator_spec", "~> 0.9.3"
|
|
27
28
|
s.add_development_dependency "rake", ">= 11.3.0"
|
|
28
29
|
s.add_development_dependency "rspec-rails"
|
data/gemfiles/rails_4_2.gemfile
CHANGED
|
@@ -4,8 +4,10 @@ source "https://rubygems.org"
|
|
|
4
4
|
|
|
5
5
|
gem "rails", "~> 4.2.0"
|
|
6
6
|
gem "appraisal"
|
|
7
|
-
gem "activerecord-jdbcsqlite3-adapter", :
|
|
8
|
-
gem "sqlite3", :
|
|
9
|
-
gem "tzinfo-data", :
|
|
7
|
+
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
|
8
|
+
gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
|
9
|
+
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
|
|
10
|
+
# Older Grape requires Ruby >= 2.2.2
|
|
11
|
+
gem "grape", '~> 0.16', '< 0.19.2'
|
|
10
12
|
|
|
11
|
-
gemspec :
|
|
13
|
+
gemspec path: "../"
|
data/gemfiles/rails_5_0.gemfile
CHANGED
|
@@ -4,9 +4,9 @@ source "https://rubygems.org"
|
|
|
4
4
|
|
|
5
5
|
gem "rails", "~> 5.0.0"
|
|
6
6
|
gem "appraisal"
|
|
7
|
-
gem "activerecord-jdbcsqlite3-adapter", :
|
|
8
|
-
gem "sqlite3", :
|
|
9
|
-
gem "tzinfo-data", :
|
|
7
|
+
gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
|
|
8
|
+
gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
|
|
9
|
+
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
|
|
10
10
|
gem "rspec-rails", "~> 3.5"
|
|
11
11
|
|
|
12
|
-
gemspec :
|
|
12
|
+
gemspec path: "../"
|
data/gemfiles/rails_5_1.gemfile
CHANGED
|
@@ -2,12 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
source "https://rubygems.org"
|
|
4
4
|
|
|
5
|
-
gem "rails",
|
|
5
|
+
gem "rails", "~> 5.1.0"
|
|
6
6
|
gem "appraisal"
|
|
7
|
-
gem "activerecord-jdbcsqlite3-adapter", :
|
|
8
|
-
gem "sqlite3", :
|
|
9
|
-
gem "tzinfo-data", :
|
|
10
|
-
gem "
|
|
11
|
-
gem "rspec-rails", "~> 3.5"
|
|
7
|
+
gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
|
|
8
|
+
gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
|
|
9
|
+
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
|
|
10
|
+
gem "rspec-rails", "~> 3.7"
|
|
12
11
|
|
|
13
|
-
gemspec :
|
|
12
|
+
gemspec path: "../"
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# This file was generated by Appraisal
|
|
2
|
+
|
|
3
|
+
source "https://rubygems.org"
|
|
4
|
+
|
|
5
|
+
gem "rails", "5.2.0"
|
|
6
|
+
gem "appraisal"
|
|
7
|
+
gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
|
|
8
|
+
gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
|
|
9
|
+
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
|
|
10
|
+
gem "rspec-rails", "~> 3.7"
|
|
11
|
+
|
|
12
|
+
gemspec path: "../"
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# This file was generated by Appraisal
|
|
2
|
+
|
|
3
|
+
source "https://rubygems.org"
|
|
4
|
+
|
|
5
|
+
gem "rails", git: 'https://github.com/rails/rails'
|
|
6
|
+
gem "arel", git: 'https://github.com/rails/arel'
|
|
7
|
+
|
|
8
|
+
gem "appraisal"
|
|
9
|
+
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
|
10
|
+
gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
|
11
|
+
gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
|
|
12
|
+
gem "rspec-rails", "~> 3.7"
|
|
13
|
+
|
|
14
|
+
gemspec path: "../"
|