doorkeeper 4.2.6 → 5.0.0.rc1

data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  module Orm
+    module ActiveRecord
+      class StaleRecordsCleaner
+        def initialize(base_scope)
+          @base_scope = base_scope
+        end
+
+        def clean_revoked
+          table = @base_scope.arel_table
+          @base_scope.where.not(revoked_at: nil)
+                     .where(table[:revoked_at].lt(Time.current))
+                     .delete_all
+        end
+
+        def clean_expired(ttl)
+          table = @base_scope.arel_table
+          @base_scope.where(table[:created_at].lt(Time.current - ttl))
+                     .delete_all
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/orm/active_record.rb

@@ -1,22 +1,35 @@
+require 'active_support/lazy_load_hooks'
+
+require 'doorkeeper/orm/active_record/stale_records_cleaner'
+
 module Doorkeeper
   module Orm
     module ActiveRecord
       def self.initialize_models!
-        require 'doorkeeper/orm/active_record/access_grant'
-        require 'doorkeeper/orm/active_record/access_token'
-        require 'doorkeeper/orm/active_record/application'
+        lazy_load do
+          require 'doorkeeper/orm/active_record/access_grant'
+          require 'doorkeeper/orm/active_record/access_token'
+          require 'doorkeeper/orm/active_record/application'
 
-        if Doorkeeper.configuration.active_record_options[:establish_connection]
-          [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application].each do |c|
-            c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
+          if Doorkeeper.configuration.active_record_options[:establish_connection]
+            [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application].each do |model|
+              options = Doorkeeper.configuration.active_record_options[:establish_connection]
+              model.establish_connection(options)
+            end
           end
         end
       end
 
       def self.initialize_application_owner!
-        require 'doorkeeper/models/concerns/ownership'
+        lazy_load do
+          require 'doorkeeper/models/concerns/ownership'
+
+          Doorkeeper::Application.send :include, Doorkeeper::Models::Ownership
+        end
+      end
 
-        Doorkeeper::Application.send :include, Doorkeeper::Models::Ownership
+      def self.lazy_load(&block)
+        ActiveSupport.on_load(:active_record, {}, &block)
       end
     end
   end

data/lib/doorkeeper/rails/helpers.rb

@@ -4,16 +4,12 @@ module Doorkeeper
       def doorkeeper_authorize!(*scopes)
         @_doorkeeper_scopes = scopes.presence || Doorkeeper.configuration.default_scopes
 
-        unless valid_doorkeeper_token?
-          doorkeeper_render_error
-        end
+        doorkeeper_render_error unless valid_doorkeeper_token?
       end
 
-      def doorkeeper_unauthorized_render_options(error: nil)
-      end
+      def doorkeeper_unauthorized_render_options(**); end
 
-      def doorkeeper_forbidden_render_options(error: nil)
-      end
+      def doorkeeper_forbidden_render_options(**); end
 
       def valid_doorkeeper_token?
         doorkeeper_token && doorkeeper_token.acceptable?(@_doorkeeper_scopes)
@@ -23,14 +19,15 @@ module Doorkeeper
 
       def doorkeeper_render_error
         error = doorkeeper_error
-        headers.merge! error.headers.reject { |k| "Content-Type" == k }
+        headers.merge!(error.headers.reject { |k| k == "Content-Type" })
         doorkeeper_render_error_with(error)
       end
 
       def doorkeeper_render_error_with(error)
         options = doorkeeper_render_options(error) || {}
         status = doorkeeper_status_for_error(
-          error, options.delete(:respond_not_found_when_forbidden))
+          error, options.delete(:respond_not_found_when_forbidden)
+        )
         if options.blank?
           head status
         else
@@ -69,7 +66,7 @@ module Doorkeeper
       end
 
       def doorkeeper_token
-        @_doorkeeper_token ||= OAuth::Token.authenticate(
+        @doorkeeper_token ||= OAuth::Token.authenticate(
           request,
           *Doorkeeper.configuration.access_token_methods
         )

data/lib/doorkeeper/rails/routes.rb

@@ -4,8 +4,11 @@ require 'doorkeeper/rails/routes/mapper'
 module Doorkeeper
   module Rails
     class Routes # :nodoc:
+      mattr_reader :mapping do
+        {}
+      end
+
       module Helper
-        # TODO: options hash is not being used
         def use_doorkeeper(options = {}, &block)
           Doorkeeper::Rails::Routes.new(self, &block).generate_routes!(options)
         end
@@ -20,6 +23,10 @@ module Doorkeeper
       def initialize(routes, &block)
         @routes = routes
         @mapping = Mapper.new.map(&block)
+
+        if Doorkeeper.configuration.api_only
+          @mapping.skips.push(:applications, :authorized_applications)
+        end
       end
 
       def generate_routes!(options)
@@ -27,6 +34,7 @@ module Doorkeeper
           map_route(:authorizations, :authorization_routes)
           map_route(:tokens, :token_routes)
           map_route(:tokens, :revoke_routes)
+          map_route(:tokens, :introspect_routes)
           map_route(:applications, :application_routes)
           map_route(:authorized_applications, :authorized_applications_routes)
           map_route(:token_info, :token_info_routes)
@@ -36,20 +44,22 @@ module Doorkeeper
       private
 
       def map_route(name, method)
-        unless @mapping.skipped?(name)
-          send method, @mapping[name]
-        end
+       unless @mapping.skipped?(name)
+         send(method, @mapping[name])
+
+         mapping[name] = @mapping[name]
+       end
       end
 
       def authorization_routes(mapping)
         routes.resource(
           :authorization,
           path: 'authorize',
-          only: [:create, :destroy],
+          only: %i[create destroy],
           as: mapping[:as],
           controller: mapping[:controllers]
         ) do
-          routes.get '/:code', action: :show, on: :member
+          routes.get '/native', action: :show, on: :member
           routes.get '/', action: :new, on: :member
         end
       end
@@ -67,6 +77,10 @@ module Doorkeeper
         routes.post 'revoke', controller: mapping[:controllers], action: :revoke
       end
 
+      def introspect_routes(mapping)
+        routes.post 'introspect', controller: mapping[:controllers], action: :introspect
+      end
+
       def token_info_routes(mapping)
         routes.resource(
           :token_info,
@@ -81,7 +95,7 @@ module Doorkeeper
       end
 
       def authorized_applications_routes(mapping)
-        routes.resources :authorized_applications, only: [:index, :destroy], controller: mapping[:controllers]
+        routes.resources :authorized_applications, only: %i[index destroy], controller: mapping[:controllers]
       end
     end
   end

data/lib/doorkeeper/rake/db.rake

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+namespace :doorkeeper do
+  namespace :db do
+    desc 'Removes stale data from doorkeeper related database tables'
+    task cleanup: [
+      'doorkeeper:db:cleanup:revoked_tokens',
+      'doorkeeper:db:cleanup:expired_tokens',
+      'doorkeeper:db:cleanup:revoked_grants',
+      'doorkeeper:db:cleanup:expired_grants'
+    ]
+
+    namespace :cleanup do
+      desc 'Removes stale access tokens'
+      task revoked_tokens: 'doorkeeper:setup' do
+        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(Doorkeeper::AccessToken)
+        cleaner.clean_revoked
+      end
+
+      desc 'Removes expired (TTL passed) access tokens'
+      task expired_tokens: 'doorkeeper:setup' do
+        expirable_tokens = Doorkeeper::AccessToken.where(refresh_token: nil)
+        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(expirable_tokens)
+        cleaner.clean_expired(Doorkeeper.configuration.access_token_expires_in)
+      end
+
+      desc 'Removes stale access grants'
+      task revoked_grants: 'doorkeeper:setup' do
+        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
+        cleaner.clean_revoked
+      end
+
+      desc 'Removes expired (TTL passed) access grants'
+      task expired_grants: 'doorkeeper:setup' do
+        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
+        cleaner.clean_expired(Doorkeeper.configuration.authorization_code_expires_in)
+      end
+    end
+  end
+end

data/lib/doorkeeper/rake/setup.rake

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+namespace :doorkeeper do
+  task setup: :environment do
+  end
+end

data/lib/doorkeeper/rake.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  module Rake
+    class << self
+      def load_tasks
+        glob = File.join(File.absolute_path(__dir__), 'rake', '*.rake')
+        Dir[glob].each do |rake_file|
+          load rake_file
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/request/password.rb

@@ -3,7 +3,7 @@ require 'doorkeeper/request/strategy'
 module Doorkeeper
   module Request
     class Password < Strategy
-      delegate :credentials, :resource_owner, :parameters, to: :server
+      delegate :credentials, :resource_owner, :parameters, :client, to: :server
 
       def request
         @request ||= OAuth::PasswordAccessTokenRequest.new(
@@ -13,16 +13,6 @@ module Doorkeeper
           parameters
         )
       end
-
-      private
-
-      def client
-        if credentials
-          server.client
-        elsif parameters[:client_id]
-          server.client_via_uid
-        end
-      end
     end
   end
 end

data/lib/doorkeeper/request.rb

@@ -7,34 +7,40 @@ require 'doorkeeper/request/token'
 
 module Doorkeeper
   module Request
-    module_function
+    class << self
+      def authorization_strategy(response_type)
+        get_strategy(response_type, authorization_response_types)
+      rescue NameError
+        raise Errors::InvalidAuthorizationStrategy
+      end
 
-    def authorization_strategy(response_type)
-      get_strategy response_type, authorization_response_types
-    rescue NameError
-      raise Errors::InvalidAuthorizationStrategy
-    end
+      def token_strategy(grant_type)
+        get_strategy(grant_type, token_grant_types)
+      rescue NameError
+        raise Errors::InvalidTokenStrategy
+      end
 
-    def token_strategy(grant_type)
-      get_strategy grant_type, token_grant_types
-    rescue NameError
-      raise Errors::InvalidTokenStrategy
-    end
+      def get_strategy(grant_or_request_type, available)
+        raise Errors::MissingRequestStrategy if grant_or_request_type.blank?
+        raise NameError unless available.include?(grant_or_request_type.to_s)
 
-    def get_strategy(grant_or_request_type, available)
-      fail Errors::MissingRequestStrategy unless grant_or_request_type.present?
-      fail NameError unless available.include?(grant_or_request_type.to_s)
-      "Doorkeeper::Request::#{grant_or_request_type.to_s.camelize}".constantize
-    end
+        build_strategy_class(grant_or_request_type)
+      end
 
-    def authorization_response_types
-      Doorkeeper.configuration.authorization_response_types
-    end
-    private_class_method :authorization_response_types
+      private
+
+      def authorization_response_types
+        Doorkeeper.configuration.authorization_response_types
+      end
+
+      def token_grant_types
+        Doorkeeper.configuration.token_grant_types
+      end
 
-    def token_grant_types
-      Doorkeeper.configuration.token_grant_types
+      def build_strategy_class(grant_or_request_type)
+        strategy_class_name = grant_or_request_type.to_s.tr(' ', '_').camelize
+        "Doorkeeper::Request::#{strategy_class_name}".constantize
+      end
     end
-    private_class_method :token_grant_types
   end
 end

data/lib/doorkeeper/validations.rb

@@ -6,9 +6,10 @@ module Doorkeeper
 
     def validate
       @error = nil
+
       self.class.validations.each do |validation|
+        @error = validation[:options][:error] unless send("validate_#{validation[:attribute]}")
         break if @error
-        @error = validation.last unless send("validate_#{validation.first}")
       end
     end
 
@@ -19,7 +20,7 @@ module Doorkeeper
 
     module ClassMethods
       def validate(attribute, options = {})
-        validations << [attribute, options[:error]]
+        validations << { attribute: attribute, options: options }
       end
 
       def validations

data/lib/doorkeeper/version.rb

@@ -1,3 +1,16 @@
 module Doorkeeper
-  VERSION = "4.2.6".freeze
+  def self.gem_version
+    Gem::Version.new VERSION::STRING
+  end
+
+  module VERSION
+    # Semantic versioning
+    MAJOR = 5
+    MINOR = 0
+    TINY = 0
+    PRE = 'rc1'
+
+    # Full version number
+    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
+  end
 end

data/lib/doorkeeper.rb

@@ -8,12 +8,14 @@ require 'doorkeeper/request'
 require 'doorkeeper/validations'
 
 require 'doorkeeper/oauth/authorization/code'
+require 'doorkeeper/oauth/authorization/context'
 require 'doorkeeper/oauth/authorization/token'
 require 'doorkeeper/oauth/authorization/uri_builder'
 require 'doorkeeper/oauth/helpers/scope_checker'
 require 'doorkeeper/oauth/helpers/uri_checker'
 require 'doorkeeper/oauth/helpers/unique_token'
 
+require 'doorkeeper/oauth'
 require 'doorkeeper/oauth/scopes'
 require 'doorkeeper/oauth/error'
 require 'doorkeeper/oauth/base_response'
@@ -30,9 +32,11 @@ require 'doorkeeper/oauth/code_request'
 require 'doorkeeper/oauth/token_request'
 require 'doorkeeper/oauth/client'
 require 'doorkeeper/oauth/token'
+require 'doorkeeper/oauth/token_introspection'
 require 'doorkeeper/oauth/invalid_token_response'
 require 'doorkeeper/oauth/forbidden_token_response'
 
+require 'doorkeeper/models/concerns/orderable'
 require 'doorkeeper/models/concerns/scopes'
 require 'doorkeeper/models/concerns/expirable'
 require 'doorkeeper/models/concerns/revocable'
@@ -47,26 +51,11 @@ require 'doorkeeper/helpers/controller'
 require 'doorkeeper/rails/routes'
 require 'doorkeeper/rails/helpers'
 
-require 'doorkeeper/orm/active_record'
+require 'doorkeeper/rake'
 
-require 'active_support/deprecation'
+require 'doorkeeper/orm/active_record'
 
 module Doorkeeper
-  def self.configured?
-    ActiveSupport::Deprecation.warn "Method `Doorkeeper#configured?` has been deprecated without replacement."
-    @config.present?
-  end
-
-  def self.database_installed?
-    ActiveSupport::Deprecation.warn "Method `Doorkeeper#database_installed?` has been deprecated without replacement."
-    [AccessToken, AccessGrant, Application].all?(&:table_exists?)
-  end
-
-  def self.installed?
-    ActiveSupport::Deprecation.warn "Method `Doorkeeper#installed?` has been deprecated without replacement."
-    configured? && database_installed?
-  end
-
   def self.authenticate(request, methods = Doorkeeper.configuration.access_token_methods)
     OAuth::Token.authenticate(request, *methods)
   end

data/lib/generators/doorkeeper/application_owner_generator.rb

@@ -1,18 +1,32 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
 require 'rails/generators/active_record'
 
-class Doorkeeper::ApplicationOwnerGenerator < Rails::Generators::Base
-  include Rails::Generators::Migration
-  source_root File.expand_path('../templates', __FILE__)
-  desc 'Provide support for client application ownership.'
+module Doorkeeper
+  class ApplicationOwnerGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path('templates', __dir__)
+    desc 'Provide support for client application ownership.'
 
-  def application_owner
-    migration_template(
-      'add_owner_to_application_migration.rb',
-      'db/migrate/add_owner_to_application.rb'
-    )
-  end
+    def application_owner
+      migration_template(
+        'add_owner_to_application_migration.rb.erb',
+        'db/migrate/add_owner_to_application.rb',
+        migration_version: migration_version
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
 
-  def self.next_migration_number(dirname)
-    ActiveRecord::Generators::Base.next_migration_number(dirname)
+    def migration_version
+      if ActiveRecord::VERSION::MAJOR >= 5
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
   end
 end

data/lib/generators/doorkeeper/confidential_applications_generator.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module Doorkeeper
+  class ConfidentialApplicationsGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path('templates', __dir__)
+    desc 'Add confidential column to Doorkeeper applications'
+
+    def pkce
+      migration_template(
+        'add_confidential_to_applications.rb.erb',
+        'db/migrate/add_confidential_to_applications.rb',
+        migration_version: migration_version
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      if ActiveRecord::VERSION::MAJOR >= 5
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
+  end
+end

data/lib/generators/doorkeeper/install_generator.rb

@@ -1,12 +1,20 @@
-class Doorkeeper::InstallGenerator < ::Rails::Generators::Base
-  include Rails::Generators::Migration
-  source_root File.expand_path('../templates', __FILE__)
-  desc 'Installs Doorkeeper.'
+# frozen_string_literal: true
 
-  def install
-    template 'initializer.rb', 'config/initializers/doorkeeper.rb'
-    copy_file File.expand_path('../../../../config/locales/en.yml', __FILE__), 'config/locales/doorkeeper.en.yml'
-    route 'use_doorkeeper'
-    readme 'README'
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module Doorkeeper
+  class InstallGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path('templates', __dir__)
+    desc 'Installs Doorkeeper.'
+
+    def install
+      template 'initializer.rb', 'config/initializers/doorkeeper.rb'
+      copy_file File.expand_path('../../../config/locales/en.yml', __dir__),
+                'config/locales/doorkeeper.en.yml'
+      route 'use_doorkeeper'
+      readme 'README'
+    end
   end
 end

data/lib/generators/doorkeeper/migration_generator.rb

@@ -1,15 +1,32 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
 require 'rails/generators/active_record'
 
-class Doorkeeper::MigrationGenerator < ::Rails::Generators::Base
-  include Rails::Generators::Migration
-  source_root File.expand_path('../templates', __FILE__)
-  desc 'Installs Doorkeeper migration file.'
+module Doorkeeper
+  class MigrationGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path('templates', __dir__)
+    desc 'Installs Doorkeeper migration file.'
 
-  def install
-    migration_template 'migration.rb', 'db/migrate/create_doorkeeper_tables.rb'
-  end
+    def install
+      migration_template(
+        'migration.rb.erb',
+        'db/migrate/create_doorkeeper_tables.rb',
+        migration_version: migration_version
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
 
-  def self.next_migration_number(dirname)
-    ActiveRecord::Generators::Base.next_migration_number(dirname)
+    def migration_version
+      if ActiveRecord::VERSION::MAJOR >= 5
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
   end
 end

data/lib/generators/doorkeeper/pkce_generator.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module Doorkeeper
+  class PkceGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path('templates', __dir__)
+    desc 'Provide support for PKCE.'
+
+    def pkce
+      migration_template(
+        'enable_pkce_migration.rb.erb',
+        'db/migrate/enable_pkce.rb',
+        migration_version: migration_version
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      if ActiveRecord::VERSION::MAJOR >= 5
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
+  end
+end