doorkeeper 4.2.6 → 5.5.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1049 -0
- data/README.md +110 -353
- data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
- data/app/controllers/doorkeeper/application_controller.rb +6 -7
- data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
- data/app/controllers/doorkeeper/applications_controller.rb +65 -16
- data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
- data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
- data/app/controllers/doorkeeper/tokens_controller.rb +115 -38
- data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
- data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
- data/app/views/doorkeeper/applications/_form.html.erb +33 -21
- data/app/views/doorkeeper/applications/edit.html.erb +1 -1
- data/app/views/doorkeeper/applications/index.html.erb +18 -6
- data/app/views/doorkeeper/applications/new.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +40 -16
- data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +6 -0
- data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
- data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
- data/config/locales/en.yml +34 -7
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +82 -0
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +514 -167
- data/lib/doorkeeper/engine.rb +11 -5
- data/lib/doorkeeper/errors.rb +25 -16
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
- data/lib/doorkeeper/grape/helpers.rb +23 -12
- data/lib/doorkeeper/helpers/controller.rb +51 -14
- data/lib/doorkeeper/models/access_grant_mixin.rb +94 -27
- data/lib/doorkeeper/models/access_token_mixin.rb +284 -96
- data/lib/doorkeeper/models/application_mixin.rb +58 -27
- data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +12 -6
- data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +3 -27
- data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
- data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
- data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +7 -5
- data/lib/doorkeeper/oauth/authorization_code_request.rb +63 -10
- data/lib/doorkeeper/oauth/base_request.rb +35 -19
- data/lib/doorkeeper/oauth/base_response.rb +2 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +9 -7
- data/lib/doorkeeper/oauth/client.rb +10 -11
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -11
- data/lib/doorkeeper/oauth/code_request.rb +8 -12
- data/lib/doorkeeper/oauth/code_response.rb +27 -15
- data/lib/doorkeeper/oauth/error.rb +5 -3
- data/lib/doorkeeper/oauth/error_response.rb +35 -15
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +29 -5
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +44 -10
- data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
- data/lib/doorkeeper/oauth/refresh_token_request.rb +60 -31
- data/lib/doorkeeper/oauth/scopes.rb +26 -12
- data/lib/doorkeeper/oauth/token.rb +13 -9
- data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
- data/lib/doorkeeper/oauth/token_request.rb +8 -20
- data/lib/doorkeeper/oauth/token_response.rb +14 -10
- data/lib/doorkeeper/oauth.rb +13 -0
- data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
- data/lib/doorkeeper/orm/active_record/access_token.rb +5 -42
- data/lib/doorkeeper/orm/active_record/application.rb +6 -20
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
- data/lib/doorkeeper/orm/active_record.rb +37 -8
- data/lib/doorkeeper/rails/helpers.rb +14 -13
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
- data/lib/doorkeeper/rails/routes/mapping.rb +9 -7
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +41 -28
- data/lib/doorkeeper/rake/db.rake +40 -0
- data/lib/doorkeeper/rake/setup.rake +11 -0
- data/lib/doorkeeper/rake.rb +14 -0
- data/lib/doorkeeper/request/authorization_code.rb +6 -4
- data/lib/doorkeeper/request/client_credentials.rb +3 -3
- data/lib/doorkeeper/request/code.rb +1 -1
- data/lib/doorkeeper/request/password.rb +5 -14
- data/lib/doorkeeper/request/refresh_token.rb +6 -5
- data/lib/doorkeeper/request/strategy.rb +4 -2
- data/lib/doorkeeper/request/token.rb +1 -1
- data/lib/doorkeeper/request.rb +62 -29
- data/lib/doorkeeper/secret_storing/base.rb +64 -0
- data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
- data/lib/doorkeeper/secret_storing/plain.rb +33 -0
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
- data/lib/doorkeeper/server.rb +9 -11
- data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
- data/lib/doorkeeper/validations.rb +5 -2
- data/lib/doorkeeper/version.rb +12 -1
- data/lib/doorkeeper.rb +111 -62
- data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/install_generator.rb +19 -9
- data/lib/generators/doorkeeper/migration_generator.rb +27 -10
- data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
- data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
- data/{spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb → lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +412 -33
- data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
- data/lib/generators/doorkeeper/views_generator.rb +8 -4
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
- metadata +114 -276
- data/.coveralls.yml +0 -1
- data/.gitignore +0 -19
- data/.hound.yml +0 -13
- data/.rspec +0 -1
- data/.travis.yml +0 -26
- data/Appraisals +0 -14
- data/CONTRIBUTING.md +0 -47
- data/Gemfile +0 -10
- data/NEWS.md +0 -606
- data/RELEASING.md +0 -10
- data/Rakefile +0 -20
- data/app/validators/redirect_uri_validator.rb +0 -34
- data/doorkeeper.gemspec +0 -29
- data/gemfiles/rails_4_2.gemfile +0 -11
- data/gemfiles/rails_5_0.gemfile +0 -12
- data/gemfiles/rails_5_1.gemfile +0 -13
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb +0 -11
- data/lib/generators/doorkeeper/templates/migration.rb +0 -68
- data/spec/controllers/application_metal_controller.rb +0 -10
- data/spec/controllers/applications_controller_spec.rb +0 -58
- data/spec/controllers/authorizations_controller_spec.rb +0 -218
- data/spec/controllers/protected_resources_controller_spec.rb +0 -300
- data/spec/controllers/token_info_controller_spec.rb +0 -52
- data/spec/controllers/tokens_controller_spec.rb +0 -88
- data/spec/dummy/Rakefile +0 -7
- data/spec/dummy/app/controllers/application_controller.rb +0 -3
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
- data/spec/dummy/app/controllers/home_controller.rb +0 -17
- data/spec/dummy/app/controllers/metal_controller.rb +0 -11
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
- data/spec/dummy/app/helpers/application_helper.rb +0 -5
- data/spec/dummy/app/models/user.rb +0 -5
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -23
- data/spec/dummy/config/boot.rb +0 -9
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -29
- data/spec/dummy/config/environments/production.rb +0 -62
- data/spec/dummy/config/environments/test.rb +0 -44
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
- data/spec/dummy/config/initializers/secret_token.rb +0 -9
- data/spec/dummy/config/initializers/session_store.rb +0 -8
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -52
- data/spec/dummy/config.ru +0 -4
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
- data/spec/dummy/db/schema.rb +0 -67
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -6
- data/spec/factories.rb +0 -28
- data/spec/generators/application_owner_generator_spec.rb +0 -22
- data/spec/generators/install_generator_spec.rb +0 -31
- data/spec/generators/migration_generator_spec.rb +0 -20
- data/spec/generators/templates/routes.rb +0 -3
- data/spec/generators/views_generator_spec.rb +0 -27
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
- data/spec/lib/config_spec.rb +0 -334
- data/spec/lib/doorkeeper_spec.rb +0 -150
- data/spec/lib/models/expirable_spec.rb +0 -50
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -43
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -41
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
- data/spec/lib/oauth/base_request_spec.rb +0 -160
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -88
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
- data/spec/lib/oauth/client_spec.rb +0 -39
- data/spec/lib/oauth/code_request_spec.rb +0 -45
- data/spec/lib/oauth/code_response_spec.rb +0 -34
- data/spec/lib/oauth/error_response_spec.rb +0 -61
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -56
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
- data/spec/lib/oauth/scopes_spec.rb +0 -122
- data/spec/lib/oauth/token_request_spec.rb +0 -98
- data/spec/lib/oauth/token_response_spec.rb +0 -85
- data/spec/lib/oauth/token_spec.rb +0 -116
- data/spec/lib/request/strategy_spec.rb +0 -53
- data/spec/lib/server_spec.rb +0 -49
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
- data/spec/models/doorkeeper/access_token_spec.rb +0 -394
- data/spec/models/doorkeeper/application_spec.rb +0 -179
- data/spec/requests/applications/applications_request_spec.rb +0 -94
- data/spec/requests/applications/authorized_applications_spec.rb +0 -30
- data/spec/requests/endpoints/authorization_spec.rb +0 -71
- data/spec/requests/endpoints/token_spec.rb +0 -64
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -76
- data/spec/requests/flows/authorization_code_spec.rb +0 -148
- data/spec/requests/flows/client_credentials_spec.rb +0 -58
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
- data/spec/requests/flows/implicit_grant_spec.rb +0 -61
- data/spec/requests/flows/password_spec.rb +0 -115
- data/spec/requests/flows/refresh_token_spec.rb +0 -174
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -59
- data/spec/requests/protected_resources/metal_spec.rb +0 -14
- data/spec/requests/protected_resources/private_api_spec.rb +0 -81
- data/spec/routing/custom_controller_routes_spec.rb +0 -71
- data/spec/routing/default_routes_spec.rb +0 -35
- data/spec/routing/scoped_routes_spec.rb +0 -31
- data/spec/spec_helper.rb +0 -4
- data/spec/spec_helper_integration.rb +0 -63
- data/spec/support/dependencies/factory_girl.rb +0 -2
- data/spec/support/helpers/access_token_request_helper.rb +0 -11
- data/spec/support/helpers/authorization_request_helper.rb +0 -41
- data/spec/support/helpers/config_helper.rb +0 -9
- data/spec/support/helpers/model_helper.rb +0 -67
- data/spec/support/helpers/request_spec_helper.rb +0 -84
- data/spec/support/helpers/url_helper.rb +0 -55
- data/spec/support/http_method_shim.rb +0 -38
- data/spec/support/orm/active_record.rb +0 -3
- data/spec/support/shared/controllers_shared_context.rb +0 -69
- data/spec/support/shared/models_shared_examples.rb +0 -52
- data/spec/validators/redirect_uri_validator_spec.rb +0 -78
data/CONTRIBUTING.md
DELETED
@@ -1,47 +0,0 @@
|
|
1
|
-
# Contributing
|
2
|
-
|
3
|
-
We love pull requests from everyone. By participating in this project, you agree
|
4
|
-
to abide by the thoughtbot [code of conduct].
|
5
|
-
|
6
|
-
[code of conduct]: https://thoughtbot.com/open-source-code-of-conduct
|
7
|
-
|
8
|
-
Fork, then clone the repo:
|
9
|
-
|
10
|
-
git clone git@github.com:your-username/doorkeeper.git
|
11
|
-
|
12
|
-
Set up Ruby dependencies via Bundler
|
13
|
-
|
14
|
-
bundle install
|
15
|
-
|
16
|
-
Make sure the tests pass:
|
17
|
-
|
18
|
-
rake
|
19
|
-
|
20
|
-
Make your change.
|
21
|
-
Write tests.
|
22
|
-
Follow our [style guide][style].
|
23
|
-
Make the tests pass:
|
24
|
-
|
25
|
-
[style]: https://github.com/thoughtbot/guides/tree/master/style
|
26
|
-
|
27
|
-
rake
|
28
|
-
|
29
|
-
Add notes on your change to the `NEWS.md` file.
|
30
|
-
|
31
|
-
Write a [good commit message][commit].
|
32
|
-
Push to your fork.
|
33
|
-
[Submit a pull request][pr].
|
34
|
-
|
35
|
-
[commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
|
36
|
-
[pr]: https://github.com/doorkeeper-gem/doorkeeper/compare/
|
37
|
-
|
38
|
-
If [Hound] catches style violations,
|
39
|
-
fix them.
|
40
|
-
|
41
|
-
[hound]: https://houndci.com
|
42
|
-
|
43
|
-
Wait for us.
|
44
|
-
We try to at least comment on pull requests within one business day.
|
45
|
-
We may suggest changes.
|
46
|
-
|
47
|
-
Thank you for your contribution!
|
data/Gemfile
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
source "https://rubygems.org"
|
2
|
-
|
3
|
-
gem "rails", "~> 4.2.0"
|
4
|
-
|
5
|
-
gem "appraisal"
|
6
|
-
|
7
|
-
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
8
|
-
gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
9
|
-
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw]
|
10
|
-
gemspec
|
data/NEWS.md
DELETED
@@ -1,606 +0,0 @@
|
|
1
|
-
# News
|
2
|
-
|
3
|
-
User-visible changes worth mentioning.
|
4
|
-
|
5
|
-
## master
|
6
|
-
|
7
|
-
- [#970] Escape certain attributes in authorization forms.
|
8
|
-
|
9
|
-
## 4.2.5
|
10
|
-
|
11
|
-
- [#936] Deprecate `Doorkeeper#configured?`, `Doorkeeper#database_installed?`, and
|
12
|
-
`Doorkeeper#installed?`
|
13
|
-
- [#909] Add `InvalidTokenResponse#reason` reader method to allow read the kind
|
14
|
-
of invalid token error.
|
15
|
-
- [#928] Test against more recent Ruby versions
|
16
|
-
- Small refactorings within the codebase
|
17
|
-
- [#921] Switch to Appraisal, and test against Rails master
|
18
|
-
- [#892] Add minimum Ruby version requirement
|
19
|
-
|
20
|
-
## 4.2.0
|
21
|
-
|
22
|
-
- Security fix: Address CVE-2016-6582, implement token revocation according to
|
23
|
-
spec (tokens might not be revoked if client follows the spec).
|
24
|
-
- [#873] Add hooks to Doorkeeper::ApplicationMetalController
|
25
|
-
- [#871] Allow downstream users to better utilize doorkeeper spec factories by
|
26
|
-
eliminating name conflict on `:user` factory.
|
27
|
-
|
28
|
-
## 4.1.0
|
29
|
-
|
30
|
-
- [#845] Allow customising the `Doorkeeper::ApplicationController` base
|
31
|
-
controller
|
32
|
-
|
33
|
-
## 4.0.0
|
34
|
-
|
35
|
-
- [#834] Fix AssetNotPrecompiled error with Sprockets 4
|
36
|
-
- [#843] Revert "Fix validation error messages"
|
37
|
-
- [#847] Specify Null option to timestamps
|
38
|
-
|
39
|
-
## 4.0.0.rc4
|
40
|
-
|
41
|
-
- [#777] Add support for public client in password grant flow
|
42
|
-
- [#823] Make configuration and specs ORM independent
|
43
|
-
- [#745] Add created_at timestamp to token generation options
|
44
|
-
- [#838] Drop `Application#scopes` generator and warning, introduced for
|
45
|
-
upgrading doorkeeper from v2 to v3.
|
46
|
-
- [#801] Fix Rails 5 warning messages
|
47
|
-
- Test against Rails 5 RC1
|
48
|
-
|
49
|
-
## 4.0.0.rc3
|
50
|
-
|
51
|
-
- [#769] Revoke refresh token on access token use. To make use of the new config
|
52
|
-
add `previous_refresh_token` column to `oauth_access_tokens`:
|
53
|
-
|
54
|
-
```
|
55
|
-
rails generate doorkeeper:previous_refresh_token
|
56
|
-
```
|
57
|
-
- [#811] Toughen parameters filter with exact match
|
58
|
-
- [#813] Applications admin bugfix
|
59
|
-
- [#799] Fix Ruby Warnings
|
60
|
-
- Drop `attr_accessible` from models
|
61
|
-
|
62
|
-
### Backward incompatible changes
|
63
|
-
|
64
|
-
- [#730] Force all timezones to use UTC to prevent comparison issues.
|
65
|
-
- [#802] Remove `config.i18n.fallbacks` from engine
|
66
|
-
|
67
|
-
## 4.0.0.rc2
|
68
|
-
|
69
|
-
- Fix optional belongs_to for Rails 5
|
70
|
-
- Fix Ruby warnings
|
71
|
-
|
72
|
-
## 4.0.0.rc1
|
73
|
-
|
74
|
-
### Backward incompatible changes
|
75
|
-
|
76
|
-
- Drops support for Rails 4.1 and earlier
|
77
|
-
- Drops support for Ruby 2.0
|
78
|
-
- [#778] Bug fix: use the remaining time that a token is still valid when
|
79
|
-
building the redirect URI for the implicit grant flow
|
80
|
-
|
81
|
-
### Other changes
|
82
|
-
|
83
|
-
- [#771] Validation error messages fixes
|
84
|
-
- Adds foreign key constraints in generated migrations between tokens and
|
85
|
-
grants, and applications
|
86
|
-
- Support Rails 5
|
87
|
-
|
88
|
-
## 3.1.0
|
89
|
-
|
90
|
-
- [#736] Existing valid tokens are now reused in client_credentials flow
|
91
|
-
- [#749] Allow user to raise authorization error with custom messages.
|
92
|
-
Under `resource_owner_authenticator` block a user can
|
93
|
-
`raise Doorkeeper::Errors::DoorkeeperError.new('custom_message')`
|
94
|
-
- [#762] Check doesn’t abort the actual migration, so it runs
|
95
|
-
- [#722] `doorkeeper_forbidden_render_options` now supports returning a 404 by
|
96
|
-
specifying `respond_not_found_when_forbidden: true` in the
|
97
|
-
`doorkeeper_forbidden_render_options` method.
|
98
|
-
- [#734] Simplify and remove duplication in request strategy classes
|
99
|
-
|
100
|
-
## 3.0.1
|
101
|
-
|
102
|
-
- [#712] Wrap exchange of grant token for access token and access token refresh
|
103
|
-
in transactions
|
104
|
-
- [#704] Allow applications scopes to be mass assigned
|
105
|
-
- [#707] Fixed order of Mixin inclusion and table_name configuration in models
|
106
|
-
- [#712] Wrap access token and refresh grants in transactions
|
107
|
-
- Adds JRuby support
|
108
|
-
- Specs, views and documentation adjustments
|
109
|
-
|
110
|
-
## 3.0.0
|
111
|
-
|
112
|
-
### Other changes
|
113
|
-
|
114
|
-
- [#693] Updates `en.yml`.
|
115
|
-
|
116
|
-
## 3.0.0 (rc2)
|
117
|
-
|
118
|
-
### Backward incompatible changes
|
119
|
-
|
120
|
-
- [#678] Change application-specific scopes to take precedence over server-wide
|
121
|
-
scopes. This removes the previous behavior where the intersection between
|
122
|
-
application and server scopes was used.
|
123
|
-
|
124
|
-
### Other changes
|
125
|
-
|
126
|
-
- [#671] Fixes `NoMethodError - undefined method 'getlocal'` when calling
|
127
|
-
the /oauth/token path. Switch from using a DateTime object to update
|
128
|
-
AR to using a Time object. (Issue #668)
|
129
|
-
- [#677] Support editing application-specific scopes via the standard forms
|
130
|
-
- [#682] Pass error hash to Grape `error!`
|
131
|
-
- [#683] Generate application secret/UID if fields are blank strings
|
132
|
-
|
133
|
-
## 3.0.0 (rc1)
|
134
|
-
|
135
|
-
### Backward incompatible changes
|
136
|
-
|
137
|
-
- [#648] Extracts mongodb ORMs to
|
138
|
-
https://github.com/doorkeeper-gem/doorkeeper-mongodb. If you use ActiveRecord
|
139
|
-
you don’t need to do any change, otherwise you will need to install the new
|
140
|
-
plugin.
|
141
|
-
- [#665] `doorkeeper_unauthorized_render_options(error:)` and
|
142
|
-
`doorkeeper_forbidden_render_options(error:)` now accept `error` keyword
|
143
|
-
argument.
|
144
|
-
|
145
|
-
### Removed deprecations
|
146
|
-
|
147
|
-
- Removes `doorkeeper_for` deprecation notice.
|
148
|
-
- Remove `applications.scopes` upgrade notice.
|
149
|
-
|
150
|
-
|
151
|
-
## 2.2.2
|
152
|
-
|
153
|
-
- [#541] Fixed `undefined method attr_accessible` problem on Rails 4
|
154
|
-
(happens only when ProtectedAttributes gem is used) in #599
|
155
|
-
|
156
|
-
## 2.2.1
|
157
|
-
|
158
|
-
- [#636] `custom_access_token_expires_in` bugfixes
|
159
|
-
- [#641] syntax error fix (Issue #612)
|
160
|
-
- [#633] Send extra details to Custom Token Generator
|
161
|
-
- [#628] Refactor: improve orm adapters to ease extension
|
162
|
-
- [#637] Upgrade to rspec to 3.2
|
163
|
-
|
164
|
-
## 2.2.0 - 2015-04-19
|
165
|
-
|
166
|
-
- [#611] Allow custom access token generators to be used
|
167
|
-
- [#632] Properly fallback to `default_scopes` when no scope is specified
|
168
|
-
- [#622] Clarify that there is a logical OR between scopes for authorizing
|
169
|
-
- [#635] Upgrade to rspec 3
|
170
|
-
- [#627] i18n fallbacks to english
|
171
|
-
- Moved CHANGELOG to NEWS.md
|
172
|
-
|
173
|
-
|
174
|
-
## 2.1.4 - 2015-03-27
|
175
|
-
|
176
|
-
- [#595] HTTP spec: Add `scope` for refresh token scope param
|
177
|
-
- [#596] Limit scopes in app scopes for client credentials
|
178
|
-
- [#567] Add Grape helpers for easier integration with Grape framework
|
179
|
-
- [#606] Add custom access token expiration support for Client Credentials flow
|
180
|
-
|
181
|
-
|
182
|
-
## 2.1.3 - 2015-03-01
|
183
|
-
|
184
|
-
- [#588] Fixes scopes_match? bug that skipped authorization form in some cases
|
185
|
-
|
186
|
-
|
187
|
-
## 2.1.2 - 2015-02-25
|
188
|
-
|
189
|
-
- [#574] Remove unused update authorization route.
|
190
|
-
- [#576] Filter out sensitive parameters from logs.
|
191
|
-
- [#582] The Authorization HTTP header fields are now case insensitive.
|
192
|
-
- [#583] Database connection bugfix in certain scenarios.
|
193
|
-
- Testing improvements
|
194
|
-
|
195
|
-
|
196
|
-
## 2.1.1 - 2015-02-06
|
197
|
-
|
198
|
-
- Remove `wildcard_redirect_url` option
|
199
|
-
- [#481] Customize token flow OAuth expirations with a config lambda
|
200
|
-
- [#568] TokensController: Memoize strategy.authorize_response result to enable
|
201
|
-
subclasses to use the response object.
|
202
|
-
- [#571] Fix database initialization issues in some configurations.
|
203
|
-
- Documentation improvements
|
204
|
-
|
205
|
-
|
206
|
-
## 2.1.0 - 2015-01-13
|
207
|
-
|
208
|
-
- [#540] Include `created_at` in response.
|
209
|
-
- [#538] Check application-level scopes in client_credentials and password flow.
|
210
|
-
- [5596227] Check application scopes in AccessToken when present. Fixes a bug in
|
211
|
-
doorkeeper 2.0.0 and 2.0.1 referring to application specific scopes.
|
212
|
-
- [#534] Internationalizes doorkeeper views.
|
213
|
-
- [#545] Ensure there is a connection to the database before checking for
|
214
|
-
missing columns
|
215
|
-
- [#546] Use `Doorkeeper::` prefix when referencing `Application` to avoid
|
216
|
-
possible application model name conflict.
|
217
|
-
- [#538] Test with Rails ~> 4.2.
|
218
|
-
|
219
|
-
### Potentially backward incompatible changes
|
220
|
-
|
221
|
-
- Enable by default `authorization_code` and `client_credentials` grant flows.
|
222
|
-
Disables implicit and password grant flows by default.
|
223
|
-
- [#510, #544, 722113f] Revoked refresh token response bugfix.
|
224
|
-
|
225
|
-
|
226
|
-
## 2.0.1 - 2014-12-17
|
227
|
-
|
228
|
-
- [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.
|
229
|
-
|
230
|
-
|
231
|
-
## 2.0.0 - 2014-12-16
|
232
|
-
|
233
|
-
### Backward incompatible changes
|
234
|
-
|
235
|
-
- [#448] Removes `doorkeeper_for` helper. Now we use
|
236
|
-
`before_action :doorkeeper_authorize!`.
|
237
|
-
- [#469] Allow client applications to restrict the set of allowable scopes.
|
238
|
-
Fixes #317. `oauth_applications` relation needs a new `scopes` string column,
|
239
|
-
non nullable, which defaults to an empty string. To add the column run:
|
240
|
-
|
241
|
-
```
|
242
|
-
rails generate doorkeeper:application_scopes
|
243
|
-
```
|
244
|
-
|
245
|
-
If you’d rather do it by hand, your ActiveRecord migration should contain:
|
246
|
-
|
247
|
-
```ruby
|
248
|
-
add_column :oauth_applications, :scopes, :string, null: false, default: ‘’
|
249
|
-
```
|
250
|
-
|
251
|
-
### Removed deprecations
|
252
|
-
|
253
|
-
- Removes `test_redirect_uri` option. It is now called `native_redirect_uri`.
|
254
|
-
- [#446] Removes `mount Doorkeeper::Engine`. Now we use `use_doorkeeper`.
|
255
|
-
|
256
|
-
### Others
|
257
|
-
|
258
|
-
- [#484] Performance improvement - avoid performing order_by when not required.
|
259
|
-
- [#450] When password is invalid in Password Credentials Grant, Doorkeeper
|
260
|
-
returned 'invalid_resource_owner' instead of 'invalid_grant', as the spec
|
261
|
-
declares. Fixes #444.
|
262
|
-
- [#452] Allows `revoked_at` to be set in the future, for future expiry.
|
263
|
-
Rationale: https://github.com/doorkeeper-gem/doorkeeper/pull/452#issuecomment-51431459
|
264
|
-
- [#480] For Implicit grant flow, access tokens can now be reused. Fixes #421.
|
265
|
-
- [#491] Reworks of @jasl's #454 and #478. ORM refactor that allows doorkeeper
|
266
|
-
to be extended more easily with unsupported ORMs. It also marks the boundaries
|
267
|
-
between shared model code and ORM specifics inside of the gem.
|
268
|
-
- [#496] Tests with Rails 4.2.
|
269
|
-
- [#489] Adds `force_ssl_in_redirect_uri` to force the usage of the HTTPS
|
270
|
-
protocol in non-native redirect uris.
|
271
|
-
- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
|
272
|
-
- [#518] Fix random failures in mongodb.
|
273
|
-
|
274
|
-
---
|
275
|
-
|
276
|
-
## 1.4.2 - 2015-03-02
|
277
|
-
|
278
|
-
- [#576] Filter out sensitive parameters from logs
|
279
|
-
|
280
|
-
## 1.4.1 - 2014-12-17
|
281
|
-
|
282
|
-
- [#516] SECURITY: Adds `protect_from_forgery` to `Doorkeeper::ApplicationController`
|
283
|
-
|
284
|
-
## 1.4.0 - 2014-07-31
|
285
|
-
|
286
|
-
- internals
|
287
|
-
- [#427] Adds specs expectations.
|
288
|
-
- [#428] Error response refactor.
|
289
|
-
- [#417] Moves token validation into Access Token class.
|
290
|
-
- [#439] Removes redundant module includes.
|
291
|
-
- [#443] TokensController and TokenInfoController inherit from ActionController::Metal
|
292
|
-
- bug
|
293
|
-
- [#418] fixes #243, requests with insufficient scope now respond 403 instead
|
294
|
-
of 401. (API change)
|
295
|
-
- [#438] fixes #398, native redirect for implicit token grant bug.
|
296
|
-
- [#440] namespace fixes
|
297
|
-
- enhancements
|
298
|
-
- [#432] Keeps query parameters
|
299
|
-
|
300
|
-
## 1.3.1 - 2014-07-06
|
301
|
-
|
302
|
-
- enhancements
|
303
|
-
- [#405] Adds facade to more easily get the token from a request in a route
|
304
|
-
constraint.
|
305
|
-
- [#415] Extend Doorkeeper TokenResponse with an `after_successful_response`
|
306
|
-
callback that allows handling of `response` object.
|
307
|
-
- internals
|
308
|
-
- [#409] Deprecates `test_redirect_uri` in favor of `native_redirect_uri`.
|
309
|
-
See discussion in: [#351].
|
310
|
-
- [#411] Clean rspec deprecations. General test improvements.
|
311
|
-
- [#412] rspec line width can go longer than 80 (hound CI config).
|
312
|
-
- bug
|
313
|
-
- [#413] fixes #340, routing scope is now taken into account in redirect.
|
314
|
-
- [#401] and [#425] application is not required any longer for access_token.
|
315
|
-
|
316
|
-
## 1.3.0 - 2014-05-23
|
317
|
-
|
318
|
-
- enhancements
|
319
|
-
- [#387] Adds reuse_access_token configuration option.
|
320
|
-
|
321
|
-
## 1.2.0 - 2014-05-02
|
322
|
-
|
323
|
-
- enhancements
|
324
|
-
- [#376] Allow users to enable basic header authorization for access tokens.
|
325
|
-
- [#374] Token revocation implementation [RFC 7009]
|
326
|
-
- [#295] Only enable specific grant flows.
|
327
|
-
- internals
|
328
|
-
- [#381] Locale source fix.
|
329
|
-
- [#380] Renames `errors_for` to `doorkeeper_errors_for`.
|
330
|
-
- [#390] Style adjustments in accordance with Ruby Style Guide form
|
331
|
-
Thoughtbot.
|
332
|
-
|
333
|
-
## 1.1.0 - 2014-03-29
|
334
|
-
|
335
|
-
- enhancements
|
336
|
-
- [#336] mongoid4 support.
|
337
|
-
- [#372] Allow users to set ActiveRecord table_name_prefix/suffix options
|
338
|
-
- internals
|
339
|
-
- [#343] separate OAuth's admin and user end-point to different layouts, upgrade theme to Bootstrap 3.1.
|
340
|
-
- [#348] Move render_options in filter after `@error` has been set
|
341
|
-
|
342
|
-
## 1.0.0 - 2014-01-13
|
343
|
-
|
344
|
-
- bug (spec)
|
345
|
-
- [#228] token response `expires_in` value is now in seconds, relative to
|
346
|
-
request time
|
347
|
-
- [#296] client is optional for password grant type.
|
348
|
-
- [#319] If client credentials are present on password grant type they are validated
|
349
|
-
- [#326] If client credentials are present in refresh token they are validated
|
350
|
-
- [#326] If authenticated client does not match original client that
|
351
|
-
obtained a refresh token it responds `invalid_grant` instead of
|
352
|
-
`invalid_client`. Previous usage was invalid according to Section 5.2 of
|
353
|
-
the spec.
|
354
|
-
- [#329] access tokens' `scopes` string wa being compared against
|
355
|
-
`default_scopes` symbols, always unauthorizing.
|
356
|
-
- [#318] Include "WWW-Authenticate" header with Unauthorized responses
|
357
|
-
- enhancements
|
358
|
-
- [#293] Adds ActionController::Instrumentation in TokensController
|
359
|
-
- [#298] Support for multiple redirect_uris added.
|
360
|
-
- [#313] `AccessToken.revoke_all_for` actually revokes all non-revoked
|
361
|
-
tokens for an application/owner instead of deleting them.
|
362
|
-
- [#333] Rails 4.1 support
|
363
|
-
- internals
|
364
|
-
- Removes jQuery dependency [fixes #300] [PR #312 is related]
|
365
|
-
- [#294] Client uid and secret will be generated only if not present.
|
366
|
-
- [#316] Test warnings addressed.
|
367
|
-
- [#338] Rspec 3 syntax.
|
368
|
-
|
369
|
-
---
|
370
|
-
|
371
|
-
## 0.7.4 - 2013-12-01
|
372
|
-
|
373
|
-
- bug
|
374
|
-
- Symbols instead of strings for user input.
|
375
|
-
|
376
|
-
## 0.7.3 - 2013-10-04
|
377
|
-
|
378
|
-
- enhancements
|
379
|
-
- [#204] Allow to overwrite scope in routes
|
380
|
-
- internals
|
381
|
-
- Returns only present keys in Token Response (may imply a backwards
|
382
|
-
incompatible change). https://github.com/doorkeeper-gem/doorkeeper/issues/220
|
383
|
-
- bug
|
384
|
-
- [#290] Support for Rails 4 when 'protected_attributes' gem is present.
|
385
|
-
|
386
|
-
## 0.7.2 - 2013-09-11
|
387
|
-
|
388
|
-
- enhancements
|
389
|
-
- [#272] Allow issuing multiple access_tokens for one user/application for multiple devices
|
390
|
-
- [#170] Increase length of allowed redirect URIs
|
391
|
-
- [#239] Do not try to load unavailable Request class for the current phase.
|
392
|
-
- [#273] Relax jquery-rails gem dependency
|
393
|
-
|
394
|
-
## 0.7.1 - 2013-08-30
|
395
|
-
|
396
|
-
- bug
|
397
|
-
- [#269] Rails 3.2 raised `ActiveModel::MassAssignmentSecurity::Error`.
|
398
|
-
|
399
|
-
## 0.7.0 - 2013-08-21
|
400
|
-
|
401
|
-
- enhancements
|
402
|
-
- [#229] Rails 4!
|
403
|
-
- internals
|
404
|
-
- [#203] Changing table name to be specific in column_names_with_table
|
405
|
-
- [#215] README update
|
406
|
-
- [#227] Use Rails.config.paths["config/routes"] instead of assuming "config/routes.rb" exists
|
407
|
-
- [#262] Add jquery as gem dependency
|
408
|
-
- [#263] Add a configuration for ActiveRecord.establish_connection
|
409
|
-
- Deprecation and Ruby warnings (PRs merged outside of GitHub).
|
410
|
-
|
411
|
-
## 0.6.7 - 2013-01-13
|
412
|
-
|
413
|
-
- internals
|
414
|
-
- [#188] Add IDs to the show views for integration testing [@egtann](https://github.com/egtann)
|
415
|
-
|
416
|
-
## 0.6.6 - 2013-01-04
|
417
|
-
|
418
|
-
- enhancements
|
419
|
-
- [#187] Raise error if configuration is not set
|
420
|
-
|
421
|
-
## 0.6.5 - 2012-12-26
|
422
|
-
|
423
|
-
- enhancements
|
424
|
-
- [#184] Vendor the Bootstrap CSS [@tylerhunt](https://github.com/tylerhunt)
|
425
|
-
|
426
|
-
## 0.6.4 - 2012-12-15
|
427
|
-
|
428
|
-
- bug
|
429
|
-
- [#180] Add localization to authorized_applications destroy notice [@aalvarado](https://github.com/aalvarado)
|
430
|
-
|
431
|
-
## 0.6.3 - 2012-12-07
|
432
|
-
|
433
|
-
- bugfixes
|
434
|
-
- [#163] Error response content-type header should be application/json [@ggayan](https://github.com/ggayan)
|
435
|
-
- [#175] Make token.expires_in_seconds return nil when expires_in is nil [@miyagawa](https://github.com/miyagawa)
|
436
|
-
- enhancements
|
437
|
-
- [#166, #172, #174] Behavior to automatically authorize based on a configured proc
|
438
|
-
- internals
|
439
|
-
- [#168] Using expectation syntax for controller specs [@rdsoze](https://github.com/rdsoze)
|
440
|
-
|
441
|
-
## 0.6.2 - 2012-11-10
|
442
|
-
|
443
|
-
- bugfixes
|
444
|
-
- [#162] Remove ownership columns from base migration template [@rdsoze](https://github.com/rdsoze)
|
445
|
-
|
446
|
-
## 0.6.1 - 2012-11-07
|
447
|
-
|
448
|
-
- bugfixes
|
449
|
-
- [#160] Removed |routes| argument from initializer authenticator blocks
|
450
|
-
- documentation
|
451
|
-
- [#160] Fixed description of context of authenticator blocks
|
452
|
-
|
453
|
-
## 0.6.0 - 2012-11-05
|
454
|
-
|
455
|
-
- enhancements
|
456
|
-
- Mongoid `orm` configuration accepts only :mongoid2 or :mongoid3
|
457
|
-
- Authorization endpoint does not redirect in #new action anymore. It wasn't specified by OAuth spec
|
458
|
-
- TokensController now inherits from ActionController::Metal. There might be performance upgrades
|
459
|
-
- Add link to authorization in Applications scaffold
|
460
|
-
- [#116] MongoMapper support [@carols10cents](https://github.com/carols10cents)
|
461
|
-
- [#122] Mongoid3 support [@petergoldstein](https://github.com/petergoldstein)
|
462
|
-
- [#150] Introduce test redirect uri for applications
|
463
|
-
- bugfixes
|
464
|
-
- [#157] Response token status should be `:ok`, not `:success` [@theycallmeswift](https://github.com/theycallmeswift)
|
465
|
-
- [#159] Remove ActionView::Base.field_error_proc override (fixes #145)
|
466
|
-
- internals
|
467
|
-
- Update development dependencies
|
468
|
-
- Several refactorings
|
469
|
-
- Rails/ORM are easily swichable with env vars (rails and orm)
|
470
|
-
- Travis now tests against Mongoid v2
|
471
|
-
|
472
|
-
## 0.5.0 - 2012-10-20
|
473
|
-
|
474
|
-
Official support for rubinius was removed.
|
475
|
-
|
476
|
-
- enhancements
|
477
|
-
- Configure the way access token is retrieved from request (default to bearer header)
|
478
|
-
- Authorization Code expiration time is now configurable
|
479
|
-
- Add support for mongoid
|
480
|
-
- [#78, #128, #137, #138] Application Ownership
|
481
|
-
- [#92] Allow users to skip controllers
|
482
|
-
- [#99] Remove deprecated warnings for data-* attributes [@towerhe](https://github.com/towerhe)
|
483
|
-
- [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
|
484
|
-
- [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
|
485
|
-
- [#107] Fix typos in initializer
|
486
|
-
- [#123] i18n for validator, flash messages [@petergoldstein](https://github.com/petergoldstein)
|
487
|
-
- [#140] ActiveRecord is the default value for the ORM [@petergoldstein](https://github.com/petergoldstein)
|
488
|
-
- internals
|
489
|
-
- [#112, #120] Replacing update_attribute with update_column to eliminate deprecation warnings [@rmoriz](https://github.com/rmoriz), [@petergoldstein](https://github.com/petergoldstein)
|
490
|
-
- [#121] Updating all development dependencies to recent versions. [@petergoldstein](https://github.com/petergoldstein)
|
491
|
-
- [#144] Adding MongoDB dependency to .travis.yml [@petergoldstein](https://github.com/petergoldstein)
|
492
|
-
- [#143] Displays errors for unconfigured error messages [@timgaleckas](https://github.com/timgaleckas)
|
493
|
-
- bugfixes
|
494
|
-
- [#102] Not returning 401 when access token generation fails [@cslew](https://github.com/cslew)
|
495
|
-
- [#125] Doorkeeper is using ActiveRecord version of as_json in ORM agnostic code [@petergoldstein](https://github.com/petergoldstein)
|
496
|
-
- [#142] Prevent double submission of password based authentication [@bdurand](https://github.com/bdurand)
|
497
|
-
- documentation
|
498
|
-
- [#141] Add rack-cors middleware to readme [@gottfrois](https://github.com/gottfrois)
|
499
|
-
|
500
|
-
## 0.4.2 - 2012-06-05
|
501
|
-
|
502
|
-
- bugfixes:
|
503
|
-
- [#94] Uninitialized Constant in Password Flow
|
504
|
-
|
505
|
-
## 0.4.1 - 2012-06-02
|
506
|
-
|
507
|
-
- enhancements:
|
508
|
-
- Backport: Move doorkeeper_for extension to Filter helper
|
509
|
-
|
510
|
-
## 0.4.0 - 2012-05-26
|
511
|
-
|
512
|
-
- deprecation
|
513
|
-
- Deprecate authorization_scopes
|
514
|
-
- database changes
|
515
|
-
- AccessToken#resource_owner_id is not nullable
|
516
|
-
- enhancements
|
517
|
-
- [#83] Add Resource Owner Password Credentials flow [@jaimeiniesta](https://github.com/jaimeiniesta)
|
518
|
-
- [#76] Allow token expiration to be disabled [@mattgreen](https://github.com/mattgreen)
|
519
|
-
- [#89] Configure the way client credentials are retrieved from request
|
520
|
-
- [#b6470a] Add Client Credentials flow
|
521
|
-
- internals
|
522
|
-
- [#2ece8d, #f93778] Introduce Client and ErrorResponse classes
|
523
|
-
|
524
|
-
## 0.3.4 - 2012-05-24
|
525
|
-
|
526
|
-
- Fix attr_accessible for rails 3.2.x
|
527
|
-
|
528
|
-
## 0.3.3 - 2012-05-07
|
529
|
-
|
530
|
-
- [#86] shrink gem package size
|
531
|
-
|
532
|
-
## 0.3.2 - 2012-04-29
|
533
|
-
|
534
|
-
- enhancements
|
535
|
-
- [#54] Ignore Authorization: headers that are not Bearer [@miyagawa](https://github.com/miyagawa)
|
536
|
-
- [#58, #64] Add destroy action to applications endpoint [@jaimeiniesta](https://github.com/jaimeiniesta), [@davidfrey](https://github.com/davidfrey)
|
537
|
-
- [#63] TokensController responds with `401 unauthorized` [@jaimeiniesta](https://github.com/jaimeiniesta)
|
538
|
-
- [#67, #72] Fix for mass-assignment [@cicloid](https://github.com/cicloid)
|
539
|
-
- internals
|
540
|
-
- [#49] Add Gemnasium status image to README [@laserlemon](https://github.com/laserlemon)
|
541
|
-
- [#50] Fix typos [@tomekw](https://github.com/tomekw)
|
542
|
-
- [#51] Updated the factory_girl_rails dependency, fix expires_in response which returned a float number instead of integer [@antekpiechnik](https://github.com/antekpiechnik)
|
543
|
-
- [#62] Typos, .gitignore [@jaimeiniesta](https://github.com/jaimeiniesta)
|
544
|
-
- [#65] Change _path redirections to _url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
|
545
|
-
- [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
|
546
|
-
- Remove application link in authorized app view
|
547
|
-
|
548
|
-
## 0.3.1 - 2012-02-17
|
549
|
-
|
550
|
-
- enhancements
|
551
|
-
- [#48] Add if, else options to doorkeeper_for
|
552
|
-
- Add views generator
|
553
|
-
- internals
|
554
|
-
- Namespace models
|
555
|
-
|
556
|
-
## 0.3.0 - 2012-02-11
|
557
|
-
|
558
|
-
- enhancements
|
559
|
-
- [#17, #31] Add support for client credentials in basic auth header [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
560
|
-
- [#28] Add indices to migration [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
561
|
-
- [#29] Allow doorkeeper to run with rails 3.2 [@john-griffin](https://github.com/john-griffin)
|
562
|
-
- [#30] Improve client's redirect uri validation [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
563
|
-
- [#32] Add token (implicit grant) flow [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
564
|
-
- [#34] Add support for custom unathorized responses [@GoldsteinTechPartners](https://github.com/GoldsteinTechPartners)
|
565
|
-
- [#36] Remove repetitions from the Authorised Applications view [@carvil](https://github.com/carvil)
|
566
|
-
- When user revoke an application, all tokens for that application are revoked
|
567
|
-
- Error messages now can be translated
|
568
|
-
- Install generator copies the error messages localization file
|
569
|
-
- internals
|
570
|
-
- Fix deprecation warnings in ActiveSupport::Base64
|
571
|
-
- Remove deprecation in doorkeeper_for that handles hash arguments
|
572
|
-
- Depends on railties instead of whole rails framework
|
573
|
-
- CI now integrates with rails 3.1 and 3.2
|
574
|
-
|
575
|
-
## 0.2.0 - 2011-12-17
|
576
|
-
|
577
|
-
- enhancements
|
578
|
-
- [#4] Add authorized applications endpoint
|
579
|
-
- [#5, #11] Add access token scopes
|
580
|
-
- [#10] Add access token expiration by default
|
581
|
-
- [#9, #12] Add refresh token flow
|
582
|
-
- internals
|
583
|
-
- [#7] Improve configuration options with :default
|
584
|
-
- Improve configuration options with :builder
|
585
|
-
- Refactor config class
|
586
|
-
- Improve coverage of authorization request integration
|
587
|
-
- bug fixes
|
588
|
-
- [#6, #20] Fix access token response headers
|
589
|
-
- Fix issue with state parameter
|
590
|
-
- deprecation
|
591
|
-
- deprecate :only and :except options in doorkeeper_for
|
592
|
-
|
593
|
-
## 0.1.1 - 2011-11-30
|
594
|
-
|
595
|
-
- enhancements
|
596
|
-
- [#3] Authorization code must be short lived and single use
|
597
|
-
- [#2] Improve views provided by doorkeeper
|
598
|
-
- [#1] Skips authorization form if the client has been authorized by the resource owner
|
599
|
-
- Improve readme
|
600
|
-
- bugfixes
|
601
|
-
- Fix issue when creating the access token (wrong client id)
|
602
|
-
|
603
|
-
## 0.1.0 - 2011-11-25
|
604
|
-
|
605
|
-
- Authorization Code flow
|
606
|
-
- OAuth applications endpoint
|
data/RELEASING.md
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
# Releasing doorkeeper
|
2
|
-
|
3
|
-
How to release doorkeeper in five easy steps!
|
4
|
-
|
5
|
-
1. Update `lib/doorkeeper/version.rb` file accordingly.
|
6
|
-
2. Update `NEWS.md` to reflect the changes since last release.
|
7
|
-
3. Commit changes: `git commit -am 'Bump to vVERSION'`
|
8
|
-
4. Run `rake release`
|
9
|
-
5. Announce the new release, making sure to say “thank you” to the contributors
|
10
|
-
who helped shape this version!
|
data/Rakefile
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
require 'bundler/setup'
|
2
|
-
require 'rspec/core/rake_task'
|
3
|
-
|
4
|
-
desc 'Default: run specs.'
|
5
|
-
task default: :spec
|
6
|
-
|
7
|
-
desc "Run all specs"
|
8
|
-
RSpec::Core::RakeTask.new(:spec) do |config|
|
9
|
-
config.verbose = false
|
10
|
-
end
|
11
|
-
|
12
|
-
namespace :doorkeeper do
|
13
|
-
desc "Install doorkeeper in dummy app"
|
14
|
-
task :install do
|
15
|
-
cd 'spec/dummy'
|
16
|
-
system 'bundle exec rails g doorkeeper:install --force'
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
Bundler::GemHelper.install_tasks
|