doorkeeper 4.2.6 → 5.5.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (274) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +1049 -0
  3. data/README.md +110 -353
  4. data/app/assets/stylesheets/doorkeeper/admin/application.css +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +6 -7
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +7 -11
  7. data/app/controllers/doorkeeper/applications_controller.rb +65 -16
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +97 -17
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +22 -3
  10. data/app/controllers/doorkeeper/token_info_controller.rb +16 -4
  11. data/app/controllers/doorkeeper/tokens_controller.rb +115 -38
  12. data/app/helpers/doorkeeper/dashboard_helper.rb +10 -6
  13. data/app/views/doorkeeper/applications/_delete_form.html.erb +3 -1
  14. data/app/views/doorkeeper/applications/_form.html.erb +33 -21
  15. data/app/views/doorkeeper/applications/edit.html.erb +1 -1
  16. data/app/views/doorkeeper/applications/index.html.erb +18 -6
  17. data/app/views/doorkeeper/applications/new.html.erb +1 -1
  18. data/app/views/doorkeeper/applications/show.html.erb +40 -16
  19. data/app/views/doorkeeper/authorizations/error.html.erb +1 -1
  20. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  21. data/app/views/doorkeeper/authorizations/new.html.erb +6 -0
  22. data/app/views/doorkeeper/authorized_applications/index.html.erb +0 -1
  23. data/app/views/layouts/doorkeeper/admin.html.erb +16 -14
  24. data/config/locales/en.yml +34 -7
  25. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  26. data/lib/doorkeeper/config/option.rb +82 -0
  27. data/lib/doorkeeper/config/validations.rb +53 -0
  28. data/lib/doorkeeper/config.rb +514 -167
  29. data/lib/doorkeeper/engine.rb +11 -5
  30. data/lib/doorkeeper/errors.rb +25 -16
  31. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  32. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  33. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  34. data/lib/doorkeeper/grant_flow.rb +45 -0
  35. data/lib/doorkeeper/grape/authorization_decorator.rb +6 -4
  36. data/lib/doorkeeper/grape/helpers.rb +23 -12
  37. data/lib/doorkeeper/helpers/controller.rb +51 -14
  38. data/lib/doorkeeper/models/access_grant_mixin.rb +94 -27
  39. data/lib/doorkeeper/models/access_token_mixin.rb +284 -96
  40. data/lib/doorkeeper/models/application_mixin.rb +58 -27
  41. data/lib/doorkeeper/models/concerns/accessible.rb +2 -0
  42. data/lib/doorkeeper/models/concerns/expirable.rb +12 -6
  43. data/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  44. data/lib/doorkeeper/models/concerns/ownership.rb +4 -7
  45. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  46. data/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  47. data/lib/doorkeeper/models/concerns/revocable.rb +3 -27
  48. data/lib/doorkeeper/models/concerns/scopes.rb +12 -2
  49. data/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  50. data/lib/doorkeeper/oauth/authorization/code.rb +48 -12
  51. data/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  52. data/lib/doorkeeper/oauth/authorization/token.rb +66 -28
  53. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +7 -5
  54. data/lib/doorkeeper/oauth/authorization_code_request.rb +63 -10
  55. data/lib/doorkeeper/oauth/base_request.rb +35 -19
  56. data/lib/doorkeeper/oauth/base_response.rb +2 -0
  57. data/lib/doorkeeper/oauth/client/credentials.rb +9 -7
  58. data/lib/doorkeeper/oauth/client.rb +10 -11
  59. data/lib/doorkeeper/oauth/client_credentials/creator.rb +47 -4
  60. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +16 -9
  61. data/lib/doorkeeper/oauth/client_credentials/validator.rb +56 -0
  62. data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -11
  63. data/lib/doorkeeper/oauth/code_request.rb +8 -12
  64. data/lib/doorkeeper/oauth/code_response.rb +27 -15
  65. data/lib/doorkeeper/oauth/error.rb +5 -3
  66. data/lib/doorkeeper/oauth/error_response.rb +35 -15
  67. data/lib/doorkeeper/oauth/forbidden_token_response.rb +11 -3
  68. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -18
  69. data/lib/doorkeeper/oauth/helpers/unique_token.rb +20 -3
  70. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +53 -3
  71. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  72. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  73. data/lib/doorkeeper/oauth/invalid_token_response.rb +29 -5
  74. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  75. data/lib/doorkeeper/oauth/password_access_token_request.rb +44 -10
  76. data/lib/doorkeeper/oauth/pre_authorization.rb +135 -26
  77. data/lib/doorkeeper/oauth/refresh_token_request.rb +60 -31
  78. data/lib/doorkeeper/oauth/scopes.rb +26 -12
  79. data/lib/doorkeeper/oauth/token.rb +13 -9
  80. data/lib/doorkeeper/oauth/token_introspection.rb +202 -0
  81. data/lib/doorkeeper/oauth/token_request.rb +8 -20
  82. data/lib/doorkeeper/oauth/token_response.rb +14 -10
  83. data/lib/doorkeeper/oauth.rb +13 -0
  84. data/lib/doorkeeper/orm/active_record/access_grant.rb +6 -4
  85. data/lib/doorkeeper/orm/active_record/access_token.rb +5 -42
  86. data/lib/doorkeeper/orm/active_record/application.rb +6 -20
  87. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  88. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
  89. data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
  90. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  91. data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +33 -0
  92. data/lib/doorkeeper/orm/active_record.rb +37 -8
  93. data/lib/doorkeeper/rails/helpers.rb +14 -13
  94. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  95. data/lib/doorkeeper/rails/routes/mapper.rb +4 -2
  96. data/lib/doorkeeper/rails/routes/mapping.rb +9 -7
  97. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  98. data/lib/doorkeeper/rails/routes.rb +41 -28
  99. data/lib/doorkeeper/rake/db.rake +40 -0
  100. data/lib/doorkeeper/rake/setup.rake +11 -0
  101. data/lib/doorkeeper/rake.rb +14 -0
  102. data/lib/doorkeeper/request/authorization_code.rb +6 -4
  103. data/lib/doorkeeper/request/client_credentials.rb +3 -3
  104. data/lib/doorkeeper/request/code.rb +1 -1
  105. data/lib/doorkeeper/request/password.rb +5 -14
  106. data/lib/doorkeeper/request/refresh_token.rb +6 -5
  107. data/lib/doorkeeper/request/strategy.rb +4 -2
  108. data/lib/doorkeeper/request/token.rb +1 -1
  109. data/lib/doorkeeper/request.rb +62 -29
  110. data/lib/doorkeeper/secret_storing/base.rb +64 -0
  111. data/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  112. data/lib/doorkeeper/secret_storing/plain.rb +33 -0
  113. data/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  114. data/lib/doorkeeper/server.rb +9 -11
  115. data/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  116. data/lib/doorkeeper/validations.rb +5 -2
  117. data/lib/doorkeeper/version.rb +12 -1
  118. data/lib/doorkeeper.rb +111 -62
  119. data/lib/generators/doorkeeper/application_owner_generator.rb +28 -13
  120. data/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  121. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  122. data/lib/generators/doorkeeper/install_generator.rb +19 -9
  123. data/lib/generators/doorkeeper/migration_generator.rb +27 -10
  124. data/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  125. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +31 -19
  126. data/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  127. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  128. data/{spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb → lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb} +3 -1
  129. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  130. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  131. data/lib/generators/doorkeeper/templates/initializer.rb +412 -33
  132. data/lib/generators/doorkeeper/templates/migration.rb.erb +88 -0
  133. data/lib/generators/doorkeeper/views_generator.rb +8 -4
  134. data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +4 -5
  135. metadata +114 -276
  136. data/.coveralls.yml +0 -1
  137. data/.gitignore +0 -19
  138. data/.hound.yml +0 -13
  139. data/.rspec +0 -1
  140. data/.travis.yml +0 -26
  141. data/Appraisals +0 -14
  142. data/CONTRIBUTING.md +0 -47
  143. data/Gemfile +0 -10
  144. data/NEWS.md +0 -606
  145. data/RELEASING.md +0 -10
  146. data/Rakefile +0 -20
  147. data/app/validators/redirect_uri_validator.rb +0 -34
  148. data/doorkeeper.gemspec +0 -29
  149. data/gemfiles/rails_4_2.gemfile +0 -11
  150. data/gemfiles/rails_5_0.gemfile +0 -12
  151. data/gemfiles/rails_5_1.gemfile +0 -13
  152. data/lib/doorkeeper/oauth/client_credentials/validation.rb +0 -45
  153. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +0 -7
  154. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb +0 -11
  155. data/lib/generators/doorkeeper/templates/migration.rb +0 -68
  156. data/spec/controllers/application_metal_controller.rb +0 -10
  157. data/spec/controllers/applications_controller_spec.rb +0 -58
  158. data/spec/controllers/authorizations_controller_spec.rb +0 -218
  159. data/spec/controllers/protected_resources_controller_spec.rb +0 -300
  160. data/spec/controllers/token_info_controller_spec.rb +0 -52
  161. data/spec/controllers/tokens_controller_spec.rb +0 -88
  162. data/spec/dummy/Rakefile +0 -7
  163. data/spec/dummy/app/controllers/application_controller.rb +0 -3
  164. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -7
  165. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -12
  166. data/spec/dummy/app/controllers/home_controller.rb +0 -17
  167. data/spec/dummy/app/controllers/metal_controller.rb +0 -11
  168. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -11
  169. data/spec/dummy/app/helpers/application_helper.rb +0 -5
  170. data/spec/dummy/app/models/user.rb +0 -5
  171. data/spec/dummy/app/views/home/index.html.erb +0 -0
  172. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  173. data/spec/dummy/config/application.rb +0 -23
  174. data/spec/dummy/config/boot.rb +0 -9
  175. data/spec/dummy/config/database.yml +0 -15
  176. data/spec/dummy/config/environment.rb +0 -5
  177. data/spec/dummy/config/environments/development.rb +0 -29
  178. data/spec/dummy/config/environments/production.rb +0 -62
  179. data/spec/dummy/config/environments/test.rb +0 -44
  180. data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +0 -6
  181. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -7
  182. data/spec/dummy/config/initializers/doorkeeper.rb +0 -96
  183. data/spec/dummy/config/initializers/secret_token.rb +0 -9
  184. data/spec/dummy/config/initializers/session_store.rb +0 -8
  185. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -14
  186. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  187. data/spec/dummy/config/routes.rb +0 -52
  188. data/spec/dummy/config.ru +0 -4
  189. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -9
  190. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -5
  191. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -60
  192. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -7
  193. data/spec/dummy/db/schema.rb +0 -67
  194. data/spec/dummy/public/404.html +0 -26
  195. data/spec/dummy/public/422.html +0 -26
  196. data/spec/dummy/public/500.html +0 -26
  197. data/spec/dummy/public/favicon.ico +0 -0
  198. data/spec/dummy/script/rails +0 -6
  199. data/spec/factories.rb +0 -28
  200. data/spec/generators/application_owner_generator_spec.rb +0 -22
  201. data/spec/generators/install_generator_spec.rb +0 -31
  202. data/spec/generators/migration_generator_spec.rb +0 -20
  203. data/spec/generators/templates/routes.rb +0 -3
  204. data/spec/generators/views_generator_spec.rb +0 -27
  205. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -24
  206. data/spec/lib/config_spec.rb +0 -334
  207. data/spec/lib/doorkeeper_spec.rb +0 -150
  208. data/spec/lib/models/expirable_spec.rb +0 -50
  209. data/spec/lib/models/revocable_spec.rb +0 -59
  210. data/spec/lib/models/scopes_spec.rb +0 -43
  211. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -41
  212. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -80
  213. data/spec/lib/oauth/base_request_spec.rb +0 -160
  214. data/spec/lib/oauth/base_response_spec.rb +0 -45
  215. data/spec/lib/oauth/client/credentials_spec.rb +0 -88
  216. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -44
  217. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -86
  218. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -54
  219. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  220. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -104
  221. data/spec/lib/oauth/client_spec.rb +0 -39
  222. data/spec/lib/oauth/code_request_spec.rb +0 -45
  223. data/spec/lib/oauth/code_response_spec.rb +0 -34
  224. data/spec/lib/oauth/error_response_spec.rb +0 -61
  225. data/spec/lib/oauth/error_spec.rb +0 -23
  226. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -23
  227. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -64
  228. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -20
  229. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -104
  230. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -56
  231. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -90
  232. data/spec/lib/oauth/pre_authorization_spec.rb +0 -155
  233. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -154
  234. data/spec/lib/oauth/scopes_spec.rb +0 -122
  235. data/spec/lib/oauth/token_request_spec.rb +0 -98
  236. data/spec/lib/oauth/token_response_spec.rb +0 -85
  237. data/spec/lib/oauth/token_spec.rb +0 -116
  238. data/spec/lib/request/strategy_spec.rb +0 -53
  239. data/spec/lib/server_spec.rb +0 -49
  240. data/spec/models/doorkeeper/access_grant_spec.rb +0 -36
  241. data/spec/models/doorkeeper/access_token_spec.rb +0 -394
  242. data/spec/models/doorkeeper/application_spec.rb +0 -179
  243. data/spec/requests/applications/applications_request_spec.rb +0 -94
  244. data/spec/requests/applications/authorized_applications_spec.rb +0 -30
  245. data/spec/requests/endpoints/authorization_spec.rb +0 -71
  246. data/spec/requests/endpoints/token_spec.rb +0 -64
  247. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -76
  248. data/spec/requests/flows/authorization_code_spec.rb +0 -148
  249. data/spec/requests/flows/client_credentials_spec.rb +0 -58
  250. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -32
  251. data/spec/requests/flows/implicit_grant_spec.rb +0 -61
  252. data/spec/requests/flows/password_spec.rb +0 -115
  253. data/spec/requests/flows/refresh_token_spec.rb +0 -174
  254. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  255. data/spec/requests/flows/skip_authorization_spec.rb +0 -59
  256. data/spec/requests/protected_resources/metal_spec.rb +0 -14
  257. data/spec/requests/protected_resources/private_api_spec.rb +0 -81
  258. data/spec/routing/custom_controller_routes_spec.rb +0 -71
  259. data/spec/routing/default_routes_spec.rb +0 -35
  260. data/spec/routing/scoped_routes_spec.rb +0 -31
  261. data/spec/spec_helper.rb +0 -4
  262. data/spec/spec_helper_integration.rb +0 -63
  263. data/spec/support/dependencies/factory_girl.rb +0 -2
  264. data/spec/support/helpers/access_token_request_helper.rb +0 -11
  265. data/spec/support/helpers/authorization_request_helper.rb +0 -41
  266. data/spec/support/helpers/config_helper.rb +0 -9
  267. data/spec/support/helpers/model_helper.rb +0 -67
  268. data/spec/support/helpers/request_spec_helper.rb +0 -84
  269. data/spec/support/helpers/url_helper.rb +0 -55
  270. data/spec/support/http_method_shim.rb +0 -38
  271. data/spec/support/orm/active_record.rb +0 -3
  272. data/spec/support/shared/controllers_shared_context.rb +0 -69
  273. data/spec/support/shared/models_shared_examples.rb +0 -52
  274. data/spec/validators/redirect_uri_validator_spec.rb +0 -78
@@ -1,54 +1,66 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "doorkeeper/config/abstract_builder"
4
+ require "doorkeeper/config/option"
5
+ require "doorkeeper/config/validations"
6
+
1
7
  module Doorkeeper
8
+ # Defines a MissingConfiguration error for a missing Doorkeeper configuration
9
+ #
2
10
  class MissingConfiguration < StandardError
3
- # Defines a MissingConfiguration error for a missing Doorkeeper
4
- # configuration
5
11
  def initialize
6
- super('Configuration for doorkeeper missing. Do you have doorkeeper initializer?')
12
+ super("Configuration for doorkeeper missing. Do you have doorkeeper initializer?")
7
13
  end
8
14
  end
9
15
 
10
- def self.configure(&block)
11
- @config = Config::Builder.new(&block).build
12
- setup_orm_adapter
13
- setup_orm_models
14
- setup_application_owner if @config.enable_application_owner?
15
- end
16
+ # Doorkeeper option DSL could be reused in extensions to build their own
17
+ # configurations. To use the Option DSL gems need to define `builder_class` method
18
+ # that returns configuration Builder class. This exception raises when they don't
19
+ # define it.
20
+ #
21
+ class MissingConfigurationBuilderClass < StandardError; end
22
+
23
+ class << self
24
+ def configure(&block)
25
+ @config = Config::Builder.new(&block).build
26
+ setup_orm_adapter
27
+ setup_orm_models
28
+ setup_application_owner if @config.enable_application_owner?
29
+ @config
30
+ end
16
31
 
17
- def self.configuration
18
- @config || (fail MissingConfiguration)
19
- end
32
+ # @return [Doorkeeper::Config] configuration instance
33
+ #
34
+ def configuration
35
+ @config || (raise MissingConfiguration)
36
+ end
37
+
38
+ alias config configuration
20
39
 
21
- def self.setup_orm_adapter
22
- @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
23
- rescue NameError => e
24
- fail e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.squish
25
- [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
26
- trying to load it.
40
+ def setup_orm_adapter
41
+ @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
42
+ rescue NameError => e
43
+ raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
44
+ [DOORKEEPER] ORM adapter not found (#{configuration.orm}), or there was an error
45
+ trying to load it.
27
46
 
28
- You probably need to add the related gem for this adapter to work with
29
- doorkeeper.
47
+ You probably need to add the related gem for this adapter to work with
48
+ doorkeeper.
30
49
  ERROR_MSG
31
- end
50
+ end
32
51
 
33
- def self.setup_orm_models
34
- @orm_adapter.initialize_models!
35
- end
52
+ def setup_orm_models
53
+ @orm_adapter.initialize_models!
54
+ end
36
55
 
37
- def self.setup_application_owner
38
- @orm_adapter.initialize_application_owner!
56
+ def setup_application_owner
57
+ @orm_adapter.initialize_application_owner!
58
+ end
39
59
  end
40
60
 
41
61
  class Config
42
- class Builder
43
- def initialize(&block)
44
- @config = Config.new
45
- instance_eval(&block)
46
- end
47
-
48
- def build
49
- @config
50
- end
51
-
62
+ # Default Doorkeeper configuration builder
63
+ class Builder < AbstractBuilder
52
64
  # Provide support for an owner to be assigned to each registered
53
65
  # application (disabled by default)
54
66
  # Optional parameter confirmation: true (default false) if you want
@@ -59,12 +71,12 @@ doorkeeper.
59
71
  # @option opts[Boolean] :confirmation (false)
60
72
  # Set confirm_application_owner variable
61
73
  def enable_application_owner(opts = {})
62
- @config.instance_variable_set('@enable_application_owner', true)
74
+ @config.instance_variable_set(:@enable_application_owner, true)
63
75
  confirm_application_owner if opts[:confirmation].present? && opts[:confirmation]
64
76
  end
65
77
 
66
78
  def confirm_application_owner
67
- @config.instance_variable_set('@confirm_application_owner', true)
79
+ @config.instance_variable_set(:@confirm_application_owner, true)
68
80
  end
69
81
 
70
82
  # Define default access token scopes for your provider
@@ -72,7 +84,7 @@ doorkeeper.
72
84
  # @param scopes [Array] Default set of access (OAuth::Scopes.new)
73
85
  # token scopes
74
86
  def default_scopes(*scopes)
75
- @config.instance_variable_set('@default_scopes', OAuth::Scopes.from_array(scopes))
87
+ @config.instance_variable_set(:@default_scopes, OAuth::Scopes.from_array(scopes))
76
88
  end
77
89
 
78
90
  # Define default access token scopes for your provider
@@ -80,7 +92,14 @@ doorkeeper.
80
92
  # @param scopes [Array] Optional set of access (OAuth::Scopes.new)
81
93
  # token scopes
82
94
  def optional_scopes(*scopes)
83
- @config.instance_variable_set('@optional_scopes', OAuth::Scopes.from_array(scopes))
95
+ @config.instance_variable_set(:@optional_scopes, OAuth::Scopes.from_array(scopes))
96
+ end
97
+
98
+ # Define scopes_by_grant_type to limit certain scope to certain grant_type
99
+ # @param { Hash } with grant_types as keys.
100
+ # Default set to {} i.e. no limitation on scopes usage
101
+ def scopes_by_grant_type(hash = {})
102
+ @config.instance_variable_set(:@scopes_by_grant_type, hash)
84
103
  end
85
104
 
86
105
  # Change the way client credentials are retrieved from the request object.
@@ -90,7 +109,7 @@ doorkeeper.
90
109
  #
91
110
  # @param methods [Array] Define client credentials
92
111
  def client_credentials(*methods)
93
- @config.instance_variable_set('@client_credentials', methods)
112
+ @config.instance_variable_set(:@client_credentials_methods, methods)
94
113
  end
95
114
 
96
115
  # Change the way access token is authenticated from the request object.
@@ -100,169 +119,413 @@ doorkeeper.
100
119
  #
101
120
  # @param methods [Array] Define access token methods
102
121
  def access_token_methods(*methods)
103
- @config.instance_variable_set('@access_token_methods', methods)
122
+ @config.instance_variable_set(:@access_token_methods, methods)
104
123
  end
105
124
 
106
- # Issue access tokens with refresh token (disabled by default)
107
- def use_refresh_token
108
- @config.instance_variable_set('@refresh_token_enabled', true)
109
- end
110
-
111
- # WWW-Authenticate Realm (default "Doorkeeper").
112
- #
113
- # @param realm [String] ("Doorkeeper") Authentication realm
114
- def realm(realm)
115
- @config.instance_variable_set('@realm', realm)
125
+ # Issue access tokens with refresh token (disabled if not set)
126
+ def use_refresh_token(enabled = true, &block)
127
+ @config.instance_variable_set(
128
+ :@refresh_token_enabled,
129
+ block || enabled,
130
+ )
116
131
  end
117
132
 
118
133
  # Reuse access token for the same resource owner within an application
119
134
  # (disabled by default)
120
135
  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
121
136
  def reuse_access_token
122
- @config.instance_variable_set("@reuse_access_token", true)
137
+ @config.instance_variable_set(:@reuse_access_token, true)
123
138
  end
124
139
 
125
- # Forces the usage of the HTTPS protocol in non-native redirect uris
126
- # (enabled by default in non-development environments). OAuth2
127
- # delegates security in communication to the HTTPS protocol so it is
128
- # wise to keep this enabled.
129
- #
130
- # @param [Boolean] boolean value for the parameter, true by default in
131
- # non-development environment
132
- def force_ssl_in_redirect_uri(boolean)
133
- @config.instance_variable_set("@force_ssl_in_redirect_uri", boolean)
140
+ # TODO: maybe make it more generic for other flows too?
141
+ # Only allow one valid access token obtained via client credentials
142
+ # per client. If a new access token is obtained before the old one
143
+ # expired, the old one gets revoked (disabled by default)
144
+ def revoke_previous_client_credentials_token
145
+ @config.instance_variable_set(:@revoke_previous_client_credentials_token, true)
134
146
  end
135
147
 
136
- # Use a custom class for generating the access token.
137
- # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
138
- #
139
- # @param access_token_generator [String]
140
- # the name of the access token generator class
141
- def access_token_generator(access_token_generator)
142
- @config.instance_variable_set(
143
- '@access_token_generator', access_token_generator
144
- )
148
+ # Use an API mode for applications generated with --api argument
149
+ # It will skip applications controller, disable forgery protection
150
+ def api_only
151
+ @config.instance_variable_set(:@api_only, true)
145
152
  end
146
153
 
147
- # The controller Doorkeeper::ApplicationController inherits from.
148
- # Defaults to ActionController::Base.
149
- # https://github.com/doorkeeper-gem/doorkeeper#custom-base-controller
150
- #
151
- # @param base_controller [String] the name of the base controller
152
- def base_controller(base_controller)
153
- @config.instance_variable_set('@base_controller', base_controller)
154
+ # Enables polymorphic Resource Owner association for Access Grant and
155
+ # Access Token models. Requires additional database columns to be setup.
156
+ def use_polymorphic_resource_owner
157
+ @config.instance_variable_set(:@polymorphic_resource_owner, true)
154
158
  end
155
- end
156
159
 
157
- module Option
158
- # Defines configuration option
159
- #
160
- # When you call option, it defines two methods. One method will take place
161
- # in the +Config+ class and the other method will take place in the
162
- # +Builder+ class.
163
- #
164
- # The +name+ parameter will set both builder method and config attribute.
165
- # If the +:as+ option is defined, the builder method will be the specified
166
- # option while the config attribute will be the +name+ parameter.
167
- #
168
- # If you want to introduce another level of config DSL you can
169
- # define +builder_class+ parameter.
170
- # Builder should take a block as the initializer parameter and respond to function +build+
171
- # that returns the value of the config attribute.
172
- #
173
- # ==== Options
174
- #
175
- # * [:+as+] Set the builder method that goes inside +configure+ block
176
- # * [+:default+] The default value in case no option was set
177
- #
178
- # ==== Examples
160
+ # Forbids creating/updating applications with arbitrary scopes that are
161
+ # not in configuration, i.e. `default_scopes` or `optional_scopes`.
162
+ # (disabled by default)
163
+ def enforce_configured_scopes
164
+ @config.instance_variable_set(:@enforce_configured_scopes, true)
165
+ end
166
+
167
+ # Enforce request content type as the spec requires:
168
+ # disabled by default for backward compatibility.
169
+ def enforce_content_type
170
+ @config.instance_variable_set(:@enforce_content_type, true)
171
+ end
172
+
173
+ # Allow optional hashing of input tokens before persisting them.
174
+ # Will be used for hashing of input token and grants.
179
175
  #
180
- # option :name
181
- # option :name, as: :set_name
182
- # option :name, default: 'My Name'
183
- # option :scopes builder_class: ScopesBuilder
176
+ # @param using
177
+ # Provide a different secret storage implementation class for tokens
178
+ # @param fallback
179
+ # Provide a fallback secret storage implementation class for tokens
180
+ # or use :plain to fallback to plain tokens
181
+ def hash_token_secrets(using: nil, fallback: nil)
182
+ default = "::Doorkeeper::SecretStoring::Sha256Hash"
183
+ configure_secrets_for :token,
184
+ using: using || default,
185
+ fallback: fallback
186
+ end
187
+
188
+ # Allow optional hashing of application secrets before persisting them.
189
+ # Will be used for hashing of input token and grants.
184
190
  #
185
- def option(name, options = {})
186
- attribute = options[:as] || name
187
- attribute_builder = options[:builder_class]
188
-
189
- Builder.instance_eval do
190
- remove_method name if method_defined?(name)
191
- define_method name do |*args, &block|
192
- # TODO: is builder_class option being used?
193
- value = if attribute_builder
194
- attribute_builder.new(&block).build
195
- else
196
- block ? block : args.first
197
- end
198
-
199
- @config.instance_variable_set(:"@#{attribute}", value)
200
- end
201
- end
191
+ # @param using
192
+ # Provide a different secret storage implementation for applications
193
+ # @param fallback
194
+ # Provide a fallback secret storage implementation for applications
195
+ # or use :plain to fallback to plain application secrets
196
+ def hash_application_secrets(using: nil, fallback: nil)
197
+ default = "::Doorkeeper::SecretStoring::Sha256Hash"
198
+ configure_secrets_for :application,
199
+ using: using || default,
200
+ fallback: fallback
201
+ end
202
202
 
203
- define_method attribute do |*_args|
204
- if instance_variable_defined?(:"@#{attribute}")
205
- instance_variable_get(:"@#{attribute}")
206
- else
207
- options[:default]
208
- end
209
- end
203
+ private
210
204
 
211
- public attribute
212
- end
205
+ # Configure the secret storing functionality
206
+ def configure_secrets_for(type, using:, fallback:)
207
+ raise ArgumentError, "Invalid type #{type}" if %i[application token].exclude?(type)
208
+
209
+ @config.instance_variable_set(:"@#{type}_secret_strategy", using.constantize)
210
+
211
+ if fallback.nil?
212
+ return
213
+ elsif fallback.to_sym == :plain
214
+ fallback = "::Doorkeeper::SecretStoring::Plain"
215
+ end
213
216
 
214
- def extended(base)
215
- base.send(:private, :option)
217
+ @config.instance_variable_set(:"@#{type}_secret_fallback_strategy", fallback.constantize)
216
218
  end
217
219
  end
218
220
 
221
+ # Replace with `default: Builder` when we drop support of Rails < 5.2
222
+ mattr_reader(:builder_class) { Builder }
223
+
219
224
  extend Option
225
+ include Validations
220
226
 
221
227
  option :resource_owner_authenticator,
222
228
  as: :authenticate_resource_owner,
223
229
  default: (lambda do |_routes|
224
- logger.warn(I18n.translate('doorkeeper.errors.messages.resource_owner_authenticator_not_configured'))
230
+ ::Rails.logger.warn(
231
+ I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured"),
232
+ )
233
+
225
234
  nil
226
235
  end)
236
+
227
237
  option :admin_authenticator,
228
238
  as: :authenticate_admin,
229
- default: ->(_routes) {}
239
+ default: (lambda do |_routes|
240
+ ::Rails.logger.warn(
241
+ I18n.t("doorkeeper.errors.messages.admin_authenticator_not_configured"),
242
+ )
243
+
244
+ head :forbidden
245
+ end)
246
+
230
247
  option :resource_owner_from_credentials,
231
248
  default: (lambda do |_routes|
232
- warn(I18n.translate('doorkeeper.errors.messages.credential_flow_not_configured'))
249
+ ::Rails.logger.warn(
250
+ I18n.t("doorkeeper.errors.messages.credential_flow_not_configured"),
251
+ )
252
+
233
253
  nil
234
254
  end)
235
255
 
256
+ # Hooks for authorization
257
+ option :before_successful_authorization, default: ->(_controller, _context = nil) {}
258
+ option :after_successful_authorization, default: ->(_controller, _context = nil) {}
259
+ # Hooks for strategies responses
260
+ option :before_successful_strategy_response, default: ->(_request) {}
261
+ option :after_successful_strategy_response, default: ->(_request, _response) {}
262
+ # Allows to customize Token Introspection response
263
+ option :custom_introspection_response, default: ->(_token, _context) { {} }
264
+
236
265
  option :skip_authorization, default: ->(_routes) {}
237
266
  option :access_token_expires_in, default: 7200
238
- option :custom_access_token_expires_in, default: ->(_app) { nil }
267
+ option :custom_access_token_expires_in, default: ->(_context) { nil }
239
268
  option :authorization_code_expires_in, default: 600
240
269
  option :orm, default: :active_record
241
- option :native_redirect_uri, default: 'urn:ietf:wg:oauth:2.0:oob'
242
- option :active_record_options, default: {}
243
- option :realm, default: 'Doorkeeper'
270
+ option :native_redirect_uri, default: "urn:ietf:wg:oauth:2.0:oob", deprecated: true
271
+ option :grant_flows, default: %w[authorization_code client_credentials]
272
+ option :handle_auth_errors, default: :render
273
+ option :token_lookup_batch_size, default: 10_000
274
+ # Sets the token_reuse_limit
275
+ # It will be used only when reuse_access_token option in enabled
276
+ # By default it will be 100
277
+ # It will be used for token reusablity to some threshold percentage
278
+ # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
279
+ option :token_reuse_limit, default: 100
280
+
281
+ # Don't require client authentication for password grants. If client credentials
282
+ # are present they will still be validated, and the grant rejected if the credentials
283
+ # are invalid.
284
+ #
285
+ # This is discouraged. Spec says that password grants always require a client.
286
+ #
287
+ # See https://github.com/doorkeeper-gem/doorkeeper/issues/1412#issuecomment-632750422
288
+ # and https://github.com/doorkeeper-gem/doorkeeper/pull/1420
289
+ #
290
+ # Since many applications use this unsafe behavior in the wild, this is kept as a
291
+ # not-recommended option. You should be aware that you are not following the OAuth
292
+ # spec, and understand the security implications of doing so.
293
+ option :skip_client_authentication_for_password_grant,
294
+ default: false
295
+
296
+ option :active_record_options,
297
+ default: {},
298
+ deprecated: { message: "Customize Doorkeeper models instead" }
299
+
300
+ # Hook to allow arbitrary user-client authorization
301
+ option :authorize_resource_owner_for_client,
302
+ default: ->(_client, _resource_owner) { true }
303
+
304
+ # Allows to customize OAuth grant flows that +each+ application support.
305
+ # You can configure a custom block (or use a class respond to `#call`) that must
306
+ # return `true` in case Application instance supports requested OAuth grant flow
307
+ # during the authorization request to the server. This configuration +doesn't+
308
+ # set flows per application, it only allows to check if application supports
309
+ # specific grant flow.
310
+ #
311
+ # For example you can add an additional database column to `oauth_applications` table,
312
+ # say `t.array :grant_flows, default: []`, and store allowed grant flows that can
313
+ # be used with this application there. Then when authorization requested Doorkeeper
314
+ # will call this block to check if specific Application (passed with client_id and/or
315
+ # client_secret) is allowed to perform the request for the specific grant type
316
+ # (authorization, password, client_credentials, etc).
317
+ #
318
+ # Example of the block:
319
+ #
320
+ # ->(flow, client) { client.grant_flows.include?(flow) }
321
+ #
322
+ # In case this option invocation result is `false`, Doorkeeper server returns
323
+ # :unauthorized_client error and stops the request.
324
+ #
325
+ # @param allow_grant_flow_for_client [Proc] Block or any object respond to #call
326
+ # @return [Boolean] `true` if allow or `false` if forbid the request
327
+ #
328
+ option :allow_grant_flow_for_client, default: ->(_grant_flow, _client) { true }
329
+
330
+ # Allows to forbid specific Application redirect URI's by custom rules.
331
+ # Doesn't forbid any URI by default.
332
+ #
333
+ # @param forbid_redirect_uri [Proc] Block or any object respond to #call
334
+ #
335
+ option :forbid_redirect_uri, default: ->(_uri) { false }
336
+
337
+ # WWW-Authenticate Realm (default "Doorkeeper").
338
+ #
339
+ # @param realm [String] ("Doorkeeper") Authentication realm
340
+ #
341
+ option :realm, default: "Doorkeeper"
342
+
343
+ # Forces the usage of the HTTPS protocol in non-native redirect uris
344
+ # (enabled by default in non-development environments). OAuth2
345
+ # delegates security in communication to the HTTPS protocol so it is
346
+ # wise to keep this enabled.
347
+ #
348
+ # @param [Boolean] boolean_or_block value for the parameter, true by default in
349
+ # non-development environment
350
+ #
351
+ # @yield [uri] Conditional usage of SSL redirect uris.
352
+ # @yieldparam [URI] Redirect URI
353
+ # @yieldreturn [Boolean] Indicates necessity of usage of the HTTPS protocol
354
+ # in non-native redirect uris
355
+ #
244
356
  option :force_ssl_in_redirect_uri, default: !Rails.env.development?
245
- option :grant_flows, default: %w(authorization_code client_credentials)
357
+
358
+ # Use a custom class for generating the access token.
359
+ # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-access-token-generator
360
+ #
361
+ # @param access_token_generator [String]
362
+ # the name of the access token generator class
363
+ #
246
364
  option :access_token_generator,
247
- default: 'Doorkeeper::OAuth::Helpers::UniqueToken'
365
+ default: "Doorkeeper::OAuth::Helpers::UniqueToken"
366
+
367
+ # Default access token generator is a SecureRandom class from Ruby stdlib.
368
+ # This option defines which method will be used to generate a unique token value.
369
+ #
370
+ # @param access_token_generator [String]
371
+ # the name of the access token generator class
372
+ #
373
+ option :default_generator_method, default: :urlsafe_base64
374
+
375
+ # The controller Doorkeeper::ApplicationController inherits from.
376
+ # Defaults to ActionController::Base.
377
+ # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-controllers
378
+ #
379
+ # @param base_controller [String] the name of the base controller
248
380
  option :base_controller,
249
- default: 'ActionController::Base'
381
+ default: (lambda do
382
+ api_only ? "ActionController::API" : "ActionController::Base"
383
+ end)
384
+
385
+ # The controller Doorkeeper::ApplicationMetalController inherits from.
386
+ # Defaults to ActionController::API.
387
+ #
388
+ # @param base_metal_controller [String] the name of the base controller
389
+ option :base_metal_controller,
390
+ default: "ActionController::API"
391
+
392
+ option :access_token_class,
393
+ default: "Doorkeeper::AccessToken"
394
+
395
+ option :access_grant_class,
396
+ default: "Doorkeeper::AccessGrant"
397
+
398
+ option :application_class,
399
+ default: "Doorkeeper::Application"
400
+
401
+ # Allows to set blank redirect URIs for Applications in case
402
+ # server configured to use URI-less grant flows.
403
+ #
404
+ option :allow_blank_redirect_uri,
405
+ default: (lambda do |grant_flows, _application|
406
+ grant_flows.exclude?("authorization_code") &&
407
+ grant_flows.exclude?("implicit")
408
+ end)
409
+
410
+ # Configure protection of token introspection request.
411
+ # By default this configuration allows to introspect a token by
412
+ # another token of the same application, or to introspect the token
413
+ # that belongs to authorized client, or access token has been introspected
414
+ # is a public one (doesn't belong to any client)
415
+ #
416
+ # You can define any custom rule you need or just disable token
417
+ # introspection at all.
418
+ #
419
+ # @param token [Doorkeeper::AccessToken]
420
+ # token to be introspected
421
+ #
422
+ # @param authorized_client [Doorkeeper::Application]
423
+ # authorized client (if request is authorized using Basic auth with
424
+ # Client Credentials for example)
425
+ #
426
+ # @param authorized_token [Doorkeeper::AccessToken]
427
+ # Bearer token used to authorize the request
428
+ #
429
+ option :allow_token_introspection,
430
+ default: (lambda do |token, authorized_client, authorized_token|
431
+ if authorized_token
432
+ authorized_token.application == token&.application
433
+ elsif token.application
434
+ authorized_client == token.application
435
+ else
436
+ true
437
+ end
438
+ end)
439
+
440
+ attr_reader :reuse_access_token,
441
+ :token_secret_fallback_strategy,
442
+ :application_secret_fallback_strategy
443
+
444
+ # Doorkeeper Access Token model class.
445
+ #
446
+ # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
447
+ #
448
+ def access_token_model
449
+ @access_token_model ||= access_token_class.constantize
450
+ end
451
+
452
+ # Doorkeeper Access Grant model class.
453
+ #
454
+ # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
455
+ #
456
+ def access_grant_model
457
+ @access_grant_model ||= access_grant_class.constantize
458
+ end
459
+
460
+ # Doorkeeper Application model class.
461
+ #
462
+ # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
463
+ #
464
+ def application_model
465
+ @application_model ||= application_class.constantize
466
+ end
250
467
 
251
- attr_reader :reuse_access_token
468
+ def api_only
469
+ @api_only ||= false
470
+ end
471
+
472
+ def enforce_content_type
473
+ @enforce_content_type ||= false
474
+ end
252
475
 
253
476
  def refresh_token_enabled?
254
- @refresh_token_enabled ||= false
255
- !!@refresh_token_enabled
477
+ if defined?(@refresh_token_enabled)
478
+ @refresh_token_enabled
479
+ else
480
+ false
481
+ end
482
+ end
483
+
484
+ def resolve_controller(name)
485
+ config_option = public_send(:"#{name}_controller")
486
+ controller_name = if config_option.respond_to?(:call)
487
+ instance_exec(&config_option)
488
+ else
489
+ config_option
490
+ end
491
+
492
+ controller_name.constantize
493
+ end
494
+
495
+ def revoke_previous_client_credentials_token?
496
+ option_set? :revoke_previous_client_credentials_token
497
+ end
498
+
499
+ def enforce_configured_scopes?
500
+ option_set? :enforce_configured_scopes
256
501
  end
257
502
 
258
503
  def enable_application_owner?
259
- @enable_application_owner ||= false
260
- !!@enable_application_owner
504
+ option_set? :enable_application_owner
505
+ end
506
+
507
+ def polymorphic_resource_owner?
508
+ option_set? :polymorphic_resource_owner
261
509
  end
262
510
 
263
511
  def confirm_application_owner?
264
- @confirm_application_owner ||= false
265
- !!@confirm_application_owner
512
+ option_set? :confirm_application_owner
513
+ end
514
+
515
+ def raise_on_errors?
516
+ handle_auth_errors == :raise
517
+ end
518
+
519
+ def application_secret_hashed?
520
+ instance_variable_defined?(:"@application_secret_strategy")
521
+ end
522
+
523
+ def token_secret_strategy
524
+ @token_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
525
+ end
526
+
527
+ def application_secret_strategy
528
+ @application_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
266
529
  end
267
530
 
268
531
  def default_scopes
@@ -277,41 +540,125 @@ doorkeeper.
277
540
  @scopes ||= default_scopes + optional_scopes
278
541
  end
279
542
 
543
+ def scopes_by_grant_type
544
+ @scopes_by_grant_type ||= {}
545
+ end
546
+
280
547
  def client_credentials_methods
281
- @client_credentials ||= [:from_basic, :from_params]
548
+ @client_credentials_methods ||= %i[from_basic from_params]
282
549
  end
283
550
 
284
551
  def access_token_methods
285
- @access_token_methods ||= [:from_bearer_authorization, :from_access_token_param, :from_bearer_param]
552
+ @access_token_methods ||= %i[
553
+ from_bearer_authorization
554
+ from_access_token_param
555
+ from_bearer_param
556
+ ]
557
+ end
558
+
559
+ def enabled_grant_flows
560
+ @enabled_grant_flows ||= calculate_grant_flows.map { |name| Doorkeeper::GrantFlow.get(name) }.compact
561
+ end
562
+
563
+ def authorization_response_flows
564
+ @authorization_response_flows ||= enabled_grant_flows.select(&:handles_response_type?) +
565
+ deprecated_authorization_flows
566
+ end
567
+
568
+ def token_grant_flows
569
+ @token_grant_flows ||= calculate_token_grant_flows
286
570
  end
287
571
 
288
572
  def authorization_response_types
289
- @authorization_response_types ||= calculate_authorization_response_types
573
+ authorization_response_flows.map(&:response_type_matches)
290
574
  end
291
575
 
292
576
  def token_grant_types
293
- @token_grant_types ||= calculate_token_grant_types
577
+ token_grant_flows.map(&:grant_type_matches)
294
578
  end
295
579
 
296
- private
580
+ # [NOTE]: deprecated and will be removed soon
581
+ def deprecated_token_grant_types_resolver
582
+ @deprecated_token_grant_types ||= calculate_token_grant_types
583
+ end
297
584
 
298
- # Determines what values are acceptable for 'response_type' param in
299
- # authorization request endpoint, and return them as an array of strings.
300
- #
585
+ # [NOTE]: deprecated and will be removed soon
586
+ def deprecated_authorization_flows
587
+ response_types = calculate_authorization_response_types
588
+
589
+ if response_types.any?
590
+ ::Kernel.warn <<~WARNING
591
+ Please, don't patch Doorkeeper::Config#calculate_authorization_response_types method.
592
+ Register your custom grant flows using the public API:
593
+ `Doorkeeper::GrantFlow.register(grant_flow_name, **options)`.
594
+ WARNING
595
+ end
596
+
597
+ response_types.map do |response_type|
598
+ Doorkeeper::GrantFlow::FallbackFlow.new(response_type, response_type_matches: response_type)
599
+ end
600
+ end
601
+
602
+ # [NOTE]: deprecated and will be removed soon
301
603
  def calculate_authorization_response_types
302
- types = []
303
- types << 'code' if grant_flows.include? 'authorization_code'
304
- types << 'token' if grant_flows.include? 'implicit'
305
- types
604
+ []
306
605
  end
307
606
 
308
- # Determines what values are acceptable for 'grant_type' param token
309
- # request endpoint, and return them in array.
310
- #
607
+ # [NOTE]: deprecated and will be removed soon
311
608
  def calculate_token_grant_types
312
- types = grant_flows - ['implicit']
313
- types << 'refresh_token' if refresh_token_enabled?
609
+ types = grant_flows - ["implicit"]
610
+ types << "refresh_token" if refresh_token_enabled?
314
611
  types
315
612
  end
613
+
614
+ # Calculates grant flows configured by the user in Doorkeeper
615
+ # configuration considering registered aliases that is exposed
616
+ # to single or multiple other flows.
617
+ #
618
+ def calculate_grant_flows
619
+ configured_flows = grant_flows.map(&:to_s)
620
+ aliases = Doorkeeper::GrantFlow.aliases.keys.map(&:to_s)
621
+
622
+ flows = configured_flows - aliases
623
+ aliases.each do |flow_alias|
624
+ next unless configured_flows.include?(flow_alias)
625
+
626
+ flows.concat(Doorkeeper::GrantFlow.expand_alias(flow_alias))
627
+ end
628
+
629
+ flows.flatten.uniq
630
+ end
631
+
632
+ def allow_blank_redirect_uri?(application = nil)
633
+ if allow_blank_redirect_uri.respond_to?(:call)
634
+ allow_blank_redirect_uri.call(grant_flows, application)
635
+ else
636
+ allow_blank_redirect_uri
637
+ end
638
+ end
639
+
640
+ def allow_grant_flow_for_client?(grant_flow, client)
641
+ return true unless option_defined?(:allow_grant_flow_for_client)
642
+
643
+ allow_grant_flow_for_client.call(grant_flow, client)
644
+ end
645
+
646
+ def option_defined?(name)
647
+ instance_variable_defined?("@#{name}")
648
+ end
649
+
650
+ private
651
+
652
+ # Helper to read boolearized configuration option
653
+ def option_set?(instance_key)
654
+ var = instance_variable_get("@#{instance_key}")
655
+ !!(defined?(var) && var)
656
+ end
657
+
658
+ def calculate_token_grant_flows
659
+ flows = enabled_grant_flows.select(&:handles_grant_type?)
660
+ flows << Doorkeeper::GrantFlow.get("refresh_token") if refresh_token_enabled?
661
+ flows
662
+ end
316
663
  end
317
664
  end