doorkeeper 4.4.0 → 5.6.6

data/.rubocop.yml

@@ -1,17 +0,0 @@
-AllCops:
-  Exclude:
-    - "spec/dummy/db/*"
-
-Metrics/BlockLength:
-  Exclude:
-    - spec/**/*
-
-LineLength:
-  Exclude:
-    - spec/**/*
-
-StringLiterals:
-  Enabled: false
-
-TrailingBlankLines:
-  Enabled: true

data/.travis.yml

@@ -1,38 +0,0 @@
-cache: bundler
-language: ruby
-sudo: false
-
-rvm:
-  - 2.1
-  - 2.2
-  - 2.3
-  - 2.4
-  - 2.5
-
-before_install:
-  - gem update --system # Need for Ruby 2.5.0. https://github.com/travis-ci/travis-ci/issues/8978
-  - gem install bundler -v '~> 1.10'
-
-gemfile:
-  - gemfiles/rails_4_2.gemfile
-  - gemfiles/rails_5_0.gemfile
-  - gemfiles/rails_5_1.gemfile
-  - gemfiles/rails_5_2.gemfile
-  - gemfiles/rails_master.gemfile
-
-matrix:
-  exclude:
-    - gemfile: gemfiles/rails_5_0.gemfile
-      rvm: 2.1
-    - gemfile: gemfiles/rails_5_1.gemfile
-      rvm: 2.1
-    - gemfile: gemfiles/rails_5_2.gemfile
-      rvm: 2.1
-    - gemfile: gemfiles/rails_master.gemfile
-      rvm: 2.1
-    - gemfile: gemfiles/rails_master.gemfile
-      rvm: 2.2
-    - gemfile: gemfiles/rails_master.gemfile
-      rvm: 2.3
-  allow_failures:
-    - gemfile: gemfiles/rails_master.gemfile

data/Appraisals

@@ -1,18 +0,0 @@
-appraise "rails-4-2" do
-  gem "rails", "~> 4.2.0"
-end
-
-appraise "rails-5-0" do
-  gem "rails", "~> 5.0.0"
-  gem "rspec-rails", "~> 3.5"
-end
-
-appraise "rails-5-1" do
-  gem "rails", "~> 5.1.0"
-  gem "rspec-rails", "~> 3.5"
-end
-
-appraise "rails-master" do
-  gem "rails", git: 'https://github.com/rails/rails'
-  gem "arel", git: 'https://github.com/rails/arel'
-end

data/CODE_OF_CONDUCT.md

@@ -1,46 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team members or current maintainer email, specified in gemspec. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

data/CONTRIBUTING.md

@@ -1,47 +0,0 @@
-# Contributing
-
-We love pull requests from everyone. By participating in this project, you agree
-to abide by the thoughtbot [code of conduct].
-
-[code of conduct]: https://thoughtbot.com/open-source-code-of-conduct
-
-Fork, then clone the repo:
-
-    git clone git@github.com:your-username/doorkeeper.git
-
-Set up Ruby dependencies via Bundler
-
-    bundle install
-
-Make sure the tests pass:
-
-    rake
-
-Make your change.
-Write tests.
-Follow our [style guide][style].
-Make the tests pass:
-
-[style]: https://github.com/thoughtbot/guides/tree/master/style
-
-    rake
-
-Add notes on your change to the `NEWS.md` file.
-
-Write a [good commit message][commit].
-Push to your fork.
-[Submit a pull request][pr].
-
-[commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
-[pr]: https://github.com/doorkeeper-gem/doorkeeper/compare/
-
-If [Hound] catches style violations,
-fix them.
-
-[hound]: https://houndci.com
-
-Wait for us.
-We try to at least comment on pull requests within one business day.
-We may suggest changes.
-
-Thank you for your contribution!

data/Gemfile

@@ -1,10 +0,0 @@
-source "https://rubygems.org"
-
-gem "rails", "~> 5.1"
-
-gem "appraisal"
-
-gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
-gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
-gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw]
-gemspec

data/RELEASING.md

@@ -1,10 +0,0 @@
-# Releasing doorkeeper
-
-How to release doorkeeper in five easy steps!
-
-1. Update `lib/doorkeeper/version.rb` file accordingly.
-2. Update `NEWS.md` to reflect the changes since last release.
-3. Commit changes: `git commit -am 'Bump to vVERSION'`
-4. Run `rake release`
-5. Announce the new release, making sure to say “thank you” to the contributors
-   who helped shape this version!

data/Rakefile

@@ -1,20 +0,0 @@
-require 'bundler/setup'
-require 'rspec/core/rake_task'
-
-desc 'Default: run specs.'
-task default: :spec
-
-desc "Run all specs"
-RSpec::Core::RakeTask.new(:spec) do |config|
-  config.verbose = false
-end
-
-namespace :doorkeeper do
-  desc "Install doorkeeper in dummy app"
-  task :install do
-    cd 'spec/dummy'
-    system 'bundle exec rails g doorkeeper:install --force'
-  end
-end
-
-Bundler::GemHelper.install_tasks

data/SECURITY.md

@@ -1,15 +0,0 @@
-# Reporting security issues in Doorkeeper
-
-Hello! Thank you for wanting to disclose a possible security
-vulnerability within the Doorkeeper gem! Please follow our disclosure
-policy as outlined below:
-
-1. Do NOT open up a GitHub issue with your report. Security reports
-   should be kept private until a possible fix is determined.
-2. Send an email to Nikita Bulai at bulaj.nikita AT gmail.com or one of
-   the others Doorkeeper maintainers listed in gemspec. You should receive
-   a prompt response.
-3. Be patient. Since Doorkeeper is in a stable maintenance phase, we want to
-   do as little as possible to rock the boat of the project.
-
-Thank you very much for adhering for these policies!

data/app/validators/redirect_uri_validator.rb

@@ -1,44 +0,0 @@
-require 'uri'
-
-class RedirectUriValidator < ActiveModel::EachValidator
-  def self.native_redirect_uri
-    Doorkeeper.configuration.native_redirect_uri
-  end
-
-  def validate_each(record, attribute, value)
-    if value.blank?
-      record.errors.add(attribute, :blank)
-    else
-      value.split.each do |val|
-        uri = ::URI.parse(val)
-        next if native_redirect_uri?(uri)
-        record.errors.add(attribute, :forbidden_uri) if forbidden_uri?(uri)
-        record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
-        record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
-        record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
-      end
-    end
-  rescue URI::InvalidURIError
-    record.errors.add(attribute, :invalid_uri)
-  end
-
-  private
-
-  def native_redirect_uri?(uri)
-    self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
-  end
-
-  def forbidden_uri?(uri)
-    Doorkeeper.configuration.forbid_redirect_uri.call(uri)
-  end
-
-  def invalid_ssl_uri?(uri)
-    forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
-
-    if forces_ssl.respond_to?(:call)
-      forces_ssl.call(uri)
-    else
-      forces_ssl && uri.try(:scheme) == 'http'
-    end
-  end
-end

data/doorkeeper.gemspec

@@ -1,32 +0,0 @@
-$LOAD_PATH.push File.expand_path("../lib", __FILE__)
-
-require "doorkeeper/version"
-
-Gem::Specification.new do |s|
-  s.name        = "doorkeeper"
-  s.version     = Doorkeeper.gem_version
-  s.authors     = ["Felipe Elias Philipp", "Tute Costa", "Jon Moss", "Nikita Bulai"]
-  s.email       = %w(bulaj.nikita@gmail.com)
-  s.homepage    = "https://github.com/doorkeeper-gem/doorkeeper"
-  s.summary     = "OAuth 2 provider for Rails and Grape"
-  s.description = "Doorkeeper is an OAuth 2 provider for Rails and Grape."
-  s.license     = 'MIT'
-
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- spec/*`.split("\n")
-  s.require_paths = ["lib"]
-
-  s.add_dependency "railties", ">= 4.2"
-  s.required_ruby_version = ">= 2.1"
-
-  s.add_development_dependency "capybara"
-  s.add_development_dependency "coveralls"
-  s.add_development_dependency "grape"
-  s.add_development_dependency "database_cleaner", "~> 1.6"
-  s.add_development_dependency "factory_bot", "~> 4.8"
-  s.add_development_dependency "generator_spec", "~> 0.9.3"
-  s.add_development_dependency "rake", ">= 11.3.0"
-  s.add_development_dependency "rspec-rails"
-
-  s.post_install_message = Doorkeeper::CVE_2018_1000211_WARNING
-end

data/gemfiles/rails_4_2.gemfile

@@ -1,13 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 4.2.0"
-gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
-gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
-# Older Grape requires Ruby >= 2.2.2
-gem "grape", '~> 0.16', '< 0.19.2'
-
-gemspec path: "../"

data/gemfiles/rails_5_0.gemfile

@@ -1,12 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.0.0"
-gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
-gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
-gem "rspec-rails", "~> 3.5"
-
-gemspec path: "../"

data/gemfiles/rails_5_1.gemfile

@@ -1,12 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.1.0"
-gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
-gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
-gem "rspec-rails", "~> 3.7"
-
-gemspec path: "../"

data/gemfiles/rails_5_2.gemfile

@@ -1,12 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "5.2.0.rc1"
-gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
-gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
-gem "rspec-rails", "~> 3.7"
-
-gemspec path: "../"

data/gemfiles/rails_master.gemfile

@@ -1,14 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", git: 'https://github.com/rails/rails'
-gem "arel", git: 'https://github.com/rails/arel'
-
-gem "appraisal"
-gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
-gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
-gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
-gem "rspec-rails", "~> 3.7"
-
-gemspec path: "../"

data/lib/doorkeeper/oauth/client_credentials/validation.rb

@@ -1,45 +0,0 @@
-require 'doorkeeper/validations'
-require 'doorkeeper/oauth/scopes'
-require 'doorkeeper/oauth/helpers/scope_checker'
-
-module Doorkeeper
-  module OAuth
-    class ClientCredentialsRequest < BaseRequest
-      class Validation
-        include Validations
-        include OAuth::Helpers
-
-        validate :client, error: :invalid_client
-        validate :scopes, error: :invalid_scope
-
-        def initialize(server, request)
-          @server, @request, @client = server, request, request.client
-
-          validate
-        end
-
-        private
-
-        def validate_client
-          @client.present?
-        end
-
-        def validate_scopes
-          return true unless @request.scopes.present?
-
-          application_scopes = if @client.present?
-                                 @client.application.scopes
-                               else
-                                 ''
-                               end
-
-          ScopeChecker.valid?(
-            @request.scopes.to_s,
-            @server.scopes,
-            application_scopes
-          )
-        end
-      end
-    end
-  end
-end

data/lib/generators/doorkeeper/add_client_confidentiality_generator.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails/generators/active_record'
-
-module Doorkeeper
-  class AddClientConfidentialityGenerator < ::Rails::Generators::Base
-    include ::Rails::Generators::Migration
-    source_root File.expand_path('templates', __dir__)
-    desc 'Adds a migration to fix CVE-2018-1000211.'
-
-    def install
-      migration_template(
-        'add_confidential_to_application_migration.rb.erb',
-        'db/migrate/add_confidential_to_doorkeeper_application.rb',
-        migration_version: migration_version
-      )
-    end
-
-    def self.next_migration_number(dirname)
-      ::ActiveRecord::Generators::Base.next_migration_number(dirname)
-    end
-
-    private
-
-    def migration_version
-      if ::ActiveRecord::VERSION::MAJOR >= 5
-        "[#{::ActiveRecord::VERSION::MAJOR}.#{::ActiveRecord::VERSION::MINOR}]"
-      end
-    end
-  end
-end

data/lib/generators/doorkeeper/templates/add_confidential_to_application_migration.rb.erb

@@ -1,11 +0,0 @@
-class AddConfidentialToDoorkeeperApplication < ActiveRecord::Migration<%= migration_version %>
-  def change
-    add_column(
-      :oauth_applications,
-      :confidential,
-      :boolean,
-      null: false,
-      default: true # maintaining backwards compatibility: require secrets
-    )
-  end
-end

data/spec/controllers/application_metal_controller.rb

@@ -1,10 +0,0 @@
-require "spec_helper_integration"
-
-describe Doorkeeper::ApplicationMetalController do
-  it "lazy run hooks" do
-    i = 0
-    ActiveSupport.on_load(:doorkeeper_metal_controller) { i += 1 }
-
-    expect(i).to eq 1
-  end
-end

data/spec/controllers/applications_controller_spec.rb

@@ -1,69 +0,0 @@
-require 'spec_helper_integration'
-
-module Doorkeeper
-  describe ApplicationsController do
-    context 'when admin is not authenticated' do
-      before do
-        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(proc do
-          redirect_to main_app.root_url
-        end)
-      end
-
-      it 'redirects as set in Doorkeeper.authenticate_admin' do
-        get :index
-        expect(response).to redirect_to(controller.main_app.root_url)
-      end
-
-      it 'does not create application' do
-        expect do
-          post :create, doorkeeper_application: {
-            name: 'Example',
-            redirect_uri: 'https://example.com' }
-        end.not_to change { Doorkeeper::Application.count }
-      end
-    end
-
-    context 'when admin is authenticated' do
-      render_views
-
-      before do
-        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
-      end
-
-      it 'sorts applications by created_at' do
-        first_application = FactoryBot.create(:application)
-        second_application = FactoryBot.create(:application)
-        expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
-        get :index
-        expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
-        expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
-      end
-
-      it 'creates application' do
-        expect do
-          post :create, doorkeeper_application: {
-            name: 'Example',
-            redirect_uri: 'https://example.com' }
-        end.to change { Doorkeeper::Application.count }.by(1)
-        expect(response).to be_redirect
-      end
-
-      it 'does not allow mass assignment of uid or secret' do
-        application = FactoryBot.create(:application)
-        put :update, id: application.id, doorkeeper_application: {
-          uid: '1A2B3C4D',
-          secret: '1A2B3C4D' }
-
-        expect(application.reload.uid).not_to eq '1A2B3C4D'
-      end
-
-      it 'updates application' do
-        application = FactoryBot.create(:application)
-        put :update, id: application.id, doorkeeper_application: {
-          name: 'Example',
-          redirect_uri: 'https://example.com' }
-        expect(application.reload.name).to eq 'Example'
-      end
-    end
-  end
-end