doorkeeper 4.4.3 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8d8d3550d8406d4abb224c4960d1d6e8a0c4c706
-  data.tar.gz: b12408cb8b0dc2b14ee69b57798943b5c1bfaa30
+  metadata.gz: db3333346ca1b82cd7aa332bb1e43f8d979534c0
+  data.tar.gz: 12511ea5d14b0bba28fef47893cc925c9e45ebcd
 SHA512:
-  metadata.gz: 0674af950f6070d6457e09f73fc89736b092ae6595e484ca6e67e7f126912ea007509d9249fdc4eb01e66bf981c1e49da33712203d8428d10401a43faabd1cfd
-  data.tar.gz: e447513c202dfde4c622b898da2a98dff64272193136fe399b890bb97488e7915156a2588caa6de3566db411f4c7dfa89e88be3a8b8d0a76511251f2f980c382
+  metadata.gz: a5265ed62b206c4f9f117c3cbc8e6d905840636297a342ea952e5dfced01f7ce4bd6b59fc7efd6a4f0e6558475c566bf59ba4a793ef3f87942cf8935dde061ba
+  data.tar.gz: 18d2b90ae8e5f2e6e80f518fe0a251c49ba3187fda34c9213f14c0152f301dfd149d11db14dcd94a69bb8048352f8a945107c572cfb3fa03aeabc6d6383b706c

data/.gitignore

@@ -17,3 +17,4 @@ gemfiles/*.lock
 /doc/
 /rdoc/
 coverage
+*.gem

data/.gitlab-ci.yml

@@ -0,0 +1,16 @@
+dependency_scanning:
+  image: docker:stable
+  variables:
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
+  services:
+    - docker:stable-dind
+  script:
+    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
+    - docker run
+        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
+        --volume "$PWD:/code"
+        --volume /var/run/docker.sock:/var/run/docker.sock
+        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
+  artifacts:
+    paths: [gl-dependency-scanning-report.json]

data/.travis.yml

@@ -8,6 +8,7 @@ rvm:
   - 2.3
   - 2.4
   - 2.5
+  - ruby-2.6.0-preview1
 
 before_install:
   - gem update --system # Need for Ruby 2.5.0. https://github.com/travis-ci/travis-ci/issues/8978
@@ -21,6 +22,7 @@ gemfile:
   - gemfiles/rails_master.gemfile
 
 matrix:
+  fast_finish: true
   exclude:
     - gemfile: gemfiles/rails_5_0.gemfile
       rvm: 2.1

data/Appraisals

@@ -4,12 +4,12 @@ end
 
 appraise "rails-5-0" do
   gem "rails", "~> 5.0.0"
-  gem "rspec-rails", "~> 3.5"
+  gem "rspec-rails", "~> 3.7"
 end
 
 appraise "rails-5-1" do
   gem "rails", "~> 5.1.0"
-  gem "rspec-rails", "~> 3.5"
+  gem "rspec-rails", "~> 3.7"
 end
 
 appraise "rails-master" do

data/Gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "rails", "~> 5.1"
+gem "rails", "~> 5.2"
 
 gem "appraisal"
 

data/NEWS.md

@@ -1,24 +1,77 @@
 # News
 
+See https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions for
+upgrade guides.
+
 User-visible changes worth mentioning.
 
 ## master
 
-## 4.4.3
-- [#1143] Adds a config option opt_out_native_route_change to opt out of the
-  breaking api changed introduced in
-  https://github.com/doorkeeper-gem/doorkeeper/pull/1003
-
+- [#PR ID] Add PR description.
+
+## 5.0.0
+
+- [#1127] Change the token_type initials of the Banner Token to uppercase to comply with the RFC6750 specification.
+
+## 5.0.0.rc2
+
+- [#1106] Restrict access to AdminController with 'Forbidden 403' if admin_authenticator is not
+  configured by developers..
+- [#1108] Simple formating of callback URLs when listing oauth applications
+- [#1116] `AccessGrant`s will now be revoked along with `AccessToken`s when
+  hitting the `AuthorizedApplicationController#destroy` route.
+- [#1114] Make token info endpoint's attributes consistent with token creation
+- [#1119] Fix token revocation for OAuth apps using "implicit" grant flow
+- [#1122] Fix AuthorizationsController#new error response to be in JSON format
+
+## 5.0.0.rc1
+
+- [#1103] Allow customizing use_refresh_token
+- [#1089] Removed enable_pkce_without_secret configuration option
+- [#1102] Expiration time based on scopes
+- [#1099] All the configuration variables in `Doorkeeper.configuration` now
+  always return a non-nil value (`true` or `false`)
+- [#1099] ORM / Query optimization: Do not revoke the refresh token if it is not enabled
+  in `doorkeeper.rb`
+- [#996] Expiration Time Base On Grant Type
+- [#997] Allow PKCE authorization_code flow as specified in RFC7636
+- [#907] Fix lookup for matching tokens in certain edge-cases
+- [#992] Add API option to use Doorkeeper without management views for API only
+  Rails applications (`api_only`)
+- [#1045] Validate redirect_uri as the native URI when making authorization code requests
+- [#1048] Remove deprecated `Doorkeeper#configured?`, `Doorkeeper#database_installed?`, and
+  `Doorkeeper#installed?` method
+- [#1031] Allow public clients to authenticate without `client_secret`. Define an app as
+  either public or private/confidential
+- [#1010] Add configuration to enforce configured scopes (`default_scopes` and
+  `optional_scopes`) for applications
+- [#1060] Ensure that the native redirect_uri parameter matches with redirect_uri of the client
+- [#1064] Add :before_successful_authorization and :after_successful_authorization hooks
+- [#1069] Upgrade Bootstrap to 4 for Admin
+- [#1068] Add rake task to cleanup databases that can become large over time
+- [#1072] AuthorizationsController: Memoize strategy.authorize_response result to enable
+  subclasses to use the response object.
+- [#1075] Call `before_successful_authorization` and `after_successful_authorization` hooks
+  on `create` action as well as `new`
+- [#1082] Fix #916: remember routes mapping and use it required places (fix error with
+  customized Token Info route).
+- [#1086, #1088] Fix bug with receiving default scopes in the token even if they are
+  not present in the application scopes (use scopes intersection).
+- [#1076] Add config to enforce content type to application/x-www-form-urlencoded
+- Fix bug with `force_ssl_in_redirect_uri` when it breaks existing applications with an
+  SSL redirect_uri.
+  
 ## 4.4.2
-- [#1130] Backport fix for native redirect_uri from 5.x.
 
+- [#1130] Backport fix for native redirect_uri from 5.x.
+  
 ## 4.4.1
 
 - [#1127] Backport token type to comply with the RFC6750 specification.
 - [#1125] Backport Quote surround I18n yes/no keys
-
+  
 ## 4.4.0
-
+  
 - [#1120] Backport security fix from 5.x for token revocation when using public clients
 
 ## 4.3.2

data/README.md

@@ -1,14 +1,14 @@
-# Doorkeeper - awesome OAuth 2 provider for your Rails app.
+# Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
 
 [![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
 [![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
-[![Dependency Status](https://gemnasium.com/doorkeeper-gem/doorkeeper.svg?travis)](https://gemnasium.com/doorkeeper-gem/doorkeeper)
 [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
 [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=master)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=master)
 [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master)
+[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
 
-Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider
-functionality to your Rails or Grape application.
+Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider
+functionality to your Ruby on Rails or Grape application.
 
 Supported features:
 
@@ -19,6 +19,7 @@ Supported features:
   - [Implicit grant](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2)
   - [Resource Owner Password Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.3)
   - [Client Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.4)
+  - [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636)
 - [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
 - [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
 
@@ -27,7 +28,8 @@ Supported features:
 Please check the documentation for the version of doorkeeper you are using in:
 https://github.com/doorkeeper-gem/doorkeeper/releases
 
-- See the [wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
+- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
+- See [upgrade guides](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
 - For general questions, please post in [Stack Overflow](http://stackoverflow.com/questions/tagged/doorkeeper)
 - See [SECURITY.md](SECURITY.md) for this project's security disclose
   policy
@@ -44,9 +46,11 @@ https://github.com/doorkeeper-gem/doorkeeper/releases
     - [MongoDB](#mongodb)
     - [Sequel](#sequel)
     - [Couchbase](#couchbase)
+  - [API mode](#api-mode)
   - [Routes](#routes)
   - [Authenticating](#authenticating)
   - [Internationalization (I18n)](#internationalization-i18n)
+  - [Rake Tasks](#rake-tasks)
 - [Protecting resources with OAuth (a.k.a your API endpoint)](#protecting-resources-with-oauth-aka-your-api-endpoint)
   - [Ruby on Rails controllers](#ruby-on-rails-controllers)
   - [Grape endpoints](#grape-endpoints)
@@ -103,12 +107,26 @@ for each table that includes a `resource_owner_id` column:
 add_foreign_key :table_name, :users, column: :resource_owner_id
 ```
 
+If you want to enable [PKCE flow] for mobile apps, you need to generate another
+migration:
+
+[PKCE flow]: https://tools.ietf.org/html/rfc7636
+
+```sh
+    rails generate doorkeeper:pkce
+```
+
 Then run migrations:
 
 ```sh
 rake db:migrate
 ```
 
+Ensure to use non-confidential apps for pkce. PKCE is created, because
+you cannot trust its apps' secret. So whatever app needs pkce: it means, it cannot
+be a confidential app by design.
+
+
 Remember to add associations to your model so the related records are deleted.
 If you don't do this an `ActiveRecord::InvalidForeignKey`-error will be raised
 when you try to destroy a model with related access grants or access tokens.
@@ -146,6 +164,24 @@ Use [doorkeeper-couchbase] extension if you are using Couchbase database.
 
 [doorkeeper-couchbase]: https://github.com/acaprojects/doorkeeper-couchbase
 
+### API mode
+
+By default Doorkeeper uses full Rails stack to provide all the OAuth 2 functionality
+with additional features like administration area for managing applications. By the
+way, starting from Doorkeeper 5 you can use API mode for your [API only Rails 5 applications](http://edgeguides.rubyonrails.org/api_app.html).
+All you need is just to configure the gem to work in desired mode:
+
+``` ruby
+Doorkeeper.configure do
+  # ...
+
+  api_only
+end
+```
+
+Keep in mind, that in this mode you will not be able to access `Applications` or
+`Authorized Applications` controllers because they will be skipped. CSRF protections (which are otherwise enabled) will be skipped, and all the redirects will be returned as JSON response with corresponding locations.
+
 ### Routes
 
 The installation script will also automatically add the Doorkeeper routes into
@@ -198,7 +234,36 @@ You may want to check other ways of authentication
 
 ### Internationalization (I18n)
 
-See language files in [the I18n repository](https://github.com/doorkeeper-gem/doorkeeper-i18n).
+Doorkeeper support multiple languages. See language files in
+[the I18n repository](https://github.com/doorkeeper-gem/doorkeeper-i18n).
+
+### Rake Tasks
+
+If you are using `rake`, you can load rake tasks provided by this gem, by adding
+the following line to your `Rakefile`:
+
+```ruby
+Doorkeeper::Rake.load_tasks
+```
+
+#### Cleaning up
+
+By default Doorkeeper is retaining expired and revoked access tokens and grants.
+This allows to keep an audit log of those records, but it also leads to the
+corresponding tables to grow large over the lifetime of your application.
+
+If you are concerned about those tables growing too large,
+you can regularly run the following rake task to remove stale entries
+from the database:
+
+```rake
+rake doorkeeper:db:cleanup
+```
+
+Note that this will remove tokens that are expired according to the configured TTL
+in `Doorkeeper.configuration.access_token_expires_in`. The specific `expires_in`
+value of each access token **is not considered**. The same is true for access
+grants.
 
 ## Protecting resources with OAuth (a.k.a your API endpoint)
 
@@ -210,7 +275,9 @@ protect. For example:
 
 ``` ruby
 class Api::V1::ProductsController < Api::V1::ApiController
-  before_action :doorkeeper_authorize! # Require access token for all actions
+  before_action :doorkeeper_authorize! # Requires access token for all actions
+  
+  # before_action -> { doorkeeper_authorize! :read, :write }
 
   # your actions
 end
@@ -399,6 +466,22 @@ customize the controller used by the list or skip the controller all together.
 For more information see the page
 [in the wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
 
+By default, everybody can create application with any scopes. However,
+you can enforce users to create applications only with configured scopes
+(`default_scopes` and `optional_scopes` from the Doorkeeper initializer):
+
+```ruby
+# config/initializers/doorkeeper.rb
+Doorkeeper.configure do
+  # ...
+
+  default_scopes :read, :write
+  optional_scopes :create, :update
+
+  enforce_configured_scopes
+end
+```
+
 ## Other customizations
 
 - [Associate users to OAuth applications (ownership)](https://github.com/doorkeeper-gem/doorkeeper/wiki/Associate-users-to-OAuth-applications-%28ownership%29)
@@ -412,7 +495,7 @@ Doorkeeper 4.3.0 it uses [ActiveSupport lazy loading hooks](http://api.rubyonrai
 to load models. There are [known issue](https://github.com/doorkeeper-gem/doorkeeper/issues/1043)
 with the `factory_bot_rails` gem (it executes factories building before `ActiveRecord::Base`
 is initialized using hooks in gem railtie, so you can catch a `uninitialized constant` error).
-It is recommended to use pure `factory_bot` gem to solve this problem. 
+It is recommended to use pure `factory_bot` gem to solve this problem.
 
 ## Upgrading
 
@@ -429,7 +512,7 @@ To run the local engine server:
 
 ```
 bundle install
-bundle exec rails server
+bundle exec rake doorkeeper:server
 ````
 
 By default, it uses the latest Rails version with ActiveRecord. To run the

data/Rakefile

@@ -15,6 +15,12 @@ namespace :doorkeeper do
     cd 'spec/dummy'
     system 'bundle exec rails g doorkeeper:install --force'
   end
+
+  desc 'Runs local test server'
+  task :server do
+    cd 'spec/dummy'
+    system 'bundle exec rails server'
+  end
 end
 
 Bundler::GemHelper.install_tasks

data/UPGRADE.md

@@ -0,0 +1,2 @@
+See [Upgrade Guides](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
+in the project Wiki.

data/app/assets/stylesheets/doorkeeper/admin/application.css

@@ -5,6 +5,6 @@
  *= require_tree .
 */
 
-td {
-  vertical-align: middle !important;
+.doorkeeper-admin .form-group > .field_with_errors {
+  width: 16.66667%;
 }

data/app/controllers/doorkeeper/application_controller.rb

@@ -4,8 +4,9 @@ module Doorkeeper
 
     include Helpers::Controller
 
-    protect_from_forgery with: :exception
-
-    helper 'doorkeeper/dashboard'
+    unless Doorkeeper.configuration.api_only
+      protect_from_forgery with: :exception
+      helper 'doorkeeper/dashboard'
+    end
   end
 end

data/app/controllers/doorkeeper/application_metal_controller.rb

@@ -5,6 +5,7 @@ module Doorkeeper
       AbstractController::Rendering,
       ActionController::Rendering,
       ActionController::Renderers::All,
+      AbstractController::Callbacks,
       Helpers::Controller
     ].freeze
 
@@ -12,6 +13,9 @@ module Doorkeeper
       include mod
     end
 
+    before_action :enforce_content_type,
+                  if: -> { Doorkeeper.configuration.enforce_content_type }
+
     ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
   end
 end

data/app/controllers/doorkeeper/applications_controller.rb

@@ -1,24 +1,25 @@
 module Doorkeeper
   class ApplicationsController < Doorkeeper::ApplicationController
-    layout 'doorkeeper/admin'
+    layout 'doorkeeper/admin' unless Doorkeeper.configuration.api_only
 
     before_action :authenticate_admin!
-    before_action :set_application, only: [:show, :edit, :update, :destroy]
+    before_action :set_application, only: %i[show edit update destroy]
 
     def index
-      @applications = if Application.respond_to?(:ordered_by)
-                        Application.ordered_by(:created_at)
-                      else
-                        ActiveSupport::Deprecation.warn <<-MSG.squish
-                          Doorkeeper #{Doorkeeper.configuration.orm} extension must implement #ordered_by
-                          method for it's models as it will be used by default in Doorkeeper 5.
-                        MSG
-
-                        Application.all
-                      end
+      @applications = Application.ordered_by(:created_at)
+
+      respond_to do |format|
+        format.html
+        format.json { head :no_content }
+      end
     end
 
-    def show; end
+    def show
+      respond_to do |format|
+        format.html
+        format.json { render json: @application }
+      end
+    end
 
     def new
       @application = Application.new
@@ -26,28 +27,47 @@ module Doorkeeper
 
     def create
       @application = Application.new(application_params)
+
       if @application.save
-        flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
-        redirect_to oauth_application_url(@application)
+        flash[:notice] = I18n.t(:notice, scope: %i[doorkeeper flash applications create])
+
+        respond_to do |format|
+          format.html { redirect_to oauth_application_url(@application) }
+          format.json { render json: @application }
+        end
       else
-        render :new
+        respond_to do |format|
+          format.html { render :new }
+          format.json { render json: { errors: @application.errors.full_messages }, status: :unprocessable_entity }
+        end
       end
     end
 
     def edit; end
 
     def update
-      if @application.update_attributes(application_params)
-        flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :update])
-        redirect_to oauth_application_url(@application)
+      if @application.update(application_params)
+        flash[:notice] = I18n.t(:notice, scope: %i[doorkeeper flash applications update])
+
+        respond_to do |format|
+          format.html { redirect_to oauth_application_url(@application) }
+          format.json { render json: @application }
+        end
       else
-        render :edit
+        respond_to do |format|
+          format.html { render :edit }
+          format.json { render json: { errors: @application.errors.full_messages }, status: :unprocessable_entity }
+        end
       end
     end
 
     def destroy
-      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy]) if @application.destroy
-      redirect_to oauth_applications_url
+      flash[:notice] = I18n.t(:notice, scope: %i[doorkeeper flash applications destroy]) if @application.destroy
+
+      respond_to do |format|
+        format.html { redirect_to oauth_applications_url }
+        format.json { head :no_content }
+      end
     end
 
     private

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -4,20 +4,15 @@ module Doorkeeper
 
     def new
       if pre_auth.authorizable?
-        if skip_authorization? || matching_token?
-          auth = authorization.authorize
-          redirect_to auth.redirect_uri
-        else
-          render :new
-        end
+        render_success
       else
-        render :error
+        render_error
       end
     end
 
     # TODO: Handle raise invalid authorization
     def create
-      redirect_or_render authorization.authorize
+      redirect_or_render authorize_response
     end
 
     def destroy
@@ -26,15 +21,45 @@ module Doorkeeper
 
     private
 
+    def render_success
+      if skip_authorization? || matching_token?
+        redirect_or_render authorize_response
+      elsif Doorkeeper.configuration.api_only
+        render json: pre_auth
+      else
+        render :new
+      end
+    end
+
+    def render_error
+      if Doorkeeper.configuration.api_only
+        render json: pre_auth.error_response.body,
+               status: :bad_request
+      else
+        render :error
+      end
+    end
+
     def matching_token?
-      AccessToken.matching_token_for pre_auth.client,
-                                     current_resource_owner.id,
-                                     pre_auth.scopes
+      token = AccessToken.matching_token_for(
+        pre_auth.client,
+        current_resource_owner.id,
+        pre_auth.scopes
+      )
+
+      token && token.accessible?
     end
 
     def redirect_or_render(auth)
       if auth.redirectable?
-        redirect_to auth.redirect_uri
+        if Doorkeeper.configuration.api_only
+          render(
+            json: { status: :redirect, redirect_uri: auth.redirect_uri },
+            status: auth.status
+          )
+        else
+          redirect_to auth.redirect_uri
+        end
       else
         render json: auth.body, status: auth.status
       end
@@ -53,5 +78,23 @@ module Doorkeeper
     def strategy
       @strategy ||= server.authorization_request pre_auth.response_type
     end
+
+    def authorize_response
+      @authorize_response ||= begin
+        authorizable = pre_auth.authorizable?
+        before_successful_authorization if authorizable
+        auth = strategy.authorize
+        after_successful_authorization if authorizable
+        auth
+      end
+    end
+
+    def after_successful_authorization
+      Doorkeeper.configuration.after_successful_authorization.call(self)
+    end
+
+    def before_successful_authorization
+      Doorkeeper.configuration.before_successful_authorization.call(self)
+    end
   end
 end

data/app/controllers/doorkeeper/authorized_applications_controller.rb

@@ -4,11 +4,28 @@ module Doorkeeper
 
     def index
       @applications = Application.authorized_for(current_resource_owner)
+
+      respond_to do |format|
+        format.html
+        format.json { render json: @applications }
+      end
     end
 
     def destroy
-      AccessToken.revoke_all_for params[:id], current_resource_owner
-      redirect_to oauth_authorized_applications_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy])
+      Application.revoke_tokens_and_grants_for(
+        params[:id],
+        current_resource_owner
+      )
+
+      respond_to do |format|
+        format.html do
+          redirect_to oauth_authorized_applications_url, notice: I18n.t(
+            :notice, scope: %i[doorkeeper flash authorized_applications destroy]
+          )
+        end
+
+        format.json { render :no_content }
+      end
     end
   end
 end

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -17,9 +17,7 @@ module Doorkeeper
       # Doorkeeper does not use the token_type_hint logic described in the
       # RFC 7009 due to the refresh token implementation that is a field in
       # the access token model.
-      if authorized?
-        revoke_token
-      end
+      revoke_token if authorized?
 
       # The authorization server responds with HTTP status code 200 if the token
       # has been revoked successfully or if the client submitted an invalid
@@ -71,9 +69,7 @@ module Doorkeeper
     end
 
     def revoke_token
-      if token.accessible?
-        token.revoke
-      end
+      token.revoke if token.accessible?
     end
 
     def token