doorkeeper 5.0.0 → 5.0.1

data/lib/doorkeeper/rails/routes/mapper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Rails
     class Routes # :nodoc:

data/lib/doorkeeper/rails/routes/mapping.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Rails
     class Routes # :nodoc:

data/lib/doorkeeper/rake/db.rake

@@ -13,26 +13,26 @@ namespace :doorkeeper do
     namespace :cleanup do
       desc 'Removes stale access tokens'
       task revoked_tokens: 'doorkeeper:setup' do
-        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(Doorkeeper::AccessToken)
+        cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessToken)
         cleaner.clean_revoked
       end
 
       desc 'Removes expired (TTL passed) access tokens'
       task expired_tokens: 'doorkeeper:setup' do
         expirable_tokens = Doorkeeper::AccessToken.where(refresh_token: nil)
-        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(expirable_tokens)
+        cleaner = Doorkeeper::StaleRecordsCleaner.new(expirable_tokens)
         cleaner.clean_expired(Doorkeeper.configuration.access_token_expires_in)
       end
 
       desc 'Removes stale access grants'
       task revoked_grants: 'doorkeeper:setup' do
-        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
+        cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
         cleaner.clean_revoked
       end
 
       desc 'Removes expired (TTL passed) access grants'
       task expired_grants: 'doorkeeper:setup' do
-        cleaner = Doorkeeper::Orm::ActiveRecord::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
+        cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
         cleaner.clean_expired(Doorkeeper.configuration.authorization_code_expires_in)
       end
     end

data/lib/doorkeeper/request.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class << self

data/lib/doorkeeper/request/authorization_code.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class AuthorizationCode < Strategy

data/lib/doorkeeper/request/client_credentials.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class ClientCredentials < Strategy

data/lib/doorkeeper/request/code.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class Code < Strategy

data/lib/doorkeeper/request/password.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class Password < Strategy

data/lib/doorkeeper/request/refresh_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class RefreshToken < Strategy

data/lib/doorkeeper/request/strategy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class Strategy

data/lib/doorkeeper/request/token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Request
     class Token < Strategy

data/lib/doorkeeper/server.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   class Server
     attr_accessor :context

data/lib/doorkeeper/stale_records_cleaner.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class StaleRecordsCleaner
+    CLEANER_CLASS = 'StaleRecordsCleaner'.freeze
+
+    def self.for(base_scope)
+      orm_adapter = "doorkeeper/orm/#{Doorkeeper.configuration.orm}".classify
+
+      orm_cleaner = "#{orm_adapter}::#{CLEANER_CLASS}".constantize
+      orm_cleaner.new(base_scope)
+    rescue NameError
+      raise Doorkeeper::Errors::NoOrmCleaner, "'#{Doorkeeper.configuration.orm}' ORM has no cleaner!"
+    end
+
+    def self.new(base_scope)
+      self.for(base_scope)
+    end
+  end
+end

data/lib/doorkeeper/validations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   module Validations
     extend ActiveSupport::Concern

data/lib/doorkeeper/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   def self.gem_version
     Gem::Version.new VERSION::STRING
@@ -7,7 +9,7 @@ module Doorkeeper
     # Semantic versioning
     MAJOR = 5
     MINOR = 0
-    TINY = 0
+    TINY = 1
     PRE = nil
 
     # Full version number

data/lib/generators/doorkeeper/templates/initializer.rb

@@ -68,7 +68,11 @@ Doorkeeper.configure do
   #
   # base_controller 'ApplicationController'
 
-  # Reuse access token for the same resource owner within an application (disabled by default)
+  # Reuse access token for the same resource owner within an application (disabled by default).
+  #
+  # This option protects your application from creating new tokens before old valid one becomes
+  # expired so your database doesn't bloat. Keep in mind that when this option is `on` Doorkeeper
+  # doesn't updates existing token expiration time, it will create a new token instead.
   # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
   #
   # reuse_access_token
@@ -121,7 +125,8 @@ Doorkeeper.configure do
   # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
 
   # Change the native redirect uri for client apps
-  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # When clients register with the following redirect uri, they won't be redirected to any server and
+  # the authorizationcode will be displayed within the provider
   # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
   # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
   #
@@ -147,6 +152,19 @@ Doorkeeper.configure do
   #
   # forbid_redirect_uri { |uri| uri.scheme.to_s.downcase == 'javascript' }
 
+  # Specify how authorization errors should be handled.
+  # By default, doorkeeper renders json errors when access token
+  # is invalid, expired, revoked or has invalid scopes.
+  #
+  # If you want to render error response yourself (i.e. rescue exceptions),
+  # set  handle_auth_errors to `:raise` and rescue Doorkeeper::Errors::InvalidToken
+  # or following specific errors:
+  #
+  #   Doorkeeper::Errors::TokenForbidden, Doorkeeper::Errors::TokenExpired,
+  #   Doorkeeper::Errors::TokenRevoked, Doorkeeper::Errors::TokenUnknown
+  #
+  # handle_auth_errors = :raise
+
   # Specify what grant flows are enabled in array of Strings. The valid
   # strings and the flows they enable are:
   #

data/lib/generators/doorkeeper/templates/migration.rb.erb

@@ -13,7 +13,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
     add_index :oauth_applications, :uid, unique: true
 
     create_table :oauth_access_grants do |t|
-      t.integer  :resource_owner_id, null: false
+      t.references :resource_owner,  null: false
       t.references :application,     null: false
       t.string   :token,             null: false
       t.integer  :expires_in,        null: false
@@ -31,7 +31,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
     )
 
     create_table :oauth_access_tokens do |t|
-      t.integer  :resource_owner_id
+      t.references :resource_owner
       t.references :application
 
       # If you use a custom token generator you may need to change this column

data/spec/controllers/applications_controller_spec.rb

@@ -13,12 +13,12 @@ module Doorkeeper
       it 'creates an application' do
         expect do
           post :create, params: {
-             doorkeeper_application: {
-               name: 'Example',
-               redirect_uri: 'https://example.com'
-             }, format: :json
-           }
-        end.to change { Doorkeeper::Application.count }
+            doorkeeper_application: {
+              name: 'Example',
+              redirect_uri: 'https://example.com'
+            }, format: :json
+          }
+        end.to(change { Doorkeeper::Application.count })
 
         expect(response).to be_successful
 
@@ -31,11 +31,11 @@ module Doorkeeper
       it 'returns validation errors on wrong create params' do
         expect do
           post :create, params: {
-             doorkeeper_application: {
-               name: 'Example'
-             }, format: :json
-           }
-        end.not_to change { Doorkeeper::Application.count }
+            doorkeeper_application: {
+              name: 'Example'
+            }, format: :json
+          }
+        end.not_to(change { Doorkeeper::Application.count })
 
         expect(response).to have_http_status(422)
 
@@ -108,14 +108,13 @@ module Doorkeeper
 
       it 'does not create application' do
         expect do
-          post :create,
-               params: {
-                 doorkeeper_application: {
-                   name: 'Example',
-                   redirect_uri: 'https://example.com'
-                 }
-               }
-        end.not_to change { Doorkeeper::Application.count }
+          post :create, params: {
+            doorkeeper_application: {
+              name: 'Example',
+              redirect_uri: 'https://example.com'
+            }
+          }
+        end.not_to(change { Doorkeeper::Application.count })
       end
     end
 
@@ -139,13 +138,12 @@ module Doorkeeper
 
       it 'creates application' do
         expect do
-          post :create,
-               params: {
-                 doorkeeper_application: {
-                   name: 'Example',
-                   redirect_uri: 'https://example.com'
-                 }
-               }
+          post :create, params: {
+            doorkeeper_application: {
+              name: 'Example',
+              redirect_uri: 'https://example.com'
+            }
+          }
         end.to change { Doorkeeper::Application.count }.by(1)
 
         expect(response).to be_redirect
@@ -153,27 +151,25 @@ module Doorkeeper
 
       it 'does not allow mass assignment of uid or secret' do
         application = FactoryBot.create(:application)
-        put :update,
-            params: {
-              id: application.id,
-              doorkeeper_application: {
-                uid: '1A2B3C4D',
-                secret: '1A2B3C4D'
-              }
-            }
+        put :update, params: {
+          id: application.id,
+          doorkeeper_application: {
+            uid: '1A2B3C4D',
+            secret: '1A2B3C4D'
+          }
+        }
 
         expect(application.reload.uid).not_to eq '1A2B3C4D'
       end
 
       it 'updates application' do
         application = FactoryBot.create(:application)
-        put :update,
-            params: {
-              id: application.id, doorkeeper_application: {
-                name: 'Example',
-                redirect_uri: 'https://example.com'
-              }
-            }
+        put :update, params: {
+          id: application.id, doorkeeper_application: {
+            name: 'Example',
+            redirect_uri: 'https://example.com'
+          }
+        }
 
         expect(application.reload.name).to eq 'Example'
       end

data/spec/controllers/authorizations_controller_spec.rb

@@ -49,7 +49,7 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
 
     it 'redirects to client redirect uri' do
-      expect(response.location).to match(%r{^#{client.redirect_uri}})
+      expect(response.location).to match(/^#{client.redirect_uri}/)
     end
 
     it 'includes access token in fragment' do
@@ -114,7 +114,13 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   describe 'POST #create with errors' do
     before do
       default_scopes_exist :public
-      post :create, params: { client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri }
+
+      post :create, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        scope: 'invalid',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     it 'redirects after authorization' do
@@ -146,7 +152,13 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     before do
       allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
       default_scopes_exist :public
-      post :create, params: { client_id: client.uid, response_type: 'token', scope: 'invalid', redirect_uri: client.redirect_uri }
+
+      post :create, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        scope: 'invalid',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     let(:response_json_body) { JSON.parse(response.body) }
@@ -182,7 +194,12 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
 
       access_token.save!
-      post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+
+      post :create, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     it 'returns the existing access token in a fragment' do
@@ -201,15 +218,21 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
 
     describe 'when successful' do
       after do
-        post :create, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+        post :create, params: {
+          client_id: client.uid,
+          response_type: 'token',
+          redirect_uri: client.redirect_uri
+        }
       end
 
       it 'should call :before_successful_authorization callback' do
-        expect(Doorkeeper.configuration).to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
       end
 
       it 'should call :after_successful_authorization callback' do
-        expect(Doorkeeper.configuration).to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
       end
     end
 
@@ -233,13 +256,19 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
+
       client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
-      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     it 'should redirect immediately' do
       expect(response).to be_redirect
-      expect(response.location).to match(/oauth\/token\/info\?access_token=/)
+      expect(response.location).to match(%r{/oauth/token/info\?access_token=})
     end
 
     it 'should not issue a grant' do
@@ -257,13 +286,20 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
+
       client.update_attribute :redirect_uri, 'urn:ietf:wg:oauth:2.0:oob'
-      get :new, params: { client_id: client.uid, response_type: 'code', redirect_uri: client.redirect_uri }
+
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'code',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     it 'should redirect immediately' do
       expect(response).to be_redirect
-      expect(response.location).to match(/oauth\/authorize\/native\?code=#{Doorkeeper::AccessGrant.first.token}/)
+      expect(response.location)
+        .to match(%r{/oauth/authorize/native\?code=#{Doorkeeper::AccessGrant.first.token}})
     end
 
     it 'should issue a grant' do
@@ -280,12 +316,17 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc do
         true
       end)
-      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     it 'should redirect immediately' do
       expect(response).to be_redirect
-      expect(response.location).to match(%r{^#{client.redirect_uri}})
+      expect(response.location).to match(/^#{client.redirect_uri}/)
     end
 
     it 'should issue a token' do
@@ -312,7 +353,12 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
   describe 'GET #new in API mode' do
     before do
       allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
-      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     it 'should render success' do
@@ -337,7 +383,11 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       allow(Doorkeeper.configuration).to receive(:skip_authorization).and_return(proc { true })
       allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
 
-      get :new, params: { client_id: client.uid, response_type: 'token', redirect_uri: client.redirect_uri }
+      get :new, params: {
+        client_id: client.uid,
+        response_type: 'token',
+        redirect_uri: client.redirect_uri
+      }
     end
 
     it 'should render success' do
@@ -405,7 +455,8 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
     end
 
     it 'includes error description in body' do
-      expect(response_json_body['error_description']).to eq(translated_error_message(:unsupported_response_type))
+      expect(response_json_body['error_description'])
+        .to eq(translated_error_message(:unsupported_response_type))
     end
 
     it 'does not issue any token' do
@@ -426,11 +477,13 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
       end
 
       it 'should call :before_successful_authorization callback' do
-        expect(Doorkeeper.configuration).to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:before_successful_authorization, :call).with(instance_of(described_class))
       end
 
       it 'should call :after_successful_authorization callback' do
-        expect(Doorkeeper.configuration).to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
+        expect(Doorkeeper.configuration)
+          .to receive_message_chain(:after_successful_authorization, :call).with(instance_of(described_class))
       end
     end