doorkeeper 5.1.0.rc2 → 5.1.0

data/lib/doorkeeper/oauth/invalid_token_response.rb

@@ -43,7 +43,7 @@ module Doorkeeper
         {
           expired: Doorkeeper::Errors::TokenExpired,
           revoked: Doorkeeper::Errors::TokenRevoked,
-          unknown: Doorkeeper::Errors::TokenUnknown
+          unknown: Doorkeeper::Errors::TokenUnknown,
         }
       end
     end

data/lib/doorkeeper/oauth/pre_authorization.rb

@@ -50,7 +50,7 @@ module Doorkeeper
           response_type: response_type,
           scope: scope,
           client_name: client.name,
-          status: I18n.t('doorkeeper.pre_authorization.status')
+          status: I18n.t("doorkeeper.pre_authorization.status"),
         }
       end
 
@@ -85,7 +85,7 @@ module Doorkeeper
       end
 
       def grant_type
-        response_type == 'code' ? AUTHORIZATION_CODE : IMPLICIT
+        response_type == "code" ? AUTHORIZATION_CODE : IMPLICIT
       end
 
       def validate_redirect_uri
@@ -98,7 +98,8 @@ module Doorkeeper
       end
 
       def validate_code_challenge_method
-        !code_challenge.present? || (code_challenge_method.present? && code_challenge_method =~ /^plain$|^S256$/)
+        code_challenge.blank? ||
+          (code_challenge_method.present? && code_challenge_method =~ /^plain$|^S256$/)
       end
     end
   end

data/lib/doorkeeper/oauth/refresh_token_request.rb

@@ -58,7 +58,7 @@ module Doorkeeper
           resource_owner_id: refresh_token.resource_owner_id,
           scopes: scopes.to_s,
           expires_in: access_token_expires_in,
-          use_refresh_token: true
+          use_refresh_token: true,
         }.tap do |attributes|
           if refresh_token_revoked_on_use?
             attributes[:previous_refresh_token] = refresh_token.refresh_token

data/lib/doorkeeper/oauth/scopes.rb

@@ -7,7 +7,7 @@ module Doorkeeper
       include Comparable
 
       def self.from_string(string)
-        string ||= ''
+        string ||= ""
         new.tap do |scope|
           scope.add(*string.split)
         end
@@ -39,13 +39,15 @@ module Doorkeeper
       end
 
       def to_s
-        @scopes.join(' ')
+        @scopes.join(" ")
       end
 
-      def has_scopes?(scopes)
+      def scopes?(scopes)
         scopes.all? { |scope| exists?(scope) }
       end
 
+      alias has_scopes? scopes?
+
       def +(other)
         self.class.from_array(all + to_array(other))
       end

data/lib/doorkeeper/oauth/token.rb

@@ -55,11 +55,11 @@ module Doorkeeper
         end
 
         def token_from_header(header, pattern)
-          header.gsub pattern, ''
+          header.gsub pattern, ""
         end
 
         def match?(header, pattern)
-          header && header.match(pattern)
+          header&.match(pattern)
         end
       end
     end

data/lib/doorkeeper/oauth/token_introspection.rb

@@ -30,7 +30,7 @@ module Doorkeeper
         end
       end
 
-      def to_json
+      def to_json(*)
         active? ? success_response : failure_response
       end
 
@@ -109,7 +109,7 @@ module Doorkeeper
       #
       def failure_response
         {
-          active: false
+          active: false,
         }
       end
 
@@ -158,12 +158,12 @@ module Doorkeeper
 
       # Token can be valid only if it is not expired or revoked.
       def valid_token?
-        @token && @token.accessible?
+        @token&.accessible?
       end
 
       # RFC7662 Section 2.1
       def authorized_token_matches_introspected?
-        authorized_token.token == @token.token
+        authorized_token.token == @token&.token
       end
 
       # If token doesn't belong to some client, then it is public.

data/lib/doorkeeper/oauth/token_response.rb

@@ -11,12 +11,12 @@ module Doorkeeper
 
       def body
         {
-          'access_token'  => token.plaintext_token,
-          'token_type'    => token.token_type,
-          'expires_in'    => token.expires_in_seconds,
-          'refresh_token' => token.plaintext_refresh_token,
-          'scope'         => token.scopes_string,
-          'created_at'    => token.created_at.to_i
+          "access_token" => token.plaintext_token,
+          "token_type" => token.token_type,
+          "expires_in" => token.expires_in_seconds,
+          "refresh_token" => token.plaintext_refresh_token,
+          "scope" => token.scopes_string,
+          "created_at" => token.created_at.to_i,
         }.reject { |_, value| value.blank? }
       end
 
@@ -26,9 +26,9 @@ module Doorkeeper
 
       def headers
         {
-          'Cache-Control' => 'no-store',
-          'Pragma' => 'no-cache',
-          'Content-Type' => 'application/json; charset=utf-8'
+          "Cache-Control" => "no-store",
+          "Pragma" => "no-cache",
+          "Content-Type" => "application/json; charset=utf-8",
         }
       end
     end

data/lib/doorkeeper/orm/active_record.rb

@@ -1,17 +1,17 @@
 # frozen_string_literal: true
 
-require 'active_support/lazy_load_hooks'
+require "active_support/lazy_load_hooks"
 
-require 'doorkeeper/orm/active_record/stale_records_cleaner'
+require "doorkeeper/orm/active_record/stale_records_cleaner"
 
 module Doorkeeper
   module Orm
     module ActiveRecord
       def self.initialize_models!
         lazy_load do
-          require 'doorkeeper/orm/active_record/access_grant'
-          require 'doorkeeper/orm/active_record/access_token'
-          require 'doorkeeper/orm/active_record/application'
+          require "doorkeeper/orm/active_record/access_grant"
+          require "doorkeeper/orm/active_record/access_token"
+          require "doorkeeper/orm/active_record/application"
 
           if Doorkeeper.configuration.active_record_options[:establish_connection]
             [Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application].each do |model|
@@ -24,7 +24,7 @@ module Doorkeeper
 
       def self.initialize_application_owner!
         lazy_load do
-          require 'doorkeeper/models/concerns/ownership'
+          require "doorkeeper/models/concerns/ownership"
 
           Doorkeeper::Application.send :include, Doorkeeper::Models::Ownership
         end

data/lib/doorkeeper/orm/active_record/access_grant.rb

@@ -1,20 +1,13 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   class AccessGrant < ActiveRecord::Base
-    self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}".to_sym
+    self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}"
 
     include AccessGrantMixin
-    include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
-
-    belongs_to_options = {
-      class_name: 'Doorkeeper::Application',
-      inverse_of: :access_grants
-    }
-
-    if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
-      belongs_to_options[:optional] = true
-    end
 
-    belongs_to :application, belongs_to_options
+    belongs_to :application, class_name: "Doorkeeper::Application",
+                             optional: true, inverse_of: :access_grants
 
     validates :resource_owner_id,
               :application_id,

data/lib/doorkeeper/orm/active_record/access_token.rb

@@ -1,20 +1,13 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   class AccessToken < ActiveRecord::Base
-    self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}".to_sym
+    self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}"
 
     include AccessTokenMixin
-    include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
-
-    belongs_to_options = {
-      class_name: 'Doorkeeper::Application',
-      inverse_of: :access_tokens
-    }
-
-    if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
-      belongs_to_options[:optional] = true
-    end
 
-    belongs_to :application, belongs_to_options
+    belongs_to :application, class_name: "Doorkeeper::Application",
+                             inverse_of: :access_tokens, optional: true
 
     validates :token, presence: true, uniqueness: true
     validates :refresh_token, uniqueness: true, if: :use_refresh_token?
@@ -41,7 +34,7 @@ module Doorkeeper
     end
 
     def self.refresh_token_revoked_on_use?
-      column_names.include?('previous_refresh_token')
+      column_names.include?("previous_refresh_token")
     end
   end
 end

data/lib/doorkeeper/orm/active_record/application.rb

@@ -1,12 +1,13 @@
+# frozen_string_literal: true
+
 module Doorkeeper
   class Application < ActiveRecord::Base
-    self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}".to_sym
+    self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}"
 
     include ApplicationMixin
-    include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
 
-    has_many :access_grants, dependent: :delete_all, class_name: 'Doorkeeper::AccessGrant'
-    has_many :access_tokens, dependent: :delete_all, class_name: 'Doorkeeper::AccessToken'
+    has_many :access_grants, dependent: :delete_all, class_name: "Doorkeeper::AccessGrant"
+    has_many :access_tokens, dependent: :delete_all, class_name: "Doorkeeper::AccessToken"
 
     validates :name, :secret, :uid, presence: true
     validates :uid, uniqueness: true
@@ -17,7 +18,7 @@ module Doorkeeper
 
     before_validation :generate_uid, :generate_secret, on: :create
 
-    has_many :authorized_tokens, -> { where(revoked_at: nil) }, class_name: 'AccessToken'
+    has_many :authorized_tokens, -> { where(revoked_at: nil) }, class_name: "AccessToken"
     has_many :authorized_applications, through: :authorized_tokens, source: :application
 
     # Returns Applications associated with active (not revoked) Access Tokens

data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb

@@ -3,22 +3,29 @@
 module Doorkeeper
   module Orm
     module ActiveRecord
+      # Helper class to clear stale and non-active tokens and grants.
+      # Used by Doorkeeper Rake tasks.
+      #
       class StaleRecordsCleaner
         def initialize(base_scope)
           @base_scope = base_scope
         end
 
+        # Clears revoked records
         def clean_revoked
           table = @base_scope.arel_table
+
           @base_scope.where.not(revoked_at: nil)
-                     .where(table[:revoked_at].lt(Time.current))
-                     .delete_all
+            .where(table[:revoked_at].lt(Time.current))
+            .in_batches(&:delete_all)
         end
 
+        # Clears expired records
         def clean_expired(ttl)
           table = @base_scope.arel_table
+
           @base_scope.where(table[:created_at].lt(Time.current - ttl))
-                     .delete_all
+            .in_batches(&:delete_all)
         end
       end
     end

data/lib/doorkeeper/rails/helpers.rb

@@ -14,7 +14,7 @@ module Doorkeeper
       def doorkeeper_forbidden_render_options(**); end
 
       def valid_doorkeeper_token?
-        doorkeeper_token && doorkeeper_token.acceptable?(@_doorkeeper_scopes)
+        doorkeeper_token&.acceptable?(@_doorkeeper_scopes)
       end
 
       private

data/lib/doorkeeper/rails/routes.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'doorkeeper/rails/routes/mapping'
-require 'doorkeeper/rails/routes/mapper'
+require "doorkeeper/rails/routes/mapping"
+require "doorkeeper/rails/routes/mapper"
 
 module Doorkeeper
   module Rails
@@ -32,7 +32,7 @@ module Doorkeeper
       end
 
       def generate_routes!(options)
-        routes.scope options[:scope] || 'oauth', as: 'oauth' do
+        routes.scope options[:scope] || "oauth", as: "oauth" do
           map_route(:authorizations, :authorization_routes)
           map_route(:tokens, :token_routes)
           map_route(:tokens, :revoke_routes)
@@ -56,37 +56,37 @@ module Doorkeeper
       def authorization_routes(mapping)
         routes.resource(
           :authorization,
-          path: 'authorize',
+          path: "authorize",
           only: %i[create destroy],
           as: mapping[:as],
           controller: mapping[:controllers]
         ) do
-          routes.get '/native', action: :show, on: :member
-          routes.get '/', action: :new, on: :member
+          routes.get "/native", action: :show, on: :member
+          routes.get "/", action: :new, on: :member
         end
       end
 
       def token_routes(mapping)
         routes.resource(
           :token,
-          path: 'token',
+          path: "token",
           only: [:create], as: mapping[:as],
           controller: mapping[:controllers]
         )
       end
 
       def revoke_routes(mapping)
-        routes.post 'revoke', controller: mapping[:controllers], action: :revoke
+        routes.post "revoke", controller: mapping[:controllers], action: :revoke
       end
 
       def introspect_routes(mapping)
-        routes.post 'introspect', controller: mapping[:controllers], action: :introspect
+        routes.post "introspect", controller: mapping[:controllers], action: :introspect
       end
 
       def token_info_routes(mapping)
         routes.resource(
           :token_info,
-          path: 'token/info',
+          path: "token/info",
           only: [:show], as: mapping[:as],
           controller: mapping[:controllers]
         )
@@ -96,7 +96,7 @@ module Doorkeeper
         routes.resources :doorkeeper_applications,
                          controller: mapping[:controllers],
                          as: :applications,
-                         path: 'applications'
+                         path: "applications"
       end
 
       def authorized_applications_routes(mapping)

data/lib/doorkeeper/rails/routes/mapping.rb

@@ -8,17 +8,17 @@ module Doorkeeper
 
         def initialize
           @controllers = {
-            authorizations: 'doorkeeper/authorizations',
-            applications: 'doorkeeper/applications',
-            authorized_applications: 'doorkeeper/authorized_applications',
-            tokens: 'doorkeeper/tokens',
-            token_info: 'doorkeeper/token_info'
+            authorizations: "doorkeeper/authorizations",
+            applications: "doorkeeper/applications",
+            authorized_applications: "doorkeeper/authorized_applications",
+            tokens: "doorkeeper/tokens",
+            token_info: "doorkeeper/token_info",
           }
 
           @as = {
             authorizations: :authorization,
             tokens: :token,
-            token_info: :token_info
+            token_info: :token_info,
           }
 
           @skips = []
@@ -27,7 +27,7 @@ module Doorkeeper
         def [](routes)
           {
             controllers: @controllers[routes],
-            as: @as[routes]
+            as: @as[routes],
           }
         end
 

data/lib/doorkeeper/rake.rb

@@ -4,7 +4,7 @@ module Doorkeeper
   module Rake
     class << self
       def load_tasks
-        glob = File.join(File.absolute_path(__dir__), 'rake', '*.rake')
+        glob = File.join(File.absolute_path(__dir__), "rake", "*.rake")
         Dir[glob].each do |rake_file|
           load rake_file
         end

data/lib/doorkeeper/rake/db.rake

@@ -2,36 +2,36 @@
 
 namespace :doorkeeper do
   namespace :db do
-    desc 'Removes stale data from doorkeeper related database tables'
+    desc "Removes stale data from doorkeeper related database tables"
     task cleanup: [
-      'doorkeeper:db:cleanup:revoked_tokens',
-      'doorkeeper:db:cleanup:expired_tokens',
-      'doorkeeper:db:cleanup:revoked_grants',
-      'doorkeeper:db:cleanup:expired_grants'
+      "doorkeeper:db:cleanup:revoked_tokens",
+      "doorkeeper:db:cleanup:expired_tokens",
+      "doorkeeper:db:cleanup:revoked_grants",
+      "doorkeeper:db:cleanup:expired_grants",
     ]
 
     namespace :cleanup do
-      desc 'Removes stale access tokens'
-      task revoked_tokens: 'doorkeeper:setup' do
+      desc "Removes stale access tokens"
+      task revoked_tokens: "doorkeeper:setup" do
         cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessToken)
         cleaner.clean_revoked
       end
 
-      desc 'Removes expired (TTL passed) access tokens'
-      task expired_tokens: 'doorkeeper:setup' do
+      desc "Removes expired (TTL passed) access tokens"
+      task expired_tokens: "doorkeeper:setup" do
         expirable_tokens = Doorkeeper::AccessToken.where(refresh_token: nil)
         cleaner = Doorkeeper::StaleRecordsCleaner.new(expirable_tokens)
         cleaner.clean_expired(Doorkeeper.configuration.access_token_expires_in)
       end
 
-      desc 'Removes stale access grants'
-      task revoked_grants: 'doorkeeper:setup' do
+      desc "Removes stale access grants"
+      task revoked_grants: "doorkeeper:setup" do
         cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
         cleaner.clean_revoked
       end
 
-      desc 'Removes expired (TTL passed) access grants'
-      task expired_grants: 'doorkeeper:setup' do
+      desc "Removes expired (TTL passed) access grants"
+      task expired_grants: "doorkeeper:setup" do
         cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
         cleaner.clean_expired(Doorkeeper.configuration.authorization_code_expires_in)
       end