doorkeeper 5.1.0.rc2 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.hound.yml +2 -1
- data/.rubocop.yml +37 -4
- data/.travis.yml +4 -27
- data/Appraisals +8 -12
- data/Gemfile +6 -2
- data/NEWS.md +16 -0
- data/README.md +11 -2
- data/Rakefile +10 -8
- data/app/controllers/doorkeeper/application_controller.rb +1 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
- data/app/controllers/doorkeeper/applications_controller.rb +17 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/validators/redirect_uri_validator.rb +5 -2
- data/app/views/doorkeeper/applications/_form.html.erb +6 -0
- data/bin/console +5 -4
- data/config/locales/en.yml +1 -0
- data/doorkeeper.gemspec +24 -22
- data/gemfiles/rails_5_0.gemfile +2 -1
- data/gemfiles/rails_5_1.gemfile +2 -1
- data/gemfiles/rails_5_2.gemfile +2 -1
- data/gemfiles/rails_6_0.gemfile +1 -0
- data/gemfiles/rails_master.gemfile +1 -0
- data/lib/doorkeeper.rb +68 -66
- data/lib/doorkeeper/config.rb +53 -90
- data/lib/doorkeeper/config/option.rb +64 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
- data/lib/doorkeeper/grape/helpers.rb +3 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
- data/lib/doorkeeper/models/application_mixin.rb +1 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
- data/lib/doorkeeper/oauth.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/scopes.rb +5 -3
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
- data/lib/doorkeeper/oauth/token_response.rb +9 -9
- data/lib/doorkeeper/orm/active_record.rb +6 -6
- data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
- data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
- data/lib/doorkeeper/orm/active_record/application.rb +6 -5
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
- data/lib/doorkeeper/rails/helpers.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +11 -11
- data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
- data/lib/doorkeeper/rake.rb +1 -1
- data/lib/doorkeeper/rake/db.rake +13 -13
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/secret_storing/base.rb +7 -6
- data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
- data/lib/doorkeeper/secret_storing/plain.rb +4 -4
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
- data/lib/generators/doorkeeper/install_generator.rb +11 -9
- data/lib/generators/doorkeeper/migration_generator.rb +9 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
- data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
- data/lib/generators/doorkeeper/views_generator.rb +6 -4
- data/spec/controllers/application_metal_controller_spec.rb +10 -10
- data/spec/controllers/applications_controller_spec.rb +54 -52
- data/spec/controllers/authorizations_controller_spec.rb +136 -142
- data/spec/controllers/protected_resources_controller_spec.rb +78 -76
- data/spec/controllers/token_info_controller_spec.rb +13 -11
- data/spec/controllers/tokens_controller_spec.rb +109 -94
- data/spec/dummy/Rakefile +3 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/controllers/home_controller.rb +5 -3
- data/spec/dummy/app/controllers/metal_controller.rb +2 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +2 -0
- data/spec/dummy/config.ru +3 -1
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/environments/development.rb +2 -0
- data/spec/dummy/config/environments/production.rb +2 -0
- data/spec/dummy/config/environments/test.rb +3 -1
- data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
- data/spec/dummy/config/initializers/secret_token.rb +3 -1
- data/spec/dummy/config/initializers/session_store.rb +3 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
- data/spec/dummy/db/schema.rb +1 -1
- data/spec/dummy/script/rails +5 -3
- data/spec/factories.rb +5 -3
- data/spec/generators/application_owner_generator_spec.rb +13 -26
- data/spec/generators/confidential_applications_generator_spec.rb +12 -28
- data/spec/generators/install_generator_spec.rb +17 -15
- data/spec/generators/migration_generator_spec.rb +13 -26
- data/spec/generators/pkce_generator_spec.rb +11 -26
- data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
- data/spec/generators/templates/routes.rb +2 -0
- data/spec/generators/views_generator_spec.rb +14 -12
- data/spec/grape/grape_integration_spec.rb +34 -32
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
- data/spec/lib/config_spec.rb +137 -136
- data/spec/lib/doorkeeper_spec.rb +3 -1
- data/spec/lib/models/expirable_spec.rb +12 -10
- data/spec/lib/models/reusable_spec.rb +6 -6
- data/spec/lib/models/revocable_spec.rb +8 -6
- data/spec/lib/models/scopes_spec.rb +19 -17
- data/spec/lib/models/secret_storable_spec.rb +71 -49
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
- data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
- data/spec/lib/oauth/base_request_spec.rb +20 -8
- data/spec/lib/oauth/base_response_spec.rb +3 -1
- data/spec/lib/oauth/client/credentials_spec.rb +24 -22
- data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
- data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
- data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
- data/spec/lib/oauth/client_spec.rb +15 -13
- data/spec/lib/oauth/code_request_spec.rb +8 -6
- data/spec/lib/oauth/code_response_spec.rb +9 -7
- data/spec/lib/oauth/error_response_spec.rb +14 -12
- data/spec/lib/oauth/error_spec.rb +4 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
- data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
- data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
- data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
- data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
- data/spec/lib/oauth/scopes_spec.rb +63 -61
- data/spec/lib/oauth/token_request_spec.rb +66 -26
- data/spec/lib/oauth/token_response_spec.rb +39 -37
- data/spec/lib/oauth/token_spec.rb +51 -49
- data/spec/lib/request/strategy_spec.rb +3 -1
- data/spec/lib/secret_storing/base_spec.rb +23 -23
- data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
- data/spec/lib/secret_storing/plain_spec.rb +17 -17
- data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
- data/spec/lib/server_spec.rb +16 -14
- data/spec/lib/stale_records_cleaner_spec.rb +17 -17
- data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
- data/spec/models/doorkeeper/access_token_spec.rb +97 -95
- data/spec/models/doorkeeper/application_spec.rb +98 -57
- data/spec/requests/applications/applications_request_spec.rb +98 -66
- data/spec/requests/applications/authorized_applications_spec.rb +20 -18
- data/spec/requests/endpoints/authorization_spec.rb +25 -23
- data/spec/requests/endpoints/token_spec.rb +38 -36
- data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
- data/spec/requests/flows/authorization_code_spec.rb +161 -159
- data/spec/requests/flows/client_credentials_spec.rb +53 -51
- data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
- data/spec/requests/flows/implicit_grant_spec.rb +27 -25
- data/spec/requests/flows/password_spec.rb +56 -54
- data/spec/requests/flows/refresh_token_spec.rb +45 -43
- data/spec/requests/flows/revoke_token_spec.rb +29 -27
- data/spec/requests/flows/skip_authorization_spec.rb +23 -21
- data/spec/requests/protected_resources/metal_spec.rb +7 -5
- data/spec/requests/protected_resources/private_api_spec.rb +35 -33
- data/spec/routing/custom_controller_routes_spec.rb +67 -65
- data/spec/routing/default_routes_spec.rb +22 -20
- data/spec/routing/scoped_routes_spec.rb +20 -18
- data/spec/spec_helper.rb +14 -13
- data/spec/spec_helper_integration.rb +3 -1
- data/spec/support/dependencies/factory_bot.rb +3 -1
- data/spec/support/doorkeeper_rspec.rb +3 -1
- data/spec/support/helpers/access_token_request_helper.rb +3 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -2
- data/spec/support/helpers/config_helper.rb +2 -0
- data/spec/support/helpers/model_helper.rb +3 -1
- data/spec/support/helpers/request_spec_helper.rb +5 -3
- data/spec/support/helpers/url_helper.rb +9 -7
- data/spec/support/http_method_shim.rb +4 -9
- data/spec/support/orm/active_record.rb +3 -1
- data/spec/support/shared/controllers_shared_context.rb +18 -16
- data/spec/support/shared/hashing_shared_context.rb +3 -3
- data/spec/support/shared/models_shared_examples.rb +12 -10
- data/spec/validators/redirect_uri_validator_spec.rb +74 -45
- data/spec/version/version_spec.rb +7 -5
- metadata +12 -16
- data/gemfiles/rails_4_2.gemfile +0 -17
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
- data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14
@@ -50,7 +50,7 @@ module Doorkeeper
|
|
50
50
|
response_type: response_type,
|
51
51
|
scope: scope,
|
52
52
|
client_name: client.name,
|
53
|
-
status: I18n.t(
|
53
|
+
status: I18n.t("doorkeeper.pre_authorization.status"),
|
54
54
|
}
|
55
55
|
end
|
56
56
|
|
@@ -85,7 +85,7 @@ module Doorkeeper
|
|
85
85
|
end
|
86
86
|
|
87
87
|
def grant_type
|
88
|
-
response_type ==
|
88
|
+
response_type == "code" ? AUTHORIZATION_CODE : IMPLICIT
|
89
89
|
end
|
90
90
|
|
91
91
|
def validate_redirect_uri
|
@@ -98,7 +98,8 @@ module Doorkeeper
|
|
98
98
|
end
|
99
99
|
|
100
100
|
def validate_code_challenge_method
|
101
|
-
|
101
|
+
code_challenge.blank? ||
|
102
|
+
(code_challenge_method.present? && code_challenge_method =~ /^plain$|^S256$/)
|
102
103
|
end
|
103
104
|
end
|
104
105
|
end
|
@@ -58,7 +58,7 @@ module Doorkeeper
|
|
58
58
|
resource_owner_id: refresh_token.resource_owner_id,
|
59
59
|
scopes: scopes.to_s,
|
60
60
|
expires_in: access_token_expires_in,
|
61
|
-
use_refresh_token: true
|
61
|
+
use_refresh_token: true,
|
62
62
|
}.tap do |attributes|
|
63
63
|
if refresh_token_revoked_on_use?
|
64
64
|
attributes[:previous_refresh_token] = refresh_token.refresh_token
|
@@ -7,7 +7,7 @@ module Doorkeeper
|
|
7
7
|
include Comparable
|
8
8
|
|
9
9
|
def self.from_string(string)
|
10
|
-
string ||=
|
10
|
+
string ||= ""
|
11
11
|
new.tap do |scope|
|
12
12
|
scope.add(*string.split)
|
13
13
|
end
|
@@ -39,13 +39,15 @@ module Doorkeeper
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def to_s
|
42
|
-
@scopes.join(
|
42
|
+
@scopes.join(" ")
|
43
43
|
end
|
44
44
|
|
45
|
-
def
|
45
|
+
def scopes?(scopes)
|
46
46
|
scopes.all? { |scope| exists?(scope) }
|
47
47
|
end
|
48
48
|
|
49
|
+
alias has_scopes? scopes?
|
50
|
+
|
49
51
|
def +(other)
|
50
52
|
self.class.from_array(all + to_array(other))
|
51
53
|
end
|
@@ -55,11 +55,11 @@ module Doorkeeper
|
|
55
55
|
end
|
56
56
|
|
57
57
|
def token_from_header(header, pattern)
|
58
|
-
header.gsub pattern,
|
58
|
+
header.gsub pattern, ""
|
59
59
|
end
|
60
60
|
|
61
61
|
def match?(header, pattern)
|
62
|
-
header
|
62
|
+
header&.match(pattern)
|
63
63
|
end
|
64
64
|
end
|
65
65
|
end
|
@@ -30,7 +30,7 @@ module Doorkeeper
|
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
|
-
def to_json
|
33
|
+
def to_json(*)
|
34
34
|
active? ? success_response : failure_response
|
35
35
|
end
|
36
36
|
|
@@ -109,7 +109,7 @@ module Doorkeeper
|
|
109
109
|
#
|
110
110
|
def failure_response
|
111
111
|
{
|
112
|
-
active: false
|
112
|
+
active: false,
|
113
113
|
}
|
114
114
|
end
|
115
115
|
|
@@ -158,12 +158,12 @@ module Doorkeeper
|
|
158
158
|
|
159
159
|
# Token can be valid only if it is not expired or revoked.
|
160
160
|
def valid_token?
|
161
|
-
@token
|
161
|
+
@token&.accessible?
|
162
162
|
end
|
163
163
|
|
164
164
|
# RFC7662 Section 2.1
|
165
165
|
def authorized_token_matches_introspected?
|
166
|
-
authorized_token.token == @token
|
166
|
+
authorized_token.token == @token&.token
|
167
167
|
end
|
168
168
|
|
169
169
|
# If token doesn't belong to some client, then it is public.
|
@@ -11,12 +11,12 @@ module Doorkeeper
|
|
11
11
|
|
12
12
|
def body
|
13
13
|
{
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
14
|
+
"access_token" => token.plaintext_token,
|
15
|
+
"token_type" => token.token_type,
|
16
|
+
"expires_in" => token.expires_in_seconds,
|
17
|
+
"refresh_token" => token.plaintext_refresh_token,
|
18
|
+
"scope" => token.scopes_string,
|
19
|
+
"created_at" => token.created_at.to_i,
|
20
20
|
}.reject { |_, value| value.blank? }
|
21
21
|
end
|
22
22
|
|
@@ -26,9 +26,9 @@ module Doorkeeper
|
|
26
26
|
|
27
27
|
def headers
|
28
28
|
{
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
"Cache-Control" => "no-store",
|
30
|
+
"Pragma" => "no-cache",
|
31
|
+
"Content-Type" => "application/json; charset=utf-8",
|
32
32
|
}
|
33
33
|
end
|
34
34
|
end
|
@@ -1,17 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "active_support/lazy_load_hooks"
|
4
4
|
|
5
|
-
require
|
5
|
+
require "doorkeeper/orm/active_record/stale_records_cleaner"
|
6
6
|
|
7
7
|
module Doorkeeper
|
8
8
|
module Orm
|
9
9
|
module ActiveRecord
|
10
10
|
def self.initialize_models!
|
11
11
|
lazy_load do
|
12
|
-
require
|
13
|
-
require
|
14
|
-
require
|
12
|
+
require "doorkeeper/orm/active_record/access_grant"
|
13
|
+
require "doorkeeper/orm/active_record/access_token"
|
14
|
+
require "doorkeeper/orm/active_record/application"
|
15
15
|
|
16
16
|
if Doorkeeper.configuration.active_record_options[:establish_connection]
|
17
17
|
[Doorkeeper::AccessGrant, Doorkeeper::AccessToken, Doorkeeper::Application].each do |model|
|
@@ -24,7 +24,7 @@ module Doorkeeper
|
|
24
24
|
|
25
25
|
def self.initialize_application_owner!
|
26
26
|
lazy_load do
|
27
|
-
require
|
27
|
+
require "doorkeeper/models/concerns/ownership"
|
28
28
|
|
29
29
|
Doorkeeper::Application.send :include, Doorkeeper::Models::Ownership
|
30
30
|
end
|
@@ -1,20 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
class AccessGrant < ActiveRecord::Base
|
3
|
-
self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}"
|
5
|
+
self.table_name = "#{table_name_prefix}oauth_access_grants#{table_name_suffix}"
|
4
6
|
|
5
7
|
include AccessGrantMixin
|
6
|
-
include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
|
7
|
-
|
8
|
-
belongs_to_options = {
|
9
|
-
class_name: 'Doorkeeper::Application',
|
10
|
-
inverse_of: :access_grants
|
11
|
-
}
|
12
|
-
|
13
|
-
if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
|
14
|
-
belongs_to_options[:optional] = true
|
15
|
-
end
|
16
8
|
|
17
|
-
belongs_to :application,
|
9
|
+
belongs_to :application, class_name: "Doorkeeper::Application",
|
10
|
+
optional: true, inverse_of: :access_grants
|
18
11
|
|
19
12
|
validates :resource_owner_id,
|
20
13
|
:application_id,
|
@@ -1,20 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
class AccessToken < ActiveRecord::Base
|
3
|
-
self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}"
|
5
|
+
self.table_name = "#{table_name_prefix}oauth_access_tokens#{table_name_suffix}"
|
4
6
|
|
5
7
|
include AccessTokenMixin
|
6
|
-
include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
|
7
|
-
|
8
|
-
belongs_to_options = {
|
9
|
-
class_name: 'Doorkeeper::Application',
|
10
|
-
inverse_of: :access_tokens
|
11
|
-
}
|
12
|
-
|
13
|
-
if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
|
14
|
-
belongs_to_options[:optional] = true
|
15
|
-
end
|
16
8
|
|
17
|
-
belongs_to :application,
|
9
|
+
belongs_to :application, class_name: "Doorkeeper::Application",
|
10
|
+
inverse_of: :access_tokens, optional: true
|
18
11
|
|
19
12
|
validates :token, presence: true, uniqueness: true
|
20
13
|
validates :refresh_token, uniqueness: true, if: :use_refresh_token?
|
@@ -41,7 +34,7 @@ module Doorkeeper
|
|
41
34
|
end
|
42
35
|
|
43
36
|
def self.refresh_token_revoked_on_use?
|
44
|
-
column_names.include?(
|
37
|
+
column_names.include?("previous_refresh_token")
|
45
38
|
end
|
46
39
|
end
|
47
40
|
end
|
@@ -1,12 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
class Application < ActiveRecord::Base
|
3
|
-
self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}"
|
5
|
+
self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}"
|
4
6
|
|
5
7
|
include ApplicationMixin
|
6
|
-
include ActiveModel::MassAssignmentSecurity if defined?(::ProtectedAttributes)
|
7
8
|
|
8
|
-
has_many :access_grants, dependent: :delete_all, class_name:
|
9
|
-
has_many :access_tokens, dependent: :delete_all, class_name:
|
9
|
+
has_many :access_grants, dependent: :delete_all, class_name: "Doorkeeper::AccessGrant"
|
10
|
+
has_many :access_tokens, dependent: :delete_all, class_name: "Doorkeeper::AccessToken"
|
10
11
|
|
11
12
|
validates :name, :secret, :uid, presence: true
|
12
13
|
validates :uid, uniqueness: true
|
@@ -17,7 +18,7 @@ module Doorkeeper
|
|
17
18
|
|
18
19
|
before_validation :generate_uid, :generate_secret, on: :create
|
19
20
|
|
20
|
-
has_many :authorized_tokens, -> { where(revoked_at: nil) }, class_name:
|
21
|
+
has_many :authorized_tokens, -> { where(revoked_at: nil) }, class_name: "AccessToken"
|
21
22
|
has_many :authorized_applications, through: :authorized_tokens, source: :application
|
22
23
|
|
23
24
|
# Returns Applications associated with active (not revoked) Access Tokens
|
@@ -3,22 +3,29 @@
|
|
3
3
|
module Doorkeeper
|
4
4
|
module Orm
|
5
5
|
module ActiveRecord
|
6
|
+
# Helper class to clear stale and non-active tokens and grants.
|
7
|
+
# Used by Doorkeeper Rake tasks.
|
8
|
+
#
|
6
9
|
class StaleRecordsCleaner
|
7
10
|
def initialize(base_scope)
|
8
11
|
@base_scope = base_scope
|
9
12
|
end
|
10
13
|
|
14
|
+
# Clears revoked records
|
11
15
|
def clean_revoked
|
12
16
|
table = @base_scope.arel_table
|
17
|
+
|
13
18
|
@base_scope.where.not(revoked_at: nil)
|
14
|
-
|
15
|
-
|
19
|
+
.where(table[:revoked_at].lt(Time.current))
|
20
|
+
.in_batches(&:delete_all)
|
16
21
|
end
|
17
22
|
|
23
|
+
# Clears expired records
|
18
24
|
def clean_expired(ttl)
|
19
25
|
table = @base_scope.arel_table
|
26
|
+
|
20
27
|
@base_scope.where(table[:created_at].lt(Time.current - ttl))
|
21
|
-
|
28
|
+
.in_batches(&:delete_all)
|
22
29
|
end
|
23
30
|
end
|
24
31
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "doorkeeper/rails/routes/mapping"
|
4
|
+
require "doorkeeper/rails/routes/mapper"
|
5
5
|
|
6
6
|
module Doorkeeper
|
7
7
|
module Rails
|
@@ -32,7 +32,7 @@ module Doorkeeper
|
|
32
32
|
end
|
33
33
|
|
34
34
|
def generate_routes!(options)
|
35
|
-
routes.scope options[:scope] ||
|
35
|
+
routes.scope options[:scope] || "oauth", as: "oauth" do
|
36
36
|
map_route(:authorizations, :authorization_routes)
|
37
37
|
map_route(:tokens, :token_routes)
|
38
38
|
map_route(:tokens, :revoke_routes)
|
@@ -56,37 +56,37 @@ module Doorkeeper
|
|
56
56
|
def authorization_routes(mapping)
|
57
57
|
routes.resource(
|
58
58
|
:authorization,
|
59
|
-
path:
|
59
|
+
path: "authorize",
|
60
60
|
only: %i[create destroy],
|
61
61
|
as: mapping[:as],
|
62
62
|
controller: mapping[:controllers]
|
63
63
|
) do
|
64
|
-
routes.get
|
65
|
-
routes.get
|
64
|
+
routes.get "/native", action: :show, on: :member
|
65
|
+
routes.get "/", action: :new, on: :member
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
69
|
def token_routes(mapping)
|
70
70
|
routes.resource(
|
71
71
|
:token,
|
72
|
-
path:
|
72
|
+
path: "token",
|
73
73
|
only: [:create], as: mapping[:as],
|
74
74
|
controller: mapping[:controllers]
|
75
75
|
)
|
76
76
|
end
|
77
77
|
|
78
78
|
def revoke_routes(mapping)
|
79
|
-
routes.post
|
79
|
+
routes.post "revoke", controller: mapping[:controllers], action: :revoke
|
80
80
|
end
|
81
81
|
|
82
82
|
def introspect_routes(mapping)
|
83
|
-
routes.post
|
83
|
+
routes.post "introspect", controller: mapping[:controllers], action: :introspect
|
84
84
|
end
|
85
85
|
|
86
86
|
def token_info_routes(mapping)
|
87
87
|
routes.resource(
|
88
88
|
:token_info,
|
89
|
-
path:
|
89
|
+
path: "token/info",
|
90
90
|
only: [:show], as: mapping[:as],
|
91
91
|
controller: mapping[:controllers]
|
92
92
|
)
|
@@ -96,7 +96,7 @@ module Doorkeeper
|
|
96
96
|
routes.resources :doorkeeper_applications,
|
97
97
|
controller: mapping[:controllers],
|
98
98
|
as: :applications,
|
99
|
-
path:
|
99
|
+
path: "applications"
|
100
100
|
end
|
101
101
|
|
102
102
|
def authorized_applications_routes(mapping)
|
@@ -8,17 +8,17 @@ module Doorkeeper
|
|
8
8
|
|
9
9
|
def initialize
|
10
10
|
@controllers = {
|
11
|
-
authorizations:
|
12
|
-
applications:
|
13
|
-
authorized_applications:
|
14
|
-
tokens:
|
15
|
-
token_info:
|
11
|
+
authorizations: "doorkeeper/authorizations",
|
12
|
+
applications: "doorkeeper/applications",
|
13
|
+
authorized_applications: "doorkeeper/authorized_applications",
|
14
|
+
tokens: "doorkeeper/tokens",
|
15
|
+
token_info: "doorkeeper/token_info",
|
16
16
|
}
|
17
17
|
|
18
18
|
@as = {
|
19
19
|
authorizations: :authorization,
|
20
20
|
tokens: :token,
|
21
|
-
token_info: :token_info
|
21
|
+
token_info: :token_info,
|
22
22
|
}
|
23
23
|
|
24
24
|
@skips = []
|
@@ -27,7 +27,7 @@ module Doorkeeper
|
|
27
27
|
def [](routes)
|
28
28
|
{
|
29
29
|
controllers: @controllers[routes],
|
30
|
-
as: @as[routes]
|
30
|
+
as: @as[routes],
|
31
31
|
}
|
32
32
|
end
|
33
33
|
|
data/lib/doorkeeper/rake.rb
CHANGED
data/lib/doorkeeper/rake/db.rake
CHANGED
@@ -2,36 +2,36 @@
|
|
2
2
|
|
3
3
|
namespace :doorkeeper do
|
4
4
|
namespace :db do
|
5
|
-
desc
|
5
|
+
desc "Removes stale data from doorkeeper related database tables"
|
6
6
|
task cleanup: [
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
7
|
+
"doorkeeper:db:cleanup:revoked_tokens",
|
8
|
+
"doorkeeper:db:cleanup:expired_tokens",
|
9
|
+
"doorkeeper:db:cleanup:revoked_grants",
|
10
|
+
"doorkeeper:db:cleanup:expired_grants",
|
11
11
|
]
|
12
12
|
|
13
13
|
namespace :cleanup do
|
14
|
-
desc
|
15
|
-
task revoked_tokens:
|
14
|
+
desc "Removes stale access tokens"
|
15
|
+
task revoked_tokens: "doorkeeper:setup" do
|
16
16
|
cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessToken)
|
17
17
|
cleaner.clean_revoked
|
18
18
|
end
|
19
19
|
|
20
|
-
desc
|
21
|
-
task expired_tokens:
|
20
|
+
desc "Removes expired (TTL passed) access tokens"
|
21
|
+
task expired_tokens: "doorkeeper:setup" do
|
22
22
|
expirable_tokens = Doorkeeper::AccessToken.where(refresh_token: nil)
|
23
23
|
cleaner = Doorkeeper::StaleRecordsCleaner.new(expirable_tokens)
|
24
24
|
cleaner.clean_expired(Doorkeeper.configuration.access_token_expires_in)
|
25
25
|
end
|
26
26
|
|
27
|
-
desc
|
28
|
-
task revoked_grants:
|
27
|
+
desc "Removes stale access grants"
|
28
|
+
task revoked_grants: "doorkeeper:setup" do
|
29
29
|
cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
|
30
30
|
cleaner.clean_revoked
|
31
31
|
end
|
32
32
|
|
33
|
-
desc
|
34
|
-
task expired_grants:
|
33
|
+
desc "Removes expired (TTL passed) access grants"
|
34
|
+
task expired_grants: "doorkeeper:setup" do
|
35
35
|
cleaner = Doorkeeper::StaleRecordsCleaner.new(Doorkeeper::AccessGrant)
|
36
36
|
cleaner.clean_expired(Doorkeeper.configuration.authorization_code_expires_in)
|
37
37
|
end
|