doorkeeper 5.1.0.rc2 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.hound.yml +2 -1
- data/.rubocop.yml +37 -4
- data/.travis.yml +4 -27
- data/Appraisals +8 -12
- data/Gemfile +6 -2
- data/NEWS.md +16 -0
- data/README.md +11 -2
- data/Rakefile +10 -8
- data/app/controllers/doorkeeper/application_controller.rb +1 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -13
- data/app/controllers/doorkeeper/applications_controller.rb +17 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +1 -1
- data/app/controllers/doorkeeper/tokens_controller.rb +7 -7
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/validators/redirect_uri_validator.rb +5 -2
- data/app/views/doorkeeper/applications/_form.html.erb +6 -0
- data/bin/console +5 -4
- data/config/locales/en.yml +1 -0
- data/doorkeeper.gemspec +24 -22
- data/gemfiles/rails_5_0.gemfile +2 -1
- data/gemfiles/rails_5_1.gemfile +2 -1
- data/gemfiles/rails_5_2.gemfile +2 -1
- data/gemfiles/rails_6_0.gemfile +1 -0
- data/gemfiles/rails_master.gemfile +1 -0
- data/lib/doorkeeper.rb +68 -66
- data/lib/doorkeeper/config.rb +53 -90
- data/lib/doorkeeper/config/option.rb +64 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grape/authorization_decorator.rb +4 -4
- data/lib/doorkeeper/grape/helpers.rb +3 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +4 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +10 -10
- data/lib/doorkeeper/models/application_mixin.rb +1 -0
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -6
- data/lib/doorkeeper/models/concerns/revocable.rb +2 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +2 -0
- data/lib/doorkeeper/oauth.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -3
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +5 -5
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +6 -2
- data/lib/doorkeeper/oauth/invalid_token_response.rb +1 -1
- data/lib/doorkeeper/oauth/pre_authorization.rb +4 -3
- data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
- data/lib/doorkeeper/oauth/scopes.rb +5 -3
- data/lib/doorkeeper/oauth/token.rb +2 -2
- data/lib/doorkeeper/oauth/token_introspection.rb +4 -4
- data/lib/doorkeeper/oauth/token_response.rb +9 -9
- data/lib/doorkeeper/orm/active_record.rb +6 -6
- data/lib/doorkeeper/orm/active_record/access_grant.rb +5 -12
- data/lib/doorkeeper/orm/active_record/access_token.rb +6 -13
- data/lib/doorkeeper/orm/active_record/application.rb +6 -5
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +10 -3
- data/lib/doorkeeper/rails/helpers.rb +1 -1
- data/lib/doorkeeper/rails/routes.rb +11 -11
- data/lib/doorkeeper/rails/routes/mapping.rb +7 -7
- data/lib/doorkeeper/rake.rb +1 -1
- data/lib/doorkeeper/rake/db.rake +13 -13
- data/lib/doorkeeper/request.rb +1 -1
- data/lib/doorkeeper/secret_storing/base.rb +7 -6
- data/lib/doorkeeper/secret_storing/bcrypt.rb +4 -3
- data/lib/doorkeeper/secret_storing/plain.rb +4 -4
- data/lib/doorkeeper/secret_storing/sha256_hash.rb +3 -2
- data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/generators/doorkeeper/application_owner_generator.rb +10 -9
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +10 -9
- data/lib/generators/doorkeeper/install_generator.rb +11 -9
- data/lib/generators/doorkeeper/migration_generator.rb +9 -9
- data/lib/generators/doorkeeper/pkce_generator.rb +10 -9
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +10 -9
- data/lib/generators/doorkeeper/templates/initializer.rb +30 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +15 -7
- data/lib/generators/doorkeeper/views_generator.rb +6 -4
- data/spec/controllers/application_metal_controller_spec.rb +10 -10
- data/spec/controllers/applications_controller_spec.rb +54 -52
- data/spec/controllers/authorizations_controller_spec.rb +136 -142
- data/spec/controllers/protected_resources_controller_spec.rb +78 -76
- data/spec/controllers/token_info_controller_spec.rb +13 -11
- data/spec/controllers/tokens_controller_spec.rb +109 -94
- data/spec/dummy/Rakefile +3 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +2 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/controllers/home_controller.rb +5 -3
- data/spec/dummy/app/controllers/metal_controller.rb +2 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +4 -2
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/user.rb +2 -0
- data/spec/dummy/config.ru +3 -1
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/environments/development.rb +2 -0
- data/spec/dummy/config/environments/production.rb +2 -0
- data/spec/dummy/config/environments/test.rb +3 -1
- data/spec/dummy/config/initializers/backtrace_silencers.rb +2 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -2
- data/spec/dummy/config/initializers/secret_token.rb +3 -1
- data/spec/dummy/config/initializers/session_store.rb +3 -1
- data/spec/dummy/config/initializers/wrap_parameters.rb +2 -0
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +17 -10
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +2 -0
- data/spec/dummy/db/schema.rb +1 -1
- data/spec/dummy/script/rails +5 -3
- data/spec/factories.rb +5 -3
- data/spec/generators/application_owner_generator_spec.rb +13 -26
- data/spec/generators/confidential_applications_generator_spec.rb +12 -28
- data/spec/generators/install_generator_spec.rb +17 -15
- data/spec/generators/migration_generator_spec.rb +13 -26
- data/spec/generators/pkce_generator_spec.rb +11 -26
- data/spec/generators/previous_refresh_token_generator_spec.rb +16 -29
- data/spec/generators/templates/routes.rb +2 -0
- data/spec/generators/views_generator_spec.rb +14 -12
- data/spec/grape/grape_integration_spec.rb +34 -32
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +9 -7
- data/spec/lib/config_spec.rb +137 -136
- data/spec/lib/doorkeeper_spec.rb +3 -1
- data/spec/lib/models/expirable_spec.rb +12 -10
- data/spec/lib/models/reusable_spec.rb +6 -6
- data/spec/lib/models/revocable_spec.rb +8 -6
- data/spec/lib/models/scopes_spec.rb +19 -17
- data/spec/lib/models/secret_storable_spec.rb +71 -49
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +17 -15
- data/spec/lib/oauth/authorization_code_request_spec.rb +18 -12
- data/spec/lib/oauth/base_request_spec.rb +20 -8
- data/spec/lib/oauth/base_response_spec.rb +3 -1
- data/spec/lib/oauth/client/credentials_spec.rb +24 -22
- data/spec/lib/oauth/client_credentials/creator_spec.rb +13 -11
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +27 -18
- data/spec/lib/oauth/client_credentials/validation_spec.rb +17 -15
- data/spec/lib/oauth/client_credentials_integration_spec.rb +7 -5
- data/spec/lib/oauth/client_credentials_request_spec.rb +27 -21
- data/spec/lib/oauth/client_spec.rb +15 -13
- data/spec/lib/oauth/code_request_spec.rb +8 -6
- data/spec/lib/oauth/code_response_spec.rb +9 -7
- data/spec/lib/oauth/error_response_spec.rb +14 -12
- data/spec/lib/oauth/error_spec.rb +4 -2
- data/spec/lib/oauth/forbidden_token_response_spec.rb +7 -5
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +35 -33
- data/spec/lib/oauth/helpers/unique_token_spec.rb +8 -6
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +103 -101
- data/spec/lib/oauth/invalid_token_response_spec.rb +3 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +52 -34
- data/spec/lib/oauth/pre_authorization_spec.rb +64 -62
- data/spec/lib/oauth/refresh_token_request_spec.rb +36 -33
- data/spec/lib/oauth/scopes_spec.rb +63 -61
- data/spec/lib/oauth/token_request_spec.rb +66 -26
- data/spec/lib/oauth/token_response_spec.rb +39 -37
- data/spec/lib/oauth/token_spec.rb +51 -49
- data/spec/lib/request/strategy_spec.rb +3 -1
- data/spec/lib/secret_storing/base_spec.rb +23 -23
- data/spec/lib/secret_storing/bcrypt_spec.rb +18 -18
- data/spec/lib/secret_storing/plain_spec.rb +17 -17
- data/spec/lib/secret_storing/sha256_hash_spec.rb +16 -16
- data/spec/lib/server_spec.rb +16 -14
- data/spec/lib/stale_records_cleaner_spec.rb +17 -17
- data/spec/models/doorkeeper/access_grant_spec.rb +30 -26
- data/spec/models/doorkeeper/access_token_spec.rb +97 -95
- data/spec/models/doorkeeper/application_spec.rb +98 -57
- data/spec/requests/applications/applications_request_spec.rb +98 -66
- data/spec/requests/applications/authorized_applications_spec.rb +20 -18
- data/spec/requests/endpoints/authorization_spec.rb +25 -23
- data/spec/requests/endpoints/token_spec.rb +38 -36
- data/spec/requests/flows/authorization_code_errors_spec.rb +26 -24
- data/spec/requests/flows/authorization_code_spec.rb +161 -159
- data/spec/requests/flows/client_credentials_spec.rb +53 -51
- data/spec/requests/flows/implicit_grant_errors_spec.rb +10 -8
- data/spec/requests/flows/implicit_grant_spec.rb +27 -25
- data/spec/requests/flows/password_spec.rb +56 -54
- data/spec/requests/flows/refresh_token_spec.rb +45 -43
- data/spec/requests/flows/revoke_token_spec.rb +29 -27
- data/spec/requests/flows/skip_authorization_spec.rb +23 -21
- data/spec/requests/protected_resources/metal_spec.rb +7 -5
- data/spec/requests/protected_resources/private_api_spec.rb +35 -33
- data/spec/routing/custom_controller_routes_spec.rb +67 -65
- data/spec/routing/default_routes_spec.rb +22 -20
- data/spec/routing/scoped_routes_spec.rb +20 -18
- data/spec/spec_helper.rb +14 -13
- data/spec/spec_helper_integration.rb +3 -1
- data/spec/support/dependencies/factory_bot.rb +3 -1
- data/spec/support/doorkeeper_rspec.rb +3 -1
- data/spec/support/helpers/access_token_request_helper.rb +3 -1
- data/spec/support/helpers/authorization_request_helper.rb +4 -2
- data/spec/support/helpers/config_helper.rb +2 -0
- data/spec/support/helpers/model_helper.rb +3 -1
- data/spec/support/helpers/request_spec_helper.rb +5 -3
- data/spec/support/helpers/url_helper.rb +9 -7
- data/spec/support/http_method_shim.rb +4 -9
- data/spec/support/orm/active_record.rb +3 -1
- data/spec/support/shared/controllers_shared_context.rb +18 -16
- data/spec/support/shared/hashing_shared_context.rb +3 -3
- data/spec/support/shared/models_shared_examples.rb +12 -10
- data/spec/validators/redirect_uri_validator_spec.rb +74 -45
- data/spec/version/version_spec.rb +7 -5
- metadata +12 -16
- data/gemfiles/rails_4_2.gemfile +0 -17
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -8
- data/spec/support/ruby_2_6_rails_4_2_patch.rb +0 -14
data/lib/doorkeeper/request.rb
CHANGED
@@ -33,7 +33,7 @@ module Doorkeeper
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def build_strategy_class(grant_or_request_type)
|
36
|
-
strategy_class_name = grant_or_request_type.to_s.tr(
|
36
|
+
strategy_class_name = grant_or_request_type.to_s.tr(" ", "_").camelize
|
37
37
|
"Doorkeeper::Request::#{strategy_class_name}".constantize
|
38
38
|
end
|
39
39
|
end
|
@@ -1,6 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module SecretStoring
|
3
|
-
|
4
5
|
##
|
5
6
|
# Base class for secret storing, including common helpers
|
6
7
|
class Base
|
@@ -8,7 +9,7 @@ module Doorkeeper
|
|
8
9
|
# Return the value to be stored by the database
|
9
10
|
# used for looking up a database value.
|
10
11
|
# @param plain_secret The plain secret input / generated
|
11
|
-
def self.transform_secret(
|
12
|
+
def self.transform_secret(_plain_secret)
|
12
13
|
raise NotImplementedError
|
13
14
|
end
|
14
15
|
|
@@ -19,8 +20,8 @@ module Doorkeeper
|
|
19
20
|
# @param attribute The secret attribute
|
20
21
|
# @param plain_secret The plain secret input / generated
|
21
22
|
def self.store_secret(resource, attribute, plain_secret)
|
22
|
-
transformed_value =
|
23
|
-
resource.public_send
|
23
|
+
transformed_value = transform_secret(plain_secret)
|
24
|
+
resource.public_send(:"#{attribute}=", transformed_value)
|
24
25
|
|
25
26
|
transformed_value
|
26
27
|
end
|
@@ -30,7 +31,7 @@ module Doorkeeper
|
|
30
31
|
# @param resource The resource instance to act on
|
31
32
|
# @param attribute The secret attribute to restore
|
32
33
|
# as retrieved from the database.
|
33
|
-
def self.restore_secret(
|
34
|
+
def self.restore_secret(_resource, _attribute)
|
34
35
|
raise NotImplementedError
|
35
36
|
end
|
36
37
|
|
@@ -60,4 +61,4 @@ module Doorkeeper
|
|
60
61
|
end
|
61
62
|
end
|
62
63
|
end
|
63
|
-
end
|
64
|
+
end
|
@@ -1,6 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module SecretStoring
|
3
|
-
|
4
5
|
##
|
5
6
|
# Plain text secret storing, which is the default
|
6
7
|
# but also provides fallback lookup if
|
@@ -49,11 +50,11 @@ module Doorkeeper
|
|
49
50
|
##
|
50
51
|
# Test if we can require the BCrypt gem
|
51
52
|
def self.bcrypt_present?
|
52
|
-
require
|
53
|
+
require "bcrypt"
|
53
54
|
true
|
54
55
|
rescue LoadError
|
55
56
|
false
|
56
57
|
end
|
57
58
|
end
|
58
59
|
end
|
59
|
-
end
|
60
|
+
end
|
@@ -1,12 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module SecretStoring
|
3
|
-
|
4
5
|
##
|
5
6
|
# Plain text secret storing, which is the default
|
6
7
|
# but also provides fallback lookup if
|
7
8
|
# other secret storing mechanisms are enabled.
|
8
9
|
class Plain < Base
|
9
|
-
|
10
10
|
##
|
11
11
|
# Return the value to be stored by the database
|
12
12
|
# @param plain_secret The plain secret input / generated
|
@@ -20,7 +20,7 @@ module Doorkeeper
|
|
20
20
|
# @param attribute The secret attribute to restore
|
21
21
|
# as retrieved from the database.
|
22
22
|
def self.restore_secret(resource, attribute)
|
23
|
-
resource.public_send
|
23
|
+
resource.public_send(attribute)
|
24
24
|
end
|
25
25
|
|
26
26
|
##
|
@@ -30,4 +30,4 @@ module Doorkeeper
|
|
30
30
|
end
|
31
31
|
end
|
32
32
|
end
|
33
|
-
end
|
33
|
+
end
|
data/lib/doorkeeper/version.rb
CHANGED
@@ -1,18 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "rails/generators"
|
4
|
+
require "rails/generators/active_record"
|
5
5
|
|
6
6
|
module Doorkeeper
|
7
|
+
# Generates migration to add reference to owner of the
|
8
|
+
# Doorkeeper application.
|
9
|
+
#
|
7
10
|
class ApplicationOwnerGenerator < ::Rails::Generators::Base
|
8
11
|
include ::Rails::Generators::Migration
|
9
|
-
source_root File.expand_path(
|
10
|
-
desc
|
12
|
+
source_root File.expand_path("templates", __dir__)
|
13
|
+
desc "Provide support for client application ownership."
|
11
14
|
|
12
15
|
def application_owner
|
13
16
|
migration_template(
|
14
|
-
|
15
|
-
|
17
|
+
"add_owner_to_application_migration.rb.erb",
|
18
|
+
"db/migrate/add_owner_to_application.rb",
|
16
19
|
migration_version: migration_version
|
17
20
|
)
|
18
21
|
end
|
@@ -24,9 +27,7 @@ module Doorkeeper
|
|
24
27
|
private
|
25
28
|
|
26
29
|
def migration_version
|
27
|
-
|
28
|
-
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
29
|
-
end
|
30
|
+
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
30
31
|
end
|
31
32
|
end
|
32
33
|
end
|
@@ -1,18 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "rails/generators"
|
4
|
+
require "rails/generators/active_record"
|
5
5
|
|
6
6
|
module Doorkeeper
|
7
|
+
# Generates migration to add confidential column to Doorkeeper
|
8
|
+
# applications table.
|
9
|
+
#
|
7
10
|
class ConfidentialApplicationsGenerator < ::Rails::Generators::Base
|
8
11
|
include ::Rails::Generators::Migration
|
9
|
-
source_root File.expand_path(
|
10
|
-
desc
|
12
|
+
source_root File.expand_path("templates", __dir__)
|
13
|
+
desc "Add confidential column to Doorkeeper applications"
|
11
14
|
|
12
15
|
def pkce
|
13
16
|
migration_template(
|
14
|
-
|
15
|
-
|
17
|
+
"add_confidential_to_applications.rb.erb",
|
18
|
+
"db/migrate/add_confidential_to_applications.rb",
|
16
19
|
migration_version: migration_version
|
17
20
|
)
|
18
21
|
end
|
@@ -24,9 +27,7 @@ module Doorkeeper
|
|
24
27
|
private
|
25
28
|
|
26
29
|
def migration_version
|
27
|
-
|
28
|
-
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
29
|
-
end
|
30
|
+
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
30
31
|
end
|
31
32
|
end
|
32
33
|
end
|
@@ -1,20 +1,22 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "rails/generators"
|
4
|
+
require "rails/generators/active_record"
|
5
5
|
|
6
6
|
module Doorkeeper
|
7
|
+
# Setup doorkeeper into Rails application: locales, routes, etc.
|
8
|
+
#
|
7
9
|
class InstallGenerator < ::Rails::Generators::Base
|
8
10
|
include ::Rails::Generators::Migration
|
9
|
-
source_root File.expand_path(
|
10
|
-
desc
|
11
|
+
source_root File.expand_path("templates", __dir__)
|
12
|
+
desc "Installs Doorkeeper."
|
11
13
|
|
12
14
|
def install
|
13
|
-
template
|
14
|
-
copy_file File.expand_path(
|
15
|
-
|
16
|
-
route
|
17
|
-
readme
|
15
|
+
template "initializer.rb", "config/initializers/doorkeeper.rb"
|
16
|
+
copy_file File.expand_path("../../../config/locales/en.yml", __dir__),
|
17
|
+
"config/locales/doorkeeper.en.yml"
|
18
|
+
route "use_doorkeeper"
|
19
|
+
readme "README"
|
18
20
|
end
|
19
21
|
end
|
20
22
|
end
|
@@ -1,18 +1,20 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "rails/generators"
|
4
|
+
require "rails/generators/active_record"
|
5
5
|
|
6
6
|
module Doorkeeper
|
7
|
+
# Copies main Doorkeeper migration into parent Rails application.
|
8
|
+
#
|
7
9
|
class MigrationGenerator < ::Rails::Generators::Base
|
8
10
|
include ::Rails::Generators::Migration
|
9
|
-
source_root File.expand_path(
|
10
|
-
desc
|
11
|
+
source_root File.expand_path("templates", __dir__)
|
12
|
+
desc "Installs Doorkeeper migration file."
|
11
13
|
|
12
14
|
def install
|
13
15
|
migration_template(
|
14
|
-
|
15
|
-
|
16
|
+
"migration.rb.erb",
|
17
|
+
"db/migrate/create_doorkeeper_tables.rb",
|
16
18
|
migration_version: migration_version
|
17
19
|
)
|
18
20
|
end
|
@@ -24,9 +26,7 @@ module Doorkeeper
|
|
24
26
|
private
|
25
27
|
|
26
28
|
def migration_version
|
27
|
-
|
28
|
-
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
29
|
-
end
|
29
|
+
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
30
30
|
end
|
31
31
|
end
|
32
32
|
end
|
@@ -1,18 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "rails/generators"
|
4
|
+
require "rails/generators/active_record"
|
5
5
|
|
6
6
|
module Doorkeeper
|
7
|
+
# Generates migration with PKCE required database columns for
|
8
|
+
# Doorkeeper tables.
|
9
|
+
#
|
7
10
|
class PkceGenerator < ::Rails::Generators::Base
|
8
11
|
include ::Rails::Generators::Migration
|
9
|
-
source_root File.expand_path(
|
10
|
-
desc
|
12
|
+
source_root File.expand_path("templates", __dir__)
|
13
|
+
desc "Provide support for PKCE."
|
11
14
|
|
12
15
|
def pkce
|
13
16
|
migration_template(
|
14
|
-
|
15
|
-
|
17
|
+
"enable_pkce_migration.rb.erb",
|
18
|
+
"db/migrate/enable_pkce.rb",
|
16
19
|
migration_version: migration_version
|
17
20
|
)
|
18
21
|
end
|
@@ -24,9 +27,7 @@ module Doorkeeper
|
|
24
27
|
private
|
25
28
|
|
26
29
|
def migration_version
|
27
|
-
|
28
|
-
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
29
|
-
end
|
30
|
+
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
30
31
|
end
|
31
32
|
end
|
32
33
|
end
|
@@ -1,13 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
3
|
+
require "rails/generators"
|
4
|
+
require "rails/generators/active_record"
|
5
5
|
|
6
6
|
module Doorkeeper
|
7
|
+
# Generates migration to add previous refresh token column to the
|
8
|
+
# database for Doorkeeper tables.
|
9
|
+
#
|
7
10
|
class PreviousRefreshTokenGenerator < ::Rails::Generators::Base
|
8
11
|
include ::Rails::Generators::Migration
|
9
|
-
source_root File.expand_path(
|
10
|
-
desc
|
12
|
+
source_root File.expand_path("templates", __dir__)
|
13
|
+
desc "Support revoke refresh token on access token use"
|
11
14
|
|
12
15
|
def self.next_migration_number(path)
|
13
16
|
ActiveRecord::Generators::Base.next_migration_number(path)
|
@@ -16,8 +19,8 @@ module Doorkeeper
|
|
16
19
|
def previous_refresh_token
|
17
20
|
if no_previous_refresh_token_column?
|
18
21
|
migration_template(
|
19
|
-
|
20
|
-
|
22
|
+
"add_previous_refresh_token_to_access_tokens.rb.erb",
|
23
|
+
"db/migrate/add_previous_refresh_token_to_access_tokens.rb"
|
21
24
|
)
|
22
25
|
end
|
23
26
|
end
|
@@ -25,9 +28,7 @@ module Doorkeeper
|
|
25
28
|
private
|
26
29
|
|
27
30
|
def migration_version
|
28
|
-
|
29
|
-
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
30
|
-
end
|
31
|
+
"[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
|
31
32
|
end
|
32
33
|
|
33
34
|
def no_previous_refresh_token_column?
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
Doorkeeper.configure do
|
2
4
|
# Change the ORM that doorkeeper will use (needs plugins)
|
3
5
|
orm :active_record
|
@@ -47,7 +49,12 @@ Doorkeeper.configure do
|
|
47
49
|
# access_token_expires_in 2.hours
|
48
50
|
|
49
51
|
# Assign custom TTL for access tokens. Will be used instead of access_token_expires_in
|
50
|
-
# option if defined. `
|
52
|
+
# option if defined. In case the block returns `nil` value Doorkeeper fallbacks to
|
53
|
+
# `access_token_expires_in` configuration option value. If you really need to issue a
|
54
|
+
# non-expiring access token (which is not recommended) then you need to return
|
55
|
+
# Float::INFINITY from this block.
|
56
|
+
#
|
57
|
+
# `context` has the following properties available:
|
51
58
|
#
|
52
59
|
# `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
|
53
60
|
# `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
|
@@ -146,7 +153,8 @@ Doorkeeper.configure do
|
|
146
153
|
# Provide support for an owner to be assigned to each registered application (disabled by default)
|
147
154
|
# Optional parameter confirmation: true (default false) if you want to enforce ownership of
|
148
155
|
# a registered application
|
149
|
-
#
|
156
|
+
# NOTE: you must also run the rails g doorkeeper:application_owner generator
|
157
|
+
# to provide the necessary support
|
150
158
|
#
|
151
159
|
# enable_application_owner confirmation: false
|
152
160
|
|
@@ -189,9 +197,10 @@ Doorkeeper.configure do
|
|
189
197
|
# access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
|
190
198
|
|
191
199
|
# Change the native redirect uri for client apps
|
192
|
-
# When clients register with the following redirect uri, they won't be redirected to
|
193
|
-
# the authorizationcode will be displayed within the provider
|
194
|
-
# The value can be any string. Use nil to disable this feature. When disabled, clients
|
200
|
+
# When clients register with the following redirect uri, they won't be redirected to
|
201
|
+
# any server and the authorizationcode will be displayed within the provider
|
202
|
+
# The value can be any string. Use nil to disable this feature. When disabled, clients
|
203
|
+
# must providea valid URL
|
195
204
|
# (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
|
196
205
|
#
|
197
206
|
# native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
|
@@ -216,6 +225,22 @@ Doorkeeper.configure do
|
|
216
225
|
#
|
217
226
|
# forbid_redirect_uri { |uri| uri.scheme.to_s.downcase == 'javascript' }
|
218
227
|
|
228
|
+
# Allows to set blank redirect URIs for Applications in case Doorkeeper configured
|
229
|
+
# to use URI-less OAuth grant flows like Client Credentials or Resource Owner
|
230
|
+
# Password Credentials. The option is on by default and checks configured grant
|
231
|
+
# types, but you **need** to manually drop `NOT NULL` constraint from `redirect_uri`
|
232
|
+
# column for `oauth_applications` database table.
|
233
|
+
#
|
234
|
+
# You can completely disable this feature with:
|
235
|
+
#
|
236
|
+
# allow_blank_redirect_uri false
|
237
|
+
#
|
238
|
+
# Or you can define your custom check:
|
239
|
+
#
|
240
|
+
# allow_blank_redirect_uri do |grant_flows, client|
|
241
|
+
# client.superapp?
|
242
|
+
# end
|
243
|
+
|
219
244
|
# Specify how authorization errors should be handled.
|
220
245
|
# By default, doorkeeper renders json errors when access token
|
221
246
|
# is invalid, expired, revoked or has invalid scopes.
|
@@ -1,9 +1,13 @@
|
|
1
1
|
class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
2
2
|
def change
|
3
3
|
create_table :oauth_applications do |t|
|
4
|
-
t.string :name,
|
5
|
-
t.string :uid,
|
6
|
-
t.string :secret,
|
4
|
+
t.string :name, null: false
|
5
|
+
t.string :uid, null: false
|
6
|
+
t.string :secret, null: false
|
7
|
+
|
8
|
+
# Remove `null: false` if you are planning to use grant flows
|
9
|
+
# that doesn't require redirect URI to be used during authorization
|
10
|
+
# like Client Credentials flow or Resource Owner Password.
|
7
11
|
t.text :redirect_uri, null: false
|
8
12
|
t.string :scopes, null: false, default: ''
|
9
13
|
t.boolean :confidential, null: false, default: true
|
@@ -32,20 +36,20 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
32
36
|
|
33
37
|
create_table :oauth_access_tokens do |t|
|
34
38
|
t.references :resource_owner, index: true
|
35
|
-
t.references :application
|
39
|
+
t.references :application, null: false
|
36
40
|
|
37
41
|
# If you use a custom token generator you may need to change this column
|
38
42
|
# from string to text, so that it accepts tokens larger than 255
|
39
43
|
# characters. More info on custom token generators in:
|
40
44
|
# https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
|
41
45
|
#
|
42
|
-
# t.text
|
43
|
-
t.string
|
46
|
+
# t.text :token, null: false
|
47
|
+
t.string :token, null: false
|
44
48
|
|
45
49
|
t.string :refresh_token
|
46
50
|
t.integer :expires_in
|
47
51
|
t.datetime :revoked_at
|
48
|
-
t.datetime :created_at,
|
52
|
+
t.datetime :created_at, null: false
|
49
53
|
t.string :scopes
|
50
54
|
|
51
55
|
# If there is a previous_refresh_token column,
|
@@ -64,5 +68,9 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
64
68
|
:oauth_applications,
|
65
69
|
column: :application_id
|
66
70
|
)
|
71
|
+
|
72
|
+
# Uncomment below to ensure a valid reference to the resource owner's table
|
73
|
+
# add_foreign_key :oauth_access_grants, <model>, column: :resource_owner_id
|
74
|
+
# add_foreign_key :oauth_access_tokens, <model>, column: :resource_owner_id
|
67
75
|
end
|
68
76
|
end
|