doorkeeper 5.1.0.rc2 → 5.1.0

data/spec/dummy/Rakefile

@@ -1,7 +1,9 @@
 #!/usr/bin/env rake
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('config/application', __dir__)
+require File.expand_path("config/application", __dir__)
 
 Dummy::Application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 end

data/spec/dummy/app/controllers/custom_authorizations_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class CustomAuthorizationsController < ::ApplicationController
   %w[index show new create edit update destroy].each do |action|
     define_method action do

data/spec/dummy/app/controllers/full_protected_resources_controller.rb

@@ -1,12 +1,14 @@
+# frozen_string_literal: true
+
 class FullProtectedResourcesController < ApplicationController
   before_action -> { doorkeeper_authorize! :write, :admin }, only: :show
   before_action :doorkeeper_authorize!, only: :index
 
   def index
-    render plain: 'index'
+    render plain: "index"
   end
 
   def show
-    render plain: 'show'
+    render plain: "show"
   end
 end

data/spec/dummy/app/controllers/home_controller.rb

@@ -1,16 +1,18 @@
+# frozen_string_literal: true
+
 class HomeController < ApplicationController
   def index; end
 
   def sign_in
     session[:user_id] = if Rails.env.development?
-                          User.first || User.create!(name: 'Joe', password: 'sekret')
+                          User.first || User.create!(name: "Joe", password: "sekret")
                         else
                           User.first
                         end
-    redirect_to '/'
+    redirect_to "/"
   end
 
   def callback
-    render plain: 'ok'
+    render plain: "ok"
   end
 end

data/spec/dummy/app/controllers/metal_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class MetalController < ActionController::Metal
   include AbstractController::Callbacks
   include ActionController::Head

data/spec/dummy/app/controllers/semi_protected_resources_controller.rb

@@ -1,11 +1,13 @@
+# frozen_string_literal: true
+
 class SemiProtectedResourcesController < ApplicationController
   before_action :doorkeeper_authorize!, only: :index
 
   def index
-    render plain: 'protected index'
+    render plain: "protected index"
   end
 
   def show
-    render plain: 'non protected show'
+    render plain: "non protected show"
   end
 end

data/spec/dummy/app/helpers/application_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ApplicationHelper
   def current_user
     @current_user ||= User.find_by_id(session[:user_id])

data/spec/dummy/app/models/user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class User < ActiveRecord::Base
   def self.authenticate!(name, password)
     User.where(name: name, password: password).first

data/spec/dummy/config.ru

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 # This file is used by Rack-based servers to start the application.
 
-require ::File.expand_path('../config/environment', __FILE__)
+require ::File.expand_path("../config/environment", __FILE__)
 run Dummy::Application

data/spec/dummy/config/application.rb

@@ -27,6 +27,19 @@ require "#{orm}/railtie"
 
 module Dummy
   class Application < Rails::Application
+    if Rails.gem_version < Gem::Version.new('5.1')
+      config.action_controller.per_form_csrf_tokens = true
+      config.action_controller.forgery_protection_origin_check = true
+
+      ActiveSupport.to_time_preserves_timezone = true
+
+      config.active_record.belongs_to_required_by_default = true
+
+      config.ssl_options = { hsts: { subdomains: true } }
+    else
+      config.load_defaults "#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}"
+    end
+
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.

data/spec/dummy/config/environments/development.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb
 

data/spec/dummy/config/environments/production.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb
 

data/spec/dummy/config/environments/test.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb
 
@@ -8,7 +10,7 @@ Dummy::Application.configure do
   config.cache_classes = true
 
   config.assets.enabled = true
-  config.assets.version = '1.0'
+  config.assets.version = "1.0"
   config.assets.digest = false
 
   # Do not eager load code on boot. This avoids loading your whole application

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.

data/spec/dummy/config/initializers/doorkeeper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Doorkeeper.configure do
   # Change the ORM that doorkeeper will use.
   orm DOORKEEPER_ORM
@@ -5,7 +7,7 @@ Doorkeeper.configure do
   # This block will be called to check whether the resource owner is authenticated or not.
   resource_owner_authenticator do
     # Put your resource owner authentication logic here.
-    User.where(id: session[:user_id]).first || redirect_to(root_url, alert: 'Needs sign in.')
+    User.where(id: session[:user_id]).first || redirect_to(root_url, alert: "Needs sign in.")
   end
 
   # If you didn't skip applications controller from Doorkeeper routes in your application routes.rb
@@ -66,7 +68,8 @@ Doorkeeper.configure do
   # Change the native redirect uri for client apps
   # When clients register with the following redirect uri, they won't be redirected to any server and
   # the authorization code will be displayed within the provider
-  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # The value can be any string. Use nil to disable this feature.
+  # When disabled, clients must provide a valid URL
   # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
   #
   # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'

data/spec/dummy/config/initializers/secret_token.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
 # Your secret key for verifying the integrity of signed cookies.
@@ -5,4 +7,4 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 Dummy::Application.config.secret_key_base =
-  'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159'
+  "c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159"

data/spec/dummy/config/initializers/session_store.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
-Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+Dummy::Application.config.session_store :cookie_store, key: "_dummy_session"
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 #
 # This file contains settings for ActionController::ParamsWrapper which

data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb

@@ -3,18 +3,22 @@
 class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
   def change
     create_table :oauth_applications do |t|
-      t.string  :name,         null: false
-      t.string  :uid,          null: false
-      t.string  :secret,       null: false
+      t.string  :name,    null: false
+      t.string  :uid,     null: false
+      t.string  :secret,  null: false
+
+      # Remove `null: false` if you are planning to use grant flows
+      # that doesn't require redirect URI to be used during authorization
+      # like Client Credentials flow or Resource Owner Password.
       t.text    :redirect_uri, null: false
-      t.string  :scopes,       null: false, default: ''
+      t.string  :scopes,       null: false, default: ""
       t.timestamps             null: false
     end
 
     add_index :oauth_applications, :uid, unique: true
 
     create_table :oauth_access_grants do |t|
-      t.integer  :resource_owner_id, null: false
+      t.references :resource_owner,  null: false
       t.references :application,     null: false
       t.string   :token,             null: false
       t.integer  :expires_in,        null: false
@@ -32,16 +36,16 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
     )
 
     create_table :oauth_access_tokens do |t|
-      t.integer  :resource_owner_id
-      t.references :application
+      t.references :resource_owner, index: true
+      t.references :application,    null: false
 
       # If you use a custom token generator you may need to change this column
       # from string to text, so that it accepts tokens larger than 255
       # characters. More info on custom token generators in:
       # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
       #
-      # t.text     :token,             null: false
-      t.string   :token, null: false
+      # t.text :token, null: false
+      t.string :token, null: false
 
       t.string   :refresh_token
       t.integer  :expires_in
@@ -51,12 +55,15 @@ class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
     end
 
     add_index :oauth_access_tokens, :token, unique: true
-    add_index :oauth_access_tokens, :resource_owner_id
     add_index :oauth_access_tokens, :refresh_token, unique: true
     add_foreign_key(
       :oauth_access_tokens,
       :oauth_applications,
       column: :application_id
     )
+
+    # Uncomment below to ensure a valid reference to the resource owner's table
+    add_foreign_key :oauth_access_grants, :users, column: :resource_owner_id
+    add_foreign_key :oauth_access_tokens, :users, column: :resource_owner_id
   end
 end

data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class EnablePkce < ActiveRecord::Migration[4.2]
   def change
     add_column :oauth_access_grants, :code_challenge, :string, null: true

data/spec/dummy/db/schema.rb

@@ -47,7 +47,7 @@ ActiveRecord::Schema.define(version: 20180210183654) do
     t.string "name", null: false
     t.string "uid", null: false
     t.string "secret", null: false
-    t.text "redirect_uri", null: false
+    t.text "redirect_uri"
     t.string "scopes", default: "", null: false
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false

data/spec/dummy/script/rails

@@ -1,7 +1,9 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 # This command will automatically be run when you run "rails" with Rails 3 gems
 # installed from the root of your application.
 
-APP_PATH = File.expand_path('../config/application', __dir__)
-require File.expand_path('../config/boot', __dir__)
-require 'rails/commands'
+APP_PATH = File.expand_path("../config/application", __dir__)
+require File.expand_path("../config/boot", __dir__)
+require "rails/commands"

data/spec/factories.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 FactoryBot.define do
   factory :access_grant, class: "Doorkeeper::AccessGrant" do
     sequence(:resource_owner_id) { |n| n }
     application
-    redirect_uri { 'https://app.com/callback' }
+    redirect_uri { "https://app.com/callback" }
     expires_in { 100 }
-    scopes { 'public write' }
+    scopes { "public write" }
   end
 
   factory :access_token, class: "Doorkeeper::AccessToken" do
@@ -19,7 +21,7 @@ FactoryBot.define do
 
   factory :application, class: "Doorkeeper::Application" do
     sequence(:name) { |n| "Application #{n}" }
-    redirect_uri { 'https://app.com/callback' }
+    redirect_uri { "https://app.com/callback" }
   end
 
   # do not name this factory :user, otherwise it will conflict with factories

data/spec/generators/application_owner_generator_spec.rb

@@ -1,40 +1,27 @@
-require 'spec_helper'
-require 'generators/doorkeeper/application_owner_generator'
+# frozen_string_literal: true
 
-describe 'Doorkeeper::ApplicationOwnerGenerator' do
+require "spec_helper"
+require "generators/doorkeeper/application_owner_generator"
+
+describe "Doorkeeper::ApplicationOwnerGenerator" do
   include GeneratorSpec::TestCase
 
   tests Doorkeeper::ApplicationOwnerGenerator
-  destination ::File.expand_path('../tmp/dummy', __FILE__)
+  destination ::File.expand_path("../tmp/dummy", __FILE__)
 
-  describe 'after running the generator' do
+  describe "after running the generator" do
     before :each do
       prepare_destination
     end
 
-    context 'pre Rails 5.0.0' do
-      it 'creates a migration with no version specifier' do
-        stub_const("ActiveRecord::VERSION::MAJOR", 4)
-        stub_const("ActiveRecord::VERSION::MINOR", 2)
-
-        run_generator
-
-        assert_migration 'db/migrate/add_owner_to_application.rb' do |migration|
-          assert migration.include?("ActiveRecord::Migration\n")
-        end
-      end
-    end
-
-    context 'post Rails 5.0.0' do
-      it 'creates a migration with a version specifier' do
-        stub_const("ActiveRecord::VERSION::MAJOR", 5)
-        stub_const("ActiveRecord::VERSION::MINOR", 0)
+    it "creates a migration with a version specifier" do
+      stub_const("ActiveRecord::VERSION::MAJOR", 5)
+      stub_const("ActiveRecord::VERSION::MINOR", 0)
 
-        run_generator
+      run_generator
 
-        assert_migration 'db/migrate/add_owner_to_application.rb' do |migration|
-          assert migration.include?("ActiveRecord::Migration[5.0]\n")
-        end
+      assert_migration "db/migrate/add_owner_to_application.rb" do |migration|
+        assert migration.include?("ActiveRecord::Migration[5.0]\n")
       end
     end
   end

data/spec/generators/confidential_applications_generator_spec.rb

@@ -1,44 +1,28 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
-require 'generators/doorkeeper/confidential_applications_generator'
+require "spec_helper"
+require "generators/doorkeeper/confidential_applications_generator"
 
-describe 'Doorkeeper::ConfidentialApplicationsGenerator' do
+describe "Doorkeeper::ConfidentialApplicationsGenerator" do
   include GeneratorSpec::TestCase
 
   tests Doorkeeper::ConfidentialApplicationsGenerator
-  destination ::File.expand_path('../tmp/dummy', __FILE__)
+  destination ::File.expand_path("../tmp/dummy", __FILE__)
 
-  describe 'after running the generator' do
+  describe "after running the generator" do
     before :each do
       prepare_destination
     end
 
-    context 'pre Rails 5.0.0' do
-      it 'creates a migration with no version specifier' do
-        stub_const("ActiveRecord::VERSION::MAJOR", 4)
-        stub_const("ActiveRecord::VERSION::MINOR", 2)
+    it "creates a migration with a version specifier" do
+      stub_const("ActiveRecord::VERSION::MAJOR", 5)
+      stub_const("ActiveRecord::VERSION::MINOR", 0)
 
-        run_generator
+      run_generator
 
-        assert_migration 'db/migrate/add_confidential_to_applications.rb' do |migration|
-          assert migration.include?("ActiveRecord::Migration\n")
-          assert migration.include?(':confidential')
-        end
-      end
-    end
-
-    context 'post Rails 5.0.0' do
-      it 'creates a migration with a version specifier' do
-        stub_const("ActiveRecord::VERSION::MAJOR", 5)
-        stub_const("ActiveRecord::VERSION::MINOR", 0)
-
-        run_generator
-
-        assert_migration 'db/migrate/add_confidential_to_applications.rb' do |migration|
-          assert migration.include?("ActiveRecord::Migration[5.0]\n")
-          assert migration.include?(':confidential')
-        end
+      assert_migration "db/migrate/add_confidential_to_applications.rb" do |migration|
+        assert migration.include?("ActiveRecord::Migration[5.0]\n")
+        assert migration.include?(":confidential")
       end
     end
   end