doorkeeper 5.1.0 → 5.5.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (265) hide show
  1. checksums.yaml +4 -4
  2. data/{NEWS.md → CHANGELOG.md} +234 -25
  3. data/README.md +21 -11
  4. data/app/controllers/doorkeeper/application_controller.rb +2 -2
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
  6. data/app/controllers/doorkeeper/applications_controller.rb +8 -7
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +56 -19
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +5 -5
  9. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  10. data/app/controllers/doorkeeper/tokens_controller.rb +93 -25
  11. data/app/views/doorkeeper/applications/_form.html.erb +1 -7
  12. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  13. data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
  14. data/config/locales/en.yml +13 -3
  15. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  16. data/lib/doorkeeper/config/option.rb +20 -2
  17. data/lib/doorkeeper/config/validations.rb +53 -0
  18. data/lib/doorkeeper/config.rb +291 -121
  19. data/lib/doorkeeper/engine.rb +1 -1
  20. data/lib/doorkeeper/errors.rb +13 -18
  21. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  22. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  23. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  24. data/lib/doorkeeper/grant_flow.rb +45 -0
  25. data/lib/doorkeeper/grape/helpers.rb +7 -3
  26. data/lib/doorkeeper/helpers/controller.rb +36 -11
  27. data/lib/doorkeeper/models/access_grant_mixin.rb +22 -18
  28. data/lib/doorkeeper/models/access_token_mixin.rb +194 -51
  29. data/lib/doorkeeper/models/application_mixin.rb +8 -7
  30. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  31. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  32. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  33. data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
  34. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  35. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  36. data/lib/doorkeeper/oauth/authorization/code.rb +25 -14
  37. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  38. data/lib/doorkeeper/oauth/authorization/token.rb +24 -19
  39. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  40. data/lib/doorkeeper/oauth/authorization_code_request.rb +40 -21
  41. data/lib/doorkeeper/oauth/base_request.rb +21 -23
  42. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  43. data/lib/doorkeeper/oauth/client.rb +8 -9
  44. data/lib/doorkeeper/oauth/client_credentials/creator.rb +45 -5
  45. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
  46. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +13 -3
  47. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  48. data/lib/doorkeeper/oauth/code_request.rb +6 -12
  49. data/lib/doorkeeper/oauth/code_response.rb +24 -14
  50. data/lib/doorkeeper/oauth/error.rb +1 -1
  51. data/lib/doorkeeper/oauth/error_response.rb +10 -11
  52. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
  53. data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
  54. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +19 -5
  55. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  56. data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
  57. data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
  58. data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  59. data/lib/doorkeeper/oauth/password_access_token_request.rb +32 -10
  60. data/lib/doorkeeper/oauth/pre_authorization.rb +111 -42
  61. data/lib/doorkeeper/oauth/refresh_token_request.rb +45 -33
  62. data/lib/doorkeeper/oauth/token.rb +6 -7
  63. data/lib/doorkeeper/oauth/token_introspection.rb +24 -18
  64. data/lib/doorkeeper/oauth/token_request.rb +6 -20
  65. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  66. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  67. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  68. data/lib/doorkeeper/orm/active_record/application.rb +5 -83
  69. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +68 -0
  70. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +59 -0
  71. data/lib/doorkeeper/orm/active_record/mixins/application.rb +198 -0
  72. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  73. data/lib/doorkeeper/orm/active_record.rb +20 -6
  74. data/lib/doorkeeper/rails/helpers.rb +4 -4
  75. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  76. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  77. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  78. data/lib/doorkeeper/rails/routes.rb +17 -25
  79. data/lib/doorkeeper/rake/db.rake +6 -6
  80. data/lib/doorkeeper/rake/setup.rake +5 -0
  81. data/lib/doorkeeper/request/authorization_code.rb +5 -3
  82. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  83. data/lib/doorkeeper/request/password.rb +2 -2
  84. data/lib/doorkeeper/request/refresh_token.rb +5 -4
  85. data/lib/doorkeeper/request/strategy.rb +2 -2
  86. data/lib/doorkeeper/request.rb +49 -17
  87. data/lib/doorkeeper/server.rb +7 -11
  88. data/lib/doorkeeper/stale_records_cleaner.rb +6 -2
  89. data/lib/doorkeeper/version.rb +1 -5
  90. data/lib/doorkeeper.rb +114 -79
  91. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  92. data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
  93. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  94. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  95. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  96. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -7
  97. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  98. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  99. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  100. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  101. data/lib/generators/doorkeeper/templates/initializer.rb +205 -43
  102. data/lib/generators/doorkeeper/templates/migration.rb.erb +18 -6
  103. metadata +43 -310
  104. data/.coveralls.yml +0 -1
  105. data/.github/ISSUE_TEMPLATE.md +0 -25
  106. data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
  107. data/.gitignore +0 -20
  108. data/.gitlab-ci.yml +0 -16
  109. data/.hound.yml +0 -3
  110. data/.rspec +0 -1
  111. data/.rubocop.yml +0 -50
  112. data/.travis.yml +0 -35
  113. data/Appraisals +0 -40
  114. data/CODE_OF_CONDUCT.md +0 -46
  115. data/CONTRIBUTING.md +0 -47
  116. data/Dangerfile +0 -67
  117. data/Gemfile +0 -24
  118. data/RELEASING.md +0 -10
  119. data/Rakefile +0 -28
  120. data/SECURITY.md +0 -15
  121. data/UPGRADE.md +0 -2
  122. data/app/validators/redirect_uri_validator.rb +0 -50
  123. data/bin/console +0 -16
  124. data/doorkeeper.gemspec +0 -34
  125. data/gemfiles/rails_5_0.gemfile +0 -17
  126. data/gemfiles/rails_5_1.gemfile +0 -17
  127. data/gemfiles/rails_5_2.gemfile +0 -17
  128. data/gemfiles/rails_6_0.gemfile +0 -17
  129. data/gemfiles/rails_master.gemfile +0 -17
  130. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  131. data/spec/controllers/applications_controller_spec.rb +0 -180
  132. data/spec/controllers/authorizations_controller_spec.rb +0 -527
  133. data/spec/controllers/protected_resources_controller_spec.rb +0 -353
  134. data/spec/controllers/token_info_controller_spec.rb +0 -50
  135. data/spec/controllers/tokens_controller_spec.rb +0 -330
  136. data/spec/dummy/Rakefile +0 -9
  137. data/spec/dummy/app/assets/config/manifest.js +0 -2
  138. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  139. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  140. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  141. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  142. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  143. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  144. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  145. data/spec/dummy/app/models/user.rb +0 -7
  146. data/spec/dummy/app/views/home/index.html.erb +0 -0
  147. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  148. data/spec/dummy/config/application.rb +0 -47
  149. data/spec/dummy/config/boot.rb +0 -7
  150. data/spec/dummy/config/database.yml +0 -15
  151. data/spec/dummy/config/environment.rb +0 -5
  152. data/spec/dummy/config/environments/development.rb +0 -31
  153. data/spec/dummy/config/environments/production.rb +0 -64
  154. data/spec/dummy/config/environments/test.rb +0 -45
  155. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  156. data/spec/dummy/config/initializers/doorkeeper.rb +0 -121
  157. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  158. data/spec/dummy/config/initializers/session_store.rb +0 -10
  159. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  160. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  161. data/spec/dummy/config/routes.rb +0 -13
  162. data/spec/dummy/config.ru +0 -6
  163. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  164. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  165. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  166. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  167. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  168. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  169. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  170. data/spec/dummy/db/schema.rb +0 -68
  171. data/spec/dummy/public/404.html +0 -26
  172. data/spec/dummy/public/422.html +0 -26
  173. data/spec/dummy/public/500.html +0 -26
  174. data/spec/dummy/public/favicon.ico +0 -0
  175. data/spec/dummy/script/rails +0 -9
  176. data/spec/factories.rb +0 -30
  177. data/spec/generators/application_owner_generator_spec.rb +0 -28
  178. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  179. data/spec/generators/install_generator_spec.rb +0 -36
  180. data/spec/generators/migration_generator_spec.rb +0 -28
  181. data/spec/generators/pkce_generator_spec.rb +0 -28
  182. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  183. data/spec/generators/templates/routes.rb +0 -4
  184. data/spec/generators/views_generator_spec.rb +0 -29
  185. data/spec/grape/grape_integration_spec.rb +0 -137
  186. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  187. data/spec/lib/config_spec.rb +0 -697
  188. data/spec/lib/doorkeeper_spec.rb +0 -27
  189. data/spec/lib/models/expirable_spec.rb +0 -61
  190. data/spec/lib/models/reusable_spec.rb +0 -40
  191. data/spec/lib/models/revocable_spec.rb +0 -59
  192. data/spec/lib/models/scopes_spec.rb +0 -53
  193. data/spec/lib/models/secret_storable_spec.rb +0 -135
  194. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  195. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -156
  196. data/spec/lib/oauth/base_request_spec.rb +0 -205
  197. data/spec/lib/oauth/base_response_spec.rb +0 -47
  198. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  199. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -94
  200. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  201. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  202. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
  203. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
  204. data/spec/lib/oauth/client_spec.rb +0 -38
  205. data/spec/lib/oauth/code_request_spec.rb +0 -47
  206. data/spec/lib/oauth/code_response_spec.rb +0 -36
  207. data/spec/lib/oauth/error_response_spec.rb +0 -66
  208. data/spec/lib/oauth/error_spec.rb +0 -23
  209. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
  210. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
  211. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  212. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -247
  213. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
  214. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
  215. data/spec/lib/oauth/pre_authorization_spec.rb +0 -215
  216. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  217. data/spec/lib/oauth/scopes_spec.rb +0 -148
  218. data/spec/lib/oauth/token_request_spec.rb +0 -150
  219. data/spec/lib/oauth/token_response_spec.rb +0 -86
  220. data/spec/lib/oauth/token_spec.rb +0 -158
  221. data/spec/lib/request/strategy_spec.rb +0 -54
  222. data/spec/lib/secret_storing/base_spec.rb +0 -60
  223. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  224. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  225. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  226. data/spec/lib/server_spec.rb +0 -61
  227. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  228. data/spec/models/doorkeeper/access_grant_spec.rb +0 -144
  229. data/spec/models/doorkeeper/access_token_spec.rb +0 -591
  230. data/spec/models/doorkeeper/application_spec.rb +0 -367
  231. data/spec/requests/applications/applications_request_spec.rb +0 -259
  232. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  233. data/spec/requests/endpoints/authorization_spec.rb +0 -73
  234. data/spec/requests/endpoints/token_spec.rb +0 -75
  235. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -78
  236. data/spec/requests/flows/authorization_code_spec.rb +0 -447
  237. data/spec/requests/flows/client_credentials_spec.rb +0 -128
  238. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -34
  239. data/spec/requests/flows/implicit_grant_spec.rb +0 -90
  240. data/spec/requests/flows/password_spec.rb +0 -259
  241. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  242. data/spec/requests/flows/revoke_token_spec.rb +0 -143
  243. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  244. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  245. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  246. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  247. data/spec/routing/default_routes_spec.rb +0 -41
  248. data/spec/routing/scoped_routes_spec.rb +0 -47
  249. data/spec/spec_helper.rb +0 -57
  250. data/spec/spec_helper_integration.rb +0 -4
  251. data/spec/support/dependencies/factory_bot.rb +0 -4
  252. data/spec/support/doorkeeper_rspec.rb +0 -22
  253. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  254. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  255. data/spec/support/helpers/config_helper.rb +0 -11
  256. data/spec/support/helpers/model_helper.rb +0 -78
  257. data/spec/support/helpers/request_spec_helper.rb +0 -98
  258. data/spec/support/helpers/url_helper.rb +0 -62
  259. data/spec/support/http_method_shim.rb +0 -29
  260. data/spec/support/orm/active_record.rb +0 -5
  261. data/spec/support/shared/controllers_shared_context.rb +0 -123
  262. data/spec/support/shared/hashing_shared_context.rb +0 -36
  263. data/spec/support/shared/models_shared_examples.rb +0 -54
  264. data/spec/validators/redirect_uri_validator_spec.rb +0 -158
  265. data/spec/version/version_spec.rb +0 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d8ea67fd14f902f63a276aed1f57a134c39fa02322d4b1f114571e2a90310ead
4
- data.tar.gz: 44f9f0b886117c6dabe6a09c236107ba6b8c3469b40526a4f6c10f2e4b3e8eac
3
+ metadata.gz: 8d0646462c8fd51891c70b06dbccf9d4c2a2db2d19f71fb9e358c9401843053a
4
+ data.tar.gz: 17669cf7be5a1f0053850c6f00c03b63df477438a7aa6805558d48dfb35541b0
5
5
  SHA512:
6
- metadata.gz: 2aa8f4fbe445a84f98035e8ebeb99e715860fb7d29637d8e6cca994bf18a9ba7c051d38fda66829a5dd260f93ee74ff9f6f6d863e610203fa690da7b698b7da1
7
- data.tar.gz: 5d474565c95e341b7b4773a7c1e2a782fa1bc27c4f22874428db52ceb4df10ccbb342420ba5266ba0d779380d42df3576f56449d390ecbf795e4deee50bdaff4
6
+ metadata.gz: 54c0fadb672bb09b4e33b6df5476694a0e7f1fb7795b3e2d4172e6c77671bbd7f929dec42f37d9b17bede5cb0659c5a95a30771fd8c69dbdddcb80d4d291aa81
7
+ data.tar.gz: 462977a3eae6d5705ce246814a66f0bd29cd64647e43ba4df2502b9b72eea9c0e848ce3c1789fa97cb6953a07661eef025665a9fa29a97080c1d61acc3e559b6
@@ -1,17 +1,229 @@
1
- # News
1
+ # Changelog
2
2
 
3
3
  See https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions for
4
4
  upgrade guides.
5
5
 
6
6
  User-visible changes worth mentioning.
7
7
 
8
- ## master
8
+ ## main
9
+
10
+ - [#PR ID] Add your PR description here.
11
+
12
+ ## 5.5.0
13
+
14
+ - [#1482] Simplify `TokenInfoController` to be overridable (extract response rendering).
15
+ - [#1478] Fix ownership association and Rake tasks when custom models configured.
16
+ - [#1477] Respect `ActiveRecord::Base.pluralize_table_names` for Doorkeeper table names.
17
+
18
+ ## 5.5.0.rc2
19
+
20
+ - [#1473] Enable `Applications` and `AuthorizedApplications` controllers in API mode.
21
+
22
+ **[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
23
+ `use_doorkeeper` inside `routes.rb`. Please do it in case you don't need them.
24
+
25
+ - [#1472] Fix `establish_connection` configuration for custom defined models.
26
+ - [#1471] Add support for Ruby 3.0.
27
+ - [#1469] Check if `redirect_uri` exists.
28
+ - [#1465] Memoize nil doorkeeper_token.
29
+ - [#1459] Use built-in Ruby option to remove padding in PKCE code challenge value.
30
+ - [#1457] Make owner_id a bigint for newly-generated owner migrations
31
+ - [#1452] Empty previous_refresh_token only if present.
32
+ - [#1440] Validate empty host in redirect_uri.
33
+ - [#1438] Add form post response mode.
34
+ - [#1458] Make `config.skip_client_authentication_for_password_grant` a long term configuration option.
35
+
36
+ ## 5.5.0.rc1
37
+
38
+ - [#1435] Make error response not redirectable when client is unauthorized
39
+ - [#1426] Ensure ActiveRecord callbacks are executed on token revocation.
40
+ - [#1407] Remove redundant and complex to support helpers froms tests (`should_have_json`, etc).
41
+ - [#1416] Don't add introspection route if token introspection completely disabled.
42
+ - [#1410] Properly memoize `current_resource_owner` value (consider `nil` and `false` values).
43
+ - [#1415] Ignore PKCE params for non-PKCE grants.
44
+ - [#1418] Add ability to register custom OAuth Grant Flows.
45
+ - [#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.
46
+
47
+ **[IMPORTANT]** you need to create a new OAuth client (`Doorkeeper::Application`) if you didn't
48
+ have it before and use client credentials in HTTP Basic auth if you previously used this grant
49
+ flow without client authentication. To opt out of this you could set the
50
+ `skip_client_authentication_for_password_grant` configuration option to `true`, but note that
51
+ this is in violation of the OAuth spec and represents a security risk.
52
+ All the users of your provider application now need to include client credentials when they use
53
+ this grant flow.
9
54
 
10
- - [#PR] Add your PR description here.
55
+ - [#1421] Add Resource Owner instance to authorization hook context for `custom_access_token_expires_in`
56
+ configuration option to allow resource owner based Access Tokens TTL.
57
+
58
+ ## 5.4.0
59
+
60
+ - [#1404] Make `Doorkeeper::Application#read_attribute_for_serialization` public.
61
+
62
+ ## 5.4.0.rc2
63
+
64
+ - [#1371] Add `#as_json` method and attributes serialization restriction for Application model.
65
+ Fixes information disclosure vulnerability (CVE-2020-10187).
66
+
67
+ **[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
68
+ if you previously used `#to_json` serialization with custom options or attributes or rely on
69
+ JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
70
+ is a breaking change which restricts serialized attributes to a very small set of columns.
71
+
72
+ - [#1395] Fix `NameError: uninitialized constant Doorkeeper::AccessToken` for Rake tasks.
73
+ - [#1397] Add `as: :doorkeeper_application` on Doorkeeper application form in order to support
74
+ custom configured application model.
75
+ - [#1400] Correctly yield the application instance to `allow_grant_flow_for_client?` config
76
+ option (fixes #1398).
77
+ - [#1402] Handle trying authorization with client credentials.
78
+
79
+ ## 5.4.0.rc1
80
+ - [#1366] Sets expiry of token generated using `refresh_token` to that of original token. (Fixes #1364)
81
+ - [#1354] Add `authorize_resource_owner_for_client` option to authorize the calling user to access an application.
82
+ - [#1355] Allow to enable polymorphic Resource Owner association for Access Token & Grant
83
+ models (`use_polymorphic_resource_owner` configuration option).
84
+
85
+ **[IMPORTANT]** Review your custom patches or extensions for Doorkeeper internals if you
86
+ have such - since now Doorkeeper passes Resource Owner instance to every objects and not
87
+ just it's ID. See PR description for details.
88
+
89
+ - [#1356] Remove duplicated scopes from Access Tokens and Grants on attribute assignment.
90
+ - [#1357] Fix `Doorkeeper::OAuth::PreAuthorization#as_json` method causing
91
+ `Stack level too deep` error with AMS (fix #1312).
92
+ - [#1358] Deprecate `active_record_options` configuration option.
93
+ - [#1359] Refactor Doorkeeper configuration options DSL to make it easy to reuse it
94
+ in external extensions.
95
+ - [#1360] Increase `matching_token_for` lookup size to 10 000 and make it configurable.
96
+ - [#1371] Fix controllers to use valid classes in case Doorkeeper has custom models configured.
97
+ - [#1370] Fix revocation response for invalid token and unauthorized requests to conform with RFC 7009 (fixes #1362).
98
+
99
+ **[IMPORTANT]** now fully according to RFC 7009 nobody can do a revocation request without `client_id`
100
+ (for public clients) and `client_secret` (for private clients). Please update your apps to include that
101
+ info in the revocation request payload.
102
+
103
+ - [#1373] Make Doorkeeper routes mapper reusable in extensions.
104
+ - [#1374] Revoke and issue client credentials token in a transaction with a row lock.
105
+ - [#1384] Add context object with auth/pre_auth and issued_token for authorization hooks.
106
+ - [#1387] Add `AccessToken#create_for` and use in `RefreshTokenRequest`.
107
+ - [#1392] Fix `enable_polymorphic_resource_owner` migration template to have proper index name.
108
+ - [#1393] Improve Applications #show page with more informative data on client secret and scopes.
109
+ - [#1394] Use Ruby `autoload` feature to load Doorkeeper files.
110
+
111
+ ## 5.3.3
112
+
113
+ - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
114
+
115
+ ## 5.3.2
116
+
117
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
118
+ Fixes information disclosure vulnerability (CVE-2020-10187).
119
+
120
+ ## 5.3.1
121
+
122
+ - [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
123
+
124
+ ## 5.3.0
125
+
126
+ - [#1339] Validate Resource Owner in `PasswordAccessTokenRequest` against `nil` and `false` values.
127
+ - [#1341] Fix `refresh_token_revoked_on_use` with `hash_token_secrets` enabled.
128
+ - [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
129
+ - [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
130
+ - [#1346] Refactor `Doorkeeper::Application#to_json` into convenient `#as_json` (fix #1344).
131
+ - [#1349] Fix `Doorkeeper::Application` AR associations using an incorrect foreign key name when using a custom class.
132
+ - [#1318] Make existing token revocation for client credentials optional and disable it by default.
133
+
134
+ **[IMPORTANT]** This is a change compared to the behaviour of version 5.2.
135
+ If you were relying on access tokens being revoked once the same client
136
+ requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
137
+ initialization file.
138
+
139
+ ## 5.2.6
140
+
141
+ - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
142
+
143
+ ## 5.2.5
144
+
145
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
146
+ Fixes information disclosure vulnerability (CVE-2020-10187).
147
+
148
+ ## 5.2.4
149
+
150
+ - [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
151
+
152
+ ## 5.2.3
153
+
154
+ - [#1334] Remove `application_secret` flash helper and `redirect_to` keyword.
155
+ - [#1331] Move redirect_uri_validator to where it is used (`Application` model).
156
+ - [#1326] Move response_type check in pre_authorization to a method to be easily to override.
157
+ - [#1329] Fix `find_in_batches` order warning.
158
+
159
+ ## 5.2.2
160
+
161
+ - [#1320] Call configured `authenticate_resource_owner` method once per request.
162
+ - [#1315] Allow generation of new secret with `Doorkeeper::Application#renew_secret`.
163
+ - [#1309] Allow `Doorkeeper::Application#to_json` to work without arguments.
164
+
165
+ ## 5.2.1
166
+
167
+ - [#1308] Fix flash types for `api_only` mode (no flashes for `ActionController::API`).
168
+ - [#1306] Fix interpolation of `missing_param` I18n.
169
+
170
+ ## 5.2.0
171
+
172
+ - [#1305] Make `Doorkeeper::ApplicationController` to inherit from `ActionController::API` in cases
173
+ when `api_mode` enabled (fixes #1302).
174
+
175
+ ## 5.2.0.rc3
176
+
177
+ - [#1298] Slice strong params so doesn't error with Rails forms.
178
+ - [#1300] Limiting access to attributes of pre_authorization.
179
+ - [#1296] Adding client_id to strong parameters.
180
+
181
+ **[IMPORTANT]** `Doorkeeper::Server#client_via_uid` was removed.
182
+
183
+ - [#1293] Move ar specific redirect uri validator to ar orm directory.
184
+ - [#1288] Allow to pass attributes to the `Doorkeeper::OAuth::PreAuthorization#as_json` method to customize
185
+ the PreAuthorization response.
186
+ - [#1286] Add ability to customize grant flows per application (OAuth client) (#1245 , #1207)
187
+ - [#1283] Allow to customize base class for `Doorkeeper::ApplicationMetalController` (new configuration
188
+ option called `base_metal_controller` (fix #1273).
189
+ - [#1277] Prevent requested scope be empty on authorization request, handle and add description for invalid request.
190
+
191
+ ## 5.2.0.rc2
192
+
193
+ - [#1270] Find matching tokens in batches for `reuse_access_token` option (fix #1193).
194
+ - [#1271] Reintroduce existing token revocation for client credentials.
195
+
196
+ **[IMPORTANT]** If you rely on being able to fetch multiple access tokens from the same
197
+ client using client credentials flow, you should skip to version 5.3, where this behaviour
198
+ is deactivated by default.
199
+
200
+ - [#1269] Update initializer template documentation.
201
+ - [#1266] Use strong parameters within pre-authorization.
202
+ - [#1264] Add :before_successful_authorization and :after_successful_authorization hooks in TokensController
203
+ - [#1263] Response properly when introspection fails and fix configurations's user guide.
204
+
205
+ ## 5.2.0.rc1
206
+
207
+ - [#1260], [#1262] Improve Token Introspection configuration option (access to tokens, client).
208
+ - [#1257] Add constraint configuration when using client authentication on introspection endpoint.
209
+ - [#1252] Returning `unauthorized` when the revocation of the token should not be performed due to wrong permissions.
210
+ - [#1249] Specify case sensitive uniqueness to remove Rails 6 deprecation message
211
+ - [#1248] Display the Application Secret in HTML after creating a new application even when `hash_application_secrets` is used.
212
+ - [#1248] Return the unhashed Application Secret in the JSON response after creating new application even when `hash_application_secrets` is used.
213
+ - [#1238] Better support for native app with support for custom scheme and localhost redirection.
214
+
215
+ ## 5.1.2
216
+
217
+ - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
218
+
219
+ ## 5.1.1
220
+
221
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
222
+ Fixes information disclosure vulnerability (CVE-2020-10187).
11
223
 
12
224
  ## 5.1.0
13
225
 
14
- - [#1243]: Add nil check operator in token checking at token introspection.
226
+ - [#1243] Add nil check operator in token checking at token introspection.
15
227
  - [#1241] Explaining foreign key options for resource owner in a single place
16
228
  - [#1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
17
229
  - [#1234] Fix `StaleRecordsCleaner` to properly work with big amount of records.
@@ -25,9 +237,9 @@ User-visible changes worth mentioning.
25
237
 
26
238
  - [#1208] Unify hashing implementation into secret storing strategies
27
239
 
28
- **[IMPORTANT]**: If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
240
+ **[IMPORTANT]** If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
29
241
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
30
- `use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt`.
242
+ `hash_application_secrets using: 'Doorkeeper::SecretStoring::BCrypt`.
31
243
 
32
244
  - [#1216] Add nil check to `expires_at` method.
33
245
  - [#1215] Fix deprecates for Rails 6.
@@ -52,7 +264,7 @@ User-visible changes worth mentioning.
52
264
  token value validations, or you are using database with case-insensitive WHERE clause like MySQL
53
265
  (you can face some collisions). Before this change access token value matched `[a-f0-9]` regex, and now
54
266
  it matches `[a-zA-Z0-9\-_]`. In case you have such restrictions and your don't use custom token generator
55
- please change configuration option `default_generator_method ` to `:hex`.
267
+ please change configuration option `default_generator_method` to `:hex`.
56
268
 
57
269
  - [#1195] Allow to customize Token Introspection response (fixes #1194).
58
270
  - [#1189] Option to set `token_reuse_limit`.
@@ -70,6 +282,11 @@ User-visible changes worth mentioning.
70
282
  - [#1164] Fix error when `root_path` is not defined.
71
283
  - [#1162] Fix `enforce_content_type` for requests without body.
72
284
 
285
+ ## 5.0.3
286
+
287
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
288
+ Fixes information disclosure vulnerability (CVE-2020-10187).
289
+
73
290
  ## 5.0.2
74
291
 
75
292
  - [#1158] Fix initializer template: change `handle_auth_errors` option
@@ -121,9 +338,9 @@ User-visible changes worth mentioning.
121
338
  either public or private/confidential
122
339
 
123
340
  **[IMPORTANT]**: all the applications (clients) now are considered as private by default.
124
- You need to manually change `confidential` column to `false` if you are using public clients,
125
- in other case your mobile (or other) applications will not be able to authorize.
126
- See [#1142](https://github.com/doorkeeper-gem/doorkeeper/issues/1142) for more details.
341
+ You need to manually change `confidential` column to `false` if you are using public clients,
342
+ in other case your mobile (or other) applications will not be able to authorize.
343
+ See [#1142](https://github.com/doorkeeper-gem/doorkeeper/issues/1142) for more details.
127
344
 
128
345
  - [#1010] Add configuration to enforce configured scopes (`default_scopes` and
129
346
  `optional_scopes`) for applications
@@ -148,7 +365,6 @@ User-visible changes worth mentioning.
148
365
  - [#1143] Adds a config option `opt_out_native_route_change` to opt out of the breaking api
149
366
  changed introduced in https://github.com/doorkeeper-gem/doorkeeper/pull/1003
150
367
 
151
-
152
368
  ## 4.4.2
153
369
 
154
370
  - [#1130] Backport fix for native redirect_uri from 5.x.
@@ -228,7 +444,7 @@ User-visible changes worth mentioning.
228
444
  ## 4.2.0
229
445
 
230
446
  - Security fix: Address CVE-2016-6582, implement token revocation according to
231
- spec (tokens might not be revoked if client follows the spec).
447
+ spec (tokens might not be revoked if client follows the spec).
232
448
  - [#873] Add hooks to Doorkeeper::ApplicationMetalController
233
449
  - [#871] Allow downstream users to better utilize doorkeeper spec factories by
234
450
  eliminating name conflict on `:user` factory.
@@ -262,6 +478,7 @@ User-visible changes worth mentioning.
262
478
  ```
263
479
  rails generate doorkeeper:previous_refresh_token
264
480
  ```
481
+
265
482
  - [#811] Toughen parameters filter with exact match
266
483
  - [#813] Applications admin bugfix
267
484
  - [#799] Fix Ruby Warnings
@@ -355,11 +572,10 @@ User-visible changes worth mentioning.
355
572
  - Removes `doorkeeper_for` deprecation notice.
356
573
  - Remove `applications.scopes` upgrade notice.
357
574
 
358
-
359
575
  ## 2.2.2
360
576
 
361
577
  - [#541] Fixed `undefined method attr_accessible` problem on Rails 4
362
- (happens only when ProtectedAttributes gem is used) in #599
578
+ (happens only when ProtectedAttributes gem is used) in #599
363
579
 
364
580
  ## 2.2.1
365
581
 
@@ -378,7 +594,6 @@ User-visible changes worth mentioning.
378
594
  - [#627] i18n fallbacks to english
379
595
  - Moved CHANGELOG to NEWS.md
380
596
 
381
-
382
597
  ## 2.1.4 - 2015-03-27
383
598
 
384
599
  - [#595] HTTP spec: Add `scope` for refresh token scope param
@@ -386,12 +601,10 @@ User-visible changes worth mentioning.
386
601
  - [#567] Add Grape helpers for easier integration with Grape framework
387
602
  - [#606] Add custom access token expiration support for Client Credentials flow
388
603
 
389
-
390
604
  ## 2.1.3 - 2015-03-01
391
605
 
392
606
  - [#588] Fixes scopes_match? bug that skipped authorization form in some cases
393
607
 
394
-
395
608
  ## 2.1.2 - 2015-02-25
396
609
 
397
610
  - [#574] Remove unused update authorization route.
@@ -400,17 +613,15 @@ User-visible changes worth mentioning.
400
613
  - [#583] Database connection bugfix in certain scenarios.
401
614
  - Testing improvements
402
615
 
403
-
404
616
  ## 2.1.1 - 2015-02-06
405
617
 
406
618
  - Remove `wildcard_redirect_url` option
407
619
  - [#481] Customize token flow OAuth expirations with a config lambda
408
620
  - [#568] TokensController: Memoize strategy.authorize_response result to enable
409
- subclasses to use the response object.
621
+ subclasses to use the response object.
410
622
  - [#571] Fix database initialization issues in some configurations.
411
623
  - Documentation improvements
412
624
 
413
-
414
625
  ## 2.1.0 - 2015-01-13
415
626
 
416
627
  - [#540] Include `created_at` in response.
@@ -430,12 +641,10 @@ User-visible changes worth mentioning.
430
641
  Disables implicit and password grant flows by default.
431
642
  - [#510, #544, 722113f] Revoked refresh token response bugfix.
432
643
 
433
-
434
644
  ## 2.0.1 - 2014-12-17
435
645
 
436
646
  - [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.
437
647
 
438
-
439
648
  ## 2.0.0 - 2014-12-16
440
649
 
441
650
  ### Backward incompatible changes
@@ -569,7 +778,7 @@ User-visible changes worth mentioning.
569
778
  tokens for an application/owner instead of deleting them.
570
779
  - [#333] Rails 4.1 support
571
780
  - internals
572
- - Removes jQuery dependency [fixes #300] [PR #312 is related]
781
+ - Removes jQuery dependency [fixes #300][pr #312 is related]
573
782
  - [#294] Client uid and secret will be generated only if not present.
574
783
  - [#316] Test warnings addressed.
575
784
  - [#338] Rspec 3 syntax.
@@ -687,7 +896,7 @@ Official support for rubinius was removed.
687
896
  - Add support for mongoid
688
897
  - [#78, #128, #137, #138] Application Ownership
689
898
  - [#92] Allow users to skip controllers
690
- - [#99] Remove deprecated warnings for data-* attributes [@towerhe](https://github.com/towerhe)
899
+ - [#99] Remove deprecated warnings for data-\* attributes [@towerhe](https://github.com/towerhe)
691
900
  - [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
692
901
  - [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
693
902
  - [#107] Fix typos in initializer
@@ -749,7 +958,7 @@ Official support for rubinius was removed.
749
958
  - [#50] Fix typos [@tomekw](https://github.com/tomekw)
750
959
  - [#51] Updated the factory_girl_rails dependency, fix expires_in response which returned a float number instead of integer [@antekpiechnik](https://github.com/antekpiechnik)
751
960
  - [#62] Typos, .gitignore [@jaimeiniesta](https://github.com/jaimeiniesta)
752
- - [#65] Change _path redirections to _url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
961
+ - [#65] Change \_path redirections to \_url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
753
962
  - [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
754
963
  - Remove application link in authorized app view
755
964
 
data/README.md CHANGED
@@ -1,12 +1,12 @@
1
1
  # Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
4
- [![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
4
+ [![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=main)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
5
5
  [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
6
- [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=master)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=master)
7
- [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master)
6
+ [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
7
+ [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main)
8
8
  [![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
9
- [![GuardRails badge](https://badges.production.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
9
+ [![GuardRails badge](https://badges.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
10
10
  [![Dependabot](https://img.shields.io/badge/dependabot-enabled-success.svg)](https://dependabot.com)
11
11
 
12
12
  Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider
@@ -21,10 +21,11 @@ Supported features:
21
21
  - [Implicit grant](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2)
22
22
  - [Resource Owner Password Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.3)
23
23
  - [Client Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.4)
24
- - [Proof Key for Code Exchange](https://tools.ietf.org/html/rfc7636)
25
24
  - [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
26
25
  - [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
27
26
  - [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
27
+ - [OAuth 2.0 for Native Apps](https://tools.ietf.org/html/draft-ietf-oauth-native-apps-10)
28
+ - [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
28
29
 
29
30
  ## Table of Contents
30
31
 
@@ -50,7 +51,7 @@ Supported features:
50
51
 
51
52
  ## Documentation
52
53
 
53
- This documentation is valid for `master` branch. Please check the documentation for the version of doorkeeper you are using in:
54
+ This documentation is valid for `main` branch. Please check the documentation for the version of doorkeeper you are using in:
54
55
  https://github.com/doorkeeper-gem/doorkeeper/releases.
55
56
 
56
57
  Additionally, other resources can be found on:
@@ -93,6 +94,7 @@ Doorkeeper supports Active Record by default, but can be configured to work with
93
94
  | MongoDB | [doorkeeper-gem/doorkeeper-mongodb](https://github.com/doorkeeper-gem/doorkeeper-mongodb) |
94
95
  | Sequel | [nbulaj/doorkeeper-sequel](https://github.com/nbulaj/doorkeeper-sequel) |
95
96
  | Couchbase | [acaprojects/doorkeeper-couchbase](https://github.com/acaprojects/doorkeeper-couchbase) |
97
+ | RethinkDB | [aca-labs/doorkeeper-rethinkdb](https://github.com/aca-labs/doorkeeper-rethinkdb) |
96
98
 
97
99
  ## Extensions
98
100
 
@@ -111,7 +113,7 @@ These applications show how Doorkeeper works and how to integrate with it. Start
111
113
 
112
114
  | Application | Link |
113
115
  | :--- | :--- |
114
- | oAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
116
+ | OAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
115
117
  | Sinatra Client connected to Provider App | [doorkeeper-gem/doorkeeper-sinatra-client](https://github.com/doorkeeper-gem/doorkeeper-sinatra-client) |
116
118
  | Devise + Omniauth Client | [doorkeeper-gem/doorkeeper-devise-client](https://github.com/doorkeeper-gem/doorkeeper-devise-client) |
117
119
 
@@ -136,6 +138,12 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
136
138
 
137
139
  > If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)
138
140
 
141
+ <br>
142
+
143
+ <a href="https://www.wealthsimple.com/?utm_source=doorkeeper-gem" target="_blank"><img src="https://wealthsimple.s3.amazonaws.com/branding/medium-black.svg"/></a>
144
+
145
+ > Wealthsimple is a financial company on a mission to help everyone achieve financial freedom by providing products and advice that are accessible and affordable. Using smart technology, Wealthsimple takes financial services that are often confusing, opaque and expensive and makes them simple, transparent, and low-cost. See what Investing on Autopilot is all about: [https://www.wealthsimple.com](https://www.wealthsimple.com/?utm_source=doorkeeper-gem)
146
+
139
147
  ## Development
140
148
 
141
149
  To run the local engine server:
@@ -146,12 +154,15 @@ bundle exec rake doorkeeper:server
146
154
  ````
147
155
 
148
156
  By default, it uses the latest Rails version with ActiveRecord. To run the
149
- tests with a specific ORM and Rails version:
157
+ tests with a specific Rails version:
150
158
 
151
159
  ```
152
- rails=5.2 orm=active_record bundle exec rake
160
+ BUNDLE_GEMFILE=gemfiles/rails_6_0.gemfile bundle exec rake
153
161
  ```
154
162
 
163
+ You can also experiment with the changes using `bin/console`. It uses in-memory SQLite database and default
164
+ Doorkeeper config, but you can reestablish connection or reconfigure the gem if you need.
165
+
155
166
  ## Contributing
156
167
 
157
168
  Want to contribute and don't know where to start? Check out [features we're
@@ -160,8 +171,7 @@ create [example
160
171
  apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
161
172
  integrate the gem with your app and let us know!
162
173
 
163
- Also, check out our [contributing guidelines
164
- page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
174
+ Also, check out our [contributing guidelines page](CONTRIBUTING.md).
165
175
 
166
176
  ## Contributors
167
177
 
@@ -2,10 +2,10 @@
2
2
 
3
3
  module Doorkeeper
4
4
  class ApplicationController <
5
- Doorkeeper.configuration.base_controller.constantize
5
+ Doorkeeper.config.resolve_controller(:base)
6
6
  include Helpers::Controller
7
7
 
8
- unless Doorkeeper.configuration.api_only
8
+ unless Doorkeeper.config.api_only
9
9
  protect_from_forgery with: :exception
10
10
  helper "doorkeeper/dashboard"
11
11
  end
@@ -1,11 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Doorkeeper
4
- class ApplicationMetalController < ActionController::API
4
+ class ApplicationMetalController <
5
+ Doorkeeper.config.resolve_controller(:base_metal)
5
6
  include Helpers::Controller
6
7
 
7
8
  before_action :enforce_content_type,
8
- if: -> { Doorkeeper.configuration.enforce_content_type }
9
+ if: -> { Doorkeeper.config.enforce_content_type }
9
10
 
10
11
  ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
11
12
  end
@@ -8,7 +8,7 @@ module Doorkeeper
8
8
  before_action :set_application, only: %i[show edit update destroy]
9
9
 
10
10
  def index
11
- @applications = Application.ordered_by(:created_at)
11
+ @applications = Doorkeeper.config.application_model.ordered_by(:created_at)
12
12
 
13
13
  respond_to do |format|
14
14
  format.html
@@ -19,23 +19,24 @@ module Doorkeeper
19
19
  def show
20
20
  respond_to do |format|
21
21
  format.html
22
- format.json { render json: @application }
22
+ format.json { render json: @application, as_owner: true }
23
23
  end
24
24
  end
25
25
 
26
26
  def new
27
- @application = Application.new
27
+ @application = Doorkeeper.config.application_model.new
28
28
  end
29
29
 
30
30
  def create
31
- @application = Application.new(application_params)
31
+ @application = Doorkeeper.config.application_model.new(application_params)
32
32
 
33
33
  if @application.save
34
34
  flash[:notice] = I18n.t(:notice, scope: %i[doorkeeper flash applications create])
35
+ flash[:application_secret] = @application.plaintext_secret
35
36
 
36
37
  respond_to do |format|
37
38
  format.html { redirect_to oauth_application_url(@application) }
38
- format.json { render json: @application }
39
+ format.json { render json: @application, as_owner: true }
39
40
  end
40
41
  else
41
42
  respond_to do |format|
@@ -57,7 +58,7 @@ module Doorkeeper
57
58
 
58
59
  respond_to do |format|
59
60
  format.html { redirect_to oauth_application_url(@application) }
60
- format.json { render json: @application }
61
+ format.json { render json: @application, as_owner: true }
61
62
  end
62
63
  else
63
64
  respond_to do |format|
@@ -83,7 +84,7 @@ module Doorkeeper
83
84
  private
84
85
 
85
86
  def set_application
86
- @application = Application.find(params[:id])
87
+ @application = Doorkeeper.config.application_model.find(params[:id])
87
88
  end
88
89
 
89
90
  def application_params