doorkeeper 5.1.0 → 5.5.1

data/lib/doorkeeper/request.rb

@@ -4,37 +4,69 @@ module Doorkeeper
   module Request
     class << self
       def authorization_strategy(response_type)
-        get_strategy(response_type, authorization_response_types)
-      rescue NameError
-        raise Errors::InvalidAuthorizationStrategy
+        grant_flow = authorization_flows.detect do |flow|
+          flow.matches_response_type?(response_type)
+        end
+
+        if grant_flow
+          grant_flow.response_type_strategy
+        else
+          # [NOTE]: this will be removed in a newer versions of Doorkeeper.
+          # For retro-compatibility only
+          build_fallback_strategy_class(response_type)
+        end
       end
 
       def token_strategy(grant_type)
-        get_strategy(grant_type, token_grant_types)
-      rescue NameError
-        raise Errors::InvalidTokenStrategy
-      end
+        raise Errors::MissingRequiredParameter, :grant_type if grant_type.blank?
+
+        grant_flow = token_flows.detect do |flow|
+          flow.matches_grant_type?(grant_type)
+        end
+
+        if grant_flow
+          grant_flow.grant_type_strategy
+        else
+          # [NOTE]: this will be removed in a newer versions of Doorkeeper.
+          # For retro-compatibility only
+          raise Errors::InvalidTokenStrategy unless available.include?(grant_type.to_s)
 
-      def get_strategy(grant_or_request_type, available)
-        raise Errors::MissingRequestStrategy if grant_or_request_type.blank?
-        raise NameError unless available.include?(grant_or_request_type.to_s)
+          strategy_class = build_fallback_strategy_class(grant_type)
+          raise Errors::InvalidTokenStrategy unless strategy_class
 
-        build_strategy_class(grant_or_request_type)
+          strategy_class
+        end
       end
 
       private
 
-      def authorization_response_types
-        Doorkeeper.configuration.authorization_response_types
+      def authorization_flows
+        Doorkeeper.configuration.authorization_response_flows
       end
 
-      def token_grant_types
-        Doorkeeper.configuration.token_grant_types
+      def token_flows
+        Doorkeeper.configuration.token_grant_flows
       end
 
-      def build_strategy_class(grant_or_request_type)
+      # [NOTE]: this will be removed in a newer versions of Doorkeeper.
+      # For retro-compatibility only
+      def available
+        Doorkeeper.config.deprecated_token_grant_types_resolver
+      end
+
+      def build_fallback_strategy_class(grant_or_request_type)
         strategy_class_name = grant_or_request_type.to_s.tr(" ", "_").camelize
-        "Doorkeeper::Request::#{strategy_class_name}".constantize
+        fallback_strategy = "Doorkeeper::Request::#{strategy_class_name}".constantize
+
+        ::Kernel.warn <<~WARNING
+          [DOORKEEPER] #{fallback_strategy} found using fallback, it must be
+          registered using `Doorkeeper::GrantFlow.register(grant_flow_name, **options)`.
+          This functionality will be removed in a newer versions of Doorkeeper.
+        WARNING
+
+        fallback_strategy
+      rescue NameError
+        raise Errors::InvalidTokenStrategy
       end
     end
   end

data/lib/doorkeeper/server.rb

@@ -2,20 +2,20 @@
 
 module Doorkeeper
   class Server
-    attr_accessor :context
+    attr_reader :context
 
-    def initialize(context = nil)
+    def initialize(context)
       @context = context
     end
 
     def authorization_request(strategy)
-      klass = Request.authorization_strategy strategy
-      klass.new self
+      klass = Request.authorization_strategy(strategy)
+      klass.new(self)
     end
 
     def token_request(strategy)
-      klass = Request.token_strategy strategy
-      klass.new self
+      klass = Request.token_strategy(strategy)
+      klass.new(self)
     end
 
     # TODO: context should be the request
@@ -27,10 +27,6 @@ module Doorkeeper
       @client ||= OAuth::Client.authenticate(credentials)
     end
 
-    def client_via_uid
-      @client_via_uid ||= OAuth::Client.find(parameters[:client_id])
-    end
-
     def current_resource_owner
       context.send :current_resource_owner
     end
@@ -41,7 +37,7 @@ module Doorkeeper
     end
 
     def credentials
-      methods = Doorkeeper.configuration.client_credentials_methods
+      methods = Doorkeeper.config.client_credentials_methods
       @credentials ||= OAuth::Client::Credentials.from_request(context.request, *methods)
     end
   end

data/lib/doorkeeper/stale_records_cleaner.rb

@@ -5,16 +5,20 @@ module Doorkeeper
     CLEANER_CLASS = "StaleRecordsCleaner"
 
     def self.for(base_scope)
-      orm_adapter = "doorkeeper/orm/#{Doorkeeper.configuration.orm}".classify
+      orm_adapter = "doorkeeper/orm/#{configured_orm}".classify
 
       orm_cleaner = "#{orm_adapter}::#{CLEANER_CLASS}".constantize
       orm_cleaner.new(base_scope)
     rescue NameError
-      raise Doorkeeper::Errors::NoOrmCleaner, "'#{Doorkeeper.configuration.orm}' ORM has no cleaner!"
+      raise Doorkeeper::Errors::NoOrmCleaner, "'#{configured_orm}' ORM has no cleaner!"
     end
 
     def self.new(base_scope)
       self.for(base_scope)
     end
+
+    def self.configured_orm
+      Doorkeeper.config.orm
+    end
   end
 end

data/lib/doorkeeper/version.rb

@@ -1,15 +1,11 @@
 # frozen_string_literal: true
 
 module Doorkeeper
-  def self.gem_version
-    Gem::Version.new VERSION::STRING
-  end
-
   module VERSION
     # Semantic versioning
     MAJOR = 5
-    MINOR = 1
-    TINY = 0
+    MINOR = 5
+    TINY = 1
     PRE = nil
 
     # Full version number

data/lib/doorkeeper.rb

@@ -1,87 +1,122 @@
 # frozen_string_literal: true
 
-require "doorkeeper/version"
-require "doorkeeper/engine"
 require "doorkeeper/config"
+require "doorkeeper/engine"
 
-require "doorkeeper/request/strategy"
-require "doorkeeper/request/authorization_code"
-require "doorkeeper/request/client_credentials"
-require "doorkeeper/request/code"
-require "doorkeeper/request/password"
-require "doorkeeper/request/refresh_token"
-require "doorkeeper/request/token"
-
-require "doorkeeper/errors"
-require "doorkeeper/server"
-require "doorkeeper/request"
-require "doorkeeper/validations"
-
-require "doorkeeper/oauth/authorization/code"
-require "doorkeeper/oauth/authorization/context"
-require "doorkeeper/oauth/authorization/token"
-require "doorkeeper/oauth/authorization/uri_builder"
-require "doorkeeper/oauth/helpers/scope_checker"
-require "doorkeeper/oauth/helpers/uri_checker"
-require "doorkeeper/oauth/helpers/unique_token"
-
-require "doorkeeper/oauth"
-require "doorkeeper/oauth/scopes"
-require "doorkeeper/oauth/error"
-require "doorkeeper/oauth/base_response"
-require "doorkeeper/oauth/code_response"
-require "doorkeeper/oauth/token_response"
-require "doorkeeper/oauth/error_response"
-require "doorkeeper/oauth/pre_authorization"
-require "doorkeeper/oauth/base_request"
-require "doorkeeper/oauth/authorization_code_request"
-require "doorkeeper/oauth/refresh_token_request"
-require "doorkeeper/oauth/password_access_token_request"
-
-require "doorkeeper/oauth/client_credentials/validation"
-require "doorkeeper/oauth/client_credentials/creator"
-require "doorkeeper/oauth/client_credentials/issuer"
-require "doorkeeper/oauth/client_credentials/validation"
-require "doorkeeper/oauth/client/credentials"
-
-require "doorkeeper/oauth/client_credentials_request"
-require "doorkeeper/oauth/code_request"
-require "doorkeeper/oauth/token_request"
-require "doorkeeper/oauth/client"
-require "doorkeeper/oauth/token"
-require "doorkeeper/oauth/token_introspection"
-require "doorkeeper/oauth/invalid_token_response"
-require "doorkeeper/oauth/forbidden_token_response"
-
-require "doorkeeper/secret_storing/base"
-require "doorkeeper/secret_storing/plain"
-require "doorkeeper/secret_storing/sha256_hash"
-require "doorkeeper/secret_storing/bcrypt"
-
-require "doorkeeper/models/concerns/orderable"
-require "doorkeeper/models/concerns/scopes"
-require "doorkeeper/models/concerns/expirable"
-require "doorkeeper/models/concerns/reusable"
-require "doorkeeper/models/concerns/revocable"
-require "doorkeeper/models/concerns/accessible"
-require "doorkeeper/models/concerns/secret_storable"
-
-require "doorkeeper/models/access_grant_mixin"
-require "doorkeeper/models/access_token_mixin"
-require "doorkeeper/models/application_mixin"
-
-require "doorkeeper/helpers/controller"
-
-require "doorkeeper/rails/routes"
-require "doorkeeper/rails/helpers"
-
-require "doorkeeper/rake"
-require "doorkeeper/stale_records_cleaner"
-
-require "doorkeeper/orm/active_record"
-
+# Main Doorkeeper namespace.
+#
 module Doorkeeper
-  def self.authenticate(request, methods = Doorkeeper.configuration.access_token_methods)
+  autoload :Errors, "doorkeeper/errors"
+  autoload :GrantFlow, "doorkeeper/grant_flow"
+  autoload :OAuth, "doorkeeper/oauth"
+  autoload :Rake, "doorkeeper/rake"
+  autoload :Request, "doorkeeper/request"
+  autoload :Server, "doorkeeper/server"
+  autoload :StaleRecordsCleaner, "doorkeeper/stale_records_cleaner"
+  autoload :Validations, "doorkeeper/validations"
+  autoload :VERSION, "doorkeeper/version"
+
+  autoload :AccessGrantMixin, "doorkeeper/models/access_grant_mixin"
+  autoload :AccessTokenMixin, "doorkeeper/models/access_token_mixin"
+  autoload :ApplicationMixin, "doorkeeper/models/application_mixin"
+
+  module Helpers
+    autoload :Controller, "doorkeeper/helpers/controller"
+  end
+
+  module Request
+    autoload :Strategy, "doorkeeper/request/strategy"
+    autoload :AuthorizationCode, "doorkeeper/request/authorization_code"
+    autoload :ClientCredentials, "doorkeeper/request/client_credentials"
+    autoload :Code, "doorkeeper/request/code"
+    autoload :Password, "doorkeeper/request/password"
+    autoload :RefreshToken, "doorkeeper/request/refresh_token"
+    autoload :Token, "doorkeeper/request/token"
+  end
+
+  module OAuth
+    autoload :BaseRequest, "doorkeeper/oauth/base_request"
+    autoload :AuthorizationCodeRequest, "doorkeeper/oauth/authorization_code_request"
+    autoload :BaseResponse, "doorkeeper/oauth/base_response"
+    autoload :CodeResponse, "doorkeeper/oauth/code_response"
+    autoload :Client, "doorkeeper/oauth/client"
+    autoload :ClientCredentialsRequest, "doorkeeper/oauth/client_credentials_request"
+    autoload :CodeRequest, "doorkeeper/oauth/code_request"
+    autoload :ErrorResponse, "doorkeeper/oauth/error_response"
+    autoload :Error, "doorkeeper/oauth/error"
+    autoload :InvalidTokenResponse, "doorkeeper/oauth/invalid_token_response"
+    autoload :InvalidRequestResponse, "doorkeeper/oauth/invalid_request_response"
+    autoload :ForbiddenTokenResponse, "doorkeeper/oauth/forbidden_token_response"
+    autoload :NonStandard, "doorkeeper/oauth/nonstandard"
+    autoload :PasswordAccessTokenRequest, "doorkeeper/oauth/password_access_token_request"
+    autoload :PreAuthorization, "doorkeeper/oauth/pre_authorization"
+    autoload :RefreshTokenRequest, "doorkeeper/oauth/refresh_token_request"
+    autoload :Scopes, "doorkeeper/oauth/scopes"
+    autoload :Token, "doorkeeper/oauth/token"
+    autoload :TokenIntrospection, "doorkeeper/oauth/token_introspection"
+    autoload :TokenRequest, "doorkeeper/oauth/token_request"
+    autoload :TokenResponse, "doorkeeper/oauth/token_response"
+
+    module Authorization
+      autoload :Code, "doorkeeper/oauth/authorization/code"
+      autoload :Context, "doorkeeper/oauth/authorization/context"
+      autoload :Token, "doorkeeper/oauth/authorization/token"
+      autoload :URIBuilder, "doorkeeper/oauth/authorization/uri_builder"
+    end
+
+    class Client
+      autoload :Credentials, "doorkeeper/oauth/client/credentials"
+    end
+
+    module ClientCredentials
+      autoload :Validator, "doorkeeper/oauth/client_credentials/validator"
+      autoload :Creator, "doorkeeper/oauth/client_credentials/creator"
+      autoload :Issuer, "doorkeeper/oauth/client_credentials/issuer"
+    end
+
+    module Helpers
+      autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
+      autoload :URIChecker, "doorkeeper/oauth/helpers/uri_checker"
+      autoload :UniqueToken, "doorkeeper/oauth/helpers/unique_token"
+    end
+
+    module Hooks
+      autoload :Context, "doorkeeper/oauth/hooks/context"
+    end
+  end
+
+  module Models
+    autoload :Accessible, "doorkeeper/models/concerns/accessible"
+    autoload :Expirable, "doorkeeper/models/concerns/expirable"
+    autoload :Orderable, "doorkeeper/models/concerns/orderable"
+    autoload :Scopes, "doorkeeper/models/concerns/scopes"
+    autoload :Reusable, "doorkeeper/models/concerns/reusable"
+    autoload :ResourceOwnerable, "doorkeeper/models/concerns/resource_ownerable"
+    autoload :Revocable, "doorkeeper/models/concerns/revocable"
+    autoload :SecretStorable, "doorkeeper/models/concerns/secret_storable"
+  end
+
+  module Orm
+    autoload :ActiveRecord, "doorkeeper/orm/active_record"
+  end
+
+  module Rails
+    autoload :Helpers, "doorkeeper/rails/helpers"
+    autoload :Routes, "doorkeeper/rails/routes"
+  end
+
+  module SecretStoring
+    autoload :Base, "doorkeeper/secret_storing/base"
+    autoload :Plain, "doorkeeper/secret_storing/plain"
+    autoload :Sha256Hash, "doorkeeper/secret_storing/sha256_hash"
+    autoload :BCrypt, "doorkeeper/secret_storing/bcrypt"
+  end
+
+  def self.authenticate(request, methods = Doorkeeper.config.access_token_methods)
     OAuth::Token.authenticate(request, *methods)
   end
+
+  def self.gem_version
+    ::Gem::Version.new(::Doorkeeper::VERSION::STRING)
+  end
 end

data/lib/generators/doorkeeper/application_owner_generator.rb

@@ -16,7 +16,7 @@ module Doorkeeper
       migration_template(
         "add_owner_to_application_migration.rb.erb",
         "db/migrate/add_owner_to_application.rb",
-        migration_version: migration_version
+        migration_version: migration_version,
       )
     end
 

data/lib/generators/doorkeeper/confidential_applications_generator.rb

@@ -12,11 +12,11 @@ module Doorkeeper
     source_root File.expand_path("templates", __dir__)
     desc "Add confidential column to Doorkeeper applications"
 
-    def pkce
+    def confidential_applications
       migration_template(
         "add_confidential_to_applications.rb.erb",
         "db/migrate/add_confidential_to_applications.rb",
-        migration_version: migration_version
+        migration_version: migration_version,
       )
     end
 

data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Generates migration with polymorphic resource owner required
+  # database columns for Doorkeeper Access Token and Access Grant
+  # models.
+  #
+  class EnablePolymorphicResourceOwnerGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Provide support for polymorphic Resource Owner."
+
+    def enable_polymorphic_resource_owner
+      migration_template(
+        "enable_polymorphic_resource_owner_migration.rb.erb",
+        "db/migrate/enable_polymorphic_resource_owner.rb",
+        migration_version: migration_version,
+      )
+      gsub_file(
+        "config/initializers/doorkeeper.rb",
+        "# use_polymorphic_resource_owner",
+        "use_polymorphic_resource_owner",
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+end

data/lib/generators/doorkeeper/migration_generator.rb

@@ -15,7 +15,7 @@ module Doorkeeper
       migration_template(
         "migration.rb.erb",
         "db/migrate/create_doorkeeper_tables.rb",
-        migration_version: migration_version
+        migration_version: migration_version,
       )
     end
 

data/lib/generators/doorkeeper/pkce_generator.rb

@@ -16,7 +16,7 @@ module Doorkeeper
       migration_template(
         "enable_pkce_migration.rb.erb",
         "db/migrate/enable_pkce.rb",
-        migration_version: migration_version
+        migration_version: migration_version,
       )
     end
 

data/lib/generators/doorkeeper/previous_refresh_token_generator.rb

@@ -17,12 +17,12 @@ module Doorkeeper
     end
 
     def previous_refresh_token
-      if no_previous_refresh_token_column?
-        migration_template(
-          "add_previous_refresh_token_to_access_tokens.rb.erb",
-          "db/migrate/add_previous_refresh_token_to_access_tokens.rb"
-        )
-      end
+      return unless no_previous_refresh_token_column?
+
+      migration_template(
+        "add_previous_refresh_token_to_access_tokens.rb.erb",
+        "db/migrate/add_previous_refresh_token_to_access_tokens.rb",
+      )
     end
 
     private
@@ -34,7 +34,7 @@ module Doorkeeper
     def no_previous_refresh_token_column?
       !ActiveRecord::Base.connection.column_exists?(
         :oauth_access_tokens,
-        :previous_refresh_token
+        :previous_refresh_token,
       )
     end
   end

data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 class AddOwnerToApplication < ActiveRecord::Migration<%= migration_version %>
   def change
-    add_column :oauth_applications, :owner_id, :integer, null: true
+    add_column :oauth_applications, :owner_id, :bigint, null: true
     add_column :oauth_applications, :owner_type, :string, null: true
     add_index :oauth_applications, [:owner_id, :owner_type]
   end

data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration<%= migration_version %>
   def change
     add_column(

data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class EnablePkce < ActiveRecord::Migration<%= migration_version %>
   def change
     add_column :oauth_access_grants, :code_challenge, :string, null: true

data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class EnablePolymorphicResourceOwner < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :oauth_access_tokens, :resource_owner_type, :string
+    add_column :oauth_access_grants, :resource_owner_type, :string
+    change_column_null :oauth_access_grants, :resource_owner_type, false
+
+    add_index :oauth_access_tokens,
+              [:resource_owner_id, :resource_owner_type],
+              name: 'polymorphic_owner_oauth_access_tokens'
+
+    add_index :oauth_access_grants,
+              [:resource_owner_id, :resource_owner_type],
+              name: 'polymorphic_owner_oauth_access_grants'
+  end
+end