doorkeeper 5.1.2 → 5.6.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/{NEWS.md → CHANGELOG.md} +314 -27
- data/README.md +39 -22
- data/app/controllers/doorkeeper/application_controller.rb +3 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
- data/app/controllers/doorkeeper/applications_controller.rb +5 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +76 -25
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +5 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +99 -28
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -7
- data/app/views/doorkeeper/applications/show.html.erb +35 -14
- data/app/views/doorkeeper/authorizations/error.html.erb +3 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +16 -14
- data/config/locales/en.yml +16 -3
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +20 -2
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +300 -136
- data/lib/doorkeeper/engine.rb +10 -3
- data/lib/doorkeeper/errors.rb +13 -18
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/helpers.rb +7 -3
- data/lib/doorkeeper/helpers/controller.rb +36 -11
- data/lib/doorkeeper/models/access_grant_mixin.rb +23 -19
- data/lib/doorkeeper/models/access_token_mixin.rb +195 -52
- data/lib/doorkeeper/models/application_mixin.rb +8 -7
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +31 -14
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +30 -19
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +51 -22
- data/lib/doorkeeper/oauth/base_request.rb +21 -22
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client.rb +8 -9
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +42 -5
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
- data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +14 -5
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +6 -12
- data/lib/doorkeeper/oauth/code_response.rb +24 -14
- data/lib/doorkeeper/oauth/error.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +11 -13
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +10 -7
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +19 -23
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +34 -11
- data/lib/doorkeeper/oauth/pre_authorization.rb +114 -44
- data/lib/doorkeeper/oauth/refresh_token_request.rb +54 -34
- data/lib/doorkeeper/oauth/token.rb +6 -7
- data/lib/doorkeeper/oauth/token_introspection.rb +28 -22
- data/lib/doorkeeper/oauth/token_request.rb +6 -20
- data/lib/doorkeeper/oauth/token_response.rb +2 -3
- data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
- data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
- data/lib/doorkeeper/orm/active_record/application.rb +5 -149
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +63 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +77 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +210 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +5 -2
- data/lib/doorkeeper/orm/active_record.rb +29 -22
- data/lib/doorkeeper/rails/helpers.rb +4 -4
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +28 -27
- data/lib/doorkeeper/rake/db.rake +6 -6
- data/lib/doorkeeper/request/authorization_code.rb +5 -3
- data/lib/doorkeeper/request/client_credentials.rb +2 -2
- data/lib/doorkeeper/request/password.rb +3 -2
- data/lib/doorkeeper/request/refresh_token.rb +5 -4
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/request.rb +49 -17
- data/lib/doorkeeper/server.rb +7 -11
- data/lib/doorkeeper/stale_records_cleaner.rb +6 -2
- data/lib/doorkeeper/version.rb +2 -6
- data/lib/doorkeeper.rb +183 -80
- data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/migration_generator.rb +1 -1
- data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -7
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +230 -50
- data/lib/generators/doorkeeper/templates/migration.rb.erb +31 -9
- metadata +61 -327
- data/.coveralls.yml +0 -1
- data/.github/ISSUE_TEMPLATE.md +0 -25
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
- data/.gitignore +0 -20
- data/.gitlab-ci.yml +0 -16
- data/.hound.yml +0 -3
- data/.rspec +0 -1
- data/.rubocop.yml +0 -50
- data/.travis.yml +0 -35
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -47
- data/Dangerfile +0 -67
- data/Gemfile +0 -24
- data/RELEASING.md +0 -10
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/app/validators/redirect_uri_validator.rb +0 -50
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -34
- data/gemfiles/rails_5_0.gemfile +0 -17
- data/gemfiles/rails_5_1.gemfile +0 -17
- data/gemfiles/rails_5_2.gemfile +0 -17
- data/gemfiles/rails_6_0.gemfile +0 -17
- data/gemfiles/rails_master.gemfile +0 -17
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -180
- data/spec/controllers/authorizations_controller_spec.rb +0 -527
- data/spec/controllers/protected_resources_controller_spec.rb +0 -353
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -330
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -47
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -121
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -697
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -156
- data/spec/lib/oauth/base_request_spec.rb +0 -205
- data/spec/lib/oauth/base_response_spec.rb +0 -47
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -94
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -47
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -66
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -247
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -215
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
- data/spec/lib/oauth/scopes_spec.rb +0 -148
- data/spec/lib/oauth/token_request_spec.rb +0 -150
- data/spec/lib/oauth/token_response_spec.rb +0 -86
- data/spec/lib/oauth/token_spec.rb +0 -158
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -61
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -144
- data/spec/models/doorkeeper/access_token_spec.rb +0 -591
- data/spec/models/doorkeeper/application_spec.rb +0 -472
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -73
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -78
- data/spec/requests/flows/authorization_code_spec.rb +0 -447
- data/spec/requests/flows/client_credentials_spec.rb +0 -128
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -34
- data/spec/requests/flows/implicit_grant_spec.rb +0 -90
- data/spec/requests/flows/password_spec.rb +0 -259
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -143
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -57
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -98
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/http_method_shim.rb +0 -29
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -123
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -158
- data/spec/version/version_spec.rb +0 -17
@@ -1,9 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
|
5
|
-
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
6
|
-
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
7
|
-
|
8
|
-
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
9
|
-
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -1,121 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
Doorkeeper.configure do
|
4
|
-
# Change the ORM that doorkeeper will use.
|
5
|
-
orm DOORKEEPER_ORM
|
6
|
-
|
7
|
-
# This block will be called to check whether the resource owner is authenticated or not.
|
8
|
-
resource_owner_authenticator do
|
9
|
-
# Put your resource owner authentication logic here.
|
10
|
-
User.where(id: session[:user_id]).first || redirect_to(root_url, alert: "Needs sign in.")
|
11
|
-
end
|
12
|
-
|
13
|
-
# If you didn't skip applications controller from Doorkeeper routes in your application routes.rb
|
14
|
-
# file then you need to declare this block in order to restrict access to the web interface for
|
15
|
-
# adding oauth authorized applications. In other case it will return 403 Forbidden response
|
16
|
-
# every time somebody will try to access the admin web interface.
|
17
|
-
#
|
18
|
-
# admin_authenticator do
|
19
|
-
# # Put your admin authentication logic here.
|
20
|
-
# # Example implementation:
|
21
|
-
# Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
|
22
|
-
# end
|
23
|
-
|
24
|
-
# Authorization Code expiration time (default 10 minutes).
|
25
|
-
# authorization_code_expires_in 10.minutes
|
26
|
-
|
27
|
-
# Access token expiration time (default 2 hours).
|
28
|
-
# If you want to disable expiration, set this to nil.
|
29
|
-
# access_token_expires_in 2.hours
|
30
|
-
|
31
|
-
# Reuse access token for the same resource owner within an application (disabled by default)
|
32
|
-
# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
|
33
|
-
# reuse_access_token
|
34
|
-
|
35
|
-
# Issue access tokens with refresh token (disabled by default)
|
36
|
-
use_refresh_token
|
37
|
-
|
38
|
-
# Forbids creating/updating applications with arbitrary scopes that are
|
39
|
-
# not in configuration, i.e. `default_scopes` or `optional_scopes`.
|
40
|
-
# (disabled by default)
|
41
|
-
#
|
42
|
-
# enforce_configured_scopes
|
43
|
-
|
44
|
-
# Provide support for an owner to be assigned to each registered application (disabled by default)
|
45
|
-
# Optional parameter confirmation: true (default false) if you want to enforce ownership of
|
46
|
-
# a registered application
|
47
|
-
# Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
|
48
|
-
# enable_application_owner confirmation: false
|
49
|
-
|
50
|
-
# Define access token scopes for your provider
|
51
|
-
# For more information go to
|
52
|
-
# https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
|
53
|
-
default_scopes :public
|
54
|
-
optional_scopes :write, :update
|
55
|
-
|
56
|
-
# Change the way client credentials are retrieved from the request object.
|
57
|
-
# By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
|
58
|
-
# falls back to the `:client_id` and `:client_secret` params from the `params` object.
|
59
|
-
# Check out the wiki for more information on customization
|
60
|
-
# client_credentials :from_basic, :from_params
|
61
|
-
|
62
|
-
# Change the way access token is authenticated from the request object.
|
63
|
-
# By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
|
64
|
-
# falls back to the `:access_token` or `:bearer_token` params from the `params` object.
|
65
|
-
# Check out the wiki for more information on customization
|
66
|
-
# access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
|
67
|
-
|
68
|
-
# Change the native redirect uri for client apps
|
69
|
-
# When clients register with the following redirect uri, they won't be redirected to any server and
|
70
|
-
# the authorization code will be displayed within the provider
|
71
|
-
# The value can be any string. Use nil to disable this feature.
|
72
|
-
# When disabled, clients must provide a valid URL
|
73
|
-
# (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
|
74
|
-
#
|
75
|
-
# native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
|
76
|
-
|
77
|
-
# Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
|
78
|
-
# by default in non-development environments). OAuth2 delegates security in
|
79
|
-
# communication to the HTTPS protocol so it is wise to keep this enabled.
|
80
|
-
#
|
81
|
-
# force_ssl_in_redirect_uri !Rails.env.development?
|
82
|
-
|
83
|
-
# Specify what grant flows are enabled in array of Strings. The valid
|
84
|
-
# strings and the flows they enable are:
|
85
|
-
#
|
86
|
-
# "authorization_code" => Authorization Code Grant Flow
|
87
|
-
# "implicit" => Implicit Grant Flow
|
88
|
-
# "password" => Resource Owner Password Credentials Grant Flow
|
89
|
-
# "client_credentials" => Client Credentials Grant Flow
|
90
|
-
#
|
91
|
-
# If not specified, Doorkeeper enables authorization_code and
|
92
|
-
# client_credentials.
|
93
|
-
#
|
94
|
-
# implicit and password grant flows have risks that you should understand
|
95
|
-
# before enabling:
|
96
|
-
# http://tools.ietf.org/html/rfc6819#section-4.4.2
|
97
|
-
# http://tools.ietf.org/html/rfc6819#section-4.4.3
|
98
|
-
#
|
99
|
-
# grant_flows %w[authorization_code client_credentials]
|
100
|
-
|
101
|
-
# Hook into the strategies' request & response life-cycle in case your
|
102
|
-
# application needs advanced customization or logging:
|
103
|
-
#
|
104
|
-
# before_successful_strategy_response do |request|
|
105
|
-
# puts "BEFORE HOOK FIRED! #{request}"
|
106
|
-
# end
|
107
|
-
#
|
108
|
-
# after_successful_strategy_response do |request, response|
|
109
|
-
# puts "AFTER HOOK FIRED! #{request}, #{response}"
|
110
|
-
# end
|
111
|
-
|
112
|
-
# Under some circumstances you might want to have applications auto-approved,
|
113
|
-
# so that the user skips the authorization step.
|
114
|
-
# For example if dealing with a trusted application.
|
115
|
-
# skip_authorization do |resource_owner, client|
|
116
|
-
# client.superapp? or resource_owner.admin?
|
117
|
-
# end
|
118
|
-
|
119
|
-
# WWW-Authenticate Realm (default "Doorkeeper").
|
120
|
-
realm "Doorkeeper"
|
121
|
-
end
|
@@ -1,10 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
|
5
|
-
# Your secret key for verifying the integrity of signed cookies.
|
6
|
-
# If you change this key, all old signed cookies will become invalid!
|
7
|
-
# Make sure the secret is at least 30 characters and all random,
|
8
|
-
# no regular words or you'll be exposed to dictionary attacks.
|
9
|
-
Dummy::Application.config.secret_key_base =
|
10
|
-
"c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159"
|
@@ -1,10 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
|
5
|
-
Dummy::Application.config.session_store :cookie_store, key: "_dummy_session"
|
6
|
-
|
7
|
-
# Use the database for sessions instead of the cookie-based default,
|
8
|
-
# which shouldn't be used to store highly confidential information
|
9
|
-
# (create the session table with "rails generate session_migration")
|
10
|
-
# Dummy::Application.config.session_store :active_record_store
|
@@ -1,16 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
#
|
5
|
-
# This file contains settings for ActionController::ParamsWrapper which
|
6
|
-
# is enabled by default.
|
7
|
-
|
8
|
-
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
9
|
-
ActiveSupport.on_load(:action_controller) do
|
10
|
-
wrap_parameters format: [:json]
|
11
|
-
end
|
12
|
-
|
13
|
-
# Disable root element in JSON by default.
|
14
|
-
ActiveSupport.on_load(:active_record) do
|
15
|
-
self.include_root_in_json = false
|
16
|
-
end
|
data/spec/dummy/config/routes.rb
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
Rails.application.routes.draw do
|
2
|
-
use_doorkeeper
|
3
|
-
|
4
|
-
resources :semi_protected_resources
|
5
|
-
resources :full_protected_resources
|
6
|
-
|
7
|
-
get 'metal.json' => 'metal#index'
|
8
|
-
|
9
|
-
get '/callback', to: 'home#callback'
|
10
|
-
get '/sign_in', to: 'home#sign_in'
|
11
|
-
|
12
|
-
root to: 'home#index'
|
13
|
-
end
|
data/spec/dummy/config.ru
DELETED
@@ -1,69 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
|
4
|
-
def change
|
5
|
-
create_table :oauth_applications do |t|
|
6
|
-
t.string :name, null: false
|
7
|
-
t.string :uid, null: false
|
8
|
-
t.string :secret, null: false
|
9
|
-
|
10
|
-
# Remove `null: false` if you are planning to use grant flows
|
11
|
-
# that doesn't require redirect URI to be used during authorization
|
12
|
-
# like Client Credentials flow or Resource Owner Password.
|
13
|
-
t.text :redirect_uri, null: false
|
14
|
-
t.string :scopes, null: false, default: ""
|
15
|
-
t.timestamps null: false
|
16
|
-
end
|
17
|
-
|
18
|
-
add_index :oauth_applications, :uid, unique: true
|
19
|
-
|
20
|
-
create_table :oauth_access_grants do |t|
|
21
|
-
t.references :resource_owner, null: false
|
22
|
-
t.references :application, null: false
|
23
|
-
t.string :token, null: false
|
24
|
-
t.integer :expires_in, null: false
|
25
|
-
t.text :redirect_uri, null: false
|
26
|
-
t.datetime :created_at, null: false
|
27
|
-
t.datetime :revoked_at
|
28
|
-
t.string :scopes
|
29
|
-
end
|
30
|
-
|
31
|
-
add_index :oauth_access_grants, :token, unique: true
|
32
|
-
add_foreign_key(
|
33
|
-
:oauth_access_grants,
|
34
|
-
:oauth_applications,
|
35
|
-
column: :application_id
|
36
|
-
)
|
37
|
-
|
38
|
-
create_table :oauth_access_tokens do |t|
|
39
|
-
t.references :resource_owner, index: true
|
40
|
-
t.references :application, null: false
|
41
|
-
|
42
|
-
# If you use a custom token generator you may need to change this column
|
43
|
-
# from string to text, so that it accepts tokens larger than 255
|
44
|
-
# characters. More info on custom token generators in:
|
45
|
-
# https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
|
46
|
-
#
|
47
|
-
# t.text :token, null: false
|
48
|
-
t.string :token, null: false
|
49
|
-
|
50
|
-
t.string :refresh_token
|
51
|
-
t.integer :expires_in
|
52
|
-
t.datetime :revoked_at
|
53
|
-
t.datetime :created_at, null: false
|
54
|
-
t.string :scopes
|
55
|
-
end
|
56
|
-
|
57
|
-
add_index :oauth_access_tokens, :token, unique: true
|
58
|
-
add_index :oauth_access_tokens, :refresh_token, unique: true
|
59
|
-
add_foreign_key(
|
60
|
-
:oauth_access_tokens,
|
61
|
-
:oauth_applications,
|
62
|
-
column: :application_id
|
63
|
-
)
|
64
|
-
|
65
|
-
# Uncomment below to ensure a valid reference to the resource owner's table
|
66
|
-
add_foreign_key :oauth_access_grants, :users, column: :resource_owner_id
|
67
|
-
add_foreign_key :oauth_access_tokens, :users, column: :resource_owner_id
|
68
|
-
end
|
69
|
-
end
|
@@ -1,9 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class AddOwnerToApplication < ActiveRecord::Migration[4.2]
|
4
|
-
def change
|
5
|
-
add_column :oauth_applications, :owner_id, :integer, null: true
|
6
|
-
add_column :oauth_applications, :owner_type, :string, null: true
|
7
|
-
add_index :oauth_applications, %i[owner_id owner_type]
|
8
|
-
end
|
9
|
-
end
|
@@ -1,13 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class AddConfidentialToApplications < ActiveRecord::Migration[5.1]
|
4
|
-
def change
|
5
|
-
add_column(
|
6
|
-
:oauth_applications,
|
7
|
-
:confidential,
|
8
|
-
:boolean,
|
9
|
-
null: false,
|
10
|
-
default: true # maintaining backwards compatibility: require secrets
|
11
|
-
)
|
12
|
-
end
|
13
|
-
end
|
data/spec/dummy/db/schema.rb
DELETED
@@ -1,68 +0,0 @@
|
|
1
|
-
# This file is auto-generated from the current state of the database. Instead
|
2
|
-
# of editing this file, please use the migrations feature of Active Record to
|
3
|
-
# incrementally modify your database, and then regenerate this schema definition.
|
4
|
-
#
|
5
|
-
# Note that this schema.rb definition is the authoritative source for your
|
6
|
-
# database schema. If you need to create the application database on another
|
7
|
-
# system, you should be using db:schema:load, not running all the migrations
|
8
|
-
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
9
|
-
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
10
|
-
#
|
11
|
-
# It's strongly recommended that you check this file into your version control system.
|
12
|
-
|
13
|
-
ActiveRecord::Schema.define(version: 20180210183654) do
|
14
|
-
|
15
|
-
create_table "oauth_access_grants", force: :cascade do |t|
|
16
|
-
t.integer "resource_owner_id", null: false
|
17
|
-
t.integer "application_id", null: false
|
18
|
-
t.string "token", null: false
|
19
|
-
t.integer "expires_in", null: false
|
20
|
-
t.text "redirect_uri", null: false
|
21
|
-
t.datetime "created_at", null: false
|
22
|
-
t.datetime "revoked_at"
|
23
|
-
t.string "scopes"
|
24
|
-
unless ENV['WITHOUT_PKCE']
|
25
|
-
t.string "code_challenge"
|
26
|
-
t.string "code_challenge_method"
|
27
|
-
end
|
28
|
-
t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
|
29
|
-
end
|
30
|
-
|
31
|
-
create_table "oauth_access_tokens", force: :cascade do |t|
|
32
|
-
t.integer "resource_owner_id"
|
33
|
-
t.integer "application_id"
|
34
|
-
t.string "token", null: false
|
35
|
-
t.string "refresh_token"
|
36
|
-
t.integer "expires_in"
|
37
|
-
t.datetime "revoked_at"
|
38
|
-
t.datetime "created_at", null: false
|
39
|
-
t.string "scopes"
|
40
|
-
t.string "previous_refresh_token", default: "", null: false
|
41
|
-
t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
|
42
|
-
t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
|
43
|
-
t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
|
44
|
-
end
|
45
|
-
|
46
|
-
create_table "oauth_applications", force: :cascade do |t|
|
47
|
-
t.string "name", null: false
|
48
|
-
t.string "uid", null: false
|
49
|
-
t.string "secret", null: false
|
50
|
-
t.text "redirect_uri"
|
51
|
-
t.string "scopes", default: "", null: false
|
52
|
-
t.datetime "created_at", null: false
|
53
|
-
t.datetime "updated_at", null: false
|
54
|
-
t.integer "owner_id"
|
55
|
-
t.string "owner_type"
|
56
|
-
t.boolean "confidential", default: true, null: false
|
57
|
-
t.index ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
|
58
|
-
t.index ["uid"], name: "index_oauth_applications_on_uid", unique: true
|
59
|
-
end
|
60
|
-
|
61
|
-
create_table "users", force: :cascade do |t|
|
62
|
-
t.string "name"
|
63
|
-
t.datetime "created_at"
|
64
|
-
t.datetime "updated_at"
|
65
|
-
t.string "password"
|
66
|
-
end
|
67
|
-
|
68
|
-
end
|
data/spec/dummy/public/404.html
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
<!DOCTYPE html>
|
2
|
-
<html>
|
3
|
-
<head>
|
4
|
-
<title>The page you were looking for doesn't exist (404)</title>
|
5
|
-
<style type="text/css">
|
6
|
-
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
-
div.dialog {
|
8
|
-
width: 25em;
|
9
|
-
padding: 0 4em;
|
10
|
-
margin: 4em auto 0 auto;
|
11
|
-
border: 1px solid #ccc;
|
12
|
-
border-right-color: #999;
|
13
|
-
border-bottom-color: #999;
|
14
|
-
}
|
15
|
-
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
-
</style>
|
17
|
-
</head>
|
18
|
-
|
19
|
-
<body>
|
20
|
-
<!-- This file lives in public/404.html -->
|
21
|
-
<div class="dialog">
|
22
|
-
<h1>The page you were looking for doesn't exist.</h1>
|
23
|
-
<p>You may have mistyped the address or the page may have moved.</p>
|
24
|
-
</div>
|
25
|
-
</body>
|
26
|
-
</html>
|
data/spec/dummy/public/422.html
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
<!DOCTYPE html>
|
2
|
-
<html>
|
3
|
-
<head>
|
4
|
-
<title>The change you wanted was rejected (422)</title>
|
5
|
-
<style type="text/css">
|
6
|
-
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
-
div.dialog {
|
8
|
-
width: 25em;
|
9
|
-
padding: 0 4em;
|
10
|
-
margin: 4em auto 0 auto;
|
11
|
-
border: 1px solid #ccc;
|
12
|
-
border-right-color: #999;
|
13
|
-
border-bottom-color: #999;
|
14
|
-
}
|
15
|
-
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
-
</style>
|
17
|
-
</head>
|
18
|
-
|
19
|
-
<body>
|
20
|
-
<!-- This file lives in public/422.html -->
|
21
|
-
<div class="dialog">
|
22
|
-
<h1>The change you wanted was rejected.</h1>
|
23
|
-
<p>Maybe you tried to change something you didn't have access to.</p>
|
24
|
-
</div>
|
25
|
-
</body>
|
26
|
-
</html>
|
data/spec/dummy/public/500.html
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
<!DOCTYPE html>
|
2
|
-
<html>
|
3
|
-
<head>
|
4
|
-
<title>We're sorry, but something went wrong (500)</title>
|
5
|
-
<style type="text/css">
|
6
|
-
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
-
div.dialog {
|
8
|
-
width: 25em;
|
9
|
-
padding: 0 4em;
|
10
|
-
margin: 4em auto 0 auto;
|
11
|
-
border: 1px solid #ccc;
|
12
|
-
border-right-color: #999;
|
13
|
-
border-bottom-color: #999;
|
14
|
-
}
|
15
|
-
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
-
</style>
|
17
|
-
</head>
|
18
|
-
|
19
|
-
<body>
|
20
|
-
<!-- This file lives in public/500.html -->
|
21
|
-
<div class="dialog">
|
22
|
-
<h1>We're sorry, but something went wrong.</h1>
|
23
|
-
<p>We've been notified about this issue and we'll take a look at it shortly.</p>
|
24
|
-
</div>
|
25
|
-
</body>
|
26
|
-
</html>
|
File without changes
|
data/spec/dummy/script/rails
DELETED
@@ -1,9 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
# This command will automatically be run when you run "rails" with Rails 3 gems
|
5
|
-
# installed from the root of your application.
|
6
|
-
|
7
|
-
APP_PATH = File.expand_path("../config/application", __dir__)
|
8
|
-
require File.expand_path("../config/boot", __dir__)
|
9
|
-
require "rails/commands"
|
data/spec/factories.rb
DELETED
@@ -1,30 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
FactoryBot.define do
|
4
|
-
factory :access_grant, class: "Doorkeeper::AccessGrant" do
|
5
|
-
sequence(:resource_owner_id) { |n| n }
|
6
|
-
application
|
7
|
-
redirect_uri { "https://app.com/callback" }
|
8
|
-
expires_in { 100 }
|
9
|
-
scopes { "public write" }
|
10
|
-
end
|
11
|
-
|
12
|
-
factory :access_token, class: "Doorkeeper::AccessToken" do
|
13
|
-
sequence(:resource_owner_id) { |n| n }
|
14
|
-
application
|
15
|
-
expires_in { 2.hours }
|
16
|
-
|
17
|
-
factory :clientless_access_token do
|
18
|
-
application { nil }
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
factory :application, class: "Doorkeeper::Application" do
|
23
|
-
sequence(:name) { |n| "Application #{n}" }
|
24
|
-
redirect_uri { "https://app.com/callback" }
|
25
|
-
end
|
26
|
-
|
27
|
-
# do not name this factory :user, otherwise it will conflict with factories
|
28
|
-
# from applications that use doorkeeper factories in their own tests
|
29
|
-
factory :doorkeeper_testing_user, class: :user
|
30
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/application_owner_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::ApplicationOwnerGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::ApplicationOwnerGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
end
|
16
|
-
|
17
|
-
it "creates a migration with a version specifier" do
|
18
|
-
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
19
|
-
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
20
|
-
|
21
|
-
run_generator
|
22
|
-
|
23
|
-
assert_migration "db/migrate/add_owner_to_application.rb" do |migration|
|
24
|
-
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,29 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/confidential_applications_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::ConfidentialApplicationsGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::ConfidentialApplicationsGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
end
|
16
|
-
|
17
|
-
it "creates a migration with a version specifier" do
|
18
|
-
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
19
|
-
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
20
|
-
|
21
|
-
run_generator
|
22
|
-
|
23
|
-
assert_migration "db/migrate/add_confidential_to_applications.rb" do |migration|
|
24
|
-
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
25
|
-
assert migration.include?(":confidential")
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/install_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::InstallGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::InstallGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
FileUtils.mkdir(::File.expand_path("config", Pathname(destination_root)))
|
16
|
-
FileUtils.mkdir(::File.expand_path("db", Pathname(destination_root)))
|
17
|
-
FileUtils.copy_file(
|
18
|
-
::File.expand_path("../templates/routes.rb", __FILE__),
|
19
|
-
::File.expand_path("config/routes.rb", Pathname.new(destination_root))
|
20
|
-
)
|
21
|
-
run_generator
|
22
|
-
end
|
23
|
-
|
24
|
-
it "creates an initializer file" do
|
25
|
-
assert_file "config/initializers/doorkeeper.rb"
|
26
|
-
end
|
27
|
-
|
28
|
-
it "copies the locale file" do
|
29
|
-
assert_file "config/locales/doorkeeper.en.yml"
|
30
|
-
end
|
31
|
-
|
32
|
-
it "adds sample route" do
|
33
|
-
assert_file "config/routes.rb", /use_doorkeeper/
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "spec_helper"
|
4
|
-
require "generators/doorkeeper/migration_generator"
|
5
|
-
|
6
|
-
describe "Doorkeeper::MigrationGenerator" do
|
7
|
-
include GeneratorSpec::TestCase
|
8
|
-
|
9
|
-
tests Doorkeeper::MigrationGenerator
|
10
|
-
destination ::File.expand_path("../tmp/dummy", __FILE__)
|
11
|
-
|
12
|
-
describe "after running the generator" do
|
13
|
-
before :each do
|
14
|
-
prepare_destination
|
15
|
-
end
|
16
|
-
|
17
|
-
it "creates a migration with a version specifier" do
|
18
|
-
stub_const("ActiveRecord::VERSION::MAJOR", 5)
|
19
|
-
stub_const("ActiveRecord::VERSION::MINOR", 0)
|
20
|
-
|
21
|
-
run_generator
|
22
|
-
|
23
|
-
assert_migration "db/migrate/create_doorkeeper_tables.rb" do |migration|
|
24
|
-
assert migration.include?("ActiveRecord::Migration[5.0]\n")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|