doorkeeper 5.2.2 → 5.5.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (260) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +198 -3
  3. data/README.md +28 -20
  4. data/app/controllers/doorkeeper/application_controller.rb +3 -2
  5. data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
  6. data/app/controllers/doorkeeper/applications_controller.rb +7 -8
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +48 -18
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +6 -6
  9. data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
  10. data/app/controllers/doorkeeper/tokens_controller.rb +70 -25
  11. data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
  12. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  13. data/app/views/doorkeeper/applications/show.html.erb +35 -14
  14. data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  15. data/app/views/doorkeeper/authorizations/new.html.erb +2 -0
  16. data/config/locales/en.yml +9 -2
  17. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  18. data/lib/doorkeeper/config/option.rb +26 -14
  19. data/lib/doorkeeper/config/validations.rb +53 -0
  20. data/lib/doorkeeper/config.rb +214 -122
  21. data/lib/doorkeeper/engine.rb +1 -1
  22. data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  23. data/lib/doorkeeper/grant_flow/flow.rb +44 -0
  24. data/lib/doorkeeper/grant_flow/registry.rb +50 -0
  25. data/lib/doorkeeper/grant_flow.rb +45 -0
  26. data/lib/doorkeeper/grape/helpers.rb +2 -2
  27. data/lib/doorkeeper/helpers/controller.rb +18 -12
  28. data/lib/doorkeeper/models/access_grant_mixin.rb +23 -19
  29. data/lib/doorkeeper/models/access_token_mixin.rb +157 -55
  30. data/lib/doorkeeper/models/application_mixin.rb +8 -7
  31. data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
  32. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  33. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  34. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  35. data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
  36. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  37. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  38. data/lib/doorkeeper/oauth/authorization/code.rb +22 -9
  39. data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
  40. data/lib/doorkeeper/oauth/authorization/token.rb +23 -18
  41. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  42. data/lib/doorkeeper/oauth/authorization_code_request.rb +30 -20
  43. data/lib/doorkeeper/oauth/base_request.rb +19 -23
  44. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  45. data/lib/doorkeeper/oauth/client.rb +8 -9
  46. data/lib/doorkeeper/oauth/client_credentials/creator.rb +38 -12
  47. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
  48. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +7 -5
  49. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  50. data/lib/doorkeeper/oauth/code_request.rb +4 -4
  51. data/lib/doorkeeper/oauth/code_response.rb +24 -14
  52. data/lib/doorkeeper/oauth/error.rb +1 -1
  53. data/lib/doorkeeper/oauth/error_response.rb +10 -11
  54. data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
  55. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
  56. data/lib/doorkeeper/oauth/helpers/unique_token.rb +10 -7
  57. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -19
  58. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  59. data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
  60. data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
  61. data/lib/doorkeeper/oauth/password_access_token_request.rb +28 -10
  62. data/lib/doorkeeper/oauth/pre_authorization.rb +73 -37
  63. data/lib/doorkeeper/oauth/refresh_token_request.rb +35 -26
  64. data/lib/doorkeeper/oauth/token.rb +6 -7
  65. data/lib/doorkeeper/oauth/token_introspection.rb +12 -16
  66. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  67. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  68. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  69. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  70. data/lib/doorkeeper/orm/active_record/application.rb +5 -95
  71. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
  72. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
  73. data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
  74. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +8 -3
  75. data/lib/doorkeeper/orm/active_record.rb +5 -7
  76. data/lib/doorkeeper/rails/helpers.rb +4 -4
  77. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  78. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  79. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  80. data/lib/doorkeeper/rails/routes.rb +17 -25
  81. data/lib/doorkeeper/rake/db.rake +6 -6
  82. data/lib/doorkeeper/rake/setup.rake +5 -0
  83. data/lib/doorkeeper/request/authorization_code.rb +3 -3
  84. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  85. data/lib/doorkeeper/request/password.rb +3 -2
  86. data/lib/doorkeeper/request/refresh_token.rb +5 -4
  87. data/lib/doorkeeper/request/strategy.rb +2 -2
  88. data/lib/doorkeeper/request.rb +49 -12
  89. data/lib/doorkeeper/server.rb +5 -5
  90. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  91. data/lib/doorkeeper/version.rb +2 -6
  92. data/lib/doorkeeper.rb +112 -81
  93. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  94. data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
  95. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  96. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  97. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  98. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
  99. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
  100. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  101. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  102. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  103. data/lib/generators/doorkeeper/templates/initializer.rb +99 -14
  104. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  105. metadata +37 -306
  106. data/Appraisals +0 -40
  107. data/CODE_OF_CONDUCT.md +0 -46
  108. data/CONTRIBUTING.md +0 -49
  109. data/Dangerfile +0 -67
  110. data/Dockerfile +0 -29
  111. data/Gemfile +0 -25
  112. data/NEWS.md +0 -1
  113. data/RELEASING.md +0 -11
  114. data/Rakefile +0 -28
  115. data/SECURITY.md +0 -15
  116. data/UPGRADE.md +0 -2
  117. data/bin/console +0 -16
  118. data/doorkeeper.gemspec +0 -42
  119. data/gemfiles/rails_5_0.gemfile +0 -18
  120. data/gemfiles/rails_5_1.gemfile +0 -18
  121. data/gemfiles/rails_5_2.gemfile +0 -18
  122. data/gemfiles/rails_6_0.gemfile +0 -18
  123. data/gemfiles/rails_master.gemfile +0 -18
  124. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  125. data/spec/controllers/applications_controller_spec.rb +0 -273
  126. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  127. data/spec/controllers/protected_resources_controller_spec.rb +0 -353
  128. data/spec/controllers/token_info_controller_spec.rb +0 -50
  129. data/spec/controllers/tokens_controller_spec.rb +0 -498
  130. data/spec/dummy/Rakefile +0 -9
  131. data/spec/dummy/app/assets/config/manifest.js +0 -2
  132. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  133. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  134. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  135. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  136. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  137. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  138. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  139. data/spec/dummy/app/models/user.rb +0 -7
  140. data/spec/dummy/app/views/home/index.html.erb +0 -0
  141. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  142. data/spec/dummy/config/application.rb +0 -49
  143. data/spec/dummy/config/boot.rb +0 -7
  144. data/spec/dummy/config/database.yml +0 -15
  145. data/spec/dummy/config/environment.rb +0 -5
  146. data/spec/dummy/config/environments/development.rb +0 -31
  147. data/spec/dummy/config/environments/production.rb +0 -64
  148. data/spec/dummy/config/environments/test.rb +0 -45
  149. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  150. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  151. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  152. data/spec/dummy/config/initializers/session_store.rb +0 -10
  153. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  154. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  155. data/spec/dummy/config/routes.rb +0 -13
  156. data/spec/dummy/config.ru +0 -6
  157. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  158. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  159. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  160. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  161. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  162. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  163. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  164. data/spec/dummy/db/schema.rb +0 -68
  165. data/spec/dummy/public/404.html +0 -26
  166. data/spec/dummy/public/422.html +0 -26
  167. data/spec/dummy/public/500.html +0 -26
  168. data/spec/dummy/public/favicon.ico +0 -0
  169. data/spec/dummy/script/rails +0 -9
  170. data/spec/factories.rb +0 -30
  171. data/spec/generators/application_owner_generator_spec.rb +0 -28
  172. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  173. data/spec/generators/install_generator_spec.rb +0 -36
  174. data/spec/generators/migration_generator_spec.rb +0 -28
  175. data/spec/generators/pkce_generator_spec.rb +0 -28
  176. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  177. data/spec/generators/templates/routes.rb +0 -4
  178. data/spec/generators/views_generator_spec.rb +0 -29
  179. data/spec/grape/grape_integration_spec.rb +0 -137
  180. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  181. data/spec/lib/config_spec.rb +0 -739
  182. data/spec/lib/doorkeeper_spec.rb +0 -27
  183. data/spec/lib/models/expirable_spec.rb +0 -61
  184. data/spec/lib/models/reusable_spec.rb +0 -40
  185. data/spec/lib/models/revocable_spec.rb +0 -59
  186. data/spec/lib/models/scopes_spec.rb +0 -53
  187. data/spec/lib/models/secret_storable_spec.rb +0 -135
  188. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  189. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -168
  190. data/spec/lib/oauth/base_request_spec.rb +0 -222
  191. data/spec/lib/oauth/base_response_spec.rb +0 -47
  192. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  193. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -97
  194. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  195. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  196. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
  197. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
  198. data/spec/lib/oauth/client_spec.rb +0 -38
  199. data/spec/lib/oauth/code_request_spec.rb +0 -46
  200. data/spec/lib/oauth/code_response_spec.rb +0 -36
  201. data/spec/lib/oauth/error_response_spec.rb +0 -66
  202. data/spec/lib/oauth/error_spec.rb +0 -23
  203. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
  204. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
  205. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  206. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  207. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -75
  208. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
  209. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
  210. data/spec/lib/oauth/pre_authorization_spec.rb +0 -225
  211. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -178
  212. data/spec/lib/oauth/scopes_spec.rb +0 -148
  213. data/spec/lib/oauth/token_request_spec.rb +0 -153
  214. data/spec/lib/oauth/token_response_spec.rb +0 -86
  215. data/spec/lib/oauth/token_spec.rb +0 -158
  216. data/spec/lib/request/strategy_spec.rb +0 -54
  217. data/spec/lib/secret_storing/base_spec.rb +0 -60
  218. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  219. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  220. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  221. data/spec/lib/server_spec.rb +0 -49
  222. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  223. data/spec/models/doorkeeper/access_grant_spec.rb +0 -163
  224. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  225. data/spec/models/doorkeeper/application_spec.rb +0 -377
  226. data/spec/requests/applications/applications_request_spec.rb +0 -259
  227. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  228. data/spec/requests/endpoints/authorization_spec.rb +0 -89
  229. data/spec/requests/endpoints/token_spec.rb +0 -75
  230. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  231. data/spec/requests/flows/authorization_code_spec.rb +0 -513
  232. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  233. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  234. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  235. data/spec/requests/flows/password_spec.rb +0 -296
  236. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  237. data/spec/requests/flows/revoke_token_spec.rb +0 -151
  238. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  239. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  240. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  241. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  242. data/spec/routing/default_routes_spec.rb +0 -41
  243. data/spec/routing/scoped_routes_spec.rb +0 -47
  244. data/spec/spec_helper.rb +0 -57
  245. data/spec/spec_helper_integration.rb +0 -4
  246. data/spec/support/dependencies/factory_bot.rb +0 -4
  247. data/spec/support/doorkeeper_rspec.rb +0 -22
  248. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  249. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  250. data/spec/support/helpers/config_helper.rb +0 -11
  251. data/spec/support/helpers/model_helper.rb +0 -78
  252. data/spec/support/helpers/request_spec_helper.rb +0 -110
  253. data/spec/support/helpers/url_helper.rb +0 -62
  254. data/spec/support/http_method_shim.rb +0 -29
  255. data/spec/support/orm/active_record.rb +0 -5
  256. data/spec/support/shared/controllers_shared_context.rb +0 -123
  257. data/spec/support/shared/hashing_shared_context.rb +0 -36
  258. data/spec/support/shared/models_shared_examples.rb +0 -54
  259. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  260. data/spec/version/version_spec.rb +0 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 64def194ba59abd58240aa70f39ac3406d98b22f5d7b8b9cfe5399806a4e151f
4
- data.tar.gz: 746dd0ba0787e9c2d2fae79557c5bea548eb5553c8912c5fa9fbc39fe7ef3669
3
+ metadata.gz: 55c17555b9591b1a06b8164b0508ab733df8dca59e4b555e1dac3b3cc7a1112e
4
+ data.tar.gz: 56fd2b8475c97f0bc755086cc22ee1aa14d2ac47263f0e218f3cf4f9f80d5b38
5
5
  SHA512:
6
- metadata.gz: 1d04c62db89266915673e8527bcfbe61da5ebff72141de2a1b5712c2989fd283eb379008ef78c5f365e5f04fcfc10646a7614069ab23ddf0acc14a445bd54bed
7
- data.tar.gz: 788ea936761f3f91aa5906fedfea068427ac9f2a8412440fbde81938947f56b62beed61be8fcce4591fa252212a0072779711d3214488f3bc94723baa1468bf0
6
+ metadata.gz: b21d497b70266436f0446eec977f9ff074f646c0cdf417e08c8806529474ea91d112f0f1357a614f9e136b0dd042d665f7ea7325740254770ff01469df595390
7
+ data.tar.gz: eb23ac65993cf89d82b66e5616b231d58fd0ac928486354a2bc36fdf7173fb3ba807f434f85a45f4ea6d1600847b46bdd5ad76ea9d317c16908a114b18fdb94a
data/CHANGELOG.md CHANGED
@@ -5,9 +5,182 @@ upgrade guides.
5
5
 
6
6
  User-visible changes worth mentioning.
7
7
 
8
- ## master
8
+ ## main
9
+
10
+ - [#ID] Add your PR description here.
11
+
12
+ ## 5.5.4
13
+
14
+ - [#1535] Revert changes introduced in #1528 to allow query params in `redirect_uri` as per the spec.
15
+
16
+ ## 5.5.3
17
+
18
+ - [#1528] Don't allow extra query params in redirect_uri.
19
+ - [#1525] I18n source for forbidden token error is now `doorkeeper.errors.messages.forbidden_token.missing_scope`.
20
+ - [#1531] Disable `strict-loading` for Doorkeeper models by default.
21
+ - [#1532] Add support for Rails 7.
22
+
23
+ ## 5.5.2
24
+
25
+ - [#1502] Drop support for Ruby 2.4 because of EOL.
26
+ - [#1504] Updated the url fragment in the comment for code documentation.
27
+ - [#1512] Fix form behavior when response mode is form_post.
28
+ - [#1511] Fix that authorization code is returned by fragment if response_mode is fragament.
29
+
30
+ ## 5.5.1
31
+
32
+ - [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
33
+ - [#1495] Fix `respond_to` undefined in API-only mode
34
+ - [#1488] Verify client authentication for Resource Owner Password Grant when
35
+ `config.skip_client_authentication_for_password_grant` is set and the client credentials
36
+ are sent in a HTTP Basic auth header.
37
+
38
+ ## 5.5.0
39
+
40
+ - [#1482] Simplify `TokenInfoController` to be overridable (extract response rendering).
41
+ - [#1478] Fix ownership association and Rake tasks when custom models configured.
42
+ - [#1477] Respect `ActiveRecord::Base.pluralize_table_names` for Doorkeeper table names.
43
+
44
+ ## 5.5.0.rc2
45
+
46
+ - [#1473] Enable `Applications` and `AuthorizedApplications` controllers in API mode.
47
+
48
+ **[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
49
+ `use_doorkeeper` inside `routes.rb`. Please do it in case you don't need them.
50
+
51
+ - [#1472] Fix `establish_connection` configuration for custom defined models.
52
+ - [#1471] Add support for Ruby 3.0.
53
+ - [#1469] Check if `redirect_uri` exists.
54
+ - [#1465] Memoize nil doorkeeper_token.
55
+ - [#1459] Use built-in Ruby option to remove padding in PKCE code challenge value.
56
+ - [#1457] Make owner_id a bigint for newly-generated owner migrations
57
+ - [#1452] Empty previous_refresh_token only if present.
58
+ - [#1440] Validate empty host in redirect_uri.
59
+ - [#1438] Add form post response mode.
60
+ - [#1458] Make `config.skip_client_authentication_for_password_grant` a long term configuration option.
61
+
62
+ ## 5.5.0.rc1
63
+
64
+ - [#1435] Make error response not redirectable when client is unauthorized
65
+ - [#1426] Ensure ActiveRecord callbacks are executed on token revocation.
66
+ - [#1407] Remove redundant and complex to support helpers froms tests (`should_have_json`, etc).
67
+ - [#1416] Don't add introspection route if token introspection completely disabled.
68
+ - [#1410] Properly memoize `current_resource_owner` value (consider `nil` and `false` values).
69
+ - [#1415] Ignore PKCE params for non-PKCE grants.
70
+ - [#1418] Add ability to register custom OAuth Grant Flows.
71
+ - [#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.
9
72
 
10
- - [#PR ID] Your PR short description.
73
+ **[IMPORTANT]** you need to create a new OAuth client (`Doorkeeper::Application`) if you didn't
74
+ have it before and use client credentials in HTTP Basic auth if you previously used this grant
75
+ flow without client authentication. To opt out of this you could set the
76
+ `skip_client_authentication_for_password_grant` configuration option to `true`, but note that
77
+ this is in violation of the OAuth spec and represents a security risk.
78
+ All the users of your provider application now need to include client credentials when they use
79
+ this grant flow.
80
+
81
+ - [#1421] Add Resource Owner instance to authorization hook context for `custom_access_token_expires_in`
82
+ configuration option to allow resource owner based Access Tokens TTL.
83
+
84
+ ## 5.4.0
85
+
86
+ - [#1404] Make `Doorkeeper::Application#read_attribute_for_serialization` public.
87
+
88
+ ## 5.4.0.rc2
89
+
90
+ - [#1371] Add `#as_json` method and attributes serialization restriction for Application model.
91
+ Fixes information disclosure vulnerability (CVE-2020-10187).
92
+
93
+ **[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
94
+ if you previously used `#to_json` serialization with custom options or attributes or rely on
95
+ JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
96
+ is a breaking change which restricts serialized attributes to a very small set of columns.
97
+
98
+ - [#1395] Fix `NameError: uninitialized constant Doorkeeper::AccessToken` for Rake tasks.
99
+ - [#1397] Add `as: :doorkeeper_application` on Doorkeeper application form in order to support
100
+ custom configured application model.
101
+ - [#1400] Correctly yield the application instance to `allow_grant_flow_for_client?` config
102
+ option (fixes #1398).
103
+ - [#1402] Handle trying authorization with client credentials.
104
+
105
+ ## 5.4.0.rc1
106
+ - [#1366] Sets expiry of token generated using `refresh_token` to that of original token. (Fixes #1364)
107
+ - [#1354] Add `authorize_resource_owner_for_client` option to authorize the calling user to access an application.
108
+ - [#1355] Allow to enable polymorphic Resource Owner association for Access Token & Grant
109
+ models (`use_polymorphic_resource_owner` configuration option).
110
+
111
+ **[IMPORTANT]** Review your custom patches or extensions for Doorkeeper internals if you
112
+ have such - since now Doorkeeper passes Resource Owner instance to every objects and not
113
+ just it's ID. See PR description for details.
114
+
115
+ - [#1356] Remove duplicated scopes from Access Tokens and Grants on attribute assignment.
116
+ - [#1357] Fix `Doorkeeper::OAuth::PreAuthorization#as_json` method causing
117
+ `Stack level too deep` error with AMS (fix #1312).
118
+ - [#1358] Deprecate `active_record_options` configuration option.
119
+ - [#1359] Refactor Doorkeeper configuration options DSL to make it easy to reuse it
120
+ in external extensions.
121
+ - [#1360] Increase `matching_token_for` lookup size to 10 000 and make it configurable.
122
+ - [#1371] Fix controllers to use valid classes in case Doorkeeper has custom models configured.
123
+ - [#1370] Fix revocation response for invalid token and unauthorized requests to conform with RFC 7009 (fixes #1362).
124
+
125
+ **[IMPORTANT]** now fully according to RFC 7009 nobody can do a revocation request without `client_id`
126
+ (for public clients) and `client_secret` (for private clients). Please update your apps to include that
127
+ info in the revocation request payload.
128
+
129
+ - [#1373] Make Doorkeeper routes mapper reusable in extensions.
130
+ - [#1374] Revoke and issue client credentials token in a transaction with a row lock.
131
+ - [#1384] Add context object with auth/pre_auth and issued_token for authorization hooks.
132
+ - [#1387] Add `AccessToken#create_for` and use in `RefreshTokenRequest`.
133
+ - [#1392] Fix `enable_polymorphic_resource_owner` migration template to have proper index name.
134
+ - [#1393] Improve Applications #show page with more informative data on client secret and scopes.
135
+ - [#1394] Use Ruby `autoload` feature to load Doorkeeper files.
136
+
137
+ ## 5.3.3
138
+
139
+ - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
140
+
141
+ ## 5.3.2
142
+
143
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
144
+ Fixes information disclosure vulnerability (CVE-2020-10187).
145
+
146
+ ## 5.3.1
147
+
148
+ - [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
149
+
150
+ ## 5.3.0
151
+
152
+ - [#1339] Validate Resource Owner in `PasswordAccessTokenRequest` against `nil` and `false` values.
153
+ - [#1341] Fix `refresh_token_revoked_on_use` with `hash_token_secrets` enabled.
154
+ - [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
155
+ - [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
156
+ - [#1346] Refactor `Doorkeeper::Application#to_json` into convenient `#as_json` (fix #1344).
157
+ - [#1349] Fix `Doorkeeper::Application` AR associations using an incorrect foreign key name when using a custom class.
158
+ - [#1318] Make existing token revocation for client credentials optional and disable it by default.
159
+
160
+ **[IMPORTANT]** This is a change compared to the behaviour of version 5.2.
161
+ If you were relying on access tokens being revoked once the same client
162
+ requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
163
+ initialization file.
164
+
165
+ ## 5.2.6
166
+
167
+ - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
168
+
169
+ ## 5.2.5
170
+
171
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
172
+ Fixes information disclosure vulnerability (CVE-2020-10187).
173
+
174
+ ## 5.2.4
175
+
176
+ - [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
177
+
178
+ ## 5.2.3
179
+
180
+ - [#1334] Remove `application_secret` flash helper and `redirect_to` keyword.
181
+ - [#1331] Move redirect_uri_validator to where it is used (`Application` model).
182
+ - [#1326] Move response_type check in pre_authorization to a method to be easily to override.
183
+ - [#1329] Fix `find_in_batches` order warning.
11
184
 
12
185
  ## 5.2.2
13
186
 
@@ -30,6 +203,9 @@ User-visible changes worth mentioning.
30
203
  - [#1298] Slice strong params so doesn't error with Rails forms.
31
204
  - [#1300] Limiting access to attributes of pre_authorization.
32
205
  - [#1296] Adding client_id to strong parameters.
206
+
207
+ **[IMPORTANT]** `Doorkeeper::Server#client_via_uid` was removed.
208
+
33
209
  - [#1293] Move ar specific redirect uri validator to ar orm directory.
34
210
  - [#1288] Allow to pass attributes to the `Doorkeeper::OAuth::PreAuthorization#as_json` method to customize
35
211
  the PreAuthorization response.
@@ -42,6 +218,11 @@ User-visible changes worth mentioning.
42
218
 
43
219
  - [#1270] Find matching tokens in batches for `reuse_access_token` option (fix #1193).
44
220
  - [#1271] Reintroduce existing token revocation for client credentials.
221
+
222
+ **[IMPORTANT]** If you rely on being able to fetch multiple access tokens from the same
223
+ client using client credentials flow, you should skip to version 5.3, where this behaviour
224
+ is deactivated by default.
225
+
45
226
  - [#1269] Update initializer template documentation.
46
227
  - [#1266] Use strong parameters within pre-authorization.
47
228
  - [#1264] Add :before_successful_authorization and :after_successful_authorization hooks in TokensController
@@ -57,6 +238,15 @@ User-visible changes worth mentioning.
57
238
  - [#1248] Return the unhashed Application Secret in the JSON response after creating new application even when `hash_application_secrets` is used.
58
239
  - [#1238] Better support for native app with support for custom scheme and localhost redirection.
59
240
 
241
+ ## 5.1.2
242
+
243
+ - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
244
+
245
+ ## 5.1.1
246
+
247
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
248
+ Fixes information disclosure vulnerability (CVE-2020-10187).
249
+
60
250
  ## 5.1.0
61
251
 
62
252
  - [#1243] Add nil check operator in token checking at token introspection.
@@ -75,7 +265,7 @@ User-visible changes worth mentioning.
75
265
 
76
266
  **[IMPORTANT]** If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
77
267
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
78
- `use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt`.
268
+ `hash_application_secrets using: 'Doorkeeper::SecretStoring::BCrypt`.
79
269
 
80
270
  - [#1216] Add nil check to `expires_at` method.
81
271
  - [#1215] Fix deprecates for Rails 6.
@@ -118,6 +308,11 @@ User-visible changes worth mentioning.
118
308
  - [#1164] Fix error when `root_path` is not defined.
119
309
  - [#1162] Fix `enforce_content_type` for requests without body.
120
310
 
311
+ ## 5.0.3
312
+
313
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
314
+ Fixes information disclosure vulnerability (CVE-2020-10187).
315
+
121
316
  ## 5.0.2
122
317
 
123
318
  - [#1158] Fix initializer template: change `handle_auth_errors` option
data/README.md CHANGED
@@ -1,12 +1,12 @@
1
1
  # Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
4
- [![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=master)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
4
+ [![Build Status](https://app.travis-ci.com/doorkeeper-gem/doorkeeper.svg?branch=main)](https://app.travis-ci.com/doorkeeper-gem/doorkeeper)
5
5
  [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
6
- [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=master)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=master)
7
- [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master)
6
+ [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
7
+ [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main)
8
8
  [![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
9
- [![GuardRails badge](https://badges.production.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
9
+ [![GuardRails badge](https://badges.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
10
10
  [![Dependabot](https://img.shields.io/badge/dependabot-enabled-success.svg)](https://dependabot.com)
11
11
 
12
12
  Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider
@@ -14,18 +14,18 @@ functionality to your Ruby on Rails or Grape application.
14
14
 
15
15
  Supported features:
16
16
 
17
- - [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
18
- - [Authorization Code Flow](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1)
19
- - [Access Token Scopes](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3)
20
- - [Refresh token](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-1.5)
21
- - [Implicit grant](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2)
22
- - [Resource Owner Password Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.3)
23
- - [Client Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.4)
24
- - [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
25
- - [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
26
- - [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
27
- - [OAuth 2.0 for Native Apps](https://tools.ietf.org/html/draft-ietf-oauth-native-apps-10)
28
- - [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
17
+ - [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
18
+ - [Authorization Code Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
19
+ - [Access Token Scopes](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3)
20
+ - [Refresh token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)
21
+ - [Implicit grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2)
22
+ - [Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3)
23
+ - [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
24
+ - [OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
25
+ - [OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662)
26
+ - [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
27
+ - [OAuth 2.0 for Native Apps](https://datatracker.ietf.org/doc/html/rfc8252)
28
+ - [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)
29
29
 
30
30
  ## Table of Contents
31
31
 
@@ -51,7 +51,7 @@ Supported features:
51
51
 
52
52
  ## Documentation
53
53
 
54
- This documentation is valid for `master` branch. Please check the documentation for the version of doorkeeper you are using in:
54
+ This documentation is valid for `main` branch. Please check the documentation for the version of doorkeeper you are using in:
55
55
  https://github.com/doorkeeper-gem/doorkeeper/releases.
56
56
 
57
57
  Additionally, other resources can be found on:
@@ -113,7 +113,7 @@ These applications show how Doorkeeper works and how to integrate with it. Start
113
113
 
114
114
  | Application | Link |
115
115
  | :--- | :--- |
116
- | oAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
116
+ | OAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
117
117
  | Sinatra Client connected to Provider App | [doorkeeper-gem/doorkeeper-sinatra-client](https://github.com/doorkeeper-gem/doorkeeper-sinatra-client) |
118
118
  | Devise + Omniauth Client | [doorkeeper-gem/doorkeeper-devise-client](https://github.com/doorkeeper-gem/doorkeeper-devise-client) |
119
119
 
@@ -134,6 +134,12 @@ See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-to
134
134
 
135
135
  Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/doorkeeper-gem#sponsor)]
136
136
 
137
+ <a href="https://codecademy.com/about/careers?utm_source=doorkeeper-gem" target="_blank"><img src="https://static-assets.codecademy.com/marketing/codecademy_logo_padded.png"/></a>
138
+
139
+ > Codecademy supports open source as part of its mission to democratize tech. Come help us build the education the world deserves: [https://codecademy.com/about/careers](https://codecademy.com/about/careers?utm_source=doorkeeper-gem)
140
+
141
+ <br>
142
+
137
143
  <a href="https://oauth.io/?utm_source=doorkeeper-gem" target="_blank"><img src="https://oauth.io/img/logo_text.png"/></a>
138
144
 
139
145
  > If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)
@@ -160,6 +166,9 @@ tests with a specific Rails version:
160
166
  BUNDLE_GEMFILE=gemfiles/rails_6_0.gemfile bundle exec rake
161
167
  ```
162
168
 
169
+ You can also experiment with the changes using `bin/console`. It uses in-memory SQLite database and default
170
+ Doorkeeper config, but you can reestablish connection or reconfigure the gem if you need.
171
+
163
172
  ## Contributing
164
173
 
165
174
  Want to contribute and don't know where to start? Check out [features we're
@@ -168,8 +177,7 @@ create [example
168
177
  apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
169
178
  integrate the gem with your app and let us know!
170
179
 
171
- Also, check out our [contributing guidelines
172
- page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
180
+ Also, check out our [contributing guidelines page](CONTRIBUTING.md).
173
181
 
174
182
  ## Contributors
175
183
 
@@ -2,10 +2,11 @@
2
2
 
3
3
  module Doorkeeper
4
4
  class ApplicationController <
5
- Doorkeeper.configuration.resolve_controller(:base)
5
+ Doorkeeper.config.resolve_controller(:base)
6
6
  include Helpers::Controller
7
+ include ActionController::MimeResponds if Doorkeeper.config.api_only
7
8
 
8
- unless Doorkeeper.configuration.api_only
9
+ unless Doorkeeper.config.api_only
9
10
  protect_from_forgery with: :exception
10
11
  helper "doorkeeper/dashboard"
11
12
  end
@@ -2,11 +2,11 @@
2
2
 
3
3
  module Doorkeeper
4
4
  class ApplicationMetalController <
5
- Doorkeeper.configuration.resolve_controller(:base_metal)
5
+ Doorkeeper.config.resolve_controller(:base_metal)
6
6
  include Helpers::Controller
7
7
 
8
8
  before_action :enforce_content_type,
9
- if: -> { Doorkeeper.configuration.enforce_content_type }
9
+ if: -> { Doorkeeper.config.enforce_content_type }
10
10
 
11
11
  ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
12
12
  end
@@ -4,12 +4,11 @@ module Doorkeeper
4
4
  class ApplicationsController < Doorkeeper::ApplicationController
5
5
  layout "doorkeeper/admin" unless Doorkeeper.configuration.api_only
6
6
 
7
- add_flash_types :application_secret unless Doorkeeper.configuration.api_only
8
7
  before_action :authenticate_admin!
9
8
  before_action :set_application, only: %i[show edit update destroy]
10
9
 
11
10
  def index
12
- @applications = Application.ordered_by(:created_at)
11
+ @applications = Doorkeeper.config.application_model.ordered_by(:created_at)
13
12
 
14
13
  respond_to do |format|
15
14
  format.html
@@ -20,16 +19,16 @@ module Doorkeeper
20
19
  def show
21
20
  respond_to do |format|
22
21
  format.html
23
- format.json { render json: @application }
22
+ format.json { render json: @application, as_owner: true }
24
23
  end
25
24
  end
26
25
 
27
26
  def new
28
- @application = Application.new
27
+ @application = Doorkeeper.config.application_model.new
29
28
  end
30
29
 
31
30
  def create
32
- @application = Application.new(application_params)
31
+ @application = Doorkeeper.config.application_model.new(application_params)
33
32
 
34
33
  if @application.save
35
34
  flash[:notice] = I18n.t(:notice, scope: %i[doorkeeper flash applications create])
@@ -37,7 +36,7 @@ module Doorkeeper
37
36
 
38
37
  respond_to do |format|
39
38
  format.html { redirect_to oauth_application_url(@application) }
40
- format.json { render json: @application }
39
+ format.json { render json: @application, as_owner: true }
41
40
  end
42
41
  else
43
42
  respond_to do |format|
@@ -59,7 +58,7 @@ module Doorkeeper
59
58
 
60
59
  respond_to do |format|
61
60
  format.html { redirect_to oauth_application_url(@application) }
62
- format.json { render json: @application }
61
+ format.json { render json: @application, as_owner: true }
63
62
  end
64
63
  else
65
64
  respond_to do |format|
@@ -85,7 +84,7 @@ module Doorkeeper
85
84
  private
86
85
 
87
86
  def set_application
88
- @application = Application.find(params[:id])
87
+ @application = Doorkeeper.config.application_model.find(params[:id])
89
88
  end
90
89
 
91
90
  def application_params
@@ -42,22 +42,31 @@ module Doorkeeper
42
42
  end
43
43
 
44
44
  def matching_token?
45
- AccessToken.matching_token_for(
45
+ Doorkeeper.config.access_token_model.matching_token_for(
46
46
  pre_auth.client,
47
- current_resource_owner.id,
48
- pre_auth.scopes
47
+ current_resource_owner,
48
+ pre_auth.scopes,
49
49
  )
50
50
  end
51
51
 
52
52
  def redirect_or_render(auth)
53
53
  if auth.redirectable?
54
54
  if Doorkeeper.configuration.api_only
55
- render(
56
- json: { status: :redirect, redirect_uri: auth.redirect_uri },
57
- status: auth.status
58
- )
55
+ if pre_auth.form_post_response?
56
+ render(
57
+ json: { status: :post, redirect_uri: pre_auth.redirect_uri, body: auth.body },
58
+ status: auth.status,
59
+ )
60
+ else
61
+ render(
62
+ json: { status: :redirect, redirect_uri: auth.redirect_uri },
63
+ status: auth.status,
64
+ )
65
+ end
66
+ elsif pre_auth.form_post_response?
67
+ render :form_post
59
68
  else
60
- redirect_to auth.redirect_uri
69
+ redirect_to auth.redirect_uri, allow_other_host: true
61
70
  end
62
71
  else
63
72
  render json: auth.body, status: auth.status
@@ -65,7 +74,11 @@ module Doorkeeper
65
74
  end
66
75
 
67
76
  def pre_auth
68
- @pre_auth ||= OAuth::PreAuthorization.new(Doorkeeper.configuration, pre_auth_params)
77
+ @pre_auth ||= OAuth::PreAuthorization.new(
78
+ Doorkeeper.configuration,
79
+ pre_auth_params,
80
+ current_resource_owner,
81
+ )
69
82
  end
70
83
 
71
84
  def pre_auth_params
@@ -73,8 +86,16 @@ module Doorkeeper
73
86
  end
74
87
 
75
88
  def pre_auth_param_fields
76
- %i[client_id response_type redirect_uri scope state code_challenge
77
- code_challenge_method]
89
+ %i[
90
+ client_id
91
+ code_challenge
92
+ code_challenge_method
93
+ response_type
94
+ response_mode
95
+ redirect_uri
96
+ scope
97
+ state
98
+ ]
78
99
  end
79
100
 
80
101
  def authorization
@@ -82,26 +103,35 @@ module Doorkeeper
82
103
  end
83
104
 
84
105
  def strategy
85
- @strategy ||= server.authorization_request pre_auth.response_type
106
+ @strategy ||= server.authorization_request(pre_auth.response_type)
86
107
  end
87
108
 
88
109
  def authorize_response
89
110
  @authorize_response ||= begin
90
111
  return pre_auth.error_response unless pre_auth.authorizable?
91
112
 
92
- before_successful_authorization
113
+ context = build_context(pre_auth: pre_auth)
114
+ before_successful_authorization(context)
115
+
93
116
  auth = strategy.authorize
94
- after_successful_authorization
117
+
118
+ context = build_context(auth: auth)
119
+ after_successful_authorization(context)
120
+
95
121
  auth
96
122
  end
97
123
  end
98
124
 
99
- def after_successful_authorization
100
- Doorkeeper.configuration.after_successful_authorization.call(self)
125
+ def build_context(**attributes)
126
+ Doorkeeper::OAuth::Hooks::Context.new(**attributes)
127
+ end
128
+
129
+ def before_successful_authorization(context = nil)
130
+ Doorkeeper.config.before_successful_authorization.call(self, context)
101
131
  end
102
132
 
103
- def before_successful_authorization
104
- Doorkeeper.configuration.before_successful_authorization.call(self)
133
+ def after_successful_authorization(context)
134
+ Doorkeeper.config.after_successful_authorization.call(self, context)
105
135
  end
106
136
  end
107
137
  end
@@ -5,28 +5,28 @@ module Doorkeeper
5
5
  before_action :authenticate_resource_owner!
6
6
 
7
7
  def index
8
- @applications = Application.authorized_for(current_resource_owner)
8
+ @applications = Doorkeeper.config.application_model.authorized_for(current_resource_owner)
9
9
 
10
10
  respond_to do |format|
11
11
  format.html
12
- format.json { render json: @applications }
12
+ format.json { render json: @applications, current_resource_owner: current_resource_owner }
13
13
  end
14
14
  end
15
15
 
16
16
  def destroy
17
- Application.revoke_tokens_and_grants_for(
17
+ Doorkeeper.config.application_model.revoke_tokens_and_grants_for(
18
18
  params[:id],
19
- current_resource_owner
19
+ current_resource_owner,
20
20
  )
21
21
 
22
22
  respond_to do |format|
23
23
  format.html do
24
24
  redirect_to oauth_authorized_applications_url, notice: I18n.t(
25
- :notice, scope: %i[doorkeeper flash authorized_applications destroy]
25
+ :notice, scope: %i[doorkeeper flash authorized_applications destroy],
26
26
  )
27
27
  end
28
28
 
29
- format.json { render :no_content }
29
+ format.json { head :no_content }
30
30
  end
31
31
  end
32
32
  end
@@ -4,12 +4,22 @@ module Doorkeeper
4
4
  class TokenInfoController < Doorkeeper::ApplicationMetalController
5
5
  def show
6
6
  if doorkeeper_token&.accessible?
7
- render json: doorkeeper_token, status: :ok
7
+ render json: doorkeeper_token_to_json, status: :ok
8
8
  else
9
9
  error = OAuth::InvalidTokenResponse.new
10
10
  response.headers.merge!(error.headers)
11
- render json: error.body, status: error.status
11
+ render json: error_to_json(error), status: error.status
12
12
  end
13
13
  end
14
+
15
+ protected
16
+
17
+ def doorkeeper_token_to_json
18
+ doorkeeper_token
19
+ end
20
+
21
+ def error_to_json(error)
22
+ error.body
23
+ end
14
24
  end
15
25
  end