doorkeeper 5.2.2 → 5.5.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +198 -3
- data/README.md +28 -20
- data/app/controllers/doorkeeper/application_controller.rb +3 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
- data/app/controllers/doorkeeper/applications_controller.rb +7 -8
- data/app/controllers/doorkeeper/authorizations_controller.rb +48 -18
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +6 -6
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +70 -25
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +35 -14
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +2 -0
- data/config/locales/en.yml +9 -2
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +26 -14
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +214 -122
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/helpers.rb +2 -2
- data/lib/doorkeeper/helpers/controller.rb +18 -12
- data/lib/doorkeeper/models/access_grant_mixin.rb +23 -19
- data/lib/doorkeeper/models/access_token_mixin.rb +157 -55
- data/lib/doorkeeper/models/application_mixin.rb +8 -7
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +22 -9
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +23 -18
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +30 -20
- data/lib/doorkeeper/oauth/base_request.rb +19 -23
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client.rb +8 -9
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +38 -12
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
- data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +7 -5
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +4 -4
- data/lib/doorkeeper/oauth/code_response.rb +24 -14
- data/lib/doorkeeper/oauth/error.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +10 -11
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +10 -7
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -19
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
- data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
- data/lib/doorkeeper/oauth/password_access_token_request.rb +28 -10
- data/lib/doorkeeper/oauth/pre_authorization.rb +73 -37
- data/lib/doorkeeper/oauth/refresh_token_request.rb +35 -26
- data/lib/doorkeeper/oauth/token.rb +6 -7
- data/lib/doorkeeper/oauth/token_introspection.rb +12 -16
- data/lib/doorkeeper/oauth/token_request.rb +3 -3
- data/lib/doorkeeper/oauth/token_response.rb +1 -1
- data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
- data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
- data/lib/doorkeeper/orm/active_record/application.rb +5 -95
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +69 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +60 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +199 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +8 -3
- data/lib/doorkeeper/orm/active_record.rb +5 -7
- data/lib/doorkeeper/rails/helpers.rb +4 -4
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +17 -25
- data/lib/doorkeeper/rake/db.rake +6 -6
- data/lib/doorkeeper/rake/setup.rake +5 -0
- data/lib/doorkeeper/request/authorization_code.rb +3 -3
- data/lib/doorkeeper/request/client_credentials.rb +2 -2
- data/lib/doorkeeper/request/password.rb +3 -2
- data/lib/doorkeeper/request/refresh_token.rb +5 -4
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/request.rb +49 -12
- data/lib/doorkeeper/server.rb +5 -5
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +2 -6
- data/lib/doorkeeper.rb +112 -81
- data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/migration_generator.rb +1 -1
- data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +99 -14
- data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
- metadata +37 -306
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -18
- data/gemfiles/rails_5_1.gemfile +0 -18
- data/gemfiles/rails_5_2.gemfile +0 -18
- data/gemfiles/rails_6_0.gemfile +0 -18
- data/gemfiles/rails_master.gemfile +0 -18
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -273
- data/spec/controllers/authorizations_controller_spec.rb +0 -608
- data/spec/controllers/protected_resources_controller_spec.rb +0 -353
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -498
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -49
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -739
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -168
- data/spec/lib/oauth/base_request_spec.rb +0 -222
- data/spec/lib/oauth/base_response_spec.rb +0 -47
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -97
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -66
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -75
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -225
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -178
- data/spec/lib/oauth/scopes_spec.rb +0 -148
- data/spec/lib/oauth/token_request_spec.rb +0 -153
- data/spec/lib/oauth/token_response_spec.rb +0 -86
- data/spec/lib/oauth/token_spec.rb +0 -158
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -163
- data/spec/models/doorkeeper/access_token_spec.rb +0 -622
- data/spec/models/doorkeeper/application_spec.rb +0 -377
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -89
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_spec.rb +0 -513
- data/spec/requests/flows/client_credentials_spec.rb +0 -166
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -296
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -151
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -57
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/http_method_shim.rb +0 -29
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -123
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
@@ -1,31 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
Dummy::Application.configure do
|
4
|
-
# Settings specified here will take precedence over those in config/application.rb
|
5
|
-
|
6
|
-
# In the development environment your application's code is reloaded on
|
7
|
-
# every request. This slows down response time but is perfect for development
|
8
|
-
# since you don't have to restart the web server when you make code changes.
|
9
|
-
config.cache_classes = false
|
10
|
-
|
11
|
-
# Show full error reports and disable caching
|
12
|
-
config.consider_all_requests_local = true
|
13
|
-
config.action_controller.perform_caching = false
|
14
|
-
|
15
|
-
# Don't care if the mailer can't send
|
16
|
-
# config.action_mailer.raise_delivery_errors = false
|
17
|
-
|
18
|
-
# Print deprecation notices to the Rails logger
|
19
|
-
config.active_support.deprecation = :log
|
20
|
-
|
21
|
-
# Only use best-standards-support built into browsers
|
22
|
-
config.action_dispatch.best_standards_support = :builtin
|
23
|
-
|
24
|
-
# Do not compress assets
|
25
|
-
config.assets.compress = false
|
26
|
-
|
27
|
-
# Expands the lines which load the assets
|
28
|
-
config.assets.debug = true
|
29
|
-
|
30
|
-
config.eager_load = false
|
31
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
Dummy::Application.configure do
|
4
|
-
# Settings specified here will take precedence over those in config/application.rb
|
5
|
-
|
6
|
-
# Code is not reloaded between requests
|
7
|
-
config.cache_classes = true
|
8
|
-
|
9
|
-
# Full error reports are disabled and caching is turned on
|
10
|
-
config.consider_all_requests_local = false
|
11
|
-
config.action_controller.perform_caching = true
|
12
|
-
|
13
|
-
# Disable Rails's static asset server (Apache or nginx will already do this)
|
14
|
-
config.serve_static_assets = false
|
15
|
-
|
16
|
-
# Compress JavaScripts and CSS
|
17
|
-
config.assets.compress = true
|
18
|
-
|
19
|
-
# Don't fallback to assets pipeline if a precompiled asset is missed
|
20
|
-
config.assets.compile = false
|
21
|
-
|
22
|
-
# Generate digests for assets URLs
|
23
|
-
config.assets.digest = true
|
24
|
-
|
25
|
-
# Defaults to Rails.root.join("public/assets")
|
26
|
-
# config.assets.manifest = YOUR_PATH
|
27
|
-
|
28
|
-
# Specifies the header that your server uses for sending files
|
29
|
-
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
30
|
-
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
31
|
-
|
32
|
-
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
33
|
-
# config.force_ssl = true
|
34
|
-
|
35
|
-
# See everything in the log (default is :info)
|
36
|
-
# config.log_level = :debug
|
37
|
-
|
38
|
-
# Use a different logger for distributed setups
|
39
|
-
# config.logger = SyslogLogger.new
|
40
|
-
|
41
|
-
# Use a different cache store in production
|
42
|
-
# config.cache_store = :mem_cache_store
|
43
|
-
|
44
|
-
# Enable serving of images, stylesheets, and JavaScripts from an asset server
|
45
|
-
# config.action_controller.asset_host = "http://assets.example.com"
|
46
|
-
|
47
|
-
# Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
|
48
|
-
# config.assets.precompile += %w( search.js )
|
49
|
-
|
50
|
-
# Disable delivery errors, bad email addresses will be ignored
|
51
|
-
# config.action_mailer.raise_delivery_errors = false
|
52
|
-
|
53
|
-
# Enable threaded mode
|
54
|
-
# config.threadsafe!
|
55
|
-
|
56
|
-
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
57
|
-
# the I18n.default_locale when a translation can not be found)
|
58
|
-
config.i18n.fallbacks = true
|
59
|
-
|
60
|
-
# Send deprecation notices to registered listeners
|
61
|
-
config.active_support.deprecation = :notify
|
62
|
-
|
63
|
-
config.eager_load = true
|
64
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
Dummy::Application.configure do
|
4
|
-
# Settings specified here will take precedence over those in config/application.rb
|
5
|
-
|
6
|
-
# The test environment is used exclusively to run your application's
|
7
|
-
# test suite. You never need to work with it otherwise. Remember that
|
8
|
-
# your test database is "scratch space" for the test suite and is wiped
|
9
|
-
# and recreated between test runs. Don't rely on the data there!
|
10
|
-
config.cache_classes = true
|
11
|
-
|
12
|
-
config.assets.enabled = true
|
13
|
-
config.assets.version = "1.0"
|
14
|
-
config.assets.digest = false
|
15
|
-
|
16
|
-
# Do not eager load code on boot. This avoids loading your whole application
|
17
|
-
# just for the purpose of running a single test. If you are using a tool that
|
18
|
-
# preloads Rails for running tests, you may have to set it to true.
|
19
|
-
config.eager_load = false
|
20
|
-
|
21
|
-
# Show full error reports and disable caching
|
22
|
-
config.consider_all_requests_local = true
|
23
|
-
config.action_controller.perform_caching = false
|
24
|
-
|
25
|
-
# Raise exceptions instead of rendering exception templates
|
26
|
-
config.action_dispatch.show_exceptions = false
|
27
|
-
|
28
|
-
# Disable request forgery protection in test environment
|
29
|
-
config.action_controller.allow_forgery_protection = false
|
30
|
-
|
31
|
-
# Tell Action Mailer not to deliver emails to the real world.
|
32
|
-
# The :test delivery method accumulates sent emails in the
|
33
|
-
# ActionMailer::Base.deliveries array.
|
34
|
-
# config.action_mailer.delivery_method = :test
|
35
|
-
|
36
|
-
# Use SQL instead of Active Record's schema dumper when creating the test database.
|
37
|
-
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
38
|
-
# like if you have constraints or database-specific column types
|
39
|
-
# config.active_record.schema_format = :sql
|
40
|
-
|
41
|
-
# Print deprecation notices to the stderr
|
42
|
-
config.active_support.deprecation = :stderr
|
43
|
-
|
44
|
-
config.eager_load = true
|
45
|
-
end
|
@@ -1,9 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
|
5
|
-
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
6
|
-
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
7
|
-
|
8
|
-
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
9
|
-
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -1,166 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
Doorkeeper.configure do
|
4
|
-
# Change the ORM that doorkeeper will use.
|
5
|
-
orm DOORKEEPER_ORM
|
6
|
-
|
7
|
-
# This block will be called to check whether the resource owner is authenticated or not.
|
8
|
-
resource_owner_authenticator do
|
9
|
-
# Put your resource owner authentication logic here.
|
10
|
-
User.where(id: session[:user_id]).first || redirect_to(root_url, alert: "Needs sign in.")
|
11
|
-
end
|
12
|
-
|
13
|
-
# If you didn't skip applications controller from Doorkeeper routes in your application routes.rb
|
14
|
-
# file then you need to declare this block in order to restrict access to the web interface for
|
15
|
-
# adding oauth authorized applications. In other case it will return 403 Forbidden response
|
16
|
-
# every time somebody will try to access the admin web interface.
|
17
|
-
#
|
18
|
-
# admin_authenticator do
|
19
|
-
# # Put your admin authentication logic here.
|
20
|
-
# # Example implementation:
|
21
|
-
# Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
|
22
|
-
# end
|
23
|
-
|
24
|
-
# Authorization Code expiration time (default 10 minutes).
|
25
|
-
# authorization_code_expires_in 10.minutes
|
26
|
-
|
27
|
-
# Access token expiration time (default 2 hours).
|
28
|
-
# If you want to disable expiration, set this to nil.
|
29
|
-
# access_token_expires_in 2.hours
|
30
|
-
|
31
|
-
# Reuse access token for the same resource owner within an application (disabled by default)
|
32
|
-
# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
|
33
|
-
# reuse_access_token
|
34
|
-
|
35
|
-
# Issue access tokens with refresh token (disabled by default)
|
36
|
-
use_refresh_token
|
37
|
-
|
38
|
-
# Forbids creating/updating applications with arbitrary scopes that are
|
39
|
-
# not in configuration, i.e. `default_scopes` or `optional_scopes`.
|
40
|
-
# (disabled by default)
|
41
|
-
#
|
42
|
-
# enforce_configured_scopes
|
43
|
-
|
44
|
-
# Provide support for an owner to be assigned to each registered application (disabled by default)
|
45
|
-
# Optional parameter confirmation: true (default false) if you want to enforce ownership of
|
46
|
-
# a registered application
|
47
|
-
# Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
|
48
|
-
# enable_application_owner confirmation: false
|
49
|
-
|
50
|
-
# Define access token scopes for your provider
|
51
|
-
# For more information go to
|
52
|
-
# https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
|
53
|
-
default_scopes :public
|
54
|
-
optional_scopes :write, :update
|
55
|
-
|
56
|
-
# Change the way client credentials are retrieved from the request object.
|
57
|
-
# By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
|
58
|
-
# falls back to the `:client_id` and `:client_secret` params from the `params` object.
|
59
|
-
# Check out the wiki for more information on customization
|
60
|
-
# client_credentials :from_basic, :from_params
|
61
|
-
|
62
|
-
# Change the way access token is authenticated from the request object.
|
63
|
-
# By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
|
64
|
-
# falls back to the `:access_token` or `:bearer_token` params from the `params` object.
|
65
|
-
# Check out the wiki for more information on customization
|
66
|
-
# access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
|
67
|
-
|
68
|
-
# Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
|
69
|
-
# by default in non-development environments). OAuth2 delegates security in
|
70
|
-
# communication to the HTTPS protocol so it is wise to keep this enabled.
|
71
|
-
#
|
72
|
-
# force_ssl_in_redirect_uri !Rails.env.development?
|
73
|
-
|
74
|
-
# Specify what grant flows are enabled in array of Strings. The valid
|
75
|
-
# strings and the flows they enable are:
|
76
|
-
#
|
77
|
-
# "authorization_code" => Authorization Code Grant Flow
|
78
|
-
# "implicit" => Implicit Grant Flow
|
79
|
-
# "password" => Resource Owner Password Credentials Grant Flow
|
80
|
-
# "client_credentials" => Client Credentials Grant Flow
|
81
|
-
#
|
82
|
-
# If not specified, Doorkeeper enables authorization_code and
|
83
|
-
# client_credentials.
|
84
|
-
#
|
85
|
-
# implicit and password grant flows have risks that you should understand
|
86
|
-
# before enabling:
|
87
|
-
# http://tools.ietf.org/html/rfc6819#section-4.4.2
|
88
|
-
# http://tools.ietf.org/html/rfc6819#section-4.4.3
|
89
|
-
#
|
90
|
-
# grant_flows %w[authorization_code client_credentials]
|
91
|
-
|
92
|
-
# Hook into the strategies' request & response life-cycle in case your
|
93
|
-
# application needs advanced customization or logging:
|
94
|
-
#
|
95
|
-
# before_successful_strategy_response do |request|
|
96
|
-
# puts "BEFORE HOOK FIRED! #{request}"
|
97
|
-
# end
|
98
|
-
#
|
99
|
-
# after_successful_strategy_response do |request, response|
|
100
|
-
# puts "AFTER HOOK FIRED! #{request}, #{response}"
|
101
|
-
# end
|
102
|
-
|
103
|
-
# Under some circumstances you might want to have applications auto-approved,
|
104
|
-
# so that the user skips the authorization step.
|
105
|
-
# For example if dealing with a trusted application.
|
106
|
-
# skip_authorization do |resource_owner, client|
|
107
|
-
# client.superapp? or resource_owner.admin?
|
108
|
-
# end
|
109
|
-
|
110
|
-
# Configure custom constraints for the Token Introspection request.
|
111
|
-
# By default this configuration option allows to introspect a token by another
|
112
|
-
# token of the same application, OR to introspect the token that belongs to
|
113
|
-
# authorized client (from authenticated client) OR when token doesn't
|
114
|
-
# belong to any client (public token). Otherwise requester has no access to the
|
115
|
-
# introspection and it will return response as stated in the RFC.
|
116
|
-
#
|
117
|
-
# Block arguments:
|
118
|
-
#
|
119
|
-
# @param token [Doorkeeper::AccessToken]
|
120
|
-
# token to be introspected
|
121
|
-
#
|
122
|
-
# @param authorized_client [Doorkeeper::Application]
|
123
|
-
# authorized client (if request is authorized using Basic auth with
|
124
|
-
# Client Credentials for example)
|
125
|
-
#
|
126
|
-
# @param authorized_token [Doorkeeper::AccessToken]
|
127
|
-
# Bearer token used to authorize the request
|
128
|
-
#
|
129
|
-
# In case the block returns `nil` or `false` introspection responses with 401 status code
|
130
|
-
# when using authorized token to introspect, or you'll get 200 with { "active": false } body
|
131
|
-
# when using authorized client to introspect as stated in the
|
132
|
-
# RFC 7662 section 2.2. Introspection Response.
|
133
|
-
#
|
134
|
-
# Using with caution:
|
135
|
-
# Keep in mind that these three parameters pass to block can be nil as following case:
|
136
|
-
# `authorized_client` is nil if and only if `authorized_token` is present, and vice versa.
|
137
|
-
# `token` will be nil if and only if `authorized_token` is present.
|
138
|
-
# So remember to use `&` or check if it is present before calling method on
|
139
|
-
# them to make sure you doesn't get NoMethodError exception.
|
140
|
-
#
|
141
|
-
# You can define your custom check:
|
142
|
-
#
|
143
|
-
# allow_token_introspection do |token, authorized_client, authorized_token|
|
144
|
-
# if authorized_token
|
145
|
-
# # customize: require `introspection` scope
|
146
|
-
# authorized_token.application == token&.application ||
|
147
|
-
# authorized_token.scopes.include?("introspection")
|
148
|
-
# elsif token.application
|
149
|
-
# # `protected_resource` is a new database boolean column, for example
|
150
|
-
# authorized_client == token.application || authorized_client.protected_resource?
|
151
|
-
# else
|
152
|
-
# # public token (when token.application is nil, token doesn't belong to any application)
|
153
|
-
# true
|
154
|
-
# end
|
155
|
-
# end
|
156
|
-
#
|
157
|
-
# Or you can completely disable any token introspection:
|
158
|
-
#
|
159
|
-
# allow_token_introspection false
|
160
|
-
#
|
161
|
-
# If you need to block the request at all, then configure your routes.rb or web-server
|
162
|
-
# like nginx to forbid the request.
|
163
|
-
|
164
|
-
# WWW-Authenticate Realm (default "Doorkeeper").
|
165
|
-
realm "Doorkeeper"
|
166
|
-
end
|
@@ -1,10 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
|
5
|
-
# Your secret key for verifying the integrity of signed cookies.
|
6
|
-
# If you change this key, all old signed cookies will become invalid!
|
7
|
-
# Make sure the secret is at least 30 characters and all random,
|
8
|
-
# no regular words or you'll be exposed to dictionary attacks.
|
9
|
-
Dummy::Application.config.secret_key_base =
|
10
|
-
"c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159"
|
@@ -1,10 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
|
5
|
-
Dummy::Application.config.session_store :cookie_store, key: "_dummy_session"
|
6
|
-
|
7
|
-
# Use the database for sessions instead of the cookie-based default,
|
8
|
-
# which shouldn't be used to store highly confidential information
|
9
|
-
# (create the session table with "rails generate session_migration")
|
10
|
-
# Dummy::Application.config.session_store :active_record_store
|
@@ -1,16 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Be sure to restart your server when you modify this file.
|
4
|
-
#
|
5
|
-
# This file contains settings for ActionController::ParamsWrapper which
|
6
|
-
# is enabled by default.
|
7
|
-
|
8
|
-
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
9
|
-
ActiveSupport.on_load(:action_controller) do
|
10
|
-
wrap_parameters format: [:json]
|
11
|
-
end
|
12
|
-
|
13
|
-
# Disable root element in JSON by default.
|
14
|
-
ActiveSupport.on_load(:active_record) do
|
15
|
-
self.include_root_in_json = false
|
16
|
-
end
|
data/spec/dummy/config/routes.rb
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
Rails.application.routes.draw do
|
2
|
-
use_doorkeeper
|
3
|
-
|
4
|
-
resources :semi_protected_resources
|
5
|
-
resources :full_protected_resources
|
6
|
-
|
7
|
-
get 'metal.json' => 'metal#index'
|
8
|
-
|
9
|
-
get '/callback', to: 'home#callback'
|
10
|
-
get '/sign_in', to: 'home#sign_in'
|
11
|
-
|
12
|
-
root to: 'home#index'
|
13
|
-
end
|
data/spec/dummy/config.ru
DELETED
@@ -1,69 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
|
4
|
-
def change
|
5
|
-
create_table :oauth_applications do |t|
|
6
|
-
t.string :name, null: false
|
7
|
-
t.string :uid, null: false
|
8
|
-
t.string :secret, null: false
|
9
|
-
|
10
|
-
# Remove `null: false` if you are planning to use grant flows
|
11
|
-
# that doesn't require redirect URI to be used during authorization
|
12
|
-
# like Client Credentials flow or Resource Owner Password.
|
13
|
-
t.text :redirect_uri, null: false
|
14
|
-
t.string :scopes, null: false, default: ""
|
15
|
-
t.timestamps null: false
|
16
|
-
end
|
17
|
-
|
18
|
-
add_index :oauth_applications, :uid, unique: true
|
19
|
-
|
20
|
-
create_table :oauth_access_grants do |t|
|
21
|
-
t.references :resource_owner, null: false
|
22
|
-
t.references :application, null: false
|
23
|
-
t.string :token, null: false
|
24
|
-
t.integer :expires_in, null: false
|
25
|
-
t.text :redirect_uri, null: false
|
26
|
-
t.datetime :created_at, null: false
|
27
|
-
t.datetime :revoked_at
|
28
|
-
t.string :scopes, null: false, default: ""
|
29
|
-
end
|
30
|
-
|
31
|
-
add_index :oauth_access_grants, :token, unique: true
|
32
|
-
add_foreign_key(
|
33
|
-
:oauth_access_grants,
|
34
|
-
:oauth_applications,
|
35
|
-
column: :application_id
|
36
|
-
)
|
37
|
-
|
38
|
-
create_table :oauth_access_tokens do |t|
|
39
|
-
t.references :resource_owner, index: true
|
40
|
-
t.references :application, null: false
|
41
|
-
|
42
|
-
# If you use a custom token generator you may need to change this column
|
43
|
-
# from string to text, so that it accepts tokens larger than 255
|
44
|
-
# characters. More info on custom token generators in:
|
45
|
-
# https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
|
46
|
-
#
|
47
|
-
# t.text :token, null: false
|
48
|
-
t.string :token, null: false
|
49
|
-
|
50
|
-
t.string :refresh_token
|
51
|
-
t.integer :expires_in
|
52
|
-
t.datetime :revoked_at
|
53
|
-
t.datetime :created_at, null: false
|
54
|
-
t.string :scopes
|
55
|
-
end
|
56
|
-
|
57
|
-
add_index :oauth_access_tokens, :token, unique: true
|
58
|
-
add_index :oauth_access_tokens, :refresh_token, unique: true
|
59
|
-
add_foreign_key(
|
60
|
-
:oauth_access_tokens,
|
61
|
-
:oauth_applications,
|
62
|
-
column: :application_id
|
63
|
-
)
|
64
|
-
|
65
|
-
# Uncomment below to ensure a valid reference to the resource owner's table
|
66
|
-
add_foreign_key :oauth_access_grants, :users, column: :resource_owner_id
|
67
|
-
add_foreign_key :oauth_access_tokens, :users, column: :resource_owner_id
|
68
|
-
end
|
69
|
-
end
|
@@ -1,9 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class AddOwnerToApplication < ActiveRecord::Migration[4.2]
|
4
|
-
def change
|
5
|
-
add_column :oauth_applications, :owner_id, :integer, null: true
|
6
|
-
add_column :oauth_applications, :owner_type, :string, null: true
|
7
|
-
add_index :oauth_applications, %i[owner_id owner_type]
|
8
|
-
end
|
9
|
-
end
|
@@ -1,13 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class AddConfidentialToApplications < ActiveRecord::Migration[5.1]
|
4
|
-
def change
|
5
|
-
add_column(
|
6
|
-
:oauth_applications,
|
7
|
-
:confidential,
|
8
|
-
:boolean,
|
9
|
-
null: false,
|
10
|
-
default: true # maintaining backwards compatibility: require secrets
|
11
|
-
)
|
12
|
-
end
|
13
|
-
end
|
data/spec/dummy/db/schema.rb
DELETED
@@ -1,68 +0,0 @@
|
|
1
|
-
# This file is auto-generated from the current state of the database. Instead
|
2
|
-
# of editing this file, please use the migrations feature of Active Record to
|
3
|
-
# incrementally modify your database, and then regenerate this schema definition.
|
4
|
-
#
|
5
|
-
# Note that this schema.rb definition is the authoritative source for your
|
6
|
-
# database schema. If you need to create the application database on another
|
7
|
-
# system, you should be using db:schema:load, not running all the migrations
|
8
|
-
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
9
|
-
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
10
|
-
#
|
11
|
-
# It's strongly recommended that you check this file into your version control system.
|
12
|
-
|
13
|
-
ActiveRecord::Schema.define(version: 20180210183654) do
|
14
|
-
|
15
|
-
create_table "oauth_access_grants", force: :cascade do |t|
|
16
|
-
t.integer "resource_owner_id", null: false
|
17
|
-
t.integer "application_id", null: false
|
18
|
-
t.string "token", null: false
|
19
|
-
t.integer "expires_in", null: false
|
20
|
-
t.text "redirect_uri", null: false
|
21
|
-
t.datetime "created_at", null: false
|
22
|
-
t.datetime "revoked_at"
|
23
|
-
t.string "scopes"
|
24
|
-
unless ENV['WITHOUT_PKCE']
|
25
|
-
t.string "code_challenge"
|
26
|
-
t.string "code_challenge_method"
|
27
|
-
end
|
28
|
-
t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
|
29
|
-
end
|
30
|
-
|
31
|
-
create_table "oauth_access_tokens", force: :cascade do |t|
|
32
|
-
t.integer "resource_owner_id"
|
33
|
-
t.integer "application_id"
|
34
|
-
t.string "token", null: false
|
35
|
-
t.string "refresh_token"
|
36
|
-
t.integer "expires_in"
|
37
|
-
t.datetime "revoked_at"
|
38
|
-
t.datetime "created_at", null: false
|
39
|
-
t.string "scopes"
|
40
|
-
t.string "previous_refresh_token", default: "", null: false
|
41
|
-
t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
|
42
|
-
t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
|
43
|
-
t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
|
44
|
-
end
|
45
|
-
|
46
|
-
create_table "oauth_applications", force: :cascade do |t|
|
47
|
-
t.string "name", null: false
|
48
|
-
t.string "uid", null: false
|
49
|
-
t.string "secret", null: false
|
50
|
-
t.text "redirect_uri"
|
51
|
-
t.string "scopes", default: "", null: false
|
52
|
-
t.datetime "created_at", null: false
|
53
|
-
t.datetime "updated_at", null: false
|
54
|
-
t.integer "owner_id"
|
55
|
-
t.string "owner_type"
|
56
|
-
t.boolean "confidential", default: true, null: false
|
57
|
-
t.index ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
|
58
|
-
t.index ["uid"], name: "index_oauth_applications_on_uid", unique: true
|
59
|
-
end
|
60
|
-
|
61
|
-
create_table "users", force: :cascade do |t|
|
62
|
-
t.string "name"
|
63
|
-
t.datetime "created_at"
|
64
|
-
t.datetime "updated_at"
|
65
|
-
t.string "password"
|
66
|
-
end
|
67
|
-
|
68
|
-
end
|
data/spec/dummy/public/404.html
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
<!DOCTYPE html>
|
2
|
-
<html>
|
3
|
-
<head>
|
4
|
-
<title>The page you were looking for doesn't exist (404)</title>
|
5
|
-
<style type="text/css">
|
6
|
-
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
-
div.dialog {
|
8
|
-
width: 25em;
|
9
|
-
padding: 0 4em;
|
10
|
-
margin: 4em auto 0 auto;
|
11
|
-
border: 1px solid #ccc;
|
12
|
-
border-right-color: #999;
|
13
|
-
border-bottom-color: #999;
|
14
|
-
}
|
15
|
-
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
-
</style>
|
17
|
-
</head>
|
18
|
-
|
19
|
-
<body>
|
20
|
-
<!-- This file lives in public/404.html -->
|
21
|
-
<div class="dialog">
|
22
|
-
<h1>The page you were looking for doesn't exist.</h1>
|
23
|
-
<p>You may have mistyped the address or the page may have moved.</p>
|
24
|
-
</div>
|
25
|
-
</body>
|
26
|
-
</html>
|