doorkeeper 5.2.6 → 5.3.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (126) hide show
  1. checksums.yaml +4 -4
  2. data/Appraisals +2 -2
  3. data/CHANGELOG.md +15 -14
  4. data/Gemfile +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +2 -2
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  8. data/app/controllers/doorkeeper/authorizations_controller.rb +2 -2
  9. data/app/controllers/doorkeeper/authorized_applications_controller.rb +3 -3
  10. data/gemfiles/rails_5_0.gemfile +2 -2
  11. data/gemfiles/rails_5_1.gemfile +2 -2
  12. data/gemfiles/rails_5_2.gemfile +2 -2
  13. data/gemfiles/rails_6_0.gemfile +2 -2
  14. data/gemfiles/rails_master.gemfile +2 -2
  15. data/lib/doorkeeper.rb +2 -3
  16. data/lib/doorkeeper/config.rb +71 -39
  17. data/lib/doorkeeper/grape/helpers.rb +1 -1
  18. data/lib/doorkeeper/helpers/controller.rb +10 -8
  19. data/lib/doorkeeper/models/access_grant_mixin.rb +7 -6
  20. data/lib/doorkeeper/models/access_token_mixin.rb +55 -18
  21. data/lib/doorkeeper/models/application_mixin.rb +3 -3
  22. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  23. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  24. data/lib/doorkeeper/models/concerns/revocable.rb +0 -27
  25. data/lib/doorkeeper/oauth/authorization/code.rb +4 -4
  26. data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
  27. data/lib/doorkeeper/oauth/authorization_code_request.rb +13 -6
  28. data/lib/doorkeeper/oauth/base_request.rb +8 -4
  29. data/lib/doorkeeper/oauth/client.rb +7 -8
  30. data/lib/doorkeeper/oauth/client_credentials/creator.rb +16 -9
  31. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -7
  32. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +4 -4
  33. data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
  34. data/lib/doorkeeper/oauth/code_response.rb +2 -2
  35. data/lib/doorkeeper/oauth/error.rb +1 -1
  36. data/lib/doorkeeper/oauth/error_response.rb +5 -5
  37. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +7 -5
  38. data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
  39. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
  40. data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
  41. data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -2
  42. data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
  43. data/lib/doorkeeper/oauth/pre_authorization.rb +7 -5
  44. data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
  45. data/lib/doorkeeper/oauth/token.rb +2 -2
  46. data/lib/doorkeeper/oauth/token_introspection.rb +6 -6
  47. data/lib/doorkeeper/orm/active_record.rb +3 -3
  48. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  49. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  50. data/lib/doorkeeper/orm/active_record/application.rb +3 -155
  51. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +53 -0
  52. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +47 -0
  53. data/lib/doorkeeper/orm/active_record/mixins/application.rb +128 -0
  54. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +3 -3
  55. data/lib/doorkeeper/rails/helpers.rb +4 -4
  56. data/lib/doorkeeper/rails/routes.rb +5 -7
  57. data/lib/doorkeeper/rake/db.rake +3 -3
  58. data/lib/doorkeeper/request.rb +1 -1
  59. data/lib/doorkeeper/request/authorization_code.rb +3 -3
  60. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  61. data/lib/doorkeeper/request/password.rb +2 -2
  62. data/lib/doorkeeper/request/refresh_token.rb +3 -3
  63. data/lib/doorkeeper/server.rb +1 -1
  64. data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
  65. data/lib/doorkeeper/version.rb +2 -2
  66. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  67. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  68. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  69. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  70. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
  71. data/lib/generators/doorkeeper/templates/initializer.rb +39 -8
  72. data/spec/controllers/application_metal_controller_spec.rb +1 -1
  73. data/spec/controllers/applications_controller_spec.rb +3 -2
  74. data/spec/controllers/authorizations_controller_spec.rb +18 -18
  75. data/spec/controllers/protected_resources_controller_spec.rb +25 -17
  76. data/spec/controllers/token_info_controller_spec.rb +1 -1
  77. data/spec/controllers/tokens_controller_spec.rb +1 -1
  78. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -3
  79. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +1 -1
  80. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +1 -1
  81. data/spec/generators/install_generator_spec.rb +1 -1
  82. data/spec/generators/previous_refresh_token_generator_spec.rb +2 -2
  83. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
  84. data/spec/lib/config_spec.rb +61 -21
  85. data/spec/lib/doorkeeper_spec.rb +1 -1
  86. data/spec/lib/models/revocable_spec.rb +3 -3
  87. data/spec/lib/oauth/authorization_code_request_spec.rb +127 -125
  88. data/spec/lib/oauth/base_request_spec.rb +160 -158
  89. data/spec/lib/oauth/base_response_spec.rb +27 -29
  90. data/spec/lib/oauth/client/credentials_spec.rb +1 -1
  91. data/spec/lib/oauth/client_credentials/creator_spec.rb +42 -5
  92. data/spec/lib/oauth/client_credentials/issuer_spec.rb +12 -12
  93. data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
  94. data/spec/lib/oauth/client_credentials_integration_spec.rb +16 -18
  95. data/spec/lib/oauth/client_credentials_request_spec.rb +78 -80
  96. data/spec/lib/oauth/client_spec.rb +26 -26
  97. data/spec/lib/oauth/code_request_spec.rb +34 -34
  98. data/spec/lib/oauth/code_response_spec.rb +21 -25
  99. data/spec/lib/oauth/error_response_spec.rb +42 -44
  100. data/spec/lib/oauth/error_spec.rb +12 -14
  101. data/spec/lib/oauth/forbidden_token_response_spec.rb +11 -13
  102. data/spec/lib/oauth/helpers/scope_checker_spec.rb +30 -18
  103. data/spec/lib/oauth/invalid_request_response_spec.rb +48 -50
  104. data/spec/lib/oauth/invalid_token_response_spec.rb +32 -34
  105. data/spec/lib/oauth/password_access_token_request_spec.rb +145 -147
  106. data/spec/lib/oauth/pre_authorization_spec.rb +159 -161
  107. data/spec/lib/oauth/refresh_token_request_spec.rb +138 -139
  108. data/spec/lib/oauth/scopes_spec.rb +104 -106
  109. data/spec/lib/oauth/token_request_spec.rb +115 -111
  110. data/spec/lib/oauth/token_response_spec.rb +71 -73
  111. data/spec/lib/oauth/token_spec.rb +121 -123
  112. data/spec/models/doorkeeper/access_grant_spec.rb +3 -5
  113. data/spec/models/doorkeeper/access_token_spec.rb +7 -7
  114. data/spec/models/doorkeeper/application_spec.rb +295 -373
  115. data/spec/requests/applications/applications_request_spec.rb +1 -1
  116. data/spec/requests/endpoints/authorization_spec.rb +5 -3
  117. data/spec/requests/flows/authorization_code_spec.rb +34 -22
  118. data/spec/requests/flows/client_credentials_spec.rb +1 -1
  119. data/spec/requests/flows/password_spec.rb +32 -12
  120. data/spec/requests/flows/refresh_token_spec.rb +19 -19
  121. data/spec/requests/flows/revoke_token_spec.rb +18 -12
  122. data/spec/spec_helper.rb +1 -4
  123. data/spec/support/shared/controllers_shared_context.rb +33 -23
  124. data/spec/validators/redirect_uri_validator_spec.rb +1 -1
  125. metadata +6 -5
  126. data/spec/support/http_method_shim.rb +0 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f054b4619e2489e52e1e61a959878fa612ae5c42f7217d48f8b59173fb0c8da
4
- data.tar.gz: 160f404b0c1e5eeffe97340c748e2f1f65d4bd6092367320ad573ad042f05ad1
3
+ metadata.gz: 13bf83a25959d2152f6508e2e3c07f393d2b13f78c9d1eacb0aa58aead6872bc
4
+ data.tar.gz: eb0ee49811f240ab19902d32a66d580fb8ea0d111cae312dbb207817d443034d
5
5
  SHA512:
6
- metadata.gz: e8929470e2fd326bed639d35723f458799e9e868e8bdd27b35e4d667d9271edd38e0e3d1d14b0b7e0c7f36a474acfb9d5ee72cf84aa6a77a7f768fb0a898709c
7
- data.tar.gz: 6fed1b0c2e7f6ffc141c22bd27974423bd80d3c81c90bbeff83964570b9e9158616cc56fefca1996c8da2018c098246691fc8a5b7f8ef6e6fcc2bd9b03488c38
6
+ metadata.gz: 8618a5f367b118059aef8bb970237ce83ed8fd056419523e15d71a59bdadc0bba1630774b116ca50f0f3bcf5300015bfcc3d7ecc6400207750fa823a50f459a2
7
+ data.tar.gz: f377fe495a2414754dcfa7090743d16c7a908e32c316b122f7bb7d993eb81780910bd5d2661f63b94acdeed867bf1effdae3f636a859fa4e24d29e948aeccdb1
data/Appraisals CHANGED
@@ -23,7 +23,7 @@ appraise "rails-6-0" do
23
23
  gem "rspec-core", github: "rspec/rspec-core"
24
24
  gem "rspec-expectations", github: "rspec/rspec-expectations"
25
25
  gem "rspec-mocks", github: "rspec/rspec-mocks"
26
- gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-dev"
26
+ gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
27
27
  gem "rspec-support", github: "rspec/rspec-support"
28
28
  end
29
29
 
@@ -35,6 +35,6 @@ appraise "rails-master" do
35
35
  gem "rspec-core", github: "rspec/rspec-core"
36
36
  gem "rspec-expectations", github: "rspec/rspec-expectations"
37
37
  gem "rspec-mocks", github: "rspec/rspec-mocks"
38
- gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-dev"
38
+ gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
39
39
  gem "rspec-support", github: "rspec/rspec-support"
40
40
  end
@@ -5,23 +5,24 @@ upgrade guides.
5
5
 
6
6
  User-visible changes worth mentioning.
7
7
 
8
- ## 5.2.6
8
+ ## master
9
9
 
10
- - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
10
+ - [#PR ID] Your PR short description here.
11
11
 
12
- ## 5.2.5
12
+ ## 5.3.0
13
13
 
14
- - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
15
- Fixes information disclosure vulnerability (CVE-2020-10187).
16
-
17
- **[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
18
- if you previously used `#to_json` serialization with custom options or attributes or rely on
19
- JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
20
- is a breaking change which restricts serialized attributes to a very small set of columns.
14
+ - [#1339] Validate Resource Owner in `PasswordAccessTokenRequest` against `nil` and `false` values.
15
+ - [#1341] Fix `refresh_token_revoked_on_use` with `hash_token_secrets` enabled.
16
+ - [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
17
+ - [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
18
+ - [#1346] Refactor `Doorkeeper::Application#to_json` into convenient `#as_json` (fix #1344).
19
+ - [#1349] Fix `Doorkeeper::Application` AR associations using an incorrect foreign key name when using a custom class.
20
+ - [#1318] Make existing token revocation for client credentials optional and disable it by default.
21
21
 
22
- ## 5.2.4
23
-
24
- - [#1360] Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
22
+ **[IMPORTANT]** This is a change compared to the behaviour of version 5.2.
23
+ If you were relying on access tokens being revoked once the same client
24
+ requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
25
+ initialization file.
25
26
 
26
27
  ## 5.2.3
27
28
 
@@ -101,7 +102,7 @@ User-visible changes worth mentioning.
101
102
 
102
103
  **[IMPORTANT]** If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
103
104
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
104
- `use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt`.
105
+ `hash_application_secrets using: 'Doorkeeper::SecretStoring::BCrypt`.
105
106
 
106
107
  - [#1216] Add nil check to `expires_at` method.
107
108
  - [#1215] Fix deprecates for Rails 6.
data/Gemfile CHANGED
@@ -11,10 +11,10 @@ gem "rails", "~> 6.0.0"
11
11
  gem "rspec-core", github: "rspec/rspec-core"
12
12
  gem "rspec-expectations", github: "rspec/rspec-expectations"
13
13
  gem "rspec-mocks", github: "rspec/rspec-mocks"
14
- gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
14
+ gem "rspec-rails", "4.0.0.beta3"
15
15
  gem "rspec-support", github: "rspec/rspec-support"
16
16
 
17
- gem "rubocop", "~> 0.66"
17
+ gem "rubocop", "~> 0.75"
18
18
  gem "rubocop-performance"
19
19
 
20
20
  gem "bcrypt", "~> 3.1", require: false
@@ -2,10 +2,10 @@
2
2
 
3
3
  module Doorkeeper
4
4
  class ApplicationController <
5
- Doorkeeper.configuration.resolve_controller(:base)
5
+ Doorkeeper.config.resolve_controller(:base)
6
6
  include Helpers::Controller
7
7
 
8
- unless Doorkeeper.configuration.api_only
8
+ unless Doorkeeper.config.api_only
9
9
  protect_from_forgery with: :exception
10
10
  helper "doorkeeper/dashboard"
11
11
  end
@@ -2,11 +2,11 @@
2
2
 
3
3
  module Doorkeeper
4
4
  class ApplicationMetalController <
5
- Doorkeeper.configuration.resolve_controller(:base_metal)
5
+ Doorkeeper.config.resolve_controller(:base_metal)
6
6
  include Helpers::Controller
7
7
 
8
8
  before_action :enforce_content_type,
9
- if: -> { Doorkeeper.configuration.enforce_content_type }
9
+ if: -> { Doorkeeper.config.enforce_content_type }
10
10
 
11
11
  ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
12
12
  end
@@ -19,7 +19,7 @@ module Doorkeeper
19
19
  def show
20
20
  respond_to do |format|
21
21
  format.html
22
- format.json { render json: @application, as_owner: true }
22
+ format.json { render json: @application }
23
23
  end
24
24
  end
25
25
 
@@ -36,7 +36,7 @@ module Doorkeeper
36
36
 
37
37
  respond_to do |format|
38
38
  format.html { redirect_to oauth_application_url(@application) }
39
- format.json { render json: @application, as_owner: true }
39
+ format.json { render json: @application }
40
40
  end
41
41
  else
42
42
  respond_to do |format|
@@ -58,7 +58,7 @@ module Doorkeeper
58
58
 
59
59
  respond_to do |format|
60
60
  format.html { redirect_to oauth_application_url(@application) }
61
- format.json { render json: @application, as_owner: true }
61
+ format.json { render json: @application }
62
62
  end
63
63
  else
64
64
  respond_to do |format|
@@ -45,7 +45,7 @@ module Doorkeeper
45
45
  AccessToken.matching_token_for(
46
46
  pre_auth.client,
47
47
  current_resource_owner.id,
48
- pre_auth.scopes
48
+ pre_auth.scopes,
49
49
  )
50
50
  end
51
51
 
@@ -54,7 +54,7 @@ module Doorkeeper
54
54
  if Doorkeeper.configuration.api_only
55
55
  render(
56
56
  json: { status: :redirect, redirect_uri: auth.redirect_uri },
57
- status: auth.status
57
+ status: auth.status,
58
58
  )
59
59
  else
60
60
  redirect_to auth.redirect_uri
@@ -9,20 +9,20 @@ module Doorkeeper
9
9
 
10
10
  respond_to do |format|
11
11
  format.html
12
- format.json { render json: @applications, current_resource_owner: current_resource_owner }
12
+ format.json { render json: @applications }
13
13
  end
14
14
  end
15
15
 
16
16
  def destroy
17
17
  Application.revoke_tokens_and_grants_for(
18
18
  params[:id],
19
- current_resource_owner
19
+ current_resource_owner,
20
20
  )
21
21
 
22
22
  respond_to do |format|
23
23
  format.html do
24
24
  redirect_to oauth_authorized_applications_url, notice: I18n.t(
25
- :notice, scope: %i[doorkeeper flash authorized_applications destroy]
25
+ :notice, scope: %i[doorkeeper flash authorized_applications destroy],
26
26
  )
27
27
  end
28
28
 
@@ -6,9 +6,9 @@ gem "rails", "~> 5.0.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", "~> 5.1.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", "~> 5.2.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", "~> 6.0.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", git: "https://github.com/rails/rails"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -38,10 +38,9 @@ require "doorkeeper/oauth/authorization_code_request"
38
38
  require "doorkeeper/oauth/refresh_token_request"
39
39
  require "doorkeeper/oauth/password_access_token_request"
40
40
 
41
- require "doorkeeper/oauth/client_credentials/validation"
41
+ require "doorkeeper/oauth/client_credentials/validator"
42
42
  require "doorkeeper/oauth/client_credentials/creator"
43
43
  require "doorkeeper/oauth/client_credentials/issuer"
44
- require "doorkeeper/oauth/client_credentials/validation"
45
44
  require "doorkeeper/oauth/client/credentials"
46
45
 
47
46
  require "doorkeeper/oauth/client_credentials_request"
@@ -85,7 +84,7 @@ require "doorkeeper/orm/active_record"
85
84
  # Main Doorkeeper namespace.
86
85
  #
87
86
  module Doorkeeper
88
- def self.authenticate(request, methods = Doorkeeper.configuration.access_token_methods)
87
+ def self.authenticate(request, methods = Doorkeeper.config.access_token_methods)
89
88
  OAuth::Token.authenticate(request, *methods)
90
89
  end
91
90
  end
@@ -11,36 +11,40 @@ module Doorkeeper
11
11
  end
12
12
  end
13
13
 
14
- def self.configure(&block)
15
- @config = Config::Builder.new(&block).build
16
- setup_orm_adapter
17
- setup_orm_models
18
- setup_application_owner if @config.enable_application_owner?
19
- @config
20
- end
14
+ class << self
15
+ def configure(&block)
16
+ @config = Config::Builder.new(&block).build
17
+ setup_orm_adapter
18
+ setup_orm_models
19
+ setup_application_owner if @config.enable_application_owner?
20
+ @config
21
+ end
21
22
 
22
- def self.configuration
23
- @config || (raise MissingConfiguration)
24
- end
23
+ def configuration
24
+ @config || (raise MissingConfiguration)
25
+ end
25
26
 
26
- def self.setup_orm_adapter
27
- @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
28
- rescue NameError => e
29
- raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
30
- [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
31
- trying to load it.
27
+ alias config configuration
32
28
 
33
- You probably need to add the related gem for this adapter to work with
34
- doorkeeper.
35
- ERROR_MSG
36
- end
29
+ def setup_orm_adapter
30
+ @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
31
+ rescue NameError => e
32
+ raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
33
+ [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
34
+ trying to load it.
37
35
 
38
- def self.setup_orm_models
39
- @orm_adapter.initialize_models!
40
- end
36
+ You probably need to add the related gem for this adapter to work with
37
+ doorkeeper.
38
+ ERROR_MSG
39
+ end
40
+
41
+ def setup_orm_models
42
+ @orm_adapter.initialize_models!
43
+ end
41
44
 
42
- def self.setup_application_owner
43
- @orm_adapter.initialize_application_owner!
45
+ def setup_application_owner
46
+ @orm_adapter.initialize_application_owner!
47
+ end
44
48
  end
45
49
 
46
50
  class Config
@@ -120,7 +124,7 @@ module Doorkeeper
120
124
  def use_refresh_token(enabled = true, &block)
121
125
  @config.instance_variable_set(
122
126
  :@refresh_token_enabled,
123
- block || enabled
127
+ block || enabled,
124
128
  )
125
129
  end
126
130
 
@@ -140,6 +144,14 @@ module Doorkeeper
140
144
  @config.instance_variable_set(:@token_reuse_limit, percentage)
141
145
  end
142
146
 
147
+ # TODO: maybe make it more generic for other flows too?
148
+ # Only allow one valid access token obtained via client credentials
149
+ # per client. If a new access token is obtained before the old one
150
+ # expired, the old one gets revoked (disabled by default)
151
+ def revoke_previous_client_credentials_token
152
+ @config.instance_variable_set(:@revoke_previous_client_credentials_token, true)
153
+ end
154
+
143
155
  # Use an API mode for applications generated with --api argument
144
156
  # It will skip applications controller, disable forgery protection
145
157
  def api_only
@@ -195,8 +207,7 @@ module Doorkeeper
195
207
  def configure_secrets_for(type, using:, fallback:)
196
208
  raise ArgumentError, "Invalid type #{type}" if %i[application token].exclude?(type)
197
209
 
198
- @config.instance_variable_set(:"@#{type}_secret_strategy",
199
- using.constantize)
210
+ @config.instance_variable_set(:"@#{type}_secret_strategy", using.constantize)
200
211
 
201
212
  if fallback.nil?
202
213
  return
@@ -204,8 +215,7 @@ module Doorkeeper
204
215
  fallback = "::Doorkeeper::SecretStoring::Plain"
205
216
  end
206
217
 
207
- @config.instance_variable_set(:"@#{type}_secret_fallback_strategy",
208
- fallback.constantize)
218
+ @config.instance_variable_set(:"@#{type}_secret_fallback_strategy", fallback.constantize)
209
219
  end
210
220
  end
211
221
 
@@ -215,7 +225,7 @@ module Doorkeeper
215
225
  as: :authenticate_resource_owner,
216
226
  default: (lambda do |_routes|
217
227
  ::Rails.logger.warn(
218
- I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured")
228
+ I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured"),
219
229
  )
220
230
 
221
231
  nil
@@ -225,7 +235,7 @@ module Doorkeeper
225
235
  as: :authenticate_admin,
226
236
  default: (lambda do |_routes|
227
237
  ::Rails.logger.warn(
228
- I18n.t("doorkeeper.errors.messages.admin_authenticator_not_configured")
238
+ I18n.t("doorkeeper.errors.messages.admin_authenticator_not_configured"),
229
239
  )
230
240
 
231
241
  head :forbidden
@@ -234,7 +244,7 @@ module Doorkeeper
234
244
  option :resource_owner_from_credentials,
235
245
  default: (lambda do |_routes|
236
246
  ::Rails.logger.warn(
237
- I18n.t("doorkeeper.errors.messages.credential_flow_not_configured")
247
+ I18n.t("doorkeeper.errors.messages.credential_flow_not_configured"),
238
248
  )
239
249
 
240
250
  nil
@@ -258,7 +268,6 @@ module Doorkeeper
258
268
  option :active_record_options, default: {}
259
269
  option :grant_flows, default: %w[authorization_code client_credentials]
260
270
  option :handle_auth_errors, default: :render
261
- option :token_lookup_batch_size, default: 10_000
262
271
 
263
272
  # Allows to customize OAuth grant flows that +each+ application support.
264
273
  # You can configure a custom block (or use a class respond to `#call`) that must
@@ -348,6 +357,15 @@ module Doorkeeper
348
357
  option :base_metal_controller,
349
358
  default: "ActionController::API"
350
359
 
360
+ option :access_token_class,
361
+ default: "Doorkeeper::AccessToken"
362
+
363
+ option :access_grant_class,
364
+ default: "Doorkeeper::AccessGrant"
365
+
366
+ option :application_class,
367
+ default: "Doorkeeper::Application"
368
+
351
369
  # Allows to set blank redirect URIs for Applications in case
352
370
  # server configured to use URI-less grant flows.
353
371
  #
@@ -387,9 +405,7 @@ module Doorkeeper
387
405
  end
388
406
  end)
389
407
 
390
- attr_reader :api_only,
391
- :enforce_content_type,
392
- :reuse_access_token,
408
+ attr_reader :reuse_access_token,
393
409
  :token_secret_fallback_strategy,
394
410
  :application_secret_fallback_strategy
395
411
 
@@ -400,6 +416,18 @@ module Doorkeeper
400
416
  validate_secret_strategies
401
417
  end
402
418
 
419
+ def access_token_model
420
+ @access_token_model ||= access_token_class.constantize
421
+ end
422
+
423
+ def access_grant_model
424
+ @access_grant_model ||= access_grant_class.constantize
425
+ end
426
+
427
+ def application_model
428
+ @application_model ||= application_class.constantize
429
+ end
430
+
403
431
  def api_only
404
432
  @api_only ||= false
405
433
  end
@@ -420,6 +448,10 @@ module Doorkeeper
420
448
  @token_reuse_limit ||= 100
421
449
  end
422
450
 
451
+ def revoke_previous_client_credentials_token
452
+ @revoke_previous_client_credentials_token || false
453
+ end
454
+
423
455
  def resolve_controller(name)
424
456
  config_option = public_send(:"#{name}_controller")
425
457
  controller_name = if config_option.respond_to?(:call)
@@ -547,7 +579,7 @@ module Doorkeeper
547
579
  ::Rails.logger.warn(
548
580
  "You have configured both reuse_access_token " \
549
581
  "AND strategy strategy '#{strategy}' that cannot restore tokens. " \
550
- "This combination is unsupported. reuse_access_token will be disabled"
582
+ "This combination is unsupported. reuse_access_token will be disabled",
551
583
  )
552
584
  @reuse_access_token = false
553
585
  end
@@ -565,7 +597,7 @@ module Doorkeeper
565
597
 
566
598
  ::Rails.logger.warn(
567
599
  "You have configured an invalid value for token_reuse_limit option. " \
568
- "It will be set to default 100"
600
+ "It will be set to default 100",
569
601
  )
570
602
  @token_reuse_limit = 100
571
603
  end