doorkeeper 5.2.6 → 5.3.0

data/lib/doorkeeper/oauth/base_request.rb

@@ -36,21 +36,25 @@ module Doorkeeper
 
       def find_or_create_access_token(client, resource_owner_id, scopes, server)
         context = Authorization::Token.build_context(client, grant_type, scopes)
-        @access_token = AccessToken.find_or_create_for(
+        @access_token = server_config.access_token_model.find_or_create_for(
           client,
           resource_owner_id,
           scopes,
           Authorization::Token.access_token_expires_in(server, context),
-          Authorization::Token.refresh_token_enabled?(server, context)
+          Authorization::Token.refresh_token_enabled?(server, context),
         )
       end
 
       def before_successful_response
-        Doorkeeper.configuration.before_successful_strategy_response.call(self)
+        server_config.before_successful_strategy_response.call(self)
       end
 
       def after_successful_response
-        Doorkeeper.configuration.after_successful_strategy_response.call(self, @response)
+        server_config.after_successful_strategy_response.call(self, @response)
+      end
+
+      def server_config
+        Doorkeeper.config
       end
 
       private

data/lib/doorkeeper/oauth/client.rb

@@ -11,18 +11,17 @@ module Doorkeeper
         @application = application
       end
 
-      def self.find(uid, method = Application.method(:by_uid))
-        if (application = method.call(uid))
-          new(application)
-        end
+      def self.find(uid, method = Doorkeeper.config.application_model.method(:by_uid))
+        return unless (application = method.call(uid))
+
+        new(application)
       end
 
-      def self.authenticate(credentials, method = Application.method(:by_uid_and_secret))
+      def self.authenticate(credentials, method = Doorkeeper.config.application_model.method(:by_uid_and_secret))
         return if credentials.blank?
+        return unless (application = method.call(credentials.uid, credentials.secret))
 
-        if (application = method.call(credentials.uid, credentials.secret))
-          new(application)
-        end
+        new(application)
       end
     end
   end

data/lib/doorkeeper/oauth/client_credentials/creator.rb

@@ -5,24 +5,31 @@ module Doorkeeper
     class ClientCredentialsRequest < BaseRequest
       class Creator
         def call(client, scopes, attributes = {})
-          existing_token = existing_token_for(client, scopes)
+          if lookup_existing_token?
+            existing_token = find_existing_token_for(client, scopes)
+            return existing_token if server_config.reuse_access_token && existing_token&.reusable?
 
-          if Doorkeeper.configuration.reuse_access_token && existing_token&.reusable?
-            return existing_token
+            existing_token&.revoke if server_config.revoke_previous_client_credentials_token
           end
 
-          existing_token&.revoke
-
-          AccessToken.find_or_create_for(
+          server_config.access_token_model.find_or_create_for(
             client, nil, scopes, attributes[:expires_in],
-            attributes[:use_refresh_token]
+            attributes[:use_refresh_token],
           )
         end
 
         private
 
-        def existing_token_for(client, scopes)
-          Doorkeeper::AccessToken.matching_token_for client, nil, scopes
+        def lookup_existing_token?
+          server_config.reuse_access_token || server_config.revoke_previous_client_credentials_token
+        end
+
+        def find_existing_token_for(client, scopes)
+          server_config.access_token_model.matching_token_for(client, nil, scopes)
+        end
+
+        def server_config
+          Doorkeeper.config
         end
       end
     end

data/lib/doorkeeper/oauth/client_credentials/issuer.rb

@@ -4,20 +4,20 @@ module Doorkeeper
   module OAuth
     class ClientCredentialsRequest < BaseRequest
       class Issuer
-        attr_accessor :token, :validation, :error
+        attr_accessor :token, :validator, :error
 
-        def initialize(server, validation)
+        def initialize(server, validator)
           @server = server
-          @validation = validation
+          @validator = validator
         end
 
         def create(client, scopes, creator = Creator.new)
-          if validation.valid?
+          if validator.valid?
             @token = create_token(client, scopes, creator)
             @error = :server_error unless @token
           else
             @token = false
-            @error = validation.error
+            @error = validator.error
           end
           @token
         end
@@ -28,7 +28,7 @@ module Doorkeeper
           context = Authorization::Token.build_context(
             client,
             Doorkeeper::OAuth::CLIENT_CREDENTIALS,
-            scopes
+            scopes,
           )
           ttl = Authorization::Token.access_token_expires_in(@server, context)
 
@@ -36,7 +36,7 @@ module Doorkeeper
             client,
             scopes,
             use_refresh_token: false,
-            expires_in: ttl
+            expires_in: ttl,
           )
         end
       end

data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb}

@@ -3,7 +3,7 @@
 module Doorkeeper
   module OAuth
     class ClientCredentialsRequest < BaseRequest
-      class Validation
+      class Validator
         include Validations
         include OAuth::Helpers
 
@@ -26,9 +26,9 @@ module Doorkeeper
         end
 
         def validate_client_supports_grant_flow
-          Doorkeeper.configuration.allow_grant_flow_for_client?(
+          Doorkeeper.config.allow_grant_flow_for_client?(
             Doorkeeper::OAuth::CLIENT_CREDENTIALS,
-            @client
+            @client,
           )
         end
 
@@ -45,7 +45,7 @@ module Doorkeeper
             scope_str: @request.scopes.to_s,
             server_scopes: @server.scopes,
             app_scopes: application_scopes,
-            grant_type: Doorkeeper::OAuth::CLIENT_CREDENTIALS
+            grant_type: Doorkeeper::OAuth::CLIENT_CREDENTIALS,
           )
         end
       end

data/lib/doorkeeper/oauth/client_credentials_request.rb

@@ -12,7 +12,7 @@ module Doorkeeper
       delegate :error, to: :issuer
 
       def issuer
-        @issuer ||= Issuer.new(server, Validation.new(server, self))
+        @issuer ||= Issuer.new(server, Validator.new(server, self))
       end
 
       def initialize(server, client, parameters = {})

data/lib/doorkeeper/oauth/code_response.rb

@@ -26,13 +26,13 @@ module Doorkeeper
             access_token: auth.token.plaintext_token,
             token_type: auth.token.token_type,
             expires_in: auth.token.expires_in_seconds,
-            state: pre_auth.state
+            state: pre_auth.state,
           )
         else
           Authorization::URIBuilder.uri_with_query(
             pre_auth.redirect_uri,
             code: auth.token.plaintext_token,
-            state: pre_auth.state
+            state: pre_auth.state,
           )
         end
       end

data/lib/doorkeeper/oauth/error.rb

@@ -7,7 +7,7 @@ module Doorkeeper
         I18n.translate(
           name,
           scope: %i[doorkeeper errors messages],
-          default: :server_error
+          default: :server_error,
         )
       end
     end

data/lib/doorkeeper/oauth/error_response.rb

@@ -10,8 +10,8 @@ module Doorkeeper
           attributes.merge(
             name: request.error,
             state: request.try(:state),
-            redirect_uri: request.try(:redirect_uri)
-          )
+            redirect_uri: request.try(:redirect_uri),
+          ),
         )
       end
 
@@ -46,9 +46,9 @@ module Doorkeeper
 
       def redirect_uri
         if @response_on_fragment
-          Authorization::URIBuilder.uri_with_fragment @redirect_uri, body
+          Authorization::URIBuilder.uri_with_fragment(@redirect_uri, body)
         else
-          Authorization::URIBuilder.uri_with_query @redirect_uri, body
+          Authorization::URIBuilder.uri_with_query(@redirect_uri, body)
         end
       end
 
@@ -70,7 +70,7 @@ module Doorkeeper
       delegate :realm, to: :configuration
 
       def configuration
-        Doorkeeper.configuration
+        Doorkeeper.config
       end
 
       def exception_class

data/lib/doorkeeper/oauth/helpers/scope_checker.rb

@@ -13,7 +13,7 @@ module Doorkeeper
             @valid_scopes = valid_scopes(server_scopes, app_scopes)
 
             if grant_type
-              @scopes_by_grant_type = Doorkeeper.configuration.scopes_by_grant_type[grant_type.to_sym]
+              @scopes_by_grant_type = Doorkeeper.config.scopes_by_grant_type[grant_type.to_sym]
             end
           end
 
@@ -43,10 +43,12 @@ module Doorkeeper
         end
 
         def self.valid?(scope_str:, server_scopes:, app_scopes: nil, grant_type: nil)
-          Validator.new(scope_str,
-                        server_scopes,
-                        app_scopes,
-                        grant_type).valid?
+          Validator.new(
+            scope_str,
+            server_scopes,
+            app_scopes,
+            grant_type,
+          ).valid?
         end
       end
     end

data/lib/doorkeeper/oauth/helpers/unique_token.rb

@@ -3,6 +3,9 @@
 module Doorkeeper
   module OAuth
     module Helpers
+      # Default Doorkeeper token generator. Follows OAuth RFC and
+      # could be customized using `default_generator_method` in
+      # configuration.
       module UniqueToken
         def self.generate(options = {})
           # Access Token value must be 1*VSCHAR or
@@ -11,15 +14,15 @@ module Doorkeeper
           # @see https://tools.ietf.org/html/rfc6749#appendix-A.12
           # @see https://tools.ietf.org/html/rfc6750#section-2.1
           #
-          generator_method = options.delete(:generator) || SecureRandom.method(self.generator_method)
-          token_size       = options.delete(:size)      || 32
-          generator_method.call(token_size)
+          generator = options.delete(:generator) || SecureRandom.method(default_generator_method)
+          token_size = options.delete(:size) || 32
+          generator.call(token_size)
         end
 
         # Generator method for default generator class (SecureRandom)
         #
-        def self.generator_method
-          Doorkeeper.configuration.default_generator_method
+        def self.default_generator_method
+          Doorkeeper.config.default_generator_method
         end
       end
     end

data/lib/doorkeeper/oauth/helpers/uri_checker.rb

@@ -18,7 +18,7 @@ module Doorkeeper
 
   # For backward compatibility with old rubies
   if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("2.5.0")
-    IPAddr.send(:include, Doorkeeper::IPAddrLoopback)
+    IPAddr.include Doorkeeper::IPAddrLoopback
   end
 
   module OAuth

data/lib/doorkeeper/oauth/invalid_request_response.rb

@@ -11,8 +11,8 @@ module Doorkeeper
             state: request.try(:state),
             redirect_uri: request.try(:redirect_uri),
             missing_param: request.try(:missing_param),
-            reason: request.try(:invalid_request_reason)
-          )
+            reason: request.try(:invalid_request_reason),
+          ),
         )
       end
 
@@ -31,7 +31,7 @@ module Doorkeeper
           reason,
           scope: %i[doorkeeper errors messages invalid_request],
           default: :unknown,
-          value: @missing_param
+          value: @missing_param,
         )
       end
 

data/lib/doorkeeper/oauth/invalid_token_response.rb

@@ -27,8 +27,11 @@ module Doorkeeper
       end
 
       def description
-        scope = { scope: %i[doorkeeper errors messages invalid_token] }
-        @description ||= I18n.translate @reason, scope
+        @description ||=
+          I18n.translate(
+            @reason,
+            scope: %i[doorkeeper errors messages invalid_token],
+          )
       end
 
       protected

data/lib/doorkeeper/oauth/password_access_token_request.rb

@@ -37,12 +37,12 @@ module Doorkeeper
           scope_str: scopes.to_s,
           server_scopes: server.scopes,
           app_scopes: client_scopes,
-          grant_type: grant_type
+          grant_type: grant_type,
         )
       end
 
       def validate_resource_owner
-        !resource_owner.nil?
+        resource_owner.present?
       end
 
       def validate_client
@@ -50,7 +50,7 @@ module Doorkeeper
       end
 
       def validate_client_supports_grant_flow
-        Doorkeeper.configuration.allow_grant_flow_for_client?(grant_type, client)
+        server_config.allow_grant_flow_for_client?(grant_type, client)
       end
     end
   end

data/lib/doorkeeper/oauth/pre_authorization.rb

@@ -33,7 +33,7 @@ module Doorkeeper
       end
 
       def validate_client_supports_grant_flow
-        Doorkeeper.configuration.allow_grant_flow_for_client?(grant_type, client.application)
+        Doorkeeper.config.allow_grant_flow_for_client?(grant_type, client.application)
       end
 
       def scopes
@@ -46,8 +46,10 @@ module Doorkeeper
 
       def error_response
         if error == :invalid_request
-          OAuth::InvalidRequestResponse.from_request(self,
-                                                     response_on_fragment: response_on_fragment?)
+          OAuth::InvalidRequestResponse.from_request(
+            self,
+            response_on_fragment: response_on_fragment?,
+          )
         else
           OAuth::ErrorResponse.from_request(self, response_on_fragment: response_on_fragment?)
         end
@@ -86,7 +88,7 @@ module Doorkeeper
 
         Helpers::URIChecker.valid_for_authorization?(
           redirect_uri,
-          client.redirect_uri
+          client.redirect_uri,
         )
       end
 
@@ -109,7 +111,7 @@ module Doorkeeper
           scope_str: scope,
           server_scopes: server.scopes,
           app_scopes: client.scopes,
-          grant_type: grant_type
+          grant_type: grant_type,
         )
       end
 

data/lib/doorkeeper/oauth/refresh_token_request.rb

@@ -27,7 +27,7 @@ module Doorkeeper
       private
 
       def load_client(credentials)
-        Application.by_uid_and_secret(credentials.uid, credentials.secret)
+        server_config.application_model.by_uid_and_secret(credentials.uid, credentials.secret)
       end
 
       def before_successful_response
@@ -42,7 +42,7 @@ module Doorkeeper
       end
 
       def refresh_token_revoked_on_use?
-        Doorkeeper::AccessToken.refresh_token_revoked_on_use?
+        server_config.access_token_model.refresh_token_revoked_on_use?
       end
 
       def default_scopes
@@ -50,7 +50,7 @@ module Doorkeeper
       end
 
       def create_access_token
-        @access_token = AccessToken.create!(access_token_attributes)
+        @access_token = server_config.access_token_model.create!(access_token_attributes)
       end
 
       def access_token_attributes
@@ -71,7 +71,7 @@ module Doorkeeper
         context = Authorization::Token.build_context(
           client,
           Doorkeeper::OAuth::REFRESH_TOKEN,
-          scopes
+          scopes,
         )
         Authorization::Token.access_token_expires_in(server, context)
       end
@@ -104,7 +104,7 @@ module Doorkeeper
         if @original_scopes.present?
           ScopeChecker.valid?(
             scope_str: @original_scopes,
-            server_scopes: refresh_token.scopes
+            server_scopes: refresh_token.scopes,
           )
         else
           true