doorkeeper 5.2.6 → 5.3.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (125) hide show
  1. checksums.yaml +4 -4
  2. data/Appraisals +2 -2
  3. data/CHANGELOG.md +24 -5
  4. data/Gemfile +2 -2
  5. data/app/controllers/doorkeeper/application_controller.rb +2 -2
  6. data/app/controllers/doorkeeper/application_metal_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/authorizations_controller.rb +2 -2
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
  9. data/gemfiles/rails_5_0.gemfile +2 -2
  10. data/gemfiles/rails_5_1.gemfile +2 -2
  11. data/gemfiles/rails_5_2.gemfile +2 -2
  12. data/gemfiles/rails_6_0.gemfile +2 -2
  13. data/gemfiles/rails_master.gemfile +2 -2
  14. data/lib/doorkeeper/config.rb +71 -38
  15. data/lib/doorkeeper/grape/helpers.rb +1 -1
  16. data/lib/doorkeeper/helpers/controller.rb +10 -8
  17. data/lib/doorkeeper/models/access_grant_mixin.rb +7 -6
  18. data/lib/doorkeeper/models/access_token_mixin.rb +54 -16
  19. data/lib/doorkeeper/models/application_mixin.rb +3 -3
  20. data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
  21. data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
  22. data/lib/doorkeeper/models/concerns/revocable.rb +0 -27
  23. data/lib/doorkeeper/oauth/authorization/code.rb +4 -4
  24. data/lib/doorkeeper/oauth/authorization/token.rb +9 -6
  25. data/lib/doorkeeper/oauth/authorization_code_request.rb +13 -6
  26. data/lib/doorkeeper/oauth/base_request.rb +8 -4
  27. data/lib/doorkeeper/oauth/client.rb +7 -8
  28. data/lib/doorkeeper/oauth/client_credentials/creator.rb +16 -9
  29. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +7 -7
  30. data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +4 -4
  31. data/lib/doorkeeper/oauth/client_credentials_request.rb +1 -1
  32. data/lib/doorkeeper/oauth/code_response.rb +2 -2
  33. data/lib/doorkeeper/oauth/error.rb +1 -1
  34. data/lib/doorkeeper/oauth/error_response.rb +5 -5
  35. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +7 -5
  36. data/lib/doorkeeper/oauth/helpers/unique_token.rb +8 -5
  37. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
  38. data/lib/doorkeeper/oauth/invalid_request_response.rb +3 -3
  39. data/lib/doorkeeper/oauth/invalid_token_response.rb +5 -2
  40. data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -3
  41. data/lib/doorkeeper/oauth/pre_authorization.rb +7 -5
  42. data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
  43. data/lib/doorkeeper/oauth/token.rb +2 -2
  44. data/lib/doorkeeper/oauth/token_introspection.rb +6 -6
  45. data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
  46. data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
  47. data/lib/doorkeeper/orm/active_record/application.rb +3 -155
  48. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +53 -0
  49. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +47 -0
  50. data/lib/doorkeeper/orm/active_record/mixins/application.rb +187 -0
  51. data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +3 -3
  52. data/lib/doorkeeper/orm/active_record.rb +3 -3
  53. data/lib/doorkeeper/rails/helpers.rb +4 -4
  54. data/lib/doorkeeper/rails/routes.rb +5 -7
  55. data/lib/doorkeeper/rake/db.rake +3 -3
  56. data/lib/doorkeeper/request/authorization_code.rb +3 -3
  57. data/lib/doorkeeper/request/client_credentials.rb +2 -2
  58. data/lib/doorkeeper/request/password.rb +2 -2
  59. data/lib/doorkeeper/request/refresh_token.rb +3 -3
  60. data/lib/doorkeeper/request.rb +1 -1
  61. data/lib/doorkeeper/server.rb +1 -1
  62. data/lib/doorkeeper/stale_records_cleaner.rb +1 -1
  63. data/lib/doorkeeper/version.rb +2 -2
  64. data/lib/doorkeeper.rb +2 -3
  65. data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
  66. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  67. data/lib/generators/doorkeeper/migration_generator.rb +1 -1
  68. data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
  69. data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +2 -2
  70. data/lib/generators/doorkeeper/templates/initializer.rb +39 -0
  71. data/spec/controllers/application_metal_controller_spec.rb +1 -1
  72. data/spec/controllers/applications_controller_spec.rb +3 -2
  73. data/spec/controllers/authorizations_controller_spec.rb +18 -18
  74. data/spec/controllers/protected_resources_controller_spec.rb +25 -17
  75. data/spec/controllers/token_info_controller_spec.rb +1 -1
  76. data/spec/controllers/tokens_controller_spec.rb +1 -1
  77. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +3 -3
  78. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +1 -1
  79. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +1 -1
  80. data/spec/generators/install_generator_spec.rb +1 -1
  81. data/spec/generators/previous_refresh_token_generator_spec.rb +2 -2
  82. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +1 -1
  83. data/spec/lib/config_spec.rb +62 -7
  84. data/spec/lib/doorkeeper_spec.rb +1 -1
  85. data/spec/lib/models/revocable_spec.rb +3 -3
  86. data/spec/lib/oauth/authorization_code_request_spec.rb +127 -125
  87. data/spec/lib/oauth/base_request_spec.rb +160 -158
  88. data/spec/lib/oauth/base_response_spec.rb +27 -29
  89. data/spec/lib/oauth/client/credentials_spec.rb +1 -1
  90. data/spec/lib/oauth/client_credentials/creator_spec.rb +42 -5
  91. data/spec/lib/oauth/client_credentials/issuer_spec.rb +12 -12
  92. data/spec/lib/oauth/client_credentials/validation_spec.rb +4 -4
  93. data/spec/lib/oauth/client_credentials_integration_spec.rb +16 -18
  94. data/spec/lib/oauth/client_credentials_request_spec.rb +78 -80
  95. data/spec/lib/oauth/client_spec.rb +26 -26
  96. data/spec/lib/oauth/code_request_spec.rb +34 -34
  97. data/spec/lib/oauth/code_response_spec.rb +21 -25
  98. data/spec/lib/oauth/error_response_spec.rb +42 -44
  99. data/spec/lib/oauth/error_spec.rb +12 -14
  100. data/spec/lib/oauth/forbidden_token_response_spec.rb +11 -13
  101. data/spec/lib/oauth/helpers/scope_checker_spec.rb +30 -18
  102. data/spec/lib/oauth/invalid_request_response_spec.rb +48 -50
  103. data/spec/lib/oauth/invalid_token_response_spec.rb +32 -34
  104. data/spec/lib/oauth/password_access_token_request_spec.rb +145 -147
  105. data/spec/lib/oauth/pre_authorization_spec.rb +159 -161
  106. data/spec/lib/oauth/refresh_token_request_spec.rb +138 -139
  107. data/spec/lib/oauth/scopes_spec.rb +104 -106
  108. data/spec/lib/oauth/token_request_spec.rb +115 -111
  109. data/spec/lib/oauth/token_response_spec.rb +71 -73
  110. data/spec/lib/oauth/token_spec.rb +121 -123
  111. data/spec/models/doorkeeper/access_grant_spec.rb +3 -5
  112. data/spec/models/doorkeeper/access_token_spec.rb +7 -7
  113. data/spec/models/doorkeeper/application_spec.rb +2 -2
  114. data/spec/requests/applications/applications_request_spec.rb +1 -1
  115. data/spec/requests/endpoints/authorization_spec.rb +5 -3
  116. data/spec/requests/flows/authorization_code_spec.rb +34 -22
  117. data/spec/requests/flows/client_credentials_spec.rb +1 -1
  118. data/spec/requests/flows/password_spec.rb +32 -12
  119. data/spec/requests/flows/refresh_token_spec.rb +19 -19
  120. data/spec/requests/flows/revoke_token_spec.rb +18 -12
  121. data/spec/spec_helper.rb +1 -4
  122. data/spec/support/shared/controllers_shared_context.rb +33 -23
  123. data/spec/validators/redirect_uri_validator_spec.rb +1 -1
  124. metadata +6 -5
  125. data/spec/support/http_method_shim.rb +0 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f054b4619e2489e52e1e61a959878fa612ae5c42f7217d48f8b59173fb0c8da
4
- data.tar.gz: 160f404b0c1e5eeffe97340c748e2f1f65d4bd6092367320ad573ad042f05ad1
3
+ metadata.gz: 4d3ed9e21e9d404f1c7f67a48a36a5745d9a5a7aca05b9ae63fbd10c6d170ac1
4
+ data.tar.gz: 21ab4db448c9404a7067e8223433a8aa2ecfe955fd3729e7038efafd616c4237
5
5
  SHA512:
6
- metadata.gz: e8929470e2fd326bed639d35723f458799e9e868e8bdd27b35e4d667d9271edd38e0e3d1d14b0b7e0c7f36a474acfb9d5ee72cf84aa6a77a7f768fb0a898709c
7
- data.tar.gz: 6fed1b0c2e7f6ffc141c22bd27974423bd80d3c81c90bbeff83964570b9e9158616cc56fefca1996c8da2018c098246691fc8a5b7f8ef6e6fcc2bd9b03488c38
6
+ metadata.gz: a03ea8dbf25bc5d48f2fa92942c73dfefa74978d16229b79f1f6d691e0d591ecdc08be84bc243139a1a4df50091fde2d039f5dcae65a8250477e309a31ad054d
7
+ data.tar.gz: 7f6445f2beb910ba6b3cdeebd5d0d265986f49bb400ccccdbd811f7be8e34e5e029e07acfe22330729fe9065169b1807a4c98094abf3d247fe7175a1cd52daf5
data/Appraisals CHANGED
@@ -23,7 +23,7 @@ appraise "rails-6-0" do
23
23
  gem "rspec-core", github: "rspec/rspec-core"
24
24
  gem "rspec-expectations", github: "rspec/rspec-expectations"
25
25
  gem "rspec-mocks", github: "rspec/rspec-mocks"
26
- gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-dev"
26
+ gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
27
27
  gem "rspec-support", github: "rspec/rspec-support"
28
28
  end
29
29
 
@@ -35,6 +35,6 @@ appraise "rails-master" do
35
35
  gem "rspec-core", github: "rspec/rspec-core"
36
36
  gem "rspec-expectations", github: "rspec/rspec-expectations"
37
37
  gem "rspec-mocks", github: "rspec/rspec-mocks"
38
- gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-dev"
38
+ gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
39
39
  gem "rspec-support", github: "rspec/rspec-support"
40
40
  end
data/CHANGELOG.md CHANGED
@@ -5,11 +5,11 @@ upgrade guides.
5
5
 
6
6
  User-visible changes worth mentioning.
7
7
 
8
- ## 5.2.6
8
+ ## 5.3.3
9
9
 
10
10
  - [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
11
11
 
12
- ## 5.2.5
12
+ ## 5.3.2
13
13
 
14
14
  - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
15
15
  Fixes information disclosure vulnerability (CVE-2020-10187).
@@ -19,9 +19,28 @@ User-visible changes worth mentioning.
19
19
  JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
20
20
  is a breaking change which restricts serialized attributes to a very small set of columns.
21
21
 
22
- ## 5.2.4
22
+ ## 5.3.1
23
+
24
+ - [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
25
+
26
+ ## 5.3.0
27
+
28
+ - [#1339] Validate Resource Owner in `PasswordAccessTokenRequest` against `nil` and `false` values.
29
+ - [#1341] Fix `refresh_token_revoked_on_use` with `hash_token_secrets` enabled.
30
+ - [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
31
+ - [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
32
+ - [#1346] Refactor `Doorkeeper::Application#to_json` into convenient `#as_json` (fix #1344).
33
+ - [#1349] Fix `Doorkeeper::Application` AR associations using an incorrect foreign key name when using a custom class.
34
+ - [#1318] Make existing token revocation for client credentials optional and disable it by default.
23
35
 
24
- - [#1360] Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
36
+ **[IMPORTANT]** This is a change compared to the behaviour of version 5.2.
37
+ If you were relying on access tokens being revoked once the same client
38
+ requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
39
+ initialization file.
40
+
41
+ ## 5.2.4
42
+
43
+ - [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
25
44
 
26
45
  ## 5.2.3
27
46
 
@@ -101,7 +120,7 @@ User-visible changes worth mentioning.
101
120
 
102
121
  **[IMPORTANT]** If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
103
122
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
104
- `use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt`.
123
+ `hash_application_secrets using: 'Doorkeeper::SecretStoring::BCrypt`.
105
124
 
106
125
  - [#1216] Add nil check to `expires_at` method.
107
126
  - [#1215] Fix deprecates for Rails 6.
data/Gemfile CHANGED
@@ -11,10 +11,10 @@ gem "rails", "~> 6.0.0"
11
11
  gem "rspec-core", github: "rspec/rspec-core"
12
12
  gem "rspec-expectations", github: "rspec/rspec-expectations"
13
13
  gem "rspec-mocks", github: "rspec/rspec-mocks"
14
- gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
14
+ gem "rspec-rails", "4.0.0.beta3"
15
15
  gem "rspec-support", github: "rspec/rspec-support"
16
16
 
17
- gem "rubocop", "~> 0.66"
17
+ gem "rubocop", "~> 0.75"
18
18
  gem "rubocop-performance"
19
19
 
20
20
  gem "bcrypt", "~> 3.1", require: false
@@ -2,10 +2,10 @@
2
2
 
3
3
  module Doorkeeper
4
4
  class ApplicationController <
5
- Doorkeeper.configuration.resolve_controller(:base)
5
+ Doorkeeper.config.resolve_controller(:base)
6
6
  include Helpers::Controller
7
7
 
8
- unless Doorkeeper.configuration.api_only
8
+ unless Doorkeeper.config.api_only
9
9
  protect_from_forgery with: :exception
10
10
  helper "doorkeeper/dashboard"
11
11
  end
@@ -2,11 +2,11 @@
2
2
 
3
3
  module Doorkeeper
4
4
  class ApplicationMetalController <
5
- Doorkeeper.configuration.resolve_controller(:base_metal)
5
+ Doorkeeper.config.resolve_controller(:base_metal)
6
6
  include Helpers::Controller
7
7
 
8
8
  before_action :enforce_content_type,
9
- if: -> { Doorkeeper.configuration.enforce_content_type }
9
+ if: -> { Doorkeeper.config.enforce_content_type }
10
10
 
11
11
  ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
12
12
  end
@@ -45,7 +45,7 @@ module Doorkeeper
45
45
  AccessToken.matching_token_for(
46
46
  pre_auth.client,
47
47
  current_resource_owner.id,
48
- pre_auth.scopes
48
+ pre_auth.scopes,
49
49
  )
50
50
  end
51
51
 
@@ -54,7 +54,7 @@ module Doorkeeper
54
54
  if Doorkeeper.configuration.api_only
55
55
  render(
56
56
  json: { status: :redirect, redirect_uri: auth.redirect_uri },
57
- status: auth.status
57
+ status: auth.status,
58
58
  )
59
59
  else
60
60
  redirect_to auth.redirect_uri
@@ -16,13 +16,13 @@ module Doorkeeper
16
16
  def destroy
17
17
  Application.revoke_tokens_and_grants_for(
18
18
  params[:id],
19
- current_resource_owner
19
+ current_resource_owner,
20
20
  )
21
21
 
22
22
  respond_to do |format|
23
23
  format.html do
24
24
  redirect_to oauth_authorized_applications_url, notice: I18n.t(
25
- :notice, scope: %i[doorkeeper flash authorized_applications destroy]
25
+ :notice, scope: %i[doorkeeper flash authorized_applications destroy],
26
26
  )
27
27
  end
28
28
 
@@ -6,9 +6,9 @@ gem "rails", "~> 5.0.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", "~> 5.1.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", "~> 5.2.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", "~> 6.0.0"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -6,9 +6,9 @@ gem "rails", git: "https://github.com/rails/rails"
6
6
  gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
7
7
  gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
8
8
  gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
9
- gem "rspec-rails", branch: "4-0-dev", git: "https://github.com/rspec/rspec-rails.git"
9
+ gem "rspec-rails", "4.0.0.beta3"
10
10
  gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
11
- gem "rubocop", "~> 0.66"
11
+ gem "rubocop", "~> 0.75"
12
12
  gem "rubocop-performance"
13
13
  gem "bcrypt", "~> 3.1", require: false
14
14
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
@@ -11,36 +11,40 @@ module Doorkeeper
11
11
  end
12
12
  end
13
13
 
14
- def self.configure(&block)
15
- @config = Config::Builder.new(&block).build
16
- setup_orm_adapter
17
- setup_orm_models
18
- setup_application_owner if @config.enable_application_owner?
19
- @config
20
- end
14
+ class << self
15
+ def configure(&block)
16
+ @config = Config::Builder.new(&block).build
17
+ setup_orm_adapter
18
+ setup_orm_models
19
+ setup_application_owner if @config.enable_application_owner?
20
+ @config
21
+ end
21
22
 
22
- def self.configuration
23
- @config || (raise MissingConfiguration)
24
- end
23
+ def configuration
24
+ @config || (raise MissingConfiguration)
25
+ end
25
26
 
26
- def self.setup_orm_adapter
27
- @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
28
- rescue NameError => e
29
- raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
30
- [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
31
- trying to load it.
27
+ alias config configuration
32
28
 
33
- You probably need to add the related gem for this adapter to work with
34
- doorkeeper.
35
- ERROR_MSG
36
- end
29
+ def setup_orm_adapter
30
+ @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
31
+ rescue NameError => e
32
+ raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
33
+ [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
34
+ trying to load it.
37
35
 
38
- def self.setup_orm_models
39
- @orm_adapter.initialize_models!
40
- end
36
+ You probably need to add the related gem for this adapter to work with
37
+ doorkeeper.
38
+ ERROR_MSG
39
+ end
40
+
41
+ def setup_orm_models
42
+ @orm_adapter.initialize_models!
43
+ end
41
44
 
42
- def self.setup_application_owner
43
- @orm_adapter.initialize_application_owner!
45
+ def setup_application_owner
46
+ @orm_adapter.initialize_application_owner!
47
+ end
44
48
  end
45
49
 
46
50
  class Config
@@ -120,7 +124,7 @@ module Doorkeeper
120
124
  def use_refresh_token(enabled = true, &block)
121
125
  @config.instance_variable_set(
122
126
  :@refresh_token_enabled,
123
- block || enabled
127
+ block || enabled,
124
128
  )
125
129
  end
126
130
 
@@ -140,6 +144,14 @@ module Doorkeeper
140
144
  @config.instance_variable_set(:@token_reuse_limit, percentage)
141
145
  end
142
146
 
147
+ # TODO: maybe make it more generic for other flows too?
148
+ # Only allow one valid access token obtained via client credentials
149
+ # per client. If a new access token is obtained before the old one
150
+ # expired, the old one gets revoked (disabled by default)
151
+ def revoke_previous_client_credentials_token
152
+ @config.instance_variable_set(:@revoke_previous_client_credentials_token, true)
153
+ end
154
+
143
155
  # Use an API mode for applications generated with --api argument
144
156
  # It will skip applications controller, disable forgery protection
145
157
  def api_only
@@ -195,8 +207,7 @@ module Doorkeeper
195
207
  def configure_secrets_for(type, using:, fallback:)
196
208
  raise ArgumentError, "Invalid type #{type}" if %i[application token].exclude?(type)
197
209
 
198
- @config.instance_variable_set(:"@#{type}_secret_strategy",
199
- using.constantize)
210
+ @config.instance_variable_set(:"@#{type}_secret_strategy", using.constantize)
200
211
 
201
212
  if fallback.nil?
202
213
  return
@@ -204,8 +215,7 @@ module Doorkeeper
204
215
  fallback = "::Doorkeeper::SecretStoring::Plain"
205
216
  end
206
217
 
207
- @config.instance_variable_set(:"@#{type}_secret_fallback_strategy",
208
- fallback.constantize)
218
+ @config.instance_variable_set(:"@#{type}_secret_fallback_strategy", fallback.constantize)
209
219
  end
210
220
  end
211
221
 
@@ -215,7 +225,7 @@ module Doorkeeper
215
225
  as: :authenticate_resource_owner,
216
226
  default: (lambda do |_routes|
217
227
  ::Rails.logger.warn(
218
- I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured")
228
+ I18n.t("doorkeeper.errors.messages.resource_owner_authenticator_not_configured"),
219
229
  )
220
230
 
221
231
  nil
@@ -225,7 +235,7 @@ module Doorkeeper
225
235
  as: :authenticate_admin,
226
236
  default: (lambda do |_routes|
227
237
  ::Rails.logger.warn(
228
- I18n.t("doorkeeper.errors.messages.admin_authenticator_not_configured")
238
+ I18n.t("doorkeeper.errors.messages.admin_authenticator_not_configured"),
229
239
  )
230
240
 
231
241
  head :forbidden
@@ -234,7 +244,7 @@ module Doorkeeper
234
244
  option :resource_owner_from_credentials,
235
245
  default: (lambda do |_routes|
236
246
  ::Rails.logger.warn(
237
- I18n.t("doorkeeper.errors.messages.credential_flow_not_configured")
247
+ I18n.t("doorkeeper.errors.messages.credential_flow_not_configured"),
238
248
  )
239
249
 
240
250
  nil
@@ -348,6 +358,15 @@ module Doorkeeper
348
358
  option :base_metal_controller,
349
359
  default: "ActionController::API"
350
360
 
361
+ option :access_token_class,
362
+ default: "Doorkeeper::AccessToken"
363
+
364
+ option :access_grant_class,
365
+ default: "Doorkeeper::AccessGrant"
366
+
367
+ option :application_class,
368
+ default: "Doorkeeper::Application"
369
+
351
370
  # Allows to set blank redirect URIs for Applications in case
352
371
  # server configured to use URI-less grant flows.
353
372
  #
@@ -387,9 +406,7 @@ module Doorkeeper
387
406
  end
388
407
  end)
389
408
 
390
- attr_reader :api_only,
391
- :enforce_content_type,
392
- :reuse_access_token,
409
+ attr_reader :reuse_access_token,
393
410
  :token_secret_fallback_strategy,
394
411
  :application_secret_fallback_strategy
395
412
 
@@ -400,6 +417,18 @@ module Doorkeeper
400
417
  validate_secret_strategies
401
418
  end
402
419
 
420
+ def access_token_model
421
+ @access_token_model ||= access_token_class.constantize
422
+ end
423
+
424
+ def access_grant_model
425
+ @access_grant_model ||= access_grant_class.constantize
426
+ end
427
+
428
+ def application_model
429
+ @application_model ||= application_class.constantize
430
+ end
431
+
403
432
  def api_only
404
433
  @api_only ||= false
405
434
  end
@@ -420,6 +449,10 @@ module Doorkeeper
420
449
  @token_reuse_limit ||= 100
421
450
  end
422
451
 
452
+ def revoke_previous_client_credentials_token
453
+ @revoke_previous_client_credentials_token || false
454
+ end
455
+
423
456
  def resolve_controller(name)
424
457
  config_option = public_send(:"#{name}_controller")
425
458
  controller_name = if config_option.respond_to?(:call)
@@ -547,7 +580,7 @@ module Doorkeeper
547
580
  ::Rails.logger.warn(
548
581
  "You have configured both reuse_access_token " \
549
582
  "AND strategy strategy '#{strategy}' that cannot restore tokens. " \
550
- "This combination is unsupported. reuse_access_token will be disabled"
583
+ "This combination is unsupported. reuse_access_token will be disabled",
551
584
  )
552
585
  @reuse_access_token = false
553
586
  end
@@ -565,7 +598,7 @@ module Doorkeeper
565
598
 
566
599
  ::Rails.logger.warn(
567
600
  "You have configured an invalid value for token_reuse_limit option. " \
568
- "It will be set to default 100"
601
+ "It will be set to default 100",
569
602
  )
570
603
  @token_reuse_limit = 100
571
604
  end
@@ -39,7 +39,7 @@ module Doorkeeper
39
39
  def doorkeeper_token
40
40
  @doorkeeper_token ||= OAuth::Token.authenticate(
41
41
  decorated_request,
42
- *Doorkeeper.configuration.access_token_methods
42
+ *Doorkeeper.config.access_token_methods,
43
43
  )
44
44
  end
45
45
 
@@ -17,17 +17,17 @@ module Doorkeeper
17
17
  # :doc:
18
18
  def current_resource_owner
19
19
  @current_resource_owner ||= begin
20
- instance_eval(&Doorkeeper.configuration.authenticate_resource_owner)
20
+ instance_eval(&Doorkeeper.config.authenticate_resource_owner)
21
21
  end
22
22
  end
23
23
 
24
24
  def resource_owner_from_credentials
25
- instance_eval(&Doorkeeper.configuration.resource_owner_from_credentials)
25
+ instance_eval(&Doorkeeper.config.resource_owner_from_credentials)
26
26
  end
27
27
 
28
28
  # :doc:
29
29
  def authenticate_admin!
30
- instance_eval(&Doorkeeper.configuration.authenticate_admin)
30
+ instance_eval(&Doorkeeper.config.authenticate_admin)
31
31
  end
32
32
 
33
33
  def server
@@ -40,16 +40,18 @@ module Doorkeeper
40
40
  end
41
41
 
42
42
  def config_methods
43
- @config_methods ||= Doorkeeper.configuration.access_token_methods
43
+ @config_methods ||= Doorkeeper.config.access_token_methods
44
44
  end
45
45
 
46
46
  def get_error_response_from_exception(exception)
47
47
  if exception.respond_to?(:response)
48
48
  exception.response
49
49
  elsif exception.type == :invalid_request
50
- OAuth::InvalidRequestResponse.new(name: exception.type,
51
- state: params[:state],
52
- missing_param: exception.missing_param)
50
+ OAuth::InvalidRequestResponse.new(
51
+ name: exception.type,
52
+ state: params[:state],
53
+ missing_param: exception.missing_param,
54
+ )
53
55
  else
54
56
  OAuth::ErrorResponse.new(name: exception.type, state: params[:state])
55
57
  end
@@ -65,7 +67,7 @@ module Doorkeeper
65
67
  def skip_authorization?
66
68
  !!instance_exec(
67
69
  [server.current_resource_owner, @pre_auth.client],
68
- &Doorkeeper.configuration.skip_authorization
70
+ &Doorkeeper.config.skip_authorization
69
71
  )
70
72
  end
71
73
 
@@ -43,10 +43,11 @@ module Doorkeeper
43
43
  # instance of the Resource Owner model
44
44
  #
45
45
  def revoke_all_for(application_id, resource_owner, clock = Time)
46
- where(application_id: application_id,
47
- resource_owner_id: resource_owner.id,
48
- revoked_at: nil)
49
- .update_all(revoked_at: clock.now.utc)
46
+ where(
47
+ application_id: application_id,
48
+ resource_owner_id: resource_owner.id,
49
+ revoked_at: nil,
50
+ ).update_all(revoked_at: clock.now.utc)
50
51
  end
51
52
 
52
53
  # Implements PKCE code_challenge encoding without base64 padding as described in the spec.
@@ -102,14 +103,14 @@ module Doorkeeper
102
103
  # Determines the secret storing transformer
103
104
  # Unless configured otherwise, uses the plain secret strategy
104
105
  def secret_strategy
105
- ::Doorkeeper.configuration.token_secret_strategy
106
+ ::Doorkeeper.config.token_secret_strategy
106
107
  end
107
108
 
108
109
  ##
109
110
  # Determine the fallback storing strategy
110
111
  # Unless configured, there will be no fallback
111
112
  def fallback_secret_strategy
112
- ::Doorkeeper.configuration.token_secret_fallback_strategy
113
+ ::Doorkeeper.config.token_secret_fallback_strategy
113
114
  end
114
115
  end
115
116
  end