doorkeeper 5.3.2 → 5.4.0

data/config/locales/en.yml

@@ -51,12 +51,14 @@ en:
         title: 'New Application'
       show:
         title: 'Application: %{name}'
-        application_id: 'Application UID'
+        application_id: 'UID'
         secret: 'Secret'
+        secret_hashed: 'Secret hashed'
         scopes: 'Scopes'
         confidential: 'Confidential'
         callback_urls: 'Callback urls'
         actions: 'Actions'
+        not_defined: 'Not defined'
 
     authorizations:
       buttons:

data/lib/doorkeeper.rb

@@ -1,89 +1,116 @@
 # frozen_string_literal: true
 
-require "doorkeeper/version"
-require "doorkeeper/engine"
 require "doorkeeper/config"
-
-require "doorkeeper/request/strategy"
-require "doorkeeper/request/authorization_code"
-require "doorkeeper/request/client_credentials"
-require "doorkeeper/request/code"
-require "doorkeeper/request/password"
-require "doorkeeper/request/refresh_token"
-require "doorkeeper/request/token"
-
-require "doorkeeper/errors"
-require "doorkeeper/server"
-require "doorkeeper/request"
-require "doorkeeper/validations"
-
-require "doorkeeper/oauth/authorization/code"
-require "doorkeeper/oauth/authorization/context"
-require "doorkeeper/oauth/authorization/token"
-require "doorkeeper/oauth/authorization/uri_builder"
-require "doorkeeper/oauth/helpers/scope_checker"
-require "doorkeeper/oauth/helpers/uri_checker"
-require "doorkeeper/oauth/helpers/unique_token"
-
-require "doorkeeper/oauth"
-require "doorkeeper/oauth/scopes"
-require "doorkeeper/oauth/error"
-require "doorkeeper/oauth/base_response"
-require "doorkeeper/oauth/code_response"
-require "doorkeeper/oauth/token_response"
-require "doorkeeper/oauth/error_response"
-require "doorkeeper/oauth/pre_authorization"
-require "doorkeeper/oauth/base_request"
-require "doorkeeper/oauth/authorization_code_request"
-require "doorkeeper/oauth/refresh_token_request"
-require "doorkeeper/oauth/password_access_token_request"
-
-require "doorkeeper/oauth/client_credentials/validator"
-require "doorkeeper/oauth/client_credentials/creator"
-require "doorkeeper/oauth/client_credentials/issuer"
-require "doorkeeper/oauth/client/credentials"
-
-require "doorkeeper/oauth/client_credentials_request"
-require "doorkeeper/oauth/code_request"
-require "doorkeeper/oauth/token_request"
-require "doorkeeper/oauth/client"
-require "doorkeeper/oauth/token"
-require "doorkeeper/oauth/token_introspection"
-require "doorkeeper/oauth/invalid_token_response"
-require "doorkeeper/oauth/forbidden_token_response"
-require "doorkeeper/oauth/invalid_request_response"
-require "doorkeeper/oauth/nonstandard"
-
-require "doorkeeper/secret_storing/base"
-require "doorkeeper/secret_storing/plain"
-require "doorkeeper/secret_storing/sha256_hash"
-require "doorkeeper/secret_storing/bcrypt"
-
-require "doorkeeper/models/concerns/orderable"
-require "doorkeeper/models/concerns/scopes"
-require "doorkeeper/models/concerns/expirable"
-require "doorkeeper/models/concerns/reusable"
-require "doorkeeper/models/concerns/revocable"
-require "doorkeeper/models/concerns/accessible"
-require "doorkeeper/models/concerns/secret_storable"
-
-require "doorkeeper/models/access_grant_mixin"
-require "doorkeeper/models/access_token_mixin"
-require "doorkeeper/models/application_mixin"
-
-require "doorkeeper/helpers/controller"
-
-require "doorkeeper/rails/routes"
-require "doorkeeper/rails/helpers"
-
-require "doorkeeper/rake"
-require "doorkeeper/stale_records_cleaner"
-
-require "doorkeeper/orm/active_record"
+require "doorkeeper/engine"
 
 # Main Doorkeeper namespace.
 #
 module Doorkeeper
+  autoload :Errors, "doorkeeper/errors"
+  autoload :OAuth, "doorkeeper/oauth"
+  autoload :Rake, "doorkeeper/rake"
+  autoload :Request, "doorkeeper/request"
+  autoload :Server, "doorkeeper/server"
+  autoload :StaleRecordsCleaner, "doorkeeper/stale_records_cleaner"
+  autoload :Validations, "doorkeeper/validations"
+  autoload :VERSION, "doorkeeper/version"
+
+  autoload :AccessGrantMixin, "doorkeeper/models/access_grant_mixin"
+  autoload :AccessTokenMixin, "doorkeeper/models/access_token_mixin"
+  autoload :ApplicationMixin, "doorkeeper/models/application_mixin"
+
+  module Helpers
+    autoload :Controller, "doorkeeper/helpers/controller"
+  end
+
+  module Request
+    autoload :Strategy, "doorkeeper/request/strategy"
+    autoload :AuthorizationCode, "doorkeeper/request/authorization_code"
+    autoload :ClientCredentials, "doorkeeper/request/client_credentials"
+    autoload :Code, "doorkeeper/request/code"
+    autoload :Password, "doorkeeper/request/password"
+    autoload :RefreshToken, "doorkeeper/request/refresh_token"
+    autoload :Token, "doorkeeper/request/token"
+  end
+
+  module OAuth
+    autoload :BaseRequest, "doorkeeper/oauth/base_request"
+    autoload :AuthorizationCodeRequest, "doorkeeper/oauth/authorization_code_request"
+    autoload :BaseResponse, "doorkeeper/oauth/base_response"
+    autoload :CodeResponse, "doorkeeper/oauth/code_response"
+    autoload :Client, "doorkeeper/oauth/client"
+    autoload :ClientCredentialsRequest, "doorkeeper/oauth/client_credentials_request"
+    autoload :CodeRequest, "doorkeeper/oauth/code_request"
+    autoload :ErrorResponse, "doorkeeper/oauth/error_response"
+    autoload :Error, "doorkeeper/oauth/error"
+    autoload :InvalidTokenResponse, "doorkeeper/oauth/invalid_token_response"
+    autoload :InvalidRequestResponse, "doorkeeper/oauth/invalid_request_response"
+    autoload :ForbiddenTokenResponse, "doorkeeper/oauth/forbidden_token_response"
+    autoload :NonStandard, "doorkeeper/oauth/nonstandard"
+    autoload :PasswordAccessTokenRequest, "doorkeeper/oauth/password_access_token_request"
+    autoload :PreAuthorization, "doorkeeper/oauth/pre_authorization"
+    autoload :RefreshTokenRequest, "doorkeeper/oauth/refresh_token_request"
+    autoload :Scopes, "doorkeeper/oauth/scopes"
+    autoload :Token, "doorkeeper/oauth/token"
+    autoload :TokenIntrospection, "doorkeeper/oauth/token_introspection"
+    autoload :TokenRequest, "doorkeeper/oauth/token_request"
+    autoload :TokenResponse, "doorkeeper/oauth/token_response"
+
+    module Authorization
+      autoload :Code, "doorkeeper/oauth/authorization/code"
+      autoload :Context, "doorkeeper/oauth/authorization/context"
+      autoload :Token, "doorkeeper/oauth/authorization/token"
+      autoload :URIBuilder, "doorkeeper/oauth/authorization/uri_builder"
+    end
+
+    class Client
+      autoload :Credentials, "doorkeeper/oauth/client/credentials"
+    end
+
+    module ClientCredentials
+      autoload :Validator, "doorkeeper/oauth/client_credentials/validator"
+      autoload :Creator, "doorkeeper/oauth/client_credentials/creator"
+      autoload :Issuer, "doorkeeper/oauth/client_credentials/issuer"
+    end
+
+    module Helpers
+      autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
+      autoload :URIChecker, "doorkeeper/oauth/helpers/uri_checker"
+      autoload :UniqueToken, "doorkeeper/oauth/helpers/unique_token"
+    end
+
+    module Hooks
+      autoload :Context, "doorkeeper/oauth/hooks/context"
+    end
+  end
+
+  module Models
+    autoload :Accessible, "doorkeeper/models/concerns/accessible"
+    autoload :Expirable, "doorkeeper/models/concerns/expirable"
+    autoload :Orderable, "doorkeeper/models/concerns/orderable"
+    autoload :Scopes, "doorkeeper/models/concerns/scopes"
+    autoload :Reusable, "doorkeeper/models/concerns/reusable"
+    autoload :ResourceOwnerable, "doorkeeper/models/concerns/resource_ownerable"
+    autoload :Revocable, "doorkeeper/models/concerns/revocable"
+    autoload :SecretStorable, "doorkeeper/models/concerns/secret_storable"
+  end
+
+  module Orm
+    autoload :ActiveRecord, "doorkeeper/orm/active_record"
+  end
+
+  module Rails
+    autoload :Helpers, "doorkeeper/rails/helpers"
+    autoload :Routes, "doorkeeper/rails/routes"
+  end
+
+  module SecretStoring
+    autoload :Base, "doorkeeper/secret_storing/base"
+    autoload :Plain, "doorkeeper/secret_storing/plain"
+    autoload :Sha256Hash, "doorkeeper/secret_storing/sha256_hash"
+    autoload :BCrypt, "doorkeeper/secret_storing/bcrypt"
+  end
+
   def self.authenticate(request, methods = Doorkeeper.config.access_token_methods)
     OAuth::Token.authenticate(request, *methods)
   end

data/lib/doorkeeper/config.rb

@@ -1,16 +1,24 @@
 # frozen_string_literal: true
 
 require "doorkeeper/config/option"
+require "doorkeeper/config/abstract_builder"
 
 module Doorkeeper
+  # Defines a MissingConfiguration error for a missing Doorkeeper configuration
+  #
   class MissingConfiguration < StandardError
-    # Defines a MissingConfiguration error for a missing Doorkeeper
-    # configuration
     def initialize
       super("Configuration for doorkeeper missing. Do you have doorkeeper initializer?")
     end
   end
 
+  # Doorkeeper option DSL could be reused in extensions to build their own
+  # configurations. To use the Option DSL gems need to define `builder_class` method
+  # that returns configuration Builder class. This exception raises when they don't
+  # define it.
+  #
+  class MissingConfigurationBuilderClass < StandardError; end
+
   class << self
     def configure(&block)
       @config = Config::Builder.new(&block).build
@@ -30,7 +38,7 @@ module Doorkeeper
       @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
     rescue NameError => e
       raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
-        [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
+        [DOORKEEPER] ORM adapter not found (#{configuration.orm}), or there was an error
         trying to load it.
 
         You probably need to add the related gem for this adapter to work with
@@ -48,17 +56,8 @@ module Doorkeeper
   end
 
   class Config
-    class Builder
-      def initialize(&block)
-        @config = Config.new
-        instance_eval(&block)
-      end
-
-      def build
-        @config.validate
-        @config
-      end
-
+    # Default Doorkeeper configuration builder
+    class Builder < AbstractBuilder
       # Provide support for an owner to be assigned to each registered
       # application (disabled by default)
       # Optional parameter confirmation: true (default false) if you want
@@ -135,15 +134,6 @@ module Doorkeeper
         @config.instance_variable_set(:@reuse_access_token, true)
       end
 
-      # Sets the token_reuse_limit
-      # It will be used only when reuse_access_token option in enabled
-      # By default it will be 100
-      # It will be used for token reusablity to some threshold percentage
-      # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
-      def token_reuse_limit(percentage)
-        @config.instance_variable_set(:@token_reuse_limit, percentage)
-      end
-
       # TODO: maybe make it more generic for other flows too?
       # Only allow one valid access token obtained via client credentials
       # per client. If a new access token is obtained before the old one
@@ -158,6 +148,12 @@ module Doorkeeper
         @config.instance_variable_set(:@api_only, true)
       end
 
+      # Enables polymorphic Resource Owner association for Access Grant and
+      # Access Token models. Requires additional database columns to be setup.
+      def use_polymorphic_resource_owner
+        @config.instance_variable_set(:@polymorphic_resource_owner, true)
+      end
+
       # Forbids creating/updating applications with arbitrary scopes that are
       # not in configuration, i.e. `default_scopes` or `optional_scopes`.
       # (disabled by default)
@@ -219,6 +215,9 @@ module Doorkeeper
       end
     end
 
+    # Replace with `default: Builder` when we drop support of Rails < 5.2
+    mattr_reader(:builder_class) { Builder }
+
     extend Option
 
     option :resource_owner_authenticator,
@@ -251,8 +250,8 @@ module Doorkeeper
            end)
 
     # Hooks for authorization
-    option :before_successful_authorization,      default: ->(_context) {}
-    option :after_successful_authorization,       default: ->(_context) {}
+    option :before_successful_authorization,      default: ->(_controller, _context = nil) {}
+    option :after_successful_authorization,       default: ->(_controller, _context = nil) {}
     # Hooks for strategies responses
     option :before_successful_strategy_response,  default: ->(_request) {}
     option :after_successful_strategy_response,   default: ->(_request, _response) {}
@@ -265,11 +264,25 @@ module Doorkeeper
     option :authorization_code_expires_in,  default: 600
     option :orm,                            default: :active_record
     option :native_redirect_uri,            default: "urn:ietf:wg:oauth:2.0:oob", deprecated: true
-    option :active_record_options,          default: {}
     option :grant_flows,                    default: %w[authorization_code client_credentials]
     option :handle_auth_errors,             default: :render
     option :token_lookup_batch_size,        default: 10_000
 
+    # Sets the token_reuse_limit
+    # It will be used only when reuse_access_token option in enabled
+    # By default it will be 100
+    # It will be used for token reusablity to some threshold percentage
+    # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
+    option :token_reuse_limit,              default: 100
+
+    option :active_record_options,
+           default: {},
+           deprecated: { message: "Customize Doorkeeper models instead" }
+
+    # Hook to allow arbitrary user-client authorization
+    option :authorize_resource_owner_for_client,
+           default: ->(_client, _resource_owner) { true }
+
     # Allows to customize OAuth grant flows that +each+ application support.
     # You can configure a custom block (or use a class respond to `#call`) that must
     # return `true` in case Application instance supports requested OAuth grant flow
@@ -411,20 +424,32 @@ module Doorkeeper
                 :application_secret_fallback_strategy
 
     # Return the valid subset of this configuration
-    def validate
+    def validate!
       validate_reuse_access_token_value
       validate_token_reuse_limit
       validate_secret_strategies
     end
 
+    # Doorkeeper Access Token model class.
+    #
+    # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
+    #
     def access_token_model
       @access_token_model ||= access_token_class.constantize
     end
 
+    # Doorkeeper Access Grant model class.
+    #
+    # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
+    #
     def access_grant_model
       @access_grant_model ||= access_grant_class.constantize
     end
 
+    # Doorkeeper Application model class.
+    #
+    # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
+    #
     def application_model
       @application_model ||= application_class.constantize
     end
@@ -445,14 +470,6 @@ module Doorkeeper
       end
     end
 
-    def token_reuse_limit
-      @token_reuse_limit ||= 100
-    end
-
-    def revoke_previous_client_credentials_token
-      @revoke_previous_client_credentials_token || false
-    end
-
     def resolve_controller(name)
       config_option = public_send(:"#{name}_controller")
       controller_name = if config_option.respond_to?(:call)
@@ -464,6 +481,10 @@ module Doorkeeper
       controller_name.constantize
     end
 
+    def revoke_previous_client_credentials_token?
+      option_set? :revoke_previous_client_credentials_token
+    end
+
     def enforce_configured_scopes?
       option_set? :enforce_configured_scopes
     end
@@ -472,6 +493,10 @@ module Doorkeeper
       option_set? :enable_application_owner
     end
 
+    def polymorphic_resource_owner?
+      option_set? :polymorphic_resource_owner
+    end
+
     def confirm_application_owner?
       option_set? :confirm_application_owner
     end
@@ -480,6 +505,10 @@ module Doorkeeper
       handle_auth_errors == :raise
     end
 
+    def application_secret_hashed?
+      instance_variable_defined?(:"@application_secret_strategy")
+    end
+
     def token_secret_strategy
       @token_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
     end

data/lib/doorkeeper/config/abstract_builder.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  class Config
+    # Abstract base class for Doorkeeper and it's extensions configuration
+    # builder. Instantiates and validates gem configuration.
+    #
+    class AbstractBuilder
+      attr_reader :config
+
+      # @param [Class] config class
+      #
+      def initialize(config = Config.new, &block)
+        @config = config
+        instance_eval(&block)
+      end
+
+      # Builds and validates configuration.
+      #
+      # @return [Doorkeeper::Config] config instance
+      #
+      def build
+        @config.validate! if @config.respond_to?(:validate!)
+        @config
+      end
+    end
+  end
+end