doorkeeper 5.3.2 → 5.4.0

data/lib/doorkeeper/oauth/token_response.rb

@@ -3,7 +3,7 @@
 module Doorkeeper
   module OAuth
     class TokenResponse
-      attr_accessor :token
+      attr_reader :token
 
       def initialize(token)
         @token = token

data/lib/doorkeeper/orm/active_record.rb

@@ -33,12 +33,20 @@ module Doorkeeper
         lazy_load do
           require "doorkeeper/models/concerns/ownership"
 
-          Doorkeeper.config.application_model.send :include, Doorkeeper::Models::Ownership
+          Doorkeeper.config.application_model.include(Doorkeeper::Models::Ownership)
         end
       end
 
       def self.lazy_load(&block)
-        ActiveSupport.on_load(:active_record, {}, &block)
+        # ActiveSupport has no public interface to check if something
+        # already lazy-loaded :(
+        loaded = ActiveSupport.instance_variable_get(:"@loaded") || {}
+
+        if loaded.key?(:active_record)
+          block.call
+        else
+          ActiveSupport.on_load(:active_record, {}, &block)
+        end
       end
 
       def self.models

data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb

@@ -9,12 +9,17 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
 
       include ::Doorkeeper::AccessGrantMixin
 
-      belongs_to :application, class_name: Doorkeeper.config.application_class,
+      belongs_to :application, class_name: Doorkeeper.config.application_class.to_s,
                                optional: true,
                                inverse_of: :access_grants
 
-      validates :resource_owner_id,
-                :application_id,
+      if Doorkeeper.config.polymorphic_resource_owner?
+        belongs_to :resource_owner, polymorphic: true, optional: false
+      else
+        validates :resource_owner_id, presence: true
+      end
+
+      validates :application_id,
                 :token,
                 :expires_in,
                 :redirect_uri,

data/lib/doorkeeper/orm/active_record/mixins/access_token.rb

@@ -9,10 +9,14 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
 
       include ::Doorkeeper::AccessTokenMixin
 
-      belongs_to :application, class_name: Doorkeeper.config.application_class,
+      belongs_to :application, class_name: Doorkeeper.config.application_class.to_s,
                                inverse_of: :access_tokens,
                                optional: true
 
+      if Doorkeeper.config.polymorphic_resource_owner?
+        belongs_to :resource_owner, polymorphic: true, optional: true
+      end
+
       validates :token, presence: true, uniqueness: { case_sensitive: true }
       validates :refresh_token, uniqueness: { case_sensitive: true }, if: :use_refresh_token?
 
@@ -25,7 +29,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
                         on: :create, if: :use_refresh_token?
     end
 
-    class_methods do
+    module ClassMethods
       # Searches for not revoked Access Tokens associated with the
       # specific Resource Owner.
       #
@@ -36,7 +40,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       #   active Access Tokens for Resource Owner
       #
       def active_for(resource_owner)
-        where(resource_owner_id: resource_owner.id, revoked_at: nil)
+        by_resource_owner(resource_owner).where(revoked_at: nil)
       end
 
       def refresh_token_revoked_on_use?

data/lib/doorkeeper/orm/active_record/mixins/application.rb

@@ -12,12 +12,12 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       has_many :access_grants,
                foreign_key: :application_id,
                dependent: :delete_all,
-               class_name: Doorkeeper.config.access_grant_class
+               class_name: Doorkeeper.config.access_grant_class.to_s
 
       has_many :access_tokens,
                foreign_key: :application_id,
                dependent: :delete_all,
-               class_name: Doorkeeper.config.access_token_class
+               class_name: Doorkeeper.config.access_token_class.to_s
 
       validates :name, :secret, :uid, presence: true
       validates :uid, uniqueness: { case_sensitive: true }
@@ -31,7 +31,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       has_many :authorized_tokens,
                -> { where(revoked_at: nil) },
                foreign_key: :application_id,
-               class_name: Doorkeeper.config.access_token_class
+               class_name: Doorkeeper.config.access_token_class.to_s
 
       has_many :authorized_applications,
                through: :authorized_tokens,
@@ -84,6 +84,21 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
         end
       end
 
+      def authorized_for_resource_owner?(resource_owner)
+        Doorkeeper.configuration.authorize_resource_owner_for_client.call(self, resource_owner)
+      end
+
+      # We need to hook into this method to allow serializing plan-text secrets
+      # when secrets hashing enabled.
+      #
+      # @param key [String] attribute name
+      #
+      def read_attribute_for_serialization(key)
+        return super unless key.to_s == "secret"
+
+        plaintext_secret || secret
+      end
+
       private
 
       def generate_uid
@@ -91,7 +106,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       end
 
       def generate_secret
-        return unless secret.blank?
+        return if secret.present?
 
         renew_secret
       end
@@ -131,17 +146,6 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
         only.uniq
       end
 
-      # We need to hook into this method to allow serializing plan-text secrets
-      # when secrets hashing enabled.
-      #
-      # @param key [String] attribute name
-      #
-      def read_attribute_for_serialization(key)
-        return super unless key.to_s == "secret"
-
-        plaintext_secret || secret
-      end
-
       # Collection of attributes that could be serialized for public.
       # Override this method if you need additional attributes to be serialized.
       #
@@ -153,7 +157,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       end
     end
 
-    class_methods do
+    module ClassMethods
       # Returns Applications associated with active (not revoked) Access Tokens
       # that are owned by the specific Resource Owner.
       #

data/lib/doorkeeper/rails/routes.rb

@@ -2,29 +2,33 @@
 
 require "doorkeeper/rails/routes/mapping"
 require "doorkeeper/rails/routes/mapper"
+require "doorkeeper/rails/routes/abstract_router"
+require "doorkeeper/rails/routes/registry"
 
 module Doorkeeper
   module Rails
     class Routes # :nodoc:
-      mattr_reader :mapping do
-        {}
-      end
-
       module Helper
         def use_doorkeeper(options = {}, &block)
           Doorkeeper::Rails::Routes.new(self, &block).generate_routes!(options)
         end
       end
 
+      include AbstractRouter
+      extend Registry
+
+      mattr_reader :mapping do
+        {}
+      end
+
       def self.install!
         ActionDispatch::Routing::Mapper.include Doorkeeper::Rails::Routes::Helper
-      end
 
-      attr_reader :routes
+        registered_routes.each(&:install!)
+      end
 
-      def initialize(routes, &block)
-        @routes = routes
-        @mapping = Mapper.new.map(&block)
+      def initialize(routes, mapper = Mapper.new, &block)
+        super
 
         @mapping.skips.push(:applications, :authorized_applications) if Doorkeeper.config.api_only
       end
@@ -43,14 +47,6 @@ module Doorkeeper
 
       private
 
-      def map_route(name, method)
-        return if @mapping.skipped?(name)
-
-        send(method, @mapping[name])
-
-        mapping[name] = @mapping[name]
-      end
-
       def authorization_routes(mapping)
         routes.resource(
           :authorization,

data/lib/doorkeeper/rails/routes/abstract_router.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  module Rails
+    # Abstract router module that implements base behavior
+    # for generating and mapping Rails routes.
+    #
+    # Could be reused in Doorkeeper extensions.
+    #
+    module AbstractRouter
+      extend ActiveSupport::Concern
+
+      attr_reader :routes
+
+      def initialize(routes, mapper = Mapper.new, &block)
+        @routes = routes
+        @mapping = mapper.map(&block)
+      end
+
+      def generate_routes!(**_options)
+        raise NotImplementedError, "must be redefined for #{self.class.name}!"
+      end
+
+      private
+
+      def map_route(name, method)
+        return if @mapping.skipped?(name)
+
+        send(method, @mapping[name])
+
+        mapping[name] = @mapping[name]
+      end
+    end
+  end
+end

data/lib/doorkeeper/rails/routes/mapper.rb

@@ -4,8 +4,8 @@ module Doorkeeper
   module Rails
     class Routes # :nodoc:
       class Mapper
-        def initialize
-          @mapping = Mapping.new
+        def initialize(mapping = Mapping.new)
+          @mapping = mapping
         end
 
         def map(&block)

data/lib/doorkeeper/rails/routes/registry.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Doorkeeper
+  module Rails
+    class Routes
+      # Thread-safe registry of any Doorkeeper additional routes.
+      # Used to allow implementing of Doorkeeper extensions that must
+      # use their own routes.
+      #
+      module Registry
+        ROUTES_ACCESS_LOCK = Mutex.new
+        ROUTES_DEFINITION_LOCK = Mutex.new
+
+        InvalidRouterClass = Class.new(StandardError)
+
+        # Collection of additional registered routes for Doorkeeper.
+        #
+        # @return [Array<Object>] set of registered routes
+        #
+        def registered_routes
+          ROUTES_DEFINITION_LOCK.synchronize do
+            @registered_routes ||= Set.new
+          end
+        end
+
+        # Registers additional routes in the Doorkeeper registry
+        #
+        # @param [Object] routes
+        #   routes class
+        #
+        def register_routes(routes)
+          if !routes.is_a?(Module) || !(routes < AbstractRouter)
+            raise InvalidRouterClass, "routes class must include Doorkeeper::Rails::AbstractRouter"
+          end
+
+          ROUTES_ACCESS_LOCK.synchronize do
+            registered_routes << routes
+          end
+        end
+
+        alias register register_routes
+      end
+    end
+  end
+end

data/lib/doorkeeper/request/refresh_token.rb

@@ -12,7 +12,8 @@ module Doorkeeper
       def request
         @request ||= OAuth::RefreshTokenRequest.new(
           Doorkeeper.config,
-          refresh_token, credentials,
+          refresh_token,
+          credentials,
           parameters,
         )
       end

data/lib/doorkeeper/request/strategy.rb

@@ -3,12 +3,12 @@
 module Doorkeeper
   module Request
     class Strategy
-      attr_accessor :server
+      attr_reader :server
 
       delegate :authorize, to: :request
 
       def initialize(server)
-        self.server = server
+        @server = server
       end
 
       def request

data/lib/doorkeeper/server.rb

@@ -2,19 +2,19 @@
 
 module Doorkeeper
   class Server
-    attr_accessor :context
+    attr_reader :context
 
-    def initialize(context = nil)
+    def initialize(context)
       @context = context
     end
 
     def authorization_request(strategy)
-      klass = Request.authorization_strategy strategy
+      klass = Request.authorization_strategy(strategy)
       klass.new(self)
     end
 
     def token_request(strategy)
-      klass = Request.token_strategy strategy
+      klass = Request.token_strategy(strategy)
       klass.new(self)
     end
 

data/lib/doorkeeper/stale_records_cleaner.rb

@@ -13,12 +13,12 @@ module Doorkeeper
       raise Doorkeeper::Errors::NoOrmCleaner, "'#{configured_orm}' ORM has no cleaner!"
     end
 
-    def self.configured_orm
-      Doorkeeper.config.orm
-    end
-
     def self.new(base_scope)
       self.for(base_scope)
     end
+
+    def self.configured_orm
+      Doorkeeper.config.orm
+    end
   end
 end

data/lib/doorkeeper/version.rb

@@ -8,8 +8,8 @@ module Doorkeeper
   module VERSION
     # Semantic versioning
     MAJOR = 5
-    MINOR = 3
-    TINY = 2
+    MINOR = 4
+    TINY = 0
     PRE = nil
 
     # Full version number

data/lib/generators/doorkeeper/confidential_applications_generator.rb

@@ -12,7 +12,7 @@ module Doorkeeper
     source_root File.expand_path("templates", __dir__)
     desc "Add confidential column to Doorkeeper applications"
 
-    def pkce
+    def confidential_applications
       migration_template(
         "add_confidential_to_applications.rb.erb",
         "db/migrate/add_confidential_to_applications.rb",

data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Generates migration with polymorphic resource owner required
+  # database columns for Doorkeeper Access Token and Access Grant
+  # models.
+  #
+  class EnablePolymorphicResourceOwnerGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Provide support for polymorphic Resource Owner."
+
+    def enable_polymorphic_resource_owner
+      migration_template(
+        "enable_polymorphic_resource_owner_migration.rb.erb",
+        "db/migrate/enable_polymorphic_resource_owner.rb",
+        migration_version: migration_version,
+      )
+      gsub_file(
+        "config/initializers/doorkeeper.rb",
+        "# use_polymorphic_resource_owner",
+        "use_polymorphic_resource_owner",
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+end