doorkeeper 5.3.3 → 5.4.0.rc1

data/app/views/doorkeeper/applications/show.html.erb

@@ -8,10 +8,27 @@
     <p><code class="bg-light" id="application_id"><%= @application.uid %></code></p>
 
     <h4><%= t('.secret') %>:</h4>
-    <p><code class="bg-light" id="secret"><%= flash[:application_secret].presence || @application.plaintext_secret %></code></p>
+    <p>
+      <code class="bg-light" id="secret">
+        <% secret = flash[:application_secret].presence || @application.plaintext_secret %>
+        <% if secret.blank? && Doorkeeper.config.application_secret_hashed? %>
+          <span class="bg-light font-italic text-uppercase text-muted"><%= t('.secret_hashed') %></span>
+        <% else %>
+          <%= secret %>
+        <% end %>
+      </code>
+    </p>
 
     <h4><%= t('.scopes') %>:</h4>
-    <p><code class="bg-light" id="scopes"><%= @application.scopes.presence || raw('&nbsp;') %></code></p>
+    <p>
+      <code class="bg-light" id="scopes">
+        <% if @application.scopes.present? %>
+          <%= @application.scopes %>
+        <% else %>
+          <span class="bg-light font-italic text-uppercase text-muted"><%= t('.not_defined') %></span>
+        <% end %>
+      </code>
+    </p>
 
     <h4><%= t('.confidential') %>:</h4>
     <p><code class="bg-light" id="confidential"><%= @application.confidential? %></code></p>

data/bin/console

@@ -12,5 +12,19 @@ require "doorkeeper"
 # require "pry"
 # Pry.start
 
+# Default Doorkeeper config
+Doorkeeper.configure do
+  orm :active_record
+end
+
+# Generate in-memory database for testing
+ActiveRecord::Base.establish_connection(
+  adapter: "sqlite3",
+  database: ":memory:",
+)
+
+# Load database schema
+load File.expand_path("../spec/dummy/db/schema.rb", __dir__)
+
 require "irb"
 IRB.start(__FILE__)

data/config/locales/en.yml

@@ -51,12 +51,14 @@ en:
         title: 'New Application'
       show:
         title: 'Application: %{name}'
-        application_id: 'Application UID'
+        application_id: 'UID'
         secret: 'Secret'
+        secret_hashed: 'Secret hashed'
         scopes: 'Scopes'
         confidential: 'Confidential'
         callback_urls: 'Callback urls'
         actions: 'Actions'
+        not_defined: 'Not defined'
 
     authorizations:
       buttons:

data/doorkeeper.gemspec

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-$LOAD_PATH.push File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift File.expand_path("lib", __dir__)
 
 require "doorkeeper/version"
 

data/gemfiles/rails_5_0.gemfile

@@ -3,13 +3,14 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.0.0"
-gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
-gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
-gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", "4.0.0.beta3"
-gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.75"
-gem "rubocop-performance"
+gem "rspec-core"
+gem "rspec-expectations"
+gem "rspec-mocks"
+gem "rspec-rails", "~> 4.0"
+gem "rspec-support"
+gem "rubocop", "~> 0.80"
+gem "rubocop-performance", require: false
+gem "rubocop-rails", require: false
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gem "sqlite3", "~> 1.3", "< 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]

data/gemfiles/rails_5_1.gemfile

@@ -3,13 +3,14 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.1.0"
-gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
-gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
-gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", "4.0.0.beta3"
-gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.75"
-gem "rubocop-performance"
+gem "rspec-core"
+gem "rspec-expectations"
+gem "rspec-mocks"
+gem "rspec-rails", "~> 4.0"
+gem "rspec-support"
+gem "rubocop", "~> 0.80"
+gem "rubocop-performance", require: false
+gem "rubocop-rails", require: false
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gem "sqlite3", "~> 1.3", "< 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]

data/gemfiles/rails_5_2.gemfile

@@ -3,13 +3,14 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.2.0"
-gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
-gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
-gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", "4.0.0.beta3"
-gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.75"
-gem "rubocop-performance"
+gem "rspec-core"
+gem "rspec-expectations"
+gem "rspec-mocks"
+gem "rspec-rails", "~> 4.0"
+gem "rspec-support"
+gem "rubocop", "~> 0.80"
+gem "rubocop-performance", require: false
+gem "rubocop-rails", require: false
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gem "sqlite3", "~> 1.3", "< 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]

data/gemfiles/rails_6_0.gemfile

@@ -3,13 +3,14 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 6.0.0"
-gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
-gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
-gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", "4.0.0.beta3"
-gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.75"
-gem "rubocop-performance"
+gem "rspec-core"
+gem "rspec-expectations"
+gem "rspec-mocks"
+gem "rspec-rails", "~> 4.0"
+gem "rspec-support"
+gem "rubocop", "~> 0.80"
+gem "rubocop-performance", require: false
+gem "rubocop-rails", require: false
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]

data/gemfiles/rails_master.gemfile

@@ -3,13 +3,14 @@
 source "https://rubygems.org"
 
 gem "rails", git: "https://github.com/rails/rails"
-gem "rspec-core", git: "https://github.com/rspec/rspec-core.git"
-gem "rspec-expectations", git: "https://github.com/rspec/rspec-expectations.git"
-gem "rspec-mocks", git: "https://github.com/rspec/rspec-mocks.git"
-gem "rspec-rails", "4.0.0.beta3"
-gem "rspec-support", git: "https://github.com/rspec/rspec-support.git"
-gem "rubocop", "~> 0.75"
-gem "rubocop-performance"
+gem "rspec-core"
+gem "rspec-expectations"
+gem "rspec-mocks"
+gem "rspec-rails", "~> 4.0"
+gem "rspec-support"
+gem "rubocop", "~> 0.80"
+gem "rubocop-performance", require: false
+gem "rubocop-rails", require: false
 gem "bcrypt", "~> 3.1", require: false
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]

data/lib/doorkeeper.rb

@@ -1,89 +1,116 @@
 # frozen_string_literal: true
 
-require "doorkeeper/version"
-require "doorkeeper/engine"
 require "doorkeeper/config"
-
-require "doorkeeper/request/strategy"
-require "doorkeeper/request/authorization_code"
-require "doorkeeper/request/client_credentials"
-require "doorkeeper/request/code"
-require "doorkeeper/request/password"
-require "doorkeeper/request/refresh_token"
-require "doorkeeper/request/token"
-
-require "doorkeeper/errors"
-require "doorkeeper/server"
-require "doorkeeper/request"
-require "doorkeeper/validations"
-
-require "doorkeeper/oauth/authorization/code"
-require "doorkeeper/oauth/authorization/context"
-require "doorkeeper/oauth/authorization/token"
-require "doorkeeper/oauth/authorization/uri_builder"
-require "doorkeeper/oauth/helpers/scope_checker"
-require "doorkeeper/oauth/helpers/uri_checker"
-require "doorkeeper/oauth/helpers/unique_token"
-
-require "doorkeeper/oauth"
-require "doorkeeper/oauth/scopes"
-require "doorkeeper/oauth/error"
-require "doorkeeper/oauth/base_response"
-require "doorkeeper/oauth/code_response"
-require "doorkeeper/oauth/token_response"
-require "doorkeeper/oauth/error_response"
-require "doorkeeper/oauth/pre_authorization"
-require "doorkeeper/oauth/base_request"
-require "doorkeeper/oauth/authorization_code_request"
-require "doorkeeper/oauth/refresh_token_request"
-require "doorkeeper/oauth/password_access_token_request"
-
-require "doorkeeper/oauth/client_credentials/validator"
-require "doorkeeper/oauth/client_credentials/creator"
-require "doorkeeper/oauth/client_credentials/issuer"
-require "doorkeeper/oauth/client/credentials"
-
-require "doorkeeper/oauth/client_credentials_request"
-require "doorkeeper/oauth/code_request"
-require "doorkeeper/oauth/token_request"
-require "doorkeeper/oauth/client"
-require "doorkeeper/oauth/token"
-require "doorkeeper/oauth/token_introspection"
-require "doorkeeper/oauth/invalid_token_response"
-require "doorkeeper/oauth/forbidden_token_response"
-require "doorkeeper/oauth/invalid_request_response"
-require "doorkeeper/oauth/nonstandard"
-
-require "doorkeeper/secret_storing/base"
-require "doorkeeper/secret_storing/plain"
-require "doorkeeper/secret_storing/sha256_hash"
-require "doorkeeper/secret_storing/bcrypt"
-
-require "doorkeeper/models/concerns/orderable"
-require "doorkeeper/models/concerns/scopes"
-require "doorkeeper/models/concerns/expirable"
-require "doorkeeper/models/concerns/reusable"
-require "doorkeeper/models/concerns/revocable"
-require "doorkeeper/models/concerns/accessible"
-require "doorkeeper/models/concerns/secret_storable"
-
-require "doorkeeper/models/access_grant_mixin"
-require "doorkeeper/models/access_token_mixin"
-require "doorkeeper/models/application_mixin"
-
-require "doorkeeper/helpers/controller"
-
-require "doorkeeper/rails/routes"
-require "doorkeeper/rails/helpers"
-
-require "doorkeeper/rake"
-require "doorkeeper/stale_records_cleaner"
-
-require "doorkeeper/orm/active_record"
+require "doorkeeper/engine"
 
 # Main Doorkeeper namespace.
 #
 module Doorkeeper
+  autoload :OAuth, "doorkeeper/oauth"
+  autoload :Errors, "doorkeeper/errors"
+  autoload :Rake, "doorkeeper/rake"
+  autoload :Request, "doorkeeper/request"
+  autoload :Server, "doorkeeper/server"
+  autoload :StaleRecordsCleaner, "doorkeeper/stale_records_cleaner"
+  autoload :Validations, "doorkeeper/validations"
+  autoload :VERSION, "doorkeeper/version"
+
+  autoload :AccessGrantMixin, "doorkeeper/models/access_grant_mixin"
+  autoload :AccessTokenMixin, "doorkeeper/models/access_token_mixin"
+  autoload :ApplicationMixin, "doorkeeper/models/application_mixin"
+
+  module Helpers
+    autoload :Controller, "doorkeeper/helpers/controller"
+  end
+
+  module Request
+    autoload :Strategy, "doorkeeper/request/strategy"
+    autoload :AuthorizationCode, "doorkeeper/request/authorization_code"
+    autoload :ClientCredentials, "doorkeeper/request/client_credentials"
+    autoload :Code, "doorkeeper/request/code"
+    autoload :Password, "doorkeeper/request/password"
+    autoload :RefreshToken, "doorkeeper/request/refresh_token"
+    autoload :Token, "doorkeeper/request/token"
+  end
+
+  module OAuth
+    autoload :BaseRequest, "doorkeeper/oauth/base_request"
+    autoload :AuthorizationCodeRequest, "doorkeeper/oauth/authorization_code_request"
+    autoload :BaseResponse, "doorkeeper/oauth/base_response"
+    autoload :CodeResponse, "doorkeeper/oauth/code_response"
+    autoload :Client, "doorkeeper/oauth/client"
+    autoload :ClientCredentialsRequest, "doorkeeper/oauth/client_credentials_request"
+    autoload :CodeRequest, "doorkeeper/oauth/code_request"
+    autoload :ErrorResponse, "doorkeeper/oauth/error_response"
+    autoload :Error, "doorkeeper/oauth/error"
+    autoload :InvalidTokenResponse, "doorkeeper/oauth/invalid_token_response"
+    autoload :InvalidRequestResponse, "doorkeeper/oauth/invalid_request_response"
+    autoload :ForbiddenTokenResponse, "doorkeeper/oauth/forbidden_token_response"
+    autoload :NonStandard, "doorkeeper/oauth/nonstandard"
+    autoload :PasswordAccessTokenRequest, "doorkeeper/oauth/password_access_token_request"
+    autoload :PreAuthorization, "doorkeeper/oauth/pre_authorization"
+    autoload :RefreshTokenRequest, "doorkeeper/oauth/refresh_token_request"
+    autoload :Scopes, "doorkeeper/oauth/scopes"
+    autoload :Token, "doorkeeper/oauth/token"
+    autoload :TokenIntrospection, "doorkeeper/oauth/token_introspection"
+    autoload :TokenRequest, "doorkeeper/oauth/token_request"
+    autoload :TokenResponse, "doorkeeper/oauth/token_response"
+
+    module Authorization
+      autoload :Code, "doorkeeper/oauth/authorization/code"
+      autoload :Context, "doorkeeper/oauth/authorization/context"
+      autoload :Token, "doorkeeper/oauth/authorization/token"
+      autoload :URIBuilder, "doorkeeper/oauth/authorization/uri_builder"
+    end
+
+    class Client
+      autoload :Credentials, "doorkeeper/oauth/client/credentials"
+    end
+
+    module ClientCredentials
+      autoload :Validator, "doorkeeper/oauth/client_credentials/validator"
+      autoload :Creator, "doorkeeper/oauth/client_credentials/creator"
+      autoload :Issuer, "doorkeeper/oauth/client_credentials/issuer"
+    end
+
+    module Helpers
+      autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
+      autoload :URIChecker, "doorkeeper/oauth/helpers/uri_checker"
+      autoload :UniqueToken, "doorkeeper/oauth/helpers/unique_token"
+    end
+
+    module Hooks
+      autoload :Context, "doorkeeper/oauth/hooks/context"
+    end
+  end
+
+  module Models
+    autoload :Accessible, "doorkeeper/models/concerns/accessible"
+    autoload :Expirable, "doorkeeper/models/concerns/expirable"
+    autoload :Orderable, "doorkeeper/models/concerns/orderable"
+    autoload :Scopes, "doorkeeper/models/concerns/scopes"
+    autoload :Reusable, "doorkeeper/models/concerns/reusable"
+    autoload :ResourceOwnerable, "doorkeeper/models/concerns/resource_ownerable"
+    autoload :Revocable, "doorkeeper/models/concerns/revocable"
+    autoload :SecretStorable, "doorkeeper/models/concerns/secret_storable"
+  end
+
+  module Orm
+    autoload :ActiveRecord, "doorkeeper/orm/active_record"
+  end
+
+  module Rails
+    autoload :Helpers, "doorkeeper/rails/helpers"
+    autoload :Routes, "doorkeeper/rails/routes"
+  end
+
+  module SecretStoring
+    autoload :Base, "doorkeeper/secret_storing/base"
+    autoload :Plain, "doorkeeper/secret_storing/plain"
+    autoload :Sha256Hash, "doorkeeper/secret_storing/sha256_hash"
+    autoload :BCrypt, "doorkeeper/secret_storing/bcrypt"
+  end
+
   def self.authenticate(request, methods = Doorkeeper.config.access_token_methods)
     OAuth::Token.authenticate(request, *methods)
   end

data/lib/doorkeeper/config.rb

@@ -1,16 +1,24 @@
 # frozen_string_literal: true
 
 require "doorkeeper/config/option"
+require "doorkeeper/config/abstract_builder"
 
 module Doorkeeper
+  # Defines a MissingConfiguration error for a missing Doorkeeper configuration
+  #
   class MissingConfiguration < StandardError
-    # Defines a MissingConfiguration error for a missing Doorkeeper
-    # configuration
     def initialize
       super("Configuration for doorkeeper missing. Do you have doorkeeper initializer?")
     end
   end
 
+  # Doorkeeper option DSL could be reused in extensions to build their own
+  # configurations. To use the Option DSL gems need to define `builder_class` method
+  # that returns configuration Builder class. This exception raises when they don't
+  # define it.
+  #
+  class MissingConfigurationBuilderClass < StandardError; end
+
   class << self
     def configure(&block)
       @config = Config::Builder.new(&block).build
@@ -30,7 +38,7 @@ module Doorkeeper
       @orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
     rescue NameError => e
       raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
-        [doorkeeper] ORM adapter not found (#{configuration.orm}), or there was an error
+        [DOORKEEPER] ORM adapter not found (#{configuration.orm}), or there was an error
         trying to load it.
 
         You probably need to add the related gem for this adapter to work with
@@ -48,17 +56,8 @@ module Doorkeeper
   end
 
   class Config
-    class Builder
-      def initialize(&block)
-        @config = Config.new
-        instance_eval(&block)
-      end
-
-      def build
-        @config.validate
-        @config
-      end
-
+    # Default Doorkeeper configuration builder
+    class Builder < AbstractBuilder
       # Provide support for an owner to be assigned to each registered
       # application (disabled by default)
       # Optional parameter confirmation: true (default false) if you want
@@ -158,6 +157,12 @@ module Doorkeeper
         @config.instance_variable_set(:@api_only, true)
       end
 
+      # Enables polymorphic Resource Owner association for Access Grant and
+      # Access Token models. Requires additional database columns to be setup.
+      def use_polymorphic_resource_owner
+        @config.instance_variable_set(:@polymorphic_resource_owner, true)
+      end
+
       # Forbids creating/updating applications with arbitrary scopes that are
       # not in configuration, i.e. `default_scopes` or `optional_scopes`.
       # (disabled by default)
@@ -219,6 +224,9 @@ module Doorkeeper
       end
     end
 
+    # Replace with `default: Builder` when we drop support of Rails < 5.2
+    mattr_reader(:builder_class) { Builder }
+
     extend Option
 
     option :resource_owner_authenticator,
@@ -251,8 +259,8 @@ module Doorkeeper
            end)
 
     # Hooks for authorization
-    option :before_successful_authorization,      default: ->(_context) {}
-    option :after_successful_authorization,       default: ->(_context) {}
+    option :before_successful_authorization,      default: ->(_controller, _context = nil) {}
+    option :after_successful_authorization,       default: ->(_controller, _context = nil) {}
     # Hooks for strategies responses
     option :before_successful_strategy_response,  default: ->(_request) {}
     option :after_successful_strategy_response,   default: ->(_request, _response) {}
@@ -265,11 +273,18 @@ module Doorkeeper
     option :authorization_code_expires_in,  default: 600
     option :orm,                            default: :active_record
     option :native_redirect_uri,            default: "urn:ietf:wg:oauth:2.0:oob", deprecated: true
-    option :active_record_options,          default: {}
     option :grant_flows,                    default: %w[authorization_code client_credentials]
     option :handle_auth_errors,             default: :render
     option :token_lookup_batch_size,        default: 10_000
 
+    option :active_record_options,
+           default: {},
+           deprecated: { message: "Customize Doorkeeper models instead" }
+
+    # Hook to allow arbitrary user-client authorization
+    option :authorize_resource_owner_for_client,
+           default: ->(_client, _resource_owner) { true }
+
     # Allows to customize OAuth grant flows that +each+ application support.
     # You can configure a custom block (or use a class respond to `#call`) that must
     # return `true` in case Application instance supports requested OAuth grant flow
@@ -472,6 +487,10 @@ module Doorkeeper
       option_set? :enable_application_owner
     end
 
+    def polymorphic_resource_owner?
+      option_set? :polymorphic_resource_owner
+    end
+
     def confirm_application_owner?
       option_set? :confirm_application_owner
     end
@@ -480,6 +499,10 @@ module Doorkeeper
       handle_auth_errors == :raise
     end
 
+    def application_secret_hashed?
+      instance_variable_defined?(:"@application_secret_strategy")
+    end
+
     def token_secret_strategy
       @token_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
     end