doorkeeper 5.3.3 → 5.4.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Appraisals +0 -14
- data/CHANGELOG.md +35 -10
- data/Dangerfile +7 -7
- data/Dockerfile +2 -2
- data/Gemfile +9 -9
- data/README.md +6 -4
- data/app/controllers/doorkeeper/applications_controller.rb +7 -7
- data/app/controllers/doorkeeper/authorizations_controller.rb +31 -12
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/tokens_controller.rb +57 -20
- data/app/views/doorkeeper/applications/show.html.erb +19 -2
- data/bin/console +14 -0
- data/config/locales/en.yml +3 -1
- data/doorkeeper.gemspec +1 -1
- data/gemfiles/rails_5_0.gemfile +8 -7
- data/gemfiles/rails_5_1.gemfile +8 -7
- data/gemfiles/rails_5_2.gemfile +8 -7
- data/gemfiles/rails_6_0.gemfile +8 -7
- data/gemfiles/rails_master.gemfile +8 -7
- data/lib/doorkeeper.rb +106 -79
- data/lib/doorkeeper/config.rb +40 -17
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +28 -14
- data/lib/doorkeeper/grape/helpers.rb +1 -1
- data/lib/doorkeeper/models/access_grant_mixin.rb +9 -11
- data/lib/doorkeeper/models/access_token_mixin.rb +100 -41
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +14 -5
- data/lib/doorkeeper/oauth/authorization/context.rb +2 -2
- data/lib/doorkeeper/oauth/authorization/token.rb +7 -11
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +18 -8
- data/lib/doorkeeper/oauth/base_request.rb +11 -19
- data/lib/doorkeeper/oauth/client.rb +1 -1
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +25 -7
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +3 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +1 -1
- data/lib/doorkeeper/oauth/code_response.rb +6 -2
- data/lib/doorkeeper/oauth/error_response.rb +2 -4
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -5
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
- data/lib/doorkeeper/oauth/password_access_token_request.rb +3 -5
- data/lib/doorkeeper/oauth/pre_authorization.rb +32 -27
- data/lib/doorkeeper/oauth/refresh_token_request.rb +18 -22
- data/lib/doorkeeper/oauth/token.rb +1 -1
- data/lib/doorkeeper/oauth/token_introspection.rb +3 -3
- data/lib/doorkeeper/oauth/token_request.rb +2 -2
- data/lib/doorkeeper/oauth/token_response.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +7 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +6 -2
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +9 -64
- data/lib/doorkeeper/rails/routes.rb +13 -17
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/server.rb +3 -3
- data/lib/doorkeeper/version.rb +3 -3
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +39 -3
- data/lib/generators/doorkeeper/templates/migration.rb.erb +2 -0
- data/spec/controllers/applications_controller_spec.rb +2 -2
- data/spec/controllers/authorizations_controller_spec.rb +165 -30
- data/spec/controllers/tokens_controller_spec.rb +6 -5
- data/spec/dummy/app/helpers/application_helper.rb +1 -1
- data/spec/dummy/app/models/user.rb +5 -1
- data/spec/dummy/config/application.rb +6 -4
- data/spec/dummy/config/boot.rb +4 -4
- data/spec/dummy/config/environment.rb +1 -1
- data/spec/dummy/config/routes.rb +4 -4
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +2 -2
- data/spec/dummy/db/schema.rb +3 -1
- data/spec/factories.rb +1 -1
- data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +47 -0
- data/spec/lib/config_spec.rb +15 -11
- data/spec/lib/models/revocable_spec.rb +2 -3
- data/spec/lib/models/scopes_spec.rb +8 -0
- data/spec/lib/oauth/authorization_code_request_spec.rb +25 -15
- data/spec/lib/oauth/base_request_spec.rb +6 -20
- data/spec/lib/oauth/client_credentials/creator_spec.rb +90 -89
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +84 -86
- data/spec/lib/oauth/client_credentials/validation_spec.rb +38 -40
- data/spec/lib/oauth/client_credentials_request_spec.rb +5 -4
- data/spec/lib/oauth/code_request_spec.rb +1 -1
- data/spec/lib/oauth/code_response_spec.rb +5 -1
- data/spec/lib/oauth/error_response_spec.rb +1 -1
- data/spec/lib/oauth/password_access_token_request_spec.rb +24 -13
- data/spec/lib/oauth/pre_authorization_spec.rb +13 -18
- data/spec/lib/oauth/refresh_token_request_spec.rb +19 -30
- data/spec/lib/oauth/token_request_spec.rb +14 -7
- data/spec/lib/option_spec.rb +51 -0
- data/spec/lib/stale_records_cleaner_spec.rb +18 -5
- data/spec/models/doorkeeper/access_grant_spec.rb +18 -4
- data/spec/models/doorkeeper/access_token_spec.rb +507 -479
- data/spec/models/doorkeeper/application_spec.rb +22 -62
- data/spec/requests/endpoints/token_spec.rb +5 -1
- data/spec/requests/flows/authorization_code_errors_spec.rb +4 -1
- data/spec/requests/flows/authorization_code_spec.rb +6 -1
- data/spec/requests/flows/client_credentials_spec.rb +41 -0
- data/spec/requests/flows/refresh_token_spec.rb +16 -8
- data/spec/requests/flows/revoke_token_spec.rb +143 -104
- data/spec/support/helpers/access_token_request_helper.rb +1 -0
- data/spec/support/helpers/authorization_request_helper.rb +4 -4
- data/spec/support/helpers/config_helper.rb +1 -1
- data/spec/support/shared/controllers_shared_context.rb +2 -2
- data/spec/support/shared/models_shared_examples.rb +6 -4
- metadata +16 -5
@@ -8,10 +8,27 @@
|
|
8
8
|
<p><code class="bg-light" id="application_id"><%= @application.uid %></code></p>
|
9
9
|
|
10
10
|
<h4><%= t('.secret') %>:</h4>
|
11
|
-
<p
|
11
|
+
<p>
|
12
|
+
<code class="bg-light" id="secret">
|
13
|
+
<% secret = flash[:application_secret].presence || @application.plaintext_secret %>
|
14
|
+
<% if secret.blank? && Doorkeeper.config.application_secret_hashed? %>
|
15
|
+
<span class="bg-light font-italic text-uppercase text-muted"><%= t('.secret_hashed') %></span>
|
16
|
+
<% else %>
|
17
|
+
<%= secret %>
|
18
|
+
<% end %>
|
19
|
+
</code>
|
20
|
+
</p>
|
12
21
|
|
13
22
|
<h4><%= t('.scopes') %>:</h4>
|
14
|
-
<p
|
23
|
+
<p>
|
24
|
+
<code class="bg-light" id="scopes">
|
25
|
+
<% if @application.scopes.present? %>
|
26
|
+
<%= @application.scopes %>
|
27
|
+
<% else %>
|
28
|
+
<span class="bg-light font-italic text-uppercase text-muted"><%= t('.not_defined') %></span>
|
29
|
+
<% end %>
|
30
|
+
</code>
|
31
|
+
</p>
|
15
32
|
|
16
33
|
<h4><%= t('.confidential') %>:</h4>
|
17
34
|
<p><code class="bg-light" id="confidential"><%= @application.confidential? %></code></p>
|
data/bin/console
CHANGED
@@ -12,5 +12,19 @@ require "doorkeeper"
|
|
12
12
|
# require "pry"
|
13
13
|
# Pry.start
|
14
14
|
|
15
|
+
# Default Doorkeeper config
|
16
|
+
Doorkeeper.configure do
|
17
|
+
orm :active_record
|
18
|
+
end
|
19
|
+
|
20
|
+
# Generate in-memory database for testing
|
21
|
+
ActiveRecord::Base.establish_connection(
|
22
|
+
adapter: "sqlite3",
|
23
|
+
database: ":memory:",
|
24
|
+
)
|
25
|
+
|
26
|
+
# Load database schema
|
27
|
+
load File.expand_path("../spec/dummy/db/schema.rb", __dir__)
|
28
|
+
|
15
29
|
require "irb"
|
16
30
|
IRB.start(__FILE__)
|
data/config/locales/en.yml
CHANGED
@@ -51,12 +51,14 @@ en:
|
|
51
51
|
title: 'New Application'
|
52
52
|
show:
|
53
53
|
title: 'Application: %{name}'
|
54
|
-
application_id: '
|
54
|
+
application_id: 'UID'
|
55
55
|
secret: 'Secret'
|
56
|
+
secret_hashed: 'Secret hashed'
|
56
57
|
scopes: 'Scopes'
|
57
58
|
confidential: 'Confidential'
|
58
59
|
callback_urls: 'Callback urls'
|
59
60
|
actions: 'Actions'
|
61
|
+
not_defined: 'Not defined'
|
60
62
|
|
61
63
|
authorizations:
|
62
64
|
buttons:
|
data/doorkeeper.gemspec
CHANGED
data/gemfiles/rails_5_0.gemfile
CHANGED
@@ -3,13 +3,14 @@
|
|
3
3
|
source "https://rubygems.org"
|
4
4
|
|
5
5
|
gem "rails", "~> 5.0.0"
|
6
|
-
gem "rspec-core"
|
7
|
-
gem "rspec-expectations"
|
8
|
-
gem "rspec-mocks"
|
9
|
-
gem "rspec-rails", "4.0
|
10
|
-
gem "rspec-support"
|
11
|
-
gem "rubocop", "~> 0.
|
12
|
-
gem "rubocop-performance"
|
6
|
+
gem "rspec-core"
|
7
|
+
gem "rspec-expectations"
|
8
|
+
gem "rspec-mocks"
|
9
|
+
gem "rspec-rails", "~> 4.0"
|
10
|
+
gem "rspec-support"
|
11
|
+
gem "rubocop", "~> 0.80"
|
12
|
+
gem "rubocop-performance", require: false
|
13
|
+
gem "rubocop-rails", require: false
|
13
14
|
gem "bcrypt", "~> 3.1", require: false
|
14
15
|
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
15
16
|
gem "sqlite3", "~> 1.3", "< 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
data/gemfiles/rails_5_1.gemfile
CHANGED
@@ -3,13 +3,14 @@
|
|
3
3
|
source "https://rubygems.org"
|
4
4
|
|
5
5
|
gem "rails", "~> 5.1.0"
|
6
|
-
gem "rspec-core"
|
7
|
-
gem "rspec-expectations"
|
8
|
-
gem "rspec-mocks"
|
9
|
-
gem "rspec-rails", "4.0
|
10
|
-
gem "rspec-support"
|
11
|
-
gem "rubocop", "~> 0.
|
12
|
-
gem "rubocop-performance"
|
6
|
+
gem "rspec-core"
|
7
|
+
gem "rspec-expectations"
|
8
|
+
gem "rspec-mocks"
|
9
|
+
gem "rspec-rails", "~> 4.0"
|
10
|
+
gem "rspec-support"
|
11
|
+
gem "rubocop", "~> 0.80"
|
12
|
+
gem "rubocop-performance", require: false
|
13
|
+
gem "rubocop-rails", require: false
|
13
14
|
gem "bcrypt", "~> 3.1", require: false
|
14
15
|
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
15
16
|
gem "sqlite3", "~> 1.3", "< 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
data/gemfiles/rails_5_2.gemfile
CHANGED
@@ -3,13 +3,14 @@
|
|
3
3
|
source "https://rubygems.org"
|
4
4
|
|
5
5
|
gem "rails", "~> 5.2.0"
|
6
|
-
gem "rspec-core"
|
7
|
-
gem "rspec-expectations"
|
8
|
-
gem "rspec-mocks"
|
9
|
-
gem "rspec-rails", "4.0
|
10
|
-
gem "rspec-support"
|
11
|
-
gem "rubocop", "~> 0.
|
12
|
-
gem "rubocop-performance"
|
6
|
+
gem "rspec-core"
|
7
|
+
gem "rspec-expectations"
|
8
|
+
gem "rspec-mocks"
|
9
|
+
gem "rspec-rails", "~> 4.0"
|
10
|
+
gem "rspec-support"
|
11
|
+
gem "rubocop", "~> 0.80"
|
12
|
+
gem "rubocop-performance", require: false
|
13
|
+
gem "rubocop-rails", require: false
|
13
14
|
gem "bcrypt", "~> 3.1", require: false
|
14
15
|
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
15
16
|
gem "sqlite3", "~> 1.3", "< 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
data/gemfiles/rails_6_0.gemfile
CHANGED
@@ -3,13 +3,14 @@
|
|
3
3
|
source "https://rubygems.org"
|
4
4
|
|
5
5
|
gem "rails", "~> 6.0.0"
|
6
|
-
gem "rspec-core"
|
7
|
-
gem "rspec-expectations"
|
8
|
-
gem "rspec-mocks"
|
9
|
-
gem "rspec-rails", "4.0
|
10
|
-
gem "rspec-support"
|
11
|
-
gem "rubocop", "~> 0.
|
12
|
-
gem "rubocop-performance"
|
6
|
+
gem "rspec-core"
|
7
|
+
gem "rspec-expectations"
|
8
|
+
gem "rspec-mocks"
|
9
|
+
gem "rspec-rails", "~> 4.0"
|
10
|
+
gem "rspec-support"
|
11
|
+
gem "rubocop", "~> 0.80"
|
12
|
+
gem "rubocop-performance", require: false
|
13
|
+
gem "rubocop-rails", require: false
|
13
14
|
gem "bcrypt", "~> 3.1", require: false
|
14
15
|
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
15
16
|
gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
@@ -3,13 +3,14 @@
|
|
3
3
|
source "https://rubygems.org"
|
4
4
|
|
5
5
|
gem "rails", git: "https://github.com/rails/rails"
|
6
|
-
gem "rspec-core"
|
7
|
-
gem "rspec-expectations"
|
8
|
-
gem "rspec-mocks"
|
9
|
-
gem "rspec-rails", "4.0
|
10
|
-
gem "rspec-support"
|
11
|
-
gem "rubocop", "~> 0.
|
12
|
-
gem "rubocop-performance"
|
6
|
+
gem "rspec-core"
|
7
|
+
gem "rspec-expectations"
|
8
|
+
gem "rspec-mocks"
|
9
|
+
gem "rspec-rails", "~> 4.0"
|
10
|
+
gem "rspec-support"
|
11
|
+
gem "rubocop", "~> 0.80"
|
12
|
+
gem "rubocop-performance", require: false
|
13
|
+
gem "rubocop-rails", require: false
|
13
14
|
gem "bcrypt", "~> 3.1", require: false
|
14
15
|
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
|
15
16
|
gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
|
data/lib/doorkeeper.rb
CHANGED
@@ -1,89 +1,116 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "doorkeeper/version"
|
4
|
-
require "doorkeeper/engine"
|
5
3
|
require "doorkeeper/config"
|
6
|
-
|
7
|
-
require "doorkeeper/request/strategy"
|
8
|
-
require "doorkeeper/request/authorization_code"
|
9
|
-
require "doorkeeper/request/client_credentials"
|
10
|
-
require "doorkeeper/request/code"
|
11
|
-
require "doorkeeper/request/password"
|
12
|
-
require "doorkeeper/request/refresh_token"
|
13
|
-
require "doorkeeper/request/token"
|
14
|
-
|
15
|
-
require "doorkeeper/errors"
|
16
|
-
require "doorkeeper/server"
|
17
|
-
require "doorkeeper/request"
|
18
|
-
require "doorkeeper/validations"
|
19
|
-
|
20
|
-
require "doorkeeper/oauth/authorization/code"
|
21
|
-
require "doorkeeper/oauth/authorization/context"
|
22
|
-
require "doorkeeper/oauth/authorization/token"
|
23
|
-
require "doorkeeper/oauth/authorization/uri_builder"
|
24
|
-
require "doorkeeper/oauth/helpers/scope_checker"
|
25
|
-
require "doorkeeper/oauth/helpers/uri_checker"
|
26
|
-
require "doorkeeper/oauth/helpers/unique_token"
|
27
|
-
|
28
|
-
require "doorkeeper/oauth"
|
29
|
-
require "doorkeeper/oauth/scopes"
|
30
|
-
require "doorkeeper/oauth/error"
|
31
|
-
require "doorkeeper/oauth/base_response"
|
32
|
-
require "doorkeeper/oauth/code_response"
|
33
|
-
require "doorkeeper/oauth/token_response"
|
34
|
-
require "doorkeeper/oauth/error_response"
|
35
|
-
require "doorkeeper/oauth/pre_authorization"
|
36
|
-
require "doorkeeper/oauth/base_request"
|
37
|
-
require "doorkeeper/oauth/authorization_code_request"
|
38
|
-
require "doorkeeper/oauth/refresh_token_request"
|
39
|
-
require "doorkeeper/oauth/password_access_token_request"
|
40
|
-
|
41
|
-
require "doorkeeper/oauth/client_credentials/validator"
|
42
|
-
require "doorkeeper/oauth/client_credentials/creator"
|
43
|
-
require "doorkeeper/oauth/client_credentials/issuer"
|
44
|
-
require "doorkeeper/oauth/client/credentials"
|
45
|
-
|
46
|
-
require "doorkeeper/oauth/client_credentials_request"
|
47
|
-
require "doorkeeper/oauth/code_request"
|
48
|
-
require "doorkeeper/oauth/token_request"
|
49
|
-
require "doorkeeper/oauth/client"
|
50
|
-
require "doorkeeper/oauth/token"
|
51
|
-
require "doorkeeper/oauth/token_introspection"
|
52
|
-
require "doorkeeper/oauth/invalid_token_response"
|
53
|
-
require "doorkeeper/oauth/forbidden_token_response"
|
54
|
-
require "doorkeeper/oauth/invalid_request_response"
|
55
|
-
require "doorkeeper/oauth/nonstandard"
|
56
|
-
|
57
|
-
require "doorkeeper/secret_storing/base"
|
58
|
-
require "doorkeeper/secret_storing/plain"
|
59
|
-
require "doorkeeper/secret_storing/sha256_hash"
|
60
|
-
require "doorkeeper/secret_storing/bcrypt"
|
61
|
-
|
62
|
-
require "doorkeeper/models/concerns/orderable"
|
63
|
-
require "doorkeeper/models/concerns/scopes"
|
64
|
-
require "doorkeeper/models/concerns/expirable"
|
65
|
-
require "doorkeeper/models/concerns/reusable"
|
66
|
-
require "doorkeeper/models/concerns/revocable"
|
67
|
-
require "doorkeeper/models/concerns/accessible"
|
68
|
-
require "doorkeeper/models/concerns/secret_storable"
|
69
|
-
|
70
|
-
require "doorkeeper/models/access_grant_mixin"
|
71
|
-
require "doorkeeper/models/access_token_mixin"
|
72
|
-
require "doorkeeper/models/application_mixin"
|
73
|
-
|
74
|
-
require "doorkeeper/helpers/controller"
|
75
|
-
|
76
|
-
require "doorkeeper/rails/routes"
|
77
|
-
require "doorkeeper/rails/helpers"
|
78
|
-
|
79
|
-
require "doorkeeper/rake"
|
80
|
-
require "doorkeeper/stale_records_cleaner"
|
81
|
-
|
82
|
-
require "doorkeeper/orm/active_record"
|
4
|
+
require "doorkeeper/engine"
|
83
5
|
|
84
6
|
# Main Doorkeeper namespace.
|
85
7
|
#
|
86
8
|
module Doorkeeper
|
9
|
+
autoload :OAuth, "doorkeeper/oauth"
|
10
|
+
autoload :Errors, "doorkeeper/errors"
|
11
|
+
autoload :Rake, "doorkeeper/rake"
|
12
|
+
autoload :Request, "doorkeeper/request"
|
13
|
+
autoload :Server, "doorkeeper/server"
|
14
|
+
autoload :StaleRecordsCleaner, "doorkeeper/stale_records_cleaner"
|
15
|
+
autoload :Validations, "doorkeeper/validations"
|
16
|
+
autoload :VERSION, "doorkeeper/version"
|
17
|
+
|
18
|
+
autoload :AccessGrantMixin, "doorkeeper/models/access_grant_mixin"
|
19
|
+
autoload :AccessTokenMixin, "doorkeeper/models/access_token_mixin"
|
20
|
+
autoload :ApplicationMixin, "doorkeeper/models/application_mixin"
|
21
|
+
|
22
|
+
module Helpers
|
23
|
+
autoload :Controller, "doorkeeper/helpers/controller"
|
24
|
+
end
|
25
|
+
|
26
|
+
module Request
|
27
|
+
autoload :Strategy, "doorkeeper/request/strategy"
|
28
|
+
autoload :AuthorizationCode, "doorkeeper/request/authorization_code"
|
29
|
+
autoload :ClientCredentials, "doorkeeper/request/client_credentials"
|
30
|
+
autoload :Code, "doorkeeper/request/code"
|
31
|
+
autoload :Password, "doorkeeper/request/password"
|
32
|
+
autoload :RefreshToken, "doorkeeper/request/refresh_token"
|
33
|
+
autoload :Token, "doorkeeper/request/token"
|
34
|
+
end
|
35
|
+
|
36
|
+
module OAuth
|
37
|
+
autoload :BaseRequest, "doorkeeper/oauth/base_request"
|
38
|
+
autoload :AuthorizationCodeRequest, "doorkeeper/oauth/authorization_code_request"
|
39
|
+
autoload :BaseResponse, "doorkeeper/oauth/base_response"
|
40
|
+
autoload :CodeResponse, "doorkeeper/oauth/code_response"
|
41
|
+
autoload :Client, "doorkeeper/oauth/client"
|
42
|
+
autoload :ClientCredentialsRequest, "doorkeeper/oauth/client_credentials_request"
|
43
|
+
autoload :CodeRequest, "doorkeeper/oauth/code_request"
|
44
|
+
autoload :ErrorResponse, "doorkeeper/oauth/error_response"
|
45
|
+
autoload :Error, "doorkeeper/oauth/error"
|
46
|
+
autoload :InvalidTokenResponse, "doorkeeper/oauth/invalid_token_response"
|
47
|
+
autoload :InvalidRequestResponse, "doorkeeper/oauth/invalid_request_response"
|
48
|
+
autoload :ForbiddenTokenResponse, "doorkeeper/oauth/forbidden_token_response"
|
49
|
+
autoload :NonStandard, "doorkeeper/oauth/nonstandard"
|
50
|
+
autoload :PasswordAccessTokenRequest, "doorkeeper/oauth/password_access_token_request"
|
51
|
+
autoload :PreAuthorization, "doorkeeper/oauth/pre_authorization"
|
52
|
+
autoload :RefreshTokenRequest, "doorkeeper/oauth/refresh_token_request"
|
53
|
+
autoload :Scopes, "doorkeeper/oauth/scopes"
|
54
|
+
autoload :Token, "doorkeeper/oauth/token"
|
55
|
+
autoload :TokenIntrospection, "doorkeeper/oauth/token_introspection"
|
56
|
+
autoload :TokenRequest, "doorkeeper/oauth/token_request"
|
57
|
+
autoload :TokenResponse, "doorkeeper/oauth/token_response"
|
58
|
+
|
59
|
+
module Authorization
|
60
|
+
autoload :Code, "doorkeeper/oauth/authorization/code"
|
61
|
+
autoload :Context, "doorkeeper/oauth/authorization/context"
|
62
|
+
autoload :Token, "doorkeeper/oauth/authorization/token"
|
63
|
+
autoload :URIBuilder, "doorkeeper/oauth/authorization/uri_builder"
|
64
|
+
end
|
65
|
+
|
66
|
+
class Client
|
67
|
+
autoload :Credentials, "doorkeeper/oauth/client/credentials"
|
68
|
+
end
|
69
|
+
|
70
|
+
module ClientCredentials
|
71
|
+
autoload :Validator, "doorkeeper/oauth/client_credentials/validator"
|
72
|
+
autoload :Creator, "doorkeeper/oauth/client_credentials/creator"
|
73
|
+
autoload :Issuer, "doorkeeper/oauth/client_credentials/issuer"
|
74
|
+
end
|
75
|
+
|
76
|
+
module Helpers
|
77
|
+
autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
|
78
|
+
autoload :URIChecker, "doorkeeper/oauth/helpers/uri_checker"
|
79
|
+
autoload :UniqueToken, "doorkeeper/oauth/helpers/unique_token"
|
80
|
+
end
|
81
|
+
|
82
|
+
module Hooks
|
83
|
+
autoload :Context, "doorkeeper/oauth/hooks/context"
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
module Models
|
88
|
+
autoload :Accessible, "doorkeeper/models/concerns/accessible"
|
89
|
+
autoload :Expirable, "doorkeeper/models/concerns/expirable"
|
90
|
+
autoload :Orderable, "doorkeeper/models/concerns/orderable"
|
91
|
+
autoload :Scopes, "doorkeeper/models/concerns/scopes"
|
92
|
+
autoload :Reusable, "doorkeeper/models/concerns/reusable"
|
93
|
+
autoload :ResourceOwnerable, "doorkeeper/models/concerns/resource_ownerable"
|
94
|
+
autoload :Revocable, "doorkeeper/models/concerns/revocable"
|
95
|
+
autoload :SecretStorable, "doorkeeper/models/concerns/secret_storable"
|
96
|
+
end
|
97
|
+
|
98
|
+
module Orm
|
99
|
+
autoload :ActiveRecord, "doorkeeper/orm/active_record"
|
100
|
+
end
|
101
|
+
|
102
|
+
module Rails
|
103
|
+
autoload :Helpers, "doorkeeper/rails/helpers"
|
104
|
+
autoload :Routes, "doorkeeper/rails/routes"
|
105
|
+
end
|
106
|
+
|
107
|
+
module SecretStoring
|
108
|
+
autoload :Base, "doorkeeper/secret_storing/base"
|
109
|
+
autoload :Plain, "doorkeeper/secret_storing/plain"
|
110
|
+
autoload :Sha256Hash, "doorkeeper/secret_storing/sha256_hash"
|
111
|
+
autoload :BCrypt, "doorkeeper/secret_storing/bcrypt"
|
112
|
+
end
|
113
|
+
|
87
114
|
def self.authenticate(request, methods = Doorkeeper.config.access_token_methods)
|
88
115
|
OAuth::Token.authenticate(request, *methods)
|
89
116
|
end
|
data/lib/doorkeeper/config.rb
CHANGED
@@ -1,16 +1,24 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "doorkeeper/config/option"
|
4
|
+
require "doorkeeper/config/abstract_builder"
|
4
5
|
|
5
6
|
module Doorkeeper
|
7
|
+
# Defines a MissingConfiguration error for a missing Doorkeeper configuration
|
8
|
+
#
|
6
9
|
class MissingConfiguration < StandardError
|
7
|
-
# Defines a MissingConfiguration error for a missing Doorkeeper
|
8
|
-
# configuration
|
9
10
|
def initialize
|
10
11
|
super("Configuration for doorkeeper missing. Do you have doorkeeper initializer?")
|
11
12
|
end
|
12
13
|
end
|
13
14
|
|
15
|
+
# Doorkeeper option DSL could be reused in extensions to build their own
|
16
|
+
# configurations. To use the Option DSL gems need to define `builder_class` method
|
17
|
+
# that returns configuration Builder class. This exception raises when they don't
|
18
|
+
# define it.
|
19
|
+
#
|
20
|
+
class MissingConfigurationBuilderClass < StandardError; end
|
21
|
+
|
14
22
|
class << self
|
15
23
|
def configure(&block)
|
16
24
|
@config = Config::Builder.new(&block).build
|
@@ -30,7 +38,7 @@ module Doorkeeper
|
|
30
38
|
@orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
|
31
39
|
rescue NameError => e
|
32
40
|
raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
|
33
|
-
[
|
41
|
+
[DOORKEEPER] ORM adapter not found (#{configuration.orm}), or there was an error
|
34
42
|
trying to load it.
|
35
43
|
|
36
44
|
You probably need to add the related gem for this adapter to work with
|
@@ -48,17 +56,8 @@ module Doorkeeper
|
|
48
56
|
end
|
49
57
|
|
50
58
|
class Config
|
51
|
-
|
52
|
-
|
53
|
-
@config = Config.new
|
54
|
-
instance_eval(&block)
|
55
|
-
end
|
56
|
-
|
57
|
-
def build
|
58
|
-
@config.validate
|
59
|
-
@config
|
60
|
-
end
|
61
|
-
|
59
|
+
# Default Doorkeeper configuration builder
|
60
|
+
class Builder < AbstractBuilder
|
62
61
|
# Provide support for an owner to be assigned to each registered
|
63
62
|
# application (disabled by default)
|
64
63
|
# Optional parameter confirmation: true (default false) if you want
|
@@ -158,6 +157,12 @@ module Doorkeeper
|
|
158
157
|
@config.instance_variable_set(:@api_only, true)
|
159
158
|
end
|
160
159
|
|
160
|
+
# Enables polymorphic Resource Owner association for Access Grant and
|
161
|
+
# Access Token models. Requires additional database columns to be setup.
|
162
|
+
def use_polymorphic_resource_owner
|
163
|
+
@config.instance_variable_set(:@polymorphic_resource_owner, true)
|
164
|
+
end
|
165
|
+
|
161
166
|
# Forbids creating/updating applications with arbitrary scopes that are
|
162
167
|
# not in configuration, i.e. `default_scopes` or `optional_scopes`.
|
163
168
|
# (disabled by default)
|
@@ -219,6 +224,9 @@ module Doorkeeper
|
|
219
224
|
end
|
220
225
|
end
|
221
226
|
|
227
|
+
# Replace with `default: Builder` when we drop support of Rails < 5.2
|
228
|
+
mattr_reader(:builder_class) { Builder }
|
229
|
+
|
222
230
|
extend Option
|
223
231
|
|
224
232
|
option :resource_owner_authenticator,
|
@@ -251,8 +259,8 @@ module Doorkeeper
|
|
251
259
|
end)
|
252
260
|
|
253
261
|
# Hooks for authorization
|
254
|
-
option :before_successful_authorization, default: ->(_context) {}
|
255
|
-
option :after_successful_authorization, default: ->(_context) {}
|
262
|
+
option :before_successful_authorization, default: ->(_controller, _context = nil) {}
|
263
|
+
option :after_successful_authorization, default: ->(_controller, _context = nil) {}
|
256
264
|
# Hooks for strategies responses
|
257
265
|
option :before_successful_strategy_response, default: ->(_request) {}
|
258
266
|
option :after_successful_strategy_response, default: ->(_request, _response) {}
|
@@ -265,11 +273,18 @@ module Doorkeeper
|
|
265
273
|
option :authorization_code_expires_in, default: 600
|
266
274
|
option :orm, default: :active_record
|
267
275
|
option :native_redirect_uri, default: "urn:ietf:wg:oauth:2.0:oob", deprecated: true
|
268
|
-
option :active_record_options, default: {}
|
269
276
|
option :grant_flows, default: %w[authorization_code client_credentials]
|
270
277
|
option :handle_auth_errors, default: :render
|
271
278
|
option :token_lookup_batch_size, default: 10_000
|
272
279
|
|
280
|
+
option :active_record_options,
|
281
|
+
default: {},
|
282
|
+
deprecated: { message: "Customize Doorkeeper models instead" }
|
283
|
+
|
284
|
+
# Hook to allow arbitrary user-client authorization
|
285
|
+
option :authorize_resource_owner_for_client,
|
286
|
+
default: ->(_client, _resource_owner) { true }
|
287
|
+
|
273
288
|
# Allows to customize OAuth grant flows that +each+ application support.
|
274
289
|
# You can configure a custom block (or use a class respond to `#call`) that must
|
275
290
|
# return `true` in case Application instance supports requested OAuth grant flow
|
@@ -472,6 +487,10 @@ module Doorkeeper
|
|
472
487
|
option_set? :enable_application_owner
|
473
488
|
end
|
474
489
|
|
490
|
+
def polymorphic_resource_owner?
|
491
|
+
option_set? :polymorphic_resource_owner
|
492
|
+
end
|
493
|
+
|
475
494
|
def confirm_application_owner?
|
476
495
|
option_set? :confirm_application_owner
|
477
496
|
end
|
@@ -480,6 +499,10 @@ module Doorkeeper
|
|
480
499
|
handle_auth_errors == :raise
|
481
500
|
end
|
482
501
|
|
502
|
+
def application_secret_hashed?
|
503
|
+
instance_variable_defined?(:"@application_secret_strategy")
|
504
|
+
end
|
505
|
+
|
483
506
|
def token_secret_strategy
|
484
507
|
@token_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
|
485
508
|
end
|