doorkeeper 5.3.3 → 5.4.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (224) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +82 -4
  3. data/README.md +6 -4
  4. data/app/controllers/doorkeeper/applications_controller.rb +4 -4
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +31 -12
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +2 -2
  7. data/app/controllers/doorkeeper/tokens_controller.rb +57 -20
  8. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  9. data/app/views/doorkeeper/applications/show.html.erb +19 -2
  10. data/config/locales/en.yml +3 -1
  11. data/lib/doorkeeper/config/abstract_builder.rb +28 -0
  12. data/lib/doorkeeper/config/option.rb +28 -14
  13. data/lib/doorkeeper/config.rb +64 -35
  14. data/lib/doorkeeper/engine.rb +1 -1
  15. data/lib/doorkeeper/grape/helpers.rb +1 -1
  16. data/lib/doorkeeper/helpers/controller.rb +4 -4
  17. data/lib/doorkeeper/models/access_grant_mixin.rb +20 -16
  18. data/lib/doorkeeper/models/access_token_mixin.rb +108 -45
  19. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  20. data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  21. data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
  22. data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
  23. data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
  24. data/lib/doorkeeper/oauth/authorization/code.rb +15 -6
  25. data/lib/doorkeeper/oauth/authorization/context.rb +2 -2
  26. data/lib/doorkeeper/oauth/authorization/token.rb +8 -12
  27. data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
  28. data/lib/doorkeeper/oauth/authorization_code_request.rb +18 -8
  29. data/lib/doorkeeper/oauth/base_request.rb +11 -19
  30. data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
  31. data/lib/doorkeeper/oauth/client.rb +1 -1
  32. data/lib/doorkeeper/oauth/client_credentials/creator.rb +26 -8
  33. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +3 -2
  34. data/lib/doorkeeper/oauth/client_credentials/validator.rb +4 -2
  35. data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
  36. data/lib/doorkeeper/oauth/code_request.rb +3 -3
  37. data/lib/doorkeeper/oauth/code_response.rb +6 -2
  38. data/lib/doorkeeper/oauth/error_response.rb +2 -4
  39. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -5
  40. data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  41. data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
  42. data/lib/doorkeeper/oauth/password_access_token_request.rb +4 -6
  43. data/lib/doorkeeper/oauth/pre_authorization.rb +36 -30
  44. data/lib/doorkeeper/oauth/refresh_token_request.rb +18 -22
  45. data/lib/doorkeeper/oauth/token.rb +5 -6
  46. data/lib/doorkeeper/oauth/token_introspection.rb +4 -8
  47. data/lib/doorkeeper/oauth/token_request.rb +3 -3
  48. data/lib/doorkeeper/oauth/token_response.rb +1 -1
  49. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +8 -3
  50. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +7 -3
  51. data/lib/doorkeeper/orm/active_record.rb +10 -2
  52. data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  53. data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
  54. data/lib/doorkeeper/rails/routes/registry.rb +45 -0
  55. data/lib/doorkeeper/rails/routes.rb +13 -17
  56. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  57. data/lib/doorkeeper/request/strategy.rb +2 -2
  58. data/lib/doorkeeper/server.rb +4 -4
  59. data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
  60. data/lib/doorkeeper/version.rb +2 -2
  61. data/lib/doorkeeper.rb +106 -79
  62. data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
  63. data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  64. data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +2 -0
  65. data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
  66. data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
  67. data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  68. data/lib/generators/doorkeeper/templates/initializer.rb +39 -3
  69. data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -5
  70. metadata +13 -296
  71. data/Appraisals +0 -40
  72. data/CODE_OF_CONDUCT.md +0 -46
  73. data/CONTRIBUTING.md +0 -49
  74. data/Dangerfile +0 -67
  75. data/Dockerfile +0 -29
  76. data/Gemfile +0 -25
  77. data/NEWS.md +0 -1
  78. data/RELEASING.md +0 -11
  79. data/Rakefile +0 -28
  80. data/SECURITY.md +0 -15
  81. data/UPGRADE.md +0 -2
  82. data/bin/console +0 -16
  83. data/doorkeeper.gemspec +0 -42
  84. data/gemfiles/rails_5_0.gemfile +0 -18
  85. data/gemfiles/rails_5_1.gemfile +0 -18
  86. data/gemfiles/rails_5_2.gemfile +0 -18
  87. data/gemfiles/rails_6_0.gemfile +0 -18
  88. data/gemfiles/rails_master.gemfile +0 -18
  89. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  90. data/spec/controllers/applications_controller_spec.rb +0 -274
  91. data/spec/controllers/authorizations_controller_spec.rb +0 -608
  92. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  93. data/spec/controllers/token_info_controller_spec.rb +0 -50
  94. data/spec/controllers/tokens_controller_spec.rb +0 -498
  95. data/spec/dummy/Rakefile +0 -9
  96. data/spec/dummy/app/assets/config/manifest.js +0 -2
  97. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  98. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  99. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  100. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  101. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  102. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  103. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  104. data/spec/dummy/app/models/user.rb +0 -7
  105. data/spec/dummy/app/views/home/index.html.erb +0 -0
  106. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  107. data/spec/dummy/config/application.rb +0 -49
  108. data/spec/dummy/config/boot.rb +0 -7
  109. data/spec/dummy/config/database.yml +0 -15
  110. data/spec/dummy/config/environment.rb +0 -5
  111. data/spec/dummy/config/environments/development.rb +0 -31
  112. data/spec/dummy/config/environments/production.rb +0 -64
  113. data/spec/dummy/config/environments/test.rb +0 -45
  114. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  115. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  116. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  117. data/spec/dummy/config/initializers/session_store.rb +0 -10
  118. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  119. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  120. data/spec/dummy/config/routes.rb +0 -13
  121. data/spec/dummy/config.ru +0 -6
  122. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  123. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  124. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  125. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  126. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  127. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  128. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  129. data/spec/dummy/db/schema.rb +0 -68
  130. data/spec/dummy/public/404.html +0 -26
  131. data/spec/dummy/public/422.html +0 -26
  132. data/spec/dummy/public/500.html +0 -26
  133. data/spec/dummy/public/favicon.ico +0 -0
  134. data/spec/dummy/script/rails +0 -9
  135. data/spec/factories.rb +0 -30
  136. data/spec/generators/application_owner_generator_spec.rb +0 -28
  137. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  138. data/spec/generators/install_generator_spec.rb +0 -36
  139. data/spec/generators/migration_generator_spec.rb +0 -28
  140. data/spec/generators/pkce_generator_spec.rb +0 -28
  141. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  142. data/spec/generators/templates/routes.rb +0 -4
  143. data/spec/generators/views_generator_spec.rb +0 -29
  144. data/spec/grape/grape_integration_spec.rb +0 -137
  145. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  146. data/spec/lib/config_spec.rb +0 -809
  147. data/spec/lib/doorkeeper_spec.rb +0 -27
  148. data/spec/lib/models/expirable_spec.rb +0 -61
  149. data/spec/lib/models/reusable_spec.rb +0 -40
  150. data/spec/lib/models/revocable_spec.rb +0 -59
  151. data/spec/lib/models/scopes_spec.rb +0 -53
  152. data/spec/lib/models/secret_storable_spec.rb +0 -135
  153. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  154. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
  155. data/spec/lib/oauth/base_request_spec.rb +0 -224
  156. data/spec/lib/oauth/base_response_spec.rb +0 -45
  157. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  158. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
  159. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
  160. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
  161. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  162. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
  163. data/spec/lib/oauth/client_spec.rb +0 -38
  164. data/spec/lib/oauth/code_request_spec.rb +0 -46
  165. data/spec/lib/oauth/code_response_spec.rb +0 -32
  166. data/spec/lib/oauth/error_response_spec.rb +0 -64
  167. data/spec/lib/oauth/error_spec.rb +0 -21
  168. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  169. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  170. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  171. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  172. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  173. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  174. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
  175. data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
  176. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
  177. data/spec/lib/oauth/scopes_spec.rb +0 -146
  178. data/spec/lib/oauth/token_request_spec.rb +0 -157
  179. data/spec/lib/oauth/token_response_spec.rb +0 -84
  180. data/spec/lib/oauth/token_spec.rb +0 -156
  181. data/spec/lib/request/strategy_spec.rb +0 -54
  182. data/spec/lib/secret_storing/base_spec.rb +0 -60
  183. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  184. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  185. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  186. data/spec/lib/server_spec.rb +0 -49
  187. data/spec/lib/stale_records_cleaner_spec.rb +0 -89
  188. data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
  189. data/spec/models/doorkeeper/access_token_spec.rb +0 -622
  190. data/spec/models/doorkeeper/application_spec.rb +0 -482
  191. data/spec/requests/applications/applications_request_spec.rb +0 -259
  192. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  193. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  194. data/spec/requests/endpoints/token_spec.rb +0 -75
  195. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
  196. data/spec/requests/flows/authorization_code_spec.rb +0 -525
  197. data/spec/requests/flows/client_credentials_spec.rb +0 -166
  198. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  199. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  200. data/spec/requests/flows/password_spec.rb +0 -316
  201. data/spec/requests/flows/refresh_token_spec.rb +0 -233
  202. data/spec/requests/flows/revoke_token_spec.rb +0 -157
  203. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  204. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  205. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  206. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  207. data/spec/routing/default_routes_spec.rb +0 -41
  208. data/spec/routing/scoped_routes_spec.rb +0 -47
  209. data/spec/spec_helper.rb +0 -54
  210. data/spec/spec_helper_integration.rb +0 -4
  211. data/spec/support/dependencies/factory_bot.rb +0 -4
  212. data/spec/support/doorkeeper_rspec.rb +0 -22
  213. data/spec/support/helpers/access_token_request_helper.rb +0 -13
  214. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  215. data/spec/support/helpers/config_helper.rb +0 -11
  216. data/spec/support/helpers/model_helper.rb +0 -78
  217. data/spec/support/helpers/request_spec_helper.rb +0 -110
  218. data/spec/support/helpers/url_helper.rb +0 -62
  219. data/spec/support/orm/active_record.rb +0 -5
  220. data/spec/support/shared/controllers_shared_context.rb +0 -133
  221. data/spec/support/shared/hashing_shared_context.rb +0 -36
  222. data/spec/support/shared/models_shared_examples.rb +0 -54
  223. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  224. data/spec/version/version_spec.rb +0 -17
@@ -1,183 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::RedirectUriValidator do
6
- subject do
7
- FactoryBot.create(:application)
8
- end
9
-
10
- it "is valid when the uri is a uri" do
11
- subject.redirect_uri = "https://example.com/callback"
12
- expect(subject).to be_valid
13
- end
14
-
15
- # Most mobile and desktop operating systems allow apps to register a custom URL
16
- # scheme that will launch the app when a URL with that scheme is visited from
17
- # the system browser.
18
- #
19
- # @see https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/
20
- it "is valid when the uri is custom native URI" do
21
- subject.redirect_uri = "myapp:/callback"
22
- expect(subject).to be_valid
23
- end
24
-
25
- it "is valid when the uri has a query parameter" do
26
- subject.redirect_uri = "https://example.com/abcd?xyz=123"
27
- expect(subject).to be_valid
28
- end
29
-
30
- it "accepts nonstandard oob redirect uri" do
31
- subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
32
- expect(subject).to be_valid
33
- end
34
-
35
- it "accepts nonstandard oob:auto redirect uri" do
36
- subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob:auto"
37
- expect(subject).to be_valid
38
- end
39
-
40
- it "is invalid when the uri is not a uri" do
41
- subject.redirect_uri = "]"
42
- expect(subject).not_to be_valid
43
- expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.invalid_uri"))
44
- end
45
-
46
- it "is invalid when the uri is relative" do
47
- subject.redirect_uri = "/abcd"
48
- expect(subject).not_to be_valid
49
- expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.relative_uri"))
50
- end
51
-
52
- it "is invalid when the uri has a fragment" do
53
- subject.redirect_uri = "https://example.com/abcd#xyz"
54
- expect(subject).not_to be_valid
55
- expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.fragment_present"))
56
- end
57
-
58
- it "is invalid when scheme resolves to localhost (needs an explict scheme)" do
59
- subject.redirect_uri = "localhost:80"
60
- expect(subject).to be_invalid
61
- expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.unspecified_scheme"))
62
- end
63
-
64
- it "is invalid if an ip address" do
65
- subject.redirect_uri = "127.0.0.1:8080"
66
- expect(subject).to be_invalid
67
- end
68
-
69
- it "accepts an ip address based URI if a scheme is specified" do
70
- subject.redirect_uri = "https://127.0.0.1:8080"
71
- expect(subject).to be_valid
72
- end
73
-
74
- context "force secured uri" do
75
- it "accepts an valid uri" do
76
- subject.redirect_uri = "https://example.com/callback"
77
- expect(subject).to be_valid
78
- end
79
-
80
- it "accepts custom scheme redirect uri (as per rfc8252 section 7.1)" do
81
- subject.redirect_uri = "com.example.app:/oauth/callback"
82
- expect(subject).to be_valid
83
- end
84
-
85
- it "accepts custom scheme redirect uri (as per rfc8252 section 7.1) #2" do
86
- subject.redirect_uri = "com.example.app:/test"
87
- expect(subject).to be_valid
88
- end
89
-
90
- it "accepts custom scheme redirect uri (common misconfiguration we have decided to allow)" do
91
- subject.redirect_uri = "com.example.app://oauth/callback"
92
- expect(subject).to be_valid
93
- end
94
-
95
- it "accepts custom scheme redirect uri (common misconfiguration we have decided to allow) #2" do
96
- subject.redirect_uri = "com.example.app://test"
97
- expect(subject).to be_valid
98
- end
99
-
100
- it "accepts a non secured protocol when disabled" do
101
- subject.redirect_uri = "http://example.com/callback"
102
- allow(Doorkeeper.configuration).to receive(
103
- :force_ssl_in_redirect_uri,
104
- ).and_return(false)
105
- expect(subject).to be_valid
106
- end
107
-
108
- it "accepts a non secured protocol when conditional option defined" do
109
- Doorkeeper.configure do
110
- orm DOORKEEPER_ORM
111
- force_ssl_in_redirect_uri { |uri| uri.host != "localhost" }
112
- end
113
-
114
- application = FactoryBot.build(:application, redirect_uri: "http://localhost/callback")
115
- expect(application).to be_valid
116
-
117
- application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
118
- expect(application).to be_valid
119
-
120
- application = FactoryBot.build(:application, redirect_uri: "http://localhost2/callback")
121
- expect(application).not_to be_valid
122
-
123
- application = FactoryBot.build(:application, redirect_uri: "https://test.com/callback")
124
- expect(application).to be_valid
125
- end
126
-
127
- it "forbids redirect uri if required" do
128
- subject.redirect_uri = "javascript://document.cookie"
129
-
130
- Doorkeeper.configure do
131
- orm DOORKEEPER_ORM
132
- forbid_redirect_uri { |uri| uri.scheme == "javascript" }
133
- end
134
-
135
- expect(subject).to be_invalid
136
- expect(subject.errors[:redirect_uri].first).to eq("is forbidden by the server.")
137
-
138
- subject.redirect_uri = "https://localhost/callback"
139
- expect(subject).to be_valid
140
- end
141
-
142
- it "invalidates the uri when the uri does not use a secure protocol" do
143
- subject.redirect_uri = "http://example.com/callback"
144
- expect(subject).not_to be_valid
145
- error = subject.errors[:redirect_uri].first
146
- expect(error).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.secured_uri"))
147
- end
148
- end
149
-
150
- context "multiple redirect uri" do
151
- it "invalidates the second uri when the first uri is native uri" do
152
- subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob\nexample.com/callback"
153
- expect(subject).to be_invalid
154
- end
155
- end
156
-
157
- context "blank redirect URI" do
158
- it "forbids blank redirect uri by default" do
159
- subject.redirect_uri = ""
160
-
161
- expect(subject).to be_invalid
162
- expect(subject.errors[:redirect_uri]).not_to be_blank
163
- end
164
-
165
- it "forbids blank redirect uri by custom condition" do
166
- Doorkeeper.configure do
167
- orm DOORKEEPER_ORM
168
- allow_blank_redirect_uri do |_grant_flows, application|
169
- application.name == "admin app"
170
- end
171
- end
172
-
173
- subject.name = "test app"
174
- subject.redirect_uri = ""
175
-
176
- expect(subject).to be_invalid
177
- expect(subject.errors[:redirect_uri]).not_to be_blank
178
-
179
- subject.name = "admin app"
180
- expect(subject).to be_valid
181
- end
182
- end
183
- end
@@ -1,17 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "spec_helper"
4
-
5
- describe Doorkeeper::VERSION do
6
- context "#gem_version" do
7
- it "returns Gem::Version instance" do
8
- expect(Doorkeeper.gem_version).to be_an_instance_of(Gem::Version)
9
- end
10
- end
11
-
12
- context "VERSION" do
13
- it "returns gem version string" do
14
- expect(Doorkeeper::VERSION::STRING).to match(/^\d+\.\d+\.\d+(\.\w+)?$/)
15
- end
16
- end
17
- end