doorkeeper 5.3.3 → 5.5.0.rc2

data/lib/doorkeeper/request.rb

@@ -4,32 +4,69 @@ module Doorkeeper
   module Request
     class << self
       def authorization_strategy(response_type)
-        build_strategy_class(response_type)
+        grant_flow = authorization_flows.detect do |flow|
+          flow.matches_response_type?(response_type)
+        end
+
+        if grant_flow
+          grant_flow.response_type_strategy
+        else
+          # [NOTE]: this will be removed in a newer versions of Doorkeeper.
+          # For retro-compatibility only
+          build_fallback_strategy_class(response_type)
+        end
       end
 
       def token_strategy(grant_type)
         raise Errors::MissingRequiredParameter, :grant_type if grant_type.blank?
 
-        get_strategy(grant_type, token_grant_types)
-      rescue NameError
-        raise Errors::InvalidTokenStrategy
-      end
+        grant_flow = token_flows.detect do |flow|
+          flow.matches_grant_type?(grant_type)
+        end
 
-      def get_strategy(grant_type, available)
-        raise NameError unless available.include?(grant_type.to_s)
+        if grant_flow
+          grant_flow.grant_type_strategy
+        else
+          # [NOTE]: this will be removed in a newer versions of Doorkeeper.
+          # For retro-compatibility only
+          raise Errors::InvalidTokenStrategy unless available.include?(grant_type.to_s)
 
-        build_strategy_class(grant_type)
+          strategy_class = build_fallback_strategy_class(grant_type)
+          raise Errors::InvalidTokenStrategy unless strategy_class
+
+          strategy_class
+        end
       end
 
       private
 
-      def token_grant_types
-        Doorkeeper.config.token_grant_types
+      def authorization_flows
+        Doorkeeper.configuration.authorization_response_flows
+      end
+
+      def token_flows
+        Doorkeeper.configuration.token_grant_flows
       end
 
-      def build_strategy_class(grant_or_request_type)
+      # [NOTE]: this will be removed in a newer versions of Doorkeeper.
+      # For retro-compatibility only
+      def available
+        Doorkeeper.config.deprecated_token_grant_types_resolver
+      end
+
+      def build_fallback_strategy_class(grant_or_request_type)
         strategy_class_name = grant_or_request_type.to_s.tr(" ", "_").camelize
-        "Doorkeeper::Request::#{strategy_class_name}".constantize
+        fallback_strategy = "Doorkeeper::Request::#{strategy_class_name}".constantize
+
+        ::Kernel.warn <<~WARNING
+          [DOORKEEPER] #{fallback_strategy} found using fallback, it must be
+          registered using `Doorkeeper::GrantFlow.register(grant_flow_name, **options)`.
+          This functionality will be removed in a newer versions of Doorkeeper.
+        WARNING
+
+        fallback_strategy
+      rescue NameError
+        raise Errors::InvalidTokenStrategy
       end
     end
   end

data/lib/doorkeeper/request/refresh_token.rb

@@ -12,7 +12,8 @@ module Doorkeeper
       def request
         @request ||= OAuth::RefreshTokenRequest.new(
           Doorkeeper.config,
-          refresh_token, credentials,
+          refresh_token,
+          credentials,
           parameters,
         )
       end

data/lib/doorkeeper/request/strategy.rb

@@ -3,12 +3,12 @@
 module Doorkeeper
   module Request
     class Strategy
-      attr_accessor :server
+      attr_reader :server
 
       delegate :authorize, to: :request
 
       def initialize(server)
-        self.server = server
+        @server = server
       end
 
       def request

data/lib/doorkeeper/server.rb

@@ -2,19 +2,19 @@
 
 module Doorkeeper
   class Server
-    attr_accessor :context
+    attr_reader :context
 
-    def initialize(context = nil)
+    def initialize(context)
       @context = context
     end
 
     def authorization_request(strategy)
-      klass = Request.authorization_strategy strategy
+      klass = Request.authorization_strategy(strategy)
       klass.new(self)
     end
 
     def token_request(strategy)
-      klass = Request.token_strategy strategy
+      klass = Request.token_strategy(strategy)
       klass.new(self)
     end
 

data/lib/doorkeeper/stale_records_cleaner.rb

@@ -13,12 +13,12 @@ module Doorkeeper
       raise Doorkeeper::Errors::NoOrmCleaner, "'#{configured_orm}' ORM has no cleaner!"
     end
 
-    def self.configured_orm
-      Doorkeeper.config.orm
-    end
-
     def self.new(base_scope)
       self.for(base_scope)
     end
+
+    def self.configured_orm
+      Doorkeeper.config.orm
+    end
   end
 end

data/lib/doorkeeper/version.rb

@@ -1,16 +1,12 @@
 # frozen_string_literal: true
 
 module Doorkeeper
-  def self.gem_version
-    Gem::Version.new VERSION::STRING
-  end
-
   module VERSION
     # Semantic versioning
     MAJOR = 5
-    MINOR = 3
-    TINY = 3
-    PRE = nil
+    MINOR = 5
+    TINY = 0
+    PRE = "rc2"
 
     # Full version number
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/generators/doorkeeper/confidential_applications_generator.rb

@@ -12,7 +12,7 @@ module Doorkeeper
     source_root File.expand_path("templates", __dir__)
     desc "Add confidential column to Doorkeeper applications"
 
-    def pkce
+    def confidential_applications
       migration_template(
         "add_confidential_to_applications.rb.erb",
         "db/migrate/add_confidential_to_applications.rb",

data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Doorkeeper
+  # Generates migration with polymorphic resource owner required
+  # database columns for Doorkeeper Access Token and Access Grant
+  # models.
+  #
+  class EnablePolymorphicResourceOwnerGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+    source_root File.expand_path("templates", __dir__)
+    desc "Provide support for polymorphic Resource Owner."
+
+    def enable_polymorphic_resource_owner
+      migration_template(
+        "enable_polymorphic_resource_owner_migration.rb.erb",
+        "db/migrate/enable_polymorphic_resource_owner.rb",
+        migration_version: migration_version,
+      )
+      gsub_file(
+        "config/initializers/doorkeeper.rb",
+        "# use_polymorphic_resource_owner",
+        "use_polymorphic_resource_owner",
+      )
+    end
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    private
+
+    def migration_version
+      "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+    end
+  end
+end

data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 class AddOwnerToApplication < ActiveRecord::Migration<%= migration_version %>
   def change
-    add_column :oauth_applications, :owner_id, :integer, null: true
+    add_column :oauth_applications, :owner_id, :bigint, null: true
     add_column :oauth_applications, :owner_type, :string, null: true
     add_index :oauth_applications, [:owner_id, :owner_type]
   end

data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration<%= migration_version %>
   def change
     add_column(

data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class EnablePkce < ActiveRecord::Migration<%= migration_version %>
   def change
     add_column :oauth_access_grants, :code_challenge, :string, null: true

data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class EnablePolymorphicResourceOwner < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :oauth_access_tokens, :resource_owner_type, :string
+    add_column :oauth_access_grants, :resource_owner_type, :string
+    change_column_null :oauth_access_grants, :resource_owner_type, false
+
+    add_index :oauth_access_tokens,
+              [:resource_owner_id, :resource_owner_type],
+              name: 'polymorphic_owner_oauth_access_tokens'
+
+    add_index :oauth_access_grants,
+              [:resource_owner_id, :resource_owner_type],
+              name: 'polymorphic_owner_oauth_access_grants'
+  end
+end

data/lib/generators/doorkeeper/templates/initializer.rb

@@ -58,6 +58,23 @@ Doorkeeper.configure do
   #   end
   # end
 
+  # Enables polymorphic Resource Owner association for Access Tokens and Access Grants.
+  # By default this option is disabled.
+  #
+  # Make sure you properly setup you database and have all the required columns (run
+  # `bundle exec rails generate doorkeeper:enable_polymorphic_resource_owner` and execute Rails
+  # migrations).
+  #
+  # If this option enabled, Doorkeeper will store not only Resource Owner primary key
+  # value, but also it's type (class name). See "Polymorphic Associations" section of
+  # Rails guides: https://guides.rubyonrails.org/association_basics.html#polymorphic-associations
+  #
+  # [NOTE] If you apply this option on already existing project don't forget to manually
+  # update `resource_owner_type` column in the database and fix migration template as it will
+  # set NOT NULL constraint for Access Grants table.
+  #
+  # use_polymorphic_resource_owner
+
   # If you are planning to use Doorkeeper in Rails 5 API-only application, then you might
   # want to use API mode that will skip all the views management and change the way how
   # Doorkeeper responds to a requests.
@@ -86,12 +103,13 @@ Doorkeeper.configure do
   #
   # `context` has the following properties available:
   #
-  # `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
-  # `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
-  # `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
+  #   * `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
+  #   * `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
+  #   * `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
+  #   * `resource_owner` - authorized resource owner instance (if present)
   #
   # custom_access_token_expires_in do |context|
-  #   context.client.application.additional_settings.implicit_oauth_expiration
+  #   context.client.additional_settings.implicit_oauth_expiration
   # end
 
   # Use a custom class for generating the access token.
@@ -150,8 +168,7 @@ Doorkeeper.configure do
   # since plain values can no longer be retrieved.
   #
   # Note: If you are already a user of doorkeeper and have existing tokens
-  # in your installation, they will be invalid without enabling the additional
-  # setting `fallback_to_plain_secrets` below.
+  # in your installation, they will be invalid without adding 'fallback: :plain'.
   #
   # hash_token_secrets
   # By default, token secrets will be hashed using the
@@ -185,7 +202,9 @@ Doorkeeper.configure do
   # This will ensure that old access tokens and secrets
   # will remain valid even if the hashing above is enabled.
   #
-  # fallback_to_plain_secrets
+  # This can be done by adding 'fallback: plain', e.g. :
+  #
+  # hash_application_secrets using: '::Doorkeeper::SecretStoring::BCrypt', fallback: :plain
 
   # Issue access tokens with refresh token (disabled by default), you may also
   # pass a block which accepts `context` to customize when to give a refresh
@@ -360,6 +379,17 @@ Doorkeeper.configure do
   #   client.grant_flows.include?(grant_flow)
   # end
 
+  # If you need arbitrary Resource Owner-Client authorization you can enable this option
+  # and implement the check your need. Config option must respond to #call and return
+  # true in case resource owner authorized for the specific application or false in other
+  # cases.
+  #
+  # Be default all Resource Owners are authorized to any Client (application).
+  #
+  # authorize_resource_owner_for_client do |client, resource_owner|
+  #   resource_owner.admin? || client.owners_whitelist.include?(resource_owner)
+  # end
+
   # Hook into the strategies' request & response life-cycle in case your
   # application needs advanced customization or logging:
   #
@@ -372,17 +402,25 @@ Doorkeeper.configure do
   # end
 
   # Hook into Authorization flow in order to implement Single Sign Out
-  # or add any other functionality.
+  # or add any other functionality. Inside the block you have an access
+  # to `controller` (authorizations controller instance) and `context`
+  # (Doorkeeper::OAuth::Hooks::Context instance) which provides pre auth
+  # or auth objects with issued token based on hook type (before or after).
   #
-  # before_successful_authorization do |controller|
+  # before_successful_authorization do |controller, context|
   #   Rails.logger.info(controller.request.params.inspect)
+  #
+  #   Rails.logger.info(context.pre_auth.inspect)
   # end
   #
-  # after_successful_authorization do |controller|
+  # after_successful_authorization do |controller, context|
   #   controller.session[:logout_urls] <<
   #     Doorkeeper::Application
   #       .find_by(controller.request.params.slice(:redirect_uri))
   #       .logout_uri
+  #
+  #   Rails.logger.info(context.auth.inspect)
+  #   Rails.logger.info(context.issued_token)
   # end
 
   # Under some circumstances you might want to have applications auto-approved,

data/lib/generators/doorkeeper/templates/migration.rb.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
   def change
     create_table :oauth_applications do |t|
@@ -55,12 +57,19 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
       t.datetime :created_at, null: false
       t.string   :scopes
 
-      # If there is a previous_refresh_token column,
+      # The authorization server MAY issue a new refresh token, in which case
+      # *the client MUST discard the old refresh token* and replace it with the
+      # new refresh token. The authorization server MAY revoke the old
+      # refresh token after issuing a new refresh token to the client.
+      # @see https://tools.ietf.org/html/rfc6749#section-6
+      #
+      # Doorkeeper implementation: if there is a `previous_refresh_token` column,
       # refresh tokens will be revoked after a related access token is used.
-      # If there is no previous_refresh_token column,
-      # previous tokens are revoked as soon as a new access token is created.
-      # Comment out this line if you'd rather have refresh tokens
-      # instantly revoked.
+      # If there is no `previous_refresh_token` column, previous tokens are
+      # revoked as soon as a new access token is created.
+      #
+      # Comment out this line if you want refresh tokens to be instantly
+      # revoked after use.
       t.string   :previous_refresh_token, null: false, default: ""
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 5.3.3
+  version: 5.5.0.rc2
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-07 00:00:00.000000000 Z
+date: 2021-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -75,14 +75,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '8.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
@@ -103,14 +103,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: generator_spec
   requirement: !ruby/object:Gem::Requirement
@@ -174,20 +174,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- Appraisals
 - CHANGELOG.md
-- CODE_OF_CONDUCT.md
-- CONTRIBUTING.md
-- Dangerfile
-- Dockerfile
-- Gemfile
 - MIT-LICENSE
-- NEWS.md
 - README.md
-- RELEASING.md
-- Rakefile
-- SECURITY.md
-- UPGRADE.md
 - app/assets/stylesheets/doorkeeper/admin/application.css
 - app/assets/stylesheets/doorkeeper/application.css
 - app/controllers/doorkeeper/application_controller.rb
@@ -205,25 +194,25 @@ files:
 - app/views/doorkeeper/applications/new.html.erb
 - app/views/doorkeeper/applications/show.html.erb
 - app/views/doorkeeper/authorizations/error.html.erb
+- app/views/doorkeeper/authorizations/form_post.html.erb
 - app/views/doorkeeper/authorizations/new.html.erb
 - app/views/doorkeeper/authorizations/show.html.erb
 - app/views/doorkeeper/authorized_applications/_delete_form.html.erb
 - app/views/doorkeeper/authorized_applications/index.html.erb
 - app/views/layouts/doorkeeper/admin.html.erb
 - app/views/layouts/doorkeeper/application.html.erb
-- bin/console
 - config/locales/en.yml
-- doorkeeper.gemspec
-- gemfiles/rails_5_0.gemfile
-- gemfiles/rails_5_1.gemfile
-- gemfiles/rails_5_2.gemfile
-- gemfiles/rails_6_0.gemfile
-- gemfiles/rails_master.gemfile
 - lib/doorkeeper.rb
 - lib/doorkeeper/config.rb
+- lib/doorkeeper/config/abstract_builder.rb
 - lib/doorkeeper/config/option.rb
+- lib/doorkeeper/config/validations.rb
 - lib/doorkeeper/engine.rb
 - lib/doorkeeper/errors.rb
+- lib/doorkeeper/grant_flow.rb
+- lib/doorkeeper/grant_flow/fallback_flow.rb
+- lib/doorkeeper/grant_flow/flow.rb
+- lib/doorkeeper/grant_flow/registry.rb
 - lib/doorkeeper/grape/authorization_decorator.rb
 - lib/doorkeeper/grape/helpers.rb
 - lib/doorkeeper/helpers/controller.rb
@@ -234,6 +223,7 @@ files:
 - lib/doorkeeper/models/concerns/expirable.rb
 - lib/doorkeeper/models/concerns/orderable.rb
 - lib/doorkeeper/models/concerns/ownership.rb
+- lib/doorkeeper/models/concerns/resource_ownerable.rb
 - lib/doorkeeper/models/concerns/reusable.rb
 - lib/doorkeeper/models/concerns/revocable.rb
 - lib/doorkeeper/models/concerns/scopes.rb
@@ -260,6 +250,7 @@ files:
 - lib/doorkeeper/oauth/helpers/scope_checker.rb
 - lib/doorkeeper/oauth/helpers/unique_token.rb
 - lib/doorkeeper/oauth/helpers/uri_checker.rb
+- lib/doorkeeper/oauth/hooks/context.rb
 - lib/doorkeeper/oauth/invalid_request_response.rb
 - lib/doorkeeper/oauth/invalid_token_response.rb
 - lib/doorkeeper/oauth/nonstandard.rb
@@ -282,8 +273,10 @@ files:
 - lib/doorkeeper/orm/active_record/stale_records_cleaner.rb
 - lib/doorkeeper/rails/helpers.rb
 - lib/doorkeeper/rails/routes.rb
+- lib/doorkeeper/rails/routes/abstract_router.rb
 - lib/doorkeeper/rails/routes/mapper.rb
 - lib/doorkeeper/rails/routes/mapping.rb
+- lib/doorkeeper/rails/routes/registry.rb
 - lib/doorkeeper/rake.rb
 - lib/doorkeeper/rake/db.rake
 - lib/doorkeeper/rake/setup.rake
@@ -305,6 +298,7 @@ files:
 - lib/doorkeeper/version.rb
 - lib/generators/doorkeeper/application_owner_generator.rb
 - lib/generators/doorkeeper/confidential_applications_generator.rb
+- lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb
 - lib/generators/doorkeeper/install_generator.rb
 - lib/generators/doorkeeper/migration_generator.rb
 - lib/generators/doorkeeper/pkce_generator.rb
@@ -314,145 +308,10 @@ files:
 - lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb
 - lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb
 - lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb
+- lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb
 - lib/generators/doorkeeper/templates/initializer.rb
 - lib/generators/doorkeeper/templates/migration.rb.erb
 - lib/generators/doorkeeper/views_generator.rb
-- spec/controllers/application_metal_controller_spec.rb
-- spec/controllers/applications_controller_spec.rb
-- spec/controllers/authorizations_controller_spec.rb
-- spec/controllers/protected_resources_controller_spec.rb
-- spec/controllers/token_info_controller_spec.rb
-- spec/controllers/tokens_controller_spec.rb
-- spec/dummy/Rakefile
-- spec/dummy/app/assets/config/manifest.js
-- spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/controllers/custom_authorizations_controller.rb
-- spec/dummy/app/controllers/full_protected_resources_controller.rb
-- spec/dummy/app/controllers/home_controller.rb
-- spec/dummy/app/controllers/metal_controller.rb
-- spec/dummy/app/controllers/semi_protected_resources_controller.rb
-- spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/models/user.rb
-- spec/dummy/app/views/home/index.html.erb
-- spec/dummy/app/views/layouts/application.html.erb
-- spec/dummy/config.ru
-- spec/dummy/config/application.rb
-- spec/dummy/config/boot.rb
-- spec/dummy/config/database.yml
-- spec/dummy/config/environment.rb
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/production.rb
-- spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/doorkeeper.rb
-- spec/dummy/config/initializers/secret_token.rb
-- spec/dummy/config/initializers/session_store.rb
-- spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/locales/doorkeeper.en.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/db/migrate/20111122132257_create_users.rb
-- spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
-- spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
-- spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
-- spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
-- spec/dummy/db/migrate/20170822064514_enable_pkce.rb
-- spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb
-- spec/dummy/db/schema.rb
-- spec/dummy/public/404.html
-- spec/dummy/public/422.html
-- spec/dummy/public/500.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/script/rails
-- spec/factories.rb
-- spec/generators/application_owner_generator_spec.rb
-- spec/generators/confidential_applications_generator_spec.rb
-- spec/generators/install_generator_spec.rb
-- spec/generators/migration_generator_spec.rb
-- spec/generators/pkce_generator_spec.rb
-- spec/generators/previous_refresh_token_generator_spec.rb
-- spec/generators/templates/routes.rb
-- spec/generators/views_generator_spec.rb
-- spec/grape/grape_integration_spec.rb
-- spec/helpers/doorkeeper/dashboard_helper_spec.rb
-- spec/lib/config_spec.rb
-- spec/lib/doorkeeper_spec.rb
-- spec/lib/models/expirable_spec.rb
-- spec/lib/models/reusable_spec.rb
-- spec/lib/models/revocable_spec.rb
-- spec/lib/models/scopes_spec.rb
-- spec/lib/models/secret_storable_spec.rb
-- spec/lib/oauth/authorization/uri_builder_spec.rb
-- spec/lib/oauth/authorization_code_request_spec.rb
-- spec/lib/oauth/base_request_spec.rb
-- spec/lib/oauth/base_response_spec.rb
-- spec/lib/oauth/client/credentials_spec.rb
-- spec/lib/oauth/client_credentials/creator_spec.rb
-- spec/lib/oauth/client_credentials/issuer_spec.rb
-- spec/lib/oauth/client_credentials/validation_spec.rb
-- spec/lib/oauth/client_credentials_integration_spec.rb
-- spec/lib/oauth/client_credentials_request_spec.rb
-- spec/lib/oauth/client_spec.rb
-- spec/lib/oauth/code_request_spec.rb
-- spec/lib/oauth/code_response_spec.rb
-- spec/lib/oauth/error_response_spec.rb
-- spec/lib/oauth/error_spec.rb
-- spec/lib/oauth/forbidden_token_response_spec.rb
-- spec/lib/oauth/helpers/scope_checker_spec.rb
-- spec/lib/oauth/helpers/unique_token_spec.rb
-- spec/lib/oauth/helpers/uri_checker_spec.rb
-- spec/lib/oauth/invalid_request_response_spec.rb
-- spec/lib/oauth/invalid_token_response_spec.rb
-- spec/lib/oauth/password_access_token_request_spec.rb
-- spec/lib/oauth/pre_authorization_spec.rb
-- spec/lib/oauth/refresh_token_request_spec.rb
-- spec/lib/oauth/scopes_spec.rb
-- spec/lib/oauth/token_request_spec.rb
-- spec/lib/oauth/token_response_spec.rb
-- spec/lib/oauth/token_spec.rb
-- spec/lib/request/strategy_spec.rb
-- spec/lib/secret_storing/base_spec.rb
-- spec/lib/secret_storing/bcrypt_spec.rb
-- spec/lib/secret_storing/plain_spec.rb
-- spec/lib/secret_storing/sha256_hash_spec.rb
-- spec/lib/server_spec.rb
-- spec/lib/stale_records_cleaner_spec.rb
-- spec/models/doorkeeper/access_grant_spec.rb
-- spec/models/doorkeeper/access_token_spec.rb
-- spec/models/doorkeeper/application_spec.rb
-- spec/requests/applications/applications_request_spec.rb
-- spec/requests/applications/authorized_applications_spec.rb
-- spec/requests/endpoints/authorization_spec.rb
-- spec/requests/endpoints/token_spec.rb
-- spec/requests/flows/authorization_code_errors_spec.rb
-- spec/requests/flows/authorization_code_spec.rb
-- spec/requests/flows/client_credentials_spec.rb
-- spec/requests/flows/implicit_grant_errors_spec.rb
-- spec/requests/flows/implicit_grant_spec.rb
-- spec/requests/flows/password_spec.rb
-- spec/requests/flows/refresh_token_spec.rb
-- spec/requests/flows/revoke_token_spec.rb
-- spec/requests/flows/skip_authorization_spec.rb
-- spec/requests/protected_resources/metal_spec.rb
-- spec/requests/protected_resources/private_api_spec.rb
-- spec/routing/custom_controller_routes_spec.rb
-- spec/routing/default_routes_spec.rb
-- spec/routing/scoped_routes_spec.rb
-- spec/spec_helper.rb
-- spec/spec_helper_integration.rb
-- spec/support/dependencies/factory_bot.rb
-- spec/support/doorkeeper_rspec.rb
-- spec/support/helpers/access_token_request_helper.rb
-- spec/support/helpers/authorization_request_helper.rb
-- spec/support/helpers/config_helper.rb
-- spec/support/helpers/model_helper.rb
-- spec/support/helpers/request_spec_helper.rb
-- spec/support/helpers/url_helper.rb
-- spec/support/orm/active_record.rb
-- spec/support/shared/controllers_shared_context.rb
-- spec/support/shared/hashing_shared_context.rb
-- spec/support/shared/models_shared_examples.rb
-- spec/validators/redirect_uri_validator_spec.rb
-- spec/version/version_spec.rb
 - vendor/assets/stylesheets/doorkeeper/bootstrap.min.css
 homepage: https://github.com/doorkeeper-gem/doorkeeper
 licenses:
@@ -463,7 +322,14 @@ metadata:
   source_code_uri: https://github.com/doorkeeper-gem/doorkeeper
   bug_tracker_uri: https://github.com/doorkeeper-gem/doorkeeper/issues
   documentation_uri: https://doorkeeper.gitbook.io/guides/
-post_install_message: 
+post_install_message: "Starting from 5.5.0.rc1 Doorkeeper requires client authentication
+  for Resource Owner Password Grant\nas stated in the OAuth RFC. You have to create
+  a new OAuth client (Doorkeeper::Application) if you didn't\nhave it before and use
+  client credentials in HTTP Basic auth if you previously used this grant flow without\nclient
+  authentication. \n\nTo opt out of this you could set the \"skip_client_authentication_for_password_grant\"
+  configuration option\nto \"true\", but note that this is in violation of the OAuth
+  spec and represents a security risk.\n\nRead https://github.com/doorkeeper-gem/doorkeeper/issues/561#issuecomment-612857163
+  for more details."
 rdoc_options: []
 require_paths:
 - lib
@@ -474,148 +340,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: OAuth 2 provider for Rails and Grape
-test_files:
-- spec/controllers/application_metal_controller_spec.rb
-- spec/controllers/applications_controller_spec.rb
-- spec/controllers/authorizations_controller_spec.rb
-- spec/controllers/protected_resources_controller_spec.rb
-- spec/controllers/token_info_controller_spec.rb
-- spec/controllers/tokens_controller_spec.rb
-- spec/dummy/Rakefile
-- spec/dummy/app/assets/config/manifest.js
-- spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/controllers/custom_authorizations_controller.rb
-- spec/dummy/app/controllers/full_protected_resources_controller.rb
-- spec/dummy/app/controllers/home_controller.rb
-- spec/dummy/app/controllers/metal_controller.rb
-- spec/dummy/app/controllers/semi_protected_resources_controller.rb
-- spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/models/user.rb
-- spec/dummy/app/views/home/index.html.erb
-- spec/dummy/app/views/layouts/application.html.erb
-- spec/dummy/config.ru
-- spec/dummy/config/application.rb
-- spec/dummy/config/boot.rb
-- spec/dummy/config/database.yml
-- spec/dummy/config/environment.rb
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/production.rb
-- spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/doorkeeper.rb
-- spec/dummy/config/initializers/secret_token.rb
-- spec/dummy/config/initializers/session_store.rb
-- spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/locales/doorkeeper.en.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/db/migrate/20111122132257_create_users.rb
-- spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
-- spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
-- spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
-- spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
-- spec/dummy/db/migrate/20170822064514_enable_pkce.rb
-- spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb
-- spec/dummy/db/schema.rb
-- spec/dummy/public/404.html
-- spec/dummy/public/422.html
-- spec/dummy/public/500.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/script/rails
-- spec/factories.rb
-- spec/generators/application_owner_generator_spec.rb
-- spec/generators/confidential_applications_generator_spec.rb
-- spec/generators/install_generator_spec.rb
-- spec/generators/migration_generator_spec.rb
-- spec/generators/pkce_generator_spec.rb
-- spec/generators/previous_refresh_token_generator_spec.rb
-- spec/generators/templates/routes.rb
-- spec/generators/views_generator_spec.rb
-- spec/grape/grape_integration_spec.rb
-- spec/helpers/doorkeeper/dashboard_helper_spec.rb
-- spec/lib/config_spec.rb
-- spec/lib/doorkeeper_spec.rb
-- spec/lib/models/expirable_spec.rb
-- spec/lib/models/reusable_spec.rb
-- spec/lib/models/revocable_spec.rb
-- spec/lib/models/scopes_spec.rb
-- spec/lib/models/secret_storable_spec.rb
-- spec/lib/oauth/authorization/uri_builder_spec.rb
-- spec/lib/oauth/authorization_code_request_spec.rb
-- spec/lib/oauth/base_request_spec.rb
-- spec/lib/oauth/base_response_spec.rb
-- spec/lib/oauth/client/credentials_spec.rb
-- spec/lib/oauth/client_credentials/creator_spec.rb
-- spec/lib/oauth/client_credentials/issuer_spec.rb
-- spec/lib/oauth/client_credentials/validation_spec.rb
-- spec/lib/oauth/client_credentials_integration_spec.rb
-- spec/lib/oauth/client_credentials_request_spec.rb
-- spec/lib/oauth/client_spec.rb
-- spec/lib/oauth/code_request_spec.rb
-- spec/lib/oauth/code_response_spec.rb
-- spec/lib/oauth/error_response_spec.rb
-- spec/lib/oauth/error_spec.rb
-- spec/lib/oauth/forbidden_token_response_spec.rb
-- spec/lib/oauth/helpers/scope_checker_spec.rb
-- spec/lib/oauth/helpers/unique_token_spec.rb
-- spec/lib/oauth/helpers/uri_checker_spec.rb
-- spec/lib/oauth/invalid_request_response_spec.rb
-- spec/lib/oauth/invalid_token_response_spec.rb
-- spec/lib/oauth/password_access_token_request_spec.rb
-- spec/lib/oauth/pre_authorization_spec.rb
-- spec/lib/oauth/refresh_token_request_spec.rb
-- spec/lib/oauth/scopes_spec.rb
-- spec/lib/oauth/token_request_spec.rb
-- spec/lib/oauth/token_response_spec.rb
-- spec/lib/oauth/token_spec.rb
-- spec/lib/request/strategy_spec.rb
-- spec/lib/secret_storing/base_spec.rb
-- spec/lib/secret_storing/bcrypt_spec.rb
-- spec/lib/secret_storing/plain_spec.rb
-- spec/lib/secret_storing/sha256_hash_spec.rb
-- spec/lib/server_spec.rb
-- spec/lib/stale_records_cleaner_spec.rb
-- spec/models/doorkeeper/access_grant_spec.rb
-- spec/models/doorkeeper/access_token_spec.rb
-- spec/models/doorkeeper/application_spec.rb
-- spec/requests/applications/applications_request_spec.rb
-- spec/requests/applications/authorized_applications_spec.rb
-- spec/requests/endpoints/authorization_spec.rb
-- spec/requests/endpoints/token_spec.rb
-- spec/requests/flows/authorization_code_errors_spec.rb
-- spec/requests/flows/authorization_code_spec.rb
-- spec/requests/flows/client_credentials_spec.rb
-- spec/requests/flows/implicit_grant_errors_spec.rb
-- spec/requests/flows/implicit_grant_spec.rb
-- spec/requests/flows/password_spec.rb
-- spec/requests/flows/refresh_token_spec.rb
-- spec/requests/flows/revoke_token_spec.rb
-- spec/requests/flows/skip_authorization_spec.rb
-- spec/requests/protected_resources/metal_spec.rb
-- spec/requests/protected_resources/private_api_spec.rb
-- spec/routing/custom_controller_routes_spec.rb
-- spec/routing/default_routes_spec.rb
-- spec/routing/scoped_routes_spec.rb
-- spec/spec_helper.rb
-- spec/spec_helper_integration.rb
-- spec/support/dependencies/factory_bot.rb
-- spec/support/doorkeeper_rspec.rb
-- spec/support/helpers/access_token_request_helper.rb
-- spec/support/helpers/authorization_request_helper.rb
-- spec/support/helpers/config_helper.rb
-- spec/support/helpers/model_helper.rb
-- spec/support/helpers/request_spec_helper.rb
-- spec/support/helpers/url_helper.rb
-- spec/support/orm/active_record.rb
-- spec/support/shared/controllers_shared_context.rb
-- spec/support/shared/hashing_shared_context.rb
-- spec/support/shared/models_shared_examples.rb
-- spec/validators/redirect_uri_validator_spec.rb
-- spec/version/version_spec.rb
+test_files: []