doorkeeper 5.4.0.rc1 → 5.4.0.rc2

data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb

@@ -9,7 +9,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
 
       include ::Doorkeeper::AccessGrantMixin
 
-      belongs_to :application, class_name: Doorkeeper.config.application_class,
+      belongs_to :application, class_name: Doorkeeper.config.application_class.to_s,
                                optional: true,
                                inverse_of: :access_grants
 

data/lib/doorkeeper/orm/active_record/mixins/access_token.rb

@@ -9,7 +9,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
 
       include ::Doorkeeper::AccessTokenMixin
 
-      belongs_to :application, class_name: Doorkeeper.config.application_class,
+      belongs_to :application, class_name: Doorkeeper.config.application_class.to_s,
                                inverse_of: :access_tokens,
                                optional: true
 

data/lib/doorkeeper/orm/active_record/mixins/application.rb

@@ -12,12 +12,12 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       has_many :access_grants,
                foreign_key: :application_id,
                dependent: :delete_all,
-               class_name: Doorkeeper.config.access_grant_class
+               class_name: Doorkeeper.config.access_grant_class.to_s
 
       has_many :access_tokens,
                foreign_key: :application_id,
                dependent: :delete_all,
-               class_name: Doorkeeper.config.access_token_class
+               class_name: Doorkeeper.config.access_token_class.to_s
 
       validates :name, :secret, :uid, presence: true
       validates :uid, uniqueness: { case_sensitive: true }
@@ -31,7 +31,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       has_many :authorized_tokens,
                -> { where(revoked_at: nil) },
                foreign_key: :application_id,
-               class_name: Doorkeeper.config.access_token_class
+               class_name: Doorkeeper.config.access_token_class.to_s
 
       has_many :authorized_applications,
                through: :authorized_tokens,
@@ -61,15 +61,27 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
         end
       end
 
-      # This is the right way how we want to override ActiveRecord #to_json
+      # Represents client as set of it's attributes in JSON format.
+      # This is the right way how we want to override ActiveRecord #to_json.
       #
-      # @return [String] entity attributes as JSON
+      # Respects privacy settings and serializes minimum set of attributes
+      # for public/private clients and full set for authorized owners.
+      #
+      # @return [Hash] entity attributes for JSON
       #
       def as_json(options = {})
-        hash = super
-
-        hash["secret"] = plaintext_secret if hash.key?("secret")
-        hash
+        # if application belongs to some owner we need to check if it's the same as
+        # the one passed in the options or check if we render the client as an owner
+        if (respond_to?(:owner) && owner && owner == options[:current_resource_owner]) ||
+           options[:as_owner]
+          # Owners can see all the client attributes, fallback to ActiveModel serialization
+          super
+        else
+          # if application has no owner or it's owner doesn't match one from the options
+          # we render only minimum set of attributes that could be exposed to a public
+          only = extract_serializable_attributes(options)
+          super(options.merge(only: only))
+        end
       end
 
       def authorized_for_resource_owner?(resource_owner)
@@ -100,6 +112,49 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
       def enforce_scopes?
         Doorkeeper.config.enforce_configured_scopes?
       end
+
+      # Helper method to extract collection of serializable attribute names
+      # considering serialization options (like `only`, `except` and so on).
+      #
+      # @param options [Hash] serialization options
+      #
+      # @return [Array<String>]
+      #   collection of attributes to be serialized using #as_json
+      #
+      def extract_serializable_attributes(options = {})
+        opts = options.try(:dup) || {}
+        only = Array.wrap(opts[:only]).map(&:to_s)
+
+        only = if only.blank?
+                 serializable_attributes
+               else
+                 only & serializable_attributes
+               end
+
+        only -= Array.wrap(opts[:except]).map(&:to_s) if opts.key?(:except)
+        only.uniq
+      end
+
+      # We need to hook into this method to allow serializing plan-text secrets
+      # when secrets hashing enabled.
+      #
+      # @param key [String] attribute name
+      #
+      def read_attribute_for_serialization(key)
+        return super unless key.to_s == "secret"
+
+        plaintext_secret || secret
+      end
+
+      # Collection of attributes that could be serialized for public.
+      # Override this method if you need additional attributes to be serialized.
+      #
+      # @return [Array<String>] collection of serializable attributes
+      def serializable_attributes
+        attributes = %w[id name created_at]
+        attributes << "uid" unless confidential?
+        attributes
+      end
     end
 
     module ClassMethods

data/lib/doorkeeper/request/refresh_token.rb

@@ -12,7 +12,8 @@ module Doorkeeper
       def request
         @request ||= OAuth::RefreshTokenRequest.new(
           Doorkeeper.config,
-          refresh_token, credentials,
+          refresh_token,
+          credentials,
           parameters,
         )
       end

data/lib/doorkeeper/version.rb

@@ -10,7 +10,7 @@ module Doorkeeper
     MAJOR = 5
     MINOR = 4
     TINY = 0
-    PRE = "rc1"
+    PRE = "rc2"
 
     # Full version number
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/generators/doorkeeper/templates/migration.rb.erb

@@ -57,12 +57,19 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
       t.datetime :created_at, null: false
       t.string   :scopes
 
-      # If there is a previous_refresh_token column,
+      # The authorization server MAY issue a new refresh token, in which case
+      # *the client MUST discard the old refresh token* and replace it with the
+      # new refresh token. The authorization server MAY revoke the old
+      # refresh token after issuing a new refresh token to the client.
+      # @see https://tools.ietf.org/html/rfc6749#section-6
+      #
+      # Doorkeeper implementation: if there is a `previous_refresh_token` column,
       # refresh tokens will be revoked after a related access token is used.
-      # If there is no previous_refresh_token column,
-      # previous tokens are revoked as soon as a new access token is created.
-      # Comment out this line if you'd rather have refresh tokens
-      # instantly revoked.
+      # If there is no `previous_refresh_token` column, previous tokens are
+      # revoked as soon as a new access token is created.
+      #
+      # Comment out this line if you want refresh tokens to be instantly
+      # revoked after use.
       t.string   :previous_refresh_token, null: false, default: ""
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 5.4.0.rc1
+  version: 5.4.0.rc2
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-08 00:00:00.000000000 Z
+date: 2020-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -75,14 +75,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
@@ -174,20 +174,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- Appraisals
 - CHANGELOG.md
-- CODE_OF_CONDUCT.md
-- CONTRIBUTING.md
-- Dangerfile
-- Dockerfile
-- Gemfile
 - MIT-LICENSE
-- NEWS.md
 - README.md
-- RELEASING.md
-- Rakefile
-- SECURITY.md
-- UPGRADE.md
 - app/assets/stylesheets/doorkeeper/admin/application.css
 - app/assets/stylesheets/doorkeeper/application.css
 - app/controllers/doorkeeper/application_controller.rb
@@ -211,14 +200,7 @@ files:
 - app/views/doorkeeper/authorized_applications/index.html.erb
 - app/views/layouts/doorkeeper/admin.html.erb
 - app/views/layouts/doorkeeper/application.html.erb
-- bin/console
 - config/locales/en.yml
-- doorkeeper.gemspec
-- gemfiles/rails_5_0.gemfile
-- gemfiles/rails_5_1.gemfile
-- gemfiles/rails_5_2.gemfile
-- gemfiles/rails_6_0.gemfile
-- gemfiles/rails_master.gemfile
 - lib/doorkeeper.rb
 - lib/doorkeeper/config.rb
 - lib/doorkeeper/config/abstract_builder.rb
@@ -324,144 +306,6 @@ files:
 - lib/generators/doorkeeper/templates/initializer.rb
 - lib/generators/doorkeeper/templates/migration.rb.erb
 - lib/generators/doorkeeper/views_generator.rb
-- spec/controllers/application_metal_controller_spec.rb
-- spec/controllers/applications_controller_spec.rb
-- spec/controllers/authorizations_controller_spec.rb
-- spec/controllers/protected_resources_controller_spec.rb
-- spec/controllers/token_info_controller_spec.rb
-- spec/controllers/tokens_controller_spec.rb
-- spec/dummy/Rakefile
-- spec/dummy/app/assets/config/manifest.js
-- spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/controllers/custom_authorizations_controller.rb
-- spec/dummy/app/controllers/full_protected_resources_controller.rb
-- spec/dummy/app/controllers/home_controller.rb
-- spec/dummy/app/controllers/metal_controller.rb
-- spec/dummy/app/controllers/semi_protected_resources_controller.rb
-- spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/models/user.rb
-- spec/dummy/app/views/home/index.html.erb
-- spec/dummy/app/views/layouts/application.html.erb
-- spec/dummy/config.ru
-- spec/dummy/config/application.rb
-- spec/dummy/config/boot.rb
-- spec/dummy/config/database.yml
-- spec/dummy/config/environment.rb
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/production.rb
-- spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/doorkeeper.rb
-- spec/dummy/config/initializers/secret_token.rb
-- spec/dummy/config/initializers/session_store.rb
-- spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/locales/doorkeeper.en.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/db/migrate/20111122132257_create_users.rb
-- spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
-- spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
-- spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
-- spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
-- spec/dummy/db/migrate/20170822064514_enable_pkce.rb
-- spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb
-- spec/dummy/db/schema.rb
-- spec/dummy/public/404.html
-- spec/dummy/public/422.html
-- spec/dummy/public/500.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/script/rails
-- spec/factories.rb
-- spec/generators/application_owner_generator_spec.rb
-- spec/generators/confidential_applications_generator_spec.rb
-- spec/generators/enable_polymorphic_resource_owner_generator_spec.rb
-- spec/generators/install_generator_spec.rb
-- spec/generators/migration_generator_spec.rb
-- spec/generators/pkce_generator_spec.rb
-- spec/generators/previous_refresh_token_generator_spec.rb
-- spec/generators/templates/routes.rb
-- spec/generators/views_generator_spec.rb
-- spec/grape/grape_integration_spec.rb
-- spec/helpers/doorkeeper/dashboard_helper_spec.rb
-- spec/lib/config_spec.rb
-- spec/lib/doorkeeper_spec.rb
-- spec/lib/models/expirable_spec.rb
-- spec/lib/models/reusable_spec.rb
-- spec/lib/models/revocable_spec.rb
-- spec/lib/models/scopes_spec.rb
-- spec/lib/models/secret_storable_spec.rb
-- spec/lib/oauth/authorization/uri_builder_spec.rb
-- spec/lib/oauth/authorization_code_request_spec.rb
-- spec/lib/oauth/base_request_spec.rb
-- spec/lib/oauth/base_response_spec.rb
-- spec/lib/oauth/client/credentials_spec.rb
-- spec/lib/oauth/client_credentials/creator_spec.rb
-- spec/lib/oauth/client_credentials/issuer_spec.rb
-- spec/lib/oauth/client_credentials/validation_spec.rb
-- spec/lib/oauth/client_credentials_integration_spec.rb
-- spec/lib/oauth/client_credentials_request_spec.rb
-- spec/lib/oauth/client_spec.rb
-- spec/lib/oauth/code_request_spec.rb
-- spec/lib/oauth/code_response_spec.rb
-- spec/lib/oauth/error_response_spec.rb
-- spec/lib/oauth/error_spec.rb
-- spec/lib/oauth/forbidden_token_response_spec.rb
-- spec/lib/oauth/helpers/scope_checker_spec.rb
-- spec/lib/oauth/helpers/unique_token_spec.rb
-- spec/lib/oauth/helpers/uri_checker_spec.rb
-- spec/lib/oauth/invalid_request_response_spec.rb
-- spec/lib/oauth/invalid_token_response_spec.rb
-- spec/lib/oauth/password_access_token_request_spec.rb
-- spec/lib/oauth/pre_authorization_spec.rb
-- spec/lib/oauth/refresh_token_request_spec.rb
-- spec/lib/oauth/scopes_spec.rb
-- spec/lib/oauth/token_request_spec.rb
-- spec/lib/oauth/token_response_spec.rb
-- spec/lib/oauth/token_spec.rb
-- spec/lib/option_spec.rb
-- spec/lib/request/strategy_spec.rb
-- spec/lib/secret_storing/base_spec.rb
-- spec/lib/secret_storing/bcrypt_spec.rb
-- spec/lib/secret_storing/plain_spec.rb
-- spec/lib/secret_storing/sha256_hash_spec.rb
-- spec/lib/server_spec.rb
-- spec/lib/stale_records_cleaner_spec.rb
-- spec/models/doorkeeper/access_grant_spec.rb
-- spec/models/doorkeeper/access_token_spec.rb
-- spec/models/doorkeeper/application_spec.rb
-- spec/requests/applications/applications_request_spec.rb
-- spec/requests/applications/authorized_applications_spec.rb
-- spec/requests/endpoints/authorization_spec.rb
-- spec/requests/endpoints/token_spec.rb
-- spec/requests/flows/authorization_code_errors_spec.rb
-- spec/requests/flows/authorization_code_spec.rb
-- spec/requests/flows/client_credentials_spec.rb
-- spec/requests/flows/implicit_grant_errors_spec.rb
-- spec/requests/flows/implicit_grant_spec.rb
-- spec/requests/flows/password_spec.rb
-- spec/requests/flows/refresh_token_spec.rb
-- spec/requests/flows/revoke_token_spec.rb
-- spec/requests/flows/skip_authorization_spec.rb
-- spec/requests/protected_resources/metal_spec.rb
-- spec/requests/protected_resources/private_api_spec.rb
-- spec/routing/custom_controller_routes_spec.rb
-- spec/routing/default_routes_spec.rb
-- spec/routing/scoped_routes_spec.rb
-- spec/spec_helper.rb
-- spec/spec_helper_integration.rb
-- spec/support/dependencies/factory_bot.rb
-- spec/support/doorkeeper_rspec.rb
-- spec/support/helpers/access_token_request_helper.rb
-- spec/support/helpers/authorization_request_helper.rb
-- spec/support/helpers/config_helper.rb
-- spec/support/helpers/model_helper.rb
-- spec/support/helpers/request_spec_helper.rb
-- spec/support/helpers/url_helper.rb
-- spec/support/orm/active_record.rb
-- spec/support/shared/controllers_shared_context.rb
-- spec/support/shared/hashing_shared_context.rb
-- spec/support/shared/models_shared_examples.rb
-- spec/validators/redirect_uri_validator_spec.rb
-- spec/version/version_spec.rb
 - vendor/assets/stylesheets/doorkeeper/bootstrap.min.css
 homepage: https://github.com/doorkeeper-gem/doorkeeper
 licenses:
@@ -491,142 +335,4 @@ rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: OAuth 2 provider for Rails and Grape
-test_files:
-- spec/controllers/application_metal_controller_spec.rb
-- spec/controllers/applications_controller_spec.rb
-- spec/controllers/authorizations_controller_spec.rb
-- spec/controllers/protected_resources_controller_spec.rb
-- spec/controllers/token_info_controller_spec.rb
-- spec/controllers/tokens_controller_spec.rb
-- spec/dummy/Rakefile
-- spec/dummy/app/assets/config/manifest.js
-- spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/controllers/custom_authorizations_controller.rb
-- spec/dummy/app/controllers/full_protected_resources_controller.rb
-- spec/dummy/app/controllers/home_controller.rb
-- spec/dummy/app/controllers/metal_controller.rb
-- spec/dummy/app/controllers/semi_protected_resources_controller.rb
-- spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/models/user.rb
-- spec/dummy/app/views/home/index.html.erb
-- spec/dummy/app/views/layouts/application.html.erb
-- spec/dummy/config.ru
-- spec/dummy/config/application.rb
-- spec/dummy/config/boot.rb
-- spec/dummy/config/database.yml
-- spec/dummy/config/environment.rb
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/production.rb
-- spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/doorkeeper.rb
-- spec/dummy/config/initializers/secret_token.rb
-- spec/dummy/config/initializers/session_store.rb
-- spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/locales/doorkeeper.en.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/db/migrate/20111122132257_create_users.rb
-- spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
-- spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
-- spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
-- spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
-- spec/dummy/db/migrate/20170822064514_enable_pkce.rb
-- spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb
-- spec/dummy/db/schema.rb
-- spec/dummy/public/404.html
-- spec/dummy/public/422.html
-- spec/dummy/public/500.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/script/rails
-- spec/factories.rb
-- spec/generators/application_owner_generator_spec.rb
-- spec/generators/confidential_applications_generator_spec.rb
-- spec/generators/enable_polymorphic_resource_owner_generator_spec.rb
-- spec/generators/install_generator_spec.rb
-- spec/generators/migration_generator_spec.rb
-- spec/generators/pkce_generator_spec.rb
-- spec/generators/previous_refresh_token_generator_spec.rb
-- spec/generators/templates/routes.rb
-- spec/generators/views_generator_spec.rb
-- spec/grape/grape_integration_spec.rb
-- spec/helpers/doorkeeper/dashboard_helper_spec.rb
-- spec/lib/config_spec.rb
-- spec/lib/doorkeeper_spec.rb
-- spec/lib/models/expirable_spec.rb
-- spec/lib/models/reusable_spec.rb
-- spec/lib/models/revocable_spec.rb
-- spec/lib/models/scopes_spec.rb
-- spec/lib/models/secret_storable_spec.rb
-- spec/lib/oauth/authorization/uri_builder_spec.rb
-- spec/lib/oauth/authorization_code_request_spec.rb
-- spec/lib/oauth/base_request_spec.rb
-- spec/lib/oauth/base_response_spec.rb
-- spec/lib/oauth/client/credentials_spec.rb
-- spec/lib/oauth/client_credentials/creator_spec.rb
-- spec/lib/oauth/client_credentials/issuer_spec.rb
-- spec/lib/oauth/client_credentials/validation_spec.rb
-- spec/lib/oauth/client_credentials_integration_spec.rb
-- spec/lib/oauth/client_credentials_request_spec.rb
-- spec/lib/oauth/client_spec.rb
-- spec/lib/oauth/code_request_spec.rb
-- spec/lib/oauth/code_response_spec.rb
-- spec/lib/oauth/error_response_spec.rb
-- spec/lib/oauth/error_spec.rb
-- spec/lib/oauth/forbidden_token_response_spec.rb
-- spec/lib/oauth/helpers/scope_checker_spec.rb
-- spec/lib/oauth/helpers/unique_token_spec.rb
-- spec/lib/oauth/helpers/uri_checker_spec.rb
-- spec/lib/oauth/invalid_request_response_spec.rb
-- spec/lib/oauth/invalid_token_response_spec.rb
-- spec/lib/oauth/password_access_token_request_spec.rb
-- spec/lib/oauth/pre_authorization_spec.rb
-- spec/lib/oauth/refresh_token_request_spec.rb
-- spec/lib/oauth/scopes_spec.rb
-- spec/lib/oauth/token_request_spec.rb
-- spec/lib/oauth/token_response_spec.rb
-- spec/lib/oauth/token_spec.rb
-- spec/lib/option_spec.rb
-- spec/lib/request/strategy_spec.rb
-- spec/lib/secret_storing/base_spec.rb
-- spec/lib/secret_storing/bcrypt_spec.rb
-- spec/lib/secret_storing/plain_spec.rb
-- spec/lib/secret_storing/sha256_hash_spec.rb
-- spec/lib/server_spec.rb
-- spec/lib/stale_records_cleaner_spec.rb
-- spec/models/doorkeeper/access_grant_spec.rb
-- spec/models/doorkeeper/access_token_spec.rb
-- spec/models/doorkeeper/application_spec.rb
-- spec/requests/applications/applications_request_spec.rb
-- spec/requests/applications/authorized_applications_spec.rb
-- spec/requests/endpoints/authorization_spec.rb
-- spec/requests/endpoints/token_spec.rb
-- spec/requests/flows/authorization_code_errors_spec.rb
-- spec/requests/flows/authorization_code_spec.rb
-- spec/requests/flows/client_credentials_spec.rb
-- spec/requests/flows/implicit_grant_errors_spec.rb
-- spec/requests/flows/implicit_grant_spec.rb
-- spec/requests/flows/password_spec.rb
-- spec/requests/flows/refresh_token_spec.rb
-- spec/requests/flows/revoke_token_spec.rb
-- spec/requests/flows/skip_authorization_spec.rb
-- spec/requests/protected_resources/metal_spec.rb
-- spec/requests/protected_resources/private_api_spec.rb
-- spec/routing/custom_controller_routes_spec.rb
-- spec/routing/default_routes_spec.rb
-- spec/routing/scoped_routes_spec.rb
-- spec/spec_helper.rb
-- spec/spec_helper_integration.rb
-- spec/support/dependencies/factory_bot.rb
-- spec/support/doorkeeper_rspec.rb
-- spec/support/helpers/access_token_request_helper.rb
-- spec/support/helpers/authorization_request_helper.rb
-- spec/support/helpers/config_helper.rb
-- spec/support/helpers/model_helper.rb
-- spec/support/helpers/request_spec_helper.rb
-- spec/support/helpers/url_helper.rb
-- spec/support/orm/active_record.rb
-- spec/support/shared/controllers_shared_context.rb
-- spec/support/shared/hashing_shared_context.rb
-- spec/support/shared/models_shared_examples.rb
-- spec/validators/redirect_uri_validator_spec.rb
-- spec/version/version_spec.rb
+test_files: []