RubyGems - doorkeeper - Versions diffs - 5.4.0.rc1 → 5.5.0 - Mend

doorkeeper 5.4.0.rc1 → 5.5.0

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (219) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +108 -9
data/README.md +4 -4
data/app/controllers/doorkeeper/applications_controller.rb +3 -3
data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
data/app/views/doorkeeper/applications/_form.html.erb +1 -1
data/app/views/doorkeeper/applications/show.html.erb +16 -12
data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
data/config/locales/en.yml +3 -1
data/lib/doorkeeper.rb +6 -1
data/lib/doorkeeper/config.rb +109 -78
data/lib/doorkeeper/config/abstract_builder.rb +1 -1
data/lib/doorkeeper/config/option.rb +1 -3
data/lib/doorkeeper/config/validations.rb +53 -0
data/lib/doorkeeper/engine.rb +1 -1
data/lib/doorkeeper/grant_flow.rb +45 -0
data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
data/lib/doorkeeper/grant_flow/flow.rb +44 -0
data/lib/doorkeeper/grant_flow/registry.rb +50 -0
data/lib/doorkeeper/helpers/controller.rb +8 -4
data/lib/doorkeeper/models/access_grant_mixin.rb +12 -7
data/lib/doorkeeper/models/access_token_mixin.rb +12 -8
data/lib/doorkeeper/models/application_mixin.rb +5 -4
data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
data/lib/doorkeeper/oauth/base_request.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/creator.rb +3 -2
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
data/lib/doorkeeper/oauth/code_request.rb +2 -2
data/lib/doorkeeper/oauth/code_response.rb +17 -11
data/lib/doorkeeper/oauth/error_response.rb +4 -3
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
data/lib/doorkeeper/oauth/password_access_token_request.rb +21 -2
data/lib/doorkeeper/oauth/pre_authorization.rb +37 -11
data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
data/lib/doorkeeper/oauth/token.rb +4 -5
data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
data/lib/doorkeeper/oauth/token_request.rb +1 -1
data/lib/doorkeeper/orm/active_record.rb +5 -6
data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +12 -2
data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +10 -2
data/lib/doorkeeper/orm/active_record/mixins/application.rb +76 -10
data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
data/lib/doorkeeper/rails/routes.rb +1 -3
data/lib/doorkeeper/rake/db.rake +3 -3
data/lib/doorkeeper/rake/setup.rake +5 -0
data/lib/doorkeeper/request.rb +49 -12
data/lib/doorkeeper/request/refresh_token.rb +2 -1
data/lib/doorkeeper/server.rb +1 -1
data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
data/lib/doorkeeper/version.rb +2 -6
data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
metadata +25 -306
data/Appraisals +0 -26
data/CODE_OF_CONDUCT.md +0 -46
data/CONTRIBUTING.md +0 -49
data/Dangerfile +0 -67
data/Dockerfile +0 -29
data/Gemfile +0 -25
data/NEWS.md +0 -1
data/RELEASING.md +0 -11
data/Rakefile +0 -28
data/SECURITY.md +0 -15
data/UPGRADE.md +0 -2
data/bin/console +0 -30
data/doorkeeper.gemspec +0 -42
data/gemfiles/rails_5_0.gemfile +0 -19
data/gemfiles/rails_5_1.gemfile +0 -19
data/gemfiles/rails_5_2.gemfile +0 -19
data/gemfiles/rails_6_0.gemfile +0 -19
data/gemfiles/rails_master.gemfile +0 -19
data/spec/controllers/application_metal_controller_spec.rb +0 -64
data/spec/controllers/applications_controller_spec.rb +0 -274
data/spec/controllers/authorizations_controller_spec.rb +0 -743
data/spec/controllers/protected_resources_controller_spec.rb +0 -361
data/spec/controllers/token_info_controller_spec.rb +0 -50
data/spec/controllers/tokens_controller_spec.rb +0 -499
data/spec/dummy/Rakefile +0 -9
data/spec/dummy/app/assets/config/manifest.js +0 -2
data/spec/dummy/app/controllers/application_controller.rb +0 -5
data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
data/spec/dummy/app/controllers/home_controller.rb +0 -18
data/spec/dummy/app/controllers/metal_controller.rb +0 -13
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
data/spec/dummy/app/helpers/application_helper.rb +0 -7
data/spec/dummy/app/models/user.rb +0 -11
data/spec/dummy/app/views/home/index.html.erb +0 -0
data/spec/dummy/app/views/layouts/application.html.erb +0 -14
data/spec/dummy/config.ru +0 -6
data/spec/dummy/config/application.rb +0 -51
data/spec/dummy/config/boot.rb +0 -7
data/spec/dummy/config/database.yml +0 -15
data/spec/dummy/config/environment.rb +0 -5
data/spec/dummy/config/environments/development.rb +0 -31
data/spec/dummy/config/environments/production.rb +0 -64
data/spec/dummy/config/environments/test.rb +0 -45
data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
data/spec/dummy/config/initializers/secret_token.rb +0 -10
data/spec/dummy/config/initializers/session_store.rb +0 -10
data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
data/spec/dummy/config/routes.rb +0 -13
data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
data/spec/dummy/db/schema.rb +0 -70
data/spec/dummy/public/404.html +0 -26
data/spec/dummy/public/422.html +0 -26
data/spec/dummy/public/500.html +0 -26
data/spec/dummy/public/favicon.ico +0 -0
data/spec/dummy/script/rails +0 -9
data/spec/factories.rb +0 -30
data/spec/generators/application_owner_generator_spec.rb +0 -28
data/spec/generators/confidential_applications_generator_spec.rb +0 -29
data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
data/spec/generators/install_generator_spec.rb +0 -36
data/spec/generators/migration_generator_spec.rb +0 -28
data/spec/generators/pkce_generator_spec.rb +0 -28
data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
data/spec/generators/templates/routes.rb +0 -4
data/spec/generators/views_generator_spec.rb +0 -29
data/spec/grape/grape_integration_spec.rb +0 -137
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
data/spec/lib/config_spec.rb +0 -813
data/spec/lib/doorkeeper_spec.rb +0 -27
data/spec/lib/models/expirable_spec.rb +0 -61
data/spec/lib/models/reusable_spec.rb +0 -40
data/spec/lib/models/revocable_spec.rb +0 -58
data/spec/lib/models/scopes_spec.rb +0 -61
data/spec/lib/models/secret_storable_spec.rb +0 -135
data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
data/spec/lib/oauth/base_request_spec.rb +0 -210
data/spec/lib/oauth/base_response_spec.rb +0 -45
data/spec/lib/oauth/client/credentials_spec.rb +0 -90
data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
data/spec/lib/oauth/client_spec.rb +0 -38
data/spec/lib/oauth/code_request_spec.rb +0 -46
data/spec/lib/oauth/code_response_spec.rb +0 -36
data/spec/lib/oauth/error_response_spec.rb +0 -64
data/spec/lib/oauth/error_spec.rb +0 -21
data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
data/spec/lib/oauth/scopes_spec.rb +0 -146
data/spec/lib/oauth/token_request_spec.rb +0 -164
data/spec/lib/oauth/token_response_spec.rb +0 -84
data/spec/lib/oauth/token_spec.rb +0 -156
data/spec/lib/option_spec.rb +0 -51
data/spec/lib/request/strategy_spec.rb +0 -54
data/spec/lib/secret_storing/base_spec.rb +0 -60
data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
data/spec/lib/secret_storing/plain_spec.rb +0 -44
data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
data/spec/lib/server_spec.rb +0 -49
data/spec/lib/stale_records_cleaner_spec.rb +0 -102
data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
data/spec/models/doorkeeper/access_token_spec.rb +0 -650
data/spec/models/doorkeeper/application_spec.rb +0 -442
data/spec/requests/applications/applications_request_spec.rb +0 -259
data/spec/requests/applications/authorized_applications_spec.rb +0 -32
data/spec/requests/endpoints/authorization_spec.rb +0 -91
data/spec/requests/endpoints/token_spec.rb +0 -79
data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
data/spec/requests/flows/authorization_code_spec.rb +0 -530
data/spec/requests/flows/client_credentials_spec.rb +0 -207
data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
data/spec/requests/flows/implicit_grant_spec.rb +0 -91
data/spec/requests/flows/password_spec.rb +0 -316
data/spec/requests/flows/refresh_token_spec.rb +0 -241
data/spec/requests/flows/revoke_token_spec.rb +0 -196
data/spec/requests/flows/skip_authorization_spec.rb +0 -66
data/spec/requests/protected_resources/metal_spec.rb +0 -16
data/spec/requests/protected_resources/private_api_spec.rb +0 -83
data/spec/routing/custom_controller_routes_spec.rb +0 -133
data/spec/routing/default_routes_spec.rb +0 -41
data/spec/routing/scoped_routes_spec.rb +0 -47
data/spec/spec_helper.rb +0 -54
data/spec/spec_helper_integration.rb +0 -4
data/spec/support/dependencies/factory_bot.rb +0 -4
data/spec/support/doorkeeper_rspec.rb +0 -22
data/spec/support/helpers/access_token_request_helper.rb +0 -14
data/spec/support/helpers/authorization_request_helper.rb +0 -43
data/spec/support/helpers/config_helper.rb +0 -11
data/spec/support/helpers/model_helper.rb +0 -78
data/spec/support/helpers/request_spec_helper.rb +0 -110
data/spec/support/helpers/url_helper.rb +0 -62
data/spec/support/orm/active_record.rb +0 -5
data/spec/support/shared/controllers_shared_context.rb +0 -133
data/spec/support/shared/hashing_shared_context.rb +0 -36
data/spec/support/shared/models_shared_examples.rb +0 -56
data/spec/validators/redirect_uri_validator_spec.rb +0 -183
data/spec/version/version_spec.rb +0 -17

data/lib/doorkeeper/grant_flow/registry.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+module Doorkeeper
+  module GrantFlow
+    module Registry
+      mattr_accessor :flows
+      self.flows = {}
+      mattr_accessor :aliases
+      self.aliases = {}
+      # Allows to register custom OAuth grant flow so that Doorkeeper
+      # could recognize and process it.
+      #
+      def register(name_or_flow, **options)
+        unless name_or_flow.is_a?(Doorkeeper::GrantFlow::Flow)
+          name_or_flow = Flow.new(name_or_flow, **options)
+        end
+        flow_key = name_or_flow.name.to_sym
+        if flows.key?(flow_key)
+          ::Kernel.warn <<~WARNING
+            [DOORKEEPER] '#{flow_key}' grant flow already registered and will be overridden
+            in #{caller(1..1).first}
+          WARNING
+        end
+        flows[flow_key] = name_or_flow
+      end
+      # Allows to register aliases that could be used in `grant_flows`
+      # configuration option. It is possible to have aliases like 1:1 or
+      # 1:N, i.e. "implicit_oidc" => ['token', 'id_token', 'id_token token'].
+      #
+      def register_alias(alias_name, **options)
+        aliases[alias_name.to_sym] = Array.wrap(options.fetch(:as))
+      end
+      def expand_alias(alias_name)
+        aliases.fetch(alias_name.to_sym, [])
+      end
+      # [NOTE]: make it to use #fetch after removing fallbacks
+      def get(name)
+        flows[name.to_sym]
+      end
+    end
+  end
+end

data/lib/doorkeeper/helpers/controller.rb CHANGED Viewed

@@ -16,6 +16,8 @@ module Doorkeeper
       # :doc:
       def current_resource_owner
+        return @current_resource_owner if defined?(@current_resource_owner)
         @current_resource_owner ||= begin
           instance_eval(&Doorkeeper.config.authenticate_resource_owner)
         end
@@ -36,7 +38,9 @@ module Doorkeeper
       # :doc:
       def doorkeeper_token
-        @doorkeeper_token ||= OAuth::Token.authenticate request, *config_methods
+        return @doorkeeper_token if defined?(@doorkeeper_token)
+        @doorkeeper_token ||= OAuth::Token.authenticate(request, *config_methods)
       end
       def config_methods
@@ -58,10 +62,10 @@ module Doorkeeper
       end
       def handle_token_exception(exception)
-        error = get_error_response_from_exception exception
-        headers.merge! error.headers
+        error = get_error_response_from_exception(exception)
+        headers.merge!(error.headers)
         self.response_body = error.body.to_json
-        self.status        = error.status
+        self.status = error.status
       end
       def skip_authorization?

data/lib/doorkeeper/models/access_grant_mixin.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Doorkeeper
     include Models::Scopes
     include Models::ResourceOwnerable
-    # never uses pkce, if pkce migrations were not generated
+    # Never uses PKCE if PKCE migrations were not generated
     def uses_pkce?
       self.class.pkce_supported? && code_challenge.present?
     end
@@ -24,8 +24,8 @@ module Doorkeeper
       #
       # @param token [#to_s] token value (any object that responds to `#to_s`)
       #
-      # @return [Doorkeeper::AccessGrant, nil] AccessGrant object or nil
-      #   if there is no record with such token
+      # @return [Doorkeeper::AccessGrant, nil]
+      #   AccessGrant object or nil if there is no record with such token
       #
       def by_token(token)
         find_by_plaintext_token(:token, token)
@@ -36,8 +36,8 @@ module Doorkeeper
       #
       # @param application_id [Integer]
       #   ID of the Application
-      # @param resource_owner [ActiveRecord::Base]
-      #   instance of the Resource Owner model
+      # @param resource_owner [ActiveRecord::Base, Integer]
+      #   instance of the Resource Owner model or it's ID
       #
       def revoke_all_for(application_id, resource_owner, clock = Time)
         by_resource_owner(resource_owner)
@@ -89,8 +89,7 @@ module Doorkeeper
       # suitable for PKCE validation
       #
       def generate_code_challenge(code_verifier)
-        padded_result = Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier))
-        padded_result.split("=")[0] # Remove any trailing '='
+        Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier), padding: false)
       end
       def pkce_supported?
@@ -100,6 +99,9 @@ module Doorkeeper
       ##
       # Determines the secret storing transformer
       # Unless configured otherwise, uses the plain secret strategy
+      #
+      # @return [Doorkeeper::SecretStoring::Base]
+      #
       def secret_strategy
         ::Doorkeeper.config.token_secret_strategy
       end
@@ -107,6 +109,9 @@ module Doorkeeper
       ##
       # Determine the fallback storing strategy
       # Unless configured, there will be no fallback
+      #
+      # @return [Doorkeeper::SecretStoring::Base]
+      #
       def fallback_secret_strategy
         ::Doorkeeper.config.token_secret_fallback_strategy
       end

data/lib/doorkeeper/models/access_token_mixin.rb CHANGED Viewed

@@ -61,8 +61,8 @@ module Doorkeeper
       #
       # @param application_id [Integer]
       #   ID of the Application
-      # @param resource_owner [ActiveRecord::Base]
-      #   instance of the Resource Owner model
+      # @param resource_owner [ActiveRecord::Base, Integer]
+      #   instance of the Resource Owner model or it's ID
       #
       def revoke_all_for(application_id, resource_owner, clock = Time)
         by_resource_owner(resource_owner)
@@ -94,8 +94,8 @@ module Doorkeeper
       # Interface to enumerate access token records in batches in order not
       # to bloat the memory. Could be overloaded in any ORM extension.
       #
-      def find_access_token_in_batches(relation, *args, &block)
-        relation.find_in_batches(*args, &block)
+      def find_access_token_in_batches(relation, **args, &block)
+        relation.find_in_batches(**args, &block)
       end
       # Enumerates AccessToken records in batches to find a matching token.
@@ -230,10 +230,11 @@ module Doorkeeper
       #
       # @param application_id [Integer]
       #   ID of the Application model instance
-      # @param resource_owner [Integer]
-      #   ID of the Resource Owner model instance
+      # @param resource_owner [ActiveRecord::Base, Integer]
+      #   Resource Owner model instance or it's ID
       #
-      # @return [Doorkeeper::AccessToken] array of matching AccessToken objects
+      # @return [ActiveRecord::Relation]
+      #   collection of matching AccessToken objects
       #
       def authorized_tokens_for(application_id, resource_owner)
         by_resource_owner(resource_owner).where(
@@ -262,6 +263,9 @@ module Doorkeeper
       ##
       # Determines the secret storing transformer
       # Unless configured otherwise, uses the plain secret strategy
+      #
+      # @return [Doorkeeper::SecretStoring::Base]
+      #
       def secret_strategy
         ::Doorkeeper.config.token_secret_strategy
       end
@@ -373,7 +377,7 @@ module Doorkeeper
       return unless self.class.refresh_token_revoked_on_use?
       old_refresh_token&.revoke
-      update_column(:previous_refresh_token, "")
+      update_attribute(:previous_refresh_token, "") if previous_refresh_token.present?
     end
     private

data/lib/doorkeeper/models/application_mixin.rb CHANGED Viewed

@@ -20,8 +20,8 @@ module Doorkeeper
       # @param uid [#to_s] UID (any object that responds to `#to_s`)
       # @param secret [#to_s] secret (any object that responds to `#to_s`)
       #
-      # @return [Doorkeeper::Application, nil] Application instance or nil
-      #   if there is no record with such credentials
+      # @return [Doorkeeper::Application, nil]
+      #   Application instance or nil if there is no record with such credentials
       #
       def by_uid_and_secret(uid, secret)
         app = by_uid(uid)
@@ -60,9 +60,10 @@ module Doorkeeper
     # Set an application's valid redirect URIs.
     #
-    # @param uris [String, Array] Newline-separated string or array the URI(s)
+    # @param uris [String, Array<String>] Newline-separated string or array the URI(s)
+    #
+    # @return [String] The redirect URI(s) separated by newlines.
     #
-    # @return [String] The redirect URI(s) seperated by newlines.
     def redirect_uri=(uris)
       super(uris.is_a?(Array) ? uris.join("\n") : uris)
     end

data/lib/doorkeeper/models/concerns/revocable.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module Doorkeeper
       # @param clock [Time] time object
       #
       def revoke(clock = Time)
-        update_column(:revoked_at, clock.now.utc)
+        update_attribute(:revoked_at, clock.now.utc)
       end
       # Indicates whether the object has been revoked.

data/lib/doorkeeper/oauth/authorization/code.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Doorkeeper
           @resource_owner = resource_owner
         end
-        def issue_token
+        def issue_token!
           return @token if defined?(@token)
           @token = Doorkeeper.config.access_grant_model.create!(access_grant_attributes)
@@ -21,6 +21,10 @@ module Doorkeeper
           { action: :show, code: token.plaintext_token }
         end
+        def access_grant?
+          true
+        end
         private
         def authorization_code_expires_in

data/lib/doorkeeper/oauth/authorization/context.rb CHANGED Viewed

@@ -4,12 +4,12 @@ module Doorkeeper
   module OAuth
     module Authorization
       class Context
-        attr_reader :client, :grant_type, :scopes
+        attr_reader :client, :grant_type, :resource_owner, :scopes
-        def initialize(client, grant_type, scopes)
-          @client = client
-          @grant_type = grant_type
-          @scopes = scopes
+        def initialize(**attributes)
+          attributes.each do |name, value|
+            instance_variable_set(:"@#{name}", value) if respond_to?(name)
+          end
         end
       end
     end

data/lib/doorkeeper/oauth/authorization/token.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Doorkeeper
         attr_reader :pre_auth, :resource_owner, :token
         class << self
-          def build_context(pre_auth_or_oauth_client, grant_type, scopes)
+          def build_context(pre_auth_or_oauth_client, grant_type, scopes, resource_owner)
             oauth_client = if pre_auth_or_oauth_client.respond_to?(:application)
                              pre_auth_or_oauth_client.application
                            elsif pre_auth_or_oauth_client.respond_to?(:client)
@@ -17,9 +17,10 @@ module Doorkeeper
                            end
             Doorkeeper::OAuth::Authorization::Context.new(
-              oauth_client,
-              grant_type,
-              scopes,
+              client: oauth_client,
+              grant_type: grant_type,
+              scopes: scopes,
+              resource_owner: resource_owner,
             )
           end
@@ -48,13 +49,14 @@ module Doorkeeper
           @resource_owner = resource_owner
         end
-        def issue_token
+        def issue_token!
           return @token if defined?(@token)
           context = self.class.build_context(
             pre_auth.client,
             Doorkeeper::OAuth::IMPLICIT,
             pre_auth.scopes,
+            resource_owner,
           )
           @token = Doorkeeper.config.access_token_model.find_or_create_for(
@@ -74,6 +76,10 @@ module Doorkeeper
           }
         end
+        def access_token?
+          true
+        end
         private
         def controller

data/lib/doorkeeper/oauth/authorization/uri_builder.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Doorkeeper
           private
           def build_query(parameters = {})
-            parameters = parameters.reject { |_, value| value.blank? }
+            parameters.reject! { |_, value| value.blank? }
             Rack::Utils.build_query(parameters)
           end
         end

data/lib/doorkeeper/oauth/authorization_code_request.rb CHANGED Viewed

@@ -3,7 +3,6 @@
 module Doorkeeper
   module OAuth
     class AuthorizationCodeRequest < BaseRequest
-      validate :pkce_support, error: :invalid_request
       validate :params,       error: :invalid_request
       validate :client,       error: :invalid_client
       validate :grant,        error: :invalid_grant
@@ -32,12 +31,6 @@ module Doorkeeper
           grant.revoke
-          resource_owner = if Doorkeeper.config.polymorphic_resource_owner?
-                             grant.resource_owner
-                           else
-                             grant.resource_owner_id
-                           end
           find_or_create_access_token(
             grant.application,
             resource_owner,
@@ -49,16 +42,16 @@ module Doorkeeper
         super
       end
-      def pkce_supported?
-        Doorkeeper.config.access_grant_model.pkce_supported?
+      def resource_owner
+        if Doorkeeper.config.polymorphic_resource_owner?
+          grant.resource_owner
+        else
+          grant.resource_owner_id
+        end
       end
-      def validate_pkce_support
-        @invalid_request_reason = :not_support_pkce if grant &&
-                                                       !pkce_supported? &&
-                                                       code_verifier.present?
-        @invalid_request_reason.nil?
+      def pkce_supported?
+        Doorkeeper.config.access_grant_model.pkce_supported?
       end
       def validate_params
@@ -91,8 +84,8 @@ module Doorkeeper
       # if either side (server or client) request PKCE, check the verifier
       # against the DB - if PKCE is supported
       def validate_code_verifier
-        return true unless grant.uses_pkce? || code_verifier
-        return false unless pkce_supported?
+        return true unless pkce_supported?
+        return grant.code_challenge.blank? if code_verifier.blank?
         if grant.code_challenge_method == "S256"
           grant.code_challenge == generate_code_challenge(code_verifier)

data/lib/doorkeeper/oauth/base_request.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Doorkeeper
       end
       def find_or_create_access_token(client, resource_owner, scopes, server)
-        context = Authorization::Token.build_context(client, grant_type, scopes)
+        context = Authorization::Token.build_context(client, grant_type, scopes, resource_owner)
         @access_token = server_config.access_token_model.find_or_create_for(
           application: client,
           resource_owner: resource_owner,

data/lib/doorkeeper/oauth/client_credentials/creator.rb CHANGED Viewed

@@ -25,7 +25,7 @@ module Doorkeeper
         private
         def with_revocation(existing_token:)
-          if existing_token && server_config.revoke_previous_client_credentials_token
+          if existing_token && server_config.revoke_previous_client_credentials_token?
             existing_token.with_lock do
               raise Errors::DoorkeeperError, :invalid_token_reuse if existing_token.revoked?
@@ -39,7 +39,8 @@ module Doorkeeper
         end
         def lookup_existing_token?
-          server_config.reuse_access_token || server_config.revoke_previous_client_credentials_token
+          server_config.reuse_access_token ||
+            server_config.revoke_previous_client_credentials_token?
         end
         def find_existing_token_for(client, scopes)

data/lib/doorkeeper/oauth/client_credentials/issuer.rb CHANGED Viewed

@@ -30,6 +30,7 @@ module Doorkeeper
             client,
             Doorkeeper::OAuth::CLIENT_CREDENTIALS,
             scopes,
+            nil,
           )
           ttl = Authorization::Token.access_token_expires_in(@server, context)

data/lib/doorkeeper/oauth/client_credentials/validator.rb CHANGED Viewed

@@ -26,9 +26,11 @@ module Doorkeeper
         end
         def validate_client_supports_grant_flow
+          return if @client.blank?
           Doorkeeper.config.allow_grant_flow_for_client?(
             Doorkeeper::OAuth::CLIENT_CREDENTIALS,
-            @client,
+            @client.application,
           )
         end

data/lib/doorkeeper/oauth/code_request.rb CHANGED Viewed

@@ -6,13 +6,13 @@ module Doorkeeper
       attr_reader :pre_auth, :resource_owner
       def initialize(pre_auth, resource_owner)
-        @pre_auth       = pre_auth
+        @pre_auth = pre_auth
         @resource_owner = resource_owner
       end
       def authorize
         auth = Authorization::Code.new(pre_auth, resource_owner)
-        auth.issue_token
+        auth.issue_token!
         CodeResponse.new(pre_auth, auth)
       end