doorkeeper 5.5.4 → 5.6.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +64 -7
- data/README.md +4 -3
- data/app/controllers/doorkeeper/authorizations_controller.rb +20 -6
- data/app/controllers/doorkeeper/tokens_controller.rb +8 -5
- data/app/views/doorkeeper/authorizations/error.html.erb +3 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +16 -16
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/config/validations.rb +3 -3
- data/lib/doorkeeper/config.rb +44 -54
- data/lib/doorkeeper/engine.rb +10 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_token_mixin.rb +6 -6
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +7 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +7 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +16 -6
- data/lib/doorkeeper/oauth/base_request.rb +11 -10
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +10 -13
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +1 -2
- data/lib/doorkeeper/oauth/error_response.rb +1 -2
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +3 -3
- data/lib/doorkeeper/oauth/password_access_token_request.rb +2 -2
- data/lib/doorkeeper/oauth/pre_authorization.rb +11 -10
- data/lib/doorkeeper/oauth/refresh_token_request.rb +12 -4
- data/lib/doorkeeper/oauth/token_introspection.rb +1 -1
- data/lib/doorkeeper/oauth/token_response.rb +1 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +0 -6
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +21 -4
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +12 -1
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +2 -2
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +5 -2
- data/lib/doorkeeper/orm/active_record.rb +30 -37
- data/lib/doorkeeper/rails/routes.rb +12 -3
- data/lib/doorkeeper/rake/setup.rake +0 -5
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/doorkeeper.rb +73 -5
- data/lib/generators/doorkeeper/templates/initializer.rb +21 -3
- data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -4
- metadata +21 -19
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Doorkeeper
|
4
|
+
module Models
|
5
|
+
module PolymorphicResourceOwner
|
6
|
+
module ForAccessGrant
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
if Doorkeeper.config.polymorphic_resource_owner?
|
11
|
+
belongs_to :resource_owner, polymorphic: true, optional: false
|
12
|
+
else
|
13
|
+
validates :resource_owner_id, presence: true
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
module ForAccessToken
|
19
|
+
extend ActiveSupport::Concern
|
20
|
+
|
21
|
+
included do
|
22
|
+
if Doorkeeper.config.polymorphic_resource_owner?
|
23
|
+
belongs_to :resource_owner, polymorphic: true, optional: true
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
@@ -45,7 +45,13 @@ module Doorkeeper
|
|
45
45
|
attributes[:resource_owner_id] = resource_owner.id
|
46
46
|
end
|
47
47
|
|
48
|
-
pkce_attributes.merge(attributes)
|
48
|
+
pkce_attributes.merge(attributes).merge(custom_attributes)
|
49
|
+
end
|
50
|
+
|
51
|
+
def custom_attributes
|
52
|
+
# Custom access token attributes are saved into the access grant,
|
53
|
+
# and then included in subsequently generated access tokens.
|
54
|
+
@pre_auth.custom_access_token_attributes.to_h.with_indifferent_access
|
49
55
|
end
|
50
56
|
|
51
57
|
def pkce_attributes
|
@@ -60,7 +60,7 @@ module Doorkeeper
|
|
60
60
|
)
|
61
61
|
|
62
62
|
@token = Doorkeeper.config.access_token_model.find_or_create_for(
|
63
|
-
application:
|
63
|
+
application: application,
|
64
64
|
resource_owner: resource_owner,
|
65
65
|
scopes: pre_auth.scopes,
|
66
66
|
expires_in: self.class.access_token_expires_in(Doorkeeper.config, context),
|
@@ -68,6 +68,12 @@ module Doorkeeper
|
|
68
68
|
)
|
69
69
|
end
|
70
70
|
|
71
|
+
def application
|
72
|
+
return unless pre_auth.client
|
73
|
+
|
74
|
+
pre_auth.client.is_a?(Doorkeeper.config.application_model) ? pre_auth.client : pre_auth.client.application
|
75
|
+
end
|
76
|
+
|
71
77
|
def oob_redirect
|
72
78
|
{
|
73
79
|
controller: controller,
|
@@ -35,6 +35,7 @@ module Doorkeeper
|
|
35
35
|
grant.application,
|
36
36
|
resource_owner,
|
37
37
|
grant.scopes,
|
38
|
+
custom_token_attributes_with_data,
|
38
39
|
server,
|
39
40
|
)
|
40
41
|
end
|
@@ -55,11 +56,12 @@ module Doorkeeper
|
|
55
56
|
end
|
56
57
|
|
57
58
|
def validate_params
|
58
|
-
@missing_param =
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
59
|
+
@missing_param =
|
60
|
+
if grant&.uses_pkce? && code_verifier.blank?
|
61
|
+
:code_verifier
|
62
|
+
elsif redirect_uri.blank?
|
63
|
+
:redirect_uri
|
64
|
+
end
|
63
65
|
|
64
66
|
@missing_param.nil?
|
65
67
|
end
|
@@ -97,7 +99,15 @@ module Doorkeeper
|
|
97
99
|
end
|
98
100
|
|
99
101
|
def generate_code_challenge(code_verifier)
|
100
|
-
|
102
|
+
Doorkeeper.config.access_grant_model.generate_code_challenge(code_verifier)
|
103
|
+
end
|
104
|
+
|
105
|
+
def custom_token_attributes_with_data
|
106
|
+
grant
|
107
|
+
.attributes
|
108
|
+
.with_indifferent_access
|
109
|
+
.slice(*Doorkeeper.config.custom_access_token_attributes)
|
110
|
+
.symbolize_keys
|
101
111
|
end
|
102
112
|
end
|
103
113
|
end
|
@@ -26,27 +26,28 @@ module Doorkeeper
|
|
26
26
|
@scopes ||= build_scopes
|
27
27
|
end
|
28
28
|
|
29
|
-
def find_or_create_access_token(client, resource_owner, scopes, server)
|
29
|
+
def find_or_create_access_token(client, resource_owner, scopes, custom_attributes, server)
|
30
30
|
context = Authorization::Token.build_context(client, grant_type, scopes, resource_owner)
|
31
|
-
|
32
|
-
|
31
|
+
application = client.is_a?(Doorkeeper.config.application_model) ? client : client&.application
|
32
|
+
|
33
|
+
token_attributes = {
|
34
|
+
application: application,
|
33
35
|
resource_owner: resource_owner,
|
34
36
|
scopes: scopes,
|
35
37
|
expires_in: Authorization::Token.access_token_expires_in(server, context),
|
36
38
|
use_refresh_token: Authorization::Token.refresh_token_enabled?(server, context),
|
37
|
-
|
39
|
+
}
|
40
|
+
|
41
|
+
@access_token =
|
42
|
+
Doorkeeper.config.access_token_model.find_or_create_for(**token_attributes.merge(custom_attributes))
|
38
43
|
end
|
39
44
|
|
40
45
|
def before_successful_response
|
41
|
-
|
46
|
+
Doorkeeper.config.before_successful_strategy_response.call(self)
|
42
47
|
end
|
43
48
|
|
44
49
|
def after_successful_response
|
45
|
-
|
46
|
-
end
|
47
|
-
|
48
|
-
def server_config
|
49
|
-
Doorkeeper.config
|
50
|
+
Doorkeeper.config.after_successful_strategy_response.call(self, @response)
|
50
51
|
end
|
51
52
|
|
52
53
|
private
|
@@ -8,13 +8,14 @@ module Doorkeeper
|
|
8
8
|
existing_token = nil
|
9
9
|
|
10
10
|
if lookup_existing_token?
|
11
|
-
existing_token =
|
12
|
-
return existing_token if
|
11
|
+
existing_token = find_active_existing_token_for(client, scopes)
|
12
|
+
return existing_token if Doorkeeper.config.reuse_access_token && existing_token&.reusable?
|
13
13
|
end
|
14
14
|
|
15
15
|
with_revocation(existing_token: existing_token) do
|
16
|
-
|
17
|
-
|
16
|
+
application = client.is_a?(Doorkeeper.config.application_model) ? client : client&.application
|
17
|
+
Doorkeeper.config.access_token_model.create_for(
|
18
|
+
application: application,
|
18
19
|
resource_owner: nil,
|
19
20
|
scopes: scopes,
|
20
21
|
**attributes,
|
@@ -25,7 +26,7 @@ module Doorkeeper
|
|
25
26
|
private
|
26
27
|
|
27
28
|
def with_revocation(existing_token:)
|
28
|
-
if existing_token &&
|
29
|
+
if existing_token && Doorkeeper.config.revoke_previous_client_credentials_token?
|
29
30
|
existing_token.with_lock do
|
30
31
|
raise Errors::DoorkeeperError, :invalid_token_reuse if existing_token.revoked?
|
31
32
|
|
@@ -39,16 +40,12 @@ module Doorkeeper
|
|
39
40
|
end
|
40
41
|
|
41
42
|
def lookup_existing_token?
|
42
|
-
|
43
|
-
|
43
|
+
Doorkeeper.config.reuse_access_token ||
|
44
|
+
Doorkeeper.config.revoke_previous_client_credentials_token?
|
44
45
|
end
|
45
46
|
|
46
|
-
def
|
47
|
-
|
48
|
-
end
|
49
|
-
|
50
|
-
def server_config
|
51
|
-
Doorkeeper.config
|
47
|
+
def find_active_existing_token_for(client, scopes)
|
48
|
+
Doorkeeper.config.access_token_model.matching_token_for(client, nil, scopes, include_expired: false)
|
52
49
|
end
|
53
50
|
end
|
54
51
|
end
|
@@ -35,13 +35,12 @@ module Doorkeeper
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def validate_scopes
|
38
|
-
return true if @request.scopes.blank?
|
39
|
-
|
40
38
|
application_scopes = if @client.present?
|
41
39
|
@client.application.scopes
|
42
40
|
else
|
43
41
|
""
|
44
42
|
end
|
43
|
+
return true if @request.scopes.blank? && application_scopes.blank?
|
45
44
|
|
46
45
|
ScopeChecker.valid?(
|
47
46
|
scope_str: @request.scopes.to_s,
|
@@ -61,9 +61,9 @@ module Doorkeeper
|
|
61
61
|
end
|
62
62
|
|
63
63
|
def self.valid_scheme?(uri)
|
64
|
-
return false if uri.scheme.
|
64
|
+
return false if uri.scheme.blank?
|
65
65
|
|
66
|
-
%w[localhost].
|
66
|
+
%w[localhost].exclude?(uri.scheme)
|
67
67
|
end
|
68
68
|
|
69
69
|
def self.hypertext_scheme?(uri)
|
@@ -71,7 +71,7 @@ module Doorkeeper
|
|
71
71
|
end
|
72
72
|
|
73
73
|
def self.iff_host?(uri)
|
74
|
-
!(hypertext_scheme?(uri) && uri.host.
|
74
|
+
!(hypertext_scheme?(uri) && uri.host.blank?)
|
75
75
|
end
|
76
76
|
|
77
77
|
def self.oob_uri?(uri)
|
@@ -25,7 +25,7 @@ module Doorkeeper
|
|
25
25
|
private
|
26
26
|
|
27
27
|
def before_successful_response
|
28
|
-
find_or_create_access_token(client, resource_owner, scopes, server)
|
28
|
+
find_or_create_access_token(client, resource_owner, scopes, {}, server)
|
29
29
|
super
|
30
30
|
end
|
31
31
|
|
@@ -68,7 +68,7 @@ module Doorkeeper
|
|
68
68
|
end
|
69
69
|
|
70
70
|
def validate_client_supports_grant_flow
|
71
|
-
|
71
|
+
Doorkeeper.config.allow_grant_flow_for_client?(grant_type, client&.application)
|
72
72
|
end
|
73
73
|
end
|
74
74
|
end
|
@@ -18,19 +18,20 @@ module Doorkeeper
|
|
18
18
|
|
19
19
|
attr_reader :client, :code_challenge, :code_challenge_method, :missing_param,
|
20
20
|
:redirect_uri, :resource_owner, :response_type, :state,
|
21
|
-
:authorization_response_flow, :response_mode
|
21
|
+
:authorization_response_flow, :response_mode, :custom_access_token_attributes
|
22
22
|
|
23
23
|
def initialize(server, parameters = {}, resource_owner = nil)
|
24
|
-
@server
|
25
|
-
@client_id
|
26
|
-
@response_type
|
27
|
-
@response_mode
|
28
|
-
@redirect_uri
|
29
|
-
@scope
|
30
|
-
@state
|
31
|
-
@code_challenge
|
24
|
+
@server = server
|
25
|
+
@client_id = parameters[:client_id]
|
26
|
+
@response_type = parameters[:response_type]
|
27
|
+
@response_mode = parameters[:response_mode]
|
28
|
+
@redirect_uri = parameters[:redirect_uri]
|
29
|
+
@scope = parameters[:scope]
|
30
|
+
@state = parameters[:state]
|
31
|
+
@code_challenge = parameters[:code_challenge]
|
32
32
|
@code_challenge_method = parameters[:code_challenge_method]
|
33
|
-
@resource_owner
|
33
|
+
@resource_owner = resource_owner
|
34
|
+
@custom_access_token_attributes = parameters.slice(*Doorkeeper.config.custom_access_token_attributes)
|
34
35
|
end
|
35
36
|
|
36
37
|
def authorizable?
|
@@ -26,7 +26,7 @@ module Doorkeeper
|
|
26
26
|
private
|
27
27
|
|
28
28
|
def load_client(credentials)
|
29
|
-
|
29
|
+
Doorkeeper.config.application_model.by_uid_and_secret(credentials.uid, credentials.secret)
|
30
30
|
end
|
31
31
|
|
32
32
|
def before_successful_response
|
@@ -41,7 +41,7 @@ module Doorkeeper
|
|
41
41
|
end
|
42
42
|
|
43
43
|
def refresh_token_revoked_on_use?
|
44
|
-
|
44
|
+
Doorkeeper.config.access_token_model.refresh_token_revoked_on_use?
|
45
45
|
end
|
46
46
|
|
47
47
|
def default_scopes
|
@@ -49,7 +49,7 @@ module Doorkeeper
|
|
49
49
|
end
|
50
50
|
|
51
51
|
def create_access_token
|
52
|
-
attributes = {}
|
52
|
+
attributes = {}.merge(custom_token_attributes_with_data)
|
53
53
|
|
54
54
|
resource_owner =
|
55
55
|
if Doorkeeper.config.polymorphic_resource_owner?
|
@@ -75,7 +75,7 @@ module Doorkeeper
|
|
75
75
|
# Here we assume that TTL of the token received after refreshing should be
|
76
76
|
# the same as that of the original token.
|
77
77
|
#
|
78
|
-
@access_token =
|
78
|
+
@access_token = Doorkeeper.config.access_token_model.create_for(
|
79
79
|
application: refresh_token.application,
|
80
80
|
resource_owner: resource_owner,
|
81
81
|
scopes: scopes,
|
@@ -119,6 +119,14 @@ module Doorkeeper
|
|
119
119
|
true
|
120
120
|
end
|
121
121
|
end
|
122
|
+
|
123
|
+
def custom_token_attributes_with_data
|
124
|
+
refresh_token
|
125
|
+
.attributes
|
126
|
+
.with_indifferent_access
|
127
|
+
.slice(*Doorkeeper.config.custom_access_token_attributes)
|
128
|
+
.symbolize_keys
|
129
|
+
end
|
122
130
|
end
|
123
131
|
end
|
124
132
|
end
|
@@ -134,7 +134,7 @@ module Doorkeeper
|
|
134
134
|
# Since resource servers using token introspection rely on the
|
135
135
|
# authorization server to determine the state of a token, the
|
136
136
|
# authorization server MUST perform all applicable checks against a
|
137
|
-
# token's state.
|
137
|
+
# token's state. For instance, these tests include the following:
|
138
138
|
#
|
139
139
|
# o If the token can expire, the authorization server MUST determine
|
140
140
|
# whether or not the token has expired.
|
@@ -14,12 +14,6 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
14
14
|
optional: true,
|
15
15
|
inverse_of: :access_grants
|
16
16
|
|
17
|
-
if Doorkeeper.config.polymorphic_resource_owner?
|
18
|
-
belongs_to :resource_owner, polymorphic: true, optional: false
|
19
|
-
else
|
20
|
-
validates :resource_owner_id, presence: true
|
21
|
-
end
|
22
|
-
|
23
17
|
validates :application_id,
|
24
18
|
:token,
|
25
19
|
:expires_in,
|
@@ -14,10 +14,6 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
14
14
|
inverse_of: :access_tokens,
|
15
15
|
optional: true
|
16
16
|
|
17
|
-
if Doorkeeper.config.polymorphic_resource_owner?
|
18
|
-
belongs_to :resource_owner, polymorphic: true, optional: true
|
19
|
-
end
|
20
|
-
|
21
17
|
validates :token, presence: true, uniqueness: { case_sensitive: true }
|
22
18
|
validates :refresh_token, uniqueness: { case_sensitive: true }, if: :use_refresh_token?
|
23
19
|
|
@@ -48,6 +44,27 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
48
44
|
column_names.include?("previous_refresh_token")
|
49
45
|
end
|
50
46
|
|
47
|
+
# Returns non-expired and non-revoked access tokens
|
48
|
+
def not_expired
|
49
|
+
relation = where(revoked_at: nil)
|
50
|
+
|
51
|
+
if supports_expiration_time_math?
|
52
|
+
# have not reached the expiration time or it never expires
|
53
|
+
relation.where("#{expiration_time_sql} > ?", Time.now.utc).or(
|
54
|
+
relation.where(expires_in: nil)
|
55
|
+
)
|
56
|
+
else
|
57
|
+
::Kernel.warn <<~WARNING.squish
|
58
|
+
[DOORKEEPER] Doorkeeper doesn't support expiration time math for your database adapter (#{adapter_name}).
|
59
|
+
Please add a class method `custom_expiration_time_sql` for your AccessToken class/mixin to provide a custom
|
60
|
+
SQL expression to calculate access token expiration time. See lib/doorkeeper/orm/active_record/mixins/access_token.rb
|
61
|
+
for more details.
|
62
|
+
WARNING
|
63
|
+
|
64
|
+
relation
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
51
68
|
private
|
52
69
|
|
53
70
|
def compute_doorkeeper_table_name
|
@@ -44,7 +44,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
44
44
|
# @return [String] new transformed secret value
|
45
45
|
#
|
46
46
|
def renew_secret
|
47
|
-
@raw_secret =
|
47
|
+
@raw_secret = secret_generator.generate
|
48
48
|
secret_strategy.store_secret(self, :secret, @raw_secret)
|
49
49
|
end
|
50
50
|
|
@@ -102,6 +102,17 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
102
102
|
|
103
103
|
private
|
104
104
|
|
105
|
+
def secret_generator
|
106
|
+
generator_name = Doorkeeper.config.application_secret_generator
|
107
|
+
generator = generator_name.constantize
|
108
|
+
|
109
|
+
return generator if generator.respond_to?(:generate)
|
110
|
+
|
111
|
+
raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
|
112
|
+
rescue NameError
|
113
|
+
raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
|
114
|
+
end
|
115
|
+
|
105
116
|
def generate_uid
|
106
117
|
self.uid = Doorkeeper::OAuth::Helpers::UniqueToken.generate if uid.blank?
|
107
118
|
end
|
@@ -45,11 +45,11 @@ module Doorkeeper
|
|
45
45
|
end
|
46
46
|
|
47
47
|
def unspecified_host?(uri)
|
48
|
-
uri.is_a?(URI::HTTP) && uri.host.
|
48
|
+
uri.is_a?(URI::HTTP) && uri.host.blank?
|
49
49
|
end
|
50
50
|
|
51
51
|
def relative_uri?(uri)
|
52
|
-
uri.scheme.nil? && uri.host.
|
52
|
+
uri.scheme.nil? && uri.host.blank?
|
53
53
|
end
|
54
54
|
|
55
55
|
def invalid_ssl_uri?(uri)
|
@@ -15,7 +15,8 @@ module Doorkeeper
|
|
15
15
|
def clean_revoked
|
16
16
|
table = @base_scope.arel_table
|
17
17
|
|
18
|
-
@base_scope
|
18
|
+
@base_scope
|
19
|
+
.where.not(revoked_at: nil)
|
19
20
|
.where(table[:revoked_at].lt(Time.current))
|
20
21
|
.in_batches(&:delete_all)
|
21
22
|
end
|
@@ -24,7 +25,9 @@ module Doorkeeper
|
|
24
25
|
def clean_expired(ttl)
|
25
26
|
table = @base_scope.arel_table
|
26
27
|
|
27
|
-
@base_scope
|
28
|
+
@base_scope
|
29
|
+
.where.not(expires_in: nil)
|
30
|
+
.where(table[:created_at].lt(Time.current - ttl))
|
28
31
|
.in_batches(&:delete_all)
|
29
32
|
end
|
30
33
|
end
|
@@ -1,51 +1,44 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "active_support/lazy_load_hooks"
|
4
|
-
|
5
3
|
module Doorkeeper
|
4
|
+
autoload :AccessGrant, "doorkeeper/orm/active_record/access_grant"
|
5
|
+
autoload :AccessToken, "doorkeeper/orm/active_record/access_token"
|
6
|
+
autoload :Application, "doorkeeper/orm/active_record/application"
|
7
|
+
autoload :RedirectUriValidator, "doorkeeper/orm/active_record/redirect_uri_validator"
|
8
|
+
|
9
|
+
module Models
|
10
|
+
autoload :Ownership, "doorkeeper/models/concerns/ownership"
|
11
|
+
end
|
12
|
+
|
13
|
+
# ActiveRecord ORM for Doorkeeper entity models.
|
14
|
+
# Consists of three main OAuth entities:
|
15
|
+
# * Access Token
|
16
|
+
# * Access Grant
|
17
|
+
# * Application (client)
|
18
|
+
#
|
19
|
+
# Do a lazy loading of all the required and configured stuff.
|
20
|
+
#
|
6
21
|
module Orm
|
7
|
-
# ActiveRecord ORM for Doorkeeper entity models.
|
8
|
-
# Consists of three main OAuth entities:
|
9
|
-
# * Access Token
|
10
|
-
# * Access Grant
|
11
|
-
# * Application (client)
|
12
|
-
#
|
13
|
-
# Do a lazy loading of all the required and configured stuff.
|
14
|
-
#
|
15
22
|
module ActiveRecord
|
16
|
-
|
17
|
-
lazy_load do
|
18
|
-
require "doorkeeper/orm/active_record/stale_records_cleaner"
|
19
|
-
require "doorkeeper/orm/active_record/access_grant"
|
20
|
-
require "doorkeeper/orm/active_record/access_token"
|
21
|
-
require "doorkeeper/orm/active_record/application"
|
23
|
+
autoload :StaleRecordsCleaner, "doorkeeper/orm/active_record/stale_records_cleaner"
|
22
24
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
end
|
28
|
-
end
|
25
|
+
module Mixins
|
26
|
+
autoload :AccessGrant, "doorkeeper/orm/active_record/mixins/access_grant"
|
27
|
+
autoload :AccessToken, "doorkeeper/orm/active_record/mixins/access_token"
|
28
|
+
autoload :Application, "doorkeeper/orm/active_record/mixins/application"
|
29
29
|
end
|
30
30
|
|
31
|
-
def self.
|
32
|
-
|
33
|
-
require "doorkeeper/models/concerns/ownership"
|
34
|
-
|
35
|
-
Doorkeeper.config.application_model.include(Doorkeeper::Models::Ownership)
|
36
|
-
end
|
31
|
+
def self.run_hooks
|
32
|
+
initialize_configured_associations
|
37
33
|
end
|
38
34
|
|
39
|
-
def self.
|
40
|
-
|
41
|
-
|
35
|
+
def self.initialize_configured_associations
|
36
|
+
if Doorkeeper.config.enable_application_owner?
|
37
|
+
Doorkeeper.config.application_model.include ::Doorkeeper::Models::Ownership
|
38
|
+
end
|
42
39
|
|
43
|
-
|
44
|
-
|
45
|
-
Doorkeeper.config.access_grant_model,
|
46
|
-
Doorkeeper.config.access_token_model,
|
47
|
-
Doorkeeper.config.application_model,
|
48
|
-
]
|
40
|
+
Doorkeeper.config.access_grant_model.include ::Doorkeeper::Models::PolymorphicResourceOwner::ForAccessGrant
|
41
|
+
Doorkeeper.config.access_token_model.include ::Doorkeeper::Models::PolymorphicResourceOwner::ForAccessToken
|
49
42
|
end
|
50
43
|
end
|
51
44
|
end
|
@@ -36,7 +36,7 @@ module Doorkeeper
|
|
36
36
|
map_route(:authorizations, :authorization_routes)
|
37
37
|
map_route(:tokens, :token_routes)
|
38
38
|
map_route(:tokens, :revoke_routes)
|
39
|
-
map_route(:tokens, :introspect_routes)
|
39
|
+
map_route(:tokens, :introspect_routes) if introspection_routes?
|
40
40
|
map_route(:applications, :application_routes)
|
41
41
|
map_route(:authorized_applications, :authorized_applications_routes)
|
42
42
|
map_route(:token_info, :token_info_routes)
|
@@ -53,8 +53,8 @@ module Doorkeeper
|
|
53
53
|
as: mapping[:as],
|
54
54
|
controller: mapping[:controllers],
|
55
55
|
) do
|
56
|
-
routes.get
|
57
|
-
routes.get
|
56
|
+
routes.get native_authorization_code_route, action: :show, on: :member
|
57
|
+
routes.get '/', action: :new, on: :member
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
@@ -96,6 +96,15 @@ module Doorkeeper
|
|
96
96
|
only: %i[index destroy],
|
97
97
|
controller: mapping[:controllers]
|
98
98
|
end
|
99
|
+
|
100
|
+
def native_authorization_code_route
|
101
|
+
Doorkeeper.configuration.native_authorization_code_route
|
102
|
+
end
|
103
|
+
|
104
|
+
def introspection_routes?
|
105
|
+
Doorkeeper.configured? &&
|
106
|
+
!Doorkeeper.config.allow_token_introspection.is_a?(FalseClass)
|
107
|
+
end
|
99
108
|
end
|
100
109
|
end
|
101
110
|
end
|
@@ -2,10 +2,5 @@
|
|
2
2
|
|
3
3
|
namespace :doorkeeper do
|
4
4
|
task setup: :environment do
|
5
|
-
# Dirty hack to manually initialize AR because of lazy auto-loading,
|
6
|
-
# in other case we'll see NameError: uninitialized constant Doorkeeper::AccessToken
|
7
|
-
if Doorkeeper.config.orm == :active_record && defined?(::ActiveRecord::Base)
|
8
|
-
Object.const_get("::ActiveRecord::Base")
|
9
|
-
end
|
10
5
|
end
|
11
6
|
end
|