doorkeeper 0.3.4 → 0.4.0

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## 0.4.0
+
+- deprecation
+  - Deprecate authorization_scopes
+- database changes
+  - AccessToken#resource_owner_id is not nullable
+- enhancements
+  - [#83] Add Resource Owner Password Credentials flow [@jaimeiniesta](https://github.com/jaimeiniesta)
+  - [#76] Allow token expiration to be disabled [@mattgreen](https://github.com/mattgreen)
+  - [#b6470a] Add Client Credentials flow
+- internals
+  - [#2ece8d, #f93778] Introduce Client and ErrorResponse classes
+
 ## 0.3.4
 
 - Fix attr_accessible for rails 3.2.x

data/README.md

@@ -14,7 +14,7 @@ For more information about the supported features, check out the related [page i
 Put this in your Gemfile:
 
 ``` ruby
-gem 'doorkeeper', '~> 0.3.0'
+gem 'doorkeeper', '~> 0.4.0'
 ```
 
 Run the installation generator with:
@@ -49,11 +49,13 @@ You need to configure Doorkeeper in order to provide resource_owner model and au
 ``` ruby
 Doorkeeper.configure do
   resource_owner_authenticator do |routes|
-    current_user || redirect_to('/sign_in', :alert => "Needs sign in.") # returns nil if current_user is not logged in
+    current_user || redirect_to(routes.login_url) # returns nil if current_user is not logged in
   end
 end
 ```
 
+This block runs into the context of your Rails application, and it has access to `current_user` method, for example.
+
 If you use [devise](https://github.com/plataformatec/devise), you may want to use warden to authenticate the block:
 
 ``` ruby
@@ -62,6 +64,8 @@ resource_owner_authenticator do |routes|
 end
 ```
 
+If you are not using devise, you may want to check other ways of authentication [here](https://github.com/applicake/doorkeeper/wiki/Authenticating-using-Clearance-DIY).
+
 ## Protecting resources with OAuth (a.k.a your API endpoint)
 
 To protect your API with OAuth, doorkeeper only requires you to call `doorkeeper_for` helper, specifying the actions you want to protect.
@@ -92,6 +96,17 @@ end
 
 You can also require the access token to have specific scopes in certain actions:
 
+First configure the scopes in `initializers/doorkeeper.rb`
+
+```ruby
+Doorkeeper.configure do
+  default_scope :public # if no scope was requested, this will be the default
+  optional_scope :admin, :write
+end
+```
+
+The in your controllers:
+
 ```ruby
 class Api::V1::ProductsController < Api::V1::ApiController
   doorkeeper_for :index, :show,    :scopes => [:public]
@@ -126,12 +141,24 @@ end
 
 In this example, we're returning the credentials (`me.json`) of the access token owner.
 
+## Upgrading
+
+If you want to upgrade doorkeeper to a new version, check out the [upgrading notes](https://github.com/applicake/doorkeeper/wiki/Migration-from-old-versions) and take a look at the [changelog](https://github.com/applicake/doorkeeper/blob/master/CHANGELOG.md).
+
 ## Other resources
 
+### Wiki
+
+You can find everything about doorkeeper in our [wiki here](https://github.com/applicake/doorkeeper/wiki).
+
 ### Live demo
 
 Check out this [live demo](http://doorkeeper-provider.herokuapp.com) hosted on heroku. For more demos check out [the wiki](https://github.com/applicake/doorkeeper/wiki/Example-Applications).
 
+### Screencast
+
+Check out this screencast from [railscasts.com](http://railscasts.com/): [#353 OAuth with Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
+
 ### Client applications
 
 After you set up the provider, you may want to create a client application to test the integration. Check out these [client examples](https://github.com/applicake/doorkeeper/wiki/Example-Applications) in our wiki or follow this [tutorial here](https://github.com/applicake/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
@@ -144,14 +171,14 @@ Also, check out our [contributing guidelines page](https://github.com/applicake/
 
 ### Supported ruby versions
 
-All supported ruby versions are [listed here](https://github.com/applicake/doorkeeper/wiki/Supported-Ruby-&-Rails-versions)
+All supported ruby versions are [listed here](https://github.com/applicake/doorkeeper/wiki/Supported-Ruby-&-Rails-versions).
 
 ## Additional information
 
 ### Maintainers
 
-- Felipe Elias Philipp ([github.com/felipeelias](https://github.com/felipeelias))
-- Piotr Jakubowski ([github.com/piotrj](https://github.com/piotrj))
+- Felipe Elias Philipp ([github.com/felipeelias](https://github.com/felipeelias), [twitter.com/felipeelias](https://twitter.com/felipeelias))
+- Piotr Jakubowski ([github.com/piotrj](https://github.com/piotrj), [twitter.com/piotrjakubowski](https://twitter.com/piotrjakubowski))
 
 ### Contributors
 

data/app/controllers/doorkeeper/application_controller.rb

@@ -2,17 +2,6 @@ module Doorkeeper
   class ApplicationController < ActionController::Base
     private
 
-    def parse_client_info_from_basic_auth
-      auth_header = request.env['HTTP_AUTHORIZATION']
-      return unless auth_header && auth_header =~ /^Basic (.*)/m
-      client_info = Base64.decode64($1).split(/:/, 2)
-      client_id = client_info[0]
-      client_secret = client_info[1]
-      return if client_id.nil? || client_secret.nil?
-      params[:client_id] = client_id
-      params[:client_secret] = client_secret
-    end
-
     def authenticate_resource_owner!
       current_resource_owner
     end
@@ -21,6 +10,10 @@ module Doorkeeper
       instance_exec(main_app, &Doorkeeper.configuration.authenticate_resource_owner)
     end
 
+    def resource_owner_from_credentials
+      instance_exec(main_app, &Doorkeeper.configuration.resource_owner_from_credentials)
+    end
+
     def authenticate_admin!
       if block = Doorkeeper.configuration.authenticate_admin
         instance_exec(main_app, &block)

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -10,6 +10,7 @@ class Doorkeeper::AuthorizationsController < Doorkeeper::ApplicationController
     elsif authorization.redirect_on_error?
       redirect_to authorization.invalid_redirect_uri
     else
+      @error = authorization.error_response
       render :error
     end
   end
@@ -20,6 +21,7 @@ class Doorkeeper::AuthorizationsController < Doorkeeper::ApplicationController
     elsif authorization.redirect_on_error?
       redirect_to authorization.invalid_redirect_uri
     else
+      @error = authorization.error_response
       render :error
     end
   end
@@ -31,8 +33,15 @@ class Doorkeeper::AuthorizationsController < Doorkeeper::ApplicationController
 
   private
 
+  def authorization_params
+    params.has_key?(:authorization) ? params[:authorization] : params
+  end
+
+  def client
+    @client ||= Doorkeeper::OAuth::Client.find(authorization_params[:client_id])
+  end
+
   def authorization
-    authorization_params = params.has_key?(:authorization) ? params[:authorization] : params
-    @authorization ||= Doorkeeper::OAuth::AuthorizationRequest.new(current_resource_owner, authorization_params)
+    @authorization ||= Doorkeeper::OAuth::AuthorizationRequest.new(client, current_resource_owner, authorization_params)
   end
 end

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -1,7 +1,4 @@
 class Doorkeeper::TokensController < Doorkeeper::ApplicationController
-
-  before_filter :parse_client_info_from_basic_auth, :only => :create
-
   def create
     response.headers.merge!({
       'Pragma'        => 'no-cache',
@@ -10,13 +7,30 @@ class Doorkeeper::TokensController < Doorkeeper::ApplicationController
     if token.authorize
       render :json => token.authorization
     else
-      render :json => token.error_response, :status => :unauthorized
+      render :json => token.error_response, :status => token.error_response.status
     end
   end
 
   private
 
+  def client
+    @client ||= Doorkeeper::OAuth::Client.authenticate(credentials)
+  end
+
+  def credentials
+    methods = Doorkeeper.configuration.client_credentials_methods
+    @credentials ||= Doorkeeper::OAuth::Client::Credentials.from_request(request, *methods)
+  end
+
   def token
-    @token ||= Doorkeeper::OAuth::AccessTokenRequest.new(params)
+    case params[:grant_type]
+    when 'password'
+      owner = resource_owner_from_credentials
+      @token ||= Doorkeeper::OAuth::PasswordAccessTokenRequest.new(client, owner, params)
+    when 'client_credentials'
+      @token ||= Doorkeeper::OAuth::ClientCredentialsRequest.new(Doorkeeper.configuration, client, params)
+    else
+      @token ||= Doorkeeper::OAuth::AccessTokenRequest.new(client, params)
+    end
   end
 end

data/app/models/doorkeeper/access_grant.rb

@@ -3,6 +3,7 @@ module Doorkeeper
     include Doorkeeper::OAuth::Helpers
     include Doorkeeper::Models::Expirable
     include Doorkeeper::Models::Revocable
+    include Doorkeeper::Models::Scopes
 
     self.table_name = :oauth_access_grants
 
@@ -18,14 +19,6 @@ module Doorkeeper
       !expired? && !revoked?
     end
 
-    def scopes
-      self[:scopes].split(" ").map(&:to_sym) if self[:scopes]
-    end
-
-    def scopes_string
-      self[:scopes]
-    end
-
     private
 
     def generate_token

data/app/models/doorkeeper/access_token.rb

@@ -3,6 +3,7 @@ module Doorkeeper
     include Doorkeeper::OAuth::Helpers
     include Doorkeeper::Models::Expirable
     include Doorkeeper::Models::Revocable
+    include Doorkeeper::Models::Scopes
 
     self.table_name = :oauth_access_tokens
 
@@ -10,7 +11,7 @@ module Doorkeeper
 
     scope :accessible, where(:revoked_at => nil)
 
-    validates :application_id, :resource_owner_id, :token, :presence => true
+    validates :application_id, :token, :presence => true
 
     attr_accessor :use_refresh_token
     attr_accessible :application_id, :resource_owner_id, :expires_in, :scopes, :use_refresh_token
@@ -47,15 +48,6 @@ module Doorkeeper
       !expired? && !revoked?
     end
 
-    def scopes
-      scope_string = self[:scopes] || ""
-      scope_string.split(" ").map(&:to_sym)
-    end
-
-    def scopes_string
-      self[:scopes]
-    end
-
     def use_refresh_token?
       self.use_refresh_token
     end

data/app/models/doorkeeper/application.rb

@@ -17,6 +17,10 @@ module Doorkeeper
 
     attr_accessible :name, :redirect_uri
 
+    def self.authenticate(uid, secret)
+      find_by_uid_and_secret(uid, secret)
+    end
+
     def self.column_names_with_table
       self.column_names.map { |c| "oauth_applications.#{c}" }
     end

data/app/views/doorkeeper/authorizations/error.html.erb

@@ -1,6 +1,6 @@
 <div class="span16">
   <h2>An error has occurred</h2>
   <p>
-    <pre><%= t @authorization.error, :scope => [:doorkeeper, :errors, :messages] %></pre>
+    <pre><%= @error.description %></pre>
   </p>
 </div>

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -9,7 +9,7 @@
   </p>
   <ul>
     <% @authorization.scopes.each do |scope| %>
-      <li><%= scope.description %></li>
+      <li><%= t scope, :scope => [:doorkeeper, :scopes]  %></li>
     <% end %>
   </ul>
   <% end %>

data/config/locales/en.yml

@@ -18,3 +18,6 @@ en:
         invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
         invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
         unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
+
+        # Password Access token errors
+        invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'

data/doorkeeper.gemspec

@@ -18,10 +18,11 @@ Gem::Specification.new do |s|
   s.add_dependency "railties", "~> 3.1"
 
   s.add_development_dependency "sqlite3", "~> 1.3.5"
-  s.add_development_dependency "rspec-rails", "~> 2.9.0"
+  s.add_development_dependency "rspec-rails", "~> 2.10.0"
   s.add_development_dependency "capybara", "~> 1.1.2"
   s.add_development_dependency "generator_spec", "~> 0.8.5"
   s.add_development_dependency "factory_girl", "~> 2.6.4"
   s.add_development_dependency "timecop", "~> 0.3.5"
   s.add_development_dependency "database_cleaner", "~> 0.7.1"
+  s.add_development_dependency "bcrypt-ruby", "~> 3.0.1"
 end

data/lib/doorkeeper.rb

@@ -1,3 +1,4 @@
+require "doorkeeper/version"
 require "doorkeeper/engine"
 require "doorkeeper/config"
 require "doorkeeper/doorkeeper_for"
@@ -6,9 +7,15 @@ module Doorkeeper
   autoload :Validations, "doorkeeper/validations"
 
   module OAuth
-    autoload :AuthorizationRequest, "doorkeeper/oauth/authorization_request"
-    autoload :AccessTokenRequest,   "doorkeeper/oauth/access_token_request"
-    autoload :Authorization,        "doorkeeper/oauth/authorization"
+    autoload :Scopes,                     "doorkeeper/oauth/scopes"
+    autoload :Error,                      "doorkeeper/oauth/error"
+    autoload :ErrorResponse,              "doorkeeper/oauth/error_response"
+    autoload :AuthorizationRequest,       "doorkeeper/oauth/authorization_request"
+    autoload :AccessTokenRequest,         "doorkeeper/oauth/access_token_request"
+    autoload :PasswordAccessTokenRequest, "doorkeeper/oauth/password_access_token_request"
+    autoload :ClientCredentialsRequest,   "doorkeeper/oauth/client_credentials_request"
+    autoload :Authorization,              "doorkeeper/oauth/authorization"
+    autoload :Client,                     "doorkeeper/oauth/client"
 
     module Helpers
       autoload :ScopeChecker, "doorkeeper/oauth/helpers/scope_checker"
@@ -20,5 +27,18 @@ module Doorkeeper
   module Models
     autoload :Expirable, "doorkeeper/models/expirable"
     autoload :Revocable, "doorkeeper/models/revocable"
+    autoload :Scopes,    "doorkeeper/models/scopes"
+  end
+
+  def self.configured?
+    @config.present?
+  end
+
+  def self.database_installed?
+    [AccessToken, AccessGrant, Application].all? { |model| model.table_exists? }
+  end
+
+  def self.installed?
+    configured? && database_installed?
   end
 end

data/lib/doorkeeper/config.rb

@@ -1,7 +1,3 @@
-require 'doorkeeper/config/scopes'
-require 'doorkeeper/config/scope'
-require 'doorkeeper/config/scopes_builder'
-
 module Doorkeeper
   def self.configure(&block)
     @config = Config::Builder.new(&block).build
@@ -12,11 +8,30 @@ module Doorkeeper
   end
 
   class Config
-    def default_scope_string
-      @scopes.try(:default_scope_string) || ""
-    end
-
     class Builder
+      # Helper class to migrate scopes using authorization_scopes block
+      # It will be removed in v0.5.x
+      class ScopesMigrator
+        attr_accessor :default_scopes, :optional_scopes, :translations
+
+        def initialize
+          @default_scopes, @optional_scopes, @translations = [], [], {}
+        end
+
+        def scope(scope, options = {})
+          if options[:default]
+            @optional_scopes << scope
+          else
+            @default_scopes << scope
+          end
+          @translations[scope] = options[:description]
+        end
+
+        def migrate(&block)
+          self.instance_eval(&block)
+        end
+      end
+
       def initialize(&block)
         @config = Config.new
         instance_eval(&block)
@@ -26,9 +41,30 @@ module Doorkeeper
         @config
       end
 
+      def default_scopes(*scopes)
+        @config.instance_variable_set("@default_scopes", Doorkeeper::OAuth::Scopes.from_array(scopes))
+      end
+
+      def optional_scopes(*scopes)
+        @config.instance_variable_set("@optional_scopes", Doorkeeper::OAuth::Scopes.from_array(scopes))
+      end
+
+      def client_credentials(*methods)
+        @config.instance_variable_set("@client_credentials", methods)
+      end
+
       def use_refresh_token
         @config.instance_variable_set("@refresh_token_enabled", true)
       end
+
+      # DEPRECATED: use default/optional scopes
+      def authorization_scopes(&block)
+        migrator = ScopesMigrator.new
+        migrator.migrate(&block)
+        self.default_scopes *migrator.default_scopes
+        self.optional_scopes *migrator.optional_scopes
+        @config.instance_variable_set("@authorization_scopes", migrator)
+      end
     end
 
     module Option
@@ -77,7 +113,11 @@ module Doorkeeper
         end
 
         define_method attribute do |*args|
-          instance_variable_get(:"@#{attribute}") || options[:default]
+          if instance_variable_defined?(:"@#{attribute}")
+            instance_variable_get(:"@#{attribute}")
+          else
+            options[:default]
+          end
         end
 
         public attribute
@@ -90,13 +130,34 @@ module Doorkeeper
 
     extend Option
 
-    option :resource_owner_authenticator, :as      => :authenticate_resource_owner
-    option :admin_authenticator,          :as      => :authenticate_admin
+    option :resource_owner_authenticator, :as => :authenticate_resource_owner
+    option :admin_authenticator,          :as => :authenticate_admin
+    option :resource_owner_from_credentials
     option :access_token_expires_in,      :default => 7200
-    option :authorization_scopes,         :as      => :scopes, :builder_class => ScopesBuilder, :default => Scopes.new
 
     def refresh_token_enabled?
       !!@refresh_token_enabled
     end
+
+    def default_scopes
+      @default_scopes ||= Doorkeeper::OAuth::Scopes.new
+    end
+
+    def optional_scopes
+      @optional_scopes ||= Doorkeeper::OAuth::Scopes.new
+    end
+
+    def scopes
+      @scopes ||= default_scopes + optional_scopes
+    end
+
+    def client_credentials_methods
+      @client_credentials ||= [:from_basic, :from_params]
+    end
+
+    # DEPRECATED: use default/optional scopes
+    def authorization_scopes
+      @authorization_scopes
+    end
   end
 end