RubyGems - doorkeeper - Versions diffs - 3.0.0.rc1 → 3.0.0.rc2 - Mend

doorkeeper 3.0.0.rc1 → 3.0.0.rc2

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (25) hide show

checksums.yaml +4 -4
data/NEWS.md +20 -0
data/README.md +1 -0
data/app/controllers/doorkeeper/applications_controller.rb +2 -2
data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
data/app/validators/redirect_uri_validator.rb +1 -1
data/app/views/doorkeeper/applications/_form.html.erb +13 -2
data/app/views/doorkeeper/applications/show.html.erb +3 -2
data/config/locales/en.yml +2 -0
data/lib/doorkeeper/grape/helpers.rb +1 -1
data/lib/doorkeeper/models/application_mixin.rb +6 -2
data/lib/doorkeeper/models/concerns/revocable.rb +2 -2
data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -1
data/lib/doorkeeper/rails/helpers.rb +6 -8
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/templates/migration.rb +8 -0
data/spec/controllers/protected_resources_controller_spec.rb +23 -3
data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +24 -0
data/spec/lib/models/revocable_spec.rb +2 -2
data/spec/lib/oauth/helpers/scope_checker_spec.rb +3 -3
data/spec/lib/oauth/token_request_spec.rb +3 -0
data/spec/models/doorkeeper/application_spec.rb +12 -0
data/spec/validators/redirect_uri_validator_spec.rb +5 -0
metadata +4 -3
data/CHANGELOG.md +0 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8450a1e6cc7b4a4b841532e3886687149b4d9200
-  data.tar.gz: 9d80327b747a96da75785cc32d208cbc829b6131
+  metadata.gz: 59aa2a41e1765b2d2b43c2f7b0f7f1811291abbb
+  data.tar.gz: a169c60170ec494653e248fd49aa78f6224f59e0
 SHA512:
-  metadata.gz: 9a23772dc01acb6827089ea7349c4492d08437d57dd5deb3318f1254505f97658a9b4db5276d5dbf033b8f8e99cc281b59c354e4166fffd85b52bbee9a7491c0
-  data.tar.gz: 749700263b4e424910c5713f923fd82b69737a87d69d472e852f1b6a1bacf330ecef4bd53f94cdae4a153aef371e6a04e2de02ee4a42e436eb61cd4052913365
+  metadata.gz: a99804357cd078363aa870de65887a6eb0a532207b220cfea96455a7f9a36737a8ea8ecaaf909f2dbea09fec05aca87b38a4364eb55e79da99dcc76f0b58d113
+  data.tar.gz: 441e975743a1aaa331bce2bfb98a333c419a13616075cb863bdca9586608e6daa071ecc08b859be513e63607cecf3083a425cd0eec22e238946c9515f03a339a

data/NEWS.md CHANGED Viewed

@@ -4,6 +4,23 @@ User-visible changes worth mentioning.
 ---
+## 3.0.0 (rc2)
+### Backward incompatible changes
+- [#678] Change application-specific scopes to take precedence over server-wide
+  scopes. This removes the previous behavior where the intersection between
+  application and server scopes was used.
+### Other changes
+- [#671] Fixes `NoMethodError - undefined method 'getlocal'` when calling
+  the /oauth/token path. Switch from using a DateTime object to update
+  AR to using a Time object. (Issue #668)
+- [#677] Support editing application-specific scopes via the standard forms
+- [#682] Pass error hash to Grape `error!`
+- [#683] Generate application secret/UID if fields are blank strings
 ## 3.0.0 (rc1)
 ### Backward incompatible changes
@@ -12,6 +29,9 @@ User-visible changes worth mentioning.
   https://github.com/doorkeeper-gem/doorkeeper-mongodb. If you use ActiveRecord
   you don’t need to do any change, otherwise you will need to install the new
   plugin.
+- [#665] `doorkeeper_unauthorized_render_options(error:)` and
+  `doorkeeper_forbidden_render_options(error:)` now accept `error` keyword
+  argument.
 ### Removed deprecations

data/README.md CHANGED Viewed

@@ -399,6 +399,7 @@ contributors](https://github.com/doorkeeper-gem/doorkeeper/contributors)!
 * [The OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749)
 * [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
+* [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
 ### License

data/app/controllers/doorkeeper/applications_controller.rb CHANGED Viewed

@@ -45,9 +45,9 @@ module Doorkeeper
     def application_params
       if params.respond_to?(:permit)
-        params.require(:doorkeeper_application).permit(:name, :redirect_uri)
+        params.require(:doorkeeper_application).permit(:name, :redirect_uri, :scopes)
       else
-        params[:doorkeeper_application].slice(:name, :redirect_uri) rescue nil
+        params[:doorkeeper_application].slice(:name, :redirect_uri, :scopes) rescue nil
       end
     end
   end

data/app/helpers/doorkeeper/dashboard_helper.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Doorkeeper::DashboardHelper
         content_tag(:span, class: 'help-block') do
           msg.capitalize
         end
-      end.reduce(&:join).html_safe
+      end.join.html_safe
     end
   end

data/app/validators/redirect_uri_validator.rb CHANGED Viewed

@@ -29,6 +29,6 @@ class RedirectUriValidator < ActiveModel::EachValidator
   def invalid_ssl_uri?(uri)
     forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
-    forces_ssl && uri.try(:scheme) != 'https'
+    forces_ssl && uri.try(:scheme) == 'http'
   end
 end

data/app/views/doorkeeper/applications/_form.html.erb CHANGED Viewed

@@ -17,8 +17,8 @@
       <%= f.text_area :redirect_uri, class: 'form-control' %>
       <%= doorkeeper_errors_for application, :redirect_uri %>
       <span class="help-block">
-         <%= t('doorkeeper.applications.help.redirect_uri') %>
-        </span>
+        <%= t('doorkeeper.applications.help.redirect_uri') %>
+      </span>
       <% if Doorkeeper.configuration.native_redirect_uri %>
           <span class="help-block">
             <%= raw t('doorkeeper.applications.help.native_redirect_uri', native_redirect_uri: "<code>#{ Doorkeeper.configuration.native_redirect_uri }</code>") %>
@@ -27,6 +27,17 @@
     </div>
   <% end %>
+  <%= content_tag :div, class: "form-group#{' has-error' if application.errors[:scopes].present?}" do %>
+    <%= f.label :scopes, class: 'col-sm-2 control-label' %>
+    <div class="col-sm-10">
+      <%= f.text_field :scopes, class: 'form-control' %>
+      <%= doorkeeper_errors_for application, :scopes %>
+      <span class="help-block">
+        <%= t('doorkeeper.applications.help.scopes') %>
+      </span>
+    </div>
+  <% end %>
   <div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
       <%= f.submit t('doorkeeper.applications.buttons.submit'), class: "btn btn-primary" %>

data/app/views/doorkeeper/applications/show.html.erb CHANGED Viewed

@@ -5,13 +5,14 @@
 <div class="row">
   <div class="col-md-8">
     <h4><%= t('.application_id') %>:</h4>
     <p><code id="application_id"><%= @application.uid %></code></p>
     <h4><%= t('.secret') %>:</h4>
     <p><code id="secret"><%= @application.secret %></code></p>
+    <h4><%= t('.scopes') %>:</h4>
+    <p><code id="scopes"><%= @application.scopes %></code></p>
     <h4><%= t('.callback_urls') %>:</h4>
     <table>

data/config/locales/en.yml CHANGED Viewed

@@ -29,6 +29,7 @@ en:
       help:
         redirect_uri: 'Use one line per URI'
         native_redirect_uri: 'Use %{native_redirect_uri} for local tests'
+        scopes: 'Separate scopes with spaces. Leave blank to use the default scopes.'
       edit:
         title: 'Edit application'
       index:
@@ -42,6 +43,7 @@ en:
         title: 'Application: %{name}'
         application_id: 'Application Id'
         secret: 'Secret'
+        scopes: 'Scopes'
         callback_urls: 'Callback urls'
         actions: 'Actions'

data/lib/doorkeeper/grape/helpers.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Doorkeeper
                         403
                       end
-        error!({ error: error.description }, status_code)
+        error!({ error: error.description }, status_code, error.headers)
       end
       private

data/lib/doorkeeper/models/application_mixin.rb CHANGED Viewed

@@ -39,11 +39,15 @@ module Doorkeeper
     end
     def generate_uid
-      self.uid ||= UniqueToken.generate
+      if uid.blank?
+        self.uid = UniqueToken.generate
+      end
     end
     def generate_secret
-      self.secret ||= UniqueToken.generate
+      if secret.blank?
+        self.secret = UniqueToken.generate
+      end
     end
   end
 end

data/lib/doorkeeper/models/concerns/revocable.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 module Doorkeeper
   module Models
     module Revocable
-      def revoke(clock = DateTime)
+      def revoke(clock = Time)
         update_attribute :revoked_at, clock.now
       end
       def revoked?
-        !!(revoked_at && revoked_at <= DateTime.now)
+        !!(revoked_at && revoked_at <= Time.now)
       end
     end
   end

data/lib/doorkeeper/oauth/helpers/scope_checker.rb CHANGED Viewed

@@ -25,7 +25,7 @@ module Doorkeeper
           def valid_scopes(server_scopes, application_scopes)
             if application_scopes.present?
-              server_scopes & application_scopes
+              application_scopes
             else
               server_scopes
             end

data/lib/doorkeeper/rails/helpers.rb CHANGED Viewed

@@ -11,12 +11,10 @@ module Doorkeeper
         end
       end
-      def doorkeeper_unauthorized_render_options
-        nil
+      def doorkeeper_unauthorized_render_options(error: nil)
       end
-      def doorkeeper_forbidden_render_options
-        nil
+      def doorkeeper_forbidden_render_options(error: nil)
       end
       def valid_doorkeeper_token?
@@ -32,7 +30,7 @@ module Doorkeeper
       end
       def doorkeeper_render_error_with(error)
-        options = doorkeeper_render_options || {}
+        options = doorkeeper_render_options(error) || {}
         if options.blank?
           head error.status
         else
@@ -50,11 +48,11 @@ module Doorkeeper
         end
       end
-      def doorkeeper_render_options
+      def doorkeeper_render_options(error)
         if doorkeeper_invalid_token_response?
-          doorkeeper_unauthorized_render_options
+          doorkeeper_unauthorized_render_options(error: error)
         else
-          doorkeeper_forbidden_render_options
+          doorkeeper_forbidden_render_options(error: error)
         end
       end

data/lib/doorkeeper/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Doorkeeper
-  VERSION = '3.0.0.rc1'
+  VERSION = '3.0.0.rc2'
 end

data/lib/generators/doorkeeper/templates/migration.rb CHANGED Viewed

@@ -27,7 +27,15 @@ class CreateDoorkeeperTables < ActiveRecord::Migration
     create_table :oauth_access_tokens do |t|
       t.integer  :resource_owner_id
       t.integer  :application_id
+      # If you use a custom token generator you may need to change this column
+      # from string to text, so that it accepts tokens larger than 255
+      # characters. More info on custom token generators in:
+      # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
+      #
+      # t.text     :token,             null: false
       t.string   :token,             null: false
       t.string   :refresh_token
       t.integer  :expires_in
       t.datetime :revoked_at

data/spec/controllers/protected_resources_controller_spec.rb CHANGED Viewed

@@ -126,7 +126,17 @@ describe 'doorkeeper authorize filter' do
     context 'with a JSON custom render', token: :invalid do
       before do
-        expect(controller).to receive(:doorkeeper_unauthorized_render_options).and_return(json: ActiveSupport::JSON.encode(error: 'Unauthorized'))
+        module ControllerActions
+          def doorkeeper_unauthorized_render_options(error: nil)
+            { json: ActiveSupport::JSON.encode(error_message: error.description) }
+          end
+        end
+      end
+      after do
+        module ControllerActions
+          def doorkeeper_unauthorized_render_options(error: nil)
+          end
+        end
       end
       it 'it renders a custom JSON response', token: :invalid do
@@ -136,13 +146,23 @@ describe 'doorkeeper authorize filter' do
         expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
         parsed_body = JSON.parse(response.body)
         expect(parsed_body).not_to be_nil
-        expect(parsed_body['error']).to eq('Unauthorized')
+        expect(parsed_body['error_message']).to match('token is invalid')
       end
     end
     context 'with a text custom render', token: :invalid do
       before do
-        expect(controller).to receive(:doorkeeper_unauthorized_render_options).and_return(text: 'Unauthorized')
+        module ControllerActions
+          def doorkeeper_unauthorized_render_options(error: nil)
+            { text: 'Unauthorized' }
+          end
+        end
+      end
+      after do
+        module ControllerActions
+          def doorkeeper_unauthorized_render_options(error: nil)
+          end
+        end
       end
       it 'it renders a custom JSON response', token: :invalid do

data/spec/helpers/doorkeeper/dashboard_helper_spec.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'spec_helper_integration'
+describe Doorkeeper::DashboardHelper do
+  describe '.doorkeeper_errors_for' do
+    let(:object) { double errors: { method: messages } }
+    let(:messages) { ['first message', 'second message'] }
+    context 'when object has errors' do
+      it 'returns error messages' do
+        messages.each do |message|
+          expect(helper.doorkeeper_errors_for(object, :method)).to include(
+            message.capitalize
+          )
+        end
+      end
+    end
+    context 'when object has no errors' do
+      it 'returns nil' do
+        expect(helper.doorkeeper_errors_for(object, :amonter_method)).to be_nil
+      end
+    end
+  end
+end

data/spec/lib/models/revocable_spec.rb CHANGED Viewed

@@ -19,12 +19,12 @@ describe 'Revocable' do
   describe :revoked? do
     it 'is revoked if :revoked_at has passed' do
-      allow(subject).to receive(:revoked_at).and_return(DateTime.now - 1000)
+      allow(subject).to receive(:revoked_at).and_return(Time.now - 1000)
       expect(subject).to be_revoked
     end
     it 'is not revoked if :revoked_at has not passed' do
-      allow(subject).to receive(:revoked_at).and_return(DateTime.now + 1000)
+      allow(subject).to receive(:revoked_at).and_return(Time.now + 1000)
       expect(subject).not_to be_revoked
     end

data/spec/lib/oauth/helpers/scope_checker_spec.rb CHANGED Viewed

@@ -41,12 +41,12 @@ module Doorkeeper::OAuth::Helpers
         Doorkeeper::OAuth::Scopes.from_string 'common svr'
       end
       let(:application_scopes) do
-        Doorkeeper::OAuth::Scopes.from_string 'common'
+        Doorkeeper::OAuth::Scopes.from_string 'app123'
       end
-      it 'is valid if scope is included in the server and the application' do
+      it 'is valid if scope is included in the application scope list' do
         expect(ScopeChecker.valid?(
-          'common',
+          'app123',
           server_scopes,
           application_scopes
         )).to be_truthy

data/spec/lib/oauth/token_request_spec.rb CHANGED Viewed

@@ -84,8 +84,11 @@ module Doorkeeper::OAuth
       it 'skips token creation if there is a matching one' do
         allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
+        allow(application.scopes).to receive(:has_scopes?).and_return(true)
+        allow(application.scopes).to receive(:all?).and_return(true)
         FactoryGirl.create(:access_token, application_id: pre_auth.client.id,
                            resource_owner_id: owner.id, scopes: 'public')
         expect do
           subject.authorize
         end.to_not change { Doorkeeper::AccessToken.count }

data/spec/models/doorkeeper/application_spec.rb CHANGED Viewed

@@ -55,6 +55,12 @@ module Doorkeeper
       expect(new_application.uid).not_to be_nil
     end
+    it 'generates uid on create if an empty string' do
+      new_application.uid = ''
+      new_application.save
+      expect(new_application.uid).not_to be_blank
+    end
     it 'generates uid on create unless one is set' do
       new_application.uid = uid
       new_application.save
@@ -93,6 +99,12 @@ module Doorkeeper
       expect(new_application.secret).not_to be_nil
     end
+    it 'generate secret on create if is blank string' do
+      new_application.secret = ''
+      new_application.save
+      expect(new_application.secret).not_to be_blank
+    end
     it 'generate secret on create unless one is set' do
       new_application.secret = secret
       new_application.save

data/spec/validators/redirect_uri_validator_spec.rb CHANGED Viewed

@@ -55,6 +55,11 @@ describe RedirectUriValidator do
       expect(subject).to be_valid
     end
+    it 'accepts app redirect uri' do
+      subject.redirect_uri = 'some-awesome-app://oauth/callback'
+      expect(subject).to be_valid
+    end
     it 'accepts a non secured protocol when disabled' do
       subject.redirect_uri = 'http://example.com/callback'
       allow(Doorkeeper.configuration).to receive(

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 3.0.0.rc1
+  version: 3.0.0.rc2
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-05-12 00:00:00.000000000 Z
+date: 2015-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -134,7 +134,6 @@ files:
 - ".hound.yml"
 - ".rspec"
 - ".travis.yml"
-- CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
 - MIT-LICENSE
@@ -287,6 +286,7 @@ files:
 - spec/generators/migration_generator_spec.rb
 - spec/generators/templates/routes.rb
 - spec/generators/views_generator_spec.rb
+- spec/helpers/doorkeeper/dashboard_helper_spec.rb
 - spec/lib/config_spec.rb
 - spec/lib/doorkeeper_spec.rb
 - spec/lib/models/expirable_spec.rb
@@ -426,6 +426,7 @@ test_files:
 - spec/generators/migration_generator_spec.rb
 - spec/generators/templates/routes.rb
 - spec/generators/views_generator_spec.rb
+- spec/helpers/doorkeeper/dashboard_helper_spec.rb
 - spec/lib/config_spec.rb
 - spec/lib/doorkeeper_spec.rb
 - spec/lib/models/expirable_spec.rb

data/CHANGELOG.md DELETED Viewed

	@@ -1 +0,0 @@
1	- Moved to [NEWS.md](https://github.com/doorkeeper-gem/doorkeeper/blob/master/NEWS.md)