RubyGems - doorkeeper - Versions diffs - 4.0.0.rc3 → 4.0.0.rc4 - Mend

doorkeeper 4.0.0.rc3 → 4.0.0.rc4

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (59) hide show

checksums.yaml +4 -4
data/.travis.yml +2 -2
data/CONTRIBUTING.md +2 -0
data/Gemfile +4 -0
data/NEWS.md +11 -1
data/README.md +14 -20
data/Rakefile +1 -1
data/app/controllers/doorkeeper/application_metal_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +1 -1
data/app/helpers/doorkeeper/dashboard_helper.rb +13 -11
data/doorkeeper.gemspec +1 -1
data/lib/doorkeeper.rb +1 -1
data/lib/doorkeeper/config.rb +6 -23
data/lib/doorkeeper/helpers/controller.rb +1 -1
data/lib/doorkeeper/models/access_grant_mixin.rb +2 -2
data/lib/doorkeeper/models/access_token_mixin.rb +19 -15
data/lib/doorkeeper/models/application_mixin.rb +3 -3
data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
data/lib/doorkeeper/oauth/client_credentials/issuer.rb +2 -1
data/lib/doorkeeper/oauth/client_credentials_request.rb +4 -3
data/lib/doorkeeper/oauth/code_response.rb +13 -14
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +2 -1
data/lib/doorkeeper/oauth/password_access_token_request.rb +6 -10
data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
data/lib/doorkeeper/oauth/scopes.rb +2 -2
data/lib/doorkeeper/oauth/token.rb +3 -4
data/lib/doorkeeper/oauth/token_response.rb +1 -1
data/lib/doorkeeper/orm/active_record.rb +0 -16
data/lib/doorkeeper/orm/active_record/access_token.rb +8 -0
data/lib/doorkeeper/orm/active_record/application.rb +2 -7
data/lib/doorkeeper/rails/helpers.rb +1 -1
data/lib/doorkeeper/rails/routes.rb +2 -1
data/lib/doorkeeper/rails/routes/mapper.rb +1 -1
data/lib/doorkeeper/request/password.rb +11 -1
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +1 -1
data/lib/generators/doorkeeper/templates/migration.rb +2 -2
data/spec/controllers/protected_resources_controller_spec.rb +10 -10
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +2 -2
data/spec/dummy/app/controllers/home_controller.rb +1 -1
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +2 -2
data/spec/dummy/config/environments/test.rb +0 -3
data/spec/lib/config_spec.rb +1 -1
data/spec/lib/oauth/authorization_code_request_spec.rb +1 -1
data/spec/lib/oauth/password_access_token_request_spec.rb +5 -5
data/spec/lib/oauth/refresh_token_request_spec.rb +14 -8
data/spec/models/doorkeeper/access_token_spec.rb +18 -1
data/spec/models/doorkeeper/application_spec.rb +1 -9
data/spec/requests/flows/password_spec.rb +26 -5
data/spec/requests/flows/refresh_token_spec.rb +2 -2
data/spec/spec_helper_integration.rb +3 -0
data/spec/support/helpers/model_helper.rb +27 -5
data/spec/support/http_method_shim.rb +24 -0
data/spec/support/shared/models_shared_examples.rb +1 -1
metadata +4 -4
data/lib/generators/doorkeeper/application_scopes_generator.rb +0 -34
data/lib/generators/doorkeeper/templates/add_scopes_to_oauth_applications.rb +0 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7970dc66221f5d0ae37df19896a059af6583c3b4
-  data.tar.gz: 9946ccd3e46137c0ed1e51430848ed0ea6e42c9d
+  metadata.gz: 8dc5d57a6b22f136349e84f529ef9a925553dd9f
+  data.tar.gz: a37456b60aa1dfa8f530fdb267d163838dcb9da5
 SHA512:
-  metadata.gz: bf56405349f6d0c3e1402a57b962ba25c17dbd78116cb20045088bdf0981f2a2b7539f96d57afff02b00cf62273457b50b388f9fa45aad9cc38e6fd4e5a13b1f
-  data.tar.gz: 6fccbea56797d79ebc29e33e9fc13139308e92a5e09f48f70b12a5f97088c9e9f4ded86e12bc7fa595c7517dad3b4ab76dbed4e0aa6d7306c437db114eb2b74a
+  metadata.gz: d97281f371ce8772fbdd540066a19d0dcae962ae7cac57fd05d1b877c7cb5923e42d080f8def9da8ceed8348251f1eae7b2459abca0c7c0cef44be91ceacefa8
+  data.tar.gz: 6dde7539983303cbefd28391b9a8617ee24ed1e2234c1e7cd80dae1896d2c100617be9cfc1b84715c82502a841caf11a7ed849c728cb123177572449cc657ab9

data/.travis.yml CHANGED Viewed

@@ -12,9 +12,9 @@ before_install:
 env:
   - rails=4.2.0
-  - rails=5.0.0.beta3
+  - rails=5.0.0.rc1
 matrix:
   exclude:
-    - env: rails=5.0.0.beta3
+    - env: rails=5.0.0.rc1
       rvm: 2.1

data/CONTRIBUTING.md CHANGED Viewed

@@ -26,6 +26,8 @@ Make the tests pass:
     rake
+Add notes on your change to the `NEWS.md` file.
 Write a [good commit message][commit].
 Push to your fork.
 [Submit a pull request][pr].

data/Gemfile CHANGED Viewed

@@ -4,6 +4,10 @@ source "https://rubygems.org"
 gem "rails", "~> #{ENV["rails"]}"
+if ENV['rails'].start_with?('5')
+  gem 'rspec-rails', '3.5.0.beta3'
+end
 gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
 gem "sqlite3", platform: [:ruby, :mswin, :mingw]

data/NEWS.md CHANGED Viewed

@@ -2,7 +2,17 @@
 User-visible changes worth mentioning.
----
+## master
+## 4.0.0.rc4
+- [#777] Add support for public client in password grant flow
+- [#823] Make configuration and specs ORM independent
+- [#745] Add created_at timestamp to token generation options
+- [#838] Drop `Application#scopes` generator and warning, introduced for
+  upgrading doorkeeper from v2 to v3.
+- [#801] Fix Rails 5 warning messages
+- Test against Rails 5 RC1
 ## 4.0.0.rc3

data/README.md CHANGED Viewed

@@ -76,17 +76,11 @@ to generate the migration tables:
     rails generate doorkeeper:migration
 You may want to add foreign keys to your migration. For example, if you plan on
-using `User` as the resource owner, change the line in the migration
-file:
+using `User` as the resource owner, add the following line to the migration file
+for each table that includes a `resource_owner_id` column:
 ```ruby
-t.integer    :resource_owner_id, null: false
-```
-to:
-```ruby
-t.references :user, foreign_key: true, null: false
+add_foreign_key :table_name, :users, column: :resource_owner_id
 ```
 Then run migrations:
@@ -252,13 +246,13 @@ class Api::V1::ProductsController < Api::V1::ApiController
 end
 ```
-Please note that there is a logical OR between multiple required scopes. In
+Please note that there is a logical OR between multiple required scopes. In the
 above example, `doorkeeper_authorize! :admin, :write` means that the access
-token is required to have either `:admin` scope or `:write` scope, but not need
-have both of them.
+token is required to have either `:admin` scope or `:write` scope, but does not
+need have both of them.
-If want to require the access token to have multiple scopes at the same time,
-use multiple `doorkeeper_authorize!`, for example:
+If you want to require the access token to have multiple scopes at the same
+time, use multiple `doorkeeper_authorize!`, for example:
 ```ruby
 class Api::V1::ProductsController < Api::V1::ApiController
@@ -270,8 +264,8 @@ class Api::V1::ProductsController < Api::V1::ApiController
 end
 ```
-In above example, a client can call `:create` action only if its access token
-have both `:admin` and `:write` scopes.
+In the above example, a client can call `:create` action only if its access token
+has both `:admin` and `:write` scopes.
 ### Custom Access Token Generator
@@ -319,7 +313,7 @@ token owner.
 ### Applications list
-By default, the applications list (`/oauth/applications`) is public available.
+By default, the applications list (`/oauth/applications`) is publicly available.
 To protect the endpoint you should uncomment these lines:
 ```ruby
@@ -333,9 +327,9 @@ end
 The logic is the same as the `resource_owner_authenticator` block. **Note:**
 since the application list is just a scaffold, it's recommended to either
-customize the controller used by the list or skip the controller at all. For
-more information see the page [in the
-wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
+customize the controller used by the list or skip the controller all together.
+For more information see the page
+[in the wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes).
 ## Other customizations

data/Rakefile CHANGED Viewed

@@ -2,7 +2,7 @@ require 'bundler/setup'
 require 'rspec/core/rake_task'
 desc 'Default: run specs.'
-task :default => :spec
+task default: :spec
 desc "Run all specs"
 RSpec::Core::RakeTask.new(:spec) do |config|

data/app/controllers/doorkeeper/application_metal_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Doorkeeper
       ActionController::Rendering,
       ActionController::Renderers::All,
       Helpers::Controller
-    ]
+    ].freeze
     MODULES.each do |mod|
       include mod

data/app/controllers/doorkeeper/tokens_controller.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Doorkeeper
   class TokensController < Doorkeeper::ApplicationMetalController
     def create
       response = authorize_response
-      self.headers.merge! response.headers
+      headers.merge! response.headers
       self.response_body = response.body.to_json
       self.status        = response.status
     rescue Errors::DoorkeeperError => e

data/app/helpers/doorkeeper/dashboard_helper.rb CHANGED Viewed

@@ -1,15 +1,17 @@
-module Doorkeeper::DashboardHelper
-  def doorkeeper_errors_for(object, method)
-    if object.errors[method].present?
-      object.errors[method].map do |msg|
-        content_tag(:span, class: 'help-block') do
-          msg.capitalize
-        end
-      end.join.html_safe
+module Doorkeeper
+  module DashboardHelper
+    def doorkeeper_errors_for(object, method)
+      if object.errors[method].present?
+        object.errors[method].map do |msg|
+          content_tag(:span, class: 'help-block') do
+            msg.capitalize
+          end
+        end.join.html_safe
+      end
     end
-  end
-  def doorkeeper_submit_path(application)
-    application.persisted? ? oauth_application_path(application) : oauth_applications_path
+    def doorkeeper_submit_path(application)
+      application.persisted? ? oauth_application_path(application) : oauth_applications_path
+    end
   end
 end

data/doorkeeper.gemspec CHANGED Viewed

@@ -1,4 +1,4 @@
-$:.push File.expand_path("../lib", __FILE__)
+$LOAD_PATH.push File.expand_path("../lib", __FILE__)
 require "doorkeeper/version"

data/lib/doorkeeper.rb CHANGED Viewed

@@ -54,7 +54,7 @@ module Doorkeeper
   end
   def self.database_installed?
-    [AccessToken, AccessGrant, Application].all? { |model| model.table_exists? }
+    [AccessToken, AccessGrant, Application].all?(&:table_exists?)
   end
   def self.installed?

data/lib/doorkeeper/config.rb CHANGED Viewed

@@ -10,15 +10,10 @@ module Doorkeeper
     setup_orm_adapter
     setup_orm_models
     setup_application_owner if @config.enable_application_owner?
-    check_requirements
   end
   def self.configuration
-    @config || (fail MissingConfiguration.new)
-  end
-  def self.check_requirements
-    @orm_adapter.check_requirements!(configuration)
+    @config || (fail MissingConfiguration)
   end
   def self.setup_orm_adapter
@@ -136,17 +131,17 @@ doorkeeper.
           remove_method name if method_defined?(name)
           define_method name do |*args, &block|
             # TODO: is builder_class option being used?
-            value = unless attribute_builder
-                      block ? block : args.first
-                    else
+            value = if attribute_builder
                       attribute_builder.new(&block).build
+                    else
+                      block ? block : args.first
                     end
             @config.instance_variable_set(:"@#{attribute}", value)
           end
         end
-        define_method attribute do |*args|
+        define_method attribute do |*_args|
           if instance_variable_defined?(:"@#{attribute}")
             instance_variable_get(:"@#{attribute}")
           else
@@ -181,7 +176,7 @@ doorkeeper.
     option :skip_authorization,             default: ->(_routes) {}
     option :access_token_expires_in,        default: 7200
-    option :custom_access_token_expires_in, default: lambda { |_app| nil }
+    option :custom_access_token_expires_in, default: ->(_app) { nil }
     option :authorization_code_expires_in,  default: 600
     option :orm,                            default: :active_record
     option :native_redirect_uri,            default: 'urn:ietf:wg:oauth:2.0:oob'
@@ -236,18 +231,6 @@ doorkeeper.
       @token_grant_types ||= calculate_token_grant_types
     end
-    def refresh_token_revoked_on_use?
-      unless @refresh_token_revoked_on_use.nil?
-        return @refresh_token_revoked_on_use
-      end
-      @refresh_token_revoked_on_use =
-        ActiveRecord::Base.connection.column_exists?(
-          :oauth_access_tokens,
-          :previous_refresh_token
-        )
-    end
     private
     # Determines what values are acceptable for 'response_type' param in

data/lib/doorkeeper/helpers/controller.rb CHANGED Viewed

@@ -54,7 +54,7 @@ module Doorkeeper
       def handle_token_exception(exception)
         error = get_error_response_from_exception exception
-        self.headers.merge! error.headers
+        headers.merge! error.headers
         self.response_body = error.body.to_json
         self.status        = error.status
       end

data/lib/doorkeeper/models/access_grant_mixin.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Doorkeeper
         inverse_of: :access_grants
       }
       if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
-        belongs_to_options.merge!(optional: true)
+        belongs_to_options[:optional] = true
       end
       belongs_to :application, belongs_to_options
@@ -28,7 +28,7 @@ module Doorkeeper
     module ClassMethods
       def by_token(token)
-        where(token: token.to_s).limit(1).to_a.first
+        find_by(token: token.to_s)
       end
     end

data/lib/doorkeeper/models/access_token_mixin.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Doorkeeper
         inverse_of: :access_tokens
       }
       if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
-        belongs_to_options.merge!(optional: true)
+        belongs_to_options[:optional] = true
       end
       belongs_to :application, belongs_to_options
@@ -33,18 +33,18 @@ module Doorkeeper
     module ClassMethods
       def by_token(token)
-        where(token: token.to_s).limit(1).to_a.first
+        find_by(token: token.to_s)
       end
       def by_refresh_token(refresh_token)
-        where(refresh_token: refresh_token.to_s).first
+        find_by(refresh_token: refresh_token.to_s)
       end
       def revoke_all_for(application_id, resource_owner)
         where(application_id: application_id,
               resource_owner_id: resource_owner.id,
               revoked_at: nil).
-          map(&:revoke)
+          each(&:revoke)
       end
       def matching_token_for(application, resource_owner_or_id, scopes)
@@ -75,6 +75,7 @@ module Doorkeeper
             return access_token
           end
         end
         create!(
           application_id:    application.try(:id),
           resource_owner_id: resource_owner_id,
@@ -85,13 +86,10 @@ module Doorkeeper
       end
       def last_authorized_token_for(application_id, resource_owner_id)
-        where(application_id: application_id,
-              resource_owner_id: resource_owner_id,
-              revoked_at: nil).
-          send(order_method, created_at_desc).
-          limit(1).
-          to_a.
-          first
+        send(order_method, created_at_desc).
+          find_by(application_id: application_id,
+                  resource_owner_id: resource_owner_id,
+                  revoked_at: nil)
       end
     end
@@ -110,7 +108,7 @@ module Doorkeeper
         scopes:             scopes,
         expires_in_seconds: expires_in_seconds,
         application:        { uid: application.try(:uid) },
-        created_at:         created_at.to_i,
+        created_at:         created_at.to_i
       }
     end
@@ -131,10 +129,16 @@ module Doorkeeper
     end
     def generate_token
+      self.created_at ||= Time.now.utc
       generator = Doorkeeper.configuration.access_token_generator.constantize
-      self.token = generator.generate(resource_owner_id: resource_owner_id,
-                                      scopes: scopes, application: application,
-                                      expires_in: expires_in)
+      self.token = generator.generate(
+        resource_owner_id: resource_owner_id,
+        scopes: scopes,
+        application: application,
+        expires_in: expires_in,
+        created_at: created_at
+      )
     rescue NoMethodError
       raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
     rescue NameError

data/lib/doorkeeper/models/application_mixin.rb CHANGED Viewed

@@ -19,11 +19,11 @@ module Doorkeeper
     module ClassMethods
       def by_uid_and_secret(uid, secret)
-        where(uid: uid.to_s, secret: secret.to_s).limit(1).to_a.first
+        find_by(uid: uid.to_s, secret: secret.to_s)
       end
       def by_uid(uid)
-        where(uid: uid.to_s).limit(1).to_a.first
+        find_by(uid: uid.to_s)
       end
     end
@@ -31,7 +31,7 @@ module Doorkeeper
     def has_scopes?
       Doorkeeper.configuration.orm != :active_record ||
-        Application.new.attributes.include?("scopes")
+        Doorkeeper::Application.column_names.include?("scopes")
     end
     def generate_uid

data/lib/doorkeeper/models/concerns/ownership.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Doorkeeper
       included do
         belongs_to_options = { polymorphic: true }
         if defined?(ActiveRecord::Base) && ActiveRecord::VERSION::MAJOR >= 5
-          belongs_to_options.merge!(optional: true)
+          belongs_to_options[:optional] = true
         end
         belongs_to :owner, belongs_to_options

data/lib/doorkeeper/models/concerns/revocable.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Doorkeeper
       end
       def refresh_token_revoked_on_use?
-        Doorkeeper.configuration.refresh_token_revoked_on_use?
+        AccessToken.refresh_token_revoked_on_use?
       end
     end
   end

data/lib/doorkeeper/oauth/authorization/uri_builder.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Doorkeeper
         end
         def build_query(parameters = {})
-          parameters = parameters.reject { |k, v| v.blank? }
+          parameters = parameters.reject { |_, v| v.blank? }
           super parameters
         end
       end