doorkeeper 5.4.0.rc1 → 5.4.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (181) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +28 -1
  3. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  4. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  5. data/app/views/doorkeeper/applications/_form.html.erb +1 -1
  6. data/lib/doorkeeper.rb +1 -1
  7. data/lib/doorkeeper/config.rb +24 -18
  8. data/lib/doorkeeper/config/abstract_builder.rb +1 -1
  9. data/lib/doorkeeper/helpers/controller.rb +4 -4
  10. data/lib/doorkeeper/models/access_grant_mixin.rb +11 -5
  11. data/lib/doorkeeper/models/access_token_mixin.rb +9 -5
  12. data/lib/doorkeeper/models/application_mixin.rb +5 -4
  13. data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -2
  14. data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -1
  15. data/lib/doorkeeper/oauth/password_access_token_request.rb +1 -1
  16. data/lib/doorkeeper/oauth/pre_authorization.rb +5 -4
  17. data/lib/doorkeeper/oauth/token.rb +1 -2
  18. data/lib/doorkeeper/orm/active_record.rb +10 -2
  19. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +1 -1
  20. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +1 -1
  21. data/lib/doorkeeper/orm/active_record/mixins/application.rb +64 -9
  22. data/lib/doorkeeper/request/refresh_token.rb +2 -1
  23. data/lib/doorkeeper/version.rb +1 -1
  24. data/lib/generators/doorkeeper/templates/migration.rb.erb +12 -5
  25. metadata +5 -299
  26. data/Appraisals +0 -26
  27. data/CODE_OF_CONDUCT.md +0 -46
  28. data/CONTRIBUTING.md +0 -49
  29. data/Dangerfile +0 -67
  30. data/Dockerfile +0 -29
  31. data/Gemfile +0 -25
  32. data/NEWS.md +0 -1
  33. data/RELEASING.md +0 -11
  34. data/Rakefile +0 -28
  35. data/SECURITY.md +0 -15
  36. data/UPGRADE.md +0 -2
  37. data/bin/console +0 -30
  38. data/doorkeeper.gemspec +0 -42
  39. data/gemfiles/rails_5_0.gemfile +0 -19
  40. data/gemfiles/rails_5_1.gemfile +0 -19
  41. data/gemfiles/rails_5_2.gemfile +0 -19
  42. data/gemfiles/rails_6_0.gemfile +0 -19
  43. data/gemfiles/rails_master.gemfile +0 -19
  44. data/spec/controllers/application_metal_controller_spec.rb +0 -64
  45. data/spec/controllers/applications_controller_spec.rb +0 -274
  46. data/spec/controllers/authorizations_controller_spec.rb +0 -743
  47. data/spec/controllers/protected_resources_controller_spec.rb +0 -361
  48. data/spec/controllers/token_info_controller_spec.rb +0 -50
  49. data/spec/controllers/tokens_controller_spec.rb +0 -499
  50. data/spec/dummy/Rakefile +0 -9
  51. data/spec/dummy/app/assets/config/manifest.js +0 -2
  52. data/spec/dummy/app/controllers/application_controller.rb +0 -5
  53. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
  54. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
  55. data/spec/dummy/app/controllers/home_controller.rb +0 -18
  56. data/spec/dummy/app/controllers/metal_controller.rb +0 -13
  57. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
  58. data/spec/dummy/app/helpers/application_helper.rb +0 -7
  59. data/spec/dummy/app/models/user.rb +0 -11
  60. data/spec/dummy/app/views/home/index.html.erb +0 -0
  61. data/spec/dummy/app/views/layouts/application.html.erb +0 -14
  62. data/spec/dummy/config.ru +0 -6
  63. data/spec/dummy/config/application.rb +0 -51
  64. data/spec/dummy/config/boot.rb +0 -7
  65. data/spec/dummy/config/database.yml +0 -15
  66. data/spec/dummy/config/environment.rb +0 -5
  67. data/spec/dummy/config/environments/development.rb +0 -31
  68. data/spec/dummy/config/environments/production.rb +0 -64
  69. data/spec/dummy/config/environments/test.rb +0 -45
  70. data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
  71. data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
  72. data/spec/dummy/config/initializers/secret_token.rb +0 -10
  73. data/spec/dummy/config/initializers/session_store.rb +0 -10
  74. data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
  75. data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
  76. data/spec/dummy/config/routes.rb +0 -13
  77. data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
  78. data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
  79. data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
  80. data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
  81. data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
  82. data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
  83. data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
  84. data/spec/dummy/db/schema.rb +0 -70
  85. data/spec/dummy/public/404.html +0 -26
  86. data/spec/dummy/public/422.html +0 -26
  87. data/spec/dummy/public/500.html +0 -26
  88. data/spec/dummy/public/favicon.ico +0 -0
  89. data/spec/dummy/script/rails +0 -9
  90. data/spec/factories.rb +0 -30
  91. data/spec/generators/application_owner_generator_spec.rb +0 -28
  92. data/spec/generators/confidential_applications_generator_spec.rb +0 -29
  93. data/spec/generators/enable_polymorphic_resource_owner_generator_spec.rb +0 -47
  94. data/spec/generators/install_generator_spec.rb +0 -36
  95. data/spec/generators/migration_generator_spec.rb +0 -28
  96. data/spec/generators/pkce_generator_spec.rb +0 -28
  97. data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
  98. data/spec/generators/templates/routes.rb +0 -4
  99. data/spec/generators/views_generator_spec.rb +0 -29
  100. data/spec/grape/grape_integration_spec.rb +0 -137
  101. data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
  102. data/spec/lib/config_spec.rb +0 -813
  103. data/spec/lib/doorkeeper_spec.rb +0 -27
  104. data/spec/lib/models/expirable_spec.rb +0 -61
  105. data/spec/lib/models/reusable_spec.rb +0 -40
  106. data/spec/lib/models/revocable_spec.rb +0 -58
  107. data/spec/lib/models/scopes_spec.rb +0 -61
  108. data/spec/lib/models/secret_storable_spec.rb +0 -135
  109. data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
  110. data/spec/lib/oauth/authorization_code_request_spec.rb +0 -180
  111. data/spec/lib/oauth/base_request_spec.rb +0 -210
  112. data/spec/lib/oauth/base_response_spec.rb +0 -45
  113. data/spec/lib/oauth/client/credentials_spec.rb +0 -90
  114. data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -135
  115. data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -110
  116. data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -57
  117. data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
  118. data/spec/lib/oauth/client_credentials_request_spec.rb +0 -108
  119. data/spec/lib/oauth/client_spec.rb +0 -38
  120. data/spec/lib/oauth/code_request_spec.rb +0 -46
  121. data/spec/lib/oauth/code_response_spec.rb +0 -36
  122. data/spec/lib/oauth/error_response_spec.rb +0 -64
  123. data/spec/lib/oauth/error_spec.rb +0 -21
  124. data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
  125. data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
  126. data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
  127. data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
  128. data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
  129. data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
  130. data/spec/lib/oauth/password_access_token_request_spec.rb +0 -201
  131. data/spec/lib/oauth/pre_authorization_spec.rb +0 -218
  132. data/spec/lib/oauth/refresh_token_request_spec.rb +0 -166
  133. data/spec/lib/oauth/scopes_spec.rb +0 -146
  134. data/spec/lib/oauth/token_request_spec.rb +0 -164
  135. data/spec/lib/oauth/token_response_spec.rb +0 -84
  136. data/spec/lib/oauth/token_spec.rb +0 -156
  137. data/spec/lib/option_spec.rb +0 -51
  138. data/spec/lib/request/strategy_spec.rb +0 -54
  139. data/spec/lib/secret_storing/base_spec.rb +0 -60
  140. data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
  141. data/spec/lib/secret_storing/plain_spec.rb +0 -44
  142. data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
  143. data/spec/lib/server_spec.rb +0 -49
  144. data/spec/lib/stale_records_cleaner_spec.rb +0 -102
  145. data/spec/models/doorkeeper/access_grant_spec.rb +0 -175
  146. data/spec/models/doorkeeper/access_token_spec.rb +0 -650
  147. data/spec/models/doorkeeper/application_spec.rb +0 -442
  148. data/spec/requests/applications/applications_request_spec.rb +0 -259
  149. data/spec/requests/applications/authorized_applications_spec.rb +0 -32
  150. data/spec/requests/endpoints/authorization_spec.rb +0 -91
  151. data/spec/requests/endpoints/token_spec.rb +0 -79
  152. data/spec/requests/flows/authorization_code_errors_spec.rb +0 -82
  153. data/spec/requests/flows/authorization_code_spec.rb +0 -530
  154. data/spec/requests/flows/client_credentials_spec.rb +0 -207
  155. data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
  156. data/spec/requests/flows/implicit_grant_spec.rb +0 -91
  157. data/spec/requests/flows/password_spec.rb +0 -316
  158. data/spec/requests/flows/refresh_token_spec.rb +0 -241
  159. data/spec/requests/flows/revoke_token_spec.rb +0 -196
  160. data/spec/requests/flows/skip_authorization_spec.rb +0 -66
  161. data/spec/requests/protected_resources/metal_spec.rb +0 -16
  162. data/spec/requests/protected_resources/private_api_spec.rb +0 -83
  163. data/spec/routing/custom_controller_routes_spec.rb +0 -133
  164. data/spec/routing/default_routes_spec.rb +0 -41
  165. data/spec/routing/scoped_routes_spec.rb +0 -47
  166. data/spec/spec_helper.rb +0 -54
  167. data/spec/spec_helper_integration.rb +0 -4
  168. data/spec/support/dependencies/factory_bot.rb +0 -4
  169. data/spec/support/doorkeeper_rspec.rb +0 -22
  170. data/spec/support/helpers/access_token_request_helper.rb +0 -14
  171. data/spec/support/helpers/authorization_request_helper.rb +0 -43
  172. data/spec/support/helpers/config_helper.rb +0 -11
  173. data/spec/support/helpers/model_helper.rb +0 -78
  174. data/spec/support/helpers/request_spec_helper.rb +0 -110
  175. data/spec/support/helpers/url_helper.rb +0 -62
  176. data/spec/support/orm/active_record.rb +0 -5
  177. data/spec/support/shared/controllers_shared_context.rb +0 -133
  178. data/spec/support/shared/hashing_shared_context.rb +0 -36
  179. data/spec/support/shared/models_shared_examples.rb +0 -56
  180. data/spec/validators/redirect_uri_validator_spec.rb +0 -183
  181. data/spec/version/version_spec.rb +0 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7c9e55b1b52c75ecb1dc18678a2fb5e7683e85859f9a955c27a3197548c2b146
4
- data.tar.gz: 59f5eafd45d8a85b7f84c7553f1084ed31c8a7ede3b61d00382b8110aea5e63f
3
+ metadata.gz: 4bd9636505ce9c77f93c052d721fb3dad5fb6e135375a3fd3cc6f492e211c7df
4
+ data.tar.gz: 967a846ecfe1713842133555b9fd793c2f8600c9382aa13ffc209b7448a9aabd
5
5
  SHA512:
6
- metadata.gz: 1d64979c31b76f5f36671bfdea039da232aefdcb590a5fdf154740bb6968ec939cd5b883e163217431f38c6539017c01eb7d8518302f7b769c8a56857f16eab2
7
- data.tar.gz: 62e2bae23f51b365d2aab4c8ba10a8efbd5ac860f68b481a2d41b193a5df2576ba08ec4700ab9b8def2a59a4494709dd628c9b9ec7d5a10ddb709ab4466a5ce1
6
+ metadata.gz: a45ad0f893f9c47dc3a50672e668b9b3519db22bd6a6a05dfaf57d7f00c4d5bb228c4913ad6ab5886a063a4fdea4fe435eb886ad2b61f7274cbbf1c2d7be5166
7
+ data.tar.gz: c8fd9f47a74bc6735802ee90a3d63e266e928a59801e13becc8b345dc46902e80bfeb6b6830c9c44d7b90093a0cd4727f6d67e5519b137dd31cc9339d42901ec
data/CHANGELOG.md CHANGED
@@ -7,7 +7,24 @@ User-visible changes worth mentioning.
7
7
 
8
8
  ## master
9
9
 
10
- - [#PR number] Your changes description.
10
+ - [#PR ID] Your PR description.
11
+
12
+ ## 5.4.0.rc2
13
+
14
+ - [#1371] Add `#as_json` method and attributes serialization restriction for Application model.
15
+ Fixes information disclosure vulnerability (CVE-2020-10187).
16
+
17
+ **[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
18
+ if you previously used `#to_json` serialization with custom options or attributes or rely on
19
+ JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
20
+ is a breaking change which restricts serialized attributes to a very small set of columns.
21
+
22
+ - [#1395] Fix `NameError: uninitialized constant Doorkeeper::AccessToken` for Rake tasks.
23
+ - [#1397] Add `as: :doorkeeper_application` on Doorkeeper application form in order to support
24
+ custom configured application model.
25
+ - [#1400] Correctly yield the application instance to `allow_grant_flow_for_client?` config
26
+ option (fixes #1398).
27
+ - [#1402] Handle trying authorization with client credentials.
11
28
 
12
29
  ## 5.4.0.rc1
13
30
  - [#1366] Sets expiry of token generated using `refresh_token` to that of original token. (Fixes #1364)
@@ -41,6 +58,11 @@ User-visible changes worth mentioning.
41
58
  - [#1393] Improve Applications #show page with more informative data on client secret and scopes.
42
59
  - [#1394] Use Ruby `autoload` feature to load Doorkeeper files.
43
60
 
61
+ ## 5.3.2
62
+
63
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
64
+ Fixes information disclosure vulnerability (CVE-2020-10187).
65
+
44
66
  ## 5.3.1
45
67
 
46
68
  - [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
@@ -59,6 +81,11 @@ User-visible changes worth mentioning.
59
81
  If you were relying on access tokens being revoked once the same client
60
82
  requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
61
83
  initialization file.
84
+
85
+ ## 5.2.5
86
+
87
+ - [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
88
+ Fixes information disclosure vulnerability (CVE-2020-10187).
62
89
 
63
90
  ## 5.2.4
64
91
 
@@ -19,7 +19,7 @@ module Doorkeeper
19
19
  def show
20
20
  respond_to do |format|
21
21
  format.html
22
- format.json { render json: @application }
22
+ format.json { render json: @application, as_owner: true }
23
23
  end
24
24
  end
25
25
 
@@ -36,7 +36,7 @@ module Doorkeeper
36
36
 
37
37
  respond_to do |format|
38
38
  format.html { redirect_to oauth_application_url(@application) }
39
- format.json { render json: @application }
39
+ format.json { render json: @application, as_owner: true }
40
40
  end
41
41
  else
42
42
  respond_to do |format|
@@ -58,7 +58,7 @@ module Doorkeeper
58
58
 
59
59
  respond_to do |format|
60
60
  format.html { redirect_to oauth_application_url(@application) }
61
- format.json { render json: @application }
61
+ format.json { render json: @application, as_owner: true }
62
62
  end
63
63
  else
64
64
  respond_to do |format|
@@ -9,7 +9,7 @@ module Doorkeeper
9
9
 
10
10
  respond_to do |format|
11
11
  format.html
12
- format.json { render json: @applications }
12
+ format.json { render json: @applications, current_resource_owner: current_resource_owner }
13
13
  end
14
14
  end
15
15
 
@@ -1,4 +1,4 @@
1
- <%= form_for application, url: doorkeeper_submit_path(application), html: { role: 'form' } do |f| %>
1
+ <%= form_for application, url: doorkeeper_submit_path(application), as: :doorkeeper_application, html: { role: 'form' } do |f| %>
2
2
  <% if application.errors.any? %>
3
3
  <div class="alert alert-danger" data-alert><p><%= t('doorkeeper.applications.form.error') %></p></div>
4
4
  <% end %>
data/lib/doorkeeper.rb CHANGED
@@ -6,8 +6,8 @@ require "doorkeeper/engine"
6
6
  # Main Doorkeeper namespace.
7
7
  #
8
8
  module Doorkeeper
9
- autoload :OAuth, "doorkeeper/oauth"
10
9
  autoload :Errors, "doorkeeper/errors"
10
+ autoload :OAuth, "doorkeeper/oauth"
11
11
  autoload :Rake, "doorkeeper/rake"
12
12
  autoload :Request, "doorkeeper/request"
13
13
  autoload :Server, "doorkeeper/server"
@@ -134,15 +134,6 @@ module Doorkeeper
134
134
  @config.instance_variable_set(:@reuse_access_token, true)
135
135
  end
136
136
 
137
- # Sets the token_reuse_limit
138
- # It will be used only when reuse_access_token option in enabled
139
- # By default it will be 100
140
- # It will be used for token reusablity to some threshold percentage
141
- # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
142
- def token_reuse_limit(percentage)
143
- @config.instance_variable_set(:@token_reuse_limit, percentage)
144
- end
145
-
146
137
  # TODO: maybe make it more generic for other flows too?
147
138
  # Only allow one valid access token obtained via client credentials
148
139
  # per client. If a new access token is obtained before the old one
@@ -277,6 +268,13 @@ module Doorkeeper
277
268
  option :handle_auth_errors, default: :render
278
269
  option :token_lookup_batch_size, default: 10_000
279
270
 
271
+ # Sets the token_reuse_limit
272
+ # It will be used only when reuse_access_token option in enabled
273
+ # By default it will be 100
274
+ # It will be used for token reusablity to some threshold percentage
275
+ # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
276
+ option :token_reuse_limit, default: 100
277
+
280
278
  option :active_record_options,
281
279
  default: {},
282
280
  deprecated: { message: "Customize Doorkeeper models instead" }
@@ -426,20 +424,32 @@ module Doorkeeper
426
424
  :application_secret_fallback_strategy
427
425
 
428
426
  # Return the valid subset of this configuration
429
- def validate
427
+ def validate!
430
428
  validate_reuse_access_token_value
431
429
  validate_token_reuse_limit
432
430
  validate_secret_strategies
433
431
  end
434
432
 
433
+ # Doorkeeper Access Token model class.
434
+ #
435
+ # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
436
+ #
435
437
  def access_token_model
436
438
  @access_token_model ||= access_token_class.constantize
437
439
  end
438
440
 
441
+ # Doorkeeper Access Grant model class.
442
+ #
443
+ # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
444
+ #
439
445
  def access_grant_model
440
446
  @access_grant_model ||= access_grant_class.constantize
441
447
  end
442
448
 
449
+ # Doorkeeper Application model class.
450
+ #
451
+ # @return [ActiveRecord::Base, Mongoid::Document, Sequel::Model]
452
+ #
443
453
  def application_model
444
454
  @application_model ||= application_class.constantize
445
455
  end
@@ -460,14 +470,6 @@ module Doorkeeper
460
470
  end
461
471
  end
462
472
 
463
- def token_reuse_limit
464
- @token_reuse_limit ||= 100
465
- end
466
-
467
- def revoke_previous_client_credentials_token
468
- @revoke_previous_client_credentials_token || false
469
- end
470
-
471
473
  def resolve_controller(name)
472
474
  config_option = public_send(:"#{name}_controller")
473
475
  controller_name = if config_option.respond_to?(:call)
@@ -479,6 +481,10 @@ module Doorkeeper
479
481
  controller_name.constantize
480
482
  end
481
483
 
484
+ def revoke_previous_client_credentials_token?
485
+ option_set? :revoke_previous_client_credentials_token
486
+ end
487
+
482
488
  def enforce_configured_scopes?
483
489
  option_set? :enforce_configured_scopes
484
490
  end
@@ -20,7 +20,7 @@ module Doorkeeper
20
20
  # @return [Doorkeeper::Config] config instance
21
21
  #
22
22
  def build
23
- @config.validate if @config.respond_to?(:validate)
23
+ @config.validate! if @config.respond_to?(:validate!)
24
24
  @config
25
25
  end
26
26
  end
@@ -36,7 +36,7 @@ module Doorkeeper
36
36
 
37
37
  # :doc:
38
38
  def doorkeeper_token
39
- @doorkeeper_token ||= OAuth::Token.authenticate request, *config_methods
39
+ @doorkeeper_token ||= OAuth::Token.authenticate(request, *config_methods)
40
40
  end
41
41
 
42
42
  def config_methods
@@ -58,10 +58,10 @@ module Doorkeeper
58
58
  end
59
59
 
60
60
  def handle_token_exception(exception)
61
- error = get_error_response_from_exception exception
62
- headers.merge! error.headers
61
+ error = get_error_response_from_exception(exception)
62
+ headers.merge!(error.headers)
63
63
  self.response_body = error.body.to_json
64
- self.status = error.status
64
+ self.status = error.status
65
65
  end
66
66
 
67
67
  def skip_authorization?
@@ -13,7 +13,7 @@ module Doorkeeper
13
13
  include Models::Scopes
14
14
  include Models::ResourceOwnerable
15
15
 
16
- # never uses pkce, if pkce migrations were not generated
16
+ # Never uses PKCE if PKCE migrations were not generated
17
17
  def uses_pkce?
18
18
  self.class.pkce_supported? && code_challenge.present?
19
19
  end
@@ -24,8 +24,8 @@ module Doorkeeper
24
24
  #
25
25
  # @param token [#to_s] token value (any object that responds to `#to_s`)
26
26
  #
27
- # @return [Doorkeeper::AccessGrant, nil] AccessGrant object or nil
28
- # if there is no record with such token
27
+ # @return [Doorkeeper::AccessGrant, nil]
28
+ # AccessGrant object or nil if there is no record with such token
29
29
  #
30
30
  def by_token(token)
31
31
  find_by_plaintext_token(:token, token)
@@ -36,8 +36,8 @@ module Doorkeeper
36
36
  #
37
37
  # @param application_id [Integer]
38
38
  # ID of the Application
39
- # @param resource_owner [ActiveRecord::Base]
40
- # instance of the Resource Owner model
39
+ # @param resource_owner [ActiveRecord::Base, Integer]
40
+ # instance of the Resource Owner model or it's ID
41
41
  #
42
42
  def revoke_all_for(application_id, resource_owner, clock = Time)
43
43
  by_resource_owner(resource_owner)
@@ -100,6 +100,9 @@ module Doorkeeper
100
100
  ##
101
101
  # Determines the secret storing transformer
102
102
  # Unless configured otherwise, uses the plain secret strategy
103
+ #
104
+ # @return [Doorkeeper::SecretStoring::Base]
105
+ #
103
106
  def secret_strategy
104
107
  ::Doorkeeper.config.token_secret_strategy
105
108
  end
@@ -107,6 +110,9 @@ module Doorkeeper
107
110
  ##
108
111
  # Determine the fallback storing strategy
109
112
  # Unless configured, there will be no fallback
113
+ #
114
+ # @return [Doorkeeper::SecretStoring::Base]
115
+ #
110
116
  def fallback_secret_strategy
111
117
  ::Doorkeeper.config.token_secret_fallback_strategy
112
118
  end
@@ -61,8 +61,8 @@ module Doorkeeper
61
61
  #
62
62
  # @param application_id [Integer]
63
63
  # ID of the Application
64
- # @param resource_owner [ActiveRecord::Base]
65
- # instance of the Resource Owner model
64
+ # @param resource_owner [ActiveRecord::Base, Integer]
65
+ # instance of the Resource Owner model or it's ID
66
66
  #
67
67
  def revoke_all_for(application_id, resource_owner, clock = Time)
68
68
  by_resource_owner(resource_owner)
@@ -230,10 +230,11 @@ module Doorkeeper
230
230
  #
231
231
  # @param application_id [Integer]
232
232
  # ID of the Application model instance
233
- # @param resource_owner [Integer]
234
- # ID of the Resource Owner model instance
233
+ # @param resource_owner [ActiveRecord::Base, Integer]
234
+ # Resource Owner model instance or it's ID
235
235
  #
236
- # @return [Doorkeeper::AccessToken] array of matching AccessToken objects
236
+ # @return [ActiveRecord::Relation]
237
+ # collection of matching AccessToken objects
237
238
  #
238
239
  def authorized_tokens_for(application_id, resource_owner)
239
240
  by_resource_owner(resource_owner).where(
@@ -262,6 +263,9 @@ module Doorkeeper
262
263
  ##
263
264
  # Determines the secret storing transformer
264
265
  # Unless configured otherwise, uses the plain secret strategy
266
+ #
267
+ # @return [Doorkeeper::SecretStoring::Base]
268
+ #
265
269
  def secret_strategy
266
270
  ::Doorkeeper.config.token_secret_strategy
267
271
  end
@@ -20,8 +20,8 @@ module Doorkeeper
20
20
  # @param uid [#to_s] UID (any object that responds to `#to_s`)
21
21
  # @param secret [#to_s] secret (any object that responds to `#to_s`)
22
22
  #
23
- # @return [Doorkeeper::Application, nil] Application instance or nil
24
- # if there is no record with such credentials
23
+ # @return [Doorkeeper::Application, nil]
24
+ # Application instance or nil if there is no record with such credentials
25
25
  #
26
26
  def by_uid_and_secret(uid, secret)
27
27
  app = by_uid(uid)
@@ -60,9 +60,10 @@ module Doorkeeper
60
60
 
61
61
  # Set an application's valid redirect URIs.
62
62
  #
63
- # @param uris [String, Array] Newline-separated string or array the URI(s)
63
+ # @param uris [String, Array<String>] Newline-separated string or array the URI(s)
64
+ #
65
+ # @return [String] The redirect URI(s) separated by newlines.
64
66
  #
65
- # @return [String] The redirect URI(s) seperated by newlines.
66
67
  def redirect_uri=(uris)
67
68
  super(uris.is_a?(Array) ? uris.join("\n") : uris)
68
69
  end
@@ -25,7 +25,7 @@ module Doorkeeper
25
25
  private
26
26
 
27
27
  def with_revocation(existing_token:)
28
- if existing_token && server_config.revoke_previous_client_credentials_token
28
+ if existing_token && server_config.revoke_previous_client_credentials_token?
29
29
  existing_token.with_lock do
30
30
  raise Errors::DoorkeeperError, :invalid_token_reuse if existing_token.revoked?
31
31
 
@@ -39,7 +39,7 @@ module Doorkeeper
39
39
  end
40
40
 
41
41
  def lookup_existing_token?
42
- server_config.reuse_access_token || server_config.revoke_previous_client_credentials_token
42
+ server_config.reuse_access_token || server_config.revoke_previous_client_credentials_token?
43
43
  end
44
44
 
45
45
  def find_existing_token_for(client, scopes)
@@ -26,9 +26,11 @@ module Doorkeeper
26
26
  end
27
27
 
28
28
  def validate_client_supports_grant_flow
29
+ return if @client.blank?
30
+
29
31
  Doorkeeper.config.allow_grant_flow_for_client?(
30
32
  Doorkeeper::OAuth::CLIENT_CREDENTIALS,
31
- @client,
33
+ @client.application,
32
34
  )
33
35
  end
34
36
 
@@ -48,7 +48,7 @@ module Doorkeeper
48
48
  end
49
49
 
50
50
  def validate_client_supports_grant_flow
51
- server_config.allow_grant_flow_for_client?(grant_type, client)
51
+ server_config.allow_grant_flow_for_client?(grant_type, client&.application)
52
52
  end
53
53
  end
54
54
  end
@@ -7,16 +7,16 @@ module Doorkeeper
7
7
 
8
8
  validate :client_id, error: :invalid_request
9
9
  validate :client, error: :invalid_client
10
+ validate :client_supports_grant_flow, error: :unauthorized_client
10
11
  validate :resource_owner_authorize_for_client, error: :invalid_client
11
12
  validate :redirect_uri, error: :invalid_redirect_uri
12
13
  validate :params, error: :invalid_request
13
14
  validate :response_type, error: :unsupported_response_type
14
15
  validate :scopes, error: :invalid_scope
15
16
  validate :code_challenge_method, error: :invalid_code_challenge_method
16
- validate :client_supports_grant_flow, error: :unauthorized_client
17
17
 
18
- attr_reader :server, :client_id, :client, :redirect_uri, :response_type, :state,
19
- :code_challenge, :code_challenge_method, :missing_param, :resource_owner
18
+ attr_reader :client, :code_challenge, :code_challenge_method, :missing_param,
19
+ :redirect_uri, :resource_owner, :response_type, :state
20
20
 
21
21
  def initialize(server, parameters = {}, resource_owner = nil)
22
22
  @server = server
@@ -59,6 +59,8 @@ module Doorkeeper
59
59
 
60
60
  private
61
61
 
62
+ attr_reader :client_id, :server
63
+
62
64
  def build_scopes
63
65
  client_scopes = client.scopes
64
66
  if client_scopes.blank?
@@ -70,7 +72,6 @@ module Doorkeeper
70
72
 
71
73
  def validate_client_id
72
74
  @missing_param = :client_id if client_id.blank?
73
-
74
75
  @missing_param.nil?
75
76
  end
76
77
 
@@ -15,8 +15,7 @@ module Doorkeeper
15
15
  def authenticate(request, *methods)
16
16
  if (token = from_request(request, *methods))
17
17
  access_token = Doorkeeper.config.access_token_model.by_token(token)
18
- refresh_token_enabled = Doorkeeper.config.refresh_token_enabled?
19
- if access_token.present? && refresh_token_enabled
18
+ if access_token.present? && Doorkeeper.config.refresh_token_enabled?
20
19
  access_token.revoke_previous_refresh_token!
21
20
  end
22
21
  access_token
@@ -33,12 +33,20 @@ module Doorkeeper
33
33
  lazy_load do
34
34
  require "doorkeeper/models/concerns/ownership"
35
35
 
36
- Doorkeeper.config.application_model.send :include, Doorkeeper::Models::Ownership
36
+ Doorkeeper.config.application_model.include(Doorkeeper::Models::Ownership)
37
37
  end
38
38
  end
39
39
 
40
40
  def self.lazy_load(&block)
41
- ActiveSupport.on_load(:active_record, {}, &block)
41
+ # ActiveSupport has no public interface to check if something
42
+ # already lazy-loaded :(
43
+ loaded = ActiveSupport.instance_variable_get(:"@loaded") || {}
44
+
45
+ if loaded.key?(:active_record)
46
+ block.call
47
+ else
48
+ ActiveSupport.on_load(:active_record, {}, &block)
49
+ end
42
50
  end
43
51
 
44
52
  def self.models