garage-doorkeeper 1.0.0

data/spec/dummy/app/models/comment.rb

@@ -0,0 +1,17 @@
+class Comment < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :post
+
+  alias :commenter :user
+
+  def post_owner
+    post.user
+  end
+
+  include Garage::Representer
+
+  property :id
+  property :body
+  property :commenter # no :selectable here!
+  property :post_owner, selectable: true
+end

data/spec/dummy/app/models/namespaced_post.rb

@@ -0,0 +1,7 @@
+class NamespacedPost
+  # Virtual class to use for private post actions with Permissions
+
+  def self.build_permissions(perms, other, target)
+    perms.permits! :read, :write
+  end
+end

data/spec/dummy/app/models/post.rb

@@ -0,0 +1,43 @@
+class Post < ActiveRecord::Base
+  belongs_to :user, :touch => true
+  has_many :comments
+
+  include Garage::Representer
+  include Garage::Authorizable
+
+  property :id
+  property :title
+  property :body, selectable: accessible(PostBody)
+  property :tag, as: :label, selectable: true
+  property :user, selectable: true
+
+  collection :comments, selectable: true
+
+  link(:self) { post_path(self) }
+
+  def tag
+    'cat'
+  end
+
+  def owner
+    user
+  end
+
+  def build_permissions(perms, other)
+    perms.permits! :read
+    perms.permits! :write if owner == other
+  end
+
+  def self.build_permissions(perms, other, target)
+    if target[:user]
+      perms.permits! :read, :write if target[:user] == other
+    else
+      # public resource i.e. /posts
+      perms.permits! :read, :write
+    end
+  end
+
+  def self.garage_examples(user)
+    [:posts_path, Post.first]
+  end
+end

data/spec/dummy/app/models/post_body.rb

@@ -0,0 +1,3 @@
+class PostBody
+  # virtual resource
+end

data/spec/dummy/app/models/post_stream.rb

@@ -0,0 +1,2 @@
+class PostStream
+end

data/spec/dummy/app/models/private_post.rb

@@ -0,0 +1,7 @@
+class PrivatePost
+  # Virtual class to use for private post actions with Permissions
+
+  def self.build_permissions(perms, other, target)
+    perms.permits! :read, :write if target[:user] == other
+  end
+end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,17 @@
+class User < ActiveRecord::Base
+  has_many :posts
+
+  include Garage::Representer
+
+  property :id
+  property :name
+  property :email
+
+  link(:self) { user_path(self) }
+  link(:canonical) { user_path(self) }
+  link(:posts) { user_posts_path(self) }
+
+  def self.garage_examples(user)
+    [:users_path, user]
+  end
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application", :media => "all" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/app/views/sessions/create.html.erb

@@ -0,0 +1 @@
+Done!

data/spec/dummy/app/views/sessions/destroy.html.erb

@@ -0,0 +1 @@
+Signed out.

data/spec/dummy/app/views/sessions/new.html.erb

@@ -0,0 +1,4 @@
+<%= form_for @user, :url => session_path do |f| %>
+  <%= f.text_field :name %>
+  <%= f.submit :value => "Sign in" %>
+<% end %>

data/spec/dummy/app/views/sessions/show.html.erb

@@ -0,0 +1,7 @@
+<% if session[:user_id] %>
+  Signed in as <%= current_user.name %>. 
+  <%= link_to "sign out", session_path, :method => "delete" %>
+<% else %>
+  <%= link_to "sign in", new_session_path %>
+<% end %>
+

data/spec/dummy/config/application.rb

@@ -0,0 +1,59 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "sprockets/railtie"
+
+Bundler.require(*Rails.groups)
+require "garage"
+require "garage/docs"
+require "garage/meta"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = '1.0'
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,39 @@
+# MySQL.  Versions 4.1 and 5.0 are recommended.
+#
+# Install the MYSQL driver
+#   gem install mysql2
+#
+# Ensure the MySQL gem is defined in your Gemfile
+#   gem 'mysql2'
+#
+# And be sure to use new-style password hashing:
+#   http://dev.mysql.com/doc/refman/5.0/en/old-client.html
+development:
+  adapter: mysql2
+  encoding: utf8
+  database: garage_dummy_development
+  pool: 5
+  username: root
+  password:
+  host: localhost
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: mysql2
+  encoding: utf8
+  database: garage_dummy_test
+  pool: 5
+  username: root
+  password:
+  host: localhost
+
+production:
+  adapter: mysql2
+  encoding: utf8
+  database: garage_dummy_production
+  pool: 5
+  username: root
+  password:
+  host: localhost

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,37 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,72 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  if Rails::VERSION::MAJOR > 4 ||
+      (Rails::VERSION::MAJOR == 4 && Rails::VERSION::MINOR >= 2)
+    config.serve_static_files = false
+  else
+    config.serve_static_assets = false
+  end
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to nil and saved in location specified by config.assets.prefix
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,34 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  config.static_cache_control = "public, max-age=3600"
+
+  config.cache_store = :memory_store
+
+  config.eager_load = false
+  config.i18n.enforce_available_locales = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/doorkeeper.rb

@@ -0,0 +1 @@
+# Doorkeeper configuration is merged into garage.rb

data/spec/dummy/config/initializers/garage.rb

@@ -0,0 +1,53 @@
+Garage.configure {}
+Garage.configuration.strategy = Garage::Strategy::Doorkeeper
+
+Garage::TokenScope.configure do
+  register :public do
+    access :read, Post
+  end
+
+  register :read_private_post do
+    access :read, PrivatePost
+  end
+
+  register :write_post do
+    access :write, Post
+  end
+
+  register :read_post_body do
+    access :read, PostBody
+  end
+
+  register :sudo, hidden: true do
+    access :read, PrivatePost
+    access :read, PostStream
+  end
+
+  register :meta do
+    access :read, Garage::Meta::RemoteService
+    access :read, Garage::Docs::Document
+  end
+
+  namespace :foobar do
+    register :read_post do
+      access :read, NamespacedPost
+    end
+  end
+end
+
+Doorkeeper.configure do
+  orm :active_record
+
+  resource_owner_authenticator do
+    User.find_by_id(session[:user_id]) || redirect_to(new_session_url)
+  end
+
+  default_scopes(:public)
+  optional_scopes(*Garage::TokenScope.optional_scopes)
+end
+
+ActiveSupport::Notifications.subscribe "garage.request" do |name, start, finish, id, payload|
+  if payload[:token].application_id
+    payload[:controller].response.headers['Application-Id'] = payload[:token].application_id
+  end
+end

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+#
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_key_base = '2f58fac7dbe443eb880bfa77f0ce9ed78e1def41da1feb2017e9eb44577c7b0e3b555b604c87563f137440fbe8ebef1e3356af2186c7d87b71cc809c33618fdf'

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json]
+end
+
+# Disable root element in JSON by default.
+ActiveSupport.on_load(:active_record) do
+  self.include_root_in_json = false
+end

data/spec/dummy/config/locales/doorkeeper.en.yml

@@ -0,0 +1,68 @@
+en:
+  activerecord:
+    errors:
+      models:
+        application:
+          attributes:
+            redirect_uri:
+              fragment_present: 'cannot contain a fragment.'
+              has_query_parameter: 'cannot contain a query parameter.'
+              invalid_uri: 'must be a valid URI.'
+              relative_uri: 'must be an absolute URI.'
+  mongoid:
+    errors:
+      models:
+        application:
+          attributes:
+            redirect_uri:
+              fragment_present: 'cannot contain a fragment.'
+              has_query_parameter: 'cannot contain a query parameter.'
+              invalid_uri: 'must be a valid URI.'
+              relative_uri: 'must be an absolute URI.'
+  mongo_mapper:
+    errors:
+      models:
+        application:
+          attributes:
+            redirect_uri:
+              fragment_present: 'cannot contain a fragment.'
+              has_query_parameter: 'cannot contain a query parameter.'
+              invalid_uri: 'must be a valid URI.'
+              relative_uri: 'must be an absolute URI.'
+  doorkeeper:
+    errors:
+      messages:
+        # Common error messages
+        invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
+        invalid_redirect_uri: 'The redirect uri included is not valid.'
+        unauthorized_client: 'The client is not authorized to perform this request using this method.'
+        access_denied: 'The resource owner or authorization server denied the request.'
+        invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
+        server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
+        temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
+
+        #configuration error messages
+        credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
+        resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'
+
+        # Access grant errors
+        unsupported_response_type: 'The authorization server does not support this response type.'
+
+        # Access token errors
+        invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
+        invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
+        unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
+
+        # Password Access token errors
+        invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
+    flash:
+      applications:
+        create:
+          notice: 'Application created.'
+        destroy:
+          notice: 'Application deleted.'
+        update:
+          notice: 'Application updated.'
+      authorized_applications:
+        destroy:
+          notice: 'Application revoked.'

data/spec/dummy/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/spec/dummy/config/routes.rb

@@ -0,0 +1,30 @@
+Rails.application.routes.draw do
+  use_doorkeeper
+
+  mount Garage::Docs::Engine => '/docs'
+  mount Garage::Meta::Engine => '/meta'
+
+  resources :posts do
+    collection do
+      get :hide
+      get :capped
+      get :namespaced
+    end
+  end
+
+  resources :users do
+    resources :posts do
+      collection do
+        get :private
+      end
+    end
+
+    resources :public_posts, only: :index
+  end
+
+  resource :session
+  resource :echo
+  resource :ping
+
+  get :mine, to: 'public_posts#my'
+end

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application