rolemodel-rails 1.1.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +6 -7
  3. data/lib/generators/rolemodel/all_generator.rb +0 -1
  4. data/lib/generators/rolemodel/optics/icons/README.md +6 -1
  5. data/lib/generators/rolemodel/optics/icons/icons_generator.rb +14 -9
  6. data/lib/generators/rolemodel/optics/icons/templates/app/helpers/icon_helper.rb.tt +4 -2
  7. data/lib/generators/rolemodel/testing/README.md +4 -1
  8. data/lib/generators/rolemodel/testing/all_generator.rb +3 -3
  9. data/lib/generators/rolemodel/testing/jasmine_playwright/jasmine_playwright_generator.rb +1 -1
  10. data/lib/generators/rolemodel/testing/rspec/README.md +1 -1
  11. data/lib/generators/rolemodel/testing/rspec/USAGE +1 -1
  12. data/lib/generators/rolemodel/testing/rspec/rspec_generator.rb +15 -14
  13. data/lib/generators/rolemodel/testing/rspec/templates/spec/support/capybara_config.rb.tt +9 -0
  14. data/lib/{generators/rolemodel/optics/icons/templates/app/icon_builders → rolemodel/optics}/custom_icon_builder.rb +1 -1
  15. data/lib/{generators/rolemodel/optics/icons/templates/app/icon_builders → rolemodel/optics}/feather_icon_builder.rb +1 -1
  16. data/lib/{generators/rolemodel/optics/icons/templates/app/icon_builders → rolemodel/optics}/icon_builder.rb +10 -19
  17. data/lib/{generators/rolemodel/optics/icons/templates/app/icon_builders → rolemodel/optics}/lucide_icon_builder.rb +1 -1
  18. data/lib/{generators/rolemodel/optics/icons/templates/app/icon_builders → rolemodel/optics}/material_icon_builder.rb +1 -1
  19. data/lib/{generators/rolemodel/optics/icons/templates/app/icon_builders → rolemodel/optics}/phosphor_icon_builder.rb +1 -1
  20. data/lib/{generators/rolemodel/optics/icons/templates/app/icon_builders → rolemodel/optics}/tabler_icon_builder.rb +1 -1
  21. data/lib/rolemodel/optics.rb +9 -0
  22. data/lib/rolemodel/utility/task_tools.rb +42 -0
  23. data/lib/rolemodel/utility.rb +3 -0
  24. data/lib/rolemodel/version.rb +1 -1
  25. data/lib/rolemodel-rails.rb +2 -0
  26. metadata +35 -42
  27. data/lib/generators/rolemodel/mcp/README.md +0 -13
  28. data/lib/generators/rolemodel/mcp/USAGE +0 -8
  29. data/lib/generators/rolemodel/mcp/mcp_generator.rb +0 -110
  30. data/lib/generators/rolemodel/mcp/templates/app/assets/stylesheets/components/doorkeeper.css +0 -140
  31. data/lib/generators/rolemodel/mcp/templates/app/controllers/doorkeeper/base_controller.rb +0 -7
  32. data/lib/generators/rolemodel/mcp/templates/app/controllers/mcp_controller.rb.tt +0 -91
  33. data/lib/generators/rolemodel/mcp/templates/app/controllers/oauth_registrations_controller.rb +0 -46
  34. data/lib/generators/rolemodel/mcp/templates/app/controllers/well_known_controller.rb +0 -39
  35. data/lib/generators/rolemodel/mcp/templates/app/mcp/prompts/sample.rb +0 -36
  36. data/lib/generators/rolemodel/mcp/templates/app/mcp/resources/controller.rb +0 -57
  37. data/lib/generators/rolemodel/mcp/templates/app/mcp/resources/docs/SAMPLE_DOC.md +0 -4
  38. data/lib/generators/rolemodel/mcp/templates/app/mcp/resources/docs_controller.rb +0 -46
  39. data/lib/generators/rolemodel/mcp/templates/app/mcp/tools/sample.rb +0 -42
  40. data/lib/generators/rolemodel/mcp/templates/app/views/doorkeeper/authorizations/error.html.slim.tt +0 -13
  41. data/lib/generators/rolemodel/mcp/templates/app/views/doorkeeper/authorizations/new.html.slim.tt +0 -41
  42. data/lib/generators/rolemodel/mcp/templates/app/views/layouts/doorkeeper.html.slim +0 -7
  43. data/lib/generators/rolemodel/mcp/templates/config/initializers/doorkeeper.rb +0 -537
  44. data/lib/generators/rolemodel/mcp/templates/spec/mcp/prompts/sample_spec.rb +0 -15
  45. data/lib/generators/rolemodel/mcp/templates/spec/mcp/resources/controller_spec.rb +0 -16
  46. data/lib/generators/rolemodel/mcp/templates/spec/mcp/resources/docs_controller_spec.rb +0 -55
  47. data/lib/generators/rolemodel/mcp/templates/spec/mcp/tools/sample_spec.rb +0 -15
  48. data/lib/generators/rolemodel/mcp/templates/spec/requests/mcp_controller_spec.rb +0 -84
  49. data/lib/generators/rolemodel/mcp/templates/spec/requests/oauth_registrations_controller_spec.rb +0 -62
  50. data/lib/generators/rolemodel/mcp/templates/spec/requests/well_known_controller_spec.rb +0 -30
  51. data/lib/generators/rolemodel/testing/rspec/templates/support/capybara_testid.rb +0 -5
  52. /data/lib/generators/rolemodel/testing/rspec/templates/{rails_helper.rb → spec/rails_helper.rb.tt} +0 -0
  53. /data/lib/generators/rolemodel/testing/rspec/templates/{spec_helper.rb → spec/spec_helper.rb.tt} +0 -0
  54. /data/lib/generators/rolemodel/testing/rspec/templates/{support/capybara_drivers.rb → spec/support/capybara_drivers.rb.tt} +0 -0
  55. /data/lib/generators/rolemodel/testing/rspec/templates/{support → spec/support}/helpers/action_cable_helper.rb +0 -0
  56. /data/lib/generators/rolemodel/testing/rspec/templates/{support → spec/support}/helpers/capybara_helper.rb +0 -0
  57. /data/lib/generators/rolemodel/testing/rspec/templates/{support → spec/support}/helpers/playwright_helper.rb +0 -0
  58. /data/lib/generators/rolemodel/testing/rspec/templates/{support → spec/support}/helpers/select_helper.rb +0 -0
  59. /data/lib/generators/rolemodel/testing/rspec/templates/{support → spec/support}/helpers/test_element_helper.rb +0 -0
  60. /data/lib/generators/rolemodel/testing/rspec/templates/{support/helpers.rb → spec/support/helpers.rb.tt} +0 -0
@@ -1,537 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- Rails.application.config.to_prepare do
4
- Doorkeeper::AuthorizationsController.layout 'doorkeeper'
5
- end
6
-
7
- Doorkeeper.configure do
8
- # Change the ORM that doorkeeper will use (requires ORM extensions installed).
9
- # Check the list of supported ORMs here: https://github.com/doorkeeper-gem/doorkeeper#orms
10
- orm :active_record
11
-
12
- # Enable support for multiple database configurations with read replicas.
13
- # When enabled, Doorkeeper will wrap database write operations to ensure they
14
- # use the primary (writable) database when automatic role switching is enabled.
15
- #
16
- # For ActiveRecord (Rails 6.1+), this uses `ActiveRecord::Base.connected_to(role: :writing)`.
17
- # Other ORM extensions can implement their own primary database targeting logic.
18
- #
19
- # enable_multiple_database_roles
20
- #
21
- # This prevents `ActiveRecord::ReadOnlyError` when using read replicas with Rails
22
- # automatic role switching. Enable this if your application uses multiple databases
23
- # with automatic role switching for read replicas.
24
- #
25
- # See: https://guides.rubyonrails.org/active_record_multiple_databases.html#activating-automatic-role-switching
26
-
27
- # This block will be called to check whether the resource owner is authenticated or not.
28
- resource_owner_authenticator do
29
- current_user || warden.authenticate!(scope: :user)
30
- end
31
-
32
- # If you didn't skip applications controller from Doorkeeper routes in your application routes.rb
33
- # file then you need to declare this block in order to restrict access to the web interface for
34
- # adding oauth authorized applications. In other case it will return 403 Forbidden response
35
- # every time somebody will try to access the admin web interface.
36
- #
37
- admin_authenticator do
38
- current_user || warden.authenticate!(scope: :user)
39
- end
40
-
41
- # You can use your own model classes if you need to extend (or even override) default
42
- # Doorkeeper models such as `Application`, `AccessToken` and `AccessGrant.
43
- #
44
- # By default Doorkeeper ActiveRecord ORM uses its own classes:
45
- #
46
- # access_token_class "Doorkeeper::AccessToken"
47
- # access_grant_class "Doorkeeper::AccessGrant"
48
- # application_class "Doorkeeper::Application"
49
- #
50
- # Don't forget to include Doorkeeper ORM mixins into your custom models:
51
- #
52
- # * ::Doorkeeper::Orm::ActiveRecord::Mixins::AccessToken - for access token
53
- # * ::Doorkeeper::Orm::ActiveRecord::Mixins::AccessGrant - for access grant
54
- # * ::Doorkeeper::Orm::ActiveRecord::Mixins::Application - for application (OAuth2 clients)
55
- #
56
- # For example:
57
- #
58
- # access_token_class "MyAccessToken"
59
- #
60
- # class MyAccessToken < ApplicationRecord
61
- # include ::Doorkeeper::Orm::ActiveRecord::Mixins::AccessToken
62
- #
63
- # self.table_name = "hey_i_wanna_my_name"
64
- #
65
- # def destroy_me!
66
- # destroy
67
- # end
68
- # end
69
-
70
- # Enables polymorphic Resource Owner association for Access Tokens and Access Grants.
71
- # By default this option is disabled.
72
- #
73
- # Make sure you properly setup you database and have all the required columns (run
74
- # `bundle exec rails generate doorkeeper:enable_polymorphic_resource_owner` and execute Rails
75
- # migrations).
76
- #
77
- # If this option enabled, Doorkeeper will store not only Resource Owner primary key
78
- # value, but also it's type (class name). See "Polymorphic Associations" section of
79
- # Rails guides: https://guides.rubyonrails.org/association_basics.html#polymorphic-associations
80
- #
81
- # [NOTE] If you apply this option on already existing project don't forget to manually
82
- # update `resource_owner_type` column in the database and fix migration template as it will
83
- # set NOT NULL constraint for Access Grants table.
84
- #
85
- # use_polymorphic_resource_owner
86
-
87
- # If you are planning to use Doorkeeper in Rails 5 API-only application, then you might
88
- # want to use API mode that will skip all the views management and change the way how
89
- # Doorkeeper responds to a requests.
90
- #
91
- # api_only
92
-
93
- # Enforce token request content type to application/x-www-form-urlencoded.
94
- # It is not enabled by default to not break prior versions of the gem.
95
- #
96
- # enforce_content_type
97
-
98
- # Authorization Code expiration time (default: 10 minutes).
99
- #
100
- # authorization_code_expires_in 10.minutes
101
-
102
- # Access token expiration time (default: 2 hours).
103
- # If you set this to `nil` Doorkeeper will not expire the token and omit expires_in in response.
104
- # It is RECOMMENDED to set expiration time explicitly.
105
- # Prefer access_token_expires_in 100.years or similar,
106
- # which would be functionally equivalent and avoid the risk of unexpected behavior by callers.
107
- #
108
- # access_token_expires_in 2.hours
109
-
110
- # Assign custom TTL for access tokens. Will be used instead of access_token_expires_in
111
- # option if defined. In case the block returns `nil` value Doorkeeper fallbacks to
112
- # +access_token_expires_in+ configuration option value. If you really need to issue a
113
- # non-expiring access token (which is not recommended) then you need to return
114
- # Float::INFINITY from this block.
115
- #
116
- # `context` has the following properties available:
117
- #
118
- # * `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
119
- # * `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
120
- # * `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
121
- # * `resource_owner` - authorized resource owner instance (if present)
122
- #
123
- # custom_access_token_expires_in do |context|
124
- # context.client.additional_settings.implicit_oauth_expiration
125
- # end
126
-
127
- # Use a custom class for generating the access token.
128
- # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-access-token-generator
129
- #
130
- # access_token_generator '::Doorkeeper::JWT'
131
-
132
- # The controller +Doorkeeper::ApplicationController+ inherits from.
133
- # Defaults to +ActionController::Base+ unless +api_only+ is set, which changes the default to
134
- # +ActionController::API+. The return value of this option must be a stringified class name.
135
- # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-controllers
136
- #
137
- base_controller 'Doorkeeper::BaseController'
138
-
139
- # Reuse access token for the same resource owner within an application (disabled by default).
140
- #
141
- # This option protects your application from creating new tokens before old **valid** one becomes
142
- # expired so your database doesn't bloat. Keep in mind that when this option is enabled Doorkeeper
143
- # doesn't update existing token expiration time, it will create a new token instead if no active matching
144
- # token found for the application, resources owner and/or set of scopes.
145
- # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
146
- #
147
- # You can not enable this option together with +hash_token_secrets+.
148
- #
149
- # reuse_access_token
150
-
151
- # In case you enabled `reuse_access_token` option Doorkeeper will try to find matching
152
- # token using `matching_token_for` Access Token API that searches for valid records
153
- # in batches in order not to pollute the memory with all the database records. By default
154
- # Doorkeeper uses batch size of 10 000 records. You can increase or decrease this value
155
- # depending on your needs and server capabilities.
156
- #
157
- # token_lookup_batch_size 10_000
158
-
159
- # Set a limit for token_reuse if using reuse_access_token option
160
- #
161
- # This option limits token_reusability to some extent.
162
- # If not set then access_token will be reused unless it expires.
163
- # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
164
- #
165
- # This option should be a percentage(i.e. (0,100])
166
- #
167
- # token_reuse_limit 100
168
-
169
- # Only allow one valid access token obtained via client credentials
170
- # per client. If a new access token is obtained before the old one
171
- # expired, the old one gets revoked (disabled by default)
172
- #
173
- # When enabling this option, make sure that you do not expect multiple processes
174
- # using the same credentials at the same time (e.g. web servers spanning
175
- # multiple machines and/or processes).
176
- #
177
- # revoke_previous_client_credentials_token
178
-
179
- # Only allow one valid access token obtained via authorization code
180
- # per client. If a new access token is obtained before the old one
181
- # expired, the old one gets revoked (disabled by default)
182
- #
183
- # revoke_previous_authorization_code_token
184
-
185
- # Require non-confidential clients to use PKCE when using an authorization code
186
- # to obtain an access_token (disabled by default)
187
- #
188
- force_pkce
189
-
190
- # Hash access and refresh tokens before persisting them.
191
- # This will disable the possibility to use +reuse_access_token+
192
- # since plain values can no longer be retrieved.
193
- #
194
- # Note: If you are already a user of doorkeeper and have existing tokens
195
- # in your installation, they will be invalid without adding 'fallback: :plain'.
196
- #
197
- # hash_token_secrets
198
- # By default, token secrets will be hashed using the
199
- # +Doorkeeper::Hashing::SHA256+ strategy.
200
- #
201
- # If you wish to use another hashing implementation, you can override
202
- # this strategy as follows:
203
- #
204
- # hash_token_secrets using: '::Doorkeeper::Hashing::MyCustomHashImpl'
205
- #
206
- # Keep in mind that changing the hashing function will invalidate all existing
207
- # secrets, if there are any.
208
-
209
- # Hash application secrets before persisting them.
210
- #
211
- # hash_application_secrets
212
- #
213
- # By default, applications will be hashed
214
- # with the +Doorkeeper::SecretStoring::SHA256+ strategy.
215
- #
216
- # If you wish to use bcrypt for application secret hashing, uncomment
217
- # this line instead:
218
- #
219
- # hash_application_secrets using: '::Doorkeeper::SecretStoring::BCrypt'
220
-
221
- # When the above option is enabled, and a hashed token or secret is not found,
222
- # you can allow to fall back to another strategy. For users upgrading
223
- # doorkeeper and wishing to enable hashing, you will probably want to enable
224
- # the fallback to plain tokens.
225
- #
226
- # This will ensure that old access tokens and secrets
227
- # will remain valid even if the hashing above is enabled.
228
- #
229
- # This can be done by adding 'fallback: plain', e.g. :
230
- #
231
- # hash_application_secrets using: '::Doorkeeper::SecretStoring::BCrypt', fallback: :plain
232
-
233
- # Issue access tokens with refresh token (disabled by default), you may also
234
- # pass a block which accepts `context` to customize when to give a refresh
235
- # token or not. Similar to +custom_access_token_expires_in+, `context` has
236
- # the following properties:
237
- #
238
- # `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
239
- # `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
240
- # `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
241
- #
242
- use_refresh_token
243
-
244
- # Provide support for an owner to be assigned to each registered application (disabled by default)
245
- # Optional parameter confirmation: true (default: false) if you want to enforce ownership of
246
- # a registered application
247
- # NOTE: you must also run the rails g doorkeeper:application_owner generator
248
- # to provide the necessary support
249
- #
250
- # enable_application_owner confirmation: false
251
-
252
- # Define access token scopes for your provider
253
- # For more information go to
254
- # https://doorkeeper.gitbook.io/guides/ruby-on-rails/scopes
255
- #
256
- default_scopes :mcp
257
-
258
- # Allows to restrict only certain scopes for grant_type.
259
- # By default, all the scopes will be available for all the grant types.
260
- #
261
- # Keys to this hash should be the name of grant_type and
262
- # values should be the array of scopes for that grant type.
263
- # Note: scopes should be from configured_scopes (i.e. default or optional)
264
- #
265
- # scopes_by_grant_type password: [:write], client_credentials: [:update]
266
-
267
- # Forbids creating/updating applications with arbitrary scopes that are
268
- # not in configuration, i.e. +default_scopes+ or +optional_scopes+.
269
- # (disabled by default)
270
- #
271
- # enforce_configured_scopes
272
-
273
- # Change the way client credentials are retrieved from the request object.
274
- # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
275
- # falls back to the `:client_id` and `:client_secret` params from the `params` object.
276
- # Check out https://github.com/doorkeeper-gem/doorkeeper/wiki/Changing-how-clients-are-authenticated
277
- # for more information on customization
278
- #
279
- # client_credentials :from_basic, :from_params
280
-
281
- # Change the way access token is authenticated from the request object.
282
- # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
283
- # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
284
- # Check out https://github.com/doorkeeper-gem/doorkeeper/wiki/Changing-how-clients-are-authenticated
285
- # for more information on customization
286
- #
287
- # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
288
-
289
- # Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
290
- # by default in non-development environments). OAuth2 delegates security in
291
- # communication to the HTTPS protocol so it is wise to keep this enabled.
292
- #
293
- # Callable objects such as proc, lambda, block or any object that responds to
294
- # #call can be used in order to allow conditional checks (to allow non-SSL
295
- # redirects to localhost for example).
296
- #
297
- force_ssl_in_redirect_uri do |uri|
298
- Rails.env.production? && !(uri.host == 'localhost' || uri.host == '127.0.0.1' || uri.host == '::1')
299
- end
300
-
301
- # Specify what redirect URI's you want to block during Application creation.
302
- # Any redirect URI is allowed by default.
303
- #
304
- # You can use this option in order to forbid URI's with 'javascript' scheme
305
- # for example.
306
- #
307
- # forbid_redirect_uri { |uri| uri.scheme.to_s.downcase == 'javascript' }
308
-
309
- # Allows to set blank redirect URIs for Applications in case Doorkeeper configured
310
- # to use URI-less OAuth grant flows like Client Credentials or Resource Owner
311
- # Password Credentials. The option is on by default and checks configured grant
312
- # types, but you **need** to manually drop `NOT NULL` constraint from `redirect_uri`
313
- # column for `oauth_applications` database table.
314
- #
315
- # You can completely disable this feature with:
316
- #
317
- # allow_blank_redirect_uri false
318
- #
319
- # Or you can define your custom check:
320
- #
321
- # allow_blank_redirect_uri do |grant_flows, client|
322
- # client.superapp?
323
- # end
324
-
325
- # Specify how authorization errors should be handled.
326
- # By default, doorkeeper renders json errors when access token
327
- # is invalid, expired, revoked or has invalid scopes.
328
- #
329
- # If you want to render error response yourself (i.e. rescue exceptions),
330
- # set +handle_auth_errors+ to `:raise` and rescue Doorkeeper::Errors::InvalidToken
331
- # or following specific errors:
332
- #
333
- # Doorkeeper::Errors::TokenForbidden, Doorkeeper::Errors::TokenExpired,
334
- # Doorkeeper::Errors::TokenRevoked, Doorkeeper::Errors::TokenUnknown
335
- #
336
- # handle_auth_errors :raise
337
- #
338
- # If you want to redirect back to the client application in accordance with
339
- # https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1, you can set
340
- # +handle_auth_errors+ to :redirect
341
- #
342
- # handle_auth_errors :redirect
343
-
344
- # Customize token introspection response.
345
- # Allows to add your own fields to default one that are required by the OAuth spec
346
- # for the introspection response. It could be `sub`, `aud` and so on.
347
- # This configuration option can be a proc, lambda or any Ruby object responds
348
- # to `.call` method and result of it's invocation must be a Hash.
349
- #
350
- # custom_introspection_response do |token, context|
351
- # {
352
- # "sub": "Z5O3upPC88QrAjx00dis",
353
- # "aud": "https://protected.example.net/resource",
354
- # "username": User.find(token.resource_owner_id).username
355
- # }
356
- # end
357
- #
358
- # or
359
- #
360
- # custom_introspection_response CustomIntrospectionResponder
361
-
362
- # Specify what grant flows are enabled in array of Strings. The valid
363
- # strings and the flows they enable are:
364
- #
365
- # "authorization_code" => Authorization Code Grant Flow
366
- # "implicit" => Implicit Grant Flow
367
- # "password" => Resource Owner Password Credentials Grant Flow
368
- # "client_credentials" => Client Credentials Grant Flow
369
- #
370
- # If not specified, Doorkeeper enables authorization_code and
371
- # client_credentials.
372
- #
373
- # implicit and password grant flows have risks that you should understand
374
- # before enabling:
375
- # https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.2
376
- # https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.3
377
- #
378
- # grant_flows %w[authorization_code client_credentials]
379
-
380
- # Allows to customize OAuth grant flows that +each+ application support.
381
- # You can configure a custom block (or use a class respond to `#call`) that must
382
- # return `true` in case Application instance supports requested OAuth grant flow
383
- # during the authorization request to the server. This configuration +doesn't+
384
- # set flows per application, it only allows to check if application supports
385
- # specific grant flow.
386
- #
387
- # For example you can add an additional database column to `oauth_applications` table,
388
- # say `t.array :grant_flows, default: []`, and store allowed grant flows that can
389
- # be used with this application there. Then when authorization requested Doorkeeper
390
- # will call this block to check if specific Application (passed with client_id and/or
391
- # client_secret) is allowed to perform the request for the specific grant type
392
- # (authorization, password, client_credentials, etc).
393
- #
394
- # Example of the block:
395
- #
396
- # ->(flow, client) { client.grant_flows.include?(flow) }
397
- #
398
- # In case this option invocation result is `false`, Doorkeeper server returns
399
- # :unauthorized_client error and stops the request.
400
- #
401
- # @param allow_grant_flow_for_client [Proc] Block or any object respond to #call
402
- # @return [Boolean] `true` if allow or `false` if forbid the request
403
- #
404
- # allow_grant_flow_for_client do |grant_flow, client|
405
- # # `grant_flows` is an Array column with grant
406
- # # flows that application supports
407
- #
408
- # client.grant_flows.include?(grant_flow)
409
- # end
410
-
411
- # If you need arbitrary Resource Owner-Client authorization you can enable this option
412
- # and implement the check your need. Config option must respond to #call and return
413
- # true in case resource owner authorized for the specific application or false in other
414
- # cases.
415
- #
416
- # By default all Resource Owners are authorized to any Client (application).
417
- #
418
- # authorize_resource_owner_for_client do |client, resource_owner|
419
- # resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
420
- # end
421
-
422
- # Allows additional data fields to be sent while granting access to an application,
423
- # and for this additional data to be included in subsequently generated access tokens.
424
- # The 'authorizations/new' page will need to be overridden to include this additional data
425
- # in the request params when granting access. The access grant and access token models
426
- # will both need to respond to these additional data fields, and have a database column
427
- # to store them in.
428
- #
429
- # Example:
430
- # You have a multi-tenanted platform and want to be able to grant access to a specific
431
- # tenant, rather than all the tenants a user has access to. You can use this config
432
- # option to specify that a ':tenant_id' will be passed when authorizing. This tenant_id
433
- # will be included in the access tokens. When a request is made with one of these access
434
- # tokens, you can check that the requested data belongs to the specified tenant.
435
- #
436
- # Default value is an empty Array: []
437
- # custom_access_token_attributes [:tenant_id]
438
-
439
- # Hook into the strategies' request & response life-cycle in case your
440
- # application needs advanced customization or logging:
441
- #
442
- # before_successful_strategy_response do |request|
443
- # puts "BEFORE HOOK FIRED! #{request}"
444
- # end
445
- #
446
- # after_successful_strategy_response do |request, response|
447
- # puts "AFTER HOOK FIRED! #{request}, #{response}"
448
- # end
449
-
450
- # Hook into Authorization flow in order to implement Single Sign Out
451
- # or add any other functionality. Inside the block you have an access
452
- # to `controller` (authorizations controller instance) and `context`
453
- # (Doorkeeper::OAuth::Hooks::Context instance) which provides pre auth
454
- # or auth objects with issued token based on hook type (before or after).
455
- #
456
- # before_successful_authorization do |controller, context|
457
- # Rails.logger.info(controller.request.params.inspect)
458
- #
459
- # Rails.logger.info(context.pre_auth.inspect)
460
- # end
461
- #
462
- # after_successful_authorization do |controller, context|
463
- # controller.session[:logout_urls] <<
464
- # Doorkeeper::Application
465
- # .find_by(controller.request.params.slice(:redirect_uri))
466
- # .logout_uri
467
- #
468
- # Rails.logger.info(context.auth.inspect)
469
- # Rails.logger.info(context.issued_token)
470
- # end
471
-
472
- # Under some circumstances you might want to have applications auto-approved,
473
- # so that the user skips the authorization step.
474
- # For example if dealing with a trusted application.
475
- #
476
- # skip_authorization do |resource_owner, client|
477
- # client.superapp? or resource_owner.admin?
478
- # end
479
-
480
- # Configure custom constraints for the Token Introspection request.
481
- # By default this configuration option allows to introspect a token by another
482
- # token of the same application, OR to introspect the token that belongs to
483
- # authorized client (from authenticated client) OR when token doesn't
484
- # belong to any client (public token). Otherwise requester has no access to the
485
- # introspection and it will return response as stated in the RFC.
486
- #
487
- # Block arguments:
488
- #
489
- # @param token [Doorkeeper::AccessToken]
490
- # token to be introspected
491
- #
492
- # @param authorized_client [Doorkeeper::Application]
493
- # authorized client (if request is authorized using Basic auth with
494
- # Client Credentials for example)
495
- #
496
- # @param authorized_token [Doorkeeper::AccessToken]
497
- # Bearer token used to authorize the request
498
- #
499
- # In case the block returns `nil` or `false` introspection responses with 401 status code
500
- # when using authorized token to introspect, or you'll get 200 with { "active": false } body
501
- # when using authorized client to introspect as stated in the
502
- # RFC 7662 section 2.2. Introspection Response.
503
- #
504
- # Using with caution:
505
- # Keep in mind that these three parameters pass to block can be nil as following case:
506
- # `authorized_client` is nil if and only if `authorized_token` is present, and vice versa.
507
- # `token` will be nil if and only if `authorized_token` is present.
508
- # So remember to use `&` or check if it is present before calling method on
509
- # them to make sure you doesn't get NoMethodError exception.
510
- #
511
- # You can define your custom check:
512
- #
513
- # allow_token_introspection do |token, authorized_client, authorized_token|
514
- # if authorized_token
515
- # # customize: require `introspection` scope
516
- # authorized_token.application == token&.application ||
517
- # authorized_token.scopes.include?("introspection")
518
- # elsif token.application
519
- # # `protected_resource` is a new database boolean column, for example
520
- # authorized_client == token.application || authorized_client.protected_resource?
521
- # else
522
- # # public token (when token.application is nil, token doesn't belong to any application)
523
- # true
524
- # end
525
- # end
526
- #
527
- # Or you can completely disable any token introspection:
528
- #
529
- # allow_token_introspection false
530
- #
531
- # If you need to block the request at all, then configure your routes.rb or web-server
532
- # like nginx to forbid the request.
533
-
534
- # WWW-Authenticate Realm (default: "Doorkeeper").
535
- #
536
- # realm "Doorkeeper"
537
- end
@@ -1,15 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'rails_helper'
4
-
5
- RSpec.describe Prompts::Sample do
6
- describe '.template' do
7
- subject(:result) { described_class.template({}) }
8
-
9
- it 'has the correct description' do
10
- expect(result.messages.length).to eq(1)
11
- expect(result.messages.first.role).to eq('assistant')
12
- expect(result.description).to include('This is a sample prompt.')
13
- end
14
- end
15
- end
@@ -1,16 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'rails_helper'
4
-
5
- RSpec.describe Resources::Controller do
6
- it 'returns error messages when invalid' do
7
- allow_any_instance_of(described_class).to receive(:valid?).and_return(false)
8
- allow_any_instance_of(described_class).to receive_message_chain(:errors, :full_messages).and_return(['Invalid params'])
9
- expect do
10
- described_class.call({ uri: 'docs://missing-doc' }, { current_user: nil })
11
- end.to raise_error(
12
- MCP::Server::RequestHandlerError,
13
- /Invalid params/
14
- )
15
- end
16
- end
@@ -1,55 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'rails_helper'
4
-
5
- RSpec.describe Resources::DocsController do
6
- describe 'class methods' do
7
- it 'returns the correct values' do
8
- expect(described_class.schema).to eq('docs://')
9
- expect(described_class.mime_type).to eq('text/markdown')
10
- end
11
- end
12
-
13
- describe '.resource_list' do
14
- it 'registers the sample resource' do
15
- expect(described_class.resource_list.map(&:uri)).to contain_exactly('docs://SAMPLE_DOC.md')
16
- end
17
- end
18
-
19
- describe 'validations' do
20
- it 'is valid for a known docs resource' do
21
- controller = described_class.new('SAMPLE_DOC.md')
22
-
23
- expect(controller).to be_valid
24
- end
25
-
26
- it 'is invalid for an unknown docs resource' do
27
- controller = described_class.new('missing-doc')
28
-
29
- expect(controller).not_to be_valid
30
- expect(controller.errors[:file_path]).to eq(['Unknown docs resource: missing-doc'])
31
- end
32
-
33
- it 'is invalid when the mapped file is missing' do
34
- stub_const(
35
- 'Resources::DocsController::FILES',
36
- { 'SAMPLE_DOC.md' => Rails.root.join('app/mcp/resources/docs/missing.md') }.freeze
37
- )
38
-
39
- controller = described_class.new('SAMPLE_DOC.md')
40
-
41
- expect(controller).not_to be_valid
42
- expect(controller.errors[:file_path]).to eq(['Missing docs file for SAMPLE_DOC.md'])
43
- end
44
- end
45
-
46
- describe '#serve' do
47
- it 'returns the markdown for the requested docs resource' do
48
- controller = described_class.new('SAMPLE_DOC.md')
49
-
50
- content = controller.serve
51
-
52
- expect(content).to include('# Hello World')
53
- end
54
- end
55
- end
@@ -1,15 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'rails_helper'
4
-
5
- RSpec.describe Tools::Sample do
6
- describe '.call' do
7
- it 'returns a hash with expected fields' do
8
- result = described_class.call(name: 'Alice', server_context: {})
9
-
10
- expect(result).not_to be_error
11
-
12
- expect(result.structured_content).to have_key(:sample)
13
- end
14
- end
15
- end