super-smart-kit 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. checksums.yaml +7 -0
  2. data/doorkeeper-5.9.3/CHANGELOG.md +1208 -0
  3. data/doorkeeper-5.9.3/MIT-LICENSE +20 -0
  4. data/doorkeeper-5.9.3/README.md +186 -0
  5. data/doorkeeper-5.9.3/app/assets/stylesheets/doorkeeper/admin/application.css +10 -0
  6. data/doorkeeper-5.9.3/app/assets/stylesheets/doorkeeper/application.css +64 -0
  7. data/doorkeeper-5.9.3/app/controllers/doorkeeper/application_controller.rb +14 -0
  8. data/doorkeeper-5.9.3/app/controllers/doorkeeper/application_metal_controller.rb +13 -0
  9. data/doorkeeper-5.9.3/app/controllers/doorkeeper/applications_controller.rb +99 -0
  10. data/doorkeeper-5.9.3/app/controllers/doorkeeper/authorizations_controller.rb +164 -0
  11. data/doorkeeper-5.9.3/app/controllers/doorkeeper/authorized_applications_controller.rb +33 -0
  12. data/doorkeeper-5.9.3/app/controllers/doorkeeper/token_info_controller.rb +25 -0
  13. data/doorkeeper-5.9.3/app/controllers/doorkeeper/tokens_controller.rb +180 -0
  14. data/doorkeeper-5.9.3/app/helpers/doorkeeper/dashboard_helper.rb +21 -0
  15. data/doorkeeper-5.9.3/app/views/doorkeeper/applications/_delete_form.html.erb +6 -0
  16. data/doorkeeper-5.9.3/app/views/doorkeeper/applications/_form.html.erb +59 -0
  17. data/doorkeeper-5.9.3/app/views/doorkeeper/applications/edit.html.erb +5 -0
  18. data/doorkeeper-5.9.3/app/views/doorkeeper/applications/index.html.erb +38 -0
  19. data/doorkeeper-5.9.3/app/views/doorkeeper/applications/new.html.erb +5 -0
  20. data/doorkeeper-5.9.3/app/views/doorkeeper/applications/show.html.erb +63 -0
  21. data/doorkeeper-5.9.3/app/views/doorkeeper/authorizations/error.html.erb +9 -0
  22. data/doorkeeper-5.9.3/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
  23. data/doorkeeper-5.9.3/app/views/doorkeeper/authorizations/new.html.erb +46 -0
  24. data/doorkeeper-5.9.3/app/views/doorkeeper/authorizations/show.html.erb +7 -0
  25. data/doorkeeper-5.9.3/app/views/doorkeeper/authorized_applications/_delete_form.html.erb +4 -0
  26. data/doorkeeper-5.9.3/app/views/doorkeeper/authorized_applications/index.html.erb +24 -0
  27. data/doorkeeper-5.9.3/app/views/layouts/doorkeeper/admin.html.erb +39 -0
  28. data/doorkeeper-5.9.3/app/views/layouts/doorkeeper/application.html.erb +23 -0
  29. data/doorkeeper-5.9.3/config/locales/en.yml +155 -0
  30. data/doorkeeper-5.9.3/lib/doorkeeper/config/abstract_builder.rb +28 -0
  31. data/doorkeeper-5.9.3/lib/doorkeeper/config/option.rb +82 -0
  32. data/doorkeeper-5.9.3/lib/doorkeeper/config/validations.rb +65 -0
  33. data/doorkeeper-5.9.3/lib/doorkeeper/config.rb +721 -0
  34. data/doorkeeper-5.9.3/lib/doorkeeper/engine.rb +38 -0
  35. data/doorkeeper-5.9.3/lib/doorkeeper/errors.rb +85 -0
  36. data/doorkeeper-5.9.3/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
  37. data/doorkeeper-5.9.3/lib/doorkeeper/grant_flow/flow.rb +44 -0
  38. data/doorkeeper-5.9.3/lib/doorkeeper/grant_flow/registry.rb +50 -0
  39. data/doorkeeper-5.9.3/lib/doorkeeper/grant_flow.rb +45 -0
  40. data/doorkeeper-5.9.3/lib/doorkeeper/grape/authorization_decorator.rb +19 -0
  41. data/doorkeeper-5.9.3/lib/doorkeeper/grape/helpers.rb +58 -0
  42. data/doorkeeper-5.9.3/lib/doorkeeper/helpers/controller.rb +91 -0
  43. data/doorkeeper-5.9.3/lib/doorkeeper/models/access_grant_mixin.rb +124 -0
  44. data/doorkeeper-5.9.3/lib/doorkeeper/models/access_token_mixin.rb +526 -0
  45. data/doorkeeper-5.9.3/lib/doorkeeper/models/application_mixin.rb +96 -0
  46. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/accessible.rb +15 -0
  47. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/expirable.rb +36 -0
  48. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +96 -0
  49. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/orderable.rb +15 -0
  50. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/ownership.rb +18 -0
  51. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +29 -0
  52. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
  53. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/reusable.rb +19 -0
  54. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/revocable.rb +31 -0
  55. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/scopes.rb +27 -0
  56. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/secret_storable.rb +106 -0
  57. data/doorkeeper-5.9.3/lib/doorkeeper/models/concerns/write_to_primary.rb +57 -0
  58. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/authorization/code.rb +76 -0
  59. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/authorization/context.rb +17 -0
  60. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/authorization/token.rb +100 -0
  61. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/authorization/uri_builder.rb +33 -0
  62. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/authorization_code_request.rb +125 -0
  63. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/base_request.rb +68 -0
  64. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/base_response.rb +31 -0
  65. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/client/credentials.rb +34 -0
  66. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/client.rb +28 -0
  67. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/client_credentials/creator.rb +57 -0
  68. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/client_credentials/issuer.rb +48 -0
  69. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/client_credentials/validator.rb +55 -0
  70. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/client_credentials_request.rb +46 -0
  71. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/code_request.rb +25 -0
  72. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/code_response.rb +51 -0
  73. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/error.rb +16 -0
  74. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/error_response.rb +121 -0
  75. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/forbidden_token_response.rb +31 -0
  76. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/helpers/scope_checker.rb +50 -0
  77. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/helpers/unique_token.rb +30 -0
  78. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/helpers/uri_checker.rb +83 -0
  79. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/hooks/context.rb +21 -0
  80. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/invalid_request_response.rb +47 -0
  81. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/invalid_token_response.rb +54 -0
  82. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/nonstandard.rb +39 -0
  83. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/password_access_token_request.rb +75 -0
  84. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/pre_authorization.rb +187 -0
  85. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/refresh_token_request.rb +144 -0
  86. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/scopes.rb +134 -0
  87. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/token.rb +66 -0
  88. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/token_introspection.rb +220 -0
  89. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/token_request.rb +25 -0
  90. data/doorkeeper-5.9.3/lib/doorkeeper/oauth/token_response.rb +38 -0
  91. data/doorkeeper-5.9.3/lib/doorkeeper/oauth.rb +13 -0
  92. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/access_grant.rb +9 -0
  93. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/access_token.rb +9 -0
  94. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/application.rb +10 -0
  95. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +64 -0
  96. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/mixins/access_token.rb +95 -0
  97. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/mixins/application.rb +223 -0
  98. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
  99. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +44 -0
  100. data/doorkeeper-5.9.3/lib/doorkeeper/orm/active_record.rb +41 -0
  101. data/doorkeeper-5.9.3/lib/doorkeeper/rails/helpers.rb +82 -0
  102. data/doorkeeper-5.9.3/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
  103. data/doorkeeper-5.9.3/lib/doorkeeper/rails/routes/mapper.rb +30 -0
  104. data/doorkeeper-5.9.3/lib/doorkeeper/rails/routes/mapping.rb +40 -0
  105. data/doorkeeper-5.9.3/lib/doorkeeper/rails/routes/registry.rb +45 -0
  106. data/doorkeeper-5.9.3/lib/doorkeeper/rails/routes.rb +110 -0
  107. data/doorkeeper-5.9.3/lib/doorkeeper/rake/db.rake +40 -0
  108. data/doorkeeper-5.9.3/lib/doorkeeper/rake/setup.rake +6 -0
  109. data/doorkeeper-5.9.3/lib/doorkeeper/rake.rb +14 -0
  110. data/doorkeeper-5.9.3/lib/doorkeeper/request/authorization_code.rb +26 -0
  111. data/doorkeeper-5.9.3/lib/doorkeeper/request/client_credentials.rb +17 -0
  112. data/doorkeeper-5.9.3/lib/doorkeeper/request/code.rb +17 -0
  113. data/doorkeeper-5.9.3/lib/doorkeeper/request/password.rb +19 -0
  114. data/doorkeeper-5.9.3/lib/doorkeeper/request/refresh_token.rb +22 -0
  115. data/doorkeeper-5.9.3/lib/doorkeeper/request/strategy.rb +19 -0
  116. data/doorkeeper-5.9.3/lib/doorkeeper/request/token.rb +17 -0
  117. data/doorkeeper-5.9.3/lib/doorkeeper/request.rb +73 -0
  118. data/doorkeeper-5.9.3/lib/doorkeeper/revocable_tokens/revocable_access_token.rb +21 -0
  119. data/doorkeeper-5.9.3/lib/doorkeeper/revocable_tokens/revocable_refresh_token.rb +21 -0
  120. data/doorkeeper-5.9.3/lib/doorkeeper/secret_storing/base.rb +64 -0
  121. data/doorkeeper-5.9.3/lib/doorkeeper/secret_storing/bcrypt.rb +60 -0
  122. data/doorkeeper-5.9.3/lib/doorkeeper/secret_storing/plain.rb +33 -0
  123. data/doorkeeper-5.9.3/lib/doorkeeper/secret_storing/sha256_hash.rb +26 -0
  124. data/doorkeeper-5.9.3/lib/doorkeeper/server.rb +44 -0
  125. data/doorkeeper-5.9.3/lib/doorkeeper/stale_records_cleaner.rb +24 -0
  126. data/doorkeeper-5.9.3/lib/doorkeeper/validations.rb +33 -0
  127. data/doorkeeper-5.9.3/lib/doorkeeper/version.rb +14 -0
  128. data/doorkeeper-5.9.3/lib/doorkeeper.rb +209 -0
  129. data/doorkeeper-5.9.3/lib/generators/doorkeeper/application_owner_generator.rb +33 -0
  130. data/doorkeeper-5.9.3/lib/generators/doorkeeper/confidential_applications_generator.rb +33 -0
  131. data/doorkeeper-5.9.3/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
  132. data/doorkeeper-5.9.3/lib/generators/doorkeeper/install_generator.rb +22 -0
  133. data/doorkeeper-5.9.3/lib/generators/doorkeeper/migration_generator.rb +32 -0
  134. data/doorkeeper-5.9.3/lib/generators/doorkeeper/pkce_generator.rb +33 -0
  135. data/doorkeeper-5.9.3/lib/generators/doorkeeper/previous_refresh_token_generator.rb +41 -0
  136. data/doorkeeper-5.9.3/lib/generators/doorkeeper/remove_applications_secret_not_null_constraint_generator.rb +33 -0
  137. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/README +24 -0
  138. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/add_confidential_to_applications.rb.erb +13 -0
  139. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +9 -0
  140. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +13 -0
  141. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +8 -0
  142. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
  143. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/initializer.rb +544 -0
  144. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/migration.rb.erb +99 -0
  145. data/doorkeeper-5.9.3/lib/generators/doorkeeper/templates/remove_applications_secret_not_null_constraint.rb.erb +7 -0
  146. data/doorkeeper-5.9.3/lib/generators/doorkeeper/views_generator.rb +18 -0
  147. data/doorkeeper-5.9.3/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +6 -0
  148. data/super-smart-kit.gemspec +12 -0
  149. metadata +188 -0
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Doorkeeper
4
+ class Engine < Rails::Engine
5
+ initializer "doorkeeper.params.filter", after: :load_config_initializers do |app|
6
+ app.config.to_prepare do
7
+ Doorkeeper.setup_filter_parameters
8
+ end
9
+ end
10
+
11
+ initializer "doorkeeper.routes" do
12
+ Doorkeeper::Rails::Routes.install!
13
+ end
14
+
15
+ initializer "doorkeeper.helpers" do
16
+ ActiveSupport.on_load(:action_controller) do
17
+ include Doorkeeper::Rails::Helpers
18
+ end
19
+ end
20
+
21
+ config.to_prepare do
22
+ Doorkeeper.run_orm_hooks
23
+ end
24
+
25
+ if defined?(Sprockets) && Sprockets::VERSION.chr.to_i >= 4
26
+ initializer "doorkeeper.assets.precompile" do |app|
27
+ # Force users to use:
28
+ # //= link doorkeeper/admin/application.css
29
+ # in Doorkeeper 5 for Sprockets 4 instead of precompile.
30
+ # Add note to official docs & Wiki
31
+ app.config.assets.precompile += %w[
32
+ doorkeeper/application.css
33
+ doorkeeper/admin/application.css
34
+ ]
35
+ end
36
+ end
37
+ end
38
+ end
@@ -0,0 +1,85 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Doorkeeper
4
+ module Errors
5
+ class DoorkeeperError < StandardError
6
+ def type
7
+ message
8
+ end
9
+
10
+ def self.translate_options
11
+ {}
12
+ end
13
+ end
14
+
15
+ class InvalidGrantReuse < DoorkeeperError
16
+ def type
17
+ :invalid_grant
18
+ end
19
+ end
20
+
21
+ class InvalidTokenStrategy < DoorkeeperError
22
+ def type
23
+ :unsupported_grant_type
24
+ end
25
+ end
26
+
27
+ class MissingRequiredParameter < DoorkeeperError
28
+ attr_reader :missing_param
29
+
30
+ def initialize(missing_param)
31
+ super
32
+ @missing_param = missing_param
33
+ end
34
+
35
+ def type
36
+ :invalid_request
37
+ end
38
+ end
39
+
40
+ class BaseResponseError < DoorkeeperError
41
+ attr_reader :response
42
+
43
+ def initialize(response)
44
+ @response = response
45
+ end
46
+
47
+ def self.name_for_response
48
+ name.demodulize.underscore.to_sym
49
+ end
50
+ end
51
+
52
+ class InvalidCodeChallengeMethod < BaseResponseError
53
+ def self.translate_options
54
+ challenge_methods = Doorkeeper.config.pkce_code_challenge_methods_supported
55
+ {
56
+ challenge_methods: challenge_methods.join(", "),
57
+ count: challenge_methods.length,
58
+ }
59
+ end
60
+ end
61
+
62
+ UnableToGenerateToken = Class.new(DoorkeeperError)
63
+ TokenGeneratorNotFound = Class.new(DoorkeeperError)
64
+ NoOrmCleaner = Class.new(DoorkeeperError)
65
+
66
+ InvalidRequest = Class.new(BaseResponseError)
67
+ InvalidToken = Class.new(BaseResponseError)
68
+ InvalidClient = Class.new(BaseResponseError)
69
+ InvalidScope = Class.new(BaseResponseError)
70
+ InvalidRedirectUri = Class.new(BaseResponseError)
71
+ InvalidGrant = Class.new(BaseResponseError)
72
+
73
+ UnauthorizedClient = Class.new(BaseResponseError)
74
+ UnsupportedResponseType = Class.new(BaseResponseError)
75
+ UnsupportedResponseMode = Class.new(BaseResponseError)
76
+
77
+ AccessDenied = Class.new(BaseResponseError)
78
+ ServerError = Class.new(BaseResponseError)
79
+
80
+ TokenExpired = Class.new(InvalidToken)
81
+ TokenRevoked = Class.new(InvalidToken)
82
+ TokenUnknown = Class.new(InvalidToken)
83
+ TokenForbidden = Class.new(InvalidToken)
84
+ end
85
+ end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Doorkeeper
4
+ module GrantFlow
5
+ class FallbackFlow < Flow
6
+ def handles_grant_type?
7
+ false
8
+ end
9
+
10
+ def handles_response_type?
11
+ false
12
+ end
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,44 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Doorkeeper
4
+ module GrantFlow
5
+ class Flow
6
+ attr_reader :name, :grant_type_matches, :grant_type_strategy,
7
+ :response_type_matches, :response_type_strategy,
8
+ :response_mode_matches
9
+
10
+ def initialize(name, **options)
11
+ @name = name
12
+ @grant_type_matches = options[:grant_type_matches]
13
+ @grant_type_strategy = options[:grant_type_strategy]
14
+ @response_type_matches = options[:response_type_matches]
15
+ @response_type_strategy = options[:response_type_strategy]
16
+ @response_mode_matches = options[:response_mode_matches]
17
+ end
18
+
19
+ def handles_grant_type?
20
+ grant_type_matches.present?
21
+ end
22
+
23
+ def handles_response_type?
24
+ response_type_matches.present?
25
+ end
26
+
27
+ def matches_grant_type?(value)
28
+ grant_type_matches === value
29
+ end
30
+
31
+ def matches_response_type?(value)
32
+ response_type_matches === value
33
+ end
34
+
35
+ def default_response_mode
36
+ response_mode_matches[0]
37
+ end
38
+
39
+ def matches_response_mode?(value)
40
+ response_mode_matches.include?(value)
41
+ end
42
+ end
43
+ end
44
+ end
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Doorkeeper
4
+ module GrantFlow
5
+ module Registry
6
+ mattr_accessor :flows
7
+ self.flows = {}
8
+
9
+ mattr_accessor :aliases
10
+ self.aliases = {}
11
+
12
+ # Allows to register custom OAuth grant flow so that Doorkeeper
13
+ # could recognize and process it.
14
+ #
15
+ def register(name_or_flow, **options)
16
+ unless name_or_flow.is_a?(Doorkeeper::GrantFlow::Flow)
17
+ name_or_flow = Flow.new(name_or_flow, **options)
18
+ end
19
+
20
+ flow_key = name_or_flow.name.to_sym
21
+
22
+ if flows.key?(flow_key)
23
+ ::Kernel.warn <<~WARNING
24
+ [DOORKEEPER] '#{flow_key}' grant flow already registered and will be overridden
25
+ in #{caller(1..1).first}
26
+ WARNING
27
+ end
28
+
29
+ flows[flow_key] = name_or_flow
30
+ end
31
+
32
+ # Allows to register aliases that could be used in `grant_flows`
33
+ # configuration option. It is possible to have aliases like 1:1 or
34
+ # 1:N, i.e. "implicit_oidc" => ['token', 'id_token', 'id_token token'].
35
+ #
36
+ def register_alias(alias_name, **options)
37
+ aliases[alias_name.to_sym] = Array.wrap(options.fetch(:as))
38
+ end
39
+
40
+ def expand_alias(alias_name)
41
+ aliases.fetch(alias_name.to_sym, [])
42
+ end
43
+
44
+ # [NOTE]: make it to use #fetch after removing fallbacks
45
+ def get(name)
46
+ flows[name.to_sym]
47
+ end
48
+ end
49
+ end
50
+ end
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "doorkeeper/grant_flow/flow"
4
+ require "doorkeeper/grant_flow/fallback_flow"
5
+ require "doorkeeper/grant_flow/registry"
6
+
7
+ module Doorkeeper
8
+ module GrantFlow
9
+ extend Registry
10
+
11
+ register(
12
+ :implicit,
13
+ response_type_matches: "token",
14
+ response_mode_matches: %w[fragment form_post],
15
+ response_type_strategy: Doorkeeper::Request::Token,
16
+ )
17
+
18
+ register(
19
+ :authorization_code,
20
+ response_type_matches: "code",
21
+ response_mode_matches: %w[query fragment form_post],
22
+ response_type_strategy: Doorkeeper::Request::Code,
23
+ grant_type_matches: "authorization_code",
24
+ grant_type_strategy: Doorkeeper::Request::AuthorizationCode,
25
+ )
26
+
27
+ register(
28
+ :client_credentials,
29
+ grant_type_matches: "client_credentials",
30
+ grant_type_strategy: Doorkeeper::Request::ClientCredentials,
31
+ )
32
+
33
+ register(
34
+ :password,
35
+ grant_type_matches: "password",
36
+ grant_type_strategy: Doorkeeper::Request::Password,
37
+ )
38
+
39
+ register(
40
+ :refresh_token,
41
+ grant_type_matches: "refresh_token",
42
+ grant_type_strategy: Doorkeeper::Request::RefreshToken,
43
+ )
44
+ end
45
+ end
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Doorkeeper
4
+ module Grape
5
+ class AuthorizationDecorator < SimpleDelegator
6
+ def parameters
7
+ params
8
+ end
9
+
10
+ def authorization
11
+ env = __getobj__.env
12
+ env["HTTP_AUTHORIZATION"] ||
13
+ env["X-HTTP_AUTHORIZATION"] ||
14
+ env["X_HTTP_AUTHORIZATION"] ||
15
+ env["REDIRECT_X_HTTP_AUTHORIZATION"]
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,58 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "doorkeeper/grape/authorization_decorator"
4
+
5
+ module Doorkeeper
6
+ module Grape
7
+ # Doorkeeper helpers for Grape applications.
8
+ # Provides helpers for endpoints authorization based on defined set of scopes.
9
+ module Helpers
10
+ # These helpers are for grape >= 0.10
11
+ extend ::Grape::API::Helpers
12
+ include Doorkeeper::Rails::Helpers
13
+
14
+ # endpoint specific scopes > parameter scopes > default scopes
15
+ def doorkeeper_authorize!(*scopes)
16
+ endpoint_scopes = endpoint.route_setting(:scopes) ||
17
+ endpoint.options[:route_options][:scopes]
18
+
19
+ scopes = if endpoint_scopes
20
+ Doorkeeper::OAuth::Scopes.from_array(endpoint_scopes)
21
+ elsif scopes.present?
22
+ Doorkeeper::OAuth::Scopes.from_array(scopes)
23
+ end
24
+
25
+ super(*scopes)
26
+ end
27
+
28
+ def doorkeeper_render_error_with(error)
29
+ status_code = error_status_codes[error.status]
30
+ error!({ error: error.description }, status_code, error.headers)
31
+ end
32
+
33
+ private
34
+
35
+ def endpoint
36
+ env["api.endpoint"]
37
+ end
38
+
39
+ def doorkeeper_token
40
+ @doorkeeper_token ||= OAuth::Token.authenticate(
41
+ decorated_request,
42
+ *Doorkeeper.config.access_token_methods,
43
+ )
44
+ end
45
+
46
+ def decorated_request
47
+ AuthorizationDecorator.new(request)
48
+ end
49
+
50
+ def error_status_codes
51
+ {
52
+ unauthorized: 401,
53
+ forbidden: 403,
54
+ }
55
+ end
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,91 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Define methods that can be called in any controller that inherits from
4
+ # Doorkeeper::ApplicationMetalController or Doorkeeper::ApplicationController
5
+ module Doorkeeper
6
+ module Helpers
7
+ # Rails controller helpers.
8
+ #
9
+ module Controller
10
+ def self.included(base)
11
+ base.helper_method :current_resource_owner if base.respond_to?(:helper_method)
12
+ end
13
+
14
+ private
15
+
16
+ # :doc:
17
+ def authenticate_resource_owner!
18
+ current_resource_owner
19
+ end
20
+
21
+ # :doc:
22
+ def current_resource_owner
23
+ return @current_resource_owner if defined?(@current_resource_owner)
24
+
25
+ @current_resource_owner ||= instance_eval(&Doorkeeper.config.authenticate_resource_owner)
26
+ end
27
+
28
+ def resource_owner_from_credentials
29
+ instance_eval(&Doorkeeper.config.resource_owner_from_credentials)
30
+ end
31
+
32
+ # :doc:
33
+ def authenticate_admin!
34
+ instance_eval(&Doorkeeper.config.authenticate_admin)
35
+ end
36
+
37
+ def server
38
+ @server ||= Server.new(self)
39
+ end
40
+
41
+ # :doc:
42
+ def doorkeeper_token
43
+ return @doorkeeper_token if defined?(@doorkeeper_token)
44
+
45
+ @doorkeeper_token ||= OAuth::Token.authenticate(request, *config_methods)
46
+ end
47
+
48
+ def config_methods
49
+ @config_methods ||= Doorkeeper.config.access_token_methods
50
+ end
51
+
52
+ def get_error_response_from_exception(exception)
53
+ if exception.respond_to?(:response)
54
+ exception.response
55
+ elsif exception.type == :invalid_request
56
+ OAuth::InvalidRequestResponse.new(
57
+ name: exception.type,
58
+ state: params[:state],
59
+ missing_param: exception.missing_param,
60
+ )
61
+ else
62
+ OAuth::ErrorResponse.new(name: exception.type, state: params[:state])
63
+ end
64
+ end
65
+
66
+ def handle_token_exception(exception)
67
+ error = get_error_response_from_exception(exception)
68
+ headers.merge!(error.headers)
69
+ self.response_body = error.body.to_json
70
+ self.status = error.status
71
+ end
72
+
73
+ def skip_authorization?
74
+ !!instance_exec(
75
+ [server.current_resource_owner, @pre_auth.client],
76
+ &Doorkeeper.config.skip_authorization
77
+ )
78
+ end
79
+
80
+ def enforce_content_type
81
+ if (request.put? || request.post? || request.patch?) && !x_www_form_urlencoded?
82
+ render json: {}, status: :unsupported_media_type
83
+ end
84
+ end
85
+
86
+ def x_www_form_urlencoded?
87
+ request.media_type == "application/x-www-form-urlencoded"
88
+ end
89
+ end
90
+ end
91
+ end
@@ -0,0 +1,124 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Doorkeeper
4
+ module AccessGrantMixin
5
+ extend ActiveSupport::Concern
6
+
7
+ include OAuth::Helpers
8
+ include Models::Expirable
9
+ include Models::Revocable
10
+ include Models::Accessible
11
+ include Models::Orderable
12
+ include Models::SecretStorable
13
+ include Models::Scopes
14
+ include Models::ResourceOwnerable
15
+ include Models::Concerns::WriteToPrimary
16
+ include Models::ExpirationTimeSqlMath
17
+
18
+ # Never uses PKCE if PKCE migrations were not generated
19
+ def uses_pkce?
20
+ self.class.pkce_supported? && code_challenge.present?
21
+ end
22
+
23
+ module ClassMethods
24
+ # Searches for Doorkeeper::AccessGrant record with the
25
+ # specific token value.
26
+ #
27
+ # @param token [#to_s] token value (any object that responds to `#to_s`)
28
+ #
29
+ # @return [Doorkeeper::AccessGrant, nil]
30
+ # AccessGrant object or nil if there is no record with such token
31
+ #
32
+ def by_token(token)
33
+ find_by_plaintext_token(:token, token)
34
+ end
35
+
36
+ # Revokes AccessGrant records that have not been revoked and associated
37
+ # with the specific Application and Resource Owner.
38
+ #
39
+ # @param application_id [Integer]
40
+ # ID of the Application
41
+ # @param resource_owner [ActiveRecord::Base, Integer]
42
+ # instance of the Resource Owner model or it's ID
43
+ #
44
+ def revoke_all_for(application_id, resource_owner, clock = Time)
45
+ with_primary_role do
46
+ by_resource_owner(resource_owner)
47
+ .where(
48
+ application_id: application_id,
49
+ revoked_at: nil,
50
+ )
51
+ .update_all(revoked_at: clock.now.utc)
52
+ end
53
+ end
54
+
55
+ # Implements PKCE code_challenge encoding without base64 padding as described in the spec.
56
+ # https://datatracker.ietf.org/doc/html/rfc7636#appendix-A
57
+ # Appendix A. Notes on Implementing Base64url Encoding without Padding
58
+ #
59
+ # This appendix describes how to implement a base64url-encoding
60
+ # function without padding, based upon the standard base64-encoding
61
+ # function that uses padding.
62
+ #
63
+ # To be concrete, example C# code implementing these functions is shown
64
+ # below. Similar code could be used in other languages.
65
+ #
66
+ # static string base64urlencode(byte [] arg)
67
+ # {
68
+ # string s = Convert.ToBase64String(arg); // Regular base64 encoder
69
+ # s = s.Split('=')[0]; // Remove any trailing '='s
70
+ # s = s.Replace('+', '-'); // 62nd char of encoding
71
+ # s = s.Replace('/', '_'); // 63rd char of encoding
72
+ # return s;
73
+ # }
74
+ #
75
+ # An example correspondence between unencoded and encoded values
76
+ # follows. The octet sequence below encodes into the string below,
77
+ # which when decoded, reproduces the octet sequence.
78
+ #
79
+ # 3 236 255 224 193
80
+ #
81
+ # A-z_4ME
82
+ #
83
+ # https://ruby-doc.org/stdlib-2.1.3/libdoc/base64/rdoc/Base64.html#method-i-urlsafe_encode64
84
+ #
85
+ # urlsafe_encode64(bin)
86
+ # Returns the Base64-encoded version of bin. This method complies with
87
+ # "Base 64 Encoding with URL and Filename Safe Alphabet" in RFC 4648.
88
+ # The alphabet uses '-' instead of '+' and '_' instead of '/'.
89
+
90
+ # @param code_verifier [#to_s] a one time use value (any object that responds to `#to_s`)
91
+ #
92
+ # @return [#to_s] An encoded code challenge based on the provided verifier
93
+ # suitable for PKCE validation
94
+ #
95
+ def generate_code_challenge(code_verifier)
96
+ Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier), padding: false)
97
+ end
98
+
99
+ def pkce_supported?
100
+ column_names.include?("code_challenge")
101
+ end
102
+
103
+ ##
104
+ # Determines the secret storing transformer
105
+ # Unless configured otherwise, uses the plain secret strategy
106
+ #
107
+ # @return [Doorkeeper::SecretStoring::Base]
108
+ #
109
+ def secret_strategy
110
+ ::Doorkeeper.config.token_secret_strategy
111
+ end
112
+
113
+ ##
114
+ # Determine the fallback storing strategy
115
+ # Unless configured, there will be no fallback
116
+ #
117
+ # @return [Doorkeeper::SecretStoring::Base]
118
+ #
119
+ def fallback_secret_strategy
120
+ ::Doorkeeper.config.token_secret_fallback_strategy
121
+ end
122
+ end
123
+ end
124
+ end