├── .codeclimate.yml
├── .coveralls.yml
├── .dockerignore
├── .editorconfig
├── .github
├── FUNDING.yml
├── ISSUE_TEMPLATE.md
├── PULL_REQUEST_TEMPLATE.md
├── dependabot.yml
└── workflows
│ ├── check_orm_changes.yml
│ └── ci.yml
├── .gitignore
├── .hound.yml
├── .rspec
├── .rubocop.yml
├── .rubocop_todo.yml
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── Dockerfile
├── Gemfile
├── MIT-LICENSE
├── NEWS.md
├── README.md
├── RELEASING.md
├── Rakefile
├── SECURITY.md
├── UPGRADE.md
├── app
├── assets
│ └── stylesheets
│ │ └── doorkeeper
│ │ ├── admin
│ │ └── application.css
│ │ └── application.css
├── controllers
│ └── doorkeeper
│ │ ├── application_controller.rb
│ │ ├── application_metal_controller.rb
│ │ ├── applications_controller.rb
│ │ ├── authorizations_controller.rb
│ │ ├── authorized_applications_controller.rb
│ │ ├── token_info_controller.rb
│ │ └── tokens_controller.rb
├── helpers
│ └── doorkeeper
│ │ └── dashboard_helper.rb
└── views
│ ├── doorkeeper
│ ├── applications
│ │ ├── _delete_form.html.erb
│ │ ├── _form.html.erb
│ │ ├── edit.html.erb
│ │ ├── index.html.erb
│ │ ├── new.html.erb
│ │ └── show.html.erb
│ ├── authorizations
│ │ ├── error.html.erb
│ │ ├── form_post.html.erb
│ │ ├── new.html.erb
│ │ └── show.html.erb
│ └── authorized_applications
│ │ ├── _delete_form.html.erb
│ │ └── index.html.erb
│ └── layouts
│ └── doorkeeper
│ ├── admin.html.erb
│ └── application.html.erb
├── benchmark
├── ruby
│ └── client_credentials.rb
└── wrk
│ └── .keep
├── bin
└── console
├── config
└── locales
│ └── en.yml
├── doorkeeper.gemspec
├── gemfiles
├── rails_7_0.gemfile
├── rails_7_1.gemfile
├── rails_7_2.gemfile
├── rails_8_0.gemfile
└── rails_edge.gemfile
├── lib
├── doorkeeper.rb
├── doorkeeper
│ ├── config.rb
│ ├── config
│ │ ├── abstract_builder.rb
│ │ ├── option.rb
│ │ └── validations.rb
│ ├── engine.rb
│ ├── errors.rb
│ ├── grant_flow.rb
│ ├── grant_flow
│ │ ├── fallback_flow.rb
│ │ ├── flow.rb
│ │ └── registry.rb
│ ├── grape
│ │ ├── authorization_decorator.rb
│ │ └── helpers.rb
│ ├── helpers
│ │ └── controller.rb
│ ├── models
│ │ ├── access_grant_mixin.rb
│ │ ├── access_token_mixin.rb
│ │ ├── application_mixin.rb
│ │ └── concerns
│ │ │ ├── accessible.rb
│ │ │ ├── expirable.rb
│ │ │ ├── expiration_time_sql_math.rb
│ │ │ ├── orderable.rb
│ │ │ ├── ownership.rb
│ │ │ ├── polymorphic_resource_owner.rb
│ │ │ ├── resource_ownerable.rb
│ │ │ ├── reusable.rb
│ │ │ ├── revocable.rb
│ │ │ ├── scopes.rb
│ │ │ └── secret_storable.rb
│ ├── oauth.rb
│ ├── oauth
│ │ ├── authorization
│ │ │ ├── code.rb
│ │ │ ├── context.rb
│ │ │ ├── token.rb
│ │ │ └── uri_builder.rb
│ │ ├── authorization_code_request.rb
│ │ ├── base_request.rb
│ │ ├── base_response.rb
│ │ ├── client.rb
│ │ ├── client
│ │ │ └── credentials.rb
│ │ ├── client_credentials
│ │ │ ├── creator.rb
│ │ │ ├── issuer.rb
│ │ │ └── validator.rb
│ │ ├── client_credentials_request.rb
│ │ ├── code_request.rb
│ │ ├── code_response.rb
│ │ ├── error.rb
│ │ ├── error_response.rb
│ │ ├── forbidden_token_response.rb
│ │ ├── helpers
│ │ │ ├── scope_checker.rb
│ │ │ ├── unique_token.rb
│ │ │ └── uri_checker.rb
│ │ ├── hooks
│ │ │ └── context.rb
│ │ ├── invalid_request_response.rb
│ │ ├── invalid_token_response.rb
│ │ ├── nonstandard.rb
│ │ ├── password_access_token_request.rb
│ │ ├── pre_authorization.rb
│ │ ├── refresh_token_request.rb
│ │ ├── scopes.rb
│ │ ├── token.rb
│ │ ├── token_introspection.rb
│ │ ├── token_request.rb
│ │ └── token_response.rb
│ ├── orm
│ │ ├── active_record.rb
│ │ └── active_record
│ │ │ ├── access_grant.rb
│ │ │ ├── access_token.rb
│ │ │ ├── application.rb
│ │ │ ├── mixins
│ │ │ ├── access_grant.rb
│ │ │ ├── access_token.rb
│ │ │ └── application.rb
│ │ │ ├── redirect_uri_validator.rb
│ │ │ └── stale_records_cleaner.rb
│ ├── rails
│ │ ├── helpers.rb
│ │ ├── routes.rb
│ │ └── routes
│ │ │ ├── abstract_router.rb
│ │ │ ├── mapper.rb
│ │ │ ├── mapping.rb
│ │ │ └── registry.rb
│ ├── rake.rb
│ ├── rake
│ │ ├── db.rake
│ │ └── setup.rake
│ ├── request.rb
│ ├── request
│ │ ├── authorization_code.rb
│ │ ├── client_credentials.rb
│ │ ├── code.rb
│ │ ├── password.rb
│ │ ├── refresh_token.rb
│ │ ├── strategy.rb
│ │ └── token.rb
│ ├── revocable_tokens
│ │ ├── revocable_access_token.rb
│ │ └── revocable_refresh_token.rb
│ ├── secret_storing
│ │ ├── base.rb
│ │ ├── bcrypt.rb
│ │ ├── plain.rb
│ │ └── sha256_hash.rb
│ ├── server.rb
│ ├── stale_records_cleaner.rb
│ ├── validations.rb
│ └── version.rb
└── generators
│ └── doorkeeper
│ ├── application_owner_generator.rb
│ ├── confidential_applications_generator.rb
│ ├── enable_polymorphic_resource_owner_generator.rb
│ ├── install_generator.rb
│ ├── migration_generator.rb
│ ├── pkce_generator.rb
│ ├── previous_refresh_token_generator.rb
│ ├── remove_applications_secret_not_null_constraint_generator.rb
│ ├── templates
│ ├── README
│ ├── add_confidential_to_applications.rb.erb
│ ├── add_owner_to_application_migration.rb.erb
│ ├── add_previous_refresh_token_to_access_tokens.rb.erb
│ ├── enable_pkce_migration.rb.erb
│ ├── enable_polymorphic_resource_owner_migration.rb.erb
│ ├── initializer.rb
│ ├── migration.rb.erb
│ └── remove_applications_secret_not_null_constraint.rb.erb
│ └── views_generator.rb
├── spec
├── controllers
│ ├── application_metal_controller_spec.rb
│ ├── applications_controller_spec.rb
│ ├── authorizations_controller_spec.rb
│ ├── protected_resources_controller_spec.rb
│ ├── token_info_controller_spec.rb
│ └── tokens_controller_spec.rb
├── doorkeeper
│ ├── redirect_uri_validator_spec.rb
│ ├── server_spec.rb
│ ├── stale_records_cleaner_spec.rb
│ └── version_spec.rb
├── dummy
│ ├── Rakefile
│ ├── app
│ │ ├── assets
│ │ │ └── config
│ │ │ │ └── manifest.js
│ │ ├── controllers
│ │ │ ├── application_controller.rb
│ │ │ ├── custom_authorizations_controller.rb
│ │ │ ├── full_protected_resources_controller.rb
│ │ │ ├── home_controller.rb
│ │ │ ├── metal_controller.rb
│ │ │ └── semi_protected_resources_controller.rb
│ │ ├── helpers
│ │ │ └── application_helper.rb
│ │ ├── models
│ │ │ └── user.rb
│ │ └── views
│ │ │ ├── home
│ │ │ └── index.html.erb
│ │ │ └── layouts
│ │ │ └── application.html.erb
│ ├── config.ru
│ ├── config
│ │ ├── application.rb
│ │ ├── boot.rb
│ │ ├── database.yml
│ │ ├── environment.rb
│ │ ├── environments
│ │ │ ├── development.rb
│ │ │ ├── production.rb
│ │ │ └── test.rb
│ │ ├── initializers
│ │ │ ├── backtrace_silencers.rb
│ │ │ ├── doorkeeper.rb
│ │ │ ├── secret_token.rb
│ │ │ ├── session_store.rb
│ │ │ └── wrap_parameters.rb
│ │ ├── locales
│ │ │ └── doorkeeper.en.yml
│ │ └── routes.rb
│ ├── db
│ │ ├── migrate
│ │ │ ├── 20111122132257_create_users.rb
│ │ │ ├── 20120312140401_add_password_to_users.rb
│ │ │ ├── 20151223192035_create_doorkeeper_tables.rb
│ │ │ ├── 20151223200000_add_owner_to_application.rb
│ │ │ ├── 20160320211015_add_previous_refresh_token_to_access_tokens.rb
│ │ │ ├── 20170822064514_enable_pkce.rb
│ │ │ ├── 20180210183654_add_confidential_to_applications.rb
│ │ │ └── 20230205064514_add_custom_attributes.rb
│ │ └── schema.rb
│ ├── public
│ │ ├── 404.html
│ │ ├── 422.html
│ │ ├── 500.html
│ │ └── favicon.ico
│ └── script
│ │ └── rails
├── factories.rb
├── generators
│ ├── application_owner_generator_spec.rb
│ ├── confidential_applications_generator_spec.rb
│ ├── enable_polymorphic_resource_owner_generator_spec.rb
│ ├── install_generator_spec.rb
│ ├── migration_generator_spec.rb
│ ├── pkce_generator_spec.rb
│ ├── previous_refresh_token_generator_spec.rb
│ ├── remove_applications_secret_not_null_constraint_generator_spec.rb
│ ├── templates
│ │ └── routes.rb
│ └── views_generator_spec.rb
├── grape
│ └── grape_integration_spec.rb
├── helpers
│ └── doorkeeper
│ │ └── dashboard_helper_spec.rb
├── lib
│ ├── config_spec.rb
│ ├── doorkeeper_spec.rb
│ ├── grant_flow
│ │ └── flow_spec.rb
│ ├── grant_flow_spec.rb
│ ├── models
│ │ ├── expirable_spec.rb
│ │ ├── reusable_spec.rb
│ │ ├── revocable_spec.rb
│ │ ├── scopes_spec.rb
│ │ └── secret_storable_spec.rb
│ ├── oauth
│ │ ├── authorization
│ │ │ └── uri_builder_spec.rb
│ │ ├── authorization_code_request_spec.rb
│ │ ├── base_request_spec.rb
│ │ ├── base_response_spec.rb
│ │ ├── client
│ │ │ └── credentials_spec.rb
│ │ ├── client_credentials
│ │ │ ├── creator_spec.rb
│ │ │ ├── issuer_spec.rb
│ │ │ └── validation_spec.rb
│ │ ├── client_credentials_integration_spec.rb
│ │ ├── client_credentials_request_spec.rb
│ │ ├── client_spec.rb
│ │ ├── code_request_spec.rb
│ │ ├── code_response_spec.rb
│ │ ├── error_response_spec.rb
│ │ ├── error_spec.rb
│ │ ├── forbidden_token_response_spec.rb
│ │ ├── helpers
│ │ │ ├── scope_checker_spec.rb
│ │ │ ├── unique_token_spec.rb
│ │ │ └── uri_checker_spec.rb
│ │ ├── invalid_request_response_spec.rb
│ │ ├── invalid_token_response_spec.rb
│ │ ├── password_access_token_request_spec.rb
│ │ ├── pre_authorization_spec.rb
│ │ ├── refresh_token_request_spec.rb
│ │ ├── scopes_spec.rb
│ │ ├── token_request_spec.rb
│ │ ├── token_response_spec.rb
│ │ └── token_spec.rb
│ ├── option_spec.rb
│ ├── request
│ │ └── strategy_spec.rb
│ └── secret_storing
│ │ ├── base_spec.rb
│ │ ├── bcrypt_spec.rb
│ │ ├── plain_spec.rb
│ │ └── sha256_hash_spec.rb
├── models
│ └── doorkeeper
│ │ ├── access_grant_spec.rb
│ │ ├── access_token_spec.rb
│ │ └── application_spec.rb
├── requests
│ ├── applications
│ │ ├── applications_request_spec.rb
│ │ └── authorized_applications_spec.rb
│ ├── endpoints
│ │ ├── authorization_spec.rb
│ │ └── token_spec.rb
│ ├── flows
│ │ ├── authorization_code_errors_spec.rb
│ │ ├── authorization_code_spec.rb
│ │ ├── client_credentials_spec.rb
│ │ ├── implicit_grant_errors_spec.rb
│ │ ├── implicit_grant_spec.rb
│ │ ├── password_spec.rb
│ │ ├── refresh_token_spec.rb
│ │ ├── revoke_token_spec.rb
│ │ └── skip_authorization_spec.rb
│ └── protected_resources
│ │ ├── metal_spec.rb
│ │ └── private_api_spec.rb
├── routing
│ ├── custom_controller_routes_spec.rb
│ ├── default_routes_spec.rb
│ └── scoped_routes_spec.rb
├── spec_helper.rb
├── spec_helper_integration.rb
└── support
│ ├── dependencies
│ └── factory_bot.rb
│ ├── doorkeeper_rspec.rb
│ ├── helpers
│ ├── access_token_request_helper.rb
│ ├── authorization_request_helper.rb
│ ├── config_helper.rb
│ ├── model_helper.rb
│ ├── request_spec_helper.rb
│ └── url_helper.rb
│ ├── orm
│ └── active_record.rb
│ ├── render_with_matcher.rb
│ └── shared
│ ├── controllers_shared_context.rb
│ ├── hashing_shared_context.rb
│ └── models_shared_examples.rb
└── vendor
└── assets
└── stylesheets
└── doorkeeper
└── bootstrap.min.css
/.codeclimate.yml:
--------------------------------------------------------------------------------
1 | exclude_patterns:
2 | - "lib/doorkeeper/config.rb"
3 | - "spec/"
4 |
--------------------------------------------------------------------------------
/.coveralls.yml:
--------------------------------------------------------------------------------
1 | service_name: travis-ci
2 |
--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | Gemfile.lock
2 |
--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
1 | root = true
2 |
3 | [*.{rb,json}]
4 | indent_style = space
5 | indent_size = 2
6 | insert_final_newline = true
7 |
--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 |
3 | open_collective: doorkeeper-gem
4 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | ### Steps to reproduce
2 | What we need to do to see your problem or bug?
3 |
4 | The more detailed the issue, the more likely that we will fix it ASAP.
5 |
6 | Don't use GitHub issues for questions like "How can I do that?" —
7 | use [StackOverflow](https://stackoverflow.com/questions/tagged/doorkeeper)
8 | instead with the corresponding tag.
9 |
10 | ### Expected behavior
11 | Tell us what should happen
12 |
13 | ### Actual behavior
14 | Tell us what happens instead
15 |
16 | ### System configuration
17 | You can help us to understand your problem if you will share some very
18 | useful information about your project environment (don't forget to
19 | remove any confidential data if it exists).
20 |
21 | **Doorkeeper initializer**:
22 |
23 | ```ruby
24 | # config/initializers/doorkeeper.rb
25 | Doorkeeper.configure do
26 | # ...
27 | end
28 | ```
29 |
30 | **Ruby version**: ``
31 |
32 | **Gemfile.lock**:
33 |
34 |
35 | Gemfile.lock content
36 |
37 | ```
38 | Place your Gemfile.lock content here
39 | ```
40 |
41 |
--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | ### Summary
2 |
3 | Provide a general description of the code changes in your pull
4 | request... were there any bugs you had fixed? If so, mention them. If
5 | these bugs have open GitHub issues, be sure to tag them here as well,
6 | to keep the conversation linked together.
7 |
8 | ### Other Information
9 |
10 | If there's anything else that's important and relevant to your pull
11 | request, mention that information here. This could include
12 | benchmarks, or other information.
13 |
14 | If you are updating CHANGELOG.md file or are asked to update it by reviewers,
15 | please add the changelog entry at the top of the file.
16 |
17 | Thanks for contributing to Doorkeeper project!
18 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: bundler
4 | directory: "/"
5 | schedule:
6 | interval: daily
7 | open-pull-requests-limit: 10
8 | - package-ecosystem: github-actions
9 | directory: "/"
10 | schedule:
11 | interval: daily
12 | open-pull-requests-limit: 10
13 |
--------------------------------------------------------------------------------
/.github/workflows/check_orm_changes.yml:
--------------------------------------------------------------------------------
1 | name: Check ORM changes
2 | on:
3 | push:
4 | branches:
5 | - main
6 | jobs:
7 | check_orm_changes_and_notify:
8 | name: Notify ORM extensions about required code updates
9 | runs-on: ubuntu-latest
10 | if: |
11 | !contains(github.event.head_commit.message, 'ga skip') &&
12 | !contains(github.event.head_commit.message, 'skip ga')
13 | env:
14 | ISSUE_TITLE: "ORM requires update due to latest Doorkeeper changes"
15 | ISSUE_BODY: |
16 | Doorkeeper has ORM changes merged to `main` branch.
17 |
18 | See https://github.com/doorkeeper-gem/doorkeeper/commit/${{ github.sha }} for the details.
19 | ISSUE_LABELS: ORM
20 | steps:
21 | - name: List & cache git modified files
22 | id: changed_files
23 | uses: lots0logs/gh-action-get-changed-files@2.2.2
24 | with:
25 | token: ${{ secrets.GITHUB_TOKEN }}
26 | - name: Check if ORM files were changed
27 | id: check_orm_files
28 | run: |
29 | changed_files=$(cat ${HOME}/files.json)
30 |
31 | if [[ $changed_files == *"lib/doorkeeper/orm/active_record"* ]] || \
32 | [[ $changed_files == *"lib/doorkeeper/models/"* ]];
33 | then
34 | echo "ORM files changes detected!"
35 | echo "ORM_CHANGES=yes" >> $GITHUB_ENV
36 | else
37 | echo "No changes in ORM files, exiting"
38 | fi
39 | - name: Create an issue for Mongo extension
40 | id: create_mongodb_issue
41 | if: env.ORM_CHANGES == 'yes'
42 | uses: dacbd/create-issue-action@main
43 | with:
44 | token: ${{ github.token }}
45 | title: ${{ env.ISSUE_TITLE }}
46 | body: ${{ env.ISSUE_BODY }}
47 | org: doorkeeper
48 | repo: doorkeeper-mongodb
49 | labels: ${{ env.ISSUE_LABELS}}
50 | - name: Create an issue for Sequel extension
51 | id: create_sequel_issue
52 | if: env.ORM_CHANGES == 'yes'
53 | uses: dacbd/create-issue-action@main
54 | with:
55 | token: ${{ github.token }}
56 | title: ${{ env.ISSUE_TITLE }}
57 | body: ${{ env.ISSUE_BODY }}
58 | repo: doorkeeper-sequel
59 | labels: ${{ env.ISSUE_LABELS}}
60 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .bundle/
2 | .rbx
3 | *.rbc
4 | log/*.log
5 | pkg/
6 | spec/dummy/db/*.sqlite3
7 | spec/dummy/log/*.log
8 | spec/dummy/tmp/
9 | spec/generators/tmp
10 | Gemfile.lock
11 | gemfiles/*.lock
12 | .rvmrc
13 | *.swp
14 | .idea
15 | /.yardoc/
16 | /_yardoc/
17 | /doc/
18 | /rdoc/
19 | coverage
20 | *.gem
21 | gemfiles/vendor
22 |
--------------------------------------------------------------------------------
/.hound.yml:
--------------------------------------------------------------------------------
1 | rubocop:
2 | config_file: .rubocop.yml
3 | version: 1.5.2
4 |
--------------------------------------------------------------------------------
/.rspec:
--------------------------------------------------------------------------------
1 | --colour
2 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing
2 |
3 | We love pull requests from everyone. By participating in this project, you agree
4 | to abide by the [code of conduct](CODE_OF_CONDUCT.md).
5 |
6 | Fork, then clone the repo:
7 |
8 | git clone git@github.com:your-username/doorkeeper.git
9 |
10 | ### Docker Setup
11 |
12 | Build the container image with: `docker build --pull -t doorkeeper:test .`
13 | Run the tests with: `docker run -it --rm doorkeeper:test`
14 |
15 | ### Local Setup
16 |
17 | * Set up Ruby dependencies via Bundler
18 |
19 | bundle install
20 |
21 | * Make sure the tests pass:
22 |
23 | rake spec
24 |
25 | * Make your changes.
26 | * Write tests.
27 | * Follow our [style guides](.rubocop.yml).
28 | * Make the tests pass:
29 |
30 | rake spec
31 |
32 | * Add notes about your changes to the `CHANGELOG.md` file.
33 |
34 | * Write a [good commit message][commit].
35 | * Push to your fork.
36 | * [Submit a pull request][pr].
37 |
38 | [commit]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
39 | [pr]: https://github.com/doorkeeper-gem/doorkeeper/compare/
40 |
41 | * If [Hound] catches style violations, fix them. If our bot suggested changes — please add them.
42 |
43 | [hound]: https://houndci.com
44 |
45 | * Wait for us. We try to at least comment on pull requests within one business day.
46 | * We may suggest changes.
47 | * Please, squash your commits to a single one if you introduced a new changes or pushed more than
48 | one commit. Let's keep the history clean.
49 |
50 | Thank you for your contribution! :handshake:
51 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ruby:3.3.4-alpine
2 |
3 | # Linux UID (user id) for the doorkeeper user, change with [--build-arg UID=1234]
4 | ARG UID="991"
5 | # Linux GID (group id) for the doorkeeper user, change with [--build-arg GID=1234]
6 | ARG GID="991"
7 | # Timezone used by the Docker container and runtime, change with [--build-arg TZ=Europe/Berlin]
8 | ARG TZ="Etc/UTC"
9 |
10 | # Apply timezone
11 | ENV TZ=${TZ}
12 |
13 | RUN addgroup -g "${GID}" doorkeeper; \
14 | adduser -u "${UID}" -G "doorkeeper" -h /srv doorkeeper; \
15 | echo "${TZ}" > /etc/localtime;
16 |
17 | RUN apk add --no-cache \
18 | ca-certificates \
19 | wget \
20 | openssl \
21 | bash \
22 | build-base \
23 | git \
24 | sqlite-dev \
25 | tzdata
26 |
27 | ENV LANG=en_US.UTF-8
28 | ENV LANGUAGE=en_US:en
29 | ENV LC_ALL=en_US.UTF-8
30 |
31 | ENV BUNDLER_VERSION=2.5.11
32 | RUN gem install bundler -v ${BUNDLER_VERSION} -i /usr/local/lib/ruby/gems/$(ls /usr/local/lib/ruby/gems) --force
33 |
34 | WORKDIR /srv
35 |
36 | COPY Gemfile doorkeeper.gemspec /srv/
37 | COPY lib/doorkeeper/version.rb /srv/lib/doorkeeper/version.rb
38 |
39 | # This is a fix for sqlite alpine issues
40 | RUN bundle config force_ruby_platform true
41 | RUN bundle install
42 |
43 | COPY . /srv/
44 |
45 | RUN chown -R doorkeeper:doorkeeper /srv/coverage /srv/spec/dummy/tmp /srv/spec/generators/tmp
46 |
47 | # Set the running user for resulting container
48 | USER doorkeeper
49 |
50 | CMD ["rake"]
51 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | source "https://rubygems.org"
4 | git_source(:github) { |repo| "https://github.com/#{repo}.git" }
5 |
6 | gemspec
7 |
8 | gem "rails", ">= 7.0", "< 8.1"
9 |
10 | gem "sprockets-rails"
11 |
12 | gem "rspec-core"
13 | gem "rspec-expectations"
14 | gem "rspec-mocks"
15 | gem "rspec-rails", "~> 8.0"
16 | gem "rspec-support"
17 |
18 | gem "rubocop", "~> 1.4"
19 | gem "rubocop-performance", require: false
20 | gem "rubocop-rails", require: false
21 | gem "rubocop-rspec", require: false
22 |
23 | gem "bcrypt", "~> 3.1", require: false
24 |
25 | gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
26 | gem "sqlite3", "~> 2.3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
27 |
28 | gem "tzinfo-data", platforms: %i[mingw mswin x64_mingw]
29 | gem "timecop"
30 |
31 | gem 'irb', '~> 1.8'
32 |
33 | # Interactive Debugging tools
34 | gem 'debug', '~> 1.8'
35 |
--------------------------------------------------------------------------------
/MIT-LICENSE:
--------------------------------------------------------------------------------
1 | Copyright 2011 Applicake. http://applicake.com
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining
4 | a copy of this software and associated documentation files (the
5 | "Software"), to deal in the Software without restriction, including
6 | without limitation the rights to use, copy, modify, merge, publish,
7 | distribute, sublicense, and/or sell copies of the Software, and to
8 | permit persons to whom the Software is furnished to do so, subject to
9 | the following conditions:
10 |
11 | The above copyright notice and this permission notice shall be
12 | included in all copies or substantial portions of the Software.
13 |
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/NEWS.md:
--------------------------------------------------------------------------------
1 | Document moved [here](CHANGELOG.md)
2 |
--------------------------------------------------------------------------------
/RELEASING.md:
--------------------------------------------------------------------------------
1 | # Releasing Doorkeeper
2 |
3 | How to release Doorkeeper in five easy steps!
4 |
5 | 1. Update `lib/doorkeeper/version.rb` file accordingly.
6 | 2. Update `CHANGELOG.md` to reflect the changes since last release.
7 | 3. Commit changes: `git commit -am 'Bump to vVERSION'`.
8 | 4. Build and publish the gem.
9 | 4. Create GitHub release.
10 | 5. Announce the new release, making sure to say “thank you” to the contributors
11 | who helped shape this version!
12 |
--------------------------------------------------------------------------------
/Rakefile:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | require "bundler/setup"
4 | require "rspec/core/rake_task"
5 |
6 | desc "Default: run specs."
7 | task default: :spec
8 |
9 | desc "Run all specs"
10 | RSpec::Core::RakeTask.new(:spec) do |config|
11 | config.verbose = false
12 | end
13 |
14 | namespace :doorkeeper do
15 | desc "Install doorkeeper in dummy app"
16 | task :install do
17 | cd "spec/dummy"
18 | system "bundle exec rails g doorkeeper:install --force"
19 | end
20 |
21 | desc "Runs local test server"
22 | task :server do
23 | cd "spec/dummy"
24 | system "bundle exec rails server"
25 | end
26 | end
27 |
28 | Bundler::GemHelper.install_tasks
29 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Reporting security issues in Doorkeeper
2 |
3 | Hello! Thank you for wanting to disclose a possible security
4 | vulnerability within the Doorkeeper gem! Please follow our disclosure
5 | policy as outlined below:
6 |
7 | 1. Do NOT open up a GitHub issue with your report. Security reports
8 | should be kept private until a possible fix is determined.
9 | 2. Send an email to Nikita Bulai at bulaj.nikita AT gmail.com or one of
10 | the others Doorkeeper maintainers listed in gemspec. You should receive
11 | a prompt response.
12 | 3. Be patient. Since Doorkeeper is in a stable maintenance phase, we want to
13 | do as little as possible to rock the boat of the project.
14 |
15 | Thank you very much for adhering for these policies!
16 |
--------------------------------------------------------------------------------
/UPGRADE.md:
--------------------------------------------------------------------------------
1 | See [Upgrade Guides](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions)
2 | in the project Wiki.
3 |
--------------------------------------------------------------------------------
/app/assets/stylesheets/doorkeeper/admin/application.css:
--------------------------------------------------------------------------------
1 | /*
2 | *= require doorkeeper/bootstrap.min
3 | *
4 | *= require_self
5 | *= require_tree .
6 | */
7 |
8 | .doorkeeper-admin .form-group > .field_with_errors {
9 | width: 16.66667%;
10 | }
11 |
--------------------------------------------------------------------------------
/app/assets/stylesheets/doorkeeper/application.css:
--------------------------------------------------------------------------------
1 | /*
2 | *= require doorkeeper/bootstrap.min
3 | *
4 | *= require_self
5 | *= require_tree .
6 | */
7 |
8 | body {
9 | background-color: #eee;
10 | font-size: 14px;
11 | }
12 |
13 | #container {
14 | background-color: #fff;
15 | border: 1px solid #999;
16 | border: 1px solid rgba(0, 0, 0, 0.2);
17 | border-radius: 6px;
18 | -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5);
19 | box-shadow: 0 3px 20px rgba(0, 0, 0, 0.3);
20 | margin: 2em auto;
21 | max-width: 600px;
22 | outline: 0;
23 | padding: 1em;
24 | width: 80%;
25 | }
26 |
27 | .page-header {
28 | margin-top: 20px;
29 | }
30 |
31 | #oauth-permissions {
32 | width: 260px;
33 | }
34 |
35 | .actions {
36 | border-top: 1px solid #eee;
37 | margin-top: 1em;
38 | padding-top: 9px;
39 | }
40 |
41 | .actions > form > .btn {
42 | margin-top: 5px;
43 | }
44 |
45 | .separator {
46 | color: #eee;
47 | padding: 0 .5em;
48 | }
49 |
50 | .inline_block {
51 | display: inline-block;
52 | }
53 |
54 | #oauth {
55 | margin-bottom: 1em;
56 | }
57 |
58 | #oauth > .btn {
59 | width: 7em;
60 | }
61 |
62 | td {
63 | vertical-align: middle !important;
64 | }
65 |
--------------------------------------------------------------------------------
/app/controllers/doorkeeper/application_controller.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | module Doorkeeper
4 | class ApplicationController <
5 | Doorkeeper.config.resolve_controller(:base)
6 | include Helpers::Controller
7 | include ActionController::MimeResponds if Doorkeeper.config.api_only
8 |
9 | unless Doorkeeper.config.api_only
10 | protect_from_forgery with: :exception
11 | helper "doorkeeper/dashboard"
12 | end
13 | end
14 | end
15 |
--------------------------------------------------------------------------------
/app/controllers/doorkeeper/application_metal_controller.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | module Doorkeeper
4 | class ApplicationMetalController <
5 | Doorkeeper.config.resolve_controller(:base_metal)
6 | include Helpers::Controller
7 |
8 | before_action :enforce_content_type,
9 | if: -> { Doorkeeper.config.enforce_content_type }
10 |
11 | ActiveSupport.run_load_hooks(:doorkeeper_metal_controller, self)
12 | end
13 | end
14 |
--------------------------------------------------------------------------------
/app/controllers/doorkeeper/authorized_applications_controller.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | module Doorkeeper
4 | class AuthorizedApplicationsController < Doorkeeper::ApplicationController
5 | before_action :authenticate_resource_owner!
6 |
7 | def index
8 | @applications = Doorkeeper.config.application_model.authorized_for(current_resource_owner)
9 |
10 | respond_to do |format|
11 | format.html
12 | format.json { render json: @applications, current_resource_owner: current_resource_owner }
13 | end
14 | end
15 |
16 | def destroy
17 | Doorkeeper.config.application_model.revoke_tokens_and_grants_for(
18 | params[:id],
19 | current_resource_owner,
20 | )
21 |
22 | respond_to do |format|
23 | format.html do
24 | redirect_to oauth_authorized_applications_url, notice: I18n.t(
25 | :notice, scope: %i[doorkeeper flash authorized_applications destroy],
26 | )
27 | end
28 |
29 | format.json { head :no_content }
30 | end
31 | end
32 | end
33 | end
34 |
--------------------------------------------------------------------------------
/app/controllers/doorkeeper/token_info_controller.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | module Doorkeeper
4 | class TokenInfoController < Doorkeeper::ApplicationMetalController
5 | def show
6 | if doorkeeper_token&.accessible?
7 | render json: doorkeeper_token_to_json, status: :ok
8 | else
9 | error = OAuth::InvalidTokenResponse.new
10 | response.headers.merge!(error.headers)
11 | render json: error_to_json(error), status: error.status
12 | end
13 | end
14 |
15 | protected
16 |
17 | def doorkeeper_token_to_json
18 | doorkeeper_token
19 | end
20 |
21 | def error_to_json(error)
22 | error.body
23 | end
24 | end
25 | end
26 |
--------------------------------------------------------------------------------
/app/helpers/doorkeeper/dashboard_helper.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 |
3 | module Doorkeeper
4 | module DashboardHelper
5 | def doorkeeper_errors_for(object, method)
6 | return if object.errors[method].blank?
7 |
8 | output = object.errors[method].map do |msg|
9 | content_tag(:span, class: "invalid-feedback") do
10 | msg.capitalize
11 | end
12 | end
13 |
14 | safe_join(output)
15 | end
16 |
17 | def doorkeeper_submit_path(application)
18 | application.persisted? ? oauth_application_path(application) : oauth_applications_path
19 | end
20 | end
21 | end
22 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/applications/_delete_form.html.erb:
--------------------------------------------------------------------------------
1 | <%- submit_btn_css ||= 'btn btn-link' %>
2 | <%= form_tag oauth_application_path(application), method: :delete do %>
3 | <%= submit_tag t('doorkeeper.applications.buttons.destroy'),
4 | onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')",
5 | class: submit_btn_css %>
6 | <% end %>
7 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/applications/edit.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
<%= t('.title') %>
3 |
4 |
5 | <%= render 'form', application: @application %>
6 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/applications/index.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
<%= t('.title') %>
3 |
4 |
5 | <%= link_to t('.new'), new_oauth_application_path, class: 'btn btn-success' %>
6 |
7 |
8 |
9 |
10 | | <%= t('.name') %> |
11 | <%= t('.callback_url') %> |
12 | <%= t('.confidential') %> |
13 | <%= t('.actions') %> |
14 | |
15 |
16 |
17 |
18 | <% @applications.each do |application| %>
19 |
20 | |
21 | <%= link_to application.name, oauth_application_path(application) %>
22 | |
23 |
24 | <%= simple_format(application.redirect_uri) %>
25 | |
26 |
27 | <%= application.confidential? ? t('doorkeeper.applications.index.confidentiality.yes') : t('doorkeeper.applications.index.confidentiality.no') %>
28 | |
29 |
30 | <%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %>
31 | |
32 |
33 | <%= render 'delete_form', application: application %>
34 | |
35 |
36 | <% end %>
37 |
38 |
39 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/applications/new.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
<%= t('.title') %>
3 |
4 |
5 | <%= render 'form', application: @application %>
6 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/authorizations/error.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
<%= t('doorkeeper.authorizations.error.title') %>
3 |
4 |
5 |
6 |
7 | <%= (local_assigns[:error_response] ? error_response : @pre_auth.error_response).body[:error_description] %>
8 |
9 |
10 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/authorizations/form_post.html.erb:
--------------------------------------------------------------------------------
1 |
4 |
5 | <%= form_tag @pre_auth.redirect_uri, method: :post, name: :redirect_form, authenticity_token: false do %>
6 | <% auth.body.compact.each do |key, value| %>
7 | <%= hidden_field_tag key, value %>
8 | <% end %>
9 | <% end %>
10 |
11 |
16 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/authorizations/new.html.erb:
--------------------------------------------------------------------------------
1 |
4 |
5 |
6 |
7 | <%= raw t('.prompt', client_name: content_tag(:strong, class: 'text-info') { @pre_auth.client.name }) %>
8 |
9 |
10 | <% if @pre_auth.scopes.count > 0 %>
11 |
12 |
<%= t('.able_to') %>:
13 |
14 |
15 | <% @pre_auth.scopes.each do |scope| %>
16 | - <%= t scope, scope: [:doorkeeper, :scopes] %>
17 | <% end %>
18 |
19 |
23 | <%= form_tag oauth_authorization_path, method: :post do %>
24 | <%= hidden_field_tag :client_id, @pre_auth.client.uid, id: nil %>
25 | <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri, id: nil %>
26 | <%= hidden_field_tag :state, @pre_auth.state, id: nil %>
27 | <%= hidden_field_tag :response_type, @pre_auth.response_type, id: nil %>
28 | <%= hidden_field_tag :response_mode, @pre_auth.response_mode, id: nil %>
29 | <%= hidden_field_tag :scope, @pre_auth.scope, id: nil %>
30 | <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge, id: nil %>
31 | <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method, id: nil %>
32 | <%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
33 | <% end %>
34 | <%= form_tag oauth_authorization_path, method: :delete do %>
35 | <%= hidden_field_tag :client_id, @pre_auth.client.uid, id: nil %>
36 | <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri, id: nil %>
37 | <%= hidden_field_tag :state, @pre_auth.state, id: nil %>
38 | <%= hidden_field_tag :response_type, @pre_auth.response_type, id: nil %>
39 | <%= hidden_field_tag :response_mode, @pre_auth.response_mode, id: nil %>
40 | <%= hidden_field_tag :scope, @pre_auth.scope, id: nil %>
41 | <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge, id: nil %>
42 | <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method, id: nil %>
43 | <%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
44 | <% end %>
45 |
46 |
47 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/authorizations/show.html.erb:
--------------------------------------------------------------------------------
1 |
4 |
5 |
6 | <%= params[:code] %>
7 |
8 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/authorized_applications/_delete_form.html.erb:
--------------------------------------------------------------------------------
1 | <%- submit_btn_css ||= 'btn btn-link' %>
2 | <%= form_tag oauth_authorized_application_path(application), method: :delete do %>
3 | <%= submit_tag t('doorkeeper.authorized_applications.buttons.revoke'), onclick: "return confirm('#{ t('doorkeeper.authorized_applications.confirmations.revoke') }')", class: submit_btn_css %>
4 | <% end %>
5 |
--------------------------------------------------------------------------------
/app/views/doorkeeper/authorized_applications/index.html.erb:
--------------------------------------------------------------------------------
1 |
4 |
5 |
6 |
7 |
8 |
9 | | <%= t('doorkeeper.authorized_applications.index.application') %> |
10 | <%= t('doorkeeper.authorized_applications.index.created_at') %> |
11 | |
12 |
13 |
14 |
15 | <% @applications.each do |application| %>
16 |
17 | | <%= application.name %> |
18 | <%= application.created_at.strftime(t('doorkeeper.authorized_applications.index.date_format')) %> |
19 | <%= render 'delete_form', application: application %> |
20 |
21 | <% end %>
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/app/views/layouts/doorkeeper/admin.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | <%= t('doorkeeper.layouts.admin.title') %>
8 | <%= stylesheet_link_tag "doorkeeper/admin/application" %>
9 | <%= csrf_meta_tags %>
10 |
11 |
12 |
28 |
29 |
30 | <%- if flash[:notice].present? %>
31 |
32 | <%= flash[:notice] %>
33 |
34 | <% end -%>
35 |
36 | <%= yield %>
37 |
14 | <%- if flash[:notice].present? %>
15 |
16 | <%= flash[:notice] %>
17 |
18 | <% end -%>
19 |
20 | <%= yield %>
21 |