From 9e6ae7e06d537835cff63413a2daa8bbdd3e7595 Mon Sep 17 00:00:00 2001 From: Aditya Prakash Date: Thu, 29 Sep 2016 16:27:24 +0530 Subject: [PATCH 1/3] Remove doorkeeper from schema --- ...20160929104437_remove_doorkeeper_tables.rb | 48 +++++++++++++++++++ db/schema.rb | 44 +---------------- 2 files changed, 50 insertions(+), 42 deletions(-) create mode 100644 db/migrate/20160929104437_remove_doorkeeper_tables.rb diff --git a/db/migrate/20160929104437_remove_doorkeeper_tables.rb b/db/migrate/20160929104437_remove_doorkeeper_tables.rb new file mode 100644 index 00000000000..9c3e07a446d --- /dev/null +++ b/db/migrate/20160929104437_remove_doorkeeper_tables.rb @@ -0,0 +1,48 @@ +class RemoveDoorkeeperTables < ActiveRecord::Migration + def up + drop_table :oauth_applications + drop_table :oauth_access_grants + drop_table :oauth_access_tokens + end + + def down + create_table :oauth_applications do |t| + t.string :name, null: false + t.string :uid, null: false + t.string :secret, null: false + t.text :redirect_uri, null: false + t.string :scopes, null: false, default: '' + t.timestamps + end + + add_index :oauth_applications, :uid, unique: true + + create_table :oauth_access_grants do |t| + t.integer :resource_owner_id, null: false + t.integer :application_id, null: false + t.string :token, null: false + t.integer :expires_in, null: false + t.text :redirect_uri, null: false + t.datetime :created_at, null: false + t.datetime :revoked_at + t.string :scopes + end + + add_index :oauth_access_grants, :token, unique: true + + create_table :oauth_access_tokens do |t| + t.integer :resource_owner_id + t.integer :application_id + t.string :token, null: false + t.string :refresh_token + t.integer :expires_in + t.datetime :revoked_at + t.datetime :created_at, null: false + t.string :scopes + end + + add_index :oauth_access_tokens, :token, unique: true + add_index :oauth_access_tokens, :resource_owner_id + add_index :oauth_access_tokens, :refresh_token, unique: true + end +end diff --git a/db/schema.rb b/db/schema.rb index 3abf2e074f9..9b783a4bf3a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20160810082821) do +ActiveRecord::Schema.define(version: 20160929104437) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -97,46 +97,6 @@ add_index "log_tickets", ["directory", "key"], name: "index_log_tickets_on_directory_and_key", unique: true, using: :btree - create_table "oauth_access_grants", force: :cascade do |t| - t.integer "resource_owner_id", null: false - t.integer "application_id", null: false - t.string "token", null: false - t.integer "expires_in", null: false - t.text "redirect_uri", null: false - t.datetime "created_at", null: false - t.datetime "revoked_at" - t.string "scopes" - end - - add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true, using: :btree - - create_table "oauth_access_tokens", force: :cascade do |t| - t.integer "resource_owner_id" - t.integer "application_id" - t.string "token", null: false - t.string "refresh_token" - t.integer "expires_in" - t.datetime "revoked_at" - t.datetime "created_at", null: false - t.string "scopes" - end - - add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true, using: :btree - add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id", using: :btree - add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true, using: :btree - - create_table "oauth_applications", force: :cascade do |t| - t.string "name", null: false - t.string "uid", null: false - t.string "secret", null: false - t.text "redirect_uri", null: false - t.string "scopes", default: "", null: false - t.datetime "created_at" - t.datetime "updated_at" - end - - add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true, using: :btree - create_table "ownerships", force: :cascade do |t| t.integer "rubygem_id" t.integer "user_id" @@ -213,9 +173,9 @@ t.string "required_ruby_version" t.string "sha256" t.hstore "metadata", default: {}, null: false + t.datetime "yanked_at" t.string "required_rubygems_version" t.string "info_checksum" - t.datetime "yanked_at" t.string "yanked_info_checksum" end From dae29732d1ff67be8afd91b4488ae796996edddd Mon Sep 17 00:00:00 2001 From: Aditya Prakash Date: Thu, 29 Sep 2016 16:29:14 +0530 Subject: [PATCH 2/3] Remove doorkeeper from Gemfile and bundle --- Gemfile | 1 - Gemfile.lock | 3 --- 2 files changed, 4 deletions(-) diff --git a/Gemfile b/Gemfile index 2b589c1874d..a71905567c9 100644 --- a/Gemfile +++ b/Gemfile @@ -16,7 +16,6 @@ gem 'daemons' gem 'dalli' gem 'delayed_job' gem 'delayed_job_active_record' -gem 'doorkeeper' gem 'dynamic_form' gem 'gchartrb', require: 'google_chart' gem 'gravtastic' diff --git a/Gemfile.lock b/Gemfile.lock index 9c8e9e49b71..e500bf2676c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -109,8 +109,6 @@ GEM delayed_job (>= 3.0, < 5) domain_name (0.5.20160615) unf (>= 0.0.5, < 1.0.0) - doorkeeper (3.1.0) - railties (>= 3.2) dynamic_form (1.1.4) elasticsearch (1.0.18) elasticsearch-api (= 1.0.18) @@ -304,7 +302,6 @@ DEPENDENCIES dalli delayed_job delayed_job_active_record - doorkeeper dynamic_form elasticsearch-dsl (~> 0.1.2) elasticsearch-model (~> 0.1.7) From a561aa567d47341973e3ae30928fca615e2b380f Mon Sep 17 00:00:00 2001 From: Aditya Prakash Date: Thu, 29 Sep 2016 16:47:40 +0530 Subject: [PATCH 3/3] Remove doorkeeper from codebase --- app/controllers/api/base_controller.rb | 6 -- config/admins.yml | 15 --- config/initializers/admins.rb | 4 - config/initializers/doorkeeper.rb | 36 ------- config/locales/doorkeeper.en.yml | 123 ------------------------ config/locales/es.yml | 102 -------------------- config/routes.rb | 2 - test/factories.rb | 12 --- test/integration/authentication_test.rb | 46 --------- test/integration/oauth_test.rb | 85 ---------------- 10 files changed, 431 deletions(-) delete mode 100644 config/admins.yml delete mode 100644 config/initializers/admins.rb delete mode 100644 config/initializers/doorkeeper.rb delete mode 100644 config/locales/doorkeeper.en.yml delete mode 100644 test/integration/authentication_test.rb delete mode 100644 test/integration/oauth_test.rb diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 7b83ff5e595..ee57f4f8a65 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -1,14 +1,8 @@ class Api::BaseController < ApplicationController - before_action :doorkeeper_authorize!, if: :doorkeeper_token - before_action :authenticate_with_oauth, if: :doorkeeper_token skip_before_action :require_ssl private - def authenticate_with_oauth - sign_in User.find_by_id(doorkeeper_token.resource_owner_id) - end - def find_rubygem_by_name @url = params[:url] @gem_name = params[:gem_name] || params[:rubygem_name] diff --git a/config/admins.yml b/config/admins.yml deleted file mode 100644 index f435ce1fd27..00000000000 --- a/config/admins.yml +++ /dev/null @@ -1,15 +0,0 @@ -development: &DEVELOPMENT - emails: - - nick@example.com - -test: &TEST - <<: *DEVELOPMENT - -staging: &STAGING - emails: - - nick@quaran.to - - radcliffe.david@gmail.com - - dev@benjaminfleischer.com - -production: - <<: *STAGING diff --git a/config/initializers/admins.rb b/config/initializers/admins.rb deleted file mode 100644 index 16543e82958..00000000000 --- a/config/initializers/admins.rb +++ /dev/null @@ -1,4 +0,0 @@ -module Gemcutter - mattr_accessor :admins - self.admins = Application.config_for("admins")["emails"] -end diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb deleted file mode 100644 index 36514193d14..00000000000 --- a/config/initializers/doorkeeper.rb +++ /dev/null @@ -1,36 +0,0 @@ -Doorkeeper.configure do - orm :active_record - - resource_owner_authenticator do - clearance_session = env[:clearance] # session = Clearance::Session.new(env) - user = clearance_session && clearance_session.current_user - - if user - user - else - session[:return_to] = request.fullpath - redirect_to(sign_in_url) - end - end - - admin_authenticator do - user = authenticate_resource_owner! - raise(Doorkeeper::Errors::DoorkeeperError, 'Not an admin') unless Gemcutter.admins.include? user.try(:email) - user - end - - default_scopes :public - - access_token_methods :from_bearer_authorization - - native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob' - - force_ssl_in_redirect_uri Rails.application.config.force_ssl - - grant_flows %w(authorization_code) - - # All applications are trusted! - skip_authorization do - true - end -end diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml deleted file mode 100644 index 7d2d215da72..00000000000 --- a/config/locales/doorkeeper.en.yml +++ /dev/null @@ -1,123 +0,0 @@ -en: - activerecord: - attributes: - doorkeeper/application: - name: 'Name' - redirect_uri: 'Redirect URI' - errors: - models: - doorkeeper/application: - attributes: - redirect_uri: - fragment_present: 'cannot contain a fragment.' - invalid_uri: 'must be a valid URI.' - relative_uri: 'must be an absolute URI.' - secured_uri: 'must be an HTTPS/SSL URI.' - - doorkeeper: - applications: - confirmations: - destroy: 'Are you sure?' - buttons: - edit: 'Edit' - destroy: 'Destroy' - submit: 'Submit' - cancel: 'Cancel' - authorize: 'Authorize' - form: - error: 'Whoops! Check your form for possible errors' - help: - redirect_uri: 'Use one line per URI' - native_redirect_uri: 'Use %{native_redirect_uri} for local tests' - scopes: 'Separate scopes with spaces. Leave blank to use the default scopes.' - edit: - title: 'Edit application' - index: - title: 'Your applications' - new: 'New Application' - name: 'Name' - callback_url: 'Callback URL' - new: - title: 'New Application' - show: - title: 'Application: %{name}' - application_id: 'Application Id' - secret: 'Secret' - scopes: 'Scopes' - callback_urls: 'Callback urls' - actions: 'Actions' - - authorizations: - buttons: - authorize: 'Authorize' - deny: 'Deny' - error: - title: 'An error has occurred' - new: - title: 'Authorization required' - prompt: 'Authorize %{client_name} to use your account?' - able_to: 'This application will be able to' - show: - title: 'Authorization code' - - authorized_applications: - confirmations: - revoke: 'Are you sure?' - buttons: - revoke: 'Revoke' - index: - title: 'Your authorized applications' - application: 'Application' - created_at: 'Created At' - date_format: '%Y-%m-%d %H:%M:%S' - - errors: - messages: - # Common error messages - invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.' - invalid_redirect_uri: 'The redirect uri included is not valid.' - unauthorized_client: 'The client is not authorized to perform this request using this method.' - access_denied: 'The resource owner or authorization server denied the request.' - invalid_scope: 'The requested scope is invalid, unknown, or malformed.' - server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.' - temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.' - - #configuration error messages - credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.' - resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.' - - # Access grant errors - unsupported_response_type: 'The authorization server does not support this response type.' - - # Access token errors - invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.' - invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.' - unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.' - - # Password Access token errors - invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found' - - invalid_token: - revoked: "The access token was revoked" - expired: "The access token expired" - unknown: "The access token is invalid" - - flash: - applications: - create: - notice: 'Application created.' - destroy: - notice: 'Application deleted.' - update: - notice: 'Application updated.' - authorized_applications: - destroy: - notice: 'Application revoked.' - - layouts: - admin: - nav: - oauth2_provider: 'OAuth2 Provider' - applications: 'Applications' - application: - title: 'OAuth authorization required' diff --git a/config/locales/es.yml b/config/locales/es.yml index 836c166f6a8..7b8fd7a8535 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -1,9 +1,6 @@ es: activerecord: attributes: - doorkeeper/application: - name: Nombre - redirect_uri: linkset: bugs: URL del registro de Bugs code: URL del código fuente @@ -22,13 +19,6 @@ es: messages: record_invalid: models: - doorkeeper/application: - attributes: - redirect_uri: - fragment_present: no puede contener un fragmento. - invalid_uri: tiene que tener un URI válido. - relative_uri: tiene que tener un URI absoluto. - secured_uri: el URI tiene que ser HTTPS/SSL. template: body: header: @@ -43,98 +33,6 @@ es: my_subscriptions: Subscripciones no_owned: Aún no has registrado ninguna gema. Tal vez puedes revisar las guías para %{creating_link} una gema o %{migrating_link} una gema de RubyForge. no_subscriptions: Aún no te has subscrito a ningua gema. ¡Visita la %{gem_link} para subscribirte! - doorkeeper: - applications: - buttons: - authorize: Autorizar - cancel: Cancelar - destroy: Destruir - edit: Editar - submit: Enviar - confirmations: - destroy: "¿Estás seguro?" - edit: - title: Editar aplicación - form: - error: Ups! Checa la forma por posible errores - help: - native_redirect_uri: Usa %{native_redirect_uri} para pruebas locales - redirect_uri: Use una línea por URI - scopes: - index: - callback_url: - name: Nombre - new: Nueva Aplicación - title: Tus aplicaciones - new: - title: Nueva Aplicación - show: - actions: Acciones - application_id: - callback_urls: - scopes: - secret: Secreto - title: 'Aplicación: %{name}' - authorizations: - buttons: - authorize: Autorizar - deny: Denegar - error: - title: Un error ha ocurrido - new: - able_to: Esta aplicación podrá - prompt: "¿Autorizas a %{client_name} a usar tu cuenta?" - title: Autorización requerida - show: - title: Código de autorización - authorized_applications: - buttons: - revoke: Revocar - confirmations: - revoke: "¿Estás seguro?" - index: - application: Aplicación - created_at: Creado a las - date_format: "%Y-%m-%d %H:%M:%S" - title: Tus aplicaciones autorizadas - errors: - messages: - access_denied: El dueño de los recursos o el servidor de autorización ha denegado la solicitud. - credential_flow_not_configured: - invalid_client: - invalid_grant: - invalid_redirect_uri: - invalid_request: - invalid_resource_owner: Las credenciales del dueño del recurso que proveíste son invalidas o el dueño no se pudo encontrar - invalid_scope: - invalid_token: - expired: El token de acceso a expirado - revoked: El token de acceso fue revocado - unknown: El token de acceso es invalido - resource_owner_authenticator_not_configured: - server_error: El servidor de autorización ha encontrado una condición inesperada que le impidió cumplir con la solicitud. - temporarily_unavailable: El servidor de autorización no pudo manejar la solicitud debido a una sobrecarga temporal o mantenimiento al servidor. - unauthorized_client: El cliente no está autorizado para realizar esta solicitud utilizando este método. - unsupported_grant_type: - unsupported_response_type: El servidor de autorización no soporta este tipo de respuesta. - flash: - applications: - create: - notice: Aplicación creada. - destroy: - notice: Aplicación borrada. - update: - notice: Aplicación actualizada. - authorized_applications: - destroy: - notice: Aplicación revocada. - layouts: - admin: - nav: - applications: Aplicaciones - oauth2_provider: Provedor OAuth2 - application: - title: Autorización OAuth es requerida download_count: edit: Editar feed_latest: RubyGems.org | Gemas Nuevas diff --git a/config/routes.rb b/config/routes.rb index 2e6fce4b3b8..a72655ac9ea 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -160,8 +160,6 @@ get 'revision' => 'ping#revision' end - use_doorkeeper scope: 'oauth' - unless Clearance.configuration.allow_sign_up? get '/sign_up' => 'users#disabled_signup' end diff --git a/test/factories.rb b/test/factories.rb index f3655e00fc4..4740606b4a6 100644 --- a/test/factories.rb +++ b/test/factories.rb @@ -120,18 +120,6 @@ end end - factory :oauth_application, class: Doorkeeper::Application do - name "Adoption Center" - redirect_uri "https://example.org/auth" - scopes "public" - end - - factory :oauth_access_token, class: Doorkeeper::AccessToken do - association :application, factory: :oauth_application - expires_in 90.days.from_now - scopes "public" - end - factory :gem_download do rubygem_id 0 version_id 0 diff --git a/test/integration/authentication_test.rb b/test/integration/authentication_test.rb deleted file mode 100644 index e8b4f459533..00000000000 --- a/test/integration/authentication_test.rb +++ /dev/null @@ -1,46 +0,0 @@ -require 'test_helper' - -class AuthenticationTest < ActionDispatch::IntegrationTest - setup do - @user = create(:user) - end - - test "supply no credentials to a protected resource" do - authenticate - assert_response :unauthorized - end - - test "use an Oauth access token" do - access = create(:oauth_access_token, resource_owner_id: @user.id) - authenticate "Bearer #{access.token}" - assert_response :success - end - - test "use an invalid Oauth access token" do - authenticate "Bearer deadbeef" - assert_response :unauthorized - end - - test "use an access token connected to an non-existent user" do - @user.destroy - access = create(:oauth_access_token, resource_owner_id: @user.id) - authenticate "Bearer #{access.token}" - assert_response :unauthorized - end - - test "use Authorization header with API key" do - authenticate @user.api_key - assert_response :success - end - - test "use Authorization header without valid API key" do - authenticate "deadbeef" - assert_response :unauthorized - end - - private - - def authenticate(authorization = "") - get api_v1_rubygems_path(format: :json), {}, "HTTP_AUTHORIZATION" => authorization - end -end diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb deleted file mode 100644 index 2ba0149c90f..00000000000 --- a/test/integration/oauth_test.rb +++ /dev/null @@ -1,85 +0,0 @@ -require 'test_helper' - -class OauthTest < SystemTest - setup do - ensure_site_host_setup - end - - test "admin users may create applications" do - user = create(:user, email: Gemcutter.admins.first, password: "secret12345", handle: "nick1") - sign_in(user) - - oauth_path = url_helpers.new_oauth_application_path - params = {} - full_path = build_path(oauth_path, params) - visit full_path - - assert_equal request.path, oauth_path - - app = Doorkeeper::Application.find_by(name: "New App") - assert_equal app, nil - form = find("#new_doorkeeper_application") - within form do - fill_in "doorkeeper_application[name]", with: "New App" - fill_in "doorkeeper_application[redirect_uri]", with: "urn:ietf:wg:oauth:2.0:oob" - click_button "Submit" - end - - assert_equal response.status, 200 - app = Doorkeeper::Application.find_by(name: "New App") - refute_equal app, nil - - assert_equal find("div.alert").text, I18n.t("doorkeeper.flash.applications.create")[:notice] - assert_equal find("code#application_id").text, app.uid - assert_equal find("code#secret").text, app.secret - assert page.has_content?(app.redirect_uri) - end - - test "non-admin users may not create applications" do - sign_in(create(:user)) - - oauth_path = url_helpers.new_oauth_application_path - params = {} - full_path = build_path(oauth_path, params) - - assert_raise Doorkeeper::Errors::DoorkeeperError do - visit full_path - end - end - - private - - def sign_in(user) - visit sign_in_path - fill_in "Email or Handle", with: user.reload.email - fill_in "Password", with: user.password - click_button "Sign in" - end - - def url_helpers - @url_helpers ||= Rails.application.routes.url_helpers - end - - def build_query_params(params) - Rack::Utils.build_query(params) - end - - # Will blow up if any input doesn't reduce to a string - def build_path(path, params) - path + "?" + build_query_params(params) - end - - def request - page.driver.request - end - - def response - page.driver.response - end - - # TODO: move to config/environments/test.rb - def ensure_site_host_setup - @site_host = "localhost:3000" - @site_host = Rails.application.routes.default_url_options[:host] ||= @site_host - end -end