feature/ doorkeeper integration with devise

Gemfile

@@ -26,6 +26,7 @@ gem 'thor', '0.19.1'
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
 gem 'jbuilder', '~> 1.2'
 gem 'devise'
+gem 'doorkeeper', '2.0'
 group :doc do
   # bundle exec rake doc:rails generates the API under doc/api.
   gem 'sdoc', require: false
@@ -46,4 +47,5 @@ gem 'remotipart', '~> 1.2'
 gem 'friendly_numbers'
 gem 'cancancan', '~> 1.17'
 gem 'rack-cors'
-gem 'active_model_serializers', '~> 0.10.0'
+gem 'active_model_serializers', '~> 0.10.0'
+gem 'foreigner'

Gemfile.lock

@@ -50,21 +50,25 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.2.0)
+    concurrent-ruby (1.2.2)
     devise (3.5.10)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
       responders
       thread_safe (~> 0.1)
       warden (~> 1.2.3)
+    doorkeeper (2.0.0)
+      railties (>= 3.1)
     erubis (2.7.0)
     execjs (2.8.1)
     ffi (1.15.5)
     font-awesome-rails (4.7.0.8)
       railties (>= 3.2, < 8.0)
     font-awesome-sass (6.2.1)
       sassc (~> 2.0)
+    foreigner (1.7.4)
+      activerecord (>= 3.0.0)
     friendly_numbers (0.6.0)
     hike (1.2.3)
     i18n (0.9.5)
@@ -84,7 +88,7 @@ GEM
     method_source (0.8.2)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
+    mime-types-data (3.2023.0218.1)
     mini_mime (1.1.2)
     minitest (4.7.5)
     multi_json (1.15.0)
@@ -95,7 +99,7 @@ GEM
       cocaine (~> 0.5.3)
       mime-types
     parallel (1.19.2)
-    parser (3.2.0.0)
+    parser (3.2.1.0)
       ast (~> 2.4.1)
     popper_js (1.12.9)
     pry (0.10.4)
@@ -143,7 +147,7 @@ GEM
       activesupport
       rack (>= 1.1)
       rubocop (>= 0.72.0)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.12.0)
     sass (3.2.19)
     sass-rails (4.0.5)
       railties (>= 4.0.0, < 5.0)
@@ -152,7 +156,7 @@ GEM
       sprockets-rails (~> 2.0)
     sassc (2.4.0)
       ffi (~> 1.9)
-    sdoc (2.6.0)
+    sdoc (2.6.1)
       rdoc (>= 5.0)
     slop (3.6.0)
     spring (1.7.2)
@@ -191,9 +195,11 @@ DEPENDENCIES
   cancancan (~> 1.17)
   coffee-rails (~> 4.0.0)
   devise
+  doorkeeper (= 2.0)
   ffi (~> 1.9, >= 1.9.10)
   font-awesome-rails
   font-awesome-sass (~> 6.2.1)
+  foreigner
   friendly_numbers
   jbuilder (~> 1.2)
   jquery-rails

app/controllers/api/v1/board_sections_controller.rb

@@ -3,6 +3,7 @@
 module Api
   module V1
     class BoardSectionsController < ActionController::Base
+      before_action :doorkeeper_authorize!
       before_action :set_board_section_object, only: %i[show edit update delete]
       before_action :set_board_object, only: %i[create]
 

app/controllers/api/v1/boards_controller.rb

@@ -3,8 +3,9 @@
 module Api
   module V1
     class BoardsController < ActionController::Base
+      before_action :doorkeeper_authorize!, unless: :user_signed_in?
       before_action :set_board_object, only: %i[show update destroy]
-      before_action :set_user_object, only: %i[create]
+      before_action :set_user_object, only: %i[create show]
 
       def index
         @boards = Board.all
@@ -48,8 +49,11 @@ def set_board_object
       end
 
       def set_user_object
-        @user = User.find_by(id: board_params[:user_id])
-        render json: {message: "User not found"}, status: :unprocessable_entity unless @user.present?
+        @current_user ||= if doorkeeper_token
+          User.find(doorkeeper_token.resource_owner_id)
+        else
+          warden.authenticate(scope: :user)
+        end
       end
 
       def board_params

app/controllers/api/v1/tasks_controller.rb

@@ -3,6 +3,7 @@
 module Api
   module V1
     class TasksController < ActionController::Base
+      before_action :doorkeeper_authorize!, unless: :user_signed_in?
       before_action :set_task, only: %i[show update destroy assign_task]
       before_action :set_board_section_object, only: %i[create]
       before_action :set_user, only: [:assign_task]
@@ -58,8 +59,11 @@ def set_task
       end
 
       def set_user
-        @user = User.find_by(id: params[:id])
-            render json: {message: "User not found"}, status: :unprocessable_entity unless @user.present?
+        @current_user ||= if doorkeeper_token
+          User.find(doorkeeper_token.resource_owner_id)
+        else
+          warden.authenticate(scope: :user)
+        end
       end
 
       def set_board_section_object

app/controllers/boards_controller.rb

@@ -1,6 +1,7 @@
 class BoardsController < ApplicationController
   before_action :set_board_object, only: %i[show edit update destroy]
 
+
   def index
     @boards = Board.all.page(params[:page])
   end
@@ -50,4 +51,5 @@ def board_params
   def set_board_object
     @board = Board.find(params[:id])
   end
+
 end

app/models/user.rb

@@ -1,10 +1,13 @@
 class User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
-  has_many :boards
-  has_many :assigned_tasks
-  has_many :tasks, through: :assigned_tasks
-  has_many :comments
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+  :recoverable, :rememberable, :validatable
+
+validates :email, format: URI::MailTo::EMAIL_REGEXP
+
+# the authenticate method from devise documentation
+def self.authenticate(email, password)
+user = User.find_for_authentication(email: email)
+user&.valid_password?(password) ? user : nil
+end
+
 end

app/views/boards/create.js.erb

@@ -1,2 +1,2 @@
 $('#add-new-task-modal').modal('toggle');
-$(".board-add").append("<%= escape_javascript render(:partial => 'boards/boards', :locals => {board: @board}) %>");
+$(".board-add").append("<%= escape_javascript render(:partial => 'boards/board', :locals => {board: @board}) %>");

config/initializers/cors.rb

@@ -0,0 +1,8 @@
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+    allow do
+      origins '*'
+      resource '*',
+        headers: :any,
+        methods: [:get, :post, :put, :patch, :delete, :options, :head]
+    end
+  end

config/initializers/doorkeeper.rb

@@ -0,0 +1,119 @@
+Doorkeeper.configure do
+  # Change the ORM that doorkeeper will use.
+  # Currently supported options are :active_record, :mongoid2, :mongoid3,
+  # :mongoid4, :mongo_mapper
+  orm :active_record
+  # This block will be called to check whether the resource owner is authenticated or not.
+  resource_owner_authenticator do
+    # fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
+    # Put your resource owner authentication logic here.
+    # Example implementation:
+    User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
+  end
+
+  # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
+  # admin_authenticator do
+  #   # Put your admin authentication logic here.
+  #   # Example implementation:
+  #   Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
+  # end
+
+  # Authorization Code expiration time (default 10 minutes).
+  # authorization_code_expires_in 10.minutes
+
+  # Access token expiration time (default 2 hours).
+  # If you want to disable expiration, set this to nil.
+  # access_token_expires_in 2.hours
+
+  # Assign a custom TTL for implicit grants.
+  # custom_access_token_expires_in do |oauth_client|
+  #   oauth_client.application.additional_settings.implicit_oauth_expiration
+  # end
+
+  # Use a custom class for generating the access token.
+  # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
+  # access_token_generator "::Doorkeeper::JWT"
+
+  # Reuse access token for the same resource owner within an application (disabled by default)
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
+  # reuse_access_token
+
+  # Issue access tokens with refresh token (disabled by default)
+  # use_refresh_token
+
+  # Provide support for an owner to be assigned to each registered application (disabled by default)
+  # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+  # a registered application
+  # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
+  # enable_application_owner :confirmation => false
+
+  # Define access token scopes for your provider
+  # For more information go to
+  # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+  # default_scopes  :public
+  # optional_scopes :write, :update
+
+  # Change the way client credentials are retrieved from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:client_id` and `:client_secret` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # client_credentials :from_basic, :from_params
+
+  # Change the way access token is authenticated from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+
+  # Change the native redirect uri for client apps
+  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+  #
+  # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
+
+  # Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
+  # by default in non-development environments). OAuth2 delegates security in
+  # communication to the HTTPS protocol so it is wise to keep this enabled.
+  #
+  # force_ssl_in_redirect_uri !Rails.env.development?
+
+  # Specify what grant flows are enabled in array of Strings. The valid
+  # strings and the flows they enable are:
+  #
+  # "authorization_code" => Authorization Code Grant Flow
+  # "implicit"           => Implicit Grant Flow
+  # "password"           => Resource Owner Password Credentials Grant Flow
+  # "client_credentials" => Client Credentials Grant Flow
+  #
+  # If not specified, Doorkeeper enables authorization_code and
+  # client_credentials.
+  #
+  # implicit and password grant flows have risks that you should understand
+  # before enabling:
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #
+  # grant_flows %w(authorization_code client_credentials)
+
+  # Under some circumstances you might want to have applications auto-approved,
+  # so that the user skips the authorization step.
+  # For example if dealing with a trusted application.
+  # skip_authorization do |resource_owner, client|
+  #   client.superapp? or resource_owner.admin?
+  # end
+
+  # WWW-Authenticate Realm (default "Doorkeeper").
+  # realm "Doorkeeper"
+  resource_owner_from_credentials do |_routes|
+    User.authenticate(params[:email], params[:password])
+  end
+
+  grant_flows %w(password)
+  skip_authorization do
+    true
+  end
+
+  use_refresh_token
+
+end