Merge pull request #1572 from dbussink/custom-application-secret-gene…

…rator

Add support for configuring a custom application secret generator

lib/doorkeeper/config.rb

@@ -387,11 +387,20 @@ def configure_secrets_for(type, using:, fallback:)
     option :access_token_generator,
            default: "Doorkeeper::OAuth::Helpers::UniqueToken"
 
+    # Use a custom class for generating the application secret.
+    # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-application-secret-generator
+    #
+    # @param application_secret_generator [String]
+    #   the name of the application secret generator class
+    #
+    option :application_secret_generator,
+           default: "Doorkeeper::OAuth::Helpers::UniqueToken"
+
     # Default access token generator is a SecureRandom class from Ruby stdlib.
     # This option defines which method will be used to generate a unique token value.
     #
-    # @param access_token_generator [String]
-    #   the name of the access token generator class
+    # @param default_generator_method [Symbol]
+    #   the method name of the default access token generator
     #
     option :default_generator_method, default: :urlsafe_base64
 

lib/doorkeeper/orm/active_record/mixins/application.rb

@@ -48,7 +48,7 @@ module Application
       # @return [String] new transformed secret value
       #
       def renew_secret
-        @raw_secret = Doorkeeper::OAuth::Helpers::UniqueToken.generate
+        @raw_secret = secret_generator.generate
         secret_strategy.store_secret(self, :secret, @raw_secret)
       end
 
@@ -106,6 +106,17 @@ def read_attribute_for_serialization(key)
 
       private
 
+      def secret_generator
+        generator_name = Doorkeeper.config.application_secret_generator
+        generator = generator_name.constantize
+
+        return generator if generator.respond_to?(:generate)
+
+        raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
+      rescue NameError
+        raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
+      end
+
       def generate_uid
         self.uid = Doorkeeper::OAuth::Helpers::UniqueToken.generate if uid.blank?
       end

spec/lib/config_spec.rb

@@ -517,6 +517,22 @@
     end
   end
 
+  describe "application_secret_generator" do
+    it "is 'Doorkeeper::OAuth::Helpers::UniqueToken' by default" do
+      expect(Doorkeeper.configuration.application_secret_generator).to(
+        eq("Doorkeeper::OAuth::Helpers::UniqueToken"),
+      )
+    end
+
+    it "can change the value" do
+      Doorkeeper.configure do
+        orm DOORKEEPER_ORM
+        application_secret_generator "Example"
+      end
+      expect(config.application_secret_generator).to eq("Example")
+    end
+  end
+
   describe "default_generator_method" do
     it "is :urlsafe_base64 by default" do
       expect(Doorkeeper.configuration.default_generator_method)

spec/models/doorkeeper/application_spec.rb

@@ -86,6 +86,23 @@
     expect(new_application).not_to be_valid
   end
 
+  it "generates a secret using a custom object" do
+    module CustomGeneratorArgs
+      def self.generate
+        "custom_application_secret"
+      end
+    end
+
+    Doorkeeper.configure do
+      orm DOORKEEPER_ORM
+      application_secret_generator "CustomGeneratorArgs"
+    end
+
+    expect(new_application.secret).to be_nil
+    new_application.save
+    expect(new_application.secret).to eq("custom_application_secret")
+  end
+
   context "when application_owner is enabled" do
     let(:new_application) { FactoryBot.build(:application_with_owner) }