From 463d5dd4d5eee9fdc62cf95a4c1f227e399aabb2 Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Fri, 11 Apr 2025 22:10:03 +0200
Subject: [PATCH] Try to fix the usage of doorkeeper configuration

---
 app/models/session_activation.rb              | 20 ++++++++++++++-----
 app/models/user.rb                            | 10 ++++++----
 app/services/app_sign_up_service.rb           | 12 ++++++-----
 config/initializers/doorkeeper.rb             |  4 ++++
 .../oauth/authorizations_controller_spec.rb   | 17 +++++++++++-----
 5 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/app/models/session_activation.rb b/app/models/session_activation.rb
index d99ecf8adba..af686a0a740 100644
--- a/app/models/session_activation.rb
+++ b/app/models/session_activation.rb
@@ -65,12 +65,22 @@ class SessionActivation < ApplicationRecord
   end
 
   def access_token_attributes
+    app = Doorkeeper::Application.find_by(superapp: true)
+    scopes = Doorkeeper::OAuth::Scopes.from_array(DEFAULT_SCOPES)
+
+    context = Doorkeeper::OAuth::Authorization::Token.build_context(
+      app,
+      Doorkeeper::OAuth::AUTHORIZATION_CODE,
+      scopes,
+      user_id
+    )
+
     {
-      application_id: Doorkeeper::Application.find_by(superapp: true)&.id,
-      resource_owner_id: user_id,
-      scopes: DEFAULT_SCOPES.join(' '),
-      expires_in: Doorkeeper.configuration.access_token_expires_in,
-      use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?,
+      application_id: context.client,
+      resource_owner_id: context.resource_owner,
+      scopes: context.scopes,
+      expires_in: Doorkeeper::OAuth::Authorization::Token.access_token_expires_in(Doorkeeper.config, context),
+      use_refresh_token: Doorkeeper::OAuth::Authorization::Token.refresh_token_enabled?(Doorkeeper.config, context),
     }
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 72f7490043f..3de3974befa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -310,10 +310,12 @@ class User < ApplicationRecord
   def token_for_app(app)
     return nil if app.nil? || app.owner != self
 
-    Doorkeeper::AccessToken.find_or_create_by(application_id: app.id, resource_owner_id: id) do |t|
-      t.scopes            = app.scopes
-      t.expires_in        = Doorkeeper.configuration.access_token_expires_in
-      t.use_refresh_token = Doorkeeper.configuration.refresh_token_enabled?
+    context = Doorkeeper::OAuth::Authorization::Token.build_context(app, Doorkeeper::OAuth::AUTHORIZATION_CODE, app.scopes, app.owner)
+
+    Doorkeeper::AccessToken.find_or_create_by(application_id: context.client.id, resource_owner_id: context.resource_owner.id) do |t|
+      t.scopes            = context.scopes
+      t.expires_in        = Doorkeeper::OAuth::Authorization::Token.access_token_expires_in(Doorkeeper.config, context)
+      t.use_refresh_token = Doorkeeper::OAuth::Authorization::Token.refresh_token_enabled?(Doorkeeper.config, context)
     end
   end
 
diff --git a/app/services/app_sign_up_service.rb b/app/services/app_sign_up_service.rb
index a4399efd65a..a53c143e288 100644
--- a/app/services/app_sign_up_service.rb
+++ b/app/services/app_sign_up_service.rb
@@ -27,12 +27,14 @@ class AppSignUpService < BaseService
   end
 
   def create_access_token!
+    context = Doorkeeper::OAuth::Authorization::Token.build_context(@app, Doorkeeper::OAuth::AUTHORIZATION_CODE, @app.scopes, @user.id)
+
     @access_token = Doorkeeper::AccessToken.create!(
-      application: @app,
-      resource_owner_id: @user.id,
-      scopes: @app.scopes,
-      expires_in: Doorkeeper.configuration.access_token_expires_in,
-      use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?
+      application: context.client,
+      resource_owner_id: context.resource_owner,
+      scopes: context.scopes,
+      expires_in: Doorkeeper::OAuth::Authorization::Token.access_token_expires_in(Doorkeeper.config, context),
+      use_refresh_token: Doorkeeper::OAuth::Authorization::Token.refresh_token_enabled?(Doorkeeper.config, context)
     )
   end
 
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 25ddee4659e..ce4d93b837c 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -45,6 +45,10 @@ Doorkeeper.configure do
     end
   end
 
+  use_refresh_token do |context|
+    context.scopes.exists?('offline_access')
+  end
+
   # Use a custom class for generating the access token.
   # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
   # access_token_generator "::Doorkeeper::JWT"
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index cfc80b86503..b9e2b64c379 100644
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -30,12 +30,19 @@ RSpec.describe Oauth::AuthorizationsController do
 
       context 'when app is already authorized' do
         before do
+          context = Doorkeeper::OAuth::Authorization::Token.build_context(
+            app,
+            Doorkeeper::OAuth::AUTHORIZATION_CODE,
+            app.scopes,
+            user.id
+          )
+
           Doorkeeper::AccessToken.find_or_create_for(
-            application: app,
-            resource_owner: user.id,
-            scopes: app.scopes,
-            expires_in: Doorkeeper.configuration.access_token_expires_in,
-            use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?
+            application: context.client,
+            resource_owner: context.resource_owner,
+            scopes: context.scopes,
+            expires_in: Doorkeeper::OAuth::Authorization::Token.access_token_expires_in(Doorkeeper.config, context),
+            use_refresh_token: Doorkeeper::OAuth::Authorization::Token.refresh_token_enabled?(Doorkeeper.config, context)
           )
         end