devise-doorkeeper 1.1.2.ci.123.1 → 1.1.2.ci.129.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/devise-doorkeeper.gemspec +3 -3
- data/lib/devise/doorkeeper/doorkeeper_failure_app.rb +14 -0
- data/lib/devise/doorkeeper/unconfirmed_resource_response.rb +19 -0
- data/lib/devise/strategies/doorkeeper.rb +11 -1
- data/spec/dummy/app/models/user.rb +5 -1
- data/spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb +11 -0
- data/spec/dummy/db/schema.rb +5 -1
- data/spec/factories/users.rb +5 -0
- data/spec/requests/oauth/bearer_tokens_spec.rb +37 -22
- data/spec/requests/oauth/password_grant_spec.rb +3 -3
- metadata +17 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 443328b2b197e80b47460a63a483fccde2204cbb32c9a2f113c8a5078dd71128
|
4
|
+
data.tar.gz: dbc5e6aa9e9d37f3d92e645d03aa1230190ad789e4ed95560603deed5696e91c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bee9e8edbcf6e3c3b481b934887c769eaea1fbcc4024bbfc3aaf90208c3617c80569cbc569768bd737295a7f409b81b888f7a1079feb3302d5dc39fff3e0e42a
|
7
|
+
data.tar.gz: 520f78f01c13c587c335a2d54395d44fce444b02805531a10ca8339aa49970aa66e648f0d983f708713a90ee0b68b844ecb52c7d1cf9c34320d3ba4eca31df74
|
data/devise-doorkeeper.gemspec
CHANGED
@@ -18,9 +18,9 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
19
|
spec.require_paths = ['lib']
|
20
20
|
|
21
|
-
spec.add_dependency 'rails'
|
22
|
-
spec.add_dependency 'devise'
|
23
|
-
spec.add_dependency 'doorkeeper'
|
21
|
+
spec.add_dependency 'rails'
|
22
|
+
spec.add_dependency 'devise'
|
23
|
+
spec.add_dependency 'doorkeeper'
|
24
24
|
|
25
25
|
spec.add_development_dependency 'bundler', '~> 2.2'
|
26
26
|
spec.add_development_dependency 'rspec-rails', '~> 4.0'
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'devise/strategies/doorkeeper'
|
2
|
+
require 'devise/doorkeeper/unconfirmed_resource_response'
|
2
3
|
|
3
4
|
module Devise
|
4
5
|
module Doorkeeper
|
@@ -6,6 +7,8 @@ module Devise
|
|
6
7
|
def respond
|
7
8
|
if oauth_error?
|
8
9
|
invalid_oauth_token
|
10
|
+
elsif unconfirmed_resource?
|
11
|
+
unconfirmed_resource
|
9
12
|
else
|
10
13
|
super
|
11
14
|
end
|
@@ -17,12 +20,23 @@ module Devise
|
|
17
20
|
warden_message == Devise::Strategies::Doorkeeper::WARDEN_INVALID_TOKEN_MESSAGE
|
18
21
|
end
|
19
22
|
|
23
|
+
def unconfirmed_resource?
|
24
|
+
warden_message == Devise::Strategies::Doorkeeper::WARDEN_UNCONFIRMED_RESOURCE_MESSAGE
|
25
|
+
end
|
26
|
+
|
20
27
|
def invalid_oauth_token
|
21
28
|
error = ::Doorkeeper::OAuth::InvalidTokenResponse.new
|
22
29
|
headers.merge! error.headers
|
23
30
|
self.response_body = error.body.to_json
|
24
31
|
self.status = error.status
|
25
32
|
end
|
33
|
+
|
34
|
+
def unconfirmed_resource
|
35
|
+
error = UnconfirmedResourceResponse.new
|
36
|
+
headers.merge! error.headers
|
37
|
+
self.response_body = error.body.to_json
|
38
|
+
self.status = error.status
|
39
|
+
end
|
26
40
|
end
|
27
41
|
end
|
28
42
|
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'devise/strategies/doorkeeper'
|
2
|
+
|
3
|
+
module Devise
|
4
|
+
module Doorkeeper
|
5
|
+
class UnconfirmedResourceResponse < ::Doorkeeper::OAuth::ErrorResponse
|
6
|
+
def initialize(attributes = {})
|
7
|
+
super(attributes.merge(name: :unconfirmed_resource, state: :locked))
|
8
|
+
end
|
9
|
+
|
10
|
+
def status
|
11
|
+
:locked
|
12
|
+
end
|
13
|
+
|
14
|
+
def exception_class
|
15
|
+
::Doorkeeper::Errors::DoorkeeperError
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -7,6 +7,7 @@ module Devise
|
|
7
7
|
module Strategies
|
8
8
|
class Doorkeeper < ::Devise::Strategies::Authenticatable
|
9
9
|
WARDEN_INVALID_TOKEN_MESSAGE = :invalid_token
|
10
|
+
WARDEN_UNCONFIRMED_RESOURCE_MESSAGE = :unconfirmed_resource
|
10
11
|
|
11
12
|
def valid?
|
12
13
|
credentials = ::Doorkeeper::OAuth::Token.from_request(request, *access_token_methods)
|
@@ -17,7 +18,11 @@ module Devise
|
|
17
18
|
resource = resource_from_token
|
18
19
|
if validate(resource)
|
19
20
|
request.env['devise.skip_trackable'] = true
|
20
|
-
|
21
|
+
if resource.active_for_authentication?
|
22
|
+
success!(resource)
|
23
|
+
else
|
24
|
+
unconfirmed_resource
|
25
|
+
end
|
21
26
|
else
|
22
27
|
invalid_token
|
23
28
|
end
|
@@ -48,6 +53,11 @@ module Devise
|
|
48
53
|
mapping.to.find(token.resource_owner_id)
|
49
54
|
end
|
50
55
|
|
56
|
+
def unconfirmed_resource
|
57
|
+
fail!(WARDEN_UNCONFIRMED_RESOURCE_MESSAGE)
|
58
|
+
throw :warden
|
59
|
+
end
|
60
|
+
|
51
61
|
def invalid_token
|
52
62
|
fail!(WARDEN_INVALID_TOKEN_MESSAGE)
|
53
63
|
throw :warden
|
@@ -2,6 +2,10 @@ class User < ActiveRecord::Base
|
|
2
2
|
# Include default devise modules. Others available are:
|
3
3
|
# :confirmable, :lockable, :timeoutable and :omniauthable
|
4
4
|
devise :database_authenticatable, :registerable,
|
5
|
-
:recoverable, :rememberable, :trackable, :validatable
|
5
|
+
:recoverable, :rememberable, :trackable, :validatable, :confirmable
|
6
6
|
devise :database_authenticatable, :doorkeeper
|
7
|
+
|
8
|
+
def send_confirmation_notification?
|
9
|
+
false
|
10
|
+
end
|
7
11
|
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class AddConfirmableFieldToUsers < ActiveRecord::Migration[5.0]
|
2
|
+
def change
|
3
|
+
change_table(:users) do |t|
|
4
|
+
## Confirmable
|
5
|
+
t.string :confirmation_token
|
6
|
+
t.datetime :confirmed_at
|
7
|
+
t.datetime :confirmation_sent_at
|
8
|
+
t.string :unconfirmed_email # Only if using reconfirmable
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
data/spec/dummy/db/schema.rb
CHANGED
@@ -10,7 +10,7 @@
|
|
10
10
|
#
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
12
12
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
13
|
+
ActiveRecord::Schema.define(version: 20210301204550) do
|
14
14
|
|
15
15
|
create_table "oauth_access_grants", force: :cascade do |t|
|
16
16
|
t.integer "resource_owner_id", null: false
|
@@ -63,6 +63,10 @@ ActiveRecord::Schema.define(version: 20210301163315) do
|
|
63
63
|
t.datetime "last_sign_in_at"
|
64
64
|
t.string "current_sign_in_ip"
|
65
65
|
t.string "last_sign_in_ip"
|
66
|
+
t.string "confirmation_token"
|
67
|
+
t.datetime "confirmed_at"
|
68
|
+
t.datetime "confirmation_sent_at"
|
69
|
+
t.string "unconfirmed_email"
|
66
70
|
t.index ["email"], name: "index_users_on_email", unique: true
|
67
71
|
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
|
68
72
|
end
|
data/spec/factories/users.rb
CHANGED
@@ -3,28 +3,43 @@ require 'rails_helper'
|
|
3
3
|
RSpec.describe 'OAuth bearer token requests', type: :request do
|
4
4
|
let(:request_path) { '/example.json' }
|
5
5
|
context 'with valid access token' do
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
6
|
+
context 'when user confirmed' do
|
7
|
+
let(:access_token) { create(:access_token) }
|
8
|
+
let(:headers) do
|
9
|
+
{
|
10
|
+
'Authorization' => "Bearer #{access_token.token}"
|
11
|
+
}
|
12
|
+
end
|
13
|
+
let(:params) { {} }
|
14
|
+
before do
|
15
|
+
@original_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
|
16
|
+
get request_path, params: params, headers: headers
|
17
|
+
end
|
18
|
+
it { expect(response.status).to eq 200 }
|
19
|
+
it 'does not send Set-Cookie headers' do
|
20
|
+
expect(response.headers).to_not include 'Set-Cookie'
|
21
|
+
end
|
22
|
+
it 'does not update the user last_signin_at timestamp' do
|
23
|
+
new_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
|
24
|
+
expect(new_timestamp).to eq @original_timestamp
|
25
|
+
end
|
20
26
|
end
|
21
|
-
|
22
|
-
|
23
|
-
|
27
|
+
context 'when user unconfirmed' do
|
28
|
+
let(:user) { create(:user, :when_unconfirmed) }
|
29
|
+
let(:access_token) { create(:access_token, resource_owner_id: user.id) }
|
30
|
+
let(:headers) do
|
31
|
+
{
|
32
|
+
'Authorization' => "Bearer #{access_token.token}"
|
33
|
+
}
|
34
|
+
end
|
35
|
+
before do
|
36
|
+
get request_path, headers: headers
|
37
|
+
end
|
38
|
+
it { expect(response.status).to eq 423 }
|
24
39
|
end
|
25
40
|
end
|
26
41
|
context 'with expired access token' do
|
27
|
-
|
42
|
+
let(:access_token) { create(:access_token, expires_in: 0) }
|
28
43
|
let(:headers) do
|
29
44
|
{
|
30
45
|
'Authorization' => "Bearer #{access_token.token}"
|
@@ -32,14 +47,14 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
32
47
|
end
|
33
48
|
let(:params) { {} }
|
34
49
|
before do
|
35
|
-
get request_path, params, headers
|
50
|
+
get request_path, params: params, headers: headers
|
36
51
|
end
|
37
52
|
it { expect(response.status).to eq 401 }
|
38
53
|
it { expect(response.headers['WWW-Authenticate']).to eq 'Bearer realm="DeviseDoorkeeperApp", error="invalid_token", error_description="The access token is invalid"' }
|
39
54
|
it { expect(response.body).to eq '{"error":"invalid_token","error_description":"The access token is invalid","state":"unauthorized"}' }
|
40
55
|
end
|
41
56
|
context 'with revoked access token' do
|
42
|
-
|
57
|
+
let(:access_token) { create(:access_token, revoked_at: 1.year.ago) }
|
43
58
|
let(:headers) do
|
44
59
|
{
|
45
60
|
'Authorization' => "Bearer #{access_token.token}"
|
@@ -47,7 +62,7 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
47
62
|
end
|
48
63
|
let(:params) { {} }
|
49
64
|
before do
|
50
|
-
get request_path, params, headers
|
65
|
+
get request_path, params: params, headers: headers
|
51
66
|
end
|
52
67
|
it { expect(response.status).to eq 401 }
|
53
68
|
end
|
@@ -60,7 +75,7 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
60
75
|
end
|
61
76
|
let(:params) { {} }
|
62
77
|
before do
|
63
|
-
get request_path, params, headers
|
78
|
+
get request_path, params: params, headers: headers
|
64
79
|
end
|
65
80
|
it { expect(response.status).to eq 401 }
|
66
81
|
end
|
@@ -23,7 +23,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
|
|
23
23
|
}.to_json
|
24
24
|
end
|
25
25
|
before do
|
26
|
-
post '/oauth/token', params, headers
|
26
|
+
post '/oauth/token', params: params, headers: headers
|
27
27
|
@new_token = Doorkeeper::AccessToken.last
|
28
28
|
end
|
29
29
|
it { expect(response.status).to eq 200 }
|
@@ -43,7 +43,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
|
|
43
43
|
end
|
44
44
|
let(:headers) { {} }
|
45
45
|
before do
|
46
|
-
post '/oauth/token', params, headers
|
46
|
+
post '/oauth/token', params: params, headers: headers
|
47
47
|
end
|
48
48
|
it { expect(response.status).to eq 400 }
|
49
49
|
end
|
@@ -61,7 +61,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
|
|
61
61
|
end
|
62
62
|
let(:headers) { {} }
|
63
63
|
before do
|
64
|
-
post '/oauth/token', params, headers
|
64
|
+
post '/oauth/token', params: params, headers: headers
|
65
65
|
end
|
66
66
|
it { expect(response.status).to eq 400 }
|
67
67
|
end
|
metadata
CHANGED
@@ -1,57 +1,57 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise-doorkeeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.2.ci.
|
4
|
+
version: 1.1.2.ci.129.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- BetterUp
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-03-
|
11
|
+
date: 2021-03-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: '0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: devise
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
33
|
+
version: '0'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
40
|
+
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: doorkeeper
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '0'
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: bundler
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -224,6 +224,7 @@ files:
|
|
224
224
|
- devise-doorkeeper.gemspec
|
225
225
|
- lib/devise/doorkeeper.rb
|
226
226
|
- lib/devise/doorkeeper/doorkeeper_failure_app.rb
|
227
|
+
- lib/devise/doorkeeper/unconfirmed_resource_response.rb
|
227
228
|
- lib/devise/doorkeeper/version.rb
|
228
229
|
- lib/devise/strategies/doorkeeper.rb
|
229
230
|
- spec/dummy/.rspec
|
@@ -275,6 +276,7 @@ files:
|
|
275
276
|
- spec/dummy/db/migrate/20150120154657_create_doorkeeper_tables.rb
|
276
277
|
- spec/dummy/db/migrate/20150120162830_add_devise_to_users.rb
|
277
278
|
- spec/dummy/db/migrate/20210301163315_add_confidential_to_doorkeeper_application.rb
|
279
|
+
- spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb
|
278
280
|
- spec/dummy/db/schema.rb
|
279
281
|
- spec/dummy/lib/assets/.keep
|
280
282
|
- spec/dummy/log/.keep
|
@@ -366,6 +368,7 @@ test_files:
|
|
366
368
|
- spec/dummy/db/migrate/20150120154657_create_doorkeeper_tables.rb
|
367
369
|
- spec/dummy/db/migrate/20150120162830_add_devise_to_users.rb
|
368
370
|
- spec/dummy/db/migrate/20210301163315_add_confidential_to_doorkeeper_application.rb
|
371
|
+
- spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb
|
369
372
|
- spec/dummy/db/schema.rb
|
370
373
|
- spec/dummy/lib/assets/.keep
|
371
374
|
- spec/dummy/log/.keep
|