devise-doorkeeper 1.1.2.ci.123.1 → 1.1.2.ci.129.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/devise-doorkeeper.gemspec +3 -3
- data/lib/devise/doorkeeper/doorkeeper_failure_app.rb +14 -0
- data/lib/devise/doorkeeper/unconfirmed_resource_response.rb +19 -0
- data/lib/devise/strategies/doorkeeper.rb +11 -1
- data/spec/dummy/app/models/user.rb +5 -1
- data/spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb +11 -0
- data/spec/dummy/db/schema.rb +5 -1
- data/spec/factories/users.rb +5 -0
- data/spec/requests/oauth/bearer_tokens_spec.rb +37 -22
- data/spec/requests/oauth/password_grant_spec.rb +3 -3
- metadata +17 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 443328b2b197e80b47460a63a483fccde2204cbb32c9a2f113c8a5078dd71128
|
|
4
|
+
data.tar.gz: dbc5e6aa9e9d37f3d92e645d03aa1230190ad789e4ed95560603deed5696e91c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bee9e8edbcf6e3c3b481b934887c769eaea1fbcc4024bbfc3aaf90208c3617c80569cbc569768bd737295a7f409b81b888f7a1079feb3302d5dc39fff3e0e42a
|
|
7
|
+
data.tar.gz: 520f78f01c13c587c335a2d54395d44fce444b02805531a10ca8339aa49970aa66e648f0d983f708713a90ee0b68b844ecb52c7d1cf9c34320d3ba4eca31df74
|
data/devise-doorkeeper.gemspec
CHANGED
|
@@ -18,9 +18,9 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
spec.require_paths = ['lib']
|
|
20
20
|
|
|
21
|
-
spec.add_dependency 'rails'
|
|
22
|
-
spec.add_dependency 'devise'
|
|
23
|
-
spec.add_dependency 'doorkeeper'
|
|
21
|
+
spec.add_dependency 'rails'
|
|
22
|
+
spec.add_dependency 'devise'
|
|
23
|
+
spec.add_dependency 'doorkeeper'
|
|
24
24
|
|
|
25
25
|
spec.add_development_dependency 'bundler', '~> 2.2'
|
|
26
26
|
spec.add_development_dependency 'rspec-rails', '~> 4.0'
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'devise/strategies/doorkeeper'
|
|
2
|
+
require 'devise/doorkeeper/unconfirmed_resource_response'
|
|
2
3
|
|
|
3
4
|
module Devise
|
|
4
5
|
module Doorkeeper
|
|
@@ -6,6 +7,8 @@ module Devise
|
|
|
6
7
|
def respond
|
|
7
8
|
if oauth_error?
|
|
8
9
|
invalid_oauth_token
|
|
10
|
+
elsif unconfirmed_resource?
|
|
11
|
+
unconfirmed_resource
|
|
9
12
|
else
|
|
10
13
|
super
|
|
11
14
|
end
|
|
@@ -17,12 +20,23 @@ module Devise
|
|
|
17
20
|
warden_message == Devise::Strategies::Doorkeeper::WARDEN_INVALID_TOKEN_MESSAGE
|
|
18
21
|
end
|
|
19
22
|
|
|
23
|
+
def unconfirmed_resource?
|
|
24
|
+
warden_message == Devise::Strategies::Doorkeeper::WARDEN_UNCONFIRMED_RESOURCE_MESSAGE
|
|
25
|
+
end
|
|
26
|
+
|
|
20
27
|
def invalid_oauth_token
|
|
21
28
|
error = ::Doorkeeper::OAuth::InvalidTokenResponse.new
|
|
22
29
|
headers.merge! error.headers
|
|
23
30
|
self.response_body = error.body.to_json
|
|
24
31
|
self.status = error.status
|
|
25
32
|
end
|
|
33
|
+
|
|
34
|
+
def unconfirmed_resource
|
|
35
|
+
error = UnconfirmedResourceResponse.new
|
|
36
|
+
headers.merge! error.headers
|
|
37
|
+
self.response_body = error.body.to_json
|
|
38
|
+
self.status = error.status
|
|
39
|
+
end
|
|
26
40
|
end
|
|
27
41
|
end
|
|
28
42
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
require 'devise/strategies/doorkeeper'
|
|
2
|
+
|
|
3
|
+
module Devise
|
|
4
|
+
module Doorkeeper
|
|
5
|
+
class UnconfirmedResourceResponse < ::Doorkeeper::OAuth::ErrorResponse
|
|
6
|
+
def initialize(attributes = {})
|
|
7
|
+
super(attributes.merge(name: :unconfirmed_resource, state: :locked))
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def status
|
|
11
|
+
:locked
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def exception_class
|
|
15
|
+
::Doorkeeper::Errors::DoorkeeperError
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -7,6 +7,7 @@ module Devise
|
|
|
7
7
|
module Strategies
|
|
8
8
|
class Doorkeeper < ::Devise::Strategies::Authenticatable
|
|
9
9
|
WARDEN_INVALID_TOKEN_MESSAGE = :invalid_token
|
|
10
|
+
WARDEN_UNCONFIRMED_RESOURCE_MESSAGE = :unconfirmed_resource
|
|
10
11
|
|
|
11
12
|
def valid?
|
|
12
13
|
credentials = ::Doorkeeper::OAuth::Token.from_request(request, *access_token_methods)
|
|
@@ -17,7 +18,11 @@ module Devise
|
|
|
17
18
|
resource = resource_from_token
|
|
18
19
|
if validate(resource)
|
|
19
20
|
request.env['devise.skip_trackable'] = true
|
|
20
|
-
|
|
21
|
+
if resource.active_for_authentication?
|
|
22
|
+
success!(resource)
|
|
23
|
+
else
|
|
24
|
+
unconfirmed_resource
|
|
25
|
+
end
|
|
21
26
|
else
|
|
22
27
|
invalid_token
|
|
23
28
|
end
|
|
@@ -48,6 +53,11 @@ module Devise
|
|
|
48
53
|
mapping.to.find(token.resource_owner_id)
|
|
49
54
|
end
|
|
50
55
|
|
|
56
|
+
def unconfirmed_resource
|
|
57
|
+
fail!(WARDEN_UNCONFIRMED_RESOURCE_MESSAGE)
|
|
58
|
+
throw :warden
|
|
59
|
+
end
|
|
60
|
+
|
|
51
61
|
def invalid_token
|
|
52
62
|
fail!(WARDEN_INVALID_TOKEN_MESSAGE)
|
|
53
63
|
throw :warden
|
|
@@ -2,6 +2,10 @@ class User < ActiveRecord::Base
|
|
|
2
2
|
# Include default devise modules. Others available are:
|
|
3
3
|
# :confirmable, :lockable, :timeoutable and :omniauthable
|
|
4
4
|
devise :database_authenticatable, :registerable,
|
|
5
|
-
:recoverable, :rememberable, :trackable, :validatable
|
|
5
|
+
:recoverable, :rememberable, :trackable, :validatable, :confirmable
|
|
6
6
|
devise :database_authenticatable, :doorkeeper
|
|
7
|
+
|
|
8
|
+
def send_confirmation_notification?
|
|
9
|
+
false
|
|
10
|
+
end
|
|
7
11
|
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
class AddConfirmableFieldToUsers < ActiveRecord::Migration[5.0]
|
|
2
|
+
def change
|
|
3
|
+
change_table(:users) do |t|
|
|
4
|
+
## Confirmable
|
|
5
|
+
t.string :confirmation_token
|
|
6
|
+
t.datetime :confirmed_at
|
|
7
|
+
t.datetime :confirmation_sent_at
|
|
8
|
+
t.string :unconfirmed_email # Only if using reconfirmable
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
end
|
data/spec/dummy/db/schema.rb
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
#
|
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
|
12
12
|
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
|
13
|
+
ActiveRecord::Schema.define(version: 20210301204550) do
|
|
14
14
|
|
|
15
15
|
create_table "oauth_access_grants", force: :cascade do |t|
|
|
16
16
|
t.integer "resource_owner_id", null: false
|
|
@@ -63,6 +63,10 @@ ActiveRecord::Schema.define(version: 20210301163315) do
|
|
|
63
63
|
t.datetime "last_sign_in_at"
|
|
64
64
|
t.string "current_sign_in_ip"
|
|
65
65
|
t.string "last_sign_in_ip"
|
|
66
|
+
t.string "confirmation_token"
|
|
67
|
+
t.datetime "confirmed_at"
|
|
68
|
+
t.datetime "confirmation_sent_at"
|
|
69
|
+
t.string "unconfirmed_email"
|
|
66
70
|
t.index ["email"], name: "index_users_on_email", unique: true
|
|
67
71
|
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
|
|
68
72
|
end
|
data/spec/factories/users.rb
CHANGED
|
@@ -3,28 +3,43 @@ require 'rails_helper'
|
|
|
3
3
|
RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
4
4
|
let(:request_path) { '/example.json' }
|
|
5
5
|
context 'with valid access token' do
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
6
|
+
context 'when user confirmed' do
|
|
7
|
+
let(:access_token) { create(:access_token) }
|
|
8
|
+
let(:headers) do
|
|
9
|
+
{
|
|
10
|
+
'Authorization' => "Bearer #{access_token.token}"
|
|
11
|
+
}
|
|
12
|
+
end
|
|
13
|
+
let(:params) { {} }
|
|
14
|
+
before do
|
|
15
|
+
@original_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
|
|
16
|
+
get request_path, params: params, headers: headers
|
|
17
|
+
end
|
|
18
|
+
it { expect(response.status).to eq 200 }
|
|
19
|
+
it 'does not send Set-Cookie headers' do
|
|
20
|
+
expect(response.headers).to_not include 'Set-Cookie'
|
|
21
|
+
end
|
|
22
|
+
it 'does not update the user last_signin_at timestamp' do
|
|
23
|
+
new_timestamp = User.find(access_token.resource_owner_id).last_sign_in_at
|
|
24
|
+
expect(new_timestamp).to eq @original_timestamp
|
|
25
|
+
end
|
|
20
26
|
end
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
27
|
+
context 'when user unconfirmed' do
|
|
28
|
+
let(:user) { create(:user, :when_unconfirmed) }
|
|
29
|
+
let(:access_token) { create(:access_token, resource_owner_id: user.id) }
|
|
30
|
+
let(:headers) do
|
|
31
|
+
{
|
|
32
|
+
'Authorization' => "Bearer #{access_token.token}"
|
|
33
|
+
}
|
|
34
|
+
end
|
|
35
|
+
before do
|
|
36
|
+
get request_path, headers: headers
|
|
37
|
+
end
|
|
38
|
+
it { expect(response.status).to eq 423 }
|
|
24
39
|
end
|
|
25
40
|
end
|
|
26
41
|
context 'with expired access token' do
|
|
27
|
-
|
|
42
|
+
let(:access_token) { create(:access_token, expires_in: 0) }
|
|
28
43
|
let(:headers) do
|
|
29
44
|
{
|
|
30
45
|
'Authorization' => "Bearer #{access_token.token}"
|
|
@@ -32,14 +47,14 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
|
32
47
|
end
|
|
33
48
|
let(:params) { {} }
|
|
34
49
|
before do
|
|
35
|
-
get request_path, params, headers
|
|
50
|
+
get request_path, params: params, headers: headers
|
|
36
51
|
end
|
|
37
52
|
it { expect(response.status).to eq 401 }
|
|
38
53
|
it { expect(response.headers['WWW-Authenticate']).to eq 'Bearer realm="DeviseDoorkeeperApp", error="invalid_token", error_description="The access token is invalid"' }
|
|
39
54
|
it { expect(response.body).to eq '{"error":"invalid_token","error_description":"The access token is invalid","state":"unauthorized"}' }
|
|
40
55
|
end
|
|
41
56
|
context 'with revoked access token' do
|
|
42
|
-
|
|
57
|
+
let(:access_token) { create(:access_token, revoked_at: 1.year.ago) }
|
|
43
58
|
let(:headers) do
|
|
44
59
|
{
|
|
45
60
|
'Authorization' => "Bearer #{access_token.token}"
|
|
@@ -47,7 +62,7 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
|
47
62
|
end
|
|
48
63
|
let(:params) { {} }
|
|
49
64
|
before do
|
|
50
|
-
get request_path, params, headers
|
|
65
|
+
get request_path, params: params, headers: headers
|
|
51
66
|
end
|
|
52
67
|
it { expect(response.status).to eq 401 }
|
|
53
68
|
end
|
|
@@ -60,7 +75,7 @@ RSpec.describe 'OAuth bearer token requests', type: :request do
|
|
|
60
75
|
end
|
|
61
76
|
let(:params) { {} }
|
|
62
77
|
before do
|
|
63
|
-
get request_path, params, headers
|
|
78
|
+
get request_path, params: params, headers: headers
|
|
64
79
|
end
|
|
65
80
|
it { expect(response.status).to eq 401 }
|
|
66
81
|
end
|
|
@@ -23,7 +23,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
|
|
|
23
23
|
}.to_json
|
|
24
24
|
end
|
|
25
25
|
before do
|
|
26
|
-
post '/oauth/token', params, headers
|
|
26
|
+
post '/oauth/token', params: params, headers: headers
|
|
27
27
|
@new_token = Doorkeeper::AccessToken.last
|
|
28
28
|
end
|
|
29
29
|
it { expect(response.status).to eq 200 }
|
|
@@ -43,7 +43,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
|
|
|
43
43
|
end
|
|
44
44
|
let(:headers) { {} }
|
|
45
45
|
before do
|
|
46
|
-
post '/oauth/token', params, headers
|
|
46
|
+
post '/oauth/token', params: params, headers: headers
|
|
47
47
|
end
|
|
48
48
|
it { expect(response.status).to eq 400 }
|
|
49
49
|
end
|
|
@@ -61,7 +61,7 @@ RSpec.describe 'oauth/tokens password grant flow', type: :request do
|
|
|
61
61
|
end
|
|
62
62
|
let(:headers) { {} }
|
|
63
63
|
before do
|
|
64
|
-
post '/oauth/token', params, headers
|
|
64
|
+
post '/oauth/token', params: params, headers: headers
|
|
65
65
|
end
|
|
66
66
|
it { expect(response.status).to eq 400 }
|
|
67
67
|
end
|
metadata
CHANGED
|
@@ -1,57 +1,57 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-doorkeeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.2.ci.
|
|
4
|
+
version: 1.1.2.ci.129.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- BetterUp
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: devise
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '0'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: doorkeeper
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - "
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
47
|
+
version: '0'
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - "
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: bundler
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -224,6 +224,7 @@ files:
|
|
|
224
224
|
- devise-doorkeeper.gemspec
|
|
225
225
|
- lib/devise/doorkeeper.rb
|
|
226
226
|
- lib/devise/doorkeeper/doorkeeper_failure_app.rb
|
|
227
|
+
- lib/devise/doorkeeper/unconfirmed_resource_response.rb
|
|
227
228
|
- lib/devise/doorkeeper/version.rb
|
|
228
229
|
- lib/devise/strategies/doorkeeper.rb
|
|
229
230
|
- spec/dummy/.rspec
|
|
@@ -275,6 +276,7 @@ files:
|
|
|
275
276
|
- spec/dummy/db/migrate/20150120154657_create_doorkeeper_tables.rb
|
|
276
277
|
- spec/dummy/db/migrate/20150120162830_add_devise_to_users.rb
|
|
277
278
|
- spec/dummy/db/migrate/20210301163315_add_confidential_to_doorkeeper_application.rb
|
|
279
|
+
- spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb
|
|
278
280
|
- spec/dummy/db/schema.rb
|
|
279
281
|
- spec/dummy/lib/assets/.keep
|
|
280
282
|
- spec/dummy/log/.keep
|
|
@@ -366,6 +368,7 @@ test_files:
|
|
|
366
368
|
- spec/dummy/db/migrate/20150120154657_create_doorkeeper_tables.rb
|
|
367
369
|
- spec/dummy/db/migrate/20150120162830_add_devise_to_users.rb
|
|
368
370
|
- spec/dummy/db/migrate/20210301163315_add_confidential_to_doorkeeper_application.rb
|
|
371
|
+
- spec/dummy/db/migrate/20210301204550_add_confirmable_field_to_users.rb
|
|
369
372
|
- spec/dummy/db/schema.rb
|
|
370
373
|
- spec/dummy/lib/assets/.keep
|
|
371
374
|
- spec/dummy/log/.keep
|