doorkeeper-openid_connect 1.6.3 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +0 -7
- data/CHANGELOG.md +6 -0
- data/Gemfile +1 -4
- data/doorkeeper-openid_connect.gemspec +4 -2
- data/lib/doorkeeper/openid_connect/errors.rb +2 -2
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +22 -11
- data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +1 -1
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +7 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f38540bf15e49809e21423a76e0fd8313c5494aee4a3537f6b6d1bcd5645951
|
4
|
+
data.tar.gz: d1408e8c1a4755356746a55957dbc941242fb266ead2e5f92d29d46646258958
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 71ca0f37f65e787785550e64d4b5fc4ad05ad74ec93601e909924d1984f6b42612c4856bc8439373f8af52a8958e0e80beaf711ed78b012784eb941f46aeb889
|
7
|
+
data.tar.gz: f5c46bc891ed65513493cbeb7304fe76c04a62c03e8ce51b5f1849319da9be27bfa304b5064e028421a88583db4adf4e3ec71e3c4d900fd6ff850e44fa76a826
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
@@ -17,13 +17,15 @@ Gem::Specification.new do |spec|
|
|
17
17
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
18
18
|
spec.require_paths = ['lib']
|
19
19
|
|
20
|
-
spec.required_ruby_version = ">= 2.
|
20
|
+
spec.required_ruby_version = ">= 2.4"
|
21
21
|
|
22
|
-
spec.add_runtime_dependency 'doorkeeper', '
|
22
|
+
spec.add_runtime_dependency 'doorkeeper', '~> 5.2.0'
|
23
23
|
spec.add_runtime_dependency 'json-jwt', '~> 1.6'
|
24
24
|
|
25
25
|
spec.add_development_dependency 'rspec-rails'
|
26
26
|
spec.add_development_dependency 'factory_bot'
|
27
|
+
# We need to stick to this sqlite3 version for Rails 5.0
|
28
|
+
# https://github.com/rails/rails/pull/35154
|
27
29
|
spec.add_development_dependency 'sqlite3', '~> 1.3.6'
|
28
30
|
spec.add_development_dependency 'pry-byebug'
|
29
31
|
spec.add_development_dependency 'conventional-changelog', '~> 1.2'
|
@@ -18,6 +18,7 @@ module Doorkeeper
|
|
18
18
|
def oidc_authorization_request?
|
19
19
|
controller_path == Doorkeeper::Rails::Routes.mapping[:authorizations][:controllers] &&
|
20
20
|
action_name == 'new' &&
|
21
|
+
pre_auth.valid? &&
|
21
22
|
pre_auth.client &&
|
22
23
|
pre_auth.scopes.include?('openid')
|
23
24
|
end
|
@@ -29,14 +30,18 @@ module Doorkeeper
|
|
29
30
|
# FIXME: workaround for Rails 5, see https://github.com/rails/rails/issues/25106
|
30
31
|
@_response_body = nil
|
31
32
|
|
32
|
-
error_response = if
|
33
|
-
::Doorkeeper::OAuth::
|
34
|
-
name: exception.
|
33
|
+
error_response = if exception.type == :invalid_request
|
34
|
+
::Doorkeeper::OAuth::InvalidRequestResponse.new(
|
35
|
+
name: exception.type,
|
35
36
|
state: params[:state],
|
36
|
-
redirect_uri: params[:redirect_uri]
|
37
|
+
redirect_uri: params[:redirect_uri],
|
37
38
|
)
|
38
39
|
else
|
39
|
-
|
40
|
+
::Doorkeeper::OAuth::ErrorResponse.new(
|
41
|
+
name: exception.type,
|
42
|
+
state: params[:state],
|
43
|
+
redirect_uri: params[:redirect_uri],
|
44
|
+
)
|
40
45
|
end
|
41
46
|
|
42
47
|
response.headers.merge!(error_response.headers)
|
@@ -53,15 +58,15 @@ module Doorkeeper
|
|
53
58
|
|
54
59
|
prompt_values.each do |prompt|
|
55
60
|
case prompt
|
56
|
-
when 'none'
|
61
|
+
when 'none'
|
57
62
|
raise Errors::InvalidRequest if (prompt_values - [ 'none' ]).any?
|
58
63
|
raise Errors::LoginRequired unless owner
|
59
64
|
raise Errors::ConsentRequired if oidc_consent_required?(owner)
|
60
|
-
when 'login'
|
65
|
+
when 'login'
|
61
66
|
reauthenticate_oidc_resource_owner(owner) if owner
|
62
|
-
when 'consent'
|
67
|
+
when 'consent'
|
63
68
|
render :new
|
64
|
-
when 'select_account'
|
69
|
+
when 'select_account'
|
65
70
|
# TODO: let the user implement this
|
66
71
|
raise Errors::AccountSelectionRequired
|
67
72
|
else
|
@@ -74,8 +79,10 @@ module Doorkeeper
|
|
74
79
|
max_age = params[:max_age].to_i
|
75
80
|
return unless max_age > 0 && owner
|
76
81
|
|
77
|
-
auth_time = instance_exec
|
82
|
+
auth_time = instance_exec(
|
83
|
+
owner,
|
78
84
|
&Doorkeeper::OpenidConnect.configuration.auth_time_from_resource_owner
|
85
|
+
)
|
79
86
|
|
80
87
|
if !auth_time || (Time.zone.now - auth_time) > max_age
|
81
88
|
reauthenticate_oidc_resource_owner(owner)
|
@@ -89,8 +96,11 @@ module Doorkeeper
|
|
89
96
|
params.delete('prompt') if params['prompt'].blank?
|
90
97
|
end.to_query
|
91
98
|
|
92
|
-
instance_exec
|
99
|
+
instance_exec(
|
100
|
+
owner,
|
101
|
+
return_to.to_s,
|
93
102
|
&Doorkeeper::OpenidConnect.configuration.reauthenticate_resource_owner
|
103
|
+
)
|
94
104
|
|
95
105
|
raise Errors::LoginRequired unless performed?
|
96
106
|
end
|
@@ -103,6 +113,7 @@ module Doorkeeper
|
|
103
113
|
|
104
114
|
def oidc_consent_required?(owner)
|
105
115
|
return false if skip_authorization?
|
116
|
+
|
106
117
|
matching_tokens_for_oidc_resource_owner(owner).blank?
|
107
118
|
end
|
108
119
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,28 +9,22 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2019-
|
12
|
+
date: 2019-11-04 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
19
|
-
- !ruby/object:Gem::Version
|
20
|
-
version: '5.0'
|
21
|
-
- - "<"
|
18
|
+
- - "~>"
|
22
19
|
- !ruby/object:Gem::Version
|
23
|
-
version:
|
20
|
+
version: 5.2.0
|
24
21
|
type: :runtime
|
25
22
|
prerelease: false
|
26
23
|
version_requirements: !ruby/object:Gem::Requirement
|
27
24
|
requirements:
|
28
|
-
- - "
|
29
|
-
- !ruby/object:Gem::Version
|
30
|
-
version: '5.0'
|
31
|
-
- - "<"
|
25
|
+
- - "~>"
|
32
26
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
27
|
+
version: 5.2.0
|
34
28
|
- !ruby/object:Gem::Dependency
|
35
29
|
name: json-jwt
|
36
30
|
requirement: !ruby/object:Gem::Requirement
|
@@ -186,7 +180,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
186
180
|
requirements:
|
187
181
|
- - ">="
|
188
182
|
- !ruby/object:Gem::Version
|
189
|
-
version: '2.
|
183
|
+
version: '2.4'
|
190
184
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
191
185
|
requirements:
|
192
186
|
- - ">="
|