doorkeeper-openid_connect 1.6.3 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +0 -7
- data/CHANGELOG.md +6 -0
- data/Gemfile +1 -4
- data/doorkeeper-openid_connect.gemspec +4 -2
- data/lib/doorkeeper/openid_connect/errors.rb +2 -2
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +22 -11
- data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +1 -1
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +7 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f38540bf15e49809e21423a76e0fd8313c5494aee4a3537f6b6d1bcd5645951
|
4
|
+
data.tar.gz: d1408e8c1a4755356746a55957dbc941242fb266ead2e5f92d29d46646258958
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 71ca0f37f65e787785550e64d4b5fc4ad05ad74ec93601e909924d1984f6b42612c4856bc8439373f8af52a8958e0e80beaf711ed78b012784eb941f46aeb889
|
7
|
+
data.tar.gz: f5c46bc891ed65513493cbeb7304fe76c04a62c03e8ce51b5f1849319da9be27bfa304b5064e028421a88583db4adf4e3ec71e3c4d900fd6ff850e44fa76a826
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
@@ -17,13 +17,15 @@ Gem::Specification.new do |spec|
|
|
17
17
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
18
18
|
spec.require_paths = ['lib']
|
19
19
|
|
20
|
-
spec.required_ruby_version = ">= 2.
|
20
|
+
spec.required_ruby_version = ">= 2.4"
|
21
21
|
|
22
|
-
spec.add_runtime_dependency 'doorkeeper', '
|
22
|
+
spec.add_runtime_dependency 'doorkeeper', '~> 5.2.0'
|
23
23
|
spec.add_runtime_dependency 'json-jwt', '~> 1.6'
|
24
24
|
|
25
25
|
spec.add_development_dependency 'rspec-rails'
|
26
26
|
spec.add_development_dependency 'factory_bot'
|
27
|
+
# We need to stick to this sqlite3 version for Rails 5.0
|
28
|
+
# https://github.com/rails/rails/pull/35154
|
27
29
|
spec.add_development_dependency 'sqlite3', '~> 1.3.6'
|
28
30
|
spec.add_development_dependency 'pry-byebug'
|
29
31
|
spec.add_development_dependency 'conventional-changelog', '~> 1.2'
|
@@ -18,6 +18,7 @@ module Doorkeeper
|
|
18
18
|
def oidc_authorization_request?
|
19
19
|
controller_path == Doorkeeper::Rails::Routes.mapping[:authorizations][:controllers] &&
|
20
20
|
action_name == 'new' &&
|
21
|
+
pre_auth.valid? &&
|
21
22
|
pre_auth.client &&
|
22
23
|
pre_auth.scopes.include?('openid')
|
23
24
|
end
|
@@ -29,14 +30,18 @@ module Doorkeeper
|
|
29
30
|
# FIXME: workaround for Rails 5, see https://github.com/rails/rails/issues/25106
|
30
31
|
@_response_body = nil
|
31
32
|
|
32
|
-
error_response = if
|
33
|
-
::Doorkeeper::OAuth::
|
34
|
-
name: exception.
|
33
|
+
error_response = if exception.type == :invalid_request
|
34
|
+
::Doorkeeper::OAuth::InvalidRequestResponse.new(
|
35
|
+
name: exception.type,
|
35
36
|
state: params[:state],
|
36
|
-
redirect_uri: params[:redirect_uri]
|
37
|
+
redirect_uri: params[:redirect_uri],
|
37
38
|
)
|
38
39
|
else
|
39
|
-
|
40
|
+
::Doorkeeper::OAuth::ErrorResponse.new(
|
41
|
+
name: exception.type,
|
42
|
+
state: params[:state],
|
43
|
+
redirect_uri: params[:redirect_uri],
|
44
|
+
)
|
40
45
|
end
|
41
46
|
|
42
47
|
response.headers.merge!(error_response.headers)
|
@@ -53,15 +58,15 @@ module Doorkeeper
|
|
53
58
|
|
54
59
|
prompt_values.each do |prompt|
|
55
60
|
case prompt
|
56
|
-
when 'none'
|
61
|
+
when 'none'
|
57
62
|
raise Errors::InvalidRequest if (prompt_values - [ 'none' ]).any?
|
58
63
|
raise Errors::LoginRequired unless owner
|
59
64
|
raise Errors::ConsentRequired if oidc_consent_required?(owner)
|
60
|
-
when 'login'
|
65
|
+
when 'login'
|
61
66
|
reauthenticate_oidc_resource_owner(owner) if owner
|
62
|
-
when 'consent'
|
67
|
+
when 'consent'
|
63
68
|
render :new
|
64
|
-
when 'select_account'
|
69
|
+
when 'select_account'
|
65
70
|
# TODO: let the user implement this
|
66
71
|
raise Errors::AccountSelectionRequired
|
67
72
|
else
|
@@ -74,8 +79,10 @@ module Doorkeeper
|
|
74
79
|
max_age = params[:max_age].to_i
|
75
80
|
return unless max_age > 0 && owner
|
76
81
|
|
77
|
-
auth_time = instance_exec
|
82
|
+
auth_time = instance_exec(
|
83
|
+
owner,
|
78
84
|
&Doorkeeper::OpenidConnect.configuration.auth_time_from_resource_owner
|
85
|
+
)
|
79
86
|
|
80
87
|
if !auth_time || (Time.zone.now - auth_time) > max_age
|
81
88
|
reauthenticate_oidc_resource_owner(owner)
|
@@ -89,8 +96,11 @@ module Doorkeeper
|
|
89
96
|
params.delete('prompt') if params['prompt'].blank?
|
90
97
|
end.to_query
|
91
98
|
|
92
|
-
instance_exec
|
99
|
+
instance_exec(
|
100
|
+
owner,
|
101
|
+
return_to.to_s,
|
93
102
|
&Doorkeeper::OpenidConnect.configuration.reauthenticate_resource_owner
|
103
|
+
)
|
94
104
|
|
95
105
|
raise Errors::LoginRequired unless performed?
|
96
106
|
end
|
@@ -103,6 +113,7 @@ module Doorkeeper
|
|
103
113
|
|
104
114
|
def oidc_consent_required?(owner)
|
105
115
|
return false if skip_authorization?
|
116
|
+
|
106
117
|
matching_tokens_for_oidc_resource_owner(owner).blank?
|
107
118
|
end
|
108
119
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,28 +9,22 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2019-
|
12
|
+
date: 2019-11-04 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
19
|
-
- !ruby/object:Gem::Version
|
20
|
-
version: '5.0'
|
21
|
-
- - "<"
|
18
|
+
- - "~>"
|
22
19
|
- !ruby/object:Gem::Version
|
23
|
-
version:
|
20
|
+
version: 5.2.0
|
24
21
|
type: :runtime
|
25
22
|
prerelease: false
|
26
23
|
version_requirements: !ruby/object:Gem::Requirement
|
27
24
|
requirements:
|
28
|
-
- - "
|
29
|
-
- !ruby/object:Gem::Version
|
30
|
-
version: '5.0'
|
31
|
-
- - "<"
|
25
|
+
- - "~>"
|
32
26
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
27
|
+
version: 5.2.0
|
34
28
|
- !ruby/object:Gem::Dependency
|
35
29
|
name: json-jwt
|
36
30
|
requirement: !ruby/object:Gem::Requirement
|
@@ -186,7 +180,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
186
180
|
requirements:
|
187
181
|
- - ">="
|
188
182
|
- !ruby/object:Gem::Version
|
189
|
-
version: '2.
|
183
|
+
version: '2.4'
|
190
184
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
191
185
|
requirements:
|
192
186
|
- - ">="
|