doorkeeper-openid_connect 1.7.0 → 1.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/CHANGELOG.md +29 -2
- data/README.md +2 -0
- data/app/controllers/doorkeeper/authorizations_controller.rb +17 -0
- data/doorkeeper-openid_connect.gemspec +2 -2
- data/lib/doorkeeper/oauth/id_token_request.rb +4 -14
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +3 -12
- data/lib/doorkeeper/openid_connect/id_token.rb +1 -1
- data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +16 -0
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- data/lib/generators/doorkeeper/openid_connect/templates/migration.rb.erb +2 -1
- metadata +17 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0bcb761a45b80b603b387474f5393d9000d154468eb7974620e9aace796836c5
|
4
|
+
data.tar.gz: 51809691b1ea73f5f2a28f00c2aa105c821e9e4326ae781b4dcbb433c7e034ac
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d6e3df930e4e466ffac74df7d3e237158a34a7a831f6003749a9edf8766b762db132430c862287bd16a21a66d035cb4b62fa7f8f0f518452cf8bab3ec1fd4709
|
7
|
+
data.tar.gz: 32721653701e09ae2d022c627bf13f2bfce5390ffad046d976c880b186c97eaec5fa9173aed21789141056322786604224bfe62e6bfe4cdb43da030ed08b2b50
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.6.
|
1
|
+
2.6.5
|
data/CHANGELOG.md
CHANGED
@@ -1,8 +1,35 @@
|
|
1
1
|
## Unreleased
|
2
2
|
|
3
|
-
|
3
|
+
## v1.7.1 (2020-02-07)
|
4
4
|
|
5
|
-
|
5
|
+
### Upgrading
|
6
|
+
|
7
|
+
This version adds `on_delete: :cascade` to the migration template for the `oauth_openid_requests` table, in order to fix #82.
|
8
|
+
|
9
|
+
For existing installations, you should add a new migration in your application to drop the existing foreign key and replace it with a new one with `on_delete: :cascade` included. Depending on the database you're using and the size of your application this might bring up some concerns, but in most cases the following should be sufficient:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
class UpdateOauthOpenIdRequestsForeignKeys < ActiveRecord::Migration[5.2]
|
13
|
+
def up
|
14
|
+
remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
|
15
|
+
add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id, on_delete: :cascade)
|
16
|
+
end
|
17
|
+
|
18
|
+
def down
|
19
|
+
remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
|
20
|
+
add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
```
|
24
|
+
|
25
|
+
### Bugfixes
|
26
|
+
|
27
|
+
- [#96] Bump `json-jwt` because of CVE-2019-18848 (thanks to @leleabhinav)
|
28
|
+
- [#97] Fixes for compatibility with Doorkeeper 5.2 (thanks to @linhdangduy)
|
29
|
+
- [#98] Cascade deletes from `oauth_openid_requests` to `oauth_access_grants` (thanks to @manojmj92)
|
30
|
+
- [#99] Fix `audience` claim when application is not set on access token (thanks to @ionut998)
|
31
|
+
|
32
|
+
## v1.7.0 (2019-11-04)
|
6
33
|
|
7
34
|
### Changes
|
8
35
|
|
data/README.md
CHANGED
@@ -4,6 +4,8 @@
|
|
4
4
|
[](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect)
|
5
5
|
[](https://rubygems.org/gems/doorkeeper-openid_connect)
|
6
6
|
|
7
|
+
#### :warning: **This project is looking for maintainers, see [this issue](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/89).**
|
8
|
+
|
7
9
|
This library implements an [OpenID Connect](http://openid.net/connect/) authentication provider for Rails applications on top of the [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) OAuth 2.0 framework.
|
8
10
|
|
9
11
|
OpenID Connect is a single-sign-on and identity layer with a [growing list of server and client implementations](http://openid.net/developers/libraries/). If you're looking for a client in Ruby check out [omniauth_openid_connect](https://github.com/m0n9oose/omniauth_openid_connect/).
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_dependency "#{Doorkeeper::Engine.root}/app/controllers/doorkeeper/authorizations_controller.rb"
|
4
|
+
|
5
|
+
module Doorkeeper
|
6
|
+
class AuthorizationsController
|
7
|
+
module AuthorizationsExtension
|
8
|
+
private
|
9
|
+
|
10
|
+
def pre_auth_param_fields
|
11
|
+
super.append(:nonce)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
Doorkeeper::AuthorizationsController.send :prepend, AuthorizationsExtension
|
16
|
+
end
|
17
|
+
end
|
@@ -19,8 +19,8 @@ Gem::Specification.new do |spec|
|
|
19
19
|
|
20
20
|
spec.required_ruby_version = ">= 2.4"
|
21
21
|
|
22
|
-
spec.add_runtime_dependency 'doorkeeper', '
|
23
|
-
spec.add_runtime_dependency 'json-jwt', '
|
22
|
+
spec.add_runtime_dependency 'doorkeeper', '>= 5.2', '< 5.4'
|
23
|
+
spec.add_runtime_dependency 'json-jwt', '>= 1.11.0'
|
24
24
|
|
25
25
|
spec.add_development_dependency 'rspec-rails'
|
26
26
|
spec.add_development_dependency 'factory_bot'
|
@@ -9,18 +9,14 @@ module Doorkeeper
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def authorize
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
@response = response
|
16
|
-
else
|
17
|
-
@response = error_response
|
18
|
-
end
|
12
|
+
@auth = Authorization::Token.new(pre_auth, resource_owner)
|
13
|
+
@auth.issue_token
|
14
|
+
response
|
19
15
|
end
|
20
16
|
|
21
17
|
def deny
|
22
18
|
pre_auth.error = :access_denied
|
23
|
-
error_response
|
19
|
+
pre_auth.error_response
|
24
20
|
end
|
25
21
|
|
26
22
|
private
|
@@ -30,12 +26,6 @@ module Doorkeeper
|
|
30
26
|
|
31
27
|
IdTokenResponse.new(pre_auth, auth, id_token)
|
32
28
|
end
|
33
|
-
|
34
|
-
def error_response
|
35
|
-
ErrorResponse.from_request pre_auth,
|
36
|
-
redirect_uri: pre_auth.redirect_uri,
|
37
|
-
response_on_fragment: true
|
38
|
-
end
|
39
29
|
end
|
40
30
|
end
|
41
31
|
end
|
@@ -19,7 +19,6 @@ module Doorkeeper
|
|
19
19
|
controller_path == Doorkeeper::Rails::Routes.mapping[:authorizations][:controllers] &&
|
20
20
|
action_name == 'new' &&
|
21
21
|
pre_auth.valid? &&
|
22
|
-
pre_auth.client &&
|
23
22
|
pre_auth.scopes.include?('openid')
|
24
23
|
end
|
25
24
|
|
@@ -61,7 +60,7 @@ module Doorkeeper
|
|
61
60
|
when 'none'
|
62
61
|
raise Errors::InvalidRequest if (prompt_values - [ 'none' ]).any?
|
63
62
|
raise Errors::LoginRequired unless owner
|
64
|
-
raise Errors::ConsentRequired if oidc_consent_required?
|
63
|
+
raise Errors::ConsentRequired if oidc_consent_required?
|
65
64
|
when 'login'
|
66
65
|
reauthenticate_oidc_resource_owner(owner) if owner
|
67
66
|
when 'consent'
|
@@ -105,16 +104,8 @@ module Doorkeeper
|
|
105
104
|
raise Errors::LoginRequired unless performed?
|
106
105
|
end
|
107
106
|
|
108
|
-
def
|
109
|
-
|
110
|
-
Doorkeeper::AccessToken.scopes_match?(token.scopes, pre_auth.scopes, pre_auth.client.scopes)
|
111
|
-
end
|
112
|
-
end
|
113
|
-
|
114
|
-
def oidc_consent_required?(owner)
|
115
|
-
return false if skip_authorization?
|
116
|
-
|
117
|
-
matching_tokens_for_oidc_resource_owner(owner).blank?
|
107
|
+
def oidc_consent_required?
|
108
|
+
!skip_authorization? && !matching_token?
|
118
109
|
end
|
119
110
|
end
|
120
111
|
end
|
@@ -8,6 +8,22 @@ module Doorkeeper
|
|
8
8
|
super
|
9
9
|
@nonce = attrs[:nonce]
|
10
10
|
end
|
11
|
+
|
12
|
+
# This method will be updated when doorkeeper move to version > 5.2.2
|
13
|
+
# TODO: delete this method and refactor response_on_fragment? method (below) when doorkeeper gem version constrains is > 5.2.2
|
14
|
+
def error_response
|
15
|
+
if error == :invalid_request
|
16
|
+
Doorkeeper::OAuth::InvalidRequestResponse.from_request(self, response_on_fragment: response_on_fragment?)
|
17
|
+
else
|
18
|
+
Doorkeeper::OAuth::ErrorResponse.from_request(self, response_on_fragment: response_on_fragment?)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
def response_on_fragment?
|
25
|
+
response_type == "token" || response_type == "id_token" || response_type == "id_token token"
|
26
|
+
end
|
11
27
|
end
|
12
28
|
end
|
13
29
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,36 +9,42 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2020-02-07 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
18
|
+
- - ">="
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: '5.2'
|
21
|
+
- - "<"
|
19
22
|
- !ruby/object:Gem::Version
|
20
|
-
version: 5.
|
23
|
+
version: '5.4'
|
21
24
|
type: :runtime
|
22
25
|
prerelease: false
|
23
26
|
version_requirements: !ruby/object:Gem::Requirement
|
24
27
|
requirements:
|
25
|
-
- - "
|
28
|
+
- - ">="
|
26
29
|
- !ruby/object:Gem::Version
|
27
|
-
version: 5.2
|
30
|
+
version: '5.2'
|
31
|
+
- - "<"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '5.4'
|
28
34
|
- !ruby/object:Gem::Dependency
|
29
35
|
name: json-jwt
|
30
36
|
requirement: !ruby/object:Gem::Requirement
|
31
37
|
requirements:
|
32
|
-
- - "
|
38
|
+
- - ">="
|
33
39
|
- !ruby/object:Gem::Version
|
34
|
-
version:
|
40
|
+
version: 1.11.0
|
35
41
|
type: :runtime
|
36
42
|
prerelease: false
|
37
43
|
version_requirements: !ruby/object:Gem::Requirement
|
38
44
|
requirements:
|
39
|
-
- - "
|
45
|
+
- - ">="
|
40
46
|
- !ruby/object:Gem::Version
|
41
|
-
version:
|
47
|
+
version: 1.11.0
|
42
48
|
- !ruby/object:Gem::Dependency
|
43
49
|
name: rspec-rails
|
44
50
|
requirement: !ruby/object:Gem::Requirement
|
@@ -126,6 +132,7 @@ files:
|
|
126
132
|
- LICENSE.txt
|
127
133
|
- README.md
|
128
134
|
- Rakefile
|
135
|
+
- app/controllers/doorkeeper/authorizations_controller.rb
|
129
136
|
- app/controllers/doorkeeper/openid_connect/discovery_controller.rb
|
130
137
|
- app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
|
131
138
|
- bin/console
|