doorkeeper-openid_connect 1.7.0 → 1.7.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +62 -2
- data/README.md +40 -0
- data/app/controllers/doorkeeper/authorizations_controller.rb +17 -0
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +48 -26
- data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +5 -1
- data/config/locales/en.yml +1 -0
- data/lib/doorkeeper/oauth/id_token_request.rb +8 -12
- data/lib/doorkeeper/oauth/id_token_response.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_token_request.rb +2 -0
- data/lib/doorkeeper/oauth/id_token_token_response.rb +2 -0
- data/lib/doorkeeper/openid_connect.rb +26 -1
- data/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims/claim.rb +6 -4
- data/lib/doorkeeper/openid_connect/claims/distributed_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims/normal_claim.rb +2 -0
- data/lib/doorkeeper/openid_connect/claims_builder.rb +3 -1
- data/lib/doorkeeper/openid_connect/config.rb +24 -10
- data/lib/doorkeeper/openid_connect/engine.rb +2 -0
- data/lib/doorkeeper/openid_connect/errors.rb +2 -1
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +45 -29
- data/lib/doorkeeper/openid_connect/id_token.rb +4 -2
- data/lib/doorkeeper/openid_connect/id_token_token.rb +2 -0
- data/lib/doorkeeper/openid_connect/oauth/authorization/code.rb +25 -8
- data/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb +4 -2
- data/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb +3 -1
- data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +24 -3
- data/lib/doorkeeper/openid_connect/oauth/token_response.rb +3 -1
- data/lib/doorkeeper/openid_connect/orm/active_record.rb +2 -0
- data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +3 -1
- data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +5 -3
- data/lib/doorkeeper/openid_connect/rails/routes.rb +3 -1
- data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb +2 -0
- data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb +2 -0
- data/lib/doorkeeper/openid_connect/response_mode.rb +30 -0
- data/lib/doorkeeper/openid_connect/response_types_config.rb +2 -2
- data/lib/doorkeeper/openid_connect/user_info.rb +2 -0
- data/lib/doorkeeper/openid_connect/version.rb +3 -1
- data/lib/doorkeeper/request/id_token.rb +2 -0
- data/lib/doorkeeper/request/id_token_token.rb +2 -0
- data/lib/generators/doorkeeper/openid_connect/install_generator.rb +4 -2
- data/lib/generators/doorkeeper/openid_connect/migration_generator.rb +3 -1
- data/lib/generators/doorkeeper/openid_connect/templates/initializer.rb +19 -5
- data/lib/generators/doorkeeper/openid_connect/templates/migration.rb.erb +3 -2
- metadata +35 -36
- data/.gitignore +0 -8
- data/.ruby-version +0 -1
- data/.travis.yml +0 -27
- data/CONTRIBUTING.md +0 -45
- data/Gemfile +0 -8
- data/Rakefile +0 -24
- data/bin/console +0 -9
- data/bin/setup +0 -8
- data/doorkeeper-openid_connect.gemspec +0 -32
@@ -1,12 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
|
-
class Request < ActiveRecord::Base
|
5
|
+
class Request < ::ActiveRecord::Base
|
4
6
|
self.table_name = "#{table_name_prefix}oauth_openid_requests#{table_name_suffix}".to_sym
|
5
7
|
|
6
8
|
validates :access_grant_id, :nonce, presence: true
|
7
9
|
belongs_to :access_grant,
|
8
|
-
|
9
|
-
|
10
|
+
class_name: 'Doorkeeper::AccessGrant',
|
11
|
+
inverse_of: :openid_request
|
10
12
|
end
|
11
13
|
end
|
12
14
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'doorkeeper/openid_connect/rails/routes/mapping'
|
2
4
|
require 'doorkeeper/openid_connect/rails/routes/mapper'
|
3
5
|
|
@@ -12,7 +14,7 @@ module Doorkeeper
|
|
12
14
|
end
|
13
15
|
|
14
16
|
def self.install!
|
15
|
-
ActionDispatch::Routing::Mapper.
|
17
|
+
ActionDispatch::Routing::Mapper.include Doorkeeper::OpenidConnect::Rails::Routes::Helper
|
16
18
|
end
|
17
19
|
|
18
20
|
attr_accessor :routes
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Doorkeeper
|
4
|
+
module OpenidConnect
|
5
|
+
class ResponseMode
|
6
|
+
attr_reader :type
|
7
|
+
|
8
|
+
def initialize(response_type)
|
9
|
+
@type = response_type
|
10
|
+
end
|
11
|
+
|
12
|
+
def fragment?
|
13
|
+
mode == 'fragment'
|
14
|
+
end
|
15
|
+
|
16
|
+
def query?
|
17
|
+
mode == 'query'
|
18
|
+
end
|
19
|
+
|
20
|
+
def mode
|
21
|
+
case type
|
22
|
+
when 'token', 'id_token', 'id_token token'
|
23
|
+
'fragment'
|
24
|
+
else
|
25
|
+
'query'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -1,13 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Doorkeeper
|
2
4
|
module OpenidConnect
|
3
5
|
class InstallGenerator < ::Rails::Generators::Base
|
4
6
|
include ::Rails::Generators::Migration
|
5
|
-
source_root File.expand_path('
|
7
|
+
source_root File.expand_path('templates', __dir__)
|
6
8
|
desc 'Installs Doorkeeper OpenID Connect.'
|
7
9
|
|
8
10
|
def install
|
9
11
|
template 'initializer.rb', 'config/initializers/doorkeeper_openid_connect.rb'
|
10
|
-
copy_file File.expand_path('
|
12
|
+
copy_file File.expand_path('../../../../config/locales/en.yml', __dir__), 'config/locales/doorkeeper_openid_connect.en.yml'
|
11
13
|
route 'use_doorkeeper_openid_connect'
|
12
14
|
end
|
13
15
|
end
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rails/generators/active_record'
|
2
4
|
|
3
5
|
module Doorkeeper
|
4
6
|
module OpenidConnect
|
5
7
|
class MigrationGenerator < ::Rails::Generators::Base
|
6
8
|
include ::Rails::Generators::Migration
|
7
|
-
source_root File.expand_path('
|
9
|
+
source_root File.expand_path('templates', __dir__)
|
8
10
|
desc 'Installs Doorkeeper OpenID Connect migration file.'
|
9
11
|
|
10
12
|
def install
|
@@ -1,11 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
Doorkeeper::OpenidConnect.configure do
|
2
4
|
issuer 'issuer string'
|
3
5
|
|
4
|
-
signing_key
|
5
|
-
-----BEGIN RSA PRIVATE KEY-----
|
6
|
-
....
|
7
|
-
-----END RSA PRIVATE KEY-----
|
8
|
-
|
6
|
+
signing_key <<~KEY
|
7
|
+
-----BEGIN RSA PRIVATE KEY-----
|
8
|
+
....
|
9
|
+
-----END RSA PRIVATE KEY-----
|
10
|
+
KEY
|
9
11
|
|
10
12
|
subject_types_supported [:public]
|
11
13
|
|
@@ -26,6 +28,18 @@ EOL
|
|
26
28
|
# redirect_to new_user_session_url
|
27
29
|
end
|
28
30
|
|
31
|
+
# Depending on your configuration, a DoubleRenderError could be raised
|
32
|
+
# if render/redirect_to is called at some point before this callback is executed.
|
33
|
+
# To avoid the DoubleRenderError, you could add these two lines at the beginning
|
34
|
+
# of this callback: (Reference: https://github.com/rails/rails/issues/25106)
|
35
|
+
# self.response_body = nil
|
36
|
+
# @_response_body = nil
|
37
|
+
select_account_for_resource_owner do |resource_owner, return_to|
|
38
|
+
# Example implementation:
|
39
|
+
# store_location_for resource_owner, return_to
|
40
|
+
# redirect_to account_select_url
|
41
|
+
end
|
42
|
+
|
29
43
|
subject do |resource_owner, application|
|
30
44
|
# Example implementation:
|
31
45
|
# resource_owner.id
|
@@ -1,14 +1,15 @@
|
|
1
1
|
class CreateDoorkeeperOpenidConnectTables < ActiveRecord::Migration<%= migration_version %>
|
2
2
|
def change
|
3
3
|
create_table :oauth_openid_requests do |t|
|
4
|
-
t.
|
4
|
+
t.references :access_grant, null: false, index: true
|
5
5
|
t.string :nonce, null: false
|
6
6
|
end
|
7
7
|
|
8
8
|
add_foreign_key(
|
9
9
|
:oauth_openid_requests,
|
10
10
|
:oauth_access_grants,
|
11
|
-
column: :access_grant_id
|
11
|
+
column: :access_grant_id,
|
12
|
+
on_delete: :cascade
|
12
13
|
)
|
13
14
|
end
|
14
15
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,50 +9,56 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2020-12-16 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
18
|
+
- - ">="
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: '5.2'
|
21
|
+
- - "<"
|
19
22
|
- !ruby/object:Gem::Version
|
20
|
-
version: 5.
|
23
|
+
version: '5.5'
|
21
24
|
type: :runtime
|
22
25
|
prerelease: false
|
23
26
|
version_requirements: !ruby/object:Gem::Requirement
|
24
27
|
requirements:
|
25
|
-
- - "
|
28
|
+
- - ">="
|
29
|
+
- !ruby/object:Gem::Version
|
30
|
+
version: '5.2'
|
31
|
+
- - "<"
|
26
32
|
- !ruby/object:Gem::Version
|
27
|
-
version: 5.
|
33
|
+
version: '5.5'
|
28
34
|
- !ruby/object:Gem::Dependency
|
29
35
|
name: json-jwt
|
30
36
|
requirement: !ruby/object:Gem::Requirement
|
31
37
|
requirements:
|
32
|
-
- - "
|
38
|
+
- - ">="
|
33
39
|
- !ruby/object:Gem::Version
|
34
|
-
version:
|
40
|
+
version: 1.11.0
|
35
41
|
type: :runtime
|
36
42
|
prerelease: false
|
37
43
|
version_requirements: !ruby/object:Gem::Requirement
|
38
44
|
requirements:
|
39
|
-
- - "
|
45
|
+
- - ">="
|
40
46
|
- !ruby/object:Gem::Version
|
41
|
-
version:
|
47
|
+
version: 1.11.0
|
42
48
|
- !ruby/object:Gem::Dependency
|
43
|
-
name:
|
49
|
+
name: conventional-changelog
|
44
50
|
requirement: !ruby/object:Gem::Requirement
|
45
51
|
requirements:
|
46
|
-
- - "
|
52
|
+
- - "~>"
|
47
53
|
- !ruby/object:Gem::Version
|
48
|
-
version: '
|
54
|
+
version: '1.2'
|
49
55
|
type: :development
|
50
56
|
prerelease: false
|
51
57
|
version_requirements: !ruby/object:Gem::Requirement
|
52
58
|
requirements:
|
53
|
-
- - "
|
59
|
+
- - "~>"
|
54
60
|
- !ruby/object:Gem::Version
|
55
|
-
version: '
|
61
|
+
version: '1.2'
|
56
62
|
- !ruby/object:Gem::Dependency
|
57
63
|
name: factory_bot
|
58
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -68,21 +74,21 @@ dependencies:
|
|
68
74
|
- !ruby/object:Gem::Version
|
69
75
|
version: '0'
|
70
76
|
- !ruby/object:Gem::Dependency
|
71
|
-
name:
|
77
|
+
name: pry-byebug
|
72
78
|
requirement: !ruby/object:Gem::Requirement
|
73
79
|
requirements:
|
74
|
-
- - "
|
80
|
+
- - ">="
|
75
81
|
- !ruby/object:Gem::Version
|
76
|
-
version:
|
82
|
+
version: '0'
|
77
83
|
type: :development
|
78
84
|
prerelease: false
|
79
85
|
version_requirements: !ruby/object:Gem::Requirement
|
80
86
|
requirements:
|
81
|
-
- - "
|
87
|
+
- - ">="
|
82
88
|
- !ruby/object:Gem::Version
|
83
|
-
version:
|
89
|
+
version: '0'
|
84
90
|
- !ruby/object:Gem::Dependency
|
85
|
-
name:
|
91
|
+
name: rspec-rails
|
86
92
|
requirement: !ruby/object:Gem::Requirement
|
87
93
|
requirements:
|
88
94
|
- - ">="
|
@@ -96,19 +102,19 @@ dependencies:
|
|
96
102
|
- !ruby/object:Gem::Version
|
97
103
|
version: '0'
|
98
104
|
- !ruby/object:Gem::Dependency
|
99
|
-
name:
|
105
|
+
name: sqlite3
|
100
106
|
requirement: !ruby/object:Gem::Requirement
|
101
107
|
requirements:
|
102
|
-
- - "
|
108
|
+
- - ">="
|
103
109
|
- !ruby/object:Gem::Version
|
104
|
-
version:
|
110
|
+
version: 1.3.6
|
105
111
|
type: :development
|
106
112
|
prerelease: false
|
107
113
|
version_requirements: !ruby/object:Gem::Requirement
|
108
114
|
requirements:
|
109
|
-
- - "
|
115
|
+
- - ">="
|
110
116
|
- !ruby/object:Gem::Version
|
111
|
-
version:
|
117
|
+
version: 1.3.6
|
112
118
|
description: OpenID Connect extension for Doorkeeper.
|
113
119
|
email:
|
114
120
|
- sam.dengler@playonsports.com
|
@@ -117,21 +123,13 @@ executables: []
|
|
117
123
|
extensions: []
|
118
124
|
extra_rdoc_files: []
|
119
125
|
files:
|
120
|
-
- ".gitignore"
|
121
|
-
- ".ruby-version"
|
122
|
-
- ".travis.yml"
|
123
126
|
- CHANGELOG.md
|
124
|
-
- CONTRIBUTING.md
|
125
|
-
- Gemfile
|
126
127
|
- LICENSE.txt
|
127
128
|
- README.md
|
128
|
-
-
|
129
|
+
- app/controllers/doorkeeper/authorizations_controller.rb
|
129
130
|
- app/controllers/doorkeeper/openid_connect/discovery_controller.rb
|
130
131
|
- app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
|
131
|
-
- bin/console
|
132
|
-
- bin/setup
|
133
132
|
- config/locales/en.yml
|
134
|
-
- doorkeeper-openid_connect.gemspec
|
135
133
|
- lib/doorkeeper/oauth/id_token_request.rb
|
136
134
|
- lib/doorkeeper/oauth/id_token_response.rb
|
137
135
|
- lib/doorkeeper/oauth/id_token_token_request.rb
|
@@ -159,6 +157,7 @@ files:
|
|
159
157
|
- lib/doorkeeper/openid_connect/rails/routes.rb
|
160
158
|
- lib/doorkeeper/openid_connect/rails/routes/mapper.rb
|
161
159
|
- lib/doorkeeper/openid_connect/rails/routes/mapping.rb
|
160
|
+
- lib/doorkeeper/openid_connect/response_mode.rb
|
162
161
|
- lib/doorkeeper/openid_connect/response_types_config.rb
|
163
162
|
- lib/doorkeeper/openid_connect/user_info.rb
|
164
163
|
- lib/doorkeeper/openid_connect/version.rb
|
@@ -187,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
187
186
|
- !ruby/object:Gem::Version
|
188
187
|
version: '0'
|
189
188
|
requirements: []
|
190
|
-
rubygems_version: 3.
|
189
|
+
rubygems_version: 3.1.4
|
191
190
|
signing_key:
|
192
191
|
specification_version: 4
|
193
192
|
summary: OpenID Connect extension for Doorkeeper.
|
data/.gitignore
DELETED
data/.ruby-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
2.6.3
|
data/.travis.yml
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
language: ruby
|
2
|
-
cache: bundler
|
3
|
-
sudo: false
|
4
|
-
|
5
|
-
before_install:
|
6
|
-
- gem update --system
|
7
|
-
# Bundler 2.0 is not compatible with Rails 4.2
|
8
|
-
# https://docs.travis-ci.com/user/languages/ruby/#bundler-20
|
9
|
-
- "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
|
10
|
-
- rvm @global do gem uninstall bundler -a -x -I || true
|
11
|
-
- gem install bundler -v '< 2'
|
12
|
-
|
13
|
-
before_script:
|
14
|
-
- bundle update
|
15
|
-
- bundle exec rake migrate
|
16
|
-
|
17
|
-
script:
|
18
|
-
- bundle exec rake spec
|
19
|
-
|
20
|
-
env:
|
21
|
-
- rails=5.0.0
|
22
|
-
- rails=5.2.0
|
23
|
-
|
24
|
-
rvm:
|
25
|
-
- 2.4
|
26
|
-
- 2.5
|
27
|
-
- 2.6
|
data/CONTRIBUTING.md
DELETED
@@ -1,45 +0,0 @@
|
|
1
|
-
# Contributing
|
2
|
-
|
3
|
-
## Workflow
|
4
|
-
|
5
|
-
We are using the [Feature Branch Workflow (also known as GitHub Flow)](https://guides.github.com/introduction/flow/), and prefer delivery as pull requests.
|
6
|
-
|
7
|
-
Our first line of defense is the [Travis CI](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect) build defined within [.travis.yml](.travis.yml) and triggered for every pull request.
|
8
|
-
|
9
|
-
Create a feature branch:
|
10
|
-
|
11
|
-
```sh
|
12
|
-
git checkout -B feature/contributing
|
13
|
-
```
|
14
|
-
|
15
|
-
## Creating Good Commits
|
16
|
-
|
17
|
-
The cardinal rule for creating good commits is to ensure there is only one
|
18
|
-
"logical change" per commit. Why is this an important rule?
|
19
|
-
|
20
|
-
* The smaller the amount of code being changed, the quicker & easier it is to
|
21
|
-
review & identify potential flaws.
|
22
|
-
|
23
|
-
* If a change is found to be flawed later, it may be necessary to revert the
|
24
|
-
broken commit. This is much easier to do if there are not other unrelated
|
25
|
-
code changes entangled with the original commit.
|
26
|
-
|
27
|
-
* When troubleshooting problems using Git's bisect capability, small well
|
28
|
-
defined changes will aid in isolating exactly where the code problem was
|
29
|
-
introduced.
|
30
|
-
|
31
|
-
* When browsing history using Git annotate/blame, small well defined changes
|
32
|
-
also aid in isolating exactly where & why a piece of code came from.
|
33
|
-
|
34
|
-
Things to avoid when creating commits:
|
35
|
-
|
36
|
-
* Mixing whitespace changes with functional code changes.
|
37
|
-
* Mixing two unrelated functional changes.
|
38
|
-
* Sending large new features in a single giant commit.
|
39
|
-
|
40
|
-
## Release process
|
41
|
-
|
42
|
-
- Bump version in `lib/doorkeeper/openid_connect/version.rb`
|
43
|
-
- Update `CHANGELOG.md`
|
44
|
-
- Commit all changes
|
45
|
-
- Tag release and publish gem with `rake release`
|