doorkeeper-openid_connect 1.7.1 → 1.7.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -0
  3. data/README.md +4 -0
  4. data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
  5. data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +16 -13
  6. data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +2 -0
  7. data/lib/doorkeeper/oauth/id_token_request.rb +7 -1
  8. data/lib/doorkeeper/oauth/id_token_response.rb +2 -0
  9. data/lib/doorkeeper/oauth/id_token_token_request.rb +2 -0
  10. data/lib/doorkeeper/oauth/id_token_token_response.rb +2 -0
  11. data/lib/doorkeeper/openid_connect.rb +3 -1
  12. data/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb +2 -0
  13. data/lib/doorkeeper/openid_connect/claims/claim.rb +6 -4
  14. data/lib/doorkeeper/openid_connect/claims/distributed_claim.rb +2 -0
  15. data/lib/doorkeeper/openid_connect/claims/normal_claim.rb +2 -0
  16. data/lib/doorkeeper/openid_connect/claims_builder.rb +3 -1
  17. data/lib/doorkeeper/openid_connect/config.rb +16 -10
  18. data/lib/doorkeeper/openid_connect/engine.rb +2 -0
  19. data/lib/doorkeeper/openid_connect/errors.rb +2 -0
  20. data/lib/doorkeeper/openid_connect/helpers/controller.rb +24 -15
  21. data/lib/doorkeeper/openid_connect/id_token.rb +3 -1
  22. data/lib/doorkeeper/openid_connect/id_token_token.rb +2 -0
  23. data/lib/doorkeeper/openid_connect/oauth/authorization/code.rb +25 -8
  24. data/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb +4 -2
  25. data/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb +3 -1
  26. data/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb +11 -4
  27. data/lib/doorkeeper/openid_connect/oauth/token_response.rb +3 -1
  28. data/lib/doorkeeper/openid_connect/orm/active_record.rb +2 -0
  29. data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +3 -1
  30. data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +5 -3
  31. data/lib/doorkeeper/openid_connect/rails/routes.rb +3 -1
  32. data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb +2 -0
  33. data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb +2 -0
  34. data/lib/doorkeeper/openid_connect/response_types_config.rb +3 -1
  35. data/lib/doorkeeper/openid_connect/user_info.rb +2 -0
  36. data/lib/doorkeeper/openid_connect/version.rb +3 -1
  37. data/lib/doorkeeper/request/id_token.rb +2 -0
  38. data/lib/doorkeeper/request/id_token_token.rb +2 -0
  39. data/lib/generators/doorkeeper/openid_connect/install_generator.rb +4 -2
  40. data/lib/generators/doorkeeper/openid_connect/migration_generator.rb +3 -1
  41. data/lib/generators/doorkeeper/openid_connect/templates/initializer.rb +7 -5
  42. metadata +21 -30
  43. data/.gitignore +0 -8
  44. data/.ruby-version +0 -1
  45. data/.travis.yml +0 -27
  46. data/CONTRIBUTING.md +0 -45
  47. data/Gemfile +0 -8
  48. data/Rakefile +0 -24
  49. data/bin/console +0 -9
  50. data/bin/setup +0 -8
  51. data/doorkeeper-openid_connect.gemspec +0 -32
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0bcb761a45b80b603b387474f5393d9000d154468eb7974620e9aace796836c5
4
- data.tar.gz: 51809691b1ea73f5f2a28f00c2aa105c821e9e4326ae781b4dcbb433c7e034ac
3
+ metadata.gz: dd500337bf3593b1f15ab64da67dd2da940797271fd1a169e47f2542371d6930
4
+ data.tar.gz: 4c3fdae9aca104f74f2bcf2e2805d09fe784e75326e3fa2382de8ba74133987a
5
5
  SHA512:
6
- metadata.gz: d6e3df930e4e466ffac74df7d3e237158a34a7a831f6003749a9edf8766b762db132430c862287bd16a21a66d035cb4b62fa7f8f0f518452cf8bab3ec1fd4709
7
- data.tar.gz: 32721653701e09ae2d022c627bf13f2bfce5390ffad046d976c880b186c97eaec5fa9173aed21789141056322786604224bfe62e6bfe4cdb43da030ed08b2b50
6
+ metadata.gz: 887f767a61bd22be260dfb2b3d37de2e3334b25ff53aacbf9b6b41aecb88a287ae308d9fd65950e7c850ab023569d08cb1c31cceda4182cb667c3b61a984406e
7
+ data.tar.gz: 670454a6c3e5dbe69dcb511e68acbb63b2b558410a3ae0268400918dd11e3ae4d320fb1bd7d876cade2b7313132c925befcd51ad0bd023bfb826f36ee9d127b9
@@ -1,5 +1,13 @@
1
1
  ## Unreleased
2
2
 
3
+ ## v1.7.2 (2020-05-20)
4
+
5
+ ### Changes
6
+
7
+ - [#108] Add support for Doorkeeper 5.4
8
+ - [#103] Add support for end_session_endpoint
9
+ - [#109] Test against Ruby 2.7 & Rails 6.x
10
+
3
11
  ## v1.7.1 (2020-02-07)
4
12
 
5
13
  ### Upgrading
data/README.md CHANGED
@@ -152,6 +152,10 @@ The following settings are optional:
152
152
  - Note that the OIDC specification mandates HTTPS, so you shouldn't change this
153
153
  for production environments unless you have a really good reason!
154
154
 
155
+ - `end_session_endpoint`
156
+ - The URL that the user is redirected to after ending the session on the client.
157
+ - Used by implementations like https://github.com/IdentityModel/oidc-client-js.
158
+
155
159
  ### Scopes
156
160
 
157
161
  To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
@@ -12,6 +12,6 @@ module Doorkeeper
12
12
  end
13
13
  end
14
14
 
15
- Doorkeeper::AuthorizationsController.send :prepend, AuthorizationsExtension
15
+ Doorkeeper::AuthorizationsController.prepend AuthorizationsExtension
16
16
  end
17
17
  end
@@ -1,9 +1,11 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class DiscoveryController < ::Doorkeeper::ApplicationController
4
6
  include Doorkeeper::Helpers::Controller
5
7
 
6
- WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'.freeze
8
+ WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
7
9
 
8
10
  def provider
9
11
  render json: provider_response
@@ -30,20 +32,21 @@ module Doorkeeper
30
32
  introspection_endpoint: oauth_introspect_url(protocol: protocol),
31
33
  userinfo_endpoint: oauth_userinfo_url(protocol: protocol),
32
34
  jwks_uri: oauth_discovery_keys_url(protocol: protocol),
35
+ end_session_endpoint: openid_connect.end_session_endpoint.call,
33
36
 
34
37
  scopes_supported: doorkeeper.scopes,
35
38
 
36
39
  # TODO: support id_token response type
37
40
  response_types_supported: doorkeeper.authorization_response_types,
38
- response_modes_supported: [ 'query', 'fragment' ],
41
+ response_modes_supported: ['query', 'fragment'],
39
42
 
40
43
  token_endpoint_auth_methods_supported: [
41
44
  'client_secret_basic',
42
45
  'client_secret_post',
43
46
 
44
47
  # TODO: look into doorkeeper-jwt_assertion for these
45
- #'client_secret_jwt',
46
- #'private_key_jwt'
48
+ # 'client_secret_jwt',
49
+ # 'private_key_jwt'
47
50
  ],
48
51
 
49
52
  subject_types_supported: openid_connect.subject_types_supported,
@@ -56,18 +59,18 @@ module Doorkeeper
56
59
  'normal',
57
60
 
58
61
  # TODO: support these
59
- #'aggregated',
60
- #'distributed',
62
+ # 'aggregated',
63
+ # 'distributed',
61
64
  ],
62
65
 
63
- claims_supported: [
64
- 'iss',
65
- 'sub',
66
- 'aud',
67
- 'exp',
68
- 'iat',
66
+ claims_supported: %w[
67
+ iss
68
+ sub
69
+ aud
70
+ exp
71
+ iat
69
72
  ] | openid_connect.claims.to_h.keys,
70
- }
73
+ }.compact
71
74
  end
72
75
 
73
76
  def webfinger_response
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class UserinfoController < ::Doorkeeper::ApplicationController
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenRequest
@@ -10,7 +12,11 @@ module Doorkeeper
10
12
 
11
13
  def authorize
12
14
  @auth = Authorization::Token.new(pre_auth, resource_owner)
13
- @auth.issue_token
15
+ if @auth.respond_to?(:issue_token!)
16
+ @auth.issue_token!
17
+ else
18
+ @auth.issue_token
19
+ end
14
20
  response
15
21
  end
16
22
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenResponse < BaseResponse
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenTokenRequest < IdTokenRequest
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OAuth
3
5
  class IdTokenTokenResponse < IdTokenResponse
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'doorkeeper'
2
4
  require 'active_model'
3
5
  require 'json/jwt'
@@ -42,7 +44,7 @@ module Doorkeeper
42
44
 
43
45
  def self.signing_key
44
46
  key =
45
- if [:HS256, :HS384, :HS512].include?(signing_algorithm)
47
+ if %i[HS256 HS384 HS512].include?(signing_algorithm)
46
48
  configuration.signing_key
47
49
  else
48
50
  OpenSSL::PKey.read(configuration.signing_key)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Claims
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Claims
@@ -11,10 +13,10 @@ module Doorkeeper
11
13
  name family_name given_name middle_name nickname preferred_username
12
14
  profile picture website gender birthdate zoneinfo locale updated_at
13
15
  ],
14
- email: %i[ email email_verified ],
15
- address: %i[ address ],
16
- phone: %i[ phone_number phone_number_verified ],
17
- }
16
+ email: %i[email email_verified],
17
+ address: %i[address],
18
+ phone: %i[phone_number phone_number_verified],
19
+ }.freeze
18
20
 
19
21
  def initialize(options = {})
20
22
  @name = options[:name].to_sym
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Claims
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Claims
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'ostruct'
2
4
 
3
5
  module Doorkeeper
@@ -31,7 +33,7 @@ module Doorkeeper
31
33
  generator: block
32
34
  )
33
35
  end
34
- alias_method :claim, :normal_claim
36
+ alias claim normal_claim
35
37
  end
36
38
  end
37
39
  end
@@ -1,15 +1,17 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  def self.configure(&block)
4
6
  if Doorkeeper.configuration.orm != :active_record
5
- fail Errors::InvalidConfiguration, 'Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter'
7
+ raise Errors::InvalidConfiguration, 'Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter'
6
8
  end
7
9
 
8
10
  @config = Config::Builder.new(&block).build
9
11
  end
10
12
 
11
13
  def self.configuration
12
- @config || (fail Errors::MissingConfiguration)
14
+ @config || (raise Errors::MissingConfiguration)
13
15
  end
14
16
 
15
17
  class Config
@@ -23,12 +25,12 @@ module Doorkeeper
23
25
  @config
24
26
  end
25
27
 
26
- def jws_public_key(*args)
27
- puts "DEPRECATION WARNING: `jws_public_key` is not needed anymore and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb"
28
+ def jws_public_key(*_args)
29
+ puts 'DEPRECATION WARNING: `jws_public_key` is not needed anymore and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
28
30
  end
29
31
 
30
32
  def jws_private_key(*args)
31
- puts "DEPRECATION WARNING: `jws_private_key` has been replaced by `signing_key` and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb"
33
+ puts 'DEPRECATION WARNING: `jws_private_key` has been replaced by `signing_key` and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
32
34
  signing_key(*args)
33
35
  end
34
36
  end
@@ -71,7 +73,7 @@ module Doorkeeper
71
73
  value = if attribute_builder
72
74
  attribute_builder.new(&block).build
73
75
  else
74
- block ? block : args.first
76
+ block || args.first
75
77
  end
76
78
 
77
79
  @config.instance_variable_set(:"@#{attribute}", value)
@@ -102,19 +104,19 @@ module Doorkeeper
102
104
  option :subject_types_supported, default: [:public]
103
105
 
104
106
  option :resource_owner_from_access_token, default: lambda { |*_|
105
- fail Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.resource_owner_from_access_token_not_configured')
107
+ raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.resource_owner_from_access_token_not_configured')
106
108
  }
107
109
 
108
110
  option :auth_time_from_resource_owner, default: lambda { |*_|
109
- fail Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.auth_time_from_resource_owner_not_configured')
111
+ raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.auth_time_from_resource_owner_not_configured')
110
112
  }
111
113
 
112
114
  option :reauthenticate_resource_owner, default: lambda { |*_|
113
- fail Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.reauthenticate_resource_owner_not_configured')
115
+ raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.reauthenticate_resource_owner_not_configured')
114
116
  }
115
117
 
116
118
  option :subject, default: lambda { |*_|
117
- fail Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.subject_not_configured')
119
+ raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.subject_not_configured')
118
120
  }
119
121
 
120
122
  option :expiration, default: 120
@@ -124,6 +126,10 @@ module Doorkeeper
124
126
  option :protocol, default: lambda { |*_|
125
127
  ::Rails.env.production? ? :https : :http
126
128
  }
129
+
130
+ option :end_session_endpoint, default: lambda { |*_|
131
+ nil
132
+ }
127
133
  end
128
134
  end
129
135
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class Engine < ::Rails::Engine
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Errors
@@ -1,9 +1,18 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Helpers
4
6
  module Controller
5
7
  private
6
8
 
9
+ # FIXME: remove after Doorkeeper will merge it
10
+ def current_resource_owner
11
+ return @current_resource_owner if defined?(@current_resource_owner)
12
+
13
+ super
14
+ end
15
+
7
16
  def authenticate_resource_owner!
8
17
  super.tap do |owner|
9
18
  next unless oidc_authorization_request?
@@ -11,8 +20,8 @@ module Doorkeeper
11
20
  handle_oidc_prompt_param!(owner)
12
21
  handle_oidc_max_age_param!(owner)
13
22
  end
14
- rescue Errors::OpenidConnectError => exception
15
- handle_oidc_error!(exception)
23
+ rescue Errors::OpenidConnectError => e
24
+ handle_oidc_error!(e)
16
25
  end
17
26
 
18
27
  def oidc_authorization_request?
@@ -30,17 +39,17 @@ module Doorkeeper
30
39
  @_response_body = nil
31
40
 
32
41
  error_response = if exception.type == :invalid_request
33
- ::Doorkeeper::OAuth::InvalidRequestResponse.new(
34
- name: exception.type,
35
- state: params[:state],
36
- redirect_uri: params[:redirect_uri],
37
- )
38
- else
39
- ::Doorkeeper::OAuth::ErrorResponse.new(
40
- name: exception.type,
41
- state: params[:state],
42
- redirect_uri: params[:redirect_uri],
43
- )
42
+ ::Doorkeeper::OAuth::InvalidRequestResponse.new(
43
+ name: exception.type,
44
+ state: params[:state],
45
+ redirect_uri: params[:redirect_uri],
46
+ )
47
+ else
48
+ ::Doorkeeper::OAuth::ErrorResponse.new(
49
+ name: exception.type,
50
+ state: params[:state],
51
+ redirect_uri: params[:redirect_uri],
52
+ )
44
53
  end
45
54
 
46
55
  response.headers.merge!(error_response.headers)
@@ -58,7 +67,7 @@ module Doorkeeper
58
67
  prompt_values.each do |prompt|
59
68
  case prompt
60
69
  when 'none'
61
- raise Errors::InvalidRequest if (prompt_values - [ 'none' ]).any?
70
+ raise Errors::InvalidRequest if (prompt_values - ['none']).any?
62
71
  raise Errors::LoginRequired unless owner
63
72
  raise Errors::ConsentRequired if oidc_consent_required?
64
73
  when 'login'
@@ -111,5 +120,5 @@ module Doorkeeper
111
120
  end
112
121
  end
113
122
 
114
- Helpers::Controller.send :prepend, OpenidConnect::Helpers::Controller
123
+ Helpers::Controller.prepend OpenidConnect::Helpers::Controller
115
124
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class IdToken
@@ -9,7 +11,7 @@ module Doorkeeper
9
11
  @access_token = access_token
10
12
  @nonce = nonce
11
13
  @resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
12
- @issued_at = Time.now
14
+ @issued_at = Time.zone.now
13
15
  end
14
16
 
15
17
  def claims
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class IdTokenToken < IdToken
@@ -1,22 +1,39 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module OAuth
4
6
  module Authorization
5
7
  module Code
6
- def issue_token
7
- super.tap do |access_grant|
8
- if pre_auth.nonce.present?
9
- ::Doorkeeper::OpenidConnect::Request.create!(
10
- access_grant: access_grant,
11
- nonce: pre_auth.nonce
12
- )
8
+ if Doorkeeper::OAuth::Authorization::Code.method_defined?(:issue_token!)
9
+ def issue_token!
10
+ super.tap do |access_grant|
11
+ create_openid_request(access_grant) if pre_auth.nonce.present?
12
+ end
13
+ end
14
+
15
+ alias issue_token issue_token!
16
+ else
17
+ # FIXME: drop this after dropping support of Doorkeeper < 5.4
18
+ def issue_token
19
+ super.tap do |access_grant|
20
+ create_openid_request(access_grant) if pre_auth.nonce.present?
13
21
  end
14
22
  end
15
23
  end
24
+
25
+ private
26
+
27
+ def create_openid_request(access_grant)
28
+ ::Doorkeeper::OpenidConnect::Request.create!(
29
+ access_grant: access_grant,
30
+ nonce: pre_auth.nonce
31
+ )
32
+ end
16
33
  end
17
34
  end
18
35
  end
19
36
  end
20
37
 
21
- OAuth::Authorization::Code.send :prepend, OpenidConnect::OAuth::Authorization::Code
38
+ OAuth::Authorization::Code.prepend OpenidConnect::OAuth::Authorization::Code
22
39
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module OAuth
@@ -8,7 +10,7 @@ module Doorkeeper
8
10
  super
9
11
 
10
12
  nonce =
11
- if openid_request = grant.openid_request
13
+ if (openid_request = grant.openid_request)
12
14
  openid_request.destroy!
13
15
  openid_request.nonce
14
16
  end
@@ -20,5 +22,5 @@ module Doorkeeper
20
22
  end
21
23
  end
22
24
 
23
- OAuth::AuthorizationCodeRequest.send :prepend, OpenidConnect::OAuth::AuthorizationCodeRequest
25
+ OAuth::AuthorizationCodeRequest.prepend OpenidConnect::OAuth::AuthorizationCodeRequest
24
26
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module OAuth
@@ -20,5 +22,5 @@ module Doorkeeper
20
22
  end
21
23
  end
22
24
 
23
- OAuth::PasswordAccessTokenRequest.send :prepend, OpenidConnect::OAuth::PasswordAccessTokenRequest
25
+ OAuth::PasswordAccessTokenRequest.prepend OpenidConnect::OAuth::PasswordAccessTokenRequest
24
26
  end
@@ -1,11 +1,18 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module OAuth
4
6
  module PreAuthorization
5
7
  attr_reader :nonce
6
8
 
7
- def initialize(server, attrs = {})
8
- super
9
+ def initialize(server, attrs = {}, resource_owner = nil)
10
+ if (Doorkeeper::VERSION::MAJOR >= 5 && Doorkeeper::VERSION::MINOR >= 4) ||
11
+ Doorkeeper::VERSION::MAJOR >= 6
12
+ super
13
+ else
14
+ super(server, attrs)
15
+ end
9
16
  @nonce = attrs[:nonce]
10
17
  end
11
18
 
@@ -22,11 +29,11 @@ module Doorkeeper
22
29
  private
23
30
 
24
31
  def response_on_fragment?
25
- response_type == "token" || response_type == "id_token" || response_type == "id_token token"
32
+ response_type == 'token' || response_type == 'id_token' || response_type == 'id_token token'
26
33
  end
27
34
  end
28
35
  end
29
36
  end
30
37
 
31
- OAuth::PreAuthorization.send :prepend, OpenidConnect::OAuth::PreAuthorization
38
+ OAuth::PreAuthorization.prepend OpenidConnect::OAuth::PreAuthorization
32
39
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module OAuth
@@ -19,5 +21,5 @@ module Doorkeeper
19
21
  end
20
22
  end
21
23
 
22
- OAuth::TokenResponse.send :prepend, OpenidConnect::OAuth::TokenResponse
24
+ OAuth::TokenResponse.prepend OpenidConnect::OAuth::TokenResponse
23
25
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'active_support/lazy_load_hooks'
2
4
 
3
5
  module Doorkeeper
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module AccessGrant
@@ -12,5 +14,5 @@ module Doorkeeper
12
14
  end
13
15
  end
14
16
 
15
- AccessGrant.send :prepend, OpenidConnect::AccessGrant
17
+ AccessGrant.prepend OpenidConnect::AccessGrant
16
18
  end
@@ -1,12 +1,14 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
- class Request < ActiveRecord::Base
5
+ class Request < ApplicationRecord
4
6
  self.table_name = "#{table_name_prefix}oauth_openid_requests#{table_name_suffix}".to_sym
5
7
 
6
8
  validates :access_grant_id, :nonce, presence: true
7
9
  belongs_to :access_grant,
8
- class_name: 'Doorkeeper::AccessGrant',
9
- inverse_of: :openid_request
10
+ class_name: 'Doorkeeper::AccessGrant',
11
+ inverse_of: :openid_request
10
12
  end
11
13
  end
12
14
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'doorkeeper/openid_connect/rails/routes/mapping'
2
4
  require 'doorkeeper/openid_connect/rails/routes/mapper'
3
5
 
@@ -12,7 +14,7 @@ module Doorkeeper
12
14
  end
13
15
 
14
16
  def self.install!
15
- ActionDispatch::Routing::Mapper.send :include, Doorkeeper::OpenidConnect::Rails::Routes::Helper
17
+ ActionDispatch::Routing::Mapper.include Doorkeeper::OpenidConnect::Rails::Routes::Helper
16
18
  end
17
19
 
18
20
  attr_accessor :routes
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Rails
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module Rails
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  module ResponseTypeConfig
@@ -13,5 +15,5 @@ module Doorkeeper
13
15
  end
14
16
  end
15
17
 
16
- Config.send :prepend, OpenidConnect::ResponseTypeConfig
18
+ Config.prepend OpenidConnect::ResponseTypeConfig
17
19
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class UserInfo
@@ -1,5 +1,7 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
- VERSION = '1.7.1'.freeze
5
+ VERSION = '1.7.2'
4
6
  end
5
7
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'doorkeeper/request/strategy'
2
4
 
3
5
  module Doorkeeper
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'doorkeeper/request/strategy'
2
4
 
3
5
  module Doorkeeper
@@ -1,13 +1,15 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Doorkeeper
2
4
  module OpenidConnect
3
5
  class InstallGenerator < ::Rails::Generators::Base
4
6
  include ::Rails::Generators::Migration
5
- source_root File.expand_path('../templates', __FILE__)
7
+ source_root File.expand_path('templates', __dir__)
6
8
  desc 'Installs Doorkeeper OpenID Connect.'
7
9
 
8
10
  def install
9
11
  template 'initializer.rb', 'config/initializers/doorkeeper_openid_connect.rb'
10
- copy_file File.expand_path('../../../../../config/locales/en.yml', __FILE__), 'config/locales/doorkeeper_openid_connect.en.yml'
12
+ copy_file File.expand_path('../../../../config/locales/en.yml', __dir__), 'config/locales/doorkeeper_openid_connect.en.yml'
11
13
  route 'use_doorkeeper_openid_connect'
12
14
  end
13
15
  end
@@ -1,10 +1,12 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rails/generators/active_record'
2
4
 
3
5
  module Doorkeeper
4
6
  module OpenidConnect
5
7
  class MigrationGenerator < ::Rails::Generators::Base
6
8
  include ::Rails::Generators::Migration
7
- source_root File.expand_path('../templates', __FILE__)
9
+ source_root File.expand_path('templates', __dir__)
8
10
  desc 'Installs Doorkeeper OpenID Connect migration file.'
9
11
 
10
12
  def install
@@ -1,11 +1,13 @@
1
+ # frozen_string_literal: true
2
+
1
3
  Doorkeeper::OpenidConnect.configure do
2
4
  issuer 'issuer string'
3
5
 
4
- signing_key <<-EOL
5
- -----BEGIN RSA PRIVATE KEY-----
6
- ....
7
- -----END RSA PRIVATE KEY-----
8
- EOL
6
+ signing_key <<~KEY
7
+ -----BEGIN RSA PRIVATE KEY-----
8
+ ....
9
+ -----END RSA PRIVATE KEY-----
10
+ KEY
9
11
 
10
12
  subject_types_supported [:public]
11
13
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper-openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.1
4
+ version: 1.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Dengler
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-02-07 00:00:00.000000000 Z
12
+ date: 2020-05-20 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: doorkeeper
@@ -20,7 +20,7 @@ dependencies:
20
20
  version: '5.2'
21
21
  - - "<"
22
22
  - !ruby/object:Gem::Version
23
- version: '5.4'
23
+ version: '5.5'
24
24
  type: :runtime
25
25
  prerelease: false
26
26
  version_requirements: !ruby/object:Gem::Requirement
@@ -30,7 +30,7 @@ dependencies:
30
30
  version: '5.2'
31
31
  - - "<"
32
32
  - !ruby/object:Gem::Version
33
- version: '5.4'
33
+ version: '5.5'
34
34
  - !ruby/object:Gem::Dependency
35
35
  name: json-jwt
36
36
  requirement: !ruby/object:Gem::Requirement
@@ -46,19 +46,19 @@ dependencies:
46
46
  - !ruby/object:Gem::Version
47
47
  version: 1.11.0
48
48
  - !ruby/object:Gem::Dependency
49
- name: rspec-rails
49
+ name: conventional-changelog
50
50
  requirement: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '0'
54
+ version: '1.2'
55
55
  type: :development
56
56
  prerelease: false
57
57
  version_requirements: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ">="
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '0'
61
+ version: '1.2'
62
62
  - !ruby/object:Gem::Dependency
63
63
  name: factory_bot
64
64
  requirement: !ruby/object:Gem::Requirement
@@ -74,21 +74,21 @@ dependencies:
74
74
  - !ruby/object:Gem::Version
75
75
  version: '0'
76
76
  - !ruby/object:Gem::Dependency
77
- name: sqlite3
77
+ name: pry-byebug
78
78
  requirement: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - "~>"
80
+ - - ">="
81
81
  - !ruby/object:Gem::Version
82
- version: 1.3.6
82
+ version: '0'
83
83
  type: :development
84
84
  prerelease: false
85
85
  version_requirements: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - "~>"
87
+ - - ">="
88
88
  - !ruby/object:Gem::Version
89
- version: 1.3.6
89
+ version: '0'
90
90
  - !ruby/object:Gem::Dependency
91
- name: pry-byebug
91
+ name: rspec-rails
92
92
  requirement: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - ">="
@@ -102,19 +102,19 @@ dependencies:
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0'
104
104
  - !ruby/object:Gem::Dependency
105
- name: conventional-changelog
105
+ name: sqlite3
106
106
  requirement: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - "~>"
108
+ - - ">="
109
109
  - !ruby/object:Gem::Version
110
- version: '1.2'
110
+ version: 1.3.6
111
111
  type: :development
112
112
  prerelease: false
113
113
  version_requirements: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - "~>"
115
+ - - ">="
116
116
  - !ruby/object:Gem::Version
117
- version: '1.2'
117
+ version: 1.3.6
118
118
  description: OpenID Connect extension for Doorkeeper.
119
119
  email:
120
120
  - sam.dengler@playonsports.com
@@ -123,22 +123,13 @@ executables: []
123
123
  extensions: []
124
124
  extra_rdoc_files: []
125
125
  files:
126
- - ".gitignore"
127
- - ".ruby-version"
128
- - ".travis.yml"
129
126
  - CHANGELOG.md
130
- - CONTRIBUTING.md
131
- - Gemfile
132
127
  - LICENSE.txt
133
128
  - README.md
134
- - Rakefile
135
129
  - app/controllers/doorkeeper/authorizations_controller.rb
136
130
  - app/controllers/doorkeeper/openid_connect/discovery_controller.rb
137
131
  - app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
138
- - bin/console
139
- - bin/setup
140
132
  - config/locales/en.yml
141
- - doorkeeper-openid_connect.gemspec
142
133
  - lib/doorkeeper/oauth/id_token_request.rb
143
134
  - lib/doorkeeper/oauth/id_token_response.rb
144
135
  - lib/doorkeeper/oauth/id_token_token_request.rb
@@ -194,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
194
185
  - !ruby/object:Gem::Version
195
186
  version: '0'
196
187
  requirements: []
197
- rubygems_version: 3.0.3
188
+ rubygems_version: 3.0.2
198
189
  signing_key:
199
190
  specification_version: 4
200
191
  summary: OpenID Connect extension for Doorkeeper.
data/.gitignore DELETED
@@ -1,8 +0,0 @@
1
- /.bundle
2
- /Gemfile.lock
3
- /spec/dummy/db/*.sqlite3*
4
- /spec/dummy/db/migrate/*doorkeeper_openid_connect*
5
- /spec/dummy/log/*.log
6
- /spec/dummy/tmp/
7
- /spec/examples.txt
8
- /pkg
@@ -1 +0,0 @@
1
- 2.6.5
@@ -1,27 +0,0 @@
1
- language: ruby
2
- cache: bundler
3
- sudo: false
4
-
5
- before_install:
6
- - gem update --system
7
- # Bundler 2.0 is not compatible with Rails 4.2
8
- # https://docs.travis-ci.com/user/languages/ruby/#bundler-20
9
- - "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
10
- - rvm @global do gem uninstall bundler -a -x -I || true
11
- - gem install bundler -v '< 2'
12
-
13
- before_script:
14
- - bundle update
15
- - bundle exec rake migrate
16
-
17
- script:
18
- - bundle exec rake spec
19
-
20
- env:
21
- - rails=5.0.0
22
- - rails=5.2.0
23
-
24
- rvm:
25
- - 2.4
26
- - 2.5
27
- - 2.6
@@ -1,45 +0,0 @@
1
- # Contributing
2
-
3
- ## Workflow
4
-
5
- We are using the [Feature Branch Workflow (also known as GitHub Flow)](https://guides.github.com/introduction/flow/), and prefer delivery as pull requests.
6
-
7
- Our first line of defense is the [Travis CI](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect) build defined within [.travis.yml](.travis.yml) and triggered for every pull request.
8
-
9
- Create a feature branch:
10
-
11
- ```sh
12
- git checkout -B feature/contributing
13
- ```
14
-
15
- ## Creating Good Commits
16
-
17
- The cardinal rule for creating good commits is to ensure there is only one
18
- "logical change" per commit. Why is this an important rule?
19
-
20
- * The smaller the amount of code being changed, the quicker & easier it is to
21
- review & identify potential flaws.
22
-
23
- * If a change is found to be flawed later, it may be necessary to revert the
24
- broken commit. This is much easier to do if there are not other unrelated
25
- code changes entangled with the original commit.
26
-
27
- * When troubleshooting problems using Git's bisect capability, small well
28
- defined changes will aid in isolating exactly where the code problem was
29
- introduced.
30
-
31
- * When browsing history using Git annotate/blame, small well defined changes
32
- also aid in isolating exactly where & why a piece of code came from.
33
-
34
- Things to avoid when creating commits:
35
-
36
- * Mixing whitespace changes with functional code changes.
37
- * Mixing two unrelated functional changes.
38
- * Sending large new features in a single giant commit.
39
-
40
- ## Release process
41
-
42
- - Bump version in `lib/doorkeeper/openid_connect/version.rb`
43
- - Update `CHANGELOG.md`
44
- - Commit all changes
45
- - Tag release and publish gem with `rake release`
data/Gemfile DELETED
@@ -1,8 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- # use Rails version specified by environment
4
- ENV['rails'] ||= '5.2.0'
5
- gem 'rails', "~> #{ENV['rails']}"
6
- gem 'rails-controller-testing'
7
-
8
- gemspec
data/Rakefile DELETED
@@ -1,24 +0,0 @@
1
- ENV['RAILS_ENV'] ||= 'test'
2
-
3
- require "bundler/gem_tasks"
4
- require "rspec/core/rake_task"
5
-
6
- RSpec::Core::RakeTask.new
7
-
8
- task default: :spec
9
- task test: :spec
10
-
11
- desc 'Generate and run migrations in the test application'
12
- task :migrate do
13
- Dir.chdir('spec/dummy') do
14
- system('bin/rails generate doorkeeper:openid_connect:migration')
15
- system('bin/rake db:migrate')
16
- end
17
- end
18
-
19
- desc 'Run server in the test application'
20
- task :server do
21
- Dir.chdir('spec/dummy') do
22
- system('bin/rails server')
23
- end
24
- end
@@ -1,9 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'bundler/setup'
4
- Bundler.require :default
5
-
6
- require 'doorkeeper/openid_connect'
7
-
8
- require 'pry'
9
- Pry.start
data/bin/setup DELETED
@@ -1,8 +0,0 @@
1
- #!/usr/bin/env bash
2
- set -euo pipefail
3
- IFS=$'\n\t'
4
- set -vx
5
-
6
- bundle install
7
-
8
- # Do any other automated setup that you need to do here
@@ -1,32 +0,0 @@
1
- $:.push File.expand_path('../lib', __FILE__)
2
- require 'doorkeeper/openid_connect/version'
3
-
4
- Gem::Specification.new do |spec|
5
- spec.name = 'doorkeeper-openid_connect'
6
- spec.version = Doorkeeper::OpenidConnect::VERSION
7
- spec.authors = ['Sam Dengler', 'Markus Koller']
8
- spec.email = ['sam.dengler@playonsports.com', 'markus-koller@gmx.ch']
9
- spec.homepage = 'https://github.com/doorkeeper-gem/doorkeeper-openid_connect'
10
- spec.summary = %q{OpenID Connect extension for Doorkeeper.}
11
- spec.description = %q{OpenID Connect extension for Doorkeeper.}
12
- spec.license = %q{MIT}
13
-
14
- spec.files = `git ls-files -z`.split("\x0").reject do |f|
15
- f.match(%r{^(test|spec|features)/})
16
- end
17
- spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
18
- spec.require_paths = ['lib']
19
-
20
- spec.required_ruby_version = ">= 2.4"
21
-
22
- spec.add_runtime_dependency 'doorkeeper', '>= 5.2', '< 5.4'
23
- spec.add_runtime_dependency 'json-jwt', '>= 1.11.0'
24
-
25
- spec.add_development_dependency 'rspec-rails'
26
- spec.add_development_dependency 'factory_bot'
27
- # We need to stick to this sqlite3 version for Rails 5.0
28
- # https://github.com/rails/rails/pull/35154
29
- spec.add_development_dependency 'sqlite3', '~> 1.3.6'
30
- spec.add_development_dependency 'pry-byebug'
31
- spec.add_development_dependency 'conventional-changelog', '~> 1.2'
32
- end