doorkeeper-openid_connect 1.8.0.pre.rc1 → 1.8.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/README.md +2 -2
- data/app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb +12 -0
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +12 -3
- data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +1 -4
- data/lib/doorkeeper/openid_connect/engine.rb +4 -0
- data/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb +10 -3
- data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +1 -2
- data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +10 -3
- data/lib/doorkeeper/openid_connect/orm/active_record.rb +25 -0
- data/lib/doorkeeper/openid_connect/rails/routes.rb +1 -0
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +7 -7
- data/app/controllers/doorkeeper/authorizations_controller.rb +0 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 580964e8b1538ed3a9eb35826fe502698ab43c7a7343909d5371d2e177592737
|
|
4
|
+
data.tar.gz: 3593a4e8975761cff3aa38840a88f8e21da5e65109fb90b7296dccb7442c6382
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 80e1ca10f0d89071970458b2ac237164cba4c8e143abcd2ea3f45b727f35f59e3f106d4435d2066b759eec8cc599e904255b57ff560743e29c5eb3a78ef8efca
|
|
7
|
+
data.tar.gz: 741c3d256765a8bd6ca5d838ac2ced86dadf98635b5d39c64a2a589231c9ba2151be4822ec7b9c11aac48d819261823319d4161a5702d00cab492acb00aa04d3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,23 @@
|
|
|
1
1
|
## Unreleased
|
|
2
2
|
|
|
3
|
+
- [#] Add here
|
|
4
|
+
|
|
5
|
+
## v1.8.2 (2022-07-13)
|
|
6
|
+
|
|
7
|
+
- [#168] Allow to use custom doorkeeper access grant model (thanks @nov).
|
|
8
|
+
- [#170] Controllers inherit `Doorkeeper::AppliactionMetalController` (thanks @sato11).
|
|
9
|
+
- [#171] Correctly override `AuthorizationsController` params (thanks to @nbulaj).
|
|
10
|
+
|
|
11
|
+
## v1.8.1 (2022-02-09)
|
|
12
|
+
|
|
13
|
+
- [#153] Fix ArgumentError caused by client credential validation introduced in Doorkeeper 5.5.1 (thanks to @CircumnavigatingFlatEarther)
|
|
14
|
+
- [#161] Fix .well-known/openid-connect issuer (respond to block if provided) (thanks to @fkowal).
|
|
15
|
+
- [#152] Expose oauth-authorization-server in routes (thanks to @mitar)
|
|
16
|
+
|
|
17
|
+
## v1.8.0 (2021-05-11)
|
|
18
|
+
|
|
19
|
+
No changes from v1.8.0-rc1.
|
|
20
|
+
|
|
3
21
|
## v1.8.0-rc1 (2021-04-20)
|
|
4
22
|
|
|
5
23
|
### Upgrading
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Doorkeeper::OpenidConnect
|
|
2
2
|
|
|
3
|
-
[](https://app.travis-ci.com/github/doorkeeper-gem/doorkeeper-openid_connect)
|
|
4
4
|
[](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect)
|
|
5
5
|
[](https://rubygems.org/gems/doorkeeper-openid_connect)
|
|
6
6
|
|
|
@@ -104,7 +104,7 @@ The following settings are required in `config/initializers/doorkeeper_openid_co
|
|
|
104
104
|
|
|
105
105
|
- `issuer`
|
|
106
106
|
- Identifier for the issuer of the response (i.e. your application URL). The value is a case sensitive URL using the `https` scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
|
|
107
|
-
- You can either pass a string value, or a block to generate the issuer dynamically based on the `resource_owner` and `application` passed to the block.
|
|
107
|
+
- You can either pass a string value, or a block to generate the issuer dynamically based on the `resource_owner` and `application` or [request](app/controllers/doorkeeper/openid_connect/discovery_controller.rb#L123) passed to the block.
|
|
108
108
|
- `subject`
|
|
109
109
|
- Identifier for the resource owner (i.e. the authenticated user). A locally unique and never reassigned identifier within the issuer for the end-user, which is intended to be consumed by the client. The value is a case-sensitive string and must not exceed 255 ASCII characters in length.
|
|
110
110
|
- The database ID of the user is an acceptable choice if you don't mind leaking that information.
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
module Doorkeeper
|
|
4
4
|
module OpenidConnect
|
|
5
|
-
class DiscoveryController < ::Doorkeeper::
|
|
5
|
+
class DiscoveryController < ::Doorkeeper::ApplicationMetalController
|
|
6
6
|
include Doorkeeper::Helpers::Controller
|
|
7
7
|
|
|
8
8
|
WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
|
|
@@ -24,12 +24,13 @@ module Doorkeeper
|
|
|
24
24
|
def provider_response
|
|
25
25
|
doorkeeper = ::Doorkeeper.configuration
|
|
26
26
|
openid_connect = ::Doorkeeper::OpenidConnect.configuration
|
|
27
|
+
|
|
27
28
|
{
|
|
28
|
-
issuer:
|
|
29
|
+
issuer: issuer,
|
|
29
30
|
authorization_endpoint: oauth_authorization_url(authorization_url_options),
|
|
30
31
|
token_endpoint: oauth_token_url(token_url_options),
|
|
31
32
|
revocation_endpoint: oauth_revoke_url(revocation_url_options),
|
|
32
|
-
introspection_endpoint: oauth_introspect_url(introspection_url_options),
|
|
33
|
+
introspection_endpoint: respond_to?(:oauth_introspect_url) ? oauth_introspect_url(introspection_url_options) : nil,
|
|
33
34
|
userinfo_endpoint: oauth_userinfo_url(userinfo_url_options),
|
|
34
35
|
jwks_uri: oauth_discovery_keys_url(jwks_url_options),
|
|
35
36
|
end_session_endpoint: instance_exec(&openid_connect.end_session_endpoint),
|
|
@@ -119,6 +120,14 @@ module Doorkeeper
|
|
|
119
120
|
}
|
|
120
121
|
end
|
|
121
122
|
|
|
123
|
+
def issuer
|
|
124
|
+
if Doorkeeper::OpenidConnect.configuration.issuer.respond_to?(:call)
|
|
125
|
+
Doorkeeper::OpenidConnect.configuration.issuer.call(request).to_s
|
|
126
|
+
else
|
|
127
|
+
Doorkeeper::OpenidConnect.configuration.issuer
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
122
131
|
%i[authorization token revocation introspection userinfo jwks webfinger].each do |endpoint|
|
|
123
132
|
define_method :"#{endpoint}_url_options" do
|
|
124
133
|
discovery_url_default_options.merge(discovery_url_options[endpoint.to_sym] || {})
|
|
@@ -2,10 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
module Doorkeeper
|
|
4
4
|
module OpenidConnect
|
|
5
|
-
class UserinfoController < ::Doorkeeper::
|
|
6
|
-
unless Doorkeeper.configuration.api_only
|
|
7
|
-
skip_before_action :verify_authenticity_token
|
|
8
|
-
end
|
|
5
|
+
class UserinfoController < ::Doorkeeper::ApplicationMetalController
|
|
9
6
|
before_action -> { doorkeeper_authorize! :openid }
|
|
10
7
|
|
|
11
8
|
def show
|
|
@@ -6,6 +6,10 @@ module Doorkeeper
|
|
|
6
6
|
initializer 'doorkeeper.openid_connect.routes' do
|
|
7
7
|
Doorkeeper::OpenidConnect::Rails::Routes.install!
|
|
8
8
|
end
|
|
9
|
+
|
|
10
|
+
config.to_prepare do
|
|
11
|
+
Doorkeeper::AuthorizationsController.prepend Doorkeeper::OpenidConnect::AuthorizationsExtension
|
|
12
|
+
end
|
|
9
13
|
end
|
|
10
14
|
end
|
|
11
15
|
end
|
|
@@ -6,9 +6,16 @@ module Doorkeeper
|
|
|
6
6
|
module PasswordAccessTokenRequest
|
|
7
7
|
attr_reader :nonce
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.1')
|
|
10
|
+
def initialize(server, client, credentials, resource_owner, parameters = {})
|
|
11
|
+
super
|
|
12
|
+
@nonce = parameters[:nonce]
|
|
13
|
+
end
|
|
14
|
+
else
|
|
15
|
+
def initialize(server, client, resource_owner, parameters = {})
|
|
16
|
+
super
|
|
17
|
+
@nonce = parameters[:nonce]
|
|
18
|
+
end
|
|
12
19
|
end
|
|
13
20
|
|
|
14
21
|
private
|
|
@@ -7,12 +7,11 @@ module Doorkeeper
|
|
|
7
7
|
base.class_eval do
|
|
8
8
|
has_one :openid_request,
|
|
9
9
|
class_name: 'Doorkeeper::OpenidConnect::Request',
|
|
10
|
+
foreign_key: 'access_grant_id',
|
|
10
11
|
inverse_of: :access_grant,
|
|
11
12
|
dependent: :delete
|
|
12
13
|
end
|
|
13
14
|
end
|
|
14
15
|
end
|
|
15
16
|
end
|
|
16
|
-
|
|
17
|
-
AccessGrant.prepend OpenidConnect::AccessGrant
|
|
18
17
|
end
|
|
@@ -6,9 +6,16 @@ module Doorkeeper
|
|
|
6
6
|
self.table_name = "#{table_name_prefix}oauth_openid_requests#{table_name_suffix}".to_sym
|
|
7
7
|
|
|
8
8
|
validates :access_grant_id, :nonce, presence: true
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
|
|
10
|
+
if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
|
|
11
|
+
belongs_to :access_grant,
|
|
12
|
+
class_name: Doorkeeper.config.access_grant_class.to_s,
|
|
13
|
+
inverse_of: :openid_request
|
|
14
|
+
else
|
|
15
|
+
belongs_to :access_grant,
|
|
16
|
+
class_name: 'Doorkeeper::AccessGrant',
|
|
17
|
+
inverse_of: :openid_request
|
|
18
|
+
end
|
|
12
19
|
end
|
|
13
20
|
end
|
|
14
21
|
end
|
|
@@ -4,14 +4,39 @@ require 'active_support/lazy_load_hooks'
|
|
|
4
4
|
|
|
5
5
|
module Doorkeeper
|
|
6
6
|
module OpenidConnect
|
|
7
|
+
autoload :AccessGrant, "doorkeeper/openid_connect/orm/active_record/access_grant"
|
|
8
|
+
autoload :Request, "doorkeeper/openid_connect/orm/active_record/request"
|
|
9
|
+
|
|
7
10
|
module Orm
|
|
8
11
|
module ActiveRecord
|
|
12
|
+
def run_hooks
|
|
13
|
+
super
|
|
14
|
+
|
|
15
|
+
if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
|
|
16
|
+
Doorkeeper.config.access_grant_model.prepend Doorkeeper::OpenidConnect::AccessGrant
|
|
17
|
+
else
|
|
18
|
+
Doorkeeper::AccessGrant.prepend Doorkeeper::OpenidConnect::AccessGrant
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
if Doorkeeper.configuration.active_record_options[:establish_connection]
|
|
22
|
+
[Doorkeeper::OpenidConnect::Request].each do |c|
|
|
23
|
+
c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
9
28
|
def initialize_models!
|
|
10
29
|
super
|
|
11
30
|
ActiveSupport.on_load(:active_record) do
|
|
12
31
|
require 'doorkeeper/openid_connect/orm/active_record/access_grant'
|
|
13
32
|
require 'doorkeeper/openid_connect/orm/active_record/request'
|
|
14
33
|
|
|
34
|
+
if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
|
|
35
|
+
Doorkeeper.config.access_grant_model.prepend Doorkeeper::OpenidConnect::AccessGrant
|
|
36
|
+
else
|
|
37
|
+
Doorkeeper::AccessGrant.prepend Doorkeeper::OpenidConnect::AccessGrant
|
|
38
|
+
end
|
|
39
|
+
|
|
15
40
|
if Doorkeeper.configuration.active_record_options[:establish_connection]
|
|
16
41
|
[Doorkeeper::OpenidConnect::Request].each do |c|
|
|
17
42
|
c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper-openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.8.
|
|
4
|
+
version: 1.8.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Dengler
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2022-07-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: doorkeeper
|
|
@@ -20,7 +20,7 @@ dependencies:
|
|
|
20
20
|
version: '5.5'
|
|
21
21
|
- - "<"
|
|
22
22
|
- !ruby/object:Gem::Version
|
|
23
|
-
version: '5.
|
|
23
|
+
version: '5.7'
|
|
24
24
|
type: :runtime
|
|
25
25
|
prerelease: false
|
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -30,7 +30,7 @@ dependencies:
|
|
|
30
30
|
version: '5.5'
|
|
31
31
|
- - "<"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '5.
|
|
33
|
+
version: '5.7'
|
|
34
34
|
- !ruby/object:Gem::Dependency
|
|
35
35
|
name: json-jwt
|
|
36
36
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -126,7 +126,7 @@ files:
|
|
|
126
126
|
- CHANGELOG.md
|
|
127
127
|
- LICENSE.txt
|
|
128
128
|
- README.md
|
|
129
|
-
- app/controllers/doorkeeper/
|
|
129
|
+
- app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb
|
|
130
130
|
- app/controllers/doorkeeper/openid_connect/discovery_controller.rb
|
|
131
131
|
- app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
|
|
132
132
|
- config/locales/en.yml
|
|
@@ -180,9 +180,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
180
180
|
version: '2.5'
|
|
181
181
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
182
182
|
requirements:
|
|
183
|
-
- - "
|
|
183
|
+
- - ">="
|
|
184
184
|
- !ruby/object:Gem::Version
|
|
185
|
-
version:
|
|
185
|
+
version: '0'
|
|
186
186
|
requirements: []
|
|
187
187
|
rubygems_version: 3.1.4
|
|
188
188
|
signing_key:
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require_dependency "#{Doorkeeper::Engine.root}/app/controllers/doorkeeper/authorizations_controller.rb"
|
|
4
|
-
|
|
5
|
-
module Doorkeeper
|
|
6
|
-
class AuthorizationsController
|
|
7
|
-
module AuthorizationsExtension
|
|
8
|
-
private
|
|
9
|
-
|
|
10
|
-
def pre_auth_param_fields
|
|
11
|
-
super.append(:nonce)
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
Doorkeeper::AuthorizationsController.prepend AuthorizationsExtension
|
|
16
|
-
end
|
|
17
|
-
end
|