doorkeeper-openid_connect 1.8.1 → 1.8.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -1
- data/README.md +1 -1
- data/app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb +12 -0
- data/app/controllers/doorkeeper/openid_connect/discovery_controller.rb +10 -2
- data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +1 -4
- data/lib/doorkeeper/openid_connect/engine.rb +4 -0
- data/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb +1 -2
- data/lib/doorkeeper/openid_connect/orm/active_record/request.rb +10 -3
- data/lib/doorkeeper/openid_connect/orm/active_record.rb +25 -0
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +9 -9
- data/app/controllers/doorkeeper/authorizations_controller.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 383563b00b174c7789b58e492149d560a7b9d80443898b0530e4e7f63c9f741a
|
4
|
+
data.tar.gz: be63514852442c766cbc29129e54675c5908240f3cf55f35ea0d46cd893e0fc0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 15a2b70ca0dfb03a98e6cbf39c12f3ddd06bfdc7baa65fb6ab3e5e08202dc4015d1f2e17ff59506d5e3f49134c58ba4932099e908741d2b53c2be92499a78fec
|
7
|
+
data.tar.gz: 65717e4cdc72d5199dd07d1dbddd2496f5fb3ae542c0e5f56feabdf63c13956d91cc93fbdeb0c1893f923b8c18070ea89997972be12e8c2bc4490ea4abbe5b39
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
## Unreleased
|
2
2
|
|
3
|
-
- [#] Add here
|
3
|
+
- [#PR ID] Add your changelog entry here.
|
4
|
+
|
5
|
+
## v1.8.3 (2022-12-02)
|
6
|
+
|
7
|
+
- [#180] Add PKCE support to OpenID discovery endpoint.
|
8
|
+
|
9
|
+
## v1.8.2 (2022-07-13)
|
10
|
+
|
11
|
+
- [#168] Allow to use custom doorkeeper access grant model (thanks @nov).
|
12
|
+
- [#170] Controllers inherit `Doorkeeper::AppliactionMetalController` (thanks @sato11).
|
13
|
+
- [#171] Correctly override `AuthorizationsController` params (thanks to @nbulaj).
|
4
14
|
|
5
15
|
## v1.8.1 (2022-02-09)
|
6
16
|
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Doorkeeper::OpenidConnect
|
2
2
|
|
3
|
-
[![Build Status](https://
|
3
|
+
[![Build Status](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/workflows/CI/badge.svg?branch=master)](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/actions)
|
4
4
|
[![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect)
|
5
5
|
[![Gem Version](https://badge.fury.io/rb/doorkeeper-openid_connect.svg)](https://rubygems.org/gems/doorkeeper-openid_connect)
|
6
6
|
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
module Doorkeeper
|
4
4
|
module OpenidConnect
|
5
|
-
class DiscoveryController < ::Doorkeeper::
|
5
|
+
class DiscoveryController < ::Doorkeeper::ApplicationMetalController
|
6
6
|
include Doorkeeper::Helpers::Controller
|
7
7
|
|
8
8
|
WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
|
@@ -30,7 +30,7 @@ module Doorkeeper
|
|
30
30
|
authorization_endpoint: oauth_authorization_url(authorization_url_options),
|
31
31
|
token_endpoint: oauth_token_url(token_url_options),
|
32
32
|
revocation_endpoint: oauth_revoke_url(revocation_url_options),
|
33
|
-
introspection_endpoint: oauth_introspect_url(introspection_url_options),
|
33
|
+
introspection_endpoint: respond_to?(:oauth_introspect_url) ? oauth_introspect_url(introspection_url_options) : nil,
|
34
34
|
userinfo_endpoint: oauth_userinfo_url(userinfo_url_options),
|
35
35
|
jwks_uri: oauth_discovery_keys_url(jwks_url_options),
|
36
36
|
end_session_endpoint: instance_exec(&openid_connect.end_session_endpoint),
|
@@ -68,6 +68,8 @@ module Doorkeeper
|
|
68
68
|
exp
|
69
69
|
iat
|
70
70
|
] | openid_connect.claims.to_h.keys,
|
71
|
+
|
72
|
+
code_challenge_methods_supported: code_challenge_methods_supported(doorkeeper),
|
71
73
|
}.compact
|
72
74
|
end
|
73
75
|
|
@@ -81,6 +83,12 @@ module Doorkeeper
|
|
81
83
|
doorkeeper.authorization_response_flows.flat_map(&:response_mode_matches).uniq
|
82
84
|
end
|
83
85
|
|
86
|
+
def code_challenge_methods_supported(doorkeeper)
|
87
|
+
return unless doorkeeper.access_grant_model.pkce_supported?
|
88
|
+
|
89
|
+
%w[plain S256]
|
90
|
+
end
|
91
|
+
|
84
92
|
def webfinger_response
|
85
93
|
{
|
86
94
|
subject: params.require(:resource),
|
@@ -2,10 +2,7 @@
|
|
2
2
|
|
3
3
|
module Doorkeeper
|
4
4
|
module OpenidConnect
|
5
|
-
class UserinfoController < ::Doorkeeper::
|
6
|
-
unless Doorkeeper.configuration.api_only
|
7
|
-
skip_before_action :verify_authenticity_token
|
8
|
-
end
|
5
|
+
class UserinfoController < ::Doorkeeper::ApplicationMetalController
|
9
6
|
before_action -> { doorkeeper_authorize! :openid }
|
10
7
|
|
11
8
|
def show
|
@@ -6,6 +6,10 @@ module Doorkeeper
|
|
6
6
|
initializer 'doorkeeper.openid_connect.routes' do
|
7
7
|
Doorkeeper::OpenidConnect::Rails::Routes.install!
|
8
8
|
end
|
9
|
+
|
10
|
+
config.to_prepare do
|
11
|
+
Doorkeeper::AuthorizationsController.prepend Doorkeeper::OpenidConnect::AuthorizationsExtension
|
12
|
+
end
|
9
13
|
end
|
10
14
|
end
|
11
15
|
end
|
@@ -7,12 +7,11 @@ module Doorkeeper
|
|
7
7
|
base.class_eval do
|
8
8
|
has_one :openid_request,
|
9
9
|
class_name: 'Doorkeeper::OpenidConnect::Request',
|
10
|
+
foreign_key: 'access_grant_id',
|
10
11
|
inverse_of: :access_grant,
|
11
12
|
dependent: :delete
|
12
13
|
end
|
13
14
|
end
|
14
15
|
end
|
15
16
|
end
|
16
|
-
|
17
|
-
AccessGrant.prepend OpenidConnect::AccessGrant
|
18
17
|
end
|
@@ -6,9 +6,16 @@ module Doorkeeper
|
|
6
6
|
self.table_name = "#{table_name_prefix}oauth_openid_requests#{table_name_suffix}".to_sym
|
7
7
|
|
8
8
|
validates :access_grant_id, :nonce, presence: true
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
|
10
|
+
if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
|
11
|
+
belongs_to :access_grant,
|
12
|
+
class_name: Doorkeeper.config.access_grant_class.to_s,
|
13
|
+
inverse_of: :openid_request
|
14
|
+
else
|
15
|
+
belongs_to :access_grant,
|
16
|
+
class_name: 'Doorkeeper::AccessGrant',
|
17
|
+
inverse_of: :openid_request
|
18
|
+
end
|
12
19
|
end
|
13
20
|
end
|
14
21
|
end
|
@@ -4,14 +4,39 @@ require 'active_support/lazy_load_hooks'
|
|
4
4
|
|
5
5
|
module Doorkeeper
|
6
6
|
module OpenidConnect
|
7
|
+
autoload :AccessGrant, "doorkeeper/openid_connect/orm/active_record/access_grant"
|
8
|
+
autoload :Request, "doorkeeper/openid_connect/orm/active_record/request"
|
9
|
+
|
7
10
|
module Orm
|
8
11
|
module ActiveRecord
|
12
|
+
def run_hooks
|
13
|
+
super
|
14
|
+
|
15
|
+
if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
|
16
|
+
Doorkeeper.config.access_grant_model.prepend Doorkeeper::OpenidConnect::AccessGrant
|
17
|
+
else
|
18
|
+
Doorkeeper::AccessGrant.prepend Doorkeeper::OpenidConnect::AccessGrant
|
19
|
+
end
|
20
|
+
|
21
|
+
if Doorkeeper.configuration.active_record_options[:establish_connection]
|
22
|
+
[Doorkeeper::OpenidConnect::Request].each do |c|
|
23
|
+
c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
9
28
|
def initialize_models!
|
10
29
|
super
|
11
30
|
ActiveSupport.on_load(:active_record) do
|
12
31
|
require 'doorkeeper/openid_connect/orm/active_record/access_grant'
|
13
32
|
require 'doorkeeper/openid_connect/orm/active_record/request'
|
14
33
|
|
34
|
+
if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
|
35
|
+
Doorkeeper.config.access_grant_model.prepend Doorkeeper::OpenidConnect::AccessGrant
|
36
|
+
else
|
37
|
+
Doorkeeper::AccessGrant.prepend Doorkeeper::OpenidConnect::AccessGrant
|
38
|
+
end
|
39
|
+
|
15
40
|
if Doorkeeper.configuration.active_record_options[:establish_connection]
|
16
41
|
[Doorkeeper::OpenidConnect::Request].each do |c|
|
17
42
|
c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper-openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.8.
|
4
|
+
version: 1.8.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Dengler
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-02
|
12
|
+
date: 2022-12-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: doorkeeper
|
@@ -20,7 +20,7 @@ dependencies:
|
|
20
20
|
version: '5.5'
|
21
21
|
- - "<"
|
22
22
|
- !ruby/object:Gem::Version
|
23
|
-
version: '5.
|
23
|
+
version: '5.7'
|
24
24
|
type: :runtime
|
25
25
|
prerelease: false
|
26
26
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -30,21 +30,21 @@ dependencies:
|
|
30
30
|
version: '5.5'
|
31
31
|
- - "<"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '5.
|
33
|
+
version: '5.7'
|
34
34
|
- !ruby/object:Gem::Dependency
|
35
35
|
name: json-jwt
|
36
36
|
requirement: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.
|
40
|
+
version: 1.15.0
|
41
41
|
type: :runtime
|
42
42
|
prerelease: false
|
43
43
|
version_requirements: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.
|
47
|
+
version: 1.15.0
|
48
48
|
- !ruby/object:Gem::Dependency
|
49
49
|
name: conventional-changelog
|
50
50
|
requirement: !ruby/object:Gem::Requirement
|
@@ -126,7 +126,7 @@ files:
|
|
126
126
|
- CHANGELOG.md
|
127
127
|
- LICENSE.txt
|
128
128
|
- README.md
|
129
|
-
- app/controllers/doorkeeper/
|
129
|
+
- app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb
|
130
130
|
- app/controllers/doorkeeper/openid_connect/discovery_controller.rb
|
131
131
|
- app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
|
132
132
|
- config/locales/en.yml
|
@@ -177,14 +177,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
177
177
|
requirements:
|
178
178
|
- - ">="
|
179
179
|
- !ruby/object:Gem::Version
|
180
|
-
version: '2.
|
180
|
+
version: '2.6'
|
181
181
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
182
182
|
requirements:
|
183
183
|
- - ">="
|
184
184
|
- !ruby/object:Gem::Version
|
185
185
|
version: '0'
|
186
186
|
requirements: []
|
187
|
-
rubygems_version: 3.
|
187
|
+
rubygems_version: 3.1.4
|
188
188
|
signing_key:
|
189
189
|
specification_version: 4
|
190
190
|
summary: OpenID Connect extension for Doorkeeper.
|
@@ -1,17 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require_dependency "#{Doorkeeper::Engine.root}/app/controllers/doorkeeper/authorizations_controller.rb"
|
4
|
-
|
5
|
-
module Doorkeeper
|
6
|
-
class AuthorizationsController
|
7
|
-
module AuthorizationsExtension
|
8
|
-
private
|
9
|
-
|
10
|
-
def pre_auth_param_fields
|
11
|
-
super.append(:nonce)
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
Doorkeeper::AuthorizationsController.prepend AuthorizationsExtension
|
16
|
-
end
|
17
|
-
end
|