doorkeeper-openid_connect 1.8.10 → 1.8.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -1
- data/lib/doorkeeper/openid_connect/helpers/controller.rb +12 -2
- data/lib/doorkeeper/openid_connect/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f528fd39b26ece5800ff5a5cc38b8fdd0945c5bd9298e6a03bad7df0f7fe9c9
|
|
4
|
+
data.tar.gz: cefcf626ab0f1cbf825a792b529b643081c3be96dcdbc922507e06cd3844218c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a16a5cc0bf3de2e6232900126d111093f6313bc00264ee77e9385260bef586b22152971905b87e728eff7eeb7fde16fd67d73843c13ba88b17925ebc6d41f7b
|
|
7
|
+
data.tar.gz: d7215370a0be9369fe05a61cd4fee8d2df68a79bdbd104f4cde638e704c83637f23af76369afa532dc68b349f180fdb2ccb6e7772d87647356b0e3018424230e
|
data/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
- [#PR ID] Add your changelog entry here.
|
|
4
4
|
|
|
5
|
-
## v1.8.
|
|
5
|
+
## v1.8.11 (2025-02-10)
|
|
6
|
+
|
|
7
|
+
- [#219] Test against Ruby 3.4.
|
|
8
|
+
- [#216] Test against Rails 7.1, 7.2, 8.0.
|
|
9
|
+
- [#222] Support max_age=0
|
|
10
|
+
- [#221] Avoid raising invalid_request error on prompt=create
|
|
11
|
+
- [#220] Define priority on possible prompt values to statically & successfully process multiple prompt values
|
|
12
|
+
- [#224] Define priority between max_age & prompt
|
|
13
|
+
|
|
14
|
+
## v1.8.10 (2024-11-29)
|
|
6
15
|
|
|
7
16
|
- [#215] Drop support for Ruby 2.7, 3.0 and Rails 6.
|
|
8
17
|
- [#209] Configuration per IdToken expiration (thanks to @martinezcoder)
|
|
@@ -17,8 +17,8 @@ module Doorkeeper
|
|
|
17
17
|
super.tap do |owner|
|
|
18
18
|
next unless oidc_authorization_request?
|
|
19
19
|
|
|
20
|
-
handle_oidc_prompt_param!(owner)
|
|
21
20
|
handle_oidc_max_age_param!(owner)
|
|
21
|
+
handle_oidc_prompt_param!(owner)
|
|
22
22
|
end
|
|
23
23
|
rescue Errors::OpenidConnectError => e
|
|
24
24
|
handle_oidc_error!(e)
|
|
@@ -67,6 +67,11 @@ module Doorkeeper
|
|
|
67
67
|
def handle_oidc_prompt_param!(owner)
|
|
68
68
|
prompt_values ||= params[:prompt].to_s.split(/ +/).uniq
|
|
69
69
|
|
|
70
|
+
priority = ['none', 'consent', 'login', 'select_account']
|
|
71
|
+
prompt_values.sort_by! do |prompt|
|
|
72
|
+
priority.find_index(prompt).to_i
|
|
73
|
+
end
|
|
74
|
+
|
|
70
75
|
prompt_values.each do |prompt|
|
|
71
76
|
case prompt
|
|
72
77
|
when 'none'
|
|
@@ -79,6 +84,8 @@ module Doorkeeper
|
|
|
79
84
|
render :new if owner
|
|
80
85
|
when 'select_account'
|
|
81
86
|
select_account_for_oidc_resource_owner(owner)
|
|
87
|
+
when 'create'
|
|
88
|
+
# NOTE: not supported, but not raise error.
|
|
82
89
|
else
|
|
83
90
|
raise Errors::InvalidRequest
|
|
84
91
|
end
|
|
@@ -87,13 +94,16 @@ module Doorkeeper
|
|
|
87
94
|
|
|
88
95
|
def handle_oidc_max_age_param!(owner)
|
|
89
96
|
max_age = params[:max_age].to_i
|
|
90
|
-
return unless max_age > 0 && owner
|
|
97
|
+
return unless (params[:max_age].to_s == '0' || max_age > 0) && owner
|
|
91
98
|
|
|
92
99
|
auth_time = instance_exec(
|
|
93
100
|
owner,
|
|
94
101
|
&Doorkeeper::OpenidConnect.configuration.auth_time_from_resource_owner
|
|
95
102
|
)
|
|
96
103
|
|
|
104
|
+
# NOTE: clock skew
|
|
105
|
+
max_age = [1, max_age].max
|
|
106
|
+
|
|
97
107
|
if !auth_time || (Time.zone.now - auth_time) > max_age
|
|
98
108
|
reauthenticate_oidc_resource_owner(owner)
|
|
99
109
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper-openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.8.
|
|
4
|
+
version: 1.8.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam Dengler
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2025-02-10 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: doorkeeper
|
|
@@ -32,6 +32,20 @@ dependencies:
|
|
|
32
32
|
- - "<"
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
34
|
version: '5.9'
|
|
35
|
+
- !ruby/object:Gem::Dependency
|
|
36
|
+
name: ostruct
|
|
37
|
+
requirement: !ruby/object:Gem::Requirement
|
|
38
|
+
requirements:
|
|
39
|
+
- - ">="
|
|
40
|
+
- !ruby/object:Gem::Version
|
|
41
|
+
version: '0.5'
|
|
42
|
+
type: :runtime
|
|
43
|
+
prerelease: false
|
|
44
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
45
|
+
requirements:
|
|
46
|
+
- - ">="
|
|
47
|
+
- !ruby/object:Gem::Version
|
|
48
|
+
version: '0.5'
|
|
35
49
|
- !ruby/object:Gem::Dependency
|
|
36
50
|
name: jwt
|
|
37
51
|
requirement: !ruby/object:Gem::Requirement
|