doorkeeper 2.1.2 → 2.1.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d01017121a759c48e73796768589be94d4b30483
4
- data.tar.gz: 34ff11b0a073fa7fac25a650e412c1d273e3d035
3
+ metadata.gz: 1d2ce14647afc9a16514c9f3b340eb31b8b24f88
4
+ data.tar.gz: fa3a726152a14c5496abb9433a1ea92f0d588b9f
5
5
  SHA512:
6
- metadata.gz: 66f566988c4106206e84b287aece9b3595bfbca30b51b65a18ae5e534051b1896b967c6830d8765ac7c7c49e94745474c0777c41618bf73b0559762fb1e31e47
7
- data.tar.gz: 0b44401eebd4070efbbda7227174f8b9fd7b943444683c8bfe1bf83d67efa5ae0935986e9be440e046230a41ea2ab21230c496cb32368a51509cfab8f5068fde
6
+ metadata.gz: f9877675927e23991fd103d4e08480270e1dc5d365f3ba7fd4bf1fd1cce5a27c916a56572c0e5f9083c76be0850f128fa2baf5628679910e3f5efd68a46e4bcd
7
+ data.tar.gz: 684c840627ac5e3b7a6eeddac43c3ef758222f5b2296021c3686cbb51bdc50a701269cd80bec2164c24fd5be4bb668f5b3ed63ec9bb492fcab1e2406ff229424
@@ -1,5 +1,10 @@
1
1
  # Changelog
2
2
 
3
+ ## 2.1.3
4
+
5
+ - [#588] Fixes scopes_match? bug that skipped authorization form in some cases
6
+
7
+
3
8
  ## 2.1.2
4
9
 
5
10
  - [#574] Remove unused update authorization route.
@@ -0,0 +1,15 @@
1
+ # Releasing doorkeeper
2
+
3
+ 1. Update `lib/doorkeeper/version.rb` file accordingly.
4
+ 2. Update `CHANGELOG.md` to reflect the changes since last release.
5
+ 3. Commit changes. There shouldn’t be code changes, and thus CI doesn’t need to
6
+ run, you can then add “[ci skip]” to the commit message.
7
+ 4. Tag the release: `git tag vVERSION`
8
+ 5. Push changes: `git push --tags`
9
+ 6. Build and publish the gem:
10
+ ```bash
11
+ gem build doorkeeper.gemspec
12
+ gem push doorkeeper-*.gem
13
+ ```
14
+ 7. Announce the new release, making sure to say “thank you” to the contributors
15
+ who helped shape this version!
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
16
16
  s.test_files = `git ls-files -- test/*`.split("\n")
17
17
  s.require_paths = ["lib"]
18
18
 
19
- s.add_dependency "railties", ">= 3.1"
19
+ s.add_dependency "railties", ">= 3.2"
20
20
 
21
21
  s.add_development_dependency "sqlite3", "~> 1.3.5"
22
22
  s.add_development_dependency "rspec-rails", "~> 2.99.0"
@@ -59,7 +59,7 @@ module Doorkeeper
59
59
 
60
60
  def scopes_match?(token_scopes, param_scopes, app_scopes)
61
61
  (!token_scopes.present? && !param_scopes.present?) ||
62
- Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
62
+ Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
63
63
  token_scopes.to_s,
64
64
  param_scopes,
65
65
  app_scopes
@@ -2,16 +2,42 @@ module Doorkeeper
2
2
  module OAuth
3
3
  module Helpers
4
4
  module ScopeChecker
5
+ class Validator
6
+ attr_reader :parsed_scopes, :scope_str
7
+
8
+ def initialize(scope_str, server_scopes, application_scopes)
9
+ @parsed_scopes = OAuth::Scopes.from_string(scope_str)
10
+ @scope_str = scope_str
11
+ @valid_scopes = valid_scopes(server_scopes, application_scopes)
12
+ end
13
+
14
+ def valid?
15
+ scope_str.present? &&
16
+ scope_str !~ /[\n|\r|\t]/ &&
17
+ @valid_scopes.has_scopes?(parsed_scopes)
18
+ end
19
+
20
+ def match?
21
+ valid? && parsed_scopes.has_scopes?(@valid_scopes)
22
+ end
23
+
24
+ private
25
+
26
+ def valid_scopes(server_scopes, application_scopes)
27
+ if application_scopes.present?
28
+ server_scopes & application_scopes
29
+ else
30
+ server_scopes
31
+ end
32
+ end
33
+ end
34
+
5
35
  def self.valid?(scope_str, server_scopes, application_scopes = nil)
6
- valid_scopes = if application_scopes.present?
7
- server_scopes & application_scopes
8
- else
9
- server_scopes
10
- end
36
+ Validator.new(scope_str, server_scopes, application_scopes).valid?
37
+ end
11
38
 
12
- scope_str.present? &&
13
- scope_str !~ /[\n|\r|\t]/ &&
14
- valid_scopes.has_scopes?(OAuth::Scopes.from_string(scope_str))
39
+ def self.match?(scope_str, server_scopes, application_scopes = nil)
40
+ Validator.new(scope_str, server_scopes, application_scopes).match?
15
41
  end
16
42
  end
17
43
  end
@@ -6,7 +6,7 @@ module Doorkeeper
6
6
  def doorkeeper_authorize!(*scopes)
7
7
  @_doorkeeper_scopes = scopes || Doorkeeper.configuration.default_scopes
8
8
 
9
- if doorkeeper_token_is_invalid?
9
+ if !valid_doorkeeper_token?
10
10
  doorkeeper_render_error
11
11
  end
12
12
  end
@@ -19,12 +19,12 @@ module Doorkeeper
19
19
  nil
20
20
  end
21
21
 
22
- private
23
-
24
- def doorkeeper_token_is_invalid?
25
- !doorkeeper_token || !doorkeeper_token.acceptable?(@_doorkeeper_scopes)
22
+ def valid_doorkeeper_token?
23
+ doorkeeper_token && doorkeeper_token.acceptable?(@_doorkeeper_scopes)
26
24
  end
27
25
 
26
+ private
27
+
28
28
  def doorkeeper_render_error
29
29
  error = doorkeeper_error
30
30
  headers.merge! error.headers.reject { |k| "Content-Type" == k }
@@ -1,3 +1,3 @@
1
1
  module Doorkeeper
2
- VERSION = '2.1.2'
2
+ VERSION = '2.1.3'
3
3
  end
@@ -202,12 +202,24 @@ module Doorkeeper
202
202
  expect(last_token).to be_nil
203
203
  end
204
204
 
205
- it 'matches the scopes' do
205
+ it 'matches token with fewer scopes' do
206
+ FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public')
207
+ last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
208
+ expect(last_token).to be_nil
209
+ end
210
+
211
+ it 'matches token with different scopes' do
206
212
  FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public email')
207
213
  last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
208
214
  expect(last_token).to be_nil
209
215
  end
210
216
 
217
+ it 'matches token with more scopes' do
218
+ FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public write email')
219
+ last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
220
+ expect(last_token).to be_nil
221
+ end
222
+
211
223
  it 'matches application scopes' do
212
224
  application = FactoryGirl.create :application, scopes: "private read"
213
225
  FactoryGirl.create :access_token, default_attributes.merge(
@@ -104,5 +104,19 @@ feature 'Authorization Code Flow' do
104
104
 
105
105
  should_have_json 'access_token', Doorkeeper::AccessToken.last.token
106
106
  end
107
+
108
+ scenario 'resource owner authorizes the client with extra scopes' do
109
+ client_is_authorized(@client, @resource_owner, scopes: 'public')
110
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
111
+ click_on 'Authorize'
112
+
113
+ authorization_code = Doorkeeper::AccessGrant.first.token
114
+ post token_endpoint_url(code: authorization_code, client: @client)
115
+
116
+ expect(Doorkeeper::AccessToken.count).to be(2)
117
+
118
+ should_have_json 'access_token', Doorkeeper::AccessToken.last.token
119
+ access_token_should_have_scopes :public, :write
120
+ end
107
121
  end
108
122
  end
@@ -24,17 +24,36 @@ feature 'Skip authorization form' do
24
24
  url_should_have_param 'code', Doorkeeper::AccessGrant.first.token
25
25
  end
26
26
 
27
- scenario 'does not skip authorization when scopes differ' do
27
+ scenario 'does not skip authorization when scopes differ (new request has fewer scopes)' do
28
28
  client_is_authorized(@client, @resource_owner, scopes: 'public write')
29
29
  visit authorization_endpoint_url(client: @client, scope: 'public')
30
30
  i_should_see 'Authorize'
31
31
  end
32
32
 
33
+ scenario 'does not skip authorization when scopes differ (new request has more scopes)' do
34
+ client_is_authorized(@client, @resource_owner, scopes: 'public write')
35
+ visit authorization_endpoint_url(client: @client, scopes: 'public write email')
36
+ i_should_see 'Authorize'
37
+ end
38
+
33
39
  scenario 'creates grant with new scope when scopes differ' do
34
40
  client_is_authorized(@client, @resource_owner, scopes: 'public write')
35
41
  visit authorization_endpoint_url(client: @client, scope: 'public')
36
42
  click_on 'Authorize'
37
43
  access_grant_should_have_scopes :public
38
44
  end
45
+
46
+ scenario 'doesn not skip authorization when scopes are greater' do
47
+ client_is_authorized(@client, @resource_owner, scopes: 'public')
48
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
49
+ i_should_see 'Authorize'
50
+ end
51
+
52
+ scenario 'creates grant with new scope when scopes are greater' do
53
+ client_is_authorized(@client, @resource_owner, scopes: 'public')
54
+ visit authorization_endpoint_url(client: @client, scope: 'public write')
55
+ click_on 'Authorize'
56
+ access_grant_should_have_scopes :public, :write
57
+ end
39
58
  end
40
59
  end
@@ -37,7 +37,7 @@ module ModelHelper
37
37
  end
38
38
 
39
39
  def access_token_should_have_scopes(*args)
40
- grant = Doorkeeper::AccessToken.first
40
+ grant = Doorkeeper::AccessToken.last
41
41
  expect(grant.scopes).to eq(Doorkeeper::OAuth::Scopes.from_array(args))
42
42
  end
43
43
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.2
4
+ version: 2.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-02-26 00:00:00.000000000 Z
12
+ date: 2015-03-01 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: railties
@@ -17,14 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - ">="
19
19
  - !ruby/object:Gem::Version
20
- version: '3.1'
20
+ version: '3.2'
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
25
  - - ">="
26
26
  - !ruby/object:Gem::Version
27
- version: '3.1'
27
+ version: '3.2'
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: sqlite3
30
30
  requirement: !ruby/object:Gem::Requirement
@@ -181,6 +181,7 @@ files:
181
181
  - Gemfile
182
182
  - MIT-LICENSE
183
183
  - README.md
184
+ - RELEASING.md
184
185
  - Rakefile
185
186
  - app/assets/stylesheets/doorkeeper/admin/application.css
186
187
  - app/assets/stylesheets/doorkeeper/application.css