doorkeeper 4.4.2 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/NEWS.md +5 -0
- data/lib/doorkeeper/config.rb +14 -0
- data/lib/doorkeeper/rails/routes.rb +5 -1
- data/lib/doorkeeper/version.rb +1 -1
- data/spec/controllers/authorizations_controller_spec.rb +32 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +5 -0
- data/spec/lib/config_spec.rb +25 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8d8d3550d8406d4abb224c4960d1d6e8a0c4c706
|
4
|
+
data.tar.gz: b12408cb8b0dc2b14ee69b57798943b5c1bfaa30
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0674af950f6070d6457e09f73fc89736b092ae6595e484ca6e67e7f126912ea007509d9249fdc4eb01e66bf981c1e49da33712203d8428d10401a43faabd1cfd
|
7
|
+
data.tar.gz: e447513c202dfde4c622b898da2a98dff64272193136fe399b890bb97488e7915156a2588caa6de3566db411f4c7dfa89e88be3a8b8d0a76511251f2f980c382
|
data/NEWS.md
CHANGED
@@ -4,6 +4,11 @@ User-visible changes worth mentioning.
|
|
4
4
|
|
5
5
|
## master
|
6
6
|
|
7
|
+
## 4.4.3
|
8
|
+
- [#1143] Adds a config option opt_out_native_route_change to opt out of the
|
9
|
+
breaking api changed introduced in
|
10
|
+
https://github.com/doorkeeper-gem/doorkeeper/pull/1003
|
11
|
+
|
7
12
|
## 4.4.2
|
8
13
|
- [#1130] Backport fix for native redirect_uri from 5.x.
|
9
14
|
|
data/lib/doorkeeper/config.rb
CHANGED
@@ -114,6 +114,15 @@ doorkeeper.
|
|
114
114
|
def reuse_access_token
|
115
115
|
@config.instance_variable_set(:@reuse_access_token, true)
|
116
116
|
end
|
117
|
+
|
118
|
+
# Opt out of breaking api change to the native authorization code flow.
|
119
|
+
# Opting out sets the authorization code response route for native
|
120
|
+
# redirect uris to oauth/authorize/<code>. The default is
|
121
|
+
# oauth/authorize/native?code=<code>.
|
122
|
+
# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
|
123
|
+
def opt_out_native_route_change
|
124
|
+
@config.instance_variable_set(:@opt_out_native_route_change, true)
|
125
|
+
end
|
117
126
|
end
|
118
127
|
|
119
128
|
module Option
|
@@ -295,6 +304,11 @@ doorkeeper.
|
|
295
304
|
@token_grant_types ||= calculate_token_grant_types
|
296
305
|
end
|
297
306
|
|
307
|
+
def native_authorization_code_route
|
308
|
+
@opt_out_native_route_change ||= false
|
309
|
+
@opt_out_native_route_change ? '/:code' : '/native'
|
310
|
+
end
|
311
|
+
|
298
312
|
private
|
299
313
|
|
300
314
|
# Determines what values are acceptable for 'response_type' param in
|
@@ -47,7 +47,7 @@ module Doorkeeper
|
|
47
47
|
as: mapping[:as],
|
48
48
|
controller: mapping[:controllers]
|
49
49
|
) do
|
50
|
-
routes.get
|
50
|
+
routes.get native_authorization_code_route, action: :show, on: :member
|
51
51
|
routes.get '/', action: :new, on: :member
|
52
52
|
end
|
53
53
|
end
|
@@ -85,6 +85,10 @@ module Doorkeeper
|
|
85
85
|
def authorized_applications_routes(mapping)
|
86
86
|
routes.resources :authorized_applications, only: %i[index destroy], controller: mapping[:controllers]
|
87
87
|
end
|
88
|
+
|
89
|
+
def native_authorization_code_route
|
90
|
+
Doorkeeper.configuration.native_authorization_code_route
|
91
|
+
end
|
88
92
|
end
|
89
93
|
end
|
90
94
|
end
|
data/lib/doorkeeper/version.rb
CHANGED
@@ -164,6 +164,38 @@ describe Doorkeeper::AuthorizationsController, 'implicit grant flow' do
|
|
164
164
|
it 'should not issue a token' do
|
165
165
|
expect(Doorkeeper::AccessToken.count).to be 0
|
166
166
|
end
|
167
|
+
|
168
|
+
context 'with opt_out_native_route_change' do
|
169
|
+
around(:each) do |example|
|
170
|
+
Doorkeeper.configure do
|
171
|
+
orm DOORKEEPER_ORM
|
172
|
+
opt_out_native_route_change
|
173
|
+
end
|
174
|
+
|
175
|
+
Rails.application.reload_routes!
|
176
|
+
|
177
|
+
example.run
|
178
|
+
|
179
|
+
Doorkeeper.configure do
|
180
|
+
orm DOORKEEPER_ORM
|
181
|
+
end
|
182
|
+
|
183
|
+
Rails.application.reload_routes!
|
184
|
+
end
|
185
|
+
|
186
|
+
it 'should redirect immediately' do
|
187
|
+
expect(response).to be_redirect
|
188
|
+
expect(response.location).to match(/oauth\/authorize\/#{Doorkeeper::AccessGrant.first.token}/)
|
189
|
+
end
|
190
|
+
|
191
|
+
it 'should issue a grant' do
|
192
|
+
expect(Doorkeeper::AccessGrant.count).to be 1
|
193
|
+
end
|
194
|
+
|
195
|
+
it 'should not issue a token' do
|
196
|
+
expect(Doorkeeper::AccessToken.count).to be 0
|
197
|
+
end
|
198
|
+
end
|
167
199
|
end
|
168
200
|
|
169
201
|
describe 'GET #new with skip_authorization true' do
|
@@ -29,6 +29,11 @@ Doorkeeper.configure do
|
|
29
29
|
# Issue access tokens with refresh token (disabled by default)
|
30
30
|
use_refresh_token
|
31
31
|
|
32
|
+
# Opt out of breaking api change to the native authorization code flow. Opting out sets the authorization
|
33
|
+
# code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>.
|
34
|
+
# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
|
35
|
+
# opt_out_native_route_change
|
36
|
+
|
32
37
|
# Provide support for an owner to be assigned to each registered application (disabled by default)
|
33
38
|
# Optional parameter confirmation: true (default false) if you want to enforce ownership of
|
34
39
|
# a registered application
|
data/spec/lib/config_spec.rb
CHANGED
@@ -162,6 +162,31 @@ describe Doorkeeper, 'configuration' do
|
|
162
162
|
end
|
163
163
|
end
|
164
164
|
|
165
|
+
describe 'opt_out_native_route_change' do
|
166
|
+
around(:each) do |example|
|
167
|
+
Doorkeeper.configure do
|
168
|
+
orm DOORKEEPER_ORM
|
169
|
+
opt_out_native_route_change
|
170
|
+
end
|
171
|
+
|
172
|
+
Rails.application.reload_routes!
|
173
|
+
|
174
|
+
subject { Doorkeeper.configuration }
|
175
|
+
|
176
|
+
example.run
|
177
|
+
|
178
|
+
Doorkeeper.configure do
|
179
|
+
orm DOORKEEPER_ORM
|
180
|
+
end
|
181
|
+
|
182
|
+
Rails.application.reload_routes!
|
183
|
+
end
|
184
|
+
|
185
|
+
it 'sets the native authorization code route /:code' do
|
186
|
+
expect(subject.native_authorization_code_route).to eq('/:code')
|
187
|
+
end
|
188
|
+
end
|
189
|
+
|
165
190
|
describe 'client_credentials' do
|
166
191
|
it 'has defaults order' do
|
167
192
|
expect(subject.client_credentials_methods).to eq([:from_basic, :from_params])
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.4.
|
4
|
+
version: 4.4.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Felipe Elias Philipp
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2018-
|
14
|
+
date: 2018-09-19 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: railties
|