doorkeeper 5.1.2 → 5.2.2

data/spec/validators/redirect_uri_validator_spec.rb

@@ -2,7 +2,7 @@
 
 require "spec_helper"
 
-describe RedirectUriValidator do
+describe Doorkeeper::RedirectUriValidator do
   subject do
     FactoryBot.create(:application)
   end
@@ -18,7 +18,7 @@ describe RedirectUriValidator do
   #
   # @see https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uris-native-apps/
   it "is valid when the uri is custom native URI" do
-    subject.redirect_uri = "myapp://callback"
+    subject.redirect_uri = "myapp:/callback"
     expect(subject).to be_valid
   end
 
@@ -27,33 +27,48 @@ describe RedirectUriValidator do
     expect(subject).to be_valid
   end
 
-  it "accepts native redirect uri" do
+  it "accepts nonstandard oob redirect uri" do
     subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
     expect(subject).to be_valid
   end
 
-  it "rejects if test uri is disabled" do
-    allow(RedirectUriValidator).to receive(:native_redirect_uri).and_return(nil)
-    subject.redirect_uri = "urn:some:test"
-    expect(subject).not_to be_valid
+  it "accepts nonstandard oob:auto redirect uri" do
+    subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob:auto"
+    expect(subject).to be_valid
   end
 
   it "is invalid when the uri is not a uri" do
     subject.redirect_uri = "]"
     expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq("must be a valid URI.")
+    expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.invalid_uri"))
   end
 
   it "is invalid when the uri is relative" do
     subject.redirect_uri = "/abcd"
     expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq("must be an absolute URI.")
+    expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.relative_uri"))
   end
 
   it "is invalid when the uri has a fragment" do
     subject.redirect_uri = "https://example.com/abcd#xyz"
     expect(subject).not_to be_valid
-    expect(subject.errors[:redirect_uri].first).to eq("cannot contain a fragment.")
+    expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.fragment_present"))
+  end
+
+  it "is invalid when scheme resolves to localhost (needs an explict scheme)" do
+    subject.redirect_uri = "localhost:80"
+    expect(subject).to be_invalid
+    expect(subject.errors[:redirect_uri].first).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.unspecified_scheme"))
+  end
+
+  it "is invalid if an ip address" do
+    subject.redirect_uri = "127.0.0.1:8080"
+    expect(subject).to be_invalid
+  end
+
+  it "accepts an ip address based URI if a scheme is specified" do
+    subject.redirect_uri = "https://127.0.0.1:8080"
+    expect(subject).to be_valid
   end
 
   context "force secured uri" do
@@ -62,13 +77,23 @@ describe RedirectUriValidator do
       expect(subject).to be_valid
     end
 
-    it "accepts native redirect uri" do
-      subject.redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
+    it "accepts custom scheme redirect uri (as per rfc8252 section 7.1)" do
+      subject.redirect_uri = "com.example.app:/oauth/callback"
+      expect(subject).to be_valid
+    end
+
+    it "accepts custom scheme redirect uri (as per rfc8252 section 7.1) #2" do
+      subject.redirect_uri = "com.example.app:/test"
+      expect(subject).to be_valid
+    end
+
+    it "accepts custom scheme redirect uri (common misconfiguration we have decided to allow)" do
+      subject.redirect_uri = "com.example.app://oauth/callback"
       expect(subject).to be_valid
     end
 
-    it "accepts app redirect uri" do
-      subject.redirect_uri = "some-awesome-app://oauth/callback"
+    it "accepts custom scheme redirect uri (common misconfiguration we have decided to allow) #2" do
+      subject.redirect_uri = "com.example.app://test"
       expect(subject).to be_valid
     end
 
@@ -118,7 +143,7 @@ describe RedirectUriValidator do
       subject.redirect_uri = "http://example.com/callback"
       expect(subject).not_to be_valid
       error = subject.errors[:redirect_uri].first
-      expect(error).to eq("must be an HTTPS/SSL URI.")
+      expect(error).to eq(I18n.t("activerecord.errors.models.doorkeeper/application.attributes.redirect_uri.secured_uri"))
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 5.1.2
+  version: 5.2.2
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-19 00:00:00.000000000 Z
+date: 2019-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -174,19 +174,12 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".coveralls.yml"
-- ".github/ISSUE_TEMPLATE.md"
-- ".github/PULL_REQUEST_TEMPLATE.md"
-- ".gitignore"
-- ".gitlab-ci.yml"
-- ".hound.yml"
-- ".rspec"
-- ".rubocop.yml"
-- ".travis.yml"
 - Appraisals
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Dangerfile
+- Dockerfile
 - Gemfile
 - MIT-LICENSE
 - NEWS.md
@@ -205,7 +198,6 @@ files:
 - app/controllers/doorkeeper/token_info_controller.rb
 - app/controllers/doorkeeper/tokens_controller.rb
 - app/helpers/doorkeeper/dashboard_helper.rb
-- app/validators/redirect_uri_validator.rb
 - app/views/doorkeeper/applications/_delete_form.html.erb
 - app/views/doorkeeper/applications/_form.html.erb
 - app/views/doorkeeper/applications/edit.html.erb
@@ -268,7 +260,9 @@ files:
 - lib/doorkeeper/oauth/helpers/scope_checker.rb
 - lib/doorkeeper/oauth/helpers/unique_token.rb
 - lib/doorkeeper/oauth/helpers/uri_checker.rb
+- lib/doorkeeper/oauth/invalid_request_response.rb
 - lib/doorkeeper/oauth/invalid_token_response.rb
+- lib/doorkeeper/oauth/nonstandard.rb
 - lib/doorkeeper/oauth/password_access_token_request.rb
 - lib/doorkeeper/oauth/pre_authorization.rb
 - lib/doorkeeper/oauth/refresh_token_request.rb
@@ -281,6 +275,7 @@ files:
 - lib/doorkeeper/orm/active_record/access_grant.rb
 - lib/doorkeeper/orm/active_record/access_token.rb
 - lib/doorkeeper/orm/active_record/application.rb
+- lib/doorkeeper/orm/active_record/redirect_uri_validator.rb
 - lib/doorkeeper/orm/active_record/stale_records_cleaner.rb
 - lib/doorkeeper/rails/helpers.rb
 - lib/doorkeeper/rails/routes.rb
@@ -402,6 +397,7 @@ files:
 - spec/lib/oauth/helpers/scope_checker_spec.rb
 - spec/lib/oauth/helpers/unique_token_spec.rb
 - spec/lib/oauth/helpers/uri_checker_spec.rb
+- spec/lib/oauth/invalid_request_response_spec.rb
 - spec/lib/oauth/invalid_token_response_spec.rb
 - spec/lib/oauth/password_access_token_request_spec.rb
 - spec/lib/oauth/pre_authorization_spec.rb
@@ -459,7 +455,12 @@ files:
 homepage: https://github.com/doorkeeper-gem/doorkeeper
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/doorkeeper-gem/doorkeeper
+  changelog_uri: https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/doorkeeper-gem/doorkeeper
+  bug_tracker_uri: https://github.com/doorkeeper-gem/doorkeeper/issues
+  documentation_uri: https://doorkeeper.gitbook.io/guides/
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -475,8 +476,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.9
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: OAuth 2 provider for Rails and Grape
@@ -564,6 +564,7 @@ test_files:
 - spec/lib/oauth/helpers/scope_checker_spec.rb
 - spec/lib/oauth/helpers/unique_token_spec.rb
 - spec/lib/oauth/helpers/uri_checker_spec.rb
+- spec/lib/oauth/invalid_request_response_spec.rb
 - spec/lib/oauth/invalid_token_response_spec.rb
 - spec/lib/oauth/password_access_token_request_spec.rb
 - spec/lib/oauth/pre_authorization_spec.rb

data/.coveralls.yml

@@ -1 +0,0 @@
-service_name: travis-ci

data/.github/ISSUE_TEMPLATE.md

@@ -1,25 +0,0 @@
-### Steps to reproduce
-What we need to do to see your problem or bug?
-
-The more detailed the issue, the more likely that we will fix it ASAP.
-
-Don't use GitHub issues for questions like "How can I do that?" —
-use [StackOverflow](https://stackoverflow.com/questions/tagged/doorkeeper)
-instead with the corresponding tag.
-
-### Expected behavior
-Tell us what should happen
-
-### Actual behavior
-Tell us what happens instead
-
-### System configuration
-You can help us to understand your problem if you will share some very
-useful information about your project environment (don't forget to
-remove any confidential data if it exists).
-
-**Doorkeeper initializer**:
-
-**Ruby version**:
-
-**Gemfile.lock**:

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -1,17 +0,0 @@
-### Summary
-
-Provide a general description of the code changes in your pull
-request... were there any bugs you had fixed? If so, mention them. If
-these bugs have open GitHub issues, be sure to tag them here as well,
-to keep the conversation linked together.
-
-### Other Information
-
-If there's anything else that's important and relevant to your pull
-request, mention that information here. This could include
-benchmarks, or other information.
-
-If you are updating NEWS.md file or are asked to update it by reviewers,
-please add the changelog entry at the top of the file.
-
-Thanks for contributing to Doorkeeper project!

data/.gitignore

@@ -1,20 +0,0 @@
-.bundle/
-.rbx
-*.rbc
-log/*.log
-pkg/
-spec/dummy/db/*.sqlite3
-spec/dummy/log/*.log
-spec/dummy/tmp/
-spec/generators/tmp
-Gemfile.lock
-gemfiles/*.lock
-.rvmrc
-*.swp
-.idea
-/.yardoc/
-/_yardoc/
-/doc/
-/rdoc/
-coverage
-*.gem

data/.gitlab-ci.yml

@@ -1,16 +0,0 @@
-dependency_scanning:
-  image: docker:stable
-  variables:
-    DOCKER_DRIVER: overlay2
-  allow_failure: true
-  services:
-    - docker:stable-dind
-  script:
-    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-    - docker run
-        --env DEP_SCAN_DISABLE_REMOTE_CHECKS="${DEP_SCAN_DISABLE_REMOTE_CHECKS:-false}"
-        --volume "$PWD:/code"
-        --volume /var/run/docker.sock:/var/run/docker.sock
-        "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$SP_VERSION" /code
-  artifacts:
-    paths: [gl-dependency-scanning-report.json]

data/.hound.yml

@@ -1,3 +0,0 @@
-rubocop:
-  config_file: .rubocop.yml
-  version: 0.64.0

data/.rspec

@@ -1 +0,0 @@
---colour

data/.rubocop.yml

@@ -1,50 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.4
-  Exclude:
-    - "spec/dummy/db/*"
-    - "spec/dummy/config/*"
-    - "Dangerfile"
-    - "gemfiles/*.gemfile"
-
-Metrics/BlockLength:
-  Exclude:
-    - spec/**/*
-    - lib/doorkeeper/rake/*
-
-Metrics/LineLength:
-  Exclude:
-    - spec/**/*
-  Max: 100
-
-Metrics/MethodLength:
-  Exclude:
-    - spec/dummy/db/*
-
-Style/StringLiterals:
-  EnforcedStyle: double_quotes
-Style/StringLiteralsInInterpolation:
-  EnforcedStyle: double_quotes
-
-Style/FrozenStringLiteralComment:
-  Enabled: true
-
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: consistent_comma
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: consistent_comma
-
-Style/SymbolArray:
-  MinSize: 3
-Style/WordArray:
-  MinSize: 3
-
-Style/ClassAndModuleChildren:
-  Exclude:
-    - spec/**/*
-
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-Layout/TrailingBlankLines:
-  Enabled: true
-Layout/DotPosition:
-  EnforcedStyle: leading

data/.travis.yml

@@ -1,35 +0,0 @@
-language: ruby
-cache: bundler
-
-rvm:
-  - 2.4
-  - 2.5
-  - 2.6
-  - ruby-head
-
-#before_install:
-#  - gem update --system
-#  - gem install bundler
-
-gemfile:
-  - gemfiles/rails_5_0.gemfile
-  - gemfiles/rails_5_1.gemfile
-  - gemfiles/rails_5_2.gemfile
-  - gemfiles/rails_6_0.gemfile
-  - gemfiles/rails_master.gemfile
-
-matrix:
-  fast_finish: true
-  # Run Danger only once
-  include:
-    - rvm: 2.5
-      gemfile: gemfiles/rails_5_2.gemfile
-      script: bundle exec danger
-  exclude:
-    - gemfile: gemfiles/rails_6_0.gemfile
-      rvm: 2.4
-    - gemfile: gemfiles/rails_master.gemfile
-      rvm: 2.4
-  allow_failures:
-    - gemfile: gemfiles/rails_master.gemfile
-    - rvm: ruby-head

data/app/validators/redirect_uri_validator.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-require "uri"
-
-class RedirectUriValidator < ActiveModel::EachValidator
-  def self.native_redirect_uri
-    Doorkeeper.configuration.native_redirect_uri
-  end
-
-  def validate_each(record, attribute, value)
-    if value.blank?
-      return if Doorkeeper.configuration.allow_blank_redirect_uri?(record)
-
-      record.errors.add(attribute, :blank)
-    else
-      value.split.each do |val|
-        uri = ::URI.parse(val)
-        next if native_redirect_uri?(uri)
-
-        record.errors.add(attribute, :forbidden_uri) if forbidden_uri?(uri)
-        record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
-        record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
-        record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
-      end
-    end
-  rescue URI::InvalidURIError
-    record.errors.add(attribute, :invalid_uri)
-  end
-
-  private
-
-  def native_redirect_uri?(uri)
-    self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
-  end
-
-  def forbidden_uri?(uri)
-    Doorkeeper.configuration.forbid_redirect_uri.call(uri)
-  end
-
-  def invalid_ssl_uri?(uri)
-    forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
-    non_https = uri.try(:scheme) == "http"
-
-    if forces_ssl.respond_to?(:call)
-      forces_ssl.call(uri) && non_https
-    else
-      forces_ssl && non_https
-    end
-  end
-end