doorkeeper 5.1.2 → 5.6.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/{NEWS.md → CHANGELOG.md} +314 -27
- data/README.md +39 -22
- data/app/controllers/doorkeeper/application_controller.rb +3 -2
- data/app/controllers/doorkeeper/application_metal_controller.rb +3 -2
- data/app/controllers/doorkeeper/applications_controller.rb +5 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +76 -25
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +5 -5
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +99 -28
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -7
- data/app/views/doorkeeper/applications/show.html.erb +35 -14
- data/app/views/doorkeeper/authorizations/error.html.erb +3 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +16 -14
- data/config/locales/en.yml +16 -3
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +20 -2
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +300 -136
- data/lib/doorkeeper/engine.rb +10 -3
- data/lib/doorkeeper/errors.rb +13 -18
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/helpers.rb +7 -3
- data/lib/doorkeeper/helpers/controller.rb +36 -11
- data/lib/doorkeeper/models/access_grant_mixin.rb +23 -19
- data/lib/doorkeeper/models/access_token_mixin.rb +195 -52
- data/lib/doorkeeper/models/application_mixin.rb +8 -7
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/ownership.rb +1 -1
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/reusable.rb +1 -1
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -28
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +31 -14
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +30 -19
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +51 -22
- data/lib/doorkeeper/oauth/base_request.rb +21 -22
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client.rb +8 -9
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +42 -5
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +10 -8
- data/lib/doorkeeper/oauth/client_credentials/{validation.rb → validator.rb} +14 -5
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +6 -12
- data/lib/doorkeeper/oauth/code_response.rb +24 -14
- data/lib/doorkeeper/oauth/error.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +11 -13
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +8 -12
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +10 -7
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +19 -23
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_request_response.rb +43 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +7 -4
- data/lib/doorkeeper/oauth/nonstandard.rb +39 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +34 -11
- data/lib/doorkeeper/oauth/pre_authorization.rb +114 -44
- data/lib/doorkeeper/oauth/refresh_token_request.rb +54 -34
- data/lib/doorkeeper/oauth/token.rb +6 -7
- data/lib/doorkeeper/oauth/token_introspection.rb +28 -22
- data/lib/doorkeeper/oauth/token_request.rb +6 -20
- data/lib/doorkeeper/oauth/token_response.rb +2 -3
- data/lib/doorkeeper/orm/active_record/access_grant.rb +4 -43
- data/lib/doorkeeper/orm/active_record/access_token.rb +4 -35
- data/lib/doorkeeper/orm/active_record/application.rb +5 -149
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +63 -0
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +77 -0
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +210 -0
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +66 -0
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +5 -2
- data/lib/doorkeeper/orm/active_record.rb +29 -22
- data/lib/doorkeeper/rails/helpers.rb +4 -4
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +28 -27
- data/lib/doorkeeper/rake/db.rake +6 -6
- data/lib/doorkeeper/request/authorization_code.rb +5 -3
- data/lib/doorkeeper/request/client_credentials.rb +2 -2
- data/lib/doorkeeper/request/password.rb +3 -2
- data/lib/doorkeeper/request/refresh_token.rb +5 -4
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/request.rb +49 -17
- data/lib/doorkeeper/server.rb +7 -11
- data/lib/doorkeeper/stale_records_cleaner.rb +6 -2
- data/lib/doorkeeper/version.rb +2 -6
- data/lib/doorkeeper.rb +183 -80
- data/lib/generators/doorkeeper/application_owner_generator.rb +1 -1
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +2 -2
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/migration_generator.rb +1 -1
- data/lib/generators/doorkeeper/pkce_generator.rb +1 -1
- data/lib/generators/doorkeeper/previous_refresh_token_generator.rb +7 -7
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +230 -50
- data/lib/generators/doorkeeper/templates/migration.rb.erb +31 -9
- metadata +61 -327
- data/.coveralls.yml +0 -1
- data/.github/ISSUE_TEMPLATE.md +0 -25
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -17
- data/.gitignore +0 -20
- data/.gitlab-ci.yml +0 -16
- data/.hound.yml +0 -3
- data/.rspec +0 -1
- data/.rubocop.yml +0 -50
- data/.travis.yml +0 -35
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -47
- data/Dangerfile +0 -67
- data/Gemfile +0 -24
- data/RELEASING.md +0 -10
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/app/validators/redirect_uri_validator.rb +0 -50
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -34
- data/gemfiles/rails_5_0.gemfile +0 -17
- data/gemfiles/rails_5_1.gemfile +0 -17
- data/gemfiles/rails_5_2.gemfile +0 -17
- data/gemfiles/rails_6_0.gemfile +0 -17
- data/gemfiles/rails_master.gemfile +0 -17
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -180
- data/spec/controllers/authorizations_controller_spec.rb +0 -527
- data/spec/controllers/protected_resources_controller_spec.rb +0 -353
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -330
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -47
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -121
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -697
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -156
- data/spec/lib/oauth/base_request_spec.rb +0 -205
- data/spec/lib/oauth/base_response_spec.rb +0 -47
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -94
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -29
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -109
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -47
- data/spec/lib/oauth/code_response_spec.rb +0 -36
- data/spec/lib/oauth/error_response_spec.rb +0 -66
- data/spec/lib/oauth/error_spec.rb +0 -23
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -22
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -98
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -247
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -55
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -192
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -215
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
- data/spec/lib/oauth/scopes_spec.rb +0 -148
- data/spec/lib/oauth/token_request_spec.rb +0 -150
- data/spec/lib/oauth/token_response_spec.rb +0 -86
- data/spec/lib/oauth/token_spec.rb +0 -158
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -61
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -144
- data/spec/models/doorkeeper/access_token_spec.rb +0 -591
- data/spec/models/doorkeeper/application_spec.rb +0 -472
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -73
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -78
- data/spec/requests/flows/authorization_code_spec.rb +0 -447
- data/spec/requests/flows/client_credentials_spec.rb +0 -128
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -34
- data/spec/requests/flows/implicit_grant_spec.rb +0 -90
- data/spec/requests/flows/password_spec.rb +0 -259
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -143
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -57
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -98
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/http_method_shim.rb +0 -29
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -123
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -158
- data/spec/version/version_spec.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b62a0472a97d06b40362817c9d5c0dd7dd6e0d0e600437a19f5cf2fd18c4be46
|
4
|
+
data.tar.gz: 9850cef14c21a1f0df2fb451a485ab5b8066360a3008124f7aed287409364e36
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: de0c7021c4735b26249e5b267db11ede06f55b23d8f9bd51641d1cf3eee3812e14a2deec986e8aa6ee81de98097083fdb634a441fd4928cb47286fa977ba5d96
|
7
|
+
data.tar.gz: 3865639c837771ceeafceec8a110e506f88fef45c61f7274782c637e794f9185be18ee98270852bac6fecb0fc90e4893dfed08d715c761507e87396e5a559bc2
|
data/{NEWS.md → CHANGELOG.md}
RENAMED
@@ -1,27 +1,317 @@
|
|
1
|
-
#
|
1
|
+
# Changelog
|
2
2
|
|
3
3
|
See https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions for
|
4
4
|
upgrade guides.
|
5
5
|
|
6
6
|
User-visible changes worth mentioning.
|
7
7
|
|
8
|
+
## main
|
9
|
+
|
10
|
+
- [#ID] Add your PR description here.
|
11
|
+
|
12
|
+
## 5.6.6
|
13
|
+
|
14
|
+
- [#1644] Update HTTP headers.
|
15
|
+
- [#1646] Block public clients automatic authorization skip.
|
16
|
+
- [#1648] Add custom token attributes to Refresh Token Request.
|
17
|
+
- [#1649] Fixed custom_access_token_attributes related errors.
|
18
|
+
|
19
|
+
# 5.6.5
|
20
|
+
|
21
|
+
- [#1602] Allow custom data to be stored inside access grants/tokens.
|
22
|
+
- [#1634] Code refactoring for custom token attributes.
|
23
|
+
- [#1639] Add grant type validation to avoid Internal Server Error for DELETE /oauth/authorize endpoint.
|
24
|
+
|
25
|
+
# 5.6.4
|
26
|
+
|
27
|
+
- [#1633] Apply ORM configuration in #to_prepare block to avoid autoloading errors.
|
28
|
+
|
29
|
+
# 5.6.3
|
30
|
+
|
31
|
+
- [#1622] Drop support for Rubies 2.5 and 2.6
|
32
|
+
- [#1605] Fix URI validation for Ruby 3.2+.
|
33
|
+
- [#1625] Exclude endless access tokens from `StaleRecordsCleaner`.
|
34
|
+
- [#1626] Remove deprecated `active_record_options` config option.
|
35
|
+
- [#1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
|
36
|
+
- [#1630] Special case unique index creation for refresh_token on SQL Server.
|
37
|
+
- [#1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.
|
38
|
+
|
39
|
+
## 5.6.2
|
40
|
+
|
41
|
+
- [#1604] Fix fetching of the application when custom application_class defined.
|
42
|
+
|
43
|
+
## 5.6.1
|
44
|
+
|
45
|
+
- [#1593] Add support for Trilogy ActiveRecord adapter.
|
46
|
+
- [#1597] Add optional support to use the url path for the native authorization code flow. Ports forward [#1143] from 4.4.3
|
47
|
+
- [#1599] Remove unnecessarily re-fetch of application object when creating an access token.
|
48
|
+
|
49
|
+
## 5.6.0
|
50
|
+
|
51
|
+
- [#1581] Consider `token_type_hint` when searching for access token in TokensController to avoid extra database calls.
|
52
|
+
|
53
|
+
## 5.6.0.rc2
|
54
|
+
|
55
|
+
- [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
|
56
|
+
application scopes when using client credentials.
|
57
|
+
- [#1567] Only filter `code` parameter if authorization_code grant flow is enabled.
|
58
|
+
|
59
|
+
## 5.6.0.rc1
|
60
|
+
|
61
|
+
- [#1551] Change lazy loading for ORM to be Ruby standard autoload.
|
62
|
+
- [#1552] Remove duplicate IDs on Auth form to improve accessibility.
|
63
|
+
- [#1542] Improve performance of `Doorkeeper::AccessToken#matching_token_for` using database specific SQL time math.
|
64
|
+
|
65
|
+
**[IMPORTANT]**: API of the `Doorkeeper::AccessToken#matching_token_for` method has changed and now it returns
|
66
|
+
only **active** access tokens (previously they were just not revoked). Please remember that the idea of the
|
67
|
+
`reuse_access_token` option is to check for existing _active_ token (see configuration option description).
|
68
|
+
|
69
|
+
## 5.5.4
|
70
|
+
|
71
|
+
- [#1535] Revert changes introduced in #1528 to allow query params in `redirect_uri` as per the spec.
|
72
|
+
|
73
|
+
## 5.5.3
|
74
|
+
|
75
|
+
- [#1528] Don't allow extra query params in redirect_uri.
|
76
|
+
- [#1525] I18n source for forbidden token error is now `doorkeeper.errors.messages.forbidden_token.missing_scope`.
|
77
|
+
- [#1531] Disable `strict-loading` for Doorkeeper models by default.
|
78
|
+
- [#1532] Add support for Rails 7.
|
79
|
+
|
80
|
+
## 5.5.2
|
81
|
+
|
82
|
+
- [#1502] Drop support for Ruby 2.4 because of EOL.
|
83
|
+
- [#1504] Updated the url fragment in the comment for code documentation.
|
84
|
+
- [#1512] Fix form behavior when response mode is form_post.
|
85
|
+
- [#1511] Fix that authorization code is returned by fragment if response_mode is fragment.
|
86
|
+
|
87
|
+
## 5.5.1
|
88
|
+
|
89
|
+
- [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
|
90
|
+
- [#1495] Fix `respond_to` undefined in API-only mode
|
91
|
+
- [#1488] Verify client authentication for Resource Owner Password Grant when
|
92
|
+
`config.skip_client_authentication_for_password_grant` is set and the client credentials
|
93
|
+
are sent in a HTTP Basic auth header.
|
94
|
+
|
95
|
+
## 5.5.0
|
96
|
+
|
97
|
+
- [#1482] Simplify `TokenInfoController` to be overridable (extract response rendering).
|
98
|
+
- [#1478] Fix ownership association and Rake tasks when custom models configured.
|
99
|
+
- [#1477] Respect `ActiveRecord::Base.pluralize_table_names` for Doorkeeper table names.
|
100
|
+
|
101
|
+
## 5.5.0.rc2
|
102
|
+
|
103
|
+
- [#1473] Enable `Applications` and `AuthorizedApplications` controllers in API mode.
|
104
|
+
|
105
|
+
**[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
|
106
|
+
`use_doorkeeper` inside `routes.rb`. Please do it in case you don't need them.
|
107
|
+
|
108
|
+
- [#1472] Fix `establish_connection` configuration for custom defined models.
|
109
|
+
- [#1471] Add support for Ruby 3.0.
|
110
|
+
- [#1469] Check if `redirect_uri` exists.
|
111
|
+
- [#1465] Memoize nil doorkeeper_token.
|
112
|
+
- [#1459] Use built-in Ruby option to remove padding in PKCE code challenge value.
|
113
|
+
- [#1457] Make owner_id a bigint for newly-generated owner migrations
|
114
|
+
- [#1452] Empty previous_refresh_token only if present.
|
115
|
+
- [#1440] Validate empty host in redirect_uri.
|
116
|
+
- [#1438] Add form post response mode.
|
117
|
+
- [#1458] Make `config.skip_client_authentication_for_password_grant` a long term configuration option.
|
118
|
+
|
119
|
+
## 5.5.0.rc1
|
120
|
+
|
121
|
+
- [#1435] Make error response not redirectable when client is unauthorized
|
122
|
+
- [#1426] Ensure ActiveRecord callbacks are executed on token revocation.
|
123
|
+
- [#1407] Remove redundant and complex to support helpers froms tests (`should_have_json`, etc).
|
124
|
+
- [#1416] Don't add introspection route if token introspection completely disabled.
|
125
|
+
- [#1410] Properly memoize `current_resource_owner` value (consider `nil` and `false` values).
|
126
|
+
- [#1415] Ignore PKCE params for non-PKCE grants.
|
127
|
+
- [#1418] Add ability to register custom OAuth Grant Flows.
|
128
|
+
- [#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.
|
129
|
+
|
130
|
+
**[IMPORTANT]** you need to create a new OAuth client (`Doorkeeper::Application`) if you didn't
|
131
|
+
have it before and use client credentials in HTTP Basic auth if you previously used this grant
|
132
|
+
flow without client authentication. To opt out of this you could set the
|
133
|
+
`skip_client_authentication_for_password_grant` configuration option to `true`, but note that
|
134
|
+
this is in violation of the OAuth spec and represents a security risk.
|
135
|
+
All the users of your provider application now need to include client credentials when they use
|
136
|
+
this grant flow.
|
137
|
+
|
138
|
+
- [#1421] Add Resource Owner instance to authorization hook context for `custom_access_token_expires_in`
|
139
|
+
configuration option to allow resource owner based Access Tokens TTL.
|
140
|
+
|
141
|
+
## 5.4.0
|
142
|
+
|
143
|
+
- [#1404] Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
144
|
+
|
145
|
+
## 5.4.0.rc2
|
146
|
+
|
147
|
+
- [#1371] Add `#as_json` method and attributes serialization restriction for Application model.
|
148
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
149
|
+
|
150
|
+
**[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
|
151
|
+
if you previously used `#to_json` serialization with custom options or attributes or rely on
|
152
|
+
JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
|
153
|
+
is a breaking change which restricts serialized attributes to a very small set of columns.
|
154
|
+
|
155
|
+
- [#1395] Fix `NameError: uninitialized constant Doorkeeper::AccessToken` for Rake tasks.
|
156
|
+
- [#1397] Add `as: :doorkeeper_application` on Doorkeeper application form in order to support
|
157
|
+
custom configured application model.
|
158
|
+
- [#1400] Correctly yield the application instance to `allow_grant_flow_for_client?` config
|
159
|
+
option (fixes #1398).
|
160
|
+
- [#1402] Handle trying authorization with client credentials.
|
161
|
+
|
162
|
+
## 5.4.0.rc1
|
163
|
+
- [#1366] Sets expiry of token generated using `refresh_token` to that of original token. (Fixes #1364)
|
164
|
+
- [#1354] Add `authorize_resource_owner_for_client` option to authorize the calling user to access an application.
|
165
|
+
- [#1355] Allow to enable polymorphic Resource Owner association for Access Token & Grant
|
166
|
+
models (`use_polymorphic_resource_owner` configuration option).
|
167
|
+
|
168
|
+
**[IMPORTANT]** Review your custom patches or extensions for Doorkeeper internals if you
|
169
|
+
have such - since now Doorkeeper passes Resource Owner instance to every objects and not
|
170
|
+
just it's ID. See PR description for details.
|
171
|
+
|
172
|
+
- [#1356] Remove duplicated scopes from Access Tokens and Grants on attribute assignment.
|
173
|
+
- [#1357] Fix `Doorkeeper::OAuth::PreAuthorization#as_json` method causing
|
174
|
+
`Stack level too deep` error with AMS (fix #1312).
|
175
|
+
- [#1358] Deprecate `active_record_options` configuration option.
|
176
|
+
- [#1359] Refactor Doorkeeper configuration options DSL to make it easy to reuse it
|
177
|
+
in external extensions.
|
178
|
+
- [#1360] Increase `matching_token_for` lookup size to 10 000 and make it configurable.
|
179
|
+
- [#1371] Fix controllers to use valid classes in case Doorkeeper has custom models configured.
|
180
|
+
- [#1370] Fix revocation response for invalid token and unauthorized requests to conform with RFC 7009 (fixes #1362).
|
181
|
+
|
182
|
+
**[IMPORTANT]** now fully according to RFC 7009 nobody can do a revocation request without `client_id`
|
183
|
+
(for public clients) and `client_secret` (for private clients). Please update your apps to include that
|
184
|
+
info in the revocation request payload.
|
185
|
+
|
186
|
+
- [#1373] Make Doorkeeper routes mapper reusable in extensions.
|
187
|
+
- [#1374] Revoke and issue client credentials token in a transaction with a row lock.
|
188
|
+
- [#1384] Add context object with auth/pre_auth and issued_token for authorization hooks.
|
189
|
+
- [#1387] Add `AccessToken#create_for` and use in `RefreshTokenRequest`.
|
190
|
+
- [#1392] Fix `enable_polymorphic_resource_owner` migration template to have proper index name.
|
191
|
+
- [#1393] Improve Applications #show page with more informative data on client secret and scopes.
|
192
|
+
- [#1394] Use Ruby `autoload` feature to load Doorkeeper files.
|
193
|
+
|
194
|
+
## 5.3.3
|
195
|
+
|
196
|
+
- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
197
|
+
|
198
|
+
## 5.3.2
|
199
|
+
|
200
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
201
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
202
|
+
|
203
|
+
## 5.3.1
|
204
|
+
|
205
|
+
- [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
|
206
|
+
|
207
|
+
## 5.3.0
|
208
|
+
|
209
|
+
- [#1339] Validate Resource Owner in `PasswordAccessTokenRequest` against `nil` and `false` values.
|
210
|
+
- [#1341] Fix `refresh_token_revoked_on_use` with `hash_token_secrets` enabled.
|
211
|
+
- [#1343] Fix ruby 2.7 kwargs warning in InvalidTokenResponse.
|
212
|
+
- [#1345] Allow to set custom classes for Doorkeeper models, extract reusable AR mixins.
|
213
|
+
- [#1346] Refactor `Doorkeeper::Application#to_json` into convenient `#as_json` (fix #1344).
|
214
|
+
- [#1349] Fix `Doorkeeper::Application` AR associations using an incorrect foreign key name when using a custom class.
|
215
|
+
- [#1318] Make existing token revocation for client credentials optional and disable it by default.
|
216
|
+
|
217
|
+
**[IMPORTANT]** This is a change compared to the behaviour of version 5.2.
|
218
|
+
If you were relying on access tokens being revoked once the same client
|
219
|
+
requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
|
220
|
+
initialization file.
|
221
|
+
|
222
|
+
## 5.2.6
|
223
|
+
|
224
|
+
- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
225
|
+
|
226
|
+
## 5.2.5
|
227
|
+
|
228
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
229
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
230
|
+
|
231
|
+
## 5.2.4
|
232
|
+
|
233
|
+
- [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
|
234
|
+
|
235
|
+
## 5.2.3
|
236
|
+
|
237
|
+
- [#1334] Remove `application_secret` flash helper and `redirect_to` keyword.
|
238
|
+
- [#1331] Move redirect_uri_validator to where it is used (`Application` model).
|
239
|
+
- [#1326] Move response_type check in pre_authorization to a method to be easily to override.
|
240
|
+
- [#1329] Fix `find_in_batches` order warning.
|
241
|
+
|
8
242
|
## 5.2.2
|
9
243
|
|
244
|
+
- [#1320] Call configured `authenticate_resource_owner` method once per request.
|
245
|
+
- [#1315] Allow generation of new secret with `Doorkeeper::Application#renew_secret`.
|
246
|
+
- [#1309] Allow `Doorkeeper::Application#to_json` to work without arguments.
|
247
|
+
|
248
|
+
## 5.2.1
|
249
|
+
|
250
|
+
- [#1308] Fix flash types for `api_only` mode (no flashes for `ActionController::API`).
|
251
|
+
- [#1306] Fix interpolation of `missing_param` I18n.
|
252
|
+
|
253
|
+
## 5.2.0
|
254
|
+
|
255
|
+
- [#1305] Make `Doorkeeper::ApplicationController` to inherit from `ActionController::API` in cases
|
256
|
+
when `api_mode` enabled (fixes #1302).
|
257
|
+
|
258
|
+
## 5.2.0.rc3
|
259
|
+
|
260
|
+
- [#1298] Slice strong params so doesn't error with Rails forms.
|
261
|
+
- [#1300] Limiting access to attributes of pre_authorization.
|
262
|
+
- [#1296] Adding client_id to strong parameters.
|
263
|
+
|
264
|
+
**[IMPORTANT]** `Doorkeeper::Server#client_via_uid` was removed.
|
265
|
+
|
266
|
+
- [#1293] Move ar specific redirect uri validator to ar orm directory.
|
267
|
+
- [#1288] Allow to pass attributes to the `Doorkeeper::OAuth::PreAuthorization#as_json` method to customize
|
268
|
+
the PreAuthorization response.
|
269
|
+
- [#1286] Add ability to customize grant flows per application (OAuth client) (#1245 , #1207)
|
270
|
+
- [#1283] Allow to customize base class for `Doorkeeper::ApplicationMetalController` (new configuration
|
271
|
+
option called `base_metal_controller` (fix #1273).
|
272
|
+
- [#1277] Prevent requested scope be empty on authorization request, handle and add description for invalid request.
|
273
|
+
|
274
|
+
## 5.2.0.rc2
|
275
|
+
|
276
|
+
- [#1270] Find matching tokens in batches for `reuse_access_token` option (fix #1193).
|
277
|
+
- [#1271] Reintroduce existing token revocation for client credentials.
|
278
|
+
|
279
|
+
**[IMPORTANT]** If you rely on being able to fetch multiple access tokens from the same
|
280
|
+
client using client credentials flow, you should skip to version 5.3, where this behaviour
|
281
|
+
is deactivated by default.
|
282
|
+
|
283
|
+
- [#1269] Update initializer template documentation.
|
284
|
+
- [#1266] Use strong parameters within pre-authorization.
|
285
|
+
- [#1264] Add :before_successful_authorization and :after_successful_authorization hooks in TokensController
|
286
|
+
- [#1263] Response properly when introspection fails and fix configurations's user guide.
|
287
|
+
|
288
|
+
## 5.2.0.rc1
|
289
|
+
|
290
|
+
- [#1260], [#1262] Improve Token Introspection configuration option (access to tokens, client).
|
291
|
+
- [#1257] Add constraint configuration when using client authentication on introspection endpoint.
|
292
|
+
- [#1252] Returning `unauthorized` when the revocation of the token should not be performed due to wrong permissions.
|
293
|
+
- [#1249] Specify case sensitive uniqueness to remove Rails 6 deprecation message
|
294
|
+
- [#1248] Display the Application Secret in HTML after creating a new application even when `hash_application_secrets` is used.
|
295
|
+
- [#1248] Return the unhashed Application Secret in the JSON response after creating new application even when `hash_application_secrets` is used.
|
296
|
+
- [#1238] Better support for native app with support for custom scheme and localhost redirection.
|
297
|
+
|
298
|
+
## 5.1.2
|
299
|
+
|
10
300
|
- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
11
301
|
|
12
302
|
## 5.1.1
|
13
303
|
|
14
|
-
[#1371] Backport: add
|
15
|
-
|
304
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
305
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
16
306
|
|
17
307
|
## 5.1.0
|
18
308
|
|
19
|
-
- [#1243]
|
309
|
+
- [#1243] Add nil check operator in token checking at token introspection.
|
20
310
|
- [#1241] Explaining foreign key options for resource owner in a single place
|
21
311
|
- [#1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
|
22
312
|
- [#1234] Fix `StaleRecordsCleaner` to properly work with big amount of records.
|
23
313
|
- [#1228] Allow to explicitly set non-expiring tokens in `custom_access_token_expires_in` configuration
|
24
|
-
option using `Float::
|
314
|
+
option using `Float::INFINITY` return value.
|
25
315
|
- [#1224] Do not try to store token if not found by fallback hashing strategy.
|
26
316
|
- [#1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
|
27
317
|
- [#1220] Drop Rails 4.2 & Ruby < 2.4 support.
|
@@ -30,9 +320,9 @@ User-visible changes worth mentioning.
|
|
30
320
|
|
31
321
|
- [#1208] Unify hashing implementation into secret storing strategies
|
32
322
|
|
33
|
-
**[IMPORTANT]
|
323
|
+
**[IMPORTANT]** If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
|
34
324
|
your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
|
35
|
-
`
|
325
|
+
`hash_application_secrets using: 'Doorkeeper::SecretStoring::BCrypt`.
|
36
326
|
|
37
327
|
- [#1216] Add nil check to `expires_at` method.
|
38
328
|
- [#1215] Fix deprecates for Rails 6.
|
@@ -57,7 +347,7 @@ User-visible changes worth mentioning.
|
|
57
347
|
token value validations, or you are using database with case-insensitive WHERE clause like MySQL
|
58
348
|
(you can face some collisions). Before this change access token value matched `[a-f0-9]` regex, and now
|
59
349
|
it matches `[a-zA-Z0-9\-_]`. In case you have such restrictions and your don't use custom token generator
|
60
|
-
please change configuration option `default_generator_method
|
350
|
+
please change configuration option `default_generator_method` to `:hex`.
|
61
351
|
|
62
352
|
- [#1195] Allow to customize Token Introspection response (fixes #1194).
|
63
353
|
- [#1189] Option to set `token_reuse_limit`.
|
@@ -75,6 +365,11 @@ User-visible changes worth mentioning.
|
|
75
365
|
- [#1164] Fix error when `root_path` is not defined.
|
76
366
|
- [#1162] Fix `enforce_content_type` for requests without body.
|
77
367
|
|
368
|
+
## 5.0.3
|
369
|
+
|
370
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
371
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
372
|
+
|
78
373
|
## 5.0.2
|
79
374
|
|
80
375
|
- [#1158] Fix initializer template: change `handle_auth_errors` option
|
@@ -101,7 +396,7 @@ User-visible changes worth mentioning.
|
|
101
396
|
- [#1116] `AccessGrant`s will now be revoked along with `AccessToken`s when
|
102
397
|
hitting the `AuthorizedApplicationController#destroy` route.
|
103
398
|
- [#1114] Make token info endpoint's attributes consistent with token creation
|
104
|
-
- [#1108] Simple
|
399
|
+
- [#1108] Simple formatting of callback URLs when listing oauth applications
|
105
400
|
- [#1106] Restrict access to AdminController with 'Forbidden 403' if admin_authenticator is not
|
106
401
|
configured by developers.
|
107
402
|
|
@@ -126,9 +421,9 @@ User-visible changes worth mentioning.
|
|
126
421
|
either public or private/confidential
|
127
422
|
|
128
423
|
**[IMPORTANT]**: all the applications (clients) now are considered as private by default.
|
129
|
-
|
130
|
-
|
131
|
-
|
424
|
+
You need to manually change `confidential` column to `false` if you are using public clients,
|
425
|
+
in other case your mobile (or other) applications will not be able to authorize.
|
426
|
+
See [#1142](https://github.com/doorkeeper-gem/doorkeeper/issues/1142) for more details.
|
132
427
|
|
133
428
|
- [#1010] Add configuration to enforce configured scopes (`default_scopes` and
|
134
429
|
`optional_scopes`) for applications
|
@@ -153,7 +448,6 @@ User-visible changes worth mentioning.
|
|
153
448
|
- [#1143] Adds a config option `opt_out_native_route_change` to opt out of the breaking api
|
154
449
|
changed introduced in https://github.com/doorkeeper-gem/doorkeeper/pull/1003
|
155
450
|
|
156
|
-
|
157
451
|
## 4.4.2
|
158
452
|
|
159
453
|
- [#1130] Backport fix for native redirect_uri from 5.x.
|
@@ -233,7 +527,7 @@ User-visible changes worth mentioning.
|
|
233
527
|
## 4.2.0
|
234
528
|
|
235
529
|
- Security fix: Address CVE-2016-6582, implement token revocation according to
|
236
|
-
|
530
|
+
spec (tokens might not be revoked if client follows the spec).
|
237
531
|
- [#873] Add hooks to Doorkeeper::ApplicationMetalController
|
238
532
|
- [#871] Allow downstream users to better utilize doorkeeper spec factories by
|
239
533
|
eliminating name conflict on `:user` factory.
|
@@ -267,6 +561,7 @@ User-visible changes worth mentioning.
|
|
267
561
|
```
|
268
562
|
rails generate doorkeeper:previous_refresh_token
|
269
563
|
```
|
564
|
+
|
270
565
|
- [#811] Toughen parameters filter with exact match
|
271
566
|
- [#813] Applications admin bugfix
|
272
567
|
- [#799] Fix Ruby Warnings
|
@@ -360,11 +655,10 @@ User-visible changes worth mentioning.
|
|
360
655
|
- Removes `doorkeeper_for` deprecation notice.
|
361
656
|
- Remove `applications.scopes` upgrade notice.
|
362
657
|
|
363
|
-
|
364
658
|
## 2.2.2
|
365
659
|
|
366
660
|
- [#541] Fixed `undefined method attr_accessible` problem on Rails 4
|
367
|
-
|
661
|
+
(happens only when ProtectedAttributes gem is used) in #599
|
368
662
|
|
369
663
|
## 2.2.1
|
370
664
|
|
@@ -383,7 +677,6 @@ User-visible changes worth mentioning.
|
|
383
677
|
- [#627] i18n fallbacks to english
|
384
678
|
- Moved CHANGELOG to NEWS.md
|
385
679
|
|
386
|
-
|
387
680
|
## 2.1.4 - 2015-03-27
|
388
681
|
|
389
682
|
- [#595] HTTP spec: Add `scope` for refresh token scope param
|
@@ -391,12 +684,10 @@ User-visible changes worth mentioning.
|
|
391
684
|
- [#567] Add Grape helpers for easier integration with Grape framework
|
392
685
|
- [#606] Add custom access token expiration support for Client Credentials flow
|
393
686
|
|
394
|
-
|
395
687
|
## 2.1.3 - 2015-03-01
|
396
688
|
|
397
689
|
- [#588] Fixes scopes_match? bug that skipped authorization form in some cases
|
398
690
|
|
399
|
-
|
400
691
|
## 2.1.2 - 2015-02-25
|
401
692
|
|
402
693
|
- [#574] Remove unused update authorization route.
|
@@ -405,17 +696,15 @@ User-visible changes worth mentioning.
|
|
405
696
|
- [#583] Database connection bugfix in certain scenarios.
|
406
697
|
- Testing improvements
|
407
698
|
|
408
|
-
|
409
699
|
## 2.1.1 - 2015-02-06
|
410
700
|
|
411
701
|
- Remove `wildcard_redirect_url` option
|
412
702
|
- [#481] Customize token flow OAuth expirations with a config lambda
|
413
703
|
- [#568] TokensController: Memoize strategy.authorize_response result to enable
|
414
|
-
|
704
|
+
subclasses to use the response object.
|
415
705
|
- [#571] Fix database initialization issues in some configurations.
|
416
706
|
- Documentation improvements
|
417
707
|
|
418
|
-
|
419
708
|
## 2.1.0 - 2015-01-13
|
420
709
|
|
421
710
|
- [#540] Include `created_at` in response.
|
@@ -435,12 +724,10 @@ User-visible changes worth mentioning.
|
|
435
724
|
Disables implicit and password grant flows by default.
|
436
725
|
- [#510, #544, 722113f] Revoked refresh token response bugfix.
|
437
726
|
|
438
|
-
|
439
727
|
## 2.0.1 - 2014-12-17
|
440
728
|
|
441
729
|
- [#525, #526, #527] Fix `ActiveRecord::NoDatabaseError` on gem load.
|
442
730
|
|
443
|
-
|
444
731
|
## 2.0.0 - 2014-12-16
|
445
732
|
|
446
733
|
### Backward incompatible changes
|
@@ -574,7 +861,7 @@ User-visible changes worth mentioning.
|
|
574
861
|
tokens for an application/owner instead of deleting them.
|
575
862
|
- [#333] Rails 4.1 support
|
576
863
|
- internals
|
577
|
-
- Removes jQuery dependency [fixes #300]
|
864
|
+
- Removes jQuery dependency [fixes #300][pr #312 is related]
|
578
865
|
- [#294] Client uid and secret will be generated only if not present.
|
579
866
|
- [#316] Test warnings addressed.
|
580
867
|
- [#338] Rspec 3 syntax.
|
@@ -692,7 +979,7 @@ Official support for rubinius was removed.
|
|
692
979
|
- Add support for mongoid
|
693
980
|
- [#78, #128, #137, #138] Application Ownership
|
694
981
|
- [#92] Allow users to skip controllers
|
695
|
-
- [#99] Remove deprecated warnings for data
|
982
|
+
- [#99] Remove deprecated warnings for data-\* attributes [@towerhe](https://github.com/towerhe)
|
696
983
|
- [#101] Return existing access_token for PasswordAccessTokenRequest [@benoist](https://github.com/benoist)
|
697
984
|
- [#104] Changed access token scopes example code to default_scopes and optional_scopes [@amkirwan](https://github.com/amkirwan)
|
698
985
|
- [#107] Fix typos in initializer
|
@@ -754,7 +1041,7 @@ Official support for rubinius was removed.
|
|
754
1041
|
- [#50] Fix typos [@tomekw](https://github.com/tomekw)
|
755
1042
|
- [#51] Updated the factory_girl_rails dependency, fix expires_in response which returned a float number instead of integer [@antekpiechnik](https://github.com/antekpiechnik)
|
756
1043
|
- [#62] Typos, .gitignore [@jaimeiniesta](https://github.com/jaimeiniesta)
|
757
|
-
- [#65] Change _path redirections to _url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
|
1044
|
+
- [#65] Change \_path redirections to \_url redirections [@jaimeiniesta](https://github.com/jaimeiniesta)
|
758
1045
|
- [#75] Fix unknown method #authenticate_admin! [@mattgreen](https://github.com/mattgreen)
|
759
1046
|
- Remove application link in authorized app view
|
760
1047
|
|
data/README.md
CHANGED
@@ -1,12 +1,11 @@
|
|
1
1
|
# Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
|
4
|
-
[![
|
4
|
+
[![CI](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml/badge.svg)](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml)
|
5
5
|
[![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
|
6
|
-
[![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=
|
7
|
-
[![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master)
|
6
|
+
[![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
|
8
7
|
[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
|
9
|
-
[![GuardRails badge](https://badges.
|
8
|
+
[![GuardRails badge](https://badges.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
|
10
9
|
[![Dependabot](https://img.shields.io/badge/dependabot-enabled-success.svg)](https://dependabot.com)
|
11
10
|
|
12
11
|
Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider
|
@@ -14,17 +13,18 @@ functionality to your Ruby on Rails or Grape application.
|
|
14
13
|
|
15
14
|
Supported features:
|
16
15
|
|
17
|
-
- [The OAuth 2.0 Authorization Framework](https://
|
18
|
-
- [Authorization Code Flow](
|
19
|
-
- [Access Token Scopes](
|
20
|
-
- [Refresh token](
|
21
|
-
- [Implicit grant](
|
22
|
-
- [Resource Owner Password Credentials](
|
23
|
-
- [Client Credentials](
|
24
|
-
|
25
|
-
- [OAuth 2.0 Token
|
26
|
-
- [OAuth 2.0
|
27
|
-
- [OAuth 2.0
|
16
|
+
- [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
|
17
|
+
- [Authorization Code Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
|
18
|
+
- [Access Token Scopes](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3)
|
19
|
+
- [Refresh token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)
|
20
|
+
- [Implicit grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2)
|
21
|
+
- [Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3)
|
22
|
+
- [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
|
23
|
+
- [OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
|
24
|
+
- [OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662)
|
25
|
+
- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
|
26
|
+
- [OAuth 2.0 for Native Apps](https://datatracker.ietf.org/doc/html/rfc8252)
|
27
|
+
- [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)
|
28
28
|
|
29
29
|
## Table of Contents
|
30
30
|
|
@@ -50,7 +50,7 @@ Supported features:
|
|
50
50
|
|
51
51
|
## Documentation
|
52
52
|
|
53
|
-
This documentation is valid for `
|
53
|
+
This documentation is valid for `main` branch. Please check the documentation for the version of doorkeeper you are using in:
|
54
54
|
https://github.com/doorkeeper-gem/doorkeeper/releases.
|
55
55
|
|
56
56
|
Additionally, other resources can be found on:
|
@@ -93,6 +93,7 @@ Doorkeeper supports Active Record by default, but can be configured to work with
|
|
93
93
|
| MongoDB | [doorkeeper-gem/doorkeeper-mongodb](https://github.com/doorkeeper-gem/doorkeeper-mongodb) |
|
94
94
|
| Sequel | [nbulaj/doorkeeper-sequel](https://github.com/nbulaj/doorkeeper-sequel) |
|
95
95
|
| Couchbase | [acaprojects/doorkeeper-couchbase](https://github.com/acaprojects/doorkeeper-couchbase) |
|
96
|
+
| RethinkDB | [aca-labs/doorkeeper-rethinkdb](https://github.com/aca-labs/doorkeeper-rethinkdb) |
|
96
97
|
|
97
98
|
## Extensions
|
98
99
|
|
@@ -104,6 +105,8 @@ Extensions that are not included by default and can be installed separately.
|
|
104
105
|
| JWT Token support | [doorkeeper-gem/doorkeeper-jwt](https://github.com/doorkeeper-gem/doorkeeper-jwt) |
|
105
106
|
| Assertion grant extension | [doorkeeper-gem/doorkeeper-grants\_assertion](https://github.com/doorkeeper-gem/doorkeeper-grants_assertion) |
|
106
107
|
| I18n translations | [doorkeeper-gem/doorkeeper-i18n](https://github.com/doorkeeper-gem/doorkeeper-i18n) |
|
108
|
+
| CIBA - Client Initiated Backchannel Authentication Flow extension | [doorkeeper-ciba](https://github.com/autoseg/doorkeeper-ciba) |
|
109
|
+
| Device Authorization Grant | [doorkeeper-device_authorization_grant](https://github.com/exop-group/doorkeeper-device_authorization_grant) |
|
107
110
|
|
108
111
|
## Example Applications
|
109
112
|
|
@@ -111,7 +114,7 @@ These applications show how Doorkeeper works and how to integrate with it. Start
|
|
111
114
|
|
112
115
|
| Application | Link |
|
113
116
|
| :--- | :--- |
|
114
|
-
|
|
117
|
+
| OAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
|
115
118
|
| Sinatra Client connected to Provider App | [doorkeeper-gem/doorkeeper-sinatra-client](https://github.com/doorkeeper-gem/doorkeeper-sinatra-client) |
|
116
119
|
| Devise + Omniauth Client | [doorkeeper-gem/doorkeeper-devise-client](https://github.com/doorkeeper-gem/doorkeeper-devise-client) |
|
117
120
|
|
@@ -132,10 +135,22 @@ See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-to
|
|
132
135
|
|
133
136
|
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/doorkeeper-gem#sponsor)]
|
134
137
|
|
138
|
+
<a href="https://codecademy.com/about/careers?utm_source=doorkeeper-gem" target="_blank"><img src="https://static-assets.codecademy.com/marketing/codecademy_logo_padded.png"/></a>
|
139
|
+
|
140
|
+
> Codecademy supports open source as part of its mission to democratize tech. Come help us build the education the world deserves: [https://codecademy.com/about/careers](https://codecademy.com/about/careers?utm_source=doorkeeper-gem)
|
141
|
+
|
142
|
+
<br>
|
143
|
+
|
135
144
|
<a href="https://oauth.io/?utm_source=doorkeeper-gem" target="_blank"><img src="https://oauth.io/img/logo_text.png"/></a>
|
136
145
|
|
137
146
|
> If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)
|
138
147
|
|
148
|
+
<br>
|
149
|
+
|
150
|
+
<a href="https://www.wealthsimple.com/?utm_source=doorkeeper-gem" target="_blank"><img src="https://wealthsimple.s3.amazonaws.com/branding/medium-black.svg"/></a>
|
151
|
+
|
152
|
+
> Wealthsimple is a financial company on a mission to help everyone achieve financial freedom by providing products and advice that are accessible and affordable. Using smart technology, Wealthsimple takes financial services that are often confusing, opaque and expensive and makes them simple, transparent, and low-cost. See what Investing on Autopilot is all about: [https://www.wealthsimple.com](https://www.wealthsimple.com/?utm_source=doorkeeper-gem)
|
153
|
+
|
139
154
|
## Development
|
140
155
|
|
141
156
|
To run the local engine server:
|
@@ -146,12 +161,15 @@ bundle exec rake doorkeeper:server
|
|
146
161
|
````
|
147
162
|
|
148
163
|
By default, it uses the latest Rails version with ActiveRecord. To run the
|
149
|
-
tests with a specific
|
164
|
+
tests with a specific Rails version:
|
150
165
|
|
151
166
|
```
|
152
|
-
|
167
|
+
BUNDLE_GEMFILE=gemfiles/rails_6_0.gemfile bundle exec rake
|
153
168
|
```
|
154
169
|
|
170
|
+
You can also experiment with the changes using `bin/console`. It uses in-memory SQLite database and default
|
171
|
+
Doorkeeper config, but you can reestablish connection or reconfigure the gem if you need.
|
172
|
+
|
155
173
|
## Contributing
|
156
174
|
|
157
175
|
Want to contribute and don't know where to start? Check out [features we're
|
@@ -160,8 +178,7 @@ create [example
|
|
160
178
|
apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
|
161
179
|
integrate the gem with your app and let us know!
|
162
180
|
|
163
|
-
Also, check out our [contributing guidelines
|
164
|
-
page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
|
181
|
+
Also, check out our [contributing guidelines page](CONTRIBUTING.md).
|
165
182
|
|
166
183
|
## Contributors
|
167
184
|
|
@@ -172,4 +189,4 @@ contributors](https://github.com/doorkeeper-gem/doorkeeper/graphs/contributors)!
|
|
172
189
|
|
173
190
|
## License
|
174
191
|
|
175
|
-
MIT License.
|
192
|
+
MIT License. Created in Applicake. Maintained by the community.
|
@@ -2,10 +2,11 @@
|
|
2
2
|
|
3
3
|
module Doorkeeper
|
4
4
|
class ApplicationController <
|
5
|
-
Doorkeeper.
|
5
|
+
Doorkeeper.config.resolve_controller(:base)
|
6
6
|
include Helpers::Controller
|
7
|
+
include ActionController::MimeResponds if Doorkeeper.config.api_only
|
7
8
|
|
8
|
-
unless Doorkeeper.
|
9
|
+
unless Doorkeeper.config.api_only
|
9
10
|
protect_from_forgery with: :exception
|
10
11
|
helper "doorkeeper/dashboard"
|
11
12
|
end
|