doorkeeper 5.3.3 → 5.6.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +216 -9
- data/README.md +30 -21
- data/app/controllers/doorkeeper/application_controller.rb +1 -0
- data/app/controllers/doorkeeper/applications_controller.rb +4 -4
- data/app/controllers/doorkeeper/authorizations_controller.rb +66 -22
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +3 -3
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +73 -25
- data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
- data/app/views/doorkeeper/applications/_form.html.erb +1 -1
- data/app/views/doorkeeper/applications/show.html.erb +35 -14
- data/app/views/doorkeeper/authorizations/error.html.erb +3 -1
- data/app/views/doorkeeper/authorizations/form_post.html.erb +15 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +16 -14
- data/config/locales/en.yml +9 -2
- data/lib/doorkeeper/config/abstract_builder.rb +28 -0
- data/lib/doorkeeper/config/option.rb +26 -14
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/config.rb +182 -134
- data/lib/doorkeeper/engine.rb +10 -3
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grape/helpers.rb +1 -1
- data/lib/doorkeeper/helpers/controller.rb +9 -5
- data/lib/doorkeeper/models/access_grant_mixin.rb +22 -19
- data/lib/doorkeeper/models/access_token_mixin.rb +115 -52
- data/lib/doorkeeper/models/application_mixin.rb +5 -4
- data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/models/concerns/resource_ownerable.rb +47 -0
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/models/concerns/scopes.rb +5 -1
- data/lib/doorkeeper/models/concerns/secret_storable.rb +1 -3
- data/lib/doorkeeper/oauth/authorization/code.rb +25 -6
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +24 -16
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +4 -4
- data/lib/doorkeeper/oauth/authorization_code_request.rb +34 -21
- data/lib/doorkeeper/oauth/base_request.rb +19 -26
- data/lib/doorkeeper/oauth/client/credentials.rb +2 -4
- data/lib/doorkeeper/oauth/client.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +31 -15
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -2
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +5 -4
- data/lib/doorkeeper/oauth/client_credentials_request.rb +8 -7
- data/lib/doorkeeper/oauth/code_request.rb +4 -4
- data/lib/doorkeeper/oauth/code_response.rb +22 -12
- data/lib/doorkeeper/oauth/error_response.rb +7 -9
- data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +2 -8
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -2
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +4 -22
- data/lib/doorkeeper/oauth/hooks/context.rb +21 -0
- data/lib/doorkeeper/oauth/invalid_token_response.rb +2 -2
- data/lib/doorkeeper/oauth/password_access_token_request.rb +26 -8
- data/lib/doorkeeper/oauth/pre_authorization.rb +65 -33
- data/lib/doorkeeper/oauth/refresh_token_request.rb +42 -25
- data/lib/doorkeeper/oauth/token.rb +5 -6
- data/lib/doorkeeper/oauth/token_introspection.rb +8 -12
- data/lib/doorkeeper/oauth/token_request.rb +3 -3
- data/lib/doorkeeper/oauth/token_response.rb +2 -3
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +14 -4
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +34 -4
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +28 -5
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +6 -1
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +5 -2
- data/lib/doorkeeper/orm/active_record.rb +30 -38
- data/lib/doorkeeper/rails/routes/abstract_router.rb +35 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +2 -2
- data/lib/doorkeeper/rails/routes/registry.rb +45 -0
- data/lib/doorkeeper/rails/routes.rb +25 -22
- data/lib/doorkeeper/rake/db.rake +3 -3
- data/lib/doorkeeper/request/password.rb +1 -0
- data/lib/doorkeeper/request/refresh_token.rb +2 -1
- data/lib/doorkeeper/request/strategy.rb +2 -2
- data/lib/doorkeeper/request.rb +49 -12
- data/lib/doorkeeper/server.rb +4 -4
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +2 -6
- data/lib/doorkeeper.rb +181 -81
- data/lib/generators/doorkeeper/confidential_applications_generator.rb +1 -1
- data/lib/generators/doorkeeper/enable_polymorphic_resource_owner_generator.rb +39 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +3 -1
- data/lib/generators/doorkeeper/templates/add_previous_refresh_token_to_access_tokens.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_pkce_migration.rb.erb +2 -0
- data/lib/generators/doorkeeper/templates/enable_polymorphic_resource_owner_migration.rb.erb +17 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +73 -17
- data/lib/generators/doorkeeper/templates/migration.rb.erb +28 -9
- metadata +48 -316
- data/Appraisals +0 -40
- data/CODE_OF_CONDUCT.md +0 -46
- data/CONTRIBUTING.md +0 -49
- data/Dangerfile +0 -67
- data/Dockerfile +0 -29
- data/Gemfile +0 -25
- data/NEWS.md +0 -1
- data/RELEASING.md +0 -11
- data/Rakefile +0 -28
- data/SECURITY.md +0 -15
- data/UPGRADE.md +0 -2
- data/bin/console +0 -16
- data/doorkeeper.gemspec +0 -42
- data/gemfiles/rails_5_0.gemfile +0 -18
- data/gemfiles/rails_5_1.gemfile +0 -18
- data/gemfiles/rails_5_2.gemfile +0 -18
- data/gemfiles/rails_6_0.gemfile +0 -18
- data/gemfiles/rails_master.gemfile +0 -18
- data/spec/controllers/application_metal_controller_spec.rb +0 -64
- data/spec/controllers/applications_controller_spec.rb +0 -274
- data/spec/controllers/authorizations_controller_spec.rb +0 -608
- data/spec/controllers/protected_resources_controller_spec.rb +0 -361
- data/spec/controllers/token_info_controller_spec.rb +0 -50
- data/spec/controllers/tokens_controller_spec.rb +0 -498
- data/spec/dummy/Rakefile +0 -9
- data/spec/dummy/app/assets/config/manifest.js +0 -2
- data/spec/dummy/app/controllers/application_controller.rb +0 -5
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +0 -9
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +0 -14
- data/spec/dummy/app/controllers/home_controller.rb +0 -18
- data/spec/dummy/app/controllers/metal_controller.rb +0 -13
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +0 -13
- data/spec/dummy/app/helpers/application_helper.rb +0 -7
- data/spec/dummy/app/models/user.rb +0 -7
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +0 -14
- data/spec/dummy/config/application.rb +0 -49
- data/spec/dummy/config/boot.rb +0 -7
- data/spec/dummy/config/database.yml +0 -15
- data/spec/dummy/config/environment.rb +0 -5
- data/spec/dummy/config/environments/development.rb +0 -31
- data/spec/dummy/config/environments/production.rb +0 -64
- data/spec/dummy/config/environments/test.rb +0 -45
- data/spec/dummy/config/initializers/backtrace_silencers.rb +0 -9
- data/spec/dummy/config/initializers/doorkeeper.rb +0 -166
- data/spec/dummy/config/initializers/secret_token.rb +0 -10
- data/spec/dummy/config/initializers/session_store.rb +0 -10
- data/spec/dummy/config/initializers/wrap_parameters.rb +0 -16
- data/spec/dummy/config/locales/doorkeeper.en.yml +0 -5
- data/spec/dummy/config/routes.rb +0 -13
- data/spec/dummy/config.ru +0 -6
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +0 -11
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +0 -7
- data/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb +0 -69
- data/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb +0 -9
- data/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb +0 -13
- data/spec/dummy/db/migrate/20170822064514_enable_pkce.rb +0 -8
- data/spec/dummy/db/migrate/20180210183654_add_confidential_to_applications.rb +0 -13
- data/spec/dummy/db/schema.rb +0 -68
- data/spec/dummy/public/404.html +0 -26
- data/spec/dummy/public/422.html +0 -26
- data/spec/dummy/public/500.html +0 -26
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +0 -9
- data/spec/factories.rb +0 -30
- data/spec/generators/application_owner_generator_spec.rb +0 -28
- data/spec/generators/confidential_applications_generator_spec.rb +0 -29
- data/spec/generators/install_generator_spec.rb +0 -36
- data/spec/generators/migration_generator_spec.rb +0 -28
- data/spec/generators/pkce_generator_spec.rb +0 -28
- data/spec/generators/previous_refresh_token_generator_spec.rb +0 -44
- data/spec/generators/templates/routes.rb +0 -4
- data/spec/generators/views_generator_spec.rb +0 -29
- data/spec/grape/grape_integration_spec.rb +0 -137
- data/spec/helpers/doorkeeper/dashboard_helper_spec.rb +0 -26
- data/spec/lib/config_spec.rb +0 -809
- data/spec/lib/doorkeeper_spec.rb +0 -27
- data/spec/lib/models/expirable_spec.rb +0 -61
- data/spec/lib/models/reusable_spec.rb +0 -40
- data/spec/lib/models/revocable_spec.rb +0 -59
- data/spec/lib/models/scopes_spec.rb +0 -53
- data/spec/lib/models/secret_storable_spec.rb +0 -135
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +0 -39
- data/spec/lib/oauth/authorization_code_request_spec.rb +0 -170
- data/spec/lib/oauth/base_request_spec.rb +0 -224
- data/spec/lib/oauth/base_response_spec.rb +0 -45
- data/spec/lib/oauth/client/credentials_spec.rb +0 -90
- data/spec/lib/oauth/client_credentials/creator_spec.rb +0 -134
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +0 -112
- data/spec/lib/oauth/client_credentials/validation_spec.rb +0 -59
- data/spec/lib/oauth/client_credentials_integration_spec.rb +0 -27
- data/spec/lib/oauth/client_credentials_request_spec.rb +0 -107
- data/spec/lib/oauth/client_spec.rb +0 -38
- data/spec/lib/oauth/code_request_spec.rb +0 -46
- data/spec/lib/oauth/code_response_spec.rb +0 -32
- data/spec/lib/oauth/error_response_spec.rb +0 -64
- data/spec/lib/oauth/error_spec.rb +0 -21
- data/spec/lib/oauth/forbidden_token_response_spec.rb +0 -20
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +0 -110
- data/spec/lib/oauth/helpers/unique_token_spec.rb +0 -21
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +0 -262
- data/spec/lib/oauth/invalid_request_response_spec.rb +0 -73
- data/spec/lib/oauth/invalid_token_response_spec.rb +0 -53
- data/spec/lib/oauth/password_access_token_request_spec.rb +0 -190
- data/spec/lib/oauth/pre_authorization_spec.rb +0 -223
- data/spec/lib/oauth/refresh_token_request_spec.rb +0 -177
- data/spec/lib/oauth/scopes_spec.rb +0 -146
- data/spec/lib/oauth/token_request_spec.rb +0 -157
- data/spec/lib/oauth/token_response_spec.rb +0 -84
- data/spec/lib/oauth/token_spec.rb +0 -156
- data/spec/lib/request/strategy_spec.rb +0 -54
- data/spec/lib/secret_storing/base_spec.rb +0 -60
- data/spec/lib/secret_storing/bcrypt_spec.rb +0 -49
- data/spec/lib/secret_storing/plain_spec.rb +0 -44
- data/spec/lib/secret_storing/sha256_hash_spec.rb +0 -48
- data/spec/lib/server_spec.rb +0 -49
- data/spec/lib/stale_records_cleaner_spec.rb +0 -89
- data/spec/models/doorkeeper/access_grant_spec.rb +0 -161
- data/spec/models/doorkeeper/access_token_spec.rb +0 -622
- data/spec/models/doorkeeper/application_spec.rb +0 -482
- data/spec/requests/applications/applications_request_spec.rb +0 -259
- data/spec/requests/applications/authorized_applications_spec.rb +0 -32
- data/spec/requests/endpoints/authorization_spec.rb +0 -91
- data/spec/requests/endpoints/token_spec.rb +0 -75
- data/spec/requests/flows/authorization_code_errors_spec.rb +0 -79
- data/spec/requests/flows/authorization_code_spec.rb +0 -525
- data/spec/requests/flows/client_credentials_spec.rb +0 -166
- data/spec/requests/flows/implicit_grant_errors_spec.rb +0 -46
- data/spec/requests/flows/implicit_grant_spec.rb +0 -91
- data/spec/requests/flows/password_spec.rb +0 -316
- data/spec/requests/flows/refresh_token_spec.rb +0 -233
- data/spec/requests/flows/revoke_token_spec.rb +0 -157
- data/spec/requests/flows/skip_authorization_spec.rb +0 -66
- data/spec/requests/protected_resources/metal_spec.rb +0 -16
- data/spec/requests/protected_resources/private_api_spec.rb +0 -83
- data/spec/routing/custom_controller_routes_spec.rb +0 -133
- data/spec/routing/default_routes_spec.rb +0 -41
- data/spec/routing/scoped_routes_spec.rb +0 -47
- data/spec/spec_helper.rb +0 -54
- data/spec/spec_helper_integration.rb +0 -4
- data/spec/support/dependencies/factory_bot.rb +0 -4
- data/spec/support/doorkeeper_rspec.rb +0 -22
- data/spec/support/helpers/access_token_request_helper.rb +0 -13
- data/spec/support/helpers/authorization_request_helper.rb +0 -43
- data/spec/support/helpers/config_helper.rb +0 -11
- data/spec/support/helpers/model_helper.rb +0 -78
- data/spec/support/helpers/request_spec_helper.rb +0 -110
- data/spec/support/helpers/url_helper.rb +0 -62
- data/spec/support/orm/active_record.rb +0 -5
- data/spec/support/shared/controllers_shared_context.rb +0 -133
- data/spec/support/shared/hashing_shared_context.rb +0 -36
- data/spec/support/shared/models_shared_examples.rb +0 -54
- data/spec/validators/redirect_uri_validator_spec.rb +0 -183
- data/spec/version/version_spec.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b62a0472a97d06b40362817c9d5c0dd7dd6e0d0e600437a19f5cf2fd18c4be46
|
4
|
+
data.tar.gz: 9850cef14c21a1f0df2fb451a485ab5b8066360a3008124f7aed287409364e36
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: de0c7021c4735b26249e5b267db11ede06f55b23d8f9bd51641d1cf3eee3812e14a2deec986e8aa6ee81de98097083fdb634a441fd4928cb47286fa977ba5d96
|
7
|
+
data.tar.gz: 3865639c837771ceeafceec8a110e506f88fef45c61f7274782c637e794f9185be18ee98270852bac6fecb0fc90e4893dfed08d715c761507e87396e5a559bc2
|
data/CHANGELOG.md
CHANGED
@@ -5,20 +5,201 @@ upgrade guides.
|
|
5
5
|
|
6
6
|
User-visible changes worth mentioning.
|
7
7
|
|
8
|
-
##
|
8
|
+
## main
|
9
9
|
|
10
|
-
- [#
|
10
|
+
- [#ID] Add your PR description here.
|
11
11
|
|
12
|
-
## 5.
|
12
|
+
## 5.6.6
|
13
13
|
|
14
|
-
- [#
|
14
|
+
- [#1644] Update HTTP headers.
|
15
|
+
- [#1646] Block public clients automatic authorization skip.
|
16
|
+
- [#1648] Add custom token attributes to Refresh Token Request.
|
17
|
+
- [#1649] Fixed custom_access_token_attributes related errors.
|
18
|
+
|
19
|
+
# 5.6.5
|
20
|
+
|
21
|
+
- [#1602] Allow custom data to be stored inside access grants/tokens.
|
22
|
+
- [#1634] Code refactoring for custom token attributes.
|
23
|
+
- [#1639] Add grant type validation to avoid Internal Server Error for DELETE /oauth/authorize endpoint.
|
24
|
+
|
25
|
+
# 5.6.4
|
26
|
+
|
27
|
+
- [#1633] Apply ORM configuration in #to_prepare block to avoid autoloading errors.
|
28
|
+
|
29
|
+
# 5.6.3
|
30
|
+
|
31
|
+
- [#1622] Drop support for Rubies 2.5 and 2.6
|
32
|
+
- [#1605] Fix URI validation for Ruby 3.2+.
|
33
|
+
- [#1625] Exclude endless access tokens from `StaleRecordsCleaner`.
|
34
|
+
- [#1626] Remove deprecated `active_record_options` config option.
|
35
|
+
- [#1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
|
36
|
+
- [#1630] Special case unique index creation for refresh_token on SQL Server.
|
37
|
+
- [#1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.
|
38
|
+
|
39
|
+
## 5.6.2
|
40
|
+
|
41
|
+
- [#1604] Fix fetching of the application when custom application_class defined.
|
42
|
+
|
43
|
+
## 5.6.1
|
44
|
+
|
45
|
+
- [#1593] Add support for Trilogy ActiveRecord adapter.
|
46
|
+
- [#1597] Add optional support to use the url path for the native authorization code flow. Ports forward [#1143] from 4.4.3
|
47
|
+
- [#1599] Remove unnecessarily re-fetch of application object when creating an access token.
|
48
|
+
|
49
|
+
## 5.6.0
|
50
|
+
|
51
|
+
- [#1581] Consider `token_type_hint` when searching for access token in TokensController to avoid extra database calls.
|
52
|
+
|
53
|
+
## 5.6.0.rc2
|
54
|
+
|
55
|
+
- [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
|
56
|
+
application scopes when using client credentials.
|
57
|
+
- [#1567] Only filter `code` parameter if authorization_code grant flow is enabled.
|
58
|
+
|
59
|
+
## 5.6.0.rc1
|
60
|
+
|
61
|
+
- [#1551] Change lazy loading for ORM to be Ruby standard autoload.
|
62
|
+
- [#1552] Remove duplicate IDs on Auth form to improve accessibility.
|
63
|
+
- [#1542] Improve performance of `Doorkeeper::AccessToken#matching_token_for` using database specific SQL time math.
|
64
|
+
|
65
|
+
**[IMPORTANT]**: API of the `Doorkeeper::AccessToken#matching_token_for` method has changed and now it returns
|
66
|
+
only **active** access tokens (previously they were just not revoked). Please remember that the idea of the
|
67
|
+
`reuse_access_token` option is to check for existing _active_ token (see configuration option description).
|
68
|
+
|
69
|
+
## 5.5.4
|
70
|
+
|
71
|
+
- [#1535] Revert changes introduced in #1528 to allow query params in `redirect_uri` as per the spec.
|
72
|
+
|
73
|
+
## 5.5.3
|
74
|
+
|
75
|
+
- [#1528] Don't allow extra query params in redirect_uri.
|
76
|
+
- [#1525] I18n source for forbidden token error is now `doorkeeper.errors.messages.forbidden_token.missing_scope`.
|
77
|
+
- [#1531] Disable `strict-loading` for Doorkeeper models by default.
|
78
|
+
- [#1532] Add support for Rails 7.
|
79
|
+
|
80
|
+
## 5.5.2
|
81
|
+
|
82
|
+
- [#1502] Drop support for Ruby 2.4 because of EOL.
|
83
|
+
- [#1504] Updated the url fragment in the comment for code documentation.
|
84
|
+
- [#1512] Fix form behavior when response mode is form_post.
|
85
|
+
- [#1511] Fix that authorization code is returned by fragment if response_mode is fragment.
|
86
|
+
|
87
|
+
## 5.5.1
|
88
|
+
|
89
|
+
- [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
|
90
|
+
- [#1495] Fix `respond_to` undefined in API-only mode
|
91
|
+
- [#1488] Verify client authentication for Resource Owner Password Grant when
|
92
|
+
`config.skip_client_authentication_for_password_grant` is set and the client credentials
|
93
|
+
are sent in a HTTP Basic auth header.
|
94
|
+
|
95
|
+
## 5.5.0
|
96
|
+
|
97
|
+
- [#1482] Simplify `TokenInfoController` to be overridable (extract response rendering).
|
98
|
+
- [#1478] Fix ownership association and Rake tasks when custom models configured.
|
99
|
+
- [#1477] Respect `ActiveRecord::Base.pluralize_table_names` for Doorkeeper table names.
|
100
|
+
|
101
|
+
## 5.5.0.rc2
|
102
|
+
|
103
|
+
- [#1473] Enable `Applications` and `AuthorizedApplications` controllers in API mode.
|
104
|
+
|
105
|
+
**[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
|
106
|
+
`use_doorkeeper` inside `routes.rb`. Please do it in case you don't need them.
|
107
|
+
|
108
|
+
- [#1472] Fix `establish_connection` configuration for custom defined models.
|
109
|
+
- [#1471] Add support for Ruby 3.0.
|
110
|
+
- [#1469] Check if `redirect_uri` exists.
|
111
|
+
- [#1465] Memoize nil doorkeeper_token.
|
112
|
+
- [#1459] Use built-in Ruby option to remove padding in PKCE code challenge value.
|
113
|
+
- [#1457] Make owner_id a bigint for newly-generated owner migrations
|
114
|
+
- [#1452] Empty previous_refresh_token only if present.
|
115
|
+
- [#1440] Validate empty host in redirect_uri.
|
116
|
+
- [#1438] Add form post response mode.
|
117
|
+
- [#1458] Make `config.skip_client_authentication_for_password_grant` a long term configuration option.
|
118
|
+
|
119
|
+
## 5.5.0.rc1
|
120
|
+
|
121
|
+
- [#1435] Make error response not redirectable when client is unauthorized
|
122
|
+
- [#1426] Ensure ActiveRecord callbacks are executed on token revocation.
|
123
|
+
- [#1407] Remove redundant and complex to support helpers froms tests (`should_have_json`, etc).
|
124
|
+
- [#1416] Don't add introspection route if token introspection completely disabled.
|
125
|
+
- [#1410] Properly memoize `current_resource_owner` value (consider `nil` and `false` values).
|
126
|
+
- [#1415] Ignore PKCE params for non-PKCE grants.
|
127
|
+
- [#1418] Add ability to register custom OAuth Grant Flows.
|
128
|
+
- [#1420] Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.
|
129
|
+
|
130
|
+
**[IMPORTANT]** you need to create a new OAuth client (`Doorkeeper::Application`) if you didn't
|
131
|
+
have it before and use client credentials in HTTP Basic auth if you previously used this grant
|
132
|
+
flow without client authentication. To opt out of this you could set the
|
133
|
+
`skip_client_authentication_for_password_grant` configuration option to `true`, but note that
|
134
|
+
this is in violation of the OAuth spec and represents a security risk.
|
135
|
+
All the users of your provider application now need to include client credentials when they use
|
136
|
+
this grant flow.
|
137
|
+
|
138
|
+
- [#1421] Add Resource Owner instance to authorization hook context for `custom_access_token_expires_in`
|
139
|
+
configuration option to allow resource owner based Access Tokens TTL.
|
140
|
+
|
141
|
+
## 5.4.0
|
142
|
+
|
143
|
+
- [#1404] Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
144
|
+
|
145
|
+
## 5.4.0.rc2
|
146
|
+
|
147
|
+
- [#1371] Add `#as_json` method and attributes serialization restriction for Application model.
|
15
148
|
Fixes information disclosure vulnerability (CVE-2020-10187).
|
16
|
-
|
149
|
+
|
17
150
|
**[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
|
18
151
|
if you previously used `#to_json` serialization with custom options or attributes or rely on
|
19
152
|
JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
|
20
153
|
is a breaking change which restricts serialized attributes to a very small set of columns.
|
21
154
|
|
155
|
+
- [#1395] Fix `NameError: uninitialized constant Doorkeeper::AccessToken` for Rake tasks.
|
156
|
+
- [#1397] Add `as: :doorkeeper_application` on Doorkeeper application form in order to support
|
157
|
+
custom configured application model.
|
158
|
+
- [#1400] Correctly yield the application instance to `allow_grant_flow_for_client?` config
|
159
|
+
option (fixes #1398).
|
160
|
+
- [#1402] Handle trying authorization with client credentials.
|
161
|
+
|
162
|
+
## 5.4.0.rc1
|
163
|
+
- [#1366] Sets expiry of token generated using `refresh_token` to that of original token. (Fixes #1364)
|
164
|
+
- [#1354] Add `authorize_resource_owner_for_client` option to authorize the calling user to access an application.
|
165
|
+
- [#1355] Allow to enable polymorphic Resource Owner association for Access Token & Grant
|
166
|
+
models (`use_polymorphic_resource_owner` configuration option).
|
167
|
+
|
168
|
+
**[IMPORTANT]** Review your custom patches or extensions for Doorkeeper internals if you
|
169
|
+
have such - since now Doorkeeper passes Resource Owner instance to every objects and not
|
170
|
+
just it's ID. See PR description for details.
|
171
|
+
|
172
|
+
- [#1356] Remove duplicated scopes from Access Tokens and Grants on attribute assignment.
|
173
|
+
- [#1357] Fix `Doorkeeper::OAuth::PreAuthorization#as_json` method causing
|
174
|
+
`Stack level too deep` error with AMS (fix #1312).
|
175
|
+
- [#1358] Deprecate `active_record_options` configuration option.
|
176
|
+
- [#1359] Refactor Doorkeeper configuration options DSL to make it easy to reuse it
|
177
|
+
in external extensions.
|
178
|
+
- [#1360] Increase `matching_token_for` lookup size to 10 000 and make it configurable.
|
179
|
+
- [#1371] Fix controllers to use valid classes in case Doorkeeper has custom models configured.
|
180
|
+
- [#1370] Fix revocation response for invalid token and unauthorized requests to conform with RFC 7009 (fixes #1362).
|
181
|
+
|
182
|
+
**[IMPORTANT]** now fully according to RFC 7009 nobody can do a revocation request without `client_id`
|
183
|
+
(for public clients) and `client_secret` (for private clients). Please update your apps to include that
|
184
|
+
info in the revocation request payload.
|
185
|
+
|
186
|
+
- [#1373] Make Doorkeeper routes mapper reusable in extensions.
|
187
|
+
- [#1374] Revoke and issue client credentials token in a transaction with a row lock.
|
188
|
+
- [#1384] Add context object with auth/pre_auth and issued_token for authorization hooks.
|
189
|
+
- [#1387] Add `AccessToken#create_for` and use in `RefreshTokenRequest`.
|
190
|
+
- [#1392] Fix `enable_polymorphic_resource_owner` migration template to have proper index name.
|
191
|
+
- [#1393] Improve Applications #show page with more informative data on client secret and scopes.
|
192
|
+
- [#1394] Use Ruby `autoload` feature to load Doorkeeper files.
|
193
|
+
|
194
|
+
## 5.3.3
|
195
|
+
|
196
|
+
- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
197
|
+
|
198
|
+
## 5.3.2
|
199
|
+
|
200
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
201
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
202
|
+
|
22
203
|
## 5.3.1
|
23
204
|
|
24
205
|
- [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
|
@@ -37,9 +218,18 @@ User-visible changes worth mentioning.
|
|
37
218
|
If you were relying on access tokens being revoked once the same client
|
38
219
|
requested a new access token, reenable it with `revoke_previous_client_credentials_token` in Doorkeeper
|
39
220
|
initialization file.
|
40
|
-
|
221
|
+
|
222
|
+
## 5.2.6
|
223
|
+
|
224
|
+
- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
225
|
+
|
226
|
+
## 5.2.5
|
227
|
+
|
228
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
229
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
230
|
+
|
41
231
|
## 5.2.4
|
42
|
-
|
232
|
+
|
43
233
|
- [#1360] Backport: Increase `matching_token_for` batch lookup size to 10 000 and make it configurable.
|
44
234
|
|
45
235
|
## 5.2.3
|
@@ -70,6 +260,9 @@ User-visible changes worth mentioning.
|
|
70
260
|
- [#1298] Slice strong params so doesn't error with Rails forms.
|
71
261
|
- [#1300] Limiting access to attributes of pre_authorization.
|
72
262
|
- [#1296] Adding client_id to strong parameters.
|
263
|
+
|
264
|
+
**[IMPORTANT]** `Doorkeeper::Server#client_via_uid` was removed.
|
265
|
+
|
73
266
|
- [#1293] Move ar specific redirect uri validator to ar orm directory.
|
74
267
|
- [#1288] Allow to pass attributes to the `Doorkeeper::OAuth::PreAuthorization#as_json` method to customize
|
75
268
|
the PreAuthorization response.
|
@@ -102,6 +295,15 @@ User-visible changes worth mentioning.
|
|
102
295
|
- [#1248] Return the unhashed Application Secret in the JSON response after creating new application even when `hash_application_secrets` is used.
|
103
296
|
- [#1238] Better support for native app with support for custom scheme and localhost redirection.
|
104
297
|
|
298
|
+
## 5.1.2
|
299
|
+
|
300
|
+
- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
|
301
|
+
|
302
|
+
## 5.1.1
|
303
|
+
|
304
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
305
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
306
|
+
|
105
307
|
## 5.1.0
|
106
308
|
|
107
309
|
- [#1243] Add nil check operator in token checking at token introspection.
|
@@ -109,7 +311,7 @@ User-visible changes worth mentioning.
|
|
109
311
|
- [#1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
|
110
312
|
- [#1234] Fix `StaleRecordsCleaner` to properly work with big amount of records.
|
111
313
|
- [#1228] Allow to explicitly set non-expiring tokens in `custom_access_token_expires_in` configuration
|
112
|
-
option using `Float::
|
314
|
+
option using `Float::INFINITY` return value.
|
113
315
|
- [#1224] Do not try to store token if not found by fallback hashing strategy.
|
114
316
|
- [#1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
|
115
317
|
- [#1220] Drop Rails 4.2 & Ruby < 2.4 support.
|
@@ -163,6 +365,11 @@ User-visible changes worth mentioning.
|
|
163
365
|
- [#1164] Fix error when `root_path` is not defined.
|
164
366
|
- [#1162] Fix `enforce_content_type` for requests without body.
|
165
367
|
|
368
|
+
## 5.0.3
|
369
|
+
|
370
|
+
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
|
371
|
+
Fixes information disclosure vulnerability (CVE-2020-10187).
|
372
|
+
|
166
373
|
## 5.0.2
|
167
374
|
|
168
375
|
- [#1158] Fix initializer template: change `handle_auth_errors` option
|
@@ -189,7 +396,7 @@ User-visible changes worth mentioning.
|
|
189
396
|
- [#1116] `AccessGrant`s will now be revoked along with `AccessToken`s when
|
190
397
|
hitting the `AuthorizedApplicationController#destroy` route.
|
191
398
|
- [#1114] Make token info endpoint's attributes consistent with token creation
|
192
|
-
- [#1108] Simple
|
399
|
+
- [#1108] Simple formatting of callback URLs when listing oauth applications
|
193
400
|
- [#1106] Restrict access to AdminController with 'Forbidden 403' if admin_authenticator is not
|
194
401
|
configured by developers.
|
195
402
|
|
data/README.md
CHANGED
@@ -1,12 +1,11 @@
|
|
1
1
|
# Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
|
4
|
-
[![
|
4
|
+
[![CI](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml/badge.svg)](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml)
|
5
5
|
[![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
|
6
|
-
[![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=
|
7
|
-
[![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/master)
|
6
|
+
[![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
|
8
7
|
[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
|
9
|
-
[![GuardRails badge](https://badges.
|
8
|
+
[![GuardRails badge](https://badges.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
|
10
9
|
[![Dependabot](https://img.shields.io/badge/dependabot-enabled-success.svg)](https://dependabot.com)
|
11
10
|
|
12
11
|
Doorkeeper is a gem (Rails engine) that makes it easy to introduce OAuth 2 provider
|
@@ -14,18 +13,18 @@ functionality to your Ruby on Rails or Grape application.
|
|
14
13
|
|
15
14
|
Supported features:
|
16
15
|
|
17
|
-
- [The OAuth 2.0 Authorization Framework](https://
|
18
|
-
- [Authorization Code Flow](
|
19
|
-
- [Access Token Scopes](
|
20
|
-
- [Refresh token](
|
21
|
-
- [Implicit grant](
|
22
|
-
- [Resource Owner Password Credentials](
|
23
|
-
- [Client Credentials](
|
24
|
-
- [OAuth 2.0 Token Revocation](
|
25
|
-
- [OAuth 2.0 Token Introspection](https://
|
26
|
-
- [OAuth 2.0 Threat Model and Security Considerations](
|
27
|
-
- [OAuth 2.0 for Native Apps](https://
|
28
|
-
- [Proof Key for Code Exchange by OAuth Public Clients](https://
|
16
|
+
- [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
|
17
|
+
- [Authorization Code Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
|
18
|
+
- [Access Token Scopes](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3)
|
19
|
+
- [Refresh token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)
|
20
|
+
- [Implicit grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2)
|
21
|
+
- [Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3)
|
22
|
+
- [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
|
23
|
+
- [OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
|
24
|
+
- [OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662)
|
25
|
+
- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
|
26
|
+
- [OAuth 2.0 for Native Apps](https://datatracker.ietf.org/doc/html/rfc8252)
|
27
|
+
- [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)
|
29
28
|
|
30
29
|
## Table of Contents
|
31
30
|
|
@@ -51,7 +50,7 @@ Supported features:
|
|
51
50
|
|
52
51
|
## Documentation
|
53
52
|
|
54
|
-
This documentation is valid for `
|
53
|
+
This documentation is valid for `main` branch. Please check the documentation for the version of doorkeeper you are using in:
|
55
54
|
https://github.com/doorkeeper-gem/doorkeeper/releases.
|
56
55
|
|
57
56
|
Additionally, other resources can be found on:
|
@@ -106,6 +105,8 @@ Extensions that are not included by default and can be installed separately.
|
|
106
105
|
| JWT Token support | [doorkeeper-gem/doorkeeper-jwt](https://github.com/doorkeeper-gem/doorkeeper-jwt) |
|
107
106
|
| Assertion grant extension | [doorkeeper-gem/doorkeeper-grants\_assertion](https://github.com/doorkeeper-gem/doorkeeper-grants_assertion) |
|
108
107
|
| I18n translations | [doorkeeper-gem/doorkeeper-i18n](https://github.com/doorkeeper-gem/doorkeeper-i18n) |
|
108
|
+
| CIBA - Client Initiated Backchannel Authentication Flow extension | [doorkeeper-ciba](https://github.com/autoseg/doorkeeper-ciba) |
|
109
|
+
| Device Authorization Grant | [doorkeeper-device_authorization_grant](https://github.com/exop-group/doorkeeper-device_authorization_grant) |
|
109
110
|
|
110
111
|
## Example Applications
|
111
112
|
|
@@ -113,7 +114,7 @@ These applications show how Doorkeeper works and how to integrate with it. Start
|
|
113
114
|
|
114
115
|
| Application | Link |
|
115
116
|
| :--- | :--- |
|
116
|
-
|
|
117
|
+
| OAuth2 Server with Doorkeeper | [doorkeeper-gem/doorkeeper-provider-app](https://github.com/doorkeeper-gem/doorkeeper-provider-app) |
|
117
118
|
| Sinatra Client connected to Provider App | [doorkeeper-gem/doorkeeper-sinatra-client](https://github.com/doorkeeper-gem/doorkeeper-sinatra-client) |
|
118
119
|
| Devise + Omniauth Client | [doorkeeper-gem/doorkeeper-devise-client](https://github.com/doorkeeper-gem/doorkeeper-devise-client) |
|
119
120
|
|
@@ -134,6 +135,12 @@ See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-to
|
|
134
135
|
|
135
136
|
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/doorkeeper-gem#sponsor)]
|
136
137
|
|
138
|
+
<a href="https://codecademy.com/about/careers?utm_source=doorkeeper-gem" target="_blank"><img src="https://static-assets.codecademy.com/marketing/codecademy_logo_padded.png"/></a>
|
139
|
+
|
140
|
+
> Codecademy supports open source as part of its mission to democratize tech. Come help us build the education the world deserves: [https://codecademy.com/about/careers](https://codecademy.com/about/careers?utm_source=doorkeeper-gem)
|
141
|
+
|
142
|
+
<br>
|
143
|
+
|
137
144
|
<a href="https://oauth.io/?utm_source=doorkeeper-gem" target="_blank"><img src="https://oauth.io/img/logo_text.png"/></a>
|
138
145
|
|
139
146
|
> If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)
|
@@ -160,6 +167,9 @@ tests with a specific Rails version:
|
|
160
167
|
BUNDLE_GEMFILE=gemfiles/rails_6_0.gemfile bundle exec rake
|
161
168
|
```
|
162
169
|
|
170
|
+
You can also experiment with the changes using `bin/console`. It uses in-memory SQLite database and default
|
171
|
+
Doorkeeper config, but you can reestablish connection or reconfigure the gem if you need.
|
172
|
+
|
163
173
|
## Contributing
|
164
174
|
|
165
175
|
Want to contribute and don't know where to start? Check out [features we're
|
@@ -168,8 +178,7 @@ create [example
|
|
168
178
|
apps](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications),
|
169
179
|
integrate the gem with your app and let us know!
|
170
180
|
|
171
|
-
Also, check out our [contributing guidelines
|
172
|
-
page](https://github.com/doorkeeper-gem/doorkeeper/wiki/Contributing).
|
181
|
+
Also, check out our [contributing guidelines page](CONTRIBUTING.md).
|
173
182
|
|
174
183
|
## Contributors
|
175
184
|
|
@@ -180,4 +189,4 @@ contributors](https://github.com/doorkeeper-gem/doorkeeper/graphs/contributors)!
|
|
180
189
|
|
181
190
|
## License
|
182
191
|
|
183
|
-
MIT License.
|
192
|
+
MIT License. Created in Applicake. Maintained by the community.
|
@@ -4,6 +4,7 @@ module Doorkeeper
|
|
4
4
|
class ApplicationController <
|
5
5
|
Doorkeeper.config.resolve_controller(:base)
|
6
6
|
include Helpers::Controller
|
7
|
+
include ActionController::MimeResponds if Doorkeeper.config.api_only
|
7
8
|
|
8
9
|
unless Doorkeeper.config.api_only
|
9
10
|
protect_from_forgery with: :exception
|
@@ -8,7 +8,7 @@ module Doorkeeper
|
|
8
8
|
before_action :set_application, only: %i[show edit update destroy]
|
9
9
|
|
10
10
|
def index
|
11
|
-
@applications =
|
11
|
+
@applications = Doorkeeper.config.application_model.ordered_by(:created_at)
|
12
12
|
|
13
13
|
respond_to do |format|
|
14
14
|
format.html
|
@@ -24,11 +24,11 @@ module Doorkeeper
|
|
24
24
|
end
|
25
25
|
|
26
26
|
def new
|
27
|
-
@application =
|
27
|
+
@application = Doorkeeper.config.application_model.new
|
28
28
|
end
|
29
29
|
|
30
30
|
def create
|
31
|
-
@application =
|
31
|
+
@application = Doorkeeper.config.application_model.new(application_params)
|
32
32
|
|
33
33
|
if @application.save
|
34
34
|
flash[:notice] = I18n.t(:notice, scope: %i[doorkeeper flash applications create])
|
@@ -84,7 +84,7 @@ module Doorkeeper
|
|
84
84
|
private
|
85
85
|
|
86
86
|
def set_application
|
87
|
-
@application =
|
87
|
+
@application = Doorkeeper.config.application_model.find(params[:id])
|
88
88
|
end
|
89
89
|
|
90
90
|
def application_params
|
@@ -13,18 +13,26 @@ module Doorkeeper
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def create
|
16
|
-
redirect_or_render
|
16
|
+
redirect_or_render(authorize_response)
|
17
17
|
end
|
18
18
|
|
19
19
|
def destroy
|
20
|
-
redirect_or_render
|
20
|
+
redirect_or_render(authorization.deny)
|
21
|
+
rescue Doorkeeper::Errors::InvalidTokenStrategy => e
|
22
|
+
error_response = get_error_response_from_exception(e)
|
23
|
+
|
24
|
+
if Doorkeeper.configuration.api_only
|
25
|
+
render json: error_response.body, status: :bad_request
|
26
|
+
else
|
27
|
+
render :error, locals: { error_response: error_response }
|
28
|
+
end
|
21
29
|
end
|
22
30
|
|
23
31
|
private
|
24
32
|
|
25
33
|
def render_success
|
26
|
-
if skip_authorization? || matching_token?
|
27
|
-
redirect_or_render
|
34
|
+
if skip_authorization? || (matching_token? && pre_auth.client.application.confidential?)
|
35
|
+
redirect_or_render(authorize_response)
|
28
36
|
elsif Doorkeeper.configuration.api_only
|
29
37
|
render json: pre_auth
|
30
38
|
else
|
@@ -37,14 +45,16 @@ module Doorkeeper
|
|
37
45
|
render json: pre_auth.error_response.body,
|
38
46
|
status: :bad_request
|
39
47
|
else
|
40
|
-
render :error
|
48
|
+
render :error, locals: { error_response: pre_auth.error_response }
|
41
49
|
end
|
42
50
|
end
|
43
51
|
|
52
|
+
# Active access token issued for the same client and resource owner with
|
53
|
+
# the same set of the scopes exists?
|
44
54
|
def matching_token?
|
45
|
-
|
55
|
+
Doorkeeper.config.access_token_model.matching_token_for(
|
46
56
|
pre_auth.client,
|
47
|
-
current_resource_owner
|
57
|
+
current_resource_owner,
|
48
58
|
pre_auth.scopes,
|
49
59
|
)
|
50
60
|
end
|
@@ -52,12 +62,21 @@ module Doorkeeper
|
|
52
62
|
def redirect_or_render(auth)
|
53
63
|
if auth.redirectable?
|
54
64
|
if Doorkeeper.configuration.api_only
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
65
|
+
if pre_auth.form_post_response?
|
66
|
+
render(
|
67
|
+
json: { status: :post, redirect_uri: pre_auth.redirect_uri, body: auth.body },
|
68
|
+
status: auth.status,
|
69
|
+
)
|
70
|
+
else
|
71
|
+
render(
|
72
|
+
json: { status: :redirect, redirect_uri: auth.redirect_uri },
|
73
|
+
status: auth.status,
|
74
|
+
)
|
75
|
+
end
|
76
|
+
elsif pre_auth.form_post_response?
|
77
|
+
render :form_post
|
59
78
|
else
|
60
|
-
redirect_to auth.redirect_uri
|
79
|
+
redirect_to auth.redirect_uri, allow_other_host: true
|
61
80
|
end
|
62
81
|
else
|
63
82
|
render json: auth.body, status: auth.status
|
@@ -65,7 +84,11 @@ module Doorkeeper
|
|
65
84
|
end
|
66
85
|
|
67
86
|
def pre_auth
|
68
|
-
@pre_auth ||= OAuth::PreAuthorization.new(
|
87
|
+
@pre_auth ||= OAuth::PreAuthorization.new(
|
88
|
+
Doorkeeper.configuration,
|
89
|
+
pre_auth_params,
|
90
|
+
current_resource_owner,
|
91
|
+
)
|
69
92
|
end
|
70
93
|
|
71
94
|
def pre_auth_params
|
@@ -73,8 +96,20 @@ module Doorkeeper
|
|
73
96
|
end
|
74
97
|
|
75
98
|
def pre_auth_param_fields
|
76
|
-
%i[
|
77
|
-
|
99
|
+
custom_access_token_attributes + %i[
|
100
|
+
client_id
|
101
|
+
code_challenge
|
102
|
+
code_challenge_method
|
103
|
+
response_type
|
104
|
+
response_mode
|
105
|
+
redirect_uri
|
106
|
+
scope
|
107
|
+
state
|
108
|
+
]
|
109
|
+
end
|
110
|
+
|
111
|
+
def custom_access_token_attributes
|
112
|
+
Doorkeeper.config.custom_access_token_attributes.map(&:to_sym)
|
78
113
|
end
|
79
114
|
|
80
115
|
def authorization
|
@@ -82,26 +117,35 @@ module Doorkeeper
|
|
82
117
|
end
|
83
118
|
|
84
119
|
def strategy
|
85
|
-
@strategy ||= server.authorization_request
|
120
|
+
@strategy ||= server.authorization_request(pre_auth.response_type)
|
86
121
|
end
|
87
122
|
|
88
123
|
def authorize_response
|
89
124
|
@authorize_response ||= begin
|
90
125
|
return pre_auth.error_response unless pre_auth.authorizable?
|
91
126
|
|
92
|
-
|
127
|
+
context = build_context(pre_auth: pre_auth)
|
128
|
+
before_successful_authorization(context)
|
129
|
+
|
93
130
|
auth = strategy.authorize
|
94
|
-
|
131
|
+
|
132
|
+
context = build_context(auth: auth)
|
133
|
+
after_successful_authorization(context)
|
134
|
+
|
95
135
|
auth
|
96
136
|
end
|
97
137
|
end
|
98
138
|
|
99
|
-
def
|
100
|
-
Doorkeeper.
|
139
|
+
def build_context(**attributes)
|
140
|
+
Doorkeeper::OAuth::Hooks::Context.new(**attributes)
|
141
|
+
end
|
142
|
+
|
143
|
+
def before_successful_authorization(context = nil)
|
144
|
+
Doorkeeper.config.before_successful_authorization.call(self, context)
|
101
145
|
end
|
102
146
|
|
103
|
-
def
|
104
|
-
Doorkeeper.
|
147
|
+
def after_successful_authorization(context)
|
148
|
+
Doorkeeper.config.after_successful_authorization.call(self, context)
|
105
149
|
end
|
106
150
|
end
|
107
151
|
end
|
@@ -5,7 +5,7 @@ module Doorkeeper
|
|
5
5
|
before_action :authenticate_resource_owner!
|
6
6
|
|
7
7
|
def index
|
8
|
-
@applications =
|
8
|
+
@applications = Doorkeeper.config.application_model.authorized_for(current_resource_owner)
|
9
9
|
|
10
10
|
respond_to do |format|
|
11
11
|
format.html
|
@@ -14,7 +14,7 @@ module Doorkeeper
|
|
14
14
|
end
|
15
15
|
|
16
16
|
def destroy
|
17
|
-
|
17
|
+
Doorkeeper.config.application_model.revoke_tokens_and_grants_for(
|
18
18
|
params[:id],
|
19
19
|
current_resource_owner,
|
20
20
|
)
|
@@ -26,7 +26,7 @@ module Doorkeeper
|
|
26
26
|
)
|
27
27
|
end
|
28
28
|
|
29
|
-
format.json {
|
29
|
+
format.json { head :no_content }
|
30
30
|
end
|
31
31
|
end
|
32
32
|
end
|
@@ -4,12 +4,22 @@ module Doorkeeper
|
|
4
4
|
class TokenInfoController < Doorkeeper::ApplicationMetalController
|
5
5
|
def show
|
6
6
|
if doorkeeper_token&.accessible?
|
7
|
-
render json:
|
7
|
+
render json: doorkeeper_token_to_json, status: :ok
|
8
8
|
else
|
9
9
|
error = OAuth::InvalidTokenResponse.new
|
10
10
|
response.headers.merge!(error.headers)
|
11
|
-
render json: error
|
11
|
+
render json: error_to_json(error), status: error.status
|
12
12
|
end
|
13
13
|
end
|
14
|
+
|
15
|
+
protected
|
16
|
+
|
17
|
+
def doorkeeper_token_to_json
|
18
|
+
doorkeeper_token
|
19
|
+
end
|
20
|
+
|
21
|
+
def error_to_json(error)
|
22
|
+
error.body
|
23
|
+
end
|
14
24
|
end
|
15
25
|
end
|