doorkeeper 5.4.0.rc2 → 5.5.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +90 -10
- data/README.md +4 -4
- data/app/controllers/doorkeeper/application_controller.rb +1 -0
- data/app/controllers/doorkeeper/authorizations_controller.rb +16 -5
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -2
- data/app/controllers/doorkeeper/tokens_controller.rb +34 -26
- data/app/views/doorkeeper/applications/show.html.erb +16 -12
- data/app/views/doorkeeper/authorizations/form_post.html.erb +11 -0
- data/config/locales/en.yml +3 -1
- data/lib/doorkeeper.rb +5 -0
- data/lib/doorkeeper/config.rb +91 -62
- data/lib/doorkeeper/config/option.rb +1 -3
- data/lib/doorkeeper/config/validations.rb +53 -0
- data/lib/doorkeeper/engine.rb +1 -1
- data/lib/doorkeeper/grant_flow.rb +45 -0
- data/lib/doorkeeper/grant_flow/fallback_flow.rb +15 -0
- data/lib/doorkeeper/grant_flow/flow.rb +44 -0
- data/lib/doorkeeper/grant_flow/registry.rb +50 -0
- data/lib/doorkeeper/helpers/controller.rb +4 -0
- data/lib/doorkeeper/models/access_grant_mixin.rb +1 -2
- data/lib/doorkeeper/models/access_token_mixin.rb +4 -4
- data/lib/doorkeeper/models/concerns/revocable.rb +1 -1
- data/lib/doorkeeper/oauth/authorization/code.rb +5 -1
- data/lib/doorkeeper/oauth/authorization/context.rb +5 -5
- data/lib/doorkeeper/oauth/authorization/token.rb +11 -5
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +1 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +10 -17
- data/lib/doorkeeper/oauth/base_request.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -1
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -0
- data/lib/doorkeeper/oauth/code_request.rb +2 -2
- data/lib/doorkeeper/oauth/code_response.rb +17 -11
- data/lib/doorkeeper/oauth/error_response.rb +4 -3
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +1 -3
- data/lib/doorkeeper/oauth/password_access_token_request.rb +23 -3
- data/lib/doorkeeper/oauth/pre_authorization.rb +33 -8
- data/lib/doorkeeper/oauth/refresh_token_request.rb +13 -0
- data/lib/doorkeeper/oauth/token.rb +3 -3
- data/lib/doorkeeper/oauth/token_introspection.rb +1 -5
- data/lib/doorkeeper/oauth/token_request.rb +1 -1
- data/lib/doorkeeper/orm/active_record.rb +5 -14
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +11 -1
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +9 -1
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +26 -15
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +5 -0
- data/lib/doorkeeper/rails/routes.rb +1 -3
- data/lib/doorkeeper/rake/db.rake +3 -3
- data/lib/doorkeeper/rake/setup.rake +5 -0
- data/lib/doorkeeper/request.rb +49 -12
- data/lib/doorkeeper/request/password.rb +1 -0
- data/lib/doorkeeper/server.rb +1 -1
- data/lib/doorkeeper/stale_records_cleaner.rb +4 -4
- data/lib/doorkeeper/version.rb +3 -7
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb.erb +1 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +9 -7
- metadata +26 -13
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
class AddOwnerToApplication < ActiveRecord::Migration<%= migration_version %>
|
|
4
4
|
def change
|
|
5
|
-
add_column :oauth_applications, :owner_id, :
|
|
5
|
+
add_column :oauth_applications, :owner_id, :bigint, null: true
|
|
6
6
|
add_column :oauth_applications, :owner_type, :string, null: true
|
|
7
7
|
add_index :oauth_applications, [:owner_id, :owner_type]
|
|
8
8
|
end
|
|
@@ -103,12 +103,13 @@ Doorkeeper.configure do
|
|
|
103
103
|
#
|
|
104
104
|
# `context` has the following properties available:
|
|
105
105
|
#
|
|
106
|
-
# `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
|
|
107
|
-
# `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
|
|
108
|
-
# `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
|
|
106
|
+
# * `client` - the OAuth client application (see Doorkeeper::OAuth::Client)
|
|
107
|
+
# * `grant_type` - the grant type of the request (see Doorkeeper::OAuth)
|
|
108
|
+
# * `scopes` - the requested scopes (see Doorkeeper::OAuth::Scopes)
|
|
109
|
+
# * `resource_owner` - authorized resource owner instance (if present)
|
|
109
110
|
#
|
|
110
111
|
# custom_access_token_expires_in do |context|
|
|
111
|
-
# context.client.
|
|
112
|
+
# context.client.additional_settings.implicit_oauth_expiration
|
|
112
113
|
# end
|
|
113
114
|
|
|
114
115
|
# Use a custom class for generating the access token.
|
|
@@ -167,8 +168,7 @@ Doorkeeper.configure do
|
|
|
167
168
|
# since plain values can no longer be retrieved.
|
|
168
169
|
#
|
|
169
170
|
# Note: If you are already a user of doorkeeper and have existing tokens
|
|
170
|
-
# in your installation, they will be invalid without
|
|
171
|
-
# setting `fallback_to_plain_secrets` below.
|
|
171
|
+
# in your installation, they will be invalid without adding 'fallback: :plain'.
|
|
172
172
|
#
|
|
173
173
|
# hash_token_secrets
|
|
174
174
|
# By default, token secrets will be hashed using the
|
|
@@ -202,7 +202,9 @@ Doorkeeper.configure do
|
|
|
202
202
|
# This will ensure that old access tokens and secrets
|
|
203
203
|
# will remain valid even if the hashing above is enabled.
|
|
204
204
|
#
|
|
205
|
-
#
|
|
205
|
+
# This can be done by adding 'fallback: plain', e.g. :
|
|
206
|
+
#
|
|
207
|
+
# hash_application_secrets using: '::Doorkeeper::SecretStoring::BCrypt', fallback: :plain
|
|
206
208
|
|
|
207
209
|
# Issue access tokens with refresh token (disabled by default), you may also
|
|
208
210
|
# pass a block which accepts `context` to customize when to give a refresh
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.5.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Felipe Elias Philipp
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2021-04-06 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: railties
|
|
@@ -75,42 +75,42 @@ dependencies:
|
|
|
75
75
|
requirements:
|
|
76
76
|
- - "~>"
|
|
77
77
|
- !ruby/object:Gem::Version
|
|
78
|
-
version: '
|
|
78
|
+
version: '8.0'
|
|
79
79
|
type: :development
|
|
80
80
|
prerelease: false
|
|
81
81
|
version_requirements: !ruby/object:Gem::Requirement
|
|
82
82
|
requirements:
|
|
83
83
|
- - "~>"
|
|
84
84
|
- !ruby/object:Gem::Version
|
|
85
|
-
version: '
|
|
85
|
+
version: '8.0'
|
|
86
86
|
- !ruby/object:Gem::Dependency
|
|
87
87
|
name: database_cleaner
|
|
88
88
|
requirement: !ruby/object:Gem::Requirement
|
|
89
89
|
requirements:
|
|
90
90
|
- - "~>"
|
|
91
91
|
- !ruby/object:Gem::Version
|
|
92
|
-
version: '
|
|
92
|
+
version: '2.0'
|
|
93
93
|
type: :development
|
|
94
94
|
prerelease: false
|
|
95
95
|
version_requirements: !ruby/object:Gem::Requirement
|
|
96
96
|
requirements:
|
|
97
97
|
- - "~>"
|
|
98
98
|
- !ruby/object:Gem::Version
|
|
99
|
-
version: '
|
|
99
|
+
version: '2.0'
|
|
100
100
|
- !ruby/object:Gem::Dependency
|
|
101
101
|
name: factory_bot
|
|
102
102
|
requirement: !ruby/object:Gem::Requirement
|
|
103
103
|
requirements:
|
|
104
104
|
- - "~>"
|
|
105
105
|
- !ruby/object:Gem::Version
|
|
106
|
-
version: '
|
|
106
|
+
version: '6.0'
|
|
107
107
|
type: :development
|
|
108
108
|
prerelease: false
|
|
109
109
|
version_requirements: !ruby/object:Gem::Requirement
|
|
110
110
|
requirements:
|
|
111
111
|
- - "~>"
|
|
112
112
|
- !ruby/object:Gem::Version
|
|
113
|
-
version: '
|
|
113
|
+
version: '6.0'
|
|
114
114
|
- !ruby/object:Gem::Dependency
|
|
115
115
|
name: generator_spec
|
|
116
116
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -194,6 +194,7 @@ files:
|
|
|
194
194
|
- app/views/doorkeeper/applications/new.html.erb
|
|
195
195
|
- app/views/doorkeeper/applications/show.html.erb
|
|
196
196
|
- app/views/doorkeeper/authorizations/error.html.erb
|
|
197
|
+
- app/views/doorkeeper/authorizations/form_post.html.erb
|
|
197
198
|
- app/views/doorkeeper/authorizations/new.html.erb
|
|
198
199
|
- app/views/doorkeeper/authorizations/show.html.erb
|
|
199
200
|
- app/views/doorkeeper/authorized_applications/_delete_form.html.erb
|
|
@@ -205,8 +206,13 @@ files:
|
|
|
205
206
|
- lib/doorkeeper/config.rb
|
|
206
207
|
- lib/doorkeeper/config/abstract_builder.rb
|
|
207
208
|
- lib/doorkeeper/config/option.rb
|
|
209
|
+
- lib/doorkeeper/config/validations.rb
|
|
208
210
|
- lib/doorkeeper/engine.rb
|
|
209
211
|
- lib/doorkeeper/errors.rb
|
|
212
|
+
- lib/doorkeeper/grant_flow.rb
|
|
213
|
+
- lib/doorkeeper/grant_flow/fallback_flow.rb
|
|
214
|
+
- lib/doorkeeper/grant_flow/flow.rb
|
|
215
|
+
- lib/doorkeeper/grant_flow/registry.rb
|
|
210
216
|
- lib/doorkeeper/grape/authorization_decorator.rb
|
|
211
217
|
- lib/doorkeeper/grape/helpers.rb
|
|
212
218
|
- lib/doorkeeper/helpers/controller.rb
|
|
@@ -312,11 +318,18 @@ licenses:
|
|
|
312
318
|
- MIT
|
|
313
319
|
metadata:
|
|
314
320
|
homepage_uri: https://github.com/doorkeeper-gem/doorkeeper
|
|
315
|
-
changelog_uri: https://github.com/doorkeeper-gem/doorkeeper/blob/
|
|
321
|
+
changelog_uri: https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md
|
|
316
322
|
source_code_uri: https://github.com/doorkeeper-gem/doorkeeper
|
|
317
323
|
bug_tracker_uri: https://github.com/doorkeeper-gem/doorkeeper/issues
|
|
318
324
|
documentation_uri: https://doorkeeper.gitbook.io/guides/
|
|
319
|
-
post_install_message:
|
|
325
|
+
post_install_message: "Starting from 5.5.0 RC1 Doorkeeper requires client authentication
|
|
326
|
+
for Resource Owner Password Grant\nas stated in the OAuth RFC. You have to create
|
|
327
|
+
a new OAuth client (Doorkeeper::Application) if you didn't\nhave it before and use
|
|
328
|
+
client credentials in HTTP Basic auth if you previously used this grant flow without\nclient
|
|
329
|
+
authentication. \n\nTo opt out of this you could set the \"skip_client_authentication_for_password_grant\"
|
|
330
|
+
configuration option\nto \"true\", but note that this is in violation of the OAuth
|
|
331
|
+
spec and represents a security risk.\n\nRead https://github.com/doorkeeper-gem/doorkeeper/issues/561#issuecomment-612857163
|
|
332
|
+
for more details."
|
|
320
333
|
rdoc_options: []
|
|
321
334
|
require_paths:
|
|
322
335
|
- lib
|
|
@@ -327,11 +340,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
327
340
|
version: '2.4'
|
|
328
341
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
329
342
|
requirements:
|
|
330
|
-
- - "
|
|
343
|
+
- - ">="
|
|
331
344
|
- !ruby/object:Gem::Version
|
|
332
|
-
version:
|
|
345
|
+
version: '0'
|
|
333
346
|
requirements: []
|
|
334
|
-
rubygems_version: 3.
|
|
347
|
+
rubygems_version: 3.1.2
|
|
335
348
|
signing_key:
|
|
336
349
|
specification_version: 4
|
|
337
350
|
summary: OAuth 2 provider for Rails and Grape
|