doorkeeper 5.5.0 → 5.5.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (31) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +27 -1
  3. data/README.md +19 -13
  4. data/app/controllers/doorkeeper/application_controller.rb +1 -0
  5. data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
  6. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  7. data/app/controllers/doorkeeper/tokens_controller.rb +3 -3
  8. data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
  9. data/app/views/doorkeeper/authorizations/form_post.html.erb +10 -6
  10. data/app/views/doorkeeper/authorizations/new.html.erb +2 -0
  11. data/config/locales/en.yml +3 -0
  12. data/lib/doorkeeper/config.rb +5 -1
  13. data/lib/doorkeeper/models/access_grant_mixin.rb +1 -1
  14. data/lib/doorkeeper/models/access_token_mixin.rb +3 -3
  15. data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
  16. data/lib/doorkeeper/oauth/authorization_code_request.rb +1 -1
  17. data/lib/doorkeeper/oauth/code_request.rb +1 -1
  18. data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
  19. data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -2
  20. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -19
  21. data/lib/doorkeeper/oauth/password_access_token_request.rb +5 -4
  22. data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
  23. data/lib/doorkeeper/oauth/token_introspection.rb +3 -3
  24. data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +1 -0
  25. data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +1 -0
  26. data/lib/doorkeeper/orm/active_record/mixins/application.rb +1 -0
  27. data/lib/doorkeeper/request/password.rb +1 -0
  28. data/lib/doorkeeper/version.rb +1 -1
  29. data/lib/generators/doorkeeper/templates/initializer.rb +5 -5
  30. data/lib/generators/doorkeeper/templates/migration.rb.erb +1 -1
  31. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8d0646462c8fd51891c70b06dbccf9d4c2a2db2d19f71fb9e358c9401843053a
4
- data.tar.gz: 17669cf7be5a1f0053850c6f00c03b63df477438a7aa6805558d48dfb35541b0
3
+ metadata.gz: 55c17555b9591b1a06b8164b0508ab733df8dca59e4b555e1dac3b3cc7a1112e
4
+ data.tar.gz: 56fd2b8475c97f0bc755086cc22ee1aa14d2ac47263f0e218f3cf4f9f80d5b38
5
5
  SHA512:
6
- metadata.gz: 54c0fadb672bb09b4e33b6df5476694a0e7f1fb7795b3e2d4172e6c77671bbd7f929dec42f37d9b17bede5cb0659c5a95a30771fd8c69dbdddcb80d4d291aa81
7
- data.tar.gz: 462977a3eae6d5705ce246814a66f0bd29cd64647e43ba4df2502b9b72eea9c0e848ce3c1789fa97cb6953a07661eef025665a9fa29a97080c1d61acc3e559b6
6
+ metadata.gz: b21d497b70266436f0446eec977f9ff074f646c0cdf417e08c8806529474ea91d112f0f1357a614f9e136b0dd042d665f7ea7325740254770ff01469df595390
7
+ data.tar.gz: eb23ac65993cf89d82b66e5616b231d58fd0ac928486354a2bc36fdf7173fb3ba807f434f85a45f4ea6d1600847b46bdd5ad76ea9d317c16908a114b18fdb94a
data/CHANGELOG.md CHANGED
@@ -7,7 +7,33 @@ User-visible changes worth mentioning.
7
7
 
8
8
  ## main
9
9
 
10
- - [#PR ID] Add your PR description here.
10
+ - [#ID] Add your PR description here.
11
+
12
+ ## 5.5.4
13
+
14
+ - [#1535] Revert changes introduced in #1528 to allow query params in `redirect_uri` as per the spec.
15
+
16
+ ## 5.5.3
17
+
18
+ - [#1528] Don't allow extra query params in redirect_uri.
19
+ - [#1525] I18n source for forbidden token error is now `doorkeeper.errors.messages.forbidden_token.missing_scope`.
20
+ - [#1531] Disable `strict-loading` for Doorkeeper models by default.
21
+ - [#1532] Add support for Rails 7.
22
+
23
+ ## 5.5.2
24
+
25
+ - [#1502] Drop support for Ruby 2.4 because of EOL.
26
+ - [#1504] Updated the url fragment in the comment for code documentation.
27
+ - [#1512] Fix form behavior when response mode is form_post.
28
+ - [#1511] Fix that authorization code is returned by fragment if response_mode is fragament.
29
+
30
+ ## 5.5.1
31
+
32
+ - [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
33
+ - [#1495] Fix `respond_to` undefined in API-only mode
34
+ - [#1488] Verify client authentication for Resource Owner Password Grant when
35
+ `config.skip_client_authentication_for_password_grant` is set and the client credentials
36
+ are sent in a HTTP Basic auth header.
11
37
 
12
38
  ## 5.5.0
13
39
 
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
4
- [![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=main)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
4
+ [![Build Status](https://app.travis-ci.com/doorkeeper-gem/doorkeeper.svg?branch=main)](https://app.travis-ci.com/doorkeeper-gem/doorkeeper)
5
5
  [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
6
6
  [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
7
7
  [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main)
@@ -14,18 +14,18 @@ functionality to your Ruby on Rails or Grape application.
14
14
 
15
15
  Supported features:
16
16
 
17
- - [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
18
- - [Authorization Code Flow](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1)
19
- - [Access Token Scopes](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3)
20
- - [Refresh token](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-1.5)
21
- - [Implicit grant](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2)
22
- - [Resource Owner Password Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.3)
23
- - [Client Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.4)
24
- - [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
25
- - [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
26
- - [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
27
- - [OAuth 2.0 for Native Apps](https://tools.ietf.org/html/draft-ietf-oauth-native-apps-10)
28
- - [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
17
+ - [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
18
+ - [Authorization Code Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
19
+ - [Access Token Scopes](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3)
20
+ - [Refresh token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)
21
+ - [Implicit grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2)
22
+ - [Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3)
23
+ - [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
24
+ - [OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
25
+ - [OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662)
26
+ - [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
27
+ - [OAuth 2.0 for Native Apps](https://datatracker.ietf.org/doc/html/rfc8252)
28
+ - [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)
29
29
 
30
30
  ## Table of Contents
31
31
 
@@ -134,6 +134,12 @@ See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-to
134
134
 
135
135
  Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/doorkeeper-gem#sponsor)]
136
136
 
137
+ <a href="https://codecademy.com/about/careers?utm_source=doorkeeper-gem" target="_blank"><img src="https://static-assets.codecademy.com/marketing/codecademy_logo_padded.png"/></a>
138
+
139
+ > Codecademy supports open source as part of its mission to democratize tech. Come help us build the education the world deserves: [https://codecademy.com/about/careers](https://codecademy.com/about/careers?utm_source=doorkeeper-gem)
140
+
141
+ <br>
142
+
137
143
  <a href="https://oauth.io/?utm_source=doorkeeper-gem" target="_blank"><img src="https://oauth.io/img/logo_text.png"/></a>
138
144
 
139
145
  > If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)
@@ -4,6 +4,7 @@ module Doorkeeper
4
4
  class ApplicationController <
5
5
  Doorkeeper.config.resolve_controller(:base)
6
6
  include Helpers::Controller
7
+ include ActionController::MimeResponds if Doorkeeper.config.api_only
7
8
 
8
9
  unless Doorkeeper.config.api_only
9
10
  protect_from_forgery with: :exception
@@ -66,7 +66,7 @@ module Doorkeeper
66
66
  elsif pre_auth.form_post_response?
67
67
  render :form_post
68
68
  else
69
- redirect_to auth.redirect_uri
69
+ redirect_to auth.redirect_uri, allow_other_host: true
70
70
  end
71
71
  else
72
72
  render json: auth.body, status: auth.status
@@ -26,7 +26,7 @@ module Doorkeeper
26
26
  )
27
27
  end
28
28
 
29
- format.json { render :no_content }
29
+ format.json { head :no_content }
30
30
  end
31
31
  end
32
32
  end
@@ -12,7 +12,7 @@ module Doorkeeper
12
12
  handle_token_exception(e)
13
13
  end
14
14
 
15
- # OAuth 2.0 Token Revocation - http://tools.ietf.org/html/rfc7009
15
+ # OAuth 2.0 Token Revocation - https://datatracker.ietf.org/doc/html/rfc7009
16
16
  def revoke
17
17
  # The authorization server responds with HTTP status code 200 if the client
18
18
  # submitted an invalid token or the token has been revoked successfully.
@@ -94,8 +94,8 @@ module Doorkeeper
94
94
  # types, they set the application_id as null (since the claim cannot be
95
95
  # verified).
96
96
  #
97
- # https://tools.ietf.org/html/rfc6749#section-2.1
98
- # https://tools.ietf.org/html/rfc7009
97
+ # https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
98
+ # https://datatracker.ietf.org/doc/html/rfc7009
99
99
  def authorized?
100
100
  # Token belongs to specific client, so we need to check if
101
101
  # authenticated client could access it.
@@ -6,7 +6,7 @@ module Doorkeeper
6
6
  return if object.errors[method].blank?
7
7
 
8
8
  output = object.errors[method].map do |msg|
9
- content_tag(:span, class: "form-text") do
9
+ content_tag(:span, class: "invalid-feedback") do
10
10
  msg.capitalize
11
11
  end
12
12
  end
@@ -2,10 +2,14 @@
2
2
  <h1><%= t('.title') %></h1>
3
3
  </header>
4
4
 
5
- <main role="main" onload="document.forms[0].submit()">
6
- <%= form_tag @pre_auth.redirect_uri, method: :post do %>
7
- <% @authorize_response.body.each do |key, value| %>
8
- <%= hidden_field_tag key, value %>
9
- <% end %>
5
+ <%= form_tag @pre_auth.redirect_uri, method: :post, name: :redirect_form, authenticity_token: false do %>
6
+ <% @authorize_response.body.compact.each do |key, value| %>
7
+ <%= hidden_field_tag key, value %>
10
8
  <% end %>
11
- </main>
9
+ <% end %>
10
+
11
+ <script>
12
+ window.onload = function () {
13
+ document.forms['redirect_form'].submit();
14
+ };
15
+ </script>
@@ -25,6 +25,7 @@
25
25
  <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
26
26
  <%= hidden_field_tag :state, @pre_auth.state %>
27
27
  <%= hidden_field_tag :response_type, @pre_auth.response_type %>
28
+ <%= hidden_field_tag :response_mode, @pre_auth.response_mode %>
28
29
  <%= hidden_field_tag :scope, @pre_auth.scope %>
29
30
  <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
30
31
  <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>
@@ -35,6 +36,7 @@
35
36
  <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
36
37
  <%= hidden_field_tag :state, @pre_auth.state %>
37
38
  <%= hidden_field_tag :response_type, @pre_auth.response_type %>
39
+ <%= hidden_field_tag :response_mode, @pre_auth.response_mode %>
38
40
  <%= hidden_field_tag :scope, @pre_auth.scope %>
39
41
  <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
40
42
  <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>
@@ -125,6 +125,9 @@ en:
125
125
  revoke:
126
126
  unauthorized: "You are not authorized to revoke this token"
127
127
 
128
+ forbidden_token:
129
+ missing_scope: 'Access to this resource requires scope "%{oauth_scopes}".'
130
+
128
131
  flash:
129
132
  applications:
130
133
  create:
@@ -278,6 +278,10 @@ module Doorkeeper
278
278
  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
279
279
  option :token_reuse_limit, default: 100
280
280
 
281
+ # Don't require client authentication for password grants. If client credentials
282
+ # are present they will still be validated, and the grant rejected if the credentials
283
+ # are invalid.
284
+ #
281
285
  # This is discouraged. Spec says that password grants always require a client.
282
286
  #
283
287
  # See https://github.com/doorkeeper-gem/doorkeeper/issues/1412#issuecomment-632750422
@@ -370,7 +374,7 @@ module Doorkeeper
370
374
 
371
375
  # The controller Doorkeeper::ApplicationController inherits from.
372
376
  # Defaults to ActionController::Base.
373
- # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-base-controller
377
+ # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-controllers
374
378
  #
375
379
  # @param base_controller [String] the name of the base controller
376
380
  option :base_controller,
@@ -49,7 +49,7 @@ module Doorkeeper
49
49
  end
50
50
 
51
51
  # Implements PKCE code_challenge encoding without base64 padding as described in the spec.
52
- # https://tools.ietf.org/html/rfc7636#appendix-A
52
+ # https://datatracker.ietf.org/doc/html/rfc7636#appendix-A
53
53
  # Appendix A. Notes on Implementing Base64url Encoding without Padding
54
54
  #
55
55
  # This appendix describes how to implement a base64url-encoding
@@ -279,7 +279,7 @@ module Doorkeeper
279
279
  end
280
280
 
281
281
  # Access Token type: Bearer.
282
- # @see https://tools.ietf.org/html/rfc6750
282
+ # @see https://datatracker.ietf.org/doc/html/rfc6750
283
283
  # The OAuth 2.0 Authorization Framework: Bearer Token Usage
284
284
  #
285
285
  def token_type
@@ -374,10 +374,10 @@ module Doorkeeper
374
374
  # and clears `:previous_refresh_token` attribute.
375
375
  #
376
376
  def revoke_previous_refresh_token!
377
- return unless self.class.refresh_token_revoked_on_use?
377
+ return if !self.class.refresh_token_revoked_on_use? || previous_refresh_token.blank?
378
378
 
379
379
  old_refresh_token&.revoke
380
- update_attribute(:previous_refresh_token, "") if previous_refresh_token.present?
380
+ update_attribute(:previous_refresh_token, "")
381
381
  end
382
382
 
383
383
  private
@@ -8,7 +8,7 @@ module Doorkeeper
8
8
  #
9
9
  # @return [Boolean] true if object expired and false in other case
10
10
  def expired?
11
- expires_in && Time.now.utc > expires_at
11
+ !!(expires_in && Time.now.utc > expires_at)
12
12
  end
13
13
 
14
14
  # Calculates expiration time in seconds.
@@ -6,7 +6,7 @@ module Doorkeeper
6
6
  validate :params, error: :invalid_request
7
7
  validate :client, error: :invalid_client
8
8
  validate :grant, error: :invalid_grant
9
- # @see https://tools.ietf.org/html/rfc6749#section-5.2
9
+ # @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
10
10
  validate :redirect_uri, error: :invalid_grant
11
11
  validate :code_verifier, error: :invalid_grant
12
12
 
@@ -13,7 +13,7 @@ module Doorkeeper
13
13
  def authorize
14
14
  auth = Authorization::Code.new(pre_auth, resource_owner)
15
15
  auth.issue_token!
16
- CodeResponse.new(pre_auth, auth)
16
+ CodeResponse.new(pre_auth, auth, response_on_fragment: pre_auth.response_mode == "fragment")
17
17
  end
18
18
 
19
19
  def deny
@@ -23,7 +23,8 @@ module Doorkeeper
23
23
  end
24
24
 
25
25
  def description
26
- @description ||= @scopes.map { |s| I18n.t(s, scope: %i[doorkeeper scopes]) }.join("\n")
26
+ @description ||= I18n.t("doorkeeper.errors.messages.forbidden_token.missing_scope",
27
+ oauth_scopes: @scopes.map(&:to_s).join(" "),)
27
28
  end
28
29
 
29
30
  protected
@@ -11,8 +11,8 @@ module Doorkeeper
11
11
  # Access Token value must be 1*VSCHAR or
12
12
  # 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"="
13
13
  #
14
- # @see https://tools.ietf.org/html/rfc6749#appendix-A.12
15
- # @see https://tools.ietf.org/html/rfc6750#section-2.1
14
+ # @see https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.12
15
+ # @see https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
16
16
  #
17
17
  generator = options.delete(:generator) || SecureRandom.method(default_generator_method)
18
18
  token_size = options.delete(:size) || 32
@@ -3,24 +3,6 @@
3
3
  require "ipaddr"
4
4
 
5
5
  module Doorkeeper
6
- module IPAddrLoopback
7
- def loopback?
8
- case @family
9
- when Socket::AF_INET
10
- @addr & 0xff000000 == 0x7f000000
11
- when Socket::AF_INET6
12
- @addr == 1
13
- else
14
- raise AddressFamilyError, "unsupported address family"
15
- end
16
- end
17
- end
18
-
19
- # For backward compatibility with old rubies
20
- if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("2.5.0")
21
- IPAddr.include Doorkeeper::IPAddrLoopback
22
- end
23
-
24
6
  module OAuth
25
7
  module Helpers
26
8
  module URIChecker
@@ -46,7 +28,7 @@ module Doorkeeper
46
28
  end
47
29
 
48
30
  # RFC8252, Paragraph 7.3
49
- # @see https://tools.ietf.org/html/rfc8252#section-7.3
31
+ # @see https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
50
32
  if loopback_uri?(url) && loopback_uri?(client_url)
51
33
  url.port = nil
52
34
  client_url.port = nil
@@ -10,12 +10,13 @@ module Doorkeeper
10
10
  validate :resource_owner, error: :invalid_grant
11
11
  validate :scopes, error: :invalid_scope
12
12
 
13
- attr_reader :client, :resource_owner, :parameters, :access_token
13
+ attr_reader :client, :credentials, :resource_owner, :parameters, :access_token
14
14
 
15
- def initialize(server, client, resource_owner, parameters = {})
15
+ def initialize(server, client, credentials, resource_owner, parameters = {})
16
16
  @server = server
17
17
  @resource_owner = resource_owner
18
18
  @client = client
19
+ @credentials = credentials
19
20
  @parameters = parameters
20
21
  @original_scopes = parameters[:scope]
21
22
  @grant_type = Doorkeeper::OAuth::PASSWORD
@@ -56,11 +57,11 @@ module Doorkeeper
56
57
  #
57
58
  # o authenticate the client if client authentication is included,
58
59
  #
59
- # @see https://tools.ietf.org/html/rfc6749#section-4.3
60
+ # @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.3
60
61
  #
61
62
  def validate_client
62
63
  if Doorkeeper.config.skip_client_authentication_for_password_grant
63
- !parameters[:client_id] || client.present?
64
+ client.present? || (!parameters[:client_id] && credentials.blank?)
64
65
  else
65
66
  client.present?
66
67
  end
@@ -101,7 +101,7 @@ module Doorkeeper
101
101
  client.present?
102
102
  end
103
103
 
104
- # @see https://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-1.5
104
+ # @see https://datatracker.ietf.org/doc/html/rfc6749#section-1.5
105
105
  #
106
106
  def validate_client_match
107
107
  return true if refresh_token.application_id.blank?
@@ -4,7 +4,7 @@ module Doorkeeper
4
4
  module OAuth
5
5
  # RFC7662 OAuth 2.0 Token Introspection
6
6
  #
7
- # @see https://tools.ietf.org/html/rfc7662
7
+ # @see https://datatracker.ietf.org/doc/html/rfc7662
8
8
  class TokenIntrospection
9
9
  def initialize(server, token)
10
10
  @server = server
@@ -107,7 +107,7 @@ module Doorkeeper
107
107
  # authorization server SHOULD NOT include any additional information
108
108
  # about an inactive token, including why the token is inactive.
109
109
  #
110
- # @see https://tools.ietf.org/html/rfc7662 2.2. Introspection Response
110
+ # @see https://datatracker.ietf.org/doc/html/rfc7662 2.2. Introspection Response
111
111
  #
112
112
  def failure_response
113
113
  {
@@ -186,7 +186,7 @@ module Doorkeeper
186
186
  # Provides context (controller) and token for generating developer-specific
187
187
  # response.
188
188
  #
189
- # @see https://tools.ietf.org/html/rfc7662#section-2.2
189
+ # @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
190
190
  #
191
191
  def customize_response(response)
192
192
  customized_response = Doorkeeper.config.custom_introspection_response.call(
@@ -6,6 +6,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
6
6
 
7
7
  included do
8
8
  self.table_name = compute_doorkeeper_table_name
9
+ self.strict_loading_by_default = false if respond_to?(:strict_loading_by_default)
9
10
 
10
11
  include ::Doorkeeper::AccessGrantMixin
11
12
 
@@ -6,6 +6,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
6
6
 
7
7
  included do
8
8
  self.table_name = compute_doorkeeper_table_name
9
+ self.strict_loading_by_default = false if respond_to?(:strict_loading_by_default)
9
10
 
10
11
  include ::Doorkeeper::AccessTokenMixin
11
12
 
@@ -6,6 +6,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
6
6
 
7
7
  included do
8
8
  self.table_name = compute_doorkeeper_table_name
9
+ self.strict_loading_by_default = false if respond_to?(:strict_loading_by_default)
9
10
 
10
11
  include ::Doorkeeper::ApplicationMixin
11
12
 
@@ -9,6 +9,7 @@ module Doorkeeper
9
9
  @request ||= OAuth::PasswordAccessTokenRequest.new(
10
10
  Doorkeeper.config,
11
11
  client,
12
+ credentials,
12
13
  resource_owner,
13
14
  parameters,
14
15
  )
@@ -5,7 +5,7 @@ module Doorkeeper
5
5
  # Semantic versioning
6
6
  MAJOR = 5
7
7
  MINOR = 5
8
- TINY = 0
8
+ TINY = 4
9
9
  PRE = nil
10
10
 
11
11
  # Full version number
@@ -120,7 +120,7 @@ Doorkeeper.configure do
120
120
  # The controller +Doorkeeper::ApplicationController+ inherits from.
121
121
  # Defaults to +ActionController::Base+ unless +api_only+ is set, which changes the default to
122
122
  # +ActionController::API+. The return value of this option must be a stringified class name.
123
- # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-base-controller
123
+ # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-controllers
124
124
  #
125
125
  # base_controller 'ApplicationController'
126
126
 
@@ -276,7 +276,7 @@ Doorkeeper.configure do
276
276
  # force_ssl_in_redirect_uri { |uri| uri.host != 'localhost' }
277
277
 
278
278
  # Specify what redirect URI's you want to block during Application creation.
279
- # Any redirect URI is whitelisted by default.
279
+ # Any redirect URI is allowed by default.
280
280
  #
281
281
  # You can use this option in order to forbid URI's with 'javascript' scheme
282
282
  # for example.
@@ -343,8 +343,8 @@ Doorkeeper.configure do
343
343
  #
344
344
  # implicit and password grant flows have risks that you should understand
345
345
  # before enabling:
346
- # http://tools.ietf.org/html/rfc6819#section-4.4.2
347
- # http://tools.ietf.org/html/rfc6819#section-4.4.3
346
+ # https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.2
347
+ # https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.3
348
348
  #
349
349
  # grant_flows %w[authorization_code client_credentials]
350
350
 
@@ -387,7 +387,7 @@ Doorkeeper.configure do
387
387
  # Be default all Resource Owners are authorized to any Client (application).
388
388
  #
389
389
  # authorize_resource_owner_for_client do |client, resource_owner|
390
- # resource_owner.admin? || client.owners_whitelist.include?(resource_owner)
390
+ # resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
391
391
  # end
392
392
 
393
393
  # Hook into the strategies' request & response life-cycle in case your
@@ -61,7 +61,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
61
61
  # *the client MUST discard the old refresh token* and replace it with the
62
62
  # new refresh token. The authorization server MAY revoke the old
63
63
  # refresh token after issuing a new refresh token to the client.
64
- # @see https://tools.ietf.org/html/rfc6749#section-6
64
+ # @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
65
65
  #
66
66
  # Doorkeeper implementation: if there is a `previous_refresh_token` column,
67
67
  # refresh tokens will be revoked after a related access token is used.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.5.0
4
+ version: 5.5.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2021-02-19 00:00:00.000000000 Z
14
+ date: 2021-10-05 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties
@@ -89,14 +89,14 @@ dependencies:
89
89
  requirements:
90
90
  - - "~>"
91
91
  - !ruby/object:Gem::Version
92
- version: '1.6'
92
+ version: '2.0'
93
93
  type: :development
94
94
  prerelease: false
95
95
  version_requirements: !ruby/object:Gem::Requirement
96
96
  requirements:
97
97
  - - "~>"
98
98
  - !ruby/object:Gem::Version
99
- version: '1.6'
99
+ version: '2.0'
100
100
  - !ruby/object:Gem::Dependency
101
101
  name: factory_bot
102
102
  requirement: !ruby/object:Gem::Requirement
@@ -337,7 +337,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
337
337
  requirements:
338
338
  - - ">="
339
339
  - !ruby/object:Gem::Version
340
- version: '2.4'
340
+ version: '2.5'
341
341
  required_rubygems_version: !ruby/object:Gem::Requirement
342
342
  requirements:
343
343
  - - ">="