RubyGems - doorkeeper - Versions diffs - 5.5.0 → 5.5.4 - Mend

doorkeeper 5.5.0 → 5.5.4

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (31) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +27 -1
data/README.md +19 -13
data/app/controllers/doorkeeper/application_controller.rb +1 -0
data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
data/app/controllers/doorkeeper/tokens_controller.rb +3 -3
data/app/helpers/doorkeeper/dashboard_helper.rb +1 -1
data/app/views/doorkeeper/authorizations/form_post.html.erb +10 -6
data/app/views/doorkeeper/authorizations/new.html.erb +2 -0
data/config/locales/en.yml +3 -0
data/lib/doorkeeper/config.rb +5 -1
data/lib/doorkeeper/models/access_grant_mixin.rb +1 -1
data/lib/doorkeeper/models/access_token_mixin.rb +3 -3
data/lib/doorkeeper/models/concerns/expirable.rb +1 -1
data/lib/doorkeeper/oauth/authorization_code_request.rb +1 -1
data/lib/doorkeeper/oauth/code_request.rb +1 -1
data/lib/doorkeeper/oauth/forbidden_token_response.rb +2 -1
data/lib/doorkeeper/oauth/helpers/unique_token.rb +2 -2
data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -19
data/lib/doorkeeper/oauth/password_access_token_request.rb +5 -4
data/lib/doorkeeper/oauth/refresh_token_request.rb +1 -1
data/lib/doorkeeper/oauth/token_introspection.rb +3 -3
data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +1 -0
data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +1 -0
data/lib/doorkeeper/orm/active_record/mixins/application.rb +1 -0
data/lib/doorkeeper/request/password.rb +1 -0
data/lib/doorkeeper/version.rb +1 -1
data/lib/generators/doorkeeper/templates/initializer.rb +5 -5
data/lib/generators/doorkeeper/templates/migration.rb.erb +1 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d0646462c8fd51891c70b06dbccf9d4c2a2db2d19f71fb9e358c9401843053a
-  data.tar.gz: 17669cf7be5a1f0053850c6f00c03b63df477438a7aa6805558d48dfb35541b0
+  metadata.gz: 55c17555b9591b1a06b8164b0508ab733df8dca59e4b555e1dac3b3cc7a1112e
+  data.tar.gz: 56fd2b8475c97f0bc755086cc22ee1aa14d2ac47263f0e218f3cf4f9f80d5b38
 SHA512:
-  metadata.gz: 54c0fadb672bb09b4e33b6df5476694a0e7f1fb7795b3e2d4172e6c77671bbd7f929dec42f37d9b17bede5cb0659c5a95a30771fd8c69dbdddcb80d4d291aa81
-  data.tar.gz: 462977a3eae6d5705ce246814a66f0bd29cd64647e43ba4df2502b9b72eea9c0e848ce3c1789fa97cb6953a07661eef025665a9fa29a97080c1d61acc3e559b6
+  metadata.gz: b21d497b70266436f0446eec977f9ff074f646c0cdf417e08c8806529474ea91d112f0f1357a614f9e136b0dd042d665f7ea7325740254770ff01469df595390
+  data.tar.gz: eb23ac65993cf89d82b66e5616b231d58fd0ac928486354a2bc36fdf7173fb3ba807f434f85a45f4ea6d1600847b46bdd5ad76ea9d317c16908a114b18fdb94a

data/CHANGELOG.md CHANGED Viewed

@@ -7,7 +7,33 @@ User-visible changes worth mentioning.
 ## main
-- [#PR ID] Add your PR description here.
+- [#ID] Add your PR description here.
+## 5.5.4
+- [#1535] Revert changes introduced in #1528 to allow query params in `redirect_uri` as per the spec.
+## 5.5.3
+- [#1528] Don't allow extra query params in redirect_uri.
+- [#1525] I18n source for forbidden token error is now `doorkeeper.errors.messages.forbidden_token.missing_scope`.
+- [#1531] Disable `strict-loading` for Doorkeeper models by default.
+- [#1532] Add support for Rails 7.
+## 5.5.2
+- [#1502] Drop support for Ruby 2.4 because of EOL.
+- [#1504] Updated the url fragment in the comment for code documentation.
+- [#1512] Fix form behavior when response mode is form_post.
+- [#1511] Fix that authorization code is returned by fragment if response_mode is fragament.
+## 5.5.1
+- [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
+- [#1495] Fix `respond_to` undefined in API-only mode
+- [#1488] Verify client authentication for Resource Owner Password Grant when
+  `config.skip_client_authentication_for_password_grant` is set and the client credentials
+  are sent in a HTTP Basic auth header.
 ## 5.5.0

data/README.md CHANGED Viewed

@@ -1,7 +1,7 @@
 # Doorkeeper — awesome OAuth 2 provider for your Rails / Grape app.
 [![Gem Version](https://badge.fury.io/rb/doorkeeper.svg)](https://rubygems.org/gems/doorkeeper)
-[![Build Status](https://travis-ci.org/doorkeeper-gem/doorkeeper.svg?branch=main)](https://travis-ci.org/doorkeeper-gem/doorkeeper)
+[![Build Status](https://app.travis-ci.com/doorkeeper-gem/doorkeeper.svg?branch=main)](https://app.travis-ci.com/doorkeeper-gem/doorkeeper)
 [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
 [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
 [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main)
@@ -14,18 +14,18 @@ functionality to your Ruby on Rails or Grape application.
 Supported features:
-- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
-  - [Authorization Code Flow](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1)
-  - [Access Token Scopes](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3)
-  - [Refresh token](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-1.5)
-  - [Implicit grant](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.2)
-  - [Resource Owner Password Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.3)
-  - [Client Credentials](http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.4)
-- [OAuth 2.0 Token Revocation](http://tools.ietf.org/html/rfc7009)
-- [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)
-- [OAuth 2.0 Threat Model and Security Considerations](http://tools.ietf.org/html/rfc6819)
-- [OAuth 2.0 for Native Apps](https://tools.ietf.org/html/draft-ietf-oauth-native-apps-10)
-- [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
+- [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
+  - [Authorization Code Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)
+  - [Access Token Scopes](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3)
+  - [Refresh token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)
+  - [Implicit grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2)
+  - [Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3)
+  - [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
+- [OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
+- [OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662)
+- [OAuth 2.0 Threat Model and Security Considerations](https://datatracker.ietf.org/doc/html/rfc6819)
+- [OAuth 2.0 for Native Apps](https://datatracker.ietf.org/doc/html/rfc8252)
+- [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)
 ## Table of Contents
@@ -134,6 +134,12 @@ See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-to
 Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/doorkeeper-gem#sponsor)]
+<a href="https://codecademy.com/about/careers?utm_source=doorkeeper-gem" target="_blank"><img src="https://static-assets.codecademy.com/marketing/codecademy_logo_padded.png"/></a>
+> Codecademy supports open source as part of its mission to democratize tech. Come help us build the education the world deserves: [https://codecademy.com/about/careers](https://codecademy.com/about/careers?utm_source=doorkeeper-gem)
+<br>
 <a href="https://oauth.io/?utm_source=doorkeeper-gem" target="_blank"><img src="https://oauth.io/img/logo_text.png"/></a>
 > If you prefer not to deal with the gory details of OAuth 2, need dedicated customer support & consulting, try the cloud-based SaaS version: [https://oauth.io](https://oauth.io/?utm_source=doorkeeper-gem)

data/app/controllers/doorkeeper/application_controller.rb CHANGED Viewed

@@ -4,6 +4,7 @@ module Doorkeeper
   class ApplicationController <
     Doorkeeper.config.resolve_controller(:base)
     include Helpers::Controller
+    include ActionController::MimeResponds if Doorkeeper.config.api_only
     unless Doorkeeper.config.api_only
       protect_from_forgery with: :exception

data/app/controllers/doorkeeper/authorizations_controller.rb CHANGED Viewed

@@ -66,7 +66,7 @@ module Doorkeeper
         elsif pre_auth.form_post_response?
           render :form_post
         else
-          redirect_to auth.redirect_uri
+          redirect_to auth.redirect_uri, allow_other_host: true
         end
       else
         render json: auth.body, status: auth.status

data/app/controllers/doorkeeper/authorized_applications_controller.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Doorkeeper
           )
         end
-        format.json { render :no_content }
+        format.json { head :no_content }
       end
     end
   end

data/app/controllers/doorkeeper/tokens_controller.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Doorkeeper
       handle_token_exception(e)
     end
-    # OAuth 2.0 Token Revocation - http://tools.ietf.org/html/rfc7009
+    # OAuth 2.0 Token Revocation - https://datatracker.ietf.org/doc/html/rfc7009
     def revoke
       # The authorization server responds with HTTP status code 200 if the client
       # submitted an invalid token or the token has been revoked successfully.
@@ -94,8 +94,8 @@ module Doorkeeper
     # types, they set the application_id as null (since the claim cannot be
     # verified).
     #
-    # https://tools.ietf.org/html/rfc6749#section-2.1
-    # https://tools.ietf.org/html/rfc7009
+    # https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
+    # https://datatracker.ietf.org/doc/html/rfc7009
     def authorized?
       # Token belongs to specific client, so we need to check if
       # authenticated client could access it.

data/app/helpers/doorkeeper/dashboard_helper.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Doorkeeper
       return if object.errors[method].blank?
       output = object.errors[method].map do |msg|
-        content_tag(:span, class: "form-text") do
+        content_tag(:span, class: "invalid-feedback") do
           msg.capitalize
         end
       end

data/app/views/doorkeeper/authorizations/form_post.html.erb CHANGED Viewed

@@ -2,10 +2,14 @@
   <h1><%= t('.title') %></h1>
 </header>
-<main role="main" onload="document.forms[0].submit()">
-  <%= form_tag @pre_auth.redirect_uri, method: :post do %>
-    <% @authorize_response.body.each do |key, value| %>
-      <%= hidden_field_tag key, value %>
-    <% end %>
+<%= form_tag @pre_auth.redirect_uri, method: :post, name: :redirect_form, authenticity_token: false do %>
+  <% @authorize_response.body.compact.each do |key, value| %>
+    <%= hidden_field_tag key, value %>
   <% end %>
-</main>
+<% end %>
+<script>
+  window.onload = function () {
+    document.forms['redirect_form'].submit();
+  };
+</script>

data/app/views/doorkeeper/authorizations/new.html.erb CHANGED Viewed

@@ -25,6 +25,7 @@
       <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
       <%= hidden_field_tag :state, @pre_auth.state %>
       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :response_mode, @pre_auth.response_mode %>
       <%= hidden_field_tag :scope, @pre_auth.scope %>
       <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
       <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>
@@ -35,6 +36,7 @@
       <%= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri %>
       <%= hidden_field_tag :state, @pre_auth.state %>
       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+      <%= hidden_field_tag :response_mode, @pre_auth.response_mode %>
       <%= hidden_field_tag :scope, @pre_auth.scope %>
       <%= hidden_field_tag :code_challenge, @pre_auth.code_challenge %>
       <%= hidden_field_tag :code_challenge_method, @pre_auth.code_challenge_method %>

data/config/locales/en.yml CHANGED Viewed

@@ -125,6 +125,9 @@ en:
         revoke:
           unauthorized: "You are not authorized to revoke this token"
+        forbidden_token:
+          missing_scope: 'Access to this resource requires scope "%{oauth_scopes}".'
     flash:
       applications:
         create:

data/lib/doorkeeper/config.rb CHANGED Viewed

@@ -278,6 +278,10 @@ module Doorkeeper
     # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
     option :token_reuse_limit,              default: 100
+    # Don't require client authentication for password grants. If client credentials
+    # are present they will still be validated, and the grant rejected if the credentials
+    # are invalid.
+    #
     # This is discouraged. Spec says that password grants always require a client.
     #
     # See https://github.com/doorkeeper-gem/doorkeeper/issues/1412#issuecomment-632750422
@@ -370,7 +374,7 @@ module Doorkeeper
     # The controller Doorkeeper::ApplicationController inherits from.
     # Defaults to ActionController::Base.
-    # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-base-controller
+    # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-controllers
     #
     # @param base_controller [String] the name of the base controller
     option :base_controller,

data/lib/doorkeeper/models/access_grant_mixin.rb CHANGED Viewed

@@ -49,7 +49,7 @@ module Doorkeeper
       end
       # Implements PKCE code_challenge encoding without base64 padding as described in the spec.
-      # https://tools.ietf.org/html/rfc7636#appendix-A
+      # https://datatracker.ietf.org/doc/html/rfc7636#appendix-A
       #   Appendix A.  Notes on Implementing Base64url Encoding without Padding
       #
       #   This appendix describes how to implement a base64url-encoding

data/lib/doorkeeper/models/access_token_mixin.rb CHANGED Viewed

@@ -279,7 +279,7 @@ module Doorkeeper
     end
     # Access Token type: Bearer.
-    # @see https://tools.ietf.org/html/rfc6750
+    # @see https://datatracker.ietf.org/doc/html/rfc6750
     #   The OAuth 2.0 Authorization Framework: Bearer Token Usage
     #
     def token_type
@@ -374,10 +374,10 @@ module Doorkeeper
     # and clears `:previous_refresh_token` attribute.
     #
     def revoke_previous_refresh_token!
-      return unless self.class.refresh_token_revoked_on_use?
+      return if !self.class.refresh_token_revoked_on_use? || previous_refresh_token.blank?
       old_refresh_token&.revoke
-      update_attribute(:previous_refresh_token, "") if previous_refresh_token.present?
+      update_attribute(:previous_refresh_token, "")
     end
     private

data/lib/doorkeeper/models/concerns/expirable.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Doorkeeper
       #
       # @return [Boolean] true if object expired and false in other case
       def expired?
-        expires_in && Time.now.utc > expires_at
+        !!(expires_in && Time.now.utc > expires_at)
       end
       # Calculates expiration time in seconds.

data/lib/doorkeeper/oauth/authorization_code_request.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Doorkeeper
       validate :params,       error: :invalid_request
       validate :client,       error: :invalid_client
       validate :grant,        error: :invalid_grant
-      # @see https://tools.ietf.org/html/rfc6749#section-5.2
+      # @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
       validate :redirect_uri, error: :invalid_grant
       validate :code_verifier, error: :invalid_grant

data/lib/doorkeeper/oauth/code_request.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Doorkeeper
       def authorize
         auth = Authorization::Code.new(pre_auth, resource_owner)
         auth.issue_token!
-        CodeResponse.new(pre_auth, auth)
+        CodeResponse.new(pre_auth, auth, response_on_fragment: pre_auth.response_mode == "fragment")
       end
       def deny

data/lib/doorkeeper/oauth/forbidden_token_response.rb CHANGED Viewed

@@ -23,7 +23,8 @@ module Doorkeeper
       end
       def description
-        @description ||= @scopes.map { |s| I18n.t(s, scope: %i[doorkeeper scopes]) }.join("\n")
+        @description ||= I18n.t("doorkeeper.errors.messages.forbidden_token.missing_scope",
+                                oauth_scopes: @scopes.map(&:to_s).join(" "),)
       end
       protected

data/lib/doorkeeper/oauth/helpers/unique_token.rb CHANGED Viewed

@@ -11,8 +11,8 @@ module Doorkeeper
           # Access Token value must be 1*VSCHAR or
           # 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) *"="
           #
-          # @see https://tools.ietf.org/html/rfc6749#appendix-A.12
-          # @see https://tools.ietf.org/html/rfc6750#section-2.1
+          # @see https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.12
+          # @see https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
           #
           generator = options.delete(:generator) || SecureRandom.method(default_generator_method)
           token_size = options.delete(:size) || 32

data/lib/doorkeeper/oauth/helpers/uri_checker.rb CHANGED Viewed

@@ -3,24 +3,6 @@
 require "ipaddr"
 module Doorkeeper
-  module IPAddrLoopback
-    def loopback?
-      case @family
-      when Socket::AF_INET
-        @addr & 0xff000000 == 0x7f000000
-      when Socket::AF_INET6
-        @addr == 1
-      else
-        raise AddressFamilyError, "unsupported address family"
-      end
-    end
-  end
-  # For backward compatibility with old rubies
-  if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("2.5.0")
-    IPAddr.include Doorkeeper::IPAddrLoopback
-  end
   module OAuth
     module Helpers
       module URIChecker
@@ -46,7 +28,7 @@ module Doorkeeper
           end
           # RFC8252, Paragraph 7.3
-          # @see https://tools.ietf.org/html/rfc8252#section-7.3
+          # @see https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
           if loopback_uri?(url) && loopback_uri?(client_url)
             url.port = nil
             client_url.port = nil

data/lib/doorkeeper/oauth/password_access_token_request.rb CHANGED Viewed

@@ -10,12 +10,13 @@ module Doorkeeper
       validate :resource_owner, error: :invalid_grant
       validate :scopes, error: :invalid_scope
-      attr_reader :client, :resource_owner, :parameters, :access_token
+      attr_reader :client, :credentials, :resource_owner, :parameters, :access_token
-      def initialize(server, client, resource_owner, parameters = {})
+      def initialize(server, client, credentials, resource_owner, parameters = {})
         @server          = server
         @resource_owner  = resource_owner
         @client          = client
+        @credentials     = credentials
         @parameters      = parameters
         @original_scopes = parameters[:scope]
         @grant_type      = Doorkeeper::OAuth::PASSWORD
@@ -56,11 +57,11 @@ module Doorkeeper
       #
       #    o  authenticate the client if client authentication is included,
       #
-      #   @see https://tools.ietf.org/html/rfc6749#section-4.3
+      #   @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.3
       #
       def validate_client
         if Doorkeeper.config.skip_client_authentication_for_password_grant
-          !parameters[:client_id] || client.present?
+          client.present? || (!parameters[:client_id] && credentials.blank?)
         else
           client.present?
         end

data/lib/doorkeeper/oauth/refresh_token_request.rb CHANGED Viewed

@@ -101,7 +101,7 @@ module Doorkeeper
         client.present?
       end
-      # @see https://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-1.5
+      # @see https://datatracker.ietf.org/doc/html/rfc6749#section-1.5
       #
       def validate_client_match
         return true if refresh_token.application_id.blank?

data/lib/doorkeeper/oauth/token_introspection.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Doorkeeper
   module OAuth
     # RFC7662 OAuth 2.0 Token Introspection
     #
-    # @see https://tools.ietf.org/html/rfc7662
+    # @see https://datatracker.ietf.org/doc/html/rfc7662
     class TokenIntrospection
       def initialize(server, token)
         @server = server
@@ -107,7 +107,7 @@ module Doorkeeper
       # authorization server SHOULD NOT include any additional information
       # about an inactive token, including why the token is inactive.
       #
-      # @see https://tools.ietf.org/html/rfc7662 2.2. Introspection Response
+      # @see https://datatracker.ietf.org/doc/html/rfc7662 2.2. Introspection Response
       #
       def failure_response
         {
@@ -186,7 +186,7 @@ module Doorkeeper
       # Provides context (controller) and token for generating developer-specific
       # response.
       #
-      # @see https://tools.ietf.org/html/rfc7662#section-2.2
+      # @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.2
       #
       def customize_response(response)
         customized_response = Doorkeeper.config.custom_introspection_response.call(

data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
     included do
       self.table_name = compute_doorkeeper_table_name
+      self.strict_loading_by_default = false if respond_to?(:strict_loading_by_default)
       include ::Doorkeeper::AccessGrantMixin

data/lib/doorkeeper/orm/active_record/mixins/access_token.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
     included do
       self.table_name = compute_doorkeeper_table_name
+      self.strict_loading_by_default = false if respond_to?(:strict_loading_by_default)
       include ::Doorkeeper::AccessTokenMixin

data/lib/doorkeeper/orm/active_record/mixins/application.rb CHANGED Viewed

@@ -6,6 +6,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
     included do
       self.table_name = compute_doorkeeper_table_name
+      self.strict_loading_by_default = false if respond_to?(:strict_loading_by_default)
       include ::Doorkeeper::ApplicationMixin

data/lib/doorkeeper/request/password.rb CHANGED Viewed

@@ -9,6 +9,7 @@ module Doorkeeper
         @request ||= OAuth::PasswordAccessTokenRequest.new(
           Doorkeeper.config,
           client,
+          credentials,
           resource_owner,
           parameters,
         )

data/lib/doorkeeper/version.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Doorkeeper
     # Semantic versioning
     MAJOR = 5
     MINOR = 5
-    TINY = 0
+    TINY = 4
     PRE = nil
     # Full version number

data/lib/generators/doorkeeper/templates/initializer.rb CHANGED Viewed

@@ -120,7 +120,7 @@ Doorkeeper.configure do
   # The controller +Doorkeeper::ApplicationController+ inherits from.
   # Defaults to +ActionController::Base+ unless +api_only+ is set, which changes the default to
   # +ActionController::API+. The return value of this option must be a stringified class name.
-  # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-base-controller
+  # See https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-controllers
   #
   # base_controller 'ApplicationController'
@@ -276,7 +276,7 @@ Doorkeeper.configure do
   # force_ssl_in_redirect_uri { |uri| uri.host != 'localhost' }
   # Specify what redirect URI's you want to block during Application creation.
-  # Any redirect URI is whitelisted by default.
+  # Any redirect URI is allowed by default.
   #
   # You can use this option in order to forbid URI's with 'javascript' scheme
   # for example.
@@ -343,8 +343,8 @@ Doorkeeper.configure do
   #
   # implicit and password grant flows have risks that you should understand
   # before enabling:
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
-  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.2
+  #   https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.3
   #
   # grant_flows %w[authorization_code client_credentials]
@@ -387,7 +387,7 @@ Doorkeeper.configure do
   # Be default all Resource Owners are authorized to any Client (application).
   #
   # authorize_resource_owner_for_client do |client, resource_owner|
-  #   resource_owner.admin? || client.owners_whitelist.include?(resource_owner)
+  #   resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
   # end
   # Hook into the strategies' request & response life-cycle in case your

data/lib/generators/doorkeeper/templates/migration.rb.erb CHANGED Viewed

@@ -61,7 +61,7 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
       # *the client MUST discard the old refresh token* and replace it with the
       # new refresh token. The authorization server MAY revoke the old
       # refresh token after issuing a new refresh token to the client.
-      # @see https://tools.ietf.org/html/rfc6749#section-6
+      # @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
       #
       # Doorkeeper implementation: if there is a `previous_refresh_token` column,
       # refresh tokens will be revoked after a related access token is used.

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: doorkeeper
 version: !ruby/object:Gem::Version
-  version: 5.5.0
+  version: 5.5.4
 platform: ruby
 authors:
 - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-19 00:00:00.000000000 Z
+date: 2021-10-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -89,14 +89,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: factory_bot
   requirement: !ruby/object:Gem::Requirement
@@ -337,7 +337,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="