doorkeeper 5.5.4 → 5.6.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +64 -7
- data/README.md +4 -3
- data/app/controllers/doorkeeper/authorizations_controller.rb +20 -6
- data/app/controllers/doorkeeper/tokens_controller.rb +8 -5
- data/app/views/doorkeeper/authorizations/error.html.erb +3 -1
- data/app/views/doorkeeper/authorizations/new.html.erb +16 -16
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/config/validations.rb +3 -3
- data/lib/doorkeeper/config.rb +44 -54
- data/lib/doorkeeper/engine.rb +10 -3
- data/lib/doorkeeper/helpers/controller.rb +1 -1
- data/lib/doorkeeper/models/access_token_mixin.rb +6 -6
- data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +88 -0
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +7 -1
- data/lib/doorkeeper/oauth/authorization/token.rb +7 -1
- data/lib/doorkeeper/oauth/authorization_code_request.rb +16 -6
- data/lib/doorkeeper/oauth/base_request.rb +11 -10
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +10 -13
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +1 -2
- data/lib/doorkeeper/oauth/error_response.rb +1 -2
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +3 -3
- data/lib/doorkeeper/oauth/password_access_token_request.rb +2 -2
- data/lib/doorkeeper/oauth/pre_authorization.rb +11 -10
- data/lib/doorkeeper/oauth/refresh_token_request.rb +12 -4
- data/lib/doorkeeper/oauth/token_introspection.rb +1 -1
- data/lib/doorkeeper/oauth/token_response.rb +1 -2
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +0 -6
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +21 -4
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +12 -1
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +2 -2
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +5 -2
- data/lib/doorkeeper/orm/active_record.rb +30 -37
- data/lib/doorkeeper/rails/routes.rb +12 -3
- data/lib/doorkeeper/rake/setup.rake +0 -5
- data/lib/doorkeeper/version.rb +2 -2
- data/lib/doorkeeper.rb +73 -5
- data/lib/generators/doorkeeper/templates/initializer.rb +21 -3
- data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -4
- metadata +21 -19
data/lib/doorkeeper.rb
CHANGED
@@ -88,7 +88,9 @@ module Doorkeeper
|
|
88
88
|
module Models
|
89
89
|
autoload :Accessible, "doorkeeper/models/concerns/accessible"
|
90
90
|
autoload :Expirable, "doorkeeper/models/concerns/expirable"
|
91
|
+
autoload :ExpirationTimeSqlMath, "doorkeeper/models/concerns/expiration_time_sql_math"
|
91
92
|
autoload :Orderable, "doorkeeper/models/concerns/orderable"
|
93
|
+
autoload :PolymorphicResourceOwner, "doorkeeper/models/concerns/polymorphic_resource_owner"
|
92
94
|
autoload :Scopes, "doorkeeper/models/concerns/scopes"
|
93
95
|
autoload :Reusable, "doorkeeper/models/concerns/reusable"
|
94
96
|
autoload :ResourceOwnerable, "doorkeeper/models/concerns/resource_ownerable"
|
@@ -112,11 +114,77 @@ module Doorkeeper
|
|
112
114
|
autoload :BCrypt, "doorkeeper/secret_storing/bcrypt"
|
113
115
|
end
|
114
116
|
|
115
|
-
|
116
|
-
|
117
|
-
|
117
|
+
class << self
|
118
|
+
attr_reader :orm_adapter
|
119
|
+
|
120
|
+
def configure(&block)
|
121
|
+
@config = Config::Builder.new(&block).build
|
122
|
+
setup
|
123
|
+
@config
|
124
|
+
end
|
125
|
+
|
126
|
+
# @return [Doorkeeper::Config] configuration instance
|
127
|
+
#
|
128
|
+
def configuration
|
129
|
+
@config || configure
|
130
|
+
end
|
131
|
+
|
132
|
+
def configured?
|
133
|
+
!@config.nil?
|
134
|
+
end
|
135
|
+
|
136
|
+
alias config configuration
|
137
|
+
|
138
|
+
def setup
|
139
|
+
setup_orm_adapter
|
140
|
+
|
141
|
+
# Deprecated, will be removed soon
|
142
|
+
unless configuration.orm == :active_record
|
143
|
+
setup_orm_models
|
144
|
+
setup_application_owner
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
def setup_orm_adapter
|
149
|
+
@orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
|
150
|
+
rescue NameError => e
|
151
|
+
raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
|
152
|
+
[DOORKEEPER] ORM adapter not found (#{configuration.orm}), or there was an error
|
153
|
+
trying to load it.
|
118
154
|
|
119
|
-
|
120
|
-
|
155
|
+
You probably need to add the related gem for this adapter to work with
|
156
|
+
doorkeeper.
|
157
|
+
ERROR_MSG
|
158
|
+
end
|
159
|
+
|
160
|
+
def run_orm_hooks
|
161
|
+
config.clear_cache!
|
162
|
+
|
163
|
+
if @orm_adapter.respond_to?(:run_hooks)
|
164
|
+
@orm_adapter.run_hooks
|
165
|
+
else
|
166
|
+
::Kernel.warn <<~MSG.strip_heredoc
|
167
|
+
[DOORKEEPER] ORM "#{configuration.orm}" should move all it's setup logic under `#run_hooks` method for
|
168
|
+
the #{@orm_adapter.name}. Later versions of Doorkeeper will no longer support `setup_orm_models` and
|
169
|
+
`setup_application_owner` API.
|
170
|
+
MSG
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
def setup_orm_models
|
175
|
+
@orm_adapter.initialize_models!
|
176
|
+
end
|
177
|
+
|
178
|
+
def setup_application_owner
|
179
|
+
@orm_adapter.initialize_application_owner!
|
180
|
+
end
|
181
|
+
|
182
|
+
def authenticate(request, methods = Doorkeeper.config.access_token_methods)
|
183
|
+
OAuth::Token.authenticate(request, *methods)
|
184
|
+
end
|
185
|
+
|
186
|
+
def gem_version
|
187
|
+
::Gem::Version.new(::Doorkeeper::VERSION::STRING)
|
188
|
+
end
|
121
189
|
end
|
122
190
|
end
|
@@ -126,9 +126,10 @@ Doorkeeper.configure do
|
|
126
126
|
|
127
127
|
# Reuse access token for the same resource owner within an application (disabled by default).
|
128
128
|
#
|
129
|
-
# This option protects your application from creating new tokens before old valid one becomes
|
130
|
-
# expired so your database doesn't bloat. Keep in mind that when this option is
|
131
|
-
# doesn't
|
129
|
+
# This option protects your application from creating new tokens before old **valid** one becomes
|
130
|
+
# expired so your database doesn't bloat. Keep in mind that when this option is enabled Doorkeeper
|
131
|
+
# doesn't update existing token expiration time, it will create a new token instead if no active matching
|
132
|
+
# token found for the application, resources owner and/or set of scopes.
|
132
133
|
# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
|
133
134
|
#
|
134
135
|
# You can not enable this option together with +hash_token_secrets+.
|
@@ -390,6 +391,23 @@ Doorkeeper.configure do
|
|
390
391
|
# resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
|
391
392
|
# end
|
392
393
|
|
394
|
+
# Allows additional data fields to be sent while granting access to an application,
|
395
|
+
# and for this additional data to be included in subsequently generated access tokens.
|
396
|
+
# The 'authorizations/new' page will need to be overridden to include this additional data
|
397
|
+
# in the request params when granting access. The access grant and access token models
|
398
|
+
# will both need to respond to these additional data fields, and have a database column
|
399
|
+
# to store them in.
|
400
|
+
#
|
401
|
+
# Example:
|
402
|
+
# You have a multi-tenanted platform and want to be able to grant access to a specific
|
403
|
+
# tenant, rather than all the tenants a user has access to. You can use this config
|
404
|
+
# option to specify that a ':tenant_id' will be passed when authorizing. This tenant_id
|
405
|
+
# will be included in the access tokens. When a request is made with one of these access
|
406
|
+
# tokens, you can check that the requested data belongs to the specified tenant.
|
407
|
+
#
|
408
|
+
# Default value is an empty Array: []
|
409
|
+
# custom_access_token_attributes [:tenant_id]
|
410
|
+
|
393
411
|
# Hook into the strategies' request & response life-cycle in case your
|
394
412
|
# application needs advanced customization or logging:
|
395
413
|
#
|
@@ -24,9 +24,9 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
24
24
|
t.string :token, null: false
|
25
25
|
t.integer :expires_in, null: false
|
26
26
|
t.text :redirect_uri, null: false
|
27
|
+
t.string :scopes, null: false, default: ''
|
27
28
|
t.datetime :created_at, null: false
|
28
29
|
t.datetime :revoked_at
|
29
|
-
t.string :scopes, null: false, default: ''
|
30
30
|
end
|
31
31
|
|
32
32
|
add_index :oauth_access_grants, :token, unique: true
|
@@ -53,9 +53,9 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
53
53
|
|
54
54
|
t.string :refresh_token
|
55
55
|
t.integer :expires_in
|
56
|
-
t.datetime :revoked_at
|
57
|
-
t.datetime :created_at, null: false
|
58
56
|
t.string :scopes
|
57
|
+
t.datetime :created_at, null: false
|
58
|
+
t.datetime :revoked_at
|
59
59
|
|
60
60
|
# The authorization server MAY issue a new refresh token, in which case
|
61
61
|
# *the client MUST discard the old refresh token* and replace it with the
|
@@ -74,7 +74,17 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
74
74
|
end
|
75
75
|
|
76
76
|
add_index :oauth_access_tokens, :token, unique: true
|
77
|
-
|
77
|
+
|
78
|
+
# See https://github.com/doorkeeper-gem/doorkeeper/issues/1592
|
79
|
+
if ActiveRecord::Base.connection.adapter_name == "SQLServer"
|
80
|
+
execute <<~SQL.squish
|
81
|
+
CREATE UNIQUE NONCLUSTERED INDEX index_oauth_access_tokens_on_refresh_token ON oauth_access_tokens(refresh_token)
|
82
|
+
WHERE refresh_token IS NOT NULL
|
83
|
+
SQL
|
84
|
+
else
|
85
|
+
add_index :oauth_access_tokens, :refresh_token, unique: true
|
86
|
+
end
|
87
|
+
|
78
88
|
add_foreign_key(
|
79
89
|
:oauth_access_tokens,
|
80
90
|
:oauth_applications,
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.6.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Felipe Elias Philipp
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2023-03-29 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: railties
|
@@ -56,7 +56,7 @@ dependencies:
|
|
56
56
|
- !ruby/object:Gem::Version
|
57
57
|
version: '0'
|
58
58
|
- !ruby/object:Gem::Dependency
|
59
|
-
name:
|
59
|
+
name: coveralls_reborn
|
60
60
|
requirement: !ruby/object:Gem::Requirement
|
61
61
|
requirements:
|
62
62
|
- - ">="
|
@@ -69,20 +69,6 @@ dependencies:
|
|
69
69
|
- - ">="
|
70
70
|
- !ruby/object:Gem::Version
|
71
71
|
version: '0'
|
72
|
-
- !ruby/object:Gem::Dependency
|
73
|
-
name: danger
|
74
|
-
requirement: !ruby/object:Gem::Requirement
|
75
|
-
requirements:
|
76
|
-
- - "~>"
|
77
|
-
- !ruby/object:Gem::Version
|
78
|
-
version: '8.0'
|
79
|
-
type: :development
|
80
|
-
prerelease: false
|
81
|
-
version_requirements: !ruby/object:Gem::Requirement
|
82
|
-
requirements:
|
83
|
-
- - "~>"
|
84
|
-
- !ruby/object:Gem::Version
|
85
|
-
version: '8.0'
|
86
72
|
- !ruby/object:Gem::Dependency
|
87
73
|
name: database_cleaner
|
88
74
|
requirement: !ruby/object:Gem::Requirement
|
@@ -167,6 +153,20 @@ dependencies:
|
|
167
153
|
- - ">="
|
168
154
|
- !ruby/object:Gem::Version
|
169
155
|
version: '0'
|
156
|
+
- !ruby/object:Gem::Dependency
|
157
|
+
name: timecop
|
158
|
+
requirement: !ruby/object:Gem::Requirement
|
159
|
+
requirements:
|
160
|
+
- - ">="
|
161
|
+
- !ruby/object:Gem::Version
|
162
|
+
version: '0'
|
163
|
+
type: :development
|
164
|
+
prerelease: false
|
165
|
+
version_requirements: !ruby/object:Gem::Requirement
|
166
|
+
requirements:
|
167
|
+
- - ">="
|
168
|
+
- !ruby/object:Gem::Version
|
169
|
+
version: '0'
|
170
170
|
description: Doorkeeper is an OAuth 2 provider for Rails and Grape.
|
171
171
|
email:
|
172
172
|
- bulaj.nikita@gmail.com
|
@@ -221,8 +221,10 @@ files:
|
|
221
221
|
- lib/doorkeeper/models/application_mixin.rb
|
222
222
|
- lib/doorkeeper/models/concerns/accessible.rb
|
223
223
|
- lib/doorkeeper/models/concerns/expirable.rb
|
224
|
+
- lib/doorkeeper/models/concerns/expiration_time_sql_math.rb
|
224
225
|
- lib/doorkeeper/models/concerns/orderable.rb
|
225
226
|
- lib/doorkeeper/models/concerns/ownership.rb
|
227
|
+
- lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb
|
226
228
|
- lib/doorkeeper/models/concerns/resource_ownerable.rb
|
227
229
|
- lib/doorkeeper/models/concerns/reusable.rb
|
228
230
|
- lib/doorkeeper/models/concerns/revocable.rb
|
@@ -337,14 +339,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
337
339
|
requirements:
|
338
340
|
- - ">="
|
339
341
|
- !ruby/object:Gem::Version
|
340
|
-
version: '2.
|
342
|
+
version: '2.7'
|
341
343
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
342
344
|
requirements:
|
343
345
|
- - ">="
|
344
346
|
- !ruby/object:Gem::Version
|
345
347
|
version: '0'
|
346
348
|
requirements: []
|
347
|
-
rubygems_version: 3.1.
|
349
|
+
rubygems_version: 3.1.6
|
348
350
|
signing_key:
|
349
351
|
specification_version: 4
|
350
352
|
summary: OAuth 2 provider for Rails and Grape
|