doorkeeper 5.6.0.rc1 → 5.6.0.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +1 -1
  4. data/lib/doorkeeper/engine.rb +2 -1
  5. data/lib/doorkeeper/oauth/client_credentials/validator.rb +1 -2
  6. data/lib/doorkeeper/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: df3e3b249cbce772b71839620b242117d68de8b27ecc160258a69be87061a6c5
4
- data.tar.gz: e97a550caeba3bee776ccf64e3e4c060740f20ea06f75116648dfde2ac8be233
3
+ metadata.gz: 20ae797cf3d3bbae03c2806317ccf13b5d8a6af6ab7deb616da11ef420c719b2
4
+ data.tar.gz: d54bfa9df5f31f2aaf47a539c8431e875d2d6de097b258f8abd76ba0608f406f
5
5
  SHA512:
6
- metadata.gz: 4afbafc9be4c359b02fc91ade712826c7e312f2fb46f894b099bcfb127b53b05699b9070fefa836e1e612f3b73f1ff45c9a7a2b5586d2a10b3ee02c2c64bb9a5
7
- data.tar.gz: eaf7d3a1c54c4c2c28ce0cbfcbda0ab01dedd5b0c7c3ff9dbc5ef264915f5d5b38ae54f2640c18ad279655a955107b6e63d6f899dbd9806161222dd3e6f2ee8a
6
+ metadata.gz: 990717e93492f319f26ea342e8b85abbf1a8ef9ff56af1912e1ffeec395b40258769deec28767ee80837b2da3357ede8a73710e5995ab36300eb7bc75ebca7bc
7
+ data.tar.gz: 7a2da6ff4a8dbfe5964237420ed97da93d06d87141194ba34f48aeabbafde936e3480043ccdac3cb497896b1fa4b44715ccc3ef43e67902d7c87094125e69120
data/CHANGELOG.md CHANGED
@@ -11,6 +11,12 @@ User-visible changes worth mentioning.
11
11
 
12
12
  ## 5.6.0.rc1
13
13
 
14
+ - [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
15
+ application scopes when using client credentials.
16
+ - [#1567] Only filter `code` parameter if authorization_code grant flow is enabled.
17
+
18
+ ## 5.6.0.rc1
19
+
14
20
  - [#1551] Change lazy loading for ORM to be Ruby standard autoload.
15
21
  - [#1552] Remove duplicate IDs on Auth form to improve accessibility.
16
22
  - [#1542] Improve performance of `Doorkeeper::AccessToken#matching_token_for` using database specific SQL time math.
data/README.md CHANGED
@@ -4,7 +4,6 @@
4
4
  [![CI](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml/badge.svg)](https://github.com/doorkeeper-gem/doorkeeper/actions/workflows/ci.yml)
5
5
  [![Code Climate](https://codeclimate.com/github/doorkeeper-gem/doorkeeper.svg)](https://codeclimate.com/github/doorkeeper-gem/doorkeeper)
6
6
  [![Coverage Status](https://coveralls.io/repos/github/doorkeeper-gem/doorkeeper/badge.svg?branch=main)](https://coveralls.io/github/doorkeeper-gem/doorkeeper?branch=main)
7
- [![Security](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main.svg)](https://hakiri.io/github/doorkeeper-gem/doorkeeper/main)
8
7
  [![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
9
8
  [![GuardRails badge](https://badges.guardrails.io/doorkeeper-gem/doorkeeper.svg?token=66768ce8f6995814df81f65a2cff40f739f688492704f973e62809e15599bb62)](https://dashboard.guardrails.io/default/gh/doorkeeper-gem/doorkeeper)
10
9
  [![Dependabot](https://img.shields.io/badge/dependabot-enabled-success.svg)](https://dependabot.com)
@@ -107,6 +106,7 @@ Extensions that are not included by default and can be installed separately.
107
106
  | Assertion grant extension | [doorkeeper-gem/doorkeeper-grants\_assertion](https://github.com/doorkeeper-gem/doorkeeper-grants_assertion) |
108
107
  | I18n translations | [doorkeeper-gem/doorkeeper-i18n](https://github.com/doorkeeper-gem/doorkeeper-i18n) |
109
108
  | CIBA - Client Initiated Backchannel Authentication Flow extention | [doorkeeper-ciba](https://github.com/autoseg/doorkeeper-ciba) |
109
+ | Device Authorization Grant | [doorkeeper-device_authorization_grant](https://github.com/exop-group/doorkeeper-device_authorization_grant) |
110
110
 
111
111
  ## Example Applications
112
112
 
data/lib/doorkeeper/engine.rb CHANGED
@@ -3,7 +3,8 @@
3
3
  module Doorkeeper
4
4
  class Engine < Rails::Engine
5
5
  initializer "doorkeeper.params.filter" do |app|
6
- parameters = %w[client_secret code authentication_token access_token refresh_token]
6
+ parameters = %w[client_secret authentication_token access_token refresh_token]
7
+ parameters << "code" if Doorkeeper.config.grant_flows.include?("authorization_code")
7
8
  app.config.filter_parameters << /^(#{Regexp.union(parameters)})$/
8
9
  end
9
10
 
data/lib/doorkeeper/oauth/client_credentials/validator.rb CHANGED
@@ -35,13 +35,12 @@ module Doorkeeper
35
35
  end
36
36
 
37
37
  def validate_scopes
38
- return true if @request.scopes.blank?
39
-
40
38
  application_scopes = if @client.present?
41
39
  @client.application.scopes
42
40
  else
43
41
  ""
44
42
  end
43
+ return true if @request.scopes.blank? && application_scopes.blank?
45
44
 
46
45
  ScopeChecker.valid?(
47
46
  scope_str: @request.scopes.to_s,
data/lib/doorkeeper/version.rb CHANGED
@@ -6,7 +6,7 @@ module Doorkeeper
6
6
  MAJOR = 5
7
7
  MINOR = 6
8
8
  TINY = 0
9
- PRE = "rc1"
9
+ PRE = "rc2"
10
10
 
11
11
  # Full version number
12
12
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.6.0.rc1
4
+ version: 5.6.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2022-02-04 00:00:00.000000000 Z
14
+ date: 2022-05-26 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties