doorkeeper 5.6.0.rc2 → 5.6.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/app/controllers/doorkeeper/tokens_controller.rb +8 -5
  4. data/lib/doorkeeper/config.rb +25 -2
  5. data/lib/doorkeeper/models/access_token_mixin.rb +1 -1
  6. data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb +1 -0
  7. data/lib/doorkeeper/oauth/authorization/token.rb +2 -1
  8. data/lib/doorkeeper/oauth/base_request.rb +2 -1
  9. data/lib/doorkeeper/oauth/client_credentials/creator.rb +2 -1
  10. data/lib/doorkeeper/orm/active_record/mixins/application.rb +12 -1
  11. data/lib/doorkeeper/rails/routes.rb +6 -2
  12. data/lib/doorkeeper/version.rb +2 -2
  13. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 20ae797cf3d3bbae03c2806317ccf13b5d8a6af6ab7deb616da11ef420c719b2
4
- data.tar.gz: d54bfa9df5f31f2aaf47a539c8431e875d2d6de097b258f8abd76ba0608f406f
3
+ metadata.gz: ce1eaa79936bb41cc80803251a0467452fe07f2ffc00f4f2568a136d7d082775
4
+ data.tar.gz: 67803c41e4db2123e43af3adce5f9cbe6bdae3b845ddbbd83b4f0bfdc1c867fc
5
5
  SHA512:
6
- metadata.gz: 990717e93492f319f26ea342e8b85abbf1a8ef9ff56af1912e1ffeec395b40258769deec28767ee80837b2da3357ede8a73710e5995ab36300eb7bc75ebca7bc
7
- data.tar.gz: 7a2da6ff4a8dbfe5964237420ed97da93d06d87141194ba34f48aeabbafde936e3480043ccdac3cb497896b1fa4b44715ccc3ef43e67902d7c87094125e69120
6
+ metadata.gz: 46918fc44f2d6f98699457745fc7e5fe6ae851664b3f1d256173ef4638358f734f737f72ecf029d9676a942623222063f5b53771a7b3cc75624fd0a94dd8b051
7
+ data.tar.gz: e4134baf4b4f5757167fc4f11e12ef92066e884cb4988e2d667a3c6df53962e75ab39357b8022b320891653d362c5b4ea4b087e030847101da1419bdf1581ee2
data/CHANGELOG.md CHANGED
@@ -9,6 +9,16 @@ User-visible changes worth mentioning.
9
9
 
10
10
  - [#ID] Add your PR description here.
11
11
 
12
+ ## 5.6.1
13
+
14
+ - [#1593] Add support for Trilogy ActiveRecord adapter.
15
+ - [#1597] Add optional support to use the url path for the native authorization code flow. Ports forward [#1143] from 4.4.3
16
+ - [#1599] Remove unnecessarily re-fetch of application object when creating an access token.
17
+
18
+ ## 5.6.0
19
+
20
+ - [#1581] Consider `token_type_hint` when searching for access token in TokensController to avoid extra database calls.
21
+
12
22
  ## 5.6.0.rc1
13
23
 
14
24
  - [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
data/app/controllers/doorkeeper/tokens_controller.rb CHANGED
@@ -30,6 +30,7 @@ module Doorkeeper
30
30
  end
31
31
  end
32
32
 
33
+ # OAuth 2.0 Token Introspection - https://datatracker.ietf.org/doc/html/rfc7662
33
34
  def introspect
34
35
  introspection = OAuth::TokenIntrospection.new(server, token)
35
36
 
@@ -115,12 +116,14 @@ module Doorkeeper
115
116
  token.revoke if token&.accessible?
116
117
  end
117
118
 
118
- # Doorkeeper does not use the token_type_hint logic described in the
119
- # RFC 7009 due to the refresh token implementation that is a field in
120
- # the access token model.
121
119
  def token
122
- @token ||= Doorkeeper.config.access_token_model.by_token(params["token"]) ||
123
- Doorkeeper.config.access_token_model.by_refresh_token(params["token"])
120
+ @token ||=
121
+ if params[:token_type_hint] == "refresh_token"
122
+ Doorkeeper.config.access_token_model.by_refresh_token(params["token"])
123
+ else
124
+ Doorkeeper.config.access_token_model.by_token(params["token"]) ||
125
+ Doorkeeper.config.access_token_model.by_refresh_token(params["token"])
126
+ end
124
127
  end
125
128
 
126
129
  def strategy
data/lib/doorkeeper/config.rb CHANGED
@@ -159,6 +159,15 @@ module Doorkeeper
159
159
  @config.instance_variable_set(:@reuse_access_token, true)
160
160
  end
161
161
 
162
+ # Choose to use the url path for native autorization codes
163
+ # Enabling this flag sets the authorization code response route for
164
+ # native redirect uris to oauth/authorize/<code>. The default is
165
+ # oauth/authorize/native?code=<code>.
166
+ # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1143
167
+ def use_url_path_for_native_authorization
168
+ @config.instance_variable_set(:@use_url_path_for_native_authorization, true)
169
+ end
170
+
162
171
  # TODO: maybe make it more generic for other flows too?
163
172
  # Only allow one valid access token obtained via client credentials
164
173
  # per client. If a new access token is obtained before the old one
@@ -387,11 +396,20 @@ module Doorkeeper
387
396
  option :access_token_generator,
388
397
  default: "Doorkeeper::OAuth::Helpers::UniqueToken"
389
398
 
399
+ # Use a custom class for generating the application secret.
400
+ # https://doorkeeper.gitbook.io/guides/configuration/other-configurations#custom-application-secret-generator
401
+ #
402
+ # @param application_secret_generator [String]
403
+ # the name of the application secret generator class
404
+ #
405
+ option :application_secret_generator,
406
+ default: "Doorkeeper::OAuth::Helpers::UniqueToken"
407
+
390
408
  # Default access token generator is a SecureRandom class from Ruby stdlib.
391
409
  # This option defines which method will be used to generate a unique token value.
392
410
  #
393
- # @param access_token_generator [String]
394
- # the name of the access token generator class
411
+ # @param default_generator_method [Symbol]
412
+ # the method name of the default access token generator
395
413
  #
396
414
  option :default_generator_method, default: :urlsafe_base64
397
415
 
@@ -614,6 +632,11 @@ module Doorkeeper
614
632
  def deprecated_token_grant_types_resolver
615
633
  @deprecated_token_grant_types ||= calculate_token_grant_types
616
634
  end
635
+
636
+ def native_authorization_code_route
637
+ @use_url_path_for_native_authorization = false unless defined?(@use_url_path_for_native_authorization)
638
+ @use_url_path_for_native_authorization ? '/:code' : '/native'
639
+ end
617
640
 
618
641
  # [NOTE]: deprecated and will be removed soon
619
642
  def deprecated_authorization_flows
data/lib/doorkeeper/models/access_token_mixin.rb CHANGED
@@ -212,7 +212,7 @@ module Doorkeeper
212
212
  # @return [Doorkeeper::AccessToken] new access token
213
213
  #
214
214
  def create_for(application:, resource_owner:, scopes:, **token_attributes)
215
- token_attributes[:application_id] = application&.id
215
+ token_attributes[:application] = application
216
216
  token_attributes[:scopes] = scopes.to_s
217
217
 
218
218
  if Doorkeeper.config.polymorphic_resource_owner?
data/lib/doorkeeper/models/concerns/expiration_time_sql_math.rb CHANGED
@@ -56,6 +56,7 @@ module Doorkeeper
56
56
  "postgresql" => PostgresExpirationTimeSqlGenerator,
57
57
  "mysql" => MySqlExpirationTimeSqlGenerator,
58
58
  "mysql2" => MySqlExpirationTimeSqlGenerator,
59
+ "trilogy" => MySqlExpirationTimeSqlGenerator,
59
60
  "sqlserver" => SqlServerExpirationTimeSqlGenerator,
60
61
  "oracleenhanced" => OracleExpirationTimeSqlGenerator,
61
62
  }.freeze
data/lib/doorkeeper/oauth/authorization/token.rb CHANGED
@@ -59,8 +59,9 @@ module Doorkeeper
59
59
  resource_owner,
60
60
  )
61
61
 
62
+ application = pre_auth.client.is_a?(Doorkeeper::Application) ? pre_auth.client : pre_auth.client.application if pre_auth.client
62
63
  @token = Doorkeeper.config.access_token_model.find_or_create_for(
63
- application: pre_auth.client,
64
+ application: application,
64
65
  resource_owner: resource_owner,
65
66
  scopes: pre_auth.scopes,
66
67
  expires_in: self.class.access_token_expires_in(Doorkeeper.config, context),
data/lib/doorkeeper/oauth/base_request.rb CHANGED
@@ -28,8 +28,9 @@ module Doorkeeper
28
28
 
29
29
  def find_or_create_access_token(client, resource_owner, scopes, server)
30
30
  context = Authorization::Token.build_context(client, grant_type, scopes, resource_owner)
31
+ application = client.is_a?(Doorkeeper::Application) ? client : client.application if client
31
32
  @access_token = server_config.access_token_model.find_or_create_for(
32
- application: client,
33
+ application: application,
33
34
  resource_owner: resource_owner,
34
35
  scopes: scopes,
35
36
  expires_in: Authorization::Token.access_token_expires_in(server, context),
data/lib/doorkeeper/oauth/client_credentials/creator.rb CHANGED
@@ -13,8 +13,9 @@ module Doorkeeper
13
13
  end
14
14
 
15
15
  with_revocation(existing_token: existing_token) do
16
+ application = client.is_a?(Doorkeeper::Application) ? client : client.application if client
16
17
  server_config.access_token_model.create_for(
17
- application: client,
18
+ application: application,
18
19
  resource_owner: nil,
19
20
  scopes: scopes,
20
21
  **attributes,
data/lib/doorkeeper/orm/active_record/mixins/application.rb CHANGED
@@ -48,7 +48,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
48
48
  # @return [String] new transformed secret value
49
49
  #
50
50
  def renew_secret
51
- @raw_secret = Doorkeeper::OAuth::Helpers::UniqueToken.generate
51
+ @raw_secret = secret_generator.generate
52
52
  secret_strategy.store_secret(self, :secret, @raw_secret)
53
53
  end
54
54
 
@@ -106,6 +106,17 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
106
106
 
107
107
  private
108
108
 
109
+ def secret_generator
110
+ generator_name = Doorkeeper.config.application_secret_generator
111
+ generator = generator_name.constantize
112
+
113
+ return generator if generator.respond_to?(:generate)
114
+
115
+ raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
116
+ rescue NameError
117
+ raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
118
+ end
119
+
109
120
  def generate_uid
110
121
  self.uid = Doorkeeper::OAuth::Helpers::UniqueToken.generate if uid.blank?
111
122
  end
data/lib/doorkeeper/rails/routes.rb CHANGED
@@ -53,8 +53,8 @@ module Doorkeeper
53
53
  as: mapping[:as],
54
54
  controller: mapping[:controllers],
55
55
  ) do
56
- routes.get "/native", action: :show, on: :member
57
- routes.get "/", action: :new, on: :member
56
+ routes.get native_authorization_code_route, action: :show, on: :member
57
+ routes.get '/', action: :new, on: :member
58
58
  end
59
59
  end
60
60
 
@@ -96,6 +96,10 @@ module Doorkeeper
96
96
  only: %i[index destroy],
97
97
  controller: mapping[:controllers]
98
98
  end
99
+
100
+ def native_authorization_code_route
101
+ Doorkeeper.configuration.native_authorization_code_route
102
+ end
99
103
  end
100
104
  end
101
105
  end
data/lib/doorkeeper/version.rb CHANGED
@@ -5,8 +5,8 @@ module Doorkeeper
5
5
  # Semantic versioning
6
6
  MAJOR = 5
7
7
  MINOR = 6
8
- TINY = 0
9
- PRE = "rc2"
8
+ TINY = 1
9
+ PRE = nil
10
10
 
11
11
  # Full version number
12
12
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.6.0.rc2
4
+ version: 5.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2022-05-26 00:00:00.000000000 Z
14
+ date: 2022-11-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties
@@ -355,9 +355,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
355
355
  version: '2.5'
356
356
  required_rubygems_version: !ruby/object:Gem::Requirement
357
357
  requirements:
358
- - - ">"
358
+ - - ">="
359
359
  - !ruby/object:Gem::Version
360
- version: 1.3.1
360
+ version: '0'
361
361
  requirements: []
362
362
  rubygems_version: 3.0.8
363
363
  signing_key: