doorkeeper 5.6.2 → 5.6.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -3
- data/README.md +1 -1
- data/lib/doorkeeper/config/abstract_builder.rb +1 -1
- data/lib/doorkeeper/config.rb +0 -75
- data/lib/doorkeeper/engine.rb +7 -5
- data/lib/doorkeeper/models/access_token_mixin.rb +4 -3
- data/lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb +30 -0
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +3 -3
- data/lib/doorkeeper/oauth/token_introspection.rb +1 -1
- data/lib/doorkeeper/orm/active_record/mixins/access_grant.rb +0 -6
- data/lib/doorkeeper/orm/active_record/mixins/access_token.rb +0 -4
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +0 -4
- data/lib/doorkeeper/orm/active_record/redirect_uri_validator.rb +2 -2
- data/lib/doorkeeper/orm/active_record/stale_records_cleaner.rb +5 -2
- data/lib/doorkeeper/orm/active_record.rb +7 -11
- data/lib/doorkeeper/rails/routes.rb +6 -1
- data/lib/doorkeeper/version.rb +1 -1
- data/lib/doorkeeper.rb +72 -5
- data/lib/generators/doorkeeper/templates/migration.rb.erb +14 -4
- metadata +5 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e1f7bb9a1bb5e08c4b7c3ccb920bef61fbbd1dc0b11f76bba3a3d76a6fc8eeed
|
4
|
+
data.tar.gz: 456ffe74dac831f3b797565041e46ecf241fb4cfc597d0bc39aa7a3893abeecb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e23087c44495ce91c7e23f1bf8cd771dc82bdb92ffa1cac8f8bef2e42919bf8eea1ac86b1ed76580537c4b5a6b2ba571452470677259fb61e4be0e151091ad7
|
7
|
+
data.tar.gz: fcafc844c46bab18f03d5dd7e8bd345111fb57530275adbf8d9954f8e8c1436b29ded79e15f6321e9f86c845836b713c65aca23398114cfdb5c77e9b87a01647
|
data/CHANGELOG.md
CHANGED
@@ -9,6 +9,20 @@ User-visible changes worth mentioning.
|
|
9
9
|
|
10
10
|
- [#ID] Add your PR description here.
|
11
11
|
|
12
|
+
# 5.6.4
|
13
|
+
|
14
|
+
- [#1633] Apply ORM configuration in #to_prepare block to avoid autoloading errors.
|
15
|
+
|
16
|
+
# 5.6.3
|
17
|
+
|
18
|
+
- [#1622] Drop support for Rubies 2.5 and 2.6
|
19
|
+
- [#1605] Fix URI validation for Ruby 3.2+.
|
20
|
+
- [#1625] Exclude endless access tokens from `StaleRecordsCleaner`.
|
21
|
+
- [#1626] Remove deprecated `active_record_options` config option.
|
22
|
+
- [#1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
|
23
|
+
- [#1630] Special case unique index creation for refresh_token on SQL Server.
|
24
|
+
- [#1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.
|
25
|
+
|
12
26
|
## 5.6.2
|
13
27
|
|
14
28
|
- [#1604] Fix fetching of the application when custom application_class defined.
|
@@ -23,7 +37,7 @@ User-visible changes worth mentioning.
|
|
23
37
|
|
24
38
|
- [#1581] Consider `token_type_hint` when searching for access token in TokensController to avoid extra database calls.
|
25
39
|
|
26
|
-
## 5.6.0.
|
40
|
+
## 5.6.0.rc2
|
27
41
|
|
28
42
|
- [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
|
29
43
|
application scopes when using client credentials.
|
@@ -284,7 +298,7 @@ User-visible changes worth mentioning.
|
|
284
298
|
- [#1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
|
285
299
|
- [#1234] Fix `StaleRecordsCleaner` to properly work with big amount of records.
|
286
300
|
- [#1228] Allow to explicitly set non-expiring tokens in `custom_access_token_expires_in` configuration
|
287
|
-
option using `Float::
|
301
|
+
option using `Float::INFINITY` return value.
|
288
302
|
- [#1224] Do not try to store token if not found by fallback hashing strategy.
|
289
303
|
- [#1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
|
290
304
|
- [#1220] Drop Rails 4.2 & Ruby < 2.4 support.
|
@@ -369,7 +383,7 @@ User-visible changes worth mentioning.
|
|
369
383
|
- [#1116] `AccessGrant`s will now be revoked along with `AccessToken`s when
|
370
384
|
hitting the `AuthorizedApplicationController#destroy` route.
|
371
385
|
- [#1114] Make token info endpoint's attributes consistent with token creation
|
372
|
-
- [#1108] Simple
|
386
|
+
- [#1108] Simple formatting of callback URLs when listing oauth applications
|
373
387
|
- [#1106] Restrict access to AdminController with 'Forbidden 403' if admin_authenticator is not
|
374
388
|
configured by developers.
|
375
389
|
|
data/README.md
CHANGED
@@ -105,7 +105,7 @@ Extensions that are not included by default and can be installed separately.
|
|
105
105
|
| JWT Token support | [doorkeeper-gem/doorkeeper-jwt](https://github.com/doorkeeper-gem/doorkeeper-jwt) |
|
106
106
|
| Assertion grant extension | [doorkeeper-gem/doorkeeper-grants\_assertion](https://github.com/doorkeeper-gem/doorkeeper-grants_assertion) |
|
107
107
|
| I18n translations | [doorkeeper-gem/doorkeeper-i18n](https://github.com/doorkeeper-gem/doorkeeper-i18n) |
|
108
|
-
| CIBA - Client Initiated Backchannel Authentication Flow
|
108
|
+
| CIBA - Client Initiated Backchannel Authentication Flow extension | [doorkeeper-ciba](https://github.com/autoseg/doorkeeper-ciba) |
|
109
109
|
| Device Authorization Grant | [doorkeeper-device_authorization_grant](https://github.com/exop-group/doorkeeper-device_authorization_grant) |
|
110
110
|
|
111
111
|
## Example Applications
|
data/lib/doorkeeper/config.rb
CHANGED
@@ -5,81 +5,11 @@ require "doorkeeper/config/option"
|
|
5
5
|
require "doorkeeper/config/validations"
|
6
6
|
|
7
7
|
module Doorkeeper
|
8
|
-
# Defines a MissingConfiguration error for a missing Doorkeeper configuration
|
9
|
-
#
|
10
|
-
class MissingConfiguration < StandardError
|
11
|
-
def initialize
|
12
|
-
super("Configuration for doorkeeper missing. Do you have doorkeeper initializer?")
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
8
|
# Doorkeeper option DSL could be reused in extensions to build their own
|
17
9
|
# configurations. To use the Option DSL gems need to define `builder_class` method
|
18
10
|
# that returns configuration Builder class. This exception raises when they don't
|
19
11
|
# define it.
|
20
12
|
#
|
21
|
-
class MissingConfigurationBuilderClass < StandardError; end
|
22
|
-
|
23
|
-
class << self
|
24
|
-
attr_reader :orm_adapter
|
25
|
-
|
26
|
-
def configure(&block)
|
27
|
-
@config = Config::Builder.new(&block).build
|
28
|
-
end
|
29
|
-
|
30
|
-
# @return [Doorkeeper::Config] configuration instance
|
31
|
-
#
|
32
|
-
def configuration
|
33
|
-
@config || (raise MissingConfiguration)
|
34
|
-
end
|
35
|
-
|
36
|
-
alias config configuration
|
37
|
-
|
38
|
-
def setup
|
39
|
-
setup_orm_adapter
|
40
|
-
run_orm_hooks
|
41
|
-
config.clear_cache!
|
42
|
-
|
43
|
-
# Deprecated, will be removed soon
|
44
|
-
unless configuration.orm == :active_record
|
45
|
-
setup_orm_models
|
46
|
-
setup_application_owner
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def setup_orm_adapter
|
51
|
-
@orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
|
52
|
-
rescue NameError => e
|
53
|
-
raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
|
54
|
-
[DOORKEEPER] ORM adapter not found (#{configuration.orm}), or there was an error
|
55
|
-
trying to load it.
|
56
|
-
|
57
|
-
You probably need to add the related gem for this adapter to work with
|
58
|
-
doorkeeper.
|
59
|
-
ERROR_MSG
|
60
|
-
end
|
61
|
-
|
62
|
-
def run_orm_hooks
|
63
|
-
if @orm_adapter.respond_to?(:run_hooks)
|
64
|
-
@orm_adapter.run_hooks
|
65
|
-
else
|
66
|
-
::Kernel.warn <<~MSG.strip_heredoc
|
67
|
-
[DOORKEEPER] ORM "#{configuration.orm}" should move all it's setup logic under `#run_hooks` method for
|
68
|
-
the #{@orm_adapter.name}. Later versions of Doorkeeper will no longer support `setup_orm_models` and
|
69
|
-
`setup_application_owner` API.
|
70
|
-
MSG
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
def setup_orm_models
|
75
|
-
@orm_adapter.initialize_models!
|
76
|
-
end
|
77
|
-
|
78
|
-
def setup_application_owner
|
79
|
-
@orm_adapter.initialize_application_owner!
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
13
|
class Config
|
84
14
|
# Default Doorkeeper configuration builder
|
85
15
|
class Builder < AbstractBuilder
|
@@ -324,11 +254,6 @@ module Doorkeeper
|
|
324
254
|
option :skip_client_authentication_for_password_grant,
|
325
255
|
default: false
|
326
256
|
|
327
|
-
# TODO: remove the option
|
328
|
-
option :active_record_options,
|
329
|
-
default: {},
|
330
|
-
deprecated: { message: "Customize Doorkeeper models instead" }
|
331
|
-
|
332
257
|
# Hook to allow arbitrary user-client authorization
|
333
258
|
option :authorize_resource_owner_for_client,
|
334
259
|
default: ->(_client, _resource_owner) { true }
|
data/lib/doorkeeper/engine.rb
CHANGED
@@ -2,10 +2,12 @@
|
|
2
2
|
|
3
3
|
module Doorkeeper
|
4
4
|
class Engine < Rails::Engine
|
5
|
-
initializer "doorkeeper.params.filter" do |app|
|
6
|
-
|
7
|
-
|
8
|
-
|
5
|
+
initializer "doorkeeper.params.filter", after: :load_config_initializers do |app|
|
6
|
+
if Doorkeeper.configured?
|
7
|
+
parameters = %w[client_secret authentication_token access_token refresh_token]
|
8
|
+
parameters << "code" if Doorkeeper.config.grant_flows.include?("authorization_code")
|
9
|
+
app.config.filter_parameters << /^(#{Regexp.union(parameters)})$/
|
10
|
+
end
|
9
11
|
end
|
10
12
|
|
11
13
|
initializer "doorkeeper.routes" do
|
@@ -19,7 +21,7 @@ module Doorkeeper
|
|
19
21
|
end
|
20
22
|
|
21
23
|
config.to_prepare do
|
22
|
-
Doorkeeper.
|
24
|
+
Doorkeeper.run_orm_hooks
|
23
25
|
end
|
24
26
|
|
25
27
|
if defined?(Sprockets) && Sprockets::VERSION.chr.to_i >= 4
|
@@ -87,8 +87,9 @@ module Doorkeeper
|
|
87
87
|
# @return [Doorkeeper::AccessToken, nil] Access Token instance or
|
88
88
|
# nil if matching record was not found
|
89
89
|
#
|
90
|
-
def matching_token_for(application, resource_owner, scopes)
|
91
|
-
tokens = authorized_tokens_for(application&.id, resource_owner)
|
90
|
+
def matching_token_for(application, resource_owner, scopes, include_expired: true)
|
91
|
+
tokens = authorized_tokens_for(application&.id, resource_owner)
|
92
|
+
tokens = tokens.not_expired unless include_expired
|
92
93
|
find_matching_token(tokens, application, scopes)
|
93
94
|
end
|
94
95
|
|
@@ -180,7 +181,7 @@ module Doorkeeper
|
|
180
181
|
#
|
181
182
|
def find_or_create_for(application:, resource_owner:, scopes:, **token_attributes)
|
182
183
|
if Doorkeeper.config.reuse_access_token
|
183
|
-
access_token = matching_token_for(application, resource_owner, scopes)
|
184
|
+
access_token = matching_token_for(application, resource_owner, scopes, include_expired: false)
|
184
185
|
|
185
186
|
return access_token if access_token&.reusable?
|
186
187
|
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Doorkeeper
|
4
|
+
module Models
|
5
|
+
module PolymorphicResourceOwner
|
6
|
+
module ForAccessGrant
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
if Doorkeeper.config.polymorphic_resource_owner?
|
11
|
+
belongs_to :resource_owner, polymorphic: true, optional: false
|
12
|
+
else
|
13
|
+
validates :resource_owner_id, presence: true
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
module ForAccessToken
|
19
|
+
extend ActiveSupport::Concern
|
20
|
+
|
21
|
+
included do
|
22
|
+
if Doorkeeper.config.polymorphic_resource_owner?
|
23
|
+
belongs_to :resource_owner, polymorphic: true, optional: true
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
@@ -45,7 +45,7 @@ module Doorkeeper
|
|
45
45
|
end
|
46
46
|
|
47
47
|
def find_active_existing_token_for(client, scopes)
|
48
|
-
server_config.access_token_model.matching_token_for(client, nil, scopes)
|
48
|
+
server_config.access_token_model.matching_token_for(client, nil, scopes, include_expired: false)
|
49
49
|
end
|
50
50
|
|
51
51
|
def server_config
|
@@ -61,9 +61,9 @@ module Doorkeeper
|
|
61
61
|
end
|
62
62
|
|
63
63
|
def self.valid_scheme?(uri)
|
64
|
-
return false if uri.scheme.
|
64
|
+
return false if uri.scheme.blank?
|
65
65
|
|
66
|
-
%w[localhost].
|
66
|
+
%w[localhost].exclude?(uri.scheme)
|
67
67
|
end
|
68
68
|
|
69
69
|
def self.hypertext_scheme?(uri)
|
@@ -71,7 +71,7 @@ module Doorkeeper
|
|
71
71
|
end
|
72
72
|
|
73
73
|
def self.iff_host?(uri)
|
74
|
-
!(hypertext_scheme?(uri) && uri.host.
|
74
|
+
!(hypertext_scheme?(uri) && uri.host.blank?)
|
75
75
|
end
|
76
76
|
|
77
77
|
def self.oob_uri?(uri)
|
@@ -134,7 +134,7 @@ module Doorkeeper
|
|
134
134
|
# Since resource servers using token introspection rely on the
|
135
135
|
# authorization server to determine the state of a token, the
|
136
136
|
# authorization server MUST perform all applicable checks against a
|
137
|
-
# token's state.
|
137
|
+
# token's state. For instance, these tests include the following:
|
138
138
|
#
|
139
139
|
# o If the token can expire, the authorization server MUST determine
|
140
140
|
# whether or not the token has expired.
|
@@ -14,12 +14,6 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
14
14
|
optional: true,
|
15
15
|
inverse_of: :access_grants
|
16
16
|
|
17
|
-
if Doorkeeper.config.polymorphic_resource_owner?
|
18
|
-
belongs_to :resource_owner, polymorphic: true, optional: false
|
19
|
-
else
|
20
|
-
validates :resource_owner_id, presence: true
|
21
|
-
end
|
22
|
-
|
23
17
|
validates :application_id,
|
24
18
|
:token,
|
25
19
|
:expires_in,
|
@@ -14,10 +14,6 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
14
14
|
inverse_of: :access_tokens,
|
15
15
|
optional: true
|
16
16
|
|
17
|
-
if Doorkeeper.config.polymorphic_resource_owner?
|
18
|
-
belongs_to :resource_owner, polymorphic: true, optional: true
|
19
|
-
end
|
20
|
-
|
21
17
|
validates :token, presence: true, uniqueness: { case_sensitive: true }
|
22
18
|
validates :refresh_token, uniqueness: { case_sensitive: true }, if: :use_refresh_token?
|
23
19
|
|
@@ -10,10 +10,6 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
10
10
|
|
11
11
|
include ::Doorkeeper::ApplicationMixin
|
12
12
|
|
13
|
-
if Doorkeeper.config.enable_application_owner?
|
14
|
-
include ::Doorkeeper::Models::Ownership
|
15
|
-
end
|
16
|
-
|
17
13
|
has_many :access_grants,
|
18
14
|
foreign_key: :application_id,
|
19
15
|
dependent: :delete_all,
|
@@ -45,11 +45,11 @@ module Doorkeeper
|
|
45
45
|
end
|
46
46
|
|
47
47
|
def unspecified_host?(uri)
|
48
|
-
uri.is_a?(URI::HTTP) && uri.host.
|
48
|
+
uri.is_a?(URI::HTTP) && uri.host.blank?
|
49
49
|
end
|
50
50
|
|
51
51
|
def relative_uri?(uri)
|
52
|
-
uri.scheme.nil? && uri.host.
|
52
|
+
uri.scheme.nil? && uri.host.blank?
|
53
53
|
end
|
54
54
|
|
55
55
|
def invalid_ssl_uri?(uri)
|
@@ -15,7 +15,8 @@ module Doorkeeper
|
|
15
15
|
def clean_revoked
|
16
16
|
table = @base_scope.arel_table
|
17
17
|
|
18
|
-
@base_scope
|
18
|
+
@base_scope
|
19
|
+
.where.not(revoked_at: nil)
|
19
20
|
.where(table[:revoked_at].lt(Time.current))
|
20
21
|
.in_batches(&:delete_all)
|
21
22
|
end
|
@@ -24,7 +25,9 @@ module Doorkeeper
|
|
24
25
|
def clean_expired(ttl)
|
25
26
|
table = @base_scope.arel_table
|
26
27
|
|
27
|
-
@base_scope
|
28
|
+
@base_scope
|
29
|
+
.where.not(expires_in: nil)
|
30
|
+
.where(table[:created_at].lt(Time.current - ttl))
|
28
31
|
.in_batches(&:delete_all)
|
29
32
|
end
|
30
33
|
end
|
@@ -29,20 +29,16 @@ module Doorkeeper
|
|
29
29
|
end
|
30
30
|
|
31
31
|
def self.run_hooks
|
32
|
-
|
33
|
-
|
32
|
+
initialize_configured_associations
|
33
|
+
end
|
34
34
|
|
35
|
-
|
36
|
-
|
35
|
+
def self.initialize_configured_associations
|
36
|
+
if Doorkeeper.config.enable_application_owner?
|
37
|
+
Doorkeeper.config.application_model.include ::Doorkeeper::Models::Ownership
|
37
38
|
end
|
38
|
-
end
|
39
39
|
|
40
|
-
|
41
|
-
|
42
|
-
Doorkeeper.config.access_grant_model,
|
43
|
-
Doorkeeper.config.access_token_model,
|
44
|
-
Doorkeeper.config.application_model,
|
45
|
-
]
|
40
|
+
Doorkeeper.config.access_grant_model.include ::Doorkeeper::Models::PolymorphicResourceOwner::ForAccessGrant
|
41
|
+
Doorkeeper.config.access_token_model.include ::Doorkeeper::Models::PolymorphicResourceOwner::ForAccessToken
|
46
42
|
end
|
47
43
|
end
|
48
44
|
end
|
@@ -36,7 +36,7 @@ module Doorkeeper
|
|
36
36
|
map_route(:authorizations, :authorization_routes)
|
37
37
|
map_route(:tokens, :token_routes)
|
38
38
|
map_route(:tokens, :revoke_routes)
|
39
|
-
map_route(:tokens, :introspect_routes)
|
39
|
+
map_route(:tokens, :introspect_routes) if introspection_routes?
|
40
40
|
map_route(:applications, :application_routes)
|
41
41
|
map_route(:authorized_applications, :authorized_applications_routes)
|
42
42
|
map_route(:token_info, :token_info_routes)
|
@@ -100,6 +100,11 @@ module Doorkeeper
|
|
100
100
|
def native_authorization_code_route
|
101
101
|
Doorkeeper.configuration.native_authorization_code_route
|
102
102
|
end
|
103
|
+
|
104
|
+
def introspection_routes?
|
105
|
+
Doorkeeper.configured? &&
|
106
|
+
!Doorkeeper.config.allow_token_introspection.is_a?(FalseClass)
|
107
|
+
end
|
103
108
|
end
|
104
109
|
end
|
105
110
|
end
|
data/lib/doorkeeper/version.rb
CHANGED
data/lib/doorkeeper.rb
CHANGED
@@ -90,6 +90,7 @@ module Doorkeeper
|
|
90
90
|
autoload :Expirable, "doorkeeper/models/concerns/expirable"
|
91
91
|
autoload :ExpirationTimeSqlMath, "doorkeeper/models/concerns/expiration_time_sql_math"
|
92
92
|
autoload :Orderable, "doorkeeper/models/concerns/orderable"
|
93
|
+
autoload :PolymorphicResourceOwner, "doorkeeper/models/concerns/polymorphic_resource_owner"
|
93
94
|
autoload :Scopes, "doorkeeper/models/concerns/scopes"
|
94
95
|
autoload :Reusable, "doorkeeper/models/concerns/reusable"
|
95
96
|
autoload :ResourceOwnerable, "doorkeeper/models/concerns/resource_ownerable"
|
@@ -113,11 +114,77 @@ module Doorkeeper
|
|
113
114
|
autoload :BCrypt, "doorkeeper/secret_storing/bcrypt"
|
114
115
|
end
|
115
116
|
|
116
|
-
|
117
|
-
|
118
|
-
|
117
|
+
class << self
|
118
|
+
attr_reader :orm_adapter
|
119
|
+
|
120
|
+
def configure(&block)
|
121
|
+
@config = Config::Builder.new(&block).build
|
122
|
+
setup
|
123
|
+
@config
|
124
|
+
end
|
125
|
+
|
126
|
+
# @return [Doorkeeper::Config] configuration instance
|
127
|
+
#
|
128
|
+
def configuration
|
129
|
+
@config || configure
|
130
|
+
end
|
131
|
+
|
132
|
+
def configured?
|
133
|
+
!@config.nil?
|
134
|
+
end
|
135
|
+
|
136
|
+
alias config configuration
|
137
|
+
|
138
|
+
def setup
|
139
|
+
setup_orm_adapter
|
140
|
+
|
141
|
+
# Deprecated, will be removed soon
|
142
|
+
unless configuration.orm == :active_record
|
143
|
+
setup_orm_models
|
144
|
+
setup_application_owner
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
def setup_orm_adapter
|
149
|
+
@orm_adapter = "doorkeeper/orm/#{configuration.orm}".classify.constantize
|
150
|
+
rescue NameError => e
|
151
|
+
raise e, "ORM adapter not found (#{configuration.orm})", <<-ERROR_MSG.strip_heredoc
|
152
|
+
[DOORKEEPER] ORM adapter not found (#{configuration.orm}), or there was an error
|
153
|
+
trying to load it.
|
119
154
|
|
120
|
-
|
121
|
-
|
155
|
+
You probably need to add the related gem for this adapter to work with
|
156
|
+
doorkeeper.
|
157
|
+
ERROR_MSG
|
158
|
+
end
|
159
|
+
|
160
|
+
def run_orm_hooks
|
161
|
+
config.clear_cache!
|
162
|
+
|
163
|
+
if @orm_adapter.respond_to?(:run_hooks)
|
164
|
+
@orm_adapter.run_hooks
|
165
|
+
else
|
166
|
+
::Kernel.warn <<~MSG.strip_heredoc
|
167
|
+
[DOORKEEPER] ORM "#{configuration.orm}" should move all it's setup logic under `#run_hooks` method for
|
168
|
+
the #{@orm_adapter.name}. Later versions of Doorkeeper will no longer support `setup_orm_models` and
|
169
|
+
`setup_application_owner` API.
|
170
|
+
MSG
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
def setup_orm_models
|
175
|
+
@orm_adapter.initialize_models!
|
176
|
+
end
|
177
|
+
|
178
|
+
def setup_application_owner
|
179
|
+
@orm_adapter.initialize_application_owner!
|
180
|
+
end
|
181
|
+
|
182
|
+
def authenticate(request, methods = Doorkeeper.config.access_token_methods)
|
183
|
+
OAuth::Token.authenticate(request, *methods)
|
184
|
+
end
|
185
|
+
|
186
|
+
def gem_version
|
187
|
+
::Gem::Version.new(::Doorkeeper::VERSION::STRING)
|
188
|
+
end
|
122
189
|
end
|
123
190
|
end
|
@@ -24,9 +24,9 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
24
24
|
t.string :token, null: false
|
25
25
|
t.integer :expires_in, null: false
|
26
26
|
t.text :redirect_uri, null: false
|
27
|
+
t.string :scopes, null: false, default: ''
|
27
28
|
t.datetime :created_at, null: false
|
28
29
|
t.datetime :revoked_at
|
29
|
-
t.string :scopes, null: false, default: ''
|
30
30
|
end
|
31
31
|
|
32
32
|
add_index :oauth_access_grants, :token, unique: true
|
@@ -53,9 +53,9 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
53
53
|
|
54
54
|
t.string :refresh_token
|
55
55
|
t.integer :expires_in
|
56
|
-
t.datetime :revoked_at
|
57
|
-
t.datetime :created_at, null: false
|
58
56
|
t.string :scopes
|
57
|
+
t.datetime :created_at, null: false
|
58
|
+
t.datetime :revoked_at
|
59
59
|
|
60
60
|
# The authorization server MAY issue a new refresh token, in which case
|
61
61
|
# *the client MUST discard the old refresh token* and replace it with the
|
@@ -74,7 +74,17 @@ class CreateDoorkeeperTables < ActiveRecord::Migration<%= migration_version %>
|
|
74
74
|
end
|
75
75
|
|
76
76
|
add_index :oauth_access_tokens, :token, unique: true
|
77
|
-
|
77
|
+
|
78
|
+
# See https://github.com/doorkeeper-gem/doorkeeper/issues/1592
|
79
|
+
if ActiveRecord::Base.connection.adapter_name == "SQLServer"
|
80
|
+
execute <<~SQL.squish
|
81
|
+
CREATE UNIQUE NONCLUSTERED INDEX index_oauth_access_tokens_on_refresh_token ON oauth_access_tokens(refresh_token)
|
82
|
+
WHERE refresh_token IS NOT NULL
|
83
|
+
SQL
|
84
|
+
else
|
85
|
+
add_index :oauth_access_tokens, :refresh_token, unique: true
|
86
|
+
end
|
87
|
+
|
78
88
|
add_foreign_key(
|
79
89
|
:oauth_access_tokens,
|
80
90
|
:oauth_applications,
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.6.
|
4
|
+
version: 5.6.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Felipe Elias Philipp
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2023-01-31 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: railties
|
@@ -69,20 +69,6 @@ dependencies:
|
|
69
69
|
- - ">="
|
70
70
|
- !ruby/object:Gem::Version
|
71
71
|
version: '0'
|
72
|
-
- !ruby/object:Gem::Dependency
|
73
|
-
name: danger
|
74
|
-
requirement: !ruby/object:Gem::Requirement
|
75
|
-
requirements:
|
76
|
-
- - "~>"
|
77
|
-
- !ruby/object:Gem::Version
|
78
|
-
version: '8.0'
|
79
|
-
type: :development
|
80
|
-
prerelease: false
|
81
|
-
version_requirements: !ruby/object:Gem::Requirement
|
82
|
-
requirements:
|
83
|
-
- - "~>"
|
84
|
-
- !ruby/object:Gem::Version
|
85
|
-
version: '8.0'
|
86
72
|
- !ruby/object:Gem::Dependency
|
87
73
|
name: database_cleaner
|
88
74
|
requirement: !ruby/object:Gem::Requirement
|
@@ -238,6 +224,7 @@ files:
|
|
238
224
|
- lib/doorkeeper/models/concerns/expiration_time_sql_math.rb
|
239
225
|
- lib/doorkeeper/models/concerns/orderable.rb
|
240
226
|
- lib/doorkeeper/models/concerns/ownership.rb
|
227
|
+
- lib/doorkeeper/models/concerns/polymorphic_resource_owner.rb
|
241
228
|
- lib/doorkeeper/models/concerns/resource_ownerable.rb
|
242
229
|
- lib/doorkeeper/models/concerns/reusable.rb
|
243
230
|
- lib/doorkeeper/models/concerns/revocable.rb
|
@@ -352,14 +339,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
352
339
|
requirements:
|
353
340
|
- - ">="
|
354
341
|
- !ruby/object:Gem::Version
|
355
|
-
version: '2.
|
342
|
+
version: '2.7'
|
356
343
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
357
344
|
requirements:
|
358
345
|
- - ">="
|
359
346
|
- !ruby/object:Gem::Version
|
360
347
|
version: '0'
|
361
348
|
requirements: []
|
362
|
-
rubygems_version: 3.1.
|
349
|
+
rubygems_version: 3.1.6
|
363
350
|
signing_key:
|
364
351
|
specification_version: 4
|
365
352
|
summary: OAuth 2 provider for Rails and Grape
|