doorkeeper 5.6.5 → 5.6.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -5
- data/app/controllers/doorkeeper/authorizations_controller.rb +8 -5
- data/lib/doorkeeper/config/validations.rb +0 -15
- data/lib/doorkeeper/config.rb +4 -0
- data/lib/doorkeeper/errors.rb +1 -1
- data/lib/doorkeeper/models/access_token_mixin.rb +4 -0
- data/lib/doorkeeper/oauth/authorization_code_request.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -3
- data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -2
- data/lib/doorkeeper/oauth/error_response.rb +1 -2
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
- data/lib/doorkeeper/oauth/invalid_request_response.rb +4 -0
- data/lib/doorkeeper/oauth/refresh_token_request.rb +9 -1
- data/lib/doorkeeper/oauth/token_response.rb +1 -2
- data/lib/doorkeeper/orm/active_record/mixins/application.rb +1 -1
- data/lib/doorkeeper/version.rb +1 -1
- data/lib/generators/doorkeeper/templates/initializer.rb +7 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fe1238848f221c9cccf2a7d110e8d05dde7ebc0aab59f702fe258b4d2e415aa0
|
4
|
+
data.tar.gz: 46709212a318983949375e9e0c22a63e8a24256f50d47c660693a1bbbe40566c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 286b26e562e901d950a52618f6e7699cc29f3e4af5df202d20b466c782fcb9a7d844c00f59b04a0ace41f177cd45f788d934c0c812ebae818066d74d2ce89f1a
|
7
|
+
data.tar.gz: 23f2d816febe32008283607b1979b48c236ce66dc9086b9fd700c3ebe124557a548dbf9166175706e2cd4f5415b26d32210cd7e290a85c013becc8cb5185a417
|
data/CHANGELOG.md
CHANGED
@@ -9,6 +9,22 @@ User-visible changes worth mentioning.
|
|
9
9
|
|
10
10
|
- [#ID] Add your PR description here.
|
11
11
|
|
12
|
+
## 5.6.7
|
13
|
+
|
14
|
+
- [#1662] Specify uri_redirect validation class explicitly.
|
15
|
+
- [#1652] Add custom attributes support to token generator.
|
16
|
+
- [#1667] Pass `client` instead of `grant.application` to `find_or_create_access_token`.
|
17
|
+
- [#1673] Honor `custom_access_token_attributes` in client credentials grant flow.
|
18
|
+
- [#1676] Improve AuthorizationsController error response handling
|
19
|
+
- [#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.
|
20
|
+
|
21
|
+
## 5.6.6
|
22
|
+
|
23
|
+
- [#1644] Update HTTP headers.
|
24
|
+
- [#1646] Block public clients automatic authorization skip.
|
25
|
+
- [#1648] Add custom token attributes to Refresh Token Request.
|
26
|
+
- [#1649] Fixed custom_access_token_attributes related errors.
|
27
|
+
|
12
28
|
# 5.6.5
|
13
29
|
|
14
30
|
- [#1602] Allow custom data to be stored inside access grants/tokens.
|
@@ -45,7 +61,7 @@ User-visible changes worth mentioning.
|
|
45
61
|
|
46
62
|
## 5.6.0.rc2
|
47
63
|
|
48
|
-
- [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
|
64
|
+
- [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
|
49
65
|
application scopes when using client credentials.
|
50
66
|
- [#1567] Only filter `code` parameter if authorization_code grant flow is enabled.
|
51
67
|
|
@@ -80,7 +96,7 @@ User-visible changes worth mentioning.
|
|
80
96
|
## 5.5.1
|
81
97
|
|
82
98
|
- [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
|
83
|
-
- [#1495] Fix `respond_to` undefined in API-only mode
|
99
|
+
- [#1495] Fix `respond_to` undefined in API-only mode
|
84
100
|
- [#1488] Verify client authentication for Resource Owner Password Grant when
|
85
101
|
`config.skip_client_authentication_for_password_grant` is set and the client credentials
|
86
102
|
are sent in a HTTP Basic auth header.
|
@@ -94,10 +110,10 @@ User-visible changes worth mentioning.
|
|
94
110
|
## 5.5.0.rc2
|
95
111
|
|
96
112
|
- [#1473] Enable `Applications` and `AuthorizedApplications` controllers in API mode.
|
97
|
-
|
98
|
-
**[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
|
113
|
+
|
114
|
+
**[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
|
99
115
|
`use_doorkeeper` inside `routes.rb`. Please do it in case you don't need them.
|
100
|
-
|
116
|
+
|
101
117
|
- [#1472] Fix `establish_connection` configuration for custom defined models.
|
102
118
|
- [#1471] Add support for Ruby 3.0.
|
103
119
|
- [#1469] Check if `redirect_uri` exists.
|
@@ -31,7 +31,7 @@ module Doorkeeper
|
|
31
31
|
private
|
32
32
|
|
33
33
|
def render_success
|
34
|
-
if skip_authorization? || matching_token?
|
34
|
+
if skip_authorization? || (matching_token? && pre_auth.client.application.confidential?)
|
35
35
|
redirect_or_render(authorize_response)
|
36
36
|
elsif Doorkeeper.configuration.api_only
|
37
37
|
render json: pre_auth
|
@@ -41,11 +41,14 @@ module Doorkeeper
|
|
41
41
|
end
|
42
42
|
|
43
43
|
def render_error
|
44
|
-
if Doorkeeper.
|
45
|
-
|
46
|
-
|
44
|
+
pre_auth.error_response.raise_exception! if Doorkeeper.config.raise_on_errors?
|
45
|
+
|
46
|
+
if Doorkeeper.configuration.redirect_on_errors? && pre_auth.error_response.redirectable?
|
47
|
+
redirect_or_render(pre_auth.error_response)
|
48
|
+
elsif Doorkeeper.configuration.api_only
|
49
|
+
render json: pre_auth.error_response.body, status: pre_auth.error_response.status
|
47
50
|
else
|
48
|
-
render :error, locals: { error_response: pre_auth.error_response }
|
51
|
+
render :error, locals: { error_response: pre_auth.error_response }, status: pre_auth.error_response.status
|
49
52
|
end
|
50
53
|
end
|
51
54
|
|
@@ -11,7 +11,6 @@ module Doorkeeper
|
|
11
11
|
validate_reuse_access_token_value
|
12
12
|
validate_token_reuse_limit
|
13
13
|
validate_secret_strategies
|
14
|
-
validate_custom_access_token_attributes
|
15
14
|
end
|
16
15
|
|
17
16
|
private
|
@@ -49,20 +48,6 @@ module Doorkeeper
|
|
49
48
|
)
|
50
49
|
@token_reuse_limit = 100
|
51
50
|
end
|
52
|
-
|
53
|
-
# Validate that the access_token and access_grant models
|
54
|
-
# both respond to all of the custom attributes
|
55
|
-
def validate_custom_access_token_attributes
|
56
|
-
return if custom_access_token_attributes.blank?
|
57
|
-
|
58
|
-
custom_access_token_attributes.each do |attribute_name|
|
59
|
-
[access_token_model, access_grant_model].each do |model|
|
60
|
-
next if model.has_attribute?(attribute_name)
|
61
|
-
|
62
|
-
raise Doorkeeper::Errors::ConfigError, "#{model} does not recognize custom attribute: #{attribute_name}."
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
66
51
|
end
|
67
52
|
end
|
68
53
|
end
|
data/lib/doorkeeper/config.rb
CHANGED
data/lib/doorkeeper/errors.rb
CHANGED
@@ -44,8 +44,8 @@ module Doorkeeper
|
|
44
44
|
UnableToGenerateToken = Class.new(DoorkeeperError)
|
45
45
|
TokenGeneratorNotFound = Class.new(DoorkeeperError)
|
46
46
|
NoOrmCleaner = Class.new(DoorkeeperError)
|
47
|
-
ConfigError = Class.new(DoorkeeperError)
|
48
47
|
|
48
|
+
InvalidRequest = Class.new(BaseResponseError)
|
49
49
|
InvalidToken = Class.new(BaseResponseError)
|
50
50
|
TokenExpired = Class.new(InvalidToken)
|
51
51
|
TokenRevoked = Class.new(InvalidToken)
|
@@ -435,6 +435,10 @@ module Doorkeeper
|
|
435
435
|
if Doorkeeper.config.polymorphic_resource_owner?
|
436
436
|
attributes[:resource_owner] = resource_owner
|
437
437
|
end
|
438
|
+
|
439
|
+
Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
|
440
|
+
attributes[attribute_name] = public_send(attribute_name)
|
441
|
+
end
|
438
442
|
end
|
439
443
|
end
|
440
444
|
|
@@ -11,9 +11,9 @@ module Doorkeeper
|
|
11
11
|
@validator = validator
|
12
12
|
end
|
13
13
|
|
14
|
-
def create(client, scopes, creator = Creator.new)
|
14
|
+
def create(client, scopes, attributes = {}, creator = Creator.new)
|
15
15
|
if validator.valid?
|
16
|
-
@token = create_token(client, scopes, creator)
|
16
|
+
@token = create_token(client, scopes, attributes, creator)
|
17
17
|
@error = :server_error unless @token
|
18
18
|
else
|
19
19
|
@token = false
|
@@ -25,7 +25,7 @@ module Doorkeeper
|
|
25
25
|
|
26
26
|
private
|
27
27
|
|
28
|
-
def create_token(client, scopes, creator)
|
28
|
+
def create_token(client, scopes, attributes, creator)
|
29
29
|
context = Authorization::Token.build_context(
|
30
30
|
client,
|
31
31
|
Doorkeeper::OAuth::CLIENT_CREDENTIALS,
|
@@ -39,6 +39,7 @@ module Doorkeeper
|
|
39
39
|
scopes,
|
40
40
|
use_refresh_token: false,
|
41
41
|
expires_in: ttl,
|
42
|
+
**attributes
|
42
43
|
)
|
43
44
|
end
|
44
45
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
module Doorkeeper
|
4
4
|
module OAuth
|
5
5
|
class ClientCredentialsRequest < BaseRequest
|
6
|
-
attr_reader :client, :original_scopes, :response
|
6
|
+
attr_reader :client, :original_scopes, :parameters, :response
|
7
7
|
|
8
8
|
alias error_response response
|
9
9
|
|
@@ -14,6 +14,7 @@ module Doorkeeper
|
|
14
14
|
@server = server
|
15
15
|
@response = nil
|
16
16
|
@original_scopes = parameters[:scope]
|
17
|
+
@parameters = parameters.except(:scope)
|
17
18
|
end
|
18
19
|
|
19
20
|
def access_token
|
@@ -30,7 +31,14 @@ module Doorkeeper
|
|
30
31
|
private
|
31
32
|
|
32
33
|
def valid?
|
33
|
-
issuer.create(client, scopes)
|
34
|
+
issuer.create(client, scopes, custom_token_attributes_with_data)
|
35
|
+
end
|
36
|
+
|
37
|
+
def custom_token_attributes_with_data
|
38
|
+
parameters
|
39
|
+
.with_indifferent_access
|
40
|
+
.slice(*Doorkeeper.config.custom_access_token_attributes)
|
41
|
+
.symbolize_keys
|
34
42
|
end
|
35
43
|
end
|
36
44
|
end
|
@@ -49,7 +49,7 @@ module Doorkeeper
|
|
49
49
|
end
|
50
50
|
|
51
51
|
def create_access_token
|
52
|
-
attributes = {}
|
52
|
+
attributes = {}.merge(custom_token_attributes_with_data)
|
53
53
|
|
54
54
|
resource_owner =
|
55
55
|
if Doorkeeper.config.polymorphic_resource_owner?
|
@@ -119,6 +119,14 @@ module Doorkeeper
|
|
119
119
|
true
|
120
120
|
end
|
121
121
|
end
|
122
|
+
|
123
|
+
def custom_token_attributes_with_data
|
124
|
+
refresh_token
|
125
|
+
.attributes
|
126
|
+
.with_indifferent_access
|
127
|
+
.slice(*Doorkeeper.config.custom_access_token_attributes)
|
128
|
+
.symbolize_keys
|
129
|
+
end
|
122
130
|
end
|
123
131
|
end
|
124
132
|
end
|
@@ -22,7 +22,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
|
|
22
22
|
|
23
23
|
validates :name, :secret, :uid, presence: true
|
24
24
|
validates :uid, uniqueness: { case_sensitive: true }
|
25
|
-
|
25
|
+
validates_with Doorkeeper::RedirectUriValidator, attributes: [:redirect_uri]
|
26
26
|
validates :confidential, inclusion: { in: [true, false] }
|
27
27
|
|
28
28
|
validate :scopes_match_configured, if: :enforce_scopes?
|
data/lib/doorkeeper/version.rb
CHANGED
@@ -312,6 +312,12 @@ Doorkeeper.configure do
|
|
312
312
|
# Doorkeeper::Errors::TokenRevoked, Doorkeeper::Errors::TokenUnknown
|
313
313
|
#
|
314
314
|
# handle_auth_errors :raise
|
315
|
+
#
|
316
|
+
# If you want to redirect back to the client application in accordance with
|
317
|
+
# https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1, you can set
|
318
|
+
# +handle_auth_errors+ to :redirect
|
319
|
+
#
|
320
|
+
# handle_auth_errors :redirect
|
315
321
|
|
316
322
|
# Customize token introspection response.
|
317
323
|
# Allows to add your own fields to default one that are required by the OAuth spec
|
@@ -385,7 +391,7 @@ Doorkeeper.configure do
|
|
385
391
|
# true in case resource owner authorized for the specific application or false in other
|
386
392
|
# cases.
|
387
393
|
#
|
388
|
-
#
|
394
|
+
# By default all Resource Owners are authorized to any Client (application).
|
389
395
|
#
|
390
396
|
# authorize_resource_owner_for_client do |client, resource_owner|
|
391
397
|
# resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.6.
|
4
|
+
version: 5.6.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Felipe Elias Philipp
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2023-
|
14
|
+
date: 2023-11-23 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: railties
|