doorkeeper 5.6.6 → 5.6.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +9 -0
  3. data/app/controllers/doorkeeper/authorizations_controller.rb +7 -4
  4. data/lib/doorkeeper/config.rb +4 -0
  5. data/lib/doorkeeper/errors.rb +1 -0
  6. data/lib/doorkeeper/models/access_token_mixin.rb +4 -0
  7. data/lib/doorkeeper/oauth/authorization_code_request.rb +1 -1
  8. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -3
  9. data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -2
  10. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
  11. data/lib/doorkeeper/oauth/invalid_request_response.rb +4 -0
  12. data/lib/doorkeeper/orm/active_record/mixins/application.rb +1 -1
  13. data/lib/doorkeeper/version.rb +1 -1
  14. data/lib/generators/doorkeeper/templates/initializer.rb +7 -1
  15. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b62a0472a97d06b40362817c9d5c0dd7dd6e0d0e600437a19f5cf2fd18c4be46
4
- data.tar.gz: 9850cef14c21a1f0df2fb451a485ab5b8066360a3008124f7aed287409364e36
3
+ metadata.gz: fe1238848f221c9cccf2a7d110e8d05dde7ebc0aab59f702fe258b4d2e415aa0
4
+ data.tar.gz: 46709212a318983949375e9e0c22a63e8a24256f50d47c660693a1bbbe40566c
5
5
  SHA512:
6
- metadata.gz: de0c7021c4735b26249e5b267db11ede06f55b23d8f9bd51641d1cf3eee3812e14a2deec986e8aa6ee81de98097083fdb634a441fd4928cb47286fa977ba5d96
7
- data.tar.gz: 3865639c837771ceeafceec8a110e506f88fef45c61f7274782c637e794f9185be18ee98270852bac6fecb0fc90e4893dfed08d715c761507e87396e5a559bc2
6
+ metadata.gz: 286b26e562e901d950a52618f6e7699cc29f3e4af5df202d20b466c782fcb9a7d844c00f59b04a0ace41f177cd45f788d934c0c812ebae818066d74d2ce89f1a
7
+ data.tar.gz: 23f2d816febe32008283607b1979b48c236ce66dc9086b9fd700c3ebe124557a548dbf9166175706e2cd4f5415b26d32210cd7e290a85c013becc8cb5185a417
data/CHANGELOG.md CHANGED
@@ -9,6 +9,15 @@ User-visible changes worth mentioning.
9
9
 
10
10
  - [#ID] Add your PR description here.
11
11
 
12
+ ## 5.6.7
13
+
14
+ - [#1662] Specify uri_redirect validation class explicitly.
15
+ - [#1652] Add custom attributes support to token generator.
16
+ - [#1667] Pass `client` instead of `grant.application` to `find_or_create_access_token`.
17
+ - [#1673] Honor `custom_access_token_attributes` in client credentials grant flow.
18
+ - [#1676] Improve AuthorizationsController error response handling
19
+ - [#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.
20
+
12
21
  ## 5.6.6
13
22
 
14
23
  - [#1644] Update HTTP headers.
data/app/controllers/doorkeeper/authorizations_controller.rb CHANGED
@@ -41,11 +41,14 @@ module Doorkeeper
41
41
  end
42
42
 
43
43
  def render_error
44
- if Doorkeeper.configuration.api_only
45
- render json: pre_auth.error_response.body,
46
- status: :bad_request
44
+ pre_auth.error_response.raise_exception! if Doorkeeper.config.raise_on_errors?
45
+
46
+ if Doorkeeper.configuration.redirect_on_errors? && pre_auth.error_response.redirectable?
47
+ redirect_or_render(pre_auth.error_response)
48
+ elsif Doorkeeper.configuration.api_only
49
+ render json: pre_auth.error_response.body, status: pre_auth.error_response.status
47
50
  else
48
- render :error, locals: { error_response: pre_auth.error_response }
51
+ render :error, locals: { error_response: pre_auth.error_response }, status: pre_auth.error_response.status
49
52
  end
50
53
  end
51
54
 
data/lib/doorkeeper/config.rb CHANGED
@@ -501,6 +501,10 @@ module Doorkeeper
501
501
  handle_auth_errors == :raise
502
502
  end
503
503
 
504
+ def redirect_on_errors?
505
+ handle_auth_errors == :redirect
506
+ end
507
+
504
508
  def application_secret_hashed?
505
509
  instance_variable_defined?(:"@application_secret_strategy")
506
510
  end
data/lib/doorkeeper/errors.rb CHANGED
@@ -45,6 +45,7 @@ module Doorkeeper
45
45
  TokenGeneratorNotFound = Class.new(DoorkeeperError)
46
46
  NoOrmCleaner = Class.new(DoorkeeperError)
47
47
 
48
+ InvalidRequest = Class.new(BaseResponseError)
48
49
  InvalidToken = Class.new(BaseResponseError)
49
50
  TokenExpired = Class.new(InvalidToken)
50
51
  TokenRevoked = Class.new(InvalidToken)
data/lib/doorkeeper/models/access_token_mixin.rb CHANGED
@@ -435,6 +435,10 @@ module Doorkeeper
435
435
  if Doorkeeper.config.polymorphic_resource_owner?
436
436
  attributes[:resource_owner] = resource_owner
437
437
  end
438
+
439
+ Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
440
+ attributes[attribute_name] = public_send(attribute_name)
441
+ end
438
442
  end
439
443
  end
440
444
 
data/lib/doorkeeper/oauth/authorization_code_request.rb CHANGED
@@ -32,7 +32,7 @@ module Doorkeeper
32
32
  grant.revoke
33
33
 
34
34
  find_or_create_access_token(
35
- grant.application,
35
+ client,
36
36
  resource_owner,
37
37
  grant.scopes,
38
38
  custom_token_attributes_with_data,
data/lib/doorkeeper/oauth/client_credentials/issuer.rb CHANGED
@@ -11,9 +11,9 @@ module Doorkeeper
11
11
  @validator = validator
12
12
  end
13
13
 
14
- def create(client, scopes, creator = Creator.new)
14
+ def create(client, scopes, attributes = {}, creator = Creator.new)
15
15
  if validator.valid?
16
- @token = create_token(client, scopes, creator)
16
+ @token = create_token(client, scopes, attributes, creator)
17
17
  @error = :server_error unless @token
18
18
  else
19
19
  @token = false
@@ -25,7 +25,7 @@ module Doorkeeper
25
25
 
26
26
  private
27
27
 
28
- def create_token(client, scopes, creator)
28
+ def create_token(client, scopes, attributes, creator)
29
29
  context = Authorization::Token.build_context(
30
30
  client,
31
31
  Doorkeeper::OAuth::CLIENT_CREDENTIALS,
@@ -39,6 +39,7 @@ module Doorkeeper
39
39
  scopes,
40
40
  use_refresh_token: false,
41
41
  expires_in: ttl,
42
+ **attributes
42
43
  )
43
44
  end
44
45
  end
data/lib/doorkeeper/oauth/client_credentials_request.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Doorkeeper
4
4
  module OAuth
5
5
  class ClientCredentialsRequest < BaseRequest
6
- attr_reader :client, :original_scopes, :response
6
+ attr_reader :client, :original_scopes, :parameters, :response
7
7
 
8
8
  alias error_response response
9
9
 
@@ -14,6 +14,7 @@ module Doorkeeper
14
14
  @server = server
15
15
  @response = nil
16
16
  @original_scopes = parameters[:scope]
17
+ @parameters = parameters.except(:scope)
17
18
  end
18
19
 
19
20
  def access_token
@@ -30,7 +31,14 @@ module Doorkeeper
30
31
  private
31
32
 
32
33
  def valid?
33
- issuer.create(client, scopes)
34
+ issuer.create(client, scopes, custom_token_attributes_with_data)
35
+ end
36
+
37
+ def custom_token_attributes_with_data
38
+ parameters
39
+ .with_indifferent_access
40
+ .slice(*Doorkeeper.config.custom_access_token_attributes)
41
+ .symbolize_keys
34
42
  end
35
43
  end
36
44
  end
data/lib/doorkeeper/oauth/helpers/uri_checker.rb CHANGED
@@ -40,7 +40,7 @@ module Doorkeeper
40
40
 
41
41
  def self.loopback_uri?(uri)
42
42
  IPAddr.new(uri.host).loopback?
43
- rescue IPAddr::Error
43
+ rescue IPAddr::Error, IPAddr::InvalidAddressError
44
44
  false
45
45
  end
46
46
 
data/lib/doorkeeper/oauth/invalid_request_response.rb CHANGED
@@ -35,6 +35,10 @@ module Doorkeeper
35
35
  )
36
36
  end
37
37
 
38
+ def exception_class
39
+ Doorkeeper::Errors::InvalidRequest
40
+ end
41
+
38
42
  def redirectable?
39
43
  super && @missing_param != :client_id
40
44
  end
data/lib/doorkeeper/orm/active_record/mixins/application.rb CHANGED
@@ -22,7 +22,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
22
22
 
23
23
  validates :name, :secret, :uid, presence: true
24
24
  validates :uid, uniqueness: { case_sensitive: true }
25
- validates :redirect_uri, "doorkeeper/redirect_uri": true
25
+ validates_with Doorkeeper::RedirectUriValidator, attributes: [:redirect_uri]
26
26
  validates :confidential, inclusion: { in: [true, false] }
27
27
 
28
28
  validate :scopes_match_configured, if: :enforce_scopes?
data/lib/doorkeeper/version.rb CHANGED
@@ -5,7 +5,7 @@ module Doorkeeper
5
5
  # Semantic versioning
6
6
  MAJOR = 5
7
7
  MINOR = 6
8
- TINY = 6
8
+ TINY = 7
9
9
  PRE = nil
10
10
 
11
11
  # Full version number
data/lib/generators/doorkeeper/templates/initializer.rb CHANGED
@@ -312,6 +312,12 @@ Doorkeeper.configure do
312
312
  # Doorkeeper::Errors::TokenRevoked, Doorkeeper::Errors::TokenUnknown
313
313
  #
314
314
  # handle_auth_errors :raise
315
+ #
316
+ # If you want to redirect back to the client application in accordance with
317
+ # https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1, you can set
318
+ # +handle_auth_errors+ to :redirect
319
+ #
320
+ # handle_auth_errors :redirect
315
321
 
316
322
  # Customize token introspection response.
317
323
  # Allows to add your own fields to default one that are required by the OAuth spec
@@ -385,7 +391,7 @@ Doorkeeper.configure do
385
391
  # true in case resource owner authorized for the specific application or false in other
386
392
  # cases.
387
393
  #
388
- # Be default all Resource Owners are authorized to any Client (application).
394
+ # By default all Resource Owners are authorized to any Client (application).
389
395
  #
390
396
  # authorize_resource_owner_for_client do |client, resource_owner|
391
397
  # resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.6.6
4
+ version: 5.6.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2023-03-29 00:00:00.000000000 Z
14
+ date: 2023-11-23 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties