doorkeeper 5.6.7 → 5.6.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/README.md +1 -6
- data/lib/doorkeeper/errors.rb +17 -0
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -5
- data/lib/doorkeeper/oauth/base_request.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -3
- data/lib/doorkeeper/oauth/code_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +16 -1
- data/lib/doorkeeper/oauth/password_access_token_request.rb +4 -4
- data/lib/doorkeeper/oauth/pre_authorization.rb +11 -11
- data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
- data/lib/doorkeeper/oauth/token_introspection.rb +9 -7
- data/lib/doorkeeper/oauth/token_request.rb +1 -1
- data/lib/doorkeeper/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6bf87231b7fa13bb47db61868954af3c01b07b0909ac95abb2de15d1064dd423
|
4
|
+
data.tar.gz: f6dda19eae61f69331fc338fbb1803a7a94c563b4dc46ea694bee37c430db1b7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f0d54d75716f74f23f35ab9400683a805e3a4c7483c11ea5be10669abe38385c7625f9304379712f661bea026d49cb5fe8ddc1b6653cf66115279edc1f785096
|
7
|
+
data.tar.gz: 68c841037b9544b1bdfdc36405169ad8cf942b6c32b6d1023261bb7c37116bab602a8c12b209d3b006219eaf0701d7a705ac6cdec49004c19ae918d044377d53
|
data/CHANGELOG.md
CHANGED
@@ -7,7 +7,15 @@ User-visible changes worth mentioning.
|
|
7
7
|
|
8
8
|
## main
|
9
9
|
|
10
|
-
- [#ID] Add your
|
10
|
+
- [#PR ID] Add your changelog here.
|
11
|
+
|
12
|
+
## 5.6.9
|
13
|
+
|
14
|
+
- [#1691] Make new Doorkeeper errors backward compatible with older extensions.
|
15
|
+
|
16
|
+
## 5.6.8
|
17
|
+
|
18
|
+
- [#1680] Fix handle_auth_errors :raise NotImplementedError
|
11
19
|
|
12
20
|
## 5.6.7
|
13
21
|
|
data/README.md
CHANGED
@@ -39,7 +39,6 @@ Supported features:
|
|
39
39
|
- [ORMs](#orms)
|
40
40
|
- [Extensions](#extensions)
|
41
41
|
- [Example Applications](#example-applications)
|
42
|
-
- [Tutorials](#tutorials)
|
43
42
|
- [Sponsors](#sponsors)
|
44
43
|
- [Development](#development)
|
45
44
|
- [Contributing](#contributing)
|
@@ -56,7 +55,7 @@ https://github.com/doorkeeper-gem/doorkeeper/releases.
|
|
56
55
|
Additionally, other resources can be found on:
|
57
56
|
|
58
57
|
- [Guides](https://doorkeeper.gitbook.io/guides/) with how-to get started and configuration documentation
|
59
|
-
- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
|
58
|
+
- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki) for articles on how to integrate with other solutions
|
60
59
|
- Screencast from [railscasts.com](http://railscasts.com/): [#353
|
61
60
|
OAuth with
|
62
61
|
Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
|
@@ -124,10 +123,6 @@ examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications
|
|
124
123
|
in our wiki or follow this [tutorial
|
125
124
|
here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
|
126
125
|
|
127
|
-
## Tutorials
|
128
|
-
|
129
|
-
See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-tos--tutorials) in order to learn how to use the gem or integrate it with other solutions / gems.
|
130
|
-
|
131
126
|
## Sponsors
|
132
127
|
|
133
128
|
[](#backers)
|
data/lib/doorkeeper/errors.rb
CHANGED
@@ -39,6 +39,10 @@ module Doorkeeper
|
|
39
39
|
def initialize(response)
|
40
40
|
@response = response
|
41
41
|
end
|
42
|
+
|
43
|
+
def self.name_for_response
|
44
|
+
self.name.demodulize.underscore.to_sym
|
45
|
+
end
|
42
46
|
end
|
43
47
|
|
44
48
|
UnableToGenerateToken = Class.new(DoorkeeperError)
|
@@ -47,6 +51,19 @@ module Doorkeeper
|
|
47
51
|
|
48
52
|
InvalidRequest = Class.new(BaseResponseError)
|
49
53
|
InvalidToken = Class.new(BaseResponseError)
|
54
|
+
InvalidClient = Class.new(BaseResponseError)
|
55
|
+
InvalidScope = Class.new(BaseResponseError)
|
56
|
+
InvalidRedirectUri = Class.new(BaseResponseError)
|
57
|
+
InvalidCodeChallengeMethod = Class.new(BaseResponseError)
|
58
|
+
InvalidGrant = Class.new(BaseResponseError)
|
59
|
+
|
60
|
+
UnauthorizedClient = Class.new(BaseResponseError)
|
61
|
+
UnsupportedResponseType = Class.new(BaseResponseError)
|
62
|
+
UnsupportedResponseMode = Class.new(BaseResponseError)
|
63
|
+
|
64
|
+
AccessDenied = Class.new(BaseResponseError)
|
65
|
+
ServerError = Class.new(BaseResponseError)
|
66
|
+
|
50
67
|
TokenExpired = Class.new(InvalidToken)
|
51
68
|
TokenRevoked = Class.new(InvalidToken)
|
52
69
|
TokenUnknown = Class.new(InvalidToken)
|
@@ -3,12 +3,12 @@
|
|
3
3
|
module Doorkeeper
|
4
4
|
module OAuth
|
5
5
|
class AuthorizationCodeRequest < BaseRequest
|
6
|
-
validate :params, error:
|
7
|
-
validate :client, error:
|
8
|
-
validate :grant, error:
|
6
|
+
validate :params, error: Errors::InvalidRequest
|
7
|
+
validate :client, error: Errors::InvalidClient
|
8
|
+
validate :grant, error: Errors::InvalidGrant
|
9
9
|
# @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
|
10
|
-
validate :redirect_uri, error:
|
11
|
-
validate :code_verifier, error:
|
10
|
+
validate :redirect_uri, error: Errors::InvalidGrant
|
11
|
+
validate :code_verifier, error: Errors::InvalidGrant
|
12
12
|
|
13
13
|
attr_reader :grant, :client, :redirect_uri, :access_token, :code_verifier,
|
14
14
|
:invalid_request_reason, :missing_param
|
@@ -15,7 +15,7 @@ module Doorkeeper
|
|
15
15
|
@response = TokenResponse.new(access_token)
|
16
16
|
after_successful_response
|
17
17
|
@response
|
18
|
-
elsif error ==
|
18
|
+
elsif error == Errors::InvalidRequest
|
19
19
|
@response = InvalidRequestResponse.from_request(self)
|
20
20
|
else
|
21
21
|
@response = ErrorResponse.from_request(self)
|
@@ -14,7 +14,7 @@ module Doorkeeper
|
|
14
14
|
def create(client, scopes, attributes = {}, creator = Creator.new)
|
15
15
|
if validator.valid?
|
16
16
|
@token = create_token(client, scopes, attributes, creator)
|
17
|
-
@error =
|
17
|
+
@error = Errors::ServerError unless @token
|
18
18
|
else
|
19
19
|
@token = false
|
20
20
|
@error = validator.error
|
@@ -7,9 +7,9 @@ module Doorkeeper
|
|
7
7
|
include Validations
|
8
8
|
include OAuth::Helpers
|
9
9
|
|
10
|
-
validate :client, error:
|
11
|
-
validate :client_supports_grant_flow, error:
|
12
|
-
validate :scopes, error:
|
10
|
+
validate :client, error: Errors::InvalidClient
|
11
|
+
validate :client_supports_grant_flow, error: Errors::UnauthorizedClient
|
12
|
+
validate :scopes, error: Errors::InvalidScope
|
13
13
|
|
14
14
|
def initialize(server, request)
|
15
15
|
@server = server
|
@@ -10,17 +10,31 @@ module Doorkeeper
|
|
10
10
|
def self.from_request(request, attributes = {})
|
11
11
|
new(
|
12
12
|
attributes.merge(
|
13
|
-
name: request.error,
|
13
|
+
name: error_name_for(request.error),
|
14
|
+
exception_class: exception_class_for(request.error),
|
14
15
|
state: request.try(:state),
|
15
16
|
redirect_uri: request.try(:redirect_uri),
|
16
17
|
),
|
17
18
|
)
|
18
19
|
end
|
19
20
|
|
21
|
+
def self.error_name_for(error)
|
22
|
+
error.respond_to?(:name_for_response) ? error.name_for_response : error
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.exception_class_for(error)
|
26
|
+
return error if error.respond_to?(:name_for_response)
|
27
|
+
|
28
|
+
"Doorkeeper::Errors::#{error.to_s.classify}".safe_constantize
|
29
|
+
end
|
30
|
+
|
31
|
+
private_class_method :error_name_for, :exception_class_for
|
32
|
+
|
20
33
|
delegate :name, :description, :state, to: :@error
|
21
34
|
|
22
35
|
def initialize(attributes = {})
|
23
36
|
@error = OAuth::Error.new(*attributes.values_at(:name, :state))
|
37
|
+
@exception_class = attributes[:exception_class]
|
24
38
|
@redirect_uri = attributes[:redirect_uri]
|
25
39
|
@response_on_fragment = attributes[:response_on_fragment]
|
26
40
|
end
|
@@ -72,6 +86,7 @@ module Doorkeeper
|
|
72
86
|
end
|
73
87
|
|
74
88
|
def exception_class
|
89
|
+
return @exception_class if @exception_class
|
75
90
|
raise NotImplementedError, "error response must define #exception_class"
|
76
91
|
end
|
77
92
|
|
@@ -5,10 +5,10 @@ module Doorkeeper
|
|
5
5
|
class PasswordAccessTokenRequest < BaseRequest
|
6
6
|
include OAuth::Helpers
|
7
7
|
|
8
|
-
validate :client, error:
|
9
|
-
validate :client_supports_grant_flow, error:
|
10
|
-
validate :resource_owner, error:
|
11
|
-
validate :scopes, error:
|
8
|
+
validate :client, error: Errors::InvalidClient
|
9
|
+
validate :client_supports_grant_flow, error: Errors::UnauthorizedClient
|
10
|
+
validate :resource_owner, error: Errors::InvalidGrant
|
11
|
+
validate :scopes, error: Errors::InvalidScope
|
12
12
|
|
13
13
|
attr_reader :client, :credentials, :resource_owner, :parameters, :access_token
|
14
14
|
|
@@ -5,16 +5,16 @@ module Doorkeeper
|
|
5
5
|
class PreAuthorization
|
6
6
|
include Validations
|
7
7
|
|
8
|
-
validate :client_id, error:
|
9
|
-
validate :client, error:
|
10
|
-
validate :client_supports_grant_flow, error:
|
11
|
-
validate :resource_owner_authorize_for_client, error:
|
12
|
-
validate :redirect_uri, error:
|
13
|
-
validate :params, error:
|
14
|
-
validate :response_type, error:
|
15
|
-
validate :response_mode, error:
|
16
|
-
validate :scopes, error:
|
17
|
-
validate :code_challenge_method, error:
|
8
|
+
validate :client_id, error: Errors::InvalidRequest
|
9
|
+
validate :client, error: Errors::InvalidClient
|
10
|
+
validate :client_supports_grant_flow, error: Errors::UnauthorizedClient
|
11
|
+
validate :resource_owner_authorize_for_client, error: Errors::InvalidClient
|
12
|
+
validate :redirect_uri, error: Errors::InvalidRedirectUri
|
13
|
+
validate :params, error: Errors::InvalidRequest
|
14
|
+
validate :response_type, error: Errors::UnsupportedResponseType
|
15
|
+
validate :response_mode, error: Errors::UnsupportedResponseMode
|
16
|
+
validate :scopes, error: Errors::InvalidScope
|
17
|
+
validate :code_challenge_method, error: Errors::InvalidCodeChallengeMethod
|
18
18
|
|
19
19
|
attr_reader :client, :code_challenge, :code_challenge_method, :missing_param,
|
20
20
|
:redirect_uri, :resource_owner, :response_type, :state,
|
@@ -47,7 +47,7 @@ module Doorkeeper
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def error_response
|
50
|
-
if error ==
|
50
|
+
if error == Errors::InvalidRequest
|
51
51
|
OAuth::InvalidRequestResponse.from_request(
|
52
52
|
self,
|
53
53
|
response_on_fragment: response_on_fragment?,
|
@@ -5,11 +5,11 @@ module Doorkeeper
|
|
5
5
|
class RefreshTokenRequest < BaseRequest
|
6
6
|
include OAuth::Helpers
|
7
7
|
|
8
|
-
validate :token_presence, error:
|
9
|
-
validate :token, error:
|
10
|
-
validate :client, error:
|
11
|
-
validate :client_match, error:
|
12
|
-
validate :scope, error:
|
8
|
+
validate :token_presence, error: Errors::InvalidRequest
|
9
|
+
validate :token, error: Errors::InvalidGrant
|
10
|
+
validate :client, error: Errors::InvalidClient
|
11
|
+
validate :client_match, error: Errors::InvalidGrant
|
12
|
+
validate :scope, error: Errors::InvalidScope
|
13
13
|
|
14
14
|
attr_reader :access_token, :client, :credentials, :refresh_token
|
15
15
|
attr_reader :missing_param
|
@@ -6,6 +6,8 @@ module Doorkeeper
|
|
6
6
|
#
|
7
7
|
# @see https://datatracker.ietf.org/doc/html/rfc7662
|
8
8
|
class TokenIntrospection
|
9
|
+
attr_reader :error
|
10
|
+
|
9
11
|
def initialize(server, token)
|
10
12
|
@server = server
|
11
13
|
@token = token
|
@@ -20,12 +22,12 @@ module Doorkeeper
|
|
20
22
|
def error_response
|
21
23
|
return if @error.blank?
|
22
24
|
|
23
|
-
if @error ==
|
25
|
+
if @error == Errors::InvalidToken
|
24
26
|
OAuth::InvalidTokenResponse.from_access_token(authorized_token)
|
25
|
-
elsif @error ==
|
27
|
+
elsif @error == Errors::InvalidRequest
|
26
28
|
OAuth::InvalidRequestResponse.from_request(self)
|
27
29
|
else
|
28
|
-
OAuth::ErrorResponse.
|
30
|
+
OAuth::ErrorResponse.from_request(self)
|
29
31
|
end
|
30
32
|
end
|
31
33
|
|
@@ -36,7 +38,7 @@ module Doorkeeper
|
|
36
38
|
private
|
37
39
|
|
38
40
|
attr_reader :server, :token
|
39
|
-
attr_reader :
|
41
|
+
attr_reader :invalid_request_reason
|
40
42
|
|
41
43
|
# If the protected resource uses OAuth 2.0 client credentials to
|
42
44
|
# authenticate to the introspection endpoint and its credentials are
|
@@ -58,7 +60,7 @@ module Doorkeeper
|
|
58
60
|
def authorize!
|
59
61
|
# Requested client authorization
|
60
62
|
if server.credentials
|
61
|
-
@error =
|
63
|
+
@error = Errors::InvalidClient unless authorized_client
|
62
64
|
elsif authorized_token
|
63
65
|
# Requested bearer token authorization
|
64
66
|
#
|
@@ -69,9 +71,9 @@ module Doorkeeper
|
|
69
71
|
# HTTP 401 code as described in Section 3 of OAuth 2.0 Bearer Token
|
70
72
|
# Usage [RFC6750].
|
71
73
|
#
|
72
|
-
@error =
|
74
|
+
@error = Errors::InvalidToken unless valid_authorized_token?
|
73
75
|
else
|
74
|
-
@error =
|
76
|
+
@error = Errors::InvalidRequest
|
75
77
|
@invalid_request_reason = :request_not_authorized
|
76
78
|
end
|
77
79
|
end
|
data/lib/doorkeeper/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.6.
|
4
|
+
version: 5.6.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Felipe Elias Philipp
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2024-02-14 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: railties
|
@@ -103,14 +103,14 @@ dependencies:
|
|
103
103
|
requirements:
|
104
104
|
- - "~>"
|
105
105
|
- !ruby/object:Gem::Version
|
106
|
-
version: 0.
|
106
|
+
version: 0.10.0
|
107
107
|
type: :development
|
108
108
|
prerelease: false
|
109
109
|
version_requirements: !ruby/object:Gem::Requirement
|
110
110
|
requirements:
|
111
111
|
- - "~>"
|
112
112
|
- !ruby/object:Gem::Version
|
113
|
-
version: 0.
|
113
|
+
version: 0.10.0
|
114
114
|
- !ruby/object:Gem::Dependency
|
115
115
|
name: grape
|
116
116
|
requirement: !ruby/object:Gem::Requirement
|