doorkeeper 5.6.7 → 5.6.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/README.md +1 -6
- data/lib/doorkeeper/errors.rb +17 -0
- data/lib/doorkeeper/oauth/authorization_code_request.rb +5 -5
- data/lib/doorkeeper/oauth/base_request.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +1 -1
- data/lib/doorkeeper/oauth/client_credentials/validator.rb +3 -3
- data/lib/doorkeeper/oauth/code_request.rb +1 -1
- data/lib/doorkeeper/oauth/error_response.rb +16 -1
- data/lib/doorkeeper/oauth/password_access_token_request.rb +4 -4
- data/lib/doorkeeper/oauth/pre_authorization.rb +11 -11
- data/lib/doorkeeper/oauth/refresh_token_request.rb +5 -5
- data/lib/doorkeeper/oauth/token_introspection.rb +9 -7
- data/lib/doorkeeper/oauth/token_request.rb +1 -1
- data/lib/doorkeeper/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6bf87231b7fa13bb47db61868954af3c01b07b0909ac95abb2de15d1064dd423
|
4
|
+
data.tar.gz: f6dda19eae61f69331fc338fbb1803a7a94c563b4dc46ea694bee37c430db1b7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f0d54d75716f74f23f35ab9400683a805e3a4c7483c11ea5be10669abe38385c7625f9304379712f661bea026d49cb5fe8ddc1b6653cf66115279edc1f785096
|
7
|
+
data.tar.gz: 68c841037b9544b1bdfdc36405169ad8cf942b6c32b6d1023261bb7c37116bab602a8c12b209d3b006219eaf0701d7a705ac6cdec49004c19ae918d044377d53
|
data/CHANGELOG.md
CHANGED
@@ -7,7 +7,15 @@ User-visible changes worth mentioning.
|
|
7
7
|
|
8
8
|
## main
|
9
9
|
|
10
|
-
- [#ID] Add your
|
10
|
+
- [#PR ID] Add your changelog here.
|
11
|
+
|
12
|
+
## 5.6.9
|
13
|
+
|
14
|
+
- [#1691] Make new Doorkeeper errors backward compatible with older extensions.
|
15
|
+
|
16
|
+
## 5.6.8
|
17
|
+
|
18
|
+
- [#1680] Fix handle_auth_errors :raise NotImplementedError
|
11
19
|
|
12
20
|
## 5.6.7
|
13
21
|
|
data/README.md
CHANGED
@@ -39,7 +39,6 @@ Supported features:
|
|
39
39
|
- [ORMs](#orms)
|
40
40
|
- [Extensions](#extensions)
|
41
41
|
- [Example Applications](#example-applications)
|
42
|
-
- [Tutorials](#tutorials)
|
43
42
|
- [Sponsors](#sponsors)
|
44
43
|
- [Development](#development)
|
45
44
|
- [Contributing](#contributing)
|
@@ -56,7 +55,7 @@ https://github.com/doorkeeper-gem/doorkeeper/releases.
|
|
56
55
|
Additionally, other resources can be found on:
|
57
56
|
|
58
57
|
- [Guides](https://doorkeeper.gitbook.io/guides/) with how-to get started and configuration documentation
|
59
|
-
- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki)
|
58
|
+
- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki) for articles on how to integrate with other solutions
|
60
59
|
- Screencast from [railscasts.com](http://railscasts.com/): [#353
|
61
60
|
OAuth with
|
62
61
|
Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
|
@@ -124,10 +123,6 @@ examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications
|
|
124
123
|
in our wiki or follow this [tutorial
|
125
124
|
here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
|
126
125
|
|
127
|
-
## Tutorials
|
128
|
-
|
129
|
-
See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-tos--tutorials) in order to learn how to use the gem or integrate it with other solutions / gems.
|
130
|
-
|
131
126
|
## Sponsors
|
132
127
|
|
133
128
|
[![OpenCollective](https://opencollective.com/doorkeeper-gem/backers/badge.svg)](#backers)
|
data/lib/doorkeeper/errors.rb
CHANGED
@@ -39,6 +39,10 @@ module Doorkeeper
|
|
39
39
|
def initialize(response)
|
40
40
|
@response = response
|
41
41
|
end
|
42
|
+
|
43
|
+
def self.name_for_response
|
44
|
+
self.name.demodulize.underscore.to_sym
|
45
|
+
end
|
42
46
|
end
|
43
47
|
|
44
48
|
UnableToGenerateToken = Class.new(DoorkeeperError)
|
@@ -47,6 +51,19 @@ module Doorkeeper
|
|
47
51
|
|
48
52
|
InvalidRequest = Class.new(BaseResponseError)
|
49
53
|
InvalidToken = Class.new(BaseResponseError)
|
54
|
+
InvalidClient = Class.new(BaseResponseError)
|
55
|
+
InvalidScope = Class.new(BaseResponseError)
|
56
|
+
InvalidRedirectUri = Class.new(BaseResponseError)
|
57
|
+
InvalidCodeChallengeMethod = Class.new(BaseResponseError)
|
58
|
+
InvalidGrant = Class.new(BaseResponseError)
|
59
|
+
|
60
|
+
UnauthorizedClient = Class.new(BaseResponseError)
|
61
|
+
UnsupportedResponseType = Class.new(BaseResponseError)
|
62
|
+
UnsupportedResponseMode = Class.new(BaseResponseError)
|
63
|
+
|
64
|
+
AccessDenied = Class.new(BaseResponseError)
|
65
|
+
ServerError = Class.new(BaseResponseError)
|
66
|
+
|
50
67
|
TokenExpired = Class.new(InvalidToken)
|
51
68
|
TokenRevoked = Class.new(InvalidToken)
|
52
69
|
TokenUnknown = Class.new(InvalidToken)
|
@@ -3,12 +3,12 @@
|
|
3
3
|
module Doorkeeper
|
4
4
|
module OAuth
|
5
5
|
class AuthorizationCodeRequest < BaseRequest
|
6
|
-
validate :params, error:
|
7
|
-
validate :client, error:
|
8
|
-
validate :grant, error:
|
6
|
+
validate :params, error: Errors::InvalidRequest
|
7
|
+
validate :client, error: Errors::InvalidClient
|
8
|
+
validate :grant, error: Errors::InvalidGrant
|
9
9
|
# @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
|
10
|
-
validate :redirect_uri, error:
|
11
|
-
validate :code_verifier, error:
|
10
|
+
validate :redirect_uri, error: Errors::InvalidGrant
|
11
|
+
validate :code_verifier, error: Errors::InvalidGrant
|
12
12
|
|
13
13
|
attr_reader :grant, :client, :redirect_uri, :access_token, :code_verifier,
|
14
14
|
:invalid_request_reason, :missing_param
|
@@ -15,7 +15,7 @@ module Doorkeeper
|
|
15
15
|
@response = TokenResponse.new(access_token)
|
16
16
|
after_successful_response
|
17
17
|
@response
|
18
|
-
elsif error ==
|
18
|
+
elsif error == Errors::InvalidRequest
|
19
19
|
@response = InvalidRequestResponse.from_request(self)
|
20
20
|
else
|
21
21
|
@response = ErrorResponse.from_request(self)
|
@@ -14,7 +14,7 @@ module Doorkeeper
|
|
14
14
|
def create(client, scopes, attributes = {}, creator = Creator.new)
|
15
15
|
if validator.valid?
|
16
16
|
@token = create_token(client, scopes, attributes, creator)
|
17
|
-
@error =
|
17
|
+
@error = Errors::ServerError unless @token
|
18
18
|
else
|
19
19
|
@token = false
|
20
20
|
@error = validator.error
|
@@ -7,9 +7,9 @@ module Doorkeeper
|
|
7
7
|
include Validations
|
8
8
|
include OAuth::Helpers
|
9
9
|
|
10
|
-
validate :client, error:
|
11
|
-
validate :client_supports_grant_flow, error:
|
12
|
-
validate :scopes, error:
|
10
|
+
validate :client, error: Errors::InvalidClient
|
11
|
+
validate :client_supports_grant_flow, error: Errors::UnauthorizedClient
|
12
|
+
validate :scopes, error: Errors::InvalidScope
|
13
13
|
|
14
14
|
def initialize(server, request)
|
15
15
|
@server = server
|
@@ -10,17 +10,31 @@ module Doorkeeper
|
|
10
10
|
def self.from_request(request, attributes = {})
|
11
11
|
new(
|
12
12
|
attributes.merge(
|
13
|
-
name: request.error,
|
13
|
+
name: error_name_for(request.error),
|
14
|
+
exception_class: exception_class_for(request.error),
|
14
15
|
state: request.try(:state),
|
15
16
|
redirect_uri: request.try(:redirect_uri),
|
16
17
|
),
|
17
18
|
)
|
18
19
|
end
|
19
20
|
|
21
|
+
def self.error_name_for(error)
|
22
|
+
error.respond_to?(:name_for_response) ? error.name_for_response : error
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.exception_class_for(error)
|
26
|
+
return error if error.respond_to?(:name_for_response)
|
27
|
+
|
28
|
+
"Doorkeeper::Errors::#{error.to_s.classify}".safe_constantize
|
29
|
+
end
|
30
|
+
|
31
|
+
private_class_method :error_name_for, :exception_class_for
|
32
|
+
|
20
33
|
delegate :name, :description, :state, to: :@error
|
21
34
|
|
22
35
|
def initialize(attributes = {})
|
23
36
|
@error = OAuth::Error.new(*attributes.values_at(:name, :state))
|
37
|
+
@exception_class = attributes[:exception_class]
|
24
38
|
@redirect_uri = attributes[:redirect_uri]
|
25
39
|
@response_on_fragment = attributes[:response_on_fragment]
|
26
40
|
end
|
@@ -72,6 +86,7 @@ module Doorkeeper
|
|
72
86
|
end
|
73
87
|
|
74
88
|
def exception_class
|
89
|
+
return @exception_class if @exception_class
|
75
90
|
raise NotImplementedError, "error response must define #exception_class"
|
76
91
|
end
|
77
92
|
|
@@ -5,10 +5,10 @@ module Doorkeeper
|
|
5
5
|
class PasswordAccessTokenRequest < BaseRequest
|
6
6
|
include OAuth::Helpers
|
7
7
|
|
8
|
-
validate :client, error:
|
9
|
-
validate :client_supports_grant_flow, error:
|
10
|
-
validate :resource_owner, error:
|
11
|
-
validate :scopes, error:
|
8
|
+
validate :client, error: Errors::InvalidClient
|
9
|
+
validate :client_supports_grant_flow, error: Errors::UnauthorizedClient
|
10
|
+
validate :resource_owner, error: Errors::InvalidGrant
|
11
|
+
validate :scopes, error: Errors::InvalidScope
|
12
12
|
|
13
13
|
attr_reader :client, :credentials, :resource_owner, :parameters, :access_token
|
14
14
|
|
@@ -5,16 +5,16 @@ module Doorkeeper
|
|
5
5
|
class PreAuthorization
|
6
6
|
include Validations
|
7
7
|
|
8
|
-
validate :client_id, error:
|
9
|
-
validate :client, error:
|
10
|
-
validate :client_supports_grant_flow, error:
|
11
|
-
validate :resource_owner_authorize_for_client, error:
|
12
|
-
validate :redirect_uri, error:
|
13
|
-
validate :params, error:
|
14
|
-
validate :response_type, error:
|
15
|
-
validate :response_mode, error:
|
16
|
-
validate :scopes, error:
|
17
|
-
validate :code_challenge_method, error:
|
8
|
+
validate :client_id, error: Errors::InvalidRequest
|
9
|
+
validate :client, error: Errors::InvalidClient
|
10
|
+
validate :client_supports_grant_flow, error: Errors::UnauthorizedClient
|
11
|
+
validate :resource_owner_authorize_for_client, error: Errors::InvalidClient
|
12
|
+
validate :redirect_uri, error: Errors::InvalidRedirectUri
|
13
|
+
validate :params, error: Errors::InvalidRequest
|
14
|
+
validate :response_type, error: Errors::UnsupportedResponseType
|
15
|
+
validate :response_mode, error: Errors::UnsupportedResponseMode
|
16
|
+
validate :scopes, error: Errors::InvalidScope
|
17
|
+
validate :code_challenge_method, error: Errors::InvalidCodeChallengeMethod
|
18
18
|
|
19
19
|
attr_reader :client, :code_challenge, :code_challenge_method, :missing_param,
|
20
20
|
:redirect_uri, :resource_owner, :response_type, :state,
|
@@ -47,7 +47,7 @@ module Doorkeeper
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def error_response
|
50
|
-
if error ==
|
50
|
+
if error == Errors::InvalidRequest
|
51
51
|
OAuth::InvalidRequestResponse.from_request(
|
52
52
|
self,
|
53
53
|
response_on_fragment: response_on_fragment?,
|
@@ -5,11 +5,11 @@ module Doorkeeper
|
|
5
5
|
class RefreshTokenRequest < BaseRequest
|
6
6
|
include OAuth::Helpers
|
7
7
|
|
8
|
-
validate :token_presence, error:
|
9
|
-
validate :token, error:
|
10
|
-
validate :client, error:
|
11
|
-
validate :client_match, error:
|
12
|
-
validate :scope, error:
|
8
|
+
validate :token_presence, error: Errors::InvalidRequest
|
9
|
+
validate :token, error: Errors::InvalidGrant
|
10
|
+
validate :client, error: Errors::InvalidClient
|
11
|
+
validate :client_match, error: Errors::InvalidGrant
|
12
|
+
validate :scope, error: Errors::InvalidScope
|
13
13
|
|
14
14
|
attr_reader :access_token, :client, :credentials, :refresh_token
|
15
15
|
attr_reader :missing_param
|
@@ -6,6 +6,8 @@ module Doorkeeper
|
|
6
6
|
#
|
7
7
|
# @see https://datatracker.ietf.org/doc/html/rfc7662
|
8
8
|
class TokenIntrospection
|
9
|
+
attr_reader :error
|
10
|
+
|
9
11
|
def initialize(server, token)
|
10
12
|
@server = server
|
11
13
|
@token = token
|
@@ -20,12 +22,12 @@ module Doorkeeper
|
|
20
22
|
def error_response
|
21
23
|
return if @error.blank?
|
22
24
|
|
23
|
-
if @error ==
|
25
|
+
if @error == Errors::InvalidToken
|
24
26
|
OAuth::InvalidTokenResponse.from_access_token(authorized_token)
|
25
|
-
elsif @error ==
|
27
|
+
elsif @error == Errors::InvalidRequest
|
26
28
|
OAuth::InvalidRequestResponse.from_request(self)
|
27
29
|
else
|
28
|
-
OAuth::ErrorResponse.
|
30
|
+
OAuth::ErrorResponse.from_request(self)
|
29
31
|
end
|
30
32
|
end
|
31
33
|
|
@@ -36,7 +38,7 @@ module Doorkeeper
|
|
36
38
|
private
|
37
39
|
|
38
40
|
attr_reader :server, :token
|
39
|
-
attr_reader :
|
41
|
+
attr_reader :invalid_request_reason
|
40
42
|
|
41
43
|
# If the protected resource uses OAuth 2.0 client credentials to
|
42
44
|
# authenticate to the introspection endpoint and its credentials are
|
@@ -58,7 +60,7 @@ module Doorkeeper
|
|
58
60
|
def authorize!
|
59
61
|
# Requested client authorization
|
60
62
|
if server.credentials
|
61
|
-
@error =
|
63
|
+
@error = Errors::InvalidClient unless authorized_client
|
62
64
|
elsif authorized_token
|
63
65
|
# Requested bearer token authorization
|
64
66
|
#
|
@@ -69,9 +71,9 @@ module Doorkeeper
|
|
69
71
|
# HTTP 401 code as described in Section 3 of OAuth 2.0 Bearer Token
|
70
72
|
# Usage [RFC6750].
|
71
73
|
#
|
72
|
-
@error =
|
74
|
+
@error = Errors::InvalidToken unless valid_authorized_token?
|
73
75
|
else
|
74
|
-
@error =
|
76
|
+
@error = Errors::InvalidRequest
|
75
77
|
@invalid_request_reason = :request_not_authorized
|
76
78
|
end
|
77
79
|
end
|
data/lib/doorkeeper/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: doorkeeper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.6.
|
4
|
+
version: 5.6.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Felipe Elias Philipp
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2024-02-14 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: railties
|
@@ -103,14 +103,14 @@ dependencies:
|
|
103
103
|
requirements:
|
104
104
|
- - "~>"
|
105
105
|
- !ruby/object:Gem::Version
|
106
|
-
version: 0.
|
106
|
+
version: 0.10.0
|
107
107
|
type: :development
|
108
108
|
prerelease: false
|
109
109
|
version_requirements: !ruby/object:Gem::Requirement
|
110
110
|
requirements:
|
111
111
|
- - "~>"
|
112
112
|
- !ruby/object:Gem::Version
|
113
|
-
version: 0.
|
113
|
+
version: 0.10.0
|
114
114
|
- !ruby/object:Gem::Dependency
|
115
115
|
name: grape
|
116
116
|
requirement: !ruby/object:Gem::Requirement
|