doorkeeper 2.1.2 → 2.1.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/RELEASING.md +15 -0
- data/doorkeeper.gemspec +1 -1
- data/lib/doorkeeper/models/access_token_mixin.rb +1 -1
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +34 -8
- data/lib/doorkeeper/rails/helpers.rb +5 -5
- data/lib/doorkeeper/version.rb +1 -1
- data/spec/models/doorkeeper/access_token_spec.rb +13 -1
- data/spec/requests/flows/authorization_code_spec.rb +14 -0
- data/spec/requests/flows/skip_authorization_spec.rb +20 -1
- data/spec/support/helpers/model_helper.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1d2ce14647afc9a16514c9f3b340eb31b8b24f88
|
|
4
|
+
data.tar.gz: fa3a726152a14c5496abb9433a1ea92f0d588b9f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f9877675927e23991fd103d4e08480270e1dc5d365f3ba7fd4bf1fd1cce5a27c916a56572c0e5f9083c76be0850f128fa2baf5628679910e3f5efd68a46e4bcd
|
|
7
|
+
data.tar.gz: 684c840627ac5e3b7a6eeddac43c3ef758222f5b2296021c3686cbb51bdc50a701269cd80bec2164c24fd5be4bb668f5b3ed63ec9bb492fcab1e2406ff229424
|
data/CHANGELOG.md
CHANGED
data/RELEASING.md
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Releasing doorkeeper
|
|
2
|
+
|
|
3
|
+
1. Update `lib/doorkeeper/version.rb` file accordingly.
|
|
4
|
+
2. Update `CHANGELOG.md` to reflect the changes since last release.
|
|
5
|
+
3. Commit changes. There shouldn’t be code changes, and thus CI doesn’t need to
|
|
6
|
+
run, you can then add “[ci skip]” to the commit message.
|
|
7
|
+
4. Tag the release: `git tag vVERSION`
|
|
8
|
+
5. Push changes: `git push --tags`
|
|
9
|
+
6. Build and publish the gem:
|
|
10
|
+
```bash
|
|
11
|
+
gem build doorkeeper.gemspec
|
|
12
|
+
gem push doorkeeper-*.gem
|
|
13
|
+
```
|
|
14
|
+
7. Announce the new release, making sure to say “thank you” to the contributors
|
|
15
|
+
who helped shape this version!
|
data/doorkeeper.gemspec
CHANGED
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
|
|
|
16
16
|
s.test_files = `git ls-files -- test/*`.split("\n")
|
|
17
17
|
s.require_paths = ["lib"]
|
|
18
18
|
|
|
19
|
-
s.add_dependency "railties", ">= 3.
|
|
19
|
+
s.add_dependency "railties", ">= 3.2"
|
|
20
20
|
|
|
21
21
|
s.add_development_dependency "sqlite3", "~> 1.3.5"
|
|
22
22
|
s.add_development_dependency "rspec-rails", "~> 2.99.0"
|
|
@@ -59,7 +59,7 @@ module Doorkeeper
|
|
|
59
59
|
|
|
60
60
|
def scopes_match?(token_scopes, param_scopes, app_scopes)
|
|
61
61
|
(!token_scopes.present? && !param_scopes.present?) ||
|
|
62
|
-
Doorkeeper::OAuth::Helpers::ScopeChecker.
|
|
62
|
+
Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
|
|
63
63
|
token_scopes.to_s,
|
|
64
64
|
param_scopes,
|
|
65
65
|
app_scopes
|
|
@@ -2,16 +2,42 @@ module Doorkeeper
|
|
|
2
2
|
module OAuth
|
|
3
3
|
module Helpers
|
|
4
4
|
module ScopeChecker
|
|
5
|
+
class Validator
|
|
6
|
+
attr_reader :parsed_scopes, :scope_str
|
|
7
|
+
|
|
8
|
+
def initialize(scope_str, server_scopes, application_scopes)
|
|
9
|
+
@parsed_scopes = OAuth::Scopes.from_string(scope_str)
|
|
10
|
+
@scope_str = scope_str
|
|
11
|
+
@valid_scopes = valid_scopes(server_scopes, application_scopes)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def valid?
|
|
15
|
+
scope_str.present? &&
|
|
16
|
+
scope_str !~ /[\n|\r|\t]/ &&
|
|
17
|
+
@valid_scopes.has_scopes?(parsed_scopes)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def match?
|
|
21
|
+
valid? && parsed_scopes.has_scopes?(@valid_scopes)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
private
|
|
25
|
+
|
|
26
|
+
def valid_scopes(server_scopes, application_scopes)
|
|
27
|
+
if application_scopes.present?
|
|
28
|
+
server_scopes & application_scopes
|
|
29
|
+
else
|
|
30
|
+
server_scopes
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
5
35
|
def self.valid?(scope_str, server_scopes, application_scopes = nil)
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
else
|
|
9
|
-
server_scopes
|
|
10
|
-
end
|
|
36
|
+
Validator.new(scope_str, server_scopes, application_scopes).valid?
|
|
37
|
+
end
|
|
11
38
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
valid_scopes.has_scopes?(OAuth::Scopes.from_string(scope_str))
|
|
39
|
+
def self.match?(scope_str, server_scopes, application_scopes = nil)
|
|
40
|
+
Validator.new(scope_str, server_scopes, application_scopes).match?
|
|
15
41
|
end
|
|
16
42
|
end
|
|
17
43
|
end
|
|
@@ -6,7 +6,7 @@ module Doorkeeper
|
|
|
6
6
|
def doorkeeper_authorize!(*scopes)
|
|
7
7
|
@_doorkeeper_scopes = scopes || Doorkeeper.configuration.default_scopes
|
|
8
8
|
|
|
9
|
-
if
|
|
9
|
+
if !valid_doorkeeper_token?
|
|
10
10
|
doorkeeper_render_error
|
|
11
11
|
end
|
|
12
12
|
end
|
|
@@ -19,12 +19,12 @@ module Doorkeeper
|
|
|
19
19
|
nil
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
def doorkeeper_token_is_invalid?
|
|
25
|
-
!doorkeeper_token || !doorkeeper_token.acceptable?(@_doorkeeper_scopes)
|
|
22
|
+
def valid_doorkeeper_token?
|
|
23
|
+
doorkeeper_token && doorkeeper_token.acceptable?(@_doorkeeper_scopes)
|
|
26
24
|
end
|
|
27
25
|
|
|
26
|
+
private
|
|
27
|
+
|
|
28
28
|
def doorkeeper_render_error
|
|
29
29
|
error = doorkeeper_error
|
|
30
30
|
headers.merge! error.headers.reject { |k| "Content-Type" == k }
|
data/lib/doorkeeper/version.rb
CHANGED
|
@@ -202,12 +202,24 @@ module Doorkeeper
|
|
|
202
202
|
expect(last_token).to be_nil
|
|
203
203
|
end
|
|
204
204
|
|
|
205
|
-
it 'matches
|
|
205
|
+
it 'matches token with fewer scopes' do
|
|
206
|
+
FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public')
|
|
207
|
+
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
|
208
|
+
expect(last_token).to be_nil
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
it 'matches token with different scopes' do
|
|
206
212
|
FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public email')
|
|
207
213
|
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
|
208
214
|
expect(last_token).to be_nil
|
|
209
215
|
end
|
|
210
216
|
|
|
217
|
+
it 'matches token with more scopes' do
|
|
218
|
+
FactoryGirl.create :access_token, default_attributes.merge(scopes: 'public write email')
|
|
219
|
+
last_token = AccessToken.matching_token_for(application, resource_owner_id, scopes)
|
|
220
|
+
expect(last_token).to be_nil
|
|
221
|
+
end
|
|
222
|
+
|
|
211
223
|
it 'matches application scopes' do
|
|
212
224
|
application = FactoryGirl.create :application, scopes: "private read"
|
|
213
225
|
FactoryGirl.create :access_token, default_attributes.merge(
|
|
@@ -104,5 +104,19 @@ feature 'Authorization Code Flow' do
|
|
|
104
104
|
|
|
105
105
|
should_have_json 'access_token', Doorkeeper::AccessToken.last.token
|
|
106
106
|
end
|
|
107
|
+
|
|
108
|
+
scenario 'resource owner authorizes the client with extra scopes' do
|
|
109
|
+
client_is_authorized(@client, @resource_owner, scopes: 'public')
|
|
110
|
+
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
|
111
|
+
click_on 'Authorize'
|
|
112
|
+
|
|
113
|
+
authorization_code = Doorkeeper::AccessGrant.first.token
|
|
114
|
+
post token_endpoint_url(code: authorization_code, client: @client)
|
|
115
|
+
|
|
116
|
+
expect(Doorkeeper::AccessToken.count).to be(2)
|
|
117
|
+
|
|
118
|
+
should_have_json 'access_token', Doorkeeper::AccessToken.last.token
|
|
119
|
+
access_token_should_have_scopes :public, :write
|
|
120
|
+
end
|
|
107
121
|
end
|
|
108
122
|
end
|
|
@@ -24,17 +24,36 @@ feature 'Skip authorization form' do
|
|
|
24
24
|
url_should_have_param 'code', Doorkeeper::AccessGrant.first.token
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
scenario 'does not skip authorization when scopes differ' do
|
|
27
|
+
scenario 'does not skip authorization when scopes differ (new request has fewer scopes)' do
|
|
28
28
|
client_is_authorized(@client, @resource_owner, scopes: 'public write')
|
|
29
29
|
visit authorization_endpoint_url(client: @client, scope: 'public')
|
|
30
30
|
i_should_see 'Authorize'
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
scenario 'does not skip authorization when scopes differ (new request has more scopes)' do
|
|
34
|
+
client_is_authorized(@client, @resource_owner, scopes: 'public write')
|
|
35
|
+
visit authorization_endpoint_url(client: @client, scopes: 'public write email')
|
|
36
|
+
i_should_see 'Authorize'
|
|
37
|
+
end
|
|
38
|
+
|
|
33
39
|
scenario 'creates grant with new scope when scopes differ' do
|
|
34
40
|
client_is_authorized(@client, @resource_owner, scopes: 'public write')
|
|
35
41
|
visit authorization_endpoint_url(client: @client, scope: 'public')
|
|
36
42
|
click_on 'Authorize'
|
|
37
43
|
access_grant_should_have_scopes :public
|
|
38
44
|
end
|
|
45
|
+
|
|
46
|
+
scenario 'doesn not skip authorization when scopes are greater' do
|
|
47
|
+
client_is_authorized(@client, @resource_owner, scopes: 'public')
|
|
48
|
+
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
|
49
|
+
i_should_see 'Authorize'
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
scenario 'creates grant with new scope when scopes are greater' do
|
|
53
|
+
client_is_authorized(@client, @resource_owner, scopes: 'public')
|
|
54
|
+
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
|
55
|
+
click_on 'Authorize'
|
|
56
|
+
access_grant_should_have_scopes :public, :write
|
|
57
|
+
end
|
|
39
58
|
end
|
|
40
59
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Felipe Elias Philipp
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-03-01 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: railties
|
|
@@ -17,14 +17,14 @@ dependencies:
|
|
|
17
17
|
requirements:
|
|
18
18
|
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
|
-
version: '3.
|
|
20
|
+
version: '3.2'
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
25
|
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: '3.
|
|
27
|
+
version: '3.2'
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
29
|
name: sqlite3
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -181,6 +181,7 @@ files:
|
|
|
181
181
|
- Gemfile
|
|
182
182
|
- MIT-LICENSE
|
|
183
183
|
- README.md
|
|
184
|
+
- RELEASING.md
|
|
184
185
|
- Rakefile
|
|
185
186
|
- app/assets/stylesheets/doorkeeper/admin/application.css
|
|
186
187
|
- app/assets/stylesheets/doorkeeper/application.css
|