doorkeeper 5.2.1 → 5.2.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 40f547a3fdce5d12fc2cac4eacd6de0d99f57994f503d9b2e5a1d423195e748d
4
- data.tar.gz: 152612d3fad63c298d2143b1a2811d388dc0c84b57ff121f465b496c01319717
3
+ metadata.gz: 64def194ba59abd58240aa70f39ac3406d98b22f5d7b8b9cfe5399806a4e151f
4
+ data.tar.gz: 746dd0ba0787e9c2d2fae79557c5bea548eb5553c8912c5fa9fbc39fe7ef3669
5
5
  SHA512:
6
- metadata.gz: 3a2e829aa9101e71720484f5faa044db3d5b67aac940ab12e0265d27cb46a443247235a64958dcc5bec05995017e78479e2c08146bc25ab04c984dc3b735bc86
7
- data.tar.gz: b579173c6564b9415fd411afdeea5dbfd647b561e7fa2627285dd158d729bbec90fb447db7fa0fdb858822d67a71ba707deaaf8e75768e8a67b5b3a4c66662c6
6
+ metadata.gz: 1d04c62db89266915673e8527bcfbe61da5ebff72141de2a1b5712c2989fd283eb379008ef78c5f365e5f04fcfc10646a7614069ab23ddf0acc14a445bd54bed
7
+ data.tar.gz: 788ea936761f3f91aa5906fedfea068427ac9f2a8412440fbde81938947f56b62beed61be8fcce4591fa252212a0072779711d3214488f3bc94723baa1468bf0
data/CHANGELOG.md CHANGED
@@ -7,12 +7,18 @@ User-visible changes worth mentioning.
7
7
 
8
8
  ## master
9
9
 
10
- - [#PD ID] Your PR short description.
10
+ - [#PR ID] Your PR short description.
11
+
12
+ ## 5.2.2
13
+
14
+ - [#1320] Call configured `authenticate_resource_owner` method once per request.
15
+ - [#1315] Allow generation of new secret with `Doorkeeper::Application#renew_secret`.
16
+ - [#1309] Allow `Doorkeeper::Application#to_json` to work without arguments.
11
17
 
12
18
  ## 5.2.1
13
19
 
14
20
  - [#1308] Fix flash types for `api_only` mode (no flashes for `ActionController::API`).
15
- - [#1306] Fix interpolation of `missing_param` i18n.
21
+ - [#1306] Fix interpolation of `missing_param` I18n.
16
22
 
17
23
  ## 5.2.0
18
24
 
data/Gemfile CHANGED
@@ -11,7 +11,7 @@ gem "rails", "~> 6.0.0"
11
11
  gem "rspec-core", github: "rspec/rspec-core"
12
12
  gem "rspec-expectations", github: "rspec/rspec-expectations"
13
13
  gem "rspec-mocks", github: "rspec/rspec-mocks"
14
- gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-dev"
14
+ gem "rspec-rails", github: "rspec/rspec-rails", branch: "4-0-maintenance"
15
15
  gem "rspec-support", github: "rspec/rspec-support"
16
16
 
17
17
  gem "rubocop", "~> 0.66"
@@ -16,7 +16,9 @@ module Doorkeeper
16
16
 
17
17
  # :doc:
18
18
  def current_resource_owner
19
- instance_eval(&Doorkeeper.configuration.authenticate_resource_owner)
19
+ @current_resource_owner ||= begin
20
+ instance_eval(&Doorkeeper.configuration.authenticate_resource_owner)
21
+ end
20
22
  end
21
23
 
22
24
  def resource_owner_from_credentials
@@ -46,6 +46,14 @@ module Doorkeeper
46
46
  AccessGrant.revoke_all_for(id, resource_owner)
47
47
  end
48
48
 
49
+ # Generates a new secret for this application, intended to be used
50
+ # for rotating the secret or in case of compromise.
51
+ #
52
+ def renew_secret
53
+ @raw_secret = UniqueToken.generate
54
+ secret_strategy.store_secret(self, :secret, @raw_secret)
55
+ end
56
+
49
57
  # We keep a volatile copy of the raw secret for initial communication
50
58
  # The stored refresh_token may be mapped and not available in cleartext.
51
59
  #
@@ -60,7 +68,7 @@ module Doorkeeper
60
68
  end
61
69
  end
62
70
 
63
- def to_json(options)
71
+ def to_json(options = nil)
64
72
  serializable_hash(except: :secret)
65
73
  .merge(secret: plaintext_secret)
66
74
  .to_json(options)
@@ -74,9 +82,7 @@ module Doorkeeper
74
82
 
75
83
  def generate_secret
76
84
  return unless secret.blank?
77
-
78
- @raw_secret = UniqueToken.generate
79
- secret_strategy.store_secret(self, :secret, @raw_secret)
85
+ renew_secret
80
86
  end
81
87
 
82
88
  def scopes_match_configured
@@ -9,7 +9,7 @@ module Doorkeeper
9
9
  # Semantic versioning
10
10
  MAJOR = 5
11
11
  MINOR = 2
12
- TINY = 1
12
+ TINY = 2
13
13
  PRE = nil
14
14
 
15
15
  # Full version number
@@ -28,7 +28,9 @@ describe Doorkeeper::AuthorizationsController, "implicit grant flow" do
28
28
  end
29
29
 
30
30
  allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(["implicit"])
31
- allow(controller).to receive(:current_resource_owner).and_return(user)
31
+ allow(Doorkeeper.configuration).to receive(:authenticate_resource_owner).and_return(->(_) { authenticator_method })
32
+ allow(controller).to receive(:authenticator_method).and_return(user)
33
+ expect(controller).to receive(:authenticator_method).at_most(:once)
32
34
  end
33
35
 
34
36
  describe "POST #create" do
@@ -69,6 +69,8 @@ module Doorkeeper::OAuth
69
69
  end
70
70
 
71
71
  it "invalid code_verifier param because server does not support pkce" do
72
+ # Some other ORMs work relies on #respond_to? so it's not a good idea to stub it :\
73
+ allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(anything).and_call_original
72
74
  allow_any_instance_of(Doorkeeper::AccessGrant).to receive(:respond_to?).with(:code_challenge).and_return(false)
73
75
 
74
76
  subject.code_verifier = "a45a9fea-0676-477e-95b1-a40f72ac3cfb"
@@ -61,10 +61,29 @@ describe Doorkeeper::AccessGrant do
61
61
  it "upgrades a plain token when falling back to it" do
62
62
  # Side-effect: This will automatically upgrade the token
63
63
  expect(clazz).to receive(:upgrade_fallback_value).and_call_original
64
- expect(clazz.by_token(plain_text_token)).to eq(grant)
64
+ expect(clazz.by_token(plain_text_token))
65
+ .to have_attributes(
66
+ resource_owner_id: grant.resource_owner_id,
67
+ application_id: grant.application_id,
68
+ redirect_uri: grant.redirect_uri,
69
+ expires_in: grant.expires_in,
70
+ scopes: grant.scopes,
71
+ )
65
72
 
66
73
  # Will find subsequently by hashing the token
67
- expect(clazz.by_token(plain_text_token)).to eq(grant)
74
+ expect(clazz.by_token(plain_text_token))
75
+ .to have_attributes(
76
+ resource_owner_id: grant.resource_owner_id,
77
+ application_id: grant.application_id,
78
+ redirect_uri: grant.redirect_uri,
79
+ expires_in: grant.expires_in,
80
+ scopes: grant.scopes,
81
+ )
82
+
83
+ # Not all the ORM support :id PK
84
+ if grant.respond_to?(:id)
85
+ expect(clazz.by_token(plain_text_token).id).to eq(grant.id)
86
+ end
68
87
 
69
88
  # And it modifies the token value
70
89
  grant.reload
@@ -73,10 +73,25 @@ module Doorkeeper
73
73
  it "upgrades a plain token when falling back to it" do
74
74
  # Side-effect: This will automatically upgrade the token
75
75
  expect(clazz).to receive(:upgrade_fallback_value).and_call_original
76
- expect(clazz.by_token(plain_text_token)).to eq(access_token)
76
+ expect(clazz.by_token(plain_text_token))
77
+ .to have_attributes(
78
+ resource_owner_id: access_token.resource_owner_id,
79
+ application_id: access_token.application_id,
80
+ scopes: access_token.scopes,
81
+ )
77
82
 
78
83
  # Will find subsequently by hashing the token
79
- expect(clazz.by_token(plain_text_token)).to eq(access_token)
84
+ expect(clazz.by_token(plain_text_token))
85
+ .to have_attributes(
86
+ resource_owner_id: access_token.resource_owner_id,
87
+ application_id: access_token.application_id,
88
+ scopes: access_token.scopes,
89
+ )
90
+
91
+ # Not all the ORM support :id PK
92
+ if access_token.respond_to?(:id)
93
+ expect(clazz.by_token(plain_text_token).id).to eq(access_token.id)
94
+ end
80
95
 
81
96
  # And it modifies the token value
82
97
  access_token.reload
@@ -113,6 +128,7 @@ module Doorkeeper
113
128
  eigenclass.class_eval do
114
129
  remove_method :generate
115
130
  end
131
+
116
132
  module CustomGeneratorArgs
117
133
  def self.generate(opts = {})
118
134
  "custom_generator_token_#{opts[:application].name}"
@@ -307,10 +323,25 @@ module Doorkeeper
307
323
  it "upgrades a plain token when falling back to it" do
308
324
  # Side-effect: This will automatically upgrade the token
309
325
  expect(clazz).to receive(:upgrade_fallback_value).and_call_original
310
- expect(clazz.by_refresh_token(plain_refresh_token)).to eq(access_token)
326
+ expect(clazz.by_refresh_token(plain_refresh_token))
327
+ .to have_attributes(
328
+ token: access_token.token,
329
+ resource_owner_id: access_token.resource_owner_id,
330
+ application_id: access_token.application_id,
331
+ )
311
332
 
312
333
  # Will find subsequently by hashing the token
313
- expect(clazz.by_refresh_token(plain_refresh_token)).to eq(access_token)
334
+ expect(clazz.by_refresh_token(plain_refresh_token))
335
+ .to have_attributes(
336
+ token: access_token.token,
337
+ resource_owner_id: access_token.resource_owner_id,
338
+ application_id: access_token.application_id,
339
+ )
340
+
341
+ # Not all the ORM support :id PK
342
+ if access_token.respond_to?(:id)
343
+ expect(clazz.by_refresh_token(plain_refresh_token).id).to eq(access_token.id)
344
+ end
314
345
 
315
346
  # And it modifies the token value
316
347
  access_token.reload
@@ -271,6 +271,16 @@ module Doorkeeper
271
271
  end
272
272
  end
273
273
 
274
+ describe "#renew_secret" do
275
+ let(:app) { FactoryBot.create :application }
276
+
277
+ it "should generate a new secret" do
278
+ old_secret = app.secret
279
+ app.renew_secret
280
+ expect(old_secret).not_to eq(app.secret)
281
+ end
282
+ end
283
+
274
284
  describe :authorized_for do
275
285
  let(:resource_owner) { double(:resource_owner, id: 10) }
276
286
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.1
4
+ version: 5.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2019-09-17 00:00:00.000000000 Z
14
+ date: 2019-11-10 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties