doorkeeper 5.5.0 → 5.5.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of doorkeeper might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/app/controllers/doorkeeper/application_controller.rb +1 -0
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
- data/lib/doorkeeper/config.rb +4 -0
- data/lib/doorkeeper/models/access_token_mixin.rb +2 -2
- data/lib/doorkeeper/oauth/password_access_token_request.rb +4 -3
- data/lib/doorkeeper/request/password.rb +1 -0
- data/lib/doorkeeper/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '08f9f8fec2b33300cb7ed4a09ff5682330698f51515404339a1ef40621f1d0d0'
|
|
4
|
+
data.tar.gz: 6d53afbc73dfdb731b0641575ffd7156ad3a74e11452654a99a1f24ad7f1093f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 345be4d8d397eacb61d21a749b0c8e1fe38a9f6f2868c14a76006a2cc0686c6e192b9828e7f37df39f83f80c69a4a8394191f9d28691db43616f47f52b2505bb
|
|
7
|
+
data.tar.gz: 4c96d9ad3d31305f1fb9fc135de3ee5a4e187a38f317307da6d83fc8dabe265dab741c52f25d7f907930a195918b1713aa3db6495b37626a2cfe5fe621f9e240
|
data/CHANGELOG.md
CHANGED
|
@@ -9,6 +9,14 @@ User-visible changes worth mentioning.
|
|
|
9
9
|
|
|
10
10
|
- [#PR ID] Add your PR description here.
|
|
11
11
|
|
|
12
|
+
## 5.5.1
|
|
13
|
+
|
|
14
|
+
- [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
|
|
15
|
+
- [#1495] Fix `respond_to` undefined in API-only mode
|
|
16
|
+
- [#1488] Verify client authentication for Resource Owner Password Grant when
|
|
17
|
+
`config.skip_client_authentication_for_password_grant` is set and the client credentials
|
|
18
|
+
are sent in a HTTP Basic auth header.
|
|
19
|
+
|
|
12
20
|
## 5.5.0
|
|
13
21
|
|
|
14
22
|
- [#1482] Simplify `TokenInfoController` to be overridable (extract response rendering).
|
|
@@ -4,6 +4,7 @@ module Doorkeeper
|
|
|
4
4
|
class ApplicationController <
|
|
5
5
|
Doorkeeper.config.resolve_controller(:base)
|
|
6
6
|
include Helpers::Controller
|
|
7
|
+
include ActionController::MimeResponds if Doorkeeper.config.api_only
|
|
7
8
|
|
|
8
9
|
unless Doorkeeper.config.api_only
|
|
9
10
|
protect_from_forgery with: :exception
|
data/lib/doorkeeper/config.rb
CHANGED
|
@@ -278,6 +278,10 @@ module Doorkeeper
|
|
|
278
278
|
# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/1189
|
|
279
279
|
option :token_reuse_limit, default: 100
|
|
280
280
|
|
|
281
|
+
# Don't require client authentication for password grants. If client credentials
|
|
282
|
+
# are present they will still be validated, and the grant rejected if the credentials
|
|
283
|
+
# are invalid.
|
|
284
|
+
#
|
|
281
285
|
# This is discouraged. Spec says that password grants always require a client.
|
|
282
286
|
#
|
|
283
287
|
# See https://github.com/doorkeeper-gem/doorkeeper/issues/1412#issuecomment-632750422
|
|
@@ -374,10 +374,10 @@ module Doorkeeper
|
|
|
374
374
|
# and clears `:previous_refresh_token` attribute.
|
|
375
375
|
#
|
|
376
376
|
def revoke_previous_refresh_token!
|
|
377
|
-
return
|
|
377
|
+
return if !self.class.refresh_token_revoked_on_use? || previous_refresh_token.blank?
|
|
378
378
|
|
|
379
379
|
old_refresh_token&.revoke
|
|
380
|
-
update_attribute(:previous_refresh_token, "")
|
|
380
|
+
update_attribute(:previous_refresh_token, "")
|
|
381
381
|
end
|
|
382
382
|
|
|
383
383
|
private
|
|
@@ -10,12 +10,13 @@ module Doorkeeper
|
|
|
10
10
|
validate :resource_owner, error: :invalid_grant
|
|
11
11
|
validate :scopes, error: :invalid_scope
|
|
12
12
|
|
|
13
|
-
attr_reader :client, :resource_owner, :parameters, :access_token
|
|
13
|
+
attr_reader :client, :credentials, :resource_owner, :parameters, :access_token
|
|
14
14
|
|
|
15
|
-
def initialize(server, client, resource_owner, parameters = {})
|
|
15
|
+
def initialize(server, client, credentials, resource_owner, parameters = {})
|
|
16
16
|
@server = server
|
|
17
17
|
@resource_owner = resource_owner
|
|
18
18
|
@client = client
|
|
19
|
+
@credentials = credentials
|
|
19
20
|
@parameters = parameters
|
|
20
21
|
@original_scopes = parameters[:scope]
|
|
21
22
|
@grant_type = Doorkeeper::OAuth::PASSWORD
|
|
@@ -60,7 +61,7 @@ module Doorkeeper
|
|
|
60
61
|
#
|
|
61
62
|
def validate_client
|
|
62
63
|
if Doorkeeper.config.skip_client_authentication_for_password_grant
|
|
63
|
-
!parameters[:client_id]
|
|
64
|
+
client.present? || (!parameters[:client_id] && credentials.blank?)
|
|
64
65
|
else
|
|
65
66
|
client.present?
|
|
66
67
|
end
|
data/lib/doorkeeper/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: doorkeeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.5.
|
|
4
|
+
version: 5.5.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Felipe Elias Philipp
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2021-
|
|
14
|
+
date: 2021-04-06 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: railties
|
|
@@ -89,14 +89,14 @@ dependencies:
|
|
|
89
89
|
requirements:
|
|
90
90
|
- - "~>"
|
|
91
91
|
- !ruby/object:Gem::Version
|
|
92
|
-
version: '
|
|
92
|
+
version: '2.0'
|
|
93
93
|
type: :development
|
|
94
94
|
prerelease: false
|
|
95
95
|
version_requirements: !ruby/object:Gem::Requirement
|
|
96
96
|
requirements:
|
|
97
97
|
- - "~>"
|
|
98
98
|
- !ruby/object:Gem::Version
|
|
99
|
-
version: '
|
|
99
|
+
version: '2.0'
|
|
100
100
|
- !ruby/object:Gem::Dependency
|
|
101
101
|
name: factory_bot
|
|
102
102
|
requirement: !ruby/object:Gem::Requirement
|