doorkeeper 5.6.5 → 5.6.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -5
  3. data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
  4. data/lib/doorkeeper/config/validations.rb +0 -15
  5. data/lib/doorkeeper/errors.rb +0 -1
  6. data/lib/doorkeeper/oauth/error_response.rb +1 -2
  7. data/lib/doorkeeper/oauth/refresh_token_request.rb +9 -1
  8. data/lib/doorkeeper/oauth/token_response.rb +1 -2
  9. data/lib/doorkeeper/version.rb +1 -1
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8430b36ebe602cb716e1d404c53e17cbe41a6e122fb3004e77dc5b16ea70a7bd
4
- data.tar.gz: 7d8033e2051e21776c0d57e3bbe23d6d2cea04e615c48b9d82a7a704373ff7cb
3
+ metadata.gz: b62a0472a97d06b40362817c9d5c0dd7dd6e0d0e600437a19f5cf2fd18c4be46
4
+ data.tar.gz: 9850cef14c21a1f0df2fb451a485ab5b8066360a3008124f7aed287409364e36
5
5
  SHA512:
6
- metadata.gz: a89cf897778ebd53736ff57f9e7f5eb587ffa6da110e04a62a99816b3719ab9d109700a6cace1d36208bfb34eeb4fd7153aeaef7792275b57cde34e189904510
7
- data.tar.gz: bc943f37ca582f1badaa25d98715f1e5ec2a86f8da3f99ef7367cbcc63a99a20a0cc3458d1c2919bb1088e6a09ffd47e33a6634b78b8fcc0e49993681c56a683
6
+ metadata.gz: de0c7021c4735b26249e5b267db11ede06f55b23d8f9bd51641d1cf3eee3812e14a2deec986e8aa6ee81de98097083fdb634a441fd4928cb47286fa977ba5d96
7
+ data.tar.gz: 3865639c837771ceeafceec8a110e506f88fef45c61f7274782c637e794f9185be18ee98270852bac6fecb0fc90e4893dfed08d715c761507e87396e5a559bc2
data/CHANGELOG.md CHANGED
@@ -9,6 +9,13 @@ User-visible changes worth mentioning.
9
9
 
10
10
  - [#ID] Add your PR description here.
11
11
 
12
+ ## 5.6.6
13
+
14
+ - [#1644] Update HTTP headers.
15
+ - [#1646] Block public clients automatic authorization skip.
16
+ - [#1648] Add custom token attributes to Refresh Token Request.
17
+ - [#1649] Fixed custom_access_token_attributes related errors.
18
+
12
19
  # 5.6.5
13
20
 
14
21
  - [#1602] Allow custom data to be stored inside access grants/tokens.
@@ -45,7 +52,7 @@ User-visible changes worth mentioning.
45
52
 
46
53
  ## 5.6.0.rc2
47
54
 
48
- - [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
55
+ - [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
49
56
  application scopes when using client credentials.
50
57
  - [#1567] Only filter `code` parameter if authorization_code grant flow is enabled.
51
58
 
@@ -80,7 +87,7 @@ User-visible changes worth mentioning.
80
87
  ## 5.5.1
81
88
 
82
89
  - [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
83
- - [#1495] Fix `respond_to` undefined in API-only mode
90
+ - [#1495] Fix `respond_to` undefined in API-only mode
84
91
  - [#1488] Verify client authentication for Resource Owner Password Grant when
85
92
  `config.skip_client_authentication_for_password_grant` is set and the client credentials
86
93
  are sent in a HTTP Basic auth header.
@@ -94,10 +101,10 @@ User-visible changes worth mentioning.
94
101
  ## 5.5.0.rc2
95
102
 
96
103
  - [#1473] Enable `Applications` and `AuthorizedApplications` controllers in API mode.
97
-
98
- **[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
104
+
105
+ **[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
99
106
  `use_doorkeeper` inside `routes.rb`. Please do it in case you don't need them.
100
-
107
+
101
108
  - [#1472] Fix `establish_connection` configuration for custom defined models.
102
109
  - [#1471] Add support for Ruby 3.0.
103
110
  - [#1469] Check if `redirect_uri` exists.
data/app/controllers/doorkeeper/authorizations_controller.rb CHANGED
@@ -31,7 +31,7 @@ module Doorkeeper
31
31
  private
32
32
 
33
33
  def render_success
34
- if skip_authorization? || matching_token?
34
+ if skip_authorization? || (matching_token? && pre_auth.client.application.confidential?)
35
35
  redirect_or_render(authorize_response)
36
36
  elsif Doorkeeper.configuration.api_only
37
37
  render json: pre_auth
data/lib/doorkeeper/config/validations.rb CHANGED
@@ -11,7 +11,6 @@ module Doorkeeper
11
11
  validate_reuse_access_token_value
12
12
  validate_token_reuse_limit
13
13
  validate_secret_strategies
14
- validate_custom_access_token_attributes
15
14
  end
16
15
 
17
16
  private
@@ -49,20 +48,6 @@ module Doorkeeper
49
48
  )
50
49
  @token_reuse_limit = 100
51
50
  end
52
-
53
- # Validate that the access_token and access_grant models
54
- # both respond to all of the custom attributes
55
- def validate_custom_access_token_attributes
56
- return if custom_access_token_attributes.blank?
57
-
58
- custom_access_token_attributes.each do |attribute_name|
59
- [access_token_model, access_grant_model].each do |model|
60
- next if model.has_attribute?(attribute_name)
61
-
62
- raise Doorkeeper::Errors::ConfigError, "#{model} does not recognize custom attribute: #{attribute_name}."
63
- end
64
- end
65
- end
66
51
  end
67
52
  end
68
53
  end
data/lib/doorkeeper/errors.rb CHANGED
@@ -44,7 +44,6 @@ module Doorkeeper
44
44
  UnableToGenerateToken = Class.new(DoorkeeperError)
45
45
  TokenGeneratorNotFound = Class.new(DoorkeeperError)
46
46
  NoOrmCleaner = Class.new(DoorkeeperError)
47
- ConfigError = Class.new(DoorkeeperError)
48
47
 
49
48
  InvalidToken = Class.new(BaseResponseError)
50
49
  TokenExpired = Class.new(InvalidToken)
data/lib/doorkeeper/oauth/error_response.rb CHANGED
@@ -55,8 +55,7 @@ module Doorkeeper
55
55
 
56
56
  def headers
57
57
  {
58
- "Cache-Control" => "no-store",
59
- "Pragma" => "no-cache",
58
+ "Cache-Control" => "no-store, no-cache",
60
59
  "Content-Type" => "application/json; charset=utf-8",
61
60
  "WWW-Authenticate" => authenticate_info,
62
61
  }
data/lib/doorkeeper/oauth/refresh_token_request.rb CHANGED
@@ -49,7 +49,7 @@ module Doorkeeper
49
49
  end
50
50
 
51
51
  def create_access_token
52
- attributes = {}
52
+ attributes = {}.merge(custom_token_attributes_with_data)
53
53
 
54
54
  resource_owner =
55
55
  if Doorkeeper.config.polymorphic_resource_owner?
@@ -119,6 +119,14 @@ module Doorkeeper
119
119
  true
120
120
  end
121
121
  end
122
+
123
+ def custom_token_attributes_with_data
124
+ refresh_token
125
+ .attributes
126
+ .with_indifferent_access
127
+ .slice(*Doorkeeper.config.custom_access_token_attributes)
128
+ .symbolize_keys
129
+ end
122
130
  end
123
131
  end
124
132
  end
data/lib/doorkeeper/oauth/token_response.rb CHANGED
@@ -26,8 +26,7 @@ module Doorkeeper
26
26
 
27
27
  def headers
28
28
  {
29
- "Cache-Control" => "no-store",
30
- "Pragma" => "no-cache",
29
+ "Cache-Control" => "no-store, no-cache",
31
30
  "Content-Type" => "application/json; charset=utf-8",
32
31
  }
33
32
  end
data/lib/doorkeeper/version.rb CHANGED
@@ -5,7 +5,7 @@ module Doorkeeper
5
5
  # Semantic versioning
6
6
  MAJOR = 5
7
7
  MINOR = 6
8
- TINY = 5
8
+ TINY = 6
9
9
  PRE = nil
10
10
 
11
11
  # Full version number
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.6.5
4
+ version: 5.6.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2023-02-22 00:00:00.000000000 Z
14
+ date: 2023-03-29 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties