doorkeeper 5.6.5 → 5.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -5
  3. data/app/controllers/doorkeeper/authorizations_controller.rb +1 -1
  4. data/lib/doorkeeper/config/validations.rb +0 -15
  5. data/lib/doorkeeper/errors.rb +0 -1
  6. data/lib/doorkeeper/oauth/error_response.rb +1 -2
  7. data/lib/doorkeeper/oauth/refresh_token_request.rb +9 -1
  8. data/lib/doorkeeper/oauth/token_response.rb +1 -2
  9. data/lib/doorkeeper/version.rb +1 -1
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8430b36ebe602cb716e1d404c53e17cbe41a6e122fb3004e77dc5b16ea70a7bd
4
- data.tar.gz: 7d8033e2051e21776c0d57e3bbe23d6d2cea04e615c48b9d82a7a704373ff7cb
3
+ metadata.gz: b62a0472a97d06b40362817c9d5c0dd7dd6e0d0e600437a19f5cf2fd18c4be46
4
+ data.tar.gz: 9850cef14c21a1f0df2fb451a485ab5b8066360a3008124f7aed287409364e36
5
5
  SHA512:
6
- metadata.gz: a89cf897778ebd53736ff57f9e7f5eb587ffa6da110e04a62a99816b3719ab9d109700a6cace1d36208bfb34eeb4fd7153aeaef7792275b57cde34e189904510
7
- data.tar.gz: bc943f37ca582f1badaa25d98715f1e5ec2a86f8da3f99ef7367cbcc63a99a20a0cc3458d1c2919bb1088e6a09ffd47e33a6634b78b8fcc0e49993681c56a683
6
+ metadata.gz: de0c7021c4735b26249e5b267db11ede06f55b23d8f9bd51641d1cf3eee3812e14a2deec986e8aa6ee81de98097083fdb634a441fd4928cb47286fa977ba5d96
7
+ data.tar.gz: 3865639c837771ceeafceec8a110e506f88fef45c61f7274782c637e794f9185be18ee98270852bac6fecb0fc90e4893dfed08d715c761507e87396e5a559bc2
data/CHANGELOG.md CHANGED
@@ -9,6 +9,13 @@ User-visible changes worth mentioning.
9
9
 
10
10
  - [#ID] Add your PR description here.
11
11
 
12
+ ## 5.6.6
13
+
14
+ - [#1644] Update HTTP headers.
15
+ - [#1646] Block public clients automatic authorization skip.
16
+ - [#1648] Add custom token attributes to Refresh Token Request.
17
+ - [#1649] Fixed custom_access_token_attributes related errors.
18
+
12
19
  # 5.6.5
13
20
 
14
21
  - [#1602] Allow custom data to be stored inside access grants/tokens.
@@ -45,7 +52,7 @@ User-visible changes worth mentioning.
45
52
 
46
53
  ## 5.6.0.rc2
47
54
 
48
- - [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
55
+ - [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
49
56
  application scopes when using client credentials.
50
57
  - [#1567] Only filter `code` parameter if authorization_code grant flow is enabled.
51
58
 
@@ -80,7 +87,7 @@ User-visible changes worth mentioning.
80
87
  ## 5.5.1
81
88
 
82
89
  - [#1496] Revoke `old_refresh_token` if `previous_refresh_token` is present.
83
- - [#1495] Fix `respond_to` undefined in API-only mode
90
+ - [#1495] Fix `respond_to` undefined in API-only mode
84
91
  - [#1488] Verify client authentication for Resource Owner Password Grant when
85
92
  `config.skip_client_authentication_for_password_grant` is set and the client credentials
86
93
  are sent in a HTTP Basic auth header.
@@ -94,10 +101,10 @@ User-visible changes worth mentioning.
94
101
  ## 5.5.0.rc2
95
102
 
96
103
  - [#1473] Enable `Applications` and `AuthorizedApplications` controllers in API mode.
97
-
98
- **[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
104
+
105
+ **[IMPORTANT]** you can still skip these controllers using `skip_controllers` in
99
106
  `use_doorkeeper` inside `routes.rb`. Please do it in case you don't need them.
100
-
107
+
101
108
  - [#1472] Fix `establish_connection` configuration for custom defined models.
102
109
  - [#1471] Add support for Ruby 3.0.
103
110
  - [#1469] Check if `redirect_uri` exists.
data/app/controllers/doorkeeper/authorizations_controller.rb CHANGED
@@ -31,7 +31,7 @@ module Doorkeeper
31
31
  private
32
32
 
33
33
  def render_success
34
- if skip_authorization? || matching_token?
34
+ if skip_authorization? || (matching_token? && pre_auth.client.application.confidential?)
35
35
  redirect_or_render(authorize_response)
36
36
  elsif Doorkeeper.configuration.api_only
37
37
  render json: pre_auth
data/lib/doorkeeper/config/validations.rb CHANGED
@@ -11,7 +11,6 @@ module Doorkeeper
11
11
  validate_reuse_access_token_value
12
12
  validate_token_reuse_limit
13
13
  validate_secret_strategies
14
- validate_custom_access_token_attributes
15
14
  end
16
15
 
17
16
  private
@@ -49,20 +48,6 @@ module Doorkeeper
49
48
  )
50
49
  @token_reuse_limit = 100
51
50
  end
52
-
53
- # Validate that the access_token and access_grant models
54
- # both respond to all of the custom attributes
55
- def validate_custom_access_token_attributes
56
- return if custom_access_token_attributes.blank?
57
-
58
- custom_access_token_attributes.each do |attribute_name|
59
- [access_token_model, access_grant_model].each do |model|
60
- next if model.has_attribute?(attribute_name)
61
-
62
- raise Doorkeeper::Errors::ConfigError, "#{model} does not recognize custom attribute: #{attribute_name}."
63
- end
64
- end
65
- end
66
51
  end
67
52
  end
68
53
  end
data/lib/doorkeeper/errors.rb CHANGED
@@ -44,7 +44,6 @@ module Doorkeeper
44
44
  UnableToGenerateToken = Class.new(DoorkeeperError)
45
45
  TokenGeneratorNotFound = Class.new(DoorkeeperError)
46
46
  NoOrmCleaner = Class.new(DoorkeeperError)
47
- ConfigError = Class.new(DoorkeeperError)
48
47
 
49
48
  InvalidToken = Class.new(BaseResponseError)
50
49
  TokenExpired = Class.new(InvalidToken)
data/lib/doorkeeper/oauth/error_response.rb CHANGED
@@ -55,8 +55,7 @@ module Doorkeeper
55
55
 
56
56
  def headers
57
57
  {
58
- "Cache-Control" => "no-store",
59
- "Pragma" => "no-cache",
58
+ "Cache-Control" => "no-store, no-cache",
60
59
  "Content-Type" => "application/json; charset=utf-8",
61
60
  "WWW-Authenticate" => authenticate_info,
62
61
  }
data/lib/doorkeeper/oauth/refresh_token_request.rb CHANGED
@@ -49,7 +49,7 @@ module Doorkeeper
49
49
  end
50
50
 
51
51
  def create_access_token
52
- attributes = {}
52
+ attributes = {}.merge(custom_token_attributes_with_data)
53
53
 
54
54
  resource_owner =
55
55
  if Doorkeeper.config.polymorphic_resource_owner?
@@ -119,6 +119,14 @@ module Doorkeeper
119
119
  true
120
120
  end
121
121
  end
122
+
123
+ def custom_token_attributes_with_data
124
+ refresh_token
125
+ .attributes
126
+ .with_indifferent_access
127
+ .slice(*Doorkeeper.config.custom_access_token_attributes)
128
+ .symbolize_keys
129
+ end
122
130
  end
123
131
  end
124
132
  end
data/lib/doorkeeper/oauth/token_response.rb CHANGED
@@ -26,8 +26,7 @@ module Doorkeeper
26
26
 
27
27
  def headers
28
28
  {
29
- "Cache-Control" => "no-store",
30
- "Pragma" => "no-cache",
29
+ "Cache-Control" => "no-store, no-cache",
31
30
  "Content-Type" => "application/json; charset=utf-8",
32
31
  }
33
32
  end
data/lib/doorkeeper/version.rb CHANGED
@@ -5,7 +5,7 @@ module Doorkeeper
5
5
  # Semantic versioning
6
6
  MAJOR = 5
7
7
  MINOR = 6
8
- TINY = 5
8
+ TINY = 6
9
9
  PRE = nil
10
10
 
11
11
  # Full version number
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.6.5
4
+ version: 5.6.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2023-02-22 00:00:00.000000000 Z
14
+ date: 2023-03-29 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties