doorkeeper 5.6.6 → 5.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +9 -0
  3. data/app/controllers/doorkeeper/authorizations_controller.rb +7 -4
  4. data/lib/doorkeeper/config.rb +4 -0
  5. data/lib/doorkeeper/errors.rb +1 -0
  6. data/lib/doorkeeper/models/access_token_mixin.rb +4 -0
  7. data/lib/doorkeeper/oauth/authorization_code_request.rb +1 -1
  8. data/lib/doorkeeper/oauth/client_credentials/issuer.rb +4 -3
  9. data/lib/doorkeeper/oauth/client_credentials_request.rb +10 -2
  10. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +1 -1
  11. data/lib/doorkeeper/oauth/invalid_request_response.rb +4 -0
  12. data/lib/doorkeeper/orm/active_record/mixins/application.rb +1 -1
  13. data/lib/doorkeeper/version.rb +1 -1
  14. data/lib/generators/doorkeeper/templates/initializer.rb +7 -1
  15. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b62a0472a97d06b40362817c9d5c0dd7dd6e0d0e600437a19f5cf2fd18c4be46
4
- data.tar.gz: 9850cef14c21a1f0df2fb451a485ab5b8066360a3008124f7aed287409364e36
3
+ metadata.gz: fe1238848f221c9cccf2a7d110e8d05dde7ebc0aab59f702fe258b4d2e415aa0
4
+ data.tar.gz: 46709212a318983949375e9e0c22a63e8a24256f50d47c660693a1bbbe40566c
5
5
  SHA512:
6
- metadata.gz: de0c7021c4735b26249e5b267db11ede06f55b23d8f9bd51641d1cf3eee3812e14a2deec986e8aa6ee81de98097083fdb634a441fd4928cb47286fa977ba5d96
7
- data.tar.gz: 3865639c837771ceeafceec8a110e506f88fef45c61f7274782c637e794f9185be18ee98270852bac6fecb0fc90e4893dfed08d715c761507e87396e5a559bc2
6
+ metadata.gz: 286b26e562e901d950a52618f6e7699cc29f3e4af5df202d20b466c782fcb9a7d844c00f59b04a0ace41f177cd45f788d934c0c812ebae818066d74d2ce89f1a
7
+ data.tar.gz: 23f2d816febe32008283607b1979b48c236ce66dc9086b9fd700c3ebe124557a548dbf9166175706e2cd4f5415b26d32210cd7e290a85c013becc8cb5185a417
data/CHANGELOG.md CHANGED
@@ -9,6 +9,15 @@ User-visible changes worth mentioning.
9
9
 
10
10
  - [#ID] Add your PR description here.
11
11
 
12
+ ## 5.6.7
13
+
14
+ - [#1662] Specify uri_redirect validation class explicitly.
15
+ - [#1652] Add custom attributes support to token generator.
16
+ - [#1667] Pass `client` instead of `grant.application` to `find_or_create_access_token`.
17
+ - [#1673] Honor `custom_access_token_attributes` in client credentials grant flow.
18
+ - [#1676] Improve AuthorizationsController error response handling
19
+ - [#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.
20
+
12
21
  ## 5.6.6
13
22
 
14
23
  - [#1644] Update HTTP headers.
data/app/controllers/doorkeeper/authorizations_controller.rb CHANGED
@@ -41,11 +41,14 @@ module Doorkeeper
41
41
  end
42
42
 
43
43
  def render_error
44
- if Doorkeeper.configuration.api_only
45
- render json: pre_auth.error_response.body,
46
- status: :bad_request
44
+ pre_auth.error_response.raise_exception! if Doorkeeper.config.raise_on_errors?
45
+
46
+ if Doorkeeper.configuration.redirect_on_errors? && pre_auth.error_response.redirectable?
47
+ redirect_or_render(pre_auth.error_response)
48
+ elsif Doorkeeper.configuration.api_only
49
+ render json: pre_auth.error_response.body, status: pre_auth.error_response.status
47
50
  else
48
- render :error, locals: { error_response: pre_auth.error_response }
51
+ render :error, locals: { error_response: pre_auth.error_response }, status: pre_auth.error_response.status
49
52
  end
50
53
  end
51
54
 
data/lib/doorkeeper/config.rb CHANGED
@@ -501,6 +501,10 @@ module Doorkeeper
501
501
  handle_auth_errors == :raise
502
502
  end
503
503
 
504
+ def redirect_on_errors?
505
+ handle_auth_errors == :redirect
506
+ end
507
+
504
508
  def application_secret_hashed?
505
509
  instance_variable_defined?(:"@application_secret_strategy")
506
510
  end
data/lib/doorkeeper/errors.rb CHANGED
@@ -45,6 +45,7 @@ module Doorkeeper
45
45
  TokenGeneratorNotFound = Class.new(DoorkeeperError)
46
46
  NoOrmCleaner = Class.new(DoorkeeperError)
47
47
 
48
+ InvalidRequest = Class.new(BaseResponseError)
48
49
  InvalidToken = Class.new(BaseResponseError)
49
50
  TokenExpired = Class.new(InvalidToken)
50
51
  TokenRevoked = Class.new(InvalidToken)
data/lib/doorkeeper/models/access_token_mixin.rb CHANGED
@@ -435,6 +435,10 @@ module Doorkeeper
435
435
  if Doorkeeper.config.polymorphic_resource_owner?
436
436
  attributes[:resource_owner] = resource_owner
437
437
  end
438
+
439
+ Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
440
+ attributes[attribute_name] = public_send(attribute_name)
441
+ end
438
442
  end
439
443
  end
440
444
 
data/lib/doorkeeper/oauth/authorization_code_request.rb CHANGED
@@ -32,7 +32,7 @@ module Doorkeeper
32
32
  grant.revoke
33
33
 
34
34
  find_or_create_access_token(
35
- grant.application,
35
+ client,
36
36
  resource_owner,
37
37
  grant.scopes,
38
38
  custom_token_attributes_with_data,
data/lib/doorkeeper/oauth/client_credentials/issuer.rb CHANGED
@@ -11,9 +11,9 @@ module Doorkeeper
11
11
  @validator = validator
12
12
  end
13
13
 
14
- def create(client, scopes, creator = Creator.new)
14
+ def create(client, scopes, attributes = {}, creator = Creator.new)
15
15
  if validator.valid?
16
- @token = create_token(client, scopes, creator)
16
+ @token = create_token(client, scopes, attributes, creator)
17
17
  @error = :server_error unless @token
18
18
  else
19
19
  @token = false
@@ -25,7 +25,7 @@ module Doorkeeper
25
25
 
26
26
  private
27
27
 
28
- def create_token(client, scopes, creator)
28
+ def create_token(client, scopes, attributes, creator)
29
29
  context = Authorization::Token.build_context(
30
30
  client,
31
31
  Doorkeeper::OAuth::CLIENT_CREDENTIALS,
@@ -39,6 +39,7 @@ module Doorkeeper
39
39
  scopes,
40
40
  use_refresh_token: false,
41
41
  expires_in: ttl,
42
+ **attributes
42
43
  )
43
44
  end
44
45
  end
data/lib/doorkeeper/oauth/client_credentials_request.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Doorkeeper
4
4
  module OAuth
5
5
  class ClientCredentialsRequest < BaseRequest
6
- attr_reader :client, :original_scopes, :response
6
+ attr_reader :client, :original_scopes, :parameters, :response
7
7
 
8
8
  alias error_response response
9
9
 
@@ -14,6 +14,7 @@ module Doorkeeper
14
14
  @server = server
15
15
  @response = nil
16
16
  @original_scopes = parameters[:scope]
17
+ @parameters = parameters.except(:scope)
17
18
  end
18
19
 
19
20
  def access_token
@@ -30,7 +31,14 @@ module Doorkeeper
30
31
  private
31
32
 
32
33
  def valid?
33
- issuer.create(client, scopes)
34
+ issuer.create(client, scopes, custom_token_attributes_with_data)
35
+ end
36
+
37
+ def custom_token_attributes_with_data
38
+ parameters
39
+ .with_indifferent_access
40
+ .slice(*Doorkeeper.config.custom_access_token_attributes)
41
+ .symbolize_keys
34
42
  end
35
43
  end
36
44
  end
data/lib/doorkeeper/oauth/helpers/uri_checker.rb CHANGED
@@ -40,7 +40,7 @@ module Doorkeeper
40
40
 
41
41
  def self.loopback_uri?(uri)
42
42
  IPAddr.new(uri.host).loopback?
43
- rescue IPAddr::Error
43
+ rescue IPAddr::Error, IPAddr::InvalidAddressError
44
44
  false
45
45
  end
46
46
 
data/lib/doorkeeper/oauth/invalid_request_response.rb CHANGED
@@ -35,6 +35,10 @@ module Doorkeeper
35
35
  )
36
36
  end
37
37
 
38
+ def exception_class
39
+ Doorkeeper::Errors::InvalidRequest
40
+ end
41
+
38
42
  def redirectable?
39
43
  super && @missing_param != :client_id
40
44
  end
data/lib/doorkeeper/orm/active_record/mixins/application.rb CHANGED
@@ -22,7 +22,7 @@ module Doorkeeper::Orm::ActiveRecord::Mixins
22
22
 
23
23
  validates :name, :secret, :uid, presence: true
24
24
  validates :uid, uniqueness: { case_sensitive: true }
25
- validates :redirect_uri, "doorkeeper/redirect_uri": true
25
+ validates_with Doorkeeper::RedirectUriValidator, attributes: [:redirect_uri]
26
26
  validates :confidential, inclusion: { in: [true, false] }
27
27
 
28
28
  validate :scopes_match_configured, if: :enforce_scopes?
data/lib/doorkeeper/version.rb CHANGED
@@ -5,7 +5,7 @@ module Doorkeeper
5
5
  # Semantic versioning
6
6
  MAJOR = 5
7
7
  MINOR = 6
8
- TINY = 6
8
+ TINY = 7
9
9
  PRE = nil
10
10
 
11
11
  # Full version number
data/lib/generators/doorkeeper/templates/initializer.rb CHANGED
@@ -312,6 +312,12 @@ Doorkeeper.configure do
312
312
  # Doorkeeper::Errors::TokenRevoked, Doorkeeper::Errors::TokenUnknown
313
313
  #
314
314
  # handle_auth_errors :raise
315
+ #
316
+ # If you want to redirect back to the client application in accordance with
317
+ # https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1, you can set
318
+ # +handle_auth_errors+ to :redirect
319
+ #
320
+ # handle_auth_errors :redirect
315
321
 
316
322
  # Customize token introspection response.
317
323
  # Allows to add your own fields to default one that are required by the OAuth spec
@@ -385,7 +391,7 @@ Doorkeeper.configure do
385
391
  # true in case resource owner authorized for the specific application or false in other
386
392
  # cases.
387
393
  #
388
- # Be default all Resource Owners are authorized to any Client (application).
394
+ # By default all Resource Owners are authorized to any Client (application).
389
395
  #
390
396
  # authorize_resource_owner_for_client do |client, resource_owner|
391
397
  # resource_owner.admin? || client.owners_allowlist.include?(resource_owner)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.6.6
4
+ version: 5.6.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2023-03-29 00:00:00.000000000 Z
14
+ date: 2023-11-23 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties