doorkeeper 5.8.1 → 5.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/app/controllers/doorkeeper/tokens_controller.rb +4 -2
  4. data/config/locales/en.yml +1 -0
  5. data/lib/doorkeeper/errors.rb +0 -1
  6. data/lib/doorkeeper/oauth/authorization_code_request.rb +1 -5
  7. data/lib/doorkeeper/oauth/pre_authorization.rb +7 -3
  8. data/lib/doorkeeper/rails/helpers.rb +3 -1
  9. data/lib/doorkeeper/version.rb +1 -1
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8364fc5d75f9cbe96cc3ef67c8010dde471eb51ced0cf328f9ca84705553976f
4
- data.tar.gz: db817023f41b070185ae9d6fae32b9d9b0eb0fc7abf8bdd99961c80e8bece1dd
3
+ metadata.gz: de574cec8c17af2fd1026081acc0bf592c71ecbf947d92546df6b4d48ce3b5ce
4
+ data.tar.gz: eb282ce352bbd4491014b753535ff24e804ca801e02aef8a6ded3f7ca5951e64
5
5
  SHA512:
6
- metadata.gz: 940f6253760d9117390495e97fa270aa0337a7379d2070d2be5ce2a44cf8148f451ffe7a3ba0451ab88d1cbb5bd4242f6d4a7de90204cf2749a57bdeaa4005ed
7
- data.tar.gz: 728ea65c1e37f7f77183e5528c441cf7b9c8a4493428bbafbfe7815dec4b227d8bd033e05c4ee2dde50b9cc252cad7241b5d287d2df28e6631f9ccada5c7afc5
6
+ metadata.gz: 68b668d79eb5532cb4dbe660eb26269d67eb545b5dbd12bae15c087752c7e5447e1f60326725c0d838189a746de5718e8644605dcdd946d4f2cf29a556297369
7
+ data.tar.gz: 8ad2d79f707129abd0787710cc86ee563af9887f986dec03edc396c691ffb26e18279b3693bc15658d059e78dd7dc2ce3093a137c03bb16e7858832d9e80c368
data/CHANGELOG.md CHANGED
@@ -9,6 +9,13 @@ User-visible changes worth mentioning.
9
9
 
10
10
  Add your entry here.
11
11
 
12
+ ## 5.8.2
13
+
14
+ - [#1755] Fix the error message for force_pkce
15
+ - [#1761] Memoize authentication failure
16
+ - [#1762] Allow missing client to trigger invalid client error when force_pkce is enabled
17
+ - [#1767] Make sure error handling happens on a controller level opposed to action level to account for the controller being extended
18
+
12
19
  ## 5.8.1
13
20
 
14
21
  - [#1752] Bump the range of supported Ruby and Rails versions
data/app/controllers/doorkeeper/tokens_controller.rb CHANGED
@@ -4,12 +4,14 @@ module Doorkeeper
4
4
  class TokensController < Doorkeeper::ApplicationMetalController
5
5
  before_action :validate_presence_of_client, only: [:revoke]
6
6
 
7
+ rescue_from Errors::DoorkeeperError do |e|
8
+ handle_token_exception(e)
9
+ end
10
+
7
11
  def create
8
12
  headers.merge!(authorize_response.headers)
9
13
  render json: authorize_response.body,
10
14
  status: authorize_response.status
11
- rescue Errors::DoorkeeperError => e
12
- handle_token_exception(e)
13
15
  end
14
16
 
15
17
  # OAuth 2.0 Token Revocation - https://datatracker.ietf.org/doc/html/rfc7009
data/config/locales/en.yml CHANGED
@@ -96,6 +96,7 @@ en:
96
96
  unknown: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
97
97
  missing_param: 'Missing required parameter: %{value}.'
98
98
  request_not_authorized: 'Request need to be authorized. Required parameter for authorizing request is missing or invalid.'
99
+ invalid_code_challenge: 'Code challenge is required.'
99
100
  invalid_redirect_uri: "The requested redirect uri is malformed or doesn't match client redirect URI."
100
101
  unauthorized_client: 'The client is not authorized to perform this request using this method.'
101
102
  access_denied: 'The resource owner or authorization server denied the request.'
data/lib/doorkeeper/errors.rb CHANGED
@@ -68,7 +68,6 @@ module Doorkeeper
68
68
  InvalidClient = Class.new(BaseResponseError)
69
69
  InvalidScope = Class.new(BaseResponseError)
70
70
  InvalidRedirectUri = Class.new(BaseResponseError)
71
- InvalidCodeChallenge = Class.new(BaseResponseError)
72
71
  InvalidGrant = Class.new(BaseResponseError)
73
72
 
74
73
  UnauthorizedClient = Class.new(BaseResponseError)
data/lib/doorkeeper/oauth/authorization_code_request.rb CHANGED
@@ -59,15 +59,11 @@ module Doorkeeper
59
59
  Doorkeeper.config.access_grant_model.pkce_supported?
60
60
  end
61
61
 
62
- def confidential?
63
- client&.confidential
64
- end
65
-
66
62
  def validate_params
67
63
  @missing_param =
68
64
  if grant&.uses_pkce? && code_verifier.blank?
69
65
  :code_verifier
70
- elsif !confidential? && Doorkeeper.config.force_pkce? && code_verifier.blank?
66
+ elsif client && !client.confidential && Doorkeeper.config.force_pkce? && code_verifier.blank?
71
67
  :code_verifier
72
68
  elsif redirect_uri.blank?
73
69
  :redirect_uri
data/lib/doorkeeper/oauth/pre_authorization.rb CHANGED
@@ -14,12 +14,13 @@ module Doorkeeper
14
14
  validate :response_type, error: Errors::UnsupportedResponseType
15
15
  validate :response_mode, error: Errors::UnsupportedResponseMode
16
16
  validate :scopes, error: Errors::InvalidScope
17
- validate :code_challenge, error: Errors::InvalidCodeChallenge
17
+ validate :code_challenge, error: Errors::InvalidRequest
18
18
  validate :code_challenge_method, error: Errors::InvalidCodeChallengeMethod
19
19
 
20
20
  attr_reader :client, :code_challenge, :code_challenge_method, :missing_param,
21
21
  :redirect_uri, :resource_owner, :response_type, :state,
22
- :authorization_response_flow, :response_mode, :custom_access_token_attributes
22
+ :authorization_response_flow, :response_mode, :custom_access_token_attributes,
23
+ :invalid_request_reason
23
24
 
24
25
  def initialize(server, parameters = {}, resource_owner = nil)
25
26
  @server = server
@@ -147,7 +148,10 @@ module Doorkeeper
147
148
  def validate_code_challenge
148
149
  return true unless Doorkeeper.config.force_pkce?
149
150
  return true if client.confidential
150
- code_challenge.present?
151
+ return true if code_challenge.present?
152
+
153
+ @invalid_request_reason = :invalid_code_challenge
154
+ false
151
155
  end
152
156
 
153
157
  def validate_code_challenge_method
data/lib/doorkeeper/rails/helpers.rb CHANGED
@@ -70,7 +70,9 @@ module Doorkeeper
70
70
  end
71
71
 
72
72
  def doorkeeper_token
73
- @doorkeeper_token ||= OAuth::Token.authenticate(
73
+ return @doorkeeper_token if defined?(@doorkeeper_token)
74
+
75
+ @doorkeeper_token = OAuth::Token.authenticate(
74
76
  request,
75
77
  *Doorkeeper.config.access_token_methods,
76
78
  )
data/lib/doorkeeper/version.rb CHANGED
@@ -5,7 +5,7 @@ module Doorkeeper
5
5
  # Semantic versioning
6
6
  MAJOR = 5
7
7
  MINOR = 8
8
- TINY = 1
8
+ TINY = 2
9
9
  PRE = nil
10
10
 
11
11
  # Full version number
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.8.1
4
+ version: 5.8.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2024-12-09 00:00:00.000000000 Z
14
+ date: 2025-04-04 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: railties