Commit 26eadca4 authored by Markus Koller's avatar Markus Koller

Upgrade doorkeeper-openid_connect

parent 70dc7e9a
...@@ -23,7 +23,7 @@ gem 'faraday', '~> 0.12' ...@@ -23,7 +23,7 @@ gem 'faraday', '~> 0.12'
# Authentication libraries # Authentication libraries
gem 'devise', '~> 4.2' gem 'devise', '~> 4.2'
gem 'doorkeeper', '~> 4.2.0' gem 'doorkeeper', '~> 4.2.0'
gem 'doorkeeper-openid_connect', '~> 1.1.0' gem 'doorkeeper-openid_connect', '~> 1.2.0'
gem 'omniauth', '~> 1.4.2' gem 'omniauth', '~> 1.4.2'
gem 'omniauth-auth0', '~> 1.4.1' gem 'omniauth-auth0', '~> 1.4.1'
gem 'omniauth-azure-oauth2', '~> 0.0.6' gem 'omniauth-azure-oauth2', '~> 0.0.6'
......
...@@ -83,7 +83,7 @@ GEM ...@@ -83,7 +83,7 @@ GEM
coderay (>= 1.0.0) coderay (>= 1.0.0)
erubis (>= 2.6.6) erubis (>= 2.6.6)
rack (>= 0.9.0) rack (>= 0.9.0)
bindata (2.3.5) bindata (2.4.1)
binding_of_caller (0.7.2) binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1) debug_inspector (>= 0.0.1)
bootstrap-sass (3.3.6) bootstrap-sass (3.3.6)
...@@ -167,9 +167,9 @@ GEM ...@@ -167,9 +167,9 @@ GEM
docile (1.1.5) docile (1.1.5)
domain_name (0.5.20161021) domain_name (0.5.20161021)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
doorkeeper (4.2.0) doorkeeper (4.2.6)
railties (>= 4.2) railties (>= 4.2)
doorkeeper-openid_connect (1.1.2) doorkeeper-openid_connect (1.2.0)
doorkeeper (~> 4.0) doorkeeper (~> 4.0)
json-jwt (~> 1.6) json-jwt (~> 1.6)
dropzonejs-rails (0.7.2) dropzonejs-rails (0.7.2)
...@@ -416,7 +416,7 @@ GEM ...@@ -416,7 +416,7 @@ GEM
railties (>= 4.2.0) railties (>= 4.2.0)
thor (>= 0.14, < 2.0) thor (>= 0.14, < 2.0)
json (1.8.6) json (1.8.6)
json-jwt (1.7.1) json-jwt (1.7.2)
activesupport activesupport
bindata bindata
multi_json (>= 1.3) multi_json (>= 1.3)
...@@ -486,7 +486,7 @@ GEM ...@@ -486,7 +486,7 @@ GEM
minitest (5.7.0) minitest (5.7.0)
mmap2 (2.2.7) mmap2 (2.2.7)
mousetrap-rails (1.4.6) mousetrap-rails (1.4.6)
multi_json (1.12.1) multi_json (1.12.2)
multi_xml (0.6.0) multi_xml (0.6.0)
multipart-post (2.0.0) multipart-post (2.0.0)
mustermann (1.0.0) mustermann (1.0.0)
...@@ -684,7 +684,7 @@ GEM ...@@ -684,7 +684,7 @@ GEM
rainbow (2.2.2) rainbow (2.2.2)
rake rake
raindrops (0.18.0) raindrops (0.18.0)
rake (12.0.0) rake (12.1.0)
rblineprof (0.3.6) rblineprof (0.3.6)
debugger-ruby_core_source (~> 1.3) debugger-ruby_core_source (~> 1.3)
rbnacl (4.0.2) rbnacl (4.0.2)
...@@ -1000,7 +1000,7 @@ DEPENDENCIES ...@@ -1000,7 +1000,7 @@ DEPENDENCIES
devise-two-factor (~> 3.0.0) devise-two-factor (~> 3.0.0)
diffy (~> 3.1.0) diffy (~> 3.1.0)
doorkeeper (~> 4.2.0) doorkeeper (~> 4.2.0)
doorkeeper-openid_connect (~> 1.1.0) doorkeeper-openid_connect (~> 1.2.0)
dropzonejs-rails (~> 0.7.1) dropzonejs-rails (~> 0.7.1)
email_reply_trimmer (~> 0.1) email_reply_trimmer (~> 0.1)
email_spec (~> 1.6.0) email_spec (~> 1.6.0)
......
---
title: Upgrade doorkeeper-openid_connect
merge_request: 14372
author: Markus Koller
type: other
Doorkeeper::OpenidConnect.configure do Doorkeeper::OpenidConnect.configure do
issuer Gitlab.config.gitlab.url issuer Gitlab.config.gitlab.url
jws_private_key Rails.application.secrets.jws_private_key signing_key Rails.application.secrets.openid_connect_signing_key
resource_owner_from_access_token do |access_token| resource_owner_from_access_token do |access_token|
User.active.find_by(id: access_token.resource_owner_id) User.active.find_by(id: access_token.resource_owner_id)
......
...@@ -25,7 +25,7 @@ def create_tokens ...@@ -25,7 +25,7 @@ def create_tokens
secret_key_base: file_secret_key || generate_new_secure_token, secret_key_base: file_secret_key || generate_new_secure_token,
otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token, otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
db_key_base: generate_new_secure_token, db_key_base: generate_new_secure_token,
jws_private_key: generate_new_rsa_private_key openid_connect_signing_key: generate_new_rsa_private_key
} }
missing_secrets = set_missing_keys(defaults) missing_secrets = set_missing_keys(defaults)
......
...@@ -36,10 +36,10 @@ describe 'create_tokens' do ...@@ -36,10 +36,10 @@ describe 'create_tokens' do
expect(keys).to all(match(HEX_KEY)) expect(keys).to all(match(HEX_KEY))
end end
it 'generates an RSA key for jws_private_key' do it 'generates an RSA key for openid_connect_signing_key' do
create_tokens create_tokens
keys = secrets.values_at(:jws_private_key) keys = secrets.values_at(:openid_connect_signing_key)
expect(keys.uniq).to eq(keys) expect(keys.uniq).to eq(keys)
expect(keys).to all(match(RSA_KEY)) expect(keys).to all(match(RSA_KEY))
...@@ -49,7 +49,7 @@ describe 'create_tokens' do ...@@ -49,7 +49,7 @@ describe 'create_tokens' do
expect(self).to receive(:warn_missing_secret).with('secret_key_base') expect(self).to receive(:warn_missing_secret).with('secret_key_base')
expect(self).to receive(:warn_missing_secret).with('otp_key_base') expect(self).to receive(:warn_missing_secret).with('otp_key_base')
expect(self).to receive(:warn_missing_secret).with('db_key_base') expect(self).to receive(:warn_missing_secret).with('db_key_base')
expect(self).to receive(:warn_missing_secret).with('jws_private_key') expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
create_tokens create_tokens
end end
...@@ -61,7 +61,7 @@ describe 'create_tokens' do ...@@ -61,7 +61,7 @@ describe 'create_tokens' do
expect(new_secrets['secret_key_base']).to eq(secrets.secret_key_base) expect(new_secrets['secret_key_base']).to eq(secrets.secret_key_base)
expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base) expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base)
expect(new_secrets['db_key_base']).to eq(secrets.db_key_base) expect(new_secrets['db_key_base']).to eq(secrets.db_key_base)
expect(new_secrets['jws_private_key']).to eq(secrets.jws_private_key) expect(new_secrets['openid_connect_signing_key']).to eq(secrets.openid_connect_signing_key)
end end
create_tokens create_tokens
...@@ -77,7 +77,7 @@ describe 'create_tokens' do ...@@ -77,7 +77,7 @@ describe 'create_tokens' do
context 'when the other secrets all exist' do context 'when the other secrets all exist' do
before do before do
secrets.db_key_base = 'db_key_base' secrets.db_key_base = 'db_key_base'
secrets.jws_private_key = 'jws_private_key' secrets.openid_connect_signing_key = 'openid_connect_signing_key'
allow(File).to receive(:exist?).with('.secret').and_return(true) allow(File).to receive(:exist?).with('.secret').and_return(true)
allow(File).to receive(:read).with('.secret').and_return('file_key') allow(File).to receive(:read).with('.secret').and_return('file_key')
...@@ -88,7 +88,7 @@ describe 'create_tokens' do ...@@ -88,7 +88,7 @@ describe 'create_tokens' do
stub_env('SECRET_KEY_BASE', 'env_key') stub_env('SECRET_KEY_BASE', 'env_key')
secrets.secret_key_base = 'secret_key_base' secrets.secret_key_base = 'secret_key_base'
secrets.otp_key_base = 'otp_key_base' secrets.otp_key_base = 'otp_key_base'
secrets.jws_private_key = 'jws_private_key' secrets.openid_connect_signing_key = 'openid_connect_signing_key'
end end
it 'does not issue a warning' do it 'does not issue a warning' do
...@@ -114,7 +114,7 @@ describe 'create_tokens' do ...@@ -114,7 +114,7 @@ describe 'create_tokens' do
before do before do
secrets.secret_key_base = 'secret_key_base' secrets.secret_key_base = 'secret_key_base'
secrets.otp_key_base = 'otp_key_base' secrets.otp_key_base = 'otp_key_base'
secrets.jws_private_key = 'jws_private_key' secrets.openid_connect_signing_key = 'openid_connect_signing_key'
end end
it 'does not write any files' do it 'does not write any files' do
...@@ -129,7 +129,7 @@ describe 'create_tokens' do ...@@ -129,7 +129,7 @@ describe 'create_tokens' do
expect(secrets.secret_key_base).to eq('secret_key_base') expect(secrets.secret_key_base).to eq('secret_key_base')
expect(secrets.otp_key_base).to eq('otp_key_base') expect(secrets.otp_key_base).to eq('otp_key_base')
expect(secrets.db_key_base).to eq('db_key_base') expect(secrets.db_key_base).to eq('db_key_base')
expect(secrets.jws_private_key).to eq('jws_private_key') expect(secrets.openid_connect_signing_key).to eq('openid_connect_signing_key')
end end
it 'deletes the .secret file' do it 'deletes the .secret file' do
...@@ -153,7 +153,7 @@ describe 'create_tokens' do ...@@ -153,7 +153,7 @@ describe 'create_tokens' do
expect(new_secrets['secret_key_base']).to eq('file_key') expect(new_secrets['secret_key_base']).to eq('file_key')
expect(new_secrets['otp_key_base']).to eq('file_key') expect(new_secrets['otp_key_base']).to eq('file_key')
expect(new_secrets['db_key_base']).to eq('db_key_base') expect(new_secrets['db_key_base']).to eq('db_key_base')
expect(new_secrets['jws_private_key']).to eq('jws_private_key') expect(new_secrets['openid_connect_signing_key']).to eq('openid_connect_signing_key')
end end
create_tokens create_tokens
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment