Commit 3145a9d9 authored by Igor Drozdov's avatar Igor Drozdov

Bump doorkeeper to 5.3.0

Migrate the existing code to the new version according to:

https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions#from-51x-to-52x
parent 88a3cf8b
...@@ -26,8 +26,8 @@ gem 'marginalia', '~> 1.9.0' ...@@ -26,8 +26,8 @@ gem 'marginalia', '~> 1.9.0'
# Authentication libraries # Authentication libraries
gem 'devise', '~> 4.6' gem 'devise', '~> 4.6'
gem 'doorkeeper', '~> 5.1.1' gem 'doorkeeper', '~> 5.3.0'
gem 'doorkeeper-openid_connect', '~> 1.6.3' gem 'doorkeeper-openid_connect', '~> 1.7.4'
gem 'omniauth', '~> 1.8' gem 'omniauth', '~> 1.8'
gem 'omniauth-auth0', '~> 2.0.0' gem 'omniauth-auth0', '~> 2.0.0'
gem 'omniauth-azure-oauth2', '~> 0.0.9' gem 'omniauth-azure-oauth2', '~> 0.0.9'
......
...@@ -254,11 +254,11 @@ GEM ...@@ -254,11 +254,11 @@ GEM
docile (1.3.2) docile (1.3.2)
domain_name (0.5.20180417) domain_name (0.5.20180417)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
doorkeeper (5.1.1) doorkeeper (5.3.3)
railties (>= 5) railties (>= 5)
doorkeeper-openid_connect (1.6.3) doorkeeper-openid_connect (1.7.4)
doorkeeper (>= 5.0, < 5.2) doorkeeper (>= 5.2, < 5.5)
json-jwt (~> 1.6) json-jwt (>= 1.11.0)
dry-configurable (0.11.5) dry-configurable (0.11.5)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
dry-core (~> 0.4, >= 0.4.7) dry-core (~> 0.4, >= 0.4.7)
...@@ -1265,8 +1265,8 @@ DEPENDENCIES ...@@ -1265,8 +1265,8 @@ DEPENDENCIES
diff_match_patch (~> 0.1.0) diff_match_patch (~> 0.1.0)
diffy (~> 3.3) diffy (~> 3.3)
discordrb-webhooks-blackst0ne (~> 3.3) discordrb-webhooks-blackst0ne (~> 3.3)
doorkeeper (~> 5.1.1) doorkeeper (~> 5.3.0)
doorkeeper-openid_connect (~> 1.6.3) doorkeeper-openid_connect (~> 1.7.4)
ed25519 (~> 1.2) ed25519 (~> 1.2)
elasticsearch-api (~> 6.8) elasticsearch-api (~> 6.8)
elasticsearch-model (~> 6.1) elasticsearch-model (~> 6.1)
......
...@@ -16,11 +16,6 @@ ...@@ -16,11 +16,6 @@
= doorkeeper_errors_for application, :redirect_uri = doorkeeper_errors_for application, :redirect_uri
%span.form-text.text-muted %span.form-text.text-muted
Use one line per URI Use one line per URI
- if Doorkeeper.configuration.native_redirect_uri
%span.form-text.text-muted
Use
%code= Doorkeeper.configuration.native_redirect_uri
for local tests
= content_tag :div, class: 'form-group row' do = content_tag :div, class: 'form-group row' do
.col-sm-2.col-form-label.pt-0 .col-sm-2.col-form-label.pt-0
......
...@@ -11,9 +11,6 @@ ...@@ -11,9 +11,6 @@
%span.form-text.text-muted %span.form-text.text-muted
= _('Use one line per URI') = _('Use one line per URI')
- if Doorkeeper.configuration.native_redirect_uri
%span.form-text.text-muted
= html_escape(_('Use %{native_redirect_uri} for local tests')) % { native_redirect_uri: tag.code(Doorkeeper.configuration.native_redirect_uri) }
.form-group.form-check .form-group.form-check
= f.check_box :confidential, class: 'form-check-input' = f.check_box :confidential, class: 'form-check-input'
......
---
title: Bump doorkeeper to 5.3.0
merge_request: 40929
author:
type: changed
...@@ -79,13 +79,6 @@ Doorkeeper.configure do ...@@ -79,13 +79,6 @@ Doorkeeper.configure do
# Check out the wiki for more information on customization # Check out the wiki for more information on customization
access_token_methods :from_access_token_param, :from_bearer_authorization, :from_bearer_param access_token_methods :from_access_token_param, :from_bearer_authorization, :from_bearer_param
# Change the native redirect uri for client apps
# When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
# The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
# (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
#
native_redirect_uri nil # 'urn:ietf:wg:oauth:2.0:oob'
# Specify what grant flows are enabled in array of Strings. The valid # Specify what grant flows are enabled in array of Strings. The valid
# strings and the flows they enable are: # strings and the flows they enable are:
# #
......
...@@ -30,7 +30,6 @@ en: ...@@ -30,7 +30,6 @@ en:
errors: errors:
messages: messages:
# Common error messages # Common error messages
invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
invalid_redirect_uri: 'The redirect URI included is not valid.' invalid_redirect_uri: 'The redirect URI included is not valid.'
unauthorized_client: 'The client is not authorized to perform this request using this method.' unauthorized_client: 'The client is not authorized to perform this request using this method.'
access_denied: 'The resource owner or authorization server denied the request.' access_denied: 'The resource owner or authorization server denied the request.'
...@@ -54,6 +53,12 @@ en: ...@@ -54,6 +53,12 @@ en:
# Password Access token errors # Password Access token errors
invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found' invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
invalid_request:
unknown: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
missing_param: 'Missing required parameter: %{value}.'
not_support_pkce: 'Invalid code_verifier parameter. Server does not support pkce.'
request_not_authorized: 'Request need to be authorized. Required parameter for authorizing request is missing or invalid.'
invalid_token: invalid_token:
revoked: "The access token was revoked" revoked: "The access token was revoked"
expired: "The access token expired" expired: "The access token expired"
......
...@@ -14,6 +14,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController ...@@ -14,6 +14,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
redirect_to oauth_authorization_path(client_id: params['client_id'], redirect_to oauth_authorization_path(client_id: params['client_id'],
response_type: 'code', response_type: 'code',
scope: params['scope'],
redirect_uri: oauth_jira_callback_url) redirect_uri: oauth_jira_callback_url)
end end
......
...@@ -6,6 +6,15 @@ module API ...@@ -6,6 +6,15 @@ module API
before { authenticated_as_admin! } before { authenticated_as_admin! }
resource :applications do resource :applications do
helpers do
def validate_redirect_uri(value)
uri = ::URI.parse(value)
!uri.is_a?(URI::HTTP) || uri.host
rescue URI::InvalidURIError
false
end
end
desc 'Create a new application' do desc 'Create a new application' do
detail 'This feature was introduced in GitLab 10.5' detail 'This feature was introduced in GitLab 10.5'
success Entities::ApplicationWithSecret success Entities::ApplicationWithSecret
...@@ -19,6 +28,13 @@ module API ...@@ -19,6 +28,13 @@ module API
desc: 'Application will be used where the client secret is confidential' desc: 'Application will be used where the client secret is confidential'
end end
post do post do
# Validate that host in uri is specified
# Please remove it when https://github.com/doorkeeper-gem/doorkeeper/pull/1440 is merged
# and the doorkeeper gem version is bumped
unless validate_redirect_uri(declared_params[:redirect_uri])
render_api_error!({ redirect_uri: ["must be an absolute URI."] }, :bad_request)
end
application = Doorkeeper::Application.new(declared_params) application = Doorkeeper::Application.new(declared_params)
if application.save if application.save
......
...@@ -52,7 +52,7 @@ module Mattermost ...@@ -52,7 +52,7 @@ module Mattermost
# Next methods are needed for Doorkeeper # Next methods are needed for Doorkeeper
def pre_auth def pre_auth
@pre_auth ||= Doorkeeper::OAuth::PreAuthorization.new( @pre_auth ||= Doorkeeper::OAuth::PreAuthorization.new(
Doorkeeper.configuration, server.client_via_uid, params) Doorkeeper.configuration, params)
end end
def authorization def authorization
......
...@@ -26847,9 +26847,6 @@ msgstr "" ...@@ -26847,9 +26847,6 @@ msgstr ""
msgid "Use %{code_start}::%{code_end} to create a %{link_start}scoped label set%{link_end} (eg. %{code_start}priority::1%{code_end})" msgid "Use %{code_start}::%{code_end} to create a %{link_start}scoped label set%{link_end} (eg. %{code_start}priority::1%{code_end})"
msgstr "" msgstr ""
msgid "Use %{native_redirect_uri} for local tests"
msgstr ""
msgid "Use Service Desk to connect with your users (e.g. to offer customer support) through email right inside GitLab" msgid "Use Service Desk to connect with your users (e.g. to offer customer support) through email right inside GitLab"
msgstr "" msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment