Merge branch 'id-update-doorkeeper-gem' into 'master'

Update doorkeeper to 5.5.0.rc2 [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!52171

Merge branch 'id-update-doorkeeper-gem' into 'master'
Update doorkeeper to 5.5.0.rc2 [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!52171
941a1dad · Rémy Coutable · 66b22ace · 0c87c024 · 941a1dad · 941a1dad
Commit 941a1dad authored Jan 26, 2021 by Rémy Coutable
6 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -25,8 +25,8 @@ gem 'marginalia', '~> 1.10.0'
 gem 'devise', '~> 4.7.2'
 # TODO: verify ARM compile issue on 3.1.13+ version (see https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18828)
 gem 'bcrypt', '3.1.12'
-gem 'doorkeeper', '~> 5.4.0'
-gem 'doorkeeper-openid_connect', '~> 1.7.4'
+gem 'doorkeeper', '~> 5.5.0.rc2'
+gem 'doorkeeper-openid_connect', '~> 1.7.5'
 gem 'omniauth', '~> 1.8'
 gem 'omniauth-auth0', '~> 2.0.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -262,9 +262,9 @@ GEM
    docile (1.3.2)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.4.0)
+    doorkeeper (5.5.0.rc2)
      railties (>= 5)
-    doorkeeper-openid_connect (1.7.4)
+    doorkeeper-openid_connect (1.7.5)
      doorkeeper (>= 5.2, < 5.5)
      json-jwt (>= 1.11.0)
    dry-configurable (0.12.0)
@@ -1329,8 +1329,8 @@ DEPENDENCIES
  diff_match_patch (~> 0.1.0)
  diffy (~> 3.3)
  discordrb-webhooks-blackst0ne (~> 3.3)
-  doorkeeper (~> 5.4.0)
-  doorkeeper-openid_connect (~> 1.7.4)
+  doorkeeper (~> 5.5.0.rc2)
+  doorkeeper-openid_connect (~> 1.7.5)
  ed25519 (~> 1.2)
  elasticsearch-api (~> 6.8.2)
  elasticsearch-model (~> 6.1)

--- a/changelogs/unreleased/id-update-doorkeeper-gem.yml
+++ b/changelogs/unreleased/id-update-doorkeeper-gem.yml
+---
+title: Update doorkeeper to 5.5.0.rc2
+merge_request: 52171
+author:
+type: other
--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
@@ -8,15 +8,6 @@ module API
    feature_category :authentication_and_authorization

    resource :applications do
-      helpers do
-        def validate_redirect_uri(value)
-          uri = ::URI.parse(value)
-          !uri.is_a?(URI::HTTP) || uri.host
-        rescue URI::InvalidURIError
-          false
-        end
-      end
-
      desc 'Create a new application' do
        detail 'This feature was introduced in GitLab 10.5'
        success Entities::ApplicationWithSecret
@@ -30,13 +21,6 @@ module API
          desc: 'Application will be used where the client secret is confidential'
      end
      post do
-        # Validate that host in uri is specified
-        # Please remove it when https://github.com/doorkeeper-gem/doorkeeper/pull/1440 is merged
-        # and the doorkeeper gem version is bumped
-        unless validate_redirect_uri(declared_params[:redirect_uri])
-          render_api_error!({ redirect_uri: ["must be an absolute URI."] }, :bad_request)
-        end
-
        application = Doorkeeper::Application.new(declared_params)

        if application.save

--- a/spec/requests/api/applications_spec.rb
+++ b/spec/requests/api/applications_spec.rb
@@ -31,7 +31,7 @@ RSpec.describe API::Applications, :api do

        expect(response).to have_gitlab_http_status(:bad_request)
        expect(json_response).to be_a Hash
-        expect(json_response['message']['redirect_uri'][0]).to eq('must be an absolute URI.')
+        expect(json_response['message']['redirect_uri'][0]).to eq('must be a valid URI.')
      end

      it 'does not allow creating an application with a forbidden URI format' do

--- a/spec/requests/api/oauth_tokens_spec.rb
+++ b/spec/requests/api/oauth_tokens_spec.rb
@@ -26,17 +26,14 @@ RSpec.describe 'OAuth tokens' do
    end

    context 'when user does not have 2FA enabled' do
-      # NOTE: using ROPS grant flow without client credentials will be deprecated
-      # and removed in the next version of Doorkeeper.
-      # See https://gitlab.com/gitlab-org/gitlab/-/issues/219137
      context 'when no client credentials provided' do
-        it 'creates an access token' do
+        it 'does not create an access token' do
          user = create(:user)

          request_oauth_token(user)

-          expect(response).to have_gitlab_http_status(:ok)
-          expect(json_response['access_token']).not_to be_nil
+          expect(response).to have_gitlab_http_status(:unauthorized)
+          expect(json_response['access_token']).to be_nil
        end
      end

@@ -54,15 +51,11 @@ RSpec.describe 'OAuth tokens' do

        context 'with invalid credentials' do
          it 'does not create an access token' do
-            # NOTE: remove this after update to Doorkeeper 5.5 or newer, see
-            # https://gitlab.com/gitlab-org/gitlab/-/issues/219137
-            pending 'Enable this example after upgrading Doorkeeper to 5.5 or newer'
-
            user = create(:user)

            request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret'))

-            expect(response).to have_gitlab_http_status(:bad_request)
+            expect(response).to have_gitlab_http_status(:unauthorized)
            expect(json_response['error']).to eq('invalid_client')
          end
        end