Merge branch 'main' of github.com:JeremyC-za/doorkeeper into custom_a…

…ttributes_multitenancy_patch

.github/workflows/check_orm_changes.yml

@@ -20,7 +20,7 @@ jobs:
     steps:
     - name: List & cache git modified files
       id: changed_files
-      uses: lots0logs/gh-action-get-changed-files@2.1.4
+      uses: lots0logs/gh-action-get-changed-files@2.2.2
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
     - name: Check if ORM files were changed

.github/workflows/ci.yml

@@ -21,7 +21,6 @@ jobs:
       matrix:
         os: [ ubuntu-latest ]
         ruby:
-          - 2.7
           - '3.0'
           - '3.1'
           - '3.2'
@@ -30,9 +29,10 @@ jobs:
           - gemfiles/rails_6_0.gemfile
           - gemfiles/rails_6_1.gemfile
           - gemfiles/rails_7_0.gemfile
+          - gemfiles/rails_7_1.gemfile
     steps:
       - name: Repo checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
@@ -50,7 +50,7 @@ jobs:
     env:
       BUNDLE_GEMFILE: gemfiles/rails_edge.gemfile
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:
@@ -65,11 +65,12 @@ jobs:
           - gemfiles/rails_6_0.gemfile
           - gemfiles/rails_6_1.gemfile
           - gemfiles/rails_7_0.gemfile
+          - gemfiles/rails_7_1.gemfile
     runs-on: ubuntu-latest
     env:
       BUNDLE_GEMFILE: ${{ matrix.gemfile }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:

CHANGELOG.md

@@ -7,8 +7,26 @@ User-visible changes worth mentioning.
 
 ## main
 
-- [#ID] Add your PR description here.
-- [#1652] Add custom attributes support to token generator
+- [#1696] Add missing `#issued_token` method to `OAuth::TokenResponse`
+- [#1697] Allow a TokenResponse body to be customized.
+- [#1702] Fix bugs for error response in the form_post and error view
+
+## 5.6.9
+
+- [#1691] Make new Doorkeeper errors backward compatible with older extensions.
+
+## 5.6.8
+
+- [#1680] Fix handle_auth_errors :raise NotImplementedError
+
+## 5.6.7
+
+- [#1662] Specify uri_redirect validation class explicitly.
+- [#1652] Add custom attributes support to token generator.
+- [#1667] Pass `client` instead of `grant.application` to `find_or_create_access_token`.
+- [#1673] Honor `custom_access_token_attributes` in client credentials grant flow.
+- [#1676] Improve AuthorizationsController error response handling
+- [#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.
 
 ## 5.6.6
 

Gemfile

@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 gemspec
 
-gem "rails", ">= 6.0", "< 7.1"
+gem "rails", ">= 6.0", "< 7.2"
 
 gem "sprockets-rails"
 

README.md

@@ -39,7 +39,6 @@ Supported features:
 - [ORMs](#orms)
 - [Extensions](#extensions)
 - [Example Applications](#example-applications)
-- [Tutorials](#tutorials)
 - [Sponsors](#sponsors)
 - [Development](#development)
 - [Contributing](#contributing)
@@ -56,7 +55,7 @@ https://github.com/doorkeeper-gem/doorkeeper/releases.
 Additionally, other resources can be found on:
 
 - [Guides](https://doorkeeper.gitbook.io/guides/) with how-to get started and configuration documentation
-- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki) with articles and other documentation
+- See the [Wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki) for articles on how to integrate with other solutions
 - Screencast from [railscasts.com](http://railscasts.com/): [#353
 OAuth with
 Doorkeeper](http://railscasts.com/episodes/353-oauth-with-doorkeeper)
@@ -124,10 +123,6 @@ examples](https://github.com/doorkeeper-gem/doorkeeper/wiki/Example-Applications
 in our wiki or follow this [tutorial
 here](https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem).
 
-## Tutorials
-
-See [list of tutorials](https://github.com/doorkeeper-gem/doorkeeper/wiki#how-tos--tutorials) in order to learn how to use the gem or integrate it with other solutions / gems.
-
 ## Sponsors
 
 [![OpenCollective](https://opencollective.com/doorkeeper-gem/backers/badge.svg)](#backers) 

app/controllers/doorkeeper/authorizations_controller.rb

@@ -41,11 +41,14 @@ def render_success
     end
 
     def render_error
-      if Doorkeeper.configuration.api_only
-        render json: pre_auth.error_response.body,
-               status: :bad_request
+      pre_auth.error_response.raise_exception! if Doorkeeper.config.raise_on_errors?
+
+      if Doorkeeper.configuration.redirect_on_errors? && pre_auth.error_response.redirectable?
+        redirect_or_render(pre_auth.error_response)
+      elsif Doorkeeper.configuration.api_only
+        render json: pre_auth.error_response.body, status: pre_auth.error_response.status
       else
-        render :error, locals: { error_response: pre_auth.error_response }
+        render :error, locals: { error_response: pre_auth.error_response }, status: pre_auth.error_response.status
       end
     end
 
@@ -80,7 +83,7 @@ def redirect_or_render(auth)
             )
           end
         elsif pre_auth.form_post_response?
-          render :form_post
+          render :form_post, locals: { auth: auth }
         else
           redirect_to auth.redirect_uri, allow_other_host: true
         end

app/views/doorkeeper/authorizations/error.html.erb

@@ -4,6 +4,6 @@
 
 <main role="main">
   <pre>
-    <%= (respond_to?(:error_response) ? error_response : @pre_auth.error_response).body[:error_description] %>
+    <%= (local_assigns[:error_response] ? error_response : @pre_auth.error_response).body[:error_description] %>
   </pre>
 </main>

app/views/doorkeeper/authorizations/form_post.html.erb

@@ -3,7 +3,7 @@
 </header>
 
 <%= form_tag @pre_auth.redirect_uri, method: :post, name: :redirect_form, authenticity_token: false do %>
-  <% @authorize_response.body.compact.each do |key, value| %>
+  <% auth.body.compact.each do |key, value| %>
     <%= hidden_field_tag key, value %>
   <% end %>
 <% end %>

doorkeeper.gemspec

@@ -50,7 +50,7 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "coveralls_reborn"
   gem.add_development_dependency "database_cleaner", "~> 2.0"
   gem.add_development_dependency "factory_bot", "~> 6.0"
-  gem.add_development_dependency "generator_spec", "~> 0.9.3"
+  gem.add_development_dependency "generator_spec", "~> 0.10.0"
   gem.add_development_dependency "grape"
   gem.add_development_dependency "rake", ">= 11.3.0"
   gem.add_development_dependency "rspec-rails"

gemfiles/rails_7_1.gemfile

@@ -0,0 +1,22 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 7.1.0"
+gem "rspec-core"
+gem "rspec-expectations"
+gem "rspec-mocks"
+gem "rspec-rails", "~> 5.0"
+gem "rspec-support"
+gem "rubocop", "~> 1.4"
+gem "rubocop-performance", require: false
+gem "rubocop-rails", require: false
+gem "rubocop-rspec", require: false
+gem "bcrypt", "~> 3.1", require: false
+gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
+gem "sprockets-rails"
+gem "sqlite3", "~> 1.4", platform: [:ruby, :mswin, :mingw, :x64_mingw]
+gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
+gem "timecop"
+
+gemspec path: "../"

lib/doorkeeper/config.rb

@@ -512,6 +512,10 @@ def raise_on_errors?
       handle_auth_errors == :raise
     end
 
+    def redirect_on_errors?
+      handle_auth_errors == :redirect
+    end
+
     def application_secret_hashed?
       instance_variable_defined?(:"@application_secret_strategy")
     end

lib/doorkeeper/errors.rb

@@ -39,13 +39,31 @@ class BaseResponseError < DoorkeeperError
       def initialize(response)
         @response = response
       end
+
+      def self.name_for_response
+        self.name.demodulize.underscore.to_sym
+      end
     end
 
     UnableToGenerateToken = Class.new(DoorkeeperError)
     TokenGeneratorNotFound = Class.new(DoorkeeperError)
     NoOrmCleaner = Class.new(DoorkeeperError)
 
+    InvalidRequest = Class.new(BaseResponseError)
     InvalidToken = Class.new(BaseResponseError)
+    InvalidClient = Class.new(BaseResponseError)
+    InvalidScope = Class.new(BaseResponseError)
+    InvalidRedirectUri = Class.new(BaseResponseError)
+    InvalidCodeChallengeMethod = Class.new(BaseResponseError)
+    InvalidGrant = Class.new(BaseResponseError)
+
+    UnauthorizedClient = Class.new(BaseResponseError)
+    UnsupportedResponseType = Class.new(BaseResponseError)
+    UnsupportedResponseMode = Class.new(BaseResponseError)
+
+    AccessDenied = Class.new(BaseResponseError)
+    ServerError = Class.new(BaseResponseError)
+
     TokenExpired = Class.new(InvalidToken)
     TokenRevoked = Class.new(InvalidToken)
     TokenUnknown = Class.new(InvalidToken)

lib/doorkeeper/oauth/authorization_code_request.rb

@@ -3,12 +3,12 @@
 module Doorkeeper
   module OAuth
     class AuthorizationCodeRequest < BaseRequest
-      validate :params,       error: :invalid_request
-      validate :client,       error: :invalid_client
-      validate :grant,        error: :invalid_grant
+      validate :params,       error: Errors::InvalidRequest
+      validate :client,       error: Errors::InvalidClient
+      validate :grant,        error: Errors::InvalidGrant
       # @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
-      validate :redirect_uri, error: :invalid_grant
-      validate :code_verifier, error: :invalid_grant
+      validate :redirect_uri, error: Errors::InvalidGrant
+      validate :code_verifier, error: Errors::InvalidGrant
 
       attr_reader :grant, :client, :redirect_uri, :access_token, :code_verifier,
                   :invalid_request_reason, :missing_param
@@ -36,7 +36,7 @@ def before_successful_response
           grant.revoke
 
           find_or_create_access_token(
-            grant.application,
+            client,
             resource_owner,
             grant.scopes,
             custom_token_attributes_with_data,

lib/doorkeeper/oauth/base_request.rb

@@ -15,7 +15,7 @@ def authorize
           @response = TokenResponse.new(access_token)
           after_successful_response
           @response
-        elsif error == :invalid_request
+        elsif error == Errors::InvalidRequest
           @response = InvalidRequestResponse.from_request(self)
         else
           @response = ErrorResponse.from_request(self)

lib/doorkeeper/oauth/client_credentials/issuer.rb

@@ -11,10 +11,10 @@ def initialize(server, validator)
           @validator = validator
         end
 
-        def create(client, scopes, creator = Creator.new)
+        def create(client, scopes, attributes = {}, creator = Creator.new)
           if validator.valid?
-            @token = create_token(client, scopes, creator)
-            @error = :server_error unless @token
+            @token = create_token(client, scopes, attributes, creator)
+            @error = Errors::ServerError unless @token
           else
             @token = false
             @error = validator.error
@@ -25,7 +25,7 @@ def create(client, scopes, creator = Creator.new)
 
         private
 
-        def create_token(client, scopes, creator)
+        def create_token(client, scopes, attributes, creator)
           context = Authorization::Token.build_context(
             client,
             Doorkeeper::OAuth::CLIENT_CREDENTIALS,
@@ -39,6 +39,7 @@ def create_token(client, scopes, creator)
             scopes,
             use_refresh_token: false,
             expires_in: ttl,
+            **attributes
           )
         end
       end

lib/doorkeeper/oauth/client_credentials/validator.rb

@@ -7,9 +7,9 @@ class Validator
         include Validations
         include OAuth::Helpers
 
-        validate :client, error: :invalid_client
-        validate :client_supports_grant_flow, error: :unauthorized_client
-        validate :scopes, error: :invalid_scope
+        validate :client, error: Errors::InvalidClient
+        validate :client_supports_grant_flow, error: Errors::UnauthorizedClient
+        validate :scopes, error: Errors::InvalidScope
 
         def initialize(server, request)
           @server = server

lib/doorkeeper/oauth/client_credentials_request.rb

@@ -3,7 +3,7 @@
 module Doorkeeper
   module OAuth
     class ClientCredentialsRequest < BaseRequest
-      attr_reader :client, :original_scopes, :response
+      attr_reader :client, :original_scopes, :parameters, :response
 
       alias error_response response
 
@@ -14,6 +14,7 @@ def initialize(server, client, parameters = {})
         @server = server
         @response = nil
         @original_scopes = parameters[:scope]
+        @parameters = parameters.except(:scope)
       end
 
       def access_token
@@ -30,7 +31,14 @@ def issuer
       private
 
       def valid?
-        issuer.create(client, scopes)
+        issuer.create(client, scopes, custom_token_attributes_with_data)
+      end
+
+      def custom_token_attributes_with_data
+        parameters
+          .with_indifferent_access
+          .slice(*Doorkeeper.config.custom_access_token_attributes)
+          .symbolize_keys
       end
     end
   end

lib/doorkeeper/oauth/code_request.rb

@@ -17,7 +17,7 @@ def authorize
       end
 
       def deny
-        pre_auth.error = :access_denied
+        pre_auth.error = Errors::AccessDenied
         pre_auth.error_response
       end
     end