You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following initializer and custom Doorkeeper::AccessToken model class work fine when using doorkeeper 5.6.2 within a Rails 7 app, but after upgrading to doorkeeper 5.6.3, a NameError: uninitialized constant ApiSession error happens while running RAILS_ENV=production rake assets:precompile --trace.
This same error happens with the latest version of doorkeeper (5.6.6) as well.
# config/initializers/doorkeeper.rbDoorkeeper.configuredoorm:active_recordaccess_token_class'ApiSession'
...
end# app/models/api_session.rbclassApiSession < Doorkeeper::AccessToken
...
end
Expected behavior
The rake assets:precompile command should work for doorkeeper 5.6.3 just like it does for 5.6.2
Actual behavior
Running RAILS_ENV=production rake assets:precompile --trace with doorkeeper 5.6.3 results in the following error:
You can help us to understand your problem if you will share some very
useful information about your project environment (don't forget to
remove any confidential data if it exists).
Doorkeeper initializer:
# config/initializers/doorkeeper.rbDoorkeeper.configuredo# Change the ORM that doorkeeper will use (needs plugins)orm:active_recordaccess_token_class'ApiSession'use_polymorphic_resource_owner# This block will be called to check whether the resource owner is authenticated or not.resource_owner_authenticatordocurrent_user || beginsession[:user_return_to]=request.fullpathRails.logger.info("User return to: #{session[:user_return_to]}")ifUser.omniauth_providers.include?(params[:provider]&.to_sym)redirect_toRails.application.routes.url_helpers.public_send("user_#{params[:provider]}_omniauth_authorize_path")elseredirect_tonew_user_session_urlendnilendendresource_owner_from_credentialsdo |_routes|
oauth_application=Doorkeeper::Application.find_by!(uid: params[:client_id])nextunlessoauth_application.allow_password_grant?user=User.find_by!(email: params[:username])nextunlessuser&.valid_for_authentication?{user.valid_password?(params[:password])} &&
user.active_for_authentication?request.env['warden'].set_user(user,scope: :user,store: false)userend# If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.admin_authenticatordocurrent_user || redirect_to(new_user_session_url)end# Authorization Code expiration time (default 10 minutes).# authorization_code_expires_in 10.minutes# Assign a custom TTL for tokens.# see Doorkeeper::OAuth::GRANT_TYPES for other typescustom_access_token_expires_indo |oauth_client|
# oauth_client.application.additional_settings.implicit_oauth_expirationifoauth_client.scopes.include?('legacy_session')3.months# TODO: shorten once we can transparently refresh access tokenselsifoauth_client.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS30.minutes.to_ielse8.hours.to_iendend# Use a custom class for generating the access token.# https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator# access_token_generator '::Doorkeeper::JWT'# The controller Doorkeeper::ApplicationController inherits from.# Defaults to ActionController::Base.# https://github.com/doorkeeper-gem/doorkeeper#custom-base-controller# base_controller 'ApplicationController'# Reuse access token for the same resource owner within an application (disabled by default)# Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383# reuse_access_token# Issue access tokens with refresh token (disabled by default)use_refresh_token# Provide support for an owner to be assigned to each registered application (disabled by default)# Optional parameter confirmation: true (default false) if you want to enforce ownership of# a registered application# Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary supportenable_application_ownerconfirmation: false# Define access token scopes for your provider# For more information go to# https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes# default_scopes :public# optional_scopes :write, :update# Change the way client credentials are retrieved from the request object.# By default it retrieves first from the `HTTP_AUTHORIZATION` header, then# falls back to the `:client_id` and `:client_secret` params from the `params` object.# Check out the wiki for more information on customization# client_credentials :from_basic, :from_params# Change the way access token is authenticated from the request object.# By default it retrieves first from the `HTTP_AUTHORIZATION` header, then# falls back to the `:access_token` or `:bearer_token` params from the `params` object.# Check out the wiki for more information on customization# access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param# Change the native redirect uri for client apps# When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider# The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL# (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)## native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'# Forces the usage of the HTTPS protocol in non-native redirect uris (enabled# by default in non-development environments). OAuth2 delegates security in# communication to the HTTPS protocol so it is wise to keep this enabled.## force_ssl_in_redirect_uri !Rails.env.development?# Specify what grant flows are enabled in array of Strings. The valid# strings and the flows they enable are:## "authorization_code" => Authorization Code Grant Flow# "implicit" => Implicit Grant Flow# "password" => Resource Owner Password Credentials Grant Flow# "client_credentials" => Client Credentials Grant Flow## If not specified, Doorkeeper enables authorization_code and# client_credentials.## implicit and password grant flows have risks that you should understand# before enabling:# http://tools.ietf.org/html/rfc6819#section-4.4.2# http://tools.ietf.org/html/rfc6819#section-4.4.3#grant_flows%w[authorization_codeclient_credentialspassword]# Under some circumstances you might want to have applications auto-approved,# so that the user skips the authorization step.# For example if dealing with a trusted application.skip_authorizationdo |_resource_owner,client|
client.application.skip_authorization?end# WWW-Authenticate Realm (default "Doorkeeper").# realm "Doorkeeper"end
@nbulaj Yes, the same issue happens with doorkeeper 5.6.6. In fact that's the version we tried upgrading to yesterday when we experienced the issue. I isolated 5.6.3 as the version that introduced the issue.
I ran into a similar problem with assets:precompile and doorkeeper. I run precompile in a CI context where there is no database configuration available so it fails when it tries to access certain environment variables in config/database.yml which shouldn't be loaded at all. This is called by the same lines in doorkeeper like for @denisahearn.
To me it looks like orm hooks are run too early and we need to lazy load here as well because access_token_class.constantize in lib/doorkeeper/config.rb:434 loads ActiveRecord::Base too early. I tried to do so by wrapping it like so lib/doorkeeper/engine.rb:23:
config.to_prepare do
ActiveSupport.on_load(:active_record) do
Doorkeeper.run_orm_hooks
end
end
At least this fixed the problem for me while keeping everything else functional. However, I am not an expert regarding Rails internals or doorkeeper. I am using doorkeeper for the first time here.
Maybe this helps you isolate or even fixes the problem. :)
Steps to reproduce
The following initializer and custom Doorkeeper::AccessToken model class work fine when using doorkeeper 5.6.2 within a Rails 7 app, but after upgrading to doorkeeper 5.6.3, a
NameError: uninitialized constant ApiSession
error happens while runningRAILS_ENV=production rake assets:precompile --trace
.This same error happens with the latest version of doorkeeper (5.6.6) as well.
Expected behavior
The
rake assets:precompile
command should work for doorkeeper 5.6.3 just like it does for 5.6.2Actual behavior
Running
RAILS_ENV=production rake assets:precompile --trace
with doorkeeper 5.6.3 results in the following error:System configuration
You can help us to understand your problem if you will share some very
useful information about your project environment (don't forget to
remove any confidential data if it exists).
Doorkeeper initializer:
Ruby version:
ruby 2.7.4p191
Gemfile.lock:
Gemfile.lock content
The text was updated successfully, but these errors were encountered: