From 4517e18b79d3e7579015264d031040e712e15e08 Mon Sep 17 00:00:00 2001 From: Emelia Smith Date: Thu, 21 Nov 2024 14:48:30 +0100 Subject: [PATCH] Update dependency doorkeeper to v5.8.0 (#33000) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- app/lib/oauth_pre_authorization_extension.rb | 13 ------------- app/presenters/oauth_metadata_presenter.rb | 2 +- config/application.rb | 1 - config/initializers/doorkeeper.rb | 3 +++ spec/requests/well_known/oauth_metadata_spec.rb | 2 +- spec/system/oauth_spec.rb | 2 ++ 7 files changed, 8 insertions(+), 17 deletions(-) delete mode 100644 app/lib/oauth_pre_authorization_extension.rb diff --git a/Gemfile.lock b/Gemfile.lock index bb503e157..d005c744c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -200,7 +200,7 @@ GEM activerecord (>= 4.2, < 9.0) docile (1.4.1) domain_name (0.6.20240107) - doorkeeper (5.7.1) + doorkeeper (5.8.0) railties (>= 5) dotenv (3.1.4) drb (2.2.1) diff --git a/app/lib/oauth_pre_authorization_extension.rb b/app/lib/oauth_pre_authorization_extension.rb deleted file mode 100644 index 1885e0823..000000000 --- a/app/lib/oauth_pre_authorization_extension.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -module OauthPreAuthorizationExtension - extend ActiveSupport::Concern - - included do - validate :code_challenge_method_s256, error: Doorkeeper::Errors::InvalidCodeChallengeMethod - end - - def validate_code_challenge_method_s256 - code_challenge.blank? || code_challenge_method == 'S256' - end -end diff --git a/app/presenters/oauth_metadata_presenter.rb b/app/presenters/oauth_metadata_presenter.rb index 7d75e8498..f488a6292 100644 --- a/app/presenters/oauth_metadata_presenter.rb +++ b/app/presenters/oauth_metadata_presenter.rb @@ -65,7 +65,7 @@ class OauthMetadataPresenter < ActiveModelSerializers::Model end def code_challenge_methods_supported - %w(S256) + doorkeeper.pkce_code_challenge_methods_supported end private diff --git a/config/application.rb b/config/application.rb index cfeed02e9..e4e9680e6 100644 --- a/config/application.rb +++ b/config/application.rb @@ -114,7 +114,6 @@ module Mastodon Doorkeeper::Application.include ApplicationExtension Doorkeeper::AccessGrant.include AccessGrantExtension Doorkeeper::AccessToken.include AccessTokenExtension - Doorkeeper::OAuth::PreAuthorization.include OauthPreAuthorizationExtension Devise::FailureApp.include AbstractController::Callbacks Devise::FailureApp.include Localized end diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index de1c75f57..516db258d 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -52,6 +52,9 @@ Doorkeeper.configure do # Issue access tokens with refresh token (disabled by default) # use_refresh_token + # Proof of Key Code Exchange + pkce_code_challenge_methods ['S256'] + # Forbids creating/updating applications with arbitrary scopes that are # not in configuration, i.e. `default_scopes` or `optional_scopes`. # (Disabled by default) diff --git a/spec/requests/well_known/oauth_metadata_spec.rb b/spec/requests/well_known/oauth_metadata_spec.rb index 01e9146fd..42a6c1b32 100644 --- a/spec/requests/well_known/oauth_metadata_spec.rb +++ b/spec/requests/well_known/oauth_metadata_spec.rb @@ -27,7 +27,7 @@ RSpec.describe 'The /.well-known/oauth-authorization-server request' do response_modes_supported: Doorkeeper.configuration.authorization_response_flows.flat_map(&:response_mode_matches).uniq, token_endpoint_auth_methods_supported: %w(client_secret_basic client_secret_post), grant_types_supported: grant_types_supported, - code_challenge_methods_supported: ['S256'], + code_challenge_methods_supported: Doorkeeper.configuration.pkce_code_challenge_methods_supported, # non-standard extension: app_registration_endpoint: api_v1_apps_url ) diff --git a/spec/system/oauth_spec.rb b/spec/system/oauth_spec.rb index 14ffc163f..caed5ea9a 100644 --- a/spec/system/oauth_spec.rb +++ b/spec/system/oauth_spec.rb @@ -115,6 +115,8 @@ RSpec.describe 'Using OAuth from an external app' do subject within '.form-container .flash-message' do + # FIXME: Replace with doorkeeper.errors.messages.invalid_code_challenge_method.one for Doorkeeper > 5.8.0 + # see: https://github.com/doorkeeper-gem/doorkeeper/pull/1747 expect(page).to have_content(I18n.t('doorkeeper.errors.messages.invalid_code_challenge_method')) end end