Commit 941a1dad authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'id-update-doorkeeper-gem' into 'master'

Update doorkeeper to 5.5.0.rc2 [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!52171
parents 66b22ace 0c87c024
...@@ -25,8 +25,8 @@ gem 'marginalia', '~> 1.10.0' ...@@ -25,8 +25,8 @@ gem 'marginalia', '~> 1.10.0'
gem 'devise', '~> 4.7.2' gem 'devise', '~> 4.7.2'
# TODO: verify ARM compile issue on 3.1.13+ version (see https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18828) # TODO: verify ARM compile issue on 3.1.13+ version (see https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18828)
gem 'bcrypt', '3.1.12' gem 'bcrypt', '3.1.12'
gem 'doorkeeper', '~> 5.4.0' gem 'doorkeeper', '~> 5.5.0.rc2'
gem 'doorkeeper-openid_connect', '~> 1.7.4' gem 'doorkeeper-openid_connect', '~> 1.7.5'
gem 'omniauth', '~> 1.8' gem 'omniauth', '~> 1.8'
gem 'omniauth-auth0', '~> 2.0.0' gem 'omniauth-auth0', '~> 2.0.0'
gem 'omniauth-azure-oauth2', '~> 0.0.9' gem 'omniauth-azure-oauth2', '~> 0.0.9'
......
...@@ -262,9 +262,9 @@ GEM ...@@ -262,9 +262,9 @@ GEM
docile (1.3.2) docile (1.3.2)
domain_name (0.5.20190701) domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
doorkeeper (5.4.0) doorkeeper (5.5.0.rc2)
railties (>= 5) railties (>= 5)
doorkeeper-openid_connect (1.7.4) doorkeeper-openid_connect (1.7.5)
doorkeeper (>= 5.2, < 5.5) doorkeeper (>= 5.2, < 5.5)
json-jwt (>= 1.11.0) json-jwt (>= 1.11.0)
dry-configurable (0.12.0) dry-configurable (0.12.0)
...@@ -1329,8 +1329,8 @@ DEPENDENCIES ...@@ -1329,8 +1329,8 @@ DEPENDENCIES
diff_match_patch (~> 0.1.0) diff_match_patch (~> 0.1.0)
diffy (~> 3.3) diffy (~> 3.3)
discordrb-webhooks-blackst0ne (~> 3.3) discordrb-webhooks-blackst0ne (~> 3.3)
doorkeeper (~> 5.4.0) doorkeeper (~> 5.5.0.rc2)
doorkeeper-openid_connect (~> 1.7.4) doorkeeper-openid_connect (~> 1.7.5)
ed25519 (~> 1.2) ed25519 (~> 1.2)
elasticsearch-api (~> 6.8.2) elasticsearch-api (~> 6.8.2)
elasticsearch-model (~> 6.1) elasticsearch-model (~> 6.1)
......
---
title: Update doorkeeper to 5.5.0.rc2
merge_request: 52171
author:
type: other
...@@ -8,15 +8,6 @@ module API ...@@ -8,15 +8,6 @@ module API
feature_category :authentication_and_authorization feature_category :authentication_and_authorization
resource :applications do resource :applications do
helpers do
def validate_redirect_uri(value)
uri = ::URI.parse(value)
!uri.is_a?(URI::HTTP) || uri.host
rescue URI::InvalidURIError
false
end
end
desc 'Create a new application' do desc 'Create a new application' do
detail 'This feature was introduced in GitLab 10.5' detail 'This feature was introduced in GitLab 10.5'
success Entities::ApplicationWithSecret success Entities::ApplicationWithSecret
...@@ -30,13 +21,6 @@ module API ...@@ -30,13 +21,6 @@ module API
desc: 'Application will be used where the client secret is confidential' desc: 'Application will be used where the client secret is confidential'
end end
post do post do
# Validate that host in uri is specified
# Please remove it when https://github.com/doorkeeper-gem/doorkeeper/pull/1440 is merged
# and the doorkeeper gem version is bumped
unless validate_redirect_uri(declared_params[:redirect_uri])
render_api_error!({ redirect_uri: ["must be an absolute URI."] }, :bad_request)
end
application = Doorkeeper::Application.new(declared_params) application = Doorkeeper::Application.new(declared_params)
if application.save if application.save
......
...@@ -31,7 +31,7 @@ RSpec.describe API::Applications, :api do ...@@ -31,7 +31,7 @@ RSpec.describe API::Applications, :api do
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response).to be_a Hash expect(json_response).to be_a Hash
expect(json_response['message']['redirect_uri'][0]).to eq('must be an absolute URI.') expect(json_response['message']['redirect_uri'][0]).to eq('must be a valid URI.')
end end
it 'does not allow creating an application with a forbidden URI format' do it 'does not allow creating an application with a forbidden URI format' do
......
...@@ -26,17 +26,14 @@ RSpec.describe 'OAuth tokens' do ...@@ -26,17 +26,14 @@ RSpec.describe 'OAuth tokens' do
end end
context 'when user does not have 2FA enabled' do context 'when user does not have 2FA enabled' do
# NOTE: using ROPS grant flow without client credentials will be deprecated
# and removed in the next version of Doorkeeper.
# See https://gitlab.com/gitlab-org/gitlab/-/issues/219137
context 'when no client credentials provided' do context 'when no client credentials provided' do
it 'creates an access token' do it 'does not create an access token' do
user = create(:user) user = create(:user)
request_oauth_token(user) request_oauth_token(user)
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:unauthorized)
expect(json_response['access_token']).not_to be_nil expect(json_response['access_token']).to be_nil
end end
end end
...@@ -54,15 +51,11 @@ RSpec.describe 'OAuth tokens' do ...@@ -54,15 +51,11 @@ RSpec.describe 'OAuth tokens' do
context 'with invalid credentials' do context 'with invalid credentials' do
it 'does not create an access token' do it 'does not create an access token' do
# NOTE: remove this after update to Doorkeeper 5.5 or newer, see
# https://gitlab.com/gitlab-org/gitlab/-/issues/219137
pending 'Enable this example after upgrading Doorkeeper to 5.5 or newer'
user = create(:user) user = create(:user)
request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret')) request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret'))
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:unauthorized)
expect(json_response['error']).to eq('invalid_client') expect(json_response['error']).to eq('invalid_client')
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment