[UPG] #1
Open
[UPG] #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add nil check operator in token checking at token introspection
This removes a MySql adapter deprecation message for Rails 6.1 - see rails/rails#35350
Specify case sensitive uniqueness for model validations
…ets` is used If `hash_application_secrets` is enabled, it is not possible to show the application secret in the details view because it is hashes. Without the flash, there was no way to get the secret of a new application in that case.
Show application secret in flash after creation
* Update Rubocop, add rubocop-performance * Refactor code with code styles * Fix specs with ActionCable
Update Rubocop, fix specs with ActionCable
…sponse Use existing exception response in get_error_response_from_exception
To follow OSS standards we are renaming NEWS.md in favor of CHANGELOG.md with link to the new document in a old one.
…atus Returning forbidden when an unauthorised user tries to revoke a token
…irection or loopback interface redirection
Better support for native apps
…rospection endpoint
Add constraint configurations when using client authentication on introspection endpoint
…ion-id-constraint-if-using-password-grant Add comment to explain that the application_id constraint in the oauth_access_tokens table should be optional
…ion_customization #1204: Improve token introspection configuration
…d_token_in_introspection #1204: Improve token introspection configuration
…ration_fix Response properly when introspection fails and fix configurations's user guide
so that it doesn't change when a custom application model is configured
Require params using configured application model's param key
…validation Closes #1398
Yield application to allow_grant_flow_for_client? client credentials …
Updates the requirements on [danger](https://github.com/danger/danger) to permit the latest version. - [Release notes](https://github.com/danger/danger/releases) - [Changelog](https://github.com/danger/danger/blob/master/CHANGELOG.md) - [Commits](danger/danger@v6.0.0...7.0.0) Signed-off-by: dependabot-preview[bot] <[email protected]>
…r-tw-7.0 Update danger requirement from ~> 6.0 to ~> 7.0
* Handle trying authorization with client credentials When trying to start a new authorization for an application with grant flow 'client_credentials' (which also has redirect_uri nil), the following error occurs: NoMethodError: undefined method `split' for nil:NilClass lib/doorkeeper/oauth/helpers/uri_checker.rb:66 valid_for_authorization? lib/doorkeeper/oauth/pre_authorization.rb:89 validate_redirect_uri lib/doorkeeper/validations.rb:13 block in validate lib/doorkeeper/validations.rb:12 each lib/doorkeeper/validations.rb:12 validate lib/doorkeeper/validations.rb:19 valid? lib/doorkeeper/oauth/pre_authorization.rb:32 authorizable? app/controllers/doorkeeper/authorizations_controller.rb:8 new Moving the validation for supporting grant flows up, prevents this error from happening (and shows an error message to the user, instead of a 500 Internal Server Error). * [ci skip][ga skip] Reference #1402 fix
* Attempt at fixing information disclosure vulnerability. * Add `#as_json` method and attrs serialization restriction for Application model * [ci skip] Add documentation for serialization Co-authored-by: Nikita Bulai <[email protected]>
This allows for custom serializers.
Updates the requirements on [danger](https://github.com/danger/danger) to permit the latest version. - [Release notes](https://github.com/danger/danger/releases) - [Changelog](https://github.com/danger/danger/blob/master/CHANGELOG.md) - [Commits](danger/danger@7.0.0...8.0.0) Signed-off-by: dependabot-preview[bot] <[email protected]>
Make Doorkeeper::Application#read_attribute_for_serialization public.
…r-tw-8.0 Update danger requirement from ~> 7.0 to ~> 8.0
…-tests Get rid of redundant and complex to support helpers in tests
Add rubocop-rspec
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.