From 4517e18b79d3e7579015264d031040e712e15e08 Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Thu, 21 Nov 2024 14:48:30 +0100
Subject: [PATCH] Update dependency doorkeeper to v5.8.0 (#33000)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 Gemfile.lock                                    |  2 +-
 app/lib/oauth_pre_authorization_extension.rb    | 13 -------------
 app/presenters/oauth_metadata_presenter.rb      |  2 +-
 config/application.rb                           |  1 -
 config/initializers/doorkeeper.rb               |  3 +++
 spec/requests/well_known/oauth_metadata_spec.rb |  2 +-
 spec/system/oauth_spec.rb                       |  2 ++
 7 files changed, 8 insertions(+), 17 deletions(-)
 delete mode 100644 app/lib/oauth_pre_authorization_extension.rb

diff --git a/Gemfile.lock b/Gemfile.lock
index bb503e157e..d005c744cc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -200,7 +200,7 @@ GEM
       activerecord (>= 4.2, < 9.0)
     docile (1.4.1)
     domain_name (0.6.20240107)
-    doorkeeper (5.7.1)
+    doorkeeper (5.8.0)
       railties (>= 5)
     dotenv (3.1.4)
     drb (2.2.1)
diff --git a/app/lib/oauth_pre_authorization_extension.rb b/app/lib/oauth_pre_authorization_extension.rb
deleted file mode 100644
index 1885e0823d..0000000000
--- a/app/lib/oauth_pre_authorization_extension.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-module OauthPreAuthorizationExtension
-  extend ActiveSupport::Concern
-
-  included do
-    validate :code_challenge_method_s256, error: Doorkeeper::Errors::InvalidCodeChallengeMethod
-  end
-
-  def validate_code_challenge_method_s256
-    code_challenge.blank? || code_challenge_method == 'S256'
-  end
-end
diff --git a/app/presenters/oauth_metadata_presenter.rb b/app/presenters/oauth_metadata_presenter.rb
index 7d75e8498a..f488a62925 100644
--- a/app/presenters/oauth_metadata_presenter.rb
+++ b/app/presenters/oauth_metadata_presenter.rb
@@ -65,7 +65,7 @@ class OauthMetadataPresenter < ActiveModelSerializers::Model
   end
 
   def code_challenge_methods_supported
-    %w(S256)
+    doorkeeper.pkce_code_challenge_methods_supported
   end
 
   private
diff --git a/config/application.rb b/config/application.rb
index cfeed02e98..e4e9680e66 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -114,7 +114,6 @@ module Mastodon
       Doorkeeper::Application.include ApplicationExtension
       Doorkeeper::AccessGrant.include AccessGrantExtension
       Doorkeeper::AccessToken.include AccessTokenExtension
-      Doorkeeper::OAuth::PreAuthorization.include OauthPreAuthorizationExtension
       Devise::FailureApp.include AbstractController::Callbacks
       Devise::FailureApp.include Localized
     end
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index de1c75f576..516db258df 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -52,6 +52,9 @@ Doorkeeper.configure do
   # Issue access tokens with refresh token (disabled by default)
   # use_refresh_token
 
+  # Proof of Key Code Exchange
+  pkce_code_challenge_methods ['S256']
+
   # Forbids creating/updating applications with arbitrary scopes that are
   # not in configuration, i.e. `default_scopes` or `optional_scopes`.
   # (Disabled by default)
diff --git a/spec/requests/well_known/oauth_metadata_spec.rb b/spec/requests/well_known/oauth_metadata_spec.rb
index 01e9146fde..42a6c1b328 100644
--- a/spec/requests/well_known/oauth_metadata_spec.rb
+++ b/spec/requests/well_known/oauth_metadata_spec.rb
@@ -27,7 +27,7 @@ RSpec.describe 'The /.well-known/oauth-authorization-server request' do
       response_modes_supported: Doorkeeper.configuration.authorization_response_flows.flat_map(&:response_mode_matches).uniq,
       token_endpoint_auth_methods_supported: %w(client_secret_basic client_secret_post),
       grant_types_supported: grant_types_supported,
-      code_challenge_methods_supported: ['S256'],
+      code_challenge_methods_supported: Doorkeeper.configuration.pkce_code_challenge_methods_supported,
       # non-standard extension:
       app_registration_endpoint: api_v1_apps_url
     )
diff --git a/spec/system/oauth_spec.rb b/spec/system/oauth_spec.rb
index 14ffc163f0..caed5ea9af 100644
--- a/spec/system/oauth_spec.rb
+++ b/spec/system/oauth_spec.rb
@@ -115,6 +115,8 @@ RSpec.describe 'Using OAuth from an external app' do
           subject
 
           within '.form-container .flash-message' do
+            # FIXME: Replace with doorkeeper.errors.messages.invalid_code_challenge_method.one for Doorkeeper > 5.8.0
+            # see: https://github.com/doorkeeper-gem/doorkeeper/pull/1747
             expect(page).to have_content(I18n.t('doorkeeper.errors.messages.invalid_code_challenge_method'))
           end
         end