Update dependency doorkeeper to v5.8.0 (#33000)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-11-22 06:06:45 +00:00 · 2024-11-21 14:48:30 +01:00 · 2024-11-21 14:48:30 +01:00 · 4517e18b79
parent e4d5cc0ca6
commit 4517e18b79
7 changed files with 8 additions and 17 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -200,7 +200,7 @@ GEM
      activerecord (>= 4.2, < 9.0)
    docile (1.4.1)
    domain_name (0.6.20240107)
-    doorkeeper (5.7.1)
+    doorkeeper (5.8.0)
      railties (>= 5)
    dotenv (3.1.4)
    drb (2.2.1)
--- a/app/lib/oauth_pre_authorization_extension.rb
+++ b/app/lib/oauth_pre_authorization_extension.rb
@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-module OauthPreAuthorizationExtension
-  extend ActiveSupport::Concern
-
-  included do
-    validate :code_challenge_method_s256, error: Doorkeeper::Errors::InvalidCodeChallengeMethod
-  end
-
-  def validate_code_challenge_method_s256
-    code_challenge.blank? || code_challenge_method == 'S256'
-  end
-end
--- a/app/presenters/oauth_metadata_presenter.rb
+++ b/app/presenters/oauth_metadata_presenter.rb
@ -65,7 +65,7 @@ class OauthMetadataPresenter < ActiveModelSerializers::Model
  end

  def code_challenge_methods_supported
-    %w(S256)
+    doorkeeper.pkce_code_challenge_methods_supported
  end

  private
--- a/config/application.rb
+++ b/config/application.rb
@ -114,7 +114,6 @@ module Mastodon
      Doorkeeper::Application.include ApplicationExtension
      Doorkeeper::AccessGrant.include AccessGrantExtension
      Doorkeeper::AccessToken.include AccessTokenExtension
-      Doorkeeper::OAuth::PreAuthorization.include OauthPreAuthorizationExtension
      Devise::FailureApp.include AbstractController::Callbacks
      Devise::FailureApp.include Localized
    end
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@ -52,6 +52,9 @@ Doorkeeper.configure do
  # Issue access tokens with refresh token (disabled by default)
  # use_refresh_token

+  # Proof of Key Code Exchange
+  pkce_code_challenge_methods ['S256']
+
  # Forbids creating/updating applications with arbitrary scopes that are
  # not in configuration, i.e. `default_scopes` or `optional_scopes`.
  # (Disabled by default)
--- a/spec/requests/well_known/oauth_metadata_spec.rb
+++ b/spec/requests/well_known/oauth_metadata_spec.rb
@ -27,7 +27,7 @@ RSpec.describe 'The /.well-known/oauth-authorization-server request' do
      response_modes_supported: Doorkeeper.configuration.authorization_response_flows.flat_map(&:response_mode_matches).uniq,
      token_endpoint_auth_methods_supported: %w(client_secret_basic client_secret_post),
      grant_types_supported: grant_types_supported,
-      code_challenge_methods_supported: ['S256'],
+      code_challenge_methods_supported: Doorkeeper.configuration.pkce_code_challenge_methods_supported,
      # non-standard extension:
      app_registration_endpoint: api_v1_apps_url
    )
--- a/spec/system/oauth_spec.rb
+++ b/spec/system/oauth_spec.rb
@ -115,6 +115,8 @@ RSpec.describe 'Using OAuth from an external app' do
          subject

          within '.form-container .flash-message' do
+            # FIXME: Replace with doorkeeper.errors.messages.invalid_code_challenge_method.one for Doorkeeper > 5.8.0
+            # see: https://github.com/doorkeeper-gem/doorkeeper/pull/1747
            expect(page).to have_content(I18n.t('doorkeeper.errors.messages.invalid_code_challenge_method'))
          end
        end