[LINK-70] Upgrade to v4.3.0 #27
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ured on doorkeeper initializer.
Compare redirect_uri and grant uri without query when doing checks from authorization code request Fix xss by escaping tags: content_tag body is correctly escaped when rendered even if called is wrapped by raw Fix CI review
correct spelling mistake
There are only three columns in the table - we don't need four headers
Fix uri comparison
Removing unnecessary <th> for Authorized Applications
Fix comparing Scopes to non-enumerable instances
The version specification '~> 5.1' means '5.x'. When Rails 5.2 is released, rails version will be updated to 5.2.0.
Fix testing Rails 5.1 version
…rsions-on-travis-ci Update Ruby versions on Travis CI
FactoryGirl has been renamed as FactoryBot. Ref: https://robots.thoughtbot.com/factory_bot This commit fixes the following warning message: ``` DEPRECATION WARNING: The factory_girl gem is deprecated. Please upgrade to factory_bot. See https://github.com/thoughtbot/factory_bot/blob/v4.9.0/UPGRADE_FROM_FACTORY_GIRL.md for further instructions. ```
…tory-bot Migrate from FactoryGirl to FactoryBot
…ct-uri-help-text Clarify I18n help message for native_redirect_uri
use in doorkeeper-gem#843 (discussed in doorkeeper-gem#771 and formerly doorkeeper-gem#444).
…slation-invalid_resource_owner Remove translation not in use: invalid_resource_owner
Make Scopes#+ and #& work against a non-Scopes object
This allows for automated flows to detect that an Authorization code was granted in much the same way as a normal redirect. This is used by e.g. Mac Paw.
This fix is needed for https://github.com/doorkeeper-gem/doorkeeper-openid_connect since it's possible to have "response_type=id_token token" that we need to translate to `IdTokenToken` strategy class.
…egy-name Make it possible to have composit strategy names.
Performance improvement: no need to load all the Access Tokens on revoke action for Application & Resource Owner. Just use one SQL query.
* Use public_send instead of private send * Remove dead code from Doorkeeper config * Place same redirect URI validations in spec
…-gem#1001) * Have BaseRequest subclasses invoke super on callbacks This makes the BaseRequest#before_successful_response and BaseRequest#after_successful_response generally available. Some subclasses implement these callbacks, which then requires explicit per-strategy hooking vs one global one on BaseRequest, if desired by the developer. * [Lint] Prefer double quotes for #it
Allow Doorkeeper configuration option #force_ssl_in_redirect_uri to be a callable object (proc, lambda, block or any object that responds to #call). It allows to provide more conditional way of requiring SSL redirect URIs for different purposes (allow localhost URI's for native, etc). Close doorkeeper-gem#1016
…redirect_uri_callable Allow #force_ssl_in_redirect_uri to be callable
Add base ActiveRecord class with `#ordered_by` method for ORMs. Add applications ordering by date of creation for index action of Doorkeeper ApplicationsController in index Add deprecation message and remove `order_method` and `created_by_desc` from the mixins.
Improve invalid_redirect_uri error description with more informative text. Improve specs.
* Remove unused ORM methods * Improve Doorkeeper config default values * Remove unnecessary Doorkeeper config methods (option already in use) * Add specs for config * Add some other specs
* Use class method for ordering * Make deprecation message more informative
Allow to forbid Application redirect URI's with specific rules during creation. This allows to add custom checks for redirect URI validator.
Add entry to NEWS.md
Allow Application#redirect_uri= to handle array of URIs
…irect-uri-first-in-multiple-redirect-uri Fix to invalidate the second redirect URI when the first URI is the native URI
|
Closing in favor of #32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We are at 4.2.6, change log to 4.3.0
Back port behaviour to fix broken native URI redirection during code exchange, which was fixed in future version. Check my commit content at the most bottom.