Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update doorkeeper requirement from >= 5.5, < 5.8 to >= 5.5, < 5.9 #213

Closed
wants to merge 1 commit into from
Closed

Update doorkeeper requirement from >= 5.5, < 5.8 to >= 5.5, < 5.9 #213

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2024
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Updates the requirements on doorkeeper to permit the latest version.

Release notes

Sourced from doorkeeper's releases.

v5.8.0

  • #1739 Add support for dynamic scopes
  • #1715 Fix token introspection invalid request reason
  • #1714 Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
  • #1712 Add Pragma: no-cache to token response
  • #1726 Refactor token introspection class.
  • #1727 Allow to set null secret value for Applications if they are public.
  • #1735 Add pkce_code_challenge_methods config option.
Changelog

Sourced from doorkeeper's changelog.

5.8.0

  • #1739 Add support for dynamic scopes
  • #1715 Fix token introspection invalid request reason
  • #1714 Fix Doorkeeper::AccessToken.find_or_create_for with empty scopes which raises NoMethodError
  • #1712 Add Pragma: no-cache to token response
  • #1726 Refactor token introspection class.
  • #1727 Allow to set null secret value for Applications if they are public.
  • #1735 Add pkce_code_challenge_methods config option.

5.7.1

  • #1705 Add force_pkce option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code

5.7.0

  • #1696 Add missing #issued_token method to OAuth::TokenResponse
  • #1697 Allow a TokenResponse body to be customized (memoize response body).
  • #1702 Fix bugs for error response in the form_post and error view
  • #1660 Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.

5.6.9

  • #1691 Make new Doorkeeper errors backward compatible with older extensions.

5.6.8

  • #1680 Fix handle_auth_errors :raise NotImplementedError

5.6.7

  • #1662 Specify uri_redirect validation class explicitly.
  • #1652 Add custom attributes support to token generator.
  • #1667 Pass client instead of grant.application to find_or_create_access_token.
  • #1673 Honor custom_access_token_attributes in client credentials grant flow.
  • #1676 Improve AuthorizationsController error response handling
  • #1677 Fix URIHelper.valid_for_authorization? breaking for non url URIs.

5.6.6

  • #1644 Update HTTP headers.
  • #1646 Block public clients automatic authorization skip.
  • #1648 Add custom token attributes to Refresh Token Request.
  • #1649 Fixed custom_access_token_attributes related errors.

5.6.5

  • #1602 Allow custom data to be stored inside access grants/tokens.
  • #1634 Code refactoring for custom token attributes.

... (truncated)

Commits
  • be58d6b Release 5.8.0 🎉
  • 4ca1d55 Merge pull request #1732 from ransombriggs/fix-docker-file-tests
  • 5057044 Merge pull request #1739 from stanhu/sh-support-dynamic-scopes
  • 4a0f7ce Add entry in CHANGELOG.md
  • f71f4e4 Merge branch 'main' into fix-docker-file-tests
  • ba5b258 Exclude lib/doorkeeper/config.rb from Code Climate
  • 6c06b02 Add support for dynamic scopes
  • c113fa3 Merge pull request #1742 from stanhu/sh-fix-broken-main
  • 40b9cb0 Fix broken tests for older Rails versions
  • a33a90a Revert authorization_spec changes
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update doorkeeper requirement from >= 5.5, < 5.8 to >= 5.5, < 5.9
6bb7588 
Updates the requirements on [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) to permit the latest version.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md)
- [Commits](doorkeeper-gem/doorkeeper@v5.5.0...v5.8.0)

---
updated-dependencies:
- dependency-name: doorkeeper
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 1, 2024
@stanhu
Copy link
Collaborator

stanhu commented Nov 12, 2024

@nbulaj Could you merge and release this so that we can update to doorkeeper v5.8?

@stanhu
Copy link
Collaborator

stanhu commented Nov 12, 2024

It seems that this has to be merged for the tests in #214 to pass, but the tests in this pull request won't pass until #214 is merged. 😄

@stanhu
Copy link
Collaborator

stanhu commented Nov 20, 2024

@nbulaj Friendly ping: could you take a look at this and #214?

Also I'm happy to help with maintenance of this gem per #89.

@stanhu
Copy link
Collaborator

stanhu commented Nov 21, 2024

@toupeira I hope you are well! Could you review this and #214? Would appreciate a release.

@toupeira
Copy link
Member

Hey @stanhu, the changes LGTM I think. I'll leave the merging and releasing to @nbulaj since I haven't done that in years 😀

Maybe move this commit into the other PR to get the tests to pass?

@stanhu
Copy link
Collaborator

stanhu commented Nov 21, 2024

@toupeira Ok, good idea! I picked it; looks the error is still there.

I was hoping to get this merged and released since we want to avoid having to vendor this gem soon.

@toupeira
Copy link
Member

Hmm didn't it crash early before in the test setup because of the dependency problems? Now two tests are actually failing further along, see e.g. https://github.com/doorkeeper-gem/doorkeeper-openid_connect/actions/runs/11963588166/job/33354298453?pr=214

Did you test Doorkeeper 5.8 manually already? Could be that a change is breaking something in this gem.

@stanhu
Copy link
Collaborator

stanhu commented Nov 22, 2024

Yeah, the tests fail with Doorkeeper 5.7 as well.

It looks like authenticate_resource_owner! is returning nil when there are missing parameters, which seems correct. The response is returning a 400 Bad Request, which also seems correct, but for some reason the tests are expecting a 200 success.

I thought it was a similar issue to doorkeeper-gem/doorkeeper#1742, but it doesn't seem to be the case.

@stanhu
Copy link
Collaborator

stanhu commented Nov 22, 2024

It looks like Doorkeeper v5.6.7 introduced doorkeeper-gem/doorkeeper#1676, which causes an error to return 400 instead of 200.

@stanhu
Copy link
Collaborator

stanhu commented Nov 22, 2024

We can close this in favor of #214.

@nbulaj nbulaj closed this Nov 28, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 28, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/bundler/doorkeeper-gte-5.5-and-lt-5.9 branch November 28, 2024 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stanhu @toupeira @nbulaj