File rubygem-doorkeeper.changes of Package rubygem-doorkeeper
-------------------------------------------------------------------
Mon Nov 4 16:34:31 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- 5.8.0:
- [#1739] Add support for dynamic scopes
- [#1715] Fix token introspection invalid request reason
- [#1714] Fix `Doorkeeper::AccessToken.find_or_create_for` with empty scopes which raises NoMethodError
- [#1712] Add `Pragma: no-cache` to token response
- [#1726] Refactor token introspection class.
- [#1727] Allow to set null secret value for Applications if they are public.
- [#1735] Add `pkce_code_challenge_methods` config option.
5.7.1:
- [#1705] Add `force_pkce` option that requires non-confidential clients to use PKCE when requesting an access_token using an authorization code
-------------------------------------------------------------------
Fri Jun 21 09:47:04 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- 5.7.0:
- [#1696] Add missing #issued_token method to OAuth::TokenResponse
- [#1697] Allow a TokenResponse body to be customized (memoize response body).
- [#1702] Fix bugs for error response in the form_post and error view
- [#1660] Custom access token attributes are now considered when finding matching tokens (fixes #1665). Introduce revoke_previous_client_credentials_token configuration option.
5.6.9:
* [#1691] Make new Doorkeeper errors backward compatible with older extensions.
-------------------------------------------------------------------
Mon Jan 29 13:56:57 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- 5.6.8:
- [#1680] Fix handle_auth_errors :raise NotImplementedError
-------------------------------------------------------------------
Tue Nov 28 08:08:57 UTC 2023 - Dan Čermák <dan.cermak@posteo.net>
- 5.6.7:
- [#1662] Specify uri_redirect validation class explicitly.
- [#1652] Add custom attributes support to token generator.
- [#1667] Pass `client` instead of `grant.application` to `find_or_create_access_token`.
- [#1673] Honor `custom_access_token_attributes` in client credentials grant flow.
- [#1676] Improve AuthorizationsController error response handling
- [#1677] Fix URIHelper.valid_for_authorization? breaking for non url URIs.
-------------------------------------------------------------------
Thu Nov 2 15:45:06 UTC 2023 - Dan Čermák <dan.cermak@posteo.net>
- 5.6.6:
- [#1644] Update HTTP headers.
- [#1646] Block public clients automatic authorization skip.
- [#1648] Add custom token attributes to Refresh Token Request.
- [#1649] Fixed custom_access_token_attributes related errors.
5.6.5:
- [#1602] Allow custom data to be stored inside access grants/tokens.
- [#1634] Code refactoring for custom token attributes.
- [#1639] Add grant type validation to avoid Internal Server Error for DELETE /oauth/authorize endpoint.
5.6.4:
* [#1633] Apply ORM configuration in #to_prepare block to avoid autoloading errors.
5.6.3:
- [#1622] Drop support for Rubies 2.5 and 2.6
- [#1605] Fix URI validation for Ruby 3.2+.
- [#1625] Exclude endless access tokens from `StaleRecordsCleaner`.
- [#1626] Remove deprecated `active_record_options` config option.
- [#1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
- [#1630] Special case unique index creation for refresh_token on SQL Server.
- [#1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.
-------------------------------------------------------------------
Wed Dec 7 11:17:46 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 5.6.2
see installed CHANGELOG.md
## 5.6.2
- [#1604] Fix fetching of the application when custom application_class defined.
## 5.6.1
- [#1593] Add support for Trilogy ActiveRecord adapter.
- [#1597] Add optional support to use the url path for the native authorization code flow. Ports forward [#1143] from 4.4.3
- [#1599] Remove unnecessarily re-fetch of application object when creating an access token.
-------------------------------------------------------------------
Mon Oct 10 13:02:59 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 5.6.0
see installed CHANGELOG.md
## 5.6.0
- [#1581] Consider `token_type_hint` when searching for access token in TokensController to avoid extra database calls.
## 5.6.0.rc1
- [#1558] Fixed bug: able to obtain a token with default scopes even if they are not present in the
application scopes when using client credentials.
- [#1567] Only filter `code` parameter if authorization_code grant flow is enabled.
## 5.6.0.rc1
- [#1551] Change lazy loading for ORM to be Ruby standard autoload.
- [#1552] Remove duplicate IDs on Auth form to improve accessibility.
- [#1542] Improve performance of `Doorkeeper::AccessToken#matching_token_for` using database specific SQL time math.
**[IMPORTANT]**: API of the `Doorkeeper::AccessToken#matching_token_for` method has changed and now it returns
only **active** access tokens (previously they were just not revoked). Please remember that the idea of the
`reuse_access_token` option is to check for existing _active_ token (see configuration option description).
-------------------------------------------------------------------
Tue Jan 25 06:50:16 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 5.5.4
see installed CHANGELOG.md
-------------------------------------------------------------------
Thu Jun 24 17:18:00 UTC 2021 - Stephan Kulow <coolo@suse.com>
updated to version 5.5.2
see installed CHANGELOG.md
-------------------------------------------------------------------
Fri Sep 25 13:52:37 UTC 2020 - Stephan Kulow <coolo@suse.com>
updated to version 5.4.0
see installed CHANGELOG.md
-------------------------------------------------------------------
Thu May 7 20:39:20 UTC 2020 - Stephan Kulow <coolo@suse.com>
- updated to version 5.3.3
see installed CHANGELOG.md
## 5.3.3
- [#1404] Backport: Make `Doorkeeper::Application#read_attribute_for_serialization` public.
## 5.3.2
- [#1371] Backport: add `#as_json` method and attributes serialization restriction for Application model.
Fixes information disclosure vulnerability (CVE-2020-10187).
**[IMPORTANT]** you need to re-implement `#as_json` method for Doorkeeper Application model
if you previously used `#to_json` serialization with custom options or attributes or rely on
JSON response from /oauth/applications.json or /oauth/authorized_applications.json. This change
is a breaking change which restricts serialized attributes to a very small set of columns.
-------------------------------------------------------------------
Mon Feb 10 14:29:11 UTC 2020 - Stephan Kulow <coolo@suse.com>
- updated to version 5.3.1
see installed NEWS.md
-------------------------------------------------------------------
Sun May 5 09:24:02 UTC 2019 - Stephan Kulow <coolo@suse.com>
- updated to version 5.1.0
see installed NEWS.md
-------------------------------------------------------------------
Thu Nov 22 05:06:32 UTC 2018 - Stephan Kulow <coolo@suse.com>
- updated to version 5.0.2
see installed NEWS.md
-------------------------------------------------------------------
Wed Sep 5 10:10:18 UTC 2018 - coolo@suse.com
- updated to version 5.0.0
see installed NEWS.md
See https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions for
upgrade guides.
-------------------------------------------------------------------
Thu Mar 29 04:28:45 UTC 2018 - factory-auto@kulow.org
- updated to version 4.3.2
see installed NEWS.md
-------------------------------------------------------------------
Sun Mar 4 05:28:57 UTC 2018 - factory-auto@kulow.org
- updated to version 4.3.1
see installed NEWS.md
Replace this text with you changelog entry. Look at the examples below.
## 4.3.1
- Remove `BaseRecord` and introduce additional concern for ordering methods to fix
braking changes for Doorkeeper models.
- [#1032] Refactor BaseRequest callbacks into configurable lambdas
- [#1040] Clear mixins from ActiveRecord DSL and save only overridable API. It
allows to use this mixins in Doorkeeper ORM extensions with minimum code boilerplate.
## 4.3.0
-------------------------------------------------------------------
Sat Feb 24 05:29:10 UTC 2018 - factory-auto@kulow.org
- updated to version 4.3.0
see installed NEWS.md
- [#976] Fix to invalidate the second redirect URI when the first URI is the native URI
- [#1035] Allow `Application#redirect_uri=` to handle array of URIs.
- [#1036] Allow to forbid Application redirect URI's with specific rules.
- [#1029] Deprecate `order_method` and introduce `ordered_by`. Sort applications
by `created_at` in index action.
- [#1033] Allow Doorkeeper configuration option #force_ssl_in_redirect_uri to be a callable object.
- Fix Grape integration & add specs for it
- [#913] Deferred ORM (ActiveRecord) models loading
- [#943] Fix Access Token token generation when certain errors occur in custom token generators
- [#1026] Implement RFC7662 - OAuth 2.0 Token Introspection
- [#985] Generate valid migration files for Rails >= 5
- [#972] Replace Struct subclassing with block-form initialization
- [#1003] Use URL query param to pass through native redirect auth code so automated apps can find it.
- [#868] `Scopes#&` and `Scopes#+` now take an array or any other enumerable
object.
- [#1019] Remove translation not in use: `invalid_resource_owner`.
- Use Ruby 2 hash style syntax (min required Ruby version = 2.1)
- [#948] Make Scopes.<=> work with any "other" value.
-------------------------------------------------------------------
Tue May 30 05:11:57 UTC 2017 - coolo@suse.com
- updated to version 4.2.6
see installed NEWS.md
## master
- [#970] Escape certain attributes in authorization forms.
-------------------------------------------------------------------
Mon Feb 13 05:40:01 UTC 2017 - coolo@suse.com
- updated to version 4.2.5
see installed NEWS.md
-------------------------------------------------------------------
Thu Aug 25 11:10:15 UTC 2016 - mrueckert@suse.de
- update to 4.2.0
-------------------------------------------------------------------
Wed Jul 6 00:19:18 UTC 2016 - mrueckert@suse.de
- update to 4.0.0
-------------------------------------------------------------------
Sun May 1 01:22:53 UTC 2016 - mrueckert@suse.de
- update to 3.1.0
-------------------------------------------------------------------
Thu Nov 26 23:33:03 UTC 2015 - mrueckert@suse.de
- update to 2.2.2
-------------------------------------------------------------------
Sat Sep 26 02:59:17 UTC 2015 - mrueckert@suse.de
- update to 2.1.4
-------------------------------------------------------------------
Sun Mar 29 05:05:06 UTC 2015 - mrueckert@suse.de
- update to 2.1.3
-------------------------------------------------------------------
Mon Mar 16 17:53:19 UTC 2015 - mrueckert@suse.de
- initial package
