Merge branch 'fix/update-doorkeeper-openid-connect' into 'master'
Upgrade doorkeeper-openid_connect See merge request gitlab-org/gitlab-ce!14372
This commit is contained in:
Rémy Coutable
commit
de035a0d5e
2
Gemfile
2
Gemfile
|
|
@ -23,7 +23,7 @@ gem 'faraday', '~> 0.12'
|
|||
# Authentication libraries
|
||||
gem 'devise', '~> 4.2'
|
||||
gem 'doorkeeper', '~> 4.2.0'
|
||||
gem 'doorkeeper-openid_connect', '~> 1.1.0'
|
||||
gem 'doorkeeper-openid_connect', '~> 1.2.0'
|
||||
gem 'omniauth', '~> 1.4.2'
|
||||
gem 'omniauth-auth0', '~> 1.4.1'
|
||||
gem 'omniauth-azure-oauth2', '~> 0.0.9'
|
||||
|
|
|
|||
12
Gemfile.lock
12
Gemfile.lock
|
|
@ -80,7 +80,7 @@ GEM
|
|||
coderay (>= 1.0.0)
|
||||
erubis (>= 2.6.6)
|
||||
rack (>= 0.9.0)
|
||||
bindata (2.3.5)
|
||||
bindata (2.4.1)
|
||||
binding_of_caller (0.7.2)
|
||||
debug_inspector (>= 0.0.1)
|
||||
bootstrap-sass (3.3.6)
|
||||
|
|
@ -166,9 +166,9 @@ GEM
|
|||
docile (1.1.5)
|
||||
domain_name (0.5.20161021)
|
||||
unf (>= 0.0.5, < 1.0.0)
|
||||
doorkeeper (4.2.0)
|
||||
doorkeeper (4.2.6)
|
||||
railties (>= 4.2)
|
||||
doorkeeper-openid_connect (1.1.2)
|
||||
doorkeeper-openid_connect (1.2.0)
|
||||
doorkeeper (~> 4.0)
|
||||
json-jwt (~> 1.6)
|
||||
dropzonejs-rails (0.7.2)
|
||||
|
|
@ -410,7 +410,7 @@ GEM
|
|||
railties (>= 4.2.0)
|
||||
thor (>= 0.14, < 2.0)
|
||||
json (1.8.6)
|
||||
json-jwt (1.7.1)
|
||||
json-jwt (1.7.2)
|
||||
activesupport
|
||||
bindata
|
||||
multi_json (>= 1.3)
|
||||
|
|
@ -681,7 +681,7 @@ GEM
|
|||
rainbow (2.2.2)
|
||||
rake
|
||||
raindrops (0.18.0)
|
||||
rake (12.0.0)
|
||||
rake (12.1.0)
|
||||
rblineprof (0.3.6)
|
||||
debugger-ruby_core_source (~> 1.3)
|
||||
rbnacl (4.0.2)
|
||||
|
|
@ -1002,7 +1002,7 @@ DEPENDENCIES
|
|||
devise-two-factor (~> 3.0.0)
|
||||
diffy (~> 3.1.0)
|
||||
doorkeeper (~> 4.2.0)
|
||||
doorkeeper-openid_connect (~> 1.1.0)
|
||||
doorkeeper-openid_connect (~> 1.2.0)
|
||||
dropzonejs-rails (~> 0.7.1)
|
||||
email_reply_trimmer (~> 0.1)
|
||||
email_spec (~> 1.6.0)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Upgrade doorkeeper-openid_connect
|
||||
merge_request: 14372
|
||||
author: Markus Koller
|
||||
type: other
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Doorkeeper::OpenidConnect.configure do
|
||||
issuer Gitlab.config.gitlab.url
|
||||
|
||||
jws_private_key Rails.application.secrets.jws_private_key
|
||||
signing_key Rails.application.secrets.openid_connect_signing_key
|
||||
|
||||
resource_owner_from_access_token do |access_token|
|
||||
User.active.find_by(id: access_token.resource_owner_id)
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ def create_tokens
|
|||
secret_key_base: file_secret_key || generate_new_secure_token,
|
||||
otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
|
||||
db_key_base: generate_new_secure_token,
|
||||
jws_private_key: generate_new_rsa_private_key
|
||||
openid_connect_signing_key: generate_new_rsa_private_key
|
||||
}
|
||||
|
||||
missing_secrets = set_missing_keys(defaults)
|
||||
|
|
|
|||
|
|
@ -36,10 +36,10 @@ describe 'create_tokens' do
|
|||
expect(keys).to all(match(HEX_KEY))
|
||||
end
|
||||
|
||||
it 'generates an RSA key for jws_private_key' do
|
||||
it 'generates an RSA key for openid_connect_signing_key' do
|
||||
create_tokens
|
||||
|
||||
keys = secrets.values_at(:jws_private_key)
|
||||
keys = secrets.values_at(:openid_connect_signing_key)
|
||||
|
||||
expect(keys.uniq).to eq(keys)
|
||||
expect(keys).to all(match(RSA_KEY))
|
||||
|
|
@ -49,7 +49,7 @@ describe 'create_tokens' do
|
|||
expect(self).to receive(:warn_missing_secret).with('secret_key_base')
|
||||
expect(self).to receive(:warn_missing_secret).with('otp_key_base')
|
||||
expect(self).to receive(:warn_missing_secret).with('db_key_base')
|
||||
expect(self).to receive(:warn_missing_secret).with('jws_private_key')
|
||||
expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
|
||||
|
||||
create_tokens
|
||||
end
|
||||
|
|
@ -61,7 +61,7 @@ describe 'create_tokens' do
|
|||
expect(new_secrets['secret_key_base']).to eq(secrets.secret_key_base)
|
||||
expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base)
|
||||
expect(new_secrets['db_key_base']).to eq(secrets.db_key_base)
|
||||
expect(new_secrets['jws_private_key']).to eq(secrets.jws_private_key)
|
||||
expect(new_secrets['openid_connect_signing_key']).to eq(secrets.openid_connect_signing_key)
|
||||
end
|
||||
|
||||
create_tokens
|
||||
|
|
@ -77,7 +77,7 @@ describe 'create_tokens' do
|
|||
context 'when the other secrets all exist' do
|
||||
before do
|
||||
secrets.db_key_base = 'db_key_base'
|
||||
secrets.jws_private_key = 'jws_private_key'
|
||||
secrets.openid_connect_signing_key = 'openid_connect_signing_key'
|
||||
|
||||
allow(File).to receive(:exist?).with('.secret').and_return(true)
|
||||
allow(File).to receive(:read).with('.secret').and_return('file_key')
|
||||
|
|
@ -88,7 +88,7 @@ describe 'create_tokens' do
|
|||
stub_env('SECRET_KEY_BASE', 'env_key')
|
||||
secrets.secret_key_base = 'secret_key_base'
|
||||
secrets.otp_key_base = 'otp_key_base'
|
||||
secrets.jws_private_key = 'jws_private_key'
|
||||
secrets.openid_connect_signing_key = 'openid_connect_signing_key'
|
||||
end
|
||||
|
||||
it 'does not issue a warning' do
|
||||
|
|
@ -114,7 +114,7 @@ describe 'create_tokens' do
|
|||
before do
|
||||
secrets.secret_key_base = 'secret_key_base'
|
||||
secrets.otp_key_base = 'otp_key_base'
|
||||
secrets.jws_private_key = 'jws_private_key'
|
||||
secrets.openid_connect_signing_key = 'openid_connect_signing_key'
|
||||
end
|
||||
|
||||
it 'does not write any files' do
|
||||
|
|
@ -129,7 +129,7 @@ describe 'create_tokens' do
|
|||
expect(secrets.secret_key_base).to eq('secret_key_base')
|
||||
expect(secrets.otp_key_base).to eq('otp_key_base')
|
||||
expect(secrets.db_key_base).to eq('db_key_base')
|
||||
expect(secrets.jws_private_key).to eq('jws_private_key')
|
||||
expect(secrets.openid_connect_signing_key).to eq('openid_connect_signing_key')
|
||||
end
|
||||
|
||||
it 'deletes the .secret file' do
|
||||
|
|
@ -153,7 +153,7 @@ describe 'create_tokens' do
|
|||
expect(new_secrets['secret_key_base']).to eq('file_key')
|
||||
expect(new_secrets['otp_key_base']).to eq('file_key')
|
||||
expect(new_secrets['db_key_base']).to eq('db_key_base')
|
||||
expect(new_secrets['jws_private_key']).to eq('jws_private_key')
|
||||
expect(new_secrets['openid_connect_signing_key']).to eq('openid_connect_signing_key')
|
||||
end
|
||||
|
||||
create_tokens
|
||||
|
|
|
|||
Loading…
Reference in New Issue