Bump doorkeeper from 5.3.3 to 5.4.0 (#13733)

* Bump doorkeeper from 5.3.3 to 5.4.0

Bumps [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) from 5.3.3 to 5.4.0.
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v5.3.3...v5.4.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Fix tests

* Fix use of Doorkeeper::AccessToken.find_or_create_for

* Fix tests?

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Thibaut Girka <thib@sitedethib.com>

diff --git a/Gemfile b/Gemfile
index 890b0ee97e11b345789664843481a7503f5af439..3150c368d053a0f9fd5ae09c90a6c66522a73221 100644 (file)
--- a/Gemfile
+++ b/Gemfile
@@ -49,7 +49,7 @@ gem 'omniauth-saml', '~> 1.10'
 gem 'omniauth', '~> 1.9'
 
 gem 'discard', '~> 1.2'
-gem 'doorkeeper', '~> 5.3'
+gem 'doorkeeper', '~> 5.4'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'goldfinger', '~> 2.1'

diff --git a/Gemfile.lock b/Gemfile.lock
index 8996240640ba53aa93dac8a08af7c48f46ba0684..accac821b5bfbec443f4e2b83d34b62c2c0b75cd 100644 (file)
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -194,7 +194,7 @@ GEM
     docile (1.3.2)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.3.3)
+    doorkeeper (5.4.0)
       railties (>= 5)
     dotenv (2.7.5)
     dotenv-rails (2.7.5)
@@ -697,7 +697,7 @@ DEPENDENCIES
   devise-two-factor (~> 3.1)
   devise_pam_authenticatable2 (~> 9.2)
   discard (~> 1.2)
-  doorkeeper (~> 5.3)
+  doorkeeper (~> 5.4)
   dotenv-rails (~> 2.7)
   e2mmap (~> 0.1.0)
   fabrication (~> 2.21)

diff --git a/app/models/web/push_subscription.rb b/app/models/web/push_subscription.rb
index c5dbb58baad0e5d01340074118ef9577dec9006f..c407a7789bee78ec5298c7e06b94ae04151b6291 100644 (file)
--- a/app/models/web/push_subscription.rb
+++ b/app/models/web/push_subscription.rb
@@ -94,11 +94,11 @@ class Web::PushSubscription < ApplicationRecord
 
   def find_or_create_access_token
     Doorkeeper::AccessToken.find_or_create_for(
-      Doorkeeper::Application.find_by(superapp: true),
-      session_activation.user_id,
-      Doorkeeper::OAuth::Scopes.from_string('read write follow push'),
-      Doorkeeper.configuration.access_token_expires_in,
-      Doorkeeper.configuration.refresh_token_enabled?
+      application: Doorkeeper::Application.find_by(superapp: true),
+      resource_owner: session_activation.user_id,
+      scopes: Doorkeeper::OAuth::Scopes.from_string('read write follow push'),
+      expires_in: Doorkeeper.configuration.access_token_expires_in,
+      use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?
     )
   end
 end

diff --git a/spec/controllers/api/v1/accounts_controller_spec.rb b/spec/controllers/api/v1/accounts_controller_spec.rb
index f5f65c000e54a8b66b9b4ad232b7e9f52f7a920b..024409dab85328018d94bf44a3cf74f84c9b17d8 100644 (file)
--- a/spec/controllers/api/v1/accounts_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts_controller_spec.rb
@@ -21,7 +21,7 @@ RSpec.describe Api::V1::AccountsController, type: :controller do
 
   describe 'POST #create' do
     let(:app) { Fabricate(:application) }
-    let(:token) { Doorkeeper::AccessToken.find_or_create_for(app, nil, 'read write', nil, false) }
+    let(:token) { Doorkeeper::AccessToken.find_or_create_for(application: app, resource_owner: nil, scopes: 'read write', use_refresh_token: false) }
     let(:agreement) { nil }
 
     before do

diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index a84260a54d2abbff1a3a67804e9738a11d3a69a6..c5eeea397ecbddd68cc93ed03793209fa9e30936 100644 (file)
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -41,11 +41,11 @@ RSpec.describe Oauth::AuthorizationsController, type: :controller do
       context 'when app is already authorized' do
         before do
           Doorkeeper::AccessToken.find_or_create_for(
-            app,
-            user.id,
-            app.scopes,
-            Doorkeeper.configuration.access_token_expires_in,
-            Doorkeeper.configuration.refresh_token_enabled?
+            application: app,
+            resource_owner: user.id,
+            scopes: app.scopes,
+            expires_in: Doorkeeper.configuration.access_token_expires_in,
+            use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?
           )
         end
 

diff --git a/spec/controllers/oauth/tokens_controller_spec.rb b/spec/controllers/oauth/tokens_controller_spec.rb
index ba8e367a68a4deab8a7b39b609ee16a36f305815..3804e035bbc250c2910ad3ea37c302f9b10c0dd2 100644 (file)
--- a/spec/controllers/oauth/tokens_controller_spec.rb
+++ b/spec/controllers/oauth/tokens_controller_spec.rb
@@ -5,11 +5,12 @@ require 'rails_helper'
 RSpec.describe Oauth::TokensController, type: :controller do
   describe 'POST #revoke' do
     let!(:user) { Fabricate(:user) }
-    let!(:access_token) { Fabricate(:accessible_access_token, resource_owner_id: user.id) }
+    let!(:application) { Fabricate(:application, confidential: false) }
+    let!(:access_token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: application) }
     let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
 
     before do
-      post :revoke, params: { token: access_token.token }
+      post :revoke, params: { client_id: application.uid, token: access_token.token }
     end
 
     it 'revokes the token' do